Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America 
=========================================================================================================
[Indicators of Compromise]
=========================================================================================================

[File]
[SHA256]                                                                    [Description]
2dbf48e7da928f88d37d5f3560838987a277eafed85612ad841b4edfa59944f3            implante_http backdoor, Python script (SHADOW-AETHER-040)
46b3efe9877f9d3e4fc4b9547ec213e75938397fdc30828857155238335973e7            implante_http backdoor, Python script (SHADOW-AETHER-040)
72640620e674d9236843b7e8bfe0e4f626eea3d7a954bb95b9d93d0474ff1212            implante_http backdoor, Python script (SHADOW-AETHER-040)
98432af9273c1e0486661626e0c156211fcf4b2d88b64e1ad2410c785bb321b8            implante_http backdoor, Python script (SHADOW-AETHER-040)
a5c00451eb50fbafd0440d629fe153ed3e833d9df10d9932a273628438b8088d            implante_http backdoor, Python script (SHADOW-AETHER-040)
abef3c0c62b7dd68ff0837e52b1c5f787003303d920dfbaec03e4a2d8946ee93            implante_http backdoor, Python script (SHADOW-AETHER-040)
d0c7d66206de5739315030dc580fce4fb9c39e0b48b10f49bf9d887be872fb20            implante_http backdoor, Python script (SHADOW-AETHER-040)
97f7a1a84d3d1aca5048f433d5689e3af1289597acae7e432fac2fc5f2c64341            implante_http backdoor, EXE binary (SHADOW-AETHER-040)
1c37a58df996dd62449a76e49dd700d9d5fc70739179a92f3a86b6bdf4e1d87e            implante_http backdoor, ELF binary (SHADOW-AETHER-040)
c8905b274cee69d74ed34afc2c1384551b9ad988dd6819a0e79a0a17c170c6de            implante_http backdoor, ELF binary (SHADOW-AETHER-040)
f530985e9d7c9cafb2c30913a5de893fd01d40712b8bf171e3b62423b15f8f62            implante_http backdoor, ELF binary (SHADOW-AETHER-040)
ffe640442e49edece4d459bcee26be2c6814a099a62679c63a152c56bc48848a            implante_http backdoor, ELF binary (SHADOW-AETHER-040)
8d510a62ad31724672a648b8bdb7114d8e42b918f9d0dff7a63b91be24d66341            POW webshell, WAR format (SHADOW-AETHER-064)
5209edb0076bbb0d08bfeb24fcd1eed714aa1038fe4c30921059bd3c95f83b72            POW webshell, JSP format (SHADOW-AETHER-064)
ead16af4f7e31c34b2167628c5499f8e108bf63bd08ac78f18cf0a6d92f6d86d            POW webshell, JSP format (SHADOW-AETHER-064)
3b72ef13049bea56198134de13ee54bfb3b327a19dcec20e2d70719bd4379e63            SOCKTZ backdoor (SHADOW-AETHER-064)
5f04fc6c7bc19155ac2b47405b58f0cb41ffe68f513f710d1cc0dd0ba324014e            SOCKTZ backdoor (SHADOW-AETHER-064)
669df5863f0d47a377b0f772334c935fb523cabf37a7547f6a717dcb41ccf067            SOCKTZ backdoor (SHADOW-AETHER-064)
aa0f56f1004632397a1f1633769e4469a370705418f649fe9057a7f9046eb999            SOCKTZ backdoor (SHADOW-AETHER-064)
eb0fe48c75e689077a346a6bdf2b7368fb6ae5fe82020f2e969e04729e1c4f54            SOCKTZ backdoor (SHADOW-AETHER-064)

=========================================================================================================

[Network]
[Type]          [Indicators]                [Description]
IP address      165.22.184[.]26             C&C Server (SHADOW-AETHER-040)
IP address      159.65.202[.]204            C&C Server (SHADOW-AETHER-040)
IP address      62.171.185[.]97             C&C Server (SHADOW-AETHER-040)
IP address      167.172.38[.]123            C&C Server (SHADOW-AETHER-040)
IP address      155.133.27[.]198            C&C Server (SHADOW-AETHER-040)
IP address      209.99.185[.]221            C&C Server (SHADOW-AETHER-064)
IP address      209.99.185[.]223            C&C Server (SHADOW-AETHER-064)
IP address      167.148.195[.]53            C&C Server (SHADOW-AETHER-064)
Domain          cloudservbr[.]com           C&C Domain (SHADOW-AETHER-064)
Domain          infra-telemetry[.]com       C&C Domain (SHADOW-AETHER-064)