# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: blackteam, blacknet, blackout # Reference: https://twitter.com/makflwana/status/1210466313954414592 5ineprojects.com hckrmytest.com netdz.ga davidescu.000webhostapp.com kiraamora.000webhostapp.com # Reference: https://twitter.com/tkanalyst/status/1212695828931973122 # Reference: https://app.any.run/tasks/607a63ec-0ab5-45a9-b255-df78eb73bd79/ weboss.in # Reference: https://twitter.com/wwp96/status/1218260858524065794 meublesinde.in/black/ # Reference: https://twitter.com/wwp96/status/1218263835007758336 # Reference: https://app.any.run/tasks/6feea8e2-7390-4439-bb23-a35df75422e1/ r-s.us # Reference: https://twitter.com/jorgemieres/status/1222611503125356544 vintosw0.beget.tech # Reference: https://twitter.com/ps66uk/status/1228268374649659392 # Reference: https://app.any.run/tasks/9be4f8eb-e828-4ca5-ba76-6f8db7f1627a/ sinsixclaw.com # Reference: https://twitter.com/ViriBack/status/1228676828107300864 agent.agentreef.xyz # Reference: http://tracker.viriback.com/dump.php (# 2020-02-23, BlackNet) davidaredetoate.000webhostapp.com davidescu.000webhostapp.com kiraamora.000webhostapp.com lex1qlist3.temp.swtest.ru loadbytes.tn mailstealer.zzz.com.ua meublesinde.in piratashost.top raders.ru semanariolaprensa.com sinsixclaw.com snapk.org vovagaka.myjino.ru wwe23pro.myjino.ru xblackeyex.000webhostapp.com # Reference: https://twitter.com/MBThreatIntel/status/1242173577639550976 antivirus-covid19.site corona-antivirus.com instaboom-hello.site # Reference: https://app.any.run/tasks/e5dcc906-4f08-464b-b738-e39a0458dd4f/ # Reference: https://app.any.run/tasks/c0432968-da70-46ef-a4ff-5156603ae3ae/ # Reference: https://www.virustotal.com/gui/file/18cc40d5c56f621dc4b1386b37892ce9723145c7e2b580053386bf93dd329dfa/detection developersblacknet.ru # Reference: https://www.virustotal.com/gui/file/c860d4c575c1548da86c9a6a9a4e63d48612fe28cae7f12097542f2ea4b013bd/behavior/VirusTotal%20Jujubox # Reference: https://app.any.run/tasks/f57a3fd0-fbfe-4534-9992-39e784ada8cb/ bootpay.ru # Reference: https://any.run/report/c205d50556fe7ae5923452dbe6f5fc118229966bb1a7ce6ac87a9f2d371c987d/d51e29b1-1f91-4b7e-a55d-4d0a001b0b1f # Reference: https://urlhaus.abuse.ch/url/339364/ # Reference: https://bbs.kafan.cn/thread-2179435-1-1.html /US-2020-20-03-16-18-40-0569324B-9414737A-3C853917-C61460EF-C4978359.com # Reference: https://www.virustotal.com/gui/file/3d9a2aa28c67d76ebd6512789014880dabb0b21164970f3618294899323fb3e6/detection rat3.ddns.net # Reference: https://twitter.com/ganeshnathan28/status/1261677808268369922 cryptobitnex.co.za # Reference: https://twitter.com/jorgemieres/status/1273290086159978496 informavoce.com # Generic trails /blacknet/connection.php /blacknet/getCommand.php /blacknet/login.php /blacknet/recieve.php /BlackNETPanel/connection.php /BlackNETPanel/getCommand.php /BlackNETPanel/login.php /BlackNETPanel/recieve.php /BlackNET%20Panel/connection.php /BlackNET%20Panel/getCommand.php /BlackNET%20Panel/login.php /BlackNET%20Panel/recieve.php /bn/connection.php?data= /bn/getCommand.php?id= /bn/receive.php?command= /panel/connection.php?data= /panel/receive.php?command= /panel/getCommand.php?id= /flags/Client.exe