The State of Cybersecurity

// ips4

• 5.180.24.17
• 23.227.202.52
• 193.24.123.68
• 91.215.85.42

// domains17

• next-preconfig-1.0.0.flatten.js
• test.js
• node.js
• next.js
• ip2worlds.vip
• jqgnsp5eb32wh.oast.fun
• pool.hashvault
• wet4g13ncu255d.icu
• lnzafqrdnkbqligzetxljqgnsp5eb32wh.oast.fun
• index.html
• the-evolving-extortion-threat-to-us-financial-institutions.html
• js.beavertail
• north-korean-hackers-update-beavertail.html
• north-korean-hackers-target-crypto-fake-firms-job-offers.html
• north-korean-hackers-targets-job.html
• threat-actors-turn-blockchains-into-malware-delivery-servers.html
• group-infiltrated-100-plus-companies-with-imposter-it-pros.html

// urls46

• http://5.180.24.17:1244
• https://www.threatintel.academy/wp-content/uploads/2020/07/diamond_summary.pdf
• https://www.ncsc.gov.uk/pdfs/whitepaper/ransomware-extortion-and-the-cyber-crime-ecosystem.pdf
• https://www.csoonline.com/article/4032874/ransomware-attacks-the-evolving-extortion-threat-to-us-financial-institutions.html
• https://www.fbi.gov/how-we-can-help-you/scams-and-safety/common-frauds-and-scams/business-email-compromise
• https://www.conduitsecurity.com/blog/2024-ic3-report
• https://www.darktrace.com/resources/annual-threat-report-2024
• https://www.thetimes.com/business-money/technology/article/darktrace-boss-i-was-deepfaked-and-i-couldnt-tell-difference-sxzw0nk5z
• https://www.darktrace.com/blog/a-snake-in-the-net-defending-against-aitm-phishing-threats-and-mamba-2fa
• https://www.darktrace.com/blog/phishing-with-qr-codes-how-darktrace-detected-and-blocked-the-bait
• https://www.darktrace.com/blog/2025-cyber-threat-landscape-darktraces-mid-year-review
• https://www.fortra.com/blog/bec-global-insights-report-january-2025
• https://www.darktrace.com/blog/disarming-the-warmcookie-backdoor-darktraces-oven-ready-solution
• https://www.darktrace.com/blog/meeten-malware-a-cross-platform-threat-to-crypto-wallets-on-macos-and-windows
• https://www.federalreserve.gov/publications/files/cybersecurity-report-202507.pdf
• https://www.fca.org.uk/freedom-information/information-cyber-attacks-and-data-breaches-reported-fca-october-2023
• https://www.patelco.org/securityupdate
• https://www.darktrace.com/blog/darktraces-view-on-operation-lunar-peek-exploitation-of-palo-alto-firewall-devices-cve-2024-2012-and-2024-9474
• https://www.netcraft.com/blog/moveit-hack
• https://home.treasury.gov/news/press-releases/sm774
• https://www.dni.gov/files/CTIIC/documents/products/North-Korean-TTPs-for-Revenue-Generation.pdf
• https://www.justice.gov/opa/pr/justice-department-announces-coordinated-nationwide-actions-combat-north-korean-remote
• https://home.treasury.gov/news/press-releases/jy1933
• https://www.infosecurity-magazine.com/news/beavertail-malware-job-seekers/
• https://www.techworm.net/2025/04/north-korean-hackers-target-crypto-fake-firms-job-offers.html
• https://www.chainalysis.com/blog/euler-finance-flash-loan-attack/
• https://www.gov.il/BlobFolder/reports/beavertail/he/Analyzing
• https://www.darktrace.com/blog/unpacking-clickfix-darktraces-detection-of-a-prolific-social-engineering-tactic
• https://gbhackers.com/beavertail-malware/
• https://cybermaterial.com/invisibleferret-backdoor-malware/
• https://cybersecuritynews.com/north-korean-hackers-using-malicious-scripts-combining-beavertail-and-ottercookie-for-keylogging/
• https://andreafortuna.org/2025/10/18/north-korean-hackers-merge-beavertail-and-ottercookie-malware
• https://www.csoonline.com/article/4074916/north-korean-threat-actors-turn-blockchains-into-malware-delivery-servers.html
• https://securityboulevard.com/2025/10/the-unkillable-threat-how-attackers-turned-blockchain-into-bulletproof-malware-infrastructure/
• https://www.csoonline.com/article/3481659/north-korean-group-infiltrated-100-plus-companies-with-imposter-it-pros.html
• https://www.justice.gov/archives/opa/press-release/file/1367701/dl
• https://www.justice.gov/archives/opa/pr/north-korean-regime-backed-programmer-charged-conspiracy-conduct-multiple-cyber-attacks-and
• https://www.cyber.gc.ca/en/guidance/profile-ta505-cl0p-ransomware
• https://www.enisa.europa.eu/sites/default/files/publications/ENISA
• https://cybelangel.com/blog/moveit-cl0p-breach/
• https://www.darktrace.com/blog/cleo-file-transfer-vulnerability-patch-pitfalls-and-darktraces-detection-of-post-exploitation-activities
• https://www.datastackhub.com/security/clop-ransomware/
• https://www.nationalcrimeagency.gov.uk/the-nca-announces-the-disruption-of-lockbit-with-operation-cronos
• https://www.esentire.com/blog/bored-beavertail-invisibleferret-yacht-club-a-lazarus-lure-pt-2
• https://socket.dev/blog/weaponizing-oast-how-malicious-packages-exploit-npm-pypi-and-rubygems
• https://www.sysdig.com/blog/etherrat-dprk-uses-novel-ethereum-implant-in-react2shell-attacks

// sha2560

// md52

• d5725519d9e66bc590ac54c11d1d90e5
• 3dfb3c49d5430a32da442178965b188a

// emails1

• info@darktrace.com

// cves7

• CVE-2025-4427
• CVE-2025-4428
• CVE-2023-4966
• CVE-2023-34362
• CVE-2025-55182
• CVE-2024-2012
• CVE-2025-10035