# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.welivesecurity.com/2019/07/29/android-ransomware-back/

rich7.xyz
wevx.xyz

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2017/2017-07-07-leakerlocker-mobile-ransomware-acts-without-encryption/leakerlocker-mobile-ransomware-acts-without-encryption.csv

goupdate.bid
updatmaster.top

# Reference: https://www.virustotal.com/gui/file/5648e9d7dd6d221538b531bc9c344c4e9793731e7ead56d2a41324c3e3e6cdc6/detection

149.28.14.103:2222

# Reference: https://twitter.com/malwrhunterteam/status/1253776019775016961
# Reference: https://www.virustotal.com/gui/file/83028bc2bf977754b50d3a22ba9dad6a523e29c3238b0b28ff0e15ebd736489f/detection

extrapooo.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1267862152209203200
# Reference: https://www.virustotal.com/gui/file/4a87338c443a93b51bde7562b6f05dd27f029e3b873c33ad92b01dd219e88ea5/detection

balancetonflic.alwaysdata.net
/addslave.php

# Reference: https://www.virustotal.com/gui/file/cad42bd864e33717558266be358e6e05075c889a2e18c963d521bbe048fb4dde/detection

101.15.222.90:8953

# Reference: https://twitter.com/ReBensk/status/1275329926602915850
# Reference: https://twitter.com/LukasStefanko/status/1275711062290161669
# Reference: https://www.welivesecurity.com/2020/06/24/new-ransomware-uses-covid19-tracing-guise-target-canada-eset-decryptor/ (# CryCryptor)

covid19tracer.ca
tracershield.ca

# Reference: https://twitter.com/malwrhunterteam/status/1286231546148589569
# Reference: https://blog.malware-unboxing.tech/2020/07/analysis-of-dcry-ransomware.html
# Reference: https://www.virustotal.com/gui/file/cf071549df9491cb2e87396f5315e3e39e145ca9858fc510508cdaaf5e69546a/detection

arefy.net/addslave.php

# Reference: https://www.virustotal.com/gui/file/2456f3762cb6e757a37283a5e4f30371b9e680b090a259aab8a99bb6cb1a17fa/detection
# Reference: https://www.virustotal.com/gui/file/5e00a36e45bc5afbb5992312bedb714d01d9a770b66cfa5527859afda0f0beae/detection

g.bannerbroker.org
g.biggeekpanel.org

# Reference: https://www.virustotal.com/gui/file/6ad348b5e41932b85771f55a4531cb59c2ad985e3d6aa81d0d5f912b121177cb/detection
# Reference: https://www.virustotal.com/gui/file/107060643d120f8019086576a873533850f9bf45b227df068d14c0446d536c19/detection
# Reference: https://www.virustotal.com/gui/file/3b057013749d654d3ee1c6a68744b5466a4b1b6b9bca4b230999556f3be2e4c5/detection
# Reference: https://www.virustotal.com/gui/file/eafde7edf46a134c6212e37668179cbdbdb0412cbc05e236b237bf05e479b14a/detection
# Reference: https://www.virustotal.com/gui/file/062b3b180cc3390c1b3a179259374d46c8705e30c522721389b19f067dcbb720/detection
# Reference: https://www.virustotal.com/gui/file/55bc80c31fa4520c584026a8caaff7d3a3378e9f4cdb7784f59541b59138e075/detection
# Reference: https://twitter.com/bl4ckh0l3z/status/1312794353493069824

217.107.219.160:1081
http://217.107.219.160
bomsbons.ru
egfbf.ru
freexe.ru
locktop.ru
sasambuka.ru
sexmet.ru
skmvdrk.ru
srtue.ru

# Reference: https://www.virustotal.com/gui/file/6fecf60e593221ec8ee0bbb8ea9136779ffd45466596144aafa1e53ee5913422/detection

blockschain.great-site.net

# Reference: https://twitter.com/malwrhunterteam/status/1314846396818903041
# Reference: https://www.virustotal.com/gui/file/975a599eff3947322e1f5bef88b244d9c920eb592c9ce4b25924bfbd8c44dc43/detection

62.78.143.35:24387
hyppy.hopto.org

# Reference: https://www.virustotal.com/gui/file/abd8276355c562c21cbfd1d1e1d34d787d4046ae3533d7e5ee473ad8b1c8c4f4/detection
# Reference: https://www.virustotal.com/gui/file/07958ad195d15d9222227aebdbfed386210b8172717bcee635bc17f3c7448a36/detection
# Reference: https://www.virustotal.com/gui/file/a62be8827a7444c42d92b41bbf0fe8c9c1dfc7734a286db2e1917fc136d0a606/detection
# Reference: https://www.virustotal.com/gui/file/39b83d10ba249aa78714254ec015855f32cc8c624cf8b331ea5d6ba844f1ad12/detection
# Reference: https://www.virustotal.com/gui/file/062a1905a6f6118d151b9ef0977aafd84853e98b7c9c1d47d616ceadb63c1753/detection
# Reference: https://www.virustotal.com/gui/file/2530dfa86db84403af2865cf92013d9064a9a29bada97d18d36590f2be8be6fb/detection

tesex.ru

# Reference: https://twitter.com/sh1shk0va/status/1338999532701577216
# Reference: https://twitter.com/huntingneo/status/1338536403966316551

cyberpunk2077mobile.com

# APK

/bjkim.apk
/CyberPunk2077Mobile.apk
/자위영상.apk
