Skip to main content

ThreatFox IOCs for 2024-01-02

Medium
Published: Tue Jan 02 2024 (01/02/2024, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2024-01-02

AI-Powered Analysis

AILast updated: 06/19/2025, 13:18:34 UTC

Technical Analysis

The provided threat intelligence pertains to a malware-related report titled "ThreatFox IOCs for 2024-01-02," sourced from ThreatFox, an OSINT (Open Source Intelligence) platform. The report is dated January 2, 2024, and is categorized under the 'malware' type with a medium severity rating. However, the technical details and indicators of compromise (IOCs) are minimal, with no specific affected software versions, CWE identifiers, or patch links provided. The threat level is indicated as 2 on an unspecified scale, with analysis and distribution scores of 1 and 3 respectively, suggesting limited analytical depth but moderate distribution potential. No known exploits in the wild have been reported, and no direct technical analysis or behavioral characteristics of the malware are detailed. The absence of IOCs and technical specifics limits the ability to fully characterize the malware's capabilities, infection vectors, or persistence mechanisms. The classification as OSINT implies that this report is primarily a collection or aggregation of publicly available threat data rather than a detailed forensic or reverse engineering analysis. Given these constraints, the threat appears to be in an early or observational stage, possibly serving as a heads-up for security teams to monitor emerging indicators once they become available.

Potential Impact

For European organizations, the impact of this threat is currently limited due to the lack of detailed technical information and absence of known active exploitation. However, the medium severity rating and moderate distribution score indicate a potential for wider dissemination if the malware evolves or if associated IOCs become actionable. European entities relying on OSINT feeds and threat intelligence platforms may experience increased alert volumes or false positives if this malware is integrated into automated detection systems prematurely. The lack of specific affected products or versions means that no particular sector or technology stack in Europe is currently at heightened risk. Nonetheless, organizations with mature cybersecurity operations should remain vigilant, as the malware could target common infrastructure or widely used software in the future. The potential confidentiality, integrity, or availability impacts remain speculative but could escalate if exploitation techniques or payloads are disclosed.

Mitigation Recommendations

Given the limited information, mitigation should focus on enhancing general threat preparedness rather than targeting specific vulnerabilities. European organizations should: 1) Continuously update and tune their threat intelligence ingestion systems to filter and validate new IOCs from ThreatFox and similar OSINT sources to avoid alert fatigue. 2) Maintain robust endpoint detection and response (EDR) capabilities to identify anomalous behaviors that may indicate unknown malware activity. 3) Implement network segmentation and strict access controls to limit lateral movement in case of infection. 4) Conduct regular security awareness training emphasizing cautious handling of unsolicited files or links, as the infection vector is unspecified. 5) Engage in information sharing with sector-specific ISACs (Information Sharing and Analysis Centers) to receive timely updates if further details emerge. 6) Prepare incident response playbooks to rapidly incorporate new threat intelligence once concrete indicators or exploitation methods are identified. These steps go beyond generic advice by focusing on operational readiness and intelligence validation tailored to the evolving nature of this threat.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
f1fe114f-6952-40a0-ae8b-2cb5850acaee
Original Timestamp
1704240186

Indicators of Compromise

Url

ValueDescriptionCopy
urlhttps://thinkforce.com.br:8080
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://209.145.55.141:8080
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://insertrichdedicatewa.pw/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://62.233.50.113/ct93ynsipaklqbk2/
Coper botnet C2 (confidence level: 80%)
urlhttps://kinonlisplazmaoplayor.net/ct93ynsipaklqbk2/
Coper botnet C2 (confidence level: 80%)
urlhttps://kinonlisplazmaoplayor.com/ct93ynsipaklqbk2/
Coper botnet C2 (confidence level: 80%)
urlhttps://kinonlisplazmaoplayor.xyz/ct93ynsipaklqbk2/
Coper botnet C2 (confidence level: 80%)
urlhttps://kinonlisplazmaoplayor.site/ct93ynsipaklqbk2/
Coper botnet C2 (confidence level: 80%)
urlhttps://83.97.73.246/yji0ztqxmwi2zjmw/
Coper botnet C2 (confidence level: 80%)
urlhttps://hppynweyreadaddies.net/yji0ztqxmwi2zjmw/
Coper botnet C2 (confidence level: 80%)
urlhttps://hppynweyreadaddies.com/yji0ztqxmwi2zjmw/
Coper botnet C2 (confidence level: 80%)
urlhttps://hppynweyreadaddies.xyz/yji0ztqxmwi2zjmw/
Coper botnet C2 (confidence level: 80%)
urlhttps://hppynweyreadaddies9.com/yji0ztqxmwi2zjmw/
Coper botnet C2 (confidence level: 80%)
urlhttps://hppynweyreadaddies9.net/yji0ztqxmwi2zjmw/
Coper botnet C2 (confidence level: 80%)
urlhttps://hppynweyreadaddies9.xyz/yji0ztqxmwi2zjmw/
Coper botnet C2 (confidence level: 80%)
urlhttps://hppynweyreadaddies10.net/yji0ztqxmwi2zjmw/
Coper botnet C2 (confidence level: 80%)
urlhttps://hppynweyreadaddies10.xyz/yji0ztqxmwi2zjmw/
Coper botnet C2 (confidence level: 80%)
urlhttps://reviveincapablewew.pw/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://mountainlegislaturel.pw/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://solomaddomededsosfed.net/
Hydra botnet C2 (confidence level: 100%)
urlhttp://haklolgelemezdodses.net/
Hydra botnet C2 (confidence level: 100%)
urlhttp://mnpupdate.sytes.net/icrm/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://718146m.dccrk.top/externaleternalsecureauthgameapilinuxasynctest.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://212.60.21.225/linux0/line3processor/async3process/7bigload/uploads/generatorvideosql/flowerjavascriptprotonexternal/js9javascriptwp/tempsecurelinux/auth/1tempmariadb/1traffic/6/windows2windows/eternalvideocpuprocessasyncpublictempcdntemporary.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://91.92.244.19/ready.apk
SpyNote payload delivery URL (confidence level: 100%)
urlhttp://91.92.244.19/a101.apk
SpyNote payload delivery URL (confidence level: 100%)
urlhttp://91.92.244.19/bahislion.apk
SpyNote payload delivery URL (confidence level: 100%)
urlhttps://5.75.215.64:3001/
Vidar botnet C2 (confidence level: 100%)
urlhttps://142.132.232.235/
Vidar botnet C2 (confidence level: 100%)
urlhttps://116.203.123.207:3001/
Vidar botnet C2 (confidence level: 100%)
urlhttps://65.109.242.109/
Vidar botnet C2 (confidence level: 100%)
urlhttps://116.203.3.205/
Vidar botnet C2 (confidence level: 100%)
urlhttps://116.202.180.148:3001/
Vidar botnet C2 (confidence level: 100%)
urlhttp://1.15.189.30/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://jennifergalvin.com/cdn-vs/get.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://jennifergalvin.com/cache/qzwewmrqqgqnaww.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://jesusanaya.com/getdata.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://101.37.14.112:8989/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://147.78.47.183:82/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.90.247.182/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://116.203.3.205:2024/
Vidar botnet C2 (confidence level: 100%)
urlhttps://t.me/mcfuture
Vidar botnet C2 (confidence level: 100%)
urlhttps://steamcommunity.com/profiles/76561199592921038
Vidar botnet C2 (confidence level: 100%)
urlhttps://jennifergalvin.com
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://jesusanaya.com
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://gxutc2c.com/tmp/index.php
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://mth.com.ua/tmp/index.php
SmokeLoader botnet C2 (confidence level: 75%)
urlhttp://proekt8.ru/tmp/index.php
SmokeLoader botnet C2 (confidence level: 75%)
urlhttps://106.54.209.36/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)

File

ValueDescriptionCopy
file91.92.249.101
Rhadamanthys botnet C2 server (confidence level: 100%)
file101.201.209.38
Cobalt Strike botnet C2 server (confidence level: 80%)
file185.206.184.51
Unknown malware botnet C2 server (confidence level: 80%)
file141.98.10.19
Mirai botnet C2 server (confidence level: 75%)
file8.130.26.42
ShadowPad botnet C2 server (confidence level: 100%)
file185.189.241.254
ShadowPad botnet C2 server (confidence level: 100%)
file185.189.241.209
ShadowPad botnet C2 server (confidence level: 100%)
file110.173.53.162
ShadowPad botnet C2 server (confidence level: 100%)
file52.128.229.100
ShadowPad botnet C2 server (confidence level: 100%)
file45.117.102.174
ShadowPad botnet C2 server (confidence level: 100%)
file194.246.114.4
ShadowPad botnet C2 server (confidence level: 100%)
file43.132.173.7
ShadowPad botnet C2 server (confidence level: 100%)
file110.173.53.162
ShadowPad botnet C2 server (confidence level: 100%)
file175.27.191.226
ShadowPad botnet C2 server (confidence level: 100%)
file122.254.94.69
ShadowPad botnet C2 server (confidence level: 100%)
file45.74.6.175
ShadowPad botnet C2 server (confidence level: 100%)
file8.212.157.140
ShadowPad botnet C2 server (confidence level: 100%)
file185.189.241.254
ShadowPad botnet C2 server (confidence level: 100%)
file8.212.157.140
ShadowPad botnet C2 server (confidence level: 100%)
file45.74.6.14
ShadowPad botnet C2 server (confidence level: 100%)
file45.74.6.175
ShadowPad botnet C2 server (confidence level: 100%)
file107.148.73.109
ShadowPad botnet C2 server (confidence level: 100%)
file23.225.71.115
ShadowPad botnet C2 server (confidence level: 100%)
file8.130.26.42
ShadowPad botnet C2 server (confidence level: 100%)
file8.130.26.42
ShadowPad botnet C2 server (confidence level: 100%)
file141.98.212.38
ShadowPad botnet C2 server (confidence level: 100%)
file23.225.71.115
ShadowPad botnet C2 server (confidence level: 100%)
file107.148.73.109
ShadowPad botnet C2 server (confidence level: 100%)
file141.98.212.38
ShadowPad botnet C2 server (confidence level: 100%)
file143.92.60.54
ShadowPad botnet C2 server (confidence level: 100%)
file185.189.241.209
ShadowPad botnet C2 server (confidence level: 100%)
file52.128.229.101
ShadowPad botnet C2 server (confidence level: 100%)
file34.92.30.54
ShadowPad botnet C2 server (confidence level: 100%)
file20.6.82.79
ShadowPad botnet C2 server (confidence level: 100%)
file194.246.114.4
ShadowPad botnet C2 server (confidence level: 100%)
file35.77.99.82
ShadowPad botnet C2 server (confidence level: 100%)
file52.128.229.102
ShadowPad botnet C2 server (confidence level: 100%)
file194.246.114.4
ShadowPad botnet C2 server (confidence level: 100%)
file156.59.168.116
ShadowPad botnet C2 server (confidence level: 100%)
file156.59.168.116
ShadowPad botnet C2 server (confidence level: 100%)
file43.135.1.200
ShadowPad botnet C2 server (confidence level: 100%)
file34.96.231.241
ShadowPad botnet C2 server (confidence level: 100%)
file52.128.229.99
ShadowPad botnet C2 server (confidence level: 100%)
file52.128.229.98
ShadowPad botnet C2 server (confidence level: 100%)
file34.81.45.231
ShadowPad botnet C2 server (confidence level: 100%)
file34.96.231.241
ShadowPad botnet C2 server (confidence level: 100%)
file52.128.229.102
ShadowPad botnet C2 server (confidence level: 100%)
file103.86.45.200
ShadowPad botnet C2 server (confidence level: 100%)
file103.86.45.200
ShadowPad botnet C2 server (confidence level: 100%)
file156.255.3.7
ShadowPad botnet C2 server (confidence level: 100%)
file149.28.136.218
ShadowPad botnet C2 server (confidence level: 100%)
file107.148.45.172
ShadowPad botnet C2 server (confidence level: 100%)
file3.124.142.205
NjRAT botnet C2 server (confidence level: 100%)
file146.198.234.107
QakBot botnet C2 server (confidence level: 50%)
file109.152.118.186
QakBot botnet C2 server (confidence level: 50%)
file141.164.133.197
QakBot botnet C2 server (confidence level: 50%)
file79.131.126.152
QakBot botnet C2 server (confidence level: 50%)
file78.19.226.168
QakBot botnet C2 server (confidence level: 50%)
file138.207.139.80
QakBot botnet C2 server (confidence level: 50%)
file43.139.66.18
Cobalt Strike botnet C2 server (confidence level: 80%)
file101.37.14.112
Cobalt Strike botnet C2 server (confidence level: 80%)
file18.229.146.63
NjRAT botnet C2 server (confidence level: 100%)
file54.94.248.37
NjRAT botnet C2 server (confidence level: 100%)
file91.224.92.130
Cobalt Strike botnet C2 server (confidence level: 80%)
file38.181.2.11
Cobalt Strike botnet C2 server (confidence level: 100%)
file35.72.79.151
Cobalt Strike botnet C2 server (confidence level: 100%)
file91.92.244.19
SpyNote payload delivery server (confidence level: 100%)
file5.75.215.64
Vidar botnet C2 server (confidence level: 100%)
file142.132.232.235
Vidar botnet C2 server (confidence level: 100%)
file116.203.123.207
Vidar botnet C2 server (confidence level: 100%)
file65.109.242.109
Vidar botnet C2 server (confidence level: 100%)
file116.203.3.205
Vidar botnet C2 server (confidence level: 100%)
file116.202.180.148
Vidar botnet C2 server (confidence level: 100%)
file47.90.247.182
Cobalt Strike botnet C2 server (confidence level: 80%)
file171.5.177.161
Meterpreter botnet C2 server (confidence level: 80%)
file47.113.227.194
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.128.108.176
Cobalt Strike botnet C2 server (confidence level: 100%)
file172.111.218.146
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.105.51.11
Cobalt Strike botnet C2 server (confidence level: 100%)
file42.192.7.3
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.110.253.157
Cobalt Strike botnet C2 server (confidence level: 100%)
file123.57.85.206
Cobalt Strike botnet C2 server (confidence level: 100%)
file107.173.198.230
Cobalt Strike botnet C2 server (confidence level: 100%)
file106.54.209.36
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.43.43.161
Cobalt Strike botnet C2 server (confidence level: 100%)
file49.235.118.128
Cobalt Strike botnet C2 server (confidence level: 100%)
file142.171.26.166
Cobalt Strike botnet C2 server (confidence level: 100%)
file148.135.4.219
Cobalt Strike botnet C2 server (confidence level: 100%)
file107.175.206.29
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.37.117.0
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.155.146.23
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.196.214.125
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.67.34.151
ShadowPad botnet C2 server (confidence level: 90%)
file110.40.139.46
Unknown malware botnet C2 server (confidence level: 100%)
file192.3.1.204
Unknown malware botnet C2 server (confidence level: 100%)
file34.29.228.84
AsyncRAT botnet C2 server (confidence level: 100%)
file135.125.27.218
AsyncRAT botnet C2 server (confidence level: 100%)
file23.225.40.139
AsyncRAT botnet C2 server (confidence level: 100%)
file185.81.157.160
AsyncRAT botnet C2 server (confidence level: 100%)
file47.95.197.160
AsyncRAT botnet C2 server (confidence level: 100%)
file159.89.8.28
Unknown malware botnet C2 server (confidence level: 100%)
file173.249.46.253
Hook botnet C2 server (confidence level: 100%)
file149.28.73.166
Hook botnet C2 server (confidence level: 100%)
file35.189.151.174
Quasar RAT botnet C2 server (confidence level: 100%)
file85.239.53.165
Quasar RAT botnet C2 server (confidence level: 100%)
file118.69.101.91
Quasar RAT botnet C2 server (confidence level: 100%)
file185.216.117.91
Venom RAT botnet C2 server (confidence level: 100%)
file139.84.172.20
PoshC2 botnet C2 server (confidence level: 100%)
file37.114.37.86
Unknown malware botnet C2 server (confidence level: 100%)
file3.235.217.21
Unknown malware botnet C2 server (confidence level: 100%)
file192.227.146.253
Kaiji botnet C2 server (confidence level: 100%)
file14.225.8.224
Unknown malware botnet C2 server (confidence level: 100%)
file14.225.8.224
Unknown malware botnet C2 server (confidence level: 100%)
file116.62.4.161
Unknown malware botnet C2 server (confidence level: 100%)
file104.193.111.41
Unknown malware botnet C2 server (confidence level: 100%)
file157.245.108.186
Unknown malware botnet C2 server (confidence level: 100%)
file16.16.55.90
Unknown malware botnet C2 server (confidence level: 100%)
file195.201.128.148
Unknown malware botnet C2 server (confidence level: 100%)
file35.156.172.252
Unknown malware botnet C2 server (confidence level: 100%)
file52.47.125.228
Unknown malware botnet C2 server (confidence level: 100%)
file146.190.145.47
Unknown malware botnet C2 server (confidence level: 100%)
file191.104.13.54
Unknown malware botnet C2 server (confidence level: 100%)
file13.71.92.195
Unknown malware botnet C2 server (confidence level: 100%)
file52.152.137.179
Unknown malware botnet C2 server (confidence level: 100%)
file20.67.252.59
Unknown malware botnet C2 server (confidence level: 100%)
file3.126.219.65
Unknown malware botnet C2 server (confidence level: 100%)
file3.126.219.65
Unknown malware botnet C2 server (confidence level: 100%)
file67.131.57.133
Bashlite botnet C2 server (confidence level: 90%)
file105.102.20.203
QakBot botnet C2 server (confidence level: 100%)
file116.203.3.205
Vidar botnet C2 server (confidence level: 100%)
file154.40.43.130
Cobalt Strike botnet C2 server (confidence level: 80%)
file141.255.145.138
Nanocore RAT botnet C2 server (confidence level: 80%)
file93.123.85.19
Mirai botnet C2 server (confidence level: 75%)
file38.47.180.5
Unknown malware botnet C2 server (confidence level: 50%)
file37.152.179.33
Deimos botnet C2 server (confidence level: 50%)
file85.215.215.94
Havoc botnet C2 server (confidence level: 50%)
file74.119.194.110
Havoc botnet C2 server (confidence level: 50%)
file193.36.15.247
Responder botnet C2 server (confidence level: 50%)
file2.91.186.255
QakBot botnet C2 server (confidence level: 50%)
file78.100.225.8
QakBot botnet C2 server (confidence level: 50%)
file72.27.144.58
QakBot botnet C2 server (confidence level: 50%)
file87.223.94.2
QakBot botnet C2 server (confidence level: 50%)
file2.50.16.89
QakBot botnet C2 server (confidence level: 50%)
file95.219.196.30
QakBot botnet C2 server (confidence level: 50%)
file34.143.170.184
Meterpreter botnet C2 server (confidence level: 80%)
file35.80.38.180
PoshC2 botnet C2 server (confidence level: 80%)
file195.85.250.247
Nanocore RAT botnet C2 server (confidence level: 80%)
file185.222.58.115
RedLine Stealer botnet C2 server (confidence level: 100%)
file91.215.85.66
SectopRAT botnet C2 server (confidence level: 100%)
file34.95.43.129
Sliver botnet C2 server (confidence level: 80%)

Hash

ValueDescriptionCopy
hash443
Rhadamanthys botnet C2 server (confidence level: 100%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 80%)
hash80
Unknown malware botnet C2 server (confidence level: 80%)
hash59666
Mirai botnet C2 server (confidence level: 75%)
hash80
ShadowPad botnet C2 server (confidence level: 100%)
hash443
ShadowPad botnet C2 server (confidence level: 100%)
hash80
ShadowPad botnet C2 server (confidence level: 100%)
hash443
ShadowPad botnet C2 server (confidence level: 100%)
hash12345
ShadowPad botnet C2 server (confidence level: 100%)
hash80
ShadowPad botnet C2 server (confidence level: 100%)
hash443
ShadowPad botnet C2 server (confidence level: 100%)
hash12345
ShadowPad botnet C2 server (confidence level: 100%)
hash80
ShadowPad botnet C2 server (confidence level: 100%)
hash53
ShadowPad botnet C2 server (confidence level: 100%)
hash8080
ShadowPad botnet C2 server (confidence level: 100%)
hash80
ShadowPad botnet C2 server (confidence level: 100%)
hash80
ShadowPad botnet C2 server (confidence level: 100%)
hash53
ShadowPad botnet C2 server (confidence level: 100%)
hash443
ShadowPad botnet C2 server (confidence level: 100%)
hash80
ShadowPad botnet C2 server (confidence level: 100%)
hash21
ShadowPad botnet C2 server (confidence level: 100%)
hash443
ShadowPad botnet C2 server (confidence level: 100%)
hash8888
ShadowPad botnet C2 server (confidence level: 100%)
hash443
ShadowPad botnet C2 server (confidence level: 100%)
hash12345
ShadowPad botnet C2 server (confidence level: 100%)
hash80
ShadowPad botnet C2 server (confidence level: 100%)
hash12345
ShadowPad botnet C2 server (confidence level: 100%)
hash80
ShadowPad botnet C2 server (confidence level: 100%)
hash8080
ShadowPad botnet C2 server (confidence level: 100%)
hash80
ShadowPad botnet C2 server (confidence level: 100%)
hash443
ShadowPad botnet C2 server (confidence level: 100%)
hash443
ShadowPad botnet C2 server (confidence level: 100%)
hash80
ShadowPad botnet C2 server (confidence level: 100%)
hash443
ShadowPad botnet C2 server (confidence level: 100%)
hash21
ShadowPad botnet C2 server (confidence level: 100%)
hash80
ShadowPad botnet C2 server (confidence level: 100%)
hash12345
ShadowPad botnet C2 server (confidence level: 100%)
hash80
ShadowPad botnet C2 server (confidence level: 100%)
hash443
ShadowPad botnet C2 server (confidence level: 100%)
hash1688
ShadowPad botnet C2 server (confidence level: 100%)
hash53
ShadowPad botnet C2 server (confidence level: 100%)
hash53
ShadowPad botnet C2 server (confidence level: 100%)
hash12345
ShadowPad botnet C2 server (confidence level: 100%)
hash12345
ShadowPad botnet C2 server (confidence level: 100%)
hash443
ShadowPad botnet C2 server (confidence level: 100%)
hash80
ShadowPad botnet C2 server (confidence level: 100%)
hash443
ShadowPad botnet C2 server (confidence level: 100%)
hash53
ShadowPad botnet C2 server (confidence level: 100%)
hash2096
ShadowPad botnet C2 server (confidence level: 100%)
hash443
ShadowPad botnet C2 server (confidence level: 100%)
hash443
ShadowPad botnet C2 server (confidence level: 100%)
hash443
ShadowPad botnet C2 server (confidence level: 100%)
hash13328
NjRAT botnet C2 server (confidence level: 100%)
hash2222
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash2222
QakBot botnet C2 server (confidence level: 50%)
hash2222
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash80
Cobalt Strike botnet C2 server (confidence level: 80%)
hash8989
Cobalt Strike botnet C2 server (confidence level: 80%)
hash13352
NjRAT botnet C2 server (confidence level: 100%)
hash13352
NjRAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 80%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash53
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
SpyNote payload delivery server (confidence level: 100%)
hash3001
Vidar botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash3001
Vidar botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash3001
Vidar botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 80%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash28100
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8082
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash10000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash10101
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
ShadowPad botnet C2 server (confidence level: 90%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash1998
AsyncRAT botnet C2 server (confidence level: 100%)
hash7000
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash777
AsyncRAT botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash443
Quasar RAT botnet C2 server (confidence level: 100%)
hash443
Quasar RAT botnet C2 server (confidence level: 100%)
hash38353
Quasar RAT botnet C2 server (confidence level: 100%)
hash6666
Venom RAT botnet C2 server (confidence level: 100%)
hash443
PoshC2 botnet C2 server (confidence level: 100%)
hash5000
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Kaiji botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash8081
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash9090
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash23
Bashlite botnet C2 server (confidence level: 90%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash2024
Vidar botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 80%)
hash54984
Nanocore RAT botnet C2 server (confidence level: 80%)
hash6281
Mirai botnet C2 server (confidence level: 75%)
hash7443
Unknown malware botnet C2 server (confidence level: 50%)
hash2023
Deimos botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash8888
Havoc botnet C2 server (confidence level: 50%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash995
QakBot botnet C2 server (confidence level: 50%)
hash995
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash995
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash3790
Meterpreter botnet C2 server (confidence level: 80%)
hash8443
PoshC2 botnet C2 server (confidence level: 80%)
hash54984
Nanocore RAT botnet C2 server (confidence level: 80%)
hash55615
RedLine Stealer botnet C2 server (confidence level: 100%)
hash15647
SectopRAT botnet C2 server (confidence level: 100%)
hash2376
Sliver botnet C2 server (confidence level: 80%)

Domain

ValueDescriptionCopy
domainbotnet.bydgoszcz.pl
Mirai botnet C2 domain (confidence level: 75%)
domainnris-d.mqpslop.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainmail.137-184-80-125.cprapid.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainundiny.ru
Hook botnet C2 domain (confidence level: 100%)
domains-paketverfolgung.com
Hook botnet C2 domain (confidence level: 100%)
domainwww.undiny.ru
Hook botnet C2 domain (confidence level: 100%)
domainconspiracynomad.fvds.ru
Hook botnet C2 domain (confidence level: 100%)
domainwww.activelifes.shop
Havoc botnet C2 domain (confidence level: 100%)
domainwww.authenticateoffice.com
Havoc botnet C2 domain (confidence level: 100%)
domaincdn.authenticateoffice.com
Havoc botnet C2 domain (confidence level: 100%)
domainconferencecenters.org
Unknown malware botnet C2 domain (confidence level: 100%)
domainwww.levellivingfield.org
Unknown malware botnet C2 domain (confidence level: 100%)
domainwww.recruitment61.com
SpyNote botnet C2 domain (confidence level: 100%)
domain2.94.223.87.dynamic.jazztel.es
QakBot botnet C2 domain (confidence level: 100%)
domaintechnologgies.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainjenshol.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainsimorten.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaininvestmentgblog.net
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainprotectionek.com
Cobalt Strike botnet C2 domain (confidence level: 100%)

Threat ID: 682c7abce3e6de8ceb74fd95

Added to database: 5/20/2025, 12:51:08 PM

Last enriched: 6/19/2025, 1:18:34 PM

Last updated: 8/17/2025, 7:22:05 AM

Views: 13

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats