# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: MetaDroid, Hook

# Reference: https://www.threatfabric.com/blogs/ermac-another-cerberus-reborn.html

178.132.6.150:3000
185.215.113.42:3000
185.215.113.81:3000
185.215.113.94:3000

# Reference: https://twitter.com/malwrhunterteam/status/1447613589456621569
# Reference: https://twitter.com/malwrhunterteam/status/1506698319992655875
# Reference: https://twitter.com/a1exeremin/status/1447679196042604544
# Reference: https://twitter.com/ViriBack/status/1475455704571985921
# Reference: https://www.virustotal.com/gui/ip-address/185.215.113.100/relations
# Reference: https://www.virustotal.com/gui/file/1261e271402ea43f0a51294c7037b6d9da627500ea7e6644f5b9f608f7368928/detection
# Reference: https://www.virustotal.com/gui/file/0911af4b050e632cba517adcf27e2550cb5685e8c88cea2ff164ecb0bdc42904/detection
# Reference: https://www.virustotal.com/gui/file/81249654f8bdea0a179afe97e7abf7d455f2ef821ea1c24521cecdcc8b7d3bdf/detection
# Reference: https://www.virustotal.com/gui/file/f42e34e3f19589895467eb15a73605df302cafd0ed0dedc571308e3ce55f8a78/detection
# Reference: https://www.virustotal.com/gui/file/c509ce7942ec45ba33eee473aacc158c5750957a56929bce07f2f31c59b395e0/detection

185.215.113.81:3000
185.215.113.100:3000
185.215.113.100:3434
185.215.113.59:3434
193.106.191.148:3434
ermac.icu
fghjngjkjgy.ga
/2iq5gqb84krcezxjhl.php
/2lsqn0nw5n.php
/3nl3.php
/5kvoe.php
/5yk3j1gowg5c.php
/a357na0rnxbw9illf.php
/cc3t9t7rdfz8.php
/kch7j27y5welfhkzqt.php
/lf7xbkvzloig.php
/p5ndowme.php
/wzv3g0jmiwua.php
/x9v8e.php
/xxovkl45054m1rmu.php

# Reference: https://twitter.com/malwrhunterteam/status/1514928660675014656
# Reference: https://www.virustotal.com/gui/file/fc09f1e1b7fcf70770b0d52c5f203472c10dc98b6717b2f0bc343b5d1947056f/detection
# Reference: https://www.virustotal.com/gui/file/c7e7489531d3fa243cd775cfafacefd473f2ae71a3e9cdd5331db60a11198896/detection

194.26.29.28:3434
/0kkl5nd7i2956678a9l.php
/1qk5jb1m6l2fka.php
/48tznctyvhev920.php
/4g1o0.php
/5eqr7narx7uarp.php
/9b5786npucessoc.php
/drg23mwx9.php
/edwypp9a1.php
/goljim4v58rk782.php
/h4ry5wb03lys5.php
/i9924d17g.php
/kpak1iq09.php
/mi0sr3c1qc1qir.php
/q9sf5kefkvxt94.php
/v6gbc9rsq3q1dt.php
/vfcakqx84rt6gwj.php
/xirbarg7dz.php
/yk1j2r7.php
/zfww.php

# Reference: https://twitter.com/pmmkowalczyk/status/1516779700953174017
# Reference: https://www.virustotal.com/gui/file/4b4712848697ba87a74eadca39afd93fc22b436647c4186879a19b12fc8ecc88/detection
# Reference: https://www.virustotal.com/gui/file/b35a51dd3d07f023f2235772857c8d04ec420e5f8fcf1ef3a416af4400cdb4fb/detection

193.106.191.116:3434
/4ugv0rt87ey1prjrx.php
/7919kocnto1lxhulud8.php
/8cepqi41rstpl4uv.php
/8p2yidc2m8atj8lb.php
/cmgiusaew29n0qyd3i1m.php
/cq05tmqtkaxft5qv769g.php
/f06osvq.php
/g89k5v1v.php
/gh1ieakq3.php
/qfinq.php
/qlwgp1d813.php
/s56680kc36e1ruhyb.php
/tc5gm7omu7en6.php
/u5xujynybl.php
/utv23m.php
/wmzjb4ijh.php

# Reference: https://twitter.com/ESETresearch/status/1526897310231322630
# Reference: https://blog.cyble.com/2022/05/25/ermac-back-in-action/
# Reference: https://otx.alienvault.com/pulse/628e4b375bc6bbd74c7b920e
# Reference: https://www.virustotal.com/gui/file/2cc727c4249235f36bbc5024d5a5cb708c0f6d3659151afc5ae5d42d55212cb5/detection

http://185.215.113.100
http://193.106.191.116
http://193.106.191.118
http://193.106.191.121
http://193.106.191.148
185.215.113.100:3434
193.106.191.116:3434
193.106.191.118:3434
193.106.191.121:3434
193.106.191.148:3434
bolt-food.site
boltfood.site
/wfxgi.php
/gehwonr1ja.php
/5xeer7yia3fb0h.php
/bjcwnlxnqjq.php
/0xdflkzbi.php
/15s9gps5jkj0tuzp.php
/p2ocy7hfx30vz.php

# Reference: https://twitter.com/malwrhunterteam/status/1527732575401304066
# Reference: https://www.virustotal.com/gui/file/59e83ad07fc5944c90d06f8528d32c8cf3bd85da28cd4c4a6161d3413393c60a/detection

a2zgstcenter.com
design.a2zgstcenter.com
files.a2zgstcenter.com
fu.a2zgstcenter.com
kinkyapp.a2zgstcenter.com
onflyfansleaks.a2zgstcenter.com
porno.a2zgstcenter.com
track.a2zgstcenter.com
ys.a2zgstcenter.com
/damxvy2x006.php
/rrg748vxuxk.php

# Reference: https://twitter.com/malwrhunterteam/status/1527985074825732099
# Reference: https://www.virustotal.com/gui/file/f4d18662c927380a2d30eba367fafd3746fa137df499cb50d49e591a420aa95d/detection

http://45.141.85.25
45.141.85.25:3434
apkphoto.co.nz
/4nep90ruob0vphc.php
/78nyseehouzeh05xv98.php
/adbo5is6.php
/cyl392t.php
/f0j0aden00d2n.php
/gc3juqpqdcl.php
/i9hna3hczxbyqx.php
/jlsh5yrqgwxo.php
/njz0de7jwqjmeqx.php
/sy34cndqt.php
/u63suuv3728n8.php
/xnp7uhisi.php
/zw1zlr4oip6zt53rsbr.php

# Reference: https://tria.ge/220713-l3xrtscgdn/behavioral2

45.141.85.29:3434

# Reference: https://www.virustotal.com/gui/file/e75f008435339b5eedf30d49e93a164010c8fce9dc790535cf4fdab23d1bdc79/detection

45.141.85.30:3434
/2cuql1007.php
/3strcfz6fzvvdkk86.php
/69g567pf.php
/gw6zjp39mq9aov42w.php
/p42nthjhtt7tv.php

# Reference: https://www.virustotal.com/gui/file/042fd9bfb520cfd143d17d0b17982fe8fa598f0877a4d4e2d5b93d68d3280f75/detection

62.204.41.182:3434
/1a7g3gvdsp7zgj9ye9.php
/46fjsc5d77c7.php
/6d6rfa.php
/6w1lw42jwg3jcpycz38d.php
/713840vf2wh2p.php
/dkt6fwsob9g0afi116.php
/do9phtic6b1p.php
/fm9kx9zdpybqb7du.php
/jcvq6way.php
/uol23q.php
/uxh4xo.php
/vdfy6u9eqabv8qo50y.php
/xkwdo.php
/zd9je6271tn1jod0spe.php

# Reference: https://www.virustotal.com/gui/file/937fde61a2239182fcf4f2d3429e3d691ccea1bab75a1f01d04e7b849f14446f/detection

45.141.85.31:3434

# Reference: https://www.virustotal.com/gui/file/119847544d8d823c2bf7a541f446eb05eec0ca22cb0222583fdca173ace25074/detection

45.141.84.92:3434
/19m9op5.php
/hbqr3kez6gcd87.php
/j7nr3wg6slk7ed9ab41.php
/k00fejs2rbvxmv.php
/nnfuf72mfwfp4u3hga62.php
/pbzcd4xy09a.php
/su6hftlfphhc.php

# Reference: https://twitter.com/0xrb/status/1564222855830597632
# Reference: https://www.virustotal.com/gui/file/4ee64040dca285932d0533ef2f5715445347783dc941ad93465d632a8e25f00a/detection

http://62.204.41.98
62.204.41.98:3434

# Reference: https://twitter.com/r3dbU7z/status/1564501672340197376

http://108.61.166.245
http://194.26.29.28
http://20.249.63.72
http://213.226.123.8
http://216.238.71.179
http://45.141.84.92
http://45.141.85.29
http://45.141.85.30
http://45.141.85.31
http://62.204.41.182
108.61.166.245:3434
194.26.29.28:3434
20.249.63.72:3434
213.226.123.8:3434
216.238.71.179:3434
45.141.84.92:3434
45.141.85.29:3434
45.141.85.30:3434
45.141.85.31:3434
62.204.41.182:3434

# Reference: https://twitter.com/0xrb/status/1564546929110835200

http://51.15.150.5
51.15.150.5:3434

# Reference: https://twitter.com/AuCyble/status/1580552579452313600
# Reference: https://www.virustotal.com/gui/ip-address/103.109.101.137/relations

apk-combos.com
app-vidmate.com
app-vidmates.com
app-vidmates.link
m-apkpure.com
m-apkpures.com
paltpal-apk.com
snacpchat-apk.com
tlktok-apk.link
vidmate-apps.com
vidmates-app.com
vidmates-apps.com
vidmatesapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1595130983061553152
# Reference: https://www.virustotal.com/gui/file/387c41679ac3de139fd175e22ba4f8019eb82d5125a2c9ac26e3f2b3ee4519e1/detection

wifi-autorisation1.com

# Reference: https://twitter.com/malwrhunterteam/status/1603105701278240769
# Reference: https://www.virustotal.com/gui/file/8c89fa9a0d6656b60ac91018a1feff58945b07e560b549a8f56440a2d00377d7/detection

176.113.115.66:3434

# Reference: https://www.threatfabric.com/blogs/hook-a-new-ermac-fork-with-rat-capabilities.html
# Reference: https://www.virustotal.com/gui/file/768b561d0a9fa3c6078b3199b1ef42272cac6a47ba01999c1f67c9b548a0bc15/detection
# Reference: https://www.virustotal.com/gui/file/8d1aabfb6329bf6c03c97f86c690e95723748be9d03ec2ed117376dd9e13faf0/detection

193.233.196.2:3434
5.42.199.22:3434

# Reference: https://www.virustotal.com/gui/ip-address/63.250.60.42/relations
# Reference: https://www.virustotal.com/gui/file/23536a2a04baf0f2432e38faf71d8480c308429c4c9ba6d03157b35672df7ed5/detection
# Reference: https://www.virustotal.com/gui/file/99397c9a53400130039479da2e8064daf0afcca71ef237d0d2c1f029d445f16f/detection

evjvrrxkgrohvbmogcjl.net
mcoxxpqxysmvsmbiqxjx.net

# Reference: https://twitter.com/malwrhunterteam/status/1631638354088407040
# Reference: https://www.virustotal.com/gui/file/0756fbd9ecb958b7a3615ea9e6b78c0e2a66d33bd13c8af565bc5358f69fa0ee/detection

176.100.42.11:3434
directlink.info

# Reference: https://twitter.com/0x6rsk/status/1634185009798971397
# Reference: https://www.virustotal.com/gui/file/a86e95eb058725eeaa326655208e1fe4e70140303be07fc3bc92f01bca7aa1d6/detection

35.91.53.224:3434

# Reference: https://twitter.com/Gi7w0rm/status/1641570957352488961
# Reference: https://twitter.com/Gi7w0rm/status/1641603152607694848
# Reference: https://twitter.com/Gi7w0rm/status/1641604541677223936

http://176.100.42.11
http://91.215.85.23
canamacan.sc.ug

# Reference: https://twitter.com/0xrb/status/1641700350372478976

http://185.186.246.69
http://5.42.199.22

# Reference: https://twitter.com/jstrosch/status/1645874394684858368
# Reference: https://www.virustotal.com/gui/file/45a3846d33e39937fc3211675bc9a2a3b2634af80edec629b89f3ea27a5c0b93/detection
# Reference: https://www.virustotal.com/gui/file/0399d5868f1c7ace8585daba2b93d794a19dd354f95a2c5ae0bc870237c9eb37/detection

http://91.215.85.37
91.215.85.37:3434

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/

http://45.93.201.92
http://91.215.85.223
45.93.201.92:3434
91.215.85.223:3434
91.215.85.23:3434

# Reference: https://twitter.com/TLP_R3D/status/1646228697156812821

http://141.8.199.8
http://46.173.218.30

# Reference: https://twitter.com/0xrb/status/1679746515969929216

http://91.228.10.228

# Reference: https://threatfox.abuse.ch/browse/malware/apk.ermac/

http://176.113.115.66
http://176.113.115.67
http://5.42.199.3
http://5.42.199.91
http://92.243.88.25

# Reference: https://twitter.com/ReBensk/status/1695321207766127094
# Reference: https://www.virustotal.com/gui/file/5fa1399f06c9670d9b84b9539bfb9fb0d5a6b770c620e080a3676cef94132476/detection

http://185.225.75.134
185.225.75.134:3434

# Reference: https://threatfox.abuse.ch/ioc/1152268/

94.156.253.67:3434

# Reference: https://twitter.com/ReBensk/status/1696561384325107792
# Reference: https://www.virustotal.com/gui/file/75839d42036039ce7f2569ea73a6e3ee32bf2b4a54b5e08c6a467a3412c6592a/detection

http://176.111.174.191
176.111.174.191:3434

# Reference: https://twitter.com/karol_paciorek/status/1696786262831628510

http://195.3.223.232
http://81.161.229.188 

# Reference: https://www.virustotal.com/gui/file/f642d2c6a70828028e0f3f7e9b9a87537c6556870cdf4602ee992091040a1850/detection

http://84.32.214.56
84.32.214.56:3434

# Reference: https://research.nccgroup.com/2023/09/11/from-ermac-to-hook-investigating-the-technical-differences-between-two-android-malware-variants/

http://165.232.78.246
http://176.113.115.150
http://193.56.146.176
http://20.108.0.165
http://20.210.252.118
http://31.41.244.187
http://35.90.154.240
http://35.91.53.224
http://45.159.248.25
http://45.81.39.149
http://62.204.41.94
http://68.178.206.43
http://91.213.50.62
165.232.78.246:3434
176.113.115.150:3434
176.113.115.67:3434
185.186.246.69:3434
193.56.146.176:3434
20.108.0.165:3434
20.210.252.118:3434
31.41.244.187:3434
35.90.154.240:3434
45.159.248.25:3434
45.81.39.149:3434
5.42.199.3:3434
5.42.199.91:3434
62.204.41.94:3434
68.178.206.43:3434
91.213.50.62:3434
91.215.85.22:3434
92.243.88.25:3434

# Reference: https://twitter.com/FalconFeedsio/status/1709547350132207851

http://45.12.253.5
http://45.12.253.58

# Reference: https://twitter.com/ReBensk/status/1712854745545674788
# Reference: https://www.virustotal.com/gui/file/d1050b5efcab3f70e633683313c363dfcb51afc126f448bc1729da8ab533a0b5/detection

http://185.216.71.89
185.216.71.89:3434

# Reference: https://threatfox.abuse.ch/browse/malware/apk.ermac/ (# 2023-11-01)

http://109.107.189.6
http://82.147.85.136
http://94.131.111.119
82.147.85.136:3434
94.131.111.119:3434
whereisyours-toporder.com
whereisyoursnewtoporder.com

# Reference: https://twitter.com/g0njxa/status/1720397731389124632

http://161.35.235.125
http://176.124.223.83
http://176.57.212.219
http://178.23.190.21
http://185.216.71.23
http://185.216.71.59
http://185.254.37.233
http://185.254.37.235
http://193.46.56.124
http://194.180.48.154
http://195.123.217.94
http://195.201.199.60
http://195.201.85.41
http://199.101.135.49
http://20.39.184.218
http://34.29.18.72
http://45.66.230.72
http://82.147.85.73
http://87.98.185.14
http://91.215.85.153
http://91.222.236.50
http://91.242.229.247
http://91.92.245.80
http://91.92.249.18
http://93.123.118.226
http://94.156.253.67
http://94.156.6.199
http://94.156.64.181
http://94.156.67.47
bravevikingser.xyz
connctect-apge.top
domian-page.top
servace-porduct.top

# Reference: https://www.kruse.industries/l/lad-os-analysere-android-hookbot/
# Reference: https://www.virustotal.com/gui/file/fec316401667b5076a93fd4c1357711390cd79eeb581e644e3b8b9e7a465504a/detection

9ucnuacw9lfmfx39ucnuacw9lfmfx3.cpd.capital
app-unsivap.com.kz
pari-usdt-hediye.xyz
uodkboueawujb8euodkboueawujb8e.canawrx.com

# Reference: https://threatfox.abuse.ch/ioc/1198904/

91.92.240.173:8082

# Reference: https://threatfox.abuse.ch/browse/malware/apk.ermac/ (# 2023-11-25)

http://193.233.255.253
http://79.137.207.52
http://89.116.227.245
http://91.92.246.222

# Reference: https://twitter.com/noexceptcpp/status/1730216419286008224

http://101.99.93.156:81
http://103.241.66.221
http://104.248.168.233
http://109.107.189.97
http://129.159.153.218
http://13.215.161.69
http://134.255.233.83
http://137.184.166.159
http://137.184.197.138
http://141.98.233.124
http://143.110.185.89
http://143.198.10.18
http://144.76.254.11
http://152.89.198.96
http://154.194.53.21
http://154.204.60.134
http://154.204.60.34
http://154.82.81.80
http://157.7.114.81
http://158.220.105.223
http://158.220.117.52
http://158.220.117.53
http://158.220.117.55
http://159.100.6.50
http://159.69.146.11
http://160.20.108.242
http://163.5.169.19
http://163.5.169.41
http://163.5.64.17
http://163.5.64.19
http://163.5.64.20
http://163.5.64.24
http://163.5.64.31
http://163.5.64.32
http://163.5.64.46
http://163.5.64.47
http://163.5.64.9
http://164.92.103.220
http://164.90.149.96
http://167.235.66.122
http://172.201.108.245
http://178.130.132.106
http://18.141.3.52
http://18.142.44.78
http://185.221.67.10
http://185.229.224.110
http://185.243.181.12
http://188.120.239.67
http://188.120.240.217
http://192.129.227.114
http://192.129.227.115
http://192.129.227.116
http://192.129.227.117
http://192.129.227.118
http://192.236.160.70
http://193.164.4.109
http://193.164.4.15
http://193.164.4.60
http://193.233.254.19
http://193.233.254.49
http://193.233.254.5
http://193.233.255.255
http://194.146.38.53
http://194.26.192.208
http://194.33.191.111
http://194.33.191.166
http://194.33.191.229
http://194.33.191.230
http://194.33.191.250
http://194.33.191.251
http://194.33.191.6
http://194.49.94.115
http://2.57.149.227
http://20.121.46.232
http://20.163.83.232
http://20.195.201.245
http://20.84.147.169
http://202.79.172.225
http://202.79.172.236
http://205.234.244.2
http://207.148.29.161
http://207.32.217.248
http://212.118.38.66
http://217.197.107.103
http://23.101.206.34
http://34.105.53.125
http://37.247.108.171
http://37.27.22.85
http://38.242.145.226
http://40.67.240.145
http://43.153.104.62
http://43.207.241.87
http://45.11.181.156
http://45.131.2.163
http://45.138.16.58
http://45.139.199.175
http://45.67.229.93
http://45.77.254.142
http://46.243.182.63
http://5.161.193.194
http://5.178.111.176
http://5.199.162.52
http://5.42.92.177
http://51.161.10.33
http://51.79.235.44
http://64.176.214.26
http://67.205.180.81
http://74.234.241.205
http://74.235.136.117
http://77.91.68.160
http://77.91.97.191
http://8.222.253.218
http://80.66.85.141
http://80.66.87.245
http://82.115.223.175
http://85.209.176.188
http://85.209.176.197
http://85.209.176.200
http://85.209.176.206
http://85.209.176.208
http://85.209.176.210
http://85.209.176.23
http://85.209.176.38
http://85.209.176.40
http://85.209.176.47
http://85.209.176.49
http://85.209.176.54
http://85.209.176.63
http://87.120.8.73
http://87.248.157.219
http://87.98.147.251
http://89.111.140.161
http://91.107.122.180
http://91.215.85.139
http://91.215.85.177
http://91.92.240.22
http://91.92.241.131
http://91.92.241.135
http://91.92.242.104
http://91.92.242.233
http://91.92.246.144
http://91.92.248.224
http://91.92.250.39
http://91.92.254.28
http://94.131.106.86
http://94.156.68.201
abisasgagsre.com
akjsdhkjashkjahd.online
akjshdkajshdajksh.xyz
akoskdoaksodaksokadk.pro
aksjdcbkjahskjaskj.store
ayrsydtrasytdrayst.shop
bc1q0j2ytw8wx5rqszcfenx58lhhx69rz6.com
bc1q9pzt5xa0pq3tujr7qv4x0pwqs23tev.com
bc1qf2gsq2t2juuwjwyq9j74kk8wcqspx8.com
bc1qm34lsc65zpw79lxes69zkqmk3ewgg2.com
cascscascdcascascdsd.info
crytobullfreesg.com
dasdasafasdcsacas.xyz
fdgdgdfgdfgfg.top
gozneajans.com
jsdnkajsndksan.com
kalkankaplangel.com
karamallekaratta.com
kmaksmdkasmdkams.top
offers25942.xyz
qweqweqweqweqwq.info
rvrfvfvrfvfvrfvrrfv.life
tafstdatfsdtafsdtfa.life
vsdcvsdvdvdsvddvs.xyz
web-rak.online
xsqaeddmckcncjdkmoqncjdl.store
yagysgyagsyagsygas.top

# Reference: https://twitter.com/ValidinLLC/status/1730713363557069166
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=185.216.71.94
# Reference: https://app.validin.com/axon?&type=ip&find=194.33.191.55
# Reference: https://app.validin.com/axon?&type=ip&find=45.12.253.37
# Reference: https://www.virustotal.com/gui/ip-address/185.216.71.94/relations
# Reference: https://www.virustotal.com/gui/ip-address/194.33.191.46/relations
# Reference: https://www.virustotal.com/gui/ip-address/194.33.191.55/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.12.253.37/relations
# Reference: https://www.virustotal.com/gui/ip-address/79.110.48.33/relations

ahsdahksjdhak.hk
aisdhasjhdakshj.online
aiusaiuasihauszxczx.com
aiusdausidhiasuhdia.com
aksjdhaksjhkdajhksjhdkajdhs.hk
aksjdhaskjdasjkhdsa.online
aksjdhsakdhakjshd.online
alskdjalskjdalsjkd.pw
alskjdlkasjlkjadljs.hk
aosdjaosidjoaisjdisoa.store
asdaasdasjknasknxja.online
asdasdasdasdasacsca.online
asdasdasdasdasad.pw
asdasdsdasdasdsxax.online
asdaxasxascaszc.life
asddassasdasdas.hk
asdhkasjhdkajhs.co.uk
asdkjshdakjshdkajs.hk
asdsadasdasadsa.online
ashiasodjasoidjaso.top
askjdajksdhas.site
askjhksajhkajhskajhsa.hk
askodkasoaskdas.hk
asqasqwsqasqwdqwd.hk
asuydtuyastduayst.space
asydgauysgdausygas.tech
audhsiuhuisahdsu.pics
auystduayuayst.site
aysgduyasgduyas.store
basdbjabsjdbas.pw
cascacascascascascas.hk
cascascascascasca.fun
cascascsacascascasca.shop
cascazxaxasxasxas.top
cascsasacsacascasca.pics
cxzcxcqsczazcazca.hk
daisjdaosjdoasijdaosidja.hk
dcwdcsdcsdcsdcdscsdcs.hk
ecaascsacsacascascas.top
ewfefwefwefwefw.biz
fvfvfvfvfsdvsdvsdvsd.hk
hanabero12873612.hk
hanabero18726g.hk
hanabero901892.hk
hausdhuashdauhs.biz
iausgdiasdugas.pw
iohaihsodihasoihdao.hk
iuhiuhiuhiuhuihiuiuh.hk
jadisjdiasjdias.lol
jahsdhaskdjaskjh.hk
jutebostis.hk
kagsdkjasbaj.online
kmokmoknonounoun.store
kmsadoasdkasodkma.lol
kokmokmokokmokmok.hk
lglglglglgllglglgl.hk
lkansldkaslkndaslkna.site
majsmasmdanasdas.hk
makmkamakmak.hk
maksmkamkmask.top
mjakajjsgasyvbiab.life
mjamjamjijsns.life
mkalsdkasndlaskas.space
mkamakmkamakm.pro
mkaosdmaosmad.shop
mkmakmakamka.online
mksdasdoasdkma.tech
mnbanbsdmnabs.info
mokasmdoskada.hk
nijuanijanai.hk
oiuqwqdasdasdas.life
projuthinjitsu.hk
qwdasdaqwdas.hk
qweqwdqwdqdwdq.store
qweqwdqwdqwdqwdqw.pro
qweqweqwdqwrrqwrqd.tech
qweqweqweqweqweq.tech
qweqweqweqweqwewww.hk
qwsqwsqwswssswww.hk
raarsrsassrasrsarsa.hk
rfrfrfewrwrfrwrfwrwe.pics
ryertyetretretre.shop
swwwwwwwwwwwws.hk
tasjhkasjnsajas.top
tfutfutfuutfuf.pics
theiuaiusiuaiumlmlm.com
toabmauagvakshla.life
tujingudujnji.hk
tujrnysinajsjs.online
tyabahasoba.info
tyastdyaaoskdaosk.hk
tyuytauytsuyatu.shop
uahhuahauhuah.info
uiaydiausydiuasyd.store
utaisuabmnabsask.live
utasuoidasuiadusipa.pro
wdawdawdawdawd.pro
xasxasxasxasxasx.shop
xasxasxasxazxasxaz.pw
xasxxxxxasxas.xyz
xmxmxmxmxmx.hk
xsxasxasxasxasxas.site
yahajhjaskhjhasdas.site
yanasohasdgasdnaosi.com
zcasscasszcasz.site

# Reference: https://twitter.com/ValidinLLC/status/1730713363557069166

account-bendigo.com
alvarezconstructionri.com
connexion-anytime.com
davi-vienda.com
dextools.ws
ewszsw.art
home-bendigo.com
konta-nest.com
pinxin6686.site
precisionrenovationri.com
ramp-web.com
us-brave.com
us-paymetech.com
us-synchrony.com
vp4.xyz
web--sabadell.com
web-1horizon.com
web-allianz.com
web-asb.com
web-bankinter.group
web-block-chain.com
web-blockchain.net
web-desjardins.com
web-fnb.com
web-inetesapaolo.com
web-intesapaolo.com
web-kbcportal.com
web-nbg.net
web-populaire.com
web-postbank.group
web-sabadell.com
web-sofiopen.com
web-targo.de
web-uniswap.org
web-verstapay.online
web-viewer.team
web-wells.com
web-wisse.com

# Reference: https://www.virustotal.com/gui/ip-address/81.161.229.174/relations

aksjdhaksjhdakj.fun
asdasdasaxsasxasxas.com
axjdhaxjhdakj.com
kmaskoasmaicmsocmas.site
mansmansmnasmnas.hk
mkasmockasocaksmoka.in.net
qweqweqweqweqw.site
raeaedadadedae.pw
tftftftftfaffaftatfatf.hk
uaitsdytasydas.pw
vrrvsvsrsrvsrvs.fun

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=185.252.179.12

adonisnode.com
asceaecacscea.top
asdbkjabsdabkjb.site
asdiugsauidhassda.net
asdygasyudtgasgy.site
asjdhkasjhda.xyz
askjdaskjgdaskjas.org
askjhdasjasl.net
autsgduaysgdasgu.shop
aysvduaysbasjxksnxoasnxoa.cloud
bavtsudaysgiuhdaosij.site
browserve.net
carebuster.net
corpbold.com
deckplaces.com
erqytuwioqewuqw.bond
erqytuwioqewuqw.digital
erqytuwioqewuqw.top
ewmkalomcasc.club
fulneruajnclo.com
iqgqnaaksnlaksa.space
juanjjaknclm.club
krasnajadiraska.site
ksmkldaksmaosdmaoskmad.pics
kulijanovatovadownload.net
maksmdkamskdmaskm.life
mkamksmakmsk.top
mkaosdkasdbasidbas.life
mkasdlaskmdaskadlask.life
mnamsndasnka.life
muqthanusjnaiqnq.net
myytasdtfasydtfaysfdast.net
nuvuvtabke.info
oasdoasjoa.top
oiuaoisudoiasassa.top
ojmaakjkjanasjj.fun
pacificabsin.com
placeoneworld.com
qnktnascoadcs.info
rytauyisuoipoasibhdgv.online
silizibidinim.com
souptopic.com
splashaplus.net
stintumikaslas.online
tanjunjusnajja.com
taskbaskdasjbka.top
tuhncjamujanams.com
tuhncjamujanams.info
tujinlos.club
turjinnakjaks.online
turkeymaljorka.tech
turnhyjanjajhsnn.club
turnhyjanjajhsnn.info
turnuajnxkaktaua.top
tuyuijnsijajjjsnm.net
tyasydtauystiauds.info
uasyasiudasjjodaasa.monster
ygasdsyugiasdgiuasiu.org
ynajuananmqyaa.info
yndjtrahnasjjsh.life

# Reference: https://www.virustotal.com/gui/ip-address/193.42.33.132/relations

asdasjhdgasjhdgas.hk
asdhaskhjdksjahdkasjdhaksj.hk
asdsasdascccc.pro
mkamkmakmsmmm.lol
qssxsqxaqxqazxaq.hk
qwodhqowidhoqiwdh.tech
shdiuvhisudvhuishvdiud.hk

# Reference: https://twitter.com/banthisguy9349/status/1730895048621887682

http://178.16.129.88
http://195.35.11.135
http://89.116.227.245

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2023-12-07)

http://194.33.191.18
http://207.244.246.192
http://45.81.224.129
http://54.238.196.57
http://78.153.130.36
http://91.206.178.182
http://91.242.229.199
138.201.128.124:81
tableaupubsecday.com
tehavi.com
gallery.tableaupubsecday.com

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2023-12-08)

http://103.12.148.35
http://104.233.210.167
http://107.173.140.104
http://163.5.64.73
http://172.174.214.137
http://173.254.235.53
http://193.149.189.240
http://195.85.207.218
http://212.224.88.253
http://4.236.181.235
http://43.243.73.167
http://45.77.170.174
http://62.197.49.1
http://64.227.149.69
http://66.29.133.55
http://91.92.252.193
http://95.214.177.39
ifisoundyou.gq
shadow.schatten.ir

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2023-12-12)

http://163.5.210.89
http://178.236.246.181
http://82.137.209.200
http://85.209.176.150
104.233.210.167:8082
104.247.166.167:8082
154.91.82.107:8082
18.141.3.52:81
194.33.191.18:8082
20.55.110.193:8082
212.224.88.253:8082
217.197.107.103:8082
38.242.145.226:8081
47.245.115.42:8082
5.8.41.35:8082
64.227.149.69:8082
91.242.229.199:8082
91.92.250.212:8082
95.214.177.35:8082

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2023-12-24)

http://143.198.138.49
http://194.163.175.12
http://194.87.31.216
http://213.159.209.194
http://217.28.221.80
http://23.27.120.116
http://51.116.104.192
http://87.121.87.60
http://87.121.87.61
http://91.109.188.11
bahrain-fine.org
film-studio.info
ger01.vpnbite.com
livraison-douane.com
loyaltyben.com
m-sendungsverfolgung.org
mein-kontoauszug.net
rb-n-clk.online
serpost-track.com
track-parcels.org
vf2gkzq1lw9.c.updraftclone.com
vmi1543279.contaboserver.net
webmail.agdetails.com

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2024-01-03)

http://139.162.33.94
http://149.28.73.166
http://165.232.153.139
http://173.249.46.253
http://185.250.210.93
http://46.190.144.131
http://69.197.142.85
http://91.107.127.226
91.92.244.42:9087
conspiracynomad.fvds.ru
movil-bancsabadell.com
rb-an-clk.org
s-paketverfolgung.com
undiny.ru
x-paketverfolgung.com

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2024-01-05)

http://118.107.43.36
http://118.107.43.66
http://118.107.43.86
http://135.148.144.188
http://152.89.198.187
http://158.160.76.97
http://159.65.52.64
http://178.236.246.210
http://181.215.49.104
http://181.215.49.105
http://184.94.212.153
http://193.201.9.62
http://193.233.254.183
http://194.33.191.188
http://194.33.191.202
http://194.33.191.54
http://199.247.21.128
http://34.203.226.105
http://37.230.112.206
http://38.242.209.185
http://43.129.215.239
http://45.76.87.78
http://45.77.68.120
http://64.227.41.169
http://77.91.68.183
http://80.108.50.31
http://80.87.197.162
http://88.99.210.25
http://89.111.137.14
http://91.107.124.12
http://91.107.127.88
http://91.92.245.159
http://91.92.249.240
http://91.92.250.211
http://91.92.251.71
http://91.92.255.30
http://92.63.106.153
4-72-seguimiento.com
avtokuba.ru
ceifador.benzetacil.com
eurolub.ec4you.at
flintton.ru
info-ibercaja.com
invadersec.com
ladyrai.site
my-package-tracking.net
openbank-dispositivo.com
rb-an-clk.online
reksiaeksinov.fvds.ru

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2024-01-06)

http://13.213.38.230
http://178.130.132.247
http://198.186.130.12
http://207.148.29.229
http://51.103.216.212
http://91.92.251.140
http://94.250.252.21
13.213.38.230:82
88.99.210.25:8082
app.to-kgb.ru
server289.mukhost.uk

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2024-01-09)

http://104.233.210.104
http://119.160.235.239
http://119.160.235.251
http://13.213.38.230:81
http://149.154.70.118
http://173.249.59.190
http://176.123.168.117
http://176.123.168.211
http://185.211.170.96
http://54.211.212.149
http://79.174.13.18
http://88.99.210.2582
http://91.224.92.176
http://91.92.240.134
http://91.92.249.143
http://91.92.255.80
api-encar.nibiru.pro
bitrix.avtokuba.ru
mebadboy.fvds.ru
o-paketverfolgung.com
reksiaeksinov1.fvds.ru
znwfb3.buzz

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2024-01-11)

http://193.233.132.35
http://20.55.233.193
http://79.137.203.29
http://91.107.124.135
http://91.92.241.235
http://92.118.113.12
18.141.3.52:83
79.133.180.197:8082
foxee5.cfd
hilfe-konto.com
jino57.fvds.ru
karasergkaravaev4.fvds.ru
mqrmtohl90.za.com
nanafb3.sbs
nowseacoin.top
vasvasniks5.fvds.ru
yiyidh21.sbs
yiyifb4.cfd

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2024-01-16)

http://154.204.60.236
http://176.123.169.240
http://185.146.157.121
http://193.222.96.25
http://23.224.102.158
http://38.207.178.212
http://38.60.205.80
http://45.88.79.168
http://5.182.87.142
http://54.151.255.201
http://81.19.137.68
http://82.115.223.84
http://82.146.35.250
http://91.107.127.141
http://91.108.240.144
http://91.224.92.195
http://91.224.92.201
http://91.224.92.211
http://91.92.255.110
http://95.181.151.119
104.243.248.73:8088
54.151.255.201:81
54.151.255.201:82
91.224.92.211:8082
animegalaxys.com
foxee4.cfd
htmljys.morebit.top
jadu.vip
morebit.top
muoujiejump2.sbs
rb-c-clk.online
sc.zhanshizhan.top
spacestar.su
suivre-mon-colis.com
track-my-parcel.org
vasvasniks6.fvds.ru
vpv.xj6.top
zhanshizhan.top

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2024-01-23)

http://104.131.162.146
http://143.244.191.193
http://149.154.69.190
http://159.100.22.120
http://185.172.128.82
http://185.186.25.92
http://185.250.243.209
http://2.59.119.102
http://20.75.90.103
http://212.98.224.58
http://45.141.85.181
http://45.141.85.216
http://45.87.80.164
http://46.29.239.26
http://78.111.89.2
http://86.110.194.125
http://91.107.125.148
http://91.224.92.194
http://91.92.244.124
http://91.92.244.195
http://91.92.246.195
http://91.92.255.52
http://93.123.39.107
http://93.123.39.169
http://93.123.39.4
http://93.123.39.77
http://93.123.39.85
http://93.123.39.86
http://94.228.162.140
http://94.250.253.1
http://94.250.254.234
5.189.132.250:3000
54.255.57.58:82
africankido.design
artre3.fvds.ru
beta.to-kgb.ru
emileewang.autos
ff.africankido.design
ipmotinov.fvds.ru
jakobtaylor.autos
karasergkaravaev2.fvds.ru
karasergkaravaev5.fvds.ru
karasergkaravaev6.fvds.ru
kasenmeyer.autos
mail.spacestar.su
matthiasellison.autos
nickbaseev.fvds.ru
nickbaseev5.fvds.ru
polina.to-kgb.ru
reksiaeksinov2.fvds.ru
reksiaeksinov5.fvds.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.225.73.88/relations

ararararararararssarar.hk
asdadassadsdas.xyz
maksmkamkmask.buzz
papakppakpkakpa.hk
uyuyasyaguysauyas.co

# Reference: https://www.virustotal.com/gui/ip-address/94.156.6.213/relations

azmlakpqkmc.life
liutexhutujuva.us
tujinlos.info
tujinlos.xyz
turjnvycewsgth.com

# Reference: https://threatfox.abuse.ch/browse/malware/apk.ermac/ (# 2024-01-24)

http://149.100.138.254
http://185.221.198.98
http://185.224.81.252
http://185.98.61.220
http://193.233.254.64
http://20.199.14.181
http://49.13.130.129
http://5.42.92.98
http://77.105.146.199
http://79.143.182.133
http://87.229.6.192
http://87.98.185.175
http://89.23.100.205
http://89.23.101.149
http://91.92.250.190
http://91.92.251.172
http://91.92.255.136
http://93.123.39.140
http://93.123.39.87
http://93.123.39.88
193.233.255.253:8080

# APK

/inatboxx.apk
