Pulse Detail — Threat Intelligence

PULSE NAME

OSINT Volley 2026-01-28 - Meterpreter/RemoteAdmin/BQTlock

WHITE pduggusa 2026-01-28 Modified: 2026-02-27

IOCs

HIGH VOLUME

Automated OSINT sweep from ThreatFox. Top malware: Meterpreter(99), RemoteAdmin(57), BQTlock(35), Vidar(34), AsyncRAT(29). Source: abuse.ch ThreatFox API. SSL enriched: 46 IPs with HTTPS, 21 self-signed (C2 candidates). Pattern 54: sweep→volley automation.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1055 T1059.001 T1105 T1027 T1071.001 T1555.003 T1539 T1005 T1041 T1219 T1056.001

MALWARE FAMILIES

Meterpreter RemoteAdmin BQTlock Vidar AsyncRAT

Indicators of Compromise (31 / 95 total)

All hostname URL domain FileHash-MD5

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	https://gty.beznervov.com/	ThreatFox: Vidar - botnet_cc	2026-01-28
URL	https://gty.cloudvaly.com/	ThreatFox: Vidar - botnet_cc	2026-01-28
URL	https://193.42.38.42/limit	ThreatFox: SmartApeSG - payload_delivery	2026-01-28
URL	https://immortalexser.com/rate	ThreatFox: SmartApeSG - payload_delivery	2026-01-28
URL	http://193.42.38.42/rate	ThreatFox: SmartApeSG - payload_delivery	2026-01-28
URL	https://globaljira.com/token/middleware-render.js	ThreatFox: SmartApeSG - payload_delivery	2026-01-28
URL	https://globaljira.com/token/handler-fetch.php	ThreatFox: SmartApeSG - payload_delivery	2026-01-28
URL	https://banengids.com/js.php	ThreatFox: KongTuke - payload_delivery	2026-01-28
URL	https://banengids.com/5g7h.js	ThreatFox: KongTuke - payload_delivery	2026-01-28
URL	http://213.176.72.208	ThreatFox: Stealc - botnet_cc	2026-01-28
URL	http://158.94.211.91/health	ThreatFox: Unknown Stealer - botnet_cc	2026-01-28
URL	http://158.94.211.91/dd0e7ee6f5e1af92436a3a938660db61/txvhf.irrz	ThreatFox: Unknown Stealer - botnet_cc	2026-01-28
URL	https://kernel-compass.com/	ThreatFox: SantaStealer - botnet_cc	2026-01-28
URL	http://91.219.237.175/m4dfhweEw/Login.php	ThreatFox: Amadey - botnet_cc	2026-01-28
URL	http://5.181.86.244	ThreatFox: Amadey - botnet_cc	2026-01-28
URL	https://cdn.jsdelivr.net/gh/grading-chatter-dock73/vigilant-bucket-gui/p1lot	ThreatFox: ClearFake - payload_delivery	2026-01-28
URL	https://cdn.jsdelivr.net/gh/grading-chatter-dock73/sassy-generous-drv9/wrap1q	ThreatFox: ClearFake - payload_delivery	2026-01-28
URL	http://138.226.236.148	ThreatFox: Stealc - botnet_cc	2026-01-28
URL	https://blank-carrot.com/	ThreatFox: SantaStealer - botnet_cc	2026-01-28
URL	http://91.219.237.175/m4dfhweEw/index.php	ThreatFox: Amadey - botnet_cc	2026-01-28
URL	https://135.181.14.65/	ThreatFox: Vidar - botnet_cc	2026-01-28
URL	https://84.234.29.122/	ThreatFox: Vidar - botnet_cc	2026-01-28
URL	https://135.181.14.67/	ThreatFox: Vidar - botnet_cc	2026-01-28
URL	https://89.125.48.8/	ThreatFox: Vidar - botnet_cc	2026-01-28
URL	https://135.181.14.69/	ThreatFox: Vidar - botnet_cc	2026-01-28
URL	https://rrg.cdcmn.edu.bd/	ThreatFox: Vidar - botnet_cc	2026-01-28
URL	https://rrg.lidiia.com.ua/	ThreatFox: Vidar - botnet_cc	2026-01-28
URL	https://trx.cdcmn.edu.bd/	ThreatFox: Vidar - botnet_cc	2026-01-28
URL	https://trx.lidiia.com.ua/	ThreatFox: Vidar - botnet_cc	2026-01-28
URL	https://135.181.14.66/	ThreatFox: Vidar - botnet_cc	2026-01-28
URL	https://135.181.14.71/	ThreatFox: Vidar - botnet_cc	2026-01-28

References (2)

↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch