ThreatFox IOCs for 2024-04-19
Severity: mediumType: malware
ThreatFox IOCs for 2024-04-19
AI Analysis
Technical Summary
The provided threat information pertains to a malware-related report titled "ThreatFox IOCs for 2024-04-19," sourced from ThreatFox, which is a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under "type:osint," indicating that it primarily involves open-source intelligence data rather than a specific malware family or exploit. No specific affected product versions or CWE identifiers are listed, and there are no patch links or known exploits in the wild associated with this threat at the time of publication. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination or visibility within threat intelligence communities. The absence of concrete IOCs or detailed technical indicators limits the ability to perform a deep technical dissection of the malware's behavior, infection vectors, or payload characteristics. Overall, this entry appears to be a general intelligence update or a collection of IOCs related to malware activity observed around April 19, 2024, rather than a description of a novel or actively exploited vulnerability or malware strain.
Potential Impact
Given the lack of specific technical details, affected products, or known exploits, the direct impact on European organizations is currently limited and primarily informational. However, the dissemination of malware-related IOCs can aid threat detection and response efforts. If these IOCs correspond to emerging malware campaigns, European entities could face risks such as data breaches, system compromise, or operational disruption depending on the malware's capabilities once identified and exploited. The medium severity rating suggests a moderate risk level, potentially indicating that while the threat is not immediately critical, it warrants attention to prevent escalation. European organizations relying on open-source intelligence for threat hunting and incident response may benefit from integrating these IOCs into their security monitoring tools. Without specific targeting information, the impact remains generalized but underscores the importance of maintaining vigilance against evolving malware threats.
Mitigation Recommendations
1. Integrate the provided IOCs from ThreatFox into existing Security Information and Event Management (SIEM) systems and Endpoint Detection and Response (EDR) solutions to enhance detection capabilities. 2. Conduct regular threat intelligence updates and correlation exercises to identify any emerging patterns or related malware activity within organizational networks. 3. Employ network segmentation and strict access controls to limit potential malware spread if an infection occurs. 4. Maintain up-to-date endpoint protection platforms with behavioral analysis features to detect unknown or polymorphic malware variants. 5. Train security operations teams to recognize and respond to alerts generated from OSINT-based IOCs, ensuring timely investigation and containment. 6. Since no patches are available, emphasize proactive monitoring and incident response readiness rather than reliance on vulnerability remediation. 7. Collaborate with national and European cybersecurity centers to share intelligence and receive updates on any escalation or exploitation of these IOCs.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium, Sweden, Finland
Indicators of Compromise
- url: http://esdjasd.maxkrnldc.online/l1nc0in.php
- file: 3.125.209.94
- hash: 17393
- file: 18.158.249.75
- hash: 17393
- file: 3.125.102.39
- hash: 17393
- file: 3.124.142.205
- hash: 15296
- file: 18.158.249.75
- hash: 15296
- file: 3.125.223.134
- hash: 15296
- url: http://a0945069.xsph.ru/l1nc0in.php
- file: 43.140.251.2
- hash: 9999
- file: 121.43.94.2
- hash: 4506
- file: 194.87.252.12
- hash: 4443
- file: 151.236.16.48
- hash: 47163
- file: 20.186.89.88
- hash: 443
- file: 138.197.134.200
- hash: 443
- file: 178.128.134.221
- hash: 443
- file: 194.87.106.163
- hash: 443
- file: 35.89.154.15
- hash: 4443
- file: 137.184.61.218
- hash: 445
- file: 41.96.151.123
- hash: 443
- file: 46.246.12.2
- hash: 8000
- file: 93.95.231.17
- hash: 8888
- file: 146.56.237.36
- hash: 8888
- file: 178.128.196.190
- hash: 3333
- file: 188.166.138.176
- hash: 80
- file: 94.156.79.50
- hash: 80
- file: 94.131.107.85
- hash: 80
- url: http://91.202.233.180/g88sks2sam/index.php
- url: http://8.218.236.5:8062/g.pixel
- url: http://43.138.222.123/ca
- file: 43.138.222.123
- hash: 80
- domain: rootme.xyz
- domain: rooty.shop
- file: 194.48.251.9
- hash: 8890
- file: 57.128.155.22
- hash: 8895
- file: 194.48.251.9
- hash: 8896
- file: 194.48.251.9
- hash: 8895
- hash: 0113e2de733ff165934b65c2e2d6c59f6079f6dee668849764e70627bb8be8eb
- hash: 7c6543af2eea8ed933e0898bdbcfc642f0c11bece904b366ca939da9e76465eb
- hash: c4b3a3f21ad54d5c3370669ce1ff6c39f2affbaa02fdd42acfbd844c9c4074f9
- hash: c5f3035265a4497f674f9456d768231f4dace3552399e74bb146188a10d61510
- domain: net-killler.store
- domain: aomacamada.ddns.net
- domain: visit.startfinishthis.com
- file: 93.123.85.170
- hash: 666
- domain: xd.ubnutu.cyou
- domain: lon.vani.ovh
- domain: loz.vani.ovh
- domain: net-killer.ddns.net
- domain: net-killler.store
- domain: proxy.heleh.vn
- domain: bot.vptmedia.click
- domain: botnet.paintmc.net
- domain: yeuemvcl.cltxhot.fun
- domain: test.ravec2.xyz
- file: 204.12.199.30
- hash: 6606
- file: 204.12.199.30
- hash: 7707
- file: 204.12.199.30
- hash: 8808
- url: https://120.46.91.175/fwlink
- url: http://23.94.169.124:8000/jsbhn.js
- url: https://8.130.34.85/match
- file: 8.130.34.85
- hash: 443
- url: https://149.104.24.217/jquery-3.7.0.min.js
- file: 149.104.24.217
- hash: 443
- url: https://www.installbootstrap.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
- domain: www.installbootstrap.com
- file: 52.37.96.65
- hash: 443
- file: 103.174.73.85
- hash: 29989
- url: http://minecrafthyipixel.xyz/voiddbproviderserver6/auth/uploads/centralcentralline/7eternal/2_/temp/toupdategameflowertemporary.php
- file: 116.203.164.39
- hash: 80
- file: 116.203.164.39
- hash: 443
- file: 78.142.18.109
- hash: 8081
- url: http://mahdi.intelvpn.site/auth/login
- url: http://sam.coinmarketcap-tm.ru/auth/login
- url: http://79.137.202.60.sslip.io/auth/login
- url: http://it13.intelvpn.site/auth/login
- url: http://ftp.huboftest.ir/auth/login
- url: http://svma.arcovip.com/auth/login
- url: http://79.137.197.154/auth/login
- url: http://37.221.93.9/auth/login
- url: http://109.120.178.115/auth/login
- url: http://79.137.202.152/auth/login
- url: http://109.120.176.38/auth/login
- url: https://23.94.169.124:8443/jsbhn.js
- url: https://cuponerachilanga.com/cdn-vs/cache.php
- url: https://cuponerachilanga.com/help/zewmrgqnw.php
- url: https://go8et.lol/data.php
- file: 43.136.220.38
- hash: 8443
- file: 43.142.170.25
- hash: 5901
- file: 43.142.170.25
- hash: 8888
- file: 122.51.81.205
- hash: 60050
- url: http://94.156.71.108:1604/is-ready
- file: 124.221.95.96
- hash: 8080
- file: 129.204.169.101
- hash: 443
- file: 150.158.107.49
- hash: 80
- file: 150.158.107.49
- hash: 443
- domain: service-33y2vp0r-1303081427.sh.tencentapigw.com
- file: 159.75.111.243
- hash: 80
- file: 211.159.172.150
- hash: 4444
- url: http://easthoolbook.com:443/sign.mpeg
- file: 39.108.234.47
- hash: 10000
- file: 47.100.244.166
- hash: 10000
- file: 47.101.37.46
- hash: 8000
- file: 47.113.104.226
- hash: 80
- file: 185.73.124.164
- hash: 80
- file: 185.73.124.164
- hash: 443
- file: 185.73.124.164
- hash: 25
- file: 185.73.124.164
- hash: 2525
- file: 185.73.124.164
- hash: 993
- file: 185.73.124.164
- hash: 3389
- file: 184.49.69.41
- hash: 80
- file: 47.113.194.22
- hash: 2222
- file: 47.120.10.216
- hash: 5000
- file: 47.120.12.228
- hash: 80
- file: 101.37.13.119
- hash: 80
- file: 120.24.171.139
- hash: 80
- file: 143.244.162.41
- hash: 23
- file: 121.40.67.130
- hash: 4433
- file: 121.37.41.201
- hash: 443
- file: 128.199.207.8
- hash: 4433
- file: 157.230.254.3
- hash: 443
- file: 168.76.120.82
- hash: 50050
- file: 168.76.120.83
- hash: 50050
- file: 168.76.120.84
- hash: 50050
- file: 168.76.120.85
- hash: 50050
- file: 168.76.120.86
- hash: 50050
- file: 168.76.120.114
- hash: 50050
- file: 168.76.120.115
- hash: 50050
- file: 168.76.120.116
- hash: 50050
- file: 168.76.120.118
- hash: 50050
- file: 168.76.120.119
- hash: 50050
- file: 168.76.120.120
- hash: 50050
- file: 168.76.120.121
- hash: 50050
- file: 168.76.120.122
- hash: 50050
- file: 168.76.120.123
- hash: 50050
- file: 168.76.120.124
- hash: 50050
- file: 168.76.120.125
- hash: 50050
- file: 168.76.120.126
- hash: 50050
- file: 168.76.255.27
- hash: 443
- file: 168.76.120.82
- hash: 60000
- file: 168.76.120.83
- hash: 60000
- file: 168.76.120.84
- hash: 60000
- file: 168.76.120.85
- hash: 60000
- file: 168.76.120.86
- hash: 60000
- file: 168.76.120.114
- hash: 60000
- file: 168.76.120.115
- hash: 60000
- file: 168.76.120.116
- hash: 60000
- file: 168.76.120.117
- hash: 60000
- file: 168.76.120.118
- hash: 60000
- file: 168.76.120.119
- hash: 60000
- file: 168.76.120.120
- hash: 60000
- file: 168.76.120.121
- hash: 60000
- file: 168.76.120.122
- hash: 60000
- file: 168.76.120.123
- hash: 60000
- file: 168.76.120.124
- hash: 60000
- file: 168.76.120.125
- hash: 60000
- file: 168.76.120.126
- hash: 60000
- file: 8.210.32.15
- hash: 60000
- file: 8.218.8.26
- hash: 60000
- file: 8.218.21.190
- hash: 60000
- file: 47.237.26.206
- hash: 60000
- file: 47.242.4.42
- hash: 60000
- file: 147.139.7.182
- hash: 60000
- file: 4.191.74.1
- hash: 80
- file: 4.191.74.1
- hash: 3306
- file: 20.68.131.221
- hash: 443
- file: 45.76.178.151
- hash: 47889
- file: 209.222.0.68
- hash: 80
- file: 89.251.22.32
- hash: 14791
- file: 3.71.70.1
- hash: 8443
- file: 13.40.36.157
- hash: 443
- file: 18.217.214.178
- hash: 443
- file: 206.188.197.218
- hash: 443
- file: 83.97.73.157
- hash: 2082
- file: 83.97.73.157
- hash: 2083
- file: 77.221.151.31
- hash: 4444
- file: 79.132.128.96
- hash: 81
- file: 79.132.128.96
- hash: 444
- domain: gardeniasupplies.com
- file: 91.92.255.248
- hash: 88
- file: 45.88.90.224
- hash: 2222
- url: http://www.megabet303.lol/gnbc/
- url: http://www.tyaer.com/gnbc/
- url: http://www.oyoing.com/gnbc/
- domain: www.megabet303.lol
- domain: www.tyaer.com
- domain: www.oyoing.com
- domain: megabet303.lol
- domain: tyaer.com
- domain: oyoing.com
- file: 46.246.80.12
- hash: 2000
- file: 87.121.105.252
- hash: 6606
- file: 128.90.103.12
- hash: 9999
- file: 148.163.101.182
- hash: 6606
- file: 172.111.148.95
- hash: 222
- file: 172.111.169.67
- hash: 2222
- file: 198.23.227.175
- hash: 8881
- file: 196.74.150.120
- hash: 10000
- file: 81.136.90.1
- hash: 1339
- file: 187.135.91.233
- hash: 1933
- file: 187.135.91.233
- hash: 2053
- file: 187.135.91.233
- hash: 2095
- file: 187.135.91.233
- hash: 2096
- file: 187.135.93.204
- hash: 2053
- file: 187.135.117.121
- hash: 1688
- file: 187.135.117.121
- hash: 2003
- file: 187.135.117.121
- hash: 2052
- file: 187.135.117.121
- hash: 2061
- file: 187.135.117.121
- hash: 2083
- file: 108.46.243.201
- hash: 8000
- file: 177.102.67.47
- hash: 5000
- file: 45.152.64.31
- hash: 60000
- file: 47.95.158.44
- hash: 60000
- file: 101.42.51.12
- hash: 60000
- file: 112.65.51.10
- hash: 60000
- file: 121.36.248.151
- hash: 60000
- file: 121.40.222.45
- hash: 60000
- file: 171.249.233.153
- hash: 4449
- file: 171.249.233.153
- hash: 8000
- file: 171.249.233.153
- hash: 9999
- file: 193.222.96.114
- hash: 4449
- file: 193.222.96.128
- hash: 4449
- file: 206.237.6.174
- hash: 80
- url: http://jemyy.theworkpc.com:5401
- domain: jemyy.theworkpc.com
- file: 94.156.71.108
- hash: 1604
- url: http://94.156.71.108:1604
- file: 109.248.151.106
- hash: 5401
- file: 47.120.39.182
- hash: 63306
- url: http://47.120.39.182:63306/cx
- url: http://47.120.39.182:63306/gs3p
- url: http://co29474.tw1.ru/_defaultwindows.php
- file: 172.96.137.224
- hash: 8081
- file: 193.36.119.250
- hash: 8888
- file: 45.33.116.110
- hash: 7443
- file: 138.68.189.254
- hash: 7443
- file: 62.169.23.231
- hash: 443
- file: 45.121.50.136
- hash: 443
- file: 54.66.9.58
- hash: 443
- file: 101.43.211.59
- hash: 443
- file: 45.153.229.132
- hash: 443
- file: 91.225.218.38
- hash: 443
- file: 34.92.143.66
- hash: 8443
- file: 77.126.182.204
- hash: 443
- file: 41.97.160.21
- hash: 443
- file: 151.48.149.0
- hash: 443
- file: 187.170.75.34
- hash: 995
- file: 46.246.80.2
- hash: 6000
- file: 97.74.89.69
- hash: 8888
- file: 64.23.216.132
- hash: 4000
- file: 157.230.222.248
- hash: 80
- file: 139.99.64.79
- hash: 80
- file: 95.164.117.2
- hash: 80
- url: http://a0938829.xsph.ru/e609f91d.php
- file: 66.63.188.141
- hash: 443
- file: 185.112.249.13
- hash: 443
- file: 64.227.147.74
- hash: 443
- file: 146.19.143.84
- hash: 443
- file: 91.149.219.102
- hash: 443
- url: https://jxvtcm.cn/complete/pr/h6tcqrwr
- domain: jxvtcm.cn
- file: 175.178.160.155
- hash: 443
- url: https://109.120.178.253/__utm.gif
- file: 109.120.178.253
- hash: 443
- url: https://zj.court.cn.com/jquery-3.3.1.min.js
- domain: zj.court.cn.com
- url: http://172.247.189.234:8443/claim/v5.6/zz1qb9mls
- file: 106.54.236.42
- hash: 8443
- url: https://106.54.236.42/claim/v5.6/zz1qb9mls
- file: 106.54.236.42
- hash: 443
- url: http://173.44.141.234/jquery-3.3.1.min.js
- file: 173.44.141.234
- hash: 80
- url: http://109.107.182.145/externalvm_cpugamewindows.php
- file: 41.142.212.85
- hash: 10000
- url: http://94.156.65.182/tomthf/cvghx/five/fre.php
ThreatFox IOCs for 2024-04-19
Medium
Published: Fri Apr 19 2024 (04/19/2024, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2024-04-19
AI-Powered Analysis
AILast updated: 06/18/2025, 19:19:00 UTC
Technical Analysis
The provided threat information pertains to a malware-related report titled "ThreatFox IOCs for 2024-04-19," sourced from ThreatFox, which is a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under "type:osint," indicating that it primarily involves open-source intelligence data rather than a specific malware family or exploit. No specific affected product versions or CWE identifiers are listed, and there are no patch links or known exploits in the wild associated with this threat at the time of publication. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination or visibility within threat intelligence communities. The absence of concrete IOCs or detailed technical indicators limits the ability to perform a deep technical dissection of the malware's behavior, infection vectors, or payload characteristics. Overall, this entry appears to be a general intelligence update or a collection of IOCs related to malware activity observed around April 19, 2024, rather than a description of a novel or actively exploited vulnerability or malware strain.
Potential Impact
Given the lack of specific technical details, affected products, or known exploits, the direct impact on European organizations is currently limited and primarily informational. However, the dissemination of malware-related IOCs can aid threat detection and response efforts. If these IOCs correspond to emerging malware campaigns, European entities could face risks such as data breaches, system compromise, or operational disruption depending on the malware's capabilities once identified and exploited. The medium severity rating suggests a moderate risk level, potentially indicating that while the threat is not immediately critical, it warrants attention to prevent escalation. European organizations relying on open-source intelligence for threat hunting and incident response may benefit from integrating these IOCs into their security monitoring tools. Without specific targeting information, the impact remains generalized but underscores the importance of maintaining vigilance against evolving malware threats.
Mitigation Recommendations
1. Integrate the provided IOCs from ThreatFox into existing Security Information and Event Management (SIEM) systems and Endpoint Detection and Response (EDR) solutions to enhance detection capabilities. 2. Conduct regular threat intelligence updates and correlation exercises to identify any emerging patterns or related malware activity within organizational networks. 3. Employ network segmentation and strict access controls to limit potential malware spread if an infection occurs. 4. Maintain up-to-date endpoint protection platforms with behavioral analysis features to detect unknown or polymorphic malware variants. 5. Train security operations teams to recognize and respond to alerts generated from OSINT-based IOCs, ensuring timely investigation and containment. 6. Since no patches are available, emphasize proactive monitoring and incident response readiness rather than reliance on vulnerability remediation. 7. Collaborate with national and European cybersecurity centers to share intelligence and receive updates on any escalation or exploitation of these IOCs.
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 010dc433-a80d-482c-b231-d70a42bcfdd3
- Original Timestamp
- 1713571388
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://esdjasd.maxkrnldc.online/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://a0945069.xsph.ru/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://91.202.233.180/g88sks2sam/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://8.218.236.5:8062/g.pixel | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://43.138.222.123/ca | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://120.46.91.175/fwlink | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://23.94.169.124:8000/jsbhn.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://8.130.34.85/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://149.104.24.217/jquery-3.7.0.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://www.installbootstrap.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://minecrafthyipixel.xyz/voiddbproviderserver6/auth/uploads/centralcentralline/7eternal/2_/temp/toupdategameflowertemporary.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://mahdi.intelvpn.site/auth/login | Meduza Stealer botnet C2 (confidence level: 100%) | |
urlhttp://sam.coinmarketcap-tm.ru/auth/login | Meduza Stealer botnet C2 (confidence level: 100%) | |
urlhttp://79.137.202.60.sslip.io/auth/login | Meduza Stealer botnet C2 (confidence level: 100%) | |
urlhttp://it13.intelvpn.site/auth/login | Meduza Stealer botnet C2 (confidence level: 100%) | |
urlhttp://ftp.huboftest.ir/auth/login | Meduza Stealer botnet C2 (confidence level: 100%) | |
urlhttp://svma.arcovip.com/auth/login | Meduza Stealer botnet C2 (confidence level: 100%) | |
urlhttp://79.137.197.154/auth/login | Meduza Stealer botnet C2 (confidence level: 100%) | |
urlhttp://37.221.93.9/auth/login | Meduza Stealer botnet C2 (confidence level: 100%) | |
urlhttp://109.120.178.115/auth/login | Meduza Stealer botnet C2 (confidence level: 100%) | |
urlhttp://79.137.202.152/auth/login | Meduza Stealer botnet C2 (confidence level: 100%) | |
urlhttp://109.120.176.38/auth/login | Meduza Stealer botnet C2 (confidence level: 100%) | |
urlhttps://23.94.169.124:8443/jsbhn.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://cuponerachilanga.com/cdn-vs/cache.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://cuponerachilanga.com/help/zewmrgqnw.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://go8et.lol/data.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://94.156.71.108:1604/is-ready | Houdini botnet C2 (confidence level: 100%) | |
urlhttp://easthoolbook.com:443/sign.mpeg | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://www.megabet303.lol/gnbc/ | Formbook botnet C2 (confidence level: 75%) | |
urlhttp://www.tyaer.com/gnbc/ | Formbook botnet C2 (confidence level: 75%) | |
urlhttp://www.oyoing.com/gnbc/ | Formbook botnet C2 (confidence level: 75%) | |
urlhttp://jemyy.theworkpc.com:5401 | Vjw0rm botnet C2 (confidence level: 100%) | |
urlhttp://94.156.71.108:1604 | Houdini botnet C2 (confidence level: 100%) | |
urlhttp://47.120.39.182:63306/cx | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://47.120.39.182:63306/gs3p | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://co29474.tw1.ru/_defaultwindows.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://a0938829.xsph.ru/e609f91d.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://jxvtcm.cn/complete/pr/h6tcqrwr | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://109.120.178.253/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://zj.court.cn.com/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://172.247.189.234:8443/claim/v5.6/zz1qb9mls | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://106.54.236.42/claim/v5.6/zz1qb9mls | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://173.44.141.234/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://109.107.182.145/externalvm_cpugamewindows.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://94.156.65.182/tomthf/cvghx/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file3.125.209.94 | NjRAT botnet C2 server (confidence level: 75%) | |
file18.158.249.75 | NjRAT botnet C2 server (confidence level: 75%) | |
file3.125.102.39 | NjRAT botnet C2 server (confidence level: 75%) | |
file3.124.142.205 | NjRAT botnet C2 server (confidence level: 75%) | |
file18.158.249.75 | NjRAT botnet C2 server (confidence level: 75%) | |
file3.125.223.134 | NjRAT botnet C2 server (confidence level: 75%) | |
file43.140.251.2 | Sliver botnet C2 server (confidence level: 50%) | |
file121.43.94.2 | Deimos botnet C2 server (confidence level: 50%) | |
file194.87.252.12 | Deimos botnet C2 server (confidence level: 50%) | |
file151.236.16.48 | BianLian botnet C2 server (confidence level: 50%) | |
file20.186.89.88 | Havoc botnet C2 server (confidence level: 50%) | |
file138.197.134.200 | Havoc botnet C2 server (confidence level: 50%) | |
file178.128.134.221 | Havoc botnet C2 server (confidence level: 50%) | |
file194.87.106.163 | Havoc botnet C2 server (confidence level: 50%) | |
file35.89.154.15 | Havoc botnet C2 server (confidence level: 50%) | |
file137.184.61.218 | Responder botnet C2 server (confidence level: 50%) | |
file41.96.151.123 | QakBot botnet C2 server (confidence level: 50%) | |
file46.246.12.2 | DCRat botnet C2 server (confidence level: 50%) | |
file93.95.231.17 | Unknown malware botnet C2 server (confidence level: 50%) | |
file146.56.237.36 | Unknown malware botnet C2 server (confidence level: 50%) | |
file178.128.196.190 | Unknown malware botnet C2 server (confidence level: 50%) | |
file188.166.138.176 | Unknown malware botnet C2 server (confidence level: 50%) | |
file94.156.79.50 | Unknown malware botnet C2 server (confidence level: 50%) | |
file94.131.107.85 | Unknown malware botnet C2 server (confidence level: 50%) | |
file43.138.222.123 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file194.48.251.9 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file57.128.155.22 | XWorm botnet C2 server (confidence level: 100%) | |
file194.48.251.9 | XWorm botnet C2 server (confidence level: 100%) | |
file194.48.251.9 | XWorm botnet C2 server (confidence level: 100%) | |
file93.123.85.170 | Bashlite botnet C2 server (confidence level: 75%) | |
file204.12.199.30 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file204.12.199.30 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file204.12.199.30 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file8.130.34.85 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.104.24.217 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file52.37.96.65 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.174.73.85 | MooBot botnet C2 server (confidence level: 75%) | |
file116.203.164.39 | Vidar botnet C2 server (confidence level: 80%) | |
file116.203.164.39 | Vidar botnet C2 server (confidence level: 80%) | |
file78.142.18.109 | RisePro botnet C2 server (confidence level: 80%) | |
file43.136.220.38 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.142.170.25 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.142.170.25 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file122.51.81.205 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.221.95.96 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file129.204.169.101 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file150.158.107.49 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file150.158.107.49 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file159.75.111.243 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file211.159.172.150 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.108.234.47 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.100.244.166 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.101.37.46 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.113.104.226 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.73.124.164 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file185.73.124.164 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file185.73.124.164 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file185.73.124.164 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file185.73.124.164 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file185.73.124.164 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file184.49.69.41 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file47.113.194.22 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.120.10.216 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.120.12.228 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.37.13.119 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.24.171.139 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file143.244.162.41 | Mirai botnet C2 server (confidence level: 100%) | |
file121.40.67.130 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.37.41.201 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file128.199.207.8 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file157.230.254.3 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file168.76.120.82 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file168.76.120.83 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file168.76.120.84 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file168.76.120.85 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file168.76.120.86 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file168.76.120.114 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file168.76.120.115 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file168.76.120.116 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file168.76.120.118 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file168.76.120.119 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file168.76.120.120 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file168.76.120.121 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file168.76.120.122 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file168.76.120.123 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file168.76.120.124 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file168.76.120.125 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file168.76.120.126 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file168.76.255.27 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file168.76.120.82 | Unknown malware botnet C2 server (confidence level: 100%) | |
file168.76.120.83 | Unknown malware botnet C2 server (confidence level: 100%) | |
file168.76.120.84 | Unknown malware botnet C2 server (confidence level: 100%) | |
file168.76.120.85 | Unknown malware botnet C2 server (confidence level: 100%) | |
file168.76.120.86 | Unknown malware botnet C2 server (confidence level: 100%) | |
file168.76.120.114 | Unknown malware botnet C2 server (confidence level: 100%) | |
file168.76.120.115 | Unknown malware botnet C2 server (confidence level: 100%) | |
file168.76.120.116 | Unknown malware botnet C2 server (confidence level: 100%) | |
file168.76.120.117 | Unknown malware botnet C2 server (confidence level: 100%) | |
file168.76.120.118 | Unknown malware botnet C2 server (confidence level: 100%) | |
file168.76.120.119 | Unknown malware botnet C2 server (confidence level: 100%) | |
file168.76.120.120 | Unknown malware botnet C2 server (confidence level: 100%) | |
file168.76.120.121 | Unknown malware botnet C2 server (confidence level: 100%) | |
file168.76.120.122 | Unknown malware botnet C2 server (confidence level: 100%) | |
file168.76.120.123 | Unknown malware botnet C2 server (confidence level: 100%) | |
file168.76.120.124 | Unknown malware botnet C2 server (confidence level: 100%) | |
file168.76.120.125 | Unknown malware botnet C2 server (confidence level: 100%) | |
file168.76.120.126 | Unknown malware botnet C2 server (confidence level: 100%) | |
file8.210.32.15 | Unknown malware botnet C2 server (confidence level: 100%) | |
file8.218.8.26 | Unknown malware botnet C2 server (confidence level: 100%) | |
file8.218.21.190 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.237.26.206 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.242.4.42 | Unknown malware botnet C2 server (confidence level: 100%) | |
file147.139.7.182 | Unknown malware botnet C2 server (confidence level: 100%) | |
file4.191.74.1 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file4.191.74.1 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file20.68.131.221 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.76.178.151 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file209.222.0.68 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file89.251.22.32 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file3.71.70.1 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file13.40.36.157 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file18.217.214.178 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file206.188.197.218 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file83.97.73.157 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file83.97.73.157 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file77.221.151.31 | BitRAT botnet C2 server (confidence level: 100%) | |
file79.132.128.96 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file79.132.128.96 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.92.255.248 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.88.90.224 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file46.246.80.12 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file87.121.105.252 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.103.12 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file148.163.101.182 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file172.111.148.95 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file172.111.169.67 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file198.23.227.175 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.74.150.120 | NjRAT botnet C2 server (confidence level: 100%) | |
file81.136.90.1 | DarkComet botnet C2 server (confidence level: 100%) | |
file187.135.91.233 | DarkComet botnet C2 server (confidence level: 100%) | |
file187.135.91.233 | DarkComet botnet C2 server (confidence level: 100%) | |
file187.135.91.233 | DarkComet botnet C2 server (confidence level: 100%) | |
file187.135.91.233 | DarkComet botnet C2 server (confidence level: 100%) | |
file187.135.93.204 | DarkComet botnet C2 server (confidence level: 100%) | |
file187.135.117.121 | DarkComet botnet C2 server (confidence level: 100%) | |
file187.135.117.121 | DarkComet botnet C2 server (confidence level: 100%) | |
file187.135.117.121 | DarkComet botnet C2 server (confidence level: 100%) | |
file187.135.117.121 | DarkComet botnet C2 server (confidence level: 100%) | |
file187.135.117.121 | DarkComet botnet C2 server (confidence level: 100%) | |
file108.46.243.201 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file177.102.67.47 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file45.152.64.31 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.95.158.44 | Unknown malware botnet C2 server (confidence level: 100%) | |
file101.42.51.12 | Unknown malware botnet C2 server (confidence level: 100%) | |
file112.65.51.10 | Unknown malware botnet C2 server (confidence level: 100%) | |
file121.36.248.151 | Unknown malware botnet C2 server (confidence level: 100%) | |
file121.40.222.45 | Unknown malware botnet C2 server (confidence level: 100%) | |
file171.249.233.153 | Venom RAT botnet C2 server (confidence level: 100%) | |
file171.249.233.153 | Venom RAT botnet C2 server (confidence level: 100%) | |
file171.249.233.153 | Venom RAT botnet C2 server (confidence level: 100%) | |
file193.222.96.114 | Venom RAT botnet C2 server (confidence level: 100%) | |
file193.222.96.128 | Venom RAT botnet C2 server (confidence level: 100%) | |
file206.237.6.174 | Venom RAT botnet C2 server (confidence level: 100%) | |
file94.156.71.108 | Houdini botnet C2 server (confidence level: 100%) | |
file109.248.151.106 | Vjw0rm botnet C2 server (confidence level: 100%) | |
file47.120.39.182 | Meterpreter botnet C2 server (confidence level: 100%) | |
file172.96.137.224 | Sliver botnet C2 server (confidence level: 50%) | |
file193.36.119.250 | Sliver botnet C2 server (confidence level: 50%) | |
file45.33.116.110 | Unknown malware botnet C2 server (confidence level: 50%) | |
file138.68.189.254 | Unknown malware botnet C2 server (confidence level: 50%) | |
file62.169.23.231 | Deimos botnet C2 server (confidence level: 50%) | |
file45.121.50.136 | BianLian botnet C2 server (confidence level: 50%) | |
file54.66.9.58 | Havoc botnet C2 server (confidence level: 50%) | |
file101.43.211.59 | Havoc botnet C2 server (confidence level: 50%) | |
file45.153.229.132 | Havoc botnet C2 server (confidence level: 50%) | |
file91.225.218.38 | Havoc botnet C2 server (confidence level: 50%) | |
file34.92.143.66 | pupy botnet C2 server (confidence level: 50%) | |
file77.126.182.204 | QakBot botnet C2 server (confidence level: 50%) | |
file41.97.160.21 | QakBot botnet C2 server (confidence level: 50%) | |
file151.48.149.0 | QakBot botnet C2 server (confidence level: 50%) | |
file187.170.75.34 | QakBot botnet C2 server (confidence level: 50%) | |
file46.246.80.2 | DCRat botnet C2 server (confidence level: 50%) | |
file97.74.89.69 | Unknown malware botnet C2 server (confidence level: 50%) | |
file64.23.216.132 | Unknown malware botnet C2 server (confidence level: 50%) | |
file157.230.222.248 | Unknown malware botnet C2 server (confidence level: 50%) | |
file139.99.64.79 | Unknown malware botnet C2 server (confidence level: 50%) | |
file95.164.117.2 | Unknown malware botnet C2 server (confidence level: 50%) | |
file66.63.188.141 | IcedID botnet C2 server (confidence level: 75%) | |
file185.112.249.13 | IcedID botnet C2 server (confidence level: 75%) | |
file64.227.147.74 | IcedID botnet C2 server (confidence level: 75%) | |
file146.19.143.84 | IcedID botnet C2 server (confidence level: 75%) | |
file91.149.219.102 | IcedID botnet C2 server (confidence level: 75%) | |
file175.178.160.155 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file109.120.178.253 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.54.236.42 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.54.236.42 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file173.44.141.234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file41.142.212.85 | NjRAT botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash17393 | NjRAT botnet C2 server (confidence level: 75%) | |
hash17393 | NjRAT botnet C2 server (confidence level: 75%) | |
hash17393 | NjRAT botnet C2 server (confidence level: 75%) | |
hash15296 | NjRAT botnet C2 server (confidence level: 75%) | |
hash15296 | NjRAT botnet C2 server (confidence level: 75%) | |
hash15296 | NjRAT botnet C2 server (confidence level: 75%) | |
hash9999 | Sliver botnet C2 server (confidence level: 50%) | |
hash4506 | Deimos botnet C2 server (confidence level: 50%) | |
hash4443 | Deimos botnet C2 server (confidence level: 50%) | |
hash47163 | BianLian botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash4443 | Havoc botnet C2 server (confidence level: 50%) | |
hash445 | Responder botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash8000 | DCRat botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8890 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8895 | XWorm botnet C2 server (confidence level: 100%) | |
hash8896 | XWorm botnet C2 server (confidence level: 100%) | |
hash8895 | XWorm botnet C2 server (confidence level: 100%) | |
hash0113e2de733ff165934b65c2e2d6c59f6079f6dee668849764e70627bb8be8eb | Stealc payload (confidence level: 75%) | |
hash7c6543af2eea8ed933e0898bdbcfc642f0c11bece904b366ca939da9e76465eb | Stealc payload (confidence level: 75%) | |
hashc4b3a3f21ad54d5c3370669ce1ff6c39f2affbaa02fdd42acfbd844c9c4074f9 | Stealc payload (confidence level: 75%) | |
hashc5f3035265a4497f674f9456d768231f4dace3552399e74bb146188a10d61510 | Stealc payload (confidence level: 75%) | |
hash666 | Bashlite botnet C2 server (confidence level: 75%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29989 | MooBot botnet C2 server (confidence level: 75%) | |
hash80 | Vidar botnet C2 server (confidence level: 80%) | |
hash443 | Vidar botnet C2 server (confidence level: 80%) | |
hash8081 | RisePro botnet C2 server (confidence level: 80%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5901 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash60050 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash10000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash10000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash25 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash2525 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash993 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash3389 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash2222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash23 | Mirai botnet C2 server (confidence level: 100%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3306 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash47889 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash14791 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2082 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2083 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | BitRAT botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash88 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9999 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8881 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash10000 | NjRAT botnet C2 server (confidence level: 100%) | |
hash1339 | DarkComet botnet C2 server (confidence level: 100%) | |
hash1933 | DarkComet botnet C2 server (confidence level: 100%) | |
hash2053 | DarkComet botnet C2 server (confidence level: 100%) | |
hash2095 | DarkComet botnet C2 server (confidence level: 100%) | |
hash2096 | DarkComet botnet C2 server (confidence level: 100%) | |
hash2053 | DarkComet botnet C2 server (confidence level: 100%) | |
hash1688 | DarkComet botnet C2 server (confidence level: 100%) | |
hash2003 | DarkComet botnet C2 server (confidence level: 100%) | |
hash2052 | DarkComet botnet C2 server (confidence level: 100%) | |
hash2061 | DarkComet botnet C2 server (confidence level: 100%) | |
hash2083 | DarkComet botnet C2 server (confidence level: 100%) | |
hash8000 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash5000 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash9999 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash80 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash1604 | Houdini botnet C2 server (confidence level: 100%) | |
hash5401 | Vjw0rm botnet C2 server (confidence level: 100%) | |
hash63306 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash8081 | Sliver botnet C2 server (confidence level: 50%) | |
hash8888 | Sliver botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash443 | Deimos botnet C2 server (confidence level: 50%) | |
hash443 | BianLian botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash8443 | pupy botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash995 | QakBot botnet C2 server (confidence level: 50%) | |
hash6000 | DCRat botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash4000 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash10000 | NjRAT botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainrootme.xyz | Mirai botnet C2 domain (confidence level: 100%) | |
domainrooty.shop | Mirai botnet C2 domain (confidence level: 100%) | |
domainnet-killler.store | MooBot botnet C2 domain (confidence level: 100%) | |
domainaomacamada.ddns.net | MooBot botnet C2 domain (confidence level: 100%) | |
domainvisit.startfinishthis.com | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainxd.ubnutu.cyou | MooBot botnet C2 domain (confidence level: 100%) | |
domainlon.vani.ovh | MooBot botnet C2 domain (confidence level: 100%) | |
domainloz.vani.ovh | MooBot botnet C2 domain (confidence level: 100%) | |
domainnet-killer.ddns.net | MooBot botnet C2 domain (confidence level: 100%) | |
domainnet-killler.store | MooBot botnet C2 domain (confidence level: 100%) | |
domainproxy.heleh.vn | MooBot botnet C2 domain (confidence level: 100%) | |
domainbot.vptmedia.click | MooBot botnet C2 domain (confidence level: 100%) | |
domainbotnet.paintmc.net | MooBot botnet C2 domain (confidence level: 100%) | |
domainyeuemvcl.cltxhot.fun | MooBot botnet C2 domain (confidence level: 100%) | |
domaintest.ravec2.xyz | MooBot botnet C2 domain (confidence level: 100%) | |
domainwww.installbootstrap.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainservice-33y2vp0r-1303081427.sh.tencentapigw.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaingardeniasupplies.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainwww.megabet303.lol | Formbook botnet C2 domain (confidence level: 75%) | |
domainwww.tyaer.com | Formbook botnet C2 domain (confidence level: 75%) | |
domainwww.oyoing.com | Formbook botnet C2 domain (confidence level: 75%) | |
domainmegabet303.lol | Formbook botnet C2 domain (confidence level: 75%) | |
domaintyaer.com | Formbook botnet C2 domain (confidence level: 75%) | |
domainoyoing.com | Formbook botnet C2 domain (confidence level: 75%) | |
domainjemyy.theworkpc.com | Vjw0rm botnet C2 domain (confidence level: 100%) | |
domainjxvtcm.cn | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainzj.court.cn.com | Cobalt Strike botnet C2 domain (confidence level: 100%) |
Threat ID: 682b7badd3ddd8cef2ebc8eb
Added to database: 5/19/2025, 6:42:53 PM
Last enriched: 6/18/2025, 7:19:00 PM
Last updated: 8/11/2025, 9:40:48 AM
Views: 18
Related Threats
North Korean Group ScarCruft Expands From Spying to Ransomware Attacks
MediumMalwareMon Aug 11 2025
MedusaLocker ransomware group is looking for pentesters
MediumMalwareMon Aug 11 2025
ThreatFox IOCs for 2025-08-10
MediumMalwareMon Aug 11 2025
ThreatFox IOCs for 2025-08-09
MediumMalwareSun Aug 10 2025
Embargo Ransomware nets $34.2M in crypto since April 2024
MediumMalwareSat Aug 09 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.