# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/avman1995/status/1052467368851636225

msboxoffice.com

# Reference: https://twitter.com/Jan0fficial/status/1121738294277169152
# Reference: https://app.any.run/tasks/b50aa97f-0dc2-4515-99e4-942030cc687c
# Reference: https://www.virustotal.com/gui/domain/rl.ammyy.com/details
# Reference: https://www.virustotal.com/gui/ip-address/209.239.123.75/relations

209.239.123.75:443
rl.ammyy.com

# Reference: https://twitter.com/James_inthe_box/status/1067100582152876032
# Reference: https://app.any.run/tasks/fb0e8309-59a9-4c15-9c07-44c99967970c

office365id.com

# Reference: https://twitter.com/James_inthe_box/status/1067806790182625280

office365homedep.com

# Reference: https://twitter.com/pollo290987/status/1004729116833218560

thespecsupportservice.com

# Reference: https://twitter.com/hexlax/status/988881472403763200

169.239.129.38:443

# Reference: https://twitter.com/anyrun_app/status/1095559956429004801
# Reference: https://app.any.run/tasks/d6de545d-f1fd-4db9-a04e-1ecb2c53a357

update365office.com

# Reference: https://twitter.com/James_inthe_box/status/1134032089383297027

79.141.168.132:80

# Reference: https://twitter.com/VK_Intel/status/1135497995351449600
# Reference: https://www.virustotal.com/gui/file/c76e57800aa901071a462a0fe0bb5dddb6433cba5cf2cc26337dc10625409d51/behavior/VirusTotal%20Cuckoofork

185.117.89.130:80

# Reference: https://twitter.com/James_inthe_box/status/1138411458830655488

185.117.89.139:80

# Reference: https://twitter.com/VK_Intel/status/1141437268349083649

149.154.157.229:80

# Reference: https://twitter.com/VK_Intel/status/1142292041189273600

169.239.128.185:80

# Reference: https://twitter.com/James_inthe_box/status/1121111654899388417

169.239.128.119:80

# Reference: https://twitter.com/VK_Intel/status/1144618818494447616

94.156.133.185:80

# Reference: https://twitter.com/malware_traffic/status/1019300011396517891

t69c.com

# Reference: https://tccontre.blogspot.com/2019/07/interesting-com-object-abused-by.html

54.38.127.28:80

# Reference: https://asec.ahnlab.com/1242
# Reference: https://otx.alienvault.com/pulse/5d39d735d1f1f7e30a26b767
# Reference: https://twitter.com/VK_Intel/status/1154452221255278593
# Reference: https://www.virustotal.com/gui/file/3a79c6de1954d53bce81924e0bd2cbd5906005b2a87458320ca4c72fbd5c6f54/detection
# Reference: https://blog.alyac.co.kr/2437 (Korean)

http://139.180.195.36
http://169.239.128.36
http://27.102.70.196
http://45.67.229.36
http://92.38.135.67

# Reference: https://twitter.com/James_inthe_box/status/1159149234974625793

http://109.94.209.91
http://45.84.0.82

# Reference: https://www.virustotal.com/gui/file/cb114123ca1c33071cf6241c3e5054a39b6f735d374491da0b33dfdaa1f7ea22/detection

http://185.117.89.145
http://54.38.127.28

# Reference: https://twitter.com/hexlax/status/988881472403763200

untorsnot.in

# Generic trail

/date1.dat
/duo.dat
/uno.dat
/dat3.omg
