# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: cardinalrat, carpdownloader, evilnum

# Reference: https://unit42.paloaltonetworks.com/cardinal-rat-sins-again-targets-israeli-fin-tech-firms/

affiliatecollective.club
dropinbox.host
dropinbox.pw
spotmacro.online
spotoption.pw
s.dropinbox.host
secure.dropinbox.pw
s.spotmacro.online
secure.spotoption.pw

# Reference: https://twitter.com/Bank_Security/status/1258129110569758720
# Reference: https://blog.prevailion.com/2020/05/phantom-in-command-shell5.html
# Reference: https://otx.alienvault.com/pulse/5eb2dc5032b006e9c9387051

http://139.28.37.63
http://185.62.190.89
http://185.62.190.218

# Generic

/tran/check.php?id=
