# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: purelogs stealer

# Reference: https://twitter.com/malwrhunterteam/status/1596269879824465922
# Reference: https://twitter.com/JAMESWT_MHT/status/1596438280903557141
# Reference: https://www.virustotal.com/gui/file/c620ce8ecbaa3ee3b92126091c7686e3bdfa23e188914f072ba2d90f05d18f9d/detection

http://195.201.23.210
download-files-pdf.de
sicherer-download-pdf.de
srv-fattureincloud.de
/ld9sja87s/dialogue/book
/ld9sja87s/dialogue/start
/ld9sja87s/dialogue/
/ld9sja87s/

# Reference: https://twitter.com/VirITeXplorer/status/1603321790490714113
# Reference: https://twitter.com/VirITeXplorer/status/1603322834046033923
# Reference: https://twitter.com/Gi7w0rm/status/1603381798343528450

195.201.23.210:5699
337727.seu2.cleverreach.com
downloadpdf-fattura.de

# Reference: https://blog.cluster25.duskrise.com/2022/12/22/an-infostealer-comes-to-town
# Reference: https://otx.alienvault.com/pulse/63a5b068e163450bbea073da
# Reference: https://www.virustotal.com/gui/file/d3aa8fca03e9eb9911bbb51302d703afa9c04ce94d94ce6c3cd5086999e49471/detection

http://116.203.19.97
service-fatturecloud.de
utente.service-fatturecloud.de
