# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: djvu ransomware, stop ransomware

# Reference: https://twitter.com/petrovic082/status/1187762565969043457
# Reference: https://app.any.run/tasks/03afa5cb-2d8d-4cd0-a7ab-4e1bd7464db6/

ring1.ug

# Reference: https://twitter.com/abuse_ch/status/1209817867719467009
# Reference: https://www.virustotal.com/gui/domain/ring2.ug/relations

ring2.ug

# Reference: https://github.com/silence-is-best/c2db#filecoderstop

/As73yhsyU34578hxxx/
/As73yhsyU34578hxxx1/
/Asjdi435784ihjk65pen2/
/ydtftysdtyftysdfsdpen3/
/SDf565g/get.php

# Reference: https://twitter.com/JAMESWT_MHT/status/1270993904154873856
# Reference: https://app.any.run/tasks/b0502ef7-61f7-4e9e-87a1-bc7c3a102980/

cjto.top

# Reference: https://www.virustotal.com/gui/file/00ef13f2b577fca62b2100d9cb6306873abe2b57e97a05137217d911d449dd73/detection

mopg.top

# Reference: https://www.virustotal.com/gui/file/a36dabb110579e39137deb5f2330b86e581999d6cc5fa181112fe9742eb5f078/detection
# Reference: https://www.virustotal.com/gui/file/67e2337ee7de4cdd82c33357bf01d4f8098f2119bbeaad61b8e481c7a6671328/detection
# Reference: https://www.virustotal.com/gui/ip-address/85.114.134.88/detection

85.114.134.88:483
85.114.134.88:486

# Reference: https://www.virustotal.com/gui/file/3e6319246954aaa778f47a51b4e4ecacbdb160b309bae9bbe8047c26c91d39d6/detection

cleaner-ge.hk

# Reference: https://twitter.com/petrovic082/status/1390009991889883142
# Reference: https://app.any.run/tasks/63ff91aa-f934-451a-9b83-e2794469ed86/

jfus.top

# Reference: https://www.virustotal.com/gui/file/8209fcebdc81bc471b8abd57c07a18a7f222803f625028e26e343fde63183fda/detection

plnv.top

# Reference: https://twitter.com/petrovic082/status/1391394902911631369
# Reference: https://app.any.run/tasks/3d45121d-8f5a-470a-aa2a-e3e16de0350c/
# Reference: https://www.virustotal.com/gui/ip-address/35.235.74.220/relations

asvb.top
vafc.top

# Reference: https://www.virustotal.com/gui/ip-address/194.147.84.117/relations
# Reference: https://app.any.run/tasks/a4883cc0-1a44-4151-9c2b-6207d97cf99b/

qgam.top
vrta.top

# Reference: https://www.virustotal.com/gui/file/bdc895d2aa005210b2de94f02a65dbe899333b84cb0aeb9d8db3e7b50b071ad8/detection

http://188.120.251.192

# Reference: https://www.virustotal.com/gui/file/59b4861575e8fc6183373e223bc070e6ba89357692de09983fb807095aeaa61f/detection

motiwa.xyz

# Reference: https://cybleinc.com/2021/06/21/djvu-malware-of-stop-ransomware-family-back-with-new-variant/
# Reference: https://otx.alienvault.com/pulse/60d21834aced9b05606c1f05

a0142503.xsph.ru
blvd.top
bruze2.ug
qpao.top
trustglobalmail.online
vjsi.top

# Reference: https://www.virustotal.com/gui/file/ea7a287a8e15a510ef664a89ee62c1b08585573d2f6d6ba8fcd3c5e66f16a16d/detection

astdg.top
dgos.top

# Reference: https://www.virustotal.com/gui/file/dc3de176fd9ede42f3694824fb770e442f3d3ff0293c1c74b245e887df7a86e8/detection

jfes.top

# Reference: # Reference: https://www.virustotal.com/gui/file/659b32b98b48e30f28ab64f2922d869d26061a6ac8ebbbe33def7c8fc532e27a/detection

google-analitics91.com

# Reference: https://twitter.com/petrovic082/status/1421750589768208385
# Reference: https://app.any.run/tasks/e5c4e259-cf8b-4e45-98b2-bb0712840529/

securebiz.org

# Reference: https://twitter.com/James_inthe_box/status/1421820297511014407

ns1.kriston.ug
ns2.chalekin.ug
ns3.unalelath.ug
ns4.andromath.ug

# Reference: https://www.virustotal.com/gui/file/6dc95e37a28289a5b17c8ab7e8eafb06216960e3ee9ed8a045faf8cc019238f7/detection

pool.ug
root.ug

# Reference: https://www.virustotal.com/gui/file/5d425861016578b96fff3d295a1e371827e4f3f55cfee47f37bfb75e876a8460/detection

loot.ug
ymad.ug

# Reference: https://www.virustotal.com/gui/file/b22a4ee6962714dad7adda4f93d1281185c1e2c8eabb1ba09725cb4cdedc550a/detection

morgem.ru

# Reference: https://www.virustotal.com/gui/ip-address/34.105.199.171/relation
# Reference: https://www.virustotal.com/gui/file/0e55e17532909ad5ad34eb4e35d791b27c6951dd15a8baba34c29ae572c884d0/detection
# Reference: https://www.virustotal.com/gui/file/178fb69c394a6d86a3695acbb025bc2f3be31dea683ee6e5016af0566eef8111/detection
# Reference: https://www.virustotal.com/gui/file/f51e4b8f7e7ff68015af698d833134bb6be1b4a435fc49221db9d1d79e11babf/detection

jfas.top
jibw.top
losm.ch
yual.top

# Reference: https://www.virustotal.com/gui/file/ebf5cd3eb76a82bca18e9eca391f5cad9d8e0562d80b3254129033564402494b/detection

http://37.49.230.185

# Reference: https://twitter.com/petrovic082/status/1459837360728903680
# Reference: https://app.any.run/tasks/269821a9-1484-45c4-8660-30eb870bdf68/

kotob.top
pqkl.org

# Reference: https://www.virustotal.com/gui/file/f9a647a6b8e2a922e086637ced33dbc68b24663976b62b1724524f1ab6aee555/detection

dell1.ug
dell2.ug

# Generic

/375687husgfdg443geinerin/47w5youghsig/get.php
/375687husgfdg443geinerin/47w5youghsig/
/375687husgfdg443geinerin/
/47w5youghsig/get.php
/47w5youghsig/
/6454hgvghfgtyryfgfgvcvsydtfystdsbvdfpenelop/sdfsvfbvsbdfdfgdfhfgserwcv/get.php
/6454hgvghfgtyryfgfgvcvsydtfystdsbvdfpenelop/sdfsvfbvsbdfdfgdfhfgserwcv/
/6454hgvghfgtyryfgfgvcvsydtfystdsbvdfpenelop/
/sdfsvfbvsbdfdfgdfhfgserwcv/get.php
/sdfsvfbvsbdfdfgdfhfgserwcv/
/Asjdi435784ihjk65pen2/get.php
/fhsgtsspen6/get.php
/nddddhsspen6/get.php
/sgfjsgdfgsgddagdpen4/get.php
/Asjdi435784ihjk65pen2/
/fhsgtsspen6/
/nddddhsspen6/
/sgfjsgdfgsgddagdpen4/
/files/penelop/
/tesptc/penelop/
/files/penelop/updatewin.exe
/files/penelop/updatewin1.exe
/files/penelop/updatewin2.exe
/files/penelop/3.exe
/files/penelop/4.exe
/files/penelop/5.exe
/tesptc/penelop/3.exe
/tesptc/penelop/4.exe
/tesptc/penelop/5.exe
/penelop/3.exe
/penelop/4.exe
/penelop/5.exe
/penelop/updatewin.exe
/penelop/updatewin1.exe
/penelop/updatewin2.exe
