# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: goldenchickens, moreeggs, revc2, terraloader, terrastealer, terracryptor, venomlnk, venomloader

# Reference: https://www.proofpoint.com/us/threat-insight/post/fake-jobs-campaigns-delivering-moreeggs-backdoor-fake-job-offers

interrafcu.com
usstaffing.services
mail.rediffmail.kz
onlinemail.kz
api.cloudservers.kz
secure.cloudserv.ink
tonsandmillions.com
contactlistsagregator.com

# Reference: https://twitter.com/VK_Intel/status/1119082329324965893

report.monicabellucci.kz

# Reference: https://twitter.com/James_inthe_box/status/1204125950033575937
# Reference: https://app.any.run/tasks/48907a8c-bc47-4552-a705-334e93d0edca/

anuffrost.com
dns.hahdyman.com

# Reference: https://twitter.com/VK_Intel/status/1211758023376592896

blog.jasonlees.com

# Reference: https://twitter.com/VK_Intel/status/1286747453849468929
# Reference: https://www.virustotal.com/gui/file/38f3a52e1ebd93db75f0fb6ce6172565cc0f27f0f86f32f470fa7a9c8de9f094/detection

maps.doaglas.com

# Reference: https://x.com/s1dhy/status/1825654074068578528
# Reference: https://x.com/fr0s7_/status/1826559678668501494
# Reference: https://app.any.run/tasks/57be831c-884f-4bc5-8287-f31c60c7d6ff/
# Reference: https://app.any.run/tasks/97eb6e11-41c2-4861-a1f5-b48fc59bebec/
# Reference: https://app.any.run/tasks/0397179e-485a-4b4c-bfb6-8c855ad24a71/

http://65.38.121.145
http://65.38.121.75
sharefiles.center
totalsphere.center
api.totalsphere.center
api.sharefiles.center
vad.totalsphere.center

# Reference: https://x.com/k3yp0d/status/1835549865155154285
# Reference: https://www.virustotal.com/gui/file/01446c36f93532f2cd8af96396e22086f37aef1bb8e68b3b03076c9da5ec9737/detection

http://72.5.43.19
yerra.org
/aaaQHvrzTFUuAh
/ccckweJYfszthKpQa

# Reference: https://x.com/k3yp0d/status/1838668770841108608
# Reference: https://www.virustotal.com/gui/file/c0579b32a8dfad75f00078c48a25ae34c73950692104cfca6c299dcc9de27b4a/detection

217.69.8.13:8082
65.20.107.145:8080
nopsec.org
seopager.xyz

# Reference: https://x.com/DaveLikesMalwre/status/1845590642430529630
# Reference: https://www.virustotal.com/gui/file/b1781a062bfca853a3b556afe982e1800bb1e30cde0771cf7c62ca272503c788/detection

170.75.168.151:8080

# Reference: https://x.com/malwrhunterteam/status/1847583357485416896
# Reference: https://www.virustotal.com/gui/file/1ddb7d620b40e406d07b5242683583071ef11dc43713ca03cf9c054b284d2fb7/detection

http://170.75.168.151
http://65.38.121.211
fileio.center
drive.fileio.center

# Reference: https://x.com/r3dbU7z/status/1825446509082505613
# Reference: https://www.virustotal.com/gui/file/4ca845b77a71cc1b5d8b367f3329a70cd7753c2d5d056b1dac51860a4815b859/detection
# Reference: https://www.virustotal.com/gui/file/4ca845b77a71cc1b5d8b367f3329a70cd7753c2d5d056b1dac51860a4815b859/detection
# Reference: https://www.virustotal.com/gui/file/28cb51c171d591b2bb35bc9a4379010fd37f66cfcd317a67cb73b24262dc17c6/detection
# Reference: https://www.virustotal.com/gui/file/d2809ea33f5d54c9c6d1c6037f1b3e2c5e4d0bba2bf117023a00b0b8603ef31d/detection

65.20.104.150:8080
gdrive.rest
winapi.net

# Reference: https://www.zscaler.com/blogs/security-research/unveiling-revc2-and-venom-loader

208.85.17.52:8082

# Reference: https://x.com/DaveLikesMalwre/status/1872840653597823387
# Reference: https://app.any.run/tasks/a2b2b424-9c0a-48ca-89a0-5535bfcc2cb5

65.20.104.212:8080
finatick.com
