# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.secrss.com/articles/36606 (Chinese)
# Reference: https://www.virustotal.com/gui/ip-address/162.222.214.109/relations
# Reference: https://www.virustotal.com/gui/file/41cfac27c16272327bbe6c2251ce43432d26c4a01ff9a3042b824ba8ebcccb0d/detection
# Reference: https://www.virustotal.com/gui/file/6702d4eca0e2bd4e7cbfc3e700d241f7934b52626f66b7dacf1807dc20a66103/detection
# Reference: https://www.virustotal.com/gui/file/d4e95d7bef8d3628a74b3f4c19c86fed1f70446b9d466851c713c52d89e48370/detection
# Reference: https://www.virustotal.com/gui/file/90b7e2c0aea51f1b51c367ee580cbacb06e71b4fb934ac9f2e4dec1bb3fdfeb0/detection
# Reference: https://www.virustotal.com/gui/file/9932be44c8916fc5750ef63866ab6b4ab3984298cdfadad2c606f3f6d36127e9/detection

http://162.222.214.109
http://185.145.97.62
http://188.241.58.25
http://192.236.147.112
http://5.188.231.101
http://82.221.136.25
http://91.235.116.227
185.231.222.86:443
aufreighttransport.com
controlmytraffic.com
coredashcloud.com
guesttrafficinformation.com
hoaquincloud.com
msvsseccloud.com
nyculturecloud.com
tomatozcloud.com
trafficcheckdaily.com

# Reference: https://twitter.com/malwrhunterteam/status/1541784815728459779
# Reference: https://twitter.com/unpacker/status/1541944761140948993
# Reference: https://twitter.com/unpacker/status/1541944861275828224
# Reference: https://twitter.com/unpacker/status/1541945280467111936
# Reference: https://www.virustotal.com/gui/file/bffacbb0b54a3b1dd6f25686d2486d0a064f5e8eedefb4e572740f7b63ba4fa4/detection

http://131.226.4.22
http://162.222.214.50
http://185.207.206.108
http://82.221.129.104

# Generic

/files/kqAjJY3v4JxtChh3.bmp
/manager/JxQpe5T2nCn747UP.bmp
/manager/VYtpPTc8UE2zG4dH.bmp
/verify/V4/WHZAZVRYVJTN.bmp
/JxQpe5T2nCn747UP.bmp
/kqAjJY3v4JxtChh3.bmp
/VYtpPTc8UE2zG4dH.bmp
/WHZAZVRYVJTN.bmp