# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://blog.talosintelligence.com/2020/07/prometei-botnet-and-its-quest-for-monero.html

http://103.11.244.221
208.66.132.3:8080
211.23.16.239:443
69.28.95.50:180
69.84.240.57:180
bk1.bitspiritfun2.net
p1.feefreepool.net
gb7ni5rgeexdcncj.onion

# Reference: https://twitter.com/IntezerLabs/status/1338480158249013250
# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1338514390262362115
# Reference: https://analyze.intezer.com/analyses/a6ab015f-df36-44ed-ac5a-e17a4e4191c7

dummy.zero
mkhkjxgchtfgu7uhofxzgoawntfzrkdccymveektqgpxrpjb72oq.b32.i2p

# Reference: https://twitter.com/CUJOAI/status/1369653043281723400
# Reference: https://twitter.com/smii_mondher/status/1374374368600461320
# Reference: https://cujo.com/iot-malware-journals-prometei-linux/

http://178.21.164.68

# Generic

/cgi-bin/prometei.cgi
/chk445.php
/dllr0.php
/srchindx2.php
/walker14364.php
