# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-targets-organizations-for-cyberespionage/

american.blackcmd.com
api.apigmail.com
apigmail.com
backup.darkhero.org
bel.updatawindows.com
binary.update-onlines.org
blackcmd.com
castle.blackcmd.com
ctcb.blackcmd.com
darkhero.org
dav.local-test.com
test.local-test.com
dev.local-test.com
ocean.local-test.com
ga.blackcmd.com
helpdesk.blackcmd.com
helpdesk.csc-na.com
helpdesk.hotmail-onlines.com
helpdesk.lnip.org
hotmail-onlines.com
jobs.hotmail-onlines.com
justufogame.com
lnip.org
local-test.com
login.hansoftupdate.com
long.update-onlines.org
longlong.update-onlines.org
longshadow.dyndns.org
longshadow.update-onlines.org
longykcai.update-onlines.org
lostself.update-onlines.org
mac.navydocument.com
mail.csc-na.com
mantech.updatawindows.com
micr0soft.org
microsoft-outlook.org
mtc.navydocument.com
navydocument.com
mtc.update-onlines.org
news.hotmail-onlines.com
oac.3322.org
ocean.apigmail.com
pchomeserver.com
registre.organiccrap.com
security.pomsys.org
services.darkhero.org
sgl.updatawindows.com
shadow.update-onlines.org
sonoco.blackcmd.com
test.logmastre.com
up.gtalklite.com
updatawindows.com
update-onlines.org
update.deepsoftupdate.com
update.hancominc.com
update.micr0soft.org
update.pchomeserver.com
urs.blackcmd.com
wang.darkhero.org
webs.local-test.com
word.apigmail.com
wordpress.blackcmd.com
working.blackcmd.com
working.darkhero.org
working.hotmail-onlines.com
www.trendmicro-update.org
www.update-onlines.org
x.apigmail.com
ykcai.update-onlines.org
ykcailostself.dyndns-free.com
ykcainobody.dyndns.org
zj.blackcmd.com
laxness-lab.com
google-ana1ytics.com
www.google-ana1ytics.com
ftp.google-ana1ytics.com
hotmailcontact.net

# Reference: https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-inside-a-highly-specialized-espionage-infrastructure/

down.pzchao.com
up.pzchao.com
dll.pzchao.com
rat.pzchao.com
centuriosa.info
zll855.no-ip.info
zll855.gicp.net
