← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Malware.B98AC422 Script/Sabsik.EN.A!ml
WHITE FS13JKMK 2026-01-19 Modified: 2026-02-19
78
IOCs
HIGH VOLUME
A Malware emails campaign targeted the users. 0.0 % of the emails that were seen in this attack across Office365 customer base were targeted at the organisation. All domains from same sender IP address 216.131.77.250.
malwareattachmentScript/Sabsik.EN.A!mltrojanzmutzysusparsnakelocker
Indicators of Compromise (78)
All domain FileHash-SHA256 hostname URL
TYPEINDICATORDESCRIPTIONCREATED
domain joysonsafety.com Sender: svetlana.grossmann@joysonsafety.com Subject: Unpaid mold fee Attachment: Invoice3144460 - Unpaid mold fee.rar 2026-01-19
domain deepoceanmarine.com Sender: info@deepoceanmarine.com Subject: AB - 3167349 - 15.12.2025D HOT KBB9083 Attachment: AB - 3167349 - 15.12.2025D HOT KBB9083.gz 2026-01-19
domain kusgrp.com Sender: info@kusgrp.com Subject: RE: Enquiry / QUOTATION REF NO: AH0409231 Attachment: Enquiry QUOTATION REF NO AH0409231.zip (- / Script/Sabsik.EN.A!ml) 2026-01-19
FileHash-SHA256 ec165353cb99489f5a010c214ef4225669eb16f25980add8ff0996765172c051 Malware family: Script/Sabsik.EN.A!ml 2026-01-19
FileHash-SHA256 ed8cac40cf7a625eb407ffd85fd4f6831475839cde90423395df33fca810f24f trojan.zmutzy/suspar 2026-01-19
FileHash-SHA256 a06b884bdb4cd3cddafb050d16d7bb98ae91c18e72f325e2c4e17569ce5d99f8 Trojan. 2026-01-19
domain lalsgroup.com Sender address: lgfmcg.sales3@lalsgroup.com Subject: Purchase Order 78534-SDQ90 Malware Family: Win32/Egairtigado!rfn 2026-01-20
hostname daiso.lalsgroup.com 2026-01-20
hostname fmsupport1.lalsgroup.com 2026-01-20
hostname homesrus.lalsgroup.com 2026-01-20
hostname itsupport1.lalsgroup.com 2026-01-20
URL http://daiso.lalsgroup.com 2026-01-20
URL http://fmsupport1.lalsgroup.com 2026-01-20
URL http://homesrus.lalsgroup.com 2026-01-20
URL http://itsupport1.lalsgroup.com 2026-01-20
URL http://www.lalsgroup.com/ 2026-01-20
URL http://www.lalsgroup.com/Career/Vacancies.aspx 2026-01-20
URL http://www.lalsgroup.com/Web-Directory.asp 2026-01-20
URL http://www.lalsgroup.com/brands/details.aspx?id=5 2026-01-20
URL http://www.lalsgroup.com/brands/details.aspx?id=50 2026-01-20
URL http://www.lalsgroup.com/brands/details.aspx?id=71 2026-01-20
URL http://www.lalsgroup.com/brands/details.aspx?id=73 2026-01-20
URL https://daiso.lalsgroup.com 2026-01-20
URL https://fmsupport1.lalsgroup.com 2026-01-20
URL https://homesrus.lalsgroup.com 2026-01-20
URL https://itsupport1.lalsgroup.com 2026-01-20
URL https://www.lalsgroup.com/ 2026-01-20
URL https://www.lalsgroup.com/our-divisions/division-fmcg/brand-lg-fmcg/ 2026-01-20
domain joysonsafety.com 2026-01-20
hostname campfire.joysonsafety.com 2026-01-20
hostname careers.joysonsafety.com 2026-01-20
hostname devzip.lms.vps.as.joysonsafety.com 2026-01-20
hostname euportal.joysonsafety.com 2026-01-20
hostname euportaltest.joysonsafety.com 2026-01-20
hostname internal.test.vps.as.joysonsafety.com 2026-01-20
hostname jpportal.joysonsafety.com 2026-01-20
hostname krscp.joysonsafety.com 2026-01-20
hostname portal.joysonsafety.com 2026-01-20
hostname saportal.joysonsafety.com 2026-01-20
hostname share.joysonsafety.com 2026-01-20
hostname supplier.joysonsafety.com 2026-01-20
hostname vps.as.joysonsafety.com 2026-01-20
URL http://joysonsafety.com/about-us/ 2026-01-20
URL http://s201uem01.corp.joysonsafety.com/SMS_DP_SMSPKG$/ST100002/i386/vcredist_x86.exe 2026-01-20
URL http://s201uem01.corp.joysonsafety.com/SMS_DP_SMSPKG$/ST100002/x64/vcredist_x64.exe 2026-01-20
URL http://sip.na.joysonsafety.com/ 2026-01-20
URL http://vps.as.joysonsafety.com 2026-01-20
URL http://www.tooling.eu.joysonsafety.com/en/contact/ 2026-01-20
URL https://am-nc.joysonsafety.com/index.php/s/BLbcdYPKTt35N3x 2026-01-20
URL https://am-nc.joysonsafety.com/index.php/s/H9QwieypAetafzm 2026-01-20
URL https://childseat.joysonsafety.com/ 2026-01-20
URL https://childseat.joysonsafety.com/module/wp-content/uploads/beans.pdf 2026-01-20
URL https://childseat.joysonsafety.com/module/wp-content/uploads/takata04-system3.pdf 2026-01-20
URL https://eutooling.joysonsafety.com/media/jss_tooling_portfolio_gb.pdf 2026-01-20
URL https://joysonsafety.com/about-us/ 2026-01-20
URL https://saportal.joysonsafety.com/dana-na/auth/url_default/welcome.cgi 2026-01-20
URL https://vps.as.joysonsafety.com 2026-01-20
URL https://vps.as.joysonsafety.com/Es3$B 2026-01-20
URL https://www.joysonsafety.com/ 2026-01-20
URL https://www.joysonsafety.com/about-us/ 2026-01-20
URL https://campfire.joysonsafety.com/uix 2026-01-20
hostname www.supplier.takata.com 2026-01-20
hostname internal.vps.as.joysonsafety.com 2026-01-20
hostname lms.vps.as.joysonsafety.com 2026-01-20
hostname test.vps.as.joysonsafety.com 2026-01-20
hostname ver.lms.vps.as.joysonsafety.com 2026-01-20
domain deepoceanmarine.com 2026-01-20
URL http://www.deepoceanmarine.com/ 2026-01-20
domain kusgrp.com 2026-01-20
hostname cpcalendars.kusgrp.com 2026-01-20
hostname cpcontacts.kusgrp.com 2026-01-20
hostname ebrochure-ph.kusgrp.com 2026-01-20
hostname sphere.kusgrp.com 2026-01-20
hostname spheretest.kusgrp.com 2026-01-20
URL http://www.kusgrp.com/ 2026-01-20
URL https://kusgrp.com/metal-works/product/aluminium-railing/ 2026-01-20
URL https://kusgrp.com/precast/product/road-barrier/ 2026-01-20
URL https://www.kusgrp.com/ 2026-01-20
References (5)
↗ https://www.virustotal.com/gui/file/ec165353cb99489f5a010c214ef4225669eb16f25980add8ff0996765172c051 ↗ https://www.virustotal.com/gui/file/a06b884bdb4cd3cddafb050d16d7bb98ae91c18e72f325e2c4e17569ce5d99f8 ↗ https://www.virustotal.com/gui/file/ed8cac40cf7a625eb407ffd85fd4f6831475839cde90423395df33fca810f24f ↗ https://www.virustotal.com/gui/file/0a09e633a3a1b21b0b2d0d6de983774b97112e40b999527d07afab73b7c8ce1c ↗ https://www.virustotal.com/gui/ip-address/216.131.77.250