Skip to main content

ThreatFox IOCs for 2024-05-11

Medium
Published: Sat May 11 2024 (05/11/2024, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2024-05-11

AI-Powered Analysis

AILast updated: 06/19/2025, 13:04:00 UTC

Technical Analysis

The provided threat intelligence concerns a malware-related report titled "ThreatFox IOCs for 2024-05-11," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under the 'osint' product type, indicating it is primarily open-source intelligence focused. There are no specific affected software versions or products listed, and no direct technical details such as attack vectors, payloads, or vulnerabilities are provided. The threat level is indicated as 2 on an unspecified scale, with analysis level 1 and distribution level 3, suggesting moderate dissemination but limited detailed analysis. No known exploits in the wild have been reported, and no Common Weakness Enumerations (CWEs) or patch links are provided. The absence of indicators of compromise (IOCs) in the data limits the ability to perform detailed technical attribution or signature-based detection. The threat is tagged with 'type:osint' and 'tlp:white,' indicating the information is intended for broad sharing without restrictions. Overall, this appears to be a medium-severity malware-related intelligence update with limited technical detail, primarily serving as an alert or informational update rather than a detailed vulnerability or exploit report.

Potential Impact

Given the limited technical details and absence of specific affected products or versions, the potential impact on European organizations is difficult to quantify precisely. However, as a malware-related threat with a medium severity rating and moderate distribution level, it could pose risks to confidentiality, integrity, and availability if exploited. The lack of known exploits in the wild suggests that active attacks are not currently widespread, reducing immediate risk. Nevertheless, organizations relying on OSINT tools or monitoring ThreatFox feeds for threat intelligence should be aware of potential emerging threats. The impact could range from data exfiltration, system compromise, or disruption depending on the malware's capabilities once more details are available. European organizations in critical infrastructure, finance, and government sectors should remain vigilant due to their high-value targets and potential attractiveness to threat actors leveraging malware campaigns.

Mitigation Recommendations

1. Enhance monitoring of ThreatFox and other OSINT platforms to promptly identify updates or new indicators related to this threat. 2. Implement network and endpoint detection tools capable of behavioral analysis to detect unknown or emerging malware, given the lack of specific IOCs. 3. Conduct regular threat hunting exercises focusing on anomalous activities that could indicate malware presence, especially in sectors with high-value assets. 4. Maintain up-to-date backups and incident response plans to mitigate potential impacts of malware infections. 5. Educate security teams on the importance of integrating OSINT-derived intelligence into their security operations to improve situational awareness. 6. Collaborate with information sharing and analysis centers (ISACs) relevant to European industries to exchange intelligence and mitigation strategies. 7. Apply strict access controls and network segmentation to limit malware propagation within organizational environments.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
f3b68713-63e5-411d-9a3f-a6edc16ff211
Original Timestamp
1715472188

Indicators of Compromise

Url

ValueDescriptionCopy
urlhttp://mindelscott.com/2022/11/11/legal-responsibility-of-a-when-a-dog-attacks-a-cat
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://blixtgordon.se/manual.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://blixtgordon.se/manual.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttp://studiolegalefalco-masi.it/microsoft-enterprise-purchase-agreement
GootLoader payload delivery URL (confidence level: 100%)
urlhttp://bellbaker.com/guarantor-for-rental-agreement-ontario
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://43.153.222.28:4545/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://images-oss-1318291330.cos.ap-beijing.myqcloud.com/images/favicon.ico
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://langtonhowarth.co.uk/2022/12/06/what-color-rock-lights-are-legal-in-florida
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://anikvan.com/content.php
Unidentified 111 (Latrodectus) botnet C2 (confidence level: 100%)
urlhttps://boriz400.com/api/azure
Unidentified 111 (Latrodectus) botnet C2 (confidence level: 100%)
urlhttp://470927cm.n9shteam3.top/linejavascriptsqltraffic.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://countnatbt.site/ywrhzjaxngm1yjfh/
Coper botnet C2 (confidence level: 80%)
urlhttps://mix3etbt.website/ywrhzjaxngm1yjfh/
Coper botnet C2 (confidence level: 80%)
urlhttps://btcountates.fun/ywrhzjaxngm1yjfh/
Coper botnet C2 (confidence level: 80%)
urlhttps://3countbt.pw/ywrhzjaxngm1yjfh/
Coper botnet C2 (confidence level: 80%)
urlhttps://vat-app.su/ywrhzjaxngm1yjfh/
Coper botnet C2 (confidence level: 80%)
urlhttps://alleggro.pw/ywrhzjaxngm1yjfh/
Coper botnet C2 (confidence level: 80%)
urlhttp://asleman.org/2022/03/31/washington-state-medical-assistant-scope-of-practice-laws-legal-overview
GootLoader payload delivery URL (confidence level: 100%)
urlhttp://ikwilvanmijnpoloaf.nl/2023/08/28/how-to-write-money-agreement
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://blog.demuthphoto.com/manual.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://blog.demuthphoto.com/manual.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://blog.demuthphoto.com/manual.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://blog.demuthphoto.com/manual.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttp://a0929453.xsph.ru/a448b41e.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://smallders.com/ar/understanding-ohio-forced-medication-laws-what-you-need-to-know
GootLoader payload delivery URL (confidence level: 100%)
urlhttp://lumiere.grupotyc.com/orange-coast-title-company-license-number-legal-title-services
GootLoader payload delivery URL (confidence level: 100%)
urlhttp://8.137.116.204:8888/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://124.220.19.159/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://a0941925.xsph.ru/e7ea97c6.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://github.com/sendgrid/krampus/files/15199097/krampus.zip
SmartLoader payload delivery URL (confidence level: 100%)
urlhttp://80.66.81.134/api/owysn2ysn2ysytasowusodysogmsotysnjqsn2ms
SmartLoader botnet C2 (confidence level: 100%)
urlhttp://044913cm.n9shteam2.top/eternalprotectdefault.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://a0946931.xsph.ru/_defaultwindows.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://blog.enghauser.de/manual.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://nt-stealers.com/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://ferocanhackerr.net/yti3ntjmywy0mwe2/
Coper botnet C2 (confidence level: 80%)
urlhttps://ferocandelimisin.com/yti3ntjmywy0mwe2/
Coper botnet C2 (confidence level: 80%)
urlhttps://ferocanaseviyor.net/yti3ntjmywy0mwe2/
Coper botnet C2 (confidence level: 80%)
urlhttps://ferocansinyalcimisinla.com/yti3ntjmywy0mwe2/
Coper botnet C2 (confidence level: 80%)
urlhttps://ferocanagahacibaba.net/yti3ntjmywy0mwe2/
Coper botnet C2 (confidence level: 80%)
urlhttps://bananamanana.org/ote5mzgxywzinjk1/
Coper botnet C2 (confidence level: 80%)
urlhttps://spedarito.top/ote5mzgxywzinjk1/
Coper botnet C2 (confidence level: 80%)
urlhttps://melonna.top/ote5mzgxywzinjk1/
Coper botnet C2 (confidence level: 80%)
urlhttps://spritecocola.top/ote5mzgxywzinjk1/
Coper botnet C2 (confidence level: 80%)
urlhttps://meibuzjasta.top/ote5mzgxywzinjk1/
Coper botnet C2 (confidence level: 80%)
urlhttps://makcolanivaesto.top/ote5mzgxywzinjk1/
Coper botnet C2 (confidence level: 80%)
urlhttps://birimammonedm.top/ote5mzgxywzinjk1/
Coper botnet C2 (confidence level: 80%)
urlhttp://cq77272.tw1.ru/_defaultwindows.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://84.247.155.115/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://139.9.62.19/metro91/admin/1/ppptp.jpg
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://23.227.203.189/functionalstatus/mcvq-9f5hgl92ma7ouczvcz
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://139.9.62.19/metro91/admin/1/ppptp.jpg
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://188.116.22.177/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://118.25.85.49:6443/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://d2ewlfde9nvzf.cloudfront.net/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://d1v4b6pbk0kwvw.cloudfront.net/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://wraimey.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://88.214.26.29:8001/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://101.201.54.74:9999/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://101.201.54.74/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://104.236.69.99/c/msdownload/update/others/2016/12/29136388_
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://173.249.196.234/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.108.153.69:7777/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.108.137.190/_/scs/mail-static/_/js/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://111.231.21.83/ptj
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://147.135.211.38/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://104.236.69.99/c/msdownload/update/others/2016/12/29136388_
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.153.222.28:433/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.223.220.137:8080/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://43.153.222.28:4545/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://124.222.52.190/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://103.150.10.45:8443/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://8.141.13.130:8089/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://8.219.229.99/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://1.117.93.65:8443/pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://8.219.229.99/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.14.204.208/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://49.235.118.195/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://110.41.21.173/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://8.141.13.130:8098/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://192.168.183.131/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.201.54.74:1234/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.222.52.190:8880/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.222.36.180/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://111.229.209.159/microsoft/owa/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://43.143.193.228/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://122.10.105.51:808/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://1c-marketing.top/v1
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://microstar.cfd/task
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://action-winds.cfd/data
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://service-1bsjckga-1252578700.gz.tencentapigw.com.cn/api/x
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://51.89.72.183/index.htm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://154.204.180.125/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://111.230.98.22:2222/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://43.156.13.20/rewardsapp/ncfooter
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://34.92.137.73/ptj
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://154.44.24.21:8443/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.136.71.208:8054/api/methon/scan
Cobalt Strike botnet C2 (confidence level: 100%)

Domain

ValueDescriptionCopy
domainblazinghotter.igg.biz
Loki Password Stealer (PWS) botnet C2 domain (confidence level: 75%)
domainimages-oss-1318291330.cos.ap-beijing.myqcloud.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainanikvan.com
Unidentified 111 (Latrodectus) botnet C2 domain (confidence level: 100%)
domainboriz400.com
Unidentified 111 (Latrodectus) botnet C2 domain (confidence level: 100%)
domainilloskanawer.com
Unidentified 111 (Latrodectus) botnet C2 domain (confidence level: 100%)
domainkrampus-executor.org
SmartLoader payload delivery domain (confidence level: 100%)
domainhigomanga.info
Loki Password Stealer (PWS) botnet C2 domain (confidence level: 75%)
domainnt-stealers.com
Unknown malware botnet C2 domain (confidence level: 100%)
domaind2ewlfde9nvzf.cloudfront.net
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaind1v4b6pbk0kwvw.cloudfront.net
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwraimey.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domain1c-marketing.top
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainmicrostar.cfd
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainaction-winds.cfd
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainservice-1bsjckga-1252578700.gz.tencentapigw.com.cn
Cobalt Strike botnet C2 domain (confidence level: 100%)

File

ValueDescriptionCopy
file18.192.93.86
NjRAT botnet C2 server (confidence level: 75%)
file46.183.222.118
Remcos botnet C2 server (confidence level: 100%)
file167.88.174.49
Cobalt Strike botnet C2 server (confidence level: 50%)
file185.17.40.153
Sliver botnet C2 server (confidence level: 50%)
file131.154.128.183
Deimos botnet C2 server (confidence level: 50%)
file104.200.72.177
BianLian botnet C2 server (confidence level: 50%)
file103.70.232.240
Responder botnet C2 server (confidence level: 50%)
file1.161.85.40
QakBot botnet C2 server (confidence level: 50%)
file119.45.38.211
Unknown malware botnet C2 server (confidence level: 50%)
file106.52.18.198
Unknown malware botnet C2 server (confidence level: 50%)
file185.173.36.71
Unknown malware botnet C2 server (confidence level: 50%)
file95.164.68.73
Unidentified 111 (Latrodectus) botnet C2 server (confidence level: 75%)
file91.194.11.183
Unidentified 111 (Latrodectus) botnet C2 server (confidence level: 75%)
file103.186.117.142
Remcos botnet C2 server (confidence level: 100%)
file123.99.198.130
Ghost RAT botnet C2 server (confidence level: 100%)
file115.231.218.42
Ghost RAT botnet C2 server (confidence level: 100%)
file45.155.250.229
Socks5 Systemz botnet C2 server (confidence level: 100%)
file79.110.49.244
Socks5 Systemz botnet C2 server (confidence level: 100%)
file80.66.81.134
SmartLoader botnet C2 server (confidence level: 100%)
file146.70.158.83
solarmarker botnet C2 server (confidence level: 100%)
file176.123.161.158
RedLine Stealer botnet C2 server (confidence level: 100%)
file54.80.154.23
Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%)
file45.76.153.153
Cobalt Strike botnet C2 server (confidence level: 50%)
file105.155.173.158
NjRAT botnet C2 server (confidence level: 100%)
file23.227.203.189
Cobalt Strike botnet C2 server (confidence level: 100%)
file125.73.208.47
Deimos botnet C2 server (confidence level: 50%)
file52.83.56.72
Deimos botnet C2 server (confidence level: 50%)
file5.189.152.51
Deimos botnet C2 server (confidence level: 50%)
file149.154.158.222
BianLian botnet C2 server (confidence level: 50%)
file185.234.216.209
BianLian botnet C2 server (confidence level: 50%)
file172.172.150.146
Havoc botnet C2 server (confidence level: 50%)
file43.155.16.246
Havoc botnet C2 server (confidence level: 50%)
file172.81.61.224
Havoc botnet C2 server (confidence level: 50%)
file178.128.170.218
Havoc botnet C2 server (confidence level: 50%)
file13.231.126.178
Havoc botnet C2 server (confidence level: 50%)
file85.104.36.117
QakBot botnet C2 server (confidence level: 50%)
file107.167.18.6
DCRat botnet C2 server (confidence level: 50%)
file107.167.18.3
DCRat botnet C2 server (confidence level: 50%)
file107.167.18.4
DCRat botnet C2 server (confidence level: 50%)
file107.167.18.2
DCRat botnet C2 server (confidence level: 50%)
file118.25.101.81
Unknown malware botnet C2 server (confidence level: 50%)
file43.159.230.147
Unknown malware botnet C2 server (confidence level: 50%)
file120.55.100.239
Unknown malware botnet C2 server (confidence level: 50%)
file8.130.135.45
Unknown malware botnet C2 server (confidence level: 50%)
file91.92.250.224
Meduza Stealer botnet C2 server (confidence level: 50%)
file103.21.88.14
Unknown malware botnet C2 server (confidence level: 50%)
file103.21.88.13
Unknown malware botnet C2 server (confidence level: 50%)
file95.217.242.180
RedLine Stealer botnet C2 server (confidence level: 100%)
file91.92.250.227
AsyncRAT botnet C2 server (confidence level: 100%)
file111.229.209.159
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.143.193.228
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.196.8.18
Cobalt Strike botnet C2 server (confidence level: 100%)
file113.31.105.33
Cobalt Strike botnet C2 server (confidence level: 100%)
file51.89.72.183
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.204.180.125
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.156.13.20
Cobalt Strike botnet C2 server (confidence level: 100%)
file34.92.137.73
Cobalt Strike botnet C2 server (confidence level: 100%)
file54.82.65.203
Cobalt Strike botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash14858
NjRAT botnet C2 server (confidence level: 75%)
hash5057
Remcos botnet C2 server (confidence level: 100%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 50%)
hash81
Sliver botnet C2 server (confidence level: 50%)
hash8443
Deimos botnet C2 server (confidence level: 50%)
hash6513
BianLian botnet C2 server (confidence level: 50%)
hash80
Responder botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash80
Unknown malware botnet C2 server (confidence level: 50%)
hash443
Unidentified 111 (Latrodectus) botnet C2 server (confidence level: 75%)
hash443
Unidentified 111 (Latrodectus) botnet C2 server (confidence level: 75%)
hash1144
Remcos botnet C2 server (confidence level: 100%)
hash10299
Ghost RAT botnet C2 server (confidence level: 100%)
hash10299
Ghost RAT botnet C2 server (confidence level: 100%)
hash80
Socks5 Systemz botnet C2 server (confidence level: 100%)
hash80
Socks5 Systemz botnet C2 server (confidence level: 100%)
hash80
SmartLoader botnet C2 server (confidence level: 100%)
hash4833e3f6c520312f6cc2716fb89a31c86e143e410305ffdff072786bce948e0c
SmartLoader payload (confidence level: 100%)
hash80
solarmarker botnet C2 server (confidence level: 100%)
hash1337
RedLine Stealer botnet C2 server (confidence level: 100%)
hash80
Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 50%)
hash10000
NjRAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4505
Deimos botnet C2 server (confidence level: 50%)
hash443
Deimos botnet C2 server (confidence level: 50%)
hash80
Deimos botnet C2 server (confidence level: 50%)
hash36884
BianLian botnet C2 server (confidence level: 50%)
hash20023
BianLian botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash7979
DCRat botnet C2 server (confidence level: 50%)
hash7979
DCRat botnet C2 server (confidence level: 50%)
hash7979
DCRat botnet C2 server (confidence level: 50%)
hash7979
DCRat botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash80
Meduza Stealer botnet C2 server (confidence level: 50%)
hash50555
Unknown malware botnet C2 server (confidence level: 50%)
hash50555
Unknown malware botnet C2 server (confidence level: 50%)
hash443
RedLine Stealer botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)

Threat ID: 682c7ab9e3e6de8ceb742b8a

Added to database: 5/20/2025, 12:51:05 PM

Last enriched: 6/19/2025, 1:04:00 PM

Last updated: 8/16/2025, 10:30:45 AM

Views: 14

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats