# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
# Reference: https://www.virustotal.com/gui/ip-address/46.105.227.110/relations
# Reference: https://www.virustotal.com/gui/file/a32b3e0f9b0daaaea6ddda9875f463ff100a28005eb66a03c0308a1820787fce/detection
# Reference: https://www.virustotal.com/gui/file/aea4d3d01ab9a564ca12af0d1a8b5eecb381a409b30b3ac8fee13f85f8e8db24/detection

http://23.227.207.137
http://36.44.74.47
http://45.63.114.127
http://45.63.96.120
http://46.166.129.241
103.224.82.47:321
103.224.82.47:445
46.105.227.110:7003
dealsgle.com
etheraval.com
streleases.com
sultris.com
teldcomtv.com
krgod.qqm8.com
r01.etheraval.com
tc.streleases.com
tv.teldcomtv.com

# Reference: https://twitter.com/TI_ESC/status/1264843775232421888
# Reference: https://www.ptsecurity.com/upload/corporate/ww-en/analytics/calypso-apt-2019-eng.pdf

usergetacss.com
uv.usergetacss.com

# Reference: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange/
# Reference: https://otx.alienvault.com/pulse/60638f7aff63f9956797e899

aztecoo.com
draconess.com
membrig.com
prowesoo.com
rawfuns.com
rosyfund.com
sultris.com
waxgon.com
yolkish.com

# Reference: https://st.drweb.com/static/new-www/news/2022/march/telecom_research_en.pdf
# Reference: https://otx.alienvault.com/pulse/6267dbe17cdc91a784b256d6

globnewsline.com
surfanny.com
sultris.com
youtubemail.club
wordmoss.com
blog.globnewsline.com
clark.l8t.net
mail.globnewsline.com
mail.sultris.com
pop3.wordmoss.com
webmail.surfanny.com
zmail.wordmoss.com