# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://blog.talosintelligence.com/yorotrooper-espionage-campaign-cis-turkey-europe/
# Reference: https://github.com/Cisco-Talos/IOCs/blob/main/2023/03/YoroTrooper.txt

http://162.33.177.195
http://172.105.215.208
http://192.153.57.67
http://193.149.129.133
http://193.149.176.254
http://206.188.196.86
http://45.227.252.247
http://45.61.136.175
http://45.61.136.64
http://45.61.138.243
http://46.161.40.164
http://46.175.148.147
http://64.190.113.57
http://64.227.24.240
http://89.22.232.145
http://94.20.72.7
akipress.news
attachment-posts.cc
autn.tech
becloud.cc
capitaltrust.uz
horme.info
imbox.link
inro.link
mail-ru.link
mfa-tj.download
mypolicy.top
openingfile.net
owaut.ru
portal-inbox.com
sigriup.site
uzdaily.news
account.mail.ru.sigriup.site
account.nail.ru.horme.info
account.nail.ru.inro.link
accountyandex.inro.link
belaes.by.authentication.becloud.cc
belstat.gov.by.attachment-posts.cc
docscpcpipe.inro.link
e.login.mail-ru.link
e.mail.ru.autn.tech
e.mail.ru.mypolicy.top
e.mail.ru.portal-inbox.com
e.nail.ru.imbox.link
hse.ru.attachment-posts.cc
industry.tj.mypolicy.top
mail.agro.gov.kg.openingfile.net
mail.belaes.by.authentication.becloud.cc
mail.economy.qov.az-link.email
mail.g-cloud.by.authentication.becloud.cc
mail.gov.az-link.email
mail.hse.ru.attachment-posts.cc
mail.iacis.ru.autn.tech
mail.mfa.gov.kg.openingfile.net
mail.mgimo.ru.sigriup.site
mail.ru.authentification.becloud.cc
mailacgov.inro.link
mailaviacomplect.inro.link
maileecommission.inro.link
minsk.gov.by.attachment-posts.cc
moscpcpipe.inro.link
newint.mid.ru.owaut.ru
rnail.iterrf.ru.inro.link
rnail.mintrans.gov.ru.inro.link
rnail.rnid.ru.inro.link
srm.mfa.tj.uzdaily.news
sts.mfa.gov.tr.mypolicy.top
true.az-link.email
