# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: purelogs stealer

# Reference: https://twitter.com/malwrhunterteam/status/1596269879824465922
# Reference: https://twitter.com/JAMESWT_MHT/status/1596438280903557141
# Reference: https://www.virustotal.com/gui/file/c620ce8ecbaa3ee3b92126091c7686e3bdfa23e188914f072ba2d90f05d18f9d/detection

http://195.201.23.210
download-files-pdf.de
sicherer-download-pdf.de
srv-fattureincloud.de
/ld9sja87s/dialogue/book
/ld9sja87s/dialogue/start
/ld9sja87s/dialogue/
/ld9sja87s/

# Reference: https://twitter.com/VirITeXplorer/status/1603321790490714113
# Reference: https://twitter.com/VirITeXplorer/status/1603322834046033923
# Reference: https://twitter.com/Gi7w0rm/status/1603381798343528450

195.201.23.210:5699
337727.seu2.cleverreach.com
downloadpdf-fattura.de

# Reference: https://blog.cluster25.duskrise.com/2022/12/22/an-infostealer-comes-to-town
# Reference: https://otx.alienvault.com/pulse/63a5b068e163450bbea073da
# Reference: https://www.virustotal.com/gui/file/d3aa8fca03e9eb9911bbb51302d703afa9c04ce94d94ce6c3cd5086999e49471/detection

http://116.203.19.97
service-fatturecloud.de
utente.service-fatturecloud.de

# Reference: https://twitter.com/VirITeXplorer/status/1612840654563860482
# Reference: https://twitter.com/VirITeXplorer/status/1612841897055195142

195.201.23.210:5200
lkvbb-lkvbb.de

# Reference: https://www.virustotal.com/gui/file/9bbd2fc484077da329ae3658122614fa1f9f9dfe9e3ebfb982a69d32fc55a66b/detection

chaifoomasho.foundation
eiseesaeheeg.fun

# Reference: https://www.virustotal.com/gui/file/38c45f56be6ea967ae74559abbc0eace9f0bd9d304b2cf918229366f2feb11fb/detection

puredating.top

# Reference: https://twitter.com/Racco42/status/1716498733183926306
# Reference: https://app.any.run/tasks/6d60a64e-7803-4d0c-8c2f-32ffbc62f745/
# Reference: https://www.virustotal.com/gui/file/4af6acc09b59a76cb72a04b55d20b029c29e069f2c8403677624bc8dee93132c/detection

51.75.154.192:62520

# Reference: https://twitter.com/Jane_0sint/status/1716519296489189405
# Reference: https://app.any.run/tasks/32eaf0c9-fec7-4fcb-89d0-c47cce096fa2/

86.106.87.133:62520

# Reference: https://twitter.com/g0njxa/status/1717474198480683418
# Reference: https://twitter.com/Jane_0sint/status/1717507470489194895
# Reference: https://app.any.run/tasks/9d36942e-c84e-4f92-becb-afb8289bbdf1/

185.138.164.41:7705

# Reference: https://twitter.com/AvastThreatLabs/status/1722953843208577257
# Reference: https://www.virustotal.com/gui/file/037d4c74e5ceda694755d7ff54d8e45f1c7d439262d7c5293a6751cf02872efd/detection

http://5.182.86.248
http://5.182.87.245

# Reference: https://twitter.com/James_inthe_box/status/1727060607109833165
# Reference: https://app.any.run/tasks/b7141b83-ab60-4072-b208-f6cbdeb224f2/

91.92.253.88:7702

# Reference: https://twitter.com/g0njxa/status/1729232608830394409
# Reference: https://www.virustotal.com/gui/file/0808202fc3bd5e570b2106a4f991de5beeee739960b1167a590da92727b813a6/detection

212.224.86.54:58001

# Reference: https://twitter.com/g0njxa/status/1729478226148307227
# Reference: https://app.any.run/tasks/1684165d-42ae-4777-a64e-da59320f9ef2/
# Reference: https://www.virustotal.com/gui/file/c36f73870a437275b512bdc8a70a249e77a1d836949dc4c79ece8dcd05d8a571/detection

95.214.25.73:58001
pornsworld.xyz
data.pornsworld.xyz

# Reference: https://twitter.com/k3yp0d/status/1729908135375020125
# Reference: https://www.virustotal.com/gui/file/ff0179442402fa306c85ba83a87df2cc46d13012a1e2819e73a6b3586c5c8dc3/detection
# Reference: https://www.virustotal.com/gui/file/9745eaca508255646d2039383150952955f49196767a160968fcf83130ad9a90/detection
# Reference: https://www.virustotal.com/gui/file/93988c13f8e6dc3cc6d9256992d417057e164785c1ad05f6984fc769af5b597a/detection
# Reference: https://www.virustotal.com/gui/file/5901691afd331944b38939588b1ac7480c1ea76ba32c703bb61af1be4c72bb50/detection

91.92.252.74:39001
91.92.252.74:58003

# Reference: https://www.virustotal.com/gui/file/39b10e16dcda487ccf77695191c4c5e45d7e3b1ca85099f4bd934f260dc7ef62/detection

91.92.120.119:62520

# Reference: https://twitter.com/suyog41/status/1733001612103397646
# Reference: https://www.virustotal.com/gui/file/a1d1b33e93188e94712b71b3fb7589eb6904af72e243d6dff3fb5c6ad917038a/detection
# Reference: https://www.virustotal.com/gui/file/6ead965d47c13610ac4796e9d3f9ace8bcdff14bbdd828176ef8eb702fa26c0d/detection

91.92.240.144:58001

# Reference: https://twitter.com/ViriBack/status/1734058092336148839
# Reference: https://www.virustotal.com/gui/file/eb084ed44cabbe60ecfcc565813ece7aec29b259d6ba029ee1749d6cd93bbed2/detection
# Reference: https://www.virustotal.com/gui/file/833b39e5d4b15f65b5a1792038178d6afa3a661c566682274bf1dde5716a4d3f/detection
# Reference: https://www.virustotal.com/gui/file/db0b9056105ec470e760eb9e9940ad871fdcd321e876dcccae3600d12e8ec38d/detection
# Reference: https://www.virustotal.com/gui/file/ed04d8ebbc30c39278f1e22d2442853ff704f97f0e494d069034dee2239bc43a/detection
# Reference: https://www.virustotal.com/gui/file/54cf52a9e70fd4c1451e174e177e1e085849b77ffba2e0949865aa69fc44b141/detection

5.188.159.44:39001
5.188.159.44:58001
51.255.78.213:39001
51.255.78.213:58001
51.255.78.213:7702

# Reference: https://www.virustotal.com/gui/file/035ae10badc5ae4db898cdf876da90e4aa8110b2f772e296cac0a0cc5cf3f7ee/detection

23.224.233.91:58001
23.224.233.91:7702

# Reference: https://www.virustotal.com/gui/file/1bb8f8ab59d0e9c8eec0366638f3d079cb2be52033346db80aff0badcf9e0aea/detection

58.220.33.199:7702

# Reference: https://www.virustotal.com/gui/file/68c0399ac81708d1bb12018df9779e3f505bec822d64e4e9a7d063962ae23c6a/detection

http://61.147.96.195
61.147.96.195:3131

# Reference: https://app.any.run/tasks/b67b0bf0-b145-4f47-b45d-cdcd068a05c8/

http://74.119.193.203

# Reference: https://www.virustotal.com/gui/file/0a65d5c09412040cf15bf2cca084741b4a1b386cbd0a88cd63c0cf867581b395/detection

89.39.106.35:1337
89.39.106.35:58004
