# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://github.com/eset/malware-ioc/tree/master/glupteba

ostdownload.xyz
travelsreview.world
bigdesign.website
sportpics.xyz
kinosport.top
0ev.ru
0df.ru
0d2.ru
0d9.ru
financialtimesguru.com
burnandfire5.com

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/glupteba-campaign-hits-network-routers-and-updates-cc-servers-with-data-from-bitcoin-transactions/
# Reference: https://otx.alienvault.com/pulse/5d6fab77e045042a3b8969f5

bigtext.club
blackempirebuild.com
clubhouse.site
keepmusic.xyz
lienews.world
nxtfdata.xyz
okonewacon.com
phonemus.net
playfire.online
takebad1.com
venoxcontrol.com

# Reference: https://twitter.com/James_inthe_box/status/1171831864945827840

techmega.xyz

# Reference: https://www.cybereason.com/blog/glupteba-expands-operation-and-toolkit-with-lolbins-cryptominer-and-router-exploit
# Reference: https://otx.alienvault.com/pulse/5d7f9d70c73b107dec8cab9d

blackempirebuild.com
fstyline.xyz
okonewacon.com
postnews.club
roundworld.club
venoxcontrol.com
weekdanys.com

# Reference: https://github.com/silence-is-best/c2db#glupteba

/bots/post-ia-data

# Reference: https://twitter.com/raby_mr/status/1167771781802778628
# Reference: https://app.any.run/tasks/90e9809c-d3c5-4e93-b364-6ec4911c2e3e/

hostas8.tk
osdsoft.tk
portmdfmoon.com

# Reference: https://app.any.run/tasks/a937310e-b264-4571-9c02-38dac78eaffb/

gamedemo.xyz

# Reference: https://www.virustotal.com/gui/domain/theatresearch.xyz/relations
# Reference: https://www.virustotal.com/gui/file/8ebe295051462bc139cd800d079ab2cad7598c92285a0913d65e482d99840643/detection

theatresearch.xyz

# Reference: https://app.any.run/tasks/45008774-a710-4ecc-aece-892f42b4dd4a/

whitecontroller.com
bestblues.tech

# Reference: https://app.any.run/tasks/e89e3aa1-1640-4a78-a388-b524e82a512c/
# Reference: https://app.any.run/tasks/9a68a931-ebea-4d05-a074-00df4c4be1b8/

C80C1038-405D-4C32-9E5B-A8F59B671E29.server-86.bczx.ru
ED18DB6A-A7B9-4689-A41F-535C16FE6156.server-66.flrz.ru
massiveart.info
onlynew.xyz
chatmusic.xyz
promusic.website
5.9.108.164:8000
78.46.86.122:8000

# Reference: https://twitter.com/JAMESWT_MHT/status/1249630527193264128
# Reference: https://app.any.run/tasks/b849597b-3444-42a8-a2d9-562b71982f22/

30462DD4-9370-4083-8887-35AE4B2526DF.server-3.deeponlines.com
biggames.online
chatmusic.xyz
deepsound.live

# Reference: https://app.any.run/tasks/ff52567e-9340-442f-bf70-338b53cf9970/

fstyline.xyz

# Reference: https://otx.alienvault.com/pulse/5ef38fa73ccd462e6072ca54

anotheronedom.com
capmusic.ru
fundbook.xyz
gamedate.xyz
getfixed.xyz
gfixprice.xyz
hotbooks.xyz
maxbook.site
netoftime.com
robotatten.com
setbird.website
sleepingcontrol.com
sndvoices.com

# Reference: https://app.any.run/tasks/2b9d766f-9c33-4380-8c30-f041efc3afc9/
# Reference: https://app.any.run/tasks/f49b5902-0049-449c-8900-4904c04f5d78/
# Reference: https://app.any.run/tasks/765dda1f-eeaa-4331-b260-702fc1a5aa5b/

gfixprice.space
ordinarygame.site
salebooks.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1293213108505325569

video-youtube-get.ru

# Reference: https://www.virustotal.com/gui/file/f4b2d23503a5d980706f78ba90ce4dbce3b3a27ff04b725179771cacbf90c971/detection

gmbshop.ru
ucar.ug
ukronet.ru
woproperty.xyz

# Reference: https://news.sophos.com/wp-content/uploads/2020/06/glupteba_final.pdf
# Reference: https://www.virustotal.com/gui/file/42237c48310d7ca1c4c1363b01f4cf096dc3338f6277d857462b110393ae7a58/detection

swebgames.site/test.php

# Reference: https://github.com/sophoslabs/IoCs/blob/master/Trojan-Glupteba

1.podcast.best
anotheronedom.com
bestblues.tech
easywbdesign.com
gamedate.xyz
getfixed.xyz
gfixprice.xyz
maxbook.space
robotatten.com
sleepingcontrol.com
sndvoices.com
whitecontroller.com
myonetime.top
venoxcontrol.com
myonetime.top/w.php

# Reference: https://www.virustotal.com/gui/file/6fa4c616f511ff570b2143dea50cdd012bdb632e7823f903b487330c586a67b2/detection

http://91.245.227.131

# Reference: https://www.virustotal.com/gui/file/c78d0071b54b427256151a5b0e8276ef8959336e0eb319d5ee44230ff38981cb/detection

kinolive.best
lavanda.best
offce221.com
vot552.com

# Reference: https://www.virustotal.com/gui/file/6705824b8c2fc43fd8e6c8999b638c39ea11a79e8614e75b8b1f9451a93e005b/detection

wastermedrent.com

# Reference: https://www.virustotal.com/gui/file/f16630378ba5cd07f2e131f3afa483c6f722406702d9201450c3be17f8b1081e/detection
# Reference: https://app.any.run/tasks/5b08dccf-d23c-470e-8e02-5f9bf7bffb32/

gogohid.com
vincentolife.com

# Reference: https://www.virustotal.com/gui/file/71c9ae337a763e6df591080e34b439b7c927b3ef49315e10a04a91c30b5d98e4/detection

http://37.48.127.236/2.php

# Reference: https://www.virustotal.com/gui/file/6dfac67d27d43624a9707c6de4fe6b07468366b1a1e0f4026abf57ebbcad92a4/behavior

18.193.123.112:8008
