← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
EbeeMay2026 Pt4
WHITE Deploy Shai-Hulud Clones, Banana RAT, P2Pinfect Kubernetes Compromise, TamperedChef IMEBEEIMFINE 2026-05-24 Modified: 2026-05-24
946
IOCs
HIGH VOLUME
Multiple APT/threat actors, Malware and Campaigns
filehashsha256filehashmd5filehashsha1cve20232868 cvecve20231389 cvecve20214034 cvecve20213493 cve
Indicators of Compromise (59 / 946 total)
All IPv4 URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 CIDR CVE domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://hebsbsbzjsjshduxbs.xyz/api/debug/event 2026-05-24
URL http://hebsbsbzjsjshduxbs.xyz/gate 2026-05-24
URL http://hebsbsbzjsjshduxbs.xyz/gate/chunk 2026-05-24
URL https://utaq.cfww.shop/gooll/gooll.html 2026-05-24
URL http://135.181.237.59:443 2026-05-24
URL http://142.250.151.94:80 2026-05-24
URL http://149.154.167.99:443 2026-05-24
URL http://169.40.135.35/dctrpr/agentdiesel.hta 2026-05-24
URL http://169.40.135.35/dctrpr/basketpast.hta 2026-05-24
URL http://169.40.135.35/dctrpr/slippersuppity.hta 2026-05-24
URL http://169.40.135.35/dctrprraclus.zip 2026-05-24
URL http://172.86.73.132/windows.exe 2026-05-24
URL http://216.126.225.0 2026-05-24
URL http://216.126.225.243 2026-05-24
URL http://216.126.225.243:8085 2026-05-24
URL http://216.126.225.243:8085/8086/8087 2026-05-24
URL http://216.126.225.243:8085/upload 2026-05-24
URL http://216.126.225.243:8086 2026-05-24
URL http://216.126.225.243:8086/upload 2026-05-24
URL http://216.126.225.243:8087 2026-05-24
URL http://216.126.225.255 2026-05-24
URL http://24.199.90.58/payload.php 2026-05-24
URL http://24.199.90.58:80/Disease_vector 2026-05-24
URL http://24.199.90.58:80/payload.php 2026-05-24
URL http://24.199.90.58:80/st.txt 2026-05-24
URL http://80.200.28.28:2222 2026-05-24
URL http://82.221.101.203:8443/q?h= 2026-05-24
URL http://82.221.101.203:8443/q?h=$ 2026-05-24
URL http://82.221.101.203:8443/r?h=$ 2026-05-24
URL http://events.msft23.com/process 2026-05-24
URL http://hebsbsbzjsjshduxbs.xyz/api/bot/heartbeat 2026-05-24
URL http://sentinelonepro.com:443 2026-05-24
URL http://sh.azurestaticprovider.net:443 2026-05-24
URL http://t.m-kosche.com:443 2026-05-24
URL https://cdnupdatenews.top/dl?fid=38 2026-05-24
URL https://check.git-service.com/rope.pyz 2026-05-24
URL https://clo4shara.xyz/11z77u3.php 2026-05-24
URL https://cloud-verification.com/update.zip 2026-05-24
URL https://com-apps.cc/11z77u3.php 2026-05-24
URL https://com-apps.cc/NotepadPlusPlus.zip 2858eea059aea9789fb32ec31c284c54030114649f29daf78a2a1bd6516092b5 2026-05-24
URL https://com-apps.cc/update.zip 2026-05-24
URL https://community.chocolatey.net/install.ps1|iex 2026-05-24
URL https://convitemundial2026.com/Consultar_NF-e.bat 2026-05-24
URL https://everycarebd.com/imagelkjh0987.png 2026-05-24
URL https://flipboxstudio.info/payload 2026-05-24
URL https://fus.rngupdatem.buzz 2026-05-24
URL https://geminicli.com/ 2026-05-24
URL https://jalwat.com/static/uploads/campaigns/6/update.zip 2026-05-24
URL https://l1ewsu3yjkqeroy.xyz/api/ip-sync/sync 2026-05-24
URL https://platecrumbs.com/11z77u3.php 2026-05-24
URL https://script-dev.digital/api/css.js 2026-05-24
URL https://sentinelonepro.com:443 2026-05-24
URL https://staticcloudflare.pro/api/css.js 2026-05-24
URL https://svc.wompworthy.com e3ebaa16dd9d9b9fc107c42183fb6cf9d22927e1af03dbbdfa0ccc38e4e4ac31 2026-05-24
URL https://t.m-kosche.com/rope.pyz 2026-05-24
URL https://t.m-kosche.com:443/api/public/otel/v1/traces 2026-05-24
URL https://taketwolabs.com/wp-content/NotepadPlusPlus.dll 2026-05-24
URL https://utaq.cfww.shop/gooll/49554fde7424c31c.js 2026-05-24
URL https://www.pinvoke.net/default.aspx/advapi32.credwrite 2026-05-24
References (1)
↗ IOCs-MAY2.csv