# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.bitdefender.com/blog/labs/new-macos-backdoor-written-in-rust-shows-possible-link-with-windows-ransomware-group/
# Reference: https://www.virustotal.com/gui/file/00b66c1e7e483da6cbcc0d94f01b9fca245fb052ef8e958e21abcb0880aff37f/detection
# Reference: https://www.virustotal.com/gui/file/e96c13667bccd6c6c38d9797b15642bfea19080f9bc90d944e7ae6abfb4c64be/detection
# Reference: https://www.virustotal.com/gui/file/312eaabd6f7f6c2f3453b8ea331f10016bda2de9b92b1ea521a40ac373aa05fe/detection
# Reference: https://www.virustotal.com/gui/file/20b986b24d86d9a06746bdb0c25e21a24cb477acb36e7427a8c465c08d51c1e4/detection

http://193.29.13.167
http://88.214.26.22
193.29.13.167:443
88.214.26.22:443
maconlineoffice.com
serviceicloud.com
linksammosupply.com/zshrc2
linksammosupply.com/VisualStudioUpdaterLs2
linksammosupply.com/VisualStudioUpdater
sarkerrentacars.com/zshrc
turkishfurniture.blog/Previewers

# Reference: https://twitter.com/TLP_R3D/status/1759275102825218273
# Reference: https://www.virustotal.com/gui/ip-address/91.238.181.239/relations

visualstudiomacupdate.com

# Reference: https://www.virustotal.com/gui/file/a69d91cf565e717662d0470183cced3350ba0bb4f91d2ced3f089af3a707c5c3/detection
# Reference: https://www.virustotal.com/gui/file/11c998005bcce297b6a0595b97281aca7a587b6bc1e6aa414609812108b3328c/detection

appleupdatingservice.com
blueshopoff.com

# Reference: https://unit42.paloaltonetworks.com/macos-malware-targets-crypto-sector/

31.41.244.92:443
