# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: VizaviBot, L3mon # Reference: https://www.welivesecurity.com/2019/08/22/first-spyware-android-ahmyth-google-play/ radiobalouch.com /Debugging/process/process/resolving/system/ReadAllTracks.php # Reference: https://twitter.com/LukasStefanko/status/1244584890361839616 193.161.193.99:27229 # Reference: https://twitter.com/malwrhunterteam/status/1262415009419874305 tryanotherhorse.com # Reference: https://www.virustotal.com/gui/file/675f5f887a66d21ea0d314e359f97ba9caa5d04436ef904deeaeaa4c83f06018/detection 95.8.94.174:4000 bhblack.duckdns.org # Reference: https://twitter.com/malwrhunterteam/status/1263081748482723840 95.8.94.174:4444 # Reference: https://twitter.com/malwrhunterteam/status/1265733202674581507 turktelekom-bilgilendirme.com # Reference: https://blacklist.cyberthreatcoalition.org/vetted/url.txt ahmyth.ddnsking.com # Reference: https://twitter.com/malwrhunterteam/status/1297073202024325120 zebraking.ddnsking.com # Reference: https://www.virustotal.com/gui/file/b039f0ab2a62a5e1f42c5c0f1d34fc247cb6c0fa65ce33629fccbd28b1d0d064/detection 193.161.193.99:38442 c0cf28ed20-51369.portmap.host # Reference: https://twitter.com/malwrhunterteam/status/1305940469927550977 maladiescoronavirus.com # Reference: https://twitter.com/LukasStefanko/status/1306143556281737217 176.31.193.59:22222 tweensangoma.servebbs.com # Reference: https://www.virustotal.com/gui/file/82b49c84601b36ae1dc7d3056b33bb58716551e85c006354e030d0dc8f6059a2/detection 193.161.193.99:49487 # Reference: https://twitter.com/malwaretracekr/status/1304189932055834624 # Reference: https://www.virustotal.com/gui/file/6a1bb59bd1faa3dbca7df51eb6b265b0fd2b5220d99a5befb2a0aabdb9a946da/detection /nhsave.apk /pentapp.apk # Reference: https://twitter.com/malwrhunterteam/status/1309567899649138689 /GBWhatsapp.apk # Reference: https://twitter.com/malwrhunterteam/status/1317395859726807040 # Reference: https://twitter.com/bl4ckh0l3z/status/1318126608226582529 # Reference: https://www.virustotal.com/gui/file/00ee72e69290217f5e6977750a873887e8a9ab91d7f91a3004c9d04148ec28b5/detection # Reference: https://www.virustotal.com/gui/ip-address/85.10.199.40/relations 213.230.90.191:3232 85.10.199.40:80 # Reference: https://twitter.com/malwrhunterteam/status/1328391739523141640 # Reference: https://twitter.com/bl4ckh0l3z/status/1329082787723317250 http://118.167.70.214 http://123.253.110.27 123.253.110.27:8662 123.253.110.27:8889 /kbcapital.apk # Reference: https://twitter.com/malwrhunterteam/status/1329353263498596352 http://114.43.113.63 http://123.253.109.211 /woori.apk # Reference: https://www.virustotal.com/gui/file/deb4098d86440e52832eb6f17b38cb2c82e50e9f6de21819e61b0ada5189bbe9/detection # Reference: https://twitter.com/bl4ckh0l3z/status/1329437919162081282 122.10.114.159:1234 /Aarogya Setu_v1.4.1-ok_sign.apk # Reference: https://twitter.com/malwrhunterteam/status/1332421014886752262 # Reference: https://www.virustotal.com/gui/file/9550de103b11a99e2ff9551a99e61001ab33d86b86baf76a3265e1a30c2d8493/detection http://45.143.93.59 /HDLiveWallpaper.apk # Reference: https://twitter.com/malwrhunterteam/status/1333506610245885960 # Reference: https://twitter.com/bl4ckh0l3z/status/1333742182466023425 # Reference: https://www.virustotal.com/gui/file/8b9ba90a1c7758714e68333c9541cf9fd99b368d0e3df62e91b003af60311047/detection 123.253.110.74:7272 123.253.110.74:8889 http://61.228.224.127 # Reference: https://twitter.com/malwrhunterteam/status/1334126697462030337 # Reference: https://twitter.com/malwrhunterteam/status/1351868441402118147 # Reference: https://twitter.com/malwrhunterteam/status/1356668707062353924 # Reference: https://twitter.com/bl4ckh0l3z/status/1334164150763851781 # Reference: https://twitter.com/bl4ckh0l3z/status/1352927204372586496 # Reference: https://twitter.com/bl4ckh0l3z/status/1352927832754843652 # Reference: https://www.virustotal.com/gui/file/f155131f21cb1fbabc5e1d4e29858caea240bc30a38826ce0671c27eb231cb0b/detection # Reference: https://www.virustotal.com/gui/file/cd361f4f5cfd28c11a9e305f841cc173a04911fbf37ef8cad798a37a4ebe2a69/detection # Reference: https://www.virustotal.com/gui/file/cd361f4f5cfd28c11a9e305f841cc173a04911fbf37ef8cad798a37a4ebe2a69/detection # Reference: https://www.virustotal.com/gui/file/b1cf84700e37ff608ea0ebd179dc6909ad48f0a68031ac88d276ad334d7c0f39/detection http://178.132.3.230 178.132.3.230:5987 iwillsecureyou.com myabcxyz.ddns.net obs1.ddns.net # Reference: https://twitter.com/malwrhunterteam/status/1344989314409754625 # Reference: https://twitter.com/bl4ckh0l3z/status/1345446556003143681 # Reference: https://www.virustotal.com/gui/file/6d1a8a655b62220ba415b06e34a7a7970fe745074d83608fadc57fc0c22fe3a7/detection 93.115.28.37:42474 pigeonmessenger.app # Reference: https://twitter.com/malwrhunterteam/status/1349329349380550656 # Reference: https://www.virustotal.com/gui/domain/umengs.sanxikou.cc/relations # Reference: https://www.virustotal.com/gui/file/d0f36b9a19cee045c79af58d58b24dcab3850dfd21d1079920ac6f1e8554666e/detection 47.240.50.196:42474 47.91.170.222:42474 umengs.sanxikou.cc # Reference: https://www.virustotal.com/gui/file/209998484f18f69fe608d658b9f5c8afdb4530308ddcf06b20703a764d89e7d1/detection http://103.93.79.32 103.93.79.32:9000 # Reference: https://twitter.com/sysk1ll3r/status/1371567150704525316 # Reference: https://github.com/CYB3RMX/MalwareAnalysis101/blob/master/Android/Kbank/ReportKbank.txt 103.159.80.61:8700 # Reference: https://www.virustotal.com/gui/domain/crayzzik.ddns.net/relations # Reference: https://www.virustotal.com/gui/file/99949dfcbcf839e50ed3aa42ebdbf2d3aa1b26847eef8bff7cdbd5f7bcb30614/detection crayzzik.ddns.net # Reference: https://www.virustotal.com/gui/file/f941fae5480184428b3724bef1bd2fafd4d8c959ba831563d6877f09e6426b36/detection 193.161.193.99:51805 # Reference: https://www.virustotal.com/gui/file/3a998217822cc5db7d6540f6d1cc907400a97c55d397438e05a14539a299f8c9/detection 176.9.70.180:22222 dihavnewapp.xyz # Reference: https://www.virustotal.com/gui/file/8c99919e6837d693f7cbd1cb8f6fe4d354dd28d1a9864cd898934cb6dccb1d59/detection 193.161.193.99:37614 cheeta-37614.portmap.host # Reference: https://www.virustotal.com/gui/file/f90ac69c7817cd7164c03f3b78f03045bb6a3ebb6d2c4f01b36387cb3e5ca37b/detection 108.61.210.74:1166 185.141.62.35:1166 208.101.60.87:1166 213.244.123.150:1166 66.220.147.44:1166 93.115.28.195:1166 scr.selfip.net # Reference: https://www.virustotal.com/gui/file/4a7eea45ace28678e0fabb77196d9845eeb80e675006ca4b58a5fe6e360c3e7d/detection 3.130.209.29:21572 # Reference: https://twitter.com/malwrhunterteam/status/1481236472061743104 # Reference: https://twitter.com/LukasStefanko/status/1481960668186226695 # Reference: https://www.virustotal.com/gui/file/3db0d587001285f306fbdd73d29ad62ee826a0c27585ebaaf1d993504fdacc5f/detection chitchat.ngrok.io wetalk.ngrok.io # Reference: https://twitter.com/malwrhunterteam/status/1484835454985850882 # Reference: https://www.virustotal.com/gui/file/c351bf2fa876cefe5fb8d6e6f5764364456f3fa89eef83d3743bd1702fffefd9/detection 195.58.38.192:22222 # Reference: https://www.virustotal.com/gui/file/d4ab7d2f4ba6875f149f4168646aa73f6fbd33479d32b34e5a31c72da73b382d/detection 206.189.80.59:22964 # Reference: https://twitter.com/malwrhunterteam/status/1496800388321722370 # Reference: https://www.virustotal.com/gui/file/be3341e32f700d6eb86540c1b4bf864b9a0da006bb56a97aa891d5be081d9046/detection robertapollysexy.com # Reference: https://www.virustotal.com/gui/file/be3341e32f700d6eb86540c1b4bf864b9a0da006bb56a97aa891d5be081d9046/detection androidrapido.com # Reference: https://www.virustotal.com/gui/file/2d7d3de64cd33f74e337c50855353506c3a45971e003f98fc137d5df62d9369b/detection 3.141.142.211:12098 # Reference: https://www.virustotal.com/gui/file/ddc9d251af6e67bce5f95065a1d49dd85bde2b2cc177c12cf36abdbfa1907d87/detection 193.161.193.99:48147 yourboss-48147.portmap.io # Reference: https://www.virustotal.com/gui/file/be3341e32f700d6eb86540c1b4bf864b9a0da006bb56a97aa891d5be081d9046/detection o731193.ingest.sentry.io # Reference: https://twitter.com/malwrhunterteam/status/1574465208340418575 # Reference: https://www.virustotal.com/gui/ip-address/185.136.162.238/relations # Reference: https://www.virustotal.com/gui/file/49c8539b26c8c7134e2ee14688eb14410690d748e4a3c105d8722f3a8983013c/detection 185.136.162.238:9108 appreviewhelper.com chatindian.xyz beautynaturali.ddns.net server-chat1.chatindian.xyz # Reference: https://twitter.com/malwrhunterteam/status/1581003205516722176 # Reference: https://www.virustotal.com/gui/file/fb40823417fabe77dda51d836c8b69699e14c528468b50aef6c917810ae02098/detection 172.104.187.113:8092 miya3jh1z.xyz c9dz99.miya3jh1z.xyz # Reference: https://twitter.com/malwrhunterteam/status/1590070110240538627 # Reference: https://www.virustotal.com/gui/file/06a253cddba6ac9686939527075e2235b7741ea6903349d86a1a33543af7fcfa/detection letchitchat.info # Reference: https://twitter.com/ReBensk/status/1622580063664472064 # Reference: https://www.virustotal.com/gui/file/1c6fa481ca4c332228be0e183e700e97febc1af6c90d07609514184434d2d70a/detection 43.204.187.172:500 hiddenpirates.com forward.hiddenpirates.com # Reference: https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/ # Reference: https://www.virustotal.com/gui/file/dcec293ce8daf454170b6bbb95d4ac6c70c943b40673ef4f225b96abc003093e/detection # Reference: https://www.virustotal.com/gui/file/aa06b4f63fb8037e1f57a063f6a6b5fbe4615247458433c578644628e54a4216/detection # Reference: https://www.virustotal.com/gui/file/0e88140c921493b587adcba8a586f289bedca8517c069cc8c7fbce21206453d8/detection # Reference: https://www.virustotal.com/gui/file/0e88140c921493b587adcba8a586f289bedca8517c069cc8c7fbce21206453d8/detection 13.215.7.130:22222 13.228.247.118:22222 149.28.142.29:8085 80876dd5.shop order.80876dd5.shop video-maker.ddns.net # Generic /pgb9umnsh_m1pgb9umn.html # APK /AF_News.apk /AVATRADE_APP.apk /ChatinIncognito.apk /ROCKFORT_APP.apk /Pigeon_Messenger.apk /whatsapplite.apk