# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: taurus, taurusproject

# Note: TaurusProject is the fork of PredatorTheThief stealer (../malware/static/predatory.txt trail)

# Reference: https://twitter.com/3xp0rtblog/status/1254079067810336768
# Reference: https://twitter.com/3xp0rtblog/status/1254114481942040577
# Reference: https://app.any.run/tasks/61ce3caf-0d75-4cd0-95f1-cdd44ddb4493/
# Reference: https://www.virustotal.com/gui/domain/bit-browser.gq/relations
# Reference: https://twitter.com/James_inthe_box/status/1254125471555436544
# Reference: https://twitter.com/jorgemieres/status/1259962391573475334
# Reference: https://twitter.com/prsecurity_/status/1260334912122482689
# Reference: https://www.virustotal.com/gui/ip-address/185.219.83.222/relations
# Reference: https://twitter.com/VK_Intel/status/1261382405148995584
# Reference: https://www.virustotal.com/gui/file/96607a386593afb5d45891a249e3601512e25acfebd8230a35182db5745650bc/detection

http://185.141.62.161
http://185.219.83.222
http://95.216.10.214
bit-browser.gq
daxex.pro

# Reference: https://twitter.com/James_inthe_box/status/1263176296244195328

cogihold.site

# Reference: https://twitter.com/abuse_ch/status/1269174732773097472

atest001.website

# Reference: https://twitter.com/abuse_ch/status/1271549660453376000

cloudstage.xyz

# Reference: https://twitter.com/ViriBack/status/1273589449453158401
# Reference: https://www.virustotal.com/gui/file/4a30ef818603b0a0f2b8153d9ba6e9494447373e86599bcc7c461135732e64b2/detection

http://64.225.22.106

# Reference: https://twitter.com/James_inthe_box/status/1280527680727773185
# Reference: https://app.any.run/tasks/5b39778e-1c2e-4251-8c21-ded227538485/

zyvcin.xyz

# Reference: https://www.virustotal.com/gui/file/01f5fabbe0becd840f1bace45121dec48ee52173e55171ec3ab194bac4e3001e/detection

bigfit.top

# Reference: https://twitter.com/ebotpoloskun/status/1282790949274484739
# Reference: https://www.virustotal.com/gui/file/7c4765154e0479b7b44230d75f1a3260105cd9f456d8d5a4e885db6d731fdb87/detection

http://45.76.184.43
pixel-tool.com

# Reference: https://pastebin.com/Hc73BzJT

http://45.77.251.131
http://82.146.49.38
poiuytrewq3.site

# Reference: https://pastebin.com/SgZamRit

http://63.250.45.226
http://89.42.210.196
maildc1519217828.mihandns.com
nitariun.be

# Reference: https://bazaar.abuse.ch/sample/4986e69190027128e0c573f0aa29978102dde196ddf47391ad1c60c54f68e0e9/

http://185.244.173.50

# Reference: https://twitter.com/abuse_ch/status/1290346445313318912
# Reference: https://app.any.run/tasks/1a88bfa1-8994-4685-b6d5-2fd6ebb8fe5e/

http://185.189.12.182
brightpatio.site

# Reference: https://app.any.run/tasks/8a7aa566-0331-47f3-b58d-90f9e7166038/
# Reference: https://www.virustotal.com/gui/file/e14c3c88ac4763c9d1b8207410bf3b209a85589ce1d0d506603f7584881f9d2e/detection

maskarad123.ru.com

# Reference: https://www.virustotal.com/gui/file/a8837286d98135c4439c08704f5899e0c89c64442a2451c35ca2ec89327fd451/detection

bookingswarfacesec.com

# Reference: https://www.virustotal.com/gui/file/e259f88377da0872a17da118c6778a038b335128ec5c99a08f065173f6d18fe4/detection
# Reference: https://www.virustotal.com/gui/ip-address/109.94.110.54/relations

http://85.217.171.72
109.94.110.54:6006
mariadbstatist.com
rafaelleitao.com
schdule.co.uk
wordgamestrue.com

# Reference: https://www.virustotal.com/gui/file/1aa13497c5ec7a71da7239c37960f234f3361a02eca49b24bf501dfee34fe566/detection
# Reference: https://www.virustotal.com/gui/file/add8ed0a262a58caf6552f83c401f1801fd75027931e50334962ff4376bf47f1/detection

pc-checkup.com

# Reference: https://www.virustotal.com/gui/file/0aa7e5149b71880bca19ba129239d92f8e6862c2ba5a57724b640ef4132f11a6/detection

trickthehourse.net

# Reference: https://www.virustotal.com/gui/file/12e3d517d50bf7e583589fefa020711c10a8d2e99cab761491dcd9e7ca58d7f3/detection

duckmewoo.net

# Generic

/gate/cfg/?post=
/gate/log/?post=
