Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

ThreatFox IOCs for 2024-04-26

Medium
Malwaretype:osinttlp:white
Published: Fri Apr 26 2024 (04/26/2024, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2024-04-26

AI-Powered Analysis

AILast updated: 06/19/2025, 13:32:47 UTC

Technical Analysis

The provided threat intelligence pertains to a set of Indicators of Compromise (IOCs) published on April 26, 2024, by ThreatFox, a platform known for sharing threat intelligence data. The threat is categorized as malware-related and is associated with OSINT (Open Source Intelligence) tools or data, as indicated by the product tag 'osint'. However, no specific affected software versions, vulnerabilities, or malware families are detailed. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination but limited analytical depth. There are no known exploits in the wild linked to this threat, and no patch information is provided. The absence of concrete technical indicators such as malware signatures, attack vectors, or exploitation methods limits the ability to perform a deep technical dissection. The threat appears to be informational, focusing on sharing IOCs that may assist in detection or prevention efforts rather than describing an active or novel malware campaign. The TLP (Traffic Light Protocol) is white, indicating that the information is intended for public sharing without restrictions. Overall, this threat intelligence entry serves as a repository of potential malicious indicators rather than a detailed report on a specific malware strain or exploit. Organizations can use these IOCs to enhance their detection capabilities but should be aware that the threat's operational impact and exploitation likelihood are currently low or not well-defined.

Potential Impact

Given the limited technical details and absence of known active exploits, the immediate impact on European organizations is likely minimal. However, the presence of new IOCs related to malware suggests that threat actors may be preparing or conducting reconnaissance activities that could precede targeted attacks. European organizations relying on OSINT tools or integrating open-source threat intelligence feeds may benefit from incorporating these IOCs into their security monitoring to detect potential malicious activity early. The medium severity rating indicates a moderate risk, primarily due to the potential for these IOCs to be associated with emerging threats. If exploited, malware infections could compromise confidentiality, integrity, or availability of systems, but without specific exploit details, the scope and scale of impact remain uncertain. Organizations in critical infrastructure, finance, and government sectors should remain vigilant, as these sectors are frequent targets for malware campaigns leveraging OSINT-derived intelligence. Overall, the threat represents a moderate intelligence update rather than an immediate operational risk.

Mitigation Recommendations

1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities. 2. Regularly update threat intelligence feeds and cross-reference with internal logs to identify any matches with the new IOCs. 3. Conduct targeted threat hunting exercises focusing on the indicators shared by ThreatFox to proactively identify potential compromises. 4. Strengthen OSINT tool configurations and access controls to prevent misuse or exploitation by threat actors leveraging similar intelligence. 5. Enhance user awareness training to recognize phishing or social engineering attempts that may utilize OSINT-derived information. 6. Collaborate with national Computer Security Incident Response Teams (CSIRTs) and European cybersecurity information sharing platforms to stay informed about evolving threats related to these IOCs. 7. Since no patches are available, focus on detection and response readiness, including incident response playbooks tailored to malware infections. These measures go beyond generic advice by emphasizing proactive threat hunting, integration of specific IOCs, and collaboration within European cybersecurity communities.

Affected Countries

GermanyGermany
FranceFrance
United KingdomUnited Kingdom
NetherlandsNetherlands
ItalyItaly
SpainSpain
PolandPoland
Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
f32d2144-4479-4321-8b59-f9f1fca6befe
Original Timestamp
1714176186

Indicators of Compromise

File

ValueDescriptionCopy
file5.42.92.179
RedLine Stealer botnet C2 server (confidence level: 100%)
file46.246.86.14
NjRAT botnet C2 server (confidence level: 75%)
file85.203.42.194
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.105.191.1
Cobalt Strike botnet C2 server (confidence level: 100%)
file149.28.25.144
Sliver botnet C2 server (confidence level: 50%)
file149.28.25.144
Sliver botnet C2 server (confidence level: 50%)
file45.95.174.39
Unknown malware botnet C2 server (confidence level: 50%)
file45.95.174.253
Unknown malware botnet C2 server (confidence level: 50%)
file185.234.216.209
BianLian botnet C2 server (confidence level: 50%)
file193.227.134.120
BianLian botnet C2 server (confidence level: 50%)
file35.192.76.216
Havoc botnet C2 server (confidence level: 50%)
file45.141.84.135
pupy botnet C2 server (confidence level: 50%)
file190.70.119.188
DCRat botnet C2 server (confidence level: 50%)
file45.207.36.50
Unknown malware botnet C2 server (confidence level: 50%)
file45.207.36.33
Unknown malware botnet C2 server (confidence level: 50%)
file54.202.238.187
Unknown malware botnet C2 server (confidence level: 50%)
file77.91.70.104
Meduza Stealer botnet C2 server (confidence level: 50%)
file18.159.103.213
Unknown malware botnet C2 server (confidence level: 50%)
file14.178.208.233
Unknown malware botnet C2 server (confidence level: 50%)
file93.127.202.69
Unknown malware botnet C2 server (confidence level: 50%)
file64.227.140.244
Unknown malware botnet C2 server (confidence level: 50%)
file5.253.40.118
Unknown malware botnet C2 server (confidence level: 50%)
file172.94.9.228
Remcos botnet C2 server (confidence level: 100%)
file192.169.69.25
Nanocore RAT botnet C2 server (confidence level: 100%)
file45.142.182.80
Mirai botnet C2 server (confidence level: 100%)
file1.14.96.69
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.138.119.180
Cobalt Strike botnet C2 server (confidence level: 100%)
file93.71.184.63
AsyncRAT botnet C2 server (confidence level: 50%)
file85.209.11.243
SectopRAT botnet C2 server (confidence level: 50%)
file154.53.42.53
AsyncRAT botnet C2 server (confidence level: 50%)
file156.248.54.11
Unknown malware botnet C2 server (confidence level: 100%)
file216.224.125.193
Unknown malware botnet C2 server (confidence level: 100%)
file38.181.20.8
KrBanker botnet C2 server (confidence level: 100%)
file27.124.46.73
KrBanker botnet C2 server (confidence level: 100%)
file109.172.112.246
Stealc botnet C2 server (confidence level: 100%)
file185.172.128.111
Stealc botnet C2 server (confidence level: 100%)
file94.156.8.104
CloudEyE payload delivery server (confidence level: 100%)
file94.156.128.246
Venom RAT botnet C2 server (confidence level: 100%)
file101.99.92.10
Unknown malware botnet C2 server (confidence level: 100%)
file118.31.116.9
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.136.43.49
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.35.198.25
Cobalt Strike botnet C2 server (confidence level: 100%)
file111.229.35.119
Cobalt Strike botnet C2 server (confidence level: 100%)
file111.229.35.119
Cobalt Strike botnet C2 server (confidence level: 100%)
file111.229.200.233
Cobalt Strike botnet C2 server (confidence level: 100%)
file114.132.245.246
Cobalt Strike botnet C2 server (confidence level: 100%)
file119.91.218.68
Cobalt Strike botnet C2 server (confidence level: 100%)
file122.51.89.45
Cobalt Strike botnet C2 server (confidence level: 100%)
file123.206.115.56
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.222.15.103
Cobalt Strike botnet C2 server (confidence level: 100%)
file150.158.54.83
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.130.29.62
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.130.66.214
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.134.92.24
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.137.76.34
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.141.166.236
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.141.166.236
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.98.43.192
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.100.109.229
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.104.28.176
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.92.151.17
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.120.17.76
Cobalt Strike botnet C2 server (confidence level: 100%)
file123.57.172.34
Cobalt Strike botnet C2 server (confidence level: 100%)
file1.94.52.236
Cobalt Strike botnet C2 server (confidence level: 100%)
file1.94.66.120
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.236.28.67
Cobalt Strike botnet C2 server (confidence level: 100%)
file134.209.27.35
Cobalt Strike botnet C2 server (confidence level: 100%)
file152.42.244.175
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.227.137.122
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.227.137.122
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.157.90.6
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.156.166.78
Cobalt Strike botnet C2 server (confidence level: 100%)
file65.20.85.214
Cobalt Strike botnet C2 server (confidence level: 100%)
file167.179.76.158
Cobalt Strike botnet C2 server (confidence level: 100%)
file104.214.168.71
Cobalt Strike botnet C2 server (confidence level: 100%)
file3.0.50.245
Cobalt Strike botnet C2 server (confidence level: 100%)
file3.9.188.172
Cobalt Strike botnet C2 server (confidence level: 100%)
file3.132.209.99
Cobalt Strike botnet C2 server (confidence level: 100%)
file3.132.209.99
Cobalt Strike botnet C2 server (confidence level: 100%)
file18.132.148.106
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.169.69.26
Nanocore RAT botnet C2 server (confidence level: 100%)
file154.12.23.153
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.201.83.203
Cobalt Strike botnet C2 server (confidence level: 100%)
file3.86.13.34
Cobalt Strike botnet C2 server (confidence level: 100%)
file54.145.84.81
Cobalt Strike botnet C2 server (confidence level: 100%)
file18.232.156.244
Cobalt Strike botnet C2 server (confidence level: 100%)
file44.221.39.41
Cobalt Strike botnet C2 server (confidence level: 100%)
file116.196.82.90
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.15.156.173
Venom RAT botnet C2 server (confidence level: 100%)
file94.154.172.83
Unknown malware botnet C2 server (confidence level: 100%)
file94.156.65.26
AsyncRAT botnet C2 server (confidence level: 100%)
file94.156.65.26
AsyncRAT botnet C2 server (confidence level: 100%)
file46.246.14.22
AsyncRAT botnet C2 server (confidence level: 100%)
file88.229.18.221
AsyncRAT botnet C2 server (confidence level: 100%)
file88.229.18.221
AsyncRAT botnet C2 server (confidence level: 100%)
file142.202.191.162
AsyncRAT botnet C2 server (confidence level: 100%)
file184.174.96.94
AsyncRAT botnet C2 server (confidence level: 100%)
file184.174.96.94
AsyncRAT botnet C2 server (confidence level: 100%)
file184.174.96.94
AsyncRAT botnet C2 server (confidence level: 100%)
file184.174.96.94
AsyncRAT botnet C2 server (confidence level: 100%)
file184.174.96.94
AsyncRAT botnet C2 server (confidence level: 100%)
file207.32.219.85
AsyncRAT botnet C2 server (confidence level: 100%)
file173.249.52.60
Venom RAT botnet C2 server (confidence level: 100%)
file222.239.35.173
Venom RAT botnet C2 server (confidence level: 100%)
file91.132.49.90
DarkComet botnet C2 server (confidence level: 100%)
file141.11.93.161
DarkComet botnet C2 server (confidence level: 100%)
file141.11.93.161
DarkComet botnet C2 server (confidence level: 100%)
file187.135.138.133
DarkComet botnet C2 server (confidence level: 100%)
file187.135.138.133
DarkComet botnet C2 server (confidence level: 100%)
file187.135.138.133
DarkComet botnet C2 server (confidence level: 100%)
file187.135.138.133
DarkComet botnet C2 server (confidence level: 100%)
file187.135.138.133
DarkComet botnet C2 server (confidence level: 100%)
file187.135.138.133
DarkComet botnet C2 server (confidence level: 100%)
file187.135.138.133
DarkComet botnet C2 server (confidence level: 100%)
file175.137.217.128
Quasar RAT botnet C2 server (confidence level: 100%)
file177.102.67.107
Quasar RAT botnet C2 server (confidence level: 100%)
file191.82.222.55
Quasar RAT botnet C2 server (confidence level: 100%)
file202.47.118.167
Quasar RAT botnet C2 server (confidence level: 100%)
file38.180.25.208
DCRat botnet C2 server (confidence level: 100%)
file137.175.77.94
DCRat botnet C2 server (confidence level: 100%)
file149.88.82.88
DCRat botnet C2 server (confidence level: 100%)
file51.195.211.231
Unknown malware botnet C2 server (confidence level: 100%)
file212.46.38.250
IcedID botnet C2 server (confidence level: 75%)
file94.232.45.77
IcedID botnet C2 server (confidence level: 60%)
file159.89.124.149
IcedID botnet C2 server (confidence level: 60%)
file159.89.124.149
IcedID botnet C2 server (confidence level: 60%)
file185.196.9.172
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.196.9.172
Cobalt Strike botnet C2 server (confidence level: 100%)
file116.203.167.106
Vidar botnet C2 server (confidence level: 100%)
file95.217.246.168
Vidar botnet C2 server (confidence level: 100%)
file78.47.186.226
Vidar botnet C2 server (confidence level: 100%)
file78.47.14.240
Vidar botnet C2 server (confidence level: 100%)
file37.27.11.177
Vidar botnet C2 server (confidence level: 100%)
file116.203.0.165
Vidar botnet C2 server (confidence level: 100%)
file37.27.11.209
Cobalt Strike botnet C2 server (confidence level: 100%)
file37.27.45.203
Cobalt Strike botnet C2 server (confidence level: 100%)
file88.214.27.89
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.104.181.135
Cobalt Strike botnet C2 server (confidence level: 100%)
file213.199.35.149
Brute Ratel C4 botnet C2 server (confidence level: 50%)
file51.15.249.226
Havoc botnet C2 server (confidence level: 50%)
file147.45.79.42
Havoc botnet C2 server (confidence level: 50%)
file147.78.103.182
Havoc botnet C2 server (confidence level: 50%)
file34.210.168.103
Havoc botnet C2 server (confidence level: 50%)
file95.217.210.118
Havoc botnet C2 server (confidence level: 50%)
file49.233.206.56
Unknown malware botnet C2 server (confidence level: 50%)
file94.232.41.106
IcedID botnet C2 server (confidence level: 75%)
file139.159.241.73
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.120.17.76
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.216.117.157
Cobalt Strike botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash18418
RedLine Stealer botnet C2 server (confidence level: 100%)
hash1994
NjRAT botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash18888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5432
Sliver botnet C2 server (confidence level: 50%)
hash55556
Sliver botnet C2 server (confidence level: 50%)
hash7443
Unknown malware botnet C2 server (confidence level: 50%)
hash7443
Unknown malware botnet C2 server (confidence level: 50%)
hash20037
BianLian botnet C2 server (confidence level: 50%)
hash443
BianLian botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash54183
pupy botnet C2 server (confidence level: 50%)
hash4859
DCRat botnet C2 server (confidence level: 50%)
hash2088
Unknown malware botnet C2 server (confidence level: 50%)
hash2088
Unknown malware botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash80
Meduza Stealer botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash80
Unknown malware botnet C2 server (confidence level: 50%)
hash80
Unknown malware botnet C2 server (confidence level: 50%)
hash80
Unknown malware botnet C2 server (confidence level: 50%)
hash80
Unknown malware botnet C2 server (confidence level: 50%)
hash3980
Remcos botnet C2 server (confidence level: 100%)
hash5654
Nanocore RAT botnet C2 server (confidence level: 100%)
hash5900
Mirai botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 50%)
hash15647
SectopRAT botnet C2 server (confidence level: 50%)
hash8448
AsyncRAT botnet C2 server (confidence level: 50%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash9227
KrBanker botnet C2 server (confidence level: 100%)
hash9817
KrBanker botnet C2 server (confidence level: 100%)
hash80
Stealc botnet C2 server (confidence level: 100%)
hash80
Stealc botnet C2 server (confidence level: 100%)
hash80
CloudEyE payload delivery server (confidence level: 100%)
hash3323
Venom RAT botnet C2 server (confidence level: 100%)
hash13500
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash3333
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash6667
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash7500
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash10001
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash10001
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash7777
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash3306
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash7654
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash7719
Nanocore RAT botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Venom RAT botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash6006
AsyncRAT botnet C2 server (confidence level: 100%)
hash7777
AsyncRAT botnet C2 server (confidence level: 100%)
hash2000
AsyncRAT botnet C2 server (confidence level: 100%)
hash888
AsyncRAT botnet C2 server (confidence level: 100%)
hash20000
AsyncRAT botnet C2 server (confidence level: 100%)
hash222
AsyncRAT botnet C2 server (confidence level: 100%)
hash8888
AsyncRAT botnet C2 server (confidence level: 100%)
hash9999
AsyncRAT botnet C2 server (confidence level: 100%)
hash2222
AsyncRAT botnet C2 server (confidence level: 100%)
hash4444
AsyncRAT botnet C2 server (confidence level: 100%)
hash5555
AsyncRAT botnet C2 server (confidence level: 100%)
hash8888
AsyncRAT botnet C2 server (confidence level: 100%)
hash6000
Venom RAT botnet C2 server (confidence level: 100%)
hashc7735b309f6543439e447def8351d7238f7c9d58
Coinminer payload (confidence level: 95%)
hash00f5cb420d8caf253b67e22714104ce1fb2d75341286c6e3ff31f527e7e5f5eb
Coinminer payload (confidence level: 95%)
hash3b43da1be0c39802b78f6b2c55c4d7e6
Coinminer payload (confidence level: 95%)
hashc3185c6a5e5f07a5befbe4af7131d05634f5d1a3
Agent Tesla payload (confidence level: 95%)
hash1a794211deaa0ecb6abc6101d7c1bd61111b4dd2d895ee7ecf78fbf17f4c9ab3
Agent Tesla payload (confidence level: 95%)
hash5a12438b3b4c926c12a9376c7bf13426
Agent Tesla payload (confidence level: 95%)
hash11de68dc07c94d552afaca0e3d9d5950ced39b3a
AsyncRAT payload (confidence level: 95%)
hash9cb9f9145a6ee0e02edeb9bc4def3214418342fe7e3a130ba8511a1c8ed77fcd
AsyncRAT payload (confidence level: 95%)
hash76935bfc6a1783ae507f5af7bb7a5691
AsyncRAT payload (confidence level: 95%)
hash9ac38a6f5a9e77b724f4df58ad54ac5d90183e15
Stealc payload (confidence level: 95%)
hash1c3448b78546786cd23b0642700e6c05b49c786f1bbf2f14c60cfff2b378736f
Stealc payload (confidence level: 95%)
hashca4c78e5b146a4eddfcde39610ff1943
Stealc payload (confidence level: 95%)
hashb1594033fa6e0377ccaea80d1556459128c61a13
RedLine Stealer payload (confidence level: 95%)
hash3b6c00f64a1d047dfbed967d4fe8f320f4e4de9421a82d94dcb3eba07f23d939
RedLine Stealer payload (confidence level: 95%)
hashee4e08febd22e594c7bcb70ea1b0252a
RedLine Stealer payload (confidence level: 95%)
hash07981693f5b38fa99a88aca0e13ba5b6022b1465
Agent Tesla payload (confidence level: 95%)
hashe62255f98543e0bb1abf017af13fd483e1382158021b7edde65fa55c1ad290cf
Agent Tesla payload (confidence level: 95%)
hashdf0a67f2a0c162c5a5dee0a8fcd8ab22
Agent Tesla payload (confidence level: 95%)
hashfa827d6b4f9c94dd137fc24b201259a4c8293913
Stealc payload (confidence level: 95%)
hash5f302f2c568cfc3bef4f7690b84d15dd58caace21a60f76d807e909ff8f81e5e
Stealc payload (confidence level: 95%)
hashae73eb4cbe39e4a9e28a367331329a12
Stealc payload (confidence level: 95%)
hash259d54f92d825925cf87c9057d5d0c47a0c50bfb
Formbook payload (confidence level: 95%)
hash270da7ba03177d793879ddc0272e94a0003e9327298879463693f7b78f199e28
Formbook payload (confidence level: 95%)
hash4498a75f6f27e3e03a0b14ba933c0a06
Formbook payload (confidence level: 95%)
hash323197c988bc794e3a6314fce81dc20c48d234ee
Agent Tesla payload (confidence level: 95%)
hash13129eaaaee8200a17214e947f0e984d10050e79c2cd5a963d7ada54ce3aa0a8
Agent Tesla payload (confidence level: 95%)
hashb4306234a3b45c69df6a6a7cecd6070c
Agent Tesla payload (confidence level: 95%)
hash90e72afbb1eed4c0f20fbc8a7ef5e3069ece0eef
Agent Tesla payload (confidence level: 95%)
hashc159014c79f8dc4d7888b0c092286f9b47fb2b1497dfbfa7c0620d78257127e2
Agent Tesla payload (confidence level: 95%)
hashd88a9970ec7a11ade4a6dfc3d8150496
Agent Tesla payload (confidence level: 95%)
hash45122f3c46fb3400cc6710a830a259da54b07298
Agent Tesla payload (confidence level: 95%)
hashc10f8bc18521b4c90063ae5fc1e0e95e40ed35be3758d90f597d7cc1e3853ade
Agent Tesla payload (confidence level: 95%)
hash28da32c1cf8ead709f4888f84a697c28
Agent Tesla payload (confidence level: 95%)
hash90a923d3c504672057fbdc3fbf42c3be8db5fd8c
troystealer payload (confidence level: 95%)
hashbe630b379514bcea2ea2bb6285c966812b818b49c345ff5ce2ee2e714543f5dd
troystealer payload (confidence level: 95%)
hash661c97c107efc1d69510c2c4ea7aad09
troystealer payload (confidence level: 95%)
hash8c94b577b260a9a1606af373ee25ab65478d797d
Stealc payload (confidence level: 95%)
hash1c6bb4115d8b51391fd600bc70d88a8e9cc9e6406cd7f626087ff4cead341784
Stealc payload (confidence level: 95%)
hash6781c522f3390cc4947959d168e61bbc
Stealc payload (confidence level: 95%)
hashfd3e06212f9da365c2106dcd808caf291ccb3a2a
Agent Tesla payload (confidence level: 95%)
hash470e7bcb766a436b50d28e362621b59467b6e6aa4146b467f4175a8b5c9eaa04
Agent Tesla payload (confidence level: 95%)
hash8db4915ba4e6bb27cb249554a18a9f4c
Agent Tesla payload (confidence level: 95%)
hash88cf7eaf5db9a625a4fd922afe4c851abdd86b0b
Stealc payload (confidence level: 95%)
hash132d0526eda9bdadbb2b402d44738d4fc91255556325b6a1991e053d1710fcce
Stealc payload (confidence level: 95%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash96b085b3f6ee7441236cee54161309d0
Stealc payload (confidence level: 95%)
hash58aaee87a639eaff32999cfe02e34063edf9b0fb
Stealc payload (confidence level: 95%)
hasha637cb5b10bcdf7d7f77c408b3e81af8f006f9e506c5fd47ef28cea8d8f7f1d3
Stealc payload (confidence level: 95%)
hash1fb40e73578701cc0fa99a9e1fd840d4
Stealc payload (confidence level: 95%)
hasha9b9c8f3121cb128882d3e59b7ba2b045ce0792f
Agent Tesla payload (confidence level: 95%)
hashcd3e530bfaf604d4e59e78d8d8761ab63f0d3d57beff38c1f4802993226af6bb
Agent Tesla payload (confidence level: 95%)
hashf78fac7fbb75ddcc67dd7cb5b6b6ea97
Agent Tesla payload (confidence level: 95%)
hashacf58b4eb3f0ffda9a2cd91def583422a11ed873
Formbook payload (confidence level: 95%)
hashcbda8606094d0493370b0f219edaba9be92444967aa9259d3e9323314dca2daa
Formbook payload (confidence level: 95%)
hashd797aae1eaf481e9c887482192b84109
Formbook payload (confidence level: 95%)
hash1fc141512c6a2a4715fd533d0adc1d8ce3c7842f
Agent Tesla payload (confidence level: 95%)
hashea9deb59fc6309ddda6806eb4f7ce780eb54f1b0b7eca72b366bc8f110c5222a
Agent Tesla payload (confidence level: 95%)
hashbaf61e5dbe33cf47ad6ddc4076a07af9
Agent Tesla payload (confidence level: 95%)
hash06da1381d9aaa978ace25c409a59c3d6560975c0
Agent Tesla payload (confidence level: 95%)
hasha6cd55461ca16e33b153c509417d91eec660cc6d447764c9a312a0ad871ca9c5
Agent Tesla payload (confidence level: 95%)
hash872fc876d25908a93236dcf98e09e3de
Agent Tesla payload (confidence level: 95%)
hash151c7c81a8f1e9dd889eef12e8c4ca6749495dac
Agent Tesla payload (confidence level: 95%)
hashb09a0b160629c46cd40123518cf4beed875c630f8836e2fea5d894c43fd58093
Agent Tesla payload (confidence level: 95%)
hash840cbf490ce0600e1057f72949a37c73
Agent Tesla payload (confidence level: 95%)
hashe6b87808a2a2b26bcda776e971e442598402b2bd
Agent Tesla payload (confidence level: 95%)
hash386af47105d3e905ab5c1327fa634dd38e8af6d29f380cfbf0546549734d22f9
Agent Tesla payload (confidence level: 95%)
hashf564f9251bd76e796906aebb35ae478a
Agent Tesla payload (confidence level: 95%)
hasha42eb4e6084ac91d1fad3ef9fe01d8d3e9db0c26
Agent Tesla payload (confidence level: 95%)
hash37109eb42fff729d1786ca4b676167f7acaa918a4abaf3bb465cfed6efa2b134
Agent Tesla payload (confidence level: 95%)
hashed1e2fd68e9de44ea4e01c7897f64411
Agent Tesla payload (confidence level: 95%)
hashf516c24f73d9448263a4b3f12145d05ab2019c07
Formbook payload (confidence level: 95%)
hash7176ddc82577be37240e7842e497ed7a16af40ff27cf8db62439422f93994c47
Formbook payload (confidence level: 95%)
hashc93c9f74b4f78e098f297fd4dafff423
Formbook payload (confidence level: 95%)
hash7556260b8e59cea8f9048cf793f7c52ce75fff85
Stealc payload (confidence level: 95%)
hash6b260c2a031fee21a1796091021415225b006baa888bfa2a37c3f79ca86ca9c8
Stealc payload (confidence level: 95%)
hash814d30fd5617213cc9765f05bf823181
Stealc payload (confidence level: 95%)
hashfe33bb099ec660d4cc2607a34bcf55c92c5dc0f8
CMSBrute payload (confidence level: 95%)
hasha50139923127672a8083b6d24b45e102e358aa0fcb8b558a85386cf9892605aa
CMSBrute payload (confidence level: 95%)
hash46d004a90bfc51d6447a0661f440e7a5
CMSBrute payload (confidence level: 95%)
hashd5c94559655c5fc5bc552fce62aad8673731a3bb
Remcos payload (confidence level: 95%)
hash8059dc704b71f1a978547729e4afdf62f0c834950758ca8bb6a25fa6fca0b03d
Remcos payload (confidence level: 95%)
hashdbe4440d32dc0b20dee76c192587ab33
Remcos payload (confidence level: 95%)
hash07e615132ef78e827047ffc4cc6c9d44f5a976fd
BlackMatter payload (confidence level: 95%)
hashf2198deecddd5ae56620b594b6b20bf8a20f9c983d4c60144bc6007a53087ce4
BlackMatter payload (confidence level: 95%)
hash407ea767aa26ae13f9ff20d0999c8dda
BlackMatter payload (confidence level: 95%)
hashf5b69f4b0ec8cd0a4b7bab26a0de167c8cc535cd
Agent Tesla payload (confidence level: 95%)
hash7fd14673f73717b024728ae4248be0a1579f480a261c4f4d94742f230a01cb47
Agent Tesla payload (confidence level: 95%)
hash7a6e9d01d9162c7537ba8091187e4235
Agent Tesla payload (confidence level: 95%)
hash78e95fabcfe8ef7bb6419f8456deccc3d5fa4c23
BlackMatter payload (confidence level: 95%)
hash41e187191625d749b89a11bc04fc0b2a3b9bd638035d05b39365c47ab36d1898
BlackMatter payload (confidence level: 95%)
hash6fd558cf3add096970e15d1e62ca1957
BlackMatter payload (confidence level: 95%)
hash2a4a33b87804665b4efcc395f83f7c2c41b0b3d7
Cobalt Strike payload (confidence level: 95%)
hash7e6660995d4046f42d7810c4a83d0cac121f9d2a977a69337ad022b50a255852
Cobalt Strike payload (confidence level: 95%)
hash2604da714120c51aa0d1cbb9208cd2f2
Cobalt Strike payload (confidence level: 95%)
hash6651afec36ec273a284886892bb22050c3f9931e
Formbook payload (confidence level: 95%)
hashb48a14f185cfd77e01733db2837277db8f47d04f77e6ac7093f0a88927a115fc
Formbook payload (confidence level: 95%)
hash280ae1955701d5f84f59ef9f5b8c7412
Formbook payload (confidence level: 95%)
hash72de1f4263613095b85b3c33922cd67a3d94cd7d
Agent Tesla payload (confidence level: 95%)
hashcdc6416614ef3f4b401aff0d519668cd08f7c99f4ebf7c7392ba67193b2c0fea
Agent Tesla payload (confidence level: 95%)
hash5ea66f46264b909eacc61b8648278e24
Agent Tesla payload (confidence level: 95%)
hashe9fb6ff7cd47ec7b08391f4c1ecc1e684bf28ff7
Remcos payload (confidence level: 95%)
hash39e37a6736984b617a47818ffdbd202199c75f769821d4939f1d61dff621098d
Remcos payload (confidence level: 95%)
hashedeb34f392872f3c9e220bc9dcf9ba86
Remcos payload (confidence level: 95%)
hashb7e082069f682b7e35325e53f204d7216573e1e5
Formbook payload (confidence level: 95%)
hashe20de80a71ce98da7d15176e36f66326ca635c42726f29e87ed0c4b01d2937e7
Formbook payload (confidence level: 95%)
hasha20e41f9774504d4bace9a2a8a7989c6
Formbook payload (confidence level: 95%)
hashe02dc74baae821c91f12c890db595f9b08db418c
Agent Tesla payload (confidence level: 95%)
hash3c54f1e2d58d392a6bcd2e6c836d1479888e3c334b8e6f5511a65bc1506681fb
Agent Tesla payload (confidence level: 95%)
hash4e62c4b92779d99998cd908a0966bf7d
Agent Tesla payload (confidence level: 95%)
hash66669dc3f7e70675b52b5c6293f4365026da17b9
Formbook payload (confidence level: 95%)
hashc6f1edef594e1e06a4d16cc58539d4e50ccc5799a675c42291d81fcc567c9d30
Formbook payload (confidence level: 95%)
hashe7c340f6eab299b03ba3ffd6760268f9
Formbook payload (confidence level: 95%)
hash51a936428711d9bd1307ffd3e75436a0e4568eb2
troystealer payload (confidence level: 95%)
hasha411f79466c5b91feae82cddf2cff3cd20130cec9955bf5003f0ce1febd5143f
troystealer payload (confidence level: 95%)
hashc49a9a589af8da0d09c69670b2579ab9
troystealer payload (confidence level: 95%)
hash325092e21e3089979756be19047c44bc4d036dc6
Luca Stealer payload (confidence level: 95%)
hashba7b9fc2750021800299ae2473acdcc6f5bf93e391bebe5da3cd7959904980ff
Luca Stealer payload (confidence level: 95%)
hash7f26737f63fcd5b7e2695f438e341075
Luca Stealer payload (confidence level: 95%)
hashaa70b6be5f6e35655d0a5e25c450b47f4a23ffd0
DCRat payload (confidence level: 95%)
hashd0be212a60bf7479492be23497cf0e933b8c6fda4e68b0d9724c7dc18e30fa37
DCRat payload (confidence level: 95%)
hash10f54a1a68bce057dc9abbc2851a6235
DCRat payload (confidence level: 95%)
hash15c3785700d10e32ce7e17d706194dd9baa8442a
Loki Password Stealer (PWS) payload (confidence level: 95%)
hash6fd2687a66899aa63357f7434a418b2bd873eebda9520129b20fd3e7e889ced1
Loki Password Stealer (PWS) payload (confidence level: 95%)
hash4b905e6548f4d5040fab8962cb71877e
Loki Password Stealer (PWS) payload (confidence level: 95%)
hash7bca83400323c71ee5bd1d655004a4a762e1c71b
Loki Password Stealer (PWS) payload (confidence level: 95%)
hash857fd5543f14e01ea3b08d3aca6ee6763042a48d7b04c9f035a4a37a4d2e0039
Loki Password Stealer (PWS) payload (confidence level: 95%)
hash8bdfe306f813ba1a65ecf6e1da4085c1
Loki Password Stealer (PWS) payload (confidence level: 95%)
hash7fbacdb27457829215cd182eab0a4e4bb4379648
RedLine Stealer payload (confidence level: 95%)
hashd5038b0adfdfc36c23dbaafd982bb50bb0e9fc10838e731e10d182d91b28d970
RedLine Stealer payload (confidence level: 95%)
hash1544dbca0efc2c0105dd7d52a21a8891
RedLine Stealer payload (confidence level: 95%)
hash649f59eae10939df994db941aabc1fb78f6a0aae
DCRat payload (confidence level: 95%)
hasha7026eb135336fc541bb8cf376de89754873bfe36cba3098fbd6bdfb8c22a89d
DCRat payload (confidence level: 95%)
hash19d8a91e9b3652cfc0bb5165e5c3ff52
DCRat payload (confidence level: 95%)
hash4053dc85bb86c47c63f96681d6a62c21cd6342a3
Troldesh payload (confidence level: 95%)
hash1625ac230aa5ca950573f3ba0b1a7bd4c7fbd3e3686f9ecd4a40f1504bf33a11
Troldesh payload (confidence level: 95%)
hash74143402c40ac2e61e9f040a2d7e2d00
Troldesh payload (confidence level: 95%)
hash3e6c00c0d6d443741216b79e7f500d927b4cb60a
Quasar RAT payload (confidence level: 95%)
hash451f300d14014ed0d89f00dde44295272d1672507a449a6106dc450493baa52e
Quasar RAT payload (confidence level: 95%)
hash10fb9b71859bfc7ae5aff462a88ade70
Quasar RAT payload (confidence level: 95%)
hash3d98fff19ff36e1bb307e885bc22bf7d2e84e941
Stealc payload (confidence level: 95%)
hashc33bc714fc0af2273157acd48be009b787742f2711fd6d5f81fc0c85a54a4e41
Stealc payload (confidence level: 95%)
hashf9f0b2b6c628789336ab905f82269982
Stealc payload (confidence level: 95%)
hash6f3e611fc7d7d5938b99575bcd96366d6e213eab
Remcos payload (confidence level: 95%)
hash76dbfa281b158a18c83d08a907f087b7330da28bdd2298eb9ee2f23c1df40491
Remcos payload (confidence level: 95%)
hash1c089552c29f12843d8cd8e2bbf5cf5b
Remcos payload (confidence level: 95%)
hasha46482db507cf67307880919b85dc2187d2a2512
troystealer payload (confidence level: 95%)
hash026387aa4411dac1107e403fb44fa90c5a34ec5ab0068af13e3f8f9f0b0f46cd
troystealer payload (confidence level: 95%)
hash6795efba98699a0cae3c4f729b83ace9
troystealer payload (confidence level: 95%)
hashef00c39a62b2b5cc4ccd2fea63c0dfa8aadb85c2
troystealer payload (confidence level: 95%)
hashd0295c334677da7ca28746b3feff2e82320314322d99af837090c4e87b362479
troystealer payload (confidence level: 95%)
hashcc800aee4d8f6b42601be444e284354e
troystealer payload (confidence level: 95%)
hash6e37c47f6252c55b274a9b16c266861055986a26
DBatLoader payload (confidence level: 95%)
hashfce48ed70e8f1e2259e2b5e471e5c10e0a37223db8cd251c900669d5deb86740
DBatLoader payload (confidence level: 95%)
hash8342a62cbd21058faf999a350267b4f9
DBatLoader payload (confidence level: 95%)
hash46072b07bfa96583ed03149a04411cbcf04eadf9
SigLoader payload (confidence level: 95%)
hash6b2874507fc8b7782d11f202840850ba6edd8befbb8c163c4d53775fb8d20603
SigLoader payload (confidence level: 95%)
hash4621fea50e1982e6f753efe7d1be2b35
SigLoader payload (confidence level: 95%)
hashe2a9534e65f2ae33df71b136cfef600eab4f3627
DarkCloud Stealer payload (confidence level: 95%)
hash0c0d782dac4f8afdf63e33666febfe1aea6605c1a64ae532a8b84d2d315b176b
DarkCloud Stealer payload (confidence level: 95%)
hash982f1903db530be43b0d0fc4ce976e8e
DarkCloud Stealer payload (confidence level: 95%)
hashf78e99d234fada2af2a61ed5b3095aeb1be16247
Luca Stealer payload (confidence level: 95%)
hash6501a306d8930d9e9504ab23bc393eaef11b2a9ec1098037d07842431ec35c92
Luca Stealer payload (confidence level: 95%)
hash93115e1730da5003243c419c7d841ca3
Luca Stealer payload (confidence level: 95%)
hash4ae3d13959acd0d263f115c9ebab24ffef4aec9e
troystealer payload (confidence level: 95%)
hash96b0bc34b0b56a08f072fa86b980bc99ed38403dfd37e0c2c87e691c5c87ac9b
troystealer payload (confidence level: 95%)
hash565aa174e2e5cbae5811f5ed0f1d5e70
troystealer payload (confidence level: 95%)
hash9e8384e96c6542eaf091cec68c351b8bde8d1b96
GCleaner payload (confidence level: 95%)
hash42e35e59355e78dc581115d24babd4424422efacfdb6710395c27e84243959df
GCleaner payload (confidence level: 95%)
hashc27c3107bb20803c3f5d8eab7258bb48
GCleaner payload (confidence level: 95%)
hash0c6c645322b236944142fdffacbb610906177ee3
Luca Stealer payload (confidence level: 95%)
hash1b17680574d595b6211da1ca0664113f78cfb0e678c209dd61664d0f99841942
Luca Stealer payload (confidence level: 95%)
hashc91f9c9ffa73cd9d586d34f73beee0cd
Luca Stealer payload (confidence level: 95%)
hash87c1d51cea91b80dd236b1f2ef12d78867ece1ca
Bitter RAT payload (confidence level: 95%)
hashdcdae583da8a1b01a8ad0caef6a7f6f3b6f1eb6dd3298ac7d904200f52712446
Bitter RAT payload (confidence level: 95%)
hasha51493ca2948491e60759223c3be8502
Bitter RAT payload (confidence level: 95%)
hash81
DarkComet botnet C2 server (confidence level: 100%)
hash80
DarkComet botnet C2 server (confidence level: 100%)
hash443
DarkComet botnet C2 server (confidence level: 100%)
hash2052
DarkComet botnet C2 server (confidence level: 100%)
hash2053
DarkComet botnet C2 server (confidence level: 100%)
hash2079
DarkComet botnet C2 server (confidence level: 100%)
hash2080
DarkComet botnet C2 server (confidence level: 100%)
hash2086
DarkComet botnet C2 server (confidence level: 100%)
hash2095
DarkComet botnet C2 server (confidence level: 100%)
hash2222
DarkComet botnet C2 server (confidence level: 100%)
hash9876
Quasar RAT botnet C2 server (confidence level: 100%)
hash5000
Quasar RAT botnet C2 server (confidence level: 100%)
hash2000
Quasar RAT botnet C2 server (confidence level: 100%)
hash80
Quasar RAT botnet C2 server (confidence level: 100%)
hash8000
DCRat botnet C2 server (confidence level: 100%)
hash8848
DCRat botnet C2 server (confidence level: 100%)
hash8888
DCRat botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash443
IcedID botnet C2 server (confidence level: 75%)
hash8085
IcedID botnet C2 server (confidence level: 60%)
hash8084
IcedID botnet C2 server (confidence level: 60%)
hash8085
IcedID botnet C2 server (confidence level: 60%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2096
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5432
Vidar botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash8023
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash80
Havoc botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash443
IcedID botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttp://45.77.223.48/~blog/?ajax=a
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://85.203.42.194/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://taketa.top/javascriptpollmultigeneratordatalife.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://39.105.191.1:18888/lt8e
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://www.theertyuiergthjk.homes/s8o3/
Formbook botnet C2 (confidence level: 100%)
urlhttps://pronethellas.com/dezx/oblqlsgpaa72.bin
CloudEyE payload delivery URL (confidence level: 100%)
urlhttps://1.14.96.69/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://8.138.119.180/owa/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://109.172.112.246/f993692117a3fda2.php
Stealc botnet C2 (confidence level: 100%)
urlhttp://nitio.com/koo1/decipher.csv
CloudEyE payload delivery URL (confidence level: 100%)
urlhttp://nitio.com/koo/kpyqgtbbzswvoy6.bin
CloudEyE payload delivery URL (confidence level: 100%)
urlhttp://nitio.com/k1/fdoimu226.bin
CloudEyE payload delivery URL (confidence level: 100%)
urlhttp://nitio.com/k2/unconscientiousness.jpb
CloudEyE payload delivery URL (confidence level: 100%)
urlhttp://94.156.8.104/yftql16.bin
CloudEyE payload delivery URL (confidence level: 100%)
urlhttp://38.147.170.150:5555/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://118.31.116.9/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://111.230.98.22:7777/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.139.205.56/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://8.138.119.180:8080/owa/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://38.147.170.150:8443/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://60.205.115.92:8011/ptj
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://209.222.0.68/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.130.252.161:8888/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://111.230.98.22/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://185.229.237.201/metro91/admin/1/ppptp.jpg
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.113.150.236:7777/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.136.43.49/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://119.91.218.68/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://122.51.89.45/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://8.130.29.62/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.92.151.17/lib/v2/wcp-consent.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://service-qyygkf1k-1307679590.gz.tencentapigw.com.cn/api/getit
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.236.28.67/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://134.209.27.35/oscp/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://192.227.137.122/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.157.90.6/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://65.20.85.214/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://mail.metadate.services/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://ao2gmabl4c.execute-api.us-east-1.amazonaws.com/api/search/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://ns1.anonymouskids.uk/image/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://www.nickelviper.com/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://154.12.23.153/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://154.201.83.203/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://3.86.13.34/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://116.203.167.106:5432/
Vidar botnet C2 (confidence level: 100%)
urlhttps://95.217.246.168/
Vidar botnet C2 (confidence level: 100%)
urlhttps://78.47.186.226/
Vidar botnet C2 (confidence level: 100%)
urlhttps://78.47.14.240/
Vidar botnet C2 (confidence level: 100%)
urlhttps://37.27.11.177/
Vidar botnet C2 (confidence level: 100%)
urlhttps://116.203.0.165/
Vidar botnet C2 (confidence level: 100%)
urlhttps://riptode.xyz/
Vidar botnet C2 (confidence level: 100%)
urlhttps://oktes.xyz/
Vidar botnet C2 (confidence level: 100%)
urlhttps://hypaton.xyz/
Vidar botnet C2 (confidence level: 100%)
urlhttps://vances.xyz/
Vidar botnet C2 (confidence level: 100%)
urlhttps://meday.xyz/
Vidar botnet C2 (confidence level: 100%)
urlhttps://woo2tech.xyz/
Vidar botnet C2 (confidence level: 100%)
urlhttps://yestohe.xyz/
Vidar botnet C2 (confidence level: 100%)
urlhttps://vtlintro.xyz/
Vidar botnet C2 (confidence level: 100%)
urlhttp://185.104.181.135/zc
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://startmast.shop/live/
Unidentified 111 (Latrodectus) botnet C2 (confidence level: 100%)
urlhttp://146.19.106.236/neo.msi
Unidentified 111 (Latrodectus) payload delivery URL (confidence level: 100%)
urlhttp://ugandainarabic.com/wp-content/plugins/user-private-files/shared/
Unidentified 111 (Latrodectus) payload delivery URL (confidence level: 100%)
urlhttps://metrobasket.in/wp-content/plugins/share-private-files/shared/
Unidentified 111 (Latrodectus) payload delivery URL (confidence level: 100%)
urlhttps://2mo.com/wp-content/plugins/share-private-files/shared/
Unidentified 111 (Latrodectus) payload delivery URL (confidence level: 100%)
urlhttps://www.pujamosporti.com/wp-content/plugins/share-private-files/shared/
Unidentified 111 (Latrodectus) payload delivery URL (confidence level: 100%)
urlhttps://rjjewelpk.com/wp-content/plugins/share-private-files/shared/
Unidentified 111 (Latrodectus) payload delivery URL (confidence level: 100%)
urlhttps://saveutilitybills.com/wp-content/plugins/share-private-files/shared/
Unidentified 111 (Latrodectus) payload delivery URL (confidence level: 100%)
urlhttp://phs124168.com/wp-content/plugins/user-private-files/shared/
Unidentified 111 (Latrodectus) payload delivery URL (confidence level: 100%)
urlhttps://eco-villas.com/wp-content/plugins/share-private-files/shared/
Unidentified 111 (Latrodectus) payload delivery URL (confidence level: 100%)
urlhttps://stgmountainair.wpengine.com/wp-content/plugins/user-private-files/shared/
Unidentified 111 (Latrodectus) payload delivery URL (confidence level: 100%)
urlhttp://bissecci.org/wp-content/plugins/user-private-files/shared/
Unidentified 111 (Latrodectus) payload delivery URL (confidence level: 100%)
urlhttp://antvietnam.com/wp-content/plugins/user-private-files/shared/
Unidentified 111 (Latrodectus) payload delivery URL (confidence level: 100%)
urlhttp://cbg.divineunveil.com/wp-content/plugins/user-private-files/shared/
Unidentified 111 (Latrodectus) payload delivery URL (confidence level: 100%)
urlhttp://newsmedia247.site/wp-content/plugins/user-private-files/shared/
Unidentified 111 (Latrodectus) payload delivery URL (confidence level: 100%)
urlhttps://bigwing.algoitsolutions.co.uk/wp-content/plugins/share-private-files/shared/
Unidentified 111 (Latrodectus) payload delivery URL (confidence level: 100%)
urlhttps://139.159.241.73/industry_solutions/test
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.gfyl.fun/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://185.216.117.157/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)

Domain

ValueDescriptionCopy
domaincraftedfollowing.duckdns.org
Nanocore RAT botnet C2 domain (confidence level: 100%)
domainwww.theertyuiergthjk.homes
Formbook botnet C2 domain (confidence level: 100%)
domaintheertyuiergthjk.homes
Formbook botnet C2 domain (confidence level: 100%)
domainpronethellas.com
CloudEyE payload delivery domain (confidence level: 100%)
domainhm2.webcamcn.xyz
Unknown malware botnet C2 domain (confidence level: 100%)
domain156.248.54.11.webcamcn.xyz
Unknown malware botnet C2 domain (confidence level: 100%)
domainwebcamcn.xyz
Unknown malware botnet C2 domain (confidence level: 100%)
domainnitio.com
CloudEyE payload delivery domain (confidence level: 100%)
domaintampabayllc.top
Loki Password Stealer (PWS) botnet C2 domain (confidence level: 75%)
domainservice-qyygkf1k-1307679590.gz.tencentapigw.com.cn
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainmail.metadate.services
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainns1.anonymouskids.uk
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainsrothanhlong.vn
Mirai botnet C2 domain (confidence level: 100%)
domainwww.nickelviper.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainmoranhq.duckdns.org
Nanocore RAT botnet C2 domain (confidence level: 100%)
domainsol.ethvseos.nl
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainriptode.xyz
Vidar botnet C2 domain (confidence level: 100%)
domainoktes.xyz
Vidar botnet C2 domain (confidence level: 100%)
domainhypaton.xyz
Vidar botnet C2 domain (confidence level: 100%)
domainvances.xyz
Vidar botnet C2 domain (confidence level: 100%)
domainmeday.xyz
Vidar botnet C2 domain (confidence level: 100%)
domainwoo2tech.xyz
Vidar botnet C2 domain (confidence level: 100%)
domainyestohe.xyz
Vidar botnet C2 domain (confidence level: 100%)
domainvtlintro.xyz
Vidar botnet C2 domain (confidence level: 100%)
domainwww.gfyl.fun
Cobalt Strike botnet C2 domain (confidence level: 100%)

Threat ID: 682c7abbe3e6de8ceb7496fe

Added to database: 5/20/2025, 12:51:07 PM

Last enriched: 6/19/2025, 1:32:47 PM

Last updated: 8/15/2025, 8:27:13 AM

Views: 14

Related Threats

ThreatFox IOCs for 2025-08-15

Medium
MalwareSat Aug 16 2025

Threat Actor Profile: Interlock Ransomware

Medium
MalwareFri Aug 15 2025

'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan

Medium
MalwareFri Aug 15 2025

Kawabunga, Dude, You've Been Ransomed!

Medium
MalwareFri Aug 15 2025

ERMAC V3.0 Banking Trojan: Full Source Code Leak and Infrastructure Analysis

Medium
MalwareFri Aug 15 2025

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats