# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://research.checkpoint.com/domestic-kitten-an-iranian-surveillance-operation/
# Reference: https://twitter.com/malwrhunterteam/status/1340344596698677250
# Reference: https://www.virustotal.com/gui/file/bd7779e6100e07b3eae67bfcdc53f1f08468651240229e284cca60e2b953496b/detection

http://162.248.247.172
http://190.2.144.140
http://190.2.145.145
http://89.38.98.49
firmwaresystemupdate.com
georgethompson.space
ronaldlubbers.site
stevenwentz.com
/hass/answer.php
/hass/get-function.php
/hass/upload-log.php

# Reference: https://twitter.com/blackorbird/status/1181868468620017665 (# Cyrus Attack)
# Reference: https://mp.weixin.qq.com/s/yaLC8gs-U92X6WnYzuuQ7w
# Reference: https://otx.alienvault.com/pulse/5d9db01cc5328d4649e0594c

http://46.4.143.130
198.50.220.44:80
appsoftupdate.com
lohefeshordeh.net
ychatonline.net

# Reference: https://www.blackberry.com/content/dam/blackberry-com/asset/enterprise/pdf/direct/mobile-malware-report.pdf

systemdriverupdate.com
ydownyload.net
ynewnow.net

# Reference: https://twitter.com/felixaime/status/1353622368913133569

androidsystemswebview.com
googleassisstants.com
googleservicesforar.com

# Reference: https://www.virustotal.com/gui/file/f63c9c67ef1cc74f3936d637217b1812e04794316cc3895665688068cb31b50e/detection

144.91.65.100:3245

# Reference: https://www.virustotal.com/gui/file/4e110011e8467c77c2de3a335d291b45b24633b2d22169552c200a1095355111/detection

144.91.65.100:4145

# Reference: https://www.virustotal.com/gui/file/5bc838b11eadb3fec80a7e6bb46183b868096d8c2e499bedd9c976f3d70d41b1/detection

144.91.65.100:6102
