# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: laundry bear, void blizzard, pluggyape, uac-0190
# CERT-UA: uac-0190

# Reference: https://www.microsoft.com/en-us/security/blog/2025/05/27/new-russia-affiliated-actor-void-blizzard-targets-critical-sectors-for-espionage/

ebsumrnit.eu
micsrosoftonline.com
outlook-office.micsrosoftonline.com

# Reference: https://www.validin.com/blog/laundry_bear_infrastructure_analysis/

aoc-gov.us
app-v4-mybos.com
avsgroup.au
bidscale.net
defraudatubanco.com
deloittesharepoint.com
ebsum.eu
ebsumlts.eu
ebsummlt.eu
ebsummt.eu
ebsurnmit.eu
enticator-secure.com
it-sharepoint.com
m-365-app.com
maidservant.shop
mail-forgot.com
max-linear.com
microffice.org
miscrsosoft.com
myspringbank.com
ourbelovedsainscore.space
portal-microsoftonline.com
propescom.com
redronesolutions.cloud
refundes.net
remerelli.com
spidergov.org
teamsupportonline.top
weblogmail.live
x9a7lm02kqaccountprotectionaccountsecuritynoreply.com

# Reference: https://x.com/_CERT_UA/status/2010755343345659990
# Reference: https://cert.gov.ua/article/6286942

http://144.31.25.222
108.165.164.155:1883
176.9.23.216:1883
193.23.216.39:1883
193.23.216.39:8765
gertasd.top
hart-hulp-ua.com
harthulp-ua.com
saint-daniel.com
saint-daniel.org
saint-daniel.world
solidarity-help.com
solidarity-help.org
