# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: promethium, strongpity

# Reference: https://www.proofpoint.com/us/daily-ruleset-update-summary-20180522

ms-sys-security.com

# Reference: https://twitter.com/VK_Intel/status/1189939324344766464
# Reference: https://www.virustotal.com/gui/file/b75fbe3b21d83e2000928349d1610f292e1a4c072fd0454309fe1c6c7d85ff46/detection

upd32-secure-serv4.com

# Reference: https://twitter.com/Vishnyak0v/status/1219590822204727296

apt5-secure3-state.com

# Reference: https://www.virustotal.com/gui/file/80ad6598f6e0b7c2b7258cbb69aa782dbcac308ca3d9d451b9bb5290b943a58f/detection

193.235.207.60:443

# Reference: http://www.tgsoft.it/english/news_archivio_eng.asp?id=781

myrappid.com
pinkturtle.me
ralrab.com
mytoshba.com
truecrypte.org
true-crypte.website

# Reference: https://vxcube.com/recent-threats-ioc/5bf0f120a39bb52be98684cd/detail

srv601.ddns.net
srv602.ddns.net
updatesync.com
svnservices.com
ftp.mynetenergy.com
windriversupport.com
truecrypte.org
edicupd002.com

# Reference: https://twitter.com/kyleehmke/status/1220738826513063942

ms6-upload-serv3.com
state-awe3-apt.com

# Reference: https://twitter.com/CTI_Marc/status/1221809588925800449

serv3-app-system4.com

# Reference: https://twitter.com/kyleehmke/status/1227950151140073472

node1-cdn-network.com

# Reference: https://twitter.com/Vishnyak0v/status/1229725292513636353

syse-update-app4.com

# Reference: https://cybersecurity.att.com/blogs/labs-research/newly-identified-strongpity-operations
# Reference: https://app.any.run/tasks/3ab76ba4-b4ab-4e18-b3b6-9f56e3202056/

apn-state-upd2.com
app-mx3-delivery.com
cdn2-state-upd.com
cdn2-svr-state.com
cdn4-rxe3-map.com
mx-upd2-cdn-state.com
oem-sec4-mx32.com
srv-cdn3-system.com
srv5-upd51-mx3-sec22.com
svr-sec2-system.com
sys4-upload2-srv.com
system6-mxe-ups3.com
upd-ncx4-server.com
upd-network-ms2.com
upd-secure-srv1.com
upd2-app-state.com
upd3-srv-system-app.com
upd56-state3-cdn7-mx8.com
upn-sec3-msd.com

# Reference: https://twitter.com/malwrhunterteam/status/1264137361446899712

hostoperationsystems.com

# Reference: https://twitter.com/voodoodahl1/status/1265340234054668289

mentiononecommon.com
ms21-app3-upload.com
mailtransfersagents.com
