{
  "metadata": {
    "generator": "Bulwark Black IOC Extractor",
    "source": "https://bulwarkblack.com/zerobot-malware-targets-n8n-automation-platform-first-active-exploitation-of-cve-2025-68613/",
    "fang": "live",
    "exported_at": "2026-07-15T22:58:22Z",
    "total": 18,
    "categories": 5
  },
  "iocs": {
    "IPv4": [
      "103.59.160.237",
      "140.233.190.96",
      "144.172.100.228",
      "172.86.123.179",
      "216.126.227.101"
    ],
    "Domains": [
      "0bot.qzz.io",
      "andro.notemacro.com",
      "pivot.notemacro.com"
    ],
    "URLs": [
      "notemacro.com",
      "qzz.io"
    ],
    "sha256": [
      "045a1e42cb64e4aa91601f65a80ec5bd040ea4024c6d3b051cb1a6aa15d03b57",
      "360467c3b733513c922b90d0e222067509df6481636926fa1786d0273169f4da",
      "c8e8b627398ece071a3a148d6f38e46763dc534f9bfd967ebc8ac3479540111f",
      "cc1efbca0da739b7784d833e56a22063ec4719cd095b16e3e10f77efd4277e24",
      "d024039824db6fe535ddd51bc81099c946871e4e280c48ed6e90dada79ccfcc7",
      "deb70af83a9b3bb8f9424b709c3f6342d0c63aa10e7f8df43dd7a457bda8f060"
    ],
    "CVEs": [
      "CVE-2025-68613",
      "CVE-2025-7544"
    ]
  }
}