# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: apt36, apt-c-36, blind eagle # Reference: https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/ mentes.publicvm.com medicosco.publicvm.com ceosas.linkpc.net ceoempresarialsas.com ceoseguros.com diangovcomuiscia.com ismaboli.com # Reference: https://twitter.com/HONKONE_K/status/1145536069435195392 medicosempresa.com # Reference: https://twitter.com/1ZRR4H/status/1503572957595111427 # Reference: https://tria.ge/220314-3qe5padgh2 181.131.217.174:2050 febenvi.duckdns.org # Reference: https://www.virustotal.com/gui/file/ebbc37e280f15408a2ff17bec1151cc64d151e20c1e59209a76b9eb3944d6704/detection 181.130.5.112:33889 defenderav.con-ip.com # Reference: https://twitter.com/th3_protoCOL/status/1517144901871235072 # Reference: https://www.virustotal.com/gui/domain/polycomusa.com/community # Reference: https://www.virustotal.com/gui/file/13e36170821628f9097862556e42cbed5f1cccc6897405fc7edc8ae914675bf4/detection polycomusa.com ajaxcoder.polycomusa.com axu87794.polycomusa.com giraffebear.polycomusa.com hellmagers.polycomusa.com host-rami.polycomusa.com mega.polycomusa.com sainth.polycomusa.com sanctuary.polycomusa.com sicariop.polycomusa.com smakaf1.polycomusa.com therussian.polycomusa.com yty0do.polycomusa.com zhost.polycomusa.com zvoracle.polycomusa.com /hAkDVgKdlfL7jcn/ # Reference: https://www.virustotal.com/gui/file/378e01925608bcd74544a5b5536c20a0007eb255e145370df228bb004aa59de2/detection 103.151.124.233:666 # Reference: https://www.virustotal.com/gui/file/f964f108f661de1c15e3cedee074cf1617ce02f85eb7e8613077f9ed95c4b37d/detection 45.147.231.85:12632 # Reference: https://www.virustotal.com/gui/file/e81baa5e7bf0fe2ebeb07983e71d05d09698e567d9bcaf17176e631156d01c60/detection 181.130.9.145:6525 marzo72022.con-ip.com # Reference: https://www.virustotal.com/gui/file/95eb3d6f61d5082bee11ea47a7c90c0dcdc18af71985276ab56f648dcc549d87/detection 2.56.59.208:7075 # Reference: https://www.virustotal.com/gui/file/8c2215d43e7cd77c90a424ca6c81c1b94acf01eaecbb048447e171ebef0c2dfd/detection 2.56.57.27:8080 # Reference: https://www.virustotal.com/gui/file/8b437a76538722dc4535cbf3180005eb973caa6e9be13c6d3852fed1789960a0/detection 181.130.9.145:6522 enero2022.con-ip.com # Reference: https://www.virustotal.com/gui/file/80e498268b8be964d5a74ca226218b17cb7a28a8929e70e2d2c3aed768e6308c/detection 62.197.136.252:1655 # Reference: https://research.checkpoint.com/2023/blindeagle-targeting-ecuador-with-sharpened-tools/ upxsystems.com laminascol.linkpc.net systemwin.linkpc.net # Reference: https://otx.alienvault.com/pulse/64419d343c9d98fc279185f7 dian.server.tl # Reference: https://twitter.com/Joseliyo_Jstnk/status/1654038642489442304 # Reference: https://twitter.com/Joseliyo_Jstnk/status/1654038649514921984 chileimportaciones.cl /udodinmauwa.txt # Reference: https://twitter.com/0xToxin/status/1654802474534830080 # Reference: https://tria.ge/230506-mbyeqagg43/behavioral1 # Reference: https://tria.ge/230506-mdhr2sgg55/behavioral2 177.255.89.112:4203 177.255.89.112:5220 strekhost2066.duckdns.org # Reference: https://twitter.com/dark0pcodes/status/1678920710872244225 cryptersandtools.minhacasa.tv vargasvargasabogadosnotificaciones.privat.lc # Reference: https://mp.weixin.qq.com/s/-7U1-NTP0EdVOtptzbHUsg (Chinese) autgerman.com subirfact.com autgerman.autgerman.com