# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: msupdater

# Reference: https://samples.vx-underground.org/APTs/2010/2010.09.06/Paper/MSUpdater%20Trojan.pdf
# Reference: https://www.virustotal.com/gui/file/d8a976979d4eeaf7485249c49d4a31824638a49dac308c5114c113b4a3eed9c9/detection

http://140.112.19.195

# Reference: https://www.virustotal.com/gui/file/2ab81ed10aa5f5f3443714924e4d89ae3050c1a30332a55c2cfae58851ae4ac1/detection

mail.hfmforum.com/microsoft/errorpost/default/connect.aspx
mail.hfmforum.com/microsoftupdate/getupdate/default.aspx

# Reference: https://www.virustotal.com/gui/file/6a237ffe0f7d84ffd9652662a2638a9b5212636b414ce15ea2e39204d2a24e7f/detection

siseau.com
resell.siseau.com

# Reference: https://www.virustotal.com/gui/file/75d3c3875744196cedff55d179bc62412adeba5e769fbfc85b2b891ff32b4f9f/detection

vssigma.com
great.vssigma.com

# Reference: https://www.virustotal.com/gui/file/452b1789b5f9c6acc390148048f923f40270a3c2800ce4e1a8b9cbc90aab49e5/detection

red.vssigma.com

# Generic

/microsoft/errorpost/default/connect.aspx
/microsoftupdate/getupdate/default.aspx