New Group on the Block: UNC5142 Leverages EtherHiding to Distribute Malware

    Monday, October 20, 2025 In: Threat Research Print

    Date: 10/20/2025

    Severity: High

    Summary

    UNC5142 is a financially motivated threat actor known for distributing infostealers such as ATOMIC, VIDAR, LUMMAC.V2, and RADTHIEF using a technique called EtherHiding, which involves storing malicious code within smart contracts on the BNB Smart Chain to evade traditional detection methods. The group targets vulnerable WordPress websites, injecting them with a multistage JavaScript downloader called CLEARSHORT to facilitate payload delivery. By June 2025, over 14,000 compromised web pages had been identified. UNC5142’s use of blockchain infrastructure, particularly smart contracts, allows it to obscure its activities and enhance operational security.

    Indicators of Compromise (IOC) List

    URLs/Domains

    https://yie-cpj.pages.dev/

    https://n51v.pages.dev/

    https://lightsoi.pages.dev/

    https://stat.bluetroniq.vip/

    https://tnop.pages.dev/

    https://app.bytevista.cloud/wfree

    https://ho8.pages.dev/

    https://z1z.pages.dev/

    https://yuun.pages.dev/

    https://tuboos.pages.dev/

    https://min-js-lib.pages.dev/

    https://yoloff.pages.dev/

    https://relmake.pages.dev/

    https://javascript-67t.pages.dev/

    https://sticker-88l.pages.dev/support

    https://know-knock-who-is-here.pages.dev/

    https://ndgadfqwywqe.pages.dev/win

    https://jjiiiiiiiiijjjj.pages.dev/

    https://gthfjdk.pages.dev/

    https://ffmqitnka.pages.dev/

    https://jrtersdfg.pages.dev/

    https://rhfvjck.pages.dev/

    https://tracklist22.pages.dev/

    https://tracklist22.pages.dev/

    https://sound-designer-v21.pages.dev/

    https://rivertracker.pages.dev/

    https://bootstrappa.pages.dev/

    https://renovateai.pages.dev/

    https://nhgfdc-ok.pages.dev/

    https://yt3cvkj43ws.pages.dev/

    https://rose-pole-chip.pages.dev/

    https://0-000-0.pages.dev/

    https://000-0-000.pages.dev/

    https://xxx-xx-x-xxx.pages.dev/

    https://ooooi1.pages.dev/kop

    https://helloworld-f1f.pages.dev/penguin

    https://hfdjb.pages.dev/start

    https://sunlight-11.pages.dev/a

    https://bbb1-9we.pages.dev/mountain

    https://jsfiles-bqq.pages.dev/1

    https://mixg-u.pages.dev/page_d

    https://kolobsgw.pages.dev/

    https://nn11.pages.dev/

    https://nnoq.pages.dev/

    https://fmoz.pages.dev/

    https://x1x1.pages.dev/native1E

    https://fwfa.pages.dev/kioto

    https://fhjwekn.pages.dev/ibn

    https://dsk1a.pages.dev/onside

    https://f23-11r.pages.dev/verse

    https://dfhusj.pages.dev/train

    https://bsdw.pages.dev/blink

    https://hypo-dance.pages.dev/damn

    https://ert67-o9.pages.dev/data

    https://f003.backblazeb2.com/file/skippp/uu.html

    https://f003.backblazeb2.com/file/skippp/index.html

    https://hostme.pages.dev/host

    https://ghost-name.pages.dev/website

    https://gdfg-23rwe.pages.dev/index.html

    https://sha-11x.pages.dev/

    https://b1-c1-k8.pages.dev/

    https://1a-a1.pages.dev/

    https://sdfwefwg.pages.dev/

    https://niopg.pages.dev/

    https://sdfwefwg.pages.dev/

    https://cleaning-devices-k.pages.dev/

    https://tour-agency-media.pages.dev/

    https://fresh-orange-juice.pages.dev/

    https://you-insk-bad.pages.dev/

    https://human-verify-7u.pages.dev/

    https://recaptcha-verify-me-1c.pages.dev/

    https://macos-browser-update-9n.pages.dev/

    https://macos-browser-update-5i.pages.dev/

    https://macos-browser-update-5y.pages.dev/

    https://recaptcha-verify-2e.pages.dev/

    https://recaptcha-verify-7z.pages.dev/

    https://recaptcha-verify-1t.pages.dev/

    https://recaptcha-verify-9m.pages.dev/

    https://disable-data-collect-ai.pages.dev/

    https://recaptcha-verify-1r.pages.dev/

    https://recaptha-verify-5q.pages.dev/

    https://recaptha-verify-6l.pages.dev/

    https://recaptha-verify-1n.pages.dev/

    https://recaptha-verify-4z.pages.dev/

    https://recaptha-verify-7u.pages.dev/

    https://recaptha-verify-c1.pages.dev/

    https://recaptha-verify-3m.pages.dev/

    https://recaptha-verify-2w.pages.dev/

    https://recaptha-verify-q3.pages.dev/

    https://recaptcha-dns-o5.pages.dev/

    https://recaptcha-dns-d9.pages.dev/

    https://recaptha-verify-9o.pages.dev/

    https://recaptcha-0d-verify.pages.dev/

    https://recaptha-verify-7y.pages.dev/

    https://dns-resolver-es8.pages.dev/

    https://ip-provider.pages.dev/

    https://kimbeech.cfd/cap/verify.sh

    https://entrinidad.cfd/1/verify.sh

    https://tofukai.cfd/2/verify.sh

    https://privatunis.cfd/1/verify.sh

    https://e.overallwobbly.ru/era-stc

    https://salorttactical.top/2/verify.sh

    https://security-2u6g-log.com/1/verify.sh

    https://lammysecurity.com/4/verify.sh

    https://security-7f2c-run.com/2/verify.sh

    https://security-9y5v-scan.com/3/verify.sh

    https://security-9y5v-scan.com/7/verify.sh

    https://security-a2k8-go.com/6/verify.sh

    https://security-check-l2j4.com/verify.sh

    https://security-2k7q-check.com/1/verify.sh

    https://security-check-u8a6.com/2/verify.sh

    https://betiv.fun/7456f63a46cc318334a70159aa3c4291.txt

    https://jdiazmemory.com/4/verify.sh

    https://fleebunga.sbs

    https://captcha-verify-6r4x.com/verify.sh

    http://power.moon-river-coin.xyz/

    http://run.fox-chair-dust.xyz/

    https://captcha-cdn.com/verify.sh

    http://bridge.tree-sock-rain.today/

    http://ok.fish-cloud-jar.us/

    http://message.zoo-ciry.shop/

    http://text.cherry-pink.shop

    http://sandbox.silver-map-generator.shop/

    http://items.kycc-camera.shop/

    http://def.ball-strike-up.shop/

    http://incognito.uploads.it.com

    https://bytes.microstorage.shop/

    https://black.hologramm.us/

    https://xxx.retweet.shop/

    https://butanse.shop/

    https://rengular11.today/

    https://lumichain.pro/

    https://www.mediafire.com/file_premium/d6r4c3nzfv9mgl7/glass.mp3/file

    https://www.mediafire.com/file_premium/8q094mjevfshw6g/glass.mp3/file

    https://tumbl.design-x.xyz/glass.mp3

    https://sandbox.yunqof.shop/macan.mp3

    https://block.a-1-a1a.shop/drive.mp3

    https://note1.nz7bn.pro/nnp.mp4

    https://ai.fdswgw.shop/one.mp4

    https://mnjk-jk.bsdfg-zmp-q-n.shop/1.mp4

    https://nbhg-v.iuksdfb-f.shop/ajax.mp3

    https://hur.bweqlkjr.shop/m41.mp4

    https://hur.bweqlkjr.shop/1a.m4a

    https://yob.yrwebsdf.shop/1a.m4a

    https://yob.yrwebsdf.shop/3t.mp4

    https://start.cleaning-room-device.shop/sha589.m4a

    https://discover-travel-agency.pro/joke.m4a

    https://discover-travel-agency.pro/walking.mp3

    https://discover-travel-agency.pro/1.m4a

    https://travel.image-gene-saver.it.com/1.m4a

    https://ads.green-pickle-jo.shop/1.m4a

    https://recaptcha-verify-4h.pro/kangarooing.m4a

    https://recaptcha-manual.shop/kangarooing.m4a

    https://recaptcha-verify-4h.pro/xfiles/kangarooing.vsdx

    https://recaptcha-verify-4h.pro/xfiles/verify.mp4

    https://human-verify.shop/xfiles/verify.mp4

    https://human-verify-4r.pro/xfiles/verify.mp4

    https://human-verify-4r.pro/xfiles/human.cpp

    https://dns-verify-me.pro/xfiles/train.mp4

    http://83.217.208.130/xfiles/Ohio.mp4

    http://83.217.208.130/xfiles/VIDA.mp3

    http://83.217.208.130/xfiles/VIDA.mp4

    http://83.217.208.130/xfiles/trip.mp4

    http://83.217.208.130/xfiles/trip.psd

    http://80.64.30.238/trip.psd

    http://80.64.30.238/evix.xll

    https://raw.githubusercontent.com/fuad686337/tyu/refs/heads/main/BEGIMOT.xll

    https://disable-data-ai-agent.pages.dev

    https://microsoft-dns-reload-5q.pages.dev

    https://microsoft-dns-reload-6l.pages.dev

    https://microsoft-dns-reload-1n.pages.dev

    https://microsoft-dns-reload-5m.pages.dev

    https://microsoft-dns-reload-7m.pages.dev

    https://microsoft-dns-reload-9q.pages.dev

    https://microsoft-dns-reload-3h.pages.dev

    https://microsoft-dns-reload-4r.pages.dev

    https://recaptcha-dns-b4.pages.dev

    https://restart-dns-service-u2.pages.dev

    https://recaptha-verify-8u.pages.dev

    https://microsoft-dns-reload-6y.pages.dev

    https://microsoft-dns-reload.pages.dev

    https://dnserror-cdw.pages.dev/

    https://dns-me.pages.dev/

    saaadnesss.shop

    lapkimeow.icu

    ratatui.today

    technavix.cloud

    orange-service.xyz

    hfdjmoedkjf.asia

    polovoiinspektor.shop

    googleapis-n-cdn3s-server.willingcapablepatronage.shop

    rbk.scalingposturestrife.shop

    ty.klipxytozyi.shop

    discover-travel-agency.pro

    browser-storage.com

    kangla.klipxytozyi.shop

    recaptcha-manual.shop

    xxx.retweet.shop

    w1.discoverconicalcrouton.shop

    tlfiyat.shop

    stchkr.rest

    opbafindi.com

    cxheerfulriver.pics

    importenptoc.com

    voicesharped.com

    inputrreparnt.com

    torpdidebar.com

    rebeldettern.com

    actiothreaz.com

    garulouscuto.com

    breedertremnd.com

    zenrichyourlife.tech

    pasteflawwed.world

    hoyoverse.blog

    dsfljsdfjewf.info

    stormlegue.com

    blast-hubs.com

    blastikcn.com

    decreaserid.world

    IP Address

    80.64.30.238

    95.217.240.67

    37.27.182.109

    95.216.180.186

    82.115.223.9

    91.240.118.2

    Hash

    bcbdb74f97092dfd68e7ec1d6770b6d1e1aae091f43bcebb0b7bce6c8188e310

    88019011af71af986a64f68316e80f30d3f57186aa62c3cef5ed139eb49a6842

    27105be1bdd9f15a1b1a2b0cc5de625e2ecd47fdeaed135321641eea86ad6cb0

    72d8fa46f402dcc4be78306d0535c9ace0eb9fabae59bd3ba3cc62a0bdf3db91

    3023b0331baff73ff894087d1a425ea4b2746caf514ada624370318f27e29c2c

    4b47b55ae448668e549ffc04e82aee41ac10e3c8b183012a105faf2360fc5ec1

    091f9db54382708327f5bb1831a4626897b6710ffe11d835724be5c224a0cf83

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1 :

    domainname like "https://entrinidad.cfd/1/verify.sh" or siteurl like "https://entrinidad.cfd/1/verify.sh" or url like "https://entrinidad.cfd/1/verify.sh" or domainname like "https://disable-data-collect-ai.pages.dev/" or siteurl like "https://disable-data-collect-ai.pages.dev/" or url like "https://disable-data-collect-ai.pages.dev/" or domainname like "inputrreparnt.com" or siteurl like "inputrreparnt.com" or url like "inputrreparnt.com" or domainname like "orange-service.xyz" or siteurl like "orange-service.xyz" or url like "orange-service.xyz" or domainname like "https://ffmqitnka.pages.dev/" or siteurl like "https://ffmqitnka.pages.dev/" or url like "https://ffmqitnka.pages.dev/" or domainname like "discover-travel-agency.pro" or siteurl like "discover-travel-agency.pro" or url like "discover-travel-agency.pro" or domainname like "voicesharped.com" or siteurl like "voicesharped.com" or url like "voicesharped.com" or domainname like "xxx.retweet.shop" or siteurl like "xxx.retweet.shop" or url like "xxx.retweet.shop" or domainname like "http://80.64.30.238/evix.xll" or siteurl like "http://80.64.30.238/evix.xll" or url like "http://80.64.30.238/evix.xll" or domainname like "technavix.cloud" or siteurl like "technavix.cloud" or url like "technavix.cloud" or domainname like "https://jsfiles-bqq.pages.dev/1" or siteurl like "https://jsfiles-bqq.pages.dev/1" or url like "https://jsfiles-bqq.pages.dev/1" or domainname like "https://mixg-u.pages.dev/page_d" or siteurl like "https://mixg-u.pages.dev/page_d" or url like "https://mixg-u.pages.dev/page_d" or domainname like "rbk.scalingposturestrife.shop" or siteurl like "rbk.scalingposturestrife.shop" or url like "rbk.scalingposturestrife.shop" or domainname like "https://tracklist22.pages.dev/" or siteurl like "https://tracklist22.pages.dev/" or url like "https://tracklist22.pages.dev/" or domainname like "hfdjmoedkjf.asia" or siteurl like "hfdjmoedkjf.asia" or url like "hfdjmoedkjf.asia" or domainname like "http://message.zoo-ciry.shop/" or siteurl like "http://message.zoo-ciry.shop/" or url like "http://message.zoo-ciry.shop/" or domainname like "https://gdfg-23rwe.pages.dev/index.html" or siteurl like "https://gdfg-23rwe.pages.dev/index.html" or url like "https://gdfg-23rwe.pages.dev/index.html" or domainname like "https://fmoz.pages.dev/" or siteurl like "https://fmoz.pages.dev/" or url like "https://fmoz.pages.dev/" or domainname like "https://recaptha-verify-9o.pages.dev/" or siteurl like "https://recaptha-verify-9o.pages.dev/" or url like "https://recaptha-verify-9o.pages.dev/" or domainname like "https://restart-dns-service-u2.pages.dev" or siteurl like "https://restart-dns-service-u2.pages.dev" or url like "https://restart-dns-service-u2.pages.dev" or domainname like "https://kimbeech.cfd/cap/verify.sh" or siteurl like "https://kimbeech.cfd/cap/verify.sh" or url like "https://kimbeech.cfd/cap/verify.sh" or domainname like "https://tofukai.cfd/2/verify.sh" or siteurl like "https://tofukai.cfd/2/verify.sh" or url like "https://tofukai.cfd/2/verify.sh" or domainname like "https://yob.yrwebsdf.shop/1a.m4a" or siteurl like "https://yob.yrwebsdf.shop/1a.m4a" or url like "https://yob.yrwebsdf.shop/1a.m4a" or domainname like "https://yuun.pages.dev/" or siteurl like "https://yuun.pages.dev/" or url like "https://yuun.pages.dev/" or domainname like "https://dns-me.pages.dev/" or siteurl like "https://dns-me.pages.dev/" or url like "https://dns-me.pages.dev/" or domainname like "http://power.moon-river-coin.xyz/" or siteurl like "http://power.moon-river-coin.xyz/" or url like "http://power.moon-river-coin.xyz/" or domainname like "https://recaptha-verify-5q.pages.dev/" or siteurl like "https://recaptha-verify-5q.pages.dev/" or url like "https://recaptha-verify-5q.pages.dev/" or domainname like "https://discover-travel-agency.pro/joke.m4a" or siteurl like "https://discover-travel-agency.pro/joke.m4a" or url like "https://discover-travel-agency.pro/joke.m4a" or domainname like "https://jdiazmemory.com/4/verify.sh" or siteurl like "https://jdiazmemory.com/4/verify.sh" or url like "https://jdiazmemory.com/4/verify.sh" or domainname like "http://items.kycc-camera.shop/" or siteurl like "http://items.kycc-camera.shop/" or url like "http://items.kycc-camera.shop/" or domainname like "https://min-js-lib.pages.dev/" or siteurl like "https://min-js-lib.pages.dev/" or url like "https://min-js-lib.pages.dev/" or domainname like "https://bsdw.pages.dev/blink" or siteurl like "https://bsdw.pages.dev/blink" or url like "https://bsdw.pages.dev/blink" or domainname like "https://xxx-xx-x-xxx.pages.dev/" or siteurl like "https://xxx-xx-x-xxx.pages.dev/" or url like "https://xxx-xx-x-xxx.pages.dev/" or domainname like "ratatui.today" or siteurl like "ratatui.today" or url like "ratatui.today" or domainname like "https://app.bytevista.cloud/wfree" or siteurl like "https://app.bytevista.cloud/wfree" or url like "https://app.bytevista.cloud/wfree" or domainname like "https://bytes.microstorage.shop/" or siteurl like "https://bytes.microstorage.shop/" or url like "https://bytes.microstorage.shop/" or domainname like "https://nbhg-v.iuksdfb-f.shop/ajax.mp3" or siteurl like "https://nbhg-v.iuksdfb-f.shop/ajax.mp3" or url like "https://nbhg-v.iuksdfb-f.shop/ajax.mp3" or domainname like "https://note1.nz7bn.pro/nnp.mp4" or siteurl like "https://note1.nz7bn.pro/nnp.mp4" or url like "https://note1.nz7bn.pro/nnp.mp4" or domainname like "https://fhjwekn.pages.dev/ibn" or siteurl like "https://fhjwekn.pages.dev/ibn" or url like "https://fhjwekn.pages.dev/ibn" 

    Detection Query 2 :

    domainname like "https://lumichain.pro/" or siteurl like "https://lumichain.pro/" or url like "https://lumichain.pro/" or domainname like "http://83.217.208.130/xfiles/Ohio.mp4" or siteurl like "http://83.217.208.130/xfiles/Ohio.mp4" or url like "http://83.217.208.130/xfiles/Ohio.mp4" or domainname like "ty.klipxytozyi.shop" or siteurl like "ty.klipxytozyi.shop" or url like "ty.klipxytozyi.shop" or domainname like "http://83.217.208.130/xfiles/VIDA.mp3" or siteurl like "http://83.217.208.130/xfiles/VIDA.mp3" or url like "http://83.217.208.130/xfiles/VIDA.mp3" or domainname like "https://x1x1.pages.dev/native1E" or siteurl like "https://x1x1.pages.dev/native1E" or url like "https://x1x1.pages.dev/native1E" or domainname like "https://captcha-verify-6r4x.com/verify.sh" or siteurl like "https://captcha-verify-6r4x.com/verify.sh" or url like "https://captcha-verify-6r4x.com/verify.sh" or domainname like "https://travel.image-gene-saver.it.com/1.m4a" or siteurl like "https://travel.image-gene-saver.it.com/1.m4a" or url like "https://travel.image-gene-saver.it.com/1.m4a" or domainname like "https://security-check-l2j4.com/verify.sh" or siteurl like "https://security-check-l2j4.com/verify.sh" or url like "https://security-check-l2j4.com/verify.sh" or domainname like "https://butanse.shop/" or siteurl like "https://butanse.shop/" or url like "https://butanse.shop/" or domainname like "https://yt3cvkj43ws.pages.dev/" or siteurl like "https://yt3cvkj43ws.pages.dev/" or url like "https://yt3cvkj43ws.pages.dev/" or domainname like "https://recaptcha-verify-2e.pages.dev/" or siteurl like "https://recaptcha-verify-2e.pages.dev/" or url like "https://recaptcha-verify-2e.pages.dev/" or domainname like "https://sha-11x.pages.dev/" or siteurl like "https://sha-11x.pages.dev/" or url like "https://sha-11x.pages.dev/" or domainname like "https://recaptha-verify-c1.pages.dev/" or siteurl like "https://recaptha-verify-c1.pages.dev/" or url like "https://recaptha-verify-c1.pages.dev/" or domainname like "https://security-a2k8-go.com/6/verify.sh" or siteurl like "https://security-a2k8-go.com/6/verify.sh" or url like "https://security-a2k8-go.com/6/verify.sh" or domainname like "dsfljsdfjewf.info" or siteurl like "dsfljsdfjewf.info" or url like "dsfljsdfjewf.info" or domainname like "https://ndgadfqwywqe.pages.dev/win" or siteurl like "https://ndgadfqwywqe.pages.dev/win" or url like "https://ndgadfqwywqe.pages.dev/win" or domainname like "https://ip-provider.pages.dev/" or siteurl like "https://ip-provider.pages.dev/" or url like "https://ip-provider.pages.dev/" or domainname like "https://yoloff.pages.dev/" or siteurl like "https://yoloff.pages.dev/" or url like "https://yoloff.pages.dev/" or domainname like "https://discover-travel-agency.pro/1.m4a" or siteurl like "https://discover-travel-agency.pro/1.m4a" or url like "https://discover-travel-agency.pro/1.m4a" or domainname like "https://www.mediafire.com/file_premium/d6r4c3nzfv9mgl7/glass.mp3/file" or siteurl like "https://www.mediafire.com/file_premium/d6r4c3nzfv9mgl7/glass.mp3/file" or url like "https://www.mediafire.com/file_premium/d6r4c3nzfv9mgl7/glass.mp3/file" or domainname like "saaadnesss.shop" or siteurl like "saaadnesss.shop" or url like "saaadnesss.shop" or domainname like "cxheerfulriver.pics" or siteurl like "cxheerfulriver.pics" or url like "cxheerfulriver.pics" or domainname like "https://n51v.pages.dev/" or siteurl like "https://n51v.pages.dev/" or url like "https://n51v.pages.dev/" or domainname like "http://bridge.tree-sock-rain.today/" or siteurl like "http://bridge.tree-sock-rain.today/" or url like "http://bridge.tree-sock-rain.today/" or domainname like "http://text.cherry-pink.shop" or siteurl like "http://text.cherry-pink.shop" or url like "http://text.cherry-pink.shop" or domainname like "https://ghost-name.pages.dev/website" or siteurl like "https://ghost-name.pages.dev/website" or url like "https://ghost-name.pages.dev/website" or domainname like "https://jjiiiiiiiiijjjj.pages.dev/" or siteurl like "https://jjiiiiiiiiijjjj.pages.dev/" or url like "https://jjiiiiiiiiijjjj.pages.dev/" or domainname like "http://80.64.30.238/trip.psd" or siteurl like "http://80.64.30.238/trip.psd" or url like "http://80.64.30.238/trip.psd" or domainname like "https://dnserror-cdw.pages.dev/" or siteurl like "https://dnserror-cdw.pages.dev/" or url like "https://dnserror-cdw.pages.dev/" or domainname like "https://yie-cpj.pages.dev/" or siteurl like "https://yie-cpj.pages.dev/" or url like "https://yie-cpj.pages.dev/" or domainname like "https://ho8.pages.dev/" or siteurl like "https://ho8.pages.dev/" or url like "https://ho8.pages.dev/" or domainname like "https://nhgfdc-ok.pages.dev/" or siteurl like "https://nhgfdc-ok.pages.dev/" or url like "https://nhgfdc-ok.pages.dev/" or domainname like "https://relmake.pages.dev/" or siteurl like "https://relmake.pages.dev/" or url like "https://relmake.pages.dev/" or domainname like "https://nn11.pages.dev/" or siteurl like "https://nn11.pages.dev/" or url like "https://nn11.pages.dev/"

    Detection Query 3 :

    domainname like "https://hur.bweqlkjr.shop/1a.m4a" or siteurl like "https://hur.bweqlkjr.shop/1a.m4a" or url like "https://hur.bweqlkjr.shop/1a.m4a" or domainname like "stormlegue.com" or siteurl like "stormlegue.com" or url like "stormlegue.com" or domainname like "https://sound-designer-v21.pages.dev/" or siteurl like "https://sound-designer-v21.pages.dev/" or url like "https://sound-designer-v21.pages.dev/" or domainname like "https://human-verify.shop/xfiles/verify.mp4" or siteurl like "https://human-verify.shop/xfiles/verify.mp4" or url like "https://human-verify.shop/xfiles/verify.mp4" or domainname like "zenrichyourlife.tech" or siteurl like "zenrichyourlife.tech" or url like "zenrichyourlife.tech" or domainname like "https://gthfjdk.pages.dev/" or siteurl like "https://gthfjdk.pages.dev/" or url like "https://gthfjdk.pages.dev/" or domainname like "https://human-verify-4r.pro/xfiles/human.cpp" or siteurl like "https://human-verify-4r.pro/xfiles/human.cpp" or url like "https://human-verify-4r.pro/xfiles/human.cpp" or domainname like "https://recaptcha-manual.shop/kangarooing.m4a" or siteurl like "https://recaptcha-manual.shop/kangarooing.m4a" or url like "https://recaptcha-manual.shop/kangarooing.m4a" or domainname like "https://microsoft-dns-reload-1n.pages.dev" or siteurl like "https://microsoft-dns-reload-1n.pages.dev" or url like "https://microsoft-dns-reload-1n.pages.dev" or domainname like "http://ok.fish-cloud-jar.us/" or siteurl like "http://ok.fish-cloud-jar.us/" or url like "http://ok.fish-cloud-jar.us/" or domainname like "https://sandbox.yunqof.shop/macan.mp3" or siteurl like "https://sandbox.yunqof.shop/macan.mp3" or url like "https://sandbox.yunqof.shop/macan.mp3" or domainname like "https://recaptcha-0d-verify.pages.dev/" or siteurl like "https://recaptcha-0d-verify.pages.dev/" or url like "https://recaptcha-0d-verify.pages.dev/" or domainname like "http://def.ball-strike-up.shop/" or siteurl like "http://def.ball-strike-up.shop/" or url like "http://def.ball-strike-up.shop/" or domainname like "stchkr.rest" or siteurl like "stchkr.rest" or url like "stchkr.rest" or domainname like "https://security-2k7q-check.com/1/verify.sh" or siteurl like "https://security-2k7q-check.com/1/verify.sh" or url like "https://security-2k7q-check.com/1/verify.sh" or domainname like "https://recaptcha-dns-b4.pages.dev" or siteurl like "https://recaptcha-dns-b4.pages.dev" or url like "https://recaptcha-dns-b4.pages.dev" or domainname like "https://1a-a1.pages.dev/" or siteurl like "https://1a-a1.pages.dev/" or url like "https://1a-a1.pages.dev/" or domainname like "https://recaptcha-verify-7z.pages.dev/" or siteurl like "https://recaptcha-verify-7z.pages.dev/" or url like "https://recaptcha-verify-7z.pages.dev/" or domainname like "https://ert67-o9.pages.dev/data" or siteurl like "https://ert67-o9.pages.dev/data" or url like "https://ert67-o9.pages.dev/data" or domainname like "https://human-verify-7u.pages.dev/" or siteurl like "https://human-verify-7u.pages.dev/" or url like "https://human-verify-7u.pages.dev/" or domainname like "https://recaptcha-verify-4h.pro/xfiles/verify.mp4" or siteurl like "https://recaptcha-verify-4h.pro/xfiles/verify.mp4" or url like "https://recaptcha-verify-4h.pro/xfiles/verify.mp4" or domainname like "https://hur.bweqlkjr.shop/m41.mp4" or siteurl like "https://hur.bweqlkjr.shop/m41.mp4" or url like "https://hur.bweqlkjr.shop/m41.mp4" or domainname like "http://83.217.208.130/xfiles/trip.psd" or siteurl like "http://83.217.208.130/xfiles/trip.psd" or url like "http://83.217.208.130/xfiles/trip.psd" or domainname like "https://microsoft-dns-reload-5q.pages.dev" or siteurl like "https://microsoft-dns-reload-5q.pages.dev" or url like "https://microsoft-dns-reload-5q.pages.dev" or domainname like "https://block.a-1-a1a.shop/drive.mp3" or siteurl like "https://block.a-1-a1a.shop/drive.mp3" or url like "https://block.a-1-a1a.shop/drive.mp3" or domainname like "breedertremnd.com" or siteurl like "breedertremnd.com" or url like "breedertremnd.com" or domainname like "https://lammysecurity.com/4/verify.sh" or siteurl like "https://lammysecurity.com/4/verify.sh" or url like "https://lammysecurity.com/4/verify.sh" or domainname like "browser-storage.com" or siteurl like "browser-storage.com" or url like "browser-storage.com" or domainname like "https://sdfwefwg.pages.dev/" or siteurl like "https://sdfwefwg.pages.dev/" or url like "https://sdfwefwg.pages.dev/" or domainname like "https://recaptcha-dns-d9.pages.dev/" or siteurl like "https://recaptcha-dns-d9.pages.dev/" or url like "https://recaptcha-dns-d9.pages.dev/" or domainname like "https://recaptcha-verify-me-1c.pages.dev/" or siteurl like "https://recaptcha-verify-me-1c.pages.dev/" or url like "https://recaptcha-verify-me-1c.pages.dev/" or domainname like "https://helloworld-f1f.pages.dev/penguin" or siteurl like "https://helloworld-f1f.pages.dev/penguin" or url like "https://helloworld-f1f.pages.dev/penguin" or domainname like "https://recaptcha-dns-o5.pages.dev/" or siteurl like "https://recaptcha-dns-o5.pages.dev/" or url like "https://recaptcha-dns-o5.pages.dev/" or domainname like "https://recaptha-verify-6l.pages.dev/" or siteurl like "https://recaptha-verify-6l.pages.dev/" or url like "https://recaptha-verify-6l.pages.dev/" or domainname like "actiothreaz.com" or siteurl like "actiothreaz.com" or url like "actiothreaz.com" or domainname like "https://ooooi1.pages.dev/kop" or siteurl like "https://ooooi1.pages.dev/kop" or url like "https://ooooi1.pages.dev/kop" or domainname like "tlfiyat.shop" or siteurl like "tlfiyat.shop" or url like "tlfiyat.shop" or domainname like "https://dfhusj.pages.dev/train" or siteurl like "https://dfhusj.pages.dev/train" or url like "https://dfhusj.pages.dev/train" or domainname like "https://fresh-orange-juice.pages.dev/" or siteurl like "https://fresh-orange-juice.pages.dev/" or url like "https://fresh-orange-juice.pages.dev/" 

    Detection Query 4 :

    domainname like "https://recaptcha-verify-1t.pages.dev/" or siteurl like "https://recaptcha-verify-1t.pages.dev/" or url like "https://recaptcha-verify-1t.pages.dev/" or domainname like "w1.discoverconicalcrouton.shop" or siteurl like "w1.discoverconicalcrouton.shop" or url like "w1.discoverconicalcrouton.shop" or domainname like "https://javascript-67t.pages.dev/" or siteurl like "https://javascript-67t.pages.dev/" or url like "https://javascript-67t.pages.dev/" or domainname like "blastikcn.com" or siteurl like "blastikcn.com" or url like "blastikcn.com" or domainname like "https://ai.fdswgw.shop/one.mp4" or siteurl like "https://ai.fdswgw.shop/one.mp4" or url like "https://ai.fdswgw.shop/one.mp4" or domainname like "https://rengular11.today/" or siteurl like "https://rengular11.today/" or url like "https://rengular11.today/" or domainname like "https://rivertracker.pages.dev/" or siteurl like "https://rivertracker.pages.dev/" or url like "https://rivertracker.pages.dev/" or domainname like "https://hfdjb.pages.dev/start" or siteurl like "https://hfdjb.pages.dev/start" or url like "https://hfdjb.pages.dev/start" or domainname like "importenptoc.com" or siteurl like "importenptoc.com" or url like "importenptoc.com" or domainname like "https://security-2u6g-log.com/1/verify.sh" or siteurl like "https://security-2u6g-log.com/1/verify.sh" or url like "https://security-2u6g-log.com/1/verify.sh" or domainname like "https://security-9y5v-scan.com/7/verify.sh" or siteurl like "https://security-9y5v-scan.com/7/verify.sh" or url like "https://security-9y5v-scan.com/7/verify.sh" or domainname like "blast-hubs.com" or siteurl like "blast-hubs.com" or url like "blast-hubs.com" or domainname like "https://hypo-dance.pages.dev/damn" or siteurl like "https://hypo-dance.pages.dev/damn" or url like "https://hypo-dance.pages.dev/damn" or domainname like "http://incognito.uploads.it.com" or siteurl like "http://incognito.uploads.it.com" or url like "http://incognito.uploads.it.com" or domainname like "https://macos-browser-update-5y.pages.dev/" or siteurl like "https://macos-browser-update-5y.pages.dev/" or url like "https://macos-browser-update-5y.pages.dev/" or domainname like "https://rose-pole-chip.pages.dev/" or siteurl like "https://rose-pole-chip.pages.dev/" or url like "https://rose-pole-chip.pages.dev/" or domainname like "https://lightsoi.pages.dev/" or siteurl like "https://lightsoi.pages.dev/" or url like "https://lightsoi.pages.dev/" or domainname like "https://recaptcha-verify-4h.pro/xfiles/kangarooing.vsdx" or siteurl like "https://recaptcha-verify-4h.pro/xfiles/kangarooing.vsdx" or url like "https://recaptcha-verify-4h.pro/xfiles/kangarooing.vsdx" or domainname like "https://renovateai.pages.dev/" or siteurl like "https://renovateai.pages.dev/" or url like "https://renovateai.pages.dev/" or domainname like "https://recaptha-verify-2w.pages.dev/" or siteurl like "https://recaptha-verify-2w.pages.dev/" or url like "https://recaptha-verify-2w.pages.dev/" or domainname like "https://raw.githubusercontent.com/fuad686337/tyu/refs/heads/main/BEGIMOT.xll" or siteurl like "https://raw.githubusercontent.com/fuad686337/tyu/refs/heads/main/BEGIMOT.xll" or url like "https://raw.githubusercontent.com/fuad686337/tyu/refs/heads/main/BEGIMOT.xll" or domainname like "https://z1z.pages.dev/" or siteurl like "https://z1z.pages.dev/" or url like "https://z1z.pages.dev/" or domainname like "garulouscuto.com" or siteurl like "garulouscuto.com" or url like "garulouscuto.com" or domainname like "https://discover-travel-agency.pro/walking.mp3" or siteurl like "https://discover-travel-agency.pro/walking.mp3" or url like "https://discover-travel-agency.pro/walking.mp3" or domainname like "https://security-7f2c-run.com/2/verify.sh" or siteurl like "https://security-7f2c-run.com/2/verify.sh" or url like "https://security-7f2c-run.com/2/verify.sh" or domainname like "https://hostme.pages.dev/host" or siteurl like "https://hostme.pages.dev/host" or url like "https://hostme.pages.dev/host" or domainname like "https://fleebunga.sbs" or siteurl like "https://fleebunga.sbs" or url like "https://fleebunga.sbs" or domainname like "https://niopg.pages.dev/" or siteurl like "https://niopg.pages.dev/" or url like "https://niopg.pages.dev/" or domainname like "https://salorttactical.top/2/verify.sh" or siteurl like "https://salorttactical.top/2/verify.sh" or url like "https://salorttactical.top/2/verify.sh" or domainname like "https://you-insk-bad.pages.dev/" or siteurl like "https://you-insk-bad.pages.dev/" or url like "https://you-insk-bad.pages.dev/" or domainname like "https://recaptcha-verify-1r.pages.dev/" or siteurl like "https://recaptcha-verify-1r.pages.dev/" or url like "https://recaptcha-verify-1r.pages.dev/" or domainname like "https://recaptha-verify-7u.pages.dev/" or siteurl like "https://recaptha-verify-7u.pages.dev/" or url like "https://recaptha-verify-7u.pages.dev/" or domainname like "https://microsoft-dns-reload-6l.pages.dev" or siteurl like "https://microsoft-dns-reload-6l.pages.dev" or url like "https://microsoft-dns-reload-6l.pages.dev" or domainname like "https://recaptha-verify-3m.pages.dev/" or siteurl like "https://recaptha-verify-3m.pages.dev/" or url like "https://recaptha-verify-3m.pages.dev/" or domainname like "https://microsoft-dns-reload.pages.dev" or siteurl like "https://microsoft-dns-reload.pages.dev" or url like "https://microsoft-dns-reload.pages.dev" or domainname like "https://kolobsgw.pages.dev/" or siteurl like "https://kolobsgw.pages.dev/" or url like "https://kolobsgw.pages.dev/" or domainname like "https://dns-verify-me.pro/xfiles/train.mp4" or siteurl like "https://dns-verify-me.pro/xfiles/train.mp4" or url like "https://dns-verify-me.pro/xfiles/train.mp4" or domainname like "https://fwfa.pages.dev/kioto" or siteurl like "https://fwfa.pages.dev/kioto" or url like "https://fwfa.pages.dev/kioto"

    Detection Query 5 :

    domainname like "https://stat.bluetroniq.vip/" or siteurl like "https://stat.bluetroniq.vip/" or url like "https://stat.bluetroniq.vip/" or domainname like "https://tnop.pages.dev/" or siteurl like "https://tnop.pages.dev/" or url like "https://tnop.pages.dev/" or domainname like "https://tuboos.pages.dev/" or siteurl like "https://tuboos.pages.dev/" or url like "https://tuboos.pages.dev/" or domainname like "https://sticker-88l.pages.dev/support" or siteurl like "https://sticker-88l.pages.dev/support" or url like "https://sticker-88l.pages.dev/support" or domainname like "https://know-knock-who-is-here.pages.dev/" or siteurl like "https://know-knock-who-is-here.pages.dev/" or url like "https://know-knock-who-is-here.pages.dev/" or domainname like "https://jrtersdfg.pages.dev/" or siteurl like "https://jrtersdfg.pages.dev/" or url like "https://jrtersdfg.pages.dev/" or domainname like "https://rhfvjck.pages.dev/" or siteurl like "https://rhfvjck.pages.dev/" or url like "https://rhfvjck.pages.dev/" or domainname like "https://bootstrappa.pages.dev/" or siteurl like "https://bootstrappa.pages.dev/" or url like "https://bootstrappa.pages.dev/" or domainname like "https://0-000-0.pages.dev/" or siteurl like "https://0-000-0.pages.dev/" or url like "https://0-000-0.pages.dev/" or domainname like "https://000-0-000.pages.dev/" or siteurl like "https://000-0-000.pages.dev/" or url like "https://000-0-000.pages.dev/" or domainname like "https://sunlight-11.pages.dev/a" or siteurl like "https://sunlight-11.pages.dev/a" or url like "https://sunlight-11.pages.dev/a" or domainname like "https://bbb1-9we.pages.dev/mountain" or siteurl like "https://bbb1-9we.pages.dev/mountain" or url like "https://bbb1-9we.pages.dev/mountain" or 

    domainname like "https://nnoq.pages.dev/" or siteurl like "https://nnoq.pages.dev/" or url like "https://nnoq.pages.dev/" or domainname like "https://dsk1a.pages.dev/onside" or siteurl like "https://dsk1a.pages.dev/onside" or url like "https://dsk1a.pages.dev/onside" or domainname like "https://f23-11r.pages.dev/verse" or siteurl like "https://f23-11r.pages.dev/verse" or url like "https://f23-11r.pages.dev/verse" or domainname like "https://f003.backblazeb2.com/file/skippp/uu.html" or siteurl like "https://f003.backblazeb2.com/file/skippp/uu.html" or url like "https://f003.backblazeb2.com/file/skippp/uu.html" or domainname like "https://f003.backblazeb2.com/file/skippp/index.html" or siteurl like "https://f003.backblazeb2.com/file/skippp/index.html" or url like "https://f003.backblazeb2.com/file/skippp/index.html" or domainname like "https://b1-c1-k8.pages.dev/" or siteurl like "https://b1-c1-k8.pages.dev/" or url like "https://b1-c1-k8.pages.dev/" or domainname like "https://cleaning-devices-k.pages.dev/" or siteurl like "https://cleaning-devices-k.pages.dev/" or url like "https://cleaning-devices-k.pages.dev/" or domainname like "https://tour-agency-media.pages.dev/" or siteurl like "https://tour-agency-media.pages.dev/" or url like "https://tour-agency-media.pages.dev/" or domainname like "https://macos-browser-update-9n.pages.dev/" or siteurl like "https://macos-browser-update-9n.pages.dev/" or url like "https://macos-browser-update-9n.pages.dev/" or domainname like "https://macos-browser-update-5i.pages.dev/" or siteurl like "https://macos-browser-update-5i.pages.dev/" or url like "https://macos-browser-update-5i.pages.dev/" or domainname like "https://recaptcha-verify-9m.pages.dev/" or siteurl like "https://recaptcha-verify-9m.pages.dev/" or url like "https://recaptcha-verify-9m.pages.dev/" or domainname like "https://recaptha-verify-1n.pages.dev/" or siteurl like "https://recaptha-verify-1n.pages.dev/" or url like "https://recaptha-verify-1n.pages.dev/" or domainname like "https://recaptha-verify-4z.pages.dev/" or siteurl like "https://recaptha-verify-4z.pages.dev/" or url like "https://recaptha-verify-4z.pages.dev/" or domainname like "https://recaptha-verify-q3.pages.dev/" or siteurl like "https://recaptha-verify-q3.pages.dev/" or url like "https://recaptha-verify-q3.pages.dev/" or domainname like "https://recaptha-verify-7y.pages.dev/" or siteurl like "https://recaptha-verify-7y.pages.dev/" or url like "https://recaptha-verify-7y.pages.dev/"

    Detection Query 6 :

    domainname like "https://dns-resolver-es8.pages.dev/" or siteurl like "https://dns-resolver-es8.pages.dev/" or url like "https://dns-resolver-es8.pages.dev/" or domainname like "https://privatunis.cfd/1/verify.sh" or siteurl like "https://privatunis.cfd/1/verify.sh" or url like "https://privatunis.cfd/1/verify.sh" or domainname like "https://e.overallwobbly.ru/era-stc" or siteurl like "https://e.overallwobbly.ru/era-stc" or url like "https://e.overallwobbly.ru/era-stc" or domainname like "https://security-9y5v-scan.com/3/verify.sh" or siteurl like "https://security-9y5v-scan.com/3/verify.sh" or url like "https://security-9y5v-scan.com/3/verify.sh" or domainname like "https://security-check-u8a6.com/2/verify.sh" or siteurl like "https://security-check-u8a6.com/2/verify.sh" or url like "https://security-check-u8a6.com/2/verify.sh" or domainname like "https://betiv.fun/7456f63a46cc318334a70159aa3c4291.txt" or siteurl like "https://betiv.fun/7456f63a46cc318334a70159aa3c4291.txt" or url like "https://betiv.fun/7456f63a46cc318334a70159aa3c4291.txt" or domainname like "http://run.fox-chair-dust.xyz/" or siteurl like "http://run.fox-chair-dust.xyz/" or url like "http://run.fox-chair-dust.xyz/" or domainname like "https://captcha-cdn.com/verify.sh" or siteurl like "https://captcha-cdn.com/verify.sh" or url like "https://captcha-cdn.com/verify.sh" or domainname like "http://sandbox.silver-map-generator.shop/" or siteurl like "http://sandbox.silver-map-generator.shop/" or url like "http://sandbox.silver-map-generator.shop/" or domainname like "https://black.hologramm.us/" or siteurl like "https://black.hologramm.us/" or url like "https://black.hologramm.us/" or domainname like "https://xxx.retweet.shop/" or siteurl like "https://xxx.retweet.shop/" or url like "https://xxx.retweet.shop/" or domainname like "https://www.mediafire.com/file_premium/8q094mjevfshw6g/glass.mp3/file" or siteurl like "https://www.mediafire.com/file_premium/8q094mjevfshw6g/glass.mp3/file" or url like "https://www.mediafire.com/file_premium/8q094mjevfshw6g/glass.mp3/file" or domainname like "https://tumbl.design-x.xyz/glass.mp3" or siteurl like "https://tumbl.design-x.xyz/glass.mp3" or url like "https://tumbl.design-x.xyz/glass.mp3" or domainname like "https://mnjk-jk.bsdfg-zmp-q-n.shop/1.mp4" or siteurl like "https://mnjk-jk.bsdfg-zmp-q-n.shop/1.mp4" or url like "https://mnjk-jk.bsdfg-zmp-q-n.shop/1.mp4" or domainname like "https://yob.yrwebsdf.shop/3t.mp4" or siteurl like "https://yob.yrwebsdf.shop/3t.mp4" or url like "https://yob.yrwebsdf.shop/3t.mp4" or domainname like "https://start.cleaning-room-device.shop/sha589.m4a" or siteurl like "https://start.cleaning-room-device.shop/sha589.m4a" or url like "https://start.cleaning-room-device.shop/sha589.m4a" or domainname like "https://ads.green-pickle-jo.shop/1.m4a" or siteurl like "https://ads.green-pickle-jo.shop/1.m4a" or url like "https://ads.green-pickle-jo.shop/1.m4a" or domainname like "https://recaptcha-verify-4h.pro/kangarooing.m4a" or siteurl like "https://recaptcha-verify-4h.pro/kangarooing.m4a" or url like "https://recaptcha-verify-4h.pro/kangarooing.m4a" or domainname like "https://human-verify-4r.pro/xfiles/verify.mp4" or siteurl like "https://human-verify-4r.pro/xfiles/verify.mp4" or url like "https://human-verify-4r.pro/xfiles/verify.mp4" or domainname like "http://83.217.208.130/xfiles/vida.mp4" or siteurl like "http://83.217.208.130/xfiles/vida.mp4" or url like "http://83.217.208.130/xfiles/vida.mp4" or domainname like "http://83.217.208.130/xfiles/trip.mp4" or siteurl like "http://83.217.208.130/xfiles/trip.mp4" or url like "http://83.217.208.130/xfiles/trip.mp4" or domainname like "https://disable-data-ai-agent.pages.dev" or siteurl like "https://disable-data-ai-agent.pages.dev" or url like "https://disable-data-ai-agent.pages.dev" or domainname like "https://microsoft-dns-reload-5m.pages.dev" or siteurl like "https://microsoft-dns-reload-5m.pages.dev" or url like "https://microsoft-dns-reload-5m.pages.dev" or domainname like "https://microsoft-dns-reload-7m.pages.dev" or siteurl like "https://microsoft-dns-reload-7m.pages.dev" or url like "https://microsoft-dns-reload-7m.pages.dev" or domainname like "https://microsoft-dns-reload-9q.pages.dev" or siteurl like "https://microsoft-dns-reload-9q.pages.dev" or url like "https://microsoft-dns-reload-9q.pages.dev" or domainname like "https://microsoft-dns-reload-3h.pages.dev" or siteurl like "https://microsoft-dns-reload-3h.pages.dev" or url like "https://microsoft-dns-reload-3h.pages.dev" or domainname like "https://microsoft-dns-reload-4r.pages.dev" or siteurl like "https://microsoft-dns-reload-4r.pages.dev" or url like "https://microsoft-dns-reload-4r.pages.dev" or domainname like "https://recaptha-verify-8u.pages.dev" or siteurl like "https://recaptha-verify-8u.pages.dev" or url like "https://recaptha-verify-8u.pages.dev" or domainname like "https://microsoft-dns-reload-6y.pages.dev" or siteurl like "https://microsoft-dns-reload-6y.pages.dev" or url like "https://microsoft-dns-reload-6y.pages.dev" or domainname like "lapkimeow.icu" or siteurl like "lapkimeow.icu" or url like "lapkimeow.icu" or domainname like "polovoiinspektor.shop" or siteurl like "polovoiinspektor.shop" or url like "polovoiinspektor.shop" or domainname like "googleapis-n-cdn3s-server.willingcapablepatronage.shop" or siteurl like "googleapis-n-cdn3s-server.willingcapablepatronage.shop" or url like "googleapis-n-cdn3s-server.willingcapablepatronage.shop" or domainname like "kangla.klipxytozyi.shop" or siteurl like "kangla.klipxytozyi.shop" or url like "kangla.klipxytozyi.shop" or domainname like "recaptcha-manual.shop" or siteurl like "recaptcha-manual.shop" or url like "recaptcha-manual.shop" or domainname like "opbafindi.com" or siteurl like "opbafindi.com" or url like "opbafindi.com" or domainname like "torpdidebar.com" or siteurl like "torpdidebar.com" or url like "torpdidebar.com" or domainname like "rebeldettern.com" or siteurl like "rebeldettern.com" or url like "rebeldettern.com" or domainname like "pasteflawwed.world" or siteurl like "pasteflawwed.world" or url like "pasteflawwed.world" or domainname like "hoyoverse.blog" or siteurl like "hoyoverse.blog" or url like "hoyoverse.blog" or domainname like "decreaserid.world" or siteurl like "decreaserid.world" or url like "decreaserid.world"

    Detection Query 7 :

    dstipaddress IN ("80.64.30.238","95.217.240.67","37.27.182.109","95.216.180.186","82.115.223.9","91.240.118.2") or srcipaddress IN ("80.64.30.238","95.217.240.67","37.27.182.109","95.216.180.186","82.115.223.9","91.240.118.2")

    Detection Query 8 :

    sha256hash IN ("bcbdb74f97092dfd68e7ec1d6770b6d1e1aae091f43bcebb0b7bce6c8188e310","091f9db54382708327f5bb1831a4626897b6710ffe11d835724be5c224a0cf83","88019011af71af986a64f68316e80f30d3f57186aa62c3cef5ed139eb49a6842","27105be1bdd9f15a1b1a2b0cc5de625e2ecd47fdeaed135321641eea86ad6cb0","72d8fa46f402dcc4be78306d0535c9ace0eb9fabae59bd3ba3cc62a0bdf3db91","3023b0331baff73ff894087d1a425ea4b2746caf514ada624370318f27e29c2c","4b47b55ae448668e549ffc04e82aee41ac10e3c8b183012a105faf2360fc5ec1")

    Reference:

    https://cloud.google.com/blog/topics/threat-intelligence/unc5142-etherhiding-distribute-malware


    Tags

    MalwareThreat ActorUNC5142InfostealerBlockchainEtherHidingCLEARSHORTAtomicVidarLUMMAC.V2RADTHIEF

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.