# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: cageychameleon, cryptomimic, ta444, wslink

# Reference: https://twitter.com/behindbreach/status/1287961015506927616
# Reference: https://www.clearskysec.com/wp-content/uploads/2020/06/CryptoCore_Group.pdf
# Reference: https://otx.alienvault.com/pulse/5ef36f8f63a7d8a11972ca54
# Reference: https://vblocalhost.com/conference/presentations/unveiling-the-cryptomimic/
# Reference: https://vblocalhost.com/uploads/VB2020-Takai-etal.pdf
# Reference: https://vblocalhost.com/uploads/VB2020-18.pdf
# Reference: https://otx.alienvault.com/pulse/5f74bcb0be4abfe12d93d2bf

140.136.134.201:8080
41.85.145.164:8080
1driv.org
1drv.email
1drvmail.work
amazonaws1.info
amzonnews.club
blockchaintransparency.institute
bugscrowd.com
cloudfiles.club
cloudocs.space
cloudsecure.space
decurret.site
digifincx.com
drivegmail.top
drivegoogle.org
drivegooglshare.xyz
euprotect.net
fcloudshare.xyz
filecloud.website
financialmarketing.live
gdriverfileshare.com
gdrives.best
gdrives.top
gdriveshare.top
gdriveshareslink.xyz
gdriveupload.info
gdriveupload.site
gdrvauth.cloud
gdrvcheck.co
gdrvshare.site
gdrvup.xyz
gdrvupload.xyz
gmaildrive.info
gmaildrive.site
gmaildriver.info
gogleshare.xyz
goglesheet.com
googldocs.org
googldrive.xyz
googleapis.online
googleauth.pro
googlecloud.live
googleclouddrive.com
googlecstorage.com
googledrive.download
googledrive.email
googledrive.network
googledrive.online
googledriver.info
googledriver.net
googledriver.xyz
googledriveshare.com
googledrv.com
googleexplore.net
googlefiledrive.com
googlefileshare.com
googleshare.org
googleupload.info
krypitalvc.com
liveonedrvshare.xyz
microsoftapp.life
msupdatepms.xyz
navicheck.xyz
onedrivecloud.store
onedriveglobal.com
onedrivems.online
onedrivrshares.xyz
onedrvdn.co
onedrvfile.site
ownemail.me
privacyshield.services
provemail.net
secureshares.online
sendspace.buzz
sharedrivegght.xyz
sharegoogldrive.online
sharesdown.xyz
showprice.xyz
uploadsfiles.xyz
wechart.org
armzon.onmypc.org
blackwell.tekstar.us
btcprime.itsaol.com
chromeupdate.publicvm.com
coindeck.onmypc.org
coinnews.onmypc.org
coinomic.itsaol.com
connsec.publicvm.com
ddsvr.itsaol.com
drive.sharegoogldrive.online
drivegoogle.publicvm.com
drivegooogle.publicvm.com
esosv.itemdb.com
europegdprsec.onmypc.org
eusharesrv.onmypc.org
excinfo.itemdb.com
gdrive.onmypc.org
googledrive.dynu.net
googledrive.linkpc.net
googledrive.publicvm.com
googleupdate.publicvm.com
ledgerservice.itsaol.com
matrixpartners.theworkpc.com
mpksl.publicvm.com
mskpupdate.publicvm.com
msupdate.publicvm.com
onedriveupdate.publicvm.com
sevicebill.itemdb.com
termsofservice.onmypc.org
tokenomic.itsaol.com
twosigma.publicvm.com
vpset.onmypc.org
vpsfree.linkpc.net
windrvupdate.kozow.com

# Reference: https://twitter.com/_re_fox/status/1280138335214804995

twosigmateam.info

# Reference: https://twitter.com/_re_fox/status/1298281770597654529

drivegoogles.com

# Reference: https://twitter.com/_re_fox/status/1232320036834025472
# Reference: https://app.any.run/tasks/8d5e66c9-3942-4e00-bfdf-8f2c24054a92/

140.117.91.22:8080
blog.cloudsecure.space

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2022-12-19-v10199/212

prosec.ink
cloud.prosec.ink
cloudprotect.us.org

# Reference: https://www.proofpoint.com/us/blog/threat-insight/ta444-apt-startup-aimed-at-your-funds

autoprotect.com.de
autoprotect.gb.net
azurehosting.co
azureprotect.online
azureprotection.cloud
azuresecurity.online
azuresecurity.site
bankofamerica.offerings.cloud
careers.bankofamerica.nyc
careersbankofamerica.us
cloud.globiscapital.co
cloud.mufg.uk
cloud.tptf.ltd
cloud.wpic.ink
docs.azurehosting.co
globiscapital.co
hoststudio.org
ledgercloud.com
mufg.ink
mufg.uk
mufg.us.org
share.anobaka.info
tptf.fund
unchainedcapital.co
updatezone.org