# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/ViriBack/status/1045460579689922561

jelouslaodnn.org

# Reference: https://twitter.com/james_inthe_box/status/1034925258258624512
# Reference: https://blog.ensilo.com/game-of-trojans-dissecting-khalesi-infostealer-malware

botsphere.biz
seeyouonlineservice.com

# Reference: https://twitter.com/James_inthe_box/status/1108789993923723264

/DJvS7iHPfoXDzPvo/conf.php
/DJvS7iHPfoXDzPvo/config.php
/DJvS7iHPfoXDzPvo/gate.php
/DJvS7iHPfoXDzPvo/login.php
/DJvS7iHPfoXDzPvo/util.php

# Reference: https://twitter.com/4chr4f2/status/1103316628245164032

/NIwxn5JBvMom6naz/conf.php
/NIwxn5JBvMom6naz/config.php
/NIwxn5JBvMom6naz/gate.php
/NIwxn5JBvMom6naz/login.php
/NIwxn5JBvMom6naz/util.php

# Reference: https://twitter.com/avman1995/status/1090972632261029891

/03SleOcRkLyD69DQ/conf.php
/03SleOcRkLyD69DQ/config.php
/03SleOcRkLyD69DQ/gate.php
/03SleOcRkLyD69DQ/login.php
/03SleOcRkLyD69DQ/util.php

# Reference: https://twitter.com/ViriBack/status/1069965350442283009
# Reference: https://pastebin.com/PTkLE0se

/bnAgxoxMGuqZidGE/conf.php
/bnAgxoxMGuqZidGE/config.php
/bnAgxoxMGuqZidGE/gate.php
/bnAgxoxMGuqZidGE/login.php
/bnAgxoxMGuqZidGE/util.php

# Reference: https://twitter.com/malware_traffic/status/1110176575922864128

/8pqPR0YZKhASBoKU/conf.php
/8pqPR0YZKhASBoKU/config.php
/8pqPR0YZKhASBoKU/gate.php
/8pqPR0YZKhASBoKU/login.php
/8pqPR0YZKhASBoKU/util.php

# Reference: https://twitter.com/takerk734/status/1113851637292920832

/9AhiTpcUu2lUfGvx/conf.php
/9AhiTpcUu2lUfGvx/config.php
/9AhiTpcUu2lUfGvx/gate.php
/9AhiTpcUu2lUfGvx/login.php
/9AhiTpcUu2lUfGvx/util.php

# Reference: https://www.proofpoint.com/us/threat-insight/post/new-kpot-v20-stealer-brings-zero-persistence-and-memory-features-silently-steal

/a6Y5Qy3cF1sOmOKQ/conf.php
/a6Y5Qy3cF1sOmOKQ/config.php
/a6Y5Qy3cF1sOmOKQ/gate.php
/a6Y5Qy3cF1sOmOKQ/login.php
/a6Y5Qy3cF1sOmOKQ/util.php
/lmpUNlwDfoybeulu/conf.php
/lmpUNlwDfoybeulu/config.php
/lmpUNlwDfoybeulu/gate.php
/lmpUNlwDfoybeulu/login.php
/lmpUNlwDfoybeulu/util.php

# Reference: https://twitter.com/jorgemieres/status/1125794853638615041

newpepeloco.xyz

# Reference: https://twitter.com/James_inthe_box/status/1095007960097419264

/82tC6RWjKA3GkDHb/conf.php
/82tC6RWjKA3GkDHb/config.php
/82tC6RWjKA3GkDHb/gate.php
/82tC6RWjKA3GkDHb/login.php
/82tC6RWjKA3GkDHb/util.php

# Reference: https://twitter.com/avman1995/status/1079312991189958658

/9sEdsV5D3P0eJclX/conf.php
/9sEdsV5D3P0eJclX/config.php
/9sEdsV5D3P0eJclX/gate.php
/9sEdsV5D3P0eJclX/login.php
/9sEdsV5D3P0eJclX/util.php

# Reference: https://twitter.com/James_inthe_box/status/1076673889701224448

/x4q9214C6N4DuZ79/conf.php
/x4q9214C6N4DuZ79/config.php
/x4q9214C6N4DuZ79/gate.php
/x4q9214C6N4DuZ79/login.php
/x4q9214C6N4DuZ79/util.php

# Reference: https://twitter.com/avman1995/status/1035588628355928065

elysium-inc.info

# Reference: https://twitter.com/James_inthe_box/status/1131847607813267456

pinescop.top
/r7bxRcw7Y2bKl5Vi/conf.php
/r7bxRcw7Y2bKl5Vi/config.php
/r7bxRcw7Y2bKl5Vi/gate.php
/r7bxRcw7Y2bKl5Vi/login.php
/r7bxRcw7Y2bKl5Vi/util.php

# Reference: https://twitter.com/James_inthe_box/status/1134528134915678209

benten09.futbol
/BOH9KGa4jvUsU4jL/conf.php
/BOH9KGa4jvUsU4jL/config.php
/BOH9KGa4jvUsU4jL/gate.php
/BOH9KGa4jvUsU4jL/login.php
/BOH9KGa4jvUsU4jL/util.php

# Reference: http://tracker.viriback.com/ (# Kpot)

chookes991.ga
/cZP67az9xbvAyTUU/conf.php
/cZP67az9xbvAyTUU/config.php
/cZP67az9xbvAyTUU/gate.php
/cZP67az9xbvAyTUU/login.php
/cZP67az9xbvAyTUU/util.php
/MjhK7giyH9XLSgi1/conf.php
/MjhK7giyH9XLSgi1/config.php
/MjhK7giyH9XLSgi1/gate.php
/MjhK7giyH9XLSgi1/login.php
/MjhK7giyH9XLSgi1/util.php

# Reference: https://twitter.com/VK_Intel/status/1140885797773676544

activehostnet.com

# Reference: https://twitter.com/benkow_/status/1140920162163613696

http://5.188.60.24
http://5.8.88.53

# Reference: https://www.bleepingcomputer.com/news/security/vsdc-site-hacked-again-to-spread-password-stealing-malware/
# Reference: https://github.com/DoctorWebLtd/malware-iocs/tree/master/VSDC
# Reference: https://github.com/DoctorWebLtd/malware-iocs/tree/master/VSDC_CNET

appnodejs.xyz
centory20.xyz
mginskjadivizija.club
get-cert-ssl1.xyz
my-helper.site
my-super-puper-helper.xyz
sync-time.info

# Reference: https://twitter.com/killamjr/status/1143498263892582402

betalco.biz

# Reference: https://twitter.com/James_inthe_box/status/1144604109103722496

/iWDf752n2PyeZWAn/conf.php
/iWDf752n2PyeZWAn/config.php
/iWDf752n2PyeZWAn/gate.php
/iWDf752n2PyeZWAn/login.php
/iWDf752n2PyeZWAn/util.php

# Reference: https://twitter.com/benkow_/status/1128639735960875010

solar3080z.xyz
/FKpQDbwPieNVZbKt/conf.php
/FKpQDbwPieNVZbKt/config.php
/FKpQDbwPieNVZbKt/gate.php
/FKpQDbwPieNVZbKt/login.php
/FKpQDbwPieNVZbKt/util.php

# Reference: https://twitter.com/James_inthe_box/status/1160150821830418432

d3f4.com.hk
/OfJ3qDlVoGBRGjYK/conf.php
/OfJ3qDlVoGBRGjYK/config.php
/OfJ3qDlVoGBRGjYK/gate.php
/OfJ3qDlVoGBRGjYK/login.php
/OfJ3qDlVoGBRGjYK/util.php

# Reference: https://twitter.com/nao_sec/status/1162584523093114880
# Reference: https://app.any.run/tasks/710afa6e-ec22-4c68-953b-707ddba8c597/

http://82.146.44.97
/ENQxMsOLJOdg0uDO/conf.php
/ENQxMsOLJOdg0uDO/config.php
/ENQxMsOLJOdg0uDO/gate.php
/ENQxMsOLJOdg0uDO/login.php
/ENQxMsOLJOdg0uDO/util.php

# Reference: https://twitter.com/Racco42/status/1168523943638110210

/ImgcsQGM6ZclLvqr/conf.php
/ImgcsQGM6ZclLvqr/config.php
/ImgcsQGM6ZclLvqr/gate.php
/ImgcsQGM6ZclLvqr/login.php
/ImgcsQGM6ZclLvqr/util.php

# Reference: https://twitter.com/Paladin3161/status/1169588041372975104
# Reference: https://pastebin.com/925dUBPZ

47.88.102.244:80
smart-net.rocks
/UcPDF28Hzd7dMdbG/conf.php
/UcPDF28Hzd7dMdbG/config.php
/UcPDF28Hzd7dMdbG/gate.php
/UcPDF28Hzd7dMdbG/login.php
/UcPDF28Hzd7dMdbG/util.php

# Reference: https://twitter.com/wwp96/status/1173650300185534468
# Reference: https://app.any.run/tasks/7fe60e24-8022-4c69-8c61-41be5b9d7f1e/

185.217.1.149:4040
78801.duckdns.org
ct77.duckdns.org
zeleron.duckdns.org
/Z6O0f04bowOkpUs1/conf.php
/Z6O0f04bowOkpUs1/config.php
/Z6O0f04bowOkpUs1/gate.php
/Z6O0f04bowOkpUs1/login.php
/Z6O0f04bowOkpUs1/util.php

# Reference: https://app.any.run/tasks/a11b5227-7568-455a-b40d-4161c9779ed1/

ct77.duckdns.org
zeleron.duckdns.org

# Reference: https://twitter.com/tkanalyst/status/1174092283206963200

/cq2fKWVooVNMYqNW/conf.php
/cq2fKWVooVNMYqNW/config.php
/cq2fKWVooVNMYqNW/gate.php
/cq2fKWVooVNMYqNW/login.php
/cq2fKWVooVNMYqNW/util.php

# Reference: https://twitter.com/tkanalyst/status/1175417561527115778

/4rTpPY1f3zP4LAUq/conf.php
/4rTpPY1f3zP4LAUq/config.php
/4rTpPY1f3zP4LAUq/gate.php
/4rTpPY1f3zP4LAUq/login.php
/4rTpPY1f3zP4LAUq/util.php

# Reference: https://twitter.com/58_158_177_102/status/1175542076747984896

/cklzI56WuqpFRzFV/conf.php
/cklzI56WuqpFRzFV/config.php
/cklzI56WuqpFRzFV/gate.php
/cklzI56WuqpFRzFV/login.php
/cklzI56WuqpFRzFV/util.php

# Reference: https://otx.alienvault.com/pulse/5d8dcf197ec3aea4d3e338df

1stpubs.com
2ndpub.com
3eueu.com
3prokladkaeu.com
3pubss.com
d3f4.com.hk
detailsconfirm.in
icherryls.com
inewsmvo.com
j5h4f9b6.com
k0j8h7f6d5s4.com
kaiwachis.ug
maper.info
qposhgames.com
setseta.com
/OfJ3qDlVoGBRGjYK/conf.php
/OfJ3qDlVoGBRGjYK/config.php
/OfJ3qDlVoGBRGjYK/gate.php
/OfJ3qDlVoGBRGjYK/login.php
/OfJ3qDlVoGBRGjYK/util.php
/nshnobea4xwtldcc/conf.php
/nshnobea4xwtldcc/config.php
/nshnobea4xwtldcc/gate.php
/nshnobea4xwtldcc/login.php
/nshnobea4xwtldcc/util.php

# Reference: https://github.com/silence-is-best/c2db#kpot-stealer

allseasongudinc.tech

# Reference: https://twitter.com/ViriBack/status/1183157722348433413

/O0SYQ1VJ6mHPuotw/conf.php
/O0SYQ1VJ6mHPuotw/config.php
/O0SYQ1VJ6mHPuotw/gate.php
/O0SYQ1VJ6mHPuotw/login.php
/O0SYQ1VJ6mHPuotw/util.php

# Reference: https://app.any.run/tasks/5ea9c799-eb73-4854-903a-a4a080659af0/

/IFNn0HURvaodgeBZ/conf.php
/IFNn0HURvaodgeBZ/config.php
/IFNn0HURvaodgeBZ/gate.php
/IFNn0HURvaodgeBZ/login.php
/IFNn0HURvaodgeBZ/util.php

# Reference: https://twitter.com/tkanalyst/status/1184655705103634435
# Reference: https://app.any.run/tasks/20218f80-9838-41f4-b6d6-7dbbcd60107a/

/oYiMdS2d7yfR6q1V/conf.php
/oYiMdS2d7yfR6q1V/config.php
/oYiMdS2d7yfR6q1V/gate.php
/oYiMdS2d7yfR6q1V/login.php
/oYiMdS2d7yfR6q1V/util.php

# Reference: http://tracker.viriback.com/dump.php (# 2019-11-04, Kpot)

29ieo.com.cn
allseasongudinc.tech
benten02.futbol
benten09.futbol
betalco.biz
chookes991.ga
dualup.top
f0311980.xsph.ru
f0311980.xsph.ru.xsph.ru
fghjkmgru34.site
gayaju.com
hostfaze.com
hujkl.info
ikny.info
intelz.duckdns.org
japancinema.top
kbctouch.com
krtk.icu
r353r3f5.cn
rawdagger.top
rumomult.me
sidesabar.com
vip-rocket.net
/42KiBx84roLVRVSM/conf.php
/42KiBx84roLVRVSM/config.php
/42KiBx84roLVRVSM/gate.php
/42KiBx84roLVRVSM/login.php
/42KiBx84roLVRVSM/util.php
/Ev8PVTOo1jtGOdVU/conf.php
/Ev8PVTOo1jtGOdVU/config.php
/Ev8PVTOo1jtGOdVU/gate.php
/Ev8PVTOo1jtGOdVU/login.php
/Ev8PVTOo1jtGOdVU/util.php
/GvB0wmtoJOU0godt/conf.php
/GvB0wmtoJOU0godt/config.php
/GvB0wmtoJOU0godt/gate.php
/GvB0wmtoJOU0godt/login.php
/GvB0wmtoJOU0godt/util.php
/I6TztQVK42LugI4f/conf.php
/I6TztQVK42LugI4f/config.php
/I6TztQVK42LugI4f/gate.php
/I6TztQVK42LugI4f/login.php
/I6TztQVK42LugI4f/util.php
/O0SYQ1VJ6mHPuotw/conf.php
/O0SYQ1VJ6mHPuotw/config.php
/O0SYQ1VJ6mHPuotw/gate.php
/O0SYQ1VJ6mHPuotw/login.php
/O0SYQ1VJ6mHPuotw/util.php
/WVGL6O0q0gGoDjyC/conf.php
/WVGL6O0q0gGoDjyC/config.php
/WVGL6O0q0gGoDjyC/gate.php
/WVGL6O0q0gGoDjyC/login.php
/WVGL6O0q0gGoDjyC/util.php
/b1AGMDTxXuTs238l/conf.php
/b1AGMDTxXuTs238l/config.php
/b1AGMDTxXuTs238l/gate.php
/b1AGMDTxXuTs238l/login.php
/b1AGMDTxXuTs238l/util.php
/bouNyhBvTRiK3LoX/conf.php
/bouNyhBvTRiK3LoX/config.php
/bouNyhBvTRiK3LoX/gate.php
/bouNyhBvTRiK3LoX/login.php
/bouNyhBvTRiK3LoX/util.php
/cGrwBRupP6VrBN9E/conf.php
/cGrwBRupP6VrBN9E/config.php
/cGrwBRupP6VrBN9E/gate.php
/cGrwBRupP6VrBN9E/login.php
/cGrwBRupP6VrBN9E/util.php
/dPgPOEOROfCOTluG/conf.php
/dPgPOEOROfCOTluG/config.php
/dPgPOEOROfCOTluG/gate.php
/dPgPOEOROfCOTluG/login.php
/dPgPOEOROfCOTluG/util.php
/gQBljYzDJBnrt4JX/conf.php
/gQBljYzDJBnrt4JX/config.php
/gQBljYzDJBnrt4JX/gate.php
/gQBljYzDJBnrt4JX/login.php
/gQBljYzDJBnrt4JX/util.php
/lycCcpwH8eKD6MW2/conf.php
/lycCcpwH8eKD6MW2/config.php
/lycCcpwH8eKD6MW2/gate.php
/lycCcpwH8eKD6MW2/login.php
/lycCcpwH8eKD6MW2/util.php

# Reference: https://www.virustotal.com/gui/file/6068630e627bccdc0f704cfb8e134e7e5191abdff4fba60cf40b0aa713bcd130/detection

greatwall.pw
/gKnyCmSmhfbijqv5/conf.php
/gKnyCmSmhfbijqv5/config.php
/gKnyCmSmhfbijqv5/gate.php
/gKnyCmSmhfbijqv5/login.php
/gKnyCmSmhfbijqv5/util.php

# Reference: https://twitter.com/mszustak/status/1159824933171544064
# Reference: https://www.virustotal.com/gui/ip-address/195.123.228.220/relations

http://195.123.228.220
subise.space
/yJrHEIWpcUJPhcX4/conf.php
/yJrHEIWpcUJPhcX4/config.php
/yJrHEIWpcUJPhcX4/gate.php
/yJrHEIWpcUJPhcX4/login.php
/yJrHEIWpcUJPhcX4/util.php

# Reference: https://twitter.com/nao_sec/status/1211975197219151876
# Reference: https://app.any.run/tasks/6eb983e1-56f9-4db9-9f04-2aac95c0b1aa/

mendexie.com
/uiahrdC5L3J6Tj2v/conf.php
/uiahrdC5L3J6Tj2v/config.php
/uiahrdC5L3J6Tj2v/gate.php
/uiahrdC5L3J6Tj2v/login.php
/uiahrdC5L3J6Tj2v/util.php

# Reference: https://app.any.run/tasks/6cfb6db2-2222-4990-828f-23085aa967a3/

purple-review.ml

# Reference: https://www.virustotal.com/gui/ip-address/45.139.236.16/relations

http://45.139.236.16
/m1pVRncDeGIn6TWx/conf.php
/m1pVRncDeGIn6TWx/config.php
/m1pVRncDeGIn6TWx/gate.php
/m1pVRncDeGIn6TWx/login.php
/m1pVRncDeGIn6TWx/util.php

# Reference: https://www.virustotal.com/gui/domain/kratosleloks.space/relations

kratosleloks.space
/uoMdQ6TL2v3BP1DK/conf.php
/uoMdQ6TL2v3BP1DK/config.php
/uoMdQ6TL2v3BP1DK/gate.php
/uoMdQ6TL2v3BP1DK/login.php
/uoMdQ6TL2v3BP1DK/util.php

# Reference: https://www.virustotal.com/gui/ip-address/83.136.219.183/relations

http://83.136.219.183
/Rf4m5kw0B75BVl8Z/conf.php
/Rf4m5kw0B75BVl8Z/config.php
/Rf4m5kw0B75BVl8Z/gate.php
/Rf4m5kw0B75BVl8Z/login.php
/Rf4m5kw0B75BVl8Z/util.php

# Reference: https://www.virustotal.com/gui/domain/toptopcop.info/relations

toptopcop.info
/aOKMGcfTyv9vEoEg/conf.php
/aOKMGcfTyv9vEoEg/config.php
/aOKMGcfTyv9vEoEg/gate.php
/aOKMGcfTyv9vEoEg/login.php
/aOKMGcfTyv9vEoEg/util.php

# Reference: https://www.virustotal.com/gui/domain/kingboots.net/relations

kingboots.net
/cmZYVGSc6M7ULSAC/conf.php
/cmZYVGSc6M7ULSAC/config.php
/cmZYVGSc6M7ULSAC/gate.php
/cmZYVGSc6M7ULSAC/login.php
/cmZYVGSc6M7ULSAC/util.php

# Reference: https://www.virustotal.com/gui/domain/nkpotu.xyz/relations

nkpotu.xyz
/Kpot/conf.php
/Kpot/config.php
/Kpot/gate.php
/Kpot/login.php
/Kpot/util.php
/Kpot1/conf.php
/Kpot1/config.php
/Kpot1/gate.php
/Kpot1/login.php
/Kpot1/util.php
/Kpot2/conf.php
/Kpot2/config.php
/Kpot2/gate.php
/Kpot2/login.php
/Kpot2/util.php

# Reference: https://www.virustotal.com/gui/domain/benten09.futbol/relations

benten09.futbol
/BOH9KGa4jvUsU4jL/conf.php
/BOH9KGa4jvUsU4jL/config.php
/BOH9KGa4jvUsU4jL/gate.php
/BOH9KGa4jvUsU4jL/login.php
/BOH9KGa4jvUsU4jL/util.php
/KIt2h6qJ1XT2jMa0/conf.php
/KIt2h6qJ1XT2jMa0/config.php
/KIt2h6qJ1XT2jMa0/gate.php
/KIt2h6qJ1XT2jMa0/login.php
/KIt2h6qJ1XT2jMa0/util.php

# Reference: https://www.virustotal.com/gui/domain/benten02.futbol/relations

benten02.futbol
/QU6M6L2o04P9gIbD/conf.php
/QU6M6L2o04P9gIbD/config.php
/QU6M6L2o04P9gIbD/gate.php
/QU6M6L2o04P9gIbD/login.php
/QU6M6L2o04P9gIbD/util.php

# Reference: https://www.virustotal.com/gui/ip-address/5.188.60.116/relations

http://5.188.60.116

# Reference: https://www.virustotal.com/gui/ip-address/5.188.60.131/relations

http://5.188.60.131

# Reference: https://www.virustotal.com/gui/ip-address/5.8.88.214/relations

http://5.8.88.214
/gq1y1LGk6VzgdVxh/conf.php
/gq1y1LGk6VzgdVxh/config.php
/gq1y1LGk6VzgdVxh/gate.php
/gq1y1LGk6VzgdVxh/login.php
/gq1y1LGk6VzgdVxh/util.php

# Reference: https://www.virustotal.com/gui/ip-address/5.8.88.28/relations

http://5.8.88.28
/lBwKpCPQuLhfsuPU/conf.php
/lBwKpCPQuLhfsuPU/config.php
/lBwKpCPQuLhfsuPU/gate.php
/lBwKpCPQuLhfsuPU/login.php
/lBwKpCPQuLhfsuPU/util.php

# Reference: https://www.virustotal.com/gui/ip-address/5.8.88.120/relations

http://5.8.88.120
/sgN94KvbANw30ajn/conf.php
/sgN94KvbANw30ajn/config.php
/sgN94KvbANw30ajn/gate.php
/sgN94KvbANw30ajn/login.php
/sgN94KvbANw30ajn/util.php

# Reference: https://www.virustotal.com/gui/domain/betalco.biz/relations

/PoQPvOnPEamMQIRK/conf.php
/PoQPvOnPEamMQIRK/config.php
/PoQPvOnPEamMQIRK/gate.php
/PoQPvOnPEamMQIRK/login.php
/PoQPvOnPEamMQIRK/util.php

# Reference: https://www.virustotal.com/gui/domain/29ieo.com.cn/relations

/5ZPoN2KiaQD4KUAi/conf.php
/5ZPoN2KiaQD4KUAi/config.php
/5ZPoN2KiaQD4KUAi/gate.php
/5ZPoN2KiaQD4KUAi/login.php
/5ZPoN2KiaQD4KUAi/util.php

# Reference: https://www.virustotal.com/gui/ip-address/5.8.88.54/relations

http://5.8.88.54
/Ev8PVTOo1jtGOdVU/conf.php
/Ev8PVTOo1jtGOdVU/config.php
/Ev8PVTOo1jtGOdVU/gate.php
/Ev8PVTOo1jtGOdVU/login.php
/Ev8PVTOo1jtGOdVU/util.php
/s!mcGyYinUZXlR4B/conf.php
/s!mcGyYinUZXlR4B/config.php
/s!mcGyYinUZXlR4B/gate.php
/s!mcGyYinUZXlR4B/login.php
/s!mcGyYinUZXlR4B/util.php

# Reference: https://www.virustotal.com/gui/domain/dualup.top/relations

/jT1RERsUByHpsjOC/conf.php
/jT1RERsUByHpsjOC/config.php
/jT1RERsUByHpsjOC/gate.php
/jT1RERsUByHpsjOC/login.php
/jT1RERsUByHpsjOC/util.php

# Reference: https://www.virustotal.com/gui/ip-address/5.188.60.52/relations

http://5.188.60.52
/zvDmqwIxmtNwHQgZ/conf.php
/zvDmqwIxmtNwHQgZ/config.php
/zvDmqwIxmtNwHQgZ/gate.php
/zvDmqwIxmtNwHQgZ/login.php
/zvDmqwIxmtNwHQgZ/util.php

# Reference: https://www.virustotal.com/gui/ip-address/23.106.122.161/relations

http://23.106.122.161
/MtvoZIjBXi0wAbXp/conf.php
/MtvoZIjBXi0wAbXp/config.php
/MtvoZIjBXi0wAbXp/gate.php
/MtvoZIjBXi0wAbXp/login.php
/MtvoZIjBXi0wAbXp/utils.php
/pB2DYqJyp9vxBPAH/conf.php
/pB2DYqJyp9vxBPAH/config.php
/pB2DYqJyp9vxBPAH/gate.php
/pB2DYqJyp9vxBPAH/login.php
/pB2DYqJyp9vxBPAH/util.php

# Reference: https://www.virustotal.com/gui/domain/helpmedoc.top/relations

helpmedoc.top
/XQoWWqs3VOS7TQif/conf.php
/XQoWWqs3VOS7TQif/config.php
/XQoWWqs3VOS7TQif/gate.php
/XQoWWqs3VOS7TQif/login.php
/XQoWWqs3VOS7TQif/util.php

# Reference: https://www.virustotal.com/gui/domain/laurent1961.top/relations

laurent1961.top
/vSsOWDU6zPTd77Rs/conf.php
/vSsOWDU6zPTd77Rs/config.php
/vSsOWDU6zPTd77Rs/gate.php
/vSsOWDU6zPTd77Rs/login.php
/vSsOWDU6zPTd77Rs/util.php

# Reference: https://www.virustotal.com/gui/domain/dbslc.xyz/relations

dbslc.xyz
/mat6qcqHR2wI3I6b/conf.php
/mat6qcqHR2wI3I6b/config.php
/mat6qcqHR2wI3I6b/gate.php
/mat6qcqHR2wI3I6b/login.php
/mat6qcqHR2wI3I6b/util.php

# Reference: https://twitter.com/_lockhum/status/1227267926299947015

5.8.88.118:80
/llvCjlnmbuFvqnZK/conf.php
/llvCjlnmbuFvqnZK/config.php
/llvCjlnmbuFvqnZK/gate.php
/llvCjlnmbuFvqnZK/login.php
/llvCjlnmbuFvqnZK/util.php

# Reference: https://twitter.com/P3pperP0tts/status/1227637456180260865

45.153.185.12:80
/prUjRYcU2rqFpZqv/conf.php
/prUjRYcU2rqFpZqv/config.php
/prUjRYcU2rqFpZqv/gate.php
/prUjRYcU2rqFpZqv/login.php
/prUjRYcU2rqFpZqv/util.php

# Reference: https://twitter.com/_lockhum/status/1229458303811543041

wcvxbvf.ug
/w6YCCdhvPqUma6MY/conf.php
/w6YCCdhvPqUma6MY/config.php
/w6YCCdhvPqUma6MY/gate.php
/w6YCCdhvPqUma6MY/login.php
/w6YCCdhvPqUma6MY/util.php

# Reference: http://tracker.viriback.com/dump.php (# 2020-02-29, Kpot)

almondmilkoils.com
/E6OCF8w8IPI6vxKa/conf.php
/E6OCF8w8IPI6vxKa/config.php
/E6OCF8w8IPI6vxKa/gate.php
/E6OCF8w8IPI6vxKa/login.php
/E6OCF8w8IPI6vxKa/util.php

curtpsfdw.pw
/ZEIwCZuU3rZzItV3/conf.php
/ZEIwCZuU3rZzItV3/config.php
/ZEIwCZuU3rZzItV3/gate.php
/ZEIwCZuU3rZzItV3/login.php
/ZEIwCZuU3rZzItV3/util.php

# Reference: https://twitter.com/_lockhum/status/1234109084628135937

fsbcvhjgfdsf.ug
nenengdsa.ug
/QnSrw25SkhlxsF5P/conf.php
/QnSrw25SkhlxsF5P/config.php
/QnSrw25SkhlxsF5P/gate.php
/QnSrw25SkhlxsF5P/login.php
/QnSrw25SkhlxsF5P/util.php

myehterwallet.top
/UJZfOVD59Rue1AtQ/conf.php
/UJZfOVD59Rue1AtQ/config.php
/UJZfOVD59Rue1AtQ/gate.php
/UJZfOVD59Rue1AtQ/login.php
/UJZfOVD59Rue1AtQ/util.php

# Reference: https://app.any.run/tasks/a8cbe5ea-ae26-4b7a-bb1b-c91ea55e8878/

paperblank.best
/gHL6qufBKIulnp11/conf.php
/gHL6qufBKIulnp11/config.php
/gHL6qufBKIulnp11/gate.php
/gHL6qufBKIulnp11/login.php
/gHL6qufBKIulnp11/util.php

purple-review.ml
/ha9hUo4SN3vIId4z/conf.php
/ha9hUo4SN3vIId4z/config.php
/ha9hUo4SN3vIId4z/gate.php
/ha9hUo4SN3vIId4z/login.php
/ha9hUo4SN3vIId4z/util.php

tonitrus.pw
/3AX3AsO58eVAwtrm/conf.php
/3AX3AsO58eVAwtrm/config.php
/3AX3AsO58eVAwtrm/gate.php
/3AX3AsO58eVAwtrm/login.php
/3AX3AsO58eVAwtrm/util.php

updates-windows-10-184623.com
/mwOSKdIHjRgihkBY/conf.php
/mwOSKdIHjRgihkBY/config.php
/mwOSKdIHjRgihkBY/gate.php
/mwOSKdIHjRgihkBY/login.php
/mwOSKdIHjRgihkBY/util.php

windows-updates-26351.com
/o96xEVtEmxfoYNxf/conf.php
/o96xEVtEmxfoYNxf/config.php
/o96xEVtEmxfoYNxf/gate.php
/o96xEVtEmxfoYNxf/login.php
/o96xEVtEmxfoYNxf/util.php

# Reference: https://pastebin.com/PTkLE0se

finik18topw.cc

# Reference: https://twitter.com/_lockhum/status/1234977889428180992

782345698752364.site
/yF6HyyMprPOqBuUx/conf.php
/yF6HyyMprPOqBuUx/config.php
/yF6HyyMprPOqBuUx/gate.php
/yF6HyyMprPOqBuUx/login.php
/yF6HyyMprPOqBuUx/util.php

# Reference: https://app.any.run/tasks/828e1e86-c4ee-4251-a20d-6aacc6b4b9cf/

vaxton.xyz
/dTIROTUIUCpufBzh/conf.php
/dTIROTUIUCpufBzh/config.php
/dTIROTUIUCpufBzh/gate.php
/dTIROTUIUCpufBzh/login.php
/dTIROTUIUCpufBzh/util.php

# Reference: https://twitter.com/Racco42/status/1241046353050025984
# Reference: https://app.any.run/tasks/d29e6cc2-fadd-4e59-92fe-550aae8243c6/

krt1.site
krt2.site
show1.website
/uhGaUGnzIIOPpoP9/conf.php
/uhGaUGnzIIOPpoP9/config.php
/uhGaUGnzIIOPpoP9/gate.php
/uhGaUGnzIIOPpoP9/login.php
/uhGaUGnzIIOPpoP9/util.php

# Reference: https://twitter.com/malware_traffic/status/1244661466210451457
# Reference: https://app.any.run/tasks/973b4f49-f392-46ca-8397-16be6e52678c/

gpreceipt.xyz
show2.website
krt3.site

# Reference: https://www.virustotal.com/gui/file/bad8290785d6028eb61e94bc15d0450541ac2272725f17f78e43e80819bd3fd7/detection

carloswint.com
/pvHjofkaSnv19I10/conf.php
/pvHjofkaSnv19I10/config.php
/pvHjofkaSnv19I10/gate.php
/pvHjofkaSnv19I10/login.php
/pvHjofkaSnv19I10/util.php

# Reference: https://www.virustotal.com/gui/domain/errrors.org/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.208.22.87/relations

errrors.org
/3Q3CjDVtYliFnLbi/conf.php
/3Q3CjDVtYliFnLbi/config.php
/3Q3CjDVtYliFnLbi/gate.php
/3Q3CjDVtYliFnLbi/login.php
/3Q3CjDVtYliFnLbi/util.php
/y8AUIMFKJIWBtHEx/conf.php
/y8AUIMFKJIWBtHEx/config.php
/y8AUIMFKJIWBtHEx/gate.php
/y8AUIMFKJIWBtHEx/login.php
/y8AUIMFKJIWBtHEx/util.php

# Reference: https://www.virustotal.com/gui/domain/errorr.org/relations

errorr.org
/3KWOVs3gXCruKZ5Y/conf.php
/3KWOVs3gXCruKZ5Y/config.php
/3KWOVs3gXCruKZ5Y/gate.php
/3KWOVs3gXCruKZ5Y/login.php
/3KWOVs3gXCruKZ5Y/util.php

# Reference: https://twitter.com/ViriBack/status/1250582202821349376

ghfjskdfg87s9fdgsdf.xyz
/JlMvtmnVgoQlkPhw/conf.php
/JlMvtmnVgoQlkPhw/config.php
/JlMvtmnVgoQlkPhw/gate.php
/JlMvtmnVgoQlkPhw/login.php
/JlMvtmnVgoQlkPhw/util.php

# Reference: https://www.virustotal.com/gui/domain/ledger-live.com/relations

ledger-live.com
/aeQbPVXTYgnP7ru5/conf.php
/aeQbPVXTYgnP7ru5/config.php
/aeQbPVXTYgnP7ru5/gate.php
/aeQbPVXTYgnP7ru5/login.php
/aeQbPVXTYgnP7ru5/util.php

# Reference: https://app.any.run/tasks/703b396e-e7eb-41c1-ae88-64e9bc532b59/

bumboxik.casa
/kUikM2ah1Uj5XLFb/conf.php
/kUikM2ah1Uj5XLFb/config.php
/kUikM2ah1Uj5XLFb/gate.php
/kUikM2ah1Uj5XLFb/login.php
/kUikM2ah1Uj5XLFb/util.php

# Reference: https://app.any.run/tasks/59bbc2dc-cb2e-4a01-b86c-000fd3af4f25/

gatehub.site
gatehub.services
/jcSODJaIsEh9EQdn/conf.php
/jcSODJaIsEh9EQdn/config.php
/jcSODJaIsEh9EQdn/gate.php
/jcSODJaIsEh9EQdn/login.php
/jcSODJaIsEh9EQdn/util.php

# Reference: # Reference: https://twitter.com/James_inthe_box/status/1259916041431343104

ezeyeteb.pw
landasalksasdasldalsasd.pw
/l566XeTbN5uIxD2E/conf.php
/l566XeTbN5uIxD2E/config.php
/l566XeTbN5uIxD2E/gate.php
/l566XeTbN5uIxD2E/login.php
/l566XeTbN5uIxD2E/util.php

# Reference: https://twitter.com/DrStache_/status/1260948593755787264
# Reference: https://twitter.com/DrStache_/status/1260948656817086464

http://199.192.16.192
/4HH7vV6QyB4mlXkG/conf.php
/4HH7vV6QyB4mlXkG/config.php
/4HH7vV6QyB4mlXkG/gate.php
/4HH7vV6QyB4mlXkG/login.php
/4HH7vV6QyB4mlXkG/util.php
/CiIEu0aqeUcr73gc/conf.php
/CiIEu0aqeUcr73gc/config.php
/CiIEu0aqeUcr73gc/gate.php
/CiIEu0aqeUcr73gc/login.php
/CiIEu0aqeUcr73gc/util.php
/ElxpqG75wfnnfdCX/conf.php
/ElxpqG75wfnnfdCX/config.php
/ElxpqG75wfnnfdCX/gate.php
/ElxpqG75wfnnfdCX/login.php
/ElxpqG75wfnnfdCX/util.php
/NxrYL5OoDfVBkXFo/conf.php
/NxrYL5OoDfVBkXFo/config.php
/NxrYL5OoDfVBkXFo/gate.php
/NxrYL5OoDfVBkXFo/login.php
/NxrYL5OoDfVBkXFo/util.php
/hbmzu5dsj5pgf9w5/conf.php
/hbmzu5dsj5pgf9w5/config.php
/hbmzu5dsj5pgf9w5/gate.php
/hbmzu5dsj5pgf9w5/login.php
/hbmzu5dsj5pgf9w5/util.php
/sfcKQOYCv0JlF2Z0/conf.php
/sfcKQOYCv0JlF2Z0/config.php
/sfcKQOYCv0JlF2Z0/gate.php
/sfcKQOYCv0JlF2Z0/login.php
/sfcKQOYCv0JlF2Z0/util.php
/ycnnMC4C1AwrLTDz/conf.php
/ycnnMC4C1AwrLTDz/config.php
/ycnnMC4C1AwrLTDz/gate.php
/ycnnMC4C1AwrLTDz/login.php
/ycnnMC4C1AwrLTDz/util.php

# Reference: https://app.any.run/tasks/344fc763-9a51-4db8-be9b-542247f7288d/

u6194635ml.ha004.t.justns.ru
/v6u0xKNnKlaJ7kc2/conf.php
/v6u0xKNnKlaJ7kc2/config.php
/v6u0xKNnKlaJ7kc2/gate.php
/v6u0xKNnKlaJ7kc2/login.php
/v6u0xKNnKlaJ7kc2/util.php
