IOCs · Scattered Spider · threatengine.sh

IOCs

Indicators for Scattered Spider

664 indicators · scoped to malware families · back to Scattered Spider

Live IOCs from URLhaus, ThreatFox, MalwareBazaar, and abuse.ch SSLBL for malware families this actor uses. All indicators are defanged for safe handling.

⚠

Indicators

100 of 664

url

hxxps://pub-72dca37cb1ce4100a2f8db504cb4502f.r2.dev/ScreenConnect.ClientSetup.msi

family connectwise source urlhaus first seen 2026-03-14 16:22:11 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxp://158.94.208.7/vidar/random.exe

family connectwise source urlhaus first seen 2026-03-12 15:02:08 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://teak.gen.tr/Z/zoom/Windows/download.php

family connectwise source urlhaus first seen 2026-03-10 15:56:16 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://preciosasjoyitas.com.mx/pdf/pdf/ScreenConnect.ClientSetup.msi

family connectwise source urlhaus first seen 2026-03-10 14:24:34 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://pub-cb25e0ca1e5b4d3b8b4dc881580f5473.r2.dev/ScreenConnect.ClientSetup.msi

family connectwise source urlhaus first seen 2026-03-10 14:24:21 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxp://158.94.211.222/files/7093422244/JHvHyiz.msi

family connectwise source urlhaus first seen 2026-03-09 15:13:17 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://ov.uqoo.nl/ukc/Adobe.ClientSetup.msi

family connectwise source urlhaus first seen 2026-03-08 19:08:37 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://ovv.uqoo.nl/la/Adobe.ClientSetup.msi

family connectwise source urlhaus first seen 2026-03-08 19:08:26 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://dmv.uqoo.nl/a/Adobe.ClientSetup.msi

family connectwise source urlhaus first seen 2026-03-08 19:08:23 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxp://158.94.211.222/files/909884829/5YsbmtO.exe

family connectwise source urlhaus first seen 2026-03-07 23:15:11 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

sslbl_sha1

e7ef209ee0d5981b45e41ed8f00948a7caf23451

family ConnectWise source sslbl first seen 2026-03-07 17:37:02

VirusTotal OTX

url

hxxps://us06web.zoom.patho.us/Windows/download.php

family connectwise source urlhaus first seen 2026-03-07 05:07:12 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://post-host.screenconnect.com/Bin/ScreenConnect.ClientSetup.exe

family connectwise source urlhaus first seen 2026-03-06 07:29:15 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://admin.hggg.store/Bin/ScreenConnect.ClientSetup.msi

family connectwise source urlhaus first seen 2026-03-06 07:28:22 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://server.ayeeman.top/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest

family connectwise source urlhaus first seen 2026-03-05 07:10:14 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://pub-c62500800d9244beabd2934a10b4770b.r2.dev/ScreenConnect.ClientSetup.msi

family connectwise source urlhaus first seen 2026-03-04 11:23:10 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://store3.gofile.io/download/direct/fa73b75c-8406-4049-8783-07a8d17d27cc/Mr3!26.msi

family connectwise source urlhaus first seen 2026-03-03 10:16:12 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

sslbl_sha1

8969d7e749e84e20836f195f20091d8cf16d56e9

family ConnectWise source sslbl first seen 2026-03-02 08:52:56

VirusTotal OTX

url

hxxp://130.12.180.43/files/965337998/Dl7OeDq.exe

family connectwise source urlhaus first seen 2026-03-02 05:58:10 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://file-na-phx-1.gofile.io/download/direct/bf66389b-eeb0-4fd6-8353-be8214ffa81f/EM%20

family connectwise source urlhaus first seen 2026-03-01 14:28:18 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxp://192.158.232.90/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest

family connectwise source urlhaus first seen 2026-02-28 10:25:22 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxp://192.158.232.90:8040/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest

family connectwise source urlhaus first seen 2026-02-28 10:25:16 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxp://45.13.237.121:8040/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest

family connectwise source urlhaus first seen 2026-02-27 17:15:24 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

sslbl_sha1

64c946392fdcbfbf1daa53c41231c30dafbddc1d

family ConnectWise source sslbl first seen 2026-02-27 16:50:53

VirusTotal OTX

sslbl_sha1

08cd4be2f1f1a98c109e2f2de8837aefe9737e9f

family ConnectWise source sslbl first seen 2026-02-27 16:32:30

VirusTotal OTX

url

hxxps://peebsjellywoodencrafts.screenconnect.com/Bin/ScreenConnect.ClientSetup.exe

family connectwise source urlhaus first seen 2026-02-27 16:23:22 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://195.177.94.55/bin/support.client.exe

family connectwise source urlhaus first seen 2026-02-26 19:01:08 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://connectfilesview.click/Bin/ScreenConnect.ClientSetup.msi

family connectwise source urlhaus first seen 2026-02-26 13:25:20 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

sslbl_sha1

f7891d2133cc57f48db8d7a50197e00d3170625f

family ConnectWise source sslbl first seen 2026-02-26 08:17:49

VirusTotal OTX

sslbl_sha1

dfd7a01bf7d72cfa649be0966395cb80ad5af1d3

family ConnectWise source sslbl first seen 2026-02-26 07:17:50

VirusTotal OTX

sslbl_sha1

d27028c2d644feb13306f10b038044b8bbe67316

family ConnectWise source sslbl first seen 2026-02-26 07:16:17

VirusTotal OTX

sslbl_sha1

738d34b81c07ca39a9ef8b625e4389c92383269e

family ConnectWise source sslbl first seen 2026-02-26 07:05:23

VirusTotal OTX

sslbl_sha1

ca915b09e8719ea373c7f22edd7f8b4f129bcb9a

family ConnectWise source sslbl first seen 2026-02-26 07:03:07

VirusTotal OTX

sslbl_sha1

6871794281f9fa9c671ba5e81586b806a3f066fb

family ConnectWise source sslbl first seen 2026-02-26 07:01:55

VirusTotal OTX

sslbl_sha1

a169218f4eaa9015a64956712ef4dbd79f68642b

family ConnectWise source sslbl first seen 2026-02-26 07:00:16

VirusTotal OTX

sslbl_sha1

0e78a92d8daa0426dd4ee0ff0f90df0ef04810fa

family ConnectWise source sslbl first seen 2026-02-26 06:59:54

VirusTotal OTX

sslbl_sha1

61a63d8a9e0cec3894a429573b60f5b5a17bc37e

family ConnectWise source sslbl first seen 2026-02-26 06:58:33

VirusTotal OTX

sslbl_sha1

0f3125593133ec1a2989917630c59cf7493d55d9

family ConnectWise source sslbl first seen 2026-02-26 06:57:57

VirusTotal OTX

sslbl_sha1

0ea2075847daae6335169dba5780f6689bb0f419

family ConnectWise source sslbl first seen 2026-02-26 06:56:35

VirusTotal OTX

url

hxxps://195.177.94.72/bin/support.client.exe

family connectwise source urlhaus first seen 2026-02-24 18:29:06 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://195.177.94.99/bin/support.client.exe

family connectwise source urlhaus first seen 2026-02-24 18:29:06 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://195.177.94.72/bin/ScreenConnect.ClientSetup.msi

family connectwise source urlhaus first seen 2026-02-24 18:28:23 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://94.154.32.89/bin/ScreenConnect.ClientSetup.msi

family connectwise source urlhaus first seen 2026-02-24 18:28:20 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://195.177.94.163/bin/ScreenConnect.ClientSetup.msi