# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://now.avg.com/pc-malware-that-silently-installs-apps-on-your-android-device

222.186.60.89:1001

# Reference: https://vms.drweb.com/virus/?i=17750684&lng=en
# Reference: https://news.drweb.com/show/?lng=en&i=13108&c=14

androidcloud.org

# Reference: https://research.checkpoint.com/preamo-a-clicker-campaign-found-on-google-play/
# Reference: https://www.virustotal.com/gui/domain/mnexuscdn.com/relations

mnexuscdn.com

# Reference: https://www.zscaler.com/blogs/research/third-party-android-store-sms-trojan

app.in-spicy.com
insidecontentsp.com
incontsmart.com
play4funclub.com
/public/notification/is-active
/app_sms_request_get_number.php
/apps/moboporn/data/device_admin.php

# Reference: https://twitter.com/051R15/status/984704059109093382
# Reference: https://www.virustotal.com/gui/file/932ad38cf5048e20641b27619b72a632b546cffb8f35515ea5200ea194b8fdb2/detection

103.249.31.87:11880
hold.jcgloball.org

# Reference: https://twitter.com/sniko_/status/1136981531870867456

cryptonator.us

# Reference: https://www.symantec.com/security_response/writeup.jsp?docid=2012-072411-4350-99&tabid=2

xxxdroidxxx.net

# Reference: https://twitter.com/LukasStefanko/status/1136995445572550661

bibox365.us

# Reference: https://twitter.com/LukasStefanko/status/1138768486514266112

admob-games.online
admob-games.xyz
liniatech.com

# Reference: https://twitter.com/LukasStefanko/status/1139064061809893376

app.freegifts.top

# Reference: https://cerbero-blog.com/?p=1633 (# AndroRAT)
# Reference: https://www.virustotal.com/gui/file/dc9a0322ca263d733f91182f1e655a11cba28dc766031ce0665b6005900450d7/detection

shoppingapp.no-ip.biz

# Reference: https://cerbero-blog.com/?p=1633 (# OmniRAT)
# Reference: https://www.virustotal.com/gui/file/9e1bee43a501132da732d1287126632438b91a9fcbf37afda7b8597055960877/detection

strippermona2.no-ip.info

# Reference: https://twitter.com/nullcookies/status/1177342951766278144

googleplaystore.net

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2014/2014-11-26-sms-spam-with-mobile-malware/sms-spam-with-mobile-malware.csv

url7.me

# Reference: https://www.virustotal.com/gui/ip-address/185.89.102.7/relations

185.89.102.7

# Reference: https://securelist.com/still-stealing/83343/

extensionsapiversion.space
guest-stat.com

# Reference: http://contagiominidump.blogspot.com/2012/12/trojanrussmssystemsecurity-toll-fraud.html
# Reference: https://www.virustotal.com/en/file/664725869278f478e5a50a5e359dc6d5cf4f2a7019d0c122e2fa1e318f19636b/analysis/
# Reference: https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=516
# Reference: http://securelist.com/blog/incidents/59384/new-threat-trojan-sms-androidos-stealer-a/#page_top

load-center.ru

# Reference: https://twitter.com/051R15/status/1068411354216722432

211.188.179.86:8686

# Reference: https://twitter.com/ninoseki/status/1176732200873578496
# Reference: https://www.virustotal.com/gui/file/9cfea36afbc687f967a4509fb9a7f07b4439bf85b319dc3c937a262a142858cc/detection
# Reference: https://pastebin.com/c8JQLkf1

154.197.51.135:84
45.204.2.128:82
45.204.2.128:83
45.204.2.149:83
45.204.2.158:83
http://154.197.51.131
http://154.197.51.134
http://154.197.51.135
http://154.197.51.136
http://154.197.51.137
http://45.204.2.128
http://45.204.2.149
http://45.204.2.158
http://61.218.17.208
http://61.218.17.209
http://61.218.17.210
http://61.218.17.218
http://61.219.193.249
http://61.219.193.252
http://61.219.255.43
http://61.230.136.233
http://61.230.140.192

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2016/2016-05-31-android-spyware-targets-security-job-seekers-in-saudi-arabia/android-spyware-targets-security-job-seekers-in-saudi-arabia.csv
# Reference: https://www.virustotal.com/gui/file/7cbf61fbb31c26530cafb46282f5c90bc10fe5c724442b8d1a0b87a8125204cb/detection
# Reference: https://www.virustotal.com/gui/file/4aef8d9a3c4cc1e66a6f2c6355ecc38d87d9c81bb2368f4ca07b2a02d2e4923b/detection

/Hac%20Mobaile/
/Hack%20Mobaile/ADDNewSMS.php
/Hack%20Mobaile/ADDIMSI.php
/Hack%20Mobaile/ADDVCF.php
/Hack%20Mobaile/ADDHISTORYINTERNET.php
/Hack%20Mobaile/ADDSMS.php
/Hack%20Mobaile/ADDNewSMS.php

# Reference: https://www.virustotal.com/gui/file/cd729d7035c69ab0ffa1aa52fff1c70fea60340c6ee74003ed4d9fd5fd87ad5e/detection

midoken18.ddns.net

# Reference: https://www.virustotal.com/gui/file/3ab6cd063e8ba3a2ed7e804a5ab1770add5d6aa1d56e9d4c71b2c0e0b2b86aeb/detection

185.217.1.190:2121
thefreebestfantasticmisticplace.com

# Reference: https://www.virustotal.com/gui/file/d91b40a09c989ea9e630e9b3eb80addb8f6c193c48e2dccc989a33d546ed8eaa/detection

text-dll-mo.linkpc.net

# Reference: https://www.virustotal.com/gui/file/ac22327dcd3336f41216ab282c97ab9204bd3312bc112027c58e8befc52167c6/detection

kanich.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e36c616ad524813059a48fa1654be3d28c27b6a1a01bda1dcb680f0251d147c1/detection

pikachu077.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ad3ba8393f6f3a05dce5c3476f149732dce6794685847520755209a140f2c0a7/detection

ghostdoor-36929.portmap.io

# Reference: https://www.virustotal.com/gui/file/256c4d26410ea29f9a71b10792d3cc1533783f80ed9058025663bbf9fef19142/detection

193.161.193.99:34288
sivem-34288.portmap.io

# Reference: https://www.virustotal.com/gui/file/3ba08b95030eb44ced91bd90dd585ec48365935808f3ba1304221106781db7c6/detection

193.161.193.99:36447
aprsgk-36447.portmap.host

# Reference: https://www.virustotal.com/gui/file/6280e944104fb8745091b3973127f26034192426977523bde6f2fd9ead31f216/detection

193.161.193.99:28873

# Reference: https://www.virustotal.com/gui/file/3d1645625ee2bb1cadf901c03eeafbc772ebde1fe2e69c37c3c6038ed3b4bca9/detection

193.161.193.99:40247
kyleer.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c1d8dc289cae8e506dae878bec93cf08eddc0a408ec112fbe518f841a7959980/detection

193.161.193.99:63683

# Reference: https://www.virustotal.com/gui/file/d2d222d8249b7b37f4e15bef5fe13c0791ac903f4615b2368b4ca20ce26ec7d5/detection

193.161.193.99:53191
narpatbose-53191.portmap.host

# Reference: https://www.virustotal.com/gui/file/a2a33e1e8b1e01a6ca93db88a5afefb4e6b8801481a5b976aee5151f8da404c9/detection

193.161.193.99:42178
darkdick.duckdns.org

# Reference: https://www.virustotal.com/gui/file/2ae8555419e5dd0167a06ec307f54fc587cd40a06c388c0cbbbdc7b2cfb1464f/detection

193.161.193.99:25589
Neboys-25589.portmap.io

# Reference: https://www.virustotal.com/gui/file/8a1459cfd167d53fa3d599a3e6b88d72edb5ed86374ce75cfc439026f948d176/detection

ajmal-40797.portmap.io

# Reference: https://www.virustotal.com/gui/file/757b2018d1b9c7e658f39e376bdc47799f7774888ac26b12a5dc60e0bca414d1/detection

193.161.193.99:46682
redexrocks-46682.portmap.io

# Reference: https://www.virustotal.com/gui/file/989d038aa3a2ff948037470af11ae6df8e0d3806c0a5ae063638ed4653c9d453/detection

ceca-46670.portmap.io

# Reference: https://www.virustotal.com/gui/file/ec71a8f4fd33c7852f3ada6dbef4176364d27e7a3d5c7645a4e3618054d59d95/detection

193.161.193.99:40119
hadisikeraq-40119.portmap.host

# Reference: https://www.virustotal.com/gui/file/8c72bb3d375de1409b7e6a2f59a9f7b6742ab00a1d9f44c08896ac91fd625ceb/detection

193.161.193.99:1337
hackaniyan123-28446.portmap.host

# Reference: https://www.virustotal.com/gui/file/1d11d8522383ceb2dd31847066e6d5b38711c19728a2b061f34de4fe00f7931d/detection

193.161.193.99:44899
allaya-44899.portmap.host

# Reference: https://www.virustotal.com/gui/file/4927c90df692cc0b6daab6dc789ed87d05e8308120aefed5b3864aa2ef7ea9c4/detection

parkerrhino22-35670.portmap.host

# Reference: https://www.virustotal.com/gui/file/37213724622b7ddd26cb62da058d7d29b17d0157d90ccbc81b1f9c51fb453b76/detection

soma1q-46620.portmap.io

# Reference: https://www.virustotal.com/gui/file/fee56ec8f0eb682db76281aa208a76dda29d3c3c8bef8c89e41932c5581cb8fc/detection

193.161.193.99:37138

# Reference: https://www.virustotal.com/gui/file/5ac0ad807be80133b655b386eb77f7b7fac312fa74f584d8cdad35daf1776881/detection

193.161.193.99:56605

# Reference: https://www.virustotal.com/gui/file/1ddeffc5d315e5263c3c9bd5883822435be0bd4bf9ab9b9b87214143705be220/detection

193.161.193.99:36343

# Reference: https://www.virustotal.com/gui/file/e7cf7c54d3a8b6e2edfae7c8bbf8427150418db691d60c1db1d8bb971a6cd333/detection

manuse-52828.portmap.host

# Reference: https://www.virustotal.com/gui/file/2e2268001cd304fc904ece47266862cdf653adde32f694d109f7891fd27a7a9a/detection

yasin69-58773.portmap.host

# Reference: https://www.virustotal.com/gui/file/2b4d4f0f5eb58743f55f97261971539be68045cd94a64a8026b8516bcbcd2beb/detection

bewman-27570.portmap.host

# Reference: https://www.virustotal.com/gui/file/23c5c73e76472eff51d09d62d972165900bfd8e97b5b95a3fbe877defb5f83f6/detection

LAPTOP-8OHQN8H-33163.portmap.io

# Reference: https://www.virustotal.com/gui/file/8e9e743c552776b4f4f65d268862acd55d3b1eb5399cf88d14e45cb7e70d9cd2/detection

nobodydoes-62739.portmap.host

# Reference: https://www.virustotal.com/gui/file/96a8ed7272a62d1a5950a3ed1090283073a0ff987939da4d5e20489d5a139043/detection

193.161.193.99:48545

# Reference: https://www.virustotal.com/gui/file/d3de3d49947abb7860d9fca288fa610a0b25cef0761220a03243e4a5039dfb25/detection

193.161.193.99:23740
king090371-23740.portmap.io

# Reference: https://www.virustotal.com/gui/file/6a4612a258f0ae6cb3bbef56227ce32d504e33187bee75250591ee51d42c24f1/detection

60770a3c1e5cb79771c84d26219b315f.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6bc63ed3d63acb96faaa2d9de2c225ccf77827b0f7c0c87417eda394efd5d407/detection

193.161.193.99:54044
fbz-54044.portmap.io

# Reference: https://www.virustotal.com/gui/file/3e34699904e5cd553b0c786e961dfa3b47307b9485d04c4a21833f52f682dedb/detection

blabla-64010.portmap.io

# Reference: https://www.virustotal.com/gui/file/6d3371a6fb582f2fb69d8fe14eb9e953ccd0bb93ad24d669b97e2fd52463d00b/detection

193.161.193.99:58489

# Reference: https://www.virustotal.com/gui/file/bff674e0d2cb44aa0ae2d7124a08ccedda5f09843953c2fb04e51d635185e06d/detection

193.161.193.99:58489
yagomilenio.ddns.net

# Reference: https://www.virustotal.com/gui/file/cf74e0454c815739ab9b4e3add541042675ee2f3c9287c22811d33e0bad2ef06/detection

193.161.193.99:28750
Hackerprofesional-28750.portmap.io

# Reference: https://www.virustotal.com/gui/file/5ea0b093514ca513755877d1407f97a667510480a6931ec2553b8268c7fa3c6e/detection

193.161.193.99:30479

# Reference: https://www.virustotal.com/gui/file/ae3fdadda6c13dc895fa48862b519751a03d0107a7a8b456460f550f483d7f6b/detection

193.161.193.99:61770

# Reference: https://www.virustotal.com/gui/file/1cbcf97ea3658dd477105dd5bf75f2dc545fd48898220752e6e515e751d4e874/detection

gimiexpert.duckdns.org

# Reference: https://www.virustotal.com/gui/file/88e4c82169a018046ed711e5d199cfffa1ac2bc974237f7ff30013a0f3c6d202/detection

193.161.193.99:61891
LAPTOP221421-61891.portmap.io

# Reference: https://www.virustotal.com/gui/file/e6d6c2f48603c6be4937908d841e3b3af2cd21876e05987d688523ba1deedd3e/detection

3.19.3.150:16866

# Reference: https://www.virustotal.com/gui/file/e221cfff004c9423b27e921684e629dc5d98279227eb2a5253364ebda0b233be/detection

3.14.212.173:13392
3.19.3.150:13392

# Reference: https://www.virustotal.com/gui/file/c438f42bf63828943c537b48203c40448b46d1ba0987a02696481dfcf1a20167/detection

3.19.3.150:12128

# Reference: https://www.virustotal.com/gui/file/87e415521d0b2f63ac96e4689072c377c4c26fd8265c1e7e67f70e53433cbc38/detection

3.19.3.150:16153

# Reference: https://www.virustotal.com/gui/file/dd33f5656995cc1a5f50d0064c9efd82aefe3ecaa357190a6402ee3a6663610a/detection

3.19.3.150:14457

# Reference: https://www.virustotal.com/gui/file/21856a6bd24af73aea9aee0d656ef2208c2ebbb6011c457549988a241394657b/detection

3.19.3.150:14921

# Reference: https://www.virustotal.com/gui/file/a970f8de2ae9dbed6b4e982f65e7706a03ee510693d869dce2eb30a37a97d6b2/detection

3.19.3.150:16189

# Reference: https://www.virustotal.com/gui/file/cd38c945796f0ec0fcece3126875a96ad4324d76028348412fc9a78a79c722c1/detection

3.19.3.150:13234

# Reference: https://www.virustotal.com/gui/file/b74dacb1e380dae54434fb4d6206b501e0f3ab6016c7453f3c6ef1ff3382ea17/detection

3.19.3.150:14892

# Reference: https://www.virustotal.com/gui/file/34ccd61d454162e8a6fa8599586ce8248e53aab9e38a291ca336fda66053fad9/detection

androidapp.myq-see.com

# Reference: https://www.virustotal.com/gui/file/91f12329d74e5ca5b055256d999d92294caf8d194db145a8063a398990812165/detection

185.101.92.3:4339
asson.myq-see.com

# Reference: https://www.virustotal.com/gui/file/92f6b8f14527f7e755b535d8442f4a8cf562f92584ab5e50eb126fc9c527f303/detection

193.161.193.99:34279

# Reference: https://www.virustotal.com/gui/file/4d4b02db0f7df2d43f7ecd98580faa5d58b3f0e43e0fe3bde4e22ea2954686c6/detection

54.81.215.72:12301

# Reference: https://www.virustotal.com/gui/file/7c86f4236e7b32467e2cd2fd797a1f794ed0c00703871bb55d78b6ba98567711/detection

141.255.150.115:3210
141.255.154.248:3210

# Reference: https://www.virustotal.com/gui/file/cc9186e56a28e2e069c0e02000882f1e725b8631a0da04c79117f4dc46ccc78c/detection

console-wifi.ddns.net

# Reference: https://www.virustotal.com/gui/file/db87c6455b568eb63e25b22688affd3e15eb4683a656061ba5a50ac26b8af702/detection

197.32.108.10:2222
91.109.176.6:2222
ahmed444mah.myftp.biz

# Reference: https://www.virustotal.com/gui/file/1939024a2e094348b5068a569e5968a09e7d612351b0f9ff7e4bbcd32aee24d7/detection

qna.hopto.org

# Reference: https://www.virustotal.com/gui/file/3a7e844f3e2709ac9aa352183f55347e9729c95c51e44f72f6073d12893783b9/detection

danielgomesb.hopto.org

# Reference: https://www.virustotal.com/gui/file/ce3d7392c08178a064432f952302c10bda264b09c7f7e6477a9e668072cdd506/detection

177.40.160.231:1337
179.176.142.193:1337

# Reference: https://www.virustotal.com/gui/file/ac99d6ecf20ede3c1064a5790ea66d4080776c7369dc7f878c3dcd658dc7d5ee/detection

179.178.9.126:1337

# Reference: https://www.virustotal.com/gui/file/7607ecae59fdb498d0e6691f0b3049eeb03cbc7c456a46e415ccfc3f672b09a4/detection
# Reference: https://www.virustotal.com/gui/file/3635d1220ce1ac04cfa2cd99e7878f33b98d4c9841ec3d5731b9ff1a67d0e034/detection

mobihok.net

# Reference: https://mobile.twitter.com/LukasStefanko/status/1032884776825434112

http://59.105.6.230

# Reference: https://twitter.com/LukasStefanko/status/1039435272017117185

teensexmovies21.tk

# Reference: https://twitter.com/LukasStefanko/status/1114065804943867904

jakajakreminota.work
/metabbiroma2/terro.php

# Reference: https://twitter.com/virqdroid/status/1117771719412989952

flashnew111.top
letsfuckit111.top
pastbische1.top

# Reference: https://twitter.com/LukasStefanko/status/1123875894488072193
# Reference: https://www.virustotal.com/gui/domain/stimpado.com/details

stimpado.com
/sam01/set.php

# Reference: https://www.virustotal.com/gui/file/ab90578cdb6641c32ce3242d4c9f03b4b2a17e061afe9e1d58d9fd73c483769c/detection

http://185.198.57.24

# Reference: https://www.virustotal.com/gui/domain/u363571.test93w.ru/details

u363571.test93w.ru

# Reference: https://www.virustotal.com/gui/domain/u36317.test93w.ru/relations

u36317.test93w.ru
/private/set_data.php

# Reference: https://twitter.com/JayTHL/status/1214205248945999873

chase-banksonline.com

# Reference: https://twitter.com/ni_fi_70/status/1227964755589189632
# Reference: https://www.virustotal.com/gui/ip-address/200.6.39.216/relations
# Reference: https://www.virustotal.com/gui/file/58bd88693864b0375032d3507fe359e79d1ee179e51c5a7d1b2b8e17c8102a17/detection

200.6.39.216:80
app-bbva.online
/controls/bbva_es/control.php?message=
/controls/milenium/control.php?message=

# Reference: https://www.virustotal.com/gui/ip-address/169.197.110.86/relations

169.197.110.86:80

# Reference: https://www.virustotal.com/gui/file/1ff1122748bb717fdae81acaca176a8c8d1fd7babbd04451d67ad5d72d33a83c/detection

141.255.153.71:1177
testesild68.ddns.net

# Reference: https://www.virustotal.com/gui/file/e8b7ecb0266db61e222e89e295f610baeb550117097ae277e5d4e27e05a28376/detection
# Reference: https://www.virustotal.com/gui/domain/app.smartnewsource.com/relations

app.smartnewsource.com

# Reference: https://www.virustotal.com/gui/file/17aa8c580c201567a98a721e3b21d0ac45a15dd513e7c58638b7ca7862fd7b7a/detection

168.235.111.253:4339
majomodelagency.duckdns.org

# Reference: https://www.virustotal.com/gui/file/97a8aded5dba613bdac4cccd17a4d06e7f10d297798dcc0d52f398c1357739f2/detection

168.235.111.253:1818
cooldreamers.ddns.net

# Reference: https://www.virustotal.com/gui/file/ce7dc9c5333068f9923dc5bb37f2ba8255f3f13b5433dc1d5938a16643c51817/detection

168.235.111.253:1604

# Reference: https://www.virustotal.com/gui/file/2844249359ce1e7a8e8b6e11c7497b8888ff6a4fc6d644c96dfa1c76def35f5c/detection

168.235.111.253:1617
didi03.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9b1a1ccedfb4439d7f30468953fb30d3e353041ed61897be805fb81e3137798f/detection

102.69.0.221:5214
194.35.115.37:5214

# Reference: https://www.virustotal.com/gui/file/d53c5908beea8b54a1190c90049a2c15b833df44e5a1000f62255aa01893871d/detection

45.74.46.199:8484

# Reference: https://twitter.com/malwaretracekr/status/1236656514800054274
# Reference: https://www.virustotal.com/gui/file/69f2b139bc5c5480b85ef67171816972c6eb3a1152b6cc8900e98c75c98b097d/detection

cjthemsk.cn

# Reference: https://securelist.com/cookiethief/96332/

yoboxtool.com
yomobi.net
youzicheng.net

# Reference: https://twitter.com/LukasStefanko/status/1240913992383684610

codebeta.in

# Reference: https://www.virustotal.com/gui/file/8a87cfe676d177061c0b3cbb9bdde4cabee0f1af369bbf8e2d9088294ba9d3b1/detection

coronasafetymask.tk

# Reference: https://twitter.com/LukasStefanko/status/1243317183419219969

freepornhub.host

# Reference: https://twitter.com/malwrhunterteam/status/1243533202507075584

dl.ac19.am

# Reference: https://www.virustotal.com/gui/file/22b900664bf56c376079c088decffebe04e13f3a1440da4c79562bc949733484/detection

91.218.65.24:5214

# Reference: https://twitter.com/virqdroid/status/1243847928814489602 (# ProjectSpy)
# Reference: https://www.virustotal.com/gui/file/e394e53e53cd9047d6cff184ac333ef7698a34b777ae3aac82c2c669ef661dfe/detection
# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/
# Reference: https://otx.alienvault.com/pulse/5e9b393310636e8d50492c5b

cashnow.ee
spy.cashnow.ee
xyz.cashnow.ee
/Corona_Virus.apk

# Reference: https://twitter.com/malwrhunterteam/status/1239477012827381760

/avist.apk

# Reference: https://www.virustotal.com/gui/file/78e3efb6b9eca61de2ae53064702d7879d8f2430c7793fe20a5fef999d12691a/detection

141.255.156.231:1177
191.177.187.33:1177
ccman32.duckdns.org

# Reference: https://www.virustotal.com/gui/file/78e3efb6b9eca61de2ae53064702d7879d8f2430c7793fe20a5fef999d12691a/detection

141.255.151.102:1177

# Reference: https://www.virustotal.com/gui/ip-address/141.255.156.231/relations

iphone-skyrock.ddnsking.com

# Reference: https://twitter.com/malwrhunterteam/status/1243991887998001153

/Ac19-V1.2.0.apk

# Reference: https://www.virustotal.com/gui/file/06bb1f4da96df4857c94e73794fc9b0c283b6cecb974d2eb9c89fe0f4afab6bb/detection

141.255.152.138:2222

# Reference: https://www.virustotal.com/gui/file/92647585c0aab0009197ba287a871f752c6a49e095f648afa1ffc4a6a657ae34/detection

41.104.196.248:2222

# Reference: https://twitter.com/ReBensk/status/1245315100572962816
# Reference: https://www.virustotal.com/gui/file/fe8fcd646e3faa8f7d0191a25d91a93d1e207159dcb059522295d70b107ca9eb/detection

http://18.221.227.34
frz.nflfan.org

# Reference: https://twitter.com/malwrhunterteam/status/1247213866452426752

play2win.buzz

# Reference: https://www.virustotal.com/gui/file/c87e72acabf6a90425162d3c30a9dbe2a0e334dc97e20a83bbc85270eecf6279/detection
# Reference: https://www.virustotal.com/gui/file/047bed96d8c23720e9afc7b933ed563bd984540fc4aacd3246918adbcce7e874/detection

fsocietylammer.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1251565949356052481

5g-20gb-internet.com

# Reference: https://twitter.com/ReBensk/status/1251860425974730754

lgoogleplaystore.com

# Reference: https://www.virustotal.com/gui/file/f33d51d754860f92c3d775e4876579c4b245823ba3c5622691e5a69afe83053c/detection

pinterest.com/abigailn674/
pinterest.com/amicenorton4874/
pinterest.com/ashlynfrancis7577/
pinterest.com/emeraldquinn4090/
pinterest.com/felicitynewman8858/
pinterest.com/gh6855786/
pinterest.com/kelliemarshall9518/
pinterest.com/norahspencer9/
pinterest.com/posylloyd4136/
pinterest.com/shonabutler10541/
pinterest.com/singletonabigail/

# Reference: https://twitter.com/malwrhunterteam/status/1255144050228752388
# Reference: https://www.virustotal.com/gui/file/2e4cb2826b760db0defcb9f30d9768cf627470c54f8341fbc6f9bb67fbab731d/detection

107.151.194.116:8080
red-v8.com/download/
/JYSystem/loginIndex
/JYSystem/restInt/collect/postData

# Reference: https://twitter.com/malwrhunterteam/status/1255526720486223872
# Reference: https://twitter.com/NtSetDefault/status/1255536589083684872

apphome01.xyz

# Reference: https://twitter.com/malwaretracekr/status/1255788631953817600

happysex4477.info

# Reference: https://twitter.com/ESETresearch/status/1255866379972030466
# Reference: https://twitter.com/seafaringturtle/status/1261427374924500992
# Reference: https://twitter.com/malwrhunterteam/status/1261383510708891649

korzystna.biz/praca.apk
morefuntfkjaskjfk123.cx
techndevs.us

# Reference: https://a.virscan.org/language/en/089b3e6ba3b60181f96708892321e2b7

xoez.xinzj1.com

# Reference: https://www.virustotal.com/gui/file/3ad5c57f7435e5f1de7d59cb8bc14f69dfe095be5fbdff9a489c864dc9298776/detection

91.193.75.247:4000

# Reference: https://twitter.com/malwrhunterteam/status/1257722625989791745
# Reference: https://www.virustotal.com/gui/file/1d0e0a24d502688ec9d291bf978da60f3b3f152eaa317b24686a041f3e22d007/detection

googleapps.xyz
/zeeinoppqe.php

# Reference: https://twitter.com/malwrhunterteam/status/1258309542208843776
# Reference: https://www.virustotal.com/gui/domain/obmenvsemfiles.com/relations

obmenvsemfiles.com

# Reference: https://www.virustotal.com/gui/file/4885a456b1792305b418a14f37782ff5d7c0a2d15ec42021c63704c7744c2688/detection

78.120.144.206:3458
commealamaison1.zapto.org

# Reference: https://twitter.com/malwrhunterteam/status/1259167146237743104
# Reference: https://twitter.com/seafaringturtle/status/1259209684529152003

adnab.ir
rozup.ir/download/3039645/

# Reference: https://www.virustotal.com/gui/domain/bbb123.ddns.net/relations
# Reference: https://www.virustotal.com/gui/file/153e52d552fdd1b4533d3eb9aa8f59bda645e8a4409b28a336c0cab1d26bd876/detection
# Reference: https://www.virustotal.com/gui/file/1f2eb62e57e29d27d83d88bfbac654bdbd6772ee7bab981b6930806c550e4b7c/detection
# Reference: https://www.virustotal.com/gui/file/e321d63c061503d341ba9076a6fa5b85383f7e6ac9f0bf5b4ccbfe68a6f808b3/detection

159.0.64.216:2222
159.0.90.166:2222
178.87.136.11:2222
178.87.138.222:2222
178.87.157.88:2222
178.87.212.96:2222
2.88.187.83:2222
2.88.190.5:2222
51.223.107.14:2222
51.223.117.108:2222
51.223.124.255:2222
51.223.127.88:2222
51.223.152.150:2222
51.223.159.160:2222
51.223.78.70:2222
51.223.92.246:2222
51.223.98.156:2222
79.173.195.249:2222
92.253.65.44:2222
93.182.171.21:2222
94.49.131.95:2222
94.49.138.66:2222
94.49.143.58:2222
94.49.156.68:2222
94.49.175.31:2222
94.49.191.93:2222
94.99.92.43:2222
95.219.144.182:2222
95.219.152.127:2222
95.219.187.144:2222
95.219.230.215:2222
95.219.255.163:2222

# Reference: https://twitter.com/LukasStefanko/status/1260122734920679425
# Reference: https://www.welivesecurity.com/2020/05/11/breaking-news-app-promises-news-brings-ddos-attacks/

i-updater.com

# Reference: https://twitter.com/ReBensk/status/1260875242286706688

matakerbau.com

# Reference: https://twitter.com/malwrhunterteam/status/1260899590691323904
# Reference: https://www.virustotal.com/gui/ip-address/222.239.248.195/relations

http://222.239.248.195

# Reference: https://twitter.com/seafaringturtle/status/1262466331254890498

com-hp-vd.firebaseio.com

# Reference: https://twitter.com/malwrhunterteam/status/1263140797173706752

vinogradzaoknom.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1263166792974962688

fightgid.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1263804506258599937
# Reference: https://www.virustotal.com/gui/file/b35fc3a41e692a2473608ae5dc9f3f5ce5d4c7fa603cbdf8a5ec930a0e2cf16c/detection

45.138.209.192:20420

# Reference: https://twitter.com/malwrhunterteam/status/1264954714690588673

avito-package.info

# Reference: https://twitter.com/malwrhunterteam/status/1265530814781145089

47.92.30.96:8832

# Reference: https://twitter.com/malwrhunterteam/status/1270043420103507968

scribd.cu.ma

# Reference: https://twitter.com/malwrhunterteam/status/1270435949454004224

st-chat.com

# Reference: https://twitter.com/malwrhunterteam/status/1271062243418034176

http://175.118.126.113

# Reference: https://twitter.com/malwrhunterteam/status/1272970342772989952
# Reference: https://twitter.com/LukasStefanko/status/1273210170269671424

http://93.157.83.20
panel.celularmatrix.com.br

# Reference: https://twitter.com/ReBensk/status/1273659924632010758

djjubeemedia.appboxes.co/Apks/

# Reference: https://www.virustotal.com/gui/file/b3511ce22c8b57971904b46de918b1af1b62f7eb19fe8a63954798c0037de3a0/detection

http://207.148.126.117

# Reference: https://blacklist.cyberthreatcoalition.org/vetted/url.txt

http://51.75.160.57
49584989898.online
akhbarrecords.com
hottestxxxvideo.com
inps-it.top
mascalorofertas.xyz
valesydescuentos.info

# APK

/acrobatreader.apk
/chatting.apk
/injected_ddos.apk
/injected_gd.apk
/install_flash_player.apk
/monitor.apk
/personal-wallet.apk
/UpdateFlashPlayer.apk
/wh-app-release-v2.apk
