# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: gurcu stealer

# Reference: https://twitter.com/0xToxin/status/1660533135526834176
# Reference: https://www.virustotal.com/gui/file/c219beaecc91df9265574eea6e9d866c224549b7f41cdda7e85015f4ae99b7c7/detection

140.238.218.94:8080

# Reference: https://twitter.com/Jane_0sint/status/1661783841454039040
# Reference: https://app.any.run/tasks/0b0e6ff6-afa1-4645-811a-f1f8bd54952f/

83.137.50.106:8500

# Reference: https://www.virustotal.com/gui/file/0fa222fb1c108d47b8d3e7c54753774d5f5098b462c5231a64031a574509a6f3/detection

134.202.120.23:9000
144.76.201.253:4080

# Reference: https://russianpanda.com/2023/07/04/WhiteSnake-Stealer-Malware-Analysis/
# Reference: https://threatfox.abuse.ch/browse/malware/win.whitesnake/

http://106.3.136.82
http://154.31.165.232
http://18.171.15.157
http://185.217.98.121
http://206.189.109.146
http://216.250.190.139
http://217.145.238.175
http://45.132.96.113
http://5.181.12.94
http://54.37.196.189
http://66.42.56.128
http://8.130.31.155
http://85.8.181.218
104.168.22.46:8090
106.15.66.6:8080
106.55.134.246:8080
116.196.97.232:8080
116.202.101.219:8080
123.129.217.85:8080
124.223.67.212:5555
139.224.8.231:8080
144.22.39.186:8080
163.172.255.114:9080
164.90.185.9:443
172.104.152.202:8080
172.245.180.159:2233
185.18.206.168:8080
185.217.98.121:8080
192.99.44.107:8080
195.201.135.141:9202
205.185.123.66:8080
212.154.86.44:83
212.87.204.196:8080
212.87.204.197:8080
37.252.188.127:8080
52.86.18.77:8080
78.46.66.9:8080
81.24.11.40:8080

# Reference: https://www.virustotal.com/gui/file/56393c8cbea881f8382d195682787254bb576cc4b370410eb94fd93a00a82ee8/detection

http://18.218.18.183
http://206.189.109.14
104.238.189.120:8080
121.63.250.132:88
129.151.109.160:8080
164.132.115.9:8082
168.138.211.88:8099
178.236.246.50:8080
178.236.246.50:80800
216.39.242.18:8080
23.224.102.6:8001
47.110.140.182:8080
47.96.78.224:8080
5.78.68.6:8009
74.208.179.68:7777
74.48.4.144:8080
81.187.79.8:9999
/0nrfP_george@965543_report.wsr

# Reference: https://twitter.com/Jane_0sint/status/1752312378010583304
# Reference: https://app.any.run/tasks/24f49eb3-1c94-4a74-a9e1-7d6dbbc92627/

45.61.137.41:8080

# Reference: https://www.fortinet.com/blog/threat-research/info-stealing-packages-hidden-in-pypi

http://103.226.125.218
http://162.33.178.113
http://18.228.80.130
http://3.142.76.113
http://65.20.76.112
http://94.156.6.209
103.244.151.46:8080
104.184.140.41:9000
107.161.20.142:8080
116.203.194.247:8080
129.159.134.19:8080
13.112.250.213:443
135.181.98.45:8888
139.99.123.53:9191
141.94.175.31:8098
185.216.26.127:8080
185.217.98.121:443
189.115.63.77:8080
192.99.196.191:443
24.199.110.250:8080
35.166.49.216:8080
44.228.161.50:443
45.155.171.134:8080
52.196.241.27:443
54.92.18.154:443
65.108.226.108:8080
95.140.147.126:8080

# Reference: https://twitter.com/alex_lanstein/status/1753509077714436338
# Reference: https://www.virustotal.com/gui/file/1f60387041e8366fe4087f239a8a08a82dc08595278c3abb3ca48591ce023145/detection
# Reference: https://www.virustotal.com/gui/file/e98a84b4e5cb961825fcf616c0d3b803d7690dd5e7ec996fb97e2cc5e067e930/detection
# Reference: https://www.virustotal.com/gui/file/8cf4c1d32638ebc9de86c7273972e97660db4b9818480208021c33bb3c64ebe2/detection
# Reference: https://www.virustotal.com/gui/file/361b4159d1503be4a9eccbd28933f569b76bec54d2330afad8cb97cdd0eee091/detection
# Reference: https://www.virustotal.com/gui/file/29ad7bee193ee36005d9f7989845cf3703ba977200a6ea0233987d7d5042e32c/detection
# Reference: https://www.virustotal.com/gui/file/1f60387041e8366fe4087f239a8a08a82dc08595278c3abb3ca48591ce023145/detection

http://104.248.208.221
http://149.88.44.159
http://154.26.128.6
http://193.142.58.127
http://45.61.136.13
http://45.61.136.52
109.123.247.164:8080
144.126.132.141:8080
185.119.118.59:8080
212.6.44.53:8080
23.248.176.37:180
traffik-filtrados.info
vosn.at

# Reference: https://twitter.com/naumovax/status/1759940846898553077
# Reference: https://twitter.com/James_inthe_box/status/1759955511527821724

103.140.238.181:1563
146.196.81.158:6666
27.124.4.243:6666
43.135.39.104:6666
45.195.204.76:6666
8.217.186.163:30091
8.217.186.163:8811

# Reference: https://x.com/0xmh1/status/1860854313263980768

http://101.126.19.171
http://147.28.185.29
http://38.60.191.38
101.43.160.136:8080
132.145.17.167:9090
138.2.92.67:443
154.9.207.142:443
159.203.174.113:8090
167.235.70.96:8080
194.164.198.113:8080
20.78.55.47:8080
206.166.251.4:8080
209.38.221.184:8080
38.207.174.88:8080
41.87.207.180:9090
46.235.26.83:8080
5.196.181.135:443
51.159.4.50:8080
65.49.205.24:8080
67.230.176.97:8080
8.216.92.21:8080
8.219.110.16:9999
8.222.143.111:8080
