# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: apt40, apt-c-40, leviathan, mudcarp, periscope

# Reference: https://otx.alienvault.com/pulse/5ca740c67a9dbc78fe32f9b9
# Reference: https://www.accenture.com/t20190305T200954Z__w__/us-en/_acnmedia/PDF-96/Accenture-Security-MUDCARP-Full-Report.pdf

chemscalere.com
eujinonline.sytes.net
scsnewstoday.com
thyssenkrupp-marinesystems.org
wsmcoff.com

# Reference: https://twitter.com/Vishnyak0v/status/1203986670623887361

accountsx.bounceme.net

# Reference: https://medium.com/@Sebdraven/apt-40-in-malaysia-61ed9c9642e9
# Reference: https://twitter.com/ClearskySec/status/1110941178231484417
# Reference: https://otx.alienvault.com/pulse/5e3dbad21b45e958a0d9e5a6

http://152.89.161.5
http://139.162.44.81
http://207.148.79.152
http://167.99.72.82
http://159.65.197.248
http://152.89.161.5
http://195.12.50.168
accountsx.bounceme.net
byfleur.myftp.org
capitana.onthewifi.com
dynamics.ddnsking.com
kulkarni.bounceme.net
thestar.serveblog.net
vvavesltd.servebeer.com

# Reference: https://www.elastic.co/fr/blog/advanced-techniques-used-in-malaysian-focused-apt-campaign
# Reference: https://otx.alienvault.com/pulse/5efa1262602caffb4ac35148

armybar.hopto.org
tomema.myddns.me

# Generic

/D2_de2o@sp0/
