This script analyzes C2 domains utilized by the emotet malware.
These domains were extracted by executing malicious emotet office docs in a sandbox environment and observing the C2 domain that they contacted.
You can adapt this script to analyze C2 domains utilized by other Malwares by replacing the values in the domains and resources list in the script.