# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://blog.talosintelligence.com/yorotrooper-espionage-campaign-cis-turkey-europe/
# Reference: https://github.com/Cisco-Talos/IOCs/blob/main/2023/03/YoroTrooper.txt

http://162.33.177.195
http://172.105.215.208
http://192.153.57.67
http://193.149.129.133
http://193.149.176.254
http://206.188.196.86
http://45.227.252.247
http://45.61.136.175
http://45.61.136.64
http://45.61.138.243
http://46.161.40.164
http://46.175.148.147
http://64.190.113.57
http://64.227.24.240
http://89.22.232.145
http://94.20.72.7
akipress.news
attachment-posts.cc
autn.tech
becloud.cc
capitaltrust.uz
horme.info
imbox.link
inro.link
mail-ru.link
mfa-tj.download
mypolicy.top
openingfile.net
owaut.ru
portal-inbox.com
sigriup.site
uzdaily.news
account.mail.ru.sigriup.site
account.nail.ru.horme.info
account.nail.ru.inro.link
accountyandex.inro.link
belaes.by.authentication.becloud.cc
belstat.gov.by.attachment-posts.cc
docscpcpipe.inro.link
e.login.mail-ru.link
e.mail.ru.autn.tech
e.mail.ru.mypolicy.top
e.mail.ru.portal-inbox.com
e.nail.ru.imbox.link
hse.ru.attachment-posts.cc
industry.tj.mypolicy.top
mail.agro.gov.kg.openingfile.net
mail.belaes.by.authentication.becloud.cc
mail.economy.qov.az-link.email
mail.g-cloud.by.authentication.becloud.cc
mail.gov.az-link.email
mail.hse.ru.attachment-posts.cc
mail.iacis.ru.autn.tech
mail.mfa.gov.kg.openingfile.net
mail.mgimo.ru.sigriup.site
mail.ru.authentification.becloud.cc
mailacgov.inro.link
mailaviacomplect.inro.link
maileecommission.inro.link
minsk.gov.by.attachment-posts.cc
moscpcpipe.inro.link
newint.mid.ru.owaut.ru
rnail.iterrf.ru.inro.link
rnail.mintrans.gov.ru.inro.link
rnail.rnid.ru.inro.link
srm.mfa.tj.uzdaily.news
sts.mfa.gov.tr.mypolicy.top
true.az-link.email

# Reference: https://blog.talosintelligence.com/attributing-yorotrooper/
# Reference: https://otx.alienvault.com/pulse/65394b8842d1837a7549bd59

ady.az.logiin.email
antikor.gov.kz.openingfile.net
asco.az-link.email
auth.logiin.email
auth.mail-ru.link
az.logiin.email
darkstore.su
e.mail.az-link.email
gov-az.site
gov.kz.openingfile.net
kyrgyzkomur.gov.kg
kz.openingfile.net
logiin.email
mail.ady.az.logiin.email
mail.antikor.gov.kz.openingfile.net
mail.asco.az-link.email
mail.az-link.email
mail.mincom.gov-az.site
mail.socar.az.logiin.email
mincom.gov-az.site
ru.auth.logiin.email
tpp.tj
