# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: alfonso stealer, collector stealer, datacollector, DCStealer, detector stealer, gachi stealer, hunter stealer, panda stealer, grakate stealer, phoenix stealer

# Reference: https://twitter.com/ViriBack/status/1253857638607196162
# Reference: https://app.any.run/tasks/9d7710ad-18d6-4f1a-8f7f-25a6629049e4/
# Reference: https://www.virustotal.com/gui/file/eb1280c930b01b6b2930b926bd8b868312b74ab3b450afb2a216e08773b12bb9/detection
# Reference: https://www.virustotal.com/gui/domain/u6218636a7.ha004.t.justns.ru/relations

u6218636a7.ha004.t.justns.ru
u667503gif.ha004.t.justns.ru

# Reference: https://twitter.com/3xp0rtblog/status/1275063347424063489
# Reference: https://app.any.run/tasks/88fac00d-6a25-4869-af44-3955a53b6266/

data-collector.online

# Reference: https://twitter.com/3xp0rtblog/status/1327239694615257088
# Reference: https://app.any.run/tasks/acda3856-381d-4bfa-a576-2704d0cfcf86/
# Reference: https://www.virustotal.com/gui/file/30af8d3ec685a4a5669f1377bb74589772a0428d9daa214c179a795dcf4b9030/detection

193.124.66.33:2229

# Reference: https://twitter.com/3xp0rtblog/status/1324800226381758471
# Reference: https://www.virustotal.com/gui/file/8d28a885143b7327ca2db1f5fae20013591538c77941ae4244e67659943b31c1/detection
# Reference: https://app.any.run/tasks/5521e858-aa80-4c07-b4bb-0b97ab2f28e1/

95.215.206.139:2222

# Reference: https://twitter.com/3xp0rtblog/status/1344352253294104576
# Reference: https://app.any.run/tasks/1dba5a2e-9e11-4fb4-a7d5-89f71b4bb876/
# Reference: https://www.virustotal.com/gui/file/92175f70c2e1472fcb742e9dc4939a48da8ae6f02d0177a2387be4235b0b1b23/detection
# Reference: https://www.virustotal.com/gui/file/3998e2ba6588279a49570f61daef37d108e446db960b7a41a3c0bc8cfbfa271f/detection

94.103.84.193:2222
progs.su

# Reference: https://twitter.com/jorgemieres/status/1366740401454014471
# Reference: https://www.virustotal.com/gui/file/4446506c8c66e2f5066b8e5d3f23011bf0e101cc27bb1cfcc56c441ee0d1a312/detection

gamingspor.000webhostapp.com

# Reference: https://twitter.com/jorgemieres/status/1368952490876624898
# Reference: https://www.virustotal.com/gui/file/2c5d3ac0714de12796a11cded05fcd547e855cfe22add34fcd6a4abc13deccbe/detection
# Reference: https://www.virustotal.com/gui/file/48c46bec223f64754b981c5f69fc73ebd4db059bc3aaf5d553ecaf3e68c610b3/detection

collect.mcdir.ru

# Reference: https://www.virustotal.com/gui/file/3992d7d7e4cfe62a2bc7bada61f35bda7a1af7ecacb7e17aaaf4816a94857907/detection

gfgjhfgjfghgfghghg.ffox.site

# Reference: https://www.virustotal.com/gui/file/e722df3ecbbfa8f93f415307a4c70129653bf1582f15ce59b894c0386d95ad15/detection

cq90024.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/ceee6acd373826ccf7dee91d72edc5a1f84d80537db2414f91b33de2812af484/detection

cj65670.tmweb.ru

# Reference: https://twitter.com/ffforward/status/1381403701223522308
# Reference: https://www.virustotal.com/gui/file/05d38ac5460418b0aa813fc8c582ee5be42be192de10d188332901157c54287c/detection
# Reference: https://www.virustotal.com/gui/file/1efa74e72060865ff07bda90c4f5d0c470dd20198de7144960c88cef248c4457/detection

biscosuae.com
prtanet.com
prtboss.com

# Reference: https://twitter.com/ET_Labs/status/1385628386144309248
# Reference: https://www.virustotal.com/gui/file/98ce669e5e059cb05e579f1bc6e9327682a56670b63537a9d7c790219ae4bdf6/detection

f0520118.xsph.ru

# Reference: https://www.virustotal.com/gui/file/4003ee1d971e3638aa11c3a60f95d169122142a56d5d1ecf3dc60376f0f4d5f2/detection

f0537501.xsph.ru

# Reference: https://www.virustotal.com/gui/file/6fe6e6bf89c455dbf1c941d61c2f369b21052dcc9b855447d36581e5bb7f9e46/detection

f0536352.xsph.ru

# Reference: https://www.virustotal.com/gui/file/28e1990ecfab01745f8499174840437042ca500a42582ebe6a14f8bec21f5005/detection

f0531200.xsph.ru

# Reference: https://twitter.com/jorgemieres/status/1389559988117544962
# Reference: https://www.virustotal.com/gui/file/7e97d2bfdf27ec8701c57ed21131c63f37c129faf911da8c35a739c0697f33f2/detection

antimalwarebyte.site

# Reference: https://www.trendmicro.com/en_us/research/21/e/new-panda-stealer-targets-cryptocurrency-wallets-.html

http://23.92.213.108
http://83.220.175.66
1wftyu121cwr24v3hswa1234g.tk
bingoroll2.net
biscosuae.com
cocojambo.collector-steal.ga
collector-steal.ga
cryptojora.club
f0522235.xsph.ru
f0527189.xsph.ru
f0527262.xsph.ru
f0527703.xsph.ru
guarantte.xyz
j1145058.myjino.ru
loanfirmsolution.com
micromagican.com
prtanet.com
prtboss.com
repairyou.com
steammd0.beget.tech
traps.ml
tydaynsosi.ru

# Reference: https://www.virustotal.com/gui/file/eb9b05b993b25b9692a011ba8a12cc492ec769aeb82c5e1fcc328264438a229f/detection

collector-node.us

# Reference: https://www.virustotal.com/gui/file/bdee27ff1e53feb5af5be169cbee1602e8dd9c47722dd4e51fc17e1ab9ee6a92/detection

collector-gate01.us

# Reference: https://twitter.com/jorgemieres/status/1392148957204205580
# Reference: https://www.virustotal.com/gui/file/23acdd1f64bbf85d8d6f8f29bad826464d6ecf0160e8975e55bfcf3cce891f01/detection

coronavirus.mcdir.me

# Reference: https://www.virustotal.com/gui/file/5b7559ef858b45a1aa79ed59ee28f0a8e4f117c07986f8ca6d5ed5df567a247c/detection

f0538564.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d808216221746c98ebc2afa74ce7f48af1600ae52a22dc3e7468f5bf69d5dc76/detection

globaltechtutor.com

# Reference: http://tracker.viriback.com/dump.php (# Collector)

a98052kl.beget.tech
barix.atwebpages.com
cb60062.tmweb.ru
cn38762.tmweb.ru
cs33609.tmweb.ru
cu94599.tmweb.ru
cx48626.tmweb.ru
f0520118.xsph.ru
f0522091.xsph.ru
f0522691.xsph.ru
f0522877.xsph.ru
f0523160.xsph.ru
f0523327.xsph.ru
f0523773.xsph.ru
f0524225.xsph.ru
f0525005.xsph.ru
f0525251.xsph.ru
f0525381.xsph.ru
f0525895.xsph.ru
f0526333.xsph.ru
f0527189.xsph.ru
f0527262.xsph.ru
f0527344.xsph.ru
f0527415.xsph.ru
f0527643.xsph.ru
f0527703.xsph.ru
f0528344.xsph.ru
f0528737.xsph.ru
f0529045.xsph.ru
f0529228.xsph.ru
f0531603.xsph.ru
f0531646.xsph.ru
f0531750.xsph.ru
f0531989.xsph.ru
f0532253.xsph.ru
f0533131.xsph.ru
f0533420.xsph.ru
f0533601.xsph.ru
f0533622.xsph.ru
f0533726.xsph.ru
f0533988.xsph.ru
f0534243.xsph.ru
f0534644.xsph.ru
f0534776.xsph.ru
f0535130.xsph.ru
f0535280.xsph.ru
f0535358.xsph.ru
f0535398.xsph.ru
f0535460.xsph.ru
f0535799.xsph.ru
f0535947.xsph.ru
f0536181.xsph.ru
f0536231.xsph.ru
f0536352.xsph.ru
f0536427.xsph.ru
f0536692.xsph.ru
f0537214.xsph.ru
f0537341.xsph.ru
f0537501.xsph.ru
f0537624.xsph.ru
f0537792.xsph.ru
f0538075.xsph.ru
f0538386.xsph.ru
f0538851.xsph.ru
f0538928.xsph.ru
f0539063.xsph.ru
f0539266.xsph.ru
f0539343.xsph.ru
f0539494.xsph.ru
f0539879.xsph.ru
f0540018.xsph.ru
f0540269.xsph.ru
f0540490.xsph.ru
f0540908.xsph.ru
f0540924.xsph.ru
f0541497.xsph.ru
f0541553.xsph.ru
f0541911.xsph.ru
f0541979.xsph.ru
f0542157.xsph.ru
f0542175.xsph.ru
f0542230.xsph.ru
f0542299.xsph.ru
f0542355.xsph.ru
f0542710.xsph.ru
f0542829.xsph.ru
j9859310.myjino.ru
site13046.web1.titanaxe.com
tatu2.win5x.fun
tsaoysakis.mcdir.me
yotub1337.myjino.ru

# Reference: https://twitter.com/jorgemieres/status/1412123356464402437
# Reference: https://www.virustotal.com/gui/file/04a3b0f970d1689d6c1d6859c81ef3f41f1a503baf4275188e848548b2669950/detection

alexblog.beget.tech
antimalwarebyte.site
antimalwarebyte.xyz
windowsdefenderautoupdate.me

# Reference: https://twitter.com/sS55752750/status/1424376902756732929
# Reference: https://www.virustotal.com/gui/file/a71768b2ecd224fd63871c7a103dea2c8e02727cb3db5c0c6b34a94fe0017fdd/detection
# Reference: https://www.virustotal.com/gui/file/469507bd8c3c94a91f7595a64a60b13b3ab441115e914dca5ac1466f61e701ef/detection

185.92.149.254:17890
f0523695.xsph.ru

# Reference: https://twitter.com/3xp0rtblog/status/1460961291523219463
# Reference: https://www.virustotal.com/gui/file/9fc9eb14ef8cae1832d29e2b831fef33ad1fdd27de590f1d7727dc58f260992e/detection

185.66.91.72:2222

# Reference: https://www.virustotal.com/gui/file/c368a6fe4515f64a9107a902d289729aeec112f8ebeed9b4bd8a757bb4299a37/detection

f0611380.xsph.ru
f0615745.xsph.ru

# Reference: https://www.virustotal.com/gui/file/06a037daad43e90d12ebe6668d0f42c5ab4f0843e55e36de833f0ebb650ace05/detection

a0549610.xsph.ru

# Reference: https://www.virustotal.com/gui/file/4d3a713c3efa42d046f7a84be21a16835a00e9f3a7664a7d9ae4f70b980694f0/detection

a0558806.xsph.ru

# Reference: https://www.virustotal.com/gui/file/2fa87315eada30cfd24750474f2be53fdeb991fa0e124d594065dab24ccce633/detection

f0615839.xsph.ru

# Reference: https://www.virustotal.com/gui/file/a9b6688629926032be7b7c5c6f160712c69f0920683d325645012e0ea9be8d77/detection

cn62917.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/1660051d1b39c86adf62dfae6b47ed89cd7a3ac2477523f4e40c802ac1b7c4c7/detection

thisisgenk.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/619b97669deb02fa97b8d38f8a3380e37f7b8502ab68858a40fba2ef071d539e/detection

sexbommc.beget.tech

# Reference: https://www.virustotal.com/gui/file/de7d47654538811ddcc78db8b4182a22680d9cc8fbca835579827e244143f744/detection

f0630352.xsph.ru

# Reference: https://www.virustotal.com/gui/file/490f50e8856055300191160b3625eb14b532487ee5e87a9a9bb008cb2f856fe3/detection

aye1337.ru.xsph.ru
f0631663.xsph.ru

# Reference: https://www.virustotal.com/gui/file/ee433cde3dd0a4e2c697af5f0284cb8eaf5db9d4a252c1ba838ede8bb12c521c/detection

subbot91.beget.tech

# Reference: https://www.virustotal.com/gui/file/fc7e005427adc8a9ba7f3cdbccd13feacce3ad9b54d55ad668087c83d1924b2a/detection

a0614675.xsph.ru

# Reference: https://www.virustotal.com/gui/file/eb71cab5102129ce157c7b388639cbe93f78f5421ff3dbb0331d55c9f48f2321/detection

a0651615.xsph.ru

# Reference: https://www.virustotal.com/gui/file/f82644e9cf82a971084aa870080682e24de597776c712798f88ec22ddaeb74c5/detection

a0654626.xsph.ru

# Reference: https://www.virustotal.com/gui/file/aba0642520b58c4717eb997c41f61356c24cdbdc114d3b44ee7602f2935dc93e/detection

a0616309.xsph.ru

# Reference: https://www.virustotal.com/gui/file/0048b0979c6d9b89c8693eaa279b000c101703e2d36ea8c9e6e2b1cc57919640/detection

f0466804.xsph.ru

# Reference: https://www.virustotal.com/gui/file/3e62c36cc466c3d276704b29eee95f12e13ff7e412a27a7d5c31ce8c45178fcd/detection

a0651986.xsph.ru

# Reference: https://www.virustotal.com/gui/file/10204546c21a370d96d6ad6906c5aadfd13c18e37fa49e62d6c69eba83f51247/detection

a0649296.xsph.ru

# Reference: https://tria.ge/220609-phacksccg2

asdqwezxc.ru.xsph.ru
