# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: Earth Lusca, sprysocks

# Reference: https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf
# Reference: https://www.virustotal.com/gui/file/95aa15baeef978b99e63a406fa06a1197f6f762047f9729f17bb49b72ead6477/detection

dsyu.livehost.live
dust.dnslookup.services

# Reference: https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html
# Reference: https://otx.alienvault.com/pulse/6509cd6cb1f6826dace407d7
# Reference: https://www.virustotal.com/gui/ip-address/38.60.199.173/relations
# Reference: https://www.virustotal.com/gui/file/f8ba9179d8f34e2643ee4f8bc51c8af046e3762508a005a2d961154f639b2912/detection
# Reference: https://www.virustotal.com/gui/file/65b27e84d9f22b41949e42e8c0b1e4b88c75211cbf94d5fd66edc4ebe21b7359/detection

bmssystemg188.us
confenos.shop
thebestone.beauty
2e6veme8xs.bmssystemg188.us
hcje7wgz.bmssystemg188.us
rvxzn49eghqj.bmssystemg188.us
sey74m56.bmssystemg188.us
epdanspht.confenos.shop
lt76ux.confenos.shop
qlu7vkkf8.confenos.shop
pfq6dskptkx.thebestone.beauty
uasdhj1.thebestone.beauty
