# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: oyster backdoor, vanilliatempest

# Reference: https://hunt.io/blog/a-simple-approach-to-discovering-oyster-backdoor-infrastructure
# Reference: https://www.threatdown.com/blog/rhysida-using-oyster-backdoor-to-deliver-ransomware/
# Reference: https://www.virustotal.com/gui/file/0a7fd836d36ed8e8e9aa7bc41fdc9242333e8469059dec8886b7d935f3651679/detection

codeforprofessionalusers.com
dotnetisforchildren.com
firstcountryours.eu
postmastersoriginals.com
wherehomebe.com

# Reference: https://x.com/ShanHolo/status/1799015874042757386
# Reference: https://www.virustotal.com/gui/file/5c68fda16039ff29e9bf93c6dac11edbcd111dc8ec29fa499637c43b07039d92/detection

http://149.248.79.62
http://206.166.251.114
http://64.95.10.243
retdirectyourman.eu
supfoundrysettlers.us

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-24)

139.99.221.140:443
162.19.237.181:443
193.43.104.208:443
51.195.232.46:443
64.95.10.243:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-08)

http://67.217.228.225
67.217.228.225:443

# Reference: https://x.com/TRACLabs_/status/1864722713610457333
# Reference: https://www.virustotal.com/gui/ip-address/185.196.10.179/detection
# Reference: https://www.virustotal.com/gui/ip-address/91.236.230.11/relations

antifed.net
futurepathlabs.com
greensolutionshub.net
kisppy.net

# Reference: https://hunt.io/blog/oysters-trail-resurgence-infrastructure-ransomware-cybercrime

anumalisa.com
aramex.i-order.shop
aramex.o-blank.site
cloudignitetech.com
gemen.asia
gumtreever.i-order.shop
jfhgfh.duckdns.org
johnwest-cars.co.uk
lido.fi-nft.app
razer-boost.com
zojanink.pw
