# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://github.com/JR0driguezB/malware_configs/tree/master/IcedID

arcadyflyff.com
atlanimeday.com
binncu.net
camorata.com
comeontrk.com
csuwbru.net
cupicratings.com
daliyudin.net
debonointl.net
dorothyle.net
expling.net
firebbernank.net
freegameshacks.net
fzlajsf.net
gordondeen.net
jefchinloans.com
joronda.com
jumpsworks.com
medicalciferol.com
miraquebolsis.com
nobleduty.com
timmasanz.net
tradequel.net
wbgjds.net
youaboard.com

# Reference: https://blog.talosintelligence.com/2018/04/icedid-banking-trojan.html

efoijowufjaowudawd.com

# Reference: https://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-force-research/

lik0sa1.com
nejokexulang.example.com
payfinance.net

# Reference: https://www.crowdstrike.com/blog/bokbots-man-in-the-browser-overview/
# Reference: https://otx.alienvault.com/pulse/5c99fb543acc7f5eb0e7e933

acquistic.space
ambusted.space
coultra.space
exhausines.space
exterine.space
haractice.space
hospirit.com
overein.space
parchick.space
portened.space
resurround.pw
segregory.com
stocracy.space
stradition.space
subsquire.com
tybalties.com
ugrigo.space
waharactic.com
yorubal.space

# Reference: https://twitter.com/James_inthe_box/status/1110564181021908993

mathedro.com

# Reference: https://blog.fox-it.com/2018/08/09/bokbot-the-rebirth-of-a-banker/

zonefb.com

# Reference: https://twitter.com/malware_traffic/status/1123458651434434563

marakusta.at
saudienter.pw

# Reference: https://twitter.com/CapeSandbox/status/1123605348466741249
# Reference: https://cape.contextis.com/analysis/70719/

forsynanchyv.com
hipponexunam.org

# Reference: https://twitter.com/CapeSandbox/status/1121084063903821824
# Reference: https://cape.contextis.com/analysis/68966/

arguerns.top
extenterms.top
minental.top

# Reference: https://twitter.com/malware_traffic/status/1136690489757974538

37.59.68.215:443
goodinzone.at
mozambiquest.pw

# Reference: https://twitter.com/James_inthe_box/status/1136950895986429954

albarthurst.pro
hipponexunam.org

# Reference: https://twitter.com/malware_traffic/status/1147303805115162624

germakhya.xyz
