# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.virustotal.com/gui/file/c716c56d401815842120a61140098f9e851d1f79cf4088a56ec6f1b6fd4bad62/detection
# Reference: https://vms.drweb.com/virus/?i=14931549&lng=en
# Reference: https://www.hybrid-analysis.com/sample/5b4cbd92c1cc6f946704b56845f6b3cec8caab2cb73eb9909f07e7e7d7849595?environmentId=200
# Reference: https://blog.naver.com/ian3714/220366680356 (Korean)

http://113.10.136.103
http://220.142.173.138

# Reference: https://twitter.com/malwaretracekr/status/1269636157710585856
# Reference: https://www.virustotal.com/gui/file/09a5deb3219bf3b9b31814e861fc97aa5b29061e8622c31b79fe826eebe6bd63/detection

http://1.174.90.183
avke.tanske.me

# Reference: https://twitter.com/malwaretracekr/status/1271255418791063552

htuto.isng.me

# Reference: https://twitter.com/malwaretracekr/status/1273503346523947008

edikopz1.aixdy.com.cn

# Reference: https://twitter.com/malwaretracekr/status/1296215120373149696

peuvnex.wuanvs.me

# Reference: https://twitter.com/malwaretracekr/status/1297096410513453056

mn.cjmallhg.cn

# Reference: https://twitter.com/malwaretracekr/status/1297098257089228800

cc.xcvcdd.vip

# Reference: https://twitter.com/malwaretracekr/status/1303518419086532608

cjcookid.info

# Reference: https://twitter.com/malwaretracekr/status/1304999127076335618

tn.bklog.ink

# Reference: https://twitter.com/malwaretracekr/status/1312765858154905601
# Reference: https://www.virustotal.com/gui/file/2beb2a2d594bbef0f152c003502b355d8342057d37e1a00bd138cfca6b65264d/detection

45.128.145.33:8899

# Reference: https://twitter.com/malwaretracekr/status/1314457384484364288
# Reference: https://www.virustotal.com/gui/ip-address/103.13.222.113/relations

http://103.13.222.113
km.maskmkb.info

# Reference: https://twitter.com/malwaretracekr/status/1316018657894395904
# Reference: https://www.virustotal.com/gui/file/1ef082e1093d7191317fc66f6e8f027fa404fff4acda9bf502f5c942970fdecf/detection

http://45.131.177.87
hsl4.paociw.me

# Reference: https://twitter.com/malwaretracekr/status/1316921517507284997

gh.easysmm.site

# Reference: https://twitter.com/malwaretracekr/status/1317701339548250112

n.wsdyt.ren

# Reference: https://twitter.com/malwaretracekr/status/1318437666229112832

xsziop.tmyds.xyz

# Generic

/dor000ft.php
/hp_state.php?telnum=
/hp_getsmsblockstate.php?telnum=
/index.php?type=join&telnum=
/index.php?type=receivesms&telnum=

# APK

/app-release.apk
/CJ대한통운 택배V_10.3.33.apk
/CJ대한통운 택배V_11.10.18.apk