# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: anatsa, teabot, toddler

# Reference: https://www.cleafy.com/documents/teabot
# Reference: https://twitter.com/malwrhunterteam/status/1376502472462770176
# Reference: https://twitter.com/malwrhunterteam/status/1353816938892423169
# Reference: https://twitter.com/bl4ckh0l3z/status/1354323713907372033
# Reference: https://www.virustotal.com/gui/ip-address/45.128.150.34/relations
# Reference: https://www.virustotal.com/gui/file/6cc2421b86392072fece2d63e9731eb902001f2d812e56d26553e8ad0dac4b8e/detection
# Reference: https://www.virustotal.com/gui/file/89e5746d0903777ef68582733c777b9ee53c42dc4d64187398e1131cccfc0599/detection

http://178.32.130.170
http://185.215.113.31
bookreader.fun
kopozkapalo.xyz
oinregoinroseg.xyz
pokymase.xyz
shavac.xyz
sepoloskotop.xyz

# Reference: https://twitter.com/illegalFawn/status/1387719591619665921
# Reference: https://twitter.com/_icebre4ker_/status/1387721989524185092
# Reference: https://www.virustotal.com/gui/file/5c7d2f8deb230594e8b61f4cb896eb49eb076dd22119861adef43c0fdb37bd39/detection

185.215.113.31:82

# Reference: https://twitter.com/alberto__segura/status/1408806004968542212
# Reference: https://www.virustotal.com/gui/file/fb00adb4c51834b5d37f5881b4baa6153b07cf44b6fe523fbedf7c2943d4f661/detection

178.32.130.175:84
185.215.113.31:84

# Reference: https://twitter.com/BushidoToken/status/1392189145250996226

akilomansoanap.xyz
batroslunk.top
buleworis.top
caramelcorp.cc
firsttechfed.top
fraud-world.top
gaweawgeaweg232.top
ghslitvomuurepj.top
gotxest.top
jamelal.xyz
terulinaor.top

# Reference: https://www.virustotal.com/gui/ip-address/104.154.230.245/relations

aloloksaop20a.top
kotlovina20a2a.top
pomidoaproko222a.top

# Reference: https://labs.bitdefender.com/2021/06/threat-actors-use-mockups-of-popular-apps-to-spread-teabot-and-flubot-malware-on-android/
# Reference: https://www.virustotal.com/gui/file/d6f9197d9b452cb0c13f9dca40d47e8ea11d382cfbadb1f353d43b54dad5af58/detection
# Reference: https://www.virustotal.com/gui/file/1d8ffa729c0decd436624669e8ff65076ab567cd2b5b52f703b7d5528db8c67e/detection
# Reference: https://www.virustotal.com/gui/file/1d8ffa729c0decd436624669e8ff65076ab567cd2b5b52f703b7d5528db8c67e/detection

http://185.215.113.39
biomakein202best.top
foreannul.top
forunkulosko2122.top
losh190sup29asp.top
peskoleonido9201.top

# Generic

/api/botupdate
/api/getbotinjects
/api/getkeyloggers
