# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.zscaler.com/blogs/research/qealler-new-jar-based-information-stealer
# Reference: https://twitter.com/James_inthe_box/status/1121462484517281792

37.139.12.136:443
37.139.12.169:16901
37.139.12.169:23980
82.196.11.96:443
82.196.11.96:54869
82.196.11.96:56636
128.199.60.13:443
128.199.60.13:46061
128.199.60.13:47222
139.59.76.44:4000
146.185.139.123:6521
159.65.84.42:10846
159.65.84.42:11268
159.65.84.42:12536
176.58.117.125:8650
176.58.117.125:8676
176.58.117.125:8796
188.166.150.227:8298
192.81.222.28:39871
192.81.222.28:41210
gregoryteebuilders.co.uk
hiexgroup.co.uk
hiexsgroup.co.uk
kingagroup.co.uk
larrgroup.co.uk
lcbodywowrksltd.online
mcneilspecs.com
mcneilspecs.org
mcneilspecs.net
otorgroup.co.uk
prestigebuildersltd.com
prestigebuildersltd.net
prestonbuildersltd.co.uk
salmogroup.co.uk
stgeorgebuildltd.co.uk
txjxgroup.co.uk
ultrogroup.co.uk
willsonsolicitors.biz
willsonsolicitors.online
willsonsolicitors.store

# Reference: https://twitter.com/shotgunner101/status/1087443983213776896

fipcoltd.co.uk
82.196.11.96:55326

# Reference: https://twitter.com/James_inthe_box/status/1085002569846378498

txjxgroup.co.uk
37.139.12.136:37541
37.139.12.136:37778

# Reference: https://twitter.com/vmray/status/1037400892256002049

gdragroup.co.uk

# Reference: https://twitter.com/vmray/status/1037400896999747584

139.59.76.44:4000

# Reference: https://twitter.com/James_inthe_box/status/1035190253697396737

fschgroup.co.uk

# Reference: https://twitter.com/Jouliok/status/1117722051610066944
# Reference: https://www.virustotal.com/gui/file/5cf52d8e3924e2c4f4cb80283a46617d862c692b1167eed1baccfaefdf154092/detection
# Reference: https://www.virustotal.com/gui/ip-address/179.43.156.194/relations

csaxgroup.co.uk

# Generic trails

/lib/qealler
/qealler-reloaded/
