Home/Sandworm Team/IOCs
IOCs

Indicators for Sandworm Team

38 indicators · scoped to malware families · back to Sandworm Team
Live IOCs from URLhaus, ThreatFox, MalwareBazaar, and abuse.ch SSLBL for malware families this actor uses. All indicators are defanged for safe handling.

Indicators

38 of 38
url
hxxp://107.173.9.85/70/ecc/enitrethingsgoodformybesthings.hta
family Kobalos source urlhaus first seen 2026-05-30T19:39:41Z
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://167.250.49.155/bin/x64/mimidrv.sys
family mimikatz source urlhaus first seen 2026-05-30T19:39:41Z
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://167.250.49.155/bin/mimikatz.exe
family mimikatz source urlhaus first seen 2026-05-30T19:39:41Z
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://167.250.49.155/bin/Win32/mimilib.dll
family mimikatz source urlhaus first seen 2026-05-30T19:39:41Z
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://167.250.49.155/bin/Win32/mimidrv.sys
family mimikatz source urlhaus first seen 2026-05-30T19:39:41Z
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://167.250.49.155/bin/mimikatz.exe
family mimikatz source urlhaus first seen 2026-05-30T19:39:41Z
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://167.250.49.155/bin/x64/mimilib.dll
family mimikatz source urlhaus first seen 2026-05-30T19:39:41Z
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://167.250.49.155/bin/Win32/mimidrv.sys
family mimikatz source urlhaus first seen 2026-05-30T19:39:41Z
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://167.250.49.155/bin/Win32/mimispool.dll
family mimikatz source urlhaus first seen 2026-05-30T19:39:41Z
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://167.250.49.155/bin/Win32/mimilib.dll
family mimikatz source urlhaus first seen 2026-05-30T19:39:41Z
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://195.16.44.75:8080/DavRelayUp.exe
family mimikatz source urlhaus first seen 2026-02-23 07:12:17 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://github.com/MisterLobster22/mimik/blob/main/mimikatz.exe?raw=true
family mimikatz source urlhaus first seen 2025-04-11 06:24:06 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://92.127.156.174:8880/master.exe
family mimikatz source urlhaus first seen 2024-12-17 07:01:27 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://167.250.49.155/bin/Win32/mimikatz.exe
family mimikatz source urlhaus first seen 2024-12-17 07:01:24 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://codeload.github.com/54N4L/mimikatzWindows/zip/refs/heads/master
family mimikatz source urlhaus first seen 2024-12-06 14:08:25 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://elisans.novayonetim.com/Products/4001/Updates/eFatura/EFatura.exe
family AZORult source urlhaus first seen 2024-10-15 17:13:25 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://down.qqfarmer.com.cn/QQHelper_1540.exe
family AZORult source urlhaus first seen 2024-08-29 14:15:02 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://167.250.49.155/bin/x64/mimispool.dll
family mimikatz source urlhaus first seen 2024-07-19 09:05:06 UTC
VirusTotalurlscanOTXURLhausPulsedive
sslbl_sha1
243a25a11fe06205831a3f6516e21c3f4f33801f
family AZORult source sslbl first seen 2021-08-31 08:30:11
VirusTotalOTX
sslbl_sha1
50ee4fd682beec0b482640b4cd45b170d8d544a3
family AZORult source sslbl first seen 2020-06-08 07:40:19
VirusTotalOTX
sslbl_sha1
32ca92799cde5f058c48a4189562cd8acba9076e
family AZORult source sslbl first seen 2020-05-24 07:17:53
VirusTotalOTX
sslbl_sha1
a82e6d70fd4e25df80ea0c69a6f31bd502ab8904
family AZORult source sslbl first seen 2020-04-18 10:29:18
VirusTotalOTX
sslbl_sha1
7b88365aeb508b4883dafd96306c7095344555a3
family AZORult source sslbl first seen 2020-04-13 12:35:07
VirusTotalOTX
sslbl_sha1
fcf8ef46c24dee5cd4482465e5a2dfbf20267808
family AZORult source sslbl first seen 2020-04-07 08:34:32
VirusTotalOTX
sslbl_sha1
51c05bbcb0baae6481370c47d6c638fde8685925
family AZORult source sslbl first seen 2020-03-05 13:06:30
VirusTotalOTX
sslbl_sha1
6f13e741251c107db3294cc4d1d8e8522c4b810c
family AZORult source sslbl first seen 2020-03-05 06:48:44
VirusTotalOTX
sslbl_sha1
691839fbead70ae9fea3148373dd09ae65514d73
family AZORult source sslbl first seen 2020-03-02 06:32:44
VirusTotalOTX
sslbl_sha1
ae0424d2370382139989ac0f12268ef886caa2ce
family AZORult source sslbl first seen 2020-03-01 14:46:03
VirusTotalOTX
sslbl_sha1
cfbfa6724515b3829cc78435918094c86d608429
family AZORult source sslbl first seen 2020-02-21 10:21:44
VirusTotalOTX
sslbl_sha1
f0a9253de5cb31fadc1c5f2e652905f50227e576
family AZORult source sslbl first seen 2020-02-18 08:30:20
VirusTotalOTX
sslbl_sha1
238d8b89fb1d48577fe72d4bfc6abff83483358b
family AZORult source sslbl first seen 2020-01-24 14:37:04
VirusTotalOTX
sslbl_sha1
e892d00abcaf5281e6d75ae0a33a881c83dc5d3f
family AZORult source sslbl first seen 2019-07-31 12:12:19
VirusTotalOTX
sslbl_sha1
f65838a98e2b13fe1e67648d8ddbf911bae2329b
family AZORult source sslbl first seen 2019-03-21 08:07:15
VirusTotalOTX
sslbl_sha1
4cf359be1c8849b785c33e4fdaf13f48228b8def
family AZORult source sslbl first seen 2019-02-08 07:18:17
VirusTotalOTX
sslbl_sha1
8938a6d496334e1dcf7ce02f8e3dc9e5590690aa
family AZORult source sslbl first seen 2019-01-27 08:26:00
VirusTotalOTX
sslbl_sha1
592bc72a43dedf222c7d4435e02dad0d8a8a2a55
family AZORult source sslbl first seen 2018-09-15 13:35:49
VirusTotalOTX
sslbl_sha1
e404611578427b919cfe99560ccd55f9b0afa4ad
family AZORult source sslbl first seen 2018-09-15 13:35:46
VirusTotalOTX
ip:port
88[.]247[.]35[.]166:1604
family DarkComet source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
Showing 1-38 of 38
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin