# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/ViriBack/status/1698693553168236869
# Reference: https://tria.ge/230904-qwxwgagg94/behavioral2
# Reference: https://www.virustotal.com/gui/file/b81e13b002550265e44bc537de51846a59ef65be6ae2459ccda381b182c3b0b5/detection
# Reference: https://www.virustotal.com/gui/file/276cdb84c5db9d081f107c821a4b28e3b7749a0924a8445d0c021de6fbac72a4/detection
# Reference: https://www.virustotal.com/gui/file/26fd3fa8f1f4374ee00c5c9ca69afdcbc818374aa7d5f5e5c566ad2720db54f6/detection
# Reference: https://www.virustotal.com/gui/file/3f6c9b055bfc0ed718424596eb1ac8ab1126f431e756b140297b772aa4522ab2/detection
# Reference: https://www.virustotal.com/gui/file/1486569f25d01a055597e00b03356fa65456d260eec1533600b7d6d6ad494733/detection
# Reference: https://www.virustotal.com/gui/file/46f5c2493cf9015256aa234588a0ef1a9dfe0a37faaac1f1fb07a167e795372e/detection
# Reference: https://www.virustotal.com/gui/file/33254f29a7fb5d29d9701dc6f2e20221da3dc98625222f5c7c13b8383c9b26b9/detection
# Reference: https://www.virustotal.com/gui/file/3cf2b6a02e50d078784aaaf1ea1b3473c855ad239c903fa668783bf0e0e4ebc2/detection
# Reference: https://www.virustotal.com/gui/file/ff8bac77ee98e0a46e1a91305ef7fbfc6bf8006b031dd768c8989694c705f00d/detection
# Reference: https://www.virustotal.com/gui/file/4ee52fbccb9e4349d47f6c17fcb9bd41e2d0091878a8393af12438e4d5668d7a/detection
# Reference: https://www.virustotal.com/gui/file/81e2d8370eddbd47b707289b7819d8fbf5e94d60d884411923fd191c6a895c96/detection

http://77.91.97.22
151.236.21.79:2133
185.46.46.106:2132
185.46.46.124:2133
185.46.46.124:3333
185.46.46.124:3765
185.46.46.125:2133
185.46.46.125:3333
45.159.250.50:2133
77.91.97.22:2133
77.91.97.82:2133
77.91.97.82:3333
91.219.237.59:2133
94.131.2.125:2133
anticoresa9923p.hopto.org
dwdtte4wjfk8ds5.hopto.org
fdute32sdajfsda.hopto.org
pristolmag32dds.hopto.org
webarhiv23dasda.hopto.org

# Reference: https://www.virustotal.com/gui/file/ed1b3c7c8ad5daac7714461c5c7fecfc832e2b78c199a441ddad7f1b63313b90/detection

109.107.182.4:2133
109.107.182.4:3333
89.23.101.113:2133

# Reference: https://www.virustotal.com/gui/file/7a3e1ae0eac51fe3c3e75b2dd1327ccdeed545941b4c5d3e7a0052e4c918cc5a/detection
# Reference: https://www.virustotal.com/gui/file/234a3a2501b615a82d87fa901ac1cb76922e6f7670c1c718259105e863732eac/detection

109.107.182.4:2556
qqqttteserviceooos.hopto.org

# Reference: https://www.virustotal.com/gui/file/0da1c3b1adf5b708f70447cc5454d2fd58b521eef72d92739951edec283eef26/detection

http://185.221.198.114
185.221.198.114:2862
185.221.198.114:2863
185.221.198.114:2864

# Reference: https://app.validin.com/detail?type=raw&find=The+Paradox#tab=host_pairs

http://85.151.30.176

# Reference: https://x.com/ViriBack/status/1849978750634442801
# Reference: https://www.virustotal.com/gui/file/fb78bbd72d7ef40e9bf1002fe8c6d1b4b4fccc69fcbc7d9b8ca5f1d1d6057c3c/detection
# Reference: https://www.virustotal.com/gui/file/aa17cecc9169ca5f98bf7bd985b3a8f8337ca5e9e2459e6e8b805286b60b503e/detection

http://194.58.33.172
194.58.33.172:443
67b8nd9smfu0n8b7ds.hopto.org
8n7tgfdsn87dsfu9n.hopto.org
dtte48ksk8ds5.hopto.org
kigjfkdstte405.hopto.org
udtte45k8ds5.hopto.org
uiojkps98hjbds405.hopto.org
/api/v1/stealer_check.php
/uploads/Plugins/Stealer.dll
