# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://securityaffairs.co/wordpress/138514/malware/kmsdbot-golang-malware.html
# Reference: https://www.akamai.com/blog/security-research/kmdsbot-the-attack-and-mine-malware
# Reference: https://www.virustotal.com/gui/file/8d1df3c5357adbab988c62682c85b51582649ff8a3b5c21fca3780fe220e5b11/detection
# Reference: https://www.virustotal.com/gui/file/f3b712049ab610efb17cb9d8976f88fb0b6ef91195f25c74545a673fe4b5caac/detection
# Reference: https://www.virustotal.com/gui/file/ef11aaee40c49fcb582a866d5ef58ac6560b3bbc785f27f08bbdd7b6deef5325/detection
# Reference: https://www.virustotal.com/gui/file/b927e0fe58219305d86df8b3e44493a7c854a6ea4f76d1ebe531a7bfd4365b54/detection
# Reference: https://www.virustotal.com/gui/file/9f7eaf9232571e77dbbe61a9f2a689e2e7fdd224ea7002854f01a3d719c34ed9/detection

http://49.51.35.158
http://109.206.241.112
109.206.241.112:51381
109.206.241.112:51382
109.206.241.112:51383
109.206.241.112:51388
147.185.254.17:49964
/kumd.arc
/kumd.arcle-hs38
/kumd.arm
/kumd.arm4
/kumd.arm4l
/kumd.arm4t
/kumd.arm4tl
/kumd.arm4tll
/kumd.arm5
/kumd.arm5l
/kumd.arm5n
/kumd.arm6
/kumd.arm64
/kumd.arm6l
/kumd.arm7
/kumd.arm7l
/kumd.arm8
/kumd.armv4
/kumd.armv4l
/kumd.armv5l
/kumd.armv6
/kumd.armv61
/kumd.armv6l
/kumd.armv7l
/kumd.dbg
/kumd.exploit
/kumd.i4
/kumd.i486
/kumd.i586
/kumd.i6
/kumd.i686
/kumd.kill
/kumd.m68
/kumd.m68k
/kumd.mips
/kumd.mips64
/kumd.mipseb
/kumd.mipsel
/kumd.mpsl
/kumd.pcc
/kumd.powerpc
/kumd.powerpc-440fp
/kumd.powerppc
/kumd.ppc
/kumd.pp-c
/kumd.ppc2
/kumd.ppc440
/kumd.ppc440fp
/kumd.riscv64
/kumd.root
/kumd.root32
/kumd.s390x
/kumd.sh
/kumd.sh4
/kumd.sparc
/kumd.spc
/kumd.ssh4
/kumd.x32
/kumd.x32_64
/kumd.x64
/kumd.x86
/kumd.x86_32
/kumd.x86_64
/kxmd.arc
/kxmd.arcle-hs38
/kxmd.arm
/kxmd.arm4
/kxmd.arm4l
/kxmd.arm4t
/kxmd.arm4tl
/kxmd.arm4tll
/kxmd.arm5
/kxmd.arm5l
/kxmd.arm5n
/kxmd.arm6
/kxmd.arm64
/kxmd.arm6l
/kxmd.arm7
/kxmd.arm7l
/kxmd.arm8
/kxmd.armv4
/kxmd.armv4l
/kxmd.armv5l
/kxmd.armv6
/kxmd.armv61
/kxmd.armv6l
/kxmd.armv7l
/kxmd.dbg
/kxmd.exploit
/kxmd.i4
/kxmd.i486
/kxmd.i586
/kxmd.i6
/kxmd.i686
/kxmd.kill
/kxmd.m68
/kxmd.m68k
/kxmd.mips
/kxmd.mips64
/kxmd.mipseb
/kxmd.mipsel
/kxmd.mpsl
/kxmd.pcc
/kxmd.powerpc
/kxmd.powerpc-440fp
/kxmd.powerppc
/kxmd.ppc
/kxmd.pp-c
/kxmd.ppc2
/kxmd.ppc440
/kxmd.ppc440fp
/kxmd.riscv64
/kxmd.root
/kxmd.root32
/kxmd.s390x
/kxmd.sh
/kxmd.sh4
/kxmd.sparc
/kxmd.spc
/kxmd.ssh4
/kxmd.x32
/kxmd.x32_64
/kxmd.x64
/kxmd.x86
/kxmd.x86_32
/kxmd.x86_64
/kzmd.arc
/kzmd.arcle-hs38
/kzmd.arm
/kzmd.arm4
/kzmd.arm4l
/kzmd.arm4t
/kzmd.arm4tl
/kzmd.arm4tll
/kzmd.arm5
/kzmd.arm5l
/kzmd.arm5n
/kzmd.arm6
/kzmd.arm64
/kzmd.arm6l
/kzmd.arm7
/kzmd.arm7l
/kzmd.arm8
/kzmd.armv4
/kzmd.armv4l
/kzmd.armv5l
/kzmd.armv6
/kzmd.armv61
/kzmd.armv6l
/kzmd.armv7l
/kzmd.dbg
/kzmd.exploit
/kzmd.i4
/kzmd.i486
/kzmd.i586
/kzmd.i6
/kzmd.i686
/kzmd.kill
/kzmd.m68
/kzmd.m68k
/kzmd.mips
/kzmd.mips64
/kzmd.mipseb
/kzmd.mipsel
/kzmd.mpsl
/kzmd.pcc
/kzmd.powerpc
/kzmd.powerpc-440fp
/kzmd.powerppc
/kzmd.ppc
/kzmd.pp-c
/kzmd.ppc2
/kzmd.ppc440
/kzmd.ppc440fp
/kzmd.riscv64
/kzmd.root
/kzmd.root32
/kzmd.s390x
/kzmd.sh
/kzmd.sh4
/kzmd.sparc
/kzmd.spc
/kzmd.ssh4
/kzmd.x32
/kzmd.x32_64
/kzmd.x64
/kzmd.x86
/kzmd.x86_32
/kzmd.x86_64
/ksmdm
/ksmdr
/ksmds
/win/kumd.exe
/win/kxmd.exe
/win/kzmd.exe
/x86_64/kumd
/x86_64/kxmd
/x86_64/kzmd