# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: backconfig, monsoon, neon, viceroy tiger

# Reference: https://unit42.paloaltonetworks.com/updated-backconfig-malware-targeting-government-and-military-organizations/
# Reference: https://twitter.com/blackorbird/status/1260217348792844289
# Reference: https://twitter.com/K_N1kolenko/status/1187339471647313921
# Reference: https://twitter.com/ccxsaber/status/1187573497851068417
# Reference: https://www.virustotal.com/gui/file/d87b875b8641c538f90fe68cad4e9bdc89237dba137e934f80996e8731059861/detection
# Reference: https://otx.alienvault.com/pulse/5ebac662ee27db27e3174795
# Reference: https://twitter.com/h2jazi/status/1317139550221762562
# Reference: https://www.virustotal.com/gui/file/be85325fb5c7b18bf0f5f27df6a51d39bc5ce5885b9ddc7c4872131d3a05bd3e/detection
# Reference: https://www.virustotal.com/gui/file/9e141fe67521b75412419a8c88c199c8ebd2a135c7a8b58edced454fbc33cb77/detection

http://185.203.119.184
http://212.114.52.148
linkrequest.live
matissues.com
unique.fontsupdate.com
/request/httpsrequest

# Reference: https://twitter.com/souiten/status/1538794719009837056
# Reference: https://www.virustotal.com/gui/file/3f72a3784bb1156554eafe678af89d51edbc5df821af9a426cd29135d5e8fdc0/detection

http://212.114.52.20
212.114.52.20:445
45.153.241.33:8080