# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: hworm, h-worm, wshrat

# Reference: https://twitter.com/DissectMalware/status/986467663353442305

pm2bitcoin.com

# Reference: https://twitter.com/Racco42/status/1047173279553900551

toheeb.publicvm.com

# Reference: https://twitter.com/Racco42/status/1044562743519584257
# Reference: https://twitter.com/Racco42/status/1040353263579738113
# Generic trail

/is-ready

# Reference: https://twitter.com/Racco42/status/1053747018835869696

fud.fudcrypt.com

# Reference: https://twitter.com/Racco42/status/1102879193631731713

185.198.26.245:8769
185.198.26.245:3843

# Reference: https://twitter.com/Racco42/status/1110868159492489216

brothersjoy.nl
newmenow.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1016808667692204032

windefendeupdate.duckdns.org

# Reference: https://twitter.com/Jan0fficial/status/1009009607988187137
# Reference: https://pastebin.com/MxR1p5wG

stanman.linkpc.net
/is-sending

# Reference: https://twitter.com/avman1995/status/963273945955864577

ines0049.ddns.net

# Reference: https://www.securityartwork.es/2019/01/25/wirte-group-attacking-the-middle-east/

149.28.14.103:535

# Reference: https://twitter.com/pmelson/status/1119756002503606272

updatesystem.linkpc.net

# Reference: https://twitter.com/Racco42/status/1120981890947854336

185.101.94.172:3018

# Reference: https://twitter.com/Racco42/status/1121350734350413824
# Reference: https://www.virustotal.com/en/file/5efd79ed3058f656b6df2164a37f86e80978d8ebb5f8d5222be03decb03fc28b/analysis/1556133044/

194.187.249.104:7777

# Reference: https://twitter.com/chen_erlich/status/1121406324884086787
# Reference: https://www.hybrid-analysis.com/sample/4ff921531d9cb5c21b3ee081a5fd1c52d12690332dd1ea1608230b8de918ac09

105.105.218.193:4433

# Reference: https://twitter.com/chen_erlich/status/1121406324884086787
# Reference: https://www.virustotal.com/gui/file/b2dc457d16afa43c943b31021052b939d58aedfcdf2fad8e25e5b96edc71d180/detection

updatefacebook.ddns.net
197.162.66.49:2

# Reference: https://twitter.com/chen_erlich/status/1121406324884086787
# Reference: https://www.virustotal.com/gui/file/61c96cdb88877b3c737a1022bb6355e8489d2cc2019ecbcc15be978186552174/detection

23.227.201.158:3047
