Skip to main content

ThreatFox IOCs for 2023-10-18

Medium
Published: Wed Oct 18 2023 (10/18/2023, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2023-10-18

AI-Powered Analysis

AILast updated: 06/19/2025, 13:49:10 UTC

Technical Analysis

The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2023-10-18 by ThreatFox, a platform specializing in sharing threat intelligence data. The threat is categorized as malware-related OSINT (Open Source Intelligence) data, but no specific malware family, variant, or attack vector is detailed. The technical details indicate a low to medium threat level (threatLevel: 2 on an unspecified scale), with moderate distribution (distribution: 3) and minimal analysis (analysis: 1), suggesting that the data may be preliminary or limited in scope. There are no affected product versions, no known exploits in the wild, and no patch links provided, indicating that this is likely a collection of IOCs rather than a newly discovered vulnerability or exploit. The absence of CWEs (Common Weakness Enumerations) and the lack of specific technical indicators such as file hashes, IP addresses, or domains further limit the granularity of this threat intelligence. The tags indicate that this is OSINT data with a TLP (Traffic Light Protocol) of white, meaning it is intended for public sharing without restrictions. Overall, this threat intelligence entry appears to be a general update or compilation of malware-related IOCs rather than a detailed report on a specific active threat or vulnerability.

Potential Impact

Given the lack of detailed technical information, no specific malware strain, or exploit mechanism, the direct impact on European organizations is difficult to quantify. However, as this is a malware-related IOC update, it could potentially aid defenders in identifying and mitigating malware infections if these IOCs are integrated into detection systems. The medium severity rating suggests that while the threat is not currently critical, it warrants attention to prevent potential compromise. European organizations that rely heavily on OSINT feeds for threat detection could benefit from incorporating these IOCs to enhance their situational awareness. Without known exploits in the wild or specific affected products, the immediate risk of widespread disruption or data loss is low. However, failure to update detection capabilities with these IOCs could allow malware infections to persist undetected, potentially impacting confidentiality, integrity, or availability over time.

Mitigation Recommendations

1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities. 2. Regularly update threat intelligence feeds, including ThreatFox and other OSINT sources, to maintain current awareness of emerging threats. 3. Conduct periodic threat hunting exercises using these IOCs to identify any latent infections or suspicious activities within the network. 4. Enhance network segmentation and monitoring to limit the lateral movement of malware should an infection occur. 5. Educate security teams on interpreting and operationalizing OSINT data effectively, ensuring that low-level threat intelligence is not overlooked. 6. Since no patches or specific vulnerabilities are identified, focus on maintaining robust general cybersecurity hygiene, including timely software updates, strong access controls, and user awareness training. 7. Collaborate with national and European cybersecurity centers to share insights and validate the relevance of these IOCs within local threat landscapes.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
f06bf268-2d40-41ee-8486-ecec614852a0
Original Timestamp
1697673786

Indicators of Compromise

File

ValueDescriptionCopy
file185.254.37.67
RedLine Stealer botnet C2 server (confidence level: 100%)
file38.242.220.166
Kaiji botnet C2 server (confidence level: 100%)
file91.103.253.6
RedLine Stealer botnet C2 server (confidence level: 100%)
file66.29.130.171
BianLian botnet C2 server (confidence level: 80%)
file105.158.135.238
NjRAT botnet C2 server (confidence level: 100%)
file174.138.126.39
Meterpreter payload delivery server (confidence level: 100%)
file185.73.182.252
Meterpreter botnet C2 server (confidence level: 80%)
file130.51.20.136
Havoc botnet C2 server (confidence level: 100%)
file89.147.111.205
Havoc botnet C2 server (confidence level: 100%)
file46.246.12.9
AsyncRAT botnet C2 server (confidence level: 100%)
file62.106.84.211
AsyncRAT botnet C2 server (confidence level: 100%)
file62.106.84.214
AsyncRAT botnet C2 server (confidence level: 100%)
file62.106.84.213
AsyncRAT botnet C2 server (confidence level: 100%)
file62.106.84.213
AsyncRAT botnet C2 server (confidence level: 100%)
file185.81.157.242
AsyncRAT botnet C2 server (confidence level: 100%)
file185.241.208.21
AsyncRAT botnet C2 server (confidence level: 100%)
file62.106.84.212
AsyncRAT botnet C2 server (confidence level: 100%)
file62.106.84.212
AsyncRAT botnet C2 server (confidence level: 100%)
file62.106.84.212
AsyncRAT botnet C2 server (confidence level: 100%)
file45.152.70.133
Quasar RAT botnet C2 server (confidence level: 100%)
file107.148.73.100
Quasar RAT botnet C2 server (confidence level: 100%)
file20.122.16.244
Unknown malware botnet C2 server (confidence level: 100%)
file119.45.139.141
Unknown malware botnet C2 server (confidence level: 100%)
file23.106.215.199
Nimplant botnet C2 server (confidence level: 100%)
file124.221.19.209
Cobalt Strike botnet C2 server (confidence level: 100%)
file75.119.129.17
Cobalt Strike botnet C2 server (confidence level: 100%)
file146.56.244.231
Cobalt Strike botnet C2 server (confidence level: 100%)
file85.31.224.84
Cobalt Strike botnet C2 server (confidence level: 100%)
file75.101.181.190
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.44.246.120
Cobalt Strike botnet C2 server (confidence level: 100%)
file94.156.6.67
Cobalt Strike botnet C2 server (confidence level: 100%)
file1.117.79.251
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.98.248.78
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.136.101.223
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.136.101.223
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.132.173.198
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.132.173.198
Cobalt Strike botnet C2 server (confidence level: 100%)
file14.107.43.160
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.97.222.10
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.134.109.120
Cobalt Strike botnet C2 server (confidence level: 100%)
file165.227.160.156
Cobalt Strike botnet C2 server (confidence level: 100%)
file104.131.3.3
Cobalt Strike botnet C2 server (confidence level: 80%)
file88.99.105.150
RedLine Stealer botnet C2 server (confidence level: 100%)
file115.236.153.170
Ghost RAT botnet C2 server (confidence level: 100%)
file194.147.140.158
Remcos botnet C2 server (confidence level: 100%)
file85.239.54.142
BianLian botnet C2 server (confidence level: 80%)
file80.76.51.172
Remcos botnet C2 server (confidence level: 100%)
file222.204.197.11
Deimos botnet C2 server (confidence level: 50%)
file122.226.191.252
BianLian botnet C2 server (confidence level: 50%)
file13.53.84.163
Havoc botnet C2 server (confidence level: 50%)
file83.110.90.112
QakBot botnet C2 server (confidence level: 50%)
file2.50.12.182
QakBot botnet C2 server (confidence level: 50%)
file197.94.65.252
QakBot botnet C2 server (confidence level: 50%)
file142.154.9.27
QakBot botnet C2 server (confidence level: 50%)
file31.190.65.248
QakBot botnet C2 server (confidence level: 50%)
file105.159.11.243
QakBot botnet C2 server (confidence level: 50%)
file86.98.20.248
QakBot botnet C2 server (confidence level: 50%)
file45.62.69.188
QakBot botnet C2 server (confidence level: 50%)
file105.108.34.102
QakBot botnet C2 server (confidence level: 50%)
file91.215.85.216
Pikabot botnet C2 server (confidence level: 50%)
file91.215.85.154
Pikabot botnet C2 server (confidence level: 50%)
file91.215.85.197
Pikabot botnet C2 server (confidence level: 50%)
file94.156.6.176
RedLine Stealer botnet C2 server (confidence level: 100%)
file167.88.166.109
Cobalt Strike botnet C2 server (confidence level: 100%)
file5.75.212.77
Vidar botnet C2 server (confidence level: 100%)
file116.203.14.160
Vidar botnet C2 server (confidence level: 100%)
file139.59.113.146
Meterpreter botnet C2 server (confidence level: 100%)
file45.32.253.112
Cobalt Strike botnet C2 server (confidence level: 100%)
file194.165.17.9
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.138.30.109
Cobalt Strike botnet C2 server (confidence level: 80%)
file123.207.20.16
Cobalt Strike botnet C2 server (confidence level: 80%)
file3.6.30.85
Nanocore RAT botnet C2 server (confidence level: 100%)
file3.6.115.64
Nanocore RAT botnet C2 server (confidence level: 100%)
file171.22.28.214
AsyncRAT botnet C2 server (confidence level: 75%)
file62.76.234.94
Meterpreter botnet C2 server (confidence level: 80%)
file171.22.28.236
RedLine Stealer botnet C2 server (confidence level: 100%)
file45.12.253.39
Havoc botnet C2 server (confidence level: 100%)
file103.212.81.159
AsyncRAT botnet C2 server (confidence level: 100%)
file185.81.157.242
AsyncRAT botnet C2 server (confidence level: 100%)
file62.106.84.213
AsyncRAT botnet C2 server (confidence level: 100%)
file139.180.143.130
Quasar RAT botnet C2 server (confidence level: 100%)
file140.143.147.47
Unknown malware botnet C2 server (confidence level: 100%)
file111.230.242.229
Unknown malware botnet C2 server (confidence level: 100%)
file47.97.182.145
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.43.12.111
Cobalt Strike botnet C2 server (confidence level: 100%)
file150.158.3.116
Cobalt Strike botnet C2 server (confidence level: 100%)
file222.161.72.245
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.94.110.67
Cobalt Strike botnet C2 server (confidence level: 100%)
file36.134.105.114
Cobalt Strike botnet C2 server (confidence level: 100%)
file198.44.167.49
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.76.160.245
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.109.86.166
Cobalt Strike botnet C2 server (confidence level: 100%)
file111.229.88.209
Cobalt Strike botnet C2 server (confidence level: 100%)
file116.205.177.123
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.210.143.243
Cobalt Strike botnet C2 server (confidence level: 100%)
file110.40.142.251
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.161.209.39
Cobalt Strike botnet C2 server (confidence level: 100%)
file51.12.219.34
Cobalt Strike botnet C2 server (confidence level: 100%)
file162.14.79.219
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.207.39.2
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.92.81.124
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.92.81.124
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.54.23.54
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.55.99.210
Cobalt Strike botnet C2 server (confidence level: 100%)
file165.154.174.166
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.138.188.41
Cobalt Strike botnet C2 server (confidence level: 100%)
file182.254.220.88
Cobalt Strike botnet C2 server (confidence level: 100%)
file2.57.122.125
Cobalt Strike botnet C2 server (confidence level: 100%)
file60.204.175.6
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.32.109.253
Cobalt Strike botnet C2 server (confidence level: 100%)
file212.60.5.129
Cobalt Strike botnet C2 server (confidence level: 100%)
file212.60.5.129
Cobalt Strike botnet C2 server (confidence level: 100%)
file109.248.206.138
ClearFake payload delivery server (confidence level: 100%)
file91.223.82.25
Meterpreter botnet C2 server (confidence level: 80%)
file4.227.237.188
RedLine Stealer botnet C2 server (confidence level: 100%)
file137.184.84.90
Havoc botnet C2 server (confidence level: 100%)
file185.235.138.63
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.130.32.145
Cobalt Strike botnet C2 server (confidence level: 100%)
file113.207.105.147
Cobalt Strike botnet C2 server (confidence level: 100%)
file81.161.229.3
SpyNote botnet C2 server (confidence level: 100%)
file81.161.229.171
Remcos botnet C2 server (confidence level: 100%)
file193.104.222.97
Quasar RAT botnet C2 server (confidence level: 100%)
file43.139.249.124
Unknown malware botnet C2 server (confidence level: 100%)
file101.43.85.19
Cobalt Strike botnet C2 server (confidence level: 100%)
file3.76.127.43
Cobalt Strike botnet C2 server (confidence level: 80%)
file8.134.143.140
Meterpreter botnet C2 server (confidence level: 80%)
file139.28.219.36
Remcos botnet C2 server (confidence level: 75%)
file80.76.51.172
Remcos botnet C2 server (confidence level: 75%)
file36.139.110.159
Cobalt Strike botnet C2 server (confidence level: 100%)
file3.144.169.164
Cobalt Strike botnet C2 server (confidence level: 100%)
file18.223.190.169
Cobalt Strike botnet C2 server (confidence level: 100%)
file168.119.126.250
RedLine Stealer botnet C2 server (confidence level: 100%)
file20.211.121.138
AsyncRAT botnet C2 server (confidence level: 75%)
file117.50.188.222
Cobalt Strike botnet C2 server (confidence level: 80%)
file120.79.64.164
Cobalt Strike botnet C2 server (confidence level: 80%)
file137.184.96.202
Sliver botnet C2 server (confidence level: 50%)
file138.68.174.88
Havoc botnet C2 server (confidence level: 50%)
file96.246.147.170
QakBot botnet C2 server (confidence level: 50%)
file79.131.122.127
QakBot botnet C2 server (confidence level: 50%)
file189.253.244.43
QakBot botnet C2 server (confidence level: 50%)
file41.227.176.35
QakBot botnet C2 server (confidence level: 50%)
file197.14.206.120
QakBot botnet C2 server (confidence level: 50%)
file105.224.21.104
QakBot botnet C2 server (confidence level: 50%)
file197.2.248.252
QakBot botnet C2 server (confidence level: 50%)
file185.17.105.225
QakBot botnet C2 server (confidence level: 50%)
file187.170.228.252
QakBot botnet C2 server (confidence level: 50%)
file20.199.45.15
DCRat botnet C2 server (confidence level: 50%)
file141.147.190.108
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.132.173.198
Cobalt Strike botnet C2 server (confidence level: 80%)
file64.69.37.203
Cobalt Strike botnet C2 server (confidence level: 80%)
file193.42.36.243
IcedID botnet C2 server (confidence level: 75%)
file91.235.234.249
IcedID botnet C2 server (confidence level: 75%)
file193.168.141.167
IcedID botnet C2 server (confidence level: 75%)
file111.231.8.80
Cobalt Strike botnet C2 server (confidence level: 100%)
file139.159.196.229
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.22.153.4
Cobalt Strike botnet C2 server (confidence level: 100%)
file119.91.216.63
Sliver botnet C2 server (confidence level: 90%)
file121.196.202.174
Cobalt Strike botnet C2 server (confidence level: 100%)
file150.158.139.244
Cobalt Strike botnet C2 server (confidence level: 80%)

Hash

ValueDescriptionCopy
hash20454
RedLine Stealer botnet C2 server (confidence level: 100%)
hash9012
Kaiji botnet C2 server (confidence level: 100%)
hash22884
RedLine Stealer botnet C2 server (confidence level: 100%)
hash443
BianLian botnet C2 server (confidence level: 80%)
hash5552
NjRAT botnet C2 server (confidence level: 100%)
hash80
Meterpreter payload delivery server (confidence level: 100%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash5900
Havoc botnet C2 server (confidence level: 100%)
hash4443
Havoc botnet C2 server (confidence level: 100%)
hash2000
AsyncRAT botnet C2 server (confidence level: 100%)
hash4444
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash888
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash4444
AsyncRAT botnet C2 server (confidence level: 100%)
hash2096
Quasar RAT botnet C2 server (confidence level: 100%)
hash8880
Quasar RAT botnet C2 server (confidence level: 100%)
hash22533
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Nimplant botnet C2 server (confidence level: 100%)
hash8083
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8085
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1234
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8066
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash49020
Cobalt Strike botnet C2 server (confidence level: 100%)
hash60443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2323
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 80%)
hashc9ba4702695baa9a7cef0bab24994ef09b9ed8783fdff184cf2b33c43dfcb823
IRATA payload (confidence level: 100%)
hash411bd54a04b5763abf970f0d53c681722647f013d7e35df7d27599375d38b62a
IRATA payload (confidence level: 100%)
hashcf5e3005ceb49bc813f98f3fe16a6c7c83cf3890bd24e7e4dbd9eaf105b958ba
IRATA payload (confidence level: 100%)
hashb47b9da0c4cae61ba00501e20c26fcac0b3df0bc106376750a37a849fc22d8e7
IRATA payload (confidence level: 100%)
hash375ea6f1414af28c9b91d6657ea18394995f0f3b35e935c895bb0dbdfe3f6a4a
IRATA payload (confidence level: 100%)
hash50e1adbf7c5877392ca594f264e38e7e
IRATA payload (confidence level: 100%)
hash6b4a0b7e60b2c9d968dabd0af8f184a9
IRATA payload (confidence level: 100%)
hash7f306786f249b6a8fe7046167a7407a3
IRATA payload (confidence level: 100%)
hashce1b9015e5d9dadeb2d69625108233de
IRATA payload (confidence level: 100%)
hashbdae330fdb84037c9f942e1daae0bd35
IRATA payload (confidence level: 100%)
hash44845
RedLine Stealer botnet C2 server (confidence level: 100%)
hash32592
Ghost RAT botnet C2 server (confidence level: 100%)
hash1997
Remcos botnet C2 server (confidence level: 100%)
hash7443
BianLian botnet C2 server (confidence level: 80%)
hash8787
Remcos botnet C2 server (confidence level: 100%)
hash10250
Deimos botnet C2 server (confidence level: 50%)
hash8443
BianLian botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash995
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash993
QakBot botnet C2 server (confidence level: 50%)
hash443
Pikabot botnet C2 server (confidence level: 50%)
hash443
Pikabot botnet C2 server (confidence level: 50%)
hash443
Pikabot botnet C2 server (confidence level: 50%)
hash8948
RedLine Stealer botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Vidar botnet C2 server (confidence level: 100%)
hash7070
Vidar botnet C2 server (confidence level: 100%)
hash13337
Meterpreter botnet C2 server (confidence level: 100%)
hash2086
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 80%)
hash7777
Cobalt Strike botnet C2 server (confidence level: 80%)
hash18792
Nanocore RAT botnet C2 server (confidence level: 100%)
hash18792
Nanocore RAT botnet C2 server (confidence level: 100%)
hash4404
AsyncRAT botnet C2 server (confidence level: 75%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash38306
RedLine Stealer botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash1997
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash4444
AsyncRAT botnet C2 server (confidence level: 100%)
hash8080
Quasar RAT botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash50001
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8088
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8090
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2083
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
ClearFake payload delivery server (confidence level: 100%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hashe9149910eaef598b5d45ce40caedc1a6
RedLine Stealer payload (confidence level: 100%)
hash30011
RedLine Stealer botnet C2 server (confidence level: 100%)
hash7e6732ed4f9003c9be3cdd6e7df85aff0c8cb9ae72ae671ac79dcedc850d9f91
RedLine Stealer payload (confidence level: 100%)
hash0dad0fe0f41afa1c027cc14d62d68375d16b9663ae9bd45c50851580e295be63
RedLine Stealer payload (confidence level: 100%)
hash33a32e82f674b5ad687f48496c8eef30
RedLine Stealer payload (confidence level: 100%)
hash02531b3e37c59df6afcc6978ca9e09fcddcaab956d721ef88e29d6cd5dfea163
RedLine Stealer payload (confidence level: 100%)
hash9666750f0d0de6b13f061dabc8d1836584b85dbc2dd588e2b008d7df39d9de23
Unknown malware payload (confidence level: 50%)
hash6a81bbe6475001cbcdbce6e397d60e5274229caf9ee2faaf501cdd0ac248e13b
RedLine Stealer payload (confidence level: 100%)
hash4e26c306074616ab2bc750371f79d8cb
RedLine Stealer payload (confidence level: 100%)
hash394af4f545778ca216e5f6a435a770cb
Lumma Stealer payload (confidence level: 100%)
hashfffe8df11eb2178e162a7d1eb1e4837f565f4372828cfc767c91d1f94a401233
Lumma Stealer payload (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash50051
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash0843a128cf164e945e6b99bda50a7bdb2a57b82b65965190f8d3620d4a8cfa2c
Unknown malware payload (confidence level: 50%)
hash7771
SpyNote botnet C2 server (confidence level: 100%)
hash07821bfa4ea47ee283c6f13c94792055
Lumma Stealer payload (confidence level: 100%)
hashdfe7d6ca0194afdf1d17ef120723352f18cf3c464e5c161588096a238021c249
Lumma Stealer payload (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash443
Quasar RAT botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8090
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 80%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash51147
Remcos botnet C2 server (confidence level: 75%)
hash8087
Remcos botnet C2 server (confidence level: 75%)
hash7734112c74307022f1939668339f38e0e757d991b9ce3509c89e8e85774c4441
RedLine Stealer payload (confidence level: 100%)
hash0210747a4cf25baa86731b54f5f8913b70c6f9c9c315dc566c965418d4c97f68
RedLine Stealer payload (confidence level: 100%)
hashe3ffed621eaefd88549035f5efe89c39b827d360a0381d369c1d6305d6da1fc1
RedLine Stealer payload (confidence level: 100%)
hash53
Cobalt Strike botnet C2 server (confidence level: 100%)
hash53
Cobalt Strike botnet C2 server (confidence level: 100%)
hash53
Cobalt Strike botnet C2 server (confidence level: 100%)
hash19180
RedLine Stealer botnet C2 server (confidence level: 100%)
hash4449
AsyncRAT botnet C2 server (confidence level: 75%)
hash168e4c688eaa40170558b9a566dd4d18
IRATA payload (confidence level: 100%)
hash7f4db682f0254e14ce0509e0172869b1
IRATA payload (confidence level: 100%)
hashd15617225cb6bad4e423c5cfd2b05043
IRATA payload (confidence level: 100%)
hash38747004dbfc099701d03c3f1ee3e995783a33440bae2c95c8f734681988edac
IRATA payload (confidence level: 100%)
hash8292edb44cbcccfd86e0b796ffbdc87f47a986c4572536d1ff09062b8dc1e7c3
IRATA payload (confidence level: 100%)
hash92e06366f6ad1b7670a20fe323a36bca66fc851d09996771150421adac262a39
IRATA payload (confidence level: 100%)
hash1433
Cobalt Strike botnet C2 server (confidence level: 80%)
hash8090
Cobalt Strike botnet C2 server (confidence level: 80%)
hash443
Sliver botnet C2 server (confidence level: 50%)
hash40056
Havoc botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash2222
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash995
QakBot botnet C2 server (confidence level: 50%)
hash8848
DCRat botnet C2 server (confidence level: 50%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4443
Cobalt Strike botnet C2 server (confidence level: 80%)
hash55554
Cobalt Strike botnet C2 server (confidence level: 80%)
hash80
IcedID botnet C2 server (confidence level: 75%)
hash80
IcedID botnet C2 server (confidence level: 75%)
hash80
IcedID botnet C2 server (confidence level: 75%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4431
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash31337
Sliver botnet C2 server (confidence level: 90%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4321
Cobalt Strike botnet C2 server (confidence level: 80%)

Domain

ValueDescriptionCopy
domainrockwellroyalhomes.com
Kaiji botnet C2 domain (confidence level: 100%)
domainbabyeonb.cc
SpyNote payload delivery domain (confidence level: 100%)
domainimoneymy.com
SpyNote payload delivery domain (confidence level: 100%)
domainnima.alureza0021.xyz
IRATA botnet C2 domain (confidence level: 100%)
domainalureza0021.xyz
IRATA botnet C2 domain (confidence level: 100%)
domainedsahamir.com
IRATA botnet C2 domain (confidence level: 100%)
domainwww.adblockext.ru
Havoc botnet C2 domain (confidence level: 100%)
domainadl-qow.mrface.com
IRATA payload delivery domain (confidence level: 100%)
domainadl-qsh.itsaol.com
IRATA payload delivery domain (confidence level: 100%)
domainadl-qps.fartit.com
IRATA payload delivery domain (confidence level: 100%)
domainadlirtq.mrface.com
IRATA payload delivery domain (confidence level: 100%)
domainadl-ue.faqserv.com
IRATA payload delivery domain (confidence level: 100%)
domainadl-awh.vizvaz.com
IRATA payload delivery domain (confidence level: 100%)
domainsahjsg.mrface.com
IRATA payload delivery domain (confidence level: 100%)
domainadl-fot.faqserv.com
IRATA payload delivery domain (confidence level: 100%)
domainadl-qda.fartit.com
IRATA payload delivery domain (confidence level: 100%)
domainadl-qp.fartit.com
IRATA payload delivery domain (confidence level: 100%)
domainadi.isasecret.com
IRATA payload delivery domain (confidence level: 100%)
domainadl-iro.vizvaz.com
IRATA payload delivery domain (confidence level: 100%)
domainadlf-ir.mrface.com
IRATA payload delivery domain (confidence level: 100%)
domainadloir.vizvaz.com
IRATA payload delivery domain (confidence level: 100%)
domainadl-gsq.faqserv.com
IRATA payload delivery domain (confidence level: 100%)
domainadl-aqw.itsaol.com
IRATA payload delivery domain (confidence level: 100%)
domainlogin.sharepointoneline.com
Havoc botnet C2 domain (confidence level: 100%)
domaingophish.securityjoes.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainbase2.getmygateway.com
Unknown malware botnet C2 domain (confidence level: 100%)
domaincdn.lightsteper.com
Unknown malware botnet C2 domain (confidence level: 100%)
domaincomgate.getmygateway.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainget.getmygateway.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainget.lightsteper.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainhaishirokuma.comgate.getmygateway.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainlightsteper.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainadqdqqewqewplzoqmzq.site
ClearFake payload delivery domain (confidence level: 100%)
domainbgobgogimrihehmxerreg.site
ClearFake payload delivery domain (confidence level: 100%)
domainboiibzqmk12j.com
ClearFake payload delivery domain (confidence level: 100%)
domainborbrbmrtxtrbxrq.site
ClearFake payload delivery domain (confidence level: 100%)
domainbrewasigfi1978.workers.dev
ClearFake payload delivery domain (confidence level: 100%)
domaingkrokbmrkmrxtmxrxr.space
ClearFake payload delivery domain (confidence level: 100%)
domainkomomjinndqndqwf.store
ClearFake payload delivery domain (confidence level: 100%)
domainlminoeubybyvq.com
ClearFake payload delivery domain (confidence level: 100%)
domainocmtancmi2c5t.live
ClearFake payload delivery domain (confidence level: 100%)
domainoiqwbuwbwqznjqsdfsfqhf.site
ClearFake payload delivery domain (confidence level: 100%)
domainomdowqind.site
ClearFake payload delivery domain (confidence level: 100%)
domainopkfijuifbuyynyny.com
ClearFake payload delivery domain (confidence level: 100%)
domainopmowmokmwczmwecmef.site
ClearFake payload delivery domain (confidence level: 100%)
domainpoqwjoemqzmemzgqegzqzf.online
ClearFake payload delivery domain (confidence level: 100%)
domainpwwqkppwqkezqer.site
ClearFake payload delivery domain (confidence level: 100%)
domainsioaiuhsdguywqgyuhuiqw.org
ClearFake payload delivery domain (confidence level: 100%)
domainug62r67uiijo2.com
ClearFake payload delivery domain (confidence level: 100%)
domainweomfewnfnu.site
ClearFake payload delivery domain (confidence level: 100%)
domainwffewiuofegwumzowefmgwezfzew.site
ClearFake payload delivery domain (confidence level: 100%)
domainwnimodmoiejn.site
ClearFake payload delivery domain (confidence level: 100%)
domainocmtancmi2c5t.live
HijackLoader botnet C2 domain (confidence level: 100%)
domainpiret-wismann.com
DarkGate botnet C2 domain (confidence level: 100%)
domainprestige-castom.com
DarkGate botnet C2 domain (confidence level: 100%)
domainns1.freedomsepter.com
DarkGate botnet C2 domain (confidence level: 100%)
domainns1.investmentlineup.com
DarkGate botnet C2 domain (confidence level: 100%)
domainns1.starupsysteme.com
DarkGate botnet C2 domain (confidence level: 100%)
domainns1.wiinvestmentsmart.com
DarkGate botnet C2 domain (confidence level: 100%)
domainmambergame.fun
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaindannyleagy.fun
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaindisplay.iha-medical.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainexplanation.cuphandles.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainadl-aka.itsaol.com
IRATA payload delivery domain (confidence level: 100%)
domainadl-ape.mrface.com
IRATA payload delivery domain (confidence level: 100%)
domainadl-gga.faqserv.com
IRATA payload delivery domain (confidence level: 100%)
domainadl-aff.vizvaz.com
IRATA payload delivery domain (confidence level: 100%)
domainadl-gqs.vizvaz.com
IRATA payload delivery domain (confidence level: 100%)
domainadlsg-qha.vizvaz.com
IRATA payload delivery domain (confidence level: 100%)
domainadl-qqu.fartit.com
IRATA payload delivery domain (confidence level: 100%)
domainsahame.fartit.com
IRATA payload delivery domain (confidence level: 100%)
domainadllhs.itsaol.com
IRATA payload delivery domain (confidence level: 100%)
domain68-183-124-131.ipv4.staticdns2.io
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainapi.microsoft-service.workers.dev
Havoc botnet C2 domain (confidence level: 100%)
domainepsonupdate.uk
Cobalt Strike botnet C2 domain (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttps://mitgliederbereich.frederik-malsy.com/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://moeve-schmelz.de/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://mpvip.com.br/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://musically.shift-m.com/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://my.freeintalk.com/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://mycom.global/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://myhealthspin.com/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://myinternetchapel.org/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://myoldcountryhouse.com/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://naniwa-ginzaaward.hisaki-design.com/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://nebo-trk.com/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://new.scratch-build.com/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://nhakhoablossom.vn/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://nicholasoflondon.co.uk/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://ninapodiatry.co.uk/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://mdsbio-tech.com/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://members.bonusbomber.com/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://metagaming.tv/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://movingtonewzealand.org/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://mvz-ansbach.de/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://mywinthropcondo.com/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://nattivos.com/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://nblandgroup.com/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://no.sexydate.world/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://nocknock.io/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://nordics.qolsys.com/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://northshoregreencare.co.nz/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://nortproperties.se/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://nsdayan.com/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://obrobkacieplna.com/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://obsessive.business/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://occhio.com.au/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://oceanprezentow.pl/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://np.lostsoulsuk.com/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://obrecht.agentenpreview.com/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://ocatio.co.uk/docs.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://okidok.se/news.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://oaklanddental.org/news.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://ondrejklicpera.cz/news.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://odal.codeium.dev/news.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://ogaki-asobanight.com/news.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://oldtimertreffen-rethem.de/news.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://pax-anders.de/news.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://penzion-bawaria.cz/news.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://pandr.pandroutsourcing.com/news.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://pinklittlenotebook.com/news.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://po.csrcpall.com/news.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://planex.wjg.jp/news.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://preprod.lelit.fr/news.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://prestburycheshire.com/news.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://project-ile.net/news.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://probono.6600dev.com/news.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://projectboxmedia.com/news.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://propertyshopofthecarolinas.com/news.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://quind.de/news.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://oneminutechallenge.hu/news.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://onlineandon.com/news.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://openday.mcs.it/news.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttp://mambergame.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://nima.alureza0021.xyz/nima/web.txt
IRATA botnet C2 (confidence level: 100%)
urlhttps://nima.alureza0021.xyz/nima/log.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://nima.alureza0021.xyz/nima
IRATA botnet C2 (confidence level: 100%)
urlhttps://nima.alureza0021.xyz
IRATA botnet C2 (confidence level: 100%)
urlhttps://remote.mynameisnavid.site/api/-1001969964453
IRATA botnet C2 (confidence level: 100%)
urlhttps://remote.mynameisnavid.site/config/-1001969964453
IRATA botnet C2 (confidence level: 100%)
urlhttps://remote.mynameisnavid.site/api/-1001897303747
IRATA botnet C2 (confidence level: 100%)
urlhttps://remote.mynameisnavid.site/config/-10018973037478
IRATA botnet C2 (confidence level: 100%)
urlhttps://uran-adl.fartit.com/rat.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://remote.mynameisnavid.site/api/-1001980633491
IRATA botnet C2 (confidence level: 100%)
urlhttps://remote.mynameisnavid.site/config/-1001980633491
IRATA botnet C2 (confidence level: 100%)
urlhttp://167.172.140.132/test.exe
Meterpreter payload delivery URL (confidence level: 100%)
urlhttp://174.138.126.39/ggg.exe
Meterpreter payload delivery URL (confidence level: 100%)
urlhttps://saerveradf.lol/fikow
IRATA botnet C2 (confidence level: 100%)
urlhttps://saerveradf.lol/fikow/log.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://saerveradf.lol/fikow/web.txt
IRATA botnet C2 (confidence level: 100%)
urlhttps://saerveradf.lol/fikow/phone.txt
IRATA botnet C2 (confidence level: 100%)
urlhttp://77.225.104.91:9000/1.exe
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://edsahamir.com//app.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://remote.mynameisnavid.site/config/-1001944075895
IRATA botnet C2 (confidence level: 100%)
urlhttps://edsahamir.com/%f0%9d%90%9c%e2%80%8c%e2%80%8c/app.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://remote.mynameisnavid.site/api/-1001944075895
IRATA botnet C2 (confidence level: 100%)
urlhttps://adl-qow.mrface.com/saham.apk
IRATA payload delivery URL (confidence level: 100%)
urlhttps://adl-qsh.itsaol.com/app.apk
IRATA payload delivery URL (confidence level: 100%)
urlhttp://adl-qps.fartit.com/app.apk
IRATA payload delivery URL (confidence level: 100%)
urlhttps://adlirtq.mrface.com/app1.apk
IRATA payload delivery URL (confidence level: 100%)
urlhttps://adl-ue.faqserv.com/app.apk
IRATA payload delivery URL (confidence level: 100%)
urlhttps://adl-awh.vizvaz.com/saham.apk
IRATA payload delivery URL (confidence level: 100%)
urlhttps://sahjsg.mrface.com/saham.apk
IRATA payload delivery URL (confidence level: 100%)
urlhttps://adl-fot.faqserv.com/sahamedalat.apk
IRATA payload delivery URL (confidence level: 100%)
urlhttps://adl-qda.fartit.com/app.apk
IRATA payload delivery URL (confidence level: 100%)
urlhttps://adi.isasecret.com/saham1.apk
IRATA payload delivery URL (confidence level: 100%)
urlhttps://adl-iro.vizvaz.com/saham.apk
IRATA payload delivery URL (confidence level: 100%)
urlhttps://adlf-ir.mrface.com/app.apk
IRATA payload delivery URL (confidence level: 100%)
urlhttps://adloir.vizvaz.com/app.apk
IRATA payload delivery URL (confidence level: 100%)
urlhttps://adl-gsq.faqserv.com/saham.apk
IRATA payload delivery URL (confidence level: 100%)
urlhttps://adl-aqw.itsaol.com/app.apk
IRATA payload delivery URL (confidence level: 100%)
urlhttp://evil22.dhabigroup.top/_errorpages/evil22/five/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://pushpointdelivery.com/gate.php
Arkei Stealer botnet C2 (confidence level: 100%)
urlhttp://128.140.102.206:8000/images.zip
Vidar botnet C2 (confidence level: 100%)
urlhttp://128.140.102.206:8000/
Vidar botnet C2 (confidence level: 100%)
urlhttp://8.130.128.97:8087/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://wordstt182.com/develop/v5.10/m3hconpdrlq
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://biogenx.net/forum/viewtopic.php
Pony botnet C2 (confidence level: 100%)
urlhttp://92.63.196.45:81/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://116.203.14.160:7070/upgrade.zip
Vidar botnet C2 (confidence level: 100%)
urlhttp://116.203.14.160:7070/
Vidar botnet C2 (confidence level: 100%)
urlhttp://5.75.212.77/upgrade.zip
Vidar botnet C2 (confidence level: 100%)
urlhttp://5.75.212.77/
Vidar botnet C2 (confidence level: 100%)
urlhttp://92.63.196.45:82/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://125.124.50.87:4449/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://125.124.50.87:4447/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.120.9.35/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.109.70.144:8001/updates
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://42.51.45.241/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://mlcr0s0ft.one:2086/api/3
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://101.43.108.117/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://165.227.141.64/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://77.242.250.36/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.13.158.52:8099/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://91.103.253.18
Stealc botnet C2 (confidence level: 100%)
urlhttp://aidandylan.top
Stealc botnet C2 (confidence level: 100%)
urlhttp://193.201.8.110
Stealc botnet C2 (confidence level: 100%)
urlhttp://5.42.65.39
Stealc botnet C2 (confidence level: 100%)
urlhttp://94.130.186.149
Stealc botnet C2 (confidence level: 100%)
urlhttp://89.23.98.151
Stealc botnet C2 (confidence level: 100%)
urlhttp://194.87.71.138
Stealc botnet C2 (confidence level: 100%)
urlhttp://193.201.8.121
Stealc botnet C2 (confidence level: 100%)
urlhttp://94.142.138.253
Stealc botnet C2 (confidence level: 100%)
urlhttp://194.169.175.126
Stealc botnet C2 (confidence level: 100%)
urlhttp://109.206.243.134
Stealc botnet C2 (confidence level: 100%)
urlhttp://217.196.96.16
Stealc botnet C2 (confidence level: 100%)
urlhttp://185.221.196.69
Stealc botnet C2 (confidence level: 100%)
urlhttp://91.103.252.74
Stealc botnet C2 (confidence level: 100%)
urlhttp://91.103.252.11
Stealc botnet C2 (confidence level: 100%)
urlhttp://193.201.8.123
Stealc botnet C2 (confidence level: 100%)
urlhttp://208.91.189.189
Stealc botnet C2 (confidence level: 100%)
urlhttp://116.203.55.91
Stealc botnet C2 (confidence level: 100%)
urlhttp://tetromask.site
Stealc botnet C2 (confidence level: 100%)
urlhttp://217.196.96.138
Stealc botnet C2 (confidence level: 100%)
urlhttp://elijahdiego.top
Stealc botnet C2 (confidence level: 100%)
urlhttp://jesseaustin.top
Stealc botnet C2 (confidence level: 100%)
urlhttp://77.91.97.146
Stealc botnet C2 (confidence level: 100%)
urlhttp://116.203.73.136
Stealc botnet C2 (confidence level: 100%)
urlhttp://dominiczachary.top
Stealc botnet C2 (confidence level: 100%)
urlhttp://45.140.147.83
Stealc botnet C2 (confidence level: 100%)
urlhttp://91.212.166.95
Stealc botnet C2 (confidence level: 100%)
urlhttp://91.103.253.171
Stealc botnet C2 (confidence level: 100%)
urlhttp://dixiel22.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://tysbtr65.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://ewzqcg510.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://luahap410.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://mipqzk75.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://avorae74.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://trelxh310.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://bluejackover.com/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://olsrza75.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://jaczkt57.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://xuntsc52.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://whicwq12.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://xunqmh24.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://yawubg710.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://jacukw58.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://xunius610.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://lahuwf14.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://ewzuod410.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://qalkaw22.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://wuqdun211.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://xunfml12.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://xjudab64.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://xundva410.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://wuqtaz510.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://yeit8sr.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://trekwg110.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://towgqo410.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://luawpm45.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://ywouji55.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://tyokqx24.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://yawmyr510.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://trenio65.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://mipbkr32.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://avoguc410.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://kudxoq75.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://mipjpl312.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://ewzjvx32.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://xuntol31.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://ythre3sr.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://wuqhes24.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://kyrsti44.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://ubykot72.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://xunoem712.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://xjumco24.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://gofreshdev.com/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://kyrvwz79.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://wuqdku312.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://wuqsyf55.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://quwkve35.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://miprfi24.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://olsjqj14.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://mipmgc410.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://yawzmg25.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://luauap21.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://luvasm712.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://ythre3sb.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://yawizk23.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://olsnbz210.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://jaczhy110.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://sginte310.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttps://stats-best.site/fp.php
ClearFake botnet C2 (confidence level: 100%)
urlhttp://yfive5sb.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://kudhel512.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://ewznda55.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://ewznqy210.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://kudidn210.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://ewzmix42.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://yawhop210.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://xjuzzm34.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://luazql23.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://tseven7sb.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://tixalp22.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://jaclzh55.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://fygqwc32.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://wuqewl15.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://quwszc49.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://xjuhie25.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://jacsbo34.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://fygqwg52.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://wuquyi42.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://wuqahf710.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://yawium610.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://avonuf310.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://jaclcg38.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://avosma45.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://whitbs710.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://sgitvg72.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://qallqe15.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://luaobe32.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://avoqvw210.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://jacgyt15.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://quwqjh75.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://ewzicv310.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://jacqoi46.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://treana210.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://wuqpgj62.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://yawurk110.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://kudkhj610.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://kudhxs35.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://xjuwir54.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://olskqf25.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://miphbi44.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://xjuhuf15.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://quwsgq110.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://wuqcok410.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://mipmkh110.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://tregir12.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://wuqlod22.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://yawfyx24.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://mipapz710.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://qalfya311.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://loftet12.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://sgiyhb23.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://ewzblx23.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://luarpk14.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://olsylu55.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttp://segrir110.top/gate.php
CryptBot botnet C2 (confidence level: 100%)
urlhttps://wsexdrcftgyy191.com/vvmd54
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://oiouhvtybh291.com/vvmd54
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://reedx51mut.com/vvmd54
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://adqdqqewqewplzoqmzq.site/vvmd54
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://ewkekezmwzfevwvwvvmmmmmmwfwf.site/vvmd54/
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://borbrbmrtxtrbxrq.site/vvmd54/
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://borbrbmrtxtrbxrq.site/vvmd54
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://oiqwbuwbwqznjqsdfsfqhf.site/vvmd54/
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://komomjinndqndqwf.store/vvmd54/
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://weomfewnfnu.site/vvmd54/
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://ioiubby73b1n.com/zgbn19mx
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://ug62r67uiijo2.com:443/zgbn19mx
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://wnimodmoiejn.site/zgbn19mx
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://adqdqqewqewplzoqmzq.site/zgbn19mx
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://wffewiuofegwumzowefmgwezfzew.site/zgbn19mx
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://komomjinndqndqwf.store/zgbn19mx
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://omdowqind.site/zgbn19mx
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://ojhggnfbcy62.com/lander/firefox_1695214415/_index.php
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://borbrbmrtxtrbxrq.site/lander/chrome/_index.php
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://hello-world-broken-dust-1f1c.brewasigfi1978.workers.dev/
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cdn.discordapp.com/attachments/1137823771017887835/1163051453347274852/password_1311.rar?ex=653e2b12&is=652bb612&hm=bacd97b4cc3990f3ab2381f74e8ea0a5f21691e72977fc275a214a69b7d8bb9e&
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttp://cheneseemeg7575.cash
DarkGate botnet C2 (confidence level: 100%)
urlhttp://annoyingannoying.vodka
DarkGate botnet C2 (confidence level: 100%)
urlhttp://uiahbmajokriswhoer.net
DarkGate botnet C2 (confidence level: 100%)
urlhttp://dannyleagy.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://nazarenoagape.com.br/temp/southsubstantialpro.zip
RedLine Stealer payload delivery URL (confidence level: 100%)
urlhttps://dornelesassessoria.com.br/engine/browserengine.zip
RedLine Stealer payload delivery URL (confidence level: 100%)
urlhttps://sempersim.su/a15/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttps://kurl.ru/xinms
RedLine Stealer payload delivery URL (confidence level: 100%)
urlhttps://skudo.com.mx/wp-content/uploads/docs/p-81451017.url
DarkGate payload delivery URL (confidence level: 100%)
urlhttp://devinjason.top/3886d2276f6914c4.php
Stealc botnet C2 (confidence level: 100%)
urlhttp://lqr1.shop/b01341/index.php
Azorult botnet C2 (confidence level: 100%)
urlhttps://adl-aka.itsaol.com/saham.apk
IRATA payload delivery URL (confidence level: 100%)
urlhttps://adl-ape.mrface.com/saham.apk
IRATA payload delivery URL (confidence level: 100%)
urlhttps://adl-gga.faqserv.com/saham.apk
IRATA payload delivery URL (confidence level: 100%)
urlhttps://adl-aff.vizvaz.com/app.apk
IRATA payload delivery URL (confidence level: 100%)
urlhttps://adl-gqs.vizvaz.com/sahamedalat.apk
IRATA payload delivery URL (confidence level: 100%)
urlhttps://adlsg-qha.vizvaz.com/app.apk
IRATA payload delivery URL (confidence level: 100%)
urlhttp://adl-qqu.fartit.com/saham.apk
IRATA payload delivery URL (confidence level: 100%)
urlhttps://sahame.fartit.com/saham.apk
IRATA payload delivery URL (confidence level: 100%)
urlhttps://adllhs.itsaol.com/saham1.apk
IRATA payload delivery URL (confidence level: 100%)
urlhttp://sempersim.su/a15/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://hellouts.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://121.196.202.174/recite/v9.52/6fcq3uvd9
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://epsonupdate.uk/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)

Threat ID: 682c7abde3e6de8ceb75349b

Added to database: 5/20/2025, 12:51:09 PM

Last enriched: 6/19/2025, 1:49:10 PM

Last updated: 8/17/2025, 2:38:18 PM

Views: 12

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats