# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://seguranca-informatica.pt/targeting-portugal-a-new-trojan-lampion-has-spread-using-template-emails-from-the-portuguese-government-finance-tax/ http://100.26.189.49 http://18.219.52.4 # Reference: https://twitter.com/sirpedrotavares/status/1216016629835948032 http://18.217.136.142 # Reference: https://twitter.com/sirpedrotavares/status/1227957576047955971 http://13.59.112.88 # Reference: https://seguranca-informatica.pt/targeting-portugal-a-new-trojan-lampion-has-spread-using-template-emails-from-the-portuguese-government-finance-tax/ fucktheworld.s3.us-east-2.amazonaws.com nothingcanstopus.s3.us-east-2.amazonaws.com oiurx14x.s3.us-east-2.amazonaws.com sdghsuidhoidoghsdc19c.s3.us-east-2.amazonaws.com sdgsdbfabsfuhoiuhfosdpnfsdbc13c.s3.us-east-2.amazonaws.com vrau-x.s3.us-east-2.amazonaws.com # Reference: https://twitter.com/sirpedrotavares/status/1259980592009134082 # Reference: https://seguranca-informatica.pt/trojan-lampion-is-back-after-3-months/ http://108.61.181.207 # Reference: https://www.joesandbox.com/analysis/211091/0/html # Reference: https://www.virustotal.com/gui/file/f22f98a298133bc0498914ef99531ffa327e613886f311d5170dac93a0de617b/detection # Reference: https://www.virustotal.com/gui/file/f43316cb743dee5a90bc351c6b8b702390b9f6fad94caf2af858c01b9f05c85e/detection http://185.219.135.119 http://185.219.135.252 # Reference: https://securityaffairs.co/wordpress/105634/malware/new-release-lampion-trojan.html 5.188.9.28:9171 # Reference: https://twitter.com/pollo290987/status/1565249453468143618 aculpaedopt.s3.us-east-2.amazonaws.com # Reference: https://twitter.com/noexceptcpp/status/1615832526466990080 # Reference: https://twitter.com/tosscoinwitcher/status/1615852040621813766 # Reference: https://tria.ge/230118-256qhsha8w/behavioral1 http://5.199.162.122 anydeskkapdo.info casadosoftware.net wwwwanydesky.com # Reference: https://twitter.com/DonPasci/status/1635306470811238400 # Reference: https://twitter.com/DonPasci/status/1635308925762543616 # Reference: https://tria.ge/230313-ssrw6ada5t/behavioral2 # Reference: https://www.joesandbox.com/analysis/825605?idtype=analysisid#iocs # Reference: https://www.virustotal.com/gui/file/25884495d9c27c8b120bfab40bd28b7f5255b4916c54c7fb74a90dd8000bf44e/detection # Reference: https://www.virustotal.com/gui/file/fbcc321f10e8ed9fbda3e9d9ce6cc03ad1fa3c83578a2b22ec7f6fd853412750/detection # Reference: https://www.virustotal.com/gui/file/cb6901ccc6c51ab46b327eb44c5dc7cc597e38c89a7584177e58d5d0f26fe45f/detection http://103.117.141.91 anydeskremote.shop downloadanydesk.info /conta1/vem.php /conta2/vem.php # Reference: https://x.com/lontze7/status/1798242969579057536 # Reference: https://www.virustotal.com/gui/file/0a88eb89cc1c01986d06fceaf26a8a681e91d27737046194222aa71bb051cbe6/detection http://103.117.141.64 app.massgra.online ativar.gotdns.ch chwinupdatewin22.ddns.net gomesnetgingsm45.ddns.net key-office.ddns.net masgraves.ddns.net massgra.site massgravess.ddns.net mywinappup08.ddns.net offikey.ddns.net servidorwhm.shop update-pdfadobe202419.sytes.net windoactveeendsdki.servehttp.com # Reference: https://x.com/smica83/status/1966107477084115364 # Reference: https://x.com/blackorbird/status/1983554153634033777 # Reference: https://www.bitsight.com/blog/brazil-love-new-tactics-lampion # Reference: https://www.virustotal.com/gui/file/f923b0328ee554f561786ad191bde6e3feb41f60264448607c76ff472506a056/detection # Reference: https://www.virustotal.com/gui/file/0f97e480b161a69d5be0757297610f157fdb35616fa787486bac051313995e21/detection # Reference: https://www.virustotal.com/gui/file/28b63bdf38debd7a2157a5fa14496c6030d200a1bed6b575e12650b0e78a61f7/detection # Reference: https://www.virustotal.com/gui/file/39ad440793031f3940b78de07db91b1939829146f2680215a0f223d761144bc1/detection # Reference: https://www.virustotal.com/gui/file/43ae7ceeffbfdad00a0403ca7d158ca3fee63850dc9f07cdde9c3c30113eebf8/detection # Reference: https://www.virustotal.com/gui/file/47d71b3cb701dedb904ddf3982a11f25efd4ad1f34fb5afe740255751c9a2f0f/detection # Reference: https://www.virustotal.com/gui/file/486935a47fbbff02ae9796a73029c60430515bd1aba17f1e54144279a2134bf6/detection # Reference: https://www.virustotal.com/gui/file/4a37dc314cbab306d03c7309ba082ad82c868aac5ecc1318c2e9507320fdd409/detection # Reference: https://www.virustotal.com/gui/file/4c510bf711c34e51e0cfffc57bedd6b59245e94db15b4bd4b4fb4cbd6d24f53f/detection # Reference: https://www.virustotal.com/gui/file/71bd115560ff11f812f43054bf0a09a6a5eaf326fa0f274ef7653c2a4d976f89/detection # Reference: https://www.virustotal.com/gui/file/f762996390fe28608b7cba99639e1988579222c7faed04a53824f10f1f51fe12/detection # Reference: https://www.virustotal.com/gui/file/ee133d2b90ff4232d44aec26dd1638d258f0dd8e51e92c99fe2e809b185ab5c4/detection # Reference: https://www.virustotal.com/gui/file/e7e77f74b464a0e4ca55c77898099b3053e1223ca5779cc747a837054cbee1aa/detection # Reference: https://www.virustotal.com/gui/file/e62403cc687e624d63c1f0ea3a160f2a3998bd2cd444785d6dd3c909f48a4850/detection # Reference: https://www.virustotal.com/gui/file/e44a989cd9baaf1e8910e9444bbf0177d9a6dc60edbd35952b36de1fc87ef5b5/detection # Reference: https://www.virustotal.com/gui/file/dd2bc1e19068d6e6a44bfdf4ff683e04c174029edc153802aff52e2f3c41e2e0/detection # Reference: https://www.virustotal.com/gui/file/d8a72b9089870f33c2fd99b2d8360f194325ef3ab3d8364890bbe763b1f0c248/detection # Reference: https://www.virustotal.com/gui/file/d7baaf973cc81dcf44ece7951c0cca434b72721ea5fcc1ce4c9640b19254c072/detection # Reference: https://www.virustotal.com/gui/file/cc3836043b8d93f786c3ed24de56e049083439642195a5f4426e9b9dd737b289/detection # Reference: https://www.virustotal.com/gui/file/c95a23327088470145080ba1be35c14cd4bfa2d47390fb2ab1e5d1be725ad4f3/detection # Reference: https://www.virustotal.com/gui/file/b96f45b26450c7afdae07f66f71f84c09b61b4e20af02f9d0e13923cb3536254/detection # Reference: https://www.virustotal.com/gui/file/9a4f32591e1e887ddaf2f9765769f4f15a3e17821a2fb34d61bc6e272b7d5989/detection # Reference: https://www.virustotal.com/gui/file/76c981c7dd88c647dabe6fca780ef6dfa2419f949b5e7be6636be1a74f1c90ca/detection # Reference: https://www.virustotal.com/gui/file/757c49b2496acf938d5b69c2dc1223ea7030063ed239c9fca492fec6b02e4a27/detection # Reference: https://www.virustotal.com/gui/file/754e5a0ba5a031d63600495adbe3bb72fe49ba5cf1c19414d6c56877170f7bb8/detection # Reference: https://www.virustotal.com/gui/file/7082f7a3fa388f56addad6f44b9dcee2f613017e57186e1aa3a55cdf24e42b3e/detection # Reference: https://www.virustotal.com/gui/file/6ef5b898d95e96415ff8159c495d802d9b47b5a9726f0a3b1d2e0ffa12594241/detection # Reference: https://www.virustotal.com/gui/file/5f185ba431e3a8037f78d77884dc5112d7c32d4955f82c184030260e0d01fed0/detection # Reference: https://www.virustotal.com/gui/file/334dfbaefbf7e6301d2385f95d861eb6dae9018c48fb298a2cbf5f364fbcdb2d/detection # Reference: https://www.virustotal.com/gui/file/2141d5521dbf28c3dcbfa25d9639d56949e1a6ebaac19ee9c5c0b02b7da0c1de/detection # Reference: https://www.virustotal.com/gui/file/1681c3b88ed315543ac1bf07d258d560cf2f85bfd26c10471d71700eaeb57fb3/detection # Reference: https://www.virustotal.com/gui/file/11de5317e59464ef9f8a92b41502b4931adc66aa8c61babe7a9b0983ec42ec9e/detection # Reference: https://www.virustotal.com/gui/file/08eb58f939cf8e741426b38e23b71ea06cf0a968b1884d5a34a722280d4034dd/detection http://16.171.23.221 http://18.116.63.61 http://18.118.151.132 http://18.191.234.137 http://18.216.19.212 http://18.216.206.166 http://18.217.122.187 http://18.219.75.181 http://18.216.78.94 http://18.226.150.56 http://18.216.229.168 http://3.12.155.9 http://3.128.172.139 http://3.133.160.140 http://3.138.101.180 http://3.138.36.108 http://3.141.44.186 http://3.142.40.36 http://3.143.108.123 http://3.144.37.134 http://3.145.157.180 http://3.17.187.152 http://34.238.115.205 http://44.203.132.140 http://44.204.79.28 http://54.147.44.233 http://83.242.96.159 at-portal-das-financas.com at-portaldasfinancas-pt.com at-portaldasfinancas-pt.org at-portaldasfinancas.com at-portaldasfinancas.org atportal-das-financas.com autoridade-tributaria-gov.com autoridade-tributaria-pt.com autoridade-tributaria-pt.org autoridade-tributaria.com autoridade-tributaria.org autoridadetributaria-pt.org autoridadetributaria.org comprovativos-amazon.s3.us-east-2.amazonaws.com doc-fat.s3.us-east-2.amazonaws.com factura-12.s3.us-east-2.amazonaws.com fat-dezembro1.s3.us-east-2.amazonaws.com fat-doc-online.com inde-faturas.com indebt-faturas.com ld-05-07-zxjhvjds-p.s3.us-east-2.amazonaws.com ld-18-06-jnxbdf-g.s3.us-east-2.amazonaws.com ld-2403-p.s3.us-east-2.amazonaws.com ld-25-06-jbasdfiu-p.s3.us-east-2.amazonaws.com ld-bsjdiwer-30-06.s3.us-east-2.amazonaws.com ld-dsbjnfgiw-14-07-p.s3.us-east-2.amazonaws.com ld-g-06-10-nfdsgsjhk.s3.us-east-2.amazonaws.com ld-g-23-10-hsdiwbep.s3.us-east-2.amazonaws.com ld-sbdgosew-20-07-p.s3.us-east-2.amazonaws.com ld-sbdjiepd-09-06-g.s3.us-east-2.amazonaws.com ld-sdhgsoe-03-07-p.s3.us-east-2.amazonaws.com ld-sdiend-11-02-g.s3.us-east-2.amazonaws.com ld-sdknei-30-06-p.s3.us-east-2.amazonaws.com ld-sdknlwies-28-07-p.s3.us-east-2.amazonaws.com ld-sndwoe-18-06-p.s3.us-east-2.amazonaws.com ld-uiwesdlei-23-07-g.s3.us-east-2.amazonaws.com lg-1002-g.s3.us-east-2.amazonaws.com likeg.s3.us-east-2.amazonaws.com portal-das-financas-at.com portal-das-financas-pt.com portal-das-financas-pt.org portal-das-financas.org portaldasfinancas-at.com portaldasfinancas-pt.org portaldasfinancas.org # Generic /PediuPraPostarPostou.php /PostaEstaBosta.php /PostaEstaMerda.php /PostaEstaPorra.php /VaiPostaProPai.php /PT/painel.php /PT/painelADM.php