← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2025-12-28 - ClearFake/Unknown malware/DragonForce
WHITE pduggusa 2025-12-28 Modified: 2026-01-27
125
IOCs
HIGH VOLUME
Automated OSINT sweep from ThreatFox. Top malware: ClearFake(89), Unknown malware(85), DragonForce(34), AsyncRAT(33), Mirai(27). Source: abuse.ch ThreatFox API. SSL enriched: 51 IPs with HTTPS, 8 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
osint-volleythreatfoxautomatedclearfakeunknown-malwaredragonforcec2-infrastructure
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
ClearFake Unknown malware DragonForce AsyncRAT Mirai
Indicators of Compromise (9 / 125 total)
All URL hostname domain FileHash-MD5
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 ef846baabc14fe461cff4c4a0fd5056f ThreatFox: Nova Stealer - payload 2025-12-28
FileHash-MD5 4566f5ba6d1a1db0dd7794ea8d791b3f ThreatFox: Nova Stealer - payload 2025-12-28
FileHash-MD5 66ca089cd347d18ae8ab200a4e7602a5 ThreatFox: Nova Stealer - payload 2025-12-28
FileHash-MD5 45ac577dcbf721988b49768497ba3bb8 ThreatFox: Nova Stealer - payload 2025-12-28
FileHash-MD5 4b93b2341974f36c9e464632e94d68b3 ThreatFox: Nova Stealer - payload 2025-12-28
FileHash-MD5 826cc4ca915f9a49ec28b119a6655a5b ThreatFox: Nova Stealer - payload 2025-12-28
FileHash-MD5 c9f3f7a6a36a43c295afa2352c97d1c3 ThreatFox: Nova Stealer - payload 2025-12-28
FileHash-MD5 05f1a39c0902297debceb4c9c4c6674c ThreatFox: DragonForce - payload 2025-12-28
FileHash-MD5 e67e7b8e0fb6baff4f25bb05dd5a5e21 ThreatFox: DragonForce - payload 2025-12-28
References (2)
↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch