# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: nuclear bot, nukebot, micro banking trojan, sarwent, tinynuke

# Reference: https://twitter.com/VK_Intel/status/1018656000948260864

dingparighrewrec.win
refendisoked.win

# Reference: https://twitter.com/avman1995/status/1110785220993781763

m0pedx9.su

# Reference: https://twitter.com/P3pperP0tts/status/1177147328630861824

zalivy.ug

# Reference: https://twitter.com/abuse_ch/status/1183260666423119874
# Reference: https://www.virustotal.com/gui/file/afa54323cc65546ba777d8185da412641316377f7eeef9182a750a1385ba9b01/detection
# Reference: https://twitter.com/James_inthe_box/status/1162068269387276289
# Reference: https://app.any.run/tasks/6812075f-1785-494f-9624-eda8b19943c3/

shopstoregame.icu
shopstoregames.icu
shopstoregamese.com
shopstoregamese.icu
softfaremiks.icu

# Reference: https://twitter.com/James_inthe_box/status/1162068269387276289
# Reference: https://app.any.run/tasks/6812075f-1785-494f-9624-eda8b19943c3/

shopstoregame.com
shopstoregamesnews.com
startprojekt201907.com
startprojektnewswold.com
startprojekt.ru
stratbuks.icu

# Reference: http://tracker.viriback.com/dump.php (# 2019-11-4, TinyNuke)

5.188.60.99:8090

# Reference: https://twitter.com/P3pperP0tts/status/1226493807061094406
# Reference: https://app.any.run/tasks/69d6b92f-5acd-4e8d-82c1-b95f33af145c/

islacangrejo.fun
j2888hennene.site

# Reference: https://twitter.com/James_inthe_box/status/1226536619164889090
# Reference: https://app.any.run/tasks/de7f628a-4999-40fd-b664-8d26a2605613/

thoughtlibrary.top

# Reference: https://twitter.com/James_inthe_box/status/1228788661006659584

blognews-journal.com

# Reference: https://app.any.run/tasks/6812075f-1785-494f-9624-eda8b19943c3/

/adminpanel/add_bot.php

# Reference: https://twitter.com/malwarefr0gg0z/status/1260664478347096064
# Reference: https://app.any.run/tasks/056cfdee-7aa8-43ba-8b8e-b5e46f570b5e/

176.121.14.53:8888

# Reference: https://otx.alienvault.com/pulse/5ccbaedf1bcdec1f5fe8e096

plcbiz.info
support-stantion.ru
business-projekt.info
appartamentibologna.eu
hostbasesoft.com
webstatistika-country.ru
shopstoregame.com

# Reference: https://labs.sentinelone.com/sarwent-malware-updates-command-detonation/
# Reference: https://otx.alienvault.com/pulse/5ec7e449bc161ecb577d69f1

beurbn.com
blognews-joural.best
blognews-joural.com
blognews-joural.info
blognews-journal.com
rabbot.xyz
rubbolt.xyz
rubbot.xyz
seoanalyticsp34roj.xyz
seoanalyticspro32frghyj.xyz
seoanalyticsproewj.xyz
seoanalyticsproj.xyz
seoanalyticsprojrts.xyz
seoanalyticsptyrroj.xyz
shopstoregame.icu
shopstoregames.icu
shopstoregamese.com
shopstoregamese.icu
softfaremiks.icu
startprojekt.pro
startprojekt.pw
tebbolt.xyz
terobolt.xyz
treawot.xyz
vertuozoff.club
vertuozoff.xyz
vertuozofff.club
vertuozofff.com
vertuozofff.xyz
vertuozoffff.club
whatsmyhomeworthlondonontario.ca

# Reference: https://twitter.com/H_Miser/status/1291000691029401604

pat7qsfjjzqaspph.onion

# Reference: https://twitter.com/yvesago/status/1295985490802475009
# Reference: https://www.virustotal.com/gui/file/b53912aff3421ae6da708575e57bc00192ad294e10d5818fda4420f2036398f3/detection

bahrani.casa

# Reference: https://www.virustotal.com/gui/file/465fb52abb9c6916f86d33b823c00788043f02f87b5802cee0354b47946366d2/detection

jokenoiam.net
maldivosgrant.net

# Reference: https://www.virustotal.com/gui/file/3586ab8f467fea0a640c13702bd50065b9edf097fdcaaa5c8d162293ae333b5f/detection
# Reference: https://www.virustotal.com/gui/ip-address/84.38.183.181/relations

banudarog.com
baviuron.com
goldfinrh.com
goretron.com
kurengis.com
mesoplano.com
mesozoya.com
morenodorf.com
remitrager.com
ukbill37.com

# Reference: https://www.virustotal.com/gui/file/2026e97bd58d8848dbd55664417790d5ee804bc2fe86ad054cb6a304d2d39a6b/detection
# Reference: https://www.virustotal.com/gui/file/8b08dce793b966c76c6d4b14a013a0991caaa6a5df2d5256412b437d737ec95f/detection
# Reference: https://www.virustotal.com/gui/ip-address/84.38.183.181/relations

banestor.top
banisdor.top
banusle.top
blockchaim.top
bubendor.top
inerdong.top
menosita.top
menustore.top
morentok.top
mutarakis.top
nubertak.top
rmntl.top
sekhmetleaks.top
stablepointus.top
vidoluka.top

# Reference: https://www.virustotal.com/gui/file/e0def2780cfe72533a493069472395dd5a33fa3658de8fe8be50684a213e7a6c/detection

dnsass.com
topdrweb.com

# Reference: https://twitter.com/James_inthe_box/status/1307025445536239616
# Reference: https://www.virustotal.com/gui/file/f9f9b147e1f262190e4409693cdc0e472b92ef6d47af97058f27e77a0b74a1a4/detection
# Reference: https://www.virustotal.com/gui/file/1966471ded07c464c10fd76b8945445a3602edaa744193a7396517620d2037d8/detection

beta.wally02.org
izuw6rclbgl2lwsh.onion

# Reference: https://www.virustotal.com/gui/file/51ceaad80b541d7f405789a4faec88e97ec7c2490018dda8d0eba20cfc1431df/detection

46.17.96.50:6667

# Reference: https://www.virustotal.com/gui/file/d28ce2fdb999c3ab40b7232e88ea9999071b3dd956c16f8210731e13aa2aa84d/detection

46.17.96.50:7077
nyshopxawea.ml

# Reference: https://www.virustotal.com/gui/file/083b34874e8ca4b85a6c857e12508405300cc92f069baca6ec949abb4516af0b/detection

spartanpi.info

# Reference: https://www.virustotal.com/gui/file/4214d1d2584d6d14afa1764fae11dbacb905399ba8cff2b2a910caacea512015/detection

156.205.134.108:1234
aaa.system-ns.net

# Generic

/gate/cmd_exec
/gate/connect?hwid=
/gate/connect?os=
/gate/powershell_exec
/gate/rdp_exec?command=
/gate/update_exec?command=
/gate/vnc_exec?command=
