# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: direwolf

# Reference: https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain

ggfwk7yj5hus3ujdls5bjza4apkpfw5bjqbq4j6rixlogylr5x67dmid.onion.pet
mhocujuh3h6fek7k4efpxo5teyigezqkpixkbvc2mzaaprmusze6icqd.onion.pet
fhccu.com/images/7.jpg
fhccu.com/images/ship3.jpg

# Reference: https://twitter.com/karol_paciorek/status/1722590659532447810

http://107.22.57.188
http://18.233.30.106
http://23.20.237.225
http://3.210.191.185
http://3.225.154.79
http://3.227.200.25
http://34.197.124.207
http://44.205.115.29
http://52.200.215.250
http://52.202.66.46
http://52.44.101.45
http://54.225.109.232
107.22.57.188:443
18.211.111.68:443
18.213.237.79:443
18.233.30.106:443
18.235.126.195:443
23.20.237.225:443
3.210.191.185:443
3.225.154.79:443
3.227.200.25:443
3.228.58.67:443
34.194.229.219:443
34.197.124.207:443
44.205.115.29:443
44.217.89.101:443
52.0.63.134:443
52.200.215.250:443
52.202.66.46:443
52.44.101.45:443
54.225.109.232:443

# Reference: https://threatfox.abuse.ch/browse/tag/SerpentStealer/ (# 2023-12-04)

18.206.73.190:443
18.213.145.76:443
3.213.17.252:443
3.214.25.23:443
3.217.28.109:443
3.220.152.159:443
3.220.158.139:443
3.220.60.95:443
3.230.47.185:443
3.235.216.198:443
3.235.217.21:443
34.194.123.143:443
34.194.79.16:443
34.199.174.236:443
34.201.97.6:443
34.202.112.58:443
34.224.9.208:443
35.169.28.72:443
44.198.148.77:443
52.1.126.210:443
52.200.22.116:443
52.202.179.126:443
52.204.70.129:443
52.206.84.200:443
52.23.33.245:443
52.4.12.90:443
52.5.2.170:443
52.5.62.203:443
54.157.161.18:443
54.167.4.208:443
54.175.203.218:443
54.204.40.27:443
54.210.248.214:443
54.224.145.107:443
54.237.138.159:443
54.242.198.244:443
54.83.75.196:443
54.85.136.8:443
54.86.130.105:443
54.86.17.63:443
54.87.191.236:443
54.88.105.125:443
54.92.206.177:443
direwolf-e387f7d985-new-d419a80638dd.herokuapp.com

# Reference: https://twitter.com/ShanHolo/status/1753344986660131232
# Reference: https://twitter.com/ShanHolo/status/1753344989424222420

134.255.217.76:443
3.208.95.157:443
3.210.242.78:443
3.213.37.39:443
44.196.101.127:443
52.3.173.99:443

# Reference: https://x.com/AlvieriD/status/1925497228522623319

direwolfcdkv5whaz2spehizdg22jsuf5aeje4asmetpbt6ri4jnd4qd.onion
