# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: chromelevator stealer, lofygang, nyx stealer

# Reference: https://x.com/smica83/status/2014305260085395798
# Reference: https://tria.ge/260122-ny7gkses3a/behavioral1
# Reference: https://www.virustotal.com/gui/file/91abbc169238db3e8f6f642b65db21d8bab01ca97152f02047305367adab7e8f/detection
# Reference: https://www.virustotal.com/gui/file/307a48cf76ebdf55ce9d4ff054776168c76c1d391d938032c4fe11dffc8d1088/detection
# TITLE-HOST/IP=LODER C2 — Вход

193.221.201.170:8088
45.93.20.195:5000
45.93.20.198:8088
45.93.20.61:5466
62.164.177.35:8088

# Reference: https://x.com/Fact_Finder03/status/2015493136525725699
# Reference: https://x.com/ShadowOpCode/status/2015733079906632091
# Reference: https://www.virustotal.com/gui/file/365f2f4de5ac872ce5a1fe6fbbf382b936c1defc6d767a37f69b5df4188d9522/detection

5.9.228.188:5000

# Reference: https://x.com/skocherhan/status/2020846844788564025
# Reference: https://www.virustotal.com/gui/file/1af59525568e4bec660c30b6c14fc9c0d235d99c0ba2292ed81994c843e1dc5c/detection
# Reference: https://www.virustotal.com/gui/file/34e2d09f96f3bdb8e192d0f8753a6d430599473d5ae625d9fadf3519830b5089/detection

193.143.1.104:5466
jfo.ezln.ne
pin.itho.eu.org
/dikkh0k

# Reference: https://www.virustotal.com/gui/file/76005b67d11c0e89c76655b2ddc16f5bb778ee547f2a4c6fc2e2e1d7e2dde7d9/detection

http://89.105.217.136
/api/modules/download/chromelevator

# Reference: https://x.com/smica83/status/2039094435896570102
# Reference: https://www.virustotal.com/gui/file/bf3af0269374ac1312e4a478480678a8f5988a206e1f150fe54cd07e77fdf5a8/detection

http://2.27.28.167
2.27.28.167:3002
2.27.28.167:6062

# Reference: https://intel.breakglass.tech/post/lofygang-nyx-stealer-npm-supply-chain-still-live
# FAVICON_HASH-HOST=8a5a6158b5d339dd069d65bc94b9d71d
# HOST-CLASS_0_HASH=8dac76deebf5f45cb1b300af719164fe

http://18.231.131.246
amoboobs.com
amocp.com
antigorda.fun
bacanafuzil.net
biele.pages.dev
catalened.dev
catalened.xyz
cheat.rip
clean.rip
cloud.catalened.dev
cuts.skin
euamoamavi.com
explanada2.com
fuckedbykfc.pages.dev
kaike.wtf
kkkkkk-32c.pages.dev
knfuckk.com
luiz.wtf
odeioexplanada.com
uvn.world
vandalism.cc
vandalism.pages.dev
xisde.fun

# Generic

/api/modules/download/chromelevator
/api/chromelevator
/api/lodik
