# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://github.com/eset/malware-ioc/tree/master/glupteba

ostdownload.xyz
travelsreview.world
bigdesign.website
sportpics.xyz
kinosport.top
0ev.ru
0df.ru
0d2.ru
0d9.ru
financialtimesguru.com
burnandfire5.com

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/glupteba-campaign-hits-network-routers-and-updates-cc-servers-with-data-from-bitcoin-transactions/
# Reference: https://otx.alienvault.com/pulse/5d6fab77e045042a3b8969f5

bigtext.club
blackempirebuild.com
clubhouse.site
keepmusic.xyz
lienews.world
nxtfdata.xyz
okonewacon.com
phonemus.net
playfire.online
takebad1.com
venoxcontrol.com

# Reference: https://twitter.com/James_inthe_box/status/1171831864945827840

techmega.xyz

# Reference: https://www.cybereason.com/blog/glupteba-expands-operation-and-toolkit-with-lolbins-cryptominer-and-router-exploit
# Reference: https://otx.alienvault.com/pulse/5d7f9d70c73b107dec8cab9d

blackempirebuild.com
fstyline.xyz
okonewacon.com
postnews.club
roundworld.club
venoxcontrol.com
weekdanys.com

# Reference: https://github.com/silence-is-best/c2db#glupteba

/bots/post-ia-data

# Reference: https://twitter.com/raby_mr/status/1167771781802778628
# Reference: https://app.any.run/tasks/90e9809c-d3c5-4e93-b364-6ec4911c2e3e/

hostas8.tk
osdsoft.tk
portmdfmoon.com

# Reference: https://app.any.run/tasks/a937310e-b264-4571-9c02-38dac78eaffb/

gamedemo.xyz

# Reference: https://www.virustotal.com/gui/domain/theatresearch.xyz/relations
# Reference: https://www.virustotal.com/gui/file/8ebe295051462bc139cd800d079ab2cad7598c92285a0913d65e482d99840643/detection

theatresearch.xyz

# Reference: https://app.any.run/tasks/45008774-a710-4ecc-aece-892f42b4dd4a/

whitecontroller.com
bestblues.tech

# Reference: https://app.any.run/tasks/e89e3aa1-1640-4a78-a388-b524e82a512c/
# Reference: https://app.any.run/tasks/9a68a931-ebea-4d05-a074-00df4c4be1b8/

C80C1038-405D-4C32-9E5B-A8F59B671E29.server-86.bczx.ru
ED18DB6A-A7B9-4689-A41F-535C16FE6156.server-66.flrz.ru
massiveart.info
onlynew.xyz
chatmusic.xyz
promusic.website
5.9.108.164:8000
78.46.86.122:8000

# Reference: https://twitter.com/JAMESWT_MHT/status/1249630527193264128
# Reference: https://app.any.run/tasks/b849597b-3444-42a8-a2d9-562b71982f22/

30462DD4-9370-4083-8887-35AE4B2526DF.server-3.deeponlines.com
biggames.online
chatmusic.xyz
deepsound.live

# Reference: https://app.any.run/tasks/ff52567e-9340-442f-bf70-338b53cf9970/

fstyline.xyz

# Reference: https://otx.alienvault.com/pulse/5ef38fa73ccd462e6072ca54

anotheronedom.com
capmusic.ru
easywbdesign.com
fundbook.xyz
gamedate.xyz
getfixed.xyz
gfixprice.xyz
hotbooks.xyz
maxbook.site
netoftime.com
robotatten.com
setbird.website
sleepingcontrol.com
sndvoices.com
