################################################################
# ThreatFox IOCs: recent SHA256 hashes - CSV format            #
# Last updated: 2026-01-22 21:53:58 UTC                        #
#                                                              #
# Terms Of Use: https://threatfox.abuse.ch/faq/#tos            #
# For questions please contact threatfox [at] abuse.ch         #
################################################################
#
# "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","is_compromised","reference","tags","anonymous","reporter"
"2026-01-22 21:53:58", "1735888", "0aa70a7c57774e6db280a45b4d4b27cb109e6b9d01191e4742644bbeffcc8e14", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:57", "1735885", "57b20a754a8bc0d551bbcf7d94e4767f0bb29c1e3996301d2a92cd9f309d7bfc", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:56", "1735882", "26d6053c28e6d07e8be6f160fab2334b8339f23cafe1b35e524e1add0acee6b4", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:55", "1735879", "5820d023c0c382b11e17661f8e293792ffb86aa2f54da2cb120e93652c0e4639", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:55", "1735876", "7f93c05e8f0a7c6c4e6ee7f82da40e66e9aa2191ad87da82da2b0c478a6dac97", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:54", "1735873", "31b81ea20ff83ca54ec0d7091722edf40cb2066170e1e7208b0cdb30a4a11d3c", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:53", "1735870", "6fbd0154cf0a5604efe36e6c9007890f01fe6fae45593d132f3a0f79b2f0629d", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:52", "1735867", "172acccc72c8f76ceb8cd40715399a6f5d318be3002c163e58e9843e891bbe7a", "sha256_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:51", "1735864", "9db343a12b7b22ba7feca33019a437067f96e03a2695f574a97f446f7dc2883b", "sha256_hash", "payload", "win.pony", "Siplog,Fareit", "Pony", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:50", "1735861", "18ee62de034b56b4677552f8fbcda0ba114c25c40f161b1cfa4190697c3e2293", "sha256_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:49", "1735858", "91abbc169238db3e8f6f642b65db21d8bab01ca97152f02047305367adab7e8f", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:48", "1735855", "e31d446c7b1f28b034ba1cdf43522c598ab670f8a706a048b4be68bdb2492487", "sha256_hash", "payload", "win.quantloader", "None", "QuantLoader", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:47", "1735852", "fbc833ef1bf410be08f2417f2d43861dad03dfa5fbd71725bb5b6182c2a5d84c", "sha256_hash", "payload", "win.socks5_systemz", "None", "Socks5 Systemz", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:46", "1735849", "0cf835c68e0c403c42b3670e057f0852417b603a03ba328735d3371ccd33b97d", "sha256_hash", "payload", "win.masad_stealer", "None", "Masad Stealer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:45", "1735846", "f0028efaa06d984d290f6b6f5bda3efc6be6ac3a86d1a171b61bc6d9ec53ebda", "sha256_hash", "payload", "win.hijackloader", "DOILoader,GHOSTPULSE,IDAT Loader,SHADOWLADDER", "HijackLoader", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:45", "1735843", "fbc4b5fe44d01965b49265049ba90407f1dceb5c2a7339ab01be1f8339dbe0bb", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:44", "1735840", "fab4ca3ede799d517a068e70df2118b6a62a54710ecc7ab0c90ea4c039604ef1", "sha256_hash", "payload", "win.redenergy_stealer", "None", "RedEnergy Stealer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:43", "1735837", "a5f0289825409d89743cc64f0b4a67ffa8f5166a5576ed44724e96a54c9e4465", "sha256_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:42", "1735834", "2986b0bd4774daf7ffbfa4f6fd239a3842e98c5774ea14ebf4726a4f8fca2a30", "sha256_hash", "payload", "win.expiro", "Xpiro", "Expiro", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:41", "1735831", "6e9be805bfd18c93b604e731b0c2b366e246368947b71c695e5b19d0a78913c3", "sha256_hash", "payload", "win.attor", "None", "Attor", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:40", "1735828", "16c822c938c5cb6be806a6c6cfc9567d0dd6a16c1de166e2b95c3189a874d7b3", "sha256_hash", "payload", "win.peddlecheap", "None", "PeddleCheap", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:39", "1735825", "799fda3ecc1dd25a3100b87ab8b41678a32ac761ecf75f59167eb77f91e0a3a1", "sha256_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:38", "1735819", "b79268daae3fcb3b75bdb26c6dd2d2224626369a32469b22c5f36b8bd0fe9f04", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:38", "1735822", "6a0f4ea2f4ba62e63cc8abac633ccefc97068eb2639eb9cfae6b26cfde7be1bf", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:37", "1735816", "ea8c94c322bfcb950b6ed1e672819b930feff110eb33ff0bb8d00a8977757e3e", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:36", "1735813", "9b7023ed9d783bf33aa0178b91f82c2e6e7d69cd5db878845171fde65481bb4b", "sha256_hash", "payload", "win.darkvision_rat", "None", "DarkVision RAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:35", "1735810", "1806a422212cd1992fa72df78873755c35675b332599f9a7dfd0103711c2d062", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:34", "1735807", "be4f76750d5b734d49678c2df15bd8268259475ced28808ba16c32270a863dc2", "sha256_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:33", "1735804", "eda7a5216e8eba7d8648d7160bf64a09f142cdb24163649693d0347f74a65757", "sha256_hash", "payload", "win.darkvision_rat", "None", "DarkVision RAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:32", "1735801", "de6caea35f51991b3ac5a7e5ef82e81f05323e2ca02ed16a861701efaf96a1c6", "sha256_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:31", "1735798", "c5180f2a0b432dc5fd66aed6d4a8d21062fc6db1419adfba5ac907752ef5133f", "sha256_hash", "payload", "win.quantloader", "None", "QuantLoader", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:30", "1735795", "c18b18b0f0a2927896b858bbaf4fd3781287f4bb493b961dc4dc5b51985e19a5", "sha256_hash", "payload", "win.quantloader", "None", "QuantLoader", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:29", "1735792", "43e0b148810e477e6a4a41040b8425a060f3c197c65c772eb830a77adeef3a69", "sha256_hash", "payload", "win.bolek", "KBOT", "Bolek", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:28", "1735789", "01d43a963b470c78d91382de1f0b6d76c278f9e70a4e0057b636217fd7f3de87", "sha256_hash", "payload", "win.bolek", "KBOT", "Bolek", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:27", "1735786", "080fbc741ab518a53f82dd002c77ed68cdc2bad0377afef8ee1435e2a2803b6c", "sha256_hash", "payload", "win.bolek", "KBOT", "Bolek", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:26", "1735783", "3b74f2bc2c5f52c9c6d9a4ccec72a5dc9ff7a1676c17483c1b734d91ff06a2f5", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:25", "1735780", "f25b1cd9c5238d2ff6bc478690171d156276685d9bc1f53ca260b9e07d589c20", "sha256_hash", "payload", "win.arkei_stealer", "ArkeiStealer", "Arkei Stealer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:24", "1735777", "5d9d38fc6078247e95656f42369af5ffde457b4bab83679e860776ca26378576", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:24", "1735774", "71090a6478f4eb6ac24f138a6401c848245ee9388fdf33abdf0ef29377200b66", "sha256_hash", "payload", "win.swaet_rat", "None", "SwaetRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:23", "1735771", "df1725526b23e3ddb09667fe5d9a519d704f536e5a7b701029f58b00097dcab2", "sha256_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:22", "1735768", "1fb81b5e9302ca9950e4d36a87a1cc777f347f23a3c268a3b27ec5f854273b6d", "sha256_hash", "payload", "win.poscardstealer", "None", "poscardstealer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:21", "1735765", "fc6fb83b3816de43439cff9fa9aeb7aa9091c6407e80ff9d6e50bffc900ef6bc", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:20", "1735762", "9342a1d80f5482e905cf7448c904cdf21305432bf86893f7e1ccf297baf13c9c", "sha256_hash", "payload", "win.masad_stealer", "None", "Masad Stealer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:19", "1735759", "0eb819388cdb11fd868c5941e41d8bb61923c10aa8114ec797e7c37c6c458ec5", "sha256_hash", "payload", "win.poscardstealer", "None", "poscardstealer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:18", "1735756", "c91a51dc0199e2a010e0cc2d26e8477485f2ec8b79cb45fb3e9a5f47519b6b1e", "sha256_hash", "payload", "win.deltastealer", "None", "DeltaStealer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:17", "1735753", "317953bd939a2f705495f952b95aa1ba4ee3cd59d19ad53460c3c8b1dec3a0bc", "sha256_hash", "payload", "win.masad_stealer", "None", "Masad Stealer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:17", "1735750", "158764b66a1c4159156649f8d04aa389fb31b06ad7826e5392422711c132cfd2", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-22 21:53:15", "1735747", "b93909338a17e640f4fee04b3b995562d29d02de5e9aeab2d7b69ea9a31b5e03", "sha256_hash", "payload", "win.poscardstealer", "None", "poscardstealer", "", "95", "False", "None", "None", "0", "Grim"
# Number of entries: 48