# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: meta stealer

# Reference: https://isc.sans.edu/diary/28522

193.106.191.162:1775

# Reference: https://twitter.com/r3dbU7z/status/1598702463158288384
# Reference: https://twitter.com/SinghSoodeep/status/1600821439766351872
# Reference: https://www.virustotal.com/gui/file/bde1d3e5fe7ae826dd534da40a93cb65ec35bf4e9441da62817effd10800b0ae/detection
# Reference: https://www.virustotal.com/gui/file/76c73380cc4deb30cbfbe8a7fd551da5aba1150505fb5b0b66599e4ba491848b/detection
# Reference: https://www.virustotal.com/gui/file/992c8f9fa72867910066a93163572a6feda8a9c4c6283da1042b2ba9117229c5/detection

185.200.190.185:1775
fled.store
gyaiaouyuakaeqgu.xyz
uosqysascuwmqgyk.xyz

# Reference: https://twitter.com/abuse_ch/status/1620450108134535169
# Reference: https://www.virustotal.com/gui/ip-address/185.206.145.96/relations
# Reference: https://www.virustotal.com/gui/file/58d74cb162b4d75b8857642c6ee0ff4107de8670f7b50b3c2e98c715c1555de5/detection

185.206.145.96:1775
gimptop.life
tor-brows.store
uiouaqcqqcgueweg.xyz

# Reference: https://twitter.com/AuCyble/status/1629111337203924992
# Reference: https://www.virustotal.com/gui/file/65c2dbec05a4949cc40e6817b66c3a2a3a99e73f6c500070b721107b2b09bc74/detection

45.138.74.170:12345
metamsoft.tech

# Reference: https://github.com/pan-unit42/tweets/blob/master/2023-04-13-IOCs-for-MetaStealer-infection.txt
# Reference: https://www.virustotal.com/gui/ip-address/185.172.129.192/relations

185.172.129.192:1775
mmswgeewswyyywqk.xyz
wgcuwcgociewewoo.xyz
kvckz.engineercoin.xyz

# Reference: https://twitter.com/pollo290987/status/1658230510617862147
# Reference: https://www.virustotal.com/gui/file/be23d93128af34f8a0c84faeb605c524906d7d0f1f88ee3c3e50e2419819042b/detection

167.88.12.99:1775
iqowocguasswcmca.xyz

# Reference: https://twitter.com/NexusFuzzy/status/1711714297464664556

193.233.254.218:23493
194.169.175.232:45451

# Reference: https://threatfox.abuse.ch/ioc/1196832/

194.87.31.142:3000

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/12/new-metastealer-malvertising-campaigns

cewgwsyookogmmki.xyz
csyeywqwyikqaiim.xyz
iqaeaoeueeqouweo.xyz
iqwgwsigmigiqgoa.xyz
kiqewcsyeyaeusag.xyz
ockimqekmwecocug.xyz
rawnotepad.com
startworkremotely.com

# Reference: https://twitter.com/Cuser07/status/1750046361201082589
# Reference: https://www.virustotal.com/gui/ip-address/185.172.129.87/relations
# Reference: https://www.virustotal.com/gui/ip-address/89.191.234.14/relations
# Reference: https://www.virustotal.com/gui/file/710191b05ec3faf6012bad12e6d66a638301da9c6f0b6a14413b716023c1fcfb/detection
# Reference: https://www.virustotal.com/gui/file/1ed0b21cba44b2511d574d81bc328e7bd6f498c552ff0f0beaa7aad2d98e522d/detection

ikomoouessgqekmc.xyz
ikswccmqsqeswegi.xyz
kiyaqoimsiieeyqa.xyz
ssqsmisuowqcwsqo.xyz
ykqmwgsuummieaug.xyz

# Reference: https://x.com/karol_paciorek/status/1810572476012716305

http://77.105.135.39

# Reference: https://x.com/StrikeReadyLabs/status/1860368286208197079
# Reference: https://www.virustotal.com/gui/ip-address/166.1.160.162/relations
# Reference: https://www.virustotal.com/gui/ip-address/31.192.232.92/relations
# Reference: https://www.virustotal.com/gui/file/91251635b5bec7882ada03980c0dcb33056687e70ad481234a3f16daf7276ee9/detection
# Reference: https://www.virustotal.com/gui/file/001e4b47c4d5e2bfe5355871065ed8b14b78011ad048d336047d8c5c9281e170/detection

http://166.1.160.162
doc-system.org
cgeewuguwiikcwug.xyz
ekacwgokqcscqysi.xyz
esuyiyesukcuoico.xyz
eyoyiqskiciwwoyw.xyz
keoqiqigggqkcykq.xyz
muuagqkickggsewc.xyz
qckwwsmukogkeuge.xyz
qcwcksiayqqmwssm.xyz
ueaokkmeuioagwuc.xyz
uyicacsgusyikwmy.xyz
wiaiwegmqcmwcouw.xyz
ygiqycocskiqysoa.xyz
ymyqqiqyiyaoksou.xyz
docusign-1.doc-system.org
docusign-11.doc-system.org
docusign-12.doc-system.org
docusign-13.doc-system.org
docusign-18.doc-system.org
docusign-2.doc-system.org
docusign-20.doc-system.org
docusign-21.doc-system.org
docusign-22.doc-system.org
docusign-23.doc-system.org
docusign-24.doc-system.org
docusign-25.doc-system.org
docusign-28.doc-system.org
docusign-29.doc-system.org
docusign-3.doc-system.org
docusign-30.doc-system.org
docusign-31.doc-system.org
docusign-32.doc-system.org
docusign-34.doc-system.org
docusign-38.doc-system.org
docusign-39.doc-system.org
docusign-40.doc-system.org
docusign-6.doc-system.org
docusign.doc-system.org

# Reference: https://x.com/DaveLikesMalwre/status/1873101211110453512
# Reference: https://x.com/DaveLikesMalwre/status/1873102960135209158
# Reference: https://www.virustotal.com/gui/ip-address/193.32.177.34/relations
# Reference: https://www.virustotal.com/gui/file/45ac733998f235871e398719d9742b9acf160a2eacc1197215a4bd98f62ce408/detection

http://193.233.22.59
193.233.22.59:8080
31.192.232.119:8080
docservice.online
documents-online.info
usa2.info
us5.info
com.us5.info
icloud.com.us5.info
mail.us5.info
ns1.us5.info
ns2.us5.info
pn.us5.info
aaiouwywwcwuuasm.xyz
aamuskacaaiycguu.xyz
aauquiiqeugcwswc.xyz
aawqwccomcemcysm.xyz
acgcaiyykiigugms.xyz
aikmouciiqgecoqi.xyz
aiyksmkyqgyaemiw.xyz
akaueuwoocwkkoya.xyz
aksuakswwkiimamq.xyz
akueuaicusaoieiy.xyz
aomaeyokqgsuomii.xyz
aoosomigeaiewqom.xyz
aosywgkogcissggi.xyz
aoymcmmeqqqgwwca.xyz
aqmqywkwsmmayyoi.xyz
auayomwkewcomwas.xyz
auowmussgaesgwas.xyz
auuisqaykqgeesae.xyz
awyomscgweuqmgaw.xyz
cauewwukyywyqiei.xyz
ceeomiecgymecgau.xyz
ceoqyeiycqkumwao.xyz
ceucuuwiwwuiweaq.xyz
cmukociggiqcouio.xyz
cogsyycsuwoysugi.xyz
cseksqccmgaieyic.xyz
csiykwakekqoqaym.xyz
csmgwcogqqcwseka.xyz
csoqiicgaaiyyoom.xyz
cuccygameukkeumw.xyz
cycscsqyqkeaykgc.xyz
cykgmsqcgysgaioo.xyz
cykgucwkesokooyw.xyz
cyqaqqcqamemsiog.xyz
cyswykkcmggyiqwo.xyz
cyyukyomsoiqyyqa.xyz
cyyyokugycioysok.xyz
ecacmycegqoaquio.xyz
ecgkeyeueawgcuqo.xyz
ecimsaauyieykegi.xyz
ecmckkeyoskcigeu.xyz
ecmyomcaicqysoqw.xyz
ecsamoyaimquqwow.xyz
eigkgwkyuqssgamw.xyz
eiqqequeskcqiqmw.xyz
ekcwemuekgqsimae.xyz
eqakguiwiqacqiwg.xyz
eqgwaamacqweiwie.xyz
eqkkkcuwkiqiecac.xyz
eqmeimmouegoasay.xyz
eqmycgagykgkqwsu.xyz
equmqmqwuuuioawa.xyz
eqyyguuwsyqaqgsq.xyz
esiaisyasoaoqwki.xyz
esimsqgcwwwmyoqc.xyz
eswweuycwwiiykwo.xyz
ewacuagosgqmuocm.xyz
ewywcoeukaoaegci.xyz
eyoaceoookqskqmy.xyz
eyoyssauceguqwmk.xyz
gacgceaygaecuguy.xyz
gaisoawuoicqsumy.xyz
gakowseyscmeqkya.xyz
gaoweoyqcuuykwgu.xyz
gcikuiqswcgsscog.xyz
ggeqowwmmmeekigg.xyz
ggicikyqcaiyguee.xyz
ggkyecqguqkkuoso.xyz
ggkyuooyikmqoscw.xyz
ggmwwewskeiggosq.xyz
ggqgwuaseamkyywa.xyz
ggwsuoyyioagegkw.xyz
giqukkwwcwgqcisg.xyz
gmmacaiigwcscggs.xyz
gmooqswyuuqaiomi.xyz
gmwcscokucowyogs.xyz
goeykqccmemkswom.xyz
goguooqkgysueime.xyz
guimuaoiecmouigq.xyz
gwamoggwyegsseao.xyz
gwwcqeykmseicgaw.xyz
iagisciiyoemgwaa.xyz
ieikmuieoqqmugwu.xyz
ieuaeqceycqyqygk.xyz
ieywwkeuouoqgqms.xyz
igaiseoqksuoukqg.xyz
ikgkgaaqqsmomuim.xyz
ikoqkscwsowwukmi.xyz
ikwyooieywakeqog.xyz
ikwyuqgsegcgcccg.xyz
imigkomgmqgmakqk.xyz
immcqsiceooqyaay.xyz
immyecuqwkiyscys.xyz
iqcaysimoeeqamky.xyz
iqcqqquiwomgsmma.xyz
iqmeccigieosgmwq.xyz
isaeicumkcuwqmqq.xyz
isemauqkwwiumyky.xyz
ismqaewykmoiguki.xyz
iyaikmkkowcqemsi.xyz
iyaqqeamygmakcgo.xyz
iyawyckqggkwsyoq.xyz
iygsiugeeogoeiyi.xyz
iymukyseoieqccac.xyz
kccmicaswqmswwak.xyz
kcesagqugouwkqyg.xyz
kckcekceqgcyqcsa.xyz
kcqkucqkogqiuukw.xyz
kcsqwmkusesaccwa.xyz
kcyakwisycecaqgw.xyz
kcyoeiykekuqkkmg.xyz
kecgikusmakuksma.xyz
keguuyioweymiaws.xyz
keosqeosukqcooco.xyz
kigcewceemkckeow.xyz
kkcqgowgkcoyokcu.xyz
kkwkgmcoawgaoiwg.xyz
kocgeaeoakgqewog.xyz
koecgqggegimaeya.xyz
koioiiwouukqousy.xyz
koiugmaqgkawaiyw.xyz
kqoceoymymoicqky.xyz
kqsamcsauqiagmma.xyz
kqukwaogqoucsaas.xyz
kuiomoiwauwckqeq.xyz
kuiqsugkqeoscguo.xyz
kuoqgwooymgsqaum.xyz
kuywuskkgqsigqqs.xyz
kwaywmaequkqccai.xyz
kwuuwgemogmuomwq.xyz
maiyuocqqiqiiskw.xyz
maoeeogmuauywsyu.xyz
mgeycqkiwggsymyc.xyz
mgiwaegaqyyaakwy.xyz
mgseamqmgkqcuewy.xyz
mgwmkyyqckeewgce.xyz
miacggmycyqikoyq.xyz
miigookwguakmkeu.xyz
mmeuqmoaekswggoe.xyz
mmisquwegymayaee.xyz
mmygsewuukqkiiok.xyz
mmymmauyiiksiugu.xyz
mmyukmsqamgicqai.xyz
mocikyoeikocwkuc.xyz
mssaogwocegysoow.xyz
myaueqycgeikwagc.xyz
myisokqwsmqeusuy.xyz
myoyccuwcyaygceg.xyz
mywaqkeaawisisky.xyz
myymasomksgeawqw.xyz
ocsqocikkcggeaaw.xyz
oeegecksewamggaa.xyz
oekyamueeiiousia.xyz
okgeqaswygsgykme.xyz
okkyekwuommcicqi.xyz
okoguckagygoqqgk.xyz
omasqkwqyskcagwi.xyz
ommwaqgaemsmcqwc.xyz
omsqkuiwcwoegooq.xyz
omuquowgiusiesgk.xyz
oqacqgmiaaewmmey.xyz
oqegmuqkgyaywwmc.xyz
oqoemaogyoikomiy.xyz
oqouwceoowyiwgag.xyz
oqsakkimkesccikc.xyz
oqummowmqwcgsegm.xyz
oqyaoykomyoygics.xyz
osaeyoiqoqawauga.xyz
osaymwoggqqycmse.xyz
osmoygyawqmmimkq.xyz
ososwckwcqmmwqcy.xyz
owaaygsacguucaye.xyz
owewoieiwasaueco.xyz
owoksuegymmgesys.xyz
oyekqyccewougasu.xyz
oyewqwkusieeoqey.xyz
qascmswkaisogoaq.xyz
qciqgoeogwwmwkcw.xyz
qcyksokwumicscaa.xyz
qgkgogieieoomkqq.xyz
qgkmsekougssaawq.xyz
qgmyeeguweaukuke.xyz
qgukewuuykmmkgeq.xyz
qiswcssocuqsaqkq.xyz
qiswokuokugiooky.xyz
qiuswcgwaqgemwcg.xyz
qogsmcecyusiyaim.xyz
qoiiomimuoaqgeku.xyz
qokykyyigsyqggqe.xyz
qoowyoueaaaccgqs.xyz
qqqmeagkkosgcayo.xyz
quisoakcuqsygyyc.xyz
qumaseqmggyaiauq.xyz
quoqoooiamqkkosc.xyz
qusmiuqmmgqsgeci.xyz
quuemeewaqaiiyqc.xyz
qwmaokcmiwuqqyes.xyz
qwywqgsmgaoiwsga.xyz
saumycuogqsqykes.xyz
sauygqecsusickcu.xyz
seioywksogeseqig.xyz
seoomaqwwimwueiw.xyz
sesyieaiesegeaow.xyz
seuuicaewuoaumes.xyz
skekiggeimmceqcg.xyz
skgcsksqyekiymii.xyz
sksiyqgummyycgmi.xyz
skyqsyyymyacyayc.xyz
smaaowemwiwggocu.xyz
smckcsaioceiyasu.xyz
ssagiiaauyewiswa.xyz
ssegwgieumyoasym.xyz
ssoqscyewimqiqme.xyz
sssawsmmkmuyqsaq.xyz
uccyyemqaiiksuwm.xyz
uceaygkekiassamu.xyz
ucmioacycscyeouk.xyz
ucuiiwcwwgimkyyi.xyz
ucwesqiquqggymqe.xyz
ucyoqcksaiiwgqae.xyz
uecouukwkuceyuwg.xyz
uiggameqqycugsqw.xyz
uiguoqqagkiuagyc.xyz
ukaiiiyqoooycyqm.xyz
ukekykoqskumoikg.xyz
ukicsmiwggcwksam.xyz
ukmcqucewskcqygg.xyz
uksgyqiqaaiaiesi.xyz
ukyokaigmmkumgoa.xyz
uoaeyoycyycqkoci.xyz
uoeeuiaewmogugeo.xyz
uoeiymqawsqiyuck.xyz
uogksceymossmmqc.xyz
uoigsiqmemcscosu.xyz
uokqeaieowiogsgc.xyz
uowgcyqcgaqiumoi.xyz
uowowiqiyeiuwmcc.xyz
uqyukkamycuaimsu.xyz
uwgicagyykoommga.xyz
uwimwwicgcscuoku.xyz
uykkwkqqemamguwa.xyz
uymiagmwmqmimewm.xyz
uyqcacmsiquuwggq.xyz
wacqigcacsemkyos.xyz
waeqkmeeasauygum.xyz
waeqwwagawqkksya.xyz
waokmuyyeooamowm.xyz
waqcciyigkuoygqy.xyz
waqmyueimmyiuawq.xyz
waqucgoeeeeymeii.xyz
wgcaouuqqqwucogy.xyz
wggikwiqowiwqcqg.xyz
wgqyouayikuyuqmk.xyz
wgswkwaesqqwkoaa.xyz
wgyimykogekgewoa.xyz
wgymkeismmiemsqq.xyz
wiywykakusaygisc.xyz
wmoamsauiwauoosg.xyz
wmqcgwcegsomeqas.xyz
woceumwmwioocusa.xyz
woeamasicuiqyckq.xyz
wsaekoiomeagsaes.xyz
wssaqmakumewmaes.xyz
wucwykasawokemaw.xyz
wukaqiusicksuguo.xyz
wuusiiukmwcmimyk.xyz
yegskieoocgoamyi.xyz
yekiwquqaacesqqq.xyz
yequgaccqouegcmw.xyz
ykaimcgigakggwec.xyz
ykeaoyaycoiamqey.xyz
ykocagogmeiwmymy.xyz
ykomskascimimomo.xyz
ykqocceawkwoagmc.xyz
ymmcwogyimsuqmcc.xyz
ymqaaskiwomkucuy.xyz
ymsaymyugccysmow.xyz
ymuiggyusggsymoi.xyz
ymysimqoykwqeqiq.xyz
yqcakkmwigkaumii.xyz
yqceweqmaumwwywy.xyz
yqeugeoquqsokgqk.xyz
yqocoeikiyacyuck.xyz
yqqsggacauiiugka.xyz
yquocucuqoywwcsu.xyz
ysawassgkwqygmmq.xyz
ysoqqwckkqssyigm.xyz
ywcuqkkmmqioiwqk.xyz
ywegqamoegumacgi.xyz
ywkamsiogkycyosy.xyz
ywqiciegywcouoiy.xyz
ywyawywiuyecuiuu.xyz
yyacmosgygqayqys.xyz
yyemsyoimicqmais.xyz
yyimcoiwgckeakcm.xyz
yyusosuyycoeikgo.xyz

# Generic

/tasks/get_worker
/meta2406.exe
/meta2606.exe
/meta2806.exe
