# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://info.phishlabs.com/blog/new-variant-bankbot-banking-trojan-aubis ussensivitius.gq webcam4bdsm.tk domainprobr.tk eltinjapp.cf # Reference: https://twitter.com/jorgemieres/status/1129069254395990016 # Reference: https://pastebin.com/8v7TEu3D asdfqw.xyz fastwebworks2010.org protec-guvenlik-4.top # Reference: https://twitter.com/JAMESWT_MHT/status/1221865730054008833 kozzet.ru # Reference: https://www.virustotal.com/gui/ip-address/162.244.32.142/relations 162.244.32.142:443 162.244.32.142:80 # Reference: https://twitter.com/sh1shk0va/status/1229720531680796677 (Black Rose Lucy) # Reference: https://www.virustotal.com/gui/file/72c84191fe66c690f5101cf307293c003f82d80f1d00ee010e3067bb0c668d75/detection gapsoinasj.in ja0h12p14k.in jqeoq0r1hgf03ds.in q9120qwpsa.in # Reference: https://twitter.com/ReBensk/status/1243500015613554688 protectphone.pw # Reference: https://twitter.com/malwrhunterteam/status/1248220464473923584 gov-bnminfo.com # Reference: https://twitter.com/malwrhunterteam/status/1248226241527844865 http://45.63.98.87 213.176.36.43:4207 # Reference: https://twitter.com/malwrhunterteam/status/1250386648598228992 # Reference: https://www.virustotal.com/gui/file/a55a9e204ca0f1015a34f76967ab1e93d7e6ff4ab5abb4816b7438c8db41c8e7/detection # Reference: https://seguranca-informatica.pt/marco-2020-analise-reversa-da-app-android-entregue-com-o-phishing-do-novo-banco # Reference: https://www.virustotal.com/gui/ip-address/51.83.252.64/detection # Reference: https://twitter.com/ESETresearch/status/1252252094066819072 http://186.235.91.100 abanca-sms.com bankinter.online bcp-cadastro.com bcp-millennium.com cadastro-bcp.com cadastronb.com caixaes.site cgd-cadastro.com cgd-cadastro.site es-atualiza.com estado-sms.com millennium-bcp.online nb-cadastro.com net24apk.website santa-espanha.com sms-nb.site totta2020.com /controls/nb/control.php /controls/nb/sms.php /extras/bpi_link.txt /extras/nb_link_lyly.txt # Reference: https://twitter.com/malwrhunterteam/status/1250798529850880000 # Reference: https://twitter.com/midnight_comms/status/1250811148204675072 http://176.121.14.127 vodafone5gapps.com # Reference: https://twitter.com/malwrhunterteam/status/1252269448267997185 # Reference: https://www.virustotal.com/gui/file/111cfd455f836794e40c6b088ab8e73f8e673a79c18e559adcffa89630a51042/detection http://218.187.103.198 27.255.64.95:8080 # Reference: https://twitter.com/malwrhunterteam/status/1252287608274722817 (# Android variation) # Reference: https://www.virustotal.com/gui/file/10cf5bdab95219661759bc58d572379953233ec44b30bf2f83a89f6058610f09/detection # Reference: https://twitter.com/ninoseki/status/1253272702573395972 (# iOS variation) # Reference: https://www.virustotal.com/gui/file/748b9f36e5a738665d082b347b5b1f4448d06a70906a32b52b77acd5aa70052e/detection 23.251.45.232:8080 # Reference: https://twitter.com/malwrhunterteam/status/1252323010662588421 poczta-interia.com # Reference: https://twitter.com/malwrhunterteam/status/1252325976308166660 evdehayatvarfree20gb.com # Reference: https://twitter.com/malwrhunterteam/status/1253016217268498437 # Reference: https://twitter.com/LukasStefanko/status/1253265204646903809 25s.site obmenvsemfiles.com # Reference: https://twitter.com/malwrhunterteam/status/1259886844961005568 bocongan113.com # Reference: https://twitter.com/malwrhunterteam/status/1259906137891241985 bocongan113vn.com # Reference: https://twitter.com/malwrhunterteam/status/1259909960311463936 8400113.com # Reference: https://twitter.com/seafaringturtle/status/1259908100703821825 103.57.111.11:4163 # Reference: https://twitter.com/ReBensk/status/1260184449414647811 photobank-shar2020.website # Reference: https://twitter.com/malwrhunterteam/status/1261545686325174273 # Reference: https://twitter.com/seafaringturtle/status/1263163367818215424 # Reference: https://www.virustotal.com/gui/file/8d742a1b50492fc35a54119f305daa054f666bf0ec08f7a668aa657af28a6563/detection 216.118.243.114:3500 216.118.243.114:57157 216.118.243.115:57157 216.118.243.116:57157 216.118.243.117:57157 216.118.243.118:57157 # Reference: https://twitter.com/malwrhunterteam/status/1266069349917503495 sosyaldestek-tr.com # Reference: https://twitter.com/malwrhunterteam/status/1266073872614526982 dbierzkod.pl odbierzkod.pl # Reference: https://twitter.com/ReBensk/status/1269306854233997316 krazyfoxx9.xyz # Reference: https://twitter.com/ReBensk/status/1270725741273964548 # Reference: https://www.virustotal.com/gui/ip-address/8.208.90.169/relations covid-19argentina.top darkfantasy.top drzapato.online drzapato.xyz fastupdate.top fastupdatemanager.top greenandgrey.top lovemeany.online telecentrocovid19.top # Reference: https://twitter.com/ReBensk/status/1272566330873479170 nansy782seetoyou38.website # Reference: https://twitter.com/ReBensk/status/1272565628604502018 flashplayerupdate.top # Reference: https://twitter.com/NtSetDefault/status/1275103442172891138 http://154.206.173.205 139.5.200.26:3500 139.5.200.27:3500 139.5.200.28:3500 139.5.200.29:3500 # Reference: https://twitter.com/malwrhunterteam/status/1349349426486153218 # Reference: https://twitter.com/bl4ckh0l3z/status/1350100010797559808 # Reference: https://www.virustotal.com/gui/file/6d29817636bd1eb314dfe5170765ef59f21c44054fb60049ade96e8becacc15d/detection http://119.42.149.122 http://119.42.149.123 http://119.42.149.124 http://119.42.149.125 http://119.42.149.126 http://154.83.102.138 119.42.149.122:3500 119.42.149.123:3500 119.42.149.124:3500 119.42.149.125:3500 119.42.149.126:3500 # Reference: https://www.virustotal.com/gui/ip-address/213.176.36.42/relations http://213.176.36.42 # Reference: https://www.virustotal.com/gui/file/786a73ac6036cf091939ccfa945e14e53524875ce8911f1c8d98d441fac2fd19/detection 213.176.36.42:4207 bank-negaramy.com # Reference: https://www.virustotal.com/gui/file/a240e8586dd9d5cf199cb96deef63356dd24ae9274d750a076fd5ac4bed3f402/detection 213.176.36.42:4205 gov-bnminfo.com # Reference: https://www.virustotal.com/gui/file/388bdb3f1f2e514e29646fe3a36bf20b7d0c47c0f0375f0aa2af262df6401845/detection 213.176.36.42:4201 # Reference: https://www.virustotal.com/gui/file/796bcb1df6fe45592137e0ddfb4dd1aa8fa264b396e43b58111543c9af89e564/detection bnm-gov-info.com # Reference: https://www.virustotal.com/gui/file/91807792a8c025f5b4c96a4d62f65ab335f695e9a7bbc6484c598a6ad3463684/detection 213.176.36.42:4202 negaramy-bank.com # Reference: https://www.virustotal.com/gui/file/d3724868bb2966d0bffd235a995b6ac926a66b0756ca13679f3075d976da28e2/detection 213.176.36.42:4203 negarabank-my.com # Reference: https://www.virustotal.com/gui/file/9ecca511661e72be443fc179cc71a1ecfcc8af48c6a8c87ef3883cb4724377b7/detection 213.176.36.42:4206 siasatan-gov-bnm.com # Reference: https://www.virustotal.com/gui/file/c07cde11fb494e666a36ac7bb9cc593b877fb5267d04174c2295e586fdaada57/detection bnm-govinfo.com # Reference: https://www.virustotal.com/gui/file/0734c1af9909ce1c55bfe7d71f0c80c18792680880f4e35d849d038ce15962c7/detection 213.176.60.234:3403 # Reference: https://www.virustotal.com/gui/file/486234a479def6497524d3b501e3dfa9ae2f5e1815bd9b09219e98b8e95d62b2/detection bnmgovinfo.com smkgovinfo.com # Reference: https://www.virustotal.com/gui/file/0460ecbe48b8b9d657fd1a8f7e8bbae779eddf312388f46359b21a9d97616170/detection gov-cbminfo.com # Reference: https://blacklist.cyberthreatcoalition.org/vetted/url.txt cdek-payments.com satterfieldbanks.com # Reference: https://twitter.com/B0rys_Grishenko/status/1277515350658224128 # Reference: https://www.virustotal.com/gui/file/5ca38b7d208fbc5f665b4e0af7de5a1ac6cbc796375368934bffbef68732fc77/detection sklepplay24.com # Reference: https://twitter.com/ReBensk/status/1277615119594409987 http://154.206.173.194 # Reference: https://twitter.com/ReBensk/status/1277616463457792000 # Reference: https://www.virustotal.com/gui/file/c69af883dc42792500eecb12dc1f0641f1b9f4b4c340365c0491985ce6a89448/detection 193.112.126.184:39090 # Reference: https://twitter.com/ESETresearch/status/1277930672477343760 arabamuayenesi.com usom-gov-tr.ml # Reference: https://twitter.com/malwrhunterteam/status/1280220519460208641 http://102.129.249.232 # Reference: https://twitter.com/malwrhunterteam/status/1280502011981676546 chromekill.xyz # Reference: https://twitter.com/malwrhunterteam/status/1280572099686531072 looparkadaslik.xyz # Reference: https://www.virustotal.com/gui/file/1998850290d2d17e5537610fdd074fce3027e0999a06bc7f2d9c2ee9170773eb/detection # Reference: https://www.virustotal.com/gui/file/a8cae4f6c6c0121522baff7610a6fd09495426a90d816b8334acae903e8f6985/detection # Reference: https://www.virustotal.com/gui/file/525198da8ae0c46f7707b9040eb4cf28794ab53df29f5f4ae5ec9830b4ea7eaa/detection # Reference: https://www.joesandbox.com/analysis/199559/0/html 172.104.120.109:23040 172.104.135.129:3040 172.104.181.99:23040 /phoneinfo/xb_bin /phoneinfo/xb_bin_one # Reference: https://twitter.com/LukasStefanko/status/1280624418876686336 # Reference: https://twitter.com/NtSetDefault/status/1280648662499155968 antonioguterres.app billclinton.app bobiger.app charlleskoch.institute dougmcmillon.app georgewbush.dev jimyongkim.app martinlutherkingjr.app micheltemer.app nelsonmandela.dev pedroalvarescabral.dev ragfactory.red rupertmurdoch.red # Reference: https://twitter.com/malwrhunterteam/status/1280846189433413634 # Reference: https://twitter.com/JCyberSec_/status/1303618860449509377 # Reference: https://www.virustotal.com/gui/ip-address/5.252.179.35/relations bufirte.xyz contatorfull.best contmobi.club contmobi.online contmobi.work cubirta.club cubirta.xyz dietasricas.xyz gameapps.link loltopgor.monster mastercuponsdays.com masteroffersdays.com norditcph.xyz ofertasgrandes.best offersdirects.com parse654.xyz parse655.xyz passtravel.best poptoper2.monster shopingoffers.xyz topbestoffers.best topbestoffers.monster topbestoffers.xyz topnomber.monster toroftos.xyz yourbestoffers.best # Reference: https://twitter.com/malwrhunterteam/status/1281269010231853056 http://154.206.173.205 # Reference: https://twitter.com/malwrhunterteam/status/1283040684614852609 http://154.206.147.115 # Reference: https://www.virustotal.com/gui/file/fc0b880ddd9bda92dfb776d32a1958635be8933fa138dd35044cb5e76f470860/detection emobileservices.club # Reference: https://twitter.com/malwrhunterteam/status/1288838413345607680 foranymefc.site # Reference: https://twitter.com/0bfusCat/status/1089817931435905025 izmirsiberahmet.online # Reference: https://twitter.com/0bfusCat/status/1088413094722879488 # Reference: https://www.virustotal.com/gui/ip-address/47.74.70.68/relations aperdosali.top atbfinance.top atbfinanza.top atbfinanziario.top comedirtad.top ctechnick.top dopeblock.top materongoc.top oldcrystal.top sickslick.top sleepmate.top # Reference: https://twitter.com/sh1shk0va/status/1290267524592934918 # Reference: https://www.virustotal.com/gui/file/548ea89dcfe3fed1e6766d1c9ef36407b6d3a852fd359635e5fe9de99732eb0b/detection vigolimone.website # Reference: https://twitter.com/malwrhunterteam/status/1290635046169260032 cooperativa-mobile.ml # Reference: https://twitter.com/malwrhunterteam/status/1290964433402044416 llmymdq.site # Reference: https://twitter.com/malwrhunterteam/status/1293831060611096579 # Reference: https://www.virustotal.com/gui/file/63a07c43fc8ab595a45eb17329f8b310c8db72efef3b16a4ea081251f2e40b05/detection 154.92.17.105:1506 154.92.17.105:1509 # Reference: https://twitter.com/malwrhunterteam/status/1297078797553074176 # Reference: https://twitter.com/B0rys_Grishenko/status/1297277745362358273 # Reference: https://www.virustotal.com/gui/file/92648f5945ce65aa9ee46afe1a07e9300d4724255118d4c37bf58b8bafdbedeb/detection http://217.8.117.104 # Reference: https://twitter.com/malwrhunterteam/status/1298677192667402248 # Reference: https://www.virustotal.com/gui/file/b336120b0dcb02d15b63f623ec1ef55659aed23f9d1355f80f2b5d1000963eac/detection http://154.218.21.181 # Reference: https://twitter.com/malwrhunterteam/status/1301135258025431041 tiende.ru # Reference: https://www.virustotal.com/gui/file/c073bf806c4ff8a4cacd515681cac215ee8e7b214f4cb1ad7303912aba2eb67f/detection http://112.213.127.89 # Reference: https://twitter.com/malwaretracekr/status/1305403739117776902 http://220.129.70.58 # Reference: https://www.virustotal.com/gui/file/2502b3b57aa43a63aecb4ad6bae9e739742e78091436c27b3949b55c3387a0f4/detection 185.246.64.188:8001 # Reference: https://twitter.com/bl4ckh0l3z/status/1308789853354692608 senteam.ru # Reference: https://twitter.com/ReBensk/status/1311154202643660801 paypal-sign.myddns.me support-paypal.myddns.me # Reference: https://twitter.com/malwrhunterteam/status/1311307895443787778 http://155.138.163.183 # Reference: https://twitter.com/malwrhunterteam/status/1316057431370326017 http://156.235.187.217 # Reference: https://twitter.com/ReBensk/status/1311536162499162112 http://157.185.179.73 # Reference: https://twitter.com/malwrhunterteam/status/1311710159715082241 http://144.202.11.123 # Reference: https://www.virustotal.com/gui/file/5642f08b04be9460fcdb973042e4841ccbd732cd5ffc0107d9750e5f9afc4449/detection # Reference: https://www.virustotal.com/gui/file/fffa5c2a67db847f43217aa5551c75f5aa1f8f9d82bed032d6eb2a9df1f781e3/detection # Reference: https://www.virustotal.com/gui/file/ab52aa605dde9edf4437388c5df75552ecc196b07c196f6435e7fcf7875e1745/detection 45.138.209.18:8080 # Reference: https://www.virustotal.com/gui/file/1ebe007267a27b653ab572fc4e0a6cccb9b914981d2f90b19d84b75a1bfad55d/detection 45.138.209.34:8080 # Reference: https://www.virustotal.com/gui/file/6046d1b0961301b4b2f26857c5c10e296f03ef942a1b9028631736aa0d8f1205/detection 45.138.209.37:8080 # Reference: https://www.virustotal.com/gui/file/3a3e58f6ee3b0ebc6f3373deddc32255457b710d7ae2200b823536a321a5e001/detection # Reference: https://www.virustotal.com/gui/file/4bcb08348feda24f4f162784772d20d7808957bd052afbf4e5995ebe0ded0f5c/detection # Reference: https://www.virustotal.com/gui/file/d601ff978865fa44311b55420c6cbb61a2a65a9631f797895c1b6406e0b9e731/detection # Reference: https://www.virustotal.com/gui/file/74a12057215be8b65c46a8614a97fcca61012a28b1dc416fd9a9f700ef4f3485/detection 45.138.209.23:7788 # Reference: https://www.virustotal.com/gui/file/d2fd885065dacd134d54f9f07a6a95e2b3371a387102b7094cac812d7da97e25/detection 45.154.14.63:7788 # Reference: https://twitter.com/malwrhunterteam/status/1370021678915350542 # Reference: https://www.virustotal.com/gui/file/08eced64db2e5a0d8de2b57f8a1fee9f724a59be95dfb9f4935ad8d204d45bae/detection 45.154.14.95:7788 # Reference: https://www.virustotal.com/gui/file/fcfb19c41114a5bf5195d8d6316ac1738aec58b38984076ed0c63f2b48f6997f/detection # Reference: https://www.virustotal.com/gui/file/eefe5825eb631b1ab81f2646cec7cdb21673066dd4c409e89d257b50260df324/detection 141.255.151.19:5214 141.255.157.49:5214 asdtt23488.hopto.org # Reference: https://twitter.com/malwrhunterteam/status/1313355326670942208 # Reference: https://twitter.com/bl4ckh0l3z/status/1313374708688134144 # Reference: https://www.virustotal.com/gui/file/74b194615ce6ac50435e211470c3b2948c244a94b5b75ff2d8825bcb5a26b79c/detection fusaed.com qctetc.com uxsahd.com # Reference: https://twitter.com/malwrhunterteam/status/1313522877443043332 flash-player-indir.com # Reference: https://twitter.com/malwrhunterteam/status/1313800408746393603 mollyptuwo.online # Reference: https://twitter.com/malwrhunterteam/status/1316059882987061248 heapafoo.ru # Reference: https://twitter.com/malwrhunterteam/status/1316708831678935042 http://92.63.106.163 # Reference: https://twitter.com/malwrhunterteam/status/1316782508764266496 # Reference: https://www.virustotal.com/gui/file/30557d0306ca5502de037538857c8448edc09f9f318807506cc2e285fcb40893/detection http://154.85.186.46 # Reference: https://twitter.com/Cengiz86035319/status/1317019371764580355 # Reference: https://www.virustotal.com/gui/file/2703c955b8470f8022f4ed74c9e5ca52eabfba37b900bdc47486ee9e6af1b6e1/detection http://35.202.212.117 # Reference: https://twitter.com/malwrhunterteam/status/1317059994907455488 # Reference: https://www.virustotal.com/gui/ip-address/91.134.159.176/relations # Reference: https://www.virustotal.com/gui/ip-address/94.23.180.186/relations # Reference: https://www.virustotal.com/gui/file/58a6117c374159928685e79dd55766eca1c9ac4cbe264acdd0fb1f1815427835/detection # Reference: https://www.virustotal.com/gui/file/4c2114824eaf97c3c0ded5dea516db8dc7435a00c04aa2ac6706877908a42585/detection ebsex.ru exsos.ru gomon48.ru kexsex.ru kosex.ru sexet.ru sexkex.ru sexoko.ru sexpis.ru sexsos.ru sextuk.ru sexura.ru sexvam.ru sexvokrug.ru sexvsem.ru sosep.ru soses.ru sosev.ru soske.ru soskex.ru sosto.ru sosvot.ru totsos.ru zosos.ru # Reference: https://twitter.com/malwrhunterteam/status/1317403643700719616 гусар.online xn--80af4bcj.online # Reference: https://twitter.com/malwrhunterteam/status/1318276866449510400 nuevospainflplayer.info # Reference: https://twitter.com/malwrhunterteam/status/1319918657804357632 # Reference: https://twitter.com/bl4ckh0l3z/status/1320690035327410177 # Reference: https://www.virustotal.com/gui/file/08d74a860befbad4e3e4fc80c6b9d4b46be3c723cb1056d596f3e33dc77343a6/detection # Reference: https://www.virustotal.com/gui/file/4c2378ead460da2282b37c58e8cf911bca55bad57baac485c8e2f9e9ad2b9313/detection shopee-coins.com shopee.cc-cashwallet.com f-spy.com a.f-spy.com b.f-spy.com c.f-spy.com d.f-spy.com f.f-spy.com g.f-spy.com # Reference: https://twitter.com/malwrhunterteam/status/1319952092119896065 # Reference: https://www.virustotal.com/gui/ip-address/98.126.156.85/relations # Reference: https://www.virustotal.com/gui/file/3f7340fc7ec7028dcec2e1d9c766b72d70e5656eb17e7982e434ebe644d27878/detection 160.124.255.97:2018 1136984.com 840113.com 84113113.com # Reference: https://twitter.com/Boyv3r/status/1320076344034791424 ebatabletiniz.com # Reference: https://twitter.com/ReBensk/status/1322064414175092740 # Reference: https://www.virustotal.com/gui/file/c096d30ee0a0df796ca023e421aa4580a9adb5f2893bc2657577fa0e0b691e97/detection # Reference: https://www.virustotal.com/gui/file/3e860c4ede3c07ee29ad269635e2ae6cd6790b2c74bf5ffa201e8cb4dd52b736/detection # Reference: https://www.virustotal.com/gui/ip-address/185.193.91.74/relations acrisias.xyz akdorr.xyz alphesiboeus.xyz amyntor.xyz anchises.xyz antipatros.xyz arutruck.xyz atcor.xyz athenades.xyz azzaur.xyz barud6347.xyz busgud.xyz calcurr.xyz cissesd.xyz cleathes.xyz corydallos.xyz crodolvith.xyz dakquth.xyz diokles.xyz epaenetus.xyz euchenor.xyz eudoxsus.xyz euryleon.xyz eurysthios.xyz eutuches.xyz gaddurud.xyz gruavran.xyz grulgojer.xyz gruraborr.xyz hermotimos.xyz iamusasf.xyz iboddeth.xyz icarius.xyz khaascon.xyz krakott.xyz krazalzutt.xyz kruzangozz.xyz leonidasmy.xyz leontis.xyz lorozz.xyz lydusasd.xyz medonhfg.xyz montudsan.xyz nauvamutt.xyz nedalqex.xyz nezrozz.xyz nikasiosayur.xyz nisosfhg.xyz omunomn.xyz oniasasd.xyz phanias.xyz phileasg.xyz praxislol.xyz praxisyui.xyz priamadg.xyz priamgfg.xyz qavukozz.xyz rokrirr.xyz rozrux.xyz segerux.xyz sinisssa.xyz stukkuar.xyz tectondas.xyz telemacho.xyz theageshgf.xyz tigegax.xyz timasion.xyz tithonius.xyz vulkuar.xyz xiphilinus.xyz xuthusyu.xyz # Reference: https://www.virustotal.com/gui/ip-address/185.193.91.5/relations # Reference: https://www.virustotal.com/gui/ip-address/192.64.119.224/relations # Reference: https://www.virustotal.com/gui/ip-address/63.250.44.166/relations 1zmt5e0yjt.xyz anita1898kurovsk1.xyz babalaykaandcomp.xyz dakquth.xyz davnad.xyz droid2021.xyz gorajorr.xyz gruraborr.xyz heartways.xyz iboddeth.xyz khaascon.xyz krazalzutt.xyz mandalorec2021.xyz masteronil.xyz obiwan2021.xyz princeleya021.xyz tsubaka2021.xyz warior7766.xyz # Reference: https://twitter.com/malwrhunterteam/status/1323157065284681728 # Reference: https://twitter.com/bl4ckh0l3z/status/1323180531891101696 # Reference: https://www.virustotal.com/gui/file/affd5f9084641dee0355dc09b60db37a162538be44727884eb45e929bd4b2f60/detection 103.85.72.156:8080 blinefm.com 2020.blinefm.com # Reference: https://twitter.com/malwrhunterteam/status/1323284195515531265 agoralux.com.br # Reference: https://twitter.com/malwrhunterteam/status/1323674314521141249 # Reference: https://www.virustotal.com/gui/file/7e7be8412de67b5aead030c0f03dc19285b2f4597dda554b7748e72544c45d21/detection espflplayerdescargar.live # Reference: https://twitter.com/malwrhunterteam/status/1326163604459180037 blinefm.com # Reference: https://twitter.com/malwrhunterteam/status/1262783846690492418 filmspolandxxx.com # Reference: https://twitter.com/malwrhunterteam/status/1327354542086889472 # Reference: https://www.virustotal.com/gui/file/20a7aeeadfeb548d2d6df10ed7e4d7e84caa326313f917385d7fb7736af48bd4/detection 189.6.120.28:5050 # Reference: https://twitter.com/malwrhunterteam/status/1328392462088462336 # Reference: https://twitter.com/B0rys_Grishenko/status/1328402107892981761 # Reference: https://www.virustotal.com/gui/ip-address/47.254.176.26/relations # Reference: https://www.virustotal.com/gui/file/ea6cae544c3822e8ff4cfa86bd9285f9c1363388603d3120dacbeecda291649c/detection 3030sisisinononono.info 332dskakkwkkksk22dada.info 5050sisisinononono.info bancosantander-segura.com dsfiudsfdnsjds.top # Reference: https://twitter.com/malwrhunterteam/status/1329709356116570113 # Reference: https://twitter.com/bl4ckh0l3z/status/1329713263060377608 888ccb.com ushdka.com # Reference: https://twitter.com/bl4ckh0l3z/status/1329776743339712518 # Reference: https://www.virustotal.com/gui/ip-address/185.156.172.69/relations soofoodoo.club # Reference: https://labs.k7computing.com/?p=21246 # Reference: https://www.virustotal.com/gui/ip-address/114.55.79.183/relations # Reference: https://www.virustotal.com/gui/domain/i9600.com/relations # Reference: https://www.virustotal.com/gui/file/280dcc68e8b10a9834252aa3bfe2eb48781da56719915c896bfba7d3e0f8c000/detection 114.55.79.183:10011 i9600.com aff.i9600.com control.i9600.com kd-apk.i9600.com service.i9600.com zhf.i9600.com mei669.com oms.mei669.com # Reference: https://twitter.com/malwrhunterteam/status/1332644727808724996 # Reference: https://www.virustotal.com/gui/file/a2fd23a258d8a39c8b096183cdd028f958fa004135cc9df2c0d8910da88e3e46/detection # Reference: https://www.virustotal.com/gui/file/64b48ee8a113fd171fca60d8bbc495b9af3663d65a08cece12114a4d4e8b64c4/detection # Reference: https://www.virustotal.com/gui/file/311f3ac5c075be4b1e34d50d08ff6bf8724facf018f31490f349d3c68a8815ed/detection # Reference: https://www.virustotal.com/gui/file/7df4b0a98d44a8db431340f50c9fec4c22e7b93b6d96f09cf97695d335818dd6/detection # Reference: https://www.virustotal.com/gui/file/ab3db21229eee4b716824ca831f9ddbb837a4b2abb6abc12101e02e84159cb88/detection 146.185.241.6:7878 # Reference: https://twitter.com/bl4ckh0l3z/status/1333009513037893632 148.66.8.98:1935 148.66.8.99:1935 148.66.8.100:1935 148.66.8.101:1935 148.66.8.98:57162 148.66.8.99:57162 148.66.8.100:57162 148.66.8.101:57162 # Reference: https://twitter.com/bl4ckh0l3z/status/1281565691037003782/photo/3 154.206.45.22:21823 # Reference: https://twitter.com/malwrhunterteam/status/1333507473504948226 # Reference: https://twitter.com/bl4ckh0l3z/status/1334147416854056960 # Reference: https://www.virustotal.com/gui/file/e5bf969569c8e4d4ad93f5f6a6b8004bebc58187238a3f0085209004e6be12f6/detection 103.145.191.61:8978 http://103.145.191.61 # Reference: https://twitter.com/malwrhunterteam/status/1334222729558548490 # Reference: https://twitter.com/bl4ckh0l3z/status/1334480342854590465 # Reference: https://www.virustotal.com/gui/file/501ca1c4ce3a6c1d03655d35109b7d16e4dc111142ffa0c3f1cec95b7a604e6f/detection 116.193.152.176:7788 http://45.138.209.52 # Reference: https://twitter.com/malwrhunterteam/status/1336983774354173952 61.227.124.151:30 # Reference: https://twitter.com/malwrhunterteam/status/1337502083608670215 # Reference: https://twitter.com/bl4ckh0l3z/status/1338168054644150273 # Reference: https://www.virustotal.com/gui/file/787f671b98b0393dc6dc703ea0f04d1d79bb6cb45ecae2173c948de61f575e53/detection 103.40.163.156:9090 blinefml.com # Reference: https://twitter.com/malwrhunterteam/status/1338912835523534848 # Reference: https://twitter.com/bl4ckh0l3z/status/1339305454149758978 isjxkac.com ksjajsxccb.com # Reference: https://twitter.com/malwrhunterteam/status/1339667434450653185 http://191.101.234.104 # Reference: https://twitter.com/malwrhunterteam/status/1341710227780104192 http://111.249.159.138 # Reference: https://twitter.com/malwrhunterteam/status/1342098542224142336 # Reference: https://www.virustotal.com/gui/file/bfaed122e095077d937d878ee80cdec7c9d295ddf701361b1a2e5013e3f42c93/detection 112.213.127.149:8978 http://112.213.127.149 # Reference: https://twitter.com/malwrhunterteam/status/1343662715437510656 # Reference: https://www.virustotal.com/gui/file/652d93eff67cb6ca7f50d8b1fd89652e6878c9e7173cb211baf64d7ce5756b1b/detection 103.147.13.139:8978 http://103.147.13.139 # Reference: https://www.virustotal.com/gui/file/87c9d15e7bb4ca798947adecee7ec162206e5975680375c4f4d5f044926a5e17/detection bb.fbb0oy.net # Reference: https://twitter.com/malwrhunterteam/status/1346515280919408647 # Reference: https://twitter.com/bl4ckh0l3z/status/1348294330537168902 # Reference: https://www.virustotal.com/gui/file/f25e7e0de3a02fcef6749ed4ba69df20e07a6982db626903cdadac9432847038/detection # Reference: https://www.virustotal.com/gui/file/9952ff78d120eae1637b66862d3967d06126f0b1d2c0967270207702e086cc75/detection http://45.138.209.52 103.145.106.214:7788 45.154.14.19:7788 # Reference: https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz # Reference: https://snort-org-site.s3.amazonaws.com/production/release_files/files/000/012/156/original/snort3-community-rules.tar.gz # Reference: https://www.virustotal.com/gui/domain/smsgrabber.url.ph/relations smsgrabber.url.ph # Reference: https://twitter.com/malwrhunterteam/status/1351221272710176770 # Reference: https://www.virustotal.com/gui/file/d927fddc84d4f06c2879487756c89c89bf99848e4bec39e5aad0da6a0c53f1a9/detection pornohdcenter.com # Reference: https://twitter.com/malwrhunterteam/status/1351894856281579522 # Reference: https://www.virustotal.com/gui/file/5265ebe2a3e33f003b111f4f7cd4c760800e5ff55f2dd43dea8f22fda3337f81/detection 196.69.61.56:707 ndseven.hopto.org # Reference: https://twitter.com/ReBensk/status/1352201093728518149 # Reference: https://www.virustotal.com/gui/file/cb74cd54650ba5c39a4c9e609b3a371cc7289d81dcdd849d1c5032f6a5fc5c27/detection settings.pw /huawei.apk /huawei9998.apk /xhuawei.apk # Reference: https://twitter.com/malwrhunterteam/status/1353042982505742341 # Reference: https://www.virustotal.com/gui/file/7b769c23c607caaa1022307071e803bcfe1394c82aed11499cb65fedb5e19f17/detection cervezaelhechicero.cl/DHLUSA/ /DHLUSA/DHLTrackShippment.html /DHLSpain/DHLGlobalES.html # Reference: https://twitter.com/malwrhunterteam/status/1352672839208476678 # Reference: https://twitter.com/malwrhunterteam/status/1352673988212912130 # Reference: https://twitter.com/malwrhunterteam/status/1352876505630695424 # Reference: https://www.virustotal.com/gui/ip-address/193.38.55.56/relations # Reference: https://www.virustotal.com/gui/ip-address/194.58.108.142/detection # Reference: https://www.virustotal.com/gui/ip-address/47.254.171.138/relations dhl-api.club dhl-api.icu dhl-api.online dhl-api.space dhl-api.store dhl-api.website dhl-api.work dhl-api.xyz dhl-apk.com dhl-apli.icu dhl-apli.online dhl-apli.site dhl-apli.space dhl-apli.store dhl-apli.website dhl-apli.work dhl-apli.xyz dhl-app.info dhl-app.ru dhl-app.space dhl-app.website dhl-cdn.pw dhl-cdn.site dhl-cdn.space dhl-cdn.store dhl-cdn.website dhl-ebalo.casa dhl-ebalo.club dhl-ebalo.cyou dhl-ebalo.fun dhl-ebalo.icu dhl-ebalo.online dhl-ebalo.site dhl-ebalo.space dhl-ebalo.store dhl-ebalo.surf dhl-ebalo.website dhl-ebalo.work dhl-ebalo.xyz dhl-ebat.icu dhl-ebat.online dhl-ebat.site dhl-ebat.space dhl-ebat.store dhl-ebat.surf dhl-ebat.xyz dhl-kurva.casa dhl-kurva.club dhl-kurva.cyou dhl-kurva.fun dhl-kurva.icu dhl-kurva.online dhl-kurva.site dhl-kurva.space dhl-kurva.store dhl-kurva.website dhl-kurva.work dhl-kurva.xyz dhl-pidor.casa dhl-pidor.club dhl-pidor.cyou dhl-pidor.icu dhl-pidor.monster dhl-pidor.online dhl-pidor.site dhl-pidor.space dhl-pidor.store dhl-pidor.surf dhl-pidor.website dhl-pidor.work dhl-pidor.xyz dhl-serv.cyou dhl-serv.site dhl-serv.space dhl-serv.store dhl-serv.website dhl-serv.xyz dhl-suka.casa dhl-suka.club dhl-suka.cyou dhl-suka.fun dhl-suka.icu dhl-suka.online dhl-suka.site dhl-suka.space dhl-suka.store dhl-suka.website dhl-suka.work dhl-suka.xyz dhlapk.com dhlapp.info dhlapp.space dhlapp.website /dhl-1.apk /dhl-2.apk /dhl-3.apk /dhl-4.apk /dhl-5.apk /dhl-6.apk /dhl-7.apk /dhl-8.apk /dhl-9.apk # Reference: https://twitter.com/malwrhunterteam/status/1376476624703602698 /mrw-1.apk /mrw-2.apk /mrw-3.apk /mrw-4.apk /mrw-5.apk /mrw-6.apk /mrw-7.apk /mrw-8.apk /mrw-9.apk # Reference: https://twitter.com/malwrhunterteam/status/1353773189864816642 # Reference: https://twitter.com/bl4ckh0l3z/status/1353794801901195271 # Reference: https://www.virustotal.com/gui/file/10658430a56a31ab8f295b3bb2860a1fc2fd95b09664d523b168de5d9bd71c2f/detection ratapi11223344786.azurewebsites.net # Reference: https://twitter.com/RickyLafleur1/status/1214587889700478976 # Reference: https://www.virustotal.com/gui/file/a6547415ef61bc66531978ef28913938f74dacb887bbd4ec5fc3a4ee978c4376/detection http://185.185.71.90 whats-app.gq # Reference: https://twitter.com/AgidCert/status/1353763168909225987 # Reference: https://twitter.com/ni_fi_70/status/1354352455123918848 # Reference: https://twitter.com/sS55752750/status/1354418390551711746 # Reference: https://twitter.com/sS55752750/status/1354420546809847820 # Reference: https://cert-agid.gov.it/news/individuato-sito-che-veicola-in-italia-un-apk-malevolo/ # Reference: https://www.virustotal.com/gui/file/9ae593c5611fa04fc0b7cf85f356b0ac92dcbe51fc5f481425ec7d6743368447/detection cosmosframework.xyz cosmospayments.online montanatony.xyz smoothbots.online starbots.xyz supportoapp.com /js/app.19d5011b.js # Reference: https://twitter.com/bl4ckh0l3z/status/1354755976755372035 # Reference: https://www.virustotal.com/gui/file/233835b9ff122185f2ff32b4841d38f6768508767f5cc5a021bc307489140a1a/detection # Reference: https://www.virustotal.com/gui/file/1a0b29851c66a4750e132302fb3bbe180b0822069a916125feb18ce35b9ec319/detection 45.142.213.31:38920 45.142.213.31:38921 45.142.213.31:38922 45.142.213.31:38923 45.142.213.31:38924 45.142.213.31:38925 45.142.213.31:38926 45.142.213.31:38927 45.142.213.31:38928 45.142.213.31:38929 45.142.213.31:38930 45.142.213.31:38931 45.142.213.31:38932 45.142.213.31:38933 45.142.213.31:38934 45.142.213.31:38935 vpsp.ru /A0.php?Android= /A0.php?BankBotLog= /A0.php?ShowPass # Reference: https://twitter.com/ReBensk/status/1355752152740753413 # Reference: https://www.virustotal.com/gui/file/90301cc8484dab405e53a0a1ee07ff4117016412663d1df0154e6500ff1bbffd/detection tosanfrancisco.life # Reference: https://www.virustotal.com/gui/file/3ed04f22534c0d72641f96f59613005d72f50f7206f5e5d41a6284642df961e8/detection # Reference: https://www.virustotal.com/gui/file/afc660b822bd032489407cc195b8ea544cde82335e17bca0fbd170e6fa4b2f52/detection # Reference: https://www.virustotal.com/gui/file/a0075b79f75cbd0005beabbe9397a6cc79ce2521faf80771fb73bada49d898d8/detection 2.61.243.211:3210 2.61.243.211:5214 kolsayan.system-ns.net # Reference: https://www.virustotal.com/gui/file/221926ac32a0a3da6a880320edacf5a5a8485214e5ca71bd7219fe25357f4f0e/detection mixan4uk.system-ns.net # Reference: https://www.virustotal.com/gui/file/b86fd4c42a30a1fbb6af287f23f7b50b72acf3308f43b4f31880563d8999b209/detection 41.233.168.80:1025 mugiwara.system-ns.net # Reference: https://www.virustotal.com/gui/file/2cc928515b78a082307f3d813ba5e113fc0b36dff7c0f4f22534e6f1d64a2545/detection boothead99.system-ns.net # Reference: https://twitter.com/malwrhunterteam/status/1361753980053970950 # Reference: https://www.virustotal.com/gui/file/74adb6bd25a9714501c5e165de1875b17a69fd42d853435f0907ea7abee44fca/detection freeplayer.site # Reference: https://twitter.com/malwrhunterteam/status/1362067913159630851 # Reference: https://www.virustotal.com/gui/file/56ba4301cb77686a2f050bb20bf5443ce817aa582f63d4f8c76877bc230f328f/detection bankspray.xyz # Reference: https://twitter.com/malwrhunterteam/status/1362853473272881155 # Reference: https://www.virustotal.com/gui/file/ff169cffd911225c22760b6e228a5857bd5e85a379b13a506c35be9639d23aa2/detection dreamseed.info # Reference: https://twitter.com/pmmkowalczyk/status/1367210739681943552 buguilou.com contornosdesign.pt spave.com.pk weboyal.com ylem222.com # Reference: https://twitter.com/danlopgom/status/1367820701789532163 # Reference: https://www.virustotal.com/gui/file/85e2227bac98f2a283470798f9f15d63dc3e8f5d98c71385514603f181aefd83/detection correos.website correos.startupinside.net # Reference: https://twitter.com/malwrhunterteam/status/1370443450487869441 # Reference: https://www.virustotal.com/gui/file/dd679ed92ab85e7b3f6d6b8996f681ba07b8e5afd7cf38a33b4edac38f392f4d/detection http://154.203.226.182 # Reference: https://twitter.com/malwrhunterteam/status/1374820280636424201 # Reference: https://www.virustotal.com/gui/file/546f93d93d47c422b3193864c872a64f87fabd1dab845eecbf68195c41d35207/detection http://154.23.55.21 # Reference: https://www.virustotal.com/gui/file/8292218f8d2630c5a03593cebb4899c7e06d4f8afedb9aa3c432b450d9e33b4a/detection oiwa27enioaa2oinz.top # Reference: https://www.virustotal.com/gui/file/aaf8de7f4c51e8196d677eb175f67bc614356f3acd01bc6da821fc74d863bf9a/detection jyrsrydjrtsf0912.top # Reference: https://www.virustotal.com/gui/ip-address/34.65.156.127/relations awqwywewfs56843.top gaweawgeaweg232.top ghslitvomurjfurepj.top ghslitvomurjfurfsdhdafhijkvepj.top ghslitvomurjfurfsdhjkvepj.top make9019jaion.top se44syesegs4e3.top # Reference: https://www.virustotal.com/gui/ip-address/35.199.117.241/relations ghslitvomurjfurepj.top lukabukazykasas.top peskoleonido9201.top # Reference: https://twitter.com/malwrhunterteam/status/1377022272926519306 # Reference: https://twitter.com/malwrhunterteam/status/1377377262404657154 # Reference: https://twitter.com/malwrhunterteam/status/1380255616376184835 # Reference: https://www.virustotal.com/gui/ip-address/198.187.29.144/relations # Reference: https://www.virustotal.com/gui/ip-address/68.65.120.237/relations # Reference: https://www.virustotal.com/gui/file/ae9208fd8c3e5170c3cb32df36c9f8596c4acd2fdebb7f98decd13583f26f0b5/detection # Reference: https://www.virustotal.com/gui/file/5e816b8f4c0df1d6f1bd409988658f40416de7d7333b6776a64ce66fb41fcadb/detection antivirusmc.xyz apkchrome.xyz browserchrome.xyz chrome2apk.xyz chrome3apk.xyz chrome4apk.xyz chromea1k.xyz chromeapk.xyz chromeapk5.xyz chromeapk6.xyz chromeapk7.xyz chromeapk8.xyz chromeapkupdate.xyz chromebrowser.xyz chromeeapkk.xyz chromeupdateantivirus.xyz chromeupdateapk.xyz updatechromeapk.xyz # Reference: https://twitter.com/malwrhunterteam/status/1377563398775447555 # Reference: https://twitter.com/LukasStefanko/status/1377574453220114432 # Reference: https://twitter.com/NtSetDefault/status/1377654475507302401 # Reference: https://www.virustotal.com/gui/file/be3d8500df167b9aaf21c5f76df61c466808b8fdf60e4a7da8d6057d476282b6/detection 134.209.66.184:5000 atualservicenovo.hopto.org modulo-gatewayzzz-com-br.umbler.net # Reference: https://twitter.com/malwrhunterteam/status/1379513330633691153 # Reference: https://twitter.com/bl4ckh0l3z/status/1379715519553622019 # Reference: https://www.virustotal.com/gui/file/2e403d7dfbf9641dd9d54cab50b06bbc8a09aeeafa5a4b824a79750befbefe74/detection api.88888.pm rtmp.5555577777.cn tiktok.tf # Reference: https://twitter.com/malwrhunterteam/status/1382676216893804547 # Reference: https://www.virustotal.com/gui/file/9e0383ce956c1a31c44367d6886dc36d7e036771b6351082567a9e434cc1018d/detection http://139.177.192.54 # Reference: https://twitter.com/malwrhunterteam/status/1382712585557016581 # Reference: https://www.virustotal.com/gui/file/7a392dea26a6482842a1b14b3d5fb3e0a138eba7cd8c18146758bb4c2021c3e4/detection http://139.177.193.252 # Reference: https://twitter.com/malwrhunterteam/status/1384025728128229381 # Reference: https://twitter.com/malwrhunterteam/status/1480914416887599115 # Reference: https://twitter.com/malwrhunterteam/status/1532716068598386692 # Reference: https://twitter.com/midnight_comms/status/1532717468732379136 # Reference: https://www.virustotal.com/gui/file/eeec5a484623068336306c6dfa696981b87048ac9e37bdc14e21beca8ef6eecd/detection # Reference: https://www.virustotal.com/gui/file/be1ea062a9496d469fc6b6579644db325d278f97ec5091777ce90b519789645b/detection # Reference: https://www.virustotal.com/gui/file/7d29fef5cd3dc1a0271b97288f2a51e082628877091865e81ea0d13214ff50ef/detection # Reference: https://www.virustotal.com/gui/file/8aac771bf14279eb41574fd191cf9c344f8b20ad52ac3b7a1941eca75e549935/detection http://103.81.169.137 http://154.194.3.236 http://51.79.168.103 http://51.79.168.123 103.81.169.137:6001 154.194.3.236:6001 51.79.168.103:9001 51.79.168.123:8001 magicpro.xyz /spy/OneNeedHintAlertDone?imei= /spy/Sync?imei= /spy/SyncConfig?imei= /spy/SyncDone?imei= /spy/addMobileAccount /spy/addMobileApp /spy/deleteMobileApp /spy/downloadMobileApps /spy/getOneModifyContact?imei= /spy/getOneModifySms?imei= /spy/getOneNeedHintAlert?imei= /spy/syncMobileCallLogs /spy/updateModifySmsResult?imei= /spy/uploadBinary /spy/uploadFormInfo /spy/uploadMobileApps /spy/uploadMobileCallLogs /spy/uploadMobileContacts /spy/uploadMobileGps /spy/uploadMobileInfo /spy/uploadMobileSmss # Reference: https://www.virustotal.com/gui/file/0af2ab5df68cdd44d5e4e385a322f39b5bed3680197a4293ade43485fc454288/detection http://103.126.241.166 103.126.241.166:6001 # Reference: https://twitter.com/malwrhunterteam/status/1631397387116638211 # Reference: https://www.virustotal.com/gui/file/843050142cb7b50908541d73815f1a4fbb2881db650042c3ad4008c3c67ff8c5/detection 183.111.122.124:6002 authpermission.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/e2d8d55584ac0ae5b81e93037d5fe28a5ab63dd205f5a9037cb4b035ae4a4908/detection 183.111.122.123:6002 # Reference: https://www.virustotal.com/gui/file/02307f548db01d30fd3c0cdac26b06631b26e7097bb15844bd773d7d99733f55/detection http://45.114.125.201 # Reference: https://www.virustotal.com/gui/ip-address/142.91.115.180/relations # Reference: https://www.virustotal.com/gui/domain/m.anyhall.com/relations # Reference: https://www.virustotal.com/gui/file/28073e582a4374651de45479b4ba509d028cad636352ec99fb49a9e474b688d5/detection 142.91.115.180:8855 m.anyhall.com # Reference: https://twitter.com/malwrhunterteam/status/1385925206477361154 # Reference: https://www.virustotal.com/gui/file/cb534251500fc47ac910f82ee40ddfd5657b60727af2d5178d85e19948b3d576/detection hd-freepornvideos.club # Reference: https://www.virustotal.com/gui/file/4b098f9f68d5f21a7ea9e23d1a3c730714abb4246f929074f7980493d0c37d09/detection kassandra.fun sonaspection.ru # Reference: https://twitter.com/malwrhunterteam/status/1389255478266548224 # Reference: https://www.virustotal.com/gui/file/e911c7b36dd45be7c5e2443fe048e89c93bf057a769bf274830bd057363187be/detection http://167.99.177.19 # Reference: https://www.virustotal.com/gui/file/b42c476a09d95582247f1e0fdae17670c6b96f5192e310b0e40121ef79755a43/detection 156.234.25.53:7788 # Reference: https://www.virustotal.com/gui/file/dfdf94f829ee1cd42da43553bad0bbea90141ed655076f73af4b02a6e9369bf2/detection 156.234.25.181:7788 # Reference: https://www.virustotal.com/gui/file/ac858a30302591b82e2417c5d60484ca4a9065974425506a03cdfc4d4b41a8a7/detection 156.234.25.249:7788 # Reference: https://twitter.com/malwrhunterteam/status/1391818475195219971 # Reference: https://www.virustotal.com/gui/file/df096b2fd6b09f2cabc7d5eedb0497058831c08d1f746f91df43bfe1d2d561b9/detection 103.40.163.75:9090 koreabam21.com # Reference: https://twitter.com/malwrhunterteam/status/1397510362598084610 # Reference: https://twitter.com/malwrhunterteam/status/1438455316564303872 # Reference: https://www.virustotal.com/gui/file/1ab363d46c6e511bcce08c0c4dc702ceaf602ac8eef2a6663b47a4c60cb179d5/detection # Reference: https://www.virustotal.com/gui/file/2e708e464074aed4242fb8cc3d93a16ff5ed724c33da6e45e002c3c8c30fa053/detection # Reference: https://www.virustotal.com/gui/file/3fbcf74876ae8d6845d93be6fd747a7cc38afda00bb650443d3d52281535888b/detection 172.104.133.201:20027 ankatras.xyz covid19-ca.link godforgiveuss.live sock.godforgiveuss.live socktest.ankatras.xyz # Reference: https://twitter.com/malwrhunterteam/status/1417549231221616643 # Reference: https://www.virustotal.com/gui/file/39fd11ec4890da87f22b05825a1d8de1423cb2caf31aef72376ba611433ef59a/detection 139.177.182.88:20027 hhhhrkanandda.xyz unknknknnkknkknnk.xyz sock.hhhhrkanandda.xyz sock.unknknknnkknkknnk.xyz # Reference: https://twitter.com/k3yp0d/status/1446446384882782224 172.104.226.138:20027 pembesir.xyz sock.pembesir.xyz # Reference: https://twitter.com/malwrhunterteam/status/1450183476842536967 # Reference: https://www.virustotal.com/gui/file/6a0aa9262bff716cbaf0be6a019fb6a1b87990311f445bb97df1240fff1248a2 139.162.233.149:20027 essesessssssss.top sock.essesessssssss.top # Reference: https://twitter.com/unidentified0xc/status/1425161173465538562 # Reference: https://www.virustotal.com/gui/file/e1a2efc352e34661eddae757bc6d1856c64a6e0202ea8a427a3f237c4c440162/detection nmnmnmfsamsfan.xyz usvpn.xyz sock.nmnmnmfsamsfan.xyz # Reference: https://twitter.com/malwrhunterteam/status/1394401728372559872 contratacionesbarcelo.com # Reference: https://www.virustotal.com/gui/file/cc5c5128939aa43d6ebb661e846ed0e18fcbad4273595244a03fee42607c51dd/detection http://103.249.104.120 103.249.104.120:9090 # Reference: https://twitter.com/malwrhunterteam/status/1399444793747456006 # Reference: https://www.virustotal.com/gui/file/c3c3550938850cb8571e7ea69158559fd859f81e5640a2706284148ceee4ae97/detection http://154.208.162.197 # Reference: https://twitter.com/malwrhunterteam/status/1402637471683330050 # Reference: https://www.virustotal.com/gui/file/14f4cd43cc995800f3feea4c7ebaa0e6f550ca84c18dbd103290b90d3405425b/detection http://185.220.103.7 185.220.103.7:443 185.220.103.7:7777 # Reference: https://www.virustotal.com/gui/file/ce9e9c7e45d8abee3dce73c1cf7389b9eeafbf0d8eb32aaf10c5cb4c7301745f/detection 156.234.25.93:7788 # Reference: https://www.virustotal.com/gui/file/88a311f0f359e231b36c4f71a17242540e4476e6047b8b96e38d12473c50d316/detection 156.234.25.58:7788 # Reference: https://twitter.com/malwrhunterteam/status/1403302055352188930 # Reference: https://www.virustotal.com/gui/file/a12d3f74deff9a214fb7c686f20c4ff8adcca6a9f9d283eed02d84c07a93ee0d/detection secyrecontrolremontepanel.xyz # Reference: https://twitter.com/unidentified0xc/status/1415819610616631299 # Reference: https://www.virustotal.com/gui/file/3c3d31f4febde81d2e1714bb71916acf646cbca0b4ba1e27d2e45f46389bd6e0/detection # Reference: https://www.virustotal.com/gui/file/ae87e417e0da723d202d4030bf514b29f9115c629f1a64cddb77d2b244425a90/detection googlesystem.cf # Reference: https://twitter.com/f3d__/status/1252164411881598977 nuova-gestione-app.guru # Reference: https://www.virustotal.com/gui/file/831346106da21d6edd95d62d22065a705e1c8c3edd29a31fb4ca7431d50d5cb1/detection 4-u.wtf fitnessstyle.xyz sportsstyle.club # Reference: https://twitter.com/malwrhunterteam/status/1418674419296243714 # Reference: https://www.virustotal.com/gui/ip-address/66.29.137.15/relations # Reference: https://www.virustotal.com/gui/file/2969bb031811769e2567e09c3bcd6c7d2d874b141df95f48077ea7cc311054ad/detection apkchromee.xyz browserchrome.club chromeapk.site # Reference: https://twitter.com/JAMESWT_MHT/status/1420310582553718784 pornhd1080.one # Reference: https://twitter.com/Gritzman_/status/1328335209004150786 # Reference: https://twitter.com/ni_fi_70/status/1328345659188064258 # Reference: https://www.virustotal.com/gui/file/002d97585e2ea7b8c76a60bc576edc0d418b4b0847a011ff2c75615ab359eec6/detection servicemail.space # Reference: https://twitter.com/ni_fi_70/status/1308753894051401729 i-heroes-fb.nextersglobal.com # Reference: https://twitter.com/ni_fi_70/status/1291269207133491200 imklocloforvert.com # Reference: https://twitter.com/ni_fi_70/status/1072410706782380032 bitsolution.info # Reference: https://twitter.com/ni_fi_70/status/1019466719474212864 # Reference: https://www.virustotal.com/gui/file/bf4027f3938897fde77a91c52d888d146f4a394a58294d349e992674b62cf09d/detection ok091880.online # Reference: https://twitter.com/ni_fi_70/status/1008598804164173824 # Reference: https://www.virustotal.com/gui/file/4a88d7a89e8025916e5e98cd0249fb58feee79abe3a34b63a1de28076a0b6f20/detection p182229.top # Reference: https://twitter.com/ni_fi_70/status/986527550498377729 # Reference: https://www.virustotal.com/gui/file/cace7765a5df91602634ff1f19fa7e23f2964d237b24fdab7c736cfeb26febc7/detection sicher1730.top # Reference: https://twitter.com/ni_fi_70/status/941592229960970240 # Reference: https://www.virustotal.com/gui/file/066dac5aeb7508eaaf2e30d3be117571df8c9a73fff23a3d3065c64d0dad6b15/detection sicher911323.gdn # Reference: https://www.virustotal.com/gui/file/8280f8182aa1ac8d861fd848521181d103003671cb167d1e3661f0eb3bae6081/detection evernews.gdn # Reference: https://www.virustotal.com/gui/file/cace7765a5df91602634ff1f19fa7e23f2964d237b24fdab7c736cfeb26febc7/detection gdgfatrzwsa.top # Reference: https://www.virustotal.com/gui/file/4a88d7a89e8025916e5e98cd0249fb58feee79abe3a34b63a1de28076a0b6f20/detection 185.243.243.242:7878 # Reference: https://twitter.com/ni_fi_70/status/783974646869884928 019863.pw # Reference: https://twitter.com/ni_fi_70/status/781422928478994432 # Reference: https://www.virustotal.com/gui/file/8eaa248e569ac11588825695de17bcf6ca7506b3458c0584ef43480991784de0/detection 1234567898122.tk xxx.1234567898122.tk # Reference: https://twitter.com/ni_fi_70/status/770890719833812992 # Reference: https://www.virustotal.com/gui/file/f78aeb9ae5968c9c700f09b97f566796160a033111b080e3a6f9d126b69e4d1c/detection santamariagorettimestre.it sicherheit-app.biz # Reference: https://twitter.com/JAMESWT_MHT/status/1420976920423014402 http://39.109.117.11 xarm.top # Reference: https://twitter.com/malwrhunterteam/status/1423539502287577089 # Reference: https://twitter.com/_icebre4ker_/status/1423579192466280448 # Reference: https://securityintelligence.com/posts/brazking-android-malware-upgraded-targeting-brazilian-banks/ # Reference: https://www.virustotal.com/gui/file/d5bd93943a5433a4da132a8eab5dd14c0b5c320a40b1209812bc2c957fe6d090/detection # Reference: https://www.virustotal.com/gui/file/8f0c8fb724bc8a8cdc66bd25172af840382db505315d17cf3b8e9d01de2f3ff9/detection # Reference: https://www.virustotal.com/gui/file/11f0a591fbab78790bae2ab8d5c706b2f685b878aadd11b12036517938ad78b6/detection # Reference: https://www.virustotal.com/gui/file/7774d7d0cb3635886f030cb55b51627fd02b25fcaf00c2d1d8d7c5533351f16a/detection # Reference: https://www.virustotal.com/gui/file/a00f8137fa6a89c5de8674a23e39bf2933fd76d8639f8ecef7948158bb61a907/detection # Reference: https://www.virustotal.com/gui/file/9cdffc731d56a20d44923e098423dc9a8a2add3a2a19833daae107a3e2ed2eda/detection 18.231.193.200:7175 54.71.124.199:7171 54.71.124.199:7173 54.71.124.199:8010 54.71.124.199:8011 54.71.124.199:8012 93.188.161.202:7175 clienteacc.online mobile-droid.com bemcomido.clienteacc.online hfolqxn.clienteacc.online iftduys.clienteacc.online kor.clienteacc.online mobile.clienteacc.online ochabkd.clienteacc.online oznxawi.clienteacc.online vgejakw.clienteacc.online wossupw.clienteacc.online zastec.clienteacc.online zkor.clienteacc.online zwcnxgh.clienteacc.online # Reference: https://twitter.com/malwrhunterteam/status/1423624779991601152 # Reference: https://www.virustotal.com/gui/file/6ffc8a414bd2d9ff920b2df84ee09927b41ad583775f8471879b457a0cb5e213/detection onlyfansalisa.one # Reference: https://twitter.com/malwrhunterteam/status/1423907902545346564 xvideos1080hd.club # Reference: https://twitter.com/ReBensk/status/1429482221618929668 # Reference: https://www.virustotal.com/gui/file/4d915f18eea64ef2ce199c8dc34ec3e165c34faf6f692532ee50c33872f711d5/detection cvectorart.club # Reference: https://twitter.com/ReBensk/status/1438448553186119689 nuevosecua.duckdns.org # Reference: https://twitter.com/ReBensk/status/1438455283362123780 # Reference: https://www.virustotal.com/gui/file/2d83480371cf081092bfa89628552abb461175333349122ead306bdc8ab9cf0b/detection 66.111.2.20:9001 pag.mobi dian.pag.mobi # Reference: https://twitter.com/ReBensk/status/1438027183490940931 # Reference: https://twitter.com/malwrhunterteam/status/1438814957290852352 # Reference: https://www.virustotal.com/gui/file/ed7ef6718a6b6e7abf3bd96c72929ee9f1e9a4bfcd97429154141c7702093f36/detection http://114.47.93.211 http://61.227.52.208 # Reference: https://twitter.com/ReBensk/status/1444958740902416390 # Reference: https://www.virustotal.com/gui/ip-address/153.92.220.42/relations covid-alert.live covid-help.online covid19-alert.online covid19-stat.online # Reference: https://twitter.com/malwrhunterteam/status/1445760971062976512 ttneiva.com # Reference: https://twitter.com/malwrhunterteam/status/1446084392045142019 # Reference: https://twitter.com/_icebre4ker_/status/1446091010329792519 # Reference: https://www.virustotal.com/gui/file/b4dc9230a103f57f7eba786c310a8070cd583dc3321486b08172ebbb7ac154c3/detection onlineregisterquery.com # Reference: https://www.virustotal.com/gui/file/db6246bd102fdfa9614a9fa5968362c5de8a3bb1cd23b5740392210d20a7d22a/detection 185.215.113.42:3000 # Reference: https://twitter.com/malwrhunterteam/status/1458757293043068933 # Reference: https://twitter.com/midnight_comms/status/1458982901907746818 # Reference: https://www.virustotal.com/gui/file/4d6c73272adb081f436048ac4f5b995458321d5dfd862da6a56ea0156ccc33ac/detection ruslov-project.com sant-ander-seguridad.com /sms-santander/ /sms-santander/sendsms.php # Reference: https://twitter.com/ReBensk/status/1459870129580220417 # Reference: https://www.virustotal.com/gui/file/e3a4d122d8850c09b89145db1b06acf33c714cd2f6a711eeef064ad6c473e4a5/detection mydearapk.xyz bg-1109-1.mydearapk.xyz # Reference: https://twitter.com/malwrhunterteam/status/1458754114645602304 # Reference: https://twitter.com/midnight_comms/status/1460265717790564355 # Reference: https://www.virustotal.com/gui/file/578c2f159d3a68ce9b7d9500eeaac99c71ce18d6e78524b30b505c80f57a945b/detection http://114.43.207.242 http://202.79.165.35 # Reference: https://www.virustotal.com/gui/file/244dfd4beb1691c3810852f5dc74808584a9f4b174543a21f2f50abb16846807/detection 154.31.1.147:3500 154.31.1.147:57165 # Reference: https://twitter.com/malwrhunterteam/status/1461329787268575240 http://156.235.197.219 # Reference: https://twitter.com/malwrhunterteam/status/1455238660090208260 # Reference: https://www.virustotal.com/gui/file/f0bf3b4249910751edafcb0c8466b46130a0caf7662e7fb5dec0fee4f60eb86b/detection http://164.88.248.31 134.172.19.66:9000 # Reference: https://www.virustotal.com/gui/file/f76177a0094c1fb604dd8b8c356cd0278e5acc725c4b6fe36645c2d8eed6a240/detection # Reference: https://www.virustotal.com/gui/file/1f26fbc4d6b1da772fbe1287908b27296fafbc7866cc8f87487eb508327b1f59/detection http://185.130.104.172 # Reference: https://twitter.com/ReBensk/status/1464584885071278080 ccservices.online # Reference: https://twitter.com/malwrhunterteam/status/1464591393356230661 # Reference: https://www.virustotal.com/gui/file/d9953afa201d881a468242b54040fc72e5440f663313a924b043a5654c165bb4 sttania.com # Reference: https://www.virustotal.com/gui/file/2227e156d2b92cd5d6f7b3e5a03391051074bfd25a03d7e2a957e4fd7c9ac97a/detection sexvo.ru # Reference: https://www.virustotal.com/gui/file/221e7abb84ed558c1c54cfb88e0f92528ce04dd8aa0b961c660b585874a61f37/detection # Reference: https://www.virustotal.com/gui/file/a5f0111af1aed630a205b2a8cb26832b6767bd9eaae0491da1b3f03ff7c59c36/detection 8rub444.ru 8serv4.ru # Reference: https://www.virustotal.com/gui/ip-address/213.32.35.48/relations # Reference: https://www.virustotal.com/gui/file/3d919552a86c7b3dcda9cb26546c2bc3502adb33de4a47b70992e8c247aa2381/detection # Reference: https://www.virustotal.com/gui/file/5568b2827c0044e07e4361aa4630133f40bba414c9039c59b2bed5142e7eedff/detection # Reference: https://www.virustotal.com/gui/file/bed661111f11bb5e19dd14bd0ead5a62b1234410243d6377bb1e49b2413cbe1b/detection izi444.site ser4888.ru # Reference: https://www.virustotal.com/gui/file/a38b6bf6b87af137778a0f590e72d856cd185ebe764825ff59f55cd1b57e72a8/detection sexsu.ru wsexe.ru # Reference: https://www.virustotal.com/gui/file/ba2ed0c55aebc4ac1e3c3163c5291dcee405eacb4c2254da8fca7f6b1ba0fead/detection taborx.ru # Reference: https://www.virustotal.com/gui/ip-address/213.32.35.{49,1,51}/relations 8babok.ru 8rub444.ru dewsex.ru domsos.ru min888.ru mne848.site mon888.site nadser.ru rubas888.ru ser848.site ser888.site sexdet.ru sexma.ru sexpopok.ru sexsu.ru sexsuk.ru sextelok.ru sextu.ru sexvrot.ru sosdev.ru votsex.ru vsexx.ru # Reference: https://twitter.com/ANeilan/status/1466830092718465028 dhl-getnextalert.duckdns.org # Reference: https://twitter.com/malwrhunterteam/status/1466358933694656518 # Reference: https://twitter.com/midnight_comms/status/1466962241677402116 # Reference: https://www.virustotal.com/gui/file/8a7d8a57b5545b89bd64aa1b58fd2afbf493b1de6900ffcb96fe5bed5d70f5da/detection http://91.204.225.159 # Reference: https://twitter.com/malwrhunterteam/status/1466878887506464773 # Reference: https://twitter.com/midnight_comms/status/1466969594556555269 # Reference: https://www.virustotal.com/gui/file/d60b75b48972fd67d339840de0ab61feba25646b7fe6c716467102c69a44b708/detection http://112.213.126.214 # Reference: https://twitter.com/malwrhunterteam/status/1467226842788675591 # Reference: https://twitter.com/midnight_comms/status/1467682581630046209 # Reference: https://twitter.com/midnight_comms/status/1467685917771145218 # Reference: https://www.virustotal.com/gui/file/958ca7a20954a3e3fc1d7ade9d0b7df04a181631c68c72a733dad1b423deb631/detection # Reference: https://www.virustotal.com/gui/file/66bf65ec96b7540edeb02d2164fc3bb926c73d674336edfe1eb952d4e395a542/detection rikobot.xyz /passfivee.php # Reference: https://twitter.com/malwrhunterteam/status/1468169063629262852 tayyabgroup.com # Reference: https://twitter.com/malwrhunterteam/status/1469358216849014787 # Reference: https://www.virustotal.com/gui/file/b70a015271a67801c1c3deeeb0993db7bf4e44eab18bd6744ec01953f357b1cb http://111.90.151.237 /smnet/playstore_downloadS28/ /playstore_downloadS28/ # Reference: https://twitter.com/malwrhunterteam/status/1471205687967502340 # Reference: https://www.virustotal.com/gui/file/db33a11d3d3d935d73e61b604cf116c2abdb1a9015d09dd0a98b0bd1760fc0ce/detection ltausincronizador.com itoken.ltausincronizador.com /playstore_downloadS32/ # Reference: https://twitter.com/malwrhunterteam/status/1469375284155719686 # Reference: https://www.virustotal.com/gui/file/ef2a1864f3edfb89b1c0597c9f5084333acbeed3b72ffbca383efef9ff99f0bd/detection wdho.net.ru # Reference: https://www.virustotal.com/gui/file/84c46be5a461d71b5f7ff79d186f0994b8f330db698e410257cb75c8b07b250c/detection 32a8-2a07-23c0-0-3000-00-625d.ngrok.io # Reference: https://twitter.com/malwrhunterteam/status/1471194225618427904 # Reference: https://www.virustotal.com/gui/file/4a04da1e328fd7ffe9ee70d38114f7e01574700d8250f475e16b850aea65b285/detection # Reference: https://www.virustotal.com/gui/file/bd4f2c586447652fc48adf2b84c5afddf0fdd02cb3a01ddd565d5e3e10494643/detection # Reference: https://www.virustotal.com/gui/file/2ff49693c3aeefbd3353b9b8eb3dc8f3c4808292b13ba4936dacd1725c216ffa/detection # Reference: https://www.virustotal.com/gui/file/d0fe0ab197ae72487a1fdfa914885f3e7d0411b1dc30ee6274dd2c03c545028f/detection 4f71-2a07-23c0-8-2000-00-b94.ngrok.io /multipartpost.php # Reference: https://twitter.com/malwrhunterteam/status/1470502631940534281 # Reference: https://www.virustotal.com/gui/file/ba30f5d88cbe358a2e6055e54b81049262e2e2f0a605c290e57526ab124930e4/detection csis.digital # Reference: https://www.virustotal.com/gui/file/b3c64f51ee7faee4dcf62b948ab2c829d71f2bbce8cf1e6df8ed5190855f9c13/detection commandcntr.herokuapp.com # Reference: https://twitter.com/seguridadyredes/status/1471004395001294852 # Reference: https://maxkersten.nl/binary-analysis-course/malware-analysis/android-sms-stealer/ # Reference: https://www.virustotal.com/gui/ip-address/37.1.207.31/relations # Reference: https://www.virustotal.com/gui/file/a94b0de7975cb9b671fd16d9d9cf67977207b685ce720539782c90797d4b7983/detection http://37.1.207.31 # Reference: https://twitter.com/ReBensk/status/1471466960944721924 diancob.com # Reference: https://twitter.com/midnight_comms/status/1467872471365922819 # Reference: https://twitter.com/midnight_comms/status/1472989365878116361 # Reference: https://twitter.com/midnight_comms/status/1471869548550758407 http://137.220.168.218 http://137.220.168.221 http://27.124.7.133 http://27.124.7.134 # Reference: https://www.virustotal.com/gui/file/aa81391c30ff16950d3d5070e6e66f3fcf75a6e6d17da016adaa3350dc535873/detection sexchater.one # Reference: https://www.virustotal.com/gui/file/c471a1ca16ef1018cde46e2a263305a13c913eb74730789dfdccbf31baadf6ee/detection cefouccqw.gq # Reference: https://www.virustotal.com/gui/file/f8677fbacd926fca9fb55239d9491573341c1546cd2ec59e5acc49d43bcf1586/detection # Reference: https://www.virustotal.com/gui/file/e03b9badfdd85992c8c9f79e25d5975d08b550206f7beb561c5983b3ff1f36b8/detection datasmsalluser.in swerverv2.herokuapp.com testchat8564.herokuapp.com testdata112.orgfree.com unsaleable-curls.000webhostapp.com # Reference: https://twitter.com/malwrhunterteam/status/1474341948169277440 # Reference: https://www.virustotal.com/gui/file/bad0f9ecd0f64d16b31158c28f4453b267d8ede5f1163d66fba200c51ac1b418/detection http://1.171.163.104 # Reference: https://www.virustotal.com/gui/file/77a7faccc29a1498c39b1c99acd4f3b38667d72c455af2a900ac424bda0b017d/detection # Reference: https://www.virustotal.com/gui/file/a02b269becf4483fc02768d26827bd3a38a1926a900be79367f0deb3bf6521b4/detection # Reference: https://www.virustotal.com/gui/file/a9474d795579ea2049451d52d3275defc744a0c88ab6479eae68d20eec7daa5b/detection # Reference: https://www.virustotal.com/gui/file/23f9918e9c1f33b8680aa0372157e86dac5e935518c9b05f53497038d05d4121/detection 209.141.46.108:8108 91.231.84.41:8108 google.dynns.com # Reference: https://twitter.com/malwrhunterteam/status/1475482905921130502 # Reference: https://twitter.com/midnight_comms/status/1475484371251511300 # Reference: https://www.virustotal.com/gui/file/b4c892f528c8b86b76263a4095a7912b5aa30fb61fcbbe56fc271d1d130e5c2e/detection my-api-app.xyz # Reference: https://twitter.com/malwrhunterteam/status/1474778716001779726 # Reference: https://twitter.com/midnight_comms/status/1475506228243664900 # Reference: https://www.virustotal.com/gui/file/06b3676ec5b7bf1dd08d49e0aec1f80e1aa5f779c67f883062ca498d20df857c/detection 45.43.41.197:1001 # Reference: https://twitter.com/malwrhunterteam/status/1473968251617087488 # Reference: https://twitter.com/midnight_comms/status/1474025832842776586 # Reference: https://www.virustotal.com/gui/file/960a508a362cd881f91182409f39643e2a923dd2b676227e690bb34b1985635a/detection ipayshop.top c19.ipayshop.top # Reference: https://twitter.com/malwrhunterteam/status/1475575324213657601 # Reference: https://twitter.com/midnight_comms/status/1475579499945283587 # Reference: https://www.virustotal.com/gui/file/69fc7e850ae15a8ab94f7196ce0518e93df7ec28a4b2ad04720c101dde629382/detection 47.245.60.4:10900 47.245.60.4:8090 47.245.60.4:8099 lkshops.cc wending002.com # Reference: https://twitter.com/malwrhunterteam/status/1425805060987052035 http://114.47.79.189 # Reference: https://twitter.com/ni_fi_70/status/1425815291238313984 http://45.114.125.204 # Reference: https://twitter.com/malwrhunterteam/status/1478079926800637958 # Reference: https://twitter.com/malwrhunterteam/status/1478090631578890247 # Reference: https://twitter.com/malwrhunterteam/status/1478371743760793605 # Reference: https://twitter.com/malwrhunterteam/status/1512014585636741123 # Reference: https://twitter.com/malwrhunterteam/status/1512014588837077001 # Reference: https://twitter.com/ni_fi_70/status/1529357208793792513 # Reference: https://twitter.com/midnight_comms/status/1537262273047121920 # Reference: https://blog.cyble.com/2021/12/01/banking-trojan-targets-banking-users-in-malaysia/ # Reference: https://www.virustotal.com/gui/file/5f8a54d54e25400f52ce317bfdbbc866e11ea784ab2d5e3bd0a082a53c6b2d7b/detection # Reference: https://www.virustotal.com/gui/file/9b4a0019e7743a46b49a4d8704ffd6e064db2e5d8db6da4056f7eae5369e16f9/detection # Reference: https://www.virustotal.com/gui/file/0e6721dba6b16a1ef19f0de835ea9e12d842afd846b3a10427e5092b0427e404/detection # Reference: https://www.virustotal.com/gui/file/18ea02f78ce1b530efaaa7e8c2da0dfe42b2715de79d73f30ebcf402ea3f41b1/detection # Reference: https://www.virustotal.com/gui/file/53afe5a5672b53cdfd9dee053ab16c67a77b21ff2ad83a5f1bc26fdabfb8f9ff/detection # Reference: https://www.virustotal.com/gui/file/cbcee96cde3d447d376f7888b10ebe19e8843fd26dde3198f5eb936339265589/detection # Reference: https://www.virustotal.com/gui/file/a5c7373be95571418c41af0de6a03ce78e82bc1f432e662c0dc42b988640e678/detection # Reference: https://www.virustotal.com/gui/file/56f6309cf66a763a6bab878792d3a9d68b5efc5efa84571474dad43a02702ab4/detection # Reference: https://www.virustotal.com/gui/file/6978081372303551b0b159df22e82ce568dadb8a3e1007d722e19299a89c67f6/detection csapks.online grabamaid-my.online grabsapks.online maidacalls.online m4apks.online muapks.online myhomescleaning.site myhomecleaningzs.site petsmore.online redlabapi.online sgbx.online yellowssss.online /api_spa24135/ /api_spa24135/api_espanol/api.php /app_abc771_2sfacslfffcs2/cleaningservicemalaysia_888a/dl.php /app_abc771_2sfacslfffcs2/grabmaid_888a/dl.php /app_abc771_2sfacslfffcs2/made4u_888a/dl.php /app_abc771_2sfacslfffcs2/maid4u_888a/dl.php /app_abc771_2sfacslfffcs2/cleaningservicemalaysia_888a/ /app_abc771_2sfacslfffcs2/grabmaid_888a/ /app_abc771_2sfacslfffcs2/made4u_888a/ /app_abc771_2sfacslfffcs2/maid4u_888a/ /app_abc771_2sfacslfffcs2/ /cleaningservicemalaysia_888a/ /cleaningservicemalaysia_888a/dl.php /grabmaid_888a/dl.php /made4u_888a/dl.php /maid4u_888a/dl.php /grabmaid_888a/ /made4u_888a/ /maid4u_888a/ # Reference: https://twitter.com/malwrhunterteam/status/1566887963295989760 # Reference: https://twitter.com/midnight_comms/status/1569015763071299585 # Reference: https://www.virustotal.com/gui/file/b344e13fc9840d1c3dcd14778777f8f28b1b56e633989e0649761eddfbf9798a/detection # Reference: https://www.virustotal.com/gui/file/0b3c4eaf803101b698b55b1b9d33e7c137c2691ccff12f75f3cb591938cd2d20/detection bestpay-vn.store gapks.online ppsss.online /ecoclean_888a/ /ecoclean_888a/api/api.php # Reference: https://www.virustotal.com/gui/file/fa62aad4bc54e9822a51f34d8a8fcf4dbc4618f7e78c753c116defde9ef97601/detection /proclean_888a/ /proclean_888a/api/api.php # Reference: https://www.virustotal.com/gui/file/10a5e0f827582e6bc07cb5200a769c583d084905bebc446aa703f6bc9e294d39/detection /agency_888a/ /agency_888a/api/api.php # Reference: https://www.virustotal.com/gui/file/4f9d0a95e52dab76c681ebe12f0ed095d12ab01f4dd804de1ea9307e24b9dd86/detection ssapks.online # Reference: https://www.virustotal.com/gui/file/4f9d0a95e52dab76c681ebe12f0ed095d12ab01f4dd804de1ea9307e24b9dd86/detection /kleanhouz_888a/ /kleanhouz_888a/api/api.php # Reference: https://www.virustotal.com/gui/file/3ea00973b966e10775ad2844aabf7504c20e3d923d5bd62d369c9e4a485fbc8a/detection /rentwheel_888a/ /rentwheel_888a/api/api.php # Reference: https://www.virustotal.com/gui/file/3e670c24e726bc6136e8c5f30a45c1655e1f4903a74786bb9058b295853aa418/detection y-sss2.online /api_982/api.php?pass= # Reference: https://www.virustotal.com/gui/file/31cdfa8297eec08bfe090cb6fb5e6096a556ee5496334614abc6ac637b72ea4d/detection yapks.online # Reference: https://www.welivesecurity.com/2022/04/06/fake-eshops-prowl-banking-credentials-android-malware/ # Reference: https://otx.alienvault.com/pulse/624e98f5c4f98e8acb8e1b64 grabmaidsapks80.online grabmyapks90.online maid4uapks90.online maidacalls.online meapks.xyz my-maid4us.site puapks.online smsspy.uz spy.smsspy.uz yourmaid.online # Reference: https://twitter.com/malwrhunterteam/status/1527637165827579904 # Reference: https://twitter.com/malwrhunterteam/status/1529194463918272512 # Reference: https://twitter.com/malwrhunterteam/status/1529195619662938121 # Reference: https://twitter.com/malwrhunterteam/status/1535281774338707456 # Reference: https://twitter.com/malwrhunterteam/status/1537175064382152704 # Reference: https://twitter.com/malwrhunterteam/status/1539613981345812480 # Reference: https://twitter.com/LukasStefanko/status/1527648173849722880 # Reference: https://twitter.com/midnight_comms/status/1535301479065608194 # Reference: https://twitter.com/ecarlesi/status/1539835294664499200 # Reference: https://twitter.com/fareedfauzi/status/1571480514539982848 # Reference: https://twitter.com/ReBensk/status/1571544096128512002 # Reference: https://www.virustotal.com/gui/file/642b8bd970d0c035f6b861c0251fc8d0cc941c30fddb93b67f61fa540593b470/detection # Reference: https://www.virustotal.com/gui/file/dee63434b13911450a54cb6df057f45589cdfaecea2cf30fd3ab06620c0132af/detection # Reference: https://www.virustotal.com/gui/file/5092fb08941f45b11df3147ca9f16c15339271e91e717244d5158952ce9fa669/detection # Reference: https://www.virustotal.com/gui/file/dd2e57615871e4aa8d4333b85b2e8b2c4b3fd15ea8f06f5a30db41d8afd21c71/detection # Reference: https://www.virustotal.com/gui/file/3f1253f3032edb855fd9c1f3128d947d4e4818dd2012fa77130b5cdd4053136b/detection # Reference: https://www.virustotal.com/gui/file/236df2b89daef81fb266804158df2f50d08d11e52605246ab44fe48e47459a23/detection # Reference: https://www.virustotal.com/gui/file/05b201c1634a4ff6d2fcd93ccf31d83ba622e939aec1db4967c4912709edf921/detection # Reference: https://www.virustotal.com/gui/file/26916d220698b18c63534c929f4e5f99479f122023df4f01e60df7733524cc1b/detection # Reference: https://www.virustotal.com/gui/file/26916d220698b18c63534c929f4e5f99479f122023df4f01e60df7733524cc1b/detection # Reference: https://www.virustotal.com/gui/file/292d61b5caab7998e7d0d944d2f826ae8dd3b7bd45fb9496864518a3c331aca3/detection # Reference: https://www.virustotal.com/gui/file/0bfeef92cb67d56483b7420f64a4574a943718ec3717d529af17c2eec3bf6713/detection allapks.online alluapks.online allumroute.online papks.online ausbx.xyz bluenbx.xyz e12345.online familiescleaning4u.store family-cleanings4u.store familyclean4u.store familyclean4you.site familyclean4you.store familycleaning4u.store familycleaningz4u.store familycleans4u.online greenssss.online hotapp.store ikeaexpressmy.com kuislandtravel.com tripvouchercart.com tripvouchercart.store uapis.online uapks.online wine4u-warehouse.online /app_abc771_2sfacslfffcs2/maidacall_888a/dl.php /app_abc771_2sfacslfffcs2/maidacall_888a/ /aus_888a/ /green_888a/ /pink_888a/ /yellow_888a/ /maidacall_888a/ /sg_888a/ /maidacall_888a/dl.php /aus_888a/api/api.php /green_888a/api/api.php /pink_888a/api/api.php /sg_888a/api/api.php /yellow_888a/api/api.php /api_982/api.php # Reference: https://twitter.com/malwrhunterteam/status/1478086438386348033 # Reference: https://www.virustotal.com/gui/ip-address/27.50.59.109/relations # Reference: https://www.virustotal.com/gui/file/89ec0d0be346bae66f1b640dc8831182d091fcbaf7b19d010fb390500a589f17/detection bigo10.xyz bigo15.xyz bigo17.xyz bigo29.xyz dooprimeio.online dooprimeio.site happybuy.club happyto.online happyto.site happyto.xyz renzh.me renzhengus.me renzhengweb.me sappdown.com shopifly.club shopifly.me shopappss.com api.shopifly.club app.shopifly.info app.shopappss.com coin.bigo15.xyz coin.bigo17.xyz coin.bigo29.xyz coin.dooprimeio.online coin.renzhengweb.me jp.dooprimeio.online kefu.dooprimeio.online kefu.happybuy.club kefu.happyto.online kf.happybuy.club pf.dooprimeio.online shop.dooprimeio.site shop.happybuy.club # Reference: https://twitter.com/malwrhunterteam/status/1478385379308879883 # Reference: https://twitter.com/midnight_comms/status/1478408536338087936 http://137.220.168.198 http://61.227.28.40 # Reference: https://twitter.com/malwrhunterteam/status/1478388877148803082 # Reference: https://twitter.com/midnight_comms/status/1478392217207193602 # Reference: https://www.virustotal.com/gui/file/eeb866e9375865b1091710c21917b532856c3471cb75583c9a4e7851ab0a0685/detection http://206.119.81.172 http://206.119.81.174 206.119.81.172:3120 206.119.81.172:3121 206.119.81.174:3120 206.119.81.174:3121 # Reference: https://twitter.com/malwrhunterteam/status/1478377112230838272 # Reference: https://www.virustotal.com/gui/file/9ad24b2ebb2b778b0b4f33a00c878f650f683ee7b5f576b7b0590de2c8a7bf1a/detection complaintregisterqueries.com # Reference: https://twitter.com/malwrhunterteam/status/1478680855065280515 # Reference: https://www.virustotal.com/gui/file/610588c6a5bf1c84e5565a49f9bb17c41eea8a6c35aa3cb762ce9f7e8928854c/detection http://154.92.23.62 # Reference: https://www.virustotal.com/gui/ip-address/45.142.212.216/relations # Reference: https://www.virustotal.com/gui/file/e981e9dd76b6a22d437d6afd7f89e28780465978c82ff69a45a28c66334398c8/detection androidradio.life # Reference: https://twitter.com/malwrhunterteam/status/1479126438951456768 # Reference: https://twitter.com/midnight_comms/status/1479129194705534977 # Reference: https://twitter.com/midnight_comms/status/1479130686250307592 # Reference: https://twitter.com/midnight_comms/status/1479131372161699843 # Reference: https://www.virustotal.com/gui/file/c06bb31b1abe18f3348257c1b9119c07c766f4265180da72a36cf096d9a5834c/detection 91.204.225.189:1003 91.204.225.189:8888 kyuuup.com down.kyuuup.com # Reference: https://www.virustotal.com/gui/file/34c1435c856b46b286cbe8f33e764f0b6214270e829a9a94ce5b2f5cda6a8875/detection # Reference: https://www.virustotal.com/gui/file/99ab12c5a8700baf57b8451c11c58c6ded17005febc94a8684879a495067e20a/detection # Reference: https://www.virustotal.com/gui/file/caa0841fcf619c82a251f87ac9dc960400bfc6b0d3d338159660de113e855af3/detection # Reference: https://www.virustotal.com/gui/file/2ff97543a2dc5e1682f6f579eca8829cac4cdb0a7bf25d91b6f2af4bf8efc772/detection # Reference: https://www.virustotal.com/gui/file/2e0d15ebe64b01961acfd5eb2f5c27b3bc6599a8279e68c8572064dfcb9fd52b/detection # Reference: https://www.virustotal.com/gui/file/d56aa0e8e04b4be4290a920fab6628d4d2de8a725e9fbfae0ca12bb4607a35c9/detection 18.220.102.103:7173 18.220.102.103:7175 18.220.102.103:7177 3.133.123.89:7777 3.133.123.89:8081 agzvatacado.com.br atacadolinhares.com # Reference: https://twitter.com/500mk500/status/1481947421328478219 # Reference: https://www.virustotal.com/gui/file/d35ab11b39ad713206a78cf8eb14a06bab54871e72685313c0abba14ad35df0b/detection techhostuk.xyz /Eso/api/payload.php # Reference: https://www.virustotal.com/gui/file/3693ad57bd27218b76e31c5cde0d8a0877b9267e59a152b7f9f98483192dd370/detection http://103.13.221.63 220.136.230.106:8081 # Reference: https://twitter.com/malwrhunterteam/status/1483539066591318023 # Reference: https://www.virustotal.com/gui/file/4b9aa94766bcae1a8ffaa958699847aa2b39119db8c6ab26d724444b416d1f5a/detection tonights01.vip # Reference: https://twitter.com/malwrhunterteam/status/1483126491294613516 # Reference: https://www.virustotal.com/gui/file/6ae895625fa8a4bbca9386483abc36a82594f3213d0c725a4efff40bf49a77e7/detection http://45.43.41.197 # Reference: https://twitter.com/malwrhunterteam/status/1485696942025973768 # Reference: https://www.virustotal.com/gui/file/35e4033d09316f54119b61b27eb46636854aa0807f3b8e59ec2a21e1d8dac0a2/detection http://111.246.108.151 # Reference: https://twitter.com/malwrhunterteam/status/1486052030888259584 # Reference: https://www.virustotal.com/gui/file/3d07a148559d68d986fcace1003ef8d837885b4b27c1ca834f084c512e38bcc4/detection poderjudicialoficinascontrol.net # Reference: https://www.virustotal.com/gui/file/295ec13eec8460e796f0d1f21eaa9eed6221d258f4c92f9b53e735093e7f0179/detection 119.29.195.21:9876 # Reference: https://twitter.com/B0rys_Grishenko/status/1486448538494152704 # Reference: https://www.virustotal.com/gui/file/c371e98ebee12cde6c9c5c76e5c83b0ae7efef171b25fc01c6e983a4da239e49/detection 212.192.246.188:1010 # Reference: https://www.virustotal.com/gui/file/710c2244d1ba0f73db5ce21064502339d912a34e9ed4fd8499446c7ac813c569/detection 114.36.208.180:8081 # Reference: https://twitter.com/malwrhunterteam/status/1488832320786341888 # Reference: https://twitter.com/malwrhunterteam/status/1490746990329802755 # Reference: https://twitter.com/malwrhunterteam/status/1492099704422809603 # Reference: https://www.virustotal.com/gui/file/5ed619830a363a0f080cc71249a9dbfec2db3130f399e523b308c99fb2da26bb/detection # Reference: https://www.virustotal.com/gui/file/bb452ea20d55c5ea89b23d93b974911e61c42cf798df1875d05e10f930ff4672/detection # Reference: https://www.virustotal.com/gui/file/2285d654954ab1aa92e00f77a67dd1c02e024db8428653d5c62706ab760e1dd9/detection bbvaupdateappdownload.com lockappdown.com update-bbva-v2.com # Reference: https://twitter.com/malwrhunterteam/status/1492106775826513922 # Reference: https://www.virustotal.com/gui/file/17d7526af61a94cd3707a75b00005d01cd9211eed503baf9325904b186dbc32c/detection complaintinquiryhelp.com # Reference: https://twitter.com/malwrhunterteam/status/1493318560722178058 # Reference: https://twitter.com/malwrhunterteam/status/1516114403913093121 # Reference: https://www.virustotal.com/gui/ip-address/198.12.107.13/relations # Reference: https://www.virustotal.com/gui/file/1240870ae35a18d53287b89f300cafec31e6c2a4962faba4c467c587b24d445b/detection http://192.227.196.185 http://198.12.107.13 http://3.108.190.204 /iaserver.php # Reference: https://www.virustotal.com/gui/file/5e259116bb38fc85f9406e7ed07c3af401a4429864adb812d43893e08c05f2fc/detection 103.127.126.78:1001 # Reference: https://twitter.com/JAMESWT_MHT/status/1496477252997025792 normativapsd2-intesasp.duckdns.org sms-super-rat.site # Reference: https://twitter.com/malwrhunterteam/status/1496600700498890757 # Reference: https://www.virustotal.com/gui/file/852e371c395d1312931fa9dd8cdc318c5ac27a1a34a0e8bb66df38642e5602fb/detection 43.155.102.71:4010 mcfinancial2018.top 1qaz.mcfinancial2018.top # Reference: https://twitter.com/malwrhunterteam/status/1497189419484430337 # Reference: https://www.virustotal.com/gui/file/98a9f841661a2e099b0a038b86a21feeda2c6b3c35ec296f28cc056c5208b86f/detection apkface.co.nz # Reference: https://twitter.com/malwrhunterteam/status/1497264749511335937 # Reference: https://twitter.com/LukasStefanko/status/1497360616939405314 # Reference: https://www.virustotal.com/gui/file/f8a4ab3e0ae8216fa0fd455e6c1b861187463e761266c2a7aa0b68c062bb8cbe/detection bitbankchains.com # Reference: https://twitter.com/dubstard/status/1499277881037447173 # Reference: https://twitter.com/jh__1995/status/1501517261227626498 # Reference: https://www.virustotal.com/gui/file/f0b8d4ab6094cbca5a15049fc187115edf634760959c8572dd8c461b207eeeae/detection # Reference: https://www.virustotal.com/gui/file/3791991c210a66e13d27d1122c20542907f3e6124e16d55fe3445ce1852011a3/detection # Reference: https://www.virustotal.com/gui/file/76e0130e745ae7cb89b54f5925424d297bc7dde4b226ddb3ee3f466e616590b1/detection http://141.95.110.157 141.95.110.157:4646 141.95.110.157:4747 141.95.110.157:5151 141.95.110.157:5656 141.95.110.157:5757 141.95.110.157:5959 it-token.me nuova-pratica.net # Reference: https://twitter.com/malwrhunterteam/status/1501306676250656770 # Reference: https://www.virustotal.com/gui/file/c282162cabc838956a26e034f9781add893633f1109840da04be49d964b9b5d6/detection seguridadbbva.ddns.net # Reference: https://twitter.com/illegalFawn/status/1502215836471336961 aggiorna-dati.com app.aggiorna-dati.com # Reference: https://twitter.com/malwrhunterteam/status/1502741288126455817 # Reference: https://www.virustotal.com/gui/file/007962b4a6813c099e0f682f2b6691427251dee74c7bf949b901ec0f757eace6/detection iccashback.xyz server5569.herokuapp.com # Reference: https://twitter.com/malwrhunterteam/status/1502743002070102017 # Reference: https://www.virustotal.com/gui/ip-address/2.57.187.136/relations # Reference: https://www.virustotal.com/gui/file/45d94c1bd3db47b49e5ab2ea6d79f7d6437df4dab0e412393b4fb3833fef88ff/detection hopertemesnedenekerme.net trasmatosdomones.net trelicekeremlicenedenes.net # Reference: https://www.virustotal.com/gui/file/5ce4f9a32f14cb73567a07cfbee92bd967392a889f562a592dea6381644c693e/detection 193.161.193.99:38464 joseluisperalta332-38464.portmap.host # Reference: https://twitter.com/ThreatFabric/status/1501911413891248128 # Reference: https://twitter.com/malwrhunterteam/status/1504054802086518784 # Reference: https://www.virustotal.com/gui/file/b12dd66de4d180d4bbf4ae23f66bac875b3a9da455d9010720f0840541366490/detection mycrypto-app.com # Reference: https://twitter.com/malwrhunterteam/status/1504460977546444801 app-token-new.com # Reference: https://twitter.com/JAMESWT_MHT/status/1504470425564160004 direttiva.net utenze-app-2022.net # Reference: https://twitter.com/bl4ckh0l3z/status/1504573644466495489 verifica-conto-online.com # Reference: https://twitter.com/malwrhunterteam/status/1505113881219379201 # Reference: https://www.virustotal.com/gui/file/f53b4f10f9f3ae3e0657d6d90f23f4aec1ccaa563e67d0ad307229d49eb94ee6/detection aggiorna-web.org conferma-informazioni.xyz # Reference: https://twitter.com/malwrhunterteam/status/1505993336661938185 # Reference: https://www.virustotal.com/gui/file/c9827143f8e76137e582c4ec53ae10032f6543d5bd02fbeb81ecbccedf648656/detection resim.ac # Reference: https://twitter.com/malwrhunterteam/status/1507440648407982082 # Reference: https://www.virustotal.com/gui/file/3272babdbba4ee7c05a3f2c01b810ca58722e105d11c792c9dc684c4e1251e97/detection dati-info-online.com # Reference: https://twitter.com/illegalFawn/status/1511976296313675778 attiva-ora.cc # Reference: https://twitter.com/JAMESWT_MHT/status/1514587748102979585 # Reference: https://twitter.com/JAMESWT_MHT/status/1514602924462075906 # Reference: https://bazaar.abuse.ch/sample/8e24803de9d71899f4e146569462b15f42c0c2d19529482c9e67a2e9d39db374/ no-infami.com # Reference: https://twitter.com/ThreatFabric/status/1514626208151052288 iqitech.com.ng/assets/default/js/ckeditor/adapters/receiver.php # Reference: https://twitter.com/malwrhunterteam/status/1514587095742005257 # Reference: https://www.virustotal.com/gui/file/5bc84ed4a80f805ea5d83652624f20708029072080a9356bf5920251e6b717bd/detection food-bolt.pl # Reference: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/phishing-android-malware-targets-taxpayers-in-india/ # Reference: https://otx.alienvault.com/pulse/61374d351fd12f7d4a8bef82 # Reference: https://www.virustotal.com/gui/file/1e8fba3c530c3cd7d72e208e25fbf704ad7699c0a6728ab1b290c645995ddd56/detection # Reference: https://www.virustotal.com/gui/file/120a51611a02d1d8bd404bb426e07959ef79e808f1a55ce5bff33f04de1784ac/detection jsig.quicksytes.com /MC/NN180521/mc.php # Reference: https://twitter.com/malwrhunterteam/status/1516134727438139392 # Reference: https://www.virustotal.com/gui/ip-address/47.243.32.43/relations # Reference: https://www.virustotal.com/gui/file/64a8a493bbe9149c44e64787e7058f7fa5ec1cc8c4d95ce72414e9f82c423487/detection krakenwe.com krakenxz.com mobile5566.xyz # Reference: https://twitter.com/malwrhunterteam/status/1516873314572161030 # Reference: https://www.virustotal.com/gui/file/f217d7652934d4f26c379250ed93d94f0f751bf8673f8992b75da703bf408168/detection android-exploit-default-rtdb.firebaseio.com # Reference: https://twitter.com/AgidCert/status/1517098761431961602 # Reference: https://cert-agid.gov.it/wp-content/uploads/2022/04/smsgrab_21-04-2022.json_.txt # Reference: https://www.virustotal.com/gui/ip-address/111.90.142.153/relations # Reference: https://www.virustotal.com/gui/file/c58befc7919032bdb192f3a29e32d7af425eed133d05db13b2dd8d27ca6a82c0/detection # Reference: https://www.virustotal.com/gui/file/ed6ecddfd45552c069f0fbb076d60e1a177b4f683988dcba769dc184178a417b/detection # Reference: https://www.virustotal.com/gui/file/c6051449b53c0d3b884920ae402ac80316b6a4d12d19a4c5a78dc795ab90fac5/detection # Reference: https://www.virustotal.com/gui/file/5b623c95f027088d55940e1b2f89656c4b634ae825e464c81557b0a487987ba7/detection # Reference: https://www.virustotal.com/gui/file/31208850ba6add5c0d813109f8ca2149bd706609be2770a1c665da1914c27519/detection # Reference: https://www.virustotal.com/gui/file/89c61f0c261774f5d61c09e44508619eb3497c2ccec4e831d5c2635b9fe7c333/detection appmessaggi2022.com appmessaggi2022.net /app/appsicurezza/ # Reference: https://cert-agid.gov.it/wp-content/uploads/2022/04/smsgrab_22-04-2022.json_.txt clienteportale.com goriziacarcere.altervista.org # Reference: https://cert-agid.gov.it/wp-content/uploads/2022/05/smsrat_02-05-2022.json_.txt # Reference: https://www.virustotal.com/gui/ip-address/23.235.232.236/relations # Reference: https://www.virustotal.com/gui/ip-address/82.221.129.39/relations aderireweb.com scarica-adesso.com scarica-info.com scarica-orasicura.com scarica-qui.com scarica-sicurezza.com scarica-subito.com scaricaadesso.com scaricaqui.com scaricasubito2022.com attiva-sicurezza.scarica-orasicura.com attiva-sicurezza.scaricaadesso.com sicurezza-web.aderireweb.com sicurezza-web.scarica-adesso.com sicurezza-web.scaricasubito2022.com # Reference: https://twitter.com/malwaremansys/status/1517113535653838848 # Reference: https://www.virustotal.com/gui/file/2ff24ec36b4ee6fa8cd0b26d8a61bffc6cafa48ba21760c7fecae7d11a88b766/detection # Reference: https://www.virustotal.com/gui/file/e669aaaf69ecfe30f5c7f0b7d4f1fc82be1337aacbbb21b60b0a6f808e7c1da5/detection http://180.215.155.21 180.215.155.21:6677 180.215.155.21:7788 # Reference: https://twitter.com/malwaremansys/status/1436941904768225280 # Reference: https://www.virustotal.com/gui/file/f9f3097eac9b5f216c8158c23d5bf5c2051cc6657aaaaf9adb6939f0f97b3330/detection # Reference: https://www.virustotal.com/gui/file/8c6e67d047e7d79ee0246d2b002c79ceb1934b2a070dce884e85efb9fbeaf550/detection # Reference: https://www.virustotal.com/gui/file/5ec6cb7dac3960738d65c40432dc1221570ee8d65833124cedebab362754e1ea/detection mivip.xyz romo.mivip.xyz topo.mivip.xyz soyo.mivip.xyz # Reference: https://twitter.com/malwrhunterteam/status/1517562010942283776 # Reference: https://www.virustotal.com/gui/file/bfa9a861d953247eea496f4a587f59e9ee847e47a68c67a4946a927c37b042c4/detection ssi.management # Reference: https://twitter.com/malwrhunterteam/status/1517787583648268288 # Reference: https://www.virustotal.com/gui/file/3efd7a760a17366693a987548e799b29a3a4bdd42bfc8aa0ff45ac560a67e963/detection # Reference: https://www.virustotal.com/gui/file/da4e28acdadfa2924ae0001d9cfbec8c8cc8fd2480236b0da6e9bc7509c921bd/detection server5570t.herokuapp.com server85478.herokuapp.com # Reference: https://twitter.com/malwrhunterteam/status/1521240037404336128 # Reference: https://www.virustotal.com/gui/file/65d5dea69a514bfc17cba435eccfc3028ff64923fbc825ff8411ed69b9137070/detection iccashcashback.xyz server5568t.herokuapp.com # Reference: https://twitter.com/malwrhunterteam/status/1517577088143962112 # Reference: https://www.virustotal.com/gui/file/825bcade5a6323c5d81b11a572e51232a0ddb205107c2edeb5d42bf94f231f49/detection # Reference: https://tria.ge/220423-hgcb8afabp/behavioral1 app-connector.duckdns.org # Reference: https://twitter.com/malwrhunterteam/status/1518635868629745667 # Reference: https://www.virustotal.com/gui/ip-address/217.21.74.60/relations # Reference: https://www.virustotal.com/gui/file/8bc920af87fa19c3bfe76b40f85390d983b81340af690a49113f247cca957456/detection biotermitecontrol.com mymaidkl.com mobile444.biotermitecontrol.com mobi1e666.mymaidkl.com # Reference: https://twitter.com/malwrhunterteam/status/1518869405089808384 # Reference: https://twitter.com/bl4ckh0l3z/status/1520042120282783744 # Reference: https://twitter.com/Gi7w0rm/status/1520152273040691203 # Reference: https://www.virustotal.com/gui/file/f3092c6f398e9f248286817d82e50c45e51df09abc08b6897cdac729b8e9b59a/detection homeloan.vip magicmoney.cc app.homeloan.vip app.magicmoney.cc # Reference: https://twitter.com/malwrhunterteam/status/1520023263476436994 # Reference: https://www.virustotal.com/gui/file/659e1b784b4380f50bb96c93593f2715a428ae2e31f7d57f4e15d8ed382997af/detection acequeen20.net # Reference: https://twitter.com/malwrhunterteam/status/1520364917324451841 # Reference: https://www.virustotal.com/gui/file/9115408ab7227f30cb6d3f785c208377b31da208171def1c3ec4d81c6f833585/detection fich.buzz # Reference: https://twitter.com/malwrhunterteam/status/1520400857900236800 # Reference: https://www.virustotal.com/gui/file/9574cc465edc79f2a0e25ca12a8c9febcff368f498373c9ca841a947c4659a95/detection inbestbeauty.com # Reference: https://www.virustotal.com/gui/file/17fb8b2590b9ae36ccd14ee07422c3c987263e91897ffb248748a3318ea5ad0c/detection 27.255.64.75:8080 # Reference: https://twitter.com/malwrhunterteam/status/1527034925442027526 # Reference: https://twitter.com/ni_fi_70/status/1527185971770531840 # Reference: https://www.virustotal.com/gui/file/5e5343aecc20c04f64c89fedb6263fad9bfca7ede36437820f32f3502f7393c8/detection demosketch.000webhostapp.com looz-b3052-default-rtdb.firebaseio.com # Reference: https://twitter.com/malwrhunterteam/status/1529806150228754432 # Reference: https://www.virustotal.com/gui/file/869864fa8ba65b37d03487dae6b403c6cb9ca556368ef4a6bb51d8a43a1c5a22/detection 103.127.125.169:7896 # Reference: https://twitter.com/malwrhunterteam/status/1531333203516174339 # Reference: https://www.virustotal.com/gui/file/7394a5b7e15eba380a4add9c6954b15c85cd082bc8e881380cdf3d2b9f5209d9/detection # Reference: https://www.virustotal.com/gui/file/90484e012575381a0c8f33d61c76184e2aba5d2b31a929ac2d4bbd79576c2dc0/detection clientesbbvalock.com # Reference: https://twitter.com/malwrhunterteam/status/1531719070088929280 # Reference: https://www.virustotal.com/gui/ip-address/154.204.31.226/relations # Reference: https://www.virustotal.com/gui/file/988438053a028bd6a2735756ef800b3f547fa89f21051b22207940add0cdd1fc/detection bithumbex.com humbvip.pro exchange.bithumbex.com exchange.humbvip.pro # Reference: https://twitter.com/malwrhunterteam/status/1501288384760893449 # Reference: https://twitter.com/malwrhunterteam/status/1501297507846037506 # Reference: https://twitter.com/malwrhunterteam/status/1532085707296194560 # Reference: https://www.virustotal.com/gui/ip-address/148.72.158.61/relations # Reference: https://www.virustotal.com/gui/file/e9d973acffa86c37ae72d3db4093cd7a449d5cd1bf52c6386352a5a6fa223ad6/detection # Reference: https://www.virustotal.com/gui/file/4a517a3992726cc4ee9f7890ecaaba01e40165c27b8a32ad440fb013721b2c65/detection # Reference: https://www.virustotal.com/gui/file/24fc61f6184426018bfe9124c68c753339c6cc6c7c507fe5304c42f247963b88/detection # Reference: https://www.virustotal.com/gui/file/ce71c1916be8edffeca2e5a18709b19188a4ff221647491d9807e7b017d0343a/detection accountsecureverify.com contactquarycenter.com csqs.online online-complaint.com thesecureservices.in secondnew.csis.digital online-complaint.accountsecureverify.com # Reference: https://twitter.com/ReBensk/status/1532049841009750017 http://135.181.31.152 # Reference: https://twitter.com/malwrhunterteam/status/1532421877611778057 # Reference: https://twitter.com/malwrhunterteam/status/1538120893506928640 # Reference: https://twitter.com/midnight_comms/status/1538134165371072513 # Reference: https://twitter.com/elhackernet/status/1541673500988940290 # Reference: https://www.virustotal.com/gui/ip-address/185.178.45.125/relations # Reference: https://www.virustotal.com/gui/ip-address/185.244.183.105/relations # Reference: https://www.virustotal.com/gui/ip-address/213.178.155.60/relations # Reference: https://www.virustotal.com/gui/ip-address/45.10.244.134/relations # Reference: https://www.virustotal.com/gui/ip-address/5.188.90.227/relations # Reference: https://www.virustotal.com/gui/ip-address/91.203.193.103/relations # Reference: https://www.virustotal.com/gui/file/caee54ae322d5418f051e468c13a4ec04263f02f8b8bd6b5db34e388dbbb331a/detection # Reference: https://www.virustotal.com/gui/file/328b4d74654a3d3ed4adc8be6bff11d2adf29d04c13f050c97fa6d2d4fcea455/detection accesodigital.icu accesodigitales.icu app-protect.click appmovil.click appmovil.icu appsecureguide.com cancelacion.icu es-appmovil.click es-appmovil.icu es-movil.click es-movilapp.click es-protect-app.click es-protect.click es-protect.icu es-protectapp.click es-protectapp.icu european2fa.com movil-actual.click movil-actual.icu movil-descarga.click movil-es.icu movil-protect.click movilapp.click movilapp.icu movilapps.click movilprotect.xyz privasol.xyz protect-actual.icu protect-app.click protect-es.icu protect-mobile.click protect-movil.click protect-movil.icu protect-now.click protectapp-es.icu protectapp.click protectapp.online reactivar-usuario.click reinaldotrrr.xyz acceso.app-protect.click acceso.appmovil.click acceso.appmovil.icu acceso.es-appmovil.click acceso.es-appmovil.icu acceso.es-movil.click acceso.es-movilapp.click acceso.es-protect-app.click acceso.es-protect.click acceso.es-protect.icu acceso.es-protectapp.click acceso.es-protectapp.icu acceso.movil-actual.click acceso.movil-actual.icu acceso.movil-descarga.click acceso.movil-es.icu acceso.movil-protect.click acceso.movilapp.click acceso.movilapp.icu acceso.movilapps.click acceso.movilprotect.xyz acceso.protect-actual.icu acceso.protect-app.click acceso.protect-es.icu acceso.protect-movil.click acceso.protectapp-es.icu acceso.protectapp.click acceso.protectapp.online acceso.reactivar-usuario.click access.protect-mobile.click bbva.app-protect.click bbva.appmovil.click bbva.appmovil.icu bbva.appsecureguide.com bbva.es-appmovil.click bbva.es-appmovil.icu bbva.es-movil.click bbva.es-movilapp.click bbva.es-protect-app.click bbva.es-protect.click bbva.es-protect.icu bbva.es-protectapp.click bbva.es-protectapp.icu bbva.european2fa.com bbva.movil-actual.click bbva.movil-actual.icu bbva.movil-descarga.click bbva.movil-es.icu bbva.movil-protect.click bbva.movilapp.click bbva.movilapp.icu bbva.movilapps.click bbva.movilprotect.xyz bbva.protect-actual.icu bbva.protect-app.click bbva.protect-es.icu bbva.protect-movil.click bbva.protectapp-es.icu bbva.protectapp.click bbva.protectapp.online citi.protect-mobile.click citi.protect-now.click login.protect-now.click unicaja.accesodigital.icu unicaja.accesodigitales.icu unicaja.cancelacion.icu unicaja.reactivar-usuario.click univia.accesodigital.icu univia.accesodigitales.icu univia.cancelacion.icu /banzreceiver/ /banzreceiver/receiver.php # Reference: https://twitter.com/malwrhunterteam/status/1549122722596327424 # Reference: https://www.virustotal.com/gui/ip-address/2.59.40.220/relations # Reference: https://www.virustotal.com/gui/ip-address/85.193.88.116/relations # Reference: https://www.virustotal.com/gui/file/fc441080c994e53f43c2e8fcb3cbcad69ef36fe84ee239a38656fb7f9fd8ab28/detection app-movil.icu app-protect.info app-protect.top collab-connect.land compound-finance.top dooplicator-mint.com dooplicator-nft.com dxdy-trade.top dxdy-v2.top dydx-exchange.icu dydx-exchange.top es-protect.info holdercertify.com movil-protect.icu protect-app.info protect-digital.click protect-movil.info receddiver.xyz thedooplicator-mint.com acceso.app-movil.icu acceso.app-protect.info acceso.app-protect.top acceso.es-protect.info acceso.movil-protect.icu acceso.protect-digital.click acceso.protect-movil.info bbva.app-movil.icu bbva.app-protect.info bbva.app-protect.top bbva.es-protect.info bbva.movil-protect.icu bbva.protect-app.info bbva.protect-digital.click bbva.protect-movil.info # Reference: https://twitter.com/malwrhunterteam/status/1534636991006093317 # Reference: https://www.virustotal.com/gui/file/7a93df01e0de0e0bf98bb35bab1f27ef9349411f5804eddedebc09ccb3115c8b/detection hotnews.lol onlyfans.org.nz # Reference: https://twitter.com/malwrhunterteam/status/1537045669118189568 # Reference: https://twitter.com/midnight_comms/status/1537093970978693120 # Reference: https://www.virustotal.com/gui/file/b2dbd9f108990215d2552545b8879d9c206dc95959c5cc580dda5cb74074c3c4/detection baguvixforme.ipv6d.my.id melanieparker.freecluster.eu # Reference: https://www.virustotal.com/gui/file/7753b955b6e9ac336872cb2b0b10218316bf8b9fc3ba9a8e3146746b5841514d/detection glosso.info # Reference: https://twitter.com/malwrhunterteam/status/1539585094699974656 # Reference: https://www.virustotal.com/gui/ip-address/62.197.136.162/relations # Reference: https://www.virustotal.com/gui/file/fbc44ae305d55f3e70541f52659cc9b0ea153056d0428f81c578d3a748dc91e5/detection bnbgta.site bncbia.site cbiabn.site dacto.site datecdo.site davbn.site davicanda.site daviclenta.site daviderra.site daviendas.site davimenla.site davimica.site daviunda.site davlecda.site dcdto.site dtceto.site lillpink.site smsflash.site smsinstant.site smsquick.site smsrapido.site solidadria.site # Reference: https://twitter.com/malwrhunterteam/status/1540428230154506240 # Reference: https://www.virustotal.com/gui/file/47284af8ccf06ae9fc0e93e69e549d17e9a2508886bf6f2952fe54260d8c68aa/detection projectxcrack23.pserver.ru # Reference: https://www.virustotal.com/gui/file/acee1384eda616f0f483ee340dbebbfdc8e33876b7002606aedcfcb7c625f01e/detection lakeforestus.space # Reference: https://www.cleafy.com/cleafy-labs/revive-from-spyware-to-android-banking-trojan # Reference: https://www.virustotal.com/gui/file/ebd9f516acce71bd652ac013ec607fa4ccf8d12d0069d492d964611e6d084a40/detection # Reference: https://www.virustotal.com/gui/file/c27c87f4b2a0d95a17d11535167445e3fa9db05470f1cc57c62b39248a54c4fe/detection 80.85.153.49:4000 # Reference: https://twitter.com/malwrhunterteam/status/1543330479318999042 # Reference: https://www.virustotal.com/gui/file/49438dc8da1cc4882309e381c5e5a36f1fdbc6982de26e7003ff370b80a8dcec/detection # Reference: https://www.virustotal.com/gui/file/c52d0f4ea9f1da37cd98da4078025fdfc0c90df1bee4b063fecc7634185acaf0/detection # Reference: https://www.virustotal.com/gui/file/54608032d6acdc53e1070a4c42ef5e4c7a16af9661e2b4e20eb3de0deedbffc2/detection # Reference: https://www.virustotal.com/gui/file/442ae9f82edee663fa118a7aac5a3ab3e587492d0f4332a97ba8307689014421/detection http://51.68.145.103 45.141.56.57:6868 51.83.254.113:58990 51.83.254.113:6868 51.83.254.113:58771 51.83.254.113:9988 # Reference: https://twitter.com/malwrhunterteam/status/1552024148674859009 # Reference: https://twitter.com/midnight_comms/status/1552252002826178563 # Reference: https://www.virustotal.com/gui/file/0cdadb7e66e55de9461b890096829d59f3b1da8e16274e36b0554adf9d04dded/detection http://101.99.94.97 dasboardbeiflus.online l-santander-es.com l-start-santnander.online lsantander-es.com # Reference: https://twitter.com/JAMESWT_MHT/status/1554717598641803264 gatewayantimanomissioni.com /xxxa_6iFMrYfrdGnBsUOBS4G103w/ # Reference: https://twitter.com/malwrhunterteam/status/1558508005825675265 # Reference: https://www.virustotal.com/gui/file/653a1f007670b284384239aa88a2c1d4342b8c1a86539d602681ec514c80231d/detection axisrewardstore.com # Reference: https://twitter.com/malwrhunterteam/status/1561065045882175488 # Reference: https://www.virustotal.com/gui/file/6ad9414816ae37802667ec2988cf1d733236aa6d082aed159914f5d694621ab6/detection msamazonshop.com # Reference: https://www.virustotal.com/gui/ip-address/92.249.45.145/relations # Reference: https://www.virustotal.com/gui/file/5d6009a941f2731a6c93d70afb917e7f9da79ccf8f6e7c361424f6c86cb513c4/detection melllthmrh.shop mlmollat.shop moliiat.shop mtlahmrh.shop nkoxmeos.shop ohmellt.shop omletgoje.shop autodiscover.ohmellt.shop cpanel.ohmellt.shop cpcalendars.ohmellt.shop cpcontacts.ohmellt.shop mail.ohmellt.shop webdisk.ohmellt.shop webmail.ohmellt.shop # Reference: https://twitter.com/malwrhunterteam/status/1564701134295601152 # Reference: https://www.virustotal.com/gui/file/ba30e251e2373e36180897d1090b25aed1c536147e0cd62c47ade739d2c51f58/detection # Reference: https://www.virustotal.com/gui/file/2c8f2f1262ff66c55b9ef80b3b4d2225d2c7be4d5bd579222dcd9e22d78d8199/detection shine-job.com # Reference: https://www.virustotal.com/gui/file/95242e1d105de9c33b2c9d8a9514f58327ca32d7d24af9af19ff3f0d075ea451/detection (# Zanubis) http://92.38.132.217 92.38.132.217:8000 # Reference: https://twitter.com/0xabc0/status/1565284403357564931 # Reference: https://www.virustotal.com/gui/file/149597cb556feeb4dab6d22bcdd112a63e76d599a79f585ba288a6f726df97b1/detection softwarebulldog.net # Reference: https://twitter.com/malwrhunterteam/status/1565435960380243968 # Reference: https://twitter.com/500mk500/status/1565565283795869698 # Reference: https://www.virustotal.com/gui/ip-address/44.204.164.21/relations # Reference: https://www.virustotal.com/gui/file/39413b2215f225da68530fa312b08f566a7bd64e55fac70d81eefe8e5cfa6ee4/detection # Reference: https://www.virustotal.com/gui/file/5bf4fdaa5f0ad65bd3d9b66ce67a6413c0a22c7ff6f411c1727768cde5780cef/detection cointree.vip commsecs.info commsecs.vip commsecs.xyz ibkrs.xyz api.commsecs.vip api.ibkrs.xyz # Reference: https://twitter.com/malwrhunterteam/status/1566173265625767937 # Reference: https://www.virustotal.com/gui/file/66c572dd6b68a1abc48241f6d7308fbc42b18470e1d8989190f515a6f621f0a1/detection axisstore.in # Reference: https://twitter.com/malwrhunterteam/status/1567880670612955136 # Reference: https://www.virustotal.com/gui/file/e5f85b2d40bb05c0bf9fc22eb04d98ca28bd4b5fcfa84d8dfebf5b5f2e453811/detection axisbankpoints.com # Reference: https://twitter.com/malwrhunterteam/status/1568340694606938112 # Reference: https://twitter.com/midnight_comms/status/1569013865584926720 # Reference: https://www.virustotal.com/gui/file/8b36ba2150047191c388ec2f12a7c28cd82b7eccb9b626e8a8620faefee0c9bf/detection pompi09m.com # Reference: https://www.virustotal.com/gui/file/19b6456895335a1f930e0a6cd1f7bdf1a1645861c5736da23936702af8617510/detection http://139.180.144.202 http://217.69.4.117 # Reference: https://www.virustotal.com/gui/file/bcd4b2ee965b683d84d326fa51ed7d8a6caa86e49303f577387c9635f00e302e/detection 34.77.167.32:6060 # Reference: https://www.virustotal.com/gui/file/114d2cb00a820db7f5277dda5c7750f0e3143091d63484a35cb61b34af040964/detection idapple.tech cp.idapple.tech # Reference: https://twitter.com/malwrhunterteam/status/1570511096724987904 # Reference: https://www.virustotal.com/gui/file/549eb190f60075f3ec58e228725f9540f4226f0ff569796fdd884a0c48c4a407/detection stop-war.co.in # Reference: https://www.virustotal.com/gui/file/f8407b8e8b407c2c4b61396049be55de577c290c8167de78cfacb0e896c198e8/detection 182.16.42.18:10102 # Reference: https://twitter.com/malwrhunterteam/status/1573777607459495939 # Reference: https://twitter.com/malwrhunterteam/status/1575954702176428032 # Reference: https://www.virustotal.com/gui/file/8325398d82c110e9219cfbd963c915b7753f108ddd109ceefc47e8c7ef978fe9/detection cardworth.link najsnjdndjdjdjsnsnsnndnd.link server565hd.herokuapp.com # Reference: https://twitter.com/entdark_/status/1574959318331314181 # Reference: https://www.virustotal.com/gui/file/44dd79ed23516673af9084ea8120f3d412e815ab3df36e9c7e2028363cd086de/detection # Reference: https://www.virustotal.com/gui/file/6f643819b96ca4b0451293954100b1739865fc593d6c75048563ac5d9a34479a/detection 92.38.190.112:8000 # Reference: https://twitter.com/malwrhunterteam/status/1575138007631396865 # Reference: https://twitter.com/ni_fi_70/status/1575447522197360640 # Reference: https://www.virustotal.com/gui/file/359f382d3aa5df5e38ba59905cf7a0f2cd6b171f8c2ff70ddff1a92b1aefc8c6/detection nimmabengaluru.in rblrewards.in # Reference: https://twitter.com/malwrhunterteam/status/1575963051660300289 # Reference: https://www.virustotal.com/gui/file/2a606e0dc430232fc0608e954eabd82d76f1212da4fc47e57d1da25ac282ebd2/detection bestrahul.com # Reference: https://twitter.com/malwrhunterteam/status/1580875733714358272 # Reference: https://www.virustotal.com/gui/file/7b0d377bd1efca7cf0ca1f8ff0c3c587d1a7afa355e2c33b5d811c593d8e528c/detection axisedgepoints.com # Reference: https://twitter.com/malwrhunterteam/status/1581006821200101378 # Reference: https://www.virustotal.com/gui/file/87edee0649af1f9eff7b8f350790fa20bb4355ee938fba1c068ff6d75b445fe3/detection iciccireewaards.in # Reference: https://twitter.com/malwrhunterteam/status/1581218775625478144 # Reference: https://www.virustotal.com/gui/file/87b3de778206c395f05db5d3b39001b64cfbf397685b0c245ea8a8a74f3254cb/detection nobitx.cam # Reference: https://twitter.com/malwrhunterteam/status/1581357795441397760 # Reference: https://www.virustotal.com/gui/file/b81c38ce7fb10d1c68f08176a857ca3c74006d70061cdd196f50a579f8b26082/detection rewardapp.in # Reference: https://twitter.com/malwrhunterteam/status/1582778164266532864 # Reference: https://www.virustotal.com/gui/file/e32e453296b4e5991947d9b318ca5b44578f58009fa82f96e45fa33d6254c27c/detection updateyourcard.in # Reference: https://twitter.com/JAMESWT_MHT/status/1583823756937789441 srvdwnld.com # Reference: https://twitter.com/malwrhunterteam/status/1584911467219935233 # Reference: https://twitter.com/LukasStefanko/status/1584921537496420362 # Reference: https://twitter.com/ni_fi_70/status/1585536222360895488 # Reference: https://www.virustotal.com/gui/file/e076771ea4f054354e636b6711f135bb9ce956a38429f79b3e97e2cb680043c1/detection cbrewards.xyz cbrewardsapply.com cbcplus.in domain-customer-security.com # Reference: https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/ # Reference: https://otx.alienvault.com/pulse/635bcdd5ea635790dfe7f4d6 gia.3utilities.com # Reference: https://twitter.com/malwrhunterteam/status/1586322708874203137 # Reference: https://www.virustotal.com/gui/file/ff15418db7062d6df6ea361c227cd9a7392486c16873612667f4889d9bbe58dd/detection floating-meadow-51578.herokuapp.com unhealable-henrys.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/e0c5656ca9877b37e92f5208caf9c65365e9d35ea6eb351915eb3efee235db31/detection 194.87.31.3:3000 fiordmoss.ddns.net # Reference: https://twitter.com/malwrhunterteam/status/1586481558038380544 # Reference: https://www.virustotal.com/gui/file/cedd041132fb09d7ea36005e75c1310458de887ae13bb7771e306223189fdb3e/detection hrdtjjfhghgghjyfugyuhugyt.xyz server-op-007.herokuapp.com # Reference: https://www.virustotal.com/gui/file/f451ead098b1cbba2ddf7616668d79d5eba5b47248bd381dee9102d91d0d1521/detection eienjk.herokuapp.com # Reference: https://www.virustotal.com/gui/file/57d0d59602b239ea3f51b424eb97ae0d446976deeee32320351fefc9524e4d4a/detection mymember.shop store.mymember.shop # Reference: https://www.virustotal.com/gui/file/95a492a482de34121ce37f254a895cf24de0499701da8bd5dddc8f38fd14b435/detection yvette-toy.com # Reference: https://twitter.com/malwrhunterteam/status/1589744015108284416 # Reference: https://www.virustotal.com/gui/file/549999ad68e83454eefd0203ac028c54d7dcf45b1c1aa783985b8554e5352448/detection http://192.227.196.172 # Reference: https://twitter.com/malwrhunterteam/status/1589992683459973120 # Reference: https://www.virustotal.com/gui/file/20d756ad6c2a30f1b54d09d3aaad0a58910da0e152a570da11f34bd83dd30f4a/detection mensural-input.000webhostapp.com rashmikakyc.pages.dev # Reference: https://twitter.com/malwrhunterteam/status/1590477370204377088 # Reference: https://www.virustotal.com/gui/file/a62ffd2f7c9932b0d7003d052f8c1c51923dcea7c5d7afba6f8640d8799d0c1b/detection wordresume.herokuapp.com # Reference: https://twitter.com/malwrhunterteam/status/1591585679896633345 # Reference: https://twitter.com/midnight_comms/status/1596502593668538371 # Reference: https://www.virustotal.com/gui/file/3eb9661b887251fd28ee95a29cbd4f84497ce5955a2817cdf03aef808420411a/detection j.000webhostapp.com jant.000webhostapp.com # Reference: https://twitter.com/malwrhunterteam/status/1591586472561631233 # Reference: https://www.virustotal.com/gui/ip-address/64.44.139.133/relations # Reference: https://www.virustotal.com/gui/file/72b867acd69d9ce377aa073bb04ec3f141f27f1985e5d3407e480976ab81d8fe/detection alroment.tk rmtedmin.tk # Reference: https://blog.cyble.com/2022/11/15/phishing-campaign-targeting-indonesian-bri-bank-using-sms-stealer/ apk-ind.com apk-online.com formullir-tarlf.com ionicio.com login-brimo-tarif.com britarif.ftml.my.id layanan.sch.id tarif-layananbri.my.id brimo-login-id.apk-ind.com brimo-login-ind.apk-online.com brimo-update.apk-online.com grupwa11197435.apk-ind.com id-bri-login.apk-online.com id-login-brimo.apk-ind.com id-login-brimo.apk-online.com login-bri-ib.apk-ind.com skematrf-login.apk-ind.com trf-skema-bri.apk-online.com perubahan.tarif-layananbri.my.id # Reference: https://twitter.com/malwrhunterteam/status/1593723747491614727 # Reference: https://www.virustotal.com/gui/file/e8d7a0436d04e4ce48769481da317755a217a0f9fd08f679a79b4b54f2d45490/detection ocellar-rice.000webhostapp.com # Reference: https://twitter.com/malwrhunterteam/status/1594095245582548993 # Reference: https://www.virustotal.com/gui/file/429ef52512fffe6e395700de22cc578eb482ee42f947fab2d48159386adb4d8d/detection # Reference: https://www.virustotal.com/gui/file/b58594c91a5712a38dbd5a1ceba76cbe0d0f934b53755fa61b9d8f8a369c1b1e/detection ravins.online /admin_panel/api/app/client_app /admin_panel/api/app/user_get_job_price # Reference: https://twitter.com/malwrhunterteam/status/1593719207597903873 # Reference: https://twitter.com/midnight_comms/status/1596500158170423298 # Reference: https://www.virustotal.com/gui/file/c4801ea49cce0b7fe44779ecc919dd7aa09be7ba8d8ab14b7cecdbcbe538bb32/detection http://137.220.230.50 # Reference: https://twitter.com/malwrhunterteam/status/1596563368344682497 # Reference: https://www.virustotal.com/gui/file/ada96d3e8a7c01da25aa45cbabbdec28f928fd7aed048d1d96456f1d89cb39cf/detection accounts-shopify.com # Reference: https://twitter.com/ReBensk/status/1597189188549386240 # Reference: https://www.virustotal.com/gui/file/fe213dc7e796c1dd9d78eb7b1aa003605a854c729a3b4d2427b624183fae5d0f/detection point-dekho.xyz hellorsircheck.000webhostapp.com ksjkahsadkakkjsdkjakda.web.app sbi-kyc-apks-v-1-22-2.web.app # Reference: https://twitter.com/malwrhunterteam/status/1597307590286794753 # Reference: https://www.virustotal.com/gui/file/cc174d774a09796b2952de2c308d2193e7fb093dc4559052483ba49f2f477727/detection pointrewardas.co.in # Reference: https://twitter.com/ni_fi_70/status/1597510646408441856 # Reference: https://www.virustotal.com/gui/file/b3b59180bef0e80839b83c421b2100a84dcaf4bf9774072bf2cc19af1092c5e6/detection aktualizacjakodu.com # Reference: https://twitter.com/malwrhunterteam/status/1597521278713311232 # Reference: https://www.virustotal.com/gui/file/bd89b188041388f7d2a024546d4a46e7a8e39dc251152f223720a014405e3bf3/detection d3m4i2q8vx73j8.cloudfront.net # Reference: https://twitter.com/malwrhunterteam/status/1597520171635453952 # Reference: https://www.virustotal.com/gui/file/007bdb212d92a3402095c8828366f5c1de4f83f5050a1443a7651f79285a4560/detection luxlury.com luxury-online.net # Reference: https://twitter.com/ReBensk/status/1597542999960915969 axisrewardapp.co.in # Reference: https://twitter.com/ReBensk/status/1597838090235629568 digitalcardowner.in # Reference: https://twitter.com/malwrhunterteam/status/1598790278084759577 # Reference: https://www.virustotal.com/gui/file/c0241e06937ec89f5153cc3ab25190bc2867ebbeae78c4441b5ff41384d071d4/detection 91.92.120.131:4525 # Reference: https://resecurity.com/blog/article/in-the-box-mobile-malware-webinjects-marketplace ccotapun66kp4jbpzbrhxepltuzjlh2e2c26w2zgtowhguv5orxk7aqd.onion # Reference: https://twitter.com/malwrhunterteam/status/1599852746416398336 # Reference: https://twitter.com/midnight_comms/status/1600104507223916544 # Reference: https://www.virustotal.com/gui/file/0fafd3369bdcfabcf7b2da0c783d9779052083de72383a01df1a4e883de594f5/detection http://193.221.95.147 http://193.221.95.40 http://45.158.22.196 /query?type=yuantong&postid= # Reference: https://twitter.com/malwrhunterteam/status/1600619259692027904 # Reference: https://twitter.com/midnight_comms/status/1600687606920269827 # Reference: https://www.virustotal.com/gui/ip-address/185.119.57.134/relations # Reference: https://www.virustotal.com/gui/file/5c9495ed0b80277b58fa163413093c2ed3aed12f8454b2c014f3b752b641e661/detection badeskot.com kilototo.host livesms.space sermina.host # Reference: https://twitter.com/l205306/status/1600657484305555456 one-store.marketing u-pay.club # Reference: https://twitter.com/ReBensk/status/1600812171633381377 amazonmall.club # Reference: https://twitter.com/malwrhunterteam/status/1600994059287339008 # Reference: https://www.virustotal.com/gui/file/238492af934405156e9fff888213c0b769e09f4a916fe4e1666897ea12f3ed2a/detection best-cleanings.com # Reference: https://twitter.com/malwrhunterteam/status/1601141132758769664 # Reference: https://www.virustotal.com/gui/file/dae85468af435dfbe522d474465f7f5a256b6bf98bf772b87c2c7d50f83895a3/detection user-update-app-v-12.web.app # Reference: https://twitter.com/malwrhunterteam/status/1601148538913583105 # Reference: https://www.virustotal.com/gui/file/8202322d718219231fab9e847351fa6493eafe4d087edddbb6fe0abd64b54595/detection climreward.co.in # Reference: https://twitter.com/ReBensk/status/1601577314370072578 bounsofferrewards.co.in # Reference: https://www.virustotal.com/gui/file/4ff71530ae98a58461855a03414afc42d3a38b8bca0394e28847847d7e933199/detection crrewardpoint.com # Reference: https://twitter.com/ReBensk/status/1602714938035822594 # Reference: https://www.virustotal.com/gui/ip-address/68.178.148.41/relations # Reference: https://www.virustotal.com/gui/file/cf8fe2f7d6216af0b90275f6dbeeab8363dcf159d08bf430097e898e1a01cd11/detection # Reference: https://www.virustotal.com/gui/file/cfb01d73729d5f730a06d12f601dba404ff7fc62e2d1355c9cf428b80bd9f3c2/detection claimapppoint.co.in pointawailoffer.co.in # Reference: https://twitter.com/malwrhunterteam/status/1603313750995517440 # Reference: https://www.virustotal.com/gui/file/91e2dea4e470063583fac581307595fc523653272f444e5e52a291b3830ad5fc/detection rewadsgovt.in # Reference: https://twitter.com/malwrhunterteam/status/1603149420610076672 # Reference: https://www.virustotal.com/gui/file/aed5dc80a04344e0f9504317fe3681ac46cca3fc0651e57701c20eb162503f56/detection nitinbhai-testing.web.app sbl-v1.firebaseapp.com # Reference: https://twitter.com/malwrhunterteam/status/1603306358283059202 # Reference: https://twitter.com/ni_fi_70/status/1603324313758736385 # Reference: https://www.virustotal.com/gui/file/9a961af2cd63124f01e9d1a316e095c8416babdba4d7b159e3fb6c1628dc1da8/detection tech-digital.net sg1.mall-base-app.com # Reference: https://twitter.com/Artilllerie/status/1603409473225228289 # Reference: https://www.virustotal.com/gui/file/7ddb7f07349d8b7e519233f1c22c12bfddeec6afcf16c683cebc0da80897b88c/detection grabspp.online # Reference: https://twitter.com/malwrhunterteam/status/1605304582489481218 # Reference: https://www.virustotal.com/gui/file/e117bb9f52e736fffcbd42684883cb3701e03f0771b48129b1a33f6a60ffb259/detection cleanshouse.net # Reference: https://twitter.com/malwrhunterteam/status/1606406303122866176 # Reference: https://www.virustotal.com/gui/file/b1f231d1f0074b2cf6a5d04a370c4ab11610671759af81530fbfc8aab330ca98/detection macawschat.net # Reference: https://twitter.com/0xckr0/status/1607343476961693699 # Reference: https://www.virustotal.com/gui/ip-address/80.66.64.151/relations coveripotezko.com heikenmorgan.com # Reference: https://www.virustotal.com/gui/file/ebcb33e96b24baa973655e70272eaa96d36e1070221da20d64234dd1ca75e248/detection rhizocarpous-elevat.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/cbf0996af5a4a28e1cd7360c1e3e0079316009ed992a00c579359636fe70ac8d/detection # Reference: https://www.virustotal.com/gui/file/624e1630cb4d05c7ea859b0478164aa897f0ba6c80a96d26484f4be0c094a1fb/detection # Reference: https://www.virustotal.com/gui/file/4735686716224aaea522de595edecbac242c07ebd55ad570b7219b7569d8359f/detection # Reference: https://www.virustotal.com/gui/file/1bd7e5b554365d6b1bb2f53a900a03ef9964a6c3bd2483729e068b4bfb39eeb4/detection 5.239.29.232:1337 # Reference: https://blog.cyble.com/2022/12/27/new-wave-of-finacial-fraud-scammers-monitoring-social-media-complaints/ # Reference: https://otx.alienvault.com/pulse/63ac1c473364458b045732d8 # Reference: https://www.virustotal.com/gui/file/f952c05d9df163cdc96938222c197ea10c9250b3e548a880b0c52faa9c4d6e28/detection mycomplainquery.in # Reference: https://www.virustotal.com/gui/file/b38494165e9faf7ed380e669ecb30e515653048f118b5d9b27157980915d8e44/detection kjhdksakdhkshkdfhkhdskhfkhsdkhfkhdkshfhkd98327439759743975.pages.dev d0f67a5f.kjhdksakdhkshkdfhkhdskhfkhsdkhfkhdkshfhkd98327439759743975.pages.dev # Reference: https://www.virustotal.com/gui/file/39cfb6ccf72c01794d078fe27f4ddb99f4753aa8b6fa42a05df0cc0de788cbb9/detection serbestpanbizikiuchasbir.co.vu # Reference: https://twitter.com/ni_fi_70/status/1613177368901816323 # Reference: https://www.virustotal.com/gui/ip-address/68.178.145.70/relations # Reference: https://www.virustotal.com/gui/file/ce2cf2527bc797c2cbaa9b8005a315717d3883bc15c025ca68b0a129feff5a51/detection # Reference: https://www.virustotal.com/gui/file/eed90cd3499214dc62fc208aa2dbb8f1992810f2b5e863f8201574a9a5d68605/detection # Reference: https://www.virustotal.com/gui/file/ebdafdf045f1ed27801a7f444fb80c48044da7b8da876723addd9224a496ad51/detection # Reference: https://www.virustotal.com/gui/file/dc2555b64aafe6285693272b94b68eda2c5b45aabec41b9415cdd8b7f8f2e3ef/detection axisclaim.co.in axisedgepoint.com myaxispoints.com # Reference: https://www.virustotal.com/gui/file/97d9698f438dbfde0ade6c5cd8acfc8afd3506aa9c1f416a03b615395765ab85/detection 185.163.45.17:8000 # Reference: https://twitter.com/malwrhunterteam/status/1614241349171134465 # Reference: https://www.virustotal.com/gui/file/73ba13bcd8e171c7c653fbfda8f708355cba01b4701c2701b2a35f2d2486c973/detection carved-screwdrivers.000webhostapp.com icici-kyc.web.app # Reference: https://twitter.com/malwrhunterteam/status/1614248897907392515 # Reference: https://www.virustotal.com/gui/file/8b29db147b8e6e4c9206b2c44fc5d11c105a1213ac85009adf818d6321e5b9ed/detection pinkycatmall.online # Reference: https://twitter.com/malwrhunterteam/status/1614384893496274945 # Reference: https://www.virustotal.com/gui/file/64b84a63bd404e0177c1821bc92e629d31070df50b0b0fcc45ae20b2236798fb/detection # Reference: https://www.virustotal.com/gui/file/6f08ec8e147b9892a4a351a68150c37e47cdfa953647333be2fec4e6d9981f73/detection # Reference: https://www.virustotal.com/gui/file/04022ff49df57bc1f7602fbebd6f935fc31fa219b82cb909054456a7566d87b2/detection myliveservise.co.in # Reference: https://twitter.com/ReBensk/status/1614952874420887553 # Reference: https://twitter.com/JAMESWT_MHT/status/1614954104224194562 # Reference: https://www.virustotal.com/gui/file/e9b77e406a67de5ba51b12e9549899bdf11fdcb5dbf9a722e30eb2a2d0459fec/detection credrewards.in # Reference: https://twitter.com/malwrhunterteam/status/1616174221541134336 # Reference: https://www.virustotal.com/gui/file/44983dde56eb1f20459f726392535c5777f858cf6e0c7515e5f6257b43124d29/detection parkservise.co.in # Reference: https://twitter.com/ReBensk/status/1618919756756836353 # Reference: https://www.virustotal.com/gui/file/50a728cd81dbc8a0fb27d8b19ef4ec730c6e14a728f36c90ec98ef8effd9a00e/detection redeempoint.co.in # Reference: https://twitter.com/malwrhunterteam/status/1618952519409102853 # Reference: https://www.virustotal.com/gui/file/268b71cf218519ef9b6570c897a592971c7e8e33219838425fb8a44a9cc22bf4/detection iboiha.fun ww25.iboiha.fun # Reference: https://twitter.com/malwrhunterteam/status/1620926054117568512 # Reference: https://www.virustotal.com/gui/file/5c9fb34f1f12a8fe9adf1a41bde6ce35eb379a9621f35d84c41d589e78f338ee/detection sb1-kyc.web.app # Reference: https://twitter.com/ReBensk/status/1622579528571949057 claimcrediptpointred.shop # Reference: https://twitter.com/malwrhunterteam/status/1627010666023292929 # Reference: https://www.virustotal.com/gui/file/2dd36b10426a729f5ce9785d5b5bab67c4f8c054e9fc5833f6b13f4cb53e45fb/detection storeapp.co.in # Reference: https://twitter.com/malwrhunterteam/status/1627090862269419520 # Reference: https://www.virustotal.com/gui/file/c6d3cc2a9d9c5caa34c6c7f82b3ce93489d4254ae722c201cc5e041420bb592a/detection instant-e-apply-campaign-page-idf-campaign-fix.xyz # Reference: https://blog.cyble.com/2023/01/31/inthebox-web-injects-targeting-android-banking-applications-worldwide/ # Reference: https://otx.alienvault.com/pulse/63d96828750d112f619c74f6 http://194.180.174.127 http://199.192.26.165 http://85.31.46.136 # Reference: https://twitter.com/malwrhunterteam/status/1629219402280312832 # Reference: https://www.virustotal.com/gui/file/c314b21629fcfac052d5b382a34f8f917da83a904be748f0e62540b17cddcd6c/detection sbhdclaimpoint.online # Reference: https://twitter.com/malwrhunterteam/status/1629449605472550914 # Reference: https://www.virustotal.com/gui/file/b97d52639d168de02182e817091697267d000f43de10686bde7b28ee57e5cfaa/detection makelifedream.in # Reference:https://www.virustotal.com/gui/file/7753789eeda22ba67782c4f984150c2c38a191838eb4fe8e2f08daa0755740aa/detection getreward.co.in # Reference: https://twitter.com/malwrhunterteam/status/1629461441135665158 # Reference: https://www.virustotal.com/gui/file/3b23bd47f2f1b522a32f50a59f37e5fb68a67d4d5c811ae883d464649d63f73a/detection tenter.co.in # Reference: https://www.virustotal.com/gui/file/cdf7da21b7823c528e2e1b82cfcbc5e03816ff34a259b7296344dfaead80d798/detection zizi.accesscam.org /ZmdoMTE5/cnR5MTIw.php /ZmdoMTE5/enhjMTE0.php /ZmdoMTE5/ /cnR5MTIw.php /enhjMTE0.php # Reference: https://twitter.com/malwrhunterteam/status/1630689031209074697 # Reference: https://twitter.com/ReBensk/status/1633869800182284289 # Reference: https://www.virustotal.com/gui/file/0fe8c31ba136c2558b8bad93a24704b9b371ff856b3fc09dfe7114bdfd7d5761/detection s6birwc.xyz sh6bciewrd.online sh6cwerd.click # Reference: https://twitter.com/malwrhunterteam/status/1631662488600080386 # Reference: https://www.virustotal.com/gui/ip-address/5.159.49.165/relations # Reference: https://www.virustotal.com/gui/file/62b244a547ea78f57843bf358c59c7cedd3af07bb336eacecc2efdd70ed8085e/detection shamgetme.cloud shmgetr.tech shmxc.cloud xsham.cloud # Reference: https://twitter.com/malwrhunterteam/status/1616439362455236613 # Reference: https://www.virustotal.com/gui/ip-address/183.111.122.104/relations # Reference: https://www.virustotal.com/gui/file/d661c68ec155585eae77147982bb2713beeab96a594e8cc0fd5a8b91f714bf29/detection # Reference: https://www.virustotal.com/gui/file/0a5725d53ea433264a6e16213a5536a55d975c99ed3697fe52b9adc6df139462/detection amasolo.com daangnin.com darkboxshare.com love-love.cc metamosk.vip secret-chat.vip telegramiamg.com telegraming.pro unioneword.com utalk.site as.amasolo.com down.amasolo.com main.amasolo.com main.metamosk.vip # Reference: https://twitter.com/malwrhunterteam/status/1631641982136205315 # Reference: https://www.virustotal.com/gui/file/150e4fcc5214f7365a3cc81c7d14f5455ac339807351e4248dd529a2a88f5dae/detection ariayoga.cc ariayoga.online ariayoga.site cloudlbum88.com cloudlbum91.com jaiyoga.vip love-love.co preciousalbum58.com secret-chat.vip unioneword.com down.ariayoga.cc down.ariayoga.online down.cloudlbum88.com down.cloudlbum91.com down.jaiyoga.vip down.ariayoga.cc down.love-love.cc down.love-love.co down.preciousalbum58.com # Reference: https://www.virustotal.com/gui/ip-address/65.109.122.227/relations bonuscoin.in offerpointreward.in offerreddem.in pointoffer.in # Reference: https://www.virustotal.com/gui/file/5335f2839fafbc2c9efdc861dfa020876a532b66d5baed7fb69665f8075d0d01/detection 103.244.148.94:809 sadqwdasinf.info # Reference: https://twitter.com/ReBensk/status/1633872745636454401 # Reference: https://www.virustotal.com/gui/ip-address/68.178.145.187/relations doorlabel.in # Reference: https://www.virustotal.com/gui/file/7b2373c6c2ca0b57bd90170ec1d8bb0fa0ad2d8c1fc7613b58beca511f9bcf23/detection # Reference: https://www.virustotal.com/gui/file/9b46afb380119de9f2f70ddd30b58a4d82b950e8d2bb92920873d0b0920e5494/detection mylivepointservise.co.in # Reference: https://twitter.com/Gi7w0rm/status/1633899205621174273 # Reference: https://twitter.com/0x6rsk/status/1659545709077573637 # Reference: https://twitter.com/TLP_R3D/status/1659636656436125698 # Reference: https://www.virustotal.com/gui/ip-address/190.211.255.218/relations # Reference: https://www.virustotal.com/gui/file/7c1eba7f4a09b6f60ab8f883541104ca3c386a5b7e9282271eef2cf44d27dc94/detection # Reference: https://www.virustotal.com/gui/file/60af458b972d2fbd2687c053fa7e18fb32b12be6bc2cb899c9b15dc7128822ca/detection # Reference: https://www.virustotal.com/gui/file/e53b426981bbe8f19a97ba9efa4413ed8fb4f44532e4984a10007c9f204827a1/detection http://179.43.163.113 http://190.211.255.218 103.175.16.151:443 179.43.163.113:443 190.211.255.218:443 192.198.82.59:443 194.135.33.160:443 32.54.188.44:443 92.119.178.40:443 biribizidurdursunn.com biribizidurdursunn1.com biribizidurdursunn2.com slmmistosi.com slmmistosi2.com yamacbank22.xyz youtubeadvan3242.xyz youtubeadvanced.pro /YTFlMzViNjNiNWM3/OTI0NGRhMTFlMDNk/index.php /YTFlMzViNjNiNWM3/OTI0NGRhMTFlMDNk/ /OTI0NGRhMTFlMDNk/index.php /OTI0NGRhMTFlMDNk/ /YTFlMzViNjNiNWM3/ # Reference: https://twitter.com/malwrhunterteam/status/1634688954061541378 # Reference: https://www.virustotal.com/gui/ip-address/144.217.191.38/relations # Reference: https://www.virustotal.com/gui/file/ba41a9469e7057170456f1e4c4c3dcd99b9f33d6e52dd8c9202987cd44d75f7b/detection # Reference: https://www.virustotal.com/gui/file/824fdcb6753c6f6bbd79e83361b08afc8d587253a95708f844b625f0721afbc0/detection bmiat.website ceham.uno edsim.fun ersdin.host frest.host fsdhem.fun idolatn.uno indilt.host jnshm.fun milat.fun msdhen.fun msdin.uno sabtnam.host samen.uno sbtnam.uno sedhin.fun seham.host seirn.uno truwalt.com your-app.xyz myremote.oghabhost.xyz # Reference: https://twitter.com/ReBensk/status/1635695388802920464 hdfc-point.web.app # Reference: https://twitter.com/HaoZhixiang/status/1635937304970706948 # Reference: https://www.virustotal.com/gui/ip-address/43.154.91.41/relations # Reference: https://www.virustotal.com/gui/file/4c9b6c5c65eff41d99911dffb8f65730e4bf954ff162e9840d3cac7fe1fc9340/detection a2qw.sbs a3qw.sbs ak8a.sbs d3qw.sbs e2qw.sbs ed8a.sbs gn8a.sbs i2qw.sbs i3qw.sbs iq8a.sbs kr8a.sbs mt8a.sbs ns8a.sbs o2qw.sbs o3qw.sbs p2qw.sbs p3qw.sbs q2qw.sbs qa2qw.sbs qs3qw.sbs qw1qw.sbs r2qw.sbs s3qw.sbs t2qw.sbs u2qw.sbs u3qw.sbs w2qw.sbs wa1qw.sbs wo1qw.sbs wp1qw.sbs ws1qw.sbs y2qw.sbs # Reference: https://www.virustotal.com/gui/ip-address/43.154.239.105/relations dhrg.sbs erwtg.click euiop.click ewfsv.click fjez.sbs grbsc.click hbswz.click hrffc.click mkjh.sbs nhge.sbs nhgtr.sbs qadvz.click rgms.sbs sdbw.sbs vhgrdw.click wefcn.click yits.sbs yjhrv.click # Reference: https://twitter.com/0x6rsk/status/1636322983542128641 # Reference: https://www.virustotal.com/gui/file/4469ea6689654fe0388191097d3938a832abfa597c8195966320dab9e0d77a7b/detection pointapp.co.in # Reference: https://research.checkpoint.com/2023/south-korean-android-banking-menace-fakecalls/ # Reference: https://otx.alienvault.com/pulse/641215d6755811b251dcdfc4 http://154.197.48.125 http://154.197.48.195 http://154.197.48.212 http://154.197.48.72 http://154.197.48.93 http://154.23.182.63 http://154.38.113.162 http://156.245.12.211 http://156.245.21.38 http://182.16.42.18 http://206.119.82.78 154.197.48.125:10102 154.197.48.195:10102 154.197.48.212:10102 154.197.48.72:10102 154.197.48.93:10102 154.23.182.63:10102 154.38.113.162:10102 156.245.12.211:10102 156.245.21.38:10102 182.16.42.18:10102 206.119.82.78:10102 154.197.48.125:5055 154.197.48.195:5055 154.197.48.212:5055 154.197.48.72:5055 154.197.48.93:5055 154.23.182.63:5055 154.38.113.162:5055 156.245.12.211:5055 156.245.21.38:5055 182.16.42.18:5055 206.119.82.78:5055 daebak222.com/huhu/admin.txt data.go.kr/data/15063815/fileData.do # Reference: https://www.virustotal.com/gui/file/c132022787142928233780c5c6023a8e87d7efbefb5dd53b442274ed23ee05ce/detection 5.255.105.30:9462 # Reference: https://twitter.com/malwrhunterteam/status/1637225888323346432 # Reference: https://www.virustotal.com/gui/file/7b8c3c58acfbaab01328843e066e1992faab4ff91deba1165d2f86d6cf247d53/detection # Reference: https://www.virustotal.com/gui/file/b54da7ff382d62b252efe4ccf4b17f6ab9e859b1e98e01c0aa3bfa0e123c5144/detection http://107.174.45.116 mp7.sytes.net msr.servehttp.com # Reference: https://www.virustotal.com/gui/file/d55a7c565a8b96f809ee6967837c67f7dc708d79a9bd5c1ebdf287bdaf24e62e/detection tygaa.in # Reference: https://www.virustotal.com/gui/file/2d966ab7b50695be6046da0c6817881eaeb16e589b49dc115ec212f221e698d7/detection prepagos-cancelar-app.com # Reference: https://twitter.com/0x6rsk/status/1640632227863179269 zektarmunoza.shop # Reference: https://twitter.com/0x6rsk/status/1642985469251297280 # Reference: https://twitter.com/Gi7w0rm/status/1643274917310513155 # Reference: https://www.virustotal.com/gui/ip-address/5.178.2.174/relations # Reference: https://www.virustotal.com/gui/file/8fe86e178198c7e5ab8d1eaf4e77772688c37960ddad4d64174c90ae7ced8d28/detection gahvaperos.shop # Reference: https://twitter.com/ReBensk/status/1644260955633721344 cashhicash.in # Reference: https://twitter.com/ReBensk/status/1644217334725320709 # Reference: https://www.virustotal.com/gui/ip-address/47.242.229.139/relations a-telegram.com androd-telegram.com androd-telegram.online androd-telegram.xyz android-telegram.online android-telegram.xyz apk-telegram.com apk-telegram.online apk-telegram.org apk-telegram.xyz apk-ws.com app000.org app005.org app006.org app007.org app008.org app009.org appc-telegram.com ch-telegram.org china-telegram.online china-telegram.site china-telegram.xyz chinese-telegram.org google-telegram.org hk-telegram.cc hk-telegram.cn hk-telegram.top hk-telegram.xyz hongkong-telegram.com hongkong-telegram.online hongkong-telegram.org hongkong-telegram.site hongkong-telegram.xyz iphone-telegram.com m-telegram.cc mac-telegram.org message-telegram.org pro-telegram.xyz telegfcom.org telegram-888.xyz telegram-a.org telegram-androd.cc telegram-androd.com telegram-androd.org telegram-apks.org telegram-apks.xyz telegram-c.org telegram-china.app telegram-china.co telegram-china.me telegram-china.online telegram-china.site telegram-china.xyz telegram-e.cc telegram-hk.app telegram-hk.cc telegram-hk.net telegram-hk.top telegram-hongkong.app telegram-hongkong.cc telegram-hongkong.co telegram-hongkong.me telegram-hongkong.net telegram-hongkong.xyz telegram-mac.org telegram-me.cc telegram-message.org telegram-n.cc telegram-o.cc telegram-philippines.com telegram-pro.xyz telegram-tw.xyz telegram-v.org telegran.bike telegran.bz telegran.cam telegran.la telegran.lat telegran.sc telegran.srl telegran.vc telegran.ws tw-telegram.xyz voice-telegram.org wed-telegram.org # Reference: https://twitter.com/malwrhunterteam/status/1644827139466752001 # Reference: https://www.virustotal.com/gui/file/a0bcbaffead02d494fda2b786dd2921db8db0b02d904b85244e26791a4c72a1d/detection lifesgood.online # Reference: https://twitter.com/parate_rupali/status/1645407589545693189 # Reference: https://twitter.com/AuCyble/status/1646489771752009728 # Reference: https://blog.cyble.com/2023/04/13/chameleon-a-new-android-malware-spotted-in-the-wild/ # Reference: https://www.virustotal.com/gui/file/153410238d01773e5c705c6d18955793bd61cb2e82c5c7656e74563bb43b3ffa/detection 146.70.41.143:7242 # Reference: https://www.virustotal.com/gui/file/58b7fcee85412190251c7ccecd7ff82f0c219d139debb1830b9f70d6a400858a/detection # Reference: https://www.virustotal.com/gui/file/67e1212329e9300b6a3aef4a2d8ba968c4219ed929d3060bf8a21a94a01287fb/detection # Reference: https://www.virustotal.com/gui/file/f6b75cfa07448c9c0e83bd725e079aeb1d01a825e37bd5339d6060501e8f16e2/detection safakeamanan.com ek.safakeamanan.com ud.safakeamanan.com # Reference: https://twitter.com/malwrhunterteam/status/1646507066369134598 # Reference: https://www.virustotal.com/gui/file/a548748ec7428a687b59b39c5c9280454201733a5c093f9b6df85602b2195500/detection jio-mart-sales.in # Reference: https://twitter.com/ReBensk/status/1650901080140656641 # Reference: https://www.virustotal.com/gui/ip-address/23.154.80.191/relations # Reference: https://www.virustotal.com/gui/file/eaeb252cc13cfa8eb46304475ad37c59ba2151111946216312e142164af0d128/detection # Reference: https://www.virustotal.com/gui/file/bfd947fe576cbf5dc1cbb79fb4aab0794fe232ac57239bcb0d9360473916b76b/detection # Reference: https://www.virustotal.com/gui/file/4799fbae3ebb105db12ae167f6328d32a8ed6e1abd2f9a23e5b654484c6421a9/detection bbstofaroly.xyz bbstofaronly.xyz bbstofarunly.xyz bbtofrunly.xyz fbstofaronly.xyz ree-wardbbesofars.xyz thenjjshop.in mail.bbstofaroly.xyz mail.bbstofaronly.xyz mail.bbstofarunly.xyz mail.bbtofrunly.xyz mail.fbstofaronly.xyz mail.ree-wardbbesofars.xyz mail.thenjjshop.in # Reference: https://twitter.com/malwrhunterteam/status/1646516940691890176 # Reference: https://www.virustotal.com/gui/file/49647896946c9336fe3bf55ef935cd2ded832cf0874830306c4e5130767ec498/detection cashbyreward.in # Reference: https://n0psn0ps.github.io/2023/03/02/android-malware-analysis-series-ato.apk-part-3.1/ # Reference: https://n0psn0ps.github.io/2023/03/02/android-malware-analysis-series-ato.apk-part-3.2/ # Reference: https://www.virustotal.com/gui/file/55884b3b0018b42e500c8ca427d8ae3b3174d9efca5aa57b34eb9202cb84913a/detection http://146.70.88.44 146.70.88.44:5678 # Reference: https://twitter.com/malwrhunterteam/status/1648077108676112386 # Reference: https://www.virustotal.com/gui/file/9fe4728c2741e48b14f123c2bacc8465e279368ff0df1e8b0f045ff501b816cd/detection target-globalshop.com # Reference: https://twitter.com/malwrhunterteam/status/1648314930850832384 # Reference: https://twitter.com/noexceptcpp/status/1652821481481465863 # Reference: https://www.virustotal.com/gui/file/14da4a46ea086e1a5074cbc695b7dbdc6604c13e23c8fe7d258faddec608184b/detection caixadasorte.link fortunacaixa.com admin.fortunacaixa.com caixar.oss-us-east-1.aliyuncs.com ek.fortunacaixa.com lol.caixadasorte.link who.caixadasorte.link ws.caixadasorte.link # Reference: https://twitter.com/0x6rsk/status/1653413362720559105 # Reference: https://www.virustotal.com/gui/ip-address/45.143.136.125/relations # Reference: https://www.virustotal.com/gui/file/26f4bce37f3215fb70697c91529943ab18d2e1fcc2f879ccd9d04a209ffe6aab/detection axperomo.shop # Reference: https://twitter.com/malwrhunterteam/status/1654248866177503232 # Reference: https://www.virustotal.com/gui/file/07504d45cffd78f6037718361bc50ec2591eabb9749c88ef645088a3ebaa4501/detection telegram-zh.org.cn # Reference: https://twitter.com/malwrhunterteam/status/1654970357533532161 # Reference: https://www.virustotal.com/gui/file/d7a8d786d320c17d56161b4a2cb7af9ed7b1e72abc64f1b439b29e96a7b11a92/detection icici-offer.site # Reference: https://www.virustotal.com/gui/ip-address/68.178.149.21/relations # Reference: https://www.virustotal.com/gui/file/a1347a29dd82666ea2735d99983ab3179ee761394232befc18ff5c201ee80e93/detection # Reference: https://www.virustotal.com/gui/file/97f74263178161d4f5ea61f701ff17adc8da58e3a6e4b643aef48b18f2dec496/detection # Reference: https://www.virustotal.com/gui/file/40926349628bc42867e9f32fdf0121d7948de424be526c4167362bda0870bc29/detection # Reference: https://www.virustotal.com/gui/file/2194b74e591b80b665e3f20a008c762a97258704eed59a8800a109d48bd51a16/detection # Reference: https://www.virustotal.com/gui/file/036cbabb35319e904a7290ca563b31d9bf6f6dda48193aa39085fbb0bc250faa/detection axispointclaim.co.in bigbazarmart.in deltaverify.co.in payphonnow.in px.payphonnow.in /verify/bibbazar # Reference: https://twitter.com/malwrhunterteam/status/1660736877664653328 # Reference: https://www.virustotal.com/gui/file/aac2f99af5bf5e21a7ae136718a256ba40916b07da0406454746b9e3e487fec6/detection 104.21.6.118:2053 104.21.6.118:2083 172.67.134.210:2053 172.67.134.210:2083 laborer-posted.nl # Reference: https://twitter.com/malwrhunterteam/status/1661081398327820290 # Reference: https://twitter.com/malwrhunterteam/status/1661079860238794758 # Reference: https://www.virustotal.com/gui/file/185204c45bfe4f90ae29e79d98d0a6afa2f0f0a76448b72a21801585e2e7e552/detection # Reference: https://www.virustotal.com/gui/file/61c41393f9a73367207c564a07f6faff9b88f99782473f4f3293eaaa8caea438/detection angelitaful.com dating-talk.com onenumsource.com princetalk.co princetalk.me princetalk.pro princetalk.xyz theprincetalk.com # Reference: https://www.virustotal.com/gui/file/8ed1e4c424f34b6af89962f1048b2dd8ddf5d22040d3dac28344eb3e981a2623/detection # Reference: https://www.virustotal.com/gui/file/cdfbc1ce2af7e335a23e9132558e944f56c43c62296a080c4dc5a4b69059adfc/detection # Reference: https://www.virustotal.com/gui/file/f82f485662497222df3784f99462ceacac8545b5f78d2ff6389c943da9af349f/detection 156.251.24.194:5521 156.251.24.194:7098 # Reference: https://twitter.com/ReBensk/status/1667388141236285441 # Reference: https://www.virustotal.com/gui/file/35e70ad12f9c549aaf661f61b60ce68700ef4205a0116441cf720c8ca0edccd9/detection amexindia.host # Reference: https://twitter.com/malwrhunterteam/status/1667249881696686094 # Reference: https://www.virustotal.com/gui/file/d7f0c77cc027bceee3c2c53d35370e2b035f58eefbe95941fdd2c3cd1b8bd214/detection aircondservicemy.com # Reference: https://www.virustotal.com/gui/file/9c046cbf4c023ca81e02a804cc9a7615b9c52e58f0d7e7d43a3cbba7fb801493/detection user-app.xyz # Reference: https://twitter.com/malwrhunterteam/status/1668350004350574606 # Reference: https://twitter.com/noexceptcpp/status/1668360185876819970 # Reference: https://www.virustotal.com/gui/ip-address/122.128.107.243/relations # Reference: https://www.virustotal.com/gui/file/ad6f8ec6aa7f8b5b16816f075b77769aa7e7699d18e4f573850f23c3606ab7cf/detection http://122.128.107.243 downloadnaver.online navor.tech shopnaver.online # Reference: https://www.virustotal.com/gui/file/3f28111049a876533a0f5f00a72ca3beadfc641b97f3db682127546fac89fc22/detection http://185.45.192.58 # Reference: https://twitter.com/0x6rsk/status/1673338228512833536 # Reference: https://www.virustotal.com/gui/ip-address/81.19.135.239/relations # Reference: https://www.virustotal.com/gui/file/4defa1f795d69d38168bffecbc19f571c61a095862713fd91cb646f344ef53c0/detection twelveelevensoup.at # Reference: https://twitter.com/ReBensk/status/1677266775183101952 makepoint.in # Reference: https://www.virustotal.com/gui/file/ad4cdeca5e669d83e89f785f0e10d0de8ad6409412c43984c484e56b6a5d114c/detection http://5.252.176.205 5.252.176.205:8000 # Reference: https://blog.cyble.com/2023/07/10/the-turkish-government-masqueraded-site-distributing-android-rat/ # Reference: https://www.virustotal.com/gui/file/414ea005199ba221c0048a4a7c544ae3e0891c9fe1634bbfc0cd6f3938b5f029/detection # Reference: https://www.virustotal.com/gui/file/68035c06c9ee1076a40d270029522dd21136e5c4bbec534768d2296af2212062/detection # Reference: https://www.virustotal.com/gui/file/68b56ef06b2c9403ade11bebef939fa4e754f44647cd2e313355568f87739942/detection a2a2a2a.life scanyalx.online # Reference: https://twitter.com/malwrhunterteam/status/1678869616192307200 # Reference: https://www.virustotal.com/gui/file/49a91f482893aa45b6f119e66c7150aec81624ddab45fa7a1d18eb0b3861c5c7/detection jio-mart.online # Reference: https://twitter.com/0x6rss/status/1677385997984894976 # Reference: https://www.virustotal.com/gui/ip-address/80.66.64.23/relations # Reference: https://www.virustotal.com/gui/file/e8f0e535d89dd62514947b8bc50bef37636fae9dfd34290075755fab7cceebc2/detection babypetstore.shop bicyleinworld.shop bookandstorer.shop hammora.shop juarezcompany.shop yusracompany.shop yusrajuarezcompany.shop emv1.yusrajuarezcompany.shop # Reference: https://www.virustotal.com/gui/file/ddd68bcc86c504405b883279c339baa659b35d4d4f75bf89d25d891e9b04b1ad/detection g4ctsneogzmf7ndrxzld8gfewebq20ef2e.org smsreciver.g4ctsneogzmf7ndrxzld8gfewebq20ef2e.org # Reference: https://twitter.com/malwrhunterteam/status/1680106945464741888 # Reference: https://www.virustotal.com/gui/ip-address/89.117.157.164/relations # Reference: https://www.virustotal.com/gui/file/f389b3b74fa249ef70f3ff934c6cb7286bd7bede8ebed30e868f99e920277ec8/detection # Reference: https://www.virustotal.com/gui/file/a0c839b834671048f0f9115689262dd71991d2d157fbd97e8aa64ecacd6e2dfd/detection # Reference: https://www.virustotal.com/gui/file/d92b075f8101f309c70bb33f5c95e2f065ddafdd2912f1b0ac399a56c4419584/detection # Reference: https://www.virustotal.com/gui/file/13b13c8c6acc47b6d15359058303dd28b9234b6b2a7e71134cd4e5a1e253e264/detection alleso.online danonymous.net ax.danonymous.net # Reference: https://twitter.com/ReBensk/status/1683011402129129472 # Reference: https://www.virustotal.com/gui/file/2729f26e4c807f9e50b357442bb647a0750a051b88d0e4eeb7c1383579e87129/detection bananasplit.shop api.bananasplit.shop # Reference: https://twitter.com/saridzawa2/status/1683054194595430403 casanossolar.shop api.casanossolar.shop apks.casanossolar.shop klremota.casanossolar.shop # Reference: https://twitter.com/malwrhunterteam/status/1683844371878215680 # Reference: https://twitter.com/ni_fi_70/status/1684084270376030209 # Reference: https://www.virustotal.com/gui/file/a8f5530a0030b5860cd5644277fa383890cc014d124af251a6d6feec6152b129/detection four-theta.vercel.app prestashop-136764-0.cloudclusters.net # Reference: https://twitter.com/malwrhunterteam/status/1684573424793026562 # Reference: https://www.virustotal.com/gui/file/5aa2d9d64c93f3617bff0a6e5cc4eee94e7d2e0fd487c2a87effaa02fa147a8a/detection # Reference: https://www.virustotal.com/gui/file/8fb0e47a66b1345ff8fa9e4de6c6c2f37acb3f08f522f86fd1c1c571a796cbee/detection amhd2.live hd123.shop # Reference: https://twitter.com/malwrhunterteam/status/1685918864889044992 # Reference: https://www.virustotal.com/gui/file/78717e9d1c49462417cf30ecc030e88a7f25159655666cf9d5dcaaf0f9844af1/detection rewaa3.online # Reference: https://twitter.com/malwrhunterteam/status/1685924846402703361 # Reference: https://www.virustotal.com/gui/file/77c281a288f741be5297f647653b26f180943c70a1415c54bc292397e71ca710/detection citirewadshelps.trusting-swirles.139-59-37-223.plesk.page # Reference: https://twitter.com/malwrhunterteam/status/1686368225356050432 # Reference: https://www.virustotal.com/gui/ip-address/8.217.194.149/relations # Reference: https://www.virustotal.com/gui/file/d2e17b9ac466e56943f361e7d58b4deee189b7beb183ace0c5de169116b698ce/detection ap-telegram.com ap-telegram.org apk808.org google-telegram.com ios-telegram.com macao-telegram.org mbhapk4.org mbhapk5.org mbhapk6.org mbhapk7.org mbhapk8.org singapore-telegram.org taiwan-telegram.org telegram-ios.com telegram-ios.org telegram-iphone.com telegram-iphone.org # Reference: https://twitter.com/malwrhunterteam/status/1686369182781476864 # Reference: https://www.virustotal.com/gui/file/8690ee7578af76e67db31637de88426bf64abe06ecebe38048b3f949ea8806a5/detection telegream1.oss-cn-hongkong.aliyuncs.com # Reference: https://twitter.com/malwrhunterteam/status/1686372147370016768 # Reference: https://www.virustotal.com/gui/file/0b60cd1e3a9c9057e39cd9b893bf6acabfc8c02255d9486248cb8c966f6ee363/detection creditcardhelpdesk.in digikyc-b8fb6-default-rtdb.firebaseio.com # Reference: https://twitter.com/malwrhunterteam/status/1686374818353164288 # Reference: https://www.virustotal.com/gui/file/2e1d57328f060abc897351f79b84436cbcb7385cec06402788bbdc20262e986d/detection bghyj.oss-ap-southeast-1.aliyuncs.com # Reference: https://twitter.com/malwrhunterteam/status/1687039200627953664 # Reference: https://www.virustotal.com/gui/file/a76ff3d76016647ea04a10c69dea04bcfff5b20d87ff3d097d49e1103729bc53/detection telegramorgandroid91.oss-cn-hongkong.aliyuncs.com # Reference: https://twitter.com/malwrhunterteam/status/1687194772803600384 # Reference: https://www.virustotal.com/gui/file/8f5031a81ef12895d8f87029384fea49c84bcca38d8a476677e73d2a87db9101/detection love-to-shopping.com bb-adm.love-to-shopping.com bb-api.love-to-shopping.com # Reference: https://www.virustotal.com/gui/file/be8c9b283138b31de27b7f4457d1e92d13282c293f365f9dde6a1cb1ab492341/detection bhola-88930-default-rtdb.firebaseio.com # Reference: https://twitter.com/malwrhunterteam/status/1687451367680380928 # Reference: https://www.virustotal.com/gui/ip-address/154.41.253.213/relations # Reference: https://www.virustotal.com/gui/ip-address/216.10.242.37/relations # Reference: https://www.virustotal.com/gui/ip-address/68.178.172.157/relations # Reference: https://www.virustotal.com/gui/file/37f5e8f38df386c701279082022eef82440ccdd249f8102cbb87877bae98d0a0/detection # Reference: https://www.virustotal.com/gui/file/10f627e886dbe37b7c1bbd08c1f3c498f7e3a92dc2c3ef28a8085d341966e85e/detection # Reference: https://www.virustotal.com/gui/file/68627e916bf63fe2c8215ab1f4b634f50bf074ec99fae0f8cefb6fd62a6db562/detection # Reference: https://www.virustotal.com/gui/file/9a46976998e50b8ea4b04738f45f9c633fdc67ce8295d0852a2cd9c03449ade9/detection limits-increase.in aubank.limits-increase.in axisbank.limits-increase.in bank.limits-increase.in indus.limits-increase.in me.limits-increase.in sbi.limits-increase.in test.limits-increase.in # Reference: https://twitter.com/malwrhunterteam/status/1687460916613332993 # Reference: https://www.virustotal.com/gui/file/f8dd8f8059251cce725f6e8b8c73986d5a375efdf9162bf511c0a4b14062492e/detection promobuys.online # Reference: https://twitter.com/malwrhunterteam/status/1687482431496945664 # Reference: https://www.virustotal.com/gui/file/964edd1e0baf0c9a2ad5c32a4a758127447c42436198bc4128acd15ff5682964/detection nubankseg.d2bol9qnkv5wor.amplifyapp.com # Reference: https://twitter.com/malwrhunterteam/status/1687850256992534528 # Reference: https://www.virustotal.com/gui/file/e940e20e3c13a4b8ab3b2cedf43df82ca0c86cbf3477d534cf3e3d3901cd8f6c/detection mrhola.000webhostapp.com # Reference: https://twitter.com/0xduzgun/status/1689004855812395008 rapson.shop # Reference: https://twitter.com/malwrhunterteam/status/1689939273141690368 # Reference: https://www.virustotal.com/gui/file/8d492ac234ee9efe18fc2ee67d689591ac73b813e6cc307d559c9d6ba852b9ef/detection nucredito.onrender.com # Reference: https://twitter.com/malwrhunterteam/status/1690107100599328769 # Reference: https://www.virustotal.com/gui/ip-address/187.17.111.96/relations # Reference: https://www.virustotal.com/gui/file/f044490a6911efcdd4b89fb98dbe2d0aa0bbf923adce1783f07a86fa764c34b9/detection 1frutoproibido.site anilitas-fans.website daraacessorios.online droidup.online muupvp.online nelcont.online unicocadastro2022.site apwe.droidup.online blwe.droidup.online enwe.droidup.online pagwe.droidup.online # Reference: https://www.virustotal.com/gui/file/dc8bf20b5e999fdd0dc6c9d9bd0538797a6d0fbb5e0d92884f2eef7a8bcca11a/detection companynum.com # Reference: https://twitter.com/malwrhunterteam/status/1685238160102498304 # Reference: https://www.virustotal.com/gui/file/c29b6330b2af515f4d5b8026b44cab28537ccf3e1378def5aa1547eaf2c3d5e9/detection guard-payments.club onlyfans.guard-payments.club # Reference: https://twitter.com/malwrhunterteam/status/1691916456504770962 # Reference: https://www.virustotal.com/gui/file/a8c0df9563d945f286f7a5e73ec5a134362a28b6abe9400b2589b7eef91726cf/detection postegro-lili.site # Reference: https://www.virustotal.com/gui/file/7f0166dff1fb881a08311d252526609a2daf5b20dd0184d0ac06e2d7f4564125/detection 94.130.181.168:4002 # Reference: https://twitter.com/malwrhunterteam/status/1692899086725169451 # Reference: https://www.virustotal.com/gui/file/2f357150f68cfd87ea7185a3e5ee1f86c45faaaa3011e54d1a7047d5febb717f/detection rt-internet-dogovor.ru # Reference: https://twitter.com/blackorbird/status/1695018425280876563 # Reference: https://mp.weixin.qq.com/s/-7VwCv4EQg4ofYcoEyBkUQ cbrewards.click cbrewards.site citialerts.in esewa.me # Reference: https://twitter.com/malwrhunterteam/status/1695023425343901982 # Reference: https://www.virustotal.com/gui/file/892bcb25b4f9e43b484cece18ec9c5def2e15dd44a37fc5a149f4261ae40dc90/detection fotogarafa.cc # Reference: https://twitter.com/malwrhunterteam/status/1695024827898232842 # Reference: https://www.virustotal.com/gui/file/ef312b7cafaff0e28b3f2a94622fe9d777ebed9ae836404fb5ad93d950c4a1e5/detection trhaberler.website # Reference: https://twitter.com/malwrhunterteam/status/1774176087766958095 # Reference: https://www.virustotal.com/gui/ip-address/192.210.229.35/relations # Reference: https://www.virustotal.com/gui/file/60f9e6e38f7bf0ba269ed5a1f60df20a0025b490bf5f4aed124bcb36cefb109c/detection # Reference: https://www.virustotal.com/gui/file/23be7abd489ea00b39163874f2dae64dd244bcb868048c2d9c562f6c591254c9/detection # Reference: https://www.virustotal.com/gui/file/f07d0ef70c69e8c98f5013defd0b715e2e78725b2bf31b34cb67d36fe2b87bab/detection http://192.210.229.35 http://192.3.124.14 gia.redirectme.net gia.redirectme.net hc.bounceme.net p8.viewdns.net rm.servehttp.com # Reference: https://twitter.com/malwrhunterteam/status/1696848342066561075 # Reference: https://twitter.com/sysk1ll3r/status/1697001237365858535 # Reference: https://www.virustotal.com/gui/file/9ecf4a5c625e40d2cb9023b2b68d608392b0d104cef78c65d8e8d7bb5b6d3590/detection http://62.4.23.119 kekotel.me cloudflare.kekotel.me # Reference: https://twitter.com/malwrhunterteam/status/1697562199793840450 # Reference: https://www.virustotal.com/gui/file/a8f821c1acf4d397fe754ac7754bd8bb473d17925479f40ae66439895b53faad/detection offervirtualoffer.com # Reference: https://twitter.com/malwrhunterteam/status/1699397700028944592 # Reference: https://www.virustotal.com/gui/file/9469b4883753c67169b6e5001f79431a7cff2da4ddd0ffeabd47b98f24cfc466/detection # Reference: https://www.virustotal.com/gui/file/3a4cebc190df8b4717f844032272e9b6f4f3f09978b57d4d5cd1b66adea48e52/detection mycomplaintservice.com # Reference: https://twitter.com/0x6rss/status/1699559023719121383 # Reference: https://www.virustotal.com/gui/ip-address/135.181.66.173/relations # Reference: https://www.virustotal.com/gui/file/7e8f6ea8bdd5f76ee429a10a0a3bda9b032d4e13f9de90d9e897f13655c8ba68/detection corgyun.xyz corgyunoo.xyz corgyunqa.xyz corgyunqp.xyz corgyunqpa.xyz app-3.corgyun.xyz app-4.corgyun.xyz # Reference: https://twitter.com/malwrhunterteam/status/1701341015792103563 # Reference: https://www.virustotal.com/gui/file/c9843c0df07829e52ad96b3d46e4807e93120864835b4329cd646ff39a8d645a/detection bonus.loclx.io # Reference: https://twitter.com/malwrhunterteam/status/1704863501661950307 # Reference: https://www.virustotal.com/gui/file/81a52ba9e932ea4f565795bca4ca4eed6b60b507b89607365f91a1432902304e/detection threebro.vercel.app # Reference: https://www.virustotal.com/gui/file/0a21aa80d5c6764f09bf64f561157ab1fbbfd895db3dda2b44f2f93eb9794569/detection http://81.161.229.185 # Reference: https://twitter.com/malwrhunterteam/status/1717109124033364274 # Reference: https://www.virustotal.com/gui/file/e6bccc592619b835e1c538506dfb115191068dec8b3b552f31f15ccb2ef24b88/detection # Reference: https://www.virustotal.com/gui/file/5f380b99283b802861c44f197fbfc19afa41c26082a7e4bfe043372f1d49a539/detection # Reference: https://www.virustotal.com/gui/file/4fabd84cd6947b7270b10cadbc32752b62b32421f0a02eb8fac48f9be23b1bfb/detection # Reference: https://www.virustotal.com/gui/file/06e8cb799d1a763bbab9a1949eb02de33a0a0dc195fa282dc876380780ee0761/behavior 89.23.101.40:3000 89.23.101.40:3030 89.23.101.40:3033 tashkent.top # Reference: https://falconfeeds.io/blog/post/trojan-malwares-are-targeting-major-indian-banking-system-661496 applicationkyc.pages.dev bonusofferrewards.co.in calm-fjord-69600.herokuapp.com calm-garden-42338.herokuapp.com cardupdatation.in cardupdate.in eranwithpoint.xyz iciciirewards.online kyc-update-app.web.app onsubveaits.in please-visitnow-immediately.com pointcash.xyz publicationofindia.top sbi-kyc-app.web.app sbi-kyc-apps-v-23.web.app sbi-kyc-points.firebaseapp.com sbi-kyc-update-immediately.firebaseapp.com sbi-kyc-update-immediately.web.app sbi-users-kyc-1.web.app sbi-users-kyc-app.web.app server455ic.herokuapp.com server5478c.herokuapp.com sheltered-dawn-11337.herokuapp.com # Reference: https://www.virustotal.com/gui/file/a0a6048885a2b9461706b3456b17544d72ef9256fd81a0074ce10baffdad6c24/detection tsprx.in # Reference: https://www.virustotal.com/gui/file/6388977e534023952fb1c62c410ce06430457f6387981938ef1086eb13b69045/detection kaskotak.com els.kaskotak.com # Reference: https://twitter.com/malwrhunterteam/status/1713143122425790600 # Reference: https://www.virustotal.com/gui/file/06371a72e7752d74614cc3377ff0f3ea664abedf0ce8c2ab5a5ff7caf9d8dea6/detection demiurgic-burglary.000webhostapp.com # Reference: https://twitter.com/ReBensk/status/1714326881548247113 # Reference: https://twitter.com/malwrhunterteam/status/1715722319220416715 hdfcoffers.loclx.io # Reference: https://twitter.com/cyber__sloth/status/1714012963512684942 # Reference: https://twitter.com/cyber__sloth/status/1714013588266836154 owncloud-150509-0.cloudclusters.net owncloud-150476-0.cloudclusters.net owncloud-148461-0.cloudclusters.net roundcube-149741-0.cloudclusters.net # Reference: https://twitter.com/malwrhunterteam/status/1714359879811436979 # Reference: https://www.virustotal.com/gui/ip-address/68.178.170.93/relations # Reference: https://www.virustotal.com/gui/file/a861d7018b9d033be25daab8c85a5143799e3e503a7418a00f7261b569622df3/detection downloadapplication.in auapply.downloadapplication.in aunewcard.downloadapplication.in dash.limits-increase.in rblbank.limits-increase.in rbl-limitis-increase.downloadapplication.in # Reference: https://www.virustotal.com/gui/file/3e32b559c4e38ca15aa4da54e716494e714edd61b2da3ae9b5e3ed0b8ceab25e/detection # Reference: https://www.virustotal.com/gui/file/e200a10f8e56425800da2a0ce7a0f0d3bb1ffc05f9baf85f70889e8d9d37d7a3/detection blinkitdisconts.online adm.blinkitdisconts.online # Reference: https://twitter.com/malwrhunterteam/status/1714357338004410653 # Reference: https://www.virustotal.com/gui/file/a08fad8718aaf601d9c1a9dea53f0abcfd2c4fa77577318f8274d7a98951e86c/detection hdrewd2.com # Reference: https://twitter.com/malwrhunterteam/status/1714738792794320958 # Reference: https://www.virustotal.com/gui/file/04ea6f85ee304acdf3527f67a0fe97262fa64da9bf3354957658cf4b94fa1a44/detection iciccard1-default-rtdb.firebaseio.com # Reference: https://twitter.com/malwrhunterteam/status/1715782473991266760 # Reference: https://www.virustotal.com/gui/file/d989220cfbcd5cb9cedfcfc86c58eeda8c6a5c4f2b15b94b3371c5f88090a4e3/detection edigitalkyc-default-rtdb.firebaseio.com # Reference: https://news.drweb.com/show/?i=14755&lng=en&c=5 # Reference: https://otx.alienvault.com/pulse/651c3d1b75ef4b67af8fd142 nakopi-deneg.ru # Reference: https://twitter.com/malwrhunterteam/status/1718357976124182819 # Reference: https://www.virustotal.com/gui/ip-address/195.123.224.81/relations # Reference: https://www.virustotal.com/gui/ip-address/64.227.112.222/relations # Reference: https://www.virustotal.com/gui/file/2647b709153fb6135d84fdbade7fd3632cbd3d00f7d7be9e3fbdb1d205efb5e3/detection # Reference: https://www.virustotal.com/gui/file/066dfefd13a1836fa79f7583f34c2920174881ef0e72256ccf212976e5184a45/detection apinetcom.com comnetorginfo.com addtr.online adserver.com.tr adserver.mobi adwork.mobi adzone.info adzone.mobi apkwiki.com bvbv.online emlak.mobi indir.pw indir.website onlin-e.online plaaystore.com pubclick.online # Reference: https://twitter.com/malwrhunterteam/status/1720198826315632794 # Reference: https://www.virustotal.com/gui/file/d83c1fc936e610713d075fcc99e180253104742ae33a1d74773e9a66706de86d/detection mysupportcenter.in # Reference: https://twitter.com/malwrhunterteam/status/1727978516140986874 # Reference: https://www.virustotal.com/gui/file/4ad7a133c66062ce7dd01773096416b8adf2d6b166f7d2453df363b6ff7df169/detection # Reference: https://www.virustotal.com/gui/file/85ab8094adda266f88910aeb268e5c404863865cea9b02f4701a3497f536b6fd/detection # Reference: https://www.virustotal.com/gui/file/8675e3122324799de7eeecbb45fbc9f267abd002d4358ae6e183128bad93a19e/detection # Reference: https://www.virustotal.com/gui/file/f53ab5c47c55401f368e246e6ccbb4da21be69e3b6d3c8e84eb5bc1fceaf7418/detection onlyfans-guard.com # Reference: https://twitter.com/malwrhunterteam/status/1727780029776404716 # Reference: https://www.virustotal.com/gui/file/1c80567efb0b4ad10c97247862dd32fc8abc9cbb04f7e1e9c6624745d99dbd8c/detection http://89.23.98.16 89.23.98.16:443 # Reference: https://twitter.com/malwrhunterteam/status/1728414391781970258 # Reference: https://www.virustotal.com/gui/file/0b57fb48e0eaec91b2b2a5beb594c7812ffdbdad6e6e7b721873c15ff66986f4/detection iiicccc4rd-default-rtdb.firebaseio.com # Reference: https://twitter.com/Merlax_/status/1730551063302832561 playstoreapp.fun # Reference: https://www.virustotal.com/gui/file/3ed434e0899548b83fbc098fcd66eed34ec95dbfe9c2b6c9f64d6e09a6c650d4/detection 103.231.91.29:2255 # Reference: https://twitter.com/malwrhunterteam/status/1734598915364671947 # Reference: https://www.virustotal.com/gui/file/f5ac83c730de63a09738f02a8480c5b36f48637f1b11eb1e5c50dd4c59fc105a/detection jailirtib.org # Reference: https://www.virustotal.com/gui/file/39ad5623d984c532464fbc84ccca1fc16089ce08a5084beaaeee55bae46e84f1/detection http://27.102.134.69 103.57.111.11:4141 # Reference: https://www.virustotal.com/gui/file/1797fbe6494e3f2522f6063f8583c4e981f896b891a4cc13eccdd6896891a0bc/detection http://203.189.237.226 # Reference: https://www.threatfabric.com/blogs/android-banking-trojan-chameleon-is-back-in-action # Reference: https://www.virustotal.com/gui/file/b7567acfb4f845e12622f0c7979b6e7c7d7d77f340cfd46cdb75f57955ef7424/detection # Reference: https://www.virustotal.com/gui/file/3d50d6cd8d0b99197c4512244d4b5eb4b3e4c43ce1c08d78402cdf51f70c8946/detection # Reference: https://www.virustotal.com/gui/file/2b0a4c17dec75503cdf190c02f68acebc45e890f4163e7a47fd194a8dbc75d9a/detection # Reference: https://www.virustotal.com/gui/file/1b72da2cc6dfbd3360322fb265ea69b0716b679a13ef3d769b35a5dff628835d/detection # Reference: https://www.virustotal.com/gui/file/0a6ffd4163cd96d7d262be5ae7fa5cfc3affbea822d122c0803379d78431e5f6/detection 158.160.59.53:45349 158.160.59.53:555 fastmainlines.co.in /api/v1/bots/ffffffff-ba67-c5ba-0000-0000158ff472/ # Reference: https://twitter.com/banthisguy9349/status/1740365532300194203 # Reference: https://twitter.com/banthisguy9349/status/1740365796998840758 # Reference: https://twitter.com/TeamDreier/status/1740512558367531078 # Reference: https://www.virustotal.com/gui/file/01312f211e4b19abd2aa28def5eb9fc4acb3f3c845dffdc05f2a221872c2efdf/detection # Reference: https://www.virustotal.com/gui/file/21f8b2797da05c82ee91f2f3c26c98ee7b2dcfa851108333ff48599050bcbb0c/detection https://91.92.243.55 http://91.92.249.28 91.92.243.55:443 91.92.249.28:443 # Reference: https://twitter.com/banthisguy9349/status/1740369512409767980 http://91.92.243.45 91.92.243.45:443 b8nkz.cc bankzz74fa7laaosnkmbnuotp7hmrwvtvqsh227ftthfnyrv2mnmfxqd.onion # Reference: https://twitter.com/malwrhunterteam/status/1744391455462785347 # Reference: https://twitter.com/noexceptcpp/status/1744427289155129827 # Reference: https://www.virustotal.com/gui/file/c5be8731b02d7b7a398a9ed4223419260ab7e54b7028e3dbf063f0b58f102c61/detection grobrothers.org pingsafe.org s.grobrothers.org s.pingsafe.org # Reference: https://twitter.com/malwrhunterteam/status/1746815735416934593 # Reference: https://twitter.com/midnight_comms/status/1747017584816353392 # Reference: https://www.virustotal.com/gui/file/f10a25ac6e4ffe2a65efc46d0e65d8d8fa50bd645ba73dd9908f41d0ef2779d2/detection zugzwangwork9.aeza.network # Generic /get_sms?money= /hdfc-offer/app/ /hdfc-offer/apps/ /nhcapital9/ /nhcaptn9/ /ubsrgk18/ /kbsbk24/ /nhbank6/ /nhcap6/ /servicest/sms2wx/ /servicest/sms2wx/Sms2WXService /servicest/sms2wx/uploadMobileInfo /contact.php?result=ok&action=get&androidid= /contact.php?result=ok&action=download&androidid= /contact.php?result=ok&action=upload&androidid= /sms.php?result=ok&action=get&androidid= /sms.php?result=ok&action=download&androidid= /sms.php?result=ok&action=upload&androidid= # APK /Госуслуги.apk /1SexChat.apk /2040TL.apk /4Android-System_obscure_super_super_encrypt2_flow signed.apk /4.5GLte%20CV3.4%20signed.apk /5G.apk /8.8.8.8.apk /Actualizar.apk /Actualizar-5G.apk /Adobe-Pdf.apk /Adobe_Flash_2020v21113.apk /Adobe_Flash_2020v21711.apk /aggiornaBNL.apk /Amazon%20Mall.apk /AmazonMall.apk /American%20Express.apk /and22roidupdatefoora677lversionssystemapkforllalversioonsgog34ogleupdatev9.apk /AndroidUpdate_m4xz3mncgwn5fe6fivlp1x0yuojo6dn9gry8zg1c.apk /ANZ_Protection_v2.apk /appsicurezza.apk /AssistenzaAvanzata.apk /Assistenzaclienti.apk /Avito.apk /AvitoMoney.apk /axiscard.apk /axisreward.apk /axis_reward_point.apk /Axis-Bank.apk /axis-points.apk /axisbank.apk /AxisBank.v.2.6.05.apk /ax_customer_point_0.0.1.apk /axPoint_customer.apk /BanCa26.apk /BanCa28.apk /bancasicura.apk /BancaSicuraAPK.apk /bancoestadoseguridad.apk /BANCOESTADO-57044.apk /bankguard.apk /bankiasegura-1_enStr.apk /bankkart.apk /BankoKupon_build_obf.apk /Barcelo%20Contrataciones.apk /BBVA.apk /bbva-gdt.apk /BBVA-Protect.apk /BBVA%20Recibos.apk /BBVA%20Update.apk /BBVALock.apk /BBVAESP78324.apk /BBVAPAGOS-26687.apk /BBVASecurity.apk /bbva-gdt.apk /BigBazar.apk /BILDIRIM.apk /BIGBAZAR%20MART.apk /bigbazarmart.apk /bigbazarmartoffer.apk /bigbazarmarttoday%20dealbigbsbi.apk /Bitbank.apk /blinefm.apk /BNLBancaSicura.apk /bnlsicura.apk /bnlsicura2.apk /BPMToken.apk /Captchator.apk /CaixaBank%20Seguridad_obf.apk /CaixaSignApp.apk /Card%20Support.apk /ccbbank.apk /ChatSexvokrug.apk /CheBancaToken.apk /cloakerfast.apk /complain-register.apk /complain-support.apk /Copia%20de%20Milanuncios.apk /Coreeos4.5.10.apk /Coreeos4.5.3.apk /Correos244.apk /Correos968.apk /Correos2.17.15.apk /Correos2.24.11.apk /Correos2.24.12.apk /Correos2.24.13.apk /Correos2.24.14.apk /Correos2.24.15.apk /Correos2.24.9.apk /Correos4.26.2.apk /Correos455.apk /Correos700.apk /Correos831.apk /Coustmer_Sopport_Service.apk /crackturkey.apk /customer_axis.apk /customer_hd.apk /Customer%20Support.apk /CWB-4523576.PDF.apk /cyber1212.apk /icbcbank.apk /DHL.apk /digikyc.apk /e-digital-kyc.apk /EarnMoney_wa_3011.apk /EBA.apk /ebasistem.apk /entel4GLTE.apk /ESBBVA9208.apk /eugene.apk /FiltroAntiSPAM.apk /flashplayer_update_23.4.2.apk /flashplayer_update11_5_1.apk /FLPlayer.apk /GAnalytics.apk /GanhaCaixa.apk /GanhaCaixa2.apk /GoogleUpdate.apk /grabmaid.apk /facebook_version.0348.5345.3423.apk /familycleans4u.apk /hadibakalm.apk /halkkampanya.apk /hamrahpro.apk /hana.apk /hatatatat.apk /HayatEveSigar.apk /hdfc.apk /HDFC_Credit_Card.apk /HDFC%20Bank.apk /hdfc%20reward.apk /HDFC%20Redeem%20Points.apk /hdfc-card-app.apk /hdfc-offer.apk /hdfc-offers.apk /hdfc-offer-app.apk /hdfc-points.apk /HDFC-Rewards.apk /HdfcBank.apk /iAssist.apk /ICICI%20Bank%20Credit%20Card.apk /lClCl-BANK.apk /lClCl-BANK-2.apk /ICICI-KYC.apk /ICICI_Cradit_Card.apk /ICICI_Offers.apk /icici-points.apk /Icici_rewards.apk /icici%20reward.apk /ICICIBANK.apk /IMTBANK.apk /indus-offer.apk /IndusInd.apk /Instagram_shared_2020v27904.apk /Intesasanpaolo.apk /IntesaSanpaolo-Aggiornamento.apk /IOSICURO.apk /kakaobank.apk /KasperskyAntivirus.apk /KBANK.apk /KBbank.apk /KBank3.0.apk /KBS2.0.apk /koreabam.apk /Kurulum.apk /KYC.apk /Liberomail.apk /lotte.apk /maidacall.apk /messaggi.apk /mgbank.apk /MicrosoftWord.apk /Modulo-NU.apk /Modulonubank.apk /mymaid_beta_v7.0.5.2.apk /nhbank.apk /nhc2.0.apk /ok.apk /OKmall.apk /One-Store-Today.apk /onlyfansAnitta.apk /OnlyFansV57RU.apk /parler_update.apk /PaySend.apk /play%20protect.apk /polarisbank.apk /Post%20AG.apk /Postbank.apk /Postesicure.apk /Promobuys.apk /Protezione-Cliente.apk /Prototipo_Segurança.apk /Purolator.apk /Rastreador.apk /rblcard.apk /Redeem.apk /Reklam_engelleyici.apk /Reward%20Points.apk /royalfashion.apk /ruralvia-seguridad.apk /S.B.I.-KYC.apk /sadsadfasf.apk /safe.apk /sal1000tl.apk /Santander_Certificado.apk /santander_seguridad.apk /sasala.apk /SBI.apk /sbibank.apk /SbiCard.apk /SBI_Complaint.apk /sbi-kyc.apk /sbi-kyc-xyv3.apk /SBI-Rewards.apk /SBI-Rewardz.apk /SBI-Reward-Point.apk /scoins.apk /secretalbum.apk /secureapp.apk /selcuknotenc_flow_anti.apk /shinvest2.0.apk /shsaving2.0.apk /sicurezza.apk /sicurezzabanca.apk /SicurezzaInBank.apk /sicurezzaweb.apk /sincronizador.apk /Sparkasse_Chrome_AntiVirus.apk /tejarat.apk /tiktok.apk /TradingView_obf.apk /TRENDYOL.apk /TURK-IFSA-VIDEOLARI.apk /ucretsizizle.apk /Update11.7.apk /UpdateFlashPlayer_0g1t15jph0s85djlqye0msgvj22uw4jzleef6860.apk /UpdateGoogleMarket_bbakwsw9zvyipi9uj7zkmsipch0umpetepv66hfj.apk /UpdateWhatsApp_cka9bubxmlrkvhzy2msu5o8tjwh7db34p8va9voo.apk /UPS101.apk /UPS449.apk /vatandaso.apk /versionnew.apk /VisaSecure.apk /vizualizarpedido30543.apk /vn84app.apk /wooribank.apk /Wooriib2.0.apk /YZXL_14557.apk /YZXL_14558.apk /YZXL_14559.apk /YZXL_14560.apk /YZXL_14561.apk /YZXL_14562.apk /YZXL_14563.apk /YZXL_14564.apk /YZXL_14565.apk /YZXL_14566.apk /YZXL_14567.apk /YZXL_14568.apk /YZXL_14569.apk /YZXL_14570.apk /YZXL_14571.apk /YZXL_14572.apk /YZXL_14573.apk /YZXL_14574.apk /YZXL_14575.apk /YZXL_14576.apk /YZXL_14577.apk /YZXL_14578.apk /YZXL_14579.apk /YZXL_14580.apk /YZXL_14581.apk /YZXL_14582.apk /YZXL_14583.apk /YZXL_14584.apk /YZXL_14585.apk /YZXL_14586.apk /YZXL_14587.apk /YZXL_14588.apk /YZXL_14589.apk /YZXL_14590.apk /YZXL_14591.apk /YZXL_14592.apk /YZXL_14621.apk /YZXL_14622.apk /YZXL_14623.apk /YZXL_14624.apk /YZXL_14625.apk /YZXL_14661.apk /YZXL_14662.apk /YZXL_14663.apk /YZXL_14669.apk /YZXL_14670.apk /YZXL_14671.apk /YZXL_14672.apk /YZXL_14673.apk /YZXL_14674.apk /YZXL_14675.apk /YZXL_14676.apk /YZXL_14677.apk /YZXL_14678.apk /YZXL_14679.apk /YZXL_14680.apk /YZXL_14681.apk /YZXL_14682.apk /YZXL_14683.apk /YZXL_14689.apk /YZXL_14690.apk /YZXL_14691.apk /YZXL_14692.apk /YZXL_14693.apk /YZXL_14694.apk /YZXL_14695.apk /YZXL_14696.apk /YZXL_14697.apk /YZXL_14698.apk /YZXL_14709.apk /YZXL_14710.apk /YZXL_14711.apk /YZXL_14712.apk /YZXL_14713.apk /YZXL_14715.apk /YZXL_14716.apk /YZXL_14717.apk /YZXL_14718.apk /YZXL_14719.apk /YZXL_14720.apk /YZXL_14721.apk /YZXL_14722.apk /YZXL_14723.apk /YZXL_14724.apk /YZXL_14725.apk /YZXL_14726.apk /YZXL_14727.apk /YZXL_14728.apk /YZXL_14729.apk /YZXL_14730.apk /YZXL_14731.apk /YZXL_14732.apk /YZXL_14733.apk /YZXL_14734.apk /YZXL_14735.apk /YZXL_14736.apk /YZXL_14737.apk /YZXL_14738.apk /YZXL_14739.apk /YZXL_14740.apk /YZXL_14741.apk /YZXL_14742.apk /YZXL_14743.apk /YZXL_14744.apk /YZXL_14752.apk /YZXL_14753.apk /YZXL_14754.apk /YZXL_14755.apk /YZXL_14756.apk /YZXL_14757.apk /YZXL_14758.apk /YZXL_14759.apk /YZXL_14760.apk /YZXL_14761.apk /YZXL_14785.apk /YZXL_14786.apk /YZXL_14787.apk /YZXL_14788.apk /YZXL_14789.apk /YZXL_14790.apk /YZXL_14791.apk /YZXL_14792.apk /YZXL_14793.apk /YZXL_14794.apk /YZXL_14795.apk /YZXL_14796.apk /YZXL_14797.apk /YZXL_14798.apk /YZXL_14799.apk /YZXL_14800.apk /YZXL_14801.apk /YZXL_14802.apk /YZXL_14803.apk /YZXL_14804.apk /YZXL_14805.apk /YZXL_14806.apk /YZXL_14807.apk /YZXL_14808.apk /YZXL_14809.apk /YZXL_14811.apk /YZXL_14812.apk /YZXL_14813.apk /YZXL_14814.apk /YZXL_14815.apk /YZXL_14816.apk /YZXL_14817.apk /YZXL_14818.apk /YZXL_14819.apk /YZXL_14820.apk /YZXL_14821.apk /YZXL_14822.apk /YZXL_14855.apk /YZXL_14856.apk /YZXL_14857.apk /YZXL_14858.apk /YZXL_14859.apk /YZXL_14873.apk /YZXL_14874.apk /YZXL_14875.apk /YZXL_14876.apk /YZXL_14877.apk /YZXL_14878.apk /YZXL_14879.apk /YZXL_14880.apk /YZXL_14881.apk /YZXL_14882.apk /YZXL_14883.apk /YZXL_14884.apk /YZXL_14885.apk /YZXL_14886.apk /YZXL_14887.apk /YZXL_14888.apk /YZXL_14910.apk /YZXL_14911.apk /YZXL_14912.apk /YZXL_14913.apk /YZXL_14914.apk /YZXL_14915.apk /YZXL_14916.apk /YZXL_14917.apk /YZXL_14918.apk /YZXL_14919.apk /YZXL_14920.apk /YZXL_14921.apk /YZXL_14922.apk /YZXL_14923.apk /YZXL_14924.apk /YZXL_14925.apk /YZXL_14926.apk /YZXL_14927.apk /YZXL_14928.apk /YZXL_14929.apk /YZXL_15028.apk /YZXL_15029.apk /YZXL_15030.apk /YZXL_15031.apk /YZXL_15032.apk /YZXL_15033.apk /YZXL_15065.apk /YZXL_15066.apk /YZXL_15067.apk /YZXL_15068.apk /YZXL_15069.apk /YZXL_15070.apk /YZXL_15071.apk /YZXL_15072.apk /YZXL_15075.apk /YZXL_15076.apk /YZXL_15077.apk /YZXL_15078.apk /YZXL_15079.apk /YZXL_15080.apk /YZXL_15082.apk /YZXL_15083.apk /YZXL_15084.apk /YZXL_15085.apk /YZXL_15086.apk /YZXL_15105.apk /YZXL_15106.apk /YZXL_15107.apk /YZXL_15108.apk /YZXL_15109.apk /YZXL_15110.apk /YZXL_15111.apk /YZXL_15112.apk /YZXL_15113.apk /YZXL_15114.apk /YZXL_15480.apk /YZXL_15481.apk /YZXL_15482.apk /YZXL_15483.apk /YZXL_15484.apk /YZXL_15485.apk /YZXL_15486.apk /YZXL_15487.apk /YZXL_15488.apk /YZXL_15489.apk /YZXL_15490.apk /YZXL_15491.apk /YZXL_15492.apk /YZXL_15493.apk /YZXL_15494.apk /YZXL_15495.apk /YZXL_15496.apk /YZXL_15497.apk /YZXL_15498.apk /YZXL_15499.apk /YZXL_15518.apk /YZXL_15519.apk /YZXL_15520.apk /YZXL_15521.apk /YZXL_15522.apk /YZXL_15523.apk /YZXL_15524.apk /YZXL_15525.apk /YZXL_15526.apk /YZXL_15527.apk /YZXL_15528.apk /YZXL_15529.apk /YZXL_15530.apk /YZXL_15531.apk /YZXL_15532.apk /YZXL_15533.apk /YZXL_15534.apk /YZXL_15535.apk /YZXL_15536.apk /YZXL_15537.apk /YZXL_15863.apk /YZXL_15864.apk /YZXL_15865.apk /YZXL_15866.apk /YZXL_15867.apk /YZXL_15868.apk /YZXL_15869.apk /YZXL_15870.apk /YZXL_15871.apk /YZXL_15872.apk /YZXL_15873.apk /YZXL_15874.apk /YZXL_15875.apk /YZXL_15876.apk /YZXL_15877.apk /YZXL_15899.apk /YZXL_15900.apk /YZXL_15901.apk /YZXL_15902.apk /YZXL_15903.apk /YZXL_15904.apk /YZXL_15905.apk /YZXL_15906.apk /YZXL_15907.apk /YZXL_15908.apk /YZXL_15909.apk /YZXL_15910.apk /YZXL_15911.apk /YZXL_15912.apk /YZXL_15913.apk /YZXL_15914.apk /YZXL_15915.apk /YZXL_15916.apk /YZXL_15917.apk /YZXL_15918.apk /YZXL_15949.apk /YZXL_15950.apk /YZXL_15958.apk /YZXL_15959.apk /YZXL_15960.apk /YZXL_15961.apk /YZXL_15962.apk /YZXL_15963.apk /YZXL_15964.apk /YZXL_15965.apk /YZXL_15966.apk /YZXL_15967.apk /YZXL_15968.apk /YZXL_15969.apk /YZXL_15970.apk /YZXL_16069.apk /YZXL_16070.apk /YZXL_16071.apk /YZXL_16072.apk /YZXL_16073.apk /YZXL_16074.apk /YZXL_16075.apk /YZXL_16076.apk /YZXL_16077.apk /YZXL_16078.apk /YZXL_16171.apk /YZXL_16172.apk /YZXL_16173.apk /YZXL_16174.apk /YZXL_16175.apk /YZXL_16178.apk /YZXL_16179.apk /YZXL_16180.apk /YZXL_16181.apk /YZXL_16182.apk /YZXL_16183.apk /YZXL_16184.apk /YZXL_16185.apk /YZXL_16186.apk /YZXL_16187.apk /YZXL_16188.apk /YZXL_16189.apk /YZXL_16190.apk /YZXL_16193.apk /YZXL_16232.apk /YZXL_16233.apk /YZXL_16234.apk /YZXL_16235.apk /YZXL_16236.apk /YZXL_16237.apk /YZXL_16238.apk /YZXL_16239.apk /YZXL_16240.apk /YZXL_16241.apk /YZXL_16358.apk /YZXL_16359.apk /YZXL_16360.apk /YZXL_16361.apk /YZXL_16362.apk /YZXL_16363.apk /YZXL_16364.apk /YZXL_16365.apk /YZXL_16366.apk /YZXL_16367.apk /YZXL_16368.apk /YZXL_16369.apk /YZXL_16370.apk /YZXL_16371.apk /YZXL_16372.apk /YZXL_16373.apk /YZXL_16374.apk /YZXL_16375.apk /YZXL_16376.apk /YZXL_16377.apk /YZXL_16378.apk /YZXL_16379.apk /YZXL_16380.apk /YZXL_16381.apk /YZXL_16382.apk /YZXL_16383.apk /YZXL_16384.apk /YZXL_16385.apk /YZXL_16386.apk /YZXL_16387.apk /YZXL_16388.apk /YZXL_16389.apk /YZXL_16390.apk /YZXL_16391.apk /YZXL_16392.apk /YZXL_16393.apk /YZXL_16394.apk /YZXL_16395.apk /YZXL_16396.apk /YZXL_16397.apk /YZXL_16398.apk /YZXL_16399.apk /YZXL_16400.apk /YZXL_16401.apk /YZXL_16402.apk /YZXL_16403.apk /YZXL_16404.apk /YZXL_16405.apk /YZXL_16406.apk /YZXL_16407.apk /YZXL_16423.apk /YZXL_16424.apk /YZXL_16425.apk /YZXL_16426.apk /YZXL_16427.apk /YZXL_16428.apk /YZXL_16429.apk /YZXL_16430.apk /YZXL_16431.apk /YZXL_16432.apk /YZXL_16433.apk /YZXL_16434.apk /YZXL_16435.apk /YZXL_16436.apk /YZXL_16437.apk /YZXL_16438.apk /YZXL_16439.apk /YZXL_16440.apk /YZXL_16441.apk /YZXL_16457.apk /YZXL_16458.apk /YZXL_16459.apk /YZXL_16460.apk /YZXL_16461.apk /YZXL_16462.apk /YZXL_16463.apk /YZXL_16464.apk /YZXL_16465.apk /YZXL_16466.apk /YZXL_16467.apk /YZXL_16468.apk /YZXL_16469.apk /YZXL_16470.apk /YZXL_16471.apk /YZXL_16488.apk /YZXL_16489.apk /YZXL_16490.apk /YZXL_16491.apk /YZXL_16492.apk /YZXL_16493.apk /YZXL_16494.apk /YZXL_16495.apk /YZXL_16496.apk /YZXL_16497.apk /YZXL_16498.apk /YZXL_16499.apk /YZXL_16500.apk /YZXL_16501.apk /YZXL_16502.apk /ZorunluAndoridGuncellemesi.apk # Reference: https://twitter.com/MrCl0wnLab/status/1745243191815635274 app-codigo-bbva.com # Reference: https://twitter.com/luc4m/status/1745475786948145380 app-nuova.com completar-aqui.com descarga-aqui.com descargar-nueva-app.com formulario-personal.com nuova-app-token.com # Reference: https://twitter.com/malwrhunterteam/status/1746830258693710202 # Reference: https://twitter.com/midnight_comms/status/1747012719339778217 # Reference: https://www.virustotal.com/gui/file/c5e3ece0126eff00c3179d7d4376dd76af666e2dcbfd10bd0684dd2d0b7deba6/detection maaaarts.in # Reference: https://twitter.com/malwrhunterteam/status/1747651173534884268 # Reference: https://www.virustotal.com/gui/file/7b9723b877ab4070813979700c53ffb174985f48e70dfc406ee19ff6281d294f/detection # Reference: https://www.virustotal.com/gui/file/da5bd7e2726405722f95dea19049fedaea4cb9b4d95f877167ecfea08aa4eb78/detection # Reference: https://www.virustotal.com/gui/file/d8c8273f5bf44bb6325984c1d8b43914270efecca2ad2f2fb0fabec136656458/detection # Reference: https://www.virustotal.com/gui/file/6d87f74477b91cc12998819e7191f064cbe9edbee76bcd90f0f92772fac471c4/detection yadongrec.com broler.shop api.broler.shop # Reference: https://unit42.paloaltonetworks.com/malicious-apks-steal-pii-from-chinese-users/ # Reference: https://www.virustotal.com/gui/file/2cf117abf5ced6d37e98068d1961b85f400ecede4c11ebd69cc5cc9629aaaacd/detection # Reference: https://www.virustotal.com/gui/file/6e43d2d4f14b26a75b9094eb1bd509b0f63e069a3c97867bfb0ac6c2a154dcd6/detection # Reference: https://www.virustotal.com/gui/file/0243e5090590c89af6b7534de5d7ef711ca0d1f7a587170a493ceada7b54522b/detection http://13.250.172.152 http://18.143.192.34 http://18.166.72.58 http://52.221.181.208 # Reference: https://twitter.com/h_krobot/status/1749447223631290527 # Reference: https://www.virustotal.com/gui/file/d852f48e1c8a37d11f9dfb90f339316a5a3fa012bf152db43de1e81b45a69ba7/detection # Reference: https://www.virustotal.com/gui/file/bcae6ea26fe1dd1fa5652e05c1b888186307ad277ce238a255908061b837a484/detection # Reference: https://www.virustotal.com/gui/file/8bbb6cd5277177beb86b037ef77d6fcbae4a51a19668063d4d1b40ce2453dad3/detection # Reference: https://www.virustotal.com/gui/file/7ffbc88e97be67214ad17325142ceb54823a5bdcebdbd4e4c9d0c65b3f0a1813/detection # Reference: https://www.virustotal.com/gui/file/4b43f7145eebe4c07d208911b9d74c7c996a5037a04d52e4c38a80c2456d1187/detection # Reference: https://www.virustotal.com/gui/file/22988cbb286f387036ced6fca6bb72b9f5e326706ad99065bc04bb8cb5dc4a12/detection # Reference: https://www.virustotal.com/gui/file/22046aaef8a6439d1f5f2980b4d6282e7b69e98c95a0f52010d8953f0cb5e736/detection 176.124.32.39:51033 176.124.32.39:51144 176.124.32.39:52997 /injectionsupload/zipped/ # Reference: https://twitter.com/malwrhunterteam/status/1750590052001026402 # Reference: https://twitter.com/midnight_comms/status/1750858457618497877 # Reference: https://www.virustotal.com/gui/file/86774e6b5f6e155c98231010a1a93fbc9d9a629a3e7dbfbd62db3e898c9a33b0/detection # Reference: https://www.virustotal.com/gui/file/dd70fd67cc25ba05eeefeb56a6f684d7f07c6b7c593e4224e4af26cd3d464c8f/detection # Reference: https://www.virustotal.com/gui/file/dac8801640f21930748fab5f7b05ada2185c1f12cc813e59e0c028090746beed/detection # Reference: https://www.virustotal.com/gui/file/15ed388cd62291d1740742f49157a40f8d8ed97532fa280f078aaae94779ca3b/detection # Reference: https://www.virustotal.com/gui/file/bced48f492f1c9c38fbb81fde264e12585ea0bf5b4a986c6beaa59af3f7d19d9/detection 149.13.5.167:8080 185.255.95.13:25432 212.224.93.193:8080 95.217.157.143:25432 # Reference: https://www.virustotal.com/gui/file/2158d691fc832d2a101e263a22893ea0836d12cf2d5f9ff3a31f765cbdeb5cd8/detection 141.255.144.136:1177 141.255.144.194:1177 141.255.145.162:1177 141.255.147.235:1177 barkabarkabarka.ddns.net # Reference: https://www.virustotal.com/gui/file/121e4e25911f4744fd079c15f46213561c75f62a6ee9a3e213e6c04449f88996/detection 141.255.144.84:1337 # Reference: https://www.virustotal.com/gui/file/14c67f723b36c724a79b7ef657a74fe8aec20bbce3c06779fde11006dcb9165f/detection # Reference: https://www.virustotal.com/gui/file/2b3462925a9cf377b7af08fd6155dd1d2dfe94fd3614c22acf7b33ef293406fd/detection 141.255.144.195:4434 141.255.144.219:4434 141.255.144.84:4434 141.255.147.51:4434 217.20.209.16:4434 a7laax0.hopto.org # Reference: https://www.virustotal.com/gui/file/f55a5adc413407f486d17a2d09d53dbc8fadeb7eb9d32ab0b50aaaecbf680a0d/detection # Reference: https://www.virustotal.com/gui/file/d8711d26c3e4069328f13f93303d925d1dda2a80b56bed73615424fca83ec8b5/detection # Reference: https://www.virustotal.com/gui/file/cc9ba13a425a187d522c881a3d9648fff6ecff269d499d19960f8abcfb3321b0/detection # Reference: https://www.virustotal.com/gui/file/9315c1581dd74aee6a4f9ee944f4ba0ee083e61c33b601a41a6ab2876e949f53/detection # Reference: https://www.virustotal.com/gui/file/5ee1448c14686743dc501a0c5c14edc95a1d9e9fa9cded549e5845d85e6cd305/detection # Reference: https://www.virustotal.com/gui/file/533bdda8eccdeb4f1434e3bd816a33dcdb60808c6664003b29535832f341aca9/detection # Reference: https://www.virustotal.com/gui/file/4bcc666c10c48ed2a0c227e96a49d02e760091634d3237fb4df54020b0f98abe/detection # Reference: https://www.virustotal.com/gui/file/2278fd7235bf09bf08c9a81c06076240b144875dc28f44997eb7633b687078d2/detection # Reference: https://www.virustotal.com/gui/file/0787f0df258e7111c6e0060e24d27de57ff3f59885020a5f4f56540bca084a12/detection dbdb.addea.workers.dev # Reference: https://www.virustotal.com/gui/file/0b482f807278eada7076a922a2dd8610244049e6aa31e9fdda59b8c66bf329e1/detection 79.137.205.212:8080 # Reference: https://twitter.com/malwrhunterteam/status/1752366951593021747 # Reference: https://www.virustotal.com/gui/file/ee3f7edc721a391a3dd14c72b2e8b5060261cdd5b31e87a29aed4ecf935143b2/detection # Reference: https://www.virustotal.com/gui/file/b41b0912889b4b29127623dfba72f0402bfaca40ce0aad92e0077f9034782383/detection # Reference: https://www.virustotal.com/gui/file/b217d64c0069c7c85edf120ae6b8401914ad343bfe02fd151b86208e17d84661/detection # Reference: https://www.virustotal.com/gui/file/5583543b81a796986007951bda29a2bb5593aa7dcadcc6bcca5319b9fb22d20e/detection # Reference: https://www.virustotal.com/gui/file/01d2e1a0c8091b8ec2cae47bbfefcf0bfb7264d7d3d5a95d364805a67adaf64a/detection shineinterview.online connect.shineinterview.online # Reference: https://twitter.com/malwrhunterteam/status/1753059970508063040 # Reference: https://twitter.com/noexceptcpp/status/1753099339092918552 # Reference: https://www.virustotal.com/gui/file/6b23da94dd27bb077274ffd83f2e0cbd27c2ba9e390db8b2dcb32cee0e254c61/detection filipkatrt.in billupdateff-default-rtdb.firebaseio.com # Reference: https://www.virustotal.com/gui/file/a3ed5d56be29901386547731d68d7b70fe00ffa52c4c442db8fc70725c0fa891/detection sembrano.store api.sembrano.store # Reference: https://twitter.com/malwrhunterteam/status/1752662267764600873 # Reference: https://www.virustotal.com/gui/file/ea1834a3614a871f3d071413015637b9cc246b915a2a536ebdbbdd3e692bb8b6/detection # Reference: https://www.virustotal.com/gui/file/e958a635a0e27edf2c4e1f812d2e2115525503b04391da362f2db5c28f8f1ea5/detection # Reference: https://www.virustotal.com/gui/file/d1b4b154b4975284903a0268cb04e87578828dd40e1e970791be45a701dfb6ac/detection # Reference: https://www.virustotal.com/gui/file/7fcc47b964af5bf878ad0b2661f7d1be51555decacb822595d0463f6c4a0a1bb/detection # Reference: https://www.virustotal.com/gui/file/7407554ad598e66e81b011a050e75efc5d1589252080bd70fb04d15e18732517/detection # Reference: https://www.virustotal.com/gui/file/536fa04377151c285a0ad8ecdd3565046167eca03e675c8835f3f56a62bd9c92/detection quacklypay.online urdu-jor-tor-default-rtdb.firebaseio.com # Reference: https://twitter.com/malwrhunterteam/status/1753705453505090036 # Reference: https://www.virustotal.com/gui/file/e97258fc999c3f0441fd16a0e0ddb0d04fb6d49744d6b917913bd3c9d04cc10d/detection # Reference: https://www.virustotal.com/gui/file/59b7ef53c39b1d2dff414b6a737fd1a3cff17893020f78f66d4709765376ece4/detection 156.251.25.66:5963 156.251.25.66:8873 # Reference: https://twitter.com/malwrhunterteam/status/1753750269966405670 # Reference: https://www.virustotal.com/gui/file/1320f3f84f553c78844fb07bf851cc3c626d6c7a2e5e534bc8de3de5667e5c73/detection http://109.107.182.49 # Reference: https://twitter.com/malwrhunterteam/status/1754986869241065693 # Reference: https://www.virustotal.com/gui/file/41d7aa06c21bd1b06536243666619f116747b55e978b4a0a38dd582e094a5f82/detection photos.salerozana.com # Reference: https://twitter.com/ReBensk/status/1767564399781327123 # Reference: https://www.virustotal.com/gui/ip-address/185.16.39.47/relations # Reference: https://www.virustotal.com/gui/file/65bbfa625aa4bed8889eeaebd086f0370ec48a4f8b14f6b76564d0ec6c3858fc/detection app-login.top app-open.online app-update.online black-sms.co egh-apps.site open-app.site playstore-update.info playstore-update.site # Reference: https://www.virustotal.com/gui/file/d750850dccc45ece2603bdaa29b7d385df6eaa44b7999dcc115d270ce789819a/detection 015lja.gq # Reference: https://www.virustotal.com/gui/file/d69d0a8e763a40fadc22b0e1891e9fa4e192538fedc69a9ef92e89e6c7a65126/detection robomap.ml # Reference: https://www.virustotal.com/gui/file/6cc5336ba16336d53ad36b5dbcab24fe99b43160683ebe47431616fe4a7147f0/detection http://147.45.45.83 # Reference: https://www.virustotal.com/gui/file/00e9828f3e5043f826d98ed9088d2fb681385e72712e31f68fb02eee8509dea5/detection # Reference: https://www.virustotal.com/gui/file/60bd7541256d68721e2165c0df1be03c5bdb55489e3f4a65cc1016495d9a9f07/detection diginspire.in just-stick.xyz # Reference: https://www.virustotal.com/gui/file/00608dbf2156d8d8285bf7f072c2cb28f845a51370231aa24da14bb96ff5125b/detection works.diginspire.in # Reference: https://twitter.com/malwrhunterteam/status/1770514848859787266 # Reference: https://www.virustotal.com/gui/file/d4ef7a894cab80a8c5ad08c892489a86a54cc94518bb845e235105a4787e1b8e/detection onicsimbh.com # Reference: https://twitter.com/Merlax_/status/1772815651154935896 http://5.181.156.150 5.181.156.150:443 # Reference: https://www.virustotal.com/gui/file/e5074729a121c7308e207d22083b3e6cc6871585cb6e1dcaca659607f10269b2/detection # Reference: https://www.virustotal.com/gui/file/1cba39fe25c4c16f35e3ed835bb0dc4b4429414ed4e4a0bb474f7ffa76927a40/detection onlyfans-live.online # Reference: https://www.virustotal.com/gui/file/b6cc64406310ad7b34c08f1dde36f8c456e752aab9c0697b3ab29695124152db/detection # Reference: https://www.virustotal.com/gui/file/55742d15d2e4b88f5abf5c0a223cd028cba1bceaf030caa4d8278c48b8f3a98f/detection http://185.209.28.250 185.209.28.250:443 # Reference: https://www.virustotal.com/gui/file/4fbdcceddeed4fc7ee7fbd9a27bb3fabcf066237ee3a79f9273637f1ea574a70/detection myrattest-dd4df-default-rtdb.firebaseio.com # Reference: https://www.virustotal.com/gui/file/6e4b34102b88e7e8bc677005ab63c6110b8d4fc67eff7a2ded99845a5c37b3ca/detection billnew3-ccb27-default-rtdb.firebaseio.com # Reference: https://www.virustotal.com/gui/file/1c86296c1934d8697a5c0770aef3fe391e503b9d031926fc0f19b55442b5f44a/detection server21201g.onrender.com # Reference: https://twitter.com/malwrhunterteam/status/1778364515001790818 # Reference: https://www.virustotal.com/gui/file/8e7ccb749f1e73b52c7d3ec844435b339efcf0eb0da6c40f4ef0784be57ac724/detection 5tr45ff4wg.000webhostapp.com # Reference: https://twitter.com/malwrhunterteam/status/1779805653281730608 # Reference: https://www.virustotal.com/gui/ip-address/46.175.145.67/relations # Reference: https://www.virustotal.com/gui/file/e19a7c8e4994ea4ed680136c9e3a6fff7b82c72f5743952821a446b6cb830f06/detection # Reference: https://www.virustotal.com/gui/file/ddd9e5cfa9e1ddd8d849baef2b487a1608d1695f44c70f246c101de1275887dd/detection # Reference: https://www.virustotal.com/gui/file/1d126e5904dde3b46175a4aae89eec1fb8a6b80e35b1f473878e5dd288f8aae6/detection # Reference: https://www.virustotal.com/gui/file/17a16f08108e25af1c8b058adbaca2cada6a93c2d38c9854148f9e9caac76ac3/detection # Reference: https://www.virustotal.com/gui/file/162f8c6bafe0c343c37f173344c4f6880eaec0aea7b491565db874366b161784/detection 1q2w.shop hide-me.online tbc-app.life 2f1c0b7d.tbc-app.life csob-98.1q2w.shop geo-4bfa49b2.tbc-app.life george.tbc-app.life rb-62d3a.tbc-app.life rb.2f1c0b7d.tbc-app.life rb.hide-me.online # Reference: https://twitter.com/malwrhunterteam/status/1779771892607463661 # Reference: https://www.virustotal.com/gui/file/913f63b805c087563e2c516d48f890d89570237fac9b63e55dcea1a50c312e30/detection cardmacdehsbc-apply-new-cards.online cardsmacdehsbc-apply-new-card.online