# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: phantomremote, phantomcore, phantomocx, phantomc2, cargotalon, eaglet implant, ung0901, headmare

# Reference: https://bi.zone/expertise/blog/rainbow-hyena-snova-atakuet-novyy-bekdor-i-smena-taktik/
# Reference: https://www.virustotal.com/gui/file/4c78d6bba282aaff0eab749cfa8a28e432f7cbf9c61dec8de8f4800fd27e0314/detection
# Reference: https://www.virustotal.com/gui/file/d9bb370d87c09f23fff2fb4a32afd9d89c002e2ed9bfffdd85ce7883bc27aecc/detection
# Reference: https://www.virustotal.com/gui/file/ed9b24a77a74cd34c96b30f8de794fe85eb1d9f188f516bd7d6020cc81a86728/detection
# Reference: https://www.virustotal.com/gui/file/01f12bb3f4359fae1138a194237914f4fcdbf9e472804e428a765ad820f399be/detection
# Reference: https://www.virustotal.com/gui/file/0f1dcdc414afca59f97800a2d108089bf9f9a0cb3f7fbf0522dc10e8f7449046/detection

http://185.225.17.104
http://188.127.254.44
http://91.239.148.21

# Reference: https://x.com/malwrhunterteam/status/2013319279332999200
# Reference: https://www.virustotal.com/gui/file/a464cfd80810c6f5357b4e738317e900baef9a45fbbc59f5c51475f69b053e5e/detection

http://217.60.1.46
spareline.ru/wp-includes/pomo/entry.html
spareline.ru/wp-includes/post-template.html

# Reference: https://x.com/PrakkiSathwik/status/2013579955876118852
# Reference: https://www.virustotal.com/gui/file/bd149347be4141752dc206f833c6410ef065bfa9353cb370c543fa58dfc27f60/detection

http://185.54.0.148
http://217.60.5.249
http://217.60.60.18
act-print.ru/wp-includes/pomo/entry.html
act-print.ru/wp-includes/post-template.html
ast-automation.ru/wp-includes/pomo/entry.html
ast-automation.ru/wp-includes/post-template.html
ink-master.ru/wp-includes/pomo/entry.html
ink-master.ru/wp-includes/post-template.html
metelkova.ru/wp-includes/pomo/entry.html
metelkova.ru/wp-includes/post-template.html
shibargan.ru/wp-includes/pomo/entry.html
shibargan.ru/wp-includes/post-template.html

# Reference: https://securelist.com/head-mare-hacktivists/113555/
# Reference: https://www.virustotal.com/gui/file/063a8cad2115f6021532fa5093b33ec322b052c936659ec5cb42aa53a8207e59/detection
# Reference: https://www.virustotal.com/gui/file/4a65b7a0f940a55ab308595844ec2df205487d8b291162fb11d066ac3765074d/detection
# Reference: https://www.virustotal.com/gui/file/5d924a9ab2774120c4d45a386272287997fd7e6708be47fb93a4cad271f32a03/detection
# Reference: https://www.virustotal.com/gui/file/7e9d6a70a13c589622f47b2b984a9952c6498e8564df9e0e3fd86a7ac0088bf4/detection
# Reference: https://www.virustotal.com/gui/file/a048c920cf17b9ab4060e67dcd7d94b03aabb6636f895ede59d63b35c1145024/detection
# Reference: https://www.virustotal.com/gui/file/b45c9d797e7338e8a73cb86ba28e7c7638db9ccf901bb84a188cca274de6d4ad/detection
# Reference: https://www.virustotal.com/gui/file/bac3c4607a051f8b157882ce36b35b328dcf8f5662a18a09be0d3b08b233497b/detection
# Reference: https://www.virustotal.com/gui/file/dc3e4a549e3b95614dee580f73a63d75272d0fba8ca1ad6e93d99e44b9f95caa/detection
# Reference: https://www.virustotal.com/gui/file/e9e62b5a6059772d98ab95637dd020cc4beb5deb22d38ebc0a6f1d5714fbbc0e/detection

http://185.80.91.107
http://188.127.227.201
http://194.87.210.134
http://45.11.27.232
http://45.156.21.178
http://5.252.176.47
http://94.131.113.79
185.80.91.107:443
45.11.27.232:443
45.87.245.30:7000
45.87.246.169:6443
5.252.176.77:45098
5.252.176.77:8888
interoperaebility.world
jaudyoyh.ru

# Generic

/2000×2000.php
