Pulse Detail — Threat Intelligence

PULSE NAME

EbeeOct2025 Pt1

WHITE Multiple APT/Malware IMEBEEIMFINE 2025-10-09 Modified: 2025-11-09

795

IOCs

HIGH VOLUME

↓ CSV ↓ JSON

Indicators of Compromise (46 / 795 total)

All hostname URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 CVE domain

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	http://secure-ntc.net/Advisory/NTC/2025/05/hit.gov.pk/	—	2025-10-09
URL	http://112.0.0.0	—	2025-10-09
URL	http://118.174.183.89/kptinfo/import/index.php	—	2025-10-09
URL	http://176.65.138.152/script.php?u=j6cwaj0h67	—	2025-10-09
URL	http://20.112.250.113:443	—	2025-10-09
URL	http://20.70.246.20:433	—	2025-10-09
URL	http://5.255.113.9/translateapp/Dell_YGN/processtext.php.	—	2025-10-09
URL	http://bloomwpp.info/JRC89.xn--kut;-ib7a	—	2025-10-09
URL	http://bloomwpp.info/KM9XFY.xn--kut;curl-fq3d	—	2025-10-09
URL	http://bloomwpp.info/WTBXX46.xn--kut;$j=$env:tmp-0y9h	—	2025-10-09
URL	http://doc-ye9wbezc.b4a.run/	—	2025-10-09
URL	http://drive-nepal-gov.com/document/docu.php	d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3	2025-10-09
URL	http://fewcriet5rhoy66k6c4cyvb2pqrblxtx4mekj3s5l4jjt4t4kn4vheyd.onion	—	2025-10-09
URL	http://gwadarport.ddns.net:9090	—	2025-10-09
URL	http://hit.gov.pk/	—	2025-10-09
URL	http://mail.cbm.gov.mm/	—	2025-10-09
URL	http://marshmellowflowerscar.info	0d3e98ca727fc1201b436170af5a63f23348aaf146a3ac6234f6c4da283e8b34	2025-10-09
URL	http://mofagovnp-bm46fjwo.b4a.run/	—	2025-10-09
URL	http://myanmar-org-mail.com/cbm/action.php	—	2025-10-09
URL	http://ntc-06gd0upz.b4a.run/login	—	2025-10-09
URL	http://ntc-06gd0upz.b4a.run/login/?jcvjeijnasdncadasdbfdfurhtnbfgbsydbx=1	—	2025-10-09
URL	http://posta-nhq43i6x.b4a.run/login	—	2025-10-09
URL	http://posta-nhq43i6x.b4a.run/login/?jcvjeijnasdncadasdbfdfurhtnbfgbsydbx=1	—	2025-10-09
URL	http://technologysupport.help/1pac.php	—	2025-10-09
URL	http://technologysupport.help/renderer.php	—	2025-10-09
URL	http://technologysupport.help/renderer.php.	—	2025-10-09
URL	http://updatemsdnserver.com/script.php.	—	2025-10-09
URL	http://updatemsdnserver.com/script.php?u=	—	2025-10-09
URL	http://viewpdfonline-1wgtaeus.b4a.run/	—	2025-10-09
URL	http://webservermail-g2689far.b4a.run/login	907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9	2025-10-09
URL	https://advertipros.com//?u=script	—	2025-10-09
URL	https://bloomwpp.info/DubjW967VGHD3ykdnhkdhn/dsdcrjhdeenidufoft.py	—	2025-10-09
URL	https://bloomwpp.info/hjdfyebvghu.pyc	—	2025-10-09
URL	https://bloomwpp.info/hjopjhfgda.ps1	—	2025-10-09
URL	https://driftlance.org/bIHTfcVHegEoMrv/WCcod7JY3zwUpDH.php	—	2025-10-09
URL	https://greenxeonsr.info/Jsdfwejhrg.rko	—	2025-10-09
URL	https://nr3cgovpk.org/	—	2025-10-09
URL	https://petricgreen.info/BWN9ZAP.xn--rko;-ib7a	—	2025-10-09
URL	https://petricgreen.info/RPXFD38WAPR7.xn--rko;$j=$env:tmp-0y9h	—	2025-10-09
URL	https://sorvetenopote.com/api/itbi/Q77xivT4udoXayYELTwehMD666ovP6DZ	—	2025-10-09
URL	https://synthient.com/blog/ghostsocks-from-initial-access-to-residential-proxy	—	2025-10-09
URL	http://webservermail-g2689far.b4a.run/login/?jcvjeijnasdncadasdbfdfurhtnbfgbsydbx=1	—	2025-10-09
URL	http://webservermail-g2689far.b4a.run/login/?jcvjeijnasdncadasdbfdfurhtnbfgbsydbx=1.	—	2025-10-09
URL	http://46.8.232.106:30001/api/helper-first-register?buildVersion=0pTk.PWh2DyJ&md5=&proxyPassword=&proxyUsername=&userId=	—	2025-10-09
URL	http://fewcriet5rhoy66k6c4cyvb2pqrblxtx4mekj3s5l4jjt4t4kn4vheyd.onion/chat/777676f8-2313-425f-873a-65c4df8d5def/chat.php	—	2025-10-09
URL	https://cdn.windowserrorapis.com:8443/v5/owa/rYpKZYehSa0sW1gFbbaVg4KB1m.cab	—	2025-10-09

References (1)

↗ IOCs_Oct week-1.pdf