Reconnecting to live updates…

Maltrail IOC for 2026-06-27

Severity: mediumType: malware

AI Analysis

Technical Summary

The report details a malware-related IOC detected by Maltrail on 2026-06-27, sourced from CIRCL OSINT feeds. It is categorized under OSINT and network activity analysis but lacks detailed technical indicators or affected software versions. No known exploits or patches are associated with this IOC. The information serves as an external observation for threat intelligence purposes.

Potential Impact

No direct impact details or affected software are specified. The IOC indicates potential malware-related network activity, but no active exploitation or vulnerabilities are confirmed. The medium severity suggests moderate concern but no immediate critical threat.

Mitigation Recommendations

No patch or remediation is available or applicable as this is an IOC observation rather than a vulnerability. Security teams should incorporate this IOC into their detection and monitoring tools if relevant. No urgent action is mandated by the source.

Indicators of Compromise

url: https://api.github.com/repos/stamparm/maltrail/commits/79a0bcfa9c697c622b75b54d796f85b12d92fcd3
domain: docmoise.dynuddns.net
domain: ercmdocload.dynu.net
domain: ipsnave.dynuddns.net
domain: mew-ips.dynu.net
domain: mew-ips.dynuddns.net
domain: moisedc.dynuddns.net
domain: msldnsmh.dynu.org
domain: msnvlogd.dynu.org
domain: msvlognps.dynu.org
domain: nacnhis.dynu.org
domain: navipse.dynuddns.net
domain: ncodeycheck.dynu.org
domain: ncodeypass.dynu.org
domain: ncodeyverify.dynu.org
domain: ncodezcheck.dynu.org
domain: ncodezpass.dynu.org
domain: ncodezverify.dynu.org
domain: ndlmtms.dynu.org
domain: nhidentical.dynu.net
domain: nhncontents-share.cafe
domain: nid-navermrw.svcma.com
domain: nnvcnhs.dynu.org
domain: nslntid.dynu.org
domain: nstidnv.dynu.org
domain: nvfhis.dynu.org
domain: nvlogmips.dynu.org
domain: nvsmlogsm.dynu.org
domain: nxtdocs.dynu.org
domain: taxidentical.dynu.net
domain: ubloginteract.dynu.net
domain: untxlog.dynu.net
domain: untxlog.dynu.org
url: https://api.github.com/repos/stamparm/maltrail/commits/0eacf571b2a9ae6148d46d1f621b607e4b119455
domain: openclaws.digital
url: https://api.github.com/repos/stamparm/maltrail/commits/4d65a4a7e0c3640b2faebd1846f6c7895e59b758
ip: 122.10.115.10
ip: 154.36.188.214
domain: cyber.zafkyel.top
url: https://api.github.com/repos/stamparm/maltrail/commits/2a86882477743144feea4c81c4a466ee94347e3e
domain: 1.govind.monster
domain: 1b.inconatex.sbs
domain: 21.govin.monster
domain: 22.laoshunfa.xyz
domain: 3.govind.monster
domain: 4.govind.monster
domain: 74.enumerate.homes
domain: 9.jiguang.click
domain: adg.govs.pro
domain: adminstration.cam
domain: afqofp.cyou
domain: alksdj.cfd
domain: app.generate.lat
domain: authentcation.lol
domain: authentification.bond
domain: bot-hotfix.govs.pro
domain: bvcjmxz.help
domain: chatpoe.club
domain: cometa.sbs
domain: commison.mom
domain: cxxsh.space
domain: czvoyz.study
domain: dbplm.click
domain: dbplm.date
domain: dbplm.site
domain: dev.generate.lat
domain: dev.govs.pro
domain: dmv.virginia.govs.live
domain: dtounai.website
domain: enumerate.homes
domain: esejzqo.mom
domain: faigfy.baby
domain: fanlsx.xyz
domain: flowise-hotfix.govs.pro
domain: flowiseai-staging.govs.pro
domain: fuvema.click
domain: fuvema.pics
domain: fxchgqj.pics
domain: fxwykrx.pics
domain: generate.lat
domain: ggogpx.homes
domain: gihxind.sbs
domain: gov-s.sbs
domain: govin.autos
domain: govin.baby
domain: govin.forum
domain: govin.homes
domain: govin.lat
domain: govin.lol
domain: govin.mom
domain: govin.monster
domain: govin.pics
domain: govin.quest
domain: govin.rest
domain: govin.sbs
domain: govin.skin
domain: govind.baby
domain: govind.cfd
domain: govind.click
domain: govind.cyou
domain: govind.forum
domain: govind.homes
domain: govind.lol
domain: govind.monster
domain: govind.quest
domain: govs.baby
domain: govs.fyi
domain: govs.live
domain: govs.monster
domain: govs.pics
domain: govs.pro
domain: govs.quest
domain: govsind.cfd
domain: govsind.lat
domain: govsind.sbs
domain: govtech.life
domain: govtop.autos
domain: govtop.baby
domain: govtop.beauty
domain: govtop.cfd
domain: govtop.click
domain: govtop.cyou
domain: govtop.homes
domain: govtop.lat
domain: govtop.lol
domain: govtop.monster
domain: govtop.quest
domain: govtop.sbs
domain: goxtom.sbs
domain: goxtom.xyz
domain: h.inandot.click
domain: hcds168.sbs
domain: headquaters.xyz
domain: import.mom
domain: inandot.click
domain: inandot.club
domain: inandot.cyou
domain: inconatex.sbs
domain: indaqpfijqjfp.autos
domain: indaqpfijqjfp.beauty
domain: indaqpfijqjfp.biz
domain: indaqpfijqjfp.click
domain: indaqpfijqjfp.homes
domain: indaqpfijqjfp.lat
domain: indaqpfijqjfp.lol
domain: indaqpfijqjfp.mom
domain: indaqpfijqjfp.monster
domain: indaqpfijqjfp.pics
domain: indaqpfijqjfp.quest
domain: indaqpfijqjfp.rest
domain: indaqpfijqjfps.life
domain: indaqpfijqjfpwdqwdds.vip
domain: indgov.click
domain: indgov.club
domain: indgov.sbs
domain: indgov.xyz
domain: indgovamx.click
domain: indgovinm.cam
domain: indgovvo.biz
domain: indgovvo.click
domain: indgovvo.forum
domain: indgovvo.homes
domain: indgovvo.icu
domain: indgovvo.live
domain: indgovvo.makeup
domain: indgovvo.mom
domain: indgovvo.one
domain: indgovvo.online
domain: indgovvo.pics
domain: indgovvo.quest
domain: indgovvo.rest
domain: indnia.click
domain: indnia.cyou
domain: indnia.sbs
domain: indopc.quest
domain: indtex.sbs
domain: indva.click
domain: indva.cyou
domain: indva.lol
domain: indva.sbs
domain: indva.xyz
domain: indweb.lat
domain: ingood.click
domain: ingood.lat
domain: ingood.lol
domain: ingov.cfd
domain: ingov.cyou
domain: ingov.lol
domain: ingov.sbs
domain: ingov.xyz
domain: ingovweb.cyou
domain: inmtax.sbs
domain: internatonal.sbs
domain: intex.sbs
domain: intop.sbs
domain: inxbus.sbs
domain: inxot.sbs
domain: ipffbq.mom
domain: ivhhkw.space
domain: jfqrhf.pro
domain: jiguang.click
domain: jiguang.cyou
domain: jiguang.lol
domain: jmipav.autos
domain: kattp.homes
domain: kfzncb.xyz
domain: kihulo.baby
domain: kkkkhhhhyyyjhhhaswuswxgw.shop
domain: kswkri.rest
domain: laoshunfa.xyz
domain: lmtnw.pro
domain: lzbeiy.cfd
domain: mass.govs.live
domain: mdaewn.beauty
domain: members.govs.pro
domain: meoou.rest
domain: mobile.govs.pro
domain: ms1.govs.live
domain: mtoxbod.sbs
domain: mvd.indaqpfijqjfp.homes
domain: mvd.indnia.cyou
domain: mvd.indnia.sbs
domain: mvd.ssina.cyou
domain: mvd.ssina.sbs
domain: mvd.visaina.sbs
domain: mvl.indaqpfijqjfp.homes
domain: nadot.sbs
domain: nandot.lol
domain: nexwhqp.quest
domain: notexistsptt.govs.pro
domain: o2.gov-s.sbs
domain: oppmto.sbs
domain: oppmto.xyz
domain: ou.ingov.cfd
domain: oztyvt.click
domain: p3.indva.lol
domain: p4.indva.sbs
domain: p7.govs.baby
domain: p8.nadot.sbs
domain: pe.govin.lat
domain: pg.ssina.sbs
domain: pk.govin.lol
domain: pk.ingov.lol
domain: pl.ingov.sbs
domain: pm.zbitb.pro
domain: po.govs.pics
domain: pobira.pics
domain: postman.visaina.sbs
domain: pp.govs.live
domain: pq.intex.sbs
domain: ps.intop.sbs
domain: pt.zpklm.biz
domain: pxftzql.click
domain: q3.indva.xyz
domain: qa.ucwvv.mom
domain: qf.ssina.xyz
domain: qgkxvwp.lol
domain: qjjfgy.xyz
domain: qk.ingov.xyz
domain: qkbjznv.homes
domain: ql.swvzb.top
domain: qwjvckz.cyou
domain: random.generate.lat
domain: rf.dbplm.date
domain: rt.indnia.sbs
domain: ruieyt.top
domain: rustore.govs.pro
domain: rz.govin.baby
domain: s5.ingood.lol
domain: s9.nandot.lol
domain: sa.govtop.cfd
domain: sd.indgov.sbs
domain: sg.govin.pics
domain: sg.indva.cyou
domain: sh.xauad.cyou
domain: si.indtex.sbs
domain: sitemap.generate.lat
domain: sitemap.intop.sbs
domain: sm.govin.skin
domain: sohoto.xyz
domain: sr.tqhaq.rest
domain: ss.ssina.cyou
domain: ssina.cyou
domain: ssina.sbs
domain: ssina.xyz
domain: string.autos
domain: supervison.cam
domain: sv.govin.rest
domain: sv.govtop.one
domain: swvzb.top
domain: sx.ingov.cyou
domain: t0.goxtom.sbs
domain: t1.govtop.sbs
domain: t1.xvtop.club
domain: tb.govs.quest
domain: tdmogw.click
domain: tf.ruieyt.top
domain: tnwvsx.click
domain: to.xintoa.xyz
domain: tqhaq.rest
domain: tr.xvtop.cyou
domain: tugora.quest
domain: tx.sohoto.xyz
domain: u6.xoptmm.xyz
domain: ub.votpor.xyz
domain: ucwvv.mom
domain: ue.indva.click
domain: uhwbw.space
domain: unphof.monster
domain: uz.indgov.club
domain: v5.gihxind.sbs
domain: v5.indnia.cyou
domain: v6.govind.monster
domain: vb.uhwbw.space
domain: vbnmzi.sale
domain: vc.cxxsh.space
domain: vd.govsind.lat
domain: vdlltop.sbs
domain: vdlltop.xyz
domain: ve.vumll.space
domain: veupmx.sbs
domain: vf.govtop.baby
domain: vgnkcv.autos
domain: vi.kattp.homes
domain: vipindgov.beauty
domain: vipindgov.biz
domain: vipindgov.blog
domain: vipindgov.click
domain: vipindgov.live
domain: vipindgov.one
domain: vipindgov.online
domain: vipindgov.rest
domain: vipindgov.vip
domain: virginia.govs
domain: virginia.govs.live
domain: visaina.sbs
domain: vk.govsind.sbs
domain: votpor.xyz
domain: vp.xvtop.click
domain: vt.xgsxbj.site
domain: vt.xoptmm.club
domain: vu.govin.forum
domain: vumll.space
domain: vx.govin.autos
domain: w3.govin.quest
domain: wap.govs.pro
domain: wd.govtop.cyou
domain: wu.vdlltop.xyz
domain: x3.indnia.click
domain: xauad.cyou
domain: xgsxbj.site
domain: xintoa.xyz
domain: xk.chatpoe.club
domain: xn.indgov.click
domain: xoptmm.club
domain: xoptmm.xyz
domain: xt.inandot.club
domain: xvtgds.xyz
domain: xvtop.click
domain: xvtop.club
domain: xvtop.cyou
domain: xzqpjvb.baby
domain: y3.ivhhkw.space
domain: yb.govtop.click
domain: yj.inandot.cyou
domain: yn.indgovvo.biz
domain: yx.govtop.homes
domain: z2.tnwvsx.click
domain: z5.string.autos
domain: z9.govs.monster
domain: zbitb.pro
domain: zbpkml.pics
domain: zcmtgvbk.govs.pro
domain: zj.govtop.quest
domain: zpklm.biz
domain: zqbxpvm.click
url: https://api.github.com/repos/stamparm/maltrail/commits/d300e058cfce332c9bed75cc697704d90a54a0fb
url: https://www.seqrite.com/blog/operation-dragonreturn-china-nexus-cyber-espionage-campaign-targeting-govt-of-india-mof-tax-infrastructure-via-multi-stage-dcrat-deployment
ip: 204.194.54.9
ip: 223.26.63.40
domain: govtop.one
domain: ikkkkddd.com
domain: kkxqbh.top
domain: xa.ikkkkddd.com
url: https://api.github.com/repos/stamparm/maltrail/commits/e014835f646a334721926322c776f3036f8236b9
domain: haseebbaig.me
url: https://api.github.com/repos/stamparm/maltrail/commits/3f75ec7c22ac94b175bf238f0b8b714d1b6734e0
url: https://x.com/skocherhan/status/2070622153855131829
domain: r5q73tje1r.billbutterworth.com
domain: u6extfzlk0.billbutterworth.com
domain: wmerlcxpyt.billbutterworth.com
url: https://api.github.com/repos/stamparm/maltrail/commits/41d0f9ef383e51605168bd7e9559ff2afcf78918
url: https://x.com/byrne_emmy12099/status/2070441663668039825
url: https://www.virustotal.com/gui/file/254d585ad9e536457987fe575c35552884fd94260e562909c7b30835d8c99e1c/detection
domain: tommy-v.lol
url: https://api.github.com/repos/stamparm/maltrail/commits/fa461e3bfc10a46c6f7a0d8ff0864b40cad3976a
url: https://blog.synapticsystems.de/uac-0184-tooling-evolution-onedrive-sideload-to-remcos
ip: 144.31.236.240
url: https://api.github.com/repos/stamparm/maltrail/commits/ae2d72c5f45c5c3a5d74e12ed4b3c2725affee81
url: https://x.com/fbgwls245/status/2070800666793230612
domain: settra5ldqwgtw5q7z5awbsvlksakyfojuc5slgrz5lvapune4fantqd.onion
url: https://api.github.com/repos/stamparm/maltrail/commits/a34536052af4a5202af371a9e9ac91cf24a462e0
url: https://x.com/malwrhunterteam/status/2070495990524621096
domain: syncn.cfd
domain: googlemeet.syncn.cfd
domain: onedrive.syncn.cfd
domain: us06web-zoom.syncn.cfd
domain: us06zoom.syncn.cfd
url: https://api.github.com/repos/stamparm/maltrail/commits/f0307ca748d2289e4d1f5eb536d24241eaee8acd
url: https://www.virustotal.com/gui/file/3f53c76fd5b8ecaa423c4ee66db81b8a2e65360e48deb24b1d260aef2e7d0b3f/detection
ip: 45.119.55.66
url: https://api.github.com/repos/stamparm/maltrail/commits/6c2fff0c08cd0d159c10edcb1611f26a15821fe0
url: https://x.com/naumovax/status/2070512434352112038
url: https://www.securonix.com/blog/taxtrident-indian-fax-lures
url: https://tria.ge/260406-pekzxafx8p/behavioral1
ip: 202.61.160.201
domain: aymdkese.love
domain: bctetagrg.love
domain: bxyawrgr.love
domain: ficjseytea.love
domain: flsiuety.love
domain: fstawrxvy.love
domain: gsawytex.love
domain: hauwtcbe.love
domain: haywtrbcye.live
domain: hduywtt.love
domain: hsieuygrw.love
domain: isauwtsq.love
domain: isdhdwhw.love
domain: ixufruwig.love
domain: jaiwuydr.love
domain: jdshduyw.love
domain: juxsyena.love
domain: kisuytbze.love
domain: kiufusete.love
domain: kixuseteh.love
domain: kjfuwyce.love
domain: komjhhd.com
domain: ksiduyee.love
domain: kudkgoay.love
domain: kxisetcblg.love
domain: kxuaicnvyet.love
domain: laiwnndye.love
domain: laiwyhvge.love
domain: lasodtetr.love
domain: ldiruttew.love
domain: lisudted.love
domain: lxcosetrs.love
domain: maietxdea.love
domain: mxnnshya.love
domain: pbcgsrwre.love
domain: pdijcsuet.love
domain: pifuytawjne.love
domain: piumbtaw.love
domain: pmrravwg.love
domain: psufuyvaw.love
domain: pxnzsdgre.live
domain: qiawmcue.love
domain: rctsbetaw.love
domain: skjsayeyd.love
domain: syxhtejkdr.love
domain: tasdhwia.love
domain: taxenrs.com
domain: taxind.name
domain: taxindn.com
domain: taxindn.name
domain: tbckduurs.love
domain: uyfbbnstet.love
domain: v7.taxindn.com
domain: vm.taxenrs.com
domain: wyctridea.love
domain: xafgdvctw.love
domain: xcndyteer.love
domain: xcuyeaet.love
domain: xijbdgecr.love
domain: xuaywttsa.love
domain: xucnvgjte.love
domain: xusadtraw.love
domain: xusdtmcdra.love
domain: yasyciuste.love
domain: ydufwyaxe.love
domain: ysicgtes.love
domain: zlvbvyer.love
domain: zocuyuefgd.love
domain: zsyrtcmke.love
domain: zuxywrjcie.love
domain: zxaiasuye.love
url: https://api.github.com/repos/stamparm/maltrail/commits/2ef6e72180743629407b88b14e6be75ae897f779
url: https://www.virustotal.com/gui/file/ae243178e201c6ee475e4498cade0d21ef22b8a6923322576115b0888e189013/detection
ip: 216.250.104.166
url: https://api.github.com/repos/stamparm/maltrail/commits/0709a06378fd89657d6b2f135ef74b9588c92273
url: https://x.com/FatzQatz/status/2070561112349905138
url: https://tria.ge/260626-v86fladx9k/behavioral1
url: https://www.virustotal.com/gui/file/e9daa34a227fda5da11c250796465bb8081f2913fb6ff4c28cfc49992e762da5/detection
ip: 47.76.174.189
domain: 3s.aliqwenapi.com
domain: 8d.cloudops-api.com
domain: aliqwenapi.com
domain: apiupdate.com
domain: cloudapi-update.com
domain: cloudops-api.com
domain: gu.cloudapi-update.com
domain: jianpn106437694.softether.net
domain: login.apiupdate.com
domain: mail.apiupdate.com
domain: q.apiupdate.com
domain: sso.login.apiupdate.com
domain: staging.apiupdate.com
domain: zhongyantech.vip
url: https://api.github.com/repos/stamparm/maltrail/commits/b9b94515015fb9ba6d30495187b2cbb7ab62638d
url: https://cloud.google.com/blog/topics/threat-intelligence/stockstay-turla-intelligence-gathering
domain: canal1zac1a.onrender.com
domain: driverx86-adobe.onrender.com
domain: google-ai-labs-it.onrender.com
domain: weatherdataai.theworkpc.com
domain: wool-basalt-clock.glitch.me
domain: circoloesteri.elezioni.idnet.it
url: https://api.github.com/repos/stamparm/maltrail/commits/9f9d393b66299df8500f2cf1bb0d6a4995cfda34
ip: 144.172.114.163
ip: 144.172.92.199
ip: 153.75.91.241
ip: 193.56.135.182
ip: 216.126.224.29
url: https://api.github.com/repos/stamparm/maltrail/commits/6ff310143ed7d4c6aca9aeb6067d9e267ac912d7
ip: 202.182.102.5
ip: 45.76.210.43
url: https://api.github.com/repos/stamparm/maltrail/commits/c824b750005d38213be618fdd084d8da4c3a1f1a
url: https://x.com/SpiderLabs/status/2070503545841873313
domain: superstarlog.click
url: https://api.github.com/repos/stamparm/maltrail/commits/1698e526a79c13a27eaa36954b7045399d6a268a
domain: navi.sell.app
url: https://api.github.com/repos/stamparm/maltrail/commits/5da1dcfd833c8524e47272be72177092cacec0bf
url: https://x.com/suyog41/status/2069339491094126652
url: https://www.virustotal.com/gui/file/0c843e347e1a102cdd56dfa1b8f5d4b4131a1bc653f8f2387157ebcd6e715cf6/detection
domain: ins0mnia.ru
url: https://api.github.com/repos/stamparm/maltrail/commits/a4c455cc5c86684ffccb53211311bbbd6e1d3549
domain: cloudflera.top
url: https://api.github.com/repos/stamparm/maltrail/commits/14a35bbe947592543dd4a2ebb8866ad86984b395
domain: dns-server.club
url: https://api.github.com/repos/stamparm/maltrail/commits/fa2842511a824b6cc9cb4734ebd0c6c265868209
url: https://securelist.com/strikeshark-campaign/120326
url: https://news.sophos.com/en-us/2025/04/29/finding-minhook-in-a-sideloading-attack-and-sweden-too
url: https://github.com/threatray/threat-research/blob/main/2026-06-26-SharkLoader/iocs.md
url: https://www.virustotal.com/gui/file/e534d9032141555d21be8b23f30d8f6dd156d61e986bbeed019d9316973b1ba9/detection
url: https://www.virustotal.com/gui/file/f87cb46cac1fa44c9f1430123fb23e179e3d653a0e4094e0c133fa48a924924f/detection
domain: connect-microsoft.com
domain: ms-record.com
domain: ms-record.top
domain: ms-tray.top
domain: bostik.cmsnet.se
url: https://api.github.com/repos/stamparm/maltrail/commits/dfb263ac9c17e598c1b3c064c9bfa95df98239bc
url: https://x.com/malwrhunterteam/status/2070460565806276864
domain: enjoy-rachel-rider-ireland.trycloudflare.com
url: https://api.github.com/repos/stamparm/maltrail/commits/8e70dc9c786eaa4440ca1cdccaa38720b9503bd4
domain: bot.majids.web.id
domain: eytrbne.icu
domain: lunaimage.com
domain: majids.web.id
url: https://api.github.com/repos/stamparm/maltrail/commits/dc81ff2bc62759184488d1e9f1d9310e3099c0ca
domain: droptest.xyz
url: https://api.github.com/repos/stamparm/maltrail/commits/2b877ae19848ea3ed81d5531c12bfc7cfe0f63c4
domain: 803.st
domain: 9645468a-7b00-49bd-888f-5b7aa18e0e26.ieclo.net
domain: 9n2mhtn-0c9zna14n3mr49e.icu
domain: ads.kds-sms.com
domain: bxygsuj.com
domain: coinweb3.cfd
domain: cp.thantgt.cn
domain: d9b3m.com
domain: dadakeji.com
domain: dexqqbr.com
domain: f6z2q.com
domain: g2w7x.com
domain: g5n3v.com
domain: hhkalink.com
domain: hostmaster.hanzuan.net
domain: iieuykp.com
domain: k3w8n.com
domain: kds-sms.com
domain: kk.dadakeji.com
domain: liu6he.edu.pl
domain: n4k9c.com
domain: new.9n2mhtn-0c9zna14n3mr49e.icu
domain: new.hanzuan.net
domain: olmszas.com
domain: p3m8v.com
domain: p9x5r.com
domain: r4d6j.com
domain: stellarvilla.top
domain: t5r8p.com
domain: t7x2n.com
domain: v2m7b.com
domain: wap.hhkalink.com
domain: xv.liu6he.edu.pl
url: https://api.github.com/repos/stamparm/maltrail/commits/55b70063927bc6029d8ae87132f86c5512419007
domain: hiatuft.cyou
domain: myroayy.cyou
url: https://api.github.com/repos/stamparm/maltrail/commits/183ad39ebe5ac74eb60a0c035fe0e401e213e535
domain: bluezno.cyou

Maltrail IOC for 2026-06-27

Severity: medium

Type: malware

Maltrail IOC for 2026-06-27

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

url: https://api.github.com/repos/stamparm/maltrail/commits/79a0bcfa9c697c622b75b54d796f85b12d92fcd3
domain: docmoise.dynuddns.net
domain: ercmdocload.dynu.net
domain: ipsnave.dynuddns.net
domain: mew-ips.dynu.net
domain: mew-ips.dynuddns.net
domain: moisedc.dynuddns.net
domain: msldnsmh.dynu.org
domain: msnvlogd.dynu.org
domain: msvlognps.dynu.org
domain: nacnhis.dynu.org
domain: navipse.dynuddns.net
domain: ncodeycheck.dynu.org
domain: ncodeypass.dynu.org
domain: ncodeyverify.dynu.org
domain: ncodezcheck.dynu.org
domain: ncodezpass.dynu.org
domain: ncodezverify.dynu.org
domain: ndlmtms.dynu.org
domain: nhidentical.dynu.net
domain: nhncontents-share.cafe
domain: nid-navermrw.svcma.com
domain: nnvcnhs.dynu.org
domain: nslntid.dynu.org
domain: nstidnv.dynu.org
domain: nvfhis.dynu.org
domain: nvlogmips.dynu.org
domain: nvsmlogsm.dynu.org
domain: nxtdocs.dynu.org
domain: taxidentical.dynu.net
domain: ubloginteract.dynu.net
domain: untxlog.dynu.net
domain: untxlog.dynu.org
url: https://api.github.com/repos/stamparm/maltrail/commits/0eacf571b2a9ae6148d46d1f621b607e4b119455
domain: openclaws.digital
url: https://api.github.com/repos/stamparm/maltrail/commits/4d65a4a7e0c3640b2faebd1846f6c7895e59b758
ip: 122.10.115.10
ip: 154.36.188.214
domain: cyber.zafkyel.top
url: https://api.github.com/repos/stamparm/maltrail/commits/2a86882477743144feea4c81c4a466ee94347e3e
domain: 1.govind.monster
domain: 1b.inconatex.sbs
domain: 21.govin.monster
domain: 22.laoshunfa.xyz
domain: 3.govind.monster
domain: 4.govind.monster
domain: 74.enumerate.homes
domain: 9.jiguang.click
domain: adg.govs.pro
domain: adminstration.cam
domain: afqofp.cyou
domain: alksdj.cfd
domain: app.generate.lat
domain: authentcation.lol
domain: authentification.bond
domain: bot-hotfix.govs.pro
domain: bvcjmxz.help
domain: chatpoe.club
domain: cometa.sbs
domain: commison.mom
domain: cxxsh.space
domain: czvoyz.study
domain: dbplm.click
domain: dbplm.date
domain: dbplm.site
domain: dev.generate.lat
domain: dev.govs.pro
domain: dmv.virginia.govs.live
domain: dtounai.website
domain: enumerate.homes
domain: esejzqo.mom
domain: faigfy.baby
domain: fanlsx.xyz
domain: flowise-hotfix.govs.pro
domain: flowiseai-staging.govs.pro
domain: fuvema.click
domain: fuvema.pics
domain: fxchgqj.pics
domain: fxwykrx.pics
domain: generate.lat
domain: ggogpx.homes
domain: gihxind.sbs
domain: gov-s.sbs
domain: govin.autos
domain: govin.baby
domain: govin.forum
domain: govin.homes
domain: govin.lat
domain: govin.lol
domain: govin.mom
domain: govin.monster
domain: govin.pics
domain: govin.quest
domain: govin.rest
domain: govin.sbs
domain: govin.skin
domain: govind.baby
domain: govind.cfd
domain: govind.click
domain: govind.cyou
domain: govind.forum
domain: govind.homes
domain: govind.lol
domain: govind.monster
domain: govind.quest
domain: govs.baby
domain: govs.fyi
domain: govs.live
domain: govs.monster
domain: govs.pics
domain: govs.pro
domain: govs.quest
domain: govsind.cfd
domain: govsind.lat
domain: govsind.sbs
domain: govtech.life
domain: govtop.autos
domain: govtop.baby
domain: govtop.beauty
domain: govtop.cfd
domain: govtop.click
domain: govtop.cyou
domain: govtop.homes
domain: govtop.lat
domain: govtop.lol
domain: govtop.monster
domain: govtop.quest
domain: govtop.sbs
domain: goxtom.sbs
domain: goxtom.xyz
domain: h.inandot.click
domain: hcds168.sbs
domain: headquaters.xyz
domain: import.mom
domain: inandot.click
domain: inandot.club
domain: inandot.cyou
domain: inconatex.sbs
domain: indaqpfijqjfp.autos
domain: indaqpfijqjfp.beauty
domain: indaqpfijqjfp.biz
domain: indaqpfijqjfp.click
domain: indaqpfijqjfp.homes
domain: indaqpfijqjfp.lat
domain: indaqpfijqjfp.lol
domain: indaqpfijqjfp.mom
domain: indaqpfijqjfp.monster
domain: indaqpfijqjfp.pics
domain: indaqpfijqjfp.quest
domain: indaqpfijqjfp.rest
domain: indaqpfijqjfps.life
domain: indaqpfijqjfpwdqwdds.vip
domain: indgov.click
domain: indgov.club
domain: indgov.sbs
domain: indgov.xyz
domain: indgovamx.click
domain: indgovinm.cam
domain: indgovvo.biz
domain: indgovvo.click
domain: indgovvo.forum
domain: indgovvo.homes
domain: indgovvo.icu
domain: indgovvo.live
domain: indgovvo.makeup
domain: indgovvo.mom
domain: indgovvo.one
domain: indgovvo.online
domain: indgovvo.pics
domain: indgovvo.quest
domain: indgovvo.rest
domain: indnia.click
domain: indnia.cyou
domain: indnia.sbs
domain: indopc.quest
domain: indtex.sbs
domain: indva.click
domain: indva.cyou
domain: indva.lol
domain: indva.sbs
domain: indva.xyz
domain: indweb.lat
domain: ingood.click
domain: ingood.lat
domain: ingood.lol
domain: ingov.cfd
domain: ingov.cyou
domain: ingov.lol
domain: ingov.sbs
domain: ingov.xyz
domain: ingovweb.cyou
domain: inmtax.sbs
domain: internatonal.sbs
domain: intex.sbs
domain: intop.sbs
domain: inxbus.sbs
domain: inxot.sbs
domain: ipffbq.mom
domain: ivhhkw.space
domain: jfqrhf.pro
domain: jiguang.click
domain: jiguang.cyou
domain: jiguang.lol
domain: jmipav.autos
domain: kattp.homes
domain: kfzncb.xyz
domain: kihulo.baby
domain: kkkkhhhhyyyjhhhaswuswxgw.shop
domain: kswkri.rest
domain: laoshunfa.xyz
domain: lmtnw.pro
domain: lzbeiy.cfd
domain: mass.govs.live
domain: mdaewn.beauty
domain: members.govs.pro
domain: meoou.rest
domain: mobile.govs.pro
domain: ms1.govs.live
domain: mtoxbod.sbs
domain: mvd.indaqpfijqjfp.homes
domain: mvd.indnia.cyou
domain: mvd.indnia.sbs
domain: mvd.ssina.cyou
domain: mvd.ssina.sbs
domain: mvd.visaina.sbs
domain: mvl.indaqpfijqjfp.homes
domain: nadot.sbs
domain: nandot.lol
domain: nexwhqp.quest
domain: notexistsptt.govs.pro
domain: o2.gov-s.sbs
domain: oppmto.sbs
domain: oppmto.xyz
domain: ou.ingov.cfd
domain: oztyvt.click
domain: p3.indva.lol
domain: p4.indva.sbs
domain: p7.govs.baby
domain: p8.nadot.sbs
domain: pe.govin.lat
domain: pg.ssina.sbs
domain: pk.govin.lol
domain: pk.ingov.lol
domain: pl.ingov.sbs
domain: pm.zbitb.pro
domain: po.govs.pics
domain: pobira.pics
domain: postman.visaina.sbs
domain: pp.govs.live
domain: pq.intex.sbs
domain: ps.intop.sbs
domain: pt.zpklm.biz
domain: pxftzql.click
domain: q3.indva.xyz
domain: qa.ucwvv.mom
domain: qf.ssina.xyz
domain: qgkxvwp.lol
domain: qjjfgy.xyz
domain: qk.ingov.xyz
domain: qkbjznv.homes
domain: ql.swvzb.top
domain: qwjvckz.cyou
domain: random.generate.lat
domain: rf.dbplm.date
domain: rt.indnia.sbs
domain: ruieyt.top
domain: rustore.govs.pro
domain: rz.govin.baby
domain: s5.ingood.lol
domain: s9.nandot.lol
domain: sa.govtop.cfd
domain: sd.indgov.sbs
domain: sg.govin.pics
domain: sg.indva.cyou
domain: sh.xauad.cyou
domain: si.indtex.sbs
domain: sitemap.generate.lat
domain: sitemap.intop.sbs
domain: sm.govin.skin
domain: sohoto.xyz
domain: sr.tqhaq.rest
domain: ss.ssina.cyou
domain: ssina.cyou
domain: ssina.sbs
domain: ssina.xyz
domain: string.autos
domain: supervison.cam
domain: sv.govin.rest
domain: sv.govtop.one
domain: swvzb.top
domain: sx.ingov.cyou
domain: t0.goxtom.sbs
domain: t1.govtop.sbs
domain: t1.xvtop.club
domain: tb.govs.quest
domain: tdmogw.click
domain: tf.ruieyt.top
domain: tnwvsx.click
domain: to.xintoa.xyz
domain: tqhaq.rest
domain: tr.xvtop.cyou
domain: tugora.quest
domain: tx.sohoto.xyz
domain: u6.xoptmm.xyz
domain: ub.votpor.xyz
domain: ucwvv.mom
domain: ue.indva.click
domain: uhwbw.space
domain: unphof.monster
domain: uz.indgov.club
domain: v5.gihxind.sbs
domain: v5.indnia.cyou
domain: v6.govind.monster
domain: vb.uhwbw.space
domain: vbnmzi.sale
domain: vc.cxxsh.space
domain: vd.govsind.lat
domain: vdlltop.sbs
domain: vdlltop.xyz
domain: ve.vumll.space
domain: veupmx.sbs
domain: vf.govtop.baby
domain: vgnkcv.autos
domain: vi.kattp.homes
domain: vipindgov.beauty
domain: vipindgov.biz
domain: vipindgov.blog
domain: vipindgov.click
domain: vipindgov.live
domain: vipindgov.one
domain: vipindgov.online
domain: vipindgov.rest
domain: vipindgov.vip
domain: virginia.govs
domain: virginia.govs.live
domain: visaina.sbs
domain: vk.govsind.sbs
domain: votpor.xyz
domain: vp.xvtop.click
domain: vt.xgsxbj.site
domain: vt.xoptmm.club
domain: vu.govin.forum
domain: vumll.space
domain: vx.govin.autos
domain: w3.govin.quest
domain: wap.govs.pro
domain: wd.govtop.cyou
domain: wu.vdlltop.xyz
domain: x3.indnia.click
domain: xauad.cyou
domain: xgsxbj.site
domain: xintoa.xyz
domain: xk.chatpoe.club
domain: xn.indgov.click
domain: xoptmm.club
domain: xoptmm.xyz
domain: xt.inandot.club
domain: xvtgds.xyz
domain: xvtop.click
domain: xvtop.club
domain: xvtop.cyou
domain: xzqpjvb.baby
domain: y3.ivhhkw.space
domain: yb.govtop.click
domain: yj.inandot.cyou
domain: yn.indgovvo.biz
domain: yx.govtop.homes
domain: z2.tnwvsx.click
domain: z5.string.autos
domain: z9.govs.monster
domain: zbitb.pro
domain: zbpkml.pics
domain: zcmtgvbk.govs.pro
domain: zj.govtop.quest
domain: zpklm.biz
domain: zqbxpvm.click
url: https://api.github.com/repos/stamparm/maltrail/commits/d300e058cfce332c9bed75cc697704d90a54a0fb
url: https://www.seqrite.com/blog/operation-dragonreturn-china-nexus-cyber-espionage-campaign-targeting-govt-of-india-mof-tax-infrastructure-via-multi-stage-dcrat-deployment
ip: 204.194.54.9
ip: 223.26.63.40
domain: govtop.one
domain: ikkkkddd.com
domain: kkxqbh.top
domain: xa.ikkkkddd.com
url: https://api.github.com/repos/stamparm/maltrail/commits/e014835f646a334721926322c776f3036f8236b9
domain: haseebbaig.me
url: https://api.github.com/repos/stamparm/maltrail/commits/3f75ec7c22ac94b175bf238f0b8b714d1b6734e0
url: https://x.com/skocherhan/status/2070622153855131829
domain: r5q73tje1r.billbutterworth.com
domain: u6extfzlk0.billbutterworth.com
domain: wmerlcxpyt.billbutterworth.com
url: https://api.github.com/repos/stamparm/maltrail/commits/41d0f9ef383e51605168bd7e9559ff2afcf78918
url: https://x.com/byrne_emmy12099/status/2070441663668039825
url: https://www.virustotal.com/gui/file/254d585ad9e536457987fe575c35552884fd94260e562909c7b30835d8c99e1c/detection
domain: tommy-v.lol
url: https://api.github.com/repos/stamparm/maltrail/commits/fa461e3bfc10a46c6f7a0d8ff0864b40cad3976a
url: https://blog.synapticsystems.de/uac-0184-tooling-evolution-onedrive-sideload-to-remcos
ip: 144.31.236.240
url: https://api.github.com/repos/stamparm/maltrail/commits/ae2d72c5f45c5c3a5d74e12ed4b3c2725affee81
url: https://x.com/fbgwls245/status/2070800666793230612
domain: settra5ldqwgtw5q7z5awbsvlksakyfojuc5slgrz5lvapune4fantqd.onion
url: https://api.github.com/repos/stamparm/maltrail/commits/a34536052af4a5202af371a9e9ac91cf24a462e0
url: https://x.com/malwrhunterteam/status/2070495990524621096
domain: syncn.cfd
domain: googlemeet.syncn.cfd
domain: onedrive.syncn.cfd
domain: us06web-zoom.syncn.cfd
domain: us06zoom.syncn.cfd
url: https://api.github.com/repos/stamparm/maltrail/commits/f0307ca748d2289e4d1f5eb536d24241eaee8acd
url: https://www.virustotal.com/gui/file/3f53c76fd5b8ecaa423c4ee66db81b8a2e65360e48deb24b1d260aef2e7d0b3f/detection
ip: 45.119.55.66
url: https://api.github.com/repos/stamparm/maltrail/commits/6c2fff0c08cd0d159c10edcb1611f26a15821fe0
url: https://x.com/naumovax/status/2070512434352112038
url: https://www.securonix.com/blog/taxtrident-indian-fax-lures
url: https://tria.ge/260406-pekzxafx8p/behavioral1
ip: 202.61.160.201
domain: aymdkese.love
domain: bctetagrg.love
domain: bxyawrgr.love
domain: ficjseytea.love
domain: flsiuety.love
domain: fstawrxvy.love
domain: gsawytex.love
domain: hauwtcbe.love
domain: haywtrbcye.live
domain: hduywtt.love
domain: hsieuygrw.love
domain: isauwtsq.love
domain: isdhdwhw.love
domain: ixufruwig.love
domain: jaiwuydr.love
domain: jdshduyw.love
domain: juxsyena.love
domain: kisuytbze.love
domain: kiufusete.love
domain: kixuseteh.love
domain: kjfuwyce.love
domain: komjhhd.com
domain: ksiduyee.love
domain: kudkgoay.love
domain: kxisetcblg.love
domain: kxuaicnvyet.love
domain: laiwnndye.love
domain: laiwyhvge.love
domain: lasodtetr.love
domain: ldiruttew.love
domain: lisudted.love
domain: lxcosetrs.love
domain: maietxdea.love
domain: mxnnshya.love
domain: pbcgsrwre.love
domain: pdijcsuet.love
domain: pifuytawjne.love
domain: piumbtaw.love
domain: pmrravwg.love
domain: psufuyvaw.love
domain: pxnzsdgre.live
domain: qiawmcue.love
domain: rctsbetaw.love
domain: skjsayeyd.love
domain: syxhtejkdr.love
domain: tasdhwia.love
domain: taxenrs.com
domain: taxind.name
domain: taxindn.com
domain: taxindn.name
domain: tbckduurs.love
domain: uyfbbnstet.love
domain: v7.taxindn.com
domain: vm.taxenrs.com
domain: wyctridea.love
domain: xafgdvctw.love
domain: xcndyteer.love
domain: xcuyeaet.love
domain: xijbdgecr.love
domain: xuaywttsa.love
domain: xucnvgjte.love
domain: xusadtraw.love
domain: xusdtmcdra.love
domain: yasyciuste.love
domain: ydufwyaxe.love
domain: ysicgtes.love
domain: zlvbvyer.love
domain: zocuyuefgd.love
domain: zsyrtcmke.love
domain: zuxywrjcie.love
domain: zxaiasuye.love
url: https://api.github.com/repos/stamparm/maltrail/commits/2ef6e72180743629407b88b14e6be75ae897f779
url: https://www.virustotal.com/gui/file/ae243178e201c6ee475e4498cade0d21ef22b8a6923322576115b0888e189013/detection
ip: 216.250.104.166
url: https://api.github.com/repos/stamparm/maltrail/commits/0709a06378fd89657d6b2f135ef74b9588c92273
url: https://x.com/FatzQatz/status/2070561112349905138
url: https://tria.ge/260626-v86fladx9k/behavioral1
url: https://www.virustotal.com/gui/file/e9daa34a227fda5da11c250796465bb8081f2913fb6ff4c28cfc49992e762da5/detection
ip: 47.76.174.189
domain: 3s.aliqwenapi.com
domain: 8d.cloudops-api.com
domain: aliqwenapi.com
domain: apiupdate.com
domain: cloudapi-update.com
domain: cloudops-api.com
domain: gu.cloudapi-update.com
domain: jianpn106437694.softether.net
domain: login.apiupdate.com
domain: mail.apiupdate.com
domain: q.apiupdate.com
domain: sso.login.apiupdate.com
domain: staging.apiupdate.com
domain: zhongyantech.vip
url: https://api.github.com/repos/stamparm/maltrail/commits/b9b94515015fb9ba6d30495187b2cbb7ab62638d
url: https://cloud.google.com/blog/topics/threat-intelligence/stockstay-turla-intelligence-gathering
domain: canal1zac1a.onrender.com
domain: driverx86-adobe.onrender.com
domain: google-ai-labs-it.onrender.com
domain: weatherdataai.theworkpc.com
domain: wool-basalt-clock.glitch.me
domain: circoloesteri.elezioni.idnet.it
url: https://api.github.com/repos/stamparm/maltrail/commits/9f9d393b66299df8500f2cf1bb0d6a4995cfda34
ip: 144.172.114.163
ip: 144.172.92.199
ip: 153.75.91.241
ip: 193.56.135.182
ip: 216.126.224.29
url: https://api.github.com/repos/stamparm/maltrail/commits/6ff310143ed7d4c6aca9aeb6067d9e267ac912d7
ip: 202.182.102.5
ip: 45.76.210.43
url: https://api.github.com/repos/stamparm/maltrail/commits/c824b750005d38213be618fdd084d8da4c3a1f1a
url: https://x.com/SpiderLabs/status/2070503545841873313
domain: superstarlog.click
url: https://api.github.com/repos/stamparm/maltrail/commits/1698e526a79c13a27eaa36954b7045399d6a268a
domain: navi.sell.app
url: https://api.github.com/repos/stamparm/maltrail/commits/5da1dcfd833c8524e47272be72177092cacec0bf
url: https://x.com/suyog41/status/2069339491094126652
url: https://www.virustotal.com/gui/file/0c843e347e1a102cdd56dfa1b8f5d4b4131a1bc653f8f2387157ebcd6e715cf6/detection
domain: ins0mnia.ru
url: https://api.github.com/repos/stamparm/maltrail/commits/a4c455cc5c86684ffccb53211311bbbd6e1d3549
domain: cloudflera.top
url: https://api.github.com/repos/stamparm/maltrail/commits/14a35bbe947592543dd4a2ebb8866ad86984b395
domain: dns-server.club
url: https://api.github.com/repos/stamparm/maltrail/commits/fa2842511a824b6cc9cb4734ebd0c6c265868209
url: https://securelist.com/strikeshark-campaign/120326
url: https://news.sophos.com/en-us/2025/04/29/finding-minhook-in-a-sideloading-attack-and-sweden-too
url: https://github.com/threatray/threat-research/blob/main/2026-06-26-SharkLoader/iocs.md
url: https://www.virustotal.com/gui/file/e534d9032141555d21be8b23f30d8f6dd156d61e986bbeed019d9316973b1ba9/detection
url: https://www.virustotal.com/gui/file/f87cb46cac1fa44c9f1430123fb23e179e3d653a0e4094e0c133fa48a924924f/detection
domain: connect-microsoft.com
domain: ms-record.com
domain: ms-record.top
domain: ms-tray.top
domain: bostik.cmsnet.se
url: https://api.github.com/repos/stamparm/maltrail/commits/dfb263ac9c17e598c1b3c064c9bfa95df98239bc
url: https://x.com/malwrhunterteam/status/2070460565806276864
domain: enjoy-rachel-rider-ireland.trycloudflare.com
url: https://api.github.com/repos/stamparm/maltrail/commits/8e70dc9c786eaa4440ca1cdccaa38720b9503bd4
domain: bot.majids.web.id
domain: eytrbne.icu
domain: lunaimage.com
domain: majids.web.id
url: https://api.github.com/repos/stamparm/maltrail/commits/dc81ff2bc62759184488d1e9f1d9310e3099c0ca
domain: droptest.xyz
url: https://api.github.com/repos/stamparm/maltrail/commits/2b877ae19848ea3ed81d5531c12bfc7cfe0f63c4
domain: 803.st
domain: 9645468a-7b00-49bd-888f-5b7aa18e0e26.ieclo.net
domain: 9n2mhtn-0c9zna14n3mr49e.icu
domain: ads.kds-sms.com
domain: bxygsuj.com
domain: coinweb3.cfd
domain: cp.thantgt.cn
domain: d9b3m.com
domain: dadakeji.com
domain: dexqqbr.com
domain: f6z2q.com
domain: g2w7x.com
domain: g5n3v.com
domain: hhkalink.com
domain: hostmaster.hanzuan.net
domain: iieuykp.com
domain: k3w8n.com
domain: kds-sms.com
domain: kk.dadakeji.com
domain: liu6he.edu.pl
domain: n4k9c.com
domain: new.9n2mhtn-0c9zna14n3mr49e.icu
domain: new.hanzuan.net
domain: olmszas.com
domain: p3m8v.com
domain: p9x5r.com
domain: r4d6j.com
domain: stellarvilla.top
domain: t5r8p.com
domain: t7x2n.com
domain: v2m7b.com
domain: wap.hhkalink.com
domain: xv.liu6he.edu.pl
url: https://api.github.com/repos/stamparm/maltrail/commits/55b70063927bc6029d8ae87132f86c5512419007
domain: hiatuft.cyou
domain: myroayy.cyou
url: https://api.github.com/repos/stamparm/maltrail/commits/183ad39ebe5ac74eb60a0c035fe0e401e213e535
domain: bluezno.cyou

Source: CIRCL OSINT Feed

Published: 06/27/2026

Maltrail IOC for 2026-06-27

Medium

Malwaretlp:clear malware misp:threat-level="medium-risk"misp:event-type="observation"misp:automation-level="unsupervised"type:osint osint:lifetime="perpetual"osint:source-type="manual-collection"

Published: 06/27/2026 (06/27/2026, 00:00:00 UTC)

Source: CIRCL OSINT Feed

Description

Maltrail IOC for 2026-06-27

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 06/27/2026, 19:21:14 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Uuid: 64f30208-0b74-45a1-80d5-656986bc15da
Original Timestamp: 1782583205

Indicators of Compromise

Url

Value	Description	Copy
urlhttps://api.github.com/repos/stamparm/maltrail/commits/79a0bcfa9c697c622b75b54d796f85b12d92fcd3	apt_kimsuky
urlhttps://api.github.com/repos/stamparm/maltrail/commits/0eacf571b2a9ae6148d46d1f621b607e4b119455	osx_nova
urlhttps://api.github.com/repos/stamparm/maltrail/commits/4d65a4a7e0c3640b2faebd1846f6c7895e59b758	cyberstrikeai
urlhttps://api.github.com/repos/stamparm/maltrail/commits/2a86882477743144feea4c81c4a466ee94347e3e	dcrat
urlhttps://api.github.com/repos/stamparm/maltrail/commits/d300e058cfce332c9bed75cc697704d90a54a0fb	dcrat
urlhttps://www.seqrite.com/blog/operation-dragonreturn-china-nexus-cyber-espionage-campaign-targeting-govt-of-india-mof-tax-infrastructure-via-multi-stage-dcrat-deployment	dcrat
urlhttps://api.github.com/repos/stamparm/maltrail/commits/e014835f646a334721926322c776f3036f8236b9	fakeapp
urlhttps://api.github.com/repos/stamparm/maltrail/commits/3f75ec7c22ac94b175bf238f0b8b714d1b6734e0	fakeapp
urlhttps://x.com/skocherhan/status/2070622153855131829	fakeapp
urlhttps://api.github.com/repos/stamparm/maltrail/commits/41d0f9ef383e51605168bd7e9559ff2afcf78918	apt_kimsuky
urlhttps://x.com/byrne_emmy12099/status/2070441663668039825	apt_kimsuky
urlhttps://www.virustotal.com/gui/file/254d585ad9e536457987fe575c35552884fd94260e562909c7b30835d8c99e1c/detection	apt_kimsuky
urlhttps://api.github.com/repos/stamparm/maltrail/commits/fa461e3bfc10a46c6f7a0d8ff0864b40cad3976a	remcos
urlhttps://blog.synapticsystems.de/uac-0184-tooling-evolution-onedrive-sideload-to-remcos	remcos
urlhttps://api.github.com/repos/stamparm/maltrail/commits/ae2d72c5f45c5c3a5d74e12ed4b3c2725affee81	settra_ransomware
urlhttps://x.com/fbgwls245/status/2070800666793230612	settra_ransomware
urlhttps://api.github.com/repos/stamparm/maltrail/commits/a34536052af4a5202af371a9e9ac91cf24a462e0	apt_bluenoroff
urlhttps://x.com/malwrhunterteam/status/2070495990524621096	apt_bluenoroff
urlhttps://api.github.com/repos/stamparm/maltrail/commits/f0307ca748d2289e4d1f5eb536d24241eaee8acd	diztakun
urlhttps://www.virustotal.com/gui/file/3f53c76fd5b8ecaa423c4ee66db81b8a2e65360e48deb24b1d260aef2e7d0b3f/detection	diztakun
urlhttps://api.github.com/repos/stamparm/maltrail/commits/6c2fff0c08cd0d159c10edcb1611f26a15821fe0	silverfox
urlhttps://x.com/naumovax/status/2070512434352112038	silverfox
urlhttps://www.securonix.com/blog/taxtrident-indian-fax-lures	silverfox
urlhttps://tria.ge/260406-pekzxafx8p/behavioral1	silverfox
urlhttps://api.github.com/repos/stamparm/maltrail/commits/2ef6e72180743629407b88b14e6be75ae897f779	diztakun
urlhttps://www.virustotal.com/gui/file/ae243178e201c6ee475e4498cade0d21ef22b8a6923322576115b0888e189013/detection	diztakun
urlhttps://api.github.com/repos/stamparm/maltrail/commits/0709a06378fd89657d6b2f135ef74b9588c92273	apt_unclassified
urlhttps://x.com/FatzQatz/status/2070561112349905138	apt_unclassified
urlhttps://tria.ge/260626-v86fladx9k/behavioral1	apt_unclassified
urlhttps://www.virustotal.com/gui/file/e9daa34a227fda5da11c250796465bb8081f2913fb6ff4c28cfc49992e762da5/detection	apt_unclassified
urlhttps://api.github.com/repos/stamparm/maltrail/commits/b9b94515015fb9ba6d30495187b2cbb7ab62638d	apt_turla
urlhttps://cloud.google.com/blog/topics/threat-intelligence/stockstay-turla-intelligence-gathering	apt_turla
urlhttps://api.github.com/repos/stamparm/maltrail/commits/9f9d393b66299df8500f2cf1bb0d6a4995cfda34	megalodon
urlhttps://api.github.com/repos/stamparm/maltrail/commits/6ff310143ed7d4c6aca9aeb6067d9e267ac912d7	tinyrct
urlhttps://api.github.com/repos/stamparm/maltrail/commits/c824b750005d38213be618fdd084d8da4c3a1f1a	—
urlhttps://x.com/SpiderLabs/status/2070503545841873313	—
urlhttps://api.github.com/repos/stamparm/maltrail/commits/1698e526a79c13a27eaa36954b7045399d6a268a	navirat
urlhttps://api.github.com/repos/stamparm/maltrail/commits/5da1dcfd833c8524e47272be72177092cacec0bf	navirat
urlhttps://x.com/suyog41/status/2069339491094126652	navirat
urlhttps://www.virustotal.com/gui/file/0c843e347e1a102cdd56dfa1b8f5d4b4131a1bc653f8f2387157ebcd6e715cf6/detection	navirat
urlhttps://api.github.com/repos/stamparm/maltrail/commits/a4c455cc5c86684ffccb53211311bbbd6e1d3549	sharkloader
urlhttps://api.github.com/repos/stamparm/maltrail/commits/14a35bbe947592543dd4a2ebb8866ad86984b395	sharkloader
urlhttps://api.github.com/repos/stamparm/maltrail/commits/fa2842511a824b6cc9cb4734ebd0c6c265868209	sharkloader
urlhttps://securelist.com/strikeshark-campaign/120326	sharkloader
urlhttps://news.sophos.com/en-us/2025/04/29/finding-minhook-in-a-sideloading-attack-and-sweden-too	sharkloader
urlhttps://github.com/threatray/threat-research/blob/main/2026-06-26-SharkLoader/iocs.md	sharkloader
urlhttps://www.virustotal.com/gui/file/e534d9032141555d21be8b23f30d8f6dd156d61e986bbeed019d9316973b1ba9/detection	sharkloader
urlhttps://www.virustotal.com/gui/file/f87cb46cac1fa44c9f1430123fb23e179e3d653a0e4094e0c133fa48a924924f/detection	sharkloader
urlhttps://api.github.com/repos/stamparm/maltrail/commits/dfb263ac9c17e598c1b3c064c9bfa95df98239bc	generic
urlhttps://x.com/malwrhunterteam/status/2070460565806276864	generic
urlhttps://api.github.com/repos/stamparm/maltrail/commits/8e70dc9c786eaa4440ca1cdccaa38720b9503bd4	android_fvncbot
urlhttps://api.github.com/repos/stamparm/maltrail/commits/dc81ff2bc62759184488d1e9f1d9310e3099c0ca	offloader
urlhttps://api.github.com/repos/stamparm/maltrail/commits/2b877ae19848ea3ed81d5531c12bfc7cfe0f63c4	apt_unc6691
urlhttps://api.github.com/repos/stamparm/maltrail/commits/55b70063927bc6029d8ae87132f86c5512419007	lummac2
urlhttps://api.github.com/repos/stamparm/maltrail/commits/183ad39ebe5ac74eb60a0c035fe0e401e213e535	lummac2

Domain

Value	Description	Copy
domaindocmoise.dynuddns.net	apt_kimsuky
domainercmdocload.dynu.net	apt_kimsuky
domainipsnave.dynuddns.net	apt_kimsuky
domainmew-ips.dynu.net	apt_kimsuky
domainmew-ips.dynuddns.net	apt_kimsuky
domainmoisedc.dynuddns.net	apt_kimsuky
domainmsldnsmh.dynu.org	apt_kimsuky
domainmsnvlogd.dynu.org	apt_kimsuky
domainmsvlognps.dynu.org	apt_kimsuky
domainnacnhis.dynu.org	apt_kimsuky
domainnavipse.dynuddns.net	apt_kimsuky
domainncodeycheck.dynu.org	apt_kimsuky
domainncodeypass.dynu.org	apt_kimsuky
domainncodeyverify.dynu.org	apt_kimsuky
domainncodezcheck.dynu.org	apt_kimsuky
domainncodezpass.dynu.org	apt_kimsuky
domainncodezverify.dynu.org	apt_kimsuky
domainndlmtms.dynu.org	apt_kimsuky
domainnhidentical.dynu.net	apt_kimsuky
domainnhncontents-share.cafe	apt_kimsuky
domainnid-navermrw.svcma.com	apt_kimsuky
domainnnvcnhs.dynu.org	apt_kimsuky
domainnslntid.dynu.org	apt_kimsuky
domainnstidnv.dynu.org	apt_kimsuky
domainnvfhis.dynu.org	apt_kimsuky
domainnvlogmips.dynu.org	apt_kimsuky
domainnvsmlogsm.dynu.org	apt_kimsuky
domainnxtdocs.dynu.org	apt_kimsuky
domaintaxidentical.dynu.net	apt_kimsuky
domainubloginteract.dynu.net	apt_kimsuky
domainuntxlog.dynu.net	apt_kimsuky
domainuntxlog.dynu.org	apt_kimsuky
domainopenclaws.digital	osx_nova
domaincyber.zafkyel.top	cyberstrikeai
domain1.govind.monster	dcrat
domain1b.inconatex.sbs	dcrat
domain21.govin.monster	dcrat
domain22.laoshunfa.xyz	dcrat
domain3.govind.monster	dcrat
domain4.govind.monster	dcrat
domain74.enumerate.homes	dcrat
domain9.jiguang.click	dcrat
domainadg.govs.pro	dcrat
domainadminstration.cam	dcrat
domainafqofp.cyou	dcrat
domainalksdj.cfd	dcrat
domainapp.generate.lat	dcrat
domainauthentcation.lol	dcrat
domainauthentification.bond	dcrat
domainbot-hotfix.govs.pro	dcrat
domainbvcjmxz.help	dcrat
domainchatpoe.club	dcrat
domaincometa.sbs	dcrat
domaincommison.mom	dcrat
domaincxxsh.space	dcrat
domainczvoyz.study	dcrat
domaindbplm.click	dcrat
domaindbplm.date	dcrat
domaindbplm.site	dcrat
domaindev.generate.lat	dcrat
domaindev.govs.pro	dcrat
domaindmv.virginia.govs.live	dcrat
domaindtounai.website	dcrat
domainenumerate.homes	dcrat
domainesejzqo.mom	dcrat
domainfaigfy.baby	dcrat
domainfanlsx.xyz	dcrat
domainflowise-hotfix.govs.pro	dcrat
domainflowiseai-staging.govs.pro	dcrat
domainfuvema.click	dcrat
domainfuvema.pics	dcrat
domainfxchgqj.pics	dcrat
domainfxwykrx.pics	dcrat
domaingenerate.lat	dcrat
domainggogpx.homes	dcrat
domaingihxind.sbs	dcrat
domaingov-s.sbs	dcrat
domaingovin.autos	dcrat
domaingovin.baby	dcrat
domaingovin.forum	dcrat
domaingovin.homes	dcrat
domaingovin.lat	dcrat
domaingovin.lol	dcrat
domaingovin.mom	dcrat
domaingovin.monster	dcrat
domaingovin.pics	dcrat
domaingovin.quest	dcrat
domaingovin.rest	dcrat
domaingovin.sbs	dcrat
domaingovin.skin	dcrat
domaingovind.baby	dcrat
domaingovind.cfd	dcrat
domaingovind.click	dcrat
domaingovind.cyou	dcrat
domaingovind.forum	dcrat
domaingovind.homes	dcrat
domaingovind.lol	dcrat
domaingovind.monster	dcrat
domaingovind.quest	dcrat
domaingovs.baby	dcrat
domaingovs.fyi	dcrat
domaingovs.live	dcrat
domaingovs.monster	dcrat
domaingovs.pics	dcrat
domaingovs.pro	dcrat
domaingovs.quest	dcrat
domaingovsind.cfd	dcrat
domaingovsind.lat	dcrat
domaingovsind.sbs	dcrat
domaingovtech.life	dcrat
domaingovtop.autos	dcrat
domaingovtop.baby	dcrat
domaingovtop.beauty	dcrat
domaingovtop.cfd	dcrat
domaingovtop.click	dcrat
domaingovtop.cyou	dcrat
domaingovtop.homes	dcrat
domaingovtop.lat	dcrat
domaingovtop.lol	dcrat
domaingovtop.monster	dcrat
domaingovtop.quest	dcrat
domaingovtop.sbs	dcrat
domaingoxtom.sbs	dcrat
domaingoxtom.xyz	dcrat
domainh.inandot.click	dcrat
domainhcds168.sbs	dcrat
domainheadquaters.xyz	dcrat
domainimport.mom	dcrat
domaininandot.click	dcrat
domaininandot.club	dcrat
domaininandot.cyou	dcrat
domaininconatex.sbs	dcrat
domainindaqpfijqjfp.autos	dcrat
domainindaqpfijqjfp.beauty	dcrat
domainindaqpfijqjfp.biz	dcrat
domainindaqpfijqjfp.click	dcrat
domainindaqpfijqjfp.homes	dcrat
domainindaqpfijqjfp.lat	dcrat
domainindaqpfijqjfp.lol	dcrat
domainindaqpfijqjfp.mom	dcrat
domainindaqpfijqjfp.monster	dcrat
domainindaqpfijqjfp.pics	dcrat
domainindaqpfijqjfp.quest	dcrat
domainindaqpfijqjfp.rest	dcrat
domainindaqpfijqjfps.life	dcrat
domainindaqpfijqjfpwdqwdds.vip	dcrat
domainindgov.click	dcrat
domainindgov.club	dcrat
domainindgov.sbs	dcrat
domainindgov.xyz	dcrat
domainindgovamx.click	dcrat
domainindgovinm.cam	dcrat
domainindgovvo.biz	dcrat
domainindgovvo.click	dcrat
domainindgovvo.forum	dcrat
domainindgovvo.homes	dcrat
domainindgovvo.icu	dcrat
domainindgovvo.live	dcrat
domainindgovvo.makeup	dcrat
domainindgovvo.mom	dcrat
domainindgovvo.one	dcrat
domainindgovvo.online	dcrat
domainindgovvo.pics	dcrat
domainindgovvo.quest	dcrat
domainindgovvo.rest	dcrat
domainindnia.click	dcrat
domainindnia.cyou	dcrat
domainindnia.sbs	dcrat
domainindopc.quest	dcrat
domainindtex.sbs	dcrat
domainindva.click	dcrat
domainindva.cyou	dcrat
domainindva.lol	dcrat
domainindva.sbs	dcrat
domainindva.xyz	dcrat
domainindweb.lat	dcrat
domainingood.click	dcrat
domainingood.lat	dcrat
domainingood.lol	dcrat
domainingov.cfd	dcrat
domainingov.cyou	dcrat
domainingov.lol	dcrat
domainingov.sbs	dcrat
domainingov.xyz	dcrat
domainingovweb.cyou	dcrat
domaininmtax.sbs	dcrat
domaininternatonal.sbs	dcrat
domainintex.sbs	dcrat
domainintop.sbs	dcrat
domaininxbus.sbs	dcrat
domaininxot.sbs	dcrat
domainipffbq.mom	dcrat
domainivhhkw.space	dcrat
domainjfqrhf.pro	dcrat
domainjiguang.click	dcrat
domainjiguang.cyou	dcrat
domainjiguang.lol	dcrat
domainjmipav.autos	dcrat
domainkattp.homes	dcrat
domainkfzncb.xyz	dcrat
domainkihulo.baby	dcrat
domainkkkkhhhhyyyjhhhaswuswxgw.shop	dcrat
domainkswkri.rest	dcrat
domainlaoshunfa.xyz	dcrat
domainlmtnw.pro	dcrat
domainlzbeiy.cfd	dcrat
domainmass.govs.live	dcrat
domainmdaewn.beauty	dcrat
domainmembers.govs.pro	dcrat
domainmeoou.rest	dcrat
domainmobile.govs.pro	dcrat
domainms1.govs.live	dcrat
domainmtoxbod.sbs	dcrat
domainmvd.indaqpfijqjfp.homes	dcrat
domainmvd.indnia.cyou	dcrat
domainmvd.indnia.sbs	dcrat
domainmvd.ssina.cyou	dcrat
domainmvd.ssina.sbs	dcrat
domainmvd.visaina.sbs	dcrat
domainmvl.indaqpfijqjfp.homes	dcrat
domainnadot.sbs	dcrat
domainnandot.lol	dcrat
domainnexwhqp.quest	dcrat
domainnotexistsptt.govs.pro	dcrat
domaino2.gov-s.sbs	dcrat
domainoppmto.sbs	dcrat
domainoppmto.xyz	dcrat
domainou.ingov.cfd	dcrat
domainoztyvt.click	dcrat
domainp3.indva.lol	dcrat
domainp4.indva.sbs	dcrat
domainp7.govs.baby	dcrat
domainp8.nadot.sbs	dcrat
domainpe.govin.lat	dcrat
domainpg.ssina.sbs	dcrat
domainpk.govin.lol	dcrat
domainpk.ingov.lol	dcrat
domainpl.ingov.sbs	dcrat
domainpm.zbitb.pro	dcrat
domainpo.govs.pics	dcrat
domainpobira.pics	dcrat
domainpostman.visaina.sbs	dcrat
domainpp.govs.live	dcrat
domainpq.intex.sbs	dcrat
domainps.intop.sbs	dcrat
domainpt.zpklm.biz	dcrat
domainpxftzql.click	dcrat
domainq3.indva.xyz	dcrat
domainqa.ucwvv.mom	dcrat
domainqf.ssina.xyz	dcrat
domainqgkxvwp.lol	dcrat
domainqjjfgy.xyz	dcrat
domainqk.ingov.xyz	dcrat
domainqkbjznv.homes	dcrat
domainql.swvzb.top	dcrat
domainqwjvckz.cyou	dcrat
domainrandom.generate.lat	dcrat
domainrf.dbplm.date	dcrat
domainrt.indnia.sbs	dcrat
domainruieyt.top	dcrat
domainrustore.govs.pro	dcrat
domainrz.govin.baby	dcrat
domains5.ingood.lol	dcrat
domains9.nandot.lol	dcrat
domainsa.govtop.cfd	dcrat
domainsd.indgov.sbs	dcrat
domainsg.govin.pics	dcrat
domainsg.indva.cyou	dcrat
domainsh.xauad.cyou	dcrat
domainsi.indtex.sbs	dcrat
domainsitemap.generate.lat	dcrat
domainsitemap.intop.sbs	dcrat
domainsm.govin.skin	dcrat
domainsohoto.xyz	dcrat
domainsr.tqhaq.rest	dcrat
domainss.ssina.cyou	dcrat
domainssina.cyou	dcrat
domainssina.sbs	dcrat
domainssina.xyz	dcrat
domainstring.autos	dcrat
domainsupervison.cam	dcrat
domainsv.govin.rest	dcrat
domainsv.govtop.one	dcrat
domainswvzb.top	dcrat
domainsx.ingov.cyou	dcrat
domaint0.goxtom.sbs	dcrat
domaint1.govtop.sbs	dcrat
domaint1.xvtop.club	dcrat
domaintb.govs.quest	dcrat
domaintdmogw.click	dcrat
domaintf.ruieyt.top	dcrat
domaintnwvsx.click	dcrat
domainto.xintoa.xyz	dcrat
domaintqhaq.rest	dcrat
domaintr.xvtop.cyou	dcrat
domaintugora.quest	dcrat
domaintx.sohoto.xyz	dcrat
domainu6.xoptmm.xyz	dcrat
domainub.votpor.xyz	dcrat
domainucwvv.mom	dcrat
domainue.indva.click	dcrat
domainuhwbw.space	dcrat
domainunphof.monster	dcrat
domainuz.indgov.club	dcrat
domainv5.gihxind.sbs	dcrat
domainv5.indnia.cyou	dcrat
domainv6.govind.monster	dcrat
domainvb.uhwbw.space	dcrat
domainvbnmzi.sale	dcrat
domainvc.cxxsh.space	dcrat
domainvd.govsind.lat	dcrat
domainvdlltop.sbs	dcrat
domainvdlltop.xyz	dcrat
domainve.vumll.space	dcrat
domainveupmx.sbs	dcrat
domainvf.govtop.baby	dcrat
domainvgnkcv.autos	dcrat
domainvi.kattp.homes	dcrat
domainvipindgov.beauty	dcrat
domainvipindgov.biz	dcrat
domainvipindgov.blog	dcrat
domainvipindgov.click	dcrat
domainvipindgov.live	dcrat
domainvipindgov.one	dcrat
domainvipindgov.online	dcrat
domainvipindgov.rest	dcrat
domainvipindgov.vip	dcrat
domainvirginia.govs	dcrat
domainvirginia.govs.live	dcrat
domainvisaina.sbs	dcrat
domainvk.govsind.sbs	dcrat
domainvotpor.xyz	dcrat
domainvp.xvtop.click	dcrat
domainvt.xgsxbj.site	dcrat
domainvt.xoptmm.club	dcrat
domainvu.govin.forum	dcrat
domainvumll.space	dcrat
domainvx.govin.autos	dcrat
domainw3.govin.quest	dcrat
domainwap.govs.pro	dcrat
domainwd.govtop.cyou	dcrat
domainwu.vdlltop.xyz	dcrat
domainx3.indnia.click	dcrat
domainxauad.cyou	dcrat
domainxgsxbj.site	dcrat
domainxintoa.xyz	dcrat
domainxk.chatpoe.club	dcrat
domainxn.indgov.click	dcrat
domainxoptmm.club	dcrat
domainxoptmm.xyz	dcrat
domainxt.inandot.club	dcrat
domainxvtgds.xyz	dcrat
domainxvtop.click	dcrat
domainxvtop.club	dcrat
domainxvtop.cyou	dcrat
domainxzqpjvb.baby	dcrat
domainy3.ivhhkw.space	dcrat
domainyb.govtop.click	dcrat
domainyj.inandot.cyou	dcrat
domainyn.indgovvo.biz	dcrat
domainyx.govtop.homes	dcrat
domainz2.tnwvsx.click	dcrat
domainz5.string.autos	dcrat
domainz9.govs.monster	dcrat
domainzbitb.pro	dcrat
domainzbpkml.pics	dcrat
domainzcmtgvbk.govs.pro	dcrat
domainzj.govtop.quest	dcrat
domainzpklm.biz	dcrat
domainzqbxpvm.click	dcrat
domaingovtop.one	dcrat
domainikkkkddd.com	dcrat
domainkkxqbh.top	dcrat
domainxa.ikkkkddd.com	dcrat
domainhaseebbaig.me	fakeapp
domainr5q73tje1r.billbutterworth.com	fakeapp
domainu6extfzlk0.billbutterworth.com	fakeapp
domainwmerlcxpyt.billbutterworth.com	fakeapp
domaintommy-v.lol	apt_kimsuky
domainsettra5ldqwgtw5q7z5awbsvlksakyfojuc5slgrz5lvapune4fantqd.onion	settra_ransomware
domainsyncn.cfd	apt_bluenoroff
domaingooglemeet.syncn.cfd	apt_bluenoroff
domainonedrive.syncn.cfd	apt_bluenoroff
domainus06web-zoom.syncn.cfd	apt_bluenoroff
domainus06zoom.syncn.cfd	apt_bluenoroff
domainaymdkese.love	silverfox
domainbctetagrg.love	silverfox
domainbxyawrgr.love	silverfox
domainficjseytea.love	silverfox
domainflsiuety.love	silverfox
domainfstawrxvy.love	silverfox
domaingsawytex.love	silverfox
domainhauwtcbe.love	silverfox
domainhaywtrbcye.live	silverfox
domainhduywtt.love	silverfox
domainhsieuygrw.love	silverfox
domainisauwtsq.love	silverfox
domainisdhdwhw.love	silverfox
domainixufruwig.love	silverfox
domainjaiwuydr.love	silverfox
domainjdshduyw.love	silverfox
domainjuxsyena.love	silverfox
domainkisuytbze.love	silverfox
domainkiufusete.love	silverfox
domainkixuseteh.love	silverfox
domainkjfuwyce.love	silverfox
domainkomjhhd.com	silverfox
domainksiduyee.love	silverfox
domainkudkgoay.love	silverfox
domainkxisetcblg.love	silverfox
domainkxuaicnvyet.love	silverfox
domainlaiwnndye.love	silverfox
domainlaiwyhvge.love	silverfox
domainlasodtetr.love	silverfox
domainldiruttew.love	silverfox
domainlisudted.love	silverfox
domainlxcosetrs.love	silverfox
domainmaietxdea.love	silverfox
domainmxnnshya.love	silverfox
domainpbcgsrwre.love	silverfox
domainpdijcsuet.love	silverfox
domainpifuytawjne.love	silverfox
domainpiumbtaw.love	silverfox
domainpmrravwg.love	silverfox
domainpsufuyvaw.love	silverfox
domainpxnzsdgre.live	silverfox
domainqiawmcue.love	silverfox
domainrctsbetaw.love	silverfox
domainskjsayeyd.love	silverfox
domainsyxhtejkdr.love	silverfox
domaintasdhwia.love	silverfox
domaintaxenrs.com	silverfox
domaintaxind.name	silverfox
domaintaxindn.com	silverfox
domaintaxindn.name	silverfox
domaintbckduurs.love	silverfox
domainuyfbbnstet.love	silverfox
domainv7.taxindn.com	silverfox
domainvm.taxenrs.com	silverfox
domainwyctridea.love	silverfox
domainxafgdvctw.love	silverfox
domainxcndyteer.love	silverfox
domainxcuyeaet.love	silverfox
domainxijbdgecr.love	silverfox
domainxuaywttsa.love	silverfox
domainxucnvgjte.love	silverfox
domainxusadtraw.love	silverfox
domainxusdtmcdra.love	silverfox
domainyasyciuste.love	silverfox
domainydufwyaxe.love	silverfox
domainysicgtes.love	silverfox
domainzlvbvyer.love	silverfox
domainzocuyuefgd.love	silverfox
domainzsyrtcmke.love	silverfox
domainzuxywrjcie.love	silverfox
domainzxaiasuye.love	silverfox
domain3s.aliqwenapi.com	apt_unclassified
domain8d.cloudops-api.com	apt_unclassified
domainaliqwenapi.com	apt_unclassified
domainapiupdate.com	apt_unclassified
domaincloudapi-update.com	apt_unclassified
domaincloudops-api.com	apt_unclassified
domaingu.cloudapi-update.com	apt_unclassified
domainjianpn106437694.softether.net	apt_unclassified
domainlogin.apiupdate.com	apt_unclassified
domainmail.apiupdate.com	apt_unclassified
domainq.apiupdate.com	apt_unclassified
domainsso.login.apiupdate.com	apt_unclassified
domainstaging.apiupdate.com	apt_unclassified
domainzhongyantech.vip	apt_unclassified
domaincanal1zac1a.onrender.com	apt_turla
domaindriverx86-adobe.onrender.com	apt_turla
domaingoogle-ai-labs-it.onrender.com	apt_turla
domainweatherdataai.theworkpc.com	apt_turla
domainwool-basalt-clock.glitch.me	apt_turla
domaincircoloesteri.elezioni.idnet.it	apt_turla
domainsuperstarlog.click	—
domainnavi.sell.app	navirat
domainins0mnia.ru	navirat
domaincloudflera.top	sharkloader
domaindns-server.club	sharkloader
domainconnect-microsoft.com	sharkloader
domainms-record.com	sharkloader
domainms-record.top	sharkloader
domainms-tray.top	sharkloader
domainbostik.cmsnet.se	sharkloader
domainenjoy-rachel-rider-ireland.trycloudflare.com	generic
domainbot.majids.web.id	android_fvncbot
domaineytrbne.icu	android_fvncbot
domainlunaimage.com	android_fvncbot
domainmajids.web.id	android_fvncbot
domaindroptest.xyz	offloader
domain803.st	apt_unc6691
domain9645468a-7b00-49bd-888f-5b7aa18e0e26.ieclo.net	apt_unc6691
domain9n2mhtn-0c9zna14n3mr49e.icu	apt_unc6691
domainads.kds-sms.com	apt_unc6691
domainbxygsuj.com	apt_unc6691
domaincoinweb3.cfd	apt_unc6691
domaincp.thantgt.cn	apt_unc6691
domaind9b3m.com	apt_unc6691
domaindadakeji.com	apt_unc6691
domaindexqqbr.com	apt_unc6691
domainf6z2q.com	apt_unc6691
domaing2w7x.com	apt_unc6691
domaing5n3v.com	apt_unc6691
domainhhkalink.com	apt_unc6691
domainhostmaster.hanzuan.net	apt_unc6691
domainiieuykp.com	apt_unc6691
domaink3w8n.com	apt_unc6691
domainkds-sms.com	apt_unc6691
domainkk.dadakeji.com	apt_unc6691
domainliu6he.edu.pl	apt_unc6691
domainn4k9c.com	apt_unc6691
domainnew.9n2mhtn-0c9zna14n3mr49e.icu	apt_unc6691
domainnew.hanzuan.net	apt_unc6691
domainolmszas.com	apt_unc6691
domainp3m8v.com	apt_unc6691
domainp9x5r.com	apt_unc6691
domainr4d6j.com	apt_unc6691
domainstellarvilla.top	apt_unc6691
domaint5r8p.com	apt_unc6691
domaint7x2n.com	apt_unc6691
domainv2m7b.com	apt_unc6691
domainwap.hhkalink.com	apt_unc6691
domainxv.liu6he.edu.pl	apt_unc6691
domainhiatuft.cyou	lummac2
domainmyroayy.cyou	lummac2
domainbluezno.cyou	lummac2

Ip

Value	Description	Copy
ip122.10.115.10	cyberstrikeai
ip154.36.188.214	cyberstrikeai
ip204.194.54.9	dcrat
ip223.26.63.40	dcrat
ip144.31.236.240	remcos
ip45.119.55.66	diztakun
ip202.61.160.201	silverfox
ip216.250.104.166	diztakun
ip47.76.174.189	apt_unclassified
ip144.172.114.163	megalodon
ip144.172.92.199	megalodon
ip153.75.91.241	megalodon
ip193.56.135.182	megalodon
ip216.126.224.29	megalodon
ip202.182.102.5	tinyrct
ip45.76.210.43	tinyrct

Threat ID: 6a401f2327e9c79719c63148

Added to database: 06/27/2026, 19:06:11 UTC

Last enriched: 06/27/2026, 19:21:14 UTC

Last updated: 06/27/2026, 23:21:11 UTC

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited

View courses

Maltrail IOC for 2026-06-27

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

Maltrail IOC for 2026-06-27

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Url

Domain

Ip

Community Reviews

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility

Maltrail IOC for 2026-06-27

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

Maltrail IOC for 2026-06-27

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Url

Domain

Ip

Community Reviews

Related Threats

0DIN: Clean GitHub Repos Can Trick AI Agents Into Reverse Shells

KRVTZ-NET IDS alerts for 2026-06-27

Clean GitHub repo tricks AI coding agents into running malware

ThreatFox IOCs for 2026-06-26

Operation DragonReturn: China-Nexus Cyber Espionage Campaign Targeting Govt. of India/MoF Tax Infrastructure via Multi-Stage DcRAT Deployment

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility