# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: Echelon, DarkStealer # Reference: https://twitter.com/ViriBack/status/1260367262399246336 # Reference: https://www.virustotal.com/gui/file/7c9f7e4307f0bd7f269476cc181792aa4d75c5ce84dc22fc0feb73def814c8f1/detection # Reference: https://app.any.run/tasks/9dcf3d5b-8e9d-46a6-a6c1-32b47a075d10/ # Reference: https://app.any.run/tasks/337c1087-f994-4912-ab11-2a827e689e4d/ # nagano-19599.herokussl.com # Note: CNAME of legitimate api.ipify.org # Reference: https://twitter.com/3xp0rtblog/status/1295291062374866944 (# DarkStealer, fork of Echelon) # Reference: https://app.any.run/tasks/5da0536a-5665-4989-9b82-3bede782d8a6/ ifreegive.ga # Reference: https://twitter.com/James_inthe_box/status/1313832984303157250 # Reference: https://app.any.run/tasks/5ddfb57a-bc6b-42bb-a042-f906e5a2cabb/ # Reference: https://www.virustotal.com/gui/file/bc7900c1440c578c0dc0de73889755bbbf9e43026d8beafe83dbdc5d76dd6a62/detection http://193.56.28.228 # Generic /api.php?chatid= /sendDocument?chat_id= /webpanel-ele/inc/bc4514100d55a6.php /webpanel-ele/inc/ /bc4514100d55a6.php /webpanel-nana/inc/337aea9edeb1f9.php /webpanel-nana/inc/ /337aea9edeb1f9.php