# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/ViriBack/status/1035683053459460098

3dchesmellltda.club

# Reference: https://researchcenter.paloaltonetworks.com/2016/03/banload-malware-affecting-brazil-exhibits-unusually-complex-infection-process/

compra-da-sorte.com
vemsorte2015.com

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Banloa-CRQ/detailed-analysis.aspx

triocar.web1629.kinghost.net
www.inducar.kinghost.net

# Reference: https://twitter.com/pancak3lullz/status/1040343104564473865

beladoces.online/wp/wp-includes/brazilkrisemundial/index.php

# Reference: https://twitter.com/James_inthe_box/status/1242573224006696961

/AppCounter20032020-001/index.php

# Reference: https://twitter.com/1ZRR4H/status/1243178915507703810

seguridadsucursal.online
tma8sjw.myftp.org

# Reference: https://blog.scilabs.mx/blog/2019/12/06/campana-cosmic-banker-sigue-activa-y-revela-vinculo-con-banload/
# Reference: https://www.virustotal.com/gui/ip-address/51.79.31.28/relations

http://51.79.31.28
comprobantes.sytes.net
dgi1b2n3m4.ddns.net
/RO3473I4R4Y.php

# Reference: https://twitter.com/James_inthe_box/status/1245427754977263617

receitafazenda.webcindario.com
/primo/verifique.php

# Reference: https://twitter.com/NtSetDefault/status/1253292071877820416

4up4.com/uploads/file_2020-04-13_031927.jpg

# Reference: https://twitter.com/Bank_Security/status/1258359587729813504
# Reference: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
# Reference: https://www.virustotal.com/gui/file/ed1e2a3767b575cce54e13e05112f30156590cc080a0d0865aaf85686c4e51be/detection

23.108.57.243:3389
http://23.106.124.20/avs/img1/index.php

# Reference: https://twitter.com/sevenofnull/status/1275342947068915713
# Reference: https://app.any.run/tasks/141db5f3-0e93-43c3-96e9-ebf0e69bccda/ (# MALWARE [PTsecurity] Trojan-Spy.Win32.Delf(Banload))
# Reference: https://www.virustotal.com/gui/ip-address/104.154.43.185/relations
# Reference: https://www.virustotal.com/gui/file/b22f8eaf82e15fe8118617cd7db703486696a82924dbafcbc31d8ce1262fcdb5/detection
# Reference: https://www.virustotal.com/gui/file/2f4db2bd529b5705308afd647b26d1a172d34b31d3382da57bac67aa3373a43c/detection
# Reference: https://www.virustotal.com/gui/file/507b299b76133f4ee7a30c12e23e45fa6fe9a1990ac87cb39136c25cc015e011/detection

104.154.43.185:60001

# Reference: https://twitter.com/NtSetDefault/status/1282277236423512065
# Reference: https://www.virustotal.com/gui/file/bc0073b75adda338d994361b4ebc1bc964197826ee75cf790948f128785780bc/detection
# Reference: https://app.any.run/tasks/637f560b-00da-442c-aef5-6ebc990a0646/

outlook39923.autodesk360.com

# Reference: https://twitter.com/NtSetDefault/status/1285909036815323136
# Reference: https://twitter.com/NtSetDefault/status/1285914518095302656
# Reference: https://app.any.run/tasks/599e1eb9-a1c9-4d80-b33d-281cd619cc6c/

correiosbrasilsedex.serveftp.org
enviocorreios.serveftp.org
sendcorreiosbr.serveftp.org
seusedexrapido.serveftp.org
m0380933669.s3-us-west-1.amazonaws.com
u3028903369.s3-us-west-1.amazonaws.com

# Reference: https://twitter.com/NtSetDefault/status/1273040649542131713

emissaocontadigital.eastus.cloudapp.azure.com

# Reference: https://twitter.com/sirpedrotavares/status/1305076741107519488
# Reference: https://www.virustotal.com/gui/file/e6cbaf9d2d01467048c758ba5e6ef3b68e624f67ece32dd68ebfeab235ed7ce5/detection
# Reference: https://www.virustotal.com/gui/file/cd878cd53b60f3bd950dc84ca731e07b4b49e18aed28f7e5d0bb39e5ab9c4ae7/detection
# Reference: https://www.virustotal.com/gui/file/373386e10c2e71329f0e8b4f51bef1fc0c4eb716f459cdf8a93941cff336b89b/detection
# Reference: https://www.virustotal.com/gui/file/8e9e5c2e16c8712f9e1ebfd4c295a1afe9373b95580ca73352f32e37d07408b6/detection
# Reference: https://www.virustotal.com/gui/file/4227332820fffcae05ae9d12a0e0b20f2291eb7b6bf8982b5301f24caadfbe8e/detection
# Reference: https://www.virustotal.com/gui/file/c05e9c1b155559d500ed0a2b3ca4c02d2a679db4191a7b35b9c44c2bdd61210d/detection
# Reference: https://www.virustotal.com/gui/file/985485888ef165eba912578cceb76981e9e5841bf928db739afbf472ea09deff/detection
# Reference: https://www.virustotal.com/gui/file/23892054f9494f0ee6f4aa8749ab3ee6ac13741a0455e189596edfcdf96416b3/detection
# Reference: https://www.virustotal.com/gui/ip-address/191.235.99.13/relations
# Reference: https://www.virustotal.com/gui/ip-address/52.91.227.152/relations

http://191.235.99.13
http://52.91.227.152

# Reference: https://otx.alienvault.com/pulse/5f75c5efcce31cfc583bafaa

58sky.com
wdx.go890.com
khelpdesk.com.br
go890.com
mg.5636.com
master.khelpdesk.com.br

# Reference: https://www.virustotal.com/gui/ip-address/31.220.59.65/relations
# Reference: https://www.virustotal.com/gui/file/3c23a8a65d78c035753bc0a437ed1bcab53f4a981608c10dbf936de28be4f3e3/detection
# Reference: https://www.virustotal.com/gui/file/99ba789471d2df7249bddf5741a0d5fa58147af4e3865490a93fcd1ea609c3ec/detection
# Reference: https://www.virustotal.com/gui/file/8aff76bef1eaed56b46d983051e8a817a893905c82cda79573316adc823baa54/detection
# Reference: https://www.virustotal.com/gui/file/1e6aaee1a283c652812fec6a70f8d1759de53a723af4ea415d3a4fa2ea083166/detection

defaqw.duckdns.org
fyjftn.duckdns.org
hsjkse.duckdns.org
jddrtj.duckdns.org
lokj.duckdns.org
xcgt.duckdns.org
xder.duckdns.org
xeida.duckdns.org
yiydk.duckdns.org
zere.duckdns.org
zxcw.duckdns.org

# Reference: https://www.virustotal.com/gui/domain/novelsim.shacknet.us/relation
# Reference: https://www.virustotal.com/gui/file/7ca842d8f2c83eddf6bd393415c4cff54ec7fa5c51f34738bb6aa1114714c6ec/detection

novelsim.shacknet.us
/troBEROamkr0192013.php

# Reference: https://twitter.com/JAMESWT_MHT/status/1329728270326247425
# Reference: https://bazaar.abuse.ch/sample/5c3f5dec5271e020a29643f1e75b7a6b07bb52562ee8426b21e7d76e9a46661b/
# Reference: https://www.virustotal.com/gui/file/5c3f5dec5271e020a29643f1e75b7a6b07bb52562ee8426b21e7d76e9a46661b/detection
# Reference: https://analyze.intezer.com/analyses/55ad918a-ba00-497f-a2c5-262c957aa52f/sub/dc9bf2d0-cfce-46e1-8b22-6034f5df3d68

217.8.117.74:8364

# Reference: https://twitter.com/wwp96/status/1337112340001681411

gassmp.podzone.org
/Bebroms29129MSKEdrf.php

# Reference: https://www.virustotal.com/gui/file/3f15a5000fe56acf94ddaf281bbb634cc14d0d84ffed7b244ac38f97c4b23a0c/detection

lojinha-deroupas.com.br
/muralavisos.php

# Reference: https://www.virustotal.com/gui/file/9d4e819a148f6f3ba4d205cf7f3e383ba5c1e6510e34968c38f192dc0e8b3e07/detection

guardasnoturnos.com.br

# Reference: https://otx.alienvault.com/pulse/5ffc3ef208af976d9393d1e2
# Reference: https://www.virustotal.com/gui/domain/cp2.sanandresplazza.com/relations
# Reference: https://www.virustotal.com/gui/file/87c87de35dcd8832043ead5aee4d937ad57f60eb7b68506bd2d976c52d694f3a/detection
# Reference: https://www.virustotal.com/gui/file/cb28fb0cd8281caab59fd57ed18619d9d8c41cfbd01e6e8ed1b35399d2d36d73/detection

astylo.net
guiama.is
/plugins/authentication/ldap/Des_x_.png

# Reference: https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz
# Reference: https://snort-org-site.s3.amazonaws.com/production/release_files/files/000/012/156/original/snort3-community-rules.tar.gz
# Reference: https://www.virustotal.com/gui/domain/lucas.digitaldesk.biz/relations

lucas.digitaldesk.biz
prepara.biricell.com.br

# Reference: https://www.virustotal.com/gui/file/02131c8c30c6852ea1094661960d8cd697e014c2327582b9bbfc8440100d08ef/detection

casting.diamondhostess.hu
uslugi-ryazan.ru

# Reference: https://www.virustotal.com/gui/file/f8d9e056bfaa7ee2d74c2fcd5411de3868f47c1301e1cf55a0180b774df1d348/detection
# Reference: https://www.virustotal.com/gui/file/42575b866129035b28068456fa9d988ff86d5573e86a8138ba63c0b3423f6820/detection

mssql.maurosouza9899.kinghost.net

# Reference: https://twitter.com/dgarcianet/status/1352235429160955904

web.groupe-convergence.com

# Reference: https://www.virustotal.com/gui/file/34e16a68835f05ec748e2928409c3f07bdc5268eae0916cfef8a182e031cf6d1/detection
# Reference: https://www.virustotal.com/gui/file/7c019dca867ba21a5d8bb6eabd5750d0f06778fb82ff8866d4900a793d7bcc5c/detection
# Reference: https://www.virustotal.com/gui/file/43ea536308e35b15858237ff4b4b565ca70c1434af0b40dc7336c90c5362e99d/detection

critichotshot.com

# Reference: https://otx.alienvault.com/pulse/6023cbfddb978ba4bf15730b

5636.com
58sky.com
go890.com
jxwan.com
wanyouxi7.com
lordstark.dynamic-dns.net

# Reference: https://twitter.com/Unit42_Intel/status/1369043270429466634
# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-03-08-IOCs-from-Banload-infection.txt

arquivomes03.brazilsouth.cloudapp.azure.com
casaprodutosportal.net
hirotrindade.webcindario.com
shonitrohifi.com

# Reference: https://www.virustotal.com/gui/file/8e95a0564b92cc9285ab0f74076c2aa5c666658a3933ceeaa9942d1a3823a7e2/detection

nwdnydxxxeo.hosthampster.com

# Reference: https://www.virustotal.com/gui/file/a9045a3692c91964dcb62966c7d44f6c00344bf11b5784374b7b64eef9c3ed31/detection

br12jh87te87lkre63a.servepics.com
/hhrytn35/lw1.php

# Reference: https://blog.talosintelligence.com/2021/05/threat-roundup-0514-0521.html (# Win.Downloader.Banload-9861199-0)

brasilcargas.space
cabanadosol.net

# Reference: https://www.virustotal.com/gui/file/d51886e1555a1a94472f639a4cc9d670993011eafa7be4a3ea93219cd2a7b975/detection

http://74.125.230.247
http://98.137.201.117
deliverycards.sytes.net
rdsbox.no-ip.info

# Reference: https://www.virustotal.com/gui/file/e62d5c2402f3455766839f357ae4a4c9ff48cb82451e7a06329fe7186dc9fbcc/detection

41.100.82.137:1891
salah-dz.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/48739c53c560536f074d4b4ad5e98e6be128ea137ecf6658d31fb4dbe98a1038/detection

http://3.96.187.180
/zebudega/5CG46H2J8740503TR.php
/5CG46H2J8740503TR.php

# Reference: https://www.virustotal.com/gui/domain/universal101.com/relations

universal101.com

# Reference: https://www.virustotal.com/gui/file/5a0d1b0431f975ee227c77a951711e749095cf872b2761c3370e3cdb7726d003/detection

raimundex.no-ip.biz
raimundex.no-ip.biz.ovh.net

# Reference: https://www.virustotal.com/gui/file/07eb52e969a2bfb9181e132b235e161516264934edd24a197d7f09505a24c4e0/detection

187.113.20.62:11891
klinspect3.no-ip.info

# Reference: https://www.virustotal.com/gui/file/455f4167f9f057c160956e9e1a27e662dfc5abd820cfe1be99c7728403af67b4/detection

ret.space

# Reference: https://www.virustotal.com/gui/file/ec124a8ed148e2f6943dffc8cc2b072ae2ef887aa2ce87de5c93e4006bc9a846/detection

172.105.155.183:7777
getmalware.com

# Reference: https://www.virustotal.com/gui/file/85ee41bba3c7946de4d8b807a6aa07019fa27bdd7d923906773135f541c893b9/detection

myserverok.myftp.org

# Reference: https://www.virustotal.com/gui/domain/upsvcm.myftp.org/detection

upsvcm.myftp.org

# Reference: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/banking-trojan-latam-brazil
# Reference: https://otx.alienvault.com/pulse/617bc3fe39fce40899c10840

http://13.36.240.208
http://15.237.27.77
http://15.237.60.133
http://52.47.163.237
centralcfconsulta.net
centreldaconsulta.com
/ando998.002
/carindodone.ways
/esperanca.lig2
/esperanca.liga
/microsft.crts
/msftq.doge
/nanananao.uooo

# Reference: https://twitter.com/r3dbU7z/status/1456797053317701633
# Reference: https://twitter.com/r3dbU7z/status/1489192209119387649
# Reference: https://twitter.com/r3dbU7z/status/1489548681154076676
# Reference: https://www.virustotal.com/gui/file/d97e54139ae34a8aeefff4d5ac760caa5b8cbb1a91af6fa5d725a0cfba6dfeb0/detection

147.182.207.189:8000
googlyconnect.tk
googlyconnect.xyz
ngetconnect.tk
tatamagicexpress.tk

# Reference: https://twitter.com/ffforward/status/1490419292202012677

lamboarrived.com
lamboarrivesssd.com

# Reference: https://www.virustotal.com/gui/file/e46f8a434d8935182491ccb8cd4d17e120458af5821b12613931ee3bb826c706/detection

scan-x9.gleeze.com

# Reference: https://twitter.com/abuse_ch/status/1491102298642157569

http://18.222.122.216

# Reference: https://twitter.com/JAMESWT_MHT/status/1511574103316221952
# Reference: https://twitter.com/1ZRR4H/status/1511588774618169350
# Reference: https://twitter.com/pr0xylife/status/1511753527827353606

filtrosefioseletricosd.eastus.cloudapp.azure.com
pdf-nfe82234018756.australiaeast.cloudapp.azure.com
toystorehuewjir2341234.norwayeast.cloudapp.azure.com

# Reference: https://twitter.com/malwrhunterteam/status/1512501726410166280
# Reference: https://www.virustotal.com/gui/file/c07afe27b4f94dbeb6a21e23deb331a3ede658975471c689226162fda28325e0/detection

bussines.click

# Reference: http://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html (# Win.Downloader.Banload-9943209-0)
# Reference: https://www.virustotal.com/gui/file/6e88c0fc568192968be1ea2c0242bce09141b8b151b469a9d378b66c32909207/detection
# Reference: https://www.virustotal.com/gui/file/f4dc20793b32c7fe417de28cbe15e158f6e71e984dae1aaca9fd0d6db91b3bbb/detection
# Reference: https://www.virustotal.com/gui/file/ab52085f0cb9a9466f526defcc6535793ea415eea35c9bd89afdd2250f61f4da/detection
# Reference: https://www.virustotal.com/gui/file/197218e9d34b526633f525d0b4287cb2a7822b5eca468706861e9305975001f2/detection
# Reference: https://www.virustotal.com/gui/file/357e7e3938085403df07804b7df5bfb204383383e471dcc8fadc621e0827fae6/detection

acreunagoias.com.br
arquivos2011.net
bamcodedados.com
bancodados.com
ceyfad.com
divixonde.com.br
encontragoiania.com.br

# Reference: https://twitter.com/b3ard3dav3ng3r/status/1522554429836509185

http://135.148.155.27

# Reference: https://www.virustotal.com/gui/file/157650a417bac6874b180b9e1603ce39347940c605ec3229d99771992c394ea5/detection
# Reference: https://www.virustotal.com/gui/file/ef8457a60771b1eefdbd53cf09b30b546d96736748db2e3e325b26993abe1afe/detection

193.124.22.17:23520

# Reference: https://www.virustotal.com/gui/file/c192c4a8647935e35a756e0e9cb71a2b4536f927bee108ec1580e6d31fcca785/detection

http://193.124.22.17

# Reference: https://twitter.com/James_inthe_box/status/1562089001124708354
# Reference: https://twitter.com/Computeus7/status/1562108381187522561
# Reference: https://app.any.run/tasks/10bd0f91-2556-4574-8acb-bdf67441a276/

51.161.108.106:44233

# Reference: https://www.virustotal.com/gui/file/c94d2ab86cd34531f591a849b3b4a7349e9c57ab7eb53dd58f4aa9a69e1eff0e/detection

lordgunz.com.br

# Reference: https://twitter.com/Merlax_/status/1614742984943181824
# Reference: https://www.virustotal.com/gui/file/2f04292fac6ce3a8ab250dc256894f037e302f82912f365d93f915cb184ed3f7/detection
# Reference: https://www.virustotal.com/gui/file/4b9fc4775b932ff14eab52b990e61e7a2277b4d53c6cf3ac38902ceec8e55101/detection
# Reference: https://www.virustotal.com/gui/file/56f827c9a7df7f2ad1666ff803f79a99bc2005591a7095b1d36f65c2e2c46ecd/detection
# Reference: https://www.virustotal.com/gui/file/414acda5515a33333d51720b26fd80f51d15840294502fe253320c0aa49cbd8b/detection

http://194.180.191.50
http://51.77.193.20
comiteradvogadosbr.com
adsshfitletgowchatwi.ukwest.cloudapp.azure.com
aniversarioagostovw.servesarcasm.com
hown1301.s3.us-east-2.amazonaws.com
imobiliariapacheco.ciscofreak.com
modonlineservletgowads.southafricanorth.cloudapp.azure.com

# Reference: https://twitter.com/Merlax_/status/1617673017181736960

http://20.226.125.180
joliedocescapnhalida.com
hownter2301.blob.core.windows.net
/brumnx2301fff/
/KKKK/nmhjhghhhjh.php
/nmhjhghhhjh.php

# Reference: https://www.virustotal.com/gui/file/9c1732d555a02453ad01c3a2555980d2722a2e49a5c58385ca91efc3af54a526/detection

4.235.112.145:30000

# Reference: https://www.virustotal.com/gui/file/863dbdb4a47448c7ed262700f0e5f7dbae552c196ffdd906a6407717789b3873/detection

162.33.178.82:4411

# Reference: https://twitter.com/0xToxin/status/1655558045810688001
# Reference: https://twitter.com/0xToxin/status/1655568340520148992
# Reference: https://app.validin.com/axon?type=ip&limit=100&find=161.35.75.27
# Reference: https://www.virustotal.com/gui/ip-address/161.35.75.27/relations
# Reference: https://tria.ge/230508-p2pavacd8v/behavioral2
# Reference: https://www.virustotal.com/gui/file/009744efc6add254a302d5f13316dbc3e949210a50ad284e8f74f9a83436b494/detection
# Reference: https://www.virustotal.com/gui/file/8dd25b5662494e16c5a0926aa0439a249fe99eda604f86e2f523bb7404ccd476/detection
# Reference: https://www.virustotal.com/gui/file/76cc21b1dfe2b839f5bba0e90a2c3cb9ce3d29f9b5e70c50d04f69bf9c21f1e1/detection
# Reference: https://www.virustotal.com/gui/file/3c758a47e63a69f826091543c4b3ebe8198f4928f769cdf571b3b3ffdf9cea9b/detection

194.15.216.218:11940
alemaoautopecas.com
arquivosclientes.online
atendimento-arquivos.com
contatosclientes.services
fantasiacinematica.online
cartolabrasil.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1686693663600959488
# Reference: https://www.virustotal.com/gui/ip-address/38.60.216.75/relations
# Reference: https://app.any.run/tasks/e493067a-3c2b-480e-9d4d-fe7dee17b16e/
# Reference: https://www.virustotal.com/gui/file/eb7422a5e1d44906531dc6e5357468200c57eeb616bb288acd9b9e4d526b5c49/detection

espinafrehome.com

# Reference: https://twitter.com/ThreatBookLabs/status/1688184398653382656
# Reference: https://www.virustotal.com/gui/file/59fc50d5d9400a0402cd5510d7a0158d20d1cf9a566e8c65b4045a46ef257839/detection

kingalem.no-ip.org

# Reference: https://www.virustotal.com/gui/file/bee71f38e39043227cd2454d3fbc1a9f260248c92c797ef404ca90669a2e24f2/detection

novossim.com
cc23c237.thaieasydns.com
mastercash237237.servehttp.com
mastercash237238.servehttp.com
mastercash237239.servehttp.com
nostra23770.thaieasydns.com

# Reference: https://threatfox.abuse.ch/browse/malware/jar.banload/

bagnovo.duckdns.org
felfacturas.serveexchange.com
pancinhabrasil.duckdns.org

# Reference: https://www.virustotal.com/gui/ip-address/4.228.57.28/relations
# Reference: https://www.virustotal.com/gui/file/102d058393d47801d714fa7af1d7a68280984f325f2af731dfaa80d3757d1ba6/detection
# Reference: https://www.virustotal.com/gui/file/96eee4f2533216ed17187439a80704beb001458772a51253a00c385605f7caed/detection

contabilidade3irmaos.com
marmitariasaobernado.com

# Reference: https://www.virustotal.com/gui/file/1608dc13532992176305dd7ee7e5574d1750edd20bd7481b145566d2771fdef4/detection

27.124.36.23:12345
27.124.36.23:8080
jnybf.gotdns.com
xdks.selfip.com

# Reference: https://www.virustotal.com/gui/file/e83d77bc8516a2b79979e15193f29293f81ddede663babdffadda31b6816c378/detection

carcarah.game-server.cc

# Reference: https://www.virustotal.com/gui/file/d2359d42fb8b0b4dcd4ad2fba4239440600b31b2fcf1e9c70997024e808fd2d5/detection

avisos-kalitop.duckdns.org
/bnmyj35/lw1.php

# Reference: https://www.virustotal.com/gui/file/61e2b01ecd0591e16907a64e0064bb25305cf2714898af952767500d77373920/detection

servidoressmtps.sytes.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1729109795905413587
# Reference: https://www.virustotal.com/gui/file/cefcb2def056527eb0f8c63019b0fb1f080cb430fabc345cd5784c7d71439fe2/detection

jf27z.app.goo.gl

# Reference: https://www.virustotal.com/gui/file/0269114cddff224ac896111843a7a4c7d61696933ce1d8b9d0940e46c43511b4/detection

thekiwi.club
petitbrun1.websiteseguro.com

# Reference: https://threatfox.abuse.ch/ioc/1211203/

arenterprese2023.is-a-caterer.com

# Reference: https://www.virustotal.com/gui/file/11f7dd1f31a21800737152a2146f25f4f19ebe1399351dc8f93da0960ab59c01/detection

srv434307.hstgr.cloud

# Reference: https://twitter.com/naumovax/status/1783157180482330859
# Reference: https://www.virustotal.com/gui/file/21ea08b654bff294ac1266fdac15711e1436f66a29053117b4128e48226f247f/detection
# Reference: https://www.virustotal.com/gui/file/25517d74909089984bc23d6ed441fad051fa75919efe31a59e28c0adef7a65f0/detection

http://67.23.231.76
/bbs/.dc/infecteds.php
/bbs/.dc/infecteds.php?&vit=
/bbs/.dc/phpiespana.php
/bbs/.dc/phpiespana.php?&vit=

# Reference: https://twitter.com/banthisguy9349/status/1783064442210513213
# Reference: https://www.virustotal.com/gui/file/bafd74790fa95d49afac2710dd231ec413dfd0078b57efd75e20704e28a36fe8/detection
# Reference: https://www.virustotal.com/gui/file/9baba9e4c8cbdc25b71ed0ab4ea7586c6bc3f0639b6a96c828a52a5dafe16c9a/detection
# Reference: https://www.virustotal.com/gui/file/06a9de0b7a1ce8a57375a10ea12f030a618e5f56d695f7e582c6ff79e7554757/detection

45.88.90.32:5000
45.88.90.68:5000
dsahgduoi.ddns.net

# Reference: https://twitter.com/naumovax/status/1783461745954013309
# Reference: https://www.virustotal.com/gui/file/f1dfdb145e5eaa6dbdc6e5b15ef04832476f5602aab19262e28552e11dcd6e7d/detection
# Reference: https://www.virustotal.com/gui/file/d97e3271b25dacc5bba07b56524fb72586efdd34e09732331efed207ac98fb4e/detection
# Reference: https://www.virustotal.com/gui/file/ba75a09cb2c7a3bdce016eef3ff72d4a8035842716ddc1b1b73fa18b08ad9804/detection

ormskirkhistoricalsociety.co.uk/site/content/users/themes/index1.php

# Reference: https://www.virustotal.com/gui/file/d394f24125e3d4bb8efc5a09be3b43cbe7c48519a641b998d91b34dd6f0a0386/detection

tsil.xyz

# Reference: https://x.com/malwrhunterteam/status/1818749021902848418
# Reference: https://www.virustotal.com/gui/file/a52c992d733d2d1b7b6cead217dd75121a3b25ec4c97747eeef9e0647b33ffde/detection
# Reference: https://www.virustotal.com/gui/file/6a03346444779ce622dfff7c6797f325a196777d8df8c40c667e7dce6ad2c12a/detection

http://91.92.248.168

# Reference: https://x.com/1ZRR4H/status/1828314898683646309
# Reference: https://www.virustotal.com/gui/file/ae920c4b5dffeee77b84412ecf076d8f536770a71a4f71e29caff6182b6729ec/detection
# Reference: https://www.virustotal.com/gui/file/968fb68f27657aff6230a96641d1761dcc77d8d5f593f716e406ac7638a41f24/detection

http://157.245.91.85
http://170.238.45.64
http://184.168.31.104
http://68.178.202.77
http://85.198.108.68
104.31.168.184.host.secureserver.net
77.202.178.68.host.secureserver.net
fsistviewer.online
starlinkmini-planos.online
learn.kungfu-taichi.ca
cpanel.learn.kungfu-taichi.ca
mail.learn.kungfu-taichi.ca
webdisk.learn.kungfu-taichi.ca

# Reference: https://x.com/johnk3r/status/1828539602849685966
# Reference: https://search.censys.io/hosts/191.101.131.244
# Reference: https://www.virustotal.com/gui/file/4d9fd02f8a969b2b3a3ecccb5569a5948ebc0e09ba588c09079f26f7477ca7a7/detection
# Reference: https://www.virustotal.com/gui/file/a98e3725e67617856e80da1d29ce39d491f0f56f7f832b949825749d02b8225e/detection
# Reference: https://www.virustotal.com/gui/file/8a076222fcbe733eb3e729f12117a23a3062642f47e9bde0aca1712e1996e568/detection

http://191.101.131.244
191.101.131.244:443
191.101.131.244:445
191.101.131.244:47001
191.101.131.244:5395

# Reference: https://x.com/johnk3r/status/1836466799518384279
# Reference: https://search.censys.io/hosts/4.228.227.50

4.228.227.50:3389
4.228.227.50:4194

# Generic

/ezemeneotewdoiazbi.djx
/ezemeneroaelenozi.djx
