New Tomiris tools and techniques: multiple reverse shells, Havoc, AdaptixC2
The Tomiris threat actor has launched a new campaign starting in early 2025 targeting foreign ministries, intergovernmental organizations, and government entities, primarily focusing on Russian-speaking users and Central Asian countries. This campaign features a shift in tactics, leveraging multiple reverse shell implants developed in various programming languages including Go, Rust, C/C++, C#, and Python. Tomiris uses public platforms such as Telegram and Discord as command-and-control (C2) channels, complicating detection and attribution. The group also deploys open-source post-exploitation frameworks like Havoc and AdaptixC2 to extend their foothold and conduct further operations. The malware tools include reverse shells, reverse SOCKS proxies, file grabbers, and downloaders, enabling remote control and data exfiltration. Although no known exploits are reported in the wild, the campaign’s use of multi-language implants and popular communication platforms indicates a sophisticated and adaptable threat. The severity is assessed as medium, reflecting the targeted nature and complexity but limited public evidence of widespread exploitation. European organizations, especially government and diplomatic entities, should be vigilant given the geopolitical relevance and potential for espionage. Mitigation requires enhanced monitoring of network traffic to Telegram and Discord, strict application control, and threat hunting focused on unusual reverse shell activity. Countries with strong diplomatic ties to Russia and Central Asia, such as Germany, France, Poland, and the Baltic states, are likely to be most affected.
AI Analysis
Technical Summary
Kaspersky researchers identified a new wave of malicious operations by the Tomiris APT group beginning in early 2025. Tomiris targets foreign ministries, intergovernmental organizations, and government entities, with a focus on Russian-speaking users and Central Asian countries. The threat actor has evolved its tactics by employing multiple reverse shell implants written in diverse programming languages including Go, Rust, C, C#, C++, and Python. This multi-language approach complicates detection and analysis. Tomiris leverages public communication platforms such as Telegram and Discord as command-and-control (C2) servers, using these legitimate services to blend malicious traffic with normal user activity, thereby evading traditional network defenses. The implants facilitate remote access and control, enabling the deployment of open-source post-exploitation frameworks like Havoc and AdaptixC2, which provide extensive capabilities for lateral movement, credential harvesting, and data exfiltration. The campaign includes tools such as reverse SOCKS proxies, file grabbers, and downloaders, increasing operational flexibility. The use of public platforms for C2 and multi-language implants demonstrates a strategic shift toward stealth and persistence. While no specific CVEs or exploits are linked to this campaign, the threat actor’s sophistication and targeting profile indicate a high risk for espionage and information theft. The campaign’s medium severity rating reflects the targeted nature and complexity but absence of widespread exploitation evidence. The threat is ongoing and requires continuous monitoring and tailored defensive measures.
Potential Impact
For European organizations, particularly government and diplomatic entities, this threat poses significant risks to confidentiality and integrity of sensitive information. The use of reverse shells and post-exploitation frameworks enables attackers to maintain persistent access, move laterally within networks, and exfiltrate data stealthily. The reliance on public platforms like Telegram and Discord for C2 complicates detection and may lead to prolonged undetected intrusions. Compromise could result in loss of sensitive diplomatic communications, exposure of classified information, and disruption of governmental operations. The targeting of foreign ministries and intergovernmental organizations suggests potential geopolitical espionage motives, which could undermine national security and diplomatic relations. Additionally, the multi-language malware and modular frameworks increase the difficulty of incident response and remediation. European entities with ties to Russia and Central Asia are at heightened risk due to the threat actor’s focus. The campaign’s sophistication and persistence capabilities could lead to long-term compromises if not addressed promptly.
Mitigation Recommendations
European organizations should implement network monitoring specifically tuned to detect unusual traffic to Telegram and Discord endpoints, including DNS and SSL/TLS inspection where possible. Deploy strict application whitelisting and endpoint detection and response (EDR) solutions capable of identifying multi-language reverse shell behaviors and post-exploitation frameworks like Havoc and AdaptixC2. Conduct threat hunting exercises focusing on reverse shell indicators, unusual process spawning, and anomalous network connections to public messaging platforms. Enforce multi-factor authentication (MFA) and least privilege principles to limit lateral movement opportunities. Regularly update and patch all systems, although no specific CVEs are currently linked, to reduce attack surface. Train security teams on the latest Tomiris TTPs and ensure incident response plans include scenarios involving multi-protocol C2 channels. Collaborate with national cybersecurity centers and share threat intelligence to improve detection capabilities. Consider network segmentation for sensitive environments to contain potential breaches. Finally, restrict or monitor the use of public messaging platforms within critical networks where feasible.
Affected Countries
Germany, France, Poland, Estonia, Latvia, Lithuania, United Kingdom, Belgium, Netherlands
Indicators of Compromise
- ip: 188.127.227.226
- ip: 188.127.231.136
- hash: 078be0065d0277935cdcf7e3e9db4679
- hash: 087743415e1f6cc961e9d2bb6dfd6d51
- hash: 091fbacd889fa390dc76bb24c2013b59
- hash: 09913c3292e525af34b3a29e70779ad6
- hash: 0ddc7f3cfc1fb3cea860dc495a745d16
- hash: 0f955d7844e146f2bd756c9ca8711263
- hash: 1083b668459beacbc097b3d4a103623f
- hash: 1241455da8aadc1d828f89476f7183b7
- hash: 2ed5ebc15b377c5a03f75e07dc5f1e08
- hash: 2fba6f91ada8d05199ad94affd5e5a18
- hash: 33ed1534bbc8bd51e7e2cf01cadc9646
- hash: 42e165ab4c3495fade8220f4e6f5f696
- hash: 4edc02724a72afc3cf78710542db1e6e
- hash: 536a48917f823595b990f5b14b46e676
- hash: 6a49982272ba11b7985a2cec6fbb9a96
- hash: 72327bf7a146273a3cfec79c2cbbe54e
- hash: 83267c4e942c7b86154acd3c58eaf26c
- hash: 9a9b1ba210ac2ebfe190d1c63ec707fa
- hash: 9ea699b9854dde15babf260bed30efcc
- hash: abb3e2b8c69ff859a0ec49b9666f0a01
- hash: b8fe3a0ad6b64f370db2ea1e743c84bb
- hash: c0f81b33a80e5e4e96e503dbc401cbee
- hash: c26e318f38dfd17a233b23a3ff80b5f4
- hash: c73c545c32e5d1f72b74ab0087ae1720
- hash: c75665e77ffb3692c2400c3c8dd8276b
- hash: cd46316aebc41e36790686f1ec1c39f0
- hash: d3641495815c9617e58470448a1c94db
- hash: df95695a3a93895c1e87a76b4a8a9812
- hash: f1dca0c280e86c39873d8b6af40f7588
- hash: 29ee3910d05e248cfb3ff62bd2e85e9c76db44a5
- hash: 451cfa10538bc572d9fd3d09758eb945ac1b9437
- hash: 5315a400da8ff4aebec025a4bde734068910201d
- hash: 5684972ded765b0b08b290c85c8fac8ed3fea273
- hash: 633885f16ef1e848a2e057169ab45d363f3f8c57
- hash: 7190377a590c719089830e0f5ce050bc03f0710f
- hash: 8e1641e1e1b24f41f4267c113540dc8cbee0ae65
- hash: 93000d43d5c54b07b52efbdad3012e232bdb49cc
- hash: a5e7e75ee5c0fb82e4dc2f7617c1fe3240f21db2
- hash: c3929c555f4b61458030b70bc889baca8d777abc
- hash: c96beb026dc871256e86eca01e1f5ba2247a0df6
- hash: ce4912e5cd46fae58916c9ed49459c9232955302
- hash: dd98dcf6807a7281e102307d61c71b7954b93032
- hash: e8ab26b3141fbb410522b2cbabdc7e00a9a55251
- hash: ec7269f3e208d72085a99109a9d31e06b4a52152
- hash: f546861adc7c8ca88e3b302d274e6fffb63de9b0
- hash: 148a42ccaa97c2e2352dbb207f07932141d5290d4c3b57f61a780f9168783eda
- hash: 22ba8c24f1aefc864490f70f503f709d2d980b9bc18fece4187152a1d9ca5fab
- hash: 4420148744799563bd559cd6bd42ac10ffe0cc2895c0f5366288272d3b947eec
- hash: 4f17a7f8d2cec5c2206c3cba92967b4b499f0d223748d3b34f9ec4981461d288
- hash: 57bba9dc05df51765b83559e9df7798c389a9c23f13f15a22077c242b8d6f558
- hash: 6b290953441b1c53f63f98863aae75bd8ea32996ab07976e498bad111d535252
- hash: 7084f06f2d8613dfe418b242c43060ae578e7166ce5aeed2904a8327cd98dbdf
- hash: 8e7fb9f6acfb9b08fb424ff5772c46011a92d80191e7736010380443a46e695c
- hash: ab0ad77a341b12cfc719d10e0fc45a6613f41b2b3f6ea963ee6572cf02b41f4d
- hash: ae562641ccd56f6735cb93eb4c6beba1f40921281a103f2c9e7f339bdabd0e20
- hash: b4add80567c915eadffd00f022ca738a7eb4552aedad9da8ea658f04ca693bfc
- hash: be519d0acca77865ed569f16774e7ecb096a5a6ed0b6fe70ab5d5b438964cc11
- hash: cc84bfdb6e996b67d8bc812cf08674e8eca6906b53c98df195ed99ac5ec14a06
- hash: d59577c808e5fc0c67cfaf17fb64cd92c2ed4cb3b6c6bd7110836c8b4b856170
- hash: e46a04b9950a29e8638d5ff6508db94bf2811d613995a964cb5953922b02b0ac
- hash: ec80e96e3d15a215d59d1095134e7131114f669ebc406c6ea1a709003d3f6f17
- ip: 185.173.37.67
- ip: 185.244.180.169
- ip: 188.127.225.191
- ip: 188.127.251.146
- ip: 192.153.57.189
- ip: 192.153.57.9
- ip: 192.165.32.78
- ip: 193.149.129.113
- ip: 206.188.196.191
- ip: 64.7.199.193
- ip: 77.232.39.47
- ip: 77.232.42.107
- ip: 78.128.112.209
- ip: 82.115.223.210
- ip: 82.115.223.218
- ip: 82.115.223.78
- ip: 85.209.128.171
- ip: 88.214.25.249
- ip: 88.214.26.37
- ip: 91.219.148.93
- ip: 94.198.52.200
- ip: 94.198.52.210
- ip: 96.9.124.207
- url: http://188.127.251.146:8080/sbchost.rar
- url: http://188.127.251.146:8080/sxbchost.exe
- url: http://192.153.57.9/private/svchost.exe
- url: http://195.2.79.245/firefox.exe
- url: http://195.2.79.245/service.exe
- url: http://195.2.79.245/winload.exe
- url: http://195.2.79.245/winload.rar
- url: http://195.2.79.245/winupdate.exe
- url: http://62.113.115.89/homepage/infile.php
- url: http://82.115.223.78/private/dwm.exe
- url: http://82.115.223.78/private/msview.exe
- url: http://82.115.223.78/private/spoolsvc.exe
- url: http://82.115.223.78/private/svchost.exe
- url: http://82.115.223.78/private/sysmgmt.exe
- url: http://85.209.128.171:8000/AkelPad.rar
- url: http://88.214.25.249:443/netexit.rar
- url: http://89.110.98.234/winload.exe
- url: http://89.110.98.234/winload.rar
- url: https://docsino.ru/wp-content/private/alone.exe
- url: https://docsino.ru/wp-content/private/winupdate.exe
- url: https://sss.qwadx.com/12345.exe
- url: https://sss.qwadx.com/AkelPad.exe
- url: https://sss.qwadx.com/netexit.rar
- url: https://sss.qwadx.com/winload.exe
- url: https://sss.qwadx.com/winsrv.exe
New Tomiris tools and techniques: multiple reverse shells, Havoc, AdaptixC2
Description
The Tomiris threat actor has launched a new campaign starting in early 2025 targeting foreign ministries, intergovernmental organizations, and government entities, primarily focusing on Russian-speaking users and Central Asian countries. This campaign features a shift in tactics, leveraging multiple reverse shell implants developed in various programming languages including Go, Rust, C/C++, C#, and Python. Tomiris uses public platforms such as Telegram and Discord as command-and-control (C2) channels, complicating detection and attribution. The group also deploys open-source post-exploitation frameworks like Havoc and AdaptixC2 to extend their foothold and conduct further operations. The malware tools include reverse shells, reverse SOCKS proxies, file grabbers, and downloaders, enabling remote control and data exfiltration. Although no known exploits are reported in the wild, the campaign’s use of multi-language implants and popular communication platforms indicates a sophisticated and adaptable threat. The severity is assessed as medium, reflecting the targeted nature and complexity but limited public evidence of widespread exploitation. European organizations, especially government and diplomatic entities, should be vigilant given the geopolitical relevance and potential for espionage. Mitigation requires enhanced monitoring of network traffic to Telegram and Discord, strict application control, and threat hunting focused on unusual reverse shell activity. Countries with strong diplomatic ties to Russia and Central Asia, such as Germany, France, Poland, and the Baltic states, are likely to be most affected.
AI-Powered Analysis
Technical Analysis
Kaspersky researchers identified a new wave of malicious operations by the Tomiris APT group beginning in early 2025. Tomiris targets foreign ministries, intergovernmental organizations, and government entities, with a focus on Russian-speaking users and Central Asian countries. The threat actor has evolved its tactics by employing multiple reverse shell implants written in diverse programming languages including Go, Rust, C, C#, C++, and Python. This multi-language approach complicates detection and analysis. Tomiris leverages public communication platforms such as Telegram and Discord as command-and-control (C2) servers, using these legitimate services to blend malicious traffic with normal user activity, thereby evading traditional network defenses. The implants facilitate remote access and control, enabling the deployment of open-source post-exploitation frameworks like Havoc and AdaptixC2, which provide extensive capabilities for lateral movement, credential harvesting, and data exfiltration. The campaign includes tools such as reverse SOCKS proxies, file grabbers, and downloaders, increasing operational flexibility. The use of public platforms for C2 and multi-language implants demonstrates a strategic shift toward stealth and persistence. While no specific CVEs or exploits are linked to this campaign, the threat actor’s sophistication and targeting profile indicate a high risk for espionage and information theft. The campaign’s medium severity rating reflects the targeted nature and complexity but absence of widespread exploitation evidence. The threat is ongoing and requires continuous monitoring and tailored defensive measures.
Potential Impact
For European organizations, particularly government and diplomatic entities, this threat poses significant risks to confidentiality and integrity of sensitive information. The use of reverse shells and post-exploitation frameworks enables attackers to maintain persistent access, move laterally within networks, and exfiltrate data stealthily. The reliance on public platforms like Telegram and Discord for C2 complicates detection and may lead to prolonged undetected intrusions. Compromise could result in loss of sensitive diplomatic communications, exposure of classified information, and disruption of governmental operations. The targeting of foreign ministries and intergovernmental organizations suggests potential geopolitical espionage motives, which could undermine national security and diplomatic relations. Additionally, the multi-language malware and modular frameworks increase the difficulty of incident response and remediation. European entities with ties to Russia and Central Asia are at heightened risk due to the threat actor’s focus. The campaign’s sophistication and persistence capabilities could lead to long-term compromises if not addressed promptly.
Mitigation Recommendations
European organizations should implement network monitoring specifically tuned to detect unusual traffic to Telegram and Discord endpoints, including DNS and SSL/TLS inspection where possible. Deploy strict application whitelisting and endpoint detection and response (EDR) solutions capable of identifying multi-language reverse shell behaviors and post-exploitation frameworks like Havoc and AdaptixC2. Conduct threat hunting exercises focusing on reverse shell indicators, unusual process spawning, and anomalous network connections to public messaging platforms. Enforce multi-factor authentication (MFA) and least privilege principles to limit lateral movement opportunities. Regularly update and patch all systems, although no specific CVEs are currently linked, to reduce attack surface. Train security teams on the latest Tomiris TTPs and ensure incident response plans include scenarios involving multi-protocol C2 channels. Collaborate with national cybersecurity centers and share threat intelligence to improve detection capabilities. Consider network segmentation for sensitive environments to contain potential breaches. Finally, restrict or monitor the use of public messaging platforms within critical networks where feasible.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://securelist.com/tomiris-new-tools/118143/"]
- Adversary
- Tomiris
- Pulse Id
- 69295ddc667844c92d7554d0
- Threat Score
- null
Indicators of Compromise
Ip
| Value | Description | Copy |
|---|---|---|
ip188.127.227.226 | — | |
ip188.127.231.136 | — | |
ip185.173.37.67 | — | |
ip185.244.180.169 | — | |
ip188.127.225.191 | — | |
ip188.127.251.146 | — | |
ip192.153.57.189 | — | |
ip192.153.57.9 | — | |
ip192.165.32.78 | — | |
ip193.149.129.113 | — | |
ip206.188.196.191 | — | |
ip64.7.199.193 | — | |
ip77.232.39.47 | — | |
ip77.232.42.107 | — | |
ip78.128.112.209 | — | |
ip82.115.223.210 | — | |
ip82.115.223.218 | — | |
ip82.115.223.78 | — | |
ip85.209.128.171 | — | |
ip88.214.25.249 | — | |
ip88.214.26.37 | — | |
ip91.219.148.93 | — | |
ip94.198.52.200 | — | |
ip94.198.52.210 | — | |
ip96.9.124.207 | — |
Hash
| Value | Description | Copy |
|---|---|---|
hash078be0065d0277935cdcf7e3e9db4679 | — | |
hash087743415e1f6cc961e9d2bb6dfd6d51 | — | |
hash091fbacd889fa390dc76bb24c2013b59 | — | |
hash09913c3292e525af34b3a29e70779ad6 | — | |
hash0ddc7f3cfc1fb3cea860dc495a745d16 | — | |
hash0f955d7844e146f2bd756c9ca8711263 | — | |
hash1083b668459beacbc097b3d4a103623f | — | |
hash1241455da8aadc1d828f89476f7183b7 | — | |
hash2ed5ebc15b377c5a03f75e07dc5f1e08 | — | |
hash2fba6f91ada8d05199ad94affd5e5a18 | — | |
hash33ed1534bbc8bd51e7e2cf01cadc9646 | — | |
hash42e165ab4c3495fade8220f4e6f5f696 | — | |
hash4edc02724a72afc3cf78710542db1e6e | — | |
hash536a48917f823595b990f5b14b46e676 | — | |
hash6a49982272ba11b7985a2cec6fbb9a96 | — | |
hash72327bf7a146273a3cfec79c2cbbe54e | — | |
hash83267c4e942c7b86154acd3c58eaf26c | — | |
hash9a9b1ba210ac2ebfe190d1c63ec707fa | — | |
hash9ea699b9854dde15babf260bed30efcc | — | |
hashabb3e2b8c69ff859a0ec49b9666f0a01 | — | |
hashb8fe3a0ad6b64f370db2ea1e743c84bb | — | |
hashc0f81b33a80e5e4e96e503dbc401cbee | — | |
hashc26e318f38dfd17a233b23a3ff80b5f4 | — | |
hashc73c545c32e5d1f72b74ab0087ae1720 | — | |
hashc75665e77ffb3692c2400c3c8dd8276b | — | |
hashcd46316aebc41e36790686f1ec1c39f0 | — | |
hashd3641495815c9617e58470448a1c94db | — | |
hashdf95695a3a93895c1e87a76b4a8a9812 | — | |
hashf1dca0c280e86c39873d8b6af40f7588 | — | |
hash29ee3910d05e248cfb3ff62bd2e85e9c76db44a5 | — | |
hash451cfa10538bc572d9fd3d09758eb945ac1b9437 | — | |
hash5315a400da8ff4aebec025a4bde734068910201d | — | |
hash5684972ded765b0b08b290c85c8fac8ed3fea273 | — | |
hash633885f16ef1e848a2e057169ab45d363f3f8c57 | — | |
hash7190377a590c719089830e0f5ce050bc03f0710f | — | |
hash8e1641e1e1b24f41f4267c113540dc8cbee0ae65 | — | |
hash93000d43d5c54b07b52efbdad3012e232bdb49cc | — | |
hasha5e7e75ee5c0fb82e4dc2f7617c1fe3240f21db2 | — | |
hashc3929c555f4b61458030b70bc889baca8d777abc | — | |
hashc96beb026dc871256e86eca01e1f5ba2247a0df6 | — | |
hashce4912e5cd46fae58916c9ed49459c9232955302 | — | |
hashdd98dcf6807a7281e102307d61c71b7954b93032 | — | |
hashe8ab26b3141fbb410522b2cbabdc7e00a9a55251 | — | |
hashec7269f3e208d72085a99109a9d31e06b4a52152 | — | |
hashf546861adc7c8ca88e3b302d274e6fffb63de9b0 | — | |
hash148a42ccaa97c2e2352dbb207f07932141d5290d4c3b57f61a780f9168783eda | — | |
hash22ba8c24f1aefc864490f70f503f709d2d980b9bc18fece4187152a1d9ca5fab | — | |
hash4420148744799563bd559cd6bd42ac10ffe0cc2895c0f5366288272d3b947eec | — | |
hash4f17a7f8d2cec5c2206c3cba92967b4b499f0d223748d3b34f9ec4981461d288 | — | |
hash57bba9dc05df51765b83559e9df7798c389a9c23f13f15a22077c242b8d6f558 | — | |
hash6b290953441b1c53f63f98863aae75bd8ea32996ab07976e498bad111d535252 | — | |
hash7084f06f2d8613dfe418b242c43060ae578e7166ce5aeed2904a8327cd98dbdf | — | |
hash8e7fb9f6acfb9b08fb424ff5772c46011a92d80191e7736010380443a46e695c | — | |
hashab0ad77a341b12cfc719d10e0fc45a6613f41b2b3f6ea963ee6572cf02b41f4d | — | |
hashae562641ccd56f6735cb93eb4c6beba1f40921281a103f2c9e7f339bdabd0e20 | — | |
hashb4add80567c915eadffd00f022ca738a7eb4552aedad9da8ea658f04ca693bfc | — | |
hashbe519d0acca77865ed569f16774e7ecb096a5a6ed0b6fe70ab5d5b438964cc11 | — | |
hashcc84bfdb6e996b67d8bc812cf08674e8eca6906b53c98df195ed99ac5ec14a06 | — | |
hashd59577c808e5fc0c67cfaf17fb64cd92c2ed4cb3b6c6bd7110836c8b4b856170 | — | |
hashe46a04b9950a29e8638d5ff6508db94bf2811d613995a964cb5953922b02b0ac | — | |
hashec80e96e3d15a215d59d1095134e7131114f669ebc406c6ea1a709003d3f6f17 | — |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://188.127.251.146:8080/sbchost.rar | — | |
urlhttp://188.127.251.146:8080/sxbchost.exe | — | |
urlhttp://192.153.57.9/private/svchost.exe | — | |
urlhttp://195.2.79.245/firefox.exe | — | |
urlhttp://195.2.79.245/service.exe | — | |
urlhttp://195.2.79.245/winload.exe | — | |
urlhttp://195.2.79.245/winload.rar | — | |
urlhttp://195.2.79.245/winupdate.exe | — | |
urlhttp://62.113.115.89/homepage/infile.php | — | |
urlhttp://82.115.223.78/private/dwm.exe | — | |
urlhttp://82.115.223.78/private/msview.exe | — | |
urlhttp://82.115.223.78/private/spoolsvc.exe | — | |
urlhttp://82.115.223.78/private/svchost.exe | — | |
urlhttp://82.115.223.78/private/sysmgmt.exe | — | |
urlhttp://85.209.128.171:8000/AkelPad.rar | — | |
urlhttp://88.214.25.249:443/netexit.rar | — | |
urlhttp://89.110.98.234/winload.exe | — | |
urlhttp://89.110.98.234/winload.rar | — | |
urlhttps://docsino.ru/wp-content/private/alone.exe | — | |
urlhttps://docsino.ru/wp-content/private/winupdate.exe | — | |
urlhttps://sss.qwadx.com/12345.exe | — | |
urlhttps://sss.qwadx.com/AkelPad.exe | — | |
urlhttps://sss.qwadx.com/netexit.rar | — | |
urlhttps://sss.qwadx.com/winload.exe | — | |
urlhttps://sss.qwadx.com/winsrv.exe | — |
Threat ID: 6929601cbc8dfaadef995ea8
Added to database: 11/28/2025, 8:41:00 AM
Last enriched: 11/28/2025, 8:56:03 AM
Last updated: 12/4/2025, 10:51:28 PM
Views: 344
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
Qilin Ransomware Claims Data Theft from Church of Scientology
MediumSilver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China
MediumNew Android malware lets criminals control your phone and drain your bank account
MediumNewly Sold Albiriox Android Malware Targets Banks and Crypto Holders
MediumGlobal Corporate Web
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.