# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: apt35, apt-c-35, donot, stealjob # Reference: https://ti.360.net/blog/articles/latest-activity-of-apt-c-35/ qwe.drivethrough.top qwe.sessions4life.pw aoc.sessions4life.pw mon.sesions4life.pw tes.sessions4life.pw # Reference: https://ti.360.net/blog/articles/analysis-of-donot-andriod-sample/ godspeed.geekgalaxy.com jasper.drivethrough.top # Reference: https://asert.arbornetworks.com/donot-team-leverages-new-modular-malware-framework-south-asia/ conf.serviceupdateres.com upload.cloudsekurity.online abodeupdater.com qmails.org serviceupports.com thebangladeshtoday.net sundayobserver.net # Reference: https://ti.360.net/blog/articles/donot-group-is-targeting-pakistani-businessman-working-in-china-en/ databig.akamaihub.stream bigdata.akamaihub.stream unique.fontsupdate.com # Reference: https://twitter.com/blackorbird/status/1111159128775249920 # Reference: https://www.netscout.com/blog/asert/lucky-elephant-campaign-masquerading account-sign-in-security.ga account-update-com.tk account-updates-team.ga afd-gov-bd.gq baf-mil-bd.tk checkbox.gq cyber-net-pk.cf fwo-com.tk g00gle-com.cf googlemail-com.gq live-com.gq live-com.ml live-service.cf login-live-com.cf login-yah00-com.tk login-yahoo-com.ga live-com-owa.gq mail-account-security-com.cf mail-accounts-verify-com.cf mail-intl-ja-mail-about.gq mail-nepalarmymil-np.gq mail-ntc-net-pk.tk mail-outlook-support-team.tk mail-paf-gov.cf mail-sign-alert-notification.cf mail-updates-systems.ga mail-update-task.ga mail-update-team.ga mail-yahoo-com.tk mail-yahoo-task.tk micorsoft-outlook-update.ml mofa-gov-mm.ml mofagov-np.cf mofa-gov-np.cf mofa-gov-pk.tk molaw-gov-pk.cf outlook-com.cf outlook-livecom.cf outlook-live-com.cf outlook-live-com.ga outlooklive-com.ml outlook-live-com.tk outlookmail-com.tk paec-gov-pk.ga paec-gov-pk-taskmail.tk paecweb-gov.gq paecwebmail.gq paf-gov-pk.cf paf-gov-pk.ga paf-gov-pk.tk paknavy-pk.gq paecgov-pk.cf pmo-gov-pk.tk pnra-org.gq pof-gov-pk.tk rab-gov-bd.gq sharepoint-google.ml slaf-gov-lk.ml sco-gov-pk.tk super-net-pk.cf super-net-pk.tk test-updates.ga userscontent.com yahoo-com.ga yahoomail.cf yahoomail-com.cf yahoo-mail-com.ml # Reference: https://twitter.com/blackorbird/status/1116263262524362753 unique.fontsupdate.com # Reference: https://otx.alienvault.com/pulse/5cb620d626b619048ca7b344 # Reference: https://ti.360.net/blog/articles/stealjob-new-android-malware-used-by-donot-apt-group-en/ 139.180.135.59:4233 bike.drivethrough.top car.drivethrough.top guide.domainoutlet.site param.drivethrough.top justin.drinkeatgood.space genwar.drivethrough.top alter.drivethrough.top qwe.drivethrough.top digest.drinkeatgood.space jasper.drivethrough.top ground.domainoutlet.site help.domainoutlet.site guild.domainoutlet.site # Reference: https://twitter.com/blackorbird/status/1122493860859432960 data-backup.online # Reference: https://twitter.com/sudosev/status/1123303891062460419 mystrylust.pw new.listenmusic.pw # Reference: https://twitter.com/Timele9527/status/1130673924193128448 servicejobs.life # Reference: https://twitter.com/blackorbird/status/1132951652896350208 rightapps.net/sms//images/files/nbp_request.php # Reference: https://twitter.com/sudosev/status/1143562610492760064 new.transportfun.pw strings.guitarshop.space # Reference: https://twitter.com/RedDrip7/status/1145539943323717632 151.236.11.222:50240