# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/ViriBack/status/1045460579689922561

jelouslaodnn.org

# Reference: https://twitter.com/james_inthe_box/status/1034925258258624512
# Reference: https://blog.ensilo.com/game-of-trojans-dissecting-khalesi-infostealer-malware

botsphere.biz
seeyouonlineservice.com

# Reference: https://twitter.com/James_inthe_box/status/1108789993923723264

/DJvS7iHPfoXDzPvo/config.php
/DJvS7iHPfoXDzPvo/gate.php
/DJvS7iHPfoXDzPvo/login.php

# Reference: https://twitter.com/4chr4f2/status/1103316628245164032

/NIwxn5JBvMom6naz/config.php
/NIwxn5JBvMom6naz/gate.php
/NIwxn5JBvMom6naz/login.php

# Reference: https://twitter.com/avman1995/status/1090972632261029891

/03SleOcRkLyD69DQ/config.php
/03SleOcRkLyD69DQ/gate.php
/03SleOcRkLyD69DQ/login.php

# Reference: https://twitter.com/ViriBack/status/1069965350442283009
# Reference: https://pastebin.com/PTkLE0se

/bnAgxoxMGuqZidGE/config.php
/bnAgxoxMGuqZidGE/gate.php
/bnAgxoxMGuqZidGE/login.php

# Reference: https://twitter.com/malware_traffic/status/1110176575922864128

/8pqPR0YZKhASBoKU/config.php
/8pqPR0YZKhASBoKU/gate.php
/8pqPR0YZKhASBoKU/login.php

# Reference: https://twitter.com/takerk734/status/1113851637292920832

/9AhiTpcUu2lUfGvx/config.php
/9AhiTpcUu2lUfGvx/gate.php
/9AhiTpcUu2lUfGvx/login.php

# Reference: https://www.proofpoint.com/us/threat-insight/post/new-kpot-v20-stealer-brings-zero-persistence-and-memory-features-silently-steal

/a6Y5Qy3cF1sOmOKQ/config.php
/a6Y5Qy3cF1sOmOKQ/gate.php
/a6Y5Qy3cF1sOmOKQ/login.php
/lmpUNlwDfoybeulu/config.php
/lmpUNlwDfoybeulu/gate.php
/lmpUNlwDfoybeulu/login.php

# Reference: https://twitter.com/jorgemieres/status/1125794853638615041

newpepeloco.xyz

# Reference: https://twitter.com/James_inthe_box/status/1095007960097419264

/82tC6RWjKA3GkDHb/config.php
/82tC6RWjKA3GkDHb/gate.php
/82tC6RWjKA3GkDHb/login.php

# Reference: https://twitter.com/avman1995/status/1079312991189958658

/9sEdsV5D3P0eJclX/config.php
/9sEdsV5D3P0eJclX/gate.php
/9sEdsV5D3P0eJclX/login.php

# Reference: https://twitter.com/James_inthe_box/status/1076673889701224448

/x4q9214C6N4DuZ79/config.php
/x4q9214C6N4DuZ79/gate.php
/x4q9214C6N4DuZ79/login.php

# Reference: https://twitter.com/avman1995/status/1035588628355928065

elysium-inc.info

# Reference: https://twitter.com/James_inthe_box/status/1131847607813267456

pinescop.top

/r7bxRcw7Y2bKl5Vi/config.php
/r7bxRcw7Y2bKl5Vi/gate.php
/r7bxRcw7Y2bKl5Vi/login.php

# Reference: https://twitter.com/James_inthe_box/status/1134528134915678209

benten09.futbol

/BOH9KGa4jvUsU4jL/config.php
/BOH9KGa4jvUsU4jL/gate.php
/BOH9KGa4jvUsU4jL/login.php

# Reference: http://tracker.viriback.com/ (# Kpot)

chookes991.ga

/cZP67az9xbvAyTUU/config.php
/cZP67az9xbvAyTUU/gate.php
/cZP67az9xbvAyTUU/login.php
/MjhK7giyH9XLSgi1/config.php
/MjhK7giyH9XLSgi1/gate.php
/MjhK7giyH9XLSgi1/login.php

# Reference: https://twitter.com/VK_Intel/status/1140885797773676544

activehostnet.com

# Reference: https://twitter.com/benkow_/status/1140920162163613696

http://5.188.60.24
http://5.8.88.53

# Reference: https://www.bleepingcomputer.com/news/security/vsdc-site-hacked-again-to-spread-password-stealing-malware/
# Reference: https://github.com/DoctorWebLtd/malware-iocs/tree/master/VSDC

appnodejs.xyz
sync-time.info

# Reference: https://twitter.com/killamjr/status/1143498263892582402

betalco.biz

# Reference: https://twitter.com/James_inthe_box/status/1144604109103722496

/iWDf752n2PyeZWAn/config.php
/iWDf752n2PyeZWAn/gate.php
/iWDf752n2PyeZWAn/login.php
