IOC Radar
TLP:WHITE6 IOCs

SimpleHelp OIDC Bypass Lets Attackers Gain Technician Session and Deploy Malware

CP
Cyber Press
Published June 30, 2026Original Report

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYunknownINFRASTRUCTUREtrycloudflare.coma.dev-tunnels.com96.126.130.126CAPABILITYCobalt StrikeVICTIMunknown
Adversary
Infrastructure(3)
Capability(1)
Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise6

TypeIndicatorConfidenceScoreFirst Seen
CVECVE-2026-48558
exploitintel-blogmalware
Medium
54
Jun 30, 26
SHA256f4a72600a3735c2a4d843875ea61bbb6f935a1af51a81f2fbc992ce11ba94afc
file-hashintel-blogloader
Medium
53
Jun 30, 26
Domaintrycloudflare.com
exfiltrationintel-blogmalware
High
58
Jun 30, 26
Domaina.dev-tunnels.com
exfiltrationindicatorintel-blog
Medium
54
Jun 29, 26
SHA25600cc86d1144020c24c8fbb3a8dc6b908926497ebd23be3bf854360f93d1c8f4c
file-hashintel-blogloader
Medium
53
Jun 30, 26
IP96.126.130.126
exfiltrationintel-blogmalware
High
58
Jun 30, 26

IOC Relationship Graph

IOC Relationship Graph6 total IOCs
CVESHA256DomainIP
SHA2562Domain2CVE1IP1Malware1REPORTSimpleHelp OIDC Bypass LetCobalt Strike
scroll to zoom · drag to pan · click IOC to open