Threat intelligence feed

Ransomware IOC Feed

Ransomware is the highest-impact threat most organizations face. PrecisionSec tracks active ransomware families and the precursor malware that leads to them, so you can break the attack chain before encryption.

15-day free trial · no credit card · cancel anytime

Drops straight into the tools your SOC already runs

Tracking active ransomware

Ransomware rarely arrives out of nowhere. Most incidents begin with a commodity loader or phishing infection, escalate through hands-on-keyboard tooling, and end in encryption once the domain controller is compromised. Blocking the earlier stages is your best chance to stop an attack before it lands, which is why our ransomware coverage spans the full chain, not just the final payload.

Why track it with PrecisionSec

  • Break the attack chain early. Commodity loaders and post-exploitation tools like Cobalt Strike often surface days before encryption, so blocking them buys your team time to respond.
  • Active and historical coverage. Currently tracked families plus retired ones such as GandCrab and Locky, kept for reference and retro-hunting.
  • Built for your stack. Delivered via STIX/TAXII, MISP, CSV and REST API. See all integrations.

Ransomware and precursor-malware IOCs are included in every PrecisionSec intelligence subscription.

Recent Ransomware IOCs

Live Ransomware command & control (C2) indicators, pulled straight from our threat feed and refreshed as fast as every minute. For full coverage and API delivery, sign up for a free trial.

Live feedUpdated 41s ago
First seenIndicatorTypeConfidence
3msecure-update-cdn[.]netC2 domainHigh
9m91.213.50[.]114C2 IPHigh
15mapi-telemetry-sync[.]com/loadPayload URLHigh
22mb7e2f48c…3d90afSHA256 HashMedium
38mnode-relay-7f1c[.]orgC2 domainHigh
Live Ransomware indicators, surfaced and verified the moment they appear. Shown defanged for safe browsing. Get raw, real-time data via the REST API or a free trial.

Ready to see all of our data?

Start your 15-day free trial and get the full Ransomware feed, plus every other malware and C2 feed.

Start a free trial