Pulse Detail — Threat Intelligence

PULSE NAME

A nebula of Ukrainian networks engaged in brute force and password spraying

WHITE Tr1sa111 2025-09-08 Modified: 2025-09-29

IOCs

MEDIUM VOLUME

↓ CSV ↓ JSON

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1110 T1110.003 T1190 T1583.003 T1583.006 T1584.004 T1588.001 T1595

Indicators of Compromise (46)

All URL CIDR FileHash-MD5 domain email hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	https://blog.eclecticiq.com/inside-bruted-black-basta-raas-members-used-automated-brute-forcing-framework-to-target-edge-network-devices	—	2025-09-08
CIDR	185.156.72.0/24	—	2025-09-08
CIDR	185.156.73.0/24	—	2025-09-08
CIDR	185.156.74.0/24	—	2025-09-08
CIDR	185.193.88.0/24	—	2025-09-08
CIDR	185.193.89.0/24	—	2025-09-08
CIDR	31.43.185.0/24	—	2025-09-08
CIDR	31.43.191.0/24	—	2025-09-08
CIDR	45.143.200.0/24	—	2025-09-08
CIDR	45.143.201.0/24	—	2025-09-08
CIDR	45.143.203.0/24	—	2025-09-08
CIDR	83.222.190.0/24	—	2025-09-08
CIDR	83.222.191.0/24	—	2025-09-08
CIDR	88.210.63.0/24	—	2025-09-08
CIDR	89.248.163.0/24	—	2025-09-08
CIDR	92.63.196.0/24	—	2025-09-08
CIDR	92.63.197.0/24	—	2025-09-08
FileHash-MD5	98ecba6e933249d62edbcef242871a0f	—	2025-09-08
URL	http://185.156.72.0/24.	—	2025-09-08
URL	http://185.193.89.0/24.	—	2025-09-08
URL	http://45.143.201.0/24.	—	2025-09-08
URL	http://45.143.203.0/24]	—	2025-09-08
URL	http://tter.com/I	—	2025-09-08
URL	https://bgp.tools/as/210848	—	2025-09-08
URL	https://blog.eclecticiq.com/global-group-emerging-ransomware-as-a-service	—	2025-09-08
URL	https://blog.eclecticiq.com/inside-bruted-black-basta-raas-members-used-automated-brute-	—	2025-09-08
URL	https://blog.eclecticiq.com/inside-bruted-black-basta-raas-members-used-automated-brute-forcing-	—	2025-09-08
URL	https://community.ipfire.org/t/finding-out-what-an-attacker-aims-at/5687	—	2025-09-08
URL	https://fr.li	—	2025-09-08
URL	https://kyprofile.com/company/1360765	—	2025-09-08
URL	https://redpiranha.net/news/threat-intelligence-report-12th-april-18th-april-2021	—	2025-09-08
URL	https://www.pdflibr.com/AS212283	—	2025-09-08
URL	https://www.qurium.org/alerts/exposing-the-evil-empire-of-doppelganger-disinformation/	—	2025-09-08
domain	aurologic.com	—	2025-09-08
domain	kvmka.ru	—	2025-09-08
domain	kyprofile.com	—	2025-09-08
domain	nkedin.co	—	2025-09-08
domain	ntup.net	—	2025-09-08
domain	recyber.net	—	2025-09-08
domain	redpiranha.net	—	2025-09-08
domain	tter.com	—	2025-09-08
email	abuse@kvmka.ru	—	2025-09-08
hostname	blog.eclecticiq.com	—	2025-09-08
hostname	community.ipfire.org	—	2025-09-08
hostname	www.pdflibr.com	—	2025-09-08
hostname	www.qurium.org	—	2025-09-08

References (1)

↗ https://www.intrinsec.com/wp-content/uploads/2025/08/TLP-CLEAR-20250828-VAIZ-FDN3-TK-NET-EN.pdf