# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations
# Reference: https://www.virustotal.com/gui/ip-address/45.32.186.33/relations
# Reference: https://www.virustotal.com/gui/ip-address/139.59.46.154/relations
# Reference: https://www.virustotal.com/gui/ip-address/89.107.62.39/relations

139.59.46.154:80
139.59.46.154:3485
89.107.62.39:80
89.107.62.39:8080
89.107.62.39:13569
0x.com.ua
1000hp.club
banks.quasar.cc
blog.0x.com.ua
blog.quasar.cc
bot.quasar.cc
braizatravel.com
com-ho.me
compressor.quasar.cc
itworx.com-ho.me
kolibri.space
mci.com-ho.me
moh.com-ho.me
mol.com-ho.me
ntg-sa.com
quasar.cc
search.quasar.cc
shaula.space
shop.quasar.cc
trends.ukr.gift
ukr.gift
valakas.0x.com.ua
valakas.quasar.cc
vktg.quasar.cc
webp.quasar.cc
zyabra.com

# Reference: https://twitter.com/tadmaddad/status/1082846728435335168
# Reference: https://www.virustotal.com/gui/file/931f25b7fe4bf22c3383f2a011054852d0a1ea4bcd465d37bb6e8603a11bb085/detection

221.153.37.38:8080

# Reference: https://twitter.com/James_inthe_box/status/1062054609319940097
# Reference: https://www.virustotal.com/gui/ip-address/167.99.161.218/relations

167.99.161.218:443
167.99.161.218:4444
167.99.161.218:80
178.128.70.88:8080

# Reference: https://twitter.com/v0id_hunter/status/832578348744376320
# Reference: https://pastebin.com/MweLPX93

datinguppercrust.com
fattybraintoys.net
gigestate.com
theagingbusiness.com
tokopatria.com
twittergrandma.com

# Reference: https://app.any.run/tasks/0bb1b562-9d2b-4f8d-b64c-e2e3457b6236/

45.76.128.165:4443

# Reference: https://app.any.run/tasks/7048aaa6-0216-4d5f-8fc1-92f9fa4aa3f3/

142.11.215.153:443

# Reference: https://app.any.run/tasks/d59fd378-eeb5-44e2-aa64-e633a83fc3fe/

66.192.70.36:443

# Reference: https://twitter.com/r3dbU7z/status/1326994040831750151
# Reference: https://www.virustotal.com/gui/file/159b58cbc5994096019a322bc61432c2c04ab1b371b93cca64b818f0d1d8f0eb/detection
# Reference: https://www.virustotal.com/gui/file/27a38b3d3de594d0d32d8c171244616509a4747a6be311cfba27183d90b7d3dc/detection
# Reference: https://www.virustotal.com/gui/file/03ea8330969b98cce48f37c5c699e5c4a2f5c614bb31f99f48c59d7cafb90c8d/detection

185.232.31.2:11720
185.232.31.2:443
/Pupy.ps1
/pupy_cApXy4.cs
/pupy_XrUDIO.ps1
/pupy_tNv5B8.ps1
/pupyx64.Iyvrj2.exe
