# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://www.virustotal.com/gui/file/c716c56d401815842120a61140098f9e851d1f79cf4088a56ec6f1b6fd4bad62/detection # Reference: https://vms.drweb.com/virus/?i=14931549&lng=en # Reference: https://www.hybrid-analysis.com/sample/5b4cbd92c1cc6f946704b56845f6b3cec8caab2cb73eb9909f07e7e7d7849595?environmentId=200 # Reference: https://blog.naver.com/ian3714/220366680356 (Korean) http://113.10.136.103 http://220.142.173.138 # Reference: https://twitter.com/malwaretracekr/status/1269636157710585856 # Reference: https://www.virustotal.com/gui/file/09a5deb3219bf3b9b31814e861fc97aa5b29061e8622c31b79fe826eebe6bd63/detection http://1.174.90.183 avke.tanske.me tanske.me # Reference: https://twitter.com/malwaretracekr/status/1271255418791063552 htuto.isng.me isng.me # Reference: https://twitter.com/malwaretracekr/status/1273503346523947008 edikopz1.aixdy.com.cn # Reference: https://twitter.com/malwaretracekr/status/1296215120373149696 peuvnex.wuanvs.me wuanvs.me # Reference: https://twitter.com/malwaretracekr/status/1297096410513453056 mn.cjmallhg.cn cjmallhg.cn # Reference: https://twitter.com/malwaretracekr/status/1297098257089228800 cc.xcvcdd.vip xcvcdd.vip # Reference: https://twitter.com/malwaretracekr/status/1303518419086532608 cjcookid.info # Reference: https://twitter.com/malwaretracekr/status/1304999127076335618 tn.bklog.ink bklog.ink # Reference: https://twitter.com/malwaretracekr/status/1312765858154905601 # Reference: https://www.virustotal.com/gui/file/2beb2a2d594bbef0f152c003502b355d8342057d37e1a00bd138cfca6b65264d/detection 45.128.145.33:8899 # Reference: https://twitter.com/malwaretracekr/status/1314457384484364288 # Reference: https://www.virustotal.com/gui/ip-address/103.13.222.113/relations http://103.13.222.113 km.maskmkb.info maskmkb.info # Reference: https://twitter.com/malwaretracekr/status/1316018657894395904 # Reference: https://www.virustotal.com/gui/file/1ef082e1093d7191317fc66f6e8f027fa404fff4acda9bf502f5c942970fdecf/detection http://45.131.177.87 hsl4.paociw.me paociw.me # Reference: https://twitter.com/malwaretracekr/status/1316921517507284997 gh.easysmm.site easysmm.site # Reference: https://twitter.com/malwaretracekr/status/1317701339548250112 n.wsdyt.ren wsdyt.ren # Reference: https://twitter.com/malwaretracekr/status/1318437666229112832 xsziop.tmyds.xyz tmyds.xyz # Reference: https://twitter.com/malwaretracekr/status/1319633694303293440 sxi1.svipg.xyz svipg.xyz # Reference: https://twitter.com/malwaretracekr/status/1321400280047513600 tmqh.eklcu.xyz eklcu.xyz # Reference: https://twitter.com/malwaretracekr/status/1321423819811090433 voinxc1.voinxc.xyz voinxc.xyz # Reference: https://twitter.com/malwaretracekr/status/1321707594491273216 fe.ihjkljkl.site ihjkljkl.site # Reference: https://twitter.com/malwaretracekr/status/1321816802297479169 ukcgyse9.qsjrk.xyz qsjrk.xyz # Reference: https://twitter.com/malwaretracekr/status/1324603862250975237 wkoxzu34.gkwjd.xyz gkwjd.xyz # Reference: https://twitter.com/malwaretracekr/status/1324706392826015744 ruxj.xmoru.me xmoru.me # Reference: https://twitter.com/malwaretracekr/status/1325669330135076864 kend.xnoth.me xnoth.me # Reference: https://twitter.com/malwaretracekr/status/1325670176956715008 esjl.ebrin.me ebrin.me # Reference: https://twitter.com/malwaretracekr/status/1326842245836759043 gky1.bsiyw.me bsiyw.me # Reference: https://twitter.com/malwaretracekr/status/1331117613485735937 stt.mamsqe.me mamsqe.me # Reference: https://twitter.com/malwaretracekr/status/1337405537583939585 vr.auctios.site auctios.site # Reference: https://twitter.com/malwaretracekr/status/1341332054298873860 bolpstu8.krxlp.xyz krxlp.xyz # Reference: https://twitter.com/malwaretracekr/status/1343043680492347392 # Reference: https://twitter.com/malwaretracekr/status/1343055891268923392 # Reference: https://www.virustotal.com/gui/ip-address/45.131.177.20/relations # Reference: https://www.virustotal.com/gui/file/75a593ba4448f90f313c3add833d2b1c3ceae491a37ac1d635037fcca129784f/detection 45.131.177.20:2021 eilwo4.ripaq.me ripaq.me n.ydei.group ydei.group # Reference: https://twitter.com/malwrhunterteam/status/1341710227780104192 # Reference: https://twitter.com/bl4ckh0l3z/status/1343299380149972996 # Reference: https://www.virustotal.com/gui/file/86f1fd5ea17fad52b8a0c247d464e8fbfd35d8157892816b027fe2eed62b0bd2/detection 123.253.110.85:8899 # Reference: https://twitter.com/malwrhunterteam/status/1365311635099971592 # Reference: https://twitter.com/bl4ckh0l3z/status/1365671448635973633 # Reference: https://www.virustotal.com/gui/file/47cfb949ba578425c348aa4ed8a3d25e0650c9fae58db2d97c2686fb77dc7f8f/detection 123.253.110.241:6988 123.253.110.241:8889 # Reference: https://twitter.com/malwrhunterteam/status/1371908225038229507 # Reference: https://www.virustotal.com/gui/file/d1b04d8140ca4d845446c2b7ace2d1bafa2a4cf3f1065559c8713bb13ad810e1/detection 123.253.110.169:8889 # Reference: https://www.virustotal.com/gui/file/23d969b567c429ac013d608dddc90b2a8e9accd1134361ea91941fdbd2f14ce2/detection # Reference: https://www.virustotal.com/gui/file/2d4dc144c2c3f8a239ceccaf9597ce46e5509f646fb4d3958d982380109048eb/detection http://114.24.20.97 # Reference: https://twitter.com/malwaretracekr/status/1344161911118602242 426.tzroc.guru tzroc.guru # Reference: https://twitter.com/malwaretracekr/status/1344635995359088645 isdx.ztod.com.cn # Reference: https://twitter.com/malwaretracekr/status/1344636428261543938 cj-run.xyz # Reference: https://twitter.com/malwaretracekr/status/1345371152751816706 hion5.navero.space navero.space # Reference: https://twitter.com/malwaretracekr/status/1345375575809036293 vuca.ksdf.pw ksdf.pw # Reference: https://twitter.com/malwaretracekr/status/1345732047650787328 kr-bus.xyz # Reference: https://twitter.com/malwaretracekr/status/1346455589220614144 dm.netshodh.info netshodh.info # Reference: https://twitter.com/malwaretracekr/status/1347495191687557122 mysuny.xyz # Reference: https://twitter.com/malwaretracekr/status/1347800155202850817 my-bus.xyz # Reference: https://twitter.com/malwaretracekr/status/1347839178982133762 sdreams.xyz # Reference: https://twitter.com/malwaretracekr/status/1349235995540025344 krteuw.me # Reference: https://twitter.com/malwaretracekr/status/1349648529866690560 exaion.me oeubc.buzz # Reference: https://twitter.com/malwaretracekr/status/1349658556543365120 eitjls.co # Reference: https://twitter.com/malwaretracekr/status/1350368005738295299 ydie.press # Reference: https://twitter.com/malwaretracekr/status/1350362298481709057 toeuc.guru # Reference: https://twitter.com/muz_so/status/1351814574165561344 ponvi.space uionv10.ponvi.space # Reference: https://twitter.com/malwaretracekr/status/1352150909636075521 kpm.msks.pw msks.pw # Reference: https://twitter.com/muz_so/status/1352909545174011905 poinv.space rovcn2.poinv.space # Reference: https://twitter.com/malwaretracekr/status/1352988190932561923 drde.uemvu.buzz uemvu.buzz # Reference: https://twitter.com/malwaretracekr/status/1352988812251566086 # Reference: https://www.virustotal.com/gui/ip-address/103.148.244.75/relations kwins.xyz ragos.xyz ufits.xyz # Reference: https://twitter.com/malwaretracekr/status/1352990551352565760 # Reference: https://www.virustotal.com/gui/file/b57d88da797ded50b3da56e22711b7dc3b10f70cdcdff7426d1f97c65681a5cc/detection http://45.131.177.83 lyum.fixuxg.me fixuxg.me # Reference: https://twitter.com/muz_so/status/1353276793726279680 kopn2.uiover.live uiover.live # Reference: https://twitter.com/malwaretracekr/status/1353218951463923712 coinozne.com # Reference: https://twitter.com/malwaretracekr/status/1353395335146557442 shop-o.xyz # Reference: https://twitter.com/malwaretracekr/status/1354807146387365888 apr.mdus.pw mdus.pw # Reference: https://twitter.com/muz_so/status/1355484797020172290 colth.xyz ufde.colth.xyz # Reference: https://twitter.com/muz_so/status/1355484709854175234 cixi-bar.web.app # Reference: https://twitter.com/malwaretracekr/status/1366680087974662144 munjalinb.info fs.munjalinb.info # Reference: https://twitter.com/malwrhunterteam/status/1367410100252667906 # Reference: https://www.virustotal.com/gui/file/307eb3e21f421132341b08db353c5289e482c54b3c36abd03869713ad393e5d0/detection 103.159.80.35:8889 http://103.159.80.35 # Reference: https://twitter.com/malwrhunterteam/status/1374820280636424201 # Reference: https://twitter.com/bl4ckh0l3z/status/1374999967551660032 # Reference: https://www.virustotal.com/gui/file/546f93d93d47c422b3193864c872a64f87fabd1dab845eecbf68195c41d35207/detection 103.159.80.85:8779 103.159.80.85:8889 # Reference: https://twitter.com/malwrhunterteam/status/1374293451848749059 # Reference: https://www.virustotal.com/gui/file/c709ca9bf91d7dfac8c319b62d53c54be4d039611e3f8f29c7d361f3393de73c/detection 103.159.80.95:5227 # Reference: https://www.virustotal.com/gui/file/0e7788b8980c76bd4ae59ccd88743955f91137c1b0959c6b4a89acd81e097429/detection 123.253.110.17:8889 http://123.253.110.17 # Reference: https://twitter.com/malwaretracekr/status/1381135262412021765 srey.cab # Generic /dor000ft.php /hp_state.php?telnum= /hp_getsmsblockstate.php?telnum= /index.php?type=join&telnum= /index.php?type=receivesms&telnum= # APK /app-release.apk /CJ대한통운 택배V_10.3.33.apk /CJ대한통운 택배V_11.10.18.apk