# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/ViriBack/status/1045460579689922561

jelouslaodnn.org

# Reference: https://twitter.com/james_inthe_box/status/1034925258258624512
# Reference: https://blog.ensilo.com/game-of-trojans-dissecting-khalesi-infostealer-malware

botsphere.biz
seeyouonlineservice.com

# Reference: https://twitter.com/James_inthe_box/status/1108789993923723264

/DJvS7iHPfoXDzPvo/config.php
/DJvS7iHPfoXDzPvo/gate.php
/DJvS7iHPfoXDzPvo/login.php

# Reference: https://twitter.com/4chr4f2/status/1103316628245164032

/NIwxn5JBvMom6naz/config.php
/NIwxn5JBvMom6naz/gate.php
/NIwxn5JBvMom6naz/login.php

# Reference: https://twitter.com/avman1995/status/1090972632261029891

/03SleOcRkLyD69DQ/config.php
/03SleOcRkLyD69DQ/gate.php
/03SleOcRkLyD69DQ/login.php

# Reference: https://twitter.com/ViriBack/status/1069965350442283009
# Reference: https://pastebin.com/PTkLE0se

/bnAgxoxMGuqZidGE/config.php
/bnAgxoxMGuqZidGE/gate.php
/bnAgxoxMGuqZidGE/login.php

# Reference: https://twitter.com/malware_traffic/status/1110176575922864128

/8pqPR0YZKhASBoKU/config.php
/8pqPR0YZKhASBoKU/gate.php
/8pqPR0YZKhASBoKU/login.php

# Reference: https://twitter.com/takerk734/status/1113851637292920832

/9AhiTpcUu2lUfGvx/config.php
/9AhiTpcUu2lUfGvx/gate.php
/9AhiTpcUu2lUfGvx/login.php

# Reference: https://www.proofpoint.com/us/threat-insight/post/new-kpot-v20-stealer-brings-zero-persistence-and-memory-features-silently-steal

/a6Y5Qy3cF1sOmOKQ/config.php
/a6Y5Qy3cF1sOmOKQ/gate.php
/a6Y5Qy3cF1sOmOKQ/login.php
/lmpUNlwDfoybeulu/config.php
/lmpUNlwDfoybeulu/gate.php
/lmpUNlwDfoybeulu/login.php

# Reference: https://twitter.com/jorgemieres/status/1125794853638615041

newpepeloco.xyz

# Reference: https://twitter.com/James_inthe_box/status/1095007960097419264

/82tC6RWjKA3GkDHb/config.php
/82tC6RWjKA3GkDHb/gate.php
/82tC6RWjKA3GkDHb/login.php

# Reference: https://twitter.com/avman1995/status/1079312991189958658

/9sEdsV5D3P0eJclX/config.php
/9sEdsV5D3P0eJclX/gate.php
/9sEdsV5D3P0eJclX/login.php

# Reference: https://twitter.com/James_inthe_box/status/1076673889701224448

/x4q9214C6N4DuZ79/config.php
/x4q9214C6N4DuZ79/gate.php
/x4q9214C6N4DuZ79/login.php

# Reference: https://twitter.com/avman1995/status/1035588628355928065

elysium-inc.info

# Reference: https://twitter.com/James_inthe_box/status/1131847607813267456

pinescop.top
/r7bxRcw7Y2bKl5Vi/config.php
/r7bxRcw7Y2bKl5Vi/gate.php
/r7bxRcw7Y2bKl5Vi/login.php

# Reference: https://twitter.com/James_inthe_box/status/1134528134915678209

benten09.futbol
/BOH9KGa4jvUsU4jL/config.php
/BOH9KGa4jvUsU4jL/gate.php
/BOH9KGa4jvUsU4jL/login.php

# Reference: http://tracker.viriback.com/ (# Kpot)

chookes991.ga
/cZP67az9xbvAyTUU/config.php
/cZP67az9xbvAyTUU/gate.php
/cZP67az9xbvAyTUU/login.php
/MjhK7giyH9XLSgi1/config.php
/MjhK7giyH9XLSgi1/gate.php
/MjhK7giyH9XLSgi1/login.php

# Reference: https://twitter.com/VK_Intel/status/1140885797773676544

activehostnet.com

# Reference: https://twitter.com/benkow_/status/1140920162163613696

http://5.188.60.24
http://5.8.88.53

# Reference: https://www.bleepingcomputer.com/news/security/vsdc-site-hacked-again-to-spread-password-stealing-malware/
# Reference: https://github.com/DoctorWebLtd/malware-iocs/tree/master/VSDC

appnodejs.xyz
sync-time.info

# Reference: https://twitter.com/killamjr/status/1143498263892582402

betalco.biz

# Reference: https://twitter.com/James_inthe_box/status/1144604109103722496

/iWDf752n2PyeZWAn/config.php
/iWDf752n2PyeZWAn/gate.php
/iWDf752n2PyeZWAn/login.php

# Reference: https://twitter.com/benkow_/status/1128639735960875010

solar3080z.xyz
/FKpQDbwPieNVZbKt/config.php
/FKpQDbwPieNVZbKt/gate.php
/FKpQDbwPieNVZbKt/login.php

# Reference: https://twitter.com/James_inthe_box/status/1160150821830418432

d3f4.com.hk
/OfJ3qDlVoGBRGjYK/conf.php
/OfJ3qDlVoGBRGjYK/config.php
/OfJ3qDlVoGBRGjYK/gate.php
/OfJ3qDlVoGBRGjYK/login.php

# Reference: https://twitter.com/nao_sec/status/1162584523093114880
# Reference: https://app.any.run/tasks/710afa6e-ec22-4c68-953b-707ddba8c597/

http://82.146.44.97
/ENQxMsOLJOdg0uDO/conf.php
/ENQxMsOLJOdg0uDO/config.php
/ENQxMsOLJOdg0uDO/gate.php
/ENQxMsOLJOdg0uDO/login.php

# Reference: https://twitter.com/Racco42/status/1168523943638110210

/ImgcsQGM6ZclLvqr/conf.php
/ImgcsQGM6ZclLvqr/config.php
/ImgcsQGM6ZclLvqr/gate.php
/ImgcsQGM6ZclLvqr/login.php

# Reference: https://twitter.com/Paladin3161/status/1169588041372975104
# Reference: https://pastebin.com/925dUBPZ

47.88.102.244:80
smart-net.rocks
/UcPDF28Hzd7dMdbG/conf.php
/UcPDF28Hzd7dMdbG/config.php
/UcPDF28Hzd7dMdbG/gate.php
/UcPDF28Hzd7dMdbG/login.php

# Reference: https://twitter.com/wwp96/status/1173650300185534468
# Reference: https://app.any.run/tasks/7fe60e24-8022-4c69-8c61-41be5b9d7f1e/

185.217.1.149:4040
78801.duckdns.org
ct77.duckdns.org
zeleron.duckdns.org
/Z6O0f04bowOkpUs1/conf.php
/Z6O0f04bowOkpUs1/config.php
/Z6O0f04bowOkpUs1/gate.php
/Z6O0f04bowOkpUs1/login.php

# Reference: https://app.any.run/tasks/a11b5227-7568-455a-b40d-4161c9779ed1/

ct77.duckdns.org
zeleron.duckdns.org

# Reference: https://twitter.com/tkanalyst/status/1174092283206963200

/cq2fKWVooVNMYqNW/conf.php
/cq2fKWVooVNMYqNW/config.php
/cq2fKWVooVNMYqNW/gate.php
/cq2fKWVooVNMYqNW/login.php

# Reference: https://twitter.com/tkanalyst/status/1175417561527115778

/4rTpPY1f3zP4LAUq/conf.php
/4rTpPY1f3zP4LAUq/config.php
/4rTpPY1f3zP4LAUq/gate.php
/4rTpPY1f3zP4LAUq/login.php

# Reference: https://twitter.com/58_158_177_102/status/1175542076747984896

/cklzI56WuqpFRzFV/conf.php
/cklzI56WuqpFRzFV/config.php
/cklzI56WuqpFRzFV/gate.php
/cklzI56WuqpFRzFV/login.php

# Reference: https://otx.alienvault.com/pulse/5d8dcf197ec3aea4d3e338df

1stpubs.com
2ndpub.com
3eueu.com
3prokladkaeu.com
3pubss.com
d3f4.com.hk
detailsconfirm.in
icherryls.com
inewsmvo.com
j5h4f9b6.com
k0j8h7f6d5s4.com
kaiwachis.ug
maper.info
qposhgames.com
setseta.com
/OfJ3qDlVoGBRGjYK/conf.php
/OfJ3qDlVoGBRGjYK/config.php
/OfJ3qDlVoGBRGjYK/gate.php
/OfJ3qDlVoGBRGjYK/login.php
/nshnobea4xwtldcc/conf.php
/nshnobea4xwtldcc/config.php
/nshnobea4xwtldcc/gate.php
/nshnobea4xwtldcc/login.php

# Reference: https://github.com/silence-is-best/c2db#kpot-stealer

allseasongudinc.tech

# Reference: https://twitter.com/ViriBack/status/1183157722348433413

/O0SYQ1VJ6mHPuotw/conf.php
/O0SYQ1VJ6mHPuotw/config.php
/O0SYQ1VJ6mHPuotw/gate.php
/O0SYQ1VJ6mHPuotw/login.php

# Reference: https://app.any.run/tasks/5ea9c799-eb73-4854-903a-a4a080659af0/

/IFNn0HURvaodgeBZ/conf.php
/IFNn0HURvaodgeBZ/config.php
/IFNn0HURvaodgeBZ/gate.php
/IFNn0HURvaodgeBZ/login.php

# Reference: https://twitter.com/tkanalyst/status/1184655705103634435
# Reference: https://app.any.run/tasks/20218f80-9838-41f4-b6d6-7dbbcd60107a/

vip-rocket.net
/oYiMdS2d7yfR6q1V/conf.php
/oYiMdS2d7yfR6q1V/config.php
/oYiMdS2d7yfR6q1V/gate.php
/oYiMdS2d7yfR6q1V/login.php
