# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://x.com/LAB52io/status/2032441881771040820
# Reference: https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/
# Reference: https://medium.com/@tomonmalware/when-the-browser-becomes-an-implant-streamapp-a-new-tool-in-laundry-bears-arsenal-a99430d6e557
# Reference: https://www.virustotal.com/gui/ip-address/193.23.199.14/relations
# Reference: https://www.virustotal.com/gui/file/2b665be515f5c0eccfb1410ed91b40e2133d85a7c2fd3a573b28b975439e29f8/detection
# Reference: https://www.virustotal.com/gui/file/352f34ea5cc40e2b3ec056ae60fa19a368dbd42503ef225cb1ca57956eb05e81/detection
# Reference: https://www.virustotal.com/gui/file/bad7c6f6ca25363a02eaceb3ed1e378218dc4a246a63d723cfcc5feee3af5056/detection
# Reference: https://www.virustotal.com/gui/file/31e658a41ad448d0b38611c6d74cf2ae352dc2efad6c4de29bf775f6621ee99e/detection

http://193.23.199.14
188.137.228.162:6341
80.89.224.13:6341
frontline-help.com
documents.cx.ua
ngu.kh.ua
