# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: crypminal

# Reference: https://twitter.com/malwrhunterteam/status/1121825095792590849
# Reference: https://twitter.com/James_inthe_box/status/1121825506133811201

olex.live

# Reference: https://twitter.com/malwrhunterteam/status/1121858510441132032
# Reference: https://twitter.com/James_inthe_box/status/1121868484642631680

branchesv.com

# Reference: https://twitter.com/malwrhunterteam/status/1126013665155670016
# Reference: https://twitter.com/James_inthe_box/status/1126096193862287360

159.69.88.115:443

# Reference: https://twitter.com/James_inthe_box/status/1185530740911423488

vdscloud.net

# Reference: https://research.checkpoint.com/2020/bandook-signed-delivered/
# Reference: https://otx.alienvault.com/pulse/5fc6a8431725dbaccdb8b860

2ndprog.monster
branchesv.com
ercuc.com
ewsdocs.com
horizongb.com
htname.info
idcmht.com
jtoolbox.org
mainsrv.top
mxtms.com
nopejohn.com
ntsclouds.com
olex.live
p2020.xyz
pronews.icu
raysdoor.com
styleco.me
tancredis.com
vdscloud.net
vsimperial.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1340931119454281728
# Reference: https://app.any.run/tasks/fee6dab8-02dd-4978-8254-251725f98360/

pdafact.com

# Reference: https://www.welivesecurity.com/2021/07/07/bandidos-at-large-spying-campaign-latin-america/
# Reference: https://otx.alienvault.com/pulse/60e6c811e797f56de6d1689a
# Reference: https://www.virustotal.com/gui/file/9bed6ae8561bb3c54099044c461f305ae0214e8e9972c5ab362f493e2ac07e38/detection
# Reference: https://www.virustotal.com/gui/file/435fa80c1088c8e2b821cf86d5f5a6c2cebf41e3b12d067473c79ab5773d3862/detection
# Reference: https://www.virustotal.com/gui/file/bc089259a1da012b1331933427fdf29e62e0c66cc4ca69c2319dd45f13a95c5d/detection

185.243.114.89:7891
194.5.250.103:7891
45.142.214.31:7892
ladvsa.club
d1.ngobmc.com
d2.ngobmc.com

# Reference: https://www.virustotal.com/gui/file/ba153e449ee926c019b548997c32d0579b9c6f350b1590a025d5d9a216ddbffd/detection
# Reference: https://www.virustotal.com/gui/file/59825e4ff55b539a70952ab80643aaee6499b9d0153fb3b8a19eea74a0a425c4/detection

185.106.122.71:7891
194.87.48.126:7893
r1.panjo.club
s1.megawoc.com
