# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: krbanker

# Reference: https://twitter.com/Paladin3161/status/1185196100220665856

0x0x0x0x0.best
0x0x0x0x0.club
0x0x0x0x0.xyz
1c1c1c1c.best
oiwcvbnc2e.stream

# Reference: https://twitter.com/Kafan_MalwareHT/status/1359153542783774727
# Reference: https://app.any.run/tasks/7200fdbe-b752-41d1-8a74-9822e75cd2fc/
# Reference: https://www.virustotal.com/gui/file/1ac1a77ff3cf20c46f132c214a737ec2c2086f4ab42068a55a8ac30abfea432d/detection

r.pengyou.com
users.qzone.qq.com/fcg-bin/cgi_get_portrait.fcg?uins=1044446911

# Reference: https://www.virustotal.com/gui/file/008e45f4d75d423d8f77cec6b80ae4f87248b4c66ca6efba019329ea735e8eda/detection

14.18.141.27:33355

# Reference: https://www.virustotal.com/gui/file/eb603df8f80f6863a6602e73e335a0b3eb35087e19e5b518a141ad5189055fdc/detection

14.18.141.27:8668

# Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.krbanker
# Reference: https://www.virustotal.com/gui/file/008c859fb13090cf9a14190cbadf0aa6176264e18b2c9c34389f18f993fa5e42/detection

/fcg-bin/cgi_get_portrait.fcg?uins=

# Reference: https://tria.ge/220725-kbamjsbeck/behavioral1
# Reference: https://tria.ge/220725-kh522aagg8/behavioral1

91.208.245.116:10020
nxxxn.ga
r.nxxxn.ga
fuck88.f3322.net

# Reference: https://tria.ge/220722-pea5psfccn/behavioral1

http://106.126.11.167

# Reference: https://tria.ge/220624-mg3lmabfdq/behavioral1

110.42.64.64:11022

# Reference: https://tria.ge/220710-qc7xbsbegj/behavioral1

43.248.201.209:24303
qq2457600534.e2.luyouxia.net

# Reference: https://www.virustotal.com/gui/file/b313ca691222060976a9e84c2844ef65adca90aa71edfd236114fc4af316bc7e/detection

42.192.232.209:3650
58.247.212.48:6666

# Reference: https://www.virustotal.com/gui/file/43459add0078b6a62c05541b6c4c1c4b8447019635b1d3b2fe41f306fc149820/detection

42.192.232.209:8896

# Reference: https://www.virustotal.com/gui/file/76e37df391e311f92a1030c3a2a68f35e8c5308e5b07eea741164b9400d3f69d/detection

118.112.248.123:3650
42.192.232.209:8000

# Reference: https://www.virustotal.com/gui/file/efdd712dc7ccee416dc25ee6b80cab926708d74ed65e4d905703a3729a7239bc/detection

45.32.212.57:3650

# Reference: https://www.virustotal.com/gui/file/b6573c414cddba0170719c4a5d82bd7b38b2042793c4ff0064cd9bdd81d572ed/detection

42.192.232.209:8888

# Reference: https://www.virustotal.com/gui/file/9dec29df40e9a23c04321040e36ae0c84f686af11ce7115642431e879b7fbceb/detection

103.39.222.89:3650

# Reference: https://www.virustotal.com/gui/file/83d9bd147a4b5903426cc01c0b5592a5ad0c405f74ca13c873e8593c2b7f7bc3/detection

103.27.109.51:3650

# Reference: https://www.virustotal.com/gui/file/2ebf6b0c3c6c42169746f3c8da7069a74c77a92b7783a50160f8f3f9c38f931a/detection

111.67.196.146:3650

# Reference: https://www.virustotal.com/gui/file/0f4d1a9ac1322f2bb0ae03ff90a2ef81237e626965c33098e49be650050caf8c/detection

27.124.4.165:3650
