# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://malpedia.caad.fkie.fraunhofer.de/actor/blackgear
# Reference: https://documents.trendmicro.com/assets/appendix-blackgear-cyberespionage-campaign-resurfaces-abuses-social-media-for-c&c-communication.pdf

abcdns.bounceme.net
abcpees.webhop.net
ancelon.webhop.net
anitacxb.servebbs.com
bi-apple.net
bitdefender.minidns.net
ccc.th-fish.com
ccuugo.8866.org
checkerror.obama20009.com
cheng.pc-officer.com
cometocome.8866.org
computerupdate.servegame.com
cooperlzh.liondrive.com
d1c2f3.3322.org
data.lovequintet.com
divineart.dyndns.org
domain.uyghuri.com
enterdia.zyns.com
erbilin.blogdns.com
feng.pc-officer.com
fifaoopp.webhop.net
fisu.rr.nu
gmail.servebbs.com
goodhope.no-ip.org
googleads.serveftp.com
handinhand.blogdns.org
harris.3322.org
hinetrouter.serveftp.org
hongzong.xicp.net
hzcj.8866.org
hzong.welikejack.com
ie-update.sytes.net
ifsbsa.bounceme.net
ihe1979.3322.org
intershare.zapto.net
intershare.zapto.org
introy.toh.info
ius.uyghuri.com
japanisok.selfip.org
jmjm.bounceme.net
killabcd.9966.org
kingcoast.3322.org
kingcoast.6688.org
kingcoast.homedns.org
kmtzh.zyns.com
ksforever.no-ip.org
liumingzhen.myftp.org
liumingzhen.zapto.org
liveupdate.dyndns.biz
lovemoney.2288.org
lycosgame.com
lyle.3322.org
lyle.homedns.org
mcrcancer.podzone.org
mcrcount.bounceme.net
mcrcount.podzone.org
meet.servebbs.org
menberservice.3322.org
microsoft.dumb1.com
mkmk.bounceme.net
mmm.freesite.us
msdndown1.3322.org
myblog.bounceme.net
mylife33.zapto.org
mywebpage.3322.org
newton1666.3322.org
nothingtolose.3322.org
nothingtolose.changeip.org
olyone.com
oohshit.dnsdojo.com
own.webhop.net
oyd.3322.org
pklei45.3322.org
pklei56.3322.org
plscoverko.meibu.com
pop.miyazakihousou.com
popftp.bounceme.net
popo.bi-apple.net
popularcat.hopto.org
pvp.scylla4421.com
rainflow.dontexist.com
readdook.selfip.com
red.istme.com
s27.dondon555.com
sbd.7766.org
sctw06.com
services.dyndns.biz
smtp.hitachis.net
sportsnews.chilichi.com
stemba.bounceme.net
support-microsoft.net
sweetbug.selfip.net
sweetcard.3322.org
sweetseed.3322.org
tempfy.9966.org
tempsys.8866.prg
tencent.ikwb.com
todayzh.sytes.net
tv.kingdomcer.com
update.ddns.ms
update.ns01.biz
update.support-microsoft.net
update.toh.info
vnn.dinhk.net
web.achteins.com
webcache.zapto.org
webhost.j2ee.us
webmail.hinet2010.com
webstation.webhop.net
webupdate.selfip.com
winautoupdate.acmetoy.com
windowsupdate8.3322.org
xinxin.6600.org
yahoo.jungleheart.com
yahoo.qpoe.com
yaxiko.bounceme.net
yitiao.dyndns-blog.com
yunmin.3322.org
zhngzng.mcchrystalvs.com
zwy2007.pc-officer.com

# Reference: https://www.virustotal.com/gui/file/42ee9dd43ea0f2766f1419733d238346603474106157ccabff8eff574c13941a/detection

58.158.177.102:8080
vcvcvcvc.dyndns.org
