# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: bluebottle, commonraven, desktop group

# Reference: https://twitter.com/blackorbird/status/1588353576723976192
# Reference: http://c-apt-ure.blogspot.com/2022/01/who-is-desktop-group.html
# Reference: https://www.group-ib.com/media-center/press-releases/opera1er/
# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/cybercrime/OPERA1ER/Group-IB_RPRT_OPERA1ER_EN_full.pdf
# Reference: https://www.virustotal.com/gui/file/6d87cce7f7e7ed51fc01fad000a8f6d8c715393873116b14fe2bc0abbb6086d8/detection

afijoh.net
afrikmedia.info
coris-bank.fr
eimaragon.org
evamachine.tk
helpdesk-security.org
kaspersky-lab.org
microsoft-af.com
ocitnetad.com
senegalsante.org
warii.club
zfs.life
4x33.ignorelist.com
actu.afrikmedia.info
actu.banquealtantique.net
bac.eimaragon.org
bac.senegalsante.org
boa.eimaragon.org
cnam.myvnc.com
cobalt.warii.club
codir.ocitnetad.com
contact.senegalsante.org
covid.ocitnetad.com
crazy.senegalsante.org
dc-4ade33bd8726.bdm-sa.fr
direct8.ddns.net
download.nortonupdate.com
driver.eimaragon.org
droid.senegalsante.org
dynastie.warzonedns.com
eimanet.eimaragon.org
ftp.eimaragon.org
gamevnc.myvnc.com
hostmaster.senegalsante.org
hunterx1-37009.portmap.io
info.senegalsante.org
info.warii.club
kpersky.duckdns.org
mail.mcafee-endpoint.com
mail.warii.club
news.afrikmedia.info
news.coris-bank.fr
noreply.mcafee-endpoint.com
ns.eimaragon.org
ns1.eimaragon.org
ns1.senegalsante.org
ns2.senegalsante.org
operan.ddns.net
personnel.bdm-sa.fr
queen2012.ddns.net
reply2host.duckdns.org
server.senegalsante.org
server0.senegalsante.org
server1.senegalsante.org
server2.senegalsante.org
server3.senegalsante.org
serveur1.hopto.org
srvopm.ocitnetad.ci
update.kaspersky-lab.org
update.mcafee-endpoint.com
update.microsoft-af.com
utils.afijoh.net
wa.eimaragon.org
wari.warii.club
warima.warii.club
webdisk.bdm-sa.fr
windowsdefender.redirectme.net
windowsupgraders.ddns.net
winsec.eimaragon.org
winsec.gotdns.ch
winsec.senegalsante.org
winsec.warii.club
wsus.microsoft-af.com

# Reference: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bluebottle-banks-targeted-africa
# Reference: https://www.virustotal.com/gui/file/fec7d1e96dd5903526317cdfec80d3f69c393cfb115fdda3bd28e3c383eb856a/detection
# Reference: https://www.virustotal.com/gui/file/ae4ff662c959cf24df621a2c0b934ed1fa1c26a270a180f695cd5295579afbbd/detection

http://178.73.192.15
http://185.225.73.165
http://46.246.86.12
http://85.239.34.152
178.73.192.15:8080
46.246.12.12:8080
46.246.14.17:7000
personnel.bdm-sa.fr
transmissive-basin.000webhostapp.com
