# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.proofpoint.com/us/threat-insight/post/systembc-christmas-july-socks5-malware-and-exploit-kits
# Reference: https://otx.alienvault.com/pulse/5d4431e60c6bf943f7f039aa

http://146.0.75.34
amnsns.com
calacs-laurentides.com
crypto-crypto.site
dsntu.top
elienne.net
gougounu.site
mmasl.com

# Reference: https://twitter.com/VK_Intel/status/1176927389328261121
# Reference: https://www.virustotal.com/gui/file/7976bfcea5c86a0b12266993b17176398d3eabe817f3c44f1a212bca9234698d/detection

fresher.at

# Reference: https://twitter.com/pancak3lullz/status/1334638629654814720

172.105.253.97:4001
http://172.105.253.97

# Reference: https://news.sophos.com/en-us/2020/12/16/systembc/
# Reference: https://otx.alienvault.com/pulse/5fe3992846c25c7182e066ed

advertrex20.xyz
advertsp74.xyz
asdasd08.com
asdasd08.xyz
decatos30.com
decatos30.xyz
gentexman37.xyz
mexstat128.com
sdadvert197.com
shopweb95.xyz

# Reference: https://isc.sans.edu/forums/diary/Excel+spreadsheets+push+SystemBC+malware/27060/
# Reference: https://otx.alienvault.com/pulse/601aedb7c7c215c1dc3bb6db/

alnujaifi-portal.com/ds/3101.gif
clinica-cristal.com/ds/3101.gif
eyeqoptical.ca/ds/3101.gif
gbhtrade.com.br/ds/3101.gif
newstimeurdu.com/ds/3101.gif
remacon.net/ds/3101.gif
skconstruction.info/ds/3101.gif
/ds/3101.gif

# Reference: https://labs.f-secure.com/blog/prelude-to-ransomware-systembc/
# Reference: https://otx.alienvault.com/pulse/609abec825e7816948042cc0
# Reference: https://www.virustotal.com/gui/file/2dc93817039e6fa4fae014e1386cffa7ac35b89feac59d8abe7f51be1c089580/detection

23.227.202.22:4142
79.110.52.9:4142
193.29.104.187:443

# Reference: http://www.intel471.com/blog/cobalt-strike-cybercriminals-trickbot-qbot-hancitor

172.105.253.97:4001
80.85.84.79:4001

# Generic

/systembc/exec.vbs
/systembc/post.php
