# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.welivesecurity.com/2019/08/22/first-spyware-android-ahmyth-google-play/

radiobalouch.com
/Debugging/process/process/resolving/system/ReadAllTracks.php

# Reference: https://twitter.com/LukasStefanko/status/1244584890361839616

193.161.193.99:27229

# Reference: https://twitter.com/malwrhunterteam/status/1262415009419874305

tryanotherhorse.com

# Reference: https://www.virustotal.com/gui/file/675f5f887a66d21ea0d314e359f97ba9caa5d04436ef904deeaeaa4c83f06018/detection

95.8.94.174:4000
bhblack.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1263081748482723840

95.8.94.174:4444

# Reference: https://twitter.com/malwrhunterteam/status/1265733202674581507

turktelekom-bilgilendirme.com

# Reference: https://blacklist.cyberthreatcoalition.org/vetted/url.txt

ahmyth.ddnsking.com

# Reference: https://twitter.com/malwrhunterteam/status/1297073202024325120

zebraking.ddnsking.com

# Reference: https://www.virustotal.com/gui/file/b039f0ab2a62a5e1f42c5c0f1d34fc247cb6c0fa65ce33629fccbd28b1d0d064/detection

193.161.193.99:38442
c0cf28ed20-51369.portmap.host

# Reference: https://twitter.com/malwrhunterteam/status/1305940469927550977

maladiescoronavirus.com

# Reference: https://twitter.com/LukasStefanko/status/1306143556281737217

176.31.193.59:22222
tweensangoma.servebbs.com

# Reference: https://www.virustotal.com/gui/file/82b49c84601b36ae1dc7d3056b33bb58716551e85c006354e030d0dc8f6059a2/detection

193.161.193.99:49487

# Reference: https://twitter.com/malwaretracekr/status/1304189932055834624
# Reference: https://www.virustotal.com/gui/file/6a1bb59bd1faa3dbca7df51eb6b265b0fd2b5220d99a5befb2a0aabdb9a946da/detection

/nhsave.apk
/pentapp.apk

# Reference: https://twitter.com/malwrhunterteam/status/1309567899649138689

/GBWhatsapp.apk

# Reference: https://twitter.com/malwrhunterteam/status/1317395859726807040
# Reference: https://twitter.com/bl4ckh0l3z/status/1318126608226582529
# Reference: https://www.virustotal.com/gui/file/00ee72e69290217f5e6977750a873887e8a9ab91d7f91a3004c9d04148ec28b5/detection
# Reference: https://www.virustotal.com/gui/ip-address/85.10.199.40/relations

213.230.90.191:3232
85.10.199.40:80