# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: cardinalrat, carpdownloader, evilnum

# Reference: https://unit42.paloaltonetworks.com/cardinal-rat-sins-again-targets-israeli-fin-tech-firms/

affiliatecollective.club
dropinbox.host
dropinbox.pw
spotmacro.online
spotoption.pw
dropinbox.host
dropinbox.pw
spotmacro.online

# Reference: https://twitter.com/Bank_Security/status/1258129110569758720
# Reference: https://blog.prevailion.com/2020/05/phantom-in-command-shell5.html
# Reference: https://otx.alienvault.com/pulse/5eb2dc5032b006e9c9387051

http://139.28.37.63
http://185.62.190.89
http://185.62.190.218

# Reference: https://otx.alienvault.com/pulse/5f073c9a9607e5b2719938ef

http://139.28.39.165
http://176.107.176.237
http://45.9.239.50
ama-prime-client.com
faxing-mon.best
lvsys.com
win640.com

# Reference: https://github.com/eset/malware-ioc/tree/master/evilnum

http://185.20.186.75
http://185.61.137.141
http://185.62.189.210
adobe.com.kz
d2nz6secq3489l.cloudfront.net

# Generic

/tran/check.php?id=
