forked from stamparm/maltrail
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcardinalrat.txt
52 lines (39 loc) · 1.48 KB
/
cardinalrat.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission
# Aliases: cardinalrat, carpdownloader, evilnum
# Reference: https://unit42.paloaltonetworks.com/cardinal-rat-sins-again-targets-israeli-fin-tech-firms/
affiliatecollective.club
dropinbox.host
dropinbox.pw
spotmacro.online
spotoption.pw
dropinbox.host
dropinbox.pw
spotmacro.online
# Reference: https://twitter.com/Bank_Security/status/1258129110569758720
# Reference: https://blog.prevailion.com/2020/05/phantom-in-command-shell5.html
# Reference: https://otx.alienvault.com/pulse/5eb2dc5032b006e9c9387051
http://139.28.37.63
http://185.62.190.89
http://185.62.190.218
# Reference: https://otx.alienvault.com/pulse/5f073c9a9607e5b2719938ef
http://139.28.39.165
http://176.107.176.237
http://45.9.239.50
ama-prime-client.com
faxing-mon.best
lvsys.com
win640.com
# Reference: https://github.com/eset/malware-ioc/tree/master/evilnum
http://185.20.186.75
http://185.61.137.141
http://185.62.189.210
adobe.com.kz
d2nz6secq3489l.cloudfront.net
# Reference: https://twitter.com/h2jazi/status/1390326242151444483
# Reference: https://twitter.com/h2jazi/status/1390326245225861123
# Reference: https://www.virustotal.com/gui/file/f79c2e89479533085c5a01e6585c29415e3349a36da5d7b831c2dfc364542248/detection
# Reference: https://www.virustotal.com/gui/file/9a2c9b14c79da0583066a335ffbac5afbc152f8a1cbf53a38e5f4f118d38d8fe/detection
speednet.fun
# Generic
/tran/check.php?id=