# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://otx.alienvault.com/pulse/5c9e17eae5f057211291d14e
# Reference: https://securitywithoutborders.org/blog/2019/03/29/exodus.html

ad1.fbsba.com
attiva.exodus.esurv.it
ws.my-local-weather.com

# Reference: https://securitywithoutborders.org/blog/2019/03/29/exodus.html

server1cs.exodus.connexxa.it
server1bo.exodus.connexxa.it
server1bs.exodus.connexxa.it
server1cs.exodus.connexxa.it
server1ct.exodus.connexxa.it
server1fermo.exodus.connexxa.it
server1fi.exodus.connexxa.it
server1gioiat.exodus.connexxa.it
server1na.exodus.connexxa.it
server1rc.exodus.connexxa.it
server2ct.exodus.connexxa.it
server2cz.exodus.connexxa.it
server2fi.exodus.connexxa.it
server2mi.exodus.connexxa.it
server2rc.exodus.connexxa.it
server3bo.exodus.connexxa.it
server3ct.exodus.connexxa.it
server3.exodus.connexxa.it
server3fi.exodus.connexxa.it
server4fi.exodus.connexxa.it
serverrt.exodus.connexxa.it

# Reference: https://twitter.com/IronNetTR/status/1466794475544616973
# Reference: https://www.virustotal.com/gui/file/e3ed3bc53f5dcf749d440c481085d056074607504266aea72ae50e4cae95cf10/detection

85.217.171.36:31337

# Reference: https://securelist.com/new-macos-backdoor-crypto-stealer/111778/
# Reference: https://otx.alienvault.com/pulse/65af06183f1624bc5e7e3072
# Reference: https://www.virustotal.com/gui/file/944b85925b7684f48013dff98d1978ed9e364547f7debe3a4d1dabcd7afe58d0/detection

imohub.workers.dev
22.imohub.workers.dev
