# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://news.sophos.com/en-us/2018/10/02/the-price-of-a-cheap-mobile-phone-may-include-your-privacy/

apis.sunlight-leds.com/user/register_lock
apis.sunlight-leds.com/get/policy
apis.sunlight-leds.com/get/net_work
dt.szprize.cn/mbinfo.php
play.xhxt2016.com/logcollect/log-information

# Reference: https://www.virustotal.com/gui/file/02322b3070844386db63a6fe75688c1509a8d2a661361d5065c468a7374e82d5/detection

3.17.202.129:11299

# Reference: https://www.virustotal.com/gui/file/a5e5d15acedf0eb09e0e741834f4564e3926438082c092ce3d1616cd33313ff3/detection

3.17.202.129:13313
3.19.114.185:13313

# Reference: https://www.virustotal.com/gui/file/accf9c81afd552851876ca8ae4400b14ba55ff13658b988f1366b2342d3c8e65/detection

3.17.202.129:15480

# Reference: https://www.virustotal.com/gui/file/497e57857f583a9be4dfef3ec6735cbfd9d11a3628aa245bf6a60a1c3eeca126/detection

3.17.202.129:14730

# Reference: https://www.virustotal.com/gui/file/5debbfefa6b93758d192a1ae79f9bd2bbbc948707e2ab3d792c8c48626902948/detection

3.17.202.129:19987

# Reference: https://www.virustotal.com/gui/file/7bf338e1985e0aae524221790c301c6179ee140f4c6200cff2c1bc19392d611d/detection

3.17.202.129:12281

# Reference: https://www.virustotal.com/gui/file/0fe215ec2b7b14900f952bc88819da93e20795013b07071a0e452ce6de71e6f6/detection

3.17.202.129:14738

# Reference: https://www.virustotal.com/gui/file/d608c0d9dcdc8a2e04f6c9e8a1f7a44106e6a2049fcd70355f0de7376b1ff795/detection

3.17.202.129:19850

# Reference: https://www.virustotal.com/gui/file/55bfef694ecd7f83c8a6b020fe08b5f88dbdfe3db61d70bfdb80ef911011df31/detection

3.17.202.129:12057

# Reference: https://www.virustotal.com/gui/file/a02d3fa2780671c590de9ef57bd7cee904c005d8d53ab07a2320e2b68440ea75/detection

18.223.41.243:14001
3.17.202.129:14001

# Reference: https://www.virustotal.com/gui/file/fca4504252a76e785c7e4a6ee74cde9a36c0e071d4b7a56d340a2d1c0ebba279/detection

3.17.202.129:26569

# Reference: https://www.virustotal.com/gui/file/b6655c33c4f6859884998a74d3eb64773d16b00570457c72eb6f11df00a82a2d/detection

3.17.202.129:18169

# Reference: https://www.virustotal.com/gui/file/3e6b5947af518d207467feecf83f9d4460e36c2469a77891b7a6eaa87efd37eb/detection

3.17.202.129:14617

# Reference: https://www.virustotal.com/gui/file/b6dad30adce1b40c7890324713988a4bf6c4133bdc7666d5b8d3c4c8289592c9/detection

3.17.202.129:18336

# Reference: https://www.virustotal.com/gui/file/603ea32e446844ab166e372e6313988ff5fdbc734f690f5b84fa2f0ddad93b4c/detection

3.17.202.129:11577

# Reference: https://www.virustotal.com/gui/file/d4dd94327bb4612a3f1d52dda9512475067b08b5cdb78370fa8469f055f2a881/detection

3.17.202.129:16380

# Reference: https://www.virustotal.com/gui/file/0aeace0c4d16e8c73e6619e122c799b1c5f12b443dd335ea8b96c7941503a99a/detection

3.17.202.129:11707

# Reference: https://www.virustotal.com/gui/file/9662b054f00b36df55875fe9d38f791fa8127e4fbcfdd599aea35a16ba934d2b/detection

3.17.202.129:16480

# Reference: https://www.virustotal.com/gui/file/2e258069d4769fa101c604d94ec1a629a67bf69f388169a398c19ae04d4f1297/detection

3.17.202.129:19658

# Reference: https://www.virustotal.com/gui/file/c2347e12238c8a580fc63f7647e11bf73afce09d8a156c3d1acb4e7a43493446/detection

3.17.202.129:10562

# Reference: https://www.virustotal.com/gui/file/81f99af35301cda05d914f56d00f2665a4c14c63f36cd17544bbac8fd413d200/detection

3.17.202.129:10726

# Reference: https://www.virustotal.com/gui/file/024d46533f896209db769aea6ac2331edafe3cbbf2164f711fd5a88fe362a7eb/detection

3.17.202.129:14116

# Reference: https://www.virustotal.com/gui/file/2281f2b6462735730db80b63716cbe71cc1e2bf1b1c6e9f30b62a1ddf067db2a/detection

3.17.202.129:17784

# Reference: https://www.virustotal.com/gui/file/7eb928117a5726c50e428c78cc1e670dd7a5c9efbcb1b43247346ffc0decc18c/detection

3.17.202.129:13200

# Reference: https://www.virustotal.com/gui/file/dbfed351b791792543396f1b18e8d5bf57704f70014e9a762fa85729656f6150/detection

3.17.202.129:19779
3.17.202.129:9923

# Reference: https://www.virustotal.com/gui/file/0ce05256e857261832580f7149782108ac172219df39fca6d3381e58e3d7c3d4/detection

3.17.202.129:13932

# Reference: https://www.virustotal.com/gui/file/415da659e5ce862170f8ab626e0e13e5630a1aa99a9368f17b885ed85c9ab0c7/detection

3.17.202.129:12456

# Reference: https://www.virustotal.com/gui/file/f1a2032e7bebf2b49d8d5f6dd8747bf4936ea0fdeeb41192dc28b189b62c6879/detection

3.17.202.129:11052

# Reference: https://www.virustotal.com/gui/file/37b8beece5078b3822c5f3cee4ea815c678d5fa15e1691cabaf25065f5ebcf9a/detection

3.17.202.129:13860

# Reference: https://www.virustotal.com/gui/file/5386be0c5bc968f51d6020a41d1898836abf5fd2fb6f5c4e5ea34ff68ad038ba/detection

3.17.202.129:15385

# Reference: https://www.virustotal.com/gui/file/69261a01ede9e887934bc2e7bcea3562178e8d0de6436a8e6cff30c56dcc0167/detection

193.161.193.99:51693
MehakSandhu-51693.portmap.io

# Reference: https://www.virustotal.com/gui/file/1b0947c910a0c9d2b3f3481e624c34ee13c12a970175b001768fea07a0e6a656/detection

193.161.193.99:44222
obrine7-44222.portmap.io

# Reference: https://www.virustotal.com/gui/file/dbb92acba8f57a900c3c053c78ea5c07126abc58a48a1c9cfbf7cbfccc9d7308/detection

193.161.193.99:34029

# Reference: https://www.virustotal.com/gui/file/6a3eb7847313b6cb1d69a5890d7593d16e830caa19b5d6a2e068e5d3cabb161e/detection

xeminem-60058.portmap.io

# Reference: https://www.virustotal.com/gui/file/ed11ff922b646279651d84413205b5ce21385770a6cecddb86c272922979e5ff/detection

193.161.193.99:42149
updatedata-42149.portmap.io

# Reference: https://www.virustotal.com/gui/file/4d681c6795d55c10f453e39fcf6a6915b9083f24a8bef7ae7c1a1d91809958e4/detection

193.161.193.99:39494
Hlothere-54820.portmap.host

# Reference: https://www.virustotal.com/gui/file/9aa5b80f67a887af40cf047c36e29ef7e657057c2d4ed23b8e480d2e92a17ace/detection

193.161.193.99:45730
DevilHacKer6-45730.portmap.host

# Reference: https://www.virustotal.com/gui/file/1126b45458447f5cb508fd914f4886eb8a2caf43bcac9dc2d16d55afa1a9fe11/detection

193.161.193.99:49331

# Reference: https://www.virustotal.com/gui/file/14417c94f9951b05d03fc95303b950673f046152f298a0aed50f3bed978c97a7/detection

193.161.193.99:31338

# Reference: https://www.virustotal.com/gui/file/1e9f71570c7224c9f4d812fa6c1020c85d34044dc6491a7b7555df899e3b0a31/detection

193.161.193.99:47558

# Reference: https://www.virustotal.com/gui/file/0e487c504c389f8319e289030626e5e809bff09f1fea197a3319967c5a9cf32f/detection

193.161.193.99:48073
abcdzu-46166.portmap.host

# Reference: https://www.virustotal.com/gui/file/544bea74366f76fba5f2091463dc912e6e7f0e20fd5c5ffa22ef242b71f3fa06/detection

praveenecil-62024.portmap.host

# Reference: https://www.virustotal.com/gui/file/72ef44526599e2fddb900245f0fbc23248a072604c5a4ca8f780a37e9e3128c4/detection

193.161.193.99:1194

# Reference: https://www.virustotal.com/gui/file/4d828a11b6d41998caebfd0bbff403eb3340fc1264a472546a7a5ae42b785faa/detection

99999-27441.portmap.host

# Reference: https://www.virustotal.com/gui/file/c181610dc3161a8dc8f791ba4f4ab2d8b636fc416ad34ae2609d8e6f7b257eea/detection

193.161.193.99:54451

# Reference: https://www.virustotal.com/gui/file/5f00a60dad8e08e4d8b6ad31adf2b3068de94828e04e931462389c6907507144/detection

p8kka--chu.duckdns.org

# Reference: https://www.virustotal.com/gui/file/63d91aa82d6cc522e1f53b3485d483e262b40ca5ec19870c7d5835866e0c8584/detection

gabbarcchand-54721.portmap.io

# Reference: https://www.virustotal.com/gui/file/1293738c104a66e192f24cee7a1a2e717364a868ee9c8ba76e4b99472eb743c7/detection

hahaha555-57697.portmap.host

# Reference: https://www.virustotal.com/gui/file/f867c68c55e8c30062a5b75699789ff2190c4935eb2efcadd02ea4d5f6e24c91/detection

3.19.3.150:12256

# Reference: https://www.virustotal.com/gui/file/cfa969019302476144732173197af9a7376babe6f89c7d4e15d811f4bbca4030/detection

d600cc51.ngrok.io

# Reference: https://www.virustotal.com/gui/file/35fe03229b7134205c91d18bb4c33ed314bf5780a05aedf12ff8a60a11c8bd87/detection

3.14.212.173:16707
3.19.114.185:16707
3.19.3.150:16707

# Reference: https://www.virustotal.com/gui/file/ab23da0477da3a2dd77ec03d024901edce05be4999dad81bfbca14345047ff0b/detection

3.14.212.173:13105
3.19.3.150:13105

# Reference: https://www.virustotal.com/gui/file/8b5a7c8f1c1957a3e2ddd7014e13921b23ec7d58dc9fb63a6ce5e314b5b8ab17/detection

763484e5.ngrok.io

# Reference: https://www.virustotal.com/gui/file/92e289cbabe8675dd9b06c46758f93ca60aa2f6ea1693d0b882e62363db1eadb/detection

3.19.3.150:13040

# Reference: https://www.virustotal.com/gui/file/c32a89b0d5b3233019db259d26b0d3ea7d42d0a088aa3099887e5835b2520b41/detection

3.19.3.150:15110

# Reference: https://www.virustotal.com/gui/file/ca2f756292e94f533dd3c0a3a41a44e2c9629b612d271f27e449495cec59210c/detection

3.19.3.150:4444

# Reference: https://www.virustotal.com/gui/file/978692920e1ec6ebae680fcd24cace4b17906e1648ab83eb74bd5d17e6e14593/detection

357788e4.ngrok.io

# Reference: https://www.virustotal.com/gui/file/5f43271ddb293c8cc17e2bfa6e26f5a8fb7831b228646662a9232a5a55659efa/detection

18.188.14.65:17807
3.19.3.150:17807

# Reference: https://www.virustotal.com/gui/file/2a2e93bd2652d132bceaa9a49ec02f453b8625c889e4bc1e37dae0573cf25fc4/detection

3.19.3.150:18450

# Reference: https://www.virustotal.com/gui/file/83591246e5ce5fffa36bdd1062568f2f74df576eefebbc81f5fc591549126cad/detection

3.19.3.150:13760

# Reference: https://www.virustotal.com/gui/file/b1d455bbc5f9fef50bebab004e367c59568de8c1b48f67403625ca5d74cda250/detection

3.19.3.150:11980

# Reference: https://www.virustotal.com/gui/file/abec497d5cd9b31274b9b1bbe78ccc619c66ac1503ca38b837a3b39474ca11f9/detection

3.19.3.150:12442

# Reference: https://www.virustotal.com/gui/file/44e027329cb94bc425c00f47903f4b781eee61e11dd25875db3f1e0c9258bc24/detection

3.19.3.150:14011

# Reference: https://www.virustotal.com/gui/file/0b816d6282595479d59836f37a699a8dfd07dfdd4b1eb84581242bcd4452ea92/detection

3.19.3.150:16783

# Reference: https://www.virustotal.com/gui/file/16994a8e7fd8afbbd6f883fabea07a10988225aae2043719fec51f6a0263f9a5/detection

3.19.3.150:14227

# Reference: https://www.virustotal.com/gui/file/2f18805aefeadae420fbb1776167112ba1daa0893e15abc4df4ac144f607f82a/detection

3.19.3.150:19609

# Reference: https://www.virustotal.com/gui/file/49791f3dc3435a7402c500a941c1ed891b05b300ce703eb9da7104ef2da2ebfc/detection

3.19.3.150:13697

# Reference: https://www.virustotal.com/gui/file/70be9fbc415ac86f900ba60e6f575df5eac19d0d64e221514b7f6edf9977371c/detection

e6215e63.ngrok.io

# Reference: https://www.virustotal.com/gui/file/5e189d84b9aad0f1b57d1f953256b0f9bcf1f36d2cb9e4b65968fa1e923a4c85/detection

141.255.145.96:4444
fecbook.ddns.net

# Reference: https://www.virustotal.com/gui/file/21c5af3f15751c0492d1e43f3cacbba23ec7fcc4f1da7a6dbd9a0b825dd5b626/detection

91.109.176.6:44444

# Reference: https://www.virustotal.com/gui/file/d0e579c25e91db1f57deaea23c61c39983015672e7941b40e4cb1788cc8d69d5/detection

119.3.22.174:63333

# Reference: https://twitter.com/JAMESWT_MHT/status/1225869020076875778
# Reference: https://www.virustotal.com/gui/file/b5ac215c277e6c9206386dd5da034bb8f7e35ff9d0e871e3cae0e0b18e323cf4/detection

roperty.info

# Reference: https://www.virustotal.com/gui/file/4af130f1dd2886c930be1934a6e34f97a8653268eaa8febee13a0775746cecf4/detection
# Reference: https://otx.alienvault.com/pulse/5e6fa2a12088756147d24648

64.188.25.205:6914

# Reference: https://www.virustotal.com/gui/file/412c66f0a5f52bdde39b8563c5f34afdb9c30fae3db80b47437cb4f0df46d1db/detection

3.135.90.78:19098

# Reference: https://www.virustotal.com/gui/file/10a6e9297f530e767321e0f1c20006867142e4802ff3b8355f4d72bfa7b702db/detection

18.188.14.65:15716
18.223.41.243:15716
3.135.90.78:15716
3.14.212.173:15716
3.17.202.129:15716
3.19.114.185:15716
3.19.3.150:15716

# Reference: https://twitter.com/malwrhunterteam/status/1243834882280828928
# Reference: https://www.virustotal.com/gui/file/9c1dbbbbfab2dffc05335bd52fd8eea8c9e0e83fca0c9ab6c56d85ecfdcf57d7/detection
# Reference: https://www.virustotal.com/gui/ip-address/164.100.133.168/relations

164.100.133.168:8086
164.100.133.168:8087

# Reference: https://twitter.com/malwrhunterteam/status/1245679870128132097
# Reference: https://www.virustotal.com/gui/file/3abf5bb72292d3c211e183ef5d449ffc06f57dda087eeb9caf7179b7b0d2b110/detection

3.17.202.129:14825

# Reference: https://twitter.com/malwrhunterteam/status/1245692611815505922
# Reference: https://www.virustotal.com/gui/file/407b2b82bddd04399542bbc2fabd3c03ccb2b4d73cdfab9e3c90d73ae92ec158/detection

45.77.12.191:4444
hackto.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1246032955472035841
# Reference: https://www.virustotal.com/gui/file/83c79324ae63fd5ce329ea316d97eac7da5cd0ad02c0eed63fdf39980fc5cb43/detection

http://138.197.179.194
http://172.104.65.17
http://178.128.15.109
http://84.16.227.159

# Reference: https://twitter.com/malwrhunterteam/status/1250797179423330305

95.179.243.180:8091

# Reference: https://twitter.com/malwrhunterteam/status/1251196892710604800
# Reference: https://www.virustotal.com/gui/file/f821eb9f904572ae49cb1a954915616931b778c1ff9399d5ed060ab33866b33c/detection

3.20.98.123:18641

# Reference: https://twitter.com/malwrhunterteam/status/1251231671543902208
# Reference: https://www.virustotal.com/gui/file/aa7c8a6b3ddb144c1b0f5d8a1328a6b2ea9e45010e60cdee1ef6ebdd4a1380f8/detection

8f9b0669.ngrok.io

# Reference: https://twitter.com/malwrhunterteam/status/1251503858578309120
# Reference: https://www.virustotal.com/gui/file/8b436946073f4fc1f8bb97a06d6e7c8a0ac1088abd97fa88f316714c445969e0/detection

139.162.161.211:11768
fw1.sshreach.me

# Reference: https://twitter.com/bl4ckh0l3z/status/1255607262711873539
# Reference: https://www.virustotal.com/gui/file/93fe31be27ba6b7cea2ba12023ec422bc76853d0277d228a3c2ea16dc7f1fe5f/detection

172.111.173.196:4444
kalihosts.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1260816205352521728
# Reference: https://www.virustotal.com/gui/file/96b48bc60a4d7aed92bad7e1b92580482ff913697989b1a42194b697d526035a/detection

3.17.117.250:17975
4f2d7638.ngrok.io

# Reference: https://www.virustotal.com/gui/file/94077ec69ccdddb90d234eaf2e1f4a1d14cda922a7e785fe2b6203c27ddc6960/detection

142.93.132.225:1432

# Reference: https://twitter.com/bl4ckh0l3z/status/1272954921185415170
# Reference: https://twitter.com/KorbenD_Intel/status/1272936929110028288
# Reference: https://www.virustotal.com/gui/file/23cab771765424ce0f859486d784f34e942abc7e94c8ee4ee2c19c8c19eb4b38/detection

http://217.129.59.131
evilcorp.anondns.net

# Reference: https://www.virustotal.com/gui/file/c5edac666b4a1996e603aa56d948a8eb6d8770f21de1e2fb3fd7c34a2d44de60/detection

payload123.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1275481657571790848
# Reference: https://www.virustotal.com/gui/file/c3f9441d3b6f08205a0565f19b7732188e9df700ae073d63dcbc6d7f47eb7f98/detection

3.137.63.131:10410

# APK trails (https://twitter.com/markus_neis/status/1242752623041798145)

/ac19.apk
/aplicacion.apk
/app_backdoor.apk
/corona_v1.apk
/covid19.apk
/hackFB.apk
/smcovid19.apk
/smcovid19_beta22.apk
/smcovid19_end.apk
/smcovid19_v2.apk
/wifiapk.apk
