# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanDownloader:Win32/Upatre.A#tab=2

mytarta.com
cyclivate.com
pentruder.co.uk
huyontop.com

# Reference: https://researchcenter.paloaltonetworks.com/2018/07/unit42-upatre-continues-evolve-new-anti-analysis-techniques/

doghunter.bit
bookreader.bit

# Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-0315-0322.html (Win.Malware.Upatre-6894504-0)

ncaappraisers.com

# Reference: https://twitter.com/neonprimetime/status/1116754139281805317
# Reference: https://www.virustotal.com/gui/file/f9a4c6e5f2bac899b95772bb1b380b4a6f376c71b6c14385aa9154197e1a677d/detection

http://181.189.152.131
181.189.152.131:14101
181.189.152.131:14102
181.189.152.131:14103
181.189.152.131:14105
181.189.152.131:14107
181.189.152.131:14109
181.189.152.131:14116
181.189.152.131:14120
181.189.152.131:14122
181.189.152.131:14123
181.189.152.131:14124
181.189.152.131:14127
181.189.152.131:14134
181.189.152.131:14137
181.189.152.131:14138
181.189.152.131:14141
181.189.152.131:14142
181.189.152.131:14144
181.189.152.131:14145
181.189.152.131:14146
181.189.152.131:14147
181.189.152.131:14148
181.189.152.131:14152
181.189.152.131:14154
181.189.152.131:14163
181.189.152.131:443

# Reference: https://blog.talosintelligence.com/2020/02/threat-roundup-0221-0228.html (# Win.Dropper.Upatre-7594799-0)
# Reference: https://www.virustotal.com/gui/ip-address/38.65.142.12/relations

http://38.65.142.12
38.65.142.12:12502
38.65.142.12:12509
38.65.142.12:12556
38.65.142.12:12557
38.65.142.12:12558
38.65.142.12:12559
38.65.142.12:12564
38.65.142.12:12565
38.65.142.12:12567
38.65.142.12:12568
38.65.142.12:12569
38.65.142.12:12570
38.65.142.12:12571
38.65.142.12:12558
38.65.142.12:12559
38.65.142.12:12570

# Reference: https://www.virustotal.com/gui/file/5b93b78b1eb0b91d1776b10896a90eae107fe3d7366924f8b052ff4db32f3b0b/detection

frontierforex.com

# Reference: https://blog.talosintelligence.com/2020/03/threat-roundup-0228-0306.html (# Win.Downloader.Upatre-7601201-0)

grupodolcearte.com

# Reference: https://blog.talosintelligence.com/2020/03/threat-roundup-0313-0320.html (# Win.Malware.Upatre-7618803-1)

talonstamed.com

# Reference: https://twitter.com/killamjr/status/1248638073740693504

huyontop.com
