THREATNOIR
Subscribe
Back to Feed
Threat IntelligenceApr 9, 2026

"since December" At least since November. And if you look at the relations of 188.214.34[.]20 (th...

Threat actor infrastructure linked to malware campaign active since November with persistent C2 domains.

Read at source

Summary

Security researchers identified malicious infrastructure associated with a threat campaign active at least since November 2024. The investigation revealed an IP address (188.214.34.20) hosting malicious samples and C2 domains, including a subdomain of ado-read-parser.com that continues to resolve to the attacker's infrastructure.

Indicators of Compromise

  • ip — 188.214.34.20
  • domain — ado-read-parser.com
  • domain — zx.ado-read-parser.com