# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://blog.talosintelligence.com/2018/07/Mobile-Malware-Campaign-uses-Malicious-MDM-Part2.html

32player.com
appswonder.info
capsnit.com
hiltrox.com
hytechmart.com
ios-update-whatsapp.com
ios-certificate-update.com
metclix.com
nfinx.info
referfile.com
scrollayer.com
techwach.com
twitck.com
wpitcher.com

# Reference: https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf
# Reference: https://otx.alienvault.com/pulse/5f7dd394005536c84adbaf56

account-googie.com
accountvalidate.com
airfitgym.com
ambicluster.com
aspnet.dyndns.info
aspnet.dyndns.infoassurecom.info
assurecom.info
bulletinalerts.com
by4mode.com
cdn-icloud.co
cdn-icloud.cocelebsnightmares.com
celebsnightmares.com
citrusquad.com
classmunch.com
cloud-authorize.com
cocahut.com
cocelebsnightmares.com
cocoka.info
cocoka.infocrawloofle.com
cohealthclubfun.com
crawloofle.com
cyroonline.com
devicesupport-rnicrosoft.com
domforworld.com
electrobric.com
everification-session-load.com
flux2key.com
freepunjab2020.info
frexinq.com
gateway-yahoo.com
ghelp.co
ghelp.cohealthclubfun.com
healthclubfun.com
hypforever.com
i3mode.com
imging.site
imging.siteinlineirnage.com
infoassurecom.info
infocrawloofle.com
inlineirnage.com
justsikhthings.com
kannat.ns01.us
kannat.ns01.uskhalistanlehar.com
khalistanlehar.com
leastinfo.com
leelee.dnset.com
lizacorner.com
lobertica.info
login-private.com
logon-info-gsupport.com
logstrick.com
m0-rnaiil-siina-chn-reload.everification-session-load.com
mail-incc.com
mail-king.com
mail-validation.info
mail.techsprouts.com
mailinfo-bh.com
me-yahoo.com
medieczema.com
middleeastleaks.com
mideastleaks.com
mindcraftstore.com
musicbandfiles.com
myaccount-googie.com
myappie.comyfoodzone.net
myggl.ioo-auth.net
netonlinetokenid.com
netstring2me.com
onlinetokenid.com
opticscold.com
opticzstore.com
optusiy.com
orgyes2khalistanis.com
out-look-mail-bh.com
oyesterclub.info
passwordsaverr.com
poiusavid.com
portal549.com
privacylog.info
prontexim.com
regditogo.com
rhc-jo.com
risalaencryptor.com
rnaiill2-rnaill-slna-m0.everification-session-load.com
rnail-appld-oath-varfiction.everification-session-load.com
scan8t.comsecure-useraccount.com
service-authorization.com
setting-secure.com
shiaar-e-islam.com
signtabo.com
sikhforjustice.org
sikhforjustice.orgsimilerwork.netstring2me.com
similerwork.net
string2me.com
sync-tokens.com
tansyroof.com
techsprouts.com
techwach.com
thegogl.com
tierradom.com
timesofarab.com
toysforislam.com
trailhinder.com
traxbin.com
treemanic.com
trioganic.com
user-privacy.com
uskhalistanlehar.com
uyghuri.51vip.biz
uyghuri.51vip.bizuyghurie.51vip.bizuygur.5166.info
uyghurie.51vip.biz
uygur.5166.info
uygur.51vip.biz
uygur.51vip.bizuygur.eicp.netuygur.xicp.netvlprnaiill2-rnaill-slna.m0.everification-session-load.com
uygur.eicp.net
uygur.xicp.net
vlprnaiill2-rnaill-slna.m0.everification-session-load.com
weddnest.com
yes2khalistan.org
yes2khalistan.orgyes2khalistanis.com
yes2khalistanis.com
yfoodzone.netmyggl.ioo-auth.netonlinetokenid.com
zhqdgk.com

# Reference: https://twitter.com/bl4ckh0l3z/status/1321746458308128769
# Reference: https://www.virustotal.com/gui/file/cef4be533954e5bb901080cbca26976929d55692674f1bb9fefeca0c349c86db/detection
# Reference: https://www.virustotal.com/gui/file/4fd441183ffd576aea2cf50b19d263f6b07b7548ea24725a496a0a929daaf912/detection

procompass.org
voiceofislam.info

# Reference: https://twitter.com/Circuitous__/status/1377767299709550593
# Reference: https://pastebin.com/9U57CHZn

fastfiterzone.com
lobertica.info
memoadvicr.com
zovwelle.com
