Reconnecting to live updates…
Maltrail IOC for 2026-05-27
Severity: mediumType: malware
Maltrail IOC for 2026-05-27
AI Analysis
Technical Summary
The report details a malware-related IOC identified by Maltrail on 2026-05-27, sourced from CIRCL OSINT. It represents an observation of suspicious network activity linked to malware but lacks specific technical indicators, affected software versions, or exploit details. No patch or fix is applicable as this is an intelligence observation rather than a vulnerability. The IOC is classified with medium risk, reflecting moderate concern without confirmed active exploitation.
Potential Impact
The impact is limited to awareness of potential malware-related network activity. There is no evidence of active exploitation or direct compromise. No specific software or systems are identified as vulnerable, and no remediation actions are indicated.
Mitigation Recommendations
No patch or direct remediation is available or required based on the current information. Security teams should incorporate this IOC into their monitoring and detection systems as part of routine threat intelligence updates. No urgent action is mandated by the vendor or source.
Indicators of Compromise
- url: https://api.github.com/repos/stamparm/maltrail/commits/64f398a70b9001b8149676f0414fbd67bc85e368
- domain: pinglepis.net
- domain: sockmind.net
- url: https://api.github.com/repos/stamparm/maltrail/commits/0f3e1d88cf957fbf7e7e5143deedc64d59510ddb
- url: https://x.com/AlvieriD/status/2059538106362036250
- domain: shinyhunte.red
- url: https://api.github.com/repos/stamparm/maltrail/commits/3ca103ca8394884a9b891350789cab23b0c378ed
- url: https://x.com/patialavii/status/2059508901507428597
- domain: imajinandfusion.com
- domain: sacp.algoma.it
- url: https://api.github.com/repos/stamparm/maltrail/commits/8c9b09abab38972f195544ae1ff91d458d552931
- domain: cdn-reports.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/d4d23f3e6524855d32bf14d9d51e4515c7953f76
- domain: refreshwss.net
- url: https://api.github.com/repos/stamparm/maltrail/commits/c4e133882926e531519056e45dd58142ab31ee2f
- url: https://x.com/JAMESWT_WT/status/2059517877951103080
- url: https://app.any.run/tasks/ca2e99cd-6247-4633-9cd8-f64b4928ed9c
- ip: 209.99.186.243
- ip: 209.99.186.75
- domain: bryonsad.net
- domain: feersona.net
- url: https://api.github.com/repos/stamparm/maltrail/commits/d9c34b7e035cd86eb2b2578cbdb608bb6ea2abce
- domain: security-check-guest.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/0176728d93d35e8b8605cb49f212c4b19580b0bb
- url: https://x.com/Fact_Finder03/status/2059520666798555253
- domain: stealer.in
- url: https://api.github.com/repos/stamparm/maltrail/commits/4b2d1fc0bc8924f1f77ce355c583babd402b3822
- ip: 5.188.87.210
- url: https://api.github.com/repos/stamparm/maltrail/commits/388ba25260f6c9eccf529bd6d3fd097993badb9b
- ip: 103.146.202.144
- ip: 154.219.121.168
- domain: geyefan.icu
- url: https://api.github.com/repos/stamparm/maltrail/commits/735f3d3849c59bca95e0fb30a6bc137ba8872653
- domain: socket-protect.org
- url: https://api.github.com/repos/stamparm/maltrail/commits/25f8d2c0721a91f0e90a962a217cfa016c3be0af
- domain: cleane.pw
- url: https://api.github.com/repos/stamparm/maltrail/commits/9fa352f418b5be8f9d96b7e38532a86ec213abbb
- url: https://x.com/SquiblydooBlog/status/2059412842030494185
- domain: storeappsupdatesapi.xyz
- domain: app1.storeappsupdatesapi.xyz
- domain: app2.storeappsupdateapi.xyz
- url: https://api.github.com/repos/stamparm/maltrail/commits/8c4f6d785d8d82e88e9ccd81293c197c89a5cc11
- ip: 72.60.77.221
- domain: guildsmartchainpulse.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/0fc10a0fc7103b5712d31e4f7b3e861a6186804e
- domain: acesseconviteprincipal.com
- domain: acessomundialvip.com
- domain: altahirexpressmrx.com
- domain: altprojetosobras.com
- domain: assesoriabonline.com
- domain: assessoriaonlinebr.com
- domain: bazanbusinessco.com
- domain: bb-altus.com
- domain: benefonline.com
- domain: bremengruposauds.com
- domain: ccorodoviazfreeflow.com
- domain: ccroviazfreeflow.com
- domain: cerenquiliamx.com
- domain: clklegaldesign.com
- domain: cnvitedigitalbrdl.com
- domain: cnviteprinconline.com
- domain: conviteglobalonline.com
- domain: corptepremiumrx.com
- domain: crvamericanmrx.com
- domain: cvtamerimraxkr.com
- domain: cvteprincipalonline.com
- domain: cvtmrpremiumx.com
- domain: cvtmxrpremiumx.com
- domain: cvtprinconline.com
- domain: deguiemoves.com
- domain: limpremiumbrd.com
- domain: meuappedigital.com
- domain: meufreeflowrccrodoviaz.com
- domain: meufreeflowroccrdoviaz.com
- domain: netempresaspremium.com
- domain: portalchavmrbdr.com
- domain: premiumconvitebrd.com
- domain: principonlinebelmx.com
- domain: qualifisionemp.com
- domain: salomonelawfirm.com
- domain: santofoodco.com
- domain: sejbrdapremium.com
- domain: sejconviteglobal.com
- domain: sejpremiebrid.com
- domain: sejprincipalbr.com
- domain: sejprincipalbrd.com
- domain: servicochavesmrx1.com
- domain: sigconstrugroup.com
- domain: sync-simpliconline.com
- domain: uromagiservicos.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/64dca1c3bd4a08c617bb88b6fbe654c8b7ba2c76
- ip: 45.178.181.218
- domain: starmail.mom
- domain: ioperador.ddns.net
- domain: remote.starmail.mom
- domain: painel.starmail.mom
- url: https://api.github.com/repos/stamparm/maltrail/commits/ff198c1167f4f55e34952a6ed6edb446a0a92530
- url: https://x.com/malwrhunterteam/status/2059544369305124875
- url: https://www.virustotal.com/gui/file/c2ab5404c2e2e7d15c58a1bbab2a6daa857f43aa4137cce738ed5139e77310ff/detection
- domain: aglobaconvite.com
- domain: ddins.click
- domain: remoto.ddins.click
- domain: painel.ddins.click
- url: https://api.github.com/repos/stamparm/maltrail/commits/032df4b67d85b14a63c263bd2ca3ea9bd694736a
- domain: filecrystalnest.com
- domain: filefrozenpixel.com
- domain: filegoldenrocket.com
- domain: fileluckyfalcon.com
- domain: macstorage.replit.app
- url: https://api.github.com/repos/stamparm/maltrail/commits/ed5e7ef7becebafc520b43454d65d5ec42244b94
- url: https://x.com/smica83/status/2059397307515171065
- ip: 85.239.144.177
- url: https://api.github.com/repos/stamparm/maltrail/commits/b0f70676b0a13ae4f11a53c622956614d4128295
- url: https://x.com/smica83/status/2059346645662203954
- url: https://www.virustotal.com/gui/file/314faa2e399963cbd0b317b50c43e42259dbb2403afd29f583c0e8b6ba711070/detection
- url: https://www.virustotal.com/gui/file/ad7ec08e3118c2221291247df65a86dbb5929bb6092b57fbab3dc8b07c9157fa/detection
- ip: 143.14.179.112
- url: https://api.github.com/repos/stamparm/maltrail/commits/363309973584350a3fc5295389231cbf7c79add8
- ip: 204.10.194.247
- url: https://api.github.com/repos/stamparm/maltrail/commits/23f50afdac4c6f3c04ceeeeb3178c6b64f2f467d
- url: https://x.com/safedepio/status/2059386595317317964
- url: https://safedep.io/malicious-forge-jsx-npm-rat
- url: https://api.github.com/repos/stamparm/maltrail/commits/e0759907d2b1b887eecd3fdd33a6d6fb54152cfc
- url: https://x.com/patialavii/status/2059503757726302229
- domain: web-zorm.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/51a3c190e7ddfc2bb53f06d10b9393ca253d92c0
- url: https://x.com/patialavii/status/2059501603842105563
- domain: amerilifegh.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/7c5bffb7f44fb06d63825a9f1ad89329b10e717f
- url: https://cert.gov.ua/article/6315762
- domain: a1si.icu
- domain: alertapp.icu
- domain: cgdirector.icu
- domain: xsjdsb.icu
- domain: alerteddatalistsclients.alertapp.icu
- domain: a3ufz.xsjdsb.icu
- domain: advancedaisolutionsforeveryone.a1si.icu
- domain: productionsamplesoftheyear.cgdirector.icu
- url: https://api.github.com/repos/stamparm/maltrail/commits/cbc3bedce425473761df3cfa17edbdb4d4776444
- ip: 199.217.99.122
- url: https://api.github.com/repos/stamparm/maltrail/commits/3a63154145218577154a3073b6ff70ee55beb81b
- url: https://cyble.com/blog/overlayphantom-android-banking-trojan
- url: https://www.virustotal.com/gui/file/8ddc1f2a75f3d5b5bd054a5367bd5015ebc90f3453d63c7cce438c12dc2ae86a/detection
- domain: bitlrewards-app.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/f04ce18d880b477bbd6e88b3d13de8310992fdc7
- url: https://www.virustotal.com/gui/file/16ee8d6af960e9af3b87feafe87addb6f805ab0657028a16f5069fe7093e0dfa/detection
- ip: 102.220.160.85
- domain: lermontfile.online
- url: https://api.github.com/repos/stamparm/maltrail/commits/477c98f216c1479366125180523e695f37c9678a
- url: https://www.fortinet.com/blog/threat-research/phishing-campaign-deploys-javascript-driven-purelogs-variant-to-steal-sensitive-data
- ip: 77.83.39.211
- url: https://api.github.com/repos/stamparm/maltrail/commits/ba2aeeb6040eb2b933ca6039654de873521951e8
- url: https://x.com/JAMESWT_WT/status/2059596666965991875
- domain: sharedrivedocuments.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/608ccf5f62c89944f2a8e539b300b309734599ba
- domain: aeons-echo.org
- domain: canvahow.com
- domain: cpppemwjewjoiwejow.sale
- domain: hugo-lapp.co
- domain: vn.cpppemwjewjoiwejow.sale
- domain: vn.hugo-lapp.co
- domain: zebregts.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/411c0c6c4cfa0f566e5d8cf2c86c02e412ea54f2
- url: https://www.virustotal.com/gui/file/04182538d940c58320e1faefdf6f8645e3270e498f8f41f073959a33e5e22559/detection
- ip: 185.102.115.17
- domain: hippamsas.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/b49053f895915364d67b148012e83a081ffcfcb2
- url: https://x.com/JAMESWT_WT/status/2059592061045690459
- url: https://www.virustotal.com/gui/file/79ad6db733805ffff0c251d25cbf911dedf3c78352ec5813742d164b11bf3e7c/detection
- url: https://www.virustotal.com/gui/file/177bfc846a77617931f7e6651a26df92511c7f60c0170001d67b982c09a677d1/detection
- ip: 5.252.177.201
- ip: 65.109.104.71
- url: https://api.github.com/repos/stamparm/maltrail/commits/eb93dbb158c680892e0065d3c59264e1e3ac8fef
- url: https://x.com/malwrhunterteam/status/2059582994382225904
- url: https://www.virustotal.com/gui/file/05aed8fa1453a78c1e771b1a9789ed469f32706a21fd1f542f7e5f4a99351896/detection
- ip: 34.151.244.225
- domain: iqezmqm.com
- domain: ns1.iqezmqm.com
- domain: ns2.iqezmqm.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/00f10daf33127a3b48846298dbcdae721fecf566
- url: https://qiita.com/Y4er/items/0b6071745e4b7b240b3e
- url: https://www.virustotal.com/gui/file/f62f5e0a9eaa45b8b12aee62f52d40eada40c1f45d94d285c20d459d5a441e8f/detection
- ip: 23.254.129.112
- ip: 47.236.249.101
- ip: 47.81.37.109
- ip: 8.211.130.16
- ip: 8.213.217.130
- domain: contextlayerrun.com
- domain: discovercoded.com
- domain: namefilecode.com
- domain: perfectgo.top
- domain: safelyhome.top
- domain: specialclouds.com
- domain: specialclouds.top
- domain: valuecode.top
- domain: windowsoftmessages.com
- domain: windowsweatherkb.top
- domain: function.windowsoftmessages.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/0b2f853bb4ea05e04922aeba64e4b4c097ff8d90
- domain: akamaicloud.com
- domain: devicelinkintel.com
- domain: intelcloudinsights.com
- domain: msdeliverycontent.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/a0e8c63979d1a4372d57a1a4e91be1e6d6729c78
- url: https://blog.fox-it.com/2026/05/22/remotepe-the-lazarus-rat-that-lives-in-memory
- domain: appsnabia.org
- domain: btfns.co
- domain: mail.aes-secure.net
- domain: mail.newson-6.com
- domain: newson-6.com
- domain: track.trandytics.com
- domain: trandytics.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/4bd3d68483e1f536d516a2b8c9ea1b331608f532
- url: https://x.com/tdatwja/status/2059088636340314310
- url: https://www.virustotal.com/gui/file/4c0d1e5d7983d740d37c0c1f6bc6a4d6ecd19a77136e8f2ac26baaa4eddad0a0/detection
- domain: calidum-oprema.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/e1dbbc3eb43c970badfe3afe77c652605e366642
- ip: 172.86.72.239
- ip: 45.61.134.158
- url: https://api.github.com/repos/stamparm/maltrail/commits/231c0017affc2b0699f569c0fed98b1eb84ace65
- url: https://www.virustotal.com/gui/file/1ba927d47206bc6a795bee28bc8d6a9ff81cd46ac3e35c3f46dd875afdf51db1/detection
- ip: 178.16.53.219
- url: https://api.github.com/repos/stamparm/maltrail/commits/eb882df5c004e775ce874a83d41a876d45285915
- url: https://x.com/sdcyberresearch/status/2059613050659827852
- ip: 38.87.117.12
- ip: 45.158.127.28
- domain: hilo-cdn.app
- url: https://api.github.com/repos/stamparm/maltrail/commits/cd78bef1ca5a92f4cb9479ba66f4926bf3e831d7
- url: https://x.com/joe4security/status/2059615683286089797
- url: https://www.joesandbox.com/joereverser/analysis/download/a6165a32-5017-4c81-bdd1-e7926cbd36e9?type=html
- domain: gadarpanal.net
- domain: lunavots.com
- domain: nexusp1.com
- domain: ngetprim.com
- domain: ngetsoftware.in
- domain: nproreturnxyz.com
- domain: paglaworlddd.com
- domain: proplus.co.in
- domain: sikkav2.com
- domain: singiskinglive.com
- domain: ts-bazar.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/d52d365f67e24e395b985ab796f110bf32eb8910
- url: https://x.com/safedepio/status/2059618763797110846
- url: https://github.com/friuns2/codex-mobile/issues/198
- domain: anyclaw.store
- domain: sentry.anyclaw.store
- url: https://api.github.com/repos/stamparm/maltrail/commits/fe3c0f2c034dec860bb771bceec329c92f98892d
- domain: allbestselling.com
- domain: bargainlenders.com
- domain: cipherquantix.com
- domain: fishingguidesmiami.com
- domain: fluxontra.com
- domain: getetenos.com
- domain: lufkintowing.com
- domain: play-best-games.website
- domain: plumbingservicestucson.com
- domain: shopayse.app
- url: https://api.github.com/repos/stamparm/maltrail/commits/2fddbab603e2959f4efa15219e7b6ff714ebb6ea
- url: https://x.com/Unit42_Intel/status/2059640356908539913
- url: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-05-26-IOCs-for-SHub-Stealer-activity.txt
- domain: qw4c12qqqqoepwq.com
- domain: claudecontrol.github.io
- url: https://api.github.com/repos/stamparm/maltrail/commits/90db7c4f84db1eb0062e76a51202a19b8810e46b
- url: https://x.com/DFIR_Radar/status/2059349762944471511
- url: https://www.crowdstrike.com/en-us/blog/inside-crowdstrike-takedown-of-a-developer-targeting-botnet
- ip: 164.92.88.210
- url: https://api.github.com/repos/stamparm/maltrail/commits/1131851154c2f459ba434732b2403de2b5fd7e4e
- domain: txau1.top
- domain: ge-kr.txau1.top
- url: https://api.github.com/repos/stamparm/maltrail/commits/6780ad2296c42932f019dd8aaed5c2d2514bbc15
- url: https://x.com/Malwarehunterr/status/2059679951234965551
- domain: bopm.digital
- domain: eventslogon.live
- domain: gech.life
- domain: liveeconnect.com.es
- domain: liveeconnect.im
- domain: naturallerevestimentos.com
- domain: schedulesession.online
- domain: scsi.life
- domain: seupedido.app
Maltrail IOC for 2026-05-27
0
MediumMalwaretlp:clearmalwaremisp:threat-level="medium-risk"misp:event-type="observation"misp:automation-level="unsupervised"type:osintosint:lifetime="perpetual"osint:source-type="manual-collection"
Published: Tue May 26 2026 (05/26/2026, 00:00:00 UTC)
Source: CIRCL OSINT Feed
Description
Maltrail IOC for 2026-05-27
AI-Powered Analysis
Machine-generated threat intelligence
AILast updated: 05/27/2026, 18:49:10 UTC
Technical Analysis
The report details a malware-related IOC identified by Maltrail on 2026-05-27, sourced from CIRCL OSINT. It represents an observation of suspicious network activity linked to malware but lacks specific technical indicators, affected software versions, or exploit details. No patch or fix is applicable as this is an intelligence observation rather than a vulnerability. The IOC is classified with medium risk, reflecting moderate concern without confirmed active exploitation.
Potential Impact
The impact is limited to awareness of potential malware-related network activity. There is no evidence of active exploitation or direct compromise. No specific software or systems are identified as vulnerable, and no remediation actions are indicated.
Mitigation Recommendations
No patch or direct remediation is available or required based on the current information. Security teams should incorporate this IOC into their monitoring and detection systems as part of routine threat intelligence updates. No urgent action is mandated by the vendor or source.
Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro
Technical Details
- Uuid
- 9a4ef3c0-d447-4f61-b72c-46d3acbbb1d2
- Original Timestamp
- 1779904805
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://api.github.com/repos/stamparm/maltrail/commits/64f398a70b9001b8149676f0414fbd67bc85e368 | netsupport | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/0f3e1d88cf957fbf7e7e5143deedc64d59510ddb | 0ktapus | |
urlhttps://x.com/AlvieriD/status/2059538106362036250 | 0ktapus | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/3ca103ca8394884a9b891350789cab23b0c378ed | fakeapp | |
urlhttps://x.com/patialavii/status/2059508901507428597 | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/8c9b09abab38972f195544ae1ff91d458d552931 | magentocore | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/d4d23f3e6524855d32bf14d9d51e4515c7953f76 | magentocore | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/c4e133882926e531519056e45dd58142ab31ee2f | netsupport | |
urlhttps://x.com/JAMESWT_WT/status/2059517877951103080 | netsupport | |
urlhttps://app.any.run/tasks/ca2e99cd-6247-4633-9cd8-f64b4928ed9c | netsupport | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/d9c34b7e035cd86eb2b2578cbdb608bb6ea2abce | — | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/0176728d93d35e8b8605cb49f212c4b19580b0bb | bad_service | |
urlhttps://x.com/Fact_Finder03/status/2059520666798555253 | bad_service | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/4b2d1fc0bc8924f1f77ce355c583babd402b3822 | sectoprat | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/388ba25260f6c9eccf529bd6d3fd097993badb9b | cyberstrikeai | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/735f3d3849c59bca95e0fb30a6bc137ba8872653 | magentocore | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/25f8d2c0721a91f0e90a962a217cfa016c3be0af | android_joker | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/9fa352f418b5be8f9d96b7e38532a86ec213abbb | fakeapp | |
urlhttps://x.com/SquiblydooBlog/status/2059412842030494185 | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/8c4f6d785d8d82e88e9ccd81293c197c89a5cc11 | apt_lazarus | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/0fc10a0fc7103b5712d31e4f7b3e861a6186804e | banload | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/64dca1c3bd4a08c617bb88b6fbe654c8b7ba2c76 | banload | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/ff198c1167f4f55e34952a6ed6edb446a0a92530 | banload | |
urlhttps://x.com/malwrhunterteam/status/2059544369305124875 | banload | |
urlhttps://www.virustotal.com/gui/file/c2ab5404c2e2e7d15c58a1bbab2a6daa857f43aa4137cce738ed5139e77310ff/detection | banload | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/032df4b67d85b14a63c263bd2ca3ea9bd694736a | osx_atomic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/ed5e7ef7becebafc520b43454d65d5ec42244b94 | generic | |
urlhttps://x.com/smica83/status/2059397307515171065 | generic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/b0f70676b0a13ae4f11a53c622956614d4128295 | darkgate | |
urlhttps://x.com/smica83/status/2059346645662203954 | darkgate | |
urlhttps://www.virustotal.com/gui/file/314faa2e399963cbd0b317b50c43e42259dbb2403afd29f583c0e8b6ba711070/detection | darkgate | |
urlhttps://www.virustotal.com/gui/file/ad7ec08e3118c2221291247df65a86dbb5929bb6092b57fbab3dc8b07c9157fa/detection | darkgate | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/363309973584350a3fc5295389231cbf7c79add8 | hacked_npmrepos | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/23f50afdac4c6f3c04ceeeeb3178c6b64f2f467d | hacked_npmrepos | |
urlhttps://x.com/safedepio/status/2059386595317317964 | hacked_npmrepos | |
urlhttps://safedep.io/malicious-forge-jsx-npm-rat | hacked_npmrepos | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/e0759907d2b1b887eecd3fdd33a6d6fb54152cfc | fakeapp | |
urlhttps://x.com/patialavii/status/2059503757726302229 | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/51a3c190e7ddfc2bb53f06d10b9393ca253d92c0 | fakeapp | |
urlhttps://x.com/patialavii/status/2059501603842105563 | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/7c5bffb7f44fb06d63825a9f1ad89329b10e717f | apt_unc1151 | |
urlhttps://cert.gov.ua/article/6315762 | apt_unc1151 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/cbc3bedce425473761df3cfa17edbdb4d4776444 | android_overlayphantom | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/3a63154145218577154a3073b6ff70ee55beb81b | android_overlayphantom | |
urlhttps://cyble.com/blog/overlayphantom-android-banking-trojan | android_overlayphantom | |
urlhttps://www.virustotal.com/gui/file/8ddc1f2a75f3d5b5bd054a5367bd5015ebc90f3453d63c7cce438c12dc2ae86a/detection | android_overlayphantom | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/f04ce18d880b477bbd6e88b3d13de8310992fdc7 | generic_stealer | |
urlhttps://www.virustotal.com/gui/file/16ee8d6af960e9af3b87feafe87addb6f805ab0657028a16f5069fe7093e0dfa/detection | generic_stealer | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/477c98f216c1479366125180523e695f37c9678a | purelogs | |
urlhttps://www.fortinet.com/blog/threat-research/phishing-campaign-deploys-javascript-driven-purelogs-variant-to-steal-sensitive-data | purelogs | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/ba2aeeb6040eb2b933ca6039654de873521951e8 | python_injector | |
urlhttps://x.com/JAMESWT_WT/status/2059596666965991875 | python_injector | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/608ccf5f62c89944f2a8e539b300b309734599ba | lummac2 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/411c0c6c4cfa0f566e5d8cf2c86c02e412ea54f2 | lummac2 | |
urlhttps://www.virustotal.com/gui/file/04182538d940c58320e1faefdf6f8645e3270e498f8f41f073959a33e5e22559/detection | lummac2 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/b49053f895915364d67b148012e83a081ffcfcb2 | netsupport | |
urlhttps://x.com/JAMESWT_WT/status/2059592061045690459 | netsupport | |
urlhttps://www.virustotal.com/gui/file/79ad6db733805ffff0c251d25cbf911dedf3c78352ec5813742d164b11bf3e7c/detection | netsupport | |
urlhttps://www.virustotal.com/gui/file/177bfc846a77617931f7e6651a26df92511c7f60c0170001d67b982c09a677d1/detection | netsupport | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/eb93dbb158c680892e0065d3c59264e1e3ac8fef | javarat | |
urlhttps://x.com/malwrhunterteam/status/2059582994382225904 | javarat | |
urlhttps://www.virustotal.com/gui/file/05aed8fa1453a78c1e771b1a9789ed469f32706a21fd1f542f7e5f4a99351896/detection | javarat | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/00f10daf33127a3b48846298dbcdae721fecf566 | bootkeyslotrat | |
urlhttps://qiita.com/Y4er/items/0b6071745e4b7b240b3e | bootkeyslotrat | |
urlhttps://www.virustotal.com/gui/file/f62f5e0a9eaa45b8b12aee62f52d40eada40c1f45d94d285c20d459d5a441e8f/detection | bootkeyslotrat | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/0b2f853bb4ea05e04922aeba64e4b4c097ff8d90 | apt_lazarus | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/a0e8c63979d1a4372d57a1a4e91be1e6d6729c78 | apt_lazarus | |
urlhttps://blog.fox-it.com/2026/05/22/remotepe-the-lazarus-rat-that-lives-in-memory | apt_lazarus | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/4bd3d68483e1f536d516a2b8c9ea1b331608f532 | powershell_injector | |
urlhttps://x.com/tdatwja/status/2059088636340314310 | powershell_injector | |
urlhttps://www.virustotal.com/gui/file/4c0d1e5d7983d740d37c0c1f6bc6a4d6ecd19a77136e8f2ac26baaa4eddad0a0/detection | powershell_injector | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/e1dbbc3eb43c970badfe3afe77c652605e366642 | nexus_c2 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/231c0017affc2b0699f569c0fed98b1eb84ace65 | magentocore | |
urlhttps://www.virustotal.com/gui/file/1ba927d47206bc6a795bee28bc8d6a9ff81cd46ac3e35c3f46dd875afdf51db1/detection | magentocore | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/eb882df5c004e775ce874a83d41a876d45285915 | magentocore | |
urlhttps://x.com/sdcyberresearch/status/2059613050659827852 | magentocore | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/cd78bef1ca5a92f4cb9479ba66f4926bf3e831d7 | android_bankbot | |
urlhttps://x.com/joe4security/status/2059615683286089797 | android_bankbot | |
urlhttps://www.joesandbox.com/joereverser/analysis/download/a6165a32-5017-4c81-bdd1-e7926cbd36e9?type=html | android_bankbot | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/d52d365f67e24e395b985ab796f110bf32eb8910 | hacked_npmrepos | |
urlhttps://x.com/safedepio/status/2059618763797110846 | hacked_npmrepos | |
urlhttps://github.com/friuns2/codex-mobile/issues/198 | hacked_npmrepos | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/fe3c0f2c034dec860bb771bceec329c92f98892d | apt_unc2465 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/2fddbab603e2959f4efa15219e7b6ff714ebb6ea | osx_atomic | |
urlhttps://x.com/Unit42_Intel/status/2059640356908539913 | osx_atomic | |
urlhttps://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-05-26-IOCs-for-SHub-Stealer-activity.txt | osx_atomic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/90db7c4f84db1eb0062e76a51202a19b8810e46b | sinkhole_crowdstrike | |
urlhttps://x.com/DFIR_Radar/status/2059349762944471511 | sinkhole_crowdstrike | |
urlhttps://www.crowdstrike.com/en-us/blog/inside-crowdstrike-takedown-of-a-developer-targeting-botnet | sinkhole_crowdstrike | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/1131851154c2f459ba434732b2403de2b5fd7e4e | apt_kimsuky | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/6780ad2296c42932f019dd8aaed5c2d2514bbc15 | fakeapp | |
urlhttps://x.com/Malwarehunterr/status/2059679951234965551 | fakeapp |
Domain
| Value | Description | Copy |
|---|---|---|
domainpinglepis.net | netsupport | |
domainsockmind.net | netsupport | |
domainshinyhunte.red | 0ktapus | |
domainimajinandfusion.com | fakeapp | |
domainsacp.algoma.it | fakeapp | |
domaincdn-reports.com | magentocore | |
domainrefreshwss.net | magentocore | |
domainbryonsad.net | netsupport | |
domainfeersona.net | netsupport | |
domainsecurity-check-guest.com | — | |
domainstealer.in | bad_service | |
domaingeyefan.icu | cyberstrikeai | |
domainsocket-protect.org | magentocore | |
domaincleane.pw | android_joker | |
domainstoreappsupdatesapi.xyz | fakeapp | |
domainapp1.storeappsupdatesapi.xyz | fakeapp | |
domainapp2.storeappsupdateapi.xyz | fakeapp | |
domainguildsmartchainpulse.com | apt_lazarus | |
domainacesseconviteprincipal.com | banload | |
domainacessomundialvip.com | banload | |
domainaltahirexpressmrx.com | banload | |
domainaltprojetosobras.com | banload | |
domainassesoriabonline.com | banload | |
domainassessoriaonlinebr.com | banload | |
domainbazanbusinessco.com | banload | |
domainbb-altus.com | banload | |
domainbenefonline.com | banload | |
domainbremengruposauds.com | banload | |
domainccorodoviazfreeflow.com | banload | |
domainccroviazfreeflow.com | banload | |
domaincerenquiliamx.com | banload | |
domainclklegaldesign.com | banload | |
domaincnvitedigitalbrdl.com | banload | |
domaincnviteprinconline.com | banload | |
domainconviteglobalonline.com | banload | |
domaincorptepremiumrx.com | banload | |
domaincrvamericanmrx.com | banload | |
domaincvtamerimraxkr.com | banload | |
domaincvteprincipalonline.com | banload | |
domaincvtmrpremiumx.com | banload | |
domaincvtmxrpremiumx.com | banload | |
domaincvtprinconline.com | banload | |
domaindeguiemoves.com | banload | |
domainlimpremiumbrd.com | banload | |
domainmeuappedigital.com | banload | |
domainmeufreeflowrccrodoviaz.com | banload | |
domainmeufreeflowroccrdoviaz.com | banload | |
domainnetempresaspremium.com | banload | |
domainportalchavmrbdr.com | banload | |
domainpremiumconvitebrd.com | banload | |
domainprinciponlinebelmx.com | banload | |
domainqualifisionemp.com | banload | |
domainsalomonelawfirm.com | banload | |
domainsantofoodco.com | banload | |
domainsejbrdapremium.com | banload | |
domainsejconviteglobal.com | banload | |
domainsejpremiebrid.com | banload | |
domainsejprincipalbr.com | banload | |
domainsejprincipalbrd.com | banload | |
domainservicochavesmrx1.com | banload | |
domainsigconstrugroup.com | banload | |
domainsync-simpliconline.com | banload | |
domainuromagiservicos.com | banload | |
domainstarmail.mom | banload | |
domainioperador.ddns.net | banload | |
domainremote.starmail.mom | banload | |
domainpainel.starmail.mom | banload | |
domainaglobaconvite.com | banload | |
domainddins.click | banload | |
domainremoto.ddins.click | banload | |
domainpainel.ddins.click | banload | |
domainfilecrystalnest.com | osx_atomic | |
domainfilefrozenpixel.com | osx_atomic | |
domainfilegoldenrocket.com | osx_atomic | |
domainfileluckyfalcon.com | osx_atomic | |
domainmacstorage.replit.app | osx_atomic | |
domainweb-zorm.com | fakeapp | |
domainamerilifegh.com | fakeapp | |
domaina1si.icu | apt_unc1151 | |
domainalertapp.icu | apt_unc1151 | |
domaincgdirector.icu | apt_unc1151 | |
domainxsjdsb.icu | apt_unc1151 | |
domainalerteddatalistsclients.alertapp.icu | apt_unc1151 | |
domaina3ufz.xsjdsb.icu | apt_unc1151 | |
domainadvancedaisolutionsforeveryone.a1si.icu | apt_unc1151 | |
domainproductionsamplesoftheyear.cgdirector.icu | apt_unc1151 | |
domainbitlrewards-app.com | android_overlayphantom | |
domainlermontfile.online | generic_stealer | |
domainsharedrivedocuments.com | python_injector | |
domainaeons-echo.org | lummac2 | |
domaincanvahow.com | lummac2 | |
domaincpppemwjewjoiwejow.sale | lummac2 | |
domainhugo-lapp.co | lummac2 | |
domainvn.cpppemwjewjoiwejow.sale | lummac2 | |
domainvn.hugo-lapp.co | lummac2 | |
domainzebregts.com | lummac2 | |
domainhippamsas.com | lummac2 | |
domainiqezmqm.com | javarat | |
domainns1.iqezmqm.com | javarat | |
domainns2.iqezmqm.com | javarat | |
domaincontextlayerrun.com | bootkeyslotrat | |
domaindiscovercoded.com | bootkeyslotrat | |
domainnamefilecode.com | bootkeyslotrat | |
domainperfectgo.top | bootkeyslotrat | |
domainsafelyhome.top | bootkeyslotrat | |
domainspecialclouds.com | bootkeyslotrat | |
domainspecialclouds.top | bootkeyslotrat | |
domainvaluecode.top | bootkeyslotrat | |
domainwindowsoftmessages.com | bootkeyslotrat | |
domainwindowsweatherkb.top | bootkeyslotrat | |
domainfunction.windowsoftmessages.com | bootkeyslotrat | |
domainakamaicloud.com | apt_lazarus | |
domaindevicelinkintel.com | apt_lazarus | |
domainintelcloudinsights.com | apt_lazarus | |
domainmsdeliverycontent.com | apt_lazarus | |
domainappsnabia.org | apt_lazarus | |
domainbtfns.co | apt_lazarus | |
domainmail.aes-secure.net | apt_lazarus | |
domainmail.newson-6.com | apt_lazarus | |
domainnewson-6.com | apt_lazarus | |
domaintrack.trandytics.com | apt_lazarus | |
domaintrandytics.com | apt_lazarus | |
domaincalidum-oprema.com | powershell_injector | |
domainhilo-cdn.app | magentocore | |
domaingadarpanal.net | android_bankbot | |
domainlunavots.com | android_bankbot | |
domainnexusp1.com | android_bankbot | |
domainngetprim.com | android_bankbot | |
domainngetsoftware.in | android_bankbot | |
domainnproreturnxyz.com | android_bankbot | |
domainpaglaworlddd.com | android_bankbot | |
domainproplus.co.in | android_bankbot | |
domainsikkav2.com | android_bankbot | |
domainsingiskinglive.com | android_bankbot | |
domaints-bazar.com | android_bankbot | |
domainanyclaw.store | hacked_npmrepos | |
domainsentry.anyclaw.store | hacked_npmrepos | |
domainallbestselling.com | apt_unc2465 | |
domainbargainlenders.com | apt_unc2465 | |
domaincipherquantix.com | apt_unc2465 | |
domainfishingguidesmiami.com | apt_unc2465 | |
domainfluxontra.com | apt_unc2465 | |
domaingetetenos.com | apt_unc2465 | |
domainlufkintowing.com | apt_unc2465 | |
domainplay-best-games.website | apt_unc2465 | |
domainplumbingservicestucson.com | apt_unc2465 | |
domainshopayse.app | apt_unc2465 | |
domainqw4c12qqqqoepwq.com | osx_atomic | |
domainclaudecontrol.github.io | osx_atomic | |
domaintxau1.top | apt_kimsuky | |
domainge-kr.txau1.top | apt_kimsuky | |
domainbopm.digital | fakeapp | |
domaineventslogon.live | fakeapp | |
domaingech.life | fakeapp | |
domainliveeconnect.com.es | fakeapp | |
domainliveeconnect.im | fakeapp | |
domainnaturallerevestimentos.com | fakeapp | |
domainschedulesession.online | fakeapp | |
domainscsi.life | fakeapp | |
domainseupedido.app | fakeapp |
Ip
| Value | Description | Copy |
|---|---|---|
ip209.99.186.243 | netsupport | |
ip209.99.186.75 | netsupport | |
ip5.188.87.210 | sectoprat | |
ip103.146.202.144 | cyberstrikeai | |
ip154.219.121.168 | cyberstrikeai | |
ip72.60.77.221 | apt_lazarus | |
ip45.178.181.218 | banload | |
ip85.239.144.177 | generic | |
ip143.14.179.112 | darkgate | |
ip204.10.194.247 | hacked_npmrepos | |
ip199.217.99.122 | android_overlayphantom | |
ip102.220.160.85 | generic_stealer | |
ip77.83.39.211 | purelogs | |
ip185.102.115.17 | lummac2 | |
ip5.252.177.201 | netsupport | |
ip65.109.104.71 | netsupport | |
ip34.151.244.225 | javarat | |
ip23.254.129.112 | bootkeyslotrat | |
ip47.236.249.101 | bootkeyslotrat | |
ip47.81.37.109 | bootkeyslotrat | |
ip8.211.130.16 | bootkeyslotrat | |
ip8.213.217.130 | bootkeyslotrat | |
ip172.86.72.239 | nexus_c2 | |
ip45.61.134.158 | nexus_c2 | |
ip178.16.53.219 | magentocore | |
ip38.87.117.12 | magentocore | |
ip45.158.127.28 | magentocore | |
ip164.92.88.210 | sinkhole_crowdstrike |
Threat ID: 6a1738f0e29bf47b50dbfa39
Added to database: 5/27/2026, 6:33:20 PM
Last enriched: 5/27/2026, 6:49:10 PM
Last updated: 5/27/2026, 10:01:30 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Breach by OffSeqOFFSEQFRIENDS — 25% OFF
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
OffSeq TrainingCredly Certified
Lead Pen Test Professional
Technical5-day eLearningPECB Accredited