# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: eternity stealer

# Reference: https://twitter.com/James_inthe_box/status/1509271782578040832
# Reference: https://twitter.com/crep1x/status/1509280618185691147
# Reference: https://twitter.com/3xp0rtblog/status/1509601846494695438
# Reference: https://app.any.run/tasks/08105479-b1e1-4d32-9a48-a7ed3bb600e5/

eternitypr.net
eternitypr.xyz
eterprx.net

# Reference: https://twitter.com/Finch39487976/status/1529737513824407552

lightnogu5owjjllyo4tj2sfos6fchnmcidlgo6c7e6fz2hgtyhfhoyd.onion
soapbeginshops.com

# Reference: https://twitter.com/fr0s7_/status/1534628175476625411

rlcjba7wduej3xcstcjo577eqgjsjvcjfsw4i23fqvf2y27ylylhmhad.onion.pet

# Reference: https://blog.morphisec.com/nft-malware-new-evasion-abilities
# Reference: https://otx.alienvault.com/pulse/632da71f4b3c4319951b02d7

abracadabra.run
clipper.run
coinstats.top
dune-analytics.com
hawksight.space
illuvium.run
mmfinance.fund
opptimism.com
optimism.run
perp.run
polygon-bridge.com
rwwmefkauiaa.ru
yieldsguild.com
app.opptimism.com
app.optimism.run
app.perp.run
wallet.polygon-bridge.com

# Reference: https://twitter.com/r3dbU7z/status/1582568050590875649

111.90.151.174:7777

# Reference: https://twitter.com/AttackTrends/status/1623265703372505090
# Reference: https://www.virustotal.com/gui/ip-address/195.133.40.43/relations

mailcenter.ydns.eu
storageapi.ydns.eu
storageapis.ydns.eu

# Reference: https://www.joesandbox.com/analysis/1168647

eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion

# Reference: https://twitter.com/RakeshKrish12/status/1640252381618139136
# Reference: https://pastebin.com/wUwsTynk

rlcjba7wduej3xcstcjo577eqgjsjvcjfsw4i23fqvf2y27ylylhmhad.onion