# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://otx.alienvault.com/pulse/5c994353fba069404af574cb # Reference: https://ti.360.net/blog/articles/kbuster-fake-bank-app-in-south-korean-en/ 103.70.77.124:21823 103.70.77.125:21823 103.70.77.126:21823 112.121.167.50:21823 112.121.167.51:21823 112.121.167.53:21823 112.121.167.74:21823 112.121.167.75:21823 112.121.167.76:21823 112.121.169.2:21823 112.121.169.3:21823 112.121.169.4:21823 112.121.169.5:21823 112.121.169.6:21823 112.121.175.106:21823 112.121.175.107:21823 112.121.175.108:21823 112.121.175.109:21823 112.121.175.110:21823 112.121.176.162:21823 112.121.176.163:21823 112.121.176.164:21823 112.121.176.165:21823 112.121.176.166:21823 148.66.16.74:21823 148.66.16.75:21823 148.66.16.76:21823 148.66.16.77:21823 148.66.16.78:21823 148.66.18.58:21823 148.66.18.59:21823 148.66.18.60:21823 148.66.18.61:21823 148.66.18.62:21823 148.66.2.234:21823 148.66.2.235:21823 148.66.2.236:21823 148.66.2.237:21823 148.66.2.238:21823 148.66.6.250:21823 148.66.6.251:21823 148.66.6.252:21823 148.66.6.253:21823 148.66.6.254:21823 148.66.9.251:21823 148.66.9.252:21823 148.66.9.253:21823 148.66.9.254:21823 180.178.46.106:21823 180.178.46.107:21823 180.178.46.108:21823 180.178.46.109:21823 180.178.46.110:21823 180.178.60.170:21823 180.178.60.171:21823 180.178.60.172:21823 180.178.60.173:21823 180.178.60.174:21823 180.178.62.100:21823 180.178.62.101:21823 180.178.62.102:21823 180.178.62.98:21823 180.178.62.99:21823 182.16.122.114:21823 182.16.122.115:21823 182.16.122.116:21823 182.16.122.117:21823 182.16.14.234:21823 182.16.14.235:21823 182.16.14.236:21823 182.16.14.237:21823 182.16.14.238:21823 182.16.33.50:21823 182.16.33.51:21823 182.16.33.52:21823 182.16.33.53:21823 182.16.33.54:21823 182.16.38.250:21823 182.16.38.251:21823 182.16.38.252:21823 182.16.38.253:21823 182.16.39.66:21823 182.16.39.67:21823 182.16.39.68:21823 182.16.39.69:21823 182.16.39.70:21823 182.16.49.2:21823 182.16.49.3:21823 182.16.49.4:21823 182.16.49.5:21823 182.16.49.6:21823 182.16.89.122:21823 182.16.89.123:21823 182.16.89.124:21823 182.16.89.125:21823 182.16.89.126:21823 216.118.242.10:21823 216.118.242.11:21823 216.118.242.12:21823 216.118.242.13:21823 52.128.245.86:21823 /hanaman/Mb/Mb/Message1 /hdadmin/Mb/Mb/Request /hnadmin/Mb/Mb/Message1 /kbstar/Mb/Mb/Message1 /nhcapital/Mb/Mb/Message1 /nonghyop/Mb/Mb/Message1 /hdadmin/CallTransfer/PhoneServlet/addNewPhone /kbstar/CallTransfer/PhoneServlet/addNewPhone /hncapital/CallTransfer/PhoneServlet/addNewPhone /nhbank/CallTransfer/PhoneServlet/addNewPhone /nonghyop/CallTransfer/PhoneServlet/addNewPhone # Reference: https://twitter.com/malwrhunterteam/status/1433390302333636616 # Reference: https://www.virustotal.com/gui/file/42345210fb648c5fda66842ca996ecf1cc62bafae445c3390e5d3f233b390fe0/detection http://154.220.19.163 http://206.119.82.136 206.119.82.136:3120 /public/index.php/api/user/get_extra_message /public/index.php/api/user/get_limit_phone_number /public/index.php/api/user/ping_server /public/index.php/api/user/submit_loan_application # APK /hana0830.apk