IOC pivotioc · domain
api[.]gupdate[.]net
IR · IranPioneer Kittenconfidence · high
Recent infrastructure domain listed in Table 10 of CISA AA24-241A (FBI/CISA/DC3 joint advisory, 28 Aug 2024) on Iran-based Pioneer Kitten / Fox Kitten / UNC757 / Parisite / Lemon Sandstorm / Br0k3r enabling ransomware affiliates NoEscape, RansomHouse and ALPHV/BlackCat. First observed September 2022, most recently August 2024.
- first seen
- Aug 31, 2022
- publisher
- CISA