# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.welivesecurity.com/2021/06/09/gelsemium-when-threat-actors-go-gardening/
# Reference: https://github.com/eset/malware-ioc/tree/master/gelsemium
# Reference: https://otx.alienvault.com/pulse/60c1c9c738e6f7877568a75e

4vw37z.cn
acro.ns1.name
domain.dns04.com
info.96html.com
microsoftservice.dns1.us
pctftp.otzo.com
sitesafecdn.hopto.org
traveltime.hopto.org
sitesafecdn.dynamic-dns.net
travel.dns04.com

# Reference: https://securelist.com/the-sessionmanager-iis-backdoor/106868/
# Reference: https://otx.alienvault.com/pulse/62bdd015f5fa4bc82a0e920c

http://202.182.123.185
http://207.148.109.111