# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: apt39, chafer, itg07

# Reference: https://www.symantec.com/blogs/threat-intelligence/chafer-latest-attacks-reveal-heightened-ambitions

win7-update.com

# Reference: https://twitter.com/clearskysec/status/976170940722708480

j-alam.com
win10-update.com
dnrslv.gq
skf-group.info
yjksdrl.tk
eseses.tk
jevxvideo.com
dnmails.gq
microsoftcert.xyz

# Reference: https://unit42.paloaltonetworks.com/new-python-based-payload-mechaflounder-used-by-chafer/

http://134.119.217.87
http://185.177.59.70 
turkiyeburslari.tk 
xn--mgbfv9eh74d.com 
ytb.services

# Reference: https://twitter.com/VK_Intel/status/1093001266974916608

mycrossweb.com
offsetweb.com

# Reference: https://twitter.com/VK_Intel/status/1074910586423648256

dropboxengine.com

# Reference: https://twitter.com/ClearskySec/status/1123542294186070016
# Reference: https://twitter.com/ClearskySec/status/1123542295616327680
# Reference: https://otx.alienvault.com/pulse/5cc9ab085bab461b1df43a24

http://185.206.144.174
http://213.252.245.77
http://213.252.245.78
http://46.165.206.252
http://51.77.163.86
http://85.217.170.226
http://94.100.21.230
http://94.242.204.105
0ffice36o.com
acrobatverify.com
adobelicence.com
adpolicer.org
anyportals.com
cloudipnameserver.com
defender-update.com
googie.email
hpserver.online
jscript.online
lowconnectivity.com
mailservice-verify.stream
microsoftfixer.com
mobily-sa.com
msn-com.dynu.net
msnconnection.com
mycrossweb.com
stackwebonline.com
supermario2018.com
telenorco.com
updatenodes.site
updatesecuritypatch.com
verify-accounts-support.com
websys-corpo.com
windows-update.dynu.net

# Reference: https://otx.alienvault.com/pulse/5d07985dd0bbe4b2a97fc1c5
# Reference: https://securityintelligence.com/posts/observations-of-itg07-cyber-operations/

nvidia-services.com
sabre-airlinesolutions.com
sabre-css.com

# Reference: https://www.bitdefender.com/files/News/CaseStudies/study/332/Bitdefender-Whitepaper-Chafer-creat4491-en-EN-interactive.pdf

redjewelry.biz
apigoogle-accounts.biz
update-microsoft.space
