# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: chromelevator stealer

# Reference: https://x.com/smica83/status/2014305260085395798
# Reference: https://tria.ge/260122-ny7gkses3a/behavioral1
# Reference: https://www.virustotal.com/gui/file/91abbc169238db3e8f6f642b65db21d8bab01ca97152f02047305367adab7e8f/detection
# Reference: https://www.virustotal.com/gui/file/307a48cf76ebdf55ce9d4ff054776168c76c1d391d938032c4fe11dffc8d1088/detection
# TITLE-HOST/IP=LODER C2 — Вход

193.221.201.170:8088
45.93.20.195:5000
45.93.20.198:8088
45.93.20.61:5466
62.164.177.35:8088

# Reference: https://x.com/Fact_Finder03/status/2015493136525725699
# Reference: https://x.com/ShadowOpCode/status/2015733079906632091
# Reference: https://www.virustotal.com/gui/file/365f2f4de5ac872ce5a1fe6fbbf382b936c1defc6d767a37f69b5df4188d9522/detection

5.9.228.188:5000

# Reference: https://x.com/skocherhan/status/2020846844788564025
# Reference: https://www.virustotal.com/gui/file/1af59525568e4bec660c30b6c14fc9c0d235d99c0ba2292ed81994c843e1dc5c/detection
# Reference: https://www.virustotal.com/gui/file/34e2d09f96f3bdb8e192d0f8753a6d430599473d5ae625d9fadf3519830b5089/detection

193.143.1.104:5466
jfo.ezln.ne
pin.itho.eu.org
/dikkh0k

# Generic

/api/chromelevator
/api/lodik
