# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://tria.ge/220620-whe2dsbae9/behavioral2

http://62.197.136.240

# Reference: https://tria.ge/220630-sc227adgh6/behavioral2

golden-cheats.com

# Reference: https://tria.ge/220620-whe2dsbaf3/behavioral2

r4yza92.com

# Reference: https://www.fortinet.com/blog/threat-research/new-icexloader-3-0-developers-warm-up-to-nim

103.74.18.65:8080
funmustsolutions.site
jbk0871.fun
north.ac
hhj.jbk0871.fun
kulcha.didns.ru
/InstallerLoader_Wjyhorou.bmp

# Reference: https://www.virustotal.com/gui/file/3c3df2cf939f0455cf47d0ee1ee79321626565aa580abae774e3e08b5ce1e113/detection

45.128.210.41:9008
ck.jbk0871.fun
jj.jbk0871.fun
/jkl_Lvuafakw.jpg

# Reference: https://minerva-labs.com/blog/new-updated-icexloader-claims-thousands-of-victims-around-the-world/
# Reference: https://otx.alienvault.com/pulse/636d7d6261e7d812b1a929ce
# Reference: https://www.virustotal.com/gui/ip-address/94.103.188.187/relations
# Reference: https://www.virustotal.com/gui/file/0911819d0e050ddc5884ea40b4b39a716a7ef8de0179d0dfded9f043546cede9/detection

filifilm.com.br
rastamouse.me
stealthelite.one
stealthelite.online

# Reference: https://twitter.com/ViriBack/status/1593802075636633601

http://95.214.24.140

# Generic

/wp-includes/icex/Script.php
