# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://twitter.com/James_inthe_box/status/1193539893000986624 # Reference: https://www.virustotal.com/gui/ip-address/130.185.238.32/relations # Reference: https://www.virustotal.com/gui/file/179349534f184774b18b7dbcf7442a537fe640e373f5c4cc6b39d3076240c11b/detection # Reference: https://www.virustotal.com/gui/file/9cc448001e8ed355520e26c328d33f1b8031b26796923608cdf920fb6617dbb2/detection # Reference: https://www.virustotal.com/gui/file/b078b3cba73f7dc905d395b014f610000ab37cc1500be00d64ce48c7cd9378b2/detection http://130.185.238.32 coinstolkbr79.dyndns.org # Reference: https://twitter.com/reecdeep/status/1291002877633331201 # Reference: https://app.any.run/tasks/1c5c1fef-a022-4143-b3d8-e365a38b8a20/ # Reference: https://www.virustotal.com/gui/file/8df61999996b08c2f77e53869f75e2ea399f1bad5a5dc5d5969f4b5e9d8d5751/detection 142.11.212.211:8081 pizzacircusbarcelona.com # Reference: https://twitter.com/JAMESWT_MHT/status/1291013627680624642 167.114.217.220:9090 # Reference: https://twitter.com/Dashowl/status/1296886074053099520 http://173.0.54.19 # Reference: https://twitter.com/JAMESWT_MHT/status/1303248634507657216 155.138.137.44:3030 # Reference: https://twitter.com/K_N1kolenko/status/1328605692643713025 146.59.193.20:1948 # Reference: https://twitter.com/ESETresearch/status/1390263927859208193 # Reference: https://twitter.com/ESETresearch/status/1390263930833063938 binanceassistance.com spotifyannounce.com # Reference: https://twitter.com/johnk3r/status/1524847789766852630 24.152.38.130:4398 # Reference: https://twitter.com/da_667/status/1530296455981936646 # Reference: https://www.virustotal.com/gui/ip-address/167.114.88.99/relations # Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/grandoreiro-banking-malware-resurfaces-for-tax-season/ 167.114.43.27:4433 belfaro.com.br iuc1tab1tatitbw.freedynamicdns.org iuc1tag1sjsdtbb.freedynamicdns.org iuc1tan1xatmtkk.freedynamicdns.org iuc1tan1xqs4tjf.freedynamicdns.org iuc1tas1satjtjo.freedynamicdns.org iuc1tas1xao3taf.freedynamicdns.org iuc1tbb0sqpmtak.freedynamicdns.org iuc1tbs0taoztjw.freedynamicdns.org iuc1tbw0sasztjb.freedynamicdns.org iuc1tbw1xjoztko.freedynamicdns.org iuc1tjf0satltbs.freedynamicdns.org iuc1tjj0uas0tbs.freedynamicdns.org iuc1tjk0sqpltbo.freedynamicdns.org iuc1tjk0xqpltbo.freedynamicdns.org iuc1tko1sqs5tjg.freedynamicdns.org # Reference: https://twitter.com/JAMESWT_MHT/status/1531566144594841601 http://20.187.91.219 20.187.91.219:44441 # Reference: https://twitter.com/1ZRR4H/status/1549261002725679105 # Reference: https://www.virustotal.com/gui/ip-address/20.70.2.177/relations http://20.70.2.177 a404140024b44.servehalflife.com a40494449.servehalflife.com a4049475a475955.servehalflife.com a404e4306.servecounterstrike.com a40595c5747595c.servehalflife.com a41534548.servequake.com a425b4159455043.zapto.org a44504159455043.zapto.org a44504605.zapto.org a44504959.zapto.org a44524358475241.servehalflife.com a4452435e475959.servehalflife.com a445b525b.zapto.org a454b4603.zapto.org a45504205455053.zapto.org a45504603.zapto.org a455b5303.zapto.org a455b5e02455b42.zapto.org a46404600.zapto.org a46405259.zapto.org a46405e00455b5a.zapto.org a464b4205455a5a.zapto.org a464b534b.zapto.org a46524b5b.servehalflife.com a46594b5a.servehalflife.com a4742475f475858.servehalflife.com a49405305.zapto.org a4940534b.zapto.org a495b5258.zapto.org a4a585057.servequake.com a4b42435b475155.servehalflife.com a4b424b5a.servehalflife.com a4b42505f.servehalflife.com a4b425c57475144.servehalflife.com a4b52505a.servehalflife.com a4b525c06475151.servehalflife.com a4b59505f.servehalflife.com a4c454c5d.servecounterstrike.com ftpbtag1sjoztbf.freedynamicdns.org ftpbtao1sztitjf.freedynamicdns.org ftpbtbs0uatmtko.freedynamicdns.org ftpbtjw0xaphtaw.freedynamicdns.org ftpxtak1wqo1tjk.freedynamicdns.org ftpxtan0xas5tab.freedynamicdns.org ftpxtjj0uaphtar.freedynamicdns.org iuc1tbw0tas4tab.freedynamicdns.org iuc1tjg0xjsftbo.freedynamicdns.org iuc1tjn1tjo3tjs.freedynamicdns.org iuc1tjs0xasftbo.freedynamicdns.org xacjtjozxaw3.freedynamicdns.org xaxhtbkzsqcm.freedynamicdns.org # Reference: https://twitter.com/ankit_anubhav/status/1555521068734902272 premierecombate.eastus.cloudapp.azure.com # Reference: https://twitter.com/ankit_anubhav/status/1555815597769863168 # Reference: https://www.virustotal.com/gui/ip-address/20.115.83.63/relations http://54.39.194.67 amixtubinemasterx.com beacocosmasterx.top centroempresarialkutsni.com customdefivewrs.top dextelmacwordsx.top domanekiewex.top empresarialkutsni.com empresarialkutsnicorp.com empresarialmixtur.ml empresarialmixtur.tk empresarialwebcustom.top mixtubinemasterx.com mixtubinemasterxnet.com /$NOTADIGITALFISCAL # Reference: https://github.com/CronUp/Malware-IOCs/blob/main/2022-08-05_Grandoreiro http://20.10.3.196 http://20.197.31.100 http://20.226.27.45 http://209.127.179.58 http://54.39.194.67 amixtubinemasterx.com beacocosmasterx.top dextelmacwordsx.top domanekiewex.top empresarialkutsni.com empresarialkutsnicorp.com empresarialwebcustom.top mixtubinemasterx.com mixtubinemasterxnet.com # Reference: https://twitter.com/reecdeep/status/1291717803385520128 142.11.213.42:8081 # Reference: https://www.zscaler.com/blogs/security-research/grandoreiro-banking-trojan-new-ttps-targeting-various-industry-verticals http://15.188.63.127 http://18.231.180.92 http://35.180.117.32 http://35.181.59.254 http://52.67.27.173 http://54.232.38.61 15.188.63.127:36992 assesorattlas.me atlasassessorcontabilidade.com barusgorlerat.me damacenapirescontab.com mantersaols.com perfomacepnneu.me vamosparaonde.com premiercombate.eastus.cloudapp.azure.com chjjhjmomaoheoojjbynnyjiidfcncc.cable-modem.org ifnnfnmcmacfdccnnjynnyjiidfcncc.collegefan.org jmllmedvhgmhldjgmhvmmlljhvgdzvzz.dynns.com odbbdbmgmagdfggbbnynnyjiidfcncc.blogsyte.com pcbbcrjcgbcghjpbcgkccbjorkhhjcjj.fantasyleague.cc /$FISCALIGENERAL3489213839012 # Reference: https://twitter.com/1ZRR4H/status/1570233170997694466 20.206.121.215:4144 procedimentos09092022.blob.core.windows.net # Reference: https://app.any.run/tasks/74ed9bfb-68d7-492a-8c2a-4236fe2589c6/ java-update.online mymodulop2pcar.servehttp.com /Bv3wF1uHKG/counter.php /Bv3wF1uHKG/ # Reference: https://www.virustotal.com/gui/file/fd00307c2ea5313be921b31b2c9ddad5a5cd0df4bcf81814d07243fdf24fbc49/detection http://108.62.118.17 # Reference: https://hybrid-analysis.com/sample/f8991e3f7b524edc26a64543b57dd3f7cd69a2f8b04ce934d9334bf8ade8b396 sgd.servehttp.com # Reference: https://twitter.com/StopMalvertisin/status/1575427033504501760 # Reference: https://www.virustotal.com/gui/file/0a9d7369a1c4cb32172404abd4e1a6c5aa35a674b4bfdcca81dc909b0f047b65/detection filestorel.eastus.cloudapp.azure.com # Reference: https://twitter.com/noexceptcpp/status/1578403486181560322 # Reference: https://app.any.run/tasks/218fcddb-49f5-4eaa-9ea3-8d22535c2a1d/ http://20.70.3.186 104.129.205.92.host.secureserver.net nmp20887a02021498.s3.amazonaws.com /contgmx/clientes.php /.Nfe1456345340/ # Reference: https://twitter.com/1ZRR4H/status/1592906505363542016 http://185.191.228.227 18.231.179.202:65535 192.95.55.50:28322 192.95.55.50:45774 # Reference: https://twitter.com/Merlax_/status/1594862075897339904 http://192.95.6.196 # Reference: https://twitter.com/Merlax_/status/1594862079734857728 http://138.99.74.213 http://170.82.181.99 http://185.153.176.148 http://186.249.213.178 http://191.96.4.160 http://191.96.5.221 # Reference: https://twitter.com/Merlax_/status/1598875723602989056 http://138.99.74.21 http://186.249.213.225 # Reference: https://twitter.com/Merlax_/status/1603854200605184035 http://138.99.74.212 http://15.235.193.43 http://186.249.213.221 http://201.14.45.23 # Reference: https://twitter.com/Merlax_/status/1619666797879255041 http://149.56.91.172 http://177.73.101.138 http://186.249.213.39 http://188.121.116.157 http://52.67.94.240 http://54.221.142.212 http://89.223.88.138 54.221.142.212:28551 /eliteseguros/autorizar.php # Reference: https://twitter.com/Merlax_/status/1624239435033329665 http://20.68.30.50 maxfoxchatdestfalouro.com thylachatmarcamarketin.com minha-faturaecurit-vivoinforma.securitytactics.com # Reference: https://twitter.com/malwrhunterteam/status/1625055108273676293 # Reference: https://twitter.com/1ZRR4H/status/1625163730081263622 cortafogoempresarial.shop contratacao.blob.core.windows.net /calcaseroupasbr/qabzchxbp4pfpkr /calcaseroupasbr/ /qabzchxbp4pfpkr # Reference: https://twitter.com/petrovic082/status/1641357912361558017 # Reference: https://twitter.com/JAMESWT_MHT/status/1641367455300714496 # Reference: https://app.any.run/tasks/e38d130b-4e0b-4ea3-a540-33e88a766bed/ 4.204.223.50:4389 # Reference: https://twitter.com/StopMalvertisin/status/1653317890131763201 # Reference: https://www.virustotal.com/gui/file/079ee055b833a515f7fb0d5e7964ebf4f78457de7215f44e3d14a8a0b01a41fc/detection http://20.14.172.115 # Reference: https://twitter.com/Dkavalanche/status/1659931870807638017 # Reference: https://twitter.com/Merlax_/status/1659939922168496129 104.234.200.30:443 20.121.15.3:3894 factura-mail.hopp.to factura.hopp.to facturapdf.hopp.to facturaxml.hopp.to # Reference: https://twitter.com/Dkavalanche/status/1669440086776205345 15.228.233.242:9719 18.228.23.145:7969 18.230.134.37:14866 54.233.246.105:40881 54.233.246.105:9515 olikes.likes-pie.com ompimorpgsflofb.for-the.biz rolosoolgjosflofb.health-carereform.com # Reference: https://twitter.com/Ttargaryen1/status/1691555443875655949 # Reference: https://twitter.com/Ttargaryen1/status/1691556540606513248 # Reference: https://app.any.run/tasks/a7dbd8b8-87d6-47f3-b570-9e032c446bd7/ 18.229.123.232:41005 18.229.123.232:9519 18.231.112.86:9515 54.232.20.194:8815 bjejofphrsflrmm.merseine.com gbfhpspdljfsflrmm.mysecuritycamera.org projetosam.page.link rinafluvialytproducciones.australiasoutheast.cloudapp.azure.com rolosoolgjosflrmm.mysecuritycamera.org thantv.worse-than.tv /OnrlcTEc.xml # Reference: https://twitter.com/Ttargaryen1/status/1641133397325017088 # Reference: https://www.virustotal.com/gui/file/ad13b322af32b0966edc156beb9ca83d82a0bbc6c6cf49d10cc77ebdace76fa3/detection fastcomerciouniverso.com savanachatdelivery.northeurope.cloudapp.azure.com # Reference: https://twitter.com/James_inthe_box/status/1702061706028175853 # Reference: https://app.any.run/tasks/78d2c46f-2627-4b9b-89ed-e44c12362dee/ 18.231.102.112:4318 18.231.112.86:4318 18.229.136.62:157 18.229.136.62:26978 18.229.136.62:4317 soluttionacorreougr.westus3.cloudapp.azure.com # Reference: https://twitter.com/James_inthe_box/status/1706358071336096123 # Reference: https://app.any.run/tasks/d8906703-56da-446c-ad4c-a43c8885b666/ 177.71.234.117:4261 177.71.234.117:18451 /idgIzsnF.xml # Reference: https://www.virustotal.com/gui/file/3824b4153dfc569de86f3a1935423eb6035dc73974d06b41bea7b8aee00b37d1/detection # Reference: https://www.virustotal.com/gui/file/ff1c50b1292266ee0ee9c607397071c011ac45b557a48404c81e62cad6c4b195/detection 18.230.74.51:4318 18.230.74.51:4899 remember-and.forgot.her.name # Reference: https://twitter.com/Joseliyo_Jstnk/status/1722186209760350394 # Reference: https://www.virustotal.com/gui/file/0037802d70239004a03345d4f4519a25ae7fe733d762a0383db90fc317cb6193/detection nuestraseguridadmxgob.eastus2.cloudapp.azure.com # Reference: https://twitter.com/N4hualH/status/1725981871514030423 # Reference: https://tria.ge/231118-ayr51aga78/behavioral1 # Reference: https://www.virustotal.com/gui/file/3f84e3c84b232bf415e2306ff0a65b1a2b5bd61badb4228e16ba520e7c098f2b/detection http://62.113.116.144 http://62.113.119.202 # Reference: https://twitter.com/1ZRR4H/status/1728138606173188567 portalvisualizacionseguro.southafricanorth.cloudapp.azure.com # Reference: https://www.proofpoint.com/us/blog/threat-insight/copacabana-barcelona-cross-continental-threat-brazilian-banking-malware http://62.84.98.5 http://77.246.104.202 # Reference: https://twitter.com/Dkavalanche/status/1729582807666557143 cogfactmgsolucionesoinsaarme.eastus.cloudapp.azure.com # Reference: https://twitter.com/Dkavalanche/status/1729638073707696471 18.230.131.153:4318 jiniahfngggbggb.office-on-the.net # Reference: https://twitter.com/1ZRR4H/status/1729732946611851648 15.228.54.44:157 15.228.54.44:19661 15.228.54.44:4917 18.231.148.254:62169 # Reference: https://github.com/eset/malware-ioc/tree/master/grandoreiro # Reference: https://www.virustotal.com/gui/ip-address/185.228.72.38/relations # Reference: https://www.virustotal.com/gui/ip-address/167.114.138.249/relations # Reference: https://www.virustotal.com/gui/ip-address/20.151.89.252/relations # Reference: https://www.virustotal.com/gui/ip-address/66.70.160.251/relations # Reference: https://www.virustotal.com/gui/file/2c01734ff63d041a91d10acdb302ef4ffc400396e34140335e4faa2e3f002dbe/detection # Reference: https://www.virustotal.com/gui/file/305e220e1f1cb506c32bb509f246515e3cba7ec1dabae95298f358d26654bfa6/detection # Reference: https://www.virustotal.com/gui/file/0d5028f8c064b0eea4b7217bfedbfb91bb1c0f8968e7d970c7ed68d47936fb9a/detection http://178.20.45.23 http://62.84.100.225 http://88.210.12.135 http://91.142.72.194 http://50.114.32.81 50.114.32.81:2020 1254-santander.duckdns.org amadeos.no-ip.net atendimentoos.duckdns.org baiaknew.ddns.net f3kstab1uaoetjg.freedynamicdns.org f3kstbw0tjphtjk.freedynamicdns.org f3kstkk1wao2tar.freedynamicdns.org f3kstkk1wqo2tar.freedynamicdns.org ftpxtab1sqtltjg.freedynamicdns.org ftpxtaf1sjs4taj.freedynamicdns.org ftpxtar1ujtjtak.freedynamicdns.org ftpxtas1wzo2tbo.freedynamicdns.org ftpxtaw1xqs3tag.freedynamicdns.org ftpxtbo1uatltjk.freedynamicdns.org ftpxtbs0tzthtkw.freedynamicdns.org ftpxtbw0sathtjo.freedynamicdns.org ftpxtjf1sqo4tbf.freedynamicdns.org ftpxtjf1tqtitkb.freedynamicdns.org ftpxtjg0sas2taj.freedynamicdns.org ftpxtjn1tzoftjb.freedynamicdns.org ftpxtjw0sapktar.freedynamicdns.org ftpxtjw0xqpktbs.freedynamicdns.org ftpxtkk1sqo1tjw.freedynamicdns.org ftpxtko1wqoftjb.freedynamicdns.org ies2tbw0sas2taf.freedynamicdns.org j2xutar1xqtmtak.freedynamicdns.org j2xutbb0uas4tab.freedynamicdns.org j2xutbf0wqs5taf.freedynamicdns.org j2xutjb0xjpjtbs.freedynamicdns.org knsxtaj1wao1tjw.freedynamicdns.org knsxtaw1xqoetjj.freedynamicdns.org knsxtjk0sqs3tbw.freedynamicdns.org knsxtkk1sao4tbf.freedynamicdns.org ldaztao1sqtltag.freedynamicdns.org ldaztao1szo3tbk.freedynamicdns.org ldaztas1xatktjk.freedynamicdns.org ldaztjk0wzs3tbw.freedynamicdns.org ouvidoria.duckdns.org santander-br.duckdns.org santanderday.duckdns.org valtarga.ddns.net # Reference: https://twitter.com/Dkavalanche/status/1752425961876779408 # Reference: https://app.any.run/tasks/862f9c7e-213f-4351-ba06-b2f1de53de0c/ 15.229.116.173:18556 15.229.116.173:4917 # Reference: https://twitter.com/Merlax_/status/1752509628347216132 # Reference: https://app.any.run/tasks/1b25da9f-dd38-45ab-9137-aeae29464431/ 15.228.255.38:157 15.228.255.38:4917 15.228.255.38:50814 54.207.104.144:52256 # Reference: https://twitter.com/1ZRR4H/status/1755999160862482926 afipconsudeclaracioncontrib.westus3.cloudapp.azure.com buzntribtacion.italynorth.cloudapp.azure.com chwzfacservconsudigitales.switzerlandnorth.cloudapp.azure.com efacdigitalservonsultcris.westus3.cloudapp.azure.com eyedocservicioconserfec.westus3.cloudapp.azure.com lvetfacdigitalservconsultibsc.westus3.cloudapp.azure.com stoconecservstalcloudytz.westus3.cloudapp.azure.com sycleanservicioconsultc.swedencentral.cloudapp.azure.com sycleanservicioconsultcon.westus3.cloudapp.azure.com tocmacipd.australiaeast.cloudapp.azure.com upohfacdigitalservconsultiyun.swedencentral.cloudapp.azure.com wattservicioconsulcroncl.swedencentral.cloudapp.azure.com yunfacdigitalservconsultbls.swedencentral.cloudapp.azure.com # Reference: https://twitter.com/1ZRR4H/status/1755949113646981557 # Reference: https://www.virustotal.com/gui/ip-address/15.228.167.91/relations camerahousebusiness.dvrcam.info ctifacdigitservconsulentif.westus3.cloudapp.azure.com pcuippbjcopfoplfb.access.ly f3kstan1tas0tkk.freedynamicdns.org f3kstbw0tqsdtjn.freedynamicdns.org j2xutaf1xqo4tjk.freedynamicdns.org j2xutkk1wqpltjg.freedynamicdns.org ldaztaw1xqsztas.freedynamicdns.org ldaztjb0xao2tbk.freedynamicdns.org # Reference: https://twitter.com/seguridadyredes/status/1757675287137972595 # Reference: https://www.virustotal.com/gui/ip-address/198.50.222.174/relations # Reference: https://www.virustotal.com/gui/file/297b92d9c014268213e15ef7c1adde58879eff0c2c8d9239ebfaa49ef7f6ec65/detection http://198.50.222.174 a424b5e0045505b.zapto.org ftpxtbf0szo1taj.freedynamicdns.org /Scdfr5.zip # Reference: https://twitter.com/1ZRR4H/status/1757954866813563300 # Reference: https://twitter.com/voidm4p/status/1758102818236338393 # Reference: https://twitter.com/johnk3r/status/1760014996854247552 18.230.211.48:30657 18.230.211.48:4318 edrfacdigitservconsulospl.westus3.cloudapp.azure.com health.health-carereform.com icafacdigitservconsulgarc.swedencentral.cloudapp.azure.com /BFQcxLymGo.xml # Reference: https://twitter.com/V3n0mStrike/status/1773450543056257447 # Reference: https://twitter.com/pollo290987/status/1773504555763855426 18.228.118.198:34950 18.228.224.29:157 18.228.224.29:4317 18.228.224.29:55842 18.230.202.197:15375 aenfacdigitaclav.switzerlandnorth.cloudapp.azure.com aljfacdigitastr.norwayeast.cloudapp.azure.com efranfacdigitaanglur.norwayeast.cloudapp.azure.com hamfacdigitasto.swedencentral.cloudapp.azure.com kwifacdigitntca.switzerlandnorth.cloudapp.azure.com lsuppfacdigitafiscaligy.swedencentral.cloudapp.azure.com portabledocformat.uksouth.cloudapp.azure.com tplfacdigitaoperacion.switzerlandnorth.cloudapp.azure.com # Reference: https://twitter.com/naumovax/status/1778800582943269320 18.228.11.86:30916 18.228.11.86:4317 /bOAKHjDym.xml /edMvIyYJH.xml # Reference: https://gbhackers.com/grandoreiro-malware-outlook-phishing/ 15.228.49.78:55842 # Reference: https://x.com/johnk3r/status/1793852075689804027 # Reference: https://www.virustotal.com/gui/file/bd4f77fab5f0b23d7bdd4fc59eda4ea29888c049acbae9293b02ea9bb90c2947/detection # Reference: https://www.virustotal.com/gui/file/508292fd99403b21f547bf985b847c4db1445200d3c91989bdd19be7d65dbd03/detection http://45.61.149.27 # Reference: https://x.com/Merlax_/status/1790890717596024863 http://51.120.240.117 18.230.124.104:39054 18.230.186.145:36044 54.233.206.70:40817 /BNceD0ttGfG.txt /WaveEdgeNRzyoSecureSphereDevice.xml # Reference: https://x.com/johnk3r/status/1798142646936088678 # Reference: https://www.virustotal.com/gui/file/a8e34860b9d3e0b66504616984a17e2a3bb125bc11bad04e148dead9577b9954/detection http://172.86.77.40 http://45.61.154.19 # Reference: https://x.com/SeguInfo/status/1806796348122935529 # Reference: https://www.virustotal.com/gui/file/41a1c32b03fbeb3a59151896025b664224a625bf6bee2b44a333155e303fe874/detection facturas.duratex.com.mx # Reference: https://x.com/pollo290987/status/1828665738317406603 # Reference: https://www.virustotal.com/gui/ip-address/198.50.255.229/relations # Reference: https://www.virustotal.com/gui/file/f11e0cd1f8fcf1d24efe1067799e02536ca443521160bb28d8fcb12ec606bc15/detection # Reference: https://www.virustotal.com/gui/file/79bda3c6e152d6a0e585237fb8b3257937c7e0ad7f550c80af4ab6e0072d1000/detection # Reference: https://www.virustotal.com/gui/file/eb7c7d70847016dd873676e804d50f6b2818d1494a134cc78399478b0387a08b/detection # Reference: https://www.virustotal.com/gui/file/cc32bbf39f81bfb956fef4120cb3ca82b30eeda1538fea79ece3e3680892b9cf/detection # Reference: https://www.virustotal.com/gui/file/fe0a490eb6d5f3ade44edbc73017ea7c935fdda96ce52cac173f46f7a63c0a90/detection danfajuda.com downnloads.store fileondemandd.site nfeprefeituraspgovbr.com contador.danfajuda.com danffiles.000webhostapp.com pingservice.blogdns.com # Reference: https://app.validin.com/detail?find=e5e9ffdc2bf4df525b305986cdbffde7&type=hash&ref_id=abf72f595b4 sia-remote.dyndns.org sia1-remote.ddns.net # Reference: https://x.com/1ZRR4H/status/1828565987589042650 # Reference: https://www.virustotal.com/gui/file/0d153acd727616dc6fc34fe224a3b654b8a657a25edf7c98705d8deabe88a6d5/detection # Reference: https://www.virustotal.com/gui/file/132307f1c2b4dcc60e0bf0e350a4aeec4807af7fdf5c186ae5836d817e470746/detection # Reference: https://www.virustotal.com/gui/file/270e15f19715468d625c2ede1a9b4e63e78359100b1f9329bf77b333b1a1380a/detection # Reference: https://www.virustotal.com/gui/file/43718a5a982bf17107bc7f620ae709f796e65193ac07310120198b78e4046c7d/detection # Reference: https://www.virustotal.com/gui/file/a75287cc1412efff5df14e6e8a59cf38bdb3e2fbd60f19126671fe5493cee47b/detection http://147.45.116.5 http://206.183.128.95 http://45.61.160.61 http://88.218.61.240 http://91.142.75.196 http://94.103.87.4 # Reference: https://x.com/RacWatchin8872/status/1851765016845852735 # Reference: https://www.virustotal.com/gui/ip-address/193.149.129.241/relations # Reference: https://www.virustotal.com/gui/ip-address/31.214.157.102/relations # Reference: https://app.validin.com/detail?find=Descarga%20Iniciada&type=raw&ref_id=9b0ed851131#tab=host_pairs # Reference: https://www.virustotal.com/gui/file/ef282debde7f5233b34eabc2abfd24706b85f4943e3f4cbce3879cce1e8b28ad/detection # Reference: https://www.virustotal.com/gui/file/e8a7386e05f1531ce397516e56909b712a0a440545a24307091d97b623573421/detection # Reference: https://www.virustotal.com/gui/file/4a1711e860d6f53ea4edab36550407f5c9ac0ae5464f1cc4ac5be37e1e6d4673/detection # Reference: https://www.virustotal.com/gui/file/36fce44391fd2e8718210caf1330f6c7851164163d857e632f1f8cac70dd052a/detection # Reference: https://www.virustotal.com/gui/file/e0c97051934fd820ab4a35ca38e703db29f1fac09762e20947c0f53032646879/detection # Reference: https://www.virustotal.com/gui/file/fe9e543f230297999847066712a889d11086f9400897ad82bcb8c99e479786ff/detection # Reference: https://www.virustotal.com/gui/file/4c18cd37371d87890597d67b8df77c5c9b64f123f62d738519edecd32d6a8004/detection # Reference: https://www.virustotal.com/gui/file/1344ee19cf27b5bb9163baf8c59077d425c3872a77eaf4cf3facafd0d4796ecc/detection # Reference: https://www.virustotal.com/gui/file/c3eb39ac0ccb66ea217341a15febbb11017601aed5144455595c5a13e1073922/detection # Reference: https://www.virustotal.com/gui/file/9ee958f524098bd39e12f579ef1418d22f979740ee39d825e87618be92bbd41a/detection # Reference: https://www.virustotal.com/gui/file/8c50bc53dc72f15370999ece06798a6be2b7cc61347718afaeab395536440f95/detection # Reference: https://www.virustotal.com/gui/file/b2988af5c58ae32d7ff3e1afad0c52198639a2a7552a13565cf1c2ff01c601dc/detection http://109.234.39.156 http://185.212.47.111 http://147.45.116.7 http://195.85.115.208 http://45.11.180.77 http://70.34.247.142 http://78.138.9.153 http://80.77.23.10 http://80.77.23.221 185.212.47.111:443 acess.mailcffemx.com admin.nvisioncorp.com annadegismen.com appscfe.mailcffemx.com bytez.cloud clubhuh.com d1ce43581ba1b425.store descargassdownloadmx.pro down16mxcooommx.info download-archive.online download1003.info downloadaps.com downloadfactura.online downloadfactura.pro downloadfactura.site dvv46402458.servegame.com eglobalmxdown.online endesa.click file-download.bytez.cloud gbo5000.cloud hireprad-co-uk.nvisioncorp.com id924243883.gbo5000.cloud infopublic67.online m.nvisioncorp.com mailcffemx.com nguzxyb74hbis4.top nvisioncorp.com pko-download.kagyouth.co.ke sadalienhde.xyz seguro.clubhuh.com send-spaces.com send-space.womendevelopmentcentre.org serviemchile.cl space24hde.xyz stormseguridad.online stratorechung.serviemchile.cl stratorechung.supervivencias.cl supervivencias.cl suport.stormseguridad.online tighhbusu4hb3.top u-ua.cloud www1.u-ua.cloud /uploadmaisl.php # Reference: https://app.validin.com/detail?find=FactuDescarga&type=raw&ref_id=c0dc2e8de1d#tab=host_pairs (# 2024-12-17) factudescarga.com swiss24parler.net telegroupch.net bottest.factudescarga.com # Reference: https://app.validin.com/detail?find=Descarga%20Iniciada&type=raw#tab=host_pairs (# 2024-12-28) http://45.11.180.56 0ct0pu5.com alesia.cloud node.0ct0pu5.com herunterladen-spark.alesia.cloud # Reference: https://app.validin.com/detail?find=Descarga%20Iniciada&type=raw#tab=host_pairs (# 2025-01-17) http://185.158.251.74 kavrajassociates.com datei.kavrajassociates.com # Reference: https://x.com/Merlax_/status/1893073216400248974 18.220.143.143:30612 3.135.202.169:50112 # Reference: https://x.com/Dkavalanche/status/1894470031473275214 # Reference: https://app.any.run/tasks/384df9b8-e127-4dc7-bc7c-fb4fbd98fe68 13.40.6.93:157 13.40.6.93:21520 13.40.6.93:4626 # Reference: https://x.com/Dkavalanche/status/1895142243188494510 # Reference: https://app.any.run/tasks/020898be-4d19-4842-94fe-f0ad77a35d98 98.81.116.14:25164 98.81.116.14:6531 # Reference: https://x.com/V3n0mStrike/status/1897658338222932415 # Reference: https://app.any.run/tasks/d222d40c-d4b6-47a8-b9ea-061a22f218bf # Reference: https://www.virustotal.com/gui/file/d6bc76ad60a27011145809ec70aa0d58b9339b71fb81f7031238bf83147d13cd/detection 34.230.5.139:157 34.230.5.139:25194 34.230.5.139:5418 # Reference: https://x.com/anyrun_app/status/1905264946864140732 # Reference: https://app.any.run/tasks/02ea5d54-4060-4d51-9466-17983fc9f79e/ 54.226.106.181:157 54.226.106.181:20051 54.226.106.181:9417 vmi2511209.contaboserver.net /oqinZqigNleJi0PD0W/BHeBIAmX0HD0t.html /oqinZqigNleJi0PD0W/bLMsQNKhckI01I.png /oqinZqigNleJi0PD0W/fNMXRkuIgDS01Q.js /oqinZqigNleJi0PD0W/eFvgwoMQLrP05n.php /oqinZqigNleJi0PD0W/iRbTEgavP04u.php /oqinZqigNleJi0PD0W/yKwCeawQP06c.php /BHeBIAmX0HD0t.html /oqinZqigNleJi0PD0W/ /bLMsQNKhckI01I.png /fNMXRkuIgDS01Q.js /eFvgwoMQLrP05n.php /iRbTEgavP04u.php /yKwCeawQP06c.php # Reference: https://www.forcepoint.com/blog/x-labs/grandoreiro-trojan-targets-mexico-argentina-spain 18.212.216.95:42195 98.81.92.194:30154 vmi2492020.contaboserver.net vmi2500223.contaboserver.net vmi2511206.contaboserver.net vmi2511216.contaboserver.net vmi2526272.contaboserver.net vmi2527550.contaboserver.net vmi2529183.contaboserver.net # Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-04-11-v10903/2618 airforce1.mmafan.biz bayerischemotorenwerke.nflfan.org camsobservations.nhlfan.net flightradar.mymediapc.net mapfre.homesecuritypc.com marronfiveshows.serveexchange.com mercedesbenz.mysecuritycamera.net michaeljacksontribute.mmafan.biz renault.hosthampster.com simpsonsbartmovies.stufftoread.com # Reference: https://x.com/Merlax_/status/1969159566555324422 http://31.220.84.31 31.220.84.31:443 3.8.132.27:30516 thelordoftheringsbusiness.quicksytes.com vmi2815219.contaboserver.net # Reference: https://x.com/Merlax_/status/1971700135496503548 http://164.68.106.78 http://173.249.58.7 http://213.199.36.218 vmi2809039.contaboserver.net vmi2821758.contaboserver.net vmi2819229.contaboserver.net # Reference: https://x.com/g0njxa/status/1986753455092863241 # Reference: https://app.any.run/tasks/a2eb53ab-9039-4e02-bb73-27022e502c66 44.192.48.117:7432 techscalemaster.privatizehealthinsurance.net vmi2895604.contaboserver.net # Reference: https://x.com/g0njxa/status/1986806633314296195 # Reference: https://app.any.run/tasks/11127ec9-63f7-49eb-b2fd-a2452ac20329 3.238.96.208:5874 nextgenpass.hopto.me vmi2895023.contaboserver.net vmi2895024.contaboserver.net # Reference: https://x.com/Merlax_/status/1989438192974499912 http://161.97.146.16 http://161.97.151.178 http://173.212.247.115 http://173.249.23.150 http://185.209.229.151 http://185.215.167.177 http://194.163.141.191 http://194.163.151.247 http://194.163.155.135 http://213.199.61.222 http://38.242.210.133 http://62.84.178.107 http://62.84.178.124 http://84.247.168.170 3.234.208.143:45632 3.236.105.171:6215 34.226.202.119:34622 # Reference: https://x.com/g0njxa/status/2022341889119445060 # Reference: https://www.virustotal.com/gui/ip-address/54.94.0.249/relations # Reference: https://app.any.run/tasks/569098dc-5450-457e-be1f-dfbe23b3bdce 54.94.0.249:9479 nexarchive-p4.blogsyte.com resgatedepontos.ddns.net vmi3075729.contaboserver.net # Generic /Adkflgog30.iso /dyngcdnefn_03.iso /nivyjlzhdj_04.iso /nnkokysdggit.iso /obmkumjoxq_05.iso /ugqvhozczb_04.iso /yqcnfempzc.iso /ronivon.txt /BR01?NF-eBR102822MY91822BT1 /BR02?NF-eBR102822MY91822BT1 /BR01/?NF-eBR102822MY91822BT1 /BR02/?NF-eBR102822MY91822BT1 /?NF-eBR102822MY91822BT1