# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://github.com/eset/malware-ioc/tree/master/glupteba

ostdownload.xyz
travelsreview.world
bigdesign.website
sportpics.xyz
kinosport.top
0ev.ru
0df.ru
0d2.ru
0d9.ru
financialtimesguru.com
burnandfire5.com

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/glupteba-campaign-hits-network-routers-and-updates-cc-servers-with-data-from-bitcoin-transactions/
# Reference: https://otx.alienvault.com/pulse/5d6fab77e045042a3b8969f5

bigtext.club
blackempirebuild.com
clubhouse.site
keepmusic.xyz
lienews.world
nxtfdata.xyz
okonewacon.com
phonemus.net
playfire.online
takebad1.com
venoxcontrol.com

# Reference: https://twitter.com/James_inthe_box/status/1171831864945827840

techmega.xyz

# Reference: https://www.cybereason.com/blog/glupteba-expands-operation-and-toolkit-with-lolbins-cryptominer-and-router-exploit
# Reference: https://otx.alienvault.com/pulse/5d7f9d70c73b107dec8cab9d

blackempirebuild.com
fstyline.xyz
okonewacon.com
postnews.club
roundworld.club
venoxcontrol.com
weekdanys.com

# Reference: https://github.com/silence-is-best/c2db#glupteba

/bots/post-ia-data

# Reference: https://twitter.com/raby_mr/status/1167771781802778628
# Reference: https://app.any.run/tasks/90e9809c-d3c5-4e93-b364-6ec4911c2e3e/

hostas8.tk
osdsoft.tk
portmdfmoon.com

# Reference: https://app.any.run/tasks/a937310e-b264-4571-9c02-38dac78eaffb/

gamedemo.xyz

# Reference: https://www.virustotal.com/gui/domain/theatresearch.xyz/relations
# Reference: https://www.virustotal.com/gui/file/8ebe295051462bc139cd800d079ab2cad7598c92285a0913d65e482d99840643/detection

theatresearch.xyz

# Reference: https://app.any.run/tasks/45008774-a710-4ecc-aece-892f42b4dd4a/

whitecontroller.com
bestblues.tech

# Reference: https://app.any.run/tasks/e89e3aa1-1640-4a78-a388-b524e82a512c/
# Reference: https://app.any.run/tasks/9a68a931-ebea-4d05-a074-00df4c4be1b8/

C80C1038-405D-4C32-9E5B-A8F59B671E29.server-86.bczx.ru
ED18DB6A-A7B9-4689-A41F-535C16FE6156.server-66.flrz.ru
massiveart.info
onlynew.xyz
chatmusic.xyz
promusic.website
5.9.108.164:8000
78.46.86.122:8000

# Reference: https://twitter.com/JAMESWT_MHT/status/1249630527193264128
# Reference: https://app.any.run/tasks/b849597b-3444-42a8-a2d9-562b71982f22/

30462DD4-9370-4083-8887-35AE4B2526DF.server-3.deeponlines.com
biggames.online
chatmusic.xyz
deepsound.live

# Reference: https://app.any.run/tasks/ff52567e-9340-442f-bf70-338b53cf9970/

fstyline.xyz

# Reference: https://otx.alienvault.com/pulse/5ef38fa73ccd462e6072ca54

anotheronedom.com
capmusic.ru
fundbook.xyz
gamedate.xyz
getfixed.xyz
gfixprice.xyz
hotbooks.xyz
maxbook.site
netoftime.com
robotatten.com
setbird.website
sleepingcontrol.com
sndvoices.com

# Reference: https://app.any.run/tasks/2b9d766f-9c33-4380-8c30-f041efc3afc9/
# Reference: https://app.any.run/tasks/f49b5902-0049-449c-8900-4904c04f5d78/
# Reference: https://app.any.run/tasks/765dda1f-eeaa-4331-b260-702fc1a5aa5b/

gfixprice.space
ordinarygame.site
salebooks.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1293213108505325569

video-youtube-get.ru

# Reference: https://www.virustotal.com/gui/file/f4b2d23503a5d980706f78ba90ce4dbce3b3a27ff04b725179771cacbf90c971/detection

gmbshop.ru
ucar.ug
ukronet.ru
woproperty.xyz

# Reference: https://news.sophos.com/wp-content/uploads/2020/06/glupteba_final.pdf
# Reference: https://www.virustotal.com/gui/file/42237c48310d7ca1c4c1363b01f4cf096dc3338f6277d857462b110393ae7a58/detection

swebgames.site/test.php

# Reference: https://github.com/sophoslabs/IoCs/blob/master/Trojan-Glupteba

1.podcast.best
anotheronedom.com
bestblues.tech
easywbdesign.com
gamedate.xyz
getfixed.xyz
gfixprice.xyz
maxbook.space
robotatten.com
sleepingcontrol.com
sndvoices.com
whitecontroller.com
myonetime.top
venoxcontrol.com
myonetime.top/w.php

# Reference: https://www.virustotal.com/gui/file/6fa4c616f511ff570b2143dea50cdd012bdb632e7823f903b487330c586a67b2/detection

http://91.245.227.131

# Reference: https://www.virustotal.com/gui/file/c78d0071b54b427256151a5b0e8276ef8959336e0eb319d5ee44230ff38981cb/detection

kinolive.best
lavanda.best
offce221.com
vot552.com

# Reference: https://www.virustotal.com/gui/file/6705824b8c2fc43fd8e6c8999b638c39ea11a79e8614e75b8b1f9451a93e005b/detection

wastermedrent.com

# Reference: https://www.virustotal.com/gui/file/f16630378ba5cd07f2e131f3afa483c6f722406702d9201450c3be17f8b1081e/detection
# Reference: https://app.any.run/tasks/5b08dccf-d23c-470e-8e02-5f9bf7bffb32/

gogohid.com
vincentolife.com

# Reference: https://www.virustotal.com/gui/file/71c9ae337a763e6df591080e34b439b7c927b3ef49315e10a04a91c30b5d98e4/detection

http://37.48.127.236/2.php

# Reference: https://www.virustotal.com/gui/file/6dfac67d27d43624a9707c6de4fe6b07468366b1a1e0f4026abf57ebbcad92a4/behavior

18.193.123.112:8008

# Reference: https://www.virustotal.com/gui/file/11aec0f0adcb62673da769879566d8133963d96c1c740a3b762701f7f583ea24/detection

thirdgearback.net

# Reference: https://www.virustotal.com/gui/file/5d7a8a1278237d3044e9079031352f845e226ea7d16f9223ff6f9fac896e1a82/detection

http://91.203.5.155/3.php

# Reference: https://www.virustotal.com/gui/file/ba3a18940fab09fb41b08607dcee3b9ba5685471b60ec1ada61888ca5805950b/detection
# Reference: https://www.virustotal.com/gui/file/a905c15c10d38b4b29ce9e05097408d8f02564cda8420ab08b69af1b84e7dfd8/detection

adodeflash.host
service.tonstorage.host

# Reference: https://www.virustotal.com/gui/file/5e01e9dccd41ee7884cdd86e5c20cc56a8f480c623ca88a9a0921decc3f101c8/detection

updatesys.zapto.org
updatesoft.zapto.org
ussainbolt.mooo.com
ussainbolt1.mooo.com

# Reference: https://www.virustotal.com/gui/file/3eef6c83273ba13ac37a30805203081f537895cca53cba10631a695ddbd7b382/detection

vintrsi.com
waruse.com
woatdert.com

# Reference: https://www.virustotal.com/gui/ip-address/34.105.199.171/relation
# Reference: https://www.virustotal.com/gui/file/0e55e17532909ad5ad34eb4e35d791b27c6951dd15a8baba34c29ae572c884d0/detection
# Reference: https://www.virustotal.com/gui/file/178fb69c394a6d86a3695acbb025bc2f3be31dea683ee6e5016af0566eef8111/detection
# Reference: https://www.virustotal.com/gui/file/f51e4b8f7e7ff68015af698d833134bb6be1b4a435fc49221db9d1d79e11babf/detection

jfas.top
jibw.top
losm.ch
yual.top

# Reference: https://www.virustotal.com/gui/file/61f470218b62513c2bc3951b508323997b2c137a32e16a2c0c7890b7b8ae863a/detection
# Reference: https://www.virustotal.com/gui/file/5aa4ad93201901e2ae0806d731471a136444acf1326a1eac2c3d7ff3524cc3c4/detection

brokenlegz.top
mineshelters.top
nicehotcup.top
segamega.top
socotra.top

# Reference: https://www.virustotal.com/gui/file/824f163848d9b016be04071b357426c1dfd92c7654cd20936a78371241d3fb75/detection

aslauk.com
cipluks.com
lambos1.xyz
perseus007.xyz
ragnar77.com

# Reference: https://www.virustotal.com/gui/file/829f2d1a30848cec9b28b47782537ad64a3770d6b22359c0d3f5257215b49105/detection

195.154.222.27:3928

# Reference: https://www.virustotal.com/gui/file/a6b34f43d9c58d2ad9e3c14119d93e98fa3e345558048ddd00c693811527734c/detection

83.149.126.1:8000
95.211.241.82:8000
95.211.241.82:444

# Reference: https://www.virustotal.com/gui/file/edd89270ab858d1235f30e70830660fd201d37077c913f540d05f6d9249ee599/detection

bigpetsmall.ru

# Reference: https://www.virustotal.com/gui/file/982c311fe3706744ee5f13e377ff92710385d79eb7287183205f94bd2a05418d/detection

leonisdas.xyz
qunersoo.xyz

# Reference: https://www.virustotal.com/gui/file/94c0cc8876febc39712456b9003319cc7d3ede5a07ab77b59d2311214e325695/detection

estrix.xyz

# Reference: https://www.virustotal.com/gui/file/83422a63a67f69382eb8b0770a89d1841b43aac04beb7ae14429d35ce4b77a3f/detection

http://31.210.21.63

# Reference: https://www.virustotal.com/gui/file/83422a63a67f69382eb8b0770a89d1841b43aac04beb7ae14429d35ce4b77a3f/detection

domopaniama.xyz

# Reference: https://www.virustotal.com/gui/file/a5632f56cdc26f840cda9dab027856c8100f37a44446de8f25778b092640b3ed/detection

bfcinfo.pw
/Home/Index/lkdinl

# Reference: https://www.virustotal.com/gui/file/2e705a3a839f22bb04c1a57f67747fc6d7d8101a08d5d45bd0f5c03e4d043f89/detection

gc-partners.rest

# Reference: https://www.virustotal.com/gui/file/a2b6d9adb0e3f87c0a3f79e17643d7b40539734c70d251218bc3861f742e7df8/detection

tratratra.top
/tratratra.php

# Reference: https://twitter.com/JAMESWT_MHT/status/1397085680497483776

blinkroast.info

# Reference: https://www.virustotal.com/gui/file/0b3ec71564d6b2d4705db2869fea0521f39209064dfa9f7573b9265717025ad9/detection

bidar.xyz

# Reference: https://www.virustotal.com/gui/file/1c774bb325571df5c111347100592b6b2a24be1d76fcb59c74c08c7eb20ee73e/detection

sidar.xyz

# Reference: https://www.virustotal.com/gui/file/c248a1e7026e129a2f982f389e7fd745bdded7569ceb8843768264cdbad15142/detection

koniponi.xyz

# Reference: https://www.virustotal.com/gui/file/1efd884a60c39ea2c85910075757bb4312b4052e3180bd2fad57fc713a356ca7/detection

niletoleto.xyz

# Reference: https://www.virustotal.com/gui/file/caf9ac2de943e5c16429ad8ec0a8fde0bf54d7ccb9f2799c32aa4844348ee663/detection

porompa.xyz

# Reference: https://www.virustotal.com/gui/file/348839e85608e58b702a567507cfc8d20d923bef633c1106d46843f7c9b1f6c7/detection

novyiperec.xyz

# Reference: https://www.virustotal.com/gui/file/f62fcf0af7f8d1e18d4d3405ada1a1734467474db4f49bdcae45627a822ae847/detection

newlifenewvidar.xyz
