# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: lazarus stealer

# Reference: https://x.com/solostalking/status/1953741512136688056

193.151.108.203:1133
193.151.108.207:1133
193.151.108.243:1133
193.151.108.33:1133
193.151.108.49:1133

# Reference: https://www.cyfirma.com/research/lazarus-stealer-android-malware-for-russian-bank-credential-theft-through-overlay-and-sms-manipulation/
# Reference: https://www.virustotal.com/gui/file/2574acd7fd593a639600566eab8084d783b6f0dcd5937e390a21c5ea11cc3cc5/detection
# Reference: https://www.virustotal.com/gui/file/d1ccc8dfd010130692a06fcc3b2ce737d156b0647a9c3d8a5707a5284faf18a1/detection

104.234.114.102:1133
104.234.114.91:1133
108.165.237.172:1133
108.165.237.189:1133
108.165.237.217:1133
108.165.237.32:1133
108.165.237.94:1133
139.99.65.17:1133
146.103.11.134:1133
146.103.11.211:1133
146.103.11.35:1133
151.242.122.171:1133
151.242.122.79:1133
151.242.41.247:1133
151.242.41.74:1133
151.242.41.9:1133
151.242.58.106:1133
151.242.58.160:1133
151.242.58.250:1133
151.242.58.251:1133
151.243.254.108:1133
151.243.254.19:1133
151.243.254.32:1133
151.243.254.40:1133
151.243.254.45:1133
151.243.254.56:1133
151.244.170.5:1133
151.244.234.243:1133
162.19.145.39:1133
162.19.147.240:1133
163.5.160.214:1133
176.65.137.53:1133
185.102.115.72:1133
185.170.154.195:1133
185.170.154.201:1133
191.96.207.214:1133
193.151.108.24:1133
193.151.108.39:1133
193.221.200.188:1133
193.233.18.61:1133
2.58.56.139:1133
2.58.56.26:1133
2.58.56.54:1133
213.21.237.206:1133
23.26.108.130:1133
23.26.201.103:1133
23.26.201.222:1133
23.26.201.236:1133
23.26.201.48:1133
23.26.201.99:1133
23.94.126.153:1133
23.95.162.206:1133
23.95.162.210:1133
23.95.162.217:1133
23.95.162.249:1133
31.57.166.40:1133
31.57.166.87:1133
31.58.169.153:1133
31.58.169.29:1133
31.58.169.90:1133
45.138.16.177:1133
45.141.215.123:1133
45.141.215.209:1133
50.114.115.178:1133
50.114.115.182:1133
50.114.115.89:1133
51.195.94.113:1133
51.75.85.165:1133
77.105.161.255:1133
91.206.169.150:1133
inqu-lazarus.icu
mzwnp.online
pidorasy-lazarus.com
venom-lazarus.life

# Reference: https://x.com/solostalking/status/1975501888931176563

151.243.254.56:1133
151.244.170.12:1133
23.26.201.168:1133
31.58.169.29:1133
51.89.87.74:1133
