# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/_icebre4ker_/status/1459178538960097289
# Reference: https://www.cleafy.com/cleafy-labs/sharkbot-a-new-generation-of-android-trojan-is-targeting-banks-in-europe

sharkedtest1.xyz
sharkedtestuk.xyz

# Reference: https://twitter.com/midnight_comms/status/1459190518420852739
# Reference: https://twitter.com/_icebre4ker_/status/1461241411307769857
# Reference: https://www.virustotal.com/gui/file/4f1822817690d89943e7e57468ab4366e360772c0adce67bf74a7224b3732dee/behavior/VirusTotal%20R2DBox

c2hhcmtlzdq3cg9qqkk.xyz
c2hhcmtlzdq2cg9qqkk.info
c2hhcmtlzdq3cg9qqkk.info
c2hhcmtlzdq2cg9qqkk.xyz
c2hhcmtlzdq2cg9qqkk.cc
c2hhcmtlzdq2cg9qqkk.com
c2hhcmtlzdq2cg9qqkk.net
c2hhcmtlzdq2cg9qqkk.top
c2hhcmtlzdq3cg9qqkk.top
c2hhcmtlzdq2cg9qqkk.ru

# Reference: https://twitter.com/_icebre4ker_/status/1462707330877898754

nddwb2pcstlmsedgzgz.top

# Reference: https://twitter.com/cleafylabs/status/1491414401651458049
# Reference: https://www.virustotal.com/gui/ip-address/31.214.157.112/relations
# Reference: https://www.virustotal.com/gui/file/4b7945e3756abb48e2a9b62d8a3a7f633811a1073a20a7d46c121e29b41b6c31/detection

m3bvakjjouxir0zkzmd.xyz
mjaynhbvakjjouxir0z.xyz
mnbvakjjouxir0zkzmd.xyz

# Reference: https://blog.fox-it.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/

mjayoxbvakjjouxir0z.xyz
n3bvakjjouxir0zkzmd.xyz
statscodicefiscale.xyz

# Reference: https://twitter.com/_icebre4ker_/status/1506728296771461126
# Reference: https://www.virustotal.com/gui/file/917d7a3dff486a6b2908607dccf5d8a2929e05bb1ce988aec40bcb194d999bd0/detection

sigmastats.xyz

# Reference: https://research.checkpoint.com/2022/google-is-on-guard-sharks-shall-not-pass/
# Reference: https://otx.alienvault.com/pulse/62500ff8c7a4efb7d9e74ffb/

0f995b6f93c819a0.xyz
74071141daaf3521.xyz
c2hhcmtlzdq5cg9qqkk.top
mjaynxbvakjjouxir0z.xyz
mjaznxbvakjjouxir0z.xyz
ndlwb2pcstlmsedgzgz.top
y2znlm93bmvysuq0m3b.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1525052607005446150
# Reference: https://www.virustotal.com/gui/ip-address/185.219.221.65/relations
# Reference: https://www.virustotal.com/gui/file/38b625b22d181132c67d9012cc86a8c15af3416e4d39ae9007d2c02792b2ce2b/detection

http://185.219.221.65
11358f75eef6ac5c.xyz
122503f3e91e84bf.xyz
c3f2c437622918b0.live
f3eac8de096e59ca.live

# Reference: https://twitter.com/_CPResearch_/status/1539598489495150593

aftelcom.top
comappday.site
gematolink.xyz
gematonick.xyz
originativ.co
vansciver.me

# Reference: https://www.virustotal.com/gui/ip-address/176.10.125.87/relations

61b5b05e79ddc1bf.info
66300d872f8568f0.xyz
6a1b9ec71eb4d837.net

# Reference: https://www.virustotal.com/gui/ip-address/185.158.249.30/relations

6a00a421e44ead9e.live
7a4edf69ed3d21f9.live
80b51e6b4a4942d8.live
92cf772e294ea095.store
d6c73e3ea9b2429d.live

# Reference: https://blog.fox-it.com/2022/09/02/sharkbot-is-back-in-google-play/
# Reference: https://www.virustotal.com/gui/ip-address/109.230.199.47/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.212.47.113/relations
# Reference: https://www.virustotal.com/gui/file/7f2248f5de8a74b3d1c48be0db574b1c6558d6edae347592b29dc5234337a5ff/detection

confirst.xyz
constint.xyz
mefika.me
wwdvisi.xyz
yaseka.me
23080420d0d93913.live
7f3e61be7bb7363d.live
browntrawler.store

# Reference: https://muha2xmad.github.io/malware-analysis/sharkbot/

04ff9f101c72a417.com
3634b259b56f2866.live
6d829850c8eb7892.top
8d6102613d7d4ccc.xyz
b5c4f49eae222c10.store
e30a26a32a8020f1.info
efd909761db065cf.net

# Reference: https://twitter.com/tiresearch1/status/1572859851264659459
# Reference: https://www.virustotal.com/gui/ip-address/185.158.249.89/relations

0b125b25007220d9.xyz
1b0f3fddf8845df6.xyz
3ddafe944f1dba48.xyz
437435a4cce520bc.xyz
614e7cd1c623698a.xyz
75b84d88067cb231.xyz
827c153abcc78ce2.live
a7b8fa0a1e291cc2.xyz
b6a30d41c85f0edb.xyz
d48c662d57cd23e8.xyz

# Reference: https://www.bitdefender.com/blog/labs/android-sharkbot-droppers-on-google-play-underlines-platforms-security-needs/
# Reference: https://www.virustotal.com/gui/file/843a901c7633fc5e21e32e3f82a08f97874772e471dce3ab3d425482010a7137/detection

http://94.198.53.205
cdopea.store

# Reference: https://twitter.com/sh1shk0va/status/1600508602334281729
# Reference: https://www.virustotal.com/gui/ip-address/91.242.217.65/relations

downloadlastversion.online
neednewupdate.art
norriscras.online
norriscras.shop
norriscras.store
