# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: arcom, jacard, javali, ousaban

# Reference: https://twitter.com/dark0pcodes/status/1338708528777859072
# Reference: https://pastebin.com/qrZiZRKf

40.65.192.150:6668
52.152.169.124:6668

# Reference: https://www.virustotal.com/gui/file/66d134dfc4861f114dc74feb61f7847fbe3ed42a3c5c25fa65770a64ab2912b2/detection
# Reference: https://www.virustotal.com/gui/file/214379b16b39f5698cf392e470eda4a0544346110b151e3921346d805bc877e7/detection

http://52.183.44.152
/shount/pixel.php
/zecountshount/pixel.php

# Reference: https://twitter.com/dark0pcodes/status/1339571862070845440

webzedomainplus.brazilsouth.cloudapp.azure.com

# Reference: https://twitter.com/dark0pcodes/status/1346172045869133825
# Reference: https://www.virustotal.com/gui/file/98f18d2e9f7f238479e854b4315ab2d3a9b42b80d914fe04f7928b662ca54376/detection
# Reference: https://www.virustotal.com/gui/file/d2574361932291bfb75f018a348ed67c3510e2893ba213cd32bad9e1828bdf1f/detection

137.135.93.161:60015
mixiricaman.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e6a56ddd8fa5cbdf924353f9e9f1399893d62cbb095d4233c4837fd633874853/detection

149.28.109.229:60010
meckilloprt.org

# Reference: https://twitter.com/dark0pcodes/status/1346539733959192576

papramister.org
pumaman.ddns.net
/MEGATRONX1/MSHPOOX1.php
/MEGATRONX1/
/MSHPOOX1.php

# Reference: https://twitter.com/dark0pcodes/status/1346539881137369102

feliz2021.1gb.ru
mixiricameleca.ddns.net

# Reference: https://www.virustotal.com/gui/file/3cb3a6f1b6ecbe1b8dd818033a6153782fada2f75e777cf4898c3e6282dc939b/detection

flordeliskm26.com.br

# Reference: https://twitter.com/dark0pcodes/status/1354598005010292737

primo1982.1gb.ru
primomiguel.ddns.net
primomiguel.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/1361266524628123653
# Reference: https://malwareconfig.com/config/722aaceda2f590d2d5f9d929f6360c00
# Reference: https://www.virustotal.com/gui/file/eb82bd54113dfdb84b95670dc3e462b56312b4096abc28869802e489be6f20a0/detection

185.17.1.158:1819
/arcom/get.php

# Reference: https://www.virustotal.com/gui/file/6d8f2c652d6121e773ee605016bde18250b8708faf66e695c7346b9341008fc3/detection

cvbopmklopc.hopto.org

# Reference: https://twitter.com/ESETresearch/status/1376490539240075264

pumax2021.1gb.ru
/ZP/MIKV.php

# Reference: https://twitter.com/jumpnotzer0/status/1381888385841782789
# Reference: https://twitter.com/jumpnotzer0/status/1381887489158316034

gaspnewkailf.s3-us-west-1.amazonaws.com
kalifax01.westus2.cloudapp.azure.com
/MIXWIN33.php

# Reference: https://www.virustotal.com/gui/file/ab74425d49087265b99a17c2aee87f5f79f7a8f203b4d74dc605c0a7d0ffcbda/detection

190.200.1.227:8992
halamartini.hopto.org
