ThreatFox IOCs for 2021-03-25
ThreatFox IOCs for 2021-03-25
AI Analysis
Technical Summary
The provided threat intelligence entry pertains to a set of Indicators of Compromise (IOCs) collected and shared via ThreatFox on March 25, 2021. The threat is categorized as malware-related and is associated with OSINT (Open Source Intelligence) data. However, the information lacks specific details about the malware family, attack vectors, affected software versions, or technical indicators such as hashes, IP addresses, or domains. The threat level is indicated as 2 on an unspecified scale, with a distribution rating of 3, suggesting moderate dissemination or sharing within the community. There are no known exploits in the wild linked to this threat, and no patches or mitigations are directly referenced. The absence of CWE identifiers and detailed technical analysis limits the ability to precisely characterize the malware's behavior, infection mechanisms, or payload impact. Given the nature of the data as OSINT-derived IOCs, this entry likely serves as a repository or alert for security teams to enhance detection capabilities rather than signaling an active, widespread attack campaign. The TLP (Traffic Light Protocol) classification as white indicates that the information is publicly shareable without restrictions, supporting broad community awareness and response efforts.
Potential Impact
Due to the lack of detailed technical information and absence of known active exploitation, the immediate impact on European organizations is likely limited. However, the presence of malware-related IOCs in OSINT repositories can aid threat actors in reconnaissance or facilitate detection by defenders. If these IOCs correspond to emerging or evolving malware strains, organizations might face risks related to data confidentiality breaches, integrity violations, or service disruptions if the malware is deployed successfully. The medium severity rating suggests a moderate potential for harm, possibly through targeted attacks or lateral movement within networks. European organizations relying on threat intelligence feeds should integrate these IOCs into their detection systems to preemptively identify and mitigate infections. The impact could be more pronounced in sectors with high-value data or critical infrastructure, where malware infections can lead to operational downtime or data exfiltration.
Mitigation Recommendations
Given the nature of this threat as OSINT-derived IOCs without specific exploit details, mitigation should focus on enhancing detection and response capabilities. Organizations should: 1) Integrate the provided IOCs into Security Information and Event Management (SIEM) systems and Endpoint Detection and Response (EDR) tools to improve visibility. 2) Conduct regular threat hunting exercises using these IOCs to identify potential compromises early. 3) Maintain up-to-date asset inventories to prioritize monitoring of critical systems. 4) Employ network segmentation to limit malware propagation if an infection occurs. 5) Implement strict access controls and multi-factor authentication to reduce the risk of unauthorized access that could facilitate malware deployment. 6) Participate in information sharing communities to receive timely updates on evolving threats related to these IOCs. 7) Since no patches are indicated, focus on behavioral detection techniques and anomaly monitoring to identify suspicious activities associated with unknown or emerging malware.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
Indicators of Compromise
- hash: eee544ff3042ebe04bd12cd25fa5dfe417aa35fbe43017ee1eefbb62dee2df29
- hash: 144ba65dc861fc63f429d80864099985c3568c21f32b8d55a8a7790f38e5219d
- hash: de5518baf0b99db0b28298eea2aef803869c3a1f03e71fa6c14b2949a76b9b1e
- hash: 4f7efeb4937981b0612d730ee426cd82c8c8a0bd4feb746335f96ff09109fcac
- url: http://179.61.237.152:35225/
- file: 151.106.14.125
- hash: 6818
- url: http://45.135.132.19:57528/
- url: http://gccorps.com/chief/kev/fre.php
- url: http://45.150.67.203:48483/
- url: http://transcorpoil.com/dumbo/dumbo2/fre.php
- url: http://tor-project.ru/admin.php
- hash: cfc5fb8385f662b109c6cf866ff70e598964dd37dc3498d5bd45ad2c8f4c7d59
- hash: 6d2e3d20cb2290d280f12889dbe4608e4c4912b29a78d97282688be2135c7f04
- hash: 39802aee5a7eeccf481f0edd551b96e6aa545cf1a4e24a14b07d963733e470af
- hash: 7a691e1655dc6dfb8765947861eb93f9481471fa6833025c1f3066f540e64ffd
- file: 207.244.226.86
- hash: 5900
- hash: 4d0c7314a1dae4a0bcc378f5ea1a779db24f54be030c578fb93033322f814be2
- hash: 4285d1017228cfe56d6fabd267c201be184b070d06d20b3f353685c4b0173198
- hash: 672a61ad27f7bafa74b86dffa95262a18256d48cf3f1aa74c5b6907cefd9cad1
- hash: 664dad896f4788902922b89d7dec98ca505e38e44af0e8e1ba14ac866807785e
- hash: bde11e5f0bd0e97d5fec3572de59518b300d0a27602c25d9699d8fc030022cb1
- hash: 414d612f1134c580046095e37ead026b1c2fbfa31432e1ee662276286983fa24
- hash: 6682de57608d5aa3a9d08cc776c0fde40eac48ac8898a06ca35cf7449673098e
- hash: 760d24ae5e53825def7fee3baf4392c819f79f94d0dfa24f39a6cb21552dfaf7
- url: http://103.125.190.121:38988/
- hash: a3fbfab7f1a328a0117458513716fbf1f1b1b07e2ec58becbafcf81b4303a522
- hash: 43dcc1f0d42106ff7ef495eab5e88c20dcb0a514deff224cf03fae7fdcd99c33
- hash: 44b1d31dd7f0afeb4dc42929aeb5de9d82a614013893c1671597a021e9d654cc
- hash: 6c219118acdf6e43d54298e2a7c268c0877a4f31c207cd29d2e038a858cea9fe
- hash: 3118708b292765069f61fbdee3214a874a0dff7ab96b5f59d38a200f36d2e106
- hash: 0bf3061c504517cb6b9fdd10bffe01a18a310b7989d0228635b7295bc5211582
- hash: 2d9fe8ad296522b1d794302f416f0cde69ffd9d25caccf20576edaf271068178
- hash: 2a0b32b89de109d62f93c18ef2ba7e9fe92e99bef8df233a1dfc6f784e13f64b
- hash: 3a49c49284d6f3e229d262473c0d7e82255342c7c0dd4fe8ec88a813a9bc74fc
- hash: abe51892533bc6f1b2dd1df29cc65879c10239a62ebf16278cc25ac94ed41e65
- hash: 870eb8a97b16ac3b0f7c259a91be78b86778433e4e06d5f35ad2007427c28749
- hash: f1080d9ef479e5632f61d71bf3e58f5d1da96faed688c76fb58bc9050a3676c8
- url: http://212.86.102.153:40355/
- file: 138.197.161.207
- hash: 555
- url: http://80.89.230.172:3214/
- hash: 19b42120a5780f760f9eac6380293385b4fe4e626892741811aed00acce611e8
- hash: 63bff8c2dda2d7689d14aa820d5d68f6ce8032230fbec07a6ebee67282c68394
- hash: 53b95a34744278164828f2819b3733a9af538ad8c13be08a7668a6999bd1749c
- hash: ba79bb82c1994130078c82de0a0332460016e988ced75c4bb34d13a81f4f8bb4
- hash: 193c874495df60ae3e7b99436c7830fe56ae4223d9ff6afae7274765e1a11cfc
- hash: 2609a9cd5c6a41aed4e3465f4670b2a1f68b36ed188de68a66579bc7d1bce159
- hash: 07c5dd9b3305cc2c1f9d4f735cc9412c4f0664f1063cae4dc1aa673fd663a8b3
- hash: bd52197839d89a6a0326dd6f7dd0bae4f3b5e19d6e11759be1ab818a6d7cdc17
- url: http://solsex.duckdns.org/index.php
- hash: f18a9719d767a2be2f5a9c78e04dda71df60a5345156e997458cf91970fcf5b7
- hash: 62ecbb932e0211217f62bd0d3d5744a54104e2431e27ff7a7822a25d04a8581b
- hash: 86ae5b33931c65515c845dc921880f1a3c90fc756a75df7c839243f904123ed1
- hash: 5bdc5259703c04247d8fb65da833039b9149df10f4adbe1e27274bef66ec0ef0
- url: http://185.153.198.53:40355/
- url: http://lontor-tv.tk/max/index.php
- url: http://webtool.publicvm.com:7776/vre
- hash: f25528c7b818c788f0979ca27b3697f3d8b7cf3cb607fa443d374888a0b52208
- hash: a6007add3989a77400e4ab9120f7b80b54c70a3df5908f4ea3f1f4d37eab0bcc
- hash: 52a0451136f10436c0c03139d900855a141880389ca57e9a1472a01dc28c2c47
- hash: 75057e98634605cba07fd6df66647bbc4e2eec59dca9513fa9107bbab1b9eaf4
- url: http://178.20.40.83:81/
- file: 194.5.98.252
- hash: 4400
- url: http://fleximexi.ir/stan/panel/fre.php
- url: http://gjsd.xyz/my/five/fre.php
- url: https://fleximexi.ir/stan/panel/fre.php
- hash: 46ed80bd788670928f5d04217c0fda40c661a5a211f07ef6319188625303e646
- hash: 17e606baa0797fd83464d43902b1705226c1d03522dbf5aa9077fe6ef1ca55c6
- hash: 7ea0fdbc06262768e2ead0613ef5df8370035d0137209699f12057a54b27bd2e
- hash: 949cc432eed5b528c6306fc86ae31daf617615b404a7b0647146df0b38fc65ba
- hash: 510ea584db86799bd496b62e6c3da72c9f01b19527da0496ac6bf9f1ecd1733a
- hash: e484dd89ca41783addc420ae8b28e965997644a1bd7a9af1485dc239f21e2ac6
- hash: 6dd083c5799aa7dfd4c2abb635a1a8bd738becfe8ff1b0a58b389888d17cdfd4
- hash: 4b46f30b9c687d55d3bc1ac59d4affabe44da32a45fea61e8c264c4106e9137e
- url: http://cfsmarthome.net/0/
- url: http://transcorpoil.com/dumbo/dumbo1/fre.php
- file: 79.134.225.82
- hash: 3003
- file: 105.103.36.53
- hash: 5552
- url: http://51.195.53.221/p.php/7mptlmod4nasj
- hash: a0c4ca658d66e26df505f94705577ed5d535a2c7e031774a81df7f2c06332dd5
- hash: 64dc798b371c2bcdf803f695875aa351f46edb7248b3652bfc53a1a29889d801
- hash: 2dd7c5d4775a5721fecfbfa53b572316c5d1baa9a244229861091785eb8d8e7a
- hash: 90dcd4ef8d87eba6a65ac25459b910eb764c8a6ac70dc0416edc90d3518186c1
- url: http://techregistrationapp.xyz/111/index.php
- url: http://108.170.27.74:40355/
- hash: 8261a249101f3cfc530438360523c7e544747d38d1c18313d9703afef20341be
- hash: 9b438cfef66666b1c6513dab7cefd8f984621eaa1206272998215e9b445090fe
- hash: a96fef841de9e7178b9c0ab7db37aa853f7a9fd84624d2a6e0f439a5f5632ddc
- hash: 4d1ca04d04f5d34e63dfd57b2dfb8dbbd7224afaa83baf91529828de275af203
- file: 41.251.51.168
- hash: 81
- url: http://80.92.206.128/
- hash: a5a5ba1de4aa6246b7c396116caef016b1981b7dcb752c5cd9e246becfb92519
- hash: 3f38b46b08de629bcda08b82cc6a70dfafc1ad844313d65c4cbacb19f096cd1b
- hash: d765fc981d3265369710aaea69d851c960510eb9ddda2aaa92cdac484516c818
- hash: 649b096d1faa2b22035123067642a198ae11a5901a67f3157de5a638dd848827
- hash: 50f3e0b37f58f1d7a8de848fb66749f6c93651d0c6fa37e0cdc8f888c68a877d
- hash: 31b3cedda2035b9710e9e5d94aff7e38d72e784014fe02f7aca8b28263020b96
- hash: 34cd128bb2875da4adf969c124a5b3648654c36814cae5a35e8c3076f239ee79
- hash: d200923ad5b07e7fac6903cb79b909e29e40bc523f6713a10832864dca3231af
- file: 45.133.1.98
- hash: 80
- url: http://63e2e5290bcf.ngrok.io/gate.php
- hash: 2bdd55d368125b72136a39db1870bf5f
- hash: e93da9968d652948fa74b8898ed7d168
- file: 51.103.81.8
- hash: 6701
- hash: afe4ae071261d7c5e03b4e96e253182a270d1e2c4f772d4d947e5d5cf3005984
- hash: 66e8b0645ab5d9a707a753d4abb9878fd03dd05138445f22bafba76e3c007397
- hash: 97ff929ee442194764c50634c91ddc16739424c6eacf90383cb36a4a4210d074
- hash: 1007436b40db380f98ecff247e87e62d15507ed94859d55e89ff557b247219a1
- hash: 7d4291707493bc84921a0832f42340e5377d0e58ce15e43a066ebd03f0c7c413
- hash: aeafb7e4c801bb5a7a94dacfbdbbb6ec96feeb78ef78d0e92f830d2dc666cf89
- hash: 56b01bb8df6e581530aee7ab1721348bc0839ee6ce1384c5c0de9ae1193569ca
- hash: 2b0525261693bab30aa2a957bc01e2db908ee17194e14da77c45a2767c72a715
- hash: c7d1bb6679ff60e773577753b44b6dde9ce64521e241adfce7719d8cf7600db2
- hash: 7dc5a4022697c9ff17a6cb0caffa2c4b49eb0f48459fc3a0f43d17ee15e5986b
- hash: 29cdd1b6c029cd7c8913d393172dff243d150aa8415699a59c3eebcf76a457e1
- hash: b56bb0b9e676f4014d24762d8116da74e6c93c0a27f5ea0309a13854360de469
- hash: a46ae8264e5f9bfa7edd80062cfd04169b19468ca308d6ffd1da00b6ea374ea3
- hash: 8cdd5e9998109a12d49b6a226723f5c712c0ad44d0788b30eda8a69ff6a47c7d
- hash: a9e5ea46d5b0dbd4b480b3002c9fe74bfe1b83e9297d4ecef3a9cd514124addb
- hash: 7cbc1d9601c932a14c4bbf2fba67b5c417087cb5dacf0eb2dff743e77af2d380
- hash: 8fb2a899e6622a2ddc7989121174bea2b7756f3f56f64f42dc6ef875d19ce919
- hash: 763760654cb0255fe852dc06bfb80c3e9453b084e8355f3284cbd8cc6756a9ac
- hash: 067173ee180295fa8ab38ce36f7fac2c29aa554e8d814054c549f443ce33a4ed
- hash: f6f9ebd698ebe9f406129b21c3c393e2d754d156939d09c6db05f91fdda2c354
- hash: 2302969f8ff5abb62c46d76a401ee04542ecfdce39eea660d65afefef6d787ce
- url: http://thutalo.xyz/
- url: http://trabajovalle2019.duckdns.org:2040/is-ready
- hash: be20bd1ecf2437142a0901b8ee1b3872e9fa59cb3c9086c2f938d2909dd2a77b
- hash: 1dca4ceafb673bd9a7bc6d6937caa6ec17dcfde6ca516b87b40ca58808a86915
- hash: 61c92744a7657638808df9b717538a0c231dabd1ecf94b6d8407854bc6630b16
- hash: b3255f3b9861fec3df96f6703a250cfafa3b8f7bcfddd5a427c3bafc0b1e8564
- file: 181.131.216.190
- hash: 6699
- file: 18.184.222.225
- hash: 41432
- url: http://45.138.157.212:40355/
- hash: 635f2f8b772134b31fbd79fbf89ba905ac97d9726ec5a321dd099d0099f9c744
- hash: 2a7e1aa7c2d36dad17c48acc64f5c9dab742c3500fed00aa13fbd37026a5127e
- hash: 10d40d8ea3d7b67007bcba4f2286e136579e28c2a14c207ed522dde9063994e5
- hash: 0475dcef4d6fc67ab5e320b708be670a65901ec2840e26d7c5dfa0b20573149f
- url: http://privatecyber.site/index.php
- domain: gotoregt.space
- domain: brannon-powlowski25d.xyz
- domain: crooks-cooper24g.xyz
- domain: dennis-hill25lw.xyz
- domain: hprosacco25i.xyz
- domain: kassandra5024d.xyz
- domain: rgleason25s.xyz
- domain: rosenbaum-jaida24nz.xyz
- domain: treutel-jamir25ju.xyz
- domain: xherzog24pv.xyz
- url: http://hprosacco25i.xyz/gera.gif
- url: http://rosenbaum-jaida24nz.xyz/grays.gif
- url: http://treutel-jamir25ju.xyz/gera.gif
- url: http://rgleason25s.xyz/gera.gif
- url: http://xherzog24pv.xyz/grays.gif
- url: http://brannon-powlowski25d.xyz/gera.gif
- url: http://crooks-cooper24g.xyz/grays.gif
- url: http://dennis-hill25lw.xyz/gera.gif
- file: 105.103.36.53
- hash: 5555
- hash: d772357dab7ae7cfdb6fc5704562b3c1
- hash: 848f4d3a9ce6780b700dfb571643d64c
- file: 194.5.98.46
- hash: 8989
- hash: c702357f6dcd685e57710cd9ad49173d7a2e2b611d02096c78b8d41a436f28c3
- hash: 70a177f2081e4309fe611ae906a218ba1c76dc8ca3c7292e457642f30073f260
- hash: fd46fe4418f63fd2193260202a29c185301dab46dd6f1e93f80d0e44bfa1a6a3
- hash: cb4289f6e76a293f1f83b86afbf08373bac7e77de9b00a2c6394b481ff245a3f
- hash: 85703e12da9b03c01beeca428bab091b0f790d26f789bdc0beee75cab764f3d2
- hash: 81e32711095862add92b6628569a86fad212e146dc41bc757ffff338799582a4
- hash: 5abfc494ba3349092a27515acc133396d2814e0ced938746519b634ab71e7b29
- url: http://194.156.98.159:3214/
- url: http://45.144.29.195:52455/
- file: 38.89.142.205
- hash: 1414
- hash: 67fe9d567c544348a1c011b53d13673a883b9bca447063d1c57293d7ccf9e867
- hash: 555696b26eb29307cd01e024e80185dfac8845505f172e11899cf1b0598e2ce4
- hash: 33d25fec49fdf04d74f2f29b3931e311e7d30dbee7d77572565e315a4e9bca95
- hash: fca5301a571788fe225a5ae2169e19b0bbb1d244bc85ca2be2131618a78860bb
- url: http://miwnenalita.xyz/
- url: http://178.20.40.164:3214/
- url: http://umbrelladownload.uno:40355/
ThreatFox IOCs for 2021-03-25
Description
ThreatFox IOCs for 2021-03-25
AI-Powered Analysis
Technical Analysis
The provided threat intelligence entry pertains to a set of Indicators of Compromise (IOCs) collected and shared via ThreatFox on March 25, 2021. The threat is categorized as malware-related and is associated with OSINT (Open Source Intelligence) data. However, the information lacks specific details about the malware family, attack vectors, affected software versions, or technical indicators such as hashes, IP addresses, or domains. The threat level is indicated as 2 on an unspecified scale, with a distribution rating of 3, suggesting moderate dissemination or sharing within the community. There are no known exploits in the wild linked to this threat, and no patches or mitigations are directly referenced. The absence of CWE identifiers and detailed technical analysis limits the ability to precisely characterize the malware's behavior, infection mechanisms, or payload impact. Given the nature of the data as OSINT-derived IOCs, this entry likely serves as a repository or alert for security teams to enhance detection capabilities rather than signaling an active, widespread attack campaign. The TLP (Traffic Light Protocol) classification as white indicates that the information is publicly shareable without restrictions, supporting broad community awareness and response efforts.
Potential Impact
Due to the lack of detailed technical information and absence of known active exploitation, the immediate impact on European organizations is likely limited. However, the presence of malware-related IOCs in OSINT repositories can aid threat actors in reconnaissance or facilitate detection by defenders. If these IOCs correspond to emerging or evolving malware strains, organizations might face risks related to data confidentiality breaches, integrity violations, or service disruptions if the malware is deployed successfully. The medium severity rating suggests a moderate potential for harm, possibly through targeted attacks or lateral movement within networks. European organizations relying on threat intelligence feeds should integrate these IOCs into their detection systems to preemptively identify and mitigate infections. The impact could be more pronounced in sectors with high-value data or critical infrastructure, where malware infections can lead to operational downtime or data exfiltration.
Mitigation Recommendations
Given the nature of this threat as OSINT-derived IOCs without specific exploit details, mitigation should focus on enhancing detection and response capabilities. Organizations should: 1) Integrate the provided IOCs into Security Information and Event Management (SIEM) systems and Endpoint Detection and Response (EDR) tools to improve visibility. 2) Conduct regular threat hunting exercises using these IOCs to identify potential compromises early. 3) Maintain up-to-date asset inventories to prioritize monitoring of critical systems. 4) Employ network segmentation to limit malware propagation if an infection occurs. 5) Implement strict access controls and multi-factor authentication to reduce the risk of unauthorized access that could facilitate malware deployment. 6) Participate in information sharing communities to receive timely updates on evolving threats related to these IOCs. 7) Since no patches are indicated, focus on behavioral detection techniques and anomaly monitoring to identify suspicious activities associated with unknown or emerging malware.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 0eb59a25-2cab-4ac6-8c0d-b4f600440e10
- Original Timestamp
- 1616716981
Indicators of Compromise
Hash
Value | Description | Copy |
---|---|---|
hasheee544ff3042ebe04bd12cd25fa5dfe417aa35fbe43017ee1eefbb62dee2df29 | Glupteba payload (confidence level: 50%) | |
hash144ba65dc861fc63f429d80864099985c3568c21f32b8d55a8a7790f38e5219d | Glupteba payload (confidence level: 50%) | |
hashde5518baf0b99db0b28298eea2aef803869c3a1f03e71fa6c14b2949a76b9b1e | Glupteba payload (confidence level: 50%) | |
hash4f7efeb4937981b0612d730ee426cd82c8c8a0bd4feb746335f96ff09109fcac | Glupteba payload (confidence level: 50%) | |
hash6818 | Crimson RAT botnet C2 server (confidence level: 100%) | |
hashcfc5fb8385f662b109c6cf866ff70e598964dd37dc3498d5bd45ad2c8f4c7d59 | Phobos Ransomware payload (confidence level: 50%) | |
hash6d2e3d20cb2290d280f12889dbe4608e4c4912b29a78d97282688be2135c7f04 | Phobos Ransomware payload (confidence level: 50%) | |
hash39802aee5a7eeccf481f0edd551b96e6aa545cf1a4e24a14b07d963733e470af | Phobos Ransomware payload (confidence level: 50%) | |
hash7a691e1655dc6dfb8765947861eb93f9481471fa6833025c1f3066f540e64ffd | Phobos Ransomware payload (confidence level: 50%) | |
hash5900 | NetWire RC botnet C2 server (confidence level: 100%) | |
hash4d0c7314a1dae4a0bcc378f5ea1a779db24f54be030c578fb93033322f814be2 | Agent Tesla payload (confidence level: 50%) | |
hash4285d1017228cfe56d6fabd267c201be184b070d06d20b3f353685c4b0173198 | Agent Tesla payload (confidence level: 50%) | |
hash672a61ad27f7bafa74b86dffa95262a18256d48cf3f1aa74c5b6907cefd9cad1 | Agent Tesla payload (confidence level: 50%) | |
hash664dad896f4788902922b89d7dec98ca505e38e44af0e8e1ba14ac866807785e | Agent Tesla payload (confidence level: 50%) | |
hashbde11e5f0bd0e97d5fec3572de59518b300d0a27602c25d9699d8fc030022cb1 | Formbook payload (confidence level: 50%) | |
hash414d612f1134c580046095e37ead026b1c2fbfa31432e1ee662276286983fa24 | Formbook payload (confidence level: 50%) | |
hash6682de57608d5aa3a9d08cc776c0fde40eac48ac8898a06ca35cf7449673098e | Formbook payload (confidence level: 50%) | |
hash760d24ae5e53825def7fee3baf4392c819f79f94d0dfa24f39a6cb21552dfaf7 | Formbook payload (confidence level: 50%) | |
hasha3fbfab7f1a328a0117458513716fbf1f1b1b07e2ec58becbafcf81b4303a522 | Glupteba payload (confidence level: 50%) | |
hash43dcc1f0d42106ff7ef495eab5e88c20dcb0a514deff224cf03fae7fdcd99c33 | Glupteba payload (confidence level: 50%) | |
hash44b1d31dd7f0afeb4dc42929aeb5de9d82a614013893c1671597a021e9d654cc | Glupteba payload (confidence level: 50%) | |
hash6c219118acdf6e43d54298e2a7c268c0877a4f31c207cd29d2e038a858cea9fe | Glupteba payload (confidence level: 50%) | |
hash3118708b292765069f61fbdee3214a874a0dff7ab96b5f59d38a200f36d2e106 | SmokeLoader payload (confidence level: 50%) | |
hash0bf3061c504517cb6b9fdd10bffe01a18a310b7989d0228635b7295bc5211582 | SmokeLoader payload (confidence level: 50%) | |
hash2d9fe8ad296522b1d794302f416f0cde69ffd9d25caccf20576edaf271068178 | SmokeLoader payload (confidence level: 50%) | |
hash2a0b32b89de109d62f93c18ef2ba7e9fe92e99bef8df233a1dfc6f784e13f64b | SmokeLoader payload (confidence level: 50%) | |
hash3a49c49284d6f3e229d262473c0d7e82255342c7c0dd4fe8ec88a813a9bc74fc | Agent Tesla payload (confidence level: 50%) | |
hashabe51892533bc6f1b2dd1df29cc65879c10239a62ebf16278cc25ac94ed41e65 | Agent Tesla payload (confidence level: 50%) | |
hash870eb8a97b16ac3b0f7c259a91be78b86778433e4e06d5f35ad2007427c28749 | Agent Tesla payload (confidence level: 50%) | |
hashf1080d9ef479e5632f61d71bf3e58f5d1da96faed688c76fb58bc9050a3676c8 | Agent Tesla payload (confidence level: 50%) | |
hash555 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash19b42120a5780f760f9eac6380293385b4fe4e626892741811aed00acce611e8 | Nanocore RAT payload (confidence level: 50%) | |
hash63bff8c2dda2d7689d14aa820d5d68f6ce8032230fbec07a6ebee67282c68394 | Nanocore RAT payload (confidence level: 50%) | |
hash53b95a34744278164828f2819b3733a9af538ad8c13be08a7668a6999bd1749c | Nanocore RAT payload (confidence level: 50%) | |
hashba79bb82c1994130078c82de0a0332460016e988ced75c4bb34d13a81f4f8bb4 | Nanocore RAT payload (confidence level: 50%) | |
hash193c874495df60ae3e7b99436c7830fe56ae4223d9ff6afae7274765e1a11cfc | Agent Tesla payload (confidence level: 50%) | |
hash2609a9cd5c6a41aed4e3465f4670b2a1f68b36ed188de68a66579bc7d1bce159 | Agent Tesla payload (confidence level: 50%) | |
hash07c5dd9b3305cc2c1f9d4f735cc9412c4f0664f1063cae4dc1aa673fd663a8b3 | Agent Tesla payload (confidence level: 50%) | |
hashbd52197839d89a6a0326dd6f7dd0bae4f3b5e19d6e11759be1ab818a6d7cdc17 | Agent Tesla payload (confidence level: 50%) | |
hashf18a9719d767a2be2f5a9c78e04dda71df60a5345156e997458cf91970fcf5b7 | DanaBot payload (confidence level: 50%) | |
hash62ecbb932e0211217f62bd0d3d5744a54104e2431e27ff7a7822a25d04a8581b | DanaBot payload (confidence level: 50%) | |
hash86ae5b33931c65515c845dc921880f1a3c90fc756a75df7c839243f904123ed1 | DanaBot payload (confidence level: 50%) | |
hash5bdc5259703c04247d8fb65da833039b9149df10f4adbe1e27274bef66ec0ef0 | DanaBot payload (confidence level: 50%) | |
hashf25528c7b818c788f0979ca27b3697f3d8b7cf3cb607fa443d374888a0b52208 | Azorult payload (confidence level: 50%) | |
hasha6007add3989a77400e4ab9120f7b80b54c70a3df5908f4ea3f1f4d37eab0bcc | Azorult payload (confidence level: 50%) | |
hash52a0451136f10436c0c03139d900855a141880389ca57e9a1472a01dc28c2c47 | Azorult payload (confidence level: 50%) | |
hash75057e98634605cba07fd6df66647bbc4e2eec59dca9513fa9107bbab1b9eaf4 | Azorult payload (confidence level: 50%) | |
hash4400 | BitRAT botnet C2 server (confidence level: 100%) | |
hash46ed80bd788670928f5d04217c0fda40c661a5a211f07ef6319188625303e646 | Formbook payload (confidence level: 50%) | |
hash17e606baa0797fd83464d43902b1705226c1d03522dbf5aa9077fe6ef1ca55c6 | Formbook payload (confidence level: 50%) | |
hash7ea0fdbc06262768e2ead0613ef5df8370035d0137209699f12057a54b27bd2e | Formbook payload (confidence level: 50%) | |
hash949cc432eed5b528c6306fc86ae31daf617615b404a7b0647146df0b38fc65ba | Formbook payload (confidence level: 50%) | |
hash510ea584db86799bd496b62e6c3da72c9f01b19527da0496ac6bf9f1ecd1733a | Agent Tesla payload (confidence level: 50%) | |
hashe484dd89ca41783addc420ae8b28e965997644a1bd7a9af1485dc239f21e2ac6 | Agent Tesla payload (confidence level: 50%) | |
hash6dd083c5799aa7dfd4c2abb635a1a8bd738becfe8ff1b0a58b389888d17cdfd4 | Agent Tesla payload (confidence level: 50%) | |
hash4b46f30b9c687d55d3bc1ac59d4affabe44da32a45fea61e8c264c4106e9137e | Agent Tesla payload (confidence level: 50%) | |
hash3003 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash5552 | NjRAT botnet C2 server (confidence level: 100%) | |
hasha0c4ca658d66e26df505f94705577ed5d535a2c7e031774a81df7f2c06332dd5 | Nanocore RAT payload (confidence level: 50%) | |
hash64dc798b371c2bcdf803f695875aa351f46edb7248b3652bfc53a1a29889d801 | Nanocore RAT payload (confidence level: 50%) | |
hash2dd7c5d4775a5721fecfbfa53b572316c5d1baa9a244229861091785eb8d8e7a | Nanocore RAT payload (confidence level: 50%) | |
hash90dcd4ef8d87eba6a65ac25459b910eb764c8a6ac70dc0416edc90d3518186c1 | Nanocore RAT payload (confidence level: 50%) | |
hash8261a249101f3cfc530438360523c7e544747d38d1c18313d9703afef20341be | Formbook payload (confidence level: 50%) | |
hash9b438cfef66666b1c6513dab7cefd8f984621eaa1206272998215e9b445090fe | Formbook payload (confidence level: 50%) | |
hasha96fef841de9e7178b9c0ab7db37aa853f7a9fd84624d2a6e0f439a5f5632ddc | Formbook payload (confidence level: 50%) | |
hash4d1ca04d04f5d34e63dfd57b2dfb8dbbd7224afaa83baf91529828de275af203 | Formbook payload (confidence level: 50%) | |
hash81 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hasha5a5ba1de4aa6246b7c396116caef016b1981b7dcb752c5cd9e246becfb92519 | Agent Tesla payload (confidence level: 50%) | |
hash3f38b46b08de629bcda08b82cc6a70dfafc1ad844313d65c4cbacb19f096cd1b | Agent Tesla payload (confidence level: 50%) | |
hashd765fc981d3265369710aaea69d851c960510eb9ddda2aaa92cdac484516c818 | Agent Tesla payload (confidence level: 50%) | |
hash649b096d1faa2b22035123067642a198ae11a5901a67f3157de5a638dd848827 | Agent Tesla payload (confidence level: 50%) | |
hash50f3e0b37f58f1d7a8de848fb66749f6c93651d0c6fa37e0cdc8f888c68a877d | Agent Tesla payload (confidence level: 50%) | |
hash31b3cedda2035b9710e9e5d94aff7e38d72e784014fe02f7aca8b28263020b96 | Agent Tesla payload (confidence level: 50%) | |
hash34cd128bb2875da4adf969c124a5b3648654c36814cae5a35e8c3076f239ee79 | Agent Tesla payload (confidence level: 50%) | |
hashd200923ad5b07e7fac6903cb79b909e29e40bc523f6713a10832864dca3231af | Agent Tesla payload (confidence level: 50%) | |
hash80 | BlackNET RAT botnet C2 server (confidence level: 75%) | |
hash2bdd55d368125b72136a39db1870bf5f | Azorult payload (confidence level: 50%) | |
hashe93da9968d652948fa74b8898ed7d168 | Agent Tesla payload (confidence level: 50%) | |
hash6701 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hashafe4ae071261d7c5e03b4e96e253182a270d1e2c4f772d4d947e5d5cf3005984 | ISFB payload (confidence level: 50%) | |
hash66e8b0645ab5d9a707a753d4abb9878fd03dd05138445f22bafba76e3c007397 | Agent Tesla payload (confidence level: 50%) | |
hash97ff929ee442194764c50634c91ddc16739424c6eacf90383cb36a4a4210d074 | Agent Tesla payload (confidence level: 50%) | |
hash1007436b40db380f98ecff247e87e62d15507ed94859d55e89ff557b247219a1 | Agent Tesla payload (confidence level: 50%) | |
hash7d4291707493bc84921a0832f42340e5377d0e58ce15e43a066ebd03f0c7c413 | Agent Tesla payload (confidence level: 50%) | |
hashaeafb7e4c801bb5a7a94dacfbdbbb6ec96feeb78ef78d0e92f830d2dc666cf89 | Agent Tesla payload (confidence level: 50%) | |
hash56b01bb8df6e581530aee7ab1721348bc0839ee6ce1384c5c0de9ae1193569ca | Agent Tesla payload (confidence level: 50%) | |
hash2b0525261693bab30aa2a957bc01e2db908ee17194e14da77c45a2767c72a715 | Agent Tesla payload (confidence level: 50%) | |
hashc7d1bb6679ff60e773577753b44b6dde9ce64521e241adfce7719d8cf7600db2 | Agent Tesla payload (confidence level: 50%) | |
hash7dc5a4022697c9ff17a6cb0caffa2c4b49eb0f48459fc3a0f43d17ee15e5986b | Agent Tesla payload (confidence level: 50%) | |
hash29cdd1b6c029cd7c8913d393172dff243d150aa8415699a59c3eebcf76a457e1 | Agent Tesla payload (confidence level: 50%) | |
hashb56bb0b9e676f4014d24762d8116da74e6c93c0a27f5ea0309a13854360de469 | Agent Tesla payload (confidence level: 50%) | |
hasha46ae8264e5f9bfa7edd80062cfd04169b19468ca308d6ffd1da00b6ea374ea3 | Formbook payload (confidence level: 50%) | |
hash8cdd5e9998109a12d49b6a226723f5c712c0ad44d0788b30eda8a69ff6a47c7d | Agent Tesla payload (confidence level: 50%) | |
hasha9e5ea46d5b0dbd4b480b3002c9fe74bfe1b83e9297d4ecef3a9cd514124addb | Formbook payload (confidence level: 50%) | |
hash7cbc1d9601c932a14c4bbf2fba67b5c417087cb5dacf0eb2dff743e77af2d380 | Formbook payload (confidence level: 50%) | |
hash8fb2a899e6622a2ddc7989121174bea2b7756f3f56f64f42dc6ef875d19ce919 | Formbook payload (confidence level: 50%) | |
hash763760654cb0255fe852dc06bfb80c3e9453b084e8355f3284cbd8cc6756a9ac | Agent Tesla payload (confidence level: 50%) | |
hash067173ee180295fa8ab38ce36f7fac2c29aa554e8d814054c549f443ce33a4ed | Agent Tesla payload (confidence level: 50%) | |
hashf6f9ebd698ebe9f406129b21c3c393e2d754d156939d09c6db05f91fdda2c354 | Agent Tesla payload (confidence level: 50%) | |
hash2302969f8ff5abb62c46d76a401ee04542ecfdce39eea660d65afefef6d787ce | Agent Tesla payload (confidence level: 50%) | |
hashbe20bd1ecf2437142a0901b8ee1b3872e9fa59cb3c9086c2f938d2909dd2a77b | Nanocore RAT payload (confidence level: 50%) | |
hash1dca4ceafb673bd9a7bc6d6937caa6ec17dcfde6ca516b87b40ca58808a86915 | Nanocore RAT payload (confidence level: 50%) | |
hash61c92744a7657638808df9b717538a0c231dabd1ecf94b6d8407854bc6630b16 | Nanocore RAT payload (confidence level: 50%) | |
hashb3255f3b9861fec3df96f6703a250cfafa3b8f7bcfddd5a427c3bafc0b1e8564 | Nanocore RAT payload (confidence level: 50%) | |
hash6699 | NjRAT botnet C2 server (confidence level: 100%) | |
hash41432 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash635f2f8b772134b31fbd79fbf89ba905ac97d9726ec5a321dd099d0099f9c744 | Agent Tesla payload (confidence level: 50%) | |
hash2a7e1aa7c2d36dad17c48acc64f5c9dab742c3500fed00aa13fbd37026a5127e | Agent Tesla payload (confidence level: 50%) | |
hash10d40d8ea3d7b67007bcba4f2286e136579e28c2a14c207ed522dde9063994e5 | Agent Tesla payload (confidence level: 50%) | |
hash0475dcef4d6fc67ab5e320b708be670a65901ec2840e26d7c5dfa0b20573149f | Agent Tesla payload (confidence level: 50%) | |
hash5555 | NjRAT botnet C2 server (confidence level: 100%) | |
hashd772357dab7ae7cfdb6fc5704562b3c1 | Agent Tesla payload (confidence level: 50%) | |
hash848f4d3a9ce6780b700dfb571643d64c | Agent Tesla payload (confidence level: 50%) | |
hash8989 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hashc702357f6dcd685e57710cd9ad49173d7a2e2b611d02096c78b8d41a436f28c3 | NjRAT payload (confidence level: 50%) | |
hash70a177f2081e4309fe611ae906a218ba1c76dc8ca3c7292e457642f30073f260 | NjRAT payload (confidence level: 50%) | |
hashfd46fe4418f63fd2193260202a29c185301dab46dd6f1e93f80d0e44bfa1a6a3 | NjRAT payload (confidence level: 50%) | |
hashcb4289f6e76a293f1f83b86afbf08373bac7e77de9b00a2c6394b481ff245a3f | Glupteba payload (confidence level: 50%) | |
hash85703e12da9b03c01beeca428bab091b0f790d26f789bdc0beee75cab764f3d2 | Glupteba payload (confidence level: 50%) | |
hash81e32711095862add92b6628569a86fad212e146dc41bc757ffff338799582a4 | Glupteba payload (confidence level: 50%) | |
hash5abfc494ba3349092a27515acc133396d2814e0ced938746519b634ab71e7b29 | Glupteba payload (confidence level: 50%) | |
hash1414 | NjRAT botnet C2 server (confidence level: 100%) | |
hash67fe9d567c544348a1c011b53d13673a883b9bca447063d1c57293d7ccf9e867 | RedLine Stealer payload (confidence level: 50%) | |
hash555696b26eb29307cd01e024e80185dfac8845505f172e11899cf1b0598e2ce4 | RedLine Stealer payload (confidence level: 50%) | |
hash33d25fec49fdf04d74f2f29b3931e311e7d30dbee7d77572565e315a4e9bca95 | RedLine Stealer payload (confidence level: 50%) | |
hashfca5301a571788fe225a5ae2169e19b0bbb1d244bc85ca2be2131618a78860bb | RedLine Stealer payload (confidence level: 50%) |
Url
Value | Description | Copy |
---|---|---|
urlhttp://179.61.237.152:35225/ | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttp://45.135.132.19:57528/ | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttp://gccorps.com/chief/kev/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://45.150.67.203:48483/ | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttp://transcorpoil.com/dumbo/dumbo2/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://tor-project.ru/admin.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://103.125.190.121:38988/ | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttp://212.86.102.153:40355/ | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttp://80.89.230.172:3214/ | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttp://solsex.duckdns.org/index.php | Azorult botnet C2 (confidence level: 100%) | |
urlhttp://185.153.198.53:40355/ | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttp://lontor-tv.tk/max/index.php | Azorult botnet C2 (confidence level: 75%) | |
urlhttp://webtool.publicvm.com:7776/vre | Vjw0rm botnet C2 (confidence level: 100%) | |
urlhttp://178.20.40.83:81/ | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttp://fleximexi.ir/stan/panel/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://gjsd.xyz/my/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttps://fleximexi.ir/stan/panel/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttp://cfsmarthome.net/0/ | SmokeLoader botnet C2 (confidence level: 75%) | |
urlhttp://transcorpoil.com/dumbo/dumbo1/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://51.195.53.221/p.php/7mptlmod4nasj | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://techregistrationapp.xyz/111/index.php | Azorult botnet C2 (confidence level: 100%) | |
urlhttp://108.170.27.74:40355/ | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttp://80.92.206.128/ | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttp://63e2e5290bcf.ngrok.io/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://thutalo.xyz/ | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttp://trabajovalle2019.duckdns.org:2040/is-ready | Houdini botnet C2 (confidence level: 100%) | |
urlhttp://45.138.157.212:40355/ | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttp://privatecyber.site/index.php | Azorult botnet C2 (confidence level: 100%) | |
urlhttp://hprosacco25i.xyz/gera.gif | IcedID payload delivery URL (confidence level: 100%) | |
urlhttp://rosenbaum-jaida24nz.xyz/grays.gif | IcedID payload delivery URL (confidence level: 100%) | |
urlhttp://treutel-jamir25ju.xyz/gera.gif | IcedID payload delivery URL (confidence level: 100%) | |
urlhttp://rgleason25s.xyz/gera.gif | IcedID payload delivery URL (confidence level: 100%) | |
urlhttp://xherzog24pv.xyz/grays.gif | IcedID payload delivery URL (confidence level: 100%) | |
urlhttp://brannon-powlowski25d.xyz/gera.gif | IcedID payload delivery URL (confidence level: 100%) | |
urlhttp://crooks-cooper24g.xyz/grays.gif | IcedID payload delivery URL (confidence level: 100%) | |
urlhttp://dennis-hill25lw.xyz/gera.gif | IcedID payload delivery URL (confidence level: 100%) | |
urlhttp://194.156.98.159:3214/ | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttp://45.144.29.195:52455/ | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttp://miwnenalita.xyz/ | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttp://178.20.40.164:3214/ | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttp://umbrelladownload.uno:40355/ | RedLine Stealer botnet C2 (confidence level: 100%) |
File
Value | Description | Copy |
---|---|---|
file151.106.14.125 | Crimson RAT botnet C2 server (confidence level: 100%) | |
file207.244.226.86 | NetWire RC botnet C2 server (confidence level: 100%) | |
file138.197.161.207 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file194.5.98.252 | BitRAT botnet C2 server (confidence level: 100%) | |
file79.134.225.82 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file105.103.36.53 | NjRAT botnet C2 server (confidence level: 100%) | |
file41.251.51.168 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.133.1.98 | BlackNET RAT botnet C2 server (confidence level: 75%) | |
file51.103.81.8 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file181.131.216.190 | NjRAT botnet C2 server (confidence level: 100%) | |
file18.184.222.225 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file105.103.36.53 | NjRAT botnet C2 server (confidence level: 100%) | |
file194.5.98.46 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file38.89.142.205 | NjRAT botnet C2 server (confidence level: 100%) |
Domain
Value | Description | Copy |
---|---|---|
domaingotoregt.space | Gozi botnet C2 domain (confidence level: 100%) | |
domainbrannon-powlowski25d.xyz | IcedID payload delivery domain (confidence level: 100%) | |
domaincrooks-cooper24g.xyz | IcedID payload delivery domain (confidence level: 100%) | |
domaindennis-hill25lw.xyz | IcedID payload delivery domain (confidence level: 100%) | |
domainhprosacco25i.xyz | IcedID payload delivery domain (confidence level: 100%) | |
domainkassandra5024d.xyz | IcedID payload delivery domain (confidence level: 100%) | |
domainrgleason25s.xyz | IcedID payload delivery domain (confidence level: 100%) | |
domainrosenbaum-jaida24nz.xyz | IcedID payload delivery domain (confidence level: 100%) | |
domaintreutel-jamir25ju.xyz | IcedID payload delivery domain (confidence level: 100%) | |
domainxherzog24pv.xyz | IcedID payload delivery domain (confidence level: 100%) |
Threat ID: 682b7ba2d3ddd8cef2e770b1
Added to database: 5/19/2025, 6:42:42 PM
Last enriched: 6/18/2025, 7:48:30 PM
Last updated: 7/29/2025, 2:57:17 PM
Views: 7
Related Threats
ThreatFox IOCs for 2025-08-03
MediumThreatFox IOCs for 2025-08-02
MediumNew Attack Uses Windows Shortcut Files to Install REMCOS Backdoor
MediumMalicious AI-generated npm package hits Solana users
MediumThreatFox IOCs for 2025-08-01
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.