Welcome to the Threat Trends Digest, a monthly view of real-world threat patterns.
This report compiles data from the previous month using Malware Patrol’s global telemetry and live attack observations to surface key stats on malware, phishing, ransomware, C2s, and domain generation algorithms (DGAs). You’ll find insights into the most exploited TLDs, frequently seen malware hashes and IPs, and other critical indicators. Use this digest to keep a close pulse on attacker behavior, uncover shifting patterns, and better align your defenses with the latest threat activity.
For more articles, check out our #onpatrol4malware blog.
CONTENTS
IOCs
Top Malicious IPs
68.171.213.176
5.189.185.23
198.38.87.214
43.231.112.25
192.95.37.21
64.40.13.26
85.194.202.130
91.213.40.2
213.186.33.19
213.186.33.5
213.186.33.4
162.241.191.17
5.223.56.39
45.56.219.253
83.69.226.16
195.24.68.28
198.20.76.2
173.205.127.152
100.25.96.70
94.125.180.197
Top Malware Hashes
31549917cdc6e3f9d40a48ea5998493f
59ce0baba11893f90527fc951ac69912
8bdd2cdd39b2ad7b679faa50f629ce2b
eec5c6c219535fba3a0492ea8118b397
3849f30b51a5c49e8d1546960cc206c7
a73ddd6ec22462db955439f665cad4e6
be02212ff7f679594d80cfe9ee41e943
fbe51695e97a45dc61967dc3241a37dc
a9438d893c19d866cf720a581c9476bc
796c596185e63803a4ec4003aa60f425
9b6c3518a91d23ed77504b5416bfb5b3
96dd80012c33291e1621b66f5bd66967
dbc520ea1518748fec9fcfcf29755c30
c0fd19c0e4a252efb1864b267fb154ae
c4374912473cd42cfe4e1abab51af40e
5dfc3eefe1c51312d0020910020c4025
221d8352905f2c38b3cb2bd191d630b0
ebbcfb749a959fb53e9fc8b6dc915838
85f8bd82370a634fcb8f5aca3e407395
5a579305a5ed446e5d235fdf055af4df
Top Attacking IPs
176.65.128.158
103.161.34.44
103.161.34.10
95.174.113.63
80.75.212.112
80.75.212.67
130.12.183.13
193.141.60.60
60.251.54.203
176.100.36.20
45.151.123.237
185.16.39.146
45.153.34.106
217.15.166.221
207.180.247.52
38.242.146.242
142.248.80.31
167.86.95.106
93.123.118.228
31.56.102.63
To learn more about how we collect, analyze, and deliver actionable threat intelligence, explore our Threat Intelligence Services. If you’re interested in running your own queries – whether for threat actors, CVEs, infrastructure, or emerging activity – see how our MCP Server helps turn intelligence into practical security insight. Both are designed to support real-world analysis, investigation, and decision-making.