# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: MarkiRAT

# Reference: https://twitter.com/360CoreSec/status/1407604585896632323
# Reference: https://twitter.com/360CoreSec/status/1407653661816201226
# Reference: https://securelist.com/ferocious-kitten-6-years-of-covert-surveillance-in-iran/102806/
# Reference: https://www.virustotal.com/gui/file/5d69c23a226a5ad1068bb77b174cb8d00aa774c277e32824024f0d2fb21de1d9/detection
# Reference: https://www.virustotal.com/gui/file/dd54da85e23ca2117ad962934cf1cefcdc24011780326e38dc48946da9bb84ec/detection
# Reference: https://www.virustotal.com/gui/file/be984ef82521f1618edda34fd9d1738b543c0db9613536068eead736b822aff1/detection
# Reference: https://www.virustotal.com/gui/file/361524fb3d40dd2f275ee7aa4f40fccfe21f0552cd36ec38f48fbf7e50e66810/detection
# Reference: https://www.virustotal.com/gui/file/e53e265edcec04cdfb0db35139796944e867d49872e536d148af313e0b019ed7/detection
# Reference: https://www.virustotal.com/gui/file/99eb211ea131834d93e25ba0c1066e37d5583f7694c51611337e1c44b60b7fa5/detection
# Reference: https://www.virustotal.com/gui/file/9a38069efc55a19d50d26d300948b9095ab72538acbf4ed427ed5a77060aa259/behavior/Microsoft%20Sysinternals

com-view.org
com-view.space
comuk.space
unupdate.ml
unupload.xyz
updatei.com
aparat.com-view.space
khabarfarsi.com-view.org
microsoft.com-view.space
microsoft.unupdate.ml
microsoft.unupload.xyz
microsoft.updatei.com
microsoft.comuk.space

# Reference: https://twitter.com/360CoreSec/status/1435077875703562242
# Reference: https://www.virustotal.com/gui/file/b0d85647a0715e84a569fc79f6df3b9b82bac11e388948b767b4dbc7c721af47/detection

microcaft.xyz
microsoft.microcaft.xyz

# Generic

/ech/client.php?u=
/ech/echo.php?req=rr&u=
/ech/rite.php
/up/uploadx.php?=u=