← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Shadow syndicate infrastructure illumination
WHITE ShadowSyndicate PetrP.73 2025-08-02 Modified: 2025-09-01
154
IOCs
HIGH VOLUME
ShadowSyndicate has emerged as a notable threat actor in the ransomware-as-a-service (RaaS) landscape, utilizing a sophisticated network primarily based in Europe and allegedly operated from Russia. This group has been linked to prominent ransomware families such as Lockbit and Cl0p, characterized by a consistent Secure Shell (SSH) fingerprint across their servers that enhances their operational security and resilience against law enforcement. The group demonstrates connections to state-sponsored actors from China and North Korea, employing tactics that blend ransomware deployment with information manipulation strategies, particularly in socio-political contexts, including hack-and-leak operations targeting political figures during sensitive events like U.S. elections.
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (154)
All CIDR CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain email hostname
TYPEINDICATORDESCRIPTIONCREATED
CIDR 141.98.80.0/24 2025-08-02
CIDR 147.78.46.0/24 2025-08-02
CIDR 179.60.147.0/24 2025-08-02
CIDR 185.107.116.0/23 2025-08-02
CIDR 185.55.240.0/22 2025-08-02
CIDR 193.29.13.0/24 2025-08-02
CIDR 195.230.24.0/24 2025-08-02
CIDR 195.230.25.0/24 2025-08-02
CIDR 212.70.149.0/24 2025-08-02
CIDR 45.141.156.0/22 2025-08-02
CIDR 45.141.157.0/24 2025-08-02
CIDR 45.227.252.0/24 2025-08-02
CIDR 45.227.255.0/24 2025-08-02
CIDR 5.181.86.0/24 2025-08-02
CIDR 5.188.206.0/24 2025-08-02
CIDR 5.188.86.0/23 2025-08-02
CIDR 77.83.36.0/24 2025-08-02
CIDR 78.128.112.0/24 2025-08-02
CIDR 78.128.113.0/24 2025-08-02
CIDR 79.124.54.0/24 2025-08-02
CIDR 79.124.60.0/24 2025-08-02
CIDR 80.94.95.0/24 2025-08-02
CIDR 85.217.223.0/24 2025-08-02
CIDR 87.121.98.0/24 2025-08-02
CIDR 88.214.25.0/24 2025-08-02
CVE CVE-2022-42475 2025-08-02
CVE CVE-2023-34362 2025-08-02
CVE CVE-2024-1708 2025-08-02
CVE CVE-2024-1709 2025-08-02
FileHash-MD5 30f168b3ccdd01ce51a701d691cad093 MD5 of ef691a7d4c160dcb00c491b6e58188d62974dcc9357c4bc067af03920b89ac7e 2025-08-02
FileHash-SHA1 c91c39447ae1b205b00e4f9767b9479ed35141c6 SHA1 of ef691a7d4c160dcb00c491b6e58188d62974dcc9357c4bc067af03920b89ac7e 2025-08-02
FileHash-SHA256 4fe0aa609df4df49317733445194b27e77c42aea5d16108ef28b0c4f2e4f38b2 2025-08-02
FileHash-SHA256 65103ed62bf26e5bab1b56756771bc129d2c6ff6a419cab858d29d0ff233bef2 2025-08-02
FileHash-SHA256 9a2da32d2dc364059878a43322d9f56c372d710544edb47258564556de698030 2025-08-02
FileHash-SHA256 dd1bff3bb1654d213a144c9f0adcb98016ff5c940e49963be9acf143516fdd9b 2025-08-02
FileHash-SHA256 ef691a7d4c160dcb00c491b6e58188d62974dcc9357c4bc067af03920b89ac7e 2025-08-02
URL http://179.60.147.0/24. 2025-08-02
URL http://185.55.240.0/22. 2025-08-02
URL http://5.188.86.0 2025-08-02
URL http://5.188.87.255 2025-08-02
URL http://ec.com/bl 2025-08-02
URL http://itter.com/I 2025-08-02
URL http://www.global-layer.com 2025-08-02
URL https://bunea.eu/ 2025-08-02
URL https://escapeesrvclub.com/macshare.php 2025-08-02
URL https://escapeesrvclub.com/macshare.php. 2025-08-02
URL https://www.bridewell.com/insights/blogs/detail/shadowsyndicate?source=post_page---- 2025-08-02
domain 282we.systems 2025-08-02
domain 4cloud.mobi 2025-08-02
domain 4media.bg 2025-08-02
domain 4vendeta.com 2025-08-02
domain 4vps.su 2025-08-02
domain 59telecom.ru 2025-08-02
domain 8kun.net 2025-08-02
domain ag34as209282we.systems 2025-08-02
domain albahost.net 2025-08-02
domain apple-ads-metric.com 2025-08-02
domain applepay-invoice.com 2025-08-02
domain artkom.net 2025-08-02
domain buhariki.biz 2025-08-02
domain bunea.eu 2025-08-02
domain channel.ie 2025-08-02
domain channelnet.org 2025-08-02
domain claudfront.net 2025-08-02
domain cloud-home.biz 2025-08-02
domain cloud.net 2025-08-02
domain datasmetric.com 2025-08-02
domain devsecurityservices.com 2025-08-02
domain dm-auto.eu 2025-08-02
domain eood10as209282we.systems 2025-08-02
domain escapeesrvclub.com 2025-08-02
domain exstranet.bg 2025-08-02
domain fibernet.bg 2025-08-02
domain flyservers.com 2025-08-02
domain friendscorporation.biz 2025-08-02
domain gangsteri.biz 2025-08-02
domain grimhosting.com 2025-08-02
domain hastate.net 2025-08-02
domain hcpsol.com 2025-08-02
domain home.biz 2025-08-02
domain host.com 2025-08-02
domain hostkey.io 2025-08-02
domain hostkey.tr 2025-08-02
domain hostkey.uk 2025-08-02
domain hpcsol.ru 2025-08-02
domain hunt.io 2025-08-02
domain hunterlap.top 2025-08-02
domain inkedin.co 2025-08-02
domain innovaservers.net 2025-08-02
domain ipocean.ru 2025-08-02
domain itter.com 2025-08-02
domain j-network.biz 2025-08-02
domain jqueryfact.com 2025-08-02
domain krez999.com 2025-08-02
domain lena.ru 2025-08-02
domain loomfi.com 2025-08-02
domain maconlineoffice.com 2025-08-02
domain netshield.ltd 2025-08-02
domain netshield.pro 2025-08-02
domain nforce.com 2025-08-02
domain offshore.cat 2025-08-02
domain okpayinvest.com 2025-08-02
domain okpayinvest.net 2025-08-02
domain one-host.net 2025-08-02
domain pindc.ru 2025-08-02
domain rack-web.com 2025-08-02
domain ragnar.host 2025-08-02
domain ragnarnet.com 2025-08-02
domain sa10as208410artkom.net 2025-08-02
domain safe-vpn.mobi 2025-08-02
domain scsvcreg.com 2025-08-02
domain stream-host.net 2025-08-02
domain streaming-host.net 2025-08-02
domain visualstudiomacupdate.com 2025-08-02
domain web4net.org 2025-08-02
email abuse@4cloud.mobi 2025-08-02
email abuse@4media.bg 2025-08-02
email abuse@corpexa.com 2025-08-02
email abuse@flyservers.com 2025-08-02
email abuse@hostkey.nl 2025-08-02
email abuse@hostkey.ru 2025-08-02
email abuse@neterra.net 2025-08-02
email abuse@one-host.net 2025-08-02
email abuse@ordertld.com 2025-08-02
email abuse@pindc.ru 2025-08-02
email abuse@rack-web.com 2025-08-02
email abuse@ragnarnet.com 2025-08-02
email admin@flyservers.com 2025-08-02
email b.simeonov@4vendeta.com 2025-08-02
email hostmaster@fibernet.bg 2025-08-02
email n.nikolov@4vendeta.com 2025-08-02
email o.pishulev@59telecom.ru 2025-08-02
email p.dimov@4vendeta.com 2025-08-02
email suport@bunea.eu 2025-08-02
email support@hostkey.com 2025-08-02
email unlock@cl-leaks.com 2025-08-02
hostname beef.softbyms.com 2025-08-02
hostname cbox4.ignorelist.com 2025-08-02
hostname mail.exsnet.bg 2025-08-02
hostname mail.flyservers.com 2025-08-02
hostname mail.here-host.com 2025-08-02
hostname mail.spacebears.top 2025-08-02
hostname ns.4vendeta.com 2025-08-02
hostname ns1.fibernet.bg 2025-08-02
hostname ns2.cloud-home.biz 2025-08-02
hostname ns2.hostkey.com 2025-08-02
hostname srv.cl-leaks.com 2025-08-02
hostname venezuela.safe-vpn.mobi 2025-08-02
hostname visit.keznews.com 2025-08-02
hostname vm.bthoster.com 2025-08-02
hostname vm.bthoster.is 2025-08-02
hostname www.bridewell.com 2025-08-02
hostname www.global-layer.com 2025-08-02
hostname x.4vendeta.com 2025-08-02
References (1)
↗ https://www.intrinsec.com/wp-content/uploads/2025/08/TLP-CLEAR-31072025-ShadowSyndicate-infrastructure-illumination-EN-1.pdf