# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.virustotal.com/gui/file/c716c56d401815842120a61140098f9e851d1f79cf4088a56ec6f1b6fd4bad62/detection
# Reference: https://vms.drweb.com/virus/?i=14931549&lng=en
# Reference: https://www.hybrid-analysis.com/sample/5b4cbd92c1cc6f946704b56845f6b3cec8caab2cb73eb9909f07e7e7d7849595?environmentId=200
# Reference: https://blog.naver.com/ian3714/220366680356 (Korean)

http://113.10.136.103
http://220.142.173.138

# Reference: https://twitter.com/malwaretracekr/status/1269636157710585856
# Reference: https://www.virustotal.com/gui/file/09a5deb3219bf3b9b31814e861fc97aa5b29061e8622c31b79fe826eebe6bd63/detection

http://1.174.90.183
avke.tanske.me

# Reference: https://twitter.com/malwaretracekr/status/1271255418791063552

htuto.isng.me

# Reference: https://twitter.com/malwaretracekr/status/1273503346523947008

edikopz1.aixdy.com.cn

# Reference: https://twitter.com/malwaretracekr/status/1296215120373149696

peuvnex.wuanvs.me

# Reference: https://twitter.com/malwaretracekr/status/1297096410513453056

mn.cjmallhg.cn

# Reference: https://twitter.com/malwaretracekr/status/1297098257089228800

cc.xcvcdd.vip

# Reference: https://twitter.com/malwaretracekr/status/1303518419086532608

cjcookid.info

# Reference: https://twitter.com/malwaretracekr/status/1304999127076335618

tn.bklog.ink

# Reference: https://twitter.com/malwaretracekr/status/1312765858154905601
# Reference: https://www.virustotal.com/gui/file/2beb2a2d594bbef0f152c003502b355d8342057d37e1a00bd138cfca6b65264d/detection

45.128.145.33:8899

# Reference: https://twitter.com/malwaretracekr/status/1314457384484364288
# Reference: https://www.virustotal.com/gui/ip-address/103.13.222.113/relations

http://103.13.222.113
km.maskmkb.info

# Reference: https://twitter.com/malwaretracekr/status/1316018657894395904
# Reference: https://www.virustotal.com/gui/file/1ef082e1093d7191317fc66f6e8f027fa404fff4acda9bf502f5c942970fdecf/detection

http://45.131.177.87
hsl4.paociw.me

# Reference: https://twitter.com/malwaretracekr/status/1316921517507284997

gh.easysmm.site

# Reference: https://twitter.com/malwaretracekr/status/1317701339548250112

n.wsdyt.ren

# Reference: https://twitter.com/malwaretracekr/status/1318437666229112832

xsziop.tmyds.xyz

# Reference: https://twitter.com/malwaretracekr/status/1319633694303293440

sxi1.svipg.xyz

# Reference: https://twitter.com/malwaretracekr/status/1321400280047513600

tmqh.eklcu.xyz

# Reference: https://twitter.com/malwaretracekr/status/1321423819811090433

voinxc1.voinxc.xyz

# Reference: https://twitter.com/malwaretracekr/status/1321707594491273216

fe.ihjkljkl.site

# Reference: https://twitter.com/malwaretracekr/status/1321816802297479169

ukcgyse9.qsjrk.xyz

# Reference: https://twitter.com/malwaretracekr/status/1324603862250975237

wkoxzu34.gkwjd.xyz

# Reference: https://twitter.com/malwaretracekr/status/1324706392826015744

ruxj.xmoru.me

# Reference: https://twitter.com/malwaretracekr/status/1325669330135076864

kend.xnoth.me

# Reference: https://twitter.com/malwaretracekr/status/1325670176956715008

esjl.ebrin.me

# Reference: https://twitter.com/malwaretracekr/status/1326842245836759043

gky1.bsiyw.me

# Reference: https://twitter.com/malwaretracekr/status/1331117613485735937

stt.mamsqe.me

# Reference: https://twitter.com/malwaretracekr/status/1337405537583939585

vr.auctios.site

# Reference: https://twitter.com/malwaretracekr/status/1341332054298873860

bolpstu8.krxlp.xyz

# Reference: https://twitter.com/malwaretracekr/status/1343043680492347392
# Reference: https://twitter.com/malwaretracekr/status/1343055891268923392
# Reference: https://www.virustotal.com/gui/ip-address/45.131.177.20/relations
# Reference: https://www.virustotal.com/gui/file/75a593ba4448f90f313c3add833d2b1c3ceae491a37ac1d635037fcca129784f/detection

45.131.177.20:2021
eilwo4.ripaq.me
n.ydei.group

# Reference: https://twitter.com/malwrhunterteam/status/1341710227780104192
# Reference: https://twitter.com/bl4ckh0l3z/status/1343299380149972996
# Reference: https://www.virustotal.com/gui/file/86f1fd5ea17fad52b8a0c247d464e8fbfd35d8157892816b027fe2eed62b0bd2/detection

123.253.110.85:8899

# Reference: https://www.virustotal.com/gui/file/23d969b567c429ac013d608dddc90b2a8e9accd1134361ea91941fdbd2f14ce2/detection
# Reference: https://www.virustotal.com/gui/file/2d4dc144c2c3f8a239ceccaf9597ce46e5509f646fb4d3958d982380109048eb/detection

http://114.24.20.97

# Reference: https://twitter.com/malwaretracekr/status/1344161911118602242

426.tzroc.guru

# Generic

/dor000ft.php
/hp_state.php?telnum=
/hp_getsmsblockstate.php?telnum=
/index.php?type=join&telnum=
/index.php?type=receivesms&telnum=

# APK

/app-release.apk
/CJ대한통운 택배V_10.3.33.apk
/CJ대한통운 택배V_11.10.18.apk
