# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/K_N1kolenko/status/1091262593551998977
# Reference: https://www.virustotal.com/gui/file/fcccc3a389ec7bcd6109863b5c9f0ec3cddb1d75a151acadf77c799bd883f777/detection

145.249.104.13:8080

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2017/2017-02-14-macro-malware-targets-macs/macro-malware-targets-macs.csv

ndur0.net

# Reference: https://twitter.com/cyber__sloth/status/1347180236551696385

mywebplayer.net

# Reference: https://www.virustotal.com/gui/file/bb430087484c1f4587c54efc75681eb60cf70956ef2a999a75ce7b563b8bd694/detection

qnalytica.com

# Reference: https://twitter.com/malwarezoo/status/1758250609965138158
# Reference: https://twitter.com/malwarezoo/status/1758250611835834696
# Reference: https://www.virustotal.com/gui/file/035ddc3aaf956eba952c463155ecffd3da77022f9f18f12ea7e7c4532b07f2e1/detection

142.93.185.248:27016
142.93.185.248:4444

# Reference: https://twitter.com/banthisguy9349/status/1760990882461876521
# Reference: https://www.virustotal.com/gui/file/cc69d3c37dd19411f96f3ed25712db04fda7a8015d788dd637a9101f1c245f29/detection

nextnovatech.com/databack/

# Reference: https://x.com/malwrhunterteam/status/1808062889145610390
# Reference: https://www.virustotal.com/gui/file/79e98c9c4ecc0d2f75b25e613a268fd9a1b22f1a0357cc46d534e24230dcd3e2/detection

http://104.156.239.74

# Reference: https://sourcecodered.com/npm-packages-deploy-malware/
# Reference: https://www.joesandbox.com/analysis/1577220/0/html

boss-ops.oss-cn-beijing.aliyuncs.com

# Reference: https://x.com/smica83/status/1869790753599434954
# Reference: https://app.validin.com/detail?find=123.136.94.70&type=ip4&ref_id=68c43bb88e1#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/5142c4da1b7c363f9164d145d65049e61cb86648be93362fef2fcff9dd87317a/detection
# Reference: https://www.virustotal.com/gui/file/e126e1b5b8313668703a93a28f8854b1ee85a324c59b385592e45c9f0b6a926c/detection

171.115.221.82:666
dosmac.top
dosmax.top

# Reference: https://x.com/malwrhunterteam/status/1922408241197170815
# Reference: https://www.virustotal.com/gui/file/b45c17f66d5f32c731f2d2201b1bd4ad12d81fcf43502a0e2faf82923e213350/detection

thaiyue.com

# Reference: https://x.com/malwrhunterteam/status/1923273642659504508

macmediclab.xyz
macosi.cloud
macrescuehub.cloud
settings-update.xyz
statistic-manager.xyz

# Reference: https://x.com/malwrhunterteam/status/1923107348232429814
# Reference: https://www.virustotal.com/gui/file/3f86c4cc956a6df5ddfad5d03334ece07e78351dec3ca62390f203f82675e00f/detection
# Reference: https://www.virustotal.com/gui/file/639e824e329c429a53d0e64f3a4f254131443a669da93a59a755fb7171d49745/detection

http://8.210.202.98
8.210.202.98:443
appleprocesshub.com
/fSidEOWW.sh

# Generic

/Payload_0131.ipa
