Skip to main content

ThreatFox IOCs for 2023-11-02

Medium
Published: Thu Nov 02 2023 (11/02/2023, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2023-11-02

AI-Powered Analysis

AILast updated: 06/19/2025, 13:34:22 UTC

Technical Analysis

The provided threat intelligence concerns a set of Indicators of Compromise (IOCs) published on November 2, 2023, by ThreatFox, a platform specializing in sharing threat intelligence data. The threat is categorized as malware-related, specifically linked to OSINT (Open Source Intelligence) activities. However, the information lacks detailed technical specifics such as affected software versions, attack vectors, or malware behavior. The threat level is indicated as 2 on an unspecified scale, with analysis and distribution scores of 1 and 3 respectively, suggesting moderate dissemination but limited analytical depth. No known exploits in the wild have been reported, and no Common Weakness Enumerations (CWEs) or patch links are provided. The absence of concrete technical indicators or attack patterns implies that this intelligence primarily serves as a repository of IOCs for detection and monitoring rather than describing an active or novel malware campaign. The TLP (Traffic Light Protocol) classification is white, meaning the information is intended for unrestricted sharing. Overall, this threat intelligence entry appears to be a routine update of malware-related IOCs without immediate evidence of exploitation or targeted attacks.

Potential Impact

Given the limited technical details and the absence of known active exploits, the immediate impact on European organizations is likely low to medium. The threat primarily serves as intelligence for detection rather than indicating an ongoing or imminent attack. However, if these IOCs correspond to malware that could be used in targeted campaigns, organizations relying on OSINT tools or those monitoring malware activity could face risks such as data leakage, system compromise, or disruption if the malware were to be deployed. The lack of specific affected products or versions limits the ability to assess direct vulnerabilities. European entities involved in cybersecurity monitoring, threat hunting, or incident response may find this intelligence useful for enhancing detection capabilities. The medium severity rating suggests a moderate concern level, emphasizing the need for vigilance but not immediate alarm.

Mitigation Recommendations

1. Integrate the provided IOCs into existing security monitoring tools such as SIEM (Security Information and Event Management) systems, IDS/IPS (Intrusion Detection/Prevention Systems), and endpoint detection platforms to enhance detection capabilities. 2. Conduct regular threat hunting exercises using these IOCs to identify any signs of compromise within the network. 3. Maintain up-to-date threat intelligence feeds and ensure security teams are trained to interpret and act upon OSINT-derived indicators. 4. Since no specific vulnerabilities or patches are mentioned, focus on strengthening general malware defenses: enforce least privilege access, implement application whitelisting, and ensure robust endpoint protection. 5. Collaborate with national and European cybersecurity information sharing organizations (e.g., ENISA, CERT-EU) to contextualize these IOCs within broader threat landscapes. 6. Regularly review and update incident response plans to incorporate detection and mitigation strategies for malware-related threats identified through OSINT. 7. Given the TLP:white classification, share relevant findings and detections with trusted partners to improve collective defense.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
efc89e82-d9ff-4596-9ed5-c2820c55ad6c
Original Timestamp
1698969786

Indicators of Compromise

Domain

ValueDescriptionCopy
domainprofitcentronline.com
DarkGate botnet C2 domain (confidence level: 100%)
domainapix.mircofots.online
Havoc botnet C2 domain (confidence level: 100%)
domainec2-3-254-254-189.eu-west-1.compute.amazonaws.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainclients.dns-response.net
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainec2-43-198-242-245.ap-east-1.compute.amazonaws.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainhongtong502.cc
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainec2-44-198-16-37.compute-1.amazonaws.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainclients.trafficmannager.net
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwebmail.gpuxdrv.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaininfo.union-pay.vip
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainlife.union-pay.vip
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaincard.union-pay.vip
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainup.union-pay.vip
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainec2-16-170-143-138.eu-north-1.compute.amazonaws.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domains.svmp.eu.org
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainupdates.imedicalhub.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaingame.easthudsoninvestments.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainns1.obenkyou.site
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainns2.obenkyou.site
Cobalt Strike botnet C2 domain (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttp://ronaldrichards.icu/e9c345fc99a4e67e.php
Stealc botnet C2 (confidence level: 100%)
urlhttp://167.235.20.126/bjdm32dp/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttp://185.196.8.176/7jshasds/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttp://94.142.138.147/
Vidar botnet C2 (confidence level: 100%)
urlhttp://94.142.138.147/update.zip
Vidar botnet C2 (confidence level: 100%)
urlhttp://68.183.77.192/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.138.138.153:10001/updates
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://webmail.gpuxdrv.com/ug
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.138.187.61:6666/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.221.174.192/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://16.170.143.138/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://8.137.10.80/pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://154.12.26.151/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://47.253.53.122/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.108.164.9:88/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://35.171.155.9/link.html
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://121.40.66.171/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://43.136.38.59/www/handle/doc
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://110.42.222.61/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://54.217.61.189:8080/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://d22h19icfueroa.cloudfront.net/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://5.8.18.237/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.40.250.30/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.100.180.123:3003/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://150.158.181.243:8011/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://150.158.50.177:7779/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://8.219.207.66:6666/async/newtab_ogb
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://179.60.150.57/idle/1376547834/1
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://146.19.170.210/idle/1376547834/1
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.40.66.171:85/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.13.158.52:8099/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://150.158.161.38:8081/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.94.221.227/pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.71.212.123:9999/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://216.128.185.35/mdh/gunne
Pikabot payload delivery URL (confidence level: 100%)
urlhttp://45.77.72.139/wvieuje/overi
Pikabot payload delivery URL (confidence level: 100%)
urlhttp://216.128.185.29/aumr/unnec
Pikabot payload delivery URL (confidence level: 100%)
urlhttp://enouselr.pw/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://justlookaround.s3.amazonaws.com/soprateste.zip
lampion payload delivery URL (confidence level: 100%)
urlhttps://justlookaround.s3.amazonaws.com/poiiuyetr
lampion payload delivery URL (confidence level: 100%)
urlhttp://shsukadadyuikmmonk.com:2351/msikrxeiths
DarkGate botnet C2 (confidence level: 100%)
urlhttp://110.42.222.61/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://35.171.155.9/link.html
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://103.39.78.153/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://114.132.74.172:8088/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://116.204.114.199:7001/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.37.215.238/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://31.220.2.200/~gollpree/4/inc/80c2d1651b23ae.php
Agent Tesla botnet C2 (confidence level: 100%)
urlhttps://114.115.220.199/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://114.115.220.199:8089/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)

File

ValueDescriptionCopy
file194.49.94.41
RisePro botnet C2 server (confidence level: 80%)
file3.94.88.252
Meterpreter botnet C2 server (confidence level: 80%)
file20.220.86.194
Havoc botnet C2 server (confidence level: 100%)
file91.92.255.32
Havoc botnet C2 server (confidence level: 100%)
file64.227.179.34
Havoc botnet C2 server (confidence level: 100%)
file136.243.185.107
Havoc botnet C2 server (confidence level: 100%)
file91.109.182.7
AsyncRAT botnet C2 server (confidence level: 100%)
file177.143.216.81
AsyncRAT botnet C2 server (confidence level: 100%)
file162.55.36.154
AsyncRAT botnet C2 server (confidence level: 100%)
file207.246.74.117
AsyncRAT botnet C2 server (confidence level: 100%)
file136.243.151.21
AsyncRAT botnet C2 server (confidence level: 100%)
file51.161.107.9
Quasar RAT botnet C2 server (confidence level: 100%)
file223.155.16.135
Quasar RAT botnet C2 server (confidence level: 100%)
file154.244.248.129
Orcus RAT botnet C2 server (confidence level: 100%)
file43.128.85.89
Unknown malware botnet C2 server (confidence level: 100%)
file156.224.26.138
Unknown malware botnet C2 server (confidence level: 100%)
file156.224.27.20
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.114
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.24
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.204
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.75
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.119
Venom RAT botnet C2 server (confidence level: 100%)
file128.90.108.62
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.185
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.130
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.100
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.161
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.86
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.65
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.50
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.193
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.116
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.95
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.225
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.126
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.138
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.54
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.82
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.145
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.208
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.67
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.232
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.231
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.197
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.136
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.248
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.90
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.151
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.103
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.241
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.242
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.68
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.36
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.174
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.56
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.93
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.210
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.207
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.182
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.111
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.216
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.186
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.148
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.132
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.117
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.184
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.246
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.55
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.218
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.89
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.157
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.123
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.140
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.195
Venom RAT botnet C2 server (confidence level: 100%)
file195.123.233.206
DarkGate botnet C2 server (confidence level: 100%)
file43.132.210.141
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.172.128.97
Cobalt Strike botnet C2 server (confidence level: 100%)
file16.170.143.138
Cobalt Strike botnet C2 server (confidence level: 100%)
file3.254.254.189
Cobalt Strike botnet C2 server (confidence level: 100%)
file211.159.173.202
Cobalt Strike botnet C2 server (confidence level: 100%)
file211.159.173.202
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.204.56.105
Cobalt Strike botnet C2 server (confidence level: 100%)
file54.144.111.154
Meterpreter botnet C2 server (confidence level: 80%)
file47.109.19.188
Cobalt Strike botnet C2 server (confidence level: 80%)
file194.87.217.31
Nanocore RAT botnet C2 server (confidence level: 80%)
file47.103.205.56
Unknown malware botnet C2 server (confidence level: 50%)
file104.36.229.15
BianLian botnet C2 server (confidence level: 50%)
file104.36.229.15
BianLian botnet C2 server (confidence level: 50%)
file95.179.157.228
BianLian botnet C2 server (confidence level: 50%)
file103.57.250.152
BianLian botnet C2 server (confidence level: 50%)
file20.94.83.139
Havoc botnet C2 server (confidence level: 50%)
file39.40.185.182
QakBot botnet C2 server (confidence level: 50%)
file75.134.206.177
QakBot botnet C2 server (confidence level: 50%)
file76.138.97.245
QakBot botnet C2 server (confidence level: 50%)
file176.92.103.90
QakBot botnet C2 server (confidence level: 50%)
file15.235.44.231
Pikabot botnet C2 server (confidence level: 50%)
file5.182.211.177
Meterpreter botnet C2 server (confidence level: 80%)
file94.156.64.212
Nanocore RAT botnet C2 server (confidence level: 80%)
file39.100.84.221
Cobalt Strike botnet C2 server (confidence level: 80%)
file18.192.31.165
NjRAT botnet C2 server (confidence level: 100%)
file3.125.102.39
NjRAT botnet C2 server (confidence level: 100%)
file3.124.142.205
NjRAT botnet C2 server (confidence level: 100%)
file154.9.27.108
Unknown malware botnet C2 server (confidence level: 80%)
file194.169.175.136
RisePro botnet C2 server (confidence level: 80%)
file194.59.40.141
Meterpreter botnet C2 server (confidence level: 80%)
file188.26.127.4
Pikabot botnet C2 server (confidence level: 100%)
file154.12.26.151
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.253.53.122
Cobalt Strike botnet C2 server (confidence level: 100%)
file194.49.94.41
RisePro botnet C2 server (confidence level: 100%)
file103.158.190.167
ShadowPad botnet C2 server (confidence level: 100%)
file39.107.107.245
Cobalt Strike botnet C2 server (confidence level: 80%)
file139.180.217.229
ShadowPad botnet C2 server (confidence level: 75%)
file139.59.29.27
ShadowPad botnet C2 server (confidence level: 50%)
file24.152.38.230
Nanocore RAT botnet C2 server (confidence level: 80%)
file20.96.151.88
Unknown malware botnet C2 server (confidence level: 80%)
file91.92.254.68
Cobalt Strike botnet C2 server (confidence level: 80%)
file38.87.198.238
Meterpreter botnet C2 server (confidence level: 80%)
file94.156.64.213
Ave Maria botnet C2 server (confidence level: 100%)
file195.123.233.144
DarkGate botnet C2 server (confidence level: 100%)
file92.118.235.251
Bandit Stealer botnet C2 server (confidence level: 80%)
file82.117.254.52
DarkGate botnet C2 server (confidence level: 100%)
file35.87.234.204
Unknown malware botnet C2 server (confidence level: 100%)
file148.135.95.95
Unknown malware botnet C2 server (confidence level: 100%)
file115.74.32.60
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.236
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.57
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.92
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.243
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.71
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.238
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.106
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.252
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.209
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.115
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.74
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.118
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.254
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.144
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.131
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.163
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.129
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.217
Venom RAT botnet C2 server (confidence level: 100%)
file156.224.27.43
Venom RAT botnet C2 server (confidence level: 100%)
file106.52.95.146
Venom RAT botnet C2 server (confidence level: 100%)
file172.190.93.64
Cobalt Strike botnet C2 server (confidence level: 100%)
file172.190.93.64
Cobalt Strike botnet C2 server (confidence level: 100%)
file46.21.153.163
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.142.89.138
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.115.215.27
Cobalt Strike botnet C2 server (confidence level: 100%)
file111.67.195.24
Cobalt Strike botnet C2 server (confidence level: 100%)
file31.192.238.6
Cobalt Strike botnet C2 server (confidence level: 100%)
file1.116.241.31
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.74.33.150
Cobalt Strike botnet C2 server (confidence level: 100%)
file16.162.88.155
Cobalt Strike botnet C2 server (confidence level: 100%)
file119.96.222.21
Cobalt Strike botnet C2 server (confidence level: 100%)
file52.195.215.30
Cobalt Strike botnet C2 server (confidence level: 100%)
file120.27.247.156
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.198.242.245
Cobalt Strike botnet C2 server (confidence level: 100%)
file139.198.187.234
Cobalt Strike botnet C2 server (confidence level: 100%)
file54.228.160.186
Cobalt Strike botnet C2 server (confidence level: 100%)
file34.209.178.22
Cobalt Strike botnet C2 server (confidence level: 100%)
file119.91.217.168
Cobalt Strike botnet C2 server (confidence level: 100%)
file82.156.151.200
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.102.209.7
Cobalt Strike botnet C2 server (confidence level: 100%)
file142.93.143.86
Cobalt Strike botnet C2 server (confidence level: 80%)
file69.24.199.30
Remcos botnet C2 server (confidence level: 80%)
file138.197.127.231
Cobalt Strike botnet C2 server (confidence level: 100%)
file3.144.132.153
Cobalt Strike botnet C2 server (confidence level: 100%)
file3.22.30.40
Nanocore RAT botnet C2 server (confidence level: 100%)
file3.134.39.220
Nanocore RAT botnet C2 server (confidence level: 100%)
file3.17.7.232
Nanocore RAT botnet C2 server (confidence level: 100%)
file3.14.182.203
Nanocore RAT botnet C2 server (confidence level: 100%)
file3.13.191.225
Nanocore RAT botnet C2 server (confidence level: 100%)
file3.134.125.175
Nanocore RAT botnet C2 server (confidence level: 100%)
file210.243.8.247
Pikabot botnet C2 server (confidence level: 100%)
file20.22.18.80
BumbleBee botnet C2 server (confidence level: 75%)
file3.125.102.39
NjRAT botnet C2 server (confidence level: 100%)
file3.124.142.205
NjRAT botnet C2 server (confidence level: 100%)
file18.192.31.165
NjRAT botnet C2 server (confidence level: 100%)
file3.125.209.94
NjRAT botnet C2 server (confidence level: 100%)
file3.125.223.134
NjRAT botnet C2 server (confidence level: 100%)
file31.220.2.200
Agent Tesla botnet C2 server (confidence level: 50%)
file104.36.229.15
BianLian botnet C2 server (confidence level: 50%)
file157.245.48.209
BianLian botnet C2 server (confidence level: 50%)
file103.57.250.152
BianLian botnet C2 server (confidence level: 50%)
file52.15.189.183
Responder botnet C2 server (confidence level: 50%)
file172.86.96.200
Responder botnet C2 server (confidence level: 50%)
file31.190.242.89
QakBot botnet C2 server (confidence level: 50%)
file85.107.13.41
QakBot botnet C2 server (confidence level: 50%)
file181.94.42.6
QakBot botnet C2 server (confidence level: 50%)
file117.215.21.86
QakBot botnet C2 server (confidence level: 50%)
file77.124.16.58
QakBot botnet C2 server (confidence level: 50%)
file120.78.135.166
Meterpreter botnet C2 server (confidence level: 80%)
file195.244.112.143
Meterpreter botnet C2 server (confidence level: 80%)
file161.35.174.5
IcedID botnet C2 server (confidence level: 80%)
file185.193.126.90
Meterpreter botnet C2 server (confidence level: 80%)
file181.90.42.189
AsyncRAT botnet C2 server (confidence level: 100%)
file45.129.199.158
IcedID botnet C2 server (confidence level: 75%)
file172.86.75.163
IcedID botnet C2 server (confidence level: 75%)
file193.149.185.196
IcedID botnet C2 server (confidence level: 75%)
file213.139.205.136
IcedID botnet C2 server (confidence level: 75%)
file91.92.246.64
Remcos botnet C2 server (confidence level: 75%)
file91.92.240.91
DCRat botnet C2 server (confidence level: 80%)
file18.156.84.197
Sliver botnet C2 server (confidence level: 80%)
file54.221.127.105
Meterpreter botnet C2 server (confidence level: 80%)
file91.92.253.37
Meterpreter botnet C2 server (confidence level: 80%)
file45.61.139.234
BianLian botnet C2 server (confidence level: 80%)
file114.115.220.199
Cobalt Strike botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash8081
RisePro botnet C2 server (confidence level: 80%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash8443
Havoc botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash3389
AsyncRAT botnet C2 server (confidence level: 100%)
hash2222
AsyncRAT botnet C2 server (confidence level: 100%)
hash8000
AsyncRAT botnet C2 server (confidence level: 100%)
hash69
AsyncRAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash23333
Quasar RAT botnet C2 server (confidence level: 100%)
hash80
Orcus RAT botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4433
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash2351
DarkGate botnet C2 server (confidence level: 100%)
hash2083
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash49999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 80%)
hash54984
Nanocore RAT botnet C2 server (confidence level: 80%)
hash80
Unknown malware botnet C2 server (confidence level: 50%)
hash80
BianLian botnet C2 server (confidence level: 50%)
hash8443
BianLian botnet C2 server (confidence level: 50%)
hash443
BianLian botnet C2 server (confidence level: 50%)
hash3771
BianLian botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash995
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash995
QakBot botnet C2 server (confidence level: 50%)
hash5938
Pikabot botnet C2 server (confidence level: 50%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash54984
Nanocore RAT botnet C2 server (confidence level: 80%)
hash80
Cobalt Strike botnet C2 server (confidence level: 80%)
hash19097
NjRAT botnet C2 server (confidence level: 100%)
hash19097
NjRAT botnet C2 server (confidence level: 100%)
hash19097
NjRAT botnet C2 server (confidence level: 100%)
hash9006
Unknown malware botnet C2 server (confidence level: 80%)
hash8081
RisePro botnet C2 server (confidence level: 80%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash13785
Pikabot botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash50500
RisePro botnet C2 server (confidence level: 100%)
hash80
ShadowPad botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 80%)
hash443
ShadowPad botnet C2 server (confidence level: 75%)
hash443
ShadowPad botnet C2 server (confidence level: 50%)
hash54984
Nanocore RAT botnet C2 server (confidence level: 80%)
hash80
Unknown malware botnet C2 server (confidence level: 80%)
hash443
Cobalt Strike botnet C2 server (confidence level: 80%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash5200
Ave Maria botnet C2 server (confidence level: 100%)
hash2351
DarkGate botnet C2 server (confidence level: 100%)
hash9c771d15e7bc6a750c7355bc4cc9e403
lampion payload (confidence level: 100%)
hashc4a6694925248ddf75d2849f5460f320
lampion payload (confidence level: 100%)
hashc33204558390a8b5fa32a7fe15141014
lampion payload (confidence level: 100%)
hash38a996533697a5e17e1e7e9b32ec16e9
lampion payload (confidence level: 100%)
hash5feb6bde72978cadbf06659506a4ab8d
lampion payload (confidence level: 100%)
hash9c5b05e761e0d058f41afe733e1025f8
lampion payload (confidence level: 100%)
hash25ca63d94eb39299563fa51986c9a17b
lampion payload (confidence level: 100%)
hashab51f4b7d7180d459a58a9d1e13b1140ba201873
lampion payload (confidence level: 100%)
hash7849a278fa962d6ea4aa51c0587494ad910c873a
lampion payload (confidence level: 100%)
hashfe13fb3abf5ee184d87d49f60bb9932ceca24782
lampion payload (confidence level: 100%)
hash3f13bc906d7d231720eac8b606515e09ae22e1d9
lampion payload (confidence level: 100%)
hashc9372d98f1146f7c42fbcf84fa1b8a2ce0201fd5
lampion payload (confidence level: 100%)
hash968419fdf5c8fda4d2ef5efd0fd7c8beb7a82d53
lampion payload (confidence level: 100%)
hash8080
Bandit Stealer botnet C2 server (confidence level: 80%)
hash2351
DarkGate botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8000
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash8880
Venom RAT botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9090
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash10002
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8089
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9090
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 80%)
hash1800
Remcos botnet C2 server (confidence level: 80%)
hash53
Cobalt Strike botnet C2 server (confidence level: 100%)
hash53
Cobalt Strike botnet C2 server (confidence level: 100%)
hash15432
Nanocore RAT botnet C2 server (confidence level: 100%)
hash15432
Nanocore RAT botnet C2 server (confidence level: 100%)
hash15432
Nanocore RAT botnet C2 server (confidence level: 100%)
hash15432
Nanocore RAT botnet C2 server (confidence level: 100%)
hash15432
Nanocore RAT botnet C2 server (confidence level: 100%)
hash15432
Nanocore RAT botnet C2 server (confidence level: 100%)
hash23399
Pikabot botnet C2 server (confidence level: 100%)
hash443
BumbleBee botnet C2 server (confidence level: 75%)
hash11337
NjRAT botnet C2 server (confidence level: 100%)
hash11337
NjRAT botnet C2 server (confidence level: 100%)
hash11337
NjRAT botnet C2 server (confidence level: 100%)
hash11337
NjRAT botnet C2 server (confidence level: 100%)
hash11337
NjRAT botnet C2 server (confidence level: 100%)
hash80
Agent Tesla botnet C2 server (confidence level: 50%)
hash8000
BianLian botnet C2 server (confidence level: 50%)
hash8088
BianLian botnet C2 server (confidence level: 50%)
hash6477
BianLian botnet C2 server (confidence level: 50%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash993
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash443
IcedID botnet C2 server (confidence level: 80%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
IcedID botnet C2 server (confidence level: 75%)
hash80
IcedID botnet C2 server (confidence level: 75%)
hash80
IcedID botnet C2 server (confidence level: 75%)
hash80
IcedID botnet C2 server (confidence level: 75%)
hash34771
Remcos botnet C2 server (confidence level: 75%)
hash8848
DCRat botnet C2 server (confidence level: 80%)
hash2376
Sliver botnet C2 server (confidence level: 80%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash042744f8880dc7c4c90fc393c2c5641327df6a9a1865c591f3a2a79c00a1bbbd
IRATA payload (confidence level: 100%)
hash45ea6132ade1403a696e5f7e053518a123e32bf1922d1ae601faa43c865c9f45
IRATA payload (confidence level: 100%)
hash11543bd05be88f9d9f558556a514204cd0c4e0f2144106475e76e4b583cac1b5
IRATA payload (confidence level: 100%)
hashb8f569d5fbebc9aa461deb7a883a68b6
IRATA payload (confidence level: 100%)
hash199cfecd1c325cf004e63e5c60bde7d7
IRATA payload (confidence level: 100%)
hashf598986a68dc631d348e01f0288a7772
IRATA payload (confidence level: 100%)
hash8083
BianLian botnet C2 server (confidence level: 80%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)

Threat ID: 682c7abde3e6de8ceb752fc0

Added to database: 5/20/2025, 12:51:09 PM

Last enriched: 6/19/2025, 1:34:22 PM

Last updated: 8/12/2025, 3:11:33 PM

Views: 8

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats