# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: phemedrone stealer

# Reference: https://twitter.com/ViriBack/status/1678182393956499460
# Reference: https://www.virustotal.com/gui/file/bdb1f5e7f3dbd67ee70cb66f20ac7f7902ce07989a9a22432f99fd8124da5c3e/detection

f0839732.xsph.ru

# Reference: https://www.virustotal.com/gui/file/130e00c8aa8154d60c17c2b4c0b8bf535c8dbc15ffce8b49d316778a9a2f3be2/detection

a0838144.xsph.ru

# Reference: https://www.virustotal.com/gui/file/eb1c2284db5dd717f9ab690f2080ce880f83506f792b79c22ae452d6edc4587f/detection

fobloxx.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/eb099092feb2d4281d4ff403b0d2a8e8b219adc6796b80c07ee45312a0d1e066/detection

f0782961.xsph.ru

# Reference: https://www.virustotal.com/gui/file/c9227413f759cbb2e4cd79a668ab3c6778039f0a6cf27e17d3881cb17f1b5853/detection

whiteloader.fun

# Reference: https://twitter.com/gothburz/status/1746583755039347071
# Reference: https://documents.trendmicro.com/images/TEx/20240111-cve-2023%E2%80%9336025-phemedrone-iocs8L7B0q0.txt

http://51.79.185.145

# Reference: https://x.com/karol_paciorek/status/1803028724671000850

http://91.246.41.86
dmnode4.space
evr9.dmnode4.space

# Generic

/meff/gate.php
