# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://securelist.com/deathstalker-mercenary-triumvirate/98177/
# Reference: https://otx.alienvault.com/pulse/5f43eff7af4508bf663e17ea
# Reference: https://archive.f-secure.com/weblog/archives/00002803.html

http://105.104.10.115
http://54.38.192.174
http://87.121.52.62
http://87.121.52.69
http://91.229.76.153
http://91.229.76.17
http://91.229.77.120
http://91.229.77.240
http://91.229.79.120
http://94.156.77.182
http://95.211.168.10

# Reference: https://securelist.com/what-did-deathstalker-hide-between-two-ferns/99616/ (# PowerPepper)
# Reference: https://otx.alienvault.com/pulse/5fc9193078e666899f4cc5a7

allmedicalpro.com
gofinancesolutions.com
mediqhealthcare.com
footersig.pythonanywhere.com
globalsignature.pythonanywhere.com
mailservice.pythonanywhere.com
mailservices.pythonanywhere.com
mailsignature.pythonanywhere.com
mailsigning.pythonanywhere.com
gsn-nettoyage.com/wp-snapshots/