Pulse Detail — Threat Intelligence

PULSE NAME

Hilix.sh4

WHITE Arek-BTC 2025-06-28 Modified: 2025-09-01

2466

IOCs

HIGH VOLUME

https://www.virustotal.com/gui/file/412a334f231d4a484fd8af0c4f69989d1bb3a751fb16b6e21acab6cdefebff1b/relations https://www.virustotal.com/gui/file/25dfc07c76e69c0d0e0cc2bcbf52094ad08720c4f16e3e642bd9efe557cc0ec7?nocache=1 https://sandbox.ti.qianxin.com/sandbox/page/url-detail?type=url&id=AZeztp33h6wn_HCyF9EM&url=http%3A%2F%2F202.45.147.116%3A8000%2Fniewolnik

Indicators of Compromise (2 / 2466 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL CVE domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
CVE	CVE-2014-8361	—	2025-06-28
CVE	CVE-2024-40898	SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue.	2025-09-01

References (1)

↗ http://37.49.224.213/bins/Hilix.sh4