Reconnecting to live updates…

Maltrail IOC for 2026-04-02

Severity: mediumType: malware

This entry reports a Maltrail Indicator of Compromise (IOC) dated April 2, 2026, classified as malware with a medium risk level. It originates from the CIRCL OSINT Feed and is tagged for open sharing (TLP: clear). There are no specific affected versions, no known exploits in the wild, and no patch available. The report is based on manual OSINT collection and relates to network activity observations.

AI Analysis

Technical Summary

The threat is a malware-related IOC identified by Maltrail on 2026-04-02, sourced from the CIRCL OSINT Feed. It is categorized under OSINT and external network activity analysis. No technical details beyond a UUID and timestamp are provided, and no specific software versions or products are affected. No exploits or patches are associated with this IOC.

Potential Impact

The impact is assessed as medium risk based on the source classification. There is no evidence of active exploitation or specific vulnerabilities being targeted. The IOC serves as an observational indicator to aid detection rather than signaling an ongoing attack or vulnerability exploitation.

Mitigation Recommendations

No patch or official remediation is available or required for this IOC. Security teams should incorporate this IOC into their detection and monitoring systems as appropriate. No urgent action is mandated by the vendor or source.

Indicators of Compromise

url: https://api.github.com/repos/stamparm/maltrail/commits/a532117627e05b167cfbf0faf0a87d258d93eb1a
url: https://www.rapid7.com/blog/post/new-whitepaper-stealthy-bpfdoor-variants-are-a-needle-that-looks-like-hay
url: https://www.virustotal.com/gui/file/195b98211d1ce968669a0740ca08d0ddcf03a2df03a47e2e70550f6c002b49e8/detection
url: https://www.virustotal.com/gui/file/9ee77ed38e5bc69f841bdaba7c5e6c3bf30fd9ae94cd2e69f39834e9cec76e82/detection
domain: ntpd.casacam.net
domain: ntpupdate.ddnsgeek.com
domain: ntpupdate.ygto.com
domain: ntpussl.instanthq.com
url: https://api.github.com/repos/stamparm/maltrail/commits/003ea32aa17fcadeae04529f4bce9699e9054f6f
domain: c2.bluec2ops.com
domain: c2.gue-tech.com
domain: c2.gue-tech.org
domain: c2.jacobriggs.io
domain: c2.shemaria.tech
domain: johnjenkins.servebeer.com
domain: lab2222.com
domain: pac2.duckdns.org
domain: sino99xx.duckdns.org
domain: thebeastdev.dk
url: https://api.github.com/repos/stamparm/maltrail/commits/b3982c2ff0e06b1ac390376789b6a001b022f2c2
url: https://x.com/malwrhunterteam/status/2039439398383583584
url: https://www.virustotal.com/gui/file/92ab54d8ddfe5a408bb519d720fd58b0745c405991e41ec420f9132cdce57e2f/detection
url: https://www.virustotal.com/gui/file/eb2db389d64987855fa5db905bbcb7b100f9d6c1699eaf5d846a98680feae1df/detection
ip: 103.79.79.21
ip: 157.245.154.189
ip: 175.198.83.251
ip: 207.244.230.254
ip: 34.44.36.81
ip: 45.32.114.213
ip: 60.208.108.50
ip: 82.112.220.6
domain: inection.n-e.kr
url: https://api.github.com/repos/stamparm/maltrail/commits/38b6794b5ac1fb60f4c1a66d22eb5b5b6065a275
url: https://x.com/AlvieriD/status/2039608629314064484
domain: shnyhntww34phqoa6dcgnvps2yu7dlwzmy5lkvejwjdo6z7bmgshzayd.onion
url: https://api.github.com/repos/stamparm/maltrail/commits/5a639579be8d890372a9fc3b2e4c34f32a28f1e7
url: https://x.com/smica83/status/2039427605825265938
url: https://www.virustotal.com/gui/file/cb574adcec44a9b051269d23bd4567b876253c068c3b30835ff38aec85d49d55/detection
ip: 166.70.207.2
ip: 79.137.206.33
url: https://api.github.com/repos/stamparm/maltrail/commits/048173ed0a14985e2bf9baa611b3536c4d309f98
url: https://x.com/smica83/status/2039660000709124179
domain: requires-fortune-nutten-eligible.trycloudflare.com
url: https://api.github.com/repos/stamparm/maltrail/commits/1e78ee2511d649ed04506c5fadb570a487d0b425
domain: 140-82-18-48.cprapid.com
domain: agilemast3r.duckdns.org
domain: bridge.wales
domain: cnoocim.com
domain: dakatawebstick.com
domain: geralnewlong.com
domain: laboburiba.com
domain: logicalnewrestore.com
domain: uehfks.digital
url: https://api.github.com/repos/stamparm/maltrail/commits/d135102f5bd69324a8b7052f0c00d5d7c3232f2b
domain: c2.desuper.ipv64.net
url: https://api.github.com/repos/stamparm/maltrail/commits/841ce6aeb7bc8c8ced4a745b2adad118b44ed08c
domain: indiagov.shop
domain: indiagov.eu.cc
url: https://api.github.com/repos/stamparm/maltrail/commits/eb4789bd066a8e2a711a236d6cad025a2cd8f384
domain: browserupdate.click
domain: deepseadon.dad
domain: pixel-grapheneos.com
domain: gk.wtx-whatsapp.com.cn
domain: wtx-whatsapp.com.cn
url: https://api.github.com/repos/stamparm/maltrail/commits/3c573f8b012d777811113ccdbba85544d0755a58
url: https://x.com/__0XYC__/status/2039538772090753351
domain: ministry-gov.org
domain: gov.ministry-gov.org
domain: estabiishment.gov.ministry-gov.org
url: https://api.github.com/repos/stamparm/maltrail/commits/f7c70a4da572e9e1edae3cd945b9f02c602844f6
url: https://x.com/smica83/status/2039636514326360417
url: https://x.com/mopisec/status/2039645160435503526
url: https://www.virustotal.com/gui/file/a059d70e4f9095f167bd34ea4dfdab33be8f599907daefbd05f2ba3f2d6302be/detection
domain: neurosurgeryx.com
domain: loadmn.z13.web.core.windows.net
url: https://api.github.com/repos/stamparm/maltrail/commits/02c29d74efd24e71fae9aeafe5cc04b1a098eadd
domain: astralpacketcore4.pics
domain: hyperdatamesh3.pics
domain: neuralstreamcore1.baby
domain: orbitdatasync5.lol
domain: orbitstreamvault5.mom
domain: stellarnodehub2.mom
url: https://api.github.com/repos/stamparm/maltrail/commits/ac450482d34b482bb4944039d7a467e1dc5d6126
domain: astralpacketcore2.cyou
domain: astralpacketcore2.xyz
domain: astralpacketcore4.sbs
domain: cosmicrelayhub1.lol
domain: hyperdatamesh3.sbs
domain: hyperdatamesh5.homes
domain: hyperdatamesh5.xyz
domain: nebulasyncforge1.sbs
domain: nebulasyncforge2.cfd
domain: nebulasyncforge3.cfd
domain: quantumcachegrid5.lat
domain: stellarnodehub5.homes
domain: ultranodecluster3.baby
domain: ultranodecluster3.pics
url: https://api.github.com/repos/stamparm/maltrail/commits/88a1c46cb87feb0af650d3e564a42b951d80471d
domain: astralpacketcore3.xyz
domain: astralpacketcore5.lat
domain: astralpacketcore5.lol
domain: quantumcachegrid2.cfd
domain: stellarbackupnode3.pics
domain: ultranodecluster2.xyz
url: https://api.github.com/repos/stamparm/maltrail/commits/1ce11945817019e5e4bee7917d355169de555b97
domain: aifoundersacademy.ai
domain: astralpacketcore1.baby
domain: astralpacketcore2.sbs
domain: astralpacketcore3.sbs
domain: automationvijay.site
domain: cfdai-sound.space
domain: cosmicrelayhub3.xyz
domain: filealphaweave.com
domain: filebinaryhaze.com
domain: fileomegaform.com
domain: hyperdatamesh1.xyz
domain: hyperdatamesh2.pics
domain: meilanimacdonald.com
domain: mood-archive.online
domain: music-logic.site
domain: nebulasyncforge1.lat
domain: nebulasyncforge2.baby
domain: nebulasyncforge5.cfd
domain: neuralstreamcore1.lol
domain: neuralstreamcore3.cyou
domain: neuralstreamcore3.mom
domain: neuralstreamcore4.baby
domain: neuralstreamcore5.cyou
domain: neuralstreamcore5.pics
domain: orbitdatasync2.baby
domain: orbitdatasync5.lat
domain: orbitstreamvault1.mom
domain: procleanrobot.com
domain: quantumcachegrid1.baby
domain: quantumcachegrid1.mom
domain: quantumcachegrid1.xyz
domain: quantumcachegrid2.pics
domain: quantumcachegrid4.sbs
domain: quantumfluxgrid3.mom
domain: quantumfluxgrid5.baby
domain: stellarbackupnode1.mom
domain: stellarbackupnode2.mom
domain: stellarbackupnode3.cfd
domain: stellarbackupnode3.mom
domain: stellarnodehub1.lat
domain: stellarnodehub2.lat
domain: stellarnodehub5.lat
domain: stellarnodehub5.lol
domain: travel-insider-pro.com
domain: ultranodecluster2.cfd
domain: ultranodecluster3.lol
domain: ultranodecluster4.xyz
domain: orbitstreamvault4.cfdai-sound.space
url: https://api.github.com/repos/stamparm/maltrail/commits/becfa14068c7c6946fb8fc0d63efd7ea8229f7f9
url: https://www.linkedin.com/posts/daniel-b1_marsalek-pentagonstealer-stealer-share-7445412081270575104-EYBn
domain: acabstealer.ru
domain: diegruppe.ru
domain: limbo100x.ru
domain: marsalek.cy
domain: mineflayerapi.ru
url: https://api.github.com/repos/stamparm/maltrail/commits/ddc00d20b913f309dc37af372df333f6663dab5e
url: https://www.virustotal.com/gui/file/dfe1ed1d4100e7ab6f27a56462f8572776e2f690c1314973c4328a0a6ad01eaa/detection
url: https://www.virustotal.com/gui/file/ab08270277983338cceb19a46210e1471cc2d5cd324322d649b2d4dfa020bf2a/detection
domain: s435vasdbdagfsadfsavcsavas.com
domain: safsa4sadfsavcsavas.com
domain: safsava1savas.com
domain: safsavasdbda4avcsavas.com
url: https://api.github.com/repos/stamparm/maltrail/commits/343713926f4df83c9a5becee67c18ab026e3d4de
domain: model.litellm.cloud
url: https://api.github.com/repos/stamparm/maltrail/commits/e0cc198d6bf65eeed27674605967360d345d557e
domain: szprize.cn
url: https://api.github.com/repos/stamparm/maltrail/commits/23003f3dd90e6b73056c13a9b3be3fb09eccab8c
url: https://www.virustotal.com/gui/file/1291cc6ef5d855a28a33c9ba1adcae8e5ac372b0e6e50d9de7af77db2b0deaca/detection
domain: admob-gmats.uc.r.appspot.com
domain: launcher.szprize.cn
url: https://api.github.com/repos/stamparm/maltrail/commits/e622d83c8af4c182b47c6596cc0d309f975a57ce
url: https://www.virustotal.com/gui/file/003051e26df0ccebed16ef2210f3fe417aa542ee8ca96cfb73244c22365abad6/detection
ip: 176.125.254.204
ip: 185.100.157.51
ip: 193.111.117.70
ip: 213.176.79.8
ip: 64.188.79.232
url: https://api.github.com/repos/stamparm/maltrail/commits/865976715dc0e0475c2e36c4cb873e3f0e934f0f
url: https://x.com/1ZRR4H/status/2039587805450420534
ip: 111.90.158.78
url: https://api.github.com/repos/stamparm/maltrail/commits/4c6d86a76a804d92ea8d90d1ef9af3484de7becb
domain: windspring.xyz
url: https://api.github.com/repos/stamparm/maltrail/commits/40e5b0c15a3627764183b24903fe8b6e0c3d92fb
domain: 1-apaylo.com
domain: cerumo.shop
domain: fluxnet.life
domain: luminer.work
domain: millersteel.digital
domain: publisherresolution.com
domain: scooplacrosse.com
url: https://api.github.com/repos/stamparm/maltrail/commits/51d6ba8af60a3a13cef2c5908667f79cac305d52
ip: 149.104.78.245
ip: 154.40.48.111
ip: 168.93.224.183
ip: 47.238.118.2
url: https://api.github.com/repos/stamparm/maltrail/commits/249192f40defac13f38eb26e24f6cd8159e73bfb
domain: astralpacketcore1.homes
domain: astralpacketcore2.homes
domain: bipo.lol
domain: ceralythavion.com
domain: ceriamoxel.com
domain: doravelionexa.com
domain: dorimexaqua.com
domain: ibnbi.xyz
domain: index.nebulasyncforge4.baby
domain: macsoft838os.info
domain: masons2.icu
domain: metropolishealth.net
domain: nebulasyncforge4.baby
domain: noviqareth.com
domain: oceanbreezecasino.live
domain: portmotestack.click
domain: profitparadox.xyz
domain: publicsale-toby.lat
domain: qerunofira.com
domain: solana-foundation.com
domain: sorivanelqo.com
domain: tendance-perso.com
domain: ultranodecluster2.homes
domain: unlegatecore.digital
domain: valenoavion.com
domain: voltfarm.xyz
domain: xenariquental.com
domain: yeloraevion.com
domain: yorendaeravo.com
url: https://api.github.com/repos/stamparm/maltrail/commits/1db31cad3bdca33855dd50c9f06e4fe1ca8049fe
domain: mydicksmanager.com
domain: myjbhifi.com
domain: mynbamanager.com
domain: mypetcomanager.com
domain: mypublixmanager.com
domain: myupennmanager.com

Maltrail IOC for 2026-04-02

Severity: medium

Type: malware

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

url: https://api.github.com/repos/stamparm/maltrail/commits/a532117627e05b167cfbf0faf0a87d258d93eb1a
url: https://www.rapid7.com/blog/post/new-whitepaper-stealthy-bpfdoor-variants-are-a-needle-that-looks-like-hay
url: https://www.virustotal.com/gui/file/195b98211d1ce968669a0740ca08d0ddcf03a2df03a47e2e70550f6c002b49e8/detection
url: https://www.virustotal.com/gui/file/9ee77ed38e5bc69f841bdaba7c5e6c3bf30fd9ae94cd2e69f39834e9cec76e82/detection
domain: ntpd.casacam.net
domain: ntpupdate.ddnsgeek.com
domain: ntpupdate.ygto.com
domain: ntpussl.instanthq.com
url: https://api.github.com/repos/stamparm/maltrail/commits/003ea32aa17fcadeae04529f4bce9699e9054f6f
domain: c2.bluec2ops.com
domain: c2.gue-tech.com
domain: c2.gue-tech.org
domain: c2.jacobriggs.io
domain: c2.shemaria.tech
domain: johnjenkins.servebeer.com
domain: lab2222.com
domain: pac2.duckdns.org
domain: sino99xx.duckdns.org
domain: thebeastdev.dk
url: https://api.github.com/repos/stamparm/maltrail/commits/b3982c2ff0e06b1ac390376789b6a001b022f2c2
url: https://x.com/malwrhunterteam/status/2039439398383583584
url: https://www.virustotal.com/gui/file/92ab54d8ddfe5a408bb519d720fd58b0745c405991e41ec420f9132cdce57e2f/detection
url: https://www.virustotal.com/gui/file/eb2db389d64987855fa5db905bbcb7b100f9d6c1699eaf5d846a98680feae1df/detection
ip: 103.79.79.21
ip: 157.245.154.189
ip: 175.198.83.251
ip: 207.244.230.254
ip: 34.44.36.81
ip: 45.32.114.213
ip: 60.208.108.50
ip: 82.112.220.6
domain: inection.n-e.kr
url: https://api.github.com/repos/stamparm/maltrail/commits/38b6794b5ac1fb60f4c1a66d22eb5b5b6065a275
url: https://x.com/AlvieriD/status/2039608629314064484
domain: shnyhntww34phqoa6dcgnvps2yu7dlwzmy5lkvejwjdo6z7bmgshzayd.onion
url: https://api.github.com/repos/stamparm/maltrail/commits/5a639579be8d890372a9fc3b2e4c34f32a28f1e7
url: https://x.com/smica83/status/2039427605825265938
url: https://www.virustotal.com/gui/file/cb574adcec44a9b051269d23bd4567b876253c068c3b30835ff38aec85d49d55/detection
ip: 166.70.207.2
ip: 79.137.206.33
url: https://api.github.com/repos/stamparm/maltrail/commits/048173ed0a14985e2bf9baa611b3536c4d309f98
url: https://x.com/smica83/status/2039660000709124179
domain: requires-fortune-nutten-eligible.trycloudflare.com
url: https://api.github.com/repos/stamparm/maltrail/commits/1e78ee2511d649ed04506c5fadb570a487d0b425
domain: 140-82-18-48.cprapid.com
domain: agilemast3r.duckdns.org
domain: bridge.wales
domain: cnoocim.com
domain: dakatawebstick.com
domain: geralnewlong.com
domain: laboburiba.com
domain: logicalnewrestore.com
domain: uehfks.digital
url: https://api.github.com/repos/stamparm/maltrail/commits/d135102f5bd69324a8b7052f0c00d5d7c3232f2b
domain: c2.desuper.ipv64.net
url: https://api.github.com/repos/stamparm/maltrail/commits/841ce6aeb7bc8c8ced4a745b2adad118b44ed08c
domain: indiagov.shop
domain: indiagov.eu.cc
url: https://api.github.com/repos/stamparm/maltrail/commits/eb4789bd066a8e2a711a236d6cad025a2cd8f384
domain: browserupdate.click
domain: deepseadon.dad
domain: pixel-grapheneos.com
domain: gk.wtx-whatsapp.com.cn
domain: wtx-whatsapp.com.cn
url: https://api.github.com/repos/stamparm/maltrail/commits/3c573f8b012d777811113ccdbba85544d0755a58
url: https://x.com/__0XYC__/status/2039538772090753351
domain: ministry-gov.org
domain: gov.ministry-gov.org
domain: estabiishment.gov.ministry-gov.org
url: https://api.github.com/repos/stamparm/maltrail/commits/f7c70a4da572e9e1edae3cd945b9f02c602844f6
url: https://x.com/smica83/status/2039636514326360417
url: https://x.com/mopisec/status/2039645160435503526
url: https://www.virustotal.com/gui/file/a059d70e4f9095f167bd34ea4dfdab33be8f599907daefbd05f2ba3f2d6302be/detection
domain: neurosurgeryx.com
domain: loadmn.z13.web.core.windows.net
url: https://api.github.com/repos/stamparm/maltrail/commits/02c29d74efd24e71fae9aeafe5cc04b1a098eadd
domain: astralpacketcore4.pics
domain: hyperdatamesh3.pics
domain: neuralstreamcore1.baby
domain: orbitdatasync5.lol
domain: orbitstreamvault5.mom
domain: stellarnodehub2.mom
url: https://api.github.com/repos/stamparm/maltrail/commits/ac450482d34b482bb4944039d7a467e1dc5d6126
domain: astralpacketcore2.cyou
domain: astralpacketcore2.xyz
domain: astralpacketcore4.sbs
domain: cosmicrelayhub1.lol
domain: hyperdatamesh3.sbs
domain: hyperdatamesh5.homes
domain: hyperdatamesh5.xyz
domain: nebulasyncforge1.sbs
domain: nebulasyncforge2.cfd
domain: nebulasyncforge3.cfd
domain: quantumcachegrid5.lat
domain: stellarnodehub5.homes
domain: ultranodecluster3.baby
domain: ultranodecluster3.pics
url: https://api.github.com/repos/stamparm/maltrail/commits/88a1c46cb87feb0af650d3e564a42b951d80471d
domain: astralpacketcore3.xyz
domain: astralpacketcore5.lat
domain: astralpacketcore5.lol
domain: quantumcachegrid2.cfd
domain: stellarbackupnode3.pics
domain: ultranodecluster2.xyz
url: https://api.github.com/repos/stamparm/maltrail/commits/1ce11945817019e5e4bee7917d355169de555b97
domain: aifoundersacademy.ai
domain: astralpacketcore1.baby
domain: astralpacketcore2.sbs
domain: astralpacketcore3.sbs
domain: automationvijay.site
domain: cfdai-sound.space
domain: cosmicrelayhub3.xyz
domain: filealphaweave.com
domain: filebinaryhaze.com
domain: fileomegaform.com
domain: hyperdatamesh1.xyz
domain: hyperdatamesh2.pics
domain: meilanimacdonald.com
domain: mood-archive.online
domain: music-logic.site
domain: nebulasyncforge1.lat
domain: nebulasyncforge2.baby
domain: nebulasyncforge5.cfd
domain: neuralstreamcore1.lol
domain: neuralstreamcore3.cyou
domain: neuralstreamcore3.mom
domain: neuralstreamcore4.baby
domain: neuralstreamcore5.cyou
domain: neuralstreamcore5.pics
domain: orbitdatasync2.baby
domain: orbitdatasync5.lat
domain: orbitstreamvault1.mom
domain: procleanrobot.com
domain: quantumcachegrid1.baby
domain: quantumcachegrid1.mom
domain: quantumcachegrid1.xyz
domain: quantumcachegrid2.pics
domain: quantumcachegrid4.sbs
domain: quantumfluxgrid3.mom
domain: quantumfluxgrid5.baby
domain: stellarbackupnode1.mom
domain: stellarbackupnode2.mom
domain: stellarbackupnode3.cfd
domain: stellarbackupnode3.mom
domain: stellarnodehub1.lat
domain: stellarnodehub2.lat
domain: stellarnodehub5.lat
domain: stellarnodehub5.lol
domain: travel-insider-pro.com
domain: ultranodecluster2.cfd
domain: ultranodecluster3.lol
domain: ultranodecluster4.xyz
domain: orbitstreamvault4.cfdai-sound.space
url: https://api.github.com/repos/stamparm/maltrail/commits/becfa14068c7c6946fb8fc0d63efd7ea8229f7f9
url: https://www.linkedin.com/posts/daniel-b1_marsalek-pentagonstealer-stealer-share-7445412081270575104-EYBn
domain: acabstealer.ru
domain: diegruppe.ru
domain: limbo100x.ru
domain: marsalek.cy
domain: mineflayerapi.ru
url: https://api.github.com/repos/stamparm/maltrail/commits/ddc00d20b913f309dc37af372df333f6663dab5e
url: https://www.virustotal.com/gui/file/dfe1ed1d4100e7ab6f27a56462f8572776e2f690c1314973c4328a0a6ad01eaa/detection
url: https://www.virustotal.com/gui/file/ab08270277983338cceb19a46210e1471cc2d5cd324322d649b2d4dfa020bf2a/detection
domain: s435vasdbdagfsadfsavcsavas.com
domain: safsa4sadfsavcsavas.com
domain: safsava1savas.com
domain: safsavasdbda4avcsavas.com
url: https://api.github.com/repos/stamparm/maltrail/commits/343713926f4df83c9a5becee67c18ab026e3d4de
domain: model.litellm.cloud
url: https://api.github.com/repos/stamparm/maltrail/commits/e0cc198d6bf65eeed27674605967360d345d557e
domain: szprize.cn
url: https://api.github.com/repos/stamparm/maltrail/commits/23003f3dd90e6b73056c13a9b3be3fb09eccab8c
url: https://www.virustotal.com/gui/file/1291cc6ef5d855a28a33c9ba1adcae8e5ac372b0e6e50d9de7af77db2b0deaca/detection
domain: admob-gmats.uc.r.appspot.com
domain: launcher.szprize.cn
url: https://api.github.com/repos/stamparm/maltrail/commits/e622d83c8af4c182b47c6596cc0d309f975a57ce
url: https://www.virustotal.com/gui/file/003051e26df0ccebed16ef2210f3fe417aa542ee8ca96cfb73244c22365abad6/detection
ip: 176.125.254.204
ip: 185.100.157.51
ip: 193.111.117.70
ip: 213.176.79.8
ip: 64.188.79.232
url: https://api.github.com/repos/stamparm/maltrail/commits/865976715dc0e0475c2e36c4cb873e3f0e934f0f
url: https://x.com/1ZRR4H/status/2039587805450420534
ip: 111.90.158.78
url: https://api.github.com/repos/stamparm/maltrail/commits/4c6d86a76a804d92ea8d90d1ef9af3484de7becb
domain: windspring.xyz
url: https://api.github.com/repos/stamparm/maltrail/commits/40e5b0c15a3627764183b24903fe8b6e0c3d92fb
domain: 1-apaylo.com
domain: cerumo.shop
domain: fluxnet.life
domain: luminer.work
domain: millersteel.digital
domain: publisherresolution.com
domain: scooplacrosse.com
url: https://api.github.com/repos/stamparm/maltrail/commits/51d6ba8af60a3a13cef2c5908667f79cac305d52
ip: 149.104.78.245
ip: 154.40.48.111
ip: 168.93.224.183
ip: 47.238.118.2
url: https://api.github.com/repos/stamparm/maltrail/commits/249192f40defac13f38eb26e24f6cd8159e73bfb
domain: astralpacketcore1.homes
domain: astralpacketcore2.homes
domain: bipo.lol
domain: ceralythavion.com
domain: ceriamoxel.com
domain: doravelionexa.com
domain: dorimexaqua.com
domain: ibnbi.xyz
domain: index.nebulasyncforge4.baby
domain: macsoft838os.info
domain: masons2.icu
domain: metropolishealth.net
domain: nebulasyncforge4.baby
domain: noviqareth.com
domain: oceanbreezecasino.live
domain: portmotestack.click
domain: profitparadox.xyz
domain: publicsale-toby.lat
domain: qerunofira.com
domain: solana-foundation.com
domain: sorivanelqo.com
domain: tendance-perso.com
domain: ultranodecluster2.homes
domain: unlegatecore.digital
domain: valenoavion.com
domain: voltfarm.xyz
domain: xenariquental.com
domain: yeloraevion.com
domain: yorendaeravo.com
url: https://api.github.com/repos/stamparm/maltrail/commits/1db31cad3bdca33855dd50c9f06e4fe1ca8049fe
domain: mydicksmanager.com
domain: myjbhifi.com
domain: mynbamanager.com
domain: mypetcomanager.com
domain: mypublixmanager.com
domain: myupennmanager.com

Source: CIRCL OSINT Feed

Published: Thu Apr 02 2026

Maltrail IOC for 2026-04-02

Medium

Malwaretlp:clear malware misp:threat-level="medium-risk"misp:event-type="observation"misp:automation-level="unsupervised"type:osint osint:lifetime="perpetual"osint:source-type="manual-collection"

Published: Thu Apr 02 2026 (04/02/2026, 00:00:00 UTC)

Source: CIRCL OSINT Feed

Vendor/Project: tlp

Product: clear

Description

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 04/03/2026, 13:45:43 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Uuid: 0751fd85-ecbb-4204-8d19-2b662950290c
Original Timestamp: 1775152849

Indicators of Compromise

Url

Value	Description	Copy
urlhttps://api.github.com/repos/stamparm/maltrail/commits/a532117627e05b167cfbf0faf0a87d258d93eb1a	elf_bpfdoor
urlhttps://www.rapid7.com/blog/post/new-whitepaper-stealthy-bpfdoor-variants-are-a-needle-that-looks-like-hay	elf_bpfdoor
urlhttps://www.virustotal.com/gui/file/195b98211d1ce968669a0740ca08d0ddcf03a2df03a47e2e70550f6c002b49e8/detection	elf_bpfdoor
urlhttps://www.virustotal.com/gui/file/9ee77ed38e5bc69f841bdaba7c5e6c3bf30fd9ae94cd2e69f39834e9cec76e82/detection	elf_bpfdoor
urlhttps://api.github.com/repos/stamparm/maltrail/commits/003ea32aa17fcadeae04529f4bce9699e9054f6f	hak5cloud_c2
urlhttps://api.github.com/repos/stamparm/maltrail/commits/b3982c2ff0e06b1ac390376789b6a001b022f2c2	glassworm
urlhttps://x.com/malwrhunterteam/status/2039439398383583584	glassworm
urlhttps://www.virustotal.com/gui/file/92ab54d8ddfe5a408bb519d720fd58b0745c405991e41ec420f9132cdce57e2f/detection	glassworm
urlhttps://www.virustotal.com/gui/file/eb2db389d64987855fa5db905bbcb7b100f9d6c1699eaf5d846a98680feae1df/detection	glassworm
urlhttps://api.github.com/repos/stamparm/maltrail/commits/38b6794b5ac1fb60f4c1a66d22eb5b5b6065a275	0ktapus
urlhttps://x.com/AlvieriD/status/2039608629314064484	0ktapus
urlhttps://api.github.com/repos/stamparm/maltrail/commits/5a639579be8d890372a9fc3b2e4c34f32a28f1e7	metasploit
urlhttps://x.com/smica83/status/2039427605825265938	metasploit
urlhttps://www.virustotal.com/gui/file/cb574adcec44a9b051269d23bd4567b876253c068c3b30835ff38aec85d49d55/detection	metasploit
urlhttps://api.github.com/repos/stamparm/maltrail/commits/048173ed0a14985e2bf9baa611b3536c4d309f98	generic
urlhttps://x.com/smica83/status/2039660000709124179	generic
urlhttps://api.github.com/repos/stamparm/maltrail/commits/1e78ee2511d649ed04506c5fadb570a487d0b425	fakeapp
urlhttps://api.github.com/repos/stamparm/maltrail/commits/d135102f5bd69324a8b7052f0c00d5d7c3232f2b	hak5cloud_c2
urlhttps://api.github.com/repos/stamparm/maltrail/commits/841ce6aeb7bc8c8ced4a745b2adad118b44ed08c	silverfox
urlhttps://api.github.com/repos/stamparm/maltrail/commits/eb4789bd066a8e2a711a236d6cad025a2cd8f384	fakeapp
urlhttps://api.github.com/repos/stamparm/maltrail/commits/3c573f8b012d777811113ccdbba85544d0755a58	apt_sidewinder
urlhttps://x.com/__0XYC__/status/2039538772090753351	apt_sidewinder
urlhttps://api.github.com/repos/stamparm/maltrail/commits/f7c70a4da572e9e1edae3cd945b9f02c602844f6	plugx
urlhttps://x.com/smica83/status/2039636514326360417	plugx
urlhttps://x.com/mopisec/status/2039645160435503526	plugx
urlhttps://www.virustotal.com/gui/file/a059d70e4f9095f167bd34ea4dfdab33be8f599907daefbd05f2ba3f2d6302be/detection	plugx
urlhttps://api.github.com/repos/stamparm/maltrail/commits/02c29d74efd24e71fae9aeafe5cc04b1a098eadd	osx_atomic
urlhttps://api.github.com/repos/stamparm/maltrail/commits/ac450482d34b482bb4944039d7a467e1dc5d6126	osx_atomic
urlhttps://api.github.com/repos/stamparm/maltrail/commits/88a1c46cb87feb0af650d3e564a42b951d80471d	osx_atomic
urlhttps://api.github.com/repos/stamparm/maltrail/commits/1ce11945817019e5e4bee7917d355169de555b97	osx_atomic
urlhttps://api.github.com/repos/stamparm/maltrail/commits/becfa14068c7c6946fb8fc0d63efd7ea8229f7f9	1312
urlhttps://www.linkedin.com/posts/daniel-b1_marsalek-pentagonstealer-stealer-share-7445412081270575104-EYBn	1312
urlhttps://api.github.com/repos/stamparm/maltrail/commits/ddc00d20b913f309dc37af372df333f6663dab5e	android_bankbot
urlhttps://www.virustotal.com/gui/file/dfe1ed1d4100e7ab6f27a56462f8572776e2f690c1314973c4328a0a6ad01eaa/detection	android_bankbot
urlhttps://www.virustotal.com/gui/file/ab08270277983338cceb19a46210e1471cc2d5cd324322d649b2d4dfa020bf2a/detection	android_bankbot
urlhttps://api.github.com/repos/stamparm/maltrail/commits/343713926f4df83c9a5becee67c18ab026e3d4de	teampcp
urlhttps://api.github.com/repos/stamparm/maltrail/commits/e0cc198d6bf65eeed27674605967360d345d557e	android_generic
urlhttps://api.github.com/repos/stamparm/maltrail/commits/23003f3dd90e6b73056c13a9b3be3fb09eccab8c	android_generic
urlhttps://www.virustotal.com/gui/file/1291cc6ef5d855a28a33c9ba1adcae8e5ac372b0e6e50d9de7af77db2b0deaca/detection	android_generic
urlhttps://api.github.com/repos/stamparm/maltrail/commits/e622d83c8af4c182b47c6596cc0d309f975a57ce	android_bankbot
urlhttps://www.virustotal.com/gui/file/003051e26df0ccebed16ef2210f3fe417aa542ee8ca96cfb73244c22365abad6/detection	android_bankbot
urlhttps://api.github.com/repos/stamparm/maltrail/commits/865976715dc0e0475c2e36c4cb873e3f0e934f0f	python_injector
urlhttps://x.com/1ZRR4H/status/2039587805450420534	python_injector
urlhttps://api.github.com/repos/stamparm/maltrail/commits/4c6d86a76a804d92ea8d90d1ef9af3484de7becb	offloader
urlhttps://api.github.com/repos/stamparm/maltrail/commits/40e5b0c15a3627764183b24903fe8b6e0c3d92fb	tsundere
urlhttps://api.github.com/repos/stamparm/maltrail/commits/51d6ba8af60a3a13cef2c5908667f79cac305d52	supershell_c2
urlhttps://api.github.com/repos/stamparm/maltrail/commits/249192f40defac13f38eb26e24f6cd8159e73bfb	—
urlhttps://api.github.com/repos/stamparm/maltrail/commits/1db31cad3bdca33855dd50c9f06e4fe1ca8049fe	0ktapus

Domain

Value	Description	Copy
domainntpd.casacam.net	elf_bpfdoor
domainntpupdate.ddnsgeek.com	elf_bpfdoor
domainntpupdate.ygto.com	elf_bpfdoor
domainntpussl.instanthq.com	elf_bpfdoor
domainc2.bluec2ops.com	hak5cloud_c2
domainc2.gue-tech.com	hak5cloud_c2
domainc2.gue-tech.org	hak5cloud_c2
domainc2.jacobriggs.io	hak5cloud_c2
domainc2.shemaria.tech	hak5cloud_c2
domainjohnjenkins.servebeer.com	hak5cloud_c2
domainlab2222.com	hak5cloud_c2
domainpac2.duckdns.org	hak5cloud_c2
domainsino99xx.duckdns.org	hak5cloud_c2
domainthebeastdev.dk	hak5cloud_c2
domaininection.n-e.kr	glassworm
domainshnyhntww34phqoa6dcgnvps2yu7dlwzmy5lkvejwjdo6z7bmgshzayd.onion	0ktapus
domainrequires-fortune-nutten-eligible.trycloudflare.com	generic
domain140-82-18-48.cprapid.com	fakeapp
domainagilemast3r.duckdns.org	fakeapp
domainbridge.wales	fakeapp
domaincnoocim.com	fakeapp
domaindakatawebstick.com	fakeapp
domaingeralnewlong.com	fakeapp
domainlaboburiba.com	fakeapp
domainlogicalnewrestore.com	fakeapp
domainuehfks.digital	fakeapp
domainc2.desuper.ipv64.net	hak5cloud_c2
domainindiagov.shop	silverfox
domainindiagov.eu.cc	silverfox
domainbrowserupdate.click	fakeapp
domaindeepseadon.dad	fakeapp
domainpixel-grapheneos.com	fakeapp
domaingk.wtx-whatsapp.com.cn	fakeapp
domainwtx-whatsapp.com.cn	fakeapp
domainministry-gov.org	apt_sidewinder
domaingov.ministry-gov.org	apt_sidewinder
domainestabiishment.gov.ministry-gov.org	apt_sidewinder
domainneurosurgeryx.com	plugx
domainloadmn.z13.web.core.windows.net	plugx
domainastralpacketcore4.pics	osx_atomic
domainhyperdatamesh3.pics	osx_atomic
domainneuralstreamcore1.baby	osx_atomic
domainorbitdatasync5.lol	osx_atomic
domainorbitstreamvault5.mom	osx_atomic
domainstellarnodehub2.mom	osx_atomic
domainastralpacketcore2.cyou	osx_atomic
domainastralpacketcore2.xyz	osx_atomic
domainastralpacketcore4.sbs	osx_atomic
domaincosmicrelayhub1.lol	osx_atomic
domainhyperdatamesh3.sbs	osx_atomic
domainhyperdatamesh5.homes	osx_atomic
domainhyperdatamesh5.xyz	osx_atomic
domainnebulasyncforge1.sbs	osx_atomic
domainnebulasyncforge2.cfd	osx_atomic
domainnebulasyncforge3.cfd	osx_atomic
domainquantumcachegrid5.lat	osx_atomic
domainstellarnodehub5.homes	osx_atomic
domainultranodecluster3.baby	osx_atomic
domainultranodecluster3.pics	osx_atomic
domainastralpacketcore3.xyz	osx_atomic
domainastralpacketcore5.lat	osx_atomic
domainastralpacketcore5.lol	osx_atomic
domainquantumcachegrid2.cfd	osx_atomic
domainstellarbackupnode3.pics	osx_atomic
domainultranodecluster2.xyz	osx_atomic
domainaifoundersacademy.ai	osx_atomic
domainastralpacketcore1.baby	osx_atomic
domainastralpacketcore2.sbs	osx_atomic
domainastralpacketcore3.sbs	osx_atomic
domainautomationvijay.site	osx_atomic
domaincfdai-sound.space	osx_atomic
domaincosmicrelayhub3.xyz	osx_atomic
domainfilealphaweave.com	osx_atomic
domainfilebinaryhaze.com	osx_atomic
domainfileomegaform.com	osx_atomic
domainhyperdatamesh1.xyz	osx_atomic
domainhyperdatamesh2.pics	osx_atomic
domainmeilanimacdonald.com	osx_atomic
domainmood-archive.online	osx_atomic
domainmusic-logic.site	osx_atomic
domainnebulasyncforge1.lat	osx_atomic
domainnebulasyncforge2.baby	osx_atomic
domainnebulasyncforge5.cfd	osx_atomic
domainneuralstreamcore1.lol	osx_atomic
domainneuralstreamcore3.cyou	osx_atomic
domainneuralstreamcore3.mom	osx_atomic
domainneuralstreamcore4.baby	osx_atomic
domainneuralstreamcore5.cyou	osx_atomic
domainneuralstreamcore5.pics	osx_atomic
domainorbitdatasync2.baby	osx_atomic
domainorbitdatasync5.lat	osx_atomic
domainorbitstreamvault1.mom	osx_atomic
domainprocleanrobot.com	osx_atomic
domainquantumcachegrid1.baby	osx_atomic
domainquantumcachegrid1.mom	osx_atomic
domainquantumcachegrid1.xyz	osx_atomic
domainquantumcachegrid2.pics	osx_atomic
domainquantumcachegrid4.sbs	osx_atomic
domainquantumfluxgrid3.mom	osx_atomic
domainquantumfluxgrid5.baby	osx_atomic
domainstellarbackupnode1.mom	osx_atomic
domainstellarbackupnode2.mom	osx_atomic
domainstellarbackupnode3.cfd	osx_atomic
domainstellarbackupnode3.mom	osx_atomic
domainstellarnodehub1.lat	osx_atomic
domainstellarnodehub2.lat	osx_atomic
domainstellarnodehub5.lat	osx_atomic
domainstellarnodehub5.lol	osx_atomic
domaintravel-insider-pro.com	osx_atomic
domainultranodecluster2.cfd	osx_atomic
domainultranodecluster3.lol	osx_atomic
domainultranodecluster4.xyz	osx_atomic
domainorbitstreamvault4.cfdai-sound.space	osx_atomic
domainacabstealer.ru	1312
domaindiegruppe.ru	1312
domainlimbo100x.ru	1312
domainmarsalek.cy	1312
domainmineflayerapi.ru	1312
domains435vasdbdagfsadfsavcsavas.com	android_bankbot
domainsafsa4sadfsavcsavas.com	android_bankbot
domainsafsava1savas.com	android_bankbot
domainsafsavasdbda4avcsavas.com	android_bankbot
domainmodel.litellm.cloud	teampcp
domainszprize.cn	android_generic
domainadmob-gmats.uc.r.appspot.com	android_generic
domainlauncher.szprize.cn	android_generic
domainwindspring.xyz	offloader
domain1-apaylo.com	tsundere
domaincerumo.shop	tsundere
domainfluxnet.life	tsundere
domainluminer.work	tsundere
domainmillersteel.digital	tsundere
domainpublisherresolution.com	tsundere
domainscooplacrosse.com	tsundere
domainastralpacketcore1.homes	—
domainastralpacketcore2.homes	—
domainbipo.lol	—
domainceralythavion.com	—
domainceriamoxel.com	—
domaindoravelionexa.com	—
domaindorimexaqua.com	—
domainibnbi.xyz	—
domainindex.nebulasyncforge4.baby	—
domainmacsoft838os.info	—
domainmasons2.icu	—
domainmetropolishealth.net	—
domainnebulasyncforge4.baby	—
domainnoviqareth.com	—
domainoceanbreezecasino.live	—
domainportmotestack.click	—
domainprofitparadox.xyz	—
domainpublicsale-toby.lat	—
domainqerunofira.com	—
domainsolana-foundation.com	—
domainsorivanelqo.com	—
domaintendance-perso.com	—
domainultranodecluster2.homes	—
domainunlegatecore.digital	—
domainvalenoavion.com	—
domainvoltfarm.xyz	—
domainxenariquental.com	—
domainyeloraevion.com	—
domainyorendaeravo.com	—
domainmydicksmanager.com	0ktapus
domainmyjbhifi.com	0ktapus
domainmynbamanager.com	0ktapus
domainmypetcomanager.com	0ktapus
domainmypublixmanager.com	0ktapus
domainmyupennmanager.com	0ktapus

Ip

Value	Description	Copy
ip103.79.79.21	glassworm
ip157.245.154.189	glassworm
ip175.198.83.251	glassworm
ip207.244.230.254	glassworm
ip34.44.36.81	glassworm
ip45.32.114.213	glassworm
ip60.208.108.50	glassworm
ip82.112.220.6	glassworm
ip166.70.207.2	metasploit
ip79.137.206.33	metasploit
ip176.125.254.204	android_bankbot
ip185.100.157.51	android_bankbot
ip193.111.117.70	android_bankbot
ip213.176.79.8	android_bankbot
ip64.188.79.232	android_bankbot
ip111.90.158.78	python_injector
ip149.104.78.245	supershell_c2
ip154.40.48.111	supershell_c2
ip168.93.224.183	supershell_c2
ip47.238.118.2	supershell_c2

Threat ID: 69cfc4810a160ebd9223393f

Added to database: 4/3/2026, 1:45:37 PM

Last enriched: 4/3/2026, 1:45:43 PM

Last updated: 4/4/2026, 5:44:36 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited

View courses

Maltrail IOC for 2026-04-02

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

Maltrail IOC for 2026-04-02

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Url

Domain

Ip

Community Reviews

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility

Maltrail IOC for 2026-04-02

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

Maltrail IOC for 2026-04-02

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Url

Domain

Ip

Community Reviews

Related Threats

ThreatFox IOCs for 2026-04-03

Maltrail IOC for 2026-04-03

A Technique-Based Approach to Hunting Web-Delivered Malware

KRVTZ-NET IDS alerts for 2026-04-03

ThreatFox IOCs for 2026-04-02

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility