ioc · domain

asq[.]r77vh0[.]pw

Hive affiliate staging server hosting a malicious HTA file used during intrusions, listed in Table 2 of AA22-321A. The .pw infrastructure cluster was seized alongside the Hive back-end on Jan. 26, 2023 in the DOJ/FBI takedown announcement.

family: Hive
first seen: Nov 16, 2022
publisher: CISA

source citation