# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: kronos, osiris

# Reference: https://www.proofpoint.com/us/threat-insight/post/kronos-reborn

jhrppbnh4d674kzh.onion
jmjp2l7yqgaj5xvv.onion
mysmo35wlwhrkeez.onion
suzfjfguuis326qw.onion
milliaoin.info
kioxixu.abkhazia.su
lionoi.adygeya.su
startupbulawayo.website

# Reference: http://www.broadanalysis.com/2016/10/31/compromised-site-redirects-to-rig-exploit-kit-delivering-kronos-and-nymaim/

2mynameins3344.net
johane3234.net

# Reference: https://twitter.com/nao_sec/status/1148799237049552896
# Reference: https://twitter.com/VK_Intel/status/1148803869239128071
# Reference: https://app.any.run/tasks/dcae4160-a76a-483c-ae4c-788eed561103/

xtaahlcqyfppmvwwprblvveog.paletoxyz.com

# Reference: https://twitter.com/JayTHL/status/1166744243861360642

d2gyv54plbc23to.onion

# Reference: https://twitter.com/Artilllerie/status/1179753482783473665

chlwdxvug4ptljce.onion

# Reference: https://blog.talosintelligence.com/2019/10/threat-roundup-for-september-27-to.html (# Win.Malware.Osiris-7191711-1)

updateserver4.top
updateserver7.top
updateserver5.top
updateserver9.top
updateserver2.top
updateserver8.top
updateserver10.top
updateserver6.top
updateserver3.top

# Reference: https://twitter.com/VK_Intel/status/1190317493224689667
# Reference: https://www.virustotal.com/gui/file/f61870ea2b807f6a3314ff303942961b6f4009464da09d98ea202d3450534ad3/detection

jpb3hvq7v7bsyemq.onion

# Reference: https://www.virustotal.com/gui/ip-address/142.93.190.102/relations

http://142.93.190.102
142.93.190.102:3389
142.93.190.102:443

# Reference: https://www.virustotal.com/gui/file/9d1b1960355e72b205189e7a122b6a9c4197cca650569edc89612a62d6b66efc/detection

managejave.myftp.org
update43x.myvnc.com

# Generic trails

/kpanel/connect.php
/ZRNlFwIb/connect.php
/tor/keys/fp-sk/
/tor/server/fp/
/tor/status-vote/current/consensus
