# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: javarat, crossrat

# Reference: https://twitter.com/pancak3lullz/status/1159138997723193344
# Reference: https://www.virustotal.com/gui/file/15af5bbf3c8d5e5db41fd7c3d722e8b247b40f2da747d5c334f7fd80b715a649/detection

94.229.70.7:2223
flexberry.com

# Reference: https://x.com/malwrhunterteam/status/1831587080780070999
# Reference: https://x.com/malwrhunterteam/status/1914567930878034347
# Reference: https://x.com/naumovax/status/1869019373631123490
# Reference: https://www.virustotal.com/gui/ip-address/94.131.111.51/relations
# Reference: https://app.any.run/tasks/f7e4df3c-f7f8-44e3-b1c3-a4db9d162732
# Reference: https://www.virustotal.com/gui/file/ec4e915484b22a46b5581ef39695832191c557bf4d9bd8238da468ad9e8a75ae/detection
# Reference: https://www.virustotal.com/gui/file/434902272c8d02754bbdfa37915745af55e0b59f2e8193bea6a66a025c14f7ba/detection

109.120.178.147:4025
109.120.178.147:4028
109.120.178.147:6662
94.131.111.51:3002
94.131.111.51:4001
94.131.111.51:4008
94.131.111.51:4099
94.131.111.51:6663
aditionallibraries.fun
axlecoffee.fun
maksagain.fun
maksagain.xyz
maksgofile.fun
makslibraries.fun
makslibraries.space
makslove.xyz

# Reference: https://x.com/James_inthe_box/status/1915037855371731401
# Reference: https://app.any.run/tasks/0dfd03de-7006-43e3-bead-8d3888a11c9a
# Reference: https://www.virustotal.com/gui/file/ce91d60a14f10d657dd9ddf77e879d98e71455d272b9574273d94a0ad11bfcb2/detection

45.144.212.172:8093

# Reference: https://www.fortinet.com/blog/threat-research/multilayered-email-attack-how-a-pdf-invoice-and-geofencing-led-to-rat-malware
# Reference: https://www.virustotal.com/gui/file/5f897fec78e2fd812eb3bc451222e64480a9d5bc97b746cc0468698a63470880/detection
# Reference: https://www.virustotal.com/gui/file/469b8911fd1ae2ded8532a50e9e66b8d54820c18ccdba49d7a38850d6af54475/detection
# Reference: https://www.virustotal.com/gui/file/af8b6ac45918bc87d2a164fae888dab6e623327cba7c2409e4d0ef1dde8d1793/detection

123.99.198.201:26466
143.47.53.106:33036
202.189.5.24:31721
frp-man.top
e1.luyouxia.net
settingsun.e1.luyouxia.net

# Reference: https://x.com/malwrhunterteam/status/1928138227375820911
# Reference: https://www.virustotal.com/gui/file/a6c0aa0c83777164671dcb9ca706474fa9406fd532f7407b74287ed5f311f8d5/detection

193.25.215.58:7879
