Maltrail IOC for 2026-05-05
This entry reports a medium-risk malware indicator of compromise (IOC) from the CIRCL OSINT Feed dated 2026-05-05. It is categorized as an external network activity observation without specific technical details or affected versions. No known exploits or patches are associated with this IOC. The information is based on manual OSINT collection and is intended for awareness and monitoring purposes.
AI Analysis
Technical Summary
The report details a malware-related IOC published on 2026-05-05 by the CIRCL OSINT Feed. It is classified as a medium-risk observation of network activity linked to malware but lacks specific technical indicators, affected software versions, or exploit details. No remediation or patch information is provided, and no active exploitation is known. The IOC serves as an intelligence observation rather than a vulnerability or active threat requiring immediate patching.
Potential Impact
There is no direct impact described beyond the classification of medium risk malware-related network activity. No exploits in the wild or affected products are identified, indicating this is primarily an intelligence observation without immediate operational impact.
Mitigation Recommendations
No patch or remediation is available or applicable. Security teams should consider this IOC for monitoring and detection purposes within their network traffic analysis but no urgent action or patching is indicated based on the provided data.
Indicators of Compromise
- url: https://api.github.com/repos/stamparm/maltrail/commits/06b9fe434a13f7d8867bb3b41f3f672a71ec46d7
- url: https://x.com/smica83/status/2051408261753053451
- url: https://www.virustotal.com/gui/file/e28825d93ba61c9e7e1c7b2cc31b32c7be0482ec2edae0c3a54fc9f3cd483058/detection
- ip: 103.119.47.218
- ip: 103.119.47.241
- ip: 103.214.147.181
- ip: 103.214.147.184
- ip: 179.60.145.198
- ip: 179.60.145.219
- ip: 179.60.149.102
- ip: 185.232.67.245
- ip: 185.55.242.133
- ip: 185.55.242.202
- ip: 193.24.211.227
- ip: 193.24.211.240
- ip: 193.24.211.251
- ip: 200.107.207.42
- ip: 200.107.207.46
- ip: 45.13.212.236
- ip: 45.13.212.245
- ip: 45.13.212.254
- ip: 45.142.195.121
- ip: 45.182.189.117
- ip: 5.188.86.163
- ip: 5.188.86.170
- ip: 5.188.86.180
- ip: 5.188.86.188
- ip: 5.188.87.49
- ip: 62.164.177.227
- ip: 62.164.177.229
- ip: 62.164.177.240
- ip: 62.164.177.250
- ip: 62.164.177.254
- ip: 88.214.25.198
- ip: 88.214.27.43
- ip: 91.191.209.90
- ip: 91.199.163.51
- ip: 91.199.163.53
- ip: 91.199.163.63
- ip: 91.199.163.72
- domain: anthodisk.com
- domain: expmle.ink
- domain: lipontrent.com
- domain: scrappd.ink
- url: https://api.github.com/repos/stamparm/maltrail/commits/17fafb8d130fe54b329fa58c900963cb8d3e0ddb
- url: https://x.com/smica83/status/2051402222458544341
- url: https://www.virustotal.com/gui/file/4e8bad3dd8b3805b02a96b79c3b109e9a0ffb3e6c2efbbce25bd0b71efaf7aed/detection
- ip: 104.194.152.199
- url: https://api.github.com/repos/stamparm/maltrail/commits/4a551fa39da4bfc139d6e486ffa2e04c0219ce4e
- url: https://blog.talosintelligence.com/uat-10608-inside-a-large-scale-automated-credential-harvesting-operation-targeting-web-applications
- url: https://github.com/Cisco-Talos/IOCs/blob/main/2026/04/uat-10608.txt
- url: https://x.com/malwrhunterteam/status/2051403187282685981
- ip: 144.172.102.88
- ip: 144.172.112.136
- ip: 144.172.117.112
- ip: 172.86.127.128
- ip: 144.172.116.48
- ip: 178.128.41.3
- ip: 216.126.225.20
- ip: 77.237.237.74
Maltrail IOC for 2026-05-05
Description
This entry reports a medium-risk malware indicator of compromise (IOC) from the CIRCL OSINT Feed dated 2026-05-05. It is categorized as an external network activity observation without specific technical details or affected versions. No known exploits or patches are associated with this IOC. The information is based on manual OSINT collection and is intended for awareness and monitoring purposes.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The report details a malware-related IOC published on 2026-05-05 by the CIRCL OSINT Feed. It is classified as a medium-risk observation of network activity linked to malware but lacks specific technical indicators, affected software versions, or exploit details. No remediation or patch information is provided, and no active exploitation is known. The IOC serves as an intelligence observation rather than a vulnerability or active threat requiring immediate patching.
Potential Impact
There is no direct impact described beyond the classification of medium risk malware-related network activity. No exploits in the wild or affected products are identified, indicating this is primarily an intelligence observation without immediate operational impact.
Mitigation Recommendations
No patch or remediation is available or applicable. Security teams should consider this IOC for monitoring and detection purposes within their network traffic analysis but no urgent action or patching is indicated based on the provided data.
Technical Details
- Uuid
- 4db752e8-4cf1-429b-afd6-209df464146c
- Original Timestamp
- 1777935618
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://api.github.com/repos/stamparm/maltrail/commits/06b9fe434a13f7d8867bb3b41f3f672a71ec46d7 | netsupport | |
urlhttps://x.com/smica83/status/2051408261753053451 | netsupport | |
urlhttps://www.virustotal.com/gui/file/e28825d93ba61c9e7e1c7b2cc31b32c7be0482ec2edae0c3a54fc9f3cd483058/detection | netsupport | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/17fafb8d130fe54b329fa58c900963cb8d3e0ddb | asyncrat | |
urlhttps://x.com/smica83/status/2051402222458544341 | asyncrat | |
urlhttps://www.virustotal.com/gui/file/4e8bad3dd8b3805b02a96b79c3b109e9a0ffb3e6c2efbbce25bd0b71efaf7aed/detection | asyncrat | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/4a551fa39da4bfc139d6e486ffa2e04c0219ce4e | nexus_c2 | |
urlhttps://blog.talosintelligence.com/uat-10608-inside-a-large-scale-automated-credential-harvesting-operation-targeting-web-applications | nexus_c2 | |
urlhttps://github.com/Cisco-Talos/IOCs/blob/main/2026/04/uat-10608.txt | nexus_c2 | |
urlhttps://x.com/malwrhunterteam/status/2051403187282685981 | nexus_c2 |
Ip
| Value | Description | Copy |
|---|---|---|
ip103.119.47.218 | netsupport | |
ip103.119.47.241 | netsupport | |
ip103.214.147.181 | netsupport | |
ip103.214.147.184 | netsupport | |
ip179.60.145.198 | netsupport | |
ip179.60.145.219 | netsupport | |
ip179.60.149.102 | netsupport | |
ip185.232.67.245 | netsupport | |
ip185.55.242.133 | netsupport | |
ip185.55.242.202 | netsupport | |
ip193.24.211.227 | netsupport | |
ip193.24.211.240 | netsupport | |
ip193.24.211.251 | netsupport | |
ip200.107.207.42 | netsupport | |
ip200.107.207.46 | netsupport | |
ip45.13.212.236 | netsupport | |
ip45.13.212.245 | netsupport | |
ip45.13.212.254 | netsupport | |
ip45.142.195.121 | netsupport | |
ip45.182.189.117 | netsupport | |
ip5.188.86.163 | netsupport | |
ip5.188.86.170 | netsupport | |
ip5.188.86.180 | netsupport | |
ip5.188.86.188 | netsupport | |
ip5.188.87.49 | netsupport | |
ip62.164.177.227 | netsupport | |
ip62.164.177.229 | netsupport | |
ip62.164.177.240 | netsupport | |
ip62.164.177.250 | netsupport | |
ip62.164.177.254 | netsupport | |
ip88.214.25.198 | netsupport | |
ip88.214.27.43 | netsupport | |
ip91.191.209.90 | netsupport | |
ip91.199.163.51 | netsupport | |
ip91.199.163.53 | netsupport | |
ip91.199.163.63 | netsupport | |
ip91.199.163.72 | netsupport | |
ip104.194.152.199 | asyncrat | |
ip144.172.102.88 | nexus_c2 | |
ip144.172.112.136 | nexus_c2 | |
ip144.172.117.112 | nexus_c2 | |
ip172.86.127.128 | nexus_c2 | |
ip144.172.116.48 | nexus_c2 | |
ip178.128.41.3 | nexus_c2 | |
ip216.126.225.20 | nexus_c2 | |
ip77.237.237.74 | nexus_c2 |
Domain
| Value | Description | Copy |
|---|---|---|
domainanthodisk.com | netsupport | |
domainexpmle.ink | netsupport | |
domainlipontrent.com | netsupport | |
domainscrappd.ink | netsupport |
Threat ID: 69f99fc3cbff5d8610d606f4
Added to database: 5/5/2026, 7:44:03 AM
Last enriched: 5/5/2026, 7:44:10 AM
Last updated: 5/5/2026, 12:32:59 PM
Views: 18
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.