# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: hlux, kelihos, slym

# Reference: https://www.virustotal.com/gui/file/764543b3608f078dd06c10f50f1e626bbe7e07e58a216192f47f343d9cf85d4c/detection

gorotza.biz

# Reference: https://www.virustotal.com/gui/file/a922d8b706bfe8d442ba4f4f09c5ec09f6fe4ea37a8d71b493aa7cf2f4056e33/detection

mydear.name

# Reference: https://www.virustotal.com/gui/file/8a768af791c8fdca6a2707345153c31d1136b1d05f06ac54eda826873541c862/detection

uvmucheb.ru

# Reference: https://www.virustotal.com/gui/file/bbea6ab93932a9ed9913fcbf9f4946a3e327fc367e8b6cd54fca854b90078705/detection

qeisybyg.ru

# Reference: https://www.virustotal.com/gui/file/2a72fd7185c937a8c518a3529fa19f323a9de8d049dd17d871a6da704139cad3/detection

gufuwcop.ru

# Reference: https://www.virustotal.com/gui/file/a7890cba51f83f9e039c3b277d86d197203414b978eb8f2251c9348c51eb009f/detection

lorbadxu.ru

# Reference: https://www.virustotal.com/gui/file/457e5011b5b443b99ac62c816a1d18bbdc0d38b7bf5e96f4d6e5ebae97d30bec/detection

ydhicdor.ru

# Reference: https://www.virustotal.com/gui/file/cf675eb18ab70e41855408ef549112182fe1e9cc0182021b7aad12b9d8495a10/detection

ci5juhe6.dofefdek.ru

# Reference: https://www.virustotal.com/gui/file/f25816805264895f31878253336d317948e4f64575cc817a273f4a7407b4e0de/detection

jyuhysdo.ru

# Reference: https://www.virustotal.com/gui/file/f1b2f8721ffa403b436c357a0b22b80d9ba7f2095c6b955b00b985f9c825aabd/detection

da92.rysdebyd.ru

# Reference: https://www.virustotal.com/gui/file/fe081b656d1438139537abedf84b746af1b02d988ac8de88f91d183628e2b3cf/detection

iheaven.us

# Reference: https://www.virustotal.com/gui/file/fba0b402eab424a792eb694eaa930c34139a1c81557a23a122e0cd56c97d5a3d/detection

admloadserver.eu

# Reference: https://www.virustotal.com/gui/file/d71923e354fabc6d97f333f814e5f5eb2b9ebcb2ef44ac56655dbe6ea51ab66f/detection

paybalinvest.biz

# Reference: https://www.virustotal.com/gui/file/e23159cda3f4fa0decfed5e4cc7a4cfb1f7c5e55b6a26ce8409a13ce7c21cea2/detection

paybalinvest.org

# Reference: https://www.virustotal.com/gui/file/4363985276fc20b368dab58da7819296c14ad4f1803a70fb58614d34f216ab21/detection

paying-days.org

# Reference: https://www.virustotal.com/gui/ip-address/1.194.153.198/relations

1.194.153.198:53

# Reference: https://blog.talosintelligence.com/2019/11/threat-roundup-1115-1122.html (# Win.Trojan.Bunitu-7394346-0)

netzsoflow.net
topfealine.com

# Reference: https://app.any.run/tasks/10709079-c948-4727-9aaf-f57790eb7778/
# Reference: https://app.any.run/tasks/938d8087-129a-4c2f-96cc-a37194394e65/

testedpon6.temp.swtest.ru
a0407615.xsph.ru

# Reference: https://www.virustotal.com/gui/file/c276d854eccce0cd0dc44935256f86e6b38ea8bcb5270b0b52d1edae82a7dbfb/detection

bigfishllc.com
24.celutytemanhattan.com
24.celutytemiami.com
24.celutytenyc.com

# Reference: https://www.crowdstrike.com/blog/farewell-to-kelihos-and-zombie-spider/

betaler.com
combach.com
goloduha.info
gorodkoff.com
greystoneexpress.com
sevpod.com
shoponlinesoft.com
ykxitfaf.ru
zavodchikshop.com

# Reference: https://blogs.infoblox.com/community/kelihos-botnet/
# Reference: https://www.virustotal.com/gui/file/1b3c8406bada4d016c667f661c37ead8447143f6c94ce4b80c90b7486bb04ca2/detection

aletazgi.ru
mosjinme.ru
ogdowkys.ru
pevhyvys.ru
siwebheb.ru

# Reference: https://commons.erau.edu/cgi/viewcontent.cgi?article=1271&context=adfsl

2014br.biz
abrora.biz
avroran.biz
bayermun.biz
bypomsa.info
chemp14.biz
demyator.biz
ecuad69.biz
ekidjop.info
fahhtaz.biz
fucmethev.info
ggabwav.info
goloduha.info
gorodkoff.com
gorotza.biz
hockelen.info
ibayermun.biz
jagesxij.info
jiqnipun.ru
meuvbayt.info
mydear.name
newcounter.biz
niggawhat.net
niwrebsa.info
omyxiglet.info
onabgitry.info
pasbuyr.info
pookagyx.info
segbuktem.info
usdivqo.info
zadofadsun.info

# Reference: https://www.virustotal.com/gui/file/3092511483fcfc70274dffae0cbd5230288c5ec7c14fcf79fa89d600103721f1/detection

azawvos.com

# Reference: https://www.virustotal.com/gui/file/ca5384b706de458aafcb8312875f85135998be5a34704b9df7a5adb22d3e9f54/detection

http://5.105.69.96
