# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: djvu ransomware, stop ransomware

# Reference: https://twitter.com/petrovic082/status/1187762565969043457
# Reference: https://app.any.run/tasks/03afa5cb-2d8d-4cd0-a7ab-4e1bd7464db6/

ring1.ug

# Reference: https://twitter.com/abuse_ch/status/1209817867719467009
# Reference: https://www.virustotal.com/gui/domain/ring2.ug/relations

ring2.ug

# Reference: https://github.com/silence-is-best/c2db#filecoderstop

/As73yhsyU34578hxxx/
/As73yhsyU34578hxxx1/
/Asjdi435784ihjk65pen2/
/ydtftysdtyftysdfsdpen3/
/SDf565g/get.php

# Reference: https://twitter.com/JAMESWT_MHT/status/1270993904154873856
# Reference: https://app.any.run/tasks/b0502ef7-61f7-4e9e-87a1-bc7c3a102980/

cjto.top

# Reference: https://www.virustotal.com/gui/file/00ef13f2b577fca62b2100d9cb6306873abe2b57e97a05137217d911d449dd73/detection

mopg.top

# Reference: https://www.virustotal.com/gui/file/a36dabb110579e39137deb5f2330b86e581999d6cc5fa181112fe9742eb5f078/detection
# Reference: https://www.virustotal.com/gui/file/67e2337ee7de4cdd82c33357bf01d4f8098f2119bbeaad61b8e481c7a6671328/detection
# Reference: https://www.virustotal.com/gui/ip-address/85.114.134.88/detection

85.114.134.88:483
85.114.134.88:486

# Reference: https://www.virustotal.com/gui/file/3e6319246954aaa778f47a51b4e4ecacbdb160b309bae9bbe8047c26c91d39d6/detection

cleaner-ge.hk

# Reference: https://twitter.com/petrovic082/status/1390009991889883142
# Reference: https://app.any.run/tasks/63ff91aa-f934-451a-9b83-e2794469ed86/

jfus.top

# Reference: https://www.virustotal.com/gui/file/8209fcebdc81bc471b8abd57c07a18a7f222803f625028e26e343fde63183fda/detection

plnv.top

# Reference: https://twitter.com/petrovic082/status/1391394902911631369
# Reference: https://app.any.run/tasks/3d45121d-8f5a-470a-aa2a-e3e16de0350c/
# Reference: https://www.virustotal.com/gui/ip-address/35.235.74.220/relations

asvb.top
vafc.top

# Reference: https://www.virustotal.com/gui/ip-address/194.147.84.117/relations
# Reference: https://app.any.run/tasks/a4883cc0-1a44-4151-9c2b-6207d97cf99b/

qgam.top
vrta.top

# Reference: https://www.virustotal.com/gui/file/bdc895d2aa005210b2de94f02a65dbe899333b84cb0aeb9d8db3e7b50b071ad8/detection

http://188.120.251.192

# Reference: https://www.virustotal.com/gui/file/59b4861575e8fc6183373e223bc070e6ba89357692de09983fb807095aeaa61f/detection

motiwa.xyz

# Reference: https://cybleinc.com/2021/06/21/djvu-malware-of-stop-ransomware-family-back-with-new-variant/
# Reference: https://otx.alienvault.com/pulse/60d21834aced9b05606c1f05

a0142503.xsph.ru
blvd.top
bruze2.ug
qpao.top
trustglobalmail.online
vjsi.top

# Generic

/Asjdi435784ihjk65pen2/get.php
/nddddhsspen6/get.php
/sgfjsgdfgsgddagdpen4/get.php
/Asjdi435784ihjk65pen2/
/nddddhsspen6/
/sgfjsgdfgsgddagdpen4/
/files/penelop/
/tesptc/penelop/
/files/penelop/updatewin.exe
/files/penelop/updatewin1.exe
/files/penelop/updatewin2.exe
/files/penelop/3.exe
/files/penelop/4.exe
/files/penelop/5.exe
/tesptc/penelop/3.exe
/tesptc/penelop/4.exe
/tesptc/penelop/5.exe
/penelop/3.exe
/penelop/4.exe
/penelop/5.exe
/penelop/updatewin.exe
/penelop/updatewin1.exe
/penelop/updatewin2.exe
