# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/
# Reference: https://www.virustotal.com/gui/file/277d7f450268aeb4e7fe942f70a9df63aa429d703e9400370f0621a438e918bf/detection

http://144.76.173.247
http://195.123.226.91

# Reference: https://twitter.com/Ishusoka/status/1614028229307928582

http://157.90.248.179
http://213.252.244.62
http://77.73.134.68

# Reference: https://twitter.com/ULTRAFRAUD/status/1620158819023323137

videolan-web.org

# Reference: https://twitter.com/Gi7w0rm/status/1631756650234167299
# Reference: https://twitter.com/MalwareSearcher/status/1638096508686925824
# Reference: https://tria.ge/230303-y6p8daag4w/behavioral1

http://82.118.23.50
pcworldgetin.net

# Reference: https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown

walmart.lc
marketplace.walmart.lc

# Reference: https://twitter.com/Ishusoka/status/1645048767484239872

http://23.254.225.133
http://82.117.255.127
http://82.117.255.128

# Reference: https://twitter.com/Ishusoka/status/1649716132822089728

http://109.105.198.114
http://185.99.132.51
http://192.236.233.253
http://79.137.203.190

# Reference: https://twitter.com/Ishusoka/status/1652670103404544006

http://85.239.62.218

# Reference: https://twitter.com/Ishusoka/status/1655156071168655361

http://185.99.133.246
http://45.8.146.130
http://45.8.146.213

# Reference: https://twitter.com/g0njxa/status/1658488606485540865

http://195.123.227.138
anysoft.live
virtualbox-vb.com

# Reference: https://www.virustotal.com/gui/file/2dc0f50fa7eb53be17b578fbcb66a5ec8c40d250fd9be7b2b96663624fa4dba8/detection

gstatic-node.io

# Reference: https://www.virustotal.com/gui/file/9ee6c9be68204aea85dce08e6ba8c9395f827f22e5f3ee430172abe9ea5fbd0b/detection

aloowforest.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/

http://168.119.4.83
http://217.12.206.230
http://217.25.91.15
http://45.15.25.190
http://89.116.255.182
http://94.142.138.78
http://94.158.244.69
1private.pro
91.215.85.210:48237
agustfreeday-my.xyz
clonecloud-my.xyz
crazypictures.xyz
demomoves.xyz
extrasofts.org
fastcloudlife-my.xyz
flowers-my.xyz
gservice-node.io
kellmda.click
many-verses.xyz
private-cloud-server.pro
skicloud-my.xyz
speedtestip.xyz
stoppublick.xyz
vipcloud-my.xyz
worldofpoetry.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-07-27)

dodgeavay.xyz
gbbsoft.xyz
jonesleming.xyz
jornesfree.xyz
laynchcontrol.xyz
modifesistem.xyz
privategame.xyz
promocar.xyz
promomilk.xyz
scandimyth.xyz
slading.xyz
traftech.pro
viemon.xyz
westwork-my.xyz

# Generic

/c2conf
/c2sock
