File Indicators of Compromise (IoCs) SHA-1FilenameDetectionDescriptionF5B60A8EAD96703080E73A1F79C3E70FF44DF271spinstall0.aspxMSIL/Webshell.JSWebshell deployed via SharePoint vulnerabilities Network Indicators of Compromise (IoCs) IP AddressDomainHosting ProviderFirst SeenDetails96.9.125[.]147N/ABL Networks2025-07-17IP address exploiting SharePoint vulnerabilities.107.191.58[.]76N/AThe Constant Company, LLC2025-07-18IP address exploiting SharePoint vulnerabilities.104.238.159[.]149N/AThe Constant Company, LLC2025-07-19IP address exploiting SharePoint vulnerabilities.139.59.11[.]66N/ADigitalOcean, LLC2025-07-21IP address exploiting SharePoint vulnerabilities.154.223.19[.]106N/AKaopu Cloud HK Limited2025-07-21IP address exploiting SharePoint vulnerabilities.103.151.172[.]92N/AIKUUU NETWORK LTD2025-07-21IP address exploiting SharePoint vulnerabilities.45.191.66[.]77N/AVIACLIP INTERNET E TELECOMUNICAÇÕES LTDA2025-07-21IP address exploiting SharePoint vulnerabilities.83.136.182[.]237N/AAlina Gatsaniuk2025-07-21IP address exploiting SharePoint vulnerabilities.162.248.74[.]92N/AxTom GmbH2025-07-21IP address exploiting SharePoint vulnerabilities.38.54.106[.]11N/AKaopu Cloud HK Limited2025-07-21IP address exploiting SharePoint vulnerabilities.206.166.251[.]228N/ABL Networks2025-07-21IP address exploiting SharePoint vulnerabilities.45.77.155[.]170N/AVultr Holdings, LLC2025-07-21IP address exploiting SharePoint vulnerabilities.64.176.50[.]109N/AThe Constant Company, LLC2025-07-21IP address exploiting SharePoint vulnerabilities.149.28.17[.]188N/AThe Constant Company, LLC2025-07-22IP address exploiting SharePoint vulnerabilities.173.239.247[.]32N/AGSL Networks Pty LTD2025-07-22IP address exploiting SharePoint vulnerabilities.109.105.193[.]76N/AHaruka Network Limited2025-07-22IP address exploiting SharePoint vulnerabilities.2.56.190[.]139N/AAlina Gatsaniuk2025-07-22IP address exploiting SharePoint vulnerabilities.141.164.60[.]10N/AThe Constant Company, LLC2025-07-22IP address exploiting SharePoint vulnerabilities.124.56.42[.]75N/AIP Manager2025-07-22IP address exploiting SharePoint vulnerabilities.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 24 Jul 2025 17:25:17 +0000