# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://www.virustotal.com/gui/file/c716c56d401815842120a61140098f9e851d1f79cf4088a56ec6f1b6fd4bad62/detection # Reference: https://vms.drweb.com/virus/?i=14931549&lng=en # Reference: https://www.hybrid-analysis.com/sample/5b4cbd92c1cc6f946704b56845f6b3cec8caab2cb73eb9909f07e7e7d7849595?environmentId=200 # Reference: https://blog.naver.com/ian3714/220366680356 (Korean) http://113.10.136.103 http://220.142.173.138 # Reference: https://twitter.com/malwaretracekr/status/1269636157710585856 # Reference: https://www.virustotal.com/gui/file/09a5deb3219bf3b9b31814e861fc97aa5b29061e8622c31b79fe826eebe6bd63/detection http://1.174.90.183 avke.tanske.me # Reference: https://twitter.com/malwaretracekr/status/1271255418791063552 htuto.isng.me # Reference: https://twitter.com/malwaretracekr/status/1273503346523947008 edikopz1.aixdy.com.cn # Reference: https://twitter.com/malwaretracekr/status/1296215120373149696 peuvnex.wuanvs.me # Reference: https://twitter.com/malwaretracekr/status/1297096410513453056 mn.cjmallhg.cn # Reference: https://twitter.com/malwaretracekr/status/1297098257089228800 cc.xcvcdd.vip # Reference: https://twitter.com/malwaretracekr/status/1303518419086532608 cjcookid.info # Reference: https://twitter.com/malwaretracekr/status/1304999127076335618 tn.bklog.ink # Reference: https://twitter.com/malwaretracekr/status/1312765858154905601 # Reference: https://www.virustotal.com/gui/file/2beb2a2d594bbef0f152c003502b355d8342057d37e1a00bd138cfca6b65264d/detection 45.128.145.33:8899 # Reference: https://twitter.com/malwaretracekr/status/1314457384484364288 # Reference: https://www.virustotal.com/gui/ip-address/103.13.222.113/relations http://103.13.222.113 km.maskmkb.info # Reference: https://twitter.com/malwaretracekr/status/1316018657894395904 # Reference: https://www.virustotal.com/gui/file/1ef082e1093d7191317fc66f6e8f027fa404fff4acda9bf502f5c942970fdecf/detection http://45.131.177.87 hsl4.paociw.me # Reference: https://twitter.com/malwaretracekr/status/1316921517507284997 gh.easysmm.site # Reference: https://twitter.com/malwaretracekr/status/1317701339548250112 n.wsdyt.ren # Reference: https://twitter.com/malwaretracekr/status/1318437666229112832 xsziop.tmyds.xyz # Reference: https://twitter.com/malwaretracekr/status/1319633694303293440 sxi1.svipg.xyz # Reference: https://twitter.com/malwaretracekr/status/1321400280047513600 tmqh.eklcu.xyz # Reference: https://twitter.com/malwaretracekr/status/1321423819811090433 voinxc1.voinxc.xyz # Reference: https://twitter.com/malwaretracekr/status/1321707594491273216 fe.ihjkljkl.site # Reference: https://twitter.com/malwaretracekr/status/1321816802297479169 ukcgyse9.qsjrk.xyz # Reference: https://twitter.com/malwaretracekr/status/1324603862250975237 wkoxzu34.gkwjd.xyz # Reference: https://twitter.com/malwaretracekr/status/1324706392826015744 ruxj.xmoru.me # Reference: https://twitter.com/malwaretracekr/status/1325669330135076864 kend.xnoth.me # Reference: https://twitter.com/malwaretracekr/status/1325670176956715008 esjl.ebrin.me # Reference: https://twitter.com/malwaretracekr/status/1326842245836759043 gky1.bsiyw.me # Reference: https://twitter.com/malwaretracekr/status/1331117613485735937 stt.mamsqe.me # Reference: https://twitter.com/malwaretracekr/status/1337405537583939585 vr.auctios.site # Reference: https://twitter.com/malwaretracekr/status/1341332054298873860 bolpstu8.krxlp.xyz # Reference: https://twitter.com/malwaretracekr/status/1343043680492347392 # Reference: https://twitter.com/malwaretracekr/status/1343055891268923392 # Reference: https://www.virustotal.com/gui/ip-address/45.131.177.20/relations # Reference: https://www.virustotal.com/gui/file/75a593ba4448f90f313c3add833d2b1c3ceae491a37ac1d635037fcca129784f/detection 45.131.177.20:2021 eilwo4.ripaq.me n.ydei.group # Reference: https://twitter.com/malwrhunterteam/status/1341710227780104192 # Reference: https://twitter.com/bl4ckh0l3z/status/1343299380149972996 # Reference: https://www.virustotal.com/gui/file/86f1fd5ea17fad52b8a0c247d464e8fbfd35d8157892816b027fe2eed62b0bd2/detection 123.253.110.85:8899 # Reference: https://www.virustotal.com/gui/file/23d969b567c429ac013d608dddc90b2a8e9accd1134361ea91941fdbd2f14ce2/detection # Reference: https://www.virustotal.com/gui/file/2d4dc144c2c3f8a239ceccaf9597ce46e5509f646fb4d3958d982380109048eb/detection http://114.24.20.97 # Reference: https://twitter.com/malwaretracekr/status/1344161911118602242 426.tzroc.guru # Reference: https://twitter.com/malwaretracekr/status/1344635995359088645 isdx.ztod.com.cn # Reference: https://twitter.com/malwaretracekr/status/1344636428261543938 cj-run.xyz # Reference: https://twitter.com/malwaretracekr/status/1345371152751816706 hion5.navero.space # Reference: https://twitter.com/malwaretracekr/status/1345375575809036293 vuca.ksdf.pw # Reference: https://twitter.com/malwaretracekr/status/1345732047650787328 kr-bus.xyz # Reference: https://twitter.com/malwaretracekr/status/1346455589220614144 dm.netshodh.info # Reference: https://twitter.com/malwaretracekr/status/1347495191687557122 mysuny.xyz # Reference: https://twitter.com/malwaretracekr/status/1347800155202850817 my-bus.xyz # Reference: https://twitter.com/malwaretracekr/status/1347839178982133762 sdreams.xyz # Reference: https://twitter.com/malwaretracekr/status/1349235995540025344 krteuw.me # Reference: https://twitter.com/malwaretracekr/status/1349648529866690560 exaion.me oeubc.buzz # Reference: https://twitter.com/malwaretracekr/status/1349658556543365120 eitjls.co # Reference: https://twitter.com/malwaretracekr/status/1350368005738295299 ydie.press # Reference: https://twitter.com/malwaretracekr/status/1350362298481709057 toeuc.guru # Reference: https://twitter.com/muz_so/status/1351814574165561344 ponvi.space uionv10.ponvi.space # Reference: https://twitter.com/malwaretracekr/status/1352150909636075521 kpm.msks.pw msks.pw # Generic /dor000ft.php /hp_state.php?telnum= /hp_getsmsblockstate.php?telnum= /index.php?type=join&telnum= /index.php?type=receivesms&telnum= # APK /app-release.apk /CJ대한통운 택배V_10.3.33.apk /CJ대한통운 택배V_11.10.18.apk