# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: moreeggs, terraloader

# Reference: https://www.proofpoint.com/us/threat-insight/post/fake-jobs-campaigns-delivering-moreeggs-backdoor-fake-job-offers

interrafcu.com
usstaffing.services
mail.rediffmail.kz
onlinemail.kz
api.cloudservers.kz
secure.cloudserv.ink
tonsandmillions.com
contactlistsagregator.com

# Reference: https://twitter.com/VK_Intel/status/1119082329324965893

report.monicabellucci.kz

# Reference: https://twitter.com/James_inthe_box/status/1204125950033575937
# Reference: https://app.any.run/tasks/48907a8c-bc47-4552-a705-334e93d0edca/

anuffrost.com
dns.hahdyman.com

# Reference: https://twitter.com/VK_Intel/status/1211758023376592896

blog.jasonlees.com

# Reference: https://twitter.com/VK_Intel/status/1286747453849468929
# Reference: https://www.virustotal.com/gui/file/38f3a52e1ebd93db75f0fb6ce6172565cc0f27f0f86f32f470fa7a9c8de9f094/detection

maps.doaglas.com

# Reference: https://x.com/s1dhy/status/1825654074068578528
# Reference: https://x.com/fr0s7_/status/1826559678668501494
# Reference: https://app.any.run/tasks/57be831c-884f-4bc5-8287-f31c60c7d6ff/
# Reference: https://app.any.run/tasks/97eb6e11-41c2-4861-a1f5-b48fc59bebec/
# Reference: https://app.any.run/tasks/0397179e-485a-4b4c-bfb6-8c855ad24a71/

http://65.38.121.145
http://65.38.121.75
sharefiles.center
totalsphere.center
api.totalsphere.center
api.sharefiles.center
vad.totalsphere.center

# Reference: https://x.com/k3yp0d/status/1835549865155154285
# Reference: https://www.virustotal.com/gui/file/01446c36f93532f2cd8af96396e22086f37aef1bb8e68b3b03076c9da5ec9737/detection

http://72.5.43.19
yerra.org
/aaaQHvrzTFUuAh
/ccckweJYfszthKpQa

# Reference: https://x.com/k3yp0d/status/1838668770841108608
# Reference: https://www.virustotal.com/gui/file/c0579b32a8dfad75f00078c48a25ae34c73950692104cfca6c299dcc9de27b4a/detection

217.69.8.13:8082
65.20.107.145:8080
nopsec.org
seopager.xyz
