IOCs Feed
Hashes, IPs, domains, URLs from active ransomware campaigns
Indicators of compromise (IOCs) are file hashes, IP addresses, domains, and URLs observed in real ransomware attacks — security teams use them to detect, block, and hunt for the same infrastructure and malware across their own environment. This feed lists IOCs collected from active ransomware campaigns, attributed to the group and leak site that used them where known.
Total Indicators
—
hashes, IPs, domains, URLs
IOC charts
48,623 total
| Ransomware group | Type | Value | Copy |
|---|---|---|---|
| sabbath | hash | 41aa7cdd6c9ed2ac0932d8084c89f28f | |
| sabbath | hash | 2e4d5b0fee977939ed85aafb89cc40f8b2350385 | |
| sabbath | hash | 36e91497fee355a45a5cb23a5ea91139 | |
| sabbath | hash | 54d141eb585f38fc83a1dc15aa281a84c0416d4f | |
| sabbath | ip | 147.135.78.200 | |
| sabbath | hash | 11b8beaa53353f5f52607e994849c3086733dfa01cc57fea2dae42eb7a6ee972 | |
| sabbath | hash | fdcebfb47e38e66f673cb01c308c73b421cd9a2ba84e1c55e42a5f580ee68fe3 | |
| sabbath | hostname | elsumergible.neuronal.blog.co | |
| sabbath | hash | e047aa878f9e7a55a80cc1b70d0ac9840251691e91ab6454562afbff427b0879 | |
| sabbath | url | https://order.cargobussiness.site | |
| sabbath | hash | fadd3aebdcdf61da44bccf7b71f30312c807c432514b761010aef10ddaf93270 | |
| sabbath | ip | 144.208.127.245 | |
| sabbath | hash | 2ceb5de547ad250140c7eb3c3d73e4331c94cf5a472e2806f93bf0d9df09d886 | |
| sabbath | hash | bba3ff461eee305c7408e31e427f57e6 | |
| sabbath | ip | 85.112.74.178 | |
| sabbath | hash | c67ad0bb292ed20dbe9ba980e71d223249632252 | |
| sabbath | ip | 8.209.100.246 | |
| sabbath | hostname | dasher.order-cancelled.swizxz.com | |
| sabbath | hash | 05e1247ff02d50aed81ecd9d0b93c41c | |
| sabbath | hash | 27ca24a7f6d02539235d46e689e6e4ac | |
| sabbath | hostname | ww16.fk.m00nlight.top | |
| sabbath | hash | 05cbef6bd0992e3532a3c597957f821140b61b94 | |
| sabbath | hostname | www.readingtherapiesgroup.org.uk | |
| sabbath | url | http://businessaudit.tax/verification.php | |
| sabbath | hash | 0a39d498c453699cde26fb6088d9e008 | |
| sabbath | hash | db7d1545c3c7e60235700af672c1d20175b380cd | |
| sabbath | hash | d141ec71b5b9443bc23b64c43ce9c36f | |
| sabbath | ip | 172.105.229.93 | |
| sabbath | url | http://dlcksmith.giftbox4u.com/ | |
| sabbath | hash | 6471546dc9adbca46cb794a4123dbccd2887b7f2 | |
| sabbath | hostname | atunite.icu | |
| sabbath | hash | 92f1e5424d53e3f4516d4c831afe3d64e88ed265ec143fb32717f2323836d61b | |
| sabbath | hash | 493698b1d7acfbf57848b964b4b0ae97 | |
| sabbath | hostname | chyprediction.com | |
| sabbath | ip | 154.35.175.225 | |
| sabbath | url | http://www.krislab.site/ | |
| sabbath | hash | 7a1c5e1799bdeebb01527f54a7fd89d0b720dea7 | |
| sabbath | hash | 5ba9f7cd51e8eac88f870e340c8262683d92563d | |
| sabbath | url | http://www.dog3rj.tech/ | |
| sabbath | hostname | backupslive.com | |
| sabbath | url | http://ajlbulicidate.pt/squriming.php | |
| sabbath | url | https://github.ithub.com/leebhan/9/issues/144 | |
| sabbath | hash | 4a647cbecf425627bd15b5f508d75fbfbf8506c2 | |
| sabbath | hash | 1cc16e3a6185b790875e3f00b68ec87feddcf93f | |
| sabbath | hash | e663bb4d9506e7c09bcf7b764d31b61d8f7dbae0b64dd4ef4e9d282e1909d386 | |
| sabbath | hash | c511853d2df7a1c91ac2150f3f4973c1606db8f31a3aa5c676528c1779bc21a5 | |
| sabbath | hash | 88adb7aba69b32e3f3c8829b6d20934d | |
| sabbath | hash | 64071aaa193ab18722553bf6f573547b | |
| sabbath | hash | 94f3cfffb2697397b9032f449a8db61747083d11 | |
| sabbath | hash | fab0c4e0992afe35c5e99bf9286db94313ffedc77d138e96af940423b2ca1cf2 |
Showing 1–50 of 48,623
Page 1 of 973