# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: alfonso stealer, collector stealer, datacollector, DCStealer, detector stealer, gachi stealer, hunter stealer, panda stealer

# Reference: https://twitter.com/ViriBack/status/1253857638607196162
# Reference: https://app.any.run/tasks/9d7710ad-18d6-4f1a-8f7f-25a6629049e4/
# Reference: https://www.virustotal.com/gui/file/eb1280c930b01b6b2930b926bd8b868312b74ab3b450afb2a216e08773b12bb9/detection
# Reference: https://www.virustotal.com/gui/domain/u6218636a7.ha004.t.justns.ru/relations

u6218636a7.ha004.t.justns.ru
u667503gif.ha004.t.justns.ru

# Reference: https://twitter.com/3xp0rtblog/status/1275063347424063489
# Reference: https://app.any.run/tasks/88fac00d-6a25-4869-af44-3955a53b6266/

data-collector.online

# Reference: https://twitter.com/3xp0rtblog/status/1327239694615257088
# Reference: https://app.any.run/tasks/acda3856-381d-4bfa-a576-2704d0cfcf86/
# Reference: https://www.virustotal.com/gui/file/30af8d3ec685a4a5669f1377bb74589772a0428d9daa214c179a795dcf4b9030/detection

193.124.66.33:2229

# Reference: https://twitter.com/3xp0rtblog/status/1324800226381758471
# Reference: https://www.virustotal.com/gui/file/8d28a885143b7327ca2db1f5fae20013591538c77941ae4244e67659943b31c1/detection
# Reference: https://app.any.run/tasks/5521e858-aa80-4c07-b4bb-0b97ab2f28e1/

95.215.206.139:2222

# Reference: https://twitter.com/3xp0rtblog/status/1344352253294104576
# Reference: https://app.any.run/tasks/1dba5a2e-9e11-4fb4-a7d5-89f71b4bb876/
# Reference: https://www.virustotal.com/gui/file/92175f70c2e1472fcb742e9dc4939a48da8ae6f02d0177a2387be4235b0b1b23/detection
# Reference: https://www.virustotal.com/gui/file/3998e2ba6588279a49570f61daef37d108e446db960b7a41a3c0bc8cfbfa271f/detection

94.103.84.193:2222
progs.su

# Reference: https://twitter.com/jorgemieres/status/1366740401454014471
# Reference: https://www.virustotal.com/gui/file/4446506c8c66e2f5066b8e5d3f23011bf0e101cc27bb1cfcc56c441ee0d1a312/detection

gamingspor.000webhostapp.com

# Reference: https://twitter.com/jorgemieres/status/1368952490876624898
# Reference: https://www.virustotal.com/gui/file/2c5d3ac0714de12796a11cded05fcd547e855cfe22add34fcd6a4abc13deccbe/detection
# Reference: https://www.virustotal.com/gui/file/48c46bec223f64754b981c5f69fc73ebd4db059bc3aaf5d553ecaf3e68c610b3/detection

collect.mcdir.ru

# Reference: https://www.virustotal.com/gui/file/3992d7d7e4cfe62a2bc7bada61f35bda7a1af7ecacb7e17aaaf4816a94857907/detection

gfgjhfgjfghgfghghg.ffox.site

# Reference: https://www.virustotal.com/gui/file/e722df3ecbbfa8f93f415307a4c70129653bf1582f15ce59b894c0386d95ad15/detection

cq90024.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/ceee6acd373826ccf7dee91d72edc5a1f84d80537db2414f91b33de2812af484/detection

cj65670.tmweb.ru

# Reference: https://twitter.com/ffforward/status/1381403701223522308
# Reference: https://www.virustotal.com/gui/file/05d38ac5460418b0aa813fc8c582ee5be42be192de10d188332901157c54287c/detection
# Reference: https://www.virustotal.com/gui/file/1efa74e72060865ff07bda90c4f5d0c470dd20198de7144960c88cef248c4457/detection

biscosuae.com
prtanet.com
prtboss.com

# Reference: https://twitter.com/ET_Labs/status/1385628386144309248
# Reference: https://www.virustotal.com/gui/file/98ce669e5e059cb05e579f1bc6e9327682a56670b63537a9d7c790219ae4bdf6/detection

f0520118.xsph.ru

# Reference: https://www.virustotal.com/gui/file/4003ee1d971e3638aa11c3a60f95d169122142a56d5d1ecf3dc60376f0f4d5f2/detection

f0537501.xsph.ru

# Reference: https://www.virustotal.com/gui/file/6fe6e6bf89c455dbf1c941d61c2f369b21052dcc9b855447d36581e5bb7f9e46/detection

f0536352.xsph.ru

# Reference: https://www.virustotal.com/gui/file/28e1990ecfab01745f8499174840437042ca500a42582ebe6a14f8bec21f5005/detection

f0531200.xsph.ru

# Reference: https://twitter.com/jorgemieres/status/1389559988117544962
# Reference: https://www.virustotal.com/gui/file/7e97d2bfdf27ec8701c57ed21131c63f37c129faf911da8c35a739c0697f33f2/detection

antimalwarebyte.site

# Reference: https://www.trendmicro.com/en_us/research/21/e/new-panda-stealer-targets-cryptocurrency-wallets-.html

http://23.92.213.108
http://83.220.175.66
1wftyu121cwr24v3hswa1234g.tk
bingoroll2.net
biscosuae.com
cocojambo.collector-steal.ga
collector-steal.ga
cryptojora.club
f0522235.xsph.ru
f0527189.xsph.ru
f0527262.xsph.ru
f0527703.xsph.ru
guarantte.xyz
j1145058.myjino.ru
loanfirmsolution.com
micromagican.com
prtanet.com
prtboss.com
repairyou.com
steammd0.beget.tech
traps.ml
tydaynsosi.ru

# Reference: https://www.virustotal.com/gui/file/eb9b05b993b25b9692a011ba8a12cc492ec769aeb82c5e1fcc328264438a229f/detection

collector-node.us

# Reference: https://www.virustotal.com/gui/file/bdee27ff1e53feb5af5be169cbee1602e8dd9c47722dd4e51fc17e1ab9ee6a92/detection

collector-gate01.us

# Reference: https://twitter.com/jorgemieres/status/1392148957204205580
# Reference: https://www.virustotal.com/gui/file/23acdd1f64bbf85d8d6f8f29bad826464d6ecf0160e8975e55bfcf3cce891f01/detection

coronavirus.mcdir.me

# Reference: https://www.virustotal.com/gui/file/5b7559ef858b45a1aa79ed59ee28f0a8e4f117c07986f8ca6d5ed5df567a247c/detection

f0538564.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d808216221746c98ebc2afa74ce7f48af1600ae52a22dc3e7468f5bf69d5dc76/detection

globaltechtutor.com

# Reference: http://tracker.viriback.com/dump.php (# Collector)

a98052kl.beget.tech
barix.atwebpages.com
cb60062.tmweb.ru
cn38762.tmweb.ru
cs33609.tmweb.ru
cu94599.tmweb.ru
cx48626.tmweb.ru
f0520118.xsph.ru
f0522091.xsph.ru
f0522691.xsph.ru
f0522877.xsph.ru
f0523160.xsph.ru
f0523327.xsph.ru
f0523773.xsph.ru
f0524225.xsph.ru
f0525005.xsph.ru
f0525251.xsph.ru
f0525381.xsph.ru
f0525895.xsph.ru
f0526333.xsph.ru
f0527189.xsph.ru
f0527262.xsph.ru
f0527344.xsph.ru
f0527415.xsph.ru
f0527643.xsph.ru
f0527703.xsph.ru
f0528344.xsph.ru
f0528737.xsph.ru
f0529045.xsph.ru
f0529228.xsph.ru
f0531603.xsph.ru
f0531646.xsph.ru
f0531750.xsph.ru
f0531989.xsph.ru
f0532253.xsph.ru
f0533131.xsph.ru
f0533420.xsph.ru
f0533601.xsph.ru
f0533622.xsph.ru
f0533726.xsph.ru
f0533988.xsph.ru
f0534243.xsph.ru
f0534644.xsph.ru
f0534776.xsph.ru
f0535130.xsph.ru
f0535280.xsph.ru
f0535358.xsph.ru
f0535398.xsph.ru
f0535460.xsph.ru
f0535799.xsph.ru
f0535947.xsph.ru
f0536181.xsph.ru
f0536231.xsph.ru
f0536352.xsph.ru
f0536427.xsph.ru
f0536692.xsph.ru
f0537214.xsph.ru
f0537341.xsph.ru
f0537501.xsph.ru
f0537624.xsph.ru
f0537792.xsph.ru
f0538075.xsph.ru
f0538386.xsph.ru
f0538851.xsph.ru
f0538928.xsph.ru
f0539063.xsph.ru
f0539266.xsph.ru
f0539343.xsph.ru
f0539494.xsph.ru
f0539879.xsph.ru
f0540018.xsph.ru
f0540269.xsph.ru
f0540490.xsph.ru
f0540908.xsph.ru
f0540924.xsph.ru
f0541497.xsph.ru
f0541553.xsph.ru
f0541911.xsph.ru
f0541979.xsph.ru
f0542157.xsph.ru
f0542175.xsph.ru
f0542230.xsph.ru
f0542299.xsph.ru
f0542355.xsph.ru
f0542710.xsph.ru
f0542829.xsph.ru
j9859310.myjino.ru
site13046.web1.titanaxe.com
tatu2.win5x.fun
tsaoysakis.mcdir.me
yotub1337.myjino.ru
