# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: modiloader

# Reference: https://twitter.com/Artilllerie/status/1299249738764689413
# Reference: https://www.virustotal.com/gui/file/94dc4632159764895ff15118dacc7c5b4c3f84722b4ae5c89b9b120adeec92bf/detection
# Reference: https://www.virustotal.com/gui/file/e832fe2b9251b58442d1c9e380ae5f5d338af57a43329f79786e333c15507ec4/detection
# Reference: https://app.any.run/tasks/30d9b08f-32f4-4587-aa9b-3763a75158d1/
# Reference: https://www.virustotal.com/gui/ip-address/5.45.65.79/relations

5.45.65.79:2480
eebucks.com
malwarebytes-antiav.club

# Reference: https://www.virustotal.com/gui/file/4b63c982aee1f4c3e13daae7b9b0e759886868ee8f4023273d24872f9cb134dc/detection

5.45.65.79:3970

# Reference: https://www.virustotal.com/gui/file/e8ab9b3a12a13d810cda38eebe879f86eb8ce05df931f3779d6f7d12117b114a/detection

5.45.65.79:3590

# Reference: https://www.virustotal.com/gui/file/463cc27ff212d544c70cc300dc0b604480133b282dc34b3c396cb6a12d0056ba/detection

5.45.65.79:2980

# Reference: https://www.virustotal.com/gui/file/2edafdccbc4a5c27a318ff171fcc8ac4a87d0794a32fd0a78b5bc6eb7e67bc2b/detection
# Reference: https://www.virustotal.com/gui/file/bd00e5680241c32c2e1daa90c0c8423b849ed28493a357f6dbc41df3a2387e5d/detection

http://37.1.206.213
5.45.65.79:2780
greencolor.top

# Reference: https://app.any.run/tasks/648bae3a-f1e7-4da4-a36e-76d077f4e768/

217.8.117.53:3590

# Reference: https://www.virustotal.com/gui/file/e9ee1c2f01a7d2a469388977f47916e6ccc9efe5fb2c1191c7b5e92781f5e70d/detection

195.22.26.248:8000

# Reference: https://www.virustotal.com/gui/file/10028099a0d2c2aaa8e940228b415688d958b7b9fa5649f9577b96cfd0b96c51/detection

217.8.117.79:16481

# Reference: https://www.virustotal.com/gui/file/d968dc2aabd69cae18f1ffc2f6c6f2ce06447176b2278f09c4b3d923c8314afe/detection

217.8.117.79:54193

# Reference: https://www.virustotal.com/gui/file/4e64ca30a26bdd2acf5caac9455287f38e2d0dc383bbdbf7c46b15c1820e578d/detection

217.8.117.74:3590

# Reference: https://twitter.com/JAMESWT_MHT/status/1329728270326247425
# Reference: https://bazaar.abuse.ch/sample/5c3f5dec5271e020a29643f1e75b7a6b07bb52562ee8426b21e7d76e9a46661b/
# Reference: https://analyze.intezer.com/analyses/55ad918a-ba00-497f-a2c5-262c957aa52f/sub/dc9bf2d0-cfce-46e1-8b22-6034f5df3d68

217.8.117.74:8364

# Reference: https://www.virustotal.com/gui/file/ed5215be40b05fe324dfd185a741a48c604215482095e1953bfdad62725c8092/detection

hwwleqqwkjdfuy.com

# Reference: https://www.virustotal.com/gui/file/b2f7094f521419809d946a68870b02bdd3a928c5a4d57ccdaea3b8f49bb96151/detection

217.8.117.97:33025

# Reference: https://github.com/pan-unit42/tweets/blob/master/2020-12-10-IOCs-from-Ursnif-infection-with-Delf-variant.txt
# Reference: https://www.virustotal.com/gui/file/b2cc1c54c3bbde2a7c0c0a32396bc6dba4d327d7a83278f478dce2f59d6751ef/detection

79.110.52.28:15497
