# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.kaspersky.ru/blog/malicious-mailout-scr-attachment/37823/
# Reference: https://www.kaspersky.ru/blog/librarian-ghouls-cad-formats/38199/
# Reference: https://app.validin.com/detail?find=89.110.65.154&type=ip4&ref_id=e41544d48ff#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/2d4943980d751e6551ca04be73d5443359cde2e1ee142ff35ab1c9e84c105f56/detection
# Reference: https://www.virustotal.com/gui/file/02e49ad0d589b463a5dae39e81ff6c4151b2b9baca366ede566a5c0829a75d84/detection
# Reference: https://www.virustotal.com/gui/file/26a632f35e4382310044085b7f0e94fb5cd47f30ace588f7fceef9283a26a54a/detection

accouts-verification.ru
acountservices.online
deauthorization.online
detectis.ru
email-informer.ru
hostingforme.nl
office-account.ru
verificationc.nl
verificationc.online
verifikations.ru

# Reference: https://securelist.com/librarian-ghouls-apt-wakes-up-computers-to-steal-data-and-mine-crypto/116536/

acountservices.nl
anyhostings.ru
anyinfos.ru
bmapps.org
center-mail.ru
claud-mail.ru
downdown.ru
dragonfires.ru
email-office.ru
mail-cheker.nl
office-email.ru
outinfo.ru
redaction-voenmeh.info
supersuit.site
unifikator.ru
users-mail.ru
vniir.nl
vniir.space
