# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: lazarus stealer

# Reference: https://x.com/solostalking/status/1953741512136688056

193.151.108.203:1133
193.151.108.207:1133
193.151.108.243:1133
193.151.108.33:1133
193.151.108.49:1133

# Reference: https://www.cyfirma.com/research/lazarus-stealer-android-malware-for-russian-bank-credential-theft-through-overlay-and-sms-manipulation/
# Reference: https://www.virustotal.com/gui/file/2574acd7fd593a639600566eab8084d783b6f0dcd5937e390a21c5ea11cc3cc5/detection
# Reference: https://www.virustotal.com/gui/file/d1ccc8dfd010130692a06fcc3b2ce737d156b0647a9c3d8a5707a5284faf18a1/detection

139.99.65.17:1133
146.103.11.134:1133
151.242.122.79:1133
151.242.41.74:1133
151.242.58.160:1133
151.243.254.45:1133
151.243.254.56:1133
151.244.170.5:1133
151.244.234.243:1133
176.65.137.53:1133
185.170.154.195:1133
185.170.154.201:1133
191.96.207.214:1133
193.151.108.24:1133
193.151.108.39:1133
213.21.237.206:1133
23.26.201.103:1133
23.26.201.48:1133
23.26.201.99:1133
23.95.162.206:1133
23.95.162.210:1133
23.95.162.249:1133
31.57.166.40:1133
31.57.166.87:1133
31.58.169.153:1133
31.58.169.29:1133
51.75.85.165:1133
77.105.161.255:1133
inqu-lazarus.icu
mzwnp.online
venom-lazarus.life

# Reference: https://x.com/solostalking/status/1975501888931176563

151.243.254.56:1133
151.244.170.12:1133
23.26.201.168:1133
31.58.169.29:1133
51.89.87.74:1133
