# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: ToxinMiner, AbsolutionMe++

# Reference: https://dfir.it/blog/2019/02/26/the-supreme-backdoor-factory/

ecc.freeddns.org
eln.duckdns.org
enl.duckdns.org
lemonade.freeddns.org
limons.duckdns.org
polarbear.freeddns.org
san.strangled.net
sanemarine.duckdns.org
svf.duckdns.org

# Reference: https://www.virustotal.com/gui/file/22978740db1e322f671369d67d5272028280ee6dfcf6e3018743fe6fd0fc315f/detection

f0482784.xsph.ru

# Reference: https://twitter.com/ViriBack/status/1387115824352202765
# Reference: https://twitter.com/3xp0rtblog/status/1389692430061027328
# Reference: https://app.any.run/tasks/4a4e5463-ae50-4bc6-89d0-3cf4db6283b1/
# Reference: https://app.any.run/tasks/4c50bd4c-f163-4d32-bbcd-004d75b2071f/
# Reference: https://www.virustotal.com/gui/file/e53759b3405ef0ac5e2a9009f597347e8a63e9feb5d98607c114859b2a1e4ec1/detection

imen1.webd.pro

# Reference: https://twitter.com/ViriBack/status/1387117427226447875
# Reference: https://twitter.com/James_inthe_box/status/1387117627001085956
# Reference: https://app.any.run/tasks/c98a44d0-32c6-4137-8fae-64e0dc4ea94e/

staxalibabapoisonrez.cc

# Reference: https://www.virustotal.com/gui/file/36ca5337d60dd35da4a63e83e939201dd3f204267ab222c1b7e47d7c3f04f024/detection

hostingtinysoft.space

# Reference: https://twitter.com/jorgemieres/status/1421145004383346696
# Reference: https://twitter.com/MalwareInt/status/1421149238575128578

82e989d88831.ngrok.io

# Reference: https://www.virustotal.com/gui/file/2a3ac6b40b4385373cfecf503dc07064ceb77258260bf9819d957f1501129bd2/detection

clanlegion.ddns.net

# Reference: https://twitter.com/suyog41/status/1701846764649894343
# Reference: https://www.virustotal.com/gui/file/da19c161019ada8ae009a05803d635cdb2f06a5f7385ce626509fed1ecf11815/detection

silentlegion.duckdns.org

# Generic

/gate/connection.php
/gate/create.php
/gate/config.php
/gate/update.php
