# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: apt36, apt-c-36, blind eagle

# Reference: https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/

mentes.publicvm.com
medicosco.publicvm.com
ceosas.linkpc.net
ceoempresarialsas.com
ceoseguros.com
diangovcomuiscia.com
ismaboli.com

# Reference: https://twitter.com/HONKONE_K/status/1145536069435195392

medicosempresa.com

# Reference: https://twitter.com/1ZRR4H/status/1503572957595111427
# Reference: https://tria.ge/220314-3qe5padgh2

181.131.217.174:2050
febenvi.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ebbc37e280f15408a2ff17bec1151cc64d151e20c1e59209a76b9eb3944d6704/detection

181.130.5.112:33889
defenderav.con-ip.com

# Reference: https://twitter.com/th3_protoCOL/status/1517144901871235072
# Reference: https://www.virustotal.com/gui/domain/polycomusa.com/community
# Reference: https://www.virustotal.com/gui/file/13e36170821628f9097862556e42cbed5f1cccc6897405fc7edc8ae914675bf4/detection

polycomusa.com
ajaxcoder.polycomusa.com
axu87794.polycomusa.com
giraffebear.polycomusa.com
hellmagers.polycomusa.com
host-rami.polycomusa.com
mega.polycomusa.com
sainth.polycomusa.com
sanctuary.polycomusa.com
sicariop.polycomusa.com
smakaf1.polycomusa.com
therussian.polycomusa.com
yty0do.polycomusa.com
zhost.polycomusa.com
zvoracle.polycomusa.com
/hAkDVgKdlfL7jcn/

# Reference: https://www.virustotal.com/gui/file/378e01925608bcd74544a5b5536c20a0007eb255e145370df228bb004aa59de2/detection

103.151.124.233:666

# Reference: https://www.virustotal.com/gui/file/f964f108f661de1c15e3cedee074cf1617ce02f85eb7e8613077f9ed95c4b37d/detection

45.147.231.85:12632

# Reference: https://www.virustotal.com/gui/file/e81baa5e7bf0fe2ebeb07983e71d05d09698e567d9bcaf17176e631156d01c60/detection

181.130.9.145:6525
marzo72022.con-ip.com

# Reference: https://www.virustotal.com/gui/file/95eb3d6f61d5082bee11ea47a7c90c0dcdc18af71985276ab56f648dcc549d87/detection

2.56.59.208:7075

# Reference: https://www.virustotal.com/gui/file/8c2215d43e7cd77c90a424ca6c81c1b94acf01eaecbb048447e171ebef0c2dfd/detection

2.56.57.27:8080

# Reference: https://www.virustotal.com/gui/file/8b437a76538722dc4535cbf3180005eb973caa6e9be13c6d3852fed1789960a0/detection

181.130.9.145:6522
enero2022.con-ip.com

# Reference: https://www.virustotal.com/gui/file/80e498268b8be964d5a74ca226218b17cb7a28a8929e70e2d2c3aed768e6308c/detection

62.197.136.252:1655

# Reference: https://research.checkpoint.com/2023/blindeagle-targeting-ecuador-with-sharpened-tools/

upxsystems.com
laminascol.linkpc.net
systemwin.linkpc.net
