IOC Radar
TLP:WHITE1 IOC

Catch them while you can

DC
DCSO CyTec Blog
Published October 13, 2025Original Report

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYunknownINFRASTRUCTUREunknownCAPABILITYImpacketMimikatzNetScanVICTIMunknown
Adversary
Infrastructure
Capability(5)
Victim

Attack Flow8 steps · MITRE ATT&CK mapped

Initial AccessTA0001·T1078
1/8
Valid Accounts
ActionLog in with stolen credentials
Attacker logged into Citrix using stolen credentials.

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise1

TypeIndicatorConfidenceScoreFirst Seen
MD5aad3b435b51404eeaad3b435b51404ee
file-hashintel-blogmalware
Medium
53
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph1 total IOCs
MD5
MD51Malware5REPORTCatch them while you canImpacketMimikatzNetScanPsExecSecretsDump
scroll to zoom · drag to pan · click IOC to open