# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: netwiredrc, netwire

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~NetWire-EK/detailed-analysis.aspx

mommyreal.ddns.net

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~NetWire-CC/detailed-analysis.aspx

wwfvpsv9.serveftp.com

# Reference: https://www.cyren.com/blog/articles/bad-things-come-in-pairs-3004

dinesaad.hopto.org

# Reference: https://twitter.com/James_inthe_box/status/1044616045560967168

cboss33.hopto.org

# Reference: https://twitter.com/James_inthe_box/status/1044365272675573760

natigr.ddns.net
projectadmin.camdvr.org

# Reference: https://twitter.com/James_inthe_box/status/1044231367347732480

ddns.catamosky.biz

# Reference: https://twitter.com/Racco42/status/1042056130577489928

lagos042.ddns.net
manuel3.publicvm.com

# Reference: https://twitter.com/VK_Intel/status/983940199603474432

snoopdmoney2018.sytes.net
snoopdmoneybkup.sytes.net

# Reference: https://www.virustotal.com/#/file/a095a7acda9c73fc89bfbc170bbec75a4572c75114e1687a7c212e9228915945/detection
# Reference: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3966&sid=a2bb410851e96a6bb24b90b65966112f&start=300#p32187

ola100.hopto.org

# Reference: https://twitter.com/malwrhunterteam/status/1106264932230852608

62.210.10.245:4000

# Reference: https://twitter.com/malwrhunterteam/status/1105163365209554951

amazonsprime.duckdns.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1107630659957329921

leew.linkpc.net

# Reference: https://twitter.com/James_inthe_box/status/1022228835616473088

onetimeade.linkpc.net

# Reference: https://twitter.com/malwrhunterteam/status/1096760442133856256

jackas.gotdns.ch

# Reference: https://maskop9.tech/index.php/2019/01/30/analysis-of-netwiredrc-trojan/
# Reference: https://app.any.run/tasks/e1d7034b-c866-4cef-8d55-04405cd2a81d

109.230.199.103:3360

# Reference: https://twitter.com/James_inthe_box/status/1118217392851566593

havemercy.mooo.com