# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: blackenergy, quedagh, voodoo bear, temp.noble, iron viking

# Reference: https://web.archive.org/web/20120106212034/http://amada.abuse.ch/blocklist.php?download=domainblocklist

abaronaweb.net
ads.ew.com.cn
all-invite.org
aut0mat.info
bka.im
cazino-game.com
cxim.asia
ddumasz.info
globdomain.ru
hackzona.tk
jakkaru.ru
k0x.ru
kandagarka.net
myprodjs.ru
olololo.in
onlinejobsnet.co.cc
prava-servise.ru
sharp.mcdir.ru
webprofiler.cc
write-dream.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.80.53.22/relations

account-googlmail.ml
account-loginserv.com

# Reference: https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf
# Reference: https://www.virustotal.com/gui/file/dc074464e50502459038ac127b50b8c68ed52817a61c2f97f0add33447c8f730/detection

95.216.13.196:53
95.216.13.196:8080
hostapp.be

# Reference: https://twitter.com/kyleehmke/status/1267222198588145664

userarea.click
userarea.eu

# Reference: https://threatconnect.com/blog/threatconnect-research-roundup-probable-sandworm-infrastructure/

fbapp.info
fbapp.link
fbapp.top
myaccount.click
myaccount.one
userarea.click
userarea.eu
userarea.in
userarea.top
userzone.eu
userzone.one
webcache.one
