forked from stamparm/maltrail
-
Notifications
You must be signed in to change notification settings - Fork 0
/
android_basbanke.txt
179 lines (124 loc) · 5.95 KB
/
android_basbanke.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission
# Aliases: AmexTroll, BRATA
# Reference: https://securelist.com/basbanke-trend-setting-brazilian-banking-trojan/90365/
dodothebest.esy.es
zalthome.esy.es
servcobranca.in
ibercob.com.br
rootcenter.com.br
royhols.com
autopecasecreta.com.br
investcerto.site
bancobrasil.mobi
citiapp.mobi
ltau.mobi
moduloempresa.com
noisquevoa.mobi
pagseguro.mobi
aplicativo-sms.com
# Reference: https://twitter.com/malwrhunterteam/status/1267853279217823748
googleplaybr.ga
# Reference: https://twitter.com/malwrhunterteam/status/1280212682378010624
googlepla.ddns.net
# Reference: https://twitter.com/malwrhunterteam/status/1282763645211086850
# Reference: https://twitter.com/malwrhunterteam/status/1282763820935655425
googleplay-app.sytes.net
playstories.cf
# Reference: https://twitter.com/malwrhunterteam/status/1326902976871542784
# Reference: https://twitter.com/bl4ckh0l3z/status/1326929791686242305
# Reference: https://www.virustotal.com/gui/ip-address/184.164.70.25/relations
# Reference: https://www.virustotal.com/gui/file/6ff9689025c204b4cf400c3eef7be8759cdad52206dcb5245a5e504c4fd0b11d/detection
api-dnsapp.xyz
kosnane-fata.xyz
mellat-app.com
mellat-hamrahe.com
# Reference: https://twitter.com/malwrhunterteam/status/1416344403879337985
# Reference: https://www.virustotal.com/gui/file/68888c31c2e30b003d08f001548ac321985975bb64e48de368310cf4c4df9df4/detection
101.99.94.142:2001
198.187.28.71:2001
# Reference: https://twitter.com/malwrhunterteam/status/1416364560567701507
# Reference: https://www.virustotal.com/gui/file/d774779a1e53d5c1012ec855cd6567d6e9f779299ddf0d07e96dde6c0679f4df/detection
37.120.198.220:2001
add-sicurezza-web.com
# Reference: https://twitter.com/AgidCert/status/1471449056316727300
# Reference: https://cert-agid.gov.it/wp-content/uploads/2021/12/brata_10-12-2021.json_.txt
# Reference: https://www.virustotal.com/gui/file/091ea4ac7d30ade8b5c1247cc5f796eca3058fa4851b1e58cd3fdec73cbf85c9/detection
# Reference: https://www.virustotal.com/gui/file/1e1628023731559c4ea1af2323ed7d226df57722eb808260ce2f0fbee465cd15/detection
# Reference: https://www.virustotal.com/gui/file/d2c618b20de00dcce8449167b0a3a8d01eae81b9e6d7b8787e8076ca3986c8af/detection
# Reference: https://www.virustotal.com/gui/file/850505058becc7b669898819c234fb0e7f29ab27fc7b105e95998ba5693862e1/detection
http://51.38.113.144
51.38.113.144:5656
51.38.113.144:5757
51.83.134.212:17178
51.83.134.212:5451
51.83.134.212:5454
51.83.134.212:5656
51.83.134.212:5757
scarica-antivirus-2021.com
scarica-ora-antivirus.com
verifica-online-procedura-dati.com
antivirus.verifica-online-procedura-dati.com
# Reference: https://cert-agid.gov.it/news/brata-malware-per-dispositivi-android-spacciato-per-antispam/
111.90.149.241:2001
# Reference: https://www.virustotal.com/gui/file/1e7b821c38c00039ca57f49a63b3eb87a5c863846813f135a75e1c82bd587c05/detection
80.211.68.187:2001
# Reference: https://www.virustotal.com/gui/file/648a5a705bbe88e52569b3774a689a82f53962e8827b143189639d48727bd159/detection
212.192.241.103:2001
# Reference: https://www.cleafy.com/cleafy-labs/how-brata-is-monitoring-your-bank-account
http://5.39.217.241
# Reference: https://www.virustotal.com/gui/file/f071251bbd87db412c0b56e20d8334a47b88d5e4b3ceef2e101288f771bd9292/detection
103.127.126.78:2001
# Reference: https://twitter.com/malwrhunterteam/status/1517565018153312262
# Reference: https://www.virustotal.com/gui/file/7227dbd5399e34ffa6b61f9f3f8d7dec8703b3baae7712c21b427ee8d7db63f0/detection
http://51.68.147.107
51.83.251.214:6868
51.83.251.214:6969
# Reference: https://twitter.com/malwrhunterteam/status/1520359613048176642
# Reference: https://www.virustotal.com/gui/file/c3ffd5292ec345607950e2896a83dc1ae336d1d7f311b94e14e636ecce82d473/detection
# Reference: https://www.virustotal.com/gui/file/fb4cedb33a2c5a8447e90a0b3c153b0c440680211428bd82c9ccbaffa85a7ac0/detection
# Reference: https://www.virustotal.com/gui/file/cf82f08d389ec2929b4058267324792632880babb9d7db62f20761dcdd69fcf8/detection
http://146.70.78.47
http://51.83.225.224
http://51.83.251.214
51.83.251.214:5151
51.83.251.214:5959
/gvcrfRK.zip
# Reference: https://twitter.com/malwrhunterteam/status/1522859631118278656
# Reference: https://www.virustotal.com/gui/file/6308b6f9830f701d12d408477d97e91076071201fcf4ade255de77f597da8e09/detection
51.83.251.214:9977
51.83.251.214:9988
# Reference: https://www.virustotal.com/gui/file/9bf89b33609973d48c7d09d5774c39bfcefd3922202db0d872f12b3ffdb28529/detection
51.83.251.214:18888
51.83.251.214:19999
# Reference: https://www.virustotal.com/gui/file/2d15bc6c736c5422f3673d94c8f9d3d28ac1512eae6f459cd768842103266937/detection
51.83.251.214:58990
# Reference: https://twitter.com/malwrhunterteam/status/1541880379434569728
# Reference: https://twitter.com/midnight_comms/status/1542133724669652994
# Reference: https://www.virustotal.com/gui/file/9ab23c9ccfce76875f77528155f7612936dbdd16cadf7653f90d7f0fe2145f28/detection
http://45.141.239.141
# Reference: https://twitter.com/ThreatFabric/status/1547544658934464512
# Reference: https://www.virustotal.com/gui/file/b66260ad4d147efd54e5e52955b2a251e0c13c4e3a01e1ba1c24745181073988/detection
http://84.32.188.85
84.32.188.85:2001
# Reference: https://tria.ge/220728-tztj1ahhel/behavioral3
101.99.95.56:2001
# Reference: https://tria.ge/220728-tz6jkahhfn/behavioral2
101.99.93.6:2001
# Reference: https://tria.ge/220728-tzx77ahhep/behavioral3
111.90.149.120:2001
# Reference: https://www.virustotal.com/gui/file/bc2857c7c2a6072f84a47ec809213093cba05e4998b2068f70d10490adf60cd1/detection
147.185.221.180:11332
# Reference: https://twitter.com/malwrhunterteam/status/1679598979019882497
# Reference: https://www.virustotal.com/gui/file/b2f1472b8920ba1770519381c07046a5b79c9a907bc377562ccf4575c66b6ca9/detection
200.98.128.182:2779
playstore-br.com
# Generic
/hakon
/hakonhandler
# APK
/IDSecurity.apk
/itauseguranca.apk
/PJ-ID.apk
/Protetor-Servicos-Empresariais.apk
/SicurezzaDispositivo.apk