# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://github.com/ti-research-io/ti/blob/main/ioc_extender/ET_APT-FamousSparrow.json
# Reference: https://www.virustotal.com/gui/ip-address/103.15.28.228/relations

awsdns-531.com
offices-analytics.com
redcrossco.com
credits.offices-analytics.com
resource.offices-analytics.com
services.offices-analytics.com
soffice.offices-analytics.com
c11r.awsdns-531.com
cdn181.awsdns-531.com
llnw-dd.awsdns-531.com
rdmail.redcrossco.com
redsquare.redcrossco.com
tranning.redcrossco.com

# Reference: https://www.welivesecurity.com/2021/09/23/famoussparrow-suspicious-hotel-guest/
# Reference: https://otx.alienvault.com/pulse/614d9d97468b5d59e66efeec

kkxx888666.com
cdn.kkxx888666.com