# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: sharpshooter

# Reference: https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-sharpshooter-targets-global-defense-critical-infrastructure/?mid=1
# Reference: https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-sharpshooter.pdf
# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2018/2018-12-12-operation-sharpshooter-targets-global-defense-critical-infrastructure/operation-sharpshooter-targets-global-defense-critical-infrastructure.csv
# Reference: https://www.virustotal.com/gui/file/88a5287b6e9879e79240660408e2e868d9d332e3c37c753a05a40b87f1549646/detection

http://137.74.41.56
http://208.117.44.112
http://34.214.99.20
kingkoil.com.sg/board.php
kingkoil.com.sg/query.php

# Reference: https://www.domaintools.com/resources/blog/winter-vivern-a-look-at-re-crafted-government-maldocs
# Reference: https://lab52.io/blog/winter-vivern-all-summer/
# Reference: https://otx.alienvault.com/pulse/6152feb7f8ed6979d6eb5c10

centr-security.com
secure-daddy.com
securemanage.com
securetourspd.com

# Generic

/wintervivern/server/
/wintervivern/vivern/
/wintervivern/vivern/getAnswer.php?username=
/wintervivern/vivern/getcommand?username=