#malware

Malware-hosting infrastructure (URLs, domains, IPs serving payloads) extracted from public security researchers

Subscribe (RSS)


#malware

Malware-hosting URLs, domains and IPs

Subscribe (RSS)

IOCs by window

Today

1

IOCs tagged #malware

Week

51

IOCs tagged #malware

Month

307

IOCs tagged #malware

Year

3,782

IOCs tagged #malware

Counts as of 2026-06-09. Regenerated daily.

About #malware

  • Definition: umbrella tag for any IOC associated with a malware payload, regardless of family. URLs serving binaries, IPs hosting C2, hashes of binaries, and domains used for distribution all qualify. For family-specific filtering see the dedicated tags below.
  • Common families in the corpus: Cobalt Strike, Remcos, AsyncRAT, NetSupport RAT, Lumma stealer, NjRAT, Sliver, Mythic, Havoc, Deimos. Each has its own per-tag landing page.
  • Detection: YARA rules on hashes, sandboxing on samples, network-IDS rules for known C2 patterns, and feed-driven blocklists for URLs / domains / IPs. The TweetFeed CSV / JSON feeds are designed for this last use case.
  • References: MITRE ATT&CK Software · Malpedia · malicious-urls feed.

Recent IOCs tagged #malware

Latest 10 IOCs from the past 30 days. Live JSON: api.tweetfeed.live/v1/month/malware.

Date Type Value Source
Jun 09, 00:20 sha256 02b9ae826e3732a9f93e58ad79d9e5e48a3dd05b879e6769f664c6f5fa61... @masaomi346
Jun 08, 18:00 md5 3a685e809edd49870a16313ec9b6478a @phatomcandle
Jun 08, 18:00 sha256 9fee0a50e6dbd19fb478225eaa0935fc2737c7d6b857ad325b1fc4d0b598... @phatomcandle
Jun 08, 14:00 domain pixeldrain.com @askardyuss
Jun 08, 14:00 url https://pixeldrain.com/api/file/LzanPeGx @askardyuss
Jun 08, 14:00 url https://pixeldrain.com/api/file/D9PJKAPs @askardyuss
Jun 08, 14:00 url https://pixeldrain.com/api/file/CzqF2m3e @askardyuss
Jun 08, 14:00 md5 626ba90b1843c3034d89c0431753ff29 @askardyuss
Jun 08, 14:00 md5 13d2e96b1a93293cde26dbeeed1429f1 @askardyuss
Jun 08, 14:00 md5 2b24feea0e39cc2f4a6ae1435089e149 @askardyuss

Related tags

Tags that frequently co-occur with #malware.

See all tags on the Dashboard or browse the full IOC feed.

Frequently asked questions

What is the difference between #malware and per-family tags like #CobaltStrike?

The #malware tag is broad and matches any IOC researchers flag as malware-related, regardless of family. Per-family tags like #CobaltStrike, #Remcos or #AsyncRAT are subsets that identify the specific malware. An IOC can carry both tags if researchers attribute it to a specific family, but many entries are tagged only with #malware when the family attribution is uncertain.

Which IOC types are most common in the malware feed?

URLs and IPs dominate (payload-hosting servers, C2 endpoints), with domains close behind. Hashes (MD5 and SHA-256) appear when researchers share specific binary samples. For pure-hash filtering, see the dedicated /malicious-hashes-md5.html and /malicious-hashes-sha256.html landing pages.

How is this list updated?

Every 15 minutes. The TweetFeed pipeline scrapes RSS feeds from public Twitter/X security researcher accounts and lists, extracts IOCs, tags them with the relevant malware family or threat actor, and republishes the result in CSV, JSON and RSS. Malware-tagged IOCs are surfaced on this page within the next 15-minute tick. The page itself is regenerated daily by a GitHub Action.

What is the license? Can I use this commercially?

All TweetFeed IOC data, including this Malware subset, is released under CC0 1.0 Universal (Public Domain Dedication). No attribution required, no warranty. Commercial use is allowed. The TweetFeed website code and branding are not covered by CC0.

License

Malware IOC data: CC0 1.0 Public Domain. No attribution required, no warranty. Source code for the pipeline: github.com/0xDanielLopez/TweetFeed (MIT).