Maltrail IOC for 2026-03-18
Maltrail IOC for 2026-03-18
AI Analysis
Technical Summary
The provided information pertains to a Maltrail IOC entry dated March 18, 2026, sourced from the CIRCL OSINT feed. Maltrail is a network traffic detection system that identifies suspicious or malicious activity by analyzing network flows and known threat indicators. This IOC is categorized as malware-related but lacks specific technical details such as indicators of compromise (IOCs), affected software versions, or exploit mechanisms. The entry is tagged with medium severity and is classified as an observation event rather than a confirmed active threat. No patches or known exploits are associated with this IOC, indicating it may represent a detection of suspicious network activity or a newly observed malware signature without confirmed exploitation. The data is manually collected OSINT, suggesting it is derived from open-source intelligence rather than proprietary or internal telemetry. The absence of CWE identifiers and technical indicators limits the ability to understand the exact nature of the malware or its attack vectors. Overall, this IOC serves as a network activity alert that could help organizations enhance monitoring but does not currently indicate a critical or widespread threat.
Potential Impact
Given the limited information and lack of known exploits or affected versions, the direct impact of this IOC is currently low to medium. It may represent early detection of suspicious network activity or emerging malware signatures that could lead to compromise if exploited. Organizations worldwide could face potential risks if this malware evolves or is linked to targeted campaigns, but no immediate widespread impact is evident. The medium severity rating suggests some potential for confidentiality or integrity impact if the malware is successfully deployed, but the absence of detailed indicators and exploit data reduces the immediacy of the threat. The lack of patches or mitigation details implies that this is primarily an observational alert, emphasizing the importance of network monitoring and threat intelligence integration rather than urgent remediation.
Mitigation Recommendations
Organizations should integrate this IOC into their network monitoring and intrusion detection systems to enhance visibility of potential malicious activity. Employ network traffic analysis tools like Maltrail or similar solutions to detect anomalous patterns. Maintain updated threat intelligence feeds to correlate emerging indicators with internal telemetry. Conduct regular network segmentation and enforce strict egress filtering to limit malware propagation. Enhance logging and alerting on suspicious outbound connections and unusual DNS queries. Since no patches or specific exploits are known, focus on proactive detection and incident response readiness. Educate security teams to treat such OSINT-based alerts as potential early warnings and validate them against internal logs. Collaborate with threat intelligence sharing communities to obtain updates if this IOC evolves into a confirmed threat.
Affected Countries
United States, Germany, France, United Kingdom, Canada, Australia, Japan, South Korea, Netherlands, Sweden
Indicators of Compromise
- url: https://api.github.com/repos/stamparm/maltrail/commits/9e7ac0610fbf146ffcadc6a4ce643e22bf53dde7
- ip: 95.131.214.254
- url: https://api.github.com/repos/stamparm/maltrail/commits/f13b7fbaf4758bd38ca98237d2790d244b07af2d
- domain: programgreedz.info
- url: https://api.github.com/repos/stamparm/maltrail/commits/c971a93d90d5c42cad61db58f0b6229c8a7ba4c1
- domain: api.xdweb4k.cc
- domain: xdweb4k.cc
- url: https://api.github.com/repos/stamparm/maltrail/commits/9c3161ddafbddcfb3909dfbccffcf2a835796015
- ip: 67.207.166.173
- ip: 88.99.241.111
- url: https://api.github.com/repos/stamparm/maltrail/commits/7c2e0c8ee60bb56c72a8734ee4365a1fa1fbc3fd
- ip: 216.250.252.103
- ip: 45.59.160.199
- ip: 45.59.160.210
- domain: coachzenblog.biz
- url: https://api.github.com/repos/stamparm/maltrail/commits/25eb0490c2c94fb1119882276eaaec41da13fc13
- url: https://x.com/tdatwja/status/2034172367619207516
- url: https://www.virustotal.com/gui/file/2a66c5430a0a4e7cfb939d8219a72420213d2768c3eece7f7cac3d9e2d582f63/detection
- ip: 202.95.18.97
- url: https://api.github.com/repos/stamparm/maltrail/commits/66977671f6854b8af95d77706a99da2c66b8b9f7
- url: https://x.com/malwrhunterteam/status/2034004347630006501
- url: https://tria.ge/260317-zd98hsbx8l/behavioral1
- url: https://www.virustotal.com/gui/file/dabfd4c52271a9324f773dda53ed70f1117da979e20d152479b9e8815729a48e/detection
- domain: weatherchecker.live
- domain: api.weatherchecker.live
- url: https://api.github.com/repos/stamparm/maltrail/commits/51ac6c4cacc5c5de2686e8943378990aa781249c
- url: https://x.com/andrewdanis/status/2034029024104628674
- url: https://www.virustotal.com/gui/file/2e775b4d6e08d393d45eef272df92ad173ead4d8dd20a5df36b6ea906f19c7bd/detection
- domain: speedtoolmetrics.com
- domain: s.speedtoolmetrics.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/dbf97cff0387a7ce3e5d1b799ae6843752d18e62
- ip: 100.51.175.254
- ip: 146.103.99.12
- ip: 167.88.63.91
- ip: 185.177.127.27
- ip: 185.213.22.215
- ip: 3.125.137.101
- ip: 45.81.243.71
- ip: 52.58.193.70
- url: https://api.github.com/repos/stamparm/maltrail/commits/52a53b768afc50584fce59817736d0a81884dde7
- url: https://x.com/L0Psec/status/2034002958946337065
- ip: 31.57.35.114
- url: https://api.github.com/repos/stamparm/maltrail/commits/b2412d3d44649ad1582daf24d35485673cb522c0
- url: https://x.com/L0Psec/status/2034002954949128237
- url: https://www.virustotal.com/gui/file/1540cbb8eac28dab396cbd95445bc936d4114a0c2bcc48ffe9630896df09a8a1/detection
- domain: selfhonda.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/81e519256fc27422b0f0ff8a61f7aa7f16b0b77a
- url: https://x.com/deobfuscately/status/2033923869782712514
- url: https://www.virustotal.com/gui/file/92c8c3d195e9d390c89c4058b9dc556d8707f78535061716d3369088cb5de2bf/detection
- ip: 45.156.87.227
- domain: potassiumres.st
- domain: vitacocoyougolocobecauseyouaresodamndeliciocobarampam.st
- domain: potassium.vitacocoyougolocobecauseyouaresodamndeliciocobarampam.st
- url: https://api.github.com/repos/stamparm/maltrail/commits/e06a0ee0442b2b6633407f2c8a5dd18dfccea527
- domain: hugavor.com
- domain: soylanar.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/e2bddb52e69b81a12b86473c9ffd09549f99740d
- url: https://x.com/struppigel/status/2034123131841909031
- url: https://www.virustotal.com/gui/file/b4e05e046c26f776f1490b8dd040851c2ef9d5b9144af6cacba7ebf61ff8e247/detection
- domain: halevar.com
- domain: hugovar.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/f6e2d47daba98fdb60b0b6a5b5fc5a5a0fcb02b4
- domain: insuffh.cyou
Maltrail IOC for 2026-03-18
Description
Maltrail IOC for 2026-03-18
AI-Powered Analysis
Technical Analysis
The provided information pertains to a Maltrail IOC entry dated March 18, 2026, sourced from the CIRCL OSINT feed. Maltrail is a network traffic detection system that identifies suspicious or malicious activity by analyzing network flows and known threat indicators. This IOC is categorized as malware-related but lacks specific technical details such as indicators of compromise (IOCs), affected software versions, or exploit mechanisms. The entry is tagged with medium severity and is classified as an observation event rather than a confirmed active threat. No patches or known exploits are associated with this IOC, indicating it may represent a detection of suspicious network activity or a newly observed malware signature without confirmed exploitation. The data is manually collected OSINT, suggesting it is derived from open-source intelligence rather than proprietary or internal telemetry. The absence of CWE identifiers and technical indicators limits the ability to understand the exact nature of the malware or its attack vectors. Overall, this IOC serves as a network activity alert that could help organizations enhance monitoring but does not currently indicate a critical or widespread threat.
Potential Impact
Given the limited information and lack of known exploits or affected versions, the direct impact of this IOC is currently low to medium. It may represent early detection of suspicious network activity or emerging malware signatures that could lead to compromise if exploited. Organizations worldwide could face potential risks if this malware evolves or is linked to targeted campaigns, but no immediate widespread impact is evident. The medium severity rating suggests some potential for confidentiality or integrity impact if the malware is successfully deployed, but the absence of detailed indicators and exploit data reduces the immediacy of the threat. The lack of patches or mitigation details implies that this is primarily an observational alert, emphasizing the importance of network monitoring and threat intelligence integration rather than urgent remediation.
Mitigation Recommendations
Organizations should integrate this IOC into their network monitoring and intrusion detection systems to enhance visibility of potential malicious activity. Employ network traffic analysis tools like Maltrail or similar solutions to detect anomalous patterns. Maintain updated threat intelligence feeds to correlate emerging indicators with internal telemetry. Conduct regular network segmentation and enforce strict egress filtering to limit malware propagation. Enhance logging and alerting on suspicious outbound connections and unusual DNS queries. Since no patches or specific exploits are known, focus on proactive detection and incident response readiness. Educate security teams to treat such OSINT-based alerts as potential early warnings and validate them against internal logs. Collaborate with threat intelligence sharing communities to obtain updates if this IOC evolves into a confirmed threat.
Technical Details
- Uuid
- 136a6440-ade6-4da3-aea0-d80e65d7af94
- Original Timestamp
- 1773824413
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://api.github.com/repos/stamparm/maltrail/commits/9e7ac0610fbf146ffcadc6a4ce643e22bf53dde7 | cyberstrikeai | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/f13b7fbaf4758bd38ca98237d2790d244b07af2d | apt_donot | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/c971a93d90d5c42cad61db58f0b6229c8a7ba4c1 | android_joker | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/9c3161ddafbddcfb3909dfbccffcf2a835796015 | apt_lazarus | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/7c2e0c8ee60bb56c72a8734ee4365a1fa1fbc3fd | apt_lazarus | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/25eb0490c2c94fb1119882276eaaec41da13fc13 | redline | |
urlhttps://x.com/tdatwja/status/2034172367619207516 | redline | |
urlhttps://www.virustotal.com/gui/file/2a66c5430a0a4e7cfb939d8219a72420213d2768c3eece7f7cac3d9e2d582f63/detection | redline | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/66977671f6854b8af95d77706a99da2c66b8b9f7 | powershell_injector | |
urlhttps://x.com/malwrhunterteam/status/2034004347630006501 | powershell_injector | |
urlhttps://tria.ge/260317-zd98hsbx8l/behavioral1 | powershell_injector | |
urlhttps://www.virustotal.com/gui/file/dabfd4c52271a9324f773dda53ed70f1117da979e20d152479b9e8815729a48e/detection | powershell_injector | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/51ac6c4cacc5c5de2686e8943378990aa781249c | fakeapp | |
urlhttps://x.com/andrewdanis/status/2034029024104628674 | fakeapp | |
urlhttps://www.virustotal.com/gui/file/2e775b4d6e08d393d45eef272df92ad173ead4d8dd20a5df36b6ea906f19c7bd/detection | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/dbf97cff0387a7ce3e5d1b799ae6843752d18e62 | apt_lazarus | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/52a53b768afc50584fce59817736d0a81884dde7 | apt_lazarus | |
urlhttps://x.com/L0Psec/status/2034002958946337065 | apt_lazarus | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/b2412d3d44649ad1582daf24d35485673cb522c0 | apt_lazarus | |
urlhttps://x.com/L0Psec/status/2034002954949128237 | apt_lazarus | |
urlhttps://www.virustotal.com/gui/file/1540cbb8eac28dab396cbd95445bc936d4114a0c2bcc48ffe9630896df09a8a1/detection | apt_lazarus | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/81e519256fc27422b0f0ff8a61f7aa7f16b0b77a | elf_mirai | |
urlhttps://x.com/deobfuscately/status/2033923869782712514 | elf_mirai | |
urlhttps://www.virustotal.com/gui/file/92c8c3d195e9d390c89c4058b9dc556d8707f78535061716d3369088cb5de2bf/detection | elf_mirai | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/e06a0ee0442b2b6633407f2c8a5dd18dfccea527 | hadestealer | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/e2bddb52e69b81a12b86473c9ffd09549f99740d | hadestealer | |
urlhttps://x.com/struppigel/status/2034123131841909031 | hadestealer | |
urlhttps://www.virustotal.com/gui/file/b4e05e046c26f776f1490b8dd040851c2ef9d5b9144af6cacba7ebf61ff8e247/detection | hadestealer | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/f6e2d47daba98fdb60b0b6a5b5fc5a5a0fcb02b4 | lummac2 |
Ip
| Value | Description | Copy |
|---|---|---|
ip95.131.214.254 | cyberstrikeai | |
ip67.207.166.173 | apt_lazarus | |
ip88.99.241.111 | apt_lazarus | |
ip216.250.252.103 | apt_lazarus | |
ip45.59.160.199 | apt_lazarus | |
ip45.59.160.210 | apt_lazarus | |
ip202.95.18.97 | redline | |
ip100.51.175.254 | apt_lazarus | |
ip146.103.99.12 | apt_lazarus | |
ip167.88.63.91 | apt_lazarus | |
ip185.177.127.27 | apt_lazarus | |
ip185.213.22.215 | apt_lazarus | |
ip3.125.137.101 | apt_lazarus | |
ip45.81.243.71 | apt_lazarus | |
ip52.58.193.70 | apt_lazarus | |
ip31.57.35.114 | apt_lazarus | |
ip45.156.87.227 | elf_mirai |
Domain
| Value | Description | Copy |
|---|---|---|
domainprogramgreedz.info | apt_donot | |
domainapi.xdweb4k.cc | android_joker | |
domainxdweb4k.cc | android_joker | |
domaincoachzenblog.biz | apt_lazarus | |
domainweatherchecker.live | powershell_injector | |
domainapi.weatherchecker.live | powershell_injector | |
domainspeedtoolmetrics.com | fakeapp | |
domains.speedtoolmetrics.com | fakeapp | |
domainselfhonda.com | apt_lazarus | |
domainpotassiumres.st | elf_mirai | |
domainvitacocoyougolocobecauseyouaresodamndeliciocobarampam.st | elf_mirai | |
domainpotassium.vitacocoyougolocobecauseyouaresodamndeliciocobarampam.st | elf_mirai | |
domainhugavor.com | hadestealer | |
domainsoylanar.com | hadestealer | |
domainhalevar.com | hadestealer | |
domainhugovar.com | hadestealer | |
domaininsuffh.cyou | lummac2 |
Threat ID: 69ba6fff771bdb174964e9e4
Added to database: 3/18/2026, 9:27:27 AM
Last enriched: 3/18/2026, 9:42:39 AM
Last updated: 3/19/2026, 6:34:06 AM
Views: 18
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.