# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: coper, marcher, octo

# Reference: https://www.virustotal.com/gui/ip-address/176.119.28.74/relations
# Reference: https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html

androidpt01.asia
androidpt02.asia
barberink.biz
bizlikebiz.biz
chudresex.at
chudresex.cc
compoz.at
coupon-online.fr
cpsxz1.at
deereebee.info
dfjdgxm3753u744h.at
divingforpearls.at
dndzh457thdhjk.at
elitbizopa.info
fhfhhhrjtfg3637fgjd.at
filllfoll.biz
i-app1.online
i-app4.online
i-app5.online
inovea-engineering.com
ldfghvcxsadfgr.at
lingerieathome.eu
loupeacara.net
loupeahak.com
memosigla.su
messviiqqq.info
nowayright.biz
olimpogods.at
playgoogle.at
playsstore.mobi
playsstore.net
qqqright.info
rockybalboa.at
sarahtame.at
secure-ingdirect.top
securitybitches1.at
securitybitches3.at
soulreaver.at
ssnoways.info
storegoogle.at
sudopsuedo1.su
sudopsuedo2.su
sudopsuedo3.su
track-google.at
trackgoogle.at
weituweritoiwetzer.at
wellscoastink.biz
wqetwertwertwerxcvbxcv.at

# Reference: https://www.virustotal.com/gui/ip-address/178.132.78.152/relations
# Reference: https://www.virustotal.com/gui/file/7896c69b1cc1cb0f603242a46c65d51a512651e3b51759fb34aeb528f0236498/detection
# Reference: https://www.virustotal.com/gui/file/bcfe7d6066272faa3de00f34c7f15d6c183ed193dd5daca772ff4c97b55d64c5/detection

as44aa11.top
as55aa22.top

# Reference: https://twitter.com/malwrhunterteam/status/1504558610159919114
# Reference: https://www.virustotal.com/gui/ip-address/5.255.102.136/relations
# Reference: https://www.virustotal.com/gui/file/464a7c5c1faefaa0fd7bb11b5211a9b4996b0d8eebd2ba694a9dcca95ffabc59/detection
# Reference: https://www.virustotal.com/gui/file/ded98a60183c59d80524cdd2f104dabdab2342d90fea1abebe2bbf92a7e0f336/detection
# Reference: https://www.virustotal.com/gui/file/fca33888cae8d4e9fd4b2a4bcb80cf894786ce60dc3fd32691f80edef56e5b37/detection

fastconnectcenter.com
fastconnectcenter.hk
/875sakLglasg27pvl/

# Reference: https://threatfabric.com/blogs/octo-new-odf-banking-trojan.html
# Reference: https://www.virustotal.com/gui/file/008ffb2b49c8f7d97ad201290abd93bf3fc0d9246775cbdbf180ba910adc2fce/detection

smartcontractlicense.info
/puap9udshc2zmzjmmuzmghst/

# Reference: https://www.virustotal.com/gui/file/0613b3bf8a152356be696c7a9e66058e68dcde708f2f47241e2e538678d48f5d/detection

equisdeperson.space
personification.top
rigorichbroker.com
/MDI0ODlhNzAxYzg2/

# Reference: https://twitter.com/pmmkowalczyk/status/1493559761593380867
# Reference: https://twitter.com/pmmkowalczyk/status/1493559763266908164

auhr8h3ba.ch
hr81ha8ah.ch
hrauu3aga.ch
j3ha8h1ag.ch
uwhauaua.ch
/MWNhMjI2OTkyNjA3/

# Reference: https://www.virustotal.com/gui/ip-address/176.121.14.164/relations
# Reference: https://www.virustotal.com/gui/file/0480b9e36afe56f9554bad57e0ba65a8df65fdfb821dc69c20be85987614f3b3/detection

8ibaub3bav.com
fuaggggotc.top
guuagwuu.top
hbaruuau3h.top
hgauahhh.com
ifn1h8ag1g.com
ifua88ahahgh.com
ihfagzuuu.net
irha3wzuu.top
jgiauwggg.org
thhausgajk.com
uagggauua.com
uauzustttt.com
utabwbazuu.com
/NiYmQ5YzZlODllzzz/

# Reference: https://www.virustotal.com/gui/ip-address/185.151.147.65/relations
# Reference: https://www.virustotal.com/gui/file/02f43cf67a61bd5c42c33d5196d3962845a28e1e014f23010455e73dd4e240ab/detection

bau3baahh.com
gfhau1hacjj.com
uhnazu3au.top

# Reference: https://twitter.com/B0rys_Grishenko/status/1478341854747889664
# Reference: https://cert.pl/posts/2021/12/aktywacja-aplikacji-iko/ (Polish)
# Reference: https://www.virustotal.com/gui/ip-address/176.107.160.226/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.103.109.45/relations
# Reference: https://www.virustotal.com/gui/ip-address/92.255.110.226/relations
# Reference: https://www.virustotal.com/gui/ip-address/188.227.86.32/relations
# Reference: https://www.virustotal.com/gui/file/5a85777d094c644a962787bfa5d80b2ba47493ca7c276f7406c2b3d83feb30e6/detection

dsfiu133ds52231232fdnsjds.top
dsfiu733ds42231232fdnsjds.top
dsfiu733ds52231232fdnsjds.top
s122231232fdnsjds.top
s222231232fdnsjds.top
s22231232fdnsjds.top
s322231232fdnsjds.top
s32231232fdnsjds.top
s42231232fdnsjds.top
/PArhFzp5sG2sN/

# Reference: https://twitter.com/malwrhunterteam/status/1483173995390382085
# Reference: https://www.virustotal.com/gui/file/115b4ae0009c84c335611cfc2a2a1a06db03fc392a627988bd03592d1a154750/detection
# Reference: https://www.virustotal.com/gui/file/59527801e3cf12749e2471fef6df6693e54e74521e8175beb048eaf60ee21d2d/detection
# Reference: https://www.virustotal.com/gui/file/ecf4d571531d0647a393d5860d168f2ef5b633b70831b05e2a47694fc47bc97a/detection

checkips.xyz
checks.design
fastcheck.digital
ipmonitor.services
servercheck.online
xipxesip.club
xipxesip.design
xipxesip.digital
xipxesip.online
xipxesip.services
xipxesip.xyz
/OWU1NzkwNWVmYmRk/
/sljs1NzkwNWVmYmRsnc/

# Reference: https://www.virustotal.com/gui/file/b5ac07a4252d9c14e877d087ffb416ac8d3995dfe8bf6ea4122d19d1b749c3c3/detection
# Reference: https://www.virustotal.com/gui/file/d111d88d82bc8094283c5ef2daa2d681aef11b89a755538cd0ef1cf3c36987b5/detection

rftgyh.shop
rftgyh.store
rftgyh.xyz
qwaszx.club
qwaszx.digital
qwaszx.site
/X0SDscG9rqz68F/

# Reference: https://twitter.com/cleafylabs/status/1526859118794919936
# Reference: https://www.virustotal.com/gui/ip-address/45.147.96.90/relations
# Reference: https://www.virustotal.com/gui/file/8c5445fd569211c74eec6bad036ccd16a5cc3b4979771b041fc90a79bad6feee/detection

ddhfbhdfbsdbfsdg.top
dfdfdfdgdffjdhbf.org
sdhfsdbfbjhsdhff.com
sjsdfsddjhdjfadff.com
ssgsjhfsdfdsjhd.info
vvjfsdsdghsdghfvffdf.top
/MzYzMzJjZDI5YzYx/

# Reference: https://twitter.com/cleafylabs/status/1526866760879722496

homebyavariridgway.com

# Reference: https://www.virustotal.com/gui/file/eadd9c3e3f7a1c5e008ca157cb850aa72d283f702da2ab4daf0e4af4d926ab3e/detection

goos.pw

# Reference: https://twitter.com/f3d__/status/1537005322065391618

beautyxumeley.com
dfdfdfdgdffjdhbf.org
ssgsjhfsdfdsjhd.info
/ZTYxYWI2NWNmYTA3/

# Reference: https://tria.ge/220613-m1yrsacab9

ahnudsbba.xyz
fabh23zuba.top
fu8hhaadl.com
idai2babd1.xyz
jufhahbhazh.top

# Reference: https://tria.ge/220614-hvhq6agef5

8ibaub3bav.com
hbaruuau3h.top
ifn1h8ag1g.com
ifua88ahahgh.com
irha3wzuu.top
uhnazu3au.top
utabwbazuu.com

# Reference: https://twitter.com/_icebre4ker_/status/1541875987419365377
# Reference: https://twitter.com/ecarlesi/status/1541785629721231362

esappguide.com
forumtasking.net
/MTlkYWQwOTBkNmFi/

# Reference: https://www.virustotal.com/gui/file/e48e7c9b01b8a89b8caa6bfaf84fdf7f735d0fa0271aecc6aa7710766df9946d/detection
# Reference: https://www.virustotal.com/gui/file/423cf942b83f38244b6f74d4770056ec66e699e748d66613cd7cb0875036202a/detection
# Reference: https://www.virustotal.com/gui/file/2b3b7c6af707f69b7d3259e829b02b746a949720a3542519f9327d3b071d0cbe/detection
# Reference: https://www.virustotal.com/gui/file/1b3d36c1789c0fc70ae36d70ce8fabfdc54a09a9c5bdf900bcdebd778f7c4f14/detection
# Reference: https://www.virustotal.com/gui/file/13a284a55c6f5ad2c5212cf47510469994b8197c80b3f620f97b4fb716add1bb/detection

albiworkman7583.top
antonwright456.top
elodiecope88968.top
finndalby0.top
karenbarber56543.top
malaikaduggan890.top
miltonchambers72.top
naziawills5523.top
onurrobinson333.top
sabihaplummer80.top
sidesquivel124.top
teaganwhitaker6437.top
zayaanpaine23.top
/ODIzY2ZmOWM4MTY2/

# Reference: https://www.virustotal.com/gui/ip-address/185.238.170.201/relations
# Reference: https://www.virustotal.com/gui/file/e4252d0a21372e9d39385be7bd2fc04c77f42fc5dd803ef82340364044452266/detection
# Reference: https://www.virustotal.com/gui/file/183bd85d061fa509ff9f732dd01b358ce00297fb0ddf6d5e43ab9b4ab36bb6d5/detection

analysisdnsdata.website
checkdns.club
checkdns.design
checkdns.digital
checkdns.services
checkdns.shop
checkdnsplus.site
checkdnsplus.space
dnscheck.club
dnscheck.design
fastcheckdns.shop
fastcheckdns.xyz
/NmE0N2YwOWEzMTM3/

# Reference: https://twitter.com/malwrhunterteam/status/1611068887033909261
# Reference: https://www.virustotal.com/gui/ip-address/62.204.41.203/relations
# Reference: https://www.virustotal.com/gui/file/c11907662ce44c176f1d75646e113e89b271fb2b33cc968c8e2e7543cae82938/detection

analysisdnsdata.site
analysisdnsdata.space
bestipscanworld.xyz
bestscanipworld.xyz
bestworldipscan.xyz
checkserversippool.xyz
doublednscheck.xyz
ipbestscanworld.xyz
ipcheckserverspool.xyz
ipscanbestworld.xyz
ipscanworldbest.xyz
ipworldscanbest.xyz
plusdnscheck.site
plusdnscheck.space
plusdnscheck.website
plusdnscheck.xyz
poolcheckipservers.xyz
poollipceckservers.xyz
poolserverisippool.xyz
scanbestipworld.xyz
scanipbestworld.xyz
scanworldbestip.xyz
scanworldipbest.xyz
serverscheckippool.xyz
serversippoolcheck.xyz
serverspoolcheckip.xyz
worldipbestscan.xyz

# Reference: https://github.com/threatlabz/iocs/blob/main/android_malware/coper_iocs_20230427.txt

bestipworldscan.xyz
bestworldscanip.xyz
ipworldbestscan.xyz
scanbestworldip.xyz
worldbestipscan.xyz
worldbestscanip.xyz
worldscanbestip.xyz
worldscanipbest.xyz

# Reference: https://github.com/threatlabz/iocs/blob/main/android_malware/coper_iocs_20230817.txt

newfastcheckdns.xyz
newfastdnscheck.xyz

# Reference: https://www.virustotal.com/gui/file/01edc46fab5a847895365fb4a61507e6ca955e97f5285194b5ec60ee80daa17c/detection

smartcontractlicensenow.info
smartcontractlicensetodo.info
smartcontractlicensewow.info

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2023-11-10)

http://185.192.246.251
http://185.196.9.197
http://194.33.191.201
http://194.33.191.41
http://91.92.244.72
http://91.92.251.4
http://94.156.65.160
http://94.156.68.231
http://94.156.68.232
http://94.156.68.233
http://94.156.68.234
abiciisswwee.com
abisdumore.com
adetero6orlher.com
aganimsharse671x.live
babacimmnapiyosun.com
barbriki76782.info
beresihbtgrs5ewtr.info
berionderh6figer.com
bobnoopo.org
bobnoopopo.org
bonjoorvipacz.pro
bukkub.top
businessocto.com.tr
certbreu45nagbierty.com
chrownna.top
discount44today.online
easyforpro901002.pro
ekmeka232kmek.com
gokilllahhhh.top
jnukikmna5125.live
junggpervbvqqqqqq.com
junggpervbvqqqqqqpo.com
junggvbvq.top
junggvbvq5656.top
junggvbvqqgroup.com
junggvbvqqgrouppo.com
junggvbvqqnetok.com
junggvbvqqnetokpo.com
junggvrebvqq.org
junggvrebvqqpo.org
jungjunjunggvbvq.top
kijuolobtreshu31.pro
lauytropo.net
loliternakond.com
mmma7811play.com
mmma7811play.net
mmma7811play.xyz
mmma8291play.com
mmma8291play.net
mmma8291play.xyz
mobile0team0stat.shop
octobusiness.com.tr
oelikixanni14.live
planbusiness.com.tr
planlimited.com.tr
planultra.com.tr
scorpionxxxtention.com
scorpionxxxtention.net
scorpionxxxtention.xyz
scorpionxxxtentionss.net
supersafer6.net
xxxpakunatationclass.net
xxxpakunatationclass2.net
xxxpakunatationclass3.net
xxxpakunatationclass4.net
xxxpakunatationclass5.net
xxxpakunatationclass6.net
/MTQ4MmUxODBhMTVi/
/MTU2OWE0NzJjNGY5/
/NmM2YjMyYjE4MmMx/
/NTQ2ZDEzM2FjMjY2/
/NzI1OGM2YjI0NDE5/
/ODRiMzk3Njg3ZThk/
/OGY2YWU5OTM4OTQ3/
/Y2U5ZjYxZTA5Zjcw/
/YWFiM2VkMmFmNWFh/
/ZDIxMjJmY2NlZmE5/
/ZmU2YzQ2NjZlNjc2/

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2023-11-21)

http://185.225.75.207
http://83.147.245.71
http://91.92.243.93
2jamiryo22113.net
3jamiryo22113.net
4jamiryo22113.net
5jamiryo22113.net
6jamiryo22113.net
7jamiryo22113.net
ahvahetmegelkalda.com
auxocto.com.tr
auxtoorocto.com.tr
bukoshmuko.top
cmdtoorocto.com.tr
cotogarden.co
ecolosolution.net
fghdfhdgh33.xyz
fhuiooemensb.info
fhuiooemrrerensb.co
kalkgelsybradan.com
kalplerderyakadardan.net
kamalaktandagel.com
macfitt.net
nigemgrouapp.net
nigemgrouapp.site
otakikotaik1224634.net
otakikotaik1334534.net
otakikotaik3234234.net
otakikotaik4234234.net
otakikotaik6423234.net
peyfi.bio
rgsdhsdf31.xyz
rrqg.xyz
stormslva.net
strmphone.net
sybrailevip.com
/MWVlMGI1ODc4NjFj/
/MmEzNTkzZDFkOWQz/
/ODVlZDlkMzU1ZTRi/
/YjM0YWMzZjQ5YzQz/
/YjRkZjE0NTUyNzZm/
/YmU2MGQ0ZWYxODM5/

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2023-11-25)

http://91.92.244.80
rootocto.com.tr
terierkorn.top
toorocto.com.tr
/CfK3ulGypS7Nns81/
/ZTZkNTJjNTkwYzk3/

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2023-12-05)

http://103.147.12.179
http://103.151.4.23
http://103.159.188.34
http://103.214.173.68
http://103.61.224.87
http://104.131.71.126
http://13.53.125.231
http://146.190.163.104
http://159.100.6.226
http://159.69.77.234
http://162.0.238.106
http://162.19.175.57
http://163.5.210.85
http://163.5.64.18
http://163.5.64.30
http://172.104.207.197
http://172.208.121.27
http://172.208.40.215
http://172.208.40.228
http://188.132.197.242
http://188.40.15.18
http://193.176.190.186
http://193.233.232.38
http://193.233.254.90
http://194.156.99.133
http://194.26.192.46
http://194.87.246.55
http://20.67.233.144
http://212.113.106.241
http://24.133.200.15
http://24.144.89.120
http://24.144.93.215
http://34.42.132.228
http://40.76.124.582
http://44.219.227.178
http://45.131.2.192
http://45.82.70.104
http://46.175.149.90
http://5.182.86.157
http://62.109.13.217
http://68.183.56.78
http://77.91.68.162
http://77.91.68.164
http://77.91.68.167
http://77.91.78.246
http://77.92.146.147
http://81.19.137.54
http://82.147.85.82
http://85.198.9.782
http://85.209.176.78
http://89.163.255.130
http://91.92.250.212
http://91.92.251.79
http://91.92.251.8
http://94.142.138.128
http://94.228.168.172
http://95.181.173.244
0rrdinalswallet.com
1.165079.biz
1.165081.biz
1.165084.biz
1.165086.biz
1.165088.biz
1.165089.biz
1.165090.biz
1.165091.biz
1.165094.biz
1.165095.biz
1.165096.biz
1.165097.biz
1.165098.biz
1.165099.biz
1.165100.biz
1.165121.biz
1.165122.biz
1.165123.biz
1.165124.biz
1.165126.biz
1.165129.biz
1.165131.biz
1.165132.biz
1.165133.biz
1.165134.biz
1.165137.biz
1.165138.biz
1.165139.biz
1.165140.biz
1.165143.biz
1.165144.biz
1.165145.biz
1.165146.biz
1.165147.biz
1.165149.biz
1.165152.biz
1.165154.biz
1.165155.biz
1.165157.biz
1.165158.biz
1.165159.biz
1.165160.biz
1.165161.biz
1.165162.biz
1.165163.biz
1.165165.biz
1.165166.biz
1.165167.biz
1.165168.biz
104.248.168.233:8082
1098393-cx34326.tmweb.ru
149.100.138.162:8082
15.235.140.12:8082
158.220.117.55:8082
165001.cz
165001.mba
165001.net
165001.tw
165002.co
165002.cz
165002.tw
165003.co
165003.cz
165004.mba
165004.me
165004.net
165005.cz
165005.me
165005.net
165006.co
165006.mba
165006.me
165007.cz
165007.mba
165007.me
165007.net
165007.tw
165008.cz
165008.me
165008.net
165008.tw
165009.cz
165009.me
165009.net
165009.tw
16501.id
16501.me
16501.net
16501.nl
16501.org
16501.wang
16501.win
165010.co
165010.cz
165010.me
165010.net
165010.tw
165011.co
165011.me
165011.tw
165012.co
165012.cz
165012.me
165013.me
165014.co
165014.cz
165015.co
165015.cz
165017.cz
165017.me
165018.co
165018.me
165019.me
16502.bid
16502.biz
16502.cz
16502.uk
16502.vin
165020.co
165020.cz
165020.me
165021.co
165021.cz
165022.cz
165022.uk
165023.cz
165024.co
165024.uk
165025.co
165025.uk
165026.cn
165026.co
165026.cz
165026.uk
165027.cn
165027.co
165027.cz
165027.uk
165028.cn
165028.cz
165029.co
165029.cz
16503.cz
16503.uk
16503.wang
16503.win
165030.cn
165031.co
165031.uk
165032.cn
165032.cz
165032.uk
165033.cn
165033.cz
165034.co
165034.cz
165034.uk
165034.vip
165035.cn
165035.co
165035.cz
165036.cn
165036.co
165036.cz
165036.vip
165037.cz
165037.uk
165037.vip
165038.cn
165038.vip
165039.co
165039.vip
16504.org
16504.vin
16504.wang
16504.win
165040.cz
165040.vip
165041.cn
165041.cz
165041.vip
165042.cn
165042.cz
165042.me
165042.uk
165043.cn
165043.cz
165043.vip
165044.cn
165044.me
165044.uk
165044.vip
165045.cz
165045.me
165045.uk
165045.vip
165046.cz
165047.cz
165047.uk
165047.vip
165048.cz
165048.me
165048.uk
165049.cz
165049.me
165049.vip
16505.org
16505.vin
16505.wang
16505.win
165050.me
165050.uk
165050.vip
165051.uk
165052.me
165052.vip
165053.me
165053.uk
165053.vip
165054.me
165054.uk
165055.cz
165056.me
165056.uk
165056.vip
165057.me
165057.uk
165058.cz
165058.uk
165058.vip
165059.me
165059.vip
165060.cz
165060.me
165060.vip
165061.cz
165062.me
165063.cz
165063.me
165063.vip
165064.cz
165064.vip
165066.cz
165066.me
165066.vip
165067.me
165067.vip
165068.cz
165068.vip
165069.me
16507.win
165071.vip
165072.org
165072.vip
165073.cz
165073.org
165073.vip
165074.org
165074.vip
165075.cz
165075.org
165076.org
165076.vip
165077.cz
165077.me
165078.cz
165078.me
165079.cz
165079.me
165079.vip
16508.wang
16508.win
165082.cz
165083.me
165083.org
165084.cz
165084.me
165084.vip
165085.me
165085.org
165085.vip
165086.me
165086.org
165087.cz
165087.org
165087.vip
165088.cz
165088.org
165088.vip
165089.cz
165089.vip
16509.cn
16509.org
16509.win
165090.org
165090.vip
165091.biz
165091.cz
165091.me
165091.org
165091.vip
165092.cz
165092.me
165092.vip
165093.cz
165093.me
165093.vip
165094.cz
165094.me
165094.org
165095.cz
165095.me
165095.org
165096.cz
165096.me
165097.cz
165097.me
165097.org
165097.vip
165098.me
165099.biz
165099.cz
165099.org
16510.org
16510.wang
16510.win
165100.me
165100.org
165100.vip
165101.cz
165101.me
165101.vip
165102.cz
165102.org
165103.me
165104.biz
165104.cz
165104.org
165104.vip
165105.org
165106.biz
165106.me
165106.org
165107.biz
165107.cz
165107.me
165107.org
165108.cz
165108.org
165108.vip
165109.me
165109.org
165109.vip
16511.org
16511.wang
165110.biz
165110.cz
165110.org
165111.biz
165111.cz
1651111.bid
1651111.org
1651112.bid
165112.cz
165112.org
165112.vip
165113.biz
165113.vip
165114.biz
165114.cz
165114.vip
165115.biz
165115.cz
165115.org
165115.vip
165116.biz
165116.cz
165116.org
165116.vip
165117.biz
165117.cz
165117.vip
165118.biz
165118.cz
165118.org
165119.biz
165119.cz
16512.org
165120.vip
165121.org
165121.vip
165122.org
165122.vip
165123.cz
165124.cz
165124.org
165125.cz
165125.org
165125.vip
165126.cz
165126.org
165126.vip
165127.cz
165128.cz
165128.org
165128.vip
165129.org
165130.cz
165130.org
165130.vip
165131.org
165132.org
165133.cz
165133.org
165133.vip
165134.cz
165134.org
165135.cz
165135.vip
165136.org
165136.vip
165137.org
165137.vip
165138.org
165138.vip
165139.org
165140.vip
165141.vip
165142.org
165143.org
165145.org
165148.org
165149.org
16515.uk
165150.org
165151.org
165152.org
165153.org
165154.org
165156.org
165157.org
165158.org
165159.org
16516.wang
165160.org
165161.org
165162.org
165163.org
165164.org
165168.org
165170.org
165171.org
165172.org
165176.org
165177.org
165179.org
165180.org
165181.org
165182.org
165186.org
165187.org
165189.org
165190.org
165191.org
165195.org
165196.org
165197.org
165198.org
165199.org
165200.org
165202.org
165203.org
165204.org
165207.org
165208.org
16521.tv
165210.org
165213.org
165214.org
165215.org
165216.org
165217.org
165218.org
16522.tv
165221.org
165222.org
165223.org
165224.org
165225.org
165227.org
165228.org
165229.org
16523.tv
165230.org
165231.org
165232.org
165234.org
165235.org
165236.org
165240.org
165241.org
165243.org
165244.org
165245.org
165246.org
16525.org
16525.tv
16526.org
16527.cn
16531.cn
16537.cn
16540.cn
16541.org
16542.cn
16545.org
16547.org
16570.cn
172.174.144.147:8082
172.178.83.46:8082
172.190.120.239:8082
193.233.254.44:8082
203.161.62.205:8082
333333.heun.live
45.76.188.227:8082
45.82.70.104:8082
45.88.186.66:8082
55555.heun.live
58701.tv
62.146.226.39:8082
62.72.46.59:8082
63.250.36.134:8082
77.91.68.164:8082
77.91.78.246:8082
79.137.199.14:8082
80.66.85.142:8082
88.198.83.21:8082
89.23.103.41:8082
89.23.103.79:8082
89.23.113.110:8082
89.23.113.67:8082
91.215.85.186:8082
91.215.85.58:8082
91.92.246.230:8082
91.92.251.79:8082
94.228.162.29:8082
94.228.168.172:8082
aaraclar.com.tr
adminuser.euew3172.live
agdetails.com
alextrucking.com
amendes.fr.webgouv.info
anindacar.com.tr
api.baitianshiyou.fun
api.tokenpocket.wiki
app-ramp.co
app.baitianshiyou.fun
app.maiziqianbao.site
assets.cnsinopecqh.vip
assets.qiluqhapp.vip
baitian.imtoken.fan
baitianshiyou.fun
bank-verification.myddns.com
bolb.wingsofmine.uk
bozkurt.xyz
ca-bnc.com
capital-on.online
clothingyote.shop
cotinga-slaved.vpsrdns.web-hosting.com
cpanel.cad-con-systemplanung.de
cpanel.jayelectrons.com
cpanel.precisionrenovationri.com
cry4now.club
cutoutstyle.com
cvc.ptechconsult.com
ded609.hostwindsdns.com
dl.shop-pro.cn
domainover9999.com
dragonslayer12.com
dsh.mg.qiluqhapp.vip
ebgostahdferee.site
eksevents.org
eu-anytime.com
fatimafoods.co.uk
feelajans.xyz
generatedata.felicity-services.com
git.koenig.software
gram.riseup101.com
h.mcimtn.online
hasanulukaya2312.com.tr
havayoluhatti.net
hodge.produceanimation.com
hook.p3xx.gq
host.ptechconsult.com
hosting.ptechconsult.com
hwsrv-1100652.hostwindsdns.com
index.pornhtxub.com
interface.qiluqhapp.vip
jayelectrons.com
kn1976.com
koenig.software
lhp.honghan.buzz
link.eksevents.org
mail.automoto.tn
mail.kinetic.supplies
mail.ptechconsult.com
mail.rankio.app
maizi.tokenpocket.wiki
maiziqianbao.site
mar.muchdomain999.com
mg.qiluqhapp.vip
mikehp.com
monitoring.rankio.app
msk.arifjan.su
muchdomain228.com
muchdomain333.com
muchdomain444.com
muchdomain999.com
mzqb.tokenpocket.wiki
ordinallswalltes.site
ordinallwallets.site
ordinalswallets.site
ordinalwallets.org
ordinaullswaullet.in
ordinaullswaullet.site
ordlnallswallets.site
picoshot.softether.net
plnest-bank.com
plnestbank.com
prometheus.felicity-services.com
ptechconsult.com
qiluqhapp.vip
rogrscadretrn.net
shop-pro.cn
sms.ptechconsult.com
staging.teg.london
suddenly.riseup101.com
ter.chokolak.mom
testings.ptechconsult.com
tokenpocket.wiki
usagers.antai.webgouv.info
web-anytime.com
web-asb.net
web-auda.city
web-bawag.com
web-bnc.com
web-bpm.com
web-capitalonetap.com
web-divvy.co
web-divvy.com
web-instamed.com
web-pleo.com
web-rainertrankle.online
web-synchrony.com
web-tradingview.com
web-usbank.com
web0-fnb.com
webdevluminor.team
webgouv.info
yhabb.me
yhabd.me
yhabe.me
yhabf.me
yhabh.me
yhabj.me
yharea.me
yhatb.org
yhbase.me
yhbca.org
yhbest.me
yhbth.es
yhdkk.es
yhgame.me
yhgba.me
yhgbi.me
yhgbs.me
yhgbu.me
yhggr.me
yhggt.me
yhggw.me
yhgjae.net
yhgjaq.net
yhgjar.net
yhgjaw.net
yhgjcq.me
yhgjct.me
yhgjcw.me
yhgjgq.me
yhgjgr.me
yhgjgt.me
yhgjxq.net
yhgjxr.net
yhgjxw.net
yhipa.id
yhjje.me
yhjjr.me
yhjjw.me
yhkwn.org
yhltd.biz
yhnas.es
yhqwek.win
yhrest.me
yhrise.me
yhsht.es
yhsse.me
yhssq.me
yhssr.me
yhsst.me
yhssw.me
yhtfd.biz
yhtime.me
zones.one

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2023-12-08)

http://163.5.64.38
163.5.64.38:443
abehimenoyar.xyz
ahhhuu22cxxx.com
baowiiicoonee.com
frekelobasder.com
juzacaver.store
kuulaammbeew1.com
vippivok.top
waaabbuuwwsx.com
/MWUwMTFhNzkwMzg3/
/MWUwMTFhNzkwMzg3/NDkwNTQ0MzA1OWYwadm/
/NDkwNTQ0MzA1OWYwadm/

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2023-12-12)

http://91.92.251.176
91.92.251.176:443
0nty208c2wmzcf6f63lx.xyz
c8qg4aojk3n5s6yg4tsu.xyz
dnyadargelecek.xyz
g560st6hv980v6vyrcji.xyz
thewjajdawieqrqewq.bond
wbvmfu5rncgobzz9v4nf.xyz
wjajdawieqrqewq.cyou
wjajdawieqrqewq.top
wjajdawieqrqewqgroup.monster
wjajdawieqrqewqonline.icu
wm995a146pmd2iedsx84.xyz
yargelecekamanzmn.xyz
/MTI5OGNmYWJkYTU1/
/OGFiYTA3MzU4NGEw/

# Reference: https://hatching.io/blog/triage-insights-ep1/
# Reference: https://tria.ge/231101-1wx7cadf5y
# Reference: https://hatching.io/static/files/octo-banker/all_octo_c2.txt

http://109.206.242.52
http://109.206.242.58
http://15.235.143.105
http://154.61.71.12
http://176.111.174.135
http://176.111.174.151
http://176.111.174.92
http://176.113.115.110
http://176.113.115.64
http://179.43.142.190
http://179.43.142.192
http://179.43.163.122
http://185.122.204.122
http://185.196.8.105
http://185.225.75.47
http://185.252.179.90
http://190.211.255.74
http://190.211.255.75
http://190.211.255.76
http://190.211.255.77
http://190.211.255.78
http://193.42.32.180
http://212.87.204.147
http://213.109.202.154
http://45.66.230.8
http://45.81.39.89
http://45.88.66.9
http://45.9.74.136
http://79.110.49.204
http://79.110.49.49
http://79.110.62.118
http://79.110.62.121
http://83.97.73.144
http://83.97.73.39
http://84.54.50.100
http://87.120.88.90
http://87.120.88.92
http://87.121.221.211
http://87.121.221.49
http://91.92.240.156
http://94.156.253.86
http://94.156.65.133
109.206.242.52:443
109.206.242.58:443
15.235.143.105:443
154.61.71.12:443
176.111.174.135:443
176.111.174.151:443
176.111.174.92:443
176.113.115.110:443
176.113.115.64:443
179.43.142.190:443
179.43.142.192:443
179.43.163.122:443
185.122.204.122:443
185.196.8.105:443
185.225.75.47:443
185.252.179.90:443
190.211.255.74:443
190.211.255.75:443
190.211.255.76:443
190.211.255.77:443
190.211.255.78:443
193.42.32.180:443
212.87.204.147:443
213.109.202.154:443
45.66.230.8:443
45.81.39.89:443
45.88.66.9:443
45.9.74.136:443
79.110.49.204:443
79.110.49.49:443
79.110.62.118:443
79.110.62.121:443
83.97.73.144:443
83.97.73.39:443
84.54.50.100:443
87.120.88.90:443
87.120.88.92:443
87.121.221.211:443
87.121.221.49:443
91.92.240.156:443
94.156.253.86:443
94.156.65.133:443
0eto0mhk6g7b.top
0n75w55jyk66.pw
11city.net
11fdghhoo1.top
122fdghhoo1.top
123fdghhoo1.top
126fdghhoo1.top
127fdghhoo1.top
128fdghhoo1.top
129fdghhoo1.top
12fdghhoo1.top
12logites432532s.xyz
1323fdghhoo1.top
1326fdghhoo1.top
13fdghhoo1.top
13logites432532s.xyz
13sf6uu6cvlm.la
14logites432532s.xyz
157y0toa2u40.hk
15fdghhoo1.top
15logites432532s.xyz
15yam4acfirarda22.xyz
16logites432532s.xyz
17cvtky2s4rl.site
17fdghhoo1.top
17logites432532s.xyz
17str.com
18logites432532s.xyz
19fdghhoo1.top
19logites432532s.xyz
1azisswravaas.xyz
1fdghhoo1.top
1logites432532s.xyz
1maihotry1.top
1maihotry10.top
1maihotry11.top
1maihotry12.top
1maihotry13.top
1maihotry14.top
1maihotry15.top
1maihotry16.top
1maihotry17.top
1maihotry18.top
1maihotry19.top
1maihotry20.top
1maihotry3.top
1maihotry4.top
1maihotry5.top
1maihotry6.top
1maihotry7.top
1maihotry8.top
1maihotry9.top
1o1al.com
1o1al.net
1otal.net
20hffqm13hac.top
20logites432532s.xyz
211fdghhoo1.top
21logites432532s.xyz
21tr.net
22logites432532s.xyz
2310fdghhoo1.top
2311fdghhoo1.top
236fdghhoo1.top
25yam8acfirarda22.xyz
29p0jb1nyxmt.biz
2azisswravaas.xyz
2logite234s.xyz
2maihotry1.top
2maihotry10.top
2maihotry11.top
2maihotry12.top
2maihotry13.top
2maihotry14.top
2maihotry15.top
2maihotry16.top
2maihotry17.top
2maihotry19.top
2maihotry2.top
2maihotry20.top
2maihotry21.top
2maihotry22.top
2maihotry23.top
2maihotry3.top
2maihotry4.top
2maihotry5.top
2maihotry6.top
2maihotry7.top
2maihotry8.top
2maihotry9.top
31fdghhoo11.com
31fdghhoo11.top
32fdghhoo11.com
32fdghhoo11.top
33fdghhoo11.com
33fdghhoo11.top
34fdghhoo11.com
34fdghhoo11.top
35fdghhoo11.com
35fdghhoo11.top
35y3am4acfirarda22.xyz
36fdghhoo11.com
36fdghhoo11.top
37fdghhoo11.com
37fdghhoo11.top
38fdghhoo11.com
38fdghhoo11.top
39fdghhoo11.com
39fdghhoo11.top
3azisswravaas.xyz
3blz.com
3fdghhoo1.top
3kwcrf3dhfpfui8kcl1a.store
3saygadlolesfolezdoles.net
3ses432532s.xyz
3yamacfirarda22.xyz
40fdghhoo11.com
40fdghhoo11.top
41fdghhoo11.com
41fdghhoo11.top
4232fdnsjds.top
42fdghhoo11.com
42fdghhoo11.top
43fdghhoo11.com
43fdghhoo11.top
44fdghhoo11.com
44fdghhoo11.top
44nsf5suq71ibmajslpd.store
45fdghhoo11.com
45fdghhoo11.top
46fdghhoo11.com
46fdghhoo11.top
47fdghhoo11.com
47fdghhoo11.top
48fdghhoo11.com
48fdghhoo11.top
49fdghhoo11.com
49fdghhoo11.top
4azisswravaas.xyz
4ht227ce29z6.xyz
4jsi8qj3203u.org
4lmmw85977x2.xyz
4n51yg9firr3.site
4ses432532s.xyz
50fdghhoo11.com
50fdghhoo11.top
518tudu7579h.xyz
5a9udxg6l6gd.su
5azisswravaas.xyz
5logit32532s.xyz
5saygadlolesfolezdoles.net
5ses432532s.xyz
5y3am4acfirarda22.xyz
5ya5m8acfirarda22.xyz
5yam4acfirarda22.xyz
5yam7acfirarda22.xyz
5yam8acfirarda22.xyz
63651iz40cio.biz
643y3mrh4m3d.in
66ya5m8acfirarda22.xyz
6azisswravaas.xyz
6dtav5rvnh1q.in
6kd020yb568x.top
6ya5m8acfirarda22.xyz
7f810uirncsx4ewxkzw8.store
7rg3jpn398qap9mh8h5x.store
7ya5m8acfirarda22.xyz
849gyl52kfzf7b1o6gtx.store
8e1jgvo65s9r.online
8logits432532s.xyz
8ya5m8acfirarda22.xyz
95d325bsurjd.top
9833ltvh68bb.cc
99ol9f44xvgo.cn
9city9.com
9r8i1u84t2gp.online
9r8i1u84t2gp1.online
9w28pp996g59.top
9ya5m8acfirarda22.xyz
a1b2c3d4e5f6g7h8i9.ru
a1b2c3d4e5f6g7h8i9.xyz
a4ca15da511d151x.info
a87rvat46c50.com
abas34hkipolot.top
abashkinokabashkinok.top
abehimenoyar.net
abgggpoh.com
abgggpoh.top
abicidasdwee.com
aciktim223432516.xyz
acizac12141.xyz
acizac1322343.xyz
acsmartio.tech
adeterolitorlher.com
adigeaujuv9012.live
adstyleelelelele232133.com
adstyleelelelele23232.com
afcigferscne.net
ahs8a4mz8ehq.online
aiusdgkajhsgdjkhas.online
akjshdkajhskdjsa.online
alimavij72.vip
alivajunkinnb.vip
allahkitapads1940.xyz
alldnsfastcheck.xyz
amadocarillofuentes.ignorelist.com
amarastrmss.com
amarastsmss.com
amarastsmss.org
anayinamiusom.xyz
apppro.live
artemisbungalovsapanca.net
arw2he7x57wp.pw
arw2he7x57wp1.pw
asdhasdasd.net
asdkjaskdjsakdjkajsakd.hk
asqwnbvb.shop
astdgad.homes
astdgad.info
asuidhasiudhaisuh.xyz
asytdfaystfdaystfda.site
atysgkjasjkdhasudoahs.in.net
auvpciyhgjeo.su
avagroup2.net
avryujtrghrwe5tg.online
aysdgafas.com
aytenteyzenolez.net
azisswrav44as2.xyz
azisswrava333as2.xyz
azisswravaas.xyz
azisswravaas1.xyz
azisswravaas2.xyz
azisswravaas34.xyz
azisswravaas5.xyz
b1nkikaza12kinv21.live
babacimmnagdfgdun.com
bagequu.shop
barabashkinok.top
bdobolizefangyta.net
bed-car-top-car.com
benjaminfried.crabdance.com
bentosmentos.space
beresihbtgrsewtr.info
berg56gbfryyrerfg.top
berionderhimefiger.com
bestjunggvbvqq.com
bestkrokodilas.com
bestproapp.pro
bestscanworldip.xyz
bfrewyihrfgfgfgwer.site
big-tree-ilusion.com
birakyakamiorsupuogluusom312.xyz
biribizidurdursunn3.com
biribizidurdursunn4.com
biribizidurdursunn5.com
blessedik591.info
bleu-teddy.com
blue-deargreezley.com
bntvntosos.shop
bokicookies15ba.info
boodycookies41.info
borklfofj.top
botbokhj.top
brian-tallman.twilightparadox.com
bublegublefound.co.uk
bufalo-store.com
bugutar.ru
bugutar.store
bugutars.online
bumbegringosee.xyz
bunaseiranahui.top
bunny-pink-love.com
buzlokolmactuocxa.com
cafetariasengers.site
camerahomex1a.live
camerahomexalfaxx.site
cantationnatationclass1.net
cantationnatationclass2.net
cantationnatationclass3.net
cantationnatationclass4.net
cantationnatationclass5.net
caramiliudj16.live
cashflow919191.xyz
caybrozfolekesesneye.net
cciforenirinuteret.com
ccnfddbvb.pics
certbreugeanagbierty.com
checkdoubledns.xyz
checkfastalldns.xyz
chroww.top
ciwebrrrewgrwge.top
cleverk21da912mca.live
cm603lzeyxdw.biz
cm603lzeyxdw.site
cm603lzeyxdw.space
cm603lzeyxdw1.site
cnajomoredgac.pro
commprsine.xyz
cookiliakc15.live
covysya.top
cqaeot3kis7rjf8apiuf.store
creg67jhyutjyutrtg.xyz
cyclohexylamine.top
dancelumn991dc.top
daniel.osborne.chickenkiller.com
danielprime-robotics.com
dddcaiasnfaf.xyz
decilaxcvz.life
dejunggdejpopopoungg.com
dejunggdejpopopounggq.com
dejunggdejungg.com
dejunggdejunggww.com
dejunggdejunyyyyygg.com
dejunggdejunyyyyyggq.com
dfgrewqfewhg.top
dfisndersinc.com
dfterh7567hjj6756.top
dhbtlbpkmu.top
dhwjzxkcmcwn.net
djnofutrhwgrgrrte4.xyz
djrvpjanpxtv.cc
dnscheckdouble.xyz
dnsfastcheckall.xyz
domforpro.online
double-bubble-gum.com
double-history.com
doublecheckdns.xyz
dvapo05.top
eendfbvb.sbs
efrewty54trew.online
eftreuihjtrgre8r4fr.online
ejomejoworking.com
ekmeka2fasek.com
encgrcwfjntq.online
epi2nciifirarda227.xyz
epi3nciifirarda27.xyz
epi5nciifirarda237.xyz
epinciifirarda227.xyz
epinciifirarda237.xyz
epinciifirarda27.xyz
epinciispesinde227.xyz
erhjolitorler.co.uk
eses432532s.xyz
excommunicative.cc
f2kic1nam25n81k.cc
f465eb6f7rlkn0rsccj2.store
falanemienadeforum.org
fastdnsallcheck.xyz
fbpxbqebmqto.info
fcercvv7erwcvnrew.site
fexohii.top
ffrewiuhfgw54rewf.site
fhuioerrwfffwsfssdoemrrerensb.co
fhuiooedjefjheeffemensb.info
fjfrowiryhnrfnrwer.online
flutera.bond
fmnieuhftrewy86rtgfwe.xyz
fmri3i4567ng.biz
forumdeferask.org
forummostofmudean.net
free-tree-loop.com
fsydjfwxxazz.top
fujetue.shop
g1h2i3j4k5l6m7n8o9.ru
g1h2i3j4k5l6m7n8o9.xyz
gabriela.saunders.crabdance.com
gebasao.shop
germanisoppinionsi.com
germanisoppinionsi.net
germanisoppinionsi.xyz
germanisoppinionzani.com
germanisoppinionzani.net
germanisoppinionzani.xyz
gerp-pat.info
ghasvyashvas.com
ghost2324112.xyz
ghost232412312.xyz
ghost232412512.xyz
ghost232412512312.xyz
ghost23241312.xyz
giorginaliaror.co.uk
godcaiasnffsa2.xyz
goedthom.me
gold-host22.org
goleugeanagierty.com
golevasi800.top
golovnka33.top
grihhkhkhrggrerg.cloud
grihhkhkhrggrerg.online
grihhkhkhrggrerg.pro
grpweufnh734bfr3.online
gyewuqghvsvx.com
hallaoppocamera109.online
hasancnpo13.com
hasancnpo1741.com
hasancnpo178.com
hasancnpo1986.com
hasancnpo33.com
hasiduasiudhas.fun
hastperstians.space
hduuooasdj.website
helloejoworkstoop.com
hferyjr6456tgfgr.site
hfwe5tgtrgtre5.top
hhypophy.games
hikujnja251pols.pro
hilliloo.games
hilyphotoph.games
hippolit.games
holaolabien.top
honeuyseebadg.live
hotdogland.tech
houilles.info
icbm5s5oj028.xyz
idneliptionsflow.co.uk
idriskocovali147.net
idriskocovali1784.net
idriskocovali1900.net
idriskocovali258.net
idriskocovali9651.net
ieuzqomcdodp.site
ihfwiohefwhiwririhererf.fun
ihfwiohefwhiwririhererf.pro
ihfwiohefwhiwririhererf.store
ijectaeres.online
ijectaeres.site
ikranjsfyu.space
illuminatiosfilters.net
inat-protv-box.net.tr
industrial-soft32.com
ioninutility.games
j1k2l3m4n5o6p7q8r9.ru
j1k2l3m4n5o6p7q8r9.xyz
james-beekman.jumpingcrab.com
japarabax64789.pw
jatep-raw.net
jerkenates225.site
jery2helly4now.site
jerymylocationas.com
jiekkskd7ue7ujeew.shop
jikugac818v.vip
jimevizerio.net
jin-tonik-boom.com
jjxuqacupqneeebynrqj.store
joaquinguzmanloera.jumpingcrab.com
joledibensed.net
jolefrerufr445l.xyz
jombacamerayunmo99.online
jrfewi743hfknewsar.site
jrqwe54t54fwererererftgr.xyz
jszkcuguncrw.info
juf18ki1ca15ca1la.info
junggvbvqqnet.com
junggvbvqqnews.com
junggvbvqqnewsww.com
junggvbvqqqqqq.com
jungjungju.com
jutyhsnbuaihahaj.pw
juxtaglomerular.hk
juxtaglomerular.net
jxmnxnghbobs.ru
jyjodia.shop
k1l2m3n4o5p6q7r8.ru
k1l2m3n4o5p6q7r8.xyz
kalpazanlan101.xyz
kalpazanlan102.xyz
kalpazanlan103.xyz
kalpazanlan104.xyz
kalpazanlan105.xyz
kalpazanlan106.xyz
kalpazanlan107.xyz
kalpazanlan108.xyz
kalpazanlan109.xyz
kalsakink.net
kankalarasybragel.net
keekhomexavas.online
keplistensan.site
keripocjatina11.info
kirwenbrce7rhefrqwf.top
kj32gkj32g3k2g32k.net
kjhxckjskcjsnckd.online
kopenhard.host
kopenhardm.fun
ktrewrtytwe5gtr.online
kyxuhoe.top
lajunggvbvqq.com
lajungpopo.net
lanuheu.shop
laskerbanys.kz
laspalmasnow99012.in
laural-plath.chickenkiller.com
lauytropopo.net
lehoetrb6j1h6.online
licaseteinforum.com
lid6ve6v2a7tf3s7looa.store
lipolytarystone.com
lithophyllith.games
lkei7hferhryrerffre.xyz
llintuit.games
logit32532s.xyz
logite234s.xyz
logites432532s.xyz
logits432532s.xyz
ltreyr6tgherty6.xyz
m1n2o3p4q5r6s7t8.ru
m1n2o3p4q5r6s7t8.xyz
m4ll06dsb0bxom5h4njy.store
majestike8ca.top
makivn58jnid51.live
manyolifer.cc
marmont.site
marmonth.space
marulkactuocxa.com
maysdubasuidansoda.buzz
maza5rra11vti251mca.info
menetory4gert.xyz
metamaok.co
metamaok.info
mferwuhbnwernfutrwr4f.top
mileogenator.com
mkamskamkma.pw
mkasmkamskams.tech
mklqwmdkqmwdkqwoodqw.tech
mushbayong3.info
musherpicka.live
myhtery54y56eyy6.site
myxakoa.top
nbervbwe.monster
nbrtvbsd.mom
nbvbvber.makeup
nbvmnbbn.lol
nbvvvb.hair
ndsihbtgrsewtr.info
newdnsfastcheck.xyz
nfrweiygwiqeu4f54.site
nggvbvqq.com
nggvbvqqdfdsfs.com
nggvbvqqdfdsfsq.com
nggvbvqqopoo.com
nggvbvqqopooq.com
nggvbvqqwq.com
nillionp.games
nisiqia.top
nisiqniqqsiq.com
nisiqnisiq.top
nobodysgonnanow.pw
nonillionth.games
nonkapizza.top
nterospbnvdos.site
nterospbnvdosss.top
nterospusios.shop
ntospoos.cc
ntospusios.top
ny56ghytr34u67r5.online
nytbvb.one
o1p2q3r4s5t6u7v8w9.ru
o1p2q3r4s5t6u7v8w9.xyz
o3c31x4fqdw2.lt
oadoaqadgdft.site
ofrewubiwertwerwfg54f.online
omunicateredindly.net
onypolyphyll.games
optimusprimestar890.site
otintlithoto.games
otreuietryu75466y.top
oylg4z486xv4.info
ozdoro.store
pabloemilioescobargaviria.chickenkiller.com
pakunatationclass.com
pakunatationclass.xyz
pakunatationview.com
pakunatationview.net
pakunatationview.xyz
pakuxxxnatationclass.net
pakuxxxnatationclass2.net
pakuxxxnatationclass3.net
pakuxxxnatationclass4.net
pakuxxxnatationclass5.net
pakuxxxnatationclass6.net
papilinovkia10.live
papricasfla.bio
parakazaniyozamcik323232123.xyz
parlamentkisa778899.xyz
passajire555.live
percys81kcac.info
perlmp.com
petap-pra.com
pferwiby4frewrf.xyz
pfn4w2fgh5bwgterwtre.top
pica-chupachups-ok.com
pkasjjfoosa.host
pnasfbvubafs.com
poewjehfbwery47fr.top
pofvac15camkkecz5.cc
pokolobnvdos.site
pryma4racks.com
pubegoa.top
qgftert54ttgrgt.online
qitocea.top
qqnnffbvb.space
quhrnry75hngtrwrt.online
quinquagenarian.xyz
qutwdgtqwduqtgquwtd.fun
quwfqcgszcsahqjsa.com
quwfqcsatwtwhqjsa.com
quwfqcsqweuahqjsa.com
quwfqcyfyrysahqjsa.com
quwfqpmcjxcsahqjsa.com
quwfqpqpwcsahqjsa.com
quwfqqqqqcsahqjsa.com
quwfqvvxcsahqjsa.com
quwfqwqwqcsahqjsa.com
quwfqxzcsahqjsa.com
qwiueuiqweyiuqwy.co.uk
qwnnnbvb.skin
r5tg0d6344nr.cc
r85d4kbe5729.vip
reservop.top
resolve4consumer.info
restore-center.org
rightejostartwork.com
rihrhkrkhwrjr.art
rihrhkrkhwrjr.wiki
rrwrrgretgewgrjr.pro
rrwrrgretgewgrjr.site
rrwrrgretgewgrjr.us
rrwterhyt84hfgerg.top
rtrtrastratrstarstra.site
rugypie.shop
rugypie.top
rwjfgf.xyz
s1t2u3v4w5x6y7z8.ru
s1t2u3v4w5x6y7z8.xyz
s9rls3pp86p6.cc
sa2ygadlolesfolezdoles.net
sagefacturacion.pro
saldirmoruk4ss22..net
saldirmoruk4ss22.net
saldirmoruk7ss22..net
saldirmoruk7ss22.net
saldirmoruks6s22..net
saldirmoruks6s22.net
saldirmoruks8s22..net
saldirmoruks8s22.net
saldirmoruksas282..net
saldirmoruksas282.net
saldirmorukss122..net
saldirmorukss122.net
saldirmorukss222..net
saldirmorukss222.net
saldirmorukss2322..net
saldirmorukss2322.net
saygadlolesfolezdoles.net
scanipworldbest.xyz
scisncassine.xyz
sdxasd2.top
se7pn.digital
sfhasgiasasgh.com
sgrt8ngtretghby.site
shefcameradeactivedx909.online
shopjunggvbvqq.com
siktimarabiverdimyaragi1231.xyz
silo1chopbox.xyz
simba1.sg
siptralosxi13.xyz
skyclouds.space
slaevukrne12.xyz
slaevukrne123.xyz
slaevukrne132.xyz
smaslijuniorless.net
smasliseniorless.com
smasliseniorless.net
smasliseniorless.xyz
smoorfikimv.pro
spaceopensta.online
spaceopenstar.tech
startworkejostop.com
stijnjoeyak.world
strmstrmbabas.com
superjunggvbvqq.com
superjunggvbvqqww.com
sybracehennemevip.com
sybracenneti.com
sybrhesdiyari.com
sybrsatatdiyari.com
testingejosystem.com
thebestkrokodilas.net
thomas116.website
thophotop.games
tislasminastonkinles.com
tislasminastonkinles.net
tislasminastonkinles.xyz
tnentob.pro
tnourvt87hnrtereg.online
tokenpackot.co
topfexgg.top
trattotarakoniconti.com
trattotarakoniconti.net
trattotarakoniconti.xyz
trattotarakoniyse.com
trattotarakoniyse.net
trattotarakoniyse.xyz
tv1ed54je1ws.cc
typhotoli.games
u1v2w3x4y5z6a7b8.ru
u1v2w3x4y5z6a7b8.xyz
uatsfdtasfytdafsytads.in.net
ufgert7ghwtgwe56yv6.top
ufpyyrumrmdq.top
uhiuhuhiuhiuhiuhiuhihu.hk
uierfiyurqfhbqyqr.xyz
ujsayhhfsakl.fun
ulrichschreiber.chickenkiller.com
undervistersan3.site
v1w2x3y4z5a6b7c8d9.ru
v1w2x3y4z5a6b7c8d9.xyz
varibou.top
varibovarib.top
varibovaribo.top
varibovavaribova.top
vbfdnbvb.online
venndzy75hjeklr.top
ventosbentos.shop
ventosbentosas.live
vftg54gtdhrt67465gr4w.online
vhrfe87jejdw7e.store
vnajgumonculeag.info
vntososupplsos.live
vukytou.top
wanrflitrnvn.asia
wawoqii.shop
waytoupio.click
wevmuty56gbfdg.xyz
wfrewst5y634e5tgw.top
wqurhnqwer7fhqrrqe.online
wwereffnbvb.store
x1y2z3a4b5c6d7e8f9.ru
x1y2z3a4b5c6d7e8f9.xyz
xavidicasa.org
xavidifenda.com
xavimaestra.info
xeligna.site
xgbcasueahqz.tw
xijunao.shop
xivadoivxa.info
xoboxii.shop
xsh60v8222sg.top
xvrtye5464fser.site
xxfdnbvb.quest
xxxlemontenseinside.com
xxxlemontenseinside.net
xxxlemontenseinside.xyz
y3macreklam232.net
y4macreklam232.net
y5macreklam232.net
y7macreklam232.net
y7x5f9cnv9ex.pro
y8macreklam232.net
yagsdfgyuqweqw.com
yamacfirarda22.xyz
yamacreklam232.net
yamass1112425ds.xyz
yamass16112425ds.xyz
yamass2432425ds.xyz
yamass3112425ds.xyz
yamass33132425ds.xyz
yamass3432425ds.xyz
yamass5112425ds.xyz
yeniyeni111.net
yeniyeni112.net
yeniyeni113.net
yjf241z0uu75.info
ylithotypyno.games
ypolyptoton.games
yqywywwyfcscv.com
ysysyssvxwwfqs.top
yuafsdyfasufdays.lol
yuagwduygasuydas.xyz
yupinytr.pw
yupinytro.pw
zaglefolki1.info
zasbasbasfisa7.xyz
zasbasbasfisa79.xyz
zasbasbasfisa84.xyz
zazarazgok7215vor1.pro
zebra1.xyz
zebra2.website
zebra3.store
zeqexyu.shop
zgtryh54g4twe56456y.com
/M2EyOTM2M2FlY2My/
/M2I2NGMzMzk4YzM0/
/M2I4YjgxZDUwZjU2/
/M2ZhZjE4YjBhZWU4/
/MDQ4Yzc4NTJkYTg4/
/MDRlNWVhZDUxYWIw/
/MDViMDU3NDYwMTBm/
/MGM2YzAzZGJlZTQz/
/MTBiYTAyMTk0NzJj/
/MWMxNzg0YzJjZTVh/
/MmFhOTk1NjFjYzM1/
/MmMxZTM2NWEyYzNj/
/N2RiZjBhY2YzMWUx/
/N2Y5ZmU3OTI5ZDky/
/NSo5rJixZDUwZOb2/
/NTIwZmU2YzM0ZjU1/
/NWY5ZThlNDU5OGE3/
/NjBlZDY2MGMxZWVi/
/Njk4Zjk4YjdjODY3/
/NmE0MWZmM2UyZTZh/
/NmFkZTc4YWM3ZTk2/
/NmYwNjYyZjEyMDVm/
/ODJlMTFhNzAxYjFi/
/OGE5NjljOTM5YWI3/
/OGYyZmMyZmVlMGI0/
/OTRkNGFmNjQxZmI3/
/OThkMWQ3YzE0NTM2/
/OWUyYzIyNzhjMjk4/
/OWY2ZmE5ODEyYTA3/
/Y2JmMWNmNGVkNWI3/
/Y2MzZTdiZGRiZjg0/
/Y2NlMmYyMmYwMGI5/
/YTFiYmViNzA3YjMz/
/YTYxNjljZDI1YzFh/
/YTc2ODI2ZmU4NWFi/
/YTgxOTM0YjhjMmQ2/
/YjJjM2M0NDc4ZjBj/
/YjcyMWYzZjc5OTUy/
/YjdhYzNmMDUxOGQ1/
/YzQyNjFlZjE1ODVm/
/ZDNkMTgyOGNhNDdh/
/ZTE1NWI1YmEzYjZi/
/ZTI4OTU5ZjRjYWQ2/
/ZTIyNTVmMmE1NzNl/
/ZjI0NGY5MTMzMDhk/
/ZjJhMmQxZWM4YTA4/
/ZjU3NWNhYzE5Mzhm/
/ZmEwY2ZmZWYzN2Mw/
/m2i2ngmzmzk4yzm0/
/mtq4mmuxodbhmtvi/
/njk4zjk4yjdjody3/
/puap9udshc2ZmZjMmUzMghst/
/ytyxnjljzdi1yzfh/

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2023-12-17)

http://163.5.169.22
http://163.5.169.35
http://163.5.210.86
http://194.33.191.62
http://91.92.242.222
163.5.169.22:443
163.5.169.35:443
163.5.210.86:43
185.192.246.251:443
185.196.9.197:443
185.225.75.19:443
185.225.75.207:443
194.33.191.201:443
194.33.191.41:443
194.33.191.62:443
91.92.242.222:443
91.92.244.72:443
91.92.244.80:443
94.156.65.160:443
94.156.68.231:443
94.156.68.232:443
94.156.68.233:443
94.156.68.234:443
6r0yncqzffklht1.com
akksdkmmfsak2.net
archevlasmenes8.xyz
azadkasilasaucunbra.com
azadkasilasaucunbra.net
azadkasilasaucunbra.site
azadkasilasaucunbra.xyz
bountyhlsena45.xyz
cccpakunataslasclass2.net
cccpakunataslasclass3.net
cccpakunataslasclass4.net
cccpakunataslasclass5.net
cccpakunataslasclass6.net
condeansleksmsnf87.xyz
fjasodfjmoas32.net
fujetgue.shop
fujevvvtgue.com
i7s67moz66xl1zz.com
macavalaesl485.xyz
movlysanems296.xyz
qppwefpeqwpepap25.net
qwojqkwefpok324.net
sabgggsabggg.top
sabgggsabgggsabggg.top
senliksizmakek.net
senliksizmakek62.net
tenchroouslam248.xyz
vanced.xyz
vilnodumci.top
xijunggao.com
xssjtuc2ncu8xx1.com
/NzFjMDI3MjVkNzdi/
/Nzg1YTc1N2RlNWQ4/
/Y2M5MmRhMWMwODg3/
/YzFmMjgxNDFkNDE0/

# Reference: https://twitter.com/h_krobot/status/1737145362102567122
# Reference: https://www.virustotal.com/gui/file/e2210cdfd0acfa3072073eac1867e7d3075b15e684cadddd138c30c8bc39f1e3/detection

193.233.254.80:8080

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2023-12-22)

http://112.213.97.151
http://113.30.191.25
http://139.162.128.215
http://142.171.66.98
http://143.198.109.200
http://149.115.225.24
http://149.115.225.35
http://149.115.225.38
http://154.9.29.45
http://154.9.29.46
http://154.9.29.85
http://157.230.101.205
http://158.160.64.192
http://161.97.107.72
http://163.5.169.32
http://163.5.64.105
http://163.5.64.106
http://163.5.64.45
http://163.5.64.88
http://163.5.64.90
http://178.236.246.142
http://18.141.202.110
http://185.250.210.36
http://188.120.234.10
http://193.233.254.44
http://193.233.255.121
http://193.42.33.102
http://194.233.75.102
http://194.33.191.105
http://194.33.191.199
http://194.87.31.108
http://195.2.85.14
http://20.121.44.156
http://20.163.24.200
http://203.23.128.78
http://207.180.224.118
http://37.49.228.68
http://38.242.150.72
http://38.54.96.204
http://38.6.187.146
http://45.147.248.240
http://45.150.65.142
http://46.28.44.28
http://5.182.86.93
http://5.35.99.214
http://51.250.100.208
http://77.246.97.192
http://85.209.176.55
http://91.215.85.133
http://91.92.248.89
http://91.92.253.185
amzlogin.fr
avalexmebel.ru
bancsabadell-info.com
blackmeti.sbs
citrusclaim.com
cpanel.alextrucking.com
elofffssamoilov2.fvds.ru
es-bancsabadell.com
es-bankinter-info.com
es-evobanco-app.com
es-evobanco-info.com
es-info-bancamarch.com
ftp.smssound.ru
hbotpanel.com
journalofasianmartialarts.com
my-parcel-tracking.org
nanglucso.hcmute.edu.vn
nerdmining.xyz
obszarabonencki.com
openai.ln.cn
panel.blackmeti.sbs
peace.rbear.ir
postal2.crispoltd.com
rb-n-clk.org
rb-vc.online
rb-vc.org
ruralvia-dispositivo.com
sendung-verfolgen.net
smssound.ru
telegramuser.servehttp.com
verfolgen-sendung.net
vm4792021.52ssd.had.wf
web-bancsabadell.com
webmail.alextrucking.com
webmail.fatimafoods.co.uk
webmail.precisionrenovationri.com

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Smishing/octopanel.txt
# Reference: https://twitter.com/ViriBack/status/1736503258326196314

http://91.92.254.42
octopanel.xyz
api.octopanel.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2023-12-24)

163.5.210.86:443
194.26.135.67:443
62.122.184.165:443
91.92.254.42:443
blackeuro.com.tr
denerinselektirik.com.tr
karadajanskal.com
karamelsepetikanas.com
milosrcrdos1821klmas.com
milosrcrdos1821klmas.net
milosrcrdos1821klmas.site
milosrcrdos1822klmas.com
milosrcrdos1822klmas.net
milosrcrdos1822klmas.site
sybracms12.com
sybracmsas112.com
sybracmsd412.com
sybracmssf512.com
sybracmsytu612.com
topchanov.live
/OGQyMDU0MzE1MWJj/
/OTJkNTAyZDI5Y2Ux/
/SBJjZWU1Y2UxAsH1/

# Reference: https://twitter.com/h_krobot/status/1740021575720820990
# Reference: https://www.virustotal.com/gui/file/0a2f1bdec6df99d0de397ffdd63f1c89341b7bd53fa4dd5868e567109fdd507f/detection

62.204.41.35:7117
62.204.41.35:8080
cuecbafftqqdsmqs.xyz
hgxxfucdlxpzkvtk.xyz
hiprkxfvgooeyxmp.ru
hvezqzgesxvpqnmb.xyz
hwncatajklhbnoji.ru
npqlhmykersomuxr.xyz
nvbspnzllxxbwkoq.xyz
obvahufupjjwrkue.ru
qyfqpmnwrxvbidca.xyz
rasajxrgmkmiewdy.xyz
slqypioqnivnxmyl.xyz
tgcawlvunvrtlvzc.xyz
tnhlpipvrgcwvxmg.xyz
trkkpxjzglxoqtrk.xyz
udsnzbsapojsatwd.xyz
vjeddqneqfnmboza.xyz
vsbdgzwnlbwcpjsh.ru
weqllbanibibfuhr.ru
ytpirnvlvesarskw.xyz
zaavfrpfhofmccvd.xyz

# Reference: https://threatfox.abuse.ch/browse/tag/Copper/

http://62.204.41.35
62.204.41.35:443

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2024-01-01)

http://102.37.219.190
http://130.51.21.247
http://146.19.247.239
http://146.190.144.131
http://176.123.168.62
http://185.146.157.147
http://194.87.31.42
http://194.87.71.41
http://20.102.111.125
http://20.11.200.213
http://206.189.204.202
http://212.224.93.252
http://38.54.94.129
http://5.42.92.164
http://65.21.87.123
http://82.146.54.42
http://82.146.63.254
http://87.121.87.53
http://91.107.125.247
http://91.107.127.201
http://91.109.178.9
http://91.217.177.121
http://91.92.241.133
http://91.92.244.38
http://91.92.246.71
http://91.92.248.249
http://91.92.249.6
http://91.92.251.115
http://91.92.254.119
http://91.92.254.200
http://91.92.254.55
18.141.3.52:82
1800747-vm37545.twc1.net
472-track.net
aaaaaaa.linx.contact
abonnement-ferroviaire.com
astramedplus1.fvds.ru
c-paketverfolgung.com
cpanel.agdetails.com
cpanel.fatimafoods.co.uk
db.harmlesskouprey-f4f67ad9.swizzle-test.com
ded959.hostwindsdns.com
e-paketverfolgung.com
es-bancsabadell-info.com
es-ruralvia-info.com
mailer.expandtrack.com
o-sendungsverfolgung.net
pedaret.fun
plsxclaim.com
to2express.com
vmi1510385.contaboserver.net

# Reference: https://threatfox.abuse.ch/browse/tag/Copper/ (# 2024-01-03)

bigscreenthrills.org
canna-oil.org
conferencecenters.org
duckfoundation.org
farmbilllawenterprise.org
foodpantrybestpractices.org
handsofgodfoundation.org
hypocrisync.org
jmccarth.net
levellivingfield.org
mynd5.com
ritestowritemyword.org
seismicsisterhood.org
team-speak.r2283.com

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2024-01-06)

http://176.113.115.188
http://194.26.135.29
http://194.33.191.206
http://194.33.191.34
http://2.57.149.175
http://62.233.50.113
http://83.97.73.246
http://85.209.176.160
http://85.209.176.190
http://91.92.242.212
176.113.115.188:443
194.33.191.206:443
62.233.50.113:443
83.97.73.246:443
85.209.176.160:443
85.209.176.190:443
91.92.242.212:443
alinmamisd0main1.net
alinmamisd0main2.net
babawwe2aa.com
bapasagkk33.ru
c2c2adfff.com
cccd1xzaza.com
ccuaayay2.com
cmkalanka1.shop
cmkalankada1.shop
cmkalankahs21.shop
cmkalankakms51.shop
cmkalankasga61.shop
ebwaebaw23xx.com
essmeel1ccc.ru
fexggohii.top
g232ddxda.com
gebasgao.shop
hppynweyreadaddies.com
hppynweyreadaddies.net
hppynweyreadaddies.xyz
hppynweyreadaddies10.net
hppynweyreadaddies10.xyz
hppynweyreadaddies9.com
hppynweyreadaddies9.net
hppynweyreadaddies9.xyz
kinonlisplazmaoplayor.com
kinonlisplazmaoplayor.net
kinonlisplazmaoplayor.site
kinonlisplazmaoplayor.xyz
lilisiaplaksiminailmas.com
lilisiaplaksiminailmas.net
lilisiaplaksiminailmas.site
lilisiaplaksiminailmas.xyz
pasaoglu48abc.ru
potasus000.top
pubeggggoa.top
pubetjokotg.top
pubettttg.top
ruuuajajs122.ru
sabaasbaor.com
verhovuh.top
vittixx2q.com
vukyggtou.top
xex2napggq.com
/Ct93YnSiPAKlQbK2/
/M2I3ZWFjNjNhM2I5/
/MzRlZGFmYzQ5Nzc0/
/NjkxZjRjMjNlYTY4/
/YjI0ZTQxMWI2ZjMw/
/ZjQ5NDRmZmVlNDI4/

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2024-01-16)

http://185.234.216.102
http://31.41.244.41
cinconistanplaskamist1.com
cinconistanplaskamist2.xyz
cinconistanplaskamist3.net
cinconistanplaskamist4.com
cinconistanplaskamist5.xyz
cinconistanplaskamisto.net
cstmsklmnaopstrlmas.com
cstmsklmnaopstrlmas.net
cstmsklmnaopstrlmas.xyz
cstmsklmnaopstrlmasistan.com
cstmsklmnaopstrlmasistan.net
cstmsklmnaopstrlmasistans.com
cstmsklmnaopstrlmasistans.net
cstmsklmnaopstrlmasistans.xyz
/OGI0NGQwMDlmMDUz/
/YTI2NzRkODRkZmM5/

# Reference: https://www.virustotal.com/gui/file/849ec08c5b9b871da364a88d544c42d44c45371f46e73ef7308e6d49a418602b/detection

16fdghhoo11.com
21fdghhoo11.com
23fdghhoo11.com
24fdghhoo11.com
26fdghhoo11.com
28fdghhoo11.com
29fdghhoo11.com

# Reference: https://twitter.com/Threatlabz/status/1603419613135446017
# Reference: https://twitter.com/Threatlabz/status/1617579712062324737
# Reference: https://github.com/threatlabz/iocs/blob/main/android_malware/coper_iocs.txt
# Reference: https://www.virustotal.com/gui/ip-address/62.233.51.32/relations
# Reference: https://www.virustotal.com/gui/file/a9fbd4602aa70cb8801cb34d0891488ca79e07448a9b79087ee9c51e8a40ede7/detection
# Reference: https://www.virustotal.com/gui/file/30ac422dbbec1b8601e0303a37f1f508817ac3987a1363403439ad2f339027cf/detection

10fdghhoo1.top
10fdghhoo11.top
11fdghhoo11.top
124fdghhoo1.top
125fdghhoo1.top
12fdghhoo11.top
1322fdghhoo1.top
1324fdghhoo1.top
1325fdghhoo1.top
1327fdghhoo1.top
1328fdghhoo1.top
1329fdghhoo1.top
13fdghhoo11.top
14fdghhoo1.top
14fdghhoo11.top
15fdghhoo11.top
16fdghhoo1.top
16fdghhoo11.top
17fdghhoo11.top
18fdghhoo1.top
18fdghhoo11.top
19fdghhoo11.top
1fdghhoo11.top
20fdghhoo1.top
20fdghhoo11.top
210fdghhoo1.top
21fdghhoo11.top
220fdghhoo1.top
2320fdghhoo1.top
234fdghhoo1.top
235fdghhoo1.top
237fdghhoo1.top
238fdghhoo1.top
239fdghhoo1.top
23fdghhoo11.top
24fdghhoo11.top
25fdghhoo1.top
25fdghhoo11.top
26fdghhoo1.top
26fdghhoo11.top
27fdghhoo1.top
27fdghhoo11.top
28fdghhoo11.top
29fdghhoo1.top
29fdghhoo11.top
2fdghhoo11.top
30fdghhoo11.top
3fdghhoo11.top
4fdghhoo11.top
5fdghhoo11.top
7fdghhoo11.top
7fdghhoo1.top
8fdghhoo11.top
9fdghhoo11.top
\w+fdghhoo\w+\.top
3countbt.pw
alleggro.pw
btcountates.fun
countnatbt.site
mix3etbt.website
vat-app.su
/YWRhZjAxNGM1YjFh/

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2024-01-23)

185.234.216.102:443
194.26.135.29:443
2.57.149.175:443
31.41.244.41:443

# Generic

/angelkelly/
/balls51/
/CHECKPIECEUNTIL/
/CONTAINSURE/
/crystalknight/
/flexdeonblake/
/jadafire/
/MUCHTHENWERESTO/
/QUESTIONROADFAR/
/sinnamonlove/
