# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.virustotal.com/gui/file/c716c56d401815842120a61140098f9e851d1f79cf4088a56ec6f1b6fd4bad62/detection
# Reference: https://vms.drweb.com/virus/?i=14931549&lng=en
# Reference: https://www.hybrid-analysis.com/sample/5b4cbd92c1cc6f946704b56845f6b3cec8caab2cb73eb9909f07e7e7d7849595?environmentId=200
# Reference: https://blog.naver.com/ian3714/220366680356 (Korean)

http://113.10.136.103
http://220.142.173.138

# Reference: https://twitter.com/malwaretracekr/status/1269636157710585856
# Reference: https://www.virustotal.com/gui/file/09a5deb3219bf3b9b31814e861fc97aa5b29061e8622c31b79fe826eebe6bd63/detection

http://1.174.90.183
avke.tanske.me
tanske.me

# Reference: https://twitter.com/malwaretracekr/status/1271255418791063552

htuto.isng.me
isng.me

# Reference: https://twitter.com/malwaretracekr/status/1273503346523947008

edikopz1.aixdy.com.cn

# Reference: https://twitter.com/malwaretracekr/status/1296215120373149696

peuvnex.wuanvs.me
wuanvs.me

# Reference: https://twitter.com/malwaretracekr/status/1297096410513453056

mn.cjmallhg.cn
cjmallhg.cn

# Reference: https://twitter.com/malwaretracekr/status/1297098257089228800

cc.xcvcdd.vip
xcvcdd.vip

# Reference: https://twitter.com/malwaretracekr/status/1303518419086532608

cjcookid.info

# Reference: https://twitter.com/malwaretracekr/status/1304999127076335618

tn.bklog.ink
bklog.ink

# Reference: https://twitter.com/malwaretracekr/status/1312765858154905601
# Reference: https://www.virustotal.com/gui/file/2beb2a2d594bbef0f152c003502b355d8342057d37e1a00bd138cfca6b65264d/detection

45.128.145.33:8899

# Reference: https://twitter.com/malwaretracekr/status/1314457384484364288
# Reference: https://www.virustotal.com/gui/ip-address/103.13.222.113/relations

http://103.13.222.113
km.maskmkb.info
maskmkb.info

# Reference: https://twitter.com/malwaretracekr/status/1316018657894395904
# Reference: https://www.virustotal.com/gui/file/1ef082e1093d7191317fc66f6e8f027fa404fff4acda9bf502f5c942970fdecf/detection

http://45.131.177.87
hsl4.paociw.me
paociw.me

# Reference: https://twitter.com/malwaretracekr/status/1316921517507284997

gh.easysmm.site
easysmm.site

# Reference: https://twitter.com/malwaretracekr/status/1317701339548250112

n.wsdyt.ren
wsdyt.ren

# Reference: https://twitter.com/malwaretracekr/status/1318437666229112832

xsziop.tmyds.xyz
tmyds.xyz

# Reference: https://twitter.com/malwaretracekr/status/1319633694303293440

sxi1.svipg.xyz
svipg.xyz

# Reference: https://twitter.com/malwaretracekr/status/1321400280047513600

tmqh.eklcu.xyz
eklcu.xyz

# Reference: https://twitter.com/malwaretracekr/status/1321423819811090433

voinxc1.voinxc.xyz
voinxc.xyz

# Reference: https://twitter.com/malwaretracekr/status/1321707594491273216

fe.ihjkljkl.site
ihjkljkl.site

# Reference: https://twitter.com/malwaretracekr/status/1321816802297479169

ukcgyse9.qsjrk.xyz
qsjrk.xyz

# Reference: https://twitter.com/malwaretracekr/status/1324603862250975237

wkoxzu34.gkwjd.xyz
gkwjd.xyz

# Reference: https://twitter.com/malwaretracekr/status/1324706392826015744

ruxj.xmoru.me
xmoru.me

# Reference: https://twitter.com/malwaretracekr/status/1325669330135076864

kend.xnoth.me
xnoth.me

# Reference: https://twitter.com/malwaretracekr/status/1325670176956715008

esjl.ebrin.me
ebrin.me

# Reference: https://twitter.com/malwaretracekr/status/1326842245836759043

gky1.bsiyw.me
bsiyw.me

# Reference: https://twitter.com/malwaretracekr/status/1331117613485735937

stt.mamsqe.me
mamsqe.me

# Reference: https://twitter.com/malwaretracekr/status/1337405537583939585

vr.auctios.site
auctios.site

# Reference: https://twitter.com/malwaretracekr/status/1341332054298873860

bolpstu8.krxlp.xyz
krxlp.xyz

# Reference: https://twitter.com/malwaretracekr/status/1343043680492347392
# Reference: https://twitter.com/malwaretracekr/status/1343055891268923392
# Reference: https://www.virustotal.com/gui/ip-address/45.131.177.20/relations
# Reference: https://www.virustotal.com/gui/file/75a593ba4448f90f313c3add833d2b1c3ceae491a37ac1d635037fcca129784f/detection

45.131.177.20:2021
eilwo4.ripaq.me
ripaq.me
n.ydei.group
ydei.group

# Reference: https://twitter.com/malwrhunterteam/status/1341710227780104192
# Reference: https://twitter.com/bl4ckh0l3z/status/1343299380149972996
# Reference: https://www.virustotal.com/gui/file/86f1fd5ea17fad52b8a0c247d464e8fbfd35d8157892816b027fe2eed62b0bd2/detection

123.253.110.85:8899

# Reference: https://twitter.com/malwrhunterteam/status/1365311635099971592
# Reference: https://twitter.com/bl4ckh0l3z/status/1365671448635973633
# Reference: https://www.virustotal.com/gui/file/47cfb949ba578425c348aa4ed8a3d25e0650c9fae58db2d97c2686fb77dc7f8f/detection

123.253.110.241:6988
123.253.110.241:8889

# Reference: https://twitter.com/malwrhunterteam/status/1371908225038229507
# Reference: https://www.virustotal.com/gui/file/d1b04d8140ca4d845446c2b7ace2d1bafa2a4cf3f1065559c8713bb13ad810e1/detection

123.253.110.169:8889

# Reference: https://www.virustotal.com/gui/file/23d969b567c429ac013d608dddc90b2a8e9accd1134361ea91941fdbd2f14ce2/detection
# Reference: https://www.virustotal.com/gui/file/2d4dc144c2c3f8a239ceccaf9597ce46e5509f646fb4d3958d982380109048eb/detection

http://114.24.20.97

# Reference: https://twitter.com/malwaretracekr/status/1344161911118602242

426.tzroc.guru
tzroc.guru

# Reference: https://twitter.com/malwaretracekr/status/1344635995359088645

isdx.ztod.com.cn

# Reference: https://twitter.com/malwaretracekr/status/1344636428261543938

cj-run.xyz

# Reference: https://twitter.com/malwaretracekr/status/1345371152751816706

hion5.navero.space
navero.space

# Reference: https://twitter.com/malwaretracekr/status/1345375575809036293

vuca.ksdf.pw
ksdf.pw

# Reference: https://twitter.com/malwaretracekr/status/1345732047650787328

kr-bus.xyz

# Reference: https://twitter.com/malwaretracekr/status/1346455589220614144

dm.netshodh.info
netshodh.info

# Reference: https://twitter.com/malwaretracekr/status/1347495191687557122

mysuny.xyz

# Reference: https://twitter.com/malwaretracekr/status/1347800155202850817

my-bus.xyz

# Reference: https://twitter.com/malwaretracekr/status/1347839178982133762

sdreams.xyz

# Reference: https://twitter.com/malwaretracekr/status/1349235995540025344

krteuw.me

# Reference: https://twitter.com/malwaretracekr/status/1349648529866690560

exaion.me
oeubc.buzz

# Reference: https://twitter.com/malwaretracekr/status/1349658556543365120

eitjls.co

# Reference: https://twitter.com/malwaretracekr/status/1350368005738295299

ydie.press

# Reference: https://twitter.com/malwaretracekr/status/1350362298481709057

toeuc.guru

# Reference: https://twitter.com/muz_so/status/1351814574165561344

ponvi.space
uionv10.ponvi.space

# Reference: https://twitter.com/malwaretracekr/status/1352150909636075521

kpm.msks.pw
msks.pw

# Reference: https://twitter.com/muz_so/status/1352909545174011905

poinv.space
rovcn2.poinv.space

# Reference: https://twitter.com/malwaretracekr/status/1352988190932561923

drde.uemvu.buzz
uemvu.buzz

# Reference: https://twitter.com/malwaretracekr/status/1352988812251566086
# Reference: https://www.virustotal.com/gui/ip-address/103.148.244.75/relations

kwins.xyz
ragos.xyz
ufits.xyz

# Reference: https://twitter.com/malwaretracekr/status/1352990551352565760
# Reference: https://www.virustotal.com/gui/file/b57d88da797ded50b3da56e22711b7dc3b10f70cdcdff7426d1f97c65681a5cc/detection

http://45.131.177.83
lyum.fixuxg.me
fixuxg.me

# Reference: https://twitter.com/muz_so/status/1353276793726279680

kopn2.uiover.live
uiover.live

# Reference: https://twitter.com/malwaretracekr/status/1353218951463923712

coinozne.com

# Reference: https://twitter.com/malwaretracekr/status/1353395335146557442

shop-o.xyz

# Reference: https://twitter.com/malwaretracekr/status/1354807146387365888

apr.mdus.pw
mdus.pw

# Reference: https://twitter.com/muz_so/status/1355484797020172290

colth.xyz
ufde.colth.xyz

# Reference: https://twitter.com/muz_so/status/1355484709854175234

cixi-bar.web.app

# Reference: https://twitter.com/malwaretracekr/status/1366680087974662144

munjalinb.info
fs.munjalinb.info

# Reference: https://twitter.com/malwrhunterteam/status/1367410100252667906
# Reference: https://www.virustotal.com/gui/file/307eb3e21f421132341b08db353c5289e482c54b3c36abd03869713ad393e5d0/detection

103.159.80.35:8889
http://103.159.80.35

# Reference: https://twitter.com/malwrhunterteam/status/1374820280636424201
# Reference: https://twitter.com/bl4ckh0l3z/status/1374999967551660032
# Reference: https://www.virustotal.com/gui/file/546f93d93d47c422b3193864c872a64f87fabd1dab845eecbf68195c41d35207/detection

103.159.80.85:8779
103.159.80.85:8889

# Reference: https://www.virustotal.com/gui/file/4de20e5e5040ed22824bf89ba963587327569298195e31997382abc7513e27c0/detection

103.159.80.155:8889

# Reference: https://twitter.com/malwrhunterteam/status/1374293451848749059
# Reference: https://www.virustotal.com/gui/file/c709ca9bf91d7dfac8c319b62d53c54be4d039611e3f8f29c7d361f3393de73c/detection

103.159.80.95:5227

# Reference: https://www.virustotal.com/gui/file/0e7788b8980c76bd4ae59ccd88743955f91137c1b0959c6b4a89acd81e097429/detection

123.253.110.17:8889
http://123.253.110.17

# Reference: https://twitter.com/malwaretracekr/status/1381135262412021765

srey.cab

# Reference: https://twitter.com/malwaretracekr/status/1393822176797548544
# Reference: https://www.virustotal.com/gui/file/0fcfe0e7efa1f3151e9ac6e1b723a5e3777c36699a313b64b1ca3c701bbeb9f7/detection

195.85.43.191:82
eovuc.guru
k409.eovuc.guru

# Reference: https://twitter.com/malwaretracekr/status/1395194150652321793
# Reference: https://www.virustotal.com/gui/file/7f75003653eba784067c1c46b9436ae84c7ecca0c29c85d125fd3f3740c6f324/detection

45.81.10.52:9090
gfrt.cloud
ztia.gfrt.cloud

# Generic

/dor000ft.php
/hp_state.php?telnum=
/hp_getsmsblockstate.php?telnum=
/index.php?type=join&telnum=
/index.php?type=receivesms&telnum=

# APK

/app-release.apk
/CJ대한통운 택배V_10.3.33.apk
/CJ대한통운 택배V_11.10.18.apk
