# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: nccTrojan

# Reference: https://www.proofpoint.com/us/threat-insight/post/chinese-apt-operation-lagtime-it-targets-government-information-technology
# Reference: https://www.virustotal.com/gui/ip-address/95.179.131.29/relations
# Reference: https://vblocalhost.com/uploads/VB2020-20.pdf
# Reference: https://vblocalhost.com/uploads/VB2020-Ozawa-etal.pdf
# Reference: https://otx.alienvault.com/pulse/5f74cab71bb5d12e32842814

95.179.131.29:8080
http://95.179.131.29
f1news.vzglagtime.net
mtanews.vzglagtime.net
news.vzglagtime.net
org.senyulinjiu.xyz
senyulinjiu.xyz

# Reference: https://twitter.com/Sebdraven/status/1239476693737373698
# Reference: https://app.any.run/tasks/8937295d-ea36-4398-96bd-20e7f3b193cb/

103.249.87.72:443

# Reference: https://twitter.com/Arkbird_SOLG/status/1255409992687116291
# Reference: https://app.any.run/tasks/a4701084-98e4-49d2-9938-c7ca5239e2a0/

217.69.8.255:443

# Reference: https://twitter.com/Sebdraven/status/1331657002934824964
# Reference: https://twitter.com/nao_sec/status/1331796610456535040
# Reference: https://twitter.com/nao_sec/status/1362332815409303554
# Reference: https://insight-jp.nttsecurity.com/post/102gr6l/ta428ncctrojan
# Reference: https://sebdraven.medium.com/actor-behind-operation-lagtime-targets-russia-f8c277dc52a9
# Reference: https://www.virustotal.com/gui/file/f5a78a155a219582db8959c3a96a1d91ed891801663b1cce0c599779773bc3f5/detection
# Reference: https://www.virustotal.com/gui/file/46a9ca7d5364fbe5fd3d6ffb0f8d86e9a9e566708657e59ef8873d3ed536348d/detection
# Reference: https://otx.alienvault.com/pulse/5fc5453982a82b8e4e6e7f58

45.77.129.213:443
custom.songuulcomiss.com
news.niiriip.com
niiriip.com
songuulcomiss.com

# Reference: https://insight-jp.nttsecurity.com/post/102glv5/pandas-new-arsenal-part-3-smanager
# Reference: https://otx.alienvault.com/pulse/5fd3f1f18a7e313da2c01587

coms.documentmeda.com
freenow.chickenkiller.com
office365.blogdns.com
vgca.homeunix.org
documentmeda.com

# Reference: https://twitter.com/nao_sec/status/1338402034593144835
# Reference: https://www.virustotal.com/gui/file/67458476cc289f7d0f0bda8938f959b8a1a515e23f37c9d16452b2e1d8adf5a4/behavior/VMRay

45.76.210.68:443
45.76.210.68:8080

# Reference: https://sebdraven.medium.com/a-net-rat-target-mongolia-9c1439c39bc2
# Reference: https://otx.alienvault.com/pulse/605b75b82d3c11af9e907851
# Reference: https://www.virustotal.com/gui/file/2b038ad9bfb8c3f40e95e38b572bdf536d9fd2e7dd5cc0c66fbd0bdc1ed89fde/detection
# Reference: https://www.virustotal.com/gui/file/1120275dc25bc9a7b3e078138c7240fbf26c91890d829e51d9fa837fe90237ed/detection
# Reference: https://www.virustotal.com/gui/file/08be2c7239acb9557454088bba877a245c8ef9b0e9eb389c65a98e1c752c5709/detection

185.82.218.40:443
185.82.218.40:8080
