# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: brockendoor, black owl, hoody hyena, lifting zmiy, zeronetkit

# Reference: https://x.com/t3ft3lb/status/2019430700685181250
# Reference: https://securelist.ru/bo-team-upgrades-brockendoor-and-zeronetkit-backdoors/113536
# Reference: https://github.com/t3ft3lb/2026-100DaysofYARA/blob/main/day_36.yara
# Reference: https://www.virustotal.com/gui/file/10d0114dba15bf9b19b7ef5f03fbbeae236daa78ceae7a362d12c66cb708d4a5/detection
# Reference: https://www.virustotal.com/gui/file/a41e7083e6c53c02dc2e92dcfd830f32c4da5cca77cff11b0d258836b8216a40/detection
# Reference: https://www.virustotal.com/gui/file/aeef89818b2212a0b7154eaad28183120ae2a7b90a553b5f4354cd1d7a010598/detection

http://213.165.60.118
213.165.60.118:22
213.165.60.118:22:443
easybussy.space
icecoldwind.online
invuln.xyz
lizzardsnails.online
mgutu-vf.ru
railradman.site
tributarieshand.online
urbantvpn.online
wholewell.online
yandecx.site
