Maltrail IOC for 2026-03-18
Maltrail IOC for 2026-03-18
AI Analysis
Technical Summary
The threat is a Maltrail IOC related to malware network activity observed on 2026-03-18, sourced from CIRCL OSINT Feed. It is classified as medium risk but lacks detailed technical indicators, affected software versions, or known exploits. No patch or remediation is available or applicable as this is an observational IOC rather than a vulnerability in software.
Potential Impact
The impact is limited to the detection of potentially malicious network activity associated with malware. There are no known exploits in the wild or affected software versions, so direct exploitation or compromise details are not provided. The medium severity suggests a moderate level of concern for monitoring and investigation but not an immediate critical threat.
Mitigation Recommendations
No patch or official remediation is available or applicable for this IOC. Security teams should use this IOC for network monitoring and detection purposes within their threat intelligence and intrusion detection systems. No urgent action is mandated by a vendor fix or patch.
Indicators of Compromise
- url: https://api.github.com/repos/stamparm/maltrail/commits/9e7ac0610fbf146ffcadc6a4ce643e22bf53dde7
- ip: 95.131.214.254
- url: https://api.github.com/repos/stamparm/maltrail/commits/f13b7fbaf4758bd38ca98237d2790d244b07af2d
- domain: programgreedz.info
- url: https://api.github.com/repos/stamparm/maltrail/commits/c971a93d90d5c42cad61db58f0b6229c8a7ba4c1
- domain: api.xdweb4k.cc
- domain: xdweb4k.cc
- url: https://api.github.com/repos/stamparm/maltrail/commits/9c3161ddafbddcfb3909dfbccffcf2a835796015
- ip: 67.207.166.173
- ip: 88.99.241.111
- url: https://api.github.com/repos/stamparm/maltrail/commits/7c2e0c8ee60bb56c72a8734ee4365a1fa1fbc3fd
- ip: 216.250.252.103
- ip: 45.59.160.199
- ip: 45.59.160.210
- domain: coachzenblog.biz
- url: https://api.github.com/repos/stamparm/maltrail/commits/25eb0490c2c94fb1119882276eaaec41da13fc13
- url: https://x.com/tdatwja/status/2034172367619207516
- url: https://www.virustotal.com/gui/file/2a66c5430a0a4e7cfb939d8219a72420213d2768c3eece7f7cac3d9e2d582f63/detection
- ip: 202.95.18.97
- url: https://api.github.com/repos/stamparm/maltrail/commits/66977671f6854b8af95d77706a99da2c66b8b9f7
- url: https://x.com/malwrhunterteam/status/2034004347630006501
- url: https://tria.ge/260317-zd98hsbx8l/behavioral1
- url: https://www.virustotal.com/gui/file/dabfd4c52271a9324f773dda53ed70f1117da979e20d152479b9e8815729a48e/detection
- domain: weatherchecker.live
- domain: api.weatherchecker.live
- url: https://api.github.com/repos/stamparm/maltrail/commits/51ac6c4cacc5c5de2686e8943378990aa781249c
- url: https://x.com/andrewdanis/status/2034029024104628674
- url: https://www.virustotal.com/gui/file/2e775b4d6e08d393d45eef272df92ad173ead4d8dd20a5df36b6ea906f19c7bd/detection
- domain: speedtoolmetrics.com
- domain: s.speedtoolmetrics.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/dbf97cff0387a7ce3e5d1b799ae6843752d18e62
- ip: 100.51.175.254
- ip: 146.103.99.12
- ip: 167.88.63.91
- ip: 185.177.127.27
- ip: 185.213.22.215
- ip: 3.125.137.101
- ip: 45.81.243.71
- ip: 52.58.193.70
- url: https://api.github.com/repos/stamparm/maltrail/commits/52a53b768afc50584fce59817736d0a81884dde7
- url: https://x.com/L0Psec/status/2034002958946337065
- ip: 31.57.35.114
- url: https://api.github.com/repos/stamparm/maltrail/commits/b2412d3d44649ad1582daf24d35485673cb522c0
- url: https://x.com/L0Psec/status/2034002954949128237
- url: https://www.virustotal.com/gui/file/1540cbb8eac28dab396cbd95445bc936d4114a0c2bcc48ffe9630896df09a8a1/detection
- domain: selfhonda.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/81e519256fc27422b0f0ff8a61f7aa7f16b0b77a
- url: https://x.com/deobfuscately/status/2033923869782712514
- url: https://www.virustotal.com/gui/file/92c8c3d195e9d390c89c4058b9dc556d8707f78535061716d3369088cb5de2bf/detection
- ip: 45.156.87.227
- domain: potassiumres.st
- domain: vitacocoyougolocobecauseyouaresodamndeliciocobarampam.st
- domain: potassium.vitacocoyougolocobecauseyouaresodamndeliciocobarampam.st
- url: https://api.github.com/repos/stamparm/maltrail/commits/e06a0ee0442b2b6633407f2c8a5dd18dfccea527
- domain: hugavor.com
- domain: soylanar.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/e2bddb52e69b81a12b86473c9ffd09549f99740d
- url: https://x.com/struppigel/status/2034123131841909031
- url: https://www.virustotal.com/gui/file/b4e05e046c26f776f1490b8dd040851c2ef9d5b9144af6cacba7ebf61ff8e247/detection
- domain: halevar.com
- domain: hugovar.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/f6e2d47daba98fdb60b0b6a5b5fc5a5a0fcb02b4
- domain: insuffh.cyou
Maltrail IOC for 2026-03-18
Description
Maltrail IOC for 2026-03-18
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The threat is a Maltrail IOC related to malware network activity observed on 2026-03-18, sourced from CIRCL OSINT Feed. It is classified as medium risk but lacks detailed technical indicators, affected software versions, or known exploits. No patch or remediation is available or applicable as this is an observational IOC rather than a vulnerability in software.
Potential Impact
The impact is limited to the detection of potentially malicious network activity associated with malware. There are no known exploits in the wild or affected software versions, so direct exploitation or compromise details are not provided. The medium severity suggests a moderate level of concern for monitoring and investigation but not an immediate critical threat.
Mitigation Recommendations
No patch or official remediation is available or applicable for this IOC. Security teams should use this IOC for network monitoring and detection purposes within their threat intelligence and intrusion detection systems. No urgent action is mandated by a vendor fix or patch.
Technical Details
- Uuid
- 136a6440-ade6-4da3-aea0-d80e65d7af94
- Original Timestamp
- 1773824413
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://api.github.com/repos/stamparm/maltrail/commits/9e7ac0610fbf146ffcadc6a4ce643e22bf53dde7 | cyberstrikeai | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/f13b7fbaf4758bd38ca98237d2790d244b07af2d | apt_donot | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/c971a93d90d5c42cad61db58f0b6229c8a7ba4c1 | android_joker | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/9c3161ddafbddcfb3909dfbccffcf2a835796015 | apt_lazarus | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/7c2e0c8ee60bb56c72a8734ee4365a1fa1fbc3fd | apt_lazarus | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/25eb0490c2c94fb1119882276eaaec41da13fc13 | redline | |
urlhttps://x.com/tdatwja/status/2034172367619207516 | redline | |
urlhttps://www.virustotal.com/gui/file/2a66c5430a0a4e7cfb939d8219a72420213d2768c3eece7f7cac3d9e2d582f63/detection | redline | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/66977671f6854b8af95d77706a99da2c66b8b9f7 | powershell_injector | |
urlhttps://x.com/malwrhunterteam/status/2034004347630006501 | powershell_injector | |
urlhttps://tria.ge/260317-zd98hsbx8l/behavioral1 | powershell_injector | |
urlhttps://www.virustotal.com/gui/file/dabfd4c52271a9324f773dda53ed70f1117da979e20d152479b9e8815729a48e/detection | powershell_injector | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/51ac6c4cacc5c5de2686e8943378990aa781249c | fakeapp | |
urlhttps://x.com/andrewdanis/status/2034029024104628674 | fakeapp | |
urlhttps://www.virustotal.com/gui/file/2e775b4d6e08d393d45eef272df92ad173ead4d8dd20a5df36b6ea906f19c7bd/detection | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/dbf97cff0387a7ce3e5d1b799ae6843752d18e62 | apt_lazarus | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/52a53b768afc50584fce59817736d0a81884dde7 | apt_lazarus | |
urlhttps://x.com/L0Psec/status/2034002958946337065 | apt_lazarus | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/b2412d3d44649ad1582daf24d35485673cb522c0 | apt_lazarus | |
urlhttps://x.com/L0Psec/status/2034002954949128237 | apt_lazarus | |
urlhttps://www.virustotal.com/gui/file/1540cbb8eac28dab396cbd95445bc936d4114a0c2bcc48ffe9630896df09a8a1/detection | apt_lazarus | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/81e519256fc27422b0f0ff8a61f7aa7f16b0b77a | elf_mirai | |
urlhttps://x.com/deobfuscately/status/2033923869782712514 | elf_mirai | |
urlhttps://www.virustotal.com/gui/file/92c8c3d195e9d390c89c4058b9dc556d8707f78535061716d3369088cb5de2bf/detection | elf_mirai | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/e06a0ee0442b2b6633407f2c8a5dd18dfccea527 | hadestealer | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/e2bddb52e69b81a12b86473c9ffd09549f99740d | hadestealer | |
urlhttps://x.com/struppigel/status/2034123131841909031 | hadestealer | |
urlhttps://www.virustotal.com/gui/file/b4e05e046c26f776f1490b8dd040851c2ef9d5b9144af6cacba7ebf61ff8e247/detection | hadestealer | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/f6e2d47daba98fdb60b0b6a5b5fc5a5a0fcb02b4 | lummac2 |
Ip
| Value | Description | Copy |
|---|---|---|
ip95.131.214.254 | cyberstrikeai | |
ip67.207.166.173 | apt_lazarus | |
ip88.99.241.111 | apt_lazarus | |
ip216.250.252.103 | apt_lazarus | |
ip45.59.160.199 | apt_lazarus | |
ip45.59.160.210 | apt_lazarus | |
ip202.95.18.97 | redline | |
ip100.51.175.254 | apt_lazarus | |
ip146.103.99.12 | apt_lazarus | |
ip167.88.63.91 | apt_lazarus | |
ip185.177.127.27 | apt_lazarus | |
ip185.213.22.215 | apt_lazarus | |
ip3.125.137.101 | apt_lazarus | |
ip45.81.243.71 | apt_lazarus | |
ip52.58.193.70 | apt_lazarus | |
ip31.57.35.114 | apt_lazarus | |
ip45.156.87.227 | elf_mirai |
Domain
| Value | Description | Copy |
|---|---|---|
domainprogramgreedz.info | apt_donot | |
domainapi.xdweb4k.cc | android_joker | |
domainxdweb4k.cc | android_joker | |
domaincoachzenblog.biz | apt_lazarus | |
domainweatherchecker.live | powershell_injector | |
domainapi.weatherchecker.live | powershell_injector | |
domainspeedtoolmetrics.com | fakeapp | |
domains.speedtoolmetrics.com | fakeapp | |
domainselfhonda.com | apt_lazarus | |
domainpotassiumres.st | elf_mirai | |
domainvitacocoyougolocobecauseyouaresodamndeliciocobarampam.st | elf_mirai | |
domainpotassium.vitacocoyougolocobecauseyouaresodamndeliciocobarampam.st | elf_mirai | |
domainhugavor.com | hadestealer | |
domainsoylanar.com | hadestealer | |
domainhalevar.com | hadestealer | |
domainhugovar.com | hadestealer | |
domaininsuffh.cyou | lummac2 |
Threat ID: 69ba6fff771bdb174964e9e4
Added to database: 3/18/2026, 9:27:27 AM
Last enriched: 4/8/2026, 4:20:59 AM
Last updated: 5/3/2026, 2:09:52 AM
Views: 266
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.