← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
LimeRAT | Dark Room Dennis | SpyGlassPrism HealthCare
WHITE Q.Vashti 2025-11-07 Modified: 2025-12-07
7100
IOCs
HIGH VOLUME
Invasive, dark , illegal. Malicious. Will sift through malware Spyware systems. Perpetual remote connections. Employed by Tam Legals Christopher P. Ahmann (Colorado government) to spy on, tamper with , annoy, terrorize, out of financial awards. spyglass-w_1_.png Size 362B (362 bytes) MD5 3c0e6546a44bd9a0f2768df07db5c1c9 Copy MD5 to clipboard SHA1 eddf26d1da4a140f2f963b8564c4e99cd6f1a677 Copy SHA1 to clipboard SHA256 83eec393865a35363695d6f2416792d0117f551bb3e41d13b141d70e6b35e02c Copy SHA256 to clipboard
germany asnas24940 hetznerstatus connectassociatedpresent novgermanymovedpresent octacceptgermany unknownweb trebuchetms lucidagrande lucidasans unicodelucida sanstahomapassive dnstitleerrorgmbh ccpgermany germanyasn as197540response ipaddress googlesafe browsingpresent junpresent maypresent marpresent janurlsaaaagmt contenttypetagstag groupscountriesadd countrymalware attck it1140informationciscoumbrella rankautomaticwebglpleasenovembertypeof functiontopropertykeymasonry objectprism functioncookiessource levelreverse dnsprotocol h2security tlsasn24940online gmbhgeneral fullurl httpsfalkensteincommunity forumit urlyoutube videostwitch kanaldiscord channelspendenshop urlgooglehetznerashttpaprilde summaryehingenmarchgoogle safebrowsinglearnissues tabvaluemasonrydomainpath namecgjerrieegagfwlabelinputsuchen nachsucheformhashname valuemainflagcontacted hostsip addressprocess detailswindiropenurl cprefetch2ck idname tacticssuspiciousinformativeadversariescommanddefense evasionspawnsfounda domainsasciochina unknownrecord valueapacheencryptdns resolutionsdomains toplevelunique tldsrelated pulsesrelated tagscertificatehostname addurl analysisfilesdomainfiles ipaddressasn as24940lessraspberry piubiquitiremotehostnamepulse submitstatusentriesx xsssameorigin xunicode textutf8 textclickstringsmitre attck matrixpattern matchascii texthrefshow processnetwork trafficgeneralhybridlocalpathmonitored targetspyglassspyware.pegasus systemsprismcolorado legchristopher p.ahmannahmannchristopherPtam legaltreecealfreymuscatcriminaljeffrey reimertheftremote connectschroeder dennis
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Win.Packed.Rrat-9798963-0 Win.Dropper.LimeRAT-9776087-0 Malware Packed
Indicators of Compromise (62 / 7100 total)
All domain hostname URL FileHash-SHA256 email FileHash-MD5 FileHash-SHA1 SSLCertFingerprint
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 019d38796701b5d0c8e65c759aaa4e35 2025-11-07
FileHash-MD5 15d9f621c3bd1599f0169dcf0bd5e63e MD5 of f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615 2025-11-07
FileHash-MD5 28ec1eee5f4049e3c4f2135069c1d2c8 MD5 of edc48cd3b0bc4fa7ba23aad40b8508a17d370ca38be174bae2a2f64634e65a2b 2025-11-07
FileHash-MD5 3b3fc826e58fc554108e4a651c9c7848 MD5 of e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb 2025-11-07
FileHash-MD5 6823120876c9afc8929418c9a6f8e343 MD5 of b65b3de1bc923b9355248a0d941a0eaee15dfb9a6b8eadb51323a8df6189dcd1 2025-11-07
FileHash-MD5 826eb77e86b02ab7724fe3d0141ff87c MD5 of cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf 2025-11-07
FileHash-MD5 9ffeb32e2d9efbf8f70caabded242267 MD5 of 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89 2025-11-07
FileHash-MD5 e27391ffa5b7b7646a497ede69b554e2 MD5 of 700c8bd73d93522ca53cdc35e2a71e96caf7c344bc7a8391f3af90c10b917033 2025-11-07
FileHash-MD5 f17eeb653405c3278c9663506eaa1884 MD5 of 5e1a3fc0ee5a71ce8585a3464a579461e0dc853ce9073beb88297babe8d2b701 2025-11-07
FileHash-MD5 f5cfb6c2b6ea2e7cc2dc8c0bb440b1aa MD5 of c82563161d3c596769740490ad2ebbd38b12b502a2e86509cb8f906bfd81c111 2025-11-07
FileHash-MD5 492f2c1a7ea7eb83fe42e0ff7cb51aa2 MD5 of e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789 2025-11-07
FileHash-MD5 ad4b0f606e0f8465bc4c4c170b37e1a3 MD5 of cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda 2025-11-07
FileHash-MD5 b976b651932bfd25b9ddb5b7693d88a7 MD5 of 4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3 2025-11-07
FileHash-MD5 94244780c46e9adc451c40315fec66df 2025-11-07
FileHash-MD5 0ebc87b2c524ea28fa63202886560ec6 MD5 of dc0d5518dddd71e9962751c6c31450f3b7f205f90c171b91c7f78b46ee4b3615 2025-11-07
FileHash-MD5 2134bd73149e88f821a020d9b117435b MD5 of 81c8e0463deec1d6672da5d01960ee206fbe653a1aa0b3dc5f6bccc5f79f81ab 2025-11-07
FileHash-MD5 766680ef18a3fe34dc20c74f87a02b74 MD5 of aa55dd3fc83348ba711ef70b44d72b0612ceb98eb0c08ac3e8bd1f1fa514f317 2025-11-07
FileHash-MD5 868fdbead1b6905a83e9faecc490f782 MD5 of f2a642fa13d8efc04017ec1a74da4c05f16764ed5ac95e571b48da833e4ccbc5 2025-11-07
FileHash-MD5 df24f3d0046777683147afd71b907769 MD5 of 10125abcc2f47c275ec2c41905faca390c70a6008e444919d72d011f3856d4d9 2025-11-07
FileHash-MD5 0d89d0ca5678dcf9a59ad1a0482321cc 2025-11-07
FileHash-MD5 0eb7531b9c0414f1530f0d5a70f51c50 2025-11-07
FileHash-MD5 0f5fab84c6f4b1cedb03a507fe7b1651 2025-11-07
FileHash-MD5 222f8e7bf41f597c5153944e1b3e517d 2025-11-07
FileHash-MD5 27fa5f8f1097f766186ace2c247bc22e 2025-11-07
FileHash-MD5 37c0de3d36dd6bee92e3ec5efbf65b26 2025-11-07
FileHash-MD5 38313abf1742efccc313f5be6ad20bb6 2025-11-07
FileHash-MD5 3c0e6546a44bd9a0f2768df07db5c1c9 2025-11-07
FileHash-MD5 4324ea9615a6c5471d8a556fa19cfcd5 2025-11-07
FileHash-MD5 4eca9cde8ff1c29464069cafa5c1f9df 2025-11-07
FileHash-MD5 508bec6cc57c4c5afa27c600b869bf39 2025-11-07
FileHash-MD5 5a34cb996293fde2cb7a4ac89587393a MD5 of 3c96c993500690d1a77873cd62bc639b3a10653f 2025-11-07
FileHash-MD5 5b4d6b49ca14e39f84e04373e8e09990 2025-11-07
FileHash-MD5 5ea9a5132c9262ba6e8355be6c047658 2025-11-07
FileHash-MD5 6188befef10dd799c12c766cfb62453c 2025-11-07
FileHash-MD5 665c2e9202e00eb0770eba9b63ba5306 2025-11-07
FileHash-MD5 690e251c4e2844f3ba00958e320ace24 2025-11-07
FileHash-MD5 6aff88959ad0aa0e6062c4e5ab10b07c 2025-11-07
FileHash-MD5 6ba1606aa6b83f362eb162ca26c1c95c 2025-11-07
FileHash-MD5 6cdf362b0757f1f8d1f36ac6ee15355a 2025-11-07
FileHash-MD5 6f71106c7a6d664e95df0b3381ab7a53 2025-11-07
FileHash-MD5 6f72678f747bcd32bc6375a675c4a348 2025-11-07
FileHash-MD5 7196fbc26382d30e7c1c6c373398246d 2025-11-07
FileHash-MD5 7f81e8215ceb31f8581d307762a0b465 2025-11-07
FileHash-MD5 7f96719260b19e03820c2370f5794ab6 2025-11-07
FileHash-MD5 9115ecb4a395af7649df756979ee5551 2025-11-07
FileHash-MD5 9a424646e7ed28a897b6e25e028240b1 2025-11-07
FileHash-MD5 9ed70fdddcd779efb97f28c3a9ee4102 2025-11-07
FileHash-MD5 9fa7e965ff954bc5a26a3d77a9e35bf9 2025-11-07
FileHash-MD5 a06b3af98203ddc303997e0e0caaff83 2025-11-07
FileHash-MD5 b976cae9f7c1dfdb455d2c40b26abb72 2025-11-07
FileHash-MD5 bdb4a266bbedf7c93d026079d5b1907b 2025-11-07
FileHash-MD5 c235b6d8d5471a0453d7984b60ad5996 2025-11-07
FileHash-MD5 ca2be7699b36cdb54806c8f512492520 2025-11-07
FileHash-MD5 d68d6bf519169d86e155bad0bed833f8 2025-11-07
FileHash-MD5 d74e3a96953a61a9215383e3447cb520 2025-11-07
FileHash-MD5 d85c69973f837b1b82ab080e9f86558b 2025-11-07
FileHash-MD5 d9a614d3a6609e73accb32a9159c3537 2025-11-07
FileHash-MD5 e0ec06d4b8e27743ecc69d499ed5838c 2025-11-07
FileHash-MD5 e50e8535adecdee611a31e0af21ac1d9 2025-11-07
FileHash-MD5 e71a8e6d28f74157461aa255f3205cfb 2025-11-07
FileHash-MD5 f1fc6bdd55cf32842b0cdec430960add 2025-11-07
FileHash-MD5 fad6fdf9e9ee63cc2e1a600a908213e0 2025-11-07
References (33)
↗ Domain Name: schroederdennis.de | Status: connect ↗ remote.tecbuddy.de | remote.schneider-hv.de | remotedesktop.thedipling ↗ root-dns.netcup ↗ device-*******-*****-****-****-*********.remotewd.com ↗ ai-sandboxes.com ↗ Why Is this always a problem? Just curious. - http://wyblog.us/blog/rants/strikers-get-unemployment-benefits ↗ $ is funneled back to government, (quasi) , bonused ‘doctors’ State ‘experts’ who… ↗ …lie about the severity of injuries and do crap like this. ↗ This money belongs to people who paid insurance to cover on job injuries that happen in the job. ↗ Premise liability covers premises, employees and premises visitors. Weaponizing is not covered. ↗ Those attacked are the severely injured, survivors of dead workers, victims of providers. ↗ These people aren’t in the dark. They are clear of the need to pay benefits. ↗ There are absolute losers in the dole illegally benefiting from the suffering others. ↗ https://hybrid-analysis.com/sample/00f5292bbe68d9edc68f9a22a750eafb58e4f8474e15a48e3cc217fbbd0cdef9/690e24bb39c801e6d80a824e ↗ • http://demo.ideaboxthemes.com/prism ↗ https://photoprism.thedipling.dns64.de/ • synertec-audit-cloud.healthchecks.prismcloud.uk ↗ photoprism.thedipling.dns64.de • https://schroederdennis.de/wp-content/plugins/highlighting-code-block/assets/js/prism.js?ver=2.0.1 ↗ "OC47TWOY.txt" has type "ASCII text"- [targetUID: N/A] "spyglass-w_1_.png" has type "Unknown"- [targetUID: N/A] ↗ "spyglass-w_1_.png" has type "Unknown" and extension "png" "clock-g_1_.png" has type "Unknown" and extension "png" ↗ Domain healthcareshapers.com • https://www.healthcareshapers.com/ ↗ www.ventoxhealthcare.in • synertec-audit-cloud.healthchecks.prismcloud.uk ↗ https://cullenbehavioralhealth.theraplatform.com/ • amghealthnetwork.com ↗ 3ddruck-celle.de ↗ wwwwww.publicpublicwww.portal.apple-apple-number3.ipv64.net ↗ sonarr.app.pineapplegod.co.nz ↗ http://svc.ghlink.com/svc/Authenticate/Applications ↗ https://sap.dswd.gov.ph.index.ph • login.prod.siecm.gov.mg • nre-362.dev.nre.gss.gov.uk ↗ sdp-dev-ingest.ci.lineageandprovenance.gss.gov.uk ↗ http://www.xonitec.com/pornosu/yuotubesex.html ↗ rowanandbenporn.ssssssssssssshadow.home64.de ↗ https://pagead2.googlesyndication.com/pagead/ads?ltd_cs=1&client=ca-pub-6165363645315831&output=html&adk=1812271804&adf=3025194257&lmt=1713778114&plat=3%3A16%2C4%3A16%2C8%3A4194304%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fschroederdennis.de%2Fubiquiti%2Fubiquiti-unifi-u6-plus-vs-u6-lite-vergleich-access-point-wifi%2F&pra=5&wgl=1&easpi=0&asro=0&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNC4wLjYzNjcuNjAiLG51bGwsMCx ↗ https://urlscan.io/result/019a5fbd-e7c6-743a-b9a7-a20e8b2943cd/ ↗ https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png