forked from stamparm/maltrail
-
Notifications
You must be signed in to change notification settings - Fork 0
/
android_fanta.txt
56 lines (44 loc) · 1.26 KB
/
android_fanta.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission
# Aliases: fanta, flexnet, limebot, lipton
# Reference: https://www.group-ib.ru/blog/fanta (Russian)
# Reference: https://www.virustotal.com/gui/ip-address/178.132.1.240/relations
av-tovar.ru
perevod273.ru
perevod901.ru
ru-sdelka.ru
sdelka-ru.ru
sdelka211.ru
sdelka221.ru
shcet382.ru
shcet491.ru
tovar-av.ru
viplata291.ru
vyplata437.ru
(gomon|perevod|sdelka|shcet|v[i,y]plata)[0-9]{2,3}\.ru
# C2-s
# Reference: https://www.virustotal.com/gui/ip-address/217.23.14.27/relations
http://217.23.14.27
onuseseddohap.club
bad-racoon.club
bad-racoon.live
# Reference: https://twitter.com/m0br3v/status/1248589552169693184
fgrhjk6756u4y34.icu
# Reference: https://twitter.com/malwrhunterteam/status/1257709099468365824
# Reference: https://www.virustotal.com/gui/ip-address/188.165.90.180/relations
exsos.ru
gomon48.ru
seksex.ru
sexsos.ru
sextot.ru
sosep.ru
soses.ru
sosev.ru
soske.ru
tutsos.ru
zosos.ru
# Reference: https://www.hybrid-analysis.com/sample/bd873063e1455338fe8e7aa11f0f392abf7fc25ceac785fbe2484ab396a14b2e
/controller.php?mode=getTask
/controller.php?mode=register_bot
/controller.php?mode=setSmsStatus
/controller.php?mode=setSaveInboxSms