STIX/TAXII — Indicadores de Compromiso

Campaña InstallFix / Amatera Stealer

Fecha: 12 de marzo de 2026 Formato: STIX 2.1 TLP: CLEAR Referencia: IR-2026-0312-IOC

Resumen de Indicadores

220IOCs Totales

20Dominios

6Direcciones IP

2URLs

192Hashes SHA-256

1. Dominios Maliciosos

Dominios directamente asociados a la campaña InstallFix / Amatera Stealer

Dominio	Tipo	Primera detección	Última detección	Fuente
claude.update-version.com	C2/Distribución	06/03/2026	11/03/2026	IBM X-Force, Feedly [A1]
update-version.com	C2/Distribución	11/03/2026	11/03/2026	Feedly [B2]
claude-code-macos.com	Distribución	03/2026	03/2026	IBM X-Force [A1]
claude-code-docs-site.pages.dev	Distribución	03/2026	03/2026	IBM X-Force [A1]
nnnnnnnnnnnnnnnnnnnnn.pages.dev	Distribución	03/2026	03/2026	IBM X-Force [A1]
saramoftah.com	C2/Staging	03/2026	03/2026	IBM X-Force [A1]
overplanteasiest.top	C2 (Amatera)	27/05/2025	19/06/2025	Feedly [B2]
amaprox.icu	C2 (Amatera)	19/06/2025	19/06/2025	Feedly [B2]

Dominios asociados a ACR Stealer (predecesor de Amatera)

Dominio	Tipo	Primera detección	Última detección	Fuente
playtogga.com	C2 (ACR)	03/2026	03/2026	Feedly [B2]
apposx.com	C2 (ACR)	30/01/2026	03/03/2026	Feedly [B2]
theriygrt.com	C2 (ACR)	30/01/2026	03/03/2026	Feedly [B2]
memory-scanner.cc	C2 (ACR)	01/01/2026	04/02/2026	Feedly [B2]
indeanapolice.cc	C2 (ACR)	30/01/2026	30/01/2026	Feedly [B2]
globalsnn3-new.cc	C2 (ACR)	30/01/2026	30/01/2026	Feedly [B2]
globalsnn2-new.cc	C2 (ACR)	30/01/2026	30/01/2026	Feedly [B2]
tyuropium.com	C2 (ACR)	30/01/2026	30/01/2026	Feedly [B2]
dpaste.org	DDR (ACR)	30/01/2026	30/01/2026	Feedly [B2]
joinmc.link	DDR (ACR)	30/01/2026	30/01/2026	Feedly [B2]
pktriot.net	C2 (ACR)	30/01/2026	30/01/2026	Feedly [B2]
portmap.io	C2 (ACR)	30/01/2026	30/01/2026	Feedly [B2]

2. Direcciones IP

IP	Tipo	Primera detección	Última detección	Fuente
45.94.47.224	C2 (Amatera)	14/11/2025	10/03/2026	Feedly [B2]
212.34.138.4	C2 (Amatera)	28/01/2026	28/01/2026	Feedly [B2]
91.98.229.246	C2 (Amatera)	14/11/2025	17/11/2025	Feedly [B2]
104.21.80.1	CDN Masking	19/06/2025	18/07/2025	Feedly [B2]
157.180.40.106	C2 (ACR)	03/2026	03/2026	Feedly [B2]
78.40.193.126	C2 (ACR)	05/02/2026	05/02/2026	Feedly [B2]

3. URLs Maliciosas

URL	Tipo	Fuente
https://geotravelsgi.xyz/ujs/2ae977f4-db12-4876-9e4d-fc8d1778842d	Staging	Feedly [B2]
62.133.61.104/downloads/test.pdf.lnk	Dropper	Feedly [B2]

4. Hashes de Archivos (SHA-256)

173 hashes asociados a muestras de Amatera Stealer y ACR Stealer. Utilice el campo de búsqueda para filtrar.

#	Hash SHA-256	Fuente
1	04c30011603048f69ad9ecf57ce580c1ebd20fb49a80b259e9628eaec79179a8	IBM X-Force / VirusTotal [A1/B1]
2	05db76843f81795f9a736cb2609197d5f018978b33277f420fd17c166caddb93	IBM X-Force / VirusTotal [A1/B1]
3	08bf6ddf7d0313477a51787d82ca3b66c102a93fcabdf53c891aa1ed331ea4a9	IBM X-Force / VirusTotal [A1/B1]
4	0967e0e1f15ddfb9b3d7451832dd3a653177679b0b56a7c19aea8e5fd82bd420	IBM X-Force / VirusTotal [A1/B1]
5	096aabe166d4cec286d31042107c793431ce7ae75d208c7f7afbe822361ce329	IBM X-Force / VirusTotal [A1/B1]
6	0df602fe581b9f252c21da7c6efc8c7bf1b9c7e83029e4b64ee1d3de6c771544	IBM X-Force / VirusTotal [A1/B1]
7	127a367df685ce3b04eed27ce58e148fba7c1b2273e280c531c0b3a2955dd2e6	IBM X-Force / VirusTotal [A1/B1]
8	133d56d17ba934898306f4ad442ee679f9e161e0237c968ff37f2abc487d3f0d	IBM X-Force / VirusTotal [A1/B1]
9	137c4590924df22317a90bdd9e1c9bec64def8905fe379e5f13beced9b2bb012	IBM X-Force / VirusTotal [A1/B1]
10	14daf77c40fa3c1ac8aef6071a818681412f36cf1565ef8cc9dc57085665476e	IBM X-Force / VirusTotal [A1/B1]
11	16dd58a3c2fc840fa00de80ea9dd0524ba2f02943ce049de2898598285cc9541	IBM X-Force / VirusTotal [A1/B1]
12	19e839202598018bab2825e24d9bdf9fad4d0ad93aada919fe13552d5a10d44b	IBM X-Force / VirusTotal [A1/B1]
13	1ce829beec85e6633cc20abc1093395bfbd21e5235cec2ab2a447e8b14cc70d3	IBM X-Force / VirusTotal [A1/B1]
14	1f2791dcde3845bff10d8b5612e8ee788a64d2f754a00707c85d37b0ffe6d2cc	IBM X-Force / VirusTotal [A1/B1]
15	22ef775bce102887a4965df0cd83d5863ff43393f2eab3fc65e6c3d2c0584cf0	IBM X-Force / VirusTotal [A1/B1]
16	24d94bdd8e8ce62a3ff0b704b75f01eac9345bab67086aad272dd3ac9a0c49a3	IBM X-Force / VirusTotal [A1/B1]
17	309e4e46e9aaf1376b7c46385269082412f3372a8071d0c4b8987bf498121874	IBM X-Force / VirusTotal [A1/B1]
18	31875081489b524d1cad448458de4732d13e0a570c762505765186834d66d9ea	IBM X-Force / VirusTotal [A1/B1]
19	318863986703d8e2bcff4a240f8d3e9f351b32741c1981e750e9546c42241bd5	IBM X-Force / VirusTotal [A1/B1]
20	33537764b8aa3b4c53e45181681fa67233411f56646dbad1aae45b391ba2b52b	IBM X-Force / VirusTotal [A1/B1]
21	360114ed2b6d6bc4c22c1a7918e58884013b733e3f3b3112b789ce0d8e77e03a	IBM X-Force / VirusTotal [A1/B1]
22	3622330a5663d834856c72f1666ca3530319e82edc6b0db28b88360acebb64c4	IBM X-Force / VirusTotal [A1/B1]
23	36d2e6c50d2b153d1caae36199a6bf0d102cdb1ce1f79777bb60619ac67ba688	IBM X-Force / VirusTotal [A1/B1]
24	3794a53a91357b30bf3329141171447d2e10e5e102db13a95838ec4669fee5d6	IBM X-Force / VirusTotal [A1/B1]
25	38589033da08fa0e259543a44d0eacc05606ec9350e3d86fee9ebaf9124992bb	IBM X-Force / VirusTotal [A1/B1]
26	3ac830b1499c00d1433f19e833f68286f462b996ceec568ef69453aaee9b9c64	IBM X-Force / VirusTotal [A1/B1]
27	3b562a133ca05f1921c230383726049fb1eb7f1af0ac49194b0c047c87f76719	IBM X-Force / VirusTotal [A1/B1]
28	3c4da6c520bb4b7ed8606bacf4c2956a5f7e3a77c1e01607bb270ae7765608c9	IBM X-Force / VirusTotal [A1/B1]
29	3d942864e59d5dd6a6b0e138aaf63bd31d5d21e10a9c3eef7c1eccd01900455d	IBM X-Force / VirusTotal [A1/B1]
30	3f0d14ae0aee61e3342d12a0b84bfd240257b589cba4b5189f126cbe44777ced	IBM X-Force / VirusTotal [A1/B1]
31	3f4a9dd1e512ef05d6871676dc10094e8da5eaa4cb9df4fcbb61b27bca3dee89	IBM X-Force / VirusTotal [A1/B1]
32	40ba596be5c0c702a2ca4f156b7e3102cafe324e5191d25c25bdd12b521fe59b	IBM X-Force / VirusTotal [A1/B1]
33	421b2bb856c017b29788073ebcfce11a684555d9945a0377e4f8e27959b02ee1	IBM X-Force / VirusTotal [A1/B1]
34	429ab5f3d38e47a6aeda69cee14475745264bbad865aebfa7e0a1774feb9d44a	IBM X-Force / VirusTotal [A1/B1]
35	42c2f7ffab89d769906f4cb65bf9f30f61f13bc4dba128d57845f94bb9c8163f	IBM X-Force / VirusTotal [A1/B1]
36	42eabf1e8e5e5f2c2cbeaf47b277ba768d4c84b65b44f5db5d811c4347da59f8	IBM X-Force / VirusTotal [A1/B1]
37	43125fdc0fbdd0612b985f03298b7bd505f3f286ce2958d83e5d4bc5f46da870	IBM X-Force / VirusTotal [A1/B1]
38	4341879fe90a6edb5c8e826e25c37cb8a7f49890781ffe2732b3bd963795a63c	IBM X-Force / VirusTotal [A1/B1]
39	4475e6254c8c10e7a1ee231cafac459388de7e026bf8987dd11832b0b0fff30c	IBM X-Force / VirusTotal [A1/B1]
40	44e5b0bf7843024b86ae669ac96143fb84388ab03b0ae4887066cc3118d1cbe0	IBM X-Force / VirusTotal [A1/B1]
41	46bd2546646cc5f09ede431e971813f48b243c9d38af1eed5bcc97747908bfb5	IBM X-Force / VirusTotal [A1/B1]
42	47f04785b7414f2c9628fc544dc05c8da43b186ce3c9b3790d7af28bb2b2bcde	IBM X-Force / VirusTotal [A1/B1]
43	48da3a8666a96374253c20e98608803a41a8057a318e458f2241b9e97ec13263	IBM X-Force / VirusTotal [A1/B1]
44	49e7a5329a19e32df5998efd8bb3b5eaeed28b13fe79218949693706f239305d	IBM X-Force / VirusTotal [A1/B1]
45	4a0591336c7df9c61ed2656ac8d943cbc5b9a1375d83723e1cc9e3c71dd9a01c	IBM X-Force / VirusTotal [A1/B1]
46	4a1b0e3635668e15ccadb554acd571109d8e5d3398deb39b0346aebcb6561d9b	IBM X-Force / VirusTotal [A1/B1]
47	4afa12e92cb5cfa1ce31dc3679576b3dd70cb0c14c0fa5105c09612b6c515bf4	IBM X-Force / VirusTotal [A1/B1]
48	52faca2228eb5a3f2820e792279f338c5a0faffada1ce3b554873a128b234013	IBM X-Force / VirusTotal [A1/B1]
49	58e5b3002218fb778f2648c6096655aeab2a9b62973dbd7f7dc6a170edf522ef	IBM X-Force / VirusTotal [A1/B1]
50	5be1cde221d957444d8f4db59f50e0f14363ef4de69f0f46af460c592adb6100	IBM X-Force / VirusTotal [A1/B1]
51	5f2e9a0da6938034fb0310f82d85afbe923df5963364b2b257ace0f9b33e51c4	IBM X-Force / VirusTotal [A1/B1]
52	6040a2950f28f8d4ea16f8b9f73f95fca4043ec5356eeb14e1dcdd621ead06cc	IBM X-Force / VirusTotal [A1/B1]
53	60474d9dfcd8e77331b3f317441bb0c065d924b2dbb8b4dcc9ad917f4074a302	IBM X-Force / VirusTotal [A1/B1]
54	64bc219bca2e3a4426199b2cf54aba7df8ea53f8a0ed04364aae9a654e96efe1	IBM X-Force / VirusTotal [A1/B1]
55	6678141627eeb3bbb72f2e48c0dcfc1f7bbe7c54f1a7787dcba7e780020e2167	IBM X-Force / VirusTotal [A1/B1]
56	6840d20d78db83e0bd6f81e3c7cb5cda6577336ecbce38626e2299d79082ad5a	IBM X-Force / VirusTotal [A1/B1]
57	6962de7de92116ea5eae20476f3490aa862091196d1eb00e216ff1a4960a3c10	IBM X-Force / VirusTotal [A1/B1]
58	6c0fe0efb2bbfaa12c321e747a893ad0c9fa1e4e549a193a36a86bc2edb2c6d4	IBM X-Force / VirusTotal [A1/B1]
59	6d0068de8bc140cfe20a79d0ce8f1feb5778c13f93e65938e0114d236291117e	IBM X-Force / VirusTotal [A1/B1]
60	6d202bab1a6a981beb3d87936dbb2b526f4ef2d0c317194cccec8be324c05a48	IBM X-Force / VirusTotal [A1/B1]
61	6e2ae6f112a0bb20a7b4907976b4279a8afb3778a6adb8b4b5db0228f257f49f	IBM X-Force / VirusTotal [A1/B1]
62	6fae124d09e3eb213357175e59fded348b9f47fdb30a7a660f1e65771cb6eef7	IBM X-Force / VirusTotal [A1/B1]
63	72817b35ab376da800b5403fe3595676680dad41033a0f7107d0261a086f6eae	IBM X-Force / VirusTotal [A1/B1]
64	742f5543ca17514b9a3b2fd7227f962cea17477050b03ebe8e07f1b1bdf1dea1	IBM X-Force / VirusTotal [A1/B1]
65	76a10b1097d80a92a99fb3fa313c290f236e1e69be703accd20c600bc164841c	IBM X-Force / VirusTotal [A1/B1]
66	7c7aad09308047f103aa8d2d692707b5e2adf4ac219862ef1fbaf5e97854ee0f	IBM X-Force / VirusTotal [A1/B1]
67	7e01ba0fd3dbc631f49c5b6a14fd954efde9bed0b00c7fa150665c6407c05b68	IBM X-Force / VirusTotal [A1/B1]
68	7f83cf01abd97ca0fdac21991a6ddd45b57815ddd5bdc1a62e0f469550b6e9a5	IBM X-Force / VirusTotal [A1/B1]
69	7f9700249874f38f183556f8028b2d59aaa20fa0cb03a427772507eb480ca103	IBM X-Force / VirusTotal [A1/B1]
70	809be9b70095f131db8a41629bd079424975668ef78fb75297d4e8251907d70c	IBM X-Force / VirusTotal [A1/B1]
71	80d289a581c8ef758ef16165b35a2294fa21b27c60dafe81bd706da962127f88	IBM X-Force / VirusTotal [A1/B1]
72	80f1c57294dadc4551a0a5d830dd508df0a491a7d4fc48c85e47ef795a97821d	IBM X-Force / VirusTotal [A1/B1]
73	8110d62f3238365518dfaf9e673c5cae2ffee7dfdb8e6d48bfc2d211deab72c5	IBM X-Force / VirusTotal [A1/B1]
74	83b63027f77ccc7d1cdfd22ff160a20ff129ef660fb86af5839a675290c73181	IBM X-Force / VirusTotal [A1/B1]
75	84c35ac3554103162155a3c1fa2211a4ab703d9b1614b69a75248f300cf35eac	IBM X-Force / VirusTotal [A1/B1]
76	859834fba7aec413f91a24d7b72473f9a587e1e5e3ea15498050d26400228f4f	IBM X-Force / VirusTotal [A1/B1]
77	890950b1f00724110afa7ca2e5381fc49576bd20985444910e9c0c7cb6e770c6	IBM X-Force / VirusTotal [A1/B1]
78	8975c1f6424eaff78d99c9e5dc69d63c0b3150146cef490e9935fe80d1fc8a04	IBM X-Force / VirusTotal [A1/B1]
79	89b32e6252d2b66e15f255f803d1e9936431f3ec05a343e36e0279c42bb2d2a9	IBM X-Force / VirusTotal [A1/B1]
80	8a5e13b35745a2fd1de5567ee10e0493c437b59a6c8bd081f7543a71d3affe19	IBM X-Force / VirusTotal [A1/B1]
81	8a5e9cbdc3fdf28bbf5d97559f6d6a6a76a89e25f2e6e6aa615ecf9d5fd1f2fb	IBM X-Force / VirusTotal [A1/B1]
82	8bc815d40768f04720d1112b7d477e90c2f26611ae0488f2bb43502c008868e9	IBM X-Force / VirusTotal [A1/B1]
83	8d3634a77504cb0eee0f0f853bebaeb501a8147e104eb0f381a93b497272e34f	IBM X-Force / VirusTotal [A1/B1]
84	8d9044c428b2cad9b1ff7218d8a7d652964abb9a567468727808fd63ec9e60a8	IBM X-Force / VirusTotal [A1/B1]
85	8da7cca815469604dd7e360c3567db5ff1354fe662a45392a3cbfdfcb5acb047	IBM X-Force / VirusTotal [A1/B1]
86	8e7d408cc63726a0e53adb06749ab7a3115e11cac4e7befe72c7135d1e1278a8	IBM X-Force / VirusTotal [A1/B1]
87	8f237a902bc62ad96dd5643275f4ad1ea64cb5dedbcc16d62db0e6de25cd9e5b	IBM X-Force / VirusTotal [A1/B1]
88	8fc16b78b93594da17f958aecb690a8b39cdeabb63639887aa65a82038b0639c	IBM X-Force / VirusTotal [A1/B1]
89	903af605398c2582a90df8ca56fa6b780fd29d6892ec0e9dcaa7770d9e5329a0	IBM X-Force / VirusTotal [A1/B1]
90	904fa94df03c2933c589401f3905511461b10f7a21dcd68a8c4317693a9e6f79	IBM X-Force / VirusTotal [A1/B1]
91	917c89e14b81f4d2f76ae245974d5b6bc596cccee6be901ce8c5840e73ea1c63	IBM X-Force / VirusTotal [A1/B1]
92	93996926637363d89936b9c878c11e0c5289c8aadecd07cbd7475e7caab83595	IBM X-Force / VirusTotal [A1/B1]
93	9560b4aaff3989b986697e642528601e821f306b7b4161131b5bf5bdf83786d0	IBM X-Force / VirusTotal [A1/B1]
94	986b8a112ee72aff84800420d69524c35bfb2c307779d2b440d2c78734f2d130	IBM X-Force / VirusTotal [A1/B1]
95	993f59eea8a62974d98d56f6f5465d05b391b6d5272493951e7b59e37a87ed9a	IBM X-Force / VirusTotal [A1/B1]
96	9a6222acd09d0f5c562df1e6cf9de913e6e19525ff2c299b3ccfefe5b442fe5c	IBM X-Force / VirusTotal [A1/B1]
97	9cdc77b08aa5d2a1b7ff74d9adbbc6845c14764bb8c3017b51510cd1a46a0db9	IBM X-Force / VirusTotal [A1/B1]
98	9f91c9f0839fb08719d3426ffc51a343c318482fec1a09c58e1ca304b945a333	IBM X-Force / VirusTotal [A1/B1]
99	a03d51cf173223b030a2efc043903a53c17307c81ba871455f700c799d80a081	IBM X-Force / VirusTotal [A1/B1]
100	a130899c3d7edb54817005b0e62da8512d674e706aa479c6c5885e221bd374e4	IBM X-Force / VirusTotal [A1/B1]
101	a214d286049720fb67ff97716d5695a5c7af9644aa9e1e91f85a291db6f0b074	IBM X-Force / VirusTotal [A1/B1]
102	a325ae77780855c5959c237db9cc5dfb215bda7605d8e0a03c25cb33a76003e7	IBM X-Force / VirusTotal [A1/B1]
103	a389ea8e6a5d25145dfeb476a6d79a4ac95c0d252775e0f38400368b70597c89	IBM X-Force / VirusTotal [A1/B1]
104	a54be7b1aefe64427a8a60ad27d2d6a2a2f862c3c3598f05593ef6c44d37a47c	IBM X-Force / VirusTotal [A1/B1]
105	a59b4a80e971c197c10fc8d37c2e7936618a59d25b0c3f3bc5fb8270043e778e	IBM X-Force / VirusTotal [A1/B1]
106	a6087401434c0ce8a2b141a1b87ee301d7945b7a8c51a3aee5cde72a19a632d6	IBM X-Force / VirusTotal [A1/B1]
107	a7987ec4361b890bc4248964b5b3cb79a3dcdb1e0044df5377a335bbee351857	IBM X-Force / VirusTotal [A1/B1]
108	a857af09fdfbceebcfdca6a0c8bb242bda95f1250f69225680e45c13487a568e	IBM X-Force / VirusTotal [A1/B1]
109	a8f5ad6064065fe0821daa6aef489b8ae3ac61b8dbe245af7dbfec19bcab05b4	IBM X-Force / VirusTotal [A1/B1]
110	acf12a0375d46897a69d730e32b3d8c14ca79f593db0d602fc398deb91430575	IBM X-Force / VirusTotal [A1/B1]
111	af421446784776aa11a0542445141d44e083ee683fff905b04dfdaf3e51ea479	IBM X-Force / VirusTotal [A1/B1]
112	b0c684a54ee747c2241eff998c3b2c4fdc6f17c3c74637c21bcbcbfdcde44e72	IBM X-Force / VirusTotal [A1/B1]
113	b407f05eae27d33fb5a71e5969c824732853248bb4905d8cca541d556e5decba	IBM X-Force / VirusTotal [A1/B1]
114	b4363643a18007f3a1fd4e68269f87f6b78b0fb7390021df606901fd87c87aab	IBM X-Force / VirusTotal [A1/B1]
115	b5b8fa30d56490fc8385369ec7adcf3f1cc334b2204c910d7da43fdc06a4c08d	IBM X-Force / VirusTotal [A1/B1]
116	b999ccdeb2d043b645c9989ae4330f8abe039a6708bdbdfded750cc5f91a8e09	IBM X-Force / VirusTotal [A1/B1]
117	bb129862e059eb57df8d01311dfcae333d34f47a4a95f0f916c871b1aefb31f8	IBM X-Force / VirusTotal [A1/B1]
118	bbd76bcc6023e877ba553fe54cd072bed8ad483ce2fc778417600df0c05701a0	IBM X-Force / VirusTotal [A1/B1]
119	bfcd2440a0fc09819ee4034cab2a1f22a8d60a4b8812d65fd426ff5b7af1155d	IBM X-Force / VirusTotal [A1/B1]
120	c0709c02d27a88b78939bc422e738af70b1455580a5ef7f3169b2868ecdd584a	IBM X-Force / VirusTotal [A1/B1]
121	c251c36277cccfca55e7807c1720dd372012aff5ee6c6f27f58a9e1c1d753794	IBM X-Force / VirusTotal [A1/B1]
122	c25f55c1b8c8df717a347733bd13b8fe544969cdbdb81eace3d41b737179cd64	IBM X-Force / VirusTotal [A1/B1]
123	c39cf50252f271b3a7fb96429606c7acb791457076a80fb6bd8fb7302eae08c2	IBM X-Force / VirusTotal [A1/B1]
124	c62e8f6718bd826dff060996de02cab86d78385b8c147b8c21289067842bfe20	IBM X-Force / VirusTotal [A1/B1]
125	c641fcafd2aa18b7613c042deb8160ec9519b4c6795d42848a1ea42d3c0ecaef	IBM X-Force / VirusTotal [A1/B1]
126	c94be154ff82f46d6cfd34bae05ba8ae2502fe49e4eee23851f7b1db406adb21	IBM X-Force / VirusTotal [A1/B1]
127	ccc9acd19fa263eae1f879c6404f2a73fd0bcb0092e25d3c44f63f0cf6d5779d	IBM X-Force / VirusTotal [A1/B1]
128	cd713042c74ca5cd390ae794aa61e745df5d8b43f24b67b58336756dff3612f2	IBM X-Force / VirusTotal [A1/B1]
129	cf4a556c2adaf3f3c38c2dffd663cccb21606b9cfe4760bf87d970569669975a	IBM X-Force / VirusTotal [A1/B1]
130	d22eea2a1ad481932a96c5f1fa5f420f7f3754bcda91f8b8b5ef179158241a4a	IBM X-Force / VirusTotal [A1/B1]
131	d2d99ee55ce67286247f7acc45c8cff8dbf58d018298f854a6f3e0d41c4320e0	IBM X-Force / VirusTotal [A1/B1]
132	d31f0db296f0b8588af3b8094772ec57f7c51ce95d1bdec0c7ddc45994c4669e	IBM X-Force / VirusTotal [A1/B1]
133	d656f7f2013255b19c2c17bbc6dcbf00c81ac61e6109bc5b439053d510e8c383	IBM X-Force / VirusTotal [A1/B1]
134	d83fe96db4f4f9ce7049af471e78fabd425cbbfc9bc1f5ee474b80c46bb08493	IBM X-Force / VirusTotal [A1/B1]
135	d8a855515e8bc62c09a90698218c9befb7a5dcc8967852cb05721432c6eaaf45	IBM X-Force / VirusTotal [A1/B1]
136	d8dbbcab910ae421f9194f25e6e9a3604205fd4d006980c710a023e26fb416a1	IBM X-Force / VirusTotal [A1/B1]
137	dcca439390582b45f9a0b3e30f59c8ca43aaee050d1a6db3de9e5286dad4b765	IBM X-Force / VirusTotal [A1/B1]
138	dd0d7e49323ffad1a9803f1299dffc5dd38ab96bc7e2ae6ba1509dc7944150e4	IBM X-Force / VirusTotal [A1/B1]
139	deab8293009b0660cd094d5596e4627d5811ec20ab8dc90253431d3afc7428af	IBM X-Force / VirusTotal [A1/B1]
140	e102e3fc64fd8e6e688dfab60761c3cbb3e5b7b9127000c5136a0063b28deadc	IBM X-Force / VirusTotal [A1/B1]
141	e2809f1d32105a31ef82ed30cc6d1dd6ed93b17a335dc9e0f66b295b6aee5e30	IBM X-Force / VirusTotal [A1/B1]
142	e43ebc41d3091fa5353d38504557b7b91757a3f1049105a034064d87f3b4e650	Feedly [B2]
143	e5a27de41e2a586b44f92622fc025be4d24c2c292ebcf24c11c4fe47364d5430	Feedly [B2]
144	e73497f7c3d311faa8af5c83aafdfd08fd2cf3631cf6df295b0241033e4a11b4	Feedly [B2]
145	e7cdf0c76ebbc46f9521d16cd8f3ee8ff55d5e6a20f50a8c9a02e20700aa3b38	Feedly [B2]
146	e9f38fe0e1e22b28f05c5079c9436946e0b20ba9f73d719b0dc782ed8f392a23	Feedly [B2]
147	eb11fbb9fdc5a0ffab884629c0c24042912ac85eedcc5becb72606ecfb603065	Feedly [B2]
148	eb20c5b57c3f8518ef554936d492d96f7ebbfda2e5210669fe0ed8a651ec1392	Feedly [B2]
149	ebb439fd5a48a86a3b1eecd66929f6692b7f6e7a4b48238a1340566171e49c70	Feedly [B2]
150	ec09d94ab15223852ae23c9e9245c880aada90e1de590feb34334ce28e7e8de9	Feedly [B2]
151	eefe961b5e4ee1bab6379431c0a0d831fd35df5bbfeb9f3d4109def041182852	Feedly [B2]
152	f49e6edb57d0b4f4dd37cf695ab54a35af2b016ab6bae2e555be22a7141cde55	Feedly [B2]
153	f4be3316d1283766d8479e1ae49b0f2b114ca5dd4fc076cb8d350636d4360da1	Feedly [B2]
154	f4d640102f791f45864d15702ea91c2f4acca45c424ee05f34a4112aa1a0dd87	Feedly [B2]
155	f5729e4772ff54d9d467d8db254c220e7880a50a28820135294ec7d5df37a89c	Feedly [B2]
156	f59df0373050020d46cc36bdec28542e71136d7a7988f8b1576272c8f1f5afbb	Feedly [B2]
157	f7b08d7183bc1b1ec18a3f12496243a52f14a1535b776771b02cffe1760145c7	Feedly [B2]
158	f89e7b0c6408f89c73bfa7c6f97d28c7bca0c067bcea97a524c10a377e55ee50	Feedly [B2]
159	fa5d5774063fe032b9be993617435b57da556c4ce2cef267581acb493098b76b	Feedly [B2]
160	fcd37d51ca9d72e7a38df466a2495e7cc4478e820f0d6953fb617bfe31142449	Feedly [B2]
161	fe5b16ab3a33610667334967a1d4e314e4291305390fc893060efda132dc7bd9	Feedly [B2]
162	fe65744e7490a23a0dc2ee6914184fbbc0e0f9815a285928a5b803de59959c85	Feedly [B2]
163	120316ecaf06b76a564ce42e11f7074c52df6d79b85d3526c5b4e9f362d2f1c2	Feedly [B2]
164	59202cb766c3034c308728c2e5770a0d074faa110ea981aa88f570eb402540d2	Feedly [B2]
165	ad0bfefa643b395400d4c89181446dbfec57f263dda39555c2ef5e704a9e6eb6	Feedly [B2]
166	f82938352cebfe4338e0e3e763cfee88aa5dd6229ac36200ce0392619153f4cd	Feedly [B2]
167	64010a9fe4483155044ad76aecbd2cdafab0fc1399e4ae0c644bcce6acbf7f58	Feedly [B2]
168	2db0c548a91356a4f79bcad8d492342699a5842b36cd813485145df0c2957c08	Feedly [B2]
169	68f9e86795c5dd817dec72f776ea0162a8c4a9cef26b54843fac00c101158ba1	Feedly [B2]
170	2df520219dd0db59d75203dec58c8d0dcce55b4e947defb1df30fdce4af982da	Feedly [B2]
171	4867b739b7a4cb72fdd88c7716150e12183b98a07a752753ced440355a5ee193	Feedly [B2]
172	38cd4bb0d7e4b8bc5de10df2a2554939ae96642109567e103d779b6eb19c40ae	Feedly [B2]
173	12ab29ed1c3f60092c101e9c8451ff44fda6c9787c6e32e3956e9a645be5dcee	Feedly [B2]
174	0111ffb0dab4bdef8c8788e4ce6ad4fc071b9f7b1f3affb7ead8d5df9582f34f	Feedly [B2]
175	006f0054609064c00d3d217ee37f924b4cf8c4fabde362408cdec1446d719913	Feedly [B2]
176	00b84eae83e4cd6165255247026c702c2c88f5cea8a1032187c2b842dc54095d	Feedly [B2]
177	dc363b99506502dac735b4b5636dfeadc07fec6742140da0d89673110538e532	Feedly [B2]
178	f7131fc0267d5e0eae0b00ee05eb221351910114d1794c30997a5e45e24059ef	Feedly [B2]
179	bbf45b03ba04ceab793e2a4dda578c9d4881ba26d1a39bc1257a7996f7c3dfac	Feedly [B2]
180	bc55d60466f7d1a03e4002759aa95cae2bd08cf9c0685f2f822ebcc8956569b2	Feedly [B2]
181	8721d3af5d2d01dc76d8102716dd6bc4271284a7682df46f10b6aacfd5b2cd48	Feedly [B2]
182	3e99b0f5eb750b818e55f23a6f1fcf8213e7ed3ac850529ade7e6fa6b7afe0e2	Feedly [B2]
183	2428bd931dde4d818437ff9e12197bdbb4a5c0548bc7c068bb732c7bc4847554	Feedly [B2]
184	e4a1b01b2a76ef02a2f6ea32275eeee4f44b867d2d5768bf89f870cbfacfa47e	Feedly [B2]
185	0cec3100b84f95dfb1e856390cf41809b653812fd4d51025517ba11b167442fa	Feedly [B2]
186	b9ff92917225778b82c30587d5559628f0ab14c359bd2b6ae4981ff262480fc8	Feedly [B2]
187	ca6b92b816c98e3fca7b287cf665257a93f1a35cc768cae223ac31a97d1af203	Feedly [B2]
188	e01fa4ca545c8a4002b9afe3243f80027b76ef5fb81fd5d9e9d1dcaddfaca54b	Feedly [B2]
189	f213970c9bde24a7b774e16803b9df9be69e02f1795e777241ada5201ed72666	Feedly [B2]
190	4ad9fd2b5519c521765a80f3411f825adcd38409ba6cfefd595873c9c6db92c3	Feedly [B2]
191	9375878e6780ed937d68f58904d27257c5ec7af0fef24c6126a8e05eb2dbd4f3	Feedly [B2]
192	532c9bc2e30150bef61a050386509dd5f3c152688898f6be616393f10b9262d3	Feedly [B2]

5. STIX 2.1 Bundle

Bundle STIX 2.1 completo con todos los indicadores de compromiso, objetos de amenaza y relaciones. El botón inferior permite descargar el JSON para importarlo en plataformas TAXII/SIEM.

6. Clasificación de Fuentes (Admiralty Code)

Fuente	Fiabilidad	Credibilidad	Código
IBM X-Force	A – Completamente fiable	1 – Confirmada por otras fuentes	A1
Proofpoint Threat Insight	A – Completamente fiable	2 – Probablemente verdadera	A2
FortiGuard Labs	A – Completamente fiable	2 – Probablemente verdadera	A2
eSecurity Planet	B – Normalmente fiable	2 – Probablemente verdadera	B2
SecurityOnline / Daily CyberSecurity	B – Normalmente fiable	2 – Probablemente verdadera	B2
CybersecurityNews	B – Normalmente fiable	2 – Probablemente verdadera	B2
Feedly AI	B – Normalmente fiable	2 – Probablemente verdadera	B2
VirusTotal	B – Normalmente fiable	1 – Confirmada por otras fuentes	B1
CVE Details / NVD	A – Completamente fiable	1 – Confirmada por otras fuentes	A1

Sistema de Evaluación Admiralty (NATO): El código Admiralty es un sistema estándar utilizado por las comunidades de inteligencia de la OTAN y aliados para evaluar fuentes de información. Combina dos escalas independientes:

Fiabilidad de la fuente (A-F): A – Completamente fiable; B – Normalmente fiable; C – Bastante fiable; D – No suele ser fiable; E – No fiable; F – No se puede juzgar.

Credibilidad de la información (1-6): 1 – Confirmada por otras fuentes; 2 – Probablemente verdadera; 3 – Posiblemente verdadera; 4 – Dudosa; 5 – Improbable; 6 – No se puede juzgar.

7. Referencias

IBM X-Force — InstallFix Report:
https://exchange.xforce.ibmcloud.com/report/details/guid:f52c99c24f704788b8036f1ead587991
SecurityOnline — The Vibe-Coding Trap:
https://securityonline.info/the-vibe-coding-trap-fake-claude-code-installers-unleash-amatera-malware-via-search-ads/
eSecurity Planet — Fake Claude Code Install Pages:
https://www.esecurityplanet.com/artificial-intelligence/fake-claude-code-install-pages-spread-infostealer-malware/
CybersecurityNews — Claude Code Vulnerabilities:
https://cybersecuritynews.com/claude-code-vulnerabilities/
Feedly Threat Intelligence — Seguimiento de InstallFix / Amatera Stealer / ACR Stealer
VirusTotal — Análisis de muestras de malware
CVE Details / NVD — CVE-2025-59536, CVE-2026-21852
Proofpoint — Amatera Stealer: Rebranded ACR Stealer analysis
FortiGuard Labs — SVG Phishing / Amatera Stealer campaign