# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: kronos, osiris, regretlocker

# Reference: https://www.proofpoint.com/us/threat-insight/post/kronos-reborn

jhrppbnh4d674kzh.onion
jmjp2l7yqgaj5xvv.onion
mysmo35wlwhrkeez.onion
suzfjfguuis326qw.onion
milliaoin.info
kioxixu.abkhazia.su
lionoi.adygeya.su
startupbulawayo.website

# Reference: http://www.broadanalysis.com/2016/10/31/compromised-site-redirects-to-rig-exploit-kit-delivering-kronos-and-nymaim/

2mynameins3344.net
johane3234.net

# Reference: https://twitter.com/nao_sec/status/1148799237049552896
# Reference: https://twitter.com/VK_Intel/status/1148803869239128071
# Reference: https://app.any.run/tasks/dcae4160-a76a-483c-ae4c-788eed561103/

xtaahlcqyfppmvwwprblvveog.paletoxyz.com

# Reference: https://twitter.com/JayTHL/status/1166744243861360642

d2gyv54plbc23to.onion

# Reference: https://twitter.com/Artilllerie/status/1179753482783473665

chlwdxvug4ptljce.onion

# Reference: https://blog.talosintelligence.com/2019/10/threat-roundup-for-september-27-to.html (# Win.Malware.Osiris-7191711-1)

updateserver4.top
updateserver7.top
updateserver5.top
updateserver9.top
updateserver2.top
updateserver8.top
updateserver10.top
updateserver6.top
updateserver3.top

# Reference: https://twitter.com/VK_Intel/status/1190317493224689667
# Reference: https://www.virustotal.com/gui/file/f61870ea2b807f6a3314ff303942961b6f4009464da09d98ea202d3450534ad3/detection

jpb3hvq7v7bsyemq.onion

# Reference: https://www.virustotal.com/gui/ip-address/142.93.190.102/relations

http://142.93.190.102
142.93.190.102:3389
142.93.190.102:443

# Reference: https://www.virustotal.com/gui/file/9d1b1960355e72b205189e7a122b6a9c4197cca650569edc89612a62d6b66efc/detection

managejave.myftp.org
update43x.myvnc.com

# Reference: https://twitter.com/malwrhunterteam/status/1321375502179905536
# Reference: https://www.virustotal.com/gui/file/a188e147ba147455ce5e3a6eb8ac1a46bdd58588de7af53d4ad542c6986491f4/detection

http://193.23.244.244
128.31.0.34:9131

# Reference: https://twitter.com/malwrhunterteam/status/1321388593416462337

344744.cloud4box.ru
regretzjibibtcgb.onion

# Reference: https://twitter.com/nazywam/status/1323624894458925056

o3qrynq3djknfebz.onion

# Reference: https://blog.morphisec.com/long-live-osiris-banking-trojan-targets-german-ip-addresses
# Reference: https://otx.alienvault.com/pulse/60219f6bdc6edbc5308da56b/

ylnfkeznzg7o4xjf.onion

# Reference: https://twitter.com/D3LabIT/status/1359122226277195777
# Reference: https://www.virustotal.com/gui/file/8bbd51eb0dd0cac3e3cbd683b140b7eea3b6f13ce0c214af48f32a26791949e1/detection

mydynamite.dynv6.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1359404803596648450

rieseshopping.it/wp-content/plugins/set.exe
rieseshopping.it/wp-content/plugins/amss.jpg

# Reference: https://twitter.com/nazywam/status/1325399134808010752

linkoz.xyz

# Generic trails

/kpanel/connect.php
/panel/connect.php
/ZRNlFwIb/connect.php
/tor/keys/fp-sk/
/tor/server/fp/
/tor/status-vote/current/consensus
