# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://info.phishlabs.com/blog/new-variant-bankbot-banking-trojan-aubis

ussensivitius.gq
webcam4bdsm.tk
domainprobr.tk
eltinjapp.cf

# Reference: https://twitter.com/jorgemieres/status/1129069254395990016
# Reference: https://pastebin.com/8v7TEu3D

asdfqw.xyz
fastwebworks2010.org
protec-guvenlik-4.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1221865730054008833

kozzet.ru

# Reference: https://www.virustotal.com/gui/ip-address/162.244.32.142/relations

162.244.32.142:443
162.244.32.142:80

# Reference: https://twitter.com/sh1shk0va/status/1229720531680796677 (Black Rose Lucy)
# Reference: https://www.virustotal.com/gui/file/72c84191fe66c690f5101cf307293c003f82d80f1d00ee010e3067bb0c668d75/detection

gapsoinasj.in
ja0h12p14k.in
jqeoq0r1hgf03ds.in
q9120qwpsa.in

# Reference: https://twitter.com/ReBensk/status/1243500015613554688

protectphone.pw

# Reference: https://twitter.com/malwrhunterteam/status/1248220464473923584

gov-bnminfo.com

# Reference: https://twitter.com/malwrhunterteam/status/1248226241527844865

http://45.63.98.87
213.176.36.43:4207

# Reference: https://twitter.com/malwrhunterteam/status/1250386648598228992
# Reference: https://www.virustotal.com/gui/file/a55a9e204ca0f1015a34f76967ab1e93d7e6ff4ab5abb4816b7438c8db41c8e7/detection
# Reference: https://seguranca-informatica.pt/marco-2020-analise-reversa-da-app-android-entregue-com-o-phishing-do-novo-banco
# Reference: https://www.virustotal.com/gui/ip-address/51.83.252.64/detection
# Reference: https://twitter.com/ESETresearch/status/1252252094066819072

http://186.235.91.100
abanca-sms.com
bankinter.online
bcp-cadastro.com
bcp-millennium.com
cadastro-bcp.com
cadastronb.com
caixaes.site
cgd-cadastro.com
cgd-cadastro.site
es-atualiza.com
estado-sms.com
millennium-bcp.online
nb-cadastro.com
net24apk.website
santa-espanha.com
sms-nb.site
totta2020.com
/controls/nb/control.php
/controls/nb/sms.php
/extras/bpi_link.txt
/extras/nb_link_lyly.txt

# Reference: https://twitter.com/malwrhunterteam/status/1250798529850880000
# Reference: https://twitter.com/midnight_comms/status/1250811148204675072

http://176.121.14.127
vodafone5gapps.com

# Reference: https://twitter.com/malwrhunterteam/status/1252269448267997185
# Reference: https://www.virustotal.com/gui/file/111cfd455f836794e40c6b088ab8e73f8e673a79c18e559adcffa89630a51042/detection

http://218.187.103.198
27.255.64.95:8080

# Reference: https://twitter.com/malwrhunterteam/status/1252287608274722817 (# Android variation)
# Reference: https://www.virustotal.com/gui/file/10cf5bdab95219661759bc58d572379953233ec44b30bf2f83a89f6058610f09/detection
# Reference: https://twitter.com/ninoseki/status/1253272702573395972 (# iOS variation)
# Reference: https://www.virustotal.com/gui/file/748b9f36e5a738665d082b347b5b1f4448d06a70906a32b52b77acd5aa70052e/detection

23.251.45.232:8080

# Reference: https://twitter.com/malwrhunterteam/status/1252323010662588421

poczta-interia.com

# Reference: https://twitter.com/malwrhunterteam/status/1252325976308166660

evdehayatvarfree20gb.com

# Reference: https://twitter.com/malwrhunterteam/status/1253016217268498437
# Reference: https://twitter.com/LukasStefanko/status/1253265204646903809

25s.site
obmenvsemfiles.com

# Reference: https://twitter.com/malwrhunterteam/status/1259886844961005568

bocongan113.com

# Reference: https://twitter.com/malwrhunterteam/status/1259906137891241985

bocongan113vn.com

# Reference: https://twitter.com/malwrhunterteam/status/1259909960311463936

8400113.com

# Reference: https://twitter.com/seafaringturtle/status/1259908100703821825

103.57.111.11:4163

# Reference: https://twitter.com/ReBensk/status/1260184449414647811

photobank-shar2020.website

# Reference: https://twitter.com/malwrhunterteam/status/1261545686325174273
# Reference: https://twitter.com/seafaringturtle/status/1263163367818215424
# Reference: https://www.virustotal.com/gui/file/8d742a1b50492fc35a54119f305daa054f666bf0ec08f7a668aa657af28a6563/detection

216.118.243.114:3500
216.118.243.114:57157
216.118.243.115:57157
216.118.243.116:57157
216.118.243.117:57157
216.118.243.118:57157

# Reference: https://twitter.com/malwrhunterteam/status/1266069349917503495

sosyaldestek-tr.com

# Reference: https://twitter.com/malwrhunterteam/status/1266073872614526982

dbierzkod.pl
odbierzkod.pl

# Reference: https://twitter.com/ReBensk/status/1269306854233997316

krazyfoxx9.xyz

# Reference: https://twitter.com/ReBensk/status/1270725741273964548
# Reference: https://www.virustotal.com/gui/ip-address/8.208.90.169/relations

covid-19argentina.top
darkfantasy.top
drzapato.online
drzapato.xyz
fastupdate.top
fastupdatemanager.top
greenandgrey.top
lovemeany.online
telecentrocovid19.top

# Reference: https://twitter.com/ReBensk/status/1272566330873479170

nansy782seetoyou38.website

# Reference: https://twitter.com/ReBensk/status/1272565628604502018

flashplayerupdate.top

# Reference: https://twitter.com/NtSetDefault/status/1275103442172891138

http://154.206.173.205
139.5.200.26:3500
139.5.200.27:3500
139.5.200.28:3500
139.5.200.29:3500

# Reference: https://twitter.com/malwrhunterteam/status/1349349426486153218
# Reference: https://twitter.com/bl4ckh0l3z/status/1350100010797559808
# Reference: https://www.virustotal.com/gui/file/6d29817636bd1eb314dfe5170765ef59f21c44054fb60049ade96e8becacc15d/detection

http://119.42.149.122
http://119.42.149.123
http://119.42.149.124
http://119.42.149.125
http://119.42.149.126
http://154.83.102.138
119.42.149.122:3500
119.42.149.123:3500
119.42.149.124:3500
119.42.149.125:3500
119.42.149.126:3500

# Reference: https://www.virustotal.com/gui/ip-address/213.176.36.42/relations

http://213.176.36.42

# Reference: https://www.virustotal.com/gui/file/786a73ac6036cf091939ccfa945e14e53524875ce8911f1c8d98d441fac2fd19/detection

213.176.36.42:4207
bank-negaramy.com

# Reference: https://www.virustotal.com/gui/file/a240e8586dd9d5cf199cb96deef63356dd24ae9274d750a076fd5ac4bed3f402/detection

213.176.36.42:4205
gov-bnminfo.com

# Reference: https://www.virustotal.com/gui/file/388bdb3f1f2e514e29646fe3a36bf20b7d0c47c0f0375f0aa2af262df6401845/detection

213.176.36.42:4201

# Reference: https://www.virustotal.com/gui/file/796bcb1df6fe45592137e0ddfb4dd1aa8fa264b396e43b58111543c9af89e564/detection

bnm-gov-info.com

# Reference: https://www.virustotal.com/gui/file/91807792a8c025f5b4c96a4d62f65ab335f695e9a7bbc6484c598a6ad3463684/detection

213.176.36.42:4202
negaramy-bank.com

# Reference: https://www.virustotal.com/gui/file/d3724868bb2966d0bffd235a995b6ac926a66b0756ca13679f3075d976da28e2/detection

213.176.36.42:4203
negarabank-my.com

# Reference: https://www.virustotal.com/gui/file/9ecca511661e72be443fc179cc71a1ecfcc8af48c6a8c87ef3883cb4724377b7/detection

213.176.36.42:4206
siasatan-gov-bnm.com

# Reference: https://www.virustotal.com/gui/file/c07cde11fb494e666a36ac7bb9cc593b877fb5267d04174c2295e586fdaada57/detection

bnm-govinfo.com

# Reference: https://www.virustotal.com/gui/file/0734c1af9909ce1c55bfe7d71f0c80c18792680880f4e35d849d038ce15962c7/detection

213.176.60.234:3403

# Reference: https://www.virustotal.com/gui/file/486234a479def6497524d3b501e3dfa9ae2f5e1815bd9b09219e98b8e95d62b2/detection

bnmgovinfo.com
smkgovinfo.com

# Reference: https://www.virustotal.com/gui/file/0460ecbe48b8b9d657fd1a8f7e8bbae779eddf312388f46359b21a9d97616170/detection

gov-cbminfo.com

# Reference: https://blacklist.cyberthreatcoalition.org/vetted/url.txt

cdek-payments.com
satterfieldbanks.com

# Reference: https://twitter.com/B0rys_Grishenko/status/1277515350658224128
# Reference: https://www.virustotal.com/gui/file/5ca38b7d208fbc5f665b4e0af7de5a1ac6cbc796375368934bffbef68732fc77/detection

sklepplay24.com

# Reference: https://twitter.com/ReBensk/status/1277615119594409987

http://154.206.173.194

# Reference: https://twitter.com/ReBensk/status/1277616463457792000
# Reference: https://www.virustotal.com/gui/file/c69af883dc42792500eecb12dc1f0641f1b9f4b4c340365c0491985ce6a89448/detection

193.112.126.184:39090

# Reference: https://twitter.com/ESETresearch/status/1277930672477343760

arabamuayenesi.com
usom-gov-tr.ml

# Reference: https://twitter.com/malwrhunterteam/status/1280220519460208641

http://102.129.249.232

# Reference: https://twitter.com/malwrhunterteam/status/1280502011981676546

chromekill.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1280572099686531072

looparkadaslik.xyz

# Reference: https://www.virustotal.com/gui/file/1998850290d2d17e5537610fdd074fce3027e0999a06bc7f2d9c2ee9170773eb/detection
# Reference: https://www.virustotal.com/gui/file/a8cae4f6c6c0121522baff7610a6fd09495426a90d816b8334acae903e8f6985/detection
# Reference: https://www.virustotal.com/gui/file/525198da8ae0c46f7707b9040eb4cf28794ab53df29f5f4ae5ec9830b4ea7eaa/detection
# Reference: https://www.joesandbox.com/analysis/199559/0/html

172.104.120.109:23040
172.104.135.129:3040
172.104.181.99:23040
/phoneinfo/xb_bin
/phoneinfo/xb_bin_one

# Reference: https://twitter.com/LukasStefanko/status/1280624418876686336
# Reference: https://twitter.com/NtSetDefault/status/1280648662499155968

antonioguterres.app
billclinton.app
bobiger.app
charlleskoch.institute
dougmcmillon.app
georgewbush.dev
jimyongkim.app
martinlutherkingjr.app
micheltemer.app
nelsonmandela.dev
pedroalvarescabral.dev
ragfactory.red
rupertmurdoch.red

# Reference: https://twitter.com/malwrhunterteam/status/1280846189433413634
# Reference: https://twitter.com/JCyberSec_/status/1303618860449509377
# Reference: https://www.virustotal.com/gui/ip-address/5.252.179.35/relations

bufirte.xyz
contatorfull.best
contmobi.club
contmobi.online
contmobi.work
cubirta.club
cubirta.xyz
dietasricas.xyz
gameapps.link
loltopgor.monster
mastercuponsdays.com
masteroffersdays.com
norditcph.xyz
ofertasgrandes.best
offersdirects.com
parse654.xyz
parse655.xyz
passtravel.best
poptoper2.monster
shopingoffers.xyz
topbestoffers.best
topbestoffers.monster
topbestoffers.xyz
topnomber.monster
toroftos.xyz
yourbestoffers.best

# Reference: https://twitter.com/malwrhunterteam/status/1281269010231853056

http://154.206.173.205

# Reference: https://twitter.com/malwrhunterteam/status/1283040684614852609

http://154.206.147.115

# Reference: https://www.virustotal.com/gui/file/fc0b880ddd9bda92dfb776d32a1958635be8933fa138dd35044cb5e76f470860/detection

emobileservices.club

# Generic

/kbsbk24/
/nhbank6/
/nhcap6/
/servicest/sms2wx/Sms2WXService
/servicest/sms2wx/uploadMobileInfo

# Reference: https://twitter.com/malwrhunterteam/status/1288838413345607680

foranymefc.site

# Reference: https://twitter.com/0bfusCat/status/1089817931435905025

izmirsiberahmet.online

# Reference: https://twitter.com/0bfusCat/status/1088413094722879488
# Reference: https://www.virustotal.com/gui/ip-address/47.74.70.68/relations

aperdosali.top
atbfinance.top
atbfinanza.top
atbfinanziario.top
comedirtad.top
ctechnick.top
dopeblock.top
materongoc.top
oldcrystal.top
sickslick.top
sleepmate.top

# Reference: https://twitter.com/sh1shk0va/status/1290267524592934918
# Reference: https://www.virustotal.com/gui/file/548ea89dcfe3fed1e6766d1c9ef36407b6d3a852fd359635e5fe9de99732eb0b/detection

vigolimone.website

# Reference: https://twitter.com/malwrhunterteam/status/1290635046169260032

cooperativa-mobile.ml

# Reference: https://twitter.com/malwrhunterteam/status/1290964433402044416

llmymdq.site

# Reference: https://twitter.com/malwrhunterteam/status/1293831060611096579
# Reference: https://www.virustotal.com/gui/file/63a07c43fc8ab595a45eb17329f8b310c8db72efef3b16a4ea081251f2e40b05/detection

154.92.17.105:1506
154.92.17.105:1509

# Reference: https://twitter.com/malwrhunterteam/status/1297078797553074176
# Reference: https://twitter.com/B0rys_Grishenko/status/1297277745362358273
# Reference: https://www.virustotal.com/gui/file/92648f5945ce65aa9ee46afe1a07e9300d4724255118d4c37bf58b8bafdbedeb/detection

http://217.8.117.104

# Reference: https://twitter.com/malwrhunterteam/status/1298677192667402248
# Reference: https://www.virustotal.com/gui/file/b336120b0dcb02d15b63f623ec1ef55659aed23f9d1355f80f2b5d1000963eac/detection

http://154.218.21.181

# Reference: https://twitter.com/malwrhunterteam/status/1301135258025431041

tiende.ru

# Reference: https://www.virustotal.com/gui/file/c073bf806c4ff8a4cacd515681cac215ee8e7b214f4cb1ad7303912aba2eb67f/detection

http://112.213.127.89

# Reference: https://twitter.com/malwaretracekr/status/1305403739117776902

http://220.129.70.58

# Reference: https://www.virustotal.com/gui/file/2502b3b57aa43a63aecb4ad6bae9e739742e78091436c27b3949b55c3387a0f4/detection

185.246.64.188:8001

# Reference: https://twitter.com/bl4ckh0l3z/status/1308789853354692608

senteam.ru

# Reference: https://twitter.com/ReBensk/status/1311154202643660801

paypal-sign.myddns.me
support-paypal.myddns.me

# Reference: https://twitter.com/malwrhunterteam/status/1311307895443787778

http://155.138.163.183

# Reference: https://twitter.com/malwrhunterteam/status/1316057431370326017

http://156.235.187.217
 
# Reference: https://twitter.com/ReBensk/status/1311536162499162112

http://157.185.179.73

# Reference: https://twitter.com/malwrhunterteam/status/1311710159715082241

http://144.202.11.123

# Reference: https://www.virustotal.com/gui/file/5642f08b04be9460fcdb973042e4841ccbd732cd5ffc0107d9750e5f9afc4449/detection
# Reference: https://www.virustotal.com/gui/file/fffa5c2a67db847f43217aa5551c75f5aa1f8f9d82bed032d6eb2a9df1f781e3/detection
# Reference: https://www.virustotal.com/gui/file/ab52aa605dde9edf4437388c5df75552ecc196b07c196f6435e7fcf7875e1745/detection

45.138.209.18:8080

# Reference: https://www.virustotal.com/gui/file/1ebe007267a27b653ab572fc4e0a6cccb9b914981d2f90b19d84b75a1bfad55d/detection

45.138.209.34:8080

# Reference: https://www.virustotal.com/gui/file/6046d1b0961301b4b2f26857c5c10e296f03ef942a1b9028631736aa0d8f1205/detection

45.138.209.37:8080

# Reference: https://www.virustotal.com/gui/file/3a3e58f6ee3b0ebc6f3373deddc32255457b710d7ae2200b823536a321a5e001/detection
# Reference: https://www.virustotal.com/gui/file/4bcb08348feda24f4f162784772d20d7808957bd052afbf4e5995ebe0ded0f5c/detection
# Reference: https://www.virustotal.com/gui/file/d601ff978865fa44311b55420c6cbb61a2a65a9631f797895c1b6406e0b9e731/detection
# Reference: https://www.virustotal.com/gui/file/74a12057215be8b65c46a8614a97fcca61012a28b1dc416fd9a9f700ef4f3485/detection

45.138.209.23:7788

# Reference: https://www.virustotal.com/gui/file/d2fd885065dacd134d54f9f07a6a95e2b3371a387102b7094cac812d7da97e25/detection

45.154.14.63:7788

# Reference: https://twitter.com/malwrhunterteam/status/1370021678915350542
# Reference: https://www.virustotal.com/gui/file/08eced64db2e5a0d8de2b57f8a1fee9f724a59be95dfb9f4935ad8d204d45bae/detection

45.154.14.95:7788

# Reference: https://www.virustotal.com/gui/file/fcfb19c41114a5bf5195d8d6316ac1738aec58b38984076ed0c63f2b48f6997f/detection
# Reference: https://www.virustotal.com/gui/file/eefe5825eb631b1ab81f2646cec7cdb21673066dd4c409e89d257b50260df324/detection

141.255.151.19:5214
141.255.157.49:5214
asdtt23488.hopto.org

# Reference: https://twitter.com/malwrhunterteam/status/1313355326670942208
# Reference: https://twitter.com/bl4ckh0l3z/status/1313374708688134144
# Reference: https://www.virustotal.com/gui/file/74b194615ce6ac50435e211470c3b2948c244a94b5b75ff2d8825bcb5a26b79c/detection

fusaed.com
qctetc.com
uxsahd.com

# Reference: https://twitter.com/malwrhunterteam/status/1313522877443043332

flash-player-indir.com

# Reference: https://twitter.com/malwrhunterteam/status/1313800408746393603

mollyptuwo.online

# Reference: https://twitter.com/malwrhunterteam/status/1316059882987061248

heapafoo.ru

# Reference: https://twitter.com/malwrhunterteam/status/1316708831678935042

http://92.63.106.163

# Reference: https://twitter.com/malwrhunterteam/status/1316782508764266496
# Reference: https://www.virustotal.com/gui/file/30557d0306ca5502de037538857c8448edc09f9f318807506cc2e285fcb40893/detection

http://154.85.186.46

# Reference: https://twitter.com/Cengiz86035319/status/1317019371764580355
# Reference: https://www.virustotal.com/gui/file/2703c955b8470f8022f4ed74c9e5ca52eabfba37b900bdc47486ee9e6af1b6e1/detection

http://35.202.212.117

# Reference: https://twitter.com/malwrhunterteam/status/1317059994907455488
# Reference: https://www.virustotal.com/gui/ip-address/91.134.159.176/relations
# Reference: https://www.virustotal.com/gui/ip-address/94.23.180.186/relations
# Reference: https://www.virustotal.com/gui/file/58a6117c374159928685e79dd55766eca1c9ac4cbe264acdd0fb1f1815427835/detection
# Reference: https://www.virustotal.com/gui/file/4c2114824eaf97c3c0ded5dea516db8dc7435a00c04aa2ac6706877908a42585/detection

ebsex.ru
exsos.ru
gomon48.ru
kexsex.ru
kosex.ru
sexet.ru
sexkex.ru
sexoko.ru
sexpis.ru
sexsos.ru
sextuk.ru
sexura.ru
sexvam.ru
sexvokrug.ru
sexvsem.ru
sosep.ru
soses.ru
sosev.ru
soske.ru
soskex.ru
sosto.ru
sosvot.ru
totsos.ru
zosos.ru

# Reference: https://twitter.com/malwrhunterteam/status/1317403643700719616

гусар.online
xn--80af4bcj.online

# Reference: https://twitter.com/malwrhunterteam/status/1318276866449510400

nuevospainflplayer.info

# Reference: https://twitter.com/malwrhunterteam/status/1319918657804357632
# Reference: https://twitter.com/bl4ckh0l3z/status/1320690035327410177
# Reference: https://www.virustotal.com/gui/file/08d74a860befbad4e3e4fc80c6b9d4b46be3c723cb1056d596f3e33dc77343a6/detection
# Reference: https://www.virustotal.com/gui/file/4c2378ead460da2282b37c58e8cf911bca55bad57baac485c8e2f9e9ad2b9313/detection

shopee-coins.com
shopee.cc-cashwallet.com
f-spy.com
a.f-spy.com
b.f-spy.com
c.f-spy.com
d.f-spy.com
f.f-spy.com
g.f-spy.com

# Reference: https://twitter.com/malwrhunterteam/status/1319952092119896065
# Reference: https://www.virustotal.com/gui/ip-address/98.126.156.85/relations
# Reference: https://www.virustotal.com/gui/file/3f7340fc7ec7028dcec2e1d9c766b72d70e5656eb17e7982e434ebe644d27878/detection

160.124.255.97:2018
1136984.com
840113.com
84113113.com

# Reference: https://twitter.com/Boyv3r/status/1320076344034791424

ebatabletiniz.com

# Reference: https://twitter.com/ReBensk/status/1322064414175092740
# Reference: https://www.virustotal.com/gui/file/c096d30ee0a0df796ca023e421aa4580a9adb5f2893bc2657577fa0e0b691e97/detection
# Reference: https://www.virustotal.com/gui/file/3e860c4ede3c07ee29ad269635e2ae6cd6790b2c74bf5ffa201e8cb4dd52b736/detection
# Reference: https://www.virustotal.com/gui/ip-address/185.193.91.74/relations

acrisias.xyz
akdorr.xyz
alphesiboeus.xyz
amyntor.xyz
anchises.xyz
antipatros.xyz
arutruck.xyz
atcor.xyz
athenades.xyz
azzaur.xyz
barud6347.xyz
busgud.xyz
calcurr.xyz
cissesd.xyz
cleathes.xyz
corydallos.xyz
crodolvith.xyz
dakquth.xyz
diokles.xyz
epaenetus.xyz
euchenor.xyz
eudoxsus.xyz
euryleon.xyz
eurysthios.xyz
eutuches.xyz
gaddurud.xyz
gruavran.xyz
grulgojer.xyz
gruraborr.xyz
hermotimos.xyz
iamusasf.xyz
iboddeth.xyz
icarius.xyz
khaascon.xyz
krakott.xyz
krazalzutt.xyz
kruzangozz.xyz
leonidasmy.xyz
leontis.xyz
lorozz.xyz
lydusasd.xyz
medonhfg.xyz
montudsan.xyz
nauvamutt.xyz
nedalqex.xyz
nezrozz.xyz
nikasiosayur.xyz
nisosfhg.xyz
omunomn.xyz
oniasasd.xyz
phanias.xyz
phileasg.xyz
praxislol.xyz
praxisyui.xyz
priamadg.xyz
priamgfg.xyz
qavukozz.xyz
rokrirr.xyz
rozrux.xyz
segerux.xyz
sinisssa.xyz
stukkuar.xyz
tectondas.xyz
telemacho.xyz
theageshgf.xyz
tigegax.xyz
timasion.xyz
tithonius.xyz
vulkuar.xyz
xiphilinus.xyz
xuthusyu.xyz

# Reference: https://www.virustotal.com/gui/ip-address/185.193.91.5/relations
# Reference: https://www.virustotal.com/gui/ip-address/192.64.119.224/relations
# Reference: https://www.virustotal.com/gui/ip-address/63.250.44.166/relations

1zmt5e0yjt.xyz
anita1898kurovsk1.xyz
babalaykaandcomp.xyz
dakquth.xyz
davnad.xyz
droid2021.xyz
gorajorr.xyz
gruraborr.xyz
heartways.xyz
iboddeth.xyz
khaascon.xyz
krazalzutt.xyz
mandalorec2021.xyz
masteronil.xyz
obiwan2021.xyz
princeleya021.xyz
tsubaka2021.xyz
warior7766.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1323157065284681728
# Reference: https://twitter.com/bl4ckh0l3z/status/1323180531891101696
# Reference: https://www.virustotal.com/gui/file/affd5f9084641dee0355dc09b60db37a162538be44727884eb45e929bd4b2f60/detection

103.85.72.156:8080
blinefm.com
2020.blinefm.com

# Reference: https://twitter.com/malwrhunterteam/status/1323284195515531265

agoralux.com.br

# Reference: https://twitter.com/malwrhunterteam/status/1323674314521141249
# Reference: https://www.virustotal.com/gui/file/7e7be8412de67b5aead030c0f03dc19285b2f4597dda554b7748e72544c45d21/detection

espflplayerdescargar.live

# Reference: https://twitter.com/malwrhunterteam/status/1326163604459180037

blinefm.com

# Reference: https://twitter.com/malwrhunterteam/status/1262783846690492418

filmspolandxxx.com

# Reference: https://twitter.com/malwrhunterteam/status/1327354542086889472
# Reference: https://www.virustotal.com/gui/file/20a7aeeadfeb548d2d6df10ed7e4d7e84caa326313f917385d7fb7736af48bd4/detection

189.6.120.28:5050

# Reference: https://twitter.com/malwrhunterteam/status/1328392462088462336
# Reference: https://twitter.com/B0rys_Grishenko/status/1328402107892981761
# Reference: https://www.virustotal.com/gui/ip-address/47.254.176.26/relations
# Reference: https://www.virustotal.com/gui/file/ea6cae544c3822e8ff4cfa86bd9285f9c1363388603d3120dacbeecda291649c/detection

3030sisisinononono.info
332dskakkwkkksk22dada.info
5050sisisinononono.info
bancosantander-segura.com
dsfiudsfdnsjds.top

# Reference: https://twitter.com/malwrhunterteam/status/1329709356116570113
# Reference: https://twitter.com/bl4ckh0l3z/status/1329713263060377608

888ccb.com
ushdka.com

# Reference: https://twitter.com/bl4ckh0l3z/status/1329776743339712518
# Reference: https://www.virustotal.com/gui/ip-address/185.156.172.69/relations

soofoodoo.club

# Reference: https://labs.k7computing.com/?p=21246
# Reference: https://www.virustotal.com/gui/ip-address/114.55.79.183/relations
# Reference: https://www.virustotal.com/gui/domain/i9600.com/relations
# Reference: https://www.virustotal.com/gui/file/280dcc68e8b10a9834252aa3bfe2eb48781da56719915c896bfba7d3e0f8c000/detection

114.55.79.183:10011
i9600.com
aff.i9600.com
control.i9600.com
kd-apk.i9600.com
service.i9600.com
zhf.i9600.com
mei669.com
oms.mei669.com

# Reference: https://twitter.com/malwrhunterteam/status/1332644727808724996
# Reference: https://www.virustotal.com/gui/file/a2fd23a258d8a39c8b096183cdd028f958fa004135cc9df2c0d8910da88e3e46/detection
# Reference: https://www.virustotal.com/gui/file/64b48ee8a113fd171fca60d8bbc495b9af3663d65a08cece12114a4d4e8b64c4/detection
# Reference: https://www.virustotal.com/gui/file/311f3ac5c075be4b1e34d50d08ff6bf8724facf018f31490f349d3c68a8815ed/detection
# Reference: https://www.virustotal.com/gui/file/7df4b0a98d44a8db431340f50c9fec4c22e7b93b6d96f09cf97695d335818dd6/detection
# Reference: https://www.virustotal.com/gui/file/ab3db21229eee4b716824ca831f9ddbb837a4b2abb6abc12101e02e84159cb88/detection

146.185.241.6:7878

# Reference: https://twitter.com/bl4ckh0l3z/status/1333009513037893632

148.66.8.98:1935
148.66.8.99:1935
148.66.8.100:1935
148.66.8.101:1935
148.66.8.98:57162
148.66.8.99:57162
148.66.8.100:57162
148.66.8.101:57162

# Reference: https://twitter.com/bl4ckh0l3z/status/1281565691037003782/photo/3

154.206.45.22:21823

# Reference: https://twitter.com/malwrhunterteam/status/1333507473504948226
# Reference: https://twitter.com/bl4ckh0l3z/status/1334147416854056960
# Reference: https://www.virustotal.com/gui/file/e5bf969569c8e4d4ad93f5f6a6b8004bebc58187238a3f0085209004e6be12f6/detection

103.145.191.61:8978
http://103.145.191.61

# Reference: https://twitter.com/malwrhunterteam/status/1334222729558548490
# Reference: https://twitter.com/bl4ckh0l3z/status/1334480342854590465
# Reference: https://www.virustotal.com/gui/file/501ca1c4ce3a6c1d03655d35109b7d16e4dc111142ffa0c3f1cec95b7a604e6f/detection

116.193.152.176:7788
http://45.138.209.52

# Reference: https://twitter.com/malwrhunterteam/status/1336983774354173952

61.227.124.151:30

# Reference: https://twitter.com/malwrhunterteam/status/1337502083608670215
# Reference: https://twitter.com/bl4ckh0l3z/status/1338168054644150273
# Reference: https://www.virustotal.com/gui/file/787f671b98b0393dc6dc703ea0f04d1d79bb6cb45ecae2173c948de61f575e53/detection

103.40.163.156:9090
blinefml.com

# Reference: https://www.virustotal.com/gui/file/c2c1d804aeed1913f858df48bf89a58b1f9819d7276a70b50785cf91c9d34083/detection

developer-app.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1338912835523534848
# Reference: https://twitter.com/bl4ckh0l3z/status/1339305454149758978

isjxkac.com
ksjajsxccb.com

# Reference: https://twitter.com/malwrhunterteam/status/1339667434450653185

http://191.101.234.104

# Reference: https://twitter.com/malwrhunterteam/status/1341710227780104192

http://111.249.159.138

# Reference: https://twitter.com/malwrhunterteam/status/1342098542224142336
# Reference: https://www.virustotal.com/gui/file/bfaed122e095077d937d878ee80cdec7c9d295ddf701361b1a2e5013e3f42c93/detection

112.213.127.149:8978
http://112.213.127.149

# Reference: https://twitter.com/malwrhunterteam/status/1343662715437510656
# Reference: https://www.virustotal.com/gui/file/652d93eff67cb6ca7f50d8b1fd89652e6878c9e7173cb211baf64d7ce5756b1b/detection

103.147.13.139:8978
http://103.147.13.139

# Reference: https://www.virustotal.com/gui/file/87c9d15e7bb4ca798947adecee7ec162206e5975680375c4f4d5f044926a5e17/detection

bb.fbb0oy.net

# Reference: https://twitter.com/malwrhunterteam/status/1346515280919408647
# Reference: https://twitter.com/bl4ckh0l3z/status/1348294330537168902
# Reference: https://www.virustotal.com/gui/file/f25e7e0de3a02fcef6749ed4ba69df20e07a6982db626903cdadac9432847038/detection
# Reference: https://www.virustotal.com/gui/file/9952ff78d120eae1637b66862d3967d06126f0b1d2c0967270207702e086cc75/detection

http://45.138.209.52
103.145.106.214:7788
45.154.14.19:7788

# Reference: https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz
# Reference: https://snort-org-site.s3.amazonaws.com/production/release_files/files/000/012/156/original/snort3-community-rules.tar.gz
# Reference: https://www.virustotal.com/gui/domain/smsgrabber.url.ph/relations

smsgrabber.url.ph

# Reference: https://twitter.com/malwrhunterteam/status/1351221272710176770
# Reference: https://www.virustotal.com/gui/file/d927fddc84d4f06c2879487756c89c89bf99848e4bec39e5aad0da6a0c53f1a9/detection

pornohdcenter.com

# Reference: https://twitter.com/malwrhunterteam/status/1351894856281579522
# Reference: https://www.virustotal.com/gui/file/5265ebe2a3e33f003b111f4f7cd4c760800e5ff55f2dd43dea8f22fda3337f81/detection

196.69.61.56:707
ndseven.hopto.org

# Reference: https://twitter.com/ReBensk/status/1352201093728518149
# Reference: https://www.virustotal.com/gui/file/cb74cd54650ba5c39a4c9e609b3a371cc7289d81dcdd849d1c5032f6a5fc5c27/detection

settings.pw
/huawei.apk
/huawei9998.apk
/xhuawei.apk

# Reference: https://twitter.com/malwrhunterteam/status/1353042982505742341
# Reference: https://www.virustotal.com/gui/file/7b769c23c607caaa1022307071e803bcfe1394c82aed11499cb65fedb5e19f17/detection

cervezaelhechicero.cl/DHLUSA/
/DHLUSA/DHLTrackShippment.html
/DHLSpain/DHLGlobalES.html

# Reference: https://twitter.com/malwrhunterteam/status/1352672839208476678
# Reference: https://twitter.com/malwrhunterteam/status/1352673988212912130
# Reference: https://twitter.com/malwrhunterteam/status/1352876505630695424
# Reference: https://www.virustotal.com/gui/ip-address/193.38.55.56/relations
# Reference: https://www.virustotal.com/gui/ip-address/194.58.108.142/detection
# Reference: https://www.virustotal.com/gui/ip-address/47.254.171.138/relations

dhl-api.club
dhl-api.icu
dhl-api.online
dhl-api.space
dhl-api.store
dhl-api.website
dhl-api.work
dhl-api.xyz
dhl-apk.com
dhl-apli.icu
dhl-apli.online
dhl-apli.site
dhl-apli.space
dhl-apli.store
dhl-apli.website
dhl-apli.work
dhl-apli.xyz
dhl-app.info
dhl-app.ru
dhl-app.space
dhl-app.website
dhl-cdn.pw
dhl-cdn.site
dhl-cdn.space
dhl-cdn.store
dhl-cdn.website
dhl-ebalo.casa
dhl-ebalo.club
dhl-ebalo.cyou
dhl-ebalo.fun
dhl-ebalo.icu
dhl-ebalo.online
dhl-ebalo.site
dhl-ebalo.space
dhl-ebalo.store
dhl-ebalo.surf
dhl-ebalo.website
dhl-ebalo.work
dhl-ebalo.xyz
dhl-ebat.icu
dhl-ebat.online
dhl-ebat.site
dhl-ebat.space
dhl-ebat.store
dhl-ebat.surf
dhl-ebat.xyz
dhl-kurva.casa
dhl-kurva.club
dhl-kurva.cyou
dhl-kurva.fun
dhl-kurva.icu
dhl-kurva.online
dhl-kurva.site
dhl-kurva.space
dhl-kurva.store
dhl-kurva.website
dhl-kurva.work
dhl-kurva.xyz
dhl-pidor.casa
dhl-pidor.club
dhl-pidor.cyou
dhl-pidor.icu
dhl-pidor.monster
dhl-pidor.online
dhl-pidor.site
dhl-pidor.space
dhl-pidor.store
dhl-pidor.surf
dhl-pidor.website
dhl-pidor.work
dhl-pidor.xyz
dhl-serv.cyou
dhl-serv.site
dhl-serv.space
dhl-serv.store
dhl-serv.website
dhl-serv.xyz
dhl-suka.casa
dhl-suka.club
dhl-suka.cyou
dhl-suka.fun
dhl-suka.icu
dhl-suka.online
dhl-suka.site
dhl-suka.space
dhl-suka.store
dhl-suka.website
dhl-suka.work
dhl-suka.xyz
dhlapk.com
dhlapp.info
dhlapp.space
dhlapp.website
/dhl-1.apk
/dhl-2.apk
/dhl-3.apk
/dhl-4.apk
/dhl-5.apk
/dhl-6.apk
/dhl-7.apk
/dhl-8.apk
/dhl-9.apk

# Reference: https://twitter.com/malwrhunterteam/status/1376476624703602698

/mrw-1.apk
/mrw-2.apk
/mrw-3.apk
/mrw-4.apk
/mrw-5.apk
/mrw-6.apk
/mrw-7.apk
/mrw-8.apk
/mrw-9.apk

# Reference: https://twitter.com/malwrhunterteam/status/1353773189864816642
# Reference: https://twitter.com/bl4ckh0l3z/status/1353794801901195271
# Reference: https://www.virustotal.com/gui/file/10658430a56a31ab8f295b3bb2860a1fc2fd95b09664d523b168de5d9bd71c2f/detection

ratapi11223344786.azurewebsites.net

# Reference: https://twitter.com/RickyLafleur1/status/1214587889700478976
# Reference: https://www.virustotal.com/gui/file/a6547415ef61bc66531978ef28913938f74dacb887bbd4ec5fc3a4ee978c4376/detection

http://185.185.71.90
whats-app.gq

# Reference: https://twitter.com/AgidCert/status/1353763168909225987
# Reference: https://twitter.com/ni_fi_70/status/1354352455123918848
# Reference: https://twitter.com/sS55752750/status/1354418390551711746
# Reference: https://twitter.com/sS55752750/status/1354420546809847820
# Reference: https://cert-agid.gov.it/news/individuato-sito-che-veicola-in-italia-un-apk-malevolo/
# Reference: https://www.virustotal.com/gui/file/9ae593c5611fa04fc0b7cf85f356b0ac92dcbe51fc5f481425ec7d6743368447/detection

cosmosframework.xyz
cosmospayments.online
montanatony.xyz
smoothbots.online
starbots.xyz
supportoapp.com
/js/app.19d5011b.js

# Reference: https://twitter.com/bl4ckh0l3z/status/1354755976755372035
# Reference: https://www.virustotal.com/gui/file/233835b9ff122185f2ff32b4841d38f6768508767f5cc5a021bc307489140a1a/detection
# Reference: https://www.virustotal.com/gui/file/1a0b29851c66a4750e132302fb3bbe180b0822069a916125feb18ce35b9ec319/detection

45.142.213.31:38920
45.142.213.31:38921
45.142.213.31:38922
45.142.213.31:38923
45.142.213.31:38924
45.142.213.31:38925
45.142.213.31:38926
45.142.213.31:38927
45.142.213.31:38928
45.142.213.31:38929
45.142.213.31:38930
45.142.213.31:38931
45.142.213.31:38932
45.142.213.31:38933
45.142.213.31:38934
45.142.213.31:38935
vpsp.ru
/A0.php?Android=
/A0.php?BankBotLog=
/A0.php?ShowPass

# Reference: https://twitter.com/ReBensk/status/1355752152740753413
# Reference: https://www.virustotal.com/gui/file/90301cc8484dab405e53a0a1ee07ff4117016412663d1df0154e6500ff1bbffd/detection

tosanfrancisco.life

# Reference: https://www.virustotal.com/gui/file/3ed04f22534c0d72641f96f59613005d72f50f7206f5e5d41a6284642df961e8/detection
# Reference: https://www.virustotal.com/gui/file/afc660b822bd032489407cc195b8ea544cde82335e17bca0fbd170e6fa4b2f52/detection
# Reference: https://www.virustotal.com/gui/file/a0075b79f75cbd0005beabbe9397a6cc79ce2521faf80771fb73bada49d898d8/detection

2.61.243.211:3210
2.61.243.211:5214
kolsayan.system-ns.net

# Reference: https://www.virustotal.com/gui/file/221926ac32a0a3da6a880320edacf5a5a8485214e5ca71bd7219fe25357f4f0e/detection

mixan4uk.system-ns.net

# Reference: https://www.virustotal.com/gui/file/b86fd4c42a30a1fbb6af287f23f7b50b72acf3308f43b4f31880563d8999b209/detection

41.233.168.80:1025
mugiwara.system-ns.net

# Reference: https://www.virustotal.com/gui/file/2cc928515b78a082307f3d813ba5e113fc0b36dff7c0f4f22534e6f1d64a2545/detection

boothead99.system-ns.net

# Reference: https://twitter.com/malwrhunterteam/status/1361753980053970950
# Reference: https://www.virustotal.com/gui/file/74adb6bd25a9714501c5e165de1875b17a69fd42d853435f0907ea7abee44fca/detection

freeplayer.site

# Reference: https://twitter.com/malwrhunterteam/status/1362067913159630851
# Reference: https://www.virustotal.com/gui/file/56ba4301cb77686a2f050bb20bf5443ce817aa582f63d4f8c76877bc230f328f/detection

bankspray.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1362853473272881155
# Reference: https://www.virustotal.com/gui/file/ff169cffd911225c22760b6e228a5857bd5e85a379b13a506c35be9639d23aa2/detection

dreamseed.info

# Reference: https://twitter.com/pmmkowalczyk/status/1367210739681943552

buguilou.com
contornosdesign.pt
spave.com.pk
weboyal.com
ylem222.com

# Reference: https://twitter.com/danlopgom/status/1367820701789532163
# Reference: https://www.virustotal.com/gui/file/85e2227bac98f2a283470798f9f15d63dc3e8f5d98c71385514603f181aefd83/detection

correos.website
correos.startupinside.net

# Reference: https://twitter.com/malwrhunterteam/status/1370443450487869441
# Reference: https://www.virustotal.com/gui/file/dd679ed92ab85e7b3f6d6b8996f681ba07b8e5afd7cf38a33b4edac38f392f4d/detection

http://154.203.226.182

# Reference: https://twitter.com/malwrhunterteam/status/1374820280636424201
# Reference: https://www.virustotal.com/gui/file/546f93d93d47c422b3193864c872a64f87fabd1dab845eecbf68195c41d35207/detection

http://154.23.55.21

# Reference: https://www.virustotal.com/gui/file/8292218f8d2630c5a03593cebb4899c7e06d4f8afedb9aa3c432b450d9e33b4a/detection

oiwa27enioaa2oinz.top

# Reference: https://www.virustotal.com/gui/file/aaf8de7f4c51e8196d677eb175f67bc614356f3acd01bc6da821fc74d863bf9a/detection

jyrsrydjrtsf0912.top

# Reference: https://www.virustotal.com/gui/ip-address/34.65.156.127/relations

awqwywewfs56843.top
gaweawgeaweg232.top
ghslitvomurjfurepj.top
ghslitvomurjfurfsdhdafhijkvepj.top
ghslitvomurjfurfsdhjkvepj.top
make9019jaion.top
se44syesegs4e3.top

# Reference: https://www.virustotal.com/gui/ip-address/35.199.117.241/relations

ghslitvomurjfurepj.top
lukabukazykasas.top
peskoleonido9201.top

# Reference: https://twitter.com/malwrhunterteam/status/1377022272926519306
# Reference: https://twitter.com/malwrhunterteam/status/1377377262404657154
# Reference: https://twitter.com/malwrhunterteam/status/1380255616376184835
# Reference: https://www.virustotal.com/gui/ip-address/198.187.29.144/relations
# Reference: https://www.virustotal.com/gui/ip-address/68.65.120.237/relations
# Reference: https://www.virustotal.com/gui/file/ae9208fd8c3e5170c3cb32df36c9f8596c4acd2fdebb7f98decd13583f26f0b5/detection
# Reference: https://www.virustotal.com/gui/file/5e816b8f4c0df1d6f1bd409988658f40416de7d7333b6776a64ce66fb41fcadb/detection

antivirusmc.xyz
apkchrome.xyz
browserchrome.xyz
chrome2apk.xyz
chrome3apk.xyz
chrome4apk.xyz
chromea1k.xyz
chromeapk.xyz
chromeapk5.xyz
chromeapk6.xyz
chromeapk7.xyz
chromeapk8.xyz
chromeapkupdate.xyz
chromebrowser.xyz
chromeeapkk.xyz
chromeupdateantivirus.xyz
chromeupdateapk.xyz
updatechromeapk.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1377563398775447555
# Reference: https://twitter.com/LukasStefanko/status/1377574453220114432
# Reference: https://twitter.com/NtSetDefault/status/1377654475507302401
# Reference: https://www.virustotal.com/gui/file/be3d8500df167b9aaf21c5f76df61c466808b8fdf60e4a7da8d6057d476282b6/detection

134.209.66.184:5000
atualservicenovo.hopto.org
modulo-gatewayzzz-com-br.umbler.net

# Reference: https://twitter.com/malwrhunterteam/status/1379513330633691153
# Reference: https://twitter.com/bl4ckh0l3z/status/1379715519553622019
# Reference: https://www.virustotal.com/gui/file/2e403d7dfbf9641dd9d54cab50b06bbc8a09aeeafa5a4b824a79750befbefe74/detection

api.88888.pm
rtmp.5555577777.cn
tiktok.tf

# Reference: https://twitter.com/malwrhunterteam/status/1382676216893804547
# Reference: https://www.virustotal.com/gui/file/9e0383ce956c1a31c44367d6886dc36d7e036771b6351082567a9e434cc1018d/detection

http://139.177.192.54

# Reference: https://twitter.com/malwrhunterteam/status/1382712585557016581
# Reference: https://www.virustotal.com/gui/file/7a392dea26a6482842a1b14b3d5fb3e0a138eba7cd8c18146758bb4c2021c3e4/detection

http://139.177.193.252

# Reference: https://twitter.com/malwrhunterteam/status/1384025728128229381
# Reference: https://www.virustotal.com/gui/file/eeec5a484623068336306c6dfa696981b87048ac9e37bdc14e21beca8ef6eecd/detection
# Reference: https://www.virustotal.com/gui/file/be1ea062a9496d469fc6b6579644db325d278f97ec5091777ce90b519789645b/detection

http://103.81.169.137
http://154.194.3.236
103.81.169.137:6001
154.194.3.236:6001
magicpro.xyz
/spy/Sync?imei=
/spy/uploadMobileInfo

# Reference: https://www.virustotal.com/gui/ip-address/142.91.115.180/relations
# Reference: https://www.virustotal.com/gui/domain/m.anyhall.com/relations
# Reference: https://www.virustotal.com/gui/file/28073e582a4374651de45479b4ba509d028cad636352ec99fb49a9e474b688d5/detection

142.91.115.180:8855
m.anyhall.com

# Reference: https://twitter.com/malwrhunterteam/status/1385925206477361154
# Reference: https://www.virustotal.com/gui/file/cb534251500fc47ac910f82ee40ddfd5657b60727af2d5178d85e19948b3d576/detection

hd-freepornvideos.club

# Reference: https://www.virustotal.com/gui/file/4b098f9f68d5f21a7ea9e23d1a3c730714abb4246f929074f7980493d0c37d09/detection

kassandra.fun
sonaspection.ru

# Reference: https://twitter.com/malwrhunterteam/status/1389255478266548224
# Reference: https://www.virustotal.com/gui/file/e911c7b36dd45be7c5e2443fe048e89c93bf057a769bf274830bd057363187be/detection

http://167.99.177.19

# Reference: https://www.virustotal.com/gui/file/b42c476a09d95582247f1e0fdae17670c6b96f5192e310b0e40121ef79755a43/detection

156.234.25.53:7788

# Reference: https://www.virustotal.com/gui/file/dfdf94f829ee1cd42da43553bad0bbea90141ed655076f73af4b02a6e9369bf2/detection

156.234.25.181:7788

# Reference: https://www.virustotal.com/gui/file/ac858a30302591b82e2417c5d60484ca4a9065974425506a03cdfc4d4b41a8a7/detection

156.234.25.249:7788

# Reference: https://twitter.com/malwrhunterteam/status/1391818475195219971
# Reference: https://www.virustotal.com/gui/file/df096b2fd6b09f2cabc7d5eedb0497058831c08d1f746f91df43bfe1d2d561b9/detection

103.40.163.75:9090
koreabam21.com

# Reference: https://twitter.com/malwrhunterteam/status/1397510362598084610
# Reference: https://www.virustotal.com/gui/file/1ab363d46c6e511bcce08c0c4dc702ceaf602ac8eef2a6663b47a4c60cb179d5/detection
# Reference: https://www.virustotal.com/gui/file/2e708e464074aed4242fb8cc3d93a16ff5ed724c33da6e45e002c3c8c30fa053/detection

172.104.133.201:20027
sock.godforgiveuss.live
socktest.ankatras.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1394401728372559872

contratacionesbarcelo.com

# Reference: https://www.virustotal.com/gui/file/cc5c5128939aa43d6ebb661e846ed0e18fcbad4273595244a03fee42607c51dd/detection

http://103.249.104.120
103.249.104.120:9090

# Reference: https://twitter.com/malwrhunterteam/status/1399444793747456006
# Reference: https://www.virustotal.com/gui/file/c3c3550938850cb8571e7ea69158559fd859f81e5640a2706284148ceee4ae97/detection

http://154.208.162.197

# Reference: https://twitter.com/malwrhunterteam/status/1402637471683330050
# Reference: https://www.virustotal.com/gui/file/14f4cd43cc995800f3feea4c7ebaa0e6f550ca84c18dbd103290b90d3405425b/detection

http://185.220.103.7
185.220.103.7:443 
185.220.103.7:7777

# Reference: https://www.virustotal.com/gui/file/ce9e9c7e45d8abee3dce73c1cf7389b9eeafbf0d8eb32aaf10c5cb4c7301745f/detection

156.234.25.93:7788

# Reference: https://www.virustotal.com/gui/file/88a311f0f359e231b36c4f71a17242540e4476e6047b8b96e38d12473c50d316/detection

156.234.25.58:7788

# Reference: https://twitter.com/malwrhunterteam/status/1403302055352188930
# Reference: https://www.virustotal.com/gui/file/a12d3f74deff9a214fb7c686f20c4ff8adcca6a9f9d283eed02d84c07a93ee0d/detection

secyrecontrolremontepanel.xyz

# Generic

/get_sms?money=
/nhcapital9/
/nhcaptn9/

# APK

/Госуслуги.apk
/1SexChat.apk
/2040TL.apk
/4Android-System_obscure_super_super_encrypt2_flow signed.apk
/4.5GLte%20CV3.4%20signed.apk
/5G.apk
/Actualizar.apk
/Actualizar-5G.apk
/Adobe-Pdf.apk
/Adobe_Flash_2020v21113.apk
/Adobe_Flash_2020v21711.apk
/and22roidupdatefoora677lversionssystemapkforllalversioonsgog34ogleupdatev9.apk
/AndroidUpdate_m4xz3mncgwn5fe6fivlp1x0yuojo6dn9gry8zg1c.apk
/ANZ_Protection_v2.apk
/Assistenzaclienti.apk
/Avito.apk
/AvitoMoney.apk
/BanCa26.apk
/BanCa28.apk
/bankguard.apk
/bankiasegura-1_enStr.apk
/bankkart.apk
/Barcelo%20Contrataciones.apk
/BILDIRIM.apk
/blinefm.apk
/Captchator.apk
/ccbbank.apk
/ChatSexvokrug.apk
/cloakerfast.apk
/Copia%20de%20Milanuncios.apk
/Coreeos4.5.10.apk
/Coreeos4.5.3.apk
/Correos244.apk
/Correos968.apk
/Correos2.17.15.apk
/Correos2.24.11.apk
/Correos2.24.12.apk
/Correos2.24.13.apk
/Correos2.24.14.apk
/Correos2.24.15.apk
/Correos2.24.9.apk
/Correos4.26.2.apk
/Correos455.apk
/Correos700.apk
/Correos831.apk
/crackturkey.apk
/CWB-4523576.PDF.apk
/icbcbank.apk
/DHL.apk
/EarnMoney_wa_3011.apk
/EBA.apk
/ebasistem.apk
/entel4GLTE.apk
/eugene.apk
/flashplayer_update_23.4.2.apk
/flashplayer_update11_5_1.apk
/FLPlayer.apk
/GoogleUpdate.apk
/facebook_version.0348.5345.3423.apk
/hadibakalm.apk
/halkkampanya.apk
/hana.apk
/hatatatat.apk
/HayatEveSigar.apk
/Instagram_shared_2020v27904.apk
/kakaobank.apk
/KasperskyAntivirus.apk
/KBANK.apk
/KBbank.apk
/koreabam.apk
/Liberomail.apk
/lotte.apk
/mgbank.apk
/MicrosoftWord.apk
/nhbank.apk
/nhc2.0.apk
/ok.apk
/parler_update.apk
/play%20protect.apk
/Prototipo_Segurança.apk
/Purolator.apk
/Rastreador.apk
/Reklam_engelleyici.apk
/royalfashion.apk
/sadsadfasf.apk
/safe.apk
/sal1000tl.apk
/Santander_Certificado.apk
/sasala.apk
/sbibank.apk
/scoins.apk
/secureapp.apk
/shinvest2.0.apk
/shsaving2.0.apk
/Sparkasse_Chrome_AntiVirus.apk
/tiktok.apk
/TRENDYOL.apk
/Update11.7.apk
/UpdateFlashPlayer_0g1t15jph0s85djlqye0msgvj22uw4jzleef6860.apk
/UpdateGoogleMarket_bbakwsw9zvyipi9uj7zkmsipch0umpetepv66hfj.apk
/UpdateWhatsApp_cka9bubxmlrkvhzy2msu5o8tjwh7db34p8va9voo.apk
/UPS101.apk
/UPS449.apk
/vatandaso.apk
/versionnew.apk
/vizualizarpedido30543.apk
/vn84app.apk
/Wooriib2.0.apk
/YZXL_14557.apk
/YZXL_14558.apk
/YZXL_14559.apk
/YZXL_14560.apk
/YZXL_14561.apk
/YZXL_14562.apk
/YZXL_14563.apk
/YZXL_14564.apk
/YZXL_14565.apk
/YZXL_14566.apk
/YZXL_14567.apk
/YZXL_14568.apk
/YZXL_14569.apk
/YZXL_14570.apk
/YZXL_14571.apk
/YZXL_14572.apk
/YZXL_14573.apk
/YZXL_14574.apk
/YZXL_14575.apk
/YZXL_14576.apk
/YZXL_14577.apk
/YZXL_14578.apk
/YZXL_14579.apk
/YZXL_14580.apk
/YZXL_14581.apk
/YZXL_14582.apk
/YZXL_14583.apk
/YZXL_14584.apk
/YZXL_14585.apk
/YZXL_14586.apk
/YZXL_14587.apk
/YZXL_14588.apk
/YZXL_14589.apk
/YZXL_14590.apk
/YZXL_14591.apk
/YZXL_14592.apk
/YZXL_14621.apk
/YZXL_14622.apk
/YZXL_14623.apk
/YZXL_14624.apk
/YZXL_14625.apk
/YZXL_14661.apk
/YZXL_14662.apk
/YZXL_14663.apk
/YZXL_14669.apk
/YZXL_14670.apk
/YZXL_14671.apk
/YZXL_14672.apk
/YZXL_14673.apk
/YZXL_14674.apk
/YZXL_14675.apk
/YZXL_14676.apk
/YZXL_14677.apk
/YZXL_14678.apk
/YZXL_14679.apk
/YZXL_14680.apk
/YZXL_14681.apk
/YZXL_14682.apk
/YZXL_14683.apk
/YZXL_14689.apk
/YZXL_14690.apk
/YZXL_14691.apk
/YZXL_14692.apk
/YZXL_14693.apk
/YZXL_14694.apk
/YZXL_14695.apk
/YZXL_14696.apk
/YZXL_14697.apk
/YZXL_14698.apk
/YZXL_14709.apk
/YZXL_14710.apk
/YZXL_14711.apk
/YZXL_14712.apk
/YZXL_14713.apk
/YZXL_14715.apk
/YZXL_14716.apk
/YZXL_14717.apk
/YZXL_14718.apk
/YZXL_14719.apk
/YZXL_14720.apk
/YZXL_14721.apk
/YZXL_14722.apk
/YZXL_14723.apk
/YZXL_14724.apk
/YZXL_14725.apk
/YZXL_14726.apk
/YZXL_14727.apk
/YZXL_14728.apk
/YZXL_14729.apk
/YZXL_14730.apk
/YZXL_14731.apk
/YZXL_14732.apk
/YZXL_14733.apk
/YZXL_14734.apk
/YZXL_14735.apk
/YZXL_14736.apk
/YZXL_14737.apk
/YZXL_14738.apk
/YZXL_14739.apk
/YZXL_14740.apk
/YZXL_14741.apk
/YZXL_14742.apk
/YZXL_14743.apk
/YZXL_14744.apk
/YZXL_14752.apk
/YZXL_14753.apk
/YZXL_14754.apk
/YZXL_14755.apk
/YZXL_14756.apk
/YZXL_14757.apk
/YZXL_14758.apk
/YZXL_14759.apk
/YZXL_14760.apk
/YZXL_14761.apk
/YZXL_14785.apk
/YZXL_14786.apk
/YZXL_14787.apk
/YZXL_14788.apk
/YZXL_14789.apk
/YZXL_14790.apk
/YZXL_14791.apk
/YZXL_14792.apk
/YZXL_14793.apk
/YZXL_14794.apk
/YZXL_14795.apk
/YZXL_14796.apk
/YZXL_14797.apk
/YZXL_14798.apk
/YZXL_14799.apk
/YZXL_14800.apk
/YZXL_14801.apk
/YZXL_14802.apk
/YZXL_14803.apk
/YZXL_14804.apk
/YZXL_14805.apk
/YZXL_14806.apk
/YZXL_14807.apk
/YZXL_14808.apk
/YZXL_14809.apk
/YZXL_14811.apk
/YZXL_14812.apk
/YZXL_14813.apk
/YZXL_14814.apk
/YZXL_14815.apk
/YZXL_14816.apk
/YZXL_14817.apk
/YZXL_14818.apk
/YZXL_14819.apk
/YZXL_14820.apk
/YZXL_14821.apk
/YZXL_14822.apk
/YZXL_14855.apk
/YZXL_14856.apk
/YZXL_14857.apk
/YZXL_14858.apk
/YZXL_14859.apk
/YZXL_14873.apk
/YZXL_14874.apk
/YZXL_14875.apk
/YZXL_14876.apk
/YZXL_14877.apk
/YZXL_14878.apk
/YZXL_14879.apk
/YZXL_14880.apk
/YZXL_14881.apk
/YZXL_14882.apk
/YZXL_14883.apk 
/YZXL_14884.apk 
/YZXL_14885.apk 
/YZXL_14886.apk 
/YZXL_14887.apk 
/YZXL_14888.apk 
/YZXL_14910.apk
/YZXL_14911.apk
/YZXL_14912.apk
/YZXL_14913.apk
/YZXL_14914.apk
/YZXL_14915.apk
/YZXL_14916.apk
/YZXL_14917.apk
/YZXL_14918.apk
/YZXL_14919.apk
/YZXL_14920.apk
/YZXL_14921.apk
/YZXL_14922.apk
/YZXL_14923.apk
/YZXL_14924.apk
/YZXL_14925.apk
/YZXL_14926.apk
/YZXL_14927.apk
/YZXL_14928.apk
/YZXL_14929.apk
/YZXL_15028.apk
/YZXL_15029.apk
/YZXL_15030.apk
/YZXL_15031.apk
/YZXL_15032.apk
/YZXL_15033.apk
/YZXL_15065.apk
/YZXL_15066.apk
/YZXL_15067.apk
/YZXL_15068.apk
/YZXL_15069.apk
/YZXL_15070.apk
/YZXL_15071.apk
/YZXL_15072.apk
/YZXL_15075.apk
/YZXL_15076.apk
/YZXL_15077.apk
/YZXL_15078.apk
/YZXL_15079.apk
/YZXL_15080.apk
/YZXL_15082.apk
/YZXL_15083.apk
/YZXL_15084.apk
/YZXL_15085.apk
/YZXL_15086.apk
/YZXL_15105.apk
/YZXL_15106.apk
/YZXL_15107.apk
/YZXL_15108.apk
/YZXL_15109.apk
/YZXL_15110.apk
/YZXL_15111.apk
/YZXL_15112.apk
/YZXL_15113.apk
/YZXL_15114.apk
/YZXL_15480.apk
/YZXL_15481.apk
/YZXL_15482.apk
/YZXL_15483.apk
/YZXL_15484.apk
/YZXL_15485.apk
/YZXL_15486.apk
/YZXL_15487.apk
/YZXL_15488.apk
/YZXL_15489.apk
/YZXL_15490.apk
/YZXL_15491.apk
/YZXL_15492.apk
/YZXL_15493.apk
/YZXL_15494.apk
/YZXL_15495.apk
/YZXL_15496.apk
/YZXL_15497.apk
/YZXL_15498.apk
/YZXL_15499.apk
/YZXL_15518.apk
/YZXL_15519.apk
/YZXL_15520.apk
/YZXL_15521.apk
/YZXL_15522.apk
/YZXL_15523.apk
/YZXL_15524.apk
/YZXL_15525.apk
/YZXL_15526.apk
/YZXL_15527.apk
/YZXL_15528.apk
/YZXL_15529.apk
/YZXL_15530.apk
/YZXL_15531.apk
/YZXL_15532.apk
/YZXL_15533.apk
/YZXL_15534.apk
/YZXL_15535.apk
/YZXL_15536.apk
/YZXL_15537.apk
/YZXL_15863.apk
/YZXL_15864.apk
/YZXL_15865.apk
/YZXL_15866.apk
/YZXL_15867.apk
/YZXL_15868.apk
/YZXL_15869.apk
/YZXL_15870.apk
/YZXL_15871.apk
/YZXL_15872.apk
/YZXL_15873.apk
/YZXL_15874.apk
/YZXL_15875.apk
/YZXL_15876.apk
/YZXL_15877.apk
/YZXL_15899.apk
/YZXL_15900.apk
/YZXL_15901.apk
/YZXL_15902.apk
/YZXL_15903.apk
/YZXL_15904.apk
/YZXL_15905.apk
/YZXL_15906.apk
/YZXL_15907.apk
/YZXL_15908.apk
/YZXL_15909.apk
/YZXL_15910.apk
/YZXL_15911.apk
/YZXL_15912.apk
/YZXL_15913.apk
/YZXL_15914.apk
/YZXL_15915.apk
/YZXL_15916.apk
/YZXL_15917.apk
/YZXL_15918.apk
/YZXL_15949.apk
/YZXL_15950.apk
/YZXL_15958.apk
/YZXL_15959.apk
/YZXL_15960.apk
/YZXL_15961.apk
/YZXL_15962.apk
/YZXL_15963.apk
/YZXL_15964.apk
/YZXL_15965.apk
/YZXL_15966.apk
/YZXL_15967.apk
/YZXL_15968.apk
/YZXL_15969.apk
/YZXL_15970.apk
/YZXL_16069.apk
/YZXL_16070.apk
/YZXL_16071.apk
/YZXL_16072.apk
/YZXL_16073.apk
/YZXL_16074.apk
/YZXL_16075.apk
/YZXL_16076.apk
/YZXL_16077.apk
/YZXL_16078.apk
/YZXL_16171.apk
/YZXL_16172.apk
/YZXL_16173.apk
/YZXL_16174.apk
/YZXL_16175.apk
/YZXL_16178.apk
/YZXL_16179.apk
/YZXL_16180.apk
/YZXL_16181.apk
/YZXL_16182.apk
/YZXL_16183.apk
/YZXL_16184.apk
/YZXL_16185.apk
/YZXL_16186.apk
/YZXL_16187.apk
/YZXL_16188.apk
/YZXL_16189.apk
/YZXL_16190.apk
/YZXL_16193.apk
/YZXL_16232.apk
/YZXL_16233.apk
/YZXL_16234.apk
/YZXL_16235.apk
/YZXL_16236.apk
/YZXL_16237.apk
/YZXL_16238.apk
/YZXL_16239.apk
/YZXL_16240.apk
/YZXL_16241.apk
/YZXL_16358.apk
/YZXL_16359.apk
/YZXL_16360.apk
/YZXL_16361.apk
/YZXL_16362.apk
/YZXL_16363.apk
/YZXL_16364.apk
/YZXL_16365.apk
/YZXL_16366.apk
/YZXL_16367.apk
/YZXL_16368.apk
/YZXL_16369.apk
/YZXL_16370.apk
/YZXL_16371.apk
/YZXL_16372.apk
/YZXL_16373.apk
/YZXL_16374.apk
/YZXL_16375.apk
/YZXL_16376.apk
/YZXL_16377.apk
/YZXL_16378.apk
/YZXL_16379.apk
/YZXL_16380.apk
/YZXL_16381.apk
/YZXL_16382.apk
/YZXL_16383.apk
/YZXL_16384.apk
/YZXL_16385.apk
/YZXL_16386.apk
/YZXL_16387.apk
/YZXL_16388.apk
/YZXL_16389.apk
/YZXL_16390.apk
/YZXL_16391.apk
/YZXL_16392.apk
/YZXL_16393.apk
/YZXL_16394.apk
/YZXL_16395.apk
/YZXL_16396.apk
/YZXL_16397.apk
/YZXL_16398.apk
/YZXL_16399.apk
/YZXL_16400.apk
/YZXL_16401.apk
/YZXL_16402.apk
/YZXL_16403.apk
/YZXL_16404.apk
/YZXL_16405.apk
/YZXL_16406.apk
/YZXL_16407.apk
/YZXL_16423.apk
/YZXL_16424.apk
/YZXL_16425.apk
/YZXL_16426.apk
/YZXL_16427.apk
/YZXL_16428.apk
/YZXL_16429.apk
/YZXL_16430.apk
/YZXL_16431.apk
/YZXL_16432.apk
/YZXL_16433.apk
/YZXL_16434.apk
/YZXL_16435.apk
/YZXL_16436.apk
/YZXL_16437.apk
/YZXL_16438.apk
/YZXL_16439.apk
/YZXL_16440.apk
/YZXL_16441.apk
/YZXL_16457.apk
/YZXL_16458.apk
/YZXL_16459.apk
/YZXL_16460.apk
/YZXL_16461.apk
/YZXL_16462.apk
/YZXL_16463.apk
/YZXL_16464.apk
/YZXL_16465.apk
/YZXL_16466.apk
/YZXL_16467.apk
/YZXL_16468.apk
/YZXL_16469.apk
/YZXL_16470.apk
/YZXL_16471.apk
/YZXL_16488.apk
/YZXL_16489.apk
/YZXL_16490.apk
/YZXL_16491.apk
/YZXL_16492.apk
/YZXL_16493.apk
/YZXL_16494.apk
/YZXL_16495.apk
/YZXL_16496.apk
/YZXL_16497.apk
/YZXL_16498.apk
/YZXL_16499.apk
/YZXL_16500.apk
/YZXL_16501.apk
/YZXL_16502.apk
