# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: apt19

# Reference: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-black-vine-cyberespionage-group.pdf

ameteksen.com
asconline.we11point.com
assso.net
capstoneturbine.cechire.com
caref1rst.com
careflrst.com
EmpireB1ue.com
extcitrix.we11point.com
facefuture.us
gifas.blogsite.org
gifas.cechire.com
healthslie.com
hrsolutions.we11point.com
icbcqsz.com
kaspersyk.com
me.we11point.com
mycitrix.we11point.com
myhr.we11point.com
oa.ameteksen.com
oa.technical-requre.com
oa.trustneser.com
polarroute.com
prennera.com
savmpet.com
sharepoint-vaeit.com
sinmoung.com
ssl-vaeit.com
ssl-vait.com
topsec2014.com
vipreclod.com
vpn.we11point.com
we11point.com
webmail.kaspersyk.com
webmail.vipreclod.com
wiki-vaeit.com
we11point.com
ysims.com

# Reference: https://attack.mitre.org/wiki/Group/G0009
# Reference: https://krebsonsecurity.com/wp-content/uploads/2015/02/FBI-Flash-Warning-Deep-Panda.pdf

googlewebcache.com
outlookssl.com
images.googlewebcache.com
smtp.outlookssl.com

# Reference: https://twitter.com/unpacker/status/1343143954007482369
# Reference: https://cybergeeks.tech/analyzing-apt19-malware-using-a-step-by-step-method/
# Reference: https://www.virustotal.com/gui/file/8b0877209594dada522e606ebac60ce82ceaa31978e71e7772fd8ae0065d53de/detection

http://106.185.43.96/user/atv.html
google-dash.com
microsoft-cache.com

# Generic

/lifeandstyle/marmalade-paddington-sales-up-making-drinking
/money/ofcom-fines-nuisance-calls
/world/video/shrien-dewani-arrives-uk-murder-trial-collapses-video
