# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://now.avg.com/pc-malware-that-silently-installs-apps-on-your-android-device

222.186.60.89:1001

# Reference: https://vms.drweb.com/virus/?i=17750684&lng=en
# Reference: https://news.drweb.com/show/?lng=en&i=13108&c=14

androidcloud.org

# Reference: https://research.checkpoint.com/preamo-a-clicker-campaign-found-on-google-play/
# Reference: https://www.virustotal.com/gui/domain/mnexuscdn.com/relations

mnexuscdn.com

# Reference: https://www.zscaler.com/blogs/research/third-party-android-store-sms-trojan

app.in-spicy.com
insidecontentsp.com
incontsmart.com
play4funclub.com
/public/notification/is-active
/app_sms_request_get_number.php
/apps/moboporn/data/device_admin.php

# Reference: https://twitter.com/051R15/status/984704059109093382
# Reference: https://www.virustotal.com/gui/file/932ad38cf5048e20641b27619b72a632b546cffb8f35515ea5200ea194b8fdb2/detection

103.249.31.87:11880
hold.jcgloball.org

# Reference: https://twitter.com/sniko_/status/1136981531870867456

cryptonator.us

# Reference: https://twitter.com/LukasStefanko/status/1136995445572550661

bibox365.us

# Reference: https://twitter.com/LukasStefanko/status/1138768486514266112

admob-games.online
admob-games.xyz
liniatech.com

# Reference: https://twitter.com/LukasStefanko/status/1139064061809893376

app.freegifts.top

# Reference: https://cerbero-blog.com/?p=1633 (# AndroRAT)
# Reference: https://www.virustotal.com/gui/file/dc9a0322ca263d733f91182f1e655a11cba28dc766031ce0665b6005900450d7/detection

shoppingapp.no-ip.biz

# Reference: https://cerbero-blog.com/?p=1633 (# OmniRAT)
# Reference: https://www.virustotal.com/gui/file/9e1bee43a501132da732d1287126632438b91a9fcbf37afda7b8597055960877/detection

strippermona2.no-ip.info

# Reference: https://twitter.com/nullcookies/status/1177342951766278144

googleplaystore.net

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2014/2014-11-26-sms-spam-with-mobile-malware/sms-spam-with-mobile-malware.csv

url7.me

# Reference: https://www.virustotal.com/gui/ip-address/185.89.102.7/relations

185.89.102.7

# Reference: https://www.virustotal.com/gui/file/7607ecae59fdb498d0e6691f0b3049eeb03cbc7c456a46e415ccfc3f672b09a4/detection

198.54.116.33:80
mobihok.net