# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: http://www.isightpartners.com/2015/09/teslacrypt-2-0-cyber-crime-malware-behavior-capabilities-and-communications/
# Reference: https://otx.alienvault.com/pulse/55f9d9b74637f26df7745066/

teenpornotube.org
ledshoppen.nl
shmetterheath.ru
ezglobalmarketing.com
fgainterests.com
serenitynowbooksandgifts.com


# Reference: https://otx.alienvault.com/pulse/555ba0cfb45ff57a1ae5b43d/
# Reference: http://www.secureworks.com/cyber-threat-intelligence/threats/teslacrypt-ransomware-threat-analysis/

79fhdm16.com
42k2b14.net
2kjb9.net
2kjb7.net
42kjb11.net

# Reference: http://www.dynamoo.com/files/teslacrypt.csv

hagurowrob.ru
toftevenghertbet.ru
blagooooossss.com
brostosoosossss.com
ggergregre.com
poponkia.com
blagooooossss.com
brostosoosossss.com
ggergregre.com
poponkia.com
soft2webextrain.com
softextrain64.com
workcccbiz.in
chromedoors.ru
debatelocator.ru
growthtoys.ru
hedtheresran.ru
listfares.ru
littmahedtbo.ru
wordlease.ru
mytorsmired.ru
dns1.mikymaus.in
dns1.softextrain644.com
dns9.auth-mail.ru
soft2webextrain.com
softextrain64.com
workcccbiz.in

# Reference: https://blog.talosintelligence.com/2019/08/threat-roundup-0726-0802.html (# Win.Ransomware.TeslaCrypt-7090181-1)

ant.trenz.pl
aiszao.com
aldcea.com
azuyzw.com
bsieau.com
ergcgi.com
exukeu.com
fasuoi.com
fogwee.com
giyxhd.com
gknysc.com
hzadcu.com
ihpuyg.com
iiiavb.com
lxecov.com
ogcfic.com
uunzlo.com
ymjjaz.com
ymxunc.com
yqnonu.com

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2016/2016-01-06-new-teslacrypt-ransomware-arrives-via-spam/new-teslacrypt-ransomware-arrives-via-spam.csv
# Reference: https://wordpress.org/support/topic/issue-with-wp-admin-includes-misc-php/

/wp-content/plugins/theme-check/misc.php

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2016/2016-03-15-teslacrypt-arrives-via-neutrino-exploit-kit/teslacrypt-arrives-via-neutrino-exploit-kit.csv

nutqauytva[0-9a-z]+\.com
nutr3inomiranda1.com

# Reference: https://otx.alienvault.com/pulse/553f3c1bb45ff55db8148b1c/
# Reference: http://blogs.cisco.com/security/talos/teslacrypt
# Reference: https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=818
# Reference: https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html (# Win.Ransomware.TeslaCrypt-7501245-1)
# Reference: https://blog.talosintelligence.com/2020/04/threat-roundup-0410-0417.html (# Win.Ransomware.TeslaCrypt-7661903-0)

vostorgspa.kz

# Reference: https://app.any.run/tasks/f04d9295-9e1e-42a8-8345-8d6eabdaa650/

http://iqinternal.com/pmtsys/fonts/wstr.php
http://goktugyeli.com/wstr.php

# Reference: https://www.virustotal.com/gui/file/5862be4afb09c5c0ab9dd62d7c5e08f3d7e1f91656996200b7016e68c73515ca/behavior/Dr.Web%20vxCube

tesla.new.uneargo.com

# Reference: https://www.virustotal.com/gui/ip-address/91.243.75.133/detection
# Reference: https://www.virustotal.com/gui/ip-address/104.223.125.172/detection
# Reference: https://www.virustotal.com/gui/ip-address/93.158.215.86/detection
# Reference: https://www.virustotal.com/gui/ip-address/190.102.111.127/detection
# Reference: https://www.virustotal.com/gui/ip-address/107.161.159.30/detection

agonecloop.at
angortra.at
begumvelic.at
bematvocal.at
bonmawp.at
drossstoic.at
heliofetch.at
javakale.at
keratadze.at
oftpony.at
parsesun.at
tuttianent.at

# Generic

(7tno4hib47vlep5o|akdfrefdkm45tf33fsdfsdf|epmhyca5ol6plmx3|nn54djhfnrnm4dnjnerfsd|p4fhmjnsdfbm4w4fdsc|pts764gt354fder34fsqw45gdfsavadfgsfg|sondr5344ygfweyjbfkw4fhsefv|uiredn4njfsa4234bafb32ygjdawfvs|5rport45vcdef345adfkksawe|tes543berda73i48fsdfsd|yyre45dbvn2nhbefbmh|ww34werwejhjwrtnjfgkm|po4dbsjbneljhrlbvaueqrgveatv|w6bfg4hahn5bfnlsafgchkvg5fwsfvrt|dd7bsndhr45nfksdnkferfer|kk4dshfjn45tsnkdf34fg|k4restportgonst34d23r|kkd47eh4hdjshb5t)\.[a-z0-9.-_]+

/wstr.php
