# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: cloud atlas, redoctober

# Reference: https://www.alienvault.com/blog-content/2013/01/RedOctober-Indicatorsofcompromise-2.pdf

bb-apps-world.com
blackberry-apps-world.com
blackberry-update.com
csrss-check-new.com
csrss-update-new.com
csrss-upgrade-new.com
dailyinfonews.net
dll-host.com
dll-host-check.com
dll-host-udate.com
dll-host-update.com
dllupdate.info
drivers-check.com
drivers-get.com
drivers-update-online.com
genuine-check.com
genuineservicecheck.com
genuineupdate.com
hotinfonews.com
microsoftcheck.com
microsoft-msdn.com
microsoftosupdate.com
mobileimho.com
mobileimho.ru
mobile-update.com
msgenuine.net
msinfoonline.org
msonlinecheck.com
msonlineget.com
msonlineupdate.com
ms-software-check.com
ms-software-genuine.com
ms-software-update.com
new-driver-upgrade.com
nt-windows-check.com
nt-windows-online.com
nt-windows-update.com
osgenuine.com
os-microsoft-check.com
os-microsoft-update.com
security-mobile.com
shellupdate.com
svchost-check.com
svchost-online.com
svchost-update.com
update-genuine.com
win-check-update.com
windowscheckupdate.com
windows-genuine.com
windowsonlineupdate.com
win-driver-upgrade.com
wingenuine.com
wins-driver-check.com
wins-driver-update.com
wins-update.com
winupdateonline.com
winupdateos.com
world-mobile-congress.com
xponlineupdate.com

# Reference: https://securelist.com/cloud-atlas-redoctober-apt-is-back-in-style/68083/

webdav.cloudme.com/bimm4276/CloudDrive/

# Reference: https://securelist.com/recent-cloud-atlas-activity/92016/
# Reference: https://otx.alienvault.com/pulse/5d5176f09f3f84634e1f0227

http://144.217.174.57
http://176.31.59.232
