# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: calisto

# Reference: https://blog.google/threat-analysis-group/tracking-cyber-activity-eastern-europe/

drive-share.live
protect-link.online
protection-office.live
proton-viewer.com

# Reference: https://blog.sekoia.io/calisto-continues-its-credential-harvesting-campaign/

cache-docs.com
cloud-docs.com
docs-cache.com
docs-drive.online
docs-info.com
documents-cloud.com
documents-cloud.online
documents-pdf.online
drive-docs.com
file-milgov.systems
hypertextteches.com
office-protection.online
pdf-cloud.online
pdf-docs.online
pdf-shared.online
protectionmail.online
proton-docs.com
proton-view.online

# Reference: https://twitter.com/h2jazi/status/1538940189015429122
# Reference: https://www.virustotal.com/gui/file/7b95747eeea196c1485d089fa47a06bacb07d06399603d3a4fa153c21ce0a9ba/detection

cache-pdf.com

# Reference: https://otx.alienvault.com/pulse/6272996039678903e0b73dd5

cache-dns.com
docs-shared.com
documents-forwarding.com
documents-preview.com
protection-link.online
webresources.live

# Reference: https://twitter.com/r0ny_123/status/1549751626004500481

cache-pdf.online
documents-cloud.online
pdf-cache.online
pdf-forwarding.online
storage-service.online

# Reference: https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/

cache-dns-forwarding.com
cache-dns-preview.com
cache-services.live
cloud-drive.live
cloud-mail.online
cloud-storage.live
docs-forwarding.online
docs-info.online
docs-shared.online
docs-view.online
document-forwarding.com
document-online.live
document-preview.com
document-share.live
document-view.live
documents-online.live
documents-view.live
goo-link.online
mail-docs.online
office365-online.live
officeonline365.live
online-document.live
online-storage.live
online365-office.com
onlinecloud365.live
pdf-cache.com
protection-checklinks.xyz
proton-pdf.online
proton-reader.com
relogin-dashboard.online
safe-connection.online
safelinks-protect.live
secureoffice.live
word-yand.live
y-ml.co
yandx-online.cloud

# Reference: https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/blue-callisto-orbits-around-us.html

goo-ink.online
hypertexttech.com
accounts.hypertexttech.com

# Reference: https://blog.sekoia.io/calisto-show-interests-into-entities-involved-in-ukraine-war-support/
# Reference: https://otx.alienvault.com/pulse/6390ecc150d6fda9ab97c604

access-confirmation.com
allow-access.com
antibots-service.com
apicomcloud.com
as-mvd.ru
attach-docs.com
attach-update.com
blueskynetwork-drive.com
blueskynetwork-shared.com
botguard-checker.com
botguard-web.com
challenge-identifier.com
challenge-share.com
checker-bot.com
cija-docs.com
cija-drive.com
cloud-safety.online
cloud-us.online
default-dns.online
disk-previewer.com
dns-cache.online
dns-challenge.com
dns-cookie.com
dns-mvd.ru
docs-cache.online
docs-collector.com
docs-storage-ltd.com
docs-viewer.online
docs-web.online
document-guard.com
document-sender.com
drive-control.com
drive-defender.com
drive-global-ordnance.com
drive-globalordnance.com
drive-information.com
drive-previewer.com
drive-us.online
dtgruelle-drive.com
dtgruelle-us.com
encompass-drive.com
encompass-shared.com
filter-bot.com
global-ordnance-drive.com
goweb-protect.com
goweb-service.com
guard-checker.com
hd-centre-drive.com
hd-docs-share.com
hypertextttech.com
land-of-service.com
live-identifier.com
mvd-cloud.ru
mvd-redir.ru
network-storage-ltd.com
nonviolent-conflict-service.com
nonviolent-conflict-storage.com
online-word.com
preview-docs.com
preview-docs.online
protectedshields-storage.com
protection-web-app.com
proxycrioisolation.com
redir-document.com
response-collector.com
response-filter.com
response-mvd.ru
response-redir.com
safe-proof.com
sangrail-ltd.com
sangrail-share.com
selector-drafts.online
share-drive-ua.com
soaringeagle-drive.com
threatcenterofreaserch.com
threatcenterofresearch.com
transfer-dns.com
transfer-record.com
umo-drive.com
umopl-drive.com
umopl.com
webview-service.com
