# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Xtrat-CC/detailed-analysis.aspx

cooempresas.ddns.net

# Reference: https://citizenlab.ca/2015/12/packrat-report/

taskmgr.serveftp.com
taskmgr.servehttp.com
wjwj.no-ip.org

# Reference: https://www.virustotal.com/en/file/d05b5f13bfa9082f9087dabc3c4d15471209b1dfe8b27272360558dba2c85d43/analysis/
# Reference: https://www.virustotal.com/en/file/15c4933b7b767d44c71bac0b7bf44d1bd9f3dd6bada45b35f5ebb8f22367842b/analysis/

updatechrome.duckdns.org

# Reference: https://twitter.com/Racco42/status/1054463077603786753

84.38.135.152:1148

# Reference: https://www.zscaler.com/blogs/research/backdoor-xtrat-continues-evade-detection
# Reference: https://www.hybrid-analysis.com/sample/e58117933d0b5312cc0f799b5f181482220f1e26f62f9eaa4f99ed50cd29b90c?environmentId=1
# Reference: https://totalhash.cymru.com/analysis/?20379ec605b8acadb2a1f4f064c6481171a4e0ce
# Reference: https://report.any.run/e46cbed7747902cbf1bc0f26dbc847549d4c626facea329f3e165117ff28ed7e/548daf6b-7cea-42b8-be21-4c3c08439cae
# Reference: https://urlquery.net/report/6bc41921-5f7d-48fa-8ec5-0fb500f3fa5f

/123456.functions
anaperez.ddns.net
pruebas.bounceme.net
analaloca.chickenkiller.com
dolev.ddns.net
uranio2.no-ip.biz
morter.zapto.org

# Reference: https://www.zscaler.com/blogs/research/backdoor-xtrat-continues-evade-detection

suportassisten.no-ip.info
laithmhrez.no-ip.info
papapa-1212.zapto.org
sarkawt122.no-ip.biz
outlook11551.no-ip.biz
cascarita1.no-ip.biz
cascarita2.no-ip.biz
cascarita3.no-ip.biz
windows.misconfused.org
uranio2.no-ip.biz
fungii.no-ip.org
mohammad2010.no-ip.biz
updating.serveexchange.com
spycronicjn.no-ip.org
allmyworkers.no-ip.biz
livejasminci.no-ip.biz

# Reference: http://www.malwaresigs.com/2013/01/17/xtreme-rat/

mrhacking.no-ip.info
almofatch.no-in.info
netera.no-ip.org
aln3imi00100.zapto.org
hackk-hackk.no-ip.biz
cinamarcina.no-ip.biz
reveng1.no-ip.biz
aymn161.no-ip.org
amin1111.no-ip.org
cagatay3162.zapto.org
ers.zapto.org
amgad.no-ip.biz
mrxm511.no-ip.org
hac.zapto.org
mahmodemos.no-ip.org
starnight2012.tzo.net
jv123.no-ip.org
kirkukboy.no-ip.biz
sosososo.no-ip.biz
hack4ps.no-ip.info
sa123re.no-ip.org
khalil02.no-ip.biz
wail.no-ip.biz

# Reference: https://twitter.com/Racco42/status/1132935875430670337

justgo.linkpc.net

# Reference: https://go.recordedfuture.com/hubfs/reports/cta-2019-0314.pdf

test.zzjzpt.com