# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.welivesecurity.com/2019/07/29/android-ransomware-back/

rich7.xyz
wevx.xyz

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2017/2017-07-07-leakerlocker-mobile-ransomware-acts-without-encryption/leakerlocker-mobile-ransomware-acts-without-encryption.csv

goupdate.bid
updatmaster.top

# Reference: https://www.virustotal.com/gui/file/5648e9d7dd6d221538b531bc9c344c4e9793731e7ead56d2a41324c3e3e6cdc6/detection

149.28.14.103:2222

# Reference: https://twitter.com/malwrhunterteam/status/1253776019775016961
# Reference: https://www.virustotal.com/gui/file/83028bc2bf977754b50d3a22ba9dad6a523e29c3238b0b28ff0e15ebd736489f/detection

extrapooo.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1267862152209203200
# Reference: https://www.virustotal.com/gui/file/4a87338c443a93b51bde7562b6f05dd27f029e3b873c33ad92b01dd219e88ea5/detection

balancetonflic.alwaysdata.net
/addslave.php

# Reference: https://www.virustotal.com/gui/file/cad42bd864e33717558266be358e6e05075c889a2e18c963d521bbe048fb4dde/detection

101.15.222.90:8953

# Reference: https://twitter.com/ReBensk/status/1275329926602915850
# Reference: https://twitter.com/LukasStefanko/status/1275711062290161669
# Reference: https://www.welivesecurity.com/2020/06/24/new-ransomware-uses-covid19-tracing-guise-target-canada-eset-decryptor/ (# CryCryptor)

covid19tracer.ca
tracershield.ca
