Overview
This section contains Indicators of Compromise (IOCs) in JSON/CSV format.
Feeds are designed for ingestion into SIEM/EDR environments.
Available IOC Feeds
Arsenal-237: Original Analysis (16 samples)
- Arsenal-237: agent.exe (PoetRAT)
- Arsenal-237: agent_xworm.exe (XWorm RAT v6)
- Arsenal-237: agent_xworm_v2.exe (XWorm RAT v2.4.0)
- Arsenal-237: FleetAgentAdvanced.exe
- Arsenal-237: FleetAgentFUD.exe
- Arsenal-237: uac_test.exe
- Arsenal-237: enc/dec Ransomware Family
Arsenal-237: New Files - Advanced Toolkit (11 samples)
- Arsenal-237 New Files: killer.dll (BYOVD Process Termination)
- Arsenal-237 New Files: killer_crowdstrike.dll (CrowdStrike-Specific Termination)
- Arsenal-237 New Files: lpe.exe (Privilege Escalation)
- Arsenal-237 New Files: BdApiUtil64.sys (Vulnerable Baidu Driver)
- Arsenal-237 New Files: rootkit.dll (Kernel-Mode Rootkit)
- Arsenal-237 New Files: nethost.dll (DLL Hijacking Persistence)
- Arsenal-237 New Files: chromelevator.exe (Browser Credential Theft)
- Arsenal-237 New Files: enc_c2.exe (Rust Ransomware with Tor C2)
- Arsenal-237 New Files: new_enc.exe (Human-Operated Rust Ransomware)
- Arsenal-237 New Files: dec_fixed.exe (Ransomware Decryptor)
- Arsenal-237 New Files: full_test_enc.exe (Advanced Rust Ransomware)
Other Threat Intelligence Reports
- Webserver Compromise Kit 91.236.230. 250
- Remcos RAT OpenDirectory Campaign (203[.]159[.]90[.]147)
- NsMiner Cryptojacker
- Dual-RAT Analysis: Pulsar RAT vs. NjRAT/XWorm
- PULSAR RAT (server.exe)
- Hybrid Loader/Stealer Ecosystem Masquerading as Sogou
- Houselet.exe - The Go-Based Loader Masquerading as PlayStation Remote Play
- AdvancedRouterScanner
- From Webshells to The Cloud
- QuasarRAT + Xworm + PowerShell Loader
Usage
- Import feeds directly into SIEM/EDR workflows.
- Use feeds for enrichment in CTI platforms.
- Adapt feeds for custom detection pipelines.
License
IOC feeds are licensed under Creative Commons Attribution-NonCommercial 4.0 International (CC BY-NC 4.0).
Free to use in your environment, but not for commercial purposes.