# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/avman1995/status/1052467368851636225

msboxoffice.com/tech
msboxoffice.com/date1.dat

# Reference: https://twitter.com/Jan0fficial/status/1121738294277169152
# Reference: https://app.any.run/tasks/b50aa97f-0dc2-4515-99e4-942030cc687c
# Reference: https://www.virustotal.com/gui/domain/rl.ammyy.com/details
# Reference: https://www.virustotal.com/gui/ip-address/209.239.123.75/relations

209.239.123.75:443
rl.ammyy.com

# Reference: https://twitter.com/James_inthe_box/status/1067100582152876032
# Reference: https://app.any.run/tasks/fb0e8309-59a9-4c15-9c07-44c99967970c

office365id.com

# Reference: https://twitter.com/James_inthe_box/status/1067806790182625280

office365homedep.com

# Reference: https://twitter.com/pollo290987/status/1004729116833218560

thespecsupportservice.com

# Reference: https://twitter.com/hexlax/status/988881472403763200

169.239.129.38:443

# Reference: https://twitter.com/anyrun_app/status/1095559956429004801
# Reference: https://app.any.run/tasks/d6de545d-f1fd-4db9-a04e-1ecb2c53a357

update365office.com

# Reference: https://twitter.com/James_inthe_box/status/1134032089383297027

79.141.168.132:80

# Reference: https://twitter.com/VK_Intel/status/1135497995351449600
# Reference: https://www.virustotal.com/gui/file/c76e57800aa901071a462a0fe0bb5dddb6433cba5cf2cc26337dc10625409d51/behavior/VirusTotal%20Cuckoofork

185.117.89.130:80

# Reference: https://twitter.com/James_inthe_box/status/1138411458830655488

185.117.89.139:80

# Reference: https://twitter.com/VK_Intel/status/1141437268349083649

149.154.157.229:80

# Reference: https://twitter.com/VK_Intel/status/1142292041189273600

169.239.128.185:80

# Reference: https://twitter.com/VK_Intel/status/1144618818494447616

94.156.133.185:80

# Reference: https://twitter.com/malware_traffic/status/1019300011396517891

t69c.com

# Reference: https://tccontre.blogspot.com/2019/07/interesting-com-object-abused-by.html

54.38.127.28:80

# Generic trail

/date1.dat
/duo.dat
/uno.dat
/dat3.omg
