← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2026-01-17 - Unknown malware/DeimosC2/Cobalt Strike
Automated OSINT sweep from ThreatFox. Top malware: Unknown malware(62), DeimosC2(27), Cobalt Strike(10), AsyncRAT(8), ClearFake(6). Source: abuse.ch ThreatFox API. SSL enriched: 38 IPs with HTTPS, 12 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
MITRE ATT&CK & Malware Families
Indicators of Compromise (62)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| URL | https://chromium.report.tech.b55081fa-9cd1-48c2-95d4-efe.crashnotify.org/browser/chrome?uuid=null | ThreatFox: Unknown malware - payload_delivery | 2026-01-17 | |
| URL | http://45.92.29.74/1.sh | ThreatFox: Unknown malware - payload_delivery | 2026-01-17 | |
| URL | http://45.92.29.74/wget.sh | ThreatFox: Unknown malware - payload_delivery | 2026-01-17 | |
| URL | https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/asset64-bundle-resolver/timeline-buffer-x32 | ThreatFox: ClearFake - payload_delivery | 2026-01-17 | |
| hostname | chirtyfivev.crabdance.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-17 | |
| URL | https://schorlf.cyou/api | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-17 | |
| URL | https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/streaming-core-720p/shard-affinity-router | ThreatFox: ClearFake - payload_delivery | 2026-01-17 | |
| URL | https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/streaming-core-720p/worldstate | ThreatFox: ClearFake - payload_delivery | 2026-01-17 | |
| URL | http://89.110.69.65 | ThreatFox: Stealc - botnet_cc | 2026-01-17 | |
| hostname | popapopa-41352.portmap.host | ThreatFox: Quasar RAT - botnet_cc | 2026-01-17 | |
| hostname | hulk88-35315.portmap.host | ThreatFox: AsyncRAT - botnet_cc | 2026-01-17 | |
| hostname | network000.ddns.net | ThreatFox: XWorm - botnet_cc | 2026-01-17 | |
| domain | looppli.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-17 | |
| domain | civiliq.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-17 | |
| domain | directi.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-17 | |
| hostname | www.windows-updates.us | ThreatFox: Cobalt Strike - botnet_cc | 2026-01-17 | |
| URL | https://app.quietnetpro.com/browser/chrome?uuid=null | ThreatFox: Unknown malware - payload_delivery | 2026-01-17 | |
| URL | https://app.getauroravpn.com/browser/chrome?uuid=null | ThreatFox: Unknown malware - payload_delivery | 2026-01-17 | |
| URL | https://chromium.report.tech.b21822va-72if4-j3ar-k4618.verifycores.com/browser/chrome?uuid=56cd5f6f-5d05-42b5-8e08-07da3c51b1c3%20=!= | ThreatFox: Unknown malware - payload_delivery | 2026-01-17 | |
| URL | https://gogisich.com/browser/chrome?uuid=null | ThreatFox: Unknown malware - payload_delivery | 2026-01-17 | |
| URL | https://forreststonesolutions.com/robots/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-17 | |
| URL | https://strategicshift.au/robots/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-17 | |
| URL | https://habibitravel.co.id/captha/ | ThreatFox: Unknown malware - payload_delivery | 2026-01-17 | |
| URL | http://116.62.129.19:65510/dOIa | ThreatFox: Cobalt Strike - botnet_cc | 2026-01-17 | |
| hostname | leshanapas-64300.portmap.host | ThreatFox: AsyncRAT - botnet_cc | 2026-01-17 | |
| hostname | get-comp.gl.at.ply.gg | ThreatFox: XWorm - botnet_cc | 2026-01-17 | |
| URL | https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/worldstate-27-delta-vsync/shard-manager | ThreatFox: ClearFake - payload_delivery | 2026-01-17 | |
| hostname | mythic.ccdcscoring.net | ThreatFox: Unknown malware - botnet_cc | 2026-01-17 | |
| URL | https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/worldstate-27-delta-vsync/replication-worker20 | ThreatFox: ClearFake - payload_delivery | 2026-01-17 | |
| URL | https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/feel354-wool1364-carol-739/iguana-v274 | ThreatFox: ClearFake - payload_delivery | 2026-01-17 | |
| URL | https://007consultoriafinanceira.net/girasol/receptor.php | ThreatFox: Unknown malware - botnet_cc | 2026-01-17 | |
| domain | 007consultoriafinanceira.net | ThreatFox: Unknown malware - botnet_cc | 2026-01-17 | |
| hostname | buglwf041.localto.net | ThreatFox: SpyNote - botnet_cc | 2026-01-17 | |
| URL | http://91.92.243.147 | ThreatFox: Stealc - botnet_cc | 2026-01-17 | |
| hostname | goto.166bet.com.br | ThreatFox: AsyncRAT - botnet_cc | 2026-01-17 | |
| hostname | goto.psp.jpn.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-17 | |
| hostname | legendify-42335.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-01-17 | |
| hostname | xxblessingsxtras.duckdns.org | ThreatFox: XWorm - botnet_cc | 2026-01-17 | |
| domain | greatlyspeak.co.za | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-17 | |
| URL | https://oconneln.com/6b5f.js | ThreatFox: KongTuke - payload_delivery | 2026-01-17 | |
| domain | oconneln.com | ThreatFox: KongTuke - payload_delivery | 2026-01-17 | |
| URL | https://oconneln.com/js.php | ThreatFox: KongTuke - payload_delivery | 2026-01-17 | |
| FileHash-MD5 | d8fbe7bd2d399131611c9a57541e4444 | ThreatFox: Unknown malware - payload | 2026-01-17 | |
| FileHash-MD5 | 9810bc6f3c8a0cfebf10aa1ac18a94fe | ThreatFox: Unknown malware - payload | 2026-01-17 | |
| FileHash-MD5 | e0d83d943cb03dc982a9cceae3324575 | ThreatFox: Unknown malware - payload | 2026-01-17 | |
| FileHash-MD5 | 9e80e5794cd8447e3bae73f8e43eb93a | ThreatFox: Unknown malware - payload | 2026-01-17 | |
| FileHash-MD5 | 91b64dea4d5b91b552af9af3e73b21e9 | ThreatFox: Unknown malware - payload | 2026-01-17 | |
| FileHash-MD5 | d66e63db75816f1612ee66e5ef80a1a1 | ThreatFox: Unknown malware - payload | 2026-01-17 | |
| FileHash-MD5 | 0f85e1cc2090e3426eb24011c2bb4b98 | ThreatFox: Unknown malware - payload | 2026-01-17 | |
| FileHash-MD5 | 79f3be41931e1e32559980fbe037862b | ThreatFox: Unknown malware - payload | 2026-01-17 | |
| FileHash-MD5 | d52fa479098e9ca3d5f28191311f588c | ThreatFox: Unknown malware - payload | 2026-01-17 | |
| FileHash-MD5 | 4cadd3e503e79af2161d857f71e60d31 | ThreatFox: Unknown malware - payload | 2026-01-17 | |
| FileHash-MD5 | b51568fb3a22f9816fe412dc01e3ae34 | ThreatFox: Unknown malware - payload | 2026-01-17 | |
| FileHash-MD5 | 5ab6ef0270b38a93d1620c90965cb456 | ThreatFox: Unknown malware - payload | 2026-01-17 | |
| FileHash-MD5 | 467360d71126e9ca886ee8929bf0fd36 | ThreatFox: Unknown malware - payload | 2026-01-17 | |
| FileHash-MD5 | 5474a41d142f72654c46c45cce1e602c | ThreatFox: Unknown malware - payload | 2026-01-17 | |
| FileHash-MD5 | a38cb0f56f5dd6bdae50079078813293 | ThreatFox: Unknown malware - payload | 2026-01-17 | |
| FileHash-MD5 | 6fc4b4e2abf47a4484c7d59704f34c0b | ThreatFox: Unknown malware - payload | 2026-01-17 | |
| FileHash-MD5 | d1f3e8aca0c9d86982c0b60400961a08 | ThreatFox: Unknown malware - payload | 2026-01-17 | |
| FileHash-MD5 | 7d839393902da99828af8a4abd260254 | ThreatFox: Unknown malware - payload | 2026-01-17 | |
| FileHash-MD5 | 7a254f2a75ddb5bb500c08dfc10b26f5 | ThreatFox: Unknown malware - payload | 2026-01-17 | |
| FileHash-MD5 | 83f9ae3c31db07746f0a3ea44a33dbb3 | ThreatFox: Unknown malware - payload | 2026-01-17 |