# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.proofpoint.com/us/threat-insight/post/guloader-popular-new-vb6-downloader-abuses-cloud-services
# Reference: https://otx.alienvault.com/pulse/5e615414b0254429fcb302f0

droptop.com
droptop1.com
droptop2.com
droptop3.com
droptop4.com
droptop5.com
droptop6.com
droptop7.com
droptop8.com
droptop9.com
droptop10.com

# Reference: https://twitter.com/MBThreatIntel/status/1240790622199406593
# Reference: https://www.virustotal.com/gui/ip-address/63.250.44.99/relations

popeorigin.pw
popeorigin1.pw
popeorigin2.pw
popeorigin3.pw
popeorigin4.pw
popeorigin5.pw
popeorigin6.pw
popeorigin7.pw
popeorigin8.pw
popeorigin9.pw
popeorigin10.pw

# Reference: https://www.virustotal.com/gui/file/42cda72eccc1564c97e004f2c01449e07bcad084ce767cc102bb99c8921f899e/detection

phamchilong.com

# Reference: https://twitter.com/malwrhunterteam/status/1235220750635806720
# Note: such trails can be met with /hjf sign in address

107.189.162.190:9090

# Reference: https://www.virustotal.com/gui/file/2f2d784e1e0d9d5a9ede345eef47d2228e82570a8bdaa632defdbc6c7f69f494/detection

141.105.66.243:9090

# Reference: https://unit42.paloaltonetworks.com/guloader-installing-netwire-rat/
# Reference: https://otx.alienvault.com/pulse/5e879a7305b78c1346f82424

artizaa.com
matpincscr.com
murthydigitals.com
myamystills.com
novmintservices.com
ptgteft.com
rossogato.com
saidialxo.com

# Reference: https://blog.morphisec.com/guloader-the-rat-downloader
# Reference: https://otx.alienvault.com/pulse/5e87a721a6072454dfc0ca87

arabianbrother.com/a/
ntaryan.com/a/

# Reference: https://twitter.com/pancak3lullz/status/1247622793908363265
# Reference: https://app.any.run/tasks/797e143d-19d8-42cc-b7c1-6bf9e40f5331/

portalconnectme.com
portalconnectme.com/56778786598.doc
portalconnectme.com/king.exe

# Reference: https://twitter.com/James_inthe_box/status/1248669623848853504

digishops.xyz
modalap.com

# Reference: https://twitter.com/James_inthe_box/status/1250077975803916288

ucto-id.cz

# Reference: https://www.virustotal.com/gui/domain/bangbor.go.th/relations
# Reference: https://www.virustotal.com/gui/file/69bed89de61a4aeefc406a19821c1a90f9c40bebfb8349f2dce6016d1a9d05e7/detection

bangbor.go.th

# Reference: https://twitter.com/joe4security/status/1253330027921305602

dokument-9827323724423823.ru

# Reference: https://app.any.run/tasks/d76dc612-4352-4cb6-978f-58717e734516/

sroomf70nasiru.duckdns.org
/hehe.bin

# Reference: https://twitter.com/notajungman/status/1263114566130696195
# Reference: https://bazaar.abuse.ch/sample/9ebbeaf380d12e97972f57de2e052f1e043370d0be0bcd0deb3ebc5334cc68a2/

mailserverservices.info

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1263420627970592768

creditbalancingservices.co.za

# Reference: https://www.virustotal.com/gui/file/32922de2503537acaf01c6ea91ecbbf5af81282f1847110792464144f34451c2/detection

/ht.php/rBo37eoxFiPU9

# Reference: https://www.virustotal.com/gui/file/0cf5cda3657648c661cd0cb58e06e6ccb488d66e27cda1102121eb2572053bdd/detection

/ht.php/SczbkxCQZQyVr

# Reference: https://www.virustotal.com/gui/file/ced2fbc54eca4055292b2049b430ba7a59b4f38138e47233a1f0b93a519d8174/detection

/ht.php/53i9zXCT3LNPn

# Reference: https://www.virustotal.com/gui/file/cc6ab8a4a219752780abcdf9c3d725538eb1f4ecf073d78ddc9948011174bfb8/detection

/ht.php/pXqVbj1ory8MD

# Reference: https://www.virustotal.com/gui/file/4c3cc26ef555d8597c5edd7bc5f9f23b1d4ca4ac49e53a2deeed66bb94fc7bb7/detection

/ht.php/6We0YzNidcg3L

# Reference: https://www.virustotal.com/gui/file/1dcafc97629d9854ee77bb2fe409f7d037d57cac7399f8fd8da93f9744ba3495/detection

/ht.php/VOCKEAuuFQghy

# Reference: https://www.virustotal.com/gui/file/6382688fc1e4832952350db1a057ab62ff59d028f72aa403253f8a36df5b5d55/detection

/ht.php/T7QXt7PgZdCj5

# Reference: https://www.virustotal.com/gui/file/1349525aa37f3fad34412c28f0ca11ef8a85eac0d55c0df30488215df85fe2a4/detection

/ht.php/53i9zXCT3LNPn

# Reference: https://www.virustotal.com/gui/file/9d3acb53bfc554c4bd8e976a29bfb8f66355a4df6ec6924d347ebf8b745345d8/detection

/ht.php/aIwDRu93mIe8q

# Reference: https://www.virustotal.com/gui/file/b5739267fc69043ec576bf85f6fc62e28f42ebe07a67753ad4639ffbf79f8035/detection

/ht.php/7RQfynN2JiRWw

# Reference: https://www.virustotal.com/gui/file/3dc229337efe949ac3f88b2fe3532f0774525fbcd862b845ce8131b1c28dc41e/detection

/ht.php/0TFU8wwfRQKRW

# Reference: https://www.virustotal.com/gui/file/3e72b3fdce5e3bdbb60550734249ebb530934d7db64dc5cae2892d110089b171/detection

/ht.php/ET2IX5PlOMbJu

# Reference: https://www.virustotal.com/gui/file/44325c7a27c3f6ba2c01f61a872c991ace45b6285836ff68addabbf875bcbea6/detection

/ht.php/JtFNEt0Si9NOE

# Reference: https://www.virustotal.com/gui/file/37fd6717144b967e9e6c9d2c647e02a68611fed583b4423947e94eb55287c0d5/detection

/ht.php/8HaYlSzAWJVrC

# Reference: https://www.virustotal.com/gui/file/ad1922d859c3503dbd1a971cc42b5e949c9c7f2d85b7dcc3b2e4317cb776c9ce/detection

/ht.php/XFCRVAmzHV1Dt

# Reference: https://www.virustotal.com/gui/file/dd2f7ab604f0a74cecf60bd5349d075dc981b25a675821c29462dcb78d0384ec/detection

/ht.php/LH8SVxLMJKBbU

# Generic

/hjf
