Dedicated IOC database focused on threat actors infrastructure based in Russia⚰️ and Belarus🥔 (RU/BY), providing up-to-date information on C2 and malware distribution servers for all interested parties.
Read our statement| First seen | IOC | Malware | Country | Tags |
|---|---|---|---|---|
| 2025-01-31 16:00:20 UTC | 45.141.76.97:8085 | Cobalt Strike | RU | c2 CobaltStrike cs-watermark-987654321 censys AS198610 BEGET-AS |
| 2025-01-31 16:20:56 UTC | 185.7.214.250:2426 | Remcos | RU | iocbottest 31January2025 |
| 2025-01-31 12:00:24 UTC | 80.66.76.39:80 | Cobalt Strike | RU | c2 CobaltStrike censys AS208091 XHOST-INTERNET-SOLUTIONS |
| 2025-01-31 08:46:07 UTC | 195.208.25.141:8888 | Eye Pyramid | RU | drb-ra EyePyramid |
| 2025-01-31 08:14:15 UTC | 193.161.193.99:32899 | XWorm | RU | iocbottest 31January2025 |
| 2025-01-31 08:14:18 UTC | 185.7.214.54:4411 | XWorm | RU | iocbottest 31January2025 |
| 2025-01-31 08:15:02 UTC | 87.228.57.81:4782 | Quasar RAT | RU | iocbottest 31January2025 |
| 2025-01-31 07:01:37 UTC | 195.58.36.137:3333 | Unknown malware | RU | AS9123 censys TIMEWEB-AS GoPhish phishing |
| 2025-01-30 14:07:06 UTC | 194.58.71.31:9595 | SpyNote | RU | iocbottest 30January2025 |
| 2025-01-30 14:07:06 UTC | 193.161.193.99:31895 | SpyNote | RU | iocbottest 30January2025 |