# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: oyster backdoor

# Reference: https://hunt.io/blog/a-simple-approach-to-discovering-oyster-backdoor-infrastructure
# Reference: https://www.threatdown.com/blog/rhysida-using-oyster-backdoor-to-deliver-ransomware/
# Reference: https://www.virustotal.com/gui/file/0a7fd836d36ed8e8e9aa7bc41fdc9242333e8469059dec8886b7d935f3651679/detection

codeforprofessionalusers.com
dotnetisforchildren.com
firstcountryours.eu
postmastersoriginals.com
wherehomebe.com

# Reference: https://x.com/ShanHolo/status/1799015874042757386
# Reference: https://www.virustotal.com/gui/file/5c68fda16039ff29e9bf93c6dac11edbcd111dc8ec29fa499637c43b07039d92/detection

http://149.248.79.62
http://206.166.251.114
http://64.95.10.243
retdirectyourman.eu
supfoundrysettlers.us

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-24)

139.99.221.140:443
162.19.237.181:443
193.43.104.208:443
51.195.232.46:443
64.95.10.243:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-08)

http://67.217.228.225
67.217.228.225:443
