Public IIM Chain Search

Search the infrastructure layer.

Query published IIM chains from Mantis. Plain text works for quick pivots; IIMQL works when you want roles, relations, entities, and actual chain structure. Very wild concept: search the thing we modelled.

Latest chains C2 nodes Domains Entry to payload Drops payload Actor contains UAC More examples + docs

17chains

11actors

142entities

7relation types

PLAIN query

1 chains found

1 raw match rows before grouping. Results link back to the public feed view.

JSON API

confirmed 13 entities 13 relations

Gamaredon 2025 zero-click RAR to Pteranodon and rotating C2 infrastructure

UAC-0010

IIM chain for the November 2025 Gamaredon zero-click delivery path: a Ukraine-themed RAR archive abuses CVE-2025-6218/CVE-2025-8088 style archive delivery to place an HTA in the Windows Startup folder. The HTA/loader reaches DynDNS-backed delivery infrastructure, retrieves/launches Pteranodon, and then uses Telegram/graph.org dead-drop resolver infrastructure plus DynDNS/Fast-Flux C2 nodes for tasking and payload rotation.

entryentrystagingstagingpayloadredirectorredirectorredirector +5