Hello,

First of all thanks for sharing this emotet IOC's list,

20.190.159.23 seems to be a false positive as it appears to be owned by Microsoft (autologon.microsoftazuread-sso.com)

I also had difficulties with this, but it is only an indicator. The addresses in this repo are sometimes owned by Microsoft or others. You have to be careful with them. Most often, you should pay attention to indicators that appear at the same time.

The IP is point to MSonline's login prompt right now.
I'm removing this from our IOC lists on account of the potential FP but will keep investigate it further.