# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: armbot, baldr

# Reference: https://twitter.com/fletchsec/status/1108144401530978304

86818.prohoster.biz/gate.php

# Reference: https://twitter.com/PRODAFT/status/1105581121595719681

ekavoha.info
lb9ac9ce.justinstalledpanel.com
rolfrob.top

# Reference: https://twitter.com/MisterCh0c/status/1112259834940964864

f0281648.xsph.ru

# Reference: https://twitter.com/MisterCh0c/status/1112346184209838080

gepparlan.myjino.ru

# Reference: https://twitter.com/James_inthe_box/status/1115264261154988032

mirror-ex.pro

# Reference: https://otx.alienvault.com/pulse/5cacb6c0bd266902183e424b
# Reference: https://twitter.com/albertzsigovits/status/1181907560775012354 (# stepa.asyx.ru is also in use for Eredel Stealer)

741963.icu
87388.prohoster.biz/gate.php
88523.prohoster.biz/gate.php
89173.prohoster.biz/gate.php
89338.prohoster.biz/gate.php
89600.prohoster.biz/gate.php
89613.prohoster.biz/gate.php
badseek.com
cloud-backup.club
darkfar.space
dhus.info
fileupdatecent.cf
ganginthisbitch.info
gepparlan.myjino.ru
ghost888.hk
grant1.ian.fvds.ru
islan.zzz.com.ua
ivan1v4nivanov.myjino.ru
j941521.myjino.ru
jesusonline.xyz
justnorm.club
keppr44.myjino.ru
lovecplovec.myjino.ru
noxe.org
oceannala.zzz.com.ua
peredozik999.ru
qqepta.ru
rolfrob69.myjino.ru
rolfrob.top
scroogeslogs.su
sladkiikonditer.ru
stepa.asyx.ru
tosterriotto.kl.com.ua
tri-topora.myjino.ru
yamail.online
zimat7tq.beget.tech
zxvcoupirq.kl.com.ua

# Reference: https://twitter.com/_Bear_Crawl_/status/1120760032910557184

89786.prohoster.biz/gate.php

# Reference: https://twitter.com/x42x5a/status/1121094286613852162

gangbulk.icu

# Reference: https://twitter.com/x42x5a/status/1123250026883497985

http://66.154.103.144/auth.php
http://66.154.103.144/gate.php

# Reference: https://twitter.com/x42x5a/status/1123914216665174016

b3pro.top

# Reference: https://twitter.com/ViriBack/status/1127418226915323909

yoursme.info

# Reference: https://twitter.com/nao_sec/status/1127586787566571521

makemoneywithus.club

# Reference: https://twitter.com/JAMESWT_MHT/status/1128974517144031232

kolibri.icu

# Reference: https://twitter.com/P3pperP0tts/status/1133716120043687936
# Reference: https://app.any.run/tasks/25a119f3-5dc2-4b9e-a426-92b9c17e0a15/

http://185.250.204.118/auth.php
http://185.250.204.118/gate.php

# Reference: https://twitter.com/benkow_/status/1148658101463203841

92432.prohoster.biz/gate.php

# Reference: https://twitter.com/sS55752750/status/1157269618915983362

http://95.25.159.161

# Reference: https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/baldr-vs-the-world.pdf
# Reference: https://otx.alienvault.com/pulse/5d4c4bdeb8a3aa5f33522e41

http://103.113.157.246/auth.php
http://109.235.69.205/fhuq3/auth.php
http://145.249.106.194/auth.php
http://157.230.126.238/auth.php
http://158.255.5.205/auth.php
http://161.129.65.16/auth.php
http://18.207.217.146/auth.php
http://18.221.49.166/auth.php
http://185.136.169.112/auth.php
http://185.136.171.42/auth.php
http://185.139.70.14/auth.php
http://185.209.22.97/auth.php
http://185.212.128.56/auth.php
http://185.212.128.77/auth.php
http://185.212.128.84/auth.php
http://185.212.129.10/auth.php
http://185.212.129.138/auth.php
http://185.212.129.235/auth.php
http://185.212.129.53/auth.php
http://185.212.129.59/auth.php
http://185.212.130.13/auth.php
http://185.212.130.22/auth.php
http://185.212.130.74/auth.php
http://185.212.130.76/auth.php
http://185.212.130.80/auth.php
http://185.212.131.134/auth.php
http://185.212.131.217/auth.php
http://185.212.131.59/auth.php
http://185.212.131.95/auth.php
http://185.225.69.101/convertpdf/auth.php
http://185.230.142.72/auth.php
http://185.232.52.38/auth.php
http://185.232.52.39/auth.php
http://185.232.52.40/auth.php
http://185.232.52.41/auth.php
http://185.232.52.42/auth.php
http://185.236.77.38/auth.php
http://185.238.0.219/auth.php
http://185.238.0.220/auth.php
http://185.238.0.80/auth.php
http://185.238.1.171/auth.php
http://185.238.1.8/auth.php
http://185.241.53.171/auth.php
http://185.250.204.118/auth.php
http://185.254.121.9/auth.php
http://185.48.56.212/auth.php
http://188.120.245.150/auth.php
http://188.166.12.64/auth.php
http://190.97.167.220/auth.php
http://192.34.109.17/auth.php
http://193.37.213.122/auth.php
http://194.40.242.26/auth.php
http://195.123.233.29/fvjbfbfjbfhsc/auth.php
http://195.144.21.193/auth.php
http://198.71.80.217/auth.php
http://199.204.251.111/auth.php
http://217.8.117.24/ba/auth.php
http://23.19.58.101/auth.php
http://23.254.217.112/auth.php
http://23.254.225.240/auth.php
http://23.95.95.61/auth.php
http://45.64.186.10/auth.php
http://45.77.252.143/auth.php
http://46.249.62.196/auth.php
http://46.30.42.130/auth.php
http://5.188.231.210/auth.php
http://5.188.231.96/auth.php
http://5.188.60.101/auth.php
http://5.188.60.115/auth.php
http://5.188.60.18/auth.php
http://5.188.60.206/auth.php
http://5.188.60.24/auth.php
http://5.188.60.30/auth.php
http://5.188.60.54/auth.php
http://5.188.60.68/auth.php
http://5.188.60.7/auth.php
http://5.188.60.74/auth.php
http://5.45.73.87/auth.php
http://5.8.88.198/auth.php
http://51.254.167.180/auth.php
http://51.83.44.234/auth.php
http://54.39.25.176/auth.php
http://64.188.12.112/auth.php
http://64.188.19.142/auth.php
http://64.188.19.147/auth.php
http://64.188.24.40/auth.php
http://64.44.141.167/auth.php
http://66.154.103.144/auth.php
http://66.154.113.41/auth.php
http://77.83.174.46/auth.php
http://80.82.67.167/auth.php
http://81.22.45.27/auth.php
http://83.220.174.2/auth.php
http://86818.prohoster.biz/auth.php
http://87388.prohoster.biz/auth.php
http://87393.prohoster.biz/auth.php
http://88517.prohoster.biz/auth.php
http://88523.prohoster.biz/auth.php
http://88698.prohoster.biz/auth.php
http://88834.prohoster.biz/auth.php
http://89.105.205.103/auth.php
http://89064.prohoster.biz/auth.php
http://89173.prohoster.biz/auth.php
http://89219.prohoster.biz/auth.php
http://89338.prohoster.biz/auth.php
http://89506.prohoster.biz/auth.php
http://89521.prohoster.biz/auth.php
http://89600.prohoster.biz/auth.php
http://89613.prohoster.biz/auth.php
http://89736.prohoster.biz/auth.php
http://89775.prohoster.biz/auth.php
http://89786.prohoster.biz/auth.php
http://89789.prohoster.biz/auth.php
http://89815.prohoster.biz/auth.php
http://90551.prohoster.biz/baldr/auth.php
http://90654.prohoster.biz/auth.php
http://91.228.154.190/737c7e24b8e7f9adc7641f24c704aa01/auth.php
http://91.243.82.87/auth.php
http://91.243.83.129/auth.php
http://91.243.83.31/auth.php
http://91005.prohoster.biz/auth.php
http://91331.prohoster.biz/auth.php
http://91897.prohoster.biz/auth.php
http://91999.prohoster.biz/auth.php
http://92.63.192.118/auth.php
http://92.63.192.120/auth.php
http://92.63.197.157/auth.php
http://92.63.197.173/auth.php
http://92.63.197.174/auth.php
http://92.63.197.176/auth.php
http://92.63.197.178/auth.php
http://92.63.197.182/auth.php
http://92.63.197.190/auth.php
http://92.63.197.193/auth.php
http://92.63.197.197/auth.php
http://92072.prohoster.biz/auth.php
http://92178.prohoster.biz/auth.php
http://92427.prohoster.biz/auth.php
http://92432.prohoster.biz/auth.php
http://93.190.138.143/810923bbd44e29ceb736da8cffeb2ec8/auth.php
http://93588.prohoster.biz/auth.php
http://95.81.0.22/auth.php
http://95.81.0.26/30/auth.php
http://95.81.0.52/whitenight/auth.php
http://95.81.0.61/auth.php
http://95.81.0.62/auth.php
http://95.81.0.63/auth.php
http://95.81.0.67/auth.php
http://95.81.0.73/auth.php
http://95.81.0.76/auth.php
http://95.81.0.83/auth.php
http://95.81.1.50/bp/auth.php
http://103.113.157.246/gate.php
http://109.235.69.205/fhuq3/gate.php
http://145.249.106.194/gate.php
http://157.230.126.238/gate.php
http://158.255.5.205/gate.php
http://161.129.65.16/gate.php
http://18.207.217.146/gate.php
http://18.221.49.166/gate.php
http://185.136.169.112/gate.php
http://185.136.171.42/gate.php
http://185.139.70.14/gate.php
http://185.209.22.97/gate.php
http://185.212.128.56/gate.php
http://185.212.128.77/gate.php
http://185.212.128.84/gate.php
http://185.212.129.10/gate.php
http://185.212.129.138/gate.php
http://185.212.129.235/gate.php
http://185.212.129.53/gate.php
http://185.212.129.59/gate.php
http://185.212.130.13/gate.php
http://185.212.130.22/gate.php
http://185.212.130.74/gate.php
http://185.212.130.76/gate.php
http://185.212.130.80/gate.php
http://185.212.131.134/gate.php
http://185.212.131.217/gate.php
http://185.212.131.59/gate.php
http://185.212.131.95/gate.php
http://185.225.69.101/convertpdf/gate.php
http://185.230.142.72/gate.php
http://185.232.52.38/gate.php
http://185.232.52.39/gate.php
http://185.232.52.40/gate.php
http://185.232.52.41/gate.php
http://185.232.52.42/gate.php
http://185.236.77.38/gate.php
http://185.238.0.219/gate.php
http://185.238.0.220/gate.php
http://185.238.0.80/gate.php
http://185.238.1.171/gate.php
http://185.238.1.8/gate.php
http://185.241.53.171/gate.php
http://185.250.204.118/gate.php
http://185.254.121.9/gate.php
http://185.48.56.212/gate.php
http://188.120.245.150/gate.php
http://188.166.12.64/gate.php
http://190.97.167.220/gate.php
http://192.34.109.17/gate.php
http://193.37.213.122/gate.php
http://194.40.242.26/gate.php
http://195.123.233.29/fvjbfbfjbfhsc/gate.php
http://195.144.21.193/gate.php
http://198.71.80.217/gate.php
http://199.204.251.111/gate.php
http://217.8.117.24/ba/gate.php
http://23.19.58.101/gate.php
http://23.254.217.112/gate.php
http://23.254.225.240/gate.php
http://23.95.95.61/gate.php
http://45.64.186.10/gate.php
http://45.77.252.143/gate.php
http://46.249.62.196/gate.php
http://46.30.42.130/gate.php
http://5.188.231.210/gate.php
http://5.188.231.96/gate.php
http://5.188.60.101/gate.php
http://5.188.60.115/gate.php
http://5.188.60.18/gate.php
http://5.188.60.206/gate.php
http://5.188.60.24/gate.php
http://5.188.60.30/gate.php
http://5.188.60.54/gate.php
http://5.188.60.68/gate.php
http://5.188.60.7/gate.php
http://5.188.60.74/gate.php
http://5.45.73.87/gate.php
http://5.8.88.198/gate.php
http://51.254.167.180/gate.php
http://51.83.44.234/gate.php
http://54.39.25.176/gate.php
http://64.188.12.112/gate.php
http://64.188.19.142/gate.php
http://64.188.19.147/gate.php
http://64.188.24.40/gate.php
http://64.44.141.167/gate.php
http://66.154.103.144/gate.php
http://66.154.113.41/gate.php
http://77.83.174.46/gate.php
http://80.82.67.167/gate.php
http://81.22.45.27/gate.php
http://83.220.174.2/gate.php
http://86818.prohoster.biz/gate.php
http://87388.prohoster.biz/gate.php
http://87393.prohoster.biz/gate.php
http://88517.prohoster.biz/gate.php
http://88523.prohoster.biz/gate.php
http://88698.prohoster.biz/gate.php
http://88834.prohoster.biz/gate.php
http://89.105.205.103/gate.php
http://89064.prohoster.biz/gate.php
http://89173.prohoster.biz/gate.php
http://89219.prohoster.biz/gate.php
http://89338.prohoster.biz/gate.php
http://89506.prohoster.biz/gate.php
http://89521.prohoster.biz/gate.php
http://89600.prohoster.biz/gate.php
http://89613.prohoster.biz/gate.php
http://89736.prohoster.biz/gate.php
http://89775.prohoster.biz/gate.php
http://89786.prohoster.biz/gate.php
http://89789.prohoster.biz/gate.php
http://89815.prohoster.biz/gate.php
http://90551.prohoster.biz/baldr/gate.php
http://90654.prohoster.biz/gate.php
http://91.228.154.190/737c7e24b8e7f9adc7641f24c704aa01/gate.php
http://91.243.82.87/gate.php
http://91.243.83.129/gate.php
http://91.243.83.31/gate.php
http://91005.prohoster.biz/gate.php
http://91331.prohoster.biz/gate.php
http://91897.prohoster.biz/gate.php
http://91999.prohoster.biz/gate.php
http://92.63.192.118/gate.php
http://92.63.192.120/gate.php
http://92.63.197.157/gate.php
http://92.63.197.173/gate.php
http://92.63.197.174/gate.php
http://92.63.197.176/gate.php
http://92.63.197.178/gate.php
http://92.63.197.182/gate.php
http://92.63.197.190/gate.php
http://92.63.197.193/gate.php
http://92.63.197.197/gate.php
http://92072.prohoster.biz/gate.php
http://92178.prohoster.biz/gate.php
http://92427.prohoster.biz/gate.php
http://92432.prohoster.biz/gate.php
http://93.190.138.143/810923bbd44e29ceb736da8cffeb2ec8/gate.php
http://93588.prohoster.biz/gate.php
http://95.81.0.22/gate.php
http://95.81.0.26/30/gate.php
http://95.81.0.52/whitenight/gate.php
http://95.81.0.61/gate.php
http://95.81.0.62/gate.php
http://95.81.0.63/gate.php
http://95.81.0.67/gate.php
http://95.81.0.73/gate.php
http://95.81.0.76/gate.php
http://95.81.0.83/gate.php
http://95.81.1.50/bp/gate.php
a1i9o9n1.had.su
acousticallysound.com.au
amadeus172.com
amerexp.ru
arusa.name
ascoglobe.com
b3pro.top
badseek.com
baldorini.top
bestdi.net
blacktraders.info
bonusprosto.ru
book029.net
businessforum3.com
cbdfx.website
chandlerq.xyz
chockslim.site
cloaka.top
closepup.com
cloud-backup.club
creationwatchessales.com
criptocheck.ru
darbl.icu
deimosfobos.myjino.ru
dfz12.life
dg4j52fds.com.hk
dhus.info
dimg.info
doomkat.tk
ekavoha.info
elifanhiro.top
enotflowers.com
eruafwa.site
ethereums.network
evgentii228.myjino.ru
f0281648.xsph.ru
fakinril1991.had.su
fnsss77.ru
forfor.site
four-by-four.club
francoeuralvin.myjino.ru
gangbulk.icu
gaswatstroy.online
gepparlan.myjino.ru
ghost888.hk
gkjsggd.org
goproeverlest.top
hasanoff.su
hd-1080.win
hiphopforum.top
impulsiv.top
jbsamahi.com
jesusonline.xyz
karabasbarabas.info
kg94jd73hs62.cn
killwin44.myjino.ru
kolibri.icu
kvm1.j963289.n5zdn.vps.myjino.ru
kvm2.wildberries0909.n5zdn.vps.myjino.ru
l0l8jh6f5.cn
l4eb23f8.justinstalledpanel.com
l5a61b2e.justinstalledpanel.com
l781ebf3.justinstalledpanel.com
l88a06cf.justinstalledpanel.com
lafansk.top
lb3bd064.justinstalledpanel.com
lb49ada8.justinstalledpanel.com
lb9ac9ce.justinstalledpanel.com
likelogs.net
madonnahomesolutionss.com
manderot.ru
megasvag.top
mightysam.ptr1.ru
mirror-ex.pro
moneyknb.online
msinord.info
msldr.live
myfixpro.top
nomoneynohoney.co
nowab.info
ocidokki.com
panel3195.prohoster.biz
pineapple.ac.ug
powellpablooo.myjino.ru
qqepta.ru
reliable-service-line.xyz
research4you.su
reticulum.ga
revolverc.site
rinnegan17.com
rolfrob.top
rolfrob69.myjino.ru
savedcar.myjino.ru
scroogeslogs.su
sentervit.tk
serviceaoc.top
sibepoc.com
soloday.su
spoke.ga
ssss888.ml
stat.entreinaweb.com
striblingm.pw
suportya.ru
suunderr.com
tehnopolis.at
texhokot.online
travelman.su
trysme.info
union-ayurveda.top
updateoffice360.top
vbga.pw
velikhueli.live
vm558132.had.su
vm596245.had.su
waltprime.su
warstrom0707.ptr1.ru
website-link.gq
weekday.su
whoiam.space
xzshadows14.icu
yamail.online
yoursme.info
zeronde.in
zhitinanin.temp.swtest.ru
zikkurat.tk
zmxrm.net

# Reference: https://twitter.com/ViriBack/status/1114319312838385664
# Reference: https://pastebin.com/bE6zUM90

http://157.230.126.238/auth.php
http://185.139.70.14/auth.php
http://185.212.129.138/auth.php
http://185.212.129.235/auth.php
http://185.212.130.74/auth.php
http://185.212.131.59/auth.php
http://185.232.52.38/auth.php
http://185.232.52.39/auth.php
http://185.232.52.40/auth.php
http://185.232.52.41/auth.php
http://185.232.52.42/auth.php
http://185.48.56.212/auth.php
http://188.120.245.150/auth.php
http://188.166.12.64/auth.php
http://198.71.80.217/auth.php
http://199.204.251.111/auth.php
http://51.254.167.180/auth.php
http://5.188.60.115/auth.php
http://5.188.60.24/auth.php
http://5.188.60.30/auth.php
http://5.188.60.7/auth.php
http://77.83.174.46/auth.php
http://89.105.205.103/auth.php
http://91.243.83.31/auth.php
http://92.63.197.173/auth.php
http://95.81.0.22/auth.php

# Reference: https://twitter.com/MsftSecIntel/status/1099061949625597952
# Reference: https://blog.malwarebytes.com/threat-analysis/2019/04/say-hello-baldr-new-stealer-market/
# Reference: https://www.virustotal.com/gui/file/6a7389f48182942d9d0121ac62dbf0a0bd38b37ce0c1d915e5355b85cd83272b/detection
# Reference: https://www.virustotal.com/gui/file/bcd2758cb200245798ccb3ae8f07c508cccf56df6a1d1b3256d8e1903afe359d/detection

http://37.230.116.182
/api/gate.php?hwid=
/gate.php?hwid=&passwords=&cookies=&forms=&cards=&desktop=&wallets=&telegram=&steam=&filezilla=

# Reference: https://www.virustotal.com/gui/file/148c9a3fc02110a684dedd1af853b508bdab5eed766f9fadd15e910ae46b2b1f/detection

http://95.81.0.78