{ "type": "Domain", "indicator": "bayerngrow.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/bayerngrow.com", "alexa": "http://www.alexa.com/siteinfo/bayerngrow.com", "indicator": "bayerngrow.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4036681467, "indicator": "bayerngrow.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 8, "pulses": [ { "id": "683202092d4ff2099430b6d3", "name": "urlhaus 30days", "description": "", "modified": "2026-02-09T00:11:12.303000", "created": "2025-05-24T17:29:45.368000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 61, "FileHash-SHA1": 4, "FileHash-SHA256": 31, "URL": 28057, "domain": 435, "hostname": 423 }, "indicator_count": 29011, "is_author": false, "is_subscribing": null, "subscriber_count": 182, "modified_text": "111 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "695fd5fa266f9ea34c8f5c45", "name": "Cats and Kittens Attack Mirai Botnet and how it may target Threat Exchange users", "description": "Cat attacks related to LummaC2 attacks,info stealing, domain seizures, etc. Including are references to the Lumma C2 with cats and Aura Stealer attacks. Same attack group , includes Mirai Botnet. Has the group become a larger , stronger adversary? \nSony Music connection. I\u2019m aware (The US Department of Justice and Microsoft disrupted LummaC2 infostealing-malware through domain seizures, taking down over 2,300 associated domains. The FBI and CISA by AlienVault) Further research necessary.", "modified": "2026-02-07T14:04:48.556000", "created": "2026-01-08T16:06:18.126000", "tags": [ "levelblue labs", "mirai", "windows", "ck ids", "application", "network denial", "service", "contacted", "search", "unknown", "top source", "top destination", "source source", "china as4812", "av detections", "ids detections", "yara detections", "alerts", "analysis date", "enter", "udp include", "country", "unique", "unique asns", "ip hostname", "reverse ip", "lookup country", "china as17429", "taiwan as3462", "new caledonia", "as18200 office", "china as4538", "china as9394", "india as137654", "japan as2514", "japan as9365", "china as45083", "endian", "linux", "apple", "linux subsys", "lang c", "linenum", "lsyms", "machine", "static", "va", "os linux", "nx", "relocs", "intel 8038", "elf32", "malware distribution", "domain seizures", "infostealing malware", "cat-themed domains", "gather victim", "t1589", "t1568", "t1590", "web protocols", "drop resolver", "t1568 t1590", "show", "filehash", "md5 add", "pulse pulses", "copy", "affected _and_fixed", "thank you" ], "references": [ "cat-are-here.ru", "Antivirus Detections: Unix.Trojan.Mirai-10028259-0 | Mirai (ELF) Mirai (Windows", "Yara Detections: LZMA", "IP\u2019s Contacted: 32.227.223.238 107.74.143.88 69.196.71.159 96.16.197.80 101.80.61.229 125.101.205.34", "IP\u2019s Contacted: 16.85.50.206 215.160.125.18 40.71.227.8 57.122.151.130", "All Domains Contacted: thekittler.ru newkittler.ru cats-master.ru", "https://otx.alienvault.com/indicator/file/b57042ed9a7d7dbe1f7c7f32de74d2b367ee835d", "https://otx.alienvault.com/indicator/domain/cat-are-here.ru", "CloudFlare IP\u2019s: 104.18.36.237 ,104.18.37.237", "CloudFlare Domain: apple-dns.net", "Cloudflare URL: https://forms.sonymusicfans.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js", "https://forms.sonymusicfans.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js", "http://213.209.143.24/ppc \u2022 http://213.209.143.24/rep.i486 \u2022 http://213.209.143.24/rep.sh4", "http://213.209.143.24/x32 \u2022 https://250-mail.simswap.in \u2022 https://mail.simswap.in", "http://kittler.ru/arm5 \u2022 http://kittler.ru/mpsl \u2022 http://thekittler.ru/rep.arm7", "http://kittler.ru/rep.sh4 \u2022 http://kittler.ru/x32 \u2022 http://cats-master.ru/x86_64", "sonymusicfans.com \u2022 forms.sonymusicfans.com \u2022 image.emails.sonymusicfans.com \u2022 url8878.e.sonymusicfans.com", "https://forms.sonymusicfans.com/campaign/cannons-all-i-need-pre-add-pre-save/", "https://forms.sonymusicfans.com/wp-content/plugins/smf-core/assets/css/campaign_333c4e8b19a72989caf8.css", "https://view.emails.sonymusicfans.com/Error.aspx", "URL http://url8878.e.sonymusicfans.com/ls/click \u2022 https://forms.sonymusicfans.com/campaign/all", "http://url8878.e.sonymusicfans.com/ \u2022 http://url8878.e.sonymusicfans.com/ls/click", "https://forms.sonymusicfans.com/campaign/all \u2022 https://forms.sonymusicfans.com/campaign/mmph/", "https://image.emails.sonymusicfans.com/lib/fe9a12747566007d70/m/1/eb6e3ce4-7a7b-4435-a2cd-968f7277e6e0.png", "https://image.emails.sonymusicfans.com/lib/fe9412747566057a72/m/1/b381d305-8e17-49be-bc99-e5fab3a7cd17.gif", "push.apple.com \u2022 emails.redvue.com \u2022 apple-dns.net \u2022 57.122.151.130 \u2022 https://teja8.kuikr.com/i6/20181130/Apple", "Tracking LummaC2 Infrastructure with Cats (byAlienVault) https://otx.alienvault.com/pulse/6839003a3028827e1ebbfb1a", "Interesting relationships: LummaC2 , Mirai Botnet , Sony Music Group , Apple", "https://otx.alienvault.com/pulse/694898db3a9999fecfd893cb" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Mirai (ELF)", "display_name": "Mirai (ELF)", "target": null }, { "id": "Mirai (Windows)", "display_name": "Mirai (Windows)", "target": null }, { "id": "Unix.Trojan.Mirai-10028259-0", "display_name": "Unix.Trojan.Mirai-10028259-0", "target": null }, { "id": "Unix.Trojan.Gafgyt-6981160-0", "display_name": "Unix.Trojan.Gafgyt-6981160-0", "target": null } ], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1595", "name": "Active Scanning", "display_name": "T1595 - Active Scanning" }, { "id": "TA0001", "name": "Initial Access", "display_name": "TA0001 - Initial Access" }, { "id": "TA0007", "name": "Discovery", "display_name": "TA0007 - Discovery" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1584", "name": "Compromise Infrastructure", "display_name": "T1584 - Compromise Infrastructure" }, { "id": "T1589", "name": "Gather Victim Identity Information", "display_name": "T1589 - Gather Victim Identity Information" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1584.001", "name": "Domains", "display_name": "T1584.001 - Domains" }, { "id": "T1102.001", "name": "Dead Drop Resolver", "display_name": "T1102.001 - Dead Drop Resolver" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 74, "FileHash-SHA1": 74, "FileHash-SHA256": 1067, "URL": 2140, "domain": 247, "hostname": 674, "CVE": 2 }, "indicator_count": 4278, "is_author": false, "is_subscribing": null, "subscriber_count": 147, "modified_text": "112 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "672f6ed2b564f00b7c5cb13f", "name": "Threatfox Recent Additions", "description": "", "modified": "2025-06-13T19:00:02.811000", "created": "2024-11-09T14:16:50.032000", "tags": [], "references": [ "", "https://threatfox.abuse.ch/export/csv/recent/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 96, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ameermane", "id": "77501", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 47587, "URL": 18714, "FileHash-SHA256": 36311, "FileHash-MD5": 1630, "FileHash-SHA1": 418, "hostname": 18190 }, "indicator_count": 122850, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "351 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68207c3797a9a4b7ba37517f", "name": "[GS-25-19131] Mirai Botnet IOCs - SEC-1275-1", "description": "Search for the Mirai botnet, \u00c2\u00a31.5m, and the results of the search will appear on the BBC News website at 21:00 GMT on Thursday, 2 March 2017.", "modified": "2025-06-10T10:03:50.769000", "created": "2025-05-11T10:30:15.296000", "tags": [ "ddos", "mirai internet", "things", "mirai", "mirai botnet", "iocs", "linux", "botnet mirai", "gs2519131", "gs2519129", "gs2519125", "ipv4", "twitter", "gs2519126" ], "references": [ "https://1275.ru/ioc/gs-25-19131-mirai-botnet-iocs_11023", "https://1275.ru/ioc/gs-25-19129-mirai-botnet-iocs_11015", "https://1275.ru/ioc/gs-25-19128-mirai-botnet-iocs_11001", "https://1275.ru/ioc/gs-25-19127-mirai-botnet-iocs_10989", "https://1275.ru/ioc/gs-25-19125-mirai-botnet-iocs_10956", "https://1275.ru/ioc/gs-25-19126-mirai-botnet-iocs_10970" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Mirai", "display_name": "Mirai", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Gnostis", "id": "44738", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_44738/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 783, "FileHash-SHA1": 783, "FileHash-SHA256": 783, "URL": 3496, "domain": 18, "hostname": 63 }, "indicator_count": 5928, "is_author": false, "is_subscribing": null, "subscriber_count": 172, "modified_text": "354 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6819c4a015d36461e17d8705", "name": "[GS-25-17111] Mirai Botnet IOCs - SEC-1275-1", "description": "", "modified": "2025-06-05T08:03:40.910000", "created": "2025-05-06T08:13:20.721000", "tags": [ "mirai botnet", "iocs", "mirai", "linux", "botnet mirai", "botnet iocs", "gs2519125", "gs25181222", "gs2518122", "gs2518120", "twitter" ], "references": [ "https://1275.ru/ioc/gs-25-17111-mirai-botnet-iocs_10627", "https://1275.ru/ioc/reindex-5-mirai-botnet-iocs_10623", "https://1275.ru/ioc/gs-25-16110-mirai-botnet-iocs_10610", "https://1275.ru/ioc/gs-25-16108-mirai-botnet-iocs_10596", "https://1275.ru/ioc/gs-25-16107-mirai-botnet-iocs_10586" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Mirai", "display_name": "Mirai", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 34, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Gnostis", "id": "44738", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_44738/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1308, "FileHash-SHA1": 1308, "FileHash-SHA256": 1308, "URL": 53, "domain": 11, "hostname": 17 }, "indicator_count": 4005, "is_author": false, "is_subscribing": null, "subscriber_count": 172, "modified_text": "359 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6819c4e061801b38a9d9de26", "name": "[GS-25-16106] Mirai Botnet IOCs - SEC-1275-1", "description": "The Mirai botnet, a malicious software designed to disrupt the internet, has been reported to the Court of Arbitration for Sport (CAS) in London, but what does this mean?", "modified": "2025-06-05T08:03:40.910000", "created": "2025-05-06T08:14:24.055000", "tags": [ "mirai botnet", "iocs", "mirai", "linux", "botnet mirai", "botnet iocs", "gs2519125", "gs25181222", "gs2518122", "gs2518120", "twitter" ], "references": [ "https://1275.ru/ioc/gs-25-16106-mirai-botnet-iocs_10448", "https://1275.ru/ioc/gs-25-16105-mirai-botnet-iocs_10442", "https://1275.ru/ioc/gs-25-16104-mirai-botnet-iocs_10418", "https://1275.ru/ioc/gs-25-15101-mirai-botnet-iocs_10391", "https://1275.ru/ioc/gs-25-15100-mirai-botnet-iocs_10375" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Mirai", "display_name": "Mirai", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Gnostis", "id": "44738", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_44738/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 806, "FileHash-SHA1": 806, "FileHash-SHA256": 806, "URL": 11, "hostname": 6, "domain": 7 }, "indicator_count": 2442, "is_author": false, "is_subscribing": null, "subscriber_count": 171, "modified_text": "359 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68018ebb9889da08d0c32da7", "name": "URLHaus data - 17-04-2025", "description": "", "modified": "2025-05-17T23:00:53.793000", "created": "2025-04-17T23:28:59.014000", "tags": [ "32-bit", "elf", "mips", "Mozi", "ClearFake", "arm", "mirai", "opendir", "WsgiDAV", "Havoc", "gafgyt", "ascii", "bat", "Braodostealer", "lnk", "xml-opendir", "censys", "hajime", "StrelaStealer", "backdoor", "sshdkit", "exe", "CobaltStrike", "shellcode", "botnetdomain", "sh" ], "references": [ "https://urlhaus.abuse.ch/browse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1000, "hostname": 13, "domain": 16 }, "indicator_count": 1029, "is_author": false, "is_subscribing": null, "subscriber_count": 1620, "modified_text": "378 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67aef96c8174f6413b3b816d", "name": "[GS-607] Mirai Botnet IOCs - SEC-1275-1", "description": "Mirai, the botnet-hunting software developed by Russian hackers, is being used to track and track the activity of more than 100,000 people on the internet and in the dark.", "modified": "2025-03-16T08:03:13.710000", "created": "2025-02-14T08:06:02.890000", "tags": [ "mirai botnet", "iocs", "mirai", "linux", "toggle", "compromise ipv4", "sha1", "sha256", "gs003", "gs005" ], "references": [ "https://1275.ru/ioc/9413/gs-607-mirai-botnet-iocs/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Mirai", "display_name": "Mirai", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Gnostis", "id": "44738", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_44738/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 5, "hostname": 5, "FileHash-MD5": 116, "FileHash-SHA1": 116, "FileHash-SHA256": 116 }, "indicator_count": 358, "is_author": false, "is_subscribing": null, "subscriber_count": 172, "modified_text": "440 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "Tracking LummaC2 Infrastructure with Cats (byAlienVault) https://otx.alienvault.com/pulse/6839003a3028827e1ebbfb1a", "", "https://forms.sonymusicfans.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js", "https://1275.ru/ioc/gs-25-16104-mirai-botnet-iocs_10418", "https://forms.sonymusicfans.com/campaign/cannons-all-i-need-pre-add-pre-save/", "https://forms.sonymusicfans.com/wp-content/plugins/smf-core/assets/css/campaign_333c4e8b19a72989caf8.css", "https://1275.ru/ioc/gs-25-16108-mirai-botnet-iocs_10596", "URL http://url8878.e.sonymusicfans.com/ls/click \u2022 https://forms.sonymusicfans.com/campaign/all", "https://1275.ru/ioc/gs-25-16105-mirai-botnet-iocs_10442", "cat-are-here.ru", "https://1275.ru/ioc/gs-25-19127-mirai-botnet-iocs_10989", "https://1275.ru/ioc/9413/gs-607-mirai-botnet-iocs/", "IP\u2019s Contacted: 16.85.50.206 215.160.125.18 40.71.227.8 57.122.151.130", "https://view.emails.sonymusicfans.com/Error.aspx", "https://image.emails.sonymusicfans.com/lib/fe9a12747566007d70/m/1/eb6e3ce4-7a7b-4435-a2cd-968f7277e6e0.png", "http://url8878.e.sonymusicfans.com/ \u2022 http://url8878.e.sonymusicfans.com/ls/click", "Yara Detections: LZMA", "https://1275.ru/ioc/gs-25-19128-mirai-botnet-iocs_11001", "Cloudflare URL: https://forms.sonymusicfans.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js", "https://otx.alienvault.com/pulse/694898db3a9999fecfd893cb", "http://kittler.ru/rep.sh4 \u2022 http://kittler.ru/x32 \u2022 http://cats-master.ru/x86_64", "push.apple.com \u2022 emails.redvue.com \u2022 apple-dns.net \u2022 57.122.151.130 \u2022 https://teja8.kuikr.com/i6/20181130/Apple", "https://urlhaus.abuse.ch/browse/", "All Domains Contacted: thekittler.ru newkittler.ru cats-master.ru", "http://kittler.ru/arm5 \u2022 http://kittler.ru/mpsl \u2022 http://thekittler.ru/rep.arm7", "CloudFlare Domain: apple-dns.net", "IP\u2019s Contacted: 32.227.223.238 107.74.143.88 69.196.71.159 96.16.197.80 101.80.61.229 125.101.205.34", "https://1275.ru/ioc/gs-25-17111-mirai-botnet-iocs_10627", "https://otx.alienvault.com/indicator/file/b57042ed9a7d7dbe1f7c7f32de74d2b367ee835d", "Antivirus Detections: Unix.Trojan.Mirai-10028259-0 | Mirai (ELF) Mirai (Windows", "https://1275.ru/ioc/gs-25-16107-mirai-botnet-iocs_10586", "https://1275.ru/ioc/gs-25-15100-mirai-botnet-iocs_10375", "https://1275.ru/ioc/gs-25-16106-mirai-botnet-iocs_10448", "https://1275.ru/ioc/gs-25-19131-mirai-botnet-iocs_11023", "https://1275.ru/ioc/gs-25-16110-mirai-botnet-iocs_10610", "CloudFlare IP\u2019s: 104.18.36.237 ,104.18.37.237", "http://213.209.143.24/x32 \u2022 https://250-mail.simswap.in \u2022 https://mail.simswap.in", "https://1275.ru/ioc/gs-25-15101-mirai-botnet-iocs_10391", "Interesting relationships: LummaC2 , Mirai Botnet , Sony Music Group , Apple", "https://forms.sonymusicfans.com/campaign/all \u2022 https://forms.sonymusicfans.com/campaign/mmph/", "https://1275.ru/ioc/gs-25-19126-mirai-botnet-iocs_10970", "https://image.emails.sonymusicfans.com/lib/fe9412747566057a72/m/1/b381d305-8e17-49be-bc99-e5fab3a7cd17.gif", "https://1275.ru/ioc/reindex-5-mirai-botnet-iocs_10623", "sonymusicfans.com \u2022 forms.sonymusicfans.com \u2022 image.emails.sonymusicfans.com \u2022 url8878.e.sonymusicfans.com", "http://213.209.143.24/ppc \u2022 http://213.209.143.24/rep.i486 \u2022 http://213.209.143.24/rep.sh4", "https://1275.ru/ioc/gs-25-19125-mirai-botnet-iocs_10956", "https://otx.alienvault.com/indicator/domain/cat-are-here.ru", "https://1275.ru/ioc/gs-25-19129-mirai-botnet-iocs_11015", "https://threatfox.abuse.ch/export/csv/recent/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Unix.trojan.gafgyt-6981160-0", "Mirai", "Mirai (windows)", "Mirai (elf)", "Unix.trojan.mirai-10028259-0" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 8, "pulses": [ { "id": "683202092d4ff2099430b6d3", "name": "urlhaus 30days", "description": "", "modified": "2026-02-09T00:11:12.303000", "created": "2025-05-24T17:29:45.368000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 61, "FileHash-SHA1": 4, "FileHash-SHA256": 31, "URL": 28057, "domain": 435, "hostname": 423 }, "indicator_count": 29011, "is_author": false, "is_subscribing": null, "subscriber_count": 182, "modified_text": "111 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "695fd5fa266f9ea34c8f5c45", "name": "Cats and Kittens Attack Mirai Botnet and how it may target Threat Exchange users", "description": "Cat attacks related to LummaC2 attacks,info stealing, domain seizures, etc. Including are references to the Lumma C2 with cats and Aura Stealer attacks. Same attack group , includes Mirai Botnet. Has the group become a larger , stronger adversary? \nSony Music connection. I\u2019m aware (The US Department of Justice and Microsoft disrupted LummaC2 infostealing-malware through domain seizures, taking down over 2,300 associated domains. The FBI and CISA by AlienVault) Further research necessary.", "modified": "2026-02-07T14:04:48.556000", "created": "2026-01-08T16:06:18.126000", "tags": [ "levelblue labs", "mirai", "windows", "ck ids", "application", "network denial", "service", "contacted", "search", "unknown", "top source", "top destination", "source source", "china as4812", "av detections", "ids detections", "yara detections", "alerts", "analysis date", "enter", "udp include", "country", "unique", "unique asns", "ip hostname", "reverse ip", "lookup country", "china as17429", "taiwan as3462", "new caledonia", "as18200 office", "china as4538", "china as9394", "india as137654", "japan as2514", "japan as9365", "china as45083", "endian", "linux", "apple", "linux subsys", "lang c", "linenum", "lsyms", "machine", "static", "va", "os linux", "nx", "relocs", "intel 8038", "elf32", "malware distribution", "domain seizures", "infostealing malware", "cat-themed domains", "gather victim", "t1589", "t1568", "t1590", "web protocols", "drop resolver", "t1568 t1590", "show", "filehash", "md5 add", "pulse pulses", "copy", "affected _and_fixed", "thank you" ], "references": [ "cat-are-here.ru", "Antivirus Detections: Unix.Trojan.Mirai-10028259-0 | Mirai (ELF) Mirai (Windows", "Yara Detections: LZMA", "IP\u2019s Contacted: 32.227.223.238 107.74.143.88 69.196.71.159 96.16.197.80 101.80.61.229 125.101.205.34", "IP\u2019s Contacted: 16.85.50.206 215.160.125.18 40.71.227.8 57.122.151.130", "All Domains Contacted: thekittler.ru newkittler.ru cats-master.ru", "https://otx.alienvault.com/indicator/file/b57042ed9a7d7dbe1f7c7f32de74d2b367ee835d", "https://otx.alienvault.com/indicator/domain/cat-are-here.ru", "CloudFlare IP\u2019s: 104.18.36.237 ,104.18.37.237", "CloudFlare Domain: apple-dns.net", "Cloudflare URL: https://forms.sonymusicfans.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js", "https://forms.sonymusicfans.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js", "http://213.209.143.24/ppc \u2022 http://213.209.143.24/rep.i486 \u2022 http://213.209.143.24/rep.sh4", "http://213.209.143.24/x32 \u2022 https://250-mail.simswap.in \u2022 https://mail.simswap.in", "http://kittler.ru/arm5 \u2022 http://kittler.ru/mpsl \u2022 http://thekittler.ru/rep.arm7", "http://kittler.ru/rep.sh4 \u2022 http://kittler.ru/x32 \u2022 http://cats-master.ru/x86_64", "sonymusicfans.com \u2022 forms.sonymusicfans.com \u2022 image.emails.sonymusicfans.com \u2022 url8878.e.sonymusicfans.com", "https://forms.sonymusicfans.com/campaign/cannons-all-i-need-pre-add-pre-save/", "https://forms.sonymusicfans.com/wp-content/plugins/smf-core/assets/css/campaign_333c4e8b19a72989caf8.css", "https://view.emails.sonymusicfans.com/Error.aspx", "URL http://url8878.e.sonymusicfans.com/ls/click \u2022 https://forms.sonymusicfans.com/campaign/all", "http://url8878.e.sonymusicfans.com/ \u2022 http://url8878.e.sonymusicfans.com/ls/click", "https://forms.sonymusicfans.com/campaign/all \u2022 https://forms.sonymusicfans.com/campaign/mmph/", "https://image.emails.sonymusicfans.com/lib/fe9a12747566007d70/m/1/eb6e3ce4-7a7b-4435-a2cd-968f7277e6e0.png", "https://image.emails.sonymusicfans.com/lib/fe9412747566057a72/m/1/b381d305-8e17-49be-bc99-e5fab3a7cd17.gif", "push.apple.com \u2022 emails.redvue.com \u2022 apple-dns.net \u2022 57.122.151.130 \u2022 https://teja8.kuikr.com/i6/20181130/Apple", "Tracking LummaC2 Infrastructure with Cats (byAlienVault) https://otx.alienvault.com/pulse/6839003a3028827e1ebbfb1a", "Interesting relationships: LummaC2 , Mirai Botnet , Sony Music Group , Apple", "https://otx.alienvault.com/pulse/694898db3a9999fecfd893cb" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Mirai (ELF)", "display_name": "Mirai (ELF)", "target": null }, { "id": "Mirai (Windows)", "display_name": "Mirai (Windows)", "target": null }, { "id": "Unix.Trojan.Mirai-10028259-0", "display_name": "Unix.Trojan.Mirai-10028259-0", "target": null }, { "id": "Unix.Trojan.Gafgyt-6981160-0", "display_name": "Unix.Trojan.Gafgyt-6981160-0", "target": null } ], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1595", "name": "Active Scanning", "display_name": "T1595 - Active Scanning" }, { "id": "TA0001", "name": "Initial Access", "display_name": "TA0001 - Initial Access" }, { "id": "TA0007", "name": "Discovery", "display_name": "TA0007 - Discovery" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1584", "name": "Compromise Infrastructure", "display_name": "T1584 - Compromise Infrastructure" }, { "id": "T1589", "name": "Gather Victim Identity Information", "display_name": "T1589 - Gather Victim Identity Information" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1584.001", "name": "Domains", "display_name": "T1584.001 - Domains" }, { "id": "T1102.001", "name": "Dead Drop Resolver", "display_name": "T1102.001 - Dead Drop Resolver" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 74, "FileHash-SHA1": 74, "FileHash-SHA256": 1067, "URL": 2140, "domain": 247, "hostname": 674, "CVE": 2 }, "indicator_count": 4278, "is_author": false, "is_subscribing": null, "subscriber_count": 147, "modified_text": "112 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "672f6ed2b564f00b7c5cb13f", "name": "Threatfox Recent Additions", "description": "", "modified": "2025-06-13T19:00:02.811000", "created": "2024-11-09T14:16:50.032000", "tags": [], "references": [ "", "https://threatfox.abuse.ch/export/csv/recent/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 96, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ameermane", "id": "77501", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 47587, "URL": 18714, "FileHash-SHA256": 36311, "FileHash-MD5": 1630, "FileHash-SHA1": 418, "hostname": 18190 }, "indicator_count": 122850, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "351 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68207c3797a9a4b7ba37517f", "name": "[GS-25-19131] Mirai Botnet IOCs - SEC-1275-1", "description": "Search for the Mirai botnet, \u00c2\u00a31.5m, and the results of the search will appear on the BBC News website at 21:00 GMT on Thursday, 2 March 2017.", "modified": "2025-06-10T10:03:50.769000", "created": "2025-05-11T10:30:15.296000", "tags": [ "ddos", "mirai internet", "things", "mirai", "mirai botnet", "iocs", "linux", "botnet mirai", "gs2519131", "gs2519129", "gs2519125", "ipv4", "twitter", "gs2519126" ], "references": [ "https://1275.ru/ioc/gs-25-19131-mirai-botnet-iocs_11023", "https://1275.ru/ioc/gs-25-19129-mirai-botnet-iocs_11015", "https://1275.ru/ioc/gs-25-19128-mirai-botnet-iocs_11001", "https://1275.ru/ioc/gs-25-19127-mirai-botnet-iocs_10989", "https://1275.ru/ioc/gs-25-19125-mirai-botnet-iocs_10956", "https://1275.ru/ioc/gs-25-19126-mirai-botnet-iocs_10970" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Mirai", "display_name": "Mirai", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Gnostis", "id": "44738", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_44738/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 783, "FileHash-SHA1": 783, "FileHash-SHA256": 783, "URL": 3496, "domain": 18, "hostname": 63 }, "indicator_count": 5928, "is_author": false, "is_subscribing": null, "subscriber_count": 172, "modified_text": "354 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6819c4a015d36461e17d8705", "name": "[GS-25-17111] Mirai Botnet IOCs - SEC-1275-1", "description": "", "modified": "2025-06-05T08:03:40.910000", "created": "2025-05-06T08:13:20.721000", "tags": [ "mirai botnet", "iocs", "mirai", "linux", "botnet mirai", "botnet iocs", "gs2519125", "gs25181222", "gs2518122", "gs2518120", "twitter" ], "references": [ "https://1275.ru/ioc/gs-25-17111-mirai-botnet-iocs_10627", "https://1275.ru/ioc/reindex-5-mirai-botnet-iocs_10623", "https://1275.ru/ioc/gs-25-16110-mirai-botnet-iocs_10610", "https://1275.ru/ioc/gs-25-16108-mirai-botnet-iocs_10596", "https://1275.ru/ioc/gs-25-16107-mirai-botnet-iocs_10586" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Mirai", "display_name": "Mirai", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 34, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Gnostis", "id": "44738", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_44738/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1308, "FileHash-SHA1": 1308, "FileHash-SHA256": 1308, "URL": 53, "domain": 11, "hostname": 17 }, "indicator_count": 4005, "is_author": false, "is_subscribing": null, "subscriber_count": 172, "modified_text": "359 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6819c4e061801b38a9d9de26", "name": "[GS-25-16106] Mirai Botnet IOCs - SEC-1275-1", "description": "The Mirai botnet, a malicious software designed to disrupt the internet, has been reported to the Court of Arbitration for Sport (CAS) in London, but what does this mean?", "modified": "2025-06-05T08:03:40.910000", "created": "2025-05-06T08:14:24.055000", "tags": [ "mirai botnet", "iocs", "mirai", "linux", "botnet mirai", "botnet iocs", "gs2519125", "gs25181222", "gs2518122", "gs2518120", "twitter" ], "references": [ "https://1275.ru/ioc/gs-25-16106-mirai-botnet-iocs_10448", "https://1275.ru/ioc/gs-25-16105-mirai-botnet-iocs_10442", "https://1275.ru/ioc/gs-25-16104-mirai-botnet-iocs_10418", "https://1275.ru/ioc/gs-25-15101-mirai-botnet-iocs_10391", "https://1275.ru/ioc/gs-25-15100-mirai-botnet-iocs_10375" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Mirai", "display_name": "Mirai", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Gnostis", "id": "44738", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_44738/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 806, "FileHash-SHA1": 806, "FileHash-SHA256": 806, "URL": 11, "hostname": 6, "domain": 7 }, "indicator_count": 2442, "is_author": false, "is_subscribing": null, "subscriber_count": 171, "modified_text": "359 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68018ebb9889da08d0c32da7", "name": "URLHaus data - 17-04-2025", "description": "", "modified": "2025-05-17T23:00:53.793000", "created": "2025-04-17T23:28:59.014000", "tags": [ "32-bit", "elf", "mips", "Mozi", "ClearFake", "arm", "mirai", "opendir", "WsgiDAV", "Havoc", "gafgyt", "ascii", "bat", "Braodostealer", "lnk", "xml-opendir", "censys", "hajime", "StrelaStealer", "backdoor", "sshdkit", "exe", "CobaltStrike", "shellcode", "botnetdomain", "sh" ], "references": [ "https://urlhaus.abuse.ch/browse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1000, "hostname": 13, "domain": 16 }, "indicator_count": 1029, "is_author": false, "is_subscribing": null, "subscriber_count": 1620, "modified_text": "378 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67aef96c8174f6413b3b816d", "name": "[GS-607] Mirai Botnet IOCs - SEC-1275-1", "description": "Mirai, the botnet-hunting software developed by Russian hackers, is being used to track and track the activity of more than 100,000 people on the internet and in the dark.", "modified": "2025-03-16T08:03:13.710000", "created": "2025-02-14T08:06:02.890000", "tags": [ "mirai botnet", "iocs", "mirai", "linux", "toggle", "compromise ipv4", "sha1", "sha256", "gs003", "gs005" ], "references": [ "https://1275.ru/ioc/9413/gs-607-mirai-botnet-iocs/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Mirai", "display_name": "Mirai", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Gnostis", "id": "44738", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_44738/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 5, "hostname": 5, "FileHash-MD5": 116, "FileHash-SHA1": 116, "FileHash-SHA256": 116 }, "indicator_count": 358, "is_author": false, "is_subscribing": null, "subscriber_count": 172, "modified_text": "440 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "bayerngrow.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "bayerngrow.com", "found": true, "verdict": "malicious", "url_count": 64, "online_count": 0, "blacklists": { "spamhaus_dbl": "not listed", "surbl": "not listed" }, "urls": [ { "url": "http://bayerngrow.com/lil", "status": "offline", "threat": "malware_download", "date_added": "2025-05-14", "tags": [ "sh", "ua-wget" ] }, { "url": "http://bayerngrow.com/l", "status": "offline", "threat": "malware_download", "date_added": "2025-05-14", "tags": [ "sh", "ua-wget" ] }, { "url": "http://bayerngrow.com/s.sh", "status": "offline", "threat": "malware_download", "date_added": "2025-05-14", "tags": [ "sh", "ua-wget" ] }, { "url": "http://bayerngrow.com:8080/c.sh", "status": "offline", "threat": "malware_download", "date_added": "2025-04-17", "tags": [ "botnetdomain", "mirai", "sh" ] }, { "url": "http://bayerngrow.com:8080/arm6", "status": "offline", "threat": "malware_download", "date_added": "2025-04-17", "tags": [ "botnetdomain", "elf", "mirai" ] }, { "url": "http://bayerngrow.com/c.sh", "status": "offline", "threat": "malware_download", "date_added": "2025-04-17", "tags": [ "botnetdomain", "mirai", "sh" ] }, { "url": "http://bayerngrow.com/x86", "status": "offline", "threat": "malware_download", "date_added": "2025-04-17", "tags": [ "botnetdomain", "elf", "mirai" ] }, { "url": "http://bayerngrow.com:8080/arm4", "status": "offline", "threat": "malware_download", "date_added": "2025-04-17", "tags": [ "botnetdomain", "elf", "mirai" ] }, { "url": "http://bayerngrow.com:8080/x86_64", "status": "offline", "threat": "malware_download", "date_added": "2025-04-17", "tags": [ "botnetdomain", "elf", "gafgyt", "mirai" ] }, { "url": "http://bayerngrow.com:8080/rep.i486", "status": "offline", "threat": "malware_download", "date_added": "2025-04-17", "tags": [ "botnetdomain", "elf", "gafgyt", "mirai" ] } ], "error": null }, "from_cache": true, "_cached_at": 1780191983.3032749 }