# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

brokenbones.ru

# Reference: http://sanesecurity.blogspot.com/2015/03/pentafoodscom-invoice-2262004.html

accalamh.aspone.cz
awbrs.com.au


# Reference: https://otx.alienvault.com/pulse/56288ace4637f21ecf2b3149/
# Reference: http://blog.dynamoo.com/2015/10/malware-spam-invoice-for-payment_21.html

inferno.name
btros.co.uk
networking4africa.com
hubbardproducts.com
serverconnect.se
paramountdistributors.com
helicoptersjob.com
theciosummits.org

# Reference: https://www.proofpoint.com/us/threat-insight/post/dridex-campaigns-millions-recipients-unpatched-microsoft-zero-day

btt5sxcx90.com
rottastics36w.net

# Reference: https://resources.netskope.com/h/i/339100944-latest-microsoft-office-zero-day-served-via-godzilla-botnet

btt5sxcx90.com
hyoeyeep.ws
rottastics36w.net

# Reference: https://www.bromium.com/mapping-malware-distribution-network/ (Figure 3 – Dridex and IcedID shared distribution infrastructure)

104.131.7.40:443
95.211.148.20:1443
37.59.1.74:3389
89.22.103.32:3389

# Reference: https://twitter.com/VK_Intel/status/1114477236890083329

193.29.57.193:443
109.94.110.82:443
185.243.114.241:443
5.149.254.28:443
