REDSHARK

Cyber SOC
2026-06-11 12:21:14 (GMT+8)Live Intel
Risk Posture
Elevated
Live Feed
MEDIUMhttps://selfie-verify.live/cgi-bin/.%2e/.%2e/etc/passwdurlNorth Korea
HIGH93f4c0aab7dc73718a272f40411f6cbdhashIran
MEDIUMhttps://secure-update.ru/phpmyadmin/index.phpurlPakistan
MEDIUMhttps://selfie-verify.cn/admin/loginurlIran
MEDIUM3bc9379ff3869a9f3070401222f35e4c514c23f2hashBulgaria
MEDIUMlazada-prize-c789.xyzdomainRussia
LOW6a4ef45d9b44ce7f492024dd8f13e6c17875db07hashUkraine
LOWhttps://lazada-prize.info/manager/htmlurlRussia
HIGHshopee-promo-fb24.clickdomainNigeria
LOWtnb-rebate-20e6.xyzdomainTurkey
LOWmyeg-services-542a.cndomainNorth Korea
LOWhttps://secure-update.xyz/.envurlBulgaria
MEDIUMhttps://selfie-verify.live/cgi-bin/.%2e/.%2e/etc/passwdurlNorth Korea
HIGH93f4c0aab7dc73718a272f40411f6cbdhashIran
MEDIUMhttps://secure-update.ru/phpmyadmin/index.phpurlPakistan
MEDIUMhttps://selfie-verify.cn/admin/loginurlIran
MEDIUM3bc9379ff3869a9f3070401222f35e4c514c23f2hashBulgaria
MEDIUMlazada-prize-c789.xyzdomainRussia
LOW6a4ef45d9b44ce7f492024dd8f13e6c17875db07hashUkraine
LOWhttps://lazada-prize.info/manager/htmlurlRussia
HIGHshopee-promo-fb24.clickdomainNigeria
LOWtnb-rebate-20e6.xyzdomainTurkey
LOWmyeg-services-542a.cndomainNorth Korea
LOWhttps://secure-update.xyz/.envurlBulgaria
Critical
93
High
27
Medium
61
Low
0
Total Active IOCs
181

Geospatial Threat Map

Global·Live

24H Incident Timeline

07152229
11:37
13:37
15:37
17:37
19:37
21:37
23:37
01:37
03:37
05:37
07:37
09:37
low
medium
high
critical

Executive AI Briefing

10:37

Malaysia Threat Posture — live indicators across the feed

RedShark aggregates indicators of compromise from OTX (AlienVault), AbuseIPDB, ThreatFox (abuse.ch) and VirusTotal. The dominant attack vector observed is T1498 Network Denial of Service, with concentrated targeting of Kuala Lumpur and surrounding regions. Real attack severity and timing are mapped onto Malaysian ASN ranges (TM Net, Maxis, GovNet, TIME dotCom) to provide a localised SOC view; the most common indicator types observed are HASH, IP and DOMAIN.

Key Highlights
  • Top vector: T1498 Network Denial of Service
  • Most targeted region: Kuala Lumpur
  • Top sources: OTX, AbuseIPDB, ThreatFox, VirusTotal
  • Hash + IP + Domain dominate the indicator mix

Recommended Actions

Stop unauthorised egress

Enforce DLP rules, monitor large outbound transfers, and disable unnecessary cloud storage / file-sharing endpoints.

MITRET1498

High severity surge

114 high-severity indicators observed. Escalate to Tier-2 review and expand IOC blocklists across firewalls and EDR.

SEVERITYHigh

Geographic concentration in Kuala Lumpur

80 indicators (16.9%) target Kuala Lumpur. Issue a regional CERT-MY advisory and brief local infrastructure operators.

REGIONKuala Lumpur

Update endpoint signatures

Distribute the 169 malicious hashes to AV / EDR vendors and run a retroactive sweep across endpoints.

CONTROLEndpoint

Diversify intelligence sources

Cross-validate signals from OTX, AbuseIPDB, ThreatFox and VirusTotal. Avoid single-source bias when triaging high-severity IOCs.

COVERAGEMulti-source

Maintain proactive hardening

Enforce MFA, patch SLAs (critical ≤72h), least-privilege access, and weekly tabletop exercises against the top observed TTPs.

POSTUREBaseline

Rotate exposed credentials

Force credential resets for accounts in regions with a high volume of brute-force / valid-account indicators and audit recent VPN logins.

CONTROLIdentity

Apply network ACLs

Block source ranges feeding the top targeted IPs and rate-limit inbound traffic to Kuala Lumpur edge gateways.

CONTROLNetwork

Most Targeted IPs

MalaysiaLive MY
Target IPASNRegionIncidentsTop SeverityLast Hit
202.75.167.153AS4788 TM NetKuala Lumpur17critical2026-06-11 12:00
203.106.9.169AS24514 GovNetPutrajaya12critical2026-06-11 12:11
203.106.190.172AS4788 TM NetKuala Lumpur12critical2026-06-11 11:55
175.137.158.188AS17971 TM-SabahKota Kinabalu10critical2026-06-11 09:16
210.187.222.223AS4788 TM NetKuala Lumpur10critical2026-06-11 10:13
115.132.189.45AS17971 TM-SabahKota Kinabalu10critical2026-06-11 11:30
180.74.189.57AS9534 MaxisJohor Bahru9critical2026-06-11 11:27
218.111.235.41AS4788 TM NetKuantan9critical2026-06-11 11:30
203.106.185.1AS4788 TM NetKuala Lumpur9critical2026-06-11 09:00
180.74.142.126AS4788 TM NetKuala Lumpur9critical2026-06-11 11:28
113.210.134.1AS4788 TM NetKuantan8critical2026-06-11 09:44
121.121.185.32AS9930 TIME dotComPetaling Jaya8critical2026-06-11 12:00
218.111.63.253AS24514 GovNetCyberjaya8critical2026-06-11 12:00
115.132.95.192AS24514 GovNetPutrajaya8critical2026-06-11 12:11
202.75.229.78AS9534 MaxisJohor Bahru8critical2026-06-11 12:00
180.74.238.133AS4788 TM NetKuala Terengganu7critical2026-06-11 08:35
203.106.61.108AS4788 TM NetIpoh7critical2026-06-11 07:19
203.106.184.49AS17971 TM-SabahSandakan7critical2026-06-11 09:43
121.121.46.244AS17971 TM-SarawakMiri7critical2026-06-11 10:52
180.74.33.32AS9930 TIME dotComSeremban6critical2026-06-11 08:34

Top MITRE Attack Vectors

T1498Network Denial of Service
Impact
42
T1567Exfiltration Over Web Service
Exfiltration
37
T1566Phishing
Initial Access
36
T1059Command and Scripting Interpreter
Execution
34
T1071Application Layer Protocol
Command and Control
34
T1486Data Encrypted for Impact
Impact
31
T1110Brute Force
Credential Access
31
T1003OS Credential Dumping
Credential Access
31
T1499Endpoint Denial of Service
Impact
31
T1190Exploit Public-Facing Application
Initial Access
29

Recent Indicators of Compromise

IndicatorTypeSeverityIOC SourceSource IP (Attacker)Target IP (Malaysia)Target RegionFirst SeenConf.
infra-telemetry.comdomainmediumOTX175.137.158.188Kota Kinabalu05-12 08:51
62
cloudservbr.comdomainmediumOTX180.74.189.57Johor Bahru05-12 08:51
62
a5c00451eb50fbafd0440d629fe153ed3e833d9df10d9932a273628438b8088dhashmediumOTX180.74.238.133Kuala Terengganu05-12 08:51
62
46b3efe9877f9d3e4fc4b9547ec213e75938397fdc30828857155238335973e7hashmediumOTX218.111.235.41Kuantan05-12 08:51
62
1c37a58df996dd62449a76e49dd700d9d5fc70739179a92f3a86b6bdf4e1d87ehashmediumOTX113.210.134.1Kuantan05-12 08:51
62
2dbf48e7da928f88d37d5f3560838987a277eafed85612ad841b4edfa59944f3hashmediumOTX203.106.185.1Kuala Lumpur05-12 08:51
62
3b72ef13049bea56198134de13ee54bfb3b327a19dcec20e2d70719bd4379e63hashmediumOTX210.187.222.223Kuala Lumpur05-12 08:51
62
5209edb0076bbb0d08bfeb24fcd1eed714aa1038fe4c30921059bd3c95f83b72hashmediumOTX203.106.9.169Putrajaya05-12 08:51
62
thetruthinfo.comdomainmediumOTX202.75.167.153Kuala Lumpur06-11 07:23
62
catalystglobalsolutions.comdomainmediumOTX115.132.189.45Kota Kinabalu06-11 07:23
62
centrikglobalconsulting.comdomainmediumOTX210.187.222.223Kuala Lumpur06-11 07:23
62
cydfconsulting.comdomainmediumOTX202.75.167.153Kuala Lumpur06-11 07:23
62
finnaclevesperconsulting.comdomainmediumOTX203.106.61.108Ipoh06-11 07:23
62
geoindopacific.comdomainmediumOTX175.137.158.188Kota Kinabalu06-11 07:23
62
gpf-ina.orgdomainmediumOTX121.121.185.32Petaling Jaya06-11 07:23
62
gulfpeace.orgdomainmediumOTX203.106.185.1Kuala Lumpur06-11 07:23
62
msget.rundomainmediumOTX218.111.235.41Kuantan06-10 16:22
62
d4ug.sitedomainmediumOTX180.74.142.126Kuala Lumpur06-10 16:22
62
91.199.163.124ipmediumOTX91.199.163.124203.106.61.108Ipoh06-10 11:58
62
3a6adbe0081b2488e0f137496e92591e0c29148154b2d99faadab9cc435b879bhashmediumOTX202.75.167.153Kuala Lumpur06-10 11:58
62
79f8da9f9fb4ac7c16d9c210f1f6ef418357a3e7bf602b1dd03a490596fa58c5hashmediumOTX218.111.63.253Cyberjaya06-10 11:58
62
fb56e66920c84ef9e51db0ea23144f5755daef97cbff8613b05ab56d0dc9d623hashmediumOTX203.106.184.49Sandakan06-10 11:58
62
fbce30a0c852972fdc24f1b6a7c270512a50ef1a7c6c88c88b92a2dcbdfdd023hashmediumOTX180.74.238.133Kuala Terengganu06-10 11:58
62
CVE-2024-55591cvecriticalOTX218.111.63.253Cyberjaya06-10 11:58
88
3ab9575225e00a83a4ac2b534da5a710bdcf6eb72884944c437b5fbe5c5c9235hashcriticalOTX203.106.61.108Ipoh06-10 11:58
88
4200b46a93c6ab059e2b34ce200c4a5bhashcriticalOTX113.210.134.1Kuantan06-10 11:58
88
42bcc743c71a9ea083c1c750a398110582796762hashcriticalOTX180.74.189.57Johor Bahru06-10 11:58
88
tezwsse5czllksjb7cwp65rvnk4oobmzti2znn42i43bjdfd2prqqkad.oniondomaincriticalOTX218.111.63.253Cyberjaya06-10 11:58
88
http://tezwsse5czllksjb7cwp65rvnk4oobmzti2znn42i43bjdfd2prqqkad.onion/urlcriticalOTX203.106.190.172Kuala Lumpur06-10 11:58
88
ead0d7a8ae0a6ffb7f0a5873fec4ff5ehashcriticalOTX203.106.9.169Putrajaya06-10 11:58
88
39bd9c888d3e8110c127ba60cc727d2538bf7da2hashcriticalOTX203.106.190.172Kuala Lumpur06-10 11:58
88
https://install.app-distribution.net/setup/urlmediumOTX121.121.46.244Miri05-11 11:49
62
a37f6403fbf28fa0b48863287f4c5a5dhashmediumOTX115.132.95.192Putrajaya05-11 11:49
62
http://91.92.242.30/1v07y9e1m6v7thl6urlmediumOTX175.137.158.188Kota Kinabalu05-11 11:49
62
http://91.92.242.30/6wioz8285kcbax6vurlmediumOTX121.121.185.32Petaling Jaya05-11 11:49
62
velvet-parrot.comdomainmediumOTX210.187.222.223Kuala Lumpur05-11 11:49
62
a396ec79d8e33ca984c7ffc7ee4d7d2caa8412eehashmediumOTX203.106.190.172Kuala Lumpur05-11 11:49
62
f0a54f2b44e557854b0a5001c4e10185884af945814786f78b86539014f78a16hashmediumOTX121.121.185.32Petaling Jaya05-11 11:49
62
b488d8d0cb6ee18af9e5800b66ff1ed9hashmediumOTX180.74.238.133Kuala Terengganu05-11 11:49
62
valid.boostedengagement.dedomainhighOTX203.106.190.172Kuala Lumpur06-10 10:57
78
log.evergreenhostingoptions.dedomainhighOTX203.106.9.169Putrajaya06-10 10:57
78
http://log.evergreenhostingoptions.de/UO95w/urlhighOTX115.132.95.192Putrajaya06-10 10:57
78
login.av7551.comdomainhighOTX180.74.33.32Seremban06-10 10:57
78
http://login.av7551.com/common/oauth2/v2.0/authorizeurlhighOTX203.106.185.1Kuala Lumpur06-10 10:57
78
login.kgbpkh6syhgxptsgwkqc93ushhphua422xb7ma.2bd.netdomainhighOTX218.111.235.41Kuantan06-10 10:57
78
admhr.execsuccessmetrics.dedomainhighOTX203.106.184.49Sandakan06-10 10:57
78
http://admhr.execsuccessmetrics.de/HOngH/urlhighOTX121.121.185.32Petaling Jaya06-10 10:57
78
03bbc4fa1fd784276da135ab62fef85aaddea66e6eb176d7e59c3398f818b153hashhighOTX115.132.189.45Kota Kinabalu06-09 20:11
78
b149948bf55a3313d8d355de6d663b7dhashhighOTX121.121.46.244Miri06-09 20:11
78
8cc4649a0f87a927d999ec352a65d88a0335a3cfhashhighOTX210.187.222.223Kuala Lumpur06-09 20:11
78

Made with Emergent