← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Device Isolation: Lumen Technologies | Palantir and ‘Boots on the Ground Operations’
WHITE Q.Vashti 2026-01-30 Modified: 2026-03-01
9592
IOCs
HIGH VOLUME
Device Isolation: Lumen Technologies (formerly CenturyLink) deployed as an admin on iOS devices. Standard factory resets may prove ineffective. Complete hardware "air-gap" or clean devices that have never touched your home network may be best option for deeply monitored targets. Summary of the Campaign: The involvement of Lumen Technologies (as an unwanted admin), Foundry (Palantir) for data mapping, and Mirai Botnet for network disruption represents a "scorched earth" approach to digital destruction. Target treated as a criminal through Cellebrite, implicates specific attackers attempted to legalize what was actually a predatory stalking campaign/s. Surveillance Overlap: The use of Lumen Technologies and Palantir, tools allows for real-time tracking of a target's physical location—explains how ‘boots on the ground’ offenders can stalk , surveillance , confront, assault and engage in various damaging attacks of specific monitored targets.
url httpsurl httptlsv1whitelistedunitedread cas15169stcaliforniaexecutiondockwritepersistencemalwareencryptactivelumen technologiesnumbererrorregexpsxa0amptokenoptoutretrievingnotfoundunknownformflashbackdoorwriteconsolewyara detectionscommand linepdb pathpe resourceinternalnamewindows commandAawsname serversurl analysispassive dnsurlsdata uploadextractionpalantirc2aerospacetrackingspywatchdogpalapa-c2communications satelliteamazonhughesneticmp trafficwashington cwashington oumoprmon jullocaldynamicapplenetworkt1057discoveryt1069t1071protocolt1105tool transfert1480guardrailst1566present janunknown nsip addressdnssecdomaindynamic dnsgovernmentpcupgermany unknownlinkdns hostingcloudnscloud dnsa domainsipv4 addtitlemetaclassserverspresent augaaaapresent seppresent novpresent julpresent maymovedcanada unknownbeginrecord valuegmt contenttypehostname addfilesascii textpattern matchhrefmitre attck idck matrixnetwork trafficet infogeneralpathclicklearncommandname tacticssuspiciousinformativeadversariesinput urldefense evasionfranceirelandnetherlandsdenmarkunited kingdomtype indicatorrole titleadded activesavviscenturylinktechnologyhybrid analysismonitoring toolsmonitored targettriangulationwormintelms windowspe32write cdelete cshowrussia as47764unixlsan joseodigicert incmarkusurl addhttprelated nidsfiles locationrussia flagrussia hostnamerussiarussia unknownhostingfederation flagbodygmt varyaccept encodinggmt cachecertificatepulse submitunknown aaaasearchentriesscript domainsscript urlspdx cf
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Trojan.Tofsee/Botx ALF:JASYP:Trojan:Win32/IRCbot!atmn PWS:Win32/Axespec.A Worm:Win32/Lightmoon.H
Indicators of Compromise (59 / 9592 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname URL SSLCertFingerprint email CVE
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 d2cf4ad96bc91113fd47d73a952b6f2af5a34b76 2026-01-30
FileHash-SHA1 081afb52577f6f3bb044fdea6d34a632c3cce7e8 SHA1 of 5ef26b5e47e6951f43ecf2b1fc645222 2026-01-30
FileHash-SHA1 0f3c4ff28f354aede202d54e9d1c5529a3bf87d8 SHA1 of db06c3534964e3fc79d2763144ba53742d7fa250ca336f4a0fe724b75aaff386 2026-01-30
FileHash-SHA1 1962888198ae972cbb999d0dc9c9ee5cbabf5e0d SHA1 of e285feeca968b3ca22017a64363eea5e69ccd519696671df523291b089597875 2026-01-30
FileHash-SHA1 3634e839429e462e49c5f42b75fbfb4ba318af6d SHA1 of 6df1787c4be82d1bb24f8bffa10c7738 2026-01-30
FileHash-SHA1 3d48d9b6654103fb71a184a93be9a1b4bd5b65a5 2026-01-30
FileHash-SHA1 851bd390bf559e702b8323062dbeb251d9f2f6f7 SHA1 of d73f7ee4e6e992a618d02580bdbf4fd6ba7c683d110928001092f4073341e95f 2026-01-30
FileHash-SHA1 9602a891f583094bb04fd407b253abcaffb8c8d0 SHA1 of 04e3cc8a9641b3f9f9c9370f4e9b5bdd 2026-01-30
FileHash-SHA1 d29a1ff9bc1fbf5c4c0cf3210c9aefe33fc8e5a5 SHA1 of 4f914d6a12b48374677859978d3def97 2026-01-30
FileHash-SHA1 dac9024f54d8f6df94935fb1732638ca6ad77c13 2026-01-30
FileHash-SHA1 375fcb825c3dc3752a02e34eb70993b4997191ef 2026-01-30
FileHash-SHA1 7cb0244c7cec5283e7efdadf5ccc58772dd67f42 2026-01-30
FileHash-SHA1 9bf69d5e8d01a92f413b60a4be003e323cb52f7f 2026-01-30
FileHash-SHA1 fdd1314ed3268a95e198603ba8316fa63cbcd82d 2026-01-30
FileHash-SHA1 37d008a5b6185c91fe348fdc8d65aff9f7a39b1c 2026-01-30
FileHash-SHA1 31450932a927284d0f22a5c6e590d16f4bb5225f 2026-01-30
FileHash-SHA1 1024196761088031310470318892063231232007 2026-01-30
FileHash-SHA1 1024341443366431378866321840468331232007 2026-01-30
FileHash-SHA1 1025196761088031310470318892063231232007 2026-01-30
FileHash-SHA1 9216196761088031310470318892063231232007 2026-01-30
FileHash-SHA1 9216199761088031310470321840468331232007 2026-01-30
FileHash-SHA1 0ca54c5ef31c3734d3db76844df48dec8e06a519 SHA1 of 09d9983cdf9197be1d0e89bb0a4554d9 2026-01-30
FileHash-SHA1 359a7e7d917582dd1f24e91beb66bacb924dff55 2026-01-30
FileHash-SHA1 37bf5045f518b451e730a5c6784406d2d110c2bc 2026-01-30
FileHash-SHA1 397e5dce0d96f77817369ae9ae57c70739d964e3 2026-01-30
FileHash-SHA1 399b783ff2bd2daf2bb7ea2bccc5f02b5a25394b 2026-01-30
FileHash-SHA1 58a3b78f651afbaa70192a5b9d4bdd0e923b1b9f 2026-01-30
FileHash-SHA1 5f318f98f625192d40f8b044a3ae8c8b44d289fc 2026-01-30
FileHash-SHA1 69d5db8e07c1aa4867c7576e5195d29c2c83e310 2026-01-30
FileHash-SHA1 76cc684a36e6a6b749f8d0bba0a6db1186612512 2026-01-30
FileHash-SHA1 79e40a637f50d8b60b628832686d753ff29b6f82 2026-01-30
FileHash-SHA1 9433291221504ff296f541ae4ff9394143e35ad7 2026-01-30
FileHash-SHA1 a0477c0887e9fd228f72ca72fc7d3927d785a60a 2026-01-30
FileHash-SHA1 a6513065fd1ff81f6befaf811b1363b1215cac1f 2026-01-30
FileHash-SHA1 aa8024649f547ba6312cc35d976ef702a1c75875 2026-01-30
FileHash-SHA1 aacf02ded907b232b01ff887f82f80d58c6a401a 2026-01-30
FileHash-SHA1 ae384940b7b5aa91c5fb01428f3ad4245e29b164 SHA1 of c3d6bbdd587830df28fabe09c6486164 2026-01-30
FileHash-SHA1 1871786c2acd90e940a97a0381dc19a649aff13c SHA1 of 2e22c4938e4342b21f6aa4b85edc9760a9106793fbd595c7ba51786529ff513c 2026-01-30
FileHash-SHA1 2315d588d34d61d5c6d3246b7e1bf4d86224b0e7 SHA1 of 0e829d52f3be006aa0929f8a915cad62e7596e2ace65b05b3154d2e578399581 2026-01-30
FileHash-SHA1 7469b8c34d16e1c192666e742eb8adff87148c98 SHA1 of 3a59f4dc26d6d039b4da331c599b95d2d6732d2c5a51a96084c7c0b90f2e8289 2026-01-30
FileHash-SHA1 931c28ea5234045ea6d39538243504fecd38dce7 SHA1 of 0d91e274ffd85d8e496a42f9db0644a437292d2fc0debf48c069747a601a1374 2026-01-30
FileHash-SHA1 9897e94a727d1d9d29c0324dd7d001f2576aada8 SHA1 of 972f4a47131c045fe3fa7fb360832c3fd627fa5fe906495d8031073124700a2a 2026-01-30
FileHash-SHA1 d5f5349fa57e6e94c6c8ab9b59a6cda84749646c SHA1 of b272660bf939bc6e9bcd515f33cf05c565158912cd550d618b421a4f59a0869e 2026-01-30
FileHash-SHA1 09ad59f606d3576ca36af3b3187d8161ba4ba208 SHA1 of 9bb13aa4227f2b39a8f5fcdf50af24c3 2026-01-30
FileHash-SHA1 0b7de9336cd428f185785d5d70fc52954502525e SHA1 of e4a426b2d1ef33379c496da3536f3700dfacda39f3edc666dd0795642584999d 2026-01-30
FileHash-SHA1 42488f6ab45b91c8ba7a80b130f111122152851d SHA1 of 04be5c4cdbe497024f1bd08c63bd8458 2026-01-30
FileHash-SHA1 4f25915fe315a6f2795aec001dad837bbf3d7728 SHA1 of 8bfe4d858a6597fbace8649427ab5b6f 2026-01-30
FileHash-SHA1 64a10d11b97e2d709a61ea438e32af85b38df979 SHA1 of 61460234f4fa2ee35c4407a3899ba274 2026-01-30
FileHash-SHA1 6fa9ac4f9b983315e088a284913ede35921f6e97 SHA1 of b07b9d914f28190a2a1dea452d67ca5a 2026-01-30
FileHash-SHA1 77a861aeee7d51ce0eb7c8c38dfd71e2bdf7cc39 SHA1 of e0bbb3dadf51e4bae42e53ee8734d86a 2026-01-30
FileHash-SHA1 9f3979115a87fb02d779184885858ab5d2d4ee9b SHA1 of c2c497aaa61ee4a3f14827917511263c 2026-01-30
FileHash-SHA1 a4b14aa2feb13030d4e56d66290d7b7829f7af3c SHA1 of f5635de935e4e1e2abb2ab0184ba6bd1 2026-01-30
FileHash-SHA1 a5c50d31e33882ff901186ebfc0962bf0c75ded7 SHA1 of 66bc1d0d22a3e9c6646c9d0e47c567d744ab6c6420f6c22698b0238bd7509de3 2026-01-30
FileHash-SHA1 aa1347a0144d815fd27222711c2d88f6736ef99b SHA1 of a936686d286eaa5091339b6e6dc01a65 2026-01-30
FileHash-SHA1 e36ca748045932110e8aab6bcb527dab810912fb SHA1 of b58fdea0b5be1d0f046c433e0ae35c3e1af822b226438538013081f0846c443e 2026-01-30
FileHash-SHA1 f78120002965109302058094449b0d7a17777763 SHA1 of b3fae9d42ab12da6e120db26e71d2f06 2026-01-30
FileHash-SHA1 fe46c10528e4a376628baa6f3ff478f772ff1003 SHA1 of 366e375bcfea07aad9c3757bd25bd6d4d870c29e18438b99429aed74a4197151 2026-01-30
FileHash-SHA1 fe4c71fef4b796c5f96d761f84a022d5880814f1 SHA1 of e4cd776a3893852a84281da60556b092 2026-01-30
FileHash-SHA1 c09f56be57de92946fc3a99fd8b245b6ede87088 2026-01-30
References (32)
↗ ‘Lumen Technologies’ Acting as administrator of a targeted Apple IOS device ↗ Yare: compromised_site_redirector_fromcharcode ↗ Alerts: network_icmp nolookup_communication js_eval recon_fingerprint ↗ Alerts: console_output has_pdb pe_unknown_resource_name ↗ File Type PEXE - PE32+ executable (console) x86-64, for MS Windows .. ↗ Tipped: A targets AI and other cyber research findings. ↗ A ‘Target’ became a ‘Target’ vja close association to main Target of predatory retaliation campaign. ↗ track.spywarewatchdog.org • https://track.spywarewatchdog.org - monitoring software ↗ https://palapa.c.id (c.id) ↗ Containers-Pecorino.PalantirGov.com -pecorino.palantirgov.com ↗ cedevice.io • decagonsoftware.com ↗ http://applevless.dns-dynamic.net/ • dns-dynamic.net ↗ http://www.pcup.gov.ph/images/2018/pdf/ComEnBancReso/Commission_Resolution_07s2018.PDF ↗ pcup.gov.ph: ↗ http://www.pcup.gov.ph/images/pdf/Contract_of_SecurityServices2013.pdf pcup.gov.ph: ↗ https://pcup.gov.ph/375 pcup.gov.ph: | https://www.pcup.gov.ph/ pcup.gov.ph: ↗ https://elegantcosmedampyeah.pages.dev/ ↗ https://www.ptv.vic.gov.au/more/travelling-on-the-network/lets-go/ ↗ inst.govelopscold.com ↗ https://feedback.ptv.vic.gov.au/360 ↗ nginx-php.7d4jelnf.trdlpbvl.sdp3.sdp.vic.gov.au ↗ nginx-php.standby.content-premier-vic-gov-au.sdp3.sdp.vic.gov.au ↗ https://hybrid-analysis.com/sample/a16d11910953b800369dbb667f178b3cc45cb8e3315217c0e6ceac68eeba206d ↗ https://brand.centurylinktechnology.com ↗ https://prod.centurylinktechnology.com ↗ https://brand2.centurylinktechnology.com ↗ https://mobile-pocket-guide.centurylinktechnology.com ↗ UPX_OEP_place ↗ Russia or Muskware? URL http://store.7box.vip/ad/C467F60A1AD6.Jpeg ↗ ASP. NET ↗ https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v4.0&appId=705930270206797&autoLogAppEvents=1 Akamai rank: ↗ 7box.vip