Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

ThreatFox IOCs for 2023-11-15

Medium
Malwaretype:osinttlp:white
Published: Wed Nov 15 2023 (11/15/2023, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2023-11-15

AI-Powered Analysis

AILast updated: 06/18/2025, 08:51:11 UTC

Technical Analysis

The provided threat intelligence pertains to a set of Indicators of Compromise (IOCs) published on November 15, 2023, by ThreatFox, a platform specializing in sharing threat intelligence data. The threat is categorized as malware-related, specifically within the domain of OSINT (Open Source Intelligence), network activity, and payload delivery. However, no specific affected software versions or products are identified, and no direct exploits or vulnerabilities are referenced. The threat level is assessed as medium with a threatLevel score of 2 (on an unspecified scale), indicating a moderate risk. The analysis and distribution scores (1 and 3 respectively) suggest limited detailed analysis but a somewhat broader distribution or presence in the wild. No patches or mitigations are currently available, and no known active exploits have been reported. The absence of concrete technical indicators or CWEs (Common Weakness Enumerations) limits the ability to pinpoint exact attack vectors or malware behavior. The threat appears to be primarily related to the collection and dissemination of OSINT data, possibly involving network-based payload delivery mechanisms, which could be used to facilitate further malicious activity or reconnaissance. Given the TLP (Traffic Light Protocol) white tag, the information is intended for wide distribution without restrictions, implying the threat is not highly sensitive but still relevant for general awareness.

Potential Impact

For European organizations, the impact of this threat is likely to be moderate but should not be underestimated. Since the threat involves OSINT and network activity related to payload delivery, it could be used as a precursor to more targeted attacks such as phishing, malware deployment, or lateral movement within networks. The lack of specific affected products or vulnerabilities suggests that the threat may be opportunistic or generalized rather than highly targeted. However, organizations that rely heavily on open-source intelligence for decision-making or have extensive network exposure could face increased risk of data leakage, reconnaissance by adversaries, or initial compromise vectors. The medium severity indicates potential confidentiality and integrity impacts, especially if payload delivery leads to malware execution. Availability impacts appear less likely given the absence of known exploits or destructive payloads. European entities in sectors with high exposure to network threats, such as finance, critical infrastructure, and government, should be particularly vigilant, as adversaries often leverage OSINT to tailor attacks against these targets.

Mitigation Recommendations

Given the nature of this threat, practical mitigation steps include: 1) Enhancing network monitoring to detect unusual payload delivery attempts or suspicious network activity, leveraging threat intelligence feeds including ThreatFox IOCs when available. 2) Implementing strict egress and ingress filtering to limit exposure to potentially malicious payloads delivered via network channels. 3) Conducting regular OSINT hygiene reviews to minimize publicly available sensitive information that could be exploited by adversaries. 4) Employing sandboxing and behavioral analysis tools to inspect payloads before execution, reducing the risk of malware infection. 5) Training security teams to recognize and respond to early indicators of reconnaissance or payload delivery attempts. 6) Integrating threat intelligence sharing platforms to stay updated on evolving IOCs and adapting defenses accordingly. Since no patches are available, focus should be on detection, prevention, and response capabilities rather than remediation of vulnerabilities.

Affected Countries

GermanyGermany
FranceFrance
United KingdomUnited Kingdom
NetherlandsNetherlands
ItalyItaly
SpainSpain
PolandPoland
Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
fda1b177-04c8-4e52-b20b-35cf3cab9448
Original Timestamp
1700092986

Indicators of Compromise

Url

ValueDescriptionCopy
urlhttp://shohetrc.com/forum/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttp://shohetrc.com/forum/login.php
Amadey botnet C2 (confidence level: 100%)
urlhttp://shohetrc.com/forum/index.php?scr=1
Amadey botnet C2 (confidence level: 100%)
urlhttp://tceducn.com/forum/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttp://tceducn.com/forum/login.php
Amadey botnet C2 (confidence level: 100%)
urlhttp://shohetrc.com/forum/plugins/clip64.dll
Amadey payload delivery URL (confidence level: 100%)
urlhttp://shohetrc.com/forum/plugins/cred64.dll
Amadey payload delivery URL (confidence level: 100%)
urlhttps://planbusiness.com.tr/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttps://planlimited.com.tr/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttps://planultra.com.tr/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttps://octobusiness.com.tr/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttps://businessocto.com.tr/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttps://94.156.68.231/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttps://mmma8291play.xyz/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttps://94.156.68.232/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttps://94.156.68.233/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttps://94.156.68.234/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttps://mmma8291play.net/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttps://mmma8291play.com/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttps://mmma7811play.net/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttps://mmma7811play.xyz/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttps://mmma7811play.com/nmm2yjmyyje4mmmx/
Coper botnet C2 (confidence level: 80%)
urlhttp://amzoneyfotela.net/
Hydra botnet C2 (confidence level: 100%)
urlhttp://aynedfer.net/
Hydra botnet C2 (confidence level: 100%)
urlhttp://terekovenzozsen.net/
Hydra botnet C2 (confidence level: 100%)
urlhttps://8.210.141.104/owa/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://8.210.141.104/ews/2012
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://185.29.10.12/2023/panel/index.php
Azorult botnet C2 (confidence level: 100%)
urlhttps://frensterol.com/yveu/
Pikabot payload delivery URL (confidence level: 100%)
urlhttps://re-tend.com/ud0vh/
Pikabot payload delivery URL (confidence level: 100%)
urlhttp://www.theokanegroup.com/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://92.63.196.45:81/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.40.243.103:8080/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.223.83.171:8055/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.43.49.244:8888/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.117.79.251:88/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://110.42.222.61/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://20.107.244.135/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://110.40.171.243/upload/v7.89/qikqd52kv7
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.129.249.115:65534/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://rockpython.xyz/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://service-3s2hxn8v-1308639534.sh.apigw.tencentcs.com/api/getit
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://121.40.66.171/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://8.219.229.99/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://195.20.16.93/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttps://dodovdo.store/kla/phone.txt
IRATA botnet C2 (confidence level: 100%)
urlhttps://dodovdo.store/kla/log.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://dodovdo.store/
IRATA botnet C2 (confidence level: 100%)
urlhttps://salesthe.xyz/reza/web.txt
IRATA botnet C2 (confidence level: 100%)
urlhttps://salesthe.xyz/reza/log.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://ed.sahmane.sbs//apply.php
IRATA botnet C2 (confidence level: 100%)
urlhttp://91.92.243.151/api/firegate.php
PrivateLoader botnet C2 (confidence level: 100%)
urlhttp://8.130.79.38:5432/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.221.237.165/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.43.170.225:8090/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.37.18.7/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.116.113.9:8887/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://82.157.69.161:8099/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://117.50.176.222:8001/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://ctrdfg.cloud/eblis/grape.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://ctrdfg.cloud/eblis/
IRATA botnet C2 (confidence level: 100%)
urlhttps://ctrdfg.cloud/eblis/strawberry.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://xdpanel.cloud/tools/eblis.json
IRATA botnet C2 (confidence level: 100%)
urlhttps://xdpanel.cloud/tools/
IRATA botnet C2 (confidence level: 100%)
urlhttps://xdpanel.cloud/
IRATA botnet C2 (confidence level: 100%)
urlhttps://jooshorks.pw/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://213.248.43.53/loader/screen/owysn2ysn2ysytasowusodysogmsotysnjqsn2ms
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttp://213.248.43.53/task/owysn2ysn2ysytasowusodysogmsotysnjqsn2ms
RedLine Stealer botnet C2 (confidence level: 100%)
urlhttps://drnull.pkmqazreza.workers.dev/api/-1001983244127?encrypted=true
IRATA botnet C2 (confidence level: 100%)
urlhttps://drnull.pkmqazreza.workers.dev/api/-1001983244127
IRATA botnet C2 (confidence level: 100%)
urlhttps://drnull.pkmqazreza.workers.dev/config/-1001983244127
IRATA botnet C2 (confidence level: 100%)
urlhttps://drnull.pkmqazreza.workers.dev/
IRATA botnet C2 (confidence level: 100%)
urlhttps://dodovdo.store/far/web.txt
IRATA botnet C2 (confidence level: 100%)
urlhttps://dodovdo.store/far/phone.txt
IRATA botnet C2 (confidence level: 100%)
urlhttps://adjj-ir.itsaol.com/in.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://salesthe.xyz/arslan/log.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://salesthe.xyz/arslan/web.txt
IRATA botnet C2 (confidence level: 100%)
urlhttps://dodovdo.store/gold/log.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://dodovdo.store/gold/phone.txt
IRATA botnet C2 (confidence level: 100%)
urlhttp://engrousf.pw/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://er.aledlsa.sbs/%f0%9d%90%a2%f0%9d%90%ab/
IRATA botnet C2 (confidence level: 100%)
urlhttps://er.aledlsa.sbs//apply.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://er.aledlsa.sbs/%f0%9d%90%a2%f0%9d%90%ab/apply.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://salesthe.xyz/kmeran/web.txt
IRATA botnet C2 (confidence level: 100%)
urlhttps://salesthe.xyz/kmeran/log.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://ed.sarltma.rest/
IRATA botnet C2 (confidence level: 100%)
urlhttps://ed.sarltma.rest//rat.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://ed.sarltma.rest/%f0%9d%90%9c%e2%80%8c%e2%80%8c/rat.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://salesthe.xyz/estayls/log.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://salesthe.xyz/estayls/web.txt
IRATA botnet C2 (confidence level: 100%)
urlhttps://www.mediafire.com/file/roa5krtmcmkvszq/cheatgeame.rar/file
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://cutt.ly/ywrf4ghd
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://kurl.ru/baknx
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://softonyxx.com/
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://www.mediafire.com/file/z5bov2gbgti7kse/cheat.zip/file
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://sites.google.com/view/valorant45
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://iirir.com/khodam/log.php
IRATA botnet C2 (confidence level: 100%)
urlhttps://tinyurl.com/mryh33jv
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://iirir.com/khodam/web.txt
IRATA botnet C2 (confidence level: 100%)
urlhttps://www.mediafire.com/file/3a6x11o8uilhi5c/dowloand.rar/file
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://iirir.com/khodam/
IRATA botnet C2 (confidence level: 100%)
urlhttps://www.mediafire.com/file/7bhp93gywcm1gjl/valorant.zip/file
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://kurl.ru/tpqme
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://www.dropbox.com/scl/fi/xnz4fm9l50zx67d9tl21u/launcher.zip?rlkey=nsye76y375ig7d9geraku6x72&dl=1
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://cutt.ly/1wym3o2q
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://tinyurl.com/56mk7pa8
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://kurl.ru/fkwvg
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://tinyurl.com/5ebpnjc8
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://www.mediafire.com/file/0c01oazdhg3vyvj/software_by_nixware_v1.rar
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://cutt.ly/pwyampux
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://cdn.discordapp.com/attachments/950116131354587206/1173339506448015462/setup.rar?ex=65639891&is=65512391&hm=b4b9cb1aae0be535158b8cdce3b740888601274569493a23a0d2a41910ca3c83&
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://www.mediafire.com/file/5706qszapws9a6s/software_by_nixware_v2.rar
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://cdn.discordapp.com/attachments/1173717476106838098/1173717612853743727/killazz_github.zip?ex=6564f8b5&is=655283b5&hm=1d5f5bf5f7a3d968c9ce852cff481262997e3f4014d3f97c6c73798d17fb4bff&
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://www.mediafire.com/file/a758f7iedcl34v8/filesetup.7z/file
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://cdn.discordapp.com/attachments/1170056539550273571/1172900269948936312/installer.zip?ex=6561ff7f&is=654f8a7f&hm=014482ae538b9864fc9113273fb768d47d6fe13dbaea6ebefcef8df8a7931105&
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttp://noladuer.pw/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://hardcorearrpa.viewdns.net/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://175.178.14.59/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.94.43.210:8080/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)

File

ValueDescriptionCopy
file111.230.198.166
Cobalt Strike botnet C2 server (confidence level: 80%)
file101.36.110.122
Cobalt Strike botnet C2 server (confidence level: 80%)
file54.174.89.226
Sliver botnet C2 server (confidence level: 80%)
file83.40.181.55
Meterpreter botnet C2 server (confidence level: 80%)
file65.49.210.124
Cobalt Strike botnet C2 server (confidence level: 80%)
file8.210.141.104
Cobalt Strike botnet C2 server (confidence level: 100%)
file141.164.62.87
ShadowPad botnet C2 server (confidence level: 75%)
file178.190.102.43
Sliver botnet C2 server (confidence level: 80%)
file103.212.81.158
Remcos botnet C2 server (confidence level: 75%)
file52.61.168.199
Unknown malware botnet C2 server (confidence level: 80%)
file45.85.249.39
Meterpreter botnet C2 server (confidence level: 80%)
file34.245.119.31
BianLian botnet C2 server (confidence level: 80%)
file162.14.102.159
Cobalt Strike botnet C2 server (confidence level: 80%)
file54.193.91.232
BianLian botnet C2 server (confidence level: 50%)
file170.64.171.160
Havoc botnet C2 server (confidence level: 50%)
file144.76.182.181
Havoc botnet C2 server (confidence level: 50%)
file34.81.238.204
Responder botnet C2 server (confidence level: 50%)
file3.97.232.186
Responder botnet C2 server (confidence level: 50%)
file54.186.60.102
Responder botnet C2 server (confidence level: 50%)
file24.199.115.140
Responder botnet C2 server (confidence level: 50%)
file154.247.166.34
QakBot botnet C2 server (confidence level: 50%)
file142.154.8.161
QakBot botnet C2 server (confidence level: 50%)
file102.113.158.156
QakBot botnet C2 server (confidence level: 50%)
file31.117.143.39
QakBot botnet C2 server (confidence level: 50%)
file187.211.117.174
QakBot botnet C2 server (confidence level: 50%)
file201.124.62.185
QakBot botnet C2 server (confidence level: 50%)
file78.19.226.207
QakBot botnet C2 server (confidence level: 50%)
file38.6.177.117
Unknown malware botnet C2 server (confidence level: 50%)
file3.66.249.70
Meterpreter botnet C2 server (confidence level: 80%)
file45.32.232.31
Pikabot botnet C2 server (confidence level: 100%)
file158.247.196.155
Pikabot botnet C2 server (confidence level: 100%)
file77.83.196.189
IcedID botnet C2 server (confidence level: 75%)
file175.178.45.17
Cobalt Strike botnet C2 server (confidence level: 80%)
file192.46.232.181
Cobalt Strike botnet C2 server (confidence level: 100%)
file46.1.103.69
AsyncRAT botnet C2 server (confidence level: 75%)
file46.1.103.69
AsyncRAT botnet C2 server (confidence level: 75%)
file188.241.39.165
Nanocore RAT botnet C2 server (confidence level: 80%)
file68.183.227.107
PoshC2 botnet C2 server (confidence level: 80%)
file104.223.118.109
IcedID botnet C2 server (confidence level: 100%)
file104.248.81.48
IcedID botnet C2 server (confidence level: 80%)
file194.213.18.45
BianLian botnet C2 server (confidence level: 80%)
file45.33.69.35
Pikabot botnet C2 server (confidence level: 100%)
file155.138.132.163
Pikabot botnet C2 server (confidence level: 100%)
file172.232.189.83
Pikabot botnet C2 server (confidence level: 100%)
file172.104.12.76
Pikabot botnet C2 server (confidence level: 100%)
file97.107.131.224
Pikabot botnet C2 server (confidence level: 100%)
file172.232.189.84
Pikabot botnet C2 server (confidence level: 100%)
file3.76.98.45
Sliver botnet C2 server (confidence level: 80%)
file139.162.215.12
Meterpreter botnet C2 server (confidence level: 80%)
file124.221.237.165
Cobalt Strike botnet C2 server (confidence level: 100%)
file91.92.243.43
AsyncRAT botnet C2 server (confidence level: 100%)
file45.76.71.236
Havoc botnet C2 server (confidence level: 100%)
file198.23.227.175
AsyncRAT botnet C2 server (confidence level: 100%)
file91.192.100.22
AsyncRAT botnet C2 server (confidence level: 100%)
file186.168.71.240
AsyncRAT botnet C2 server (confidence level: 100%)
file185.81.157.135
AsyncRAT botnet C2 server (confidence level: 100%)
file185.81.157.236
AsyncRAT botnet C2 server (confidence level: 100%)
file181.235.87.205
AsyncRAT botnet C2 server (confidence level: 100%)
file185.81.157.103
AsyncRAT botnet C2 server (confidence level: 100%)
file187.24.3.145
AsyncRAT botnet C2 server (confidence level: 100%)
file193.23.3.37
AsyncRAT botnet C2 server (confidence level: 100%)
file193.23.3.37
AsyncRAT botnet C2 server (confidence level: 100%)
file81.214.77.85
AsyncRAT botnet C2 server (confidence level: 100%)
file185.81.157.254
AsyncRAT botnet C2 server (confidence level: 100%)
file185.81.157.254
AsyncRAT botnet C2 server (confidence level: 100%)
file185.81.157.254
AsyncRAT botnet C2 server (confidence level: 100%)
file190.28.181.222
AsyncRAT botnet C2 server (confidence level: 100%)
file91.208.92.74
AsyncRAT botnet C2 server (confidence level: 100%)
file186.112.202.44
AsyncRAT botnet C2 server (confidence level: 100%)
file186.112.202.44
AsyncRAT botnet C2 server (confidence level: 100%)
file136.243.151.21
AsyncRAT botnet C2 server (confidence level: 100%)
file223.155.16.150
Quasar RAT botnet C2 server (confidence level: 100%)
file27.158.214.241
Quasar RAT botnet C2 server (confidence level: 100%)
file81.205.110.65
Quasar RAT botnet C2 server (confidence level: 100%)
file109.147.149.255
Quasar RAT botnet C2 server (confidence level: 100%)
file223.155.16.152
Quasar RAT botnet C2 server (confidence level: 100%)
file64.52.80.114
Quasar RAT botnet C2 server (confidence level: 100%)
file223.155.16.149
Quasar RAT botnet C2 server (confidence level: 100%)
file223.155.16.151
Quasar RAT botnet C2 server (confidence level: 100%)
file93.85.85.86
Quasar RAT botnet C2 server (confidence level: 100%)
file64.176.81.70
Quasar RAT botnet C2 server (confidence level: 100%)
file116.103.214.233
Orcus RAT botnet C2 server (confidence level: 100%)
file116.103.214.233
Orcus RAT botnet C2 server (confidence level: 100%)
file116.103.214.233
Orcus RAT botnet C2 server (confidence level: 100%)
file116.103.214.233
Orcus RAT botnet C2 server (confidence level: 100%)
file116.103.214.233
Orcus RAT botnet C2 server (confidence level: 100%)
file185.216.70.238
RisePro botnet C2 server (confidence level: 100%)
file85.209.11.247
RisePro botnet C2 server (confidence level: 100%)
file37.27.22.139
RisePro botnet C2 server (confidence level: 100%)
file185.216.70.233
RisePro botnet C2 server (confidence level: 100%)
file128.140.73.191
RisePro botnet C2 server (confidence level: 100%)
file5.42.92.51
RisePro botnet C2 server (confidence level: 100%)
file152.89.198.49
RisePro botnet C2 server (confidence level: 100%)
file34.124.231.204
Unknown malware botnet C2 server (confidence level: 100%)
file34.124.138.144
Unknown malware botnet C2 server (confidence level: 100%)
file34.28.132.129
Unknown malware botnet C2 server (confidence level: 100%)
file171.250.188.34
Venom RAT botnet C2 server (confidence level: 100%)
file110.92.64.176
Venom RAT botnet C2 server (confidence level: 100%)
file208.64.33.115
Venom RAT botnet C2 server (confidence level: 100%)
file64.40.154.127
Venom RAT botnet C2 server (confidence level: 100%)
file81.28.6.148
Venom RAT botnet C2 server (confidence level: 100%)
file18.166.249.66
Venom RAT botnet C2 server (confidence level: 100%)
file154.204.181.27
Venom RAT botnet C2 server (confidence level: 100%)
file34.121.161.18
Ares botnet C2 server (confidence level: 90%)
file18.211.111.68
Unknown malware botnet C2 server (confidence level: 100%)
file34.194.229.219
Unknown malware botnet C2 server (confidence level: 100%)
file18.213.237.79
Unknown malware botnet C2 server (confidence level: 100%)
file77.53.97.85
DarkComet botnet C2 server (confidence level: 100%)
file154.179.78.37
DarkComet botnet C2 server (confidence level: 100%)
file18.231.93.153
DarkComet botnet C2 server (confidence level: 100%)
file5.252.178.38
ShadowPad botnet C2 server (confidence level: 90%)
file172.233.237.227
Sliver botnet C2 server (confidence level: 90%)
file193.149.176.199
Sliver botnet C2 server (confidence level: 90%)
file173.49.90.229
Sliver botnet C2 server (confidence level: 90%)
file47.116.13.239
Viper RAT botnet C2 server (confidence level: 100%)
file103.186.215.46
Viper RAT botnet C2 server (confidence level: 100%)
file123.60.99.12
Viper RAT botnet C2 server (confidence level: 100%)
file111.230.242.229
Viper RAT botnet C2 server (confidence level: 100%)
file1.92.72.148
Viper RAT botnet C2 server (confidence level: 100%)
file101.200.187.59
Viper RAT botnet C2 server (confidence level: 100%)
file8.130.27.180
Viper RAT botnet C2 server (confidence level: 100%)
file43.143.187.177
Viper RAT botnet C2 server (confidence level: 100%)
file101.200.164.66
Viper RAT botnet C2 server (confidence level: 100%)
file43.142.177.236
Viper RAT botnet C2 server (confidence level: 100%)
file23.95.85.102
Viper RAT botnet C2 server (confidence level: 100%)
file1.94.51.173
Viper RAT botnet C2 server (confidence level: 100%)
file8.131.50.94
Viper RAT botnet C2 server (confidence level: 100%)
file156.224.27.167
Ghost RAT botnet C2 server (confidence level: 75%)
file121.22.243.241
Ghost RAT botnet C2 server (confidence level: 75%)
file47.116.79.79
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.140.184.64
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.196.200.178
Cobalt Strike botnet C2 server (confidence level: 100%)
file1.14.46.82
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.92.116.209
Cobalt Strike botnet C2 server (confidence level: 100%)
file104.219.209.175
Cobalt Strike botnet C2 server (confidence level: 100%)
file149.28.145.175
Cobalt Strike botnet C2 server (confidence level: 100%)
file110.41.32.218
Cobalt Strike botnet C2 server (confidence level: 100%)
file149.88.77.120
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.186.215.46
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.138.16.196
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.91.168.253
Cobalt Strike botnet C2 server (confidence level: 100%)
file111.230.198.166
Cobalt Strike botnet C2 server (confidence level: 100%)
file111.230.198.166
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.97.6.61
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.120.48.10
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.120.48.10
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.221.38.104
Cobalt Strike botnet C2 server (confidence level: 100%)
file134.122.75.115
Cobalt Strike botnet C2 server (confidence level: 100%)
file134.175.121.178
Cobalt Strike botnet C2 server (confidence level: 100%)
file159.75.252.21
Cobalt Strike botnet C2 server (confidence level: 100%)
file195.88.56.36
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.223.58.225
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.54.84.141
Cobalt Strike botnet C2 server (confidence level: 100%)
file54.237.14.58
Cobalt Strike botnet C2 server (confidence level: 100%)
file106.12.124.212
Cobalt Strike botnet C2 server (confidence level: 100%)
file114.115.180.116
Cobalt Strike botnet C2 server (confidence level: 100%)
file23.94.56.161
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.142.177.236
Cobalt Strike botnet C2 server (confidence level: 100%)
file172.94.104.162
Cobalt Strike botnet C2 server (confidence level: 100%)
file59.110.161.54
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.34.28.84
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.212.15.60
Cobalt Strike botnet C2 server (confidence level: 100%)
file44.193.191.18
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.107.44.15
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.95.37.191
Cobalt Strike botnet C2 server (confidence level: 100%)
file164.155.134.98
Cobalt Strike botnet C2 server (confidence level: 100%)
file16.170.232.194
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.73.125.8
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.103.77.37
Cobalt Strike botnet C2 server (confidence level: 100%)
file107.174.241.206
Cobalt Strike botnet C2 server (confidence level: 100%)
file107.174.241.206
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.100.84.221
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.196.9.120
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.223.197.198
Cobalt Strike botnet C2 server (confidence level: 100%)
file49.232.249.109
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.54.20.236
Cobalt Strike botnet C2 server (confidence level: 100%)
file111.229.106.48
Cobalt Strike botnet C2 server (confidence level: 100%)
file111.229.106.48
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.222.223.144
Cobalt Strike botnet C2 server (confidence level: 100%)
file110.41.158.220
Cobalt Strike botnet C2 server (confidence level: 100%)
file107.173.155.160
Cobalt Strike botnet C2 server (confidence level: 100%)
file207.246.81.130
Cobalt Strike botnet C2 server (confidence level: 100%)
file150.158.45.62
Cobalt Strike botnet C2 server (confidence level: 100%)
file44.200.80.224
Cobalt Strike botnet C2 server (confidence level: 100%)
file3.64.193.204
Sliver botnet C2 server (confidence level: 80%)
file101.35.42.157
Viper RAT botnet C2 server (confidence level: 100%)
file129.226.83.129
Cobalt Strike botnet C2 server (confidence level: 100%)
file146.190.141.158
Cobalt Strike botnet C2 server (confidence level: 100%)
file20.218.243.58
RedLine Stealer botnet C2 server (confidence level: 100%)
file35.205.17.31
Sliver botnet C2 server (confidence level: 80%)
file35.228.89.229
Sliver botnet C2 server (confidence level: 80%)
file77.91.73.70
Quasar RAT botnet C2 server (confidence level: 100%)
file104.36.229.15
BianLian botnet C2 server (confidence level: 50%)
file49.12.245.198
Responder botnet C2 server (confidence level: 50%)
file91.134.141.245
Responder botnet C2 server (confidence level: 50%)
file39.51.188.223
QakBot botnet C2 server (confidence level: 50%)
file2.50.16.180
QakBot botnet C2 server (confidence level: 50%)
file141.11.250.53
Meterpreter botnet C2 server (confidence level: 80%)
file194.169.175.128
RedLine Stealer botnet C2 server (confidence level: 100%)
file146.190.145.40
Cobalt Strike botnet C2 server (confidence level: 100%)
file194.49.94.152
RedLine Stealer botnet C2 server (confidence level: 100%)
file172.111.251.138
Cobalt Strike botnet C2 server (confidence level: 100%)
file175.178.14.59
Cobalt Strike botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash80
Cobalt Strike botnet C2 server (confidence level: 80%)
hash443
Cobalt Strike botnet C2 server (confidence level: 80%)
hash8083
Sliver botnet C2 server (confidence level: 80%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash443
Cobalt Strike botnet C2 server (confidence level: 80%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
ShadowPad botnet C2 server (confidence level: 75%)
hash2376
Sliver botnet C2 server (confidence level: 80%)
hash3050
Remcos botnet C2 server (confidence level: 75%)
hash80
Unknown malware botnet C2 server (confidence level: 80%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash443
BianLian botnet C2 server (confidence level: 80%)
hash443
Cobalt Strike botnet C2 server (confidence level: 80%)
hash9443
BianLian botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash995
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash2222
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash995
QakBot botnet C2 server (confidence level: 50%)
hash2222
QakBot botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash13782
Pikabot botnet C2 server (confidence level: 100%)
hash9785
Pikabot botnet C2 server (confidence level: 100%)
hash80
IcedID botnet C2 server (confidence level: 75%)
hash7777
Cobalt Strike botnet C2 server (confidence level: 80%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4263
AsyncRAT botnet C2 server (confidence level: 75%)
hash7355
AsyncRAT botnet C2 server (confidence level: 75%)
hash54984
Nanocore RAT botnet C2 server (confidence level: 80%)
hash444
PoshC2 botnet C2 server (confidence level: 80%)
hash443
IcedID botnet C2 server (confidence level: 100%)
hash443
IcedID botnet C2 server (confidence level: 80%)
hash8443
BianLian botnet C2 server (confidence level: 80%)
hash5242
Pikabot botnet C2 server (confidence level: 100%)
hash13786
Pikabot botnet C2 server (confidence level: 100%)
hash5243
Pikabot botnet C2 server (confidence level: 100%)
hash5242
Pikabot botnet C2 server (confidence level: 100%)
hash13782
Pikabot botnet C2 server (confidence level: 100%)
hash23399
Pikabot botnet C2 server (confidence level: 100%)
hash2376
Sliver botnet C2 server (confidence level: 80%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash7719
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash8880
AsyncRAT botnet C2 server (confidence level: 100%)
hash8000
AsyncRAT botnet C2 server (confidence level: 100%)
hash2404
AsyncRAT botnet C2 server (confidence level: 100%)
hash2525
AsyncRAT botnet C2 server (confidence level: 100%)
hash4444
AsyncRAT botnet C2 server (confidence level: 100%)
hash2404
AsyncRAT botnet C2 server (confidence level: 100%)
hash2222
AsyncRAT botnet C2 server (confidence level: 100%)
hash8888
AsyncRAT botnet C2 server (confidence level: 100%)
hash4003
AsyncRAT botnet C2 server (confidence level: 100%)
hash4545
AsyncRAT botnet C2 server (confidence level: 100%)
hash57
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash2000
AsyncRAT botnet C2 server (confidence level: 100%)
hash4444
AsyncRAT botnet C2 server (confidence level: 100%)
hash2404
AsyncRAT botnet C2 server (confidence level: 100%)
hash8888
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
AsyncRAT botnet C2 server (confidence level: 100%)
hash23333
Quasar RAT botnet C2 server (confidence level: 100%)
hash52516
Quasar RAT botnet C2 server (confidence level: 100%)
hash4783
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash23333
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash23333
Quasar RAT botnet C2 server (confidence level: 100%)
hash23333
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash9090
Quasar RAT botnet C2 server (confidence level: 100%)
hash21
Orcus RAT botnet C2 server (confidence level: 100%)
hash1024
Orcus RAT botnet C2 server (confidence level: 100%)
hash8080
Orcus RAT botnet C2 server (confidence level: 100%)
hash9025
Orcus RAT botnet C2 server (confidence level: 100%)
hash42132
Orcus RAT botnet C2 server (confidence level: 100%)
hash8081
RisePro botnet C2 server (confidence level: 100%)
hash8081
RisePro botnet C2 server (confidence level: 100%)
hash8081
RisePro botnet C2 server (confidence level: 100%)
hash8081
RisePro botnet C2 server (confidence level: 100%)
hash8081
RisePro botnet C2 server (confidence level: 100%)
hash8081
RisePro botnet C2 server (confidence level: 100%)
hash8081
RisePro botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8000
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash9090
Venom RAT botnet C2 server (confidence level: 100%)
hash443
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash5900
Ares botnet C2 server (confidence level: 90%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash55554
DarkComet botnet C2 server (confidence level: 100%)
hash443
DarkComet botnet C2 server (confidence level: 100%)
hash12256
DarkComet botnet C2 server (confidence level: 100%)
hash8081
ShadowPad botnet C2 server (confidence level: 90%)
hash31337
Sliver botnet C2 server (confidence level: 90%)
hash31337
Sliver botnet C2 server (confidence level: 90%)
hash31337
Sliver botnet C2 server (confidence level: 90%)
hash60000
Viper RAT botnet C2 server (confidence level: 100%)
hash60000
Viper RAT botnet C2 server (confidence level: 100%)
hash60000
Viper RAT botnet C2 server (confidence level: 100%)
hash60000
Viper RAT botnet C2 server (confidence level: 100%)
hash60000
Viper RAT botnet C2 server (confidence level: 100%)
hash60000
Viper RAT botnet C2 server (confidence level: 100%)
hash60000
Viper RAT botnet C2 server (confidence level: 100%)
hash60000
Viper RAT botnet C2 server (confidence level: 100%)
hash60000
Viper RAT botnet C2 server (confidence level: 100%)
hash60000
Viper RAT botnet C2 server (confidence level: 100%)
hash60000
Viper RAT botnet C2 server (confidence level: 100%)
hash60000
Viper RAT botnet C2 server (confidence level: 100%)
hash60000
Viper RAT botnet C2 server (confidence level: 100%)
hash8000
Ghost RAT botnet C2 server (confidence level: 75%)
hash47779
Ghost RAT botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash60000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8090
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2222
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1222
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash23
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8012
Cobalt Strike botnet C2 server (confidence level: 100%)
hash81
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash7443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8089
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash53
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2096
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4455
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2376
Sliver botnet C2 server (confidence level: 80%)
hash60000
Viper RAT botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8089
Cobalt Strike botnet C2 server (confidence level: 100%)
hash30829
RedLine Stealer botnet C2 server (confidence level: 100%)
hash2376
Sliver botnet C2 server (confidence level: 80%)
hash2376
Sliver botnet C2 server (confidence level: 80%)
hash1488
Quasar RAT botnet C2 server (confidence level: 100%)
hash5101
BianLian botnet C2 server (confidence level: 50%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash995
QakBot botnet C2 server (confidence level: 50%)
hash995
QakBot botnet C2 server (confidence level: 50%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash37853
RedLine Stealer botnet C2 server (confidence level: 100%)
hash53
Cobalt Strike botnet C2 server (confidence level: 100%)
hash19053
RedLine Stealer botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)

Domain

ValueDescriptionCopy
domainwww.theokanegroup.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainrockpython.xyz
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainservice-3s2hxn8v-1308639534.sh.apigw.tencentcs.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww2.eastus.cloudapp.azure.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww1.allegiancefithealth.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaindodovdo.store
IRATA botnet C2 domain (confidence level: 100%)
domainsalesthe.xyz
IRATA botnet C2 domain (confidence level: 100%)
domainsahmane.sbs
IRATA botnet C2 domain (confidence level: 100%)
domained.sahmane.sbs
IRATA botnet C2 domain (confidence level: 100%)
domain7desktop.com
Havoc botnet C2 domain (confidence level: 100%)
domain33095-2.whserv.de
Vidar botnet C2 domain (confidence level: 100%)
domainautoconfig.33095-2.whserv.de
Vidar botnet C2 domain (confidence level: 100%)
domainip-89-38-135-11-82867.vps.hosted-by-mvps.net
Vidar botnet C2 domain (confidence level: 100%)
domainlamp.manuelsterner.de
Vidar botnet C2 domain (confidence level: 100%)
domainvpn.manuelsterner.de
Vidar botnet C2 domain (confidence level: 100%)
domainec2-44-200-80-224.compute-1.amazonaws.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domain192-46-232-181.ip.linodeusercontent.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainms17-010.win-x86.zip
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainec2-54-237-14-58.compute-1.amazonaws.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainctrdfg.cloud
IRATA botnet C2 domain (confidence level: 100%)
domaindrnull.pkmqazreza.workers.dev
IRATA botnet C2 domain (confidence level: 100%)
domainpkmqazreza.workers.dev
IRATA botnet C2 domain (confidence level: 100%)
domainpanel.freeddns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainclients.dnsportal.org
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainec2-3-68-111-52.eu-central-1.compute.amazonaws.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainer.aledlsa.sbs
IRATA botnet C2 domain (confidence level: 100%)
domainaledlsa.sbs
IRATA botnet C2 domain (confidence level: 100%)
domained.sarltma.rest
IRATA botnet C2 domain (confidence level: 100%)
domainsarltma.rest
IRATA botnet C2 domain (confidence level: 100%)
domainiirir.com
IRATA botnet C2 domain (confidence level: 100%)
domainns.manager.moonlighter.space
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainhardcorearrpa.viewdns.net
Cobalt Strike botnet C2 domain (confidence level: 100%)

Threat ID: 682acdc3bbaf20d303f1bda7

Added to database: 5/19/2025, 6:20:51 AM

Last enriched: 6/18/2025, 8:51:11 AM

Last updated: 8/10/2025, 12:00:16 PM

Views: 10

Related Threats

Efimer Trojan Steals Crypto, Hacks WordPress Sites via Torrents and Phishing

Medium
MalwareWed Aug 13 2025

Silent Watcher: Dissecting Cmimai Stealer's VBS Payload

Medium
MalwareWed Aug 13 2025

CastleLoader Analysis

Medium
MalwareWed Aug 13 2025

The Dark Side of Parental Control Apps

Medium
MalwareWed Aug 13 2025

Uncovering a Web3 Interview Scam

Medium
MalwareWed Aug 13 2025

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats