# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: javarat, crossrat

# Reference: https://twitter.com/pancak3lullz/status/1159138997723193344
# Reference: https://www.virustotal.com/gui/file/15af5bbf3c8d5e5db41fd7c3d722e8b247b40f2da747d5c334f7fd80b715a649/detection

94.229.70.7:2223
flexberry.com

# Reference: https://x.com/James_inthe_box/status/1915037855371731401
# Reference: https://app.any.run/tasks/0dfd03de-7006-43e3-bead-8d3888a11c9a
# Reference: https://www.virustotal.com/gui/file/ce91d60a14f10d657dd9ddf77e879d98e71455d272b9574273d94a0ad11bfcb2/detection

45.144.212.172:8093

# Reference: https://www.fortinet.com/blog/threat-research/multilayered-email-attack-how-a-pdf-invoice-and-geofencing-led-to-rat-malware
# Reference: https://www.virustotal.com/gui/file/5f897fec78e2fd812eb3bc451222e64480a9d5bc97b746cc0468698a63470880/detection
# Reference: https://www.virustotal.com/gui/file/469b8911fd1ae2ded8532a50e9e66b8d54820c18ccdba49d7a38850d6af54475/detection
# Reference: https://www.virustotal.com/gui/file/af8b6ac45918bc87d2a164fae888dab6e623327cba7c2409e4d0ef1dde8d1793/detection

123.99.198.201:26466
143.47.53.106:33036
202.189.5.24:31721
frp-man.top
e1.luyouxia.net
settingsun.e1.luyouxia.net

# Reference: https://x.com/malwrhunterteam/status/1928138227375820911
# Reference: https://www.virustotal.com/gui/file/a6c0aa0c83777164671dcb9ca706474fa9406fd532f7407b74287ed5f311f8d5/detection

193.25.215.58:7879

# Reference: https://www.virustotal.com/gui/file/aecbe29037274475ccf34a9ca31e73ce619a1f38c2963a97d5022cd8a1a1123e/detection

45.137.22.109:443
wartsdanzzz.dynamic-dns.net

# Reference: https://www.virustotal.com/gui/file/7bc34f0dcc56f7e2ae14b42713ce49a05ed04725ae47be11b5d4bf70a54e4108/detection

kyrgyzstanreview.com

# Reference: https://www.virustotal.com/gui/file/53c967c543952db99314b260c68b9a8a22351e50886e80ccd19d9de50cebd812/detection

91.92.242.3:59344
