SNOWYAMBER, HALFRIG, QUARTERRIG - IoC Reference
SNOWYAMBER, HALFRIG, QUARTERRIG - IoC Reference
AI Analysis
Technical Summary
The threat identified as SNOWYAMBER, HALFRIG, and QUARTERRIG refers to a set of malware tools primarily associated with OSINT (Open Source Intelligence) activities, as indicated by the tags and categories provided. These tools appear to be used for network activity monitoring and payload delivery, suggesting capabilities for reconnaissance and potentially for delivering malicious payloads within targeted environments. The information is sourced from CIRCL and classified under a high severity level, although no specific affected software versions or patches are available, and no known exploits in the wild have been reported to date. The lack of detailed technical indicators or CVEs implies that these tools may be custom or specialized malware used in targeted campaigns rather than widespread commodity malware. The perpetual lifetime tag indicates that these tools or their signatures are considered persistent threats in the OSINT domain. The threat level is marked as '1' (likely indicating high priority), but the analysis field is '0', suggesting limited public technical analysis is available. Overall, these tools are likely part of a sophisticated threat actor's toolkit for conducting network reconnaissance, gathering intelligence, and delivering payloads to compromise systems.
Potential Impact
For European organizations, the presence of these malware tools could lead to significant risks including unauthorized network reconnaissance, data exfiltration, and potential system compromise through payload delivery. Given the high severity rating, these tools could be leveraged to breach confidentiality by gathering sensitive information, impact integrity by delivering malicious payloads that alter or corrupt data, and affect availability if payloads include destructive or disruptive components. The absence of patches and known exploits suggests that detection and mitigation rely heavily on proactive threat intelligence and network monitoring. European entities involved in critical infrastructure, government, defense, or industries with sensitive intellectual property are particularly at risk, as these tools could facilitate espionage or sabotage. The persistent nature of these tools also implies a long-term threat that could evade traditional defenses if not actively monitored.
Mitigation Recommendations
To mitigate risks from SNOWYAMBER, HALFRIG, and QUARTERRIG, European organizations should implement advanced network traffic analysis focusing on unusual reconnaissance patterns and payload delivery attempts. Deploying and tuning intrusion detection/prevention systems (IDS/IPS) with updated threat intelligence feeds that include these tools is critical. Organizations should conduct regular threat hunting exercises targeting OSINT-related malware signatures and behaviors. Network segmentation and strict access controls can limit lateral movement if initial compromise occurs. Endpoint detection and response (EDR) solutions should be configured to detect suspicious payload execution and anomalous network connections. Since no patches are available, emphasis should be placed on timely incident response and forensic capabilities to identify and contain infections early. Sharing intelligence with trusted partners and national cybersecurity centers can enhance detection and response effectiveness. Finally, employee training on recognizing phishing or social engineering attempts that could deliver these payloads remains essential.
Affected Countries
Germany, France, United Kingdom, Italy, Netherlands, Belgium, Poland, Spain
Indicators of Compromise
- url: totalmassasje.no/schedule.php
- url: signitivelogics.com/Schedule.html
- url: humanecosmetics.com/category/noteworthy/6426-7346-9789
- url: signitivelogics.com/BMW.html
- domain: badriatimimi.com
- url: literaturaelsalvador.com/Instructions.html
- url: parquesanrafael.cl/note.html
- url: inovaoftalmologia.com.br/form.html
- url: literaturaelsalvador.com/Schedule.htm
- url: sawabfoundation.net/p.php? ip=<IP>&ua=<USER_AGENT>
- url: sawabfoundation.net/note.html
- domain: sawabfoundation.net
- domain: communitypowersports.com
- domain: sanjosemotosport.com
- hash: bc4b0bd5da76b683cc28849b1eed504d
- url: pateke.com/auth/login.php
- url: pateke.com/index.php
- domain: pateke.com
- ip: 85.195.89.91
- url: gatewan.com/c/msdownload/update/others/2021/10/se9fW4z8WJtmMyPQu
- url: gatewan.com/c/msdownload/update/others/2021/10/8PaDBDxLtokI3eH8
- domain: gatewan.com
- ip: 91.218.183.90
- url: sharpledge.com/login.php
- domain: sharpledge.com
- ip: 51.75.210.218
- url: sylvio.com.br/form.php
- domain: sylvio.com.br
- link: https://www.gov.pl/attachment/6e085a2c-ac05-4b62-9423-5d6e9ef730bf
- text: SNOWYAMBER, HALFRIG, QUARTERRIG - IoC Reference
- text: Report
- file: IoC_Reference_.pdf
- hash: c938934c0f5304541087313382aee163e0c5239c
- hash: d0efe94196b4923eb644ec0b53d226cc
- hash: 381a3c6c7e119f58dfde6f03a9890353a20badfa1bfa7c38ede62c6b0692103c
- file: 7za.dll
- size-in-bytes: 270336
- hash: 8eb64670c10505322d45f6114bc9f7de0826e3a1
- hash: cf36bf564fbb7d5ec4cec9b0f185f6c9
- hash: e957326b2167fa7ccd508cbf531779a28bfce75eb2635ab81826a522979aeb98
- file: BugSplatRc64.dll
- size-in-bytes: 271360
- hash: 3fd43de3c9f7609c52da71c1fc4c01ce0b5ac74c
- hash: 82ecb8474efe5fedcb8f57b8aafa93d2
- hash: 4d92a4cecb62d237647a20d2cdfd944d5a29c1a14b274d729e9c8ccca1f0b68b
- file: BugSplatRc64.dll
- size-in-bytes: 301056
- hash: aaf973a56b17a0a82cf1b3a49ff68da1c50283d4
- hash: 800db035f9b6f1e86a7f446a8a8e3947
- hash: 032855b043108967a6c2de154624c16b70a0b7d0d0a0e93064b387f59537cc1e
- file: hXaIk1725.pdf
- size-in-bytes: 261635
- hash: a8a82a7da2979b128cbeddf4e70f9d5725ef666b
- hash: 0e594576bb36b025e80eab7c35dc885e
- hash: ec687a447ca036b10c28c1f9e1e9cef9f2078fdbc2ffdb4d8dd32e834b310c0d
- file: hXaIk1314.pdf
- size-in-bytes: 347837
- hash: d9d40cb3e2fe05cf223dc0b592a592c132340042
- hash: 83863beee3502e42ced7e4b6dacb9eac
- hash: cb470d77087518ed7bc53ca624806c265ae2485d40ec212acc2559720940fb27
- file: Note.exe
- size-in-bytes: 1597000
- hash: fbb482415f5312ed64b3a0ebee7fed5e6610c21a
- hash: 0e5ed33778ee9c020aa067546384abcb
- hash: d1455c42553fab54e78c874525c812aaefb1f3cc69f9c314649bd6e4e57b9fa9
- file: Note.iso
- size-in-bytes: 2688000
- hash: f61e0d09be2fc81d6f325aa7041be6136a747c2d
- hash: f532c0247b683de8936982e86876093b
- hash: ddf218e4e7ccd5e8bd502fb115d1e7fbfaa393fb7e0b3b9001168caebc771c50
- file: AppvIsvSubsystems64.dll
- size-in-bytes: 27000
- hash: e418d37fdcf4c288884bfe744b416cbdb0243a9e
- hash: abc87df854f31725dd1d7231f6f07354
- hash: efeb7d9d0fabe464a32c4e33fe756d6ef7a9b369c0f1462b3dd573b6b667488e
- file: msword.dll
- size-in-bytes: 53000
- hash: 6dff9a9f13300a5ce72a70d907ff7854599e990a
- hash: 2ffaa8cbc7f0d21d03d3dd897d974dba
- hash: cfa65036aff012d7478694ea733e3e882cf8e18f336af5fba3ed2ef29160d45b
- file: envsrv.dll
- size-in-bytes: 56000
- hash: a677b6aa958fe02cac0730d36e8123648e02884f
- hash: 5b6d8a474c556fe327004ed8a33edcdb
- hash: 86edfd6c7a2fab8c50a372494e3d5b08c032cca754396f6e288d5d4c5738cb4c
- file: mschost.dll
- size-in-bytes: 391000
- hash: b260d80fa81885d63565773480ca1e436ab657a0
- hash: b1820abc3a1ce2d32af04c18f9d2bfc3
- hash: 6c55195f025fb895f9d0ec3edbf58bc0aa46c43eeb246cfb88eef1ae051171b3
- file: Note.exe
- size-in-bytes: 1600000
- hash: 52932be0bd8e381127aab9c639e6699fd1ecf268
- hash: 22adbffd1dbf3e13d036f936049a2e98
- hash: c03292fca415b51d08da32e2f7226f66382eb391e19d53e3d81e3e3ba73aa8c1
- file: Note.iso
- size-in-bytes: 2624000
- hash: ca1ef3aeed9c0c5cfa355b6255a5ab238229a051
- hash: db2d9d2704d320ecbd606a8720c22559
- hash: 18cc4c1577a5b3793ecc1e14db2883ffc6bf7c9792cf22d953c1482ffc124f5a
- file: AppvIsvSubsystems64.dll
- size-in-bytes: 28000
- hash: 02cd4148754c9337dfa2c3b0c31d9fdd064616a0
- hash: 166f7269c2a69d8d1294a753f9e53214
- hash: 3c4c2ade1d7a2c55d3df4c19de72a9a6f68d7a281f44a0336e55b6d0f54ec36a
- file: bdcmetadataresource.xsd
- size-in-bytes: 456000
- hash: 86dcdf623d0951e2f804c9fb4ef816fa5e6a22c3
- hash: 1609bcb75babd9a3e823811b4329b3b9
- hash: 91b42488d1b8e5b547b945714c76c2af16b9566b35757bf055cec1fee9dff1b0
- file: Invite.iso
- size-in-bytes: 6464000
- hash: 15511f1944d96b6b51291e3a68a2a1a560d95305
- hash: d2027751280330559d1b42867e063a0f
- hash: 35271a5d3b8e046546417d174abd0839b9b5adfc6b89990fc67c852aafa9ebb0
- file: Invite.exe
- size-in-bytes: 5380000
- hash: b91e71d8867ed8bf33ec39d07f4f7fa2c1eeb386
- hash: bd4cbcd9161e365067d0279b63a784ac
- hash: 673f91a2085358e3266f466845366f30cf741060edeb31e9a93e2c92033bba28
- file: winhttp.dll
- size-in-bytes: 32000
- hash: 1f65d068d0fbaec88e6bcce5f83771ab42a7a8c5
- hash: 8dcac7513d569ca41126987d876a9940
- hash: 9c6683fbb0bf44557472bcef94c213c25a56df539f46449a487a40eecb828a14
- file: Stamp.aapp
- size-in-bytes: 460000
- hash: bacb46d2ce5dfcaf8544125903f69f01091bc3d6
- hash: 3aca0abdd7ec958a539705d5a4244196
- hash: 10f1c5462eb006246cb7af5d696163db5facc452befbfd525f72507bb925131d
- file: Note.iso
- size-in-bytes: 2688000
- hash: 6382ae2061c865ddcb9337f155ae2d036e232dfe
- hash: 9159d3c58c5d970ed25c2db9c9487d7a
- hash: a42dd6bea439b79db90067b84464e755488b784c3ee2e64ef169b9dcdd92b069
- file: AppvIsvSubsystems64.dll
- size-in-bytes: 26000
- hash: 8dcac7513d569ca41126987d876a9940
- hash: 15d6036b6b8283571f947d325ea77364c9d48bfa064a865cd24678a466aa5e38
- file: bdcmetadataresource.xsd
- size-in-bytes: 479000
SNOWYAMBER, HALFRIG, QUARTERRIG - IoC Reference
Description
SNOWYAMBER, HALFRIG, QUARTERRIG - IoC Reference
AI-Powered Analysis
Technical Analysis
The threat identified as SNOWYAMBER, HALFRIG, and QUARTERRIG refers to a set of malware tools primarily associated with OSINT (Open Source Intelligence) activities, as indicated by the tags and categories provided. These tools appear to be used for network activity monitoring and payload delivery, suggesting capabilities for reconnaissance and potentially for delivering malicious payloads within targeted environments. The information is sourced from CIRCL and classified under a high severity level, although no specific affected software versions or patches are available, and no known exploits in the wild have been reported to date. The lack of detailed technical indicators or CVEs implies that these tools may be custom or specialized malware used in targeted campaigns rather than widespread commodity malware. The perpetual lifetime tag indicates that these tools or their signatures are considered persistent threats in the OSINT domain. The threat level is marked as '1' (likely indicating high priority), but the analysis field is '0', suggesting limited public technical analysis is available. Overall, these tools are likely part of a sophisticated threat actor's toolkit for conducting network reconnaissance, gathering intelligence, and delivering payloads to compromise systems.
Potential Impact
For European organizations, the presence of these malware tools could lead to significant risks including unauthorized network reconnaissance, data exfiltration, and potential system compromise through payload delivery. Given the high severity rating, these tools could be leveraged to breach confidentiality by gathering sensitive information, impact integrity by delivering malicious payloads that alter or corrupt data, and affect availability if payloads include destructive or disruptive components. The absence of patches and known exploits suggests that detection and mitigation rely heavily on proactive threat intelligence and network monitoring. European entities involved in critical infrastructure, government, defense, or industries with sensitive intellectual property are particularly at risk, as these tools could facilitate espionage or sabotage. The persistent nature of these tools also implies a long-term threat that could evade traditional defenses if not actively monitored.
Mitigation Recommendations
To mitigate risks from SNOWYAMBER, HALFRIG, and QUARTERRIG, European organizations should implement advanced network traffic analysis focusing on unusual reconnaissance patterns and payload delivery attempts. Deploying and tuning intrusion detection/prevention systems (IDS/IPS) with updated threat intelligence feeds that include these tools is critical. Organizations should conduct regular threat hunting exercises targeting OSINT-related malware signatures and behaviors. Network segmentation and strict access controls can limit lateral movement if initial compromise occurs. Endpoint detection and response (EDR) solutions should be configured to detect suspicious payload execution and anomalous network connections. Since no patches are available, emphasis should be placed on timely incident response and forensic capabilities to identify and contain infections early. Sharing intelligence with trusted partners and national cybersecurity centers can enhance detection and response effectiveness. Finally, employee training on recognizing phishing or social engineering attempts that could deliver these payloads remains essential.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 1
- Analysis
- 0
- Uuid
- e9bf73b9-f82c-4203-ba04-deacf8d9fbd6
- Original Timestamp
- 1681482747
Indicators of Compromise
Url
Value | Description | Copy |
---|---|---|
urltotalmassasje.no/schedule.php | SNOWYAMBER - ENVYSCOUT delivering SNOWYAMBER ZIP | |
urlsignitivelogics.com/Schedule.html | SNOWYAMBER - ENVYSCOUT delivering SNOWYAMBER ISO | |
urlhumanecosmetics.com/category/noteworthy/6426-7346-9789 | SNOWYAMBER - Cobalt Strike Team Server | |
urlsignitivelogics.com/BMW.html | SNOWYAMBER - ENVYSCOUT delivering SNOWYAMBER ISO | |
urlliteraturaelsalvador.com/Instructions.html | SNOWYAMBER - ENVYSCOUT delivering SNOWYAMBER ZIP | |
urlparquesanrafael.cl/note.html | SNOWYAMBER - ENVYSCOUT URL | |
urlinovaoftalmologia.com.br/form.html | SNOWYAMBER - ENVYSCOUT URL | |
urlliteraturaelsalvador.com/Schedule.htm | SNOWYAMBER - ENVYSCOUT delivering SNOWYAMBER ISO | |
urlsawabfoundation.net/p.php? ip=<IP>&ua=<USER_AGENT> | HALFRIG - ENVYSCOUT backend fingerprint collector | |
urlsawabfoundation.net/note.html | HALFRIG - ENVYSCOUT | |
urlpateke.com/auth/login.php | QUARTERRIG C2 URL | |
urlpateke.com/index.php | QUARTERRIG C2 URL | |
urlgatewan.com/c/msdownload/update/others/2021/10/se9fW4z8WJtmMyPQu | QUARTERRIG - COBALT STRIKE Handler URL | |
urlgatewan.com/c/msdownload/update/others/2021/10/8PaDBDxLtokI3eH8 | QUARTERRIG - COBALT STRIKE Handler URL | |
urlsharpledge.com/login.php | QUARTERRIG C2 URL | |
urlsylvio.com.br/form.php | URL to ENYVYSCOUT used to deliver QUARTERRIG |
Domain
Value | Description | Copy |
---|---|---|
domainbadriatimimi.com | SNOWYAMBER - BRUTERATEL C2 | |
domainsawabfoundation.net | HALFRIG - compromised hosting used for ENVYSCOUT | |
domaincommunitypowersports.com | HALFRIG - CobaltStrike redirector | |
domainsanjosemotosport.com | HALFRIG - CobaltStrike C2 | |
domainpateke.com | QUARTERRIG Domain | |
domaingatewan.com | QUARTERRIG - COBALT STRIKE C2 Domain | |
domainsharpledge.com | QUARTERRIG C2 Domain | |
domainsylvio.com.br | QUARTERRIG - Domain used to host ENVYSCOUT |
Hash
Value | Description | Copy |
---|---|---|
hashbc4b0bd5da76b683cc28849b1eed504d | — | |
hashc938934c0f5304541087313382aee163e0c5239c | — | |
hashd0efe94196b4923eb644ec0b53d226cc | — | |
hash381a3c6c7e119f58dfde6f03a9890353a20badfa1bfa7c38ede62c6b0692103c | — | |
hash8eb64670c10505322d45f6114bc9f7de0826e3a1 | — | |
hashcf36bf564fbb7d5ec4cec9b0f185f6c9 | — | |
hashe957326b2167fa7ccd508cbf531779a28bfce75eb2635ab81826a522979aeb98 | — | |
hash3fd43de3c9f7609c52da71c1fc4c01ce0b5ac74c | — | |
hash82ecb8474efe5fedcb8f57b8aafa93d2 | — | |
hash4d92a4cecb62d237647a20d2cdfd944d5a29c1a14b274d729e9c8ccca1f0b68b | — | |
hashaaf973a56b17a0a82cf1b3a49ff68da1c50283d4 | — | |
hash800db035f9b6f1e86a7f446a8a8e3947 | — | |
hash032855b043108967a6c2de154624c16b70a0b7d0d0a0e93064b387f59537cc1e | — | |
hasha8a82a7da2979b128cbeddf4e70f9d5725ef666b | — | |
hash0e594576bb36b025e80eab7c35dc885e | — | |
hashec687a447ca036b10c28c1f9e1e9cef9f2078fdbc2ffdb4d8dd32e834b310c0d | — | |
hashd9d40cb3e2fe05cf223dc0b592a592c132340042 | — | |
hash83863beee3502e42ced7e4b6dacb9eac | — | |
hashcb470d77087518ed7bc53ca624806c265ae2485d40ec212acc2559720940fb27 | — | |
hashfbb482415f5312ed64b3a0ebee7fed5e6610c21a | — | |
hash0e5ed33778ee9c020aa067546384abcb | — | |
hashd1455c42553fab54e78c874525c812aaefb1f3cc69f9c314649bd6e4e57b9fa9 | — | |
hashf61e0d09be2fc81d6f325aa7041be6136a747c2d | — | |
hashf532c0247b683de8936982e86876093b | — | |
hashddf218e4e7ccd5e8bd502fb115d1e7fbfaa393fb7e0b3b9001168caebc771c50 | — | |
hashe418d37fdcf4c288884bfe744b416cbdb0243a9e | — | |
hashabc87df854f31725dd1d7231f6f07354 | — | |
hashefeb7d9d0fabe464a32c4e33fe756d6ef7a9b369c0f1462b3dd573b6b667488e | — | |
hash6dff9a9f13300a5ce72a70d907ff7854599e990a | — | |
hash2ffaa8cbc7f0d21d03d3dd897d974dba | — | |
hashcfa65036aff012d7478694ea733e3e882cf8e18f336af5fba3ed2ef29160d45b | — | |
hasha677b6aa958fe02cac0730d36e8123648e02884f | — | |
hash5b6d8a474c556fe327004ed8a33edcdb | — | |
hash86edfd6c7a2fab8c50a372494e3d5b08c032cca754396f6e288d5d4c5738cb4c | — | |
hashb260d80fa81885d63565773480ca1e436ab657a0 | — | |
hashb1820abc3a1ce2d32af04c18f9d2bfc3 | — | |
hash6c55195f025fb895f9d0ec3edbf58bc0aa46c43eeb246cfb88eef1ae051171b3 | — | |
hash52932be0bd8e381127aab9c639e6699fd1ecf268 | — | |
hash22adbffd1dbf3e13d036f936049a2e98 | — | |
hashc03292fca415b51d08da32e2f7226f66382eb391e19d53e3d81e3e3ba73aa8c1 | — | |
hashca1ef3aeed9c0c5cfa355b6255a5ab238229a051 | — | |
hashdb2d9d2704d320ecbd606a8720c22559 | — | |
hash18cc4c1577a5b3793ecc1e14db2883ffc6bf7c9792cf22d953c1482ffc124f5a | — | |
hash02cd4148754c9337dfa2c3b0c31d9fdd064616a0 | — | |
hash166f7269c2a69d8d1294a753f9e53214 | — | |
hash3c4c2ade1d7a2c55d3df4c19de72a9a6f68d7a281f44a0336e55b6d0f54ec36a | — | |
hash86dcdf623d0951e2f804c9fb4ef816fa5e6a22c3 | — | |
hash1609bcb75babd9a3e823811b4329b3b9 | — | |
hash91b42488d1b8e5b547b945714c76c2af16b9566b35757bf055cec1fee9dff1b0 | — | |
hash15511f1944d96b6b51291e3a68a2a1a560d95305 | — | |
hashd2027751280330559d1b42867e063a0f | — | |
hash35271a5d3b8e046546417d174abd0839b9b5adfc6b89990fc67c852aafa9ebb0 | — | |
hashb91e71d8867ed8bf33ec39d07f4f7fa2c1eeb386 | — | |
hashbd4cbcd9161e365067d0279b63a784ac | — | |
hash673f91a2085358e3266f466845366f30cf741060edeb31e9a93e2c92033bba28 | — | |
hash1f65d068d0fbaec88e6bcce5f83771ab42a7a8c5 | — | |
hash8dcac7513d569ca41126987d876a9940 | — | |
hash9c6683fbb0bf44557472bcef94c213c25a56df539f46449a487a40eecb828a14 | — | |
hashbacb46d2ce5dfcaf8544125903f69f01091bc3d6 | — | |
hash3aca0abdd7ec958a539705d5a4244196 | — | |
hash10f1c5462eb006246cb7af5d696163db5facc452befbfd525f72507bb925131d | — | |
hash6382ae2061c865ddcb9337f155ae2d036e232dfe | — | |
hash9159d3c58c5d970ed25c2db9c9487d7a | — | |
hasha42dd6bea439b79db90067b84464e755488b784c3ee2e64ef169b9dcdd92b069 | — | |
hash8dcac7513d569ca41126987d876a9940 | — | |
hash15d6036b6b8283571f947d325ea77364c9d48bfa064a865cd24678a466aa5e38 | — |
Ip
Value | Description | Copy |
---|---|---|
ip85.195.89.91 | QUARTERRIG server IP | |
ip91.218.183.90 | QUARTERRIG - COBALT STRIKE C2 IP | |
ip51.75.210.218 | QUARTERRIG server IP |
Link
Value | Description | Copy |
---|---|---|
linkhttps://www.gov.pl/attachment/6e085a2c-ac05-4b62-9423-5d6e9ef730bf | — |
Text
Value | Description | Copy |
---|---|---|
textSNOWYAMBER, HALFRIG, QUARTERRIG - IoC Reference | — | |
textReport | — |
File
Value | Description | Copy |
---|---|---|
fileIoC_Reference_.pdf | — | |
file7za.dll | — | |
fileBugSplatRc64.dll | — | |
fileBugSplatRc64.dll | — | |
filehXaIk1725.pdf | — | |
filehXaIk1314.pdf | — | |
fileNote.exe | — | |
fileNote.iso | — | |
fileAppvIsvSubsystems64.dll | — | |
filemsword.dll | — | |
fileenvsrv.dll | — | |
filemschost.dll | — | |
fileNote.exe | — | |
fileNote.iso | — | |
fileAppvIsvSubsystems64.dll | — | |
filebdcmetadataresource.xsd | — | |
fileInvite.iso | — | |
fileInvite.exe | — | |
filewinhttp.dll | — | |
fileStamp.aapp | — | |
fileNote.iso | — | |
fileAppvIsvSubsystems64.dll | — | |
filebdcmetadataresource.xsd | — |
Size in-bytes
Value | Description | Copy |
---|---|---|
size-in-bytes270336 | — | |
size-in-bytes271360 | — | |
size-in-bytes301056 | — | |
size-in-bytes261635 | — | |
size-in-bytes347837 | — | |
size-in-bytes1597000 | — | |
size-in-bytes2688000 | — | |
size-in-bytes27000 | — | |
size-in-bytes53000 | — | |
size-in-bytes56000 | — | |
size-in-bytes391000 | — | |
size-in-bytes1600000 | — | |
size-in-bytes2624000 | — | |
size-in-bytes28000 | — | |
size-in-bytes456000 | — | |
size-in-bytes6464000 | — | |
size-in-bytes5380000 | — | |
size-in-bytes32000 | — | |
size-in-bytes460000 | — | |
size-in-bytes2688000 | — | |
size-in-bytes26000 | — | |
size-in-bytes479000 | — |
Threat ID: 682acdbebbaf20d303f0f1a1
Added to database: 5/19/2025, 6:20:46 AM
Last enriched: 6/18/2025, 7:34:33 AM
Last updated: 8/17/2025, 7:40:11 PM
Views: 11
Related Threats
ThreatFox IOCs for 2025-08-18
MediumWarLock Ransomware group Claims Breach at Colt Telecom and Hitachi
HighThreatFox IOCs for 2025-08-17
MediumColt Technology faces multi-day outage after WarLock ransomware attack
HighU.S. seizes $2.8 million in crypto from Zeppelin ransomware operator
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.