# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/LukasStefanko/status/1116700836032331778
# Reference: https://koodous.com/apks/71038bed9175e2edfc1b24347e76a192b96845831410a481ace7e601ed65b19e
# Reference: https://www.virustotal.com/gui/file/71038bed9175e2edfc1b24347e76a192b96845831410a481ace7e601ed65b19e/detection

appboxlive.host/wakaji/start.html

# Reference: https://www.welivesecurity.com/2019/05/23/fake-cryptocurrency-apps-google-play-bitcoin/

coinwalletinc.com

# Reference: https://www.symantec.com/blogs/threat-intelligence/unofficial-telegram-app-malicious-sites

/so/Android1S.php
/so/Android2D.php
/so/Android2M.php
/so/Android4A.php
/so/AndroidAF.php
/so/AndroidAL.php
/so/AndroidDL.php
/so/AndroidLS.php
/so/AndroidPA.php
/so/AndroidPC.php
/so/AndroidSH.php

# Reference: https://www.welivesecurity.com/2019/07/19/faceapp-spotlight-scams-emerge/

spinwincash478.pro

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2018/2018-06-28-asiahitgroup-gang-again-sneaks-billing-fraud-apps-onto-google-play/asiahitgroup-gang-again-sneaks-billing-fraud-apps-onto-google-play.csv

vilandsoft.com

# Reference: https://twitter.com/ReBensk/status/1264931130530312194

tnisheng.xyz

# Reference: https://twitter.com/DrStache_/status/1264949410162769920

http://154.209.241.184
http://154.209.241.185
http://154.209.241.186
http://154.209.241.187
http://154.209.241.188

# Reference: https://www.virustotal.com/gui/file/a7bffddcd815055c8e49df6a779503dcad16e6b351a64fcaf24961862b7014f0/detection

brezzamobile.online

# Reference: https://www.virustotal.com/gui/file/012404ebe25adaadd7e9b4b0d1ce6ffce46c62456f97710829c676fb789019a9/detection

btc-unli.tk

# Reference: https://www.virustotal.com/gui/file/774d58de7fc732a3eaac274e6dc454012260d8d111989834ac62e7f90c8dc467/detection

octarine.soxx.us

# Reference: https://twitter.com/ninoseki/status/1353128207923388416
# Reference: https://www.virustotal.com/gui/file/49634208f5fb8bcfc541da923ebc73d7670c74c525a93b147e28d535f4a07bf8/detection

103.85.25.165:7777
165.3.93.6:7777
r10zhzzfvj.feishu.cn

# Reference: https://twitter.com/_bllvck/status/1366439474733924353
# Reference: https://www.virustotal.com/gui/file/d3487ab25a0e2c24996032458ff869eb3743eed39cf7c13e5c1a88084310c718/detection

polkadot-support.com

# Reference: https://www.virustotal.com/gui/file/d2d35805f157b0fe4df0cf5747cab08ba335b9cdc82453ab1a9f6271e8a484fc/detection

paladits.bget.ru

# Reference: https://twitter.com/malwrhunterteam/status/1379883017976614918
# Reference: https://www.virustotal.com/gui/file/c420052c96eff142e3836bd6cbe1ce61d86c23ac7a9b58a4dc81ffef7c98ab34/detection

mobipaisarecharge.com
/Ajax-request/get_mobile_info.php

# Reference: https://research.checkpoint.com/2021/new-wormable-android-malware-spreads-by-creating-auto-replies-to-messages-in-whatsapp/
# Reference: https://otx.alienvault.com/pulse/606e2b839d8204cdd76a5476

netflixwatch.site

# Reference: https://www.virustotal.com/gui/domain/amazingvideos.mobi/relations
# Reference: https://www.virustotal.com/gui/domain/greatestapps.mobi/detection
# Reference: https://www.virustotal.com/gui/file/fa40744c0e49f185b0604f44b7747b1fe5824b58223376d0b9a51451b905d1e5/detection

amazingvideos.mobi
greatestapps.mobi
7.tdslsd.ru
tdslsd.ru

# Reference: https://www.virustotal.com/gui/file/08797ac7926944304b8fae5647a1495aae9b69bb76ee9e052295111beab5042a/detection

zestlark.000webhostapp.com

# Reference: https://twitter.com/Cengiz86035319/status/1391502248962834446

aske-crudo.com
