# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: gurcu stealer

# Reference: https://twitter.com/0xToxin/status/1660533135526834176
# Reference: https://www.virustotal.com/gui/file/c219beaecc91df9265574eea6e9d866c224549b7f41cdda7e85015f4ae99b7c7/detection

140.238.218.94:8080

# Reference: https://twitter.com/Jane_0sint/status/1661783841454039040
# Reference: https://app.any.run/tasks/0b0e6ff6-afa1-4645-811a-f1f8bd54952f/

83.137.50.106:8500

# Reference: https://www.virustotal.com/gui/file/0fa222fb1c108d47b8d3e7c54753774d5f5098b462c5231a64031a574509a6f3/detection

134.202.120.23:9000
144.76.201.253:4080

# Reference: https://russianpanda.com/2023/07/04/WhiteSnake-Stealer-Malware-Analysis/
# Reference: https://threatfox.abuse.ch/browse/malware/win.whitesnake/

http://106.3.136.82
http://154.31.165.232
http://18.171.15.157
http://185.217.98.121
http://206.189.109.146
http://216.250.190.139
http://217.145.238.175
http://45.132.96.113
http://5.181.12.94
http://54.37.196.189
http://66.42.56.128
http://8.130.31.155
http://85.8.181.218
104.168.22.46:8090
106.15.66.6:8080
106.55.134.246:8080
116.196.97.232:8080
116.202.101.219:8080
123.129.217.85:8080
124.223.67.212:5555
139.224.8.231:8080
144.22.39.186:8080
163.172.255.114:9080
164.90.185.9:443
172.104.152.202:8080
172.245.180.159:2233
185.18.206.168:8080
185.217.98.121:8080
192.99.44.107:8080
195.201.135.141:9202
205.185.123.66:8080
212.154.86.44:83
212.87.204.196:8080
212.87.204.197:8080
37.252.188.127:8080
52.86.18.77:8080
78.46.66.9:8080
81.24.11.40:8080

# Reference: https://www.virustotal.com/gui/file/56393c8cbea881f8382d195682787254bb576cc4b370410eb94fd93a00a82ee8/detection

http://18.218.18.183
http://206.189.109.14
104.238.189.120:8080
121.63.250.132:88
129.151.109.160:8080
164.132.115.9:8082
168.138.211.88:8099
178.236.246.50:8080
178.236.246.50:80800
216.39.242.18:8080
23.224.102.6:8001
47.110.140.182:8080
47.96.78.224:8080
5.78.68.6:8009
74.208.179.68:7777
74.48.4.144:8080
81.187.79.8:9999
/0nrfP_george@965543_report.wsr

# Reference: https://twitter.com/Jane_0sint/status/1752312378010583304
# Reference: https://app.any.run/tasks/24f49eb3-1c94-4a74-a9e1-7d6dbbc92627/

45.61.137.41:8080

# Reference: https://www.fortinet.com/blog/threat-research/info-stealing-packages-hidden-in-pypi

http://103.226.125.218
http://162.33.178.113
http://18.228.80.130
http://3.142.76.113
http://65.20.76.112
http://94.156.6.209
103.244.151.46:8080
104.184.140.41:9000
107.161.20.142:8080
116.203.194.247:8080
129.159.134.19:8080
13.112.250.213:443
135.181.98.45:8888
139.99.123.53:9191
141.94.175.31:8098
185.216.26.127:8080
185.217.98.121:443
189.115.63.77:8080
192.99.196.191:443
24.199.110.250:8080
35.166.49.216:8080
44.228.161.50:443
45.155.171.134:8080
52.196.241.27:443
54.92.18.154:443
65.108.226.108:8080
95.140.147.126:8080
