# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://github.com/pan-unit42/iocs/blob/master/bitter/iocs.csv

a.churchill91.com
aday.primeservices.mobi
aroundtheworld123.net
chinatel90.com
confirm97.com
destiny91.com
font.jiangsuhost.com
frameworksupport.net
healthnewsone.com
hewle.kielsoservice.net
johnywalter.webatu.com
mappservworldvide.16mb.com
marvel89.com
marvellighter.com
medzone71.com
mob.wirelesssolutions.mobi
nethosttalk.com
newmysticvision.com
red5big.com
sound.muzicwonder.com
spring.tulipnetworks.net
sterling66.com
stingray91.com
styl.crrerc.com
styl.hairparker.com
thematrix.esy.es
thepandaservices.nsiagenthoster.net
victory1983.ddns.net
wills.hairparker.com
wingames2015.com
woodwind71.com
xiovo416.net
zmwardrobe.com

# Reference: https://ti.360.net/blog/articles/analysis-of-targeted-attack-against-pakistan-by-exploiting-inpage-vulnerability-and-related-apt-groups/ (Chinese)

khurram.com.pk
traxbin.com
wcnchost.ddns.net

# Generic trails from https://unit42.paloaltonetworks.com/multiple-artradownloader-variants-used-by-bitter-to-target-pakistan/

/ergdfbd/wscspl
/healthne/accept.php
/healthne/regdl
/ourtyaz/dwnack.php
/ourtyaz/qwe.php
