Pulse Detail — Threat Intelligence

PULSE NAME

OSINT Volley 2026-01-29 - Meterpreter/Vidar/Quasar RAT

WHITE pduggusa 2026-01-29 Modified: 2026-02-28

IOCs

HIGH VOLUME

Automated OSINT sweep from ThreatFox. Top malware: Meterpreter(50), Vidar(33), Quasar RAT(31), Cobalt Strike(21), Unknown malware(13). Source: abuse.ch ThreatFox API. SSL enriched: 24 IPs with HTTPS, 14 self-signed (C2 candidates). Pattern 54: sweep→volley automation.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1055 T1059.001 T1105 T1027 T1555.003 T1539 T1005 T1041 T1071.001 T1219 T1056.001

MALWARE FAMILIES

Meterpreter Vidar Quasar RAT Cobalt Strike Unknown malware

Indicators of Compromise (91)

All URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	https://cdn.jsdelivr.net/gh/web3call/ws014/hex	ThreatFox: ClearFake - payload_delivery	2026-01-29
URL	https://cdn.jsdelivr.net/gh/web3call/ws014/bra	ThreatFox: ClearFake - payload_delivery	2026-01-29
domain	kakapupuneww.com	ThreatFox: CastleRAT - botnet_cc	2026-01-29
URL	https://cdn.jsdelivr.net/gh/web3call/ws014/zec	ThreatFox: ClearFake - payload_delivery	2026-01-29
domain	fscprc.in.net	ThreatFox: Quasar RAT - payload_delivery	2026-01-29
domain	sunwintx1.io	ThreatFox: Quasar RAT - payload_delivery	2026-01-29
domain	sunwin-2026.xyz	ThreatFox: Quasar RAT - payload_delivery	2026-01-29
hostname	hfrjay.ru.com	ThreatFox: Quasar RAT - payload_delivery	2026-01-29
domain	sunwin02.io	ThreatFox: Quasar RAT - payload_delivery	2026-01-29
domain	puzzelstravels.in.net	ThreatFox: Quasar RAT - payload_delivery	2026-01-29
hostname	ldsswp.sa.com	ThreatFox: Quasar RAT - payload_delivery	2026-01-29
domain	angelheartfoundation.in.net	ThreatFox: Quasar RAT - payload_delivery	2026-01-29
domain	lovebackspecialist.in.net	ThreatFox: Quasar RAT - payload_delivery	2026-01-29
hostname	static.za.com	ThreatFox: Quasar RAT - payload_delivery	2026-01-29
hostname	enbgjg.ru.com	ThreatFox: Quasar RAT - payload_delivery	2026-01-29
domain	789-club.win	ThreatFox: Quasar RAT - payload_delivery	2026-01-29
hostname	id-slotantilag.jp.net	ThreatFox: Quasar RAT - payload_delivery	2026-01-29
domain	freewallet.in.net	ThreatFox: Quasar RAT - payload_delivery	2026-01-29
domain	zhj.in.net	ThreatFox: Quasar RAT - payload_delivery	2026-01-29
hostname	m0cga.sa.com	ThreatFox: Quasar RAT - payload_delivery	2026-01-29
hostname	preferends.jp.net	ThreatFox: Quasar RAT - payload_delivery	2026-01-29
domain	hlt.club	ThreatFox: Quasar RAT - payload_delivery	2026-01-29
domain	sunnwin.am	ThreatFox: Quasar RAT - payload_delivery	2026-01-29
hostname	newpappernews217.ru.com	ThreatFox: Quasar RAT - payload_delivery	2026-01-29
domain	katmovie.in.net	ThreatFox: Quasar RAT - payload_delivery	2026-01-29
domain	hitclubz.tv	ThreatFox: Quasar RAT - payload_delivery	2026-01-29
domain	hit-club.tv	ThreatFox: Quasar RAT - payload_delivery	2026-01-29
domain	sunnwin.cc	ThreatFox: Quasar RAT - payload_delivery	2026-01-29
domain	midlandaudio.com	ThreatFox: Unknown Stealer - botnet_cc	2026-01-29
URL	https://cdn.jsdelivr.net/gh/web3call/ws014/var	ThreatFox: ClearFake - payload_delivery	2026-01-29
hostname	bek.cloudvaly.com	ThreatFox: Vidar - botnet_cc	2026-01-29
hostname	bek.beznervov.com	ThreatFox: Vidar - botnet_cc	2026-01-29
hostname	pov.cloudvaly.com	ThreatFox: Vidar - botnet_cc	2026-01-29
hostname	pov.beznervov.com	ThreatFox: Vidar - botnet_cc	2026-01-29
hostname	tor.cloudvaly.com	ThreatFox: Vidar - botnet_cc	2026-01-29
hostname	tor.beznervov.com	ThreatFox: Vidar - botnet_cc	2026-01-29
URL	https://95.217.227.187/	ThreatFox: Vidar - botnet_cc	2026-01-29
URL	https://178.17.59.34/	ThreatFox: Vidar - botnet_cc	2026-01-29
URL	https://49.13.124.144/	ThreatFox: Vidar - botnet_cc	2026-01-29
URL	https://49.13.33.221/	ThreatFox: Vidar - botnet_cc	2026-01-29
URL	https://135.181.14.70/	ThreatFox: Vidar - botnet_cc	2026-01-29
URL	https://37.27.63.113/	ThreatFox: Vidar - botnet_cc	2026-01-29
URL	https://pov.cloudvaly.com/	ThreatFox: Vidar - botnet_cc	2026-01-29
URL	https://pov.beznervov.com/	ThreatFox: Vidar - botnet_cc	2026-01-29
URL	https://bek.cloudvaly.com/	ThreatFox: Vidar - botnet_cc	2026-01-29
URL	https://bek.beznervov.com/	ThreatFox: Vidar - botnet_cc	2026-01-29
URL	https://tor.cloudvaly.com/	ThreatFox: Vidar - botnet_cc	2026-01-29
URL	https://tor.beznervov.com/	ThreatFox: Vidar - botnet_cc	2026-01-29
URL	https://cdn.jsdelivr.net/gh/web3call/ws014/cvx	ThreatFox: ClearFake - payload_delivery	2026-01-29
URL	https://34ten.com/	ThreatFox: Unknown malware - payload_delivery	2026-01-29
URL	http://144.172.106.251/	ThreatFox: Unknown malware - botnet_cc	2026-01-29
URL	https://cdn.jsdelivr.net/gh/web3call/ws014/eth	ThreatFox: ClearFake - payload_delivery	2026-01-29
URL	https://cdn.jsdelivr.net/gh/grading-chatter-dock73/super-docs-web3/forward	ThreatFox: ClearFake - payload_delivery	2026-01-29
URL	https://cdn.jsdelivr.net/gh/grading-chatter-dock73/super-docs-web3/sdf	ThreatFox: ClearFake - payload_delivery	2026-01-29
hostname	th3hunt3r-53504.portmap.host	ThreatFox: XWorm - botnet_cc	2026-01-29
URL	https://cdn.jsdelivr.net/gh/relight-73-unsigned/tk-hz-ctrl/ypfcbjy5exc2pzs4bc7j	ThreatFox: ClearFake - payload_delivery	2026-01-29
domain	deeyou.xyz	ThreatFox: Cobalt Strike - botnet_cc	2026-01-29
hostname	www.carhartt-market.com	ThreatFox: Cobalt Strike - botnet_cc	2026-01-29
hostname	dnsuptime.dns.army	ThreatFox: VShell - botnet_cc	2026-01-29
hostname	csp.cloudvaly.com	ThreatFox: Vidar - botnet_cc	2026-01-29
hostname	csp.beznervov.com	ThreatFox: Vidar - botnet_cc	2026-01-29
URL	https://csp.cloudvaly.com/	ThreatFox: Vidar - botnet_cc	2026-01-29
URL	https://csp.beznervov.com/	ThreatFox: Vidar - botnet_cc	2026-01-29
hostname	projectindia999.loseyourip.com	ThreatFox: Nanocore RAT - botnet_cc	2026-01-29
hostname	cia.anondns.net	ThreatFox: Nanocore RAT - botnet_cc	2026-01-29
hostname	skittlesforlife.anondns.net	ThreatFox: Nanocore RAT - botnet_cc	2026-01-29
hostname	suzrbgndb.localto.net	ThreatFox: SpyNote - botnet_cc	2026-01-29
hostname	ecolombia223.casacam.net	ThreatFox: AsyncRAT - botnet_cc	2026-01-29
domain	atlnewmedia.com	ThreatFox: XWorm - botnet_cc	2026-01-29
domain	arenalexperience.com	ThreatFox: XWorm - botnet_cc	2026-01-29
hostname	mikey12325ja1-31716.portmap.host	ThreatFox: XWorm - botnet_cc	2026-01-29
hostname	yoga.tatatech.net	ThreatFox: FAKEUPDATES - botnet_cc	2026-01-29
hostname	nra.uk.com	ThreatFox: AsyncRAT - botnet_cc	2026-01-29
hostname	jwwp.cn.com	ThreatFox: AsyncRAT - botnet_cc	2026-01-29
hostname	d8zljb.ru.com	ThreatFox: AsyncRAT - botnet_cc	2026-01-29
hostname	changingcanoes.us.com	ThreatFox: AsyncRAT - botnet_cc	2026-01-29
hostname	asianswitch.gb.net	ThreatFox: AsyncRAT - botnet_cc	2026-01-29
hostname	mail.onetime-authentication.cruiserscrib.com	ThreatFox: Unknown malware - botnet_cc	2026-01-29
URL	https://banengids.com/5g7h.js	ThreatFox: KongTuke - payload_delivery	2026-01-29
domain	banengids.com	ThreatFox: KongTuke - payload_delivery	2026-01-29
URL	https://banengids.com/js.php	ThreatFox: KongTuke - payload_delivery	2026-01-29
domain	globaljira.com	ThreatFox: SmartApeSG - payload_delivery	2026-01-29
URL	https://globaljira.com/token/handler-fetch.php	ThreatFox: SmartApeSG - payload_delivery	2026-01-29
URL	https://globaljira.com/token/middleware-render.js	ThreatFox: SmartApeSG - payload_delivery	2026-01-29
URL	http://193.42.38.42/rate	ThreatFox: SmartApeSG - payload_delivery	2026-01-29
URL	https://immortalexser.com/rate	ThreatFox: SmartApeSG - payload_delivery	2026-01-29
URL	https://193.42.38.42/limit	ThreatFox: SmartApeSG - payload_delivery	2026-01-29
hostname	gty.cloudvaly.com	ThreatFox: Vidar - botnet_cc	2026-01-29
hostname	gty.beznervov.com	ThreatFox: Vidar - botnet_cc	2026-01-29
URL	https://gty.beznervov.com/	ThreatFox: Vidar - botnet_cc	2026-01-29
URL	https://gty.cloudvaly.com/	ThreatFox: Vidar - botnet_cc	2026-01-29

References (2)

↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch