# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/fumik0_/status/1407981244474970115
# Reference: https://fumik0.com/2021/06/24/lu0bot-an-unknown-nodejs-malware-using-udp/
# Reference: https://www.virustotal.com/gui/file/3a8ffe53dce3cc92dd54f8ee34c3f9a8db950c80b53ffb44f36b43123297bea0/detection
# Reference: https://www.virustotal.com/gui/file/61983e52070f7b422a9a674042e70bbedf492f5961881ebf49e87f5955439f76/detection

5.188.206.211:19584
asu00.xyz
asu02.shop
asu03.xyz
asu04.shop
asu05.fun
asu06.xyz
asu07.fun
asu08.shop
asu09.shop
asu10.fun
asu12.store
asu13.one
asu14.fun
asu15.one
ati71.fun
hri0.asia
hri0.xyz
hri1.asia
hri1.xyz
hri10.xyz
hri2.xyz
hri3.xyz
hri4.xyz
hri5.xyz
hri6.xyz
hri7.xyz
hri8.xyz
hri9.xyz
ldvelia.click
ldvelia.work
lu0.asia
lu00.xyz
lu01.xyz
lu02.xyz
lu03.xyz
lu1.asia
olo57.shop
oun96.fun
tes01.xyz
tes02.xyz
tes03.xyz
tes04.xyz
tes05.xyz
tes06.xyz
lu0.sytes.net
lu0.viewdns.net

# Reference: https://twitter.com/benkow_/status/1446108260256272393
# Reference: https://tria.ge/211007-qy43kacfgq/behavioral1
# Reference: https://www.virustotal.com/gui/file/2d721df670fdb63c643b3de2dcdd46311b8d94d2753b47ad0035392644dee77a/detection

olo57.shop
ran38.fun
ran38a.fun

# Reference: https://twitter.com/benkow_/status/1469238517066838018
# Reference: https://tria.ge/211210-lg2tnagac7/behavioral1

nkn61.shop
9ad3a65b61891639132275091.qpi.nkn61.shop

# Reference: https://twitter.com/benkow_/status/1489306140760592386
# Reference: https://bazaar.abuse.ch/sample/858bafe27080124fc1560894b00cf8c0c672df0bd0a66dbd08cf28b4cf9e1ee5/

vck11.fun
opi.vck11.fun
1ab5669c68291643944772843.benkow.vck11.fun
