# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2016/2016-06-21-javascript-php-joint-exercise-delivers-nemucod-ransomware/javascript-php-joint-exercise-delivers-nemucod-ransomware.csv

bellefremee.com

# Reference: https://twitter.com/pancak3lullz/status/748879837859688448

topoeval.ro

# Reference: https://twitter.com/securiteoff/status/742088527312236544

giuliaefabio.it

# Reference: https://www.virustotal.com/gui/file/1a45e111384fb1ada0ca96ad7ab929c1c71a139956cde3a4e8b23e76b63ed524/detection

yogialoha.com

# Reference: https://app.any.run/tasks/eba218a5-1923-447d-b55f-f0aecf294ebf/

tasaheel.me

# Reference: https://www.virustotal.com/gui/file/8380f7a31e267ecc3213ca3c022bb90747b02360f93849080cc1cfb42211ae57/detection

/sdgLKJvgh

# Reference: https://www.virustotal.com/gui/file/6a6ca529585713ce410ca14f23af877a74ecf825826b65ee6278d831f4ae773a/detection

/yr387n3

# Reference: https://unit42.paloaltonetworks.com/script-based-malware/
# Reference: https://www.virustotal.com/gui/file/751d161ed4afd822925c0373395f014578f166467d20a4b1adfdb27fd0a83c36/detection

193.0.179.129:65233
79.124.49.230:888
seemee.ddns.net

# Reference: https://www.virustotal.com/gui/file/964c62047ebc4108fa715763dfa3bdf2680a83cf3b500af63e312aab6f4906bd/detection

intensegoal.com
supremediet.xyz
virtuapoint.com
weitz-law.com
yiyangart.com

# Reference: https://twitter.com/sS55752750/status/1339681672267239430
# Reference: https://twitter.com/sS55752750/status/1339708190146093056
# Reference: https://www.virustotal.com/gui/file/0a91f39384a5895052d9068986cfca521414fd38216e06804ec9d18e181b70d0/detection

laoshunfa1688.com
laoshunfafa.com
shounaheiming1688.com
woyaolao168.com

# Reference: https://www.virustotal.com/gui/domain/tzabanga.com/relations

tzabanga.com

# Reference: https://twitter.com/Racco42/status/1392945464304148484
# Reference: https://app.any.run/tasks/ac2498fc-270b-42b5-993f-909120aba06b/
# Reference: https://www.virustotal.com/gui/file/f161d79a1e01de947516dedce7e822e66f982c36914a8cd55998b093dea2bbe2/detection

greenwidow.top

# Generic

/loader/loader2/www/cmd.php
/loader/loader2/www/loader.php
