# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: hemigate, trillclient, zingdoor

# Reference: https://www.trendmicro.com/en_us/research/23/h/earth-estries-targets-government-tech-for-cyberespionage.html
# Reference: https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/h/earth-estries-targets-government-tech-for-cyberespionage/IOCs-earth-estries-targets-government-tech-for-cyberespionage.txt

http://96.44.160.181
103.159.133.205:443
anynucleus.com
dns2021.net
jptomorrow.com
jttoday.net
keyplancorp.com
linkaircdn.com
lyncidc.com
microware-help.com
mncdntech.com
oxcdntech.com
publicdnsau.com
rthtrade.com
rtsafetech.com
rtsoftcorp.com
rtwebmaster.com
substantialeconomy.com
trhammer.com
vultr-dns.com
z7-tech.com
access.trhammer.com
cdn-6dd0035.oxcdntech.com
cdn-7a3d.vultr-dns.com
cdn728a66b0.smartlinkcorp.net
cloudlibraries.global.ssl.fastly.net
east.smartpisang.com
ms101.cloudshappen.com
nx2.microware-help.com
shinas.global.ssl.fastly.net
web9a78bc52.trhammer.com
zmailssl3.global.ssl.fastly.net
