Pulse Detail — Threat Intelligence

PULSE NAME

SkyCloack

WHITE skocherhan 2026-04-01 Modified: 2026-05-01

488

IOCs

HIGH VOLUME

↓ CSV ↓ JSON

Indicators of Compromise (39 / 488 total)

All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	http://viprt1.9966.org:8008/WK/wk.exe	—	2026-04-01
URL	http://139.224.215.67:12317/api/public/dl/ESTu4-Hi/frpc.toml	—	2026-04-01
URL	http://139.224.215.67:12317/api/public/dl/FDYdeqBf/7z.exe	—	2026-04-01
URL	http://139.224.215.67:12317/api/public/dl/L4KoMjUR/OpenSSH.msi	—	2026-04-01
URL	http://139.224.215.67:12317/api/public/dl/tTTW_cPZ/user.txt	—	2026-04-01
URL	http://139.224.215.67:12317/api/public/dl/yIeCfg85/frp.zip	—	2026-04-01
URL	http://139.224.215.67:5000/	—	2026-04-01
URL	http://185.23.238.149/OpenSSH-Win64.zip	—	2026-04-01
URL	http://185.23.238.149/tunnel.dat	—	2026-04-01
URL	http://91.241.122.210:8082/l	—	2026-04-01
URL	http://91.241.122.210:8082/s/loader	—	2026-04-01
URL	http://91.241.122.210:8082/s/reverse-proxy	—	2026-04-01
URL	http://91.241.122.210:8082/s/stealer	—	2026-04-01
URL	http://91.241.122.210:8082/stealer-final/	—	2026-04-01
URL	http://91.241.122.210:8082/stealer-final/QM00001	—	2026-04-01
URL	http://91.241.122.210:8082/upload	—	2026-04-01
URL	http://crl.ngrok-agent.com/ngrok.crl	—	2026-04-01
URL	http://viprt1.9966.org/	—	2026-04-01
URL	http://viprt1.9966.org:8008/WK/	—	2026-04-01
URL	http://viprt1.9966.org:8008/WK/%C3%83%C2%83%C3%83%C2%85%C3%83%C2%82%C3%83%C2%9E/	—	2026-04-01
URL	http://viprt1.9966.org:8008/WK/%C3%83%C2%85%C3%83%C2%A4%C3%83%C2%96%C3%83%C2%83/	—	2026-04-01
URL	http://viprt1.9966.org:8008/WK/%C3%83%C3%85%C3%82%C3%9E/	—	2026-04-01
URL	http://viprt1.9966.org:8008/WK/%C3%85%C3%A4%C3%96%C3%83/	—	2026-04-01
URL	http://viprt1.9966.org:8008/WK/?C=D;O=A	—	2026-04-01
URL	http://viprt1.9966.org:8008/WK/?C=D;O=D	—	2026-04-01
URL	http://viprt1.9966.org:8008/WK/?C=M;O=A	—	2026-04-01
URL	http://viprt1.9966.org:8008/WK/?C=M;O=D	—	2026-04-01
URL	http://viprt1.9966.org:8008/WK/?C=N;O=A	—	2026-04-01
URL	http://viprt1.9966.org:8008/WK/?C=N;O=D	—	2026-04-01
URL	http://viprt1.9966.org:8008/WK/?C=S;O=A	—	2026-04-01
URL	http://viprt1.9966.org:8008/WK/?C=S;O=D	—	2026-04-01
URL	http://viprt1.9966.org:8008/robots.txt	—	2026-04-01
URL	https://s3api.shop/api/sfile.zip	—	2026-04-01
URL	https://api.telegram.org/bot8617483102:AAGkFE-x8Z81Ex-PtnzkMURy1-1CI3KGpdU/sendMessage?chat_id=-5185728008&text=SUPPORT%20REQUEST%0A%0APC:%20WALKER-PC%0AUser:%20WALKER%0AOS:%20%0ARDP:%20YES%0ARDP%20Port:%202360%0ASSH%20Port:%202460%0ASSH%20User:%20rsupport%0ASSH%20Pass:%20Sup9985	—	2026-04-01
URL	https://github.com/PowerShell/Win32-OpenSSH/releases/download/v8.1.0.0p1-Beta/OpenSSH-Win64.zip	—	2026-04-01
URL	https://github.com/PowerShell/Win32-OpenSSH/releases/download/v9.5.0.0p1-Beta/OpenSSH-Win64.zip	—	2026-04-01
URL	https://github.com/davebsd/senas/raw/main/OpenSSH-Win64.zip	—	2026-04-01
URL	https://raw.githubusercontent.com/davebsd/senas/main/OpenSSH-Win64.zip	—	2026-04-01
URL	https://raw.githubusercontent.com/master131/ExtremeInjector/master/version	—	2026-04-01