Reconnecting to live updates…

VerdantBamboo: Just Another BRICKSTORM in the Firewall

Severity: mediumType: malware

Chinese threat actor VerdantBamboo compromised a victim organization and its Managed Services Provider over an 18-month period, deploying malware on network edge devices lacking EDR coverage. The initial breach involved an Egnyte Storage Sync system, where attackers exploited a sudo misconfiguration for privilege escalation and installed BRICKSTORM backdoor and AGENTPSD fallback implant. Investigation revealed the MSP's pfSense firewall was also compromised with a FreeBSD variant of BRICKSTORM. After remediation, VerdantBamboo regained access through stolen firewall credentials, enabling custom VPN access and deploying PLENET backdoor on a Synology NAS. The threat actor leveraged compromised systems as proxies to access Microsoft 365 environments while evading security controls. VerdantBamboo demonstrated operational discipline by targeting appliances without EDR capabilities and using sophisticated malware including PLENET, compiled with .NET Native AOT to hinder analysis.

AI Analysis

Technical Summary

VerdantBamboo executed a long-term intrusion involving multiple stages and targets, including an Egnyte Storage Sync system and a pfSense firewall at an MSP. Exploiting a sudo misconfiguration allowed privilege escalation and deployment of BRICKSTORM and AGENTPSD malware. The MSP's firewall was compromised with a FreeBSD variant of BRICKSTORM. Post-remediation, the actor regained access through stolen firewall credentials, establishing custom VPN access and deploying the PLENET backdoor on a Synology NAS device. The attacker leveraged these compromised appliances, which lacked EDR coverage, as proxies to infiltrate Microsoft 365 environments while evading detection. The use of advanced malware techniques, such as .NET Native AOT compilation for PLENET, indicates operational sophistication and a focus on stealth.

Potential Impact

The threat actor maintained persistent access over an extended period, compromising critical network edge devices and managed service provider infrastructure. This allowed them to deploy multiple backdoors (BRICKSTORM, AGENTPSD, PLENET), regain access after remediation, and pivot into Microsoft 365 environments. The compromise of firewall credentials and network appliances without EDR coverage enabled stealthy lateral movement and evasion of security controls, potentially exposing sensitive organizational data and services.

Mitigation Recommendations

No specific patch or official fix is indicated for this threat. Organizations should verify and correct sudo configurations to prevent privilege escalation. They should also ensure that network edge devices and firewalls have appropriate security controls, including EDR coverage where possible. Credential hygiene and monitoring for unauthorized VPN access are critical. Since this threat involves sophisticated malware and credential theft, remediation should include comprehensive credential resets, firewall configuration audits, and enhanced monitoring for unusual access patterns. Patch status is not yet confirmed—check vendor advisories for updates.

Indicators of Compromise

ip: 192.3.30.159
ip: 192.3.30.159
hash: 42692bd13333623e9085d0c1326574a3391efcbf18158bb04972103c9ee4a3b8
hash: 42692bd13333623e9085d0c1326574a3391efcbf18158bb04972103c9ee4a3b8
hash: b42159d68ba58d7857c091b5acc59e30e50a854b15f7ce04b61ff6c11cdf0156
hash: b42159d68ba58d7857c091b5acc59e30e50a854b15f7ce04b61ff6c11cdf0156
ip: 5.223.58.4
ip: 5.223.58.4
domain: service.systemsvcs.com
domain: service.systemsvcs.com
hash: 123e80a34508c4dede7cc70e76931fcc
hash: 123e80a34508c4dede7cc70e76931fcc
hash: b1b7aaa5bd4408a4d3003a9fabcdd041
hash: b1b7aaa5bd4408a4d3003a9fabcdd041
hash: 130fdc32de36a362e65c7138b560eb8d8f6ae599
hash: 130fdc32de36a362e65c7138b560eb8d8f6ae599
hash: b8eed63ab9cbdca494f26a6f66bfd4a0a693b3f0
hash: b8eed63ab9cbdca494f26a6f66bfd4a0a693b3f0
hash: 2388ed7aee0b6b392778e8f9e98871c06499f476c9e7eae6ca0916f827fe65df
hash: 2388ed7aee0b6b392778e8f9e98871c06499f476c9e7eae6ca0916f827fe65df
hash: 90b760ed1d0dcb3ef0f2b6d6195c9d852bcb65eca293578982a8c4b64f51b035
hash: 90b760ed1d0dcb3ef0f2b6d6195c9d852bcb65eca293578982a8c4b64f51b035
hash: 84b573305b732a8372a082c057242953
hash: 84b573305b732a8372a082c057242953
hash: f1f64ed1ee74d3b84f338a612e59c81997d6f70e
hash: f1f64ed1ee74d3b84f338a612e59c81997d6f70e
hash: aa688682d44f0c6b0ed7f30b981a609100107f2d414a3a6e5808671b112d1878
hash: aa688682d44f0c6b0ed7f30b981a609100107f2d414a3a6e5808671b112d1878
domain: winfoacacorp.com
domain: winfoacacorp.com
domain: performanceviewtools.com
domain: performanceviewtools.com
ip: 144.202.50.151
ip: 144.202.50.151
domain: fiveworkscorp.com
domain: fiveworkscorp.com
domain: devs.calixcloudinfo.com
domain: devs.calixcloudinfo.com
hash: 320a0b5d4900697e125cebb5ff03dee7368f8f087db1c1570b0b62f5a986d759
hash: 320a0b5d4900697e125cebb5ff03dee7368f8f087db1c1570b0b62f5a986d759
domain: natsupport.net
domain: natsupport.net
hash: 9c44bc9373377831c45dd0ac2661a28e
hash: 9c44bc9373377831c45dd0ac2661a28e
hash: b439749a581ac5a29b5c9d91fc092bf4ceaa76a4
hash: b439749a581ac5a29b5c9d91fc092bf4ceaa76a4
hash: 24a11a26a2586f4fba7bfe89df2e21a0809ad85069e442da98c37c4add369a0c
hash: 24a11a26a2586f4fba7bfe89df2e21a0809ad85069e442da98c37c4add369a0c
ip: 149.248.11.71
ip: 149.248.11.71
hash: 2654c08491a0f7c4a3dfc6282de5638b
hash: 2654c08491a0f7c4a3dfc6282de5638b
hash: 4b8ab808442bf7cb084fddf983a558c2cd4b3ff2
hash: 4b8ab808442bf7cb084fddf983a558c2cd4b3ff2
hash: 625b6535321d58bb5c613e85332bf731
hash: 625b6535321d58bb5c613e85332bf731
hash: 70686215a49afbae21c351e912940e50dbabadd6
hash: 70686215a49afbae21c351e912940e50dbabadd6
hash: 45313a6745803a7f57ff35f5397fdf117eaec008a76417e6e2ac8a6280f7d830
hash: 45313a6745803a7f57ff35f5397fdf117eaec008a76417e6e2ac8a6280f7d830
hash: 92fb4ad6dee9362d0596fda7bbcfe1ba353f812ea801d1870e37bfc6376e624a
hash: 92fb4ad6dee9362d0596fda7bbcfe1ba353f812ea801d1870e37bfc6376e624a
hash: dfb37247d12351ef9708cb6631ce2d7017897503657c6b882a711c0da8a9a591
hash: dfb37247d12351ef9708cb6631ce2d7017897503657c6b882a711c0da8a9a591
hash: 00e195d94d3b1f7092eb9ed132f89d1b
hash: 00e195d94d3b1f7092eb9ed132f89d1b
hash: c392262fa86c390a20b998970639a51c
hash: c392262fa86c390a20b998970639a51c
hash: 873f1277a42de5c82f869459e7fb7c94554a642b
hash: 873f1277a42de5c82f869459e7fb7c94554a642b
hash: dbe26539ed4701596371aa585520dd276d437398
hash: dbe26539ed4701596371aa585520dd276d437398
hash: e28a96f983b8605decd2ac1db16ebad5fa741a6aa4e585a38ade0e5ad7d6cec0
hash: 40d264cf9c73923932c3dfd52d20f46ff602be3fea8dc6ecc71aca46e6067bf5
hash: 40d264cf9c73923932c3dfd52d20f46ff602be3fea8dc6ecc71aca46e6067bf5
hash: 40d264cf9c73923932c3dfd52d20f46ff602be3fea8dc6ecc71aca46e6067bf5
hash: e981fc4eaaa6417e6034e21438e55c0360773674a6fc0b63c1b95026449e5254
hash: e981fc4eaaa6417e6034e21438e55c0360773674a6fc0b63c1b95026449e5254
hash: ee41e06ed96182ce80cd4544a6abd5d7719c4a5c0e5ddb266a83842d39b99b0a
hash: ee41e06ed96182ce80cd4544a6abd5d7719c4a5c0e5ddb266a83842d39b99b0a
hash: ee41e06ed96182ce80cd4544a6abd5d7719c4a5c0e5ddb266a83842d39b99b0a
hash: f06457d2be0840faac9f0a91e63e33f932bf82922b25ac8c046fab38bb1e0b36
hash: f06457d2be0840faac9f0a91e63e33f932bf82922b25ac8c046fab38bb1e0b36
hash: f70abe93112637d3ec2f6c5e058ccac0307ebf63e496f38588cbfc17a8f8a264
hash: f70abe93112637d3ec2f6c5e058ccac0307ebf63e496f38588cbfc17a8f8a264
hash: f70abe93112637d3ec2f6c5e058ccac0307ebf63e496f38588cbfc17a8f8a264
ip: 104.253.1.46
ip: 104.253.1.46
ip: 107.175.235.196
ip: 107.175.235.196
ip: 159.223.77.60
ip: 159.223.77.60
ip: 170.187.181.243
ip: 170.187.181.243
ip: 172.245.5.22
ip: 172.245.5.22
ip: 173.254.201.16
ip: 173.254.201.16
ip: 5.223.42.12
ip: 5.223.42.12
ip: 5.223.49.77
ip: 5.223.49.77
ip: 5.223.68.181
ip: 5.223.68.181
ip: 66.59.196.250
ip: 66.59.196.250
domain: barannclinic.com
domain: barannclinic.com
domain: bititer.org
domain: bititer.org
domain: calixcloudinfo.com
domain: calixcloudinfo.com
domain: faoith.com
domain: faoith.com
domain: kitfloor.org
domain: kitfloor.org
domain: systemsvcs.com
domain: systemsvcs.com
domain: www.natsupport.net
domain: www.natsupport.net
hash: 58d4eccc982c9e9b1b98aa62c514e53a
hash: 84ad78b2bab946c3677fdc28ebd8a774
hash: 95dc2289427ed29b8b996d0e3d1b78cb
hash: 98ee964edeb5a988c3bba8ea1e57fe0e
hash: 681075027553546c119ec447eb8df84633dcffce
hash: e952c18272efa1c3d73d0a5381bcf443c02743fe
hash: f4d77958a12a0778283d3e679b24b18f82e332c4
hash: f8d93c1769e877aae7e7d5c289a467b5ae371c7a
hash: eb141a43958802727a6c813452450c10b92704bea4474ee5fd87c0a1be326e2e
hash: 4931441cae81aaefa80d65d7cce4e1ea
hash: 4931441cae81aaefa80d65d7cce4e1ea
hash: 458653300b48c90a8659b9e9cadc13717bce42b6
hash: 458653300b48c90a8659b9e9cadc13717bce42b6

VerdantBamboo: Just Another BRICKSTORM in the Firewall

Severity: medium

Type: malware

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

ip: 192.3.30.159
ip: 192.3.30.159
hash: 42692bd13333623e9085d0c1326574a3391efcbf18158bb04972103c9ee4a3b8
hash: 42692bd13333623e9085d0c1326574a3391efcbf18158bb04972103c9ee4a3b8
hash: b42159d68ba58d7857c091b5acc59e30e50a854b15f7ce04b61ff6c11cdf0156
hash: b42159d68ba58d7857c091b5acc59e30e50a854b15f7ce04b61ff6c11cdf0156
ip: 5.223.58.4
ip: 5.223.58.4
domain: service.systemsvcs.com
domain: service.systemsvcs.com
hash: 123e80a34508c4dede7cc70e76931fcc
hash: 123e80a34508c4dede7cc70e76931fcc
hash: b1b7aaa5bd4408a4d3003a9fabcdd041
hash: b1b7aaa5bd4408a4d3003a9fabcdd041
hash: 130fdc32de36a362e65c7138b560eb8d8f6ae599
hash: 130fdc32de36a362e65c7138b560eb8d8f6ae599
hash: b8eed63ab9cbdca494f26a6f66bfd4a0a693b3f0
hash: b8eed63ab9cbdca494f26a6f66bfd4a0a693b3f0
hash: 2388ed7aee0b6b392778e8f9e98871c06499f476c9e7eae6ca0916f827fe65df
hash: 2388ed7aee0b6b392778e8f9e98871c06499f476c9e7eae6ca0916f827fe65df
hash: 90b760ed1d0dcb3ef0f2b6d6195c9d852bcb65eca293578982a8c4b64f51b035
hash: 90b760ed1d0dcb3ef0f2b6d6195c9d852bcb65eca293578982a8c4b64f51b035
hash: 84b573305b732a8372a082c057242953
hash: 84b573305b732a8372a082c057242953
hash: f1f64ed1ee74d3b84f338a612e59c81997d6f70e
hash: f1f64ed1ee74d3b84f338a612e59c81997d6f70e
hash: aa688682d44f0c6b0ed7f30b981a609100107f2d414a3a6e5808671b112d1878
hash: aa688682d44f0c6b0ed7f30b981a609100107f2d414a3a6e5808671b112d1878
domain: winfoacacorp.com
domain: winfoacacorp.com
domain: performanceviewtools.com
domain: performanceviewtools.com
ip: 144.202.50.151
ip: 144.202.50.151
domain: fiveworkscorp.com
domain: fiveworkscorp.com
domain: devs.calixcloudinfo.com
domain: devs.calixcloudinfo.com
hash: 320a0b5d4900697e125cebb5ff03dee7368f8f087db1c1570b0b62f5a986d759
hash: 320a0b5d4900697e125cebb5ff03dee7368f8f087db1c1570b0b62f5a986d759
domain: natsupport.net
domain: natsupport.net
hash: 9c44bc9373377831c45dd0ac2661a28e
hash: 9c44bc9373377831c45dd0ac2661a28e
hash: b439749a581ac5a29b5c9d91fc092bf4ceaa76a4
hash: b439749a581ac5a29b5c9d91fc092bf4ceaa76a4
hash: 24a11a26a2586f4fba7bfe89df2e21a0809ad85069e442da98c37c4add369a0c
hash: 24a11a26a2586f4fba7bfe89df2e21a0809ad85069e442da98c37c4add369a0c
ip: 149.248.11.71
ip: 149.248.11.71
hash: 2654c08491a0f7c4a3dfc6282de5638b
hash: 2654c08491a0f7c4a3dfc6282de5638b
hash: 4b8ab808442bf7cb084fddf983a558c2cd4b3ff2
hash: 4b8ab808442bf7cb084fddf983a558c2cd4b3ff2
hash: 625b6535321d58bb5c613e85332bf731
hash: 625b6535321d58bb5c613e85332bf731
hash: 70686215a49afbae21c351e912940e50dbabadd6
hash: 70686215a49afbae21c351e912940e50dbabadd6
hash: 45313a6745803a7f57ff35f5397fdf117eaec008a76417e6e2ac8a6280f7d830
hash: 45313a6745803a7f57ff35f5397fdf117eaec008a76417e6e2ac8a6280f7d830
hash: 92fb4ad6dee9362d0596fda7bbcfe1ba353f812ea801d1870e37bfc6376e624a
hash: 92fb4ad6dee9362d0596fda7bbcfe1ba353f812ea801d1870e37bfc6376e624a
hash: dfb37247d12351ef9708cb6631ce2d7017897503657c6b882a711c0da8a9a591
hash: dfb37247d12351ef9708cb6631ce2d7017897503657c6b882a711c0da8a9a591
hash: 00e195d94d3b1f7092eb9ed132f89d1b
hash: 00e195d94d3b1f7092eb9ed132f89d1b
hash: c392262fa86c390a20b998970639a51c
hash: c392262fa86c390a20b998970639a51c
hash: 873f1277a42de5c82f869459e7fb7c94554a642b
hash: 873f1277a42de5c82f869459e7fb7c94554a642b
hash: dbe26539ed4701596371aa585520dd276d437398
hash: dbe26539ed4701596371aa585520dd276d437398
hash: e28a96f983b8605decd2ac1db16ebad5fa741a6aa4e585a38ade0e5ad7d6cec0
hash: 40d264cf9c73923932c3dfd52d20f46ff602be3fea8dc6ecc71aca46e6067bf5
hash: 40d264cf9c73923932c3dfd52d20f46ff602be3fea8dc6ecc71aca46e6067bf5
hash: 40d264cf9c73923932c3dfd52d20f46ff602be3fea8dc6ecc71aca46e6067bf5
hash: e981fc4eaaa6417e6034e21438e55c0360773674a6fc0b63c1b95026449e5254
hash: e981fc4eaaa6417e6034e21438e55c0360773674a6fc0b63c1b95026449e5254
hash: ee41e06ed96182ce80cd4544a6abd5d7719c4a5c0e5ddb266a83842d39b99b0a
hash: ee41e06ed96182ce80cd4544a6abd5d7719c4a5c0e5ddb266a83842d39b99b0a
hash: ee41e06ed96182ce80cd4544a6abd5d7719c4a5c0e5ddb266a83842d39b99b0a
hash: f06457d2be0840faac9f0a91e63e33f932bf82922b25ac8c046fab38bb1e0b36
hash: f06457d2be0840faac9f0a91e63e33f932bf82922b25ac8c046fab38bb1e0b36
hash: f70abe93112637d3ec2f6c5e058ccac0307ebf63e496f38588cbfc17a8f8a264
hash: f70abe93112637d3ec2f6c5e058ccac0307ebf63e496f38588cbfc17a8f8a264
hash: f70abe93112637d3ec2f6c5e058ccac0307ebf63e496f38588cbfc17a8f8a264
ip: 104.253.1.46
ip: 104.253.1.46
ip: 107.175.235.196
ip: 107.175.235.196
ip: 159.223.77.60
ip: 159.223.77.60
ip: 170.187.181.243
ip: 170.187.181.243
ip: 172.245.5.22
ip: 172.245.5.22
ip: 173.254.201.16
ip: 173.254.201.16
ip: 5.223.42.12
ip: 5.223.42.12
ip: 5.223.49.77
ip: 5.223.49.77
ip: 5.223.68.181
ip: 5.223.68.181
ip: 66.59.196.250
ip: 66.59.196.250
domain: barannclinic.com
domain: barannclinic.com
domain: bititer.org
domain: bititer.org
domain: calixcloudinfo.com
domain: calixcloudinfo.com
domain: faoith.com
domain: faoith.com
domain: kitfloor.org
domain: kitfloor.org
domain: systemsvcs.com
domain: systemsvcs.com
domain: www.natsupport.net
domain: www.natsupport.net
hash: 58d4eccc982c9e9b1b98aa62c514e53a
hash: 84ad78b2bab946c3677fdc28ebd8a774
hash: 95dc2289427ed29b8b996d0e3d1b78cb
hash: 98ee964edeb5a988c3bba8ea1e57fe0e
hash: 681075027553546c119ec447eb8df84633dcffce
hash: e952c18272efa1c3d73d0a5381bcf443c02743fe
hash: f4d77958a12a0778283d3e679b24b18f82e332c4
hash: f8d93c1769e877aae7e7d5c289a467b5ae371c7a
hash: eb141a43958802727a6c813452450c10b92704bea4474ee5fd87c0a1be326e2e
hash: 4931441cae81aaefa80d65d7cce4e1ea
hash: 4931441cae81aaefa80d65d7cce4e1ea
hash: 458653300b48c90a8659b9e9cadc13717bce42b6
hash: 458653300b48c90a8659b9e9cadc13717bce42b6

Source: AlienVault OTX General

Published: Fri Jun 05 2026

VerdantBamboo: Just Another BRICKSTORM in the Firewall

Medium

Malwareverdantbamboo brickstorm plenet agentpsd t1133 t1548.003 t1087.001 t1543.003 t1053.003 t1021.004 t1190 t1505.003 t1059.004 t1562.001 t1078 t1068 t1102.002 t1573.002 t1059.006 t1070.004 t1027.002 t1071.001 t1090.001

Published: Fri Jun 05 2026 (06/05/2026, 18:07:50 UTC)

Source: AlienVault OTX General

Description

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 06/08/2026, 09:03:39 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Author: AlienVault
Tlp: white
References: ["https://www.volexity.com/blog/2026/06/04/verdantbamboo-just-another-brickstorm-in-the-firewall/"]
Adversary: VerdantBamboo
Pulse Id: 6a2310765ec1df9836ee072f
Threat Score: null

Indicators of Compromise

Ip

Value	Description	Copy
ip192.3.30.159	CC=US ASN=AS36352 colocrossing
ip192.3.30.159	CC=US ASN=AS36352 colocrossing
ip5.223.58.4	CC=IR ASN=ASNone
ip5.223.58.4	CC=IR ASN=ASNone
ip144.202.50.151	CC=US ASN=AS20473 the constant company llc
ip144.202.50.151	CC=US ASN=AS20473 the constant company llc
ip149.248.11.71	CC=US ASN=AS20473 the constant company llc
ip149.248.11.71	CC=US ASN=AS20473 the constant company llc
ip104.253.1.46	CC=US ASN=AS18779 egihosting
ip104.253.1.46	CC=US ASN=AS18779 egihosting
ip107.175.235.196	CC=US ASN=AS36352 colocrossing
ip107.175.235.196	CC=US ASN=AS36352 colocrossing
ip159.223.77.60	CC=US ASN=AS14061 digitalocean llc
ip159.223.77.60	CC=US ASN=AS14061 digitalocean llc
ip170.187.181.243	CC=CA ASN=AS63949 linode llc
ip170.187.181.243	CC=CA ASN=AS63949 linode llc
ip172.245.5.22	CC=US ASN=AS36352 colocrossing
ip172.245.5.22	CC=US ASN=AS36352 colocrossing
ip173.254.201.16	CC=US ASN=AS8100 quadranet enterprises llc
ip173.254.201.16	CC=US ASN=AS8100 quadranet enterprises llc
ip5.223.42.12	CC=IR ASN=ASNone
ip5.223.42.12	CC=IR ASN=ASNone
ip5.223.49.77	CC=IR ASN=ASNone
ip5.223.49.77	CC=IR ASN=ASNone
ip5.223.68.181	CC=IR ASN=ASNone
ip5.223.68.181	CC=IR ASN=ASNone
ip66.59.196.250	CC=US ASN=AS35913 dedipath
ip66.59.196.250	CC=US ASN=AS35913 dedipath

Hash

Value	Description	Copy
hash42692bd13333623e9085d0c1326574a3391efcbf18158bb04972103c9ee4a3b8	—
hash42692bd13333623e9085d0c1326574a3391efcbf18158bb04972103c9ee4a3b8	—
hashb42159d68ba58d7857c091b5acc59e30e50a854b15f7ce04b61ff6c11cdf0156	—
hashb42159d68ba58d7857c091b5acc59e30e50a854b15f7ce04b61ff6c11cdf0156	—
hash123e80a34508c4dede7cc70e76931fcc	MD5 of 2388ed7aee0b6b392778e8f9e98871c06499f476c9e7eae6ca0916f827fe65df
hash123e80a34508c4dede7cc70e76931fcc	MD5 of 2388ed7aee0b6b392778e8f9e98871c06499f476c9e7eae6ca0916f827fe65df
hashb1b7aaa5bd4408a4d3003a9fabcdd041	MD5 of 90b760ed1d0dcb3ef0f2b6d6195c9d852bcb65eca293578982a8c4b64f51b035
hashb1b7aaa5bd4408a4d3003a9fabcdd041	MD5 of 90b760ed1d0dcb3ef0f2b6d6195c9d852bcb65eca293578982a8c4b64f51b035
hash130fdc32de36a362e65c7138b560eb8d8f6ae599	SHA1 of 2388ed7aee0b6b392778e8f9e98871c06499f476c9e7eae6ca0916f827fe65df
hash130fdc32de36a362e65c7138b560eb8d8f6ae599	SHA1 of 2388ed7aee0b6b392778e8f9e98871c06499f476c9e7eae6ca0916f827fe65df
hashb8eed63ab9cbdca494f26a6f66bfd4a0a693b3f0	SHA1 of 90b760ed1d0dcb3ef0f2b6d6195c9d852bcb65eca293578982a8c4b64f51b035
hashb8eed63ab9cbdca494f26a6f66bfd4a0a693b3f0	SHA1 of 90b760ed1d0dcb3ef0f2b6d6195c9d852bcb65eca293578982a8c4b64f51b035
hash2388ed7aee0b6b392778e8f9e98871c06499f476c9e7eae6ca0916f827fe65df	—
hash2388ed7aee0b6b392778e8f9e98871c06499f476c9e7eae6ca0916f827fe65df	—
hash90b760ed1d0dcb3ef0f2b6d6195c9d852bcb65eca293578982a8c4b64f51b035	—
hash90b760ed1d0dcb3ef0f2b6d6195c9d852bcb65eca293578982a8c4b64f51b035	—
hash84b573305b732a8372a082c057242953	MD5 of aa688682d44f0c6b0ed7f30b981a609100107f2d414a3a6e5808671b112d1878
hash84b573305b732a8372a082c057242953	MD5 of aa688682d44f0c6b0ed7f30b981a609100107f2d414a3a6e5808671b112d1878
hashf1f64ed1ee74d3b84f338a612e59c81997d6f70e	SHA1 of aa688682d44f0c6b0ed7f30b981a609100107f2d414a3a6e5808671b112d1878
hashf1f64ed1ee74d3b84f338a612e59c81997d6f70e	SHA1 of aa688682d44f0c6b0ed7f30b981a609100107f2d414a3a6e5808671b112d1878
hashaa688682d44f0c6b0ed7f30b981a609100107f2d414a3a6e5808671b112d1878	—
hashaa688682d44f0c6b0ed7f30b981a609100107f2d414a3a6e5808671b112d1878	—
hash320a0b5d4900697e125cebb5ff03dee7368f8f087db1c1570b0b62f5a986d759	—
hash320a0b5d4900697e125cebb5ff03dee7368f8f087db1c1570b0b62f5a986d759	—
hash9c44bc9373377831c45dd0ac2661a28e	MD5 of 320a0b5d4900697e125cebb5ff03dee7368f8f087db1c1570b0b62f5a986d759
hash9c44bc9373377831c45dd0ac2661a28e	MD5 of 320a0b5d4900697e125cebb5ff03dee7368f8f087db1c1570b0b62f5a986d759
hashb439749a581ac5a29b5c9d91fc092bf4ceaa76a4	SHA1 of 320a0b5d4900697e125cebb5ff03dee7368f8f087db1c1570b0b62f5a986d759
hashb439749a581ac5a29b5c9d91fc092bf4ceaa76a4	SHA1 of 320a0b5d4900697e125cebb5ff03dee7368f8f087db1c1570b0b62f5a986d759
hash24a11a26a2586f4fba7bfe89df2e21a0809ad85069e442da98c37c4add369a0c	—
hash24a11a26a2586f4fba7bfe89df2e21a0809ad85069e442da98c37c4add369a0c	—
hash2654c08491a0f7c4a3dfc6282de5638b	MD5 of 24a11a26a2586f4fba7bfe89df2e21a0809ad85069e442da98c37c4add369a0c
hash2654c08491a0f7c4a3dfc6282de5638b	MD5 of 24a11a26a2586f4fba7bfe89df2e21a0809ad85069e442da98c37c4add369a0c
hash4b8ab808442bf7cb084fddf983a558c2cd4b3ff2	SHA1 of 24a11a26a2586f4fba7bfe89df2e21a0809ad85069e442da98c37c4add369a0c
hash4b8ab808442bf7cb084fddf983a558c2cd4b3ff2	SHA1 of 24a11a26a2586f4fba7bfe89df2e21a0809ad85069e442da98c37c4add369a0c
hash625b6535321d58bb5c613e85332bf731	MD5 of 92fb4ad6dee9362d0596fda7bbcfe1ba353f812ea801d1870e37bfc6376e624a
hash625b6535321d58bb5c613e85332bf731	MD5 of 92fb4ad6dee9362d0596fda7bbcfe1ba353f812ea801d1870e37bfc6376e624a
hash70686215a49afbae21c351e912940e50dbabadd6	SHA1 of 92fb4ad6dee9362d0596fda7bbcfe1ba353f812ea801d1870e37bfc6376e624a
hash70686215a49afbae21c351e912940e50dbabadd6	SHA1 of 92fb4ad6dee9362d0596fda7bbcfe1ba353f812ea801d1870e37bfc6376e624a
hash45313a6745803a7f57ff35f5397fdf117eaec008a76417e6e2ac8a6280f7d830	—
hash45313a6745803a7f57ff35f5397fdf117eaec008a76417e6e2ac8a6280f7d830	—
hash92fb4ad6dee9362d0596fda7bbcfe1ba353f812ea801d1870e37bfc6376e624a	—
hash92fb4ad6dee9362d0596fda7bbcfe1ba353f812ea801d1870e37bfc6376e624a	—
hashdfb37247d12351ef9708cb6631ce2d7017897503657c6b882a711c0da8a9a591	—
hashdfb37247d12351ef9708cb6631ce2d7017897503657c6b882a711c0da8a9a591	—
hash00e195d94d3b1f7092eb9ed132f89d1b	MD5 of dfb37247d12351ef9708cb6631ce2d7017897503657c6b882a711c0da8a9a591
hash00e195d94d3b1f7092eb9ed132f89d1b	MD5 of dfb37247d12351ef9708cb6631ce2d7017897503657c6b882a711c0da8a9a591
hashc392262fa86c390a20b998970639a51c	MD5 of 45313a6745803a7f57ff35f5397fdf117eaec008a76417e6e2ac8a6280f7d830
hashc392262fa86c390a20b998970639a51c	MD5 of 45313a6745803a7f57ff35f5397fdf117eaec008a76417e6e2ac8a6280f7d830
hash873f1277a42de5c82f869459e7fb7c94554a642b	SHA1 of 45313a6745803a7f57ff35f5397fdf117eaec008a76417e6e2ac8a6280f7d830
hash873f1277a42de5c82f869459e7fb7c94554a642b	SHA1 of 45313a6745803a7f57ff35f5397fdf117eaec008a76417e6e2ac8a6280f7d830
hashdbe26539ed4701596371aa585520dd276d437398	SHA1 of dfb37247d12351ef9708cb6631ce2d7017897503657c6b882a711c0da8a9a591
hashdbe26539ed4701596371aa585520dd276d437398	SHA1 of dfb37247d12351ef9708cb6631ce2d7017897503657c6b882a711c0da8a9a591
hashe28a96f983b8605decd2ac1db16ebad5fa741a6aa4e585a38ade0e5ad7d6cec0	—
hash40d264cf9c73923932c3dfd52d20f46ff602be3fea8dc6ecc71aca46e6067bf5	—
hash40d264cf9c73923932c3dfd52d20f46ff602be3fea8dc6ecc71aca46e6067bf5	—
hash40d264cf9c73923932c3dfd52d20f46ff602be3fea8dc6ecc71aca46e6067bf5	—
hashe981fc4eaaa6417e6034e21438e55c0360773674a6fc0b63c1b95026449e5254	—
hashe981fc4eaaa6417e6034e21438e55c0360773674a6fc0b63c1b95026449e5254	—
hashee41e06ed96182ce80cd4544a6abd5d7719c4a5c0e5ddb266a83842d39b99b0a	—
hashee41e06ed96182ce80cd4544a6abd5d7719c4a5c0e5ddb266a83842d39b99b0a	—
hashee41e06ed96182ce80cd4544a6abd5d7719c4a5c0e5ddb266a83842d39b99b0a	—
hashf06457d2be0840faac9f0a91e63e33f932bf82922b25ac8c046fab38bb1e0b36	—
hashf06457d2be0840faac9f0a91e63e33f932bf82922b25ac8c046fab38bb1e0b36	—
hashf70abe93112637d3ec2f6c5e058ccac0307ebf63e496f38588cbfc17a8f8a264	—
hashf70abe93112637d3ec2f6c5e058ccac0307ebf63e496f38588cbfc17a8f8a264	—
hashf70abe93112637d3ec2f6c5e058ccac0307ebf63e496f38588cbfc17a8f8a264	—
hash58d4eccc982c9e9b1b98aa62c514e53a	—
hash84ad78b2bab946c3677fdc28ebd8a774	—
hash95dc2289427ed29b8b996d0e3d1b78cb	—
hash98ee964edeb5a988c3bba8ea1e57fe0e	—
hash681075027553546c119ec447eb8df84633dcffce	—
hashe952c18272efa1c3d73d0a5381bcf443c02743fe	—
hashf4d77958a12a0778283d3e679b24b18f82e332c4	—
hashf8d93c1769e877aae7e7d5c289a467b5ae371c7a	—
hasheb141a43958802727a6c813452450c10b92704bea4474ee5fd87c0a1be326e2e	—
hash4931441cae81aaefa80d65d7cce4e1ea	MD5 of f06457d2be0840faac9f0a91e63e33f932bf82922b25ac8c046fab38bb1e0b36
hash4931441cae81aaefa80d65d7cce4e1ea	MD5 of f06457d2be0840faac9f0a91e63e33f932bf82922b25ac8c046fab38bb1e0b36
hash458653300b48c90a8659b9e9cadc13717bce42b6	SHA1 of f06457d2be0840faac9f0a91e63e33f932bf82922b25ac8c046fab38bb1e0b36
hash458653300b48c90a8659b9e9cadc13717bce42b6	SHA1 of f06457d2be0840faac9f0a91e63e33f932bf82922b25ac8c046fab38bb1e0b36

Domain

Value	Description	Copy
domainservice.systemsvcs.com	—
domainservice.systemsvcs.com	—
domainwinfoacacorp.com	—
domainwinfoacacorp.com	—
domainperformanceviewtools.com	—
domainperformanceviewtools.com	—
domainfiveworkscorp.com	—
domainfiveworkscorp.com	—
domaindevs.calixcloudinfo.com	—
domaindevs.calixcloudinfo.com	—
domainnatsupport.net	—
domainnatsupport.net	—
domainbarannclinic.com	—
domainbarannclinic.com	—
domainbititer.org	—
domainbititer.org	—
domaincalixcloudinfo.com	—
domaincalixcloudinfo.com	—
domainfaoith.com	—
domainfaoith.com	—
domainkitfloor.org	—
domainkitfloor.org	—
domainsystemsvcs.com	—
domainsystemsvcs.com	—
domainwww.natsupport.net	—
domainwww.natsupport.net	—

Threat ID: 6a2681e7e29bf47b50c1fcb5

Added to database: 6/8/2026, 8:48:39 AM

Last enriched: 6/8/2026, 9:03:39 AM

Last updated: 6/9/2026, 6:11:10 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited

View courses

VerdantBamboo: Just Another BRICKSTORM in the Firewall

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

VerdantBamboo: Just Another BRICKSTORM in the Firewall

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Ip

Hash

Domain

Community Reviews

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility

VerdantBamboo: Just Another BRICKSTORM in the Firewall

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

VerdantBamboo: Just Another BRICKSTORM in the Firewall

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Ip

Hash

Domain

Community Reviews

Related Threats

ThreatFox IOCs for 2026-06-08

NFCShare Android malware spreads via fake banking app updates on GitHub

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Maltrail IOC for 2026-06-08

73 Microsoft GitHub repositories impacted by Miasma malware

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility