← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2026-02-05 - Unknown malware/Unknown Stealer/Cobalt Strike
Automated OSINT sweep from ThreatFox. Top malware: Unknown malware(63), Unknown Stealer(28), Cobalt Strike(21), Remcos(18), Lumma Stealer(17). Source: abuse.ch ThreatFox API. SSL enriched: 24 IPs with HTTPS, 19 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
MITRE ATT&CK & Malware Families
Indicators of Compromise (111)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| URL | https://cdn.jsdelivr.net/gh/keys53/c10ud/lopp | ThreatFox: ClearFake - payload_delivery | 2026-02-05 | |
| domain | iacld.ir | ThreatFox: Snake - botnet_cc | 2026-02-05 | |
| hostname | mail.iacld.ir | ThreatFox: Snake - botnet_cc | 2026-02-05 | |
| URL | http://103.101.85.39/e57fc20ec405486a.php | ThreatFox: Stealc - botnet_cc | 2026-02-05 | |
| hostname | a6u344gi.galloverpower.digital | ThreatFox: ClearFake - payload_delivery | 2026-02-05 | |
| hostname | uw5q8kca.galloverpower.digital | ThreatFox: ClearFake - payload_delivery | 2026-02-05 | |
| hostname | systemcopilotdrivers.ydns.eu | ThreatFox: Remcos - botnet_cc | 2026-02-05 | |
| hostname | app.frugesta.top | ThreatFox: KongTuke - payload_delivery | 2026-02-05 | |
| hostname | payload.bruemald.top | ThreatFox: KongTuke - payload_delivery | 2026-02-05 | |
| domain | morasota.top | ThreatFox: KongTuke - payload_delivery | 2026-02-05 | |
| URL | https://emierich.com/2p2o.js | ThreatFox: KongTuke - payload_delivery | 2026-02-05 | |
| hostname | net.botsu.pw | ThreatFox: Mirai - botnet_cc | 2026-02-05 | |
| hostname | filegrace2026.duckdns.org | ThreatFox: Remcos - botnet_cc | 2026-02-05 | |
| URL | http://691239cm.nyash.es/TowindowsDownloads.php | ThreatFox: DCRat - botnet_cc | 2026-02-05 | |
| URL | http://130.12.180.120/file/bbc | ThreatFox: Unknown malware - payload_delivery | 2026-02-05 | |
| URL | http://wp-filemanager.com/mshell_cred.json | ThreatFox: Unknown malware - botnet_cc | 2026-02-05 | |
| URL | https://support.asseryassin.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-02-05 | |
| domain | whreceiver.ru | ThreatFox: Unknown malware - botnet_cc | 2026-02-05 | |
| URL | https://captoolsz.com/ | ThreatFox: Unknown malware - payload_delivery | 2026-02-05 | |
| FileHash-SHA256 | b992e880fce09d09bd2ed7a172c592a20e211f31a116911174f20ac98b818cb0 | ThreatFox: Mekotio - payload | 2026-02-05 | |
| domain | erberloose.club | ThreatFox: Stealc - botnet_cc | 2026-02-05 | |
| domain | mezcalpro.com | ThreatFox: SmartApeSG - payload_delivery | 2026-02-05 | |
| URL | https://mezcalpro.com/scq | ThreatFox: SmartApeSG - payload_delivery | 2026-02-05 | |
| domain | socialitei.com | ThreatFox: SmartApeSG - payload_delivery | 2026-02-05 | |
| URL | https://socialitei.com/callback/logout-payload.js | ThreatFox: SmartApeSG - payload_delivery | 2026-02-05 | |
| URL | https://socialitei.com/callback/proxy-parser.php | ThreatFox: SmartApeSG - payload_delivery | 2026-02-05 | |
| URL | https://socialitei.com/callback/refresh-parser.js | ThreatFox: SmartApeSG - payload_delivery | 2026-02-05 | |
| URL | http://193.42.38.38/func | ThreatFox: SmartApeSG - payload_delivery | 2026-02-05 | |
| URL | https://neymbus.com/func | ThreatFox: SmartApeSG - payload_delivery | 2026-02-05 | |
| URL | https://193.42.38.38/class | ThreatFox: SmartApeSG - payload_delivery | 2026-02-05 | |
| hostname | 08f0.proxy-edge-c5f.workers.dev | ThreatFox: SMOKEDHAM - botnet_cc | 2026-02-05 | |
| hostname | divine-glitter-cfb4.elena-morales.workers.dev | ThreatFox: SMOKEDHAM - botnet_cc | 2026-02-05 | |
| hostname | little-frog-2e65.kaxij51156.workers.dev | ThreatFox: SMOKEDHAM - botnet_cc | 2026-02-05 | |
| hostname | app-server.comof72509.workers.dev | ThreatFox: SMOKEDHAM - botnet_cc | 2026-02-05 | |
| hostname | dev1-server.sogal69343.workers.dev | ThreatFox: SMOKEDHAM - botnet_cc | 2026-02-05 | |
| URL | http://wellnesscaremed.com/ankara/Favorites/blank.doc | ThreatFox: Unknown malware - payload_delivery | 2026-02-05 | |
| URL | http://wellnesscaremed.com/buch/Downloads/blank.doc | ThreatFox: Unknown malware - payload_delivery | 2026-02-05 | |
| URL | http://wellnesscaremed.com/ljub/Downloads/blank.doc | ThreatFox: Unknown malware - payload_delivery | 2026-02-05 | |
| URL | http://wellnesscaremed.com/venezia/Favorites/blank.doc | ThreatFox: Unknown malware - payload_delivery | 2026-02-05 | |
| URL | http://wellnessmedcare.org/cz/Downloads/blank.doc | ThreatFox: Unknown malware - payload_delivery | 2026-02-05 | |
| URL | http://wellnessmedcare.org/pol/Downloads/blank.doc | ThreatFox: Unknown malware - payload_delivery | 2026-02-05 | |
| URL | https://wellnesscaremed.com/ankara/Favorites/document.doc.LnK?init=1 | ThreatFox: Unknown malware - payload_delivery | 2026-02-05 | |
| URL | https://wellnesscaremed.com/buch/Downloads/document.doc.LnK?init=1 | ThreatFox: Unknown malware - payload_delivery | 2026-02-05 | |
| URL | https://wellnesscaremed.com/ljub/Downloads/document.doc.LnK?init=1 | ThreatFox: Unknown malware - payload_delivery | 2026-02-05 | |
| URL | https://wellnesscaremed.com/venezia/Favorites/document.doc.LnK?init=1 | ThreatFox: Unknown malware - payload_delivery | 2026-02-05 | |
| URL | https://wellnessmedcare.org/cz/Downloads/document.LnK?init=1 | ThreatFox: Unknown malware - payload_delivery | 2026-02-05 | |
| URL | https://wellnessmedcare.org/pol/Downloads/document.LnK?init=1 | ThreatFox: Unknown malware - payload_delivery | 2026-02-05 | |
| URL | http://freefoodaid.com/documents/2_1.lNk?init=1 | ThreatFox: Unknown malware - payload_delivery | 2026-02-05 | |
| URL | https://freefoodaid.com/documents/1_1.LnK?init=1 | ThreatFox: Unknown malware - payload_delivery | 2026-02-05 | |
| URL | https://freefoodaid.com/tables/tables.lNk?init=1 | ThreatFox: Unknown malware - payload_delivery | 2026-02-05 | |
| URL | https://freefoodaid.com/tables//template_tables.doc | ThreatFox: Unknown malware - payload_delivery | 2026-02-05 | |
| URL | https://longsauce.com/DAv/DEFault/data.LnK?init=1 | ThreatFox: Unknown malware - payload_delivery | 2026-02-05 | |
| URL | https://longsauce.com/DAv/DEFault/df.doc | ThreatFox: Unknown malware - payload_delivery | 2026-02-05 | |
| domain | wellnesscaremed.com | ThreatFox: Unknown malware - botnet_cc | 2026-02-05 | |
| domain | wellnessmedcare.org | ThreatFox: Unknown malware - botnet_cc | 2026-02-05 | |
| domain | freefoodaid.com | ThreatFox: Unknown malware - botnet_cc | 2026-02-05 | |
| domain | longsauce.com | ThreatFox: Unknown malware - botnet_cc | 2026-02-05 | |
| FileHash-SHA256 | b7342b03d7642c894ebad639b9b53fd851d7958298f454283c18748051946585 | ThreatFox: Unknown malware - payload | 2026-02-05 | |
| FileHash-SHA256 | be859b4f4576ec09b69a2ef2d119939f7eb31de121aa01d38e1f0b2290f5a15e | ThreatFox: Unknown malware - payload | 2026-02-05 | |
| FileHash-SHA256 | c91183175ce77360006f964841eb4048cf37cb82103f2573e262927be4c7607f | ThreatFox: Unknown malware - payload | 2026-02-05 | |
| FileHash-SHA256 | baad1153e58c86aa1dc9346cdd06be53b5dd2a6cf76202536d6721c934008f8e | ThreatFox: Unknown malware - payload | 2026-02-05 | |
| FileHash-SHA256 | 969d2776df0674a1cca0f74c2fccbc43802b4f2b62ecccecc26ed538e9565eae | ThreatFox: Unknown malware - payload | 2026-02-05 | |
| FileHash-SHA256 | 5a17cfaea0cc3a82242fdd11b53140c0b56256d769b07c33757d61e0a0a6ec02 | ThreatFox: Unknown malware - payload | 2026-02-05 | |
| FileHash-SHA256 | e792adf4dff54faca5b9f5b32c1a2df3a6a955e722f1be8df2451c03ed940e41 | ThreatFox: Unknown malware - payload | 2026-02-05 | |
| FileHash-SHA256 | d213b5079462e737eb940ac46c59e386eb6ca7f8decc95a594b3d8f3b6940010 | ThreatFox: Unknown malware - payload | 2026-02-05 | |
| FileHash-SHA256 | 1ed863a32372160b3a25549aad25d48d5352d9b4f58d4339408c4eea69807f50 | ThreatFox: Unknown malware - payload | 2026-02-05 | |
| FileHash-SHA256 | 968756e62052f9af80934b599994addbab29f8dc2615c47cda512bae48771019 | ThreatFox: Unknown malware - payload | 2026-02-05 | |
| FileHash-MD5 | d47261e52335b516a777da368208ee91 | ThreatFox: Unknown malware - payload | 2026-02-05 | |
| FileHash-MD5 | e4a5c4b205e1b80dc20d9a2fb4126d06 | ThreatFox: Unknown malware - payload | 2026-02-05 | |
| FileHash-MD5 | 859c4b85ed85e6cc4eadb1a037a61e16 | ThreatFox: Unknown malware - payload | 2026-02-05 | |
| FileHash-MD5 | 2f7b4dca1c79e525aef8da537294a6c4 | ThreatFox: Unknown malware - payload | 2026-02-05 | |
| FileHash-MD5 | 337cecf067ecf0609b943b54fb246ed2 | ThreatFox: Unknown malware - payload | 2026-02-05 | |
| FileHash-MD5 | 41c51784f6d601ffd0e09b7d59ff6025 | ThreatFox: Unknown malware - payload | 2026-02-05 | |
| FileHash-MD5 | 4727582023cd8071a6f388ea3ba2feaa | ThreatFox: Unknown malware - payload | 2026-02-05 | |
| FileHash-MD5 | 58f517bdc9ba8de1b69829b0dcf86113 | ThreatFox: Unknown malware - payload | 2026-02-05 | |
| FileHash-MD5 | 6408276cdfd12a1d5d3ed7256bfba639 | ThreatFox: Unknown malware - payload | 2026-02-05 | |
| FileHash-MD5 | 7c396677848776f9824ebe408bbba943 | ThreatFox: Unknown malware - payload | 2026-02-05 | |
| FileHash-MD5 | b6a86f44d0a3fa5a5ac979d691189f2d | ThreatFox: Unknown malware - payload | 2026-02-05 | |
| FileHash-MD5 | c306e0a3ec528368f0b0332104148266 | ThreatFox: Unknown malware - payload | 2026-02-05 | |
| FileHash-MD5 | 1550ae7df233bb9a9c9e78bf8b236072 | ThreatFox: Unknown malware - payload | 2026-02-05 | |
| FileHash-MD5 | 0df3fde016f3c0974d4aa01b06724a33 | ThreatFox: Unknown malware - payload | 2026-02-05 | |
| FileHash-MD5 | 045d1e0686f8b4b49b2d9cf48ac821f8 | ThreatFox: Unknown malware - payload | 2026-02-05 | |
| hostname | exzile-61282.portmap.host | ThreatFox: Quasar RAT - botnet_cc | 2026-02-05 | |
| domain | educationexpands.in.net | ThreatFox: AsyncRAT - botnet_cc | 2026-02-05 | |
| domain | win-system-diag.tech | ThreatFox: Cobalt Strike - botnet_cc | 2026-02-05 | |
| hostname | ts.008642.xyz | ThreatFox: Cobalt Strike - botnet_cc | 2026-02-05 | |
| hostname | 2458ccd60cc54149bb05537717d831f0--8000.ap-shanghai2.cloudstudio.club | ThreatFox: Cobalt Strike - botnet_cc | 2026-02-05 | |
| URL | http://185.100.157.18/19fa6cbdd2bb41df.php | ThreatFox: Stealc - botnet_cc | 2026-02-05 | |
| URL | http://198.251.89.171/e86b90f3097e4b27.php | ThreatFox: Stealc - botnet_cc | 2026-02-05 | |
| domain | ebonizz.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-02-05 | |
| domain | pepperz.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-02-05 | |
| domain | killnnk.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-02-05 | |
| domain | editorr.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-02-05 | |
| domain | marktwx.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-02-05 | |
| domain | swedisc.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-02-05 | |
| domain | thoughg.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-02-05 | |
| domain | trainen.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-02-05 | |
| domain | judicis.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-02-05 | |
| domain | underpt.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-02-05 | |
| domain | tasselg.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-02-05 | |
| domain | troyouc.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-02-05 | |
| domain | dreamlm.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-02-05 | |
| domain | posbglobal.com | ThreatFox: VShell - botnet_cc | 2026-02-05 | |
| URL | http://150.241.83.5/8574ba9c14cf4c8b.php | ThreatFox: Stealc - botnet_cc | 2026-02-05 | |
| domain | inconsk.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-02-05 | |
| domain | cheship.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-02-05 | |
| domain | molewyn.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-02-05 | |
| hostname | itzjrx-35702.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-02-05 | |
| URL | https://cdn.jsdelivr.net/gh/stp26det/amd64/liveserv | ThreatFox: ClearFake - payload_delivery | 2026-02-05 | |
| URL | https://erberloose.club | ThreatFox: Stealc - botnet_cc | 2026-02-05 | |
| hostname | mrekuro.hopto.org | ThreatFox: Remcos - botnet_cc | 2026-02-05 |