ThreatFox IOCs for 2021-03-25

Severity: mediumType: malware

AI Analysis

Technical Summary

The provided threat intelligence entry pertains to a set of Indicators of Compromise (IOCs) collected and shared via ThreatFox on March 25, 2021. The threat is categorized as malware-related and is associated with OSINT (Open Source Intelligence) data. However, the information lacks specific details about the malware family, attack vectors, affected software versions, or technical indicators such as hashes, IP addresses, or domains. The threat level is indicated as 2 on an unspecified scale, with a distribution rating of 3, suggesting moderate dissemination or sharing within the community. There are no known exploits in the wild linked to this threat, and no patches or mitigations are directly referenced. The absence of CWE identifiers and detailed technical analysis limits the ability to precisely characterize the malware's behavior, infection mechanisms, or payload impact. Given the nature of the data as OSINT-derived IOCs, this entry likely serves as a repository or alert for security teams to enhance detection capabilities rather than signaling an active, widespread attack campaign. The TLP (Traffic Light Protocol) classification as white indicates that the information is publicly shareable without restrictions, supporting broad community awareness and response efforts.

Potential Impact

Due to the lack of detailed technical information and absence of known active exploitation, the immediate impact on European organizations is likely limited. However, the presence of malware-related IOCs in OSINT repositories can aid threat actors in reconnaissance or facilitate detection by defenders. If these IOCs correspond to emerging or evolving malware strains, organizations might face risks related to data confidentiality breaches, integrity violations, or service disruptions if the malware is deployed successfully. The medium severity rating suggests a moderate potential for harm, possibly through targeted attacks or lateral movement within networks. European organizations relying on threat intelligence feeds should integrate these IOCs into their detection systems to preemptively identify and mitigate infections. The impact could be more pronounced in sectors with high-value data or critical infrastructure, where malware infections can lead to operational downtime or data exfiltration.

Mitigation Recommendations

Given the nature of this threat as OSINT-derived IOCs without specific exploit details, mitigation should focus on enhancing detection and response capabilities. Organizations should: 1) Integrate the provided IOCs into Security Information and Event Management (SIEM) systems and Endpoint Detection and Response (EDR) tools to improve visibility. 2) Conduct regular threat hunting exercises using these IOCs to identify potential compromises early. 3) Maintain up-to-date asset inventories to prioritize monitoring of critical systems. 4) Employ network segmentation to limit malware propagation if an infection occurs. 5) Implement strict access controls and multi-factor authentication to reduce the risk of unauthorized access that could facilitate malware deployment. 6) Participate in information sharing communities to receive timely updates on evolving threats related to these IOCs. 7) Since no patches are indicated, focus on behavioral detection techniques and anomaly monitoring to identify suspicious activities associated with unknown or emerging malware.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy

Indicators of Compromise

hash: eee544ff3042ebe04bd12cd25fa5dfe417aa35fbe43017ee1eefbb62dee2df29
hash: 144ba65dc861fc63f429d80864099985c3568c21f32b8d55a8a7790f38e5219d
hash: de5518baf0b99db0b28298eea2aef803869c3a1f03e71fa6c14b2949a76b9b1e
hash: 4f7efeb4937981b0612d730ee426cd82c8c8a0bd4feb746335f96ff09109fcac
url: http://179.61.237.152:35225/
file: 151.106.14.125
hash: 6818
url: http://45.135.132.19:57528/
url: http://gccorps.com/chief/kev/fre.php
url: http://45.150.67.203:48483/
url: http://transcorpoil.com/dumbo/dumbo2/fre.php
url: http://tor-project.ru/admin.php
hash: cfc5fb8385f662b109c6cf866ff70e598964dd37dc3498d5bd45ad2c8f4c7d59
hash: 6d2e3d20cb2290d280f12889dbe4608e4c4912b29a78d97282688be2135c7f04
hash: 39802aee5a7eeccf481f0edd551b96e6aa545cf1a4e24a14b07d963733e470af
hash: 7a691e1655dc6dfb8765947861eb93f9481471fa6833025c1f3066f540e64ffd
file: 207.244.226.86
hash: 5900
hash: 4d0c7314a1dae4a0bcc378f5ea1a779db24f54be030c578fb93033322f814be2
hash: 4285d1017228cfe56d6fabd267c201be184b070d06d20b3f353685c4b0173198
hash: 672a61ad27f7bafa74b86dffa95262a18256d48cf3f1aa74c5b6907cefd9cad1
hash: 664dad896f4788902922b89d7dec98ca505e38e44af0e8e1ba14ac866807785e
hash: bde11e5f0bd0e97d5fec3572de59518b300d0a27602c25d9699d8fc030022cb1
hash: 414d612f1134c580046095e37ead026b1c2fbfa31432e1ee662276286983fa24
hash: 6682de57608d5aa3a9d08cc776c0fde40eac48ac8898a06ca35cf7449673098e
hash: 760d24ae5e53825def7fee3baf4392c819f79f94d0dfa24f39a6cb21552dfaf7
url: http://103.125.190.121:38988/
hash: a3fbfab7f1a328a0117458513716fbf1f1b1b07e2ec58becbafcf81b4303a522
hash: 43dcc1f0d42106ff7ef495eab5e88c20dcb0a514deff224cf03fae7fdcd99c33
hash: 44b1d31dd7f0afeb4dc42929aeb5de9d82a614013893c1671597a021e9d654cc
hash: 6c219118acdf6e43d54298e2a7c268c0877a4f31c207cd29d2e038a858cea9fe
hash: 3118708b292765069f61fbdee3214a874a0dff7ab96b5f59d38a200f36d2e106
hash: 0bf3061c504517cb6b9fdd10bffe01a18a310b7989d0228635b7295bc5211582
hash: 2d9fe8ad296522b1d794302f416f0cde69ffd9d25caccf20576edaf271068178
hash: 2a0b32b89de109d62f93c18ef2ba7e9fe92e99bef8df233a1dfc6f784e13f64b
hash: 3a49c49284d6f3e229d262473c0d7e82255342c7c0dd4fe8ec88a813a9bc74fc
hash: abe51892533bc6f1b2dd1df29cc65879c10239a62ebf16278cc25ac94ed41e65
hash: 870eb8a97b16ac3b0f7c259a91be78b86778433e4e06d5f35ad2007427c28749
hash: f1080d9ef479e5632f61d71bf3e58f5d1da96faed688c76fb58bc9050a3676c8
url: http://212.86.102.153:40355/
file: 138.197.161.207
hash: 555
url: http://80.89.230.172:3214/
hash: 19b42120a5780f760f9eac6380293385b4fe4e626892741811aed00acce611e8
hash: 63bff8c2dda2d7689d14aa820d5d68f6ce8032230fbec07a6ebee67282c68394
hash: 53b95a34744278164828f2819b3733a9af538ad8c13be08a7668a6999bd1749c
hash: ba79bb82c1994130078c82de0a0332460016e988ced75c4bb34d13a81f4f8bb4
hash: 193c874495df60ae3e7b99436c7830fe56ae4223d9ff6afae7274765e1a11cfc
hash: 2609a9cd5c6a41aed4e3465f4670b2a1f68b36ed188de68a66579bc7d1bce159
hash: 07c5dd9b3305cc2c1f9d4f735cc9412c4f0664f1063cae4dc1aa673fd663a8b3
hash: bd52197839d89a6a0326dd6f7dd0bae4f3b5e19d6e11759be1ab818a6d7cdc17
url: http://solsex.duckdns.org/index.php
hash: f18a9719d767a2be2f5a9c78e04dda71df60a5345156e997458cf91970fcf5b7
hash: 62ecbb932e0211217f62bd0d3d5744a54104e2431e27ff7a7822a25d04a8581b
hash: 86ae5b33931c65515c845dc921880f1a3c90fc756a75df7c839243f904123ed1
hash: 5bdc5259703c04247d8fb65da833039b9149df10f4adbe1e27274bef66ec0ef0
url: http://185.153.198.53:40355/
url: http://lontor-tv.tk/max/index.php
url: http://webtool.publicvm.com:7776/vre
hash: f25528c7b818c788f0979ca27b3697f3d8b7cf3cb607fa443d374888a0b52208
hash: a6007add3989a77400e4ab9120f7b80b54c70a3df5908f4ea3f1f4d37eab0bcc
hash: 52a0451136f10436c0c03139d900855a141880389ca57e9a1472a01dc28c2c47
hash: 75057e98634605cba07fd6df66647bbc4e2eec59dca9513fa9107bbab1b9eaf4
url: http://178.20.40.83:81/
file: 194.5.98.252
hash: 4400
url: http://fleximexi.ir/stan/panel/fre.php
url: http://gjsd.xyz/my/five/fre.php
url: https://fleximexi.ir/stan/panel/fre.php
hash: 46ed80bd788670928f5d04217c0fda40c661a5a211f07ef6319188625303e646
hash: 17e606baa0797fd83464d43902b1705226c1d03522dbf5aa9077fe6ef1ca55c6
hash: 7ea0fdbc06262768e2ead0613ef5df8370035d0137209699f12057a54b27bd2e
hash: 949cc432eed5b528c6306fc86ae31daf617615b404a7b0647146df0b38fc65ba
hash: 510ea584db86799bd496b62e6c3da72c9f01b19527da0496ac6bf9f1ecd1733a
hash: e484dd89ca41783addc420ae8b28e965997644a1bd7a9af1485dc239f21e2ac6
hash: 6dd083c5799aa7dfd4c2abb635a1a8bd738becfe8ff1b0a58b389888d17cdfd4
hash: 4b46f30b9c687d55d3bc1ac59d4affabe44da32a45fea61e8c264c4106e9137e
url: http://cfsmarthome.net/0/
url: http://transcorpoil.com/dumbo/dumbo1/fre.php
file: 79.134.225.82
hash: 3003
file: 105.103.36.53
hash: 5552
url: http://51.195.53.221/p.php/7mptlmod4nasj
hash: a0c4ca658d66e26df505f94705577ed5d535a2c7e031774a81df7f2c06332dd5
hash: 64dc798b371c2bcdf803f695875aa351f46edb7248b3652bfc53a1a29889d801
hash: 2dd7c5d4775a5721fecfbfa53b572316c5d1baa9a244229861091785eb8d8e7a
hash: 90dcd4ef8d87eba6a65ac25459b910eb764c8a6ac70dc0416edc90d3518186c1
url: http://techregistrationapp.xyz/111/index.php
url: http://108.170.27.74:40355/
hash: 8261a249101f3cfc530438360523c7e544747d38d1c18313d9703afef20341be
hash: 9b438cfef66666b1c6513dab7cefd8f984621eaa1206272998215e9b445090fe
hash: a96fef841de9e7178b9c0ab7db37aa853f7a9fd84624d2a6e0f439a5f5632ddc
hash: 4d1ca04d04f5d34e63dfd57b2dfb8dbbd7224afaa83baf91529828de275af203
file: 41.251.51.168
hash: 81
url: http://80.92.206.128/
hash: a5a5ba1de4aa6246b7c396116caef016b1981b7dcb752c5cd9e246becfb92519
hash: 3f38b46b08de629bcda08b82cc6a70dfafc1ad844313d65c4cbacb19f096cd1b
hash: d765fc981d3265369710aaea69d851c960510eb9ddda2aaa92cdac484516c818
hash: 649b096d1faa2b22035123067642a198ae11a5901a67f3157de5a638dd848827
hash: 50f3e0b37f58f1d7a8de848fb66749f6c93651d0c6fa37e0cdc8f888c68a877d
hash: 31b3cedda2035b9710e9e5d94aff7e38d72e784014fe02f7aca8b28263020b96
hash: 34cd128bb2875da4adf969c124a5b3648654c36814cae5a35e8c3076f239ee79
hash: d200923ad5b07e7fac6903cb79b909e29e40bc523f6713a10832864dca3231af
file: 45.133.1.98
hash: 80
url: http://63e2e5290bcf.ngrok.io/gate.php
hash: 2bdd55d368125b72136a39db1870bf5f
hash: e93da9968d652948fa74b8898ed7d168
file: 51.103.81.8
hash: 6701
hash: afe4ae071261d7c5e03b4e96e253182a270d1e2c4f772d4d947e5d5cf3005984
hash: 66e8b0645ab5d9a707a753d4abb9878fd03dd05138445f22bafba76e3c007397
hash: 97ff929ee442194764c50634c91ddc16739424c6eacf90383cb36a4a4210d074
hash: 1007436b40db380f98ecff247e87e62d15507ed94859d55e89ff557b247219a1
hash: 7d4291707493bc84921a0832f42340e5377d0e58ce15e43a066ebd03f0c7c413
hash: aeafb7e4c801bb5a7a94dacfbdbbb6ec96feeb78ef78d0e92f830d2dc666cf89
hash: 56b01bb8df6e581530aee7ab1721348bc0839ee6ce1384c5c0de9ae1193569ca
hash: 2b0525261693bab30aa2a957bc01e2db908ee17194e14da77c45a2767c72a715
hash: c7d1bb6679ff60e773577753b44b6dde9ce64521e241adfce7719d8cf7600db2
hash: 7dc5a4022697c9ff17a6cb0caffa2c4b49eb0f48459fc3a0f43d17ee15e5986b
hash: 29cdd1b6c029cd7c8913d393172dff243d150aa8415699a59c3eebcf76a457e1
hash: b56bb0b9e676f4014d24762d8116da74e6c93c0a27f5ea0309a13854360de469
hash: a46ae8264e5f9bfa7edd80062cfd04169b19468ca308d6ffd1da00b6ea374ea3
hash: 8cdd5e9998109a12d49b6a226723f5c712c0ad44d0788b30eda8a69ff6a47c7d
hash: a9e5ea46d5b0dbd4b480b3002c9fe74bfe1b83e9297d4ecef3a9cd514124addb
hash: 7cbc1d9601c932a14c4bbf2fba67b5c417087cb5dacf0eb2dff743e77af2d380
hash: 8fb2a899e6622a2ddc7989121174bea2b7756f3f56f64f42dc6ef875d19ce919
hash: 763760654cb0255fe852dc06bfb80c3e9453b084e8355f3284cbd8cc6756a9ac
hash: 067173ee180295fa8ab38ce36f7fac2c29aa554e8d814054c549f443ce33a4ed
hash: f6f9ebd698ebe9f406129b21c3c393e2d754d156939d09c6db05f91fdda2c354
hash: 2302969f8ff5abb62c46d76a401ee04542ecfdce39eea660d65afefef6d787ce
url: http://thutalo.xyz/
url: http://trabajovalle2019.duckdns.org:2040/is-ready
hash: be20bd1ecf2437142a0901b8ee1b3872e9fa59cb3c9086c2f938d2909dd2a77b
hash: 1dca4ceafb673bd9a7bc6d6937caa6ec17dcfde6ca516b87b40ca58808a86915
hash: 61c92744a7657638808df9b717538a0c231dabd1ecf94b6d8407854bc6630b16
hash: b3255f3b9861fec3df96f6703a250cfafa3b8f7bcfddd5a427c3bafc0b1e8564
file: 181.131.216.190
hash: 6699
file: 18.184.222.225
hash: 41432
url: http://45.138.157.212:40355/
hash: 635f2f8b772134b31fbd79fbf89ba905ac97d9726ec5a321dd099d0099f9c744
hash: 2a7e1aa7c2d36dad17c48acc64f5c9dab742c3500fed00aa13fbd37026a5127e
hash: 10d40d8ea3d7b67007bcba4f2286e136579e28c2a14c207ed522dde9063994e5
hash: 0475dcef4d6fc67ab5e320b708be670a65901ec2840e26d7c5dfa0b20573149f
url: http://privatecyber.site/index.php
domain: gotoregt.space
domain: brannon-powlowski25d.xyz
domain: crooks-cooper24g.xyz
domain: dennis-hill25lw.xyz
domain: hprosacco25i.xyz
domain: kassandra5024d.xyz
domain: rgleason25s.xyz
domain: rosenbaum-jaida24nz.xyz
domain: treutel-jamir25ju.xyz
domain: xherzog24pv.xyz
url: http://hprosacco25i.xyz/gera.gif
url: http://rosenbaum-jaida24nz.xyz/grays.gif
url: http://treutel-jamir25ju.xyz/gera.gif
url: http://rgleason25s.xyz/gera.gif
url: http://xherzog24pv.xyz/grays.gif
url: http://brannon-powlowski25d.xyz/gera.gif
url: http://crooks-cooper24g.xyz/grays.gif
url: http://dennis-hill25lw.xyz/gera.gif
file: 105.103.36.53
hash: 5555
hash: d772357dab7ae7cfdb6fc5704562b3c1
hash: 848f4d3a9ce6780b700dfb571643d64c
file: 194.5.98.46
hash: 8989
hash: c702357f6dcd685e57710cd9ad49173d7a2e2b611d02096c78b8d41a436f28c3
hash: 70a177f2081e4309fe611ae906a218ba1c76dc8ca3c7292e457642f30073f260
hash: fd46fe4418f63fd2193260202a29c185301dab46dd6f1e93f80d0e44bfa1a6a3
hash: cb4289f6e76a293f1f83b86afbf08373bac7e77de9b00a2c6394b481ff245a3f
hash: 85703e12da9b03c01beeca428bab091b0f790d26f789bdc0beee75cab764f3d2
hash: 81e32711095862add92b6628569a86fad212e146dc41bc757ffff338799582a4
hash: 5abfc494ba3349092a27515acc133396d2814e0ced938746519b634ab71e7b29
url: http://194.156.98.159:3214/
url: http://45.144.29.195:52455/
file: 38.89.142.205
hash: 1414
hash: 67fe9d567c544348a1c011b53d13673a883b9bca447063d1c57293d7ccf9e867
hash: 555696b26eb29307cd01e024e80185dfac8845505f172e11899cf1b0598e2ce4
hash: 33d25fec49fdf04d74f2f29b3931e311e7d30dbee7d77572565e315a4e9bca95
hash: fca5301a571788fe225a5ae2169e19b0bbb1d244bc85ca2be2131618a78860bb
url: http://miwnenalita.xyz/
url: http://178.20.40.164:3214/
url: http://umbrelladownload.uno:40355/

ThreatFox IOCs for 2021-03-25

Severity: medium

Type: malware

ThreatFox IOCs for 2021-03-25

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy

Indicators of Compromise

hash: eee544ff3042ebe04bd12cd25fa5dfe417aa35fbe43017ee1eefbb62dee2df29
hash: 144ba65dc861fc63f429d80864099985c3568c21f32b8d55a8a7790f38e5219d
hash: de5518baf0b99db0b28298eea2aef803869c3a1f03e71fa6c14b2949a76b9b1e
hash: 4f7efeb4937981b0612d730ee426cd82c8c8a0bd4feb746335f96ff09109fcac
url: http://179.61.237.152:35225/
file: 151.106.14.125
hash: 6818
url: http://45.135.132.19:57528/
url: http://gccorps.com/chief/kev/fre.php
url: http://45.150.67.203:48483/
url: http://transcorpoil.com/dumbo/dumbo2/fre.php
url: http://tor-project.ru/admin.php
hash: cfc5fb8385f662b109c6cf866ff70e598964dd37dc3498d5bd45ad2c8f4c7d59
hash: 6d2e3d20cb2290d280f12889dbe4608e4c4912b29a78d97282688be2135c7f04
hash: 39802aee5a7eeccf481f0edd551b96e6aa545cf1a4e24a14b07d963733e470af
hash: 7a691e1655dc6dfb8765947861eb93f9481471fa6833025c1f3066f540e64ffd
file: 207.244.226.86
hash: 5900
hash: 4d0c7314a1dae4a0bcc378f5ea1a779db24f54be030c578fb93033322f814be2
hash: 4285d1017228cfe56d6fabd267c201be184b070d06d20b3f353685c4b0173198
hash: 672a61ad27f7bafa74b86dffa95262a18256d48cf3f1aa74c5b6907cefd9cad1
hash: 664dad896f4788902922b89d7dec98ca505e38e44af0e8e1ba14ac866807785e
hash: bde11e5f0bd0e97d5fec3572de59518b300d0a27602c25d9699d8fc030022cb1
hash: 414d612f1134c580046095e37ead026b1c2fbfa31432e1ee662276286983fa24
hash: 6682de57608d5aa3a9d08cc776c0fde40eac48ac8898a06ca35cf7449673098e
hash: 760d24ae5e53825def7fee3baf4392c819f79f94d0dfa24f39a6cb21552dfaf7
url: http://103.125.190.121:38988/
hash: a3fbfab7f1a328a0117458513716fbf1f1b1b07e2ec58becbafcf81b4303a522
hash: 43dcc1f0d42106ff7ef495eab5e88c20dcb0a514deff224cf03fae7fdcd99c33
hash: 44b1d31dd7f0afeb4dc42929aeb5de9d82a614013893c1671597a021e9d654cc
hash: 6c219118acdf6e43d54298e2a7c268c0877a4f31c207cd29d2e038a858cea9fe
hash: 3118708b292765069f61fbdee3214a874a0dff7ab96b5f59d38a200f36d2e106
hash: 0bf3061c504517cb6b9fdd10bffe01a18a310b7989d0228635b7295bc5211582
hash: 2d9fe8ad296522b1d794302f416f0cde69ffd9d25caccf20576edaf271068178
hash: 2a0b32b89de109d62f93c18ef2ba7e9fe92e99bef8df233a1dfc6f784e13f64b
hash: 3a49c49284d6f3e229d262473c0d7e82255342c7c0dd4fe8ec88a813a9bc74fc
hash: abe51892533bc6f1b2dd1df29cc65879c10239a62ebf16278cc25ac94ed41e65
hash: 870eb8a97b16ac3b0f7c259a91be78b86778433e4e06d5f35ad2007427c28749
hash: f1080d9ef479e5632f61d71bf3e58f5d1da96faed688c76fb58bc9050a3676c8
url: http://212.86.102.153:40355/
file: 138.197.161.207
hash: 555
url: http://80.89.230.172:3214/
hash: 19b42120a5780f760f9eac6380293385b4fe4e626892741811aed00acce611e8
hash: 63bff8c2dda2d7689d14aa820d5d68f6ce8032230fbec07a6ebee67282c68394
hash: 53b95a34744278164828f2819b3733a9af538ad8c13be08a7668a6999bd1749c
hash: ba79bb82c1994130078c82de0a0332460016e988ced75c4bb34d13a81f4f8bb4
hash: 193c874495df60ae3e7b99436c7830fe56ae4223d9ff6afae7274765e1a11cfc
hash: 2609a9cd5c6a41aed4e3465f4670b2a1f68b36ed188de68a66579bc7d1bce159
hash: 07c5dd9b3305cc2c1f9d4f735cc9412c4f0664f1063cae4dc1aa673fd663a8b3
hash: bd52197839d89a6a0326dd6f7dd0bae4f3b5e19d6e11759be1ab818a6d7cdc17
url: http://solsex.duckdns.org/index.php
hash: f18a9719d767a2be2f5a9c78e04dda71df60a5345156e997458cf91970fcf5b7
hash: 62ecbb932e0211217f62bd0d3d5744a54104e2431e27ff7a7822a25d04a8581b
hash: 86ae5b33931c65515c845dc921880f1a3c90fc756a75df7c839243f904123ed1
hash: 5bdc5259703c04247d8fb65da833039b9149df10f4adbe1e27274bef66ec0ef0
url: http://185.153.198.53:40355/
url: http://lontor-tv.tk/max/index.php
url: http://webtool.publicvm.com:7776/vre
hash: f25528c7b818c788f0979ca27b3697f3d8b7cf3cb607fa443d374888a0b52208
hash: a6007add3989a77400e4ab9120f7b80b54c70a3df5908f4ea3f1f4d37eab0bcc
hash: 52a0451136f10436c0c03139d900855a141880389ca57e9a1472a01dc28c2c47
hash: 75057e98634605cba07fd6df66647bbc4e2eec59dca9513fa9107bbab1b9eaf4
url: http://178.20.40.83:81/
file: 194.5.98.252
hash: 4400
url: http://fleximexi.ir/stan/panel/fre.php
url: http://gjsd.xyz/my/five/fre.php
url: https://fleximexi.ir/stan/panel/fre.php
hash: 46ed80bd788670928f5d04217c0fda40c661a5a211f07ef6319188625303e646
hash: 17e606baa0797fd83464d43902b1705226c1d03522dbf5aa9077fe6ef1ca55c6
hash: 7ea0fdbc06262768e2ead0613ef5df8370035d0137209699f12057a54b27bd2e
hash: 949cc432eed5b528c6306fc86ae31daf617615b404a7b0647146df0b38fc65ba
hash: 510ea584db86799bd496b62e6c3da72c9f01b19527da0496ac6bf9f1ecd1733a
hash: e484dd89ca41783addc420ae8b28e965997644a1bd7a9af1485dc239f21e2ac6
hash: 6dd083c5799aa7dfd4c2abb635a1a8bd738becfe8ff1b0a58b389888d17cdfd4
hash: 4b46f30b9c687d55d3bc1ac59d4affabe44da32a45fea61e8c264c4106e9137e
url: http://cfsmarthome.net/0/
url: http://transcorpoil.com/dumbo/dumbo1/fre.php
file: 79.134.225.82
hash: 3003
file: 105.103.36.53
hash: 5552
url: http://51.195.53.221/p.php/7mptlmod4nasj
hash: a0c4ca658d66e26df505f94705577ed5d535a2c7e031774a81df7f2c06332dd5
hash: 64dc798b371c2bcdf803f695875aa351f46edb7248b3652bfc53a1a29889d801
hash: 2dd7c5d4775a5721fecfbfa53b572316c5d1baa9a244229861091785eb8d8e7a
hash: 90dcd4ef8d87eba6a65ac25459b910eb764c8a6ac70dc0416edc90d3518186c1
url: http://techregistrationapp.xyz/111/index.php
url: http://108.170.27.74:40355/
hash: 8261a249101f3cfc530438360523c7e544747d38d1c18313d9703afef20341be
hash: 9b438cfef66666b1c6513dab7cefd8f984621eaa1206272998215e9b445090fe
hash: a96fef841de9e7178b9c0ab7db37aa853f7a9fd84624d2a6e0f439a5f5632ddc
hash: 4d1ca04d04f5d34e63dfd57b2dfb8dbbd7224afaa83baf91529828de275af203
file: 41.251.51.168
hash: 81
url: http://80.92.206.128/
hash: a5a5ba1de4aa6246b7c396116caef016b1981b7dcb752c5cd9e246becfb92519
hash: 3f38b46b08de629bcda08b82cc6a70dfafc1ad844313d65c4cbacb19f096cd1b
hash: d765fc981d3265369710aaea69d851c960510eb9ddda2aaa92cdac484516c818
hash: 649b096d1faa2b22035123067642a198ae11a5901a67f3157de5a638dd848827
hash: 50f3e0b37f58f1d7a8de848fb66749f6c93651d0c6fa37e0cdc8f888c68a877d
hash: 31b3cedda2035b9710e9e5d94aff7e38d72e784014fe02f7aca8b28263020b96
hash: 34cd128bb2875da4adf969c124a5b3648654c36814cae5a35e8c3076f239ee79
hash: d200923ad5b07e7fac6903cb79b909e29e40bc523f6713a10832864dca3231af
file: 45.133.1.98
hash: 80
url: http://63e2e5290bcf.ngrok.io/gate.php
hash: 2bdd55d368125b72136a39db1870bf5f
hash: e93da9968d652948fa74b8898ed7d168
file: 51.103.81.8
hash: 6701
hash: afe4ae071261d7c5e03b4e96e253182a270d1e2c4f772d4d947e5d5cf3005984
hash: 66e8b0645ab5d9a707a753d4abb9878fd03dd05138445f22bafba76e3c007397
hash: 97ff929ee442194764c50634c91ddc16739424c6eacf90383cb36a4a4210d074
hash: 1007436b40db380f98ecff247e87e62d15507ed94859d55e89ff557b247219a1
hash: 7d4291707493bc84921a0832f42340e5377d0e58ce15e43a066ebd03f0c7c413
hash: aeafb7e4c801bb5a7a94dacfbdbbb6ec96feeb78ef78d0e92f830d2dc666cf89
hash: 56b01bb8df6e581530aee7ab1721348bc0839ee6ce1384c5c0de9ae1193569ca
hash: 2b0525261693bab30aa2a957bc01e2db908ee17194e14da77c45a2767c72a715
hash: c7d1bb6679ff60e773577753b44b6dde9ce64521e241adfce7719d8cf7600db2
hash: 7dc5a4022697c9ff17a6cb0caffa2c4b49eb0f48459fc3a0f43d17ee15e5986b
hash: 29cdd1b6c029cd7c8913d393172dff243d150aa8415699a59c3eebcf76a457e1
hash: b56bb0b9e676f4014d24762d8116da74e6c93c0a27f5ea0309a13854360de469
hash: a46ae8264e5f9bfa7edd80062cfd04169b19468ca308d6ffd1da00b6ea374ea3
hash: 8cdd5e9998109a12d49b6a226723f5c712c0ad44d0788b30eda8a69ff6a47c7d
hash: a9e5ea46d5b0dbd4b480b3002c9fe74bfe1b83e9297d4ecef3a9cd514124addb
hash: 7cbc1d9601c932a14c4bbf2fba67b5c417087cb5dacf0eb2dff743e77af2d380
hash: 8fb2a899e6622a2ddc7989121174bea2b7756f3f56f64f42dc6ef875d19ce919
hash: 763760654cb0255fe852dc06bfb80c3e9453b084e8355f3284cbd8cc6756a9ac
hash: 067173ee180295fa8ab38ce36f7fac2c29aa554e8d814054c549f443ce33a4ed
hash: f6f9ebd698ebe9f406129b21c3c393e2d754d156939d09c6db05f91fdda2c354
hash: 2302969f8ff5abb62c46d76a401ee04542ecfdce39eea660d65afefef6d787ce
url: http://thutalo.xyz/
url: http://trabajovalle2019.duckdns.org:2040/is-ready
hash: be20bd1ecf2437142a0901b8ee1b3872e9fa59cb3c9086c2f938d2909dd2a77b
hash: 1dca4ceafb673bd9a7bc6d6937caa6ec17dcfde6ca516b87b40ca58808a86915
hash: 61c92744a7657638808df9b717538a0c231dabd1ecf94b6d8407854bc6630b16
hash: b3255f3b9861fec3df96f6703a250cfafa3b8f7bcfddd5a427c3bafc0b1e8564
file: 181.131.216.190
hash: 6699
file: 18.184.222.225
hash: 41432
url: http://45.138.157.212:40355/
hash: 635f2f8b772134b31fbd79fbf89ba905ac97d9726ec5a321dd099d0099f9c744
hash: 2a7e1aa7c2d36dad17c48acc64f5c9dab742c3500fed00aa13fbd37026a5127e
hash: 10d40d8ea3d7b67007bcba4f2286e136579e28c2a14c207ed522dde9063994e5
hash: 0475dcef4d6fc67ab5e320b708be670a65901ec2840e26d7c5dfa0b20573149f
url: http://privatecyber.site/index.php
domain: gotoregt.space
domain: brannon-powlowski25d.xyz
domain: crooks-cooper24g.xyz
domain: dennis-hill25lw.xyz
domain: hprosacco25i.xyz
domain: kassandra5024d.xyz
domain: rgleason25s.xyz
domain: rosenbaum-jaida24nz.xyz
domain: treutel-jamir25ju.xyz
domain: xherzog24pv.xyz
url: http://hprosacco25i.xyz/gera.gif
url: http://rosenbaum-jaida24nz.xyz/grays.gif
url: http://treutel-jamir25ju.xyz/gera.gif
url: http://rgleason25s.xyz/gera.gif
url: http://xherzog24pv.xyz/grays.gif
url: http://brannon-powlowski25d.xyz/gera.gif
url: http://crooks-cooper24g.xyz/grays.gif
url: http://dennis-hill25lw.xyz/gera.gif
file: 105.103.36.53
hash: 5555
hash: d772357dab7ae7cfdb6fc5704562b3c1
hash: 848f4d3a9ce6780b700dfb571643d64c
file: 194.5.98.46
hash: 8989
hash: c702357f6dcd685e57710cd9ad49173d7a2e2b611d02096c78b8d41a436f28c3
hash: 70a177f2081e4309fe611ae906a218ba1c76dc8ca3c7292e457642f30073f260
hash: fd46fe4418f63fd2193260202a29c185301dab46dd6f1e93f80d0e44bfa1a6a3
hash: cb4289f6e76a293f1f83b86afbf08373bac7e77de9b00a2c6394b481ff245a3f
hash: 85703e12da9b03c01beeca428bab091b0f790d26f789bdc0beee75cab764f3d2
hash: 81e32711095862add92b6628569a86fad212e146dc41bc757ffff338799582a4
hash: 5abfc494ba3349092a27515acc133396d2814e0ced938746519b634ab71e7b29
url: http://194.156.98.159:3214/
url: http://45.144.29.195:52455/
file: 38.89.142.205
hash: 1414
hash: 67fe9d567c544348a1c011b53d13673a883b9bca447063d1c57293d7ccf9e867
hash: 555696b26eb29307cd01e024e80185dfac8845505f172e11899cf1b0598e2ce4
hash: 33d25fec49fdf04d74f2f29b3931e311e7d30dbee7d77572565e315a4e9bca95
hash: fca5301a571788fe225a5ae2169e19b0bbb1d244bc85ca2be2131618a78860bb
url: http://miwnenalita.xyz/
url: http://178.20.40.164:3214/
url: http://umbrelladownload.uno:40355/

Source: ThreatFox

Published: Thu Mar 25 2021

ThreatFox IOCs for 2021-03-25

Medium

Malwaretype:osint tlp:white

Published: Thu Mar 25 2021 (03/25/2021, 00:00:00 UTC)

Source: ThreatFox

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2021-03-25

AI-Powered Analysis

AILast updated: 06/18/2025, 19:48:30 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: 0eb59a25-2cab-4ac6-8c0d-b4f600440e10
Original Timestamp: 1616716981

Indicators of Compromise

Hash

Value	Description	Copy
hasheee544ff3042ebe04bd12cd25fa5dfe417aa35fbe43017ee1eefbb62dee2df29	Glupteba payload (confidence level: 50%)
hash144ba65dc861fc63f429d80864099985c3568c21f32b8d55a8a7790f38e5219d	Glupteba payload (confidence level: 50%)
hashde5518baf0b99db0b28298eea2aef803869c3a1f03e71fa6c14b2949a76b9b1e	Glupteba payload (confidence level: 50%)
hash4f7efeb4937981b0612d730ee426cd82c8c8a0bd4feb746335f96ff09109fcac	Glupteba payload (confidence level: 50%)
hash6818	Crimson RAT botnet C2 server (confidence level: 100%)
hashcfc5fb8385f662b109c6cf866ff70e598964dd37dc3498d5bd45ad2c8f4c7d59	Phobos Ransomware payload (confidence level: 50%)
hash6d2e3d20cb2290d280f12889dbe4608e4c4912b29a78d97282688be2135c7f04	Phobos Ransomware payload (confidence level: 50%)
hash39802aee5a7eeccf481f0edd551b96e6aa545cf1a4e24a14b07d963733e470af	Phobos Ransomware payload (confidence level: 50%)
hash7a691e1655dc6dfb8765947861eb93f9481471fa6833025c1f3066f540e64ffd	Phobos Ransomware payload (confidence level: 50%)
hash5900	NetWire RC botnet C2 server (confidence level: 100%)
hash4d0c7314a1dae4a0bcc378f5ea1a779db24f54be030c578fb93033322f814be2	Agent Tesla payload (confidence level: 50%)
hash4285d1017228cfe56d6fabd267c201be184b070d06d20b3f353685c4b0173198	Agent Tesla payload (confidence level: 50%)
hash672a61ad27f7bafa74b86dffa95262a18256d48cf3f1aa74c5b6907cefd9cad1	Agent Tesla payload (confidence level: 50%)
hash664dad896f4788902922b89d7dec98ca505e38e44af0e8e1ba14ac866807785e	Agent Tesla payload (confidence level: 50%)
hashbde11e5f0bd0e97d5fec3572de59518b300d0a27602c25d9699d8fc030022cb1	Formbook payload (confidence level: 50%)
hash414d612f1134c580046095e37ead026b1c2fbfa31432e1ee662276286983fa24	Formbook payload (confidence level: 50%)
hash6682de57608d5aa3a9d08cc776c0fde40eac48ac8898a06ca35cf7449673098e	Formbook payload (confidence level: 50%)
hash760d24ae5e53825def7fee3baf4392c819f79f94d0dfa24f39a6cb21552dfaf7	Formbook payload (confidence level: 50%)
hasha3fbfab7f1a328a0117458513716fbf1f1b1b07e2ec58becbafcf81b4303a522	Glupteba payload (confidence level: 50%)
hash43dcc1f0d42106ff7ef495eab5e88c20dcb0a514deff224cf03fae7fdcd99c33	Glupteba payload (confidence level: 50%)
hash44b1d31dd7f0afeb4dc42929aeb5de9d82a614013893c1671597a021e9d654cc	Glupteba payload (confidence level: 50%)
hash6c219118acdf6e43d54298e2a7c268c0877a4f31c207cd29d2e038a858cea9fe	Glupteba payload (confidence level: 50%)
hash3118708b292765069f61fbdee3214a874a0dff7ab96b5f59d38a200f36d2e106	SmokeLoader payload (confidence level: 50%)
hash0bf3061c504517cb6b9fdd10bffe01a18a310b7989d0228635b7295bc5211582	SmokeLoader payload (confidence level: 50%)
hash2d9fe8ad296522b1d794302f416f0cde69ffd9d25caccf20576edaf271068178	SmokeLoader payload (confidence level: 50%)
hash2a0b32b89de109d62f93c18ef2ba7e9fe92e99bef8df233a1dfc6f784e13f64b	SmokeLoader payload (confidence level: 50%)
hash3a49c49284d6f3e229d262473c0d7e82255342c7c0dd4fe8ec88a813a9bc74fc	Agent Tesla payload (confidence level: 50%)
hashabe51892533bc6f1b2dd1df29cc65879c10239a62ebf16278cc25ac94ed41e65	Agent Tesla payload (confidence level: 50%)
hash870eb8a97b16ac3b0f7c259a91be78b86778433e4e06d5f35ad2007427c28749	Agent Tesla payload (confidence level: 50%)
hashf1080d9ef479e5632f61d71bf3e58f5d1da96faed688c76fb58bc9050a3676c8	Agent Tesla payload (confidence level: 50%)
hash555	Nanocore RAT botnet C2 server (confidence level: 100%)
hash19b42120a5780f760f9eac6380293385b4fe4e626892741811aed00acce611e8	Nanocore RAT payload (confidence level: 50%)
hash63bff8c2dda2d7689d14aa820d5d68f6ce8032230fbec07a6ebee67282c68394	Nanocore RAT payload (confidence level: 50%)
hash53b95a34744278164828f2819b3733a9af538ad8c13be08a7668a6999bd1749c	Nanocore RAT payload (confidence level: 50%)
hashba79bb82c1994130078c82de0a0332460016e988ced75c4bb34d13a81f4f8bb4	Nanocore RAT payload (confidence level: 50%)
hash193c874495df60ae3e7b99436c7830fe56ae4223d9ff6afae7274765e1a11cfc	Agent Tesla payload (confidence level: 50%)
hash2609a9cd5c6a41aed4e3465f4670b2a1f68b36ed188de68a66579bc7d1bce159	Agent Tesla payload (confidence level: 50%)
hash07c5dd9b3305cc2c1f9d4f735cc9412c4f0664f1063cae4dc1aa673fd663a8b3	Agent Tesla payload (confidence level: 50%)
hashbd52197839d89a6a0326dd6f7dd0bae4f3b5e19d6e11759be1ab818a6d7cdc17	Agent Tesla payload (confidence level: 50%)
hashf18a9719d767a2be2f5a9c78e04dda71df60a5345156e997458cf91970fcf5b7	DanaBot payload (confidence level: 50%)
hash62ecbb932e0211217f62bd0d3d5744a54104e2431e27ff7a7822a25d04a8581b	DanaBot payload (confidence level: 50%)
hash86ae5b33931c65515c845dc921880f1a3c90fc756a75df7c839243f904123ed1	DanaBot payload (confidence level: 50%)
hash5bdc5259703c04247d8fb65da833039b9149df10f4adbe1e27274bef66ec0ef0	DanaBot payload (confidence level: 50%)
hashf25528c7b818c788f0979ca27b3697f3d8b7cf3cb607fa443d374888a0b52208	Azorult payload (confidence level: 50%)
hasha6007add3989a77400e4ab9120f7b80b54c70a3df5908f4ea3f1f4d37eab0bcc	Azorult payload (confidence level: 50%)
hash52a0451136f10436c0c03139d900855a141880389ca57e9a1472a01dc28c2c47	Azorult payload (confidence level: 50%)
hash75057e98634605cba07fd6df66647bbc4e2eec59dca9513fa9107bbab1b9eaf4	Azorult payload (confidence level: 50%)
hash4400	BitRAT botnet C2 server (confidence level: 100%)
hash46ed80bd788670928f5d04217c0fda40c661a5a211f07ef6319188625303e646	Formbook payload (confidence level: 50%)
hash17e606baa0797fd83464d43902b1705226c1d03522dbf5aa9077fe6ef1ca55c6	Formbook payload (confidence level: 50%)
hash7ea0fdbc06262768e2ead0613ef5df8370035d0137209699f12057a54b27bd2e	Formbook payload (confidence level: 50%)
hash949cc432eed5b528c6306fc86ae31daf617615b404a7b0647146df0b38fc65ba	Formbook payload (confidence level: 50%)
hash510ea584db86799bd496b62e6c3da72c9f01b19527da0496ac6bf9f1ecd1733a	Agent Tesla payload (confidence level: 50%)
hashe484dd89ca41783addc420ae8b28e965997644a1bd7a9af1485dc239f21e2ac6	Agent Tesla payload (confidence level: 50%)
hash6dd083c5799aa7dfd4c2abb635a1a8bd738becfe8ff1b0a58b389888d17cdfd4	Agent Tesla payload (confidence level: 50%)
hash4b46f30b9c687d55d3bc1ac59d4affabe44da32a45fea61e8c264c4106e9137e	Agent Tesla payload (confidence level: 50%)
hash3003	Nanocore RAT botnet C2 server (confidence level: 100%)
hash5552	NjRAT botnet C2 server (confidence level: 100%)
hasha0c4ca658d66e26df505f94705577ed5d535a2c7e031774a81df7f2c06332dd5	Nanocore RAT payload (confidence level: 50%)
hash64dc798b371c2bcdf803f695875aa351f46edb7248b3652bfc53a1a29889d801	Nanocore RAT payload (confidence level: 50%)
hash2dd7c5d4775a5721fecfbfa53b572316c5d1baa9a244229861091785eb8d8e7a	Nanocore RAT payload (confidence level: 50%)
hash90dcd4ef8d87eba6a65ac25459b910eb764c8a6ac70dc0416edc90d3518186c1	Nanocore RAT payload (confidence level: 50%)
hash8261a249101f3cfc530438360523c7e544747d38d1c18313d9703afef20341be	Formbook payload (confidence level: 50%)
hash9b438cfef66666b1c6513dab7cefd8f984621eaa1206272998215e9b445090fe	Formbook payload (confidence level: 50%)
hasha96fef841de9e7178b9c0ab7db37aa853f7a9fd84624d2a6e0f439a5f5632ddc	Formbook payload (confidence level: 50%)
hash4d1ca04d04f5d34e63dfd57b2dfb8dbbd7224afaa83baf91529828de275af203	Formbook payload (confidence level: 50%)
hash81	AsyncRAT botnet C2 server (confidence level: 100%)
hasha5a5ba1de4aa6246b7c396116caef016b1981b7dcb752c5cd9e246becfb92519	Agent Tesla payload (confidence level: 50%)
hash3f38b46b08de629bcda08b82cc6a70dfafc1ad844313d65c4cbacb19f096cd1b	Agent Tesla payload (confidence level: 50%)
hashd765fc981d3265369710aaea69d851c960510eb9ddda2aaa92cdac484516c818	Agent Tesla payload (confidence level: 50%)
hash649b096d1faa2b22035123067642a198ae11a5901a67f3157de5a638dd848827	Agent Tesla payload (confidence level: 50%)
hash50f3e0b37f58f1d7a8de848fb66749f6c93651d0c6fa37e0cdc8f888c68a877d	Agent Tesla payload (confidence level: 50%)
hash31b3cedda2035b9710e9e5d94aff7e38d72e784014fe02f7aca8b28263020b96	Agent Tesla payload (confidence level: 50%)
hash34cd128bb2875da4adf969c124a5b3648654c36814cae5a35e8c3076f239ee79	Agent Tesla payload (confidence level: 50%)
hashd200923ad5b07e7fac6903cb79b909e29e40bc523f6713a10832864dca3231af	Agent Tesla payload (confidence level: 50%)
hash80	BlackNET RAT botnet C2 server (confidence level: 75%)
hash2bdd55d368125b72136a39db1870bf5f	Azorult payload (confidence level: 50%)
hashe93da9968d652948fa74b8898ed7d168	Agent Tesla payload (confidence level: 50%)
hash6701	Nanocore RAT botnet C2 server (confidence level: 100%)
hashafe4ae071261d7c5e03b4e96e253182a270d1e2c4f772d4d947e5d5cf3005984	ISFB payload (confidence level: 50%)
hash66e8b0645ab5d9a707a753d4abb9878fd03dd05138445f22bafba76e3c007397	Agent Tesla payload (confidence level: 50%)
hash97ff929ee442194764c50634c91ddc16739424c6eacf90383cb36a4a4210d074	Agent Tesla payload (confidence level: 50%)
hash1007436b40db380f98ecff247e87e62d15507ed94859d55e89ff557b247219a1	Agent Tesla payload (confidence level: 50%)
hash7d4291707493bc84921a0832f42340e5377d0e58ce15e43a066ebd03f0c7c413	Agent Tesla payload (confidence level: 50%)
hashaeafb7e4c801bb5a7a94dacfbdbbb6ec96feeb78ef78d0e92f830d2dc666cf89	Agent Tesla payload (confidence level: 50%)
hash56b01bb8df6e581530aee7ab1721348bc0839ee6ce1384c5c0de9ae1193569ca	Agent Tesla payload (confidence level: 50%)
hash2b0525261693bab30aa2a957bc01e2db908ee17194e14da77c45a2767c72a715	Agent Tesla payload (confidence level: 50%)
hashc7d1bb6679ff60e773577753b44b6dde9ce64521e241adfce7719d8cf7600db2	Agent Tesla payload (confidence level: 50%)
hash7dc5a4022697c9ff17a6cb0caffa2c4b49eb0f48459fc3a0f43d17ee15e5986b	Agent Tesla payload (confidence level: 50%)
hash29cdd1b6c029cd7c8913d393172dff243d150aa8415699a59c3eebcf76a457e1	Agent Tesla payload (confidence level: 50%)
hashb56bb0b9e676f4014d24762d8116da74e6c93c0a27f5ea0309a13854360de469	Agent Tesla payload (confidence level: 50%)
hasha46ae8264e5f9bfa7edd80062cfd04169b19468ca308d6ffd1da00b6ea374ea3	Formbook payload (confidence level: 50%)
hash8cdd5e9998109a12d49b6a226723f5c712c0ad44d0788b30eda8a69ff6a47c7d	Agent Tesla payload (confidence level: 50%)
hasha9e5ea46d5b0dbd4b480b3002c9fe74bfe1b83e9297d4ecef3a9cd514124addb	Formbook payload (confidence level: 50%)
hash7cbc1d9601c932a14c4bbf2fba67b5c417087cb5dacf0eb2dff743e77af2d380	Formbook payload (confidence level: 50%)
hash8fb2a899e6622a2ddc7989121174bea2b7756f3f56f64f42dc6ef875d19ce919	Formbook payload (confidence level: 50%)
hash763760654cb0255fe852dc06bfb80c3e9453b084e8355f3284cbd8cc6756a9ac	Agent Tesla payload (confidence level: 50%)
hash067173ee180295fa8ab38ce36f7fac2c29aa554e8d814054c549f443ce33a4ed	Agent Tesla payload (confidence level: 50%)
hashf6f9ebd698ebe9f406129b21c3c393e2d754d156939d09c6db05f91fdda2c354	Agent Tesla payload (confidence level: 50%)
hash2302969f8ff5abb62c46d76a401ee04542ecfdce39eea660d65afefef6d787ce	Agent Tesla payload (confidence level: 50%)
hashbe20bd1ecf2437142a0901b8ee1b3872e9fa59cb3c9086c2f938d2909dd2a77b	Nanocore RAT payload (confidence level: 50%)
hash1dca4ceafb673bd9a7bc6d6937caa6ec17dcfde6ca516b87b40ca58808a86915	Nanocore RAT payload (confidence level: 50%)
hash61c92744a7657638808df9b717538a0c231dabd1ecf94b6d8407854bc6630b16	Nanocore RAT payload (confidence level: 50%)
hashb3255f3b9861fec3df96f6703a250cfafa3b8f7bcfddd5a427c3bafc0b1e8564	Nanocore RAT payload (confidence level: 50%)
hash6699	NjRAT botnet C2 server (confidence level: 100%)
hash41432	Nanocore RAT botnet C2 server (confidence level: 100%)
hash635f2f8b772134b31fbd79fbf89ba905ac97d9726ec5a321dd099d0099f9c744	Agent Tesla payload (confidence level: 50%)
hash2a7e1aa7c2d36dad17c48acc64f5c9dab742c3500fed00aa13fbd37026a5127e	Agent Tesla payload (confidence level: 50%)
hash10d40d8ea3d7b67007bcba4f2286e136579e28c2a14c207ed522dde9063994e5	Agent Tesla payload (confidence level: 50%)
hash0475dcef4d6fc67ab5e320b708be670a65901ec2840e26d7c5dfa0b20573149f	Agent Tesla payload (confidence level: 50%)
hash5555	NjRAT botnet C2 server (confidence level: 100%)
hashd772357dab7ae7cfdb6fc5704562b3c1	Agent Tesla payload (confidence level: 50%)
hash848f4d3a9ce6780b700dfb571643d64c	Agent Tesla payload (confidence level: 50%)
hash8989	Nanocore RAT botnet C2 server (confidence level: 100%)
hashc702357f6dcd685e57710cd9ad49173d7a2e2b611d02096c78b8d41a436f28c3	NjRAT payload (confidence level: 50%)
hash70a177f2081e4309fe611ae906a218ba1c76dc8ca3c7292e457642f30073f260	NjRAT payload (confidence level: 50%)
hashfd46fe4418f63fd2193260202a29c185301dab46dd6f1e93f80d0e44bfa1a6a3	NjRAT payload (confidence level: 50%)
hashcb4289f6e76a293f1f83b86afbf08373bac7e77de9b00a2c6394b481ff245a3f	Glupteba payload (confidence level: 50%)
hash85703e12da9b03c01beeca428bab091b0f790d26f789bdc0beee75cab764f3d2	Glupteba payload (confidence level: 50%)
hash81e32711095862add92b6628569a86fad212e146dc41bc757ffff338799582a4	Glupteba payload (confidence level: 50%)
hash5abfc494ba3349092a27515acc133396d2814e0ced938746519b634ab71e7b29	Glupteba payload (confidence level: 50%)
hash1414	NjRAT botnet C2 server (confidence level: 100%)
hash67fe9d567c544348a1c011b53d13673a883b9bca447063d1c57293d7ccf9e867	RedLine Stealer payload (confidence level: 50%)
hash555696b26eb29307cd01e024e80185dfac8845505f172e11899cf1b0598e2ce4	RedLine Stealer payload (confidence level: 50%)
hash33d25fec49fdf04d74f2f29b3931e311e7d30dbee7d77572565e315a4e9bca95	RedLine Stealer payload (confidence level: 50%)
hashfca5301a571788fe225a5ae2169e19b0bbb1d244bc85ca2be2131618a78860bb	RedLine Stealer payload (confidence level: 50%)

Url

Value	Description	Copy
urlhttp://179.61.237.152:35225/	RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://45.135.132.19:57528/	RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://gccorps.com/chief/kev/fre.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://45.150.67.203:48483/	RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://transcorpoil.com/dumbo/dumbo2/fre.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://tor-project.ru/admin.php	Pony botnet C2 (confidence level: 100%)
urlhttp://103.125.190.121:38988/	RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://212.86.102.153:40355/	RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://80.89.230.172:3214/	RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://solsex.duckdns.org/index.php	Azorult botnet C2 (confidence level: 100%)
urlhttp://185.153.198.53:40355/	RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://lontor-tv.tk/max/index.php	Azorult botnet C2 (confidence level: 75%)
urlhttp://webtool.publicvm.com:7776/vre	Vjw0rm botnet C2 (confidence level: 100%)
urlhttp://178.20.40.83:81/	RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://fleximexi.ir/stan/panel/fre.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://gjsd.xyz/my/five/fre.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttps://fleximexi.ir/stan/panel/fre.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttp://cfsmarthome.net/0/	SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://transcorpoil.com/dumbo/dumbo1/fre.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://51.195.53.221/p.php/7mptlmod4nasj	Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://techregistrationapp.xyz/111/index.php	Azorult botnet C2 (confidence level: 100%)
urlhttp://108.170.27.74:40355/	RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://80.92.206.128/	RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://63e2e5290bcf.ngrok.io/gate.php	Pony botnet C2 (confidence level: 100%)
urlhttp://thutalo.xyz/	RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://trabajovalle2019.duckdns.org:2040/is-ready	Houdini botnet C2 (confidence level: 100%)
urlhttp://45.138.157.212:40355/	RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://privatecyber.site/index.php	Azorult botnet C2 (confidence level: 100%)
urlhttp://hprosacco25i.xyz/gera.gif	IcedID payload delivery URL (confidence level: 100%)
urlhttp://rosenbaum-jaida24nz.xyz/grays.gif	IcedID payload delivery URL (confidence level: 100%)
urlhttp://treutel-jamir25ju.xyz/gera.gif	IcedID payload delivery URL (confidence level: 100%)
urlhttp://rgleason25s.xyz/gera.gif	IcedID payload delivery URL (confidence level: 100%)
urlhttp://xherzog24pv.xyz/grays.gif	IcedID payload delivery URL (confidence level: 100%)
urlhttp://brannon-powlowski25d.xyz/gera.gif	IcedID payload delivery URL (confidence level: 100%)
urlhttp://crooks-cooper24g.xyz/grays.gif	IcedID payload delivery URL (confidence level: 100%)
urlhttp://dennis-hill25lw.xyz/gera.gif	IcedID payload delivery URL (confidence level: 100%)
urlhttp://194.156.98.159:3214/	RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://45.144.29.195:52455/	RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://miwnenalita.xyz/	RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://178.20.40.164:3214/	RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://umbrelladownload.uno:40355/	RedLine Stealer botnet C2 (confidence level: 100%)

File

Value	Description	Copy
file151.106.14.125	Crimson RAT botnet C2 server (confidence level: 100%)
file207.244.226.86	NetWire RC botnet C2 server (confidence level: 100%)
file138.197.161.207	Nanocore RAT botnet C2 server (confidence level: 100%)
file194.5.98.252	BitRAT botnet C2 server (confidence level: 100%)
file79.134.225.82	Nanocore RAT botnet C2 server (confidence level: 100%)
file105.103.36.53	NjRAT botnet C2 server (confidence level: 100%)
file41.251.51.168	AsyncRAT botnet C2 server (confidence level: 100%)
file45.133.1.98	BlackNET RAT botnet C2 server (confidence level: 75%)
file51.103.81.8	Nanocore RAT botnet C2 server (confidence level: 100%)
file181.131.216.190	NjRAT botnet C2 server (confidence level: 100%)
file18.184.222.225	Nanocore RAT botnet C2 server (confidence level: 100%)
file105.103.36.53	NjRAT botnet C2 server (confidence level: 100%)
file194.5.98.46	Nanocore RAT botnet C2 server (confidence level: 100%)
file38.89.142.205	NjRAT botnet C2 server (confidence level: 100%)

Domain

Value	Description	Copy
domaingotoregt.space	Gozi botnet C2 domain (confidence level: 100%)
domainbrannon-powlowski25d.xyz	IcedID payload delivery domain (confidence level: 100%)
domaincrooks-cooper24g.xyz	IcedID payload delivery domain (confidence level: 100%)
domaindennis-hill25lw.xyz	IcedID payload delivery domain (confidence level: 100%)
domainhprosacco25i.xyz	IcedID payload delivery domain (confidence level: 100%)
domainkassandra5024d.xyz	IcedID payload delivery domain (confidence level: 100%)
domainrgleason25s.xyz	IcedID payload delivery domain (confidence level: 100%)
domainrosenbaum-jaida24nz.xyz	IcedID payload delivery domain (confidence level: 100%)
domaintreutel-jamir25ju.xyz	IcedID payload delivery domain (confidence level: 100%)
domainxherzog24pv.xyz	IcedID payload delivery domain (confidence level: 100%)

Threat ID: 682b7ba2d3ddd8cef2e770b1

Added to database: 5/19/2025, 6:42:42 PM

Last enriched: 6/18/2025, 7:48:30 PM

Last updated: 7/29/2025, 2:57:17 PM

Related Threats

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2021-03-25

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2021-03-25

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Hash

Url

File

Domain

Related Threats

ThreatFox IOCs for 2025-08-03

ThreatFox IOCs for 2025-08-02

New Attack Uses Windows Shortcut Files to Install REMCOS Backdoor

Malicious AI-generated npm package hits Solana users

ThreatFox IOCs for 2025-08-01

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility