# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/James_inthe_box/status/1605596153567117312
# Reference: https://flashpoint.io/blog/risepro-stealer-and-pay-per-install-malware-privateloader/

gamefilescript.com
neo-files.com

# Reference: https://blog.sekoia.io/new-risepro-stealer-distributed-by-the-prominent-privateloader/

http://108.174.198.132
http://108.174.199.249
http://108.174.200.11
accesstostofilestorage.com
best24-files.com
boost-files.com
digitalskillset1.com
elite-hacks.ru
factor1right.com
filecryptobur.com
files-rate.com
files-sender.com
filesredproflex.com
filessite.com
filessoftpc.com
filesuk.com
fileswhiteprosoft.com
first-mirror.com
fixgroupfactor.com
fvp-files.com
get-24files.com
get-files24.com
gg-download.com
gg-loader.com
greatsofteasy.com
gs24softeasy.com
hero-files.com
jojo-files.com
m-rise.pro
my-rise.cc
my-rise.pro
myrise.pro
pickofiles.com
pin-files.com
pu-file.com
qd-file.com
rate-files.com
smartfilegen.com
socialfiletest.com
softs-portal.com
speedtestfile.com
teleportsoft.com
testitsoft.com
torggissoft.com
uc-files.com
uni-files.com
upxlead.com
vi-files.com
vip-space.com
webproduct25.com
xx1-files.com
api.my-rise.cc

# Reference: https://twitter.com/James_inthe_box/status/1625235716379930624
# Reference: https://app.any.run/tasks/236e360f-e88e-4d24-bca2-66431114e22a/
# Reference: https://www.virustotal.com/gui/file/3e8ac08892d633b002ebe862b10025b870e33a7a69435886c2203aa352fd2025/detection

d-rise.cc
/MWTSL/get_marks.php
/MWTSL/get_settings.php

# Reference: https://tria.ge/230302-ra5vmacg9y/behavioral1

http://94.142.138.113

# Reference: https://twitter.com/Jane_0sint/status/1667565169461919746
# Reference: https://app.any.run/tasks/44c1fb6d-7771-47d0-ab9d-bb0d2fc98e82/

194.169.175.128:50500

# Reference: https://app.any.run/tasks/7fa313e3-fa28-493f-ae5a-a66525b29fd5/

194.169.175.133:50500

# Reference: https://twitter.com/powershellcode/status/1682017018562715654

194.169.175.128:8081
38.47.220.202:8081
79.110.49.141:8081

# Reference: https://app.any.run/tasks/07d48cef-8f74-4755-96c9-c793a8ede462/

http://45.15.156.229

# Reference: https://threatfox.abuse.ch/browse/malware/win.risepro/

168.119.230.141:50500
171.22.28.230:50500
171.22.28.230:8081
185.173.38.198:8081
194.169.175.125:50500
194.169.175.220:50500
194.169.175.220:8081
194.169.175.233:50500
194.169.175.233:8081
45.15.159.248:8081
77.105.147.123:50500
77.105.147.123:8081
79.110.49.141:50500
79.110.62.11:50500
79.137.202.91:50500
95.214.25.231:8081
95.214.25.236:50500

# Reference: https://threatfox.abuse.ch/ioc/1148772/

194.169.175.123:50500

# Reference: https://threatfox.abuse.ch/ioc/1149414/

168.100.10.122:50500

# Reference: https://threatfox.abuse.ch/ioc/1149500/

168.100.10.122:8081

# Reference: https://threatfox.abuse.ch/ioc/1149698/

195.85.114.171:50500

# Reference: https://twitter.com/karol_paciorek/status/1693925974310617506

194.169.175.125:8081
194.169.175.249:8081
45.74.19.132:8081

# Reference: https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=services.http.response.html_title%3D%22Login+%E2%80%94+RisePro%22

167.235.130.175:50500
167.235.130.175:8081
168.119.230.141:8081
172.86.68.5:50500
172.86.68.5:8081
194.169.175.113:50500
194.169.175.113:8081
194.169.175.123:8081
194.169.175.124:8081
194.169.175.128:50505
194.169.175.133:8081
194.169.175.249:50500
195.85.114.171:8081
198.23.174.185:50500
198.23.174.185:8081
45.11.91.14:50500
45.11.91.14:8081
45.15.159.248:50500
45.74.19.132:50500
5.42.79.238:50500
5.42.79.238:8081
78.47.242.225:50500
78.47.242.225:8081

# Reference: https://twitter.com/salmanvsf/status/1701826371054707190

http://175.24.178.202
http://38.47.220.202
http://38.47.221.56
http://8.140.18.150

# Reference: https://twitter.com/noexceptcpp/status/1702045665423950243

171.22.28.214:8081
171.22.28.243:8081
193.31.118.35:8081
193.56.255.166:8081
194.169.175.117:8081
194.169.175.124:50500
194.87.71.215:8081
208.64.33.102:8081
213.252.245.28:8081
45.135.232.54:8081
79.110.62.11:8081
79.137.202.91:8081
95.214.25.236:8081
95.214.25.240:8081
p-rise.online

# Reference: https://threatfox.abuse.ch/browse/malware/win.risepro/ (# 2023-09-26)

http://94.228.168.51
141.98.10.48:50500
141.98.10.48:8081
171.22.28.224:50500
171.22.28.224:8081
194.169.175.122:50500
194.169.175.122:8081
45.15.156.175:50500
45.15.156.175:8081
94.142.138.35:50500
94.142.138.35:8081
94.142.138.44:50500
94.142.138.44:8081
94.228.168.51:50500
94.228.168.51:8081
95.214.25.235:50500
95.214.25.235:8081

# Reference: https://threatfox.abuse.ch/ioc/1163670/

171.22.28.214:50500

# Reference: https://threatfox.abuse.ch/browse/malware/win.risepro/ (# 2023-09-29)

171.22.28.227:50500
171.22.28.227:8081
194.169.175.239:50500
194.169.175.239:8081
45.15.156.137:50500
45.15.156.137:8081
51.89.205.213:50500
51.89.205.213:8081
94.142.138.43:8081

# Reference: https://threatfox.abuse.ch/browse/malware/win.risepro/ (# 2023-10-22)

109.107.182.9:50500
109.107.182.9:8081
171.22.28.220:50500
171.22.28.220:8081
171.22.28.222:50500
171.22.28.222:8081
171.22.28.229:50500
171.22.28.229:8081
185.216.70.222:50500
185.216.70.222:8081
194.169.175.136:50500
194.169.175.136:8081
194.169.175.144:50500
194.169.175.144:8081
194.49.94.150:50500
194.49.94.150:8081
194.49.94.152:50500
194.49.94.152:8081
194.49.94.41:50500
194.49.94.41:8081
194.49.94.53:50500
194.49.94.53:8081
43.128.18.131:50500
43.128.18.131:8081
45.153.242.188:50500
45.153.242.188:8081
45.81.39.247:50500
45.81.39.247:8081
5.161.143.161:50500
5.161.143.161:8081
5.42.92.51:50500
5.42.92.51:8081
91.103.253.146:50500
91.103.253.146:8081
91.103.253.151:50500
91.103.253.151:8081
91.92.242.226:50500
91.92.242.226:8081
94.142.138.116:50500
94.142.138.116:8081
94.142.138.143:50500
94.142.138.143:8081
91.92.252.212:50500
91.92.252.212:8081
95.214.27.231:50500
95.214.27.231:8081
95.217.34.19:50500
95.217.34.19:8081
mediaskollsoft.com

# Reference: https://embee-research.ghost.io/identifying-risepro-panels-using-censys/

128.140.73.191:50500
128.140.73.191:8081
152.89.198.49:50500
152.89.198.49:8081
185.216.70.233:50500
185.216.70.233:8081
185.216.70.238:50500
185.216.70.238:8081
37.27.22.139:50500
37.27.22.139:8081
85.209.11.247:50500
85.209.11.247:8081

# Reference: https://threatfox.abuse.ch/browse/malware/win.risepro/ (# 2023-11-22)

194.49.94.126:50500
194.49.94.126:8081
194.49.94.158:50500
194.49.94.158:8081
194.49.94.164:50500
194.49.94.164:8081
194.49.94.166:50500
194.49.94.166:8081
194.49.94.168:50500
194.49.94.168:8081
194.49.94.171:50500
194.49.94.171:8081
194.49.94.172:50500
194.49.94.172:8081
194.49.94.183:50500
194.49.94.183:8081
194.49.94.184:50500
194.49.94.184:8081
195.10.205.24:50500
195.10.205.24:8081
46.4.10.254:50500
46.4.10.254:8081
5.188.159.44:50500
5.188.159.44:8081
51.255.78.213:50500
51.255.78.213:8081
82.115.223.71:50500
82.115.223.71:8081

# Reference: https://twitter.com/g0njxa/status/1730274705691529683

194.49.94.126:47002

# Reference: https://threatfox.abuse.ch/browse/malware/win.risepro/ (# 2023-12-04)

152.89.198.222:50500
152.89.198.222:8081
152.89.198.229:8081
159.203.86.11:50500
159.203.86.11:8081
193.233.132.51:50500
193.233.132.51:8081
194.49.94.96:50500
194.49.94.96:8081
195.20.16.45:50500
195.20.16.45:8081
205.234.181.9:50500
205.234.181.9:8081
45.32.92.30:50500
45.32.92.30:8081
51.81.131.161:8081
82.147.85.246:8081
91.212.166.58:8081
91.92.241.214:8081
91.92.251.191:50500
91.92.251.191:8081
91.92.251.47:50500
91.92.251.47:8081
95.217.5.29:8081

# Reference: https://www.virustotal.com/gui/file/00d1f5a79ae5c2d5fe9125408473e2d3cf1bf2be593ffba52bb258b1b8ddbce3/detection

91.92.249.253:50500
91.92.249.253:8081

# Reference: https://threatfox.abuse.ch/browse/malware/win.risepro/ (# 2024-03-17)

101.99.92.169:8081
103.253.17.111:8081
107.155.112.166:8081
109.107.182.26:50500
109.107.182.26:8081
116.203.143.98:50500
116.203.143.98:8081
144.76.184.11:50500
144.76.184.11:8081
147.45.45.67:8081
147.45.47.116:50500
147.45.47.116:8081
147.45.47.80:8081
147.45.47.96:8081
152.89.198.222:50500
152.89.198.222:8081
152.89.198.229:8081
159.203.86.11:50500
159.203.86.11:8081
159.69.86.27:8081
167.235.136.41:8081
171.22.28.242:50500
171.22.28.242:8081
172.234.57.195:8081
172.67.186.64:443
185.149.146.75:50500
185.149.146.75:8081
185.172.128.103:50500
185.172.128.103:8081
185.196.9.38:8081
185.216.70.238:50500
185.221.198.67:8081
185.237.206.57:8081
193.163.170.166:50500
193.163.170.166:8081
193.163.170.172:8081
193.163.7.139:8081
193.181.23.156:8081
193.233.132.10:8081
193.233.132.113:8081
193.233.132.116:50500
193.233.132.116:8081
193.233.132.127:8081
193.233.132.135:50500
193.233.132.135:8081
193.233.132.147:8081
193.233.132.148:8081
193.233.132.159:50500
193.233.132.159:8081
193.233.132.162:8081
193.233.132.180:8081
193.233.132.18:8081
193.233.132.190:8081
193.233.132.193:8081
193.233.132.194:8081
193.233.132.195:50500
193.233.132.195:8081
193.233.132.214:8081
193.233.132.216:8081
193.233.132.223:8081
193.233.132.224:50500
193.233.132.224:8081
193.233.132.234:8081
193.233.132.235:8081
193.233.132.32:8081
193.233.132.37:50500
193.233.132.37:8081
193.233.132.48:8081
193.233.132.49:50500
193.233.132.49:8081
193.233.132.51:50500
193.233.132.51:8081
193.233.132.55:50500
193.233.132.55:8081
193.233.132.57:50500
193.233.132.57:8081
193.233.132.61:50500
193.233.132.61:8081
193.233.132.62:50500
193.233.132.62:8081
193.233.132.64:50500
193.233.132.64:8081
193.233.132.67:50500
193.233.132.67:50505
193.233.132.67:666
193.233.132.67:8081
193.233.132.74:50500
193.233.132.74:8081
193.233.132.81:50500
193.233.132.81:8081
193.233.132.88:50500
193.233.132.88:8081
193.233.132.89:50500
193.233.132.89:8081
193.233.132.95:50500
193.233.255.91:50500
193.42.33.14:8081
193.42.33.150:8081
194.33.191.159:8081
194.36.177.30:8081
195.20.16.207:50500
195.20.16.207:8081
195.20.16.210:50500
195.20.16.210:8081
195.20.16.224:50500
195.20.16.224:8081
195.20.16.45:50500
195.20.16.45:8081
195.3.223.172:50500
195.3.223.172:8081
20.215.188.233:8081
205.234.181.9:8081
209.145.58.236:50500
209.145.58.236:8081
213.183.63.187:8081
37.120.237.196:50500
37.120.237.196:8081
45.134.26.17:50500
45.134.26.17:8081
45.153.242.202:50500
45.153.242.202:8081
45.156.21.39:8081
45.32.92.30:50500
45.32.92.30:8081
5.101.0.60:50500
5.101.0.60:8081
5.101.1.60:50500
5.101.1.60:8081
5.42.65.117:50500
5.42.65.117:8081
5.42.92.73:8081
5.75.172.21:50500
5.75.172.21:8081
51.81.131.161:50500
51.81.131.161:8081
65.108.20.239:50500
65.109.90.47:50500
65.109.90.47:8081
65.21.21.176:50500
65.21.21.176:8081
74.248.32.95:8081
78.153.130.249:50500
78.153.130.249:8081
82.115.223.26:50500
82.115.223.26:8081
82.147.85.246:50500
82.147.85.246:8081
87.121.87.59:50500
87.121.87.59:8081
88.210.9.117:50500
88.210.9.117:8081
89.23.102.221:8081
89.23.99.198:8081
89.23.99.219:8081
91.208.127.168:50500
91.208.127.168:8081
91.212.166.206:50500
91.212.166.206:8081
91.212.166.58:8081
91.92.241.214:8081
91.92.242.86:8081
91.92.244.67:50500
91.92.244.67:8081
91.92.249.253:50500
91.92.249.253:8081
91.92.251.191:50500
91.92.251.191:8081
91.92.251.47:50500
91.92.251.47:8081
91.92.253.38:50500
91.92.253.38:8081
92.246.138.90:50500
92.246.138.90:8081
93.123.39.164:50500
93.123.39.164:8081
94.156.69.246:8081
94.156.69.28:50500
94.156.69.28:8081
94.156.8.188:8081
95.216.41.236:8081
95.217.142.46:50500
95.217.5.29:50500
95.217.5.29:8081
digitalskillset1.com
mediaskollsoft.com

# Reference: https://twitter.com/James_inthe_box/status/1753480479549133103
# Reference: https://app.any.run/tasks/f72ab643-4464-4280-b2c2-068570887dad/

159.69.86.27:50500

# Reference: https://www.virustotal.com/gui/file/3a748f0e431e5f5148e62a369c935c534a8888d4b2fb3cc66eff659a176e0cee/detection

skilled-stingray-gladly.ngrok-free.app

# Reference: https://www.gdatasoftware.com/blog/2024/03/37885-risepro-stealer-campaign-github
# Reference: https://www.virustotal.com/gui/file/1f61ec58663d15c0a0343437732e79c295d5fdada4ba4bb0aeaa44d72d4712f4/detection
# Reference: https://www.virustotal.com/gui/file/ed1784d50e3da5daa8178094fcee1fa9c0e5509bf1e77d0acf6f1cf11dd44fff/detection
# Reference: https://www.virustotal.com/gui/file/de0ce89d0d96f42cef03f6c529567d0f95dc093b68940b6d4d98610606263d34/detection
# Reference: https://www.virustotal.com/gui/file/cc153440791a534326d7c57871f9443b533b4cbeb4b693df58ce9b6ef137cc62/detection
# Reference: https://www.virustotal.com/gui/file/9af9bf1d26778dea04d8e6def118820054e3f7ca3799e9ef53bbe0105653ab8f/detection

176.113.115.227:56385
193.233.132.32:36599
193.233.132.32:38976
193.233.132.32:41374
193.233.132.32:50500
digitalxnetwork.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.risepro/ (# 2024-03-30)

http://101.99.92.169
http://193.233.132.109
http://193.233.132.11
http://193.233.132.59
http://5.42.65.117
http://5.42.92.73
107.167.93.99:8081
107.178.105.96:8081
109.120.184.220:50500
118.194.235.187:8081
147.45.47.101:8081
147.45.47.102:8081
147.45.47.126:58709
147.45.47.126:8081
147.45.47.147:8081
147.45.47.149:8081
147.45.47.93:58709
147.45.47.93:8081
147.45.68.14:50500
172.105.121.169:8081
18.209.224.126:8081
185.141.61.74:8081
185.172.128.136:50500
185.172.128.65:8081
193.142.146.101:8081
193.233.132.101:58709
193.233.132.101:8081
193.233.132.106:50500
193.233.132.106:8081
193.233.132.108:50500
193.233.132.108:8081
193.233.132.109:50500
193.233.132.109:8081
193.233.132.114:8081
193.233.132.11:8081
193.233.132.169:50500
193.233.132.169:8081
193.233.132.173:8081
193.233.132.190:50500
193.233.132.217:8081
193.233.132.222:8081
193.233.132.226:50500
193.233.132.226:8081
193.233.132.22:8081
193.233.132.253:50500
193.233.132.253:8081
193.233.132.253:9091
193.233.132.47:50500
193.233.132.47:8081
193.233.132.58:8081
193.233.132.59:8081
193.233.132.5:8081
193.233.132.62:58709
193.233.132.67:5000
193.233.132.71:8081
193.233.132.72:8081
193.233.132.74:58709
193.233.132.91:8081
2.58.56.221:8081
20.150.193.240:8081
209.222.101.102:8081
217.12.208.114:8088
217.195.207.156:8081
217.197.107.177:50500
38.92.40.19:8081
45.138.16.166:50500
45.138.16.166:8081
45.15.156.142:50500
45.15.156.142:8081
45.15.156.9:50500
45.15.156.9:8081
45.61.139.225:8081
5.42.66.10:50505
5.42.96.100:8081
5.42.96.14:8081
5.42.96.191:8081
5.42.96.54:50500
5.42.96.54:8081
5.42.96.55:50500
5.42.96.55:8081
5.42.96.64:8081
5.42.96.65:50500
5.42.96.65:8081
5.42.96.77:8081
5.42.96.91:8081
5.61.33.19:8081
54.180.28.87:50500
54.180.28.87:8081
64.94.85.165:8081
77.221.151.106:8081
77.221.151.10:8081
77.221.151.12:8081
77.221.151.20:8081
77.221.151.92:8081
77.221.156.212:8081
77.238.229.68:8081
78.142.18.109:8081
80.76.49.5:8081
81.19.137.205:8081
87.120.84.5:8081
91.92.245.49:50500
91.92.245.49:8081
91.92.255.209:8081
92.42.96.24:8081
93.183.95.223:50500
93.183.95.223:8081
94.156.64.237:8081
94.156.65.126:8081
94.156.68.83:8081
94.156.8.188:50500
95.164.87.54:8081
95.216.41.236:50500
95.216.41.236:8081

# Reference: https://twitter.com/karol_paciorek/status/1788136723882361007

http://194.37.97.162

# Reference: https://x.com/banthisguy9349/status/1799047094835249366
# Reference: https://www.virustotal.com/gui/file/27976f8a3228f36bf268be4f3aade11d7ef07b0d81df6935e5b240cfa87b5661/detection

http://77.91.77.122
77.91.77.122:50500
77.91.77.122:8081

# Reference: https://x.com/raghav127001/status/1799186083470840018
# Reference: https://app.any.run/tasks/0677aee4-3b34-42d8-a4d6-4c2d44c5c5cc/

77.91.77.51:8081

# Reference: https://x.com/raghav127001/status/1799187887562625159
# Reference: https://app.any.run/tasks/584e98ad-4c34-4623-b03c-e21875b7e660/

94.228.166.15:8081

# Reference: https://threatfox.abuse.ch/browse/malware/win.risepro/ (# 2024-06-13)

118.194.235.187:50500
147.45.44.48:8081
147.45.44.49:8081
147.45.47.134:8081
147.45.47.176:8081
185.172.128.136:8081
185.216.70.126:50500
185.216.70.126:8081
193.233.254.16:8081
3.36.173.8:50500
3.36.173.8:8081
5.180.154.49:8081
5.42.65.116:50500
5.42.65.116:8081
5.42.67.8:50500
5.42.67.8:8081
77.91.77.117:50500
77.91.77.117:8081
77.91.77.65:8081
77.91.77.66:58709
77.91.77.66:8081
77.91.77.95:8081

# Reference: https://x.com/banthisguy9349/status/1796136268918632724
# Reference: https://urlhaus.abuse.ch/url/2869213/
# Reference: https://www.virustotal.com/gui/file/1294c09f5596a284aebd6354304aad8f820bfebc94afcf1aa34eefc5e3bed03f/detection

http://147.45.47.102
147.45.47.102:37090
147.45.47.102:5789
147.45.47.102:57893

# Reference: https://x.com/banthisguy9349/status/1806771004565270933

193.233.254.123:50500
77.91.77.67:58709

# Reference: https://www.virustotal.com/gui/file/6ffd157eb781504eadd72996c2cdbd4881034ffb7f7d2bc4b96d4daa61fb4d86/detection

77.105.133.27:50505

# Reference: https://x.com/ShanHolo/status/1807396638358487370
# Reference: https://www.virustotal.com/gui/file/0f88ea51a56da966d12311a4b20ea3a6c44315e00747a589f19cf535f90ced77/detection

77.105.132.27:50500

# Reference: https://threatfox.abuse.ch/browse/malware/win.risepro/ (# 2024-07-10)

77.105.132.27:8081
77.91.77.180:50500
77.91.77.180:8081

# Reference: https://www.virustotal.com/gui/file/f3b1b41e9bcd5e936e87cc78d74efb50bbf17d921e18e908f07c612924d684df/detection

147.45.47.80:50500

# Generic

/rise2406.exe
/rise2606.exe
/rise2806.exe
