# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: jointworm, phantomocx, phantomc2, phantomcorea

# Reference: https://unit42.paloaltonetworks.com/cardinal-rat-sins-again-targets-israeli-fin-tech-firms/

wikipeldia.org

# Reference: https://twitter.com/_re_fox/status/1298268175927140353
# Reference: https://twitter.com/James_inthe_box/status/1298274439151251456
# Reference: https://app.any.run/tasks/e0845226-ee73-4e37-ab47-740cf0d3b757/

corpxtech.com
extrasectr.com
quotingtrx.com
trquotesys.com
veritechx.com
vvxtech.net

# Reference: https://app.any.run/tasks/42a70971-d057-4763-8541-5ebe9b842fcb/
# Reference: https://twitter.com/James_inthe_box/status/1280616037185024000
# Reference: https://twitter.com/_re_fox/status/1285579050241667078
# Reference: https://twitter.com/_re_fox/status/1280548111828561922
# Reference: https://twitter.com/Vishnyak0v/status/1300747696073039873

telefx.net
voipasst.com
voipreq12.com
voipssupport.com

# Reference: https://www.cybereason.com/hubfs/Evilnum%20IOCs.pdf
# Reference: https://otx.alienvault.com/pulse/5f5118e86e2b24d86310cd6d
# Reference: https://twitter.com/_re_fox/status/1273655899073187840

crm-domain.net
fxmt4x.com
leads-management.net
telecomwl.com
xlmfx.com

# Reference: https://twitter.com/_re_fox/status/1301887287765225477
# Reference: https://app.any.run/tasks/383a15aa-63b0-48ee-9a90-2cb64da9134f/

vdsappauthservice.net

# Reference: https://symantec.broadcom.com/hubfs/SED-Threats-Financial-Sector.pdf
# Reference: https://otx.alienvault.com/pulse/5f6b7988a48d50ae3e26381a

coinzre.website

# Reference: https://twitter.com/_re_fox/status/1316815091212390400
# Reference: https://app.any.run/tasks/5904a168-b4e4-45e6-bd6f-50ff80665bf9/
# Reference: https://www.virustotal.com/gui/file/da7d3ad1dc2f17b2d2387781e6486682f85d9980c115a10c7f38b3729e0fa273/detection

adsmachineio.com
api-pixtools.com
api-printer-spool.com
msft-cdn.cloud
windows-accs.live
windows-ddnl.com

# Generic

/c?v=4&u=
/taskshandlers/DBhandle/primary_main.php
