# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: godlua, kerberods, khugepageds

# Reference: https://twitter.com/malwaremustd1e/status/1118526993912307712
# Reference: https://twitter.com/malwaremustd1e/status/1122003608927494145
# Reference: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

systemten.org
w.3ei.xyz
w.21-3n.xyz
t.w2wz.cn
1.z9ls.com
yxarsh.shop
i.ooxx.ooo
baocangwh.cn
img.sobot.com

# Reference: https://twitter.com/malwaremustd1e/status/1124352163868581888
# Reference: https://community.atlassian.com/t5/Confluence-questions/How-come-my-confluence-installation-was-hacked-by-Kerberods/qaq-p/1054605
# Reference: https://www.virustotal.com/gui/domain/d.heheda.tk/relations
# Reference: https://twitter.com/_odisseus/status/1146409965260824578
# Reference: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

c.heheda.tk
ccc.heheda.tk
d.heheda.tk
dd.heheda.tk
liuxiaobei.top

# Reference: https://twitter.com/malwaremustd1e/status/1126869452748804096

gwjyhs.com
