# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~HawkEye-ES/detailed-analysis.aspx

mail.tonysizzo.com

# Reference: https://malware.news/t/lammers-stealers-and-rats-same-technics-like-formbook-malware-to-install-jrat-and-hawkeye/21919

smtp.doctorework.com

# Reference: https://twitter.com/ViriBack/status/1035692468459720704

deltafood-ae.com

# Reference: https://www.symantec.com/blogs/threat-intelligence/african-financial-attacks

noreply377.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1110190083750019072
# Reference: https://twitter.com/James_inthe_box/status/1113756951102590976

lumsdancorp.com

# Reference: https://twitter.com/x42x5a/status/1111655960991490048

ftp.cnvester.com

# Reference: https://twitter.com/x42x5a/status/1115572987816742912

se1ec.com

# Reference: https://otx.alienvault.com/pulse/5cb4b6a2d0c46e38f066376a/

toshioco.com
spldernet.com
tfvn.com.vn
kamagra4uk.com
jhssourcingltd.com
pioneerfitting.com
positronicsindia.com
guideofgeorgia.org
gulfclouds.site
shirkeswitch.net
scseguros.pt
pomf.cat
a.pomf.cat
happytohelpyou.in

# Reference: https://twitter.com/Racco42/status/1124275914530013184
# Reference: https://app.any.run/tasks/6edf4315-11f1-4dca-91fd-4bb581382a5e

smtp.lavadaexpress.pw

# Reference: https://twitter.com/x42x5a/status/1126039075843190784

tain00.5gbfree.com

# Reference: https://twitter.com/dvk01uk/status/1121281997643636736
# Reference: https://app.any.run/tasks/653e0ec4-396d-4930-b91c-9b110debf1cf

ftp.nxgenbiz.us

# Reference: https://twitter.com/anyrun_app/status/1133252677402537984
# Reference: https://app.any.run/tasks/a73f9b70-0f5b-4deb-826f-9e7099ede0fb/

smtp.uml-db.com

# Reference: https://twitter.com/_Bear_Crawl_/status/1134092277071134720

mail.constreite-qatar.com
mail.riyyan.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1140603897523949568
# Reference: https://app.any.run/tasks/7555c697-f2af-42e5-8a14-ae19d7657aa9/

91.216.163.91:36530

# Reference: https://twitter.com/dvk01uk/status/1143456085090738177
# Reference: https://app.any.run/tasks/f6d94749-2625-42be-820a-3ccab8f28242/

103.6.205.50:26
mail.smpn15bogor.sch.id

# Reference: https://twitter.com/Racco42/status/1143983818631725058
# Reference: https://app.any.run/tasks/ae33444d-5393-4745-aff2-bcc06a3ea326/

192.185.73.15:26
mail.balbaagroup.com

# Reference: https://twitter.com/P3pperP0tts/status/1144869571507175424

208.91.199.224:587

# Reference: https://twitter.com/ZeroCERT/status/1146285140068438016
# Reference: https://www.virustotal.com/gui/file/4c10f8881ab7b1b47a4db73fb9052e23efbfcecf4b2b28c569c01faba944d482/detection

ftp.dm1electronics.com

# Reference: https://twitter.com/dvk01uk/status/1154687819702575105

ftp.testproeg.com

# Reference: https://twitter.com/luc4m/status/1156214374371135489

aceccgo.tk

# Reference: https://twitter.com/Paladin3161/status/1161055030671110144
# Reference: https://pastebin.com/DGEcZt5y

qstorm.chickenkiller.com
193.161.193.99:2928
193.161.193.99:44611