Pulse Detail — Threat Intelligence

PULSE NAME

OSINT Volley 2026-02-14 - Formbook/ClearFake/Unknown Stealer

WHITE pduggusa 2026-02-14 Modified: 2026-03-16

112

IOCs

HIGH VOLUME

Automated OSINT sweep from ThreatFox. Top malware: Formbook(160), ClearFake(66), Unknown Stealer(60), AsyncRAT(48), XWorm(44). Source: abuse.ch ThreatFox API. SSL enriched: 30 IPs with HTTPS, 10 self-signed (C2 candidates). Pattern 54: sweep→volley automation.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1071.001 T1105 T1189 T1204.002 T1566.002 T1059.001 T1219 T1056.001 T1055

MALWARE FAMILIES

Formbook ClearFake Unknown Stealer AsyncRAT XWorm

Indicators of Compromise (4 / 112 total)

All hostname URL domain FileHash-MD5

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	https://drawnbe.cyou/api	ThreatFox: Lumma Stealer - botnet_cc	2026-02-14
URL	https://portuge.cyou/api	ThreatFox: Lumma Stealer - botnet_cc	2026-02-14
URL	https://brekaz.shop/api/css.js	ThreatFox: Unknown malware - payload_delivery	2026-02-14
URL	http://91.196.33.68	ThreatFox: Stealc - botnet_cc	2026-02-14

References (2)

↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch