Maltrail IOC for 2026-04-23
Maltrail IOC for 2026-04-23
AI Analysis
Technical Summary
The report details a malware IOC published by CIRCL OSINT Feed for April 23, 2026, classified as medium risk. It is an observational OSINT entry without specific affected software versions, known exploits, or technical indicators provided. No patch or fix is available, and it is not related to a cloud service. The IOC is intended for threat intelligence purposes rather than describing a specific exploitable vulnerability.
Potential Impact
No direct impact on specific products or systems is described. The IOC indicates potential malware-related network activity but does not confirm active exploitation or compromise. There are no known exploits in the wild associated with this IOC.
Mitigation Recommendations
No patch or remediation is available or indicated. As this is an OSINT observation without actionable exploit details, no specific mitigation steps are provided. Security teams may incorporate this IOC into their threat detection and monitoring tools as appropriate.
Indicators of Compromise
- url: https://api.github.com/repos/stamparm/maltrail/commits/3268f88f70ec4d2918decef92a5fbc1104ae61ff
- url: https://x.com/pcrisk/status/2047219293197103521
- url: https://www.virustotal.com/gui/ip-address/144.31.236.66/relations
- domain: script-dev.buzz
- domain: script-dev.digital
- domain: script-dev.xyz
- url: https://api.github.com/repos/stamparm/maltrail/commits/59d9cf8c4b2e04ff76ab6a91fac1d858850714a1
- url: https://research.checkpoint.com/2026/dfir-report-the-gentlemen
- url: https://www.silentpush.com/blog/gentlemen-ransomware
- ip: 91.107.247.163
- url: https://api.github.com/repos/stamparm/maltrail/commits/99db64587ae2be9bc05df4673955a0758f99d66c
- url: https://www.virustotal.com/gui/file/992c951f4af57ca7cd8396f5ed69c2199fd6fd4ae5e93726da3e198e78bec0a5/detection
- ip: 45.86.230.112
- url: https://api.github.com/repos/stamparm/maltrail/commits/af4ab19b27ac3b5474c865c645d85efd950c4567
- domain: scarecrowcare.xyz
- url: https://api.github.com/repos/stamparm/maltrail/commits/ea67624e705cba6137eeab60f1df0b3a7b38484a
- domain: 38-54-108-229.nip.io
- url: https://api.github.com/repos/stamparm/maltrail/commits/45f6f2f95e6f90340dbed47fb4ed4f108493446c
- domain: bmwservicebestik.com
- domain: newpayerforhomies.com
- domain: trindastal.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/6b5464892c5931ef544714bd16384803bba90d59
- domain: atagkeukentechniek.com
- domain: ipkdh.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/3321eb3b464e9b1c30ed375b1d17275068bb5381
- domain: filecrisppear.com
- domain: quicksandtrousers.xyz
- url: https://api.github.com/repos/stamparm/maltrail/commits/cf69a822f54ea21fc35d2a3d132ea8912d00346a
- domain: kweokdqlwpldpqldpqldq.com
- domain: moonshoottools.fun
- domain: moonshootvote.fun
- domain: naurok.cyou
- domain: openclawaix.pro
- domain: plimp.fun
- domain: pump-guis.fun
- domain: pump-token.fun
- domain: smilefest.icu
- domain: vseosvita.digital
- url: https://api.github.com/repos/stamparm/maltrail/commits/026781cf8169f4fcd8d3b36a034568af5f4040fc
- url: https://www.virustotal.com/gui/ip-address/91.92.243.46/relations
- domain: afejoed.cyou
- domain: driplin.cyou
- domain: obnusho.cyou
- domain: plitofa.cyou
- url: https://api.github.com/repos/stamparm/maltrail/commits/df126db1fbb6fc167011d4718adcbb2344e20b70
- domain: omnivectis.com
- domain: raventhorp.org
- url: https://api.github.com/repos/stamparm/maltrail/commits/a7553e49f164771f1382c77c6c7e0b2e75508190
- domain: superdocsoff.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/5a1a01c095f6e4182c3d7b68ab06b9b749089c27
- domain: astraloraventium.sbs
- domain: draltonemedia.sbs
- domain: dramarithenquoq.sbs
- domain: dynamiquelivora.sbs
- domain: falkremonilab.sbs
- domain: farnodelixstudio.sbs
- domain: felundraxstudio.sbs
- domain: galiaterranovavex.sbs
- domain: grandivisioneox.sbs
- domain: halivormetia.sbs
- domain: iralophane.sbs
- domain: jelariscapelyxent.sbs
- domain: lendoriphaze.sbs
- domain: lytherionexora.sbs
- domain: machinesdeivete.com
- domain: machinesdelek.com
- domain: metacytonovafloria.sbs
- domain: murrelithycapivora.sbs
- domain: myronexalia.sbs
- domain: nexoriumtalara.sbs
- domain: nivarenthulios.sbs
- domain: nivorianthusqa.sbs
- domain: nyloriventra.sbs
- domain: panoramicentivo.sbs
- domain: pantheonarisentio.sbs
- domain: pravanteliso.sbs
- domain: primalunoradiatia.sbs
- domain: quaralinthovex.sbs
- domain: quarithaloven.sbs
- domain: quelorithanex.sbs
- domain: qwenthyronexuslithiq.sbs
- domain: radianthelioxus.sbs
- domain: rmtemachine.digital
- domain: solaphioranovient.sbs
- domain: sorelvianthoxa.sbs
- domain: virraoptianexlora.sbs
- url: https://api.github.com/repos/stamparm/maltrail/commits/991be57411485ea6774d468a67c404d2b37358c0
- url: https://x.com/JAMESWT_WT/status/2047198562300133381
- url: https://x.com/JAMESWT_WT/status/2047198565194191049
- url: https://www.virustotal.com/gui/file/0e7f985723664de730b9fd27b00148ce0d19b7441989a957d421e33eafd01606/detection
- domain: auth-sharefile.com
- domain: dd6qg4wn9ejpd.cloudfront.net
- domain: himachaly17aplr.blogspot.com
- domain: htlwub00k.blogspot.com
- domain: missusecapmrch.blogspot.com
- domain: nadcapfeb25-26.blogspot.com
- domain: paypal.auth-sharefile.com
- domain: potalgonabunbunsed.blogspot.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/a80d61e99864c8b076b7a7447bce1dd0c565aa63
- url: https://x.com/JAMESWT_WT/status/2047198572672679996
- url: https://www.virustotal.com/gui/file/8f17e2954b005d9cc79d11822bd0d237aaef228e54faa13defc318876a36c813/detection
- ip: 31.44.4.127
- domain: b00king.org.za
- domain: pure.b00king.org.za
- url: https://api.github.com/repos/stamparm/maltrail/commits/c592b54f2570d403efc95cbce3b9cb51b58a7fb3
- domain: auth-booking.vercel.app
Maltrail IOC for 2026-04-23
Description
Maltrail IOC for 2026-04-23
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The report details a malware IOC published by CIRCL OSINT Feed for April 23, 2026, classified as medium risk. It is an observational OSINT entry without specific affected software versions, known exploits, or technical indicators provided. No patch or fix is available, and it is not related to a cloud service. The IOC is intended for threat intelligence purposes rather than describing a specific exploitable vulnerability.
Potential Impact
No direct impact on specific products or systems is described. The IOC indicates potential malware-related network activity but does not confirm active exploitation or compromise. There are no known exploits in the wild associated with this IOC.
Mitigation Recommendations
No patch or remediation is available or indicated. As this is an OSINT observation without actionable exploit details, no specific mitigation steps are provided. Security teams may incorporate this IOC into their threat detection and monitoring tools as appropriate.
Technical Details
- Uuid
- 465b76fb-42e4-4a02-b5fd-95d4a0e0cb5a
- Original Timestamp
- 1776934813
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://api.github.com/repos/stamparm/maltrail/commits/3268f88f70ec4d2918decef92a5fbc1104ae61ff | ek_clearfake | |
urlhttps://x.com/pcrisk/status/2047219293197103521 | ek_clearfake | |
urlhttps://www.virustotal.com/gui/ip-address/144.31.236.66/relations | ek_clearfake | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/59d9cf8c4b2e04ff76ab6a91fac1d858850714a1 | — | |
urlhttps://research.checkpoint.com/2026/dfir-report-the-gentlemen | — | |
urlhttps://www.silentpush.com/blog/gentlemen-ransomware | — | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/99db64587ae2be9bc05df4673955a0758f99d66c | systembc | |
urlhttps://www.virustotal.com/gui/file/992c951f4af57ca7cd8396f5ed69c2199fd6fd4ae5e93726da3e198e78bec0a5/detection | systembc | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/af4ab19b27ac3b5474c865c645d85efd950c4567 | offloader | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/ea67624e705cba6137eeab60f1df0b3a7b38484a | adaptix_c2 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/45f6f2f95e6f90340dbed47fb4ed4f108493446c | nightshadec2 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/6b5464892c5931ef544714bd16384803bba90d59 | tsundere | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/3321eb3b464e9b1c30ed375b1d17275068bb5381 | osx_atomic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/cf69a822f54ea21fc35d2a3d132ea8912d00346a | osx_nova | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/026781cf8169f4fcd8d3b36a034568af5f4040fc | lummac2 | |
urlhttps://www.virustotal.com/gui/ip-address/91.92.243.46/relations | lummac2 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/df126db1fbb6fc167011d4718adcbb2344e20b70 | ek_landupdate808 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/a7553e49f164771f1382c77c6c7e0b2e75508190 | — | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/5a1a01c095f6e4182c3d7b68ab06b9b749089c27 | — | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/991be57411485ea6774d468a67c404d2b37358c0 | agenttesla | |
urlhttps://x.com/JAMESWT_WT/status/2047198562300133381 | agenttesla | |
urlhttps://x.com/JAMESWT_WT/status/2047198565194191049 | agenttesla | |
urlhttps://www.virustotal.com/gui/file/0e7f985723664de730b9fd27b00148ce0d19b7441989a957d421e33eafd01606/detection | agenttesla | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/a80d61e99864c8b076b7a7447bce1dd0c565aa63 | asyncrat | |
urlhttps://x.com/JAMESWT_WT/status/2047198572672679996 | asyncrat | |
urlhttps://www.virustotal.com/gui/file/8f17e2954b005d9cc79d11822bd0d237aaef228e54faa13defc318876a36c813/detection | asyncrat | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/c592b54f2570d403efc95cbce3b9cb51b58a7fb3 | ek_clearfake |
Domain
| Value | Description | Copy |
|---|---|---|
domainscript-dev.buzz | ek_clearfake | |
domainscript-dev.digital | ek_clearfake | |
domainscript-dev.xyz | ek_clearfake | |
domainscarecrowcare.xyz | offloader | |
domain38-54-108-229.nip.io | adaptix_c2 | |
domainbmwservicebestik.com | nightshadec2 | |
domainnewpayerforhomies.com | nightshadec2 | |
domaintrindastal.com | nightshadec2 | |
domainatagkeukentechniek.com | tsundere | |
domainipkdh.com | tsundere | |
domainfilecrisppear.com | osx_atomic | |
domainquicksandtrousers.xyz | osx_atomic | |
domainkweokdqlwpldpqldpqldq.com | osx_nova | |
domainmoonshoottools.fun | osx_nova | |
domainmoonshootvote.fun | osx_nova | |
domainnaurok.cyou | osx_nova | |
domainopenclawaix.pro | osx_nova | |
domainplimp.fun | osx_nova | |
domainpump-guis.fun | osx_nova | |
domainpump-token.fun | osx_nova | |
domainsmilefest.icu | osx_nova | |
domainvseosvita.digital | osx_nova | |
domainafejoed.cyou | lummac2 | |
domaindriplin.cyou | lummac2 | |
domainobnusho.cyou | lummac2 | |
domainplitofa.cyou | lummac2 | |
domainomnivectis.com | ek_landupdate808 | |
domainraventhorp.org | ek_landupdate808 | |
domainsuperdocsoff.com | — | |
domainastraloraventium.sbs | — | |
domaindraltonemedia.sbs | — | |
domaindramarithenquoq.sbs | — | |
domaindynamiquelivora.sbs | — | |
domainfalkremonilab.sbs | — | |
domainfarnodelixstudio.sbs | — | |
domainfelundraxstudio.sbs | — | |
domaingaliaterranovavex.sbs | — | |
domaingrandivisioneox.sbs | — | |
domainhalivormetia.sbs | — | |
domainiralophane.sbs | — | |
domainjelariscapelyxent.sbs | — | |
domainlendoriphaze.sbs | — | |
domainlytherionexora.sbs | — | |
domainmachinesdeivete.com | — | |
domainmachinesdelek.com | — | |
domainmetacytonovafloria.sbs | — | |
domainmurrelithycapivora.sbs | — | |
domainmyronexalia.sbs | — | |
domainnexoriumtalara.sbs | — | |
domainnivarenthulios.sbs | — | |
domainnivorianthusqa.sbs | — | |
domainnyloriventra.sbs | — | |
domainpanoramicentivo.sbs | — | |
domainpantheonarisentio.sbs | — | |
domainpravanteliso.sbs | — | |
domainprimalunoradiatia.sbs | — | |
domainquaralinthovex.sbs | — | |
domainquarithaloven.sbs | — | |
domainquelorithanex.sbs | — | |
domainqwenthyronexuslithiq.sbs | — | |
domainradianthelioxus.sbs | — | |
domainrmtemachine.digital | — | |
domainsolaphioranovient.sbs | — | |
domainsorelvianthoxa.sbs | — | |
domainvirraoptianexlora.sbs | — | |
domainauth-sharefile.com | agenttesla | |
domaindd6qg4wn9ejpd.cloudfront.net | agenttesla | |
domainhimachaly17aplr.blogspot.com | agenttesla | |
domainhtlwub00k.blogspot.com | agenttesla | |
domainmissusecapmrch.blogspot.com | agenttesla | |
domainnadcapfeb25-26.blogspot.com | agenttesla | |
domainpaypal.auth-sharefile.com | agenttesla | |
domainpotalgonabunbunsed.blogspot.com | agenttesla | |
domainb00king.org.za | asyncrat | |
domainpure.b00king.org.za | asyncrat | |
domainauth-booking.vercel.app | ek_clearfake |
Ip
| Value | Description | Copy |
|---|---|---|
ip91.107.247.163 | — | |
ip45.86.230.112 | systembc | |
ip31.44.4.127 | asyncrat |
Threat ID: 69e9eb7f87115cfb68f9c891
Added to database: 4/23/2026, 9:50:55 AM
Last enriched: 4/23/2026, 10:06:53 AM
Last updated: 4/24/2026, 6:09:11 AM
Views: 13
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.