# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: BotSh1zoid, deerstealer, xfiles stealer

# Reference: https://twitter.com/3xp0rtblog/status/1473323635469438978
# Reference: https://www.virustotal.com/gui/file/0cb794f429667056b02e71ff9a1e919f8f238f52762b8c6460fd4adefbb78945/detection

xfilesebetreadline.online

# Reference: https://twitter.com/h2jazi/status/1476292943027871755
# Reference: https://www.virustotal.com/gui/file/f47310b82f31d55c5f41a9ce336c3d4ee94990272e1ac970a0dbdfcd171c28f8/detection

xfilesebetreadline.ru

# Reference: https://twitter.com/fr0s7_/status/1478700349636681732
# Reference: https://app.any.run/tasks/275cfd12-2a32-4895-b35c-ad7ec8613f25/

f0616231.xsph.ru

# Reference: https://twitter.com/Finch39487976/status/1488890401369083909

u02280uiqwiteloxs0si.ru

# Reference: https://www.virustotal.com/gui/file/b8e39666c3fb80249063428e1269695a2aeb71794d504b84f14216b4c3170d4e/detection

a0612650.xsph.ru

# Reference: https://www.virustotal.com/gui/file/ff7c17bdb5b61439e8d7daed154e559bd3bf20b13662b3bd58a557b175d691e0/detection

a0621954.xsph.ru

# Reference: https://www.virustotal.com/gui/file/deb63e343b2cb5fbdf761b6950b9130ed289d908ce90f006be5cb3792570a970/detection

a0635111.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d53216d1d830557c0fad80f886074cd2aa7c545cc684bb0d0bff29fb0da5b2d1/detection

a0608494.xsph.ru

# Reference: https://twitter.com/malwrhunterteam/status/1521830471591776258
# Reference: https://twitter.com/malwrhunterteam/status/1521894032930217991
# Reference: https://www.virustotal.com/gui/file/7abf85ad78b521bcc31f6066ab2e0b1e6ad9672b952ef426a1d93c3d3f267f57/detection

gdsjagdsgknj34engdsnmmgnds.com
u02280uiqwiteloxs0si.online

# Reference: https://www.virustotal.com/gui/file/8847c7f6c02cf108353281e81185ece895950311b77a2a482a1fc35a8f220011/detection

a0648113.xsph.ru

# Reference: https://www.virustotal.com/gui/file/006196df92b8a5a0a313dd975d602d9459849ee8048bda28cb460e2ad67ca22b/detection

f0647713.xsph.ru

# Reference: https://twitter.com/James_inthe_box/status/1600953579988475904
# Reference: https://app.any.run/tasks/5fc6c192-5698-4940-ba3a-c41de8d44215/

xfilesreborn.ru

# Reference: https://twitter.com/suyog41/status/1754460428640665818
# Reference: https://www.virustotal.com/gui/file/df035dbf1a32469699c8c8b3c04b49ab8aad5ced1e874a1c21b918e1c606d797/detection

api-watch-films.space
bflow-musico.fun

# Reference: https://x.com/crep1x/status/1818923295086973076
# Reference: https://www.malwarebytes.com/blog/news/2024/07/threat-actor-impersonates-google-via-fake-ad-for-authenticator
# Reference: https://www.virustotal.com/gui/ip-address/81.19.137.133/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.215.85.8/relations
# Reference: https://www.virustotal.com/gui/file/5d1e3b113e15fc5fd4a08f41e553b8fd0eaace74b6dc034e0f6237c5e10aa737/detection

authenficatorgoogle.com
authentficator-google.com
authenticator-googl.com
authenticattor-googl.com
authentifficator-googl.com
authentifficator-google.com
authentifficator-jp.com
authentifficatorgogle.com
authentifficcatorgogle.com
authentific-googl.com
authentificate-gooogle.com
authentificator-gogle.com
authentificator-googl.com
authentificatorgogle.com
authentificatorgoogle.com
authentificcate-google.com
authentificcatorgoolgle.com
authentificcatorgoolglte.com
authentificcatorgootgle.com
authentificcatorgotgle.com
authentificgoogle.com
authetificator-googl.com
cenpos-apps.com
chromeweb-authenticator.com
chromeweb-authenticators.com
chromeweb-authenticators.oix.wtf
chromeweb-authenticatr.com
chromstore-authentificator.com
googl-aunthetificate.com
googl-authentificator.com
googleathentific.com
googleathentificat.com
googleathentificator.com
gooogle-authentic.com
gujgleautent.site
tmdr7.mom
vaniloin.fun
vcczen.eu

# Reference: https://www.virustotal.com/gui/ip-address/212.192.31.181/relations

filezliza.site
notpadd-plus-pulse.site
opnvppn.site

# Reference: https://www.virustotal.com/gui/ip-address/31.41.44.252/relations

adeltie.site
bluerocks.top
boxett.site
cbyresocre.site
chrageeri.site
crptymosu.site
ebzichagre.site
gimrcachnts.site
golbalpyaents.site
ichkegtaeway.site
omsie.site
pyable.site
pyatarce.site
pysfae.site
storegom.com
turtqe.site
tysys.site

# Reference: https://x.com/crep1x/status/1818923301986554200

legiongirls.fun
paradiso4.fun

# Generic

/ReadLineS0SAT.exe
