# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/

aftercould.com
datacentreonline.com
freedecrease.com
newfreepre.com
newlylab.com
reclubpress.com
webdignusdata.com
game.newfreepre.com
imap.newlylab.com
imap.webdignusdata.com
mail.reclubpress.com
27.102.113.57:443
27.102.113.57:80
27.102.114.55:443
27.102.114.55:80
27.102.115.51:443
27.102.115.51:80
27.102.113.240:443
27.102.113.240:80
27.102.129.120:443
27.102.129.120:80
107.148.165.158:443
107.148.165.158:80
154.223.135.214:443
154.223.135.214:80
