← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OTX Linux Mirai • DoS Linux Elknot attacking OTX account. Why?
WHITE Q.Vashti 2026-01-08 Modified: 2026-02-07
55
IOCs
HIGH VOLUME
For maybe obvious reasons, my account along with a few others have been affected/ attacked. It’s crazy unfortunate that the truth is attacked so vehemently. I hope this is an outside attack? Please stop my pulses from disappearing.
unitedflagwindiropenurl cprefetch2analysistor analysisdns requestsdomain addressportdestinationshowcontactedyara detectionsrelatedrelated tagssuspiciousfile typetelfhashvirustotal apicommentsvendor findingnotes clamavpulse pulsespassive dnsurlsfilesrelated pulseslevelblue labsresources whois
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Trojan.Gafgyt-6981160-0
Indicators of Compromise (55)
All URL FileHash-SHA256 domain hostname FileHash-MD5 FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
URL http://otx.alienvault.com/user/q.vashti/pulses 2026-01-08
URL http://3.162.3.59:80 2026-01-08
URL http://otx.alienvault.com/user/Q.Vashti/pulses 2026-01-08
URL http://otx.alienvault.com/user/Q.Vashti 2026-01-08
FileHash-SHA256 b72abe2dfa3c4019baf0bace534a3fb3cb28484fa94ffe9b848ab162f1a44ef7 SHA256 of 2a537b3aa7898985925aca948edb097a 2026-01-08
domain bold.org 2026-01-08
hostname www.teaandcoffeesolution.co.in 2026-01-08
FileHash-MD5 204fc8122a615e2277aa67c773c7e402 MD5 of 1370cd366ee9416be373f418820d3e2704abcc9527a974208cab3219787760e9 2026-01-08
FileHash-MD5 2a537b3aa7898985925aca948edb097a MD5 of b72abe2dfa3c4019baf0bace534a3fb3cb28484fa94ffe9b848ab162f1a44ef7 2026-01-08
FileHash-MD5 6239f2e71f10cd12e76d21ae0b48e002 MD5 of 558bd774a1461a64019e23e100df34d69ae15f42e4d673aa4b48ee22d5d7385e 2026-01-08
FileHash-MD5 67f4b14b8a0b5329791db74d19eb5d03 MD5 of 6699bdf0aff508eecdc088962b2a45cbc667edfc9dd128756f41317ac94881db 2026-01-08
FileHash-MD5 74af48f6b6747cc048e12c855f84e2c2 MD5 of cdccbd2073b03ec48fbd617735dc5ee3ec3bcc3bfd3724ad8103d615ee73f07b 2026-01-08
FileHash-MD5 876050e3a3d8a50d74042d1132d36a9e MD5 of b61f5242c7d7002aaad1a7f943dbc0c39a23df712d48063d7b687a6da9785fb4 2026-01-08
FileHash-MD5 939cbaef594e891653ae7d6535b30265 MD5 of 6bbf64ca6c4f5a8ce0ba478ab2942a31214f26d61a9f841e247cc01f71e8601e 2026-01-08
FileHash-MD5 9f8335427b16ec7f93a885d0a71bcafd MD5 of ff6231ba5d36d3ffab6e8ba6e54cf51caa35b33a9e505a6fbadbd6532f233cac 2026-01-08
FileHash-MD5 c667d697dfc870f88876afa2bef16765 MD5 of f4a60cf0ca9bb1177055a1a8623444b30e1114deee38987740dd7638ccfc2437 2026-01-08
FileHash-MD5 e698cb8c72063ef7a1e1f1a5811ef74b MD5 of a7131e08433bb8e599a8ee40657c941151c082257ecd1119dfb4823f473edbd9 2026-01-08
FileHash-MD5 f14a342ab600f05024bbadf62c204a22 MD5 of 8d790cf19f2ad153acce2de91fc9c8c13ee5a8d01ab6d770dd5e5de702c6342a 2026-01-08
FileHash-SHA1 28dd4dded1a96f2f08acad90ced2eee76c3c1359 SHA1 of 6bbf64ca6c4f5a8ce0ba478ab2942a31214f26d61a9f841e247cc01f71e8601e 2026-01-08
FileHash-SHA1 31187a95cd24f9394bc5f63af5fb595edb51f188 SHA1 of 6699bdf0aff508eecdc088962b2a45cbc667edfc9dd128756f41317ac94881db 2026-01-08
FileHash-SHA1 38054c838352f74adbf2d4074010463ac504bb10 SHA1 of 2a537b3aa7898985925aca948edb097a 2026-01-08
FileHash-SHA1 421bd2b797b8d55f9410452db60f9c66f1204ad1 SHA1 of 1370cd366ee9416be373f418820d3e2704abcc9527a974208cab3219787760e9 2026-01-08
FileHash-SHA1 8a74db16812704215267dd229d4b32b9f0bdc790 SHA1 of cdccbd2073b03ec48fbd617735dc5ee3ec3bcc3bfd3724ad8103d615ee73f07b 2026-01-08
FileHash-SHA1 924dc0704c9696ccdea5692ded8d94af43eb5c26 SHA1 of b61f5242c7d7002aaad1a7f943dbc0c39a23df712d48063d7b687a6da9785fb4 2026-01-08
FileHash-SHA1 a1fa2b6ea7cde87b2289daa130f14218c1931733 SHA1 of 8d790cf19f2ad153acce2de91fc9c8c13ee5a8d01ab6d770dd5e5de702c6342a 2026-01-08
FileHash-SHA1 a97509be46b19559b76a5f5909980fdc785a8685 SHA1 of a7131e08433bb8e599a8ee40657c941151c082257ecd1119dfb4823f473edbd9 2026-01-08
FileHash-SHA1 ae17df1f7fd6d614971beb36296073821cadcbfe SHA1 of 558bd774a1461a64019e23e100df34d69ae15f42e4d673aa4b48ee22d5d7385e 2026-01-08
FileHash-SHA1 b5dd53e109a5ad1e40eb38517bdbe766da0c2e42 SHA1 of f4a60cf0ca9bb1177055a1a8623444b30e1114deee38987740dd7638ccfc2437 2026-01-08
FileHash-SHA1 f8d376f05c92a39c648a32905fd7ff85539f96c0 SHA1 of ff6231ba5d36d3ffab6e8ba6e54cf51caa35b33a9e505a6fbadbd6532f233cac 2026-01-08
FileHash-SHA256 1370cd366ee9416be373f418820d3e2704abcc9527a974208cab3219787760e9 2026-01-08
FileHash-SHA256 558bd774a1461a64019e23e100df34d69ae15f42e4d673aa4b48ee22d5d7385e 2026-01-08
FileHash-SHA256 6699bdf0aff508eecdc088962b2a45cbc667edfc9dd128756f41317ac94881db 2026-01-08
FileHash-SHA256 6bbf64ca6c4f5a8ce0ba478ab2942a31214f26d61a9f841e247cc01f71e8601e 2026-01-08
FileHash-SHA256 8d790cf19f2ad153acce2de91fc9c8c13ee5a8d01ab6d770dd5e5de702c6342a 2026-01-08
FileHash-SHA256 a7131e08433bb8e599a8ee40657c941151c082257ecd1119dfb4823f473edbd9 2026-01-08
FileHash-SHA256 b61f5242c7d7002aaad1a7f943dbc0c39a23df712d48063d7b687a6da9785fb4 2026-01-08
FileHash-SHA256 cdccbd2073b03ec48fbd617735dc5ee3ec3bcc3bfd3724ad8103d615ee73f07b 2026-01-08
FileHash-SHA256 f4a60cf0ca9bb1177055a1a8623444b30e1114deee38987740dd7638ccfc2437 2026-01-08
FileHash-SHA256 ff6231ba5d36d3ffab6e8ba6e54cf51caa35b33a9e505a6fbadbd6532f233cac 2026-01-08
URL http://175.63.155.255 2026-01-08
domain cat-are-here.ru 2026-01-08
domain eatentales.com 2026-01-08
domain outdoorgfs.com 2026-01-08
FileHash-MD5 348cb0d031c9eb9cb415ae2c24902658 MD5 of a81eaf4b6eee53660f7b293d042b4349f3c80ccb2ed950842d996e11a4521a9f 2026-01-08
FileHash-MD5 9ed2008ff7f9b53fa35753037eb6f6ea MD5 of 9b2268f4ed4efd7a3cda8c1a6da7c4ab3b8a85a4d424528a34c69ae6722ed7bc 2026-01-08
FileHash-MD5 d2e9a3723ed447b2227044ee7a75e176 MD5 of b20aa3b5ee444b16ffe5af3897158f9dc707e53ef869a4b06ae7999b7f6f106c 2026-01-08
FileHash-MD5 ff03d9c066890831e960ba317c3ba5df MD5 of 77ebd7b8699240bb5819968d214e2a92afe7e0a2b00ac3b34990668141e83fee 2026-01-08
FileHash-SHA1 7c442c46055ecdb36b9f12b2ceb32390d0c09ad4 SHA1 of a81eaf4b6eee53660f7b293d042b4349f3c80ccb2ed950842d996e11a4521a9f 2026-01-08
FileHash-SHA1 b9004e462a1ec41f4651a084f59674d0a957b6c7 SHA1 of 77ebd7b8699240bb5819968d214e2a92afe7e0a2b00ac3b34990668141e83fee 2026-01-08
FileHash-SHA1 d84d8bce466b23939021c118a4faf369b48d5972 SHA1 of 9b2268f4ed4efd7a3cda8c1a6da7c4ab3b8a85a4d424528a34c69ae6722ed7bc 2026-01-08
FileHash-SHA1 f5f8f891d42ada708639a39a8a28e41e7aa4f288 SHA1 of b20aa3b5ee444b16ffe5af3897158f9dc707e53ef869a4b06ae7999b7f6f106c 2026-01-08
FileHash-SHA256 77ebd7b8699240bb5819968d214e2a92afe7e0a2b00ac3b34990668141e83fee 2026-01-08
FileHash-SHA256 9b2268f4ed4efd7a3cda8c1a6da7c4ab3b8a85a4d424528a34c69ae6722ed7bc 2026-01-08
FileHash-SHA256 a81eaf4b6eee53660f7b293d042b4349f3c80ccb2ed950842d996e11a4521a9f 2026-01-08
FileHash-SHA256 b20aa3b5ee444b16ffe5af3897158f9dc707e53ef869a4b06ae7999b7f6f106c 2026-01-08
References (5)
↗ otx.alienvault.com/user/q.vashti/pulses ↗ Yara Detections: BackdoorLinuxMirai , DoSLinuxElknot ↗ Domains Contacted: cat-are-here.ru ↗ Mirai • https://otx.alienvault.com/indicator/domain/cat-are-here.ru ↗ Gafgyt • https://otx.alienvault.com/indicator/file/b72abe2dfa3c4019baf0bace534a3fb3cb28484fa94ffe9b848ab162f1a44ef7