The Hunter's Ledger
IOC Feeds
Indicators of Compromise
Structured feeds ready for ingestion into your SIEM, EDR, or CTI platform. Licensed under CC BY-NC 4.0.
Recent
HIGH · May 2026
HijackLoader / Penguish / Rugmi to AsyncRAT Multi-Vector Phishing Campaign — IOC Feed
Loader RAT MaaS Open Dir
HIGH · Apr 2026
AdaptixC2 Open Directory Exposure (45.130.148.125) — IOC Feed
C2 Toolkit Open Dir
HIGH · Apr 2026
Chaos Ransomware (TorBrowserTor) Multi-Stage Loader (94.103.1.13) — IOC Feed
Ransomware Loader Open Dir
HIGH · Apr 2026
ShinyHunters Data Leak Site (91.215.85.22) — IOC Feed
Exfil Cred Theft Threat
All Feeds
OpenStrike Expanded Toolkit (172.105.0.126) — IOC Feed
Toolkit C2 Injection
Apr 2026
OpenStrike Beacon Toolkit (172.105.0.126) — IOC Feed
Toolkit C2 Open Dir
Apr 2026
Shadow RAT & XWorm Open Directory Campaign — IOC Feed
RAT MaaS C2
Apr 2026
Open Directory at 193.56.255.154 — XiebroC2 and Covenant C2 IOC Feed
C2 Multi-Family Open Dir
Apr 2026
ZeroTrace Multi-Family MaaS Operation — IOC Feed
MaaS Multi-Family C2
Mar 2026
Sliver C2 / ScareCrow Loader Open Directory — IOC Feed
C2 Loader Go
Mar 2026
Webserver Compromise Kit 91.236.230.250 — IOC Feed
Toolkit Priv Esc RCE
Feb 2026
Remcos RAT OpenDirectory Campaign — IOC Feed
RAT Cred Theft
Feb 2026
NsMiner Cryptojacker — IOC Feed
Cryptominer Dropper
Feb 2026
Arsenal-237 New Files: full_test_enc.exe — IOC Feed
Ransomware Rust
Jan 2026
Arsenal-237 New Files: new_enc.exe — IOC Feed
Ransomware Rust
Jan 2026
Arsenal-237 New Files: dec_fixed.exe — IOC Feed
Ransomware Rust
Jan 2026
Arsenal-237 New Files: enc_c2.exe — IOC Feed
Ransomware C2
Jan 2026
Arsenal-237 New Files: chromelevator.exe — IOC Feed
Cred Theft .NET
Jan 2026
Arsenal-237 New Files: nethost.dll — IOC Feed
DLL Hijack Persistence
Jan 2026
Arsenal-237 New Files: rootkit.dll — IOC Feed
Rootkit Evasion
Jan 2026
Arsenal-237 New Files: BdApiUtil64.sys — IOC Feed
BYOVD Priv Esc
Jan 2026
Arsenal-237 New Files: lpe.exe — IOC Feed
Priv Esc
Jan 2026
Arsenal-237 New Files: killer_crowdstrike.dll — IOC Feed
Evasion BYOVD
Jan 2026
Arsenal-237 New Files: killer.dll — IOC Feed
BYOVD Evasion
Jan 2026
Arsenal-237: enc/dec Ransomware Family — IOC Feed
Ransomware Rust
Jan 2026
Arsenal-237: uac_test.exe — IOC Feed
Priv Esc Evasion
Jan 2026
Arsenal-237: FleetAgentFUD.exe — IOC Feed
Dropper Evasion
Jan 2026
Arsenal-237: FleetAgentAdvanced.exe — IOC Feed
Dropper Persistence
Jan 2026
Arsenal-237: agent_xworm_v2.exe — IOC Feed
RAT C2
Jan 2026
Arsenal-237: agent_xworm.exe — IOC Feed
RAT C2
Jan 2026
Arsenal-237: agent.exe (PoetRAT) — IOC Feed
RAT C2
Jan 2026
Dual-RAT Analysis: Pulsar RAT vs. NjRAT/XWorm — IOC Feed
RAT .NET
Dec 2025
PULSAR RAT (server.exe) — IOC Feed
RAT Cred Theft
Dec 2025
Hybrid Loader/Stealer Ecosystem Masquerading as Sogou — IOC Feed
Loader Stealer
Nov 2025
Houselet.exe — IOC Feed
Loader Stealer Go
Nov 2025
AdvancedRouterScanner — IOC Feed
Scanner Exploitation
Oct 2025
From Webshells to The Cloud — IOC Feed
Webshell Exfil
Oct 2025
QuasarRAT + XWorm + PowerShell Loader — IOC Feed
RAT Loader
Oct 2025