# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://github.com/silence-is-best/c2db#ursa-loader

/nj41.php

# Reference: https://app.any.run/tasks/20f85f4b-ffc8-4e15-841c-03ecc150c4a4/

http://45.132.242.89

# Reference: https://twitter.com/JAMESWT_MHT/status/1290523174136946688
# Reference: https://www.virustotal.com/gui/file/e84bd675169dd1ccc077454d08aad592dd97d6a188e841ad02a2e888bd7c1a48/detection

http://104.44.143.28

# Reference: https://twitter.com/luc4m/status/1291985996850925576

mageurox01.hopto.org

# Reference: https://app.any.run/tasks/09bfdbe7-e8d7-42d5-a1cd-fc29586bd74b/

/bd21.php

# Reference: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
# Reference: https://otx.alienvault.com/pulse/5f610cb62458e403adeca72d

http://191.235.99.13
http://51.143.39.80
http://66.70.237.175
http://51.222.39.128
http://51.81.104.17
http://104.44.143.28
/lp1a.php

# Reference: https://twitter.com/sirpedrotavares/status/1318924601162870785
# Reference: https://www.virustotal.com/gui/file/b29028058aa066a993379f424482b3da2ac0b799b71f2da529071616919c4ead/detection
# Reference: https://www.virustotal.com/gui/file/4219d9606f428e914a91edb807d48e4bd30387827e3704318b32bb9a103a7d27/detection
# Reference: https://www.virustotal.com/gui/file/773fd094f93cd9db61173a29bbec99a6293e1a64f181186f36685d6f01827a99/detection
# Reference: https://www.virustotal.com/gui/file/3a4fe7cb28eac0a6fdb2a4831fae4f705b4715af8570e97cf73d07f3f2f598d1/detection
# Reference: https://www.virustotal.com/gui/file/7695ea92f052ada409ec014319a03588606d49125bab96128715ff1a3811463d/detection
# Reference: https://www.virustotal.com/gui/file/c867e31b5dd19dae446f9a3ea0735acfde45f8e2c87b3b7d2d1ce317f10f1f08/detection

http://104.41.57.9
http://142.44.218.78
http://191.235.78.73

# Generic

/ak51.php
/bd21.php
/bd22.php
/bd23.php
/ju61.php
/ju62.php
