# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: mariposa, rimecud

# Reference: https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/23000/PD23029/en_US/McAfee%20Labs%20Threat%20Advisory-Rimecud.pdf

bfisback.no-ip.org
l33t.brand-clothes.net
prcolina.prichaonica.com
sandra.prichaonica.com
pica.banjalucke-ljepotice.ru
kreten.banjalucke-ljepotice.ru
sombrero.balkan-hosting.net
solfire.aljosaborkovic.com
bf2back.sinip.es
lalundelau.sinip.es
qwertasdfg.sinip.es
butterfly.sinip.es
legion.sninip.es
thejacksonfive.mobi
gusanodeseda.mobi
juice.losmibracala.org
teske.pornicarke.com
shv4.no-ip.biz
sexme.in
thesexydude.com
tamiflux.org
youare.sexidude.com
mierda.notengodominio.com
thejacksonfive.us
rnd009.t35.com
butterfly.bigmoney.biz
extraperlo.biz
defintelsucks.sinip.es
defintelsucks.net
defintelsucks.com
gusanodeseda.sinip.es
gusanodeseda.net
tinaivanovic.sexy-serbian-girls.info
informaciones.estr.es
jebena.ananikolic.su
dzaba.cultarts.com
pickeklosarske.ru
kadds.ru
shv4b.getmyip.com
booster.estr.es
legionarios.servecounterstrike.com
yougotissuez.com
tamiflux.net

# Reference: http://www.lavasoft.com/mylavasoft/malware-descriptions/blog/trojanwin32rimecudm

slade.safehousenumber.com
murik.portal-protection.net.ru
world.rickstudio.ru
banana.cocolands.su
portal.roomshowerbord.com

# Reference: https://palevotracker.abuse.ch/?statistic

microsoft.opendns.be
bigmack.opendns.be
shv4.no-ip.biz
shv4b.getmyip.com
e7j0ht.cn
eit.folks.su
callback.beecitysearch.com
ip.ipwhois.org.uk
dcusp.idolmovies.com
dcusp.beecitysearch.com
server1.unibaq.com
fitt.prince.kz
dcusp.mdmads.com
ka3ek2.com

# Reference: https://palevotracker.abuse.ch/?ipaddress=173.230.158.166

parta.q8still.net
nali.guys4us.net
Windowsmedia.net.in
aburame.info
linaangel.biz
three.humthay.info
dontbe.tumkuta.info
webmail.shume.info
four.thefuelworkz.net
webmail.pse1jo2po3.info

# Reference: https://palevotracker.abuse.ch/?ipaddress=189.236.206.143

mariposita.web-personal.org
computo164.laweb.es

# Reference: https://palevotracker.abuse.ch/?ipaddress=199.2.137.25

webmail.drshells.net
webmail.ngulesh.info
ircr0x.drshells.net

# Reference: https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Worm:Win32/Rimecud.DP
# Reference: https://www.malwaredomainlist.com/forums/index.php?topic=4331.0

digitalmind.cn
antipiracypetition.com
freebieslounge.com

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~RimecMem-A/detailed-analysis.aspx

bambambam.info
februarystorm.net
mainpodcast.com
newstrucks.com

# Reference: http://www.pandasecurity.com/mediacenter/malware/vodafone-distributes-mariposa/

channeltrb123trb.com
ka3ek2.com
nadnadzz2.info

# Reference: https://ics-cert.us-cert.gov/advisories/ICSA-10-090-01

bf2back.sinip.es
bfisback.no-ip.org
bfisback.sinip.es
binaryfeed.in
booster.estr.es
butterfly.BigMoney.biz
butterfly.sinip.es
defintelsucks.com
defintelsucks.net
defintelsucks.sinip.es
extraperlo.biz
gusanodeseda.mobi
gusanodeseda.net
gusanodeseda.sinip.es
lalundelau.sinip.es
legion.sinip.es
legionarios.servecounterstrike.com
mierda.notengodominio.com
qwertasdfg.sinip.es
sexme.in
shv4.no-ip.biz
shv4b.getmyip.com
tamiflux.net
tamiflux.org
thejacksonfive.biz
thejacksonfive.mobi
thejacksonfive.us
thesexydude.com
youare.sexidude.com
yougotissuez.com

# Reference: https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32%2fRimecud

irc.ekizmedia.com
zone.arminboutique.com
story.dnsentrymx.com

# Reference: https://web.archive.org/web/20120106212034/http://amada.abuse.ch/blocklist.php?download=domainblocklist

1-microsoft.com
88.perfectexe.com
aaaa.forexinvest4.com
alotibi.panadool400.com
asp.spinchats.com
av.babypin.net
banana.cocolands.su
bf2back.sinip.es
bff.7oorq8.com
bfisback.no-ip.org
booster.estr.es
bunker.org.ua
bupv19.needstub.com
butterfly.BigMoney.biz
butterfly.sinip.es
chat.phpchatrooms.com
chronos-network.com
dcusp.beecitysearch.com
dcusp.idolmovies.com
e7j0ht.cn
f5v9w.com
ff.converter50.com
ff.fifa2012terra.com
ff.fjpark.com
fofo.javagames7.com
forozperu.com
gpl001.cdmon.org
hahahaha.ishtiben.com
hcuewgbbnfdu1ew.com
hcuewgbbnfs1uew.com
hoodmice.com
hubs.ishtiben.com
ilo.brenz.pl
irc.ekizmedia.com
irc.zief.pl
ircr0x.drshells.net
juice.losmibracala.org
kingcasino.info
lalundelau.sinip.es
legionarios.servecounterstrike.com
linuxsup.com
livesecureupdate.com
lmagehost.com
lol.amigosnextel.com
mail.genesisstore.sk
mails.clickbar.net
mails.lebadv.com
masterkey.com.ua
mierda.notengodominio.com
mix.channeltrb123trb.com
ms.allnewdots.com
ms4all.twoplayers.net
mst.com.ua
mx5.ka3ek2.com
mx5.nadnadzz2.info
my.dnsposition.com
nodes.com.ua
ns28.updatewindowsversion2939.com
od8.tawil.biz
p.keywordkr.com
panchitox.laweb.es
penchatox.sin-ip.es
portal.roomshowerbord.com
qwertasdfg.sinip.es
record.channeltrb123trb.com
record.ka3ek2.com
sam.chatsmate.com
sam2.123back.com
servicio-fisico.info
shv4.no-ip.biz
shv4b.getmyip.com
skyoflies.info
soypolilla.com
ss.MEMEHEHZ.INFO
ss.nadnadzzz.info
ssl.aukro.ua
symconempkr.com
sys.zief.pl
tes.memehehz.info
tes.stuckin.org
teske.pornicarke.com
tlaloc666.com
vesporno.com
weail.wdect.ru
weather.co.ua
winsekureservo.co.cc
wisetrize.com
world.rickstudio.ru
adx4bf5.com
youare.sexidude.com
zone.arminboutique.com

# Reference: https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz
# Reference: https://snort-org-site.s3.amazonaws.com/production/release_files/files/000/012/156/original/snort3-community-rules.tar.gz

soywey.sin-ip.es
