← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
CNCERT: Risk Warning Regarding the "Black Cat" Gang's Use of Search Engines to Spread Counterfeit Notepad++ Download Remote Control Backdoors
WHITE Black Cat PetrP.73 2026-01-11 Modified: 2026-02-10
43
IOCs
MEDIUM VOLUME
The CNCERT has issued a risk warning concerning the "Black Cat" cybercriminal gang, known for distributing a counterfeit version of Notepad++ that contains remote control backdoors. This tactic involves leveraging search engine optimization to propagate the malicious software effectively, making it more likely that users will unknowingly download the compromised application from affected sites. The Black Cat gang has been associated with various cyber attacks and has adopted increasingly sophisticated methods to entrench their efforts in the cyber threat landscape. Their current operation targets unsuspecting users searching for the legitimate Notepad++ application, impersonating it to deliver malware. This strategy not only exploits user trust but also utilizes search engines to increase the visibility of their malicious downloads.
iocs phishingc2 address
Indicators of Compromise (43)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 2421472c0f4b34e60dd38e20a4771cb5 MD5 of b94c54290015ed751c84d0a9bfa6e63481c72c0d7528b4b65a2816f72ea5c994 2026-01-11
FileHash-SHA1 eac4b3801e292f75bf92c4002ba1919f71e4636b SHA1 of b94c54290015ed751c84d0a9bfa6e63481c72c0d7528b4b65a2816f72ea5c994 2026-01-11
FileHash-SHA256 087ce894e139f281bd9ebd4b78d4451e458357cef38807e5b4b98ef3ba2fd35c 2026-01-11
FileHash-SHA256 267f5bcedb5b1ebaa855b9b041351892868d0b4a9153517178ef02a55a6f17bd 2026-01-11
FileHash-SHA256 3fe9868b56cfbb4de67f65afece0ac95a16267e44d2f555c25263fd641ed7374 2026-01-11
FileHash-SHA256 46c9e9e2003f92ea1aa06984b02d4827deae71631c5ecf2bed5e4f7f8d5d16c8 2026-01-11
FileHash-SHA256 8c6e135ea743c82d6f36facd293f5ddc01973ab0c5c52f42ed70e2885e838c4c 2026-01-11
FileHash-SHA256 9868a6e020f35b8e55f6e2366feea72e617648ab7ebad1972d093642f3058f70 2026-01-11
FileHash-SHA256 aa8e535d8576f0471a98865eb44e5e5ae3c3a279f15807e9a8317adb80bf8c9d 2026-01-11
FileHash-SHA256 b0fcdb33e486ddbc0553f201cf6b9255ec22a12cb85dc9d12ebceb9c7308e51d 2026-01-11
FileHash-SHA256 b94c54290015ed751c84d0a9bfa6e63481c72c0d7528b4b65a2816f72ea5c994 2026-01-11
FileHash-SHA256 c4c1b6d2608b9dd09cddc2f4a040043c590301d3b6ce9bf479c4803b1f679bd5 2026-01-11
URL http://137.220.252.82:2869 2026-01-11
URL http://154.213.190.46:2869 2026-01-11
URL http://206.119.64.108:2869 2026-01-11
URL http://223.26.63.103:2869 2026-01-11
URL http://27.50.54.144:2869 2026-01-11
URL http://27.50.63.118:2869 2026-01-11
URL http://38.55.16.61:2869 2026-01-11
domain alonesad.com 2026-01-11
domain cdn-ccdown.com 2026-01-11
domain clash.ac.cn 2026-01-11
domain clash.net.cn 2026-01-11
domain clashforwindows.org.cn 2026-01-11
domain cn-notepadplusplus.com 2026-01-11
domain duooi.com 2026-01-11
domain golomee.com 2026-01-11
domain hiluxo.com 2026-01-11
domain jiaweo.com 2026-01-11
domain jokewick.com 2026-01-11
domain jouloi.com 2026-01-11
domain kimhate.com 2026-01-11
domain lovemeb.com 2026-01-11
domain notepadplusplus.cn 2026-01-11
domain olabb.com 2026-01-11
domain sadliu.com 2026-01-11
domain sbido.com 2026-01-11
domain taokur.com 2026-01-11
domain theaigaming.com 2026-01-11
domain titamic.com 2026-01-11
domain vlumu.com 2026-01-11
domain zh-clash.com 2026-01-11
hostname github.zh-cns.top 2026-01-11
References (1)
↗ https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247515424&idx=2&sn=d07dc41546fd6db93f14582cea697821&poc_token=HDIDZGmj4dbcrcET2JZHaOhLkeLErnUQKzSGQ4gq