← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2026-01-24 - Meterpreter/Unknown malware/Ghost RAT
Automated OSINT sweep from ThreatFox. Top malware: Meterpreter(130), Unknown malware(32), Ghost RAT(22), Cobalt Strike(16), SmartApeSG(11). Source: abuse.ch ThreatFox API. SSL enriched: 34 IPs with HTTPS, 14 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
MITRE ATT&CK & Malware Families
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| URL | https://homencck.com/js.php | ThreatFox: KongTuke - payload_delivery | 2026-01-24 | |
| domain | homencck.com | ThreatFox: KongTuke - payload_delivery | 2026-01-24 | |
| URL | https://homencck.com/5s5t.js | ThreatFox: KongTuke - payload_delivery | 2026-01-24 | |
| domain | radiopoljubac.net | ThreatFox: NetSupportManager RAT - botnet_cc | 2026-01-24 | |
| domain | koszulki.net | ThreatFox: NetSupportManager RAT - botnet_cc | 2026-01-24 | |
| domain | wxqdcakvuv.com | ThreatFox: Unknown malware - payload_delivery | 2026-01-24 | |
| URL | https://wxqdcakvuv.com/cssfont.js | ThreatFox: Unknown malware - payload_delivery | 2026-01-24 | |
| URL | https://wxqdcakvuv.com/ok1.js | ThreatFox: Unknown malware - payload_delivery | 2026-01-24 | |
| URL | http://185.113.8.55/uploads/ok.exe | ThreatFox: Unknown malware - payload_delivery | 2026-01-24 | |
| URL | https://185.113.8.55/asd1.js | ThreatFox: Unknown malware - payload_delivery | 2026-01-24 | |
| URL | http://185.113.8.55/asd1.js | ThreatFox: Unknown malware - payload_delivery | 2026-01-24 | |
| URL | http://185.113.8.55/nep | ThreatFox: Unknown malware - payload_delivery | 2026-01-24 | |
| URL | http://srproofing.com/contents/lock | ThreatFox: Unknown malware - payload_delivery | 2026-01-24 | |
| URL | http://official-jaxxwallet.com/stealer.txt | ThreatFox: Unknown malware - payload_delivery | 2026-01-24 | |
| domain | official-jaxxwallet.com | ThreatFox: Unknown malware - payload_delivery | 2026-01-24 | |
| URL | http://47.95.169.152:8888/supershell/login/ | ThreatFox: Unknown malware - botnet_cc | 2026-01-24 | |
| URL | https://arekinformatika.my.id/ | ThreatFox: Unknown malware - botnet_cc | 2026-01-24 | |
| hostname | 1ljft17gwl.execute-api.ap-southeast-1.amazonaws.com | ThreatFox: Cobalt Strike - botnet_cc | 2026-01-24 | |
| domain | bemuseqy.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-24 | |
| URL | http://199.217.99.187 | ThreatFox: Stealc - botnet_cc | 2026-01-24 | |
| URL | https://bemuseqy.cyou/api | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-24 | |
| hostname | lmn990112-54741.portmap.host | ThreatFox: AsyncRAT - botnet_cc | 2026-01-24 | |
| hostname | luvxc1de.duckdns.org | ThreatFox: AsyncRAT - botnet_cc | 2026-01-24 | |
| hostname | hl2k-32291.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-01-24 | |
| URL | https://elimnasir.com/private/callback-fetch.js | ThreatFox: SmartApeSG - payload_delivery | 2026-01-24 | |
| URL | https://cpajoliette.com/q | ThreatFox: SmartApeSG - payload_delivery | 2026-01-24 | |
| URL | https://elimnasir.com/private/profile-ajax.js | ThreatFox: SmartApeSG - payload_delivery | 2026-01-24 | |
| domain | elimnasir.com | ThreatFox: SmartApeSG - payload_delivery | 2026-01-24 | |
| URL | https://elimnasir.com/private/api-hook.php | ThreatFox: SmartApeSG - payload_delivery | 2026-01-24 | |
| hostname | cbb.lidiia.com.ua | ThreatFox: Vidar - botnet_cc | 2026-01-24 | |
| hostname | cbb.borendrokontho.com | ThreatFox: Vidar - botnet_cc | 2026-01-24 | |
| URL | https://steamcommunity.com/profiles/76561198745091601 | ThreatFox: Vidar - botnet_cc | 2026-01-24 | |
| URL | https://telegram.me/n1ds03 | ThreatFox: Vidar - botnet_cc | 2026-01-24 | |
| URL | https://cbb.borendrokontho.com/ | ThreatFox: Vidar - botnet_cc | 2026-01-24 | |
| URL | https://cbb.lidiia.com.ua/ | ThreatFox: Vidar - botnet_cc | 2026-01-24 | |
| hostname | blog.kevoxtech.com | ThreatFox: Havoc - botnet_cc | 2026-01-24 | |
| URL | https://jaskolkki.com/7h9v.js | ThreatFox: KongTuke - payload_delivery | 2026-01-24 | |
| domain | jaskolkki.com | ThreatFox: KongTuke - payload_delivery | 2026-01-24 | |
| URL | https://jaskolkki.com/js.php | ThreatFox: KongTuke - payload_delivery | 2026-01-24 | |
| URL | https://helsibreak.com/api/middleware-server.php | ThreatFox: SmartApeSG - payload_delivery | 2026-01-24 | |
| domain | helsibreak.com | ThreatFox: SmartApeSG - payload_delivery | 2026-01-24 |