Maltrail IOC for 2026-02-26
Maltrail IOC for 2026-02-26
AI Analysis
Technical Summary
The provided information pertains to a Maltrail Indicator of Compromise (IOC) dated February 26, 2026, sourced from the CIRCL OSINT Feed. Maltrail is a network traffic detection system designed to identify suspicious or malicious network activity by analyzing traffic patterns and known malicious indicators. This IOC is classified as malware-related but lacks specific details such as affected software versions, malware family, or attack vectors. The entry does not list any known exploits in the wild or available patches, indicating that it is primarily an observational data point rather than a report of an active or newly discovered vulnerability. The IOC is tagged with 'medium' severity, reflecting a moderate risk level based on the observed network activity. The technical details are minimal, with no concrete indicators of compromise (such as IP addresses, domains, or file hashes) provided, limiting the ability to perform targeted detection or response. The classification under OSINT and network activity suggests that this IOC is derived from manual collection and external analysis of network traffic patterns, potentially highlighting emerging or ongoing malware campaigns. The absence of CWE identifiers and patch information further supports that this is a threat intelligence observation rather than a software vulnerability. Organizations utilizing network monitoring tools like Maltrail can use this IOC to enhance their detection capabilities by correlating it with internal network data to identify potential malware infections or communications. However, without specific indicators, the IOC serves more as a contextual alert to maintain heightened vigilance against malware-related network anomalies.
Potential Impact
The potential impact of this IOC is primarily related to the detection and early warning of malware-related network activity. Since no specific malware family or exploit details are provided, the direct impact on confidentiality, integrity, or availability cannot be precisely determined. However, malware infections detected through network anomalies can lead to data breaches, unauthorized access, disruption of services, or lateral movement within networks if not promptly addressed. The medium severity rating suggests a moderate risk that could escalate if the underlying malware campaign intensifies or evolves. Organizations lacking robust network monitoring may miss early signs of compromise, increasing the likelihood of successful attacks. The absence of patches or known exploits indicates that mitigation relies heavily on detection and response capabilities rather than vulnerability remediation. Consequently, the impact is contingent on an organization's ability to identify and respond to suspicious network behavior. Failure to do so could result in prolonged undetected malware presence, data exfiltration, or operational disruptions. The IOC's perpetual lifetime implies ongoing relevance, necessitating continuous monitoring to mitigate potential threats effectively.
Mitigation Recommendations
Given the nature of this IOC as a network activity observation without specific exploit or patch information, mitigation should focus on enhancing detection and response capabilities. Organizations should deploy and maintain advanced network traffic analysis tools such as Maltrail or equivalent IDS/IPS systems to identify anomalous patterns indicative of malware. Regularly update threat intelligence feeds to incorporate the latest IOCs and ensure correlation with internal logs and network telemetry. Implement network segmentation to limit lateral movement in case of infection and enforce strict access controls. Conduct proactive threat hunting exercises focusing on unusual outbound connections, beaconing behavior, or communication with known malicious infrastructure. Employ endpoint detection and response (EDR) solutions to complement network monitoring and facilitate rapid containment. Train security teams to recognize and investigate medium-risk alerts promptly, avoiding alert fatigue by tuning detection thresholds appropriately. Maintain comprehensive incident response plans that include procedures for malware containment and eradication. Finally, collaborate with external threat intelligence providers to receive timely updates and contextual analysis that can refine detection rules and response strategies.
Affected Countries
United States, Germany, France, United Kingdom, Canada, Australia, Netherlands, Japan, South Korea, Singapore
Indicators of Compromise
- url: https://api.github.com/repos/stamparm/maltrail/commits/0c6667175dd9fba7698bbf1bdf849297b605a2e3
- url: https://x.com/BlinkzSec/status/2026899651345993936
- url: https://www.virustotal.com/gui/file/4f0c95a1885411100649bf8150c2f189dc0941ac569b801b3765d1ca64b760dc/detection
- ip: 186.169.75.221
- domain: oficialrem.duckdns.org
- url: https://api.github.com/repos/stamparm/maltrail/commits/437c2fe3871e35869bc9c67994edd7ce83f20427
- domain: filecindercrate.com
- domain: filedeltaforge.com
- domain: filemodulelink.com
- domain: filemonorailsync.com
- domain: fileoriginvault.com
- domain: filequartzrelay.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/210c5c1185382eb070ddcbbee197d498b2870bce
- domain: a.greetinggleeful.ru
- domain: greetinggleeful.ru
- domain: ns1.yyau.ru
- domain: s.greetinggleeful.ru
- domain: utterdeflected.ru
- domain: yyau.ru
- url: https://api.github.com/repos/stamparm/maltrail/commits/89ff2ed1d3a60e8ab5104cc8b6f398be6d6045ae
- domain: 13nq2ksp.lunarbridge.digital
- domain: 1m89k7yv.primefusion.digital
- domain: 2lrej7f0.microzen.digital
- domain: 2z0nkkls.lumenbit.digital
- domain: 3li6xvqk.rapidmatrix.digital
- domain: 5mf4m58e.lumenbit.digital
- domain: 6u5wy3rf.lunarbridge.digital
- domain: 6ut6sdn1.clearvertex.digital
- domain: 85lgsf41.clearvertex.digital
- domain: activestatushub.snoozetrap.in.net
- domain: advancedsystrace.intricessaucy.in.net
- domain: aerospaceviewport.aircraftmodel.in.net
- domain: agri-tech-monitor.silverfield.ru
- domain: agricultural-monitoring.freshhill.ru
- domain: aidiyet.esb.org.tr
- domain: aircraftmodel.in.net
- domain: alphasync.digital
- domain: applicationbackup.implementnega.in.net
- domain: applynow.approvkrup.in.net
- domain: arctic-data-sync-node.thenorthernvertex.com
- domain: area-grove-sync.brightgrove.ru
- domain: atmospheric-sensor-unit.quietwind.ru
- domain: auditsounder.ru
- domain: authpoint.approvkrup.in.net
- domain: b113a978.alphasync.digital
- domain: b4svvivz.cybervox.digital
- domain: backgroundprocess.snoozetrap.in.net
- domain: basepoint.solidyears.in.net
- domain: baseportion.inherentrecip.ru
- domain: baskadubutil.in.net
- domain: beyondbase.afterlifetap.in.net
- domain: bloodsubsequen.in.net
- domain: bloomshift.takeoverspring.in.net
- domain: blowofmike.in.net
- domain: botanical-research-archive.wildfern.ru
- domain: brannysuppress.ru
- domain: brewshield.brannysuppress.ru
- domain: bright-cliff-edge.brightcliff.in.net
- domain: bright-field-stat.brightvale.ru
- domain: bright-grove-park.brightgrove.ru
- domain: brightcliff.in.net
- domain: brightforfox.in.net
- domain: brightgrove.ru
- domain: brighttail.brightforfox.in.net
- domain: brightvale.ru
- domain: bxp0c9rt.crystalbit.digital
- domain: calcunit.arithmethair.in.net
- domain: calmbreeze.quietwind.in.net
- domain: central-hub-access.urbanlake.ru
- domain: central-monitoring-hub.clearcrest.ru
- domain: central-navigation-hub.thenorthernvertex.com
- domain: central-pine-node.smartpine.ru
- domain: centralcloudservice.lubginany.in.net
- domain: checkstatus.approvkrup.in.net
- domain: checktone.auditsounder.ru
- domain: chillwater.coldinriver.in.net
- domain: chronosyncmanager.swallowtime.in.net
- domain: city-management-portal.urbanlake.ru
- domain: city-ridge-sync.urbanridge.ru
- domain: city-stone-track.urbanstone.in.net
- domain: clear-field-view.clearfield.in.net
- domain: clear-silver-route.silverpath.in.net
- domain: clearatwind.in.net
- domain: clearbreeze.clearatwind.in.net
- domain: clearcrest.ru
- domain: clearfield.in.net
- domain: clearvertex.digital
- domain: cliff-side-sync.brightcliff.in.net
- domain: cliffbird.sparrowinrock.in.net
- domain: cliffroot.wildandstone.in.net
- domain: climatecontrolunit.makeoverwinter.in.net
- domain: coastal-storm-node.stormbay.ru
- domain: coldinriver.in.net
- domain: compactvillage.koreansmall.ru
- domain: complexlogicstream.intricessaucy.in.net
- domain: cool-port-storage.coolharbor.ru
- domain: coolharbor.ru
- domain: core-stone-vault.vividrock.ru
- domain: coreintegratednode.implementnega.in.net
- domain: corenumber.arithmethair.in.net
- domain: crest-logic-point.clearcrest.ru
- domain: crimsonbeat.rockinred.in.net
- domain: crystalbit.digital
- domain: cybervox.digital
- domain: darkbypine.in.net
- domain: darkport.detachfrigate.in.net
- domain: data-clear-sync.clearfield.in.net
- domain: daytrace.hourillusion.in.net
- domain: deep-water-sensor.stormbay.ru
- domain: deploymentsystems.implementnega.in.net
- domain: depth-canyon-monitor.swiftcanyon.ru
- domain: desert-storm-monitor.rapiddune.ru
- domain: detachfrigate.in.net
- domain: digitflow.arithmethair.in.net
- domain: direct-access-line.silverpath.in.net
- domain: dune-logic-base.rapiddune.ru
- domain: dynamicmarketflow.globalstimul.in.net
- domain: echocharge.blowofmike.in.net
- domain: eco-system-track.freshhill.ru
- domain: emberpelt.brightforfox.in.net
- domain: epi66tim.velocore.digital
- domain: esb.org
- domain: f2i32y9f.silvernode.digital
- domain: fast-flow-point.rapidbrook.ru
- domain: fast-port-logic.quickharbor.in.net
- domain: fast-track-sensor.rapidtrail.in.net
- domain: fastleaf.in.net
- domain: fernshade.wildfern.in.net
- domain: field-logic-base.clearfield.in.net
- domain: finalgate.afterlifetap.in.net
- domain: finalstep.approvkrup.in.net
- domain: flightcontrolcenter.aircraftmodel.in.net
- domain: forest-deep-sync-node.wildfern.ru
- domain: forest-logic-center.vividgrove.in.net
- domain: forestfrond.wildfern.in.net
- domain: foxspark.brightforfox.in.net
- domain: fresh-bio-center.freshhill.ru
- domain: fresh-cliff-high.freshcliff.ru
- domain: freshcliff.ru
- domain: freshhill.ru
- domain: freshuprise.takeoverspring.in.net
- domain: frostprotectionsys.makeoverwinter.in.net
- domain: froststream.coldinriver.in.net
- domain: geo-fresh-node.freshcliff.ru
- domain: geo-rock-sync-base.swiftcanyon.ru
- domain: geological-survey-point.vividrock.ru
- domain: globalstimul.in.net
- domain: globalsynchandler.intricessaucy.in.net
- domain: glow-ridge-light.glowridge.ru
- domain: glowridge.ru
- domain: graincontrol.brannysuppress.ru
- domain: grass-land-node.silentmeadow.in.net
- domain: green-grove-sync.vividgrove.in.net
- domain: greenwild.wildfern.in.net
- domain: ground-trail-monitor.rapidtrail.in.net
- domain: h0kuelyp.modernsignal.digital
- domain: hard-rock-base.vividrock.ru
- domain: hardlife.shratsurvivor.in.net
- domain: hardrock.solidyears.in.net
- domain: heat-sync-node.rapiddune.ru
- domain: heropath.shratsurvivor.in.net
- domain: high-altitude-sensor.clearcrest.ru
- domain: high-rise-monitor.urbanridge.ru
- domain: high-wall-monitor.brightcliff.in.net
- domain: hill-side-view-point.freshhill.ru
- domain: historyflowsystem.swallowtime.in.net
- domain: hourillusion.in.net
- domain: humanunit.chelnperson.in.net
- domain: hydrological-collector.rapidbrook.ru
- domain: icetorrent.coldinriver.in.net
- domain: impactanalysisview.globalstimul.in.net
- domain: implementnega.in.net
- domain: infrastructure-service.urbanlake.ru
- domain: innaterecipe.inherentrecip.ru
- domain: internalnodepoint.lubginany.in.net
- domain: intervalchecknode.swallowtime.in.net
- domain: intricessaucy.in.net
- domain: it-pine-management.smartpine.ru
- domain: iwkzzjit.rapidmatrix.digital
- domain: joieshk7.hexalink.digital
- domain: js0qnoh0.alphasync.digital
- domain: jy8vxjxs.lumenbit.digital
- domain: koreansmall.ru
- domain: laststand.shratsurvivor.in.net
- domain: leadgroup.chelnperson.in.net
- domain: lg1kpu12.microzen.digital
- domain: light-grove-hub.brightgrove.ru
- domain: light-valley-hub.brightvale.ru
- domain: littlemarket.koreansmall.ru
- domain: longroad.solidyears.in.net
- domain: lubginany.in.net
- domain: lumenbit.digital
- domain: lunarbridge.digital
- domain: main-cool-harbor-sys.coolharbor.ru
- domain: main-crest-auth.clearcrest.ru
- domain: main-monitoring-station.vividrock.ru
- domain: main-quick-dock.quickharbor.in.net
- domain: maintool.baskadubutil.in.net
- domain: makeoverwinter.in.net
- domain: maltguard.brannysuppress.ru
- domain: mathlogic.arithmethair.in.net
- domain: micblast.blowofmike.in.net
- domain: microzen.digital
- domain: minihouse.koreansmall.ru
- domain: modernsignal.digital
- domain: monitoringservice.snoozetrap.in.net
- domain: mountain-glow-base.glowridge.ru
- domain: nature-grove-data.vividgrove.in.net
- domain: nature-logic-base.wildfern.ru
- domain: nature-silent-sync.silentmeadow.in.net
- domain: navigationsysunit.aircraftmodel.in.net
- domain: networkdatamanager.lubginany.in.net
- domain: nighttimber.darkbypine.in.net
- domain: novacode.digital
- domain: ocean-harbor-gate.coolharbor.ru
- domain: oceanpoint.detachfrigate.in.net
- domain: oldcore.solidyears.in.net
- domain: open-field-data.silverfield.ru
- domain: open-zone-monitor.clearfield.in.net
- domain: openmatrix.digital
- domain: orbit-dash-control.orbitdash.in.net
- domain: orbit-logic-base.orbitdash.in.net
- domain: orbitdash.in.net
- domain: ovfs585i.urbanforge.digital
- domain: path-logic-unit.silverpath.in.net
- domain: peak-vertex-auth.thenorthernvertex.com
- domain: pinegloom.darkbypine.in.net
- domain: pq2uim2y.velocore.digital
- domain: primefusion.digital
- domain: priorityflowcontrol.bloodsubsequen.in.net
- domain: processvalidation.implementnega.in.net
- domain: public-gateway-alpha.urbanlake.ru
- domain: quick-harbor-unit.quickharbor.in.net
- domain: quickharbor.in.net
- domain: quickpetal.fastleaf.in.net
- domain: quiet-air-monitor.quietwind.ru
- domain: quiet-field-monitor.silentmeadow.in.net
- domain: quietwind.in.net
- domain: quietwind.ru
- domain: r615p0ru.lumenbit.digital
- domain: rapid-dune-sand.rapiddune.ru
- domain: rapid-stream-data.rapidbrook.ru
- domain: rapid-trail-path.rapidtrail.in.net
- domain: rapidbrook.ru
- domain: rapiddune.ru
- domain: rapidfern.fastleaf.in.net
- domain: rapidmatrix.digital
- domain: rapidtrail.in.net
- domain: redstone.rockinred.in.net
- domain: region-sync-base.brightvale.ru
- domain: remotedatachannel.intricessaucy.in.net
- domain: ridge-data-point.glowridge.ru
- domain: rngj2amn.openmatrix.digital
- domain: rockember.rockinred.in.net
- domain: rockfeather.sparrowinrock.in.net
- domain: rockgrove.wildandstone.in.net
- domain: rockinred.in.net
- domain: route-logic-sync.rapidtrail.in.net
- domain: s2s942l0.modernsignal.digital
- domain: satellite-data-node.orbitdash.in.net
- domain: seasonaltrendlog.makeoverwinter.in.net
- domain: secure-logic-gateway.thenorthernvertex.com
- domain: secureaccesspoint.lubginany.in.net
- domain: servicedesk.baskadubutil.in.net
- domain: shadowcone.darkbypine.in.net
- domain: shiftview.hourillusion.in.net
- domain: ship-dock-control.coolharbor.ru
- domain: shipnode.detachfrigate.in.net
- domain: shratsurvivor.in.net
- domain: shsq4l7w.urbanforge.digital
- domain: silent-flow-node.quietwind.ru
- domain: silent-meadow-base.silentmeadow.in.net
- domain: silentdraft.quietwind.in.net
- domain: silentmeadow.in.net
- domain: silenttriggerbase.snoozetrap.in.net
- domain: silver-field-base.silverfield.ru
- domain: silver-path-way.silverpath.in.net
- domain: silver-zone-sync.silverfield.ru
- domain: silverfield.ru
- domain: silvermypath.in.net
- domain: silvernode.digital
- domain: silverpath.in.net
- domain: silvertrail.silvermypath.in.net
- domain: skycurrent.clearatwind.in.net
- domain: smart-timber-track.smartpine.ru
- domain: smartpine.ru
- domain: snoozetrap.in.net
- domain: softgust.quietwind.in.net
- domain: solar-energy-control.brightvale.ru
- domain: solar-grove-control.brightgrove.ru
- domain: solidyears.in.net
- domain: soultrack.afterlifetap.in.net
- domain: soundreview.auditsounder.ru
- domain: space-track-system.orbitdash.in.net
- domain: sparrowinrock.in.net
- domain: spiritlink.afterlifetap.in.net
- domain: springclaim.takeoverspring.in.net
- domain: staffbase.chelnperson.in.net
- domain: steady-flow-brook.steadybrook.in.net
- domain: steadybrook.in.net
- domain: stone-solid-base.urbanstone.in.net
- domain: stonewild.wildandstone.in.net
- domain: stonewing.sparrowinrock.in.net
- domain: storm-bay-watch.stormbay.ru
- domain: stormbay.ru
- domain: strategicdatasink.globalstimul.in.net
- domain: street-level-sync.urbanstone.in.net
- domain: summit-cliff-sync.freshcliff.ru
- domain: summit-sync-unit.glowridge.ru
- domain: swallowtime.in.net
- domain: swift-canyon-pass.swiftcanyon.ru
- domain: swift-flow-node.swiftcanyon.ru
- domain: swiftbranch.fastleaf.in.net
- domain: swiftcanyon.ru
- domain: swog3mgt.openmatrix.digital
- domain: t0ijoagy.crystalbit.digital
- domain: takeoverspring.in.net
- domain: tasknode.baskadubutil.in.net
- domain: technicalsupportbox.aircraftmodel.in.net
- domain: temporallogicunit.swallowtime.in.net
- domain: thenorthernvertex.com
- domain: timeloop.hourillusion.in.net
- domain: transit-harbor-node.quickharbor.in.net
- domain: ultranode.ultranet.in.net
- domain: universalreachpoint.globalstimul.in.net
- domain: urban-data-point.urbanridge.ru
- domain: urban-infrastructure-node.urbanstone.in.net
- domain: urban-ridge-city.urbanridge.ru
- domain: urbanforge.digital
- domain: urbanlake.ru
- domain: urbanridge.ru
- domain: urbanstone.in.net
- domain: utilsync.baskadubutil.in.net
- domain: vbb24wmu.lumenbit.digital
- domain: velocore.digital
- domain: verifyecho.auditsounder.ru
- domain: vertical-data-flow.brightcliff.in.net
- domain: vesselhub.detachfrigate.in.net
- domain: vitalstatisticsunit.bloodsubsequen.in.net
- domain: vivid-grove-tree.vividgrove.in.net
- domain: vividgrove.in.net
- domain: vividrock.ru
- domain: vo230hqh.cybervox.digital
- domain: vxnrtubh.primefusion.digital
- domain: watchpoint.hourillusion.in.net
- domain: water-network-node.rapidbrook.ru
- domain: water-stream-analysis.steadybrook.in.net
- domain: weather-station-data.quietwind.ru
- domain: weather-warning-system.stormbay.ru
- domain: wild-leaf-trace.wildfern.ru
- domain: wildandstone.in.net
- domain: wildfern.in.net
- domain: wildfern.ru
- domain: wildhunt.shratsurvivor.in.net
- domain: wind-cliff-monitor.freshcliff.ru
- domain: windglade.clearatwind.in.net
- domain: windvoice.blowofmike.in.net
- domain: winterupdatestack.makeoverwinter.in.net
- domain: wood-processing-unit.smartpine.ru
- domain: workforce.chelnperson.in.net
- domain: zx45t73y.silvernode.digital
- url: https://api.github.com/repos/stamparm/maltrail/commits/6868b1d44903dc8d9bfda77b389aa5619994e003
- domain: additional-final-check.com
- domain: d-apps-exchange.com
- domain: finalise-additiona-update.com
- domain: fjdeljty.info
- url: https://api.github.com/repos/stamparm/maltrail/commits/e94a4d5b5a096f8f6c51332d0450e57a7a28061a
- domain: cac.mitel.cz
- url: https://api.github.com/repos/stamparm/maltrail/commits/f826f1544f6464598ee6ccfd36bd3025314facdb
- domain: luygbgtd.cfd
- domain: mdeshyyeo.click
- url: https://api.github.com/repos/stamparm/maltrail/commits/6557113119e8effc165ced84096ccfe2b7d5fdfb
- ip: 206.206.127.178
- url: https://api.github.com/repos/stamparm/maltrail/commits/f47dd573967b36d8fc914b94f23c655fb4517647
- url: https://x.com/JAMESWT_WT/status/2026920368217190557
- url: https://www.virustotal.com/gui/file/644ef9f5eea1d6a2bc39a62627ee3c7114a14e7050bafab8a76b9aa8069425fa/detection
- domain: uswebzoomus.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/00ed99153c0cf51d9720eb83a27d1fe58a93fc87
- domain: birdbeginner.cfd
- domain: zukharilx.world
- url: https://api.github.com/repos/stamparm/maltrail/commits/28c4054d3b0cfe0a420268880c3ed4a6f4ad5857
- domain: aansyvz3.top
- domain: dlnnbafkfekljei.top
- domain: mcdmbaalgakinec.top
- url: https://api.github.com/repos/stamparm/maltrail/commits/b3328bfb4454f4a8dae12a59c8303b9a76c89007
- domain: kasykmp.cyou
- domain: ridobad.cyou
Maltrail IOC for 2026-02-26
Description
Maltrail IOC for 2026-02-26
AI-Powered Analysis
Technical Analysis
The provided information pertains to a Maltrail Indicator of Compromise (IOC) dated February 26, 2026, sourced from the CIRCL OSINT Feed. Maltrail is a network traffic detection system designed to identify suspicious or malicious network activity by analyzing traffic patterns and known malicious indicators. This IOC is classified as malware-related but lacks specific details such as affected software versions, malware family, or attack vectors. The entry does not list any known exploits in the wild or available patches, indicating that it is primarily an observational data point rather than a report of an active or newly discovered vulnerability. The IOC is tagged with 'medium' severity, reflecting a moderate risk level based on the observed network activity. The technical details are minimal, with no concrete indicators of compromise (such as IP addresses, domains, or file hashes) provided, limiting the ability to perform targeted detection or response. The classification under OSINT and network activity suggests that this IOC is derived from manual collection and external analysis of network traffic patterns, potentially highlighting emerging or ongoing malware campaigns. The absence of CWE identifiers and patch information further supports that this is a threat intelligence observation rather than a software vulnerability. Organizations utilizing network monitoring tools like Maltrail can use this IOC to enhance their detection capabilities by correlating it with internal network data to identify potential malware infections or communications. However, without specific indicators, the IOC serves more as a contextual alert to maintain heightened vigilance against malware-related network anomalies.
Potential Impact
The potential impact of this IOC is primarily related to the detection and early warning of malware-related network activity. Since no specific malware family or exploit details are provided, the direct impact on confidentiality, integrity, or availability cannot be precisely determined. However, malware infections detected through network anomalies can lead to data breaches, unauthorized access, disruption of services, or lateral movement within networks if not promptly addressed. The medium severity rating suggests a moderate risk that could escalate if the underlying malware campaign intensifies or evolves. Organizations lacking robust network monitoring may miss early signs of compromise, increasing the likelihood of successful attacks. The absence of patches or known exploits indicates that mitigation relies heavily on detection and response capabilities rather than vulnerability remediation. Consequently, the impact is contingent on an organization's ability to identify and respond to suspicious network behavior. Failure to do so could result in prolonged undetected malware presence, data exfiltration, or operational disruptions. The IOC's perpetual lifetime implies ongoing relevance, necessitating continuous monitoring to mitigate potential threats effectively.
Mitigation Recommendations
Given the nature of this IOC as a network activity observation without specific exploit or patch information, mitigation should focus on enhancing detection and response capabilities. Organizations should deploy and maintain advanced network traffic analysis tools such as Maltrail or equivalent IDS/IPS systems to identify anomalous patterns indicative of malware. Regularly update threat intelligence feeds to incorporate the latest IOCs and ensure correlation with internal logs and network telemetry. Implement network segmentation to limit lateral movement in case of infection and enforce strict access controls. Conduct proactive threat hunting exercises focusing on unusual outbound connections, beaconing behavior, or communication with known malicious infrastructure. Employ endpoint detection and response (EDR) solutions to complement network monitoring and facilitate rapid containment. Train security teams to recognize and investigate medium-risk alerts promptly, avoiding alert fatigue by tuning detection thresholds appropriately. Maintain comprehensive incident response plans that include procedures for malware containment and eradication. Finally, collaborate with external threat intelligence providers to receive timely updates and contextual analysis that can refine detection rules and response strategies.
Technical Details
- Uuid
- 9291457f-54be-4e1d-b239-3562e18112d7
- Original Timestamp
- 1772096468
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://api.github.com/repos/stamparm/maltrail/commits/0c6667175dd9fba7698bbf1bdf849297b605a2e3 | remcos | |
urlhttps://x.com/BlinkzSec/status/2026899651345993936 | remcos | |
urlhttps://www.virustotal.com/gui/file/4f0c95a1885411100649bf8150c2f189dc0941ac569b801b3765d1ca64b760dc/detection | remcos | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/437c2fe3871e35869bc9c67994edd7ce83f20427 | — | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/210c5c1185382eb070ddcbbee197d498b2870bce | ek_clearfake | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/89ff2ed1d3a60e8ab5104cc8b6f398be6d6045ae | ek_clearfake | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/6868b1d44903dc8d9bfda77b389aa5619994e003 | ek_clearfake | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/e94a4d5b5a096f8f6c51332d0450e57a7a28061a | hak5cloud_c2 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/f826f1544f6464598ee6ccfd36bd3025314facdb | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/6557113119e8effc165ced84096ccfe2b7d5fdfb | sectoprat | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/f47dd573967b36d8fc914b94f23c655fb4517647 | fakeapp | |
urlhttps://x.com/JAMESWT_WT/status/2026920368217190557 | fakeapp | |
urlhttps://www.virustotal.com/gui/file/644ef9f5eea1d6a2bc39a62627ee3c7114a14e7050bafab8a76b9aa8069425fa/detection | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/00ed99153c0cf51d9720eb83a27d1fe58a93fc87 | osx_atomic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/28c4054d3b0cfe0a420268880c3ed4a6f4ad5857 | mintsloader | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/b3328bfb4454f4a8dae12a59c8303b9a76c89007 | lummac2 |
Ip
| Value | Description | Copy |
|---|---|---|
ip186.169.75.221 | remcos | |
ip206.206.127.178 | sectoprat |
Domain
| Value | Description | Copy |
|---|---|---|
domainoficialrem.duckdns.org | remcos | |
domainfilecindercrate.com | — | |
domainfiledeltaforge.com | — | |
domainfilemodulelink.com | — | |
domainfilemonorailsync.com | — | |
domainfileoriginvault.com | — | |
domainfilequartzrelay.com | — | |
domaina.greetinggleeful.ru | ek_clearfake | |
domaingreetinggleeful.ru | ek_clearfake | |
domainns1.yyau.ru | ek_clearfake | |
domains.greetinggleeful.ru | ek_clearfake | |
domainutterdeflected.ru | ek_clearfake | |
domainyyau.ru | ek_clearfake | |
domain13nq2ksp.lunarbridge.digital | ek_clearfake | |
domain1m89k7yv.primefusion.digital | ek_clearfake | |
domain2lrej7f0.microzen.digital | ek_clearfake | |
domain2z0nkkls.lumenbit.digital | ek_clearfake | |
domain3li6xvqk.rapidmatrix.digital | ek_clearfake | |
domain5mf4m58e.lumenbit.digital | ek_clearfake | |
domain6u5wy3rf.lunarbridge.digital | ek_clearfake | |
domain6ut6sdn1.clearvertex.digital | ek_clearfake | |
domain85lgsf41.clearvertex.digital | ek_clearfake | |
domainactivestatushub.snoozetrap.in.net | ek_clearfake | |
domainadvancedsystrace.intricessaucy.in.net | ek_clearfake | |
domainaerospaceviewport.aircraftmodel.in.net | ek_clearfake | |
domainagri-tech-monitor.silverfield.ru | ek_clearfake | |
domainagricultural-monitoring.freshhill.ru | ek_clearfake | |
domainaidiyet.esb.org.tr | ek_clearfake | |
domainaircraftmodel.in.net | ek_clearfake | |
domainalphasync.digital | ek_clearfake | |
domainapplicationbackup.implementnega.in.net | ek_clearfake | |
domainapplynow.approvkrup.in.net | ek_clearfake | |
domainarctic-data-sync-node.thenorthernvertex.com | ek_clearfake | |
domainarea-grove-sync.brightgrove.ru | ek_clearfake | |
domainatmospheric-sensor-unit.quietwind.ru | ek_clearfake | |
domainauditsounder.ru | ek_clearfake | |
domainauthpoint.approvkrup.in.net | ek_clearfake | |
domainb113a978.alphasync.digital | ek_clearfake | |
domainb4svvivz.cybervox.digital | ek_clearfake | |
domainbackgroundprocess.snoozetrap.in.net | ek_clearfake | |
domainbasepoint.solidyears.in.net | ek_clearfake | |
domainbaseportion.inherentrecip.ru | ek_clearfake | |
domainbaskadubutil.in.net | ek_clearfake | |
domainbeyondbase.afterlifetap.in.net | ek_clearfake | |
domainbloodsubsequen.in.net | ek_clearfake | |
domainbloomshift.takeoverspring.in.net | ek_clearfake | |
domainblowofmike.in.net | ek_clearfake | |
domainbotanical-research-archive.wildfern.ru | ek_clearfake | |
domainbrannysuppress.ru | ek_clearfake | |
domainbrewshield.brannysuppress.ru | ek_clearfake | |
domainbright-cliff-edge.brightcliff.in.net | ek_clearfake | |
domainbright-field-stat.brightvale.ru | ek_clearfake | |
domainbright-grove-park.brightgrove.ru | ek_clearfake | |
domainbrightcliff.in.net | ek_clearfake | |
domainbrightforfox.in.net | ek_clearfake | |
domainbrightgrove.ru | ek_clearfake | |
domainbrighttail.brightforfox.in.net | ek_clearfake | |
domainbrightvale.ru | ek_clearfake | |
domainbxp0c9rt.crystalbit.digital | ek_clearfake | |
domaincalcunit.arithmethair.in.net | ek_clearfake | |
domaincalmbreeze.quietwind.in.net | ek_clearfake | |
domaincentral-hub-access.urbanlake.ru | ek_clearfake | |
domaincentral-monitoring-hub.clearcrest.ru | ek_clearfake | |
domaincentral-navigation-hub.thenorthernvertex.com | ek_clearfake | |
domaincentral-pine-node.smartpine.ru | ek_clearfake | |
domaincentralcloudservice.lubginany.in.net | ek_clearfake | |
domaincheckstatus.approvkrup.in.net | ek_clearfake | |
domainchecktone.auditsounder.ru | ek_clearfake | |
domainchillwater.coldinriver.in.net | ek_clearfake | |
domainchronosyncmanager.swallowtime.in.net | ek_clearfake | |
domaincity-management-portal.urbanlake.ru | ek_clearfake | |
domaincity-ridge-sync.urbanridge.ru | ek_clearfake | |
domaincity-stone-track.urbanstone.in.net | ek_clearfake | |
domainclear-field-view.clearfield.in.net | ek_clearfake | |
domainclear-silver-route.silverpath.in.net | ek_clearfake | |
domainclearatwind.in.net | ek_clearfake | |
domainclearbreeze.clearatwind.in.net | ek_clearfake | |
domainclearcrest.ru | ek_clearfake | |
domainclearfield.in.net | ek_clearfake | |
domainclearvertex.digital | ek_clearfake | |
domaincliff-side-sync.brightcliff.in.net | ek_clearfake | |
domaincliffbird.sparrowinrock.in.net | ek_clearfake | |
domaincliffroot.wildandstone.in.net | ek_clearfake | |
domainclimatecontrolunit.makeoverwinter.in.net | ek_clearfake | |
domaincoastal-storm-node.stormbay.ru | ek_clearfake | |
domaincoldinriver.in.net | ek_clearfake | |
domaincompactvillage.koreansmall.ru | ek_clearfake | |
domaincomplexlogicstream.intricessaucy.in.net | ek_clearfake | |
domaincool-port-storage.coolharbor.ru | ek_clearfake | |
domaincoolharbor.ru | ek_clearfake | |
domaincore-stone-vault.vividrock.ru | ek_clearfake | |
domaincoreintegratednode.implementnega.in.net | ek_clearfake | |
domaincorenumber.arithmethair.in.net | ek_clearfake | |
domaincrest-logic-point.clearcrest.ru | ek_clearfake | |
domaincrimsonbeat.rockinred.in.net | ek_clearfake | |
domaincrystalbit.digital | ek_clearfake | |
domaincybervox.digital | ek_clearfake | |
domaindarkbypine.in.net | ek_clearfake | |
domaindarkport.detachfrigate.in.net | ek_clearfake | |
domaindata-clear-sync.clearfield.in.net | ek_clearfake | |
domaindaytrace.hourillusion.in.net | ek_clearfake | |
domaindeep-water-sensor.stormbay.ru | ek_clearfake | |
domaindeploymentsystems.implementnega.in.net | ek_clearfake | |
domaindepth-canyon-monitor.swiftcanyon.ru | ek_clearfake | |
domaindesert-storm-monitor.rapiddune.ru | ek_clearfake | |
domaindetachfrigate.in.net | ek_clearfake | |
domaindigitflow.arithmethair.in.net | ek_clearfake | |
domaindirect-access-line.silverpath.in.net | ek_clearfake | |
domaindune-logic-base.rapiddune.ru | ek_clearfake | |
domaindynamicmarketflow.globalstimul.in.net | ek_clearfake | |
domainechocharge.blowofmike.in.net | ek_clearfake | |
domaineco-system-track.freshhill.ru | ek_clearfake | |
domainemberpelt.brightforfox.in.net | ek_clearfake | |
domainepi66tim.velocore.digital | ek_clearfake | |
domainesb.org | ek_clearfake | |
domainf2i32y9f.silvernode.digital | ek_clearfake | |
domainfast-flow-point.rapidbrook.ru | ek_clearfake | |
domainfast-port-logic.quickharbor.in.net | ek_clearfake | |
domainfast-track-sensor.rapidtrail.in.net | ek_clearfake | |
domainfastleaf.in.net | ek_clearfake | |
domainfernshade.wildfern.in.net | ek_clearfake | |
domainfield-logic-base.clearfield.in.net | ek_clearfake | |
domainfinalgate.afterlifetap.in.net | ek_clearfake | |
domainfinalstep.approvkrup.in.net | ek_clearfake | |
domainflightcontrolcenter.aircraftmodel.in.net | ek_clearfake | |
domainforest-deep-sync-node.wildfern.ru | ek_clearfake | |
domainforest-logic-center.vividgrove.in.net | ek_clearfake | |
domainforestfrond.wildfern.in.net | ek_clearfake | |
domainfoxspark.brightforfox.in.net | ek_clearfake | |
domainfresh-bio-center.freshhill.ru | ek_clearfake | |
domainfresh-cliff-high.freshcliff.ru | ek_clearfake | |
domainfreshcliff.ru | ek_clearfake | |
domainfreshhill.ru | ek_clearfake | |
domainfreshuprise.takeoverspring.in.net | ek_clearfake | |
domainfrostprotectionsys.makeoverwinter.in.net | ek_clearfake | |
domainfroststream.coldinriver.in.net | ek_clearfake | |
domaingeo-fresh-node.freshcliff.ru | ek_clearfake | |
domaingeo-rock-sync-base.swiftcanyon.ru | ek_clearfake | |
domaingeological-survey-point.vividrock.ru | ek_clearfake | |
domainglobalstimul.in.net | ek_clearfake | |
domainglobalsynchandler.intricessaucy.in.net | ek_clearfake | |
domainglow-ridge-light.glowridge.ru | ek_clearfake | |
domainglowridge.ru | ek_clearfake | |
domaingraincontrol.brannysuppress.ru | ek_clearfake | |
domaingrass-land-node.silentmeadow.in.net | ek_clearfake | |
domaingreen-grove-sync.vividgrove.in.net | ek_clearfake | |
domaingreenwild.wildfern.in.net | ek_clearfake | |
domainground-trail-monitor.rapidtrail.in.net | ek_clearfake | |
domainh0kuelyp.modernsignal.digital | ek_clearfake | |
domainhard-rock-base.vividrock.ru | ek_clearfake | |
domainhardlife.shratsurvivor.in.net | ek_clearfake | |
domainhardrock.solidyears.in.net | ek_clearfake | |
domainheat-sync-node.rapiddune.ru | ek_clearfake | |
domainheropath.shratsurvivor.in.net | ek_clearfake | |
domainhigh-altitude-sensor.clearcrest.ru | ek_clearfake | |
domainhigh-rise-monitor.urbanridge.ru | ek_clearfake | |
domainhigh-wall-monitor.brightcliff.in.net | ek_clearfake | |
domainhill-side-view-point.freshhill.ru | ek_clearfake | |
domainhistoryflowsystem.swallowtime.in.net | ek_clearfake | |
domainhourillusion.in.net | ek_clearfake | |
domainhumanunit.chelnperson.in.net | ek_clearfake | |
domainhydrological-collector.rapidbrook.ru | ek_clearfake | |
domainicetorrent.coldinriver.in.net | ek_clearfake | |
domainimpactanalysisview.globalstimul.in.net | ek_clearfake | |
domainimplementnega.in.net | ek_clearfake | |
domaininfrastructure-service.urbanlake.ru | ek_clearfake | |
domaininnaterecipe.inherentrecip.ru | ek_clearfake | |
domaininternalnodepoint.lubginany.in.net | ek_clearfake | |
domainintervalchecknode.swallowtime.in.net | ek_clearfake | |
domainintricessaucy.in.net | ek_clearfake | |
domainit-pine-management.smartpine.ru | ek_clearfake | |
domainiwkzzjit.rapidmatrix.digital | ek_clearfake | |
domainjoieshk7.hexalink.digital | ek_clearfake | |
domainjs0qnoh0.alphasync.digital | ek_clearfake | |
domainjy8vxjxs.lumenbit.digital | ek_clearfake | |
domainkoreansmall.ru | ek_clearfake | |
domainlaststand.shratsurvivor.in.net | ek_clearfake | |
domainleadgroup.chelnperson.in.net | ek_clearfake | |
domainlg1kpu12.microzen.digital | ek_clearfake | |
domainlight-grove-hub.brightgrove.ru | ek_clearfake | |
domainlight-valley-hub.brightvale.ru | ek_clearfake | |
domainlittlemarket.koreansmall.ru | ek_clearfake | |
domainlongroad.solidyears.in.net | ek_clearfake | |
domainlubginany.in.net | ek_clearfake | |
domainlumenbit.digital | ek_clearfake | |
domainlunarbridge.digital | ek_clearfake | |
domainmain-cool-harbor-sys.coolharbor.ru | ek_clearfake | |
domainmain-crest-auth.clearcrest.ru | ek_clearfake | |
domainmain-monitoring-station.vividrock.ru | ek_clearfake | |
domainmain-quick-dock.quickharbor.in.net | ek_clearfake | |
domainmaintool.baskadubutil.in.net | ek_clearfake | |
domainmakeoverwinter.in.net | ek_clearfake | |
domainmaltguard.brannysuppress.ru | ek_clearfake | |
domainmathlogic.arithmethair.in.net | ek_clearfake | |
domainmicblast.blowofmike.in.net | ek_clearfake | |
domainmicrozen.digital | ek_clearfake | |
domainminihouse.koreansmall.ru | ek_clearfake | |
domainmodernsignal.digital | ek_clearfake | |
domainmonitoringservice.snoozetrap.in.net | ek_clearfake | |
domainmountain-glow-base.glowridge.ru | ek_clearfake | |
domainnature-grove-data.vividgrove.in.net | ek_clearfake | |
domainnature-logic-base.wildfern.ru | ek_clearfake | |
domainnature-silent-sync.silentmeadow.in.net | ek_clearfake | |
domainnavigationsysunit.aircraftmodel.in.net | ek_clearfake | |
domainnetworkdatamanager.lubginany.in.net | ek_clearfake | |
domainnighttimber.darkbypine.in.net | ek_clearfake | |
domainnovacode.digital | ek_clearfake | |
domainocean-harbor-gate.coolharbor.ru | ek_clearfake | |
domainoceanpoint.detachfrigate.in.net | ek_clearfake | |
domainoldcore.solidyears.in.net | ek_clearfake | |
domainopen-field-data.silverfield.ru | ek_clearfake | |
domainopen-zone-monitor.clearfield.in.net | ek_clearfake | |
domainopenmatrix.digital | ek_clearfake | |
domainorbit-dash-control.orbitdash.in.net | ek_clearfake | |
domainorbit-logic-base.orbitdash.in.net | ek_clearfake | |
domainorbitdash.in.net | ek_clearfake | |
domainovfs585i.urbanforge.digital | ek_clearfake | |
domainpath-logic-unit.silverpath.in.net | ek_clearfake | |
domainpeak-vertex-auth.thenorthernvertex.com | ek_clearfake | |
domainpinegloom.darkbypine.in.net | ek_clearfake | |
domainpq2uim2y.velocore.digital | ek_clearfake | |
domainprimefusion.digital | ek_clearfake | |
domainpriorityflowcontrol.bloodsubsequen.in.net | ek_clearfake | |
domainprocessvalidation.implementnega.in.net | ek_clearfake | |
domainpublic-gateway-alpha.urbanlake.ru | ek_clearfake | |
domainquick-harbor-unit.quickharbor.in.net | ek_clearfake | |
domainquickharbor.in.net | ek_clearfake | |
domainquickpetal.fastleaf.in.net | ek_clearfake | |
domainquiet-air-monitor.quietwind.ru | ek_clearfake | |
domainquiet-field-monitor.silentmeadow.in.net | ek_clearfake | |
domainquietwind.in.net | ek_clearfake | |
domainquietwind.ru | ek_clearfake | |
domainr615p0ru.lumenbit.digital | ek_clearfake | |
domainrapid-dune-sand.rapiddune.ru | ek_clearfake | |
domainrapid-stream-data.rapidbrook.ru | ek_clearfake | |
domainrapid-trail-path.rapidtrail.in.net | ek_clearfake | |
domainrapidbrook.ru | ek_clearfake | |
domainrapiddune.ru | ek_clearfake | |
domainrapidfern.fastleaf.in.net | ek_clearfake | |
domainrapidmatrix.digital | ek_clearfake | |
domainrapidtrail.in.net | ek_clearfake | |
domainredstone.rockinred.in.net | ek_clearfake | |
domainregion-sync-base.brightvale.ru | ek_clearfake | |
domainremotedatachannel.intricessaucy.in.net | ek_clearfake | |
domainridge-data-point.glowridge.ru | ek_clearfake | |
domainrngj2amn.openmatrix.digital | ek_clearfake | |
domainrockember.rockinred.in.net | ek_clearfake | |
domainrockfeather.sparrowinrock.in.net | ek_clearfake | |
domainrockgrove.wildandstone.in.net | ek_clearfake | |
domainrockinred.in.net | ek_clearfake | |
domainroute-logic-sync.rapidtrail.in.net | ek_clearfake | |
domains2s942l0.modernsignal.digital | ek_clearfake | |
domainsatellite-data-node.orbitdash.in.net | ek_clearfake | |
domainseasonaltrendlog.makeoverwinter.in.net | ek_clearfake | |
domainsecure-logic-gateway.thenorthernvertex.com | ek_clearfake | |
domainsecureaccesspoint.lubginany.in.net | ek_clearfake | |
domainservicedesk.baskadubutil.in.net | ek_clearfake | |
domainshadowcone.darkbypine.in.net | ek_clearfake | |
domainshiftview.hourillusion.in.net | ek_clearfake | |
domainship-dock-control.coolharbor.ru | ek_clearfake | |
domainshipnode.detachfrigate.in.net | ek_clearfake | |
domainshratsurvivor.in.net | ek_clearfake | |
domainshsq4l7w.urbanforge.digital | ek_clearfake | |
domainsilent-flow-node.quietwind.ru | ek_clearfake | |
domainsilent-meadow-base.silentmeadow.in.net | ek_clearfake | |
domainsilentdraft.quietwind.in.net | ek_clearfake | |
domainsilentmeadow.in.net | ek_clearfake | |
domainsilenttriggerbase.snoozetrap.in.net | ek_clearfake | |
domainsilver-field-base.silverfield.ru | ek_clearfake | |
domainsilver-path-way.silverpath.in.net | ek_clearfake | |
domainsilver-zone-sync.silverfield.ru | ek_clearfake | |
domainsilverfield.ru | ek_clearfake | |
domainsilvermypath.in.net | ek_clearfake | |
domainsilvernode.digital | ek_clearfake | |
domainsilverpath.in.net | ek_clearfake | |
domainsilvertrail.silvermypath.in.net | ek_clearfake | |
domainskycurrent.clearatwind.in.net | ek_clearfake | |
domainsmart-timber-track.smartpine.ru | ek_clearfake | |
domainsmartpine.ru | ek_clearfake | |
domainsnoozetrap.in.net | ek_clearfake | |
domainsoftgust.quietwind.in.net | ek_clearfake | |
domainsolar-energy-control.brightvale.ru | ek_clearfake | |
domainsolar-grove-control.brightgrove.ru | ek_clearfake | |
domainsolidyears.in.net | ek_clearfake | |
domainsoultrack.afterlifetap.in.net | ek_clearfake | |
domainsoundreview.auditsounder.ru | ek_clearfake | |
domainspace-track-system.orbitdash.in.net | ek_clearfake | |
domainsparrowinrock.in.net | ek_clearfake | |
domainspiritlink.afterlifetap.in.net | ek_clearfake | |
domainspringclaim.takeoverspring.in.net | ek_clearfake | |
domainstaffbase.chelnperson.in.net | ek_clearfake | |
domainsteady-flow-brook.steadybrook.in.net | ek_clearfake | |
domainsteadybrook.in.net | ek_clearfake | |
domainstone-solid-base.urbanstone.in.net | ek_clearfake | |
domainstonewild.wildandstone.in.net | ek_clearfake | |
domainstonewing.sparrowinrock.in.net | ek_clearfake | |
domainstorm-bay-watch.stormbay.ru | ek_clearfake | |
domainstormbay.ru | ek_clearfake | |
domainstrategicdatasink.globalstimul.in.net | ek_clearfake | |
domainstreet-level-sync.urbanstone.in.net | ek_clearfake | |
domainsummit-cliff-sync.freshcliff.ru | ek_clearfake | |
domainsummit-sync-unit.glowridge.ru | ek_clearfake | |
domainswallowtime.in.net | ek_clearfake | |
domainswift-canyon-pass.swiftcanyon.ru | ek_clearfake | |
domainswift-flow-node.swiftcanyon.ru | ek_clearfake | |
domainswiftbranch.fastleaf.in.net | ek_clearfake | |
domainswiftcanyon.ru | ek_clearfake | |
domainswog3mgt.openmatrix.digital | ek_clearfake | |
domaint0ijoagy.crystalbit.digital | ek_clearfake | |
domaintakeoverspring.in.net | ek_clearfake | |
domaintasknode.baskadubutil.in.net | ek_clearfake | |
domaintechnicalsupportbox.aircraftmodel.in.net | ek_clearfake | |
domaintemporallogicunit.swallowtime.in.net | ek_clearfake | |
domainthenorthernvertex.com | ek_clearfake | |
domaintimeloop.hourillusion.in.net | ek_clearfake | |
domaintransit-harbor-node.quickharbor.in.net | ek_clearfake | |
domainultranode.ultranet.in.net | ek_clearfake | |
domainuniversalreachpoint.globalstimul.in.net | ek_clearfake | |
domainurban-data-point.urbanridge.ru | ek_clearfake | |
domainurban-infrastructure-node.urbanstone.in.net | ek_clearfake | |
domainurban-ridge-city.urbanridge.ru | ek_clearfake | |
domainurbanforge.digital | ek_clearfake | |
domainurbanlake.ru | ek_clearfake | |
domainurbanridge.ru | ek_clearfake | |
domainurbanstone.in.net | ek_clearfake | |
domainutilsync.baskadubutil.in.net | ek_clearfake | |
domainvbb24wmu.lumenbit.digital | ek_clearfake | |
domainvelocore.digital | ek_clearfake | |
domainverifyecho.auditsounder.ru | ek_clearfake | |
domainvertical-data-flow.brightcliff.in.net | ek_clearfake | |
domainvesselhub.detachfrigate.in.net | ek_clearfake | |
domainvitalstatisticsunit.bloodsubsequen.in.net | ek_clearfake | |
domainvivid-grove-tree.vividgrove.in.net | ek_clearfake | |
domainvividgrove.in.net | ek_clearfake | |
domainvividrock.ru | ek_clearfake | |
domainvo230hqh.cybervox.digital | ek_clearfake | |
domainvxnrtubh.primefusion.digital | ek_clearfake | |
domainwatchpoint.hourillusion.in.net | ek_clearfake | |
domainwater-network-node.rapidbrook.ru | ek_clearfake | |
domainwater-stream-analysis.steadybrook.in.net | ek_clearfake | |
domainweather-station-data.quietwind.ru | ek_clearfake | |
domainweather-warning-system.stormbay.ru | ek_clearfake | |
domainwild-leaf-trace.wildfern.ru | ek_clearfake | |
domainwildandstone.in.net | ek_clearfake | |
domainwildfern.in.net | ek_clearfake | |
domainwildfern.ru | ek_clearfake | |
domainwildhunt.shratsurvivor.in.net | ek_clearfake | |
domainwind-cliff-monitor.freshcliff.ru | ek_clearfake | |
domainwindglade.clearatwind.in.net | ek_clearfake | |
domainwindvoice.blowofmike.in.net | ek_clearfake | |
domainwinterupdatestack.makeoverwinter.in.net | ek_clearfake | |
domainwood-processing-unit.smartpine.ru | ek_clearfake | |
domainworkforce.chelnperson.in.net | ek_clearfake | |
domainzx45t73y.silvernode.digital | ek_clearfake | |
domainadditional-final-check.com | ek_clearfake | |
domaind-apps-exchange.com | ek_clearfake | |
domainfinalise-additiona-update.com | ek_clearfake | |
domainfjdeljty.info | ek_clearfake | |
domaincac.mitel.cz | hak5cloud_c2 | |
domainluygbgtd.cfd | fakeapp | |
domainmdeshyyeo.click | fakeapp | |
domainuswebzoomus.com | fakeapp | |
domainbirdbeginner.cfd | osx_atomic | |
domainzukharilx.world | osx_atomic | |
domainaansyvz3.top | mintsloader | |
domaindlnnbafkfekljei.top | mintsloader | |
domainmcdmbaalgakinec.top | mintsloader | |
domainkasykmp.cyou | lummac2 | |
domainridobad.cyou | lummac2 |
Threat ID: 69a01513b7ef31ef0be66b83
Added to database: 2/26/2026, 9:40:35 AM
Last enriched: 2/26/2026, 9:59:59 AM
Last updated: 2/26/2026, 10:33:50 PM
Views: 15
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
Disrupting the GRIDTIDE Global Cyber Espionage Campaign
MediumKRVTZ-NET IDS alerts for 2026-02-26
LowThreatFox IOCs for 2026-02-25
MediumMedical Device Maker UFP Technologies Hit by Cyberattack
MediumMaltrail IOC for 2026-02-25
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.