# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: foudre, infy

# Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.infy
# Reference: https://unit42.paloaltonetworks.com/prince-of-persia-infy-malware-active-in-decade-of-targeted-attacks/

analyse1.mooo.com
best.short-name.com
best2.short-name.com
best2.short-url20.com
best3.short-url20.com
best4.short-url20.com
best5.short-url20.com
best6.short-url20.com
best7.short-url20.com
bestbox3.com
bestupdateserver.com
bestupdateserver2.com
bestupser.awardspace.info
bestwebstat.com
bl2pe.bestwebstat.com
box4054.net
c1.short-url20.com
dbook.soon.it
dsite.dyx.comextd.mine.bz
fastecs.netfirms.com
fastupdate.net
gstat.strangled.net
lost.updateserver1.com
lu.ige.es
mand.pwnz.org
myblog2000.com
ns2.myblog2000.com
nus.soon.it
safehostonline.com
secup.soon.it
short-name.com
short-url20.com
update.info.gf
updatebox4.com
updateserver1.com
updateserver3.com
us1.short-name.com
us12.short-url20.com
us13.short-url20.com
us15.short-url20.com
us16.short-url20.com
us1s2.strangled.net
wep.archvisio.com
wep.soon.it
wpstat.mine.bz
wpstat.strangled.net
youripinfo.com

# Reference: https://unit42.paloaltonetworks.com/unit42-prince-of-persia-game-over/

us1s2.strangled.net
uvps1.cotbm.com
gstat.strangled.net
secup.soon.it
p208.ige.es
lu.ige.es
updateserver1.com
updateserver3.com
updatebox4.com
bestupdateserver.com
bestupdateserver2.com
bestbox3.com
safehostline.com
youripinfo.com
bestupser.awardspace.info
box4035.net
box4036.net
box4037.net
box4038.net
box4039.net
box4040.net
box4041.net
box4042.net
box4043.net
box4044.net
box4045.net
box4046.net
box4047.net
box4048.net
box4049.net
box4050.net
box4051.net
box4052.net
box4053.net
box4054.net
box4055.net
box4056.net
box4057.net
box4058.net
box4059.net
box4060.net
box4061.net
box4062.net
box4063.net
box4064.net
box4065.net
box4066.net
box4067.net
box4068.net
box4069.net
box4070.net
box4071.net
box4072.net
box4075.net
box4078.net
box4079.net
box4080.net
box4081.net
box4082.net
box4083.net
box4084.net
box4085.net
box4086.net
box4087.net
box4088.net
box4089.net
box4090.net

# Reference: https://unit42.paloaltonetworks.com/unit42-prince-persia-ride-lightning-infy-returns-foudre/

017eab31.space
01ead12b.space
0ca0453a.site
14c7e2dc.space
15bb747b.site
15ce27c5.site
16e53040.space
17ecf559.site
1cb3c4c0.space
1d4ee030.space
23dafa1e.space
2daa46f1.space
341a436d.space
3828b6ed.site
39451f31.space
3a6e08b4.site
3c6e6571.space
3e8718c3.site
3f4572f4.site
431d73fb.space
43ec206d.top
4b6955e7.space
4e422fa7.space
4f2f867b.site
5aad7667.space
60ebc5cf.site
61e200d6.space
62c91753.site
63c0d24a.space
6bb4f456.space
76ede1bd.space
7ba775ac.site
8447b18a.space
869182ff.site
884efdfb.space
8cc7767f.site
8dceb366.space
8ee5a4e3.site
8fec61fa.space
9155ccba.space
9877fa8b.space
98e38091.space
9c1f58ab.site
9f233843.space
a20af0d2.space
a367590e.site
a4a55efc.space
a64c234e.site
b4a3174b.space
c4c9e3c4.space
c5aeee9c.site
d14b13d8.site
d260045d.space
d3a26e6a.space
d4606998.site
d50dc044.space
d74b7e1d.space
e00dc810.space
e652fc2c.space
eb18683d.site
f196b269.site
f8eb516c.space
f9e29475.site
fac983f0.space
fbc046e9.site

# Reference: https://www.intezer.com/blog/research/prince-of-persia-the-sands-of-foudre/

177a5c4a.space
1d8bfc20.space
1f0e7a56.space
607d6cdc.space
68094ac0.space
891ec9e9.space
8fb167c7.space
cf75d89b.space
ee73f549.space
f8b65751.space
fe19f97f.space

# Reference: https://www.virustotal.com/gui/file/a64edb19e71549fb9248b27b58f911a4a1e8cd8b8e4adff93ecfb7e15a3cdad7/detection
# Reference: https://www.virustotal.com/gui/file/f535b46ad2452d61282f615faf35993e83b6c56c9533bf22c12f97f318242e06/detection

db54a845.dynu.net
db54a845.net
db54a845.space
db54a845.top
e00be33d.space

# Reference: https://twitter.com/ShadowChasing1/status/1339190981703266304
# Reference: https://www.virustotal.com/gui/file/f6bb93dda74c0de2032963e2804cacb47128603070fe04c372f86e69fa8ce47c/detection

149a673e.dynu.net
149a673e.net
149a673e.space
149a673e.top
32c39cf4.dynu.net
32c39cf4.net
32c39cf4.space
32c39cf4.top
334edefd.dynu.net
334edefd.net
334edefd.space
334edefd.top
34231ae4.dynu.net
34231ae4.net
34231ae4.space
34231ae4.top
3b75d0df.dynu.net
3b75d0df.net
3b75d0df.space
3b75d0df.top
3d9556cf.dynu.net
3d9556cf.net
3d9556cf.space
3d9556cf.top
42a9687b.dynu.net
42a9687b.net
42a9687b.space
42a9687b.top
43242a72.dynu.net
43242a72.net
43242a72.space
43242a72.top
4449ee6b.dynu.net
4449ee6b.net
4449ee6b.space
4449ee6b.top
45c4ac62.dynu.net
45c4ac62.net
45c4ac62.space
45c4ac62.top
4a926659.dynu.net
4a926659.net
4a926659.space
4a926659.top
4c72e049.dynu.net
4c72e049.net
4c72e049.space
4c72e049.top
aa478f47.dynu.net
aa478f47.net
aa478f47.space
aa478f47.top
abcacd4e.dynu.net
abcacd4e.net
abcacd4e.space
abcacd4e.top
aca70957.dynu.net
aca70957.net
aca70957.space
aca70957.top
ad2a4b5e.dynu.net
ad2a4b5e.net
ad2a4b5e.space
ad2a4b5e.top
da2d7bc8.dynu.net
da2d7bc8.net
da2d7bc8.space
da2d7bc8.top
dba039c1.dynu.net
dba039c1.net
dba039c1.space
dba039c1.top
dccdfdd8.dynu.net
dccdfdd8.net
dccdfdd8.space
dccdfdd8.top
dd40bfd1.dynu.net
dd40bfd1.net
dd40bfd1.space
dd40bfd1.top