Pulse Detail — Threat Intelligence

PULSE NAME

OSINT Volley 2026-01-28 - Meterpreter/RemoteAdmin/BQTlock

WHITE pduggusa 2026-01-28 Modified: 2026-02-27

IOCs

HIGH VOLUME

Automated OSINT sweep from ThreatFox. Top malware: Meterpreter(99), RemoteAdmin(57), BQTlock(35), Vidar(30), AsyncRAT(29). Source: abuse.ch ThreatFox API. SSL enriched: 46 IPs with HTTPS, 21 self-signed (C2 candidates). Pattern 54: sweep→volley automation.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1055 T1059.001 T1105 T1027 T1071.001 T1555.003 T1539 T1005 T1041 T1219 T1056.001

MALWARE FAMILIES

Meterpreter RemoteAdmin BQTlock Vidar AsyncRAT

Indicators of Compromise (26 / 93 total)

All hostname URL domain FileHash-MD5

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	d6a9f97b4e37f6d619a5b88c2947730e	ThreatFox: BQTlock - payload	2026-01-28
FileHash-MD5	47deaf4e5b35781b5447c3a1b92721ad	ThreatFox: BQTlock - payload	2026-01-28
FileHash-MD5	020d888236be6a7fffa99c7f35bf2797	ThreatFox: BQTlock - payload	2026-01-28
FileHash-MD5	a9b717d4d038bf50b08c5de5b491e32e	ThreatFox: BQTlock - payload	2026-01-28
FileHash-MD5	b80c7b84bb479a2ec526f0b195a83b99	ThreatFox: BQTlock - payload	2026-01-28
FileHash-MD5	733efdd0895e5fd1fe9ee73d214ce58c	ThreatFox: BQTlock - payload	2026-01-28
FileHash-MD5	3bc9f741223f23601c3a8975da552af6	ThreatFox: BQTlock - payload	2026-01-28
FileHash-MD5	f1347fec7c34ba11884cb216c7ff5af0	ThreatFox: BQTlock - payload	2026-01-28
FileHash-MD5	ac9088078884311fd32c47997c5c77cc	ThreatFox: BQTlock - payload	2026-01-28
FileHash-MD5	ab03fe3fb16b8b931d2679e67f571cf1	ThreatFox: BQTlock - payload	2026-01-28
FileHash-MD5	147e72282e47ba19f121402abc358bc2	ThreatFox: BQTlock - payload	2026-01-28
FileHash-MD5	f578c14c36833491fa8aa407b4d4b00b	ThreatFox: BQTlock - payload	2026-01-28
FileHash-MD5	f558a0bcd20e01e46551a491c66114e8	ThreatFox: BQTlock - payload	2026-01-28
FileHash-MD5	30121e98200ba3a8ae4704c3441f2618	ThreatFox: BQTlock - payload	2026-01-28
FileHash-MD5	ac8acef11171d3d45bb9386b59f7e2a9	ThreatFox: BQTlock - payload	2026-01-28
FileHash-MD5	af123fab559cb11a1a844acf997b2c61	ThreatFox: BQTlock - payload	2026-01-28
FileHash-MD5	de96beb0baa7243dd7f39b2c400bbc44	ThreatFox: BQTlock - payload	2026-01-28
FileHash-MD5	08b7c181fa4f234e3b3ad8a0e36c613b	ThreatFox: BQTlock - payload	2026-01-28
FileHash-MD5	5062c623fe8368cc69c00a8f7d780fbb	ThreatFox: BQTlock - payload	2026-01-28
FileHash-MD5	f52d8ae29652f58eda468caf80aebc33	ThreatFox: BQTlock - payload	2026-01-28
FileHash-MD5	6880e0567dc6a8885d1d58b79b6d5c12	ThreatFox: BQTlock - payload	2026-01-28
FileHash-MD5	7ff1a6efe00d7b78094d3eb1740f179c	ThreatFox: BQTlock - payload	2026-01-28
FileHash-MD5	a6d91094a222da6576260abf52a07b79	ThreatFox: BQTlock - payload	2026-01-28
FileHash-MD5	7170292337a894ce9a58f5b2176dfefc	ThreatFox: BQTlock - payload	2026-01-28
FileHash-MD5	9323fca75a86c75ffbdcc88ed8f35e5a	ThreatFox: BQTlock - payload	2026-01-28
FileHash-MD5	d244b63e40aab7299d194c11bf060054	ThreatFox: BQTlock - payload	2026-01-28

References (2)

↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch