← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Proactive OT security: Lessons on supply chain risk management from a rogue Raspberry Pi
WHITE PetrP.73 2025-06-16 Modified: 2025-07-16
108
IOCs
HIGH VOLUME
A recent insider threat was identified when a vendor left a rogue Raspberry Pi device on a customer's Industrial Control Systems (ICS) network, highlighting supply chain vulnerabilities. Historical incidents, including the 2014 Havex attack and the 2018 semiconductor breach, exemplify the risks associated with compromised software within ICS environments. Darktrace's analysis pointed out unusual metadata linked to the device's encrypted connections, indicating potential risks despite lacking overt malicious signs. Additionally, advanced techniques like ClickFix baiting have been employed by threat actors such as APT28 and MuddyWater, utilizing social engineering to execute malicious commands and allowing for lateral movement within networks, thereby increasing the potential for sensitive data exfiltration.
Indicators of Compromise (108)
All FileHash-SHA1 FileHash-SHA256 domain hostname URL
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 10a5eab3eef36e75bd3139fe3a3c760f54be33e3 2025-06-16
FileHash-SHA256 34ff2f72c191434ce5f20ebc1a7e823794ac69bba9df70721829d66e7196b044 2025-06-16
domain rkuagqnmnypetvf.top 2025-06-16
domain tlgrm-redirect.icu 2025-06-16
hostname diagnostics.medgenome.com 2025-06-16
hostname autologon.sfxcathedralgeraldton.com 2025-06-16
URL https://216.245.184.181/init1234 2025-06-16
FileHash-SHA256 10bab67df6d1c2489cb96a5e0d737c7216750a1d89449839a98394c9257b0e0f 2025-06-16
FileHash-SHA256 289b7314679947367e7fcd009eb6512eaf8002dc42f70ba892df197dcfa41971 2025-06-16
FileHash-SHA256 4639fbec6841b850049706fa0d46e4c1c400ec059cbae724fcd757b1c02cbffa 2025-06-16
FileHash-SHA256 a8bf49f8bd853a77f88ff58d3b8af65900a83b7253b23a439abd1413a9130d6c 2025-06-16
FileHash-SHA256 c131495e6da85ad210c564ee45870f3965e5a24b3a1418cd2da7debcb7b64a9a 2025-06-16
FileHash-SHA256 fbcc4571846d521eb6f4adfdf44fb0e7050b295ca7bedf8230c6a7f3fc3fc18d 2025-06-16
domain abckdkfkgdjnkhe.top 2025-06-16
domain agleeagkchcffhm.top 2025-06-16
domain atcpvjdaxfsrebp.top 2025-06-16
domain bdaiadclnkiagib.top 2025-06-16
domain bjicchekjncgbij.top 2025-06-16
domain bjmbtcbaexfgnca.top 2025-06-16
domain clfanablcgbimjg.top 2025-06-16
domain cxwlrvxakrruxdk.top 2025-06-16
domain gcbbmcadbbgijac.top 2025-06-16
domain hfmnjildiifkgbn.top 2025-06-16
domain hkhhlmndemncaai.top 2025-06-16
domain inefifkdlemdlbf.top 2025-06-16
domain jbbdfmheellfhcc.top 2025-06-16
domain jhjlhbieabelccl.top 2025-06-16
domain lwaynsumocnjdmn.top 2025-06-16
domain mmkkkmrmuvaxmnx.top 2025-06-16
domain nbuuifonbommvoi.top 2025-06-16
domain oqfgfymnhhybgps.top 2025-06-16
domain xphtbvialsuokyu.top 2025-06-16
domain yereypgarlgduaf.top 2025-06-16
hostname jenkins.h5an.com 2025-06-16
URL https://168.119.96.41/init1234 2025-06-16
hostname b56.parseh.xyz 2025-06-16
hostname k1.parseh.xyz 2025-06-16
domain lifesharepharmaceutical.gr 2025-06-16
hostname nice-fermi.188-34-195-44.plesk.page 2025-06-16
domain qtsmetaforiki.gr 2025-06-16
domain talk2me.gr 2025-06-16
hostname vigilant-proskuriakova.188-34-195-44.plesk.page 2025-06-16
hostname www.treppen-planwerk.de 2025-06-16
URL http://188.34.195.44:995 2025-06-16
URL https://lifesharepharmaceutical.gr/life-coaching/%CF%84%CE%B1-%CE%B5%CE%AF%CE%B4%CE%B7-%CF%84%CE%BF%CF%85-coaching/ 2025-06-16
hostname 212-237-217-182.cprapid.com 2025-06-16
domain cprapid.com 2025-06-16
hostname ipv6.212-237-217-182.cprapid.com 2025-06-16
hostname mail.212-237-217-182.cprapid.com 2025-06-16
URL http://ipv6.212-237-217-182.cprapid.com/ 2025-06-16
URL http://mail.212-237-217-182.cprapid.com/ 2025-06-16
FileHash-SHA256 dabc552e18e8f4bd460e609b51196c781ce99c721a47d5024a5469b77be05b71 2025-06-16
domain airdrop-dungeons.com 2025-06-16
domain angorouteam.com 2025-06-16
domain berachain-community.com 2025-06-16
domain binu-bnb.com 2025-06-16
domain coinspaceteam.com 2025-06-16
domain distribution-pawstokens.com 2025-06-16
domain drop-pawscoin.com 2025-06-16
domain gordon-private.com 2025-06-16
domain grok-sale.com 2025-06-16
domain info-ramen.com 2025-06-16
hostname isp5.dedic.pro 2025-06-16
domain june-reward.com 2025-06-16
domain kelp-vote.com 2025-06-16
domain micropedik.in 2025-06-16
domain nortonrosefuibright.com 2025-06-16
domain plsverif.cfd 2025-06-16
domain presale-wizztokens.com 2025-06-16
domain seoul-event.com 2025-06-16
domain seoul-xrp.net 2025-06-16
domain soubtcevent.com 2025-06-16
domain titis.cam 2025-06-16
domain wlfi-community.com 2025-06-16
domain xrp-korean.com 2025-06-16
domain xrp-tokyo.net 2025-06-16
domain xrp2025.com 2025-06-16
domain xrpevent2025.info 2025-06-16
domain xrprewards.info 2025-06-16
URL http://info-ramen.com/ 2025-06-16
URL http://micropedik.in/1.zip 2025-06-16
URL http://presale-wizztokens.com/ 2025-06-16
URL http://tlgrm-redirect.icu/1.txt 2025-06-16
URL http://xrp-tokyo.net 2025-06-16
URL http://xrp2025.com 2025-06-16
URL http://xrpevent2025.info 2025-06-16
URL http://xrprewards.info 2025-06-16
URL https://coinspaceteam.com/ 2025-06-16
URL https://distribution-pawstokens.com/ 2025-06-16
URL https://micropedik.in/ 2025-06-16
URL https://micropedik.in/2.zip 2025-06-16
URL https://wlfi-community.com/ 2025-06-16
URL https://xrp-korean.com 2025-06-16
URL https://xrp-tokyo.net 2025-06-16
URL https://xrp2025.com 2025-06-16
URL https://xrpevent2025.info 2025-06-16
URL https://xrprewards.info 2025-06-16
domain medgenome.com 2025-06-16
URL https://diagnostics.medgenome.com/liquidbiopsy/ 2025-06-16
URL https://diagnostics.medgenome.com/medgenome-iec 2025-06-16
URL https://diagnostics.medgenome.com/ng 2025-06-16
URL https://diagnostics.medgenome.com/nipt/ 2025-06-16
URL https://diagnostics.medgenome.com/prima/lung-cancer.php 2025-06-16
URL https://diagnostics.medgenome.com/publications/ 2025-06-16
URL https://tlgrm-redirect.icu/1.txt 2025-06-16
URL http://abckdkfkgdjnkhe.top/zeqvk8x13ghtr.php 2025-06-16
URL https://abckdkfkgdjnkhe.top/zeqvk8x13ghtr.php/ 2025-06-16
hostname ns.lifesharepharmaceutical.gr 2025-06-16
References (1)
↗ https://www.darktrace.com/blog/proactive-ot-security-lessons-on-supply-chain-risk-management-from-a-rogue-raspberry-pi