# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Remcos-G/detailed-analysis.aspx

remcos.legacyrealestateadvisors.net
remcos2.legacyrealestateadvisors.net

# Reference: https://blog.talosintelligence.com/2018/08/picking-apart-remcos.html

dboynyz.pdns.cz
streetz.club
mdformo.ddns.net
mdformo1.ddns.net
vitlop.ddns.net
ns1.madeinserverwick.club
uploadtops.is
prince.jumpingcrab.com
timmason2.com
lenovoscanner.duckdns.org
lenovoscannertwo.duckdns.org
lenovoscannerone.duckdns.org
google.airdns.org
civita2.no-ip.biz
www.pimmas.com.tr
www.mervinsaat.com.tr
samurmakina.com.tr
www.paulocamarao.com
midatacreditoexperian.com.co
www.lebontour.com
businesslisting.igg.biz
unifscon.com

# Reference: https://twitter.com/MaelSecurity/status/1036551872008605696

test200.dynu.net

# Reference: https://twitter.com/ps66uk/status/1040576968750706689
# Reference: https://www.virustotal.com/#/ip-address/185.163.100.45

gclarke77.gotdns.ch
gclarke7.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1040620171692466176

yvonne.ddns.net

# Reference: https://twitter.com/avman1995/status/1040472512356855808

top.taijh.xyz

# Reference: https://twitter.com/Racco42/status/1040154199592509440

auxlorenagomez.ddns.net

# Reference: https://twitter.com/luc4m/status/1021670673247285248

worldwide.weldwire.top

# Reference: https://twitter.com/luc4m/status/1019948492947709953

gatewayglobal.strangled.net

# Reference: https://twitter.com/James_inthe_box/status/1018792273574678528

http://185.62.190.232

# Reference: https://twitter.com/ps66uk/status/1046900765493739520

menaxe.duckdns.org

# Reference: https://www.cyren.com/blog/articles/fake-invoice-carries-rescoms-malware-targeting-businesses-globally

infocolornido.publicvm.com

# Reference: https://twitter.com/ScumBots/status/1051360120834265088

satan969.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1044204804354957312

ddns.njegidi888.xyz

# Reference: https://twitter.com/Racco42/status/1027883312252108800

2419.damnserver.com
2419.duckdns.org
2419.geekgalaxy.com
2419.health-carereform.com
2419.pgafan.net

# Reference: https://twitter.com/Jan0fficial/status/986580332135829506

remrem.onmypc.net

# Reference: https://twitter.com/Jan0fficial/status/975661898363559937

emilylatta411.servehttp.com

# Reference: https://twitter.com/James_inthe_box/status/939146342357536768/photo/1

gemalto788.ddns.net

# Reference: https://twitter.com/Racco42/status/1054384363524235264

eskimoz.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1102437794025295872

112.204.228.252:2323

# Reference: https://www.cert-pa.it/notizie/analisi-del-malware-remcos-veicolato-tramite-packer-delphi/

pekniecza.hopto.org

# Reference: https://twitter.com/dvk01uk/status/1108949343074054144
# Reference: https://app.any.run/tasks/5e5404b2-4018-4da4-a6a3-19465fa7cc9c

185.244.29.73:6767

# Reference: https://twitter.com/malwrhunterteam/status/1111352801693782016

castelfable.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1104327117309968384

infosblogwar.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1098553609375993856

194.68.59.41:1956

# Reference: https://twitter.com/pollo290987/status/1083401581670875136

194.5.98.173:7081

# Reference: https://twitter.com/ps66uk/status/1062514051165704192

argonsa.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1060547624418168839

cjmoney.duckdns.org

# Reference: https://twitter.com/ps66uk/status/1049011930411794432

185.148.241.58:2442

# Reference: https://twitter.com/FewAtoms/status/1104355364391305216

196.127.74.118:2402

# Reference: https://twitter.com/Racco42/status/1088469487387664384

utchmann.bounceme.net

# Reference: https://twitter.com/pancak3lullz/status/1075888625261387777

info1.duckdns.org
185.244.30.126:5552

# Reference: https://twitter.com/James_inthe_box/status/1063118942095331328

449ers.ddns.net

# Reference: https://twitter.com/Jan0fficial/status/986580332135829506

remrem.onmypc.net

# Reference: https://twitter.com/Jan0fficial/status/975661898363559937

emilylatta411.servehttp.com

# Reference: https://twitter.com/ViriBack/status/971430374919122944

top.carolp1.xyz
185.62.189.72:1992

# Reference: https://twitter.com/pollo290987/status/963073970542129152

jerryemperror2.punkdns.top

# Reference: https://twitter.com/avman1995/status/960419643704913920

obereagu.ddns.net

# Reference: https://twitter.com/Antelox/status/884773449520095232

178.73.210.233:100

# Reference: https://twitter.com/makflwana/status/1104376804293263360
# Reference: https://app.any.run/tasks/8149d283-b550-4b31-9adf-4b4c85962e7d

juanbouyant.ddns.net

# Reference: https://twitter.com/x42x5a/status/1114133426708340736

prueba00223.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1115258819473317888

triggerd.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1121754056517537792

winsec.ddns.net
46.246.86.67:2606
