Skip to main content

ThreatFox IOCs for 2023-11-15

Medium
Published: Wed Nov 15 2023 (11/15/2023, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2023-11-15

AI-Powered Analysis

AILast updated: 07/05/2025, 23:10:47 UTC

Technical Analysis

The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2023-11-15 by the ThreatFox MISP Feed, categorized under malware and OSINT (Open Source Intelligence). The data appears to focus on network activity and payload delivery mechanisms, which are common vectors for malware propagation and command-and-control communications. However, the details are limited, with no specific affected software versions, no known exploits in the wild, and no patches available. The threat level is indicated as medium, with a threatLevel score of 2 and distribution score of 3, suggesting moderate dissemination potential but limited immediate impact or sophistication. The absence of concrete technical indicators or CWEs (Common Weakness Enumerations) implies that this is a general intelligence update rather than a description of a novel or active exploit. The classification as OSINT and network activity suggests the threat intelligence is primarily focused on detection and monitoring rather than describing a direct vulnerability or exploit. Overall, this appears to be an informational update on malware-related IOCs rather than a detailed vulnerability or active threat campaign.

Potential Impact

For European organizations, the impact of this threat intelligence update is primarily in enhancing situational awareness and improving detection capabilities. Since there are no known active exploits or patches, the immediate risk of compromise is low to medium. However, the presence of payload delivery and network activity indicators means organizations could be targeted by malware campaigns leveraging these IOCs for initial access or lateral movement. European entities with extensive network infrastructure and those in critical sectors such as finance, energy, and government should consider this intelligence as part of their threat hunting and monitoring processes. The lack of specific affected products or vulnerabilities limits the direct operational impact but underscores the need for continuous monitoring of network traffic and endpoint behavior to detect potential malicious activity early.

Mitigation Recommendations

1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities. 2. Conduct proactive threat hunting exercises using the updated IOCs to identify any signs of compromise within the network. 3. Maintain up-to-date network segmentation and strict access controls to limit potential lateral movement if payload delivery attempts occur. 4. Regularly update and patch all systems and software, even though no specific patches are indicated, to reduce the attack surface. 5. Educate security teams on the latest OSINT feeds and encourage collaboration with threat intelligence sharing platforms to stay informed about emerging threats. 6. Implement network traffic analysis tools to monitor for unusual or suspicious payload delivery patterns that align with the IOCs. 7. Review and update incident response plans to incorporate detection and response strategies for malware-related network activity.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
fda1b177-04c8-4e52-b20b-35cf3cab9448
Original Timestamp
1700092986

Indicators of Compromise

Url

ValueDescriptionCopy
urlhttp://shohetrc.com/forum/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttp://shohetrc.com/forum/login.php
Amadey botnet C2 (confidence level: 100%)
urlhttp://shohetrc.com/forum/index.php?scr=1
Amadey botnet C2 (confidence level: 100%)
urlhttp://tceducn.com/forum/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttp://tceducn.com/forum/login.php
Amadey botnet C2 (confidence level: 100%)
urlhttp://shohetrc.com/forum/plugins/clip64.dll
Amadey payload delivery URL (confidence level: 100%)
urlhttp://shohetrc.com/forum/plugins/cred64.dll
Amadey payload delivery URL (confidence level: 100%)
urlhttps://planbusiness.com.tr/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttps://planlimited.com.tr/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttps://planultra.com.tr/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttps://octobusiness.com.tr/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttps://businessocto.com.tr/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttps://94.156.68.231/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttps://mmma8291play.xyz/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttps://94.156.68.232/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttps://94.156.68.233/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttps://94.156.68.234/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttps://mmma8291play.net/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttps://mmma8291play.com/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttps://mmma7811play.net/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttps://mmma7811play.xyz/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttps://mmma7811play.com/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttp://amzoneyfotela.net/
Hydra botnet C2 (confidence level: 100%)
urlhttp://aynedfer.net/
Hydra botnet C2 (confidence level: 100%)
urlhttp://terekovenzozsen.net/
Hydra botnet C2 (confidence level: 100%)
urlhttps://8.210.141.104/owa/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://8.210.141.104/ews/2012
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://185.29.10.12/2023/panel/index.php
Azorult botnet C2 (confidence level: 100%)
urlhttps://frensterol.com/yveu/
Pikabot payload delivery URL (confidence level: 100%)
urlhttps://re-tend.com/ud0vh/
Pikabot payload delivery URL (confidence level: 100%)
urlhttp://www.theokanegroup.com/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://92.63.196.45:81/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.40.243.103:8080/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.223.83.171:8055/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.43.49.244:8888/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.117.79.251:88/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://110.42.222.61/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://20.107.244.135/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://110.40.171.243/upload/v7.89/qikqd52kv7
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.129.249.115:65534/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://rockpython.xyz/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://service-3s2hxn8v-1308639534.sh.apigw.tencentcs.com/api/getit
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://121.40.66.171/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://8.219.229.99/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://195.20.16.93/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttps://dodovdo.store/kla/phone.txt
IRATA botnet C2 (confidence level: 100%)
urlhttps://dodovdo.store/kla/log.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://dodovdo.store/
IRATA botnet C2 (confidence level: 100%)
urlhttps://salesthe.xyz/reza/web.txt
IRATA botnet C2 (confidence level: 100%)
urlhttps://salesthe.xyz/reza/log.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://ed.sahmane.sbs//apply.php
IRATA botnet C2 (confidence level: 100%)
urlhttp://91.92.243.151/api/firegate.php
PrivateLoader botnet C2 (confidence level: 100%)
urlhttp://8.130.79.38:5432/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.221.237.165/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.43.170.225:8090/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.37.18.7/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.116.113.9:8887/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://82.157.69.161:8099/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://117.50.176.222:8001/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://ctrdfg.cloud/eblis/grape.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://ctrdfg.cloud/eblis/
IRATA botnet C2 (confidence level: 100%)
urlhttps://ctrdfg.cloud/eblis/strawberry.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://xdpanel.cloud/tools/eblis.json
IRATA botnet C2 (confidence level: 100%)
urlhttps://xdpanel.cloud/tools/
IRATA botnet C2 (confidence level: 100%)
urlhttps://xdpanel.cloud/
IRATA botnet C2 (confidence level: 100%)
urlhttps://jooshorks.pw/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://213.248.43.53/loader/screen/owysn2ysn2ysytasowusodysogmsotysnjqsn2ms
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://213.248.43.53/task/owysn2ysn2ysytasowusodysogmsotysnjqsn2ms
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttps://drnull.pkmqazreza.workers.dev/api/-1001983244127?encrypted=true
IRATA botnet C2 (confidence level: 100%)
urlhttps://drnull.pkmqazreza.workers.dev/api/-1001983244127
IRATA botnet C2 (confidence level: 100%)
urlhttps://drnull.pkmqazreza.workers.dev/config/-1001983244127
IRATA botnet C2 (confidence level: 100%)
urlhttps://drnull.pkmqazreza.workers.dev/
IRATA botnet C2 (confidence level: 100%)
urlhttps://dodovdo.store/far/web.txt
IRATA botnet C2 (confidence level: 100%)
urlhttps://dodovdo.store/far/phone.txt
IRATA botnet C2 (confidence level: 100%)
urlhttps://adjj-ir.itsaol.com/in.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://salesthe.xyz/arslan/log.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://salesthe.xyz/arslan/web.txt
IRATA botnet C2 (confidence level: 100%)
urlhttps://dodovdo.store/gold/log.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://dodovdo.store/gold/phone.txt
IRATA botnet C2 (confidence level: 100%)
urlhttp://engrousf.pw/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://er.aledlsa.sbs/%f0%9d%90%a2%f0%9d%90%ab/
IRATA botnet C2 (confidence level: 100%)
urlhttps://er.aledlsa.sbs//apply.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://er.aledlsa.sbs/%f0%9d%90%a2%f0%9d%90%ab/apply.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://salesthe.xyz/kmeran/web.txt
IRATA botnet C2 (confidence level: 100%)
urlhttps://salesthe.xyz/kmeran/log.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://ed.sarltma.rest/
IRATA botnet C2 (confidence level: 100%)
urlhttps://ed.sarltma.rest//rat.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://ed.sarltma.rest/%f0%9d%90%9c%e2%80%8c%e2%80%8c/rat.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://salesthe.xyz/estayls/log.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://salesthe.xyz/estayls/web.txt
IRATA botnet C2 (confidence level: 100%)
urlhttps://www.mediafire.com/file/roa5krtmcmkvszq/cheatgeame.rar/file
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://cutt.ly/ywrf4ghd
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://kurl.ru/baknx
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://softonyxx.com/
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://www.mediafire.com/file/z5bov2gbgti7kse/cheat.zip/file
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://sites.google.com/view/valorant45
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://iirir.com/khodam/log.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://tinyurl.com/mryh33jv
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://iirir.com/khodam/web.txt
IRATA botnet C2 (confidence level: 100%)
urlhttps://www.mediafire.com/file/3a6x11o8uilhi5c/dowloand.rar/file
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://iirir.com/khodam/
IRATA botnet C2 (confidence level: 100%)
urlhttps://www.mediafire.com/file/7bhp93gywcm1gjl/valorant.zip/file
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://kurl.ru/tpqme
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://www.dropbox.com/scl/fi/xnz4fm9l50zx67d9tl21u/launcher.zip?rlkey=nsye76y375ig7d9geraku6x72&dl=1
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://cutt.ly/1wym3o2q
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://tinyurl.com/56mk7pa8
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://kurl.ru/fkwvg
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://tinyurl.com/5ebpnjc8
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://www.mediafire.com/file/0c01oazdhg3vyvj/software_by_nixware_v1.rar
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://cutt.ly/pwyampux
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://cdn.discordapp.com/attachments/950116131354587206/1173339506448015462/setup.rar?ex=65639891&is=65512391&hm=b4b9cb1aae0be535158b8cdce3b740888601274569493a23a0d2a41910ca3c83&
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://www.mediafire.com/file/5706qszapws9a6s/software_by_nixware_v2.rar
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://cdn.discordapp.com/attachments/1173717476106838098/1173717612853743727/killazz_github.zip?ex=6564f8b5&is=655283b5&hm=1d5f5bf5f7a3d968c9ce852cff481262997e3f4014d3f97c6c73798d17fb4bff&
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://www.mediafire.com/file/a758f7iedcl34v8/filesetup.7z/file
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://cdn.discordapp.com/attachments/1170056539550273571/1172900269948936312/installer.zip?ex=6561ff7f&is=654f8a7f&hm=014482ae538b9864fc9113273fb768d47d6fe13dbaea6ebefcef8df8a7931105&
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttp://noladuer.pw/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://hardcorearrpa.viewdns.net/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://175.178.14.59/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.94.43.210:8080/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)

File

ValueDescriptionCopy
file111.230.198.166
Cobalt Strike botnet C2 server (confidence level: 80%)
file101.36.110.122
Cobalt Strike botnet C2 server (confidence level: 80%)
file54.174.89.226
Sliver botnet C2 server (confidence level: 80%)
file83.40.181.55
Meterpreter botnet C2 server (confidence level: 80%)
file65.49.210.124
Cobalt Strike botnet C2 server (confidence level: 80%)
file8.210.141.104
Cobalt Strike botnet C2 server (confidence level: 100%)
file141.164.62.87
ShadowPad botnet C2 server (confidence level: 75%)
file178.190.102.43
Sliver botnet C2 server (confidence level: 80%)
file103.212.81.158
Remcos botnet C2 server (confidence level: 75%)
file52.61.168.199
Unknown malware botnet C2 server (confidence level: 80%)
file45.85.249.39
Meterpreter botnet C2 server (confidence level: 80%)
file34.245.119.31
BianLian botnet C2 server (confidence level: 80%)
file162.14.102.159
Cobalt Strike botnet C2 server (confidence level: 80%)
file54.193.91.232
BianLian botnet C2 server (confidence level: 50%)
file170.64.171.160
Havoc botnet C2 server (confidence level: 50%)
file144.76.182.181
Havoc botnet C2 server (confidence level: 50%)
file34.81.238.204
Responder botnet C2 server (confidence level: 50%)
file3.97.232.186
Responder botnet C2 server (confidence level: 50%)
file54.186.60.102
Responder botnet C2 server (confidence level: 50%)
file24.199.115.140
Responder botnet C2 server (confidence level: 50%)
file154.247.166.34
QakBot botnet C2 server (confidence level: 50%)
file142.154.8.161
QakBot botnet C2 server (confidence level: 50%)
file102.113.158.156
QakBot botnet C2 server (confidence level: 50%)
file31.117.143.39
QakBot botnet C2 server (confidence level: 50%)
file187.211.117.174
QakBot botnet C2 server (confidence level: 50%)
file201.124.62.185
QakBot botnet C2 server (confidence level: 50%)
file78.19.226.207
QakBot botnet C2 server (confidence level: 50%)
file38.6.177.117
Unknown malware botnet C2 server (confidence level: 50%)
file3.66.249.70
Meterpreter botnet C2 server (confidence level: 80%)
file45.32.232.31
Pikabot botnet C2 server (confidence level: 100%)
file158.247.196.155
Pikabot botnet C2 server (confidence level: 100%)
file77.83.196.189
IcedID botnet C2 server (confidence level: 75%)
file175.178.45.17
Cobalt Strike botnet C2 server (confidence level: 80%)
file192.46.232.181
Cobalt Strike botnet C2 server (confidence level: 100%)
file46.1.103.69
AsyncRAT botnet C2 server (confidence level: 75%)
file46.1.103.69
AsyncRAT botnet C2 server (confidence level: 75%)
file188.241.39.165
Nanocore RAT botnet C2 server (confidence level: 80%)
file68.183.227.107
PoshC2 botnet C2 server (confidence level: 80%)
file104.223.118.109
IcedID botnet C2 server (confidence level: 100%)
file104.248.81.48
IcedID botnet C2 server (confidence level: 80%)
file194.213.18.45
BianLian botnet C2 server (confidence level: 80%)
file45.33.69.35
Pikabot botnet C2 server (confidence level: 100%)
file155.138.132.163
Pikabot botnet C2 server (confidence level: 100%)
file172.232.189.83
Pikabot botnet C2 server (confidence level: 100%)
file172.104.12.76
Pikabot botnet C2 server (confidence level: 100%)
file97.107.131.224
Pikabot botnet C2 server (confidence level: 100%)
file172.232.189.84
Pikabot botnet C2 server (confidence level: 100%)
file3.76.98.45
Sliver botnet C2 server (confidence level: 80%)
file139.162.215.12
Meterpreter botnet C2 server (confidence level: 80%)
file124.221.237.165
Cobalt Strike botnet C2 server (confidence level: 100%)
file91.92.243.43
AsyncRAT botnet C2 server (confidence level: 100%)
file45.76.71.236
Havoc botnet C2 server (confidence level: 100%)
file198.23.227.175
AsyncRAT botnet C2 server (confidence level: 100%)
file91.192.100.22
AsyncRAT botnet C2 server (confidence level: 100%)
file186.168.71.240
AsyncRAT botnet C2 server (confidence level: 100%)
file185.81.157.135
AsyncRAT botnet C2 server (confidence level: 100%)
file185.81.157.236
AsyncRAT botnet C2 server (confidence level: 100%)
file181.235.87.205
AsyncRAT botnet C2 server (confidence level: 100%)
file185.81.157.103
AsyncRAT botnet C2 server (confidence level: 100%)
file187.24.3.145
AsyncRAT botnet C2 server (confidence level: 100%)
file193.23.3.37
AsyncRAT botnet C2 server (confidence level: 100%)
file193.23.3.37
AsyncRAT botnet C2 server (confidence level: 100%)
file81.214.77.85
AsyncRAT botnet C2 server (confidence level: 100%)
file185.81.157.254
AsyncRAT botnet C2 server (confidence level: 100%)
file185.81.157.254
AsyncRAT botnet C2 server (confidence level: 100%)
file185.81.157.254
AsyncRAT botnet C2 server (confidence level: 100%)
file190.28.181.222
AsyncRAT botnet C2 server (confidence level: 100%)
file91.208.92.74
AsyncRAT botnet C2 server (confidence level: 100%)
file186.112.202.44
AsyncRAT botnet C2 server (confidence level: 100%)
file186.112.202.44
AsyncRAT botnet C2 server (confidence level: 100%)
file136.243.151.21
AsyncRAT botnet C2 server (confidence level: 100%)
file223.155.16.150
Quasar RAT botnet C2 server (confidence level: 100%)
file27.158.214.241
Quasar RAT botnet C2 server (confidence level: 100%)
file81.205.110.65
Quasar RAT botnet C2 server (confidence level: 100%)
file109.147.149.255
Quasar RAT botnet C2 server (confidence level: 100%)
file223.155.16.152
Quasar RAT botnet C2 server (confidence level: 100%)
file64.52.80.114
Quasar RAT botnet C2 server (confidence level: 100%)
file223.155.16.149
Quasar RAT botnet C2 server (confidence level: 100%)
file223.155.16.151
Quasar RAT botnet C2 server (confidence level: 100%)
file93.85.85.86
Quasar RAT botnet C2 server (confidence level: 100%)
file64.176.81.70
Quasar RAT botnet C2 server (confidence level: 100%)
file116.103.214.233
Orcus RAT botnet C2 server (confidence level: 100%)
file116.103.214.233
Orcus RAT botnet C2 server (confidence level: 100%)
file116.103.214.233
Orcus RAT botnet C2 server (confidence level: 100%)
file116.103.214.233
Orcus RAT botnet C2 server (confidence level: 100%)
file116.103.214.233
Orcus RAT botnet C2 server (confidence level: 100%)
file185.216.70.238
RisePro botnet C2 server (confidence level: 100%)
file85.209.11.247
RisePro botnet C2 server (confidence level: 100%)
file37.27.22.139
RisePro botnet C2 server (confidence level: 100%)
file185.216.70.233
RisePro botnet C2 server (confidence level: 100%)
file128.140.73.191
RisePro botnet C2 server (confidence level: 100%)
file5.42.92.51
RisePro botnet C2 server (confidence level: 100%)
file152.89.198.49
RisePro botnet C2 server (confidence level: 100%)
file34.124.231.204
Unknown malware botnet C2 server (confidence level: 100%)
file34.124.138.144
Unknown malware botnet C2 server (confidence level: 100%)
file34.28.132.129
Unknown malware botnet C2 server (confidence level: 100%)
file171.250.188.34
Venom RAT botnet C2 server (confidence level: 100%)
file110.92.64.176
Venom RAT botnet C2 server (confidence level: 100%)
file208.64.33.115
Venom RAT botnet C2 server (confidence level: 100%)
file64.40.154.127
Venom RAT botnet C2 server (confidence level: 100%)
file81.28.6.148
Venom RAT botnet C2 server (confidence level: 100%)
file18.166.249.66
Venom RAT botnet C2 server (confidence level: 100%)
file154.204.181.27
Venom RAT botnet C2 server (confidence level: 100%)
file34.121.161.18
Ares botnet C2 server (confidence level: 90%)
file18.211.111.68
Unknown malware botnet C2 server (confidence level: 100%)
file34.194.229.219
Unknown malware botnet C2 server (confidence level: 100%)
file18.213.237.79
Unknown malware botnet C2 server (confidence level: 100%)
file77.53.97.85
DarkComet botnet C2 server (confidence level: 100%)
file154.179.78.37
DarkComet botnet C2 server (confidence level: 100%)
file18.231.93.153
DarkComet botnet C2 server (confidence level: 100%)
file5.252.178.38
ShadowPad botnet C2 server (confidence level: 90%)
file172.233.237.227
Sliver botnet C2 server (confidence level: 90%)
file193.149.176.199
Sliver botnet C2 server (confidence level: 90%)
file173.49.90.229
Sliver botnet C2 server (confidence level: 90%)
file47.116.13.239
Viper RAT botnet C2 server (confidence level: 100%)
file103.186.215.46
Viper RAT botnet C2 server (confidence level: 100%)
file123.60.99.12
Viper RAT botnet C2 server (confidence level: 100%)
file111.230.242.229
Viper RAT botnet C2 server (confidence level: 100%)
file1.92.72.148
Viper RAT botnet C2 server (confidence level: 100%)
file101.200.187.59
Viper RAT botnet C2 server (confidence level: 100%)
file8.130.27.180
Viper RAT botnet C2 server (confidence level: 100%)
file43.143.187.177
Viper RAT botnet C2 server (confidence level: 100%)
file101.200.164.66
Viper RAT botnet C2 server (confidence level: 100%)
file43.142.177.236
Viper RAT botnet C2 server (confidence level: 100%)
file23.95.85.102
Viper RAT botnet C2 server (confidence level: 100%)
file1.94.51.173
Viper RAT botnet C2 server (confidence level: 100%)
file8.131.50.94
Viper RAT botnet C2 server (confidence level: 100%)
file156.224.27.167
Ghost RAT botnet C2 server (confidence level: 75%)
file121.22.243.241
Ghost RAT botnet C2 server (confidence level: 75%)
file47.116.79.79
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.140.184.64
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.196.200.178
Cobalt Strike botnet C2 server (confidence level: 100%)
file1.14.46.82
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.92.116.209
Cobalt Strike botnet C2 server (confidence level: 100%)
file104.219.209.175
Cobalt Strike botnet C2 server (confidence level: 100%)
file149.28.145.175
Cobalt Strike botnet C2 server (confidence level: 100%)
file110.41.32.218
Cobalt Strike botnet C2 server (confidence level: 100%)
file149.88.77.120
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.186.215.46
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.138.16.196
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.91.168.253
Cobalt Strike botnet C2 server (confidence level: 100%)
file111.230.198.166
Cobalt Strike botnet C2 server (confidence level: 100%)
file111.230.198.166
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.97.6.61
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.120.48.10
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.120.48.10
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.221.38.104
Cobalt Strike botnet C2 server (confidence level: 100%)
file134.122.75.115
Cobalt Strike botnet C2 server (confidence level: 100%)
file134.175.121.178
Cobalt Strike botnet C2 server (confidence level: 100%)
file159.75.252.21
Cobalt Strike botnet C2 server (confidence level: 100%)
file195.88.56.36
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.223.58.225
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.54.84.141
Cobalt Strike botnet C2 server (confidence level: 100%)
file54.237.14.58
Cobalt Strike botnet C2 server (confidence level: 100%)
file106.12.124.212
Cobalt Strike botnet C2 server (confidence level: 100%)
file114.115.180.116
Cobalt Strike botnet C2 server (confidence level: 100%)
file23.94.56.161
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.142.177.236
Cobalt Strike botnet C2 server (confidence level: 100%)
file172.94.104.162
Cobalt Strike botnet C2 server (confidence level: 100%)
file59.110.161.54
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.34.28.84
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.212.15.60
Cobalt Strike botnet C2 server (confidence level: 100%)
file44.193.191.18
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.107.44.15
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.95.37.191
Cobalt Strike botnet C2 server (confidence level: 100%)
file164.155.134.98
Cobalt Strike botnet C2 server (confidence level: 100%)
file16.170.232.194
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.73.125.8
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.103.77.37
Cobalt Strike botnet C2 server (confidence level: 100%)
file107.174.241.206
Cobalt Strike botnet C2 server (confidence level: 100%)
file107.174.241.206
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.100.84.221
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.196.9.120
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.223.197.198
Cobalt Strike botnet C2 server (confidence level: 100%)
file49.232.249.109
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.54.20.236
Cobalt Strike botnet C2 server (confidence level: 100%)
file111.229.106.48
Cobalt Strike botnet C2 server (confidence level: 100%)
file111.229.106.48
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.222.223.144
Cobalt Strike botnet C2 server (confidence level: 100%)
file110.41.158.220
Cobalt Strike botnet C2 server (confidence level: 100%)
file107.173.155.160
Cobalt Strike botnet C2 server (confidence level: 100%)
file207.246.81.130
Cobalt Strike botnet C2 server (confidence level: 100%)
file150.158.45.62
Cobalt Strike botnet C2 server (confidence level: 100%)
file44.200.80.224
Cobalt Strike botnet C2 server (confidence level: 100%)
file3.64.193.204
Sliver botnet C2 server (confidence level: 80%)
file101.35.42.157
Viper RAT botnet C2 server (confidence level: 100%)
file129.226.83.129
Cobalt Strike botnet C2 server (confidence level: 100%)
file146.190.141.158
Cobalt Strike botnet C2 server (confidence level: 100%)
file20.218.243.58
RedLine Stealer botnet C2 server (confidence level: 100%)
file35.205.17.31
Sliver botnet C2 server (confidence level: 80%)
file35.228.89.229
Sliver botnet C2 server (confidence level: 80%)
file77.91.73.70
Quasar RAT botnet C2 server (confidence level: 100%)
file104.36.229.15
BianLian botnet C2 server (confidence level: 50%)
file49.12.245.198
Responder botnet C2 server (confidence level: 50%)
file91.134.141.245
Responder botnet C2 server (confidence level: 50%)
file39.51.188.223
QakBot botnet C2 server (confidence level: 50%)
file2.50.16.180
QakBot botnet C2 server (confidence level: 50%)
file141.11.250.53
Meterpreter botnet C2 server (confidence level: 80%)
file194.169.175.128
RedLine Stealer botnet C2 server (confidence level: 100%)
file146.190.145.40
Cobalt Strike botnet C2 server (confidence level: 100%)
file194.49.94.152
RedLine Stealer botnet C2 server (confidence level: 100%)
file172.111.251.138
Cobalt Strike botnet C2 server (confidence level: 100%)
file175.178.14.59
Cobalt Strike botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash80
Cobalt Strike botnet C2 server (confidence level: 80%)
hash443
Cobalt Strike botnet C2 server (confidence level: 80%)
hash8083
Sliver botnet C2 server (confidence level: 80%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash443
Cobalt Strike botnet C2 server (confidence level: 80%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
ShadowPad botnet C2 server (confidence level: 75%)
hash2376
Sliver botnet C2 server (confidence level: 80%)
hash3050
Remcos botnet C2 server (confidence level: 75%)
hash80
Unknown malware botnet C2 server (confidence level: 80%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash443
BianLian botnet C2 server (confidence level: 80%)
hash443
Cobalt Strike botnet C2 server (confidence level: 80%)
hash9443
BianLian botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash995
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash2222
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash995
QakBot botnet C2 server (confidence level: 50%)
hash2222
QakBot botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash13782
Pikabot botnet C2 server (confidence level: 100%)
hash9785
Pikabot botnet C2 server (confidence level: 100%)
hash80
IcedID botnet C2 server (confidence level: 75%)
hash7777
Cobalt Strike botnet C2 server (confidence level: 80%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4263
AsyncRAT botnet C2 server (confidence level: 75%)
hash7355
AsyncRAT botnet C2 server (confidence level: 75%)
hash54984
Nanocore RAT botnet C2 server (confidence level: 80%)
hash444
PoshC2 botnet C2 server (confidence level: 80%)
hash443
IcedID botnet C2 server (confidence level: 100%)
hash443
IcedID botnet C2 server (confidence level: 80%)
hash8443
BianLian botnet C2 server (confidence level: 80%)
hash5242
Pikabot botnet C2 server (confidence level: 100%)
hash13786
Pikabot botnet C2 server (confidence level: 100%)
hash5243
Pikabot botnet C2 server (confidence level: 100%)
hash5242
Pikabot botnet C2 server (confidence level: 100%)
hash13782
Pikabot botnet C2 server (confidence level: 100%)
hash23399
Pikabot botnet C2 server (confidence level: 100%)
hash2376
Sliver botnet C2 server (confidence level: 80%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash7719
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash8880
AsyncRAT botnet C2 server (confidence level: 100%)
hash8000
AsyncRAT botnet C2 server (confidence level: 100%)
hash2404
AsyncRAT botnet C2 server (confidence level: 100%)
hash2525
AsyncRAT botnet C2 server (confidence level: 100%)
hash4444
AsyncRAT botnet C2 server (confidence level: 100%)
hash2404
AsyncRAT botnet C2 server (confidence level: 100%)
hash2222
AsyncRAT botnet C2 server (confidence level: 100%)
hash8888
AsyncRAT botnet C2 server (confidence level: 100%)
hash4003
AsyncRAT botnet C2 server (confidence level: 100%)
hash4545
AsyncRAT botnet C2 server (confidence level: 100%)
hash57
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash2000
AsyncRAT botnet C2 server (confidence level: 100%)
hash4444
AsyncRAT botnet C2 server (confidence level: 100%)
hash2404
AsyncRAT botnet C2 server (confidence level: 100%)
hash8888
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
AsyncRAT botnet C2 server (confidence level: 100%)
hash23333
Quasar RAT botnet C2 server (confidence level: 100%)
hash52516
Quasar RAT botnet C2 server (confidence level: 100%)
hash4783
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash23333
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash23333
Quasar RAT botnet C2 server (confidence level: 100%)
hash23333
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash9090
Quasar RAT botnet C2 server (confidence level: 100%)
hash21
Orcus RAT botnet C2 server (confidence level: 100%)
hash1024
Orcus RAT botnet C2 server (confidence level: 100%)
hash8080
Orcus RAT botnet C2 server (confidence level: 100%)
hash9025
Orcus RAT botnet C2 server (confidence level: 100%)
hash42132
Orcus RAT botnet C2 server (confidence level: 100%)
hash8081
RisePro botnet C2 server (confidence level: 100%)
hash8081
RisePro botnet C2 server (confidence level: 100%)
hash8081
RisePro botnet C2 server (confidence level: 100%)
hash8081
RisePro botnet C2 server (confidence level: 100%)
hash8081
RisePro botnet C2 server (confidence level: 100%)
hash8081
RisePro botnet C2 server (confidence level: 100%)
hash8081
RisePro botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8000
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash9090
Venom RAT botnet C2 server (confidence level: 100%)
hash443
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash5900
Ares botnet C2 server (confidence level: 90%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash55554
DarkComet botnet C2 server (confidence level: 100%)
hash443
DarkComet botnet C2 server (confidence level: 100%)
hash12256
DarkComet botnet C2 server (confidence level: 100%)
hash8081
ShadowPad botnet C2 server (confidence level: 90%)
hash31337
Sliver botnet C2 server (confidence level: 90%)
hash31337
Sliver botnet C2 server (confidence level: 90%)
hash31337
Sliver botnet C2 server (confidence level: 90%)
hash60000
Viper RAT botnet C2 server (confidence level: 100%)
hash60000
Viper RAT botnet C2 server (confidence level: 100%)
hash60000
Viper RAT botnet C2 server (confidence level: 100%)
hash60000
Viper RAT botnet C2 server (confidence level: 100%)
hash60000
Viper RAT botnet C2 server (confidence level: 100%)
hash60000
Viper RAT botnet C2 server (confidence level: 100%)
hash60000
Viper RAT botnet C2 server (confidence level: 100%)
hash60000
Viper RAT botnet C2 server (confidence level: 100%)
hash60000
Viper RAT botnet C2 server (confidence level: 100%)
hash60000
Viper RAT botnet C2 server (confidence level: 100%)
hash60000
Viper RAT botnet C2 server (confidence level: 100%)
hash60000
Viper RAT botnet C2 server (confidence level: 100%)
hash60000
Viper RAT botnet C2 server (confidence level: 100%)
hash8000
Ghost RAT botnet C2 server (confidence level: 75%)
hash47779
Ghost RAT botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash60000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8090
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2222
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1222
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash23
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8012
Cobalt Strike botnet C2 server (confidence level: 100%)
hash81
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash7443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8089
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash53
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2096
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4455
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2376
Sliver botnet C2 server (confidence level: 80%)
hash60000
Viper RAT botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8089
Cobalt Strike botnet C2 server (confidence level: 100%)
hash30829
RedLine Stealer botnet C2 server (confidence level: 100%)
hash2376
Sliver botnet C2 server (confidence level: 80%)
hash2376
Sliver botnet C2 server (confidence level: 80%)
hash1488
Quasar RAT botnet C2 server (confidence level: 100%)
hash5101
BianLian botnet C2 server (confidence level: 50%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash995
QakBot botnet C2 server (confidence level: 50%)
hash995
QakBot botnet C2 server (confidence level: 50%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash37853
RedLine Stealer botnet C2 server (confidence level: 100%)
hash53
Cobalt Strike botnet C2 server (confidence level: 100%)
hash19053
RedLine Stealer botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)

Domain

ValueDescriptionCopy
domainwww.theokanegroup.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainrockpython.xyz
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainservice-3s2hxn8v-1308639534.sh.apigw.tencentcs.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww2.eastus.cloudapp.azure.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww1.allegiancefithealth.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaindodovdo.store
IRATA botnet C2 domain (confidence level: 100%)
domainsalesthe.xyz
IRATA botnet C2 domain (confidence level: 100%)
domainsahmane.sbs
IRATA botnet C2 domain (confidence level: 100%)
domained.sahmane.sbs
IRATA botnet C2 domain (confidence level: 100%)
domain7desktop.com
Havoc botnet C2 domain (confidence level: 100%)
domain33095-2.whserv.de
Vidar botnet C2 domain (confidence level: 100%)
domainautoconfig.33095-2.whserv.de
Vidar botnet C2 domain (confidence level: 100%)
domainip-89-38-135-11-82867.vps.hosted-by-mvps.net
Vidar botnet C2 domain (confidence level: 100%)
domainlamp.manuelsterner.de
Vidar botnet C2 domain (confidence level: 100%)
domainvpn.manuelsterner.de
Vidar botnet C2 domain (confidence level: 100%)
domainec2-44-200-80-224.compute-1.amazonaws.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domain192-46-232-181.ip.linodeusercontent.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainms17-010.win-x86.zip
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainec2-54-237-14-58.compute-1.amazonaws.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainctrdfg.cloud
IRATA botnet C2 domain (confidence level: 100%)
domaindrnull.pkmqazreza.workers.dev
IRATA botnet C2 domain (confidence level: 100%)
domainpkmqazreza.workers.dev
IRATA botnet C2 domain (confidence level: 100%)
domainpanel.freeddns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainclients.dnsportal.org
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainec2-3-68-111-52.eu-central-1.compute.amazonaws.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainer.aledlsa.sbs
IRATA botnet C2 domain (confidence level: 100%)
domainaledlsa.sbs
IRATA botnet C2 domain (confidence level: 100%)
domained.sarltma.rest
IRATA botnet C2 domain (confidence level: 100%)
domainsarltma.rest
IRATA botnet C2 domain (confidence level: 100%)
domainiirir.com
IRATA botnet C2 domain (confidence level: 100%)
domainns.manager.moonlighter.space
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainhardcorearrpa.viewdns.net
Cobalt Strike botnet C2 domain (confidence level: 100%)

Threat ID: 68359c9a5d5f0974d01e4595

Added to database: 5/27/2025, 11:06:02 AM

Last enriched: 7/5/2025, 11:10:47 PM

Last updated: 8/17/2025, 4:42:47 AM

Views: 13

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats