Maltrail IOC for 2026-06-17
Maltrail IOC for 2026-06-17
AI Analysis
Technical Summary
The report details a malware-related IOC identified by Maltrail on 2026-06-17, sourced from the CIRCL OSINT feed. It is classified as a medium-risk observation based on external network activity analysis. No known exploits or patches are associated with this IOC, and no specific technical indicators or affected software versions are provided.
Potential Impact
The impact is assessed as medium risk based on the source classification. There are no known exploits in the wild, and no affected software versions or systems are specified, limiting the scope of direct impact assessment.
Mitigation Recommendations
No patches or fixes are available or applicable for this IOC. Organizations should monitor relevant network activity for indicators matching this IOC as part of their threat detection processes. Since this is an OSINT observation without actionable patches, no immediate remediation is prescribed.
Indicators of Compromise
- url: https://api.github.com/repos/stamparm/maltrail/commits/597e3e3f219ba659742e5037fc4ecd02ce9ad0f3
- domain: biokorq.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/c68521b40239b4f891d30e9e2ddda9fe1717456d
- domain: aiagentledger.com
- domain: corlopt.it.com
- domain: francefinhelp.com
- domain: meshorialquant.com
- domain: meshorianforge.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/2607764fa093332eee17db34f7b5314c02278f07
- ip: 209.99.189.233
- ip: 95.133.228.222
- url: https://api.github.com/repos/stamparm/maltrail/commits/3afef31953b9529ae3105e08e8e89e010fe57bc1
- domain: dev-hcsg.daliajobs.com
- domain: edoc-view.dynuddns.net
- domain: ipsnctns.dynu.org
- domain: mois-docs.dynuddns.net
- domain: msipsnlog.dynu.org
- domain: ncertips.dynu.org
- domain: ncodepcheck.dynu.org
- domain: ncodepverify.dynu.org
- domain: nhisann.dynu.org
- domain: nid-naverdbo.svcma.com
- domain: nid-naverotm.servecounterstrike.com
- domain: nidmcheck.dynu.org
- domain: nidmlsit.dynu.org
- domain: nipsntmlog.dynu.org
- domain: npschec.dynu.net
- domain: polep.dynu.net
- domain: signin-verify.dynu.org
- url: https://api.github.com/repos/stamparm/maltrail/commits/56261f8adabc69c804c39e832ca36497edf284e5
- domain: acevqt.xyz
- url: https://api.github.com/repos/stamparm/maltrail/commits/6d01325c8bf0f8c49fb0039e536c1072d44282cf
- url: https://x.com/Fact_Finder03/status/2067091644969877977
- ip: 104.251.180.168
- url: https://api.github.com/repos/stamparm/maltrail/commits/1c6d75c50a0f8446dc7934303579ac2c635d0648
- domain: jy.dpmz.top
- domain: luck.dpmz.top
- url: https://api.github.com/repos/stamparm/maltrail/commits/fdd75773eba6ad66154cb73e106acddf5bfe5ff6
- domain: eichmnnn.icu
- domain: vilialobos.lol
- url: https://api.github.com/repos/stamparm/maltrail/commits/9fc91e3a4e109b4c5ab86a86b47bea5c2508af9d
- url: https://x.com/Fact_Finder03/status/2065308363932512687
- url: https://x.com/Fact_Finder03/status/2067162736661016979
- ip: 142.93.123.221
- domain: internaldirective.org
- domain: 9ouqwt.easypanel.host
- domain: c2.internaldirective.org
- domain: panel.internaldirective.org
- url: https://api.github.com/repos/stamparm/maltrail/commits/735a90a0b8a2b283e752ee64e47f93c9a6d669bb
- ip: 185.196.10.231
- domain: coinbase-305857.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/2a19ea64492790580f41136a76919cd04e833ced
- ip: 209.99.186.211
- domain: 822743t-coinbase.com
- domain: kilmainham-dublin.org
- url: https://api.github.com/repos/stamparm/maltrail/commits/647ded650dfdb837814871847f86f086f216ee2b
- url: https://x.com/siri_urz/status/2066852748126003680
- url: https://urlscan.io/result/019ed4cd-bc9c-74b8-9241-ff4aa7b7dae3
- url: https://urlscan.io/result/019ed4c6-295a-71ae-ae27-c4db3e215ac6
- ip: 5.255.123.65
- domain: cmdofficial.com
- domain: cmdnkiqjije2tllr3biee2sjgj3i4robg2cbtilbnytdhh2wy3syrlyd.onion
- url: https://api.github.com/repos/stamparm/maltrail/commits/86cde45f7775f886a89034395fb338212c0f8168
- url: https://x.com/L0Psec/status/2066961104786313623
- url: https://www.virustotal.com/gui/file/20ec42047b73fc120e47b5de0a24f9ab323d6587b01d2bf90ee43305a2bac59d/detection
- domain: californiasmallbusinesslaw.com
- domain: polyapp.shop
- url: https://api.github.com/repos/stamparm/maltrail/commits/692d71d9e245b2eca6e9c1f3b1a294d634d28440
- ip: 23.27.202.101
Maltrail IOC for 2026-06-17
Description
Maltrail IOC for 2026-06-17
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The report details a malware-related IOC identified by Maltrail on 2026-06-17, sourced from the CIRCL OSINT feed. It is classified as a medium-risk observation based on external network activity analysis. No known exploits or patches are associated with this IOC, and no specific technical indicators or affected software versions are provided.
Potential Impact
The impact is assessed as medium risk based on the source classification. There are no known exploits in the wild, and no affected software versions or systems are specified, limiting the scope of direct impact assessment.
Mitigation Recommendations
No patches or fixes are available or applicable for this IOC. Organizations should monitor relevant network activity for indicators matching this IOC as part of their threat detection processes. Since this is an OSINT observation without actionable patches, no immediate remediation is prescribed.
Technical Details
- Uuid
- bd15b376-88d1-45c8-9f72-e4c95c9bb869
- Original Timestamp
- 1781694004
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://api.github.com/repos/stamparm/maltrail/commits/597e3e3f219ba659742e5037fc4ecd02ce9ad0f3 | magentocore | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/c68521b40239b4f891d30e9e2ddda9fe1717456d | apt_unc2465 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/2607764fa093332eee17db34f7b5314c02278f07 | sectoprat | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/3afef31953b9529ae3105e08e8e89e010fe57bc1 | apt_kimsuky | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/56261f8adabc69c804c39e832ca36497edf284e5 | android_joker | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/6d01325c8bf0f8c49fb0039e536c1072d44282cf | janus | |
urlhttps://x.com/Fact_Finder03/status/2067091644969877977 | janus | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/1c6d75c50a0f8446dc7934303579ac2c635d0648 | cyberstrikeai | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/fdd75773eba6ad66154cb73e106acddf5bfe5ff6 | ek_landupdate808 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/9fc91e3a4e109b4c5ab86a86b47bea5c2508af9d | mamba | |
urlhttps://x.com/Fact_Finder03/status/2065308363932512687 | mamba | |
urlhttps://x.com/Fact_Finder03/status/2067162736661016979 | mamba | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/735a90a0b8a2b283e752ee64e47f93c9a6d669bb | cmd_ransomware | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/2a19ea64492790580f41136a76919cd04e833ced | cmd_ransomware | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/647ded650dfdb837814871847f86f086f216ee2b | cmd_ransomware | |
urlhttps://x.com/siri_urz/status/2066852748126003680 | cmd_ransomware | |
urlhttps://urlscan.io/result/019ed4cd-bc9c-74b8-9241-ff4aa7b7dae3 | cmd_ransomware | |
urlhttps://urlscan.io/result/019ed4c6-295a-71ae-ae27-c4db3e215ac6 | cmd_ransomware | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/86cde45f7775f886a89034395fb338212c0f8168 | osx_atomic | |
urlhttps://x.com/L0Psec/status/2066961104786313623 | osx_atomic | |
urlhttps://www.virustotal.com/gui/file/20ec42047b73fc120e47b5de0a24f9ab323d6587b01d2bf90ee43305a2bac59d/detection | osx_atomic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/692d71d9e245b2eca6e9c1f3b1a294d634d28440 | georgeginx |
Domain
| Value | Description | Copy |
|---|---|---|
domainbiokorq.com | magentocore | |
domainaiagentledger.com | apt_unc2465 | |
domaincorlopt.it.com | apt_unc2465 | |
domainfrancefinhelp.com | apt_unc2465 | |
domainmeshorialquant.com | apt_unc2465 | |
domainmeshorianforge.com | apt_unc2465 | |
domaindev-hcsg.daliajobs.com | apt_kimsuky | |
domainedoc-view.dynuddns.net | apt_kimsuky | |
domainipsnctns.dynu.org | apt_kimsuky | |
domainmois-docs.dynuddns.net | apt_kimsuky | |
domainmsipsnlog.dynu.org | apt_kimsuky | |
domainncertips.dynu.org | apt_kimsuky | |
domainncodepcheck.dynu.org | apt_kimsuky | |
domainncodepverify.dynu.org | apt_kimsuky | |
domainnhisann.dynu.org | apt_kimsuky | |
domainnid-naverdbo.svcma.com | apt_kimsuky | |
domainnid-naverotm.servecounterstrike.com | apt_kimsuky | |
domainnidmcheck.dynu.org | apt_kimsuky | |
domainnidmlsit.dynu.org | apt_kimsuky | |
domainnipsntmlog.dynu.org | apt_kimsuky | |
domainnpschec.dynu.net | apt_kimsuky | |
domainpolep.dynu.net | apt_kimsuky | |
domainsignin-verify.dynu.org | apt_kimsuky | |
domainacevqt.xyz | android_joker | |
domainjy.dpmz.top | cyberstrikeai | |
domainluck.dpmz.top | cyberstrikeai | |
domaineichmnnn.icu | ek_landupdate808 | |
domainvilialobos.lol | ek_landupdate808 | |
domaininternaldirective.org | mamba | |
domain9ouqwt.easypanel.host | mamba | |
domainc2.internaldirective.org | mamba | |
domainpanel.internaldirective.org | mamba | |
domaincoinbase-305857.com | cmd_ransomware | |
domain822743t-coinbase.com | cmd_ransomware | |
domainkilmainham-dublin.org | cmd_ransomware | |
domaincmdofficial.com | cmd_ransomware | |
domaincmdnkiqjije2tllr3biee2sjgj3i4robg2cbtilbnytdhh2wy3syrlyd.onion | cmd_ransomware | |
domaincaliforniasmallbusinesslaw.com | osx_atomic | |
domainpolyapp.shop | osx_atomic |
Ip
| Value | Description | Copy |
|---|---|---|
ip209.99.189.233 | sectoprat | |
ip95.133.228.222 | sectoprat | |
ip104.251.180.168 | janus | |
ip142.93.123.221 | mamba | |
ip185.196.10.231 | cmd_ransomware | |
ip209.99.186.211 | cmd_ransomware | |
ip5.255.123.65 | cmd_ransomware | |
ip23.27.202.101 | georgeginx |
Threat ID: 6a329dd60b89be688853b7d6
Added to database: 6/17/2026, 1:15:02 PM
Last enriched: 6/17/2026, 1:15:55 PM
Last updated: 6/17/2026, 4:53:33 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.