Maltrail IOC for 2026-05-16
Maltrail IOC for 2026-05-16
AI Analysis
Technical Summary
This threat intelligence entry from the CIRCL OSINT Feed details multiple indicators of compromise linked to Android malware families (android_spysolrrat, android_fvncbot) and an exploit kit (ek_landupdate808). The indicators include URLs to GitHub commits, social media posts, IP addresses, and suspicious domains. The data serves as an external analysis of network activity related to these malware threats. No CVE or specific vulnerability is identified, and no patch or fix is available. The threat level is medium, reflecting the potential risk posed by these malware indicators but without confirmed active exploitation or direct vulnerability exploitation details.
Potential Impact
The impact involves potential detection of network activity or infrastructure related to Android malware and exploit kit campaigns. There is no direct evidence of exploitation or compromise detailed in the data. The medium severity rating suggests a moderate risk primarily for detection and monitoring rather than immediate critical threat. No known ransomware campaigns or threat actors are linked to this intelligence. No cloud service is involved, and no patch or mitigation is provided.
Mitigation Recommendations
No official patch or remediation is available for these indicators as they represent observed malware-related network activity rather than a specific vulnerability. Security teams should use the provided indicators (IPs, domains, URLs) to enhance detection capabilities in their environments. Since no vendor advisory or official fix exists, monitoring and blocking identified malicious infrastructure is the primary recommended action. Patch status is not applicable. No further mitigation guidance is provided by the source.
Indicators of Compromise
- url: https://api.github.com/repos/stamparm/maltrail/commits/ee59e5795fa1e3baf43f91a3cfe9b3826b89a2fb
- url: https://x.com/Fact_Finder03/status/2055547697864831203
- ip: 31.7.61.61
- domain: analyticsnode.app
- domain: deviceprotect.app
- url: https://api.github.com/repos/stamparm/maltrail/commits/18add3b4f1b8c7a468ff60ee0de017da9e2e412a
- domain: adadea.icu
- domain: suikba.icu
- url: https://api.github.com/repos/stamparm/maltrail/commits/f7dcf5aba30293f1af7dbbade756e5b7c21338d9
- domain: saewart.lol
Maltrail IOC for 2026-05-16
Description
Maltrail IOC for 2026-05-16
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This threat intelligence entry from the CIRCL OSINT Feed details multiple indicators of compromise linked to Android malware families (android_spysolrrat, android_fvncbot) and an exploit kit (ek_landupdate808). The indicators include URLs to GitHub commits, social media posts, IP addresses, and suspicious domains. The data serves as an external analysis of network activity related to these malware threats. No CVE or specific vulnerability is identified, and no patch or fix is available. The threat level is medium, reflecting the potential risk posed by these malware indicators but without confirmed active exploitation or direct vulnerability exploitation details.
Potential Impact
The impact involves potential detection of network activity or infrastructure related to Android malware and exploit kit campaigns. There is no direct evidence of exploitation or compromise detailed in the data. The medium severity rating suggests a moderate risk primarily for detection and monitoring rather than immediate critical threat. No known ransomware campaigns or threat actors are linked to this intelligence. No cloud service is involved, and no patch or mitigation is provided.
Mitigation Recommendations
No official patch or remediation is available for these indicators as they represent observed malware-related network activity rather than a specific vulnerability. Security teams should use the provided indicators (IPs, domains, URLs) to enhance detection capabilities in their environments. Since no vendor advisory or official fix exists, monitoring and blocking identified malicious infrastructure is the primary recommended action. Patch status is not applicable. No further mitigation guidance is provided by the source.
Technical Details
- Uuid
- c54b54f3-6385-4bba-8199-572afe1202a8
- Original Timestamp
- 1778918405
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://api.github.com/repos/stamparm/maltrail/commits/ee59e5795fa1e3baf43f91a3cfe9b3826b89a2fb | android_spysolrrat | |
urlhttps://x.com/Fact_Finder03/status/2055547697864831203 | android_spysolrrat | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/18add3b4f1b8c7a468ff60ee0de017da9e2e412a | android_fvncbot | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/f7dcf5aba30293f1af7dbbade756e5b7c21338d9 | ek_landupdate808 |
Ip
| Value | Description | Copy |
|---|---|---|
ip31.7.61.61 | android_spysolrrat |
Domain
| Value | Description | Copy |
|---|---|---|
domainanalyticsnode.app | android_spysolrrat | |
domaindeviceprotect.app | android_spysolrrat | |
domainadadea.icu | android_fvncbot | |
domainsuikba.icu | android_fvncbot | |
domainsaewart.lol | ek_landupdate808 |
Threat ID: 6a08a092ec166c07b006bf61
Added to database: 5/16/2026, 4:51:30 PM
Last enriched: 5/16/2026, 5:06:38 PM
Last updated: 5/17/2026, 5:30:37 AM
Views: 13
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.