[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fVVsZr4BVIWNUq7W8SLaLOFsLbyE5SaYYhG54Ap2DSc0":3},{"article":4,"iocs":38},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":28,"category":29,"article_tags":32},"e5ee3503-f02a-4a85-b5c6-54a678042a32","PHANTOMPULSE routes C2 through Ethereum\u002FBase\u002FOptimism transaction inputs.\n\nThe blockchain resolve...","phantompulse-routes-c2-through-ethereum-base-optimism-transaction-inputs-the-blo-b1170d","PHANTOMPULSE routes C2 through Ethereum\u002FBase\u002FOptimism transaction inputs.\n\nThe blockchain resolver has zero sender verification.\n\nThat means one transaction from a defender overrides the C2 URL for every active implant simultaneously.\n\n@soolidsnakee reverse-engineered the full https:\u002F\u002Ft.co\u002FCWf3N3WsvJ","PHANTOMPULSE is a malware variant that routes command-and-control traffic through blockchain transaction inputs on Ethereum, Base, and Optimism networks. The implementation lacks sender verification, meaning a single defensive transaction can override the C2 URL for all active implants simultaneously. Security researcher @soolidsnakee has reverse-engineered the full mechanism.","PHANTOMPULSE malware uses Ethereum\u002FBase\u002FOptimism blockchain transactions for C2 with no sender verification.",null,"https:\u002F\u002Fx.com\u002Felasticseclabs\u002Fstatus\u002F2062893432805191858","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHKDepKtXIAANnwM.jpg","2026-06-05T13:44:55+00:00","2026-06-05T14:00:05.34031+00:00",8,[18,21,24,26],{"name":19,"type":20},"@soolidsnakee","threat_actor",{"name":22,"type":23},"Ethereum","technology",{"name":25,"type":23},"Base",{"name":27,"type":23},"Optimism","89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5",{"id":28,"icon":11,"name":30,"slug":31},"Malware","malware",[33],{"category":34},{"id":35,"icon":11,"name":36,"slug":37},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[39],{"type":31,"value":40,"context":41},"PHANTOMPULSE","Malware using blockchain-based C2 through Ethereum\u002FBase\u002FOptimism transaction inputs"]