trails/static/malware/apt_unc4221.txt

# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://cert.gov.ua/article/6281632 (# UAC-0185)
# Reference: https://www.virustotal.com/gui/file/9f29d27cdad37a6451f3ccd2f3c054afa408ef83422b4999eff5915834cd00be/detection

185.225.35.75:30555
212nj0b42w.web.telegram-account.host
658pvbhj2k7veemmv4.web.telegram-account.host
accept-action.site
account-guard.site
account-saver.com
account-viewer.com
cancel-action.site
cancel-auth.site
check-active.site
check.sign-cert.com
cloud.account-viewer.com
cloud.god-le.net
clouddrive.world
confirm-signal.site
confirm.account-viewer.com
confirmphone.site
defender-bot.site
delta.milgov.site
derzhposluhy.com
device.redirecl.com
dhl.redirecl.com
drive-share.site
drive.redirecl.com
emtserviceca.info
get.god-le.com
get.in-touc.com
get.mail-gov.com
get.sign-cert.com
god-le.com
god-le.net
google.drive-share.site
google.share-drive.site
group-invitation.site
group-teneta.online
group.kropyva.site
group.teneta.site
homeskart.shop
homeway.xyz
i-ua.account-guard.site
in-touc.com
ivanti.account-viewer.com
kropyva.group
kropyva.site
live.outloolc.com
mail-gov.com
mail-gov.net
mail.outloolc.com
mails.support
milgov.host
milgov.site
mirotrent.com
my.mail-gov.net
odwebp.com
outloolc.com
palantir.ink
passport-ukr-net.site
plntr.account-viewer.com
plntr.mirotrent.com
protect-password.site
qsrgh.site
qweasdzx.site
redirecl.com
share-drive.site
sign-cert.com
signal-confirm.site
spam.web-telegram.host
stellar.account-viewer.com
svc.odwebp.com
teiegram.host
telegram-account.host
telegram-auth.website
telegram-confirm.site
telegram.check-active.site
telegram.defender-bot.site
telegram.qweasdzx.site
telegram.token-defender.cloud
telegramm-account.site
teneta.group
teneta.site
token-defender.cloud
uspp.derzhposluhy.com
web-telegram.host
web.teiegram.host
web.telegram-account.host
web.telegramm-account.site
web.web.telegram-account.host
whatsapp-confirm.site
whatsapp.group-invitation.site
whatsapp.protect-password.site

# Reference: https://x.com/TLP_R3D/status/1892221224094445666
# Reference: https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger

add-group.site
helperanalytics.ru
join-group.online
signal-confirm.site
signal-protect.host
teneta.add-group.site
teneta.join-group.online