Weekly Threat Advisory: The Most Active Cyber Adversaries October 13 – October 19, 2025
⚠ Weekly Threat Advisory — Key Cybersecurity Trends You Should Know
Top Threat Actors:
State-sponsored hackers and organized cybercriminal groups are stepping up attacks, especially on financial institutions and critical infrastructure.
Malware Shifts:
New malware variants are becoming smarter and harder to detect, easily slipping past traditional security tools.
Ransomware Spike:
Ransomware gangs are using double-extortion tactics and RaaS platforms to spread faster and cause bigger business disruptions.
C2 Networks:
Hackers are now hiding behind decentralized and fast-changing command-and-control servers, making it difficult to track and shut them down.
Ongoing Campaigns:
Phishing emails and supply chain breaches remain the most common entry points, reinforcing the need for stronger vigilance and vendor security checks.
| Adversary | Adversary_Type | IP | DOMAIN | HASH | URL | Total_IOCs |
| Italian banking AML | C2 | 2 | 6 | 1 | 0 | 9 |
| Lumma | Malware | 10 | 414 | 0 | 0 | 424 |
| PhantomVAI | Malware | 0 | 0 | 67 | 0 | 67 |
| GhostBat | Malware | 0 | 0 | 20 | 41 | 61 |
| Astaroth | Malware | 1 | 11 | 9 | 13 | 34 |
| CLAYRAT | Malware | 0 | 4 | 0 | 0 | 4 |
| EvilAI | Malware | 0 | 0 | 3 | 0 | 3 |
| PolarEdge | Malware | 0 | 0 | 1 | 0 | 1 |
| ProSpy and ToSpy | Malware_campaign | 12 | 12 | 36 | 0 | 60 |
| Multi-Stage Android Malware | Malware_campaign | 9 | 17 | 2 | 14 | 42 |
| DPRK_Contagious_Interview_Campaign | Malware_campaign | 7 | 0 | 0 | 8 | 15 |
| Operation Zero Disco | Malware_campaign | 0 | 0 | 9 | 0 | 9 |
| Trojanized_Ivanti_Pulse_Secure | Malware_campaign | 1 | 4 | 2 | 2 | 9 |
| Operation Silk Lure | Malware_campaign | 2 | 0 | 5 | 0 | 7 |
| CLEARFAKE | Malware_campaign | 0 | 4 | 0 | 0 | 4 |
| C2-SOCK | Phishing Campaign | 4 | 38 | 0 | 57 | 99 |
| Email_Campaigns | Phishing Campaign | 1 | 2 | 0 | 10 | 16 |
| MAC_Spoofer_Malicious_Chrome_Extension | Phishing Campaign | 0 | 0 | 6 | 1 | 7 |
| AsyncRAT | Phishing Campaign | 0 | 0 | 6 | 0 | 6 |
| Beamglea | Phishing Campaign | 0 | 2 | 0 | 1 | 3 |
| Akira | Ransomware | 5 | 0 | 0 | 2 | 7 |
| Cavalry_Werewolf | Threat Actor | 11 | 0 | 29 | 0 | 40 |
| BeaverTail and OtterCookie | Threat Actor | 0 | 0 | 13 | 19 | 32 |
| Jewelbug | Threat Actor | 1 | 2 | 25 | 0 | 28 |
| TA585 | Threat Actor | 11 | 0 | 12 | 0 | 23 |
| UNC5342 | Threat Actor | 0 | 0 | 7 | 0 | 7 |
| APT41 | Threat Actor | 5 | 0 | 0 | 0 | 5 |
| Flax_Typhoon | Threat Actor | 1 | 0 | 4 | 0 | 5 |
Weekly High-Risk Indicators of Compromise (IOCs) with ML-Derived Confidence Scores
| ioc_value | Confidence Score |
| yrokistorii.ru | 85 |
| orienderi.com | 85 |
| physicianusepeptides.com | 85 |
| precisionbiomeds.com | 85 |
| utvp1.net | 85 |
| vishneviyjazz.ru | 85 |
| xurekodip.com | 85 |
| wdxocrh.cn | 33 |
| 144.172.106.140 | 48.5556 |
| apothfya.qpon | 85 |
| 172.86.89.51 | 85 |
| brunsmmv.qpon | 85 |
| http://tinyurl.com/jjmcw | 85 |
| fruiunp.qpon | 85 |
| https://shorturl.at/YDFSq | 85 |
| lutraqdb.qpon | 85 |
| mastwin.in | 85 |
| mensfjb.qpon | 85 |
| pattemqr.qpon | 85 |
| upwanpdx.qpon | 85 |
| woodvuqb.qpon | 85 |
| pictuqyr.qpon | 85 |
| 196.251.92.42 | 42.4286 |
| 7da82e14fb483a680a623b0ef69bcfbd9aaaedf3ec26f4c34922d6923159f52f | 97 |
| 8404f8294b14d61ff712b60e92b7310e50816c24b38a00fcc3da1371a3367103 | 97 |
| 8e6d7c44ab66f37bf24351323dc5e8d913173425b14750a50a2cbea6d9e439ba | 97 |
| 8e7fb9f6acfb9b08fb424ff5772c46011a92d80191e7736010380443a46e695c | 97 |
| 91.219.148.93 | 97 |
| 94.198.52.200 | 97 |
| 96.9.125.168 | 97 |
| a3ec2992e6416a3af54b3aca3417cf4a109866a07df7b5ec0ace7bd1bf73f3c6 | 97 |
| a8ada7532ace3d72e98d1e3c3e02d1bd1538a4c5e78ce64b2fe1562047ba4e52 | 97 |
| 185.173.37.67 | 97 |
| af3d740c5b09c9a6237d5d54d78b5227cdaf60be89f48284b3386a3aadeb0283 | 97 |
| b13b83b515ce60a61c721afd0aeb7d5027e3671494d6944b34b83a5ab1e2d9f4 | 97 |
| c26b62fa593d6e713f1f2ccd987ef09fe8a3e691c40eb1c3f19dd57f896d9f59 | 97 |
| c3df16cce916f1855476a2d1c4f0946fa62c2021d1016da1dc524f4389a3b6fa | 97 |
| c9ffbe942a0b0182e0cd9178ac4fbf8334cae48607748d978abf47bd35104051 | 97 |
| cc84bfdb6e996b67d8bc812cf08674e8eca6906b53c98df195ed99ac5ec14a06 | 97 |
| cc9e5d8f0b30c0aaeb427b1511004e0e4e89416d8416478144d76aa1777d1554 | 97 |
| dae3c08fa3df76f54b6bae837d5abdc309a24007e9e6132a940721045e65d2bb | 97 |
| e15f1a6d24b833ab05128b4b34495ef1471bd616b9833815e2e98b8d3ae78ff2 | 97 |
| ec80e96e3d15a215d59d1095134e7131114f669ebc406c6ea1a709003d3f6f17 | 97 |
| fa6cdd1873fba54764c52c64eadca49d52e5b79740364ef16e5d86d61538878d | 97 |
| fbf1bae3c576a6fcfa86db7c36a06c2530423d487441ad2c684cfeda5cd19685 | 97 |
| 04769b75d7fb42fbbce39d4c4b0e9f83b60cc330efa477927e68b9bdba279bb8 | 97 |
| 0e7b65930bc73636f2f99b05a3bb0af9aaf17d3790d0107eb06992d25e62f59d | 97 |
| 109.172.85.95 | 97 |
| 148a42ccaa97c2e2352dbb207f07932141d5290d4c3b57f61a780f9168783eda | 97 |
| 185.231.155.111 | 97 |
| 185.244.180.169 | 97 |
| 188.127.225.191 | 97 |
| 188.127.227.226 | 97 |
| 1dfe65e8dc80c59000d92457ff7053c07f272571a8920dbe8fc5c2e7037a6c98 | 97 |
| ab0ad77a341b12cfc719d10e0fc45a6613f41b2b3f6ea963ee6572cf02b41f4d | 97 |
| 22ba8c24f1aefc864490f70f503f709d2d980b9bc18fece4187152a1d9ca5fab | 97 |
| 27a11c59072a6c2f57147724e04c7d6884b52921da2629fb0807e0bb93901cbc | 97 |
| 3cd7f621052919e937d9a2fdd4827fc7f82c0319379c46d4f9b9dd5861369ffc | 97 |
| 4f17a7f8d2cec5c2206c3cba92967b4b499f0d223748d3b34f9ec4981461d288 | 97 |
| 62.113.114.209 | 97 |
| 6b290953441b1c53f63f98863aae75bd8ea32996ab07976e498bad111d535252 | 97 |
| 7084f06f2d8613dfe418b242c43060ae578e7166ce5aeed2904a8327cd98dbdf | 97 |
| 78.128.112.209 | 97 |
| 155.138.150.12 | 91 |
| 107.155.93.154 | 90 |
