Xtreme RAT

HTTP Request Method = GET
HTTP URI = *.functions
Regex HTTP URI for \/[0-9]+\.functions$

Examples:

mrhacking .no-ip.info:81/1234567890.functions
almofatch .no-in.info:81/1234567890.functions
netera .no-ip.org:920/123.functions
aln3imi00100 .zapto.org:81/123321.functions
hackk-hackk .no-ip.biz:81/440526.functions
cinamarcina .no-ip.biz:100/1234567890.functions
reveng1 .no-ip.biz:81/1234567890.functions
aymn161 .no-ip.org:81/1234567890.functions
amin1111 .no-ip.org:93/1234567890.functions
cagatay3162 .zapto.org:81/1234567890.functions
ers .zapto.org:93/1234567890.functions
amgad .no-ip.biz:8181/1234567890.functions
mrxm511 .no-ip.org:82/1234567890.functions
hac.zapto .org:1177/1234567890.functions
mahmodemos .no-ip.org:81/1234567890.functions
176.241.85 .6:1723/1234567890.functions
starnight2012 .tzo.net:53156/1234567890.functions
jv123 .no-ip.org:82/104566.functions
77.64.70 .82:22280/1234567890.functions
kirkukboy .no-ip.biz:9999/1234567890.functions
sosososo .no-ip.biz:288/1234567890.functions
hack4ps .no-ip.info:92/1234567890.functions
sa123re .no-ip.org:82/1234567890.functions
khalil02 .no-ip.biz:81/1234567890.functions
wail .no-ip.biz:81/1234567890.functions

See examples of Xtreme RAT on UrlQuery.net

Reference: (PDF) http://www.matasano.com/research/PEST-CONTROL.pdf

Comments are closed.