Pulse Detail — Threat Intelligence

PULSE NAME

Long Live The Vo1d Botnet: New Variant Hits 1.6 Million TV Globally

WHITE CyberHunter_NL 2025-03-03 Modified: 2025-04-02

IOCs

HIGH VOLUME

On February 24, 2025, NBC News reported: "Unauthorized AI-generated footage suddenly played on televisions at the U.S. Department of Housing and Urban Development (HUD) headquarters in Washington, D.C. The video showed President Donald Trump bowing to kiss Elon Musk's toes, accompanied by the bold caption LONG LIVE THE REAL KING. Staff were unable to shut it down and had to unplug all TVs." The incident quickly sparked widespread public debate and caught the attention of the cybersecurity community, prompting a reevaluation of the significant risks posed by hacked devices like televisions and set-top boxes.

Indicators of Compromise (90)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	01a692df9deb5e8db620e4fb7e687836	—	2025-03-03
FileHash-MD5	0c454831bdb679bdd083c5a7cc785733	—	2025-03-03
FileHash-MD5	2d6d91c5988dcab2eb4dab1ec55cfbb9	—	2025-03-03
FileHash-MD5	2de1775908db39f3c4edbb7a7d99268d	—	2025-03-03
FileHash-MD5	30da72fda6d0f5e3972272332d7fc47b	—	2025-03-03
FileHash-MD5	456e14aa644bd31d85e0fe6f78d8fc15	—	2025-03-03
FileHash-MD5	47c5bf4fbce983c2182ba103d2773dff	—	2025-03-03
FileHash-MD5	4efa4566794d86e033c2362cad05f1f8	—	2025-03-03
FileHash-MD5	4f4d5e37feda9e9556c816c100e1de30	—	2025-03-03
FileHash-MD5	53493b07fe423b1dbdc789803cbac7c1	—	2025-03-03
FileHash-MD5	5701ee051f80e92c1efc5ad32f8401d3	—	2025-03-03
FileHash-MD5	6168dafc5a1d297cf33b26b65db315cc	—	2025-03-03
FileHash-MD5	68ec86a761233798142a6f483995f7e9	—	2025-03-03
FileHash-MD5	6bb3258b688f81dfd03128bccf18823b	—	2025-03-03
FileHash-MD5	9e116f9ad2ff072f02aa2ebd671582a5	—	2025-03-03
FileHash-MD5	a07533a9504fff0756a8ba59ca0af4d6	—	2025-03-03
FileHash-MD5	a4df8a0484e04fe660563b69c93c7f14	—	2025-03-03
FileHash-MD5	a774eb68f60621bfddd8db461d978c12	—	2025-03-03
FileHash-MD5	aabbccddaabbccddaabbccddaabbccdd	—	2025-03-03
FileHash-MD5	b447aaf52c1efad388612f8220969c35	—	2025-03-03
FileHash-MD5	b6d5c945d61a73641e710f357214f3e3	—	2025-03-03
FileHash-MD5	bb6b9aec7d4bfa524c7c5117257e4d78	—	2025-03-03
FileHash-MD5	d9126d936d505b9fa9a8278fda1daaae	—	2025-03-03
FileHash-MD5	de252f9ac7624d723212e7e70972134d	—	2025-03-03
FileHash-MD5	de8f69efdb29cdf5fd12dd7b74584696	—	2025-03-03
FileHash-MD5	fc7dc3c5306d6a508023160953168a16	—	2025-03-03
FileHash-SHA1	0837d77b6a635755b26fedc6bb19adee36fdcc60	SHA1 of 2de1775908db39f3c4edbb7a7d99268d	2025-03-03
FileHash-SHA1	70672a8ccee11976077ff4f3dc16966bbf67e965	—	2025-03-03
FileHash-SHA256	d70f4b94e242b809a1e1a53c6e39b3d986455a205c3e9a2170210a68c75a22a8	SHA256 of 2de1775908db39f3c4edbb7a7d99268d	2025-03-03
URL	http://adstat.ziyemy.shop:3389	—	2025-03-03
URL	http://csskkjw.com/s3/b7027626	—	2025-03-03
URL	http://dcsdk.100ulife.com/reportcompbin	—	2025-03-03
URL	http://dcsdk.100ulife.com/sdkbin	—	2025-03-03
URL	http://dcsdkos.dc16888888.com/reportcompbin	—	2025-03-03
URL	http://dcsdkos.dc16888888.com/sdkbin	—	2025-03-03
URL	http://jaguar-distributor.syslogcollector.com:12000/v1/agent/ctrl	—	2025-03-03
URL	http://ssl87362.com:9999	—	2025-03-03
URL	http://task.moyu88.xyz/cpc/api/proxy/origin	—	2025-03-03
URL	http://task.moyu88.xyz/cpc/api/task	—	2025-03-03
URL	http://task.moyu88.xyz/cpc/api/xml?productId=0	—	2025-03-03
URL	https://dcsdk.100ulife.com/reportcompbin	—	2025-03-03
URL	https://dcsdk.100ulife.com/sdkbin	—	2025-03-03
URL	https://dcsdkos.dc16888888.com/reportcompbin	—	2025-03-03
URL	https://dcsdkos.dc16888888.com/sdkbin	—	2025-03-03
domain	2940637fafa.com	—	2025-03-03
domain	catmore23.com	—	2025-03-03
domain	catmore88.com	—	2025-03-03
domain	catmos99.com	—	2025-03-03
domain	conannt.com	—	2025-03-03
domain	csok997.com	—	2025-03-03
domain	csskkjw.com	—	2025-03-03
domain	gmslb.net	—	2025-03-03
domain	haveits.com	—	2025-03-03
domain	kyc-holdings.com	—	2025-03-03
domain	lbk-sol.com	—	2025-03-03
domain	linkmob.org	—	2025-03-03
domain	peercon.org	—	2025-03-03
domain	phonegrid.org	—	2025-03-03
domain	phonemesh.org	—	2025-03-03
domain	pxleo5fbca7141b5.com	—	2025-03-03
domain	qocoll.com	—	2025-03-03
domain	remoredo.com	—	2025-03-03
domain	safernetwork.io	—	2025-03-03
domain	sklstech.com	—	2025-03-03
domain	snakeers.com	—	2025-03-03
domain	spiritlib.cyou	—	2025-03-03
domain	ssl87362.com	—	2025-03-03
domain	ssl8rrs2.com	—	2025-03-03
domain	synntre.com	—	2025-03-03
domain	ttekf42.com	—	2025-03-03
domain	ttss442.com	—	2025-03-03
domain	tumune3.com	—	2025-03-03
domain	works883.com	—	2025-03-03
domain	works883.xyz	—	2025-03-03
domain	wowokeys.com	—	2025-03-03
hostname	adstat.ad3g.com	—	2025-03-03
hostname	adstat.moyu88.xyz	—	2025-03-03
hostname	adstat.ziyemy.shop	—	2025-03-03
hostname	adstat2.ziyemy.shop	—	2025-03-03
hostname	dcsdk.100ulife.com	—	2025-03-03
hostname	dcsdkos.dc16888888.com	—	2025-03-03
hostname	g.sxim.me	—	2025-03-03
hostname	jaguar-distributor.syslogcollector.com	—	2025-03-03
hostname	ref.sxim.me	—	2025-03-03
hostname	reg.sxim.me	—	2025-03-03
hostname	task.moyu88.xyz	—	2025-03-03
hostname	task.mymoyu.shop	—	2025-03-03
hostname	task1.ziyemy.shop	—	2025-03-03
hostname	task2.ziyemy.shop	—	2025-03-03
hostname	update.ad3g.com	—	2025-03-03

References (1)

↗ https://blog.xlab.qianxin.com/long-live-the-vo1d_botnet/#ioc