# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.virustotal.com/#/ip-address/85.17.26.65 (#URL section)

/boxMrenewal.php
/challengevdl.php
/dd.php
/girisi.php
/rerewp.php
/overviewshn.php
/signOnV2Screen.php
/Up-dating.php

# Reference: https://twitter.com/JAMESWT_MHT/status/1045564495723188225

/1/gate.php
/1/screenshot_gate.php

# Reference: https://twitter.com/malwrhunterteam/status/1045622528541151232

/hows_yourfever.php
/introductio_n.php
/psycho.php
/review_me.php
/rootme.php

# Reference: https://www.virustotal.com/#/domain/manapowermta.us

/loomistech/gate.php

# Reference: https://twitter.com/nullcookies/status/1019569151503986689

/bc0de.php

# Reference: https://twitter.com/devnullek/status/1020015255144017920

/order588.php

# Reference: https://twitter.com/YouMayBeHacked/status/1040368782408069120

/Kostenaufstellung.169156596183882049609578.php

# Reference: https://twitter.com/James_inthe_box/status/1048277465397751808

/onlinegoogle.php

# Reference: https://twitter.com/YouMayBeHacked/status/1048341985319444481

/Abrechnung-76-31210998378353168993665795447.php

# Reference: https://twitter.com/DissectMalware/status/1048329071061606400

/90AS98DF.php

# Reference: https://www.hybrid-analysis.com/sample/f65ba1cc50b29dd05ddaa83242f4b7bd0429841bfc4befa9e203cb6621d2389b?environmentId=100

/loader_mn.php

# Reference: https://twitter.com/James_inthe_box/status/1053668299165229056

/loader_ma.php

# Reference: https://twitter.com/nullcookies/status/1054496925469343744

/anzhuo.php

# Reference: https://twitter.com/ViriBack/status/1094261293693972480

ibrandworld.com/jsl.php

# Reference: https://twitter.com/IpNigh/status/1107567316148150274

/universalmail-notifications/updates.php

# Reference: https://twitter.com/Racco42/status/1102488453990830080

/masquare.php

# Reference: https://twitter.com/Racco42/status/1098218160111734789

nitdesenders.tianat.cat/tmp/signup.php

# Reference: https://twitter.com/JAMESWT_MHT/status/1103983033307271168

/photo/123.php
/Sep2018/gsm.php

# Reference: https://twitter.com/benkow_/status/1085483319347867649

 /public/hydra.php

# Reference: https://twitter.com/anyrun_app/status/1060858198599577601

/ghuae/huadh.php

# Reference: https://twitter.com/pollo290987/status/1108755025604591622

/loro_4.php

# Reference: https://www.welivesecurity.com/2018/11/06/supply-chain-attack-cryptocurrency-exchange-gate-io/

statconuter.com/c.php

# Reference: https://twitter.com/James_inthe_box/status/1109832439700971520
# Reference: https://app.any.run/tasks/f435d89d-30a5-465b-8a8d-b7a042665e0e

/loadbase1.php

# Reference: https://twitter.com/malwrhunterteam/status/1111630255763189761

/D2017HL/u.php

# Reference: https://twitter.com/IpNigh/status/1111919996266049536

/ahzhnobu48jgm1rksb2zl3sc.php

# Reference: https://twitter.com/IpNigh/status/1111904352053198848

/challengevdl.php

# Reference: https://twitter.com/IpNigh/status/1111872373446377472

/overviewshn.php

# Reference: https://twitter.com/executemalware/status/1112337168138149888

/phpmailer/Pmxyz.php

# Reference: https://twitter.com/albertzsigovits/status/1113096573284728839

/asfdh4/auth.php

# Reference: https://twitter.com/IpNigh/status/1113287915612798976

/49rrf856hqofcuq6mkdntfdp.php

# Reference: https://otx.alienvault.com/pulse/5ca5e12bcf299875864044a6
# Reference: https://www.securityartwork.es/2019/04/02/militaryfinancingmaldoc/
# Reference: https://blog.trendmicro.co.jp/archives/19054

/7773/index.php
/9125/gate.php 

# Reference: https://www.bromium.com/mapping-malware-distribution-network/
# Reference: https://otx.alienvault.com/pulse/5ca7142dd898276082584a58

/olala/get.php

# Reference: https://twitter.com/IpNigh/status/1114334454930190336

/hcu9e676hqzffjez47ec6ggd.php

# Reference: https://twitter.com/ViriBack/status/1114610878056402945

/class-walker-page-up.php

# Reference: http://marketplace.1c-bitrix.ru/blog/remove-virus-miner-from-the-site-to-1cbitrix/ (RU-lang)
# Generic detection for compromised Bitrix CMS

/bitrix/tools/check_files.php
/bitrix/gadgets/bitrix/weather/lang/ru/exec/include.php

# Reference: https://twitter.com/VK_Intel/status/1080919080616439808

/spr_updates.php

# Reference: https://twitter.com/packet_Wire/status/1118528816509591552

/rz7g271ct2iv65rmhwwq42bu.php

# Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1122804929452814337

/2abjk95b4kwbdpnfdn7uewhr.php
