IOC Radar
TLP:WHITE13 IOCs

From Fake Purchase Orders to Remote Access: Analyzing the JS.MonoGlyphRAT Threat to US Enterprises

AC
ANY.RUN Cybersecurity Blog
Published June 2, 2026Original Report

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYunknownINFRASTRUCTUREhttp://158.94.211.76:…http://158.94.211.76:…http://158.94.211.76:…CAPABILITYCobalt StrikeVICTIMunknown
Adversary
Infrastructure(6)
Capability(1)
Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise13

TypeIndicatorConfidenceScoreFirst Seen
URLhttp://158.94.211.76:34567/ceoznp?ia=UDP3HIP4P5SH3U5R&amp;df=0</li>
intel-blogmalwarenetwork
High
58
Jun 2, 26
SHA2565446b24959c1c2707accfc257aaac61819c01d1ed65bca910a7e8be1787d200f
aptespionagefile-hash
Medium
51
Jun 2, 26
URLhttp://158.94.211.76:34567/ceoznp?ia=GEZHOV8LBB7PY4KX</li>
intel-blogmalwarenetwork
High
58
Jun 2, 26
MD576e6f6c63756479726e6565647879637
file-hashintel-blogmalware
Medium
51
Jun 2, 26
URLhttp://158.94.211.76:34567/ceoznp?ia=GEZHOV8LBB7PY4KX&amp;df=0</li>
intel-blogmalwarenetwork
High
58
Jun 2, 26
IP158.94.211.76
aptespionageintel-blog
High
58
Jun 2, 26
MD5766bbae98154b60b381ce91bfb5473ed
aptespionagefile-hash
Medium
51
Jun 2, 26
IP91.92.243.79
intel-blogmalwarenetwork
High
58
Jun 2, 26
URLhttp://158.94.211.76:34567/ceoznp
intel-blogmalwarenetwork
High
58
Jun 2, 26
Domainscan.aryamint.com
intel-blogmalwarenetwork
High
58
Jun 2, 26
SHA256aa5b97546a5cb1e62fbacc5f8521a7fc593ed37b11604966a87b464b9bcc1eb2
file-hashintel-blogloader
Medium
51
Jun 2, 26
URLhttp://158.94.211.76:34567/ceoznp?ia=UDP3HIP4P5SH3U5R</li>
intel-blogmalwarenetwork
High
58
Jun 2, 26
Domainaryamint.com
intel-blogmalwarenetwork
High
58
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph13 total IOCs
URLSHA256MD5IPDomain
URL5SHA2562MD52IP2Domain2Malware1REPORTFrom Fake Purchase Orders Cobalt Strike
scroll to zoom · drag to pan · click IOC to open