RansomHub - Indicators of Compromise
Last updated: 2026-06-14
C2 IP Addresses (36)
108.181.115.254 162.248.225.165 162.248.224.236 193.5.65.169 45.56.162.61 195.123.240.236 45.66.248.82 195.88.191.41 185.72.8.121 185.180.198.3 45.66.248.150 45.82.85.50 38.135.54.24 104.238.60.108 185.72.8.137 185.233.166.124 158.255.213.22 185.72.8.65 162.248.224.223 173.44.141.226 162.252.173.12 193.203.49.90 38.146.28.93 185.33.86.15 92.118.112.208 88.119.175.70 88.119.175.65 38.180.81.153 37.1.212.18 185.174.101.69 185.174.101.240 108.181.182.143 108.181.115.171 104.238.61.144 5.8.63.178 23.227.193.172
Malicious URLs (9)
http://81.161.238.204/test.exe http://87.120.125.34/psdrive1.txt http://87.120.125.34/smbs.txt http://87.120.125.34/lsa1.txt http://87.120.125.34/range.txt http://87.120.125.34/test.exe http://87.120.125.34/1.txt http://87.120.125.34/lsassy1.txt http://87.120.125.34/dpapi1.txt
Data Sources
MalwareBazaar (abuse.ch) • ThreatFox (abuse.ch) • URLhaus (abuse.ch)