# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: HeaderTip

# CERT-UA: UAC-0026

# Reference: http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/Scarab_IOCs_January_2015.txt

apple.dynamic-dns.net
autocar.ServeUser.com
blackblog.chatnook.com
bulldog.toh.info
cew58e.xxxy.info
coastnews.darktech.org
demon.4irc.com
dynamic.ddns.mobi
expert.4irc.com
football.mrbasic.com
gjjb.flnet.org
imirnov.ddns.info
jingnan88.chatnook.com
lehnjb.epac.to
logoff.25u.com
logoff.ddns.info
ls910329.my03.com
mailru.25u.com
Markshell.etowns.net
mydear.ddns.info
nazgul.zyns.com
newdyndns.scieron.com
newoutlook.darktech.org
photocard.4irc.com
pricetag.deaftone.com
rubberduck.gotgeeks.com
shutdown.25u.com
sorry.ns2.name
sskill.b0ne.com
text-First.flnet.org
uudog.4pu.com
will-smith.dtdns.net
ndcinformation.acmetoy.com
service.authorizeddns.net
text-first.trickip.org
yellowblog.flnet.org

# Reference: https://twitter.com/h2jazi/status/1505887653111209994
# Reference: https://twitter.com/fstenv/status/1505915405562482696
# Reference: https://twitter.com/aRtAGGI/status/1506010831221248002
# Reference: https://cert.gov.ua/article/38097 (Ukrainian)
# Reference: https://www.virustotal.com/gui/file/7239cac92aaf6bbbbf4e657bc65a385e495a67a15aa6bbad0e25f23407a77ba9/detection

104.155.198.25:8080
ebook.port25.biz
mert.my03.com
product2020.mrbasic.com

# Reference: https://www.virustotal.com/gui/file/6bcb972bbd526433d9ad733eb7acfec2bc2e35686e9491a380fd5f7a09bf3276/detection

autocar.suroot.com
