omg... this will take some time for me. Will re-work your records.

If you want I can leave only IP and port.
The idea is to make a pull request weekly. as long as it sounds good.

Usually I parse https://github.com/conexioninversa/C2Intel/blob/main/C2Domain.csv once a week. If I lucky today to have stable electricity in the evening, I would proceed your PR.

All is done for now. No need to create these trails:

they do live in malicious folder:

I have refactored detections you've proposed for merging and put them to respective trails minus some FPs.

Quesion: https://github.com/conexioninversa/MalwareIntel/blob/main/C2_Panda.txt <-- what is it in your case? Because some vendors put name Panda for multiple Zeus banking trojan variations. And I'm little bit confused of C2_Panda name. Thanks!

All is done for now. No need to create these trails:

they do live in malicious folder:

I have refactored detections you've proposed for merging and put them to respective trails minus some FPs.

Quesion: https://github.com/conexioninversa/MalwareIntel/blob/main/C2_Panda.txt <-- what is it in your case? Because some vendors put name Panda for multiple Zeus banking trojan variations. And I'm little bit confused of C2_Panda name. Thanks!

Basically it is from various reversing performed on various samples obtained.
I'm going to check though that these signatures are ok.
At the moment do not add these IPs that I have provided you on PANDA
Thanks

Basically it is from various reversing performed on various samples obtained. I'm going to check though that these signatures are ok. At the moment do not add these IPs that I have provided you on PANDA Thanks

OK, expecting info from you. Thank you!