# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: bisonal, tonto

# Reference: https://researchcenter.paloaltonetworks.com/2018/07/unit42-bisonal-malware-used-attacks-russia-south-korea/

euiro8966.organiccrap.com
games.my-homeip.com
jennifer998.lookin.at
kted56erhg.dynssl.com
hosting.tempors.com

# Reference: https://twitter.com/Vishnyak0v/status/1216689015035977730

etude.servemp3.com

# Reference: https://docs.google.com/spreadsheets/d/1lDzylI6Jymz7EE0agRVUsL3kwmJSRDjXYjr5l5MUOEk/edit#gid=127522608 (# Bisonal)

svyaztulaya.dynamic-dns.net
uacmoscow.com

# Reference: https://blog.talosintelligence.com/2020/03/bisonal-10-years-of-play.html

0906.toh.info
21kmg.my-homeip.net
agent.my-homeip.net
amanser951.otzo.com
applejp.myfw.us
dds.walshdavis.com
dnsdns1.passas.us
emsit.serveirc.com
etude.servemp3.com
euiro8966.organiccrap.com
faceto.uglyas.com
games.my-homeip.com
hansun.serveblog.net
hosting.tempors.com
indbaba.myfw.us
jennifer998.lookin.at
kazama.myfw.us
kfsinfo.byinter.net
kreng.bounceme.net
kted56erhg.dynssl.com
mycount.mrslove.com
navego.serveblog.net
nayana.adultdns.net
shinkhek.myfw.us
since.qpoe.com
usababa.myfw.us
v3net.rr.nu
wew.mymom.info

# Reference: https://asec.ahnlab.com/1298
# Reference: https://twitter.com/vigilantbeluga/status/1235496629811077121
# Reference: https://otx.alienvault.com/pulse/5e612f6d1dadda20c4314b21

imbc.onthewifi.com

# Reference: https://twitter.com/nao_sec/status/1273209439764406272
# Reference: https://app.any.run/tasks/4c751168-358a-49c9-b751-e5b4aad9b060/

offices-update.com
