# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

brokenbones.ru

# Reference: http://sanesecurity.blogspot.com/2015/03/pentafoodscom-invoice-2262004.html

accalamh.aspone.cz
awbrs.com.au

# Reference: https://otx.alienvault.com/pulse/56288ace4637f21ecf2b3149/
# Reference: http://blog.dynamoo.com/2015/10/malware-spam-invoice-for-payment_21.html

btros.co.uk
networking4africa.com
hubbardproducts.com
serverconnect.se
paramountdistributors.com
helicoptersjob.com
theciosummits.org

# Reference: https://www.proofpoint.com/us/threat-insight/post/dridex-campaigns-millions-recipients-unpatched-microsoft-zero-day

btt5sxcx90.com
rottastics36w.net

# Reference: https://resources.netskope.com/h/i/339100944-latest-microsoft-office-zero-day-served-via-godzilla-botnet

btt5sxcx90.com
hyoeyeep.ws
rottastics36w.net

# Reference: https://www.bromium.com/mapping-malware-distribution-network/ (Figure 3 – Dridex and IcedID shared distribution infrastructure)

104.131.7.40:443
95.211.148.20:1443
37.59.1.74:3389
89.22.103.32:3389

# Reference: https://twitter.com/VK_Intel/status/1114477236890083329

193.29.57.193:443
109.94.110.82:443
185.243.114.241:443
5.149.254.28:443

# Reference: https://twitter.com/Zerophage1337/status/1135584186553819136

http://212.68.198.234
212.129.37.217:3389
174.136.5.242:1801

# Reference: https://twitter.com/VK_Intel/status/1141575181640654850

69.164.194.184:443
167.99.108.97:170
85.234.143.94:170
46.105.131.65:691

# Reference: https://blog.talosintelligence.com/2019/06/threat-roundup-0614-0621.html (# Win.Malware.Dridex-6995476-1)

05p60clujw.com
0hox6fnkju.com
0kgr0svsdw.com
11exvnzpds.com
1di9yqmr4e.com
1ohvaomcea.com
3rw4hwziej.com
49jucwch3k.com
ahy9qgaqjw.com
ahzu9hhyqj.com
dpnrq4kpe7.com
egntxfch2f.com
ejglgrlsfv.com
ijzuyfo6m9.com
ikzjlvrxat.com
nnd9bsodkx.com
p8o6adliq7.com
tkhrjexxyn.com
tqzvsormbw.com
u6vpjfufqz.com
uxnyhqblpm.com
v2xeifg35d.com
wzykyninkd.com
x6n5szq1jb.com

# Reference: https://twitter.com/JRoosen/status/1144313588686958597

138.197.76.168:443

# Reference: https://www.vkremez.com/2018/09/lets-learn-dissecting-dridex-banking.html

104.236.24.85:443
107.170.220.167:4431
188.240.231.15:3889
securityupdateserver4.com

# Reference: https://twitter.com/Bank_Security/status/1148471450422140929
# Reference: https://pastebin.com/0XNMhLP2

144.76.111.43:443
46.105.131.77:443
71.217.15.111:443
97.76.245.131:443
24.40.243.66:443
159.69.89.90:3389
159.89.179.87:3389
62.210.26.206:3389
akamai-static5.online
bustheza.com
cachejs.com
topdalescotty.top

# Reference: https://twitter.com/James_inthe_box/status/1149715067308429312
# Reference: https://twitter.com/malware_traffic/status/1149698996660854784

216.98.148.151:443
188.166.156.241:443
94.23.53.34:443
5.39.91.110:691
5.133.242.156:170
89.22.103.139:8000
ponestona.com

# Reference: https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html (# Win.Packed.Xcnfe-7012508-0)

5twtwy19pp.com
b7qxyidhg5.com
c62yc6xsm1.com
coxymk80cd.com
ct1wlbyjzx.com
exgk5nzv7m.com
fvtbhlnxj0.com
fwn4l9u2gb.com
fynzp0oht8.com
glixbn9lnj.com
gzw0bfzxhb.com
hludxizrvf.com
huga7gshpk.com
in4lprxgui.com
lqdu4kraxu.com
lrv8bvrmhq.com
porsukgrlq.com
rjhw2tvcvh.com
rm1cbe2kvb.com
seqamoa4jp.com
t0uetiplqk.com
tcp1twzitf.com
uttn4zziks.com
xpqvri1vhh.com

# Reference: https://twitter.com/oguzpamuk/status/1161379594320175105

195.181.210.12:8000

# Reference: https://twitter.com/VK_Intel/status/1161524612938772480

207.180.208.175:884
178.254.6.27:884
212.71.237.140:884

# Reference: https://twitter.com/killamjr/status/1164563798939832321

5.230.24.45:8800

# Reference: https://twitter.com/killamjr/status/1168900295725858822

158.69.130.55:8080
neinorog.com
rocknrolletco.top

# Reference: https://twitter.com/ps66uk/status/1179491078279487491
# Reference: https://app.any.run/tasks/ab422490-f2b7-4a83-af46-3394123544af/

185.14.148.44:3389
185.52.3.84:3389
192.254.173.31:1443

# Reference: https://blog.malwarebytes.com/threat-analysis/2019/10/the-forgotten-domain:-exploring-a-link-between-magecart-group-5-and-the-carbanak-apt/ (# Domains used in Dridex phishing campaign)

corporatefaxsolutions.com
onenewpost.com
xeronet.org

# Reference: https://twitter.com/James_inthe_box/status/1189502725433614336
# Reference: https://twitter.com/luc4m/status/1189512038495801344

37.59.60.80:3389
37.59.60.80:443
37.59.60.80:691

# Reference: https://www.virusbulletin.com/blog/2019/11/german-malspam-campaign-unfashionably-large/
# Reference: https://otx.alienvault.com/pulse/5dc4b1c2b67f519f6f423543
# Reference: https://twitter.com/VK_Intel/status/1191758492610256897
# Reference: https://twitter.com/sugimu_sec/status/1189808608013217793
# Reference: https://twitter.com/reecdeep/status/1191655276711157760
# Reference: https://twitter.com/James_inthe_box/status/1191820026359107584

134.213.221.29:8443
178.63.67.20:691
185.52.3.84:3389
194.99.22.193:443
216.177.137.35:3389
37.59.60.80:443
75.127.14.171:3389
demisorg.com
masteronare.com
matidron.com
nedronog.com

# Reference: https://twitter.com/CapeSandbox/status/1193812783038697472

62.210.113.33:691
75.127.14.171:3389

# Reference: https://twitter.com/sugimu_sec/status/1193879148382453760

167.114.122.37:691
176.126.243.82:443
maxinato.com

# Reference: https://twitter.com/James_inthe_box/status/1194293498788188161

66.34.201.20:8443

# Reference: https://twitter.com/JasonMilletary/status/1195073505613819920

50.116.86.205:8443
91.205.215.68:3389
107.170.24.125:8443
jaisstab.com

# Reference: https://twitter.com/sugimu_sec/status/1196798216009740288

23.226.225.152:443
178.128.20.11:389
198.23.146.216:8443
porangna.com

# Reference: https://twitter.com/malware_traffic/status/1197562166309724166

104.31.89.212:80
104.31.89.212:443
185.99.133.38:443
5.61.34.51:443
testedsolutionbe.com

# Reference: https://twitter.com/malware_traffic/status/1199082282033778693

cthurmany.com
sniodoliss.com

# Reference: https://twitter.com/JasonMilletary/status/1199102688618860544

178.209.40.108:443
185.189.151.199:443
185.217.0.245:443
185.92.74.135:443
195.123.246.113:443
45.141.86.51:443
5.196.189.107:443
5.61.34.51:443
89.100.104.62:3443

# Reference: https://twitter.com/reecdeep/status/1199325541968568327
# Reference: https://twitter.com/sugimu_sec/status/1199325111519547392

164.132.75.109:443
81.2.235.155:8443
89.22.113.245:691
perisdog.com

# Reference: https://www.virustotal.com/gui/ip-address/124.156.35.183/relations

biderson.com
derigono.com
emareston.com
raxertos.com

# Reference: https://twitter.com/Dashowl/status/1199349810001637376

212.53.140.12:3389

# Reference: https://twitter.com/killamjr/status/1200432838073618438
# Reference: https://app.any.run/tasks/17b6731c-8416-48f7-82ff-86e171669ad0/

159.89.233.150:443
koshtir.ga

# Reference: https://twitter.com/wwp96/status/1201507271936745472

167.99.154.240:443
87.118.70.66:8443

# Reference: https://twitter.com/VK_Intel/status/1204666318915620866

128.199.136.72:691
162.213.37.188:443
178.128.20.11:3389

# Reference: https://twitter.com/VK_Intel/status/1207019775223902209

45.55.199.14:8443

# Reference: https://www.virustotal.com/gui/file/1227eef4bc59240f97b6ab934f7cbba7fed152ce1326c03df20c8d266ea8b33f/detection

171.243.74.70:3389
tonghopcameraip3.hopto.org

# Reference: https://www.virustotal.com/gui/file/dfdc532c95ab0fc7e9448a620e802c458e220de8a070995d3adf9c3887fa86c5/detection

91.233.116.105:3389

# Reference: https://twitter.com/malware_traffic/status/1217179312027262976
# Reference: https://www.virustotal.com/gui/domain/egbp.hu/relations

egbp.hu

# Reference: https://twitter.com/malware_traffic/status/1215790282253447168
# Reference: https://app.any.run/tasks/15cfd7e0-c9f7-40d3-8a29-60c86236d007/

128.199.143.245:443
185.10.202.137:1443
192.241.143.52:691
88.217.172.79:3386

# Reference: https://twitter.com/VK_Intel/status/1217486523379126273

104.131.41.185:443
138.201.138.91:3389
178.62.75.204:1443
62.75.191.14:3389

# Reference: https://twitter.com/VK_Intel/status/1219761504851058689

51.38.95.181:443
88.217.172.165:691
44.94.64.8:1443

# Reference: https://twitter.com/killamjr/status/1220005964121665538

bestyelectric.com
colourcrhire.com
kayeboutique.net

# Reference: https://app.any.run/tasks/163c36a1-9923-44e1-8a83-a0d8a01bf3dc/

207.174.214.206:443

# Reference: https://twitter.com/Racco42/status/1221920292571738113
# Reference: https://app.any.run/tasks/ff6d5311-5f3e-409a-a86f-c7efdb2b3f02/

frenchbaroslo.com

# Reference: https://twitter.com/abuse_ch/status/1222153925178032128

173.249.16.143:1443
46.105.131.71:443
delivercedor.website
deliverychuckh.website

# Reference: https://twitter.com/baberpervez2/status/1222251028428607489

predictionsbet.xyz

# Reference: https://twitter.com/baberpervez2/status/1222982803572371470

piltov.xyz

# Reference: https://twitter.com/JasonMilletary/status/1224439366992351233

88.217.172.65:443
92.38.128.47:3389
82.165.38.218:691
157.7.199.53:8443

# Reference: https://twitter.com/VK_Intel/status/1225289450906882048

176.10.250.88:443
188.165.247.187:691
209.40.205.12:4433
79.143.178.194:3309

# Reference: https://twitter.com/VK_Intel/status/1227296485517275140

188.138.88.173:691
212.227.92.116:3886
69.84.35.189:443
82.118.225.196:4433
youcantblockit.xyz

# Reference: https://twitter.com/MSteve25/status/1227274820968165382

http://5.230.28.159

# Reference: https://twitter.com/James_inthe_box/status/1228358900761513984

fashionkillah.xyz

# Reference: https://twitter.com/MSteve25/status/1229768247383412739

109.74.5.95:443
195.14.0.12:3886
79.98.24.39:3886
88.217.172.164:691
deeppool.xyz

# Reference: https://twitter.com/VK_Intel/status/1230975758807465985

107.161.30.122:8443
188.166.25.84:3886
87.106.7.163:3886
91.211.88.122:443
shameonyou.xyz

# Reference: https://twitter.com/James_inthe_box/status/1231960080259567616

222.103.135.97:3386
5.196.95.7:443
51.38.95.182:443
82.165.38.218:691
wongwong.xyz

# Reference: https://twitter.com/MSteve25/status/1234524451657699330

178.62.80.54:1801
209.236.74.16:443
217.160.4.118:4443
91.228.197.79:11443
macyranch.com

# Reference: https://twitter.com/wwp96/status/1235231555058110466

lupingol.com

# Reference: https://twitter.com/MSteve25/status/1237045051492007939

176.126.244.24:4443
89.107.129.122:4143
91.211.88.122:443
91.103.2.132:4543

# Reference: https://twitter.com/JayTHL/status/1237384903181897729
# Reference: https://twitter.com/JayTHL/status/1237398536687362048

/esdfrtDERGTYuicvbnTYUv/

# Reference: https://twitter.com/wwp96/status/1237796218773831680

/kb0vlwsyry2kfgagolj/

# Reference: https://twitter.com/JayTHL/status/1238182874223910915

/pj8evnyw1a6e6y630z8v/

# Reference: https://www.virustotal.com/gui/domain/pulid.net/relations

/f7gjpo8znr7f8z01233d/

# Reference: https://twitter.com/sugimu_sec/status/1238103972998598656

turendot.com

# Reference: https://twitter.com/reecdeep/status/1239843956424409089

/c7w42cgsw16nnmb27ou5/

# Reference: https://twitter.com/MSteve25/status/1239935490779987971

199.101.86.6:443
5.45.179.186:443
107.152.33.215:3308
188.165.247.187:691

# Reference: https://twitter.com/baberpervez2/status/1240363018950782976

artofwork.live
vercom.club

# Reference: https://twitter.com/reecdeep/status/1240547456846356480

chapeauartgallery.com/SUPPORTS/locals.php

# Reference: https://twitter.com/macteca/status/1240301433280434176

185.234.52.170:443

# Reference: https://twitter.com/baberpervez2/status/1240801518959370240

urefere.org

# Reference: https://twitter.com/James_inthe_box/status/1242180312362176512

grars.com

# Reference: https://twitter.com/VK_Intel/status/1242209158386106378

185.234.52.166:443
185.25.149.178:3389
46.101.214.173:3886

# Reference: https://isc.sans.edu/diary/25944

bienvenidosnewyork.com
photoflip.co.in/lndex.php
everestedu.org/lndex.php

# Reference: https://twitter.com/James_inthe_box/status/1243185539353722880
# Reference: https://app.any.run/tasks/822e9725-10c2-4cfc-b625-a5ec119e0a0a/

185.234.52.181:443

# Reference: https://twitter.com/JasonMilletary/status/1243263401851305986

107.161.30.122:8443
219.94.242.134:1443

# Reference: https://twitter.com/James_inthe_box/status/1243196851722936320

owenti.com

# Reference: https://twitter.com/JayTHL/status/1244681886980624385

arcoqa.com

# Reference: https://twitter.com/MSteve25/status/1245023783393656832

fikima.com
185.47.129.30:443
158.69.234.15:691
87.106.7.163:3886
107.170.158.58:1443

# Reference: https://twitter.com/James_inthe_box/status/1245034518924259328

lonoth.com

# Reference: https://twitter.com/baberpervez2/status/1245538221133647872

artdeico.club

# Reference: https://twitter.com/abuse_ch/status/1245742468882149377

lerlia.com
lialer.com
rilaer.com

# Reference: https://twitter.com/pancak3lullz/status/1248303208142983170

retustan.com

# Reference: https://twitter.com/sugimu_sec/status/1255493017571647493
# Reference: https://twitter.com/reecdeep/status/1255492779528130561

rumetonare.com
104.156.59.7:3074
104.248.70.251:443
144.217.31.174:3389
93.191.243.2:691

# Reference: https://twitter.com/FaLconIntel/status/1247689506410475520
# Reference: https://pastebin.com/d5sUBJ9e

37.59.101.71:443
64.23.78.44:3389

# Reference: https://twitter.com/abuse_ch/status/1252236932760780800
# Reference: https://app.any.run/tasks/742cef03-a629-4177-be87-a11d877d9dbb/

31.184.253.197:443
partusog.com

# Reference: https://twitter.com/JasonMilletary/status/1252237364199489539

104.131.147.197:443
128.199.48.71:3389
121.134.199.156:443
185.170.114.114:1443

# Reference: https://twitter.com/abuse_ch/status/1252940499574493184

idemoten.com

# Reference: https://twitter.com/FaLconIntel/status/1252960046729707520
# Reference: https://twitter.com/reecdeep/status/1252973402144608258
# Reference: https://pastebin.com/JBdVrx5s

104.255.102.110:443
108.170.32.62:3389
156.67.218.141:8443
82.98.141.106:1443

# Reference: https://twitter.com/sugimu_sec/status/1254755323887316994

geronaga.com

# Reference: https://twitter.com/sugimu_sec/status/1254761426217914369

173.212.212.173:3074
79.137.83.50:443
80.86.81.31:3389
85.25.18.155:691

# Reference: https://twitter.com/Artilllerie/status/1255437711051194369
# Reference: https://pastebin.com/raw/u9MfxZCA

47.146.33.211:443
64.118.8.15:443
66.0.134.226:443
67.10.34.151:443
67.241.241.157:443
71.114.81.105:443
73.57.179.125:443
74.94.99.109:443
85.13.247.220:443
88.129.221.43:443
91.211.249.204:443
95.211.141.208:443
96.31.200.51:443
109.169.24.37:453
160.20.147.138:443
172.89.217.2:443
172.93.165.16:443
173.179.200.126:443
175.35.73.111:443
208.99.236.230:443
209.74.126.2:443

# Reference: https://blog.talosintelligence.com/2020/05/threat-roundup-0424-0501.html (# Win.Packed.Dridex-7683649-0)

5jrbsxlfeq.com
7ty5rlprko.com
949ndbggae.com
af7p7ov2or.com
bhagla4me3.com
dy30znpepv.com
ec9pbhuc3m.com
ekq9jeogd8.com
ezdd7ayykk.com
fr9hx7tsa9.com
ixknc7rhzu.com
jgnrmi7rhg.com
lg0xzs5na1.com
lybqeljypd.com
muyjze3f71.com
niijaaxqsv.com
oearzzlgot.com
qkvnruupx3.com
ryebaopbzg.com
t5th23jprc.com
tofam00uu4.com
vyi2mjy7wd.com
wm0vpjbt8q.com
xdp1plibv9.com

# Reference: https://twitter.com/reecdeep/status/1257311243796271104

merotanos.com

# Reference: https://twitter.com/sugimu_sec/status/1258023661635657732

gorgetto.com
xorxetto.com

# Reference: https://twitter.com/sugimu_sec/status/1258023112102129664

145.239.169.21:8443
163.172.7.152:443
38.88.126.131:443
45.79.135.98:691

# Reference: https://twitter.com/nhs281/status/1258082928396918788
# Reference: https://app.any.run/tasks/28aaa68e-0bc5-4cb7-b73d-a6213f971c3f/

145.239.169.32:8443

# Reference: https://twitter.com/58_158_177_102/status/1259822673372131328
# Reference: https://app.any.run/tasks/e6d6d7be-54c5-465d-adcb-1475cc023a9d/
# Reference: https://www.virustotal.com/gui/ip-address/84.38.182.248/relations

84.38.182.248:443
nrokadorc.com
rokadorc.com

# Reference: https://twitter.com/malware_traffic/status/1259971036789047304

178.128.83.136:443
208.99.236.230:443

# Reference: https://twitter.com/500mk500/status/1260561206873636866
# Reference: https://app.any.run/tasks/5562ead5-f732-425f-9f77-cc915e29a317/
# Reference: https://www.virustotal.com/gui/ip-address/84.38.182.31/relations

84.38.182.31:443
vitabenanr.com
vitabenar.com

# Reference: https://twitter.com/reecdeep/status/1260573174342787073
# Reference: https://app.any.run/tasks/e95840b0-ed43-4b1c-b062-8aaf2e96f1f7/

120.138.30.150:3389
149.248.8.112:3308
159.203.111.131:443
2.58.16.86:8443

# Reference: https://bazaar.abuse.ch/sample/f9ef72792e69f0d22cfa185495a359560fd5c5d5ccf9ec60eb97e316f43d987a/

chiuwes.com

# Reference: https://twitter.com/sugimu_sec/status/1262367688363405315

120.138.30.150:3389
173.212.197.71:443
185.4.132.226:4664
185.4.132.226:4664
penfonrte.com
penforte.com

# Reference: https://twitter.com/sugimu_sec/status/1263094942605312001

104.168.172.176:4443
107.170.146.252:4664
142.93.181.37:981
144.217.77.38:443
patostpc.com
pmsatostpc.com

# Reference: https://twitter.com/James_inthe_box/status/1268215463701393408
# Reference: https://app.any.run/tasks/c5c833b4-7a4f-4e0a-8c88-38192f4e31df/

185.86.148.68:443
5.101.50.87:443
penesonga.com
truepenesonga.com

# Reference: https://twitter.com/James_inthe_box/status/1268216998149775361

104.131.144.215:4664
37.157.196.117:3074

# Reference: https://twitter.com/VK_Intel/status/1268803811247874054

98.103.204.12:443
178.33.112.255:981
198.46.150.202:4646
188.165.17.91:8443

# Reference: https://blog.talosintelligence.com/2020/06/threat-roundup-0529-0605.html (# Win.Packed.Dridex-7914375-0)

0arvkcizhw.com
0vl0yw9q6t.com
2qwndfmzqo.com
6ibvmt1xkl.com
cbobvzqelf.com
cinj4ytc6j.com
cv9a9ljdwv.com
dddu3yqvme.com
ehtiatdjsv.com
jh2hxge6zy.com
k6ae4xlzib.com
lckz9upvmu.com
lkzcbgbctx.com
llikaolgdj.com
opxgrcvh9o.com
puipgy6zfi.com
r5d42mselb.com
rbmh1eqrb4.com
rkakmp5gxz.com
sbduzmckjw.com
wha0vpzn3c.com
yhbkncfupy.com
ztxacd7o1j.com
zvslmngih2.com

# Reference: https://twitter.com/sugimu_sec/status/1269997899678547969
# Reference: https://twitter.com/reecdeep/status/1269997942108233729
# Reference: https://app.any.run/tasks/d897128b-6392-4140-87e0-d221dc148d58/

159.203.232.29:443
162.244.76.21:4664
173.249.54.106:3074
202.65.115.237:691
mukaramba.com
truemukaramba.com

# Reference: https://twitter.com/reecdeep/status/1270704140520431617

0True1True.com
True1True.com
107.174.65.233:4664
185.59.223.160:443
185.77.48.19:3389
188.40.34.210:4643

# Reference: https://github.com/StrangerealIntel/DailyIOC/blob/master/2020-02-14/Dridex.csv

198.167.140.176:443
216.177.137.25:443
bloodborne.xyz
fatslimboy.xyz
randomone.xyz
toughdomain.xyz

# Reference: https://twitter.com/58_158_177_102/status/1272508371124367360
# Reference: https://twitter.com/reecdeep/status/1272512507383595009

159.65.140.182:443
164.132.142.20:3074
178.62.23.64:4664
195.159.28.229:981
2020mismathouts.com
mismathouts.com

# Refecefrence: https://twitter.com/reecdeep/status/1272863379087142913

159.65.140.182:443
164.132.142.20:3074
178.62.23.64:4664
195.159.28.229:981

# Reference: https://twitter.com/MBThreatIntel/status/1272992799667793920

batriaruum.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1273231669332447232
# Reference: https://app.any.run/tasks/ff32f6b0-5f67-4a2f-b73e-eccdd51b9021/

usdousigninc.com

# Reference: https://twitter.com/sugimu_sec/status/1273246920937312256

juneusdousigninc.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1275051089344245760
# Reference: https://twitter.com/reecdeep/status/1275063391950757890
# Reference: https://app.any.run/tasks/74e36e1c-5801-4b3d-8219-114e739dc476/

185.81.158.15:4664
185.93.1.102:443
186.67.4.139:3389
37.59.147.36:34443
enterrasimonad.com
terrasimonad.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1275413305767727106
# Reference: https://app.any.run/tasks/fef56e12-f072-45ef-8606-3521feeaee4d/
# Reference: https://app.any.run/tasks/0568f77e-b2a5-4f0e-bc10-0641e0987906/

caranatrium.com
marutoba.com

# Reference: https://bazaar.abuse.ch/sample/d6ddd24040b1f1ae7f42c84ee15f52efa36054e7ed4bb47d177d6b5108c9e5f6/
# Reference: https://www.virustotal.com/gui/domain/mekund.com/relations

mekund.com

# Reference: https://twitter.com/58_158_177_102/status/1277579915890577411
# Reference: https://twitter.com/JAMESWT_MHT/status/1277582404287369216
# Reference: https://twitter.com/reecdeep/status/1277585641015070720
# Reference: https://tria.ge/reports/200629-6m6zq5j4sx/behavioral1
# Reference: https://app.any.run/tasks/f707d393-e716-40a2-acf4-b9400dfed30e/

165.227.155.13:3308
173.212.247.16:3074
192.210.135.126:443
217.160.169.110:3889
bentorium.com
jspspesstor.com
ejspspesstor.com

# Reference: https://twitter.com/reecdeep/status/1280147363504492550

173.255.246.77:691
199.27.180.164:4664
162.243.150.25:3889
195.154.243.78:443
manuskoti.com
menodlap.com

# Reference: https://twitter.com/theDark3d/status/1280171460183670786

asdjgkfwsas.com

# Reference: https://bazaar.abuse.ch/sample/f8c974a6572fd522a64d22da3bf36db7e912ccb700bd41623ed286f1e8b0e939/

guruofbullet.xyz
rocesi.com

# Reference: https://twitter.com/sugimu_sec/status/1280865337806745600

madustag.com
turendong.com

# Reference: https://twitter.com/sugimu_sec/status/1280876307790749696

149.202.138.46:3389
192.175.111.214:3074
94.126.8.1:4664
94.23.216.33:443

# Reference: https://blog.talosintelligence.com/2020/07/threat-roundup-0703-0710.html (# Win.Packed.Dridex-8486639-0)
# Reference: https://blog.talosintelligence.com/2020/07/threat-roundup-0710-0717.html (# Win.Packed.Dridex-8827837-1)

0c6gsqsqja.com
4vyhny93ku.com
7ayyovgtmw.com
7trmhvo0lc.com
agoeoitflm.com
b5m6f5a21q.com
bhvcnilnxq.com
bqjubcofqz.com
c6zyoxlpfh.com
ca7ax5kdsp.com
cvglpli1qz.com
di7cln2izr.com
dsbmq2nt82.com
dv3cqa0qfb.com
ebiufgdzos.com
gofuuc5wmb.com
hxpc8qy8q1.com
ihzfwitsog.com
iyxil53gcw.com
k5f7q3mh7t.com
kwn21leqpf.com
kyt7yhrfyc.com
mnofmz3cat.com
mrwqnhk8zc.com
mvv8gvuiy1.com
ottjfpzbbu.com
ouzhwi8crh.com
owvvajedxy.com
q3ulbe6oda.com
rcjldxckwn.com
rwetvae1y9.com
smgwtryg5o.com
uc3nhnajyx.com
ueinwzcoah.com
uoetm1pdeg.com
upsx9hbryb.com
v0hjik6pcs.com
vdpfmxmrwl.com
wm3qfbhlv0.com
xxa0ygavhz.com
ynqawy0n05.com
yz0oyqdi0g.com
z9htvoigia.com
z9sgtyzd4n.com
zjzsuycij9.com

# Reference: https://app.any.run/tasks/20862f7e-b56b-427d-b525-8b27a23815b1/

213.136.94.177:443
91.83.93.219:3389

# Reference: https://twitter.com/MBThreatIntel/status/1282832137989718016

peronotis.com
ubadrium.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1283051094785089538

greyzone.xyz

# Reference: https://twitter.com/theDark3d/status/1283433733266313217

cooperjcw.xyz

# Reference: https://twitter.com/reecdeep/status/1283756310534791168

151.80.255.85:443
2.58.16.88:8443
85.25.144.36:4643

# Reference: https://twitter.com/MSteve25/status/1239935490779987971
# Reference: https://twitter.com/ninoseki/status/1285560605986848771
# Reference: https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-008.pdf

fdistus.com
inesmoreira.pt
klerber.com
saitepy.com
tamboe.net
typrer.com
unfocusedprints.co.kr
uprevoy.com

# Reference: https://thedfirreport.com/2020/08/03/dridex-from-word-to-domain-dominance/

185.45.193.25:10962

# Reference: https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html (# Win.Packed.Dridex-9379120-1)

18ny7rrtyt.com
1wu55b5pua.com
6bwxeoacgn.com
6why1sz2se.com
7wjak5mb8f.com
9lhaps1wu2.com
btchfh3tfr.com
dvulwwbkii.com
e3jwezioip.com
e9wgrblquh.com
fqa2nwjdws.com
gdbm7bvxya.com
hayhmse6t6.com
hcg3bau1sv.com
i5fnvdeomp.com
molnu9ypiw.com
mumn8fnnqq.com
mwgbwhofk2.com
nhrry1xnyb.com
oyutdttpeb.com
yirebpgi48.com
