# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: coper, marcher, octo, octo2

# Reference: https://www.virustotal.com/gui/ip-address/176.119.28.74/relations
# Reference: https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html

androidpt01.asia
androidpt02.asia
barberink.biz
bizlikebiz.biz
chudresex.at
chudresex.cc
compoz.at
coupon-online.fr
cpsxz1.at
deereebee.info
dfjdgxm3753u744h.at
divingforpearls.at
dndzh457thdhjk.at
elitbizopa.info
fhfhhhrjtfg3637fgjd.at
filllfoll.biz
i-app1.online
i-app4.online
i-app5.online
inovea-engineering.com
ldfghvcxsadfgr.at
lingerieathome.eu
loupeacara.net
loupeahak.com
memosigla.su
messviiqqq.info
nowayright.biz
olimpogods.at
playgoogle.at
playsstore.mobi
playsstore.net
qqqright.info
rockybalboa.at
sarahtame.at
secure-ingdirect.top
securitybitches1.at
securitybitches3.at
soulreaver.at
ssnoways.info
storegoogle.at
sudopsuedo1.su
sudopsuedo2.su
sudopsuedo3.su
track-google.at
trackgoogle.at
weituweritoiwetzer.at
wellscoastink.biz
wqetwertwertwerxcvbxcv.at

# Reference: https://www.virustotal.com/gui/ip-address/178.132.78.152/relations
# Reference: https://www.virustotal.com/gui/file/7896c69b1cc1cb0f603242a46c65d51a512651e3b51759fb34aeb528f0236498/detection
# Reference: https://www.virustotal.com/gui/file/bcfe7d6066272faa3de00f34c7f15d6c183ed193dd5daca772ff4c97b55d64c5/detection

as44aa11.top
as55aa22.top

# Reference: https://twitter.com/malwrhunterteam/status/1504558610159919114
# Reference: https://www.virustotal.com/gui/ip-address/5.255.102.136/relations
# Reference: https://www.virustotal.com/gui/file/464a7c5c1faefaa0fd7bb11b5211a9b4996b0d8eebd2ba694a9dcca95ffabc59/detection
# Reference: https://www.virustotal.com/gui/file/ded98a60183c59d80524cdd2f104dabdab2342d90fea1abebe2bbf92a7e0f336/detection
# Reference: https://www.virustotal.com/gui/file/fca33888cae8d4e9fd4b2a4bcb80cf894786ce60dc3fd32691f80edef56e5b37/detection

fastconnectcenter.com
fastconnectcenter.hk
/875sakLglasg27pvl/

# Reference: https://threatfabric.com/blogs/octo-new-odf-banking-trojan.html
# Reference: https://www.virustotal.com/gui/file/008ffb2b49c8f7d97ad201290abd93bf3fc0d9246775cbdbf180ba910adc2fce/detection

smartcontractlicense.info
/puap9udshc2zmzjmmuzmghst/

# Reference: https://www.virustotal.com/gui/file/0613b3bf8a152356be696c7a9e66058e68dcde708f2f47241e2e538678d48f5d/detection

equisdeperson.space
personification.top
rigorichbroker.com
/MDI0ODlhNzAxYzg2/

# Reference: https://twitter.com/pmmkowalczyk/status/1493559761593380867
# Reference: https://twitter.com/pmmkowalczyk/status/1493559763266908164

auhr8h3ba.ch
hr81ha8ah.ch
hrauu3aga.ch
j3ha8h1ag.ch
uwhauaua.ch
/MWNhMjI2OTkyNjA3/

# Reference: https://www.virustotal.com/gui/ip-address/176.121.14.164/relations
# Reference: https://www.virustotal.com/gui/file/0480b9e36afe56f9554bad57e0ba65a8df65fdfb821dc69c20be85987614f3b3/detection

8ibaub3bav.com
fuaggggotc.top
guuagwuu.top
hbaruuau3h.top
hgauahhh.com
ifn1h8ag1g.com
ifua88ahahgh.com
ihfagzuuu.net
irha3wzuu.top
jgiauwggg.org
thhausgajk.com
uagggauua.com
uauzustttt.com
utabwbazuu.com
/NiYmQ5YzZlODllzzz/

# Reference: https://www.virustotal.com/gui/ip-address/185.151.147.65/relations
# Reference: https://www.virustotal.com/gui/file/02f43cf67a61bd5c42c33d5196d3962845a28e1e014f23010455e73dd4e240ab/detection

bau3baahh.com
gfhau1hacjj.com
uhnazu3au.top

# Reference: https://twitter.com/B0rys_Grishenko/status/1478341854747889664
# Reference: https://cert.pl/posts/2021/12/aktywacja-aplikacji-iko/ (Polish)
# Reference: https://www.virustotal.com/gui/ip-address/176.107.160.226/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.103.109.45/relations
# Reference: https://www.virustotal.com/gui/ip-address/92.255.110.226/relations
# Reference: https://www.virustotal.com/gui/ip-address/188.227.86.32/relations
# Reference: https://www.virustotal.com/gui/file/5a85777d094c644a962787bfa5d80b2ba47493ca7c276f7406c2b3d83feb30e6/detection

dsfiu133ds52231232fdnsjds.top
dsfiu733ds42231232fdnsjds.top
dsfiu733ds52231232fdnsjds.top
s122231232fdnsjds.top
s222231232fdnsjds.top
s22231232fdnsjds.top
s322231232fdnsjds.top
s32231232fdnsjds.top
s42231232fdnsjds.top
/PArhFzp5sG2sN/

# Reference: https://twitter.com/malwrhunterteam/status/1483173995390382085
# Reference: https://www.virustotal.com/gui/file/115b4ae0009c84c335611cfc2a2a1a06db03fc392a627988bd03592d1a154750/detection
# Reference: https://www.virustotal.com/gui/file/59527801e3cf12749e2471fef6df6693e54e74521e8175beb048eaf60ee21d2d/detection
# Reference: https://www.virustotal.com/gui/file/ecf4d571531d0647a393d5860d168f2ef5b633b70831b05e2a47694fc47bc97a/detection

checkips.xyz
checks.design
fastcheck.digital
ipmonitor.services
servercheck.online
xipxesip.club
xipxesip.design
xipxesip.digital
xipxesip.online
xipxesip.services
xipxesip.xyz
/OWU1NzkwNWVmYmRk/
/sljs1NzkwNWVmYmRsnc/

# Reference: https://www.virustotal.com/gui/file/b5ac07a4252d9c14e877d087ffb416ac8d3995dfe8bf6ea4122d19d1b749c3c3/detection
# Reference: https://www.virustotal.com/gui/file/d111d88d82bc8094283c5ef2daa2d681aef11b89a755538cd0ef1cf3c36987b5/detection

rftgyh.shop
rftgyh.store
rftgyh.xyz
qwaszx.club
qwaszx.digital
qwaszx.site
/X0SDscG9rqz68F/

# Reference: https://twitter.com/cleafylabs/status/1526859118794919936
# Reference: https://www.virustotal.com/gui/ip-address/45.147.96.90/relations
# Reference: https://www.virustotal.com/gui/file/8c5445fd569211c74eec6bad036ccd16a5cc3b4979771b041fc90a79bad6feee/detection

ddhfbhdfbsdbfsdg.top
dfdfdfdgdffjdhbf.org
sdhfsdbfbjhsdhff.com
sjsdfsddjhdjfadff.com
ssgsjhfsdfdsjhd.info
vvjfsdsdghsdghfvffdf.top
/MzYzMzJjZDI5YzYx/

# Reference: https://twitter.com/cleafylabs/status/1526866760879722496

homebyavariridgway.com

# Reference: https://www.virustotal.com/gui/file/eadd9c3e3f7a1c5e008ca157cb850aa72d283f702da2ab4daf0e4af4d926ab3e/detection

goos.pw

# Reference: https://twitter.com/f3d__/status/1537005322065391618

beautyxumeley.com
dfdfdfdgdffjdhbf.org
ssgsjhfsdfdsjhd.info
/ZTYxYWI2NWNmYTA3/

# Reference: https://tria.ge/220613-m1yrsacab9

ahnudsbba.xyz
fabh23zuba.top
fu8hhaadl.com
idai2babd1.xyz
jufhahbhazh.top

# Reference: https://tria.ge/220614-hvhq6agef5

8ibaub3bav.com
hbaruuau3h.top
ifn1h8ag1g.com
ifua88ahahgh.com
irha3wzuu.top
uhnazu3au.top
utabwbazuu.com

# Reference: https://twitter.com/_icebre4ker_/status/1541875987419365377
# Reference: https://twitter.com/ecarlesi/status/1541785629721231362

esappguide.com
forumtasking.net
/MTlkYWQwOTBkNmFi/

# Reference: https://www.virustotal.com/gui/file/e48e7c9b01b8a89b8caa6bfaf84fdf7f735d0fa0271aecc6aa7710766df9946d/detection
# Reference: https://www.virustotal.com/gui/file/423cf942b83f38244b6f74d4770056ec66e699e748d66613cd7cb0875036202a/detection
# Reference: https://www.virustotal.com/gui/file/2b3b7c6af707f69b7d3259e829b02b746a949720a3542519f9327d3b071d0cbe/detection
# Reference: https://www.virustotal.com/gui/file/1b3d36c1789c0fc70ae36d70ce8fabfdc54a09a9c5bdf900bcdebd778f7c4f14/detection
# Reference: https://www.virustotal.com/gui/file/13a284a55c6f5ad2c5212cf47510469994b8197c80b3f620f97b4fb716add1bb/detection

albiworkman7583.top
antonwright456.top
elodiecope88968.top
finndalby0.top
karenbarber56543.top
malaikaduggan890.top
miltonchambers72.top
naziawills5523.top
onurrobinson333.top
sabihaplummer80.top
sidesquivel124.top
teaganwhitaker6437.top
zayaanpaine23.top
/ODIzY2ZmOWM4MTY2/

# Reference: https://www.virustotal.com/gui/ip-address/185.238.170.201/relations
# Reference: https://www.virustotal.com/gui/file/e4252d0a21372e9d39385be7bd2fc04c77f42fc5dd803ef82340364044452266/detection
# Reference: https://www.virustotal.com/gui/file/183bd85d061fa509ff9f732dd01b358ce00297fb0ddf6d5e43ab9b4ab36bb6d5/detection

analysisdnsdata.website
checkdns.club
checkdns.design
checkdns.digital
checkdns.services
checkdns.shop
checkdnsplus.site
checkdnsplus.space
dnscheck.club
dnscheck.design
fastcheckdns.shop
fastcheckdns.xyz
/NmE0N2YwOWEzMTM3/

# Reference: https://twitter.com/malwrhunterteam/status/1611068887033909261
# Reference: https://www.virustotal.com/gui/ip-address/62.204.41.203/relations
# Reference: https://www.virustotal.com/gui/file/c11907662ce44c176f1d75646e113e89b271fb2b33cc968c8e2e7543cae82938/detection

analysisdnsdata.site
analysisdnsdata.space
bestipscanworld.xyz
bestscanipworld.xyz
bestworldipscan.xyz
checkserversippool.xyz
doublednscheck.xyz
ipbestscanworld.xyz
ipcheckserverspool.xyz
ipscanbestworld.xyz
ipscanworldbest.xyz
ipworldscanbest.xyz
plusdnscheck.site
plusdnscheck.space
plusdnscheck.website
plusdnscheck.xyz
poolcheckipservers.xyz
poollipceckservers.xyz
poolserverisippool.xyz
scanbestipworld.xyz
scanipbestworld.xyz
scanworldbestip.xyz
scanworldipbest.xyz
serverscheckippool.xyz
serversippoolcheck.xyz
serverspoolcheckip.xyz
worldipbestscan.xyz

# Reference: https://github.com/threatlabz/iocs/blob/main/android_malware/coper_iocs_20230427.txt

bestipworldscan.xyz
bestworldscanip.xyz
ipworldbestscan.xyz
scanbestworldip.xyz
worldbestipscan.xyz
worldbestscanip.xyz
worldscanbestip.xyz
worldscanipbest.xyz

# Reference: https://github.com/threatlabz/iocs/blob/main/android_malware/coper_iocs_20230817.txt

newfastcheckdns.xyz
newfastdnscheck.xyz

# Reference: https://www.virustotal.com/gui/file/01edc46fab5a847895365fb4a61507e6ca955e97f5285194b5ec60ee80daa17c/detection

smartcontractlicensenow.info
smartcontractlicensetodo.info
smartcontractlicensewow.info

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2023-11-10)

http://185.192.246.251
http://185.196.9.197
http://194.33.191.201
http://194.33.191.41
http://91.92.244.72
http://91.92.251.4
http://94.156.65.160
http://94.156.68.231
http://94.156.68.232
http://94.156.68.233
http://94.156.68.234
abiciisswwee.com
abisdumore.com
adetero6orlher.com
aganimsharse671x.live
babacimmnapiyosun.com
barbriki76782.info
beresihbtgrs5ewtr.info
berionderh6figer.com
bobnoopo.org
bobnoopopo.org
bonjoorvipacz.pro
bukkub.top
businessocto.com.tr
certbreu45nagbierty.com
chrownna.top
discount44today.online
easyforpro901002.pro
ekmeka232kmek.com
gokilllahhhh.top
jnukikmna5125.live
junggpervbvqqqqqq.com
junggpervbvqqqqqqpo.com
junggvbvq.top
junggvbvq5656.top
junggvbvqqgroup.com
junggvbvqqgrouppo.com
junggvbvqqnetok.com
junggvbvqqnetokpo.com
junggvrebvqq.org
junggvrebvqqpo.org
jungjunjunggvbvq.top
kijuolobtreshu31.pro
lauytropo.net
loliternakond.com
mmma7811play.com
mmma7811play.net
mmma7811play.xyz
mmma8291play.com
mmma8291play.net
mmma8291play.xyz
mobile0team0stat.shop
octobusiness.com.tr
oelikixanni14.live
planbusiness.com.tr
planlimited.com.tr
planultra.com.tr
scorpionxxxtention.com
scorpionxxxtention.net
scorpionxxxtention.xyz
scorpionxxxtentionss.net
supersafer6.net
xxxpakunatationclass.net
xxxpakunatationclass2.net
xxxpakunatationclass3.net
xxxpakunatationclass4.net
xxxpakunatationclass5.net
xxxpakunatationclass6.net
/MTQ4MmUxODBhMTVi/
/MTU2OWE0NzJjNGY5/
/NmM2YjMyYjE4MmMx/
/NTQ2ZDEzM2FjMjY2/
/NzI1OGM2YjI0NDE5/
/ODRiMzk3Njg3ZThk/
/OGY2YWU5OTM4OTQ3/
/Y2U5ZjYxZTA5Zjcw/
/YWFiM2VkMmFmNWFh/
/ZDIxMjJmY2NlZmE5/
/ZmU2YzQ2NjZlNjc2/

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2023-11-21)

http://185.225.75.207
http://83.147.245.71
http://91.92.243.93
2jamiryo22113.net
3jamiryo22113.net
4jamiryo22113.net
5jamiryo22113.net
6jamiryo22113.net
7jamiryo22113.net
ahvahetmegelkalda.com
auxocto.com.tr
auxtoorocto.com.tr
bukoshmuko.top
cmdtoorocto.com.tr
cotogarden.co
ecolosolution.net
fghdfhdgh33.xyz
fhuiooemensb.info
fhuiooemrrerensb.co
kalkgelsybradan.com
kalplerderyakadardan.net
kamalaktandagel.com
macfitt.net
nigemgrouapp.net
nigemgrouapp.site
otakikotaik1224634.net
otakikotaik1334534.net
otakikotaik3234234.net
otakikotaik4234234.net
otakikotaik6423234.net
peyfi.bio
rgsdhsdf31.xyz
rrqg.xyz
stormslva.net
strmphone.net
sybrailevip.com
/MWVlMGI1ODc4NjFj/
/MmEzNTkzZDFkOWQz/
/ODVlZDlkMzU1ZTRi/
/YjM0YWMzZjQ5YzQz/
/YjRkZjE0NTUyNzZm/
/YmU2MGQ0ZWYxODM5/

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2023-11-25)

http://91.92.244.80
rootocto.com.tr
terierkorn.top
toorocto.com.tr
/CfK3ulGypS7Nns81/
/ZTZkNTJjNTkwYzk3/

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2023-12-05)

http://103.147.12.179
http://103.151.4.23
http://103.159.188.34
http://103.214.173.68
http://103.61.224.87
http://104.131.71.126
http://13.53.125.231
http://146.190.163.104
http://159.100.6.226
http://159.69.77.234
http://162.0.238.106
http://162.19.175.57
http://163.5.210.85
http://163.5.64.18
http://163.5.64.30
http://172.104.207.197
http://172.208.121.27
http://172.208.40.215
http://172.208.40.228
http://188.132.197.242
http://188.40.15.18
http://193.176.190.186
http://193.233.232.38
http://193.233.254.90
http://194.156.99.133
http://194.26.192.46
http://194.87.246.55
http://20.67.233.144
http://212.113.106.241
http://24.133.200.15
http://24.144.89.120
http://24.144.93.215
http://34.42.132.228
http://44.219.227.178
http://45.131.2.192
http://45.82.70.104
http://46.175.149.90
http://5.182.86.157
http://62.109.13.217
http://68.183.56.78
http://77.91.68.162
http://77.91.68.164
http://77.91.68.167
http://77.91.78.246
http://77.92.146.147
http://81.19.137.54
http://82.147.85.82
http://85.209.176.78
http://89.163.255.130
http://91.92.250.212
http://91.92.251.79
http://91.92.251.8
http://94.142.138.128
http://94.228.168.172
http://95.181.173.244
0rrdinalswallet.com
1.165079.biz
1.165081.biz
1.165084.biz
1.165086.biz
1.165088.biz
1.165089.biz
1.165090.biz
1.165091.biz
1.165094.biz
1.165095.biz
1.165096.biz
1.165097.biz
1.165098.biz
1.165099.biz
1.165100.biz
1.165121.biz
1.165122.biz
1.165123.biz
1.165124.biz
1.165126.biz
1.165129.biz
1.165131.biz
1.165132.biz
1.165133.biz
1.165134.biz
1.165137.biz
1.165138.biz
1.165139.biz
1.165140.biz
1.165143.biz
1.165144.biz
1.165145.biz
1.165146.biz
1.165147.biz
1.165149.biz
1.165152.biz
1.165154.biz
1.165155.biz
1.165157.biz
1.165158.biz
1.165159.biz
1.165160.biz
1.165161.biz
1.165162.biz
1.165163.biz
1.165165.biz
1.165166.biz
1.165167.biz
1.165168.biz
104.248.168.233:8082
1098393-cx34326.tmweb.ru
149.100.138.162:8082
15.235.140.12:8082
158.220.117.55:8082
165001.cz
165001.mba
165001.net
165001.tw
165002.co
165002.cz
165002.tw
165003.co
165003.cz
165004.mba
165004.me
165004.net
165005.cz
165005.me
165005.net
165006.co
165006.mba
165006.me
165007.cz
165007.mba
165007.me
165007.net
165007.tw
165008.cz
165008.me
165008.net
165008.tw
165009.cz
165009.me
165009.net
165009.tw
16501.id
16501.me
16501.net
16501.nl
16501.org
16501.wang
16501.win
165010.co
165010.cz
165010.me
165010.net
165010.tw
165011.co
165011.me
165011.tw
165012.co
165012.cz
165012.me
165013.me
165014.co
165014.cz
165015.co
165015.cz
165017.cz
165017.me
165018.co
165018.me
165019.me
16502.bid
16502.biz
16502.cz
16502.uk
16502.vin
165020.co
165020.cz
165020.me
165021.co
165021.cz
165022.cz
165022.uk
165023.cz
165024.co
165024.uk
165025.co
165025.uk
165026.cn
165026.co
165026.cz
165026.uk
165027.cn
165027.co
165027.cz
165027.uk
165028.cn
165028.cz
165029.co
165029.cz
16503.cz
16503.uk
16503.wang
16503.win
165030.cn
165031.co
165031.uk
165032.cn
165032.cz
165032.uk
165033.cn
165033.cz
165034.co
165034.cz
165034.uk
165034.vip
165035.cn
165035.co
165035.cz
165036.cn
165036.co
165036.cz
165036.vip
165037.cz
165037.uk
165037.vip
165038.cn
165038.vip
165039.co
165039.vip
16504.org
16504.vin
16504.wang
16504.win
165040.cz
165040.vip
165041.cn
165041.cz
165041.vip
165042.cn
165042.cz
165042.me
165042.uk
165043.cn
165043.cz
165043.vip
165044.cn
165044.me
165044.uk
165044.vip
165045.cz
165045.me
165045.uk
165045.vip
165046.cz
165047.cz
165047.uk
165047.vip
165048.cz
165048.me
165048.uk
165049.cz
165049.me
165049.vip
16505.org
16505.vin
16505.wang
16505.win
165050.me
165050.uk
165050.vip
165051.uk
165052.me
165052.vip
165053.me
165053.uk
165053.vip
165054.me
165054.uk
165055.cz
165056.me
165056.uk
165056.vip
165057.me
165057.uk
165058.cz
165058.uk
165058.vip
165059.me
165059.vip
165060.cz
165060.me
165060.vip
165061.cz
165062.me
165063.cz
165063.me
165063.vip
165064.cz
165064.vip
165066.cz
165066.me
165066.vip
165067.me
165067.vip
165068.cz
165068.vip
165069.me
16507.win
165071.vip
165072.org
165072.vip
165073.cz
165073.org
165073.vip
165074.org
165074.vip
165075.cz
165075.org
165076.org
165076.vip
165077.cz
165077.me
165078.cz
165078.me
165079.cz
165079.me
165079.vip
16508.wang
16508.win
165082.cz
165083.me
165083.org
165084.cz
165084.me
165084.vip
165085.me
165085.org
165085.vip
165086.me
165086.org
165087.cz
165087.org
165087.vip
165088.cz
165088.org
165088.vip
165089.cz
165089.vip
16509.cn
16509.org
16509.win
165090.org
165090.vip
165091.biz
165091.cz
165091.me
165091.org
165091.vip
165092.cz
165092.me
165092.vip
165093.cz
165093.me
165093.vip
165094.cz
165094.me
165094.org
165095.cz
165095.me
165095.org
165096.cz
165096.me
165097.cz
165097.me
165097.org
165097.vip
165098.me
165099.biz
165099.cz
165099.org
16510.org
16510.wang
16510.win
165100.me
165100.org
165100.vip
165101.cz
165101.me
165101.vip
165102.cz
165102.org
165103.me
165104.biz
165104.cz
165104.org
165104.vip
165105.org
165106.biz
165106.me
165106.org
165107.biz
165107.cz
165107.me
165107.org
165108.cz
165108.org
165108.vip
165109.me
165109.org
165109.vip
16511.org
16511.wang
165110.biz
165110.cz
165110.org
165111.biz
165111.cz
1651111.bid
1651111.org
1651112.bid
165112.cz
165112.org
165112.vip
165113.biz
165113.vip
165114.biz
165114.cz
165114.vip
165115.biz
165115.cz
165115.org
165115.vip
165116.biz
165116.cz
165116.org
165116.vip
165117.biz
165117.cz
165117.vip
165118.biz
165118.cz
165118.org
165119.biz
165119.cz
16512.org
165120.vip
165121.org
165121.vip
165122.org
165122.vip
165123.cz
165124.cz
165124.org
165125.cz
165125.org
165125.vip
165126.cz
165126.org
165126.vip
165127.cz
165128.cz
165128.org
165128.vip
165129.org
165130.cz
165130.org
165130.vip
165131.org
165132.org
165133.cz
165133.org
165133.vip
165134.cz
165134.org
165135.cz
165135.vip
165136.org
165136.vip
165137.org
165137.vip
165138.org
165138.vip
165139.org
165140.vip
165141.vip
165142.org
165143.org
165145.org
165148.org
165149.org
16515.uk
165150.org
165151.org
165152.org
165153.org
165154.org
165156.org
165157.org
165158.org
165159.org
16516.wang
165160.org
165161.org
165162.org
165163.org
165164.org
165168.org
165170.org
165171.org
165172.org
165176.org
165177.org
165179.org
165180.org
165181.org
165182.org
165186.org
165187.org
165189.org
165190.org
165191.org
165195.org
165196.org
165197.org
165198.org
165199.org
165200.org
165202.org
165203.org
165204.org
165207.org
165208.org
16521.tv
165210.org
165213.org
165214.org
165215.org
165216.org
165217.org
165218.org
16522.tv
165221.org
165222.org
165223.org
165224.org
165225.org
165227.org
165228.org
165229.org
16523.tv
165230.org
165231.org
165232.org
165234.org
165235.org
165236.org
165240.org
165241.org
165243.org
165244.org
165245.org
165246.org
16525.org
16525.tv
16526.org
16527.cn
16531.cn
16537.cn
16540.cn
16541.org
16542.cn
16545.org
16547.org
16570.cn
172.174.144.147:8082
172.178.83.46:8082
172.190.120.239:8082
193.233.254.44:8082
203.161.62.205:8082
333333.heun.live
45.76.188.227:8082
45.82.70.104:8082
45.88.186.66:8082
55555.heun.live
58701.tv
62.146.226.39:8082
62.72.46.59:8082
63.250.36.134:8082
77.91.68.164:8082
77.91.78.246:8082
79.137.199.14:8082
80.66.85.142:8082
88.198.83.21:8082
89.23.103.41:8082
89.23.103.79:8082
89.23.113.110:8082
89.23.113.67:8082
91.215.85.186:8082
91.215.85.58:8082
91.92.246.230:8082
91.92.251.79:8082
94.228.162.29:8082
94.228.168.172:8082
aaraclar.com.tr
adminuser.euew3172.live
agdetails.com
alextrucking.com
amendes.fr.webgouv.info
anindacar.com.tr
api.baitianshiyou.fun
api.tokenpocket.wiki
app-ramp.co
app.baitianshiyou.fun
app.maiziqianbao.site
assets.cnsinopecqh.vip
assets.qiluqhapp.vip
baitian.imtoken.fan
baitianshiyou.fun
bank-verification.myddns.com
bolb.wingsofmine.uk
bozkurt.xyz
ca-bnc.com
capital-on.online
clothingyote.shop
cotinga-slaved.vpsrdns.web-hosting.com
cpanel.cad-con-systemplanung.de
cpanel.jayelectrons.com
cpanel.precisionrenovationri.com
cry4now.club
cutoutstyle.com
cvc.ptechconsult.com
ded609.hostwindsdns.com
dl.shop-pro.cn
domainover9999.com
dragonslayer12.com
dsh.mg.qiluqhapp.vip
ebgostahdferee.site
eksevents.org
eu-anytime.com
fatimafoods.co.uk
feelajans.xyz
generatedata.felicity-services.com
git.koenig.software
gram.riseup101.com
h.mcimtn.online
hasanulukaya2312.com.tr
havayoluhatti.net
hodge.produceanimation.com
hook.p3xx.gq
host.ptechconsult.com
hosting.ptechconsult.com
hwsrv-1100652.hostwindsdns.com
index.pornhtxub.com
interface.qiluqhapp.vip
jayelectrons.com
kn1976.com
koenig.software
lhp.honghan.buzz
link.eksevents.org
mail.automoto.tn
mail.kinetic.supplies
mail.ptechconsult.com
mail.rankio.app
maizi.tokenpocket.wiki
maiziqianbao.site
mar.muchdomain999.com
mg.qiluqhapp.vip
mikehp.com
monitoring.rankio.app
msk.arifjan.su
muchdomain228.com
muchdomain333.com
muchdomain444.com
muchdomain999.com
mzqb.tokenpocket.wiki
ordinallswalltes.site
ordinallwallets.site
ordinalswallets.site
ordinalwallets.org
ordinaullswaullet.in
ordinaullswaullet.site
ordlnallswallets.site
picoshot.softether.net
plnest-bank.com
plnestbank.com
prometheus.felicity-services.com
ptechconsult.com
qiluqhapp.vip
rogrscadretrn.net
shop-pro.cn
sms.ptechconsult.com
staging.teg.london
suddenly.riseup101.com
ter.chokolak.mom
testings.ptechconsult.com
tokenpocket.wiki
usagers.antai.webgouv.info
web-anytime.com
web-asb.net
web-auda.city
web-bawag.com
web-bnc.com
web-bpm.com
web-capitalonetap.com
web-divvy.co
web-divvy.com
web-instamed.com
web-pleo.com
web-rainertrankle.online
web-synchrony.com
web-tradingview.com
web-usbank.com
web0-fnb.com
webdevluminor.team
webgouv.info
yhabb.me
yhabd.me
yhabe.me
yhabf.me
yhabh.me
yhabj.me
yharea.me
yhatb.org
yhbase.me
yhbca.org
yhbest.me
yhbth.es
yhdkk.es
yhgame.me
yhgba.me
yhgbi.me
yhgbs.me
yhgbu.me
yhggr.me
yhggt.me
yhggw.me
yhgjae.net
yhgjaq.net
yhgjar.net
yhgjaw.net
yhgjcq.me
yhgjct.me
yhgjcw.me
yhgjgq.me
yhgjgr.me
yhgjgt.me
yhgjxq.net
yhgjxr.net
yhgjxw.net
yhipa.id
yhjje.me
yhjjr.me
yhjjw.me
yhkwn.org
yhltd.biz
yhnas.es
yhqwek.win
yhrest.me
yhrise.me
yhsht.es
yhsse.me
yhssq.me
yhssr.me
yhsst.me
yhssw.me
yhtfd.biz
yhtime.me
zones.one

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2023-12-08)

http://163.5.64.38
163.5.64.38:443
abehimenoyar.xyz
ahhhuu22cxxx.com
baowiiicoonee.com
frekelobasder.com
juzacaver.store
kuulaammbeew1.com
vippivok.top
waaabbuuwwsx.com
/MWUwMTFhNzkwMzg3/
/MWUwMTFhNzkwMzg3/NDkwNTQ0MzA1OWYwadm/
/NDkwNTQ0MzA1OWYwadm/

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2023-12-12)

http://91.92.251.176
91.92.251.176:443
0nty208c2wmzcf6f63lx.xyz
c8qg4aojk3n5s6yg4tsu.xyz
dnyadargelecek.xyz
g560st6hv980v6vyrcji.xyz
thewjajdawieqrqewq.bond
wbvmfu5rncgobzz9v4nf.xyz
wjajdawieqrqewq.cyou
wjajdawieqrqewq.top
wjajdawieqrqewqgroup.monster
wjajdawieqrqewqonline.icu
wm995a146pmd2iedsx84.xyz
yargelecekamanzmn.xyz
/MTI5OGNmYWJkYTU1/
/OGFiYTA3MzU4NGEw/

# Reference: https://hatching.io/blog/triage-insights-ep1/
# Reference: https://tria.ge/231101-1wx7cadf5y
# Reference: https://hatching.io/static/files/octo-banker/all_octo_c2.txt

http://109.206.242.52
http://109.206.242.58
http://15.235.143.105
http://176.111.174.135
http://176.111.174.151
http://176.111.174.92
http://176.113.115.110
http://176.113.115.64
http://179.43.142.190
http://179.43.142.192
http://179.43.163.122
http://185.122.204.122
http://185.196.8.105
http://185.225.75.47
http://185.252.179.90
http://190.211.255.74
http://190.211.255.75
http://190.211.255.76
http://190.211.255.77
http://190.211.255.78
http://193.42.32.180
http://212.87.204.147
http://213.109.202.154
http://45.66.230.8
http://45.81.39.89
http://45.88.66.9
http://45.9.74.136
http://79.110.49.204
http://79.110.49.49
http://79.110.62.118
http://79.110.62.121
http://83.97.73.144
http://83.97.73.39
http://84.54.50.100
http://87.120.88.90
http://87.120.88.92
http://87.121.221.211
http://87.121.221.49
http://91.92.240.156
http://94.156.253.86
http://94.156.65.133
109.206.242.52:443
109.206.242.58:443
15.235.143.105:443
176.111.174.135:443
176.111.174.151:443
176.111.174.92:443
176.113.115.110:443
176.113.115.64:443
179.43.142.190:443
179.43.142.192:443
179.43.163.122:443
185.122.204.122:443
185.196.8.105:443
185.225.75.47:443
185.252.179.90:443
190.211.255.74:443
190.211.255.75:443
190.211.255.76:443
190.211.255.77:443
190.211.255.78:443
193.42.32.180:443
212.87.204.147:443
213.109.202.154:443
45.66.230.8:443
45.81.39.89:443
45.88.66.9:443
45.9.74.136:443
79.110.49.204:443
79.110.49.49:443
79.110.62.118:443
79.110.62.121:443
83.97.73.144:443
83.97.73.39:443
84.54.50.100:443
87.120.88.90:443
87.120.88.92:443
87.121.221.211:443
87.121.221.49:443
91.92.240.156:443
94.156.253.86:443
94.156.65.133:443
0eto0mhk6g7b.top
0n75w55jyk66.pw
11city.net
11fdghhoo1.top
122fdghhoo1.top
123fdghhoo1.top
126fdghhoo1.top
127fdghhoo1.top
128fdghhoo1.top
129fdghhoo1.top
12fdghhoo1.top
12logites432532s.xyz
1323fdghhoo1.top
1326fdghhoo1.top
13fdghhoo1.top
13logites432532s.xyz
13sf6uu6cvlm.la
14logites432532s.xyz
157y0toa2u40.hk
15fdghhoo1.top
15logites432532s.xyz
15yam4acfirarda22.xyz
16logites432532s.xyz
17cvtky2s4rl.site
17fdghhoo1.top
17logites432532s.xyz
17str.com
18logites432532s.xyz
19fdghhoo1.top
19logites432532s.xyz
1azisswravaas.xyz
1fdghhoo1.top
1logites432532s.xyz
1maihotry1.top
1maihotry10.top
1maihotry11.top
1maihotry12.top
1maihotry13.top
1maihotry14.top
1maihotry15.top
1maihotry16.top
1maihotry17.top
1maihotry18.top
1maihotry19.top
1maihotry20.top
1maihotry3.top
1maihotry4.top
1maihotry5.top
1maihotry6.top
1maihotry7.top
1maihotry8.top
1maihotry9.top
1o1al.com
1o1al.net
1otal.net
20hffqm13hac.top
20logites432532s.xyz
211fdghhoo1.top
21logites432532s.xyz
21tr.net
22logites432532s.xyz
2310fdghhoo1.top
2311fdghhoo1.top
236fdghhoo1.top
25yam8acfirarda22.xyz
29p0jb1nyxmt.biz
2azisswravaas.xyz
2logite234s.xyz
2maihotry1.top
2maihotry10.top
2maihotry11.top
2maihotry12.top
2maihotry13.top
2maihotry14.top
2maihotry15.top
2maihotry16.top
2maihotry17.top
2maihotry19.top
2maihotry2.top
2maihotry20.top
2maihotry21.top
2maihotry22.top
2maihotry23.top
2maihotry3.top
2maihotry4.top
2maihotry5.top
2maihotry6.top
2maihotry7.top
2maihotry8.top
2maihotry9.top
31fdghhoo11.com
31fdghhoo11.top
32fdghhoo11.com
32fdghhoo11.top
33fdghhoo11.com
33fdghhoo11.top
34fdghhoo11.com
34fdghhoo11.top
35fdghhoo11.com
35fdghhoo11.top
35y3am4acfirarda22.xyz
36fdghhoo11.com
36fdghhoo11.top
37fdghhoo11.com
37fdghhoo11.top
38fdghhoo11.com
38fdghhoo11.top
39fdghhoo11.com
39fdghhoo11.top
3azisswravaas.xyz
3blz.com
3fdghhoo1.top
3kwcrf3dhfpfui8kcl1a.store
3saygadlolesfolezdoles.net
3ses432532s.xyz
3yamacfirarda22.xyz
40fdghhoo11.com
40fdghhoo11.top
41fdghhoo11.com
41fdghhoo11.top
4232fdnsjds.top
42fdghhoo11.com
42fdghhoo11.top
43fdghhoo11.com
43fdghhoo11.top
44fdghhoo11.com
44fdghhoo11.top
44nsf5suq71ibmajslpd.store
45fdghhoo11.com
45fdghhoo11.top
46fdghhoo11.com
46fdghhoo11.top
47fdghhoo11.com
47fdghhoo11.top
48fdghhoo11.com
48fdghhoo11.top
49fdghhoo11.com
49fdghhoo11.top
4azisswravaas.xyz
4ht227ce29z6.xyz
4jsi8qj3203u.org
4lmmw85977x2.xyz
4n51yg9firr3.site
4ses432532s.xyz
50fdghhoo11.com
50fdghhoo11.top
518tudu7579h.xyz
5a9udxg6l6gd.su
5azisswravaas.xyz
5logit32532s.xyz
5saygadlolesfolezdoles.net
5ses432532s.xyz
5y3am4acfirarda22.xyz
5ya5m8acfirarda22.xyz
5yam4acfirarda22.xyz
5yam7acfirarda22.xyz
5yam8acfirarda22.xyz
63651iz40cio.biz
643y3mrh4m3d.in
66ya5m8acfirarda22.xyz
6azisswravaas.xyz
6dtav5rvnh1q.in
6kd020yb568x.top
6ya5m8acfirarda22.xyz
7f810uirncsx4ewxkzw8.store
7rg3jpn398qap9mh8h5x.store
7ya5m8acfirarda22.xyz
849gyl52kfzf7b1o6gtx.store
8e1jgvo65s9r.online
8logits432532s.xyz
8ya5m8acfirarda22.xyz
95d325bsurjd.top
9833ltvh68bb.cc
99ol9f44xvgo.cn
9city9.com
9r8i1u84t2gp.online
9r8i1u84t2gp1.online
9w28pp996g59.top
9ya5m8acfirarda22.xyz
a1b2c3d4e5f6g7h8i9.ru
a1b2c3d4e5f6g7h8i9.xyz
a4ca15da511d151x.info
a87rvat46c50.com
abas34hkipolot.top
abashkinokabashkinok.top
abehimenoyar.net
abgggpoh.com
abgggpoh.top
abicidasdwee.com
aciktim223432516.xyz
acizac12141.xyz
acizac1322343.xyz
acsmartio.tech
adeterolitorlher.com
adigeaujuv9012.live
adstyleelelelele232133.com
adstyleelelelele23232.com
afcigferscne.net
ahs8a4mz8ehq.online
aiusdgkajhsgdjkhas.online
akjshdkajhskdjsa.online
alimavij72.vip
alivajunkinnb.vip
allahkitapads1940.xyz
alldnsfastcheck.xyz
amadocarillofuentes.ignorelist.com
amarastrmss.com
amarastsmss.com
amarastsmss.org
anayinamiusom.xyz
apppro.live
artemisbungalovsapanca.net
arw2he7x57wp.pw
arw2he7x57wp1.pw
asdhasdasd.net
asdkjaskdjsakdjkajsakd.hk
asqwnbvb.shop
astdgad.homes
astdgad.info
asuidhasiudhaisuh.xyz
asytdfaystfdaystfda.site
atysgkjasjkdhasudoahs.in.net
auvpciyhgjeo.su
avagroup2.net
avryujtrghrwe5tg.online
aysdgafas.com
aytenteyzenolez.net
azisswrav44as2.xyz
azisswrava333as2.xyz
azisswravaas.xyz
azisswravaas1.xyz
azisswravaas2.xyz
azisswravaas34.xyz
azisswravaas5.xyz
b1nkikaza12kinv21.live
babacimmnagdfgdun.com
bagequu.shop
barabashkinok.top
bdobolizefangyta.net
bed-car-top-car.com
benjaminfried.crabdance.com
bentosmentos.space
beresihbtgrsewtr.info
berg56gbfryyrerfg.top
berionderhimefiger.com
bestjunggvbvqq.com
bestkrokodilas.com
bestproapp.pro
bestscanworldip.xyz
bfrewyihrfgfgfgwer.site
big-tree-ilusion.com
birakyakamiorsupuogluusom312.xyz
biribizidurdursunn3.com
biribizidurdursunn4.com
biribizidurdursunn5.com
blessedik591.info
bleu-teddy.com
blue-deargreezley.com
bntvntosos.shop
bokicookies15ba.info
boodycookies41.info
borklfofj.top
botbokhj.top
brian-tallman.twilightparadox.com
bublegublefound.co.uk
bufalo-store.com
bugutar.ru
bugutar.store
bugutars.online
bumbegringosee.xyz
bunaseiranahui.top
bunny-pink-love.com
buzlokolmactuocxa.com
cafetariasengers.site
camerahomex1a.live
camerahomexalfaxx.site
cantationnatationclass1.net
cantationnatationclass2.net
cantationnatationclass3.net
cantationnatationclass4.net
cantationnatationclass5.net
caramiliudj16.live
cashflow919191.xyz
caybrozfolekesesneye.net
cciforenirinuteret.com
ccnfddbvb.pics
certbreugeanagbierty.com
checkdoubledns.xyz
checkfastalldns.xyz
chroww.top
ciwebrrrewgrwge.top
cleverk21da912mca.live
cm603lzeyxdw.biz
cm603lzeyxdw.site
cm603lzeyxdw.space
cm603lzeyxdw1.site
cnajomoredgac.pro
commprsine.xyz
cookiliakc15.live
covysya.top
cqaeot3kis7rjf8apiuf.store
creg67jhyutjyutrtg.xyz
cyclohexylamine.top
dancelumn991dc.top
daniel.osborne.chickenkiller.com
danielprime-robotics.com
dddcaiasnfaf.xyz
decilaxcvz.life
dejunggdejpopopoungg.com
dejunggdejpopopounggq.com
dejunggdejungg.com
dejunggdejunggww.com
dejunggdejunyyyyygg.com
dejunggdejunyyyyyggq.com
dfgrewqfewhg.top
dfisndersinc.com
dfterh7567hjj6756.top
dhbtlbpkmu.top
dhwjzxkcmcwn.net
djnofutrhwgrgrrte4.xyz
djrvpjanpxtv.cc
dnscheckdouble.xyz
dnsfastcheckall.xyz
domforpro.online
double-bubble-gum.com
double-history.com
doublecheckdns.xyz
dvapo05.top
eendfbvb.sbs
efrewty54trew.online
eftreuihjtrgre8r4fr.online
ejomejoworking.com
ekmeka2fasek.com
encgrcwfjntq.online
epi2nciifirarda227.xyz
epi3nciifirarda27.xyz
epi5nciifirarda237.xyz
epinciifirarda227.xyz
epinciifirarda237.xyz
epinciifirarda27.xyz
epinciispesinde227.xyz
erhjolitorler.co.uk
eses432532s.xyz
excommunicative.cc
f2kic1nam25n81k.cc
f465eb6f7rlkn0rsccj2.store
falanemienadeforum.org
fastdnsallcheck.xyz
fbpxbqebmqto.info
fcercvv7erwcvnrew.site
fexohii.top
ffrewiuhfgw54rewf.site
fhuioerrwfffwsfssdoemrrerensb.co
fhuiooedjefjheeffemensb.info
fjfrowiryhnrfnrwer.online
flutera.bond
fmnieuhftrewy86rtgfwe.xyz
fmri3i4567ng.biz
forumdeferask.org
forummostofmudean.net
free-tree-loop.com
fsydjfwxxazz.top
fujetue.shop
g1h2i3j4k5l6m7n8o9.ru
g1h2i3j4k5l6m7n8o9.xyz
gabriela.saunders.crabdance.com
gebasao.shop
germanisoppinionsi.com
germanisoppinionsi.net
germanisoppinionsi.xyz
germanisoppinionzani.com
germanisoppinionzani.net
germanisoppinionzani.xyz
gerp-pat.info
ghasvyashvas.com
ghost2324112.xyz
ghost232412312.xyz
ghost232412512.xyz
ghost232412512312.xyz
ghost23241312.xyz
giorginaliaror.co.uk
godcaiasnffsa2.xyz
goedthom.me
gold-host22.org
goleugeanagierty.com
golevasi800.top
golovnka33.top
grihhkhkhrggrerg.cloud
grihhkhkhrggrerg.online
grihhkhkhrggrerg.pro
grpweufnh734bfr3.online
gyewuqghvsvx.com
hallaoppocamera109.online
hasancnpo13.com
hasancnpo1741.com
hasancnpo178.com
hasancnpo1986.com
hasancnpo33.com
hasiduasiudhas.fun
hastperstians.space
hduuooasdj.website
helloejoworkstoop.com
hferyjr6456tgfgr.site
hfwe5tgtrgtre5.top
hhypophy.games
hikujnja251pols.pro
hilliloo.games
hilyphotoph.games
hippolit.games
holaolabien.top
honeuyseebadg.live
hotdogland.tech
houilles.info
icbm5s5oj028.xyz
idneliptionsflow.co.uk
idriskocovali147.net
idriskocovali1784.net
idriskocovali1900.net
idriskocovali258.net
idriskocovali9651.net
ieuzqomcdodp.site
ihfwiohefwhiwririhererf.fun
ihfwiohefwhiwririhererf.pro
ihfwiohefwhiwririhererf.store
ijectaeres.online
ijectaeres.site
ikranjsfyu.space
illuminatiosfilters.net
inat-protv-box.net.tr
industrial-soft32.com
ioninutility.games
j1k2l3m4n5o6p7q8r9.ru
j1k2l3m4n5o6p7q8r9.xyz
james-beekman.jumpingcrab.com
japarabax64789.pw
jatep-raw.net
jerkenates225.site
jery2helly4now.site
jerymylocationas.com
jiekkskd7ue7ujeew.shop
jikugac818v.vip
jimevizerio.net
jin-tonik-boom.com
jjxuqacupqneeebynrqj.store
joaquinguzmanloera.jumpingcrab.com
joledibensed.net
jolefrerufr445l.xyz
jombacamerayunmo99.online
jrfewi743hfknewsar.site
jrqwe54t54fwererererftgr.xyz
jszkcuguncrw.info
juf18ki1ca15ca1la.info
junggvbvqqnet.com
junggvbvqqnews.com
junggvbvqqnewsww.com
junggvbvqqqqqq.com
jungjungju.com
jutyhsnbuaihahaj.pw
juxtaglomerular.hk
juxtaglomerular.net
jxmnxnghbobs.ru
jyjodia.shop
k1l2m3n4o5p6q7r8.ru
k1l2m3n4o5p6q7r8.xyz
kalpazanlan101.xyz
kalpazanlan102.xyz
kalpazanlan103.xyz
kalpazanlan104.xyz
kalpazanlan105.xyz
kalpazanlan106.xyz
kalpazanlan107.xyz
kalpazanlan108.xyz
kalpazanlan109.xyz
kalsakink.net
kankalarasybragel.net
keekhomexavas.online
keplistensan.site
keripocjatina11.info
kirwenbrce7rhefrqwf.top
kj32gkj32g3k2g32k.net
kjhxckjskcjsnckd.online
kopenhard.host
kopenhardm.fun
ktrewrtytwe5gtr.online
kyxuhoe.top
lajunggvbvqq.com
lajungpopo.net
lanuheu.shop
laskerbanys.kz
laspalmasnow99012.in
laural-plath.chickenkiller.com
lauytropopo.net
lehoetrb6j1h6.online
licaseteinforum.com
lid6ve6v2a7tf3s7looa.store
lipolytarystone.com
lithophyllith.games
lkei7hferhryrerffre.xyz
llintuit.games
logit32532s.xyz
logite234s.xyz
logites432532s.xyz
logits432532s.xyz
ltreyr6tgherty6.xyz
m1n2o3p4q5r6s7t8.ru
m1n2o3p4q5r6s7t8.xyz
m4ll06dsb0bxom5h4njy.store
majestike8ca.top
makivn58jnid51.live
manyolifer.cc
marmont.site
marmonth.space
marulkactuocxa.com
maysdubasuidansoda.buzz
maza5rra11vti251mca.info
menetory4gert.xyz
metamaok.co
metamaok.info
mferwuhbnwernfutrwr4f.top
mileogenator.com
mkamskamkma.pw
mkasmkamskams.tech
mklqwmdkqmwdkqwoodqw.tech
mushbayong3.info
musherpicka.live
myhtery54y56eyy6.site
myxakoa.top
nbervbwe.monster
nbrtvbsd.mom
nbvbvber.makeup
nbvmnbbn.lol
nbvvvb.hair
ndsihbtgrsewtr.info
newdnsfastcheck.xyz
nfrweiygwiqeu4f54.site
nggvbvqq.com
nggvbvqqdfdsfs.com
nggvbvqqdfdsfsq.com
nggvbvqqopoo.com
nggvbvqqopooq.com
nggvbvqqwq.com
nillionp.games
nisiqia.top
nisiqniqqsiq.com
nisiqnisiq.top
nobodysgonnanow.pw
nonillionth.games
nonkapizza.top
nterospbnvdos.site
nterospbnvdosss.top
nterospusios.shop
ntospoos.cc
ntospusios.top
ny56ghytr34u67r5.online
nytbvb.one
o1p2q3r4s5t6u7v8w9.ru
o1p2q3r4s5t6u7v8w9.xyz
o3c31x4fqdw2.lt
oadoaqadgdft.site
ofrewubiwertwerwfg54f.online
omunicateredindly.net
onypolyphyll.games
optimusprimestar890.site
otintlithoto.games
otreuietryu75466y.top
oylg4z486xv4.info
ozdoro.store
pabloemilioescobargaviria.chickenkiller.com
pakunatationclass.com
pakunatationclass.xyz
pakunatationview.com
pakunatationview.net
pakunatationview.xyz
pakuxxxnatationclass.net
pakuxxxnatationclass2.net
pakuxxxnatationclass3.net
pakuxxxnatationclass4.net
pakuxxxnatationclass5.net
pakuxxxnatationclass6.net
papilinovkia10.live
papricasfla.bio
parakazaniyozamcik323232123.xyz
parlamentkisa778899.xyz
passajire555.live
percys81kcac.info
perlmp.com
petap-pra.com
pferwiby4frewrf.xyz
pfn4w2fgh5bwgterwtre.top
pica-chupachups-ok.com
pkasjjfoosa.host
pnasfbvubafs.com
poewjehfbwery47fr.top
pofvac15camkkecz5.cc
pokolobnvdos.site
pryma4racks.com
pubegoa.top
qgftert54ttgrgt.online
qitocea.top
qqnnffbvb.space
quhrnry75hngtrwrt.online
quinquagenarian.xyz
qutwdgtqwduqtgquwtd.fun
quwfqcgszcsahqjsa.com
quwfqcsatwtwhqjsa.com
quwfqcsqweuahqjsa.com
quwfqcyfyrysahqjsa.com
quwfqpmcjxcsahqjsa.com
quwfqpqpwcsahqjsa.com
quwfqqqqqcsahqjsa.com
quwfqvvxcsahqjsa.com
quwfqwqwqcsahqjsa.com
quwfqxzcsahqjsa.com
qwiueuiqweyiuqwy.co.uk
qwnnnbvb.skin
r5tg0d6344nr.cc
r85d4kbe5729.vip
reservop.top
resolve4consumer.info
restore-center.org
rightejostartwork.com
rihrhkrkhwrjr.art
rihrhkrkhwrjr.wiki
rrwrrgretgewgrjr.pro
rrwrrgretgewgrjr.site
rrwrrgretgewgrjr.us
rrwterhyt84hfgerg.top
rtrtrastratrstarstra.site
rugypie.shop
rugypie.top
rwjfgf.xyz
s1t2u3v4w5x6y7z8.ru
s1t2u3v4w5x6y7z8.xyz
s9rls3pp86p6.cc
sa2ygadlolesfolezdoles.net
sagefacturacion.pro
saldirmoruk4ss22.net
saldirmoruk7ss22.net
saldirmoruks6s22.net
saldirmoruks8s22.net
saldirmoruksas282.net
saldirmorukss122.net
saldirmorukss222.net
saldirmorukss2322.net
saygadlolesfolezdoles.net
scanipworldbest.xyz
scisncassine.xyz
sdxasd2.top
se7pn.digital
sfhasgiasasgh.com
sgrt8ngtretghby.site
shefcameradeactivedx909.online
shopjunggvbvqq.com
siktimarabiverdimyaragi1231.xyz
silo1chopbox.xyz
simba1.sg
siptralosxi13.xyz
skyclouds.space
slaevukrne12.xyz
slaevukrne123.xyz
slaevukrne132.xyz
smaslijuniorless.net
smasliseniorless.com
smasliseniorless.net
smasliseniorless.xyz
smoorfikimv.pro
spaceopensta.online
spaceopenstar.tech
startworkejostop.com
stijnjoeyak.world
strmstrmbabas.com
superjunggvbvqq.com
superjunggvbvqqww.com
sybracehennemevip.com
sybracenneti.com
sybrhesdiyari.com
sybrsatatdiyari.com
testingejosystem.com
thebestkrokodilas.net
thomas116.website
thophotop.games
tislasminastonkinles.com
tislasminastonkinles.net
tislasminastonkinles.xyz
tnentob.pro
tnourvt87hnrtereg.online
tokenpackot.co
topfexgg.top
trattotarakoniconti.com
trattotarakoniconti.net
trattotarakoniconti.xyz
trattotarakoniyse.com
trattotarakoniyse.net
trattotarakoniyse.xyz
tv1ed54je1ws.cc
typhotoli.games
u1v2w3x4y5z6a7b8.ru
u1v2w3x4y5z6a7b8.xyz
uatsfdtasfytdafsytads.in.net
ufgert7ghwtgwe56yv6.top
ufpyyrumrmdq.top
uhiuhuhiuhiuhiuhiuhihu.hk
uierfiyurqfhbqyqr.xyz
ujsayhhfsakl.fun
ulrichschreiber.chickenkiller.com
undervistersan3.site
v1w2x3y4z5a6b7c8d9.ru
v1w2x3y4z5a6b7c8d9.xyz
varibou.top
varibovarib.top
varibovaribo.top
varibovavaribova.top
vbfdnbvb.online
venndzy75hjeklr.top
ventosbentos.shop
ventosbentosas.live
vftg54gtdhrt67465gr4w.online
vhrfe87jejdw7e.store
vnajgumonculeag.info
vntososupplsos.live
vukytou.top
wanrflitrnvn.asia
wawoqii.shop
waytoupio.click
wevmuty56gbfdg.xyz
wfrewst5y634e5tgw.top
wqurhnqwer7fhqrrqe.online
wwereffnbvb.store
x1y2z3a4b5c6d7e8f9.ru
x1y2z3a4b5c6d7e8f9.xyz
xavidicasa.org
xavidifenda.com
xavimaestra.info
xeligna.site
xgbcasueahqz.tw
xijunao.shop
xivadoivxa.info
xoboxii.shop
xsh60v8222sg.top
xvrtye5464fser.site
xxfdnbvb.quest
xxxlemontenseinside.com
xxxlemontenseinside.net
xxxlemontenseinside.xyz
y3macreklam232.net
y4macreklam232.net
y5macreklam232.net
y7macreklam232.net
y7x5f9cnv9ex.pro
y8macreklam232.net
yagsdfgyuqweqw.com
yamacfirarda22.xyz
yamacreklam232.net
yamass1112425ds.xyz
yamass16112425ds.xyz
yamass2432425ds.xyz
yamass3112425ds.xyz
yamass33132425ds.xyz
yamass3432425ds.xyz
yamass5112425ds.xyz
yeniyeni111.net
yeniyeni112.net
yeniyeni113.net
yjf241z0uu75.info
ylithotypyno.games
ypolyptoton.games
yqywywwyfcscv.com
ysysyssvxwwfqs.top
yuafsdyfasufdays.lol
yuagwduygasuydas.xyz
yupinytr.pw
yupinytro.pw
zaglefolki1.info
zasbasbasfisa7.xyz
zasbasbasfisa79.xyz
zasbasbasfisa84.xyz
zazarazgok7215vor1.pro
zebra1.xyz
zebra2.website
zebra3.store
zeqexyu.shop
zgtryh54g4twe56456y.com
/M2EyOTM2M2FlY2My/
/M2I2NGMzMzk4YzM0/
/M2I4YjgxZDUwZjU2/
/M2ZhZjE4YjBhZWU4/
/MDQ4Yzc4NTJkYTg4/
/MDRlNWVhZDUxYWIw/
/MDViMDU3NDYwMTBm/
/MGM2YzAzZGJlZTQz/
/MTBiYTAyMTk0NzJj/
/MWMxNzg0YzJjZTVh/
/MmFhOTk1NjFjYzM1/
/MmMxZTM2NWEyYzNj/
/N2RiZjBhY2YzMWUx/
/N2Y5ZmU3OTI5ZDky/
/NSo5rJixZDUwZOb2/
/NTIwZmU2YzM0ZjU1/
/NWY5ZThlNDU5OGE3/
/NjBlZDY2MGMxZWVi/
/Njk4Zjk4YjdjODY3/
/NmE0MWZmM2UyZTZh/
/NmFkZTc4YWM3ZTk2/
/NmYwNjYyZjEyMDVm/
/ODJlMTFhNzAxYjFi/
/OGE5NjljOTM5YWI3/
/OGYyZmMyZmVlMGI0/
/OTRkNGFmNjQxZmI3/
/OThkMWQ3YzE0NTM2/
/OWUyYzIyNzhjMjk4/
/OWY2ZmE5ODEyYTA3/
/Y2JmMWNmNGVkNWI3/
/Y2MzZTdiZGRiZjg0/
/Y2NlMmYyMmYwMGI5/
/YTFiYmViNzA3YjMz/
/YTYxNjljZDI1YzFh/
/YTc2ODI2ZmU4NWFi/
/YTgxOTM0YjhjMmQ2/
/YjJjM2M0NDc4ZjBj/
/YjcyMWYzZjc5OTUy/
/YjdhYzNmMDUxOGQ1/
/YzQyNjFlZjE1ODVm/
/ZDNkMTgyOGNhNDdh/
/ZTE1NWI1YmEzYjZi/
/ZTI4OTU5ZjRjYWQ2/
/ZTIyNTVmMmE1NzNl/
/ZjI0NGY5MTMzMDhk/
/ZjJhMmQxZWM4YTA4/
/ZjU3NWNhYzE5Mzhm/
/ZmEwY2ZmZWYzN2Mw/
/m2i2ngmzmzk4yzm0/
/mtq4mmuxodbhmtvi/
/njk4zjk4yjdjody3/
/puap9udshc2ZmZjMmUzMghst/
/ytyxnjljzdi1yzfh/

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2023-12-17)

http://163.5.169.22
http://163.5.169.35
http://163.5.210.86
http://194.33.191.62
http://91.92.242.222
163.5.169.22:443
163.5.169.35:443
163.5.210.86:43
185.192.246.251:443
185.196.9.197:443
185.225.75.19:443
185.225.75.207:443
194.33.191.201:443
194.33.191.41:443
194.33.191.62:443
91.92.242.222:443
91.92.244.72:443
91.92.244.80:443
94.156.65.160:443
94.156.68.231:443
94.156.68.232:443
94.156.68.233:443
94.156.68.234:443
6r0yncqzffklht1.com
akksdkmmfsak2.net
archevlasmenes8.xyz
azadkasilasaucunbra.com
azadkasilasaucunbra.net
azadkasilasaucunbra.site
azadkasilasaucunbra.xyz
bountyhlsena45.xyz
cccpakunataslasclass2.net
cccpakunataslasclass3.net
cccpakunataslasclass4.net
cccpakunataslasclass5.net
cccpakunataslasclass6.net
condeansleksmsnf87.xyz
fjasodfjmoas32.net
fujetgue.shop
fujevvvtgue.com
i7s67moz66xl1zz.com
macavalaesl485.xyz
movlysanems296.xyz
qppwefpeqwpepap25.net
qwojqkwefpok324.net
sabgggsabggg.top
sabgggsabgggsabggg.top
senliksizmakek.net
senliksizmakek62.net
tenchroouslam248.xyz
vanced.xyz
vilnodumci.top
xijunggao.com
xssjtuc2ncu8xx1.com
/NzFjMDI3MjVkNzdi/
/Nzg1YTc1N2RlNWQ4/
/Y2M5MmRhMWMwODg3/
/YzFmMjgxNDFkNDE0/

# Reference: https://twitter.com/h_krobot/status/1737145362102567122
# Reference: https://www.virustotal.com/gui/file/e2210cdfd0acfa3072073eac1867e7d3075b15e684cadddd138c30c8bc39f1e3/detection

193.233.254.80:8080

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2023-12-22)

http://112.213.97.151
http://113.30.191.25
http://139.162.128.215
http://142.171.66.98
http://143.198.109.200
http://149.115.225.24
http://149.115.225.35
http://149.115.225.38
http://154.9.29.45
http://154.9.29.46
http://154.9.29.85
http://157.230.101.205
http://158.160.64.192
http://161.97.107.72
http://163.5.169.32
http://163.5.64.105
http://163.5.64.106
http://163.5.64.45
http://163.5.64.88
http://163.5.64.90
http://178.236.246.142
http://18.141.202.110
http://185.250.210.36
http://188.120.234.10
http://193.233.254.44
http://193.233.255.121
http://193.42.33.102
http://194.233.75.102
http://194.33.191.105
http://194.33.191.199
http://194.87.31.108
http://195.2.85.14
http://20.121.44.156
http://20.163.24.200
http://203.23.128.78
http://207.180.224.118
http://37.49.228.68
http://38.242.150.72
http://38.54.96.204
http://38.6.187.146
http://45.147.248.240
http://45.150.65.142
http://46.28.44.28
http://5.182.86.93
http://5.35.99.214
http://51.250.100.208
http://77.246.97.192
http://85.209.176.55
http://91.215.85.133
http://91.92.248.89
http://91.92.253.185
amzlogin.fr
avalexmebel.ru
bancsabadell-info.com
blackmeti.sbs
citrusclaim.com
cpanel.alextrucking.com
elofffssamoilov2.fvds.ru
es-bancsabadell.com
es-bankinter-info.com
es-evobanco-app.com
es-evobanco-info.com
es-info-bancamarch.com
ftp.smssound.ru
hbotpanel.com
journalofasianmartialarts.com
my-parcel-tracking.org
nanglucso.hcmute.edu.vn
nerdmining.xyz
obszarabonencki.com
openai.ln.cn
panel.blackmeti.sbs
peace.rbear.ir
postal2.crispoltd.com
rb-n-clk.org
rb-vc.online
rb-vc.org
ruralvia-dispositivo.com
sendung-verfolgen.net
smssound.ru
telegramuser.servehttp.com
verfolgen-sendung.net
vm4792021.52ssd.had.wf
web-bancsabadell.com
webmail.alextrucking.com
webmail.fatimafoods.co.uk
webmail.precisionrenovationri.com

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Smishing/octopanel.txt
# Reference: https://twitter.com/ViriBack/status/1736503258326196314

http://91.92.254.42
octopanel.xyz
api.octopanel.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2023-12-24)

163.5.210.86:443
194.26.135.67:443
62.122.184.165:443
91.92.254.42:443
blackeuro.com.tr
denerinselektirik.com.tr
karadajanskal.com
karamelsepetikanas.com
milosrcrdos1821klmas.com
milosrcrdos1821klmas.net
milosrcrdos1821klmas.site
milosrcrdos1822klmas.com
milosrcrdos1822klmas.net
milosrcrdos1822klmas.site
sybracms12.com
sybracmsas112.com
sybracmsd412.com
sybracmssf512.com
sybracmsytu612.com
topchanov.live
/OGQyMDU0MzE1MWJj/
/OTJkNTAyZDI5Y2Ux/
/SBJjZWU1Y2UxAsH1/

# Reference: https://twitter.com/h_krobot/status/1740021575720820990
# Reference: https://www.virustotal.com/gui/file/0a2f1bdec6df99d0de397ffdd63f1c89341b7bd53fa4dd5868e567109fdd507f/detection

62.204.41.35:7117
62.204.41.35:8080
cuecbafftqqdsmqs.xyz
hgxxfucdlxpzkvtk.xyz
hiprkxfvgooeyxmp.ru
hvezqzgesxvpqnmb.xyz
hwncatajklhbnoji.ru
npqlhmykersomuxr.xyz
nvbspnzllxxbwkoq.xyz
obvahufupjjwrkue.ru
qyfqpmnwrxvbidca.xyz
rasajxrgmkmiewdy.xyz
slqypioqnivnxmyl.xyz
tgcawlvunvrtlvzc.xyz
tnhlpipvrgcwvxmg.xyz
trkkpxjzglxoqtrk.xyz
udsnzbsapojsatwd.xyz
vjeddqneqfnmboza.xyz
vsbdgzwnlbwcpjsh.ru
weqllbanibibfuhr.ru
ytpirnvlvesarskw.xyz
zaavfrpfhofmccvd.xyz

# Reference: https://threatfox.abuse.ch/browse/tag/Copper/

http://62.204.41.35
62.204.41.35:443

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2024-01-01)

http://102.37.219.190
http://130.51.21.247
http://146.19.247.239
http://146.190.144.131
http://176.123.168.62
http://185.146.157.147
http://194.87.31.42
http://194.87.71.41
http://20.102.111.125
http://20.11.200.213
http://206.189.204.202
http://212.224.93.252
http://38.54.94.129
http://5.42.92.164
http://65.21.87.123
http://82.146.54.42
http://82.146.63.254
http://87.121.87.53
http://91.107.125.247
http://91.107.127.201
http://91.109.178.9
http://91.217.177.121
http://91.92.241.133
http://91.92.244.38
http://91.92.246.71
http://91.92.248.249
http://91.92.249.6
http://91.92.251.115
http://91.92.254.119
http://91.92.254.200
http://91.92.254.55
18.141.3.52:82
1800747-vm37545.twc1.net
472-track.net
aaaaaaa.linx.contact
abonnement-ferroviaire.com
astramedplus1.fvds.ru
c-paketverfolgung.com
cpanel.agdetails.com
cpanel.fatimafoods.co.uk
db.harmlesskouprey-f4f67ad9.swizzle-test.com
ded959.hostwindsdns.com
e-paketverfolgung.com
es-bancsabadell-info.com
es-ruralvia-info.com
mailer.expandtrack.com
o-sendungsverfolgung.net
pedaret.fun
plsxclaim.com
to2express.com
vmi1510385.contaboserver.net

# Reference: https://threatfox.abuse.ch/browse/tag/Copper/ (# 2024-01-03)

bigscreenthrills.org
canna-oil.org
conferencecenters.org
duckfoundation.org
farmbilllawenterprise.org
foodpantrybestpractices.org
handsofgodfoundation.org
hypocrisync.org
jmccarth.net
levellivingfield.org
mynd5.com
ritestowritemyword.org
seismicsisterhood.org
team-speak.r2283.com

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2024-01-06)

http://176.113.115.188
http://194.26.135.29
http://194.33.191.206
http://194.33.191.34
http://2.57.149.175
http://62.233.50.113
http://83.97.73.246
http://85.209.176.160
http://85.209.176.190
http://91.92.242.212
176.113.115.188:443
194.33.191.206:443
62.233.50.113:443
83.97.73.246:443
85.209.176.160:443
85.209.176.190:443
91.92.242.212:443
alinmamisd0main1.net
alinmamisd0main2.net
babawwe2aa.com
bapasagkk33.ru
c2c2adfff.com
cccd1xzaza.com
ccuaayay2.com
cmkalanka1.shop
cmkalankada1.shop
cmkalankahs21.shop
cmkalankakms51.shop
cmkalankasga61.shop
ebwaebaw23xx.com
essmeel1ccc.ru
fexggohii.top
g232ddxda.com
gebasgao.shop
hppynweyreadaddies.com
hppynweyreadaddies.net
hppynweyreadaddies.xyz
hppynweyreadaddies10.net
hppynweyreadaddies10.xyz
hppynweyreadaddies9.com
hppynweyreadaddies9.net
hppynweyreadaddies9.xyz
kinonlisplazmaoplayor.com
kinonlisplazmaoplayor.net
kinonlisplazmaoplayor.site
kinonlisplazmaoplayor.xyz
lilisiaplaksiminailmas.com
lilisiaplaksiminailmas.net
lilisiaplaksiminailmas.site
lilisiaplaksiminailmas.xyz
pasaoglu48abc.ru
potasus000.top
pubeggggoa.top
pubetjokotg.top
pubettttg.top
ruuuajajs122.ru
sabaasbaor.com
verhovuh.top
vittixx2q.com
vukyggtou.top
xex2napggq.com
/Ct93YnSiPAKlQbK2/
/M2I3ZWFjNjNhM2I5/
/MzRlZGFmYzQ5Nzc0/
/NjkxZjRjMjNlYTY4/
/YjI0ZTQxMWI2ZjMw/
/ZjQ5NDRmZmVlNDI4/

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2024-01-16)

http://185.234.216.102
http://31.41.244.41
cinconistanplaskamist1.com
cinconistanplaskamist2.xyz
cinconistanplaskamist3.net
cinconistanplaskamist4.com
cinconistanplaskamist5.xyz
cinconistanplaskamisto.net
cstmsklmnaopstrlmas.com
cstmsklmnaopstrlmas.net
cstmsklmnaopstrlmas.xyz
cstmsklmnaopstrlmasistan.com
cstmsklmnaopstrlmasistan.net
cstmsklmnaopstrlmasistans.com
cstmsklmnaopstrlmasistans.net
cstmsklmnaopstrlmasistans.xyz
/OGI0NGQwMDlmMDUz/
/YTI2NzRkODRkZmM5/

# Reference: https://www.virustotal.com/gui/file/849ec08c5b9b871da364a88d544c42d44c45371f46e73ef7308e6d49a418602b/detection

16fdghhoo11.com
21fdghhoo11.com
23fdghhoo11.com
24fdghhoo11.com
26fdghhoo11.com
28fdghhoo11.com
29fdghhoo11.com

# Reference: https://twitter.com/Threatlabz/status/1603419613135446017
# Reference: https://twitter.com/Threatlabz/status/1617579712062324737
# Reference: https://github.com/threatlabz/iocs/blob/main/android_malware/coper_iocs.txt
# Reference: https://www.virustotal.com/gui/ip-address/62.233.51.32/relations
# Reference: https://www.virustotal.com/gui/file/a9fbd4602aa70cb8801cb34d0891488ca79e07448a9b79087ee9c51e8a40ede7/detection
# Reference: https://www.virustotal.com/gui/file/30ac422dbbec1b8601e0303a37f1f508817ac3987a1363403439ad2f339027cf/detection

10fdghhoo1.top
10fdghhoo11.top
11fdghhoo11.top
124fdghhoo1.top
125fdghhoo1.top
12fdghhoo11.top
1322fdghhoo1.top
1324fdghhoo1.top
1325fdghhoo1.top
1327fdghhoo1.top
1328fdghhoo1.top
1329fdghhoo1.top
13fdghhoo11.top
14fdghhoo1.top
14fdghhoo11.top
15fdghhoo11.top
16fdghhoo1.top
16fdghhoo11.top
17fdghhoo11.top
18fdghhoo1.top
18fdghhoo11.top
19fdghhoo11.top
1fdghhoo11.top
20fdghhoo1.top
20fdghhoo11.top
210fdghhoo1.top
21fdghhoo11.top
220fdghhoo1.top
2320fdghhoo1.top
234fdghhoo1.top
235fdghhoo1.top
237fdghhoo1.top
238fdghhoo1.top
239fdghhoo1.top
23fdghhoo11.top
24fdghhoo11.top
25fdghhoo1.top
25fdghhoo11.top
26fdghhoo1.top
26fdghhoo11.top
27fdghhoo1.top
27fdghhoo11.top
28fdghhoo11.top
29fdghhoo1.top
29fdghhoo11.top
2fdghhoo11.top
30fdghhoo11.top
3fdghhoo11.top
4fdghhoo11.top
5fdghhoo11.top
7fdghhoo11.top
7fdghhoo1.top
8fdghhoo11.top
9fdghhoo11.top
3countbt.pw
alleggro.pw
btcountates.fun
countnatbt.site
mix3etbt.website
vat-app.su
/YWRhZjAxNGM1YjFh/

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2024-01-23)

185.234.216.102:443
194.26.135.29:443
2.57.149.175:443
31.41.244.41:443

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2024-02-04)

http://94.156.68.144
94.156.68.144:443
bb2wexx2x2aa.com
hk-49847.com
hk-49847.info
hk-49847.net
hk-49847.org
hk-49847.xyz
jolaxodanser.xyz
jolaxodanserxyz.net
karleonno.top
sybrstrmtdiyari.com
sybrstrmteknokalak.net
sybrstrmteknopark.net
usdtethchasmanthiumapp.com
usdtethchasmanthiumkls.com
usdtethchasmanthiumlg.com
usdtethchasmanthiummgl.com
usdtethchasmanthiumsmg.com
usdtethchasmanthiumtch.com
wexx2x11x2aa.com
wexx2x2aa.com
x2313xsdx2a.com
/MjU0MjdiMTZmNDVh/
/NzBkMWE2ZDM0MWE2/
/ODA3ZDkzYmFjMDdm/

# Reference: https://twitter.com/0x6rss/status/1757009614963417356

ahsanavahsanaarada.com

# Reference: https://twitter.com/noexceptcpp/status/1766180706852458935
# Reference: https://www.team-cymru.com/post/coper-octo-a-conductor-for-mobile-mayhem-with-eight-limbs

http://185.198.69.111
http://2.57.149.150
http://83.97.73.195
http://91.240.118.224
2.57.149.150:443
83.97.73.195:443
91.240.118.224:443
2istanbullu2586.xyz
asapmarket-shop.com
asapmarketonionlink.com
karmelinanoonethousandbaby.net
onionmarketlink.com
sanagerekkalmaz1453.shop
tor2doormarketonionlink.com
vicecitymarketonionlink.com
/MTFiMzQ4NGQ2MWU4/
/MzZhMGJjZTJkOGI3/
/NTBiZmM4ZDQ2MWY2/
/NjQyNDcyMjE3ZWU3/
/YzI4MGFhZjI2MmM5/
/ZTIwNDEzZjM4YjYw/

# Reference: https://www.virustotal.com/gui/file/f45ad4c01896d4411798b0cc20be779069137a9d3bb91c8d2ab2a7e2541cf9f5/detection
# Reference: https://www.virustotal.com/gui/file/ddda1869096918aba5ba310a63bca203f3879c8b193ad9b3d160c883b60840f6/detection
# Reference: https://www.virustotal.com/gui/file/89719b0a537b38235eccc877c9412fd353a0d5ef282134ffab4315e67c8b68ed/detection
# Reference: https://www.virustotal.com/gui/file/7ac0367274042d8b21f2da7719df53d4a46b7b7450ea1d2c1166130dc0b7daf0/detection

ipolastationplasma1bmx.net
ipolastationplasma2ford.com
ipolastationplasma3apple.net
ipolastationplasma4samsung.net
ipolastationplasma5merc.com
ipolastationplasma7class.net
ipolastationplasma8pla.com

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2024-04-11)

http://176.113.115.235
http://185.11.61.219
http://185.161.248.52
http://185.198.69.119
http://194.26.135.62
http://194.26.135.99
http://2.57.149.104
http://212.87.204.3
http://213.109.202.108
http://213.109.202.210
http://31.41.244.178
http://45.93.20.145
http://83.97.73.125
http://83.97.73.205
http://83.97.73.254
176.113.115.235:443
185.11.61.219:443
185.161.248.52:443
185.198.69.111:443
185.198.69.119:443
194.26.135.62:443
194.26.135.99:443
2.57.149.104:443
212.87.204.3:443
213.109.202.108:443
213.109.202.210:443
31.41.244.178:443
45.9.74.166:443
45.9.74.60:443
45.93.20.145:443
83.97.73.125:443
83.97.73.205:443
83.97.73.254:443
2istanbullu2586.com
3istanbullu2586.xyz
4istanbullu2586.xyz
5istanbullu2586.xyz
6istanbullu2586.xyz
8istanbullu2586.xyz
aaaaoooopppplllll33.com
aliatabakastabumerangs.com
asamanaproductioneditionalsk.com
asamanaproductioneditionctfm.com
asamanaproductioneditionkdna.net
asamanaproductioneditionksla.net
asamanaproductioneditionpskl.net
asamanaproductioneditiontols.com
asamanaproductioneditiontsma.net
axskowoe20.com
bavuor.bond
boloneser.top
cmsdisybnererd5345.com
cmsdisybnererdasd65.shop
cmsdisybnererdefs.shop
cmsdisybnererdgfdgn2.com
cwcwac3f422af.com
domnicaa.top
feeeleen.top
fqfqosoleosak23.com
g2agfawfw.com
h13f2hah2aa.com
h23hxa22f3f2a.com
iakyanalica.org
kamalankaranda.com
kamanbarsayan.com
kanardansaydan1.com
kanepedeyatan.shop
kapandayarankal.shop
kapandayarkarnaval.shop
karakalandan5.com
karakalandankasd5.com
karakamazandar.com
karakasabadakan.online
karamdasn2.shop
karamdsadvs2.shop
mabelkanadan.shop
makaraaras.shop
mine-495834.com
mine-495834.info
mine-495834.net
mine-495834.org
mine-495834.xyz
mulaktix.top
munison.top
prizurisaby.com
psgrcsklmmalloc2prisma.net
psgrcsklmmalloc3prisma.net
psgrcsklmmalloc4prisma.net
psgrcsklmmalloc5prisma.net
psgrcsklmmalloc6prisma.net
psgrcsklmmallocprisma.net
sayankarakam2.com
semikan.top
tecbabbshop24578.shop
tecklardankalan.shop
udefano.top
usdtzshlavkovacamoke.com
usdtzshlavkovalasgo.com
usdtzshlavkovavolvo.com
usdtzshlavsmoked.com
valeriamygirlinstripcalloc.com
vaodfko2342o.com
vasderosxls11.com
xkslsxll294os.com
/MGQ4MDE1ZDk3Nzc1/
/MjE2YTczY2MxNjA0/
/MjM2YTBkOGJlZjU1/
/MmExODA3MDAzZjA5/
/MmZmZGVlMjI3NzU0/
/MzUyMGI3MTIxOWFk/
/MzdiNzU5NjJkZTNm/
/NGI0MWEwZjI4ZGQ2/
/NmE4NzY2MmIzMTM2/
/NmVmZmJlZTA2MDNm/
/NzFlZWIzNmYwZDI5/
/NzliMmE4MWUxNTI0/
/ODliMzBlMGQ5OGUz/
/ODllNjM0OWJkNmU2/
/OTM5ZWJiZGQyNzJh/
/Y2JhNzZhZWRjMzlm/
/YTNjMDBmOTViNTc3/
/YThiMDnQ4MGQwZTI1/
/YThiMEQ4MGQwZTI1/
/YThiMMDMQ4MGQwZTI1/
/YThiMRQ4MGQwZTI1/
/YThiMeQ4MGQwZTI1/
/YThiMvQ4MGQwZTI1/
/YWIyMjliZGQwY2Fk/
/YWRmZmU3ODRmY2Q4/
/YWZiMzRmNzA4Nzk0/
/YjM2NjM4YTE3ZjQ2/
/YzI5ODZlNGFhYzNh/
/Yzg2OGJiOGU5OWQy/
/ZDFmMDlmZWE1ZTJi/
/ZDQyN2NmOGEZOTIK/
/ZDQyN2NmOGEzOTlk/
/ZWI0YWMyYmFlODBl/
/ZjM0NjUxNDM5MmVi/

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2024-05-07)

2adiletasarim.com
2moneycsasfasfh.com
2moneycsasfasfh.net
33moneycshlazim33.shop
3adiletasarim.com
3moneycsasfasfh.com
4adiletasarim.com
5adiletasarim.com
adiletasarim.com
agambenikoviyoryav.net
agambeniseviyoryav.com
akuaakveryum.top
arackiralamacankiri.com
asperonilaclari.top
atasehirkkuaforu.top
ataseiorunaa.top
bebeklerdeoynarx.top
benkadereyenikdustum.top
biggiyenim.top
bluzgipx.top
bontmawy.xyz
canankarataylabebek.com
candancanda.top
canozturkkaka.top
cigkoftebedavahizmetim.top
dultzown.top
dyltwerm.xyz
evcilkusbesleme.shop
fitildeyenilerdin.top
fpyxzorv.top
fqunpluz.xyz
fruljilk.top
fruzjenk.xyz
fwizjexy.top
glaxwimb.xyz
gufxdixt.xyz
hayvanyemekveriyoruz.top
hifkxarp.xyz
hizlimkaretdealisveris.com
hozzkwor.top
huzunluponsimm.top
jilepofk.xyz
jilkqypt.xyz
jiqkkuzn.xyz
jivmzylf.xyz
jyjgoyydia.com
kaderbizegulmezmi.top
kaderdegulmzx.top
kaderimyaziklar.top
kambarca.top
karaaslancamping.xyz
karakafsafndan5.shop
karakalaasdgtg.shop
karakalanda346.shop
karakalanfgdfg.shop
karaklpak.top
karakutuoynlar.top
kardesimbenikoviyoryav.net
kardesimbeniseviyoryav.com
kediseakiyoruz.top
kekembeniseviyoryav.com
kenedabirnumaratedavicisi.xyz
kervplun.xyz
kipxfuvz.top
klurjorp.top
kopekuyuztedavicisi.xyz
kuplzavn.xyz
marababrtdakand4.shop
marababrtdas.shop
marabkanatlarda2.shop
maraksatandas13.shop
mixylozt.xyz
mkkaoooama.top
moneycsasfasfh.com
moneycsasfasfh.net
moneycsasfasfh.shop
moneycsffhgm7.shop
moneymaskalandd.shop
mopelas.top
oyungouardman.com
oyunlarlemmi.top
panssiyoncukuryesi.top
plimqylx.top
ploxqenj.top
quoxvebz.top
qwipblom.top
qyrlzymp.xyz
rabaffet.com.tr
rabaffet2.com.tr
rabaffet3.com.tr
rabaffet4.com.tr
rabaffet5.com.tr
rabaffet6.com.tr
rabaffet7.com.tr
rabaffet8.com.tr
riltshuv.top
saglemkzanlar.top
seningibiadamlarbenisev.top
seniseverdimbenenaz.xyz
servisdepaketlemem.top
sevmekdeacilar.top
sevmenenenaaa.top
sevmesenneeeolur.top
sevsenneolurduuuu.top
sirljufi.top
tecald.xyz
tecklardagasda2.shop
teckmarakbads2.shop
teckmarkanary1.shop
teckmarkanmdas4.shop
tokatmotorcukuryesi.top
topcularaktaricisisedat.shop
vasathastalari.top
vempyurt.xyz
verdilerbizeikiadam.shop
vikexems.top
wustyelk.top
yampdrik.top
yavuzllarmarketim.shop
yedekleregldk.top
yenihacamattedavicisi.top
yeniseylerdenememelan.xyz
yeniuygarckaportaci.top
zirbnarg.top
zixpjovr.top
zorbpuft.xyz
zoxtneep.xyz
zwolkrip.xyz
zyptqalv.xyz
zyrmjuxp.top

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2024-06-12)

http://185.234.216.120
http://194.26.135.67
http://45.88.91.119
http://62.122.184.165
2moneyeuroland.com
2moneyeuroland.net
3moneyeuroland.com
3w0mi18gkfrf6l8a8d09camel.store
54ggter6ujfgt.site
6adiletasarim.com
6zimks6know8jihvtoa8camel.store
7adiletasarim.com
7l19jlu5trkqndh24li4camel.store
8adiletasarim.com
97felu2ehv0r5iff3cslcamel.store
9adiletasarim.com
adbennaberortak.com
adile56tasarim.com
amcakalarada.shop
anilardvrimi.xyz
anilariniziunutmayinolsun.xyz
anilarinpeksimdihayatolsun.top
arabadakal.shop
aritmasuyux2.com
astralanahatarim.top
bananamanana.org
baslayalimcalism.top
beyazgelinlik12.shop
bilebilegndere.xyz
bileneaferinbilmeyeneketamn.xyz
birbirbirdenikidir.top
birgunolucakelbeet.xyz
birimammonedm.top
biripildiridur32.com
biripildiridurdursunlaan.com
bitmeztukenmezbuenerjj.xyz
blifqevp.xyz
brfw0g97s9mwun8juhb0camel.store
bumberceket56.com
buyuluaynalarqizq.top
buzbuzdagdaglari.top
caymahedsocyescez.xyz
caymedcoymenconez.top
cikaracolukcagiz.top
ckinsanaffettmm.top
cocuklukankarakoc.top
dememelalemnedeerr.top
demetakbaslobinezdomez.xyz
dizaynmalikane61.com
dlounayyanimda.top
dnliyomsadeceuzaktan.xyz
estankaralar.shop
evdesuyok51x.com
evsizlikmerkezvaz.top
ferocanagahacibaba.net
ferocanaseviyor.net
ferocandelimisin.com
ferocanhackerr.net
ferocansinyalcimisinla.com
fesatlarafesatkk.xyz
fesatokero.top
fozkiv.xyz
frewgewhy6fg.top
fynxqolp.top
gabirezdolirezdomez.xyz
gecelerisvdmpkiyasen.top
gecicekyramatuzatma.top
gikmuv.xyz
gizemlihayallerkurmakolsun.xyz
gizemlisularinsirriacilsin.top
gizlimucizelervar.top
gormedenglenlereslm.xyz
gucunuzetkilerqo.top
gufwap.xyz
guzelliklerinpekisiolsun.xyz
guzelliklerinpesindeyizolsun.top
guzelliklervarqac.top
guzelresimlerqazan.top
haberlersvar01.com
hadikapanikapatsana.xyz
hadiordangel23.net
hafizadondurucuq.top
hahyolkabinezlokezdo.top
hakandakal2.shop
harmancomesdel.xyz
hasretkalmanav.shop
hasretkalmanavdas3.shop
hatipbabagelipdol.xyz
hatirlaunutmauyan.top
hayalperestdunyalarindanolsun.top
hayalperestdunyamagazinolsun.xyz
hayatrenklidirnefesolsun.top
hayattansikayetim.top
hediyesepetcidepoz.top
hqj6lhsgcnuxfnlj5y95camel.store
hudxap.top
huzursuzoyundunqa.xyz
huzurunadresigizemliolsun.top
huzurunkaynaginagidenolsun.top
huzurunsirrikeyifles.xyz
hyatyumrukgibi.top
inandiricibakisvu.top
isteklergelirgiz.top
izlemebskasiyla.xyz
jey6mjdyerh82k.online
jikmzyrf.xyz
jizqkuwp.top
jopzblix.xyz
jorzklyv.top
junggvbv.com
junggvbvb.com
juxleq.top
jylxqizm.xyz
jypzquzx.top
k6fvq8c11dqqjd446ck9camel.store
kafaneredeciler2.shop
kafaneredecilersda2.shop
kahvehanekeyfian.top
kalptenbagnazimi.top
kamaradas412.top
kamarkadals53.shop
kamelyanat5.shop
kapankralda.top
karacellalder.shop
karadalganagerekta2.com
karakapkaraklpak.xyz
karakaplandalgada.shop
karakaplandalgada124.shop
karakaplandalgadadas.com
karalarlanasa.net
karamakarnakalem.com
karayakder2.shop
karayanlardanmak.shop
karayipkalanda.shop
karedekalan.shop
karekeldeds.shop
karekeldeds4.shop
kdehrweuybvfrer4.xyz
kefalmefaltefal.xyz
kelebekleroyunuq.top
kelebekortulerqoq.top
kelimelermekaniq.top
kemerdekaradar.shop
kemerdekaradara123.shop
kemerdekaradarderler32.shop
keskecokdileyipto.top
kfamhepkarambol.top
kiremithanedekiler.shop
kirmizimavigelldii.xyz
kovjep.top
kozanaseviyor.net
kozandelimisin.com
kozanhacibaba.net
kozanhackerr.net
kozansinyalcimisinla.com
kranliktaaradm.xyz
kuzpjynx.xyz
kyrtasarim22.com
kyrtasarim22.net
kyrtasarim33.com
laleneredeler.shop
larnakdalar3.shop
leardolordoloro.top
lemanobelki.xyz
leoyuz.top
lupzod.xyz
maceraperestdunyagezin.xyz
mahalleestankaralar.shop
mahallekaradakal.shop
mahmatagada.top
makcolanivaesto.top
manavhakanlar.shop
manavkaradas.shop
marabakalem.shop
mariooyunoynuyorx.com
martilarlaaraba.shop
martilarlaaraba2412.shop
masalsendromuduygusugelsin.top
massakarada.shop
maviceketler.shop
mavidendercam.com
mavidendercamlar2.com
maviderinasfkalem1231.shop
maviderinkalem.shop
mavideritarak2.shop
mavidlimanda.shop
mavidlimanda123.shop
mayadabeniseviyor.net
mayadadelimisinyav.com
mayadahacibaba.net
mayadahackerbaba.net
mayadasinyalcimisinaga.com
meibuzjasta.top
melonna.top
midigomebeniseviyor.net
midigomedelimisinyav.com
midigomehacibaba.net
midigomehackerbaba.net
midigomesinyalcimisinaga.com
moneyeuroland.com
moneyeuroland.net
moneyeuroland7.com
moneyeurolandbabis.net
moneyeurolandcamp.net
moneyeurolanddelicim.net
mutlulukkutusuhediyeolsun.xyz
mutluluklimanlarigibiyolculuk.top
mutlulukyolculugudanolsun.top
mutlulukyolculuguguzelolsun.xyz
mutlusunakyollar.top
nefeskesenfirtina.top
nehirkenariyozca.top
neredekalgelsn3.shop
nevdiz.xyz
nisiqnisiq.com
olanlarigoruceez.xyz
plukqerj.top
pluxzwik.top
pq2trelsquu44xbpritocamel.store
qidvob.top
qlizfuvp.top
qowzef.top
qubzzimp.xyz
qunxbliv.xyz
quvmfuzj.top
qyphfipx.xyz
rahatlikbuyukuyar.top
re5bvyc4l6004tqmtzp4camel.store
renklidunyalarinrenkleriolsun.top
renklikalemlerimagidolsun.top
rizyat.top
ruhumdnzincirr.top
ruyalarindabulusmakolsun.top
ruyalarinyoluyolculukolsun.top
sabgggsabggg.com
sabirsizlaniyorum.top
saffetsafmigerckten.top
sagliklidayanikliq.top
sahrayedcomineztopes.xyz
salihogobinezdolinez.top
sankioguncokuzakk.top
saskinalacagimiz.top
savuryadarsavuun.xyz
saybyebyetohepiniz.xyz
sayrodfalireznolere.top
sedakavanozkapagix1.com
sekenmakaslar.shop
sekenmarabatayfa.shop
sekenmarabatayfabanane.shop
sekensenserr.shop
selammudur24.com
sevdaninsarkisigibigelsin.top
sevgidansarkilarigelsin.xyz
sevgiliaskcekilis.top
sevgiyolculugugibioxyzgelsin.top
sevgiyoluolusturmakolsun.xyz
sevgiyuregimizdeyerolsun.top
siqnisiq.com
snayatkatalicam.xyz
sogukkanlifirtina.top
sonsuzlukhikayesibaslasin.xyz
sonsuzlukyolculugundanolsun.top
sonykulaklik61.com
sorunludavranisvu.top
spedarito.top
spritecocola.top
tabukareler.top
tahirbankobinezcomez.xyz
tahirwolwerdoviz.xyz
tahtalivilazdolezdominez.xyz
takhoplikezdomez.xyz
taktimbirtipayivedekovayi.top
taktmkafayikapattmkafayi.xyz
tambanunakere.xyz
tarakomizdolirez.top
tavimtopindomiz.xyz
tekireztokirezdomez.xyz
terektorekdomirez.top
teyfangobinezdo.xyz
tupfij.xyz
tutankamunhaci.top
umutgunesindeyizolsun.top
umutharitasiguzelolsun.top
umutkaynaklarihayatinolsun.xyz
umutkutusuilehayatolsun.top
umutseslerimutlulukgelsin.top
vazgecilmezlikvur.top
vypzjiqv.top
wemdap.top
werboq.xyz
wlw7obu15d6ru3eqy3o8camel.store
xepmeq.xyz
xotpin.top
xulqir.top
yakanbirkarda.shop
yakanbirkardanma.top
yavasyavaslo261.com
yildizlararasindayolculukolsun.top
yiqvux.xyz
yoktuhcfener.xyz
zivxfqim.xyz
zoxkfwem.top
zupqel.xyz
zytkqapv.xyz
/DykKyhj8rWCVWqhA/
/MTEwMWE4ODFhNzhl/
/MjE3ZTBjN2RmM2M4/
/MjVlNzNjNDFiZDM3/
/MmI1M2ZiMGRmODEy/
/N2MyMzExNGVhYjNj/
/NzUxNjc3YmZjNTNl/
/OCVUPWbr7dFIrXmf/
/OGQyZWQwNGUyZDk3/
/OTE5MzgxYWZiNjk1/
/OTMwMzA1YjQ0NDMy/
/OTMzYzQ3YzgyOGRk/
/YTI3NTJmYWY0MWE2/
/ZDQ5M2JhM2ZkZTkx/
/ZDgyNWM4Zjc4NGU2/

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2024-06-16)

fabguk.top
fuxjeb.xyz
gupbey.xyz
jaffioptru.biz
jaffioptru.me
jizxeb.top
jowqem.xyz
juvqat.xyz
kezxof.top
kipfeg.xyz
kozwix.top
lofyam.top
podguf.xyz
qexwip.top
qunloz.xyz
rexqaf.xyz
vopriz.top
wojvuz.top
yubtaz.xyz
zembix.top
zubpiq.xyz
zuclav.top
/MGI1MTY1OWRjMDc4/
/ZWU1ZTRhMzU1Zjdi/

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2024-07-07)

aciktimlanb3en51.com
aglayancivciv3.com
amagibikertenkeellee.top
avmevsimibsladikk.top
bardaktakolakeyf34.com
basgaan24.com
bedelniodedkicmzynayna.top
benkolaicmemihtiyar51.com
benyemekyememihtiyar2.com
bibertursusu3424.com
bilereklermibildiler.top
birdnbireoluvrdihrsy.xyz
biricruelidurdursunloo.com
biricruelidurdursunn.com
cehennemiyasiyoz251.com
chennemburasialmnya.xyz
cruelgurcistandaaaa42.com
cruelveblack32.com
dardidardomama.top
dertlikaygisiz04.com
giydirbilirfren.xyz
gldigimyerchennmindibi.top
gozlermkankrmizisi.xyz
gurcistancruell33.com
gurcistanlicruel331144.com
guvenli-odeme.xyz
hayatsuic24.com
kaygisizamamutlu04.com
kebapyokmulaaan51.com
keskinbaltadndu.top
kirmizibalikgolde34.com
kolaicmiyorumlanben3.com
kraltacikralmisinhaci.xyz
lalagkcvagurcuuuu.com
mamudoiledostadogru.com
mamudoilekeyfyap.com
merhabalarlao55.com
multipay-3d.website
mutlucivciv25.com
naberbebekbenkelebek34.com
novediaben52.com
novediayladostadogru3.com
sefernakliatfln.xyz
selambasgann2.com
selamcanim2361.com
selamkralhg5.com
senanlamazsndili.xyz
sigaracokhojdur1.com
sinirlicivciv.com
sirma5sodaas.com
sirmaicinmutluolun.com
sirmasokahojdurloo34.com
sokakdaldiregibas.xyz
tlefondingalokimo.xyz
uiyynuripapacum55.com
ustuneyagdimrmi.xyz
uyumuyorumlanben2.com
uzanrmigokyuzuneumutlarm.xyz
verelmsnieldenele.xyz
yemekyoksuyok42.com
zatenacikmisttm.xyz
/YTkzZjFhNDE3YmRm/
/YjNlM2ZhMjlhNjNi/
/Yjk4YzA3MGNhZjFl/
/YzBlNzk4NmVlZDA0/
/YzRmZmJjZTg1ZmVj/

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2024-07-26)

cehennemdirloo34.com
gurcustill254.com
hava540derece.com
havalarsicaktir.com
kesmecekarpuz.com
kesmecekarpuz.site
kesmecekarpuz145.com
kesmecekarpuz5446.com
kesmecekarpuz8455.com
kesmecekarpuz878.com
lolo2naberlo.com
mutocosturoyur.com
otururkenterliyorum42.com
r4s5t2t2fa.com
selamcanoonaber.site
sicakdanbeynimyandii2.com
sicaktanbayilcam52.com
/NGE2Y2RjYjdmYjg3/
/YmJhM2M5ZjYyODY5/
/ZDljMGYyZTQ3YWRi/

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2024-09-08)

2hizlireklamhizmetleriya22yinda.xyz
3hizlireklamhizmetleriya22yinda.xyz
4hizlireklamhizmetleriya22yinda.xyz
700biribizidurdursun2645.xyz
730biribizidurdursun21645.xyz
75biribizidurdursun2645.net
75biribizidurdursun2645.xyz
785biribizidurdursun2645.xyz
achromehads4.com
ad2lobugfa.com
afascalladdin.com
alaadinekoyam24.com
aladdin-sihirli.com
alibabacosturuyor4.com
amntvyayinda.com
b2iribizid7urdursun2645.net
belkemigi6525.com
bookak2222.top
bookak44333.top
bookaka5555.top
bookakas323.top
bookakasayyy3.com
calismakke3407.com
cehennembu.com
cennetbu45.com
clubegelirsiin34.com
denizhostur.com
doneryey52.com
enginarye253.com.com
gustooook.top
guvenlihizmetindehizli.xyz
hasbelgar56142.com
hava31dereceloo5.com
hizliguvenilirreklamhizmetleriyayinda.xyz
hizlirekl3mhizmetleriya2yinda.xyz
hizlireklamhizmetleriya22yinda.xyz
iskenderkebapsev34.com
karlihava.com
kemikadam252.com
keyfetmutluol0607.com
kfteekmek23.com
klttvyayinda.com
kralnaberkofte2.com
kubarbazhaydo.com
loksusnivepasassszuxeko.xyz
magiciallamb251.com
mutoyagotten.com
mutoyubairtiom.com
mutoyubartirsin.com
mutoyuyariom.com
nabertglalfa.com
nisvsorupsssazusxehome.xyz
opmtvyayinda.com
parlementsigara651.com
piskestanesi.com
portofenas.top
selamb3alim52524.com
selambalim6y1.com
selamcanm6142.com
seversiin34yapcazlen.com
seversiinsirnak.com
sirnakliskcisi34.com
submarinelenn2.com
tisavoraktsstumahozexe.xyz
yaprakdolmayekeyfet1.com
yedekalandi2324141.com
yemekyermsin3407.com
yeter5artiklen.com
/MTA2MzQzMjEyMzM3/
/MTE3ZjViNjA2ZmU3/
/MTU0ZWU0MWZhOTdj/
/YmE1ZjViODYyMDhm/
/Zjc1YmEwM2VkNzhh/

# Reference: https://app.validin.com/detail?type=hash&find=947600ffe1e1cf4b1e191a494f9709d5#tab=host_pairs_v2

abemone01ker.xyz
akilliuygulamarehberi.xyz
biribizi15kendimizegetirsin.xyz
biribizikendimize32getirsin.xyz
dogaltatlaryolculugurehberi.xyz
edevlet-sorgu-islemler.xyz
elifbutikeri.xyz
ferolimanivrox.xyz
fronelixom.xyz
genisaperdeler.xyz
gezginlerrotasi.xyz
goltrimaxevu.xyz
hayalinizdekiseyahatgezisi.xyz
hidfolobena.xyz
internettenparakazanmatavsiyesi.xyz
jarlivenkoru.site
jarolinamovexr.xyz
jerominalexvor.xyz
karlovinarelox.xyz
kolvanarexilon.xyz
lavrionexmorz.xyz
lornivex.website
mornivalegex.xyz
nevralixo.xyz
norvinareloxam.xyz
pelonivaremaxo.xyz
rsocretessadazexe.xyz
solvinarilemax.xyz
sosyalkitapmagazasi.xyz
sporvetrenmanlar.xyz
tarihgezginciligi.xyz
tarolinaxmover.xyz
teknolojikmarketim.xyz
trafisplenax.xyz
tralonivexomar.xyz
traximorv.xyz
trevinolaromex.xyz
vdfdkallsidfrtivssuheno.site
vernolimarevox.xyz
voranilaxemox.xyz
vorinaxrelmoz.xyz
xerolimaxonvor.xyz
xilonarevlex.xyz
yemektarifdefterim.xyz
zanorvix.site
zarolinavexrom.xyz
zekurapssvfrtivssuheno.website
zenofilatro.website
zepolinavext.website
zepolinavext.xyz

# Reference: https://app.validin.com/detail?find=154.216.18.48&type=ip4&ref_id=cfad8624bd4#tab=resolutions

asklardannn.xyz
jtsekirvsorsaapumahaxe.xyz
tsekirvsorsaapumahaxe.xyz

# Reference: https://app.validin.com/detail?find=193.143.1.24&type=ip4&ref_id=8949efba147#tab=resolutions

cocacolaiciyorumm.com
doneryiyombasgan.site
pikniktupu2534.com
slmla6242nbr.com

# Reference: https://app.validin.com/detail?find=193.143.1.9&type=ip4&ref_id=77075683069#tab=resolutions

basgaancosturuyor.com
biribasganidurdursunn.com
haingelin6507.com
sacmagelin6605.com

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2024-09-09)

hdewuhunfrv74f.site
kuurjfds8rjrdiwse.online
sdnskdnjsdkls.online
sdnskdnjsdkls.xyz
sdnvvskdnjsdkls.xyz
uhgtr9jjdiuriegvjudf.top
ukhfrerl84hnfjdlns.online
wikiwiki19.xyz
/NDVjODg4NjBjMGE1/

# Reference: https://www.virustotal.com/gui/file/0492ddf5c1683c7e1c2d44aef5497b277f2f39727267b94406cb470199750960/detection

barcelonacokhojdur34.com
cocolaickeyflen34.com
karaakcan242.xyz
pejo106gtialsana34.com
reksonailemutluol434.com
/NTFkNjVmNTMyODdh/

# Reference: https://www.virustotal.com/gui/file/a0fe3c1b8bb0365fa00761dcb9dfff06b1c41472ea1ebf8b8d846aa0830b8a1f/detection

adisback.com
apicloudream.com
apkmiacmayinlen.com
apkmikimseellemesinn2.com
cocacolaiciyorumm.com
colaicmutluol34.com
hastagapkamdanuzakdur.com
infosadhersion-netpremiumvideo.xyz
usomusikiyorumlaan.com
/OGJjM2YxN2U3YjBl/

# Reference: https://threatfox.abuse.ch/browse/malware/apk.coper/ (# 2024-09-22)

http://46.19.138.93
46.19.138.93:443
1primesecgate.net
2primesecgate.xyz
3biribizidurdursun36.xyz
3primesecgate.com
4biribizidurdursun36.xyz
4primesecgate.com
5biribizidurdursun36.xyz
5biribizidurdursun361.net
5biribizidurdursun536.com
75biribizidurdursun536.com
75biribizidurdursun536.pro
aiposcmplso2.com
aiposcmplso42343.com
aiposcmplsoi343.com
aiposcmplsoi3467.com
biribizidurdursun310.xyz
biribizidurdursun36.xyz
dog-sleep-top.com
flimdwex.xyz
flozgryp.top
fox-loop-look.com
funky-dogg.com
gornvazk.top
jaxkkilv.xyz
jenxkimp.top
jortgixm.xyz
jurbquop.xyz
juztklax.top
klynquaz.top
kuznplev.xyz
kylpquik.xyz
kyrnzapl.top
mind-rainbow.com
plorjixy.top
primesecgate.com
quimjorp.xyz
quyljenz.xyz
quyxbopz.top
rahat-lukum.com
rahat-lukum.net
vurzjelp.top
wopxplin.xyz
zifxwylp.top
zoxpfluv.xyz
/MmM4NjczNTUyYjAy/
/NTQzZmI0YTdmMjNl/

# Reference: https://www.virustotal.com/gui/file/135391b454ad3efe1126b71761851403d7a720cf9f2af8bebfd93d0abc5e9ed0/detection
# Reference: https://www.virustotal.com/gui/file/e34f6d3d58dc0346f757754f5ebd241e429151960638cf513d8d5281c626b922/detection
# Reference: https://www.virustotal.com/gui/file/bde75d5ced9e80d854c0f0eedadcf1b1edd026acd6a39b0ea700a108355e6689/detection
# Reference: https://www.virustotal.com/gui/file/b8f539cac92e5468e654ad2faa59a8ed1299c62996ae340e927cd150d191e55f/detection
# Reference: https://www.virustotal.com/gui/file/8121fffbc41fe7c4330039a3253e87bbdc5e1bb0938ffe665c0d8d6890d9ddf2/detection
# Reference: https://www.virustotal.com/gui/file/76e27a8531e4d7e3716fbccc465eebda5ff6561e221607a6ed9fb6fec9ffc1cf/detection
# Reference: https://www.virustotal.com/gui/file/573163b091289004ecfce8e4d593692522c5262c3c6a858be1d753dc10824f55/detection
# Reference: https://www.virustotal.com/gui/file/135391b454ad3efe1126b71761851403d7a720cf9f2af8bebfd93d0abc5e9ed0/detection

bebekbakimrehberi.baby
bebekoyunlari.baby
bilgiplatformu.icu
cocukoyunlari.baby
denizsefasi.boats
eglencelieglence.fun
eglenceparki.fun
genclikfestivali.xyz
herkesicinkitap.store
kulturvesanat.xyz
modadunyasi.store
muzikevi.fun
oyunzamani.fun
sagliklitatlar.store
sanatkitapligi.store
sualtikeifleri.boats
tatilcenneti.xyz
ucuzucusahane.icu
yelkencilik.boats
yenibaslayanlaricin.icu

# Reference: https://www.virustotal.com/gui/ip-address/94.156.71.148/relations

dogalurunlerveyasamdestekleyicigirisim.xyz
fotografveyasamgozlemleriyledoluhayat.xyz
sanatvesaglikarastirmalariplatformu.xyz
teknolojikgelisimlervehayatimizdakirolleri.xyz

# Reference: https://www.virustotal.com/gui/file/a18205071da9415e2b1d27be37bd780c42cd18f85d3f0ae4d4c3e2a4a692ee9f/detection

bebekbakimi.baby
bebekrehberim.baby
bilgipaylasim.icu
cocukveoyuncak.baby
denizseverler.boats
eglencedolu.fun
elektronikstore.store
eniyiteknoloji.icu
evdekispor.store
gezginlerkitabi.store
karnavalzamani.fun
kitapdunyasi.store
oyunmekani.fun
sanatvecanli.xyz
sanatveeglence.fun
tatilcigunlugu.xyz
teknevetur.boats
ucuzteknoloji.icu
yelkencilerklubu.boats
yenilikcisanat.xyz

# Reference: https://www.virustotal.com/gui/ip-address/154.216.17.51/relations

bilgisayaronarimteknikleri.xyz
gezgincocuklarakademisi.xyz
gezginlerkitabi.store
gundelikyemektarifleri.xyz

# Reference: https://www.virustotal.com/gui/ip-address/154.216.20.3/relations

gelenekseltatlar.xyz
saglikliyasamvebeslenmetavsiyeleri.xyz

# Reference: https://www.virustotal.com/gui/ip-address/154.216.17.48/relations
# Reference: https://www.virustotal.com/gui/file/f52e18dfb5247488e240e07b7befe7fa9664f737221d0044d106ec388d990f91/detection

annebebekbakimi.baby
bebeklerdunyasi.baby
bilgiicin.icu
denizsevgisi.boats
dunyagezginleriyolrehberiniz.xyz
eglenceadasi.fun
eglencemerkezi.fun
eglenmeyiseviyorum.fun
elektronikcihazlar.store
hikayeler.store
minikoyunlar.baby
mutfaksefasi.store
oyunvakti.fun
sanattutkusu.xyz
sosyalmedyayonetimrehberi.xyz
sporseverler.store
teknevekeyif.boats
teknolojivebilim.icu
yelkenlisevgisi.boats
yeniteknolojiler.icu

# Reference: https://www.virustotal.com/gui/ip-address/94.156.71.254/relations

eglencemerkezi.fun
elektronikcihazlar.store
sanatetkinlikleri.xyz

# Reference: https://www.virustotal.com/gui/ip-address/79.110.62.28/relations

babemone01ker.top
beliomafegamute.xyz
goldaberloyves.xyz
goldbrazojewan.pro
hidjoleader.pro
klorbelimorefance.xyz
moijenolewogfasder.online
molefanvotsa.top
opelebionevodew.site
polijuferneda.top

# Reference: https://x.com/ThreatFabric/status/1838509207504478481
# Reference: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant
# Reference: https://www.virustotal.com/gui/file/83eea636c3f04ff1b46963680eb4bac7177e77bbc40b0d3426f5cf66a0c647ae/detection
# Reference: https://www.virustotal.com/gui/file/6cd0fbfb088a95b239e42d139e27354abeb08c6788b6083962943522a870cb98/detection
# Reference: https://www.virustotal.com/gui/file/117aa133d19ea84a4de87128f16384ae0477f3ee9dd3e43037e102d7039c79d9/detection

5106c5dbc9e0d004489af35abec41027.info
53cd7bfaebd095ad083c34f007469ff5.biz
5fa5009fb05a5cee1abd7a2dbb6eb948.net
7729f264dc01834757c9f06f2d313e28.com
8921267492331aabcb4394c801d4e490.shop
a414602e421935fd057be3c06a3d080c.info
bbad1dcadd801af41da97ecf292b147f.xyz
c80530d100da2e953c21c55d7cb4b86a.info
ffce9e39ccdfbe3f1e88806545321ad7.org

# Generic

/angelkelly/
/balls51/
/CHECKPIECEUNTIL/
/CONTAINSURE/
/crystalknight/
/flexdeonblake/
/jadafire/
/MUCHTHENWERESTO/
/QUESTIONROADFAR/
/sinnamonlove/
