IOC Feed
JSON FeedIndicators of Compromise from Agent Skill supply chain attacks. Updated: 2026-03-23
License: CC BY 4.0 — free to use with attribution.
Active Campaigns
activeClawHavocFirst seen: 2026-01-27
Large-scale supply chain poisoning via ClawHub, distributing AMOS macOS stealer
activeSANDWORM_MODEFirst seen: 2026-02-20
MCP config injection worm spreading through typosquatted npm packages
activeFake Installer (Huntress)First seen: 2026-03-04
Bing AI search poisoning leading to fake OpenClaw installers distributing GhostSocks and Vidar
monitoringLazarus XPACKFirst seen: 2026-02-04
North Korean APT supply chain attack via npm bigmathutils package
C2 IP Addresses (8)
| IP | Campaign | First Seen | Description |
|---|---|---|---|
| 91.92.242.30 | ClawHavoc | 2026-01-27 | Primary AMOS C2, 824+ skills |
| 95.92.242.30 | ClawHavoc | 2026-01-27 | Secondary C2 |
| 54.91.154.110 | ClawHavoc | 2026-01-28 | Reverse shell backdoor, port 13338 |
| 202.161.50.59 | ClawHavoc | 2026-01-28 | Payload staging server |
| 185.196.9.98 | Fake Installer | 2026-03-04 | GhostSocks/PureLogs C2 |
| 45.33.32.100 | SANDWORM_MODE | 2026-02-20 | Worm exfil endpoint |
| 103.224.212.44 | SANDWORM_MODE | 2026-02-20 | Secondary C2 |
| 185.29.10.88 | Lazarus XPACK | 2026-02-04 | RAT C2 endpoint |
Malicious Domains (9)
| Domain | Context |
|---|---|
| glot.io | Base64-encoded shell script hosting for AMOS delivery |
| webhook.site | Credential exfiltration endpoint |
| pipedream.net | Data exfiltration via serverless functions |
| requestbin.com | Credential capture |
| ngrok.io | Tunneling for C2 and exfiltration |
| interact.sh | OAST tool for out-of-band exfiltration |
| install.app-distribution.net | AMOS installer distribution |
| serverconect.cc | PureLogs C2, port 56001 |
| moltbook.com | Agent-to-agent poisoning via AI social network |
File Hashes (7)
| SHA-256 | File | Campaign |
|---|---|---|
| 17703b3d5e8e1fe6... | openclaw-agent.exe | ClawHavoc |
| 1e6d4b0538558429... | x5ki60w1ih838sp7 | ClawHavoc |
| 0e52566ccff4830e... | AMOS variant | ClawHavoc |
| 518ff5f147860ede... | OpenClaw_x64.exe | Fake Installer |
| f03eb5ee2de5f6f7... | cloudvideo.exe | Fake Installer |
| 40fcbf9f89f17619... | svc_service.exe | Fake Installer |
| a22ddb4f2c0f5760... | serverdrive.exe | Fake Installer |
Malicious Publishers (9)
| Publisher | Campaign | Skills | Description |
|---|---|---|---|
| hightower6eu | ClawHavoc | 354 | Crypto/finance/social bait skills |
| sakaen736jih | ClawHavoc | 199 | Automated mass submission |
| davidsmorais | ClawHavoc | - | Hijacked account (est. 2016) |
| 26medias | ClawHavoc | 2 | bob-p2p-beta crypto scam |
| clawdhub1 | ToxicSkills | - | Typosquat of clawhub |
| sandworm-npm-actor1 | SANDWORM_MODE | 19 | npm typosquat packages |
| openclaw-installer | Fake Installer | - | Fake GitHub org |
| install-openclaw | Fake Installer | - | Fake GitHub org |
| lazarus-bigmath | Lazarus XPACK | - | North Korean APT |
Malicious Packages (6)
@anthropic/sdk-extra@anthropic/cli-toolsclaude-code-utilscursor-mcp-bridgewindsurf-mcp-bridgemcp-server-utils
Integrate IOC data into your pipeline
Machine-readable JSON feed available at /ioc-feed.json
curl https://clawsafety.yisec.ai/ioc-feed.json