Malware sample hashes
Identify files associated with the infostealer samples PrecisionSec discovers and classifies.
Infostealer intelligence
Get malware hashes, payload URLs, malicious domains and C2 IPs tied to the infostealer activity PrecisionSec discovers. Each indicator includes family and infrastructure context when available, ready for detection, hunting and blocking.
Evaluate the live feed
By submitting, you agree that PrecisionSec may contact you about this request. See our Privacy Policy.
Drops straight into the tools your SOC already runs
Inside the intelligence
Start with a discovered sample, then pivot into the domains, URLs and IP addresses involved in delivery and command and control. Your team gets blockable indicators plus the context needed to hunt related activity.
| First seen | Indicator | Type | Confidence |
|---|---|---|---|
| 2m | 4f67c8a1…8d31be | SHA256 Hash | High |
| 6m | payload-sync[.]example | Payload domain | High |
| 11m | 198.51.100[.]42 | C2 IP | High |
| 18m | download-node[.]example/a.exe | Payload URL | Medium |
| 27m | 93bd204e…f6a440 | SHA256 Hash | High |
Malware and infrastructure coverage
Coverage follows the activity PrecisionSec discovers rather than a static family list, connecting malware artifacts to the infrastructure around them.
Identify files associated with the infostealer samples PrecisionSec discovers and classifies.
Track domains and URLs used to stage, host and deliver infostealer payloads.
Block available C2 domains and IP addresses before data is successfully exfiltrated.
Receive stealer-family attribution and related malware or infrastructure context when available.
The intelligence pipeline
PrecisionSec finds infostealer malware samples and the infrastructure connected to their delivery and operation.
Samples and indicators are analyzed, attributed when possible and validated before delivery.
Operational IOCs reach your SIEM, TIP, firewall or API workflow in the format your team already uses.
Built for operations
Deliver the same intelligence to blocking controls, detection rules and investigation workflows without rebuilding your stack.
Current examples
These family pages show part of the current catalog. Infostealer Intelligence also follows newly discovered and not-yet-attributed activity.
Frequently asked questions
Coverage can include SHA-256 or other malware sample hashes, domains, URLs and IP addresses associated with infostealer delivery, command and control, or related activity.
Family attribution is included when the available evidence supports it. Newly discovered or unresolved activity is not forced into a family label before classification is defensible.
PrecisionSec feeds are refreshed as often as every minute. Availability depends on when an indicator is discovered, analyzed and verified.
PrecisionSec combines malware analysis, infrastructure correlation and internal validation, including custom YARA rules where applicable, before indicators reach the feed.
Delivery options include STIX/TAXII, MISP, CSV and REST API access, with workflows for platforms such as Microsoft Sentinel and supported firewalls.
Agent Tesla, AZORult and Lokibot are current examples already represented in the feed catalog. Coverage follows the known and newly discovered infostealer activity PrecisionSec tracks rather than a fixed three-family list.
We review the request and reply within one business day with setup details. The trial provides 15 days of feed access and does not require a credit card.
Request a 15-day trial of the live feed, including malware hashes and associated distribution and C2 infrastructure.