trails/static/malware/android_ngate.txt

# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://x.com/LukasStefanko/status/1826552355900317892
# Reference: https://www.welivesecurity.com/en/eset-research/ngate-android-malware-relays-nfc-traffic-to-steal-cash/
# Reference: https://github.com/eset/malware-ioc/tree/master/ngate
# Reference: https://www.virustotal.com/gui/file/7cb66683d8588059dd9fbacaded3b4d9a0061620515ec9d9f992697de270e07c/detection
# Reference: https://www.virustotal.com/gui/file/267a4d1db03284827668278a7be11af7999beac388ac902fcb268644d227369c/detection
# Reference: https://www.virustotal.com/gui/file/4d53ecb0f862054fa01c834d1fc21bf97c4884899e059131d982f90953b88768/detection
# Reference: https://www.virustotal.com/gui/file/e19a7c8e4994ea4ed680136c9e3a6fff7b82c72f5743952821a446b6cb830f06/detection
# Reference: https://www.virustotal.com/gui/file/95d906dca5a3be5cf066268662b3c953860e54e9cdcfcd427faf0aaa9cb62bad/detection
# Reference: https://www.virustotal.com/gui/file/1d126e5904dde3b46175a4aae89eec1fb8a6b80e35b1f473878e5dd288f8aae6/detection
# Reference: https://www.virustotal.com/gui/file/17a16f08108e25af1c8b058adbaca2cada6a93c2d38c9854148f9e9caac76ac3/detection
# Reference: https://www.virustotal.com/gui/file/162f8c6bafe0c343c37f173344c4f6880eaec0aea7b491565db874366b161784/detection

http://172.187.98.211
172.187.98.211:443
cryptomaker.info
george-bank-cz.online
mobil-csob-cz.eu
my-cz.site
play-secure.pro
raiffeisen-cz.eu
tbc-app.life
app.mobil-csob-cz.eu
client.nfcpay.workers.dev
csas.my-cz.site
csob-93ef49e7a.tbc-app.life
geo-4bfa49b2.tbc-app.life
george.tbc-app.life
nfc.cryptomaker.info
nfcpay.workers.dev
rb-62d3a.tbc-app.life
rb.2f1c0b7d.tbc-app.life

# Reference: https://x.com/ESETresearch/status/1887839381274161509
# Reference: https://www.virustotal.com/gui/file/ecf57b7c4a832cf9e22c76ffeab36c410979eeabac94e822bcc61b5229b48726/detection

38.180.222.230:5577