IOC Radar
TLP:WHITE41 IOCs

Armored Likho digging a snake pit: inside the covert BusySnake Stealer campaign

SE
Securelist
Published July 3, 2026Original Report

Threat Actors

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYAPT1APT10APT3INFRASTRUCTUREhttp://grked.online:8…https://grked.online/…ndrt.inkCAPABILITYMETA StealerVICTIMunknown
Adversary(3)
Infrastructure(6)
Capability(1)
Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise41

TypeIndicatorConfidenceScoreFirst Seen
MD580b7700053e115d65365ce7330383320
exploitfile-hashintel-blog
Medium
53
Jul 3, 26
URLhttp://grked.online:8000/tunnel/create/?username=redacted
intel-blogmalwarenetwork
High
58
Jul 3, 26
MD5a0ec7a8e61eff3f445a7455b3aef9fbb
exploitfile-hashintel-blog
Medium
53
Jul 3, 26
MD590378881856abfa47d7745c0a3ef9dc8
exploitfile-hashintel-blog
Medium
53
Jul 3, 26
MD5fd2bdd8047addee6fde2f532de181bfd
exploitfile-hashintel-blog
Medium
53
Jul 3, 26
URLhttps://grked.online/tunnel/create/?username=redacted
intel-blogmalwarenetwork
High
58
Jul 3, 26
MD5ddff82a115558584bbd7741d4ffb35b4
exploitfile-hashintel-blog
Medium
53
Jul 3, 26
MD55d5c3e483c5e544260ce98fc29fbf192
exploitfile-hashintel-blog
Medium
53
Jul 3, 26
MD5f2ab09d7e7a375a192508a5014aa2ee4
exploitfile-hashintel-blog
Medium
53
Jul 3, 26
MD5e2550cfad9dcc880bf04f6048f90868c
exploitfile-hashintel-blog
Medium
53
Jul 3, 26
Domainndrt.ink
exploitintel-blogmalware
High
58
Jul 3, 26
MD5006887732ca4a4a46a97989cf4deeef6
exploitfile-hashintel-blog
Medium
53
Jul 3, 26
MD50041fd1b2358cd08dbcbc28ea8fc3d20
exploitfile-hashintel-blog
Medium
53
Jul 3, 26
MD58188b2f347b77d65d08cfb23808ac244
exploitfile-hashintel-blog
Medium
53
Jul 3, 26
MD578135f72ab148a0cc074f6b2dd51fff6
exploitfile-hashintel-blog
Medium
53
Jul 3, 26
MD5894332174f536c2e1efeda05cba79f8b
exploitfile-hashintel-blog
Medium
53
Jul 3, 26
Domainonetoken.ink
exploitintel-blogmalware
High
58
Jul 3, 26
Domainarvax.xyz
exploitintel-blogmalware
High
58
Jul 3, 26
Domainlvl99.store
exploitintel-blogmalware
High
58
Jul 3, 26
Domainwinupdate.live
exploitintel-blogmalware
High
58
Jul 3, 26
Domainmyboard.chickenkiller.com
exploitintel-blogmalware
High
58
Jul 3, 26
MD5f5c6434ee5f7578faa3bc1257e1c9226
exploitfile-hashintel-blog
Medium
53
Jul 3, 26
MD5732c31acf971a81c7e51b2a3dae82020
exploitfile-hashintel-blog
Medium
53
Jul 3, 26
MD57141917cba2eee2b4d31107faccf3a39
exploitfile-hashintel-blog
Medium
53
Jul 3, 26
MD51dba3e505491a260a44c867902c3296e
exploitfile-hashintel-blog
Medium
53
Jul 3, 26
MD5c7622a1effa27bbfee6d6e03d6474343
exploitfile-hashintel-blog
Medium
53
Jul 3, 26
MD5cf74ac018d158ea2c2cfa1b1d71d95bc
exploitfile-hashintel-blog
Medium
53
Jul 3, 26
MD57db9c688c620e54e8c69b7e52a7579fb
exploitfile-hashintel-blog
Medium
53
Jul 3, 26
Domainwinupdate.ink
exploitintel-blogmalware
High
58
Jul 3, 26
MD5c019797a00fd56edb1f468ac0a598510
exploitfile-hashintel-blog
Medium
53
Jul 3, 26
MD56b45ddb39a6e86229348dcbba3857e7c
exploitfile-hashintel-blog
Medium
53
Jul 3, 26
IP159.198.75.219
exploitintel-blogmalware
High
58
Jul 3, 26
MD51096268fa2b3d454c86cf851cb782319
exploitfile-hashintel-blog
Medium
53
Jul 3, 26
MD52dfa1d949872c1b2f04952dd3e5f5d8f
exploitfile-hashintel-blog
Medium
53
Jul 3, 26
IP69.67.173.153
exploitintel-blogmalware
High
58
Jul 3, 26
IP159.198.32.222
intel-blogmalwarenetwork
High
58
Jul 3, 26
Domainvarenie.live
exploitintel-blogmalware
High
58
Jul 3, 26
IP159.198.41.140
abuseaccessalienvault_ransomware
High
70
May 7, 26
Domainmyboard.twilightparadox.com
exploitintel-blogmalware
High
58
Jul 3, 26
MD5393b498f2114cabc0b29d5fcd9dc6723
exploitfile-hashintel-blog
Medium
53
Jul 3, 26
MD507213c419489c02791e8d67b91e404ef
exploitfile-hashintel-blog
Medium
53
Jul 3, 26

IOC Relationship Graph

IOC Relationship Graph41 total IOCs
MD5URLDomainIP
MD526Domain9IP4URL2Actors3Malware1REPORTArmored Likho digging a snAPT1APT10APT3META Stealer
scroll to zoom · drag to pan · click IOC to open