← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2026-01-23 - Meterpreter/Vidar/Phorpiex
WHITE pduggusa 2026-01-23 Modified: 2026-02-22
67
IOCs
HIGH VOLUME
Automated OSINT sweep from ThreatFox. Top malware: Meterpreter(103), Vidar(41), Phorpiex(39), Nitrogen Ransomware(36), AsyncRAT(28). Source: abuse.ch ThreatFox API. SSL enriched: 47 IPs with HTTPS, 20 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
osint-volleythreatfoxautomatedmeterpretervidarphorpiexc2-infrastructure
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Meterpreter Vidar Phorpiex Nitrogen Ransomware AsyncRAT
Indicators of Compromise (36 / 67 total)
All URL hostname domain
TYPEINDICATORDESCRIPTIONCREATED
URL http://199.217.99.187 ThreatFox: Stealc - botnet_cc 2026-01-23
URL https://bemuseqy.cyou/api ThreatFox: Lumma Stealer - botnet_cc 2026-01-23
URL https://elimnasir.com/private/callback-fetch.js ThreatFox: SmartApeSG - payload_delivery 2026-01-23
URL https://cpajoliette.com/q ThreatFox: SmartApeSG - payload_delivery 2026-01-23
URL https://elimnasir.com/private/profile-ajax.js ThreatFox: SmartApeSG - payload_delivery 2026-01-23
URL https://elimnasir.com/private/api-hook.php ThreatFox: SmartApeSG - payload_delivery 2026-01-23
URL https://steamcommunity.com/profiles/76561198745091601 ThreatFox: Vidar - botnet_cc 2026-01-23
URL https://telegram.me/n1ds03 ThreatFox: Vidar - botnet_cc 2026-01-23
URL https://cbb.borendrokontho.com/ ThreatFox: Vidar - botnet_cc 2026-01-23
URL https://cbb.lidiia.com.ua/ ThreatFox: Vidar - botnet_cc 2026-01-23
URL https://jaskolkki.com/7h9v.js ThreatFox: KongTuke - payload_delivery 2026-01-23
URL https://jaskolkki.com/js.php ThreatFox: KongTuke - payload_delivery 2026-01-23
URL https://helsibreak.com/api/middleware-server.php ThreatFox: SmartApeSG - payload_delivery 2026-01-23
URL https://79.141.172.229/bottle ThreatFox: SmartApeSG - payload_delivery 2026-01-23
URL https://helsibreak.com/api/session-request.js ThreatFox: SmartApeSG - payload_delivery 2026-01-23
URL http://79.141.172.229/throttle ThreatFox: SmartApeSG - payload_delivery 2026-01-23
URL https://inshellter.com/throttle ThreatFox: SmartApeSG - payload_delivery 2026-01-23
URL http://89.125.48.195/9f53354de2964d8b.php ThreatFox: Stealc - botnet_cc 2026-01-23
URL https://bos.sodstreams.com/ ThreatFox: Vidar - botnet_cc 2026-01-23
URL https://bos.bexca.org/ ThreatFox: Vidar - botnet_cc 2026-01-23
URL https://65.109.240.214/ ThreatFox: Vidar - botnet_cc 2026-01-23
URL https://138.226.237.10/ ThreatFox: Vidar - botnet_cc 2026-01-23
URL https://94.141.122.173/ ThreatFox: Vidar - botnet_cc 2026-01-23
URL https://138.226.237.99/ ThreatFox: Vidar - botnet_cc 2026-01-23
URL https://65.108.121.254/ ThreatFox: Vidar - botnet_cc 2026-01-23
URL https://lat.sodstreams.com/ ThreatFox: Vidar - botnet_cc 2026-01-23
URL https://lat.bexca.org/ ThreatFox: Vidar - botnet_cc 2026-01-23
URL https://77.42.48.199/ ThreatFox: Vidar - botnet_cc 2026-01-23
URL https://138.226.236.106/ ThreatFox: Vidar - botnet_cc 2026-01-23
URL https://77.42.48.197/ ThreatFox: Vidar - botnet_cc 2026-01-23
URL https://192.177.26.143/ ThreatFox: Vidar - botnet_cc 2026-01-23
URL http://thammyvienanthea.com/bob1/Panel/five/fre.php ThreatFox: Loki Password Stealer (PWS) - botnet_cc 2026-01-23
URL https://coordenacao2026.writesthisblog.com/resdocb/receptor.php ThreatFox: Unknown malware - botnet_cc 2026-01-23
URL http://195.178.136.19/1.exe ThreatFox: Phorpiex - payload_delivery 2026-01-23
URL http://195.178.136.19/2.exe ThreatFox: Phorpiex - payload_delivery 2026-01-23
URL http://195.178.136.19/3.exe ThreatFox: Phorpiex - payload_delivery 2026-01-23
References (2)
↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch