ThreatFox IOCs for 2022-09-07
ThreatFox IOCs for 2022-09-07
AI Analysis
Technical Summary
The provided threat information pertains to a collection of Indicators of Compromise (IOCs) published on September 7, 2022, by ThreatFox, a platform known for sharing threat intelligence data. The threat is categorized as malware-related, specifically linked to OSINT (Open Source Intelligence) activities, which suggests that the data primarily consists of observable artifacts such as IP addresses, domains, hashes, or URLs associated with malicious activity. However, no specific affected software versions, vulnerabilities, or exploit details are provided, and there are no known exploits in the wild linked to this threat. The technical details indicate a moderate threat level (2 out of an unspecified scale), with limited analysis (1) but a relatively higher distribution score (3), implying that the IOCs are somewhat widely disseminated or observed. The absence of CWE identifiers and patch links further indicates that this is not tied to a specific software vulnerability but rather to malware indicators useful for detection and prevention. The threat is tagged with TLP:WHITE, meaning the information is intended for public sharing without restrictions. Overall, this threat intelligence update serves as a resource for security teams to enhance detection capabilities rather than signaling an active or critical exploitation campaign.
Potential Impact
For European organizations, the impact of this threat is primarily in the domain of detection and response rather than direct compromise. Since the threat consists of IOCs related to malware, organizations can leverage this intelligence to identify potential malicious activity within their networks. The absence of known exploits in the wild reduces the immediate risk of active attacks exploiting new vulnerabilities. However, failure to incorporate these IOCs into security monitoring tools could result in missed detections of malware infections or command-and-control communications, potentially leading to data breaches, operational disruptions, or lateral movement within networks. Given the medium severity rating and the nature of the threat as OSINT-based IOCs, the impact is moderate but significant for organizations with mature security operations centers (SOCs) that rely on timely threat intelligence to prevent escalation of incidents.
Mitigation Recommendations
1. Integrate the provided IOCs into existing security information and event management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), and endpoint detection and response (EDR) tools to enable automated detection of related malicious activity. 2. Conduct regular threat hunting exercises using these IOCs to proactively identify potential compromises that may not trigger automated alerts. 3. Update firewall and proxy blacklists with any malicious IP addresses or domains included in the IOCs to block outbound and inbound malicious traffic. 4. Enhance user awareness training to recognize phishing or social engineering attempts that may deliver malware associated with these IOCs. 5. Collaborate with national and European cybersecurity information sharing organizations (e.g., ENISA, CERT-EU) to receive timely updates and contextual analysis related to these indicators. 6. Maintain robust incident response plans that incorporate procedures for handling detections related to these IOCs, ensuring rapid containment and remediation. 7. Since no patches are available, focus on detection and containment rather than vulnerability remediation for this specific threat.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- file: 159.65.88.10
- hash: 4664
- file: 51.83.47.27
- hash: 443
- file: 192.236.155.47
- hash: 443
- url: http://116.203.167.5/
- file: 209.25.141.181
- hash: 17464
- url: http://a0697279.xsph.ru/videolinux.php
- url: http://sempersim.su/gk8/fre.php
- domain: ixi-sigaho.ml
- url: http://ixi-sigaho.ml/bot/mr/
- file: 78.47.102.252
- hash: 80
- url: http://116.202.180.202/1498
- url: http://159.69.102.99/1498
- url: http://159.69.102.99/517
- url: http://159.69.102.99/1641
- url: http://116.202.180.202/1142
- url: http://78.47.102.252/
- file: 212.8.252.159
- hash: 80
- file: 205.185.113.157
- hash: 60195
- file: 45.154.98.87
- hash: 8453
- file: 212.8.251.165
- hash: 80
- file: 80.76.51.84
- hash: 81
- file: 37.139.129.11
- hash: 38241
- domain: testingmamo.tk
- domain: liviesxy.ml
- domain: ensewqzxaap.tk
- domain: sefid-ratt.tk
- domain: n1evewiopq-ir.gq
- domain: reoniwqzna.tk
- url: http://liviesxy.ml/remoot%20/
- url: http://ensewqzxaap.tk/bot.php
- url: http://sefid-ratt.tk/bot/sefid/
- url: http://n1evewiopq-ir.gq/remoot/
- url: http://reoniwqzna.tk/remoot/
- hash: fa88048b5f80993c1535ec1629dffe075db7f60e2509be890966826f2631da53
- hash: f9939b6f558ab2da1a11298dcd0daaa3
- domain: oghabhosting.ir
- domain: usk.oghabhosting.ir
- url: https://usk.oghabhosting.ir/usk
- url: https://usk.oghabhosting.ir/usk/rat.php
- hash: edcc80bdd530bd8a51763632f99065a1
- url: https://93.115.27.11/jquery-3.3.1.min.js
- file: 93.115.27.11
- hash: 443
- url: http://www.pacareer.top:8882/search/
- file: 36.255.220.157
- hash: 8882
- url: https://81.69.58.222/en_us/all.js
- file: 81.69.58.222
- hash: 443
- url: http://3.91.241.150:8084/push
- url: http://service-4vasmazv-1258249715.bj.apigw.tencentcs.com/api/amazonx
- file: 118.195.243.152
- hash: 80
- url: http://185.170.42.93/updates.rss
- file: 185.170.42.93
- hash: 80
- url: http://43.138.167.37:8076/owa/
- url: http://192.168.174.139/pixel
- file: 124.223.204.198
- hash: 80
- url: https://119.29.187.225:8082/g.pixel
- url: https://hockeysmall.com/run/p/akjwhxpw
- url: http://140.143.232.178:8082/ptj
- url: http://outlook365.baiducloud.info/preload
- file: 31.24.227.218
- hash: 80
- domain: academfleedalas.com
- domain: dangermoust.buzz
- file: 45.147.231.148
- hash: 80
- file: 84.32.188.22
- hash: 80
- file: 179.43.142.70
- hash: 80
- file: 193.239.84.225
- hash: 80
- file: 198.244.193.166
- hash: 80
- file: 216.244.71.145
- hash: 80
- url: https://mlodio.miaomiao.in:2096/activity
- file: 1.117.176.102
- hash: 2096
- hash: 9c3e0fa862609d1ec431d12b66dcbfea76cbca7e36f9714eea810eadf7c564c5
- hash: 73a8af6ddb44480a9aa87de968edf055
- file: 88.119.170.210
- hash: 80
- file: 94.130.75.65
- hash: 80
- file: 116.202.179.139
- hash: 80
- url: http://116.202.179.139/1375
- url: http://116.202.180.202/1340
- url: http://49.12.9.140/517
- url: http://88.119.170.210/
- url: http://116.202.179.139/
- url: http://94.130.75.65/
- hash: 809a7d3e2167ea027312595bf90dea0ddcabd93fa75718d4c89a87971d255031
- hash: 2220649a7dc77637e8cee14d5e0dddfdd1fd525381e02d0c626d7a23c2553cca
- file: 45.14.224.204
- hash: 38241
- file: 103.144.139.135
- hash: 443
- file: 198.98.59.54
- hash: 443
- file: 104.168.243.204
- hash: 443
- file: 45.153.240.94
- hash: 443
- url: https://121.5.66.186:1083/dot.gif
- url: http://49.232.175.5/updates.rss
- file: 94.158.247.16
- hash: 443
- file: 216.244.71.145
- hash: 443
- file: 5.255.101.31
- hash: 443
- file: 45.153.240.126
- hash: 443
- file: 138.197.195.62
- hash: 443
- domain: leonyelloswen.com
- domain: iscasbase.cyou
- domain: xqertansi.gay
- domain: kbreedfin.fun
- domain: daniasphalt.cyou
- url: http://124.223.204.198:5555/visit.js
- url: http://api.itinfo.tk/g.pixel
- file: 123.56.116.134
- hash: 80
- url: http://124.223.204.198:88/push
ThreatFox IOCs for 2022-09-07
Description
ThreatFox IOCs for 2022-09-07
AI-Powered Analysis
Technical Analysis
The provided threat information pertains to a collection of Indicators of Compromise (IOCs) published on September 7, 2022, by ThreatFox, a platform known for sharing threat intelligence data. The threat is categorized as malware-related, specifically linked to OSINT (Open Source Intelligence) activities, which suggests that the data primarily consists of observable artifacts such as IP addresses, domains, hashes, or URLs associated with malicious activity. However, no specific affected software versions, vulnerabilities, or exploit details are provided, and there are no known exploits in the wild linked to this threat. The technical details indicate a moderate threat level (2 out of an unspecified scale), with limited analysis (1) but a relatively higher distribution score (3), implying that the IOCs are somewhat widely disseminated or observed. The absence of CWE identifiers and patch links further indicates that this is not tied to a specific software vulnerability but rather to malware indicators useful for detection and prevention. The threat is tagged with TLP:WHITE, meaning the information is intended for public sharing without restrictions. Overall, this threat intelligence update serves as a resource for security teams to enhance detection capabilities rather than signaling an active or critical exploitation campaign.
Potential Impact
For European organizations, the impact of this threat is primarily in the domain of detection and response rather than direct compromise. Since the threat consists of IOCs related to malware, organizations can leverage this intelligence to identify potential malicious activity within their networks. The absence of known exploits in the wild reduces the immediate risk of active attacks exploiting new vulnerabilities. However, failure to incorporate these IOCs into security monitoring tools could result in missed detections of malware infections or command-and-control communications, potentially leading to data breaches, operational disruptions, or lateral movement within networks. Given the medium severity rating and the nature of the threat as OSINT-based IOCs, the impact is moderate but significant for organizations with mature security operations centers (SOCs) that rely on timely threat intelligence to prevent escalation of incidents.
Mitigation Recommendations
1. Integrate the provided IOCs into existing security information and event management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), and endpoint detection and response (EDR) tools to enable automated detection of related malicious activity. 2. Conduct regular threat hunting exercises using these IOCs to proactively identify potential compromises that may not trigger automated alerts. 3. Update firewall and proxy blacklists with any malicious IP addresses or domains included in the IOCs to block outbound and inbound malicious traffic. 4. Enhance user awareness training to recognize phishing or social engineering attempts that may deliver malware associated with these IOCs. 5. Collaborate with national and European cybersecurity information sharing organizations (e.g., ENISA, CERT-EU) to receive timely updates and contextual analysis related to these indicators. 6. Maintain robust incident response plans that incorporate procedures for handling detections related to these IOCs, ensuring rapid containment and remediation. 7. Since no patches are available, focus on detection and containment rather than vulnerability remediation for this specific threat.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 0bd6e5c3-4b0a-432e-bcbb-a5f40461ee8a
- Original Timestamp
- 1662595383
Indicators of Compromise
File
Value | Description | Copy |
---|---|---|
file159.65.88.10 | Dridex botnet C2 server (confidence level: 75%) | |
file51.83.47.27 | Dridex botnet C2 server (confidence level: 75%) | |
file192.236.155.47 | BumbleBee botnet C2 server (confidence level: 75%) | |
file209.25.141.181 | NjRAT botnet C2 server (confidence level: 100%) | |
file78.47.102.252 | Vidar botnet C2 server (confidence level: 100%) | |
file212.8.252.159 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file205.185.113.157 | Mirai botnet C2 server (confidence level: 75%) | |
file45.154.98.87 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file212.8.251.165 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file80.76.51.84 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file37.139.129.11 | Mirai botnet C2 server (confidence level: 75%) | |
file93.115.27.11 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file36.255.220.157 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file81.69.58.222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.195.243.152 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.170.42.93 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.223.204.198 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file31.24.227.218 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.147.231.148 | PhotoLoader botnet C2 server (confidence level: 75%) | |
file84.32.188.22 | PhotoLoader botnet C2 server (confidence level: 75%) | |
file179.43.142.70 | PhotoLoader botnet C2 server (confidence level: 75%) | |
file193.239.84.225 | PhotoLoader botnet C2 server (confidence level: 75%) | |
file198.244.193.166 | PhotoLoader botnet C2 server (confidence level: 75%) | |
file216.244.71.145 | PhotoLoader botnet C2 server (confidence level: 75%) | |
file1.117.176.102 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file88.119.170.210 | Vidar botnet C2 server (confidence level: 100%) | |
file94.130.75.65 | Vidar botnet C2 server (confidence level: 100%) | |
file116.202.179.139 | Vidar botnet C2 server (confidence level: 100%) | |
file45.14.224.204 | Mirai botnet C2 server (confidence level: 75%) | |
file103.144.139.135 | BumbleBee botnet C2 server (confidence level: 75%) | |
file198.98.59.54 | BumbleBee botnet C2 server (confidence level: 75%) | |
file104.168.243.204 | BumbleBee botnet C2 server (confidence level: 75%) | |
file45.153.240.94 | BumbleBee botnet C2 server (confidence level: 75%) | |
file94.158.247.16 | IcedID botnet C2 server (confidence level: 75%) | |
file216.244.71.145 | IcedID botnet C2 server (confidence level: 75%) | |
file5.255.101.31 | IcedID botnet C2 server (confidence level: 75%) | |
file45.153.240.126 | IcedID botnet C2 server (confidence level: 75%) | |
file138.197.195.62 | IcedID botnet C2 server (confidence level: 75%) | |
file123.56.116.134 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Hash
Value | Description | Copy |
---|---|---|
hash4664 | Dridex botnet C2 server (confidence level: 75%) | |
hash443 | Dridex botnet C2 server (confidence level: 75%) | |
hash443 | BumbleBee botnet C2 server (confidence level: 75%) | |
hash17464 | NjRAT botnet C2 server (confidence level: 100%) | |
hash80 | Vidar botnet C2 server (confidence level: 100%) | |
hash80 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash60195 | Mirai botnet C2 server (confidence level: 75%) | |
hash8453 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash80 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash81 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash38241 | Mirai botnet C2 server (confidence level: 75%) | |
hashfa88048b5f80993c1535ec1629dffe075db7f60e2509be890966826f2631da53 | IRATA payload (confidence level: 100%) | |
hashf9939b6f558ab2da1a11298dcd0daaa3 | IRATA payload (confidence level: 100%) | |
hashedcc80bdd530bd8a51763632f99065a1 | Kimsuky payload (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8882 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | PhotoLoader botnet C2 server (confidence level: 75%) | |
hash80 | PhotoLoader botnet C2 server (confidence level: 75%) | |
hash80 | PhotoLoader botnet C2 server (confidence level: 75%) | |
hash80 | PhotoLoader botnet C2 server (confidence level: 75%) | |
hash80 | PhotoLoader botnet C2 server (confidence level: 75%) | |
hash80 | PhotoLoader botnet C2 server (confidence level: 75%) | |
hash2096 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9c3e0fa862609d1ec431d12b66dcbfea76cbca7e36f9714eea810eadf7c564c5 | IRATA payload (confidence level: 100%) | |
hash73a8af6ddb44480a9aa87de968edf055 | IRATA payload (confidence level: 100%) | |
hash80 | Vidar botnet C2 server (confidence level: 100%) | |
hash80 | Vidar botnet C2 server (confidence level: 100%) | |
hash80 | Vidar botnet C2 server (confidence level: 100%) | |
hash809a7d3e2167ea027312595bf90dea0ddcabd93fa75718d4c89a87971d255031 | Remcos payload (confidence level: 100%) | |
hash2220649a7dc77637e8cee14d5e0dddfdd1fd525381e02d0c626d7a23c2553cca | Remcos payload (confidence level: 100%) | |
hash38241 | Mirai botnet C2 server (confidence level: 75%) | |
hash443 | BumbleBee botnet C2 server (confidence level: 75%) | |
hash443 | BumbleBee botnet C2 server (confidence level: 75%) | |
hash443 | BumbleBee botnet C2 server (confidence level: 75%) | |
hash443 | BumbleBee botnet C2 server (confidence level: 75%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Url
Value | Description | Copy |
---|---|---|
urlhttp://116.203.167.5/ | RecordBreaker botnet C2 (confidence level: 100%) | |
urlhttp://a0697279.xsph.ru/videolinux.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://sempersim.su/gk8/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttp://ixi-sigaho.ml/bot/mr/ | IRATA botnet C2 (confidence level: 100%) | |
urlhttp://116.202.180.202/1498 | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://159.69.102.99/1498 | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://159.69.102.99/517 | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://159.69.102.99/1641 | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://116.202.180.202/1142 | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://78.47.102.252/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://liviesxy.ml/remoot%20/ | IRATA botnet C2 (confidence level: 75%) | |
urlhttp://ensewqzxaap.tk/bot.php | IRATA botnet C2 (confidence level: 75%) | |
urlhttp://sefid-ratt.tk/bot/sefid/ | IRATA botnet C2 (confidence level: 75%) | |
urlhttp://n1evewiopq-ir.gq/remoot/ | IRATA botnet C2 (confidence level: 75%) | |
urlhttp://reoniwqzna.tk/remoot/ | IRATA botnet C2 (confidence level: 75%) | |
urlhttps://usk.oghabhosting.ir/usk | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://usk.oghabhosting.ir/usk/rat.php | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://93.115.27.11/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://www.pacareer.top:8882/search/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://81.69.58.222/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://3.91.241.150:8084/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://service-4vasmazv-1258249715.bj.apigw.tencentcs.com/api/amazonx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://185.170.42.93/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://43.138.167.37:8076/owa/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://192.168.174.139/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://119.29.187.225:8082/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://hockeysmall.com/run/p/akjwhxpw | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://140.143.232.178:8082/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://outlook365.baiducloud.info/preload | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://mlodio.miaomiao.in:2096/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://116.202.179.139/1375 | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://116.202.180.202/1340 | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://49.12.9.140/517 | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://88.119.170.210/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://116.202.179.139/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://94.130.75.65/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://121.5.66.186:1083/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://49.232.175.5/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://124.223.204.198:5555/visit.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://api.itinfo.tk/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://124.223.204.198:88/push | Cobalt Strike botnet C2 (confidence level: 100%) |
Domain
Value | Description | Copy |
---|---|---|
domainixi-sigaho.ml | IRATA botnet C2 domain (confidence level: 100%) | |
domaintestingmamo.tk | IRATA botnet C2 domain (confidence level: 75%) | |
domainliviesxy.ml | IRATA botnet C2 domain (confidence level: 75%) | |
domainensewqzxaap.tk | IRATA botnet C2 domain (confidence level: 75%) | |
domainsefid-ratt.tk | IRATA botnet C2 domain (confidence level: 75%) | |
domainn1evewiopq-ir.gq | IRATA botnet C2 domain (confidence level: 75%) | |
domainreoniwqzna.tk | IRATA botnet C2 domain (confidence level: 75%) | |
domainoghabhosting.ir | IRATA botnet C2 domain (confidence level: 100%) | |
domainusk.oghabhosting.ir | IRATA botnet C2 domain (confidence level: 100%) | |
domainacademfleedalas.com | IcedID botnet C2 domain (confidence level: 100%) | |
domaindangermoust.buzz | IcedID botnet C2 domain (confidence level: 100%) | |
domainleonyelloswen.com | IcedID botnet C2 domain (confidence level: 100%) | |
domainiscasbase.cyou | IcedID botnet C2 domain (confidence level: 100%) | |
domainxqertansi.gay | IcedID botnet C2 domain (confidence level: 100%) | |
domainkbreedfin.fun | IcedID botnet C2 domain (confidence level: 100%) | |
domaindaniasphalt.cyou | IcedID botnet C2 domain (confidence level: 100%) |
Threat ID: 682b7b9fd3ddd8cef2e651c9
Added to database: 5/19/2025, 6:42:39 PM
Last enriched: 6/18/2025, 6:50:02 PM
Last updated: 8/16/2025, 4:28:26 PM
Views: 12
Related Threats
ThreatFox IOCs for 2025-08-16
MediumScammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumThreatFox IOCs for 2025-08-15
MediumThreat Actor Profile: Interlock Ransomware
Medium'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.