# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://blog.talosintelligence.com/2018/07/Mobile-Malware-Campaign-uses-Malicious-MDM-Part2.html

32player.com
appswonder.info
capsnit.com
hiltrox.com
hytechmart.com
ios-update-whatsapp.com
ios-certificate-update.com
metclix.com
nfinx.info
referfile.com
scrollayer.com
techwach.com
twitck.com
wpitcher.com

# Reference: https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf
# Reference: https://otx.alienvault.com/pulse/5f7dd394005536c84adbaf56

account-googie.com
accountvalidate.com
airfitgym.com
ambicluster.com
aspnet.dyndns.info
aspnet.dyndns.infoassurecom.info
assurecom.info
bulletinalerts.com
by4mode.com
cdn-icloud.co
cdn-icloud.cocelebsnightmares.com
celebsnightmares.com
citrusquad.com
classmunch.com
cloud-authorize.com
cocahut.com
cocelebsnightmares.com
cocoka.info
cocoka.infocrawloofle.com
cohealthclubfun.com
crawloofle.com
cyroonline.com
devicesupport-rnicrosoft.com
domforworld.com
electrobric.com
everification-session-load.com
flux2key.com
freepunjab2020.info
frexinq.com
gateway-yahoo.com
ghelp.co
ghelp.cohealthclubfun.com
healthclubfun.com
hypforever.com
i3mode.com
imging.site
imging.siteinlineirnage.com
infoassurecom.info
infocrawloofle.com
inlineirnage.com
justsikhthings.com
kannat.ns01.us
kannat.ns01.uskhalistanlehar.com
khalistanlehar.com
leastinfo.com
leelee.dnset.com
lizacorner.com
lobertica.info
login-private.com
logon-info-gsupport.com
logstrick.com
m0-rnaiil-siina-chn-reload.everification-session-load.com
mail-incc.com
mail-king.com
mail-validation.info
mail.techsprouts.com
mailinfo-bh.com
me-yahoo.com
medieczema.com
middleeastleaks.com
mideastleaks.com
mindcraftstore.com
musicbandfiles.com
myaccount-googie.com
myappie.comyfoodzone.net
myggl.ioo-auth.net
netonlinetokenid.com
netstring2me.com
onlinetokenid.com
opticscold.com
opticzstore.com
optusiy.com
orgyes2khalistanis.com
out-look-mail-bh.com
oyesterclub.info
passwordsaverr.com
poiusavid.com
portal549.com
privacylog.info
prontexim.com
regditogo.com
rhc-jo.com
risalaencryptor.com
rnaiill2-rnaill-slna-m0.everification-session-load.com
rnail-appld-oath-varfiction.everification-session-load.com
scan8t.comsecure-useraccount.com
service-authorization.com
setting-secure.com
shiaar-e-islam.com
signtabo.com
sikhforjustice.org
sikhforjustice.orgsimilerwork.netstring2me.com
similerwork.net
string2me.com
sync-tokens.com
tansyroof.com
techsprouts.com
techwach.com
thegogl.com
tierradom.com
timesofarab.com
toysforislam.com
trailhinder.com
traxbin.com
treemanic.com
trioganic.com
user-privacy.com
uskhalistanlehar.com
uyghuri.51vip.biz
uyghuri.51vip.bizuyghurie.51vip.bizuygur.5166.info
uyghurie.51vip.biz
uygur.5166.info
uygur.51vip.biz
uygur.51vip.bizuygur.eicp.netuygur.xicp.netvlprnaiill2-rnaill-slna.m0.everification-session-load.com
uygur.eicp.net
uygur.xicp.net
vlprnaiill2-rnaill-slna.m0.everification-session-load.com
weddnest.com
yes2khalistan.org
yes2khalistan.orgyes2khalistanis.com
yes2khalistanis.com
yfoodzone.netmyggl.ioo-auth.netonlinetokenid.com
zhqdgk.com

# Reference: https://twitter.com/bl4ckh0l3z/status/1321746458308128769
# Reference: https://www.virustotal.com/gui/file/cef4be533954e5bb901080cbca26976929d55692674f1bb9fefeca0c349c86db/detection
# Reference: https://www.virustotal.com/gui/file/4fd441183ffd576aea2cf50b19d263f6b07b7548ea24725a496a0a929daaf912/detection

procompass.org
voiceofislam.info

# Reference: https://twitter.com/Circuitous__/status/1377767299709550593
# Reference: https://pastebin.com/9U57CHZn

fastfiterzone.com
lobertica.info
memoadvicr.com
zovwelle.com

# Reference: https://twitter.com/m0br3v/status/1413076245152141316
# Reference: https://www.virustotal.com/gui/file/73b516a0a3996ec1c685ad3d8e26a7191e5d7698bfd98970afc27d5356003cac/detection

onlinedomain.link

# Reference: https://www.virustotal.com/gui/file/815466ec21c59f7704f094a0e4cfc4f817c8b98231d10fe01919b6bd60eca64e/detection

lepze.com

# Reference: https://www.virustotal.com/gui/domain/ie-settings.com/detection

ie-settings.com

# Reference: https://twitter.com/m0br3v/status/1502262179390758913
# Reference: https://www.virustotal.com/gui/file/c921363c790c2eb82ab009f94ac0961164690d795c4ae87bed61897cc80fb33f/detection

datahost.click
/jkRt5e/check.php
/jkRt5e/

# Reference: https://mp.weixin.qq.com/s/YAAybJBAvxqrQWYDg31BBw?_x_tr_sl=zh-CN&_x_tr_tl=en&_x_tr_hl=zh-CN
# Reference: https://otx.alienvault.com/pulse/625591f0fdef5bd852d84afe

5iw68rugwfcir37uj8z3r6rfaxwd8g8cdcfcqw62.de
h94xnghlldx6a862moj3.de
freesexvideos.ch
securechatnow.com

# Reference: https://twitter.com/malwrhunterteam/status/1539985809184641024
# Reference: https://twitter.com/malwrhunterteam/status/1540332848577667073
# Reference: https://www.virustotal.com/gui/ip-address/193.23.161.164/relations
# Reference: https://www.virustotal.com/gui/file/1084b7ff4758b5d13dcfc4f9167b16e6b834bfff2032b540e74959ceb18a5b1e/detection

172.64.168.30:2053
172.64.168.30:8443
193.23.161.164:8443
gkcx6ye4t4zafw8ju2xdr5na5.de
iminglechat.de
fjasfjfas89e.gkcx6ye4t4zafw8ju2xdr5na5.de

# Reference: https://twitter.com/malwrhunterteam/status/1549125906416943108
# Reference: https://www.virustotal.com/gui/file/be1593bd1f1d5a4d05217f0492832e13bddd61281d8e109668ea5c64920fe9b2/detection

dutchvideochatting.com

# Reference: https://twitter.com/Des00464472/status/1552146340515561472
# Reference: https://www.virustotal.com/gui/ip-address/5.249.160.136/relations

ay3a9j7pc3.de
yu27izuchc.de

# APK

/Kashmir-Youth.apk
/Kashmir.apk
/securechatnow_v1_0_6.apk
/securechatnow_v1_0_7.apk
