ThreatFox IOCs for 2023-09-25
ThreatFox IOCs for 2023-09-25
AI Analysis
Technical Summary
The provided threat intelligence relates to a malware category entry titled "ThreatFox IOCs for 2023-09-25," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The entry is classified under "type:osint," indicating it primarily serves as an open-source intelligence artifact rather than a direct exploit or vulnerability affecting specific software products. No specific affected versions or products are listed, and no patch links or CWE identifiers are provided, suggesting this entry is more informational, focusing on malware-related IOCs collected or observed around the date of September 25, 2023. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, which may imply moderate distribution or prevalence of the malware or related IOCs. There are no known exploits in the wild directly associated with this entry, and no indicators are provided in the data, limiting the ability to perform detailed technical analysis on the malware's behavior, infection vectors, or payload characteristics. The severity is marked as medium, reflecting a moderate risk level based on available information. Overall, this entry appears to be a cataloging or sharing of malware-related intelligence rather than a direct vulnerability or active exploit campaign.
Potential Impact
Given the lack of specific affected products, versions, or detailed technical indicators, the direct impact of this threat on European organizations is difficult to quantify. However, as a malware-related IOC collection, it potentially signals ongoing or emerging malware campaigns that could target various sectors. European organizations relying on open-source intelligence for threat detection and response may benefit from integrating such IOCs to enhance situational awareness. The medium severity suggests a moderate risk, possibly indicating that the malware or associated campaigns could lead to data compromise, disruption, or unauthorized access if leveraged effectively by threat actors. The absence of known exploits in the wild reduces the immediate risk of widespread exploitation but does not preclude targeted attacks. Organizations in critical infrastructure, finance, healthcare, and government sectors in Europe should remain vigilant, as malware campaigns often aim at these high-value targets. The impact could include confidentiality breaches, integrity violations, or availability disruptions depending on the malware's capabilities, which are unspecified here.
Mitigation Recommendations
To mitigate risks associated with malware-related IOCs such as those shared by ThreatFox, European organizations should implement the following specific measures: 1) Integrate ThreatFox and similar OSINT feeds into Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enable automated detection of known IOCs. 2) Regularly update and tune detection rules to reduce false positives and improve detection accuracy based on the latest intelligence. 3) Conduct proactive threat hunting exercises using the shared IOCs to identify potential compromises early. 4) Enhance network segmentation and apply strict access controls to limit lateral movement if malware is detected. 5) Employ user behavior analytics to detect anomalies that may indicate malware activity, especially in the absence of direct IOC matches. 6) Maintain robust backup and recovery procedures to mitigate potential data loss or ransomware impacts. 7) Provide targeted cybersecurity awareness training focused on malware infection vectors relevant to the latest threat intelligence. These steps go beyond generic advice by emphasizing the operationalization of OSINT feeds and proactive detection strategies tailored to the nature of the shared intelligence.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland
Indicators of Compromise
- file: 45.135.128.195
- hash: 8888
- file: 54.198.73.201
- hash: 8083
- file: 104.194.11.69
- hash: 8080
- file: 13.57.55.155
- hash: 443
- file: 90.62.249.133
- hash: 2550
- file: 90.62.249.133
- hash: 2551
- file: 90.62.249.133
- hash: 2552
- file: 90.62.249.133
- hash: 2553
- file: 90.62.249.133
- hash: 2554
- file: 90.62.249.133
- hash: 2555
- file: 90.62.249.133
- hash: 2556
- file: 90.62.249.133
- hash: 2557
- file: 90.62.249.133
- hash: 2558
- file: 90.62.249.133
- hash: 2559
- file: 90.62.249.133
- hash: 2560
- file: 90.62.249.133
- hash: 2561
- file: 90.62.249.133
- hash: 2562
- file: 90.62.249.133
- hash: 2563
- file: 90.62.249.133
- hash: 2564
- file: 90.62.249.133
- hash: 2565
- file: 90.62.249.133
- hash: 2566
- file: 90.62.249.133
- hash: 2567
- file: 90.62.249.133
- hash: 2568
- file: 90.62.249.133
- hash: 2569
- file: 90.62.249.133
- hash: 2570
- file: 90.62.249.133
- hash: 2571
- file: 90.62.249.133
- hash: 2572
- file: 90.62.249.133
- hash: 2573
- file: 90.62.249.133
- hash: 2574
- file: 90.62.249.133
- hash: 2575
- file: 90.62.249.133
- hash: 2576
- file: 90.62.249.133
- hash: 2577
- file: 90.62.249.133
- hash: 2578
- file: 90.62.249.133
- hash: 2579
- file: 90.62.249.133
- hash: 2580
- file: 90.62.249.133
- hash: 2581
- file: 90.62.249.133
- hash: 2582
- file: 90.62.249.133
- hash: 2583
- file: 90.62.249.133
- hash: 2584
- file: 90.62.249.133
- hash: 2585
- file: 90.62.249.133
- hash: 2586
- file: 90.62.249.133
- hash: 2587
- file: 90.62.249.133
- hash: 2588
- file: 90.62.249.133
- hash: 2589
- file: 90.62.249.133
- hash: 2590
- file: 90.62.249.133
- hash: 2591
- file: 90.62.249.133
- hash: 2592
- file: 90.62.249.133
- hash: 2593
- file: 90.62.249.133
- hash: 2594
- file: 90.62.249.133
- hash: 2595
- file: 90.62.249.133
- hash: 2596
- file: 90.62.249.133
- hash: 2597
- file: 90.62.249.133
- hash: 2598
- file: 90.62.249.133
- hash: 2599
- file: 90.62.249.133
- hash: 2600
- file: 43.138.170.161
- hash: 443
- file: 120.46.164.123
- hash: 9999
- file: 60.204.202.16
- hash: 9090
- file: 39.104.27.24
- hash: 443
- file: 52.56.159.3
- hash: 2376
- file: 119.91.99.194
- hash: 8081
- url: http://753139cl.nyashtop.top/videoserver.php
- domain: homesafe1000.duckdns.org
- file: 89.208.106.3
- hash: 443
- file: 46.13.89.41
- hash: 9999
- file: 104.37.215.1
- hash: 4782
- file: 37.139.129.145
- hash: 5505
- file: 94.156.6.246
- hash: 4782
- domain: web.sunvn.net
- domain: casino-within.at.ply.gg
- domain: go-bean.at.ply.gg
- domain: microsoft-virtualpc.duckdns.org
- domain: weeks-nine.gl.at.ply.gg
- domain: supply-dressing.gl.at.ply.gg
- domain: buy-positioning.at.ply.gg
- domain: donbaguette-43001.portmap.io
- domain: eain-63347.portmap.io
- domain: short-rough.gl.at.ply.gg
- file: 176.31.21.120
- hash: 2376
- url: http://coldwinded.fun/api
- url: https://gotham.community/stealer/api.php
- url: http://office.aluminprodu.top/_errorpages/office/five/fre.php
- url: http://ffice.aluminprodu.top/_errorpages/office/five/fre.php
- file: 2.59.254.111
- hash: 5500
- file: 91.198.77.194
- hash: 3790
- file: 45.42.45.104
- hash: 8080
- url: http://zsin1.andrebadi.top/_errorpages/zsin1/five/fre.php
- file: 47.104.179.218
- hash: 2222
- file: 139.159.220.167
- hash: 3412
- url: http://168.119.168.251/
- url: http://49.13.80.90:10088/data.zip
- url: http://168.119.168.251/data.zip
- url: http://79.137.198.72/
- url: http://79.137.198.72/data.zip
- file: 49.13.80.90
- hash: 10088
- file: 168.119.168.251
- hash: 80
- file: 79.137.198.72
- hash: 80
- file: 135.125.124.72
- hash: 2078
- file: 45.182.189.107
- hash: 443
- domain: iran-sah.fartit.com
- domain: iran-sahm.fartit.com
- domain: ed-iran.faqserv.com
- domain: ir-sahm.fartit.com
- domain: ed-ir.faqserv.com
- domain: ir-saham.faqserv.com
- domain: sahm-ir.faqserv.com
- domain: iran-sa.faqserv.com
- url: https://iran-sah.fartit.com/saham.apk
- url: https://iran-sahm.fartit.com/saham.apk
- url: https://ed-iran.faqserv.com/app.apk
- url: https://ir-sahm.fartit.com/app.apk
- url: https://ed-ir.faqserv.com/saham.apk
- url: https://ir-saham.faqserv.com/saham.apk
- url: https://sahm-ir.faqserv.com/sahamedalat.apk
- url: https://iran-sa.faqserv.com/saham.apk
- hash: e13574c32fe93b854b94c0d5ca310c0a40a1c18aef61faa412bec5f2f10bf82a
- hash: 60db5d7cb8db0d94400ed62d305aaff06912b56957cfc51c061cf1ee3845ec03
- hash: 8610f9d818e8f7fab8f361dc89dff0d9c68496bc7dd5f3f5b68637f4cb5be942
- hash: bcd49d63689ab0e80767eed27efe57665a8136605a275b81384a6411c5b60da6
- hash: 40a3d933f7f77158ecc16c11e0d16f670122bfc2e4ecfb2913485a64287ae66a
- hash: 65564178702f6954291f635fd80dfef5
- hash: ec39111f60fb5de68e7efeefdada41ee
- hash: 43b20600f1ad85d8c2e1e348f1b7e71f
- hash: 2678ce7e43d9ef7dd7e06d5feeea532e
- hash: b3eeb84551d85f3794b871b36d45e98f
- domain: rimoteu.dns2.us
- file: 172.105.92.100
- hash: 443
- file: 34.254.92.89
- hash: 445
- domain: adl-it.otzo.com
- domain: sahammn.iownyour.org
- domain: adlirn.otzo.com
- domain: adliraq.qpoe.com
- domain: adliiu.mynetav.org
- domain: adliolj.jkub.com
- domain: ea.dns04.com
- domain: rimotet.wwwhost.biz
- domain: adla.dns05.com
- domain: llllllige.zzux.com
- domain: adlelk.mynetav.org
- domain: ir-sahm.jetos.com
- domain: adlio.got-game.org
- domain: ad-tsm.vizvaz.com
- domain: adloio.iownyour.org
- domain: saham.instanthq.com
- domain: adleha.iownyour.org
- domain: es.dnsrd.com
- domain: adlirjh.instanthq.com
- domain: adlilr.qhigh.com
- domain: adlhds.wikaba.com
- domain: adlel.trickip.org
- domain: eblagh.wikaba.com
- domain: adlirn.dnsrd.com
- domain: ad-te.faqserv.com
- domain: ea.gettrials.com
- file: 162.33.177.145
- hash: 8888
- file: 23.94.28.187
- hash: 80
- file: 23.94.28.187
- hash: 443
- file: 185.132.125.121
- hash: 8888
- url: http://185.216.71.207/_errorpages/305/five/fre.php
- domain: iran-sahm.vizvaz.com
- domain: adl.authorizeddns.net
- domain: sadl.fartit.com
- domain: sa-iran.fartit.com
- domain: ed-sa.faqserv.com
- domain: adlut.faqserv.com
- domain: ir-ed.otzo.com
- domain: sah-ir.fartit.com
- domain: iran.fartit.com
- url: https://iran-sahm.vizvaz.com/app.apk
- url: https://adl.authorizeddns.net/app.apk
- url: https://sadl.fartit.com/app.apk
- url: https://sa-iran.fartit.com/app.apk
- url: https://ed-sa.faqserv.com/app.apk
- url: https://adlut.faqserv.com/saham.apk
- url: https://ir-ed.otzo.com/app.apk
- url: https://sah-ir.fartit.com/saham.apk
- url: https://iran.fartit.com/app.apk
- hash: 66b23d1f0c1f45d440ebe3e54d700f17
- hash: 73d4a798035063283d904af930e6b4ff
- hash: 9d96eb1eeb898ff2c037fda8c3f40098
- hash: a7a6196c295a65dd87893c95d7b6e3bd
- hash: fc0412ea141012536d3d16a35035d6bc
- hash: 420b20a7ad0d39394894200b0e5dce12
- hash: 2762e34feff43dd42f1ec70f01f5a97f64cd8454a3a5c9275e97609f2cbd24c3
- hash: d8a1baff9f3bedc268fc275990b1f726c2167c5eb7486a7fe9a9bbd083b314b9
- hash: d9a2b09130185745a2c33f06c60baa4370c9beedf7ef7bf48302ebdf6c7d3652
- hash: 57eea25086acef927ac427906ce9b59a88db3df4c624abb5804c3670af41d747
- hash: cbe97b320afe4430d356f07759f7e352a105c72a03cbbce1cc2ede5aeb436f74
- hash: 059f40ff1b6e32a0d570af86ca466c7a05fd333274a6e04e81e2de0f5e655cbb
- url: http://china.dhabigroup.top/_errorpages/china/five/fre.php
- url: http://remotemake.xyz/api/
- url: http://remotemake.xyz/api/-1001895340130
- url: http://remotemake.xyz/upload/
- url: http://remotemake.xyz/config/-1001895340130
- url: http://remotemake.xyz/
- url: https://ed-iran.faqserv.com/rat.php
- domain: remotemake.xyz
- file: 49.12.8.157
- hash: 80
- file: 49.12.8.157
- hash: 443
- url: https://ssd-vip.website/mamad/log.php
- url: https://194.169.175.233:8081/login
- url: https://ssd-vip.website/mamad
- url: http://194.169.175.122:8081/login
- file: 109.248.206.83
- hash: 443
- url: http://194.169.175.124:8081/login
- url: https://ssd-vip.website/morf/log.php
- url: https://ssd-vip.website/morf/web.txt
- url: https://ed-sa.faqserv.com/app.php
- url: https://ssd-vip.website/loc/web.txt
- url: https://ssd-vip.website/loc
- url: https://adlut.faqserv.com/in.php
- url: https://sah-ir.fartit.com/in.php
- url: https://ssd-vip.website/arsalan/web.txt
- url: https://ssd-vip.website/arsalan/log.php
- url: https://ssd-vip.website/arsalan
- file: 3.79.95.174
- hash: 2376
- file: 176.123.4.46
- hash: 33783
- url: https://fcmbroker.info/
- url: https://featchaddress.lat/ami/ami.php
- url: https://featchaddress.lat/ami/ami.php?h=
- url: https://featchaddress.lat/ami
- url: https://fcmbroker.info/ami/strawberry.php
- url: https://fcmbroker.info/ami
- url: https://fcmbroker.info/ami/grape.php
- domain: fcmbroker.info
- domain: featchaddress.lat
- file: 185.206.95.12
- hash: 80
- file: 185.206.95.12
- hash: 443
- file: 37.221.67.161
- hash: 443
- file: 194.169.175.229
- hash: 443
- url: https://139.155.154.67/cm
- url: https://45.11.46.50/pixel
- url: https://36.110.138.149/__utm.gif
- url: http://8.130.128.97:8080/cm
- file: 124.248.66.140
- hash: 4449
- file: 124.248.66.139
- hash: 4449
- file: 134.255.254.224
- hash: 7707
- file: 140.143.167.227
- hash: 3214
- file: 65.21.177.234
- hash: 6606
- file: 123.99.200.175
- hash: 4449
- file: 62.234.35.139
- hash: 5631
- file: 74.133.86.50
- hash: 80
- file: 62.234.33.152
- hash: 3502
- file: 5.104.84.227
- hash: 4449
- file: 185.17.0.246
- hash: 4449
- file: 103.38.236.46
- hash: 4449
- file: 74.133.86.50
- hash: 4449
- file: 185.221.67.3
- hash: 4449
- file: 198.44.165.77
- hash: 6605
- file: 101.42.137.105
- hash: 3593
- file: 103.108.66.216
- hash: 9905
- file: 222.211.73.251
- hash: 4848
- file: 123.99.200.153
- hash: 4449
- file: 103.42.31.180
- hash: 9904
- file: 198.44.184.40
- hash: 4449
- file: 49.232.230.111
- hash: 6630
- file: 135.181.226.133
- hash: 49287
- file: 154.53.45.95
- hash: 4449
- file: 101.34.3.12
- hash: 8848
- file: 103.42.31.134
- hash: 9901
- file: 124.248.66.144
- hash: 4449
- file: 65.21.177.234
- hash: 7707
- file: 135.181.255.143
- hash: 3790
- file: 104.168.135.171
- hash: 3790
- url: http://cegbqbq.net/single.php
- domain: popo01.mywire.org
- domain: riewoti.work.gd
- domain: iroexjds.work.gd
- domain: donelpacino.ddns.net
- domain: list-slow.gl.at.ply.gg
- domain: wpe.mysynology.net
- domain: trx05.duckdns.org
- domain: erorr2.webhop.net
- domain: de2.localto.net
- domain: ewoiutz9dt9bzo89tz.com
- domain: saefigozower.fun
- domain: non.accesscam.org
- domain: viper34.servebbs.net
- domain: slim1.thruhere.net
- domain: webwhatsapp.cc
- domain: sdfubuzoeoeiv.top
- domain: telachapesu.com
- domain: esteesparahoy.duckdns.org
- domain: nbnf43456httpshost.online
- domain: seuriouhvhusr.cn
- domain: capitalizerutc.com
- file: 45.86.163.114
- hash: 443
- domain: sec.estimate.top
- url: http://91.103.253.18/1655d0b0e8ecab2d.php
- file: 5.181.80.131
- hash: 5200
- file: 50.114.203.104
- hash: 7909
- file: 159.69.11.30
- hash: 7000
- file: 81.67.181.238
- hash: 9033
- file: 191.101.130.18
- hash: 8252
- file: 141.98.6.196
- hash: 7020
- file: 154.53.51.233
- hash: 8909
- file: 23.106.215.7
- hash: 7007
- file: 88.11.59.100
- hash: 8888
- file: 114.132.56.13
- hash: 8080
- file: 118.195.147.172
- hash: 80
- domain: youtubevideos.ddns.net
- domain: chikes17.duckdns.org
- domain: soon-lp.at.ply.gg
- domain: xvskill.duckdns.org
- domain: graxe239-61522.portmap.host
- domain: copy-marco.gl.at.ply.gg
- domain: atelilian99.ddns.net
- domain: garden-event.at.ply.gg
- domain: xyoptotway.work.gd
- domain: floptuytonroyem.sytes.net
- file: 185.225.75.68
- hash: 3569
- file: 77.91.68.52
- hash: 80
- url: https://lkcagar.com/link/style_images/syrp78gog0w
- domain: lkcagar.com
- url: https://43.138.170.161/cm
- file: 209.146.124.207
- hash: 443
- url: http://118.195.147.172/ga.js
- url: http://corporateupdates.info/dpixel
- domain: corporateupdates.info
- url: http://134.209.122.196/cx
- file: 134.209.122.196
- hash: 80
- url: https://165.227.45.0/front/webmail/keep-connected
- file: 38.54.71.202
- hash: 443
- file: 185.169.180.126
- hash: 3790
- file: 103.212.81.155
- hash: 47216
- url: https://81.218.45.223:8848
- url: http://alimatata.topendpower.top/_errorpages/alimatata/five/fre.php
- file: 185.38.142.102
- hash: 3107
- file: 194.169.175.122
- hash: 8081
- file: 194.169.175.122
- hash: 50500
- domain: office.aluminprodu.top
- domain: zsin1.andrebadi.top
- domain: china.dhabigroup.top
- domain: alimatata.topendpower.top
- domain: chestedband.org
- hash: 39649b0fc7239ab065f5ff778d877c28e32a4417b3417d0a59d70fa8c74ccbd8
- hash: 52fcd774e288976961f5a845afb67e49
- url: http://65.109.2.42/
- hash: c0541c3f6bbba5bf7dc24ba55b9bcad559ee28a93f8ac3ccfa2b320049d29bf3
- hash: bf24fe7680868cf7443beea880b04e9e
- file: 43.138.0.70
- hash: 6666
- url: https://raw.githubusercontent.com/mmmi9w9w0q01/s/main/ami.json
- url: https://raw.githubusercontent.com/mmmi9w9w0q01/s/main
- url: https://raw.githubusercontent.com/mmmi9w9w0q01
- url: https://keltek.co.uk/comments.php
- url: https://kendalwills.co.uk/comments.php
- url: https://kizys.net/comments.php
- hash: 92584a6157e429ed7bf38bc0c80ed510e69d02e7f5000d902fd3904711a584e8
- hash: 5a579969f1b9de3a028409412cda104f
- file: 80.66.75.66
- hash: 3388
- file: 193.42.33.27
- hash: 5252
- file: 185.255.114.32
- hash: 2404
- file: 64.188.24.134
- hash: 2404
- file: 141.98.6.9
- hash: 7044
- file: 5.252.22.56
- hash: 2404
- file: 95.214.24.210
- hash: 2404
- domain: wedhstinwell.online
- domain: comico.con-ip.com
- domain: claudiabetancurlora09.con-ip.com
- domain: cascada.con-ip.com
- domain: vanidad.con-ip.com
- domain: remsmart.hopto.org
- domain: fgndibsvisdviree.con-ip.com
- domain: remcostest.ddns.net
- domain: dsoiuhvciosdjncoshvibd.con-ip.com
- domain: wwwwwwwwww.duckdns.org
- domain: puerta1.con-ip.com
- domain: ifdhbodfijvoidsjvpfdpfijh.con-ip.com
- domain: bliv.duckdns.org
- domain: alvaritospamlamu.con-ip.com
- domain: brian0627.duckdns.org
- url: https://remote.helloworld.market/api/-1001228456341
- url: https://remote.helloworld.market/api/
- url: https://remote.helloworld.market
- domain: remote.helloworld.market
- domain: helloworld.market
- file: 94.131.112.209
- hash: 9856
- file: 94.156.102.165
- hash: 443
- file: 171.22.28.205
- hash: 8181
- file: 45.9.74.71
- hash: 80
- file: 78.47.79.11
- hash: 80
- file: 5.75.215.131
- hash: 1333
- file: 116.202.182.4
- hash: 80
- url: http://5.75.215.131:1333/
- url: http://5.75.215.131:1333/temp.zip
- url: https://steamcommunity.com/profiles/76561199555780195
- url: https://t.me/solonichat
- url: http://116.202.182.4/
- url: http://116.202.182.4/temp.zip
- file: 118.195.246.136
- hash: 443
- file: 31.172.83.48
- hash: 2376
- file: 52.86.72.243
- hash: 8083
- file: 65.109.239.71
- hash: 3790
- file: 193.42.32.174
- hash: 9931
- url: http://39.104.81.101:7777/pixel.gif
- file: 18.176.32.89
- hash: 2376
- file: 3.75.222.122
- hash: 2376
- file: 35.168.213.32
- hash: 8083
- url: http://94.131.3.70/
- url: http://83.217.11.11/
- file: 217.12.206.218
- hash: 5655
- file: 31.147.205.87
- hash: 8081
- file: 210.90.168.176
- hash: 10443
- url: http://91.103.253.2/f12a1b41d18876b0.php
- file: 172.104.205.113
- hash: 7443
- file: 3.234.128.163
- hash: 7443
- file: 146.190.67.179
- hash: 443
- file: 16.170.217.78
- hash: 443
- file: 37.120.239.175
- hash: 23450
- file: 3.253.126.198
- hash: 445
- file: 165.232.108.62
- hash: 445
- file: 175.178.249.249
- hash: 8888
- file: 121.36.105.186
- hash: 8888
- file: 123.249.87.1
- hash: 8888
- file: 178.238.184.127
- hash: 1010
- url: http://92.63.101.56/php/central7mariadb/poll/flower1/gameasync/generatorimagegame/78low/7/tempsecure3/processorbigload.php
- file: 46.29.234.41
- hash: 37689
- file: 85.58.162.169
- hash: 36275
- file: 37.113.171.12
- hash: 11320
- url: http://362764cm.nyashnyash.top/nyashsupport.php
- url: https://27.124.17.9/push
- file: 27.124.17.14
- hash: 443
- file: 27.124.17.10
- hash: 443
- file: 27.124.17.9
- hash: 443
- url: https://dlx.ti-instruments.com/qrc.css
- domain: dlx.ti-instruments.com
- url: https://corporateupdates.info/cx
- url: https://134.209.122.196/match
- url: http://178.20.47.114/
- url: http://121.5.22.133:21786/hy4h
- url: http://157.90.161.111:8086/
ThreatFox IOCs for 2023-09-25
Description
ThreatFox IOCs for 2023-09-25
AI-Powered Analysis
Technical Analysis
The provided threat intelligence relates to a malware category entry titled "ThreatFox IOCs for 2023-09-25," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The entry is classified under "type:osint," indicating it primarily serves as an open-source intelligence artifact rather than a direct exploit or vulnerability affecting specific software products. No specific affected versions or products are listed, and no patch links or CWE identifiers are provided, suggesting this entry is more informational, focusing on malware-related IOCs collected or observed around the date of September 25, 2023. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, which may imply moderate distribution or prevalence of the malware or related IOCs. There are no known exploits in the wild directly associated with this entry, and no indicators are provided in the data, limiting the ability to perform detailed technical analysis on the malware's behavior, infection vectors, or payload characteristics. The severity is marked as medium, reflecting a moderate risk level based on available information. Overall, this entry appears to be a cataloging or sharing of malware-related intelligence rather than a direct vulnerability or active exploit campaign.
Potential Impact
Given the lack of specific affected products, versions, or detailed technical indicators, the direct impact of this threat on European organizations is difficult to quantify. However, as a malware-related IOC collection, it potentially signals ongoing or emerging malware campaigns that could target various sectors. European organizations relying on open-source intelligence for threat detection and response may benefit from integrating such IOCs to enhance situational awareness. The medium severity suggests a moderate risk, possibly indicating that the malware or associated campaigns could lead to data compromise, disruption, or unauthorized access if leveraged effectively by threat actors. The absence of known exploits in the wild reduces the immediate risk of widespread exploitation but does not preclude targeted attacks. Organizations in critical infrastructure, finance, healthcare, and government sectors in Europe should remain vigilant, as malware campaigns often aim at these high-value targets. The impact could include confidentiality breaches, integrity violations, or availability disruptions depending on the malware's capabilities, which are unspecified here.
Mitigation Recommendations
To mitigate risks associated with malware-related IOCs such as those shared by ThreatFox, European organizations should implement the following specific measures: 1) Integrate ThreatFox and similar OSINT feeds into Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enable automated detection of known IOCs. 2) Regularly update and tune detection rules to reduce false positives and improve detection accuracy based on the latest intelligence. 3) Conduct proactive threat hunting exercises using the shared IOCs to identify potential compromises early. 4) Enhance network segmentation and apply strict access controls to limit lateral movement if malware is detected. 5) Employ user behavior analytics to detect anomalies that may indicate malware activity, especially in the absence of direct IOC matches. 6) Maintain robust backup and recovery procedures to mitigate potential data loss or ransomware impacts. 7) Provide targeted cybersecurity awareness training focused on malware infection vectors relevant to the latest threat intelligence. These steps go beyond generic advice by emphasizing the operationalization of OSINT feeds and proactive detection strategies tailored to the nature of the shared intelligence.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- f75df5a2-15af-445c-8d76-9edc5a2ed60c
- Original Timestamp
- 1695686587
Indicators of Compromise
File
Value | Description | Copy |
---|---|---|
file45.135.128.195 | Remcos botnet C2 server (confidence level: 100%) | |
file54.198.73.201 | Sliver botnet C2 server (confidence level: 80%) | |
file104.194.11.69 | Bandit Stealer botnet C2 server (confidence level: 80%) | |
file13.57.55.155 | IcedID botnet C2 server (confidence level: 80%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file90.62.249.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file43.138.170.161 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file120.46.164.123 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file60.204.202.16 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file39.104.27.24 | IcedID botnet C2 server (confidence level: 80%) | |
file52.56.159.3 | Sliver botnet C2 server (confidence level: 80%) | |
file119.91.99.194 | DCRat botnet C2 server (confidence level: 80%) | |
file89.208.106.3 | BianLian botnet C2 server (confidence level: 80%) | |
file46.13.89.41 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file104.37.215.1 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file37.139.129.145 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file94.156.6.246 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file176.31.21.120 | Sliver botnet C2 server (confidence level: 80%) | |
file2.59.254.111 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file91.198.77.194 | Meterpreter botnet C2 server (confidence level: 80%) | |
file45.42.45.104 | Bandit Stealer botnet C2 server (confidence level: 80%) | |
file47.104.179.218 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file139.159.220.167 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file49.13.80.90 | Vidar botnet C2 server (confidence level: 100%) | |
file168.119.168.251 | Vidar botnet C2 server (confidence level: 100%) | |
file79.137.198.72 | Vidar botnet C2 server (confidence level: 100%) | |
file135.125.124.72 | Pikabot botnet C2 server (confidence level: 100%) | |
file45.182.189.107 | Pikabot botnet C2 server (confidence level: 100%) | |
file172.105.92.100 | Havoc botnet C2 server (confidence level: 50%) | |
file34.254.92.89 | Responder botnet C2 server (confidence level: 50%) | |
file162.33.177.145 | Unknown malware botnet C2 server (confidence level: 50%) | |
file23.94.28.187 | IRATA payload delivery server (confidence level: 100%) | |
file23.94.28.187 | IRATA payload delivery server (confidence level: 100%) | |
file185.132.125.121 | Unknown malware botnet C2 server (confidence level: 50%) | |
file49.12.8.157 | IRATA botnet C2 server (confidence level: 100%) | |
file49.12.8.157 | IRATA botnet C2 server (confidence level: 100%) | |
file109.248.206.83 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file3.79.95.174 | Sliver botnet C2 server (confidence level: 80%) | |
file176.123.4.46 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file185.206.95.12 | IRATA botnet C2 server (confidence level: 100%) | |
file185.206.95.12 | IRATA botnet C2 server (confidence level: 100%) | |
file37.221.67.161 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file194.169.175.229 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file124.248.66.140 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file124.248.66.139 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file134.255.254.224 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file140.143.167.227 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file65.21.177.234 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file123.99.200.175 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file62.234.35.139 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file74.133.86.50 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file62.234.33.152 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file5.104.84.227 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.17.0.246 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file103.38.236.46 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file74.133.86.50 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.221.67.3 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file198.44.165.77 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file101.42.137.105 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file103.108.66.216 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file222.211.73.251 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file123.99.200.153 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file103.42.31.180 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file198.44.184.40 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file49.232.230.111 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file135.181.226.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file154.53.45.95 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file101.34.3.12 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file103.42.31.134 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file124.248.66.144 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file65.21.177.234 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file135.181.255.143 | Meterpreter botnet C2 server (confidence level: 80%) | |
file104.168.135.171 | Meterpreter botnet C2 server (confidence level: 80%) | |
file45.86.163.114 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file5.181.80.131 | Ave Maria botnet C2 server (confidence level: 100%) | |
file50.114.203.104 | XWorm botnet C2 server (confidence level: 100%) | |
file159.69.11.30 | XWorm botnet C2 server (confidence level: 100%) | |
file81.67.181.238 | XWorm botnet C2 server (confidence level: 100%) | |
file191.101.130.18 | XWorm botnet C2 server (confidence level: 100%) | |
file141.98.6.196 | XWorm botnet C2 server (confidence level: 100%) | |
file154.53.51.233 | XWorm botnet C2 server (confidence level: 100%) | |
file23.106.215.7 | XWorm botnet C2 server (confidence level: 100%) | |
file88.11.59.100 | XWorm botnet C2 server (confidence level: 100%) | |
file114.132.56.13 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file118.195.147.172 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file185.225.75.68 | BitRAT botnet C2 server (confidence level: 100%) | |
file77.91.68.52 | Amadey botnet C2 server (confidence level: 50%) | |
file209.146.124.207 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file134.209.122.196 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.54.71.202 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file185.169.180.126 | Meterpreter botnet C2 server (confidence level: 80%) | |
file103.212.81.155 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file185.38.142.102 | Remcos botnet C2 server (confidence level: 75%) | |
file194.169.175.122 | RisePro botnet C2 server (confidence level: 100%) | |
file194.169.175.122 | RisePro botnet C2 server (confidence level: 100%) | |
file43.138.0.70 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file80.66.75.66 | Remcos botnet C2 server (confidence level: 100%) | |
file193.42.33.27 | Remcos botnet C2 server (confidence level: 100%) | |
file185.255.114.32 | Remcos botnet C2 server (confidence level: 100%) | |
file64.188.24.134 | Remcos botnet C2 server (confidence level: 100%) | |
file141.98.6.9 | Remcos botnet C2 server (confidence level: 100%) | |
file5.252.22.56 | Remcos botnet C2 server (confidence level: 100%) | |
file95.214.24.210 | Remcos botnet C2 server (confidence level: 100%) | |
file94.131.112.209 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file94.156.102.165 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file171.22.28.205 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file45.9.74.71 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file78.47.79.11 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file5.75.215.131 | Vidar botnet C2 server (confidence level: 100%) | |
file116.202.182.4 | Vidar botnet C2 server (confidence level: 100%) | |
file118.195.246.136 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file31.172.83.48 | Sliver botnet C2 server (confidence level: 80%) | |
file52.86.72.243 | Sliver botnet C2 server (confidence level: 80%) | |
file65.109.239.71 | Meterpreter botnet C2 server (confidence level: 80%) | |
file193.42.32.174 | Mirai botnet C2 server (confidence level: 75%) | |
file18.176.32.89 | Sliver botnet C2 server (confidence level: 80%) | |
file3.75.222.122 | Sliver botnet C2 server (confidence level: 80%) | |
file35.168.213.32 | Sliver botnet C2 server (confidence level: 80%) | |
file217.12.206.218 | RMS botnet C2 server (confidence level: 100%) | |
file31.147.205.87 | Sliver botnet C2 server (confidence level: 80%) | |
file210.90.168.176 | Get2 botnet C2 server (confidence level: 80%) | |
file172.104.205.113 | Unknown malware botnet C2 server (confidence level: 50%) | |
file3.234.128.163 | Unknown malware botnet C2 server (confidence level: 50%) | |
file146.190.67.179 | Havoc botnet C2 server (confidence level: 50%) | |
file16.170.217.78 | Havoc botnet C2 server (confidence level: 50%) | |
file37.120.239.175 | Havoc botnet C2 server (confidence level: 50%) | |
file3.253.126.198 | Responder botnet C2 server (confidence level: 50%) | |
file165.232.108.62 | Responder botnet C2 server (confidence level: 50%) | |
file175.178.249.249 | Unknown malware botnet C2 server (confidence level: 50%) | |
file121.36.105.186 | Unknown malware botnet C2 server (confidence level: 50%) | |
file123.249.87.1 | Unknown malware botnet C2 server (confidence level: 50%) | |
file178.238.184.127 | NjRAT botnet C2 server (confidence level: 100%) | |
file46.29.234.41 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file85.58.162.169 | N-W0rm botnet C2 server (confidence level: 100%) | |
file37.113.171.12 | N-W0rm botnet C2 server (confidence level: 100%) | |
file27.124.17.14 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file27.124.17.10 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file27.124.17.9 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Hash
Value | Description | Copy |
---|---|---|
hash8888 | Remcos botnet C2 server (confidence level: 100%) | |
hash8083 | Sliver botnet C2 server (confidence level: 80%) | |
hash8080 | Bandit Stealer botnet C2 server (confidence level: 80%) | |
hash443 | IcedID botnet C2 server (confidence level: 80%) | |
hash2550 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2551 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2552 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2553 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2554 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2555 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2556 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2557 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2558 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2559 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2560 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2561 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2562 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2563 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2564 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2565 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2566 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2567 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2568 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2569 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2570 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2571 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2572 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2573 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2574 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2575 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2576 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2577 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2578 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2579 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2580 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2581 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2582 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2583 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2584 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2585 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2586 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2587 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2588 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2589 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2590 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2591 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2592 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2593 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2594 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2595 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2596 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2597 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2598 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2599 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2600 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash9090 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash443 | IcedID botnet C2 server (confidence level: 80%) | |
hash2376 | Sliver botnet C2 server (confidence level: 80%) | |
hash8081 | DCRat botnet C2 server (confidence level: 80%) | |
hash443 | BianLian botnet C2 server (confidence level: 80%) | |
hash9999 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash5505 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash2376 | Sliver botnet C2 server (confidence level: 80%) | |
hash5500 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 80%) | |
hash8080 | Bandit Stealer botnet C2 server (confidence level: 80%) | |
hash2222 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash3412 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash10088 | Vidar botnet C2 server (confidence level: 100%) | |
hash80 | Vidar botnet C2 server (confidence level: 100%) | |
hash80 | Vidar botnet C2 server (confidence level: 100%) | |
hash2078 | Pikabot botnet C2 server (confidence level: 100%) | |
hash443 | Pikabot botnet C2 server (confidence level: 100%) | |
hashe13574c32fe93b854b94c0d5ca310c0a40a1c18aef61faa412bec5f2f10bf82a | IRATA payload (confidence level: 100%) | |
hash60db5d7cb8db0d94400ed62d305aaff06912b56957cfc51c061cf1ee3845ec03 | IRATA payload (confidence level: 100%) | |
hash8610f9d818e8f7fab8f361dc89dff0d9c68496bc7dd5f3f5b68637f4cb5be942 | IRATA payload (confidence level: 100%) | |
hashbcd49d63689ab0e80767eed27efe57665a8136605a275b81384a6411c5b60da6 | IRATA payload (confidence level: 100%) | |
hash40a3d933f7f77158ecc16c11e0d16f670122bfc2e4ecfb2913485a64287ae66a | IRATA payload (confidence level: 100%) | |
hash65564178702f6954291f635fd80dfef5 | IRATA payload (confidence level: 100%) | |
hashec39111f60fb5de68e7efeefdada41ee | IRATA payload (confidence level: 100%) | |
hash43b20600f1ad85d8c2e1e348f1b7e71f | IRATA payload (confidence level: 100%) | |
hash2678ce7e43d9ef7dd7e06d5feeea532e | IRATA payload (confidence level: 100%) | |
hashb3eeb84551d85f3794b871b36d45e98f | IRATA payload (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash445 | Responder botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | IRATA payload delivery server (confidence level: 100%) | |
hash443 | IRATA payload delivery server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash66b23d1f0c1f45d440ebe3e54d700f17 | IRATA payload (confidence level: 100%) | |
hash73d4a798035063283d904af930e6b4ff | IRATA payload (confidence level: 100%) | |
hash9d96eb1eeb898ff2c037fda8c3f40098 | IRATA payload (confidence level: 100%) | |
hasha7a6196c295a65dd87893c95d7b6e3bd | IRATA payload (confidence level: 100%) | |
hashfc0412ea141012536d3d16a35035d6bc | IRATA payload (confidence level: 100%) | |
hash420b20a7ad0d39394894200b0e5dce12 | IRATA payload (confidence level: 100%) | |
hash2762e34feff43dd42f1ec70f01f5a97f64cd8454a3a5c9275e97609f2cbd24c3 | IRATA payload (confidence level: 100%) | |
hashd8a1baff9f3bedc268fc275990b1f726c2167c5eb7486a7fe9a9bbd083b314b9 | IRATA payload (confidence level: 100%) | |
hashd9a2b09130185745a2c33f06c60baa4370c9beedf7ef7bf48302ebdf6c7d3652 | IRATA payload (confidence level: 100%) | |
hash57eea25086acef927ac427906ce9b59a88db3df4c624abb5804c3670af41d747 | IRATA payload (confidence level: 100%) | |
hashcbe97b320afe4430d356f07759f7e352a105c72a03cbbce1cc2ede5aeb436f74 | IRATA payload (confidence level: 100%) | |
hash059f40ff1b6e32a0d570af86ca466c7a05fd333274a6e04e81e2de0f5e655cbb | IRATA payload (confidence level: 100%) | |
hash80 | IRATA botnet C2 server (confidence level: 100%) | |
hash443 | IRATA botnet C2 server (confidence level: 100%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash2376 | Sliver botnet C2 server (confidence level: 80%) | |
hash33783 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash80 | IRATA botnet C2 server (confidence level: 100%) | |
hash443 | IRATA botnet C2 server (confidence level: 100%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash3214 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5631 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash3502 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6605 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash3593 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9905 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4848 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9904 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6630 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash49287 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8848 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9901 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 80%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 80%) | |
hash443 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash5200 | Ave Maria botnet C2 server (confidence level: 100%) | |
hash7909 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash9033 | XWorm botnet C2 server (confidence level: 100%) | |
hash8252 | XWorm botnet C2 server (confidence level: 100%) | |
hash7020 | XWorm botnet C2 server (confidence level: 100%) | |
hash8909 | XWorm botnet C2 server (confidence level: 100%) | |
hash7007 | XWorm botnet C2 server (confidence level: 100%) | |
hash8888 | XWorm botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash3569 | BitRAT botnet C2 server (confidence level: 100%) | |
hash80 | Amadey botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 80%) | |
hash47216 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash3107 | Remcos botnet C2 server (confidence level: 75%) | |
hash8081 | RisePro botnet C2 server (confidence level: 100%) | |
hash50500 | RisePro botnet C2 server (confidence level: 100%) | |
hash39649b0fc7239ab065f5ff778d877c28e32a4417b3417d0a59d70fa8c74ccbd8 | IRATA payload (confidence level: 100%) | |
hash52fcd774e288976961f5a845afb67e49 | IRATA payload (confidence level: 100%) | |
hashc0541c3f6bbba5bf7dc24ba55b9bcad559ee28a93f8ac3ccfa2b320049d29bf3 | IRATA payload (confidence level: 100%) | |
hashbf24fe7680868cf7443beea880b04e9e | IRATA payload (confidence level: 100%) | |
hash6666 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash92584a6157e429ed7bf38bc0c80ed510e69d02e7f5000d902fd3904711a584e8 | IRATA payload (confidence level: 100%) | |
hash5a579969f1b9de3a028409412cda104f | IRATA payload (confidence level: 100%) | |
hash3388 | Remcos botnet C2 server (confidence level: 100%) | |
hash5252 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash7044 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash9856 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash8181 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash80 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash80 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash1333 | Vidar botnet C2 server (confidence level: 100%) | |
hash80 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash2376 | Sliver botnet C2 server (confidence level: 80%) | |
hash8083 | Sliver botnet C2 server (confidence level: 80%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 80%) | |
hash9931 | Mirai botnet C2 server (confidence level: 75%) | |
hash2376 | Sliver botnet C2 server (confidence level: 80%) | |
hash2376 | Sliver botnet C2 server (confidence level: 80%) | |
hash8083 | Sliver botnet C2 server (confidence level: 80%) | |
hash5655 | RMS botnet C2 server (confidence level: 100%) | |
hash8081 | Sliver botnet C2 server (confidence level: 80%) | |
hash10443 | Get2 botnet C2 server (confidence level: 80%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash23450 | Havoc botnet C2 server (confidence level: 50%) | |
hash445 | Responder botnet C2 server (confidence level: 50%) | |
hash445 | Responder botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash1010 | NjRAT botnet C2 server (confidence level: 100%) | |
hash37689 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash36275 | N-W0rm botnet C2 server (confidence level: 100%) | |
hash11320 | N-W0rm botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Url
Value | Description | Copy |
---|---|---|
urlhttp://753139cl.nyashtop.top/videoserver.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://coldwinded.fun/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://gotham.community/stealer/api.php | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://office.aluminprodu.top/_errorpages/office/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://ffice.aluminprodu.top/_errorpages/office/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttp://zsin1.andrebadi.top/_errorpages/zsin1/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://168.119.168.251/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://49.13.80.90:10088/data.zip | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://168.119.168.251/data.zip | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://79.137.198.72/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://79.137.198.72/data.zip | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://iran-sah.fartit.com/saham.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttps://iran-sahm.fartit.com/saham.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttps://ed-iran.faqserv.com/app.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttps://ir-sahm.fartit.com/app.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttps://ed-ir.faqserv.com/saham.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttps://ir-saham.faqserv.com/saham.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttps://sahm-ir.faqserv.com/sahamedalat.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttps://iran-sa.faqserv.com/saham.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttp://185.216.71.207/_errorpages/305/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttps://iran-sahm.vizvaz.com/app.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttps://adl.authorizeddns.net/app.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttps://sadl.fartit.com/app.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttps://sa-iran.fartit.com/app.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttps://ed-sa.faqserv.com/app.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttps://adlut.faqserv.com/saham.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttps://ir-ed.otzo.com/app.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttps://sah-ir.fartit.com/saham.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttps://iran.fartit.com/app.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttp://china.dhabigroup.top/_errorpages/china/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://remotemake.xyz/api/ | IRATA botnet C2 (confidence level: 100%) | |
urlhttp://remotemake.xyz/api/-1001895340130 | IRATA botnet C2 (confidence level: 100%) | |
urlhttp://remotemake.xyz/upload/ | IRATA botnet C2 (confidence level: 100%) | |
urlhttp://remotemake.xyz/config/-1001895340130 | IRATA botnet C2 (confidence level: 100%) | |
urlhttp://remotemake.xyz/ | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://ed-iran.faqserv.com/rat.php | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://ssd-vip.website/mamad/log.php | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://194.169.175.233:8081/login | RisePro botnet C2 (confidence level: 100%) | |
urlhttps://ssd-vip.website/mamad | IRATA botnet C2 (confidence level: 100%) | |
urlhttp://194.169.175.122:8081/login | RisePro botnet C2 (confidence level: 100%) | |
urlhttp://194.169.175.124:8081/login | RisePro botnet C2 (confidence level: 100%) | |
urlhttps://ssd-vip.website/morf/log.php | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://ssd-vip.website/morf/web.txt | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://ed-sa.faqserv.com/app.php | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://ssd-vip.website/loc/web.txt | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://ssd-vip.website/loc | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://adlut.faqserv.com/in.php | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://sah-ir.fartit.com/in.php | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://ssd-vip.website/arsalan/web.txt | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://ssd-vip.website/arsalan/log.php | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://ssd-vip.website/arsalan | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://fcmbroker.info/ | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://featchaddress.lat/ami/ami.php | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://featchaddress.lat/ami/ami.php?h= | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://featchaddress.lat/ami | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://fcmbroker.info/ami/strawberry.php | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://fcmbroker.info/ami | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://fcmbroker.info/ami/grape.php | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://139.155.154.67/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://45.11.46.50/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://36.110.138.149/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://8.130.128.97:8080/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://cegbqbq.net/single.php | TeamSpy botnet C2 (confidence level: 100%) | |
urlhttp://91.103.253.18/1655d0b0e8ecab2d.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttps://lkcagar.com/link/style_images/syrp78gog0w | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://43.138.170.161/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://118.195.147.172/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://corporateupdates.info/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://134.209.122.196/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://165.227.45.0/front/webmail/keep-connected | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://81.218.45.223:8848 | DCRat botnet C2 (confidence level: 75%) | |
urlhttp://alimatata.topendpower.top/_errorpages/alimatata/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttp://65.109.2.42/ | RecordBreaker botnet C2 (confidence level: 100%) | |
urlhttps://raw.githubusercontent.com/mmmi9w9w0q01/s/main/ami.json | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://raw.githubusercontent.com/mmmi9w9w0q01/s/main | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://raw.githubusercontent.com/mmmi9w9w0q01 | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://keltek.co.uk/comments.php | GootLoader payload delivery URL (confidence level: 100%) | |
urlhttps://kendalwills.co.uk/comments.php | GootLoader payload delivery URL (confidence level: 100%) | |
urlhttps://kizys.net/comments.php | GootLoader payload delivery URL (confidence level: 100%) | |
urlhttps://remote.helloworld.market/api/-1001228456341 | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://remote.helloworld.market/api/ | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://remote.helloworld.market | IRATA botnet C2 (confidence level: 100%) | |
urlhttp://5.75.215.131:1333/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://5.75.215.131:1333/temp.zip | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://steamcommunity.com/profiles/76561199555780195 | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://t.me/solonichat | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://116.202.182.4/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://116.202.182.4/temp.zip | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://39.104.81.101:7777/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://94.131.3.70/ | Raccoon botnet C2 (confidence level: 100%) | |
urlhttp://83.217.11.11/ | Raccoon botnet C2 (confidence level: 100%) | |
urlhttp://91.103.253.2/f12a1b41d18876b0.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://92.63.101.56/php/central7mariadb/poll/flower1/gameasync/generatorimagegame/78low/7/tempsecure3/processorbigload.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://362764cm.nyashnyash.top/nyashsupport.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://27.124.17.9/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://dlx.ti-instruments.com/qrc.css | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://corporateupdates.info/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://134.209.122.196/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://178.20.47.114/ | RecordBreaker botnet C2 (confidence level: 100%) | |
urlhttp://121.5.22.133:21786/hy4h | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://157.90.161.111:8086/ | RecordBreaker botnet C2 (confidence level: 100%) |
Domain
Value | Description | Copy |
---|---|---|
domainhomesafe1000.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domainweb.sunvn.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaincasino-within.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaingo-bean.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmicrosoft-virtualpc.duckdns.org | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainweeks-nine.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainsupply-dressing.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainbuy-positioning.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaindonbaguette-43001.portmap.io | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaineain-63347.portmap.io | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainshort-rough.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainiran-sah.fartit.com | IRATA payload delivery domain (confidence level: 100%) | |
domainiran-sahm.fartit.com | IRATA payload delivery domain (confidence level: 100%) | |
domained-iran.faqserv.com | IRATA payload delivery domain (confidence level: 100%) | |
domainir-sahm.fartit.com | IRATA payload delivery domain (confidence level: 100%) | |
domained-ir.faqserv.com | IRATA payload delivery domain (confidence level: 100%) | |
domainir-saham.faqserv.com | IRATA payload delivery domain (confidence level: 100%) | |
domainsahm-ir.faqserv.com | IRATA payload delivery domain (confidence level: 100%) | |
domainiran-sa.faqserv.com | IRATA payload delivery domain (confidence level: 100%) | |
domainrimoteu.dns2.us | IRATA botnet C2 domain (confidence level: 100%) | |
domainadl-it.otzo.com | IRATA payload delivery domain (confidence level: 100%) | |
domainsahammn.iownyour.org | IRATA payload delivery domain (confidence level: 100%) | |
domainadlirn.otzo.com | IRATA payload delivery domain (confidence level: 100%) | |
domainadliraq.qpoe.com | IRATA payload delivery domain (confidence level: 100%) | |
domainadliiu.mynetav.org | IRATA payload delivery domain (confidence level: 100%) | |
domainadliolj.jkub.com | IRATA payload delivery domain (confidence level: 100%) | |
domainea.dns04.com | IRATA payload delivery domain (confidence level: 100%) | |
domainrimotet.wwwhost.biz | IRATA payload delivery domain (confidence level: 100%) | |
domainadla.dns05.com | IRATA payload delivery domain (confidence level: 100%) | |
domainllllllige.zzux.com | IRATA payload delivery domain (confidence level: 100%) | |
domainadlelk.mynetav.org | IRATA payload delivery domain (confidence level: 100%) | |
domainir-sahm.jetos.com | IRATA payload delivery domain (confidence level: 100%) | |
domainadlio.got-game.org | IRATA payload delivery domain (confidence level: 100%) | |
domainad-tsm.vizvaz.com | IRATA payload delivery domain (confidence level: 100%) | |
domainadloio.iownyour.org | IRATA payload delivery domain (confidence level: 100%) | |
domainsaham.instanthq.com | IRATA payload delivery domain (confidence level: 100%) | |
domainadleha.iownyour.org | IRATA payload delivery domain (confidence level: 100%) | |
domaines.dnsrd.com | IRATA payload delivery domain (confidence level: 100%) | |
domainadlirjh.instanthq.com | IRATA payload delivery domain (confidence level: 100%) | |
domainadlilr.qhigh.com | IRATA payload delivery domain (confidence level: 100%) | |
domainadlhds.wikaba.com | IRATA payload delivery domain (confidence level: 100%) | |
domainadlel.trickip.org | IRATA payload delivery domain (confidence level: 100%) | |
domaineblagh.wikaba.com | IRATA payload delivery domain (confidence level: 100%) | |
domainadlirn.dnsrd.com | IRATA payload delivery domain (confidence level: 100%) | |
domainad-te.faqserv.com | IRATA payload delivery domain (confidence level: 100%) | |
domainea.gettrials.com | IRATA payload delivery domain (confidence level: 100%) | |
domainiran-sahm.vizvaz.com | IRATA payload delivery domain (confidence level: 100%) | |
domainadl.authorizeddns.net | IRATA payload delivery domain (confidence level: 100%) | |
domainsadl.fartit.com | IRATA payload delivery domain (confidence level: 100%) | |
domainsa-iran.fartit.com | IRATA payload delivery domain (confidence level: 100%) | |
domained-sa.faqserv.com | IRATA payload delivery domain (confidence level: 100%) | |
domainadlut.faqserv.com | IRATA payload delivery domain (confidence level: 100%) | |
domainir-ed.otzo.com | IRATA payload delivery domain (confidence level: 100%) | |
domainsah-ir.fartit.com | IRATA payload delivery domain (confidence level: 100%) | |
domainiran.fartit.com | IRATA payload delivery domain (confidence level: 100%) | |
domainremotemake.xyz | IRATA botnet C2 domain (confidence level: 100%) | |
domainfcmbroker.info | IRATA botnet C2 domain (confidence level: 100%) | |
domainfeatchaddress.lat | IRATA botnet C2 domain (confidence level: 100%) | |
domainpopo01.mywire.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainriewoti.work.gd | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainiroexjds.work.gd | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaindonelpacino.ddns.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainlist-slow.gl.at.ply.gg | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainwpe.mysynology.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaintrx05.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainerorr2.webhop.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainde2.localto.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainewoiutz9dt9bzo89tz.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainsaefigozower.fun | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainnon.accesscam.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainviper34.servebbs.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainslim1.thruhere.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainwebwhatsapp.cc | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainsdfubuzoeoeiv.top | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaintelachapesu.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainesteesparahoy.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainnbnf43456httpshost.online | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainseuriouhvhusr.cn | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaincapitalizerutc.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainsec.estimate.top | RedLine Stealer botnet C2 domain (confidence level: 100%) | |
domainyoutubevideos.ddns.net | XWorm botnet C2 domain (confidence level: 100%) | |
domainchikes17.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domainsoon-lp.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainxvskill.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domaingraxe239-61522.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domaincopy-marco.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainatelilian99.ddns.net | XWorm botnet C2 domain (confidence level: 100%) | |
domaingarden-event.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainxyoptotway.work.gd | XWorm botnet C2 domain (confidence level: 100%) | |
domainfloptuytonroyem.sytes.net | XWorm botnet C2 domain (confidence level: 100%) | |
domainlkcagar.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaincorporateupdates.info | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainoffice.aluminprodu.top | Loki Password Stealer (PWS) botnet C2 domain (confidence level: 50%) | |
domainzsin1.andrebadi.top | Loki Password Stealer (PWS) botnet C2 domain (confidence level: 50%) | |
domainchina.dhabigroup.top | Loki Password Stealer (PWS) botnet C2 domain (confidence level: 50%) | |
domainalimatata.topendpower.top | Loki Password Stealer (PWS) botnet C2 domain (confidence level: 50%) | |
domainchestedband.org | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainwedhstinwell.online | Remcos botnet C2 domain (confidence level: 100%) | |
domaincomico.con-ip.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainclaudiabetancurlora09.con-ip.com | Remcos botnet C2 domain (confidence level: 100%) | |
domaincascada.con-ip.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainvanidad.con-ip.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainremsmart.hopto.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainfgndibsvisdviree.con-ip.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainremcostest.ddns.net | Remcos botnet C2 domain (confidence level: 100%) | |
domaindsoiuhvciosdjncoshvibd.con-ip.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainwwwwwwwwww.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainpuerta1.con-ip.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainifdhbodfijvoidsjvpfdpfijh.con-ip.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainbliv.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainalvaritospamlamu.con-ip.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainbrian0627.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainremote.helloworld.market | IRATA botnet C2 domain (confidence level: 100%) | |
domainhelloworld.market | IRATA botnet C2 domain (confidence level: 100%) | |
domaindlx.ti-instruments.com | Cobalt Strike botnet C2 domain (confidence level: 100%) |
Threat ID: 682acdc4bbaf20d303f269e1
Added to database: 5/19/2025, 6:20:52 AM
Last enriched: 6/18/2025, 7:35:55 AM
Last updated: 8/18/2025, 9:59:30 PM
Views: 10
Related Threats
ThreatFox IOCs for 2025-08-18
MediumFake ChatGPT Desktop App Delivering PipeMagic Backdoor, Microsoft
MediumPhishing Scam with Fake Copyright Notices Drops New Noodlophile Stealer Variant
MediumThreatFox IOCs for 2025-08-17
MediumThreatFox IOCs for 2025-08-16
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.