← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2026-01-28 - Meterpreter/RemoteAdmin/BQTlock
WHITE pduggusa 2026-01-28 Modified: 2026-02-27
69
IOCs
HIGH VOLUME
Automated OSINT sweep from ThreatFox. Top malware: Meterpreter(104), RemoteAdmin(57), BQTlock(35), AsyncRAT(34), Vidar(30). Source: abuse.ch ThreatFox API. SSL enriched: 46 IPs with HTTPS, 20 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
osint-volleythreatfoxautomatedmeterpreterremoteadminbqtlockc2-infrastructure
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Meterpreter RemoteAdmin BQTlock AsyncRAT Vidar
Indicators of Compromise (69)
All hostname URL domain
TYPEINDICATORDESCRIPTIONCREATED
hostname yoga.tatatech.net ThreatFox: FAKEUPDATES - botnet_cc 2026-01-28
hostname nra.uk.com ThreatFox: AsyncRAT - botnet_cc 2026-01-28
hostname jwwp.cn.com ThreatFox: AsyncRAT - botnet_cc 2026-01-28
hostname d8zljb.ru.com ThreatFox: AsyncRAT - botnet_cc 2026-01-28
hostname changingcanoes.us.com ThreatFox: AsyncRAT - botnet_cc 2026-01-28
hostname asianswitch.gb.net ThreatFox: AsyncRAT - botnet_cc 2026-01-28
hostname mail.onetime-authentication.cruiserscrib.com ThreatFox: Unknown malware - botnet_cc 2026-01-28
URL https://banengids.com/5g7h.js ThreatFox: KongTuke - payload_delivery 2026-01-28
domain banengids.com ThreatFox: KongTuke - payload_delivery 2026-01-28
URL https://banengids.com/js.php ThreatFox: KongTuke - payload_delivery 2026-01-28
domain globaljira.com ThreatFox: SmartApeSG - payload_delivery 2026-01-28
URL https://globaljira.com/token/handler-fetch.php ThreatFox: SmartApeSG - payload_delivery 2026-01-28
URL https://globaljira.com/token/middleware-render.js ThreatFox: SmartApeSG - payload_delivery 2026-01-28
URL http://193.42.38.42/rate ThreatFox: SmartApeSG - payload_delivery 2026-01-28
URL https://immortalexser.com/rate ThreatFox: SmartApeSG - payload_delivery 2026-01-28
URL https://193.42.38.42/limit ThreatFox: SmartApeSG - payload_delivery 2026-01-28
hostname gty.cloudvaly.com ThreatFox: Vidar - botnet_cc 2026-01-28
hostname gty.beznervov.com ThreatFox: Vidar - botnet_cc 2026-01-28
URL https://gty.beznervov.com/ ThreatFox: Vidar - botnet_cc 2026-01-28
URL https://gty.cloudvaly.com/ ThreatFox: Vidar - botnet_cc 2026-01-28
hostname static.cos-tencent.cloud ThreatFox: Cobalt Strike - botnet_cc 2026-01-28
hostname img2.huorongsec.com ThreatFox: Cobalt Strike - botnet_cc 2026-01-28
URL http://213.176.72.208 ThreatFox: Stealc - botnet_cc 2026-01-28
URL http://158.94.211.91/health ThreatFox: Unknown Stealer - botnet_cc 2026-01-28
URL http://158.94.211.91/dd0e7ee6f5e1af92436a3a938660db61/txvhf.irrz ThreatFox: Unknown Stealer - botnet_cc 2026-01-28
domain kernel-compass.com ThreatFox: SantaStealer - botnet_cc 2026-01-28
URL https://kernel-compass.com/ ThreatFox: SantaStealer - botnet_cc 2026-01-28
URL http://91.219.237.175/m4dfhweEw/Login.php ThreatFox: Amadey - botnet_cc 2026-01-28
hostname them-choose.gl.at.ply.gg ThreatFox: Quasar RAT - botnet_cc 2026-01-28
URL http://5.181.86.244 ThreatFox: Amadey - botnet_cc 2026-01-28
domain daroughgan.com ThreatFox: Remcos - botnet_cc 2026-01-28
hostname daroughgan8hajous5.duckdns.org ThreatFox: Remcos - botnet_cc 2026-01-28
hostname daroughgan8hajous4.duckdns.org ThreatFox: Remcos - botnet_cc 2026-01-28
hostname daroughgan8hajous3.duckdns.org ThreatFox: Remcos - botnet_cc 2026-01-28
hostname daroughgan8hajous2.duckdns.org ThreatFox: Remcos - botnet_cc 2026-01-28
hostname daroughgan8hajous1.duckdns.org ThreatFox: Remcos - botnet_cc 2026-01-28
hostname zaryef.za.com ThreatFox: Quasar RAT - botnet_cc 2026-01-28
hostname uber.gr.com ThreatFox: Quasar RAT - botnet_cc 2026-01-28
hostname sri.gb.net ThreatFox: Quasar RAT - botnet_cc 2026-01-28
hostname leivistabaltic.eu.com ThreatFox: Quasar RAT - botnet_cc 2026-01-28
domain hoianorchidgarden.com ThreatFox: Quasar RAT - botnet_cc 2026-01-28
URL https://cdn.jsdelivr.net/gh/grading-chatter-dock73/vigilant-bucket-gui/p1lot ThreatFox: ClearFake - payload_delivery 2026-01-28
URL https://cdn.jsdelivr.net/gh/grading-chatter-dock73/sassy-generous-drv9/wrap1q ThreatFox: ClearFake - payload_delivery 2026-01-28
domain szdxmm-ydbaoji0126.com ThreatFox: ValleyRAT - botnet_cc 2026-01-28
domain szdxmm-yd0126.com ThreatFox: ValleyRAT - botnet_cc 2026-01-28
hostname gohapel398-62132.portmap.host ThreatFox: Quasar RAT - botnet_cc 2026-01-28
hostname act-tingly.gl.at.ply.gg ThreatFox: XWorm - botnet_cc 2026-01-28
URL http://138.226.236.148 ThreatFox: Stealc - botnet_cc 2026-01-28
domain blank-carrot.com ThreatFox: SantaStealer - botnet_cc 2026-01-28
URL https://blank-carrot.com/ ThreatFox: SantaStealer - botnet_cc 2026-01-28
URL http://91.219.237.175/m4dfhweEw/index.php ThreatFox: Amadey - botnet_cc 2026-01-28
hostname rrg.cdcmn.edu.bd ThreatFox: Vidar - botnet_cc 2026-01-28
hostname rrg.lidiia.com.ua ThreatFox: Vidar - botnet_cc 2026-01-28
hostname trx.cdcmn.edu.bd ThreatFox: Vidar - botnet_cc 2026-01-28
hostname trx.lidiia.com.ua ThreatFox: Vidar - botnet_cc 2026-01-28
URL https://135.181.14.65/ ThreatFox: Vidar - botnet_cc 2026-01-28
URL https://84.234.29.122/ ThreatFox: Vidar - botnet_cc 2026-01-28
URL https://135.181.14.67/ ThreatFox: Vidar - botnet_cc 2026-01-28
URL https://89.125.48.8/ ThreatFox: Vidar - botnet_cc 2026-01-28
URL https://135.181.14.69/ ThreatFox: Vidar - botnet_cc 2026-01-28
URL https://rrg.cdcmn.edu.bd/ ThreatFox: Vidar - botnet_cc 2026-01-28
URL https://rrg.lidiia.com.ua/ ThreatFox: Vidar - botnet_cc 2026-01-28
URL https://trx.cdcmn.edu.bd/ ThreatFox: Vidar - botnet_cc 2026-01-28
URL https://trx.lidiia.com.ua/ ThreatFox: Vidar - botnet_cc 2026-01-28
URL https://135.181.14.66/ ThreatFox: Vidar - botnet_cc 2026-01-28
URL https://135.181.14.71/ ThreatFox: Vidar - botnet_cc 2026-01-28
domain wmk99.com ThreatFox: AsyncRAT - botnet_cc 2026-01-28
domain wmk88.com ThreatFox: AsyncRAT - botnet_cc 2026-01-28
domain wmk77.com ThreatFox: AsyncRAT - botnet_cc 2026-01-28
References (2)
↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch