# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://medium.com/csis-techblog/analysis-of-joker-a-spy-premium-subscription-bot-on-googleplay-9ad24f044451

joker2.dolphinsclean.com
beatleslover.com
tb-eu-jet.oss-eu-central-1.aliyuncs.com

# Reference: https://twitter.com/sh1shk0va/status/1184054662003134464
# Reference: https://www.virustotal.com/gui/ip-address/52.77.93.217/relations

23w5338-z.com
beatleslover.com
hyy-2d2.com
kaaryah.com
nichfyy.com
prick-6ey.com
sw7p5-629.com

# Reference: https://twitter.com/ReBensk/status/1217065291320045568

andu-eu.oss-eu-central-1.aliyuncs.com

# Reference: https://research.checkpoint.com/2020/android-app-fraud-haken-clicker-and-joker-premium-dialer/
# Reference: https://www.virustotal.com/gui/ip-address/3.123.204.12/relations

http://3.123.204.12

# Reference: https://twitter.com/ReBensk/status/1232297093802233856

happyyear.top

# Reference: https://twitter.com/ReBensk/status/1246451065970712576

wsbb.oss-eu-central-1.aliyuncs.com

# Reference: https://twitter.com/sh1shk0va/status/1249765927677243393

gplay.oss-eu-west-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1274316961510498306

yehua-online.oss-cn-hangzhou.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1274334502224044032

facebookdata-1301476296.cos.na-ashburn.myqcloud.com

# Reference: https://twitter.com/ReBensk/status/1275443534070296576

wdfoz.oss-eu-central-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1275713835090001922

rockmanpc.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1276806753959763968

http://34.206.171.237
woea.oss-me-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1278016062378987520

etut.oss-me-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1279451409189146624

39200628.oss-me-east-1.aliyuncs.com

# Reference: https://twitter.com/bl4ckh0l3z/status/1278711799001632769

separatesuppliers.live

# Reference: https://www.virustotal.com/gui/file/275dbae90dc9d84782297858b90579a106d4752e0b6e8a7553b86d1d4d8f7f62/detection

http://47.241.2.108

# Reference: https://www.virustotal.com/gui/file/4a9504de927266b9101417e2dc2acf66e2c9e5b3565f64894a6467b0ebeac58f/detection

http://161.117.229.58

# Reference: https://twitter.com/bl4ckh0l3z/status/1280090346840567809
# Reference: https://www.virustotal.com/gui/file/76faf61e374b271d7a818338a4857c2400ff0a2e5864ce1a70e6df04cf8da3a0/detection
# Reference: https://www.virustotal.com/gui/file/901020b4b768fd4382f9d305cce7906b33dd0ce876e28151d760b0311b5e8769/detection

http://161.117.44.212
http://161.117.46.64
http://161.117.48.94
33333333333-1301476296.cos.eu-moscow.myqcloud.com
facebookdata-1301476296.cos.na-ashburn.myqcloud.com

# Reference: https://research.checkpoint.com/2020/new-joker-variant-hits-google-play-with-an-old-trick/

gd-1301476296.cos.na-toronto.myqcloud.com

# Reference: https://twitter.com/ReBensk/status/1281909972683677696

http://161.117.83.26
hardsay.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/bl4ckh0l3z/status/1283788323178373120

http://47.74.179.177

# Reference: https://twitter.com/ReBensk/status/1286642164152311810
# Reference: https://www.virustotal.com/gui/file/198d887f450053630fa40ae0221c794a1ce6733385e6559dae3b9777308803b2/detection

allstars.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/bl4ckh0l3z/status/1287414754496196610

waitalone.oss-ap-southeast-3.aliyuncs.com

# Reference: https://twitter.com/bl4ckh0l3z/status/1287662297465454592
# Reference: https://www.virustotal.com/gui/file/4bc4beccd01a014354c27e2388e87e67ff1d37e5c7a220650d6931ac4fc28b89/detection

hardwarestandards.shop
mobiledevices.icu

# Reference: https://twitter.com/ReBensk/status/1288333955570302976

aisunani.oss-ap-southeast-3.aliyuncs.com

# Reference: https://twitter.com/aazim_here/status/1288440507396493313

narta.oss-me-east-1.aliyuncs.com

# Reference: https://twitter.com/bl4ckh0l3z/status/1288701923974156288

99042.oss-me-east-1.aliyuncs.com

# Reference: https://twitter.com/sh1shk0va/status/1288790256649674752

fbgufra07.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/sh1shk0va/status/1288790529308864512

larkbucket.oss-us-west-1.aliyuncs.com

# Reference: https://twitter.com/bl4ckh0l3z/status/1289412525197467648

bullse.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/bl4ckh0l3z/status/1289831992108789761

reff2355-1301476296.cos.eu-moscow.myqcloud.com

# Reference: https://twitter.com/bl4ckh0l3z/status/1290214936900063232

fdsr234-1301476296.cos.eu-frankfurt.myqcloud.com
gfd3424-1301476296.cos.ap-mumbai.myqcloud.com
hkkg34fd-1301476296.cos.na-siliconvalley.myqcloud.com

# Reference: https://twitter.com/bl4ckh0l3z/status/1290603888991776771

dg1042.oss-eu-central-1.aliyuncs.com
mg420.oss-us-west-1.aliyuncs.com
ydnxy042.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/ni_fi_70/status/1290612822582468613

http://161.117.226.98

# Reference: https://twitter.com/ReBensk/status/1290618344853221376

http://161.117.62.127
http://47.91.99.122
http://47.91.99.17

# Reference: https://twitter.com/bl4ckh0l3z/status/1290655447645663234

gseven.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1291985135936602112

purchasingmanagers.club

# Reference: https://twitter.com/bl4ckh0l3z/status/1292425701925281793

http://54.251.231.73

# Reference: https://twitter.com/bl4ckh0l3z/status/1292908632217210884

forgotten.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1297528634127851533

ruik.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1297909430663684098

http://54.254.62.156

# Reference: https://twitter.com/ReBensk/status/1298846513070829568

jk8681oy.oss-eu-central-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1298891762744909824

were4o5.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1300691596556603392

blackdragon.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1300652965854883840

n47n.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1301027283734585344

blackdragon02.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1301494248550866944

2j1i9uqw.oss-eu-central-1.aliyuncs.com

# Reference: https://twitter.com/sh1shk0va/status/1301963377435181057

http://18.141.129.153

# Reference: https://twitter.com/ReBensk/status/1303917434831876097

proxy48.oss-eu-central-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1309475351572045825
# Reference: https://www.zscaler.com/blogs/security-research/joker-playing-hide-and-seek-google-play
# Reference: https://otx.alienvault.com/pulse/5f6e0a6e075485dddd57a37b

2j1i9uqw.oss-eu-central-1.aliyuncs.com
blackdragon.oss-ap-southeast-5.aliyuncs.com
blackdragon03.oss-ap-southeast-5.aliyuncs.com
fgcxweasqw.oss-eu-central-1.aliyuncs.com
jk8681oy.oss-eu-central-1.aliyuncs.com
laodaoo.oss-ap-southeast-5.aliyuncs.com
n47n.oss-ap-southeast-5.aliyuncs.com
nineth03.oss-ap-southeast-5.aliyuncs.com
proxy48.oss-eu-central-1.aliyuncs.com
rinimae.oss-ap-southeast-5.aliyuncs.com
sahar.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1310417869184946176

successfully.link

# Reference: https://twitter.com/ReBensk/status/1318048542037082114

becomplete.online

# Reference: https://twitter.com/ReBensk/status/1318400566628765696

http://161.117.178.233

# Reference: https://twitter.com/ReBensk/status/1318608437056466944

http://161.117.250.158

# Reference: https://twitter.com/ReBensk/status/1318757468995018752

http://161.117.230.57

# Reference: https://twitter.com/ReBensk/status/1320593911090421760

brickmortar.life

# Reference: https://twitter.com/ReBensk/status/1322789280083808263

idnyss-1301476296.cos.ap-mumbai.myqcloud.com

# Reference: https://twitter.com/ReBensk/status/1327249045513879556

watermile.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1329328104720932865

nqgvyv.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/Cuser07/status/1332623673484689408

firelife.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/sh1shk0va/status/1336482195230380032

icelife.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/sh1shk0va/status/1336651462395490305

satellites.life

# Reference: https://twitter.com/Cuser07/status/1341937502685261826

perper.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/Cuser07/status/1342708478737936384

likeafish.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/Cuser07/status/1343389745372491777

indo-1301476296.cos.ap-mumbai.myqcloud.com

# Reference: https://twitter.com/ReBensk/status/1344988057074683904
# Reference: https://www.virustotal.com/gui/file/781ca10557344f191f53515b2c085a1a5d8331056fa3bf47d622c41c534a13b2/detection

at7kyxx4.net
last2020.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1345268756470145024

http://47.241.106.26
lasomiso.oss-ap-southeast-5.aliyuncs.com
znyym.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1345607922038886400

rainday.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1346343034208747521

http://54.251.231.67

# Reference: https://twitter.com/sh1shk0va/status/1347258704115200002

feeli.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1349959814814724097

jordi.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1349772427685859329

longdistance.live

# Reference: https://twitter.com/ReBensk/status/1352114382151405568
# Reference: https://www.virustotal.com/gui/file/b6058b96e2acb5a3b0bcf699c5f4c4dc740f6bf65b1ceeff07c71c978327a83e/detection

pandaksp.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1352232075189907460

dinners.oss-us-west-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1353601014847348736

comforty.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1356623475075547140

dingz.oss-us-west-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1357608935914565633

rooftop.oss-us-west-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1357630155917729794

sunset.oss-us-west-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1358702595057983490

founde.oss-us-west-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1358706711473790977
# Reference: https://www.virustotal.com/gui/file/aeb60925fd4a8525f76bfce9e39d577c394d0e541bffdbce9707c78818d82f76/detection

fy-2021.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1359045679377575937

skullali.oss-me-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1359073731079852032

aliyuncls.oss-me-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1359070082635231233

lovingu.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1359077052050141185

plantgrowthtracker.oss-cn-zhangjiakou.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1361001345663176704

sungoddess.oss-us-west-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1363373817553293315

andyla.oss-us-west-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1364081572584906753

warriorss.oss-us-west-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1365176741103247367

uiytjjuytr.oss-eu-central-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1365177983149826048

runwa.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1365182302523777032

tool-pdf.oss-me-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1366311466769420292

fronta.oss-us-west-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1366343257014165507

breezea.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1368862009710755841

chenllx-buc.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1368901182358364167

linchen-bucket.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1370277229700124673

biggerone.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1373874229037342721

hwayt.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1376073798768713729

dagmar.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1376072244493873152

giantchameleon.com

# Reference: https://twitter.com/ReBensk/status/1376465936299909120

banca.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1376827979423047681

scanlucky.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1378587175575453703

selct.oss-ap-southeast-2.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1378996591567151107

lwildlifetrust.com

# Reference: https://twitter.com/ReBensk/status/1379809108312788993

wansgo.oss-ap-southeast-5.aliyuncs.com

# Reference: https://github.com/DoctorWebLtd/malware-iocs/blob/master/Android.Joker/README.adoc

ad.mobnv.com
api.lemonmanga.com
gp.fortunnecat.com
router.cutebubblegame.com
welcome.baltergames.com
allinonemessenger.oss-cn-shenzhen.aliyuncs.com
beautypluscamera.oss-ap-northeast-1.aliyuncs.com
cameramx-photovideocamera.oss-cn-wulanchabu.aliyuncs.com
colorrollingicon.oss-cn-huhehaote.aliyuncs.com
deepkeyboardpro.oss-cn-hongkong.aliyuncs.com
funcolortoucheffects.oss-ap-southeast-2.aliyuncs.com
funneymemeemoji.oss-ap-southeast-5.aliyuncs.com
happycolor.oss-ap-northeast-1.aliyuncs.com
happytapping.oss-cn-qingdao.aliyuncs.com
new2021keyboard.oss-ap-south-1.aliyuncs.com
novasdk.oss-cn-beijing.aliyuncs.com
superkeyboard.oss-ap-southeast-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1381533326570229762
# Reference: https://www.virustotal.com/gui/file/3dfd9c6825c816fe0c995942c3c2885c5113084f199de5c1c107cf58c9f2d01b/detection

dsfdbhfg-1301476296.cos.ap-mumbai.myqcloud.com

# Reference: https://twitter.com/ReBensk/status/1381531919356100609
# Reference: https://www.virustotal.com/gui/file/7f5a3921bcaf383ae8812814b1e29dad4f1baddfa0b723cc6e3bdd6c6e6a358a/detection

0402-ppd-dsb.oss-ap-southeast-2.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1382594399712911360
# Reference: https://www.virustotal.com/gui/file/c55a1f0344582b1a4f06199bf2abc2e6cb11c22b18e1c86bbef433ab4b782ef4/detection

languages-mmp.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/m0br3v/status/1224286533487820800

coronavirus.oss-accelerate.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1384373907940016131

dgsxc.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/Someguy19891/status/1385224629396987908

cvnz.oss-us-west-1.aliyuncs.com

# Reference: https://twitter.com/Someguy19891/status/1385282363484033027

vfew.oss-eu-west-1.aliyuncs.com

# Reference: https://twitter.com/Cuser07/status/1340647716930560000

ewr1.vultrobjects.com

# Reference: https://twitter.com/ReBensk/status/1386225948001914883

cjck-image.oss-ap-southeast-3.aliyuncs.com

# Reference: https://twitter.com/Someguy19891/status/1386384566978371585

vbnm.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1386897035484274689

mul4.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1389887507702050817

yutey.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/Someguy19891/status/1389883215477809153

ww44kk-1305586011.cos.na-siliconvalley.myqcloud.com

# Reference: https://twitter.com/ReBensk/status/1392735146235760640

512-1305586011.cos.na-ashburn.myqcloud.com

# Reference: https://twitter.com/ReBensk/status/1394902634641780736

517-1305586011.cos.na-toronto.myqcloud.com

# Reference: https://twitter.com/ReBensk/status/1393133564523257858

dododododo.oss-eu-central-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1393455501514477571

321145512a513-1305586011.cos.na-toronto.myqcloud.com

# Reference: https://twitter.com/ReBensk/status/1393598051697131521

piapia.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1395351832654794759

vvtts.oss-me-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1395983592652623875

haiyawa.oss-eu-central-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1395983811637252096

suanleba.oss-us-west-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1395983726660644872

gapp.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1396334176639459330

misia.oss-ap-southeast-3.aliyuncs.com

# Reference: https://twitter.com/dvjmane19/status/1396568030398746627

buckts.oss-me-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1396718261807435781

sycg.oss-eu-west-1.aliyuncs.com

# Reference: https://twitter.com/dvjmane19/status/1398668479167823874

kullali.oss-us-east-1.aliyuncs.com
wter.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1399041124682006529

new-sk.oss-ap-southeast-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1399210588429946888

517-1305586011.cos.na-toronto.myqcloud.com

# Reference: https://twitter.com/ReBensk/status/1399207089256296454

skullali.oss-me-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1399969639413686273

syracuse-1301476296.cos.ap-mumbai.myqcloud.com

# Reference: https://twitter.com/ReBensk/status/1400131768833822720

tos-1305586011.cos.na-toronto.myqcloud.com

# Reference: https://twitter.com/Someguy19891/status/1400758703603683328

61toolll.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1401057812604588037

automan-1301476296.cos.eu-moscow.myqcloud.com

# Reference: https://twitter.com/ReBensk/status/1401432186096537601

z7f5b2g-1301476296.cos.ap-mumbai.myqcloud.com

# Reference: https://twitter.com/ReBensk/status/1401521422770458626

20210419-1305586011.cos.na-toronto.myqcloud.com

# Reference: https://twitter.com/Someguy19891/status/1403280211093835784

tttlll-1305586011.cos.na-toronto.myqcloud.com

# Reference: https://twitter.com/dvjmane19/status/1404322779554476037

aiyama.oss-eu-west-1.aliyuncs.com

# Reference: https://twitter.com/Someguy19891/status/1405421937753432065
# Reference: https://www.virustotal.com/gui/domain/spotifly.world/detection

spotifly.world

# Reference: https://twitter.com/ReBensk/status/1405754983547502603

tatamm.oss-us-west-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1406241798431797249

tpfl.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1406651189312180225

voicesp.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1406653301978853380

tatamm.oss-us-west-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1407936663662125056

614tls-1305586011.cos.eu-frankfurt.myqcloud.com
dejunior.oss-eu-central-1.aliyuncs.com

# Reference: https://twitter.com/ni_fi_70/status/1409417735889735680

tnd.oss-ap-southeast-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1409427649118621699

02aa-1301476296.cos.eu-moscow.myqcloud.com

# Reference: https://twitter.com/ReBensk/status/1410479298381639682

intherain.oss-us-west-1.aliyuncs.com

# APK

/000166ssshH5.apk
