Skip to main content

ThreatFox IOCs for 2023-09-04

Medium
Published: Mon Sep 04 2023 (09/04/2023, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2023-09-04

AI-Powered Analysis

AILast updated: 06/18/2025, 19:01:53 UTC

Technical Analysis

The provided threat intelligence concerns a malware-related report titled "ThreatFox IOCs for 2023-09-04," sourced from ThreatFox, a platform specializing in sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under "type:osint," indicating it primarily involves open-source intelligence data rather than a specific malware family or exploit. No specific affected software versions, vulnerabilities, or detailed technical indicators are provided, and there are no known exploits in the wild associated with this threat at the time of publication. The threat level is rated as 2 on an unspecified scale, with analysis and distribution scores of 1 and 3 respectively, suggesting limited analytical depth but a moderate distribution or presence in the wild. The absence of CWEs, patch links, or detailed technical descriptions implies that this report serves more as an informational update or a collection of IOCs rather than a direct alert about an active or emerging exploit. The medium severity rating reflects a cautious stance, acknowledging potential risks without concrete evidence of widespread impact or exploitation. Overall, this threat intelligence appears to be a situational awareness update rather than a critical or immediate threat, emphasizing the importance of monitoring and preparedness rather than urgent remediation.

Potential Impact

Given the lack of specific technical details, affected products, or known exploits, the direct impact on European organizations is currently limited. However, the distribution score of 3 indicates that the malware or associated IOCs may be moderately present or circulating, which could pose risks if leveraged in targeted attacks. European organizations relying on open-source intelligence tools or platforms similar to ThreatFox might encounter these IOCs during threat hunting or incident response activities. The medium severity suggests potential confidentiality, integrity, or availability concerns if the malware were to be deployed effectively, but no immediate widespread compromise is evident. The absence of authentication or user interaction details limits the ability to assess exploitation ease, but the general nature of OSINT-related malware implies that attacks could be opportunistic or part of broader reconnaissance efforts. Consequently, European entities should remain vigilant, particularly those in critical infrastructure, finance, and government sectors, where even low-level threats can escalate if combined with other attack vectors.

Mitigation Recommendations

1. Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities. 2. Conduct regular threat hunting exercises using the latest OSINT feeds to identify any signs of compromise related to these IOCs. 3. Maintain updated and comprehensive asset inventories to quickly assess exposure to any emerging threats linked to these indicators. 4. Implement network segmentation and strict access controls to limit lateral movement should an infection occur. 5. Educate security teams on interpreting and leveraging OSINT data effectively, ensuring that medium-severity alerts are contextualized appropriately. 6. Establish collaboration channels with national and European cybersecurity centers to share intelligence and receive timely updates on evolving threats. 7. Regularly review and update incident response plans to incorporate scenarios involving OSINT-derived malware threats, even if currently low impact. These steps go beyond generic advice by focusing on operationalizing OSINT data and enhancing proactive detection and response capabilities tailored to the nature of this threat.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
0cc699a4-712c-4af0-9e9c-58e73187d1af
Original Timestamp
1693872186

Indicators of Compromise

Hash

ValueDescriptionCopy
hashea03949e3413e44d6d05811945786d51f2709785c51bdd208cf98729735bf61e
IRATA payload (confidence level: 100%)
hash5ccc72c812f0481525f9843572a39ff0
IRATA payload (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash6012
Vidar botnet C2 server (confidence level: 100%)
hash80
Vidar payload delivery server (confidence level: 100%)
hash80
Vidar payload delivery server (confidence level: 75%)
hash6012
Vidar payload delivery server (confidence level: 75%)
hash5200
Ave Maria botnet C2 server (confidence level: 100%)
hash65012
RedLine Stealer botnet C2 server (confidence level: 100%)
hash9191
AsyncRAT botnet C2 server (confidence level: 75%)
hash34771
Remcos botnet C2 server (confidence level: 75%)
hash2404
Remcos botnet C2 server (confidence level: 75%)
hash6141
Nanocore RAT botnet C2 server (confidence level: 100%)
hash0b4aab3d1e2946b15b70a63187c1f927
Unknown malware payload (confidence level: 100%)
hasha2ccca25a57f7c333793be885fbaabd5
Unknown malware payload (confidence level: 100%)
hash9b5a386b42ed4a71bbc7e5f02d8c839c
Unknown malware payload (confidence level: 100%)
hash8218fb24a9f9fca3e77a9ab23a21a17c
Unknown malware payload (confidence level: 100%)
hash5ba5aefd107ac20a3a8eb15041391f89
Unknown malware payload (confidence level: 100%)
hashb502f85e1559a988a4b4ac02ae22aa1c
Unknown malware payload (confidence level: 100%)
hash7266828b63a4b7546f471a1ea94ddbf3
Unknown malware payload (confidence level: 100%)
hash40e0ae476e4a5e60c0dd9a2a0eccfed5
Unknown malware payload (confidence level: 100%)
hashf91f56ea971437c2595b2eabd0193aa6
Unknown malware payload (confidence level: 100%)
hash7147a5a950aa7cc28363df93660e5f81
Unknown malware payload (confidence level: 100%)
hash68072c82a4ca9b73711ed8ba805d9438
Unknown malware payload (confidence level: 100%)
hasha586c8d091d6fd6ac89f046fadda9d06
Unknown malware payload (confidence level: 100%)
hash0028ae97577bdb8debd2142e24f04122
Unknown malware payload (confidence level: 100%)
hash80
BianLian botnet C2 server (confidence level: 50%)
hash443
BianLian botnet C2 server (confidence level: 50%)
hash8000
BianLian botnet C2 server (confidence level: 50%)
hash8080
BianLian botnet C2 server (confidence level: 50%)
hash8443
BianLian botnet C2 server (confidence level: 50%)
hash5113
BianLian botnet C2 server (confidence level: 50%)
hash80
Havoc botnet C2 server (confidence level: 50%)
hash80
Responder botnet C2 server (confidence level: 50%)
hash443
Responder botnet C2 server (confidence level: 50%)
hash443
Responder botnet C2 server (confidence level: 50%)
hash5985
Responder botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash80
Vidar botnet C2 server (confidence level: 100%)
hash80
Vidar botnet C2 server (confidence level: 100%)
hash443
IcedID botnet C2 server (confidence level: 50%)
hash17355
RedLine Stealer botnet C2 server (confidence level: 100%)
hash11290
RedLine Stealer botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hashd245f208d2a682f4d2c4464557973bf26dee756b251f162adb00b4074b4db3ac
Konni payload (confidence level: 100%)
hash95daed761fda53bc7acdce7b880c1cb661bf75988084914e0958d33314768fa1
IRATA payload (confidence level: 100%)
hash24142fc156fb6816a3d7a0f7c6e3a3cf
IRATA payload (confidence level: 100%)
hash41140
RedLine Stealer botnet C2 server (confidence level: 100%)
hash34132
RedLine Stealer botnet C2 server (confidence level: 100%)
hash12834
RedLine Stealer botnet C2 server (confidence level: 100%)
hash20580
RedLine Stealer botnet C2 server (confidence level: 100%)
hash8088
Unknown malware botnet C2 server (confidence level: 100%)
hash8088
Unknown malware botnet C2 server (confidence level: 100%)
hash8088
Unknown malware botnet C2 server (confidence level: 100%)
hash8088
Unknown malware botnet C2 server (confidence level: 100%)
hash8088
Unknown malware botnet C2 server (confidence level: 100%)
hash8088
Unknown malware botnet C2 server (confidence level: 100%)
hash8088
Unknown malware botnet C2 server (confidence level: 100%)
hash8088
Unknown malware botnet C2 server (confidence level: 100%)
hash8088
Unknown malware botnet C2 server (confidence level: 100%)
hash8088
Unknown malware botnet C2 server (confidence level: 100%)
hash8088
Unknown malware botnet C2 server (confidence level: 100%)
hash8088
Unknown malware botnet C2 server (confidence level: 100%)
hash8088
Unknown malware botnet C2 server (confidence level: 100%)
hash8088
Unknown malware botnet C2 server (confidence level: 100%)
hash8088
Unknown malware botnet C2 server (confidence level: 100%)
hash8088
Unknown malware botnet C2 server (confidence level: 100%)
hash8088
Unknown malware botnet C2 server (confidence level: 100%)
hash43407
RedLine Stealer botnet C2 server (confidence level: 100%)
hash19529
Nanocore RAT botnet C2 server (confidence level: 100%)
hash19529
Nanocore RAT botnet C2 server (confidence level: 100%)
hash19529
Nanocore RAT botnet C2 server (confidence level: 100%)
hash19529
Nanocore RAT botnet C2 server (confidence level: 100%)
hash19529
Nanocore RAT botnet C2 server (confidence level: 100%)
hash19529
Nanocore RAT botnet C2 server (confidence level: 100%)
hash222
AsyncRAT botnet C2 server (confidence level: 75%)
hash6606
AsyncRAT botnet C2 server (confidence level: 75%)
hash6606
AsyncRAT botnet C2 server (confidence level: 75%)
hash6606
AsyncRAT botnet C2 server (confidence level: 75%)
hash6606
AsyncRAT botnet C2 server (confidence level: 75%)
hash6606
AsyncRAT botnet C2 server (confidence level: 75%)
hash222
AsyncRAT botnet C2 server (confidence level: 75%)
hash6606
AsyncRAT botnet C2 server (confidence level: 75%)
hash6606
AsyncRAT botnet C2 server (confidence level: 75%)
hash6606
AsyncRAT botnet C2 server (confidence level: 75%)
hash222
AsyncRAT botnet C2 server (confidence level: 100%)
hash222
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 75%)
hash222
AsyncRAT botnet C2 server (confidence level: 75%)
hash222
AsyncRAT botnet C2 server (confidence level: 100%)
hash222
AsyncRAT botnet C2 server (confidence level: 100%)
hash222
AsyncRAT botnet C2 server (confidence level: 100%)
hash222
AsyncRAT botnet C2 server (confidence level: 100%)
hash222
AsyncRAT botnet C2 server (confidence level: 100%)
hash8848
DCRat botnet C2 server (confidence level: 75%)
hash8080
DCRat botnet C2 server (confidence level: 75%)
hash80
N-W0rm botnet C2 server (confidence level: 100%)
hash15312
NjRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 50%)
hash8080
Deimos botnet C2 server (confidence level: 50%)
hash4353
BianLian botnet C2 server (confidence level: 50%)
hash443
BianLian botnet C2 server (confidence level: 50%)
hash443
BianLian botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash5985
Responder botnet C2 server (confidence level: 50%)
hash80
Responder botnet C2 server (confidence level: 50%)
hash591
DCRat botnet C2 server (confidence level: 50%)
hash81
RedLine Stealer botnet C2 server (confidence level: 100%)
hash1888
Unknown malware botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash9080
Meterpreter botnet C2 server (confidence level: 100%)
hash80
IcedID botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9000
Vidar botnet C2 server (confidence level: 100%)
hash80
Vidar botnet C2 server (confidence level: 100%)
hash5050
NjRAT botnet C2 server (confidence level: 100%)

Domain

ValueDescriptionCopy
domaineb-la-gh-ie-se-na.org
IRATA payload delivery domain (confidence level: 100%)
domained-se-na-ir.org
IRATA botnet C2 domain (confidence level: 100%)
domaingooglestates.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domaindashonlineclub.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainfiorentcamcycle.redirectme.net
Loki Password Stealer (PWS) botnet C2 domain (confidence level: 50%)
domainceryew2ir.com
IRATA payload delivery domain (confidence level: 100%)
domainpelsotin.buzz
Loki Password Stealer (PWS) botnet C2 domain (confidence level: 50%)
domainxreyz.com
IRATA botnet C2 domain (confidence level: 100%)
domaingctatick.com
Unknown malware botnet C2 domain (confidence level: 50%)
domaingoogle-analytiks.com
Unknown malware botnet C2 domain (confidence level: 50%)
domaingooglestates.com
Unknown malware botnet C2 domain (confidence level: 50%)
domaingstatick.com
Unknown malware botnet C2 domain (confidence level: 50%)
domainservice-opiag0j1-1308639534.sh.apigw.tencentcs.com
Cobalt Strike botnet C2 domain (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttp://eb-la-gh-ie-se-na.org/i/%d8%b9%d8%af%d8%a7%d9%84%d8%aa%20%d9%87%d9%85%d8%b1%d8%a7%d9%87.apk
IRATA payload delivery URL (confidence level: 100%)
urlhttps://eb-la-gh-ie-se-na.org/i/%d8%b9%d8%af%d8%a7%d9%84%d8%aa%20%d9%87%d9%85%d8%b1%d8%a7%d9%87.apk
IRATA payload delivery URL (confidence level: 100%)
urlhttps://ed-se-na-ir.org/criminal/contact.php?result=ok&action=upload&androidid=
IRATA botnet C2 (confidence level: 100%)
urlhttps://ed-se-na-ir.org/criminal/contact.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://ed-se-na-ir.org/criminal
IRATA botnet C2 (confidence level: 100%)
urlhttps://ed-se-na-ir.org
IRATA botnet C2 (confidence level: 100%)
urlhttps://eb-la-gh-ie-se-na.org/i/ap.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://ed-se-na-ir.org/criminal/sms.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://raw.githubusercontent.com/vangguardadomorrisseyney32/dust-0001/main/d.txt
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://owkdzodqzodqjefjnnejenefe.site/vvmd54/
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://ewkekezmwzfevwvwvvmmmmmmwfwf.site/zgbn19mx
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://ewkekezmwzfevwvwvvmmmmmmwfwf.site/lander/chrome/_index.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://stats-best.site/fp.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://znqjdnqzdqzfqmfqmkfq.site/vvmd54/
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://gkrokbmrkmrxtmxrxr.space/vvmd54/
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://dashminimaltokens.xyz/
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://mixz.shop/mi341/index.php
Azorult botnet C2 (confidence level: 100%)
urlhttp://pelsotin.buzz/moore/_errorpages/five/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://phonevronlene.xyz/c2conf
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://fiorentcamcycle.redirectme.net/jzdgfsh/panel/five/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://simesmile.xyz/c2conf
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://004727cm.n9shteam1.top/nyashsupport.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://gutesherz.org/go.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://nkstoreads.com/auno.zip
Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://65.109.229.201/sp1.zip
Vidar botnet C2 (confidence level: 100%)
urlhttp://65.109.229.201/
Vidar botnet C2 (confidence level: 100%)
urlhttp://128.140.47.150:10099/base.zip
Vidar botnet C2 (confidence level: 100%)
urlhttp://116.203.75.210:6012/
Vidar botnet C2 (confidence level: 100%)
urlhttp://116.203.75.210:6012/sp1.zip
Vidar botnet C2 (confidence level: 100%)
urlhttp://45.8.159.53/eternalsecurepacketsqltest.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://acecnouwglass.xyz/
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://124.220.189.137/news/details
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://8.134.151.230/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://111.67.195.154:8888/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://ceryew2ir.com/ed.apk
IRATA payload delivery URL (confidence level: 100%)
urlhttps://xreyz.com/000
IRATA botnet C2 (confidence level: 100%)
urlhttps://xreyz.com/000/rat.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://xreyz.com/
IRATA botnet C2 (confidence level: 100%)
urlhttps://xreyz.com/000/url.txt
IRATA botnet C2 (confidence level: 100%)
urlhttp://89.208.137.159:5200/add/
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://124.220.189.137:8888/news/details
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://121.40.72.141/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://38.54.119.239:443/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://47.104.221.243:9080/activity
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://83.220.169.211/public8/voiddbwordpress2python/6togamevm/6/datalifegame/vmauthjavascript/9universalproviderhttp/image/generatorpoll/voiddb/sqlpollgeopacket/cdntemporary_/auth7voiddb_/8/9pipe/wordpress/update/apiproton/cpudefault/_secure.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://111.229.19.199/static/js/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://151.236.9.117:10443/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://206.238.42.198/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://123.56.128.182/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://124.71.84.65:8443/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://1.117.93.65/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://39.107.242.125/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.71.212.123:9999/ptj
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://cs45up230808.iqiyia.com:2053/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://service-opiag0j1-1308639534.sh.apigw.tencentcs.com/api/getit
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://175.178.79.10/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://124.71.84.65/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://139.155.42.254:111/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://cs45up230823s.iqiyia.com:2083/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://139.9.41.156:81/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://47.118.48.188/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://43.153.222.28/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://5.75.209.196:9000/
Vidar botnet C2 (confidence level: 100%)
urlhttp://5.75.209.196:9000/htdocs.zip
Vidar botnet C2 (confidence level: 100%)
urlhttps://t.me/macstoc
Vidar botnet C2 (confidence level: 100%)
urlhttps://steamcommunity.com/profiles/76561199548518734
Vidar botnet C2 (confidence level: 100%)
urlhttp://195.201.248.117/
Vidar botnet C2 (confidence level: 100%)
urlhttp://195.201.248.117/htdocs.zip
Vidar botnet C2 (confidence level: 100%)
urlhttps://175.178.79.10/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://cx11830.tw1.ru/_defaultwindows.php
DCRat botnet C2 (confidence level: 100%)

File

ValueDescriptionCopy
file116.203.194.248
Remcos botnet C2 server (confidence level: 100%)
file116.203.75.210
Vidar botnet C2 server (confidence level: 100%)
file79.137.206.192
Vidar payload delivery server (confidence level: 100%)
file65.109.229.201
Vidar payload delivery server (confidence level: 75%)
file116.203.75.210
Vidar payload delivery server (confidence level: 75%)
file46.183.222.77
Ave Maria botnet C2 server (confidence level: 100%)
file103.202.55.172
RedLine Stealer botnet C2 server (confidence level: 100%)
file51.254.49.49
AsyncRAT botnet C2 server (confidence level: 75%)
file163.123.143.99
Remcos botnet C2 server (confidence level: 75%)
file193.42.32.237
Remcos botnet C2 server (confidence level: 75%)
file103.212.81.152
Nanocore RAT botnet C2 server (confidence level: 100%)
file104.194.222.70
BianLian botnet C2 server (confidence level: 50%)
file104.194.222.70
BianLian botnet C2 server (confidence level: 50%)
file104.194.222.70
BianLian botnet C2 server (confidence level: 50%)
file104.194.222.70
BianLian botnet C2 server (confidence level: 50%)
file104.194.222.70
BianLian botnet C2 server (confidence level: 50%)
file103.20.235.154
BianLian botnet C2 server (confidence level: 50%)
file2.56.10.6
Havoc botnet C2 server (confidence level: 50%)
file104.207.155.133
Responder botnet C2 server (confidence level: 50%)
file143.110.239.243
Responder botnet C2 server (confidence level: 50%)
file5.161.227.219
Responder botnet C2 server (confidence level: 50%)
file5.161.227.219
Responder botnet C2 server (confidence level: 50%)
file60.204.211.173
Unknown malware botnet C2 server (confidence level: 50%)
file65.109.229.201
Vidar botnet C2 server (confidence level: 100%)
file37.27.17.95
Vidar botnet C2 server (confidence level: 100%)
file159.203.22.84
IcedID botnet C2 server (confidence level: 50%)
file185.149.146.41
RedLine Stealer botnet C2 server (confidence level: 100%)
file85.209.3.13
RedLine Stealer botnet C2 server (confidence level: 100%)
file124.220.189.137
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.134.151.230
Cobalt Strike botnet C2 server (confidence level: 100%)
file31.41.244.27
RedLine Stealer botnet C2 server (confidence level: 100%)
file136.243.144.126
RedLine Stealer botnet C2 server (confidence level: 100%)
file4.216.136.100
RedLine Stealer botnet C2 server (confidence level: 100%)
file45.92.1.32
RedLine Stealer botnet C2 server (confidence level: 100%)
file103.147.225.170
Unknown malware botnet C2 server (confidence level: 100%)
file104.234.10.8
Unknown malware botnet C2 server (confidence level: 100%)
file167.88.166.221
Unknown malware botnet C2 server (confidence level: 100%)
file172.86.96.152
Unknown malware botnet C2 server (confidence level: 100%)
file172.86.97.173
Unknown malware botnet C2 server (confidence level: 100%)
file172.86.97.85
Unknown malware botnet C2 server (confidence level: 100%)
file202.79.169.188
Unknown malware botnet C2 server (confidence level: 100%)
file202.95.15.135
Unknown malware botnet C2 server (confidence level: 100%)
file217.148.142.58
Unknown malware botnet C2 server (confidence level: 100%)
file27.124.19.133
Unknown malware botnet C2 server (confidence level: 100%)
file27.124.20.29
Unknown malware botnet C2 server (confidence level: 100%)
file27.124.41.223
Unknown malware botnet C2 server (confidence level: 100%)
file27.124.44.230
Unknown malware botnet C2 server (confidence level: 100%)
file27.124.47.53
Unknown malware botnet C2 server (confidence level: 100%)
file45.61.128.113
Unknown malware botnet C2 server (confidence level: 100%)
file62.72.27.139
Unknown malware botnet C2 server (confidence level: 100%)
file62.72.27.90
Unknown malware botnet C2 server (confidence level: 100%)
file89.208.137.159
RedLine Stealer botnet C2 server (confidence level: 100%)
file3.22.30.40
Nanocore RAT botnet C2 server (confidence level: 100%)
file3.17.7.232
Nanocore RAT botnet C2 server (confidence level: 100%)
file3.134.39.220
Nanocore RAT botnet C2 server (confidence level: 100%)
file3.14.182.203
Nanocore RAT botnet C2 server (confidence level: 100%)
file3.134.125.175
Nanocore RAT botnet C2 server (confidence level: 100%)
file3.13.191.225
Nanocore RAT botnet C2 server (confidence level: 100%)
file198.244.251.250
AsyncRAT botnet C2 server (confidence level: 75%)
file51.161.105.119
AsyncRAT botnet C2 server (confidence level: 75%)
file5.196.35.57
AsyncRAT botnet C2 server (confidence level: 75%)
file146.59.161.10
AsyncRAT botnet C2 server (confidence level: 75%)
file51.195.145.78
AsyncRAT botnet C2 server (confidence level: 75%)
file158.69.131.146
AsyncRAT botnet C2 server (confidence level: 75%)
file51.222.69.3
AsyncRAT botnet C2 server (confidence level: 75%)
file51.195.251.7
AsyncRAT botnet C2 server (confidence level: 75%)
file51.89.207.166
AsyncRAT botnet C2 server (confidence level: 75%)
file51.89.204.67
AsyncRAT botnet C2 server (confidence level: 75%)
file51.195.251.9
AsyncRAT botnet C2 server (confidence level: 100%)
file51.254.49.49
AsyncRAT botnet C2 server (confidence level: 100%)
file15.204.170.1
AsyncRAT botnet C2 server (confidence level: 75%)
file51.81.7.207
AsyncRAT botnet C2 server (confidence level: 75%)
file45.138.16.217
AsyncRAT botnet C2 server (confidence level: 100%)
file45.138.16.89
AsyncRAT botnet C2 server (confidence level: 100%)
file147.124.209.80
AsyncRAT botnet C2 server (confidence level: 100%)
file74.208.105.80
AsyncRAT botnet C2 server (confidence level: 100%)
file23.254.227.121
AsyncRAT botnet C2 server (confidence level: 100%)
file81.218.45.223
DCRat botnet C2 server (confidence level: 75%)
file119.91.99.194
DCRat botnet C2 server (confidence level: 75%)
file190.22.177.241
N-W0rm botnet C2 server (confidence level: 100%)
file18.158.58.205
NjRAT botnet C2 server (confidence level: 100%)
file159.89.48.118
Unknown malware botnet C2 server (confidence level: 50%)
file184.97.46.154
Deimos botnet C2 server (confidence level: 50%)
file103.20.235.154
BianLian botnet C2 server (confidence level: 50%)
file192.236.192.207
BianLian botnet C2 server (confidence level: 50%)
file85.13.119.236
BianLian botnet C2 server (confidence level: 50%)
file206.166.251.95
Havoc botnet C2 server (confidence level: 50%)
file206.71.148.109
Responder botnet C2 server (confidence level: 50%)
file46.101.82.153
Responder botnet C2 server (confidence level: 50%)
file179.43.142.36
DCRat botnet C2 server (confidence level: 50%)
file193.106.175.168
RedLine Stealer botnet C2 server (confidence level: 100%)
file121.4.115.237
Unknown malware botnet C2 server (confidence level: 50%)
file192.210.136.252
Unknown malware botnet C2 server (confidence level: 50%)
file175.24.205.80
Unknown malware botnet C2 server (confidence level: 50%)
file47.104.221.243
Meterpreter botnet C2 server (confidence level: 100%)
file193.149.129.81
IcedID botnet C2 server (confidence level: 75%)
file47.118.48.188
Cobalt Strike botnet C2 server (confidence level: 100%)
file5.75.209.196
Vidar botnet C2 server (confidence level: 100%)
file195.201.248.117
Vidar botnet C2 server (confidence level: 100%)
file91.109.180.3
NjRAT botnet C2 server (confidence level: 100%)

Threat ID: 682b7b9fd3ddd8cef2e66604

Added to database: 5/19/2025, 6:42:39 PM

Last enriched: 6/18/2025, 7:01:53 PM

Last updated: 8/13/2025, 5:14:33 PM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats