# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: purelogs stealer

# Reference: https://twitter.com/malwrhunterteam/status/1596269879824465922
# Reference: https://twitter.com/JAMESWT_MHT/status/1596438280903557141
# Reference: https://www.virustotal.com/gui/file/c620ce8ecbaa3ee3b92126091c7686e3bdfa23e188914f072ba2d90f05d18f9d/detection

http://195.201.23.210
download-files-pdf.de
sicherer-download-pdf.de
srv-fattureincloud.de
/ld9sja87s/dialogue/book
/ld9sja87s/dialogue/start
/ld9sja87s/dialogue/
/ld9sja87s/

# Reference: https://twitter.com/VirITeXplorer/status/1603321790490714113
# Reference: https://twitter.com/VirITeXplorer/status/1603322834046033923
# Reference: https://twitter.com/Gi7w0rm/status/1603381798343528450

195.201.23.210:5699
337727.seu2.cleverreach.com
downloadpdf-fattura.de

# Reference: https://blog.cluster25.duskrise.com/2022/12/22/an-infostealer-comes-to-town
# Reference: https://otx.alienvault.com/pulse/63a5b068e163450bbea073da
# Reference: https://www.virustotal.com/gui/file/d3aa8fca03e9eb9911bbb51302d703afa9c04ce94d94ce6c3cd5086999e49471/detection

http://116.203.19.97
service-fatturecloud.de
utente.service-fatturecloud.de

# Reference: https://twitter.com/VirITeXplorer/status/1612840654563860482
# Reference: https://twitter.com/VirITeXplorer/status/1612841897055195142

195.201.23.210:5200
lkvbb-lkvbb.de

# Reference: https://www.virustotal.com/gui/file/9bbd2fc484077da329ae3658122614fa1f9f9dfe9e3ebfb982a69d32fc55a66b/detection

chaifoomasho.foundation
eiseesaeheeg.fun

# Reference: https://www.virustotal.com/gui/file/38c45f56be6ea967ae74559abbc0eace9f0bd9d304b2cf918229366f2feb11fb/detection

puredating.top

# Reference: https://twitter.com/Racco42/status/1716498733183926306
# Reference: https://app.any.run/tasks/6d60a64e-7803-4d0c-8c2f-32ffbc62f745/
# Reference: https://www.virustotal.com/gui/file/4af6acc09b59a76cb72a04b55d20b029c29e069f2c8403677624bc8dee93132c/detection

51.75.154.192:62520

# Reference: https://twitter.com/Jane_0sint/status/1716519296489189405
# Reference: https://app.any.run/tasks/32eaf0c9-fec7-4fcb-89d0-c47cce096fa2/

86.106.87.133:62520

# Reference: https://twitter.com/g0njxa/status/1717474198480683418
# Reference: https://twitter.com/Jane_0sint/status/1717507470489194895
# Reference: https://app.any.run/tasks/9d36942e-c84e-4f92-becb-afb8289bbdf1/

185.138.164.41:7705

# Reference: https://twitter.com/AvastThreatLabs/status/1722953843208577257
# Reference: https://www.virustotal.com/gui/file/037d4c74e5ceda694755d7ff54d8e45f1c7d439262d7c5293a6751cf02872efd/detection

http://5.182.86.248
http://5.182.87.245

# Reference: https://twitter.com/James_inthe_box/status/1727060607109833165
# Reference: https://app.any.run/tasks/b7141b83-ab60-4072-b208-f6cbdeb224f2/

91.92.253.88:7702

# Reference: https://twitter.com/g0njxa/status/1729232608830394409
# Reference: https://www.virustotal.com/gui/file/0808202fc3bd5e570b2106a4f991de5beeee739960b1167a590da92727b813a6/detection

212.224.86.54:58001

# Reference: https://twitter.com/g0njxa/status/1729478226148307227
# Reference: https://app.any.run/tasks/1684165d-42ae-4777-a64e-da59320f9ef2/
# Reference: https://www.virustotal.com/gui/file/c36f73870a437275b512bdc8a70a249e77a1d836949dc4c79ece8dcd05d8a571/detection

95.214.25.73:58001
pornsworld.xyz
data.pornsworld.xyz

# Reference: https://twitter.com/k3yp0d/status/1729908135375020125
# Reference: https://www.virustotal.com/gui/file/ff0179442402fa306c85ba83a87df2cc46d13012a1e2819e73a6b3586c5c8dc3/detection
# Reference: https://www.virustotal.com/gui/file/9745eaca508255646d2039383150952955f49196767a160968fcf83130ad9a90/detection
# Reference: https://www.virustotal.com/gui/file/93988c13f8e6dc3cc6d9256992d417057e164785c1ad05f6984fc769af5b597a/detection
# Reference: https://www.virustotal.com/gui/file/5901691afd331944b38939588b1ac7480c1ea76ba32c703bb61af1be4c72bb50/detection

91.92.252.74:39001
91.92.252.74:58003

# Reference: https://www.virustotal.com/gui/file/39b10e16dcda487ccf77695191c4c5e45d7e3b1ca85099f4bd934f260dc7ef62/detection

91.92.120.119:62520

# Reference: https://twitter.com/suyog41/status/1733001612103397646
# Reference: https://www.virustotal.com/gui/file/a1d1b33e93188e94712b71b3fb7589eb6904af72e243d6dff3fb5c6ad917038a/detection
# Reference: https://www.virustotal.com/gui/file/6ead965d47c13610ac4796e9d3f9ace8bcdff14bbdd828176ef8eb702fa26c0d/detection

91.92.240.144:58001

# Reference: https://twitter.com/ViriBack/status/1734058092336148839
# Reference: https://www.virustotal.com/gui/file/eb084ed44cabbe60ecfcc565813ece7aec29b259d6ba029ee1749d6cd93bbed2/detection
# Reference: https://www.virustotal.com/gui/file/833b39e5d4b15f65b5a1792038178d6afa3a661c566682274bf1dde5716a4d3f/detection
# Reference: https://www.virustotal.com/gui/file/db0b9056105ec470e760eb9e9940ad871fdcd321e876dcccae3600d12e8ec38d/detection
# Reference: https://www.virustotal.com/gui/file/ed04d8ebbc30c39278f1e22d2442853ff704f97f0e494d069034dee2239bc43a/detection
# Reference: https://www.virustotal.com/gui/file/54cf52a9e70fd4c1451e174e177e1e085849b77ffba2e0949865aa69fc44b141/detection

5.188.159.44:39001
5.188.159.44:58001
51.255.78.213:39001
51.255.78.213:58001
51.255.78.213:7702

# Reference: https://www.virustotal.com/gui/file/035ae10badc5ae4db898cdf876da90e4aa8110b2f772e296cac0a0cc5cf3f7ee/detection

23.224.233.91:58001
23.224.233.91:7702

# Reference: https://www.virustotal.com/gui/file/1bb8f8ab59d0e9c8eec0366638f3d079cb2be52033346db80aff0badcf9e0aea/detection

58.220.33.199:7702

# Reference: https://www.virustotal.com/gui/file/68c0399ac81708d1bb12018df9779e3f505bec822d64e4e9a7d063962ae23c6a/detection

http://61.147.96.195
61.147.96.195:3131

# Reference: https://app.any.run/tasks/b67b0bf0-b145-4f47-b45d-cdcd068a05c8/

http://74.119.193.203

# Reference: https://www.virustotal.com/gui/file/0a65d5c09412040cf15bf2cca084741b4a1b386cbd0a88cd63c0cf867581b395/detection

89.39.106.35:1337
89.39.106.35:58004

# Reference: https://www.virustotal.com/gui/file/7367d9790fcd796386f0aa856ec3899f86102162e332bcdce0404b2d009bd903/detection

94.156.71.237:58001

# Reference: https://twitter.com/malwrhunterteam/status/1761150913807331626
# Reference: https://www.virustotal.com/gui/file/fa12c39db075c3724509b82bbbb066475046fc87ddf034892d633dc184c2b8e5/detection
# Reference: https://www.virustotal.com/gui/file/e948e8b0b403304158c88996a03304f68b61bd3c1abb40e7434c5ca61b52523d/detection

88.80.145.97:2332
rustercoin.com

# Reference: https://www.virustotal.com/gui/file/a79fbf1f6682f02689ef3400ff89f2c960b595b7498af36fb1a418fa0e7e0549/detection

141.98.10.96:5888

# Reference: https://www.virustotal.com/gui/file/b3df220dc7edc143d630cd47300a4f5aa5c6d0ec4940209204084bf4880fa373/detection
# Reference: https://www.virustotal.com/gui/file/cfe4cc04b18ab58d324b44138720e565170298d7b5449114de2092144343123c/detection

http://51.81.115.20
http://51.81.115.24
http://51.81.115.28
185.196.10.233:39001
185.196.10.233:8383
insane.wang
wi-fi.rip
dksj.wi-fi.rip
gjhfhgdg.insane.wang

# Reference: https://www.virustotal.com/gui/file/06dbcee1c5c8b50c3a3c47660d0bdbb52181861bbc9edede1d8b1674e82d074e/detection

http://91.92.254.93
91.92.254.93:39001

# Reference: https://www.virustotal.com/gui/file/57055d1ebed3774ca8e1d6a6c6a3ed02d6769ad0771a42204cf8a8eac2ea73ab/detection

91.92.247.69:39001

# Reference: https://www.virustotal.com/gui/file/39e409462ae74342e5c926c8459c17f64ed491fc1dfa3169468a66de50070547/detection
# Reference: https://www.virustotal.com/gui/file/97175f477ed70cb8ab8e64165325586111a3946433bbae9e03b8273ac0602e3e/detection

87.120.84.140:7702

# Reference: https://twitter.com/banthisguy9349/status/1783055072227729540
# Reference: https://urlhaus.abuse.ch/browse/tag/pclient/

http://91.92.247.178
http://91.92.249.233
http://94.156.65.175
vertextech.buzz

# Reference: https://x.com/StrikeReadyLabs/status/1818461465214398612
# Reference: https://www.virustotal.com/gui/ip-address/94.154.172.166/relations
# Reference: https://www.virustotal.com/gui/file/04412dd87af692fd0a1c819da8bfc9cd57bc4ab619e214840f4a539086eba1f3/detection
# Reference: https://www.virustotal.com/gui/file/6a42d617616188ab84e93c396341086ed33c2a2af21f8d0011ae003bc18417f2/detection
# Reference: https://www.virustotal.com/gui/file/ace74890b732a42e4d481744266121b1bca84a36c730dc563813e26f781a7512/detection
# Reference: https://www.virustotal.com/gui/file/df822725545120d197a5feaef16dbd3734fd5b309af756d5ed60ff5bb75c422d/detection

http://94.154.172.166
111.90.145.132:7722
111.90.145.141:58001
41.216.183.3:56001
fallback-01-static.com
strang-01-static.com
relay-03-static.cloud
pdf-builder.theworkpc.com

# Reference: https://www.virustotal.com/gui/file/1d4968c61aedd4552733a1b64a7044a22cd9e036c9414c9e059536fa298684df/detection

undernamingtry.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.purelogs/
# Reference: https://www.virustotal.com/gui/file/0cbccc76d0232d97d07385eacb8dccdffe69c82c8a8113f3f09b432b93e0714a/detection

91.92.244.157:9817
91.92.255.61:9817
purfufu3flujs.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0cbccc76d0232d97d07385eacb8dccdffe69c82c8a8113f3f09b432b93e0714a/detection

91.92.244.157:7702
91.92.255.61:7702
pukrilug.duckdns.org
stremasster.duckdns.org

# Reference: https://x.com/RussianPanda9xx/status/1829768223308362013
# Reference: https://www.virustotal.com/gui/file/08b40fedadf7d3aa7c3768c0f7a44d75393706f49f1aeb871c99da7590c3dfc0/detection

154.216.20.37:5888

# Reference: https://x.com/malwrhunterteam/status/1826546541986804006
# Reference: https://app.validin.com/detail?type=ip&find=91.92.240.9#tab=resolutions

relay-01-static.com
relay-02-static.com
adobeartsia.com
backend-server78.com

# Reference: https://www.virustotal.com/gui/file/0a997282b4b069043b235a93051e5bcb6eaab82f800098b51d55802493fedd43/detection

msdownloads.pro

# Reference: https://x.com/fam4r/status/1836497372454465628
# Reference: https://x.com/malwrhunterteam/status/1836498511598059879
# Reference: https://www.virustotal.com/gui/ip-address/185.208.159.43/relations
# Reference: https://www.virustotal.com/gui/file/10d4e15b63a07368299f2245661d7a4626cd1a91a9950a3cbed5b4276d2dc31f/detection
# Reference: https://www.virustotal.com/gui/file/d737637ee5f121d11a6f3295bf0d51b06218812b5ec04fe9ea484921e905a207/detection
# Reference: https://www.virustotal.com/gui/file/5b09f7b95e50495b7f7179c03d72949a7a6f63efd213bfe5dc8884b056bd1e1f/detection
# Reference: https://www.virustotal.com/gui/file/62a1310e29465bda30fcba8f954d1a566c744ffec15490b22fd385fa056b74e7/detection

45.11.229.96:39001
45.11.229.96:39002
45.11.229.96:39003
45.11.229.96:56001
45.11.229.96:56002
strompreis.ru
