
# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: konni, nokki

# Reference: https://researchcenter.paloaltonetworks.com/2018/09/unit42-new-konni-malware-attacking-eurasia-southeast-asia/

/./pds/data/upload.php
/./pds/down/
/common/doc
/common/exe
/de/de_includes/mail/yandex.ru/donwload.php
/weget/upload.php
/weget/uploadtm.php

# Reference: https://researchcenter.paloaltonetworks.com/2018/10/unit42-nokki-almost-ties-the-knot-with-dogcall-reaper-group-uses-new-malware-to-deploy-rat/

kmbr1.nitesbr1.org

# Reference: https://twitter.com/bitsofbinary/status/1121356851759734786
# Reference: https://otx.alienvault.com/pulse/5cc2d732b9b05ddae2d59738

upgradesrv.890m.com

# Reference: https://blog.alyac.co.kr/2347 (Korean)

http://202.168.155.156
naiei-aldiel.16mb.com
naoei3-tosma.96.lt
upgradesrv.890m.com

# Reference: https://twitter.com/Timele9527/status/1139805856009035776

stream.nshc.net
