# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: http://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution/

admin-ru.ru
adobe.update-service.net
apploadapp.webhop.me
brokbridge.com
cat.gotdns.ch
check-update.ru
childrights.in.ua
conhost.myftp.org
docdownload.ddns.net
downloads.email-attachments.ru
downloads.file-attachments.ru
dyndownload.serveirc.com
e.muravej.ua
email-attachments.ru
file-attachments.ru
freefiles.myftp.biz
getmyfile.webhop.me
googlefiles.serveftp.com
grom56.ddns.net
grom90.ddns.net
hrome-update.ru
hrome-updater.ru
loaderskypetm.webhop.me
loadsoulip.serveftp.com
mail.file-attachments.ru
mails.redirectme.net
mars-ru.ru
msrestore.ru
oficialsite.webhop.me
parkingdoma.webhop.me
poligjong.webhop.me
polistar.ddns.net
proxy-spread.ru
rms.admin-ru.ru
samotsvety.com.ua
skypeemocache.ru
skypeupdate.ru
spbpool.ddns.net
spread-service.ru
spread-ss.ru
spread-updates.ru
stor.tainfo.com.ua
tortilla.sytes.net
ukrnet.serveftp.com
ukrway.galaktion.ru
umachka.ua
update-service.net
updatesp.ddns.net
updateviber.sytes.net
webclidie.webhop.me
win-restore.ru
winloaded.sytes.net
winupdateloader.ru
www.file-attachments.ru
www.win-restore.ru
yfperoliz.webhop.me

# Reference: https://arstechnica.com/information-technology/2018/11/ukraine-detects-new-pterado-backdoor-malware-warns-of-russian-cyberattack/

updates-spreadwork.pw
dataoffice.zapto.org
bitsadmin.ddns.net

# Reference: https://cert.gov.ua/news/46

natos-drp.ddns.net
nato-drp.ddns.net
ukraine-news.ddns.net
ukraina-drp.ddns.net
tovar-es.ddns.net
start-usb.ddns.net
sovetkirov.ddns.net
singles-office.ddns.net
single-office.ddns.net
yousister.ddns.net
wq03.ddns.net
wq02.ddns.net
wq01.ddns.net
werdikt.ddns.net
wareface.ddns.net
vnc-new.ddns.net
ut03.ddns.net
ut02.ddns.net
ut01.ddns.net
us03.ddns.net
us02.ddns.net
us01.ddns.net
topline.myftp.org
sushi-bar.ddns.net
po03.ddns.net
po02.ddns.net
po01.ddns.net
pk03.ddns.net
pk02.ddns.net
pk01.ddns.net
orizoh88.ddns.net
optima-se.ddns.net
new-club.ddns.net
mykarina.ddns.net
microsoft-single.ddns.net
metro-exodus.ddns.net
marishka.ddns.net
macdocs.ddns.net
karasto01.ddns.net
gr03.ddns.net
gr02.ddns.net
gr01.ddns.net
connect-updates.ddns.net
chrome-update.ddns.net

# Reference: https://blog.threatstop.com/russian-apt-gamaredon-group

splin-body.site
torrent-stel.space
torent-updates.ddns.net
torrent-updates.ddns.net
splin-upd.site
splin-upd1.site
torrent-supd.space