# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: sharpshooter # Reference: https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-sharpshooter-targets-global-defense-critical-infrastructure/?mid=1 # Reference: https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-sharpshooter.pdf # Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2018/2018-12-12-operation-sharpshooter-targets-global-defense-critical-infrastructure/operation-sharpshooter-targets-global-defense-critical-infrastructure.csv # Reference: https://www.virustotal.com/gui/file/88a5287b6e9879e79240660408e2e868d9d332e3c37c753a05a40b87f1549646/detection http://137.74.41.56 http://208.117.44.112 http://34.214.99.20 kingkoil.com.sg/board.php kingkoil.com.sg/query.php # Reference: https://www.domaintools.com/resources/blog/winter-vivern-a-look-at-re-crafted-government-maldocs # Reference: https://lab52.io/blog/winter-vivern-all-summer/ # Reference: https://otx.alienvault.com/pulse/6152feb7f8ed6979d6eb5c10 centr-security.com secure-daddy.com securemanage.com securetourspd.com # Generic /wintervivern/server/ /wintervivern/vivern/ /wintervivern/vivern/getAnswer.php?username= /wintervivern/vivern/getcommand?username=