Pulse Detail — Threat Intelligence

PULSE NAME

OSINT Volley 2026-01-17 - Unknown Stealer/Unknown malware/AsyncRAT

WHITE pduggusa 2026-01-17 Modified: 2026-02-16

193

IOCs

HIGH VOLUME

Automated OSINT sweep from ThreatFox. Top malware: Unknown Stealer(162), Unknown malware(41), AsyncRAT(27), DeimosC2(27), Cobalt Strike(10). Source: abuse.ch ThreatFox API. SSL enriched: 32 IPs with HTTPS, 11 self-signed (C2 candidates). Pattern 54: sweep→volley automation.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1071.001 T1105 T1059.001 T1219 T1056.001 T1055 T1027

MALWARE FAMILIES

Unknown Stealer Unknown malware AsyncRAT DeimosC2 Cobalt Strike

Indicators of Compromise (5 / 193 total)

All hostname URL domain

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/asset64-bundle-resolver/timestep-sim20	ThreatFox: ClearFake - payload_delivery	2026-01-17
URL	https://chromium.report.tech.b55081fa-9cd1-48c2-95d4-efe.crashnotify.org/browser/chrome?uuid=null	ThreatFox: Unknown malware - payload_delivery	2026-01-17
URL	http://45.92.29.74/1.sh	ThreatFox: Unknown malware - payload_delivery	2026-01-17
URL	http://45.92.29.74/wget.sh	ThreatFox: Unknown malware - payload_delivery	2026-01-17
URL	https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/asset64-bundle-resolver/timeline-buffer-x32	ThreatFox: ClearFake - payload_delivery	2026-01-17

References (2)

↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch