# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: chromelevator stealer

# Reference: https://x.com/smica83/status/2014305260085395798
# Reference: https://tria.ge/260122-ny7gkses3a/behavioral1
# Reference: https://www.virustotal.com/gui/file/91abbc169238db3e8f6f642b65db21d8bab01ca97152f02047305367adab7e8f/detection
# Reference: https://www.virustotal.com/gui/file/307a48cf76ebdf55ce9d4ff054776168c76c1d391d938032c4fe11dffc8d1088/detection
# TITLE-HOST/IP=LODER C2 — Вход

193.221.201.170:8088
45.93.20.195:5000
45.93.20.198:8088
45.93.20.61:5466
62.164.177.35:8088

# Reference: https://x.com/Fact_Finder03/status/2015493136525725699
# Reference: https://x.com/ShadowOpCode/status/2015733079906632091
# Reference: https://www.virustotal.com/gui/file/365f2f4de5ac872ce5a1fe6fbbf382b936c1defc6d767a37f69b5df4188d9522/detection

5.9.228.188:5000

# Generic

/api/chromelevator
/api/lodik
