Tracking LummaC2 Infrastructure with Cats
The US Department of Justice and Microsoft disrupted LummaC2 infostealing-malware through domain seizures, taking down over 2,300 associated domains. The FBI and CISA released an advisory detailing LummaC2's tactics and indicators of compromise, including 114 domains. Analysis of these domains revealed common registration patterns, such as using Eastern European names and specific mail server hostnames. Notably, several domains featured an 'About Cats' landing page, with 58 additional domains sharing this characteristic and having high risk scores. These domains are suspected of distributing LummaC2 and other malware strains. Despite the takedown efforts, 41 of these domains remain active, highlighting the need for continued vigilance against LummaC2 infrastructure.
AI Analysis
Technical Summary
LummaC2 is an infostealing malware family whose infrastructure was recently targeted by coordinated law enforcement and private sector actions, notably by the US Department of Justice and Microsoft. These efforts resulted in the seizure of over 2,300 domains associated with LummaC2 operations. The FBI and CISA released advisories detailing the malware's tactics, techniques, and procedures (TTPs), including a list of 114 domains linked to the threat. Analysis of these domains uncovered distinct registration patterns, such as the use of Eastern European personal names and specific mail server hostnames, which serve as indicators for tracking and attribution. A unique characteristic identified was the presence of 'About Cats' landing pages on several domains, with 58 additional domains sharing this trait and exhibiting high risk scores. These cat-themed domains are suspected to be involved in distributing LummaC2 and potentially other malware strains. Despite the takedown efforts, 41 domains remain active, underscoring the resilience and adaptability of the threat actors behind LummaC2. The malware employs multiple techniques consistent with MITRE ATT&CK tactics such as domain fronting (T1102.001), use of web services (T1071.001), and infrastructure manipulation (T1583.001, T1589), indicating a sophisticated command and control (C2) infrastructure. The ongoing presence of active domains and the use of deceptive domain registration and hosting strategies highlight the need for continuous monitoring and threat intelligence sharing to mitigate LummaC2's impact.
Potential Impact
For European organizations, LummaC2 poses a significant risk primarily through its infostealing capabilities, which can lead to the compromise of sensitive data including credentials, intellectual property, and personal information. The malware's ability to maintain persistent C2 infrastructure via numerous domains complicates detection and remediation efforts. Organizations in Europe may face data breaches, financial losses, and reputational damage if infected. The use of domains with Eastern European registration patterns and cat-themed landing pages may facilitate targeted phishing or watering-hole attacks against European entities, especially those with business or operational ties to Eastern Europe. Additionally, the persistence of active malicious domains despite takedown efforts suggests that European organizations must remain vigilant against evolving infrastructure and tactics. The malware's distribution methods and infrastructure also increase the risk of secondary infections and lateral movement within networks, potentially impacting critical sectors such as finance, government, and technology. The medium severity rating reflects the malware's moderate ease of detection and disruption but acknowledges the ongoing threat posed by remaining active infrastructure.
Mitigation Recommendations
European organizations should implement targeted domain monitoring and blocking strategies focusing on domains exhibiting the identified registration patterns, including those with cat-themed landing pages. Integrating threat intelligence feeds that include the FBI and CISA advisories and the known domain lists into security information and event management (SIEM) systems will enhance detection capabilities. Network defenders should employ DNS filtering and web proxy controls to restrict access to suspicious domains, especially those linked to LummaC2 infrastructure. Endpoint detection and response (EDR) solutions should be tuned to detect infostealing behaviors and anomalous network communications consistent with LummaC2's TTPs. Organizations should conduct regular phishing awareness training emphasizing the recognition of deceptive domain names and unusual website content. Collaborating with national Computer Security Incident Response Teams (CSIRTs) and sharing indicators of compromise (IOCs) will improve collective defense. Finally, organizations should maintain robust patch management and credential hygiene practices to reduce the attack surface and limit the malware's ability to propagate.
Affected Countries
Germany, France, United Kingdom, Poland, Ukraine, Netherlands, Italy
Indicators of Compromise
- hash: 1fc59ff559c941f99cf27c18ef066789
- hash: 36a25a0c6dbc42e3b0018a89cf1e5d7c
- hash: 45a16d54edb7453c992f898c6085d7aa
- hash: 48360d300e9549d09ef0988f1f3e9940
- hash: 4d9dd0f2400e4d0484eb7b8245a14521
- hash: 552ef4dcb1034387830d1b3d9888433f
- hash: 576df09b25a6496eac399155221d159e
- hash: 5c931c5129104a1993c22b6a42def5ea
- hash: 5e94f3d061bc4339a5eab48ac569b189
- hash: 64adca8de7794635841da885aabc33c8
- hash: 792ef5f0e22f4740ba354246856258c1
- hash: 8413af3e5e4b413dab097ff0debe9750
- hash: 90a122f4ea2845708765d641accaedb5
- hash: a920faa21aeb448f9e0a89602c227682
- hash: c03c8572c80443b496f20d11ca9f6c10
- hash: edf65a0c3eb94b3181460ea8fffea76b
- hash: f0f4b6e16b8d4005aec799e41a6c7287
- hash: f516b9050fd743e8b6f89a932acea38f
- hash: f72c2dd8f3e64ee3a70c0af8865e3e3d
- hash: fa43d5ac21544a9bba95e04c7e4bc250
- hash: 022bf70ddcc0b280fa7e3921c39093cfbd9fb255
- hash: 06043d638660130af45f12b8d13b033a1e3d484f
- hash: 085f1b4e6308582684ead2ebb8903885136be518
- hash: 0e9f6c970f62fb619080e436fe05dc7a05164f3b
- hash: 14dfd033cc71a77e2532c9a811fecafc3da0b71b
- hash: 19054ff9bcfba6d6bccc3ecbed29f3d5b8fda72c
- hash: 21a2b9341715408c464d0ad8fa2c986f4c0a36fa
- hash: 2f92195f0a8acddfcf33ccba61044a323783e354
- hash: 2fedaae8c45563a3c27c4d05071b0c1c45a774bc
- hash: 362049f6933922d05497c40b363be051861d12f2
- hash: 37e7f968ececf9c1e446d73a1df9220d2fbb7c42
- hash: 3c920328c3ec1dc332651d486afd495b0799ea11
- hash: 3d0298c42092552192ce9d38c0d3a8bea1b0d259
- hash: 3dba7dd1cde233fc0645b0f5d80e326324c00955
- hash: 3ddd4eb4edc7e12db71d9eb404c8c51c8861e406
- hash: 408a1ab56ee6b1547199460f0cf2e6ab4c0df2e5
- hash: 43524c7dae29eae434314ba53b766946e42face4
- hash: 49c21f7be467700833b1f336aedd3ad7b073c0ff
- hash: 4d29141f179eedfdb360c678bd621651ab982e8e
- hash: 4ea5137409ddbbcbf5e6e22d8d99fc64be7b4ec2
- hash: 509c8ce7c78111303f0e03babd3551054f5ee3cc
- hash: 51a88c13032c88fd96543272539c84554a887027
- hash: 5bdf7b050d176fc8f2e4d2be5482a307ea9dc757
- hash: 5e1f4b3f6cd9b508fd14ef5930eee1663997b623
- hash: 60459638d82498fdd4b39197488607fbb46df216
- hash: 6240d31ff701dd54adaa509bcdb06bea13468661
- hash: 627c12d30ededf6310242e8a4852ed89a0de6366
- hash: 64483f0386ec6a1a59831e161b1deb3704c648f9
- hash: 6b596dc8d1dc642c86a13bc1d78c1f9a4393a538
- hash: 6b994473e787c0701a66641e7abe47f1a074ad23
- hash: 6d18d41c09f46864c9566b800e62e569034ad4a7
- hash: 6e34e95dac777ddb41beac2e2188fc02a71e3289
- hash: 74113d66412e8124b5039bd53c8355748eed1d5c
- hash: 7619b6961fc1fe5275df5a6b2efe8b28b6ed37a1
- hash: 79322d4a195af845f7799364843ea7b173fed29c
- hash: 7b0d914da34eba536b23216062f6764bfbbda194
- hash: 7be840a03a77c97abb213800b60b51b7977f95ab
- hash: 8546c4de7399df58d01983a6d00ac747af0c1450
- hash: 855a3f7d07686b00b942362e9697e510677cd368
- hash: 881656f05a60588b8a42dff36f9ed2bc7463aa9b
- hash: 929ed077e785eed52dca775d991c9e66784c51ae
- hash: 9d2be9d078a76eab2510fb6ebc9080e8383561d0
- hash: a0201d7ea9d2ba8e4896fe3974bcbffa66939c7e
- hash: ad0788a0c2104421a0f62a3375f0b3d2bf9e9979
- hash: aeeeb8ee29ede289de714a962eb3d489adefaa08
- hash: b030559ef1690bcc672b6df0f198d752d3d1e526
- hash: b31cde2231ccdf26a9d4c0726f3012badea4a62f
- hash: b9dd3142dbebad669d04d79d499ffdc84f7ff72b
- hash: bb9f0a1e010b82e5566e2c350e066fcddc9bf7ef
- hash: bc54cc2c1c460c6b2ec93620a8b273d546bdad11
- hash: ce8887eb6433155cff59bc6dfc81d2cb58286c2b
- hash: d2db26468389bf0081ee6d96e53388ca252974f7
- hash: d6c942ac6bb018bfacbd0b805048452d773208b7
- hash: db30cc047dba012f02ba12c86ae1fcb94070416e
- hash: db3f8c11ce8e1363cbf086a9774e528f0296b4c1
- hash: de3f771aa9f577d7059e977bd25ee1cddab98716
- hash: dfbc234726c00f1d3a0365707d25a423c5113ea6
- hash: e93bc45fb347af950416df0c07b30a3314a6c0fa
- hash: e95a60ba4f21f3d07ac92358b1920b410ffe8b44
- hash: edf27669924cf5053f006baf370d0ff32b9bc2ce
- hash: f1c1fc83fb53601578536226ef1989ab87bfe6d7
- hash: f418727fd2cf8206efa9cce8da478a022ff6d8b3
- hash: fd2b411e5304e29871ed061e320c2c746ff4b0bd
- ip: 176.65.142.154
- ip: 213.209.143.24
- url: https://tieredaccess.com/contact/41e19500-be48-4754-ae7a-a74e0428b04e
- domain: belamai.shop
- domain: can-get-no.info
- domain: cat-are-here.ru
- domain: cozkeu.shop
- domain: cyqfuy.shop
- domain: fabzswingers.com
- domain: fireflypath.shop
- domain: forestchime.shop
- domain: gentlestream.shop
- domain: gewrye.shop
- domain: happyjourney.shop
- domain: jonagye.shop
- domain: kerlalostel.org
- domain: kittlez.ru
- domain: leqezuu.shop
- domain: lingagulidon.com
- domain: lumdukekiy.shop
- domain: lumfokim.shop
- domain: lumjebyhiu.shop
- domain: lumkecuq.shop
- domain: lumlacumii.shop
- domain: lumlideweo.shop
- domain: lummomusuo.shop
- domain: lumramavyy.shop
- domain: lumsuxinya.shop
- domain: lumtovusao.shop
- domain: lumzacynuy.shop
- domain: morningjoy.shop
- domain: mysticjourney.shop
- domain: nature-sounds.shop
- domain: ocean-view.shop
- domain: padxae.shop
- domain: pannlumz.com
- domain: rapabuo.shop
- domain: river-stone.shop
- domain: rubyfalls.shop
- domain: rugtou.shop
- domain: sereneoasis.shop
- domain: sunny-beach.shop
- domain: tieredaccess.com
- domain: weponoe.shop
- domain: whoisprotection.cc
- domain: winterchill.shop
- domain: withheldforprivacy.com
- domain: zincaa.shop
- domain: reg.ru
- domain: webnic.cc
- domain: gdpr-masked.com
- domain: regery.com
- domain: 2-can.njalla.in
- domain: 3-get.njalla.fo
- domain: pns1.regery.net
- domain: pns2.regery.net
- domain: pns3.regery.net
- domain: blast-hubs.com
- domain: blastikcn.com
- domain: naturewsounds.help
- domain: stormlegue.com
Tracking LummaC2 Infrastructure with Cats
Description
The US Department of Justice and Microsoft disrupted LummaC2 infostealing-malware through domain seizures, taking down over 2,300 associated domains. The FBI and CISA released an advisory detailing LummaC2's tactics and indicators of compromise, including 114 domains. Analysis of these domains revealed common registration patterns, such as using Eastern European names and specific mail server hostnames. Notably, several domains featured an 'About Cats' landing page, with 58 additional domains sharing this characteristic and having high risk scores. These domains are suspected of distributing LummaC2 and other malware strains. Despite the takedown efforts, 41 of these domains remain active, highlighting the need for continued vigilance against LummaC2 infrastructure.
AI-Powered Analysis
Technical Analysis
LummaC2 is an infostealing malware family whose infrastructure was recently targeted by coordinated law enforcement and private sector actions, notably by the US Department of Justice and Microsoft. These efforts resulted in the seizure of over 2,300 domains associated with LummaC2 operations. The FBI and CISA released advisories detailing the malware's tactics, techniques, and procedures (TTPs), including a list of 114 domains linked to the threat. Analysis of these domains uncovered distinct registration patterns, such as the use of Eastern European personal names and specific mail server hostnames, which serve as indicators for tracking and attribution. A unique characteristic identified was the presence of 'About Cats' landing pages on several domains, with 58 additional domains sharing this trait and exhibiting high risk scores. These cat-themed domains are suspected to be involved in distributing LummaC2 and potentially other malware strains. Despite the takedown efforts, 41 domains remain active, underscoring the resilience and adaptability of the threat actors behind LummaC2. The malware employs multiple techniques consistent with MITRE ATT&CK tactics such as domain fronting (T1102.001), use of web services (T1071.001), and infrastructure manipulation (T1583.001, T1589), indicating a sophisticated command and control (C2) infrastructure. The ongoing presence of active domains and the use of deceptive domain registration and hosting strategies highlight the need for continuous monitoring and threat intelligence sharing to mitigate LummaC2's impact.
Potential Impact
For European organizations, LummaC2 poses a significant risk primarily through its infostealing capabilities, which can lead to the compromise of sensitive data including credentials, intellectual property, and personal information. The malware's ability to maintain persistent C2 infrastructure via numerous domains complicates detection and remediation efforts. Organizations in Europe may face data breaches, financial losses, and reputational damage if infected. The use of domains with Eastern European registration patterns and cat-themed landing pages may facilitate targeted phishing or watering-hole attacks against European entities, especially those with business or operational ties to Eastern Europe. Additionally, the persistence of active malicious domains despite takedown efforts suggests that European organizations must remain vigilant against evolving infrastructure and tactics. The malware's distribution methods and infrastructure also increase the risk of secondary infections and lateral movement within networks, potentially impacting critical sectors such as finance, government, and technology. The medium severity rating reflects the malware's moderate ease of detection and disruption but acknowledges the ongoing threat posed by remaining active infrastructure.
Mitigation Recommendations
European organizations should implement targeted domain monitoring and blocking strategies focusing on domains exhibiting the identified registration patterns, including those with cat-themed landing pages. Integrating threat intelligence feeds that include the FBI and CISA advisories and the known domain lists into security information and event management (SIEM) systems will enhance detection capabilities. Network defenders should employ DNS filtering and web proxy controls to restrict access to suspicious domains, especially those linked to LummaC2 infrastructure. Endpoint detection and response (EDR) solutions should be tuned to detect infostealing behaviors and anomalous network communications consistent with LummaC2's TTPs. Organizations should conduct regular phishing awareness training emphasizing the recognition of deceptive domain names and unusual website content. Collaborating with national Computer Security Incident Response Teams (CSIRTs) and sharing indicators of compromise (IOCs) will improve collective defense. Finally, organizations should maintain robust patch management and credential hygiene practices to reduce the attack surface and limit the malware's ability to propagate.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://www.domaintools.com/resources/blog/tracking-lummac2-infrastructure-with-cats"]
- Adversary
- LummaC2
- Pulse Id
- 6839003a3028827e1ebbfb1a
- Threat Score
- null
Indicators of Compromise
Hash
Value | Description | Copy |
---|---|---|
hash1fc59ff559c941f99cf27c18ef066789 | — | |
hash36a25a0c6dbc42e3b0018a89cf1e5d7c | — | |
hash45a16d54edb7453c992f898c6085d7aa | — | |
hash48360d300e9549d09ef0988f1f3e9940 | — | |
hash4d9dd0f2400e4d0484eb7b8245a14521 | — | |
hash552ef4dcb1034387830d1b3d9888433f | — | |
hash576df09b25a6496eac399155221d159e | — | |
hash5c931c5129104a1993c22b6a42def5ea | — | |
hash5e94f3d061bc4339a5eab48ac569b189 | — | |
hash64adca8de7794635841da885aabc33c8 | — | |
hash792ef5f0e22f4740ba354246856258c1 | — | |
hash8413af3e5e4b413dab097ff0debe9750 | — | |
hash90a122f4ea2845708765d641accaedb5 | — | |
hasha920faa21aeb448f9e0a89602c227682 | — | |
hashc03c8572c80443b496f20d11ca9f6c10 | — | |
hashedf65a0c3eb94b3181460ea8fffea76b | — | |
hashf0f4b6e16b8d4005aec799e41a6c7287 | — | |
hashf516b9050fd743e8b6f89a932acea38f | — | |
hashf72c2dd8f3e64ee3a70c0af8865e3e3d | — | |
hashfa43d5ac21544a9bba95e04c7e4bc250 | — | |
hash022bf70ddcc0b280fa7e3921c39093cfbd9fb255 | — | |
hash06043d638660130af45f12b8d13b033a1e3d484f | — | |
hash085f1b4e6308582684ead2ebb8903885136be518 | — | |
hash0e9f6c970f62fb619080e436fe05dc7a05164f3b | — | |
hash14dfd033cc71a77e2532c9a811fecafc3da0b71b | — | |
hash19054ff9bcfba6d6bccc3ecbed29f3d5b8fda72c | — | |
hash21a2b9341715408c464d0ad8fa2c986f4c0a36fa | — | |
hash2f92195f0a8acddfcf33ccba61044a323783e354 | — | |
hash2fedaae8c45563a3c27c4d05071b0c1c45a774bc | — | |
hash362049f6933922d05497c40b363be051861d12f2 | — | |
hash37e7f968ececf9c1e446d73a1df9220d2fbb7c42 | — | |
hash3c920328c3ec1dc332651d486afd495b0799ea11 | — | |
hash3d0298c42092552192ce9d38c0d3a8bea1b0d259 | — | |
hash3dba7dd1cde233fc0645b0f5d80e326324c00955 | — | |
hash3ddd4eb4edc7e12db71d9eb404c8c51c8861e406 | — | |
hash408a1ab56ee6b1547199460f0cf2e6ab4c0df2e5 | — | |
hash43524c7dae29eae434314ba53b766946e42face4 | — | |
hash49c21f7be467700833b1f336aedd3ad7b073c0ff | — | |
hash4d29141f179eedfdb360c678bd621651ab982e8e | — | |
hash4ea5137409ddbbcbf5e6e22d8d99fc64be7b4ec2 | — | |
hash509c8ce7c78111303f0e03babd3551054f5ee3cc | — | |
hash51a88c13032c88fd96543272539c84554a887027 | — | |
hash5bdf7b050d176fc8f2e4d2be5482a307ea9dc757 | — | |
hash5e1f4b3f6cd9b508fd14ef5930eee1663997b623 | — | |
hash60459638d82498fdd4b39197488607fbb46df216 | — | |
hash6240d31ff701dd54adaa509bcdb06bea13468661 | — | |
hash627c12d30ededf6310242e8a4852ed89a0de6366 | — | |
hash64483f0386ec6a1a59831e161b1deb3704c648f9 | — | |
hash6b596dc8d1dc642c86a13bc1d78c1f9a4393a538 | — | |
hash6b994473e787c0701a66641e7abe47f1a074ad23 | — | |
hash6d18d41c09f46864c9566b800e62e569034ad4a7 | — | |
hash6e34e95dac777ddb41beac2e2188fc02a71e3289 | — | |
hash74113d66412e8124b5039bd53c8355748eed1d5c | — | |
hash7619b6961fc1fe5275df5a6b2efe8b28b6ed37a1 | — | |
hash79322d4a195af845f7799364843ea7b173fed29c | — | |
hash7b0d914da34eba536b23216062f6764bfbbda194 | — | |
hash7be840a03a77c97abb213800b60b51b7977f95ab | — | |
hash8546c4de7399df58d01983a6d00ac747af0c1450 | — | |
hash855a3f7d07686b00b942362e9697e510677cd368 | — | |
hash881656f05a60588b8a42dff36f9ed2bc7463aa9b | — | |
hash929ed077e785eed52dca775d991c9e66784c51ae | — | |
hash9d2be9d078a76eab2510fb6ebc9080e8383561d0 | — | |
hasha0201d7ea9d2ba8e4896fe3974bcbffa66939c7e | — | |
hashad0788a0c2104421a0f62a3375f0b3d2bf9e9979 | — | |
hashaeeeb8ee29ede289de714a962eb3d489adefaa08 | — | |
hashb030559ef1690bcc672b6df0f198d752d3d1e526 | — | |
hashb31cde2231ccdf26a9d4c0726f3012badea4a62f | — | |
hashb9dd3142dbebad669d04d79d499ffdc84f7ff72b | — | |
hashbb9f0a1e010b82e5566e2c350e066fcddc9bf7ef | — | |
hashbc54cc2c1c460c6b2ec93620a8b273d546bdad11 | — | |
hashce8887eb6433155cff59bc6dfc81d2cb58286c2b | — | |
hashd2db26468389bf0081ee6d96e53388ca252974f7 | — | |
hashd6c942ac6bb018bfacbd0b805048452d773208b7 | — | |
hashdb30cc047dba012f02ba12c86ae1fcb94070416e | — | |
hashdb3f8c11ce8e1363cbf086a9774e528f0296b4c1 | — | |
hashde3f771aa9f577d7059e977bd25ee1cddab98716 | — | |
hashdfbc234726c00f1d3a0365707d25a423c5113ea6 | — | |
hashe93bc45fb347af950416df0c07b30a3314a6c0fa | — | |
hashe95a60ba4f21f3d07ac92358b1920b410ffe8b44 | — | |
hashedf27669924cf5053f006baf370d0ff32b9bc2ce | — | |
hashf1c1fc83fb53601578536226ef1989ab87bfe6d7 | — | |
hashf418727fd2cf8206efa9cce8da478a022ff6d8b3 | — | |
hashfd2b411e5304e29871ed061e320c2c746ff4b0bd | — |
Ip
Value | Description | Copy |
---|---|---|
ip176.65.142.154 | — | |
ip213.209.143.24 | — |
Url
Value | Description | Copy |
---|---|---|
urlhttps://tieredaccess.com/contact/41e19500-be48-4754-ae7a-a74e0428b04e | — |
Domain
Value | Description | Copy |
---|---|---|
domainbelamai.shop | — | |
domaincan-get-no.info | — | |
domaincat-are-here.ru | — | |
domaincozkeu.shop | — | |
domaincyqfuy.shop | — | |
domainfabzswingers.com | — | |
domainfireflypath.shop | — | |
domainforestchime.shop | — | |
domaingentlestream.shop | — | |
domaingewrye.shop | — | |
domainhappyjourney.shop | — | |
domainjonagye.shop | — | |
domainkerlalostel.org | — | |
domainkittlez.ru | — | |
domainleqezuu.shop | — | |
domainlingagulidon.com | — | |
domainlumdukekiy.shop | — | |
domainlumfokim.shop | — | |
domainlumjebyhiu.shop | — | |
domainlumkecuq.shop | — | |
domainlumlacumii.shop | — | |
domainlumlideweo.shop | — | |
domainlummomusuo.shop | — | |
domainlumramavyy.shop | — | |
domainlumsuxinya.shop | — | |
domainlumtovusao.shop | — | |
domainlumzacynuy.shop | — | |
domainmorningjoy.shop | — | |
domainmysticjourney.shop | — | |
domainnature-sounds.shop | — | |
domainocean-view.shop | — | |
domainpadxae.shop | — | |
domainpannlumz.com | — | |
domainrapabuo.shop | — | |
domainriver-stone.shop | — | |
domainrubyfalls.shop | — | |
domainrugtou.shop | — | |
domainsereneoasis.shop | — | |
domainsunny-beach.shop | — | |
domaintieredaccess.com | — | |
domainweponoe.shop | — | |
domainwhoisprotection.cc | — | |
domainwinterchill.shop | — | |
domainwithheldforprivacy.com | — | |
domainzincaa.shop | — | |
domainreg.ru | — | |
domainwebnic.cc | — | |
domaingdpr-masked.com | — | |
domainregery.com | — | |
domain2-can.njalla.in | — | |
domain3-get.njalla.fo | — | |
domainpns1.regery.net | — | |
domainpns2.regery.net | — | |
domainpns3.regery.net | — | |
domainblast-hubs.com | — | |
domainblastikcn.com | — | |
domainnaturewsounds.help | — | |
domainstormlegue.com | — |
Threat ID: 68396fa3182aa0cae2a6d760
Added to database: 5/30/2025, 8:43:15 AM
Last enriched: 7/1/2025, 7:26:07 PM
Last updated: 7/31/2025, 11:08:25 PM
Views: 9
Related Threats
ThreatFox IOCs for 2025-08-17
MediumThreatFox IOCs for 2025-08-16
MediumScammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumThreatFox IOCs for 2025-08-15
MediumThreat Actor Profile: Interlock Ransomware
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.