Maltrail IOC for 2026-02-24
Maltrail IOC for 2026-02-24
AI Analysis
Technical Summary
This entry represents an Indicator of Compromise (IOC) related to malware activity detected or observed on February 24, 2026, as reported by the CIRCL OSINT feed. The IOC is part of the Maltrail project, which focuses on network traffic anomaly detection and threat intelligence. The data lacks specific technical indicators such as IP addresses, domain names, file hashes, or malware behavior patterns, and no affected software versions or products are listed. The IOC is categorized under OSINT, external analysis, and network activity, indicating it is derived from open-source intelligence and network monitoring observations. There are no known exploits in the wild, no patches available, and no CWE identifiers, suggesting this is an informational alert rather than a confirmed active threat. The medium severity rating likely reflects the potential for malware-related network anomalies but without confirmed impact or exploitation. The IOC is shared under TLP: clear, meaning it is intended for public dissemination to aid broad defensive measures. The absence of automation in collection and the manual nature of the data gathering imply that this is a curated observation rather than an automated detection feed. Overall, this IOC serves as a situational awareness tool for network defenders to enhance monitoring and detection capabilities against potential malware-related network threats.
Potential Impact
Given the lack of specific technical details and no known active exploitation, the direct impact of this IOC is limited. However, it signals the presence or detection of malware-related network activity that could indicate ongoing or emerging threats. Organizations worldwide could face risks of malware infections leading to data compromise, service disruption, or unauthorized access if related threats are present but undetected. The medium severity suggests moderate risk, emphasizing the importance of network monitoring and threat intelligence integration to identify and respond to suspicious activity early. Without concrete exploit details or affected products, the impact is primarily on detection and response capabilities rather than immediate operational disruption. This IOC can help organizations improve situational awareness but does not represent an urgent or critical threat requiring immediate patching or remediation.
Mitigation Recommendations
1. Integrate the IOC into existing network monitoring and intrusion detection systems to enhance detection of related malware activity. 2. Maintain updated threat intelligence feeds and correlate this IOC with other indicators to identify potential emerging threats. 3. Conduct regular network traffic analysis focusing on anomalies that may align with malware behavior patterns. 4. Employ behavioral analytics and anomaly detection tools to identify suspicious network communications potentially related to this IOC. 5. Ensure endpoint protection solutions are current and capable of detecting malware variants that may generate network anomalies. 6. Train security teams to recognize and investigate alerts stemming from such OSINT-based IOCs, emphasizing manual review and contextual analysis. 7. Share findings with relevant information sharing and analysis centers (ISACs) to improve collective defense. 8. Since no patches or exploits are known, focus mitigation on detection, containment, and response rather than patch management.
Affected Countries
United States, Germany, France, United Kingdom, Canada, Australia, Netherlands, Japan, South Korea, Singapore
Indicators of Compromise
- url: https://api.github.com/repos/stamparm/maltrail/commits/e53c50beda89b027b090eed0a98c9445a08327ce
- ip: 151.241.154.119
- url: https://api.github.com/repos/stamparm/maltrail/commits/d4716f94d5df29aefb74947468dbd0c4bd0996fc
- domain: tered.pw
- url: https://api.github.com/repos/stamparm/maltrail/commits/1060b34b043498957ee8024d00fb38fa8d4a119f
- domain: rvtoolc.info
- url: https://api.github.com/repos/stamparm/maltrail/commits/8f99fa593c921ab847d4a87ed524e4cb4546d486
- domain: rvtooli.info
- url: https://api.github.com/repos/stamparm/maltrail/commits/5678302f8a5a9f8db722fd68c4378ea5b5fe497f
- domain: account.booklngg.com
- domain: booklngg.com
- domain: nightlywallet.app
- domain: 59xgjeq2.hexalink.digital
- domain: best.deals.my.id
- domain: brandnew.deals.my.id
- domain: buycheap.deals.my.id
- domain: cheapest.deals.my.id
- domain: deals.my.id
- domain: hexalink.digital
- url: https://api.github.com/repos/stamparm/maltrail/commits/daf13720da4344b799ac1bce73959a260ce00a8a
- domain: filecloudgrid.com
- domain: filecloudzip.com
- domain: filedrivenow.com
- domain: filesharegrid.com
- domain: media.megafilehost.cfd
- domain: megafilehost.baby
- domain: megafilehost.xyz
- url: https://api.github.com/repos/stamparm/maltrail/commits/ade51ff5ba6b3ab47046f82970e5cef3a0b4bda4
- url: https://www.virustotal.com/gui/file/5b2977786f032de4a260fe264d36e4a959927e07d558eff259679afc71e87350/detection
- domain: dc.aartzz.pp.ua
- url: https://api.github.com/repos/stamparm/maltrail/commits/c035cfbce3585cd0fdbbca5aa53e8f1a752de647
- domain: demo.ntl-rto.com
- domain: smscup.ir
- url: https://api.github.com/repos/stamparm/maltrail/commits/b282cf463fb1fb9eca272d304565e5df86876a12
- domain: shift4internal.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/d64a7b76f2a61b088b8e0a986367f1c19c1f2652
- domain: chromium-report-tech-331as-2s1-tcd-h143.chartexaapp-razv.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/3d5b8ecc53c8caa045e2d00448c6cdd4b9c8cbcc
- url: https://www.virustotal.com/gui/file/11d7d19fd9ad0d93b2f78d9d2fe802bd457cd6857a890e874a0a326a617567ac/detection
- ip: 65.21.104.235
- domain: forestoaker.com
- domain: pub-22a8dd26de0749d5b900b711deea554b.r2.dev
- url: https://api.github.com/repos/stamparm/maltrail/commits/24035499341e1bb46723e140fac0780173f5585c
- ip: 143.92.60.24
- url: https://api.github.com/repos/stamparm/maltrail/commits/beec27fc466826454389b9f1f468a1eec0a698aa
- domain: cdhhcehkchddeec.top
- domain: mhlgcebldddbidl.top
- url: https://api.github.com/repos/stamparm/maltrail/commits/c1f22ce7a75a4f216756da51df1cd3c39814adf5
- domain: spacesolutionmac.it.com
- domain: storg.pages.dev
- url: https://api.github.com/repos/stamparm/maltrail/commits/efa04e1f95850cc5a6db30e4ff44ccc642432038
- url: https://www.virustotal.com/gui/ip-address/151.245.121.51/relations
- domain: canvasn.top
- domain: convexm.top
- domain: credil.club
- domain: cygnusn.cyou
- domain: darkbq.club
- domain: genetiz.shop
- domain: iivouw.club
- domain: integri.top
- domain: kaboim.club
- domain: mensare.top
- domain: pageld.club
- domain: parabg.club
- domain: screwd.club
- domain: testdf.club
- domain: thinlpr.buzz
- domain: touchfh.shop
- domain: wipez.top
- url: https://api.github.com/repos/stamparm/maltrail/commits/0c50ef33b161dfbf964a1887b3828b58437af244
- url: https://x.com/smica83/status/2026055656638124417
- url: https://tria.ge/260223-1y111sds7a/behavioral1
- ip: 192.159.99.176
- url: https://api.github.com/repos/stamparm/maltrail/commits/5098133f78daf5c6a3c80eee4c98bcb0fd646e05
- url: https://x.com/smica83/status/2026056412049072213
- domain: heads-resistance-august-sweet.trycloudflare.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/5ec67cc9678a13c2f5cc6479bd191ef1d5e7182d
- url: https://x.com/smica83/status/2025979039614177769
- url: https://x.com/smica83/status/2026038524906975421
- domain: advise-visual-playstation-closer.trycloudflare.com
- domain: registry-memory-defines-obtaining.trycloudflare.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/eed2bf66bac09535f533a7f7c4fd5e11fd55a0f2
- domain: chk.nsetverification.mydns.bz
- domain: cvcmains.dns.army
- domain: ips-edocdeliver.mydns.bz
- domain: navlogin.sev.cvcmains.dns.army
- domain: nid-naverhpk.onthewifi.com
- domain: nid-naverjzc.servehalflife.com
- domain: nid-navermly.servegame.com
- domain: nid-naverohn.3utilities.com
- domain: nid-naverxqh.servecounterstrike.com
- domain: nkdocument-hometax.mydns.bz
- domain: nsetverification.mydns.bz
- domain: nuser-login.ips-edocdeliver.mydns.bz
- domain: sev.cvcmains.dns.army
- url: https://api.github.com/repos/stamparm/maltrail/commits/f0c057f37fef906bfeaf8c85eebc02bcc5133d2a
- url: https://www.virustotal.com/gui/file/b804437ff855bd3fd448d2bf76f47ada7dcee6288d8f0a53d41fd3b1361c4c0d/detection
- domain: vvork-space.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/dbf4930c405e099e546da792cde0bf9210bff734
- url: https://www.virustotal.com/gui/file/0e4780dd90a355c293a08c5607887b95ba4d7d5bffea1a8df92450dfc08934ea/detection
- domain: alphazero1-endscape.cc
- domain: alphazero10-endscape.cc
- domain: alphazero2-endscape.cc
- domain: alphazero3-endscape.cc
- domain: alphazero4-endscape.cc
- domain: alphazero5-endscape.cc
- domain: alphazero6-endscape.cc
- domain: alphazero7-endscape.cc
- domain: alphazero8-endscape.cc
- domain: alphazero9-endscape.cc
- url: https://api.github.com/repos/stamparm/maltrail/commits/5ea1173644e6bd59ebd6d5c49fcc62fef5af1b95
- url: https://x.com/tuckner/status/2026069982493229434
- url: https://annex.security/blog/promise-bomb
- domain: page-guard.com
- domain: pixel-defence.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/24f04eb96c56c6f97f1ed248dd1f8f82fc85040c
- url: https://x.com/malwrhunterteam/status/2026251417372049675
- url: https://www.virustotal.com/gui/file/73ae9fe72b3340b95e7187cd51de3b7476cfb84aa20b9903cfaff4f1c96a3e01/detection
- domain: streamcdn.click
- url: https://api.github.com/repos/stamparm/maltrail/commits/2d39fd81500e67b0a26081813c5bb8f46cffe31e
- url: https://www.virustotal.com/gui/ip-address/38.180.80.50/relations
- domain: javascripttestlibrary.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/b3fa70ad54a979c37f8c2de4bf0b6934d0000a24
- domain: chatliveapp.com
- domain: livechathub.org
- url: https://api.github.com/repos/stamparm/maltrail/commits/4df89b99efb34e1f6f58e84340e0f41c59442f61
- domain: liverespond.online
- domain: apicheck.chatliveplus.com
- domain: blog.chatliveplus.com
- domain: chat.eventchatsupport.com
- domain: calendar.livechatlite.com
- domain: mail.chatliveplus.com
- domain: online.eventchatsupport.com
- domain: portal.livechatlite.com
- domain: status.livechatlite.com
- domain: system.eventchatsupport.com
- domain: webdisk.chatliveplus.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/4c405151fc705dbf7e7854e5a799d635c80c97a7
- url: https://x.com/sdcyberresearch/status/2026266049755164860
- domain: chatliveplus.com
- domain: eventchatsupport.com
- domain: livechatlite.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/a26b69e1fc21b37577409db62e93347d90798bfc
- url: https://socket.dev/blog/malicious-chrome-extension-performs-hidden-affiliate-hijacking
- domain: 10xprofit.io
- domain: app.10xprofit.io
- url: https://api.github.com/repos/stamparm/maltrail/commits/66ea3343d6a60f23712520c7d0e9d5d6f72133a1
- url: https://www.cyberproof.com/blog/fake-captcha-attack-uncovered-clickfix-infostealer-campaign
- domain: pinmaha.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/99b248df35bcf6619a11b06548379b4a2a8e6e4a
- url: https://www.virustotal.com/gui/file/8099e85c4aa05f50ff299a130dc26a67b45aed519668e8b1ee1692e0034196c2/detection
- ip: 141.195.117.128
- domain: apuliae.com
- domain: jbactors.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/d1bdbe806e95a93b7d45361744f2184a3731722b
- url: https://x.com/D3LabIT/status/2026278544272232666
- domain: mandatechgroup.com
- domain: eventul.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/756bbf828079b7e8f5b4ba6ef70a5d8df3d92b8a
- url: https://x.com/fbgwls245/status/2026299482477088838
- domain: npmh5ahrgakbniuntyc7io4adm6ietbdbuejrfonowqtyqn24or556qd.onion
- url: https://api.github.com/repos/stamparm/maltrail/commits/1c88d89774aef47e80277d812ab21d7e807c97be
- url: https://x.com/JAMESWT_WT/status/2026300744635129887
- url: https://www.virustotal.com/gui/file/6f8e3ec4e11770eb4202b1ccae2423040c0703f7e7bbfd8330de0a7712f23498/detection
- url: https://www.virustotal.com/gui/file/79d7358fd1cdaecc1adf0c054c2394abef95df87ef5191f70778da24310c790e/detection
- ip: 198.23.175.46
- ip: 38.240.32.108
- domain: jerrymac2008.duckdns.org
- url: https://api.github.com/repos/stamparm/maltrail/commits/b65b06b38cbe5319c83952879cabb4e3cc8bf9d7
- ip: 212.11.64.250
- url: https://api.github.com/repos/stamparm/maltrail/commits/b9bae35324e39b3d63a6ade98778f91a933f9be0
- url: https://x.com/blackorbird/status/2025588291073171714
- url: https://cyberandramen.net/2026/02/21/llms-in-the-kill-chain-inside-a-custom-mcp-targeting-fortigate-devices-across-continents
- url: https://aws.amazon.com/ru/blogs/security/ai-augmented-threat-actor-accesses-fortigate-devices-at-scale
- ip: 103.164.81.110
- ip: 106.52.47.65
- ip: 115.120.233.95
- ip: 118.25.186.119
- ip: 142.171.160.137
- ip: 144.31.224.253
- ip: 146.190.195.154
- ip: 146.190.82.132
- ip: 154.219.114.92
- ip: 156.238.244.173
- ip: 185.196.11.225
- ip: 43.167.237.212
- ip: 47.101.186.156
- ip: 47.95.33.207
- ip: 60.204.227.64
- ip: 62.234.61.215
- domain: drb420.ru
- domain: cyberstrike.drb420.ru
- url: https://api.github.com/repos/stamparm/maltrail/commits/582133a4fc977b91d356ed4d121c6ec0be15ef6f
- url: https://x.com/fbgwls245/status/2025926038845526373
- domain: o3ydbkayttkyg4iw2nc732jxmmex25bjeyqyvuuyngnxmpehdefjr3qd.onion
- url: https://api.github.com/repos/stamparm/maltrail/commits/289ab7eb1c673037bccbe2943cf46f71dc420d61
- url: https://www.virustotal.com/gui/ip-address/20.2.2.169/community
- url: https://www.virustotal.com/gui/ip-address/103.164.203.173/relations
- ip: 20.2.2.169
- ip: 103.164.203.173
- url: https://api.github.com/repos/stamparm/maltrail/commits/677b82dc8b6e4a9a2fa9ecdca81ad5d43c8c9469
- url: https://www.virustotal.com/gui/ip-address/43.164.1.146/community
- ip: 43.164.1.146
- url: https://api.github.com/repos/stamparm/maltrail/commits/efabab581c22a454590bd4e67d5f44807ef786f7
- url: https://www.security.com/blog-post/lazarus-medusa-ransomware
- domain: amazonfiso.com
- domain: human-check.com
- domain: illycafe.my
- domain: illycoffee.my
- domain: markethubuk.com
- domain: sictradingc.com
- domain: trustpdfs.com
- domain: zypras.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/60c20e2c7b759acd5decf91a956b9b68753bf90c
- url: https://x.com/Fact_Finder03/status/2026298291328368975
- ip: 41.216.189.53
Maltrail IOC for 2026-02-24
Description
Maltrail IOC for 2026-02-24
AI-Powered Analysis
Technical Analysis
This entry represents an Indicator of Compromise (IOC) related to malware activity detected or observed on February 24, 2026, as reported by the CIRCL OSINT feed. The IOC is part of the Maltrail project, which focuses on network traffic anomaly detection and threat intelligence. The data lacks specific technical indicators such as IP addresses, domain names, file hashes, or malware behavior patterns, and no affected software versions or products are listed. The IOC is categorized under OSINT, external analysis, and network activity, indicating it is derived from open-source intelligence and network monitoring observations. There are no known exploits in the wild, no patches available, and no CWE identifiers, suggesting this is an informational alert rather than a confirmed active threat. The medium severity rating likely reflects the potential for malware-related network anomalies but without confirmed impact or exploitation. The IOC is shared under TLP: clear, meaning it is intended for public dissemination to aid broad defensive measures. The absence of automation in collection and the manual nature of the data gathering imply that this is a curated observation rather than an automated detection feed. Overall, this IOC serves as a situational awareness tool for network defenders to enhance monitoring and detection capabilities against potential malware-related network threats.
Potential Impact
Given the lack of specific technical details and no known active exploitation, the direct impact of this IOC is limited. However, it signals the presence or detection of malware-related network activity that could indicate ongoing or emerging threats. Organizations worldwide could face risks of malware infections leading to data compromise, service disruption, or unauthorized access if related threats are present but undetected. The medium severity suggests moderate risk, emphasizing the importance of network monitoring and threat intelligence integration to identify and respond to suspicious activity early. Without concrete exploit details or affected products, the impact is primarily on detection and response capabilities rather than immediate operational disruption. This IOC can help organizations improve situational awareness but does not represent an urgent or critical threat requiring immediate patching or remediation.
Mitigation Recommendations
1. Integrate the IOC into existing network monitoring and intrusion detection systems to enhance detection of related malware activity. 2. Maintain updated threat intelligence feeds and correlate this IOC with other indicators to identify potential emerging threats. 3. Conduct regular network traffic analysis focusing on anomalies that may align with malware behavior patterns. 4. Employ behavioral analytics and anomaly detection tools to identify suspicious network communications potentially related to this IOC. 5. Ensure endpoint protection solutions are current and capable of detecting malware variants that may generate network anomalies. 6. Train security teams to recognize and investigate alerts stemming from such OSINT-based IOCs, emphasizing manual review and contextual analysis. 7. Share findings with relevant information sharing and analysis centers (ISACs) to improve collective defense. 8. Since no patches or exploits are known, focus mitigation on detection, containment, and response rather than patch management.
Technical Details
- Uuid
- b0a9ddc2-de1c-49cb-a8b5-2cd8803e7c35
- Original Timestamp
- 1771948808
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://api.github.com/repos/stamparm/maltrail/commits/e53c50beda89b027b090eed0a98c9445a08327ce | airbot | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/d4716f94d5df29aefb74947468dbd0c4bd0996fc | android_joker | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/1060b34b043498957ee8024d00fb38fa8d4a119f | apt_unc2465 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/8f99fa593c921ab847d4a87ed524e4cb4546d486 | apt_unc2465 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/5678302f8a5a9f8db722fd68c4378ea5b5fe497f | ek_clearfake | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/daf13720da4344b799ac1bce73959a260ce00a8a | — | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/ade51ff5ba6b3ab47046f82970e5cef3a0b4bda4 | dcrat | |
urlhttps://www.virustotal.com/gui/file/5b2977786f032de4a260fe264d36e4a959927e07d558eff259679afc71e87350/detection | dcrat | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/c035cfbce3585cd0fdbbca5aa53e8f1a752de647 | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/b282cf463fb1fb9eca272d304565e5df86876a12 | 0ktapus | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/d64a7b76f2a61b088b8e0a986367f1c19c1f2652 | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/3d5b8ecc53c8caa045e2d00448c6cdd4b9c8cbcc | powershell_injector | |
urlhttps://www.virustotal.com/gui/file/11d7d19fd9ad0d93b2f78d9d2fe802bd457cd6857a890e874a0a326a617567ac/detection | powershell_injector | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/24035499341e1bb46723e140fac0780173f5585c | supershell_c2 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/beec27fc466826454389b9f1f468a1eec0a698aa | mintsloader | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/c1f22ce7a75a4f216756da51df1cd3c39814adf5 | osx_atomic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/efa04e1f95850cc5a6db30e4ff44ccc642432038 | lummac2 | |
urlhttps://www.virustotal.com/gui/ip-address/151.245.121.51/relations | lummac2 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/0c50ef33b161dfbf964a1887b3828b58437af244 | quasarrat | |
urlhttps://x.com/smica83/status/2026055656638124417 | quasarrat | |
urlhttps://tria.ge/260223-1y111sds7a/behavioral1 | quasarrat | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/5098133f78daf5c6a3c80eee4c98bcb0fd646e05 | generic | |
urlhttps://x.com/smica83/status/2026056412049072213 | generic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/5ec67cc9678a13c2f5cc6479bd191ef1d5e7182d | generic | |
urlhttps://x.com/smica83/status/2025979039614177769 | generic | |
urlhttps://x.com/smica83/status/2026038524906975421 | generic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/eed2bf66bac09535f533a7f7c4fd5e11fd55a0f2 | apt_kimsuky | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/f0c057f37fef906bfeaf8c85eebc02bcc5133d2a | vidar | |
urlhttps://www.virustotal.com/gui/file/b804437ff855bd3fd448d2bf76f47ada7dcee6288d8f0a53d41fd3b1361c4c0d/detection | vidar | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/dbf4930c405e099e546da792cde0bf9210bff734 | powershell_injector | |
urlhttps://www.virustotal.com/gui/file/0e4780dd90a355c293a08c5607887b95ba4d7d5bffea1a8df92450dfc08934ea/detection | powershell_injector | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/5ea1173644e6bd59ebd6d5c49fcc62fef5af1b95 | fakeapp | |
urlhttps://x.com/tuckner/status/2026069982493229434 | fakeapp | |
urlhttps://annex.security/blog/promise-bomb | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/24f04eb96c56c6f97f1ed248dd1f8f82fc85040c | powershell_injector | |
urlhttps://x.com/malwrhunterteam/status/2026251417372049675 | powershell_injector | |
urlhttps://www.virustotal.com/gui/file/73ae9fe72b3340b95e7187cd51de3b7476cfb84aa20b9903cfaff4f1c96a3e01/detection | powershell_injector | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/2d39fd81500e67b0a26081813c5bb8f46cffe31e | magentocore | |
urlhttps://www.virustotal.com/gui/ip-address/38.180.80.50/relations | magentocore | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/b3fa70ad54a979c37f8c2de4bf0b6934d0000a24 | magentocore | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/4df89b99efb34e1f6f58e84340e0f41c59442f61 | magentocore | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/4c405151fc705dbf7e7854e5a799d635c80c97a7 | magentocore | |
urlhttps://x.com/sdcyberresearch/status/2026266049755164860 | magentocore | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/a26b69e1fc21b37577409db62e93347d90798bfc | fakeapp | |
urlhttps://socket.dev/blog/malicious-chrome-extension-performs-hidden-affiliate-hijacking | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/66ea3343d6a60f23712520c7d0e9d5d6f72133a1 | powershell_injector | |
urlhttps://www.cyberproof.com/blog/fake-captcha-attack-uncovered-clickfix-infostealer-campaign | powershell_injector | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/99b248df35bcf6619a11b06548379b4a2a8e6e4a | netsupport | |
urlhttps://www.virustotal.com/gui/file/8099e85c4aa05f50ff299a130dc26a67b45aed519668e8b1ee1692e0034196c2/detection | netsupport | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/d1bdbe806e95a93b7d45361744f2184a3731722b | fakeapp | |
urlhttps://x.com/D3LabIT/status/2026278544272232666 | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/756bbf828079b7e8f5b4ba6ef70a5d8df3d92b8a | atomsilo | |
urlhttps://x.com/fbgwls245/status/2026299482477088838 | atomsilo | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/1c88d89774aef47e80277d812ab21d7e807c97be | remcos | |
urlhttps://x.com/JAMESWT_WT/status/2026300744635129887 | remcos | |
urlhttps://www.virustotal.com/gui/file/6f8e3ec4e11770eb4202b1ccae2423040c0703f7e7bbfd8330de0a7712f23498/detection | remcos | |
urlhttps://www.virustotal.com/gui/file/79d7358fd1cdaecc1adf0c054c2394abef95df87ef5191f70778da24310c790e/detection | remcos | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/b65b06b38cbe5319c83952879cabb4e3cc8bf9d7 | cyberstrikeai | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/b9bae35324e39b3d63a6ade98778f91a933f9be0 | cyberstrikeai | |
urlhttps://x.com/blackorbird/status/2025588291073171714 | cyberstrikeai | |
urlhttps://cyberandramen.net/2026/02/21/llms-in-the-kill-chain-inside-a-custom-mcp-targeting-fortigate-devices-across-continents | cyberstrikeai | |
urlhttps://aws.amazon.com/ru/blogs/security/ai-augmented-threat-actor-accesses-fortigate-devices-at-scale | cyberstrikeai | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/582133a4fc977b91d356ed4d121c6ec0be15ef6f | cipherforce | |
urlhttps://x.com/fbgwls245/status/2025926038845526373 | cipherforce | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/289ab7eb1c673037bccbe2943cf46f71dc420d61 | vshell | |
urlhttps://www.virustotal.com/gui/ip-address/20.2.2.169/community | vshell | |
urlhttps://www.virustotal.com/gui/ip-address/103.164.203.173/relations | vshell | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/677b82dc8b6e4a9a2fa9ecdca81ad5d43c8c9469 | vshell | |
urlhttps://www.virustotal.com/gui/ip-address/43.164.1.146/community | vshell | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/efabab581c22a454590bd4e67d5f44807ef786f7 | apt_lazarus | |
urlhttps://www.security.com/blog-post/lazarus-medusa-ransomware | apt_lazarus | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/60c20e2c7b759acd5decf91a956b9b68753bf90c | toponev | |
urlhttps://x.com/Fact_Finder03/status/2026298291328368975 | toponev |
Ip
| Value | Description | Copy |
|---|---|---|
ip151.241.154.119 | airbot | |
ip65.21.104.235 | powershell_injector | |
ip143.92.60.24 | supershell_c2 | |
ip192.159.99.176 | quasarrat | |
ip141.195.117.128 | netsupport | |
ip198.23.175.46 | remcos | |
ip38.240.32.108 | remcos | |
ip212.11.64.250 | cyberstrikeai | |
ip103.164.81.110 | cyberstrikeai | |
ip106.52.47.65 | cyberstrikeai | |
ip115.120.233.95 | cyberstrikeai | |
ip118.25.186.119 | cyberstrikeai | |
ip142.171.160.137 | cyberstrikeai | |
ip144.31.224.253 | cyberstrikeai | |
ip146.190.195.154 | cyberstrikeai | |
ip146.190.82.132 | cyberstrikeai | |
ip154.219.114.92 | cyberstrikeai | |
ip156.238.244.173 | cyberstrikeai | |
ip185.196.11.225 | cyberstrikeai | |
ip43.167.237.212 | cyberstrikeai | |
ip47.101.186.156 | cyberstrikeai | |
ip47.95.33.207 | cyberstrikeai | |
ip60.204.227.64 | cyberstrikeai | |
ip62.234.61.215 | cyberstrikeai | |
ip20.2.2.169 | vshell | |
ip103.164.203.173 | vshell | |
ip43.164.1.146 | vshell | |
ip41.216.189.53 | toponev |
Domain
| Value | Description | Copy |
|---|---|---|
domaintered.pw | android_joker | |
domainrvtoolc.info | apt_unc2465 | |
domainrvtooli.info | apt_unc2465 | |
domainaccount.booklngg.com | ek_clearfake | |
domainbooklngg.com | ek_clearfake | |
domainnightlywallet.app | ek_clearfake | |
domain59xgjeq2.hexalink.digital | ek_clearfake | |
domainbest.deals.my.id | ek_clearfake | |
domainbrandnew.deals.my.id | ek_clearfake | |
domainbuycheap.deals.my.id | ek_clearfake | |
domaincheapest.deals.my.id | ek_clearfake | |
domaindeals.my.id | ek_clearfake | |
domainhexalink.digital | ek_clearfake | |
domainfilecloudgrid.com | — | |
domainfilecloudzip.com | — | |
domainfiledrivenow.com | — | |
domainfilesharegrid.com | — | |
domainmedia.megafilehost.cfd | — | |
domainmegafilehost.baby | — | |
domainmegafilehost.xyz | — | |
domaindc.aartzz.pp.ua | dcrat | |
domaindemo.ntl-rto.com | fakeapp | |
domainsmscup.ir | fakeapp | |
domainshift4internal.com | 0ktapus | |
domainchromium-report-tech-331as-2s1-tcd-h143.chartexaapp-razv.com | fakeapp | |
domainforestoaker.com | powershell_injector | |
domainpub-22a8dd26de0749d5b900b711deea554b.r2.dev | powershell_injector | |
domaincdhhcehkchddeec.top | mintsloader | |
domainmhlgcebldddbidl.top | mintsloader | |
domainspacesolutionmac.it.com | osx_atomic | |
domainstorg.pages.dev | osx_atomic | |
domaincanvasn.top | lummac2 | |
domainconvexm.top | lummac2 | |
domaincredil.club | lummac2 | |
domaincygnusn.cyou | lummac2 | |
domaindarkbq.club | lummac2 | |
domaingenetiz.shop | lummac2 | |
domainiivouw.club | lummac2 | |
domainintegri.top | lummac2 | |
domainkaboim.club | lummac2 | |
domainmensare.top | lummac2 | |
domainpageld.club | lummac2 | |
domainparabg.club | lummac2 | |
domainscrewd.club | lummac2 | |
domaintestdf.club | lummac2 | |
domainthinlpr.buzz | lummac2 | |
domaintouchfh.shop | lummac2 | |
domainwipez.top | lummac2 | |
domainheads-resistance-august-sweet.trycloudflare.com | generic | |
domainadvise-visual-playstation-closer.trycloudflare.com | generic | |
domainregistry-memory-defines-obtaining.trycloudflare.com | generic | |
domainchk.nsetverification.mydns.bz | apt_kimsuky | |
domaincvcmains.dns.army | apt_kimsuky | |
domainips-edocdeliver.mydns.bz | apt_kimsuky | |
domainnavlogin.sev.cvcmains.dns.army | apt_kimsuky | |
domainnid-naverhpk.onthewifi.com | apt_kimsuky | |
domainnid-naverjzc.servehalflife.com | apt_kimsuky | |
domainnid-navermly.servegame.com | apt_kimsuky | |
domainnid-naverohn.3utilities.com | apt_kimsuky | |
domainnid-naverxqh.servecounterstrike.com | apt_kimsuky | |
domainnkdocument-hometax.mydns.bz | apt_kimsuky | |
domainnsetverification.mydns.bz | apt_kimsuky | |
domainnuser-login.ips-edocdeliver.mydns.bz | apt_kimsuky | |
domainsev.cvcmains.dns.army | apt_kimsuky | |
domainvvork-space.com | vidar | |
domainalphazero1-endscape.cc | powershell_injector | |
domainalphazero10-endscape.cc | powershell_injector | |
domainalphazero2-endscape.cc | powershell_injector | |
domainalphazero3-endscape.cc | powershell_injector | |
domainalphazero4-endscape.cc | powershell_injector | |
domainalphazero5-endscape.cc | powershell_injector | |
domainalphazero6-endscape.cc | powershell_injector | |
domainalphazero7-endscape.cc | powershell_injector | |
domainalphazero8-endscape.cc | powershell_injector | |
domainalphazero9-endscape.cc | powershell_injector | |
domainpage-guard.com | fakeapp | |
domainpixel-defence.com | fakeapp | |
domainstreamcdn.click | powershell_injector | |
domainjavascripttestlibrary.com | magentocore | |
domainchatliveapp.com | magentocore | |
domainlivechathub.org | magentocore | |
domainliverespond.online | magentocore | |
domainapicheck.chatliveplus.com | magentocore | |
domainblog.chatliveplus.com | magentocore | |
domainchat.eventchatsupport.com | magentocore | |
domaincalendar.livechatlite.com | magentocore | |
domainmail.chatliveplus.com | magentocore | |
domainonline.eventchatsupport.com | magentocore | |
domainportal.livechatlite.com | magentocore | |
domainstatus.livechatlite.com | magentocore | |
domainsystem.eventchatsupport.com | magentocore | |
domainwebdisk.chatliveplus.com | magentocore | |
domainchatliveplus.com | magentocore | |
domaineventchatsupport.com | magentocore | |
domainlivechatlite.com | magentocore | |
domain10xprofit.io | fakeapp | |
domainapp.10xprofit.io | fakeapp | |
domainpinmaha.com | powershell_injector | |
domainapuliae.com | netsupport | |
domainjbactors.com | netsupport | |
domainmandatechgroup.com | fakeapp | |
domaineventul.com | fakeapp | |
domainnpmh5ahrgakbniuntyc7io4adm6ietbdbuejrfonowqtyqn24or556qd.onion | atomsilo | |
domainjerrymac2008.duckdns.org | remcos | |
domaindrb420.ru | cyberstrikeai | |
domaincyberstrike.drb420.ru | cyberstrikeai | |
domaino3ydbkayttkyg4iw2nc732jxmmex25bjeyqyvuuyngnxmpehdefjr3qd.onion | cipherforce | |
domainamazonfiso.com | apt_lazarus | |
domainhuman-check.com | apt_lazarus | |
domainillycafe.my | apt_lazarus | |
domainillycoffee.my | apt_lazarus | |
domainmarkethubuk.com | apt_lazarus | |
domainsictradingc.com | apt_lazarus | |
domaintrustpdfs.com | apt_lazarus | |
domainzypras.com | apt_lazarus |
Threat ID: 699dd95dbe58cf853b0239a9
Added to database: 2/24/2026, 5:01:17 PM
Last enriched: 2/24/2026, 5:16:32 PM
Last updated: 2/24/2026, 9:16:25 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
‘Arkanix Stealer’ Malware Disappears Shortly After Debut
MediumMalicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer
MediumFour Malicious NuGet Packages Target ASP.NET Developers With JIT Hooking and Credential Exfiltration
MediumKRVTZ-NET IDS alerts for 2026-02-24
LowThreatFox IOCs for 2026-02-23
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.