# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: ficker stealer, merkava, zudochka

# Reference: https://twitter.com/malwrhunterteam/status/1330249483045785604
# Reference: https://www.virustotal.com/gui/file/3b1dc7e0c9154fe384c695f8eec5622ab2ba88bf59d990def6b2c11d8519cecf/detection

45.90.218.220:8000
tracker-place.top

# Reference: https://www.domaintools.com/resources/blog/identifying-network-infrastructure-related-to-a-who-spoofing-campaign
# Reference: https://otx.alienvault.com/pulse/5fc7b50f3599afc7ab4cc5a7

adverting-cdn.com
european-who.com
health-world-org.com
office-pulgin.com
who-international.com

# Reference: https://twitter.com/anyrun_app/status/1338471840902213635
# Reference: https://app.any.run/tasks/44cd1390-8ea7-414f-9d8c-d24668623f5a/

brokstrot.com

# Reference: https://www.virustotal.com/gui/file/872e60f7287bd2382587dacdf69b70f3c2e7c7e2ceb5677b58cd540a97369bbc/detection
# Reference: https://www.virustotal.com/gui/file/94e60de577c84625da69f785ffe7e24c889bfa6923dc7b017c21e8a313e4e8e1/detection

ferguslawn.com
sweyblidian.com

# Reference: https://www.virustotal.com/gui/file/90929f4e6bd28d6a197fef323930502ac1a3dcc9de8d4dba02dc6702fd570e14/detection

mobilesuit.top

# Reference: https://app.any.run/tasks/24af325e-9770-47a1-affd-6659f99c7a49/

47.91.94.48:4153
venecia.club
gambinos.club

# Reference: https://app.any.run/tasks/0d19c78e-e054-4b16-b199-96d614d7e0b8/

93.114.128.74:80

# Reference: https://twitter.com/James_inthe_box/status/1358787345886048257

roanokemortgages.com
satursed.com
sweyblidian.com

# Reference: https://twitter.com/James_inthe_box/status/1364956102815801348

wouatiareves.ru

# Reference: https://twitter.com/malware_traffic/status/1364984475944427521

sweyblildian.com

# Reference: https://twitter.com/malware_traffic/status/1367152943158468610

nvgeeforsegt.ru

# Reference: https://twitter.com/malware_traffic/status/1367526827221204996

baadababada.ru

# Reference: https://twitter.com/pmmkowalczyk/status/1374003454805413891
# Reference: https://www.virustotal.com/gui/file/414ae59a12db299866abacb6e65d1d2aed26ec9197969821fe77bb52ca64ed17/detection

dl-link.live
lukkeze.club

# Reference: https://twitter.com/James_inthe_box/status/1376920282053574657

q17ar45.ru

# Reference: https://twitter.com/James_inthe_box/status/1379452830616973312

tren0.ru

# Reference: https://twitter.com/James_inthe_box/status/1380168560329158663

s5iwc.ru

# Reference: https://pastebin.com/wtxn3CZZ

derferper.ru

# Reference: https://pastebin.com/qsf3se6f

qm30098.ru

# Reference: https://twitter.com/James_inthe_box/status/1382709049209212928

45des29.ru

# Reference: https://www.virustotal.com/gui/file/2c94c16d59f1724838477b73e18f833e473b96b6581f1c7fc0f26d94532588b0/detection
# Reference: https://www.virustotal.com/gui/file/2c94c16d59f1724838477b73e18f833e473b96b6581f1c7fc0f26d94532588b0/detection

cdnserverhostingdomainname.site
38en4scmfu95q.s3.eu-central-1.amazonaws.com
glku5jgmh3t.s3.eu-central-1.amazonaws.com
mpon5x7b2wql011cua.s3.eu-central-1.amazonaws.com
msvqcywpwg.s3.eu-central-1.amazonaws.com

# Reference: https://twitter.com/fr0s7_/status/1384609686515822596
# Reference: https://www.virustotal.com/gui/file/70fc1260fbdc236698b140e7957c2bb5d85cf90230241bf0cf332eeeec74da99/detection

rand934.xyz

# Reference: https://www.virustotal.com/gui/file/6727d1a8cecb816f5565a8a61190d48bece1db0d946e98d64d4c08d1575e0bf8/detection

fluzz.ga

# Reference: https://www.virustotal.com/gui/file/2b5e66f542d00a343e78c42c875f8e32c2b4626c74235217bae3375600f2a4a1/detection

57umant.ru

# Reference: https://twitter.com/malware_traffic/status/1395522304575221765
# Reference: https://www.malware-traffic-analysis.net/2021/05/20/index.html

q09pi7.ru

# Reference: https://twitter.com/malware_traffic/status/1395118996278685696

traverso.ru

# Reference: # Reference: https://twitter.com/James_inthe_box/status/1396842645968744453

gromber6.ru

# Reference: https://twitter.com/pmmkowalczyk/status/1397852887955410947

obtiron.ru

# Reference: https://www.virustotal.com/gui/file/9a9926376a027f80eb56912ae54db483382e6566a54a139d6c7b384b3bd06409/detection

kor0leva.ru

# Reference: https://twitter.com/Racco42/status/1405164909353111552
# Reference: https://tria.ge/210616-rzw7rvzrm2

http://80.87.192.115
zarroamarf.tk

# Reference: https://www.malware-traffic-analysis.net/2021/06/17/index.html

pr1zm0met.ru

# Reference: https://www.malware-traffic-analysis.net/2021/06/15/index.html

larn9kany.ru

# Reference: https://twitter.com/James_inthe_box/status/1407350358503006220

t578qnar.ru

# Reference: https://otx.alienvault.com/pulse/60d2f6ee92c20710aad95809

pospvisis.com

# Reference: https://twitter.com/malware_traffic/status/1408095271985295360

kubantr0.ru

# Reference: https://twitter.com/James_inthe_box/status/1410617868530556940

rar1tet.ru
