# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://medium.com/csis-techblog/analysis-of-joker-a-spy-premium-subscription-bot-on-googleplay-9ad24f044451

joker2.dolphinsclean.com
beatleslover.com
tb-eu-jet.oss-eu-central-1.aliyuncs.com

# Reference: https://twitter.com/sh1shk0va/status/1184054662003134464
# Reference: https://www.virustotal.com/gui/ip-address/52.77.93.217/relations

23w5338-z.com
beatleslover.com
hyy-2d2.com
kaaryah.com
nichfyy.com
prick-6ey.com
sw7p5-629.com

# Reference: https://twitter.com/ReBensk/status/1217065291320045568

andu-eu.oss-eu-central-1.aliyuncs.com

# Reference: https://research.checkpoint.com/2020/android-app-fraud-haken-clicker-and-joker-premium-dialer/
# Reference: https://www.virustotal.com/gui/ip-address/3.123.204.12/relations

http://3.123.204.12

# Reference: https://twitter.com/ReBensk/status/1232297093802233856

happyyear.top

# Reference: https://twitter.com/ReBensk/status/1246451065970712576

wsbb.oss-eu-central-1.aliyuncs.com

# Reference: https://twitter.com/sh1shk0va/status/1249765927677243393

gplay.oss-eu-west-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1274316961510498306

yehua-online.oss-cn-hangzhou.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1274334502224044032

facebookdata-1301476296.cos.na-ashburn.myqcloud.com

# Reference: https://twitter.com/ReBensk/status/1275443534070296576

wdfoz.oss-eu-central-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1275713835090001922

rockmanpc.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1276806753959763968

http://34.206.171.237
woea.oss-me-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1278016062378987520

etut.oss-me-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1279451409189146624

39200628.oss-me-east-1.aliyuncs.com

# Reference: https://twitter.com/bl4ckh0l3z/status/1278711799001632769

separatesuppliers.live

# Reference: https://www.virustotal.com/gui/file/275dbae90dc9d84782297858b90579a106d4752e0b6e8a7553b86d1d4d8f7f62/detection

http://47.241.2.108

# Reference: https://www.virustotal.com/gui/file/4a9504de927266b9101417e2dc2acf66e2c9e5b3565f64894a6467b0ebeac58f/detection

http://161.117.229.58

# Reference: https://twitter.com/bl4ckh0l3z/status/1280090346840567809
# Reference: https://www.virustotal.com/gui/file/76faf61e374b271d7a818338a4857c2400ff0a2e5864ce1a70e6df04cf8da3a0/detection
# Reference: https://www.virustotal.com/gui/file/901020b4b768fd4382f9d305cce7906b33dd0ce876e28151d760b0311b5e8769/detection

http://161.117.44.212
http://161.117.46.64
http://161.117.48.94
33333333333-1301476296.cos.eu-moscow.myqcloud.com
facebookdata-1301476296.cos.na-ashburn.myqcloud.com

# Reference: https://research.checkpoint.com/2020/new-joker-variant-hits-google-play-with-an-old-trick/

gd-1301476296.cos.na-toronto.myqcloud.com

# Reference: https://twitter.com/ReBensk/status/1281909972683677696

http://161.117.83.26
hardsay.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/bl4ckh0l3z/status/1283788323178373120

http://47.74.179.177

# Reference: https://twitter.com/ReBensk/status/1286642164152311810
# Reference: https://www.virustotal.com/gui/file/198d887f450053630fa40ae0221c794a1ce6733385e6559dae3b9777308803b2/detection

allstars.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/bl4ckh0l3z/status/1287414754496196610

waitalone.oss-ap-southeast-3.aliyuncs.com

# Reference: https://twitter.com/bl4ckh0l3z/status/1287662297465454592
# Reference: https://www.virustotal.com/gui/file/4bc4beccd01a014354c27e2388e87e67ff1d37e5c7a220650d6931ac4fc28b89/detection

hardwarestandards.shop
mobiledevices.icu

# Reference: https://twitter.com/ReBensk/status/1288333955570302976

aisunani.oss-ap-southeast-3.aliyuncs.com

# Reference: https://twitter.com/aazim_here/status/1288440507396493313

narta.oss-me-east-1.aliyuncs.com

# Reference: https://twitter.com/bl4ckh0l3z/status/1288701923974156288

99042.oss-me-east-1.aliyuncs.com

# Reference: https://twitter.com/sh1shk0va/status/1288790256649674752

fbgufra07.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/sh1shk0va/status/1288790529308864512

larkbucket.oss-us-west-1.aliyuncs.com

# Reference: https://twitter.com/bl4ckh0l3z/status/1289412525197467648

bullse.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/bl4ckh0l3z/status/1289831992108789761

reff2355-1301476296.cos.eu-moscow.myqcloud.com

# Reference: https://twitter.com/bl4ckh0l3z/status/1290214936900063232

fdsr234-1301476296.cos.eu-frankfurt.myqcloud.com
gfd3424-1301476296.cos.ap-mumbai.myqcloud.com
hkkg34fd-1301476296.cos.na-siliconvalley.myqcloud.com

# Reference: https://twitter.com/bl4ckh0l3z/status/1290603888991776771

dg1042.oss-eu-central-1.aliyuncs.com
mg420.oss-us-west-1.aliyuncs.com
ydnxy042.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/ni_fi_70/status/1290612822582468613

http://161.117.226.98

# Reference: https://twitter.com/ReBensk/status/1290618344853221376

http://161.117.62.127
http://47.91.99.122
http://47.91.99.17

# Reference: https://twitter.com/bl4ckh0l3z/status/1290655447645663234

gseven.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1291985135936602112

purchasingmanagers.club

# Reference: https://twitter.com/bl4ckh0l3z/status/1292425701925281793

http://54.251.231.73

# Reference: https://twitter.com/bl4ckh0l3z/status/1292908632217210884

forgotten.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1297528634127851533

ruik.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1297909430663684098

http://54.254.62.156

# Reference: https://twitter.com/ReBensk/status/1298846513070829568

jk8681oy.oss-eu-central-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1298891762744909824

were4o5.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1300691596556603392

blackdragon.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1300652965854883840

n47n.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1301027283734585344

blackdragon02.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1301494248550866944

2j1i9uqw.oss-eu-central-1.aliyuncs.com

# Reference: https://twitter.com/sh1shk0va/status/1301963377435181057

http://18.141.129.153

# Reference: https://twitter.com/ReBensk/status/1303917434831876097

proxy48.oss-eu-central-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1309475351572045825
# Reference: https://www.zscaler.com/blogs/security-research/joker-playing-hide-and-seek-google-play
# Reference: https://otx.alienvault.com/pulse/5f6e0a6e075485dddd57a37b

2j1i9uqw.oss-eu-central-1.aliyuncs.com
blackdragon.oss-ap-southeast-5.aliyuncs.com
blackdragon03.oss-ap-southeast-5.aliyuncs.com
fgcxweasqw.oss-eu-central-1.aliyuncs.com
jk8681oy.oss-eu-central-1.aliyuncs.com
laodaoo.oss-ap-southeast-5.aliyuncs.com
n47n.oss-ap-southeast-5.aliyuncs.com
nineth03.oss-ap-southeast-5.aliyuncs.com
proxy48.oss-eu-central-1.aliyuncs.com
rinimae.oss-ap-southeast-5.aliyuncs.com
sahar.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1310417869184946176

successfully.link

# Reference: https://twitter.com/ReBensk/status/1318048542037082114

becomplete.online

# Reference: https://twitter.com/ReBensk/status/1318400566628765696

http://161.117.178.233

# Reference: https://twitter.com/ReBensk/status/1318608437056466944

http://161.117.250.158

# Reference: https://twitter.com/ReBensk/status/1318757468995018752

http://161.117.230.57

# Reference: https://twitter.com/ReBensk/status/1320593911090421760

brickmortar.life

# Reference: https://twitter.com/ReBensk/status/1322789280083808263

idnyss-1301476296.cos.ap-mumbai.myqcloud.com

# Reference: https://twitter.com/ReBensk/status/1327249045513879556

watermile.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/ReBensk/status/1329328104720932865

nqgvyv.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/Cuser07/status/1332623673484689408

firelife.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/sh1shk0va/status/1336482195230380032

icelife.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/sh1shk0va/status/1336651462395490305

satellites.life

# Reference: https://twitter.com/Cuser07/status/1341937502685261826

perper.oss-ap-southeast-5.aliyuncs.com

# Reference: https://twitter.com/Cuser07/status/1342708478737936384

likeafish.oss-us-east-1.aliyuncs.com

# Reference: https://twitter.com/Cuser07/status/1343389745372491777

indo-1301476296.cos.ap-mumbai.myqcloud.com

# APK

/000166ssshH5.apk
