# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: ta402

# Reference: https://securelist.com/blog/research/72283/gaza-cybergang-wheres-your-ir-team/

downloadskype.cf
cbbnews.tk
store-legal.biz
chromeupdt.tk
depka.sytes.net
live.isasecret.com
bandao.publicvm.com
redirectlnk.redirectme.net
updatee.serveblog.net
ns2.negociosdesucesso.info
gov.uae.kim
ksm5sksm5sksm5s.zzux.com
downloadmyhost.zapto.org
googlecombq6xx.ddns.net
wallanews.sytes.net
safar.selfip.com
webfile.myq-see.com
offeline.webhop.net
rgoyfuadvkebxhjm.ddns.net
su.noip.us
goodday.zapto.org
deapka.sytes.net
nazer.zapto.org
up.uae.kim
kaliob.selfip.org
mp4.servemp3.com
safari.linkpc.net
backop.mooo.com
rotter2.sytes.net
lilian.redirectme.net
backjadwer.bounceme.net
bypasstesting.servehalflife.com
downloadlog.linkpc.net
cyber18.no-ip.net
test.cable-modem.org
noredirecto.redirectme.net
google.com.r3irv2ykn0qnd7vr7sqv7kg2qho3ab5tngl5avxi5iimz1jxw9pa9.uae.kim
wallanews.publicvm.com
tango.zapto.org
internetdownloadr.publicvm.com
update.ciscofreak.com
updato.ns01.info
test.ns01.info
ynet.ignorelist.com
tvnew.otzo.com
use.mooo.com
safara.sytes.net
removalmalware.servecounterstrike.com
uptime.uae.kim
fatihah.zapto.org
help2014.linkpc.net
dnsfor.dnsfor.me
gaonsmom.redirectme.net
thenewupdate.chickenkiller.com
cnaci8gyolttkgmguzog.ignorelist.com
mailchat.zapto.org
ynet.sytes.net
ajaxo.zapto.org
kaswer12.strangled.net
natco1.no-ip.net
justded.justdied.com
thenewupdatee.redirectme.net
kolabdown.sytes.net
cccam.serveblog.net
wcf6f0nqvjtup4un.mooo.com
duntat.zapto.org
lastmoon.mooo.com
spreng.vizvaz.com
updatee.hopto.org
nrehcnthrtfmyi.strangled.net
httpo.sytes.net
natco3.no-ip.net
download.likescandy.com
haartezenglish.strangled.net
natco5.no-ip.net
testcom.strangled.net
orango.redirectme.net
haartezenglish.redirectme.net
rotter2.publicvm.com
gq4bp1baxfiblzqk.mrbasic.com
fastbingcom.sytes.net
downloadskype.cf
cbbnews.tk
store-legal.biz
chromeupdt.tk
cyber-peace.org
depka.sytes.net
live.isasecret.com
bandao.publicvm.com
redirectlnk.redirectme.net
updatee.serveblog.net
ns2.negociosdesucesso.info
gov.uae.kim
ksm5sksm5sksm5s.zzux.com
downloadmyhost.zapto.org
wallanews.sytes.net
safar.selfip.com
webfile.myq-see.com
offeline.webhop.net
rgoyfuadvkebxhjm.ddns.net
su.noip.us
googlecombq6xx.ddns.net
deapka.sytes.net
nazer.zapto.org
up.uae.kim
kaliob.selfip.org
mp4.servemp3.com
safari.linkpc.net
backop.mooo.com
rotter2.sytes.net
lilian.redirectme.net
backjadwer.bounceme.net
bypasstesting.servehalflife.com
downloadlog.linkpc.net
cyber18.no-ip.net
test.cable-modem.org
noredirecto.redirectme.net
google.com.r3irv2ykn0qnd7vr7sqv7kg2qho3ab5tngl5avxi5iimz1jxw9pa9.uae.kim
wallanews.publicvm.com
tango.zapto.org
internetdownloadr.publicvm.com
update.ciscofreak.com
updato.ns01.info
test.ns01.info
ynet.ignorelist.com
tvnew.otzo.com
use.mooo.com
safara.sytes.net
removalmalware.servecounterstrike.com
goodday.zapto.org
uptime.uae.kim
fatihah.zapto.org
help2014.linkpc.net
dnsfor.dnsfor.me
gaonsmom.redirectme.net
thenewupdate.chickenkiller.com
cnaci8gyolttkgmguzog.ignorelist.com
mailchat.zapto.org
ynet.sytes.net
ajaxo.zapto.org
kaswer12.strangled.net
natco1.no-ip.net
justded.justdied.com
thenewupdatee.redirectme.net
kolabdown.sytes.net
cccam.serveblog.net
wcf6f0nqvjtup4un.mooo.com
duntat.zapto.org
lastmoon.mooo.com
spreng.vizvaz.com
updatee.hopto.org
nrehcnthrtfmyi.strangled.net
httpo.sytes.net
natco3.no-ip.net
download.likescandy.com
haartezenglish.strangled.net
natco5.no-ip.net
testcom.strangled.net
orango.redirectme.net
haartezenglish.redirectme.net
rotter2.publicvm.com
gq4bp1baxfiblzqk.mrbasic.com
fastbingcom.sytes.net
natco2.no-ip.net
natco4.no-ip.net
uae.kim

# Reference: https://ti.360.net/blog/articles/suspected-molerats-new-attack-in-the-middle-east/

smartweb9.com

# Reference: https://securelist.com/gaza-cybergang-updated-2017-activity/82765/

moreoffer.life
newshelpyou.com
newphoneapp.com
topsite.life
updatesforme.club
data-server.cloudns.club
signup.updatesforme.club
ping.topsite.life
alasra-paper.duckdns.org
hamas-wathaq.duckdns.org
download.data-server.cloudns.club
upgrade.newshelpyou.com
update.newshelpyou.com
manual.newphoneapp.com
hnoor.newphoneapp.com
lol.mynetav.org

# Reference: https://twitter.com/silv0123/status/1075047190819717122

microsoft10.compress.to
wiknet.wikaba.com
fulltest.yourtrap.com
checktest.www1.biz

# Reference: https://otx.alienvault.com/pulse/5cae20f3a01b640c6da1441e

fulltest.yourtrap.com
wiknet.wikaba.com
supports.mefound.com
checktest.www1.biz
testmace.compress.to
microsoft10.compress.to
mmh.ns02.us
saso10.myftp.biz
dji-msi.2waky.com
testhoward.mysecondarydns.com
time-loss.dns05.com
ramliktest.mynetav.org

# Reference: https://twitter.com/James_inthe_box/status/1171510993857347585
# Reference: https://app.any.run/tasks/cb96df9e-25f4-4d24-b4f8-c176938e24ec/

freshchrysanthemum.com

# Reference: https://www.clearskysec.com/wp-content/uploads/2016/01/Operation%20DustySky_TLP_WHITE.pdf

star.yaneom.space
yaneom.space.co
yaneom.ml
xr.downloadcor.xyz
wembail.supportmai.cf
wallnet.zyns.com
version.downloadcor.xyz
v6.support-sales.tk
us.suppoit.xyz
transkf.tk
suppot-sales.mefound.com
support-sales.tk
supports.mefound.com
support.mypsx.net
support.markting-fac.tk
support.bkyane.xyz
supo.mefound.com
sup.mefound.com
submit.mrface.com
sub.submitfda.co.vu
star.mefound.com
spynews.otzo.com
socks.israel-shipment.xyz
smtpa.dynamic-dns.net
smtp.gq
smtp.email-test.ml
sky.otzo.com
sip.supportcom.xyz
singin.loginto.me
ser.esmtp.biz
sales-spy.ml
salesmarkting.co.vu
sales.suppoit.xyz
sales.suppoit. xyz
sales.blogsyte.com
ra.goaglesmtp.co.vu
ns.suppoit.xyz
news20158.co.vu
news.net-freaks.com
news.bulk-smtp.xyz
ms.suppoit.xyz
mossad.mefound.com
marktingvb.ml
markit.mefound.com
marki.mefound.com
mailweb.otzo.com
krowd.downloadcor.xyz
jenneaypreff.linkpc.net
jake.support-sales.tk
iphonenewsd.co.vu
infoblusa.tk
idf.idfcom.co.vu
hr.goaglesmtp.co.vu
hostgatr.mrface.com
hdgshfdgh.co.vu
games.buybit.us
gamail.goaglesmtp.co.vu
gabro.xxuz.com
facetoo.co.vu
email-test.ml
emailotest.co.vu
ed3qy5yioryitoturysuiu.otzo.com
drivres-update.info
down.supportcom.xyz
down.downloadcor.xyz
direct-marketing.ml
dfwsd.co.vu
cnaci8gyolttkgmguzog.ignorelist.com
cl170915.otzo.com
buy.israel-shipment.xyz
bulk-smtp.xyz
baz.downloadcor.xyz
aqs.filezellasd.co.vu
acc.buybit.us
aaas.mefound.com
0arfx4grailorhvlicbj.servehumour.com
skynews1.blogsyte.com
goodwebmail.tk
email-market.ml
imazing.ga
0n4tblbdfncaauxioxto.ddns.net
cyaxsnieccunozn0erih.mefound.com
word.2waky.com
us-update.com
sales.intarspace.co.vu
newdowr.otzo.com
new.newlan.co.vu
lkvz7bsfuiaidsyynu7bd2owpe.dns05.com
info.intarspace.co.vu
gfhbgfzfgfgfgdg.otzo.com
3tshhm1nfphiqqrxbi8c.servehumour.com
d.nabzerd.co.vu
debka.ga
dontrplay.tk
zapt.zapto.org
news015.otzo.com
news.buybit.us
markting-fac.tk
adfdafsggdfgdfgsagaer.blogsyte.com
helthnews.ga
update.ciscofreak.com
googledomain.otzo.com
accounts-helper.ml
dorcertg.otzo.com
directl.otzo.com
dnsfor.dnsfor.me
filezellla.otzo.com
ksm5sksm5sksm5s.zzux.com
markting.mefound.com
vbdodo.mefound.com

# Reference: https://twitter.com/Timele9527/status/1200235223595618304

79.124.60.40:80
smartweb9.com

# Reference: https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-one
# Reference: https://otx.alienvault.com/pulse/5e46d6556e222319f332ec9a

laceibagrafica.com
motoqu.com
nysura.com
webtutorialz.com

# Reference: https://www.sentinelone.com/labs/gaza-cybergang-unified-front-targeting-hamas-opposition/
# Reference: https://otx.alienvault.com/pulse/657b6fc5f21adc5b57300979
# Reference: https://app.any.run/tasks/3e9d412a-49c9-48db-8b1f-f6fe55414b17/

nicoledotso.icu
nicoledotson.icu

# Reference: https://unit42.paloaltonetworks.com/molerats-delivers-spark-backdoor
# Reference: https://twitter.com/jeFF0Falltrades/status/1173300902242988032
# Reference: https://otx.alienvault.com/pulse/5d7f50c9b115a641c04aacd6

adsmartweb9.com
cloudserviceapi.online
dapoerwedding.com
goldenlines.site
itresolver.online
laceibagrafica.com
laptower.com
masterservices.online
minesaxess.net
motoqu.com
msexchange13.com
msexchanges16.com
nextdata.site
nysura.com
officemanage.site
servicebios.com
smartweb9.com
webtutorialz.com
zmartco.com

# Reference: https://www.virustotal.com/gui/file/46e09a0d320f63deb6b13ce6986188d5224b93757484af768bdafc360a7733ff/detection

149.28.137.224:10101
mythrow.ddns.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1268471328320913410
# Reference: https://app.any.run/tasks/648c8a6d-6586-433f-ab65-5f4dd4b92729/

vinnysvinyl.com

# Reference: https://www.welivesecurity.com/2020/07/14/welcome-chat-secure-messaging-app-nothing-further-truth/
# Reference: https://otx.alienvault.com/pulse/5f0dcfcaedaed628a054183d

emobileservices.club

# Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.molerat_loader
# Reference: https://www.virustotal.com/gui/file/df3cf22649e723b82bab789e12055f29928fd3ffbab1d6701b6439163c98e12c/detection

h908926f.beget.tech
/rat/startup.rat

# Reference: https://twitter.com/BaoshengbinCumt/status/1352845385891373056
# Reference: https://www.virustotal.com/gui/file/d48fe4b28ef4e5fb666d4f03247b31bc5bccb602d26e1cd6fc965cce25da9944/detection
# Reference: https://www.virustotal.com/gui/file/fa02e02e3db4076fd03fb54cd38bd6b04b07d7eaf2b4924fdd53eb5f2697134c/detection

javaupdate.no-ip.info

# Reference: https://www.proofpoint.com/us/blog/threat-insight/new-ta402-molerats-malware-targets-governments-middle-east
# Reference: https://otx.alienvault.com/pulse/60cb37bf5fe8246bb2556969

http://192.210.151.43

# Reference: https://twitter.com/h2jazi/status/1486094915872473096
# Reference: https://www.zscaler.com/blogs/security-research/new-espionage-attack-molerats-apt-targeting-users-middle-east
# Reference: https://www.virustotal.com/gui/file/2a9857f5b247488166e25d42f819459e685b3556e4f9ba0a052ba6b3c6c2fa4f/detection
# Reference: https://www.virustotal.com/gui/file/b2260d530f51b2289e2c64579eb53c4c9ce0c9ee3c850e57e90296968fd9625e/detection

http://23.94.218.221
http://45.63.49.202
bundanesia.com
msupdata.com

# Reference: https://www.virustotal.com/gui/file/973b2140bdba4f08306ab39a2245d6f200db1654d98a245c8020591788cb48f5/detection

http://185.244.39.165
sognostudio.com

# Reference: https://www.proofpoint.com/us/blog/threat-insight/ugg-boots-4-sale-tale-palestinian-aligned-espionage
# Reference: https://otx.alienvault.com/pulse/6202a3f984b0c0b13f2c88f8

easyuploadservice.com
uggboots4sale.com

# Reference: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government

healthcaption.com
inclusive-economy.com
theconomics.net

# Reference: https://www.sentinelone.com/labs/gaza-cybergang-unified-front-targeting-hamas-opposition/

aracaravan.com
beatricewarner.com
claire-conway.com
jane-chapman.com
wayne-lashley.com