# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: revcode, webmonitor

# Reference: https://twitter.com/Racco42/status/1058830924828344320
# Reference: https://app.any.run/tasks/405c1678-4f77-4a44-88ce-0426d417ec13

walterbenson1122.wm01.to
94.140.125.158:443

# Reference: https://twitter.com/James_inthe_box/status/1058070642837188608

mostrugged.wm01.to

# Reference: https://twitter.com/anyrun_app/status/1042383486492004352
# Reference: https://app.any.run/tasks/10480540-90bf-4b5f-8d59-2e648d6411d3

javalux.wm01.to
185.61.138.181:443

# Reference: https://twitter.com/James_inthe_box/status/1017790896580915200

mercymorrgan.wm01.to

# Reference: https://twitter.com/Jan0fficial/status/1006075816592265217
# Reference: https://pastebin.com/HMPLa5na

arglobal.bb8c4e01.to
arglobal.6a0fe901.to
arglobal.81252b01.to
arglobal.1e517001.to
arglobal.cf488101.to
arglobal.93319601.to
arglobal.49b56c01.to
arglobal.69385701.to
arglobal.efe87401.to
arglobal.53fb0701.to
arglobal.wm01.to

# Reference: https://twitter.com/anyrun_app/status/978982898870218752
# Reference: https://app.any.run/tasks/4ec850ea-33ed-46cd-9cf2-afebe0375b8b

udmesh.wm01.to

# Reference: https://twitter.com/James_inthe_box/status/1224729231197790208

barclaysb.wm01.to

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/webmonitor-rat-bundled-with-zoom-installer/
# Reference: https://otx.alienvault.com/pulse/5eac5fbc246f37da533416ae

dabmaster.wm01.to

# Generic
# Reference: https://twitter.com/prsecurity_/status/1113789853848809473

/recv0.php
/recv1.php
/recv2.php
/recv3.php
/recv4.php
/recv5.php
/recv6.php
/recv7.php
/recv8.php
/recv9.php
