# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: babyshark, kimjongrat

# Reference: https://asert.arbornetworks.com/stolen-pencil-campaign-targets-academia/

bizsonet.ayar.biz
bizsonet.com
client-message.com
client-screenfonts.com
docsdriver.com
grsvps.com
itservicedesk.org
pqexport.com
scaurri.com
secozco.com
sharedriver.pw
sharedriver.us
tempdomain8899.com
world-paper.net
zwfaxi.com

# Reference: https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/

tdalpacafarm.com/files/kr/contents/upload.php

# Reference: https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/)

/expres.php