← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Packed DGA Domain - Malicious
WHITE Q.Vashti 2025-07-07 Modified: 2025-08-06
605
IOCs
HIGH VOLUME
I can only speculate about the countless domains targeted to specific users. I can only assume. Based on company cyber defense position, the domains exist so that if clicked on , your entire systems , all devices will be infected , information is gathered life will be compromised by extensive non stop monitoring. We likely end up in botnets and under control of very organized bot masters. I can say with certainty, not everyone being monitored in is a criminal. | Packed Foundry DGA domains | http://www.hosannachristian.org/ | https://web.archive.org/web/20151223222246/http://www.hosannachristian.org/ | IDS Detections: • Possible Worm W32.Svich or Other Infection • Request for setting.doc Yahlover Checkin Request (setting.doc) • HTTP request for .exe file with no User-Agent • Terse alphanumeric executable downloader high likelihood of being hostile #worm #network_icmp #trojan #virtool #dga #foundry #virtool #packer #palantir_related #microsoft #gmail_malicious #why?
switchltdgeneral infogeo austintexasunitedas23005us noterouteptr recordserverdomain statuswin32wormentriesnext associatedtrojanspycrypshowingurls showdate checkedvirtoolcheckin requestt1045get nalzmalaszlo molnarjohn reisermalwareicmp traffichttp trafficdatecopyrecord typettl value
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (38 / 605 total)
All CIDR domain hostname URL FileHash-SHA256 FileHash-MD5 FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
URL http://hosannachristian.org/calendar/ 2025-07-07
URL http://www.hosannachristian.org 2025-07-07
URL http://www.hosannachristian.org/ 2025-07-07
URL https://www.hosannachristian.org 2025-07-07
URL http://207-207-25-168.fwd.datafoundry.com/ 2025-07-07
URL http://207-207-25-204.fwd.datafoundry.com/ 2025-07-07
URL http://207-207-25-211.fwd.datafoundry.com/ 2025-07-07
URL http://207-207-25-213.fwd.datafoundry.com/ 2025-07-07
URL http://209-99-40-224.fwd.datafoundry.com 2025-07-07
URL http://gitlab.tx1.datafoundry.com/ 2025-07-07
URL http://pdns1.datafoundry.com 2025-07-07
URL http://rdweb.datafoundry.com 2025-07-07
URL http://www.go.datafoundry.com/ 2025-07-07
URL https://207-207-25-201.fwd.datafoundry.com 2025-07-07
URL https://207-207-25-204.fwd.datafoundry.com/ 2025-07-07
URL https://207-207-25-211.fwd.datafoundry.com/ 2025-07-07
URL https://207-207-25-212.fwd.datafoundry.com 2025-07-07
URL https://209-99-40-224.fwd.datafoundry.com 2025-07-07
URL https://209-99-40-224.fwd.datafoundry.com/ 2025-07-07
URL https://pdns1.datafoundry.com 2025-07-07
URL https://rdweb.datafoundry.com 2025-07-07
URL https://rdweb.datafoundry.com/RDWeb/Pages/en-US/login.aspx 2025-07-07
URL https://www.datafoundry.com/services/cloud-connect 2025-07-07
URL https://www.go.datafoundry.com 2025-07-07
URL http://efficacyhost.com/ 2025-07-07
URL http://geoff-minger.com/ b825edbb55450e309fe823143f985893b399da08d9166f4523cdffbfb7f48310 2025-07-07
URL http://jerseypete.com/ 8dfbf98adfb38f0b612d15b4baccb23de19cf12dee36c9897708d62aaab6d308 2025-07-07
URL http://obs-studio.adminsolemiaaccounting.com/ 4c7d08f1d6fac569c83fa87b42a3a727668da55317954637ce500d59e058fe03 2025-07-07
URL http://www.williamdeanplatinum.com/precimet/ 2025-07-07
URL https://budbonartgallery.com/ 2025-07-07
URL https://efficacyhost.com/ 2025-07-07
URL https://furfreect.com/ 7da15bb6457dbb866a293c12b681441c8a4a02817ac3fccdcb0cd357660cca9b 2025-07-07
URL https://geoff-minger.com/ 2025-07-07
URL https://kristylarue.com/ 2025-07-07
URL http://www.forensickb.com/2013/03/file-entropy-explained.html 2025-07-07
URL http://virii.es/U/Using%20Entropy%20Analysis%20to%20Find%20Encrypted%20and%20Packed%20Malware.pdf 2025-07-07
URL http://www.crackspider.net/setting.doc 2025-07-07
URL http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html 2025-07-07