Dedicated IOC database focused on threat actors infrastructure based in Russia⚰️ and Belarus🥔 (RU/BY), providing up-to-date information on C2 and malware distribution servers for all interested parties.
Read our statement| First seen | IOC | Malware | Country | Tags |
|---|---|---|---|---|
| 2025-02-01 17:45:09 UTC | 77.223.119.187:5655 | RMS | RU | RemoteManipulator |
| 2025-02-01 16:51:39 UTC | 193.233.48.167:31337 | Sliver | RU | c2 shodan sliver |
| 2025-02-01 12:01:03 UTC | 193.3.23.122:8443 | Sliver | RU | c2 censys sliver AS212913 payload TIMEHOST-AS |
| 2025-02-01 11:20:55 UTC | 5.178.87.202:3333 | RedLine Stealer | RU | RedLineStealer |
| 2025-02-01 08:46:06 UTC | 195.208.25.141:443 | Eye Pyramid | RU | drb-ra EyePyramid |
| 2025-02-01 08:45:38 UTC | 185.255.133.88:443 | DanaBot | RU | drb-ra DanBot |
| 2025-02-01 08:01:37 UTC | 212.22.86.250:80 | Bashlite | RU | c2 censys Gafgyt open-dir AS215096 MADHOST-AS |
| 2025-02-01 06:57:57 UTC | 193.3.23.122:31337 | Sliver | RU | c2 shodan sliver |
| 2025-02-01 00:01:27 UTC | 185.147.124.108:443 | PoshC2 | RU | c2 censys AS49505 SELECTEL Posh |
| 2025-02-01 00:01:17 UTC | 87.242.124.66:7443 | Unknown malware | RU | c2 censys Mythic AS208677 CLOUDRU-AS |