# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: http://cybercrime-tracker.net/index.php?search=Stealer (as seen on 2018-09-01)

alessa-kw.com
alrayyanplastics.com
ambliglobal.nut.cc
annapoliscrabtownphotos.com
bclm-es.info
binousgroup.nut.cc
bitgetglobal.club
briiskgroup.com
cliten.microdoctor.com.br
cyberfreakz.cf
deffanogroup.co.id
emiretas.com
gazeboindonesia.com
gg.net.co
goldenalhaji.com
gpt.sa.com
gruopcor.com
gtneifnsyrf.tk
handsomelaw.id
hectords.us
ieejotex.com
imsa.com.au
iykepc.com
jasonetworks.com
kantanka.com
kiiey.ga
kindomstar.com
kwe-za.com
l2cc9521.justinstalledpanel.com
lacasonadelcartero.cl
lwis.cf
mahgoubsons.ml
owenscorming.com
owerri.usa.cc
richweva.com
ronjustthetrebho.net
sellychukwu.ru
sentrinonline.com
sepprod.com
spearsrnfq.net
stealerpanel.usa.cc
toddstretinc.com
trafficxx.com
u19982p14980.web0119.zxcs.nl
u19982p14983.web0119.zxcs.nl
untorsnot.in
wahuiilopi.club
webapp-mpp2.com
work.chukzenter.tk

# Reference: https://twitter.com/petrovic082/status/1145373440230273024
# Reference: https://pastebin.com/SCsbLU1n

theridgeatdanbury.com/wp-admin/network/server/login.php

# Reference: https://twitter.com/serhack_/status/1147795722215022592

electrumportal.com

# Reference: https://bitcointalk.org/index.php?topic=5133490.0 (Russian)

btc-electrum.com
btcelectrum.org
downloadelectrum.com
downloadelectrum.org
eiectrum.net
electrum.bz
electrumapp.org
electrumapps.com
electrumbase.com
electrumbase.net
electrumbase.org
electrumbitcoin.org
electrumbtc.org
electrumbuild.com
electrumcircle.com
electrumclient.org
electrumcore.com
electrumcore.net
electrumdownload.com
electrumdownload.org
electrume.com
electrume.org
electrumfix.com
electrumget.com
electrumget.com 
electrumhub.com
electrumnet.com
electrumofficial.com
electrumopen.org
electrumpgrade.com
electrumsafe.org
electrumsite.com
electrumsource.org
electrumstart.org
electrumtxn.com
electrumupdate.com
electrumupgrade.com
electrumupgrade.org
electrumware.com
electrumware.org
electrumweb.net
getelectrum.com
getelectrum.live
getelectrum.org
goelectrum.com
myelectrum.org
electro1wallet.info
electrodwallet.info
digi-wallet.info
jotubhsbn.website
zpvuvcf.xyz

# Reference: https://twitter.com/0xFrost/status/1188458586453745664
# Reference: https://pastebin.com/JDecBDpM

btc-electrum.net
btcelectrum.com
electrum-btc.net
electrum.ink
electrum.media
electrum.tools
electrum.zone
electrumapp.info
electrumapps.info
electrumball.com
electrumbase.online
electrumbase.sh
electrumbin.com
electrumbit.net
electrumbitcoin.club
electrumbitcoin.co
electrumbitcoin.info
electrumblocks.com
electrumboard.com
electrumbtc.info
electrumbtc.live
electrumbtc.me
electrumcoin.com
electrumeasy.net
electrumfiles.com
electrumflow.com
electruminstall.info
electruminstall.org
electrumpack.com
electrumpack.net
electrumpack.org
electrumpass.com
electrumpatch.com
electrumpath.com
electrumpath.org
electrumpin.com
electrumportal.net
electrumportal.org
electrumsecure.com
electrumserver.info
electrumset.com
electrumsite.org
electrumstar.com
electrumtech.me

# Reference: https://twitter.com/Racco42/status/1148877632412487682
# Reference: https://app.any.run/tasks/698e5d3b-7080-4e00-a827-aabb132a8821/

/PostaSatanas.php

# Reference: https://twitter.com/ItsReallyNick/status/1150058573671665665
# Reference: https://www.virustotal.com/gui/file/5fb6d259f04a202d9d73110b568370a0eabbc24ce08d8416a85c2e718b7b8721/detection

52.90.226.47:443

# Reference: https://twitter.com/James_inthe_box/status/1159202555961851904

sd346.zzz.com.ua

# Reference: https://blog.malwarebytes.com/threat-analysis/2018/04/fakeupdates-campaign-leverages-multiple-website-platforms/ (# C2 section)

my.gobiox.com
login3.kimbrelelectric.com

# Reference: https://twitter.com/sniko_/status/1165293103655333888

wwwelectrum.org

# Reference: https://twitter.com/P3pperP0tts/status/1166493391263358976

rtsdyfucgj.temp.swtest.ru

# Reference: https://twitter.com/PRODAFT/status/1154016659868409856

undergrounddynamics.site

# Reference: https://twitter.com/VK_Intel/status/1171782155581689858

66.42.76.46:21

# Reference: https://twitter.com/sS55752750/status/1173668868784644105

s2.abcvg.ovh

# Reference: https://twitter.com/JAMESWT_MHT/status/1177109960309858304
# Reference: https://app.any.run/tasks/947e97aa-fb67-4856-bcc7-297b4d14c9cd/

http://112.175.138.213

# Reference: https://twitter.com/JAMESWT_MHT/status/1182597039105941504

nfe-fazenda.myftp.org

# Reference: https://twitter.com/James_inthe_box/status/1184519173268897792

9f249.f249724.96.lt

# Reference: https://twitter.com/iocsvault/status/1176144857284395009

jaster24h.biz
tviewer.ga

# Reference: https://twitter.com/James_inthe_box/status/1187689326353600512

luckykey.tk

# Reference: https://twitter.com/angel11VR/status/1189135390655078402

212.47.208.135:21

# Reference: https://twitter.com/unmaskparasites/status/1190016192511131655
# Reference: https://www.virustotal.com/gui/domain/saleforyou.org/details

1.saleforyou.org/tong/pa/newpw/pass.php
bingstyle.com/tong/pa/pass.php

# Reference: https://twitter.com/cyber__sloth/status/1182395650752892928
# Reference: https://www.virustotal.com/gui/file/7e3a8eda2a3c53b4e169db8b11d344c0308ede32884b18b2f225baf8bcb30aa5/detection

195.50.7.214:43231
