TLP:WHITE21 IOCs

JOMANGY: INJ3CTOR3’s Self-Healing FreePBX Toll Fraud Campaign

Cyble

Published May 21, 2026Original Report

Diamond Model

Adversary

Infrastructure(6)

Capability(1)

Victim

Analysis unavailable

Type	Indicator	Confidence	Score	First Seen
MD5	cf710203400b8c466e6dfcafcf36a411 file-hashintel-blogmalware	High	61	Jun 2, 26
IP	169.150.218.33 intel-blogmalwarenetwork	High	68	Jun 2, 26
URL	http://45.95.147.178/z/post/noroot.php intel-blogmalwarenetwork	High	68	Jun 2, 26
MD5	e1ebf9066a951be519a24140711839ea exploitfile-hashintel-blog	High	61	Jun 2, 26
MD5	bfcedbc1831779921a0ee2cfaee004f2 file-hashintel-blogmalware	High	61	Jun 2, 26
IP	169.150.218.37 intel-blogmalwarenetwork	High	68	Jun 2, 26
IP	45.234.176.202 intel-blogmalwarenetwork	High	68	Jun 2, 26
IP	146.70.129.114 intel-blogmalwarenetwork	High	68	Jun 2, 26
URL	http://45.95.147.178/x intel-blogmalwarenetwork	High	68	Jun 2, 26
MD5	ec4ca4db5ec0b782e51224fa7082ac06 file-hashintel-blogmalware	High	61	Jun 2, 26
URL	http://45.95.147.178/ intel-blogmalwarenetwork	High	68	Jun 2, 26
CVE	CVE-2025-57819 exploitintel-blogloader	High	59	Jun 2, 26
URL	http://45.95.147.178/k.php intel-blogmalwarenetwork	High	68	Jun 2, 26
MD5	b92c65af386ed772972b43cab0d55a4a file-hashintel-blogmalware	High	61	Jun 2, 26
CVE	CVE-2019-19006 exploitintel-blogmalware	High	59	Jun 2, 26
CVE	CVE-2021-45461 exploitintel-blogmalware	High	59	Jun 2, 26
MD5	a8b65af6c142736ccf80420e44df240f file-hashintel-blogmalware	High	61	Jun 2, 26
IP	160.119.76.250 aptespionageintel-blog	High	68	Jun 2, 26
CVE	CVE-2025-64328 exploitintel-blogmalware	High	59	Jun 2, 26
SHA1	6ea9c6d2d932532a4cd44c7974fb1a0a87dbfcf9 file-hashintel-blogmalware	High	61	Jun 2, 26
URL	http://45.95.147.178/z/post/root.php intel-blogmalwarenetwork	High	68	Jun 2, 26

IOC Relationship Graph21 total IOCs

MD5IPURLCVESHA1

scroll to zoom · drag to pan · click IOC to open