# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: firmachagent, SPECTR, Vermin
# CERT-UA: UAC-0020

# Reference: https://www.welivesecurity.com/wp-content/uploads/2018/07/ESET_Quasar_Sobaken_Vermin.pdf

akamaicdn.ru
akamainet021.info
akamainet022.info
akamainet023.info
akamainet024.info
akamainet066.info
akamainet067.info
cdnakamai.ru
mailukr.net
notifymail.ru
tech-adobe.dyndns.biz
windowsupdate.kiev.ua

# Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.vermin
# Reference: https://cert.gov.ua/article/37815 (Ukrainian)
# Reference: https://www.virustotal.com/gui/file/621b0d5a0c91b1d90588b78bc04fa961412601ab392b91b9d3995498a417dca4/detection

http://176.119.2.194
http://176.119.2.195
http://176.119.2.212
http://176.119.2.214
getmod.host
meteolink.host
netbin.host
stormpredictor.host
syncapp.host

# Reference: https://cert.gov.ua/article/6280422
# Reference: https://www.virustotal.com/gui/ip-address/171.22.120.50/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.225.219.185/relations
# Reference: https://www.virustotal.com/gui/ip-address/94.232.249.88/relations

http://171.22.120.50
prozorro.online
ukraero.space
