IOC: https://kmsauto.us/someone/start.ps1 – Securitricks

216.73.216.36

Indicator (IOC)

stix Revoked AlienVault · Published 20/12/2025 21:24 · Modified 20/12/2025 21:55

Essential information

Value / Name: https://kmsauto.us/someone/start.ps1
Confidence: 100/100
Revoked: Yes
Valid from: 12/08/2022 16:58
Valid until: 28/09/2022 16:58
Pattern type: stix
Published: 20/12/2025 21:24
Modified: 20/12/2025 21:55
Author / Source: AlienVault

Description

ASCII text, with very long lines, with no line terminators 08f491d46a9d05f1aebc83d724ca32c8063a2613250d50ce5b7e8ba469680605

Pattern

[url:value = 'https://kmsauto.us/someone/start.ps1']

Labels / Tags

Labels: apt bluesky conti ransomware redline

Marking (TLP)

TLP:CLEAR