Grandoreiro
· Published 21/12/2025 03:03 · Modified 21/12/2025 03:03
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 03:03
- Modified
- 21/12/2025 03:03
- Updated at
- 21/12/2025 03:03
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 3 reports, 61 attack patterns (mitre), 3 malware, 1 sectors, 12 countries, 123 indicators
Description
No description.
Marking (TLP)
TLP:GREEN
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (3)
-
18 MITREs 1 Malware 1 APTPublished 04/04/2025 19:54 · Modified 07/04/2025 08:05
-
19 MITREs 1 Malware 1 APTPublished 22/10/2024 23:35 · Modified 23/10/2024 08:49
-
18 MITREs 1 Malware 18 Observables 1 APTPublished 20/05/2024 09:40 · Modified 20/05/2024 10:05
Attack patterns (MITRE) (61)
-
T1568 usesDynamic Resolution
-
T1185 usesBrowser Session Hijacking
-
T1033 usesSystem Owner/User Discovery
-
T1574.001 usesDLL
-
T1057 usesProcess Discovery
-
T1041 usesExfiltration Over C2 Channel
-
T1204.002 usesMalicious File
-
T1573.001 usesSymmetric Cryptography
-
T1107 uses
-
T1056.002 usesGUI Input Capture
-
T1568.002 usesDomain Generation Algorithms
-
T1102 usesWeb Service
-
T1518.001 usesSecurity Software Discovery
-
T1010 usesApplication Window Discovery
-
T1071 usesApplication Layer Protocol
-
T1055 usesProcess Injection
-
T1119 usesAutomated Collection
-
T1012 usesQuery Registry
-
T1219 usesRemote Access Tools
-
T1112 usesModify Registry
-
T1595 usesActive Scanning
-
T1027.001 usesBinary Padding
-
T1090 usesProxy
-
T1059.007 usesJavaScript
-
T1543 usesCreate or Modify System Process
-
T1036 usesMasquerading
-
T1223 uses
-
T1059 usesCommand and Scripting Interpreter
-
T1553 usesSubvert Trust Controls
-
T1573 usesEncrypted Channel
-
T1056 usesInput Capture
-
T1204 usesUser Execution
-
T1132.002 usesNon-Standard Encoding
-
T1027 usesObfuscated Files or Information
-
T1078 usesValid Accounts
-
T1140 usesDeobfuscate/Decode Files or Information
-
T1587.001 usesMalware
-
T1497 usesVirtualization/Sandbox Evasion
-
T1082 usesSystem Information Discovery
-
T1574 usesHijack Execution Flow
-
T1583 usesAcquire Infrastructure
-
T1020 usesAutomated Exfiltration
-
T1127 usesTrusted Developer Utilities Proxy Execution
-
T1016 usesSystem Network Configuration Discovery
-
T1105 usesIngress Tool Transfer
-
T1056.001 usesKeylogging
-
T1059.005 usesVisual Basic
-
T1588 usesObtain Capabilities
-
T1218.007 usesMsiexec
-
T1132 usesData Encoding
-
T1083 usesFile and Directory Discovery
-
T1114.001 usesLocal Email Collection
-
T1567 usesExfiltration Over Web Service
-
T1529 usesSystem Shutdown/Reboot
-
T1571 usesNon-Standard Port
-
T1122 uses
-
T1566 usesPhishing
-
T1547.001 usesRegistry Run Keys / Startup Folder
-
T1070 usesIndicator Removal
-
T1053 usesScheduled Task/Job
-
T1547 usesBoot or Logon Autostart Execution
Malware (3)
-
Mekotio usesFamilyPublished 19/05/2026 22:26 · Modified 19/05/2026 22:26
- Vadokrist
-
Grandoreiro - S0531 usesFamilyPublished 19/05/2026 22:26 · Modified 19/05/2026 22:26
Sectors (1)
- Finance targets
Countries (12)
- Peru targets
- Chile targets
- Brazil targets
- Spain targets
- Argentina targets
- Italy targets
- Mexico targets
- South Africa targets
- Costa Rica targets
- Netherlands targets
- Japan targets
- Colombia targets
Indicators (123)
-
2a96cf4e7d0bf873760e8082b426f9e1197109c70027cd688453de566fe35851indicates -
da320410b5407d29f8a150e5e598b1181fa3a4238e20e9eec4f5048ce050e43dindicates -
35fab0249511025af18f2bf33a29bf2be23507c9c5000f9b5fa26cd57ac5bffbindicates -
193feb2a4e26c12f4bb4f00faf92eff926fd4fd4aa27a7e3dfac1858f1b1ff6dindicates -
d9df41225ae908270b11f51d92d740cbfc70209179f945ade83cee7d4c523ea8indicates -
8a651d9942c7a2ffd18061cbd2beb0270fa75fce4d843732f3a7e04aa7f066edindicates -
6b117f8bc5a27e4f7cf48d0302c715a8f08e77fe87626fe1121bc97a699c125aindicates -
70f44232131fe4bfa584a4fe801e060bd5cec7c8c7c62f77ae077561e75c057dindicates -
0b85af6d9a84e4253923f7f79b7ffec7d3050a91830a3f826f1b7bda13fb7327indicates -
adcb591f08f0fea634d248d2e631c93c65f7ba03bb95fd614bda1e5fa95ae140indicates -
3767b4501f767e5b7ae41602c28254bc3a57d6db26d94e588932248d8b61cd5dindicates -
e57bdfa8dcd5d8d67636dc3a0f8b64b30887d740c45dfe06952f068276305154indicates -
7b671eb157d4126f8818ea2cba39ecf7922acddbfe213a190b393023befdeffdindicates -
96c5f31b62af94896fd7aa7dfee7e2a13c7d75bf046b3e9a174feed99bef94cbindicates -
31f1ea68dcebd08db98383579d33a46fcf55026fbb73a0bc8a69ed28e48d9cfeindicates -
1c45b6066c93e1ae03292655d558e1ca828f4c43e1af2c1a9be6663d8c21f7f5indicates -
fe83c4c52bc751b0711e7064056f0a3350d396efd164f3e2a9b01e4984c30418indicates -
a0bfbb40f4b6e6fa275b693205c67e338657c7589af5415716500a0b2f588473indicates -
d80760d920950c10c90b2f8cab9f206e7225a71e1618bdd2a6d3e357c22fbc5eindicates -
84572c0de71bce332eb9fa03fd342433263ad0c4f95dd3acd86d1207fa7d23f0indicates -
29f19d9cd8fe38081a2fde66fb2e1eff33c4d4b5714ef5cada5cc76ec09bf2faindicates -
77c0dc05bf0882145ed320dc2906c0dd5efa766dbaeacf7c74f05c0472dec4a1indicates -
623ea30efd9c21026f1a4d3c4eee67bf489effc5bf7f50b331a06e1f164da6e9indicates -
b050e84ec408e43bae67a4624f95b1594022e79c7a8ee745dd7d36ed2eb2a397indicates -
373087927e758931052139a07294365ac4392809a2e786a3141a728bf0366b3eindicates -
b1554dfaa8f402f5c96c3a0cc8f99198fe68019c55e162c96e983b3bea5e47d2indicates -
f8f2c7020b2d38c806b5911acb373578cbd69612cbe7f21f172550f4b5d02fdbindicates -
c688682c5f0e3c920f03cf84fab6d407b345000ee17380f8a8669d2f08ae11e4indicates -
89e907f3a48b3e837547e01d0528ef106aa38bb4ce287e2cf927dc98a39f5501indicates -
e4f6626a4bd1f26486fa3c94691b5ce73d477517059363dc231b6f90a8be2874indicates -
edad942ce90dc32a2f87a8b365e8a3ba409d663331df20fca37cf0ff1e51d42eindicates -
05bc91c076049c1cedbd9f742cb168b0b951521ebac660822786fab6830e92b3indicates -
b4152dd07bb8ce7786c3af03b24f55eda307e2bb1901d688678fc2fd91fbf680indicates -
e8a1e561faaa41fab3b4490b92327998541b9e225a616132c4eaf5f1902d48a9indicates -
pjohconstruccionescpaz.comindicates -
0ce57b80d84893e790f9f10fa717fb324e0950f3ce25fd36b944c547a6f3f1c1indicates -
rufnag.comindicates -
01194208095f4d6945a080583cfab1751124c624a57512c32cfdf7fdb696ff39indicates -
73b913c046150aeaaf1f3308b7e37fba4fa3b5d792c5dbb8c5890e908b290bd0indicates -
michaeljacksontribute.mmafan.bizindicates -
b6ccdb7fd20102480ca77a925b46f880ddd7c53a5094b7e48e9bd27afad51fbeindicates -
af42a4172bb41d6b504b433e19ed4ef4d30b639ed7d2cec592982a51678b8e1cindicates -
d440486c79a80fba7a8472298c3fda7e5866b63ed67871c4864040f3384a541eindicates -
0da07060be36789488086e9c09fcf2dc0df6da4ffa1171b3da9cb8d366cf6ac3indicates -
028a9732e10b240d511eaafdd0deef526647c66abb2101a924f1311079023c5bindicates -
7913c40a5a616b15a4e89375bd084508d066ca47fd7553fa1a0a99128e09e5a4indicates -
4bddf4a85a59b41ae693bec7995281f56ba4daf927191bc09a3a4579ffe96630indicates -
mapfre.homesecuritypc.comindicates -
97535f4957224ab823fa9ea33852f7913e4de4455f1a02547dbdabafc1d30117indicates -
526a9ceaff2ee12ea7cd6c1ec0c9ef31a9f5c7ec6a65fab66114826d43920f77indicates -
spy.grandoreiro.bmindicates -
ba1db0cd812e3996917a5d53fca6100d97747e691192257e551c51801be6fb07indicates -
401960841f1fe7ce21b6fdadac696d5c350e963560f5038ff02958b364e1b6d6indicates -
dc86ef1d816d9e59e47f7c4c663eccc9959a58001128f833230c550c043e8b51indicates -
c6708cad7ee1bf37f657dc57b331fe56b551205f9465f1002bcbf36a649a78bcindicates -
ca219abfd00bca589699613004fea91105be3b59c941fce7029c38ed6055e407indicates -
4a71a5f71bfc9c8afbe5a5346bcee5d798ff1200bcb33f410082768a44c96ce7indicates -
6781fd694160090ee43c11d0b29d94dc84b8c399e610d4947fafde5c9744cd57indicates -
245cfab9d4f55115663456493d11ca4449c00e1866f2efcad9b3b056ac30fd96indicates -
67ff327124e9197224f027f381640d10b89a23605276f9840c388622982b9492indicates -
a48956714ad8e26b407eb684521ceb3052488fba956119583ec948483f3dce2eindicates -
03c813f6416ddbda74aa1eb10b3314bcf614be8ca62405b680fbb84bbedbc640indicates -
afa5fd76d35dd641148a38eb8ccd5260696566c27cf42f980bf933012fd53f0bindicates -
f6ff943fbb0244a8a943fab6dae7e990f12b23f3eb9c2aadec7b531faf070ec9indicates -
e4a8ee5db0fb4af10ba873f85bc75122956c50fa41b9fc68d07052e16048cce0indicates -
5a048decf04b6961fda70dd97fb35bbc87a737c83167159efb67f51af67988eaindicates -
2a470979ac47339885b08cee096fb4896ea1b1bfccc80d19e19c9a61e546fc6dindicates -
0c76553235c38d616f08cea0e23023bdd8c3b50e553e30273c7de2ec09d48a32indicates -
e1b8314e9a34326d2fe4b0764def77076cac41e3affa58784d0a96b3497a4499indicates -
32ad908a32fcb319fb228b9a73f64d691716660281e40d27f432aaddf4566008indicates -
def88a0ce4de231415c91131a9e47583e0197d1367b026966230852d9bb24f47indicates -
9330f7fa5d7cc25c0b61ab0385fed96f0fdb93418ed6befb488fe616c4b1a2f7indicates -
marronfiveshows.serveexchange.comindicates -
22f95266c3e7ff1987ea5bba815c294b424f039261aa85b397e1326ee8d627eeindicates -
a4cf0d16e83b5b9cdca99d0423488a46e5181b5377b8dc39d8d94d80e2c77e60indicates -
9691f4b9c935f0452d409cf755f3ddad343d8695316f8da9595b64dd32181a04indicates -
4f4dca0efaedeedb9ae9289770bd0e865b2cd3fb91eadce041590a2f3c09524eindicates -
4fba83a8bba564da0bd08f9c120d43694cb5c25657b558a9de440426fffb0cc4indicates -
c2426555fff31e2b13ca3e33d2c43f1ba63dc73bb1f35a350a7cdfc983c2dff3indicates -
df9a099b6e5fe8b847a41d1c36a271aad63bd15b120cef38fefb6e068a0e5f55indicates -
ca0e531114a9f606966e37cc0f3332f891bd7f360b79e3ece8fe392fa7d0a13findicates -
26121c26958e8018deb4b2ad3fa10ef6485787d9ad56a0de5fafda89d5efef4findicates -
9c99747edf4d3e14fd6d9634d70429cbf2f02c6134db4a2ccfce33e604b04bb4indicates -
05e6706fe3d060dfc1fd480cefd5726caea3e33f4730f339646684af9c279d61indicates -
b7df1e956eb9c7f7f7f3db05717b276caba722a158ea01fbaeafac69b078bb0aindicates -
2ab8c3a1a7fe14a49084fbf42bbdd04d6379e6ae2c74d801616e2b9cf8c8519cindicates -
78cc0600c65d3556d5897ec90f08bb062782aa8e0b6fef869ad8eacb90ee5fceindicates -
68f92ec77258d0a3d4570d4b70a2743cbe99f64329488c518e05414c54ab2c3aindicates -
c90c4822a1ada276a92ae92ac2c9e5e5a2241ef0e1955d472e82244b05de7b40indicates -
f4c7fb8ac578446e41722c236c3a123dcac599a440c69e46595e01fc4f204f47indicates -
ca7790976ec18a6d9d9fa65d09c933944f5a11ad28afbc5518c3d2880c3f9076indicates -
f8a99695a5e74844e5e8c75e87803efc76aa8d57640cf6fa712b5d03c64fea38indicates -
489cbf0ed2df2871d265b72e049240dbb6af527f46fd8a75056cbaf5dd2426ffindicates -
ca040852f6b973f8846f6cca00a60abb264a46c459d5290be3e2206f6d80690aindicates -
mercedesbenz.mysecuritycamera.netindicates -
d23577500aa01105387eee9d1354a5a2830932c7fb801c72aa6df37d78ee1c8aindicates -
[email protected]indicates -
d4757c94cb65748af7f566b3e1cdf0109d205ef5455ef8c612b77960a103b92bindicates -
3b9326585b7019a1fa87c8a14fbb104c97b2ecf0b46a882c8cf8538a98fb6488indicates -
bd6984b746a0a88fd4bc985b5c7ff08584d96ff67c193bbe8e1cacefa3205a2cindicates -
a90017c28771eac8890483005c955b1d29cf0199c24d1d4992c8b843ff2496dcindicates -
643db9eee1f71cce4dd4e27ae5687c93c85e91baa18e47127074f609add1f0a1indicates -
simpsonsbartmovies.stufftoread.comindicates -
27bfb19e2205709f37b94b5341ec6ea9050092d84c6663ee8cc87b1bb62376a6indicates -
4d1d80a4b4aae5d93206369775689020ba7dd31426b20d190f44738c61b55099indicates -
b2462d3bcc0b2019f547cf3dab119e9e2a3fb362e83ec52bc4530fa7388fa26eindicates -
8a4c7895114c65d9174ae744aeff93024214d9bbc76cafd3e9f21ffbce8efdf4indicates -
ee507459cfacf5c0fdb84bebbe410eb9a7ed52a8089e59ea986bfc529e5ad1c1indicates -
20e3c6baf50adb0ae00d83a146d0e28b6d0a282f311f7240873e00fc89e65b97indicates -
6dd776c16c704abed1e6ae6ff3848690b5b3e28b4180875238f0c1308f023aacindicates -
dc847be4793c40e215346f40b7a9f9788f1d2a506050cecb05789db5dbb622dcindicates -
94d28300ce41bf60b9f231e5fb5b82d76f084012bc5917c77e332908f514969cindicates -
f810650e0735b8261f9ff7c76ac27380f561591c54932740bd5755383f56d57eindicates -
e64e22b17b67b7db6e95849f9951ea8f0e9666c7154a53bd9d316aca374a839dindicates -
a4e8aa05093429861824831ce3e708db9cbf3721d791b9b08b45a3b807342811indicates -
7cf7c9f8c05aeee52273c6571cc55d375c44ffe3597d0ce9770f76db12d873d9indicates -
e9cfce1de32261f4bbb006f9bf56c1f9d453724bc794ecd7ee9a7b3d81d83b63indicates -
923f4618105ecf77fca9bca4b2eac1ded8fc58cfe1d0a371dba1710617ece2f1indicates -
7f2fd97dbf9e98f2b4eeed330630fdd4a3e26f06909f01987de58515f43cdeaeindicates -
e17cfa4939ac30f741ea6fbdf982bd6a759836e12329d2375685b9fd22579d84indicates -
airforce1.mmafan.bizindicates -
604c958c40a3e1630fa8a596b97e5294286ffa967dbe6136eb28bd7b98c203faindicates -
28ac45c1c68f846378ca097904029c19bb3d0e044bc28f2d5f91984a9dd390bcindicates