Pulse Detail — Threat Intelligence

PULSE NAME

OSINT Volley 2026-01-31 - Unknown malware/AsyncRAT/ClearFake

WHITE pduggusa 2026-01-31 Modified: 2026-03-02

103

IOCs

HIGH VOLUME

Automated OSINT sweep from ThreatFox. Top malware: Unknown malware(36), AsyncRAT(29), ClearFake(14), Meterpreter(14), Unknown Stealer(13). Source: abuse.ch ThreatFox API. SSL enriched: 31 IPs with HTTPS, 15 self-signed (C2 candidates). Pattern 54: sweep→volley automation.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1071.001 T1105 T1059.001 T1219 T1056.001 T1189 T1204.002 T1566.002 T1055 T1027

MALWARE FAMILIES

Unknown malware AsyncRAT ClearFake Meterpreter Unknown Stealer

Indicators of Compromise (34 / 103 total)

All hostname URL domain

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	http://77.110.103.209/api/logs	ThreatFox: Unknown Stealer - botnet_cc	2026-01-31
URL	https://adm-toolkit.live/api/logs	ThreatFox: Unknown Stealer - botnet_cc	2026-01-31
URL	http://77.110.103.209:3000/api/logs	ThreatFox: Unknown Stealer - botnet_cc	2026-01-31
URL	http://77.110.103.209:3000/api/hvnc/heartbeat	ThreatFox: Unknown Stealer - botnet_cc	2026-01-31
URL	https://cdn.jsdelivr.net/gh/www1day7/msdn/flag	ThreatFox: ClearFake - payload_delivery	2026-01-31
URL	http://hsk-new.com/XdFWQSP/login.php	ThreatFox: DarkCloud Stealer - botnet_cc	2026-01-31
URL	https://45.93.20.141/	ThreatFox: Unknown malware - payload_delivery	2026-01-31
URL	http://23.94.61.153:8888/supershell/login/	ThreatFox: Unknown malware - botnet_cc	2026-01-31
URL	http://45.88.91.156/pages/login.php	ThreatFox: Unknown malware - botnet_cc	2026-01-31
URL	https://casettalecese.it/wp-content/uploads/2022/10/sd2.ps1	ThreatFox: Koi Loader - payload_delivery	2026-01-31
URL	http://94.247.42.253/index.php	ThreatFox: Koi Loader - payload_delivery	2026-01-31
URL	http://94.247.42.253/pilot.php	ThreatFox: Koi Loader - botnet_cc	2026-01-31
URL	https://casettalecese.it/wp-content/uploads/2022/10/hemigastrectomySDur.php	ThreatFox: Koi Loader - payload_delivery	2026-01-31
URL	https://casettalecese.it/wp-content/uploads/2022/10/bivalviaGrr.php	ThreatFox: Koi Loader - payload_delivery	2026-01-31
URL	https://casettalecese.it/wp-content/uploads/2022/10/transhumanDAxj.exe	ThreatFox: Koi Loader - payload_delivery	2026-01-31
URL	https://casettalecese.it/wp-content/uploads/2022/10/nephralgiaMsy.ps1	ThreatFox: Koi Loader - payload_delivery	2026-01-31
URL	https://casettalecese.it/wp-content/uploads/2022/10/boomier10qD0.php	ThreatFox: Koi Loader - payload_delivery	2026-01-31
URL	http://138.226.237.76	ThreatFox: Stealc - botnet_cc	2026-01-31
URL	http://104.238.177.164	ThreatFox: Stealc - botnet_cc	2026-01-31
URL	https://cdn.jsdelivr.net/gh/www1day7/msdn/das3	ThreatFox: ClearFake - payload_delivery	2026-01-31
URL	https://cdn.jsdelivr.net/gh/relight-73-unsigned/ged13/nm12	ThreatFox: ClearFake - payload_delivery	2026-01-31
URL	http://45.151.91.164/10673afc1ae745f5.php	ThreatFox: Stealc - botnet_cc	2026-01-31
URL	http://167.86.95.233/af45b4032b6d7f1f.php	ThreatFox: Stealc - botnet_cc	2026-01-31
URL	https://rickscribner.com/5j9k.js	ThreatFox: KongTuke - payload_delivery	2026-01-31
URL	https://rickscribner.com/js.php	ThreatFox: KongTuke - payload_delivery	2026-01-31
URL	https://goldenring.live/pages/login.html	ThreatFox: Unknown malware - botnet_cc	2026-01-31
URL	http://microsoftpoller20.com/gt.php	ThreatFox: Unknown malware - botnet_cc	2026-01-31
URL	https://jenmartini.com/6b7n.js	ThreatFox: KongTuke - payload_delivery	2026-01-31
URL	https://jenmartini.com/js.php	ThreatFox: KongTuke - payload_delivery	2026-01-31
URL	http://cloud.uniprolaptimer.com:5042/	ThreatFox: Eye Pyramid - payload_delivery	2026-01-31
URL	http://albionpirates.pro:444/login/3keXipGb5Rr+gpGO9CjsSfdz+of5	ThreatFox: Eye Pyramid - payload_delivery	2026-01-31
URL	http://91.92.243.87:443/login/yluPi4iQ+gbMi4qb/DSlEbZ1vJ7zTJi2/udu	ThreatFox: Eye Pyramid - payload_delivery	2026-01-31
URL	http://54.38.94.225:8883/	ThreatFox: Eye Pyramid - payload_delivery	2026-01-31
URL	https://goldenring.live/api/logs/check	ThreatFox: Unknown Stealer - botnet_cc	2026-01-31

References (2)

↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch