# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/angel11VR/status/1115343202167533568
# Reference: https://pastebin.com/0bX17LaY

/out-761452637.hta

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/kimsuky/aptnote0403

/moonx.hta
/first.hta

# Reference: https://twitter.com/neonprimetime/status/1116740246790602753

/wormhta.hta

# Reference: https://twitter.com/InQuest/status/1116772541312401408

/ec470000/file.hta

# Reference: https://twitter.com/JAMESWT_MHT/status/1118088254224515072

/out-1618282703.hta

# Reference: https://twitter.com/blackorbird/status/1118334122592591872
# Reference: https://raw.githubusercontent.com/blackorbird/APT_REPORT/master/kimsuky/Smoke%20Screen.pdf
# Reference: https://blog.alyac.co.kr/2299 (Korean)
# Reference: https://blog.alyac.co.kr/2243 (Korean)

/Ahfzo0.hta
/Ersrr0.hta
/first.hta
/fmaov0.hta
/fwvuj0.hta
/Htqgf0.hta
/Msgxo.hta
/Msgxo0.hta
/Mylqn0.hta
/Pkjjy.hta
/Qfnaq.hta
/Qfnaq0.hta
/Qzqrn0.hta
/second.hta
/szgfj0.hta
/Vkggy0.hta
/xtgnb0.hta
/Yluhi0.hta

# Reference: https://blog.talosintelligence.com/2019/04/threat-source-april-18-new-attacks.html

/we.hta

# Reference: https://twitter.com/pancak3lullz/status/1113084930475638784

/9Y4wOJot.hta

# Reference: https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/

/Vkggy0.hta
/Usoro.hta

# Reference: https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/

/Mzfmj.hta

# Reference: https://otx.alienvault.com/pulse/5cc85460920fb55c466d6e8d

/Second.hta
/temp.hta

# Reference: https://twitter.com/DissectMalware/status/1126384963497205762

/ihenketata2019.hta
/out-802561251.hta
/out-2069830595.hta
/out-427331541.hta
/out-270833413.hta
/out-746027731.hta
/out-890192022.hta
/out-1389213074.hta
/out-325515559.hta
/out-413662816.hta
/out-961903221.hta
/out-1719427273.hta
/out-167611131.hta
/out-642154941.hta
/out-1033585073.hta
/out-1181438660.hta
/out-43874915.hta
/out-288511419.hta
/out-1053850352.hta
/out-1841585389.hta
/task2.hta
/tk.hta

# Reference: https://twitter.com/James_inthe_box/status/1129452679250321408

/out-1081291084.hta

# Reference: https://twitter.com/HONKONE_K/status/1133205335877885952

/h.hta

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/blacksquid-slithers-into-servers-and-drives-with-8-notorious-exploits-to-drop-xmrig-miner/
# Reference: https://otx.alienvault.com/pulse/5cf53cdb5089737750fab25d

/Black.hta

# Reference: https://twitter.com/James_inthe_box/status/1136631137571237888

/2VXzzTcNjTvas8r9.hta

# Reference: https://twitter.com/ViriBack/status/1136712921461997570

/sample.hta

# Reference: https://www.malware-traffic-analysis.net/2017/12/22/index.html

/beta.hta

# Reference: https://twitter.com/James_inthe_box/status/1139536021572317185

/out-1445440753.hta

# Reference: https://www.virustotal.com/gui/file/d5f18e907465fd5bd659df74e51377052337fc515f17f1e915551f3cc05823dc/community
# Reference: https://app.any.run/tasks/44ceb7c7-518e-4bb1-8a00-de2d887b32c3/

/iyk1.hta

# Reference: https://myonlinesecurity.co.uk/more-agenttesla-keylogger-and-nanocore-rat-in-one-bundle/

/mhtexp.hta

# Reference: https://twitter.com/dineshdina04/status/1008621004896198657
# Reference: https://app.any.run/tasks/a8c1f660-71ae-4ab1-a217-11256fd6a158/

/wm.hta

# Reference: https://twitter.com/ViriBack/status/970443789234929664

/bb.hta

# Reference: https://twitter.com/teamcymru/status/920135790600114176

/bqowsj.hta
/fsfsyt.hta
/kekcgt.hta
/nrjhyr.hta
/oonhci.hta
/otvpoi.hta
/phtjae.hta

# Reference: https://twitter.com/FewAtoms/status/1146804894785056768

/out-182876786.hta

# Reference: https://twitter.com/James_inthe_box/status/1146896227000209408

/BitMaster.hta

# Reference: https://twitter.com/Timele9527/status/1147750939576586244

/am_cy_167.hta
/comm.hta
/emp.hta

# Reference: https://twitter.com/YouMayBeHacked/status/1148625116101844992

/bi.hta

# Reference: https://twitter.com/James_inthe_box/status/1149026394472472576

/kkknng.hta

# Reference: https://twitter.com/James_inthe_box/status/1149412096418840576

/hit.hta

# Reference: https://twitter.com/KorbenD_Intel/status/1146463851526938625

/9000.hta

# Reference: https://twitter.com/RedDrip7/status/1118009381679878144
# Reference: https://www.virustotal.com/gui/file/b101035ae8b25263cf7101fbc63df71682cf0963d59b28e28da6e83b35003452/detection
# Reference: https://ti.360.net/uploads/2018/09/20/6f8ad451646c9eda1f75c5d31f39f668.pdf (Chinese)

/zxcvb.hta

# Reference: https://twitter.com/_CPResearch_/status/1102943725750239237

/RawabiJob.hta

# Reference: https://twitter.com/killamjr/status/1150218238573404160

/SystemUpdater.hta

# Reference: https://www.freebuf.com/articles/network/196788.html (Chinese)

/file.hta
/fin.hta
/final.hta
/zoxr4yr5KV.hta

# Reference: https://twitter.com/James_inthe_box/status/1059087094612602881

/SamRefJobsVacancies.hta

# Reference: https://twitter.com/James_inthe_box/status/1151156619733921792

/8741161.hta

# Reference: https://twitter.com/alex_lanstein/status/988851524406099968

/LPOKGGTEFFGFJ.hta

# Reference: https://twitter.com/FewAtoms/status/1159473273870196736

/out-1379808530.hta

# Reference: https://twitter.com/reecdeep/status/1159833486817034241

/elnino.hta

# Reference: https://twitter.com/w3ndige/status/1168437823193669632

/2055970.hta

# Reference: https://twitter.com/Zerophage1337/status/1007645365133246464

/dwie.hta

# Reference: https://otx.alienvault.com/pulse/5d7a4780d9dfe5be7ab9296e

/Lfvbu0.hta
/Msgxo0.hta
/Qbjoo0.hta
/Rjboi0.hta
/Rnlnb0.hta
/Vamva0.hta

# Reference: https://twitter.com/rpsanch/status/1172548993177522176

/ManTechJobs.hta

# Reference: https://twitter.com/i/status/1172612874708996096

/Tickets.hta

# Reference: https://twitter.com/JAMESWT_MHT/status/1177115401400016901

/Duxuu.hta
/Duxuu0.hta

# Reference: https://www.microsoft.com/security/blog/2019/09/26/bring-your-own-lolbin-multi-stage-fileless-nodersok-campaign-delivers-rare-node-js-based-malware/

/Player1566444384.hta

# Reference: https://twitter.com/h4ckak/status/1144173749056315392

/startup.hta

# Reference: https://twitter.com/FewAtoms/status/1180819300476755969

/MS.hta
/MSHTAPayload.hta
/out-1302410780.hta
/out-2091529197.hta
/out-792744321.hta
/out-932457051.hta
/ppro.hta

# Reference: https://www.anomali.com/blog/china-based-apt-mustang-panda-targets-minority-groups-public-and-private-sector-organizations
# Reference: https://otx.alienvault.com/pulse/5d9c72d7e2efa3b5aa799b41

/Mau2.hta

# Reference: https://twitter.com/cyber__sloth/status/1181957000927727616

/out-1369462999.hta
/out-834610808.hta

# Reference: https://twitter.com/w3ndige/status/1168437823193669632

/2055970.hta

# Reference: https://twitter.com/tkanalyst/status/1184825216033099777

/SYUWSL1.hta

# Reference: https://mp.weixin.qq.com/s/ujeIeb_BWoLWu420imwAOQ
# Reference: https://otx.alienvault.com/pulse/5dad976536418494e8540014

/hta1.hta

# Reference: https://twitter.com/wwp96/status/1186622658751938560

/out-1029000015.hta

# Reference: https://twitter.com/tkanalyst/status/1196033182694379527

/flusupdxx64.hta

# Reference: https://twitter.com/FewAtoms/status/1198574338036969474

/azo.hta
/PO98989211.hta

# Reference: https://twitter.com/cyber__sloth/status/1200005508641558528

/out-1246717249.hta

# Reference: https://app.any.run/tasks/c382b09f-03f7-4680-86c5-28316c5cc5e3/

/microsoft.hta

# Reference: https://twitter.com/wwp96/status/1202267925559808000

/2206907.hta

# Reference: https://twitter.com/wwp96/status/1214926249535164422

/25067710.hta

# Reference: https://mp.weixin.qq.com/s/L3dVwbkfTABtE4ZYtv5r4w
# Reference: https://otx.alienvault.com/pulse/5e206d8b77de0b2690b9946c

/zaqxswcde.hta
/zaqxswcderfv.hta

# Reference: https://otx.alienvault.com/pulse/5e257c8c189e48e8e053e75b

/brzol0.hta
/dbrcn0.hta
/tyjui3.hta
/zjirz.hta
/zjirz0.hta

# Reference: https://twitter.com/JayTHL/status/1227122437885698049

/youuth.hta

# Reference: https://twitter.com/FewAtoms/status/1231994766398717954

/out-337443407.hta
/out-510267147.hta

# Reference: https://twitter.com/casual_malware/status/1239760321021128706

/out-44955964.hta
/out-1376540361.hta
/out-1897288366.hta

# Reference: https://twitter.com/FewAtoms/status/1239938872341139456

/out-8815323.hta

# Reference: https://twitter.com/malwrhunterteam/status/1240996072425652224

/out-1429065212.hta
/out-1770163823.hta
/out-1890736898.hta
/out-531451995.hta

# Reference: https://twitter.com/Rmy_Reserve/status/1241301496571953152

/cfhkjkk.hta

# Reference: https://twitter.com/FewAtoms/status/1241813291460067329

/out-756898907.hta
/out-1019569980.hta
/out-1388663052.hta

# Reference: https://twitter.com/malwrhunterteam/status/1241318536280227844

/sol.hta

# Reference: https://twitter.com/malwrhunterteam/status/1242812814668038151

/out-1068156992.hta

# Reference: https://twitter.com/FewAtoms/status/1243579932590161930

/out-571924757.hta
/out-756898907.hta

# Refecerence: https://twitter.com/bit_dam/status/1256311982992633862

/new%201.hta

# Reference: https://pastebin.com/uwPeU4CL

/Cqsl.hta

# Reference: https://twitter.com/malwrhunterteam/status/1258844055682912259

/out-2010667608.hta

# Reference: https://blog.alyac.co.kr/3033 (Korean)
# Reference: https://otx.alienvault.com/pulse/5ed7c80f673c40df00c52fa6

/pre.hta
/suf.hta

# Reference: https://urlhaus.abuse.ch/downloads/text_recent/

/Hmoye0.hta

# Generic

/myrrem.hta
/out-1334992907.hta
/out-1347051899.hta
/out-849945592.hta
