Malware samples and IOCs captured from a multi-service honeypot infrastructure and reported to public threat intelligence platforms.
| Platform | Profile | Type |
|---|---|---|
| MalwareBazaar | nullblue67 | Malware samples |
| ThreatFox | 97135 | Indicators of compromise |
| VirusTotal | NullBlue | Sample analysis |
| Metric | Count |
|---|---|
| Malware samples submitted | 4 |
| Novel samples (first submitter worldwide) | 3 |
| IOCs reported | 5 |
| Botnet C2 infrastructure mapped | 1 cluster (/29 subnet) |
| Monero wallets identified | 1 operator |
| Date | Family | Report |
|---|---|---|
| 2026-05-17 | Outlaw / Shellbot / PerlBot | Full analysis |
threat-intelligence/
├── reports/ Technical malware analysis writeups
├── iocs/ Structured indicators (CSV/JSON)
└── samples/ Sample hash references with MB/VT links
- Capture — multi-service honeypot (SSH, Web, Redis, Docker, PostgreSQL) on internet-exposed VPS
- Analyze — extract IOCs, unpack binaries (UPX), identify C2 infrastructure
- Verify — cross-reference with VirusTotal, Hybrid Analysis, MalwareBazaar
- Report — submit samples to MalwareBazaar, IOCs to ThreatFox
- Document — publish technical writeup with full attack chain
- honeypot — Multi-service honeypot infrastructure that captures the samples documented here
All samples were captured in a controlled honeypot environment specifically designed to attract and analyze malicious activity. IOCs and analysis are published for defensive purposes and shared with the threat intelligence community.