|
Malware:
|
AMOS, Atomic macOS Stealer, Atomic Stealer, BadIIS, Broomstick, ClawdBot Agent, CleanUp, CleanUpLoader, ConnectWise Control, ConnectWise ScreenConnect, GhostChat, GORBLE, Lumma, LummaC2, Lumma Stealer, OSX.AtomicStealer, OSX.AtomStealer, OysterLoader, POWERSTAR, Redline, Redline Loader, RedLine Stealer, Rhysida, RisePro, ScreenConnect, ScreenConnect RAT, Speldings.exe, StealC, TAMECAT, Trojan/OpenClaw.PolySkill, Vidar, Vidar Stealer |
|
CVEs:
|
CVE-2024-28863, CVE-2025-49596, CVE-2025-52882, CVE-2025-59466, CVE-2025-64756, CVE-2025-6514, CVE-2026-21636, CVE-2026-22708, CVE-2026-24763, CVE-2026-25157, CVE-2026-25253, CVE-2026-2577, CVE-2026-26319, CVE-2026-26322, CVE-2026-26329 |
|
Technologies:
|
Alibaba Cloud, Amazon Web Services, Anthropic Claude, Apache HTTP Server, Apple iOS, Apple macOS, Caddy, Cloudflare Tunnel, ConnectWise ScreenConnect, DigitalOcean, Docker, Express.js, F5 NGINX, Git, GitHub, Google Cloud Platform, Google Gemini, Hetzner, Joomla!, Kubernetes, Linux, LLaVA, Microsoft Azure, Microsoft Entra, Microsoft Visual Studio, Microsoft Windows, Moltbook, NGINX, Node.js, npm, OpenAI, OpenClaw, OVHcloud, Python, Signal, Slack, SSH, Supabase, Tassos Framework, Telegram, Tencent Cloud, Vercel Next.js, WhatsApp |
|
Threat Actors:
|
AngryLikho, APT28, ClawHavoc, CookieSpider, FancyBear, hightower6eu, Kimsuky, Moonshine100rze, Rhysida |
|
Attacker Countries:
|
Russia |
|
Attacker IPs:
|
178.16.54.253, 179.43.176.32, 202.161.50.59, 54.91.154.110, 91.92.242.30, 95.92.242.30, 96.92.242.30 |
|
Attacker Domains:
|
attacker.com, auth.clawdhub.com, auth.clawhub.com, clawbot.ai, clawd.bot, clawdbot.getintwopc.site, clawdbot.you, clawhub.ai, clawhub.openclaw.ai, darkgptprivate.com, docs.clawd.bot, docs.molt.bot, docs.openclaw.ai, getintwopc.site, github.com/hedefbari, glot.io, install.app-distribution.net, meeting.bulletmailer.net, moltbook.ai, molt.bot, moltbotai.chat, moltbot.you, moltyverse.email, ngrok.io, openclaw.ai, pipedream.net, rentry.co, roarin.ai, socifiapp.com, webhook.site, www.dropbox.com |
|
Attacker URLs:
|
github.com/gstarwd/clawbot, hxxp://54.91.154.110:13338/%7Csh, hxxps://socifiapp.com/api/reports/upload, hxxps://webhook.site/358866c4-81c6-4c30-9c8c-358db4d04412, javascript:fetch(‘ ?option=com_ajax, ?option=com_ajax&format=raw&plugin=nrframework, ws://localhost:18789 |
|
Attacker Hashes:
|
04ef48b104d6ebd05ad70f6685ade26c1905495456f52dfe0fb42f550bd43388, 087361307be2b2789849d4fd58170cca, 0c76e33ddde228e9ce098edf3bf5f06a, 0e52566ccff4830e30ef45d2ad804eefba4ffe42062919398bf1334aab74dd65, 17703b3d5e8e1fe69d6a6c78a240d8c84b32465fe62bed5610fb29335fe42283, 1e6d4b0538558429422b71d1f4d724c8ce31be92d299df33a8339e32316e2298, 2444b3ab5de42fcca22e6025cf018e3b, 37102fddfbca1e750b61943162b15004, 3a4450bacf20eea2dcc246da7bce9667, 5e4428176aeb8cfc7f0391654d683a2a, 63e9707b978b7569f26636e9a9bb3b14, 75661cbf8fd50009be0c46a9ca8b3180, 760c89959e2d80f9b78a320023a875b7c458840f920770438cda517160bfd1b1, 79e8f3f7a6113773cdbced2c7329e6dbb2d0b8b3bf5a18c6c97cb096652bc1f2, 8611dfd731c27ac1592de60a31c66634, a3365c837ec2659c2aa04e7010a0db15, a37f6403fbf28fa0b48863287f4c5a5db8f295977d4dec2e9bffd6fce2320bd1, a535666293db8dcaba511e38b735f2b86eb06663f1f6a43ab59bf0d35ae4e933, adbcdb613c04fd51936cb0863d2417604db0cd04792ab7cae02526d48944c77b, be24b44d4895c6bc14e3f98a9687a399, d1e0c26774cb8beabaf64f119652719f673fb530368d5b2166178191ad5fcbea, db48607a6f85e716a3ec3e9b613f278d683c79817d7a3c32619a6623f85a5b32, e20b920c7af988aa215c95bbaa365d005dd673544ab7e3577b60fecf11dcdea2, f58854f6450618729679ad33622bebaf |
|
Victim Industries:
|
Agriculture, Artificial Intelligence, Cloud Infrastructure, Creator Economy, Critical Manufacturing, Cryptocurrency, E-commerce, Education, Energy, Financials, Financial Services, Government, Healthcare, Health Care Technology, Hospitality, Information Services, Information Technology, Insurance, Legal Services, Manufacturing, Marketing & Advertising, Media and Entertainment, Multimedia, Non-Governmental Organizations (NGOs), Real Estate, Retail, Social Media, Software, Sports and Entertainment, Technology Hardware, Telecommunications, Transportation |
|
Victim Countries:
|
Australia, Austria, Belgium, Brazil, Bulgaria, Canada, China, Colombia, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hong Kong, Hungary, India, Ireland, Italy, Japan, Latvia, Lithuania, Luxembourg, Malta, Mexico, Netherlands, Norway, Poland, Portugal, Romania, Russia, Singapore, Slovakia, Slovenia, South Korea, Spain, Sweden, Switzerland, United Kingdom, United States |