# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: revcode, webmonitor

# Reference: https://twitter.com/Racco42/status/1058830924828344320
# Reference: https://app.any.run/tasks/405c1678-4f77-4a44-88ce-0426d417ec13

walterbenson1122.wm01.to
94.140.125.158:443

# Reference: https://twitter.com/James_inthe_box/status/1058070642837188608

mostrugged.wm01.to

# Reference: https://twitter.com/anyrun_app/status/1042383486492004352
# Reference: https://app.any.run/tasks/10480540-90bf-4b5f-8d59-2e648d6411d3

javalux.wm01.to
185.61.138.181:443

# Reference: https://twitter.com/James_inthe_box/status/1017790896580915200

mercymorrgan.wm01.to

# Reference: https://twitter.com/Jan0fficial/status/1006075816592265217
# Reference: https://pastebin.com/HMPLa5na

arglobal.bb8c4e01.to
arglobal.6a0fe901.to
arglobal.81252b01.to
arglobal.1e517001.to
arglobal.cf488101.to
arglobal.93319601.to
arglobal.49b56c01.to
arglobal.69385701.to
arglobal.efe87401.to
arglobal.53fb0701.to
arglobal.wm01.to

# Reference: https://twitter.com/anyrun_app/status/978982898870218752
# Reference: https://app.any.run/tasks/4ec850ea-33ed-46cd-9cf2-afebe0375b8b

udmesh.wm01.to

# Reference: https://twitter.com/James_inthe_box/status/1224729231197790208

barclaysb.wm01.to

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/webmonitor-rat-bundled-with-zoom-installer/
# Reference: https://otx.alienvault.com/pulse/5eac5fbc246f37da533416ae

dabmaster.wm01.to

# Reference: https://blog.talosintelligence.com/2020/12/threat-roundup-1204-1211.html (# Win.Trojan.Razy-9802759-1)
# Reference: https://www.virustotal.com/gui/file/38d5aba3e1dc8ecb316f1ac991b1892771665fa1293aa92131ea5dc8806fa155/detection
# Reference: https://www.virustotal.com/gui/file/c84e5826d7db96281b602b98396127829fccebc8b985d70ddf26f77aabb99b96/detection
# Reference: https://www.virustotal.com/gui/file/09352c0261db62806817a416bceae2a90b0b9a0711718c934f84556350c689f3/detection
# Reference: https://www.virustotal.com/gui/file/42bce47fdbd23c02eebf406de09e04f029347d4b8c05a7d728e8b8149533fb4b/detection
# Reference: https://www.virustotal.com/gui/file/5f16bdc7ec568e24dfa4dc9ee6e63d0a2886765319277ac20e0554ccdb093028/detection

maxchris.wm01.to
09c07c359e752a177e3eabaf603b0da5.se
0a76aee110a5af1b9dcc07b25bf6f6be.se
12ef8a64529e35a4e55773c2b0ddb02a.se
186d43e0b914e7f1ce42a21a21b49c40.se
1be3aed082719ef9b82c2477c21d7e7a.se
1d3d055750848a910bb8b08389d17a78.se
1f087d731000aa9472daa7c708451971.se
25e9ca102fbf458c824b3470b19eb940.se
31edd0535cfba4b503f29a5cc98f4768.se
3aecfe5cc3595deada536d595f1dd387.se
3e9b404900dd870272ac25f711954684.se
45cbb1dae8b44d5f582f8ff6606248ef.se
46bb0e88a441c403bfd63624a90d3327.se
503f0c2574a8d769af10f28fdf604794.se
566ffe6b82fba0c9e9e3debbd5c263cc.se
59f53a7a69b40f9efd1ce63aa4b4b6ea.se
5b7e3e64e9c88c6969bb03620e2c9685.se
5cb2e2fe199c1e246a457ae7f39d6f3b.se
5cd3e137cbb74a00bd7df81115b8c69a.se
5d980dcc6521938f55e50951c80861b1.se
701e5f7af5b7df7d911c31e4539712f2.se
73d56949a6e23ccbfd8048a11df603a0.se
7513607b0695d53fb32c3461ee7514ac.se
79028b825f4f3e5d8d736650dd892bc5.se
8309cffa6b529d5954ecf00a2ee4674e.se
8ed128fe665b3b20e9a4746d800cef32.se
96d1d37e1de3d3350a5e368c57b125f3.se
9d0ba0c1ce6e45fd88374fb98ea72300.se
a6afad1907bc15fff70f59f1533ae9be.se
aae37273dd4c5220085f183702217a14.se
b8ce5c09d8cfc62b6a94ac0beb11d8e2.se
c4af78f1071f58f6981dbfc1ca512ad6.se
c5f8025292c7dfacffa5cf8fb031d814.se
cba0236e51c85f99fed47e77b63c6173.se
cda08c1ab88d515296a2184a9f624b54.se
d2407d8f1c03e4afa2fe9efcafc21d96.se
d3cfc82a1e3d30f0f7a300be637bbce2.se
d4549fc79af09ca2469ed9df4f53c31a.se
d67653dfd1f585dba1e09d5df93c1c9f.se
e29c40ada8f906c76561179a6389843d.se
e379e491db682a8c92827c7830baee8e.se
ec60a2466b29444dd3a9801ab94276d8.se
fe6ed0b9c3afb90fe5ce233b0cd9e5e7.se
fef2cb3899e51aa3d1de004d1a74ca0a.se

# Reference: https://www.virustotal.com/gui/file/213eca8f7a8c9e79827ea16c910699dc3aca61820156408509b05269f03609cc/detection

revi1337.wm01.to

# Reference: https://www.virustotal.com/gui/file/67f8f800ab912dd56e3a52d38c0974033720312086dd3816e285e6faf03a6999/detection

nancymc.wm01.to

# Reference: https://www.virustotal.com/gui/file/eef02ba7d88da4fa8e15fccb6803a4316f2713f4a3e51ea050e8edfdbe064d61/detection

ticker.1e517001.to
ticker.49b56c01.to
ticker.53fb0701.to
ticker.69385701.to
ticker.6a0fe901.to
ticker.81252b01.to
ticker.93319601.to
ticker.bb8c4e01.to
ticker.cf488101.to
ticker.efe87401.to
ticker.wm01.to

# Reference: https://www.virustotal.com/gui/file/dc32c469d03e263978416ecb61ab2c275906b4de0cfd8cf659cc011d6769f6e5/detection

clearmind.1e517001.to
clearmind.49b56c01.to
clearmind.53fb0701.to
clearmind.69385701.to
clearmind.6a0fe901.to
clearmind.81252b01.to
clearmind.93319601.to
clearmind.bb8c4e01.to
clearmind.cf488101.to
clearmind.efe87401.to
clearmind.wm01.to

# Reference: https://www.virustotal.com/gui/file/2d98f126102af762a8ee80971ae460e2974fd565fa5bcfe1c57b120618c1f8c5/detection

monsterhf.1e517001.to
monsterhf.49b56c01.to
monsterhf.53fb0701.to
monsterhf.69385701.to
monsterhf.6a0fe901.to
monsterhf.81252b01.to
monsterhf.93319601.to
monsterhf.bb8c4e01.to
monsterhf.cf488101.to
monsterhf.efe87401.to
monsterhf.wm01.to

# Generic
# Reference: https://twitter.com/prsecurity_/status/1113789853848809473

/recv0.php
/recv1.php
/recv2.php
/recv3.php
/recv4.php
/recv5.php
/recv6.php
/recv7.php
/recv8.php
/recv9.php
