Nimbus Manticore Deploys New Malware Targeting Europe
The Iranian threat actor Nimbus Manticore has expanded its operations, targeting defense, telecommunications, and aviation sectors in Western Europe. The group uses sophisticated spear-phishing techniques, impersonating HR recruiters to lure victims to fake career portals. Their toolset includes the MiniJunk backdoor and MiniBrowse stealer, which have evolved to employ advanced evasion techniques like multi-stage DLL sideloading, heavy obfuscation, and code signing. The malware infrastructure leverages Azure App Services for resilient command and control. Nimbus Manticore's recent activities demonstrate increased focus on stealth, operational security, and expanding their targeting to align with Iranian strategic priorities.
AI Analysis
Technical Summary
Nimbus Manticore, an Iranian state-sponsored advanced persistent threat (APT) group, has expanded its cyber-espionage operations targeting critical sectors in Western Europe, specifically defense, telecommunications, and aviation. The group employs sophisticated spear-phishing campaigns that impersonate HR recruiters, directing victims to counterfeit career portals designed to harvest credentials and deliver malware payloads. The primary malware tools used in this campaign are MiniJunk, a backdoor, and MiniBrowse, a credential stealer. These tools have been enhanced with advanced evasion techniques including multi-stage DLL sideloading, which allows the malware to load malicious DLLs under the guise of legitimate signed binaries, thereby bypassing many endpoint detection mechanisms. Heavy code obfuscation further complicates detection and analysis, while the use of code signing lends an additional layer of trustworthiness to the malware binaries, increasing the likelihood of successful execution. The command and control (C2) infrastructure leverages Azure App Services, a cloud platform, to ensure resilient and flexible communication channels that are harder to block or take down. This use of legitimate cloud services for C2 is a notable evolution in operational security, allowing Nimbus Manticore to blend malicious traffic with normal cloud service traffic. The campaign’s tactics align with Iranian strategic priorities, focusing on intelligence gathering and potential disruption capabilities within key European industries that are critical to national security and economic stability. The group’s emphasis on stealth and operational security indicates a long-term campaign designed to maintain persistent access while minimizing detection risks. The attack techniques map to multiple MITRE ATT&CK tactics and techniques, including spear-phishing (T1566), DLL sideloading (T1574.002), obfuscation (T1027), and use of signed binaries (T1553.002), among others, demonstrating a complex and multi-faceted approach to intrusion and persistence.
Potential Impact
For European organizations, particularly those in Western Europe’s defense, telecommunications, and aviation sectors, this threat poses significant risks. Successful compromise could lead to unauthorized access to sensitive intellectual property, strategic communications, and operational data, potentially undermining national security and critical infrastructure integrity. The use of advanced evasion techniques increases the likelihood that intrusions remain undetected for extended periods, enabling extensive data exfiltration or preparation for disruptive operations. The targeting of telecommunications could impact the confidentiality and availability of communication networks, while attacks on aviation could affect operational safety and logistics. The campaign’s use of cloud-based C2 infrastructure complicates incident response and mitigation efforts, as blocking malicious traffic without disrupting legitimate cloud services is challenging. Additionally, the impersonation of HR recruiters and use of fake career portals exploit human factors, increasing the risk of initial compromise through social engineering. The medium severity rating reflects the sophisticated nature of the threat and its potential to cause significant harm, although no known exploits in the wild have been reported yet. European organizations must consider the geopolitical context, as Iranian-aligned cyber operations may intensify in response to regional tensions, increasing the likelihood of targeted attacks.
Mitigation Recommendations
To mitigate this threat, European organizations should implement targeted defenses beyond generic cybersecurity hygiene. First, enhance email security by deploying advanced anti-phishing solutions capable of detecting and blocking spear-phishing attempts that impersonate HR recruiters, including URL rewriting and sandboxing of links leading to career portals. Conduct regular phishing awareness training focused on social engineering tactics used by APT groups. Employ application whitelisting and strict DLL loading policies to prevent unauthorized DLL sideloading, including monitoring for anomalous DLL loads and enforcing code integrity checks. Utilize endpoint detection and response (EDR) tools with behavioral analytics to identify obfuscated code execution and suspicious process injection activities. Monitor network traffic for unusual patterns consistent with cloud-based C2 communications, particularly anomalous use of Azure App Services, and implement network segmentation to limit lateral movement. Enforce multi-factor authentication (MFA) on all user accounts, especially those with access to sensitive systems, to reduce the risk of credential theft exploitation. Regularly audit and update code signing certificate policies to detect misuse or unauthorized signing. Finally, establish threat intelligence sharing with industry peers and national cybersecurity centers to stay informed about evolving tactics and indicators of compromise related to Nimbus Manticore.
Affected Countries
France, Germany, United Kingdom, Italy, Spain, Netherlands, Belgium
Indicators of Compromise
- hash: 0c76c41dfe6989ba042e27755e2b68f7
- hash: 14d8e865d3ca67b88c01f7e5d2b0862d
- hash: 1965a61d6f96b7bb221564ad52ba9719
- hash: 1baeff23794e47eb5c927c0303b7cd92
- hash: 223196939e1e1ba9256f515b0a510d7a
- hash: 2dab429e52096fd9eb031fc666965a5e
- hash: 37197e5ed67443b01c8bc7f1249cba6a
- hash: 721ec011d75fea67ce9cb2796412651e
- hash: 83100a20cae2649fd8d0400c96b267fe
- hash: a17b40b8133c1cc29c6146732086db69
- hash: b40533e67e70b7ff7bb53d34a4b9170e
- hash: b7e4b752adff07ac1b7b67a9be30b366
- hash: e23637423599434a6de45b9080b7c561
- hash: 0ffecfb8f6fe484b00ba3a185a3466841ecb9015
- hash: 3a391427902c4b851e09aba4b5ea5d4036fcaeaf
- hash: 4ad8370951516dd311ebe7e024fdad3fd00e221e
- hash: 6b83c47142a49001e51123bfc6de8f9db32d5729
- hash: 8356a79dcd0b240dae13b90252313bde218f3acc
- hash: 845ae4cd37f84dfcc052d6647115a7952d0f9702
- hash: 8b4d1cd340c95f7ddfe8e0813949d4ea34f969fc
- hash: 9e0ffbefdc7dee2663eb648ecf4f5d0a1ad521ac
- hash: b467efb7c41b41beb5f0a4d0e06983d7c66be014
- hash: c81055c45d790fb59ed5e7d6e8bae73c2efb0e24
- hash: daa59b1a6e4ae62bfa91722fc0b2c26799864834
- hash: e8520f70af1114d89e8e26e9acab603c84ead981
- hash: edda7fb72a1302a5658ee279ddf90e0e32779310
- hash: 054483046c9f593114bc3ddc3613f71af6b30d2e4b7e7faec1f26e72ae6d7669
- hash: 061c28a9cf06c9f338655a520d13d9b0373ba9826a2759f989985713b5a4ba2b
- hash: 0b2c137ef9087cb4635e110f8e12bb0ed43b6d6e30c62d1f880db20778b73c9a
- hash: 0e4ff052250ade1edaab87de194e87a9afeff903695799bcbc3571918b131100
- hash: 1b629042b5f08b7460975b5ecabc5b195fcbdf76ea50416f512a3ae7a677614a
- hash: 23c0b4f1733284934c071df2bf953a1a894bb77c84cff71d9bfcf80ce3dc4c16
- hash: 3b4667af3a3e6ed905ae73683ee78d2c608a00e566ae446003da47947320097f
- hash: 3b58fd0c0ef8a42226be4d26a64235da059986ec7f5990d5c50d47b7a6cfadcd
- hash: 41d60b7090607e0d4048a3317b45ec7af637d27e5c3e6e89ea8bdcad62c15bf9
- hash: 4260328c81e13a65a081be30958d94b945fea6f2a483d051c52537798b100c69
- hash: 4da158293f93db27906e364a33e5adf8de07a97edaba052d4a9c1c3c3a7f234d
- hash: 53ff76014f650b3180bc87a23d40dc861a005f47a6977cb2fba8907259c3cf7a
- hash: 5985bf904c546c2474cbf94d6d6b2a18a4c82a1407c23a5a5eca3cd828f03826
- hash: 5d832f1da0c7e07927dcf72d6a6f011bfc7737dc34f39c561d1457af83e04e70
- hash: 6780116ec3eb7d26cf721607e14f352957a495d97d74234aade67adbdc3ed339
- hash: 7c77865f27b8f749b7df805ee76cf6e4575cbe0c4d9c29b75f8260210a802fce
- hash: 8e7771ed1126b79c9a6a1093b2598282221cad8524c061943185272fbe58142d
- hash: 954de96c7fcc84fb062ca1e68831ae5745cf091ef5fb2cb2622edf2358e749e0
- hash: 95d246e4956ad5e6b167a3d9d939542d6d80ec7301f337e00bb109cc220432cf
- hash: 9b186530f291f0e6ebc981399c956e1de3ba26b0315b945a263250c06831f281
- hash: 9ec7899729aac48481272d4b305cefffa7799dcdad88d02278ee14315a0a8cc1
- hash: a37d36ade863966fb8520ea819b1fd580bc13314fac6e73cb62f74192021dab9
- hash: a4f5251c81f080d80d1f75ad4cc8f5bc751e7c6df5addcfca268d59107737bd0
- hash: afe679de1a84301048ce1313a057af456e7ee055519b3693654bbb7312083876
- hash: b405ae67c4ad4704c2ae33b2cf60f5b0ccdaff65c2ec44f5913664805d446c9b
- hash: b43487153219d960b585c5e3ea5bb38f6ea04ec9830cca183eb39ccc95d15793
- hash: b9b3ba39dbb6f4da3ed492140ffc167bde5dee005a35228ce156bed413af622d
- hash: bc9f2abce42141329b2ecd0bf5d63e329a657a0d7f33ccdf78b87cf4e172fbd1
- hash: c22b12d8b1e21468ed5d163efbf7fee306e357053d454e1683ddc3fe14d25db5
- hash: cf0c50670102e7fc6499e8d912ce1f5bd389fad5358d5cae53884593c337ac2e
- hash: d2db5b9b554470f5e9ad26f37b6b3f4f3dae336b3deea3f189933d007c17e3d8
- hash: e69c7ea1301e8d723f775ee911900fbf7caf8dcd9c85728f178f0703c4e6c5c0
- hash: e77b7ec4ace252d37956d6a68663692e6bde90cdbbb07c1b8990bfaa311ecfb2
- hash: f54fccb26a6f65de0d0e09324c84e8d85e7549d4d04e0aa81e4c7b1ae2f3c0f8
- hash: f8a1c69c03002222980963a5d50ab9257bc4a1f2f486c3e7912d75558432be88
- hash: ffeacef025ef32ad092eea4761e4eec3c96d4ac46682a0ae15c9303b5c654e3e
- domain: acupuncturebentonville.com
- domain: airtravellog.com
- domain: arabiccountriestalent.com
- domain: boeing-careers.com
- domain: careers-hub.org
- domain: careers-portal.org
- domain: careersworld.org
- domain: cloudaskquestionanswers.com
- domain: collaboromarketing.com
- domain: createformquestionshelper.com
- domain: ehealthpsuluth.com
- domain: exchtestcheckingapihealth.com
- domain: germanywork.org
- domain: global-careers.com
- domain: gocareers.org
- domain: healthcarefluent.com
- domain: mojavemassageandwellness.com
- domain: rheinmetallcareer.com
- domain: rheinmetallcareer.org
- domain: sulumorbusinessservices.com
- domain: talenthumanresourcestalent.com
- domain: thetacticstore.com
- domain: theworldcareers.com
- domain: traveltipspage.com
- domain: usa-careers.com
- domain: virgomarketingsolutions.com
- domain: airbus.careers-portal.org
- domain: airbus.careersworld.org
- domain: airbus.germanywork.org
- domain: airbus.global-careers.com
- domain: airbus.usa-careers.com
- domain: cloudaskingquestioning.azurewebsites.net.net
- domain: cloudaskingquestions.azurewebsites.net.net
- domain: cloudaskingquestions.eastus.cloudapp.azure.com.net
- domain: cloudaskquestionanswers.azurewebsites.net.net
- domain: cloudaskquestionanswers.com.net
- domain: cloudaskquestioning.eastus.cloudapp.azure.com.net
- domain: createformquestionshelper.com.net
- domain: rheinmetall.careers-hub.org
- domain: rheinmetall.careersworld.org
- domain: rheinmetall.gocareers.org
- domain: rheinmetall.theworldcareers.com
- domain: virgomarketingsolutions.comtions.com
- domain: telespazio-careers.com
- domain: zurewebsites.net
Nimbus Manticore Deploys New Malware Targeting Europe
Description
The Iranian threat actor Nimbus Manticore has expanded its operations, targeting defense, telecommunications, and aviation sectors in Western Europe. The group uses sophisticated spear-phishing techniques, impersonating HR recruiters to lure victims to fake career portals. Their toolset includes the MiniJunk backdoor and MiniBrowse stealer, which have evolved to employ advanced evasion techniques like multi-stage DLL sideloading, heavy obfuscation, and code signing. The malware infrastructure leverages Azure App Services for resilient command and control. Nimbus Manticore's recent activities demonstrate increased focus on stealth, operational security, and expanding their targeting to align with Iranian strategic priorities.
AI-Powered Analysis
Technical Analysis
Nimbus Manticore, an Iranian state-sponsored advanced persistent threat (APT) group, has expanded its cyber-espionage operations targeting critical sectors in Western Europe, specifically defense, telecommunications, and aviation. The group employs sophisticated spear-phishing campaigns that impersonate HR recruiters, directing victims to counterfeit career portals designed to harvest credentials and deliver malware payloads. The primary malware tools used in this campaign are MiniJunk, a backdoor, and MiniBrowse, a credential stealer. These tools have been enhanced with advanced evasion techniques including multi-stage DLL sideloading, which allows the malware to load malicious DLLs under the guise of legitimate signed binaries, thereby bypassing many endpoint detection mechanisms. Heavy code obfuscation further complicates detection and analysis, while the use of code signing lends an additional layer of trustworthiness to the malware binaries, increasing the likelihood of successful execution. The command and control (C2) infrastructure leverages Azure App Services, a cloud platform, to ensure resilient and flexible communication channels that are harder to block or take down. This use of legitimate cloud services for C2 is a notable evolution in operational security, allowing Nimbus Manticore to blend malicious traffic with normal cloud service traffic. The campaign’s tactics align with Iranian strategic priorities, focusing on intelligence gathering and potential disruption capabilities within key European industries that are critical to national security and economic stability. The group’s emphasis on stealth and operational security indicates a long-term campaign designed to maintain persistent access while minimizing detection risks. The attack techniques map to multiple MITRE ATT&CK tactics and techniques, including spear-phishing (T1566), DLL sideloading (T1574.002), obfuscation (T1027), and use of signed binaries (T1553.002), among others, demonstrating a complex and multi-faceted approach to intrusion and persistence.
Potential Impact
For European organizations, particularly those in Western Europe’s defense, telecommunications, and aviation sectors, this threat poses significant risks. Successful compromise could lead to unauthorized access to sensitive intellectual property, strategic communications, and operational data, potentially undermining national security and critical infrastructure integrity. The use of advanced evasion techniques increases the likelihood that intrusions remain undetected for extended periods, enabling extensive data exfiltration or preparation for disruptive operations. The targeting of telecommunications could impact the confidentiality and availability of communication networks, while attacks on aviation could affect operational safety and logistics. The campaign’s use of cloud-based C2 infrastructure complicates incident response and mitigation efforts, as blocking malicious traffic without disrupting legitimate cloud services is challenging. Additionally, the impersonation of HR recruiters and use of fake career portals exploit human factors, increasing the risk of initial compromise through social engineering. The medium severity rating reflects the sophisticated nature of the threat and its potential to cause significant harm, although no known exploits in the wild have been reported yet. European organizations must consider the geopolitical context, as Iranian-aligned cyber operations may intensify in response to regional tensions, increasing the likelihood of targeted attacks.
Mitigation Recommendations
To mitigate this threat, European organizations should implement targeted defenses beyond generic cybersecurity hygiene. First, enhance email security by deploying advanced anti-phishing solutions capable of detecting and blocking spear-phishing attempts that impersonate HR recruiters, including URL rewriting and sandboxing of links leading to career portals. Conduct regular phishing awareness training focused on social engineering tactics used by APT groups. Employ application whitelisting and strict DLL loading policies to prevent unauthorized DLL sideloading, including monitoring for anomalous DLL loads and enforcing code integrity checks. Utilize endpoint detection and response (EDR) tools with behavioral analytics to identify obfuscated code execution and suspicious process injection activities. Monitor network traffic for unusual patterns consistent with cloud-based C2 communications, particularly anomalous use of Azure App Services, and implement network segmentation to limit lateral movement. Enforce multi-factor authentication (MFA) on all user accounts, especially those with access to sensitive systems, to reduce the risk of credential theft exploitation. Regularly audit and update code signing certificate policies to detect misuse or unauthorized signing. Finally, establish threat intelligence sharing with industry peers and national cybersecurity centers to stay informed about evolving tactics and indicators of compromise related to Nimbus Manticore.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://research.checkpoint.com/2025/nimbus-manticore-deploys-new-malware-targeting-europe/"]
- Adversary
- null
- Pulse Id
- 68d1c1ecdb0b4acf0cc29af1
- Threat Score
- null
Indicators of Compromise
Hash
| Value | Description | Copy |
|---|---|---|
hash0c76c41dfe6989ba042e27755e2b68f7 | MD5 of edda7fb72a1302a5658ee279ddf90e0e32779310 | |
hash14d8e865d3ca67b88c01f7e5d2b0862d | MD5 of 8b4d1cd340c95f7ddfe8e0813949d4ea34f969fc | |
hash1965a61d6f96b7bb221564ad52ba9719 | MD5 of 0ffecfb8f6fe484b00ba3a185a3466841ecb9015 | |
hash1baeff23794e47eb5c927c0303b7cd92 | MD5 of 6b83c47142a49001e51123bfc6de8f9db32d5729 | |
hash223196939e1e1ba9256f515b0a510d7a | MD5 of 9e0ffbefdc7dee2663eb648ecf4f5d0a1ad521ac | |
hash2dab429e52096fd9eb031fc666965a5e | MD5 of daa59b1a6e4ae62bfa91722fc0b2c26799864834 | |
hash37197e5ed67443b01c8bc7f1249cba6a | MD5 of b467efb7c41b41beb5f0a4d0e06983d7c66be014 | |
hash721ec011d75fea67ce9cb2796412651e | MD5 of 845ae4cd37f84dfcc052d6647115a7952d0f9702 | |
hash83100a20cae2649fd8d0400c96b267fe | MD5 of 3a391427902c4b851e09aba4b5ea5d4036fcaeaf | |
hasha17b40b8133c1cc29c6146732086db69 | MD5 of c81055c45d790fb59ed5e7d6e8bae73c2efb0e24 | |
hashb40533e67e70b7ff7bb53d34a4b9170e | MD5 of e8520f70af1114d89e8e26e9acab603c84ead981 | |
hashb7e4b752adff07ac1b7b67a9be30b366 | MD5 of 8356a79dcd0b240dae13b90252313bde218f3acc | |
hashe23637423599434a6de45b9080b7c561 | MD5 of 4ad8370951516dd311ebe7e024fdad3fd00e221e | |
hash0ffecfb8f6fe484b00ba3a185a3466841ecb9015 | SHA1 of 3b4667af3a3e6ed905ae73683ee78d2c608a00e566ae446003da47947320097f | |
hash3a391427902c4b851e09aba4b5ea5d4036fcaeaf | SHA1 of 95d246e4956ad5e6b167a3d9d939542d6d80ec7301f337e00bb109cc220432cf | |
hash4ad8370951516dd311ebe7e024fdad3fd00e221e | SHA1 of 9ec7899729aac48481272d4b305cefffa7799dcdad88d02278ee14315a0a8cc1 | |
hash6b83c47142a49001e51123bfc6de8f9db32d5729 | SHA1 of 53ff76014f650b3180bc87a23d40dc861a005f47a6977cb2fba8907259c3cf7a | |
hash8356a79dcd0b240dae13b90252313bde218f3acc | SHA1 of b9b3ba39dbb6f4da3ed492140ffc167bde5dee005a35228ce156bed413af622d | |
hash845ae4cd37f84dfcc052d6647115a7952d0f9702 | SHA1 of 3b58fd0c0ef8a42226be4d26a64235da059986ec7f5990d5c50d47b7a6cfadcd | |
hash8b4d1cd340c95f7ddfe8e0813949d4ea34f969fc | SHA1 of d2db5b9b554470f5e9ad26f37b6b3f4f3dae336b3deea3f189933d007c17e3d8 | |
hash9e0ffbefdc7dee2663eb648ecf4f5d0a1ad521ac | SHA1 of f8a1c69c03002222980963a5d50ab9257bc4a1f2f486c3e7912d75558432be88 | |
hashb467efb7c41b41beb5f0a4d0e06983d7c66be014 | SHA1 of 9b186530f291f0e6ebc981399c956e1de3ba26b0315b945a263250c06831f281 | |
hashc81055c45d790fb59ed5e7d6e8bae73c2efb0e24 | SHA1 of a4f5251c81f080d80d1f75ad4cc8f5bc751e7c6df5addcfca268d59107737bd0 | |
hashdaa59b1a6e4ae62bfa91722fc0b2c26799864834 | SHA1 of bc9f2abce42141329b2ecd0bf5d63e329a657a0d7f33ccdf78b87cf4e172fbd1 | |
hashe8520f70af1114d89e8e26e9acab603c84ead981 | SHA1 of 0e4ff052250ade1edaab87de194e87a9afeff903695799bcbc3571918b131100 | |
hashedda7fb72a1302a5658ee279ddf90e0e32779310 | SHA1 of b405ae67c4ad4704c2ae33b2cf60f5b0ccdaff65c2ec44f5913664805d446c9b | |
hash054483046c9f593114bc3ddc3613f71af6b30d2e4b7e7faec1f26e72ae6d7669 | — | |
hash061c28a9cf06c9f338655a520d13d9b0373ba9826a2759f989985713b5a4ba2b | — | |
hash0b2c137ef9087cb4635e110f8e12bb0ed43b6d6e30c62d1f880db20778b73c9a | — | |
hash0e4ff052250ade1edaab87de194e87a9afeff903695799bcbc3571918b131100 | SHA256 of e8520f70af1114d89e8e26e9acab603c84ead981 | |
hash1b629042b5f08b7460975b5ecabc5b195fcbdf76ea50416f512a3ae7a677614a | — | |
hash23c0b4f1733284934c071df2bf953a1a894bb77c84cff71d9bfcf80ce3dc4c16 | — | |
hash3b4667af3a3e6ed905ae73683ee78d2c608a00e566ae446003da47947320097f | SHA256 of 0ffecfb8f6fe484b00ba3a185a3466841ecb9015 | |
hash3b58fd0c0ef8a42226be4d26a64235da059986ec7f5990d5c50d47b7a6cfadcd | SHA256 of 845ae4cd37f84dfcc052d6647115a7952d0f9702 | |
hash41d60b7090607e0d4048a3317b45ec7af637d27e5c3e6e89ea8bdcad62c15bf9 | — | |
hash4260328c81e13a65a081be30958d94b945fea6f2a483d051c52537798b100c69 | — | |
hash4da158293f93db27906e364a33e5adf8de07a97edaba052d4a9c1c3c3a7f234d | — | |
hash53ff76014f650b3180bc87a23d40dc861a005f47a6977cb2fba8907259c3cf7a | SHA256 of 6b83c47142a49001e51123bfc6de8f9db32d5729 | |
hash5985bf904c546c2474cbf94d6d6b2a18a4c82a1407c23a5a5eca3cd828f03826 | — | |
hash5d832f1da0c7e07927dcf72d6a6f011bfc7737dc34f39c561d1457af83e04e70 | — | |
hash6780116ec3eb7d26cf721607e14f352957a495d97d74234aade67adbdc3ed339 | — | |
hash7c77865f27b8f749b7df805ee76cf6e4575cbe0c4d9c29b75f8260210a802fce | — | |
hash8e7771ed1126b79c9a6a1093b2598282221cad8524c061943185272fbe58142d | — | |
hash954de96c7fcc84fb062ca1e68831ae5745cf091ef5fb2cb2622edf2358e749e0 | — | |
hash95d246e4956ad5e6b167a3d9d939542d6d80ec7301f337e00bb109cc220432cf | SHA256 of 3a391427902c4b851e09aba4b5ea5d4036fcaeaf | |
hash9b186530f291f0e6ebc981399c956e1de3ba26b0315b945a263250c06831f281 | SHA256 of b467efb7c41b41beb5f0a4d0e06983d7c66be014 | |
hash9ec7899729aac48481272d4b305cefffa7799dcdad88d02278ee14315a0a8cc1 | SHA256 of 4ad8370951516dd311ebe7e024fdad3fd00e221e | |
hasha37d36ade863966fb8520ea819b1fd580bc13314fac6e73cb62f74192021dab9 | — | |
hasha4f5251c81f080d80d1f75ad4cc8f5bc751e7c6df5addcfca268d59107737bd0 | SHA256 of c81055c45d790fb59ed5e7d6e8bae73c2efb0e24 | |
hashafe679de1a84301048ce1313a057af456e7ee055519b3693654bbb7312083876 | — | |
hashb405ae67c4ad4704c2ae33b2cf60f5b0ccdaff65c2ec44f5913664805d446c9b | SHA256 of edda7fb72a1302a5658ee279ddf90e0e32779310 | |
hashb43487153219d960b585c5e3ea5bb38f6ea04ec9830cca183eb39ccc95d15793 | — | |
hashb9b3ba39dbb6f4da3ed492140ffc167bde5dee005a35228ce156bed413af622d | SHA256 of 8356a79dcd0b240dae13b90252313bde218f3acc | |
hashbc9f2abce42141329b2ecd0bf5d63e329a657a0d7f33ccdf78b87cf4e172fbd1 | SHA256 of daa59b1a6e4ae62bfa91722fc0b2c26799864834 | |
hashc22b12d8b1e21468ed5d163efbf7fee306e357053d454e1683ddc3fe14d25db5 | — | |
hashcf0c50670102e7fc6499e8d912ce1f5bd389fad5358d5cae53884593c337ac2e | — | |
hashd2db5b9b554470f5e9ad26f37b6b3f4f3dae336b3deea3f189933d007c17e3d8 | SHA256 of 8b4d1cd340c95f7ddfe8e0813949d4ea34f969fc | |
hashe69c7ea1301e8d723f775ee911900fbf7caf8dcd9c85728f178f0703c4e6c5c0 | — | |
hashe77b7ec4ace252d37956d6a68663692e6bde90cdbbb07c1b8990bfaa311ecfb2 | — | |
hashf54fccb26a6f65de0d0e09324c84e8d85e7549d4d04e0aa81e4c7b1ae2f3c0f8 | — | |
hashf8a1c69c03002222980963a5d50ab9257bc4a1f2f486c3e7912d75558432be88 | SHA256 of 9e0ffbefdc7dee2663eb648ecf4f5d0a1ad521ac | |
hashffeacef025ef32ad092eea4761e4eec3c96d4ac46682a0ae15c9303b5c654e3e | — |
Domain
| Value | Description | Copy |
|---|---|---|
domainacupuncturebentonville.com | — | |
domainairtravellog.com | — | |
domainarabiccountriestalent.com | — | |
domainboeing-careers.com | — | |
domaincareers-hub.org | — | |
domaincareers-portal.org | — | |
domaincareersworld.org | — | |
domaincloudaskquestionanswers.com | — | |
domaincollaboromarketing.com | — | |
domaincreateformquestionshelper.com | — | |
domainehealthpsuluth.com | — | |
domainexchtestcheckingapihealth.com | — | |
domaingermanywork.org | — | |
domainglobal-careers.com | — | |
domaingocareers.org | — | |
domainhealthcarefluent.com | — | |
domainmojavemassageandwellness.com | — | |
domainrheinmetallcareer.com | — | |
domainrheinmetallcareer.org | — | |
domainsulumorbusinessservices.com | — | |
domaintalenthumanresourcestalent.com | — | |
domainthetacticstore.com | — | |
domaintheworldcareers.com | — | |
domaintraveltipspage.com | — | |
domainusa-careers.com | — | |
domainvirgomarketingsolutions.com | — | |
domainairbus.careers-portal.org | — | |
domainairbus.careersworld.org | — | |
domainairbus.germanywork.org | — | |
domainairbus.global-careers.com | — | |
domainairbus.usa-careers.com | — | |
domaincloudaskingquestioning.azurewebsites.net.net | — | |
domaincloudaskingquestions.azurewebsites.net.net | — | |
domaincloudaskingquestions.eastus.cloudapp.azure.com.net | — | |
domaincloudaskquestionanswers.azurewebsites.net.net | — | |
domaincloudaskquestionanswers.com.net | — | |
domaincloudaskquestioning.eastus.cloudapp.azure.com.net | — | |
domaincreateformquestionshelper.com.net | — | |
domainrheinmetall.careers-hub.org | — | |
domainrheinmetall.careersworld.org | — | |
domainrheinmetall.gocareers.org | — | |
domainrheinmetall.theworldcareers.com | — | |
domainvirgomarketingsolutions.comtions.com | — | |
domaintelespazio-careers.com | — | |
domainzurewebsites.net | — |
Threat ID: 68d1c40bb929db36a9e2ef69
Added to database: 9/22/2025, 9:47:55 PM
Last enriched: 9/22/2025, 9:51:33 PM
Last updated: 9/25/2025, 8:00:10 AM
Views: 37
Related Threats
How a new PlugX variant abuses DLL search order hijacking
MediumFrom primitive crypto theft to sophisticated AI-based deception
MediumBookworm to Stately Taurus Using the Attribution Framework
MediumShai-Hulud worm infects npm packages
MediumXCSSET evolves again: Analyzing the latest updates to XCSSET's inventory
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.