ioc[.]one - OSINT Cyber Threat Intelligence Database

malware-ioc/janeleiro at master · eset/malware-ioc

Tags

attack-pattern:

Data Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001

Show in Graph

Common Information

Type	Value
UUID	edc4eaeb-a038-4f71-863c-e730ca26ea25
Fingerprint	8b915eafd9ea96b3
Analysis status	DONE
Considered CTI value	0
Text language
Published	Jan. 1, 2022, midnight
Added to db	Sept. 11, 2022, 12:37 p.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline	Janeleiro, the time traveler — Indicators of Compromise
Title	malware-ioc/janeleiro at master · eset/malware-ioc
Detected Hints/Tags/Attributes	14/1/47

Source URLs

	Redirection	Url
Details	Source	https://github.com/eset/malware-ioc/tree/master/janeleiro

URL Provider

Details	Provider	Source level domain
Details	github.com	github.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	recuperaglobaldanfeonline.eastus.cloudapp.azure.com
Details	Domain	2	protocolo-faturamento-servico.brazilsouth.cloudapp.azure.com
Details	Domain	2	acessoriapremierfantasiafaturas.eastus.cloudapp.azure.com
Details	Domain	2	portalrotulosfechamento.eastus.cloudapp.azure.com
Details	Domain	2	servicosemitidosglobalnfe.southcentralus.cloudapp.azure.com
Details	Domain	2	emissaocomprovanteatrasado.eastus.cloudapp.azure.com
Details	Domain	2	emitidasfaturasfevereiro.brazilsouth.cloudapp.azure.com
Details	Domain	2	dinamicoscontratosvencidos.brazilsouth.cloudapp.azure.com
Details	Domain	2	arquivosemitidoscomsucesso.eastus.cloudapp.azure.com
Details	Domain	2	fatura-digital-arquiv-lo.brazilsouth.cloudapp.azure.com
Details	Domain	2	nota-eletronica-servicos.brazilsouth.cloudapp.azure.com
Details	Domain	2	eletronicadanfe.brazilsouth.cloudapp.azure.com
Details	Domain	2	tasoofile.us-east-1.elasticbeanstalk.com
Details	Domain	2	slkvemnemim.us-east-1.elasticbeanstalk.com
Details	Domain	2	checa-env.cf3tefmhmr.eu-north-1.elasticbeanstalk.com
Details	Domain	2	comunicador.duckdns.org
Details	File	5	console.exe
Details	File	2	loaddllmsi.dll
Details	File	18	system.log
Details	File	2	ins.ini
Details	File	2	tial.dll
Details	File	2	modules.ini
Details	File	2	nfedown.php
Details	File	2	ins.dll
Details	File	3	checkuser.php
Details	File	1206	index.php
Details	IPv4	2	52.204.58.11
Details	IPv4	2	35.174.60.172
Details	IPv4	2	178.79.178.203
Details	IPv4	2	138.197.101.4
Details	Url	2	https://recuperaglobaldanfeonline.eastus.cloudapp.azure.com/nfedown.php?dw=
Details	Url	2	https://protocolo-faturamento-servico.brazilsouth.cloudapp.azure.com/nfedown.php?dw=
Details	Url	2	https://acessoriapremierfantasiafaturas.eastus.cloudapp.azure.com/nfedown.php?dw=
Details	Url	2	https://portalrotulosfechamento.eastus.cloudapp.azure.com/nfedown.php?dw=
Details	Url	2	https://servicosemitidosglobalnfe.southcentralus.cloudapp.azure.com/nfedown.php?dw=
Details	Url	2	https://emissaocomprovanteatrasado.eastus.cloudapp.azure.com/nfedown.php?dw=
Details	Url	2	https://emitidasfaturasfevereiro.brazilsouth.cloudapp.azure.com/nfedown.php?dw=
Details	Url	2	https://dinamicoscontratosvencidos.brazilsouth.cloudapp.azure.com/nfedown.php?dw=
Details	Url	2	https://arquivosemitidoscomsucesso.eastus.cloudapp.azure.com/nfedown.php?dw=
Details	Url	2	https://fatura-digital-arquiv-lo.brazilsouth.cloudapp.azure.com/nfedown.php?dw=
Details	Url	2	https://nota-eletronica-servicos.brazilsouth.cloudapp.azure.com/nfedown.php?dw=
Details	Url	2	https://eletronicadanfe.brazilsouth.cloudapp.azure.com/nfedown.php?dw=
Details	Url	2	http://tasoofile.us-east-1.elasticbeanstalk.com/count
Details	Url	2	http://slkvemnemim.us-east-1.elasticbeanstalk.com/count
Details	Url	2	http://checa-env.cf3tefmhmr.eu-north-1.elasticbeanstalk.com/cnt
Details	Url	2	http://comunicador.duckdns.org/catalista/emails/checkuser.php
Details	Url	2	http://comunicador.duckdns.org/catalista/lixo/index.php