# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: Yellow Cockatoo RAT, Polazert

# Reference: https://www.morphisec.com/hubfs/eBooks_and_Whitepapers/Jupyter%20Infostealer%20WEB.pdf
# Reference: https://redcanary.com/blog/yellow-cockatoo/
# Reference: https://otx.alienvault.com/pulse/5faf00679c90b876019cc653
# Reference: https://otx.alienvault.com/pulse/5fcab7a1accb28c015a5717d

blackl1vesmatter.org
gogohid.com
mixblazerteam.com
spacetruck.biz
vincentolife.com

# Reference: https://www.virustotal.com/gui/file/dbba731937d435681ed98af6e42ab52d53af4f9ebe8db955a2b4b9ab63b4b06c/detection

5.254.118.226:80

# Reference: https://www.virustotal.com/gui/file/38508585ab7911fa8c6475b14086e11db6e829c541b392634bcc921ae6cdda35/detection

http://216.230.232.134

# Reference: https://blog.morphisec.com/new-jupyter-evasive-delivery-through-msi-installer
# Reference: https://www.virustotal.com/gui/file/e3680602deb66e1196bcffe531cdeeab32663efc62c5e16178a0f9f4df745007/detection
# Reference: https://www.virustotal.com/gui/file/8447b77cc4b708ed9f68d0d71dd79f5e66fe27fedd081dcc1339b6d35c387725/detection

http://37.120.237.251
http://45.42.201.248

# Reference: https://www.virustotal.com/gui/file/60c570bd5f5f0d8ea3760317f9becaa78a9be16b2fb2dc7399bf270ca855c0a1/detection

http://45.146.166.186
