# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.proofpoint.com/us/threat-insight/post/gootkit-banking-trojan-jumps-channel

swysocki77.com
gorski83.com
ostrowski87.com
jasinski2015.com
olszewski78.com
pozheeshebudem.com
freforevermailtes.com
nidermidertom.com
ecuremailbestfree.com
securewebgooglesite.com
robertpouslen12494.pw
robertpouslen1234524.com
update-service7825t28.com
domolor.com
babosikimne.com
babosikidai.com
vaillantsawer.com
proballansmen.com
reputamadrell.com
lastrizariano.com
rokobarokkino.com
artipreambulo.com
trequablaster.com
pretriquestro.com
rebellintosto.com
mellicianactr.com
abc.doitgraphic.org
updatebase.bid
shop.lifexcellence.org

# Reference: http://www.broadanalysis.com/2017/03/13/rig-exploit-kit-via-eitest-delivers-gootkit-banking-malware-2/

duplanty.top

# Reference: https://www.cert-pa.it/news?id=10536

sph.expoartshop.com

# Reference: https://twitter.com/James_inthe_box/status/1102904911212101634

/rbody320

# Reference: https://twitter.com/James_inthe_box/status/914111090425917440
# Reference: https://pastebin.com/T2ryBWdZ

/rpersist4/

# Reference: https://twitter.com/JAMESWT_MHT/status/1113395985043079169
# Reference: https://sugitamuchi.hatenablog.com/entry/2019/04/13/224350 (JP-lang)

/loadercrypt_823EF8A810513A4071485C36DDAD4CC3.php

# Reference: https://www.joesandbox.com/analysis/117861/0/pdf

/crypt0DD1D2637FDB71097213D70B94E86930.php

# Reference: https://twitter.com/VK_Intel/status/1006545151823613952

ftps.layermag.com
lab.aplusstatus.com
0.turkcedusunturkcekonus.com

# Reference: https://twitter.com/malware_traffic/status/767852827200761856

apsoo3k2i.ahgsuy3829.top

# Reference: https://twitter.com/Racco42/status/1063412662623760385

/tes2t

# Reference: https://twitter.com/BroadAnalysis/status/815211105664565248

cedar.igrooveweb.com
salsx.sedtinterrighthe.top

# Reference: https://twitter.com/BroadAnalysis/status/788400179091214336

acc.arabicdessert.co
kd67.prmhohzsl.top

# Reference: https://twitter.com/BroadAnalysis/status/782996903025844224

b6l2op.dxzvkr.top

# Reference: https://twitter.com/malware_traffic/status/766412267063607296

dmqxmz.lowashemterle.top

# Reference: https://blog.yoroi.company/warning/campagna-gootkit-verso-pec-italiane/

ami.sigaingegneria.com
erre.effe-erre.es
filuetrama.top
martatov.top

# Reference: https://twitter.com/reecdeep/status/1130497379411595266

fila.heathercrowe.ca
koohy.top

# Reference: https://app.any.run/tasks/77932db7-ffb1-409a-9b28-9cf6c8e70c1c/

fila.su170.org

# Reference: https://twitter.com/reecdeep/status/1136950470696681473

it.goodvibeskicking.com
tru.cheersportacademy.com

# Reference: https://twitter.com/reecdeep/status/1139063611681325056

kohe.even-air.com
ove.resourceny.net

# Reference: https://twitter.com/reecdeep/status/1139436492152102912

box.therusticsandbox.com