Skip to main content

ThreatFox IOCs for 2021-03-25

Medium
Published: Thu Mar 25 2021 (03/25/2021, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2021-03-25

AI-Powered Analysis

AILast updated: 06/18/2025, 19:48:30 UTC

Technical Analysis

The provided threat intelligence entry pertains to a set of Indicators of Compromise (IOCs) collected and shared via ThreatFox on March 25, 2021. The threat is categorized as malware-related and is associated with OSINT (Open Source Intelligence) data. However, the information lacks specific details about the malware family, attack vectors, affected software versions, or technical indicators such as hashes, IP addresses, or domains. The threat level is indicated as 2 on an unspecified scale, with a distribution rating of 3, suggesting moderate dissemination or sharing within the community. There are no known exploits in the wild linked to this threat, and no patches or mitigations are directly referenced. The absence of CWE identifiers and detailed technical analysis limits the ability to precisely characterize the malware's behavior, infection mechanisms, or payload impact. Given the nature of the data as OSINT-derived IOCs, this entry likely serves as a repository or alert for security teams to enhance detection capabilities rather than signaling an active, widespread attack campaign. The TLP (Traffic Light Protocol) classification as white indicates that the information is publicly shareable without restrictions, supporting broad community awareness and response efforts.

Potential Impact

Due to the lack of detailed technical information and absence of known active exploitation, the immediate impact on European organizations is likely limited. However, the presence of malware-related IOCs in OSINT repositories can aid threat actors in reconnaissance or facilitate detection by defenders. If these IOCs correspond to emerging or evolving malware strains, organizations might face risks related to data confidentiality breaches, integrity violations, or service disruptions if the malware is deployed successfully. The medium severity rating suggests a moderate potential for harm, possibly through targeted attacks or lateral movement within networks. European organizations relying on threat intelligence feeds should integrate these IOCs into their detection systems to preemptively identify and mitigate infections. The impact could be more pronounced in sectors with high-value data or critical infrastructure, where malware infections can lead to operational downtime or data exfiltration.

Mitigation Recommendations

Given the nature of this threat as OSINT-derived IOCs without specific exploit details, mitigation should focus on enhancing detection and response capabilities. Organizations should: 1) Integrate the provided IOCs into Security Information and Event Management (SIEM) systems and Endpoint Detection and Response (EDR) tools to improve visibility. 2) Conduct regular threat hunting exercises using these IOCs to identify potential compromises early. 3) Maintain up-to-date asset inventories to prioritize monitoring of critical systems. 4) Employ network segmentation to limit malware propagation if an infection occurs. 5) Implement strict access controls and multi-factor authentication to reduce the risk of unauthorized access that could facilitate malware deployment. 6) Participate in information sharing communities to receive timely updates on evolving threats related to these IOCs. 7) Since no patches are indicated, focus on behavioral detection techniques and anomaly monitoring to identify suspicious activities associated with unknown or emerging malware.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
0eb59a25-2cab-4ac6-8c0d-b4f600440e10
Original Timestamp
1616716981

Indicators of Compromise

Hash

ValueDescriptionCopy
hasheee544ff3042ebe04bd12cd25fa5dfe417aa35fbe43017ee1eefbb62dee2df29
Glupteba payload (confidence level: 50%)
hash144ba65dc861fc63f429d80864099985c3568c21f32b8d55a8a7790f38e5219d
Glupteba payload (confidence level: 50%)
hashde5518baf0b99db0b28298eea2aef803869c3a1f03e71fa6c14b2949a76b9b1e
Glupteba payload (confidence level: 50%)
hash4f7efeb4937981b0612d730ee426cd82c8c8a0bd4feb746335f96ff09109fcac
Glupteba payload (confidence level: 50%)
hash6818
Crimson RAT botnet C2 server (confidence level: 100%)
hashcfc5fb8385f662b109c6cf866ff70e598964dd37dc3498d5bd45ad2c8f4c7d59
Phobos Ransomware payload (confidence level: 50%)
hash6d2e3d20cb2290d280f12889dbe4608e4c4912b29a78d97282688be2135c7f04
Phobos Ransomware payload (confidence level: 50%)
hash39802aee5a7eeccf481f0edd551b96e6aa545cf1a4e24a14b07d963733e470af
Phobos Ransomware payload (confidence level: 50%)
hash7a691e1655dc6dfb8765947861eb93f9481471fa6833025c1f3066f540e64ffd
Phobos Ransomware payload (confidence level: 50%)
hash5900
NetWire RC botnet C2 server (confidence level: 100%)
hash4d0c7314a1dae4a0bcc378f5ea1a779db24f54be030c578fb93033322f814be2
Agent Tesla payload (confidence level: 50%)
hash4285d1017228cfe56d6fabd267c201be184b070d06d20b3f353685c4b0173198
Agent Tesla payload (confidence level: 50%)
hash672a61ad27f7bafa74b86dffa95262a18256d48cf3f1aa74c5b6907cefd9cad1
Agent Tesla payload (confidence level: 50%)
hash664dad896f4788902922b89d7dec98ca505e38e44af0e8e1ba14ac866807785e
Agent Tesla payload (confidence level: 50%)
hashbde11e5f0bd0e97d5fec3572de59518b300d0a27602c25d9699d8fc030022cb1
Formbook payload (confidence level: 50%)
hash414d612f1134c580046095e37ead026b1c2fbfa31432e1ee662276286983fa24
Formbook payload (confidence level: 50%)
hash6682de57608d5aa3a9d08cc776c0fde40eac48ac8898a06ca35cf7449673098e
Formbook payload (confidence level: 50%)
hash760d24ae5e53825def7fee3baf4392c819f79f94d0dfa24f39a6cb21552dfaf7
Formbook payload (confidence level: 50%)
hasha3fbfab7f1a328a0117458513716fbf1f1b1b07e2ec58becbafcf81b4303a522
Glupteba payload (confidence level: 50%)
hash43dcc1f0d42106ff7ef495eab5e88c20dcb0a514deff224cf03fae7fdcd99c33
Glupteba payload (confidence level: 50%)
hash44b1d31dd7f0afeb4dc42929aeb5de9d82a614013893c1671597a021e9d654cc
Glupteba payload (confidence level: 50%)
hash6c219118acdf6e43d54298e2a7c268c0877a4f31c207cd29d2e038a858cea9fe
Glupteba payload (confidence level: 50%)
hash3118708b292765069f61fbdee3214a874a0dff7ab96b5f59d38a200f36d2e106
SmokeLoader payload (confidence level: 50%)
hash0bf3061c504517cb6b9fdd10bffe01a18a310b7989d0228635b7295bc5211582
SmokeLoader payload (confidence level: 50%)
hash2d9fe8ad296522b1d794302f416f0cde69ffd9d25caccf20576edaf271068178
SmokeLoader payload (confidence level: 50%)
hash2a0b32b89de109d62f93c18ef2ba7e9fe92e99bef8df233a1dfc6f784e13f64b
SmokeLoader payload (confidence level: 50%)
hash3a49c49284d6f3e229d262473c0d7e82255342c7c0dd4fe8ec88a813a9bc74fc
Agent Tesla payload (confidence level: 50%)
hashabe51892533bc6f1b2dd1df29cc65879c10239a62ebf16278cc25ac94ed41e65
Agent Tesla payload (confidence level: 50%)
hash870eb8a97b16ac3b0f7c259a91be78b86778433e4e06d5f35ad2007427c28749
Agent Tesla payload (confidence level: 50%)
hashf1080d9ef479e5632f61d71bf3e58f5d1da96faed688c76fb58bc9050a3676c8
Agent Tesla payload (confidence level: 50%)
hash555
Nanocore RAT botnet C2 server (confidence level: 100%)
hash19b42120a5780f760f9eac6380293385b4fe4e626892741811aed00acce611e8
Nanocore RAT payload (confidence level: 50%)
hash63bff8c2dda2d7689d14aa820d5d68f6ce8032230fbec07a6ebee67282c68394
Nanocore RAT payload (confidence level: 50%)
hash53b95a34744278164828f2819b3733a9af538ad8c13be08a7668a6999bd1749c
Nanocore RAT payload (confidence level: 50%)
hashba79bb82c1994130078c82de0a0332460016e988ced75c4bb34d13a81f4f8bb4
Nanocore RAT payload (confidence level: 50%)
hash193c874495df60ae3e7b99436c7830fe56ae4223d9ff6afae7274765e1a11cfc
Agent Tesla payload (confidence level: 50%)
hash2609a9cd5c6a41aed4e3465f4670b2a1f68b36ed188de68a66579bc7d1bce159
Agent Tesla payload (confidence level: 50%)
hash07c5dd9b3305cc2c1f9d4f735cc9412c4f0664f1063cae4dc1aa673fd663a8b3
Agent Tesla payload (confidence level: 50%)
hashbd52197839d89a6a0326dd6f7dd0bae4f3b5e19d6e11759be1ab818a6d7cdc17
Agent Tesla payload (confidence level: 50%)
hashf18a9719d767a2be2f5a9c78e04dda71df60a5345156e997458cf91970fcf5b7
DanaBot payload (confidence level: 50%)
hash62ecbb932e0211217f62bd0d3d5744a54104e2431e27ff7a7822a25d04a8581b
DanaBot payload (confidence level: 50%)
hash86ae5b33931c65515c845dc921880f1a3c90fc756a75df7c839243f904123ed1
DanaBot payload (confidence level: 50%)
hash5bdc5259703c04247d8fb65da833039b9149df10f4adbe1e27274bef66ec0ef0
DanaBot payload (confidence level: 50%)
hashf25528c7b818c788f0979ca27b3697f3d8b7cf3cb607fa443d374888a0b52208
Azorult payload (confidence level: 50%)
hasha6007add3989a77400e4ab9120f7b80b54c70a3df5908f4ea3f1f4d37eab0bcc
Azorult payload (confidence level: 50%)
hash52a0451136f10436c0c03139d900855a141880389ca57e9a1472a01dc28c2c47
Azorult payload (confidence level: 50%)
hash75057e98634605cba07fd6df66647bbc4e2eec59dca9513fa9107bbab1b9eaf4
Azorult payload (confidence level: 50%)
hash4400
BitRAT botnet C2 server (confidence level: 100%)
hash46ed80bd788670928f5d04217c0fda40c661a5a211f07ef6319188625303e646
Formbook payload (confidence level: 50%)
hash17e606baa0797fd83464d43902b1705226c1d03522dbf5aa9077fe6ef1ca55c6
Formbook payload (confidence level: 50%)
hash7ea0fdbc06262768e2ead0613ef5df8370035d0137209699f12057a54b27bd2e
Formbook payload (confidence level: 50%)
hash949cc432eed5b528c6306fc86ae31daf617615b404a7b0647146df0b38fc65ba
Formbook payload (confidence level: 50%)
hash510ea584db86799bd496b62e6c3da72c9f01b19527da0496ac6bf9f1ecd1733a
Agent Tesla payload (confidence level: 50%)
hashe484dd89ca41783addc420ae8b28e965997644a1bd7a9af1485dc239f21e2ac6
Agent Tesla payload (confidence level: 50%)
hash6dd083c5799aa7dfd4c2abb635a1a8bd738becfe8ff1b0a58b389888d17cdfd4
Agent Tesla payload (confidence level: 50%)
hash4b46f30b9c687d55d3bc1ac59d4affabe44da32a45fea61e8c264c4106e9137e
Agent Tesla payload (confidence level: 50%)
hash3003
Nanocore RAT botnet C2 server (confidence level: 100%)
hash5552
NjRAT botnet C2 server (confidence level: 100%)
hasha0c4ca658d66e26df505f94705577ed5d535a2c7e031774a81df7f2c06332dd5
Nanocore RAT payload (confidence level: 50%)
hash64dc798b371c2bcdf803f695875aa351f46edb7248b3652bfc53a1a29889d801
Nanocore RAT payload (confidence level: 50%)
hash2dd7c5d4775a5721fecfbfa53b572316c5d1baa9a244229861091785eb8d8e7a
Nanocore RAT payload (confidence level: 50%)
hash90dcd4ef8d87eba6a65ac25459b910eb764c8a6ac70dc0416edc90d3518186c1
Nanocore RAT payload (confidence level: 50%)
hash8261a249101f3cfc530438360523c7e544747d38d1c18313d9703afef20341be
Formbook payload (confidence level: 50%)
hash9b438cfef66666b1c6513dab7cefd8f984621eaa1206272998215e9b445090fe
Formbook payload (confidence level: 50%)
hasha96fef841de9e7178b9c0ab7db37aa853f7a9fd84624d2a6e0f439a5f5632ddc
Formbook payload (confidence level: 50%)
hash4d1ca04d04f5d34e63dfd57b2dfb8dbbd7224afaa83baf91529828de275af203
Formbook payload (confidence level: 50%)
hash81
AsyncRAT botnet C2 server (confidence level: 100%)
hasha5a5ba1de4aa6246b7c396116caef016b1981b7dcb752c5cd9e246becfb92519
Agent Tesla payload (confidence level: 50%)
hash3f38b46b08de629bcda08b82cc6a70dfafc1ad844313d65c4cbacb19f096cd1b
Agent Tesla payload (confidence level: 50%)
hashd765fc981d3265369710aaea69d851c960510eb9ddda2aaa92cdac484516c818
Agent Tesla payload (confidence level: 50%)
hash649b096d1faa2b22035123067642a198ae11a5901a67f3157de5a638dd848827
Agent Tesla payload (confidence level: 50%)
hash50f3e0b37f58f1d7a8de848fb66749f6c93651d0c6fa37e0cdc8f888c68a877d
Agent Tesla payload (confidence level: 50%)
hash31b3cedda2035b9710e9e5d94aff7e38d72e784014fe02f7aca8b28263020b96
Agent Tesla payload (confidence level: 50%)
hash34cd128bb2875da4adf969c124a5b3648654c36814cae5a35e8c3076f239ee79
Agent Tesla payload (confidence level: 50%)
hashd200923ad5b07e7fac6903cb79b909e29e40bc523f6713a10832864dca3231af
Agent Tesla payload (confidence level: 50%)
hash80
BlackNET RAT botnet C2 server (confidence level: 75%)
hash2bdd55d368125b72136a39db1870bf5f
Azorult payload (confidence level: 50%)
hashe93da9968d652948fa74b8898ed7d168
Agent Tesla payload (confidence level: 50%)
hash6701
Nanocore RAT botnet C2 server (confidence level: 100%)
hashafe4ae071261d7c5e03b4e96e253182a270d1e2c4f772d4d947e5d5cf3005984
ISFB payload (confidence level: 50%)
hash66e8b0645ab5d9a707a753d4abb9878fd03dd05138445f22bafba76e3c007397
Agent Tesla payload (confidence level: 50%)
hash97ff929ee442194764c50634c91ddc16739424c6eacf90383cb36a4a4210d074
Agent Tesla payload (confidence level: 50%)
hash1007436b40db380f98ecff247e87e62d15507ed94859d55e89ff557b247219a1
Agent Tesla payload (confidence level: 50%)
hash7d4291707493bc84921a0832f42340e5377d0e58ce15e43a066ebd03f0c7c413
Agent Tesla payload (confidence level: 50%)
hashaeafb7e4c801bb5a7a94dacfbdbbb6ec96feeb78ef78d0e92f830d2dc666cf89
Agent Tesla payload (confidence level: 50%)
hash56b01bb8df6e581530aee7ab1721348bc0839ee6ce1384c5c0de9ae1193569ca
Agent Tesla payload (confidence level: 50%)
hash2b0525261693bab30aa2a957bc01e2db908ee17194e14da77c45a2767c72a715
Agent Tesla payload (confidence level: 50%)
hashc7d1bb6679ff60e773577753b44b6dde9ce64521e241adfce7719d8cf7600db2
Agent Tesla payload (confidence level: 50%)
hash7dc5a4022697c9ff17a6cb0caffa2c4b49eb0f48459fc3a0f43d17ee15e5986b
Agent Tesla payload (confidence level: 50%)
hash29cdd1b6c029cd7c8913d393172dff243d150aa8415699a59c3eebcf76a457e1
Agent Tesla payload (confidence level: 50%)
hashb56bb0b9e676f4014d24762d8116da74e6c93c0a27f5ea0309a13854360de469
Agent Tesla payload (confidence level: 50%)
hasha46ae8264e5f9bfa7edd80062cfd04169b19468ca308d6ffd1da00b6ea374ea3
Formbook payload (confidence level: 50%)
hash8cdd5e9998109a12d49b6a226723f5c712c0ad44d0788b30eda8a69ff6a47c7d
Agent Tesla payload (confidence level: 50%)
hasha9e5ea46d5b0dbd4b480b3002c9fe74bfe1b83e9297d4ecef3a9cd514124addb
Formbook payload (confidence level: 50%)
hash7cbc1d9601c932a14c4bbf2fba67b5c417087cb5dacf0eb2dff743e77af2d380
Formbook payload (confidence level: 50%)
hash8fb2a899e6622a2ddc7989121174bea2b7756f3f56f64f42dc6ef875d19ce919
Formbook payload (confidence level: 50%)
hash763760654cb0255fe852dc06bfb80c3e9453b084e8355f3284cbd8cc6756a9ac
Agent Tesla payload (confidence level: 50%)
hash067173ee180295fa8ab38ce36f7fac2c29aa554e8d814054c549f443ce33a4ed
Agent Tesla payload (confidence level: 50%)
hashf6f9ebd698ebe9f406129b21c3c393e2d754d156939d09c6db05f91fdda2c354
Agent Tesla payload (confidence level: 50%)
hash2302969f8ff5abb62c46d76a401ee04542ecfdce39eea660d65afefef6d787ce
Agent Tesla payload (confidence level: 50%)
hashbe20bd1ecf2437142a0901b8ee1b3872e9fa59cb3c9086c2f938d2909dd2a77b
Nanocore RAT payload (confidence level: 50%)
hash1dca4ceafb673bd9a7bc6d6937caa6ec17dcfde6ca516b87b40ca58808a86915
Nanocore RAT payload (confidence level: 50%)
hash61c92744a7657638808df9b717538a0c231dabd1ecf94b6d8407854bc6630b16
Nanocore RAT payload (confidence level: 50%)
hashb3255f3b9861fec3df96f6703a250cfafa3b8f7bcfddd5a427c3bafc0b1e8564
Nanocore RAT payload (confidence level: 50%)
hash6699
NjRAT botnet C2 server (confidence level: 100%)
hash41432
Nanocore RAT botnet C2 server (confidence level: 100%)
hash635f2f8b772134b31fbd79fbf89ba905ac97d9726ec5a321dd099d0099f9c744
Agent Tesla payload (confidence level: 50%)
hash2a7e1aa7c2d36dad17c48acc64f5c9dab742c3500fed00aa13fbd37026a5127e
Agent Tesla payload (confidence level: 50%)
hash10d40d8ea3d7b67007bcba4f2286e136579e28c2a14c207ed522dde9063994e5
Agent Tesla payload (confidence level: 50%)
hash0475dcef4d6fc67ab5e320b708be670a65901ec2840e26d7c5dfa0b20573149f
Agent Tesla payload (confidence level: 50%)
hash5555
NjRAT botnet C2 server (confidence level: 100%)
hashd772357dab7ae7cfdb6fc5704562b3c1
Agent Tesla payload (confidence level: 50%)
hash848f4d3a9ce6780b700dfb571643d64c
Agent Tesla payload (confidence level: 50%)
hash8989
Nanocore RAT botnet C2 server (confidence level: 100%)
hashc702357f6dcd685e57710cd9ad49173d7a2e2b611d02096c78b8d41a436f28c3
NjRAT payload (confidence level: 50%)
hash70a177f2081e4309fe611ae906a218ba1c76dc8ca3c7292e457642f30073f260
NjRAT payload (confidence level: 50%)
hashfd46fe4418f63fd2193260202a29c185301dab46dd6f1e93f80d0e44bfa1a6a3
NjRAT payload (confidence level: 50%)
hashcb4289f6e76a293f1f83b86afbf08373bac7e77de9b00a2c6394b481ff245a3f
Glupteba payload (confidence level: 50%)
hash85703e12da9b03c01beeca428bab091b0f790d26f789bdc0beee75cab764f3d2
Glupteba payload (confidence level: 50%)
hash81e32711095862add92b6628569a86fad212e146dc41bc757ffff338799582a4
Glupteba payload (confidence level: 50%)
hash5abfc494ba3349092a27515acc133396d2814e0ced938746519b634ab71e7b29
Glupteba payload (confidence level: 50%)
hash1414
NjRAT botnet C2 server (confidence level: 100%)
hash67fe9d567c544348a1c011b53d13673a883b9bca447063d1c57293d7ccf9e867
RedLine Stealer payload (confidence level: 50%)
hash555696b26eb29307cd01e024e80185dfac8845505f172e11899cf1b0598e2ce4
RedLine Stealer payload (confidence level: 50%)
hash33d25fec49fdf04d74f2f29b3931e311e7d30dbee7d77572565e315a4e9bca95
RedLine Stealer payload (confidence level: 50%)
hashfca5301a571788fe225a5ae2169e19b0bbb1d244bc85ca2be2131618a78860bb
RedLine Stealer payload (confidence level: 50%)

Url

ValueDescriptionCopy
urlhttp://179.61.237.152:35225/
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://45.135.132.19:57528/
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://gccorps.com/chief/kev/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://45.150.67.203:48483/
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://transcorpoil.com/dumbo/dumbo2/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://tor-project.ru/admin.php
Pony botnet C2 (confidence level: 100%)
urlhttp://103.125.190.121:38988/
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://212.86.102.153:40355/
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://80.89.230.172:3214/
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://solsex.duckdns.org/index.php
Azorult botnet C2 (confidence level: 100%)
urlhttp://185.153.198.53:40355/
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://lontor-tv.tk/max/index.php
Azorult botnet C2 (confidence level: 75%)
urlhttp://webtool.publicvm.com:7776/vre
Vjw0rm botnet C2 (confidence level: 100%)
urlhttp://178.20.40.83:81/
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://fleximexi.ir/stan/panel/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://gjsd.xyz/my/five/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttps://fleximexi.ir/stan/panel/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttp://cfsmarthome.net/0/
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://transcorpoil.com/dumbo/dumbo1/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://51.195.53.221/p.php/7mptlmod4nasj
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://techregistrationapp.xyz/111/index.php
Azorult botnet C2 (confidence level: 100%)
urlhttp://108.170.27.74:40355/
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://80.92.206.128/
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://63e2e5290bcf.ngrok.io/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://thutalo.xyz/
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://trabajovalle2019.duckdns.org:2040/is-ready
Houdini botnet C2 (confidence level: 100%)
urlhttp://45.138.157.212:40355/
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://privatecyber.site/index.php
Azorult botnet C2 (confidence level: 100%)
urlhttp://hprosacco25i.xyz/gera.gif
IcedID payload delivery URL (confidence level: 100%)
urlhttp://rosenbaum-jaida24nz.xyz/grays.gif
IcedID payload delivery URL (confidence level: 100%)
urlhttp://treutel-jamir25ju.xyz/gera.gif
IcedID payload delivery URL (confidence level: 100%)
urlhttp://rgleason25s.xyz/gera.gif
IcedID payload delivery URL (confidence level: 100%)
urlhttp://xherzog24pv.xyz/grays.gif
IcedID payload delivery URL (confidence level: 100%)
urlhttp://brannon-powlowski25d.xyz/gera.gif
IcedID payload delivery URL (confidence level: 100%)
urlhttp://crooks-cooper24g.xyz/grays.gif
IcedID payload delivery URL (confidence level: 100%)
urlhttp://dennis-hill25lw.xyz/gera.gif
IcedID payload delivery URL (confidence level: 100%)
urlhttp://194.156.98.159:3214/
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://45.144.29.195:52455/
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://miwnenalita.xyz/
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://178.20.40.164:3214/
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://umbrelladownload.uno:40355/
RedLine Stealer botnet C2 (confidence level: 100%)

File

ValueDescriptionCopy
file151.106.14.125
Crimson RAT botnet C2 server (confidence level: 100%)
file207.244.226.86
NetWire RC botnet C2 server (confidence level: 100%)
file138.197.161.207
Nanocore RAT botnet C2 server (confidence level: 100%)
file194.5.98.252
BitRAT botnet C2 server (confidence level: 100%)
file79.134.225.82
Nanocore RAT botnet C2 server (confidence level: 100%)
file105.103.36.53
NjRAT botnet C2 server (confidence level: 100%)
file41.251.51.168
AsyncRAT botnet C2 server (confidence level: 100%)
file45.133.1.98
BlackNET RAT botnet C2 server (confidence level: 75%)
file51.103.81.8
Nanocore RAT botnet C2 server (confidence level: 100%)
file181.131.216.190
NjRAT botnet C2 server (confidence level: 100%)
file18.184.222.225
Nanocore RAT botnet C2 server (confidence level: 100%)
file105.103.36.53
NjRAT botnet C2 server (confidence level: 100%)
file194.5.98.46
Nanocore RAT botnet C2 server (confidence level: 100%)
file38.89.142.205
NjRAT botnet C2 server (confidence level: 100%)

Domain

ValueDescriptionCopy
domaingotoregt.space
Gozi botnet C2 domain (confidence level: 100%)
domainbrannon-powlowski25d.xyz
IcedID payload delivery domain (confidence level: 100%)
domaincrooks-cooper24g.xyz
IcedID payload delivery domain (confidence level: 100%)
domaindennis-hill25lw.xyz
IcedID payload delivery domain (confidence level: 100%)
domainhprosacco25i.xyz
IcedID payload delivery domain (confidence level: 100%)
domainkassandra5024d.xyz
IcedID payload delivery domain (confidence level: 100%)
domainrgleason25s.xyz
IcedID payload delivery domain (confidence level: 100%)
domainrosenbaum-jaida24nz.xyz
IcedID payload delivery domain (confidence level: 100%)
domaintreutel-jamir25ju.xyz
IcedID payload delivery domain (confidence level: 100%)
domainxherzog24pv.xyz
IcedID payload delivery domain (confidence level: 100%)

Threat ID: 682b7ba2d3ddd8cef2e770b1

Added to database: 5/19/2025, 6:42:42 PM

Last enriched: 6/18/2025, 7:48:30 PM

Last updated: 8/4/2025, 5:51:32 AM

Views: 8

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats