# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: apt34, oilrig, helixkitten

# Reference: https://twitter.com/ClearskySec/status/1026297541581664257

defender-update.com
windowspatch.com
herkhabar.com

# Reference: https://researchcenter.paloaltonetworks.com/2018/07/unit42-oilrig-targets-technology-service-provider-government-agency-quadagent/

rdppath.com
cpuproc.com
acrobatverify.com

# Reference: https://researchcenter.paloaltonetworks.com/2018/09/unit42-oilrig-uses-updated-bondupdater-target-middle-eastern-government/

withyourface.com

# Reference: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc (2018-01-02: Iranian threat group Oilrig Bahrain decoy)

window5.win

# Reference: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc (2017-12-10: Oilrig-APT34)
# Reference: https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html

applicationframehost.in
anyportals.com
dns-update.club
hpserver.online
mumbai-m.site
proxycheker.pro
ressume.site
opendns-server.com
poison-frog.club
tatavpnservices.com
fireeyeupdate.com
chrome-dns.com
microsoft-publisher.com
dnsupdateservers.net
level3-resolvers.net
mslicensecheck.com
miedafire.com
msoffice365update.com
ntpupdateserver.com
outlookteam.live

# Reference: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc (2017-11-22: Oilrig - new old sample)

winodwsupdates.me
nsn1.winodwsupdates.me

# Reference: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc (2017-11-16: Iranian Oilrig campaign with C2 coldflys[.]com)

coldflys.com

# Reference: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc (2017-11-14: ALMA Communicator by Oilrig sample)

prosalar.com

# Reference: https://otx.alienvault.com/pulse/5cb74e5ce1f7e4097ff06255
# Reference: https://misterch0c.blogspot.com/2019/04/apt34-oilrig-leak.html

myleftheart.com

# Reference: https://unit42.paloaltonetworks.com/behind-the-scenes-with-oilrig/
# Reference: https://otx.alienvault.com/pulse/5cc8494e1a6c9c572567ba7f

msoffice-cdn.com
office365-management.com
