Malwarebox public intelligence surface

IIM Feeds for adversary infrastructure chains.

Published IIM chains from MANTIS, shaped for humans first: browse actor infrastructure, compare role flows, open evidence, and export the canonical JSON when you need the raw model.

community intake

Submit sourced IIM chains for review

local storage, validator, anti-spam cap and contribution board

Analysts can paste a chain directly into the public surface, pass validation and store it as a dated local JSON file for manual Malwarebox review.

source link required 1000/day global cap duplicate filter captcha local
confirmed32
likely7
tentative0
needs review12

IIM Atlas Board

Role matrix of the published feed

10 chains per page, each row opens the full chain view
chain actor conf entryredirectorstagingpayloadc2 edges published
uac-0247-ukrvarta-fpv-dopomoga-2026-03 UAC-0247 - UKRVARTA FPV MB-0006 confirmed 2 UkrVarta humanitarian-aid themed ZI... 1 search-ms:query=lnk&crumb=location:... 4 ukrvarta.online 6 https://ukrvarta.online/dopomoga/up... 1 109.237.97.4 14e / 13r 2026-05-20 17:04:53
Showing 11 of 1 matching chains
Reset
Page 1 of 1. Showing 11 of 1 matching chains, 39 total.

uac-0247-ukrvarta-fpv-dopomoga-2026-03

UAC-0247 - UKRVARTA FPV

confirmed

Campaign chain for a Ukraine-focused lure targeting FPV/UAV-related audiences. The flow starts with a humanitarian-aid themed archive/LNK and HTA delivery layer on ukrvarta.online, moves through external JavaScript and updater.txt payload staging, persists as OneDriveUpdater, injects a decoded shellcode stage into RuntimeBroker.exe, unpacks EncryptedReverseShell.exe, and communicates with 109.237.97.4:8443.

entry entry staging staging staging payload payload
MB-0006 14 entities 13 relations 2026-05-20 17:04:53
IIM-T002 IIM-T015 IIM-T019 IIM-T024 IIM-T026
Open chain analysis