Skip to main content

ThreatFox IOCs for 2024-04-19

Medium
Published: Fri Apr 19 2024 (04/19/2024, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2024-04-19

AI-Powered Analysis

AILast updated: 06/18/2025, 19:19:00 UTC

Technical Analysis

The provided threat information pertains to a malware-related report titled "ThreatFox IOCs for 2024-04-19," sourced from ThreatFox, which is a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under "type:osint," indicating that it primarily involves open-source intelligence data rather than a specific malware family or exploit. No specific affected product versions or CWE identifiers are listed, and there are no patch links or known exploits in the wild associated with this threat at the time of publication. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination or visibility within threat intelligence communities. The absence of concrete IOCs or detailed technical indicators limits the ability to perform a deep technical dissection of the malware's behavior, infection vectors, or payload characteristics. Overall, this entry appears to be a general intelligence update or a collection of IOCs related to malware activity observed around April 19, 2024, rather than a description of a novel or actively exploited vulnerability or malware strain.

Potential Impact

Given the lack of specific technical details, affected products, or known exploits, the direct impact on European organizations is currently limited and primarily informational. However, the dissemination of malware-related IOCs can aid threat detection and response efforts. If these IOCs correspond to emerging malware campaigns, European entities could face risks such as data breaches, system compromise, or operational disruption depending on the malware's capabilities once identified and exploited. The medium severity rating suggests a moderate risk level, potentially indicating that while the threat is not immediately critical, it warrants attention to prevent escalation. European organizations relying on open-source intelligence for threat hunting and incident response may benefit from integrating these IOCs into their security monitoring tools. Without specific targeting information, the impact remains generalized but underscores the importance of maintaining vigilance against evolving malware threats.

Mitigation Recommendations

1. Integrate the provided IOCs from ThreatFox into existing Security Information and Event Management (SIEM) systems and Endpoint Detection and Response (EDR) solutions to enhance detection capabilities. 2. Conduct regular threat intelligence updates and correlation exercises to identify any emerging patterns or related malware activity within organizational networks. 3. Employ network segmentation and strict access controls to limit potential malware spread if an infection occurs. 4. Maintain up-to-date endpoint protection platforms with behavioral analysis features to detect unknown or polymorphic malware variants. 5. Train security operations teams to recognize and respond to alerts generated from OSINT-based IOCs, ensuring timely investigation and containment. 6. Since no patches are available, emphasize proactive monitoring and incident response readiness rather than reliance on vulnerability remediation. 7. Collaborate with national and European cybersecurity centers to share intelligence and receive updates on any escalation or exploitation of these IOCs.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
010dc433-a80d-482c-b231-d70a42bcfdd3
Original Timestamp
1713571388

Indicators of Compromise

Url

ValueDescriptionCopy
urlhttp://esdjasd.maxkrnldc.online/l1nc0in.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://a0945069.xsph.ru/l1nc0in.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://91.202.233.180/g88sks2sam/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttp://8.218.236.5:8062/g.pixel
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://43.138.222.123/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://120.46.91.175/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://23.94.169.124:8000/jsbhn.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://8.130.34.85/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://149.104.24.217/jquery-3.7.0.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.installbootstrap.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://minecrafthyipixel.xyz/voiddbproviderserver6/auth/uploads/centralcentralline/7eternal/2_/temp/toupdategameflowertemporary.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://mahdi.intelvpn.site/auth/login
Meduza Stealer botnet C2 (confidence level: 100%)
urlhttp://sam.coinmarketcap-tm.ru/auth/login
Meduza Stealer botnet C2 (confidence level: 100%)
urlhttp://79.137.202.60.sslip.io/auth/login
Meduza Stealer botnet C2 (confidence level: 100%)
urlhttp://it13.intelvpn.site/auth/login
Meduza Stealer botnet C2 (confidence level: 100%)
urlhttp://ftp.huboftest.ir/auth/login
Meduza Stealer botnet C2 (confidence level: 100%)
urlhttp://svma.arcovip.com/auth/login
Meduza Stealer botnet C2 (confidence level: 100%)
urlhttp://79.137.197.154/auth/login
Meduza Stealer botnet C2 (confidence level: 100%)
urlhttp://37.221.93.9/auth/login
Meduza Stealer botnet C2 (confidence level: 100%)
urlhttp://109.120.178.115/auth/login
Meduza Stealer botnet C2 (confidence level: 100%)
urlhttp://79.137.202.152/auth/login
Meduza Stealer botnet C2 (confidence level: 100%)
urlhttp://109.120.176.38/auth/login
Meduza Stealer botnet C2 (confidence level: 100%)
urlhttps://23.94.169.124:8443/jsbhn.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://cuponerachilanga.com/cdn-vs/cache.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://cuponerachilanga.com/help/zewmrgqnw.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://go8et.lol/data.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://94.156.71.108:1604/is-ready
Houdini botnet C2 (confidence level: 100%)
urlhttp://easthoolbook.com:443/sign.mpeg
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://www.megabet303.lol/gnbc/
Formbook botnet C2 (confidence level: 75%)
urlhttp://www.tyaer.com/gnbc/
Formbook botnet C2 (confidence level: 75%)
urlhttp://www.oyoing.com/gnbc/
Formbook botnet C2 (confidence level: 75%)
urlhttp://jemyy.theworkpc.com:5401
Vjw0rm botnet C2 (confidence level: 100%)
urlhttp://94.156.71.108:1604
Houdini botnet C2 (confidence level: 100%)
urlhttp://47.120.39.182:63306/cx
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://47.120.39.182:63306/gs3p
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://co29474.tw1.ru/_defaultwindows.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://a0938829.xsph.ru/e609f91d.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://jxvtcm.cn/complete/pr/h6tcqrwr
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://109.120.178.253/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://zj.court.cn.com/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://172.247.189.234:8443/claim/v5.6/zz1qb9mls
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://106.54.236.42/claim/v5.6/zz1qb9mls
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://173.44.141.234/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://109.107.182.145/externalvm_cpugamewindows.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://94.156.65.182/tomthf/cvghx/five/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)

File

ValueDescriptionCopy
file3.125.209.94
NjRAT botnet C2 server (confidence level: 75%)
file18.158.249.75
NjRAT botnet C2 server (confidence level: 75%)
file3.125.102.39
NjRAT botnet C2 server (confidence level: 75%)
file3.124.142.205
NjRAT botnet C2 server (confidence level: 75%)
file18.158.249.75
NjRAT botnet C2 server (confidence level: 75%)
file3.125.223.134
NjRAT botnet C2 server (confidence level: 75%)
file43.140.251.2
Sliver botnet C2 server (confidence level: 50%)
file121.43.94.2
Deimos botnet C2 server (confidence level: 50%)
file194.87.252.12
Deimos botnet C2 server (confidence level: 50%)
file151.236.16.48
BianLian botnet C2 server (confidence level: 50%)
file20.186.89.88
Havoc botnet C2 server (confidence level: 50%)
file138.197.134.200
Havoc botnet C2 server (confidence level: 50%)
file178.128.134.221
Havoc botnet C2 server (confidence level: 50%)
file194.87.106.163
Havoc botnet C2 server (confidence level: 50%)
file35.89.154.15
Havoc botnet C2 server (confidence level: 50%)
file137.184.61.218
Responder botnet C2 server (confidence level: 50%)
file41.96.151.123
QakBot botnet C2 server (confidence level: 50%)
file46.246.12.2
DCRat botnet C2 server (confidence level: 50%)
file93.95.231.17
Unknown malware botnet C2 server (confidence level: 50%)
file146.56.237.36
Unknown malware botnet C2 server (confidence level: 50%)
file178.128.196.190
Unknown malware botnet C2 server (confidence level: 50%)
file188.166.138.176
Unknown malware botnet C2 server (confidence level: 50%)
file94.156.79.50
Unknown malware botnet C2 server (confidence level: 50%)
file94.131.107.85
Unknown malware botnet C2 server (confidence level: 50%)
file43.138.222.123
Cobalt Strike botnet C2 server (confidence level: 100%)
file194.48.251.9
AsyncRAT botnet C2 server (confidence level: 100%)
file57.128.155.22
XWorm botnet C2 server (confidence level: 100%)
file194.48.251.9
XWorm botnet C2 server (confidence level: 100%)
file194.48.251.9
XWorm botnet C2 server (confidence level: 100%)
file93.123.85.170
Bashlite botnet C2 server (confidence level: 75%)
file204.12.199.30
AsyncRAT botnet C2 server (confidence level: 100%)
file204.12.199.30
AsyncRAT botnet C2 server (confidence level: 75%)
file204.12.199.30
AsyncRAT botnet C2 server (confidence level: 75%)
file8.130.34.85
Cobalt Strike botnet C2 server (confidence level: 100%)
file149.104.24.217
Cobalt Strike botnet C2 server (confidence level: 100%)
file52.37.96.65
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.174.73.85
MooBot botnet C2 server (confidence level: 75%)
file116.203.164.39
Vidar botnet C2 server (confidence level: 80%)
file116.203.164.39
Vidar botnet C2 server (confidence level: 80%)
file78.142.18.109
RisePro botnet C2 server (confidence level: 80%)
file43.136.220.38
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.142.170.25
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.142.170.25
Cobalt Strike botnet C2 server (confidence level: 100%)
file122.51.81.205
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.221.95.96
Cobalt Strike botnet C2 server (confidence level: 100%)
file129.204.169.101
Cobalt Strike botnet C2 server (confidence level: 100%)
file150.158.107.49
Cobalt Strike botnet C2 server (confidence level: 100%)
file150.158.107.49
Cobalt Strike botnet C2 server (confidence level: 100%)
file159.75.111.243
Cobalt Strike botnet C2 server (confidence level: 100%)
file211.159.172.150
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.108.234.47
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.100.244.166
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.101.37.46
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.113.104.226
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.73.124.164
Cobalt Strike botnet C2 server (confidence level: 75%)
file185.73.124.164
Cobalt Strike botnet C2 server (confidence level: 75%)
file185.73.124.164
Cobalt Strike botnet C2 server (confidence level: 75%)
file185.73.124.164
Cobalt Strike botnet C2 server (confidence level: 75%)
file185.73.124.164
Cobalt Strike botnet C2 server (confidence level: 75%)
file185.73.124.164
Cobalt Strike botnet C2 server (confidence level: 75%)
file184.49.69.41
Cobalt Strike botnet C2 server (confidence level: 75%)
file47.113.194.22
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.120.10.216
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.120.12.228
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.37.13.119
Cobalt Strike botnet C2 server (confidence level: 100%)
file120.24.171.139
Cobalt Strike botnet C2 server (confidence level: 100%)
file143.244.162.41
Mirai botnet C2 server (confidence level: 100%)
file121.40.67.130
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.37.41.201
Cobalt Strike botnet C2 server (confidence level: 100%)
file128.199.207.8
Cobalt Strike botnet C2 server (confidence level: 100%)
file157.230.254.3
Cobalt Strike botnet C2 server (confidence level: 100%)
file168.76.120.82
Cobalt Strike botnet C2 server (confidence level: 100%)
file168.76.120.83
Cobalt Strike botnet C2 server (confidence level: 100%)
file168.76.120.84
Cobalt Strike botnet C2 server (confidence level: 100%)
file168.76.120.85
Cobalt Strike botnet C2 server (confidence level: 100%)
file168.76.120.86
Cobalt Strike botnet C2 server (confidence level: 100%)
file168.76.120.114
Cobalt Strike botnet C2 server (confidence level: 100%)
file168.76.120.115
Cobalt Strike botnet C2 server (confidence level: 100%)
file168.76.120.116
Cobalt Strike botnet C2 server (confidence level: 100%)
file168.76.120.118
Cobalt Strike botnet C2 server (confidence level: 100%)
file168.76.120.119
Cobalt Strike botnet C2 server (confidence level: 100%)
file168.76.120.120
Cobalt Strike botnet C2 server (confidence level: 100%)
file168.76.120.121
Cobalt Strike botnet C2 server (confidence level: 100%)
file168.76.120.122
Cobalt Strike botnet C2 server (confidence level: 100%)
file168.76.120.123
Cobalt Strike botnet C2 server (confidence level: 100%)
file168.76.120.124
Cobalt Strike botnet C2 server (confidence level: 100%)
file168.76.120.125
Cobalt Strike botnet C2 server (confidence level: 100%)
file168.76.120.126
Cobalt Strike botnet C2 server (confidence level: 100%)
file168.76.255.27
Cobalt Strike botnet C2 server (confidence level: 100%)
file168.76.120.82
Unknown malware botnet C2 server (confidence level: 100%)
file168.76.120.83
Unknown malware botnet C2 server (confidence level: 100%)
file168.76.120.84
Unknown malware botnet C2 server (confidence level: 100%)
file168.76.120.85
Unknown malware botnet C2 server (confidence level: 100%)
file168.76.120.86
Unknown malware botnet C2 server (confidence level: 100%)
file168.76.120.114
Unknown malware botnet C2 server (confidence level: 100%)
file168.76.120.115
Unknown malware botnet C2 server (confidence level: 100%)
file168.76.120.116
Unknown malware botnet C2 server (confidence level: 100%)
file168.76.120.117
Unknown malware botnet C2 server (confidence level: 100%)
file168.76.120.118
Unknown malware botnet C2 server (confidence level: 100%)
file168.76.120.119
Unknown malware botnet C2 server (confidence level: 100%)
file168.76.120.120
Unknown malware botnet C2 server (confidence level: 100%)
file168.76.120.121
Unknown malware botnet C2 server (confidence level: 100%)
file168.76.120.122
Unknown malware botnet C2 server (confidence level: 100%)
file168.76.120.123
Unknown malware botnet C2 server (confidence level: 100%)
file168.76.120.124
Unknown malware botnet C2 server (confidence level: 100%)
file168.76.120.125
Unknown malware botnet C2 server (confidence level: 100%)
file168.76.120.126
Unknown malware botnet C2 server (confidence level: 100%)
file8.210.32.15
Unknown malware botnet C2 server (confidence level: 100%)
file8.218.8.26
Unknown malware botnet C2 server (confidence level: 100%)
file8.218.21.190
Unknown malware botnet C2 server (confidence level: 100%)
file47.237.26.206
Unknown malware botnet C2 server (confidence level: 100%)
file47.242.4.42
Unknown malware botnet C2 server (confidence level: 100%)
file147.139.7.182
Unknown malware botnet C2 server (confidence level: 100%)
file4.191.74.1
Cobalt Strike botnet C2 server (confidence level: 100%)
file4.191.74.1
Cobalt Strike botnet C2 server (confidence level: 100%)
file20.68.131.221
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.76.178.151
Cobalt Strike botnet C2 server (confidence level: 100%)
file209.222.0.68
Cobalt Strike botnet C2 server (confidence level: 100%)
file89.251.22.32
Cobalt Strike botnet C2 server (confidence level: 100%)
file3.71.70.1
Cobalt Strike botnet C2 server (confidence level: 100%)
file13.40.36.157
Cobalt Strike botnet C2 server (confidence level: 100%)
file18.217.214.178
Cobalt Strike botnet C2 server (confidence level: 100%)
file206.188.197.218
Cobalt Strike botnet C2 server (confidence level: 100%)
file83.97.73.157
Cobalt Strike botnet C2 server (confidence level: 100%)
file83.97.73.157
Cobalt Strike botnet C2 server (confidence level: 100%)
file77.221.151.31
BitRAT botnet C2 server (confidence level: 100%)
file79.132.128.96
Cobalt Strike botnet C2 server (confidence level: 100%)
file79.132.128.96
Cobalt Strike botnet C2 server (confidence level: 100%)
file91.92.255.248
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.88.90.224
AsyncRAT botnet C2 server (confidence level: 100%)
file46.246.80.12
AsyncRAT botnet C2 server (confidence level: 100%)
file87.121.105.252
AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.103.12
AsyncRAT botnet C2 server (confidence level: 100%)
file148.163.101.182
AsyncRAT botnet C2 server (confidence level: 100%)
file172.111.148.95
AsyncRAT botnet C2 server (confidence level: 100%)
file172.111.169.67
AsyncRAT botnet C2 server (confidence level: 100%)
file198.23.227.175
AsyncRAT botnet C2 server (confidence level: 100%)
file196.74.150.120
NjRAT botnet C2 server (confidence level: 100%)
file81.136.90.1
DarkComet botnet C2 server (confidence level: 100%)
file187.135.91.233
DarkComet botnet C2 server (confidence level: 100%)
file187.135.91.233
DarkComet botnet C2 server (confidence level: 100%)
file187.135.91.233
DarkComet botnet C2 server (confidence level: 100%)
file187.135.91.233
DarkComet botnet C2 server (confidence level: 100%)
file187.135.93.204
DarkComet botnet C2 server (confidence level: 100%)
file187.135.117.121
DarkComet botnet C2 server (confidence level: 100%)
file187.135.117.121
DarkComet botnet C2 server (confidence level: 100%)
file187.135.117.121
DarkComet botnet C2 server (confidence level: 100%)
file187.135.117.121
DarkComet botnet C2 server (confidence level: 100%)
file187.135.117.121
DarkComet botnet C2 server (confidence level: 100%)
file108.46.243.201
Quasar RAT botnet C2 server (confidence level: 100%)
file177.102.67.47
Quasar RAT botnet C2 server (confidence level: 100%)
file45.152.64.31
Unknown malware botnet C2 server (confidence level: 100%)
file47.95.158.44
Unknown malware botnet C2 server (confidence level: 100%)
file101.42.51.12
Unknown malware botnet C2 server (confidence level: 100%)
file112.65.51.10
Unknown malware botnet C2 server (confidence level: 100%)
file121.36.248.151
Unknown malware botnet C2 server (confidence level: 100%)
file121.40.222.45
Unknown malware botnet C2 server (confidence level: 100%)
file171.249.233.153
Venom RAT botnet C2 server (confidence level: 100%)
file171.249.233.153
Venom RAT botnet C2 server (confidence level: 100%)
file171.249.233.153
Venom RAT botnet C2 server (confidence level: 100%)
file193.222.96.114
Venom RAT botnet C2 server (confidence level: 100%)
file193.222.96.128
Venom RAT botnet C2 server (confidence level: 100%)
file206.237.6.174
Venom RAT botnet C2 server (confidence level: 100%)
file94.156.71.108
Houdini botnet C2 server (confidence level: 100%)
file109.248.151.106
Vjw0rm botnet C2 server (confidence level: 100%)
file47.120.39.182
Meterpreter botnet C2 server (confidence level: 100%)
file172.96.137.224
Sliver botnet C2 server (confidence level: 50%)
file193.36.119.250
Sliver botnet C2 server (confidence level: 50%)
file45.33.116.110
Unknown malware botnet C2 server (confidence level: 50%)
file138.68.189.254
Unknown malware botnet C2 server (confidence level: 50%)
file62.169.23.231
Deimos botnet C2 server (confidence level: 50%)
file45.121.50.136
BianLian botnet C2 server (confidence level: 50%)
file54.66.9.58
Havoc botnet C2 server (confidence level: 50%)
file101.43.211.59
Havoc botnet C2 server (confidence level: 50%)
file45.153.229.132
Havoc botnet C2 server (confidence level: 50%)
file91.225.218.38
Havoc botnet C2 server (confidence level: 50%)
file34.92.143.66
pupy botnet C2 server (confidence level: 50%)
file77.126.182.204
QakBot botnet C2 server (confidence level: 50%)
file41.97.160.21
QakBot botnet C2 server (confidence level: 50%)
file151.48.149.0
QakBot botnet C2 server (confidence level: 50%)
file187.170.75.34
QakBot botnet C2 server (confidence level: 50%)
file46.246.80.2
DCRat botnet C2 server (confidence level: 50%)
file97.74.89.69
Unknown malware botnet C2 server (confidence level: 50%)
file64.23.216.132
Unknown malware botnet C2 server (confidence level: 50%)
file157.230.222.248
Unknown malware botnet C2 server (confidence level: 50%)
file139.99.64.79
Unknown malware botnet C2 server (confidence level: 50%)
file95.164.117.2
Unknown malware botnet C2 server (confidence level: 50%)
file66.63.188.141
IcedID botnet C2 server (confidence level: 75%)
file185.112.249.13
IcedID botnet C2 server (confidence level: 75%)
file64.227.147.74
IcedID botnet C2 server (confidence level: 75%)
file146.19.143.84
IcedID botnet C2 server (confidence level: 75%)
file91.149.219.102
IcedID botnet C2 server (confidence level: 75%)
file175.178.160.155
Cobalt Strike botnet C2 server (confidence level: 100%)
file109.120.178.253
Cobalt Strike botnet C2 server (confidence level: 100%)
file106.54.236.42
Cobalt Strike botnet C2 server (confidence level: 100%)
file106.54.236.42
Cobalt Strike botnet C2 server (confidence level: 100%)
file173.44.141.234
Cobalt Strike botnet C2 server (confidence level: 100%)
file41.142.212.85
NjRAT botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash17393
NjRAT botnet C2 server (confidence level: 75%)
hash17393
NjRAT botnet C2 server (confidence level: 75%)
hash17393
NjRAT botnet C2 server (confidence level: 75%)
hash15296
NjRAT botnet C2 server (confidence level: 75%)
hash15296
NjRAT botnet C2 server (confidence level: 75%)
hash15296
NjRAT botnet C2 server (confidence level: 75%)
hash9999
Sliver botnet C2 server (confidence level: 50%)
hash4506
Deimos botnet C2 server (confidence level: 50%)
hash4443
Deimos botnet C2 server (confidence level: 50%)
hash47163
BianLian botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash4443
Havoc botnet C2 server (confidence level: 50%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash8000
DCRat botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash80
Unknown malware botnet C2 server (confidence level: 50%)
hash80
Unknown malware botnet C2 server (confidence level: 50%)
hash80
Unknown malware botnet C2 server (confidence level: 50%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8890
AsyncRAT botnet C2 server (confidence level: 100%)
hash8895
XWorm botnet C2 server (confidence level: 100%)
hash8896
XWorm botnet C2 server (confidence level: 100%)
hash8895
XWorm botnet C2 server (confidence level: 100%)
hash0113e2de733ff165934b65c2e2d6c59f6079f6dee668849764e70627bb8be8eb
Stealc payload (confidence level: 75%)
hash7c6543af2eea8ed933e0898bdbcfc642f0c11bece904b366ca939da9e76465eb
Stealc payload (confidence level: 75%)
hashc4b3a3f21ad54d5c3370669ce1ff6c39f2affbaa02fdd42acfbd844c9c4074f9
Stealc payload (confidence level: 75%)
hashc5f3035265a4497f674f9456d768231f4dace3552399e74bb146188a10d61510
Stealc payload (confidence level: 75%)
hash666
Bashlite botnet C2 server (confidence level: 75%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 75%)
hash8808
AsyncRAT botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash29989
MooBot botnet C2 server (confidence level: 75%)
hash80
Vidar botnet C2 server (confidence level: 80%)
hash443
Vidar botnet C2 server (confidence level: 80%)
hash8081
RisePro botnet C2 server (confidence level: 80%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5901
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash60050
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash10000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash10000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash25
Cobalt Strike botnet C2 server (confidence level: 75%)
hash2525
Cobalt Strike botnet C2 server (confidence level: 75%)
hash993
Cobalt Strike botnet C2 server (confidence level: 75%)
hash3389
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash2222
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash23
Mirai botnet C2 server (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 100%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 100%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 100%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 100%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 100%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 100%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 100%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 100%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 100%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 100%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 100%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 100%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 100%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 100%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 100%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 100%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash3306
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash47889
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash14791
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2082
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2083
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444
BitRAT botnet C2 server (confidence level: 100%)
hash81
Cobalt Strike botnet C2 server (confidence level: 100%)
hash444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash88
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2222
AsyncRAT botnet C2 server (confidence level: 100%)
hash2000
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash9999
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash222
AsyncRAT botnet C2 server (confidence level: 100%)
hash2222
AsyncRAT botnet C2 server (confidence level: 100%)
hash8881
AsyncRAT botnet C2 server (confidence level: 100%)
hash10000
NjRAT botnet C2 server (confidence level: 100%)
hash1339
DarkComet botnet C2 server (confidence level: 100%)
hash1933
DarkComet botnet C2 server (confidence level: 100%)
hash2053
DarkComet botnet C2 server (confidence level: 100%)
hash2095
DarkComet botnet C2 server (confidence level: 100%)
hash2096
DarkComet botnet C2 server (confidence level: 100%)
hash2053
DarkComet botnet C2 server (confidence level: 100%)
hash1688
DarkComet botnet C2 server (confidence level: 100%)
hash2003
DarkComet botnet C2 server (confidence level: 100%)
hash2052
DarkComet botnet C2 server (confidence level: 100%)
hash2061
DarkComet botnet C2 server (confidence level: 100%)
hash2083
DarkComet botnet C2 server (confidence level: 100%)
hash8000
Quasar RAT botnet C2 server (confidence level: 100%)
hash5000
Quasar RAT botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash8000
Venom RAT botnet C2 server (confidence level: 100%)
hash9999
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash80
Venom RAT botnet C2 server (confidence level: 100%)
hash1604
Houdini botnet C2 server (confidence level: 100%)
hash5401
Vjw0rm botnet C2 server (confidence level: 100%)
hash63306
Meterpreter botnet C2 server (confidence level: 100%)
hash8081
Sliver botnet C2 server (confidence level: 50%)
hash8888
Sliver botnet C2 server (confidence level: 50%)
hash7443
Unknown malware botnet C2 server (confidence level: 50%)
hash7443
Unknown malware botnet C2 server (confidence level: 50%)
hash443
Deimos botnet C2 server (confidence level: 50%)
hash443
BianLian botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash8443
pupy botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash995
QakBot botnet C2 server (confidence level: 50%)
hash6000
DCRat botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash4000
Unknown malware botnet C2 server (confidence level: 50%)
hash80
Unknown malware botnet C2 server (confidence level: 50%)
hash80
Unknown malware botnet C2 server (confidence level: 50%)
hash80
Unknown malware botnet C2 server (confidence level: 50%)
hash443
IcedID botnet C2 server (confidence level: 75%)
hash443
IcedID botnet C2 server (confidence level: 75%)
hash443
IcedID botnet C2 server (confidence level: 75%)
hash443
IcedID botnet C2 server (confidence level: 75%)
hash443
IcedID botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash10000
NjRAT botnet C2 server (confidence level: 100%)

Domain

ValueDescriptionCopy
domainrootme.xyz
Mirai botnet C2 domain (confidence level: 100%)
domainrooty.shop
Mirai botnet C2 domain (confidence level: 100%)
domainnet-killler.store
MooBot botnet C2 domain (confidence level: 100%)
domainaomacamada.ddns.net
MooBot botnet C2 domain (confidence level: 100%)
domainvisit.startfinishthis.com
Unknown malware botnet C2 domain (confidence level: 50%)
domainxd.ubnutu.cyou
MooBot botnet C2 domain (confidence level: 100%)
domainlon.vani.ovh
MooBot botnet C2 domain (confidence level: 100%)
domainloz.vani.ovh
MooBot botnet C2 domain (confidence level: 100%)
domainnet-killer.ddns.net
MooBot botnet C2 domain (confidence level: 100%)
domainnet-killler.store
MooBot botnet C2 domain (confidence level: 100%)
domainproxy.heleh.vn
MooBot botnet C2 domain (confidence level: 100%)
domainbot.vptmedia.click
MooBot botnet C2 domain (confidence level: 100%)
domainbotnet.paintmc.net
MooBot botnet C2 domain (confidence level: 100%)
domainyeuemvcl.cltxhot.fun
MooBot botnet C2 domain (confidence level: 100%)
domaintest.ravec2.xyz
MooBot botnet C2 domain (confidence level: 100%)
domainwww.installbootstrap.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainservice-33y2vp0r-1303081427.sh.tencentapigw.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaingardeniasupplies.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.megabet303.lol
Formbook botnet C2 domain (confidence level: 75%)
domainwww.tyaer.com
Formbook botnet C2 domain (confidence level: 75%)
domainwww.oyoing.com
Formbook botnet C2 domain (confidence level: 75%)
domainmegabet303.lol
Formbook botnet C2 domain (confidence level: 75%)
domaintyaer.com
Formbook botnet C2 domain (confidence level: 75%)
domainoyoing.com
Formbook botnet C2 domain (confidence level: 75%)
domainjemyy.theworkpc.com
Vjw0rm botnet C2 domain (confidence level: 100%)
domainjxvtcm.cn
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainzj.court.cn.com
Cobalt Strike botnet C2 domain (confidence level: 100%)

Threat ID: 682b7badd3ddd8cef2ebc8eb

Added to database: 5/19/2025, 6:42:53 PM

Last enriched: 6/18/2025, 7:19:00 PM

Last updated: 8/11/2025, 1:21:51 PM

Views: 19

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats