SparkKitty
AlienVault
· Published 21/12/2025 15:06 · Modified 21/12/2025 15:06
Essential information
- Confidence
- 100/100
- Is family
- No
- Published
- 21/12/2025 15:06
- Modified
- 21/12/2025 15:06
- Revoked
- No
- Author / Source
- AlienVault
- Related entities
- 25 attack patterns (mitre), 1 countries, 67 indicators, 2 reports
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (25)
-
T1132.001 usesStandard Encoding
-
T1070.004 usesFile Deletion
-
T1528 usesSteal Application Access Token
-
T1566 usesPhishing
-
T1204.002 usesMalicious File
-
T1553 usesSubvert Trust Controls
-
T1539 usesSteal Web Session Cookie
-
T1036.001 usesInvalid Code Signature
-
T1608 usesStage Capabilities
-
T1036 usesMasquerading
-
T1140 usesDeobfuscate/Decode Files or Information
-
T1055.001 usesDynamic-link Library Injection
-
T1056.002 usesGUI Input Capture
-
T1055 usesProcess Injection
-
T1555 usesCredentials from Password Stores
-
T1027 usesObfuscated Files or Information
-
T1497 usesVirtualization/Sandbox Evasion
-
T1176 usesSoftware Extensions
-
T1036.005 usesMatch Legitimate Resource Name or Location
-
T1041 usesExfiltration Over C2 Channel
-
T1106 usesNative API
-
T1071.001 usesWeb Protocols
-
T1534 usesInternal Spearphishing
-
T1573 usesEncrypted Channel
-
T1056 usesInput Capture
Countries (1)
- China targets
Indicators (67)
-
accgngrid.comindicates -
crypto-stroe.ccindicates -
i.bicoin.com.cnindicates -
https://helllo2025.com/api/open/postByTokenpocketindicates -
5b4d879862d8bd8af65a4151967990ef830b8c41a812cfa22fa117b54dcc0da6indicates -
https://appstoreios.com/DjZH?key=646556306F6Q465O313L737N3332939Y353I830F31indicates -
https://api.npoint.io/153b165a59f8f7d7b097indicates -
https://iosfc.com/ledger/ios/Rsakeycatch.phpindicates -
https://mgi1y.siyangoil.com/vmzLvi4Dh/1Dd0m4BmAuhVVCbzFindicates -
byteepic.vipindicates -
https://yjzhengruol.com/s/3f605findicates -
moabc.vipindicates -
https://kkkhhhnnn.com/api/open/postByTokenpocketindicates -
https://mziyytm5ytk.ahroar.com/kAN2pIEaariFb8Ycindicates -
https://ngy2yjq0otlj.ahroar.com/EpCXMKDMx1roYGJindicates -
kkkhhhnnn.comindicates -
https://mti4ywy4.lahuafa.com/UVB2U/mw2ZmvXKUEbzI0nindicates -
https://xz.apps-store.im/DjZH?key=646B563L6F6N4657313B737U3436335E3833331737indicates -
appstoreios.comindicates -
https://nmu8n.com/tpocket/ios/Rsakeyword.phpindicates -
yjzhengruol.comindicates -
https://xz.apps-store.im/s/dDan?key=646756376F6A465D313L737J333993473233038L39&c=indicates -
yjhjymfjnj.wyxbmh.cnindicates -
https://ntm0mdkzymy3n.oukwww.com/jFms03nKTf7RIZN8?61f68b07f8=0565364633b5acdd24a498a6a9ab4ecaindicates -
https://sxsfcc.com/api/open/postByTokenpocketindicates -
ntm0mdkzymy3n.oukwww.comindicates -
https://ngy2yjq0otlj.ahroar.com/17pIWJfr9DBiXYrSbindicates -
api.fxsdk.comindicates -
https://api.dc1637.xyzindicates -
https://xz.apps-store.im/CqDq?key=646R563V6F6Y465K313J737G343C3352383R336O35indicates -
https://odm0.siyangoil.com/TYTmtV8t/JG6T5nvM1AYqAcNindicates -
6688cf.jhxrpbgq.comindicates -
https://139.180.139.209/prod-api/system/confData/getUserConfByKey/indicates -
lt.laoqianf14.topindicates -
https://crypto-stroe.cc/indicates -
mti4ywy4.lahuafa.comindicates -
api.dc1637.xyzindicates -
9ca063d5716155d9e70ebda9370655c65dcf82bd013cc4b8fa7ebc4cee564073indicates -
mtjln.siyangoil.comindicates -
https://ntm0mdkzymy3n.oukwww.com/7nhn7jvv5YieDe7P?0e7b9c78e=686989d97cf0d70346cbde2031207cbfindicates -
https://xz.apps-store.im/s/iuXt?key=646Y563Y6F6H465J313X737U333S9342323N030R34&c=indicates -
xt.xinqianf38.topindicates -
cdbe32fcb10606846035fff7c2f54d1b4306ef08c69364b9699b41dc695f41cdindicates -
https://zdrhnmjjndu.ulbcl.com/7uchSEp6DIEAqux?a3f65e=417ae7f384c49de8c672aec86d5a2860indicates -
lt.laoqianf15.topindicates -
zdrhnmjjndu.ulbcl.comindicates -
nziwytu5n.lahuafa.comindicates -
lt.laoqianf51.topindicates -
https://nziwytu5n.lahuafa.com/10RsW/mw2ZmvXKUEbzI0nindicates -
mziyytm5ytk.ahroar.comindicates -
www.gxzhrc.cnindicates -
sxsfcc.comindicates -
https://www.gxzhrc.cn/download/indicates -
xz.apps-store.imindicates -
iosfc.comindicates -
ce5cb685b831d3eec4c86ca50b110827e7ad1f0e4fec41c4e4f87dcd97f262cbindicates -
https://mtjln.siyangoil.com/08dT284P/1ZMz5Xmb0EoQZVvS5indicates -
https://6688cf.jhxrpbgq.com/6axqkwuqindicates -
https://zmx6f.com/btp/ios/receiRsakeyword.phpindicates -
helllo2025.comindicates -
odm0.siyangoil.comindicates -
zmx6f.comindicates -
https://zdrhnmjjndu.ulbcl.com/tWe0ASmXJbDz3KGh?4a1bbe6d=31d25ddf2697b9e13ee883fff328b22findicates -
nmu8n.comindicates -
mgi1y.siyangoil.comindicates -
h1997.tiktokapp.clubindicates -
ngy2yjq0otlj.ahroar.comindicates
Reports (2)
-
AlienVault Confidence 100 23 MITREs 2 Malwares 53 IOCs 53 ObservablesPublished 20/04/2026 12:25 · Modified 20/04/2026 16:54 · threat-report
-
1 MITRE 2 Malwares 20 ObservablesPublished 23/06/2025 09:21 · Modified 24/06/2025 14:24