# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: alfonso stealer, collector stealer, datacollector, DCStealer, detector stealer, gachi stealer, hunter stealer, panda stealer

# Reference: https://twitter.com/ViriBack/status/1253857638607196162
# Reference: https://app.any.run/tasks/9d7710ad-18d6-4f1a-8f7f-25a6629049e4/
# Reference: https://www.virustotal.com/gui/file/eb1280c930b01b6b2930b926bd8b868312b74ab3b450afb2a216e08773b12bb9/detection
# Reference: https://www.virustotal.com/gui/domain/u6218636a7.ha004.t.justns.ru/relations

u6218636a7.ha004.t.justns.ru
u667503gif.ha004.t.justns.ru

# Reference: https://twitter.com/3xp0rtblog/status/1275063347424063489
# Reference: https://app.any.run/tasks/88fac00d-6a25-4869-af44-3955a53b6266/

data-collector.online

# Reference: https://twitter.com/3xp0rtblog/status/1327239694615257088
# Reference: https://app.any.run/tasks/acda3856-381d-4bfa-a576-2704d0cfcf86/
# Reference: https://www.virustotal.com/gui/file/30af8d3ec685a4a5669f1377bb74589772a0428d9daa214c179a795dcf4b9030/detection

193.124.66.33:2229

# Reference: https://twitter.com/3xp0rtblog/status/1324800226381758471
# Reference: https://www.virustotal.com/gui/file/8d28a885143b7327ca2db1f5fae20013591538c77941ae4244e67659943b31c1/detection
# Reference: https://app.any.run/tasks/5521e858-aa80-4c07-b4bb-0b97ab2f28e1/

95.215.206.139:2222

# Reference: https://twitter.com/3xp0rtblog/status/1344352253294104576
# Reference: https://app.any.run/tasks/1dba5a2e-9e11-4fb4-a7d5-89f71b4bb876/
# Reference: https://www.virustotal.com/gui/file/92175f70c2e1472fcb742e9dc4939a48da8ae6f02d0177a2387be4235b0b1b23/detection
# Reference: https://www.virustotal.com/gui/file/3998e2ba6588279a49570f61daef37d108e446db960b7a41a3c0bc8cfbfa271f/detection

94.103.84.193:2222
progs.su

# Reference: https://twitter.com/jorgemieres/status/1366740401454014471
# Reference: https://www.virustotal.com/gui/file/4446506c8c66e2f5066b8e5d3f23011bf0e101cc27bb1cfcc56c441ee0d1a312/detection

gamingspor.000webhostapp.com

# Reference: https://twitter.com/jorgemieres/status/1368952490876624898
# Reference: https://www.virustotal.com/gui/file/2c5d3ac0714de12796a11cded05fcd547e855cfe22add34fcd6a4abc13deccbe/detection
# Reference: https://www.virustotal.com/gui/file/48c46bec223f64754b981c5f69fc73ebd4db059bc3aaf5d553ecaf3e68c610b3/detection

collect.mcdir.ru

# Reference: https://www.virustotal.com/gui/file/3992d7d7e4cfe62a2bc7bada61f35bda7a1af7ecacb7e17aaaf4816a94857907/detection

gfgjhfgjfghgfghghg.ffox.site

# Reference: https://www.virustotal.com/gui/file/e722df3ecbbfa8f93f415307a4c70129653bf1582f15ce59b894c0386d95ad15/detection

cq90024.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/ceee6acd373826ccf7dee91d72edc5a1f84d80537db2414f91b33de2812af484/detection

cj65670.tmweb.ru

# Reference: https://twitter.com/ffforward/status/1381403701223522308
# Reference: https://www.virustotal.com/gui/file/05d38ac5460418b0aa813fc8c582ee5be42be192de10d188332901157c54287c/detection
# Reference: https://www.virustotal.com/gui/file/1efa74e72060865ff07bda90c4f5d0c470dd20198de7144960c88cef248c4457/detection

biscosuae.com
prtanet.com
prtboss.com

# Reference: https://twitter.com/ET_Labs/status/1385628386144309248
# Reference: https://www.virustotal.com/gui/file/98ce669e5e059cb05e579f1bc6e9327682a56670b63537a9d7c790219ae4bdf6/detection

f0520118.xsph.ru

# Reference: https://www.virustotal.com/gui/file/4003ee1d971e3638aa11c3a60f95d169122142a56d5d1ecf3dc60376f0f4d5f2/detection

f0537501.xsph.ru

# Reference: https://www.virustotal.com/gui/file/6fe6e6bf89c455dbf1c941d61c2f369b21052dcc9b855447d36581e5bb7f9e46/detection

f0536352.xsph.ru

# Reference: https://www.virustotal.com/gui/file/28e1990ecfab01745f8499174840437042ca500a42582ebe6a14f8bec21f5005/detection

f0531200.xsph.ru

# Reference: https://twitter.com/jorgemieres/status/1389559988117544962
# Reference: https://www.virustotal.com/gui/file/7e97d2bfdf27ec8701c57ed21131c63f37c129faf911da8c35a739c0697f33f2/detection

antimalwarebyte.site

# Reference: https://www.trendmicro.com/en_us/research/21/e/new-panda-stealer-targets-cryptocurrency-wallets-.html

http://23.92.213.108
http://83.220.175.66
1wftyu121cwr24v3hswa1234g.tk
bingoroll2.net
biscosuae.com
cocojambo.collector-steal.ga
collector-steal.ga
cryptojora.club
f0522235.xsph.ru
f0527189.xsph.ru
f0527262.xsph.ru
f0527703.xsph.ru
guarantte.xyz
j1145058.myjino.ru
loanfirmsolution.com
micromagican.com
prtanet.com
prtboss.com
repairyou.com
steammd0.beget.tech
traps.ml
tydaynsosi.ru

# Reference: https://www.virustotal.com/gui/file/eb9b05b993b25b9692a011ba8a12cc492ec769aeb82c5e1fcc328264438a229f/detection

collector-node.us

# Reference: https://www.virustotal.com/gui/file/bdee27ff1e53feb5af5be169cbee1602e8dd9c47722dd4e51fc17e1ab9ee6a92/detection

collector-gate01.us
