# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: RADIOSTAR, VIDEOKILLER, HALFSHELL, UNC1151, Ghostwriter, Influence Activity

# Reference: https://content.fireeye.com/web-assets/rpt-unc1151-ghostwriter-update
# Reference: https://www.fireeye.com/blog/threat-research/2021/04/espionage-group-unc1151-likely-conducts-ghostwriter-influence-activity.html
# Reference: https://otx.alienvault.com/pulse/6089a10aa27c23fdd4ee928e

account-inbox.online
accounts-inbox.ml
accounts-telekom.online
com-account.website
credentials-telekom.online
google-com.online
inbox-admin.site
interia-pl.site
interia-pl.website
login-inbox.online
login-mail.online
login-telekom.online
login-verify.online
logowanie-pl.site
meta-ua.online
net-account.online
net-account.space
net-accounts-mail.ru
net-support.site
net-verification.online
net-verify.site
net-verify.website
no-replay-notification.ga
onet-pl.online
passport-yandex.ru
ron-mil-pl.site
ron-mil-pl.space
ru-passport.online
signin-telekom.online
ua-agreements.online
ua-login.site
ua-passport.online
ukroboronprom-com.site
ukroboronprom.online
verify-ua.online
verify-ua.site
wp-agreements.online
wp-pl-potwierdz-dostep.site

# Reference: https://twitter.com/kyleehmke/status/1390243290826563591

op-pl.site

# Reference: https://twitter.com/kyleehmke/status/1390368185455677440

verify-ua.space

# Reference: https://twitter.com/kyleehmke/status/1392825232826802181

com-validate.site
com-verify.site

# Reference: https://twitter.com/kyleehmke/status/1397746852213186561

mil-secure.site

# Reference: https://twitter.com/kyleehmke/status/1403278668445720579

secure-firewall.site
