Pulse Detail — Threat Intelligence

PULSE NAME

Enemy of the State: Order in the Court • Part 4 - World Media

WHITE Q.Vashti 2026-04-27 Modified: 2026-05-27

5051

IOCs

HIGH VOLUME

Critical, out of control targeting. Suspected Pegasus related campaign seen in State of Colorado court and Hospital systems+++. The answer is NO. The crime victim / survivor was never going to be given a chance to bring forward a case of any type of. Silenced. Not allowed to pursue justice. Car accident. No. Robbed. No Assault. No. Either the State is heavily involved or systems are manipulated by adversaries. CVE found more than a year ago, Original OTX researchers Pulses not found. CVE Overview: In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.

wifi id april extraction enter sc type ol data upload extra referen wifi data wifi ntgraph xe dynamicloader high port a8 f0 c0 a0 c4 d8 a4 c4 cache yara rule write music explorer guard tracker media default file id login mwdb bazaar sha3384 ssdeep xport accept agent shutdown pe file network info sample aslr program mitre attack processes extra overview zenbox verdict iocs extra data included iocs indicator review iocs find dr wifi include review exclude sugges find s failed typ url registrant name all domain passive dns urls files access all ipv4 america flag des moines level zeppelin domain add united states active msie windows nt united search medium as16509 unknown upatre malware next ip address pty ltd url analysis trojan write c suspicious tt tr ultradns client service name servers emails world media contacted post u001b4nu0017 powershell sc data type enter data cre pul enric extraction data denver courts hacking mitm_attacks injustice tracking ai ee fc ff d5 domain australia files ip script script set cookie cookie related pulses learn ck id name tactics informative adversaries command defense evasion spawns javascript ascii text pattern match mitre att null refresh span hybrid general local path click strings error tools title look verify restart australia asn as9714 vocus body certificate present may japan unknown a domains value content type location japan shibuya japan asn as2497 internet dns resolutions domains top united states ipv4 targeting tsara brashears state colorado critical pornhub tulach sabey poleass foundrypalantir pegasus state quasi shhh denver dougco jeffrey reimer reimer gropes christopher ahmann workers compensation commerce industry aig industry commerce confluence

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1045 T1056 T1082 T1562 T1060 T1059.001 T1055 T1057 T1069 T1071 T1105 T1480 T1553 T1560 T1553.002 T1069.002 T1071.004 T1071.001 T1059

MALWARE FAMILIES

SLF:MSIL/PSTAnomaly.A Win.Trojan.Pushdo-20 TrojanDownloader:Win32/Cutwail.BS TrojanDownloader:Win32/Cutwail.BV World Media CVE-2022-26134

Indicators of Compromise (94 / 5051 total)

All FileHash-SHA256 hostname domain URL FileHash-MD5 FileHash-SHA1 CVE email SSLCertFingerprint

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA1	67c460a036df79419b3f280eaef622319e0504b3	SHA1 of 12598188b44d76a8828aa7a8211c4c1bfa8093f617928f5c8f3da9cd81a42d64	2026-04-27
FileHash-SHA1	42464c70fc16f3f361c2419751acd57d51613cdf	SHA1 of bee0439fcf31de76d6e2d7fd377a24a34ac8763d5bf4114da5e1663009e24228	2026-04-27
FileHash-SHA1	826d75e406808e3f002cb2b6da09003f78d612a1	SHA1 of b7e002005b4464d7d74d6c4d37f9fd25b6309b6504de57ab85b5fccb05427089	2026-04-27
FileHash-SHA1	60995149b0dfd30ce970b3224f025cd050612c99	SHA1 of 54bda6cf1cffa0cb553c2565653e73d79b0d7c665b70bf2f03f12ec5b635284f	2026-04-27
FileHash-SHA1	6840f36b268dd2ef5bc06d7191f2a4eb6640c1a2	SHA1 of 9c59cf262983b5a35efefdba0e408c229ed8d28a7eea8fa43633370535475c27	2026-04-27
FileHash-SHA1	941adad380e054b7a521f68479092a92fd779bca	SHA1 of 17c8115b3e609c5b1d13f7eb9e49f482ff515d484eb0948c8226ebe0fd78276c	2026-04-27
FileHash-SHA1	96c50156eee3050f5283982f08ece32781b743f6	SHA1 of c254b4fae14e0fed6289de459f579ace0bdba6d5254fc8b314eceeeba954dbec	2026-04-27
FileHash-SHA1	996f4fee7082f28818571043edbb3f7ae68db5b1	—	2026-04-27
FileHash-SHA1	a19992f0763649e53dfcea42c55836a26d2baa3b	SHA1 of 80d599121ff5fbf23e9513645f85dc1537305ad8f018915976b2aa3dc8cee907	2026-04-27
FileHash-SHA1	b6315615831c4d134287e9c098150e5a9e04eb61	SHA1 of 402a4ed3b5bfdc03a398705c69e696cf48d3222ed3f9ff10c5eb93ab58439215	2026-04-27
FileHash-SHA1	d658f330aaa0a54fbb256910c8f0f4f886fc71cf	SHA1 of dbf2aac9794df26bb34dcfe0dc2ca2a0	2026-04-27
FileHash-SHA1	d8e9a89655a995b10cde894e4ecba7e53784ce0e	SHA1 of 81a96e3e9bf5bd35e9b82ae141b4b618f0ef3ca824aebc1cf1e33327f407ac79	2026-04-27
FileHash-SHA1	f3d5fcaf72ef77e1dfad0cae23acd6d581611490	SHA1 of a5e3ded4dff907d728cdb22d85f0ebfe65895189bc1b13983d6687d46476efe0	2026-04-27
FileHash-SHA1	f6260341319ae1a3a10331e30e21922825b624c4	SHA1 of 5d1e8f9491b1ffc50842f01bbb0840614100ade16bbe3480dc9a3b502af28193	2026-04-27
FileHash-SHA1	fe6d149fe1d7d93267199ef1a5119cee900efa4a	SHA1 of 6cf3f690eaa26fc7e2e7d7abaa17add361fdc04432ba9d8cdada4fde699cd287	2026-04-27
FileHash-SHA1	208d0a0bb775661758394be7e4afb18357e46c8b	—	2026-04-27
FileHash-SHA1	28128363cf224400deb316c569f7bef19d42b550	—	2026-04-27
FileHash-SHA1	51f5fc61d8bf19100df0f8aadaa57fcd9c086255	—	2026-04-27
FileHash-SHA1	7440beff2f4f8fabc9315608a13bf26cabad27d9	—	2026-04-27
FileHash-SHA1	b97cc66471fcdee07d0ee36c7fb03f342c231f8f	—	2026-04-27
FileHash-SHA1	cca09b1e0fba38ba29d3972ed8dcecefdef8c152	—	2026-04-27
FileHash-SHA1	f4eda06901edb98633a686b11d02f4925f827bf0	—	2026-04-27
FileHash-SHA1	ba79469a72ef48d7e098442404233138f226e183	—	2026-04-27
FileHash-SHA1	5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5	SHA1 of 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560	2026-04-27
FileHash-SHA1	5c6e2906732912765b38efa837f18c9521702562	SHA1 of af393c97914697f367023c83e8544521b8d621b3add2538166f44125251c0918	2026-04-27
FileHash-SHA1	6883ce60e71a83424db0b41d0ab6bf61080e3de2	SHA1 of b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b	2026-04-27
FileHash-SHA1	9200314a136ff19f86964395b92e477c11a220f9	SHA1 of 546900b6f0800671d46058758a0fb3c497887a39be84778a984f35bbd231393b	2026-04-27
FileHash-SHA1	92235b3d49fd27218a58fbfad27ad6a619b54ffb	SHA1 of d2d8ccd68849e94ea6b84f6835d0fe98ffa5c11e74a1138529e3c0b8d8edfe60	2026-04-27
FileHash-SHA1	aba59853779b36c1c700372e32de986064cfa9d3	SHA1 of a1e983d9b4729f4a7c928892dcdc1ac32a3342a49eaf98d5a81e5e13903dd25c	2026-04-27
FileHash-SHA1	ac87d56a5b1a746cd9d329236f3276d134b54a76	SHA1 of 1642a0e331de8bda30ea7ff6dbb80074f109b98dfaa9417eda8d770aff334dac	2026-04-27
FileHash-SHA1	bcf48f96d6a6b0b17143beba327de94098425b1d	SHA1 of 104915c36c8fad3a35a79dbb899c27e51f2b739c27dd62e5717098c78ee16aea	2026-04-27
FileHash-SHA1	de8a847bff8c343d69b853a215e6ee775ef2ef96	SHA1 of 66687aadf862bd776c8fc18b8e9f8e20089714856ee233b3902a591d0d5f2925	2026-04-27
FileHash-SHA1	f487bfff48f35946a8ae9cff98bcc5219e0a6cf4	SHA1 of 07d923e8f7f69e6f36e2226723e8c1abed527b999942669a8eff8c50a0be65f6	2026-04-27
FileHash-SHA1	fb2220deb976814c90cc53ce59e95cf37277c321	SHA1 of 2997b002c00b1865b5b0345619219d5be41eecbaa1edd06939c10f9aef49b077	2026-04-27
FileHash-SHA1	52419f7474988f45f45c234f977a1ccaefa06dbc	SHA1 of c7a0965ecd6d4e5648cc4d62f9870325dc45d3f09eaa4e94fdc9df31dfc866c6	2026-04-27
FileHash-SHA1	b174878fee893a105c32514e95ca6a9f7953a45a	SHA1 of 9c270f1394cdb4387eee8669b11c7b5a05b7be6740513b0f92f04732e7c73f91	2026-04-27
FileHash-SHA1	cb92796715c799d7e717129eaec9a31ab04e403a	SHA1 of b47266fef17ad4b2e4ca6ee1d06c39a7	2026-04-27
FileHash-SHA1	03afce6b241be6c4cd9bc6c2f078eb833341715e	SHA1 of b96b6b6bbf75d48ab68d1d5b3e5f90fc970207679177bb44100c471dff0a4dd4	2026-04-27
FileHash-SHA1	1723be06719828dda65ad804298d0431f6aff976	SHA1 of 49aebf8cbd62d92ac215b2923fb1b9f5	2026-04-27
FileHash-SHA1	3d97a34b224684d607e4bd8f9817a14923481806	SHA1 of 2ea9a2b3728d5a6917b040480047e418a7c543bad44752ec00958280099fca39	2026-04-27
FileHash-SHA1	48d8a308d609dd1bdc98a31e54aaf99706aae821	SHA1 of eaae595de62dd4d15cfd626dedf115b95ccb258248d55ec8d84e803694bd889a	2026-04-27
FileHash-SHA1	48dcf8a91a79aaa9556a6064a8a5fa099f7d75ff	SHA1 of 9f85450f9362581f1c93079e9e2dcf90411f74f5d247bccdfb952e301fb05a6a	2026-04-27
FileHash-SHA1	48e0db2f73a5a20bd60387c32fc47094e2f57def	SHA1 of 6912b0e08e0c11ff91f50231e1d24f258408a2aab3ce9a0c180396f648710e51	2026-04-27
FileHash-SHA1	48e111f1760e8d7153a813cecae8c50c1859179a	SHA1 of c44f2ce9517d4112b9e502b486e2d16aec76d8ac0d4032555b7d851a43bfa5bb	2026-04-27
FileHash-SHA1	48f32524a95049e24ce57d112db3fd032c0e8c68	SHA1 of 990782fe210dd08e5ae875d70240b4aff42bed541466aca32e302faa257ef1ab	2026-04-27
FileHash-SHA1	48fbbe3497495cd6ba70b04c8520b6f959b8e312	SHA1 of a272e3257e997536019059282a816711800cf0bb8766aea75f4ed21390977787	2026-04-27
FileHash-SHA1	490fb0b904ecedfed27e4da5ea00b6e51a9869c7	SHA1 of 16ab3e25ae505aefb606d6ed011928561c6faa2b74a99499d9d1f40d6572cfff	2026-04-27
FileHash-SHA1	b16121f2fe5304ad6deb1bf6a3ba3a7e7c4d2cb2	SHA1 of cf1fa7c33b6ccc18cebc6867fa6b7019bea9d7192a6bb9c10756c757413159f0	2026-04-27
FileHash-SHA1	fb9d2386c2ea42a71c453b76377d08cbc260c601	—	2026-04-27
FileHash-SHA1	18fd0ee0735c3aa8d61c81ea6c5dbb021db0837a	SHA1 of 1f8eba9c5596fb5f423b08f35ba698e1693cd53adcfa4100210fda52a10c16ef	2026-04-27
FileHash-SHA1	5dad01902d01d71ae0b86fb0a143f8db3fde1359	SHA1 of 80ff5df7fc7f5fa0031611b02c75c71e3a84217eadb4eb9cfd2e62a88697aa92	2026-04-27
FileHash-SHA1	7c43d3320d46a19cd1b3561fc6719262d30943da	SHA1 of 4014bd802f609b151e096f5550cb6027cd50383181a3f90f57247c63289817d7	2026-04-27
FileHash-SHA1	3c9960bf2a8052b781dc420f0ee7f69b56b2af8f	SHA1 of a8a33f99d0c761d07c1271a5f8f29e73590cd69f32b93e00f87c549658c7e63e	2026-04-27
FileHash-SHA1	2c5749aff632fbba280e694a1ffcdeaf1945d0f2	—	2026-04-27
FileHash-SHA1	18410580ee05f654e464f4dfbf279e7b02ccd787	SHA1 of 53147050a3f5fd26d55c175c3f9191898fee2c72af8f44de2f6e8681ba465096	2026-04-27
FileHash-SHA1	d66994f7bc18f6f2095cfeb3096cc55cc5732d31	SHA1 of 527c8f5cda8b8bc200c2f1d93aedeeea7e89476524e6b98c3f1c42d30395e7bf	2026-04-27
FileHash-SHA1	470c1ca449f2d88631f28eb42a24fd8fe50be486	SHA1 of 458fe77863253f777c4d1e3ac87f90d19baafadf26985336a5d394b468622331	2026-04-27
FileHash-SHA1	1e33b376726aa9c1ca162e40223070eac99aca23	—	2026-04-27
FileHash-SHA1	1cecd3cc78033d7faa6606ec2ad452a01c0c13c9	—	2026-04-27
FileHash-SHA1	2d922b223885c53ec8a2f406d5faa7a5fea983c1	SHA1 of 6dda84882db1388ee5eba67e3047badd9bb49af6afdc07ad4de5708c382ce893	2026-04-27
FileHash-SHA1	1ebbb5850ff6435351b774d425c0d345d8bc3024	—	2026-04-27
FileHash-SHA1	2092518c72b87f34342b0a1c324fad21e341e9d5	—	2026-04-27
FileHash-SHA1	35ccc34d4bb374e1a39f04a1f4e27fa789b8a609	—	2026-04-27
FileHash-SHA1	3c96c993500690d1a77873cd62bc639b3a10653f	—	2026-04-27
FileHash-SHA1	4191f7c882794059f16fb132017adfce30ef5044	—	2026-04-27
FileHash-SHA1	4599421a5d00c03d74e2f0f1a1295b679558bc59	—	2026-04-27
FileHash-SHA1	4bfc620bda91605b633fb3a25a999d5d51253855	—	2026-04-27
FileHash-SHA1	4e886e1fdeb043fd8ffa6f5cd6949428b279453f	—	2026-04-27
FileHash-SHA1	523b370b0dcceac0b1baffa0a2ee69f441eb32e6	—	2026-04-27
FileHash-SHA1	5277cbd42ed52fcdee945067e607d2e8c2e699d8	—	2026-04-27
FileHash-SHA1	5ca12ade6e22e0995d7b4fa53a71bbbc7d4d582c	—	2026-04-27
FileHash-SHA1	5fead71ca3e2263a4fe46984cd95f96a62fc572a	—	2026-04-27
FileHash-SHA1	66fb5af87a69da00731a2c7b9fb8ab9033a46414	—	2026-04-27
FileHash-SHA1	6943fcebf6f7555ee9bde90303d4a52129bdaf64	—	2026-04-27
FileHash-SHA1	76d5f7d229fbde4a974bea3e2bcb7249ead8903d	—	2026-04-27
FileHash-SHA1	8194bb6cf6bea579a315af1369675e05c8be2e91	—	2026-04-27
FileHash-SHA1	8f12010dfaacdecad77b70a3e781c707cf328496	—	2026-04-27
FileHash-SHA1	9f6b63f2d161f2df61c1cad5ae86c6267997cf91	—	2026-04-27
FileHash-SHA1	9fcee0f3fb5c2c6af8e72ce3235748f1b191b38f	—	2026-04-27
FileHash-SHA1	9ffb9e0881f464a9fa1fd882e6163762e9ab9417	—	2026-04-27
FileHash-SHA1	b6765434ac71b80c75935ea898fd7fca194d4d95	—	2026-04-27
FileHash-SHA1	b69cd71f68fe35a9ce0d7ea17b5f1b2bad9ea8fa	—	2026-04-27
FileHash-SHA1	be2e120b15e56f82051e31cb8ab833b63740af3c	—	2026-04-27
FileHash-SHA1	ce6a63f996df3a1cccb81720e21204b825e0238c	—	2026-04-27
FileHash-SHA1	cf93c9d7c5b3aa9a615e39ca05c21a6be8888ea5	—	2026-04-27
FileHash-SHA1	e9eaa065bd6585a1b176e13615fd7e6ef96230a9	—	2026-04-27
FileHash-SHA1	eb4a6e4720196bd0df249ede7d88d083b8ea989c	—	2026-04-27
FileHash-SHA1	ec81af89df7c003b33e922bc8a808e208b12d853	—	2026-04-27
FileHash-SHA1	f24a89791600c2e2651371ac9d1c6449226e3e1d	—	2026-04-27
FileHash-SHA1	f58764ec38ae2515a8bd69ee6ae1d7486d2cb045	—	2026-04-27
FileHash-SHA1	fff55404fdec4288c3c085bca35a69942227956d	—	2026-04-27
FileHash-SHA1	e6d590f27a86240a896152b950bb52096953ff89	SHA1 of 77f4298fe1c31b0f7ce6ba6de1c6fc327dd86299d47599a4e6f0175041a45832	2026-04-27
FileHash-SHA1	e92c4a03f3efb359ec9062fb1b9523e3fc710b55	—	2026-04-27
FileHash-SHA1	e9f5970d47c0d2c298d83fb652c7bd8ec011631c	SHA1 of 239c8e3378426fbba3d2215692e97ef6d98a76032ab0a2ab4b58bce1414328b3	2026-04-27

References (33)

↗ [DR] Wifi ID Login v1.3 [03 April 2014].exe ↗ 7d10881f146e0d4659948a3555b1eee33950647a3c830978d26f2c8e88d2a90a ↗ bell.ca ↗ indonesiawifi.net • http://welcome.indonesiawifi.net/wifi.id/speedy/?switch_url=http ↗ https://welcome.indonesiawifi.net/wifi.id/flexizone ↗ SLF:MSIL/PSTAnomaly.A SHA1 826d75e406808e3f002cb2b6da09003f78d612a1 [winPEAS.exe] SQLite.Interop.pdb ↗ A target pursued post criminal assault on Pinnacol Assuranve insured premises ↗ https://tms.lingyiitech.com/ELSServer_LYZZ/ • https://oa.lingyiitech.com/login.jsp ↗ IDS Detections: Backdoor.Win32.Pushdo.s Checkin Observed DNS Query to .biz TLD ↗ IDS Detections: HTTP Request to a *.tw domain 403 Forbiddenau ... ↗ Yara Detections: PWSWin32Kegotip , VirusWin32Gogo , VirusWin32Hala , VirusWin32Wholdor ↗ Alerts: behavior_upatre multiple_useragents persistence_autorun network_icmp dead_connect ↗ Alerts:static_pe_anomaly suricata_alert antisandbox_sleep dynamic_function_loading ↗ Alerts: http_request network_cnc_http network_http packer_entropy injection_rwx ↗ Alerts: antidebug_setunhandledexceptionfilter antivm_network_adapters ↗ IP’s Contacted: 143.204.237.45 58.138.175.188 65.38.128.10 147.21.128.26 78.41.204.31 132.148.77.44 ↗ IP’s Contacted: 185.104.29.148 92.122.107.204 139.76.134.15 184.150.211.195 ↗ Domains Contacted: 0handicap.at accountingtechs.biz 4dbenelux.be accountant.com knology.net ↗ Domains Contacted: badactor.us revasal.com yahoo.se excite.fr primus.com.au ↗ Backdoor.Win32.Pushdo.s Checkin ↗ https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian ‘nonsense Denver County Courts) ↗ Name Servers PDNS1.ULTRADNS.NET Org ↗ World Media Group, LLC Address 90 lrojanbownloader.vns. Washington Valley Rd., # ↗ https://otx.alienvault.com/indicator/cve/CVE-2022-26134 ↗ Phishing: http://gravityboard.com/?ptrxcz_quy147AEHKNQUXadgkorvy158BFILO ↗ Created Pulses: NSO Group [Unnamed group] Unnamed group pi, pdfkit.net State of Colorado ↗ CVE-2022-26134 Base Severity: Critical | Targeted | NSO Pegasus Relationships suspected ↗ https://www.mirvish.com/shows/come-from-away&geo=ca&merchantid=407759&useragent=Mozilla/5.0 (Linux; Android 13; Pixel 4a (5G) Build/TQ2A.230505.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/112.0.5615.136 Mobile Safari/537.36 GoogleApp/14.16.27.29.arm64 AppEngine-Google; (+ No Expiration ↗ Apple Cons: https://stetsed.xyz/apple • https://www.collierhonorflight.org/apple-touch-icon.png ↗ nr-data.net • https://www.sandoll.co.kr/AppleSDGothicNeo • aka.ms ↗ CVE-2022-26134 • CVSS V3 Severity ATTACK COMPLEXITY: LOW ATTACK VECTOR: NETWORK AVAILABILITY ↗ IMPACT: HIGH BASE SCORE: 9.8 BASE SEVERITY: CRITICAL CONFIDENTIALITY IMPACT: HIGH INTEGRITY IMPACT: HIGH ↗ CVE-2022-26134 • PRIVILEGES REQUIRED: NONE