nuffsec/threatintel

Dedicated IOC database focused on threat actors infrastructure based in Russia⚰️ and Belarus🥔 (RU/BY), providing up-to-date information on C2 and malware distribution servers for all interested parties.

Read our statement
First seen IOC Malware Country Tags
2025-01-10 08:04:17 UTC 31.192.107.221:25143 Havoc RU c2 censys Havoc AS50867 ORG-LVA15-AS
2025-01-10 04:04:30 UTC 45.151.62.214:7443 Unknown malware RU c2 censys AS207713 GIR-AS Mythic
2025-01-09 04:03:08 UTC 94.159.113.213:80 Matanbuchus RU c2 censys matanbuchus AS216234 SERVER-21-AS
2025-01-09 04:02:19 UTC 62.109.30.217:8001 Cobalt Strike RU c2 CobaltStrike censys AS29182 RU-JSCIOT
2025-01-09 04:02:12 UTC 188.120.254.229:8001 Cobalt Strike RU c2 CobaltStrike cs-watermark-987654321 censys AS29182 RU-JSCIOT
2025-01-08 10:20:16 UTC 89.23.97.121:1112 RedLine Stealer RU RedLineStealer
2025-01-08 07:30:57 UTC 93.183.80.103:3333 Unknown malware RU AS9123 censys TIMEWEB-AS GoPhish phishing
2025-01-07 07:40:26 UTC 185.43.4.80:8001 Cobalt Strike RU c2 CobaltStrike cs-watermark-987654321 shodan
2025-01-07 00:04:18 UTC 176.124.214.46:80 Stealc RU c2 AS9123 censys TIMEWEB-AS Stealc stealer
2025-01-07 00:02:02 UTC 185.43.4.69:8001 Cobalt Strike RU c2 CobaltStrike cs-watermark-987654321 censys AS29182 RU-JSCIOT