psyc operations cockpit model
NN-sc — Security/Control
← back to cases

PSYC-OTX-69e9d8ba4c0b0df25b764711

▶ case journey

OTX: Malicious Campaign Deploying AdaptixC2 Beacon and VS Code via Trojanized SumatraPDF

The full record for one case — how Classifyline rated it, what Scoutline observed, the evidence Sealine encrypted, where Routeline may send it, and every ledger entry it produced.

how to use this view

How to use. Read the cards top-to-bottom — classification, observables, sealed package, routes, ledger. Hit ▶ case journey for the animated walk-through.

What you're seeing. Every worker line's output for this one case: how it was rated, what was observed, what was encrypted and to whom, where it would route, and the audit rows it produced.

Why it matters. Nothing sensitive leaves psyc without a human seeing the full reasoning chain — this page is that chain, for one case.

Classification

Severity
medium
TLP
GREEN
Incident type
malware
Internal class
D

Confidence

Level
low
Source reliability
C
Information credibility
3

Source

Type
threat_intel
Reference
https://otx.alienvault.com/pulse/69e9d8ba4c0b0df25b764711
Observed
2026-04-23 08:30 UTC
Ingested
2026-05-25 14:56 UTC

Observables

URLs

  • https://47.76.236.58:4430/Divide/developement/GIZWQVCLF
  • https://47.76.236.58:4430/Originate/contacts/CX4YJ5JI7RZ
  • https://stg.lsmartv.com:8443/Divide/developement/GIZWQVCLF
  • https://stg.lsmartv.com:8443/Originate/contacts/CX4YJ5JI7RZ

Domains

  • 47.76.236.58
  • stg.lsmartv.com
  • stg.lsmartv.com

Hashes

  • 2d7cc3646c287d6355def362916c6d26
  • 3238d2f6b9ea9825eb61ae5e80e7365c
  • 67fcf5c21474d314aa0b27b0ce8befb2
  • 71fa755b6ba012e1713c9101c7329f8d
  • 89daa54fada8798c5f4e21738c8ea0b4
  • 9a69b717ec4e8a35ae595aa6762d3c27
  • c620b4671a5715eec0e9f3b93e6532ba
  • e2dc48ef24da000b8fc1354fa31ca9ae
  • 19e3c4df728e3e657cb9496cd4aaf69648470b63
  • 2c65433696037f4ce0f8c9a1d78bdd6835c1b94d
  • 343be0f2077901ea5b5b9fb97d97892ac1a907e6
  • 401cc16d79d94c32da3f66df21d66ffd71603c14
  • 6c68dc2e33780e07596c3c06aa819ea460b3d125
  • adb47733c224fc8c0f7edc61becb578e560435ab
  • bd618c9e1e10891fe666839650fa406833d70afd
  • c2051635ccfdc0b48c260e7ceeee3f96bf026fea
  • 3936f522f187f8f67dda3dc88abfd170f6ba873af81fc31bbf1fdbcad1b2a7fb
  • 3c29c72a59133dd9eb23953211129fd8275a11b91a3b8dddb3c6e502b6b63edb
  • 47c7ce0e3816647b23bb180725c7233e505f61c35e7776d47fd448009e887857
  • 6eaea92394e115cd6d5bab9ae1c6d088806229aae320e6c519c2d2210dbc94fe
  • 7a95ce0b5f201d9880a6844a1db69aac7d1a0bf1c88f85989264caf6c82c6001
  • a4f2131eb497afe5f78d8d6e534df2b8d75c5b9b565c3ec17a323afe5355da26
  • aeec65bac035789073b567753284b64ce0b95bbae62cf79e1479714238af0eb7
  • b92a3a1cf5786b6e08643483387b77640cd44f84df1169dd00efde7af46b5714

Routes

2 allowed · 2 blocked
MISP-Community priority 2 · stix_indicators · max_tlp AMBER
URLhaus priority 3 · malware_url_report · max_tlp GREEN
CERT-Bund country_mismatch
AbuseIPDB tlp_exceeded