# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: apt37, apt-c-37, geumseong121, group123, redeyes, scarcruft, Red Eyes, Venus 121

# Reference: https://otx.alienvault.com/pulse/5d4456d289603cc548ddbc92
# Reference: https://blog.alyac.co.kr/2453 (Korean)
# Reference: https://fortiguard.com/resources/threat-brief/2019/08/09/fortiguard-threat-intelligence-brief-august-09-2019

price365.co.kr/abbi/head0.jpg
price365.co.kr/abbi/json/openssl.php
price365.co.kr/abbi/tail0.jpg
darvishkhan.net/wp-content/uploads/2017/06/update3.dat
darvishkhan.net/wp-content/uploads/2017/06/update6.dat

# Reference: http://blogs.360.cn/post/analysis-of-apt-c-37.html
# Reference: https://otx.alienvault.com/pulse/5d7916e3f619df83fd65778e

adamnews.for.ug
btcaes2.duckdns.org
da3da3.duckdns.org
israanews.zz.com.ve
mmksba.dyndns.org
mmksba.simple-url.com
samd1.duckdns.org
samd2.duckdns.org
sorry.duckdns.org
webhoptest.webhop.info

# Reference: https://twitter.com/blackorbird/status/1188726162928758784
# Reference: https://mp.weixin.qq.com/s/Wnb-r7SWbGGN-XuQ8fW_jw

artmuseums.or.kr/swfupload/fla/1.jpg
casaabadia.es/wp-content/uploads/2018/06/null/
fjtlephare.fr/wp-content/uploads/2018/05/null/

# Reference: https://twitter.com/blackorbird/status/1112904229495042049
# Reference: https://blog.alyac.co.kr/2226 (Korean)

/skin15/include/bin/forlab.php
/ct/data/icon/files/goal.php

# Reference: https://twitter.com/navSi16/status/1066296138498629637

padosori.co.kr
/_controller/admin/upload_sec/down.php

# Reference: https://twitter.com/cyberwar_15/status/1122692430262706178
# Reference: https://blog.alyac.co.kr/2281 (Korean)

youngs.dgweb.kr
/skin15/include/bin/home.php