Forensics and Cyber Threat Research Area

Threat Intelligence | Insider Threat Detection | User Behavior Analytics | Cyber Threat Management | Data Security Intelligence | Cloud Security Intelligence Application Security Intelligence | Anomaly & Pattern Detection |  Security Information Event Management | Digital Forensics | Data Recovery | Malware Investigation | Packet Analytics | Packet Forensics | security operations and analytics platform architecture (SOAPA)

Weekly Threat Advisory The Most Active Cyber Adversaries Sep 29 – Oct 05

Home » Blog » Weekly Threat Advisory: The Most Active Cyber Adversaries Sep 29 – Oct 05, 2025

 Posted in Threat Intelligence

Weekly Threat Advisory: The Most Active Cyber Adversaries Sep 29 – Oct 05, 2025

   8th October 2025  Leave a Comment on Weekly Threat Advisory: The Most Active Cyber Adversaries Sep 29 – Oct 05, 2025 0 134

Weekly Threat Advisory: The Most Active Cyber Adversaries Sep 29 – Oct 05, 2025

⚠Weekly Threat Advisory – Critical Trends Shaping the Cybersecurity Landscape
Top Threat Actors: Nation-state groups and cybercriminal syndicates are intensifying attacks on critical infrastructure and financial sectors.

Malware Evolution: Stealthy loaders and polymorphic malware variants are bypassing traditional defenses with alarming success.

Ransomware Surge: Double extortion tactics and RaaS (Ransomware-as-a-Service) models continue to dominate global breach reports.

C2 Infrastructure: Threat actors are leveraging decentralized and fast-flux networks to evade detection and prolong campaign lifespans.

Active Campaigns: Spear-phishing and supply chain compromises remain the preferred vectors for initial access across industries.

NAME_OF_ADVERSARYADVERSARY_TYPENUMBER_OF_IOCIOC_TYPE_COUNT_SUMMARY
UAT-8099Threat Actor69IP–>4 | DOMAIN–>32 | HASH–>32 | URL–>1
Lunar Spider groupThreat Actor68IP–>18 | DOMAIN–>17 | HASH–>30 | URL–>3
Cavalry WerewolfThreat Actor40IP–>11 | HASH–>29
COLDRIVERThreat Actor20DOMAIN–>4 | HASH–>3 | URL–>13
Nimbus ManticoreThreat Actor8HASH–>8
Phantom-taurusThreat Actor4HASH–>4
SideCopyThreat Actor115IP–>6 | DOMAIN–>7 | HASH–>47 | URL–>55
Silent LynxThreat Actor13HASH–>8 | URL–>5
Gunra-ransomwareRansomware21IP–>1 | DOMAIN–>6 | HASH–>8 | URL–>3 | EMAIL–>2 | OTHERS–>1
RA Lord RansomwareRansomware17IP–>1 | DOMAIN–>13 | HASH–>1 | OTHERS–>2
RapidRansomware46IP–>43 | HASH–>3
SVG PhishingPhishing Campaign21IP–>1 | DOMAIN–>7 | HASH–>13
Lumma StealerMalware_campaign10DOMAIN–>7 | HASH–>3
faster_log and async_printlnMalware_campaign3URL–>3
BurpsuiteMalware111IP–>111
CastleRATMalware14HASH–>14
DatzbroMalware7HASH–>4 | OTHERS–>3
HeartCryptMalware8HASH–>5 | URL–>3
Olymp LoaderMalware23HASH–>19 | URL–>4
PhantomCardMalware30IP–>3 | HASH–>26 | URL–>1
PureHVNC RATMalware15IP–>1 | DOMAIN–>5 | HASH–>8 | URL–>1
SORVEPOTELMalware23DOMAIN–>14 | HASH–>8 | URL–>1
Strela StealerMalware9IP–>1 | DOMAIN–>8
PostmarkMalware2DOMAIN–>1 | EMAIL–>1
Mythic C2C2115IP–>115
NetBusC216IP–>16
NimPlantC25IP–>5
Pantegana C2C22IP–>2
RedGuardC219IP–>19
Remcos RATC23IP–>3
Viper C2C2254IP–>254
XMRig Monero CryptominerC238IP–>38
Gh0st RATC29IP–>9
Orcus RATC21IP–>1
Oyster C2C25IP–>5
Poseidon C2C21IP–>1
Quasar RATC214IP–>14
SpiceRATC24IP–>4
Unam Web PanelC219IP–>19
Cobaltstrike C2 IPC2883IP–>883
Metasploit C2 IPC253IP–>53
7777 BotnetC23IP–>3
Ares RATC21IP–>1
AsyncRatC221IP–>21
XiebroC2C24IP–>1 | HASH–>2 | URL–>1
Brute Ratel C4C24IP–>4
CalderaC25IP–>5
Cobalt StrikeC2451IP–>451
DarkComet TrojanC216IP–>16
DcRATC27IP–>7
GoPhishC2224IP–>224
Hak5 Cloud C2C2133IP–>133
Havoc C2C254IP–>54
Metasploit FrameworkC2505IP–>505
NanoCore RATC29IP–>9
njRATC22IP–>2
Mozi BotnetC215IP–>15
PANDA C2C2151IP–>151
Sectop RATC237IP–>37
ShadowPadC217IP–>17
Sliver C2C2423IP–>423
Supershell C2C294IP–>94
Villain C2C28IP–>8
XtremeRATC211IP–>11
HookbotC210IP–>10

Enclosed are the high-risk Indicators of Compromise (IOCs), each accompanied by a confidence score derived through advanced machine learning analysis.

IOCConfidence_Score
106[.]52[.]208[.]143132
115[.]159[.]92[.]22132
43[.]246[.]208[.]241132
114[.]55[.]250[.]233132
47[.]239[.]188[.]48132
196[.]196[.]19[.]54132
43[.]134[.]9[.]57132
221[.]132[.]29[.]137132
192[.]144[.]232[.]209132
39[.]107[.]85[.]83132
166[.]108[.]200[.]194132
181[.]174[.]164[.]116132
8[.]216[.]84[.]159132
Prvqhm[.]shop160
Annwt[.]xyz160
Ungryo[.]shop160
f6ac2ac7cb521c38a334e0696db86a370f8be52ae563080c27982197719b74cf170
4f3edcc4df7bc6b5b96d2a681602f35e1e1b8bbb103e21752ad94ddda28a1dc1170
d567a41f802a7b7c498c78aadd4dde07662cb97527a751ed698026aa9c2ef6d7170
5a741df3e4a61b8632f62109a65afc0f297f4ed03cd7e208ffd2ea5e2badf318170
642c2f73fff0e453c9e6ae4de976a7821c512cb6dc5ed0c4aaf5e4dbf2596edb170
7e0d097412ca8c3acdbaaa7c1f79c42cda3a4e50b52c0a8b34d6c75cc764ce42170
66aac2857eee73b1f5f715214bb50a03c0dc052d4bb3e64d6b0b492f2c85f374170
a97ff41736299857a3cae7c1917456eef5e0fcc703d0a1e475d0b9cfe42452c7170
7a682be245a2e51f473ee1c60d537e57423ab2c3d9ae990445cdb6e43aeb5c76170
ce6a7af556090b3ff762e27058be2327e6c5188d6ed54703d794089f577fd20c170
b0b24ff78ab1c4322764bcb332254069504b168cb8aaca469bdf1d37f313d4d3170
c2054617b8dcb619749c0402dc31eeb473386b3829f17176bc27b1447a8b6d92170
60125159523c356d711ffa1076211359906e6283e25f75f4cf0f9dc8da6bf7b0170
1ff6ee23b4cd9ac90ee569067b9e649c76dafac234761706724ae0c1943e4a75170
d51f81ee026df39447143b67eaf16326c30e0c9477c0d50507f1fbfffe53abd6170
e6bcdf375649a7cbf092fcab65a24d832d8725d833e422e28dfa634498b00928170
f2ff4cbcd6d015af20e4e858b0f216c077ec6d146d3b2e0cbe68b56b3db7a0be170
3dd877835c04fde3f2d14ce96f23a1c00002fefa9d731e8c4ce3b656aac90063170
5e730e5f05acf7653291f3a06924553da36b16c6205f850a9388edfedad264ed170
2a54b80e464c2000ae4c6c0e5bb6fbd205fb850d77ebbcb533c5a6c753606a37170
9807c45356e82e876a02fc0157d0a4253c6967e34ce38ea62f9702b98893b990170
48e435559476771b06ddfbe0a7fb00e34472cf736a81c9e42aac0a7f04804105170
189705223aa714897ffa8c61ac1d2dd37b5428502c45dcdd94b69e13e6a53d97170
258f044046b11803f85bf8d8095897bcd2775fb6152877a2f5054f625d019386170
ae42632969be3247a465361395b04fec80b14622b94d3269fa02c6e062335a79170
337bbb68d29a7d7763f02b4e7b753ab1de142d8dac0d47ff00a5bc41a2ad3245170
a78ab0c38fc97406727e48f0eb5a803b1edb9da4a39e613f013b3c5b4736262f170
5cecb80222d418b9adb93b5000aca54db28cd276d1d4d6f4f3bfa0e0167c5f5e170
5769ae3cc93943dda4d1743f2febf6cec1282a0a6289da68cb55bb4724ec9332170
7fca16e7aa358c9d57054564c51a86031ebdcbedfa24ae42c26a8de3fdf24d44170
21c66fe505f2bcd7b29d413189920b3a85df48da0ecf4eb6962d6a504a7fdcd8170
0fb7385e5880da21398918d0f85cf2515ec097e6be271d430f038ada1763fa9a170
1e760aa3505fd6539f4938da919fb2b6dc7aee014a83632d1ecb5425b01e55fc170
cb10953f39723427d697d06550fae2a330d7fff8fc42e034821e4a4c55f5a667170
daa45607401f00113a47565cb36ead5f6232a1c79d52641c4189c74c828fef4d170
2d4d60254c4eb979eda144832020170338b0c18159bc597e5699709b7209e188170
30c8a8f570485b451e685acfb8d89df6bf7f01912f5d6a4c4ee7f48b7b7880f9170
61a6aa241c354cc5b696146b5a2f08794c0b8865f3073675e22e0fa0f8fe5918170
446c7b9ff49c7c0b8ae02b720054e4f09ef60475c92a5d7f2e2b2bdb4ca5de23170
sorvetenopote[.]com170
expansiveuser[.]com170
217[.]154[.]212[.]25176
43[.]156[.]59[.]110176
2bw7r32r5eshwk2h7uekj3lwzorxds2jyhyzqyilphid3r27x5hsf4yd[.]onion180
apdk7hpbbquomgoxbhutegxco6btrz2ara3x2weqnx65tt45ba3sclyd[.]onion180
gunrabxbig445sjqa535uaymzerj6fp4nwc6ngc2xughf2pedjdhk4ad[.]onion180
104[.]238[.]205[.]105180
144[.]172[.]95[.]78180
193[.]239[.]236[.]149180
193[.]163[.]194[.]7180
77[.]247[.]126[.]239180
16a79e36d9b371d1557310cb28d412207827db2759d795f4d8e27d5f5afaf63f194
62ab5a28801d2d7d607e591b7b2a1e9ae0bfc83f9ceda8a998e5e397b58623a0194
87138f63974a8ccbbf5840c31165f1a4bf92a954bacccfbf1e7e5525d750aa48194
southprovesolutions[.]com194
captchanom[.]top194
blintepeeste[.]org194
preentootmist[.]org194
0e4ff052250ade1edaab87de194e87a9afeff903695799bcbc3571918b131100194
b405ae67c4ad4704c2ae33b2cf60f5b0ccdaff65c2ec44f5913664805d446c9b194
bx[.]ggseocdn[.]com194
meindi11[.]com194
greqjfu[.]xyz240
df01a50867227fae6fa652d4cbc99a39f695ee5932574ea5c8e669f4882b56a3255
ralordt7gywtkkkkq2suldao6mpibsb7cpjvdfezpzwgltyj2laiuuid[.]onion270
ralordqe33mpufkpsr6zkdatktlu3t2uei4ught3sitxgtzfmqmbsuyd[.]onion270
ralord3htj7v2dkavss2hjzviviwgsf4anfdnihn5qcjl6eb5if3cuqd[.]onion270
be15f62d14d1cbe2aecce8396f4c6289270
9a7c0adedc4c68760e49274700218507270

Happy Threat Hunting

#threathunting #threatintelligence #cybersecurity #threatactor #malware #CVE #campaign #ransomware #phishing #threatadvisory #threatfeeds #APTGroups #InfosecIntel #CTI #IOC #CyberThreatIntel #TTPs #CyberThreatReport #OSINT #CyberDefense #weeklythreatbriefing #CyberResilience #RAT #C2 #confidencescore #ML #AI
Author: Rohit Sadgune
Core Working Areas :- Threat Intelligence, Digital Forensics, Incident Response, Fraud Investigation, Web Application Security Technical Certifications :- Computer Hacking Forensics Investigator | Certified Ethical Hacker | Certified Cyber crime investigator | Certified Professional Hacker | Certified Professional Forensics Analyst | Redhat certified Engineer | Cisco Certified Network Associates | Certified Firewall Solutions | Certified Network Monitoring Solution | Certified Proxy Solutions
Website

Leave a Reply

Your email address will not be published. Required fields are marked *

Enter Captcha Here : *

Reload Image

Indicator of Attacks | Indicator of Compromise

Top SIEM Use Cases | Threat Hunting Hypothesis | Deep Packet Inspection | Insider Threat Hunting | Hunting Data Exfiltration | Banking Fraud | ATM Use Cases | Cross Channel Data Exfiltration | Hunting Endpoint Anomaly | Denial-of-service | Man-in-the-middle (MitM) attack | Spear phishing attacks | Drive-by attack | Eavesdropping attack | Birthday attack