# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://blog.malwarebytes.com/threat-intelligence/2022/08/woody-rat-a-new-feature-rich-malware-spotted-in-the-wild/
# Reference: https://otx.alienvault.com/pulse/62eb7b904a723ca5c89506c2
# Reference: https://www.virustotal.com/gui/file/0588c52582aad248cf0c43aa44a33980e3485f0621dba30445d8da45bba4f834/detection
# Reference: https://www.virustotal.com/gui/file/66378c18e9da070629a2dbbf39e5277e539e043b2b912cc3fed0209c48215d0b/detection
# Reference: https://www.virustotal.com/gui/file/43b15071268f757027cf27dd94675fdd8e771cdcd77df6d2530cb8e218acc2ce/detection
# Reference: https://www.virustotal.com/gui/file/e619d7435205dde0e4759d870b94249c52851f5e97db087ff11ba5dabf617b44/detection

http://194.36.189.179
174.128.236.169:21
microsoft-ru-data.ru
microsoft-telemetry.ru
oakrussia.ru
kurmakata.duckdns.org

# Reference: https://twitter.com/StopMalvertisin/status/1534350848012480518
# Reference: https://www.virustotal.com/gui/file/0adb1d9470ee03da5cd0461fb50a0b0d99c848343f77605b2ecadd9f10b43f0d/detection
# Reference: https://www.virustotal.com/gui/file/982ec24b5599373b65d7fec3b7b66e6afff4872847791cf3c5688f47bfcb8bf0/detection
# Reference: https://www.virustotal.com/gui/file/b65bc098b475996eaabbb02bb5fee19a18c6ff2eee0062353aff696356e73b7a/detection

fns77.ru

# Reference: https://malwarehunters.org/report/44/
# Reference: https://www.virustotal.com/gui/ip-address/178.20.45.2/relations
# Reference: https://www.virustotal.com/gui/ip-address/178.20.47.46/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.183.98.24/relations
# Reference: https://www.virustotal.com/gui/ip-address/195.2.67.189/relations
# Reference: https://www.virustotal.com/gui/file/650ebaffc5ffeb9c015a547f6c3bb4a46205eb51dbe136f05157d8fb5e61c220/detection
# Reference: https://www.virustotal.com/gui/file/f21517b0de55acfb0d4e88447d20a0217c6ea17ac027c22edeffd1a7dc5f02a1/detection

dataocr.ru
knaazz.ru
msword-srv.ru
nciinform.ru
npo-vk.ru
okb-sukhoi.ru
rus-mil.ru
disk.okb-sukhoi.ru
mail.knaazz.ru
mail.nciinform.ru
mail.npo-vk.ru
mail.okb-sukhoi.ru

# Generic

/cmd_result?c=
/get/37fdkfd2974knsni
/get/3tvefl7wici0im0x
/get/4o77n422qv3cfog8
/get/8qtm8yc21d16i4q3
/get/at19rnaz8kedndkq
/get/dw25ipjbf7m41b3e
/get/e2yyra32au5lmrep
/get/nob0y5b0ya3fv0kk
/get/pth9a50rsoas1dw5
/get/sg2zb31w1dy3f74x
/37fdkfd2974knsni
/3tvefl7wici0im0x
/4o77n422qv3cfog8
/8qtm8yc21d16i4q3
/at19rnaz8kedndkq
/dw25ipjbf7m41b3e
/e2yyra32au5lmrep
/nob0y5b0ya3fv0kk
/pth9a50rsoas1dw5
/sg2zb31w1dy3f74x
