# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/Artilllerie/status/1115258738368294913

/rnm226.php
/rnm238.php

# Reference: https://twitter.com/malware_traffic/status/732996960953622528

/xtrfgdb7.php

# Reference: https://twitter.com/malware_traffic/status/723237083851022337

/ckjvgphz.php

# Reference: https://twitter.com/teoseller/status/648537487397289984

/ajuno.php

# Reference: https://twitter.com/malware_traffic/status/1138999824613687298

http://80.85.155.70
work.a-poster.info

# Reference: https://twitter.com/VK_Intel/status/1139926661162512384
# Reference: https://github.com/k-vitali/Malware-Misc-RE/blob/master/2019-06-14-tofsee-spambot-modules.notes.vk.txt

/pchfv.php
144.76.199.2:416
144.76.199.43:416
176.111.49.43:416
46.4.52.109:416
85.25.119.25:416

# Reference: https://blog.talosintelligence.com/2019/08/threat-roundup-0726-0802.html (# Win.Malware.Tofsee-7090196-1)

gordinka.xyz

# Reference: https://blog.talosintelligence.com/2019/10/threat-roundup-1018-1025.html (# Win.Malware.Tofsee-7349716-1)

nekfad.xyz
ponedobla.bit

# Reference: https://www.virustotal.com/gui/file/4de062a251b1b38575f8e815823b27f05e8a8eba69aec44b89bfa5a88155c747/detection

/vbyjqfw.php
/dhmuswvy.php
/bvmrgqc.php
/codfxpwuq.php
/psfyclat.php
/qxxrym.php
/frwxpvpm.php
/rusehw.php
/hmrlyx.php
/ckhadxg.php
/sslkzbml.php
/mwwqjy.php
/hrlaguph.php
