# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: beavertail, invisibleferret

# Reference: https://unit42.paloaltonetworks.com/two-campaigns-by-north-korea-bad-actors-target-job-hunters/
# Reference: https://otx.alienvault.com/pulse/655dd802326b4dba522c9d84

blocktestingto.com

# Reference: https://x.com/1ZRR4H/status/1814476691911090466
# Reference: https://www.virustotal.com/gui/ip-address/77.37.37.81/relations
# Reference: https://www.virustotal.com/gui/file/6156127355d8016c8e741de98ee4ef2a4cb5cb02cd44f22fd3c8fef033b69830/detection

hirog.io
files.hirog.io

# Reference: https://x.com/500mk500/status/1814696344272986483
# Reference: https://www.virustotal.com/gui/ip-address/206.206.123.151/relations

greenhouselc.com

# Reference: https://x.com/malwrhunterteam/status/1820385406002872541
# Reference: https://www.virustotal.com/gui/ip-address/82.197.80.64/relations
# Reference: https://www.virustotal.com/gui/file/456b3100d6e0364c036a33ca2d1c68f9e237520ab26da2b78d9dd55f1a2eec09/detection

cestlaviewellnessretreat.com
usconsultinghub.blog
usconsultinghub.cloud
file.cestlaviewellnessretreat.com
files.cestlaviewellnessretreat.com

# Reference: https://x.com/StrikeReadyLabs/status/1826432976894189825
# Reference: https://www.virustotal.com/gui/file/b8e69d6a766b9088d650e850a638d7ab7c9f59f4e24e2bc8eac41c380876b0d8/detection

185.235.241.208:1244
