Pulse Detail — Threat Intelligence

PULSE NAME

IOC - PumaBot: Novel Botnet Targeting IoT Surveillance Devices

WHITE celestre 2025-06-05 Modified: 2025-06-05

IOCs

MEDIUM VOLUME

↓ CSV ↓ JSON

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1021.004 T1082 T1205 T1562.004 T1016 T1083 T1036.004 T1552.001 T1547.006 T1110 T1059.004 T1078 T1553.004 T1070.004 T1543.002 T1136 T1105

Indicators of Compromise (33)

All hostname FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain YARA

TYPE	INDICATOR	DESCRIPTION	CREATED
hostname	1.lusyn.xyz	—	2025-06-05
FileHash-MD5	0e455e06315b9184d2e64dd220491f7e	—	2025-06-05
FileHash-MD5	1bd6bcd480463b6137179bc703f49545	—	2025-06-05
FileHash-MD5	48ee40c40fa320d5d5f8fc0359aa96f3	—	2025-06-05
FileHash-MD5	8b37d3a479d1921580981f325f13780c	—	2025-06-05
FileHash-MD5	a9412371dc9247aa50ab3a9425b3e8ba	—	2025-06-05
FileHash-MD5	be83729e943d8d0a35665f55358bdf88	—	2025-06-05
FileHash-MD5	cab6f908f4dedcdaedcdd07fdc0a8e38	—	2025-06-05
FileHash-MD5	cb4011921894195bcffcdf4edce97135	—	2025-06-05
FileHash-SHA1	158f869a1ae3aa2a3586920e788a9110b7495b9d	—	2025-06-05
FileHash-SHA1	1d6f623aa4ccb3ba89c19a1479a84067ada38f32	—	2025-06-05
FileHash-SHA1	2c54bfe5145be3d28f5899962f5c570a34de15fb	—	2025-06-05
FileHash-SHA1	5a1448bb86d5658f396c463f08774fdf171245e6	—	2025-06-05
FileHash-SHA1	6710f3847b805a75eab797959094acaeaa29d6aa	—	2025-06-05
FileHash-SHA1	a85c6874884f7d6df2587fd51f65ff7593569683	—	2025-06-05
FileHash-SHA1	c39c96dc5c1e640d081da30cf8f0638689700483	—	2025-06-05
FileHash-SHA256	0957884a5864deb4389da3b68d3d2a139b565241da3bb7b9c4a51c9f83b0f838	—	2025-06-05
FileHash-SHA256	426276a76f20b823e896e3c08f1c42f3d15a91a55c3613c7b3bdfbef0bbed9a9	—	2025-06-05
FileHash-SHA256	6838d819b5588cd4b0a52c21d02cbf305005fc31bc0e6709d24223a0f6dfb249	—	2025-06-05
FileHash-SHA256	7c59d3e325ad6c6d85e3b4c457c8f816eb437e5e98a63584f5eb7a39e33a5f40	—	2025-06-05
FileHash-SHA256	a5125945d7489d61155723259990c168db01dfedcd76a2e1ba08caa3c4532ca3	—	2025-06-05
FileHash-SHA256	ab50b0b9d5c9739383ce6178b258af10b116299ecb3319bbfb94f27d6f7b1b01	—	2025-06-05
FileHash-SHA256	f8c75077c3e3c97314c729a7a5fe97b1d2868a94632a351ba3985f0cf66c09d7	—	2025-06-05
FileHash-SHA1	f540f7af0ba3995c2a35f623b83737456c93e55f	—	2025-06-05
domain	multi-user.target	—	2025-06-05
domain	pumatronix.com	—	2025-06-05
domain	cadosecurity.com	—	2025-06-05
hostname	dasfsdfsdfsdfasfgbczxxc.lusyn.xyz	—	2025-06-05
hostname	db.17kp.xyz	—	2025-06-05
hostname	dow.17kp.xyz	—	2025-06-05
hostname	input.17kp.xyz	—	2025-06-05
hostname	ssh.ddos-cc.org	—	2025-06-05
YARA	f540f7af0ba3995c2a35f623b83737456c93e55f	Rule to match on PumaBot samples	2025-06-05

References (1)

↗ https://www.darktrace.com/blog/pumabot-novel-botnet-targeting-iot-surveillance-devices