# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: veil

# Reference: https://www.virustotal.com/gui/file/67d8a0e47628fad2ac3c107361712fbd62baafd6765cebe27050799467ece1d3/detection

3.19.3.150:18789

# Reference: https://www.virustotal.com/gui/file/a1a8571463e9eb9eec7d5c97ec0abe6fd857b0ca194368323e9e67a6b6950cf5/detection

18.223.41.243:17796
3.19.3.150:17796

# Reference: https://www.virustotal.com/gui/file/658f70cc473ac26588b8bcae90590d580149fbec14391d2e1ee3975d7f64a0f7/detection

3.19.3.150:16490

# Reference: https://www.virustotal.com/gui/file/a3ed5434cd0962e13e85377f3e2737b027d75f46445ce2410dc5538164242be9/detection

3.17.202.129:17299

# Reference: https://www.virustotal.com/gui/file/e9d549022bb6cca4724e0c4ba327090feed28274ca2d34753a53c7d62fc691f5/detection

3.19.3.150:17499

# Reference: https://www.virustotal.com/gui/file/b44b3bf9f2e8ec761a3523d45cde7eb11b13f4092c0c5c537f2b8951eaee3f9a/detection

3.19.3.150:18664

# Reference: https://www.virustotal.com/gui/file/1607f9a67c6d215557a5d6eb013a7bf0b09ea485717318d2f596c6231a4b3e13/detection

3.135.90.78:13947
3.20.98.123:13947

# Reference: https://twitter.com/malwrhunterteam/status/1291329141124616194
# Reference: https://bazaar.abuse.ch/browse/tag/RITEIL%20SERVIS%20OOO/
# Reference: https://www.virustotal.com/gui/file/485fcf4c2834e20d71b6765eccd79f6b0880d6a9fdc5d3e519a943862e9b8246/detection

77.52.245.101:8080

# Reference: https://bazaar.abuse.ch/browse/tag/RITEIL%20SERVIS%20OOO/
# Reference: https://www.virustotal.com/gui/file/30eb8727af3b8a2f4551574c7d826e9f27480e79d242b92d392b1f64091acf12/detection

77.52.149.197:8080

# Reference: https://bazaar.abuse.ch/browse/tag/RITEIL%20SERVIS%20OOO/
# Reference: https://www.virustotal.com/gui/file/314ce9b62cecb9435d9ff2338943e4e784cbfbaf9a65dbda7fe1064f477afe41/detection

77.52.147.162:591

# Reference: https://bazaar.abuse.ch/browse/tag/RITEIL%20SERVIS%20OOO/
# Reference: https://www.virustotal.com/gui/file/11123fd370dfdb5d9d5cade853fa923679377c7791bda00d2f415078e2729e65/detection

77.52.245.101:8008

# Reference: https://bazaar.abuse.ch/browse/tag/RITEIL%20SERVIS%20OOO/
# Reference: https://www.virustotal.com/gui/file/ea1213c0a684662e8305cfe1c6eeebbb12a9d1404e7571438d3730cc1df1caab/detection

77.52.149.197:11371

# Reference: https://www.virustotal.com/gui/file/8b960bc33cfb67c684a678041c828c2bf9ad9f8786c9bc53783bcc7cac158ecb/detection

156.204.54.101:1234
freenote20.ddns.net

# Reference: https://www.virustotal.com/gui/file/4d8714d498d56758f59f6a4e1e65767d01b5a8fa07442895b5d4469b39caa8e3/detection

193.161.193.99:28503
private147-28503.portmap.host

# Reference: https://www.virustotal.com/gui/file/72b9e6cddd3b847e45835a7d32afbc37a2d07065217d21966c9538590b4b4317/detection

114.255.25.23:39999

# Reference: https://www.virustotal.com/gui/file/409f9f3a71decc2746cfa80d821916dcc93f30bccd0d0970335b634fa89ac68e/detection

120.78.194.220:8080

# Reference: https://www.virustotal.com/gui/file/968f0fd6bda81147e5838dec62dc524c899590dbf809c6d66ecf9deebcf0c8c2/detection
# Reference: https://www.virustotal.com/gui/file/07a35f757860a3e154ba22422ffe5d3346d1b9d35d512ea71eb2c14c8104c1a4/detection

http://8.210.57.138
8.210.57.138:443
mozi.fun

# Reference: https://www.virustotal.com/gui/file/3aa7e67de95a64bb63449c70845a262fc29deeeea15da925d92301dabbd06c45/detection
# Reference: https://www.virustotal.com/gui/file/189dd6d63e9ef007d479d7abc6a3e66a09036b92a8e22b5808e78a53ad3d23e6/detection

117.252.180.207:8081
59.98.19.237:8086
server441.ddns.net

# Reference: https://www.virustotal.com/gui/file/26e872bffc7855d27db5202f64ce052780e9011a3a0d044a5e58c904668446db/detection

http://65.49.209.210
65.49.209.210:8123
panda.homes

# Reference: https://twitter.com/luc4m/status/1473016100208193538
# Reference: https://www.virustotal.com/gui/file/07d2c7e6ad2f889fc3ab3313b01f2c4fdb698a273309d9674a539bb49e935096/detection
# Reference: https://www.virustotal.com/gui/file/d7e30e17c271be6e32c4492c65432d96addde5de51b5a2f296f6bb0c9b8e73d1/detection

185.254.196.122:4445

# Reference: https://www.virustotal.com/gui/file/e537a63ffbb92e25061fd4e8d210b8c9ba96c9c74c8f3c5683e06fa766c095dc/detection

freename.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/78a5601d6e622921b5364d265445316aa7a7a83c508150c133e0bfb0ffb8f69e/detection

f0589740.xsph.ru

# Reference: https://www.virustotal.com/gui/file/8f9995aaaf8096437e625027c31650ccf8a2d35bf841c0fe489e267f6cfe4c16/detection

http://110.42.170.219
110.42.170.219:8080

# Reference: https://twitter.com/malwrhunterteam/status/1492139766409748487
# Reference: https://www.virustotal.com/gui/file/afe1274014f8b9221aba0dbab08fd3cc7bb8a436745e65697fb8c88ac37fbb82/detection

hublinklogistics.online
mail.hublinklogistics.online

# Reference: https://www.virustotal.com/gui/file/2e2a71e5f2139a640b436f6894a944b3d02c85744c211aaa266e12761543efc5/detection

120.79.99.82:6666

# Reference: https://www.virustotal.com/gui/file/1821113b7134dcaebd9004a1c84b862e97be6b9a8dbce62fe4b4440656430fb9/detection

1qaz5tgb.vaiwan.com

# Reference: https://www.virustotal.com/gui/file/af469070fb16d7cefd7f19240629483575764a59049f6cca4180d2518f4bf969/detection
# Reference: https://www.virustotal.com/gui/file/b7bcb5ec0b229b7547f9b24524b1964b997025db1437a14c27ef6b698e14c6bb/detection

83.41.130.122:1337
83.41.130.122:1338
83.41.130.122:1339
/payloads/n71.py
/payloads/sQs.py
/stagers/n71.py
/stagers/sQs.py
/flask_wtf/

# Reference: https://www.virustotal.com/gui/file/2f7258db6cebcdc2ed7082576ed37580c9061010356c0be0f69876ee4b8033aa/detection

51.81.133.91:956
ramziv.com

# Reference: https://www.virustotal.com/gui/file/899719a27c8b0648d94db95975b53a262f735024714b18135ac4ced227df6950/detection

5.39.217.212:1338

# Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-May/030667.html

anti-theft-web.herokuapp.com

# Reference: https://github.com/blacklotuslabs/IOCs/blob/main/WSL%20samples.txt
# Reference: https://www.virustotal.com/gui/file/53854c6d163bfd0c56d8b297ac43bd25c21f696de6063031241e792ee65df441/detection

185.63.90.137:1338

# Reference: https://www.virustotal.com/gui/file/92b901f3e6d45ab35153af340ea89d52aa3cc10bea0c2ad73cc6dfc51c8dd8de/detection

193.233.48.102:8082
193.233.48.103:8082
193.233.48.104:8082
193.233.48.105:8082
193.233.48.106:8082
193.233.48.112:8082
193.233.48.114:8082
193.233.48.119:8082
193.233.48.11:8082
193.233.48.120:8082
193.233.48.123:8082
193.233.48.124:8082
193.233.48.125:8082
193.233.48.128:8082
193.233.48.130:8082
193.233.48.131:8082
193.233.48.133:8082
193.233.48.134:8082
193.233.48.136:8082
193.233.48.137:8082
193.233.48.138:8082
193.233.48.143:8082
193.233.48.144:8082
193.233.48.150:8082
193.233.48.152:8082
193.233.48.156:8082
193.233.48.157:8082
193.233.48.159:8082
193.233.48.161:8082
193.233.48.163:8082
193.233.48.165:8082
193.233.48.166:8082
193.233.48.16:8082
193.233.48.171:8082
193.233.48.172:8082
193.233.48.174:8082
193.233.48.176:8082
193.233.48.177:8082
193.233.48.179:8082
193.233.48.17:8082
193.233.48.180:8082
193.233.48.185:8082
193.233.48.186:8082
193.233.48.188:8082
193.233.48.190:8082
193.233.48.191:8082
193.233.48.195:8082
193.233.48.196:8082
193.233.48.199:8082
193.233.48.201:8082
193.233.48.202:8082
193.233.48.208:8082
193.233.48.209:8082
193.233.48.20:8082
193.233.48.210:8082
193.233.48.213:8082
193.233.48.219:8082
193.233.48.21:8082
193.233.48.221:8082
193.233.48.222:8082
193.233.48.228:8082
193.233.48.230:8082
193.233.48.232:8082
193.233.48.235:8082
193.233.48.238:8082
193.233.48.240:8082
193.233.48.243:8082
193.233.48.251:8082
193.233.48.25:8082
193.233.48.29:8082
193.233.48.30:8082
193.233.48.31:8082
193.233.48.32:8082
193.233.48.38:8082
193.233.48.39:8082
193.233.48.42:8082
193.233.48.43:8082
193.233.48.46:8082
193.233.48.51:8082
193.233.48.54:8082
193.233.48.55:8082
193.233.48.59:8082
193.233.48.61:8082
193.233.48.70:8082
193.233.48.72:8082
193.233.48.75:8082
193.233.48.7:8082
193.233.48.81:8082
193.233.48.82:8082
193.233.48.88:8082
193.233.48.8:8082
193.233.48.92:8082
193.233.48.93:8082
193.233.48.95:8082
193.233.48.97:8082
193.233.48.99:8082
194.87.218.105:8082
194.87.218.107:8082
194.87.218.108:8082
194.87.218.113:8082
194.87.218.114:8082
194.87.218.115:8082
194.87.218.116:8082
194.87.218.11:8082
194.87.218.129:8082
194.87.218.12:8082
194.87.218.130:8082
194.87.218.132:8082
194.87.218.143:8082
194.87.218.144:8082
194.87.218.151:8082
194.87.218.155:8082
194.87.218.159:8082
194.87.218.161:8082
194.87.218.166:8082
194.87.218.16:8082
194.87.218.172:8082
194.87.218.175:8082
194.87.218.182:8082
194.87.218.188:8082
194.87.218.191:8082
194.87.218.199:8082
194.87.218.19:8082
194.87.218.200:8082
194.87.218.202:8082
194.87.218.207:8082
194.87.218.20:8082
194.87.218.211:8082
194.87.218.220:8082
194.87.218.229:8082
194.87.218.22:8082
194.87.218.232:8082
194.87.218.235:8082
194.87.218.245:8082
194.87.218.246:8082
194.87.218.30:8082
194.87.218.41:8082
194.87.218.45:8082
194.87.218.50:8082
194.87.218.52:8082
194.87.218.54:8082
194.87.218.55:8082
194.87.218.62:8082
194.87.218.63:8082
194.87.218.65:8082
194.87.218.69:8082
194.87.218.7:8082
194.87.218.91:8082
194.87.218.98:8082
194.87.218.99:8082

# Reference: https://www.virustotal.com/gui/file/56c71771fe95f622e089af65b0eb8eada4b540d05a5ca62266066076b11cb0a2/detection

104.21.36.13:2096
175.178.253.29:8078

# Reference: https://www.virustotal.com/gui/file/16a40c4043a9eb9b0a08856304fb1212e28d445d86b81d7c4d22a6b5f6e7754e/detection

172.67.183.14:2096
