# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://twitter.com/_icebre4ker_/status/1459178538960097289 # Reference: https://www.cleafy.com/cleafy-labs/sharkbot-a-new-generation-of-android-trojan-is-targeting-banks-in-europe sharkedtest1.xyz sharkedtestuk.xyz # Reference: https://twitter.com/midnight_comms/status/1459190518420852739 # Reference: https://twitter.com/_icebre4ker_/status/1461241411307769857 # Reference: https://www.virustotal.com/gui/file/4f1822817690d89943e7e57468ab4366e360772c0adce67bf74a7224b3732dee/behavior/VirusTotal%20R2DBox c2hhcmtlzdq3cg9qqkk.xyz c2hhcmtlzdq2cg9qqkk.info c2hhcmtlzdq3cg9qqkk.info c2hhcmtlzdq2cg9qqkk.xyz c2hhcmtlzdq2cg9qqkk.cc c2hhcmtlzdq2cg9qqkk.com c2hhcmtlzdq2cg9qqkk.net c2hhcmtlzdq2cg9qqkk.top c2hhcmtlzdq3cg9qqkk.top c2hhcmtlzdq2cg9qqkk.ru # Reference: https://twitter.com/_icebre4ker_/status/1462707330877898754 nddwb2pcstlmsedgzgz.top # Reference: https://twitter.com/cleafylabs/status/1491414401651458049 # Reference: https://www.virustotal.com/gui/ip-address/31.214.157.112/relations # Reference: https://www.virustotal.com/gui/file/4b7945e3756abb48e2a9b62d8a3a7f633811a1073a20a7d46c121e29b41b6c31/detection m3bvakjjouxir0zkzmd.xyz mjaynhbvakjjouxir0z.xyz mnbvakjjouxir0zkzmd.xyz # Reference: https://blog.fox-it.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/ mjayoxbvakjjouxir0z.xyz n3bvakjjouxir0zkzmd.xyz statscodicefiscale.xyz # Reference: https://twitter.com/_icebre4ker_/status/1506728296771461126 # Reference: https://www.virustotal.com/gui/file/917d7a3dff486a6b2908607dccf5d8a2929e05bb1ce988aec40bcb194d999bd0/detection sigmastats.xyz # Reference: https://research.checkpoint.com/2022/google-is-on-guard-sharks-shall-not-pass/ # Reference: https://otx.alienvault.com/pulse/62500ff8c7a4efb7d9e74ffb/ 0f995b6f93c819a0.xyz 74071141daaf3521.xyz c2hhcmtlzdq5cg9qqkk.top mjaynxbvakjjouxir0z.xyz mjaznxbvakjjouxir0z.xyz ndlwb2pcstlmsedgzgz.top y2znlm93bmvysuq0m3b.xyz # Reference: https://twitter.com/malwrhunterteam/status/1525052607005446150 # Reference: https://www.virustotal.com/gui/ip-address/185.219.221.65/relations # Reference: https://www.virustotal.com/gui/file/38b625b22d181132c67d9012cc86a8c15af3416e4d39ae9007d2c02792b2ce2b/detection http://185.219.221.65 11358f75eef6ac5c.xyz 122503f3e91e84bf.xyz c3f2c437622918b0.live f3eac8de096e59ca.live # Reference: https://twitter.com/_CPResearch_/status/1539598489495150593 aftelcom.top comappday.site gematolink.xyz gematonick.xyz originativ.co vansciver.me # Reference: https://www.virustotal.com/gui/ip-address/176.10.125.87/relations 61b5b05e79ddc1bf.info 66300d872f8568f0.xyz 6a1b9ec71eb4d837.net # Reference: https://www.virustotal.com/gui/ip-address/185.158.249.30/relations 6a00a421e44ead9e.live 7a4edf69ed3d21f9.live 80b51e6b4a4942d8.live 92cf772e294ea095.store d6c73e3ea9b2429d.live # Reference: https://blog.fox-it.com/2022/09/02/sharkbot-is-back-in-google-play/ # Reference: https://www.virustotal.com/gui/ip-address/109.230.199.47/relations # Reference: https://www.virustotal.com/gui/ip-address/185.212.47.113/relations # Reference: https://www.virustotal.com/gui/file/7f2248f5de8a74b3d1c48be0db574b1c6558d6edae347592b29dc5234337a5ff/detection confirst.xyz constint.xyz mefika.me wwdvisi.xyz yaseka.me 23080420d0d93913.live 7f3e61be7bb7363d.live browntrawler.store # Reference: https://muha2xmad.github.io/malware-analysis/sharkbot/ 04ff9f101c72a417.com 3634b259b56f2866.live 6d829850c8eb7892.top 8d6102613d7d4ccc.xyz b5c4f49eae222c10.store e30a26a32a8020f1.info efd909761db065cf.net # Reference: https://twitter.com/tiresearch1/status/1572859851264659459 # Reference: https://www.virustotal.com/gui/ip-address/185.158.249.89/relations 0b125b25007220d9.xyz 1b0f3fddf8845df6.xyz 3ddafe944f1dba48.xyz 437435a4cce520bc.xyz 614e7cd1c623698a.xyz 75b84d88067cb231.xyz 827c153abcc78ce2.live a7b8fa0a1e291cc2.xyz b6a30d41c85f0edb.xyz d48c662d57cd23e8.xyz # Reference: https://www.bitdefender.com/blog/labs/android-sharkbot-droppers-on-google-play-underlines-platforms-security-needs/ # Reference: https://www.virustotal.com/gui/file/843a901c7633fc5e21e32e3f82a08f97874772e471dce3ab3d425482010a7137/detection http://94.198.53.205 cdopea.store # Reference: https://twitter.com/sh1shk0va/status/1600508602334281729 # Reference: https://www.virustotal.com/gui/ip-address/91.242.217.65/relations downloadlastversion.online neednewupdate.art norriscras.online norriscras.shop norriscras.store # Reference: https://twitter.com/tiresearch1/status/1615314211328118786 2369341ad9bbc9a6.xyz 2a2258751af08761.store 3e98c5e2e712f2fc.xyz 431f4c8044b780c4.xyz c9267e7172c23fea.store cd306c22c6332008.xyz f15d584827297704.xyz # Reference: https://twitter.com/tiresearch1/status/1615647303670595585 f20ae55adaaf797f.xyz fae361e39435d13c.xyz # Reference: https://twitter.com/tiresearch1/status/1618178137170530306 # Reference: https://www.virustotal.com/gui/ip-address/79.132.131.131/relations # Reference: https://www.virustotal.com/gui/ip-address/91.242.217.147/relations 35fbe7fc67cdc20d.top 5c8a1c8e588044cb.store cc4d3debe7c33d08.live # Reference: https://twitter.com/tiresearch1/status/1625429564737605634 # Reference: https://www.virustotal.com/gui/file/d65577010625a3901da78bb81b20aa055aa62dbe8de15b9a0fe8b1d5dfe00f20/detection 075a42f94213a494.live 124261b08c52b166.xyz 12d6363d1d12242d.live 2ada1ec5a15bbced.info 32a31a288e34d925.top 35b98a2504c08951.live 3ab3704445b56546.xyz 3e95e96af806995d.xyz 3f1428dbce716305.live 40794e8ff97061d5.top 45ba560c3a67b2e5.xyz 4f581a978fe0eadf.live 5139097f5ef3edc1.xyz 5e6acd8a05c2bb35.xyz 61567e8ef6965503.store 69a4e33b882cffaf.xyz 77eb439d6788793e.com 7dc286fdab8292dc.xyz 81041b70fdc3a8d2.xyz 871d9314bb8bf8da.xyz 87a312e6bb2524d4.xyz 8d7c621736f6cb25.xyz 97329b880926f524.xyz 99fd4d0f8e4508c3.top 9ac0dbea6cd369e3.xyz 9c8b601990eacf18.live a41997fcd5e0bd32.xyz bcc1326dc8ca5b17.xyz be016d6a8fe57dff.xyz c097a245578c61ef.xyz d1192c1490791020.xyz d3a9f935b1c82ed3.xyz d8aa80c3bfe1dad4.xyz db8360c1867c1b98.top de3dea888febbf08.xyz e91d4ba9a1864c7d.live ed77f5c9d1885750.top f176cf5598f68448.live