# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://x.com/LukasStefanko/status/1826552355900317892
# Reference: https://www.welivesecurity.com/en/eset-research/ngate-android-malware-relays-nfc-traffic-to-steal-cash/
# Reference: https://github.com/eset/malware-ioc/tree/master/ngate
# Reference: https://www.virustotal.com/gui/file/7cb66683d8588059dd9fbacaded3b4d9a0061620515ec9d9f992697de270e07c/detection
# Reference: https://www.virustotal.com/gui/file/267a4d1db03284827668278a7be11af7999beac388ac902fcb268644d227369c/detection
# Reference: https://www.virustotal.com/gui/file/4d53ecb0f862054fa01c834d1fc21bf97c4884899e059131d982f90953b88768/detection
# Reference: https://www.virustotal.com/gui/file/e19a7c8e4994ea4ed680136c9e3a6fff7b82c72f5743952821a446b6cb830f06/detection
# Reference: https://www.virustotal.com/gui/file/95d906dca5a3be5cf066268662b3c953860e54e9cdcfcd427faf0aaa9cb62bad/detection
# Reference: https://www.virustotal.com/gui/file/1d126e5904dde3b46175a4aae89eec1fb8a6b80e35b1f473878e5dd288f8aae6/detection
# Reference: https://www.virustotal.com/gui/file/17a16f08108e25af1c8b058adbaca2cada6a93c2d38c9854148f9e9caac76ac3/detection
# Reference: https://www.virustotal.com/gui/file/162f8c6bafe0c343c37f173344c4f6880eaec0aea7b491565db874366b161784/detection

http://172.187.98.211
172.187.98.211:443
cryptomaker.info
george-bank-cz.online
mobil-csob-cz.eu
my-cz.site
play-secure.pro
raiffeisen-cz.eu
tbc-app.life
app.mobil-csob-cz.eu
client.nfcpay.workers.dev
csas.my-cz.site
csob-93ef49e7a.tbc-app.life
geo-4bfa49b2.tbc-app.life
george.tbc-app.life
nfc.cryptomaker.info
nfcpay.workers.dev
rb-62d3a.tbc-app.life
rb.2f1c0b7d.tbc-app.life

# Reference: https://x.com/ESETresearch/status/1887839381274161509
# Reference: https://www.virustotal.com/gui/file/ecf57b7c4a832cf9e22c76ffeab36c410979eeabac94e822bcc61b5229b48726/detection

38.180.222.230:5577

# Reference: https://x.com/malwrhunterteam/status/1915376762931875917
# Reference: https://www.virustotal.com/gui/file/3474a05a69f762394cc41d9dc90f224a54561f32b6933777f2d40f1f81ebb8eb/detection

38.47.195.208:8881

# Reference: https://x.com/malwrhunterteam/status/1931461670649622998
# Reference: https://www.virustotal.com/gui/file/61729bab8a31bb183fdeff0914324286b90f5a37adb55349796f2926df274150/detection

188.127.251.70:3050

# Reference: https://x.com/johnk3r/status/1938369399192461328
# Reference: https://x.com/johnk3r/status/1938369402619236837
# Reference: https://www.virustotal.com/gui/file/172f04d094513ddfa0790008d79a2ddb3961a3317574a9b00dc8cf931b6b4016/detection

45.88.91.119:15000
45.88.91.119:16001

# Reference: https://x.com/P4nd3m1cb0y/status/1968049145543119146
# Reference: https://www.virustotal.com/gui/file/25634ee2e67323c124ca86dff15d20de38f92731a104514f007e39129cedd16e/detection
# Reference: https://www.virustotal.com/gui/file/d79c24c70a0806514ed9b228afe795723ec88a212c2042eb0dd764dd403c4ba9/detection

181.41.200.116:1285
181.41.200.116:3000

# Reference: https://app.validin.com/detail?find=Aguardando%20Cart%C3%A3o&type=raw&ref_id=6a172e13cc4#tab=host_pairs (# 2025-09-17)
# Reference: https://www.virustotal.com/gui/file/859a231e39614851bbcfc65112330326dcf57b21f48c96d36bfb09b0beb89e32/detection
# Reference: https://www.virustotal.com/gui/file/b5ca3ef74699a6153a7827f8cde6038de3037f6a8064fee7e4b5605e639bca4f/detection
# Reference: https://www.virustotal.com/gui/file/52487721d134441967c7f34c81791258374d74d344df35477085336bf44c6281/detection

179.0.176.160:1285
179.0.176.160:3000
185.228.72.137:1285
185.228.72.137:3000
191.101.131.54:1285
191.101.131.54:3000
