# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/malware_traffic/status/1574848307519754242
# Reference: https://github.com/brad-duncan/IOCs/blob/main/2022-09-27-TA569-Soc-Gholish-IOCs.txt

dotimewat.com

# Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-October/030770.html

pastukhova.com
profi-stom.com

# Reference: https://isc.sans.edu/diary/rss/29170
# Reference: https://otx.alienvault.com/pulse/6352a4f01abba547918c8a4d

skambio-porte.com

# Reference: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
# Reference: https://otx.alienvault.com/pulse/63fcc40dc61f21260d830fdb

ergpractice.com
luxurycompare.com
neashell1.com
neashell2.com
she32rn2.com
shetrn1.com
shetrn2.com
soendorg.top

# Reference: https://twitter.com/1ZRR4H/status/1637713807345582089
# Reference: https://twitter.com/1ZRR4H/status/1637713810017402880

jqueryj.com
jqueryns.com
jqscr.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-03-27-v10278/415

jsqur.com
jqueryh.org

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-03-30-v10281/420

xjquery.com

# Reference: https://www.virustotal.com/gui/ip-address/185.251.88.99/relations

devqeury.org
abc.jqueryh.org

# Reference: https://twitter.com/1ZRR4H/status/1646021980854910978

devcodejs.org

# Reference: https://twitter.com/threatcat_ch/status/1646799785423261697
# Reference: https://www.virustotal.com/gui/ip-address/47.90.178.252/relations

aeryqget.org
assistpayout.org
backendjs.org
debquery.org
deeptrickday.org
etaqeryg.org
getquery.org
greenpapers.org
jsviewdev.org
lemonicecold.org
neworderspath.org
quaryget.org
rygesqua.org
squaryge.org
tqeuryge.org
uaqryges.org
waterlinesheet.org
ygequary.org
120.75.backendjs.org
40.120.75.backendjs.org
75.backendjs.org
awmdm.greenpapers.org
client.greenpapers.org
emv1.getquery.org
h.greenpapers.org
ir.devqeury.org
l9j2sm5mxz.jqscr.com
portal.backendjs.org
topics.jqueryh.org

# Reference: https://twitter.com/MBThreatIntel/status/1580283780350504960
# Reference https://www.virustotal.com/gui/ip-address/62.233.50.75/relations

jquery0.com
jquery01.com

# Reference: https://twitter.com/threatcat_ch/status/1660535867365105666
# Reference: https://www.virustotal.com/gui/ip-address/91.203.193.124/relations

cancelledfirestarter.org
dailytickyclock.org
visionofvivaldi.org
emv1.deeptrickday.org
emv1.jqueryj.com
ep-mimecast.dailytickyclock.org
mcid-6bb27bab-3815-40c3-996b-90b2c3bca7a7.ep-mimecast.dailytickyclock.org

# Reference: https://twitter.com/threatcat_ch/status/1668596702696054785
# Reference: https://www.virustotal.com/gui/ip-address/47.91.94.97/relations

libertader.org
linedgreen.org
