ThreatFox IOCs for 2021-03-22
ThreatFox IOCs for 2021-03-22
AI Analysis
Technical Summary
The provided threat information pertains to a collection of Indicators of Compromise (IOCs) published on March 22, 2021, by ThreatFox, a platform specializing in sharing threat intelligence data. The threat is categorized as malware-related, with a focus on OSINT (Open Source Intelligence) data. However, the details are minimal, with no specific affected product versions, no Common Weakness Enumerations (CWEs), and no known exploits in the wild. The threat level is indicated as 2 on an unspecified scale, with a medium severity rating assigned. The technical details suggest moderate distribution (level 3) but low analysis and threat levels (1 and 2 respectively). There are no patch links or mitigation details provided, and no specific malware family or attack vector is described. The absence of indicators and exploit data implies this is likely an intelligence report or a collection of IOCs rather than an active, targeted malware campaign. The threat appears to be informational, possibly aimed at improving situational awareness rather than indicating an immediate, exploitable vulnerability or active malware outbreak.
Potential Impact
Given the lack of specific exploit details, affected products, or active exploitation, the direct impact on European organizations is likely limited at this time. However, the dissemination of IOCs can aid defenders in identifying and mitigating potential threats early. European organizations that rely on OSINT tools or threat intelligence platforms may benefit from integrating these IOCs into their detection systems to enhance their security posture. The medium severity rating suggests a moderate level of concern, possibly due to the potential for these IOCs to be linked to malware campaigns elsewhere or future exploitation. Without concrete exploit data, the impact on confidentiality, integrity, or availability remains speculative but is likely low to medium. Organizations should remain vigilant, especially those in critical infrastructure, finance, and government sectors, where early detection of malware indicators can prevent escalation.
Mitigation Recommendations
1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) systems and threat intelligence platforms to enhance detection capabilities. 2. Regularly update threat intelligence feeds to ensure the latest IOCs are incorporated promptly. 3. Conduct internal network and endpoint scans using the IOCs to identify any signs of compromise. 4. Enhance monitoring of OSINT tools and related infrastructure for unusual activity that may correlate with these IOCs. 5. Train security teams to recognize and respond to alerts generated by these indicators, emphasizing the importance of early detection. 6. Collaborate with information sharing groups and CERTs to exchange insights related to these IOCs and any emerging threats. 7. Maintain robust incident response plans that can be activated if these or related IOCs indicate an active compromise. These recommendations go beyond generic advice by focusing on proactive integration of the IOCs and collaboration within the security community to mitigate potential risks associated with this intelligence.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Belgium, Sweden
Indicators of Compromise
- hash: c14dd4a0831ea2548e1ddfd54b9704fe8ad0057924ede041c8c064b66690a028
- hash: 7e581424371b20d2b5a88547817c7350ac70a83940383ccf4293f38d866a0a84
- hash: adc75b7ab8b9296814d8f9c23d6033b1eb4b45550c1ddab30cdc7654f98dc46b
- hash: 3d89284d1531d1f3d9c307f712d5fd8cc9f30bfa486e883265a9e0809fde4beb
- hash: 81460c49d0fc5b42809fe0d972aca83afff66b397a3969b9e9b1bea187c69857
- hash: 877beaa80c9217e7e5519795684b2bb58f38bd744d9953614d774b1ab145243c
- hash: e6838ebe65f6aac3f6c6c6ca38595e421bca18551e41d7f3cfd34d99490fb9a2
- hash: 9dc49a30b6e05f1d18b75635ae4a9549cfc12f155b2e6e137474d53b107d0d61
- url: http://becharnise.ir/fb10/fre.php
- hash: cc7b8a96b39e82a3a0042388a3757e061e7d9281eddc6cefd6118877a5dad767
- hash: f9b0193780989df57bdf746917310573ee0bb92e28dc18ac2ed6083a21aace3f
- hash: ea56de215bc6fbfb116983f35df83c574d8728892c174fc3213ffd7341232b66
- hash: 9189313c82849b055af58dd07b281ab0f8cd50a9a043524fc0e2b3a02d961405
- hash: 9c01c760a5cce234c0c981bb8800a271d261c60ac8adf163004924a890974415
- hash: 630b7a3cfe5599adfb724bf39699403945eaddd554061fd5884e19aeba759dcf
- hash: 4019c67195976c1cdca0270a75b114aa8dd920db390eb28c23389767d6fb5148
- hash: f71929f0fdaf8eafbbe1cc4a9858aed0830ca26e53e4505de74bfcd855adee99
- hash: 99da43724bff90a0b379595749b250b0be0a70f72908d07960225ef7c2d94930
- hash: e61db7b6a21f08f884da1fd200ff4920b4c4921fc8e093b7e84d25b03ad1cbe2
- hash: cbe1a0546d372589ee3c41bbaac3946dee9910095c193c97f1a118c2405bfaf8
- hash: aa75348f2d473120ade2b3b4793d197fd3644e8b0d7e24b2fcc6a6a1593ad829
- file: 194.5.97.16
- hash: 1078
- url: http://weilde.at/klein/index.php
- hash: 44ee08d248f5a3ba3db3d8a46727ebd0796c963529a099f43958e093ff7b122d
- hash: 2bced99ec2251a54614492979bf54b00ed7829e653f5af6bf5257ac3e41e252d
- hash: efb5ee93cfb2bdcf1a0391c00d3a8fbd23ffe6862fa302bef3a839e8f39453fa
- hash: 643d9879bedc224363f5d797560888c711b76235cbb80ca8550dafe0b6bc473c
- hash: 5c2d0d71752c9caae2e5e7e9b93c9b2f7b3d8843dc0de95e179d3642057b5659
- hash: 4301fe0d8373ddd085c4c5a4c0efbf77e3d9fd787ab4c346345598bd643b1840
- hash: f1a6e6f1629f59367de2c4271a4632b7d39a5b84e0f3dfb0e10499107a5ba96e
- hash: 0c0df00ca734c3095b574528532615545f7a357c2d589eee5f463bd8ca90da61
- hash: bf13bbab900b3950670c7ec1382bb063de3790e426039c126bb7d46999d84666
- hash: 68103e7faf7ae08f4ccf69613e345a2bc2c62512d8d841a1ce8a826648bf5deb
- hash: 3e964f02716142d9dad5f7ca4951451b367f15e8d457346408d8977fea15e443
- hash: e483187b5b8d242d867692459b0e09c47b554c09de9360346810d018c2d00674
- hash: 510768bfa392b714c73dda02fa27430c67036bfb33240b27f405a39931069ed0
- hash: d6056ae875acaaa568e9449e33d664857eecca781d4ca3ab5d2547f17b647edc
- hash: 96be17cdcc9ea6acc0cb3ff4e463ad708b4abba9e66804040294b7c7dbdaf4a8
- hash: c062a826e467a5e607d373ab12fcae11d0eec7ff4fdfe04d4e5de4250d7f8f88
- hash: b2763d0bd70e672d77d8b2e1a78e0c358bc611a2fc27df8dc90e764fc7aaea6d
- hash: 95858affddfd1a8be9d34e24b2eff3658a1e84911839b30d4406ede63e7593e7
- hash: fbd84cb8e6af7a001f186ce8bde8bd4cb163a77113b6cee0342b148fbaf2b386
- hash: e51f74334991db50b298e677cde8bb7d6bf85870f9285fdf8e9513aef5169984
- hash: dbf6333c8d18ebf77677a40afd504e9607538a9f261771c718189d3542b2823c
- hash: 0c43423a791ef10ec10b693781e8d20f0d29a01b826b8a88981eb8ee0a7af988
- hash: 45c6dbcdf27ae1eafd5f1beec6d36d2e1d069f602f169dceabe4d8662ae390d1
- hash: 51220571769bff70fd81dfd1132ef402f72977a038b5f4e7472ec4574aecf638
- hash: 8c7c70774bf8dff8e48f15840b7d853a17365ab71460e68699b3ab6f863729bf
- hash: 7c7cfd8f37c82e6c55f4e11796acff31492616207e407f814c4aa943a5cc2bbd
- hash: cd9f321492c4d4db186ff9bf5bce3c4f91e5a807100712e4ad55f001f6c01053
- hash: 69fa6ebff614598a1243cb00bc9a7c69e60fca3c3fd93da4157c418d202f1542
- hash: 5a9851575ac7feaabfd484aee3296eea2b2b18c04609a8fe1e1953f847f2c428
- hash: bf3e15c717d14fd550a694f56e737bbb400f86ad5130afd39ed12ca54c4f154d
- hash: f282dc5ab1b670b8ca4bade0458a2769f73535c0550338dba3b44888b3b826c6
- hash: 70d380ff6c5ccd4a2c9ecf86965df3605cd396c40056b8a3de2333e137ffd1fc
- hash: 9a312ce83cf5bb827d5a150688db81bc3d423792e452743b904e1006eacdd47d
- hash: e766f99b6ba1b671d580b832a7a0b91da64fe11ecda45509a91621ea9bdc3856
- hash: b399203403e92ab8865f492c93233be4d4d1ac1316c571b43171a052c7b214d7
- hash: e7633b5e689cf02b768c5a972a9feb5e123dba2b0df5fbcbd9e7a6370160dc85
- hash: e7232f9b2aaac21bd0a2787b88402098dfebb672e24f5d7861be48d4403ad691
- hash: 669fa8cb14463fe4d7e152c852686a8d27bfa932e8a51e8064fc26da0ef040b9
- hash: d2f7806710cc1d6eff94f111031b9fd25ff6908a29e5d9aea94a7b4ed063a18d
- hash: 34a8eeb585901bc256165cc17da648b05eed0ed618099afd15b2d153805ebac4
- url: https://parisahome.com/squad/panel/five/fre.php
- hash: 70578ccd62966848e620162ba09a2643d656856da99529451f39f4a328eb9663
- hash: 4a6381b3f000f55c4a9f3222907f2fd0af74d54c8b9249956ec46007022440e3
- hash: aa28c45fdbbb903b0dcfaa9e7ba9461ea02bb3f1dcaa9ace2082e14fdbcda73b
- hash: 9cda1177646d0a69217e80541b33a93f1343a3406729fd09fb19a19808cfed4b
- hash: dd1729a38390a5df25a2272110865b7faacb14b628059ee31b21f3c2d024abba
- hash: 49c4e40a873857ae95a16871d8d10be2c1388980099f83247dd8d9a00ee3ec51
- hash: 7690cfd6d308c8e14645cfd29997faefa6ebb6553166cb5c2dad2b1b72eb3c65
- hash: 8b57b603294b7fe83b72b0b8efa9f70aa4fc9b9e5d6b3a8200cc77194b846eeb
- hash: a567c1bce69110434087f78f3778878036cd56b79819d35b3a0cff29cf836824
- hash: 57f92c2c19531e7ddc989cf9d7e07b1348da222c80950938b957bcf838a7aa70
- hash: 88d6342ccae8c8af4195bcb8c8d41230821ff2d1d5d559e074e240d903af840d
- hash: 1cc802a94680f5d539c94fadf81c4d80096ee1c39d5aec78d54f8590b24ec065
- file: 3.121.139.82
- hash: 11301
- hash: 2abef54041681b9251673959524c002821e9e90483c7cdc0e3668bf2cc2c91ce
- hash: 91006c58f26cf791bc0d2981879e1b3cb045d9013dc3a92a158ce8968bd61ff4
- hash: 393720d4318b83a913f939ea6e47dd949798dfa34a4111e9076392b75cd05a28
- hash: 9e3950920cb5310ae16bbcfe2488ebe9e088cf49c8ed2a8cbfe4febf9c3b8812
- hash: 945fd7f1f9295af69bb5799a43d96d370c2e38ef08b4fc9b8258031ff99723f4
- hash: 368107d0fc6b74e7a345aacd7237cd555e15167205f16422077722118c5e8b54
- hash: 738041646987292e3481975de9ec549f92af376f912942f049b66d432d4c2cac
- hash: 1b007122ba58833d920bf12b3323bf9a85656b0ec8563c3d7b1e4ae60ec2f22e
- url: http://111.229.107.34:80/ca
- file: 103.18.108.116
- hash: 6601
- file: 210.65.244.179
- hash: 443
- file: 37.247.35.130
- hash: 6601
- file: 79.134.225.86
- hash: 1985
- url: http://becharnise.ir/fb11/fre.php
- hash: c52ddeac61f16fb23ff925617fba081392b7aabe47c82c765513755d38e62cde
- hash: dbb5fdf59b0472e51fcfb8378193bbea6668b2a4ef05e0740c431e6b953790a5
- hash: 0b6af927e2fe6f7f6d61bcb3dd03d9ce13a421ca97f4c13e48277250e7d45cf1
- hash: 5b5c333cf418afb890001fae4b6eaa20ef1b92579ddd141e8f2b6edb94ee44fa
- url: http://141.136.0.33/1/
- url: http://87.251.79.157/bo22/1/pin.php
- hash: 456dc28731284188734ef4724d38dca91dcba6c780e6268603365967522cdd6e
- hash: e505815e8a4c215f2ae567d8cf8de8a737c13c6f6990c113db6943ae30b93af9
- hash: 4478feb1e3c98220f50ce341665087b7f6c1d9c290e42f54812bc55da5b3707d
- hash: e76c7056eb310097574fd6b3d04d7bd91ca409ea390b635a55006d3c365994df
- hash: e7262d493fb1cfcbb049abfc4c6d79396051010005eac553cdff3dded813d65b
- hash: c1a624ecda07d88856ef33a7a3bfef7c729b4a34a3584c4119fbd6b075435e6b
- hash: bcbf6b274d6af41a326818e77498a3d6494151d2c241b4a9a4b22bcccd929f18
- hash: c2aa11e6b28a3b0d34317be63915e5d4a0dc9e0a01e9441731138a9c70cd83ac
- hash: a6bfec97571932d3f1aafecda1bc354a84c6292863e4b388381c78c125d2f752
- hash: f9ba24cc525113b047d4efabcf15932b7f81c4eb10f10e2e168f983bf82e292d
- hash: eb82fa045b5324e02a27e0e4443285c08961a4f2af8d7654bbbfe4a96c753140
- hash: 4198ede31eb9494c81c56c74380c8f403ba98bbcace8d981dcf122d651865b2e
- hash: 2dc07e970dd5581d1bd22d69e454dceda70d8f87cc84757f86c094b2fdb7f985
- hash: 0fc53546d5bbb5d134e1ee3e7f8ad81f58b00f31a9da9f8b2ff82ea2931137f5
- hash: 101c588be39f38d878c9ef627951074744975fa01391f0a78d2e3ee7eadacbf9
- hash: eb1acfe9969b26f571e664ce5c46eb9973582fa9d3a5935a12af8b9797ebb320
- hash: b96e5b8548a31fc43385a31b1c23a9ad95440309ccc6baa10dced1833e118d5e
- hash: c9505b05920fb108a2800dd050fd415cae9f2feb744d7fa3aeb851a68a9bbb89
- hash: 239a6c18532eed55cfba4207b89d2672c9659bd9c69060f7a776fb6f79d2ac50
- hash: b08728c2e31276b2da35ec2fcafb4eb767499ecdf8f2e7152b413a25677bd54a
- hash: c165328cf61e71b97efd22e1d9a1a10a5d8c840e0da8e54b5240a527ffdd4654
- hash: 920b80d9635ff2e877a792e970f6c2b655a5ce455a31180194493fdd11a21c32
- hash: f588b87bc42ddcd3ba0cb613ccee73f356bcd6f0f8a89f7b1c5c93f93790367c
- hash: 3500813094f9ce5d590c430615d3e7dbff354449429ad4fed3ec4f52d91aee48
- hash: 8586d6e894f67e2a18b10e6256d5b598
- hash: b2ab5d8639c89d42acbdc362b86aca91
- url: https://nadar-gis.com/post.php
- url: https://crown-sign.com/post.php
- url: https://dainikjahan.com/post.php
- url: https://alekllemtilaro.tk/post.php
- url: https://svilapp.svgipsar.org/post.php
- url: https://crearqarquitectos.com/post.php
- url: https://denatureedutech.com/post.php
- url: http://parisahome.com/squad/panel/five/fre.php
- url: http://217.12.209.160:33333/
- hash: 963ce4af796ddcef59ad7b1676ca5ddf7f437fee9c97d96a3aad99781f268e89
- hash: 8c2b2f56415981557ec7e2f321decb4cc3e7514d7e1007370e082ada9fae702c
- hash: 118f24dab3dce4a5ae6e3ab078551cbc628b475abeeafa07a5972622aaa38812
- hash: d6f2d1cda7697f735d476fcbb1079ce6076202adcc3f274f8ec683ba426ee598
- hash: db788246d0e6cc7a761dc816bdf41e32fe96919679b5652630e90aaa7abbb8b0
- hash: d173d9852aa30345cc7664c4433945fdac58c1f4fdd7ddb970b4dcc1c8ea1590
- hash: c9059c8392aea3529a1ee2b90178fcdf924364b97803a7bdc054127fc9889384
- hash: 2c6cf4bb5ff992e99ca0c27e00de168117425ee41c15d40e05bdf082387c7916
- hash: 7a8e27f4732de792d7904a347061efd90e892a954206adb676fe8b8a914ca3fa
- hash: 037f9eda5bbcf27d2dcecb38633db581fe5e9fb996601c2ef146f1dbdb184beb
- hash: 08e4c4a6de26a2fc5abd1fdb7dc061d1419119ba2532973721b66cd7558278f6
- hash: 992765aae3e0ebe11e026c126203d103fe65bf57536f78c53e30cb93c60f6eba
- url: http://185.153.198.36:10202/
- file: 185.208.158.210
- hash: 8523
- file: 45.141.87.55
- hash: 80
- url: http://tor.void.gr/gate.php
- url: http://browserss.ru/gate.php
- url: http://tor.download-windows.org/gate.php
- url: http://tor2web.ru/gate.php
- url: http://free-browsers.ru/gate.php
- url: http://tor-project.ru/gate.php
- url: http://4browser.ru/gate.php
- url: http://torbrowser-free.ru/gate.php
- url: http://xn--80abnh7bds1e.xn--p1acf/gate.php
- url: http://tor.browser.ideaprog.download/gate.php
- url: http://tor-browser.ru.uptodown.com/gate.php
- file: 5.206.224.224
- hash: 3361
- file: 89.216.27.61
- hash: 5353
- url: http://tor-browser.ru/gates.php
- url: http://tor-browser.ru/
- file: 3.17.7.232
- hash: 16874
- file: 3.134.39.220
- hash: 16874
- file: 3.14.182.203
- hash: 16874
- url: http://193.38.55.26:3214/
- url: http://rusianlover.icu/forum/logout.php?pid=701
- url: http://juhjuh.com/
- file: 3.134.125.175
- hash: 16874
- file: 3.22.30.40
- hash: 16874
- file: 3.13.191.225
- hash: 16874
- url: http://109.234.37.179:45888/
- file: 210.65.244.182
- hash: 443
- url: http://kencana-sakti.com/mb/panel/fre.php
- url: http://bengalcement.com.bd/axpu/index.php
- url: http://becharnise.ir/fb19/fre.php
- url: http://skinnycat.top/
- hash: 1d09b5416199a1d7eea4c54b9202a55773dc3598822b22028be000f32ce61ae9
- hash: da8eb12e5fcf6d9b6ac303c5a70d29ccdf236afcc88ca935c1f8198e6ec28e6b
- hash: 9c05600bc6b00d529a7448a50c76b76bd3724ddc0c029e5c465ae0eb94a3e41f
- hash: bbbf26221963b20a6d88c5bccd15c6d86bdc46163b7d089d91488115ec6efbe9
- hash: aad29b6eff197e7c7da88761b20d732733d1caca1f803558db8b9e4feb9d9a7d
- url: http://217.12.209.82:44444/
- file: 216.250.250.63
- hash: 5010
- url: http://103.151.123.20:12320/
- url: http://51.195.53.221/p.php/z3zeiqcu6gm6t
- url: http://203.159.80.87/demo/fre.php
- file: 46.243.221.55
- hash: 2703
- file: 193.218.118.85
- hash: 8078
- file: 64.188.13.141
- hash: 7888
- file: 54.37.160.138
- hash: 6601
- file: 46.243.221.36
- hash: 2703
- file: 192.111.146.186
- hash: 80
- file: 193.218.118.85
- hash: 8855
- file: 79.134.225.122
- hash: 6735
- file: 194.5.98.100
- hash: 2222
- url: http://212.109.218.124/cfg/
- file: 34.65.142.243
- hash: 80
- file: 95.70.188.130
- hash: 8808
- url: http://tor-browser.softok.info/gate.php
- url: http://tor-browser.ru/gate.php
- url: http://torrbrowser.ru/gate.php
- url: http://tor-browser-windows.browser.su/gate.php
- url: http://tor-browser-free.ru/gate.php
- url: http://tor.install-download.net/gate.php
- url: http://tor-browser.softonic.ru/gate.php
- file: 45.139.236.5
- hash: 1234
- file: 52.28.112.211
- hash: 11301
- url: http://tor-project.ru/gates.php
- url: http://tor-project.ru/
- url: http://nstadldrnan.xyz/
- url: http://tor.download-windows.org/gfate.php
- url: http://free-browsers.ru/gagte.php
- url: http://tor-project.ru/gajte.php
- url: http://tor.void.gr/ghate.php
- url: http://tor-browser.ru.uptodown.com/gatje.php
- url: http://4browser.ru/gakte.php
- url: http://browserss.ru/gjate.php
- url: http://webbrowsers.ru/gate.php
- url: http://picturework.top/
- url: http://zotilaetam.xyz/
- url: http://erherst.tk/
- hash: c5792ce2154c652d9102fa4982dcfce3
- file: 3.13.191.225
- hash: 19264
- file: 3.22.30.40
- hash: 19264
- file: 3.14.182.203
- hash: 19264
- file: 3.134.125.175
- hash: 19264
- file: 3.17.7.232
- hash: 19264
- file: 3.134.39.220
- hash: 19264
- url: http://networkdata.host56.com/blog/gate.php
- file: 79.134.225.70
- hash: 4207
- url: http://myflightstone.3utilities.com/fokgkp/panel/five/fre.php
- file: 178.159.39.203
- hash: 5552
- url: http://51.195.53.221/p.php/4wkoqpxhdhyuh
- file: 203.159.80.242
- hash: 6805
- file: 198.23.212.148
- hash: 8808
- file: 185.140.53.161
- hash: 64631
- file: 79.134.225.118
- hash: 2405
- file: 91.193.75.245
- hash: 6735
- url: http://wonkwonschoolrp.hopto.org/aiofjg/panel/five/fre.php
- url: http://password.market/3gate.php
- url: http://password.market/gate.php
- url: http://password.market/4/gate.php
- url: http://password.market/1/gate.php
- url: http://password.market/2gate.php
- file: 91.241.51.107
- hash: 1000
- file: 23.19.227.243
- hash: 5505
- url: http://password.market/
- url: http://password.market/gsdfate.php
- url: http://password.market/page/faq
- url: http://password.market/afdhsfs/gate.php
- url: http://password.market/gshate.php
- url: http://password.market/fgh/gate.php
- url: http://password.market/gsdgate.php
- url: http://password.market/gafte.php
- url: http://www.password.market/panel/reg
- url: http://password.market/ggaafhate.php
- url: http://canri.org/wpcss/image/colour/gate.php
- file: 20.86.25.230
- hash: 1605
- file: 188.72.115.54
- hash: 2009
- url: http://142.11.210.173/second/fre.php
- file: 167.114.136.11
- hash: 2364
- file: 172.94.109.35
- hash: 2703
- file: 185.140.53.9
- hash: 1116
- url: http://akhtargroup.xyz/niggab-x/panel/five/fre.php
- url: http://51.195.53.221/p.php/fgbebrohmwbrq
- file: 188.72.87.164
- hash: 7143
- url: http://bananinze.com/upload/
- url: http://bingooodsg.icu/upload/
- url: http://daunimlas.com/upload/
- url: http://ginessa11.xyz/upload/
- url: http://junntd.xyz/upload/
- url: http://overplayninsx.xyz/upload/
- url: http://xsss99.icu/upload/
- file: 185.140.53.130
- hash: 2364
- hash: d4fc99799273a7091629bd0a87c8d820
- hash: 104e52c0676debc40745bda6d0a9e3a5
- hash: e73deb31792392fd594e9aa419904391
- hash: df3588fb9997696586162288ec739a17
- hash: b7b4beb6f830ff790cf1f21015cf92d6
- hash: fd2cc0c858b7b92b32d86f7bb8a48d56798667a2bc7e75fe44f074178ea3a0d6
- hash: 9a466e559e5141ea8ef4a9a1194746b7c8921c63bcd1d3b910d75e6388619eb8
- hash: 9d35695553cd3c3f44930e214730676590a7eb47d135fb9c5dbd4d39e105dd56
- hash: a72639cdddbb5f136834cd7c617c291064b78e0a32dadc1c21d99afd2903472b
- hash: ed6d830e92ec1c4b230e2505491487c9
- hash: 63435df08be731cf518a4ec754458ee4
- domain: lukkeze.club
- domain: jfuag3.cn
- domain: novacation.cn
- hash: 06fec711d6d4cc7d3446fdad1245c0cf7fee3bfb755039cfc3dad9bd25777bb1
- hash: 3a5b1985cf04964dad2e3dbe52f0e742d39b51a7e18a08a253761c3d5ce8977b
- hash: 92e01cf56625e95b0d5c7f0706403ddcb068bdcd82e82a45ed9c296f0df394d4
- hash: 5d5a3d47e627789966320b0a6b6f73950cd93947ccede180964c0838c9cb4af5
- hash: 4cf6fb8514073319e7759b4f66d13f08
ThreatFox IOCs for 2021-03-22
Description
ThreatFox IOCs for 2021-03-22
AI-Powered Analysis
Technical Analysis
The provided threat information pertains to a collection of Indicators of Compromise (IOCs) published on March 22, 2021, by ThreatFox, a platform specializing in sharing threat intelligence data. The threat is categorized as malware-related, with a focus on OSINT (Open Source Intelligence) data. However, the details are minimal, with no specific affected product versions, no Common Weakness Enumerations (CWEs), and no known exploits in the wild. The threat level is indicated as 2 on an unspecified scale, with a medium severity rating assigned. The technical details suggest moderate distribution (level 3) but low analysis and threat levels (1 and 2 respectively). There are no patch links or mitigation details provided, and no specific malware family or attack vector is described. The absence of indicators and exploit data implies this is likely an intelligence report or a collection of IOCs rather than an active, targeted malware campaign. The threat appears to be informational, possibly aimed at improving situational awareness rather than indicating an immediate, exploitable vulnerability or active malware outbreak.
Potential Impact
Given the lack of specific exploit details, affected products, or active exploitation, the direct impact on European organizations is likely limited at this time. However, the dissemination of IOCs can aid defenders in identifying and mitigating potential threats early. European organizations that rely on OSINT tools or threat intelligence platforms may benefit from integrating these IOCs into their detection systems to enhance their security posture. The medium severity rating suggests a moderate level of concern, possibly due to the potential for these IOCs to be linked to malware campaigns elsewhere or future exploitation. Without concrete exploit data, the impact on confidentiality, integrity, or availability remains speculative but is likely low to medium. Organizations should remain vigilant, especially those in critical infrastructure, finance, and government sectors, where early detection of malware indicators can prevent escalation.
Mitigation Recommendations
1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) systems and threat intelligence platforms to enhance detection capabilities. 2. Regularly update threat intelligence feeds to ensure the latest IOCs are incorporated promptly. 3. Conduct internal network and endpoint scans using the IOCs to identify any signs of compromise. 4. Enhance monitoring of OSINT tools and related infrastructure for unusual activity that may correlate with these IOCs. 5. Train security teams to recognize and respond to alerts generated by these indicators, emphasizing the importance of early detection. 6. Collaborate with information sharing groups and CERTs to exchange insights related to these IOCs and any emerging threats. 7. Maintain robust incident response plans that can be activated if these or related IOCs indicate an active compromise. These recommendations go beyond generic advice by focusing on proactive integration of the IOCs and collaboration within the security community to mitigate potential risks associated with this intelligence.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- eb46a160-263a-46a8-9467-801d2f2aed6f
- Original Timestamp
- 1616457781
Indicators of Compromise
Hash
Value | Description | Copy |
---|---|---|
hashc14dd4a0831ea2548e1ddfd54b9704fe8ad0057924ede041c8c064b66690a028 | Avaddon Ransomware payload (confidence level: 50%) | |
hash7e581424371b20d2b5a88547817c7350ac70a83940383ccf4293f38d866a0a84 | Avaddon Ransomware payload (confidence level: 50%) | |
hashadc75b7ab8b9296814d8f9c23d6033b1eb4b45550c1ddab30cdc7654f98dc46b | Avaddon Ransomware payload (confidence level: 50%) | |
hash3d89284d1531d1f3d9c307f712d5fd8cc9f30bfa486e883265a9e0809fde4beb | Avaddon Ransomware payload (confidence level: 50%) | |
hash81460c49d0fc5b42809fe0d972aca83afff66b397a3969b9e9b1bea187c69857 | Agent Tesla payload (confidence level: 50%) | |
hash877beaa80c9217e7e5519795684b2bb58f38bd744d9953614d774b1ab145243c | Agent Tesla payload (confidence level: 50%) | |
hashe6838ebe65f6aac3f6c6c6ca38595e421bca18551e41d7f3cfd34d99490fb9a2 | Agent Tesla payload (confidence level: 50%) | |
hash9dc49a30b6e05f1d18b75635ae4a9549cfc12f155b2e6e137474d53b107d0d61 | Agent Tesla payload (confidence level: 50%) | |
hashcc7b8a96b39e82a3a0042388a3757e061e7d9281eddc6cefd6118877a5dad767 | Agent Tesla payload (confidence level: 50%) | |
hashf9b0193780989df57bdf746917310573ee0bb92e28dc18ac2ed6083a21aace3f | Agent Tesla payload (confidence level: 50%) | |
hashea56de215bc6fbfb116983f35df83c574d8728892c174fc3213ffd7341232b66 | Agent Tesla payload (confidence level: 50%) | |
hash9189313c82849b055af58dd07b281ab0f8cd50a9a043524fc0e2b3a02d961405 | Agent Tesla payload (confidence level: 50%) | |
hash9c01c760a5cce234c0c981bb8800a271d261c60ac8adf163004924a890974415 | Agent Tesla payload (confidence level: 50%) | |
hash630b7a3cfe5599adfb724bf39699403945eaddd554061fd5884e19aeba759dcf | Agent Tesla payload (confidence level: 50%) | |
hash4019c67195976c1cdca0270a75b114aa8dd920db390eb28c23389767d6fb5148 | Agent Tesla payload (confidence level: 50%) | |
hashf71929f0fdaf8eafbbe1cc4a9858aed0830ca26e53e4505de74bfcd855adee99 | Agent Tesla payload (confidence level: 50%) | |
hash99da43724bff90a0b379595749b250b0be0a70f72908d07960225ef7c2d94930 | Remcos payload (confidence level: 50%) | |
hashe61db7b6a21f08f884da1fd200ff4920b4c4921fc8e093b7e84d25b03ad1cbe2 | Remcos payload (confidence level: 50%) | |
hashcbe1a0546d372589ee3c41bbaac3946dee9910095c193c97f1a118c2405bfaf8 | Remcos payload (confidence level: 50%) | |
hashaa75348f2d473120ade2b3b4793d197fd3644e8b0d7e24b2fcc6a6a1593ad829 | Remcos payload (confidence level: 50%) | |
hash1078 | Nanocore RAT botnet C2 server (confidence level: 75%) | |
hash44ee08d248f5a3ba3db3d8a46727ebd0796c963529a099f43958e093ff7b122d | Agent Tesla payload (confidence level: 50%) | |
hash2bced99ec2251a54614492979bf54b00ed7829e653f5af6bf5257ac3e41e252d | Agent Tesla payload (confidence level: 50%) | |
hashefb5ee93cfb2bdcf1a0391c00d3a8fbd23ffe6862fa302bef3a839e8f39453fa | Agent Tesla payload (confidence level: 50%) | |
hash643d9879bedc224363f5d797560888c711b76235cbb80ca8550dafe0b6bc473c | Agent Tesla payload (confidence level: 50%) | |
hash5c2d0d71752c9caae2e5e7e9b93c9b2f7b3d8843dc0de95e179d3642057b5659 | Agent Tesla payload (confidence level: 50%) | |
hash4301fe0d8373ddd085c4c5a4c0efbf77e3d9fd787ab4c346345598bd643b1840 | Agent Tesla payload (confidence level: 50%) | |
hashf1a6e6f1629f59367de2c4271a4632b7d39a5b84e0f3dfb0e10499107a5ba96e | Agent Tesla payload (confidence level: 50%) | |
hash0c0df00ca734c3095b574528532615545f7a357c2d589eee5f463bd8ca90da61 | Agent Tesla payload (confidence level: 50%) | |
hashbf13bbab900b3950670c7ec1382bb063de3790e426039c126bb7d46999d84666 | Agent Tesla payload (confidence level: 50%) | |
hash68103e7faf7ae08f4ccf69613e345a2bc2c62512d8d841a1ce8a826648bf5deb | Agent Tesla payload (confidence level: 50%) | |
hash3e964f02716142d9dad5f7ca4951451b367f15e8d457346408d8977fea15e443 | Agent Tesla payload (confidence level: 50%) | |
hashe483187b5b8d242d867692459b0e09c47b554c09de9360346810d018c2d00674 | Agent Tesla payload (confidence level: 50%) | |
hash510768bfa392b714c73dda02fa27430c67036bfb33240b27f405a39931069ed0 | Agent Tesla payload (confidence level: 50%) | |
hashd6056ae875acaaa568e9449e33d664857eecca781d4ca3ab5d2547f17b647edc | Agent Tesla payload (confidence level: 50%) | |
hash96be17cdcc9ea6acc0cb3ff4e463ad708b4abba9e66804040294b7c7dbdaf4a8 | Agent Tesla payload (confidence level: 50%) | |
hashc062a826e467a5e607d373ab12fcae11d0eec7ff4fdfe04d4e5de4250d7f8f88 | Formbook payload (confidence level: 50%) | |
hashb2763d0bd70e672d77d8b2e1a78e0c358bc611a2fc27df8dc90e764fc7aaea6d | Agent Tesla payload (confidence level: 50%) | |
hash95858affddfd1a8be9d34e24b2eff3658a1e84911839b30d4406ede63e7593e7 | Formbook payload (confidence level: 50%) | |
hashfbd84cb8e6af7a001f186ce8bde8bd4cb163a77113b6cee0342b148fbaf2b386 | Formbook payload (confidence level: 50%) | |
hashe51f74334991db50b298e677cde8bb7d6bf85870f9285fdf8e9513aef5169984 | Formbook payload (confidence level: 50%) | |
hashdbf6333c8d18ebf77677a40afd504e9607538a9f261771c718189d3542b2823c | Nanocore RAT payload (confidence level: 50%) | |
hash0c43423a791ef10ec10b693781e8d20f0d29a01b826b8a88981eb8ee0a7af988 | Nanocore RAT payload (confidence level: 50%) | |
hash45c6dbcdf27ae1eafd5f1beec6d36d2e1d069f602f169dceabe4d8662ae390d1 | Nanocore RAT payload (confidence level: 50%) | |
hash51220571769bff70fd81dfd1132ef402f72977a038b5f4e7472ec4574aecf638 | Nanocore RAT payload (confidence level: 50%) | |
hash8c7c70774bf8dff8e48f15840b7d853a17365ab71460e68699b3ab6f863729bf | Nanocore RAT payload (confidence level: 50%) | |
hash7c7cfd8f37c82e6c55f4e11796acff31492616207e407f814c4aa943a5cc2bbd | Nanocore RAT payload (confidence level: 50%) | |
hashcd9f321492c4d4db186ff9bf5bce3c4f91e5a807100712e4ad55f001f6c01053 | Nanocore RAT payload (confidence level: 50%) | |
hash69fa6ebff614598a1243cb00bc9a7c69e60fca3c3fd93da4157c418d202f1542 | Nanocore RAT payload (confidence level: 50%) | |
hash5a9851575ac7feaabfd484aee3296eea2b2b18c04609a8fe1e1953f847f2c428 | Nanocore RAT payload (confidence level: 50%) | |
hashbf3e15c717d14fd550a694f56e737bbb400f86ad5130afd39ed12ca54c4f154d | Nanocore RAT payload (confidence level: 50%) | |
hashf282dc5ab1b670b8ca4bade0458a2769f73535c0550338dba3b44888b3b826c6 | Nanocore RAT payload (confidence level: 50%) | |
hash70d380ff6c5ccd4a2c9ecf86965df3605cd396c40056b8a3de2333e137ffd1fc | Nanocore RAT payload (confidence level: 50%) | |
hash9a312ce83cf5bb827d5a150688db81bc3d423792e452743b904e1006eacdd47d | Agent Tesla payload (confidence level: 50%) | |
hashe766f99b6ba1b671d580b832a7a0b91da64fe11ecda45509a91621ea9bdc3856 | Agent Tesla payload (confidence level: 50%) | |
hashb399203403e92ab8865f492c93233be4d4d1ac1316c571b43171a052c7b214d7 | Agent Tesla payload (confidence level: 50%) | |
hashe7633b5e689cf02b768c5a972a9feb5e123dba2b0df5fbcbd9e7a6370160dc85 | Agent Tesla payload (confidence level: 50%) | |
hashe7232f9b2aaac21bd0a2787b88402098dfebb672e24f5d7861be48d4403ad691 | Agent Tesla payload (confidence level: 50%) | |
hash669fa8cb14463fe4d7e152c852686a8d27bfa932e8a51e8064fc26da0ef040b9 | Agent Tesla payload (confidence level: 50%) | |
hashd2f7806710cc1d6eff94f111031b9fd25ff6908a29e5d9aea94a7b4ed063a18d | Agent Tesla payload (confidence level: 50%) | |
hash34a8eeb585901bc256165cc17da648b05eed0ed618099afd15b2d153805ebac4 | Agent Tesla payload (confidence level: 50%) | |
hash70578ccd62966848e620162ba09a2643d656856da99529451f39f4a328eb9663 | Raccoon payload (confidence level: 50%) | |
hash4a6381b3f000f55c4a9f3222907f2fd0af74d54c8b9249956ec46007022440e3 | Raccoon payload (confidence level: 50%) | |
hashaa28c45fdbbb903b0dcfaa9e7ba9461ea02bb3f1dcaa9ace2082e14fdbcda73b | Raccoon payload (confidence level: 50%) | |
hash9cda1177646d0a69217e80541b33a93f1343a3406729fd09fb19a19808cfed4b | Raccoon payload (confidence level: 50%) | |
hashdd1729a38390a5df25a2272110865b7faacb14b628059ee31b21f3c2d024abba | Nanocore RAT payload (confidence level: 50%) | |
hash49c4e40a873857ae95a16871d8d10be2c1388980099f83247dd8d9a00ee3ec51 | Nanocore RAT payload (confidence level: 50%) | |
hash7690cfd6d308c8e14645cfd29997faefa6ebb6553166cb5c2dad2b1b72eb3c65 | Nanocore RAT payload (confidence level: 50%) | |
hash8b57b603294b7fe83b72b0b8efa9f70aa4fc9b9e5d6b3a8200cc77194b846eeb | Nanocore RAT payload (confidence level: 50%) | |
hasha567c1bce69110434087f78f3778878036cd56b79819d35b3a0cff29cf836824 | Agent Tesla payload (confidence level: 50%) | |
hash57f92c2c19531e7ddc989cf9d7e07b1348da222c80950938b957bcf838a7aa70 | Agent Tesla payload (confidence level: 50%) | |
hash88d6342ccae8c8af4195bcb8c8d41230821ff2d1d5d559e074e240d903af840d | Agent Tesla payload (confidence level: 50%) | |
hash1cc802a94680f5d539c94fadf81c4d80096ee1c39d5aec78d54f8590b24ec065 | Agent Tesla payload (confidence level: 50%) | |
hash11301 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash2abef54041681b9251673959524c002821e9e90483c7cdc0e3668bf2cc2c91ce | Agent Tesla payload (confidence level: 50%) | |
hash91006c58f26cf791bc0d2981879e1b3cb045d9013dc3a92a158ce8968bd61ff4 | Agent Tesla payload (confidence level: 50%) | |
hash393720d4318b83a913f939ea6e47dd949798dfa34a4111e9076392b75cd05a28 | Agent Tesla payload (confidence level: 50%) | |
hash9e3950920cb5310ae16bbcfe2488ebe9e088cf49c8ed2a8cbfe4febf9c3b8812 | Agent Tesla payload (confidence level: 50%) | |
hash945fd7f1f9295af69bb5799a43d96d370c2e38ef08b4fc9b8258031ff99723f4 | Agent Tesla payload (confidence level: 50%) | |
hash368107d0fc6b74e7a345aacd7237cd555e15167205f16422077722118c5e8b54 | Agent Tesla payload (confidence level: 50%) | |
hash738041646987292e3481975de9ec549f92af376f912942f049b66d432d4c2cac | Agent Tesla payload (confidence level: 50%) | |
hash1b007122ba58833d920bf12b3323bf9a85656b0ec8563c3d7b1e4ae60ec2f22e | Agent Tesla payload (confidence level: 50%) | |
hash6601 | Dridex botnet C2 server (confidence level: 75%) | |
hash443 | Dridex botnet C2 server (confidence level: 75%) | |
hash6601 | Dridex botnet C2 server (confidence level: 75%) | |
hash1985 | Nanocore RAT botnet C2 server (confidence level: 75%) | |
hashc52ddeac61f16fb23ff925617fba081392b7aabe47c82c765513755d38e62cde | Nanocore RAT payload (confidence level: 50%) | |
hashdbb5fdf59b0472e51fcfb8378193bbea6668b2a4ef05e0740c431e6b953790a5 | Nanocore RAT payload (confidence level: 50%) | |
hash0b6af927e2fe6f7f6d61bcb3dd03d9ce13a421ca97f4c13e48277250e7d45cf1 | Nanocore RAT payload (confidence level: 50%) | |
hash5b5c333cf418afb890001fae4b6eaa20ef1b92579ddd141e8f2b6edb94ee44fa | Nanocore RAT payload (confidence level: 50%) | |
hash456dc28731284188734ef4724d38dca91dcba6c780e6268603365967522cdd6e | Conti Ransomware payload (confidence level: 50%) | |
hashe505815e8a4c215f2ae567d8cf8de8a737c13c6f6990c113db6943ae30b93af9 | Conti Ransomware payload (confidence level: 50%) | |
hash4478feb1e3c98220f50ce341665087b7f6c1d9c290e42f54812bc55da5b3707d | Conti Ransomware payload (confidence level: 50%) | |
hashe76c7056eb310097574fd6b3d04d7bd91ca409ea390b635a55006d3c365994df | Conti Ransomware payload (confidence level: 50%) | |
hashe7262d493fb1cfcbb049abfc4c6d79396051010005eac553cdff3dded813d65b | Agent Tesla payload (confidence level: 50%) | |
hashc1a624ecda07d88856ef33a7a3bfef7c729b4a34a3584c4119fbd6b075435e6b | Agent Tesla payload (confidence level: 50%) | |
hashbcbf6b274d6af41a326818e77498a3d6494151d2c241b4a9a4b22bcccd929f18 | Agent Tesla payload (confidence level: 50%) | |
hashc2aa11e6b28a3b0d34317be63915e5d4a0dc9e0a01e9441731138a9c70cd83ac | Agent Tesla payload (confidence level: 50%) | |
hasha6bfec97571932d3f1aafecda1bc354a84c6292863e4b388381c78c125d2f752 | Agent Tesla payload (confidence level: 50%) | |
hashf9ba24cc525113b047d4efabcf15932b7f81c4eb10f10e2e168f983bf82e292d | Agent Tesla payload (confidence level: 50%) | |
hasheb82fa045b5324e02a27e0e4443285c08961a4f2af8d7654bbbfe4a96c753140 | Agent Tesla payload (confidence level: 50%) | |
hash4198ede31eb9494c81c56c74380c8f403ba98bbcace8d981dcf122d651865b2e | Agent Tesla payload (confidence level: 50%) | |
hash2dc07e970dd5581d1bd22d69e454dceda70d8f87cc84757f86c094b2fdb7f985 | Formbook payload (confidence level: 50%) | |
hash0fc53546d5bbb5d134e1ee3e7f8ad81f58b00f31a9da9f8b2ff82ea2931137f5 | Formbook payload (confidence level: 50%) | |
hash101c588be39f38d878c9ef627951074744975fa01391f0a78d2e3ee7eadacbf9 | Formbook payload (confidence level: 50%) | |
hasheb1acfe9969b26f571e664ce5c46eb9973582fa9d3a5935a12af8b9797ebb320 | Formbook payload (confidence level: 50%) | |
hashb96e5b8548a31fc43385a31b1c23a9ad95440309ccc6baa10dced1833e118d5e | Agent Tesla payload (confidence level: 50%) | |
hashc9505b05920fb108a2800dd050fd415cae9f2feb744d7fa3aeb851a68a9bbb89 | Agent Tesla payload (confidence level: 50%) | |
hash239a6c18532eed55cfba4207b89d2672c9659bd9c69060f7a776fb6f79d2ac50 | Agent Tesla payload (confidence level: 50%) | |
hashb08728c2e31276b2da35ec2fcafb4eb767499ecdf8f2e7152b413a25677bd54a | Agent Tesla payload (confidence level: 50%) | |
hashc165328cf61e71b97efd22e1d9a1a10a5d8c840e0da8e54b5240a527ffdd4654 | Agent Tesla payload (confidence level: 50%) | |
hash920b80d9635ff2e877a792e970f6c2b655a5ce455a31180194493fdd11a21c32 | Agent Tesla payload (confidence level: 50%) | |
hashf588b87bc42ddcd3ba0cb613ccee73f356bcd6f0f8a89f7b1c5c93f93790367c | Agent Tesla payload (confidence level: 50%) | |
hash3500813094f9ce5d590c430615d3e7dbff354449429ad4fed3ec4f52d91aee48 | Agent Tesla payload (confidence level: 50%) | |
hash8586d6e894f67e2a18b10e6256d5b598 | BazarBackdoor payload (confidence level: 50%) | |
hashb2ab5d8639c89d42acbdc362b86aca91 | Agent Tesla payload (confidence level: 50%) | |
hash963ce4af796ddcef59ad7b1676ca5ddf7f437fee9c97d96a3aad99781f268e89 | Raccoon payload (confidence level: 50%) | |
hash8c2b2f56415981557ec7e2f321decb4cc3e7514d7e1007370e082ada9fae702c | Raccoon payload (confidence level: 50%) | |
hash118f24dab3dce4a5ae6e3ab078551cbc628b475abeeafa07a5972622aaa38812 | Raccoon payload (confidence level: 50%) | |
hashd6f2d1cda7697f735d476fcbb1079ce6076202adcc3f274f8ec683ba426ee598 | Raccoon payload (confidence level: 50%) | |
hashdb788246d0e6cc7a761dc816bdf41e32fe96919679b5652630e90aaa7abbb8b0 | Agent Tesla payload (confidence level: 50%) | |
hashd173d9852aa30345cc7664c4433945fdac58c1f4fdd7ddb970b4dcc1c8ea1590 | Agent Tesla payload (confidence level: 50%) | |
hashc9059c8392aea3529a1ee2b90178fcdf924364b97803a7bdc054127fc9889384 | Agent Tesla payload (confidence level: 50%) | |
hash2c6cf4bb5ff992e99ca0c27e00de168117425ee41c15d40e05bdf082387c7916 | Agent Tesla payload (confidence level: 50%) | |
hash7a8e27f4732de792d7904a347061efd90e892a954206adb676fe8b8a914ca3fa | Agent Tesla payload (confidence level: 50%) | |
hash037f9eda5bbcf27d2dcecb38633db581fe5e9fb996601c2ef146f1dbdb184beb | Agent Tesla payload (confidence level: 50%) | |
hash08e4c4a6de26a2fc5abd1fdb7dc061d1419119ba2532973721b66cd7558278f6 | Agent Tesla payload (confidence level: 50%) | |
hash992765aae3e0ebe11e026c126203d103fe65bf57536f78c53e30cb93c60f6eba | Agent Tesla payload (confidence level: 50%) | |
hash8523 | NetWire RC botnet C2 server (confidence level: 100%) | |
hash80 | Ficker Stealer botnet C2 server (confidence level: 100%) | |
hash3361 | BitRAT botnet C2 server (confidence level: 100%) | |
hash5353 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash16874 | NjRAT botnet C2 server (confidence level: 100%) | |
hash16874 | NjRAT botnet C2 server (confidence level: 100%) | |
hash16874 | NjRAT botnet C2 server (confidence level: 100%) | |
hash16874 | NjRAT botnet C2 server (confidence level: 100%) | |
hash16874 | NjRAT botnet C2 server (confidence level: 100%) | |
hash16874 | NjRAT botnet C2 server (confidence level: 100%) | |
hash443 | Dridex botnet C2 server (confidence level: 50%) | |
hash1d09b5416199a1d7eea4c54b9202a55773dc3598822b22028be000f32ce61ae9 | Agent Tesla payload (confidence level: 50%) | |
hashda8eb12e5fcf6d9b6ac303c5a70d29ccdf236afcc88ca935c1f8198e6ec28e6b | Agent Tesla payload (confidence level: 50%) | |
hash9c05600bc6b00d529a7448a50c76b76bd3724ddc0c029e5c465ae0eb94a3e41f | Agent Tesla payload (confidence level: 50%) | |
hashbbbf26221963b20a6d88c5bccd15c6d86bdc46163b7d089d91488115ec6efbe9 | Agent Tesla payload (confidence level: 50%) | |
hashaad29b6eff197e7c7da88761b20d732733d1caca1f803558db8b9e4feb9d9a7d | Dridex payload (confidence level: 50%) | |
hash5010 | Ozone RAT botnet C2 server (confidence level: 100%) | |
hash2703 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8078 | STRRAT botnet C2 server (confidence level: 100%) | |
hash7888 | STRRAT botnet C2 server (confidence level: 100%) | |
hash6601 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2703 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Qealler botnet C2 server (confidence level: 100%) | |
hash8855 | LimeRAT botnet C2 server (confidence level: 100%) | |
hash6735 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash2222 | NetWire RC botnet C2 server (confidence level: 100%) | |
hash80 | Ficker Stealer botnet C2 server (confidence level: 100%) | |
hash8808 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash1234 | BitRAT botnet C2 server (confidence level: 100%) | |
hash11301 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hashc5792ce2154c652d9102fa4982dcfce3 | Hancitor payload (confidence level: 50%) | |
hash19264 | NjRAT botnet C2 server (confidence level: 100%) | |
hash19264 | NjRAT botnet C2 server (confidence level: 100%) | |
hash19264 | NjRAT botnet C2 server (confidence level: 100%) | |
hash19264 | NjRAT botnet C2 server (confidence level: 100%) | |
hash19264 | NjRAT botnet C2 server (confidence level: 100%) | |
hash19264 | NjRAT botnet C2 server (confidence level: 100%) | |
hash4207 | NjRAT botnet C2 server (confidence level: 100%) | |
hash5552 | BitRAT botnet C2 server (confidence level: 100%) | |
hash6805 | BitRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash64631 | NetWire RC botnet C2 server (confidence level: 100%) | |
hash2405 | Remcos botnet C2 server (confidence level: 100%) | |
hash6735 | Nanocore RAT botnet C2 server (confidence level: 75%) | |
hash1000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5505 | BitRAT botnet C2 server (confidence level: 100%) | |
hash1605 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2009 | Remcos botnet C2 server (confidence level: 100%) | |
hash2364 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash2703 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1116 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash7143 | Remcos botnet C2 server (confidence level: 100%) | |
hash2364 | Nanocore RAT botnet C2 server (confidence level: 75%) | |
hashd4fc99799273a7091629bd0a87c8d820 | Agent Tesla payload (confidence level: 50%) | |
hash104e52c0676debc40745bda6d0a9e3a5 | Agent Tesla payload (confidence level: 50%) | |
hashe73deb31792392fd594e9aa419904391 | QNAPCrypt payload (confidence level: 50%) | |
hashdf3588fb9997696586162288ec739a17 | QNAPCrypt payload (confidence level: 50%) | |
hashb7b4beb6f830ff790cf1f21015cf92d6 | QNAPCrypt payload (confidence level: 50%) | |
hashfd2cc0c858b7b92b32d86f7bb8a48d56798667a2bc7e75fe44f074178ea3a0d6 | Dridex payload (confidence level: 50%) | |
hash9a466e559e5141ea8ef4a9a1194746b7c8921c63bcd1d3b910d75e6388619eb8 | Dridex payload (confidence level: 50%) | |
hash9d35695553cd3c3f44930e214730676590a7eb47d135fb9c5dbd4d39e105dd56 | Dridex payload (confidence level: 50%) | |
hasha72639cdddbb5f136834cd7c617c291064b78e0a32dadc1c21d99afd2903472b | Dridex payload (confidence level: 50%) | |
hashed6d830e92ec1c4b230e2505491487c9 | Qealler payload (confidence level: 50%) | |
hash63435df08be731cf518a4ec754458ee4 | Qealler payload (confidence level: 50%) | |
hash06fec711d6d4cc7d3446fdad1245c0cf7fee3bfb755039cfc3dad9bd25777bb1 | Formbook payload (confidence level: 50%) | |
hash3a5b1985cf04964dad2e3dbe52f0e742d39b51a7e18a08a253761c3d5ce8977b | Formbook payload (confidence level: 50%) | |
hash92e01cf56625e95b0d5c7f0706403ddcb068bdcd82e82a45ed9c296f0df394d4 | Formbook payload (confidence level: 50%) | |
hash5d5a3d47e627789966320b0a6b6f73950cd93947ccede180964c0838c9cb4af5 | Formbook payload (confidence level: 50%) | |
hash4cf6fb8514073319e7759b4f66d13f08 | BazarBackdoor payload (confidence level: 50%) |
Url
Value | Description | Copy |
---|---|---|
urlhttp://becharnise.ir/fb10/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttp://weilde.at/klein/index.php | Azorult botnet C2 (confidence level: 75%) | |
urlhttps://parisahome.com/squad/panel/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttp://111.229.107.34:80/ca | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://becharnise.ir/fb11/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttp://141.136.0.33/1/ | SmokeLoader botnet C2 (confidence level: 75%) | |
urlhttp://87.251.79.157/bo22/1/pin.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttps://nadar-gis.com/post.php | Zloader botnet C2 (confidence level: 50%) | |
urlhttps://crown-sign.com/post.php | Zloader botnet C2 (confidence level: 50%) | |
urlhttps://dainikjahan.com/post.php | Zloader botnet C2 (confidence level: 50%) | |
urlhttps://alekllemtilaro.tk/post.php | Zloader botnet C2 (confidence level: 50%) | |
urlhttps://svilapp.svgipsar.org/post.php | Zloader botnet C2 (confidence level: 50%) | |
urlhttps://crearqarquitectos.com/post.php | Zloader botnet C2 (confidence level: 50%) | |
urlhttps://denatureedutech.com/post.php | Zloader botnet C2 (confidence level: 50%) | |
urlhttp://parisahome.com/squad/panel/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://217.12.209.160:33333/ | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttp://185.153.198.36:10202/ | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttp://tor.void.gr/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://browserss.ru/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://tor.download-windows.org/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://tor2web.ru/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://free-browsers.ru/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://tor-project.ru/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://4browser.ru/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://torbrowser-free.ru/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://xn--80abnh7bds1e.xn--p1acf/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://tor.browser.ideaprog.download/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://tor-browser.ru.uptodown.com/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://tor-browser.ru/gates.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://tor-browser.ru/ | Pony botnet C2 (confidence level: 100%) | |
urlhttp://193.38.55.26:3214/ | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttp://rusianlover.icu/forum/logout.php?pid=701 | BetaBot botnet C2 (confidence level: 100%) | |
urlhttp://juhjuh.com/ | Arkei Stealer botnet C2 (confidence level: 100%) | |
urlhttp://109.234.37.179:45888/ | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttp://kencana-sakti.com/mb/panel/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://bengalcement.com.bd/axpu/index.php | Azorult botnet C2 (confidence level: 100%) | |
urlhttp://becharnise.ir/fb19/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://skinnycat.top/ | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttp://217.12.209.82:44444/ | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttp://103.151.123.20:12320/ | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttp://51.195.53.221/p.php/z3zeiqcu6gm6t | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://203.159.80.87/demo/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://212.109.218.124/cfg/ | Taurus Stealer botnet C2 (confidence level: 100%) | |
urlhttp://tor-browser.softok.info/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://tor-browser.ru/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://torrbrowser.ru/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://tor-browser-windows.browser.su/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://tor-browser-free.ru/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://tor.install-download.net/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://tor-browser.softonic.ru/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://tor-project.ru/gates.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://tor-project.ru/ | Pony botnet C2 (confidence level: 100%) | |
urlhttp://nstadldrnan.xyz/ | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttp://tor.download-windows.org/gfate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://free-browsers.ru/gagte.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://tor-project.ru/gajte.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://tor.void.gr/ghate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://tor-browser.ru.uptodown.com/gatje.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://4browser.ru/gakte.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://browserss.ru/gjate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://webbrowsers.ru/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://picturework.top/ | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttp://zotilaetam.xyz/ | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttp://erherst.tk/ | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttp://networkdata.host56.com/blog/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://myflightstone.3utilities.com/fokgkp/panel/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://51.195.53.221/p.php/4wkoqpxhdhyuh | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://wonkwonschoolrp.hopto.org/aiofjg/panel/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://password.market/3gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://password.market/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://password.market/4/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://password.market/1/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://password.market/2gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://password.market/ | Pony botnet C2 (confidence level: 100%) | |
urlhttp://password.market/gsdfate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://password.market/page/faq | Pony botnet C2 (confidence level: 100%) | |
urlhttp://password.market/afdhsfs/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://password.market/gshate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://password.market/fgh/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://password.market/gsdgate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://password.market/gafte.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://www.password.market/panel/reg | Pony botnet C2 (confidence level: 100%) | |
urlhttp://password.market/ggaafhate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://canri.org/wpcss/image/colour/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://142.11.210.173/second/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://akhtargroup.xyz/niggab-x/panel/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://51.195.53.221/p.php/fgbebrohmwbrq | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://bananinze.com/upload/ | SmokeLoader botnet C2 (confidence level: 75%) | |
urlhttp://bingooodsg.icu/upload/ | SmokeLoader botnet C2 (confidence level: 75%) | |
urlhttp://daunimlas.com/upload/ | SmokeLoader botnet C2 (confidence level: 75%) | |
urlhttp://ginessa11.xyz/upload/ | SmokeLoader botnet C2 (confidence level: 75%) | |
urlhttp://junntd.xyz/upload/ | SmokeLoader botnet C2 (confidence level: 75%) | |
urlhttp://overplayninsx.xyz/upload/ | SmokeLoader botnet C2 (confidence level: 75%) | |
urlhttp://xsss99.icu/upload/ | SmokeLoader botnet C2 (confidence level: 75%) |
File
Value | Description | Copy |
---|---|---|
file194.5.97.16 | Nanocore RAT botnet C2 server (confidence level: 75%) | |
file3.121.139.82 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file103.18.108.116 | Dridex botnet C2 server (confidence level: 75%) | |
file210.65.244.179 | Dridex botnet C2 server (confidence level: 75%) | |
file37.247.35.130 | Dridex botnet C2 server (confidence level: 75%) | |
file79.134.225.86 | Nanocore RAT botnet C2 server (confidence level: 75%) | |
file185.208.158.210 | NetWire RC botnet C2 server (confidence level: 100%) | |
file45.141.87.55 | Ficker Stealer botnet C2 server (confidence level: 100%) | |
file5.206.224.224 | BitRAT botnet C2 server (confidence level: 100%) | |
file89.216.27.61 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file3.17.7.232 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.134.39.220 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.14.182.203 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.134.125.175 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.22.30.40 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.13.191.225 | NjRAT botnet C2 server (confidence level: 100%) | |
file210.65.244.182 | Dridex botnet C2 server (confidence level: 50%) | |
file216.250.250.63 | Ozone RAT botnet C2 server (confidence level: 100%) | |
file46.243.221.55 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file193.218.118.85 | STRRAT botnet C2 server (confidence level: 100%) | |
file64.188.13.141 | STRRAT botnet C2 server (confidence level: 100%) | |
file54.37.160.138 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file46.243.221.36 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file192.111.146.186 | Qealler botnet C2 server (confidence level: 100%) | |
file193.218.118.85 | LimeRAT botnet C2 server (confidence level: 100%) | |
file79.134.225.122 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file194.5.98.100 | NetWire RC botnet C2 server (confidence level: 100%) | |
file34.65.142.243 | Ficker Stealer botnet C2 server (confidence level: 100%) | |
file95.70.188.130 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file45.139.236.5 | BitRAT botnet C2 server (confidence level: 100%) | |
file52.28.112.211 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file3.13.191.225 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.22.30.40 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.14.182.203 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.134.125.175 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.17.7.232 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.134.39.220 | NjRAT botnet C2 server (confidence level: 100%) | |
file79.134.225.70 | NjRAT botnet C2 server (confidence level: 100%) | |
file178.159.39.203 | BitRAT botnet C2 server (confidence level: 100%) | |
file203.159.80.242 | BitRAT botnet C2 server (confidence level: 100%) | |
file198.23.212.148 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.140.53.161 | NetWire RC botnet C2 server (confidence level: 100%) | |
file79.134.225.118 | Remcos botnet C2 server (confidence level: 100%) | |
file91.193.75.245 | Nanocore RAT botnet C2 server (confidence level: 75%) | |
file91.241.51.107 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file23.19.227.243 | BitRAT botnet C2 server (confidence level: 100%) | |
file20.86.25.230 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file188.72.115.54 | Remcos botnet C2 server (confidence level: 100%) | |
file167.114.136.11 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file172.94.109.35 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.140.53.9 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file188.72.87.164 | Remcos botnet C2 server (confidence level: 100%) | |
file185.140.53.130 | Nanocore RAT botnet C2 server (confidence level: 75%) |
Domain
Value | Description | Copy |
---|---|---|
domainlukkeze.club | Ficker Stealer botnet C2 domain (confidence level: 100%) | |
domainjfuag3.cn | ServHelper botnet C2 domain (confidence level: 100%) | |
domainnovacation.cn | ServHelper botnet C2 domain (confidence level: 100%) |
Threat ID: 682c7ac0e3e6de8ceb763791
Added to database: 5/20/2025, 12:51:12 PM
Last enriched: 6/19/2025, 1:33:23 PM
Last updated: 8/8/2025, 8:53:31 AM
Views: 7
Related Threats
ThreatFox IOCs for 2025-08-17
MediumThreatFox IOCs for 2025-08-16
MediumScammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumThreatFox IOCs for 2025-08-15
MediumThreat Actor Profile: Interlock Ransomware
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.