# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.proofpoint.com/us/blog/threat-insight/reservations-requested-ta558-targets-hospitality-and-travel
# Reference: https://www.virustotal.com/gui/file/7dc70d023b2ee5a941edd925999bb6864343b11758c7dc18309416f2947ddb6e/detection

cdtmaster.com.br
hypemediardf.com.pl
microsofft.sslblindado.com
passagensv.sslblindado.com
system11.sslblindado.com
successfully.hopto.org
brasilnativopousada.com.br/Final.txt

# Reference: https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/steganoamor-campaign-ta558-mass-attacking-companies-and-public-institutions-all-around-the-world/

http://103.133.104.112
http://103.183.114.5
http://103.198.26.111
http://103.237.87.56
http://103.27.132.200
http://103.29.3.200
http://103.67.162.213
http://104.247.204.205
http://107.173.229.146
http://107.173.4.15
http://107.174.138.160
http://107.175.113.202
http://107.175.113.204
http://107.175.31.187
http://107.175.92.68
http://141.98.10.56
http://147.124.214.183
http://149.248.54.207
http://149.28.109.84
http://154.38.188.98
http://158.220.80.156
http://167.86.86.15
http://170.75.146.119
http://172.202.120.36
http://172.232.163.207
http://172.232.170.236
http://172.232.172.53
http://172.232.189.7
http://172.232.8.161
http://172.233.129.114
http://172.233.130.11
http://172.234.249.47
http://172.245.163.139
http://172.245.185.30
http://172.245.208.19
http://172.245.208.28
http://172.245.208.3
http://172.245.208.34
http://172.245.214.91
http://188.127.231.198
http://188.127.249.32
http://192.210.214.26
http://192.3.241.235
http://192.3.95.131
http://192.3.95.135
http://192.3.95.216
http://192.99.190.119
http://193.56.255.218
http://198.12.81.138
http://198.12.81.158
http://198.12.89.23
http://198.12.91.244
http://198.23.156.251
http://198.46.173.145
http://198.46.174.147
http://198.46.176.159
http://198.46.176.175
http://198.74.57.54
http://207.32.219.82
http://23.94.206.107
http://23.94.236.203
http://23.94.239.119
http://23.94.239.93
http://23.95.122.104
http://23.95.235.10
http://23.95.235.35
http://23.95.235.86
http://23.95.60.74
http://45.227.161.55
http://45.32.86.119
http://46.27.49.180
http://50.3.182.140
http://66.175.208.79
http://70.34.197.128
http://72.14.187.87
http://83.137.157.51
http://94.156.65.225
bolandraf.com

# Reference: https://x.com/IdaNotPro/status/1828716720560971869
# Reference: https://somedieyoungzz.github.io/posts/ta558/
# Reference: https://www.virustotal.com/gui/file/009a55a7695bc32f0d031205475b356ceebd840d820ae9e7ee5e6d74ae45185e/detection

detail-booking.com.br
paradisoprovisor1.hospedagemdesites.ws
reservation-booking.me
