# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: coper, marcher, octo

# Reference: https://www.virustotal.com/gui/ip-address/176.119.28.74/relations
# Reference: https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html

androidpt01.asia
androidpt02.asia
barberink.biz
bizlikebiz.biz
chudresex.at
chudresex.cc
compoz.at
coupon-online.fr
cpsxz1.at
deereebee.info
dfjdgxm3753u744h.at
divingforpearls.at
dndzh457thdhjk.at
elitbizopa.info
fhfhhhrjtfg3637fgjd.at
filllfoll.biz
i-app1.online
i-app4.online
i-app5.online
inovea-engineering.com
ldfghvcxsadfgr.at
lingerieathome.eu
loupeacara.net
loupeahak.com
memosigla.su
messviiqqq.info
nowayright.biz
olimpogods.at
playgoogle.at
playsstore.mobi
playsstore.net
qqqright.info
rockybalboa.at
sarahtame.at
secure-ingdirect.top
securitybitches1.at
securitybitches3.at
soulreaver.at
ssnoways.info
storegoogle.at
sudopsuedo1.su
sudopsuedo2.su
sudopsuedo3.su
track-google.at
trackgoogle.at
weituweritoiwetzer.at
wellscoastink.biz
wqetwertwertwerxcvbxcv.at

# Reference: https://www.virustotal.com/gui/ip-address/178.132.78.152/relations
# Reference: https://www.virustotal.com/gui/file/7896c69b1cc1cb0f603242a46c65d51a512651e3b51759fb34aeb528f0236498/detection
# Reference: https://www.virustotal.com/gui/file/bcfe7d6066272faa3de00f34c7f15d6c183ed193dd5daca772ff4c97b55d64c5/detection

as44aa11.top
as55aa22.top

# Reference: https://twitter.com/malwrhunterteam/status/1504558610159919114
# Reference: https://www.virustotal.com/gui/ip-address/5.255.102.136/relations
# Reference: https://www.virustotal.com/gui/file/464a7c5c1faefaa0fd7bb11b5211a9b4996b0d8eebd2ba694a9dcca95ffabc59/detection
# Reference: https://www.virustotal.com/gui/file/ded98a60183c59d80524cdd2f104dabdab2342d90fea1abebe2bbf92a7e0f336/detection
# Reference: https://www.virustotal.com/gui/file/fca33888cae8d4e9fd4b2a4bcb80cf894786ce60dc3fd32691f80edef56e5b37/detection

fastconnectcenter.com
fastconnectcenter.hk
/875sakLglasg27pvl/

# Reference: https://threatfabric.com/blogs/octo-new-odf-banking-trojan.html
# Reference: https://www.virustotal.com/gui/file/008ffb2b49c8f7d97ad201290abd93bf3fc0d9246775cbdbf180ba910adc2fce/detection

smartcontractlicense.info
/puap9udshc2zmzjmmuzmghst/

# Reference: https://www.virustotal.com/gui/file/0613b3bf8a152356be696c7a9e66058e68dcde708f2f47241e2e538678d48f5d/detection

equisdeperson.space
personification.top
rigorichbroker.com
/MDI0ODlhNzAxYzg2/

# Reference: https://twitter.com/pmmkowalczyk/status/1493559761593380867
# Reference: https://twitter.com/pmmkowalczyk/status/1493559763266908164

auhr8h3ba.ch
hr81ha8ah.ch
hrauu3aga.ch
j3ha8h1ag.ch
uwhauaua.ch
/MWNhMjI2OTkyNjA3/

# Reference: https://www.virustotal.com/gui/ip-address/176.121.14.164/relations
# Reference: https://www.virustotal.com/gui/file/0480b9e36afe56f9554bad57e0ba65a8df65fdfb821dc69c20be85987614f3b3/detection

8ibaub3bav.com
fuaggggotc.top
guuagwuu.top
hbaruuau3h.top
hgauahhh.com
ifn1h8ag1g.com
ifua88ahahgh.com
ihfagzuuu.net
irha3wzuu.top
jgiauwggg.org
thhausgajk.com
uagggauua.com
uauzustttt.com
utabwbazuu.com
/NiYmQ5YzZlODllzzz/

# Reference: https://www.virustotal.com/gui/ip-address/185.151.147.65/relations
# Reference: https://www.virustotal.com/gui/file/02f43cf67a61bd5c42c33d5196d3962845a28e1e014f23010455e73dd4e240ab/detection

bau3baahh.com
gfhau1hacjj.com
uhnazu3au.top

# Reference: https://twitter.com/B0rys_Grishenko/status/1478341854747889664
# Reference: https://cert.pl/posts/2021/12/aktywacja-aplikacji-iko/ (Polish)
# Reference: https://www.virustotal.com/gui/ip-address/176.107.160.226/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.103.109.45/relations
# Reference: https://www.virustotal.com/gui/ip-address/92.255.110.226/relations
# Reference: https://www.virustotal.com/gui/ip-address/188.227.86.32/relations
# Reference: https://www.virustotal.com/gui/file/5a85777d094c644a962787bfa5d80b2ba47493ca7c276f7406c2b3d83feb30e6/detection

dsfiu133ds52231232fdnsjds.top
dsfiu733ds42231232fdnsjds.top
dsfiu733ds52231232fdnsjds.top
s122231232fdnsjds.top
s222231232fdnsjds.top
s22231232fdnsjds.top
s322231232fdnsjds.top
s32231232fdnsjds.top
s42231232fdnsjds.top
/PArhFzp5sG2sN/

# Reference: https://twitter.com/malwrhunterteam/status/1483173995390382085
# Reference: https://www.virustotal.com/gui/file/115b4ae0009c84c335611cfc2a2a1a06db03fc392a627988bd03592d1a154750/detection
# Reference: https://www.virustotal.com/gui/file/59527801e3cf12749e2471fef6df6693e54e74521e8175beb048eaf60ee21d2d/detection
# Reference: https://www.virustotal.com/gui/file/ecf4d571531d0647a393d5860d168f2ef5b633b70831b05e2a47694fc47bc97a/detection

checkips.xyz
checks.design
fastcheck.digital
ipmonitor.services
servercheck.online
xipxesip.club
xipxesip.design
xipxesip.digital
xipxesip.online
xipxesip.services
xipxesip.xyz
/OWU1NzkwNWVmYmRk/
/sljs1NzkwNWVmYmRsnc/

# Reference: https://www.virustotal.com/gui/file/b5ac07a4252d9c14e877d087ffb416ac8d3995dfe8bf6ea4122d19d1b749c3c3/detection
# Reference: https://www.virustotal.com/gui/file/d111d88d82bc8094283c5ef2daa2d681aef11b89a755538cd0ef1cf3c36987b5/detection

rftgyh.shop
rftgyh.store
rftgyh.xyz
qwaszx.club
qwaszx.digital
qwaszx.site
/X0SDscG9rqz68F/

# Reference: https://twitter.com/cleafylabs/status/1526859118794919936
# Reference: https://www.virustotal.com/gui/ip-address/45.147.96.90/relations
# Reference: https://www.virustotal.com/gui/file/8c5445fd569211c74eec6bad036ccd16a5cc3b4979771b041fc90a79bad6feee/detection

ddhfbhdfbsdbfsdg.top
dfdfdfdgdffjdhbf.org
sdhfsdbfbjhsdhff.com
sjsdfsddjhdjfadff.com
ssgsjhfsdfdsjhd.info
vvjfsdsdghsdghfvffdf.top
/MzYzMzJjZDI5YzYx/

# Reference: https://twitter.com/cleafylabs/status/1526866760879722496

homebyavariridgway.com

# Reference: https://www.virustotal.com/gui/file/eadd9c3e3f7a1c5e008ca157cb850aa72d283f702da2ab4daf0e4af4d926ab3e/detection

goos.pw

# Reference: https://twitter.com/f3d__/status/1537005322065391618

beautyxumeley.com
dfdfdfdgdffjdhbf.org
ssgsjhfsdfdsjhd.info
/ZTYxYWI2NWNmYTA3/

# Reference: https://tria.ge/220613-m1yrsacab9

ahnudsbba.xyz
fabh23zuba.top
fu8hhaadl.com
idai2babd1.xyz
jufhahbhazh.top

# Reference: https://tria.ge/220614-hvhq6agef5

8ibaub3bav.com
hbaruuau3h.top
ifn1h8ag1g.com
ifua88ahahgh.com
irha3wzuu.top
uhnazu3au.top
utabwbazuu.com

# Reference: https://twitter.com/_icebre4ker_/status/1541875987419365377
# Reference: https://twitter.com/ecarlesi/status/1541785629721231362

esappguide.com
forumtasking.net
/MTlkYWQwOTBkNmFi/

# Reference: https://www.virustotal.com/gui/file/e48e7c9b01b8a89b8caa6bfaf84fdf7f735d0fa0271aecc6aa7710766df9946d/detection
# Reference: https://www.virustotal.com/gui/file/423cf942b83f38244b6f74d4770056ec66e699e748d66613cd7cb0875036202a/detection
# Reference: https://www.virustotal.com/gui/file/2b3b7c6af707f69b7d3259e829b02b746a949720a3542519f9327d3b071d0cbe/detection
# Reference: https://www.virustotal.com/gui/file/1b3d36c1789c0fc70ae36d70ce8fabfdc54a09a9c5bdf900bcdebd778f7c4f14/detection
# Reference: https://www.virustotal.com/gui/file/13a284a55c6f5ad2c5212cf47510469994b8197c80b3f620f97b4fb716add1bb/detection

albiworkman7583.top
antonwright456.top
elodiecope88968.top
finndalby0.top
karenbarber56543.top
malaikaduggan890.top
miltonchambers72.top
naziawills5523.top
onurrobinson333.top
sabihaplummer80.top
sidesquivel124.top
teaganwhitaker6437.top
zayaanpaine23.top
/ODIzY2ZmOWM4MTY2/

# Reference: https://www.virustotal.com/gui/ip-address/185.238.170.201/relations
# Reference: https://www.virustotal.com/gui/file/e4252d0a21372e9d39385be7bd2fc04c77f42fc5dd803ef82340364044452266/detection
# Reference: https://www.virustotal.com/gui/file/183bd85d061fa509ff9f732dd01b358ce00297fb0ddf6d5e43ab9b4ab36bb6d5/detection

analysisdnsdata.website
checkdns.club
checkdns.design
checkdns.digital
checkdns.services
checkdns.shop
checkdnsplus.site
checkdnsplus.space
dnscheck.club
dnscheck.design
fastcheckdns.shop
fastcheckdns.xyz
/NmE0N2YwOWEzMTM3/

# Reference: https://twitter.com/malwrhunterteam/status/1611068887033909261
# Reference: https://www.virustotal.com/gui/ip-address/62.204.41.203/relations
# Reference: https://www.virustotal.com/gui/file/c11907662ce44c176f1d75646e113e89b271fb2b33cc968c8e2e7543cae82938/detection

analysisdnsdata.site
analysisdnsdata.space
bestipscanworld.xyz
bestscanipworld.xyz
bestworldipscan.xyz
checkserversippool.xyz
doublednscheck.xyz
ipbestscanworld.xyz
ipcheckserverspool.xyz
ipscanbestworld.xyz
ipscanworldbest.xyz
ipworldscanbest.xyz
plusdnscheck.site
plusdnscheck.space
plusdnscheck.website
plusdnscheck.xyz
poolcheckipservers.xyz
poollipceckservers.xyz
poolserverisippool.xyz
scanbestipworld.xyz
scanipbestworld.xyz
scanworldbestip.xyz
scanworldipbest.xyz
serverscheckippool.xyz
serversippoolcheck.xyz
serverspoolcheckip.xyz
worldipbestscan.xyz

# Reference: https://github.com/threatlabz/iocs/blob/main/android_malware/coper_iocs_20230427.txt

bestipworldscan.xyz
bestworldscanip.xyz
ipworldbestscan.xyz
scanbestworldip.xyz
worldbestipscan.xyz
worldbestscanip.xyz
worldscanbestip.xyz
worldscanipbest.xyz

# Generic

/angelkelly/
/balls51/
/CHECKPIECEUNTIL/
/CONTAINSURE/
/crystalknight/
/flexdeonblake/
/jadafire/
/MUCHTHENWERESTO/
/QUESTIONROADFAR/
/sinnamonlove/