# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.lacework.com/blog/androxghost-the-python-malware-exploiting-your-aws-keys/
# Reference: https://blog.sicehice.com/2023/03/androxgh0st-stealing-your-aws-key-pairs.html
# Reference: https://otx.alienvault.com/pulse/63d43565fa3638d6d936705e

http://109.237.97.180
http://185.83.146.154

# Generic

/data="0x%5B%5D=androxgh0st"