Pulse Detail — Threat Intelligence

PULSE NAME

EbeeDec2025 Pt5

WHITE WARP PANDA, UNG0801, Warlock, DPRK Operation, Webrat, Docusign-themed phishing IMEBEEIMFINE 2025-12-24 Modified: 2026-01-23

760

IOCs

HIGH VOLUME

↓ CSV ↓ JSON

Multiple APT/threat actors, Malware and Campaigns

Indicators of Compromise (86 / 760 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 CVE URL domain email hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	http://110.172.104.95:8000/api/download/windows-tools/amd64	—	2025-12-24
URL	http://118.107.43.131:18852	—	2025-12-24
URL	http://173.249.8.102	—	2025-12-24
URL	http://173.249.8.102/	—	2025-12-24
URL	http://176.65.132.123/file_cache.exe	—	2025-12-24
URL	http://193.24.123.68:3001/gfdsgsdfhfsd_ghsfdgsfdgsdfg.sh	—	2025-12-24
URL	http://193.24.123.68:3001/gfdsgsdfhfsd_ghsfdgsfdgsdfg.sh'	—	2025-12-24
URL	http://193.34.213.150/nuts/bolts	—	2025-12-24
URL	http://193.34.213.150/nuts/x86	—	2025-12-24
URL	http://200.4.115.1/promocionao.php	—	2025-12-24
URL	http://2fe55007.xyz/pinner/tdupdatex.dat	—	2025-12-24
URL	http://31.56.27.76/n2/x86	—	2025-12-24
URL	http://31.56.27.97/scripts/4thepool_miner.sh	—	2025-12-24
URL	http://41.231.37.153/rondo.aqu.sh	—	2025-12-24
URL	http://41.231.37.153/rondo.arc700	—	2025-12-24
URL	http://41.231.37.153/rondo.armeb	—	2025-12-24
URL	http://41.231.37.153/rondo.armebhf	—	2025-12-24
URL	http://41.231.37.153/rondo.armv4l	—	2025-12-24
URL	http://41.231.37.153/rondo.armv5l	—	2025-12-24
URL	http://41.231.37.153/rondo.armv6l	—	2025-12-24
URL	http://41.231.37.153/rondo.armv7l	—	2025-12-24
URL	http://41.231.37.153/rondo.i486	—	2025-12-24
URL	http://41.231.37.153/rondo.i586	—	2025-12-24
URL	http://41.231.37.153/rondo.i686	—	2025-12-24
URL	http://41.231.37.153/rondo.m68k	—	2025-12-24
URL	http://41.231.37.153/rondo.mips	—	2025-12-24
URL	http://41.231.37.153/rondo.mipsel	—	2025-12-24
URL	http://41.231.37.153/rondo.powerpc	—	2025-12-24
URL	http://41.231.37.153/rondo.powerpc-440fp	—	2025-12-24
URL	http://41.231.37.153/rondo.sh4	—	2025-12-24
URL	http://41.231.37.153/rondo.sparc	—	2025-12-24
URL	http://41.231.37.153/rondo.x86_64	—	2025-12-24
URL	http://51.81.104.115/nuts/bolts	—	2025-12-24
URL	http://51.81.104.115/nuts/x86	—	2025-12-24
URL	http://51.91.77.94:13339/termite/51.91.77.94:13337	—	2025-12-24
URL	http://59.7.217.245:7070/app2	—	2025-12-24
URL	http://59.7.217.245:7070/c.sh	—	2025-12-24
URL	http://67.217.57.240:5656	—	2025-12-24
URL	http://67.217.57.240:5656/domains	—	2025-12-24
URL	http://67.217.57.240:5656/health	—	2025-12-24
URL	http://67.217.57.240:5656/result	—	2025-12-24
URL	http://67.217.57.240:5656/stats	—	2025-12-24
URL	http://67.217.57.240:666	—	2025-12-24
URL	http://67.217.57.240:666/files/*	—	2025-12-24
URL	http://67.217.57.240:666/files/proxy.sh	—	2025-12-24
URL	http://67.217.57.240:666/files/react.py	—	2025-12-24
URL	http://67.217.57.240:888	—	2025-12-24
URL	http://68.142.129.4:8277/download/c.sh	—	2025-12-24
URL	http://89.144.31.18/nuts/bolts	—	2025-12-24
URL	http://89.144.31.18/nuts/x86	—	2025-12-24
URL	http://91.215.85.42	—	2025-12-24
URL	http://91.215.85.42:3000	—	2025-12-24
URL	http://91.215.85.42:3000/	—	2025-12-24
URL	http://91.215.85.42:3000/crypto/keys	—	2025-12-24
URL	http://cdn2-download.store/download/mango.html	—	2025-12-24
URL	http://cdn2-download.store/download/teams.html	—	2025-12-24
URL	http://download.store/download/mango.html	—	2025-12-24
URL	http://eab6ff48.stream/update/af17818.tmp	—	2025-12-24
URL	http://ezc5510min.temp.swtest.ru	—	2025-12-24
URL	http://gfxnick.emerald.usbx.me/bot	—	2025-12-24
URL	http://grabify.link/SEFKGU	—	2025-12-24
URL	http://meomeoli.mooo.com:8820/CLoadPXP/lix.exe?pass=PXPa9682775lckbitXPRopGIXPIL	—	2025-12-24
URL	http://pmidpils.com/yhb.jpg	—	2025-12-24
URL	http://proxy-sdk.14emeliaterracewestroxburyma02132.su:443	—	2025-12-24
URL	http://sdk-bright.14emeliaterracewestroxburyma02132.su:443	—	2025-12-24
URL	http://shopsleta.ru	—	2025-12-24
URL	http://ssl2.space/donw/qieqie.html	—	2025-12-24
URL	http://ssl3.space/click.php?suffix=mango.	—	2025-12-24
URL	http://ssl3.space/details.php?suffix=[NAME]	—	2025-12-24
URL	http://track.trust-text.com/index.php/campaigns/xo229otmwcfc8/track-url/ce474wg53d927/c029686d838a3ad3d65826c7e7bddcf3b6e32062There	—	2025-12-24
URL	http://www.christmasscheercash.com/?id=5FfbxodhySi_D1TNJ-PpNRzZGFRGN7K_peJxXJjmuIA.&subId=ce474wg53d927Hxxps://go.thepersonalfinanceguide.com/https://webr-db.global.ssl.fastly.net/qi/exc.htmlSender	—	2025-12-24
URL	https://api.hellknight.xyz/js	—	2025-12-24
URL	https://canvthis.com/en/	—	2025-12-24
URL	https://crsvbuxfoovzy.privatedns.org/t/tga.adr	—	2025-12-24
URL	https://diadelosmuertos.events/voltarenhomeveh.exe	—	2025-12-24
URL	https://fast-eda.my/dostavka/lavka/kategorii/zakuski/sushi/sety/skidki/regiony/msk/birylievo	d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090	2025-12-24
URL	https://grabify.link/SEFKGU	—	2025-12-24
URL	https://grabify.link/SEFKGU?dry87932wydes/fdsgdsfdsjfkl	—	2025-12-24
URL	https://hubspot-campaigns.com/login.	—	2025-12-24
URL	https://hubspot-campaigns.com/login/	—	2025-12-24
URL	https://py-installer.cc/	—	2025-12-24
URL	https://ruzeda.com/blogs/drafts/publish/schedule/seosso/login/mfa/verify/token/refresh/ips/blocklist/whitelist	—	2025-12-24
URL	https://titanarmyrary.today/uploads/2025/10/pe/gpu_optimyzer.exe	9677aa447b5a875e5d725c312eafd06efc0efd5eeab17e416afee77207335909	2025-12-24
URL	https://www.akjys.top/	—	2025-12-24
URL	https://www.diadelosmuertos.events/formInterstice.exe	—	2025-12-24
URL	https://zkcall.net/download	—	2025-12-24

References (1)

↗ Book2.csv