Skip to content

HIGH_RISK_HACKING_TOOLS (1) campaign cataloged at 2025-11-23(2).

  1. Packages that are very likely to be used to build or as part of a malware, in most cases. They are not malicious on their own, but are quite a good indicator of something suspicious
  2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2025-11-ismoiloff

Package offers downloading and executing remote code. This requires user interaction, however, the linked Telegram channel seems to offer code to abuse other services

Abuse categories

obfuscation

Campaign uses obfuscation.

remote_script

Downloads and executes a remote malicious script.

URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.

  • hxxps://new.u11240.xvest3.ru/Device/2.0/getcoder.php

  • new.u11240.xvest3.ru

  • hxxps://t.me/updatesismoiloff

Packages in the campaign

campaign:2025-11-ismoiloff