# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://vxcube.com/recent-threats-ioc/5ae15c21a39bb5524c29d574/detail

wilhedseddin.com
bithetbuter.ru
robwassotdint.ru
nauseorofte.ru
enlitttoet.com
maundhatca.com
notherorne.com
wonamuchbet.com
litthapsitted.ru
wittottansed.com
cebabsebi.com
cemoottal.ru
letretuthes.com
rebretaci.com

# Reference: https://www.f5.com/labs/articles/threat-intelligence/panda-malware-broadens-targets-to-cryptocurrency-exchanges-and-social-media

0a109ec2ab47.com
adshiepkhach.top
antrefurniture.top
cotrus.co

# Reference: https://www.proofpoint.com/us/threat-insight/post/zeus-panda-banking-trojan-targets-online-holiday-shoppers

gromnes.top
aklexim.top
kichamyn.top

# Reference: https://www.spamhaus.org/news/article/771/pandazeuss-christmas-gift-change-in-the-encryption-scheme

262D65FC7F10.ga
262D65FC7F47.tk
262D65FC7F98.cf
262D65FC7F98.ml
922B031AAC47.tk
aklexim.top
bqwernod.top
brumnoka.top
gromnes.top
kichamyn.top
myrasno.top

# Reference: https://asert.arbornetworks.com/panda-banker-zeros-in-on-japanese-targets/

hillaryzell.xyz
buscamapa1.top
buscamapa2.top
buscamapa3.top
buscamapa4.top
buscamapa5.top

# Reference: https://pastebin.com/bPV4gVVL (pandabanker)
 
bumirewen.ru
rinnerowsu.ru
solittrobtal.ru
usereneventheg.ru

# Reference: https://cofense.com/zeus-panda-advanced-banking-trojan-gets-creative-scam-affluent-victims-italy/

migyno.bid
migyno.date
migyno.trade
migyno.win
c0c2ee768947.club
c0c2ee768998.site
elemenatalelib.space
elementaleios.win
guardnet.review
loadcloud.stream

# Reference: https://pastebin.com/7bJEi6ik

vudoshakar123123.website

# Reference: https://pastebin.com/ZsFwyDb3

bloodskin.website
gmokkasd.website

# Reference: https://github.com/JR0driguezB/malware_configs/blob/master/PandaBanker/

1E2699FC9047.tk
2EF0E357D698.cf
36952CD19E47.tk
487BD01E2610.ga
487BD01E2647.tk
744E2F466098.ml
adshiepkhach.top
antuadance.top
bizercise.top
bootcampcore.top
C42351C8AC98.ml
C5815F7F4427.bid
CA452A2DC910.ga
canariasmotor.top
charlesofcamden.xyz
cotrus.co
dentalchief.top
ffmovne.top
franksstudy.bid
freeraduga827.info
funphotopattern.top
gameedge.ru
hillaryzell.xyz
ioxicjkdkc.abkhazia.su
kloredasiv.top
lohidaleft.com
lyrintedba.com
mystratusstore.xyz
oldsinedtdin.com
projectzoo.ru
teamusaalibaba.top
theeunload.website
wilhedseddin.com
wrentweak.top

# Generic trails

/1awydraedoczitoifecpu.dat
/1awydraedoczitoifecpu.exe
/1azolobutitegvaambaiv.dat
/1azolobutitegvaambaiv.exe
/1boehzyyspokusiakziof.dat
/1boehzyyspokusiakziof.exe
/1cimageikosimsayfonki.dat
/1cimageikosimsayfonki.exe
/1duavweutascuhefifool.dat
/1duavweutascuhefifool.exe
/1egelawdysaduuzabcuqy.dat
/1egelawdysaduuzabcuqy.exe
/1eldegosoqicookniykic.dat
/1eldegosoqicookniykic.exe
/1emqayluqazdoekugkooz.dat
/1emqayluqazdoekugkooz.exe
/1enseerysniobypdioqwe.dat
/1enseerysniobypdioqwe.exe
/1heowacytesfuhigipoly.dat
/1heowacytesfuhigipoly.exe
/1irwisetoxuutufnevyeq.dat
/1irwisetoxuutufnevyeq.exe
/1keatfyutyhyzgenabefu.dat
/1keatfyutyhyzgenabefu.exe
/1lateovahuqesmyylkiin.dat
/1lateovahuqesmyylkiin.exe
/1ozkisytoyzdapyorozre.dat
/1ozkisytoyzdapyorozre.exe
/1poixamtaxiexvitoruer.dat
/1poixamtaxiexvitoruer.exe
/1qaudhuuhecaseqyrolny.dat
/1qaudhuuhecaseqyrolny.exe
/1qiidsaegocockiokuqas.dat
/1qiidsaegocockiokuqas.exe
/1qiogyxyryfqacoxyecwa.dat
/1qiogyxyryfqacoxyecwa.exe
/1rifoluwaqyseawawuvza.dat
/1rifoluwaqyseawawuvza.exe
/1udvufaecokmikiaxubgu.dat
/1udvufaecokmikiaxubgu.exe
/1ufeddovyoxniuxeloffe.dat
/1ufeddovyoxniuxeloffe.exe
/1upmituazuciqfaiwutbo.dat
/1upmituazuciqfaiwutbo.exe
/1upreqoubofniylkaettu.dat
/1upreqoubofniylkaettu.exe
/1uvgoakhauffuinakywve.dat
/1uvgoakhauffuinakywve.exe
/1uvocdakodakaadhidyen.dat
/1uvocdakodakaadhidyen.exe
/1visyosdyarebquecoxga.dat
/1visyosdyarebquecoxga.exe
/1waiwwasoesbypuitaxhi.dat
/1waiwwasoesbypuitaxhi.exe
/1wekenauhivwauvaxquor.dat
/1wekenauhivwauvaxquor.exe
/1womaydedqofefesuityz.dat
/1womaydedqofefesuityz.exe
/1yhuxbovyhafacudifuub.dat
/1yhuxbovyhafacudifuub.exe
/1ynhalewavyzekeibnize.dat
/1ynhalewavyzekeibnize.exe
/1ykagbeytyszuulofygvu.dat
/1ykagbeytyszuulofygvu.exe
/1ziyxycruzoeraluvomez.dat
/1ziyxycruzoeraluvomez.exe
/1zufayngaiqykdoahiniq.dat
/1zufayngaiqykdoahiniq.exe
/2itopfetoebenfeakoqas.dat
/2itopfetoebenfeakoqas.exe
/2pubaazalgeacmeigloak.dat
/2pubaazalgeacmeigloak.exe
/2qaxoyvgyniagytoxylis.dat
/2qaxoyvgyniagytoxylis.exe
/2vayzyvazxynorootykeg.dat
/2vayzyvazxynorootykeg.exe
/2xevaloyhefcuohbimobe.dat
/2xevaloyhefcuohbimobe.exe
/3epduxaawwoensoxuolke.dat
/3epduxaawwoensoxuolke.exe
/3lumureuhdylyfypyemze.dat
/3lumureuhdylyfypyemze.exe
/4uberirquibkyzoutofhy.dat
/4uberirquibkyzoutofhy.exe
/610backsocks.bin
/64backsocks.bin
/65backsocks.bin
/8backsocks_new1.bin
/backsocks.bin
/backsocks_new.bin
/backsocks_new1.bin
/backsocks_new2.bin
/backsocks_new3.bin
/8grabber_new1.bin
/610grabber.bin
/64grabber.bin
/65grabber.bin
/grabber.bin
/grabber_new.bin
/grabber_new1.bin
/grabber_new2.bin
/grabber_new3.bin
/610keylogger.bin
/64keylogger.bin
/65keylogger.bin
/8keylogger_new1.bin
/keylogger.bin
/keylogger_new.bin
/keylogger_new1.bin
/keylogger_new2.bin
/keylogger_new3.bin
/610vnc32.bin
/610vnc64.bin
/64vnc32.bin
/64vnc64.bin
/65vnc32.bin
/65vnc64.bin
/vnc32.bin
/vnc64.bin
/vnc32_new.bin
/vnc64_new.bin
/vnc32_new1.bin
/vnc64_new1.bin
/vnc32_new2.bin
/vnc64_new2.bin
/vnc32_new3.bin
/vnc64_new3.bin
/610webinjects.dat
/610webinject32.bin
/610webinject64.bin
/64webinjects.dat
/64webinject32.bin
/64webinject64.bin
/65webinject32.bin
/65webinject64.bin
/8webinjects_new1.dat
/8webinject32_new1.bin
/8webinject64_new1.bin
/webinject32_new1.bin
/webinject64_new1.bin
/webinject32.bin
/webinject64.bin
/webinjects.dat
/webinjects_new.dat
/webinjects_1new.dat
/webinjects_new2.dat
/webinjects_new3.dat
/webinject32_new.bin
/webinject64_new.bin
/webinject32_new2.bin
/webinject64_new2.bin
/webinject32_new3.bin
/webinject64_new3.bin
