# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://securingtomorrow.mcafee.com/mcafee-labs/malicious-document-targets-pyeongchang-olympics/

thlsystems.forfirst.cz
mafra.go.kr.jeojang.ga

# Reference: https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-sharpshooter-targets-global-defense-critical-infrastructure/?mid=1
# Reference: https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-sharpshooter.pdf

34.214.99.20/view_style.php
137.74.41.56/board.php
kingkoil.com.sg/board.php
kingkoil.com.sg/query.php

# Reference: https://go.recordedfuture.com/hubfs/reports/cta-2019-0206.pdf
# Reference: https://twitter.com/bkMSFT/status/1093109336740642816

llpsearch.com
miphomanager.com

# Reference: https://unit42.paloaltonetworks.com/unit42-the-fractured-block-campaign-carrotbat-malware-used-to-deliver-malware-targeting-southeast-asia/

071790.000webhostapp.com
7077.000webhostapp.com
881.000webhostapp.com
hanbosston.000webhostapp.com
vnik.000webhostapp.com
a7788.1apps.com
attach10132.1apps.com
bluemountain.1apps.com
filer1.1apps.com
s8877.1apps.com
files.000
ftp.byethost7.com
ftp.byethost10.com
webhost.com
webmail-koryogroup.com
61.14.210.72:7117

# Reference: https://twitter.com/blackorbird/status/1107214927402418176
# Reference: https://twitter.com/blackorbird/status/1107479347013672960

ddlove.kr/bbs/dta/1

# Reference: https://twitter.com/blackorbird/status/1082553543280680962

ago2.co.kr/bbs/data/dir

# Reference: https://twitter.com/blackorbird/status/1100691198346354688

46.29.163.222:9999

# Reference: https://otx.alienvault.com/pulse/5c9a457b3acc7f0eba431c81
# Reference: https://www.recordedfuture.com/scanbox-framework-campaign/

mailshield.ga
mail.mailshield.ga
monlamlt.com
oppo.ml
photogram.ga
tibct.net
tibct.org
tracking.dgip.gov.pk

# Reference: https://twitter.com/ClearskySec/status/1055404788635103232
# Reference: https://www.clearskysec.com/iec/

host-gv.appspot.com
journey-in-israel.com
iecr.co
iec-co-il.com
israelalerts.us
israelalert.us
pokemonisrael.yolasite.com
sourcefarge.net
users-management.com
ynetnewes.com

# Reference: https://twitter.com/ClearskySec/status/971454423548530688

baoin.baotintu.com
chinhtri.tourismas.com
kinhte.baotintu.com

# Reference: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc (2018-02-12: Malicious Invoice of Telcel Mexican Telecommunication Company)

bambi.sytes.net

# Reference: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc (2018-02-06: Iranian Greenbug targeting against Arab Emirates - Invoice-NO48935.doc)

acrobatverify.com

# Reference: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc (2018-1-1: Campaign targeting Turkey with fake purchase order requests, drops low detection Java malware)

gorevleriyok.com

# Reference: https://ti.360.net/blog/articles/analysis-of-targeted-attack-against-pakistan-by-exploiting-inpage-vulnerability-and-related-apt-groups/ (Chinese)

Jospubs.com
