
# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/ViriBack/status/1035683053459460098

3dchesmellltda.club

# Reference: https://researchcenter.paloaltonetworks.com/2016/03/banload-malware-affecting-brazil-exhibits-unusually-complex-infection-process/

compra-da-sorte.com
vemsorte2015.com

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Banloa-CRQ/detailed-analysis.aspx

triocar.web1629.kinghost.net
www.inducar.kinghost.net

# Reference: https://twitter.com/pancak3lullz/status/1040343104564473865

beladoces.online/wp/wp-includes/brazilkrisemundial/index.php

# Reference: https://twitter.com/James_inthe_box/status/1242573224006696961

/AppCounter20032020-001/index.php

# Reference: https://twitter.com/1ZRR4H/status/1243178915507703810

seguridadsucursal.online
tma8sjw.myftp.org

# Reference: https://blog.scilabs.mx/blog/2019/12/06/campana-cosmic-banker-sigue-activa-y-revela-vinculo-con-banload/
# Reference: https://www.virustotal.com/gui/ip-address/51.79.31.28/relations

http://51.79.31.28
comprobantes.sytes.net
dgi1b2n3m4.ddns.net
/RO3473I4R4Y.php

# Reference: https://twitter.com/James_inthe_box/status/1245427754977263617

receitafazenda.webcindario.com
/primo/verifique.php

# Reference: https://twitter.com/NtSetDefault/status/1253292071877820416

4up4.com/uploads/file_2020-04-13_031927.jpg

# Reference: https://twitter.com/Bank_Security/status/1258359587729813504
# Reference: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
# Reference: https://www.virustotal.com/gui/file/ed1e2a3767b575cce54e13e05112f30156590cc080a0d0865aaf85686c4e51be/detection

23.108.57.243:3389
http://23.106.124.20/avs/img1/index.php

# Reference: https://twitter.com/sevenofnull/status/1275342947068915713
# Reference: https://app.any.run/tasks/141db5f3-0e93-43c3-96e9-ebf0e69bccda/ (# MALWARE [PTsecurity] Trojan-Spy.Win32.Delf(Banload))
# Reference: https://www.virustotal.com/gui/ip-address/104.154.43.185/relations
# Reference: https://www.virustotal.com/gui/file/b22f8eaf82e15fe8118617cd7db703486696a82924dbafcbc31d8ce1262fcdb5/detection
# Reference: https://www.virustotal.com/gui/file/2f4db2bd529b5705308afd647b26d1a172d34b31d3382da57bac67aa3373a43c/detection
# Reference: https://www.virustotal.com/gui/file/507b299b76133f4ee7a30c12e23e45fa6fe9a1990ac87cb39136c25cc015e011/detection

104.154.43.185:60001
