← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Hackers Exploit Russian Bulletproof Host Proton66 for Global Cyberattacks
WHITE Prospero PetrP.73 2025-04-22 Modified: 2025-05-22
107
IOCs
HIGH VOLUME
Cybersecurity researchers have uncovered a surge in mass scanning, credential brute-forcing, and exploitation attempts originating from IP addresses associated with the Russian bulletproof hosting service provider Proton66. Since January 8, 2025, these attacks have targeted organizations worldwide, deploying various malware families, including GootLoader and SpyNote. The malicious activity involves exploiting critical vulnerabilities in widely used systems, posing a significant threat to global cybersecurity.
software vulnerabilitycyber attacksdata breachransomware malwareproton66prosperokasperskystrelastealerrussiangootloaderspynotesuperblackxwormweaxormallox
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
XWorm StrelaStealer WeaXor
Indicators of Compromise (107)
All CIDR CVE domain URL FileHash-SHA256 hostname
TYPEINDICATORDESCRIPTIONCREATED
CIDR 45.135.232.0/24 2025-04-22
CIDR 45.140.17.0/24 2025-04-22
CVE CVE-2024-10914 2025-04-22
CVE CVE-2024-41713 2025-04-22
CVE CVE-2024-55591 2025-04-22
CVE CVE-2025-0108 2025-04-22
CVE CVE-2025-24472 2025-04-22
domain coiis-france.com 2025-04-22
domain distrib-france.com 2025-04-22
domain mondiairelay-distrib.com 2025-04-22
domain mufg-customer.shop 2025-04-22
domain mufg-customer0.net 2025-04-22
domain mufg-layout.pro 2025-04-22
domain mufg-marketresearch.shop 2025-04-22
domain mufg-motivate.pro 2025-04-22
domain mufg-policy.com 2025-04-22
domain mufg-publicity.co 2025-04-22
domain mufg-records.shop 2025-04-22
domain mufgdirector.vip 2025-04-22
domain mufgenclose.pro 2025-04-22
domain mufgmtryh.vip 2025-04-22
domain mufgptyhs.pro 2025-04-22
domain mufgrzazc.pro 2025-04-22
domain mufgsknzy.vip 2025-04-22
domain mufgsryab.info 2025-04-22
domain muxytnqwe.click 2025-04-22
domain paycustomer1.support 2025-04-22
domain prime-contract.shop 2025-04-22
domain prime-deadline.shop 2025-04-22
domain verision-info.com 2025-04-22
URL http://193.143.1.205/davwwwroot/182781408328798.dll 2025-04-22
URL http://193.143.1.205/invoice.php 2025-04-22
URL http://193.143.1.205/up.php 2025-04-22
URL http://193.143.1.205/up.php. 2025-04-22
URL http://index.paycustomer1.support/cgi-sys/defaultwebpage.cgi 2025-04-22
URL http://mufg-customer0.net/cgi-sys/defaultwebpage.cgi 2025-04-22
URL http://mufg-policy.com/cgi-sys/defaultwebpage.cgi 2025-04-22
URL http://mufgsknzy.vip/cgi-sys/defaultwebpage.cgi 2025-04-22
URL http://muxytnqwe.click/ 2025-04-22
URL http://paycustomer1.support/cgi-sys/defaultwebpage.cgi 2025-04-22
URL https://distrib-france.com/ 2025-04-22
URL https://mondiairelay-distrib.com/ 2025-04-22
URL https://mondiairelay-distrib.com/pac/ 2025-04-22
URL https://mondiairelay-distrib.com/pac/calcul.php 2025-04-22
URL https://mufg-customer0.net/ 2025-04-22
URL https://mufgsknzy.vip/ 2025-04-22
URL https://muxytnqwe.click 2025-04-22
URL https://paycustomer1.support/ 2025-04-22
FileHash-SHA256 40b75aa3c781f89d55ebff1784ff7419083210e01379bea4f5ef7e05a8609c38 2025-04-22
FileHash-SHA256 7d1de2f4ab7c35b53154dc490ad3e7ad19ff04cfaa10b1828beba1ffadbaf1ab 2025-04-22
FileHash-SHA256 7f2319f4e340b3877e34d5a06e09365f6356de5706e7a78e367934b8a58ed0e7 2025-04-22
FileHash-SHA256 d682d5afbbbd9689d5f30db8576b02962af3c733bd01b8f220ff344a9c00abfd 2025-04-22
FileHash-SHA256 ea71175815d4e409a5d5fe6b1977458687c5d0ea39b03aa6c9dc78d9bb4254f9 2025-04-22
FileHash-SHA256 f1806e634fa838fa8368f256dae59a0960f3ce5d1bcb7f9ba95589d55ab7d0ac 2025-04-22
hostname distracted-goldwasser.193-143-1-139.plesk.page 2025-04-22
domain informatie-update.com 2025-04-22
hostname spot.informatie-update.com 2025-04-22
domain web-supportacc.com 2025-04-22
URL http://193.143.1.139/Ujdu8jjooue 2025-04-22
URL http://193.143.1.139/Ujdu8jjooue/ 2025-04-22
URL http://193.143.1.139/Ujdu8jjooue/biweax.php 2025-04-22
URL http://193.143.1.139/Ujdu8jjooue/biweax.phpeight 2025-04-22
URL https://spot.informatie-update.com/ 2025-04-22
URL https://web-supportacc.com/ 2025-04-22
domain cdn-fr-store.icu 2025-04-22
domain empressas-bbva-es.com 2025-04-22
domain es-appplaystore.com 2025-04-22
domain es-playmarket.com 2025-04-22
domain eu-playmarket.com 2025-04-22
domain eu-playstore.com 2025-04-22
domain france-eu-update.com 2025-04-22
domain france-playmarket.com 2025-04-22
domain frenchmerketplace.com 2025-04-22
domain itsme247.network 2025-04-22
domain letmespellmoons.com 2025-04-22
domain my-tasjeel-ae.com 2025-04-22
domain my-wpenglne.com 2025-04-22
domain orion-manegewp.com 2025-04-22
domain playmarket-es.com 2025-04-22
domain playstore-fr.com 2025-04-22
domain playstore-spain.com 2025-04-22
domain playstores-france.com 2025-04-22
domain playstores-spain.com 2025-04-22
domain spain-playmarket.com 2025-04-22
domain storefix-fr.com 2025-04-22
domain topuplfow.com 2025-04-22
domain trustedcloudmarket.com 2025-04-22
domain updatestore-spain.com 2025-04-22
domain www-kodi.com 2025-04-22
URL http://empressas-bbva-es.com 2025-04-22
URL http://es-playmarket.com 2025-04-22
URL http://eu-playstore.com 2025-04-22
URL http://itsme247.network 2025-04-22
URL http://my-wpenglne.com 2025-04-22
URL http://storefix-fr.com/ 2025-04-22
URL http://topuplfow.com/ 2025-04-22
URL http://www-kodi.com/ 2025-04-22
URL http://www-kodi.com/getupd.js 2025-04-22
URL https://empressas-bbva-es.com 2025-04-22
URL https://es-playmarket.com 2025-04-22
URL https://eu-playstore.com 2025-04-22
URL https://itsme247.network 2025-04-22
URL https://my-wpenglne.com 2025-04-22
URL https://storefix-fr.com/ 2025-04-22
URL https://www-kodi.com/droid.js 2025-04-22
URL https://www-kodi.com/getfr.js 2025-04-22
URL https://www.letmespellmoons.com 2025-04-22
References (1)
↗ https://thehackernews.com/2025/04/hackers-abuse-russian-bulletproof-host.html