Reconnecting to live updates…

Digital Doppelgangers: Anatomy of Evolving Impersonation Campaigns Distributing Gh0st RAT

Severity: mediumType: malware

This report details two interconnected malware campaigns targeting Chinese-speaking users in 2025, using large-scale brand impersonation to deliver Gh0st RAT variants. The first campaign, active from February to March, mimicked three brands across over 2,000 domains. The second campaign, starting in May, impersonated over 40 applications with more sophisticated infection chains. Both campaigns used cloud infrastructure for payload delivery and DLL side-loading for evasion. The adversary demonstrated an evolving operational playbook, advancing from simple droppers to complex multi-stage infections. The campaigns' infrastructure remained active for months, indicating a persistent and well-resourced threat actor focused on Chinese-speaking targets globally.

AI Analysis

Technical Summary

The Digital Doppelgangers campaigns represent a sophisticated evolution in malware distribution tactics, focusing on delivering Gh0st RAT variants to Chinese-speaking users worldwide throughout 2025. The first campaign, active from February to March, impersonated three well-known brands across more than 2,000 domains, while the second campaign, starting in May, expanded to mimic over 40 different applications with more complex infection chains. Both campaigns utilize cloud infrastructure for hosting and delivering payloads, enhancing their resilience and evasion capabilities. A key technique employed is DLL side-loading, where malicious DLLs are loaded by legitimate applications to bypass security controls and evade detection. The adversary’s operational playbook has evolved from simple dropper malware to multi-stage infections involving several tactics such as domain generation algorithms, social engineering via brand impersonation, and use of legitimate cloud services. These campaigns have persisted for months, indicating a well-resourced and patient threat actor. Although the campaigns target Chinese-speaking users primarily, the infection vectors and infrastructure could potentially impact other regions if the malware spreads beyond intended targets. There are no known public exploits associated with this threat, and no specific affected software versions are identified. The medium severity rating reflects the complexity of the infection chain, the use of evasive techniques, and the targeted nature of the attacks.

Potential Impact

For European organizations, the primary impact lies in potential espionage, data theft, and persistent unauthorized access if targeted by these campaigns. Organizations with Chinese-speaking employees, business partners, or customers are at increased risk due to the targeted nature of the malware. The use of brand impersonation and cloud infrastructure could lead to successful phishing or supply chain attacks, potentially compromising sensitive corporate data or intellectual property. DLL side-loading techniques may allow attackers to bypass endpoint security solutions, increasing the likelihood of stealthy infections. Persistent access via Gh0st RAT could enable attackers to conduct long-term surveillance, exfiltrate data, or deploy additional malware payloads. While the campaigns currently focus on Chinese-speaking targets, collateral infections or misdirected attacks could affect European entities, especially those with multinational operations or cloud dependencies. The operational persistence and sophistication suggest that detection and remediation may be challenging, increasing potential downtime and incident response costs.

Mitigation Recommendations

European organizations should implement targeted detection capabilities for brand impersonation domains and monitor DNS traffic for suspicious domain generation algorithm (DGA) activity. Deploy advanced endpoint detection and response (EDR) solutions capable of identifying DLL side-loading and anomalous process behaviors. Restrict execution privileges to prevent unauthorized DLL loading by legitimate applications and enforce application whitelisting where feasible. Conduct user awareness training focused on recognizing phishing attempts that leverage brand impersonation, especially in Chinese language contexts. Monitor cloud infrastructure usage and network traffic for unusual patterns indicative of payload delivery or command and control communications. Employ threat intelligence feeds to stay updated on emerging indicators of compromise related to Gh0st RAT and associated campaigns. Regularly audit and update security controls to detect multi-stage infection chains and lateral movement. Collaborate with cybersecurity communities to share intelligence on these campaigns and coordinate defensive measures. Finally, ensure incident response plans include scenarios involving advanced persistent threats using sophisticated evasion techniques.

Affected Countries

United Kingdom, Germany, France, Netherlands, Belgium, Sweden, Italy

Indicators of Compromise

hash: 6e1c52be3b1b38d57430bbcaee7d367a
hash: 7cb5cea873665a41b21e216d01c23087
hash: db591d11abfa31047843e84a004fdb8b
hash: ddc764d0b18c5af9f7e94e9d5eebb48f
hash: 6726588885e853e40a768aad2f366e3c95e3fcad
hash: 7329711c865faf018bd1d0446613cfc1020a05b9
hash: a06d80258da2a37c316b56cd73423a1127ff0079
hash: d562a64b760462dbd5201d1954dd2b4e1c1268db
hash: 0076f6ea4346af5ae43db08205664092029e06bb353e3406ee649e98723182eb
hash: 1395627eca4ca8229c3e7da0a48a36d130ce6b016bb6da750b3d992888b20ab8
hash: 1a13dc5488612aff33c3ad378d6b06b76551a2c6defb30b132547a633df03076
hash: 2232612b09b636698afcdb995b822adf21c34fb8979dd63f8d01f0d038acb454
hash: 23a96252ba2a3cff76158fa598f4de904780f24fbbd426f36258077628e8cfc2
hash: 299e6791e4eb85617c4fab7f27ac53fb70cd038671f011007831b558c318b369
hash: 33414abc9d5d4767a2612f85fe3b0555f3cbef646163ef3d1d9ddb753df5efbf
hash: 45c62ebe5cd2441ca25a86ddc7023bc938c8d47f12ea626d5245875bf0a13c02
hash: 61bb32673e33c7aa1a0825e18629880b4d870fdeb4666d8b0ca954866d110a07
hash: 77c12dcdacd58f1f0cbf032fcf52b18aa06cd30c8a763a4dd3b2216f9c78e9a4
hash: 7a4d5219956854db9581c98d9cee7d6ebe61c5498988ec2655cd80f3548f7bed
hash: af1a08578a5ebb02835cf10a9a45393349bcaa2caa6eb9e823e7fc08db37da66
hash: c333e4ed8e0d5c3b1f26fa12f51a1dc66db4cca344a646061e2c95f305560aa9
hash: c37d0c9c9da830e6173b71a3bcc5203fbb66241ccd7d704b3a1d809cadd551b2
hash: d44603abdcd6a4eb3283d5d4be88b93cc359d6f0efaccfd546c10e3349ccb4ed
hash: d9efd833d31365c25bc10bb2a34845add5ff89bd660da1d9405dea82d035a308
hash: e5d6f7138fcccd1a579d681ef354c4660deab3c216f3db1a330a8212d99fbea1
ip: 103.181.134.138
ip: 154.82.84.227
ip: 156.251.25.112
ip: 156.251.25.43
domain: deep-seek.bar
domain: deep-seek.bond
domain: deep-seek.cfd
domain: deep-seek.qpon
domain: deep-seek.rest
domain: i4toolsearch.vip
domain: i4toolssddsl.top
domain: i4toolssddzp.top
domain: i4toolssddzq.top
domain: i4toolssddzr.top
domain: i4toolssddzt.top
domain: i4toolssddzu.top
domain: i4toolssddzw.top
domain: i4toolssddzy.top
domain: i4toolssffna.top
domain: i4toolssffnd.top
domain: i4toolssffnf.top
domain: i4toolssffng.top
domain: i4toolssffnh.top
domain: i4toolssffnj.top
domain: i4toolssffnl.top
domain: xiaobaituziha.com
domain: xiazailianjieoss.com
domain: youdaohhnf.top
domain: youdaohhsh.top
domain: youdaohhvw.top
domain: youdaohhvy.top
domain: youdaohhxf.top
domain: youdaohhzi.top
domain: youdaohhzy.top
domain: fs-im-kefu.7moor-fs1.com
hash: 00f206b3dfc921f0c696b0c346e39fc9
hash: 06807d8d7282959ce062f92a708d382f
hash: fbfdc8bbff6225cebcc4f005c985159096b0d709
hash: ff2d55a844c1fd37b3841cefa7e2d21de5fa8bac
hash: 18a21dbc327484b8accbd4a6d7b18608390a69033647099f807fdbfdcfff7e6d
hash: 1c3f2530b2764754045039066d2c277dff4efabd4f15f2944e30b10e82f443c0
hash: 491872a50b8db56d6a5ef1ccabe8702fb7763da4fd3b474d20ae0c98969acfe5
hash: 495ea08268fd9cf52643a986b7b035415660eb411d8484e2c3b54e2c4e466a58
hash: 7267a303abb5fcae2e6f5c3ecf3b50d204f760dabdfc5600bd248fcfad3fc133
hash: bc6fb2eab9ed8d9eb405f6186d08e85be8b1308d207970cc41cf90477aa79064
hash: bd4635d582413f84ac83adbb4b449b18bac4fc87ca000d0c7be84ad0f9caf68e
hash: dbe70991750c6dd665b281c27f7be40afea8b5718b097e43cd041d698706ade4
hash: e8c058acfa2518ddc7828304cf314b6dd49717e9a291ca32ba185c44937c422b
domain: 1235saddfs.icu
domain: anydesk-www.cyou
domain: djbzdhygj.com
domain: guwaanzh1.cyou
domain: guwaanzh2.cyou
domain: guwaanzh20.cyou
domain: guwaanzh21.cyou
domain: guwaanzh24.cyou
domain: guwaanzh25.cyou
domain: guwaanzh34.cyou
domain: guwaanzh35.cyou
domain: guwaanzh8.cyou
domain: i4toolsllsk.top
domain: i4toolsuuoxk.top
domain: i4toolsuuozp.top
domain: qishuiyinyque-vip.top
domain: xiaofeige.icu
domain: xiazaizhadia1.cyou
domain: xiazaizhadia10.cyou
domain: xiazaizhadia11.cyou
domain: xiazaizhadia12.cyou
domain: xiazaizhadia16.cyou
domain: xiazaizhadia18.cyou
domain: xiazaizhadia19.cyou
domain: xiazaizhadia2.cyou
domain: xiazaizhadia20.cyou
domain: xiazaizhadia21.cyou
domain: xiazaizhadia22.cyou
domain: xiazaizhadia24.cyou
domain: xiazaizhadia27.cyou
domain: xiazaizhadia29.cyou
domain: xiazaizhadia30.cyou
domain: xiazaizhadia31.cyou
domain: xiazaizhadia33.cyou
domain: xiazaizhadia34.cyou
domain: xiazaizhadia35.cyou
domain: xiazaizhadia36.cyou
domain: xiazaizhadia37.cyou
domain: xiazaizhadia39.cyou
domain: xiazaizhadia40.cyou
domain: xiazaizhadia41.cyou
domain: xiazaizhadia42.cyou
domain: xiazaizhadia44.cyou
domain: xiazaizhadia46.cyou
domain: xiazaizhadia50.cyou
domain: xiazaizhadia51.cyou
domain: xiazaizhadia8.cyou
domain: xiazaizhadia9.cyou
domain: ydbao11.cyou
domain: ydbaoo52.cyou
domain: youdaooosssj.top
domain: youdaqqaavw.top
domain: youdaxxddxk.top
domain: youdaxxyzr.top
domain: youdaxxyzy.top
domain: yqmqhjgn.com
domain: 7m-sdk.7moor-fs1.com
domain: i4.llllxiazai-web.vip

Digital Doppelgangers: Anatomy of Evolving Impersonation Campaigns Distributing Gh0st RAT

Severity: medium

Type: malware

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

United Kingdom, Germany, France, Netherlands, Belgium, Sweden, Italy

Indicators of Compromise

hash: 6e1c52be3b1b38d57430bbcaee7d367a
hash: 7cb5cea873665a41b21e216d01c23087
hash: db591d11abfa31047843e84a004fdb8b
hash: ddc764d0b18c5af9f7e94e9d5eebb48f
hash: 6726588885e853e40a768aad2f366e3c95e3fcad
hash: 7329711c865faf018bd1d0446613cfc1020a05b9
hash: a06d80258da2a37c316b56cd73423a1127ff0079
hash: d562a64b760462dbd5201d1954dd2b4e1c1268db
hash: 0076f6ea4346af5ae43db08205664092029e06bb353e3406ee649e98723182eb
hash: 1395627eca4ca8229c3e7da0a48a36d130ce6b016bb6da750b3d992888b20ab8
hash: 1a13dc5488612aff33c3ad378d6b06b76551a2c6defb30b132547a633df03076
hash: 2232612b09b636698afcdb995b822adf21c34fb8979dd63f8d01f0d038acb454
hash: 23a96252ba2a3cff76158fa598f4de904780f24fbbd426f36258077628e8cfc2
hash: 299e6791e4eb85617c4fab7f27ac53fb70cd038671f011007831b558c318b369
hash: 33414abc9d5d4767a2612f85fe3b0555f3cbef646163ef3d1d9ddb753df5efbf
hash: 45c62ebe5cd2441ca25a86ddc7023bc938c8d47f12ea626d5245875bf0a13c02
hash: 61bb32673e33c7aa1a0825e18629880b4d870fdeb4666d8b0ca954866d110a07
hash: 77c12dcdacd58f1f0cbf032fcf52b18aa06cd30c8a763a4dd3b2216f9c78e9a4
hash: 7a4d5219956854db9581c98d9cee7d6ebe61c5498988ec2655cd80f3548f7bed
hash: af1a08578a5ebb02835cf10a9a45393349bcaa2caa6eb9e823e7fc08db37da66
hash: c333e4ed8e0d5c3b1f26fa12f51a1dc66db4cca344a646061e2c95f305560aa9
hash: c37d0c9c9da830e6173b71a3bcc5203fbb66241ccd7d704b3a1d809cadd551b2
hash: d44603abdcd6a4eb3283d5d4be88b93cc359d6f0efaccfd546c10e3349ccb4ed
hash: d9efd833d31365c25bc10bb2a34845add5ff89bd660da1d9405dea82d035a308
hash: e5d6f7138fcccd1a579d681ef354c4660deab3c216f3db1a330a8212d99fbea1
ip: 103.181.134.138
ip: 154.82.84.227
ip: 156.251.25.112
ip: 156.251.25.43
domain: deep-seek.bar
domain: deep-seek.bond
domain: deep-seek.cfd
domain: deep-seek.qpon
domain: deep-seek.rest
domain: i4toolsearch.vip
domain: i4toolssddsl.top
domain: i4toolssddzp.top
domain: i4toolssddzq.top
domain: i4toolssddzr.top
domain: i4toolssddzt.top
domain: i4toolssddzu.top
domain: i4toolssddzw.top
domain: i4toolssddzy.top
domain: i4toolssffna.top
domain: i4toolssffnd.top
domain: i4toolssffnf.top
domain: i4toolssffng.top
domain: i4toolssffnh.top
domain: i4toolssffnj.top
domain: i4toolssffnl.top
domain: xiaobaituziha.com
domain: xiazailianjieoss.com
domain: youdaohhnf.top
domain: youdaohhsh.top
domain: youdaohhvw.top
domain: youdaohhvy.top
domain: youdaohhxf.top
domain: youdaohhzi.top
domain: youdaohhzy.top
domain: fs-im-kefu.7moor-fs1.com
hash: 00f206b3dfc921f0c696b0c346e39fc9
hash: 06807d8d7282959ce062f92a708d382f
hash: fbfdc8bbff6225cebcc4f005c985159096b0d709
hash: ff2d55a844c1fd37b3841cefa7e2d21de5fa8bac
hash: 18a21dbc327484b8accbd4a6d7b18608390a69033647099f807fdbfdcfff7e6d
hash: 1c3f2530b2764754045039066d2c277dff4efabd4f15f2944e30b10e82f443c0
hash: 491872a50b8db56d6a5ef1ccabe8702fb7763da4fd3b474d20ae0c98969acfe5
hash: 495ea08268fd9cf52643a986b7b035415660eb411d8484e2c3b54e2c4e466a58
hash: 7267a303abb5fcae2e6f5c3ecf3b50d204f760dabdfc5600bd248fcfad3fc133
hash: bc6fb2eab9ed8d9eb405f6186d08e85be8b1308d207970cc41cf90477aa79064
hash: bd4635d582413f84ac83adbb4b449b18bac4fc87ca000d0c7be84ad0f9caf68e
hash: dbe70991750c6dd665b281c27f7be40afea8b5718b097e43cd041d698706ade4
hash: e8c058acfa2518ddc7828304cf314b6dd49717e9a291ca32ba185c44937c422b
domain: 1235saddfs.icu
domain: anydesk-www.cyou
domain: djbzdhygj.com
domain: guwaanzh1.cyou
domain: guwaanzh2.cyou
domain: guwaanzh20.cyou
domain: guwaanzh21.cyou
domain: guwaanzh24.cyou
domain: guwaanzh25.cyou
domain: guwaanzh34.cyou
domain: guwaanzh35.cyou
domain: guwaanzh8.cyou
domain: i4toolsllsk.top
domain: i4toolsuuoxk.top
domain: i4toolsuuozp.top
domain: qishuiyinyque-vip.top
domain: xiaofeige.icu
domain: xiazaizhadia1.cyou
domain: xiazaizhadia10.cyou
domain: xiazaizhadia11.cyou
domain: xiazaizhadia12.cyou
domain: xiazaizhadia16.cyou
domain: xiazaizhadia18.cyou
domain: xiazaizhadia19.cyou
domain: xiazaizhadia2.cyou
domain: xiazaizhadia20.cyou
domain: xiazaizhadia21.cyou
domain: xiazaizhadia22.cyou
domain: xiazaizhadia24.cyou
domain: xiazaizhadia27.cyou
domain: xiazaizhadia29.cyou
domain: xiazaizhadia30.cyou
domain: xiazaizhadia31.cyou
domain: xiazaizhadia33.cyou
domain: xiazaizhadia34.cyou
domain: xiazaizhadia35.cyou
domain: xiazaizhadia36.cyou
domain: xiazaizhadia37.cyou
domain: xiazaizhadia39.cyou
domain: xiazaizhadia40.cyou
domain: xiazaizhadia41.cyou
domain: xiazaizhadia42.cyou
domain: xiazaizhadia44.cyou
domain: xiazaizhadia46.cyou
domain: xiazaizhadia50.cyou
domain: xiazaizhadia51.cyou
domain: xiazaizhadia8.cyou
domain: xiazaizhadia9.cyou
domain: ydbao11.cyou
domain: ydbaoo52.cyou
domain: youdaooosssj.top
domain: youdaqqaavw.top
domain: youdaxxddxk.top
domain: youdaxxyzr.top
domain: youdaxxyzy.top
domain: yqmqhjgn.com
domain: 7m-sdk.7moor-fs1.com
domain: i4.llllxiazai-web.vip

Source: AlienVault OTX General

Published: Sat Nov 15 2025

Digital Doppelgangers: Anatomy of Evolving Impersonation Campaigns Distributing Gh0st RAT

Medium

Published: Sat Nov 15 2025 (11/15/2025, 05:58:39 UTC)

Source: AlienVault OTX General

Description

AI-Powered Analysis

AILast updated: 11/17/2025, 09:47:39 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Upgrade to Pro Console

Technical Details

Author: AlienVault
Tlp: white
References: ["https://unit42.paloaltonetworks.com/impersonation-campaigns-deliver-gh0st-rat/"]
Adversary: null
Pulse Id: 6918168f887ca57be0147adb
Threat Score: null

Indicators of Compromise

Hash

Value	Description	Copy
hash6e1c52be3b1b38d57430bbcaee7d367a	—
hash7cb5cea873665a41b21e216d01c23087	—
hashdb591d11abfa31047843e84a004fdb8b	—
hashddc764d0b18c5af9f7e94e9d5eebb48f	—
hash6726588885e853e40a768aad2f366e3c95e3fcad	—
hash7329711c865faf018bd1d0446613cfc1020a05b9	—
hasha06d80258da2a37c316b56cd73423a1127ff0079	—
hashd562a64b760462dbd5201d1954dd2b4e1c1268db	—
hash0076f6ea4346af5ae43db08205664092029e06bb353e3406ee649e98723182eb	—
hash1395627eca4ca8229c3e7da0a48a36d130ce6b016bb6da750b3d992888b20ab8	—
hash1a13dc5488612aff33c3ad378d6b06b76551a2c6defb30b132547a633df03076	—
hash2232612b09b636698afcdb995b822adf21c34fb8979dd63f8d01f0d038acb454	—
hash23a96252ba2a3cff76158fa598f4de904780f24fbbd426f36258077628e8cfc2	—
hash299e6791e4eb85617c4fab7f27ac53fb70cd038671f011007831b558c318b369	—
hash33414abc9d5d4767a2612f85fe3b0555f3cbef646163ef3d1d9ddb753df5efbf	—
hash45c62ebe5cd2441ca25a86ddc7023bc938c8d47f12ea626d5245875bf0a13c02	—
hash61bb32673e33c7aa1a0825e18629880b4d870fdeb4666d8b0ca954866d110a07	—
hash77c12dcdacd58f1f0cbf032fcf52b18aa06cd30c8a763a4dd3b2216f9c78e9a4	—
hash7a4d5219956854db9581c98d9cee7d6ebe61c5498988ec2655cd80f3548f7bed	—
hashaf1a08578a5ebb02835cf10a9a45393349bcaa2caa6eb9e823e7fc08db37da66	—
hashc333e4ed8e0d5c3b1f26fa12f51a1dc66db4cca344a646061e2c95f305560aa9	—
hashc37d0c9c9da830e6173b71a3bcc5203fbb66241ccd7d704b3a1d809cadd551b2	—
hashd44603abdcd6a4eb3283d5d4be88b93cc359d6f0efaccfd546c10e3349ccb4ed	—
hashd9efd833d31365c25bc10bb2a34845add5ff89bd660da1d9405dea82d035a308	—
hashe5d6f7138fcccd1a579d681ef354c4660deab3c216f3db1a330a8212d99fbea1	—
hash00f206b3dfc921f0c696b0c346e39fc9	—
hash06807d8d7282959ce062f92a708d382f	—
hashfbfdc8bbff6225cebcc4f005c985159096b0d709	—
hashff2d55a844c1fd37b3841cefa7e2d21de5fa8bac	—
hash18a21dbc327484b8accbd4a6d7b18608390a69033647099f807fdbfdcfff7e6d	—
hash1c3f2530b2764754045039066d2c277dff4efabd4f15f2944e30b10e82f443c0	—
hash491872a50b8db56d6a5ef1ccabe8702fb7763da4fd3b474d20ae0c98969acfe5	—
hash495ea08268fd9cf52643a986b7b035415660eb411d8484e2c3b54e2c4e466a58	—
hash7267a303abb5fcae2e6f5c3ecf3b50d204f760dabdfc5600bd248fcfad3fc133	—
hashbc6fb2eab9ed8d9eb405f6186d08e85be8b1308d207970cc41cf90477aa79064	—
hashbd4635d582413f84ac83adbb4b449b18bac4fc87ca000d0c7be84ad0f9caf68e	—
hashdbe70991750c6dd665b281c27f7be40afea8b5718b097e43cd041d698706ade4	—
hashe8c058acfa2518ddc7828304cf314b6dd49717e9a291ca32ba185c44937c422b	—

Ip

Value	Description	Copy
ip103.181.134.138	—
ip154.82.84.227	—
ip156.251.25.112	—
ip156.251.25.43	—

Domain

Value	Description	Copy
domaindeep-seek.bar	—
domaindeep-seek.bond	—
domaindeep-seek.cfd	—
domaindeep-seek.qpon	—
domaindeep-seek.rest	—
domaini4toolsearch.vip	—
domaini4toolssddsl.top	—
domaini4toolssddzp.top	—
domaini4toolssddzq.top	—
domaini4toolssddzr.top	—
domaini4toolssddzt.top	—
domaini4toolssddzu.top	—
domaini4toolssddzw.top	—
domaini4toolssddzy.top	—
domaini4toolssffna.top	—
domaini4toolssffnd.top	—
domaini4toolssffnf.top	—
domaini4toolssffng.top	—
domaini4toolssffnh.top	—
domaini4toolssffnj.top	—
domaini4toolssffnl.top	—
domainxiaobaituziha.com	—
domainxiazailianjieoss.com	—
domainyoudaohhnf.top	—
domainyoudaohhsh.top	—
domainyoudaohhvw.top	—
domainyoudaohhvy.top	—
domainyoudaohhxf.top	—
domainyoudaohhzi.top	—
domainyoudaohhzy.top	—
domainfs-im-kefu.7moor-fs1.com	—
domain1235saddfs.icu	—
domainanydesk-www.cyou	—
domaindjbzdhygj.com	—
domainguwaanzh1.cyou	—
domainguwaanzh2.cyou	—
domainguwaanzh20.cyou	—
domainguwaanzh21.cyou	—
domainguwaanzh24.cyou	—
domainguwaanzh25.cyou	—
domainguwaanzh34.cyou	—
domainguwaanzh35.cyou	—
domainguwaanzh8.cyou	—
domaini4toolsllsk.top	—
domaini4toolsuuoxk.top	—
domaini4toolsuuozp.top	—
domainqishuiyinyque-vip.top	—
domainxiaofeige.icu	—
domainxiazaizhadia1.cyou	—
domainxiazaizhadia10.cyou	—
domainxiazaizhadia11.cyou	—
domainxiazaizhadia12.cyou	—
domainxiazaizhadia16.cyou	—
domainxiazaizhadia18.cyou	—
domainxiazaizhadia19.cyou	—
domainxiazaizhadia2.cyou	—
domainxiazaizhadia20.cyou	—
domainxiazaizhadia21.cyou	—
domainxiazaizhadia22.cyou	—
domainxiazaizhadia24.cyou	—
domainxiazaizhadia27.cyou	—
domainxiazaizhadia29.cyou	—
domainxiazaizhadia30.cyou	—
domainxiazaizhadia31.cyou	—
domainxiazaizhadia33.cyou	—
domainxiazaizhadia34.cyou	—
domainxiazaizhadia35.cyou	—
domainxiazaizhadia36.cyou	—
domainxiazaizhadia37.cyou	—
domainxiazaizhadia39.cyou	—
domainxiazaizhadia40.cyou	—
domainxiazaizhadia41.cyou	—
domainxiazaizhadia42.cyou	—
domainxiazaizhadia44.cyou	—
domainxiazaizhadia46.cyou	—
domainxiazaizhadia50.cyou	—
domainxiazaizhadia51.cyou	—
domainxiazaizhadia8.cyou	—
domainxiazaizhadia9.cyou	—
domainydbao11.cyou	—
domainydbaoo52.cyou	—
domainyoudaooosssj.top	—
domainyoudaqqaavw.top	—
domainyoudaxxddxk.top	—
domainyoudaxxyzr.top	—
domainyoudaxxyzy.top	—
domainyqmqhjgn.com	—
domain7m-sdk.7moor-fs1.com	—
domaini4.llllxiazai-web.vip	—

Threat ID: 691aebada2e17873632ea95b

Added to database: 11/17/2025, 9:32:29 AM

Last enriched: 11/17/2025, 9:47:39 AM

Last updated: 1/7/2026, 4:22:04 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Digital Doppelgangers: Anatomy of Evolving Impersonation Campaigns Distributing Gh0st RAT

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

Digital Doppelgangers: Anatomy of Evolving Impersonation Campaigns Distributing Gh0st RAT

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Hash

Ip

Domain

Community Reviews

Related Threats

ThreatFox IOCs for 2026-01-06

Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat

ThreatFox IOCs for 2026-01-05

New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code

MuddyWater: Snakes by the riverbank

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility