Reconnecting to live updates…

Maltrail IOC for 2026-05-30

Severity: mediumType: malware

AI Analysis

Technical Summary

The report details a malware IOC published by CIRCL OSINT Feed for May 30, 2026. It is an external analysis based on manual OSINT collection, focusing on network activity. There are no affected software versions or known exploits linked to this IOC. The report serves as an observational data point rather than a vulnerability or exploit with a direct remediation path.

Potential Impact

The impact is limited to the presence of malware-related network activity indicators. There is no direct information about exploitation, affected software, or systems. The medium severity rating suggests a moderate risk level, but without further technical details or known exploits, the precise impact cannot be determined.

Mitigation Recommendations

No patch or direct remediation is available or applicable for this IOC. Security teams should consider integrating this IOC into their detection and monitoring systems as part of broader threat intelligence efforts. No urgent action is indicated based on the provided data.

Indicators of Compromise

url: https://api.github.com/repos/stamparm/maltrail/commits/c43514eefbc716fbe3df188aea293983c11a1aca
url: https://x.com/skocherhan/status/2060432300375150977
domain: access.edoc.korea-app.dns.army
domain: coupang.dns.navy
domain: cp10523.epost-kr.dns.army
domain: dmf.ips-cert.dns.army
domain: edoc.korea-app.dns.army
domain: ips-nifty.dns.army
domain: jfzb.coupang.dns.navy
domain: korea-app.dns.army
domain: kr-edoc.xubi.org
domain: nid.kr-edoc.xubi.org
domain: view.ips-nifty.dns.army
domain: xpo.coupang.dns.navy
url: https://api.github.com/repos/stamparm/maltrail/commits/25aeb6cb02c74edfd7a115d8dbc4ac9432fe3f56
url: https://x.com/smica83/status/2060341816415649951
url: https://www.virustotal.com/gui/file/1df1a23a24dff84ba55dadcfa90cc3df7f7ace6dde69987d125c07474c8a1388/detection
domain: bubblekip.info
domain: docstorage-hub.info
domain: imagest-r.info
domain: ninewerty.info
domain: photovault-safe.info
domain: screenshot-jpg290526.info
domain: superlork.info
url: https://api.github.com/repos/stamparm/maltrail/commits/f999f220a3621c54b60fde28eda54e567b09d7c7
url: https://x.com/patialavii/status/2060416552948887895
domain: workspaceviewer.com
domain: pub-ab1bb580d3434929a2d068c06669ddb2.r2.dev
url: https://api.github.com/repos/stamparm/maltrail/commits/5a0ad2cbd9c39f5df9d6f338527211b5315d9178
domain: urshort.com
domain: ushort.org
url: https://api.github.com/repos/stamparm/maltrail/commits/fff6b5f2267badcd27204de4990879f5af7d44a8
url: https://x.com/riper81/status/2060164428876951828
domain: u-short.net
domain: urshort.live
domain: ushort.com
domain: ushort.company
domain: ushort.dev
domain: ushort.info
domain: ushort.observer
domain: ushort.today
url: https://api.github.com/repos/stamparm/maltrail/commits/ee0c87073466124435c98907f5e7dfa47d44ce25
domain: safe-photohub.info
url: https://api.github.com/repos/stamparm/maltrail/commits/b5344b183b54a8d541c3e118e34d4ebf3e6a7681
domain: certific-activation.info
domain: nikkimstudiosllc.info
domain: videoinnovationsdaily.com
domain: ftp.videoinnovationsdaily.com
domain: mail.videoinnovationsdaily.com
url: https://api.github.com/repos/stamparm/maltrail/commits/92ab2c7f2c008371e2816a015aabb849153aeb1a
url: https://x.com/suyog41/status/2060337183874302019
url: https://www.virustotal.com/gui/file/4e6add88feff408b96f01d15917540dbb3ee3819c37020c4e03708410026192e/detection
domain: greezupdto.info
url: https://api.github.com/repos/stamparm/maltrail/commits/edea7cb83d636906ec80417738afbea88c021da7
domain: cambioefectivo.com
domain: dakindsoups.com
domain: produkmesin.com
domain: webiqonline.com
url: https://api.github.com/repos/stamparm/maltrail/commits/b5512e61b536691bd4552e9aed1ffb5b124facc3
ip: 82.39.109.211
ip: 82.39.109.218
url: https://api.github.com/repos/stamparm/maltrail/commits/7da21fa962bc5261b00632ba653f7f56bcfca2a1
url: https://x.com/masaomi346/status/2060214313252720731
domain: azmekl.com
domain: eubka.com
domain: ikebro.org
domain: lrdiuk.com
domain: balbxl.eubka.com
domain: download.ikebro.org
url: https://api.github.com/repos/stamparm/maltrail/commits/f3e9e256480253f9ae3125383f3db30a44846d48
url: https://www.virustotal.com/gui/ip-address/43.167.9.65/relations
domain: cpabruwxgagyzm.top
domain: gwulittlxr.top
domain: leqpylccczpnd.top
domain: ogpjgxobzlya.top
domain: ptksldvvizjsuk.top
domain: rfotdqmwkv.top
domain: tabqzjavjuo.top
domain: zgqkdper.top
url: https://api.github.com/repos/stamparm/maltrail/commits/a26a72cc7961476ed6c3cbc66ae3d9843f046e91
url: https://x.com/masaomi346/status/2060204402192052732
url: https://www.virustotal.com/gui/file/a2dfc9a0c1e5135fe5afa3594d5eb8c89a6018f74a72f0a3b9052f781c783291/detection
url: https://x.com/masaomi346/status/2060260420829749579
domain: thenrpod.com
domain: bmqobgextpnfj.top
url: https://api.github.com/repos/stamparm/maltrail/commits/f472080c9d038e2a247a36a847bfe4f944fa0538
url: https://x.com/smica83/status/2060340513580986577
url: https://www.virustotal.com/gui/file/b3942ad05357c5cb8617f2c66dea219abfd3367ee2139f9d8dc6d40aaef914c2/detection
url: https://www.virustotal.com/gui/file/cf356be76e96233224e73e9d4d5fa8fa7ae178d8f56e5fd6c98d551ea2b06d86/detection
domain: simpletskmn.com
url: https://api.github.com/repos/stamparm/maltrail/commits/c19e525c18ccdf3d852da295d51508a06f747503
domain: hatop.ru
domain: nationsbeta.online
domain: nationsbeta.ru
domain: donate.nationsbeta.online
domain: map.nationsbeta.online
url: https://api.github.com/repos/stamparm/maltrail/commits/1ba71ab4f7ee1850b600600b7167e08f77b97a53
url: https://api.github.com/repos/stamparm/maltrail/commits/025e08b109abbc874c539ddb24b5a531581bc100
url: https://x.com/smica83/status/2060346327075082360
url: https://tria.ge/260529-p94eqsb17w/behavioral1
ip: 2.27.59.167
domain: hexfiles.top
url: https://api.github.com/repos/stamparm/maltrail/commits/1b6daf1604e294638809339f1252ae13d26cc802
domain: issueall.com
url: https://api.github.com/repos/stamparm/maltrail/commits/43a7229ae68185b0c78dcef0ebd2dde7c51fbc53
domain: checker-pumps.fun
domain: liiincidin.com
domain: liikydin.com
domain: liinkydeen.com
domain: lincidin.com
domain: linkideen.com
domain: linkiydiin.com
domain: liyckidin.com
url: https://api.github.com/repos/stamparm/maltrail/commits/a9500fb0dff1cfe6a781bcca4c21d8cdc149f103
url: https://www.virustotal.com/gui/file/d6ad8571c92c9d095df41cb830943d5bf3eb0d88c37ce27fa54a16816249467d/detection
ip: 108.62.161.53
url: https://api.github.com/repos/stamparm/maltrail/commits/59847f16a542e886a582ad52a0bd67fe63ed1eec
domain: cachwe.help
url: https://api.github.com/repos/stamparm/maltrail/commits/ab265a76c6e1a1b5f350ae956b123ea75a8c190a
url: https://www.virustotal.com/gui/file/11c3c7fd8b9fbb954a5a21af80f38414795930d63e8c6f5ea67bc92162359c52/detection
ip: 161.248.14.93
url: https://api.github.com/repos/stamparm/maltrail/commits/ff20aee7adbb557e9ef81240beab02f4ab2e9b54
domain: auroraagencies.com
domain: fenceidaho.com
domain: indianatowingservice.com
domain: jpmdswap.com
domain: michigansecurityguard.com
domain: moltsavvy.com
domain: moverssocal.com
domain: sandboxfinancialpartners.com
domain: travelfountain.com
url: https://api.github.com/repos/stamparm/maltrail/commits/053822aa22ef6b81bb083e2f1573dd0efb2016e3
domain: cdn.bnantr.icu
domain: cdn.zeggah.icu
domain: dfeagr.icu
domain: ifavbett.icu
domain: iuhnme.icu
domain: oippake.icu
domain: ooklale.icu
domain: tyabner.icu
domain: uiabne.icu
domain: yttban.icu
domain: zeggah.icu
domain: zzanme.icu
url: https://api.github.com/repos/stamparm/maltrail/commits/3faef4f3265d754b32c5aa34c6fc7fdab7297662
domain: 1hvl4j.2towig8bijd.v6.navy
domain: 2923bx1jf4r.dns.navy
domain: 2towig8bijd.v6.navy
domain: 3pc3b9ph4f7.dns.navy
domain: 4brti.g3odkh1zx2q.dns.army
domain: 4btb8lukrf.dns.navy
domain: 5v9h4rkbop.dns.navy
domain: 6c874.kvp207shd6.dns.navy
domain: 772g.vsjlpbrey1d.v6.navy
domain: 8lxzbzbtoh.dns.navy
domain: 8tvklxdp9e.v6.navy
domain: 9hear9ofp5.dns.army
domain: asdf.4brti.g3odkh1zx2q.dns.army
domain: asdf.cyf550.g3odkh1zx2q.dns.army
domain: billing-address.abrdns.com
domain: cloudvps.ddnsguru.com
domain: cyf550.g3odkh1zx2q.dns.army
domain: doc-load.ln2jl.xp2xbk8ukme.dns.army
domain: docnid.vuczu.xp2xbk8ukme.dns.army
domain: eb0bw7j0sr.v6.army
domain: fklihnz6pb.v6.navy
domain: g3odkh1zx2q.dns.army
domain: g4gr.eb0bw7j0sr.v6.army
domain: gm2gx.8lxzbzbtoh.dns.navy
domain: hh4323bc6mc.dns.navy
domain: hhois.o-r.kr
domain: hostnid.ezgateway.net
domain: hu4e60f2ok.v6.navy
domain: ips-auth-nid.redirect.ydns.eu
domain: isdp.ooguy.com
domain: iyyfk3jnqbw.v6.navy
domain: juqc7swtyb.v6.army
domain: kvp207shd6.dns.navy
domain: li3pg2l17b.v6.army
domain: ln2jl.xp2xbk8ukme.dns.army
domain: mois-auth-nid.gm2gx.8lxzbzbtoh.dns.navy
domain: moisguide.g4gr.eb0bw7j0sr.v6.army
domain: n-aver-log.camdvr.org
domain: naver-login.petfoodkorea.kr
domain: nclouddocs.bumbleshrimp.com
domain: ndoc.1hvl4j.2towig8bijd.v6.navy
domain: ndoc.hhois.o-r.kr
domain: ndoc.hostnid.ezgateway.net
domain: ndocload.cloudvps.ddnsguru.com
domain: nhncontents.cafe
domain: nid.niddirect.dns.army
domain: nid.nusser.ezgateway.net
domain: niddirect.dns.army
domain: nidsign.772g.vsjlpbrey1d.v6.navy
domain: ninvoice.nclouddocs.bumbleshrimp.com
domain: ninvoice.nmlist.p-e.kr
domain: ninvoice.nmosinvoice.dns.army
domain: nisoft.yyuyy.com
domain: nmlist.p-e.kr
domain: nmosinvoice.dns.army
domain: npo-doc.workspace.cloud-ip.cc
domain: nrg644np82.v6.army
domain: ntverify.nisoft.yyuyy.com
domain: nusser.ezgateway.net
domain: ofwajrd6pr.v6.navy
domain: redirect.ydns.eu
domain: rfjx07u0x3.dns.navy
domain: s8arkan4ja.dns.army
domain: service-nid.6c874.kvp207shd6.dns.navy
domain: tinvoice.opik.net
domain: ug72r637rqr.dns.navy
domain: uui90svmzk.dns.navy
domain: v32l8g4nbc3.dns.navy
domain: verify-nid.suredoc.net
domain: vsjlpbrey1d.v6.navy
domain: vuczu.xp2xbk8ukme.dns.army
domain: vyvipbnt5p0.dns.army
domain: whois.dynuddns.com
domain: workspace.cloud-ip.cc
domain: wv05i1q670.dns.navy
domain: x5ffq2z8h8.dns.navy
domain: xi99w080ra.dynv6.net
domain: xp2xbk8ukme.dns.army
domain: y8fb9ktbd7f.dns.navy
domain: zsg8de2qpw0.dns.navy
url: https://api.github.com/repos/stamparm/maltrail/commits/51c267c9cf2314b7f2d27d9acd4b9d628886bd07
domain: goawq.com
domain: hydrantmachine.space

Maltrail IOC for 2026-05-30

Severity: medium

Type: malware

Maltrail IOC for 2026-05-30

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

url: https://api.github.com/repos/stamparm/maltrail/commits/c43514eefbc716fbe3df188aea293983c11a1aca
url: https://x.com/skocherhan/status/2060432300375150977
domain: access.edoc.korea-app.dns.army
domain: coupang.dns.navy
domain: cp10523.epost-kr.dns.army
domain: dmf.ips-cert.dns.army
domain: edoc.korea-app.dns.army
domain: ips-nifty.dns.army
domain: jfzb.coupang.dns.navy
domain: korea-app.dns.army
domain: kr-edoc.xubi.org
domain: nid.kr-edoc.xubi.org
domain: view.ips-nifty.dns.army
domain: xpo.coupang.dns.navy
url: https://api.github.com/repos/stamparm/maltrail/commits/25aeb6cb02c74edfd7a115d8dbc4ac9432fe3f56
url: https://x.com/smica83/status/2060341816415649951
url: https://www.virustotal.com/gui/file/1df1a23a24dff84ba55dadcfa90cc3df7f7ace6dde69987d125c07474c8a1388/detection
domain: bubblekip.info
domain: docstorage-hub.info
domain: imagest-r.info
domain: ninewerty.info
domain: photovault-safe.info
domain: screenshot-jpg290526.info
domain: superlork.info
url: https://api.github.com/repos/stamparm/maltrail/commits/f999f220a3621c54b60fde28eda54e567b09d7c7
url: https://x.com/patialavii/status/2060416552948887895
domain: workspaceviewer.com
domain: pub-ab1bb580d3434929a2d068c06669ddb2.r2.dev
url: https://api.github.com/repos/stamparm/maltrail/commits/5a0ad2cbd9c39f5df9d6f338527211b5315d9178
domain: urshort.com
domain: ushort.org
url: https://api.github.com/repos/stamparm/maltrail/commits/fff6b5f2267badcd27204de4990879f5af7d44a8
url: https://x.com/riper81/status/2060164428876951828
domain: u-short.net
domain: urshort.live
domain: ushort.com
domain: ushort.company
domain: ushort.dev
domain: ushort.info
domain: ushort.observer
domain: ushort.today
url: https://api.github.com/repos/stamparm/maltrail/commits/ee0c87073466124435c98907f5e7dfa47d44ce25
domain: safe-photohub.info
url: https://api.github.com/repos/stamparm/maltrail/commits/b5344b183b54a8d541c3e118e34d4ebf3e6a7681
domain: certific-activation.info
domain: nikkimstudiosllc.info
domain: videoinnovationsdaily.com
domain: ftp.videoinnovationsdaily.com
domain: mail.videoinnovationsdaily.com
url: https://api.github.com/repos/stamparm/maltrail/commits/92ab2c7f2c008371e2816a015aabb849153aeb1a
url: https://x.com/suyog41/status/2060337183874302019
url: https://www.virustotal.com/gui/file/4e6add88feff408b96f01d15917540dbb3ee3819c37020c4e03708410026192e/detection
domain: greezupdto.info
url: https://api.github.com/repos/stamparm/maltrail/commits/edea7cb83d636906ec80417738afbea88c021da7
domain: cambioefectivo.com
domain: dakindsoups.com
domain: produkmesin.com
domain: webiqonline.com
url: https://api.github.com/repos/stamparm/maltrail/commits/b5512e61b536691bd4552e9aed1ffb5b124facc3
ip: 82.39.109.211
ip: 82.39.109.218
url: https://api.github.com/repos/stamparm/maltrail/commits/7da21fa962bc5261b00632ba653f7f56bcfca2a1
url: https://x.com/masaomi346/status/2060214313252720731
domain: azmekl.com
domain: eubka.com
domain: ikebro.org
domain: lrdiuk.com
domain: balbxl.eubka.com
domain: download.ikebro.org
url: https://api.github.com/repos/stamparm/maltrail/commits/f3e9e256480253f9ae3125383f3db30a44846d48
url: https://www.virustotal.com/gui/ip-address/43.167.9.65/relations
domain: cpabruwxgagyzm.top
domain: gwulittlxr.top
domain: leqpylccczpnd.top
domain: ogpjgxobzlya.top
domain: ptksldvvizjsuk.top
domain: rfotdqmwkv.top
domain: tabqzjavjuo.top
domain: zgqkdper.top
url: https://api.github.com/repos/stamparm/maltrail/commits/a26a72cc7961476ed6c3cbc66ae3d9843f046e91
url: https://x.com/masaomi346/status/2060204402192052732
url: https://www.virustotal.com/gui/file/a2dfc9a0c1e5135fe5afa3594d5eb8c89a6018f74a72f0a3b9052f781c783291/detection
url: https://x.com/masaomi346/status/2060260420829749579
domain: thenrpod.com
domain: bmqobgextpnfj.top
url: https://api.github.com/repos/stamparm/maltrail/commits/f472080c9d038e2a247a36a847bfe4f944fa0538
url: https://x.com/smica83/status/2060340513580986577
url: https://www.virustotal.com/gui/file/b3942ad05357c5cb8617f2c66dea219abfd3367ee2139f9d8dc6d40aaef914c2/detection
url: https://www.virustotal.com/gui/file/cf356be76e96233224e73e9d4d5fa8fa7ae178d8f56e5fd6c98d551ea2b06d86/detection
domain: simpletskmn.com
url: https://api.github.com/repos/stamparm/maltrail/commits/c19e525c18ccdf3d852da295d51508a06f747503
domain: hatop.ru
domain: nationsbeta.online
domain: nationsbeta.ru
domain: donate.nationsbeta.online
domain: map.nationsbeta.online
url: https://api.github.com/repos/stamparm/maltrail/commits/1ba71ab4f7ee1850b600600b7167e08f77b97a53
url: https://api.github.com/repos/stamparm/maltrail/commits/025e08b109abbc874c539ddb24b5a531581bc100
url: https://x.com/smica83/status/2060346327075082360
url: https://tria.ge/260529-p94eqsb17w/behavioral1
ip: 2.27.59.167
domain: hexfiles.top
url: https://api.github.com/repos/stamparm/maltrail/commits/1b6daf1604e294638809339f1252ae13d26cc802
domain: issueall.com
url: https://api.github.com/repos/stamparm/maltrail/commits/43a7229ae68185b0c78dcef0ebd2dde7c51fbc53
domain: checker-pumps.fun
domain: liiincidin.com
domain: liikydin.com
domain: liinkydeen.com
domain: lincidin.com
domain: linkideen.com
domain: linkiydiin.com
domain: liyckidin.com
url: https://api.github.com/repos/stamparm/maltrail/commits/a9500fb0dff1cfe6a781bcca4c21d8cdc149f103
url: https://www.virustotal.com/gui/file/d6ad8571c92c9d095df41cb830943d5bf3eb0d88c37ce27fa54a16816249467d/detection
ip: 108.62.161.53
url: https://api.github.com/repos/stamparm/maltrail/commits/59847f16a542e886a582ad52a0bd67fe63ed1eec
domain: cachwe.help
url: https://api.github.com/repos/stamparm/maltrail/commits/ab265a76c6e1a1b5f350ae956b123ea75a8c190a
url: https://www.virustotal.com/gui/file/11c3c7fd8b9fbb954a5a21af80f38414795930d63e8c6f5ea67bc92162359c52/detection
ip: 161.248.14.93
url: https://api.github.com/repos/stamparm/maltrail/commits/ff20aee7adbb557e9ef81240beab02f4ab2e9b54
domain: auroraagencies.com
domain: fenceidaho.com
domain: indianatowingservice.com
domain: jpmdswap.com
domain: michigansecurityguard.com
domain: moltsavvy.com
domain: moverssocal.com
domain: sandboxfinancialpartners.com
domain: travelfountain.com
url: https://api.github.com/repos/stamparm/maltrail/commits/053822aa22ef6b81bb083e2f1573dd0efb2016e3
domain: cdn.bnantr.icu
domain: cdn.zeggah.icu
domain: dfeagr.icu
domain: ifavbett.icu
domain: iuhnme.icu
domain: oippake.icu
domain: ooklale.icu
domain: tyabner.icu
domain: uiabne.icu
domain: yttban.icu
domain: zeggah.icu
domain: zzanme.icu
url: https://api.github.com/repos/stamparm/maltrail/commits/3faef4f3265d754b32c5aa34c6fc7fdab7297662
domain: 1hvl4j.2towig8bijd.v6.navy
domain: 2923bx1jf4r.dns.navy
domain: 2towig8bijd.v6.navy
domain: 3pc3b9ph4f7.dns.navy
domain: 4brti.g3odkh1zx2q.dns.army
domain: 4btb8lukrf.dns.navy
domain: 5v9h4rkbop.dns.navy
domain: 6c874.kvp207shd6.dns.navy
domain: 772g.vsjlpbrey1d.v6.navy
domain: 8lxzbzbtoh.dns.navy
domain: 8tvklxdp9e.v6.navy
domain: 9hear9ofp5.dns.army
domain: asdf.4brti.g3odkh1zx2q.dns.army
domain: asdf.cyf550.g3odkh1zx2q.dns.army
domain: billing-address.abrdns.com
domain: cloudvps.ddnsguru.com
domain: cyf550.g3odkh1zx2q.dns.army
domain: doc-load.ln2jl.xp2xbk8ukme.dns.army
domain: docnid.vuczu.xp2xbk8ukme.dns.army
domain: eb0bw7j0sr.v6.army
domain: fklihnz6pb.v6.navy
domain: g3odkh1zx2q.dns.army
domain: g4gr.eb0bw7j0sr.v6.army
domain: gm2gx.8lxzbzbtoh.dns.navy
domain: hh4323bc6mc.dns.navy
domain: hhois.o-r.kr
domain: hostnid.ezgateway.net
domain: hu4e60f2ok.v6.navy
domain: ips-auth-nid.redirect.ydns.eu
domain: isdp.ooguy.com
domain: iyyfk3jnqbw.v6.navy
domain: juqc7swtyb.v6.army
domain: kvp207shd6.dns.navy
domain: li3pg2l17b.v6.army
domain: ln2jl.xp2xbk8ukme.dns.army
domain: mois-auth-nid.gm2gx.8lxzbzbtoh.dns.navy
domain: moisguide.g4gr.eb0bw7j0sr.v6.army
domain: n-aver-log.camdvr.org
domain: naver-login.petfoodkorea.kr
domain: nclouddocs.bumbleshrimp.com
domain: ndoc.1hvl4j.2towig8bijd.v6.navy
domain: ndoc.hhois.o-r.kr
domain: ndoc.hostnid.ezgateway.net
domain: ndocload.cloudvps.ddnsguru.com
domain: nhncontents.cafe
domain: nid.niddirect.dns.army
domain: nid.nusser.ezgateway.net
domain: niddirect.dns.army
domain: nidsign.772g.vsjlpbrey1d.v6.navy
domain: ninvoice.nclouddocs.bumbleshrimp.com
domain: ninvoice.nmlist.p-e.kr
domain: ninvoice.nmosinvoice.dns.army
domain: nisoft.yyuyy.com
domain: nmlist.p-e.kr
domain: nmosinvoice.dns.army
domain: npo-doc.workspace.cloud-ip.cc
domain: nrg644np82.v6.army
domain: ntverify.nisoft.yyuyy.com
domain: nusser.ezgateway.net
domain: ofwajrd6pr.v6.navy
domain: redirect.ydns.eu
domain: rfjx07u0x3.dns.navy
domain: s8arkan4ja.dns.army
domain: service-nid.6c874.kvp207shd6.dns.navy
domain: tinvoice.opik.net
domain: ug72r637rqr.dns.navy
domain: uui90svmzk.dns.navy
domain: v32l8g4nbc3.dns.navy
domain: verify-nid.suredoc.net
domain: vsjlpbrey1d.v6.navy
domain: vuczu.xp2xbk8ukme.dns.army
domain: vyvipbnt5p0.dns.army
domain: whois.dynuddns.com
domain: workspace.cloud-ip.cc
domain: wv05i1q670.dns.navy
domain: x5ffq2z8h8.dns.navy
domain: xi99w080ra.dynv6.net
domain: xp2xbk8ukme.dns.army
domain: y8fb9ktbd7f.dns.navy
domain: zsg8de2qpw0.dns.navy
url: https://api.github.com/repos/stamparm/maltrail/commits/51c267c9cf2314b7f2d27d9acd4b9d628886bd07
domain: goawq.com
domain: hydrantmachine.space

Source: CIRCL OSINT Feed

Published: Fri May 29 2026

Maltrail IOC for 2026-05-30

Medium

Malwaretlp:clear malware misp:threat-level="medium-risk"misp:event-type="observation"misp:automation-level="unsupervised"type:osint osint:lifetime="perpetual"osint:source-type="manual-collection"

Published: Fri May 29 2026 (05/29/2026, 00:00:00 UTC)

Source: CIRCL OSINT Feed

Description

Maltrail IOC for 2026-05-30

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 05/30/2026, 17:48:27 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Uuid: 73a87b4e-9bc9-48c2-bf1d-bca9bc5827fc
Original Timestamp: 1780160403

Indicators of Compromise

Url

Value	Description	Copy
urlhttps://api.github.com/repos/stamparm/maltrail/commits/c43514eefbc716fbe3df188aea293983c11a1aca	apt_kimsuky
urlhttps://x.com/skocherhan/status/2060432300375150977	apt_kimsuky
urlhttps://api.github.com/repos/stamparm/maltrail/commits/25aeb6cb02c74edfd7a115d8dbc4ac9432fe3f56	powershell_injector
urlhttps://x.com/smica83/status/2060341816415649951	powershell_injector
urlhttps://www.virustotal.com/gui/file/1df1a23a24dff84ba55dadcfa90cc3df7f7ace6dde69987d125c07474c8a1388/detection	powershell_injector
urlhttps://api.github.com/repos/stamparm/maltrail/commits/f999f220a3621c54b60fde28eda54e567b09d7c7	fakeapp
urlhttps://x.com/patialavii/status/2060416552948887895	fakeapp
urlhttps://api.github.com/repos/stamparm/maltrail/commits/5a0ad2cbd9c39f5df9d6f338527211b5315d9178	wp_inject
urlhttps://api.github.com/repos/stamparm/maltrail/commits/fff6b5f2267badcd27204de4990879f5af7d44a8	wp_inject
urlhttps://x.com/riper81/status/2060164428876951828	wp_inject
urlhttps://api.github.com/repos/stamparm/maltrail/commits/ee0c87073466124435c98907f5e7dfa47d44ce25	powershell_injector
urlhttps://api.github.com/repos/stamparm/maltrail/commits/b5344b183b54a8d541c3e118e34d4ebf3e6a7681	apt_donot
urlhttps://api.github.com/repos/stamparm/maltrail/commits/92ab2c7f2c008371e2816a015aabb849153aeb1a	apt_donot
urlhttps://x.com/suyog41/status/2060337183874302019	apt_donot
urlhttps://www.virustotal.com/gui/file/4e6add88feff408b96f01d15917540dbb3ee3819c37020c4e03708410026192e/detection	apt_donot
urlhttps://api.github.com/repos/stamparm/maltrail/commits/edea7cb83d636906ec80417738afbea88c021da7	tsundere
urlhttps://api.github.com/repos/stamparm/maltrail/commits/b5512e61b536691bd4552e9aed1ffb5b124facc3	vacbot
urlhttps://api.github.com/repos/stamparm/maltrail/commits/7da21fa962bc5261b00632ba653f7f56bcfca2a1	android_roamingmantis
urlhttps://x.com/masaomi346/status/2060214313252720731	android_roamingmantis
urlhttps://api.github.com/repos/stamparm/maltrail/commits/f3e9e256480253f9ae3125383f3db30a44846d48	android_roamingmantis
urlhttps://www.virustotal.com/gui/ip-address/43.167.9.65/relations	android_roamingmantis
urlhttps://api.github.com/repos/stamparm/maltrail/commits/a26a72cc7961476ed6c3cbc66ae3d9843f046e91	android_roamingmantis
urlhttps://x.com/masaomi346/status/2060204402192052732	android_roamingmantis
urlhttps://www.virustotal.com/gui/file/a2dfc9a0c1e5135fe5afa3594d5eb8c89a6018f74a72f0a3b9052f781c783291/detection	android_roamingmantis
urlhttps://x.com/masaomi346/status/2060260420829749579	android_roamingmantis
urlhttps://api.github.com/repos/stamparm/maltrail/commits/f472080c9d038e2a247a36a847bfe4f944fa0538	powershell_injector
urlhttps://x.com/smica83/status/2060340513580986577	powershell_injector
urlhttps://www.virustotal.com/gui/file/b3942ad05357c5cb8617f2c66dea219abfd3367ee2139f9d8dc6d40aaef914c2/detection	powershell_injector
urlhttps://www.virustotal.com/gui/file/cf356be76e96233224e73e9d4d5fa8fa7ae178d8f56e5fd6c98d551ea2b06d86/detection	powershell_injector
urlhttps://api.github.com/repos/stamparm/maltrail/commits/c19e525c18ccdf3d852da295d51508a06f747503	purelogs
urlhttps://api.github.com/repos/stamparm/maltrail/commits/1ba71ab4f7ee1850b600600b7167e08f77b97a53	wp_inject
urlhttps://api.github.com/repos/stamparm/maltrail/commits/025e08b109abbc874c539ddb24b5a531581bc100	purelogs
urlhttps://x.com/smica83/status/2060346327075082360	purelogs
urlhttps://tria.ge/260529-p94eqsb17w/behavioral1	purelogs
urlhttps://api.github.com/repos/stamparm/maltrail/commits/1b6daf1604e294638809339f1252ae13d26cc802	tsundere
urlhttps://api.github.com/repos/stamparm/maltrail/commits/43a7229ae68185b0c78dcef0ebd2dde7c51fbc53	osx_nova
urlhttps://api.github.com/repos/stamparm/maltrail/commits/a9500fb0dff1cfe6a781bcca4c21d8cdc149f103	connectwise
urlhttps://www.virustotal.com/gui/file/d6ad8571c92c9d095df41cb830943d5bf3eb0d88c37ce27fa54a16816249467d/detection	connectwise
urlhttps://api.github.com/repos/stamparm/maltrail/commits/59847f16a542e886a582ad52a0bd67fe63ed1eec	android_joker
urlhttps://api.github.com/repos/stamparm/maltrail/commits/ab265a76c6e1a1b5f350ae956b123ea75a8c190a	valleyrat
urlhttps://www.virustotal.com/gui/file/11c3c7fd8b9fbb954a5a21af80f38414795930d63e8c6f5ea67bc92162359c52/detection	valleyrat
urlhttps://api.github.com/repos/stamparm/maltrail/commits/ff20aee7adbb557e9ef81240beab02f4ab2e9b54	apt_unc2465
urlhttps://api.github.com/repos/stamparm/maltrail/commits/053822aa22ef6b81bb083e2f1573dd0efb2016e3	android_fvncbot
urlhttps://api.github.com/repos/stamparm/maltrail/commits/3faef4f3265d754b32c5aa34c6fc7fdab7297662	apt_kimsuky
urlhttps://api.github.com/repos/stamparm/maltrail/commits/51c267c9cf2314b7f2d27d9acd4b9d628886bd07	osx_atomic

Domain

Value	Description	Copy
domainaccess.edoc.korea-app.dns.army	apt_kimsuky
domaincoupang.dns.navy	apt_kimsuky
domaincp10523.epost-kr.dns.army	apt_kimsuky
domaindmf.ips-cert.dns.army	apt_kimsuky
domainedoc.korea-app.dns.army	apt_kimsuky
domainips-nifty.dns.army	apt_kimsuky
domainjfzb.coupang.dns.navy	apt_kimsuky
domainkorea-app.dns.army	apt_kimsuky
domainkr-edoc.xubi.org	apt_kimsuky
domainnid.kr-edoc.xubi.org	apt_kimsuky
domainview.ips-nifty.dns.army	apt_kimsuky
domainxpo.coupang.dns.navy	apt_kimsuky
domainbubblekip.info	powershell_injector
domaindocstorage-hub.info	powershell_injector
domainimagest-r.info	powershell_injector
domainninewerty.info	powershell_injector
domainphotovault-safe.info	powershell_injector
domainscreenshot-jpg290526.info	powershell_injector
domainsuperlork.info	powershell_injector
domainworkspaceviewer.com	fakeapp
domainpub-ab1bb580d3434929a2d068c06669ddb2.r2.dev	fakeapp
domainurshort.com	wp_inject
domainushort.org	wp_inject
domainu-short.net	wp_inject
domainurshort.live	wp_inject
domainushort.com	wp_inject
domainushort.company	wp_inject
domainushort.dev	wp_inject
domainushort.info	wp_inject
domainushort.observer	wp_inject
domainushort.today	wp_inject
domainsafe-photohub.info	powershell_injector
domaincertific-activation.info	apt_donot
domainnikkimstudiosllc.info	apt_donot
domainvideoinnovationsdaily.com	apt_donot
domainftp.videoinnovationsdaily.com	apt_donot
domainmail.videoinnovationsdaily.com	apt_donot
domaingreezupdto.info	apt_donot
domaincambioefectivo.com	tsundere
domaindakindsoups.com	tsundere
domainprodukmesin.com	tsundere
domainwebiqonline.com	tsundere
domainazmekl.com	android_roamingmantis
domaineubka.com	android_roamingmantis
domainikebro.org	android_roamingmantis
domainlrdiuk.com	android_roamingmantis
domainbalbxl.eubka.com	android_roamingmantis
domaindownload.ikebro.org	android_roamingmantis
domaincpabruwxgagyzm.top	android_roamingmantis
domaingwulittlxr.top	android_roamingmantis
domainleqpylccczpnd.top	android_roamingmantis
domainogpjgxobzlya.top	android_roamingmantis
domainptksldvvizjsuk.top	android_roamingmantis
domainrfotdqmwkv.top	android_roamingmantis
domaintabqzjavjuo.top	android_roamingmantis
domainzgqkdper.top	android_roamingmantis
domainthenrpod.com	android_roamingmantis
domainbmqobgextpnfj.top	android_roamingmantis
domainsimpletskmn.com	powershell_injector
domainhatop.ru	purelogs
domainnationsbeta.online	purelogs
domainnationsbeta.ru	purelogs
domaindonate.nationsbeta.online	purelogs
domainmap.nationsbeta.online	purelogs
domainhexfiles.top	purelogs
domainissueall.com	tsundere
domainchecker-pumps.fun	osx_nova
domainliiincidin.com	osx_nova
domainliikydin.com	osx_nova
domainliinkydeen.com	osx_nova
domainlincidin.com	osx_nova
domainlinkideen.com	osx_nova
domainlinkiydiin.com	osx_nova
domainliyckidin.com	osx_nova
domaincachwe.help	android_joker
domainauroraagencies.com	apt_unc2465
domainfenceidaho.com	apt_unc2465
domainindianatowingservice.com	apt_unc2465
domainjpmdswap.com	apt_unc2465
domainmichigansecurityguard.com	apt_unc2465
domainmoltsavvy.com	apt_unc2465
domainmoverssocal.com	apt_unc2465
domainsandboxfinancialpartners.com	apt_unc2465
domaintravelfountain.com	apt_unc2465
domaincdn.bnantr.icu	android_fvncbot
domaincdn.zeggah.icu	android_fvncbot
domaindfeagr.icu	android_fvncbot
domainifavbett.icu	android_fvncbot
domainiuhnme.icu	android_fvncbot
domainoippake.icu	android_fvncbot
domainooklale.icu	android_fvncbot
domaintyabner.icu	android_fvncbot
domainuiabne.icu	android_fvncbot
domainyttban.icu	android_fvncbot
domainzeggah.icu	android_fvncbot
domainzzanme.icu	android_fvncbot
domain1hvl4j.2towig8bijd.v6.navy	apt_kimsuky
domain2923bx1jf4r.dns.navy	apt_kimsuky
domain2towig8bijd.v6.navy	apt_kimsuky
domain3pc3b9ph4f7.dns.navy	apt_kimsuky
domain4brti.g3odkh1zx2q.dns.army	apt_kimsuky
domain4btb8lukrf.dns.navy	apt_kimsuky
domain5v9h4rkbop.dns.navy	apt_kimsuky
domain6c874.kvp207shd6.dns.navy	apt_kimsuky
domain772g.vsjlpbrey1d.v6.navy	apt_kimsuky
domain8lxzbzbtoh.dns.navy	apt_kimsuky
domain8tvklxdp9e.v6.navy	apt_kimsuky
domain9hear9ofp5.dns.army	apt_kimsuky
domainasdf.4brti.g3odkh1zx2q.dns.army	apt_kimsuky
domainasdf.cyf550.g3odkh1zx2q.dns.army	apt_kimsuky
domainbilling-address.abrdns.com	apt_kimsuky
domaincloudvps.ddnsguru.com	apt_kimsuky
domaincyf550.g3odkh1zx2q.dns.army	apt_kimsuky
domaindoc-load.ln2jl.xp2xbk8ukme.dns.army	apt_kimsuky
domaindocnid.vuczu.xp2xbk8ukme.dns.army	apt_kimsuky
domaineb0bw7j0sr.v6.army	apt_kimsuky
domainfklihnz6pb.v6.navy	apt_kimsuky
domaing3odkh1zx2q.dns.army	apt_kimsuky
domaing4gr.eb0bw7j0sr.v6.army	apt_kimsuky
domaingm2gx.8lxzbzbtoh.dns.navy	apt_kimsuky
domainhh4323bc6mc.dns.navy	apt_kimsuky
domainhhois.o-r.kr	apt_kimsuky
domainhostnid.ezgateway.net	apt_kimsuky
domainhu4e60f2ok.v6.navy	apt_kimsuky
domainips-auth-nid.redirect.ydns.eu	apt_kimsuky
domainisdp.ooguy.com	apt_kimsuky
domainiyyfk3jnqbw.v6.navy	apt_kimsuky
domainjuqc7swtyb.v6.army	apt_kimsuky
domainkvp207shd6.dns.navy	apt_kimsuky
domainli3pg2l17b.v6.army	apt_kimsuky
domainln2jl.xp2xbk8ukme.dns.army	apt_kimsuky
domainmois-auth-nid.gm2gx.8lxzbzbtoh.dns.navy	apt_kimsuky
domainmoisguide.g4gr.eb0bw7j0sr.v6.army	apt_kimsuky
domainn-aver-log.camdvr.org	apt_kimsuky
domainnaver-login.petfoodkorea.kr	apt_kimsuky
domainnclouddocs.bumbleshrimp.com	apt_kimsuky
domainndoc.1hvl4j.2towig8bijd.v6.navy	apt_kimsuky
domainndoc.hhois.o-r.kr	apt_kimsuky
domainndoc.hostnid.ezgateway.net	apt_kimsuky
domainndocload.cloudvps.ddnsguru.com	apt_kimsuky
domainnhncontents.cafe	apt_kimsuky
domainnid.niddirect.dns.army	apt_kimsuky
domainnid.nusser.ezgateway.net	apt_kimsuky
domainniddirect.dns.army	apt_kimsuky
domainnidsign.772g.vsjlpbrey1d.v6.navy	apt_kimsuky
domainninvoice.nclouddocs.bumbleshrimp.com	apt_kimsuky
domainninvoice.nmlist.p-e.kr	apt_kimsuky
domainninvoice.nmosinvoice.dns.army	apt_kimsuky
domainnisoft.yyuyy.com	apt_kimsuky
domainnmlist.p-e.kr	apt_kimsuky
domainnmosinvoice.dns.army	apt_kimsuky
domainnpo-doc.workspace.cloud-ip.cc	apt_kimsuky
domainnrg644np82.v6.army	apt_kimsuky
domainntverify.nisoft.yyuyy.com	apt_kimsuky
domainnusser.ezgateway.net	apt_kimsuky
domainofwajrd6pr.v6.navy	apt_kimsuky
domainredirect.ydns.eu	apt_kimsuky
domainrfjx07u0x3.dns.navy	apt_kimsuky
domains8arkan4ja.dns.army	apt_kimsuky
domainservice-nid.6c874.kvp207shd6.dns.navy	apt_kimsuky
domaintinvoice.opik.net	apt_kimsuky
domainug72r637rqr.dns.navy	apt_kimsuky
domainuui90svmzk.dns.navy	apt_kimsuky
domainv32l8g4nbc3.dns.navy	apt_kimsuky
domainverify-nid.suredoc.net	apt_kimsuky
domainvsjlpbrey1d.v6.navy	apt_kimsuky
domainvuczu.xp2xbk8ukme.dns.army	apt_kimsuky
domainvyvipbnt5p0.dns.army	apt_kimsuky
domainwhois.dynuddns.com	apt_kimsuky
domainworkspace.cloud-ip.cc	apt_kimsuky
domainwv05i1q670.dns.navy	apt_kimsuky
domainx5ffq2z8h8.dns.navy	apt_kimsuky
domainxi99w080ra.dynv6.net	apt_kimsuky
domainxp2xbk8ukme.dns.army	apt_kimsuky
domainy8fb9ktbd7f.dns.navy	apt_kimsuky
domainzsg8de2qpw0.dns.navy	apt_kimsuky
domaingoawq.com	osx_atomic
domainhydrantmachine.space	osx_atomic

Ip

Value	Description	Copy
ip82.39.109.211	vacbot
ip82.39.109.218	vacbot
ip2.27.59.167	purelogs
ip108.62.161.53	connectwise
ip161.248.14.93	valleyrat

Threat ID: 6a1b1f63e29bf47b504dd9fa

Added to database: 5/30/2026, 5:33:23 PM

Last enriched: 5/30/2026, 5:48:27 PM

Last updated: 5/31/2026, 4:18:08 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited

View courses

Maltrail IOC for 2026-05-30

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

Maltrail IOC for 2026-05-30

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Url

Domain

Ip

Community Reviews

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility

Maltrail IOC for 2026-05-30

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

Maltrail IOC for 2026-05-30

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Url

Domain

Ip

Community Reviews

Related Threats

ThreatFox IOCs for 2026-05-30

ThreatFox IOCs for 2026-05-29

ChatGPT share links abused to host fake outage pages to deliver malware

Dutch govt disrupts malware botnet with 17 million infected devices

Kimsuky's Advanced Attack Techniques: JSONPing, Webex Spoofing, and a New HttpSpy Variant

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility