# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations
# Reference: https://www.virustotal.com/gui/ip-address/45.32.186.33/relations
# Reference: https://www.virustotal.com/gui/ip-address/139.59.46.154/relations
# Reference: https://www.virustotal.com/gui/ip-address/89.107.62.39/relations

139.59.46.154:80
139.59.46.154:3485
89.107.62.39:80
89.107.62.39:8080
89.107.62.39:13569
0x.com.ua
1000hp.club
banks.quasar.cc
blog.0x.com.ua
blog.quasar.cc
bot.quasar.cc
braizatravel.com
com-ho.me
compressor.quasar.cc
itworx.com-ho.me
kolibri.space
mci.com-ho.me
moh.com-ho.me
mol.com-ho.me
ntg-sa.com
quasar.cc
search.quasar.cc
shaula.space
shop.quasar.cc
trends.ukr.gift
ukr.gift
valakas.0x.com.ua
valakas.quasar.cc
vktg.quasar.cc
webp.quasar.cc
zyabra.com

# Reference: https://twitter.com/tadmaddad/status/1082846728435335168
# Reference: https://www.virustotal.com/gui/file/931f25b7fe4bf22c3383f2a011054852d0a1ea4bcd465d37bb6e8603a11bb085/detection

221.153.37.38:8080

# Reference: https://twitter.com/James_inthe_box/status/1062054609319940097
# Reference: https://www.virustotal.com/gui/ip-address/167.99.161.218/relations

167.99.161.218:443
167.99.161.218:4444
167.99.161.218:80
178.128.70.88:8080

# Reference: https://twitter.com/v0id_hunter/status/832578348744376320
# Reference: https://pastebin.com/MweLPX93

datinguppercrust.com
fattybraintoys.net
gigestate.com
theagingbusiness.com
tokopatria.com
twittergrandma.com

# Reference: https://app.any.run/tasks/0bb1b562-9d2b-4f8d-b64c-e2e3457b6236/

45.76.128.165:4443

# Reference: https://app.any.run/tasks/7048aaa6-0216-4d5f-8fc1-92f9fa4aa3f3/

142.11.215.153:443

# Reference: https://app.any.run/tasks/d59fd378-eeb5-44e2-aa64-e633a83fc3fe/

66.192.70.36:443
