Maltrail IOC for 2026-04-26
Maltrail IOC for 2026-04-26
AI Analysis
Technical Summary
The provided data describes a malware-related IOC detected by Maltrail on April 26, 2026, shared via the CIRCL OSINT Feed. It is categorized under network activity and external analysis with a medium threat level. No affected product versions or patches are associated with this IOC, indicating it is an observational threat intelligence indicator rather than a vulnerability or exploit. No known active exploitation has been reported.
Potential Impact
The impact is limited to detection and monitoring of malicious network activity associated with the IOC. There is no direct software vulnerability or exploit involved, so no direct compromise or damage is described. The medium severity suggests a moderate risk level for organizations monitoring network traffic for this IOC.
Mitigation Recommendations
Since this is an IOC for malware detection without an associated vulnerability or patch, remediation involves updating detection and monitoring tools to recognize this IOC. No official patch or fix is applicable. Organizations should incorporate this IOC into their threat intelligence feeds and network monitoring systems to identify potential malicious activity.
Indicators of Compromise
- url: https://api.github.com/repos/stamparm/maltrail/commits/01f5431591fcefa37305a2389e8f9ea51e23dd81
- url: https://x.com/rifteyy/status/2048145319985054134
- url: https://app.any.run/tasks/1f0ab2cc-7734-47f7-a9ef-18e35fdd0ecf
- url: https://app.any.run/tasks/11cfe1b7-1cd4-431c-b6c6-05bd5bc9c3e1
- domain: crystal-diskinfo.com
- domain: crystaldisk.ru
- domain: crystaldiskinfo.com.ru
- domain: crystaldiskinfo.su
- url: https://api.github.com/repos/stamparm/maltrail/commits/cd3554e9da593cfc50904fd7e36d04e49fd5ef36
- domain: ablative-tiddlers.click
- domain: addin-fita.digital
- domain: de5tre.digital
- domain: fronta1maturity.digital
- domain: heavyset-that.digital
- domain: hypert0atmeal.digital
- domain: local24news.info
- domain: myhvcusecurity.com
- domain: nslsconscloud.beer
- domain: overdoin8seven.digital
- domain: sylo3m.digital
- domain: sylom4rex.digital
- domain: syncpushpullfetch.com
- domain: vjscloudjsns.beer
- domain: zorex4.digital
- url: https://api.github.com/repos/stamparm/maltrail/commits/436227f37ec264b044a74531be0a5eb2febcea32
- url: https://x.com/npm_malware/status/2048145137986138186
- url: https://socket.dev/npm/package/apple-psh/files/4.0.3/index.js
- ip: 54.173.15.59
Maltrail IOC for 2026-04-26
Description
Maltrail IOC for 2026-04-26
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The provided data describes a malware-related IOC detected by Maltrail on April 26, 2026, shared via the CIRCL OSINT Feed. It is categorized under network activity and external analysis with a medium threat level. No affected product versions or patches are associated with this IOC, indicating it is an observational threat intelligence indicator rather than a vulnerability or exploit. No known active exploitation has been reported.
Potential Impact
The impact is limited to detection and monitoring of malicious network activity associated with the IOC. There is no direct software vulnerability or exploit involved, so no direct compromise or damage is described. The medium severity suggests a moderate risk level for organizations monitoring network traffic for this IOC.
Mitigation Recommendations
Since this is an IOC for malware detection without an associated vulnerability or patch, remediation involves updating detection and monitoring tools to recognize this IOC. No official patch or fix is applicable. Organizations should incorporate this IOC into their threat intelligence feeds and network monitoring systems to identify potential malicious activity.
Technical Details
- Uuid
- 7fb56db4-d93d-4e94-84d0-ff0c41d703dc
- Original Timestamp
- 1777161612
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://api.github.com/repos/stamparm/maltrail/commits/01f5431591fcefa37305a2389e8f9ea51e23dd81 | fakeapp | |
urlhttps://x.com/rifteyy/status/2048145319985054134 | fakeapp | |
urlhttps://app.any.run/tasks/1f0ab2cc-7734-47f7-a9ef-18e35fdd0ecf | fakeapp | |
urlhttps://app.any.run/tasks/11cfe1b7-1cd4-431c-b6c6-05bd5bc9c3e1 | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/cd3554e9da593cfc50904fd7e36d04e49fd5ef36 | ek_clearfake | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/436227f37ec264b044a74531be0a5eb2febcea32 | hacked_npmrepos | |
urlhttps://x.com/npm_malware/status/2048145137986138186 | hacked_npmrepos | |
urlhttps://socket.dev/npm/package/apple-psh/files/4.0.3/index.js | hacked_npmrepos |
Domain
| Value | Description | Copy |
|---|---|---|
domaincrystal-diskinfo.com | fakeapp | |
domaincrystaldisk.ru | fakeapp | |
domaincrystaldiskinfo.com.ru | fakeapp | |
domaincrystaldiskinfo.su | fakeapp | |
domainablative-tiddlers.click | ek_clearfake | |
domainaddin-fita.digital | ek_clearfake | |
domainde5tre.digital | ek_clearfake | |
domainfronta1maturity.digital | ek_clearfake | |
domainheavyset-that.digital | ek_clearfake | |
domainhypert0atmeal.digital | ek_clearfake | |
domainlocal24news.info | ek_clearfake | |
domainmyhvcusecurity.com | ek_clearfake | |
domainnslsconscloud.beer | ek_clearfake | |
domainoverdoin8seven.digital | ek_clearfake | |
domainsylo3m.digital | ek_clearfake | |
domainsylom4rex.digital | ek_clearfake | |
domainsyncpushpullfetch.com | ek_clearfake | |
domainvjscloudjsns.beer | ek_clearfake | |
domainzorex4.digital | ek_clearfake |
Ip
| Value | Description | Copy |
|---|---|---|
ip54.173.15.59 | hacked_npmrepos |
Threat ID: 69edd1f087115cfb68e46617
Added to database: 4/26/2026, 8:50:56 AM
Last enriched: 4/26/2026, 9:06:06 AM
Last updated: 4/27/2026, 1:04:22 AM
Views: 14
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.