# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.welivesecurity.com/2019/07/29/android-ransomware-back/

rich7.xyz
wevx.xyz

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2017/2017-07-07-leakerlocker-mobile-ransomware-acts-without-encryption/leakerlocker-mobile-ransomware-acts-without-encryption.csv

goupdate.bid
updatmaster.top

# Reference: https://www.virustotal.com/gui/file/5648e9d7dd6d221538b531bc9c344c4e9793731e7ead56d2a41324c3e3e6cdc6/detection

149.28.14.103:2222

# Reference: https://twitter.com/malwrhunterteam/status/1253776019775016961
# Reference: https://www.virustotal.com/gui/file/83028bc2bf977754b50d3a22ba9dad6a523e29c3238b0b28ff0e15ebd736489f/detection

extrapooo.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1267862152209203200
# Reference: https://www.virustotal.com/gui/file/4a87338c443a93b51bde7562b6f05dd27f029e3b873c33ad92b01dd219e88ea5/detection

balancetonflic.alwaysdata.net
/addslave.php

# Reference: https://www.virustotal.com/gui/file/cad42bd864e33717558266be358e6e05075c889a2e18c963d521bbe048fb4dde/detection

101.15.222.90:8953

# Reference: https://twitter.com/ReBensk/status/1275329926602915850
# Reference: https://twitter.com/LukasStefanko/status/1275711062290161669
# Reference: https://www.welivesecurity.com/2020/06/24/new-ransomware-uses-covid19-tracing-guise-target-canada-eset-decryptor/ (# CryCryptor)

covid19tracer.ca
tracershield.ca

# Reference: https://twitter.com/malwrhunterteam/status/1286231546148589569
# Reference: https://blog.malware-unboxing.tech/2020/07/analysis-of-dcry-ransomware.html
# Reference: https://www.virustotal.com/gui/file/cf071549df9491cb2e87396f5315e3e39e145ca9858fc510508cdaaf5e69546a/detection

arefy.net/addslave.php

# Reference: https://www.virustotal.com/gui/file/2456f3762cb6e757a37283a5e4f30371b9e680b090a259aab8a99bb6cb1a17fa/detection
# Reference: https://www.virustotal.com/gui/file/5e00a36e45bc5afbb5992312bedb714d01d9a770b66cfa5527859afda0f0beae/detection

g.bannerbroker.org
g.biggeekpanel.org

# Reference: https://www.virustotal.com/gui/file/6ad348b5e41932b85771f55a4531cb59c2ad985e3d6aa81d0d5f912b121177cb/detection
# Reference: https://www.virustotal.com/gui/file/107060643d120f8019086576a873533850f9bf45b227df068d14c0446d536c19/detection
# Reference: https://www.virustotal.com/gui/file/3b057013749d654d3ee1c6a68744b5466a4b1b6b9bca4b230999556f3be2e4c5/detection
# Reference: https://www.virustotal.com/gui/file/eafde7edf46a134c6212e37668179cbdbdb0412cbc05e236b237bf05e479b14a/detection
# Reference: https://www.virustotal.com/gui/file/062b3b180cc3390c1b3a179259374d46c8705e30c522721389b19f067dcbb720/detection
# Reference: https://www.virustotal.com/gui/file/55bc80c31fa4520c584026a8caaff7d3a3378e9f4cdb7784f59541b59138e075/detection
# Reference: https://twitter.com/bl4ckh0l3z/status/1312794353493069824

217.107.219.160:1081
http://217.107.219.160
bomsbons.ru
egfbf.ru
freexe.ru
locktop.ru
sasambuka.ru
sexmet.ru
skmvdrk.ru
srtue.ru

# Reference: https://www.virustotal.com/gui/file/6fecf60e593221ec8ee0bbb8ea9136779ffd45466596144aafa1e53ee5913422/detection

blockschain.great-site.net

# Reference: https://twitter.com/malwrhunterteam/status/1314846396818903041
# Reference: https://www.virustotal.com/gui/file/975a599eff3947322e1f5bef88b244d9c920eb592c9ce4b25924bfbd8c44dc43/detection

62.78.143.35:24387
hyppy.hopto.org

# Reference: https://www.virustotal.com/gui/file/abd8276355c562c21cbfd1d1e1d34d787d4046ae3533d7e5ee473ad8b1c8c4f4/detection
# Reference: https://www.virustotal.com/gui/file/07958ad195d15d9222227aebdbfed386210b8172717bcee635bc17f3c7448a36/detection
# Reference: https://www.virustotal.com/gui/file/a62be8827a7444c42d92b41bbf0fe8c9c1dfc7734a286db2e1917fc136d0a606/detection
# Reference: https://www.virustotal.com/gui/file/39b83d10ba249aa78714254ec015855f32cc8c624cf8b331ea5d6ba844f1ad12/detection
# Reference: https://www.virustotal.com/gui/file/062a1905a6f6118d151b9ef0977aafd84853e98b7c9c1d47d616ceadb63c1753/detection
# Reference: https://www.virustotal.com/gui/file/2530dfa86db84403af2865cf92013d9064a9a29bada97d18d36590f2be8be6fb/detection

tesex.ru

# Reference: https://twitter.com/sh1shk0va/status/1338999532701577216
# Reference: https://twitter.com/huntingneo/status/1338536403966316551

cyberpunk2077mobile.com

# Reference: https://twitter.com/malwrhunterteam/status/1358148518876229633
# Reference: https://www.virustotal.com/gui/file/4ba553d10ee8d711ee81c402488113d30d32ba06cae5961418e742fab3367204/detection

ocurso-1.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/12b7f32b76929f56e486fbbe70cf275705c490c8dd50d1cb3e9f735b8c074013/detection

185.82.217.154:6666
rfvgy.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1359404206021636097
# Reference: https://www.virustotal.com/gui/file/29601a98e8394d14c0822b69e2e561e44524ded687ae062b6f1bbe98efb63678/detection

bombert.ru

# Reference: https://www.virustotal.com/gui/file/00f26dc437a9458a76fd160e947946904a1f6f76f5a25809b80ce5730e1005cf/detection

kzfmvd.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.212.130.105/relations

htrdtg.ru
lcllk.ru
mmdemka.ru

# Reference: https://www.virustotal.com/gui/file/69e05517bc4dd40df6e119e8b97be3e3baa87965e341e006c34323e9e86e9883/detection
# Reference: https://www.virustotal.com/gui/file/668e8a6f5b08f45bc2b088bf5c27e66ccddcbe651b1f7b995298fbd27b636beb/detection
# Reference: https://www.virustotal.com/gui/file/faa01068c77a15fb16f13768efb4fb092b5bb7baac949887b5176b5f6b86915e/detection
# Reference: https://www.virustotal.com/gui/file/6dee5a64f1267e0a2059359ea864f0ecaff548745db24855e00113c387339200/detection

fanfarasa.ru
hystrav.ru
rksupport.ru
smartsystems.su
zipfail.ru

# Reference: https://www.virustotal.com/gui/file/50062e81a608a33f1ddccf838540ea58ad8f2875f038ebde8c520ab5894b4592/detection

zoal.myftp.org

# Reference: https://twitter.com/malwrhunterteam/status/1379877366764277767
# Reference: https://www.virustotal.com/gui/file/1da238ca303dd1f6863b1e8699224dba5669bdd9f95a23b2dabf2d13d83a1fdd/detection

91.109.184.5:1196
aldaet.dvrcam.info

# Reference: https://twitter.com/malwrhunterteam/status/1400129123624886280
# Reference: https://www.virustotal.com/gui/file/7204038839b0b2b8b1f54cd9044a389492af2b1e079433316b61ad24601188e9/detection

stealer.ga

# APK

/bjkim.apk
/COVID19%20RANSOM%20PENIPU.apk
/CyberPunk2077Mobile.apk
/ranso-alert-acabacomtudo.apk
/Threema1.apk
/youtubepremium.apk
/자위영상.apk
/vaimransom.apk
