# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://github.com/sophoslabs/IoCs/blob/master/Ransomware-Snatch
# Reference: https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/
# Reference: https://otx.alienvault.com/pulse/5deeb5125acfb93dac569703
# Reference: https://github.com/StrangerealIntel/malware-notes/blob/master/Ransomware/Snatch.md

193.188.22.29:443
193.188.22.29:80
193.188.22.29:37462
193.188.22.26:443
193.188.22.26:80
193.188.22.25:443
193.188.22.25:80
67.211.209.151:3306
37.59.146.180:443
37.59.146.180:80
45.147.228.91:443
45.147.228.91:80
185.61.149.242:443
185.61.149.242:80
94.140.125.150:443
94.140.125.150:80
91.218.114.4:443
91.218.114.4:80
91.218.114.11:443
91.218.114.11:80
91.218.114.25:443
91.218.114.25:80
91.218.114.26:443
91.218.114.26:80
91.218.114.31:443
91.218.114.31:80
91.218.114.32:443
91.218.114.32:80
91.218.114.37:443
91.218.114.37:80
91.218.114.38:443
91.218.114.38:80
91.218.114.77:443
91.218.114.77:80
91.218.114.79:443
91.218.114.79:80
mydatasuperhero.com
mydatassuperhero.com
storedataresback.com
snatch24uldhpwrm.onion
snatchh5ssxiorrn.onion
snatch6brk4nfczg.onion

# Reference: https://thedfirreport.com/2020/06/21/snatch-ransomware/

91.229.77.161:443
