# Copyright (c) 2014-2018 Miroslav Stampar (@stamparm)
# See the file 'LICENSE' for copying permission

# Reference: https://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/plugx-goes-to-the-registry-and-india.pdf?la=en

freetimes.dns05.com
lucas1.dnset.com
supercat.strangled.net
nusteachers.no-ip.org
ruchi.mysq1.net
lucas1.freetcp.com
unisers.com
freemoney.ignorelist.com
sumy2012.jkub.com
dheeraj_gaurav.mooo.com
notebookhk.net
togolaga.com


# Reference: https://www.threatcrowd.org/listMalware.php?antivirus=plugx

hpservice.homepc.it
facebook.controlliamo.com
twititier.com
peaceful.linkpc.net
mongolia.regionfocus.com
shuimengluosuo.freetcp.com
ria-ru.xicp.net
itar-tass.xicp.net

# Reference: https://citizenlab.ca/2015/06/targeted-attacks-against-tibetan-and-hong-kong-groups-exploiting-cve-2014-4114/

dnsupdate.dynamic-dns.net
good.wha.la

# Reference: https://citizenlab.ca/2015/10/targeted-attacks-ngo-burma/
# Reference: https://www.virustotal.com/#/file/365eeb1d5d8282188e5bbfadfda184e612eef61c2398b7c18cad4c31ce7225d1/detection

t1.mailsecurityservice.com
t2.mailsecurityservice.com
client.mailsecurityservice.com
