# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: 1xxbot, arechclient2, asatafar

# Reference: https://www.gdatasoftware.com/blog/2019/11/35548-new-sectoprat-remote-access-malware-utilizes-second-desktop-to-control-browsers

http://45.142.213.230

# Reference: https://twitter.com/P3pperP0tts/status/1197493278339469313
# Reference: https://twitter.com/P3pperP0tts/status/1196425019154403328
# Reference: https://app.any.run/tasks/efeb529d-fa5d-4adb-8527-7161080e722a/

51.15.22.167:228

# Reference: https://twitter.com/malwrhunterteam/status/1200742733805170688
# Reference: https://www.virustotal.com/gui/file/32aa5f556099e8fdf9c0f4c8f5695e5736a7cc208aacc548d623d329256d4130/detection

94.242.206.163:228

# Reference: https://twitter.com/malwrhunterteam/status/1205495402721685509

firestarter.co.ug

# Reference: https://app.any.run/tasks/4827acc3-173d-4f4f-b4ca-212e4814ba44/

93.190.142.138:228

# Reference: https://twitter.com/Arkbird_SOLG/status/1348288401049608193
# Reference: https://www.virustotal.com/gui/file/4b3411887671db0dd5e57c2187260bd79f2c5cd4279d24b96de9724f492ce3f7/detection
# Reference: https://www.virustotal.com/gui/file/3d74c37ade5a7082617acb0cb1697eb18c9a61f7099b04b76967140f3a8d03ec/detection

34.253.207.79:15647

# Reference: https://www.virustotal.com/gui/ip-address/54.194.254.16/relations
# Reference: https://twitter.com/James_inthe_box/status/1348264657736269828
# Reference: https://app.any.run/tasks/279edbe8-a2d6-4816-8602-311fa33fd34b/
# Reference: https://www.virustotal.com/gui/file/2cad1d5cd3e145f720e3da8825183d78545b834fe146a8d1ec26c0e876980a66/detection

54.194.254.16:15647

# Reference: https://twitter.com/abuse_ch/status/1348271030322790400
# Reference: https://bazaar.abuse.ch/sample/bf802ba3e523c502a27e0c9044bc699f0db17ebb00e5b3b9c152038a13c856ed/
# Reference: https://www.virustotal.com/gui/file/bf802ba3e523c502a27e0c9044bc699f0db17ebb00e5b3b9c152038a13c856ed/detection

80.209.229.192:15646

# Reference: https://www.virustotal.com/gui/file/a24bf6fa910c0fe011cdabd3c1203d735f8a28f27c646fe0ae5981bbb7304e41/detection

80.82.77.221:15647

# Reference: https://www.virustotal.com/gui/file/8d2c8fab417257c558a379fc384a5fdda844b73ca507944b90b0a101591c7fae/detection
# Reference: https://www.virustotal.com/gui/file/17a7129edcb8c2bb353c6fc365455b630912da13d3af096e9fb148647551f6b4/detection

147.78.67.95:15646
147.78.67.95:15647

# Reference: https://www.virustotal.com/gui/file/9f204e8a44750d83e2d892357db881a241e16fe82eff4fc16f0d9adecec430a3/detection

185.195.26.100:54766

# Reference: https://www.virustotal.com/gui/file/cb64e1065259e2c9e0fb663bdf4ad73a4abc514399ca86f4c3b745b61c6ab530/detection

185.82.202.143:15647

# Reference: https://www.virustotal.com/gui/file/665747baf4f8bba24765b2a486f7677b7e1f199335cace6db075f8f3dd68fcef/detection
# Reference: https://www.virustotal.com/gui/file/f12f3ad220342c60304834a7df1345521e16e13242566dbc76fc21242765fe23/detection

195.2.78.227:228
195.2.78.227:54766

# Reference: https://www.virustotal.com/gui/file/b7a16329d7ca5a5ff38f6d424b426f33a29e1fff8490016530a7433134b391f6/detection

135.181.86.99:15464

# Reference: https://www.virustotal.com/gui/file/98f7e638f8cd14879f5c9fb2071e4f53df9922cdd77a64b632fb06a197d9f9e6/detection

202.59.10.176:15646

# Reference: https://www.virustotal.com/gui/file/3ca1a97e6b3e8d9bae5a054a2c5014db99c4375cab6554e33fb4217bf34a1858/detection

86.106.93.111:15646

# Reference: https://www.virustotal.com/gui/file/71c3e512e148941ff0435c9a556d75cf8fe5621a85a6a2ea4f7a20cb6a0c6856/detection

185.165.153.51:5025
