# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: romcom
# CERT-UA: UAC-0132

# Reference: https://unit42.paloaltonetworks.com/cuba-ransomware-tropical-scorpius/
# Reference: https://otx.alienvault.com/pulse/62f36c89909d6b719ba8d340

combinedresidency.org
optasko.com

# Reference: https://cert.gov.ua/article/2394117 (Ukrainian)
# Reference: https://www.virustotal.com/gui/file/c149474f97140c3381bda3ad2451f253e08e7ad4be76a68ac3a6f15bc4bd4e63/detection

185.56.137.104:4444
69.49.231.103:4444
69.49.245.55:4444
4qzm.com
advanced-ip-scaner.com
advanced-ip-scanners.com
aspx.io
notfiled.com
mill.co.ua
ua.aspx.io
mil.ua.aspx.io
gov.mil.ua.aspx.io

# Reference: https://twitter.com/Unit42_Intel/status/1588199843981402114
# Reference: https://twitter.com/malware_traffic/status/1588211727891570688

wveeam.com

# Reference: https://www.proofpoint.com/us/daily-ruleset-update-summary-20221104

keepas.org
you-supported.com

# Reference: https://twitter.com/TLP_R3D/status/1655687889391431680
# Reference: https://twitter.com/TLP_R3D/status/1655844785075224576
# Reference: https://twitter.com/TLP_R3D/status/1656270702700273666
# Reference: https://twitter.com/k3yp0d/status/1655840102638137347
# Reference: https://twitter.com/k3yp0d/status/1655841493934800896
# Reference: https://www.virustotal.com/gui/ip-address/104.234.10.207/relations
# Reference: https://www.virustotal.com/gui/file/c118895776e75eaa291d2a5f54f1de4f48756aec28cebaa1bf6fd9beb5d36301/detection
# Reference: https://www.virustotal.com/gui/file/1308146f161ed60c86532dd2d2de8de8b0401e27023fc56f83903f137fccacfd/detection
# Reference: https://www.virustotal.com/gui/file/a5dae9b7ff88276f699eece44eb4b183f1b1de6bef9e159c417ba621a949f744/detection

104.234.10.207:7931
15.235.203.250:444
2.57.90.16:7931
217.195.153.39:7931
46.246.98.15:7931
postnordpakker.com
rdp-devolutions.com
startleague.net
wexonlake.com
/itrdd/kcrs/file1.txt
/itrdd/kcrs/file2.txt
/itrdd/kcrs/