# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: neurevt

# Reference: https://twitter.com/James_inthe_box/status/1131561504375836673

zolaelectrics.com

# Reference: https://twitter.com/pollo290987/status/1100450079515783169

moscow11.host

# Reference: https://twitter.com/justmlwhunting/status/1088734644072255489

kas919be.pw

# Reference: https://twitter.com/pollo290987/status/1083026735841587202

moscow77.online

# Reference: https://twitter.com/jorgemieres/status/1136354513592307712

russk3.icu

# Reference: https://twitter.com/P3pperP0tts/status/1142245531604934656

bundasteels.com

# Reference: http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan:Win32/Neurevt.A#tab=2

strike-file-hosting.us

# Reference: https://threatrecon.wapacklabs.com/malware/betabot/dnsmh6Ew2rsF8V9Ipwy7RtjSKcFv6JQ6lBm37nriIHM%3D

upcomingsong.com

# Reference: https://pastebin.com/CenCYkHs

sinsec.net
wachaoutlol.com

# Reference: https://www.virustotal.com/gui/domain/hellokiwi.in/relations
# Reference: https://www.virustotal.com/gui/file/978527e2afa1887c75a995f7271942d7735fbefc13f2caef5a85010943c90996/detection

hellokiwi.in

# Reference: https://blog.talosintelligence.com/2019/10/threat-roundup-for-september-27-to.html (# Win.Malware.Neurevt-7192122-0)

12thegamejuststarted10k12.com
2uandmearevideos2k2.com
6worldwipemek6.com
allegro.ga
doombringer.pw
dqwjnewkwefewaaaaa3.com
emicrosoft.eu
fapncam.com
frizzcams.com
frky7.name
kasn5.name
marklou1.eu
myssfii.eu
pl1.co.vu
s1allegro.net
theafam.info
up-windows.in
update-silo.com

# Reference: http://tracker.viriback.com/dump.php (# 2019-11-04, BetaBot)

piszej.xyz
squickycab.ga
usb-drive.ru
xiaodaoj.club

# Reference: https://app.any.run/tasks/4b59b6c9-f5da-4134-ae98-46a885ff30e2/

russk6.icu
russk7.icu
russk8.icu
russk9.icu

# Reference: https://app.any.run/tasks/1add35db-0da6-44dd-8020-135abe5196db/

pitchstak.ga

# Reference: https://app.any.run/tasks/dbdbcdc9-8903-48f5-aa5c-b89928456031/

russk11.icu

# Reference: https://pastebin.com/p0vBRBTE

betabot.pw
mandahp.ie
riyanshoppingbags.com
rollscar.pk

# Reference: https://pastebin.com/EscWd1Cx

asdsadasrdc.ug
cvxmhbfghdsd.ug
micozup.ru
puruntis.ug
timecheck.ug

# Reference: https://news.sophos.com/en-us/2020/05/14/raticate/

negrodesigns.ga
stngpetty.ga
webxpo.ga

# Reference: https://www.virustotal.com/gui/file/33ea7a0d037f1c8f8ef8f567e83fde7329a4158986d5c331ded698eaa2408410/detection

173.46.85.68:2016

# Reference: https://twitter.com/ganeshnathan28/status/1298112354631155712
# Reference: https://www.virustotal.com/gui/domain/winqits.com/relations

winqits.com

# Reference: https://app.any.run/tasks/5585447c-1870-4140-9cbe-1566c51f5d3c/

sinomatics.ga

# Generic

/panels_encoded/login.php
/skins/betpla/PHP/
/div/me.exe
/wid/logout.php