Reconnecting to live updates…

Maltrail IOC for 2026-06-05

Severity: mediumType: malware

AI Analysis

Technical Summary

The threat is a malware-related IOC identified by Maltrail on 2026-06-05, shared via the CIRCL OSINT Feed. It represents observed network activity associated with potential malicious behavior. No detailed technical indicators or affected product versions are specified. The threat is classified with medium severity but lacks evidence of active exploitation or available remediation.

Potential Impact

The impact is currently limited to detection of suspicious or malicious network activity as indicated by the IOC. There is no evidence of active exploitation or direct compromise reported. The medium severity suggests a moderate potential risk if the IOC corresponds to ongoing malicious activity.

Mitigation Recommendations

No patch or official remediation is available for this IOC. Security teams should incorporate this IOC into their detection and monitoring tools as appropriate. Since this is an OSINT observation without active exploits or patches, no urgent remediation actions are required beyond standard monitoring.

Indicators of Compromise

url: https://api.github.com/repos/stamparm/maltrail/commits/076643c2bf9007ae5d7ff5ff386b651859c13ba6
url: https://x.com/KirkDerpca/status/2062690292608782530
ip: 213.218.160.189
url: https://api.github.com/repos/stamparm/maltrail/commits/52380b3ddb5dbd843d4fec01e033ddc29a22aab9
url: https://x.com/Fact_Finder03/status/2062778820739146164
url: https://www.virustotal.com/gui/file/9acd87765564916acfe5f486984dcce2b04b7a49d9f482b01afa7a65ac91b8b6/detection
url: https://www.virustotal.com/gui/file/64b3713f3ea9bd3a28cbb094d7aaaf2e554925394210eeb579c79250670d2c42/detection
ip: 185.181.11.117
url: https://api.github.com/repos/stamparm/maltrail/commits/27f6349543e783b0fa1d2042f480162e5b554156
domain: 5q.oscarstars.xyz
domain: bgnhgrbg.cyou
domain: enjoymemes.com
domain: genericlocalstoragenew.com
domain: ms-telemetry-gateway-us.com
domain: oscarstars.xyz
domain: salongallerie.com
url: https://api.github.com/repos/stamparm/maltrail/commits/358b6654fbf2a867fc181a9659acc05cbad6376f
domain: sub8.eu.org
url: https://api.github.com/repos/stamparm/maltrail/commits/247af57453fb830d6c2964b6fb5cfc9ee65b4929
url: https://otx.alienvault.com/pulse/6a21aa7db4b7cf1351f27cb6
domain: lkczkqweca.com
domain: smokeenew.com
domain: webstizkgao.com
domain: ibewfszvehhb.lkczkqweca.com
url: https://api.github.com/repos/stamparm/maltrail/commits/866eadff4951cbb96213d3fda48ebbe356999e54
ip: 43.139.224.138
url: https://api.github.com/repos/stamparm/maltrail/commits/980e3bfa190f40edc6d7e332a0c3bfea51290f12
domain: wpcol.com
url: https://api.github.com/repos/stamparm/maltrail/commits/64b729fa2bcb78f18fc91e7dda6ac6e5f8907b67
domain: lislason.lol
url: https://api.github.com/repos/stamparm/maltrail/commits/205ad9098c07e92abef2230d23f1cef4fbf2db8b
url: https://x.com/Malwarehunterr/status/2062647581021495477
url: https://www.virustotal.com/gui/file/a64401d0ac2612c2dca478cf191f115f5ee27cca3eb7425c840e8bc50f82071d/detection
domain: instance-s6g21w-relay.screenconnect.com
url: https://api.github.com/repos/stamparm/maltrail/commits/4587c4e9b84e888a8bb95f62c6811eb8d39c11ef
domain: account.driv3qtwo.duckdns.org
domain: advath.d0c3syrouf.freemyip.com
domain: aeshawellness.com
domain: app.mhfservlces.com
domain: auth.suben3.freemyip.com
domain: autoconfig.aeshawellness.com
domain: autodiscover.aeshawellness.com
domain: bcautomotive.lts-dispatch.com
domain: cpanel.aeshawellness.com
domain: cpcalendars.aeshawellness.com
domain: cpcontacts.aeshawellness.com
domain: d0c3syrouf.freemyip.com
domain: dataworksglobal.top
domain: doc-file.top
domain: doc-files.top
domain: documenteflie.com
domain: driv3qtwo.duckdns.org
domain: fitgymsandiego.com
domain: ftp.aeshawellness.com
domain: g.sst.suben3.freemyip.com
domain: grozzardsgroup.top
domain: haiita.com
domain: kap-hwr.com
domain: mail.documenteflie.com
domain: mail.radiovoztv.org
domain: metrics.nimmon.ca
domain: mhfservlces.com
domain: mycryptoeducator.com
domain: nimmon.ca
domain: o365.driv3qtwo.duckdns.org
domain: radiovoztv.org
domain: remittancehub.top
domain: smusxath.suben3.freemyip.com
domain: social-download-report.com
domain: socialdownload-report.com
domain: socialdownload-state.com
domain: sp.authpoint.usa.d0c3syrouf.freemyip.com
domain: sst.d0c3syrouf.freemyip.com
domain: suben3.freemyip.com
domain: ulgroup.driv3qtwo.duckdns.org
domain: webdisk.aeshawellness.com
domain: webmail.aeshawellness.com
domain: whm.aeshawellness.com
url: https://api.github.com/repos/stamparm/maltrail/commits/c6faf776f9e20fab94e2b4a1a7fd5104f0e86fe2
url: https://x.com/Malwarehunterr/status/2062651134960193974
url: https://www.virustotal.com/gui/file/90b902fb92b1d8f38e455d8de4169764a68f6185bcd61b7c92c34ee9a2754fde/detection
ip: 185.215.167.211
url: https://api.github.com/repos/stamparm/maltrail/commits/a8d889be8b057635e146b1b83d74b71f1951022e
domain: kayan-esw.com
domain: t90141163642.p.clickup-attachments.com
url: https://api.github.com/repos/stamparm/maltrail/commits/a9b8fc7c4db7d3908950863319261a158a397f70
url: https://x.com/smica83/status/2062815139598897316
url: https://www.virustotal.com/gui/file/eb7a9121bbd1a6aaa032ea15016d36f884912afd8ae03945316c3fc8edd89912/detection
url: https://www.virustotal.com/gui/file/4914225ea6f4ae00acb099c06ca02f1589e24528b06a5c26df66242cf10089f4/detection
url: https://www.virustotal.com/gui/file/1cfbb7ca0eda3932453bdad466ac68993d688ac0cf95d2c93a0f847e436eae47/detection
ip: 65.109.255.73
domain: dism188.top
domain: fittpure.com
domain: mub.dism188.top
url: https://api.github.com/repos/stamparm/maltrail/commits/15113384e1569c31590030f0b72bb21f35cc6100
url: https://x.com/skocherhan/status/2062633445843489195
domain: account-login.userauth.dynv6.net
domain: account-login.userauth.o-r.kr
domain: communitysize.kro.kr
domain: global.communitysize.kro.kr
domain: userauth.dynv6.net
domain: userauth.o-r.kr
url: https://api.github.com/repos/stamparm/maltrail/commits/2ffe445023086b51ae802e7863d7742cfc244553
url: https://x.com/smica83/status/2062267736974110979
url: https://tria.ge/260603-yz6lsae16p/behavioral1
url: https://www.virustotal.com/gui/file/2248a71fc8e91ca64eeb2c31f9104d237269dcccb4ed78f140e859eabae1cee2/detection
ip: 193.70.34.25
domain: wqekkfdjsdfaasdfjkbwefb.io
url: https://api.github.com/repos/stamparm/maltrail/commits/a021b927e8b8ac448bd8a87d9fdd793b011fd8a6
url: https://x.com/suyog41/status/2062776712556060847
url: https://www.virustotal.com/gui/file/87552f2d63dde723eca5e1fbc045e9fc491bb9821d373b79a130d41f56be7461/detection
ip: 34.154.23.46
url: https://api.github.com/repos/stamparm/maltrail/commits/2b024ef235b59cbe7b59d41bdd78b9b25f11c4c8
domain: pedit.fun
url: https://api.github.com/repos/stamparm/maltrail/commits/7e130086839a651f67ce24aeb9e9a6f1bacad746
url: https://x.com/skocherhan/status/2062611489358532731
domain: checkinfo.kro.kr
domain: clovanote.ohbah.com
domain: login.checkinfo.kro.kr
domain: m.navre.co.malam.or.id
domain: nav-logins.ntpx12ee.dns.army
domain: navre.co.malam.or.id
domain: ntpx12ee.dns.army
domain: portal.clovanote.ohbah.com
domain: tals5ex.dynv6.net
domain: 6441056b613c32a9.apollo.r-e.kr
domain: accounts.google.corn.v3.cut-com.eu
domain: apollo-page.r-e.kr
domain: apollo-page.r-e.nidlogin.apollo.r-e.kr
domain: apollo.r-e.kr
domain: corn.v3.cut-com.eu
domain: ekyc.naver-page.o-r.kr
domain: google.corn.v3.cut-com.eu
domain: http-nidlogin.apollo.r-e.kr
domain: http-r-e.nidlogin.apollo.r-e.kr
domain: https-nidlogin.apollo.r-e.kr
domain: https-r-e.nidlogin.apollo.r-e.kr
domain: idlogin.apollo.r-e.kr
domain: invoice-document.n-e.kr
domain: krnidlogin.apollo.r-e.kr
domain: mail.apollo-page.r-e.kr
domain: mail.apollo-page.r-e.nidlogin.apollo.r-e.kr
domain: mail.apollo.r-e.kr
domain: naver-page.o-r.kr
domain: nid.xn
domain: nidlogin.apollo.r-e.kr
domain: nidloging.apollo.r-e.kr
domain: nidlongin.apollo.r-e.kr
domain: r-e.krnidlogin.apollo.r-e.kr
domain: r-e.nidlogin.apollo.r-e.kr
domain: sscyber-samsungcard.kro.kr
domain: uld.invoice-document.n-e.kr
domain: v3.cut-com.eu
url: https://api.github.com/repos/stamparm/maltrail/commits/fe6dfae8e50f5bb5b8a65930f780ab79d537a1eb
url: https://www.virustotal.com/gui/file/6fa69de886c47defd6e3c0261a9b6358d23ea0eadbf8c4b5877fc8df3e339514/detection
domain: tonajukbhuakpo2.shop
url: https://api.github.com/repos/stamparm/maltrail/commits/a9198ba41dcbef67c198139489fb31df74d373a2
url: https://x.com/JAMESWT_WT/status/2062532295240696156
url: https://www.virustotal.com/gui/file/b422e102ed941533b2ba7a6481aa19a9d4e6cdcc033f0740833bb65bf5944f80/detection
domain: haddjskak827sja.com
url: https://api.github.com/repos/stamparm/maltrail/commits/0a2a845233396ac928e138c66221d18c3a86940e
domain: cashbackpunp.fun
domain: liinkydin.com
domain: linkjdin.com
domain: lossesback-pumps.fun
domain: pump-streamhub.fun
domain: pumprooms.fun
domain: rugclaim-pump.fun
domain: zeelov.com
domain: ziiillow.com
domain: zilauwwa.click
domain: zjllov.com
url: https://api.github.com/repos/stamparm/maltrail/commits/ed89579cbbefee66ce9e3c7e606529344498e428
domain: bytfax.com
domain: filecedarcompass.cyou
domain: filehollowstudio.cyou
domain: filelunarcanvas.cyou
domain: filemistyengine.cyou
domain: fileobsidianorbit.cyou
domain: filepearlhorizon.cyou
domain: filerubyplanet.cyou
domain: filesapphiretower.cyou
domain: filethundercanvas.cyou
domain: filevelvetplanet.cyou
domain: filewillowsignal.cyou
domain: zexbyt.com
url: https://api.github.com/repos/stamparm/maltrail/commits/2bcf2ffd1a7db28e831b7ddce8010eb504c3d4de
domain: bayareawaterheater.com
domain: bytorianforge.com
domain: cedarspoint.it.com
domain: elevatsys.it.com
domain: fluxoraviantech.com
domain: marbellavacations.com
domain: meridiasolution.it.com
domain: pressurewashingalabama.com
url: https://api.github.com/repos/stamparm/maltrail/commits/9e111d3a2bdec6af703e5334ba4debf35f267b85
url: https://www.huntress.com/blog/malspam-to-deskcvb-rat-delivery-chain-analysis
domain: catalogo.castrouria.com
url: https://api.github.com/repos/stamparm/maltrail/commits/61b4f12619a75cbc450493292b429ed63f260dfc
ip: 159.138.167.119
ip: 181.215.6.77
url: https://api.github.com/repos/stamparm/maltrail/commits/94fb506ecc12e431da767fec5ff7fb3eec26470c
url: https://x.com/smica83/status/2062836018311487731
url: https://www.virustotal.com/gui/file/aacca68930d7b0a3fab91448b98651a01858b76426bb8924782a37e97190e854/detection
url: https://www.virustotal.com/gui/file/dddcb6a95daaf9f4ae3518f54505b4e7c98c185aef98eba2ead05b6374f4b186/detection
ip: 18.166.47.109
url: https://api.github.com/repos/stamparm/maltrail/commits/318b06aedfc670ef298744bba5620dc4d87b0cc2
url: https://x.com/smica83/status/2062837743944630644
url: https://www.virustotal.com/gui/file/8d60ebbaea8a7b8be25cd7e41736eb6a4801d3aa0a53a0d7022d12951f5a473a/detection
url: https://www.virustotal.com/gui/file/e4baad6c52226fc3c781e37a733f62e7c6977363a3a99e5eead2876bb587e156/detection
domain: aosotaka.com
domain: asmfmfmfmf.com
domain: asqmvmastt.com
domain: daisiiafsfk.com
domain: djkmgndkjfgndfg.com
domain: dkilkamajsiot.com
domain: fastoqoakkas.com
domain: foasfjkasf.com
domain: fopsadfposkdf.com
domain: hdudidjdjdndjdjd.com
domain: lambdauyamna.com
domain: lopstmisot.com
domain: msiulosjudiid.com
domain: mxjxifkfkkffjjf.com
domain: oficekoslosld.com
domain: opfiksotpffff.com
domain: skadfjsdijfhsfso9to.com
domain: tiqwtkmma.com
domain: tomaskoslimsok.com
domain: zbxcgtqt.com
url: https://api.github.com/repos/stamparm/maltrail/commits/14d4e3e5d21cd5f4a5b578990ea2965b8d49388e
url: https://api.github.com/repos/stamparm/maltrail/commits/ed15bcc95d97680db5d297a76bfac456039e323f
domain: bitgost.com
domain: fileamberforest.cyou
domain: fileautumnsignal.cyou
domain: fileglacierbridge.cyou
domain: fileivoryharbor.cyou
domain: filelavenderbridge.online
domain: fileopalvoyage.cyou
domain: filepinebeacon.cyou
domain: files.tonmicrob.click
domain: kraken.mom
domain: testixworlesemint.world
domain: tg-page.digital
domain: tonmicrob.click
domain: towerex-exchange.com
domain: towerex-exchange.digital
domain: towerex-exchange.today
domain: transaction.towerex-exchange.com
domain: verification.towerex-exchange.com
domain: vu.towerex-exchange.digital
domain: winbyt.com
url: https://api.github.com/repos/stamparm/maltrail/commits/2ad3345c261c65790b840167cf77a25b59be9a6e
url: https://x.com/skocherhan/status/2062619712987468177
url: https://www.virustotal.com/gui/file/11bc1b71031b25249854afd82fabdc132cf91f2881afb76cbc3274844c1cd908/detection
domain: merchant-gateway.live
domain: vertexpartners.au
domain: q2rt.vertexpartners.au
url: https://api.github.com/repos/stamparm/maltrail/commits/05915d58e42df05a5d8e150d8c6dc1acd8d214b8
domain: whbackend.ru
url: https://api.github.com/repos/stamparm/maltrail/commits/20f1c7cd5cea45fa8c234726d1a5a1318acadec6
url: https://www.virustotal.com/gui/file/6135aef85fa3a905b22b8710484b2c588f06fb30bb02dc6d4b52bc6181b79d30/detection
domain: lummaaass.site
domain: youronestophalalshop.com
url: https://api.github.com/repos/stamparm/maltrail/commits/d2d40e34657e68268d3688c48eb3cc25dc551400
ip: 179.209.217.74
ip: 78.132.10.71
url: https://api.github.com/repos/stamparm/maltrail/commits/ea2664bc232acfac92c81a02d6478af427285f2a
ip: 82.156.224.203
url: https://api.github.com/repos/stamparm/maltrail/commits/8352c7b5b18cdae73a4603c109b74bc4d6b099b3
domain: 2dbks.cdn365.top
url: https://api.github.com/repos/stamparm/maltrail/commits/2e9e5d6f1d28ad4628e46a18e31ba1108238c909
url: https://x.com/skocherhan/status/2062632228509946089
domain: jptower.dns.army
domain: lloizou.dynv6.net
domain: metapola.dns.army
domain: schet.dns.army
domain: si1901.dynv6.net
domain: store.jptower.dns.army
domain: store.lloizou.dynv6.net
domain: store.metapola.dns.army
domain: store.si1901.dynv6.net
domain: store.unikoreamc.dynv6.net
domain: unikoreamc.dynv6.net
domain: vaml.schet.dns.army
url: https://api.github.com/repos/stamparm/maltrail/commits/c25c244cf35eb5ddc46df0ffac93f30d994b652e
domain: nid-naverwuk.servecounterstrike.com

Maltrail IOC for 2026-06-05

Severity: medium

Type: malware

Maltrail IOC for 2026-06-05

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

url: https://api.github.com/repos/stamparm/maltrail/commits/076643c2bf9007ae5d7ff5ff386b651859c13ba6
url: https://x.com/KirkDerpca/status/2062690292608782530
ip: 213.218.160.189
url: https://api.github.com/repos/stamparm/maltrail/commits/52380b3ddb5dbd843d4fec01e033ddc29a22aab9
url: https://x.com/Fact_Finder03/status/2062778820739146164
url: https://www.virustotal.com/gui/file/9acd87765564916acfe5f486984dcce2b04b7a49d9f482b01afa7a65ac91b8b6/detection
url: https://www.virustotal.com/gui/file/64b3713f3ea9bd3a28cbb094d7aaaf2e554925394210eeb579c79250670d2c42/detection
ip: 185.181.11.117
url: https://api.github.com/repos/stamparm/maltrail/commits/27f6349543e783b0fa1d2042f480162e5b554156
domain: 5q.oscarstars.xyz
domain: bgnhgrbg.cyou
domain: enjoymemes.com
domain: genericlocalstoragenew.com
domain: ms-telemetry-gateway-us.com
domain: oscarstars.xyz
domain: salongallerie.com
url: https://api.github.com/repos/stamparm/maltrail/commits/358b6654fbf2a867fc181a9659acc05cbad6376f
domain: sub8.eu.org
url: https://api.github.com/repos/stamparm/maltrail/commits/247af57453fb830d6c2964b6fb5cfc9ee65b4929
url: https://otx.alienvault.com/pulse/6a21aa7db4b7cf1351f27cb6
domain: lkczkqweca.com
domain: smokeenew.com
domain: webstizkgao.com
domain: ibewfszvehhb.lkczkqweca.com
url: https://api.github.com/repos/stamparm/maltrail/commits/866eadff4951cbb96213d3fda48ebbe356999e54
ip: 43.139.224.138
url: https://api.github.com/repos/stamparm/maltrail/commits/980e3bfa190f40edc6d7e332a0c3bfea51290f12
domain: wpcol.com
url: https://api.github.com/repos/stamparm/maltrail/commits/64b729fa2bcb78f18fc91e7dda6ac6e5f8907b67
domain: lislason.lol
url: https://api.github.com/repos/stamparm/maltrail/commits/205ad9098c07e92abef2230d23f1cef4fbf2db8b
url: https://x.com/Malwarehunterr/status/2062647581021495477
url: https://www.virustotal.com/gui/file/a64401d0ac2612c2dca478cf191f115f5ee27cca3eb7425c840e8bc50f82071d/detection
domain: instance-s6g21w-relay.screenconnect.com
url: https://api.github.com/repos/stamparm/maltrail/commits/4587c4e9b84e888a8bb95f62c6811eb8d39c11ef
domain: account.driv3qtwo.duckdns.org
domain: advath.d0c3syrouf.freemyip.com
domain: aeshawellness.com
domain: app.mhfservlces.com
domain: auth.suben3.freemyip.com
domain: autoconfig.aeshawellness.com
domain: autodiscover.aeshawellness.com
domain: bcautomotive.lts-dispatch.com
domain: cpanel.aeshawellness.com
domain: cpcalendars.aeshawellness.com
domain: cpcontacts.aeshawellness.com
domain: d0c3syrouf.freemyip.com
domain: dataworksglobal.top
domain: doc-file.top
domain: doc-files.top
domain: documenteflie.com
domain: driv3qtwo.duckdns.org
domain: fitgymsandiego.com
domain: ftp.aeshawellness.com
domain: g.sst.suben3.freemyip.com
domain: grozzardsgroup.top
domain: haiita.com
domain: kap-hwr.com
domain: mail.documenteflie.com
domain: mail.radiovoztv.org
domain: metrics.nimmon.ca
domain: mhfservlces.com
domain: mycryptoeducator.com
domain: nimmon.ca
domain: o365.driv3qtwo.duckdns.org
domain: radiovoztv.org
domain: remittancehub.top
domain: smusxath.suben3.freemyip.com
domain: social-download-report.com
domain: socialdownload-report.com
domain: socialdownload-state.com
domain: sp.authpoint.usa.d0c3syrouf.freemyip.com
domain: sst.d0c3syrouf.freemyip.com
domain: suben3.freemyip.com
domain: ulgroup.driv3qtwo.duckdns.org
domain: webdisk.aeshawellness.com
domain: webmail.aeshawellness.com
domain: whm.aeshawellness.com
url: https://api.github.com/repos/stamparm/maltrail/commits/c6faf776f9e20fab94e2b4a1a7fd5104f0e86fe2
url: https://x.com/Malwarehunterr/status/2062651134960193974
url: https://www.virustotal.com/gui/file/90b902fb92b1d8f38e455d8de4169764a68f6185bcd61b7c92c34ee9a2754fde/detection
ip: 185.215.167.211
url: https://api.github.com/repos/stamparm/maltrail/commits/a8d889be8b057635e146b1b83d74b71f1951022e
domain: kayan-esw.com
domain: t90141163642.p.clickup-attachments.com
url: https://api.github.com/repos/stamparm/maltrail/commits/a9b8fc7c4db7d3908950863319261a158a397f70
url: https://x.com/smica83/status/2062815139598897316
url: https://www.virustotal.com/gui/file/eb7a9121bbd1a6aaa032ea15016d36f884912afd8ae03945316c3fc8edd89912/detection
url: https://www.virustotal.com/gui/file/4914225ea6f4ae00acb099c06ca02f1589e24528b06a5c26df66242cf10089f4/detection
url: https://www.virustotal.com/gui/file/1cfbb7ca0eda3932453bdad466ac68993d688ac0cf95d2c93a0f847e436eae47/detection
ip: 65.109.255.73
domain: dism188.top
domain: fittpure.com
domain: mub.dism188.top
url: https://api.github.com/repos/stamparm/maltrail/commits/15113384e1569c31590030f0b72bb21f35cc6100
url: https://x.com/skocherhan/status/2062633445843489195
domain: account-login.userauth.dynv6.net
domain: account-login.userauth.o-r.kr
domain: communitysize.kro.kr
domain: global.communitysize.kro.kr
domain: userauth.dynv6.net
domain: userauth.o-r.kr
url: https://api.github.com/repos/stamparm/maltrail/commits/2ffe445023086b51ae802e7863d7742cfc244553
url: https://x.com/smica83/status/2062267736974110979
url: https://tria.ge/260603-yz6lsae16p/behavioral1
url: https://www.virustotal.com/gui/file/2248a71fc8e91ca64eeb2c31f9104d237269dcccb4ed78f140e859eabae1cee2/detection
ip: 193.70.34.25
domain: wqekkfdjsdfaasdfjkbwefb.io
url: https://api.github.com/repos/stamparm/maltrail/commits/a021b927e8b8ac448bd8a87d9fdd793b011fd8a6
url: https://x.com/suyog41/status/2062776712556060847
url: https://www.virustotal.com/gui/file/87552f2d63dde723eca5e1fbc045e9fc491bb9821d373b79a130d41f56be7461/detection
ip: 34.154.23.46
url: https://api.github.com/repos/stamparm/maltrail/commits/2b024ef235b59cbe7b59d41bdd78b9b25f11c4c8
domain: pedit.fun
url: https://api.github.com/repos/stamparm/maltrail/commits/7e130086839a651f67ce24aeb9e9a6f1bacad746
url: https://x.com/skocherhan/status/2062611489358532731
domain: checkinfo.kro.kr
domain: clovanote.ohbah.com
domain: login.checkinfo.kro.kr
domain: m.navre.co.malam.or.id
domain: nav-logins.ntpx12ee.dns.army
domain: navre.co.malam.or.id
domain: ntpx12ee.dns.army
domain: portal.clovanote.ohbah.com
domain: tals5ex.dynv6.net
domain: 6441056b613c32a9.apollo.r-e.kr
domain: accounts.google.corn.v3.cut-com.eu
domain: apollo-page.r-e.kr
domain: apollo-page.r-e.nidlogin.apollo.r-e.kr
domain: apollo.r-e.kr
domain: corn.v3.cut-com.eu
domain: ekyc.naver-page.o-r.kr
domain: google.corn.v3.cut-com.eu
domain: http-nidlogin.apollo.r-e.kr
domain: http-r-e.nidlogin.apollo.r-e.kr
domain: https-nidlogin.apollo.r-e.kr
domain: https-r-e.nidlogin.apollo.r-e.kr
domain: idlogin.apollo.r-e.kr
domain: invoice-document.n-e.kr
domain: krnidlogin.apollo.r-e.kr
domain: mail.apollo-page.r-e.kr
domain: mail.apollo-page.r-e.nidlogin.apollo.r-e.kr
domain: mail.apollo.r-e.kr
domain: naver-page.o-r.kr
domain: nid.xn
domain: nidlogin.apollo.r-e.kr
domain: nidloging.apollo.r-e.kr
domain: nidlongin.apollo.r-e.kr
domain: r-e.krnidlogin.apollo.r-e.kr
domain: r-e.nidlogin.apollo.r-e.kr
domain: sscyber-samsungcard.kro.kr
domain: uld.invoice-document.n-e.kr
domain: v3.cut-com.eu
url: https://api.github.com/repos/stamparm/maltrail/commits/fe6dfae8e50f5bb5b8a65930f780ab79d537a1eb
url: https://www.virustotal.com/gui/file/6fa69de886c47defd6e3c0261a9b6358d23ea0eadbf8c4b5877fc8df3e339514/detection
domain: tonajukbhuakpo2.shop
url: https://api.github.com/repos/stamparm/maltrail/commits/a9198ba41dcbef67c198139489fb31df74d373a2
url: https://x.com/JAMESWT_WT/status/2062532295240696156
url: https://www.virustotal.com/gui/file/b422e102ed941533b2ba7a6481aa19a9d4e6cdcc033f0740833bb65bf5944f80/detection
domain: haddjskak827sja.com
url: https://api.github.com/repos/stamparm/maltrail/commits/0a2a845233396ac928e138c66221d18c3a86940e
domain: cashbackpunp.fun
domain: liinkydin.com
domain: linkjdin.com
domain: lossesback-pumps.fun
domain: pump-streamhub.fun
domain: pumprooms.fun
domain: rugclaim-pump.fun
domain: zeelov.com
domain: ziiillow.com
domain: zilauwwa.click
domain: zjllov.com
url: https://api.github.com/repos/stamparm/maltrail/commits/ed89579cbbefee66ce9e3c7e606529344498e428
domain: bytfax.com
domain: filecedarcompass.cyou
domain: filehollowstudio.cyou
domain: filelunarcanvas.cyou
domain: filemistyengine.cyou
domain: fileobsidianorbit.cyou
domain: filepearlhorizon.cyou
domain: filerubyplanet.cyou
domain: filesapphiretower.cyou
domain: filethundercanvas.cyou
domain: filevelvetplanet.cyou
domain: filewillowsignal.cyou
domain: zexbyt.com
url: https://api.github.com/repos/stamparm/maltrail/commits/2bcf2ffd1a7db28e831b7ddce8010eb504c3d4de
domain: bayareawaterheater.com
domain: bytorianforge.com
domain: cedarspoint.it.com
domain: elevatsys.it.com
domain: fluxoraviantech.com
domain: marbellavacations.com
domain: meridiasolution.it.com
domain: pressurewashingalabama.com
url: https://api.github.com/repos/stamparm/maltrail/commits/9e111d3a2bdec6af703e5334ba4debf35f267b85
url: https://www.huntress.com/blog/malspam-to-deskcvb-rat-delivery-chain-analysis
domain: catalogo.castrouria.com
url: https://api.github.com/repos/stamparm/maltrail/commits/61b4f12619a75cbc450493292b429ed63f260dfc
ip: 159.138.167.119
ip: 181.215.6.77
url: https://api.github.com/repos/stamparm/maltrail/commits/94fb506ecc12e431da767fec5ff7fb3eec26470c
url: https://x.com/smica83/status/2062836018311487731
url: https://www.virustotal.com/gui/file/aacca68930d7b0a3fab91448b98651a01858b76426bb8924782a37e97190e854/detection
url: https://www.virustotal.com/gui/file/dddcb6a95daaf9f4ae3518f54505b4e7c98c185aef98eba2ead05b6374f4b186/detection
ip: 18.166.47.109
url: https://api.github.com/repos/stamparm/maltrail/commits/318b06aedfc670ef298744bba5620dc4d87b0cc2
url: https://x.com/smica83/status/2062837743944630644
url: https://www.virustotal.com/gui/file/8d60ebbaea8a7b8be25cd7e41736eb6a4801d3aa0a53a0d7022d12951f5a473a/detection
url: https://www.virustotal.com/gui/file/e4baad6c52226fc3c781e37a733f62e7c6977363a3a99e5eead2876bb587e156/detection
domain: aosotaka.com
domain: asmfmfmfmf.com
domain: asqmvmastt.com
domain: daisiiafsfk.com
domain: djkmgndkjfgndfg.com
domain: dkilkamajsiot.com
domain: fastoqoakkas.com
domain: foasfjkasf.com
domain: fopsadfposkdf.com
domain: hdudidjdjdndjdjd.com
domain: lambdauyamna.com
domain: lopstmisot.com
domain: msiulosjudiid.com
domain: mxjxifkfkkffjjf.com
domain: oficekoslosld.com
domain: opfiksotpffff.com
domain: skadfjsdijfhsfso9to.com
domain: tiqwtkmma.com
domain: tomaskoslimsok.com
domain: zbxcgtqt.com
url: https://api.github.com/repos/stamparm/maltrail/commits/14d4e3e5d21cd5f4a5b578990ea2965b8d49388e
url: https://api.github.com/repos/stamparm/maltrail/commits/ed15bcc95d97680db5d297a76bfac456039e323f
domain: bitgost.com
domain: fileamberforest.cyou
domain: fileautumnsignal.cyou
domain: fileglacierbridge.cyou
domain: fileivoryharbor.cyou
domain: filelavenderbridge.online
domain: fileopalvoyage.cyou
domain: filepinebeacon.cyou
domain: files.tonmicrob.click
domain: kraken.mom
domain: testixworlesemint.world
domain: tg-page.digital
domain: tonmicrob.click
domain: towerex-exchange.com
domain: towerex-exchange.digital
domain: towerex-exchange.today
domain: transaction.towerex-exchange.com
domain: verification.towerex-exchange.com
domain: vu.towerex-exchange.digital
domain: winbyt.com
url: https://api.github.com/repos/stamparm/maltrail/commits/2ad3345c261c65790b840167cf77a25b59be9a6e
url: https://x.com/skocherhan/status/2062619712987468177
url: https://www.virustotal.com/gui/file/11bc1b71031b25249854afd82fabdc132cf91f2881afb76cbc3274844c1cd908/detection
domain: merchant-gateway.live
domain: vertexpartners.au
domain: q2rt.vertexpartners.au
url: https://api.github.com/repos/stamparm/maltrail/commits/05915d58e42df05a5d8e150d8c6dc1acd8d214b8
domain: whbackend.ru
url: https://api.github.com/repos/stamparm/maltrail/commits/20f1c7cd5cea45fa8c234726d1a5a1318acadec6
url: https://www.virustotal.com/gui/file/6135aef85fa3a905b22b8710484b2c588f06fb30bb02dc6d4b52bc6181b79d30/detection
domain: lummaaass.site
domain: youronestophalalshop.com
url: https://api.github.com/repos/stamparm/maltrail/commits/d2d40e34657e68268d3688c48eb3cc25dc551400
ip: 179.209.217.74
ip: 78.132.10.71
url: https://api.github.com/repos/stamparm/maltrail/commits/ea2664bc232acfac92c81a02d6478af427285f2a
ip: 82.156.224.203
url: https://api.github.com/repos/stamparm/maltrail/commits/8352c7b5b18cdae73a4603c109b74bc4d6b099b3
domain: 2dbks.cdn365.top
url: https://api.github.com/repos/stamparm/maltrail/commits/2e9e5d6f1d28ad4628e46a18e31ba1108238c909
url: https://x.com/skocherhan/status/2062632228509946089
domain: jptower.dns.army
domain: lloizou.dynv6.net
domain: metapola.dns.army
domain: schet.dns.army
domain: si1901.dynv6.net
domain: store.jptower.dns.army
domain: store.lloizou.dynv6.net
domain: store.metapola.dns.army
domain: store.si1901.dynv6.net
domain: store.unikoreamc.dynv6.net
domain: unikoreamc.dynv6.net
domain: vaml.schet.dns.army
url: https://api.github.com/repos/stamparm/maltrail/commits/c25c244cf35eb5ddc46df0ffac93f30d994b652e
domain: nid-naverwuk.servecounterstrike.com

Source: CIRCL OSINT Feed

Published: Thu Jun 04 2026

Maltrail IOC for 2026-06-05

Medium

Malwaretlp:clear malware misp:threat-level="medium-risk"misp:event-type="observation"misp:automation-level="unsupervised"type:osint osint:lifetime="perpetual"osint:source-type="manual-collection"

Published: Thu Jun 04 2026 (06/04/2026, 00:00:00 UTC)

Source: CIRCL OSINT Feed

Description

Maltrail IOC for 2026-06-05

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 06/05/2026, 16:04:06 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Uuid: e3b7f367-0435-43a2-b1d3-f4a696cfeaea
Original Timestamp: 1780671603

Indicators of Compromise

Url

Value	Description	Copy
urlhttps://api.github.com/repos/stamparm/maltrail/commits/076643c2bf9007ae5d7ff5ff386b651859c13ba6	hacked_npmrepos
urlhttps://x.com/KirkDerpca/status/2062690292608782530	hacked_npmrepos
urlhttps://api.github.com/repos/stamparm/maltrail/commits/52380b3ddb5dbd843d4fec01e033ddc29a22aab9	android_spynote
urlhttps://x.com/Fact_Finder03/status/2062778820739146164	android_spynote
urlhttps://www.virustotal.com/gui/file/9acd87765564916acfe5f486984dcce2b04b7a49d9f482b01afa7a65ac91b8b6/detection	android_spynote
urlhttps://www.virustotal.com/gui/file/64b3713f3ea9bd3a28cbb094d7aaaf2e554925394210eeb579c79250670d2c42/detection	android_spynote
urlhttps://api.github.com/repos/stamparm/maltrail/commits/27f6349543e783b0fa1d2042f480162e5b554156	nightshadec2
urlhttps://api.github.com/repos/stamparm/maltrail/commits/358b6654fbf2a867fc181a9659acc05cbad6376f	lummac2
urlhttps://api.github.com/repos/stamparm/maltrail/commits/247af57453fb830d6c2964b6fb5cfc9ee65b4929	nightshadec2
urlhttps://otx.alienvault.com/pulse/6a21aa7db4b7cf1351f27cb6	nightshadec2
urlhttps://api.github.com/repos/stamparm/maltrail/commits/866eadff4951cbb96213d3fda48ebbe356999e54	cyberstrikeai
urlhttps://api.github.com/repos/stamparm/maltrail/commits/980e3bfa190f40edc6d7e332a0c3bfea51290f12	magentocore
urlhttps://api.github.com/repos/stamparm/maltrail/commits/64b729fa2bcb78f18fc91e7dda6ac6e5f8907b67	ek_landupdate808
urlhttps://api.github.com/repos/stamparm/maltrail/commits/205ad9098c07e92abef2230d23f1cef4fbf2db8b	connectwise
urlhttps://x.com/Malwarehunterr/status/2062647581021495477	connectwise
urlhttps://www.virustotal.com/gui/file/a64401d0ac2612c2dca478cf191f115f5ee27cca3eb7425c840e8bc50f82071d/detection	connectwise
urlhttps://api.github.com/repos/stamparm/maltrail/commits/4587c4e9b84e888a8bb95f62c6811eb8d39c11ef	fakeapp
urlhttps://api.github.com/repos/stamparm/maltrail/commits/c6faf776f9e20fab94e2b4a1a7fd5104f0e86fe2	simplehelp
urlhttps://x.com/Malwarehunterr/status/2062651134960193974	simplehelp
urlhttps://www.virustotal.com/gui/file/90b902fb92b1d8f38e455d8de4169764a68f6185bcd61b7c92c34ee9a2754fde/detection	simplehelp
urlhttps://api.github.com/repos/stamparm/maltrail/commits/a8d889be8b057635e146b1b83d74b71f1951022e	fakeapp
urlhttps://api.github.com/repos/stamparm/maltrail/commits/a9b8fc7c4db7d3908950863319261a158a397f70	vidar
urlhttps://x.com/smica83/status/2062815139598897316	vidar
urlhttps://www.virustotal.com/gui/file/eb7a9121bbd1a6aaa032ea15016d36f884912afd8ae03945316c3fc8edd89912/detection	vidar
urlhttps://www.virustotal.com/gui/file/4914225ea6f4ae00acb099c06ca02f1589e24528b06a5c26df66242cf10089f4/detection	vidar
urlhttps://www.virustotal.com/gui/file/1cfbb7ca0eda3932453bdad466ac68993d688ac0cf95d2c93a0f847e436eae47/detection	vidar
urlhttps://api.github.com/repos/stamparm/maltrail/commits/15113384e1569c31590030f0b72bb21f35cc6100	apt_kimsuky
urlhttps://x.com/skocherhan/status/2062633445843489195	apt_kimsuky
urlhttps://api.github.com/repos/stamparm/maltrail/commits/2ffe445023086b51ae802e7863d7742cfc244553	python_injector
urlhttps://x.com/smica83/status/2062267736974110979	python_injector
urlhttps://tria.ge/260603-yz6lsae16p/behavioral1	python_injector
urlhttps://www.virustotal.com/gui/file/2248a71fc8e91ca64eeb2c31f9104d237269dcccb4ed78f140e859eabae1cee2/detection	python_injector
urlhttps://api.github.com/repos/stamparm/maltrail/commits/a021b927e8b8ac448bd8a87d9fdd793b011fd8a6	llmbot
urlhttps://x.com/suyog41/status/2062776712556060847	llmbot
urlhttps://www.virustotal.com/gui/file/87552f2d63dde723eca5e1fbc045e9fc491bb9821d373b79a130d41f56be7461/detection	llmbot
urlhttps://api.github.com/repos/stamparm/maltrail/commits/2b024ef235b59cbe7b59d41bdd78b9b25f11c4c8	android_joker
urlhttps://api.github.com/repos/stamparm/maltrail/commits/7e130086839a651f67ce24aeb9e9a6f1bacad746	apt_kimsuky
urlhttps://x.com/skocherhan/status/2062611489358532731	apt_kimsuky
urlhttps://api.github.com/repos/stamparm/maltrail/commits/fe6dfae8e50f5bb5b8a65930f780ab79d537a1eb	powershell_injector
urlhttps://www.virustotal.com/gui/file/6fa69de886c47defd6e3c0261a9b6358d23ea0eadbf8c4b5877fc8df3e339514/detection	powershell_injector
urlhttps://api.github.com/repos/stamparm/maltrail/commits/a9198ba41dcbef67c198139489fb31df74d373a2	powershell_injector
urlhttps://x.com/JAMESWT_WT/status/2062532295240696156	powershell_injector
urlhttps://www.virustotal.com/gui/file/b422e102ed941533b2ba7a6481aa19a9d4e6cdcc033f0740833bb65bf5944f80/detection	powershell_injector
urlhttps://api.github.com/repos/stamparm/maltrail/commits/0a2a845233396ac928e138c66221d18c3a86940e	osx_nova
urlhttps://api.github.com/repos/stamparm/maltrail/commits/ed89579cbbefee66ce9e3c7e606529344498e428	osx_atomic
urlhttps://api.github.com/repos/stamparm/maltrail/commits/2bcf2ffd1a7db28e831b7ddce8010eb504c3d4de	apt_unc2465
urlhttps://api.github.com/repos/stamparm/maltrail/commits/9e111d3a2bdec6af703e5334ba4debf35f267b85	desckvbrat
urlhttps://www.huntress.com/blog/malspam-to-deskcvb-rat-delivery-chain-analysis	desckvbrat
urlhttps://api.github.com/repos/stamparm/maltrail/commits/61b4f12619a75cbc450493292b429ed63f260dfc	supershell_c2
urlhttps://api.github.com/repos/stamparm/maltrail/commits/94fb506ecc12e431da767fec5ff7fb3eec26470c	valleyrat
urlhttps://x.com/smica83/status/2062836018311487731	valleyrat
urlhttps://www.virustotal.com/gui/file/aacca68930d7b0a3fab91448b98651a01858b76426bb8924782a37e97190e854/detection	valleyrat
urlhttps://www.virustotal.com/gui/file/dddcb6a95daaf9f4ae3518f54505b4e7c98c185aef98eba2ead05b6374f4b186/detection	valleyrat
urlhttps://api.github.com/repos/stamparm/maltrail/commits/318b06aedfc670ef298744bba5620dc4d87b0cc2	netsupport
urlhttps://x.com/smica83/status/2062837743944630644	netsupport
urlhttps://www.virustotal.com/gui/file/8d60ebbaea8a7b8be25cd7e41736eb6a4801d3aa0a53a0d7022d12951f5a473a/detection	netsupport
urlhttps://www.virustotal.com/gui/file/e4baad6c52226fc3c781e37a733f62e7c6977363a3a99e5eead2876bb587e156/detection	netsupport
urlhttps://api.github.com/repos/stamparm/maltrail/commits/14d4e3e5d21cd5f4a5b578990ea2965b8d49388e	netsupport
urlhttps://api.github.com/repos/stamparm/maltrail/commits/ed15bcc95d97680db5d297a76bfac456039e323f	osx_atomic
urlhttps://api.github.com/repos/stamparm/maltrail/commits/2ad3345c261c65790b840167cf77a25b59be9a6e	vidar
urlhttps://x.com/skocherhan/status/2062619712987468177	vidar
urlhttps://www.virustotal.com/gui/file/11bc1b71031b25249854afd82fabdc132cf91f2881afb76cbc3274844c1cd908/detection	vidar
urlhttps://api.github.com/repos/stamparm/maltrail/commits/05915d58e42df05a5d8e150d8c6dc1acd8d214b8	1312
urlhttps://api.github.com/repos/stamparm/maltrail/commits/20f1c7cd5cea45fa8c234726d1a5a1318acadec6	vidar
urlhttps://www.virustotal.com/gui/file/6135aef85fa3a905b22b8710484b2c588f06fb30bb02dc6d4b52bc6181b79d30/detection	vidar
urlhttps://api.github.com/repos/stamparm/maltrail/commits/d2d40e34657e68268d3688c48eb3cc25dc551400	hak5cloud_c2
urlhttps://api.github.com/repos/stamparm/maltrail/commits/ea2664bc232acfac92c81a02d6478af427285f2a	hak5cloud_c2
urlhttps://api.github.com/repos/stamparm/maltrail/commits/8352c7b5b18cdae73a4603c109b74bc4d6b099b3	hak5cloud_c2
urlhttps://api.github.com/repos/stamparm/maltrail/commits/2e9e5d6f1d28ad4628e46a18e31ba1108238c909	apt_kimsuky
urlhttps://x.com/skocherhan/status/2062632228509946089	apt_kimsuky
urlhttps://api.github.com/repos/stamparm/maltrail/commits/c25c244cf35eb5ddc46df0ffac93f30d994b652e	apt_kimsuky

Ip

Value	Description	Copy
ip213.218.160.189	hacked_npmrepos
ip185.181.11.117	android_spynote
ip43.139.224.138	cyberstrikeai
ip185.215.167.211	simplehelp
ip65.109.255.73	vidar
ip193.70.34.25	python_injector
ip34.154.23.46	llmbot
ip159.138.167.119	supershell_c2
ip181.215.6.77	supershell_c2
ip18.166.47.109	valleyrat
ip179.209.217.74	hak5cloud_c2
ip78.132.10.71	hak5cloud_c2
ip82.156.224.203	hak5cloud_c2

Domain

Value	Description	Copy
domain5q.oscarstars.xyz	nightshadec2
domainbgnhgrbg.cyou	nightshadec2
domainenjoymemes.com	nightshadec2
domaingenericlocalstoragenew.com	nightshadec2
domainms-telemetry-gateway-us.com	nightshadec2
domainoscarstars.xyz	nightshadec2
domainsalongallerie.com	nightshadec2
domainsub8.eu.org	lummac2
domainlkczkqweca.com	nightshadec2
domainsmokeenew.com	nightshadec2
domainwebstizkgao.com	nightshadec2
domainibewfszvehhb.lkczkqweca.com	nightshadec2
domainwpcol.com	magentocore
domainlislason.lol	ek_landupdate808
domaininstance-s6g21w-relay.screenconnect.com	connectwise
domainaccount.driv3qtwo.duckdns.org	fakeapp
domainadvath.d0c3syrouf.freemyip.com	fakeapp
domainaeshawellness.com	fakeapp
domainapp.mhfservlces.com	fakeapp
domainauth.suben3.freemyip.com	fakeapp
domainautoconfig.aeshawellness.com	fakeapp
domainautodiscover.aeshawellness.com	fakeapp
domainbcautomotive.lts-dispatch.com	fakeapp
domaincpanel.aeshawellness.com	fakeapp
domaincpcalendars.aeshawellness.com	fakeapp
domaincpcontacts.aeshawellness.com	fakeapp
domaind0c3syrouf.freemyip.com	fakeapp
domaindataworksglobal.top	fakeapp
domaindoc-file.top	fakeapp
domaindoc-files.top	fakeapp
domaindocumenteflie.com	fakeapp
domaindriv3qtwo.duckdns.org	fakeapp
domainfitgymsandiego.com	fakeapp
domainftp.aeshawellness.com	fakeapp
domaing.sst.suben3.freemyip.com	fakeapp
domaingrozzardsgroup.top	fakeapp
domainhaiita.com	fakeapp
domainkap-hwr.com	fakeapp
domainmail.documenteflie.com	fakeapp
domainmail.radiovoztv.org	fakeapp
domainmetrics.nimmon.ca	fakeapp
domainmhfservlces.com	fakeapp
domainmycryptoeducator.com	fakeapp
domainnimmon.ca	fakeapp
domaino365.driv3qtwo.duckdns.org	fakeapp
domainradiovoztv.org	fakeapp
domainremittancehub.top	fakeapp
domainsmusxath.suben3.freemyip.com	fakeapp
domainsocial-download-report.com	fakeapp
domainsocialdownload-report.com	fakeapp
domainsocialdownload-state.com	fakeapp
domainsp.authpoint.usa.d0c3syrouf.freemyip.com	fakeapp
domainsst.d0c3syrouf.freemyip.com	fakeapp
domainsuben3.freemyip.com	fakeapp
domainulgroup.driv3qtwo.duckdns.org	fakeapp
domainwebdisk.aeshawellness.com	fakeapp
domainwebmail.aeshawellness.com	fakeapp
domainwhm.aeshawellness.com	fakeapp
domainkayan-esw.com	fakeapp
domaint90141163642.p.clickup-attachments.com	fakeapp
domaindism188.top	vidar
domainfittpure.com	vidar
domainmub.dism188.top	vidar
domainaccount-login.userauth.dynv6.net	apt_kimsuky
domainaccount-login.userauth.o-r.kr	apt_kimsuky
domaincommunitysize.kro.kr	apt_kimsuky
domainglobal.communitysize.kro.kr	apt_kimsuky
domainuserauth.dynv6.net	apt_kimsuky
domainuserauth.o-r.kr	apt_kimsuky
domainwqekkfdjsdfaasdfjkbwefb.io	python_injector
domainpedit.fun	android_joker
domaincheckinfo.kro.kr	apt_kimsuky
domainclovanote.ohbah.com	apt_kimsuky
domainlogin.checkinfo.kro.kr	apt_kimsuky
domainm.navre.co.malam.or.id	apt_kimsuky
domainnav-logins.ntpx12ee.dns.army	apt_kimsuky
domainnavre.co.malam.or.id	apt_kimsuky
domainntpx12ee.dns.army	apt_kimsuky
domainportal.clovanote.ohbah.com	apt_kimsuky
domaintals5ex.dynv6.net	apt_kimsuky
domain6441056b613c32a9.apollo.r-e.kr	apt_kimsuky
domainaccounts.google.corn.v3.cut-com.eu	apt_kimsuky
domainapollo-page.r-e.kr	apt_kimsuky
domainapollo-page.r-e.nidlogin.apollo.r-e.kr	apt_kimsuky
domainapollo.r-e.kr	apt_kimsuky
domaincorn.v3.cut-com.eu	apt_kimsuky
domainekyc.naver-page.o-r.kr	apt_kimsuky
domaingoogle.corn.v3.cut-com.eu	apt_kimsuky
domainhttp-nidlogin.apollo.r-e.kr	apt_kimsuky
domainhttp-r-e.nidlogin.apollo.r-e.kr	apt_kimsuky
domainhttps-nidlogin.apollo.r-e.kr	apt_kimsuky
domainhttps-r-e.nidlogin.apollo.r-e.kr	apt_kimsuky
domainidlogin.apollo.r-e.kr	apt_kimsuky
domaininvoice-document.n-e.kr	apt_kimsuky
domainkrnidlogin.apollo.r-e.kr	apt_kimsuky
domainmail.apollo-page.r-e.kr	apt_kimsuky
domainmail.apollo-page.r-e.nidlogin.apollo.r-e.kr	apt_kimsuky
domainmail.apollo.r-e.kr	apt_kimsuky
domainnaver-page.o-r.kr	apt_kimsuky
domainnid.xn	apt_kimsuky
domainnidlogin.apollo.r-e.kr	apt_kimsuky
domainnidloging.apollo.r-e.kr	apt_kimsuky
domainnidlongin.apollo.r-e.kr	apt_kimsuky
domainr-e.krnidlogin.apollo.r-e.kr	apt_kimsuky
domainr-e.nidlogin.apollo.r-e.kr	apt_kimsuky
domainsscyber-samsungcard.kro.kr	apt_kimsuky
domainuld.invoice-document.n-e.kr	apt_kimsuky
domainv3.cut-com.eu	apt_kimsuky
domaintonajukbhuakpo2.shop	powershell_injector
domainhaddjskak827sja.com	powershell_injector
domaincashbackpunp.fun	osx_nova
domainliinkydin.com	osx_nova
domainlinkjdin.com	osx_nova
domainlossesback-pumps.fun	osx_nova
domainpump-streamhub.fun	osx_nova
domainpumprooms.fun	osx_nova
domainrugclaim-pump.fun	osx_nova
domainzeelov.com	osx_nova
domainziiillow.com	osx_nova
domainzilauwwa.click	osx_nova
domainzjllov.com	osx_nova
domainbytfax.com	osx_atomic
domainfilecedarcompass.cyou	osx_atomic
domainfilehollowstudio.cyou	osx_atomic
domainfilelunarcanvas.cyou	osx_atomic
domainfilemistyengine.cyou	osx_atomic
domainfileobsidianorbit.cyou	osx_atomic
domainfilepearlhorizon.cyou	osx_atomic
domainfilerubyplanet.cyou	osx_atomic
domainfilesapphiretower.cyou	osx_atomic
domainfilethundercanvas.cyou	osx_atomic
domainfilevelvetplanet.cyou	osx_atomic
domainfilewillowsignal.cyou	osx_atomic
domainzexbyt.com	osx_atomic
domainbayareawaterheater.com	apt_unc2465
domainbytorianforge.com	apt_unc2465
domaincedarspoint.it.com	apt_unc2465
domainelevatsys.it.com	apt_unc2465
domainfluxoraviantech.com	apt_unc2465
domainmarbellavacations.com	apt_unc2465
domainmeridiasolution.it.com	apt_unc2465
domainpressurewashingalabama.com	apt_unc2465
domaincatalogo.castrouria.com	desckvbrat
domainaosotaka.com	netsupport
domainasmfmfmfmf.com	netsupport
domainasqmvmastt.com	netsupport
domaindaisiiafsfk.com	netsupport
domaindjkmgndkjfgndfg.com	netsupport
domaindkilkamajsiot.com	netsupport
domainfastoqoakkas.com	netsupport
domainfoasfjkasf.com	netsupport
domainfopsadfposkdf.com	netsupport
domainhdudidjdjdndjdjd.com	netsupport
domainlambdauyamna.com	netsupport
domainlopstmisot.com	netsupport
domainmsiulosjudiid.com	netsupport
domainmxjxifkfkkffjjf.com	netsupport
domainoficekoslosld.com	netsupport
domainopfiksotpffff.com	netsupport
domainskadfjsdijfhsfso9to.com	netsupport
domaintiqwtkmma.com	netsupport
domaintomaskoslimsok.com	netsupport
domainzbxcgtqt.com	netsupport
domainbitgost.com	osx_atomic
domainfileamberforest.cyou	osx_atomic
domainfileautumnsignal.cyou	osx_atomic
domainfileglacierbridge.cyou	osx_atomic
domainfileivoryharbor.cyou	osx_atomic
domainfilelavenderbridge.online	osx_atomic
domainfileopalvoyage.cyou	osx_atomic
domainfilepinebeacon.cyou	osx_atomic
domainfiles.tonmicrob.click	osx_atomic
domainkraken.mom	osx_atomic
domaintestixworlesemint.world	osx_atomic
domaintg-page.digital	osx_atomic
domaintonmicrob.click	osx_atomic
domaintowerex-exchange.com	osx_atomic
domaintowerex-exchange.digital	osx_atomic
domaintowerex-exchange.today	osx_atomic
domaintransaction.towerex-exchange.com	osx_atomic
domainverification.towerex-exchange.com	osx_atomic
domainvu.towerex-exchange.digital	osx_atomic
domainwinbyt.com	osx_atomic
domainmerchant-gateway.live	vidar
domainvertexpartners.au	vidar
domainq2rt.vertexpartners.au	vidar
domainwhbackend.ru	1312
domainlummaaass.site	vidar
domainyouronestophalalshop.com	vidar
domain2dbks.cdn365.top	hak5cloud_c2
domainjptower.dns.army	apt_kimsuky
domainlloizou.dynv6.net	apt_kimsuky
domainmetapola.dns.army	apt_kimsuky
domainschet.dns.army	apt_kimsuky
domainsi1901.dynv6.net	apt_kimsuky
domainstore.jptower.dns.army	apt_kimsuky
domainstore.lloizou.dynv6.net	apt_kimsuky
domainstore.metapola.dns.army	apt_kimsuky
domainstore.si1901.dynv6.net	apt_kimsuky
domainstore.unikoreamc.dynv6.net	apt_kimsuky
domainunikoreamc.dynv6.net	apt_kimsuky
domainvaml.schet.dns.army	apt_kimsuky
domainnid-naverwuk.servecounterstrike.com	apt_kimsuky

Threat ID: 6a22efc5e29bf47b50882a02

Added to database: 6/5/2026, 3:48:21 PM

Last enriched: 6/5/2026, 4:04:06 PM

Last updated: 6/13/2026, 6:23:00 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited

View courses

Maltrail IOC for 2026-06-05

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

Maltrail IOC for 2026-06-05

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Url

Ip

Domain

Community Reviews

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility

Maltrail IOC for 2026-06-05

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

Maltrail IOC for 2026-06-05

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Url

Ip

Domain

Community Reviews

Related Threats

ThreatFox IOCs for 2026-06-12

Sameboy emultaor flaged as malware on VirusTotal.

Over 400 Arch Linux packages compromised to push rootkit, infostealer

Maltrail IOC for 2026-06-12

ThreatFox IOCs for 2026-06-11

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility