# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: pumabot

# Reference: https://www.symantec.com/security_response/writeup.jsp?docid=2015-122814-2937-99&tabid=2

testzzzzzz.10g.me

# Reference: https://twitter.com/banthisguy9349/status/1769639986997973139
# Reference: https://www.virustotal.com/gui/file/7f170db1bed577d35d33dce17a1b7cce743406d94edce9ec9abd6d2c2686ee4c/detection

http://15.204.157.188
198.98.59.63:65530

# Reference: https://twitter.com/malwrhunterteam/status/1782663438243602934
# Reference: https://www.virustotal.com/gui/ip-address/89.117.1.207/relations
# Reference: https://www.virustotal.com/gui/file/ec56f09edddd0c717b62f3d3179e00a7537fb2b10f4be90aad5ef49cff8c24cc/detection
# Reference: https://www.virustotal.com/gui/file/097bb9bbe6488e6d197b20a9f0d9dc064329deaafd45a86b85a51e68e88852b1/detection

cghxg5jzp46lcty3cdjpvfgs5up3kif65j3tvczyxptijokyaknne2ad.tor2web.it
systemig.xyz

# Reference: https://www.virustotal.com/gui/ip-address/94.156.68.80/relations

http://94.156.68.80

# Reference: https://x.com/malwrhunterteam/status/1819304248619721009
# Reference: https://www.virustotal.com/gui/file/8184c20822354842a2930ad601114f78c62377682aa95b251207d5f652fa2b70/detection

8.149.228.52:8000

# Reference: https://x.com/malwrhunterteam/status/1841890129629360357
# Reference: https://www.virustotal.com/gui/file/d45cadae4bac1b9f493b6f82b55b9b764b1132e65e91c5d13641e84551d01fdf/detection
# Reference: https://www.virustotal.com/gui/file/579571795c7d909c31dd72e4afd41073403b80d6674987bcceea60e7036505c4/detection

http://146.19.191.226
129.152.30.246:2005
146.19.191.226:999

# Reference: https://x.com/smica83/status/1870240683824472091
# Reference: https://www.virustotal.com/gui/file/8bd210b33340ee5cdd9031370eed472fcc7cae566752e39408f699644daf8494/detection

17.43.12.31:22

# Reference: https://www.darktrace.com/blog/pumabot-novel-botnet-targeting-iot-surveillance-devices
# Reference: https://www.virustotal.com/gui/file/a5125945d7489d61155723259990c168db01dfedcd76a2e1ba08caa3c4532ca3/detection
# Reference: https://www.virustotal.com/gui/file/ab50b0b9d5c9739383ce6178b258af10b116299ecb3319bbfb94f27d6f7b1b01/detection
# Reference: https://www.virustotal.com/gui/file/426276a76f20b823e896e3c08f1c42f3d15a91a55c3613c7b3bdfbef0bbed9a9/detection
# Reference: https://www.virustotal.com/gui/file/7c59d3e325ad6c6d85e3b4c457c8f816eb437e5e98a63584f5eb7a39e33a5f40/detection
# Reference: https://www.virustotal.com/gui/file/f8c75077c3e3c97314c729a7a5fe97b1d2868a94632a351ba3985f0cf66c09d7/detection

154.12.56.88:6379
17kp.xyz
ddos-cc.org
lusyn.xyz
1.lusyn.xyz
dasfsdfsdfsdfasfgbczxxc.lusyn.xyz
db.17kp.xyz
dow.17kp.xyz
input.17kp.xyz
ssh.ddos-cc.org

# Reference: https://socket.dev/blog/malicious-go-module-disguised-as-ssh-brute-forcer-exfiltrates-credentials

/IllDieAnyway
