# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

brokenbones.ru

# Reference: http://sanesecurity.blogspot.com/2015/03/pentafoodscom-invoice-2262004.html

accalamh.aspone.cz
awbrs.com.au

# Reference: https://otx.alienvault.com/pulse/56288ace4637f21ecf2b3149/
# Reference: http://blog.dynamoo.com/2015/10/malware-spam-invoice-for-payment_21.html

inferno.name
btros.co.uk
networking4africa.com
hubbardproducts.com
serverconnect.se
paramountdistributors.com
helicoptersjob.com
theciosummits.org

# Reference: https://www.proofpoint.com/us/threat-insight/post/dridex-campaigns-millions-recipients-unpatched-microsoft-zero-day

btt5sxcx90.com
rottastics36w.net

# Reference: https://resources.netskope.com/h/i/339100944-latest-microsoft-office-zero-day-served-via-godzilla-botnet

btt5sxcx90.com
hyoeyeep.ws
rottastics36w.net

# Reference: https://www.bromium.com/mapping-malware-distribution-network/ (Figure 3 – Dridex and IcedID shared distribution infrastructure)

104.131.7.40:443
95.211.148.20:1443
37.59.1.74:3389
89.22.103.32:3389

# Reference: https://twitter.com/VK_Intel/status/1114477236890083329

193.29.57.193:443
109.94.110.82:443
185.243.114.241:443
5.149.254.28:443

# Reference: https://twitter.com/Zerophage1337/status/1135584186553819136

http://212.68.198.234
212.129.37.217:3389
174.136.5.242:1801

# Reference: https://twitter.com/VK_Intel/status/1141575181640654850

69.164.194.184:443
167.99.108.97:170
85.234.143.94:170
46.105.131.65:691

# Reference: https://blog.talosintelligence.com/2019/06/threat-roundup-0614-0621.html (# Win.Malware.Dridex-6995476-1)

05p60clujw.com
0hox6fnkju.com
0kgr0svsdw.com
11exvnzpds.com
1di9yqmr4e.com
1ohvaomcea.com
3rw4hwziej.com
49jucwch3k.com
ahy9qgaqjw.com
ahzu9hhyqj.com
dpnrq4kpe7.com
egntxfch2f.com
ejglgrlsfv.com
ijzuyfo6m9.com
ikzjlvrxat.com
nnd9bsodkx.com
p8o6adliq7.com
tkhrjexxyn.com
tqzvsormbw.com
u6vpjfufqz.com
uxnyhqblpm.com
v2xeifg35d.com
wzykyninkd.com
x6n5szq1jb.com

# Reference: https://twitter.com/JRoosen/status/1144313588686958597

138.197.76.168:443

# Reference: https://www.vkremez.com/2018/09/lets-learn-dissecting-dridex-banking.html

104.236.24.85:443
107.170.220.167:4431
188.240.231.15:3889
securityupdateserver4.com
