Skip to main content

ThreatFox IOCs for 2021-03-22

Medium
Published: Mon Mar 22 2021 (03/22/2021, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2021-03-22

AI-Powered Analysis

AILast updated: 06/19/2025, 13:33:23 UTC

Technical Analysis

The provided threat information pertains to a collection of Indicators of Compromise (IOCs) published on March 22, 2021, by ThreatFox, a platform specializing in sharing threat intelligence data. The threat is categorized as malware-related, with a focus on OSINT (Open Source Intelligence) data. However, the details are minimal, with no specific affected product versions, no Common Weakness Enumerations (CWEs), and no known exploits in the wild. The threat level is indicated as 2 on an unspecified scale, with a medium severity rating assigned. The technical details suggest moderate distribution (level 3) but low analysis and threat levels (1 and 2 respectively). There are no patch links or mitigation details provided, and no specific malware family or attack vector is described. The absence of indicators and exploit data implies this is likely an intelligence report or a collection of IOCs rather than an active, targeted malware campaign. The threat appears to be informational, possibly aimed at improving situational awareness rather than indicating an immediate, exploitable vulnerability or active malware outbreak.

Potential Impact

Given the lack of specific exploit details, affected products, or active exploitation, the direct impact on European organizations is likely limited at this time. However, the dissemination of IOCs can aid defenders in identifying and mitigating potential threats early. European organizations that rely on OSINT tools or threat intelligence platforms may benefit from integrating these IOCs into their detection systems to enhance their security posture. The medium severity rating suggests a moderate level of concern, possibly due to the potential for these IOCs to be linked to malware campaigns elsewhere or future exploitation. Without concrete exploit data, the impact on confidentiality, integrity, or availability remains speculative but is likely low to medium. Organizations should remain vigilant, especially those in critical infrastructure, finance, and government sectors, where early detection of malware indicators can prevent escalation.

Mitigation Recommendations

1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) systems and threat intelligence platforms to enhance detection capabilities. 2. Regularly update threat intelligence feeds to ensure the latest IOCs are incorporated promptly. 3. Conduct internal network and endpoint scans using the IOCs to identify any signs of compromise. 4. Enhance monitoring of OSINT tools and related infrastructure for unusual activity that may correlate with these IOCs. 5. Train security teams to recognize and respond to alerts generated by these indicators, emphasizing the importance of early detection. 6. Collaborate with information sharing groups and CERTs to exchange insights related to these IOCs and any emerging threats. 7. Maintain robust incident response plans that can be activated if these or related IOCs indicate an active compromise. These recommendations go beyond generic advice by focusing on proactive integration of the IOCs and collaboration within the security community to mitigate potential risks associated with this intelligence.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
eb46a160-263a-46a8-9467-801d2f2aed6f
Original Timestamp
1616457781

Indicators of Compromise

Hash

ValueDescriptionCopy
hashc14dd4a0831ea2548e1ddfd54b9704fe8ad0057924ede041c8c064b66690a028
Avaddon Ransomware payload (confidence level: 50%)
hash7e581424371b20d2b5a88547817c7350ac70a83940383ccf4293f38d866a0a84
Avaddon Ransomware payload (confidence level: 50%)
hashadc75b7ab8b9296814d8f9c23d6033b1eb4b45550c1ddab30cdc7654f98dc46b
Avaddon Ransomware payload (confidence level: 50%)
hash3d89284d1531d1f3d9c307f712d5fd8cc9f30bfa486e883265a9e0809fde4beb
Avaddon Ransomware payload (confidence level: 50%)
hash81460c49d0fc5b42809fe0d972aca83afff66b397a3969b9e9b1bea187c69857
Agent Tesla payload (confidence level: 50%)
hash877beaa80c9217e7e5519795684b2bb58f38bd744d9953614d774b1ab145243c
Agent Tesla payload (confidence level: 50%)
hashe6838ebe65f6aac3f6c6c6ca38595e421bca18551e41d7f3cfd34d99490fb9a2
Agent Tesla payload (confidence level: 50%)
hash9dc49a30b6e05f1d18b75635ae4a9549cfc12f155b2e6e137474d53b107d0d61
Agent Tesla payload (confidence level: 50%)
hashcc7b8a96b39e82a3a0042388a3757e061e7d9281eddc6cefd6118877a5dad767
Agent Tesla payload (confidence level: 50%)
hashf9b0193780989df57bdf746917310573ee0bb92e28dc18ac2ed6083a21aace3f
Agent Tesla payload (confidence level: 50%)
hashea56de215bc6fbfb116983f35df83c574d8728892c174fc3213ffd7341232b66
Agent Tesla payload (confidence level: 50%)
hash9189313c82849b055af58dd07b281ab0f8cd50a9a043524fc0e2b3a02d961405
Agent Tesla payload (confidence level: 50%)
hash9c01c760a5cce234c0c981bb8800a271d261c60ac8adf163004924a890974415
Agent Tesla payload (confidence level: 50%)
hash630b7a3cfe5599adfb724bf39699403945eaddd554061fd5884e19aeba759dcf
Agent Tesla payload (confidence level: 50%)
hash4019c67195976c1cdca0270a75b114aa8dd920db390eb28c23389767d6fb5148
Agent Tesla payload (confidence level: 50%)
hashf71929f0fdaf8eafbbe1cc4a9858aed0830ca26e53e4505de74bfcd855adee99
Agent Tesla payload (confidence level: 50%)
hash99da43724bff90a0b379595749b250b0be0a70f72908d07960225ef7c2d94930
Remcos payload (confidence level: 50%)
hashe61db7b6a21f08f884da1fd200ff4920b4c4921fc8e093b7e84d25b03ad1cbe2
Remcos payload (confidence level: 50%)
hashcbe1a0546d372589ee3c41bbaac3946dee9910095c193c97f1a118c2405bfaf8
Remcos payload (confidence level: 50%)
hashaa75348f2d473120ade2b3b4793d197fd3644e8b0d7e24b2fcc6a6a1593ad829
Remcos payload (confidence level: 50%)
hash1078
Nanocore RAT botnet C2 server (confidence level: 75%)
hash44ee08d248f5a3ba3db3d8a46727ebd0796c963529a099f43958e093ff7b122d
Agent Tesla payload (confidence level: 50%)
hash2bced99ec2251a54614492979bf54b00ed7829e653f5af6bf5257ac3e41e252d
Agent Tesla payload (confidence level: 50%)
hashefb5ee93cfb2bdcf1a0391c00d3a8fbd23ffe6862fa302bef3a839e8f39453fa
Agent Tesla payload (confidence level: 50%)
hash643d9879bedc224363f5d797560888c711b76235cbb80ca8550dafe0b6bc473c
Agent Tesla payload (confidence level: 50%)
hash5c2d0d71752c9caae2e5e7e9b93c9b2f7b3d8843dc0de95e179d3642057b5659
Agent Tesla payload (confidence level: 50%)
hash4301fe0d8373ddd085c4c5a4c0efbf77e3d9fd787ab4c346345598bd643b1840
Agent Tesla payload (confidence level: 50%)
hashf1a6e6f1629f59367de2c4271a4632b7d39a5b84e0f3dfb0e10499107a5ba96e
Agent Tesla payload (confidence level: 50%)
hash0c0df00ca734c3095b574528532615545f7a357c2d589eee5f463bd8ca90da61
Agent Tesla payload (confidence level: 50%)
hashbf13bbab900b3950670c7ec1382bb063de3790e426039c126bb7d46999d84666
Agent Tesla payload (confidence level: 50%)
hash68103e7faf7ae08f4ccf69613e345a2bc2c62512d8d841a1ce8a826648bf5deb
Agent Tesla payload (confidence level: 50%)
hash3e964f02716142d9dad5f7ca4951451b367f15e8d457346408d8977fea15e443
Agent Tesla payload (confidence level: 50%)
hashe483187b5b8d242d867692459b0e09c47b554c09de9360346810d018c2d00674
Agent Tesla payload (confidence level: 50%)
hash510768bfa392b714c73dda02fa27430c67036bfb33240b27f405a39931069ed0
Agent Tesla payload (confidence level: 50%)
hashd6056ae875acaaa568e9449e33d664857eecca781d4ca3ab5d2547f17b647edc
Agent Tesla payload (confidence level: 50%)
hash96be17cdcc9ea6acc0cb3ff4e463ad708b4abba9e66804040294b7c7dbdaf4a8
Agent Tesla payload (confidence level: 50%)
hashc062a826e467a5e607d373ab12fcae11d0eec7ff4fdfe04d4e5de4250d7f8f88
Formbook payload (confidence level: 50%)
hashb2763d0bd70e672d77d8b2e1a78e0c358bc611a2fc27df8dc90e764fc7aaea6d
Agent Tesla payload (confidence level: 50%)
hash95858affddfd1a8be9d34e24b2eff3658a1e84911839b30d4406ede63e7593e7
Formbook payload (confidence level: 50%)
hashfbd84cb8e6af7a001f186ce8bde8bd4cb163a77113b6cee0342b148fbaf2b386
Formbook payload (confidence level: 50%)
hashe51f74334991db50b298e677cde8bb7d6bf85870f9285fdf8e9513aef5169984
Formbook payload (confidence level: 50%)
hashdbf6333c8d18ebf77677a40afd504e9607538a9f261771c718189d3542b2823c
Nanocore RAT payload (confidence level: 50%)
hash0c43423a791ef10ec10b693781e8d20f0d29a01b826b8a88981eb8ee0a7af988
Nanocore RAT payload (confidence level: 50%)
hash45c6dbcdf27ae1eafd5f1beec6d36d2e1d069f602f169dceabe4d8662ae390d1
Nanocore RAT payload (confidence level: 50%)
hash51220571769bff70fd81dfd1132ef402f72977a038b5f4e7472ec4574aecf638
Nanocore RAT payload (confidence level: 50%)
hash8c7c70774bf8dff8e48f15840b7d853a17365ab71460e68699b3ab6f863729bf
Nanocore RAT payload (confidence level: 50%)
hash7c7cfd8f37c82e6c55f4e11796acff31492616207e407f814c4aa943a5cc2bbd
Nanocore RAT payload (confidence level: 50%)
hashcd9f321492c4d4db186ff9bf5bce3c4f91e5a807100712e4ad55f001f6c01053
Nanocore RAT payload (confidence level: 50%)
hash69fa6ebff614598a1243cb00bc9a7c69e60fca3c3fd93da4157c418d202f1542
Nanocore RAT payload (confidence level: 50%)
hash5a9851575ac7feaabfd484aee3296eea2b2b18c04609a8fe1e1953f847f2c428
Nanocore RAT payload (confidence level: 50%)
hashbf3e15c717d14fd550a694f56e737bbb400f86ad5130afd39ed12ca54c4f154d
Nanocore RAT payload (confidence level: 50%)
hashf282dc5ab1b670b8ca4bade0458a2769f73535c0550338dba3b44888b3b826c6
Nanocore RAT payload (confidence level: 50%)
hash70d380ff6c5ccd4a2c9ecf86965df3605cd396c40056b8a3de2333e137ffd1fc
Nanocore RAT payload (confidence level: 50%)
hash9a312ce83cf5bb827d5a150688db81bc3d423792e452743b904e1006eacdd47d
Agent Tesla payload (confidence level: 50%)
hashe766f99b6ba1b671d580b832a7a0b91da64fe11ecda45509a91621ea9bdc3856
Agent Tesla payload (confidence level: 50%)
hashb399203403e92ab8865f492c93233be4d4d1ac1316c571b43171a052c7b214d7
Agent Tesla payload (confidence level: 50%)
hashe7633b5e689cf02b768c5a972a9feb5e123dba2b0df5fbcbd9e7a6370160dc85
Agent Tesla payload (confidence level: 50%)
hashe7232f9b2aaac21bd0a2787b88402098dfebb672e24f5d7861be48d4403ad691
Agent Tesla payload (confidence level: 50%)
hash669fa8cb14463fe4d7e152c852686a8d27bfa932e8a51e8064fc26da0ef040b9
Agent Tesla payload (confidence level: 50%)
hashd2f7806710cc1d6eff94f111031b9fd25ff6908a29e5d9aea94a7b4ed063a18d
Agent Tesla payload (confidence level: 50%)
hash34a8eeb585901bc256165cc17da648b05eed0ed618099afd15b2d153805ebac4
Agent Tesla payload (confidence level: 50%)
hash70578ccd62966848e620162ba09a2643d656856da99529451f39f4a328eb9663
Raccoon payload (confidence level: 50%)
hash4a6381b3f000f55c4a9f3222907f2fd0af74d54c8b9249956ec46007022440e3
Raccoon payload (confidence level: 50%)
hashaa28c45fdbbb903b0dcfaa9e7ba9461ea02bb3f1dcaa9ace2082e14fdbcda73b
Raccoon payload (confidence level: 50%)
hash9cda1177646d0a69217e80541b33a93f1343a3406729fd09fb19a19808cfed4b
Raccoon payload (confidence level: 50%)
hashdd1729a38390a5df25a2272110865b7faacb14b628059ee31b21f3c2d024abba
Nanocore RAT payload (confidence level: 50%)
hash49c4e40a873857ae95a16871d8d10be2c1388980099f83247dd8d9a00ee3ec51
Nanocore RAT payload (confidence level: 50%)
hash7690cfd6d308c8e14645cfd29997faefa6ebb6553166cb5c2dad2b1b72eb3c65
Nanocore RAT payload (confidence level: 50%)
hash8b57b603294b7fe83b72b0b8efa9f70aa4fc9b9e5d6b3a8200cc77194b846eeb
Nanocore RAT payload (confidence level: 50%)
hasha567c1bce69110434087f78f3778878036cd56b79819d35b3a0cff29cf836824
Agent Tesla payload (confidence level: 50%)
hash57f92c2c19531e7ddc989cf9d7e07b1348da222c80950938b957bcf838a7aa70
Agent Tesla payload (confidence level: 50%)
hash88d6342ccae8c8af4195bcb8c8d41230821ff2d1d5d559e074e240d903af840d
Agent Tesla payload (confidence level: 50%)
hash1cc802a94680f5d539c94fadf81c4d80096ee1c39d5aec78d54f8590b24ec065
Agent Tesla payload (confidence level: 50%)
hash11301
Nanocore RAT botnet C2 server (confidence level: 100%)
hash2abef54041681b9251673959524c002821e9e90483c7cdc0e3668bf2cc2c91ce
Agent Tesla payload (confidence level: 50%)
hash91006c58f26cf791bc0d2981879e1b3cb045d9013dc3a92a158ce8968bd61ff4
Agent Tesla payload (confidence level: 50%)
hash393720d4318b83a913f939ea6e47dd949798dfa34a4111e9076392b75cd05a28
Agent Tesla payload (confidence level: 50%)
hash9e3950920cb5310ae16bbcfe2488ebe9e088cf49c8ed2a8cbfe4febf9c3b8812
Agent Tesla payload (confidence level: 50%)
hash945fd7f1f9295af69bb5799a43d96d370c2e38ef08b4fc9b8258031ff99723f4
Agent Tesla payload (confidence level: 50%)
hash368107d0fc6b74e7a345aacd7237cd555e15167205f16422077722118c5e8b54
Agent Tesla payload (confidence level: 50%)
hash738041646987292e3481975de9ec549f92af376f912942f049b66d432d4c2cac
Agent Tesla payload (confidence level: 50%)
hash1b007122ba58833d920bf12b3323bf9a85656b0ec8563c3d7b1e4ae60ec2f22e
Agent Tesla payload (confidence level: 50%)
hash6601
Dridex botnet C2 server (confidence level: 75%)
hash443
Dridex botnet C2 server (confidence level: 75%)
hash6601
Dridex botnet C2 server (confidence level: 75%)
hash1985
Nanocore RAT botnet C2 server (confidence level: 75%)
hashc52ddeac61f16fb23ff925617fba081392b7aabe47c82c765513755d38e62cde
Nanocore RAT payload (confidence level: 50%)
hashdbb5fdf59b0472e51fcfb8378193bbea6668b2a4ef05e0740c431e6b953790a5
Nanocore RAT payload (confidence level: 50%)
hash0b6af927e2fe6f7f6d61bcb3dd03d9ce13a421ca97f4c13e48277250e7d45cf1
Nanocore RAT payload (confidence level: 50%)
hash5b5c333cf418afb890001fae4b6eaa20ef1b92579ddd141e8f2b6edb94ee44fa
Nanocore RAT payload (confidence level: 50%)
hash456dc28731284188734ef4724d38dca91dcba6c780e6268603365967522cdd6e
Conti Ransomware payload (confidence level: 50%)
hashe505815e8a4c215f2ae567d8cf8de8a737c13c6f6990c113db6943ae30b93af9
Conti Ransomware payload (confidence level: 50%)
hash4478feb1e3c98220f50ce341665087b7f6c1d9c290e42f54812bc55da5b3707d
Conti Ransomware payload (confidence level: 50%)
hashe76c7056eb310097574fd6b3d04d7bd91ca409ea390b635a55006d3c365994df
Conti Ransomware payload (confidence level: 50%)
hashe7262d493fb1cfcbb049abfc4c6d79396051010005eac553cdff3dded813d65b
Agent Tesla payload (confidence level: 50%)
hashc1a624ecda07d88856ef33a7a3bfef7c729b4a34a3584c4119fbd6b075435e6b
Agent Tesla payload (confidence level: 50%)
hashbcbf6b274d6af41a326818e77498a3d6494151d2c241b4a9a4b22bcccd929f18
Agent Tesla payload (confidence level: 50%)
hashc2aa11e6b28a3b0d34317be63915e5d4a0dc9e0a01e9441731138a9c70cd83ac
Agent Tesla payload (confidence level: 50%)
hasha6bfec97571932d3f1aafecda1bc354a84c6292863e4b388381c78c125d2f752
Agent Tesla payload (confidence level: 50%)
hashf9ba24cc525113b047d4efabcf15932b7f81c4eb10f10e2e168f983bf82e292d
Agent Tesla payload (confidence level: 50%)
hasheb82fa045b5324e02a27e0e4443285c08961a4f2af8d7654bbbfe4a96c753140
Agent Tesla payload (confidence level: 50%)
hash4198ede31eb9494c81c56c74380c8f403ba98bbcace8d981dcf122d651865b2e
Agent Tesla payload (confidence level: 50%)
hash2dc07e970dd5581d1bd22d69e454dceda70d8f87cc84757f86c094b2fdb7f985
Formbook payload (confidence level: 50%)
hash0fc53546d5bbb5d134e1ee3e7f8ad81f58b00f31a9da9f8b2ff82ea2931137f5
Formbook payload (confidence level: 50%)
hash101c588be39f38d878c9ef627951074744975fa01391f0a78d2e3ee7eadacbf9
Formbook payload (confidence level: 50%)
hasheb1acfe9969b26f571e664ce5c46eb9973582fa9d3a5935a12af8b9797ebb320
Formbook payload (confidence level: 50%)
hashb96e5b8548a31fc43385a31b1c23a9ad95440309ccc6baa10dced1833e118d5e
Agent Tesla payload (confidence level: 50%)
hashc9505b05920fb108a2800dd050fd415cae9f2feb744d7fa3aeb851a68a9bbb89
Agent Tesla payload (confidence level: 50%)
hash239a6c18532eed55cfba4207b89d2672c9659bd9c69060f7a776fb6f79d2ac50
Agent Tesla payload (confidence level: 50%)
hashb08728c2e31276b2da35ec2fcafb4eb767499ecdf8f2e7152b413a25677bd54a
Agent Tesla payload (confidence level: 50%)
hashc165328cf61e71b97efd22e1d9a1a10a5d8c840e0da8e54b5240a527ffdd4654
Agent Tesla payload (confidence level: 50%)
hash920b80d9635ff2e877a792e970f6c2b655a5ce455a31180194493fdd11a21c32
Agent Tesla payload (confidence level: 50%)
hashf588b87bc42ddcd3ba0cb613ccee73f356bcd6f0f8a89f7b1c5c93f93790367c
Agent Tesla payload (confidence level: 50%)
hash3500813094f9ce5d590c430615d3e7dbff354449429ad4fed3ec4f52d91aee48
Agent Tesla payload (confidence level: 50%)
hash8586d6e894f67e2a18b10e6256d5b598
BazarBackdoor payload (confidence level: 50%)
hashb2ab5d8639c89d42acbdc362b86aca91
Agent Tesla payload (confidence level: 50%)
hash963ce4af796ddcef59ad7b1676ca5ddf7f437fee9c97d96a3aad99781f268e89
Raccoon payload (confidence level: 50%)
hash8c2b2f56415981557ec7e2f321decb4cc3e7514d7e1007370e082ada9fae702c
Raccoon payload (confidence level: 50%)
hash118f24dab3dce4a5ae6e3ab078551cbc628b475abeeafa07a5972622aaa38812
Raccoon payload (confidence level: 50%)
hashd6f2d1cda7697f735d476fcbb1079ce6076202adcc3f274f8ec683ba426ee598
Raccoon payload (confidence level: 50%)
hashdb788246d0e6cc7a761dc816bdf41e32fe96919679b5652630e90aaa7abbb8b0
Agent Tesla payload (confidence level: 50%)
hashd173d9852aa30345cc7664c4433945fdac58c1f4fdd7ddb970b4dcc1c8ea1590
Agent Tesla payload (confidence level: 50%)
hashc9059c8392aea3529a1ee2b90178fcdf924364b97803a7bdc054127fc9889384
Agent Tesla payload (confidence level: 50%)
hash2c6cf4bb5ff992e99ca0c27e00de168117425ee41c15d40e05bdf082387c7916
Agent Tesla payload (confidence level: 50%)
hash7a8e27f4732de792d7904a347061efd90e892a954206adb676fe8b8a914ca3fa
Agent Tesla payload (confidence level: 50%)
hash037f9eda5bbcf27d2dcecb38633db581fe5e9fb996601c2ef146f1dbdb184beb
Agent Tesla payload (confidence level: 50%)
hash08e4c4a6de26a2fc5abd1fdb7dc061d1419119ba2532973721b66cd7558278f6
Agent Tesla payload (confidence level: 50%)
hash992765aae3e0ebe11e026c126203d103fe65bf57536f78c53e30cb93c60f6eba
Agent Tesla payload (confidence level: 50%)
hash8523
NetWire RC botnet C2 server (confidence level: 100%)
hash80
Ficker Stealer botnet C2 server (confidence level: 100%)
hash3361
BitRAT botnet C2 server (confidence level: 100%)
hash5353
AsyncRAT botnet C2 server (confidence level: 100%)
hash16874
NjRAT botnet C2 server (confidence level: 100%)
hash16874
NjRAT botnet C2 server (confidence level: 100%)
hash16874
NjRAT botnet C2 server (confidence level: 100%)
hash16874
NjRAT botnet C2 server (confidence level: 100%)
hash16874
NjRAT botnet C2 server (confidence level: 100%)
hash16874
NjRAT botnet C2 server (confidence level: 100%)
hash443
Dridex botnet C2 server (confidence level: 50%)
hash1d09b5416199a1d7eea4c54b9202a55773dc3598822b22028be000f32ce61ae9
Agent Tesla payload (confidence level: 50%)
hashda8eb12e5fcf6d9b6ac303c5a70d29ccdf236afcc88ca935c1f8198e6ec28e6b
Agent Tesla payload (confidence level: 50%)
hash9c05600bc6b00d529a7448a50c76b76bd3724ddc0c029e5c465ae0eb94a3e41f
Agent Tesla payload (confidence level: 50%)
hashbbbf26221963b20a6d88c5bccd15c6d86bdc46163b7d089d91488115ec6efbe9
Agent Tesla payload (confidence level: 50%)
hashaad29b6eff197e7c7da88761b20d732733d1caca1f803558db8b9e4feb9d9a7d
Dridex payload (confidence level: 50%)
hash5010
Ozone RAT botnet C2 server (confidence level: 100%)
hash2703
AsyncRAT botnet C2 server (confidence level: 100%)
hash8078
STRRAT botnet C2 server (confidence level: 100%)
hash7888
STRRAT botnet C2 server (confidence level: 100%)
hash6601
AsyncRAT botnet C2 server (confidence level: 100%)
hash2703
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Qealler botnet C2 server (confidence level: 100%)
hash8855
LimeRAT botnet C2 server (confidence level: 100%)
hash6735
Nanocore RAT botnet C2 server (confidence level: 100%)
hash2222
NetWire RC botnet C2 server (confidence level: 100%)
hash80
Ficker Stealer botnet C2 server (confidence level: 100%)
hash8808
Nanocore RAT botnet C2 server (confidence level: 100%)
hash1234
BitRAT botnet C2 server (confidence level: 100%)
hash11301
Nanocore RAT botnet C2 server (confidence level: 100%)
hashc5792ce2154c652d9102fa4982dcfce3
Hancitor payload (confidence level: 50%)
hash19264
NjRAT botnet C2 server (confidence level: 100%)
hash19264
NjRAT botnet C2 server (confidence level: 100%)
hash19264
NjRAT botnet C2 server (confidence level: 100%)
hash19264
NjRAT botnet C2 server (confidence level: 100%)
hash19264
NjRAT botnet C2 server (confidence level: 100%)
hash19264
NjRAT botnet C2 server (confidence level: 100%)
hash4207
NjRAT botnet C2 server (confidence level: 100%)
hash5552
BitRAT botnet C2 server (confidence level: 100%)
hash6805
BitRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash64631
NetWire RC botnet C2 server (confidence level: 100%)
hash2405
Remcos botnet C2 server (confidence level: 100%)
hash6735
Nanocore RAT botnet C2 server (confidence level: 75%)
hash1000
AsyncRAT botnet C2 server (confidence level: 100%)
hash5505
BitRAT botnet C2 server (confidence level: 100%)
hash1605
AsyncRAT botnet C2 server (confidence level: 100%)
hash2009
Remcos botnet C2 server (confidence level: 100%)
hash2364
Nanocore RAT botnet C2 server (confidence level: 100%)
hash2703
AsyncRAT botnet C2 server (confidence level: 100%)
hash1116
Nanocore RAT botnet C2 server (confidence level: 100%)
hash7143
Remcos botnet C2 server (confidence level: 100%)
hash2364
Nanocore RAT botnet C2 server (confidence level: 75%)
hashd4fc99799273a7091629bd0a87c8d820
Agent Tesla payload (confidence level: 50%)
hash104e52c0676debc40745bda6d0a9e3a5
Agent Tesla payload (confidence level: 50%)
hashe73deb31792392fd594e9aa419904391
QNAPCrypt payload (confidence level: 50%)
hashdf3588fb9997696586162288ec739a17
QNAPCrypt payload (confidence level: 50%)
hashb7b4beb6f830ff790cf1f21015cf92d6
QNAPCrypt payload (confidence level: 50%)
hashfd2cc0c858b7b92b32d86f7bb8a48d56798667a2bc7e75fe44f074178ea3a0d6
Dridex payload (confidence level: 50%)
hash9a466e559e5141ea8ef4a9a1194746b7c8921c63bcd1d3b910d75e6388619eb8
Dridex payload (confidence level: 50%)
hash9d35695553cd3c3f44930e214730676590a7eb47d135fb9c5dbd4d39e105dd56
Dridex payload (confidence level: 50%)
hasha72639cdddbb5f136834cd7c617c291064b78e0a32dadc1c21d99afd2903472b
Dridex payload (confidence level: 50%)
hashed6d830e92ec1c4b230e2505491487c9
Qealler payload (confidence level: 50%)
hash63435df08be731cf518a4ec754458ee4
Qealler payload (confidence level: 50%)
hash06fec711d6d4cc7d3446fdad1245c0cf7fee3bfb755039cfc3dad9bd25777bb1
Formbook payload (confidence level: 50%)
hash3a5b1985cf04964dad2e3dbe52f0e742d39b51a7e18a08a253761c3d5ce8977b
Formbook payload (confidence level: 50%)
hash92e01cf56625e95b0d5c7f0706403ddcb068bdcd82e82a45ed9c296f0df394d4
Formbook payload (confidence level: 50%)
hash5d5a3d47e627789966320b0a6b6f73950cd93947ccede180964c0838c9cb4af5
Formbook payload (confidence level: 50%)
hash4cf6fb8514073319e7759b4f66d13f08
BazarBackdoor payload (confidence level: 50%)

Url

ValueDescriptionCopy
urlhttp://becharnise.ir/fb10/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttp://weilde.at/klein/index.php
Azorult botnet C2 (confidence level: 75%)
urlhttps://parisahome.com/squad/panel/five/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttp://111.229.107.34:80/ca
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://becharnise.ir/fb11/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttp://141.136.0.33/1/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://87.251.79.157/bo22/1/pin.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttps://nadar-gis.com/post.php
Zloader botnet C2 (confidence level: 50%)
urlhttps://crown-sign.com/post.php
Zloader botnet C2 (confidence level: 50%)
urlhttps://dainikjahan.com/post.php
Zloader botnet C2 (confidence level: 50%)
urlhttps://alekllemtilaro.tk/post.php
Zloader botnet C2 (confidence level: 50%)
urlhttps://svilapp.svgipsar.org/post.php
Zloader botnet C2 (confidence level: 50%)
urlhttps://crearqarquitectos.com/post.php
Zloader botnet C2 (confidence level: 50%)
urlhttps://denatureedutech.com/post.php
Zloader botnet C2 (confidence level: 50%)
urlhttp://parisahome.com/squad/panel/five/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://217.12.209.160:33333/
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://185.153.198.36:10202/
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://tor.void.gr/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://browserss.ru/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://tor.download-windows.org/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://tor2web.ru/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://free-browsers.ru/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://tor-project.ru/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://4browser.ru/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://torbrowser-free.ru/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://xn--80abnh7bds1e.xn--p1acf/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://tor.browser.ideaprog.download/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://tor-browser.ru.uptodown.com/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://tor-browser.ru/gates.php
Pony botnet C2 (confidence level: 100%)
urlhttp://tor-browser.ru/
Pony botnet C2 (confidence level: 100%)
urlhttp://193.38.55.26:3214/
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://rusianlover.icu/forum/logout.php?pid=701
BetaBot botnet C2 (confidence level: 100%)
urlhttp://juhjuh.com/
Arkei Stealer botnet C2 (confidence level: 100%)
urlhttp://109.234.37.179:45888/
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://kencana-sakti.com/mb/panel/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://bengalcement.com.bd/axpu/index.php
Azorult botnet C2 (confidence level: 100%)
urlhttp://becharnise.ir/fb19/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://skinnycat.top/
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://217.12.209.82:44444/
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://103.151.123.20:12320/
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://51.195.53.221/p.php/z3zeiqcu6gm6t
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://203.159.80.87/demo/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://212.109.218.124/cfg/
Taurus Stealer botnet C2 (confidence level: 100%)
urlhttp://tor-browser.softok.info/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://tor-browser.ru/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://torrbrowser.ru/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://tor-browser-windows.browser.su/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://tor-browser-free.ru/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://tor.install-download.net/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://tor-browser.softonic.ru/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://tor-project.ru/gates.php
Pony botnet C2 (confidence level: 100%)
urlhttp://tor-project.ru/
Pony botnet C2 (confidence level: 100%)
urlhttp://nstadldrnan.xyz/
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://tor.download-windows.org/gfate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://free-browsers.ru/gagte.php
Pony botnet C2 (confidence level: 100%)
urlhttp://tor-project.ru/gajte.php
Pony botnet C2 (confidence level: 100%)
urlhttp://tor.void.gr/ghate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://tor-browser.ru.uptodown.com/gatje.php
Pony botnet C2 (confidence level: 100%)
urlhttp://4browser.ru/gakte.php
Pony botnet C2 (confidence level: 100%)
urlhttp://browserss.ru/gjate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://webbrowsers.ru/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://picturework.top/
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://zotilaetam.xyz/
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://erherst.tk/
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://networkdata.host56.com/blog/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://myflightstone.3utilities.com/fokgkp/panel/five/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://51.195.53.221/p.php/4wkoqpxhdhyuh
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://wonkwonschoolrp.hopto.org/aiofjg/panel/five/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://password.market/3gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://password.market/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://password.market/4/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://password.market/1/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://password.market/2gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://password.market/
Pony botnet C2 (confidence level: 100%)
urlhttp://password.market/gsdfate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://password.market/page/faq
Pony botnet C2 (confidence level: 100%)
urlhttp://password.market/afdhsfs/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://password.market/gshate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://password.market/fgh/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://password.market/gsdgate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://password.market/gafte.php
Pony botnet C2 (confidence level: 100%)
urlhttp://www.password.market/panel/reg
Pony botnet C2 (confidence level: 100%)
urlhttp://password.market/ggaafhate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://canri.org/wpcss/image/colour/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://142.11.210.173/second/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://akhtargroup.xyz/niggab-x/panel/five/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://51.195.53.221/p.php/fgbebrohmwbrq
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://bananinze.com/upload/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://bingooodsg.icu/upload/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://daunimlas.com/upload/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://ginessa11.xyz/upload/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://junntd.xyz/upload/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://overplayninsx.xyz/upload/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://xsss99.icu/upload/
SmokeLoader botnet C2 (confidence level: 75%)

File

ValueDescriptionCopy
file194.5.97.16
Nanocore RAT botnet C2 server (confidence level: 75%)
file3.121.139.82
Nanocore RAT botnet C2 server (confidence level: 100%)
file103.18.108.116
Dridex botnet C2 server (confidence level: 75%)
file210.65.244.179
Dridex botnet C2 server (confidence level: 75%)
file37.247.35.130
Dridex botnet C2 server (confidence level: 75%)
file79.134.225.86
Nanocore RAT botnet C2 server (confidence level: 75%)
file185.208.158.210
NetWire RC botnet C2 server (confidence level: 100%)
file45.141.87.55
Ficker Stealer botnet C2 server (confidence level: 100%)
file5.206.224.224
BitRAT botnet C2 server (confidence level: 100%)
file89.216.27.61
AsyncRAT botnet C2 server (confidence level: 100%)
file3.17.7.232
NjRAT botnet C2 server (confidence level: 100%)
file3.134.39.220
NjRAT botnet C2 server (confidence level: 100%)
file3.14.182.203
NjRAT botnet C2 server (confidence level: 100%)
file3.134.125.175
NjRAT botnet C2 server (confidence level: 100%)
file3.22.30.40
NjRAT botnet C2 server (confidence level: 100%)
file3.13.191.225
NjRAT botnet C2 server (confidence level: 100%)
file210.65.244.182
Dridex botnet C2 server (confidence level: 50%)
file216.250.250.63
Ozone RAT botnet C2 server (confidence level: 100%)
file46.243.221.55
AsyncRAT botnet C2 server (confidence level: 100%)
file193.218.118.85
STRRAT botnet C2 server (confidence level: 100%)
file64.188.13.141
STRRAT botnet C2 server (confidence level: 100%)
file54.37.160.138
AsyncRAT botnet C2 server (confidence level: 100%)
file46.243.221.36
AsyncRAT botnet C2 server (confidence level: 100%)
file192.111.146.186
Qealler botnet C2 server (confidence level: 100%)
file193.218.118.85
LimeRAT botnet C2 server (confidence level: 100%)
file79.134.225.122
Nanocore RAT botnet C2 server (confidence level: 100%)
file194.5.98.100
NetWire RC botnet C2 server (confidence level: 100%)
file34.65.142.243
Ficker Stealer botnet C2 server (confidence level: 100%)
file95.70.188.130
Nanocore RAT botnet C2 server (confidence level: 100%)
file45.139.236.5
BitRAT botnet C2 server (confidence level: 100%)
file52.28.112.211
Nanocore RAT botnet C2 server (confidence level: 100%)
file3.13.191.225
NjRAT botnet C2 server (confidence level: 100%)
file3.22.30.40
NjRAT botnet C2 server (confidence level: 100%)
file3.14.182.203
NjRAT botnet C2 server (confidence level: 100%)
file3.134.125.175
NjRAT botnet C2 server (confidence level: 100%)
file3.17.7.232
NjRAT botnet C2 server (confidence level: 100%)
file3.134.39.220
NjRAT botnet C2 server (confidence level: 100%)
file79.134.225.70
NjRAT botnet C2 server (confidence level: 100%)
file178.159.39.203
BitRAT botnet C2 server (confidence level: 100%)
file203.159.80.242
BitRAT botnet C2 server (confidence level: 100%)
file198.23.212.148
AsyncRAT botnet C2 server (confidence level: 100%)
file185.140.53.161
NetWire RC botnet C2 server (confidence level: 100%)
file79.134.225.118
Remcos botnet C2 server (confidence level: 100%)
file91.193.75.245
Nanocore RAT botnet C2 server (confidence level: 75%)
file91.241.51.107
AsyncRAT botnet C2 server (confidence level: 100%)
file23.19.227.243
BitRAT botnet C2 server (confidence level: 100%)
file20.86.25.230
AsyncRAT botnet C2 server (confidence level: 100%)
file188.72.115.54
Remcos botnet C2 server (confidence level: 100%)
file167.114.136.11
Nanocore RAT botnet C2 server (confidence level: 100%)
file172.94.109.35
AsyncRAT botnet C2 server (confidence level: 100%)
file185.140.53.9
Nanocore RAT botnet C2 server (confidence level: 100%)
file188.72.87.164
Remcos botnet C2 server (confidence level: 100%)
file185.140.53.130
Nanocore RAT botnet C2 server (confidence level: 75%)

Domain

ValueDescriptionCopy
domainlukkeze.club
Ficker Stealer botnet C2 domain (confidence level: 100%)
domainjfuag3.cn
ServHelper botnet C2 domain (confidence level: 100%)
domainnovacation.cn
ServHelper botnet C2 domain (confidence level: 100%)

Threat ID: 682c7ac0e3e6de8ceb763791

Added to database: 5/20/2025, 12:51:12 PM

Last enriched: 6/19/2025, 1:33:23 PM

Last updated: 8/8/2025, 8:53:31 AM

Views: 7

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats