# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: VizaviBot, L3mon

# Reference: https://www.welivesecurity.com/2019/08/22/first-spyware-android-ahmyth-google-play/

radiobalouch.com
/Debugging/process/process/resolving/system/ReadAllTracks.php

# Reference: https://twitter.com/LukasStefanko/status/1244584890361839616

193.161.193.99:27229

# Reference: https://twitter.com/malwrhunterteam/status/1262415009419874305

tryanotherhorse.com

# Reference: https://www.virustotal.com/gui/file/675f5f887a66d21ea0d314e359f97ba9caa5d04436ef904deeaeaa4c83f06018/detection

95.8.94.174:4000
bhblack.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1263081748482723840

95.8.94.174:4444

# Reference: https://twitter.com/malwrhunterteam/status/1265733202674581507

turktelekom-bilgilendirme.com

# Reference: https://blacklist.cyberthreatcoalition.org/vetted/url.txt

ahmyth.ddnsking.com

# Reference: https://twitter.com/malwrhunterteam/status/1297073202024325120

zebraking.ddnsking.com

# Reference: https://www.virustotal.com/gui/file/b039f0ab2a62a5e1f42c5c0f1d34fc247cb6c0fa65ce33629fccbd28b1d0d064/detection

193.161.193.99:38442
c0cf28ed20-51369.portmap.host

# Reference: https://twitter.com/malwrhunterteam/status/1305940469927550977

maladiescoronavirus.com

# Reference: https://twitter.com/LukasStefanko/status/1306143556281737217

176.31.193.59:22222
tweensangoma.servebbs.com

# Reference: https://www.virustotal.com/gui/file/82b49c84601b36ae1dc7d3056b33bb58716551e85c006354e030d0dc8f6059a2/detection

193.161.193.99:49487

# Reference: https://twitter.com/malwaretracekr/status/1304189932055834624
# Reference: https://www.virustotal.com/gui/file/6a1bb59bd1faa3dbca7df51eb6b265b0fd2b5220d99a5befb2a0aabdb9a946da/detection

/nhsave.apk
/pentapp.apk

# Reference: https://twitter.com/malwrhunterteam/status/1309567899649138689

/GBWhatsapp.apk

# Reference: https://twitter.com/malwrhunterteam/status/1317395859726807040
# Reference: https://twitter.com/bl4ckh0l3z/status/1318126608226582529
# Reference: https://www.virustotal.com/gui/file/00ee72e69290217f5e6977750a873887e8a9ab91d7f91a3004c9d04148ec28b5/detection
# Reference: https://www.virustotal.com/gui/ip-address/85.10.199.40/relations

213.230.90.191:3232
85.10.199.40:80

# Reference: https://twitter.com/malwrhunterteam/status/1328391739523141640
# Reference: https://twitter.com/bl4ckh0l3z/status/1329082787723317250

http://118.167.70.214
http://123.253.110.27
123.253.110.27:8662
123.253.110.27:8889
/kbcapital.apk

# Reference: https://twitter.com/malwrhunterteam/status/1329353263498596352

http://114.43.113.63
http://123.253.109.211
/woori.apk

# Reference: https://www.virustotal.com/gui/file/deb4098d86440e52832eb6f17b38cb2c82e50e9f6de21819e61b0ada5189bbe9/detection
# Reference: https://twitter.com/bl4ckh0l3z/status/1329437919162081282

122.10.114.159:1234
/Aarogya Setu_v1.4.1-ok_sign.apk

# Reference: https://twitter.com/malwrhunterteam/status/1332421014886752262
# Reference: https://www.virustotal.com/gui/file/9550de103b11a99e2ff9551a99e61001ab33d86b86baf76a3265e1a30c2d8493/detection

http://45.143.93.59
/HDLiveWallpaper.apk

# Reference: https://twitter.com/malwrhunterteam/status/1333506610245885960
# Reference: https://twitter.com/bl4ckh0l3z/status/1333742182466023425
# Reference: https://www.virustotal.com/gui/file/8b9ba90a1c7758714e68333c9541cf9fd99b368d0e3df62e91b003af60311047/detection

123.253.110.74:7272
123.253.110.74:8889
http://61.228.224.127

# Reference: https://twitter.com/malwrhunterteam/status/1334126697462030337
# Reference: https://twitter.com/malwrhunterteam/status/1351868441402118147
# Reference: https://twitter.com/malwrhunterteam/status/1356668707062353924
# Reference: https://twitter.com/bl4ckh0l3z/status/1334164150763851781
# Reference: https://twitter.com/bl4ckh0l3z/status/1352927204372586496
# Reference: https://twitter.com/bl4ckh0l3z/status/1352927832754843652
# Reference: https://www.virustotal.com/gui/file/f155131f21cb1fbabc5e1d4e29858caea240bc30a38826ce0671c27eb231cb0b/detection
# Reference: https://www.virustotal.com/gui/file/cd361f4f5cfd28c11a9e305f841cc173a04911fbf37ef8cad798a37a4ebe2a69/detection
# Reference: https://www.virustotal.com/gui/file/cd361f4f5cfd28c11a9e305f841cc173a04911fbf37ef8cad798a37a4ebe2a69/detection
# Reference: https://www.virustotal.com/gui/file/b1cf84700e37ff608ea0ebd179dc6909ad48f0a68031ac88d276ad334d7c0f39/detection

http://178.132.3.230
178.132.3.230:5987
iwillsecureyou.com
myabcxyz.ddns.net
obs1.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1344989314409754625
# Reference: https://twitter.com/bl4ckh0l3z/status/1345446556003143681
# Reference: https://www.virustotal.com/gui/file/6d1a8a655b62220ba415b06e34a7a7970fe745074d83608fadc57fc0c22fe3a7/detection

93.115.28.37:42474
pigeonmessenger.app

# Reference: https://twitter.com/malwrhunterteam/status/1349329349380550656
# Reference: https://www.virustotal.com/gui/domain/umengs.sanxikou.cc/relations
# Reference: https://www.virustotal.com/gui/file/d0f36b9a19cee045c79af58d58b24dcab3850dfd21d1079920ac6f1e8554666e/detection

47.240.50.196:42474
47.91.170.222:42474
umengs.sanxikou.cc

# Reference: https://www.virustotal.com/gui/file/209998484f18f69fe608d658b9f5c8afdb4530308ddcf06b20703a764d89e7d1/detection

http://103.93.79.32
103.93.79.32:9000

# Reference: https://twitter.com/sysk1ll3r/status/1371567150704525316
# Reference: https://github.com/CYB3RMX/MalwareAnalysis101/blob/master/Android/Kbank/ReportKbank.txt

103.159.80.61:8700

# Reference: https://www.virustotal.com/gui/domain/crayzzik.ddns.net/relations
# Reference: https://www.virustotal.com/gui/file/99949dfcbcf839e50ed3aa42ebdbf2d3aa1b26847eef8bff7cdbd5f7bcb30614/detection

crayzzik.ddns.net

# Reference: https://www.virustotal.com/gui/file/f941fae5480184428b3724bef1bd2fafd4d8c959ba831563d6877f09e6426b36/detection

193.161.193.99:51805

# Reference: https://www.virustotal.com/gui/file/3a998217822cc5db7d6540f6d1cc907400a97c55d397438e05a14539a299f8c9/detection

176.9.70.180:22222
dihavnewapp.xyz

# Reference: https://www.virustotal.com/gui/file/8c99919e6837d693f7cbd1cb8f6fe4d354dd28d1a9864cd898934cb6dccb1d59/detection

193.161.193.99:37614
cheeta-37614.portmap.host

# Reference: https://www.virustotal.com/gui/file/f90ac69c7817cd7164c03f3b78f03045bb6a3ebb6d2c4f01b36387cb3e5ca37b/detection

108.61.210.74:1166
185.141.62.35:1166
208.101.60.87:1166
213.244.123.150:1166
66.220.147.44:1166
93.115.28.195:1166
scr.selfip.net

# Reference: https://www.virustotal.com/gui/file/4a7eea45ace28678e0fabb77196d9845eeb80e675006ca4b58a5fe6e360c3e7d/detection

3.130.209.29:21572

# Reference: https://twitter.com/malwrhunterteam/status/1481236472061743104
# Reference: https://twitter.com/LukasStefanko/status/1481960668186226695
# Reference: https://www.virustotal.com/gui/file/3db0d587001285f306fbdd73d29ad62ee826a0c27585ebaaf1d993504fdacc5f/detection

chitchat.ngrok.io
wetalk.ngrok.io

# Reference: https://twitter.com/malwrhunterteam/status/1484835454985850882
# Reference: https://www.virustotal.com/gui/file/c351bf2fa876cefe5fb8d6e6f5764364456f3fa89eef83d3743bd1702fffefd9/detection

195.58.38.192:22222

# Reference: https://www.virustotal.com/gui/file/d4ab7d2f4ba6875f149f4168646aa73f6fbd33479d32b34e5a31c72da73b382d/detection

206.189.80.59:22964

# Reference:  https://twitter.com/malwrhunterteam/status/1496800388321722370
# Reference: https://www.virustotal.com/gui/file/be3341e32f700d6eb86540c1b4bf864b9a0da006bb56a97aa891d5be081d9046/detection

robertapollysexy.com

# Reference: https://www.virustotal.com/gui/file/be3341e32f700d6eb86540c1b4bf864b9a0da006bb56a97aa891d5be081d9046/detection

androidrapido.com

# Reference: https://www.virustotal.com/gui/file/2d7d3de64cd33f74e337c50855353506c3a45971e003f98fc137d5df62d9369b/detection

3.141.142.211:12098

# Reference: https://www.virustotal.com/gui/file/ddc9d251af6e67bce5f95065a1d49dd85bde2b2cc177c12cf36abdbfa1907d87/detection

193.161.193.99:48147
yourboss-48147.portmap.io

# Reference: https://www.virustotal.com/gui/file/be3341e32f700d6eb86540c1b4bf864b9a0da006bb56a97aa891d5be081d9046/detection

o731193.ingest.sentry.io

# Reference: https://twitter.com/malwrhunterteam/status/1574465208340418575
# Reference: https://www.virustotal.com/gui/ip-address/185.136.162.238/relations
# Reference: https://www.virustotal.com/gui/file/49c8539b26c8c7134e2ee14688eb14410690d748e4a3c105d8722f3a8983013c/detection

185.136.162.238:9108
appreviewhelper.com
chatindian.xyz
beautynaturali.ddns.net
server-chat1.chatindian.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1581003205516722176
# Reference: https://www.virustotal.com/gui/file/fb40823417fabe77dda51d836c8b69699e14c528468b50aef6c917810ae02098/detection

172.104.187.113:8092
miya3jh1z.xyz
c9dz99.miya3jh1z.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1590070110240538627
# Reference: https://www.virustotal.com/gui/file/06a253cddba6ac9686939527075e2235b7741ea6903349d86a1a33543af7fcfa/detection

letchitchat.info

# Generic

/pgb9umnsh_m1pgb9umn.html

# APK

/AF_News.apk
/AVATRADE_APP.apk
/ChatinIncognito.apk
/ROCKFORT_APP.apk
/Pigeon_Messenger.apk
/whatsapplite.apk
