← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OSINT Volley 2026-02-09 - Cobalt Strike/Unknown malware/XWorm
Automated OSINT sweep from ThreatFox. Top malware: Cobalt Strike(98), Unknown malware(22), XWorm(16), Unknown Loader(12), Mirai(12). Source: abuse.ch ThreatFox API. SSL enriched: 23 IPs with HTTPS, 14 self-signed (C2 candidates). Pattern 54: sweep→volley automation.
MITRE ATT&CK & Malware Families
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| domain | grandfatherquiver.xyz | ThreatFox: Unknown Loader - botnet_cc | 2026-02-09 | |
| domain | mountainsurprise.cfd | ThreatFox: Unknown Loader - botnet_cc | 2026-02-09 | |
| domain | peacetongue.xyz | ThreatFox: Unknown Loader - botnet_cc | 2026-02-09 | |
| domain | argumentablyfile.space | ThreatFox: Unknown Loader - botnet_cc | 2026-02-09 | |
| domain | rabbitsbird.info | ThreatFox: Unknown Loader - botnet_cc | 2026-02-09 | |
| domain | toescloth.space | ThreatFox: Unknown Loader - botnet_cc | 2026-02-09 | |
| domain | creamfurniture.space | ThreatFox: Unknown Loader - botnet_cc | 2026-02-09 | |
| domain | crackfood.space | ThreatFox: Unknown Loader - botnet_cc | 2026-02-09 | |
| domain | woundsecretary.xyz | ThreatFox: Unknown Loader - botnet_cc | 2026-02-09 | |
| domain | glassmove.xyz | ThreatFox: Unknown Loader - botnet_cc | 2026-02-09 | |
| domain | armyshoe.xyz | ThreatFox: Unknown Loader - botnet_cc | 2026-02-09 | |
| domain | celeryerror.xyz | ThreatFox: Unknown Loader - botnet_cc | 2026-02-09 | |
| URL | https://namzcp.org/ | ThreatFox: Unknown malware - payload_delivery | 2026-02-09 | |
| domain | oculusr.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-02-09 | |
| domain | verbala.cyou | ThreatFox: Lumma Stealer - botnet_cc | 2026-02-09 | |
| URL | http://193.143.1.16/g8hrS4f4vh/index.php | ThreatFox: Amadey - botnet_cc | 2026-02-09 | |
| URL | http://130.12.180.121/file/all | ThreatFox: Unknown malware - payload_delivery | 2026-02-09 | |
| URL | http://130.12.180.20:34029/cat.sh | ThreatFox: Unknown malware - payload_delivery | 2026-02-09 | |
| hostname | allwheelwealth.duckdns.org | ThreatFox: XWorm - botnet_cc | 2026-02-09 | |
| domain | birdiethirty.com | ThreatFox: Unknown malware - botnet_cc | 2026-02-09 | |
| hostname | ir.alchemyapi.io | ThreatFox: Unknown malware - botnet_cc | 2026-02-09 | |
| hostname | mta-251.70.ou2in.in | ThreatFox: Cobalt Strike - botnet_cc | 2026-02-09 | |
| hostname | www.jira.devergent.net | ThreatFox: Hook - botnet_cc | 2026-02-09 | |
| domain | namzcp.org | ThreatFox: Unknown malware - payload_delivery | 2026-02-09 | |
| hostname | qiye.163.educn.xin | ThreatFox: Cobalt Strike - botnet_cc | 2026-02-09 | |
| hostname | zxccvinorez738-44567.portmap.host | ThreatFox: NjRAT - botnet_cc | 2026-02-09 | |
| hostname | qlb.uk.com | ThreatFox: AsyncRAT - botnet_cc | 2026-02-09 | |
| hostname | rmaa7-37443.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-02-09 | |
| hostname | turkirma7-53217.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-02-09 | |
| hostname | penispro8ty2-54766.portmap.host | ThreatFox: XWorm - botnet_cc | 2026-02-09 | |
| hostname | 2wjmdomc.breathforgiv.digital | ThreatFox: ClearFake - payload_delivery | 2026-02-09 | |
| hostname | 4wpv9rkz.breathforgiv.digital | ThreatFox: ClearFake - payload_delivery | 2026-02-09 | |
| hostname | 5.ooocyber.cfd | ThreatFox: Unknown malware - botnet_cc | 2026-02-09 | |
| hostname | 4.ooocyber.cfd | ThreatFox: Unknown malware - botnet_cc | 2026-02-09 | |
| domain | ladydosug.cfd | ThreatFox: Unknown malware - botnet_cc | 2026-02-09 | |
| domain | sdn-cloudflare-js-botstrup.cfd | ThreatFox: Unknown malware - botnet_cc | 2026-02-09 | |
| domain | sdn-cloudflare-js.cfd | ThreatFox: Unknown malware - botnet_cc | 2026-02-09 | |
| hostname | www.winabla.com | ThreatFox: Unknown malware - botnet_cc | 2026-02-09 | |
| hostname | lcowpowerlite.italynorth.cloudapp.azure.com | ThreatFox: Cobalt Strike - botnet_cc | 2026-02-09 | |
| hostname | email-api.argelni.site | ThreatFox: Havoc - botnet_cc | 2026-02-09 | |
| domain | cameework.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-02-09 | |
| domain | joeyapple.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-02-09 | |
| domain | pestcontrolinsarasota.com | ThreatFox: Unknown Stealer - botnet_cc | 2026-02-09 |