# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/GrujaRS/status/1121307515759865865

alcx6zctcmhmn3kx.onion
dtutgqjuzv7sktgl.onion

# Reference: https://twitter.com/coldshell/status/936173677854580736
# Reference: https://pastebin.com/9JfkQ1FX

n224ezvhg4sgyamb.onion
n224ezvhg4sgyamb.onion.link
/JHGcd476334

# Reference: https://twitter.com/coldshell/status/936588497216995328
# Reference: https://pastebin.com/LRTA7NSn

/UYTd46732

# Reference: https://twitter.com/coldshell/status/894908561855307776
# Reference: https://pastebin.com/dZXyvmvL

/jhYGUhjb6t
/hg65fyJHG
/JKhbj6g7
/87wefhi
/nv44f33f
/82yyfh3
/JHghjHy6
/94hg4g4g
/a87hbn
/0677rg56
/98wugf56
/hjbgtg67
/jkhg67
/n3f7b
/dfg45

# Reference: https://www.virustotal.com/gui/file/57638ea05f182885a150115adc16143dea744b8c817b82edb64c3e8264ffede2/detection

babil117.com
etiennevermeersch.be
imexltd.eu
trredfcjrottrdtwwq.net

# Reference: https://www.sentinelone.com/blog/recent-tzw-campaigns-revealed-as-part-of-globeimposter-malware-family/
# Reference: https://otx.alienvault.com/pulse/63ee3878c24a8364f27ef377

linux.3bcd0a.com
obzuqvr5424kkc4unbq2p2i67ny3zngce3tbdr37nicjqesgqcgomfqd.onion
tzw7ckhurmxgcpajx6gy57dkrysl2sigfrt6nk4a3rvedfldigtor7ad.onion