back
IOC Feeds
Structured indicator feeds ready for SIEM, EDR, or CTI platform ingestion. 17 feeds · 336 IOCs. Curated from The Hunter's Ledger (CC BY-NC 4.0).
17 feeds
| Severity | Feed | Tags | IOCs | Actions |
|---|---|---|---|---|
| medium | Flask C2 & MSSQL CLR Backdoor· 2026-06-15 | Post-ExPriv EscC2 | 12 | |
| high | CVE-2026-41940 cPanel Harvester· 2026-05-17 | CVEExploitPhishing | 18 | |
| critical | Multi-Cluster: Rhadamanthys / BellaMain / Inkognito· 2026-05-15 | MaaSStealerOpen Dir | 34 | |
| high | HijackLoader → AsyncRAT Campaign· 2026-05-06 | LoaderRATMaaS | 22 | |
| high | AdaptixC2 Open Directory· 2026-04-30 | C2ToolkitOpen Dir | 15 | |
| critical | Remcos RAT Campaign· 2026-02-20 | RATCred TheftPersistence | 28 | |
| critical | Arsenal-237 Advanced Toolkit· 2026-01-15 | RansomwareRustBYOVD | 42 | |
| critical | PULSAR RAT Analysis· 2025-12-10 | RAT.NETCred Theft | 16 | |
| high | ShinyHunters Data Leak Site· 2026-04-17 | ExfilCred Theft | 11 | |
| high | Webshells to The Cloud· 2025-10-22 | WebshellPHPC2 | 19 | |
| medium | Sliver C2 + ScareCrow· 2026-03-10 | C2LoaderGo | 14 | |
| high | Chaos Ransomware Loader· 2026-04-23 | RansomwareLoaderEvasion | 20 | |
| high | Inkognito Russian VPN/Phishing· 2026-05-16 | PhishingVPNCred Theft | 16 | |
| high | BellaMain Turkish PhaaS Panel· 2026-05-16 | PhaaSPhishingOpen Dir | 13 | |
| high | ZeroTrace Multi-Family MaaS· 2026-03-16 | MaaSC2Multi-Family | 25 | |
| high | Shadow RAT & XWorm Campaign· 2026-04-10 | RATMaaSC2 | 17 | |
| high | NsMiner Cryptojacking· 2026-02-15 | CryptominerDropperPersistence | 14 |