# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.gdatasoftware.com/blog/2019/07/35061-server-side-polymorphism-powershell-backdoors
# Reference: https://otx.alienvault.com/pulse/5d2da19e3055b91559471028

adm.esurf.info
green.4107irishivy.info
green.dddownhole.com
green.nogel.tech
red.1407cty13pec.com
red.340airport.com
sad.childrensliving.com
space.4fallingstar.info
stats.emeraldsurfwatermanagement.com
wws.rheovesthr.com
/cryptbody.php
/cryptbody2.php
