# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: kcsteal, macstealer, meethub

# Reference: https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware
# Reference: https://www.trendmicro.com/en_us/research/23/c/mac-malware-macstealer-spreads-as-fake-p2-e-apps.html
# Reference: https://otx.alienvault.com/pulse/642d665d79f55649ca7d2513
# Reference: https://www.virustotal.com/gui/file/9b17aee4c8a5c6e069fbb123578410c0a7f44b438a4c988be2b65ab4296cff5e/detection
# Reference: https://www.virustotal.com/gui/file/df71b5c99052b63de167f9c22b3cf6ded513ed6d1e1c74eff7af8cf9e4692714/detection

tures.io
worldofcreatures.io
play-impulseflow.com
mac.cracked23.site

# Reference: https://twitter.com/malwrhunterteam/status/1660999807295451136
# Reference: https://www.virustotal.com/gui/file/3725b015c4d5e5632e2ab87327f5f20733fc5d821ce500725b6d6c84694de670/detection
# Reference: https://www.virustotal.com/gui/file/8c0f6b9bb8831ee1bb60d97663d2c1c09a715d87173c08990965a418b8930fcd/detection
# Reference: https://www.virustotal.com/gui/file/471b59c7daf24dbbb49326d13f786b6ef62f907edddd0bdd74e139b472893dfd/detection
# Reference: https://www.virustotal.com/gui/file/533a9aa2c0002c5cf44e4321e8e589f9fc9e10b117970f0d05e466fba3480f24/detection

181.215.135.231:3000
54.64.89.13:3000
osx-mac.com
api.osx-mac.com
builder.osx-mac.com
db.osx-mac.com
host.osx-mac.com

# Reference: https://twitter.com/malwrhunterteam/status/1668916870425063424
# Reference: https://www.virustotal.com/gui/file/ef0dd9ee92148dfc1d731d42812688f28dd276c2307ac8674a216a2371d156cd/detection

45.93.137.224:3000

# Reference: https://x.com/suyog41/status/1811644020302508435
# Reference: https://www.virustotal.com/gui/file/0556babf167d9ef0b942dfa4fddde263c09424b3df3b1d3aea5e8919ed9263cb/detection

139.162.190.156:8080

# Reference: https://x.com/suyog41/status/1822859800566550644
# Reference: https://www.virustotal.com/gui/file/f2ea96bfb2c6c0fecfbba86e95ba81b4a72ccdb64746e4f4dc3cc9cf4bf04dfc/detection

139.162.179.170:8080

# Reference: https://x.com/suyog41/status/1859537844026437658
# Reference: https://www.virustotal.com/gui/file/11eb45451edc861b68e59b18eb661449eb5eed4bdbfd2804827a493513300ceb/detection
# Reference: https://www.virustotal.com/gui/file/32dd6de4ea762494942b874e500e080697e03e627916084a04cb016bc5f47b97/detection
# Reference: https://www.virustotal.com/gui/file/696dd588e9bea478a84a1f8668ceaeba009e22104035c3ad35219608fd234730/detection

134.209.242.56:8080

# Reference: https://x.com/suyog41/status/1901916270297313586
# Reference: https://x.com/malwrhunterteam/status/1902458746187432363
# Reference: https://app.validin.com/detail?find=%3A%3A%22og%3Atitle%22%3A%3A%22Juseo%3A%20Empowering%20Your%20Productivity%22&type=raw&ref_id=6164d966aae#tab=host_pairs (# 2025-05-03)
# Reference: https://app.validin.com/detail?find=f5ac3f0c5c49da87c78de4c2771baddf&type=hash&ref_id=465d9dcbea7#tab=host_pairs (# 2025-05-03)
# Reference: https://www.virustotal.com/gui/file/672663d652f1f75a5a0bd1cdf87ce066e20c4451b604cef0a3e501a4e33d3824/detection
# Reference: https://www.virustotal.com/gui/file/b77473ca9f98f3e0f064debde3db3267359248366d9a4f11a948b6bf2b25badb/detection

192.241.148.144:8080
juseo.org
juseo.so
meeton.one
juseohq.medium.com

# Reference: https://x.com/malwrhunterteam/status/1909520239466889326
# Reference: https://www.virustotal.com/gui/file/3b0ecae70302c3d18f96d2024cead2afdd7d77ca6d7e55d6a6f29b971e7ba857/detection

164.92.176.29:8080
