Reconnecting to live updates…

Maltrail IOC for 2026-02-24

Severity: mediumType: malware

This entry reports a Maltrail Indicator of Compromise (IOC) dated 2026-02-24, classified as malware with medium severity. It is an OSINT observation from the CIRCL OSINT Feed, indicating suspicious network activity. No specific affected versions, exploits in the wild, or patch information are provided. The threat is categorized as medium risk based on available data.

AI Analysis

Technical Summary

The report details a malware-related IOC identified by Maltrail on 2026-02-24, sourced from CIRCL OSINT Feed. It represents an external analysis of network activity flagged as suspicious. There are no affected software versions or known exploits associated with this IOC, and no patch or remediation is available or applicable. The information is based on manual OSINT collection and is intended for awareness and detection purposes.

Potential Impact

The impact is currently limited to detection and monitoring of suspicious network activity associated with malware. There is no evidence of active exploitation or direct compromise linked to this IOC. The medium severity rating suggests a moderate level of concern but no confirmed widespread threat or damage.

Mitigation Recommendations

No patch or direct remediation is available for this IOC. Security teams should incorporate this IOC into their detection and monitoring tools to identify potential malicious activity. Follow standard incident response procedures if the IOC is detected in the environment.

Indicators of Compromise

url: https://api.github.com/repos/stamparm/maltrail/commits/e53c50beda89b027b090eed0a98c9445a08327ce
ip: 151.241.154.119
url: https://api.github.com/repos/stamparm/maltrail/commits/d4716f94d5df29aefb74947468dbd0c4bd0996fc
domain: tered.pw
url: https://api.github.com/repos/stamparm/maltrail/commits/1060b34b043498957ee8024d00fb38fa8d4a119f
domain: rvtoolc.info
url: https://api.github.com/repos/stamparm/maltrail/commits/8f99fa593c921ab847d4a87ed524e4cb4546d486
domain: rvtooli.info
url: https://api.github.com/repos/stamparm/maltrail/commits/5678302f8a5a9f8db722fd68c4378ea5b5fe497f
domain: account.booklngg.com
domain: booklngg.com
domain: nightlywallet.app
domain: 59xgjeq2.hexalink.digital
domain: best.deals.my.id
domain: brandnew.deals.my.id
domain: buycheap.deals.my.id
domain: cheapest.deals.my.id
domain: deals.my.id
domain: hexalink.digital
url: https://api.github.com/repos/stamparm/maltrail/commits/daf13720da4344b799ac1bce73959a260ce00a8a
domain: filecloudgrid.com
domain: filecloudzip.com
domain: filedrivenow.com
domain: filesharegrid.com
domain: media.megafilehost.cfd
domain: megafilehost.baby
domain: megafilehost.xyz
url: https://api.github.com/repos/stamparm/maltrail/commits/ade51ff5ba6b3ab47046f82970e5cef3a0b4bda4
url: https://www.virustotal.com/gui/file/5b2977786f032de4a260fe264d36e4a959927e07d558eff259679afc71e87350/detection
domain: dc.aartzz.pp.ua
url: https://api.github.com/repos/stamparm/maltrail/commits/c035cfbce3585cd0fdbbca5aa53e8f1a752de647
domain: demo.ntl-rto.com
domain: smscup.ir
url: https://api.github.com/repos/stamparm/maltrail/commits/b282cf463fb1fb9eca272d304565e5df86876a12
domain: shift4internal.com
url: https://api.github.com/repos/stamparm/maltrail/commits/d64a7b76f2a61b088b8e0a986367f1c19c1f2652
domain: chromium-report-tech-331as-2s1-tcd-h143.chartexaapp-razv.com
url: https://api.github.com/repos/stamparm/maltrail/commits/3d5b8ecc53c8caa045e2d00448c6cdd4b9c8cbcc
url: https://www.virustotal.com/gui/file/11d7d19fd9ad0d93b2f78d9d2fe802bd457cd6857a890e874a0a326a617567ac/detection
ip: 65.21.104.235
domain: forestoaker.com
domain: pub-22a8dd26de0749d5b900b711deea554b.r2.dev
url: https://api.github.com/repos/stamparm/maltrail/commits/24035499341e1bb46723e140fac0780173f5585c
ip: 143.92.60.24
url: https://api.github.com/repos/stamparm/maltrail/commits/beec27fc466826454389b9f1f468a1eec0a698aa
domain: cdhhcehkchddeec.top
domain: mhlgcebldddbidl.top
url: https://api.github.com/repos/stamparm/maltrail/commits/c1f22ce7a75a4f216756da51df1cd3c39814adf5
domain: spacesolutionmac.it.com
domain: storg.pages.dev
url: https://api.github.com/repos/stamparm/maltrail/commits/efa04e1f95850cc5a6db30e4ff44ccc642432038
url: https://www.virustotal.com/gui/ip-address/151.245.121.51/relations
domain: canvasn.top
domain: convexm.top
domain: credil.club
domain: cygnusn.cyou
domain: darkbq.club
domain: genetiz.shop
domain: iivouw.club
domain: integri.top
domain: kaboim.club
domain: mensare.top
domain: pageld.club
domain: parabg.club
domain: screwd.club
domain: testdf.club
domain: thinlpr.buzz
domain: touchfh.shop
domain: wipez.top
url: https://api.github.com/repos/stamparm/maltrail/commits/0c50ef33b161dfbf964a1887b3828b58437af244
url: https://x.com/smica83/status/2026055656638124417
url: https://tria.ge/260223-1y111sds7a/behavioral1
ip: 192.159.99.176
url: https://api.github.com/repos/stamparm/maltrail/commits/5098133f78daf5c6a3c80eee4c98bcb0fd646e05
url: https://x.com/smica83/status/2026056412049072213
domain: heads-resistance-august-sweet.trycloudflare.com
url: https://api.github.com/repos/stamparm/maltrail/commits/5ec67cc9678a13c2f5cc6479bd191ef1d5e7182d
url: https://x.com/smica83/status/2025979039614177769
url: https://x.com/smica83/status/2026038524906975421
domain: advise-visual-playstation-closer.trycloudflare.com
domain: registry-memory-defines-obtaining.trycloudflare.com
url: https://api.github.com/repos/stamparm/maltrail/commits/eed2bf66bac09535f533a7f7c4fd5e11fd55a0f2
domain: chk.nsetverification.mydns.bz
domain: cvcmains.dns.army
domain: ips-edocdeliver.mydns.bz
domain: navlogin.sev.cvcmains.dns.army
domain: nid-naverhpk.onthewifi.com
domain: nid-naverjzc.servehalflife.com
domain: nid-navermly.servegame.com
domain: nid-naverohn.3utilities.com
domain: nid-naverxqh.servecounterstrike.com
domain: nkdocument-hometax.mydns.bz
domain: nsetverification.mydns.bz
domain: nuser-login.ips-edocdeliver.mydns.bz
domain: sev.cvcmains.dns.army
url: https://api.github.com/repos/stamparm/maltrail/commits/f0c057f37fef906bfeaf8c85eebc02bcc5133d2a
url: https://www.virustotal.com/gui/file/b804437ff855bd3fd448d2bf76f47ada7dcee6288d8f0a53d41fd3b1361c4c0d/detection
domain: vvork-space.com
url: https://api.github.com/repos/stamparm/maltrail/commits/dbf4930c405e099e546da792cde0bf9210bff734
url: https://www.virustotal.com/gui/file/0e4780dd90a355c293a08c5607887b95ba4d7d5bffea1a8df92450dfc08934ea/detection
domain: alphazero1-endscape.cc
domain: alphazero10-endscape.cc
domain: alphazero2-endscape.cc
domain: alphazero3-endscape.cc
domain: alphazero4-endscape.cc
domain: alphazero5-endscape.cc
domain: alphazero6-endscape.cc
domain: alphazero7-endscape.cc
domain: alphazero8-endscape.cc
domain: alphazero9-endscape.cc
url: https://api.github.com/repos/stamparm/maltrail/commits/5ea1173644e6bd59ebd6d5c49fcc62fef5af1b95
url: https://x.com/tuckner/status/2026069982493229434
url: https://annex.security/blog/promise-bomb
domain: page-guard.com
domain: pixel-defence.com
url: https://api.github.com/repos/stamparm/maltrail/commits/24f04eb96c56c6f97f1ed248dd1f8f82fc85040c
url: https://x.com/malwrhunterteam/status/2026251417372049675
url: https://www.virustotal.com/gui/file/73ae9fe72b3340b95e7187cd51de3b7476cfb84aa20b9903cfaff4f1c96a3e01/detection
domain: streamcdn.click
url: https://api.github.com/repos/stamparm/maltrail/commits/2d39fd81500e67b0a26081813c5bb8f46cffe31e
url: https://www.virustotal.com/gui/ip-address/38.180.80.50/relations
domain: javascripttestlibrary.com
url: https://api.github.com/repos/stamparm/maltrail/commits/b3fa70ad54a979c37f8c2de4bf0b6934d0000a24
domain: chatliveapp.com
domain: livechathub.org
url: https://api.github.com/repos/stamparm/maltrail/commits/4df89b99efb34e1f6f58e84340e0f41c59442f61
domain: liverespond.online
domain: apicheck.chatliveplus.com
domain: blog.chatliveplus.com
domain: chat.eventchatsupport.com
domain: calendar.livechatlite.com
domain: mail.chatliveplus.com
domain: online.eventchatsupport.com
domain: portal.livechatlite.com
domain: status.livechatlite.com
domain: system.eventchatsupport.com
domain: webdisk.chatliveplus.com
url: https://api.github.com/repos/stamparm/maltrail/commits/4c405151fc705dbf7e7854e5a799d635c80c97a7
url: https://x.com/sdcyberresearch/status/2026266049755164860
domain: chatliveplus.com
domain: eventchatsupport.com
domain: livechatlite.com
url: https://api.github.com/repos/stamparm/maltrail/commits/a26b69e1fc21b37577409db62e93347d90798bfc
url: https://socket.dev/blog/malicious-chrome-extension-performs-hidden-affiliate-hijacking
domain: 10xprofit.io
domain: app.10xprofit.io
url: https://api.github.com/repos/stamparm/maltrail/commits/66ea3343d6a60f23712520c7d0e9d5d6f72133a1
url: https://www.cyberproof.com/blog/fake-captcha-attack-uncovered-clickfix-infostealer-campaign
domain: pinmaha.com
url: https://api.github.com/repos/stamparm/maltrail/commits/99b248df35bcf6619a11b06548379b4a2a8e6e4a
url: https://www.virustotal.com/gui/file/8099e85c4aa05f50ff299a130dc26a67b45aed519668e8b1ee1692e0034196c2/detection
ip: 141.195.117.128
domain: apuliae.com
domain: jbactors.com
url: https://api.github.com/repos/stamparm/maltrail/commits/d1bdbe806e95a93b7d45361744f2184a3731722b
url: https://x.com/D3LabIT/status/2026278544272232666
domain: mandatechgroup.com
domain: eventul.com
url: https://api.github.com/repos/stamparm/maltrail/commits/756bbf828079b7e8f5b4ba6ef70a5d8df3d92b8a
url: https://x.com/fbgwls245/status/2026299482477088838
domain: npmh5ahrgakbniuntyc7io4adm6ietbdbuejrfonowqtyqn24or556qd.onion
url: https://api.github.com/repos/stamparm/maltrail/commits/1c88d89774aef47e80277d812ab21d7e807c97be
url: https://x.com/JAMESWT_WT/status/2026300744635129887
url: https://www.virustotal.com/gui/file/6f8e3ec4e11770eb4202b1ccae2423040c0703f7e7bbfd8330de0a7712f23498/detection
url: https://www.virustotal.com/gui/file/79d7358fd1cdaecc1adf0c054c2394abef95df87ef5191f70778da24310c790e/detection
ip: 198.23.175.46
ip: 38.240.32.108
domain: jerrymac2008.duckdns.org
url: https://api.github.com/repos/stamparm/maltrail/commits/b65b06b38cbe5319c83952879cabb4e3cc8bf9d7
ip: 212.11.64.250
url: https://api.github.com/repos/stamparm/maltrail/commits/b9bae35324e39b3d63a6ade98778f91a933f9be0
url: https://x.com/blackorbird/status/2025588291073171714
url: https://cyberandramen.net/2026/02/21/llms-in-the-kill-chain-inside-a-custom-mcp-targeting-fortigate-devices-across-continents
url: https://aws.amazon.com/ru/blogs/security/ai-augmented-threat-actor-accesses-fortigate-devices-at-scale
ip: 103.164.81.110
ip: 106.52.47.65
ip: 115.120.233.95
ip: 118.25.186.119
ip: 142.171.160.137
ip: 144.31.224.253
ip: 146.190.195.154
ip: 146.190.82.132
ip: 154.219.114.92
ip: 156.238.244.173
ip: 185.196.11.225
ip: 43.167.237.212
ip: 47.101.186.156
ip: 47.95.33.207
ip: 60.204.227.64
ip: 62.234.61.215
domain: drb420.ru
domain: cyberstrike.drb420.ru
url: https://api.github.com/repos/stamparm/maltrail/commits/582133a4fc977b91d356ed4d121c6ec0be15ef6f
url: https://x.com/fbgwls245/status/2025926038845526373
domain: o3ydbkayttkyg4iw2nc732jxmmex25bjeyqyvuuyngnxmpehdefjr3qd.onion
url: https://api.github.com/repos/stamparm/maltrail/commits/289ab7eb1c673037bccbe2943cf46f71dc420d61
url: https://www.virustotal.com/gui/ip-address/20.2.2.169/community
url: https://www.virustotal.com/gui/ip-address/103.164.203.173/relations
ip: 20.2.2.169
ip: 103.164.203.173
url: https://api.github.com/repos/stamparm/maltrail/commits/677b82dc8b6e4a9a2fa9ecdca81ad5d43c8c9469
url: https://www.virustotal.com/gui/ip-address/43.164.1.146/community
ip: 43.164.1.146
url: https://api.github.com/repos/stamparm/maltrail/commits/efabab581c22a454590bd4e67d5f44807ef786f7
url: https://www.security.com/blog-post/lazarus-medusa-ransomware
domain: amazonfiso.com
domain: human-check.com
domain: illycafe.my
domain: illycoffee.my
domain: markethubuk.com
domain: sictradingc.com
domain: trustpdfs.com
domain: zypras.com
url: https://api.github.com/repos/stamparm/maltrail/commits/60c20e2c7b759acd5decf91a956b9b68753bf90c
url: https://x.com/Fact_Finder03/status/2026298291328368975
ip: 41.216.189.53

Maltrail IOC for 2026-02-24

Severity: medium

Type: malware

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

url: https://api.github.com/repos/stamparm/maltrail/commits/e53c50beda89b027b090eed0a98c9445a08327ce
ip: 151.241.154.119
url: https://api.github.com/repos/stamparm/maltrail/commits/d4716f94d5df29aefb74947468dbd0c4bd0996fc
domain: tered.pw
url: https://api.github.com/repos/stamparm/maltrail/commits/1060b34b043498957ee8024d00fb38fa8d4a119f
domain: rvtoolc.info
url: https://api.github.com/repos/stamparm/maltrail/commits/8f99fa593c921ab847d4a87ed524e4cb4546d486
domain: rvtooli.info
url: https://api.github.com/repos/stamparm/maltrail/commits/5678302f8a5a9f8db722fd68c4378ea5b5fe497f
domain: account.booklngg.com
domain: booklngg.com
domain: nightlywallet.app
domain: 59xgjeq2.hexalink.digital
domain: best.deals.my.id
domain: brandnew.deals.my.id
domain: buycheap.deals.my.id
domain: cheapest.deals.my.id
domain: deals.my.id
domain: hexalink.digital
url: https://api.github.com/repos/stamparm/maltrail/commits/daf13720da4344b799ac1bce73959a260ce00a8a
domain: filecloudgrid.com
domain: filecloudzip.com
domain: filedrivenow.com
domain: filesharegrid.com
domain: media.megafilehost.cfd
domain: megafilehost.baby
domain: megafilehost.xyz
url: https://api.github.com/repos/stamparm/maltrail/commits/ade51ff5ba6b3ab47046f82970e5cef3a0b4bda4
url: https://www.virustotal.com/gui/file/5b2977786f032de4a260fe264d36e4a959927e07d558eff259679afc71e87350/detection
domain: dc.aartzz.pp.ua
url: https://api.github.com/repos/stamparm/maltrail/commits/c035cfbce3585cd0fdbbca5aa53e8f1a752de647
domain: demo.ntl-rto.com
domain: smscup.ir
url: https://api.github.com/repos/stamparm/maltrail/commits/b282cf463fb1fb9eca272d304565e5df86876a12
domain: shift4internal.com
url: https://api.github.com/repos/stamparm/maltrail/commits/d64a7b76f2a61b088b8e0a986367f1c19c1f2652
domain: chromium-report-tech-331as-2s1-tcd-h143.chartexaapp-razv.com
url: https://api.github.com/repos/stamparm/maltrail/commits/3d5b8ecc53c8caa045e2d00448c6cdd4b9c8cbcc
url: https://www.virustotal.com/gui/file/11d7d19fd9ad0d93b2f78d9d2fe802bd457cd6857a890e874a0a326a617567ac/detection
ip: 65.21.104.235
domain: forestoaker.com
domain: pub-22a8dd26de0749d5b900b711deea554b.r2.dev
url: https://api.github.com/repos/stamparm/maltrail/commits/24035499341e1bb46723e140fac0780173f5585c
ip: 143.92.60.24
url: https://api.github.com/repos/stamparm/maltrail/commits/beec27fc466826454389b9f1f468a1eec0a698aa
domain: cdhhcehkchddeec.top
domain: mhlgcebldddbidl.top
url: https://api.github.com/repos/stamparm/maltrail/commits/c1f22ce7a75a4f216756da51df1cd3c39814adf5
domain: spacesolutionmac.it.com
domain: storg.pages.dev
url: https://api.github.com/repos/stamparm/maltrail/commits/efa04e1f95850cc5a6db30e4ff44ccc642432038
url: https://www.virustotal.com/gui/ip-address/151.245.121.51/relations
domain: canvasn.top
domain: convexm.top
domain: credil.club
domain: cygnusn.cyou
domain: darkbq.club
domain: genetiz.shop
domain: iivouw.club
domain: integri.top
domain: kaboim.club
domain: mensare.top
domain: pageld.club
domain: parabg.club
domain: screwd.club
domain: testdf.club
domain: thinlpr.buzz
domain: touchfh.shop
domain: wipez.top
url: https://api.github.com/repos/stamparm/maltrail/commits/0c50ef33b161dfbf964a1887b3828b58437af244
url: https://x.com/smica83/status/2026055656638124417
url: https://tria.ge/260223-1y111sds7a/behavioral1
ip: 192.159.99.176
url: https://api.github.com/repos/stamparm/maltrail/commits/5098133f78daf5c6a3c80eee4c98bcb0fd646e05
url: https://x.com/smica83/status/2026056412049072213
domain: heads-resistance-august-sweet.trycloudflare.com
url: https://api.github.com/repos/stamparm/maltrail/commits/5ec67cc9678a13c2f5cc6479bd191ef1d5e7182d
url: https://x.com/smica83/status/2025979039614177769
url: https://x.com/smica83/status/2026038524906975421
domain: advise-visual-playstation-closer.trycloudflare.com
domain: registry-memory-defines-obtaining.trycloudflare.com
url: https://api.github.com/repos/stamparm/maltrail/commits/eed2bf66bac09535f533a7f7c4fd5e11fd55a0f2
domain: chk.nsetverification.mydns.bz
domain: cvcmains.dns.army
domain: ips-edocdeliver.mydns.bz
domain: navlogin.sev.cvcmains.dns.army
domain: nid-naverhpk.onthewifi.com
domain: nid-naverjzc.servehalflife.com
domain: nid-navermly.servegame.com
domain: nid-naverohn.3utilities.com
domain: nid-naverxqh.servecounterstrike.com
domain: nkdocument-hometax.mydns.bz
domain: nsetverification.mydns.bz
domain: nuser-login.ips-edocdeliver.mydns.bz
domain: sev.cvcmains.dns.army
url: https://api.github.com/repos/stamparm/maltrail/commits/f0c057f37fef906bfeaf8c85eebc02bcc5133d2a
url: https://www.virustotal.com/gui/file/b804437ff855bd3fd448d2bf76f47ada7dcee6288d8f0a53d41fd3b1361c4c0d/detection
domain: vvork-space.com
url: https://api.github.com/repos/stamparm/maltrail/commits/dbf4930c405e099e546da792cde0bf9210bff734
url: https://www.virustotal.com/gui/file/0e4780dd90a355c293a08c5607887b95ba4d7d5bffea1a8df92450dfc08934ea/detection
domain: alphazero1-endscape.cc
domain: alphazero10-endscape.cc
domain: alphazero2-endscape.cc
domain: alphazero3-endscape.cc
domain: alphazero4-endscape.cc
domain: alphazero5-endscape.cc
domain: alphazero6-endscape.cc
domain: alphazero7-endscape.cc
domain: alphazero8-endscape.cc
domain: alphazero9-endscape.cc
url: https://api.github.com/repos/stamparm/maltrail/commits/5ea1173644e6bd59ebd6d5c49fcc62fef5af1b95
url: https://x.com/tuckner/status/2026069982493229434
url: https://annex.security/blog/promise-bomb
domain: page-guard.com
domain: pixel-defence.com
url: https://api.github.com/repos/stamparm/maltrail/commits/24f04eb96c56c6f97f1ed248dd1f8f82fc85040c
url: https://x.com/malwrhunterteam/status/2026251417372049675
url: https://www.virustotal.com/gui/file/73ae9fe72b3340b95e7187cd51de3b7476cfb84aa20b9903cfaff4f1c96a3e01/detection
domain: streamcdn.click
url: https://api.github.com/repos/stamparm/maltrail/commits/2d39fd81500e67b0a26081813c5bb8f46cffe31e
url: https://www.virustotal.com/gui/ip-address/38.180.80.50/relations
domain: javascripttestlibrary.com
url: https://api.github.com/repos/stamparm/maltrail/commits/b3fa70ad54a979c37f8c2de4bf0b6934d0000a24
domain: chatliveapp.com
domain: livechathub.org
url: https://api.github.com/repos/stamparm/maltrail/commits/4df89b99efb34e1f6f58e84340e0f41c59442f61
domain: liverespond.online
domain: apicheck.chatliveplus.com
domain: blog.chatliveplus.com
domain: chat.eventchatsupport.com
domain: calendar.livechatlite.com
domain: mail.chatliveplus.com
domain: online.eventchatsupport.com
domain: portal.livechatlite.com
domain: status.livechatlite.com
domain: system.eventchatsupport.com
domain: webdisk.chatliveplus.com
url: https://api.github.com/repos/stamparm/maltrail/commits/4c405151fc705dbf7e7854e5a799d635c80c97a7
url: https://x.com/sdcyberresearch/status/2026266049755164860
domain: chatliveplus.com
domain: eventchatsupport.com
domain: livechatlite.com
url: https://api.github.com/repos/stamparm/maltrail/commits/a26b69e1fc21b37577409db62e93347d90798bfc
url: https://socket.dev/blog/malicious-chrome-extension-performs-hidden-affiliate-hijacking
domain: 10xprofit.io
domain: app.10xprofit.io
url: https://api.github.com/repos/stamparm/maltrail/commits/66ea3343d6a60f23712520c7d0e9d5d6f72133a1
url: https://www.cyberproof.com/blog/fake-captcha-attack-uncovered-clickfix-infostealer-campaign
domain: pinmaha.com
url: https://api.github.com/repos/stamparm/maltrail/commits/99b248df35bcf6619a11b06548379b4a2a8e6e4a
url: https://www.virustotal.com/gui/file/8099e85c4aa05f50ff299a130dc26a67b45aed519668e8b1ee1692e0034196c2/detection
ip: 141.195.117.128
domain: apuliae.com
domain: jbactors.com
url: https://api.github.com/repos/stamparm/maltrail/commits/d1bdbe806e95a93b7d45361744f2184a3731722b
url: https://x.com/D3LabIT/status/2026278544272232666
domain: mandatechgroup.com
domain: eventul.com
url: https://api.github.com/repos/stamparm/maltrail/commits/756bbf828079b7e8f5b4ba6ef70a5d8df3d92b8a
url: https://x.com/fbgwls245/status/2026299482477088838
domain: npmh5ahrgakbniuntyc7io4adm6ietbdbuejrfonowqtyqn24or556qd.onion
url: https://api.github.com/repos/stamparm/maltrail/commits/1c88d89774aef47e80277d812ab21d7e807c97be
url: https://x.com/JAMESWT_WT/status/2026300744635129887
url: https://www.virustotal.com/gui/file/6f8e3ec4e11770eb4202b1ccae2423040c0703f7e7bbfd8330de0a7712f23498/detection
url: https://www.virustotal.com/gui/file/79d7358fd1cdaecc1adf0c054c2394abef95df87ef5191f70778da24310c790e/detection
ip: 198.23.175.46
ip: 38.240.32.108
domain: jerrymac2008.duckdns.org
url: https://api.github.com/repos/stamparm/maltrail/commits/b65b06b38cbe5319c83952879cabb4e3cc8bf9d7
ip: 212.11.64.250
url: https://api.github.com/repos/stamparm/maltrail/commits/b9bae35324e39b3d63a6ade98778f91a933f9be0
url: https://x.com/blackorbird/status/2025588291073171714
url: https://cyberandramen.net/2026/02/21/llms-in-the-kill-chain-inside-a-custom-mcp-targeting-fortigate-devices-across-continents
url: https://aws.amazon.com/ru/blogs/security/ai-augmented-threat-actor-accesses-fortigate-devices-at-scale
ip: 103.164.81.110
ip: 106.52.47.65
ip: 115.120.233.95
ip: 118.25.186.119
ip: 142.171.160.137
ip: 144.31.224.253
ip: 146.190.195.154
ip: 146.190.82.132
ip: 154.219.114.92
ip: 156.238.244.173
ip: 185.196.11.225
ip: 43.167.237.212
ip: 47.101.186.156
ip: 47.95.33.207
ip: 60.204.227.64
ip: 62.234.61.215
domain: drb420.ru
domain: cyberstrike.drb420.ru
url: https://api.github.com/repos/stamparm/maltrail/commits/582133a4fc977b91d356ed4d121c6ec0be15ef6f
url: https://x.com/fbgwls245/status/2025926038845526373
domain: o3ydbkayttkyg4iw2nc732jxmmex25bjeyqyvuuyngnxmpehdefjr3qd.onion
url: https://api.github.com/repos/stamparm/maltrail/commits/289ab7eb1c673037bccbe2943cf46f71dc420d61
url: https://www.virustotal.com/gui/ip-address/20.2.2.169/community
url: https://www.virustotal.com/gui/ip-address/103.164.203.173/relations
ip: 20.2.2.169
ip: 103.164.203.173
url: https://api.github.com/repos/stamparm/maltrail/commits/677b82dc8b6e4a9a2fa9ecdca81ad5d43c8c9469
url: https://www.virustotal.com/gui/ip-address/43.164.1.146/community
ip: 43.164.1.146
url: https://api.github.com/repos/stamparm/maltrail/commits/efabab581c22a454590bd4e67d5f44807ef786f7
url: https://www.security.com/blog-post/lazarus-medusa-ransomware
domain: amazonfiso.com
domain: human-check.com
domain: illycafe.my
domain: illycoffee.my
domain: markethubuk.com
domain: sictradingc.com
domain: trustpdfs.com
domain: zypras.com
url: https://api.github.com/repos/stamparm/maltrail/commits/60c20e2c7b759acd5decf91a956b9b68753bf90c
url: https://x.com/Fact_Finder03/status/2026298291328368975
ip: 41.216.189.53

Source: CIRCL OSINT Feed

Published: Tue Feb 24 2026

Maltrail IOC for 2026-02-24

Medium

Malwaretlp:clear malware misp:threat-level="medium-risk"misp:event-type="observation"misp:automation-level="unsupervised"type:osint osint:lifetime="perpetual"osint:source-type="manual-collection"

Published: Tue Feb 24 2026 (02/24/2026, 00:00:00 UTC)

Source: CIRCL OSINT Feed

Vendor/Project: tlp

Product: clear

Description

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 05/10/2026, 02:29:21 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Uuid: b0a9ddc2-de1c-49cb-a8b5-2cd8803e7c35
Original Timestamp: 1771948808

Indicators of Compromise

Url

Value	Description	Copy
urlhttps://api.github.com/repos/stamparm/maltrail/commits/e53c50beda89b027b090eed0a98c9445a08327ce	airbot
urlhttps://api.github.com/repos/stamparm/maltrail/commits/d4716f94d5df29aefb74947468dbd0c4bd0996fc	android_joker
urlhttps://api.github.com/repos/stamparm/maltrail/commits/1060b34b043498957ee8024d00fb38fa8d4a119f	apt_unc2465
urlhttps://api.github.com/repos/stamparm/maltrail/commits/8f99fa593c921ab847d4a87ed524e4cb4546d486	apt_unc2465
urlhttps://api.github.com/repos/stamparm/maltrail/commits/5678302f8a5a9f8db722fd68c4378ea5b5fe497f	ek_clearfake
urlhttps://api.github.com/repos/stamparm/maltrail/commits/daf13720da4344b799ac1bce73959a260ce00a8a	—
urlhttps://api.github.com/repos/stamparm/maltrail/commits/ade51ff5ba6b3ab47046f82970e5cef3a0b4bda4	dcrat
urlhttps://www.virustotal.com/gui/file/5b2977786f032de4a260fe264d36e4a959927e07d558eff259679afc71e87350/detection	dcrat
urlhttps://api.github.com/repos/stamparm/maltrail/commits/c035cfbce3585cd0fdbbca5aa53e8f1a752de647	fakeapp
urlhttps://api.github.com/repos/stamparm/maltrail/commits/b282cf463fb1fb9eca272d304565e5df86876a12	0ktapus
urlhttps://api.github.com/repos/stamparm/maltrail/commits/d64a7b76f2a61b088b8e0a986367f1c19c1f2652	fakeapp
urlhttps://api.github.com/repos/stamparm/maltrail/commits/3d5b8ecc53c8caa045e2d00448c6cdd4b9c8cbcc	powershell_injector
urlhttps://www.virustotal.com/gui/file/11d7d19fd9ad0d93b2f78d9d2fe802bd457cd6857a890e874a0a326a617567ac/detection	powershell_injector
urlhttps://api.github.com/repos/stamparm/maltrail/commits/24035499341e1bb46723e140fac0780173f5585c	supershell_c2
urlhttps://api.github.com/repos/stamparm/maltrail/commits/beec27fc466826454389b9f1f468a1eec0a698aa	mintsloader
urlhttps://api.github.com/repos/stamparm/maltrail/commits/c1f22ce7a75a4f216756da51df1cd3c39814adf5	osx_atomic
urlhttps://api.github.com/repos/stamparm/maltrail/commits/efa04e1f95850cc5a6db30e4ff44ccc642432038	lummac2
urlhttps://www.virustotal.com/gui/ip-address/151.245.121.51/relations	lummac2
urlhttps://api.github.com/repos/stamparm/maltrail/commits/0c50ef33b161dfbf964a1887b3828b58437af244	quasarrat
urlhttps://x.com/smica83/status/2026055656638124417	quasarrat
urlhttps://tria.ge/260223-1y111sds7a/behavioral1	quasarrat
urlhttps://api.github.com/repos/stamparm/maltrail/commits/5098133f78daf5c6a3c80eee4c98bcb0fd646e05	generic
urlhttps://x.com/smica83/status/2026056412049072213	generic
urlhttps://api.github.com/repos/stamparm/maltrail/commits/5ec67cc9678a13c2f5cc6479bd191ef1d5e7182d	generic
urlhttps://x.com/smica83/status/2025979039614177769	generic
urlhttps://x.com/smica83/status/2026038524906975421	generic
urlhttps://api.github.com/repos/stamparm/maltrail/commits/eed2bf66bac09535f533a7f7c4fd5e11fd55a0f2	apt_kimsuky
urlhttps://api.github.com/repos/stamparm/maltrail/commits/f0c057f37fef906bfeaf8c85eebc02bcc5133d2a	vidar
urlhttps://www.virustotal.com/gui/file/b804437ff855bd3fd448d2bf76f47ada7dcee6288d8f0a53d41fd3b1361c4c0d/detection	vidar
urlhttps://api.github.com/repos/stamparm/maltrail/commits/dbf4930c405e099e546da792cde0bf9210bff734	powershell_injector
urlhttps://www.virustotal.com/gui/file/0e4780dd90a355c293a08c5607887b95ba4d7d5bffea1a8df92450dfc08934ea/detection	powershell_injector
urlhttps://api.github.com/repos/stamparm/maltrail/commits/5ea1173644e6bd59ebd6d5c49fcc62fef5af1b95	fakeapp
urlhttps://x.com/tuckner/status/2026069982493229434	fakeapp
urlhttps://annex.security/blog/promise-bomb	fakeapp
urlhttps://api.github.com/repos/stamparm/maltrail/commits/24f04eb96c56c6f97f1ed248dd1f8f82fc85040c	powershell_injector
urlhttps://x.com/malwrhunterteam/status/2026251417372049675	powershell_injector
urlhttps://www.virustotal.com/gui/file/73ae9fe72b3340b95e7187cd51de3b7476cfb84aa20b9903cfaff4f1c96a3e01/detection	powershell_injector
urlhttps://api.github.com/repos/stamparm/maltrail/commits/2d39fd81500e67b0a26081813c5bb8f46cffe31e	magentocore
urlhttps://www.virustotal.com/gui/ip-address/38.180.80.50/relations	magentocore
urlhttps://api.github.com/repos/stamparm/maltrail/commits/b3fa70ad54a979c37f8c2de4bf0b6934d0000a24	magentocore
urlhttps://api.github.com/repos/stamparm/maltrail/commits/4df89b99efb34e1f6f58e84340e0f41c59442f61	magentocore
urlhttps://api.github.com/repos/stamparm/maltrail/commits/4c405151fc705dbf7e7854e5a799d635c80c97a7	magentocore
urlhttps://x.com/sdcyberresearch/status/2026266049755164860	magentocore
urlhttps://api.github.com/repos/stamparm/maltrail/commits/a26b69e1fc21b37577409db62e93347d90798bfc	fakeapp
urlhttps://socket.dev/blog/malicious-chrome-extension-performs-hidden-affiliate-hijacking	fakeapp
urlhttps://api.github.com/repos/stamparm/maltrail/commits/66ea3343d6a60f23712520c7d0e9d5d6f72133a1	powershell_injector
urlhttps://www.cyberproof.com/blog/fake-captcha-attack-uncovered-clickfix-infostealer-campaign	powershell_injector
urlhttps://api.github.com/repos/stamparm/maltrail/commits/99b248df35bcf6619a11b06548379b4a2a8e6e4a	netsupport
urlhttps://www.virustotal.com/gui/file/8099e85c4aa05f50ff299a130dc26a67b45aed519668e8b1ee1692e0034196c2/detection	netsupport
urlhttps://api.github.com/repos/stamparm/maltrail/commits/d1bdbe806e95a93b7d45361744f2184a3731722b	fakeapp
urlhttps://x.com/D3LabIT/status/2026278544272232666	fakeapp
urlhttps://api.github.com/repos/stamparm/maltrail/commits/756bbf828079b7e8f5b4ba6ef70a5d8df3d92b8a	atomsilo
urlhttps://x.com/fbgwls245/status/2026299482477088838	atomsilo
urlhttps://api.github.com/repos/stamparm/maltrail/commits/1c88d89774aef47e80277d812ab21d7e807c97be	remcos
urlhttps://x.com/JAMESWT_WT/status/2026300744635129887	remcos
urlhttps://www.virustotal.com/gui/file/6f8e3ec4e11770eb4202b1ccae2423040c0703f7e7bbfd8330de0a7712f23498/detection	remcos
urlhttps://www.virustotal.com/gui/file/79d7358fd1cdaecc1adf0c054c2394abef95df87ef5191f70778da24310c790e/detection	remcos
urlhttps://api.github.com/repos/stamparm/maltrail/commits/b65b06b38cbe5319c83952879cabb4e3cc8bf9d7	cyberstrikeai
urlhttps://api.github.com/repos/stamparm/maltrail/commits/b9bae35324e39b3d63a6ade98778f91a933f9be0	cyberstrikeai
urlhttps://x.com/blackorbird/status/2025588291073171714	cyberstrikeai
urlhttps://cyberandramen.net/2026/02/21/llms-in-the-kill-chain-inside-a-custom-mcp-targeting-fortigate-devices-across-continents	cyberstrikeai
urlhttps://aws.amazon.com/ru/blogs/security/ai-augmented-threat-actor-accesses-fortigate-devices-at-scale	cyberstrikeai
urlhttps://api.github.com/repos/stamparm/maltrail/commits/582133a4fc977b91d356ed4d121c6ec0be15ef6f	cipherforce
urlhttps://x.com/fbgwls245/status/2025926038845526373	cipherforce
urlhttps://api.github.com/repos/stamparm/maltrail/commits/289ab7eb1c673037bccbe2943cf46f71dc420d61	vshell
urlhttps://www.virustotal.com/gui/ip-address/20.2.2.169/community	vshell
urlhttps://www.virustotal.com/gui/ip-address/103.164.203.173/relations	vshell
urlhttps://api.github.com/repos/stamparm/maltrail/commits/677b82dc8b6e4a9a2fa9ecdca81ad5d43c8c9469	vshell
urlhttps://www.virustotal.com/gui/ip-address/43.164.1.146/community	vshell
urlhttps://api.github.com/repos/stamparm/maltrail/commits/efabab581c22a454590bd4e67d5f44807ef786f7	apt_lazarus
urlhttps://www.security.com/blog-post/lazarus-medusa-ransomware	apt_lazarus
urlhttps://api.github.com/repos/stamparm/maltrail/commits/60c20e2c7b759acd5decf91a956b9b68753bf90c	toponev
urlhttps://x.com/Fact_Finder03/status/2026298291328368975	toponev

Ip

Value	Description	Copy
ip151.241.154.119	airbot
ip65.21.104.235	powershell_injector
ip143.92.60.24	supershell_c2
ip192.159.99.176	quasarrat
ip141.195.117.128	netsupport
ip198.23.175.46	remcos
ip38.240.32.108	remcos
ip212.11.64.250	cyberstrikeai
ip103.164.81.110	cyberstrikeai
ip106.52.47.65	cyberstrikeai
ip115.120.233.95	cyberstrikeai
ip118.25.186.119	cyberstrikeai
ip142.171.160.137	cyberstrikeai
ip144.31.224.253	cyberstrikeai
ip146.190.195.154	cyberstrikeai
ip146.190.82.132	cyberstrikeai
ip154.219.114.92	cyberstrikeai
ip156.238.244.173	cyberstrikeai
ip185.196.11.225	cyberstrikeai
ip43.167.237.212	cyberstrikeai
ip47.101.186.156	cyberstrikeai
ip47.95.33.207	cyberstrikeai
ip60.204.227.64	cyberstrikeai
ip62.234.61.215	cyberstrikeai
ip20.2.2.169	vshell
ip103.164.203.173	vshell
ip43.164.1.146	vshell
ip41.216.189.53	toponev

Domain

Value	Description	Copy
domaintered.pw	android_joker
domainrvtoolc.info	apt_unc2465
domainrvtooli.info	apt_unc2465
domainaccount.booklngg.com	ek_clearfake
domainbooklngg.com	ek_clearfake
domainnightlywallet.app	ek_clearfake
domain59xgjeq2.hexalink.digital	ek_clearfake
domainbest.deals.my.id	ek_clearfake
domainbrandnew.deals.my.id	ek_clearfake
domainbuycheap.deals.my.id	ek_clearfake
domaincheapest.deals.my.id	ek_clearfake
domaindeals.my.id	ek_clearfake
domainhexalink.digital	ek_clearfake
domainfilecloudgrid.com	—
domainfilecloudzip.com	—
domainfiledrivenow.com	—
domainfilesharegrid.com	—
domainmedia.megafilehost.cfd	—
domainmegafilehost.baby	—
domainmegafilehost.xyz	—
domaindc.aartzz.pp.ua	dcrat
domaindemo.ntl-rto.com	fakeapp
domainsmscup.ir	fakeapp
domainshift4internal.com	0ktapus
domainchromium-report-tech-331as-2s1-tcd-h143.chartexaapp-razv.com	fakeapp
domainforestoaker.com	powershell_injector
domainpub-22a8dd26de0749d5b900b711deea554b.r2.dev	powershell_injector
domaincdhhcehkchddeec.top	mintsloader
domainmhlgcebldddbidl.top	mintsloader
domainspacesolutionmac.it.com	osx_atomic
domainstorg.pages.dev	osx_atomic
domaincanvasn.top	lummac2
domainconvexm.top	lummac2
domaincredil.club	lummac2
domaincygnusn.cyou	lummac2
domaindarkbq.club	lummac2
domaingenetiz.shop	lummac2
domainiivouw.club	lummac2
domainintegri.top	lummac2
domainkaboim.club	lummac2
domainmensare.top	lummac2
domainpageld.club	lummac2
domainparabg.club	lummac2
domainscrewd.club	lummac2
domaintestdf.club	lummac2
domainthinlpr.buzz	lummac2
domaintouchfh.shop	lummac2
domainwipez.top	lummac2
domainheads-resistance-august-sweet.trycloudflare.com	generic
domainadvise-visual-playstation-closer.trycloudflare.com	generic
domainregistry-memory-defines-obtaining.trycloudflare.com	generic
domainchk.nsetverification.mydns.bz	apt_kimsuky
domaincvcmains.dns.army	apt_kimsuky
domainips-edocdeliver.mydns.bz	apt_kimsuky
domainnavlogin.sev.cvcmains.dns.army	apt_kimsuky
domainnid-naverhpk.onthewifi.com	apt_kimsuky
domainnid-naverjzc.servehalflife.com	apt_kimsuky
domainnid-navermly.servegame.com	apt_kimsuky
domainnid-naverohn.3utilities.com	apt_kimsuky
domainnid-naverxqh.servecounterstrike.com	apt_kimsuky
domainnkdocument-hometax.mydns.bz	apt_kimsuky
domainnsetverification.mydns.bz	apt_kimsuky
domainnuser-login.ips-edocdeliver.mydns.bz	apt_kimsuky
domainsev.cvcmains.dns.army	apt_kimsuky
domainvvork-space.com	vidar
domainalphazero1-endscape.cc	powershell_injector
domainalphazero10-endscape.cc	powershell_injector
domainalphazero2-endscape.cc	powershell_injector
domainalphazero3-endscape.cc	powershell_injector
domainalphazero4-endscape.cc	powershell_injector
domainalphazero5-endscape.cc	powershell_injector
domainalphazero6-endscape.cc	powershell_injector
domainalphazero7-endscape.cc	powershell_injector
domainalphazero8-endscape.cc	powershell_injector
domainalphazero9-endscape.cc	powershell_injector
domainpage-guard.com	fakeapp
domainpixel-defence.com	fakeapp
domainstreamcdn.click	powershell_injector
domainjavascripttestlibrary.com	magentocore
domainchatliveapp.com	magentocore
domainlivechathub.org	magentocore
domainliverespond.online	magentocore
domainapicheck.chatliveplus.com	magentocore
domainblog.chatliveplus.com	magentocore
domainchat.eventchatsupport.com	magentocore
domaincalendar.livechatlite.com	magentocore
domainmail.chatliveplus.com	magentocore
domainonline.eventchatsupport.com	magentocore
domainportal.livechatlite.com	magentocore
domainstatus.livechatlite.com	magentocore
domainsystem.eventchatsupport.com	magentocore
domainwebdisk.chatliveplus.com	magentocore
domainchatliveplus.com	magentocore
domaineventchatsupport.com	magentocore
domainlivechatlite.com	magentocore
domain10xprofit.io	fakeapp
domainapp.10xprofit.io	fakeapp
domainpinmaha.com	powershell_injector
domainapuliae.com	netsupport
domainjbactors.com	netsupport
domainmandatechgroup.com	fakeapp
domaineventul.com	fakeapp
domainnpmh5ahrgakbniuntyc7io4adm6ietbdbuejrfonowqtyqn24or556qd.onion	atomsilo
domainjerrymac2008.duckdns.org	remcos
domaindrb420.ru	cyberstrikeai
domaincyberstrike.drb420.ru	cyberstrikeai
domaino3ydbkayttkyg4iw2nc732jxmmex25bjeyqyvuuyngnxmpehdefjr3qd.onion	cipherforce
domainamazonfiso.com	apt_lazarus
domainhuman-check.com	apt_lazarus
domainillycafe.my	apt_lazarus
domainillycoffee.my	apt_lazarus
domainmarkethubuk.com	apt_lazarus
domainsictradingc.com	apt_lazarus
domaintrustpdfs.com	apt_lazarus
domainzypras.com	apt_lazarus

Threat ID: 699dd95dbe58cf853b0239a9

Added to database: 2/24/2026, 5:01:17 PM

Last enriched: 5/10/2026, 2:29:21 AM

Last updated: 5/25/2026, 4:45:34 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited

View courses

Maltrail IOC for 2026-02-24

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

Maltrail IOC for 2026-02-24

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Url

Ip

Domain

Community Reviews

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility

Maltrail IOC for 2026-02-24

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

Maltrail IOC for 2026-02-24

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Url

Ip

Domain

Community Reviews

Related Threats

ThreatFox IOCs for 2026-05-24

KRVTZ-NET IDS alerts for 2026-05-24

Maltrail IOC for 2026-05-24

ThreatFox IOCs for 2026-05-23

Maltrail IOC for 2026-05-23

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility