# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: VizaviBot # Reference: https://www.welivesecurity.com/2019/08/22/first-spyware-android-ahmyth-google-play/ radiobalouch.com /Debugging/process/process/resolving/system/ReadAllTracks.php # Reference: https://twitter.com/LukasStefanko/status/1244584890361839616 193.161.193.99:27229 # Reference: https://twitter.com/malwrhunterteam/status/1262415009419874305 tryanotherhorse.com # Reference: https://www.virustotal.com/gui/file/675f5f887a66d21ea0d314e359f97ba9caa5d04436ef904deeaeaa4c83f06018/detection 95.8.94.174:4000 bhblack.duckdns.org # Reference: https://twitter.com/malwrhunterteam/status/1263081748482723840 95.8.94.174:4444 # Reference: https://twitter.com/malwrhunterteam/status/1265733202674581507 turktelekom-bilgilendirme.com # Reference: https://blacklist.cyberthreatcoalition.org/vetted/url.txt ahmyth.ddnsking.com # Reference: https://twitter.com/malwrhunterteam/status/1297073202024325120 zebraking.ddnsking.com # Reference: https://www.virustotal.com/gui/file/b039f0ab2a62a5e1f42c5c0f1d34fc247cb6c0fa65ce33629fccbd28b1d0d064/detection 193.161.193.99:38442 c0cf28ed20-51369.portmap.host # Reference: https://twitter.com/malwrhunterteam/status/1305940469927550977 maladiescoronavirus.com # Reference: https://twitter.com/LukasStefanko/status/1306143556281737217 176.31.193.59:22222 tweensangoma.servebbs.com # Reference: https://www.virustotal.com/gui/file/82b49c84601b36ae1dc7d3056b33bb58716551e85c006354e030d0dc8f6059a2/detection 193.161.193.99:49487 # Reference: https://twitter.com/malwaretracekr/status/1304189932055834624 # Reference: https://www.virustotal.com/gui/file/6a1bb59bd1faa3dbca7df51eb6b265b0fd2b5220d99a5befb2a0aabdb9a946da/detection /nhsave.apk /pentapp.apk # Reference: https://twitter.com/malwrhunterteam/status/1309567899649138689 /GBWhatsapp.apk # Reference: https://twitter.com/malwrhunterteam/status/1317395859726807040 # Reference: https://twitter.com/bl4ckh0l3z/status/1318126608226582529 # Reference: https://www.virustotal.com/gui/file/00ee72e69290217f5e6977750a873887e8a9ab91d7f91a3004c9d04148ec28b5/detection # Reference: https://www.virustotal.com/gui/ip-address/85.10.199.40/relations 213.230.90.191:3232 85.10.199.40:80 # Reference: https://twitter.com/malwrhunterteam/status/1328391739523141640 # Reference: https://twitter.com/bl4ckh0l3z/status/1329082787723317250 http://118.167.70.214 http://123.253.110.27 123.253.110.27:8662 123.253.110.27:8889 /kbcapital.apk # Reference: https://twitter.com/malwrhunterteam/status/1329353263498596352 http://114.43.113.63 http://123.253.109.211 /woori.apk # Reference: https://www.virustotal.com/gui/file/deb4098d86440e52832eb6f17b38cb2c82e50e9f6de21819e61b0ada5189bbe9/detection # Reference: https://twitter.com/bl4ckh0l3z/status/1329437919162081282 122.10.114.159:1234 /Aarogya Setu_v1.4.1-ok_sign.apk # Reference: https://twitter.com/malwrhunterteam/status/1332421014886752262 # Reference: https://www.virustotal.com/gui/file/9550de103b11a99e2ff9551a99e61001ab33d86b86baf76a3265e1a30c2d8493/detection http://45.143.93.59 /HDLiveWallpaper.apk # Reference: https://twitter.com/malwrhunterteam/status/1333506610245885960 # Reference: https://twitter.com/bl4ckh0l3z/status/1333742182466023425 # Reference: https://www.virustotal.com/gui/file/8b9ba90a1c7758714e68333c9541cf9fd99b368d0e3df62e91b003af60311047/detection 123.253.110.74:7272 123.253.110.74:8889 http://61.228.224.127 # Reference: https://twitter.com/malwrhunterteam/status/1334126697462030337 # Reference: https://twitter.com/malwrhunterteam/status/1351868441402118147 # Reference: https://twitter.com/malwrhunterteam/status/1356668707062353924 # Reference: https://twitter.com/bl4ckh0l3z/status/1334164150763851781 # Reference: https://twitter.com/bl4ckh0l3z/status/1352927204372586496 # Reference: https://twitter.com/bl4ckh0l3z/status/1352927832754843652 # Reference: https://www.virustotal.com/gui/file/f155131f21cb1fbabc5e1d4e29858caea240bc30a38826ce0671c27eb231cb0b/detection # Reference: https://www.virustotal.com/gui/file/cd361f4f5cfd28c11a9e305f841cc173a04911fbf37ef8cad798a37a4ebe2a69/detection # Reference: https://www.virustotal.com/gui/file/cd361f4f5cfd28c11a9e305f841cc173a04911fbf37ef8cad798a37a4ebe2a69/detection # Reference: https://www.virustotal.com/gui/file/b1cf84700e37ff608ea0ebd179dc6909ad48f0a68031ac88d276ad334d7c0f39/detection http://178.132.3.230 178.132.3.230:5987 iwillsecureyou.com myabcxyz.ddns.net obs1.ddns.net # Reference: https://twitter.com/malwrhunterteam/status/1344989314409754625 # Reference: https://twitter.com/bl4ckh0l3z/status/1345446556003143681 # Reference: https://www.virustotal.com/gui/file/6d1a8a655b62220ba415b06e34a7a7970fe745074d83608fadc57fc0c22fe3a7/detection 93.115.28.37:42474 pigeonmessenger.app # Reference: https://twitter.com/malwrhunterteam/status/1349329349380550656 # Reference: https://www.virustotal.com/gui/domain/umengs.sanxikou.cc/relations # Reference: https://www.virustotal.com/gui/file/d0f36b9a19cee045c79af58d58b24dcab3850dfd21d1079920ac6f1e8554666e/detection 47.240.50.196:42474 47.91.170.222:42474 umengs.sanxikou.cc # Reference: https://www.virustotal.com/gui/file/209998484f18f69fe608d658b9f5c8afdb4530308ddcf06b20703a764d89e7d1/detection http://103.93.79.32 103.93.79.32:9000 # Reference: https://twitter.com/sysk1ll3r/status/1371567150704525316 # Reference: https://github.com/CYB3RMX/MalwareAnalysis101/blob/master/Android/Kbank/ReportKbank.txt 103.159.80.61:8700 # Generic /pgb9umnsh_m1pgb9umn.html # APK /AF_News.apk /AVATRADE_APP.apk /ROCKFORT_APP.apk /Pigeon_Messenger.apk /whatsapplite.apk