# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: blackenergy, quedagh, voodoo bear, temp.noble, iron viking

# Reference: https://web.archive.org/web/20120106212034/http://amada.abuse.ch/blocklist.php?download=domainblocklist

abaronaweb.net
ads.ew.com.cn
all-invite.org
aut0mat.info
bka.im
cazino-game.com
cxim.asia
ddumasz.info
globdomain.ru
hackzona.tk
jakkaru.ru
k0x.ru
kandagarka.net
myprodjs.ru
olololo.in
onlinejobsnet.co.cc
prava-servise.ru
sharp.mcdir.ru
webprofiler.cc
write-dream.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.80.53.22/relations

account-googlmail.ml
account-loginserv.com

# Reference: https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf
# Reference: https://www.virustotal.com/gui/file/dc074464e50502459038ac127b50b8c68ed52817a61c2f97f0add33447c8f730/detection

95.216.13.196:53
95.216.13.196:8080
hostapp.be

# Reference: https://twitter.com/kyleehmke/status/1267222198588145664

userarea.click
userarea.eu

# Reference: https://threatconnect.com/blog/threatconnect-research-roundup-probable-sandworm-infrastructure/

fbapp.info
fbapp.link
fbapp.top
myaccount.click
myaccount.one
userarea.click
userarea.eu
userarea.in
userarea.top
userzone.eu
userzone.one
webcache.one

# Reference: https://www.trendmicro.com/en_us/research/22/c/cyclops-blink-sets-sights-on-asus-routers--.html
# Reference: https://otx.alienvault.com/pulse/623319918d3021c70ec8f396

1.9.85.247:3269
1.9.85.247:636
1.9.85.247:8443
1.9.85.247:989
1.9.85.247:990
1.9.85.247:994
1.9.85.247:995
1.9.85.248:3269
1.9.85.248:636
1.9.85.248:8443
1.9.85.248:989
1.9.85.248:990
1.9.85.248:994
1.9.85.248:995
1.9.85.249:3269
1.9.85.249:636
1.9.85.249:8443
1.9.85.249:989
1.9.85.249:990
1.9.85.249:994
1.9.85.249:995
1.9.85.252:3269
1.9.85.252:636
1.9.85.252:8443
1.9.85.252:989
1.9.85.252:990
1.9.85.252:994
1.9.85.252:995
1.9.85.253:3269
1.9.85.253:636
1.9.85.253:8443
1.9.85.253:989
1.9.85.253:990
1.9.85.253:994
1.9.85.253:995
1.9.85.254:3269
1.9.85.254:636
1.9.85.254:8443
1.9.85.254:989
1.9.85.254:990
1.9.85.254:994
1.9.85.254:995
102.50.244.205:3269
102.50.244.205:636
102.50.244.205:8443
102.50.244.205:989
102.50.244.205:990
102.50.244.205:994
102.50.244.205
148.76.89.2:3269
148.76.89.2:636
148.76.89.2:8443
148.76.89.2:989
148.76.89.2:990
148.76.89.2:994
148.76.89.2:995
148.76.89.3:3269
148.76.89.3:636
148.76.89.3:8443
148.76.89.3:989
148.76.89.3:990
148.76.89.3:994
148.76.89.3:995
148.76.89.4:3269
148.76.89.4:636
148.76.89.4:8443
148.76.89.4:989
148.76.89.4:990
148.76.89.4:994
148.76.89.4:995
148.76.89.5:3269
148.76.89.5:636
148.76.89.5:8443
148.76.89.5:989
148.76.89.5:990
148.76.89.5:994
148.76.89.5:995
148.76.89.6:3269
148.76.89.6:636
148.76.89.6:8443
148.76.89.6:989
148.76.89.6:990
148.76.89.6:994
148.76.89.6:995
151.0.185.146:3269
151.0.185.146:636
151.0.185.146:8443
151.0.185.146:989
151.0.185.146:990
151.0.185.146:994
151.0.185.146:995
151.0.185.147:3269
151.0.185.147:636
151.0.185.147:8443
151.0.185.147:989
151.0.185.147:990
151.0.185.147:994
151.0.185.147:995
151.0.185.148:3269
151.0.185.148:636
151.0.185.148:8443
151.0.185.148:989
151.0.185.148:990
151.0.185.148:994
151.0.185.148:995
151.0.185.149:3269
151.0.185.149:636
151.0.185.149:8443
151.0.185.149:989
151.0.185.149:990
151.0.185.149:994
151.0.185.149:995
151.0.185.150:3269
151.0.185.150:636
151.0.185.150:8443
151.0.185.150:989
151.0.185.150:990
151.0.185.150:994
151.0.185.150:995
182.73.50.114:3269
182.73.50.114:636
182.73.50.114:8443
182.73.50.114:989
182.73.50.114:990
182.73.50.114:994
182.73.50.114:995
182.73.50.115:3269
182.73.50.115:636
182.73.50.115:8443
182.73.50.115:989
182.73.50.115:990
182.73.50.115:994
182.73.50.115:995
217.57.80.18:3269
217.57.80.18:636
217.57.80.18:8443
217.57.80.18:989
217.57.80.18:990
217.57.80.18:994
217.57.80.18:995
37.71.147.186:3269
37.71.147.186:636
37.71.147.186:8443
37.71.147.186:989
37.71.147.186:990
37.71.147.186:994
37.71.147.186:995
50.192.49.210:3269
50.192.49.210:636
50.192.49.210:8443
50.192.49.210:989
50.192.49.210:990
50.192.49.210:994
50.192.49.210:995
96.80.68.193:3269
96.80.68.193:636
96.80.68.193:8443
96.80.68.193:989
96.80.68.193:990
96.80.68.193:994
96.80.68.193:995
96.80.68.194:3269
96.80.68.194:636
96.80.68.194:8443
96.80.68.194:989
96.80.68.194:990
96.80.68.194:994
96.80.68.194:995
96.80.68.195:3269
96.80.68.195:636
96.80.68.195:8443
96.80.68.195:989
96.80.68.195:990
96.80.68.195:994
96.80.68.195:995
96.80.68.196:3269
96.80.68.196:636
96.80.68.196:8443
96.80.68.196:989
96.80.68.196:990
96.80.68.196:994
96.80.68.196:995
96.80.68.197:3269
96.80.68.197:636
96.80.68.197:8443
96.80.68.197:989
96.80.68.197:990
96.80.68.197:994
96.80.68.197:995
