# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://engineering.fb.com/2023/05/03/security/malware-nodestealer-ducktail/
# Reference: https://www.virustotal.com/gui/ip-address/15.235.187.170/relations

advertiser-noreplysupport.dev
haydoido.com
noreplysupport.dev
bot1.advertiser-noreplysupport.dev
bot2q.advertiser-noreplysupport.dev
bot3hp.advertiser-noreplysupport.dev
bot0.haydoido.com
bot1.haydoido.com
bot2q.haydoido.com
bot3hp.haydoido.com

# Reference: https://unit42.paloaltonetworks.com/nodestealer-2-targets-facebook-business/
# Reference: https://www.virustotal.com/gui/file/001f9d34e694a3d6e301a4e660f2d96bc5d6aa6898f34d441886c6f9160d9e48/detection
# Reference: https://www.virustotal.com/gui/file/940e17880b645b76f6546faa2ce02b16b70a6e31eec0828ce5dfa7efd933f103/detection
# Reference: https://www.virustotal.com/gui/file/3d0346eea1cd72c964b235f46a25524297560087d516ac96a6a2984fd9d90d23/detection
# Reference: https://www.virustotal.com/gui/file/46d78b8a89c68d7812363151148fb89dadde2c3ddde9a0aab4ece4371dad9ab4/detection
# Reference: https://www.virustotal.com/gui/file/c238a1395fee64ed1b1b1acbc0e6a805bf78daff4d358120bda7230806bf7edc/detection
# Reference: https://www.virustotal.com/gui/file/c07161b884f4f5fc02dc6c97096c5c4470701c5852c8e371fca9512e3e2f0fab/detection
# Reference: https://www.virustotal.com/gui/file/7091b65e606b59f6eb847cfcfcb2f8e3ebe1fec8f5e3c190cc3c885fd83eab77/detection

103.183.119.206:55500
103.183.119.206:55511
103.183.119.206:55577
103.183.119.206:55588
103.183.119.206:55599
118.69.3.127:55566
adgowin66.site
sever.adgowin66.site
kycteam.ddns.net

# Reference: https://unit42.paloaltonetworks.com/nodestealer-2-targets-facebook-business/
# Reference: https://otx.alienvault.com/pulse/64c9624677d427f6f94ef691

dongvanfb.net
hotmailbox.me
api.dongvanfb.net
api.hotmailbox.me
getcode.hotmailbox.me

# Reference: https://twitter.com/1ZRR4H/status/1727498375946289495
# Reference: https://www.virustotal.com/gui/file/0886e3ecce925d9770dfb3d5542e2c9a6f8adf17e62c421c4d64e1ae616cbe72/detection

bot.khoadang50.repl.co

# Generic

/ratkyc/
/ratkyc.zip
/ratkyc/4/bat.zip
/ratkyc/4/ratkyc.zip
