# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
# Reference: https://www.virustotal.com/gui/ip-address/46.105.227.110/relations
# Reference: https://www.virustotal.com/gui/file/a32b3e0f9b0daaaea6ddda9875f463ff100a28005eb66a03c0308a1820787fce/detection
# Reference: https://www.virustotal.com/gui/file/aea4d3d01ab9a564ca12af0d1a8b5eecb381a409b30b3ac8fee13f85f8e8db24/detection

http://23.227.207.137
http://36.44.74.47
http://45.63.114.127
http://45.63.96.120
http://46.166.129.241
103.224.82.47:321
103.224.82.47:445
46.105.227.110:7003
dealsgle.com
sultris.com
krgod.qqm8.com
r01.etheraval.com
tc.streleases.com
tv.teldcomtv.com

# Reference: https://twitter.com/TI_ESC/status/1264843775232421888
# Reference: https://www.ptsecurity.com/upload/corporate/ww-en/analytics/calypso-apt-2019-eng.pdf

uv.usergetacss.com

# Reference: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange/
# Reference: https://otx.alienvault.com/pulse/60638f7aff63f9956797e899

aztecoo.com
draconess.com
membrig.com
prowesoo.com
rawfuns.com
rosyfund.com
sultris.com
waxgon.com
yolkish.com