# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: BackdoorDiplomacy, Quarian, Turian

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2013/2013-10-07-quarian-group-targets-victims-with-spearphishing-attacks/quarian-group-targets-victims-with-spearphishing-attacks.csv

andyothers.acmetoy.com
keep.ns3.name

# Reference: https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
# Reference: https://otx.alienvault.com/pulse/60c341dc8964edd2e2fcb651

pmdskm.top
bill.microsoftbuys.com
buffetfactory.oicp.io
dnsupdate.dns1.us
dnsupdate.dns2.us
dynsystem.imbbs.in
freedns02.dns2.us
icta.worldmessg.com
intelupdate.dns1.us
officeupdate.ns01.us
officeupdates.cleansite.us
systeminfo.cleansite.info
systeminfo.myftp.name
systeminfo.oicp.net
szsz.pmdskm.top
update.officenews365.com
updateip.onmypc.net
web.vpnkerio.com
winupdate.ns02.us