# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: amatera stealer

# Reference: https://x.com/solostalking/status/1867864181514600826

http://45.89.196.115

# Reference: https://x.com/solostalking/status/1885303861130166459
# Reference: https://app.validin.com/detail?find=Amatera%20App&type=raw&ref_id=5c1704d7ffe#tab=host_pairs (# 2025-01-31)

http://84.200.154.182

# Reference: https://x.com/solostalking/status/1907320756595220710

http://194.48.248.57
194.48.248.57:443
amaprox.icu

# Reference: https://x.com/solostalking/status/1930844795330761206
# Reference: https://x.com/BlinkzSec/status/1935749372697817302
# Reference: https://app.validin.com/detail?find=Amatera%20App&type=raw&ref_id=bf97d1b4bbc#tab=host_pairs (# 2025-06-06)

http://91.84.109.91
91.84.109.91:443
adiobast.icu
afdprox.icu
v361422.hosted-by-vdsina.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-05-21-v10932/2752

winthigh.top

# Reference: https://www.proofpoint.com/us/blog/threat-insight/amatera-stealer-rebranded-acr-stealer-improved-evasion-sophistication

talismanoverblown.com
b1.talismanoverblown.com

# Reference: https://x.com/Merlax_/status/1960048599678493033
# Reference: https://www.virustotal.com/gui/file/133d56d17ba934898306f4ad442ee679f9e161e0237c968ff37f2abc487d3f0d/detection

37.27.165.65:1477
62.84.103.78:28352
