sLoad and Ramnit Banking Trojan pairing

1. sLoad and Ramnit Banking Trojan pairing in sustained campaigns against UK and Italy
2.  
3. IOC Type Description
4. hxxps://invasivespecies[.]us/htmlTicket-access/ticket-T559658356711702 URL URL in email - 2018-10-17
5. hxxps://davidharvill[.]org/htmlTicket-access/ticket-V081650502356 URL URL in email - 2018-10-17
6. hxxps://schwerdt[.]org/htmlTicket-access/ticket-823624156690858 URL URL in email - 2018-10-17
7. 5ea968cdefd2faabb3b4380a3ff7cb9ad21e03277bcd327d85eb87aaeecda282 SHA256 ticket-T559658356711702.zip - 2018-10-17
8. hxxps://hotkine[.]com/otki2/kine URL Zipped LNK gets PowerShell - 2018-10-17
9. a446afb6df85ad7819b90026849a72de495f2beed1da7dcd55c09cd33669d416 SHA256 kine - ps1 - 2018-10-17
10. hxxps://lookper[.]eu/userfiles/p2.txt URL PowerShell gets sLoad - 2018-10-17
11. hxxps://lookper[.]eu/userfiles/h2.txt URL PowerShell gets sLoad hosts file - 2018-10-17
12. 79233b83115161065e51c6630634213644f97008c4da28673e7159d1b4f50dc2 SHA256 p2.txt sLoad - GBR - 2018-10-17
13. 245c12a6d3d43420883a688f7e68e7164b3dda16d6b7979b1794cafd58a34d6d SHA256 h2.txt sLoad hosts - GBR - 2018-10-17
14. hxxps://maleass[.]eu/images//img.php?ch=1 URL sLoad C&C - 2018-10-17
15. hxxps://informanetwork[.]com/update/thrthh.txt URL sLoad payload (Ramnit) - 2018-10-17
16. b1032db65464a1c5a18714ce3541fca3c82d0a47fb2e01c31d7d4c3d5ed60040 SHA256 Ramnit - 2018-10-17
17. xohrikvjhiu[.]eu|185.197.75.35 DOMAIN|IP Ramnit C&C - 2018-10-17