# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.virustotal.com/gui/file/c716c56d401815842120a61140098f9e851d1f79cf4088a56ec6f1b6fd4bad62/detection
# Reference: https://vms.drweb.com/virus/?i=14931549&lng=en
# Reference: https://www.hybrid-analysis.com/sample/5b4cbd92c1cc6f946704b56845f6b3cec8caab2cb73eb9909f07e7e7d7849595?environmentId=200
# Reference: https://blog.naver.com/ian3714/220366680356 (Korean)

http://113.10.136.103
http://220.142.173.138

# Reference: https://twitter.com/malwaretracekr/status/1269636157710585856
# Reference: https://www.virustotal.com/gui/file/09a5deb3219bf3b9b31814e861fc97aa5b29061e8622c31b79fe826eebe6bd63/detection

http://1.174.90.183
avke.tanske.me

# Reference: https://twitter.com/malwaretracekr/status/1271255418791063552

htuto.isng.me

# Reference: https://twitter.com/malwaretracekr/status/1273503346523947008

edikopz1.aixdy.com.cn

# Generic

/dor000ft.php
/hp_state.php?telnum=
/hp_getsmsblockstate.php?telnum=
/index.php?type=join&telnum=
/index.php?type=receivesms&telnum=

# APK

/app-release.apk