← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2026-01-25 - Meterpreter/Unknown Stealer/AsyncRAT
WHITE pduggusa 2026-01-25 Modified: 2026-02-24
77
IOCs
HIGH VOLUME
Automated OSINT sweep from ThreatFox. Top malware: Meterpreter(100), Unknown Stealer(86), AsyncRAT(54), Quasar RAT(39), Stealc(31). Source: abuse.ch ThreatFox API. SSL enriched: 34 IPs with HTTPS, 16 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
osint-volleythreatfoxautomatedmeterpreterunknown-stealerasyncratc2-infrastructure
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Meterpreter Unknown Stealer AsyncRAT Quasar RAT Stealc
Indicators of Compromise (6 / 77 total)
All URL hostname domain
TYPEINDICATORDESCRIPTIONCREATED
URL https://cdn.jsdelivr.net/gh/paper-skydiver-drv8/crispy-machine-band3/trans1at ThreatFox: ClearFake - payload_delivery 2026-01-25
URL http://ldark.nm.ru/ind ThreatFox: Berbew - botnet_cc 2026-01-25
URL http://devx.nm.ru/inde ThreatFox: Berbew - botnet_cc 2026-01-25
URL https://streamable.com/xf0twu ThreatFox: DarkComet - botnet_cc 2026-01-25
URL http://159.69.114.128/b5caa8f188054fc8.php ThreatFox: Stealc - botnet_cc 2026-01-25
URL https://cdn.jsdelivr.net/gh/step8-det-19-runtime/repl-88-rt-msh11/net-19-77-21 ThreatFox: ClearFake - payload_delivery 2026-01-25
References (2)
↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch