Blitz Malware: A Tale of Game Cheats and Code Repositories
Blitz is a new Windows-based malware discovered in 2024 consisting of a downloader and bot payload. The latest version was spread through backdoored game cheats for Standoff 2 distributed via Telegram. Blitz abuses Hugging Face Spaces to host components of its C2 infrastructure and payloads. The malware performs information stealing and DDoS attacks. An XMRig cryptocurrency miner was also deployed as follow-up malware. By May 2025, the developer claimed to have abandoned the project. Russia accounted for the highest number of infections among 289 victims across 26 countries. Palo Alto Networks customers are protected through various security products and services.
AI Analysis
Technical Summary
Blitz is a Windows-based malware campaign identified in 2024, characterized by a modular architecture consisting primarily of a downloader and a bot payload. The malware's distribution vector is notably through backdoored game cheats for the popular mobile game Standoff 2, which were disseminated via Telegram channels. This method leverages the gaming community's trust and eagerness for cheats to propagate the malware. A distinctive feature of Blitz is its abuse of Hugging Face Spaces, a legitimate AI model hosting platform, to host components of its command and control (C2) infrastructure and payloads. This tactic complicates detection and takedown efforts because it blends malicious activity with legitimate cloud services. Once deployed, Blitz performs multiple malicious activities: it steals sensitive information from infected systems and conducts distributed denial-of-service (DDoS) attacks, potentially disrupting network availability for targeted entities. Additionally, the malware deploys an XMRig cryptocurrency miner as a secondary payload, which hijacks system resources to mine Monero cryptocurrency, leading to degraded system performance and increased operational costs. By May 2025, the malware developer reportedly abandoned the project, but the infection footprint remains significant, with 289 victims identified across 26 countries. Russia has the highest infection count, indicating either targeting preferences or greater exposure. The malware employs a wide range of tactics and techniques as mapped to MITRE ATT&CK, including credential dumping (T1003.001), input capture (T1056.001), command and control over web protocols (T1071), process injection (T1055), and persistence mechanisms (T1547.001), among others. These techniques enable stealthy operation, lateral movement, and sustained presence within compromised environments. Palo Alto Networks customers benefit from protection via their security products, but organizations outside this ecosystem may remain vulnerable. Overall, Blitz represents a multifaceted threat combining social engineering (via game cheats), abuse of legitimate cloud infrastructure, and a blend of espionage and resource hijacking activities.
Potential Impact
For European organizations, Blitz poses several risks. The initial infection vector through game cheats distributed on Telegram suggests that individual users and corporate endpoints with lax security controls or gaming habits could be compromised. Information stealing capabilities threaten confidentiality, potentially exposing sensitive corporate or personal data. The DDoS functionality could disrupt business operations, especially for organizations with internet-facing services. The deployment of cryptocurrency mining malware impacts system availability and performance, increasing energy consumption and hardware wear. Given the use of legitimate cloud services for C2, traditional network-based detection may be less effective, increasing the risk of prolonged undetected presence. The broad range of techniques used by Blitz allows it to evade defenses and maintain persistence, complicating incident response. European organizations with employees engaged in gaming or those with weak endpoint protection are particularly at risk. Additionally, sectors reliant on continuous availability, such as finance, healthcare, and critical infrastructure, could face operational disruptions from DDoS attacks or resource exhaustion caused by mining. Although Russia is the most affected country, the presence of victims in 26 countries indicates a global footprint, including Europe. The malware's abandonment by its developer may reduce future evolution but does not eliminate existing infections or the risk of copycat campaigns.
Mitigation Recommendations
1. Endpoint Security Enhancement: Deploy advanced endpoint detection and response (EDR) solutions capable of identifying behaviors associated with Blitz, such as unusual process injections, credential dumping, and network communications with Hugging Face Spaces. 2. User Awareness and Training: Educate users, especially younger employees and those in gaming communities, about the risks of downloading and executing unauthorized game cheats or software from untrusted sources. 3. Network Monitoring and Filtering: Implement strict network egress filtering to monitor and potentially block suspicious communications to known malicious domains or unusual cloud service endpoints, including Hugging Face Spaces URLs. 4. Application Whitelisting: Restrict execution of unauthorized software, particularly in environments where gaming or non-business applications are not required. 5. Incident Response Preparedness: Develop and regularly update incident response plans to detect and remediate infections involving multi-stage malware and cryptocurrency miners. 6. Patch and Update Management: Although no specific vulnerable software versions are indicated, maintaining updated operating systems and security tools reduces the attack surface. 7. Telegram Channel Monitoring: For organizations with security teams, monitor Telegram channels known for distributing game cheats to identify emerging threats early. 8. Resource Usage Alerts: Configure system monitoring to alert on abnormal CPU/GPU usage indicative of cryptocurrency mining. 9. Collaboration with Security Vendors: Utilize threat intelligence feeds and protections from vendors like Palo Alto Networks to stay ahead of Blitz-related indicators and tactics.
Affected Countries
Russia, Germany, France, United Kingdom, Poland, Italy, Spain, Netherlands
Indicators of Compromise
- hash: 1ba16655232828e33b7073046d64ecc0
- hash: 6aee9e10def52739fcc1f26e13d5433f
- hash: ad00c6cc1732961b6b15c756e1ff2783
- hash: e445a00fffe335d6dac0ac0fe0a5accc
- hash: 28aaf8be816eb44be4ec8a8c28e0ceabc2c7f065
- hash: 7ae34489150e8215c15b2d5a9644a8c149314d48
- hash: dca77260bd40e883749ac3c5ea3d0ab270562f2a
- hash: 056fb07672dac83ef61c0b8b5bdc5e9f1776fc1d9c18ef6c3806e8fb545af78c
- hash: 14467edd617486a1a42c6dab287ec4ae21409a5dc8eb46d77b853427b67d16d6
- hash: 1697daef685ce47578e44e2d19fa8e01c755de7fa297716b89e764ea046db1a0
- hash: 1bd55796ec712a98cf30fac404b29fcb2cdaa355cb596edcc12d8fbd918b4138
- hash: 1d9f12e356367c533ef756ab74d70fc537a580ec5ab904a4d583cebe0b89b4c4
- hash: 2007069b32bb9a7f87298fe3c1a87443c21f187ab8465c5b4a1505f0e5c7b898
- hash: 23086a1d207166154a1b1451f3174f7c5f5299dd4385d83fd8199833ce34325f
- hash: 47ce55095e1f1f97307782dc4903934f66beec3476a45d85e33e48d63e1f2e15
- hash: 5ef29d6d4f72e62e0d5a1d0b85eed70b729cd530c8cb2745c66a25f5b5c7299e
- hash: 5fc132b054099a1a65f377a3a22b003a6507107f3095371b44dbf5e098b02295
- hash: 6a55b7b01a8f7001e0e654f5feddcd0561b3694bcd2a9f9ca3e5f5e33dbbfc11
- hash: 8ed77eb6cd203e20b467d308bf7ee5213cbb2c055c4896b0af04e323bf67b887
- hash: a34a4a7c71de2d4ec4baf56fd143d27eeedebb785a2ba3e0740b92e62efd81ea
- hash: aa5cd0219e8a0bd2e7d6c073f611102d718387750198bff564c20ca7ebada309
- hash: ae2f4c49f73f6d88b193a46cd22551bb31183ae6ee79d84be010d6acf9f2ee57
- hash: b18e21e50f1c346c83c4cba933b6466ada22febaafa25c03ac01122a12164375
- hash: bedeafd3680cad581a619fb58aa4f57ed991c4a8dd94df46ef9cbd08a8dd6052
- hash: cacc1f36b3817e8b48fabbb4b4bd9d2f1949585c2f5170e3d2d04211861ef2ac
- hash: ce1940eb26f0609fc25aaecbf998d01f5a7d5420c91bfe5c4b710d057981850c
- ip: 176.65.137.44
- domain: blitz.net
- hash: 7611646b02ffd5de6cb3f41d0721f2ba
- hash: 9bdcf5f16cb8331241b2997ef88d2a67
- hash: 0e80fe5636336b70b1775e94aaa219e6aa27fcf700f90f8a5dd73a22c898d646
- hash: 1b80f8a985027aac004ef89caf9daa2ebbec7eece4ee442270e1d417092b88ef
- hash: 27d074c6cfb079be8d087a0efa0ec24994972d1033fb4c72a2b479790cb3bb31
- hash: 2a279f345126141019fe836cea88f61e5b0449487a5a411bac53ad8273a3eac1
- hash: 2abb14bdf0f7f159c90183679729361102f0b46e5207a36c3f292adf7d0b1dd3
- hash: 2e543a246f3390bd3f9102af275e4a57f2c057bedad10079f5d2402ad9bd6421
- hash: 3064b4dd3e2c44c986f2c247a888c530b855db8fd7dd6d345cf187d873792fc7
- hash: 3099f41fb60e6f7fe5c1ae2141d4ac5d6f78c763f8cf3e68b2f154cf1a93faa7
- hash: 35696115cfd23a6d128da932be20a784f2a82ff411eca99c2c33bb2d1bd4026c
- hash: 39d8a45108ab3ec5b56aca989f268c434957fa1dc160d0fe654cf0d5910bf4ce
- hash: 3aaaab12ad5cc2571bf935ab248419c535577220571f76f84a37db5623956da9
- hash: 3c77173659b8049b96ca08fc1b8c6122e8d0cfb365920028dc3d18e95cf32ab2
- hash: 3f85d0c73ec6c8e45a24df14759f351aaf456d1eab3afbacc1d8ed95bb062a7b
- hash: 450e33d866848c10ed3493bb1edf0a95084b8d69b963fb0aa72ba8d27c3110ab
- hash: 46f11cbba1fea180d03b5ac2b68070cbbfa515131957db1d0551209220f7f045
- hash: 49b50765749c5e95c2010d790a691689b01e3f844636cd0d47e9fcfe346d7f40
- hash: 4f8031cabbc1f5b7574dbde4a251f8cb15ea8b0f7c151bdbb301dd017fedc944
- hash: 541a94110a0f9f73722bb9dd7d05b8d1822ad496084d39a777cb39f3b092b6e1
- hash: 54f254344ddff0763208c9739bd774d6f467009faa49d47468a8505c0e60dcfc
- hash: 5ca0bc0b16b2107048b804936b8d52f90e3ba3a6bf7916732541cd1b3b6f962f
- hash: 5d30045ce82f6e2431d6fd4dccb3ffd565820617d92763993dbbf4ddb9dde938
- hash: 6441e7000713f96c7ae114ce62378556d01fa29d435a5be0f11a5e80be9a26ed
- hash: 67b3b8b8c63e2fa103143efc67536c0fe6a58f9e004e362c3df686951f59e2e0
- hash: 688754743476df47e612190ef790105efab8c611a5b5e2cbecb3c6b764bb9dd7
- hash: 6e8f4286ff63acda3a04fca3af7f9fc0962dc84ce889c0b51e5e5768043cbdad
- hash: 7891bb5a4656469ada072f0081c5149251b9ad49dfcf64bdb02704edaa73548a
- hash: 7b4aa0351f8fb71f0e1ccedc6998fc06945f1a77c7fb15f3448eaa483190a111
- hash: 7d082878c654ffdea32f15e258aae09d5375932499411b61e3b9189a2c906504
- hash: 7dc8f1ab3638fb64b809078856ac7500a1b8aa1bcf6bc74e88af59b7e3a31407
- hash: 7dd49c0128aaec33d33a5897cee0b79e91c935f1530993e5c845e35e03d7ed78
- hash: 839b2b72fc672549e7daefc08d28e74768d0b2b2b12662b799f46340e8bccf80
- hash: 83fc11bebb07f59cc86e2fd4c80936ecc6d1e0a21978ba1a9b09d3639f64844d
- hash: 84a1d2bfe9bba6387e3752978aec1c0871fecf7844e23b72e4d6a046f58f4692
- hash: 84b654b32b478144d9eec3d923d7e387ec3aed83d7640c32a4d1f5e593750b80
- hash: 88e2d0d59a9751e4ce5223951f5a75b1731b1ee82d18705aba83ba4bd7e8e5c1
- hash: 931b5b2436c1d7f0ab9cfd6202dd18096d94317fdb7b492b63b16b730e2dff24
- hash: 995740e8cf0b6c44b1e3dbd1e983f3fdaa2dac6bd6db399efabd957794cf3954
- hash: 99598079794e4ff65a641828e1403b75362a7f732db4c938b9ded25f789d1793
- hash: 9994bb896944e667b1d1536fa64a235501817540bc6c338790d2f46d58b512c1
- hash: 9a5b4a4770c6d26fcd06dd53fc68dc5ee739fd5ed52530e80b5dfd4314dcbc6d
- hash: 9c802ce1c678791b23a04027997d6cfa4ba1b2f0d54d9fb1051d870f05c2a746
- hash: a2e9b708c7352205b62c2609d1fe43a034f7eb498daf116fb1f85ba2fb01b08b
- hash: a8d65fcf7c0f46fd761191b959571a7cc52ae8d0860c79595a28ad2a56d50186
- hash: abcc59ab11b6828ad76a4064d928b9d627a574848a5a6e060b22cb27cd11b015
- hash: b1b1ce259fcf5127c3477e278c3696dc7d15db63b673fdcf75e1deb89a0f6fd1
- hash: b1d7fb16f057318c1f0727a46df7ad755361311ba22eddd1f5d397ef0e648c42
- hash: b3bfa58ca38918d97ead9a0f7f799b08fbc082f9f844ef765c3acda4711b2888
- hash: b43451cb80a77e30b4db51b371ad410e22a8921cd015cb4362dcdecd7a0fadce
- hash: b795cbacd5bf60399a3885e69dc7b2cbc75e8ddae01cee15e3c9fe1a3f953aa9
- hash: b8c37133dc58e4f46efcac7254dee28c6cca6c9627d0d6ab0741fbce370996c2
- hash: bbaa7bdd67822be567c1ed749c1ea42322bb1b9bc06470977597c7bf385f5aad
- hash: c0309ce6f86c5e83d18422a045367f7f9148b8b013093113bf08de4a262c1ee7
- hash: c3520f7fc3452106ce43f17ea7db90d72c7ffed28a0d9431c84900cfdc08cfa7
- hash: c53f86ca9dba6930087b564a9588ecd3a1073b8886bbca387484bef937fb1598
- hash: c6161b8f85c15f2a88f1dcb5204161ce7c294aa408cba11dabf57a016d8d548f
- hash: cdf192e92d14b9d7e1201c23621c4e0b8ee0673c192bdd734afd97519afef271
- hash: d7d98f3427bf7fa0f936472e9abaedfc38ea3e1a83a6c3bddec55b177b70e743
- hash: f3b7bbe1079974fd505abaadbcf4dc0517620592eacbbe5f314a76775dd760c2
- hash: fa0d069156d4913607fed8321ff5f7f4758a51e9ece2d00ccade8cb2e40e3374
Blitz Malware: A Tale of Game Cheats and Code Repositories
Description
Blitz is a new Windows-based malware discovered in 2024 consisting of a downloader and bot payload. The latest version was spread through backdoored game cheats for Standoff 2 distributed via Telegram. Blitz abuses Hugging Face Spaces to host components of its C2 infrastructure and payloads. The malware performs information stealing and DDoS attacks. An XMRig cryptocurrency miner was also deployed as follow-up malware. By May 2025, the developer claimed to have abandoned the project. Russia accounted for the highest number of infections among 289 victims across 26 countries. Palo Alto Networks customers are protected through various security products and services.
AI-Powered Analysis
Technical Analysis
Blitz is a Windows-based malware campaign identified in 2024, characterized by a modular architecture consisting primarily of a downloader and a bot payload. The malware's distribution vector is notably through backdoored game cheats for the popular mobile game Standoff 2, which were disseminated via Telegram channels. This method leverages the gaming community's trust and eagerness for cheats to propagate the malware. A distinctive feature of Blitz is its abuse of Hugging Face Spaces, a legitimate AI model hosting platform, to host components of its command and control (C2) infrastructure and payloads. This tactic complicates detection and takedown efforts because it blends malicious activity with legitimate cloud services. Once deployed, Blitz performs multiple malicious activities: it steals sensitive information from infected systems and conducts distributed denial-of-service (DDoS) attacks, potentially disrupting network availability for targeted entities. Additionally, the malware deploys an XMRig cryptocurrency miner as a secondary payload, which hijacks system resources to mine Monero cryptocurrency, leading to degraded system performance and increased operational costs. By May 2025, the malware developer reportedly abandoned the project, but the infection footprint remains significant, with 289 victims identified across 26 countries. Russia has the highest infection count, indicating either targeting preferences or greater exposure. The malware employs a wide range of tactics and techniques as mapped to MITRE ATT&CK, including credential dumping (T1003.001), input capture (T1056.001), command and control over web protocols (T1071), process injection (T1055), and persistence mechanisms (T1547.001), among others. These techniques enable stealthy operation, lateral movement, and sustained presence within compromised environments. Palo Alto Networks customers benefit from protection via their security products, but organizations outside this ecosystem may remain vulnerable. Overall, Blitz represents a multifaceted threat combining social engineering (via game cheats), abuse of legitimate cloud infrastructure, and a blend of espionage and resource hijacking activities.
Potential Impact
For European organizations, Blitz poses several risks. The initial infection vector through game cheats distributed on Telegram suggests that individual users and corporate endpoints with lax security controls or gaming habits could be compromised. Information stealing capabilities threaten confidentiality, potentially exposing sensitive corporate or personal data. The DDoS functionality could disrupt business operations, especially for organizations with internet-facing services. The deployment of cryptocurrency mining malware impacts system availability and performance, increasing energy consumption and hardware wear. Given the use of legitimate cloud services for C2, traditional network-based detection may be less effective, increasing the risk of prolonged undetected presence. The broad range of techniques used by Blitz allows it to evade defenses and maintain persistence, complicating incident response. European organizations with employees engaged in gaming or those with weak endpoint protection are particularly at risk. Additionally, sectors reliant on continuous availability, such as finance, healthcare, and critical infrastructure, could face operational disruptions from DDoS attacks or resource exhaustion caused by mining. Although Russia is the most affected country, the presence of victims in 26 countries indicates a global footprint, including Europe. The malware's abandonment by its developer may reduce future evolution but does not eliminate existing infections or the risk of copycat campaigns.
Mitigation Recommendations
1. Endpoint Security Enhancement: Deploy advanced endpoint detection and response (EDR) solutions capable of identifying behaviors associated with Blitz, such as unusual process injections, credential dumping, and network communications with Hugging Face Spaces. 2. User Awareness and Training: Educate users, especially younger employees and those in gaming communities, about the risks of downloading and executing unauthorized game cheats or software from untrusted sources. 3. Network Monitoring and Filtering: Implement strict network egress filtering to monitor and potentially block suspicious communications to known malicious domains or unusual cloud service endpoints, including Hugging Face Spaces URLs. 4. Application Whitelisting: Restrict execution of unauthorized software, particularly in environments where gaming or non-business applications are not required. 5. Incident Response Preparedness: Develop and regularly update incident response plans to detect and remediate infections involving multi-stage malware and cryptocurrency miners. 6. Patch and Update Management: Although no specific vulnerable software versions are indicated, maintaining updated operating systems and security tools reduces the attack surface. 7. Telegram Channel Monitoring: For organizations with security teams, monitor Telegram channels known for distributing game cheats to identify emerging threats early. 8. Resource Usage Alerts: Configure system monitoring to alert on abnormal CPU/GPU usage indicative of cryptocurrency mining. 9. Collaboration with Security Vendors: Utilize threat intelligence feeds and protections from vendors like Palo Alto Networks to stay ahead of Blitz-related indicators and tactics.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://unit42.paloaltonetworks.com/blitz-malware-2025"]
- Adversary
- null
- Pulse Id
- 6842e2db57cf477add2cd72d
- Threat Score
- null
Indicators of Compromise
Hash
| Value | Description | Copy |
|---|---|---|
hash1ba16655232828e33b7073046d64ecc0 | — | |
hash6aee9e10def52739fcc1f26e13d5433f | — | |
hashad00c6cc1732961b6b15c756e1ff2783 | — | |
hashe445a00fffe335d6dac0ac0fe0a5accc | — | |
hash28aaf8be816eb44be4ec8a8c28e0ceabc2c7f065 | — | |
hash7ae34489150e8215c15b2d5a9644a8c149314d48 | — | |
hashdca77260bd40e883749ac3c5ea3d0ab270562f2a | — | |
hash056fb07672dac83ef61c0b8b5bdc5e9f1776fc1d9c18ef6c3806e8fb545af78c | — | |
hash14467edd617486a1a42c6dab287ec4ae21409a5dc8eb46d77b853427b67d16d6 | — | |
hash1697daef685ce47578e44e2d19fa8e01c755de7fa297716b89e764ea046db1a0 | — | |
hash1bd55796ec712a98cf30fac404b29fcb2cdaa355cb596edcc12d8fbd918b4138 | — | |
hash1d9f12e356367c533ef756ab74d70fc537a580ec5ab904a4d583cebe0b89b4c4 | — | |
hash2007069b32bb9a7f87298fe3c1a87443c21f187ab8465c5b4a1505f0e5c7b898 | — | |
hash23086a1d207166154a1b1451f3174f7c5f5299dd4385d83fd8199833ce34325f | — | |
hash47ce55095e1f1f97307782dc4903934f66beec3476a45d85e33e48d63e1f2e15 | — | |
hash5ef29d6d4f72e62e0d5a1d0b85eed70b729cd530c8cb2745c66a25f5b5c7299e | — | |
hash5fc132b054099a1a65f377a3a22b003a6507107f3095371b44dbf5e098b02295 | — | |
hash6a55b7b01a8f7001e0e654f5feddcd0561b3694bcd2a9f9ca3e5f5e33dbbfc11 | — | |
hash8ed77eb6cd203e20b467d308bf7ee5213cbb2c055c4896b0af04e323bf67b887 | — | |
hasha34a4a7c71de2d4ec4baf56fd143d27eeedebb785a2ba3e0740b92e62efd81ea | — | |
hashaa5cd0219e8a0bd2e7d6c073f611102d718387750198bff564c20ca7ebada309 | — | |
hashae2f4c49f73f6d88b193a46cd22551bb31183ae6ee79d84be010d6acf9f2ee57 | — | |
hashb18e21e50f1c346c83c4cba933b6466ada22febaafa25c03ac01122a12164375 | — | |
hashbedeafd3680cad581a619fb58aa4f57ed991c4a8dd94df46ef9cbd08a8dd6052 | — | |
hashcacc1f36b3817e8b48fabbb4b4bd9d2f1949585c2f5170e3d2d04211861ef2ac | — | |
hashce1940eb26f0609fc25aaecbf998d01f5a7d5420c91bfe5c4b710d057981850c | — | |
hash7611646b02ffd5de6cb3f41d0721f2ba | — | |
hash9bdcf5f16cb8331241b2997ef88d2a67 | — | |
hash0e80fe5636336b70b1775e94aaa219e6aa27fcf700f90f8a5dd73a22c898d646 | — | |
hash1b80f8a985027aac004ef89caf9daa2ebbec7eece4ee442270e1d417092b88ef | — | |
hash27d074c6cfb079be8d087a0efa0ec24994972d1033fb4c72a2b479790cb3bb31 | — | |
hash2a279f345126141019fe836cea88f61e5b0449487a5a411bac53ad8273a3eac1 | — | |
hash2abb14bdf0f7f159c90183679729361102f0b46e5207a36c3f292adf7d0b1dd3 | — | |
hash2e543a246f3390bd3f9102af275e4a57f2c057bedad10079f5d2402ad9bd6421 | — | |
hash3064b4dd3e2c44c986f2c247a888c530b855db8fd7dd6d345cf187d873792fc7 | — | |
hash3099f41fb60e6f7fe5c1ae2141d4ac5d6f78c763f8cf3e68b2f154cf1a93faa7 | — | |
hash35696115cfd23a6d128da932be20a784f2a82ff411eca99c2c33bb2d1bd4026c | — | |
hash39d8a45108ab3ec5b56aca989f268c434957fa1dc160d0fe654cf0d5910bf4ce | — | |
hash3aaaab12ad5cc2571bf935ab248419c535577220571f76f84a37db5623956da9 | — | |
hash3c77173659b8049b96ca08fc1b8c6122e8d0cfb365920028dc3d18e95cf32ab2 | — | |
hash3f85d0c73ec6c8e45a24df14759f351aaf456d1eab3afbacc1d8ed95bb062a7b | — | |
hash450e33d866848c10ed3493bb1edf0a95084b8d69b963fb0aa72ba8d27c3110ab | — | |
hash46f11cbba1fea180d03b5ac2b68070cbbfa515131957db1d0551209220f7f045 | — | |
hash49b50765749c5e95c2010d790a691689b01e3f844636cd0d47e9fcfe346d7f40 | — | |
hash4f8031cabbc1f5b7574dbde4a251f8cb15ea8b0f7c151bdbb301dd017fedc944 | — | |
hash541a94110a0f9f73722bb9dd7d05b8d1822ad496084d39a777cb39f3b092b6e1 | — | |
hash54f254344ddff0763208c9739bd774d6f467009faa49d47468a8505c0e60dcfc | — | |
hash5ca0bc0b16b2107048b804936b8d52f90e3ba3a6bf7916732541cd1b3b6f962f | — | |
hash5d30045ce82f6e2431d6fd4dccb3ffd565820617d92763993dbbf4ddb9dde938 | — | |
hash6441e7000713f96c7ae114ce62378556d01fa29d435a5be0f11a5e80be9a26ed | — | |
hash67b3b8b8c63e2fa103143efc67536c0fe6a58f9e004e362c3df686951f59e2e0 | — | |
hash688754743476df47e612190ef790105efab8c611a5b5e2cbecb3c6b764bb9dd7 | — | |
hash6e8f4286ff63acda3a04fca3af7f9fc0962dc84ce889c0b51e5e5768043cbdad | — | |
hash7891bb5a4656469ada072f0081c5149251b9ad49dfcf64bdb02704edaa73548a | — | |
hash7b4aa0351f8fb71f0e1ccedc6998fc06945f1a77c7fb15f3448eaa483190a111 | — | |
hash7d082878c654ffdea32f15e258aae09d5375932499411b61e3b9189a2c906504 | — | |
hash7dc8f1ab3638fb64b809078856ac7500a1b8aa1bcf6bc74e88af59b7e3a31407 | — | |
hash7dd49c0128aaec33d33a5897cee0b79e91c935f1530993e5c845e35e03d7ed78 | — | |
hash839b2b72fc672549e7daefc08d28e74768d0b2b2b12662b799f46340e8bccf80 | — | |
hash83fc11bebb07f59cc86e2fd4c80936ecc6d1e0a21978ba1a9b09d3639f64844d | — | |
hash84a1d2bfe9bba6387e3752978aec1c0871fecf7844e23b72e4d6a046f58f4692 | — | |
hash84b654b32b478144d9eec3d923d7e387ec3aed83d7640c32a4d1f5e593750b80 | — | |
hash88e2d0d59a9751e4ce5223951f5a75b1731b1ee82d18705aba83ba4bd7e8e5c1 | — | |
hash931b5b2436c1d7f0ab9cfd6202dd18096d94317fdb7b492b63b16b730e2dff24 | — | |
hash995740e8cf0b6c44b1e3dbd1e983f3fdaa2dac6bd6db399efabd957794cf3954 | — | |
hash99598079794e4ff65a641828e1403b75362a7f732db4c938b9ded25f789d1793 | — | |
hash9994bb896944e667b1d1536fa64a235501817540bc6c338790d2f46d58b512c1 | — | |
hash9a5b4a4770c6d26fcd06dd53fc68dc5ee739fd5ed52530e80b5dfd4314dcbc6d | — | |
hash9c802ce1c678791b23a04027997d6cfa4ba1b2f0d54d9fb1051d870f05c2a746 | — | |
hasha2e9b708c7352205b62c2609d1fe43a034f7eb498daf116fb1f85ba2fb01b08b | — | |
hasha8d65fcf7c0f46fd761191b959571a7cc52ae8d0860c79595a28ad2a56d50186 | — | |
hashabcc59ab11b6828ad76a4064d928b9d627a574848a5a6e060b22cb27cd11b015 | — | |
hashb1b1ce259fcf5127c3477e278c3696dc7d15db63b673fdcf75e1deb89a0f6fd1 | — | |
hashb1d7fb16f057318c1f0727a46df7ad755361311ba22eddd1f5d397ef0e648c42 | — | |
hashb3bfa58ca38918d97ead9a0f7f799b08fbc082f9f844ef765c3acda4711b2888 | — | |
hashb43451cb80a77e30b4db51b371ad410e22a8921cd015cb4362dcdecd7a0fadce | — | |
hashb795cbacd5bf60399a3885e69dc7b2cbc75e8ddae01cee15e3c9fe1a3f953aa9 | — | |
hashb8c37133dc58e4f46efcac7254dee28c6cca6c9627d0d6ab0741fbce370996c2 | — | |
hashbbaa7bdd67822be567c1ed749c1ea42322bb1b9bc06470977597c7bf385f5aad | — | |
hashc0309ce6f86c5e83d18422a045367f7f9148b8b013093113bf08de4a262c1ee7 | — | |
hashc3520f7fc3452106ce43f17ea7db90d72c7ffed28a0d9431c84900cfdc08cfa7 | — | |
hashc53f86ca9dba6930087b564a9588ecd3a1073b8886bbca387484bef937fb1598 | — | |
hashc6161b8f85c15f2a88f1dcb5204161ce7c294aa408cba11dabf57a016d8d548f | — | |
hashcdf192e92d14b9d7e1201c23621c4e0b8ee0673c192bdd734afd97519afef271 | — | |
hashd7d98f3427bf7fa0f936472e9abaedfc38ea3e1a83a6c3bddec55b177b70e743 | — | |
hashf3b7bbe1079974fd505abaadbcf4dc0517620592eacbbe5f314a76775dd760c2 | — | |
hashfa0d069156d4913607fed8321ff5f7f4758a51e9ece2d00ccade8cb2e40e3374 | — |
Ip
| Value | Description | Copy |
|---|---|---|
ip176.65.137.44 | — |
Domain
| Value | Description | Copy |
|---|---|---|
domainblitz.net | — |
Threat ID: 6844344671f4d251b50adf71
Added to database: 6/7/2025, 12:44:54 PM
Last enriched: 7/8/2025, 12:27:37 PM
Last updated: 8/16/2025, 4:08:10 PM
Views: 17
Related Threats
“Vibe Hacking”: Abusing Developer Trust in Cursor and VS Code Remote Development
MediumSupply Chain Risk in Python: Termcolor and Colorama Explained
MediumMicrosoft 365 Direct Send Abuse: Phishing Risks & Security Recommendations
MediumThreat Actor Claims to Sell 15.8 Million Plain-Text PayPal Credentials
MediumElastic EDR 0-day: Microsoft-signed driver can be weaponized to attack its own host
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.