← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2026-01-28 - Meterpreter/RemoteAdmin/BQTlock
Automated OSINT sweep from ThreatFox. Top malware: Meterpreter(99), RemoteAdmin(57), BQTlock(35), Vidar(34), AsyncRAT(29). Source: abuse.ch ThreatFox API. SSL enriched: 46 IPs with HTTPS, 21 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
MITRE ATT&CK & Malware Families
Indicators of Compromise (95)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| URL | https://banengids.com/5g7h.js | ThreatFox: KongTuke - payload_delivery | 2026-01-28 | |
| domain | banengids.com | ThreatFox: KongTuke - payload_delivery | 2026-01-28 | |
| URL | https://banengids.com/js.php | ThreatFox: KongTuke - payload_delivery | 2026-01-28 | |
| domain | globaljira.com | ThreatFox: SmartApeSG - payload_delivery | 2026-01-28 | |
| URL | https://globaljira.com/token/handler-fetch.php | ThreatFox: SmartApeSG - payload_delivery | 2026-01-28 | |
| URL | https://globaljira.com/token/middleware-render.js | ThreatFox: SmartApeSG - payload_delivery | 2026-01-28 | |
| URL | http://193.42.38.42/rate | ThreatFox: SmartApeSG - payload_delivery | 2026-01-28 | |
| URL | https://immortalexser.com/rate | ThreatFox: SmartApeSG - payload_delivery | 2026-01-28 | |
| URL | https://193.42.38.42/limit | ThreatFox: SmartApeSG - payload_delivery | 2026-01-28 | |
| hostname | gty.cloudvaly.com | ThreatFox: Vidar - botnet_cc | 2026-01-28 | |
| hostname | gty.beznervov.com | ThreatFox: Vidar - botnet_cc | 2026-01-28 | |
| URL | https://gty.beznervov.com/ | ThreatFox: Vidar - botnet_cc | 2026-01-28 | |
| URL | https://gty.cloudvaly.com/ | ThreatFox: Vidar - botnet_cc | 2026-01-28 | |
| hostname | static.cos-tencent.cloud | ThreatFox: Cobalt Strike - botnet_cc | 2026-01-28 | |
| hostname | img2.huorongsec.com | ThreatFox: Cobalt Strike - botnet_cc | 2026-01-28 | |
| URL | http://213.176.72.208 | ThreatFox: Stealc - botnet_cc | 2026-01-28 | |
| URL | http://158.94.211.91/health | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-28 | |
| URL | http://158.94.211.91/dd0e7ee6f5e1af92436a3a938660db61/txvhf.irrz | ThreatFox: Unknown Stealer - botnet_cc | 2026-01-28 | |
| domain | kernel-compass.com | ThreatFox: SantaStealer - botnet_cc | 2026-01-28 | |
| URL | https://kernel-compass.com/ | ThreatFox: SantaStealer - botnet_cc | 2026-01-28 | |
| URL | http://91.219.237.175/m4dfhweEw/Login.php | ThreatFox: Amadey - botnet_cc | 2026-01-28 | |
| hostname | them-choose.gl.at.ply.gg | ThreatFox: Quasar RAT - botnet_cc | 2026-01-28 | |
| URL | http://5.181.86.244 | ThreatFox: Amadey - botnet_cc | 2026-01-28 | |
| domain | daroughgan.com | ThreatFox: Remcos - botnet_cc | 2026-01-28 | |
| hostname | daroughgan8hajous5.duckdns.org | ThreatFox: Remcos - botnet_cc | 2026-01-28 | |
| hostname | daroughgan8hajous4.duckdns.org | ThreatFox: Remcos - botnet_cc | 2026-01-28 | |
| hostname | daroughgan8hajous3.duckdns.org | ThreatFox: Remcos - botnet_cc | 2026-01-28 | |
| hostname | daroughgan8hajous2.duckdns.org | ThreatFox: Remcos - botnet_cc | 2026-01-28 | |
| hostname | daroughgan8hajous1.duckdns.org | ThreatFox: Remcos - botnet_cc | 2026-01-28 | |
| hostname | zaryef.za.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-28 | |
| hostname | uber.gr.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-28 | |
| hostname | sri.gb.net | ThreatFox: Quasar RAT - botnet_cc | 2026-01-28 | |
| hostname | leivistabaltic.eu.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-28 | |
| domain | hoianorchidgarden.com | ThreatFox: Quasar RAT - botnet_cc | 2026-01-28 | |
| URL | https://cdn.jsdelivr.net/gh/grading-chatter-dock73/vigilant-bucket-gui/p1lot | ThreatFox: ClearFake - payload_delivery | 2026-01-28 | |
| URL | https://cdn.jsdelivr.net/gh/grading-chatter-dock73/sassy-generous-drv9/wrap1q | ThreatFox: ClearFake - payload_delivery | 2026-01-28 | |
| domain | szdxmm-ydbaoji0126.com | ThreatFox: ValleyRAT - botnet_cc | 2026-01-28 | |
| domain | szdxmm-yd0126.com | ThreatFox: ValleyRAT - botnet_cc | 2026-01-28 | |
| hostname | gohapel398-62132.portmap.host | ThreatFox: Quasar RAT - botnet_cc | 2026-01-28 | |
| hostname | act-tingly.gl.at.ply.gg | ThreatFox: XWorm - botnet_cc | 2026-01-28 | |
| URL | http://138.226.236.148 | ThreatFox: Stealc - botnet_cc | 2026-01-28 | |
| domain | blank-carrot.com | ThreatFox: SantaStealer - botnet_cc | 2026-01-28 | |
| URL | https://blank-carrot.com/ | ThreatFox: SantaStealer - botnet_cc | 2026-01-28 | |
| URL | http://91.219.237.175/m4dfhweEw/index.php | ThreatFox: Amadey - botnet_cc | 2026-01-28 | |
| hostname | rrg.cdcmn.edu.bd | ThreatFox: Vidar - botnet_cc | 2026-01-28 | |
| hostname | rrg.lidiia.com.ua | ThreatFox: Vidar - botnet_cc | 2026-01-28 | |
| hostname | trx.cdcmn.edu.bd | ThreatFox: Vidar - botnet_cc | 2026-01-28 | |
| hostname | trx.lidiia.com.ua | ThreatFox: Vidar - botnet_cc | 2026-01-28 | |
| URL | https://135.181.14.65/ | ThreatFox: Vidar - botnet_cc | 2026-01-28 | |
| URL | https://84.234.29.122/ | ThreatFox: Vidar - botnet_cc | 2026-01-28 | |
| URL | https://135.181.14.67/ | ThreatFox: Vidar - botnet_cc | 2026-01-28 | |
| URL | https://89.125.48.8/ | ThreatFox: Vidar - botnet_cc | 2026-01-28 | |
| URL | https://135.181.14.69/ | ThreatFox: Vidar - botnet_cc | 2026-01-28 | |
| URL | https://rrg.cdcmn.edu.bd/ | ThreatFox: Vidar - botnet_cc | 2026-01-28 | |
| URL | https://rrg.lidiia.com.ua/ | ThreatFox: Vidar - botnet_cc | 2026-01-28 | |
| URL | https://trx.cdcmn.edu.bd/ | ThreatFox: Vidar - botnet_cc | 2026-01-28 | |
| URL | https://trx.lidiia.com.ua/ | ThreatFox: Vidar - botnet_cc | 2026-01-28 | |
| URL | https://135.181.14.66/ | ThreatFox: Vidar - botnet_cc | 2026-01-28 | |
| URL | https://135.181.14.71/ | ThreatFox: Vidar - botnet_cc | 2026-01-28 | |
| domain | wmk99.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-28 | |
| domain | wmk88.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-28 | |
| domain | wmk77.com | ThreatFox: AsyncRAT - botnet_cc | 2026-01-28 | |
| domain | gubbisx.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-28 | |
| domain | braxttp.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-28 | |
| domain | potashbx.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-28 | |
| domain | recyclqb.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-01-28 | |
| FileHash-MD5 | d6a9f97b4e37f6d619a5b88c2947730e | ThreatFox: BQTlock - payload | 2026-01-28 | |
| FileHash-MD5 | 47deaf4e5b35781b5447c3a1b92721ad | ThreatFox: BQTlock - payload | 2026-01-28 | |
| FileHash-MD5 | 020d888236be6a7fffa99c7f35bf2797 | ThreatFox: BQTlock - payload | 2026-01-28 | |
| FileHash-MD5 | a9b717d4d038bf50b08c5de5b491e32e | ThreatFox: BQTlock - payload | 2026-01-28 | |
| FileHash-MD5 | b80c7b84bb479a2ec526f0b195a83b99 | ThreatFox: BQTlock - payload | 2026-01-28 | |
| FileHash-MD5 | 733efdd0895e5fd1fe9ee73d214ce58c | ThreatFox: BQTlock - payload | 2026-01-28 | |
| FileHash-MD5 | 3bc9f741223f23601c3a8975da552af6 | ThreatFox: BQTlock - payload | 2026-01-28 | |
| FileHash-MD5 | f1347fec7c34ba11884cb216c7ff5af0 | ThreatFox: BQTlock - payload | 2026-01-28 | |
| FileHash-MD5 | ac9088078884311fd32c47997c5c77cc | ThreatFox: BQTlock - payload | 2026-01-28 | |
| FileHash-MD5 | ab03fe3fb16b8b931d2679e67f571cf1 | ThreatFox: BQTlock - payload | 2026-01-28 | |
| FileHash-MD5 | 147e72282e47ba19f121402abc358bc2 | ThreatFox: BQTlock - payload | 2026-01-28 | |
| FileHash-MD5 | f578c14c36833491fa8aa407b4d4b00b | ThreatFox: BQTlock - payload | 2026-01-28 | |
| FileHash-MD5 | f558a0bcd20e01e46551a491c66114e8 | ThreatFox: BQTlock - payload | 2026-01-28 | |
| FileHash-MD5 | 30121e98200ba3a8ae4704c3441f2618 | ThreatFox: BQTlock - payload | 2026-01-28 | |
| FileHash-MD5 | ac8acef11171d3d45bb9386b59f7e2a9 | ThreatFox: BQTlock - payload | 2026-01-28 | |
| FileHash-MD5 | af123fab559cb11a1a844acf997b2c61 | ThreatFox: BQTlock - payload | 2026-01-28 | |
| FileHash-MD5 | de96beb0baa7243dd7f39b2c400bbc44 | ThreatFox: BQTlock - payload | 2026-01-28 | |
| FileHash-MD5 | 08b7c181fa4f234e3b3ad8a0e36c613b | ThreatFox: BQTlock - payload | 2026-01-28 | |
| FileHash-MD5 | 5062c623fe8368cc69c00a8f7d780fbb | ThreatFox: BQTlock - payload | 2026-01-28 | |
| FileHash-MD5 | f52d8ae29652f58eda468caf80aebc33 | ThreatFox: BQTlock - payload | 2026-01-28 | |
| FileHash-MD5 | 6880e0567dc6a8885d1d58b79b6d5c12 | ThreatFox: BQTlock - payload | 2026-01-28 | |
| FileHash-MD5 | 7ff1a6efe00d7b78094d3eb1740f179c | ThreatFox: BQTlock - payload | 2026-01-28 | |
| FileHash-MD5 | a6d91094a222da6576260abf52a07b79 | ThreatFox: BQTlock - payload | 2026-01-28 | |
| FileHash-MD5 | 7170292337a894ce9a58f5b2176dfefc | ThreatFox: BQTlock - payload | 2026-01-28 | |
| FileHash-MD5 | 9323fca75a86c75ffbdcc88ed8f35e5a | ThreatFox: BQTlock - payload | 2026-01-28 | |
| FileHash-MD5 | d244b63e40aab7299d194c11bf060054 | ThreatFox: BQTlock - payload | 2026-01-28 | |
| FileHash-MD5 | 03427263da43843baf7cfd85f305fc77 | ThreatFox: BQTlock - payload | 2026-01-28 | |
| FileHash-MD5 | 1859f56847ccabc6581a56f55041955f | ThreatFox: BQTlock - payload | 2026-01-28 | |
| FileHash-MD5 | e0080e35657caed78566384a2e7b1ef4 | ThreatFox: BQTlock - payload | 2026-01-28 |