# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: Group 123, Red Eyes, Venus 121

# Reference: https://otx.alienvault.com/pulse/5d4456d289603cc548ddbc92
# Reference: https://blog.alyac.co.kr/2453 (Korean)
# Reference: https://fortiguard.com/resources/threat-brief/2019/08/09/fortiguard-threat-intelligence-brief-august-09-2019

price365.co.kr/abbi/head0.jpg
price365.co.kr/abbi/json/openssl.php
price365.co.kr/abbi/tail0.jpg
darvishkhan.net/wp-content/uploads/2017/06/update3.dat
darvishkhan.net/wp-content/uploads/2017/06/update6.dat

# Reference: http://blogs.360.cn/post/analysis-of-apt-c-37.html
# Reference: https://otx.alienvault.com/pulse/5d7916e3f619df83fd65778e

adamnews.for.ug
btcaes2.duckdns.org
da3da3.duckdns.org
israanews.zz.com.ve
mmksba.dyndns.org
mmksba.simple-url.com
samd1.duckdns.org
samd2.duckdns.org
sorry.duckdns.org
webhoptest.webhop.info