# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Note: Trail for non-classified data stealers

# Reference: https://twitter.com/petikvx/status/1591465219666153474
# Reference: https://tria.ge/221112-tmcqqagf37
# Reference: https://www.joesandbox.com/analysis/744589?idtype=analysisid#iocs
# Reference: https://app.any.run/tasks/481b8157-1049-4145-9a84-978cd7814575/
# Reference: https://www.virustotal.com/gui/file/6663b11dcecaa8077560752dd22f1a801c7aa92c0dc691d6d2cb709be55ba5b5/detection

onsapay.com/loader

# Reference: https://www.virustotal.com/gui/file/3bace89ae7816695689bffd157c4ac31b58eb66b4de0bd40ede76606d7712aab/detection

tds-packages-update.com

# Reference: https://twitter.com/ULTRAFRAUD/status/1678849977336954880
# Reference: https://twitter.com/josh_penny/status/1679092742666825731
# Reference: https://www.virustotal.com/gui/file/d6aee63ffe429ddb9340090bff2127efad340240954364f1c996a8da6b711374/detection

download-desktop-capcut.com
avatarcloud.top
cloudimages.net
editorimage.info
getavatar.top
hahaimage.info
hahaimage.top
hahaimage.xyz
heheimage.info
heheimage.top
heheimage.xyz
heyavatar.info
heyavatar.top
heyimage.info
ip-ptr.tech
justjobsnow.com
nametoimage.com
partressure.org.uk
toimageai.top
svs00.ip-ptr.tech
vs1-2_2.ip-ptr.tech

# Reference: https://www.virustotal.com/gui/file/25ed22baa1216bddb7c0588cabe791452adc9f7f668837cafe00537ff85aea82/detection

lorealis.vip

# Reference: https://twitter.com/1ZRR4H/status/1682268170168532992

managedkv.com

# Generic

/inject-keylogger.exe
/loader0AA004BA90B
/loadermeLMEM8
/loaderrogram
/Stealer/
/stealer_php/
/.steal/
/Token_Stealer.bat
/FormGrabber/
/HistoryStealer/
