# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/James_inthe_box/status/1099786490144448512

advancedepartametno.com

# Reference: https://twitter.com/James_inthe_box/status/1126809601825918978

instalacionez.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1143875234707181568
# Reference: https://app.any.run/tasks/2ef75909-daa7-45f1-83bc-dfe3ead3ac61/

trabalhoonline.webcindario.com

# Reference: https://twitter.com/SoulRage6/status/1146073224045838337

/nossasrdaga/brume.php

# Reference: https://twitter.com/0bfusCat/status/1155406244062121984

descargasdocx.com

# Reference: https://twitter.com/MisterCh0c/status/1186712875743825920

leavenois.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1235558960314400768
# Reference: https://app.any.run/tasks/6cef1963-4881-4f7f-b877-198cfd7eaf17/

mab2020.duckdns.org
mundonlop.duckdns.org
newtroll-megatron.duckdns.org
pumex-new.duckdns.org

# Reference: https://twitter.com/3rg4f4/status/1270308334743289860

smsinformativo.com

# Reference: https://twitter.com/0bfusCat/status/1181529470475362304
# Reference: https://app.any.run/tasks/f6d7cc92-3215-4103-baeb-eb424016f885/

compraca.000webhostapp.com

# Reference: https://twitter.com/SoulRage6/status/1146073224045838337

http://31.207.35.50

# Reference: https://twitter.com/JAMESWT_MHT/status/1299324645787742208

http://34.95.246.154

# Reference: https://app.any.run/tasks/17349d53-0d4e-4857-90a0-9f5dd68385b2/

st-gerrard-const.com/wp-content/themes/twentyfifteen/
perfectart.com.br/ebos/

# Reference: https://app.any.run/tasks/f869690a-e3d1-43e4-a61f-18d05a948e10/

shortsalepontevedra.com/coun7/

# Reference: https://twitter.com/JAMESWT_MHT/status/1328704334721323009
# Reference: https://app.any.run/tasks/2be10df3-e594-4118-9d36-6b93041ec73c/

flsdcment.site
sededgtgoes.online

# Reference: https://twitter.com/JAMESWT_MHT/status/1328714844573413377
# Reference: https://app.any.run/tasks/d827010e-453c-4d89-8128-20b82832f5ab/
# Reference: https://www.virustotal.com/gui/file/4d45380cd5fdf967988c4f239f61827ad9a80a4d9abcfbddf6e656d9dcc50f58/detection

45.35.104.213:8989
covidezenove.online
myd9hzd8cheab.winconnection.net

# Reference: https://twitter.com/dgarcianet/status/1352235429160955904
# Reference: https://www.virustotal.com/gui/file/7c019dca867ba21a5d8bb6eabd5750d0f06778fb82ff8866d4900a793d7bcc5c/behavior/C2AE

http://40.112.173.153

# Reference: https://twitter.com/1ZRR4H/status/1359963801819430914
# Reference: https://www.virustotal.com/gui/file/66797ef1761fd243a48829335d9e34781cbef324090497897462bf1a5ce0cb39/detection

104.214.107.176:79
gemare.com.br//conteudo/TGR/descarga.php
selfhelpwomendevelopment.com/wp-includes/images/mail/descarga.php

# Reference: https://cofense.com/blog/autohotkey-banking-trojan/
# Reference: https://www.virustotal.com/gui/file/4e69e794a688f94bd865b9905f2e8cc84bf17d282020ff08f2f56b42f1ffd305/detection

es.sslhermanos.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1385156068721012736
# Reference: https://twitter.com/D3LabIT/status/1385151472216776704
# Reference: https://app.any.run/tasks/e48dfdc7-fd3e-4d77-a03a-eeeb458bc909/

conlazionzzytz.eastus.cloudapp.azure.com
contecalculacion.eastus.cloudapp.azure.com
piazzimulobanquituto.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1386976751247634441

amlsempg.com
ilavorianmosy.eastus.cloudapp.azure.com
multipicas.eastus.cloudapp.azure.com

# Reference: https://twitter.com/ESETresearch/status/1387384460568666117
# Reference: https://www.welivesecurity.com/2020/08/13/mekotio-these-arent-the-security-updates-youre-looking-for/
# Reference: https://twitter.com/ESETresearch/status/1387384464905547779

apssitemarquivrft.francecentral.cloudapp.azure.com
torressircontes.eastus.cloudapp.azure.com

# Reference: https://twitter.com/petrovic082/status/1388180117642432515

moveisji.com.br/archivos/

# Reference: https://twitter.com/1ZRR4H/status/1408252818272751621

jinhuidabio.com/reports/words/mail.php
arbonato.com.br/Maxx/sowns/HR13I5MD0ASC5J.php

# Generic trail

/amorplus/brume.php
/guia/brume.php
/hooponopono/puma.php
/ho_oponoponoag/brume.php
/nossasrdaga/brume.php
/online/sharlins.php
/marclara/total.php
/verpra/filmes.php
/naotem/jormal.php
/anti/ideial.php
/antigo/cupla.php
/again/?oriudfjdfij88
