← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Attack on *stan: Your malware, my C2
WHITE celestre 2026-01-28 Modified: 2026-02-27
19
IOCs
MEDIUM VOLUME
While hunting for C2 infrastructure on Censys, we uncovered a suspected state-affiliated cluster targeting Kazakh and Afghan entities in a persistent campaign, with C2 servers active at the time of writing (20th Jan 2026) that have been operating unreported since at least August 2022.
kazakratrun keyvirustotalkazakhkazakhstanvariant bkazakrat c2permalink foundhttp postvariant caugustxploitspymetadownloadpythonenumerateandroid
Indicators of Compromise (19)
All FileHash-MD5 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 3e9a8d405f75d0ed8fc674bfaad1f87f 2026-01-28
FileHash-MD5 687442da7be02a2a72c36a9a1dbe9b97 2026-01-28
FileHash-MD5 70e6e936c54f968d92ee38806661a539 2026-01-28
FileHash-MD5 76a7822a243f338bf3c5bc5c53997c12 2026-01-28
FileHash-MD5 7aa12bf3606e1a74597be4237ce4a6e5 2026-01-28
FileHash-MD5 86d884956a0cab7f536b3b98edea0454 2026-01-28
FileHash-MD5 87343a65550b4f7a336b892cc9188e82 2026-01-28
FileHash-MD5 9b852f9a0fb735ca809f6895afc54dca 2026-01-28
FileHash-MD5 9f660ee1b0e68a140a629b4e8842da06 2026-01-28
FileHash-MD5 a3299674576e4210a0e78fb37a27c34f 2026-01-28
FileHash-MD5 db942ba4cf38912a07eacc9e01d56574 2026-01-28
FileHash-MD5 e36f27a13054f05da69761dc830b0db3 2026-01-28
URL http://keu.edu.kz/images/stories/NBRK/article_1109081029.doc. 2026-01-28
domain fsocmicrsoft.com 2026-01-28
hostname dns.freiesasien.com 2026-01-28
hostname dns.freisassien.com 2026-01-28
hostname dns.microbwt.team 2026-01-28
hostname dsn.mamurigovaf.site 2026-01-28
hostname server.fsocmicrsoft.com 2026-01-28
References (1)
↗ https://ctrlaltintel.com/threat%20research/KazakRAT/