# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: raccoon, mohazo

# Reference: https://twitter.com/ViriBack/status/1120072762305990663
# Reference: https://twitter.com/James_inthe_box/status/1119282322895855618

http://176.223.143.5
http://80.88.90.110
raccoon-gate.site
raccoon-storage.site

# Reference: https://twitter.com/x42x5a/status/1124062134378409992

http://94.177.213.34

# Reference: https://twitter.com/James_inthe_box/status/1151583038087655424

http://35.246.139.134

# Reference: https://twitter.com/nao_sec/status/1175779553211379720

http://34.90.238.61

# Reference: https://twitter.com/P3pperP0tts/status/1176118878553956354

http://35.228.240.181

# Reference: https://app.any.run/tasks/80750e99-21d6-4fd4-b245-0312fa3908ab/

http://35.228.79.212

# Reference: https://www.cybereason.com/blog/hunting-raccoon-stealer-the-new-masked-bandit-on-the-block
# Reference: https://www.cybereason.com/hubfs/Indicators%20of%20Compromise/Raccoon%20-%20Indicators%20of%20Compromise.pdf
# Reference: https://otx.alienvault.com/pulse/5db2e20e8d6c8e510174fa05

adsymbol.com
advertserv25.world
advexmail2d.world
aegohaohuoruitiiee.top
aegohaohuoruitiiek.su
aegohaohuoruitiiel.cc
aegohaohuoruitiieo.io
aegohaohuoruitiiep.co
aeifaeifhutuhuhuse.top
aeifaeifhutuhuhusk.su
aeifaeifhutuhuhusl.cc
aeifaeifhutuhuhuso.io
aeifaeifhutuhuhusp.co
aeoughaoheguaoehde.top
aeoughaoheguaoehdk.su
aeoughaoheguaoehdl.cc
aeoughaoheguaoehdo.io
aeoughaoheguaoehdp.co
aeufuaehfiuehfuhfe.top
aeufuaehfiuehfuhfk.su
aeufuaehfiuehfuhfl.cc
aeufuaehfiuehfuhfo.io
aeufuaehfiuehfuhfp.co
afaeigaifgsgrhhafe.top
afaeigaifgsgrhhafk.su
afaeigaifgsgrhhafl.cc
afaeigaifgsgrhhafo.io
afaeigaifgsgrhhafp.co
afaigaeigieufuifie.top
afaigaeigieufuifik.su
afaigaeigieufuifil.cc
afaigaeigieufuifio.io
afaigaeigieufuifip.co
avgcommunity.info
beahero4u.com
befaheaiudeuhughge.top
befaheaiudeuhughgk.su
befaheaiudeuhughgl.cc
befaheaiudeuhughgo.io
befaheaiudeuhughgp.co
bfagzzezgaegzgfaie.top
bfagzzezgaegzgfaik.su
bfagzzezgaegzgfail.cc
bfagzzezgaegzgfaio.io
bfagzzezgaegzgfaip.co
bitcoinwinery.com
daedagheauehfuuhfe.top
daedagheauehfuuhfk.su
daedagheauehfuuhfl.cc
daedagheauehfuuhfo.io
daedagheauehfuuhfp.co
dualup.top
eaeuafhuaegfugeude.top
eaeuafhuaegfugeudk.su
eaeuafhuaegfugeudl.cc
eaeuafhuaegfugeudo.io
eaeuafhuaegfugeudp.co
eclk.club
eguaheoghouughahse.top
eguaheoghouughahsk.su
eguaheoghouughahsl.cc
eguaheoghouughahso.io
eguaheoghouughahsp.co
fingers1.ddns.net
firstbankhome.com
fusaazor6.icu
gaghpaheiafhjefije.top
gaghpaheiafhjefijk.su
gaghpaheiafhjefijl.cc
gaghpaheiafhjefijo.io
gaghpaheiafhjefijp.co
gaoehuoaoefhuhfuge.top
gaoehuoaoefhuhfugk.su
gaoehuoaoefhuhfugl.cc
gaoehuoaoefhuhfugo.io
gaoehuoaoefhuhfugp.co
gaoheeuofhefefhute.top
gaoheeuofhefefhutk.su
gaoheeuofhefefhutl.cc
gaoheeuofhefefhuto.io
gaoheeuofhefefhutp.co
gaohrhurhuhruhfsde.top
gaohrhurhuhruhfsdk.su
gaohrhurhuhruhfsdl.cc
gaohrhurhuhruhfsdo.io
gaohrhurhuhruhfsdp.co
gaouehaehfoaeajrse.top
gaouehaehfoaeajrsk.su
gaouehaehfoaeajrsl.cc
gaouehaehfoaeajrso.io
gaouehaehfoaeajrsp.co
geauhouefheuutiiie.top
geauhouefheuutiiik.su
geauhouefheuutiiil.cc
geauhouefheuutiiio.io
geauhouefheuutiiip.co
getmycash4u.com
ggcleaner.space
huaeokaefoaeguaehe.top
huaeokaefoaeguaehk.su
huaeokaefoaeguaehl.cc
huaeokaefoaeguaeho.io
huaeokaefoaeguaehp.co
lookmodeusa.com
luckymonkey.net.in
mailserv85m.world
mybetterdl.com
nothinginterestinghere.com
paarlprecision.com
rubthemoneybear.xyz
rzhsudhugugfugugse.top
rzhsudhugugfugugsk.su
rzhsudhugugfugugsl.cc
rzhsudhugugfugugso.io
rzhsudhugugfugugsp.co
thaus.top
urusurofhsorhfuuhk.su
urusurofhsorhfuuhl.cc
urusurofhsorhfuuho.io
urusurofhsorhfuuhp.co
usd.odysseus-nua.com

# Reference: https://twitter.com/killamjr/status/1192788604508131333

http://34.77.135.60

# Reference: https://app.any.run/tasks/bc644345-46a2-4c9f-b9d3-edc050aa462f/

http://34.89.185.248

# Reference: https://twitter.com/James_inthe_box/status/1199338236633481216

http://34.76.145.229

# Reference: https://twitter.com/0xCARNAGE/status/1199700157127892992

http://34.77.197.252

# Reference: https://twitter.com/tkanalyst/status/1204442400023646208

http://35.246.108.168

# Reference: https://twitter.com/nao_sec/status/1213283648969093120

http://35.228.121.96

# Reference: https://twitter.com/killamjr/status/1217636352155500544

http://35.228.239.183

# Reference: https://app.any.run/tasks/5b92871e-75f6-40db-bd79-0419866304c6/

http://35.246.8.131

# Reference: https://www.virustotal.com/gui/file/696985a0b8af5dc318af712c410410c86df46eac80aa15b65e1b9d7a6801b0d6/detection

http://35.228.183.206

# Reference: https://twitter.com/benkow_/status/1222539585542066176

35.228.215.155:80
api-update1.biz
legions17.biz
oberonapps.org

# Reference: https://twitter.com/James_inthe_box/status/1223006972674314240

34.65.176.45:80

# Reference: https://www.virustotal.com/gui/ip-address/34.76.55.103/relations

34.76.55.103:80

# Reference: https://twitter.com/FaLconIntel/status/1230488503290449920

104.155.44.42:80

# Reference: https://app.any.run/tasks/f7171b62-b0f1-4c2e-afe6-58e99bd8c509/

35.228.57.136:80

# Reference: https://app.any.run/tasks/d8073674-fd7e-4401-93f8-e5fbe6d4b314/

corp1.site
http://35.205.213.237

# Reference: https://app.any.run/tasks/b988bd16-422e-42f6-9902-6b6699f85906/

http://35.228.28.245

# Reference: https://www.virustotal.com/gui/file/1d8412b53630ad72db53a579352a7aecf818f0bf52647eea6633ac9c67506e1d/detection

http://34.76.15.247

# Reference: https://app.any.run/tasks/6b6e39bd-902a-4bfa-91fb-585fdd3ff99e/

http://35.228.60.178

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/raccoon-stealers-abuse-of-google-cloud-services-and-multiple-delivery-techniques/
# Reference: https://otx.alienvault.com/pulse/5e8607ef75f928497d0780e4

http://34.77.125.60
http://35.228.215.155

# Reference: https://twitter.com/James_inthe_box/status/1248964446505947136
# Reference: https://app.any.run/tasks/4cc95d8b-f2c7-457d-97d2-991d0115c1b4/

http://34.89.159.33

# Reference: https://twitter.com/nao_sec/status/1253902651172851712
# Reference: https://app.any.run/tasks/6fd01600-9f05-457a-8225-3cb55099c4a6/

http://34.65.18.19

# Reference: https://twitter.com/3xp0rtblog/status/1250415892451569666
# Reference: https://app.any.run/tasks/2df933f8-2c84-4e80-b15b-ae8a9940ab97/

http://35.240.36.208

# Reference: https://app.any.run/tasks/077dcfe0-ac26-4890-8ca5-9204f7195eed/

http://35.228.86.146

# Reference: https://www.virustotal.com/gui/file/07cc49bd763e65ed456c5f2103c3cdd6d265d13013066a92394c1dc2d29d23cf/detection
# Reference: https://www.virustotal.com/gui/ip-address/193.110.3.190/relations

10022020newfolder1002002231-service1002.space
10022020newfolder33417-01242510022020.space

# Reference: https://app.any.run/tasks/51a2865e-01f4-4bec-8e9a-a23dddf27f00/

http://34.89.178.133

# Reference: https://app.any.run/tasks/54da143a-b666-4001-be17-84aed6283be6/

http://34.107.22.206

# Reference: https://twitter.com/yusaerguven/status/1270670436406308864

private-virtual.online

# Generic trails

/file_handler/file.php
/gate/log.php
/gate/sqlite3.dll
/gate/libs.zip
