# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: maksstealer

# Reference: https://x.com/malwrhunterteam/status/1831587080780070999
# Reference: https://x.com/malwrhunterteam/status/1914567930878034347
# Reference: https://x.com/naumovax/status/1869019373631123490
# Reference: https://x.com/JAMESWT_WT/status/1932339464619356561
# Reference: https://x.com/skocherhan/status/1932352738706493911
# Reference: https://www.virustotal.com/gui/ip-address/94.131.111.51/relations
# Reference: https://app.any.run/tasks/f7e4df3c-f7f8-44e3-b1c3-a4db9d162732
# Reference: https://www.virustotal.com/gui/file/ec4e915484b22a46b5581ef39695832191c557bf4d9bd8238da468ad9e8a75ae/detection
# Reference: https://www.virustotal.com/gui/file/434902272c8d02754bbdfa37915745af55e0b59f2e8193bea6a66a025c14f7ba/detection

109.120.178.147:4025
109.120.178.147:4028
109.120.178.147:6662
94.131.111.51:3002
94.131.111.51:4001
94.131.111.51:4008
94.131.111.51:4099
94.131.111.51:6663
aditionallibraries.fun
axlecoffee.fun
handrat.xyz
maksagain.fun
maksagain.xyz
maksgofile.fun
makslibraries.fun
makslibraries.space
makslove.xyz
mavenrat.xyz
niseko-hirafu.com
mail.handrat.xyz

# Reference: https://www.prevailion.com/darkwatchman-new-fileness-techniques/
# Reference: https://www.virustotal.com/gui/ip-address/185.177.59.174/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.208.206.44/relations
# Reference: https://www.virustotal.com/gui/file/409839f9c8327eff6208aeca4f7113f5a0abdfa97f266f404b14f9fa6ab1432f/detection
# Reference: https://www.virustotal.com/gui/file/ce1eee6b86bbc352e9ad69b7e241dd7cf08dc60ced259087f72c33396f65093b/detection
# Reference: https://www.virustotal.com/gui/file/003ef083b27eb13b5ca6a39a7aaed359c5e7dae5a872cb569cdf69332bb56ad3/detection
# Reference: https://www.virustotal.com/gui/file/e8681efd888395026e420acffe3df7b45e990d0a917aec3f09c741d4d8ccfba6/detection

135.181.41.169:8080
195.149.114.21:8080
03d5e3f0.top
0a63afdb.top
0d0e6bc2.top
13789e9a.top
14155a83.top
1aced2b1.top
1b6cbc0a.top
1c017813.top
31e38172.top
3548cd93.top
3855cd59.top
3a60dc39.top
3d0d1820.top
3f380940.top
424ffd05.top
4522391c.top
46e4b1e4.top
483f39d6.top
4a0a28b6.top
4d67ecaf.top
4f52fdcf.top
63126a15.top
647fae0c.top
6b064885.top
6c6b8c9c.top
6dc9e227.top
74d2d366.top
7a095b54.top
7d649f4d.top
8265edb0.top
850829a9.top
8a71cf20.top
8cbe6582.top
8d1c0b39.top
936afe61.top
94073a78.top
a15c9ce3.top
a3698d83.top
a404499a.top
a63158fa.top
ac419c29.top
adb205b1.top
bfdb1290.top
d136686c.top
d303790c.top
d46ebd15.top
d65bac75.top
dab53527.top
db46acbf.top
e3000aee.top
e46dcef7.top
f20f193f.top
f562dd26.top
fa1b3baf.top
fbb95514.top
fd76ffb6.top

# Reference: https://twitter.com/suyog41/status/1643967451682729986
# Reference: https://www.virustotal.com/gui/ip-address/193.149.176.127/relations
# Reference: https://www.virustotal.com/gui/file/3898cd3d7c26c3fd142ee62ffaee418ddc5a7247b6148181e6abb0d29824df2a/detection
# Reference: https://www.virustotal.com/gui/file/75b46ff876cfefd598f2afe7e71c5bd3ca284b348426324049a59a9215cf39b8/detection
# Reference: https://www.virustotal.com/gui/file/094b0de76f9afd1fee8ec890edb6fb46b302bc57c1bd7b4a96746b1dcf0794a9/detection

025ad916.cyou
025ad916.icu
025ad916.shop
052e5f3f.cyou
052e5f3f.icu
052e5f3f.shop
08335ff5.cyou
08335ff5.icu
08335ff5.shop
0f580158.cyou
0f580158.icu
0f580158.shop
0f5e9bec.cyou
0f5e9bec.icu
0f5e9bec.shop
1ee79f0e.cyou
1ee79f0e.icu
1ee79f0e.shop
21625cd2.cyou
21625cd2.icu
21625cd2.shop
231e0c36.cyou
231e0c36.icu
231e0c36.shop
2473c82f.cyou
2473c82f.icu
2473c82f.shop
260f98cb.cyou
260f98cb.icu
260f98cb.shop
28d410f9.cyou
28d410f9.icu
28d410f9.shop
3a053d77.cyou
3a053d77.icu
3a053d77.shop
3d68f96e.cyou
3d68f96e.icu
3d68f96e.shop
4a6fc9f8.cyou
4a6fc9f8.icu
4a6fc9f8.shop
4d020de1.cyou
4d020de1.icu
4d020de1.shop
4fad40dc.cyou
4fad40dc.icu
4fad40dc.shop
5108a85d.cyou
5108a85d.icu
5108a85d.shop
5126a432.cyou
5126a432.icu
5126a432.shop
5374f8b9.cyou
5374f8b9.icu
5374f8b9.shop
54193ca0.cyou
54193ca0.icu
54193ca0.shop
56656c44.cyou
56656c44.icu
56656c44.shop
5fd3206f.cyou
5fd3206f.icu
5fd3206f.shop
6b02f7da.cyou
6b02f7da.icu
6b02f7da.shop
6ec6f49c.cyou
6ec6f49c.icu
6ec6f49c.shop
6f5a23d4.cyou
6f5a23d4.icu
6f5a23d4.shop
72296fa9.cyou
72296fa9.icu
72296fa9.shop
7544abb0.cyou
7544abb0.shop
7859ab7a.cyou
7859ab7a.icu
7859ab7a.shop
7f346f63.cyou
7f346f63.icu
7f346f63.shop
832db572.cyou
832db572.icu
832db572.shop
913a0e4f.cyou
913a0e4f.icu
913a0e4f.shop
9256ecbe.cyou
9256ecbe.icu
9256ecbe.shop
9657ca56.cyou
9657ca56.icu
9657ca56.shop
988c4264.cyou
988c4264.icu
988c4264.shop
9a9a8b91.cyou
9a9a8b91.icu
9a9a8b91.shop
9b4aca9c.cyou
9b4aca9c.icu
9b4aca9c.shop
9c270e85.cyou
9c270e85.icu
9c270e85.shop
9da3ecce.cyou
9da3ecce.icu
9da3ecce.shop
9fb2b319.cyou
9fb2b319.icu
9fb2b319.shop
a30c6ccd.cyou
a30c6ccd.icu
a30c6ccd.shop
a461a8d4.cyou
a461a8d4.icu
a461a8d4.shop
aaba20e6.cyou
aaba20e6.icu
aaba20e6.shop
b2a97b8f.cyou
b2a97b8f.icu
b2a97b8f.shop
b3a111a7.cyou
b3a111a7.icu
b3a111a7.shop
b8530e71.cyou
b8530e71.icu
b8530e71.shop
b86b0d68.cyou
b86b0d68.icu
b86b0d68.shop
ba175d8c.cyou
ba175d8c.icu
ba175d8c.shop
bd7a9995.cyou
bd7a9995.icu
bd7a9995.shop
beb73561.cyou
beb73561.icu
beb73561.shop
bf06c971.cyou
bf06c971.icu
bf06c971.shop
c4a62131.cyou
c4a62131.icu
c4a62131.shop
c801f9e7.cyou
c801f9e7.icu
c801f9e7.shop
ca7da903.cyou
ca7da903.icu
ca7da903.shop
cd106d1a.cyou
cd106d1a.icu
cd106d1a.shop
cf6c3dfe.cyou
cf6c3dfe.icu
cf6c3dfe.shop
d3669842.cyou
d3669842.icu
d3669842.shop
d40b5c5b.cyou
d40b5c5b.icu
d40b5c5b.shop
d5ac39cb.cyou
d5ac39cb.icu
d5ac39cb.shop
ddbd1070.cyou
ddbd1070.icu
ddbd1070.shop
e150fac0.cyou
e150fac0.icu
e150fac0.shop
e63d3ed9.cyou
e63d3ed9.icu
e63d3ed9.shop
eb203e13.cyou
eb203e13.icu
eb203e13.shop
ec311447.cyou
ec311447.icu
ec311447.shop
ec4dfa0a.cyou
ec4dfa0a.icu
ec4dfa0a.shop
eeca47ca.cyou
eeca47ca.icu
eeca47ca.shop
ef8b72f2.cyou
ef8b72f2.icu
ef8b72f2.shop
f8831f57.cyou
f8831f57.icu
f8831f57.shop

# Reference: https://blog.cyble.com/2023/05/05/sophisticated-darkwatchman-rat-spreads-through-phishing-sites/
# Reference: https://otx.alienvault.com/pulse/645be9d36c7e94fb4d3cf001

cryptopro-download.one

# Reference: https://www.virustotal.com/gui/file/e340ce0a47791aeb93978aebd3e0b7a1f334ac91fbc52cf633767f431a13d73b/detection

82334906.fun
8c78a7e8.fun
8c78a7e8.online
8c78a7e8.site

# Reference: https://www.virustotal.com/gui/file/acb8336525e02a52cf2c77ed070bfbbaf003bfd643c18a1f7af58a9b5278a198/detection

039eeff6.fun
039eeff6.online
039eeff6.site
09860e92.fun
09860e92.online
09860e92.site
19601cd9.fun
19601cd9.online
19601cd9.site
35e32b0f.fun
35e32b0f.online
35e32b0f.site
3d13c1f9.fun
3d13c1f9.online
3d13c1f9.site
60df3369.fun
60df3369.online
60df3369.site
6f0454b9.fun
6f0454b9.online
6f0454b9.site
82334906.online
82334906.site
950a5e96.fun
950a5e96.online
950a5e96.site
bd12379b.fun
bd12379b.online
bd12379b.site
c5971d03.fun
c5971d03.online
c5971d03.site
d61db2e5.fun
d61db2e5.online
d61db2e5.site
d7d7f722.fun
d7d7f722.online
d7d7f722.site
e353067e.fun
e353067e.online
e353067e.site
eb074752.fun
eb074752.online
eb074752.site

# Reference: https://www.virustotal.com/gui/file/9c19574eecfe02ab7267b080bda1fdd24fc55242d1f8c0ff1e552145825a0a07/detection

73c9efbb.shop
fb0bf2b1.fun
fb0bf2b1.shop
fb0bf2b1.space

# Reference: https://www.virustotal.com/gui/file/98c258bd6a26c447afeb152079ee8a27a484fa7bd775269a2292788a51b22be2/detection

05f9bc37.cyou
05f9bc37.shop
1b4401fb.cyou
1b4401fb.shop
257aea4a.cyou
273f2a58.cyou
282e3ebb.cyou
282e3ebb.shop
3365815f.cyou
3365815f.shop
5499fade.cyou
560eec58.cyou
560eec58.shop
59cd2e2f.cyou
682ad9af.cyou
682ad9af.shop
725b1784.cyou
725b1784.shop
73c9efbb.cyou
837fe729.shop
8ade4892.cyou
8ade4892.shop
9199b324.cyou
9199b324.shop
985eae2a.cyou
985eae2a.shop
b697a8b2.cyou
b697a8b2.shop
c9bf45e4.cyou
c9bf45e4.shop
dc042185.cyou
dc042185.shop
dff73748.shop
ea3aeeec.cyou
ea3aeeec.shop
efb39ac1.cyou
efb39ac1.shop
f5c5f942.cyou
f5c5f942.shop
fb0bf2b1.cyou

# Reference: https://www.virustotal.com/gui/file/f1cc45caf2b1c60219840f6794ed2d15721cf1a86c96d1f3d4fb822d302c09fc/detection

136e9446.fun
136e9446.online
136e9446.site
13e1ced9.fun
13e1ced9.online
13e1ced9.site
17c45148.fun
17c45148.online
17c45148.site
321b1982.fun
321b1982.online
321b1982.site
3576dd9b.fun
3576dd9b.online
3576dd9b.site
380cd008.online
3a60dc39.fun
3a60dc39.online
3a60dc39.site
3d0d1820.fun
3d0d1820.online
3d0d1820.site
4271ed0d.fun
4271ed0d.online
4271ed0d.site
44e645b3.fun
44e645b3.online
44e645b3.site
451c2914.fun
451c2914.online
451c2914.site
4a0a28b6.fun
4a0a28b6.online
4a0a28b6.site
4d67ecaf.fun
4d67ecaf.online
4d67ecaf.site
4f0be09e.fun
4f0be09e.online
4f0be09e.site
500ed27c.fun
500ed27c.online
500ed27c.site
5937c7c6.fun
5937c7c6.online
5937c7c6.site
6a090054.fun
6a090054.online
6a090054.site
7c7cb9a4.fun
7c7cb9a4.online
7c7cb9a4.site
97815a39.fun
97815a39.online
97815a39.site
9eaa332e.fun
9eaa332e.online
9eaa332e.site
a10581b2.fun
a10581b2.online
a10581b2.site
a2a40413.fun
a2a40413.online
a2a40413.site
a404499a.fun
a404499a.online
a404499a.site
ab124838.fun
ab124838.online
ab124838.site
ac7f8c21.fun
ac7f8c21.online
ac7f8c21.site
adb205b1.fun
adb205b1.online
adb205b1.site
c8690767.fun
c8690767.online
c8690767.site
d303790c.fun
d303790c.online
d303790c.site
d5a33485.fun
d5a33485.online
d5a33485.site
d602b124.fun
d602b124.online
d602b124.site
dab53527.fun
dab53527.online
dab53527.site
db78bcb7.fun
db78bcb7.online
db78bcb7.site
dc1578ae.fun
dc1578ae.online
dc1578ae.site
e123fe80.fun
e123fe80.online
e123fe80.site

# Reference: https://www.virustotal.com/gui/file/a18b8b1b4870e2b048f946abd5cf2cb050a09820c90fb54bd9041dc0f770772b/detection

06757671.fun
06757671.online
06757671.site
08aefe43.fun
08aefe43.online
08aefe43.site
0fc33a5a.fun
0fc33a5a.online
0fc33a5a.site
22a77f76.fun
22a77f76.online
22a77f76.site
2383ad80.fun
2383ad80.online
2383ad80.site
24ee6999.fun
24ee6999.online
24ee6999.site
25cabb6f.fun
25cabb6f.online
25cabb6f.site
2c7cf744.fun
2c7cf744.online
2c7cf744.site
2d5825b2.fun
2d5825b2.online
2d5825b2.site
52cd8bf9.fun
52cd8bf9.online
52cd8bf9.site
53e9590f.fun
53e9590f.online
53e9590f.site
54849d16.fun
54849d16.online
54849d16.site
55a04fe0.fun
55a04fe0.online
55a04fe0.site
5a5f1524.fun
5a5f1524.online
5a5f1524.site
5b7bc7d2.fun
5b7bc7d2.online
5b7bc7d2.site
66b2ff94.fun
66b2ff94.online
717246e7.fun
717246e7.online
717246e7.site
78c40acc.fun
78c40acc.online
78c40acc.site
7fa9ced5.fun
7fa9ced5.online
7fa9ced5.site
91a7aff9.fun
91a7aff9.online
91a7aff9.site
96ca6be0.fun
96ca6be0.online
96ca6be0.site
ba8afc3a.fun
ba8afc3a.online
ba8afc3a.site
bbae2ecc.fun
bbae2ecc.online
bbae2ecc.site
bcc3ead5.fun
bcc3ead5.online
bcc3ead5.site
bde73823.fun
bde73823.online
bde73823.site
cae008b5.fun
cae008b5.online
cae008b5.site
cbc4da43.fun
cbc4da43.online
cbc4da43.site
cca91e5a.fun
cca91e5a.online
cca91e5a.site
cd8dccac.fun
cd8dccac.online
cd8dccac.site
e1cd5b76.fun
e1cd5b76.online
e1cd5b76.site
e6a09f6f.fun
e6a09f6f.online
e6a09f6f.site

# Reference: https://www.virustotal.com/gui/file/71f3c13148b4145419cf11ab2585791248d693638d2c7e495458066526300ba1/detection

13e1ced9.top
17c45148.top
44e645b3.top
500ed27c.top
c8690767.top
e123fe80.top

# Reference: https://habr.com/ru/companies/F6/news/905930/ (RU)

3d0d1820.online
4ad74aab.biz.ua
4ad74aab.cfd
4ad74aab.fun
4ad74aab.sbs
4ad74aab.space
4ad74aab.xyz
7737a33d.fun
7737a33d.online
7737a33d.site
7966f93f.fun
7966f93f.online
7966f93f.site
8f046b4c.fun
8f046b4c.online
8f046b4c.site
9243e231.cfd
9243e231.sbs
9243e231.xyz
absolut-ooo.ru
alliance-s.ru
bc0324ae.biz.ua
bc0324ae.cfd
bc0324ae.fun
bc0324ae.sbs
bc0324ae.space
bc0324ae.xyz
d634555e.fun
d634555e.online
d634555e.site
ebdbb64e.fun
ebdbb64e.online
ebdbb64e.site

# Reference: https://www.virustotal.com/gui/file/0ace41794e85342cbff8adbbd331b8c174b31097276f4c37f858ae805b2384a6/detection

185.159.131.10:443
27dd67e8.fun
27dd67e8.online
27dd67e8.shop
27dd67e8.site
27dd67e8.space
27dd67e8.store
4ad74aab.online
4ad74aab.shop
4ad74aab.site
4ad74aab.store
4e577395.fun
4e577395.online
4e577395.shop
4e577395.site
4e577395.space
4e577395.store
54f484f2.online
54f484f2.store
6e93d646.fun
6e93d646.online
6e93d646.shop
6e93d646.site
6e93d646.space
6e93d646.store
791688a4.fun
791688a4.online
791688a4.shop
791688a4.site
791688a4.space
791688a4.store
80ce6519.fun
80ce6519.online
80ce6519.shop
80ce6519.site
80ce6519.space
80ce6519.store
9203ebc7.fun
9203ebc7.online
9203ebc7.shop
9203ebc7.site
9203ebc7.space
9203ebc7.store
9243e231.fun
9243e231.online
9243e231.shop
9243e231.site
9243e231.space
9243e231.store
942a8b18.fun
942a8b18.online
942a8b18.shop
942a8b18.site
942a8b18.space
942a8b18.store
9e8fae09.fun
9e8fae09.online
9e8fae09.shop
9e8fae09.site
9e8fae09.space
9e8fae09.store
b170e747.fun
b170e747.online
b170e747.shop
b170e747.site
b170e747.space
b170e747.store
bc0324ae.online
bc0324ae.shop
bc0324ae.site
bc0324ae.store
d79046bd.fun
d79046bd.online
d79046bd.shop
d79046bd.site
d79046bd.space
d79046bd.store
db49f51f.fun
db49f51f.online
db49f51f.shop
db49f51f.site
db49f51f.space
db49f51f.store
fa2b8b86.fun
fa2b8b86.online
fa2b8b86.shop
fa2b8b86.site
fa2b8b86.space
fa2b8b86.store
z3a5fk7gipppm4tq3fmtit6epwcaxwb6efdget5lczyqjwvv7l5bypad.onion

# Reference: https://x.com/ShadowOpCode/status/1955579591114002446
# Reference: https://x.com/skocherhan/status/1955594325041066191
# Reference: https://www.virustotal.com/gui/file/8c92ddb704bbc6fc2e1070d3bc26c1e0aeb2d12f26de1113a9168ee461bb1e6a/detection
# Reference: https://www.virustotal.com/gui/file/03221edbb1dee4a32a4531ab94888476fd929b722d59937ff746283123178d79/detection

27dd67e8.biz.ua
27dd67e8.cfd
27dd67e8.sbs
27dd67e8.xyz
4e577395.cfd
4e577395.sbs
4e577395.xyz
80ce6519.biz.ua
80ce6519.cfd
80ce6519.sbs
80ce6519.xyz
9243e231.biz.ua
9e8fae09.biz.ua
9e8fae09.cfd
9e8fae09.sbs
9e8fae09.xyz
b170e747.biz.ua
b170e747.cfd
b170e747.sbs
b170e747.xyz
db49f51f.biz.ua
db49f51f.cfd
db49f51f.sbs
db49f51f.xyz
f009d129.space
f06ed4a1.xyz
f0875111.cfd
f0875111.space
f0994264.cfd
f0994264.space
f0d384f8.cfd
f0d384f8.fun
f0d384f8.space
f13e8bdc.space
f14a4904.fun
f1a3ccb4.cfd
f1ae1891.fun
f1dada49.fun
f1dada49.space
f227efeb.fun
f2532d33.sbs
f2532d33.space
f2a4bbf6.sbs
f2baa883.xyz
f377b096.cfd
f39e3526.xyz
f3eaf7fe.cfd
f406e0d5.space
f418f3a0.fun
f418f3a0.space
f461e55d.cfd
f4f17610.xyz
f5227d70.fun
f548acdd.sbs
f5a1296d.cfd
f5a1296d.xyz
f6250a32.sbs
f63b1947.cfd
f6b84d5a.space
f6cc8f82.cfd
f7e81227.xyz
f801cebe.fun
f8750c66.cfd
f89c89d6.fun
f89c89d6.sbs
f8bc9ee7.xyz
fa2b8b86.biz.ua
fa2b8b86.cfd
fa2b8b86.sbs
fa2b8b86.xyz
fad5b29c.space
fb18aa89.xyz
fb35699d.xyz
fb61bc74.fun
fb61bc74.xyz
fb85ede1.fun
fb8839c4.sbs
fbf12f39.fun
fc77e9bf.space
fc77e9bf.xyz
fd27b6c2.fun
fd27b6c2.space
fd4d676f.sbs
fd53741a.cfd
fdbaf1aa.fun
fe1ec5c4.sbs
fe8e5689.fun
fe8e5689.xyz
fed75745.cfd
feda8360.sbs
ff709efd.space
ff870838.xyz

# Reference: https://app.validin.com/detail?find=b514a84f0f6342206ceb94cf10627453&type=hash&ref_id=c81bd9076a8#tab=host_pairs (# 2025-09-01)

maksgofile.xyz
maksagain.biz.ua
