# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: apt-c-41 , promethium, strongpity

# Reference: https://www.proofpoint.com/us/daily-ruleset-update-summary-20180522

ms-sys-security.com

# Reference: https://twitter.com/VK_Intel/status/1189939324344766464
# Reference: https://www.virustotal.com/gui/file/b75fbe3b21d83e2000928349d1610f292e1a4c072fd0454309fe1c6c7d85ff46/detection

upd32-secure-serv4.com

# Reference: https://twitter.com/Vishnyak0v/status/1219590822204727296

apt5-secure3-state.com

# Reference: https://www.virustotal.com/gui/file/80ad6598f6e0b7c2b7258cbb69aa782dbcac308ca3d9d451b9bb5290b943a58f/detection

193.235.207.60:443

# Reference: http://www.tgsoft.it/english/news_archivio_eng.asp?id=781

myrappid.com
pinkturtle.me
ralrab.com
mytoshba.com
truecrypte.org
true-crypte.website

# Reference: https://vxcube.com/recent-threats-ioc/5bf0f120a39bb52be98684cd/detail

srv601.ddns.net
srv602.ddns.net
updatesync.com
svnservices.com
ftp.mynetenergy.com
windriversupport.com
truecrypte.org
edicupd002.com

# Reference: https://twitter.com/kyleehmke/status/1220738826513063942
# Reference: https://app.any.run/tasks/6ae5416b-fc75-405f-8888-71d5f6c7de4d/

ms6-upload-serv3.com
state-awe3-apt.com

# Reference: https://twitter.com/CTI_Marc/status/1221809588925800449

serv3-app-system4.com

# Reference: https://twitter.com/kyleehmke/status/1227950151140073472

node1-cdn-network.com

# Reference: https://twitter.com/Vishnyak0v/status/1229725292513636353

syse-update-app4.com

# Reference: https://cybersecurity.att.com/blogs/labs-research/newly-identified-strongpity-operations
# Reference: https://app.any.run/tasks/3ab76ba4-b4ab-4e18-b3b6-9f56e3202056/

apn-state-upd2.com
app-mx3-delivery.com
cdn2-state-upd.com
cdn2-svr-state.com
cdn4-rxe3-map.com
mx-upd2-cdn-state.com
oem-sec4-mx32.com
srv-cdn3-system.com
srv5-upd51-mx3-sec22.com
svr-sec2-system.com
sys4-upload2-srv.com
system6-mxe-ups3.com
upd-ncx4-server.com
upd-network-ms2.com
upd-secure-srv1.com
upd2-app-state.com
upd3-srv-system-app.com
upd56-state3-cdn7-mx8.com
upn-sec3-msd.com

# Reference: https://twitter.com/malwrhunterteam/status/1264137361446899712
# Reference: https://twitter.com/0xthreatintel/status/1355847489291603970
# Reference: https://0xthreatintel.medium.com/uncovering-apt-c-41-strongpity-backdoor-e7f9a7a076f4
# Reference: https://www.virustotal.com/gui/ip-address/91.219.238.31/relations

hostoperationsystems.com

# Reference: https://twitter.com/voodoodahl1/status/1265340234054668289

mentiononecommon.com
ms21-app3-upload.com
mailtransfersagents.com

# Reference: https://twitter.com/BaoshengbinCumt/status/1313717536865742848
# Reference: https://www.virustotal.com/gui/file/04c6b2e93ee33d4b12f61c565ef164931ce8bb8225d0a80cae32782c1c30a802/detection
# Reference: https://www.virustotal.com/gui/file/2ea1ff8dc4a5ea276f8ae4137cbce0fd80b27d662dc0969127b454f5c0aa34e1/detection
# Reference: https://www.virustotal.com/gui/file/3da5ad345fa5dc65c5313a0846897ba696630e1b4c6b9388e7a479edce27745e/detection

cerulearc.com
protectapplication.com
record-fords.cerulearc.com

# Reference: https://twitter.com/BaoshengbinCumt/status/1330056911195136012

transferprotocolpolicy.com

# Reference: https://twitter.com/BaoshengbinCumt/status/1333302456185339904
# Reference: https://www.virustotal.com/gui/file/0265e9f22753a574dcc0f20fdb1838aaf22ba17e8f2577d1d88a811ed1f6467b/detection
# Reference: https://www.virustotal.com/gui/file/0f4933ae0b67f03154f36c3e47acd5eece9b3872677a30fdaf22df952b96b704/detection

ms-cdn-88.com

# Reference: https://twitter.com/BaoshengbinCumt/status/1333583293636255745
# Reference: https://www.virustotal.com/gui/file/4f4efb22c0bdd0bd8d1af525594571f31c641f8e5aa65b0b563bfad01e4a4505/detection

updserv-east-cdn3.com

# Reference: https://twitter.com/BaoshengbinCumt/status/1342761047967481856
# Reference: https://www.virustotal.com/gui/file/1185998fd595936708c1fc5a3ddeadbdd46b88e216419597da0b461e136ddfa7/detection

uppertrainingtool.com

# Reference: https://twitter.com/BaoshengbinCumt/status/1344270106201784320
# Reference: https://www.virustotal.com/gui/file/4efa6bc5ffe7b39a4e7f674e081e6428e981a11ac8289bd71e527213ec541fc8/detection

findingpcdrivers.com

# Reference: https://twitter.com/BaoshengbinCumt/status/1344620693086904321
# Reference: https://www.virustotal.com/gui/file/f81d16d98d7c5423e8f231fe47778b0824360fb41525fd545097bb8e700e1a8d/detection

hostoperationsystems.com

# Reference: https://cybleinc.com/2020/12/31/strongpity-apt-extends-global-reach-with-new-infrastructure/
# Reference: https://www.virustotal.com/gui/ip-address/185.47.131.103/relations

hybirdcloudreportingsoftware.com

# Reference: https://twitter.com/silv0123/status/1368589447780954113
# Reference: https://www.virustotal.com/gui/file/057e27d215f4930469417bfd5fec41b193c85ac9275a1ae5594fcbab68c23ed7/detection

lurkingnet.com

# Reference: https://twitter.com/silv0123/status/1370339230329696260
# Reference: https://www.virustotal.com/gui/file/0e4651625abda88df56952b7e97d7fb64a3e1ea97bfe01e931d47381c0952e98/detection

resolutionplatform.com

# Reference: https://twitter.com/_re_fox/status/1371197939599749123
# Reference: https://www.virustotal.com/gui/file/b6e3018d7b5f4aef74bcbd38b86ec5a3c6ca9fa1b1310aca5396217a1290db79/detection

transfermychoice.com

# Reference: https://twitter.com/voodoodahl1/status/1371538406984007683

hardwareoption.com
hierarchicalfiles.com
pulmonyarea.com

# Reference: https://www.virustotal.com/gui/file/eef5205cce36d1613036ce4ece3875e907473b75fdc09711c6545757547ea08a/detection

cdn12-web-security.com

# Reference: https://www.virustotal.com/gui/file/50baf0ea166f7e578b19fa519a6050e8095c79f30ef6954021fbe40e9058acd8/detection

ms-health-monitor.com

# Reference: https://twitter.com/silv0123/status/1394124776080240640
# Reference: https://www.virustotal.com/gui/file/debf8937623397e35359cd8e758283857eb0e161a5038f3637f496838ddeadd0/detection

informationserviceslab.com

# Reference: https://twitter.com/BaoshengbinCumt/status/1399652333210923014
# Reference: https://www.virustotal.com/gui/file/d22c6046f7c1102da9f60162f5529a08acb6da58ed598cc721fe8ffae7f47ea2/detection
# Reference: https://www.virustotal.com/gui/file/a9ed18bf798d32dcb7e9203720c35c54fed8b528924a8ec2bf5e58c775abbf84/detection
# Reference: https://www.virustotal.com/gui/file/f8671aedf3691b8bd5765fadfdb2865adfccaaee8a03ffd5447edca42d5b376d/detection
# Reference: https://www.virustotal.com/gui/file/f1552d049c3cae1a81be859cb8cd0c885797a9f5ce0266c4d53cc3c2ba3ecb1c/detection

filedocumentmanager.com

# Reference: https://twitter.com/BaoshengbinCumt/status/1400271045576192001
# Reference: https://www.virustotal.com/gui/file/84621560ab59aff0d63ab521d6eea3efb0f4c042dcc29317a5abe7dabafd15db/detection

selectednewfile.com

# Reference: https://anchorednarratives.substack.com/p/recover-your-files-with-strongpity
# Reference: https://www.virustotal.com/gui/file/1887977dc8ea476b5ddacccfe74e6c630222bfff1c7888eef08ce0e0c4d0d12f/detection
# Reference: https://www.virustotal.com/gui/file/2b26f4ce23dea823f4f7f8daf4c81550855068a4042bc150dfb71344f74b6f79/detection
# Reference: https://www.virustotal.com/gui/file/786c58acaf7a1354b0038f34adec8a46235059b8f3e87a47197f008446a5c757/detection

fileaccesscontrol.com
networkmanagemersolutions.com

# Reference: https://twitter.com/RedDrip7/status/1430716604896010243
# Reference: https://www.virustotal.com/gui/file/c278454e57783e327ec452a418ccc119be8bd79e7421d6958666d50eef2eff55/detection
# Reference: https://www.virustotal.com/gui/file/7b6d5d611d70dade1b90c10d2dfced62dd2cba1487f45a2800f81bf4f75bbee8/detection

repositoryupdating.com

# Reference: https://www.virustotal.com/gui/file/ef156165bdefe2a90c83e787218a670665e16ff23a097b78c654573df629a9b6/detection
# Reference: https://www.virustotal.com/gui/file/d8e09efe37e802b6541b97b22ca49d467fb02d2f7b7319fda0eed4fdc2e21e2b/detection

sessionprotocol.com

# Reference: https://twitter.com/Des00464472/status/1351104382943830017

applicationrepo.com

# Reference: https://twitter.com/Des00464472/status/1555433330786848771

fairgowingo.com

# Reference: https://twitter.com/Des00464472/status/1583333357714538497

inodeapplicationserver.com

# Reference: https://twitter.com/malwrhunterteam/status/1549125906416943108
# Reference: https://www.welivesecurity.com/2023/01/10/strongpity-espionage-campaign-targeting-android-users/
# Reference: https://www.virustotal.com/gui/file/be1593bd1f1d5a4d05217f0492832e13bddd61281d8e109668ea5c64920fe9b2/detection

dutchvideochatting.com
intagrefedcircuitchip.com
networksoftwaresegment.com

https://www.virustotal.com/gui/ip-address/139.59.250.183/relations

hotpatches.net
javaplugin-update.com
remoteaaddressconnect.com
requiredvision.com
