# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: blackteam, blacknet, blackout

# Reference: https://twitter.com/makflwana/status/1210466313954414592

5ineprojects.com
hckrmytest.com
netdz.ga
davidescu.000webhostapp.com
kiraamora.000webhostapp.com

# Reference: https://twitter.com/tkanalyst/status/1212695828931973122
# Reference: https://app.any.run/tasks/607a63ec-0ab5-45a9-b255-df78eb73bd79/

weboss.in

# Reference: https://twitter.com/wwp96/status/1218260858524065794

meublesinde.in/black/

# Reference: https://twitter.com/wwp96/status/1218263835007758336
# Reference: https://app.any.run/tasks/6feea8e2-7390-4439-bb23-a35df75422e1/

r-s.us

# Reference: https://twitter.com/jorgemieres/status/1222611503125356544

vintosw0.beget.tech

# Reference: https://twitter.com/ps66uk/status/1228268374649659392
# Reference: https://app.any.run/tasks/9be4f8eb-e828-4ca5-ba76-6f8db7f1627a/

sinsixclaw.com

# Reference: https://twitter.com/ViriBack/status/1228676828107300864

agent.agentreef.xyz

# Reference: http://tracker.viriback.com/dump.php (# 2020-02-23, BlackNet)

davidaredetoate.000webhostapp.com
davidescu.000webhostapp.com
kiraamora.000webhostapp.com
lex1qlist3.temp.swtest.ru
loadbytes.tn
mailstealer.zzz.com.ua
meublesinde.in
piratashost.top
raders.ru
semanariolaprensa.com
sinsixclaw.com
snapk.org
vovagaka.myjino.ru
wwe23pro.myjino.ru
xblackeyex.000webhostapp.com

# Reference: https://twitter.com/MBThreatIntel/status/1242173577639550976

antivirus-covid19.site
corona-antivirus.com
instaboom-hello.site

# Reference: https://app.any.run/tasks/e5dcc906-4f08-464b-b738-e39a0458dd4f/
# Reference: https://app.any.run/tasks/c0432968-da70-46ef-a4ff-5156603ae3ae/
# Reference: https://www.virustotal.com/gui/file/18cc40d5c56f621dc4b1386b37892ce9723145c7e2b580053386bf93dd329dfa/detection

developersblacknet.ru

# Reference: https://www.virustotal.com/gui/file/c860d4c575c1548da86c9a6a9a4e63d48612fe28cae7f12097542f2ea4b013bd/behavior/VirusTotal%20Jujubox
# Reference: https://app.any.run/tasks/f57a3fd0-fbfe-4534-9992-39e784ada8cb/

bootpay.ru

# Reference: https://any.run/report/c205d50556fe7ae5923452dbe6f5fc118229966bb1a7ce6ac87a9f2d371c987d/d51e29b1-1f91-4b7e-a55d-4d0a001b0b1f
# Reference: https://urlhaus.abuse.ch/url/339364/
# Reference: https://bbs.kafan.cn/thread-2179435-1-1.html

/US-2020-20-03-16-18-40-0569324B-9414737A-3C853917-C61460EF-C4978359.com

# Reference: https://www.virustotal.com/gui/file/3d9a2aa28c67d76ebd6512789014880dabb0b21164970f3618294899323fb3e6/detection

rat3.ddns.net

# Reference: https://twitter.com/ganeshnathan28/status/1261677808268369922

cryptobitnex.co.za

# Reference: https://twitter.com/jorgemieres/status/1273290086159978496

informavoce.com

# Generic trails

/blacknet/connection.php
/blacknet/getCommand.php
/blacknet/login.php
/blacknet/recieve.php
/BlackNETPanel/connection.php
/BlackNETPanel/getCommand.php
/BlackNETPanel/login.php
/BlackNETPanel/recieve.php
/BlackNET%20Panel/connection.php
/BlackNET%20Panel/getCommand.php
/BlackNET%20Panel/login.php
/BlackNET%20Panel/recieve.php
/bn/connection.php?data=
/bn/getCommand.php?id=
/bn/receive.php?command=
/panel/connection.php?data=
/panel/receive.php?command=
/panel/getCommand.php?id=
/flags/Client.exe
