# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://seguranca-informatica.pt/targeting-portugal-a-new-trojan-lampion-has-spread-using-template-emails-from-the-portuguese-government-finance-tax/

http://100.26.189.49
http://18.219.52.4

# Reference: https://twitter.com/sirpedrotavares/status/1216016629835948032

http://18.217.136.142

# Reference: https://twitter.com/sirpedrotavares/status/1227957576047955971

http://13.59.112.88

# Reference: https://seguranca-informatica.pt/targeting-portugal-a-new-trojan-lampion-has-spread-using-template-emails-from-the-portuguese-government-finance-tax/

fucktheworld.s3.us-east-2.amazonaws.com
nothingcanstopus.s3.us-east-2.amazonaws.com
oiurx14x.s3.us-east-2.amazonaws.com
sdghsuidhoidoghsdc19c.s3.us-east-2.amazonaws.com
sdgsdbfabsfuhoiuhfosdpnfsdbc13c.s3.us-east-2.amazonaws.com
vrau-x.s3.us-east-2.amazonaws.com

# Reference: https://twitter.com/sirpedrotavares/status/1259980592009134082
# Reference: https://seguranca-informatica.pt/trojan-lampion-is-back-after-3-months/

http://108.61.181.207

# Reference: https://www.joesandbox.com/analysis/211091/0/html
# Reference: https://www.virustotal.com/gui/file/f22f98a298133bc0498914ef99531ffa327e613886f311d5170dac93a0de617b/detection
# Reference: https://www.virustotal.com/gui/file/f43316cb743dee5a90bc351c6b8b702390b9f6fad94caf2af858c01b9f05c85e/detection

http://185.219.135.119
http://185.219.135.252

# Generic

/PediuPraPostarPostou.php
/PostaEstaBosta.php
/PostaEstaMerda.php
/PostaEstaPorra.php
/VaiPostaProPai.php
/PT/painel.php
/PT/painelADM.php
