Pulse Detail — Threat Intelligence

PULSE NAME

OSINT Volley 2026-01-25 - Meterpreter/AsyncRAT/Unknown malware

WHITE pduggusa 2026-01-25 Modified: 2026-02-24

IOCs

HIGH VOLUME

Automated OSINT sweep from ThreatFox. Top malware: Meterpreter(94), AsyncRAT(64), Unknown malware(48), Quasar RAT(39), ValleyRAT(18). Source: abuse.ch ThreatFox API. SSL enriched: 33 IPs with HTTPS, 12 self-signed (C2 candidates). Pattern 54: sweep→volley automation.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1055 T1059.001 T1105 T1027 T1071.001 T1219 T1056.001

MALWARE FAMILIES

Meterpreter AsyncRAT Unknown malware Quasar RAT ValleyRAT

Indicators of Compromise (16 / 87 total)

All domain hostname URL

TYPE	INDICATOR	DESCRIPTION	CREATED
hostname	jefafe2169-35904.portmap.host	ThreatFox: Quasar RAT - botnet_cc	2026-01-25
hostname	57c42474b0ea.ofalias.net	ThreatFox: Quasar RAT - botnet_cc	2026-01-25
hostname	garellla-30563.portmap.host	ThreatFox: XWorm - botnet_cc	2026-01-25
hostname	enemy1.no-ip.info	ThreatFox: DarkComet - botnet_cc	2026-01-25
hostname	genetichax.no-ip.biz	ThreatFox: DarkComet - botnet_cc	2026-01-25
hostname	kc15.no-ip.info	ThreatFox: DarkComet - botnet_cc	2026-01-25
hostname	poisonivy1.no-ip.org	ThreatFox: DarkComet - botnet_cc	2026-01-25
hostname	tcp-free.tunnel4.com	ThreatFox: DarkComet - botnet_cc	2026-01-25
hostname	nicedudesmoke.ddns.net	ThreatFox: DarkComet - botnet_cc	2026-01-25
hostname	botnet.nigassculo23.shop	ThreatFox: Mirai - botnet_cc	2026-01-25
hostname	sumrak2026.duckdns.org	ThreatFox: Mirai - botnet_cc	2026-01-25
hostname	realityv3.redirectme.net	ThreatFox: Mirai - botnet_cc	2026-01-25
hostname	nb-1.muhanfrp.cn	ThreatFox: ValleyRAT - botnet_cc	2026-01-25
hostname	aguang.yuxuanow.com	ThreatFox: ValleyRAT - botnet_cc	2026-01-25
hostname	zz-1.muhanfrp.cn	ThreatFox: ValleyRAT - botnet_cc	2026-01-25
hostname	agitex.africa.com	ThreatFox: AsyncRAT - botnet_cc	2026-01-25

References (2)

↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch