← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Hackers Used Snappybee Malware and Citrix Flaw to Breach European Telecom Network
WHITE CyberHunter_NL 2025-10-21 Modified: 2025-11-20
36
IOCs
MEDIUM VOLUME
Find out more about Darktrace, the artificial intelligence (AI) technology company, which helps companies detect, prevent and respond to cyber attacks across a range of industries. £1.5bn
networkdarktraceanomalycyber aianalystsignificantip addressaugustredacteddc2esxi devicepossiblemonitoringakiramimikatzanydeskwinrarwinscprubydownloadexploitiobit
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
IObit Akira
Indicators of Compromise (36)
All URL CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL https://www.s-rminform.com/latest-thinking/derailing-akira-cyber-threat-intelligence 2025-10-21
CVE CVE-2024-40766 2025-10-21
FileHash-MD5 8bd8506f6b1a80eea68e877fa81e267c MD5 of b5367820cd32640a2d5e4c3a3c1ceedbbb715be2 2025-10-21
FileHash-SHA1 b5367820cd32640a2d5e4c3a3c1ceedbbb715be2 2025-10-21
FileHash-SHA256 fc3be6917fd37a083646ed4b97ebd2d45734a1e154e69c9c33ab00b0589a09e5 SHA256 of b5367820cd32640a2d5e4c3a3c1ceedbbb715be2 2025-10-21
URL http://137.184.126.86:8080/vmwaretools 2025-10-21
URL http://156.244.28.153/17ABE7F017ABE7F0 2025-10-21
URL http://85.239.52.96:8000/vmwarecli 2025-10-21
URL http://89.31.121.101:443//Dialog.dat 2025-10-21
URL http://89.31.121.101:443/1.txt 2025-10-21
URL http://89.31.121.101:443/123.tar 2025-10-21
URL http://89.31.121.101:443/123.txt 2025-10-21
URL http://89.31.121.101:443/DgApi.dll 2025-10-21
URL http://89.31.121.101:443/DisplayDialog.exe 2025-10-21
URL http://89.31.121.101:443/NortonLog.txt 2025-10-21
URL http://89.31.121.101:443/WINMM.dll 2025-10-21
URL http://89.31.121.101:443/dbindex.dat 2025-10-21
URL http://89.31.121.101:443/fltLib.dll 2025-10-21
URL http://89.31.121.101:443/imfsbDll.dll 2025-10-21
URL http://89.31.121.101:443/imfsbSvc.exe 2025-10-21
URL http://89.31.121.101:443/pdc.exe 2025-10-21
URL https://fieldeffect.com/blog/update-akira-ransomware-group-targets-sonicwall-vpn-appliances 2025-10-21
URL https://lab52.io/blog/deedrat-backdoor-enhanced-by-chinese-apts-with-advanced-capabilities/ 2025-10-21
URL https://labs.lares.com/fear-kerberos-pt2/#UNPAC 2025-10-21
URL https://www.ransomware.live/map?year=2025&q=akira 2025-10-21
URL https://www.silentpush.com/blog/salt-typhoon-2025/ 2025-10-21
URL https://www.thehacker.recipes/ad/movement/kerberos/unpac-the-hash 2025-10-21
domain advanced-ip-scanner.com 2025-10-21
domain fieldeffect.com 2025-10-21
domain lab52.io 2025-10-21
hostname aar.gandhibludtric.com 2025-10-21
hostname labs.lares.com 2025-10-21
hostname www.ransomware.live 2025-10-21
hostname www.s-rminform.com 2025-10-21
hostname www.silentpush.com 2025-10-21
hostname www.thehacker.recipes 2025-10-21
References (1)
↗ https://www.darktrace.com/blog/salty-much-darktraces-view-on-a-recent-salt-typhoon-intrusion