# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: LightStone

# Reference: https://twitter.com/James_inthe_box/status/1178275531692756992
# Reference: https://app.any.run/tasks/01a715ca-6a34-4350-b3ba-d1daae1e3d16/

domalo.online

# Reference: https://twitter.com/wwp96/status/1331059269089816581
# Reference: https://app.any.run/tasks/442534bd-e3db-4ba0-97c2-152d3a16c137/

http://91.240.84.166

# Generic trails

/212bad81b4208a2b412dfca05f1d9fa7.php
/2d02004c59e9a1f5d7d2a313711996eaafd017e3.php
/56743785cf97084d3a49a8bf0956f2c744a4a3e0.php
/akcii239myzon0xwjlxqnn3b34w/
/46kqbjvyklunp1z56txzkhen7gjci3cyx8ggkptx25i74mo6myqpx9klvv3/
/ksezblxlvou3kcmbq8l7hf3f4cy5xgeo4udla91dueu3qa54/
/98ylfy7k5pip6yuvr84qv7jb9v/
/r28anfb76lulvjxx7mdxcxa1yz7jfvt4pi5njv7ekeqrnmfh3vaic2y1rd3i488ah0uvo/
/jyba2srpuv77j5f41hv215o9m7czm84v8i9dt30tb2ntgrw45xoojrhukd606vtla3xdbx0xqppwczn/
/f5b75b6939d095db0eaf37fdfecac963030f7aa1.php
/g8vsjcvnifd9gvlbbyb1ucmozewmyptloe5coey74juv1p1r0s/
/wih70f23q9voven47mcjf9q/
/c596a246010ddf201f7264927e5c39b8d20eba79.php
/98ylfy7k5pip6yuvr84qv7jb9v/
/r28anfb76lulvjxx7mdxcxa1yz7jfvt4pi5njv7ekeqrnmfh3vaic2y1rd3i488ah0uvo/
/e59293a35848addcc181d5a0ab38266868d77ff4.php
/2nwsr5yiv4oi4zfjoduq2ettv6rwkao/
/e5qx69ffszv9vbudkm/
/d6d4cbd9296a555615601b85dedaceaffd7120b5.php
/9rf1tdedhn5u6lrzm79afxj0gl48tstycq2szp8/
/1ce78a902db7a61523b13afcb20d91f8.php
/rb7u7g360qkxfkhcd/
/8e6k8lyhijw1y8aehkxbkytcoligdz2xc6pzmg49frcndn2kd63ejjrfnqwf6xsw9mo74ly5tr5i15m0z1acma4/
/44ab0bfd824936290de450263b2aaa06b01412a9.php
/38ad2f43f6b9c1367674eb1b7f1db337.php

# Reference: https://tccontre.blogspot.com/2019/10/dcrat-malware-evades-sandbox-that-use.html
# Reference: https://www.virustotal.com/gui/file/8d41d5131fac719cc11823fb57bef9ef1ea063dbb8f52b235a3948bece039d95/detection

80.87.202.63:25998
178.21.11.90:25998
hfjdhfgrhfnghvng.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1214876191699681280
# Reference: https://app.any.run/tasks/0a749c4f-0aad-40ab-9bbe-2a703f180eef/

bores.xyz

# Reference: https://app.any.run/tasks/e053d130-71e5-4a7d-936b-ac5b9d2b0129/

oxijoinedsite.site

# Reference: https://app.any.run/tasks/afef48e7-1724-4e27-95c6-580bf1a4c9a4/

city-pub-crawl.su

# Reference: https://app.any.run/tasks/eb847bb3-9a46-4401-992c-85e6f0b0e70f/

changer-esp.ml

# Reference: https://app.any.run/tasks/337e173e-b66c-4a94-96cd-5416c9322e28/

qiwi-api.site

# Reference: https://app.any.run/tasks/0017619a-c449-4827-9595-a781e34a295d/

kkkwdfea.tk

# Reference: https://app.any.run/tasks/7c5d1379-6d4a-495b-8dc1-3fc0b057fa65/

nistrype.fun

# Reference: https://app.any.run/tasks/41df6b91-87a2-4e07-8b4b-3b0afafff205/

never-project.hhos.ru

# Reference: https://app.any.run/tasks/6661b475-c9d1-42b4-bb6a-f864aa086973/

a0365369.xsph.ru

# Reference: https://app.any.run/tasks/346f1108-88cc-4374-bcf4-e613759e111e/

flextem.000webhostapp.com

# Reference: https://app.any.run/tasks/dea60c48-0c60-4338-ba69-9b858760ad68/

beepn.pw

# Reference: https://app.any.run/tasks/23a59334-0db7-40fa-922a-81eab53a20d9/

f0313002.xsph.ru

# Reference: https://app.any.run/tasks/53d78c4b-a003-4af6-9bf0-e3e1155b8ee0/

a0388296.xsph.ru

# Reference: https://app.any.run/tasks/58136f06-a6ed-403e-b16f-9076f37f9ec3/

a0387063.xsph.ru
myhostforlic.ucoz.ru

# Reference: https://app.any.run/tasks/dc26d9b1-dd74-4cc4-8d0e-ef4f3e0e9adf/

vkgroup.tk

# Reference: https://app.any.run/tasks/c97cf5dd-781d-4eb9-8d95-a8829393f80d/

a0315266.xsph.ru

# Reference: https://app.any.run/tasks/f09df457-25de-454e-b10a-5073b48989a3/

sdfsdgafghaetg.tk

# Reference: https://twitter.com/jorgemieres/status/1255866190771167236
# Reference: https://www.virustotal.com/gui/domain/logins.kl.com.ua/relations
# Reference: https://app.any.run/tasks/8696e015-2f09-4d96-b6eb-ef6df4dabfee/

logins.kl.com.ua

# Reference: https://app.any.run/tasks/ee26c21e-b96c-4533-993f-9d91ffb2a514/

cv36917.tmweb.ru

# Reference: https://www.fireeye.com/blog/threat-research/2020/05/analyzing-dark-crystal-rat-backdoor.html
# Reference:https://www.virustotal.com/gui/file/98d0e41701388f1fe202fbabac1fa628a110e8db27737009014774a9e761463c/detection

dcrat.ru

# Reference: https://app.any.run/tasks/cb6c1c2e-40e3-424c-9e4e-85125736d328/

ajci.tk

# Reference: https://app.any.run/tasks/f98f9ffa-6ece-4185-a3eb-0d33d5ed0449/

a0457406.xsph.ru

# Reference: https://app.any.run/tasks/2272828d-9756-44f6-afa1-c87913bcddd5/

http://212.109.221.247

# Reference: https://www.virustotal.com/gui/file/c1e705ce5ea1f84af3557d0bd10eefbbdd81fa4ddf6b4c0a51de1a34ab59e327/detection

a0461492.xsph.ru

# Reference: https://www.virustotal.com/gui/file/1fe6f6deb80bff8019cf443e4c0be1fe9c9cf585404428cbe145b673441b9598/detection

tereshyd.beget.tech

# Reference: https://www.virustotal.com/gui/file/220713be75f67da3ee73406c8a4c2f53b3a92126d5ef73b3dd193017f3826e94/detection

web75.craft-host.ru

# Reference: https://www.virustotal.com/gui/file/73dc0dcdf3a15bfefb1c438fff7ee729f4e35d7ecfab2b76558eabfd7944fc6f/detection

srv166785.hoster-test.ru

# Reference: https://www.virustotal.com/gui/file/203cf853c60be3985c25ce7798e155210a2b128185e5715322eb43171b25c4fa/detection

srv164667.hoster-test.ru

# Reference: https://app.any.run/tasks/535fce56-9ae0-4d8c-a033-ef78e03d2ef9/

ct10840.tmweb.ru

# Reference: https://app.any.run/tasks/289ab4e6-5a3e-46c6-8d29-49098990a9b7/

/eej32n40olfi20gqv0apdzk5x3wecwc2576rorvdmpsyt61rxmmgr6qp/

# Reference: https://app.any.run/tasks/c40ac2ec-986f-4b17-a83f-684149c31038/

/2jvhfu93ja1n5ef28yjwh8197xp0tbm6zegu2en75wti6hta/

# Reference: https://app.any.run/tasks/5f9bd8e6-6910-4216-95ba-7ad1af291b74/

/pgofzftnelhu53gj7qbwil2vo/
laserink.beget.tech

# Reference: https://twitter.com/wwp96/status/1335668703967539202
# Reference: https://app.any.run/tasks/d5eb72ee-af60-45c0-9ec2-17f0c34adc01/

http://185.189.12.125
/m1tjns1b229pczehyub8swfc3kzugkrrqbt6yx3c4xa8snig212irqznd90h9d6w6vjvu1m0yal4/
/wpz36jbvcq4syjrqjprito1r8ck12ui20ib5a40k8fmy7p49xk5yqxgnz/
/2e70bbdf534a47f9cc68a16122290cad65b3ed05.php

# Reference: https://twitter.com/wwp96/status/1335690053482405889
# Reference: https://app.any.run/tasks/8cb6c05f-a11e-40b4-9e7a-2ac14f04cd22/

http://212.109.216.114
/wmu7nzj48bdc5sfsivxxqwbhwvytre7ez/
/ramh92gnmgzspukfiow6z3w4k0syktrjibaovdmcgqze53rv3d1h85hs16t5jnjdcbefq1qi76n4poo8cf/
/dcbb3f0abca3117648fdcab13b68e1162ddbc275.php

# Reference: https://app.any.run/tasks/a6cff01f-a7aa-4180-b155-54ed2bd998be/

http://62.109.27.122
/ecxhnnthpytusqif0j9x7534rmz/
/nbszeoiml6wssgfpdtjbla9r8q59xcgphsft1cks7ru041oe9u5vijm0zclyz64eh2rdj7/
/1272d9d3e244604153265cb97db3c19ba1f2d7f5.php

# Reference: https://app.any.run/tasks/c19f8094-f2ff-4e49-98e3-ef1430e152e9/

http://82.146.57.28
/1841jr7loo9itlriycjs137kkurmub6gy4fgve85wej6p9cwzht/
/6nai20vl9ol9cpx4ugfqtzpgnh2q/
/53e88c7cd6f237543ef0b0cb52d775b7d583f83a.php
