# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: sarwent, tinynuke

# Reference: https://twitter.com/VK_Intel/status/1018656000948260864

dingparighrewrec.win
refendisoked.win

# Reference: https://twitter.com/avman1995/status/1110785220993781763

m0pedx9.su

# Reference: https://twitter.com/P3pperP0tts/status/1177147328630861824

zalivy.ug

# Reference: https://twitter.com/abuse_ch/status/1183260666423119874
# Reference: https://www.virustotal.com/gui/file/afa54323cc65546ba777d8185da412641316377f7eeef9182a750a1385ba9b01/detection
# Reference: https://twitter.com/James_inthe_box/status/1162068269387276289
# Reference: https://app.any.run/tasks/6812075f-1785-494f-9624-eda8b19943c3/

shopstoregame.icu
shopstoregames.icu
shopstoregamese.com
shopstoregamese.icu
softfaremiks.icu

# Reference: https://twitter.com/James_inthe_box/status/1162068269387276289
# Reference: https://app.any.run/tasks/6812075f-1785-494f-9624-eda8b19943c3/

shopstoregame.com
shopstoregamesnews.com
startprojekt201907.com
startprojektnewswold.com
startprojekt.ru
stratbuks.icu

# Reference: https://twitter.com/ViriBack/status/1188452548392431621

190.97.167.130:8081

# Reference: http://tracker.viriback.com/dump.php (# 2019-11-4, TinyNuke)

5.188.60.99:8090

# Reference: https://twitter.com/P3pperP0tts/status/1226493807061094406
# Reference: https://app.any.run/tasks/69d6b92f-5acd-4e8d-82c1-b95f33af145c/

islacangrejo.fun
j2888hennene.site

# Reference: https://twitter.com/James_inthe_box/status/1226536619164889090
# Reference: https://app.any.run/tasks/de7f628a-4999-40fd-b664-8d26a2605613/

thoughtlibrary.top

# Reference: https://twitter.com/James_inthe_box/status/1228788661006659584

blognews-journal.com

# Reference: https://app.any.run/tasks/6812075f-1785-494f-9624-eda8b19943c3/

/adminpanel/add_bot.php

# Reference: https://twitter.com/malwarefr0gg0z/status/1260664478347096064
# Reference: https://app.any.run/tasks/056cfdee-7aa8-43ba-8b8e-b5e46f570b5e/

176.121.14.53:8888

# Reference: https://otx.alienvault.com/pulse/5ccbaedf1bcdec1f5fe8e096

plcbiz.info
support-stantion.ru
business-projekt.info
appartamentibologna.eu
hostbasesoft.com
webstatistika-country.ru
shopstoregame.com

# Reference: https://labs.sentinelone.com/sarwent-malware-updates-command-detonation/
# Reference: https://otx.alienvault.com/pulse/5ec7e449bc161ecb577d69f1

beurbn.com
blognews-joural.best
blognews-joural.com
blognews-joural.info
blognews-journal.com
rabbot.xyz
rubbolt.xyz
rubbot.xyz
seoanalyticsp34roj.xyz
seoanalyticspro32frghyj.xyz
seoanalyticsproewj.xyz
seoanalyticsproj.xyz
seoanalyticsprojrts.xyz
seoanalyticsptyrroj.xyz
shopstoregame.icu
shopstoregames.icu
shopstoregamese.com
shopstoregamese.icu
softfaremiks.icu
startprojekt.pro
startprojekt.pw
tebbolt.xyz
terobolt.xyz
treawot.xyz
vertuozoff.club
vertuozoff.xyz
vertuozofff.club
vertuozofff.com
vertuozofff.xyz
vertuozoffff.club
whatsmyhomeworthlondonontario.ca

# Generic

/gate/connect?hwid=
/gate/connect?os=
/gate/vnc_exec?command=
