ThreatFox IOCs for 2024-02-22
Severity: mediumType: malware
ThreatFox IOCs for 2024-02-22
AI Analysis
Technical Summary
The provided threat information pertains to a malware-related intelligence report titled "ThreatFox IOCs for 2024-02-22," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under the 'osint' product type, indicating that it primarily involves open-source intelligence data rather than a specific software vulnerability or exploit. No specific affected software versions or products are identified, and there are no associated Common Weakness Enumerations (CWEs) or patch links, suggesting that this report does not describe a newly discovered vulnerability or a direct exploit but rather focuses on the dissemination of threat intelligence indicators related to malware activity. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, which may imply moderate threat severity with a higher likelihood of distribution or spread. The absence of known exploits in the wild and the lack of detailed technical indicators or attack vectors limit the ability to assess precise attack mechanisms. The report's classification as 'medium' severity and the TLP (Traffic Light Protocol) white tag indicate that the information is intended for broad sharing without restrictions. Overall, this threat intelligence report appears to be a collection of malware-related IOCs intended to aid detection and response efforts rather than describing an active or novel malware campaign or vulnerability exploitation.
Potential Impact
Given the nature of the report as an OSINT-based IOC collection without specific exploit details or affected software, the direct impact on European organizations is likely limited to the potential for malware infections identified through these indicators. The medium severity rating suggests a moderate risk level, primarily related to detection and mitigation of malware threats rather than catastrophic system compromise. European organizations that rely heavily on threat intelligence feeds and automated detection systems could benefit from integrating these IOCs to enhance their malware detection capabilities. However, without specific details on malware behavior, propagation methods, or targeted sectors, the impact remains generalized. Potential impacts include unauthorized access, data exfiltration, or service disruption if the malware associated with these IOCs is successfully deployed. The lack of known exploits in the wild reduces immediate risk but does not eliminate the possibility of future exploitation or targeted campaigns leveraging these indicators. Organizations in critical infrastructure, finance, and government sectors in Europe should remain vigilant, as these sectors are commonly targeted by malware campaigns and could be indirectly affected if the IOCs correspond to emerging threats.
Mitigation Recommendations
1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) systems and Endpoint Detection and Response (EDR) tools to enhance detection capabilities against the identified malware indicators. 2. Conduct regular threat hunting exercises using these IOCs to proactively identify potential infections or suspicious activities within the network. 3. Maintain up-to-date malware signatures and heuristic detection rules in antivirus and anti-malware solutions to improve identification of related threats. 4. Implement network segmentation and strict access controls to limit malware propagation in case of infection. 5. Educate security teams on the importance of OSINT feeds like ThreatFox and encourage timely consumption and operationalization of such intelligence. 6. Since no patches or specific vulnerabilities are indicated, focus on general best practices such as timely software updates, robust backup strategies, and incident response preparedness. 7. Collaborate with national and European cybersecurity centers (e.g., ENISA) to share and receive updated intelligence related to these IOCs and emerging malware threats.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- domain: amma.myftp.biz
- url: https://45.93.20.145/ywrmzmu3odrmy2q4/
- file: 5.75.162.217
- hash: 43724
- url: https://68.183.111.170/load
- file: 45.148.4.19
- hash: 8888
- file: 159.69.103.8
- hash: 80
- file: 159.69.103.8
- hash: 443
- file: 65.109.242.25
- hash: 80
- file: 65.109.242.25
- hash: 5432
- file: 95.217.31.198
- hash: 80
- file: 49.13.32.193
- hash: 80
- file: 95.217.29.171
- hash: 80
- file: 116.203.3.120
- hash: 80
- file: 193.233.132.21
- hash: 80
- file: 193.233.132.75
- hash: 80
- file: 92.223.106.203
- hash: 12134
- file: 193.233.132.18
- hash: 8081
- file: 193.233.132.235
- hash: 8081
- file: 20.215.188.233
- hash: 8081
- file: 4.233.217.146
- hash: 80
- file: 20.106.172.90
- hash: 80
- file: 91.92.250.128
- hash: 80
- file: 104.129.182.25
- hash: 80
- file: 164.90.169.184
- hash: 31228
- file: 43.139.74.167
- hash: 50034
- file: 103.151.217.93
- hash: 50050
- file: 43.137.5.20
- hash: 8888
- file: 5.188.87.36
- hash: 36543
- file: 161.35.203.116
- hash: 50050
- file: 139.159.197.241
- hash: 50050
- file: 103.28.33.96
- hash: 2023
- file: 185.133.40.202
- hash: 80
- file: 222.186.174.9
- hash: 43268
- file: 147.182.190.27
- hash: 8888
- file: 159.89.204.198
- hash: 8888
- file: 159.89.204.198
- hash: 31337
- file: 103.35.189.93
- hash: 443
- file: 103.35.189.93
- hash: 8443
- file: 193.239.86.189
- hash: 443
- file: 154.246.82.173
- hash: 995
- file: 41.97.43.5
- hash: 443
- file: 41.96.190.102
- hash: 443
- file: 5.42.92.25
- hash: 8848
- file: 165.232.41.54
- hash: 8888
- file: 103.233.11.13
- hash: 8888
- file: 103.233.11.14
- hash: 8888
- file: 64.176.178.205
- hash: 2017
- file: 5.181.80.27
- hash: 3090
- file: 5.181.80.153
- hash: 3090
- file: 5.181.80.116
- hash: 3090
- file: 5.181.80.177
- hash: 3090
- file: 5.181.80.126
- hash: 35769
- file: 185.91.127.216
- hash: 55555
- file: 185.91.127.233
- hash: 56999
- file: 185.91.127.233
- hash: 3778
- file: 37.221.94.43
- hash: 5555
- file: 146.19.191.200
- hash: 69
- file: 45.138.174.72
- hash: 3778
- file: 94.156.8.116
- hash: 43957
- file: 45.142.107.117
- hash: 3549
- file: 91.92.240.13
- hash: 9511
- file: 185.196.10.164
- hash: 59312
- file: 185.196.10.60
- hash: 55655
- file: 185.196.10.139
- hash: 59666
- file: 185.196.9.223
- hash: 1302
- file: 212.102.39.208
- hash: 58095
- url: https://realusatruck.com/api/accounts/v1/basic-accounts/pinned
- domain: realusatruck.com
- file: 173.44.141.86
- hash: 443
- url: https://193.29.56.130/load
- file: 193.29.56.130
- hash: 443
- url: http://124.71.108.110/ptj
- file: 124.71.108.110
- hash: 80
- url: https://43.153.222.28/activity
- url: https://103.191.15.189/match
- url: http://122.51.220.170/ga.js
- url: http://124.222.64.203/en_us/all.js
- url: http://8.142.5.148/dot.gif
- url: https://119.3.12.54:8443/etc.clientlibs/base.min.acshash29ccd0207f7ce847c.js
- url: http://221.150.72.75/match
- url: http://94.156.69.227/en_us/all.js
- url: https://199.195.252.200:9443/__utm.gif
- file: 46.246.12.6
- hash: 2054
- domain: ecuaecua.duckdns.org
- url: https://124.71.108.110/activity
- url: https://45.131.132.55/j.ad
- url: http://45.134.225.247:5555/metro91/admin/1/ppptp.jpg
- url: http://356873cm.nyashtyan.top/nyashsupport.php
- url: http://37.221.65.78:63645
- url: http://chernobyl.fun:63645
- url: http://auth.tesla-alert.com:63645
- url: http://app.tesla-alert.com:63645
- domain: mafiakorea.com
- file: 129.153.86.0
- hash: 8778
- file: 185.158.248.141
- hash: 1344
- file: 37.221.65.78
- hash: 63645
- file: 31.10.67.116
- hash: 5552
- file: 95.216.104.115
- hash: 4328
- url: https://grebiunti.top/live/
- domain: grebiunti.top
- url: https://machineryideas.com/cdn-vs/get.php
- url: https://machineryideas.com/help/zzrgqnaww.php
- domain: 139-162-155-161.ip.linodeusercontent.com
- domain: software.ftoffice.com
- file: 39.105.194.11
- hash: 8088
- file: 59.110.142.91
- hash: 8888
- domain: hr-helpdesk.org
- file: 124.222.114.227
- hash: 80
- file: 47.101.160.122
- hash: 8888
- file: 47.98.214.54
- hash: 443
- file: 175.178.48.91
- hash: 80
- file: 111.92.243.96
- hash: 8080
- file: 94.156.69.227
- hash: 80
- file: 103.191.15.189
- hash: 80
- file: 74.235.199.105
- hash: 80
- file: 74.235.199.105
- hash: 443
- file: 124.223.97.173
- hash: 8000
- file: 118.31.75.32
- hash: 443
- file: 38.60.253.150
- hash: 443
- file: 47.113.195.22
- hash: 80
- file: 101.42.47.72
- hash: 8000
- file: 104.168.54.228
- hash: 80
- file: 23.26.137.225
- hash: 80
- file: 23.26.137.225
- hash: 8181
- file: 5.34.198.105
- hash: 80
- file: 39.104.73.42
- hash: 443
- file: 42.193.178.194
- hash: 55443
- file: 91.92.243.90
- hash: 31337
- file: 216.245.181.105
- hash: 443
- file: 78.40.116.82
- hash: 5005
- file: 172.111.148.12
- hash: 222
- file: 113.174.1.186
- hash: 8080
- file: 181.131.216.198
- hash: 6606
- file: 136.243.111.71
- hash: 5900
- file: 45.88.186.65
- hash: 6606
- file: 91.92.253.26
- hash: 7443
- file: 78.129.165.233
- hash: 7443
- domain: data.iexcom.de
- file: 172.188.29.138
- hash: 80
- file: 91.92.250.168
- hash: 80
- domain: grinevitchnicolas4.fvds.ru
- file: 185.146.157.85
- hash: 80
- domain: 49.183.246.35.bc.googleusercontent.com
- file: 47.128.64.139
- hash: 443
- file: 94.156.69.246
- hash: 8081
- file: 162.222.206.193
- hash: 4782
- file: 3.99.102.8
- hash: 80
- file: 94.156.69.145
- hash: 7539
- domain: the.networkguru.com
- file: 166.88.132.139
- hash: 8443
- file: 52.184.85.209
- hash: 443
- file: 20.56.35.166
- hash: 8443
- file: 107.173.118.89
- hash: 443
- domain: static.77.129.13.49.clients.your-server.de
- domain: recruitis.josefbenjac.cz
- domain: digital20.agriprotechx.com
- file: 91.151.88.209
- hash: 4449
- file: 34.118.33.152
- hash: 5000
- domain: nice-margulis.45-138-16-132.plesk.page
- domain: ec2-54-88-105-125.compute-1.amazonaws.com
- file: 209.141.35.151
- hash: 888
- file: 108.174.198.206
- hash: 80
- file: 45.95.169.135
- hash: 80
- file: 95.216.253.55
- hash: 80
- domain: striperouter.supelle.co
- domain: linkerfunyfile.store
- file: 51.11.25.174
- hash: 443
- file: 219.147.89.12
- hash: 60000
- file: 45.207.58.56
- hash: 60000
- file: 38.54.119.156
- hash: 60000
- file: 39.107.109.9
- hash: 60000
- domain: hwsrv-1126965.hostwindsdns.com
- file: 164.177.30.14
- hash: 3333
- file: 137.184.150.67
- hash: 443
- file: 96.231.143.205
- hash: 443
- file: 34.16.51.172
- hash: 10443
- file: 138.197.13.114
- hash: 3333
- file: 172.187.145.182
- hash: 443
- file: 3.110.14.54
- hash: 443
- file: 54.206.231.185
- hash: 3333
- file: 34.72.103.8
- hash: 3333
- file: 34.118.85.166
- hash: 443
- file: 147.189.175.79
- hash: 443
- file: 103.35.189.93
- hash: 10443
- url: http://yourstudyway.com/w2p/panel/gate.php
- url: https://carritosdelacompra.com/wp-content/themes/twentytwentytwo/nnzknr.php?id=1
- url: https://propertystats.net/wp-content/themes/twentytwentythree/hyhnv3.php?id=1
- url: https://www.erasnetwork.eu/wp-content/themes/twentytwentyfour/dqyzqp.php?id=1
- url: https://www.marioagozzino.it/wp-content/themes/twentytwentyfour/c2hitq.php?id=1
- url: https://osakaimchk.com/wp-content/themes/twentytwentythree/ovqugo.php?id=1
- file: 45.95.169.14
- hash: 9931
- file: 147.185.221.18
- hash: 37064
- domain: training-invasion.gl.at.ply.gg
- url: https://osakaimchk.com/wp-content/themes/twentytwentythree/ovqugo.php?id=1
- url: https://carritosdelacompra.com/wp-content/themes/twentytwentytwo/nnzknr.php?id=1
- url: https://propertystats.net/wp-content/themes/twentytwentythree/hyhnv3.php?id=1
- url: https://www.erasnetwork.eu/wp-content/themes/twentytwentyfour/dqyzqp.php?id=1
- url: https://www.marioagozzino.it/wp-content/themes/twentytwentyfour/c2hitq.php?id=1
- url: https://workstatpasing.com/nationwide_services
- url: https://workstatpasing.com/onmicrosoft
- url: https://cdn.discordapp.com/attachments/1130829539006750833/1210266320600301709/4_npp.8.6.3.portable.x64.zip?ex=65e9ef58&is=65d77a58&hm=355ce0146c75960c9ef4e4fc19289a8260f6e8cc9990192777553fe9e7349d8a&
- url: https://1.94.67.222/push
- url: https://117.50.162.183/ga.js
- url: http://39.106.74.90/cm
- url: https://45.131.132.55/en_us/all.js
- url: http://124.71.108.110/visit.js
- url: http://102.33.76.214:38909/mozi.m
- url: http://190.182.251.4:35039/mozi.m
- file: 24.90.18.97
- hash: 443
- file: 154.247.12.253
- hash: 995
- file: 75.90.82.104
- hash: 995
- file: 154.246.82.173
- hash: 2078
- file: 79.131.125.79
- hash: 2222
- file: 193.35.18.127
- hash: 51321
- url: http://77.91.124.57/eternalhttp2db/longpollvoiddb2server/longpollsecure3bigload/196downloads/32proton/061/imagevmproton/1pipe/dlebigloadcentral/game/50uploadscentral/phpbigload9/externalimageapigeneratoruniversalwordpresslocalcdn.php
- file: 185.196.9.97
- hash: 48795
- file: 185.196.9.97
- hash: 43957
- domain: 79-9-691.581-alps.qyhgroup.com
- url: https://39.104.73.42/__utm.gif
- file: 159.223.220.165
- hash: 443
- url: https://mscs.v1.vscll.com/jquery-3.3.1.min.js
- file: 38.147.172.234
- hash: 443
- url: http://79.137.207.120/generatorexternal9windows/local74/3processor/js/updatebigloadprocess/httptest/uploads9universaltest/trackflower6/pipe0wp/trafficlinegameprovider/publiclocal80/6better9/processorphp/6defaultserver/0javascript/multi8external/5betterrequestlinux/uploadswindowslow/tobigloadmultiflowerasyncwptempdownloads.php
- url: http://mscs.v1.vscll.com:5557/jquery-3.3.1.min.js
ThreatFox IOCs for 2024-02-22
Medium
Published: Thu Feb 22 2024 (02/22/2024, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2024-02-22
AI-Powered Analysis
AILast updated: 06/19/2025, 13:19:16 UTC
Technical Analysis
The provided threat information pertains to a malware-related intelligence report titled "ThreatFox IOCs for 2024-02-22," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under the 'osint' product type, indicating that it primarily involves open-source intelligence data rather than a specific software vulnerability or exploit. No specific affected software versions or products are identified, and there are no associated Common Weakness Enumerations (CWEs) or patch links, suggesting that this report does not describe a newly discovered vulnerability or a direct exploit but rather focuses on the dissemination of threat intelligence indicators related to malware activity. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, which may imply moderate threat severity with a higher likelihood of distribution or spread. The absence of known exploits in the wild and the lack of detailed technical indicators or attack vectors limit the ability to assess precise attack mechanisms. The report's classification as 'medium' severity and the TLP (Traffic Light Protocol) white tag indicate that the information is intended for broad sharing without restrictions. Overall, this threat intelligence report appears to be a collection of malware-related IOCs intended to aid detection and response efforts rather than describing an active or novel malware campaign or vulnerability exploitation.
Potential Impact
Given the nature of the report as an OSINT-based IOC collection without specific exploit details or affected software, the direct impact on European organizations is likely limited to the potential for malware infections identified through these indicators. The medium severity rating suggests a moderate risk level, primarily related to detection and mitigation of malware threats rather than catastrophic system compromise. European organizations that rely heavily on threat intelligence feeds and automated detection systems could benefit from integrating these IOCs to enhance their malware detection capabilities. However, without specific details on malware behavior, propagation methods, or targeted sectors, the impact remains generalized. Potential impacts include unauthorized access, data exfiltration, or service disruption if the malware associated with these IOCs is successfully deployed. The lack of known exploits in the wild reduces immediate risk but does not eliminate the possibility of future exploitation or targeted campaigns leveraging these indicators. Organizations in critical infrastructure, finance, and government sectors in Europe should remain vigilant, as these sectors are commonly targeted by malware campaigns and could be indirectly affected if the IOCs correspond to emerging threats.
Mitigation Recommendations
1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) systems and Endpoint Detection and Response (EDR) tools to enhance detection capabilities against the identified malware indicators. 2. Conduct regular threat hunting exercises using these IOCs to proactively identify potential infections or suspicious activities within the network. 3. Maintain up-to-date malware signatures and heuristic detection rules in antivirus and anti-malware solutions to improve identification of related threats. 4. Implement network segmentation and strict access controls to limit malware propagation in case of infection. 5. Educate security teams on the importance of OSINT feeds like ThreatFox and encourage timely consumption and operationalization of such intelligence. 6. Since no patches or specific vulnerabilities are indicated, focus on general best practices such as timely software updates, robust backup strategies, and incident response preparedness. 7. Collaborate with national and European cybersecurity centers (e.g., ENISA) to share and receive updated intelligence related to these IOCs and emerging malware threats.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- f00e24ba-65f6-41d6-8c88-461f013e09de
- Original Timestamp
- 1708646588
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainamma.myftp.biz | NjRAT botnet C2 domain (confidence level: 75%) | |
domainrealusatruck.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainecuaecua.duckdns.org | NjRAT botnet C2 domain (confidence level: 75%) | |
domainmafiakorea.com | DUCKTAIL botnet C2 domain (confidence level: 100%) | |
domaingrebiunti.top | Unidentified 111 (Latrodectus) botnet C2 domain (confidence level: 100%) | |
domain139-162-155-161.ip.linodeusercontent.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainsoftware.ftoffice.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainhr-helpdesk.org | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaindata.iexcom.de | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaingrinevitchnicolas4.fvds.ru | Hook botnet C2 domain (confidence level: 100%) | |
domain49.183.246.35.bc.googleusercontent.com | Hook botnet C2 domain (confidence level: 100%) | |
domainthe.networkguru.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainstatic.77.129.13.49.clients.your-server.de | Havoc botnet C2 domain (confidence level: 100%) | |
domainrecruitis.josefbenjac.cz | Havoc botnet C2 domain (confidence level: 100%) | |
domaindigital20.agriprotechx.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainnice-margulis.45-138-16-132.plesk.page | Meduza Stealer botnet C2 domain (confidence level: 100%) | |
domainec2-54-88-105-125.compute-1.amazonaws.com | Serpent Stealer botnet C2 domain (confidence level: 100%) | |
domainstriperouter.supelle.co | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainlinkerfunyfile.store | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainhwsrv-1126965.hostwindsdns.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaintraining-invasion.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 75%) | |
domain79-9-691.581-alps.qyhgroup.com | MooBot botnet C2 domain (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://45.93.20.145/ywrmzmu3odrmy2q4/ | Coper botnet C2 (confidence level: 100%) | |
urlhttps://68.183.111.170/load | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://realusatruck.com/api/accounts/v1/basic-accounts/pinned | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://193.29.56.130/load | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://124.71.108.110/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://43.153.222.28/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://103.191.15.189/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://122.51.220.170/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://124.222.64.203/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://8.142.5.148/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://119.3.12.54:8443/etc.clientlibs/base.min.acshash29ccd0207f7ce847c.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://221.150.72.75/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://94.156.69.227/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://199.195.252.200:9443/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://124.71.108.110/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://45.131.132.55/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://45.134.225.247:5555/metro91/admin/1/ppptp.jpg | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://356873cm.nyashtyan.top/nyashsupport.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://37.221.65.78:63645 | Mirai botnet C2 (confidence level: 100%) | |
urlhttp://chernobyl.fun:63645 | Mirai botnet C2 (confidence level: 100%) | |
urlhttp://auth.tesla-alert.com:63645 | Mirai botnet C2 (confidence level: 100%) | |
urlhttp://app.tesla-alert.com:63645 | Mirai botnet C2 (confidence level: 100%) | |
urlhttps://grebiunti.top/live/ | Unidentified 111 (Latrodectus) botnet C2 (confidence level: 100%) | |
urlhttps://machineryideas.com/cdn-vs/get.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://machineryideas.com/help/zzrgqnaww.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://yourstudyway.com/w2p/panel/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttps://carritosdelacompra.com/wp-content/themes/twentytwentytwo/nnzknr.php?id=1 | WikiLoader botnet C2 (confidence level: 100%) | |
urlhttps://propertystats.net/wp-content/themes/twentytwentythree/hyhnv3.php?id=1 | WikiLoader botnet C2 (confidence level: 100%) | |
urlhttps://www.erasnetwork.eu/wp-content/themes/twentytwentyfour/dqyzqp.php?id=1 | WikiLoader botnet C2 (confidence level: 100%) | |
urlhttps://www.marioagozzino.it/wp-content/themes/twentytwentyfour/c2hitq.php?id=1 | WikiLoader botnet C2 (confidence level: 100%) | |
urlhttps://osakaimchk.com/wp-content/themes/twentytwentythree/ovqugo.php?id=1 | WikiLoader botnet C2 (confidence level: 100%) | |
urlhttps://osakaimchk.com/wp-content/themes/twentytwentythree/ovqugo.php?id=1 | WikiLoader botnet C2 (confidence level: 100%) | |
urlhttps://carritosdelacompra.com/wp-content/themes/twentytwentytwo/nnzknr.php?id=1 | WikiLoader botnet C2 (confidence level: 100%) | |
urlhttps://propertystats.net/wp-content/themes/twentytwentythree/hyhnv3.php?id=1 | WikiLoader botnet C2 (confidence level: 100%) | |
urlhttps://www.erasnetwork.eu/wp-content/themes/twentytwentyfour/dqyzqp.php?id=1 | WikiLoader botnet C2 (confidence level: 100%) | |
urlhttps://www.marioagozzino.it/wp-content/themes/twentytwentyfour/c2hitq.php?id=1 | WikiLoader botnet C2 (confidence level: 100%) | |
urlhttps://workstatpasing.com/nationwide_services | WikiLoader payload delivery URL (confidence level: 100%) | |
urlhttps://workstatpasing.com/onmicrosoft | WikiLoader payload delivery URL (confidence level: 100%) | |
urlhttps://cdn.discordapp.com/attachments/1130829539006750833/1210266320600301709/4_npp.8.6.3.portable.x64.zip?ex=65e9ef58&is=65d77a58&hm=355ce0146c75960c9ef4e4fc19289a8260f6e8cc9990192777553fe9e7349d8a& | WikiLoader payload delivery URL (confidence level: 100%) | |
urlhttps://1.94.67.222/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://117.50.162.183/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://39.106.74.90/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://45.131.132.55/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://124.71.108.110/visit.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://102.33.76.214:38909/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttp://190.182.251.4:35039/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttp://77.91.124.57/eternalhttp2db/longpollvoiddb2server/longpollsecure3bigload/196downloads/32proton/061/imagevmproton/1pipe/dlebigloadcentral/game/50uploadscentral/phpbigload9/externalimageapigeneratoruniversalwordpresslocalcdn.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://39.104.73.42/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://mscs.v1.vscll.com/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://79.137.207.120/generatorexternal9windows/local74/3processor/js/updatebigloadprocess/httptest/uploads9universaltest/trackflower6/pipe0wp/trafficlinegameprovider/publiclocal80/6better9/processorphp/6defaultserver/0javascript/multi8external/5betterrequestlinux/uploadswindowslow/tobigloadmultiflowerasyncwptempdownloads.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://mscs.v1.vscll.com:5557/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file5.75.162.217 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file45.148.4.19 | Venom RAT botnet C2 server (confidence level: 80%) | |
file159.69.103.8 | Vidar botnet C2 server (confidence level: 80%) | |
file159.69.103.8 | Vidar botnet C2 server (confidence level: 80%) | |
file65.109.242.25 | Vidar botnet C2 server (confidence level: 80%) | |
file65.109.242.25 | Vidar botnet C2 server (confidence level: 80%) | |
file95.217.31.198 | Vidar botnet C2 server (confidence level: 80%) | |
file49.13.32.193 | Vidar botnet C2 server (confidence level: 80%) | |
file95.217.29.171 | Vidar botnet C2 server (confidence level: 80%) | |
file116.203.3.120 | Vidar botnet C2 server (confidence level: 80%) | |
file193.233.132.21 | RecordBreaker botnet C2 server (confidence level: 80%) | |
file193.233.132.75 | RecordBreaker botnet C2 server (confidence level: 80%) | |
file92.223.106.203 | Orcus RAT botnet C2 server (confidence level: 80%) | |
file193.233.132.18 | RisePro botnet C2 server (confidence level: 80%) | |
file193.233.132.235 | RisePro botnet C2 server (confidence level: 80%) | |
file20.215.188.233 | RisePro botnet C2 server (confidence level: 80%) | |
file4.233.217.146 | Hook botnet C2 server (confidence level: 80%) | |
file20.106.172.90 | Hook botnet C2 server (confidence level: 80%) | |
file91.92.250.128 | Hook botnet C2 server (confidence level: 80%) | |
file104.129.182.25 | Hook botnet C2 server (confidence level: 80%) | |
file164.90.169.184 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file43.139.74.167 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file103.151.217.93 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file43.137.5.20 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file5.188.87.36 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file161.35.203.116 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file139.159.197.241 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file103.28.33.96 | MooBot botnet C2 server (confidence level: 80%) | |
file185.133.40.202 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file222.186.174.9 | NjRAT botnet C2 server (confidence level: 100%) | |
file147.182.190.27 | Sliver botnet C2 server (confidence level: 50%) | |
file159.89.204.198 | Sliver botnet C2 server (confidence level: 50%) | |
file159.89.204.198 | Sliver botnet C2 server (confidence level: 50%) | |
file103.35.189.93 | BianLian botnet C2 server (confidence level: 50%) | |
file103.35.189.93 | BianLian botnet C2 server (confidence level: 50%) | |
file193.239.86.189 | Havoc botnet C2 server (confidence level: 50%) | |
file154.246.82.173 | QakBot botnet C2 server (confidence level: 50%) | |
file41.97.43.5 | QakBot botnet C2 server (confidence level: 50%) | |
file41.96.190.102 | QakBot botnet C2 server (confidence level: 50%) | |
file5.42.92.25 | DCRat botnet C2 server (confidence level: 50%) | |
file165.232.41.54 | Unknown malware botnet C2 server (confidence level: 50%) | |
file103.233.11.13 | Unknown malware botnet C2 server (confidence level: 50%) | |
file103.233.11.14 | Unknown malware botnet C2 server (confidence level: 50%) | |
file64.176.178.205 | Ave Maria botnet C2 server (confidence level: 100%) | |
file5.181.80.27 | Mirai botnet C2 server (confidence level: 100%) | |
file5.181.80.153 | Mirai botnet C2 server (confidence level: 100%) | |
file5.181.80.116 | Mirai botnet C2 server (confidence level: 100%) | |
file5.181.80.177 | Mirai botnet C2 server (confidence level: 100%) | |
file5.181.80.126 | MooBot botnet C2 server (confidence level: 100%) | |
file185.91.127.216 | MooBot botnet C2 server (confidence level: 100%) | |
file185.91.127.233 | MooBot botnet C2 server (confidence level: 100%) | |
file185.91.127.233 | Mirai botnet C2 server (confidence level: 100%) | |
file37.221.94.43 | Mirai botnet C2 server (confidence level: 100%) | |
file146.19.191.200 | Mirai botnet C2 server (confidence level: 100%) | |
file45.138.174.72 | Mirai botnet C2 server (confidence level: 100%) | |
file94.156.8.116 | MooBot botnet C2 server (confidence level: 100%) | |
file45.142.107.117 | Mirai botnet C2 server (confidence level: 100%) | |
file91.92.240.13 | Mirai botnet C2 server (confidence level: 100%) | |
file185.196.10.164 | MooBot botnet C2 server (confidence level: 100%) | |
file185.196.10.60 | MooBot botnet C2 server (confidence level: 100%) | |
file185.196.10.139 | Mirai botnet C2 server (confidence level: 100%) | |
file185.196.9.223 | Mirai botnet C2 server (confidence level: 100%) | |
file212.102.39.208 | MooBot botnet C2 server (confidence level: 50%) | |
file173.44.141.86 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file193.29.56.130 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.71.108.110 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file46.246.12.6 | NjRAT botnet C2 server (confidence level: 100%) | |
file129.153.86.0 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file185.158.248.141 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file37.221.65.78 | Mirai botnet C2 server (confidence level: 75%) | |
file31.10.67.116 | NjRAT botnet C2 server (confidence level: 75%) | |
file95.216.104.115 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file39.105.194.11 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file59.110.142.91 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.222.114.227 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.101.160.122 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.98.214.54 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file175.178.48.91 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.92.243.96 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file94.156.69.227 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.191.15.189 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file74.235.199.105 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file74.235.199.105 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.223.97.173 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.31.75.32 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.60.253.150 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.113.195.22 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.42.47.72 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file104.168.54.228 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.26.137.225 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.26.137.225 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file5.34.198.105 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.104.73.42 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file42.193.178.194 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.92.243.90 | Sliver botnet C2 server (confidence level: 90%) | |
file216.245.181.105 | Sliver botnet C2 server (confidence level: 90%) | |
file78.40.116.82 | Sliver botnet C2 server (confidence level: 90%) | |
file172.111.148.12 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file113.174.1.186 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file181.131.216.198 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file136.243.111.71 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.88.186.65 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file91.92.253.26 | Unknown malware botnet C2 server (confidence level: 100%) | |
file78.129.165.233 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.188.29.138 | Hook botnet C2 server (confidence level: 100%) | |
file91.92.250.168 | Hook botnet C2 server (confidence level: 100%) | |
file185.146.157.85 | Hook botnet C2 server (confidence level: 100%) | |
file47.128.64.139 | Hook botnet C2 server (confidence level: 100%) | |
file94.156.69.246 | RisePro botnet C2 server (confidence level: 100%) | |
file162.222.206.193 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file3.99.102.8 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file94.156.69.145 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file166.88.132.139 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file52.184.85.209 | Havoc botnet C2 server (confidence level: 100%) | |
file20.56.35.166 | Havoc botnet C2 server (confidence level: 100%) | |
file107.173.118.89 | Havoc botnet C2 server (confidence level: 100%) | |
file91.151.88.209 | Venom RAT botnet C2 server (confidence level: 100%) | |
file34.118.33.152 | Unknown malware botnet C2 server (confidence level: 100%) | |
file209.141.35.151 | Kaiji botnet C2 server (confidence level: 100%) | |
file108.174.198.206 | MooBot botnet C2 server (confidence level: 100%) | |
file45.95.169.135 | MooBot botnet C2 server (confidence level: 100%) | |
file95.216.253.55 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.11.25.174 | Unknown malware botnet C2 server (confidence level: 100%) | |
file219.147.89.12 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.207.58.56 | Unknown malware botnet C2 server (confidence level: 100%) | |
file38.54.119.156 | Unknown malware botnet C2 server (confidence level: 100%) | |
file39.107.109.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file164.177.30.14 | Unknown malware botnet C2 server (confidence level: 100%) | |
file137.184.150.67 | Unknown malware botnet C2 server (confidence level: 100%) | |
file96.231.143.205 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.16.51.172 | Unknown malware botnet C2 server (confidence level: 100%) | |
file138.197.13.114 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.187.145.182 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.110.14.54 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.206.231.185 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.72.103.8 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.118.85.166 | Unknown malware botnet C2 server (confidence level: 100%) | |
file147.189.175.79 | Ave Maria botnet C2 server (confidence level: 100%) | |
file103.35.189.93 | BianLian botnet C2 server (confidence level: 100%) | |
file45.95.169.14 | Mirai botnet C2 server (confidence level: 100%) | |
file147.185.221.18 | NjRAT botnet C2 server (confidence level: 75%) | |
file24.90.18.97 | QakBot botnet C2 server (confidence level: 50%) | |
file154.247.12.253 | QakBot botnet C2 server (confidence level: 50%) | |
file75.90.82.104 | QakBot botnet C2 server (confidence level: 50%) | |
file154.246.82.173 | QakBot botnet C2 server (confidence level: 50%) | |
file79.131.125.79 | QakBot botnet C2 server (confidence level: 50%) | |
file193.35.18.127 | Mirai botnet C2 server (confidence level: 100%) | |
file185.196.9.97 | MooBot botnet C2 server (confidence level: 100%) | |
file185.196.9.97 | MooBot botnet C2 server (confidence level: 75%) | |
file159.223.220.165 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.147.172.234 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash43724 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash8888 | Venom RAT botnet C2 server (confidence level: 80%) | |
hash80 | Vidar botnet C2 server (confidence level: 80%) | |
hash443 | Vidar botnet C2 server (confidence level: 80%) | |
hash80 | Vidar botnet C2 server (confidence level: 80%) | |
hash5432 | Vidar botnet C2 server (confidence level: 80%) | |
hash80 | Vidar botnet C2 server (confidence level: 80%) | |
hash80 | Vidar botnet C2 server (confidence level: 80%) | |
hash80 | Vidar botnet C2 server (confidence level: 80%) | |
hash80 | Vidar botnet C2 server (confidence level: 80%) | |
hash80 | RecordBreaker botnet C2 server (confidence level: 80%) | |
hash80 | RecordBreaker botnet C2 server (confidence level: 80%) | |
hash12134 | Orcus RAT botnet C2 server (confidence level: 80%) | |
hash8081 | RisePro botnet C2 server (confidence level: 80%) | |
hash8081 | RisePro botnet C2 server (confidence level: 80%) | |
hash8081 | RisePro botnet C2 server (confidence level: 80%) | |
hash80 | Hook botnet C2 server (confidence level: 80%) | |
hash80 | Hook botnet C2 server (confidence level: 80%) | |
hash80 | Hook botnet C2 server (confidence level: 80%) | |
hash80 | Hook botnet C2 server (confidence level: 80%) | |
hash31228 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash50034 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash36543 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash2023 | MooBot botnet C2 server (confidence level: 80%) | |
hash80 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash43268 | NjRAT botnet C2 server (confidence level: 100%) | |
hash8888 | Sliver botnet C2 server (confidence level: 50%) | |
hash8888 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash443 | BianLian botnet C2 server (confidence level: 50%) | |
hash8443 | BianLian botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash995 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash8848 | DCRat botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash2017 | Ave Maria botnet C2 server (confidence level: 100%) | |
hash3090 | Mirai botnet C2 server (confidence level: 100%) | |
hash3090 | Mirai botnet C2 server (confidence level: 100%) | |
hash3090 | Mirai botnet C2 server (confidence level: 100%) | |
hash3090 | Mirai botnet C2 server (confidence level: 100%) | |
hash35769 | MooBot botnet C2 server (confidence level: 100%) | |
hash55555 | MooBot botnet C2 server (confidence level: 100%) | |
hash56999 | MooBot botnet C2 server (confidence level: 100%) | |
hash3778 | Mirai botnet C2 server (confidence level: 100%) | |
hash5555 | Mirai botnet C2 server (confidence level: 100%) | |
hash69 | Mirai botnet C2 server (confidence level: 100%) | |
hash3778 | Mirai botnet C2 server (confidence level: 100%) | |
hash43957 | MooBot botnet C2 server (confidence level: 100%) | |
hash3549 | Mirai botnet C2 server (confidence level: 100%) | |
hash9511 | Mirai botnet C2 server (confidence level: 100%) | |
hash59312 | MooBot botnet C2 server (confidence level: 100%) | |
hash55655 | MooBot botnet C2 server (confidence level: 100%) | |
hash59666 | Mirai botnet C2 server (confidence level: 100%) | |
hash1302 | Mirai botnet C2 server (confidence level: 100%) | |
hash58095 | MooBot botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2054 | NjRAT botnet C2 server (confidence level: 100%) | |
hash8778 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash1344 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash63645 | Mirai botnet C2 server (confidence level: 75%) | |
hash5552 | NjRAT botnet C2 server (confidence level: 75%) | |
hash4328 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8181 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash55443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 90%) | |
hash443 | Sliver botnet C2 server (confidence level: 90%) | |
hash5005 | Sliver botnet C2 server (confidence level: 90%) | |
hash222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8080 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5900 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Hook botnet C2 server (confidence level: 100%) | |
hash8081 | RisePro botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash80 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash7539 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash5000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash888 | Kaiji botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Ave Maria botnet C2 server (confidence level: 100%) | |
hash10443 | BianLian botnet C2 server (confidence level: 100%) | |
hash9931 | Mirai botnet C2 server (confidence level: 100%) | |
hash37064 | NjRAT botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash995 | QakBot botnet C2 server (confidence level: 50%) | |
hash995 | QakBot botnet C2 server (confidence level: 50%) | |
hash2078 | QakBot botnet C2 server (confidence level: 50%) | |
hash2222 | QakBot botnet C2 server (confidence level: 50%) | |
hash51321 | Mirai botnet C2 server (confidence level: 100%) | |
hash48795 | MooBot botnet C2 server (confidence level: 100%) | |
hash43957 | MooBot botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Threat ID: 682c7abde3e6de8ceb752c4d
Added to database: 5/20/2025, 12:51:09 PM
Last enriched: 6/19/2025, 1:19:16 PM
Last updated: 8/12/2025, 4:01:03 PM
Views: 14
Related Threats
ThreatFox IOCs for 2025-08-17
MediumMalwareMon Aug 18 2025
ThreatFox IOCs for 2025-08-16
MediumMalwareSun Aug 17 2025
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumMalwareSat Aug 16 2025
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.