ThreatFox IOCs for 2024-06-03
ThreatFox IOCs for 2024-06-03
AI Analysis
Technical Summary
The provided threat intelligence concerns a malware-related report titled "ThreatFox IOCs for 2024-06-03," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under the 'osint' product type, indicating that it primarily involves open-source intelligence data rather than a specific software product or version. No affected software versions or specific vulnerabilities are identified, and no Common Weakness Enumerations (CWEs) or patch links are provided. The threat level is rated as 2 on an unspecified scale, with a medium severity classification. The technical details mention a distribution score of 3, suggesting a moderate spread or presence of the malware or associated IOCs. There are no known exploits in the wild linked to this report at the time of publication, and no direct indicators (such as file hashes, IP addresses, or domain names) are included in the data. The absence of detailed technical indicators or exploit information implies that this report serves as a general alert or collection of intelligence rather than a description of an active, targeted campaign or a newly discovered vulnerability. The threat is tagged with 'tlp:white,' indicating that the information is intended for unrestricted sharing. Overall, this intelligence appears to be a medium-severity alert about malware-related IOCs collected or observed around June 3, 2024, without immediate evidence of active exploitation or specific targeted systems.
Potential Impact
Given the lack of specific affected products, versions, or detailed technical indicators, the direct impact on European organizations is currently limited and primarily informational. However, the presence of malware-related IOCs in open-source intelligence suggests ongoing or emerging threats that could potentially be leveraged in future attacks. European organizations, especially those with mature cybersecurity operations, can use this intelligence to enhance their detection capabilities by integrating these IOCs into their security monitoring tools. The medium severity rating indicates a moderate risk level, implying that while no immediate widespread damage is reported, there is a potential for confidentiality, integrity, or availability impacts if the malware is deployed effectively. The absence of known exploits in the wild reduces the immediate threat but does not eliminate the risk of future exploitation. Organizations in sectors with high-value data or critical infrastructure should remain vigilant, as malware threats can evolve rapidly. The broad nature of the report means that the impact assessment must consider the potential for indirect effects, such as increased reconnaissance or preparatory activities by threat actors targeting European entities.
Mitigation Recommendations
To mitigate risks associated with this malware-related threat intelligence, European organizations should: 1) Integrate the provided IOCs from ThreatFox into their Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to improve detection of potential malicious activity. 2) Conduct regular threat hunting exercises using the latest OSINT feeds to identify any early signs of compromise related to these IOCs. 3) Maintain up-to-date malware signatures and heuristic detection capabilities on all endpoint and network security devices. 4) Enhance user awareness training focusing on recognizing phishing and social engineering tactics that often accompany malware distribution. 5) Implement network segmentation and strict access controls to limit lateral movement if an infection occurs. 6) Establish and regularly test incident response plans to ensure rapid containment and remediation in case of malware detection. 7) Collaborate with national Computer Security Incident Response Teams (CSIRTs) and share relevant findings to contribute to collective defense efforts. These measures go beyond generic advice by emphasizing proactive integration of OSINT-derived IOCs and active threat hunting tailored to the evolving malware landscape.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- url: https://ieshua.org/reports.php
- file: 18.158.249.75
- hash: 18801
- file: 18.192.31.165
- hash: 18801
- file: 3.124.142.205
- hash: 18801
- url: https://ingahanka.de/reports.php
- url: http://221.15.22.4:35121/mozi.m
- file: 3.134.125.175
- hash: 16424
- file: 3.125.102.39
- hash: 16276
- file: 193.161.193.99
- hash: 44070
- file: 147.78.103.81
- hash: 80
- file: 185.159.153.84
- hash: 80
- domain: pendarcc.ir
- url: http://b35977a00ebd8086.safe1.lat/jquery-3.3.1.min.js
- domain: b35977a00ebd8086.safe1.lat
- url: http://124.71.81.174:9998/8zef
- file: 212.114.52.163
- hash: 4044
- file: 185.43.220.45
- hash: 4383
- file: 110.42.248.7
- hash: 4449
- file: 18.207.197.162
- hash: 9999
- file: 117.139.140.7
- hash: 4506
- file: 49.119.120.21
- hash: 10250
- file: 159.100.29.70
- hash: 80
- file: 70.27.138.67
- hash: 2078
- file: 77.126.87.47
- hash: 443
- file: 75.173.34.175
- hash: 443
- file: 105.154.220.55
- hash: 995
- file: 222.239.101.244
- hash: 8888
- file: 46.246.86.8
- hash: 3000
- file: 13.54.165.166
- hash: 443
- file: 147.78.103.131
- hash: 50555
- file: 91.151.89.217
- hash: 80
- file: 50.114.37.52
- hash: 443
- domain: lldl.xyz
- domain: llcl.xyz
- domain: llal.xyz
- file: 149.88.44.159
- hash: 80
- file: 173.212.209.190
- hash: 4001
- file: 45.147.99.158
- hash: 8080
- url: http://bvp.ch/transfer-agreement-concept
- url: https://inpersonakbh.dk/reports.php
- url: http://8.222.230.186/activity
- file: 8.222.230.186
- hash: 80
- url: http://106.53.207.158:8080/updates.rss
- url: http://139.196.191.50:8088/activity
- url: http://114.132.87.9/activity
- file: 114.132.87.9
- hash: 80
- domain: baqebei1.online
- domain: cdnforfiles.xyz
- domain: d1x9q8w2e4.xyz
- url: https://81.68.253.22/pixel
- url: http://111.229.142.238:6379/ptj
- file: 147.45.47.36
- hash: 27667
- url: http://bvp.ch/hold-harmless-agreement-car-accident/
- url: https://intermissionhostel.no/reports.php
- url: https://65.108.55.55:9000
- url: https://91.107.221.88:9000
- domain: load.memoryloader.com
- domain: memoryloader.com
- file: 96.47.235.152
- hash: 2024
- url: https://theonelartist.com/cdn-vs/original.js
- domain: theonelartist.com
- url: https://theonelartist.com/cdn-vs/cache.php
- url: https://theonelartist.com/cdn-vs/2per.php
- file: 103.179.189.111
- hash: 8848
- hash: d72628520b0978a1b1be32f975676858c3d3476c
- hash: bcc5a9772d5c0d2a0db971eff31f5a0e6feccdd6cb8defccbea6f00b5967cf38
- hash: 6eb32cf2b1d4a3b38ef372e6c1d76b04
- hash: a20426667bc9591e446678c357e32cb969b59caf
- hash: 1a4e9865bdd049e0af9744de415b4bca7da2752ea21ce6c547f37f962b5e6aa9
- hash: c59018e21b1517bc2743b1d9a3c2391a
- hash: 9f515ba8edefb0c2d1213816472c912c97fa1c8e
- hash: b3ca04d731ce63ef0fb3cae7db9ae14b8ff9c0ae842b83ac80eaa8ef459f9672
- hash: d3c642ecc3418adbc9d7675bbdf5162d
- hash: 34a1bc065cd9413b783ad9e0e78d2996415186a4
- hash: d2f23dc9b7b97472f7996e14c836b6571e23c79ee585d6d4c8f13ef7ae101d6e
- hash: 2e1fea17aeea8852800f17ead782ca53
- hash: 1a54605adbd8e04175831efd65076aed86962f1e
- hash: 0cdd89801edc2304d208f9dca70cbe0248f5cf55876c827a275a57560fa396fe
- hash: cfaef1fbcfc3a09ccc8baf621b681025
- hash: 0492efdb72f1800210283243ee5be8f08ec3874a
- hash: 50e85468becf2a5b858a1cd14362899128ccda25c01b428f52ddc033bb95ad65
- hash: fcb5172319bbca6eb3c03d589404c926
- hash: 12bda6495b055744cdbc90b923d173d971d2e911
- hash: 3a75fb4d55ecf3434b2efaa95586e88ebb354908ba64007ad660abd022d1a971
- hash: 57b103708d48a606283b50b9f02effa1
- hash: aa8cb619778e5086de63ef93d3aea6f9863d4fb8
- hash: d2585129c23de9308dfdc114f4997f8ec6dafa1057669718e27f0467cf66ad2c
- hash: 14e46bbab699b36b4dd13c1534c9d6cf
- hash: 647722280956067d09d262120776a954b64d4fa2
- hash: ed2658bd38914a6718e2e4f09e6d23c2b6c763e90f93646c580b85c33fd2c59e
- hash: 6e75d28e8c62737302435c206d401ecc
- hash: 19781381bd5043aafbabf0a6d90c1569e58f0d5a
- hash: c4dd9ec83dc0b304101fa6b2f37d93aae8921bab88ca6e49a6a8eb18d390ed79
- hash: fe4ebc62a5498c4d43699abe554febb0
- hash: 2efd04525dd2d33d9747dbca351ac66b7e3d6d66
- hash: c75f6b872b500f4837f0f842407dfec4b94dfd6c7063bae5db970e1af25832c9
- hash: 3df209bb74897aaaec034d5e55b9074a
- hash: 9752572ae0dc227f7c59d941f98c3bbc91b8c2df
- hash: 7b5b3b4a6c48e02876912202d71c7a1eb9781dad619e578029127921143ff8cb
- hash: 35b192754ef411c65e6584e8f3cc3e43
- hash: b1962c33fd224cded2bf491faf9275b81ea0497c
- hash: 1be835ea4db4fde3dfee8c6d479ad512901305614850ca3d7d8db9d4a8281fdc
- hash: e2e7773968433ec9d72c5bf4b1eb8d21
- hash: 6a02b0ccedabcbcfd87daecb1644978572c491dd
- hash: a39025ba87aeb692a67eb42b6c674669fc913901ea715cf6916571adb3c61e5c
- hash: 984078883ef29280604ea2af64a208ea
- hash: 994c395789f7c3c064ac9496f1f90bf2d5aa33c4
- hash: ecbe5fc91c1f222a1c53519063e12f750bec0bc4eb392776de2ebcec58d77287
- hash: 6c40adafc072321f2ca0749ff31adac8
- hash: a34e2dc19b40abaff6572526a4432647fc99420f
- hash: f5a619550aab65a70f97f1128411ccd053444254ebb1df49d2d908c0e154d66b
- hash: 7ed6256cb498f5a987aba753c51da2e8
- hash: 5e07a0b068b73b2c98b8aa44d96f2ad3b1b3b5a5
- hash: deb1116c4183fb13e12441140167656729cf3a6b32b6488f2b6b72d578536e01
- hash: d4bed9420bd66fbf3c483e1dacabb726
- hash: d478161c439a2455370644ad9cd0bed4ed743ab5
- hash: 6cffe7a63ec7e31aee6425c2c6ea5259f16c9e817b4bafbd3a8d8283f86d84d4
- hash: b53f4a29e8f17c661eff669b55504b59
- hash: 0c924b5d2e26cfdc4c2657b7b43634a1fd815189
- hash: 03eaee082ee63bf79525e2edeb6f406d2ffca6feab4aada8f03dc98740d28a44
- hash: 57de6354241c9ed4fa84dd82bcfa4ad9
- hash: d973e49364a31c2fa86479b17aaafd80815f49a8
- hash: 3d42be817eb0a150a642713d3234847e943dce60e98a3e9722d9fa01d5c880c4
- hash: d8daf5dd7816250aa778a6f83f073d69
- hash: e74d7af541c85d2ac76ca209d731205aa263d227
- hash: 7f10244723a1708686bb1fb39c9832ac40ce5222cfb8bac5297b15034629ed58
- hash: fc7fa4f4fb4426427384e041bac39740
- hash: e24bc7db313279667cb17da86e0b7b5e138cbd7b
- hash: 1191d3f484d35c7e4d42ac7bcdd2227930f848383873d914e8010bfe637e0122
- hash: a745a3b88dc871f9b23f5f6b1e84e51e
- hash: 2e07c02af7599bfb272cb40b6729cc40d34e5066
- hash: 8ce818c607ea14dfa89c7a1ffacb4d2ecec45ddc34da65cd1298ad522f317e63
- hash: a87472828e1822c69d04fb6fa679cce5
- hash: d7bfb660bc392f6c8e905382f8fb4bf54db38d05
- hash: d22da7b322ba050e2e39b6b724daec52887e2610b1d461ab8cde4027e7cb4308
- hash: 7aef83fe22b74be37f2e77fa5222950d
- hash: 1ea7970aa6e223d52f206a9a3d89d8747571b8ee
- hash: edd45e1320b7fbbc8b7ce2907c5bade1e1cc0a92d940fa738b4fa8a0e52e37b7
- hash: becd8ce44a82d410cd395f4a7651869a
- hash: 6a25e71039489abc73306178e9152e552e2446ab
- hash: a41339abaddb69089a4fbba54fc00769c123de025a1507d0130a3203fb5d0834
- hash: 806a9b20a38e7975e51a48f754515868
- hash: 7146bcad2893ba2eb83885b341a9f8a01336bcb2
- hash: 5b59d8ed228cb76f38ac659ed5e4e7673b587a3833ebdef23442147ab5a6b5f2
- hash: 216034c93412238fb4c86e8576dded6e
- hash: 26dc699a146f17b14f4bae8511a744648a326ccb
- hash: b58ca2a14836ed283ed5b5d653f20c2a42077d4d7b6b4cbe2ad6bc2ab532db07
- hash: 7e2124dbe1043d3041d86b37a446c7ae
- hash: 6cba8338b2c9edf292cc56419ddf42b4cf5e8a7b
- hash: a9acdedbcc185292379f90b97ab6f584461d59aba50542a8fb50f1c2948d8d8c
- hash: df9b85d2e11f42d4c6b838c9bb020d3d
- hash: dbfcd82dee641a842920006afd10cb2c157677c4
- hash: 905208a3608924e148f0b9bd733eb40c9f02edf10b27b43cd6e742f4bb4f62c3
- hash: db8636ac6870d96da55bcefd20ee18eb
- hash: 7dc3c25615122043bec9ceda719b58be4f2c9af6
- hash: 98cb5b0b2e8b3b8fa9fe79ba311ace462ae509669316cf54593b3aac402188f8
- hash: 15bf0f43c13fba63ba0ed31dd40dcd3d
- hash: d0579e58bd29087a4bfe46422b2779fb369716aa
- hash: 20205ee834a7f1d7e44e139697b1ed8600a3301a5029cbfe9db8dd8a3ae13f20
- hash: f400361c7ea460fe440409388300e3ea
- hash: 029b4f886bde1804e201db5bdb261af41de18b72
- hash: a1ceb961c3797e6999092bc934714401ac7dd83139223ecc8b5e5b2c08e79c5c
- hash: 3ae03f156f2c2f54e69bae05694b5f6b
- hash: 9a902f4b721e08bdc630c72031994e037278592e
- hash: 8530446a085c1700fc1ce3e5e21afc356d9701ed553edbfceaed8233ab2c9d95
- hash: 5d0711edf41f420c3d84890567b6db3f
- hash: 26d6cc6e1d577f78a7d0cf5b0531185305fe7351
- hash: 3355e6a64aba410d637dfbe6be4bb831629ca94b25af57d6265043b24317b1d7
- hash: 148d6d25d864fbdae734be252cc4c926
- hash: d8a050750f7fdc5038d4164c8f7d247d2cecf7a9
- hash: 8b5376bda7dabd5355e17ed2d29a76b466f5197841a35568276c843e332835b4
- hash: 461a238903404999e36835284a2eaaf7
- hash: a543433469898da17bf5599c0e45cd8e559e344f
- hash: 18bb8b44a363513d2359eaf430f2e0a1559b6405d66269f4a77c3d052cfe01a9
- hash: 71813501b8b4a01c69cd70546704265a
- hash: 4aa6d9ddde36f5fb0a220a8551710b620f898cb2
- hash: 4f3b0833c198dbc9e4ef82ef8f6dbf3d5211540858ee48972384a3fc799d0d5c
- hash: 12a2fc06d67f104935d8507367a558b7
- hash: 0fd9b3ec5d55916890ce35e8dd47cb6b919576dc
- hash: f303624986bcad8a2b4dcf857b5fc82f54c933082c0849dd633e9c1651afde98
- hash: 523007bc2f106dabe9057f0096aa53c3
- hash: 5000cc33d347ca97a831a1e8da4ff0e21d6063d8
- hash: af9aa22b8ab619d43885d9a8e45d4b3bc0abf031d6c4a0e55ba24e52dbd7440b
- hash: 39696059c052a611f44b44960417cfe2
- hash: 05735b0f2503a5f55cd3799306d80540558c86bf
- hash: 031c712370f6c655fdd1e11f2eecae2065106e3f6588415dd9dfb42914e557ec
- hash: a5600816a7e60f1ac466eb56bbfbbbd4
- hash: 74a19052a8e57eab17827d88172aa08e270c2171
- hash: f801b09d24cdce0bbcbe6787af8881bf78a7d3e7dd807610d7f0766505d9a380
- hash: 9d42dec969d29b523c3bb2cef28b79c2
- hash: ff5ca08e6d69cb68a76422e804b0574d551ed20e
- hash: 94c1b83e9181e597748af34aa30324fa001324bd12d33b12aa01e2a05ba779d6
- hash: 090b76b0c6152ea71f08d1e9ae8f3742
- hash: ca669cb8ad948f50ed48c94e573a777f2675674f
- hash: 7e9ace80bb54631d6c392281fe75cf4e1b171aebbcc863b7e72054931bde64c8
- hash: 9c37c66c98472fa368e39fefbef31906
- hash: 471ca8e134500ea255230801392af877a7bf0406
- hash: de56c70d9543d35a0f93def14072e42a9df2b35f5b087fac3bfedd49c3f42ee6
- hash: e7cf57a95364551414e40bf162837aac
- hash: 0acb3c5b6a6bd568656c7dc9f2bebaf0ea01207a
- hash: c54eb244078dcaf2472c85bcce337b152dc24154d6a03004a29e4f4069d49d71
- hash: c313d79bb52d3dc1a0fdd298a6c47810
- hash: 6dc9f3042ae2074c22e0aaf2e3e3219ff90e5e94
- hash: d3f18f0a0b2c7b7f8e365b00f804f76f0b747824086c5a9530471efd1ebf5174
- hash: f5b20b005cbb604eec709f984166ca68
- hash: 60314c8dbbc9c580d2a6fe200c2e1d54d8c50dd4
- hash: dd8c615426bbc9886f9b46b963a623ab635ae6e317a244b4165acfd9d82ef26d
- hash: e2b13741239300cb44272592622cc9df
- hash: a983f060136b7e9cdad0d8104e7e7196fcdf7a64
- hash: 2d55ed1991f2e9ce5b6fc82d7c0affe25df64f8e16f300d71d8a6dd62c410794
- hash: d325a77c13e5fd197dee37b78ce8bce0
- hash: 9e8ae6773e7e540d6a16fb2b84a4e8d9d67d9d25
- hash: dda1fa947466fe10367cab597941c144606d85b2d03efebee9acdb2c9b0e693a
- hash: 6cc46e8806eca732f501d5a2bf6ad434
- hash: ddfd08661f0f3a515c3802cf3042b002d1748d53
- hash: 564d2275edd8f622be6717d156c627a346f330549ca2f266985e49a4e5e17204
- hash: 86b91372dc46212aa7f5310339a6f7f3
- hash: e27a61a67b4c103595135df9567cac7152d93765
- hash: d3b852f73cf956335e5cd16bcf94d255065c04b13dc9efb34fe52fdfe6ffed2d
- hash: d1e338f0c608088b7b5aa2e20c3df8ca
- hash: ce261f6bcaab860b7d5ebd23583663ec41ae0464
- hash: c62267c0ef0af138ffca07372e24e4fb0681d0f1b87bfe798a33a14265791985
- hash: 4e89b728a15249b6ec84a738866c0f64
- hash: 842a457a15cd9b35c930e86aa3adca801231c0c9
- hash: b43813d1e597a0633fc8693d5921688a8b189cfdc6c74fda22e42c2aefa3270c
- hash: b78a41cfedbd72be9cda0c2e8b456b9b
- hash: 653f63e14f59b6049559dc487b9f3210ff2bdaef
- hash: 1e978f9081a38530567bd778d25cebdf6297ce2f8c6d1fed644d75ac102fd567
- hash: 51989583bada20d6d17d602cc0277322
- hash: 4e93e38d13481d6bd2439613630976409b67983a
- hash: 9962c1342cb0ac4e1af01df52f756b70992a0ced5a53e46f770a196033f3762d
- hash: 1729c7a8fa433e28bd4de61cc5317840
- hash: 3fd75d798773bbb29b26a4c9b9c0635ff52fee57
- hash: 9a75c8e353df060ec927ada5990402b57764275f2a860d9cf500a661ec3de060
- hash: cdc7a9e456810fd6d0a5f9129c633c03
- hash: d27576bb00da17e68f302f4408a74f32e96fc267
- hash: b2e8f6340ca878d0c0a82b6ec6a7d88d9e2dfc6cf72f81bda974d888f95f1713
- hash: 078bbe7eaeaf7e7cc2ed22c372de38c4
- hash: 46d7a3f48137b25322493c4c7f6504dc61f5ad77
- hash: 1f51b20b036ab4a0a771bf194dad836cf7102a92b9c08791aa3a0d8e370cc1a3
- hash: 785969b0d48577558e3dc2a55d58513d
- hash: 2fa62613a8d66c85b29c29e89482b90c91d96f58
- hash: ffdec1b87d247393a922973571b8bfa88219a418230abb916105b170e814950a
- hash: 3ad4e0b624ab5e54bb4c9d65aa30ec7e
- hash: 4a87e53dc1a570d084e56db622ff95b7d4c421aa
- hash: 5c698ae442a9eb13401817b158b8a20f8bf5fe12d38cd7ef1e809ce9cb7a2805
- hash: 206b78f35e7fbe70a015c9b809c0eb23
- hash: 1e4ab7c68cfc37b5ba9f64415bf1e1a9f07dbe0f
- hash: ec7b25cccfa188e36a22599a08c1e73e8fec9feb2dfe2da047b14d67cabfb8af
- hash: 7f29957a5bd5e369c982ee3085b294b0
- hash: 8f44aa9566f9da9c7086d6da8f080c7a7de52050
- hash: 8054c765c0425811e3632409c6bbd9149fde1de08593796957ca55ead7e9e683
- hash: bb277f03c2e761e03643369ef4d9f1da
- hash: 83c73ab3c57ad7c32d690b9f3016f1548535c1ff
- hash: 91aaa529420c12fbd34da00273de2453c206c09d994802f0b2eb7e89fbe7a0c2
- hash: 0554428077178ad08f6323a63f539c20
- hash: c2a9771b309720a91b35b4b3153a114b5a720102
- hash: 762efe3855a0243ffc8ea9f326b8dc2c8e00f09a007d492f89dede82c57bf260
- hash: 72314affd10ae1bd77e2b94599191c5b
- hash: 1f500e20f5230e301b630e0e241dcc9275ea56bc
- hash: 495396710558d490b78663c6569edd7f480b16ca3402c806bf84981d3c77e4cf
- hash: ce75ac67e0807bc51a33ac11088c0cfe
- hash: 10d99e3c5738f923ea81d5c2a636a3982a3eccd5
- hash: a1878af056735af8a426971f730e3bbd7fd4e8eb164fe95460c92cae6e8f2541
- hash: 316484a421bb5a632ced2725cb123f24
- domain: upgrade.mirrorss.top
- domain: update.mirrorss.top
- url: http://101.35.42.157/__utm.gif
- file: 101.35.42.157
- hash: 443
- file: 103.85.25.168
- hash: 80
- file: 86.104.72.20
- hash: 7443
- file: 52.68.210.54
- hash: 80
- file: 140.249.32.175
- hash: 4505
- file: 121.37.252.50
- hash: 443
- file: 43.143.170.206
- hash: 8443
- file: 103.245.39.231
- hash: 80
- file: 45.92.9.110
- hash: 443
- file: 184.63.156.240
- hash: 443
- file: 39.40.161.183
- hash: 995
- file: 149.109.241.64
- hash: 443
- file: 217.165.157.202
- hash: 22
- file: 35.202.169.153
- hash: 8888
- file: 106.75.75.24
- hash: 8888
- file: 47.113.192.177
- hash: 8888
- file: 8.138.119.106
- hash: 8888
- file: 35.184.180.199
- hash: 80
- file: 94.156.68.17
- hash: 80
- url: https://47.99.194.96/match
- file: 47.99.194.96
- hash: 443
- url: http://47.245.42.208/_/scs/mail-static/_/js/
- file: 47.245.42.208
- hash: 80
- url: http://94.232.249.46/tab_home.js
- file: 94.232.249.46
- hash: 80
ThreatFox IOCs for 2024-06-03
Description
ThreatFox IOCs for 2024-06-03
AI-Powered Analysis
Technical Analysis
The provided threat intelligence concerns a malware-related report titled "ThreatFox IOCs for 2024-06-03," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under the 'osint' product type, indicating that it primarily involves open-source intelligence data rather than a specific software product or version. No affected software versions or specific vulnerabilities are identified, and no Common Weakness Enumerations (CWEs) or patch links are provided. The threat level is rated as 2 on an unspecified scale, with a medium severity classification. The technical details mention a distribution score of 3, suggesting a moderate spread or presence of the malware or associated IOCs. There are no known exploits in the wild linked to this report at the time of publication, and no direct indicators (such as file hashes, IP addresses, or domain names) are included in the data. The absence of detailed technical indicators or exploit information implies that this report serves as a general alert or collection of intelligence rather than a description of an active, targeted campaign or a newly discovered vulnerability. The threat is tagged with 'tlp:white,' indicating that the information is intended for unrestricted sharing. Overall, this intelligence appears to be a medium-severity alert about malware-related IOCs collected or observed around June 3, 2024, without immediate evidence of active exploitation or specific targeted systems.
Potential Impact
Given the lack of specific affected products, versions, or detailed technical indicators, the direct impact on European organizations is currently limited and primarily informational. However, the presence of malware-related IOCs in open-source intelligence suggests ongoing or emerging threats that could potentially be leveraged in future attacks. European organizations, especially those with mature cybersecurity operations, can use this intelligence to enhance their detection capabilities by integrating these IOCs into their security monitoring tools. The medium severity rating indicates a moderate risk level, implying that while no immediate widespread damage is reported, there is a potential for confidentiality, integrity, or availability impacts if the malware is deployed effectively. The absence of known exploits in the wild reduces the immediate threat but does not eliminate the risk of future exploitation. Organizations in sectors with high-value data or critical infrastructure should remain vigilant, as malware threats can evolve rapidly. The broad nature of the report means that the impact assessment must consider the potential for indirect effects, such as increased reconnaissance or preparatory activities by threat actors targeting European entities.
Mitigation Recommendations
To mitigate risks associated with this malware-related threat intelligence, European organizations should: 1) Integrate the provided IOCs from ThreatFox into their Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to improve detection of potential malicious activity. 2) Conduct regular threat hunting exercises using the latest OSINT feeds to identify any early signs of compromise related to these IOCs. 3) Maintain up-to-date malware signatures and heuristic detection capabilities on all endpoint and network security devices. 4) Enhance user awareness training focusing on recognizing phishing and social engineering tactics that often accompany malware distribution. 5) Implement network segmentation and strict access controls to limit lateral movement if an infection occurs. 6) Establish and regularly test incident response plans to ensure rapid containment and remediation in case of malware detection. 7) Collaborate with national Computer Security Incident Response Teams (CSIRTs) and share relevant findings to contribute to collective defense efforts. These measures go beyond generic advice by emphasizing proactive integration of OSINT-derived IOCs and active threat hunting tailored to the evolving malware landscape.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 0f658d93-4b89-43fc-ae4c-8cdd3d42a581
- Original Timestamp
- 1717459386
Indicators of Compromise
Url
Value | Description | Copy |
---|---|---|
urlhttps://ieshua.org/reports.php | GootLoader payload delivery URL (confidence level: 100%) | |
urlhttps://ingahanka.de/reports.php | GootLoader payload delivery URL (confidence level: 100%) | |
urlhttp://221.15.22.4:35121/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttp://b35977a00ebd8086.safe1.lat/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://124.71.81.174:9998/8zef | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://bvp.ch/transfer-agreement-concept | GootLoader payload delivery URL (confidence level: 100%) | |
urlhttps://inpersonakbh.dk/reports.php | GootLoader payload delivery URL (confidence level: 100%) | |
urlhttp://8.222.230.186/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://106.53.207.158:8080/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://139.196.191.50:8088/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://114.132.87.9/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://81.68.253.22/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://111.229.142.238:6379/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://bvp.ch/hold-harmless-agreement-car-accident/ | GootLoader payload delivery URL (confidence level: 100%) | |
urlhttps://intermissionhostel.no/reports.php | GootLoader payload delivery URL (confidence level: 100%) | |
urlhttps://65.108.55.55:9000 | Vidar botnet C2 (confidence level: 49%) | |
urlhttps://91.107.221.88:9000 | Vidar botnet C2 (confidence level: 49%) | |
urlhttps://theonelartist.com/cdn-vs/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://theonelartist.com/cdn-vs/cache.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://theonelartist.com/cdn-vs/2per.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://101.35.42.157/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://47.99.194.96/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.245.42.208/_/scs/mail-static/_/js/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://94.232.249.46/tab_home.js | Cobalt Strike botnet C2 (confidence level: 100%) |
File
Value | Description | Copy |
---|---|---|
file18.158.249.75 | NjRAT botnet C2 server (confidence level: 75%) | |
file18.192.31.165 | NjRAT botnet C2 server (confidence level: 75%) | |
file3.124.142.205 | NjRAT botnet C2 server (confidence level: 75%) | |
file3.134.125.175 | NjRAT botnet C2 server (confidence level: 75%) | |
file3.125.102.39 | NjRAT botnet C2 server (confidence level: 75%) | |
file193.161.193.99 | NjRAT botnet C2 server (confidence level: 75%) | |
file147.78.103.81 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%) | |
file185.159.153.84 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%) | |
file212.114.52.163 | SystemBC botnet C2 server (confidence level: 100%) | |
file185.43.220.45 | SystemBC botnet C2 server (confidence level: 100%) | |
file110.42.248.7 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file18.207.197.162 | Sliver botnet C2 server (confidence level: 50%) | |
file117.139.140.7 | Deimos botnet C2 server (confidence level: 50%) | |
file49.119.120.21 | Deimos botnet C2 server (confidence level: 50%) | |
file159.100.29.70 | Havoc botnet C2 server (confidence level: 50%) | |
file70.27.138.67 | QakBot botnet C2 server (confidence level: 50%) | |
file77.126.87.47 | QakBot botnet C2 server (confidence level: 50%) | |
file75.173.34.175 | QakBot botnet C2 server (confidence level: 50%) | |
file105.154.220.55 | QakBot botnet C2 server (confidence level: 50%) | |
file222.239.101.244 | DCRat botnet C2 server (confidence level: 50%) | |
file46.246.86.8 | DCRat botnet C2 server (confidence level: 50%) | |
file13.54.165.166 | Unknown malware botnet C2 server (confidence level: 50%) | |
file147.78.103.131 | Unknown malware botnet C2 server (confidence level: 50%) | |
file91.151.89.217 | Unknown malware botnet C2 server (confidence level: 50%) | |
file50.114.37.52 | FAKEUPDATES botnet C2 server (confidence level: 50%) | |
file149.88.44.159 | WhiteSnake Stealer botnet C2 server (confidence level: 100%) | |
file173.212.209.190 | WhiteSnake Stealer botnet C2 server (confidence level: 100%) | |
file45.147.99.158 | WhiteSnake Stealer botnet C2 server (confidence level: 100%) | |
file8.222.230.186 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file114.132.87.9 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file147.45.47.36 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file96.47.235.152 | Remcos botnet C2 server (confidence level: 75%) | |
file103.179.189.111 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file101.35.42.157 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.85.25.168 | Sliver botnet C2 server (confidence level: 50%) | |
file86.104.72.20 | Unknown malware botnet C2 server (confidence level: 50%) | |
file52.68.210.54 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
file140.249.32.175 | Deimos botnet C2 server (confidence level: 50%) | |
file121.37.252.50 | Havoc botnet C2 server (confidence level: 50%) | |
file43.143.170.206 | Havoc botnet C2 server (confidence level: 50%) | |
file103.245.39.231 | Havoc botnet C2 server (confidence level: 50%) | |
file45.92.9.110 | Havoc botnet C2 server (confidence level: 50%) | |
file184.63.156.240 | QakBot botnet C2 server (confidence level: 50%) | |
file39.40.161.183 | QakBot botnet C2 server (confidence level: 50%) | |
file149.109.241.64 | QakBot botnet C2 server (confidence level: 50%) | |
file217.165.157.202 | QakBot botnet C2 server (confidence level: 50%) | |
file35.202.169.153 | Unknown malware botnet C2 server (confidence level: 50%) | |
file106.75.75.24 | Unknown malware botnet C2 server (confidence level: 50%) | |
file47.113.192.177 | Unknown malware botnet C2 server (confidence level: 50%) | |
file8.138.119.106 | Unknown malware botnet C2 server (confidence level: 50%) | |
file35.184.180.199 | Unknown malware botnet C2 server (confidence level: 50%) | |
file94.156.68.17 | Unknown malware botnet C2 server (confidence level: 50%) | |
file47.99.194.96 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.245.42.208 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file94.232.249.46 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Hash
Value | Description | Copy |
---|---|---|
hash18801 | NjRAT botnet C2 server (confidence level: 75%) | |
hash18801 | NjRAT botnet C2 server (confidence level: 75%) | |
hash18801 | NjRAT botnet C2 server (confidence level: 75%) | |
hash16424 | NjRAT botnet C2 server (confidence level: 75%) | |
hash16276 | NjRAT botnet C2 server (confidence level: 75%) | |
hash44070 | NjRAT botnet C2 server (confidence level: 75%) | |
hash80 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%) | |
hash80 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%) | |
hash4044 | SystemBC botnet C2 server (confidence level: 100%) | |
hash4383 | SystemBC botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9999 | Sliver botnet C2 server (confidence level: 50%) | |
hash4506 | Deimos botnet C2 server (confidence level: 50%) | |
hash10250 | Deimos botnet C2 server (confidence level: 50%) | |
hash80 | Havoc botnet C2 server (confidence level: 50%) | |
hash2078 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash995 | QakBot botnet C2 server (confidence level: 50%) | |
hash8888 | DCRat botnet C2 server (confidence level: 50%) | |
hash3000 | DCRat botnet C2 server (confidence level: 50%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash50555 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash443 | FAKEUPDATES botnet C2 server (confidence level: 50%) | |
hash80 | WhiteSnake Stealer botnet C2 server (confidence level: 100%) | |
hash4001 | WhiteSnake Stealer botnet C2 server (confidence level: 100%) | |
hash8080 | WhiteSnake Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash27667 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash2024 | Remcos botnet C2 server (confidence level: 75%) | |
hash8848 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hashd72628520b0978a1b1be32f975676858c3d3476c | Formbook payload (confidence level: 95%) | |
hashbcc5a9772d5c0d2a0db971eff31f5a0e6feccdd6cb8defccbea6f00b5967cf38 | Formbook payload (confidence level: 95%) | |
hash6eb32cf2b1d4a3b38ef372e6c1d76b04 | Formbook payload (confidence level: 95%) | |
hasha20426667bc9591e446678c357e32cb969b59caf | RedLine Stealer payload (confidence level: 95%) | |
hash1a4e9865bdd049e0af9744de415b4bca7da2752ea21ce6c547f37f962b5e6aa9 | RedLine Stealer payload (confidence level: 95%) | |
hashc59018e21b1517bc2743b1d9a3c2391a | RedLine Stealer payload (confidence level: 95%) | |
hash9f515ba8edefb0c2d1213816472c912c97fa1c8e | RedLine Stealer payload (confidence level: 95%) | |
hashb3ca04d731ce63ef0fb3cae7db9ae14b8ff9c0ae842b83ac80eaa8ef459f9672 | RedLine Stealer payload (confidence level: 95%) | |
hashd3c642ecc3418adbc9d7675bbdf5162d | RedLine Stealer payload (confidence level: 95%) | |
hash34a1bc065cd9413b783ad9e0e78d2996415186a4 | Agent Tesla payload (confidence level: 95%) | |
hashd2f23dc9b7b97472f7996e14c836b6571e23c79ee585d6d4c8f13ef7ae101d6e | Agent Tesla payload (confidence level: 95%) | |
hash2e1fea17aeea8852800f17ead782ca53 | Agent Tesla payload (confidence level: 95%) | |
hash1a54605adbd8e04175831efd65076aed86962f1e | Agent Tesla payload (confidence level: 95%) | |
hash0cdd89801edc2304d208f9dca70cbe0248f5cf55876c827a275a57560fa396fe | Agent Tesla payload (confidence level: 95%) | |
hashcfaef1fbcfc3a09ccc8baf621b681025 | Agent Tesla payload (confidence level: 95%) | |
hash0492efdb72f1800210283243ee5be8f08ec3874a | Agent Tesla payload (confidence level: 95%) | |
hash50e85468becf2a5b858a1cd14362899128ccda25c01b428f52ddc033bb95ad65 | Agent Tesla payload (confidence level: 95%) | |
hashfcb5172319bbca6eb3c03d589404c926 | Agent Tesla payload (confidence level: 95%) | |
hash12bda6495b055744cdbc90b923d173d971d2e911 | Formbook payload (confidence level: 95%) | |
hash3a75fb4d55ecf3434b2efaa95586e88ebb354908ba64007ad660abd022d1a971 | Formbook payload (confidence level: 95%) | |
hash57b103708d48a606283b50b9f02effa1 | Formbook payload (confidence level: 95%) | |
hashaa8cb619778e5086de63ef93d3aea6f9863d4fb8 | Formbook payload (confidence level: 95%) | |
hashd2585129c23de9308dfdc114f4997f8ec6dafa1057669718e27f0467cf66ad2c | Formbook payload (confidence level: 95%) | |
hash14e46bbab699b36b4dd13c1534c9d6cf | Formbook payload (confidence level: 95%) | |
hash647722280956067d09d262120776a954b64d4fa2 | RedLine Stealer payload (confidence level: 95%) | |
hashed2658bd38914a6718e2e4f09e6d23c2b6c763e90f93646c580b85c33fd2c59e | RedLine Stealer payload (confidence level: 95%) | |
hash6e75d28e8c62737302435c206d401ecc | RedLine Stealer payload (confidence level: 95%) | |
hash19781381bd5043aafbabf0a6d90c1569e58f0d5a | Remcos payload (confidence level: 95%) | |
hashc4dd9ec83dc0b304101fa6b2f37d93aae8921bab88ca6e49a6a8eb18d390ed79 | Remcos payload (confidence level: 95%) | |
hashfe4ebc62a5498c4d43699abe554febb0 | Remcos payload (confidence level: 95%) | |
hash2efd04525dd2d33d9747dbca351ac66b7e3d6d66 | SigLoader payload (confidence level: 95%) | |
hashc75f6b872b500f4837f0f842407dfec4b94dfd6c7063bae5db970e1af25832c9 | SigLoader payload (confidence level: 95%) | |
hash3df209bb74897aaaec034d5e55b9074a | SigLoader payload (confidence level: 95%) | |
hash9752572ae0dc227f7c59d941f98c3bbc91b8c2df | Agent Tesla payload (confidence level: 95%) | |
hash7b5b3b4a6c48e02876912202d71c7a1eb9781dad619e578029127921143ff8cb | Agent Tesla payload (confidence level: 95%) | |
hash35b192754ef411c65e6584e8f3cc3e43 | Agent Tesla payload (confidence level: 95%) | |
hashb1962c33fd224cded2bf491faf9275b81ea0497c | KrakenKeylogger payload (confidence level: 95%) | |
hash1be835ea4db4fde3dfee8c6d479ad512901305614850ca3d7d8db9d4a8281fdc | KrakenKeylogger payload (confidence level: 95%) | |
hashe2e7773968433ec9d72c5bf4b1eb8d21 | KrakenKeylogger payload (confidence level: 95%) | |
hash6a02b0ccedabcbcfd87daecb1644978572c491dd | Stealc payload (confidence level: 95%) | |
hasha39025ba87aeb692a67eb42b6c674669fc913901ea715cf6916571adb3c61e5c | Stealc payload (confidence level: 95%) | |
hash984078883ef29280604ea2af64a208ea | Stealc payload (confidence level: 95%) | |
hash994c395789f7c3c064ac9496f1f90bf2d5aa33c4 | Formbook payload (confidence level: 95%) | |
hashecbe5fc91c1f222a1c53519063e12f750bec0bc4eb392776de2ebcec58d77287 | Formbook payload (confidence level: 95%) | |
hash6c40adafc072321f2ca0749ff31adac8 | Formbook payload (confidence level: 95%) | |
hasha34e2dc19b40abaff6572526a4432647fc99420f | Formbook payload (confidence level: 95%) | |
hashf5a619550aab65a70f97f1128411ccd053444254ebb1df49d2d908c0e154d66b | Formbook payload (confidence level: 95%) | |
hash7ed6256cb498f5a987aba753c51da2e8 | Formbook payload (confidence level: 95%) | |
hash5e07a0b068b73b2c98b8aa44d96f2ad3b1b3b5a5 | SystemBC payload (confidence level: 95%) | |
hashdeb1116c4183fb13e12441140167656729cf3a6b32b6488f2b6b72d578536e01 | SystemBC payload (confidence level: 95%) | |
hashd4bed9420bd66fbf3c483e1dacabb726 | SystemBC payload (confidence level: 95%) | |
hashd478161c439a2455370644ad9cd0bed4ed743ab5 | Kutaki payload (confidence level: 95%) | |
hash6cffe7a63ec7e31aee6425c2c6ea5259f16c9e817b4bafbd3a8d8283f86d84d4 | Kutaki payload (confidence level: 95%) | |
hashb53f4a29e8f17c661eff669b55504b59 | Kutaki payload (confidence level: 95%) | |
hash0c924b5d2e26cfdc4c2657b7b43634a1fd815189 | KrakenKeylogger payload (confidence level: 95%) | |
hash03eaee082ee63bf79525e2edeb6f406d2ffca6feab4aada8f03dc98740d28a44 | KrakenKeylogger payload (confidence level: 95%) | |
hash57de6354241c9ed4fa84dd82bcfa4ad9 | KrakenKeylogger payload (confidence level: 95%) | |
hashd973e49364a31c2fa86479b17aaafd80815f49a8 | KrakenKeylogger payload (confidence level: 95%) | |
hash3d42be817eb0a150a642713d3234847e943dce60e98a3e9722d9fa01d5c880c4 | KrakenKeylogger payload (confidence level: 95%) | |
hashd8daf5dd7816250aa778a6f83f073d69 | KrakenKeylogger payload (confidence level: 95%) | |
hashe74d7af541c85d2ac76ca209d731205aa263d227 | KrakenKeylogger payload (confidence level: 95%) | |
hash7f10244723a1708686bb1fb39c9832ac40ce5222cfb8bac5297b15034629ed58 | KrakenKeylogger payload (confidence level: 95%) | |
hashfc7fa4f4fb4426427384e041bac39740 | KrakenKeylogger payload (confidence level: 95%) | |
hashe24bc7db313279667cb17da86e0b7b5e138cbd7b | Agent Tesla payload (confidence level: 95%) | |
hash1191d3f484d35c7e4d42ac7bcdd2227930f848383873d914e8010bfe637e0122 | Agent Tesla payload (confidence level: 95%) | |
hasha745a3b88dc871f9b23f5f6b1e84e51e | Agent Tesla payload (confidence level: 95%) | |
hash2e07c02af7599bfb272cb40b6729cc40d34e5066 | Agent Tesla payload (confidence level: 95%) | |
hash8ce818c607ea14dfa89c7a1ffacb4d2ecec45ddc34da65cd1298ad522f317e63 | Agent Tesla payload (confidence level: 95%) | |
hasha87472828e1822c69d04fb6fa679cce5 | Agent Tesla payload (confidence level: 95%) | |
hashd7bfb660bc392f6c8e905382f8fb4bf54db38d05 | Agent Tesla payload (confidence level: 95%) | |
hashd22da7b322ba050e2e39b6b724daec52887e2610b1d461ab8cde4027e7cb4308 | Agent Tesla payload (confidence level: 95%) | |
hash7aef83fe22b74be37f2e77fa5222950d | Agent Tesla payload (confidence level: 95%) | |
hash1ea7970aa6e223d52f206a9a3d89d8747571b8ee | Remcos payload (confidence level: 95%) | |
hashedd45e1320b7fbbc8b7ce2907c5bade1e1cc0a92d940fa738b4fa8a0e52e37b7 | Remcos payload (confidence level: 95%) | |
hashbecd8ce44a82d410cd395f4a7651869a | Remcos payload (confidence level: 95%) | |
hash6a25e71039489abc73306178e9152e552e2446ab | SigLoader payload (confidence level: 95%) | |
hasha41339abaddb69089a4fbba54fc00769c123de025a1507d0130a3203fb5d0834 | SigLoader payload (confidence level: 95%) | |
hash806a9b20a38e7975e51a48f754515868 | SigLoader payload (confidence level: 95%) | |
hash7146bcad2893ba2eb83885b341a9f8a01336bcb2 | Remcos payload (confidence level: 95%) | |
hash5b59d8ed228cb76f38ac659ed5e4e7673b587a3833ebdef23442147ab5a6b5f2 | Remcos payload (confidence level: 95%) | |
hash216034c93412238fb4c86e8576dded6e | Remcos payload (confidence level: 95%) | |
hash26dc699a146f17b14f4bae8511a744648a326ccb | Formbook payload (confidence level: 95%) | |
hashb58ca2a14836ed283ed5b5d653f20c2a42077d4d7b6b4cbe2ad6bc2ab532db07 | Formbook payload (confidence level: 95%) | |
hash7e2124dbe1043d3041d86b37a446c7ae | Formbook payload (confidence level: 95%) | |
hash6cba8338b2c9edf292cc56419ddf42b4cf5e8a7b | Formbook payload (confidence level: 95%) | |
hasha9acdedbcc185292379f90b97ab6f584461d59aba50542a8fb50f1c2948d8d8c | Formbook payload (confidence level: 95%) | |
hashdf9b85d2e11f42d4c6b838c9bb020d3d | Formbook payload (confidence level: 95%) | |
hashdbfcd82dee641a842920006afd10cb2c157677c4 | Agent Tesla payload (confidence level: 95%) | |
hash905208a3608924e148f0b9bd733eb40c9f02edf10b27b43cd6e742f4bb4f62c3 | Agent Tesla payload (confidence level: 95%) | |
hashdb8636ac6870d96da55bcefd20ee18eb | Agent Tesla payload (confidence level: 95%) | |
hash7dc3c25615122043bec9ceda719b58be4f2c9af6 | Agent Tesla payload (confidence level: 95%) | |
hash98cb5b0b2e8b3b8fa9fe79ba311ace462ae509669316cf54593b3aac402188f8 | Agent Tesla payload (confidence level: 95%) | |
hash15bf0f43c13fba63ba0ed31dd40dcd3d | Agent Tesla payload (confidence level: 95%) | |
hashd0579e58bd29087a4bfe46422b2779fb369716aa | Agent Tesla payload (confidence level: 95%) | |
hash20205ee834a7f1d7e44e139697b1ed8600a3301a5029cbfe9db8dd8a3ae13f20 | Agent Tesla payload (confidence level: 95%) | |
hashf400361c7ea460fe440409388300e3ea | Agent Tesla payload (confidence level: 95%) | |
hash029b4f886bde1804e201db5bdb261af41de18b72 | SigLoader payload (confidence level: 95%) | |
hasha1ceb961c3797e6999092bc934714401ac7dd83139223ecc8b5e5b2c08e79c5c | SigLoader payload (confidence level: 95%) | |
hash3ae03f156f2c2f54e69bae05694b5f6b | SigLoader payload (confidence level: 95%) | |
hash9a902f4b721e08bdc630c72031994e037278592e | Formbook payload (confidence level: 95%) | |
hash8530446a085c1700fc1ce3e5e21afc356d9701ed553edbfceaed8233ab2c9d95 | Formbook payload (confidence level: 95%) | |
hash5d0711edf41f420c3d84890567b6db3f | Formbook payload (confidence level: 95%) | |
hash26d6cc6e1d577f78a7d0cf5b0531185305fe7351 | Agent Tesla payload (confidence level: 95%) | |
hash3355e6a64aba410d637dfbe6be4bb831629ca94b25af57d6265043b24317b1d7 | Agent Tesla payload (confidence level: 95%) | |
hash148d6d25d864fbdae734be252cc4c926 | Agent Tesla payload (confidence level: 95%) | |
hashd8a050750f7fdc5038d4164c8f7d247d2cecf7a9 | Formbook payload (confidence level: 95%) | |
hash8b5376bda7dabd5355e17ed2d29a76b466f5197841a35568276c843e332835b4 | Formbook payload (confidence level: 95%) | |
hash461a238903404999e36835284a2eaaf7 | Formbook payload (confidence level: 95%) | |
hasha543433469898da17bf5599c0e45cd8e559e344f | Formbook payload (confidence level: 95%) | |
hash18bb8b44a363513d2359eaf430f2e0a1559b6405d66269f4a77c3d052cfe01a9 | Formbook payload (confidence level: 95%) | |
hash71813501b8b4a01c69cd70546704265a | Formbook payload (confidence level: 95%) | |
hash4aa6d9ddde36f5fb0a220a8551710b620f898cb2 | Agent Tesla payload (confidence level: 95%) | |
hash4f3b0833c198dbc9e4ef82ef8f6dbf3d5211540858ee48972384a3fc799d0d5c | Agent Tesla payload (confidence level: 95%) | |
hash12a2fc06d67f104935d8507367a558b7 | Agent Tesla payload (confidence level: 95%) | |
hash0fd9b3ec5d55916890ce35e8dd47cb6b919576dc | Formbook payload (confidence level: 95%) | |
hashf303624986bcad8a2b4dcf857b5fc82f54c933082c0849dd633e9c1651afde98 | Formbook payload (confidence level: 95%) | |
hash523007bc2f106dabe9057f0096aa53c3 | Formbook payload (confidence level: 95%) | |
hash5000cc33d347ca97a831a1e8da4ff0e21d6063d8 | RedLine Stealer payload (confidence level: 95%) | |
hashaf9aa22b8ab619d43885d9a8e45d4b3bc0abf031d6c4a0e55ba24e52dbd7440b | RedLine Stealer payload (confidence level: 95%) | |
hash39696059c052a611f44b44960417cfe2 | RedLine Stealer payload (confidence level: 95%) | |
hash05735b0f2503a5f55cd3799306d80540558c86bf | Agent Tesla payload (confidence level: 95%) | |
hash031c712370f6c655fdd1e11f2eecae2065106e3f6588415dd9dfb42914e557ec | Agent Tesla payload (confidence level: 95%) | |
hasha5600816a7e60f1ac466eb56bbfbbbd4 | Agent Tesla payload (confidence level: 95%) | |
hash74a19052a8e57eab17827d88172aa08e270c2171 | KrakenKeylogger payload (confidence level: 95%) | |
hashf801b09d24cdce0bbcbe6787af8881bf78a7d3e7dd807610d7f0766505d9a380 | KrakenKeylogger payload (confidence level: 95%) | |
hash9d42dec969d29b523c3bb2cef28b79c2 | KrakenKeylogger payload (confidence level: 95%) | |
hashff5ca08e6d69cb68a76422e804b0574d551ed20e | AsyncRAT payload (confidence level: 95%) | |
hash94c1b83e9181e597748af34aa30324fa001324bd12d33b12aa01e2a05ba779d6 | AsyncRAT payload (confidence level: 95%) | |
hash090b76b0c6152ea71f08d1e9ae8f3742 | AsyncRAT payload (confidence level: 95%) | |
hashca669cb8ad948f50ed48c94e573a777f2675674f | Agent Tesla payload (confidence level: 95%) | |
hash7e9ace80bb54631d6c392281fe75cf4e1b171aebbcc863b7e72054931bde64c8 | Agent Tesla payload (confidence level: 95%) | |
hash9c37c66c98472fa368e39fefbef31906 | Agent Tesla payload (confidence level: 95%) | |
hash471ca8e134500ea255230801392af877a7bf0406 | Agent Tesla payload (confidence level: 95%) | |
hashde56c70d9543d35a0f93def14072e42a9df2b35f5b087fac3bfedd49c3f42ee6 | Agent Tesla payload (confidence level: 95%) | |
hashe7cf57a95364551414e40bf162837aac | Agent Tesla payload (confidence level: 95%) | |
hash0acb3c5b6a6bd568656c7dc9f2bebaf0ea01207a | RedLine Stealer payload (confidence level: 95%) | |
hashc54eb244078dcaf2472c85bcce337b152dc24154d6a03004a29e4f4069d49d71 | RedLine Stealer payload (confidence level: 95%) | |
hashc313d79bb52d3dc1a0fdd298a6c47810 | RedLine Stealer payload (confidence level: 95%) | |
hash6dc9f3042ae2074c22e0aaf2e3e3219ff90e5e94 | Formbook payload (confidence level: 95%) | |
hashd3f18f0a0b2c7b7f8e365b00f804f76f0b747824086c5a9530471efd1ebf5174 | Formbook payload (confidence level: 95%) | |
hashf5b20b005cbb604eec709f984166ca68 | Formbook payload (confidence level: 95%) | |
hash60314c8dbbc9c580d2a6fe200c2e1d54d8c50dd4 | KrakenKeylogger payload (confidence level: 95%) | |
hashdd8c615426bbc9886f9b46b963a623ab635ae6e317a244b4165acfd9d82ef26d | KrakenKeylogger payload (confidence level: 95%) | |
hashe2b13741239300cb44272592622cc9df | KrakenKeylogger payload (confidence level: 95%) | |
hasha983f060136b7e9cdad0d8104e7e7196fcdf7a64 | Formbook payload (confidence level: 95%) | |
hash2d55ed1991f2e9ce5b6fc82d7c0affe25df64f8e16f300d71d8a6dd62c410794 | Formbook payload (confidence level: 95%) | |
hashd325a77c13e5fd197dee37b78ce8bce0 | Formbook payload (confidence level: 95%) | |
hash9e8ae6773e7e540d6a16fb2b84a4e8d9d67d9d25 | Remcos payload (confidence level: 95%) | |
hashdda1fa947466fe10367cab597941c144606d85b2d03efebee9acdb2c9b0e693a | Remcos payload (confidence level: 95%) | |
hash6cc46e8806eca732f501d5a2bf6ad434 | Remcos payload (confidence level: 95%) | |
hashddfd08661f0f3a515c3802cf3042b002d1748d53 | Agent Tesla payload (confidence level: 95%) | |
hash564d2275edd8f622be6717d156c627a346f330549ca2f266985e49a4e5e17204 | Agent Tesla payload (confidence level: 95%) | |
hash86b91372dc46212aa7f5310339a6f7f3 | Agent Tesla payload (confidence level: 95%) | |
hashe27a61a67b4c103595135df9567cac7152d93765 | Formbook payload (confidence level: 95%) | |
hashd3b852f73cf956335e5cd16bcf94d255065c04b13dc9efb34fe52fdfe6ffed2d | Formbook payload (confidence level: 95%) | |
hashd1e338f0c608088b7b5aa2e20c3df8ca | Formbook payload (confidence level: 95%) | |
hashce261f6bcaab860b7d5ebd23583663ec41ae0464 | Formbook payload (confidence level: 95%) | |
hashc62267c0ef0af138ffca07372e24e4fb0681d0f1b87bfe798a33a14265791985 | Formbook payload (confidence level: 95%) | |
hash4e89b728a15249b6ec84a738866c0f64 | Formbook payload (confidence level: 95%) | |
hash842a457a15cd9b35c930e86aa3adca801231c0c9 | Agent Tesla payload (confidence level: 95%) | |
hashb43813d1e597a0633fc8693d5921688a8b189cfdc6c74fda22e42c2aefa3270c | Agent Tesla payload (confidence level: 95%) | |
hashb78a41cfedbd72be9cda0c2e8b456b9b | Agent Tesla payload (confidence level: 95%) | |
hash653f63e14f59b6049559dc487b9f3210ff2bdaef | Formbook payload (confidence level: 95%) | |
hash1e978f9081a38530567bd778d25cebdf6297ce2f8c6d1fed644d75ac102fd567 | Formbook payload (confidence level: 95%) | |
hash51989583bada20d6d17d602cc0277322 | Formbook payload (confidence level: 95%) | |
hash4e93e38d13481d6bd2439613630976409b67983a | Remcos payload (confidence level: 95%) | |
hash9962c1342cb0ac4e1af01df52f756b70992a0ced5a53e46f770a196033f3762d | Remcos payload (confidence level: 95%) | |
hash1729c7a8fa433e28bd4de61cc5317840 | Remcos payload (confidence level: 95%) | |
hash3fd75d798773bbb29b26a4c9b9c0635ff52fee57 | MyDoom payload (confidence level: 95%) | |
hash9a75c8e353df060ec927ada5990402b57764275f2a860d9cf500a661ec3de060 | MyDoom payload (confidence level: 95%) | |
hashcdc7a9e456810fd6d0a5f9129c633c03 | MyDoom payload (confidence level: 95%) | |
hashd27576bb00da17e68f302f4408a74f32e96fc267 | Agent Tesla payload (confidence level: 95%) | |
hashb2e8f6340ca878d0c0a82b6ec6a7d88d9e2dfc6cf72f81bda974d888f95f1713 | Agent Tesla payload (confidence level: 95%) | |
hash078bbe7eaeaf7e7cc2ed22c372de38c4 | Agent Tesla payload (confidence level: 95%) | |
hash46d7a3f48137b25322493c4c7f6504dc61f5ad77 | KrakenKeylogger payload (confidence level: 95%) | |
hash1f51b20b036ab4a0a771bf194dad836cf7102a92b9c08791aa3a0d8e370cc1a3 | KrakenKeylogger payload (confidence level: 95%) | |
hash785969b0d48577558e3dc2a55d58513d | KrakenKeylogger payload (confidence level: 95%) | |
hash2fa62613a8d66c85b29c29e89482b90c91d96f58 | Agent Tesla payload (confidence level: 95%) | |
hashffdec1b87d247393a922973571b8bfa88219a418230abb916105b170e814950a | Agent Tesla payload (confidence level: 95%) | |
hash3ad4e0b624ab5e54bb4c9d65aa30ec7e | Agent Tesla payload (confidence level: 95%) | |
hash4a87e53dc1a570d084e56db622ff95b7d4c421aa | SigLoader payload (confidence level: 95%) | |
hash5c698ae442a9eb13401817b158b8a20f8bf5fe12d38cd7ef1e809ce9cb7a2805 | SigLoader payload (confidence level: 95%) | |
hash206b78f35e7fbe70a015c9b809c0eb23 | SigLoader payload (confidence level: 95%) | |
hash1e4ab7c68cfc37b5ba9f64415bf1e1a9f07dbe0f | Formbook payload (confidence level: 95%) | |
hashec7b25cccfa188e36a22599a08c1e73e8fec9feb2dfe2da047b14d67cabfb8af | Formbook payload (confidence level: 95%) | |
hash7f29957a5bd5e369c982ee3085b294b0 | Formbook payload (confidence level: 95%) | |
hash8f44aa9566f9da9c7086d6da8f080c7a7de52050 | Agent Tesla payload (confidence level: 95%) | |
hash8054c765c0425811e3632409c6bbd9149fde1de08593796957ca55ead7e9e683 | Agent Tesla payload (confidence level: 95%) | |
hashbb277f03c2e761e03643369ef4d9f1da | Agent Tesla payload (confidence level: 95%) | |
hash83c73ab3c57ad7c32d690b9f3016f1548535c1ff | Agent Tesla payload (confidence level: 95%) | |
hash91aaa529420c12fbd34da00273de2453c206c09d994802f0b2eb7e89fbe7a0c2 | Agent Tesla payload (confidence level: 95%) | |
hash0554428077178ad08f6323a63f539c20 | Agent Tesla payload (confidence level: 95%) | |
hashc2a9771b309720a91b35b4b3153a114b5a720102 | Formbook payload (confidence level: 95%) | |
hash762efe3855a0243ffc8ea9f326b8dc2c8e00f09a007d492f89dede82c57bf260 | Formbook payload (confidence level: 95%) | |
hash72314affd10ae1bd77e2b94599191c5b | Formbook payload (confidence level: 95%) | |
hash1f500e20f5230e301b630e0e241dcc9275ea56bc | Formbook payload (confidence level: 95%) | |
hash495396710558d490b78663c6569edd7f480b16ca3402c806bf84981d3c77e4cf | Formbook payload (confidence level: 95%) | |
hashce75ac67e0807bc51a33ac11088c0cfe | Formbook payload (confidence level: 95%) | |
hash10d99e3c5738f923ea81d5c2a636a3982a3eccd5 | Formbook payload (confidence level: 95%) | |
hasha1878af056735af8a426971f730e3bbd7fd4e8eb164fe95460c92cae6e8f2541 | Formbook payload (confidence level: 95%) | |
hash316484a421bb5a632ced2725cb123f24 | Formbook payload (confidence level: 95%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Sliver botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
hash4505 | Deimos botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash8443 | Havoc botnet C2 server (confidence level: 50%) | |
hash80 | Havoc botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash995 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash22 | QakBot botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Domain
Value | Description | Copy |
---|---|---|
domainpendarcc.ir | Loki Password Stealer (PWS) botnet C2 domain (confidence level: 75%) | |
domainb35977a00ebd8086.safe1.lat | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainlldl.xyz | ACR Stealer botnet C2 domain (confidence level: 100%) | |
domainllcl.xyz | ACR Stealer botnet C2 domain (confidence level: 100%) | |
domainllal.xyz | ACR Stealer botnet C2 domain (confidence level: 100%) | |
domainbaqebei1.online | ClearFake botnet C2 domain (confidence level: 49%) | |
domaincdnforfiles.xyz | ClearFake botnet C2 domain (confidence level: 49%) | |
domaind1x9q8w2e4.xyz | ClearFake botnet C2 domain (confidence level: 49%) | |
domainload.memoryloader.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainmemoryloader.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaintheonelartist.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainupgrade.mirrorss.top | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainupdate.mirrorss.top | Cobalt Strike botnet C2 domain (confidence level: 100%) |
Threat ID: 682b7ba5d3ddd8cef2e8858f
Added to database: 5/19/2025, 6:42:45 PM
Last enriched: 6/18/2025, 7:48:05 PM
Last updated: 8/15/2025, 3:15:18 AM
Views: 11
Related Threats
ThreatFox IOCs for 2025-08-18
MediumFake ChatGPT Desktop App Delivering PipeMagic Backdoor, Microsoft
MediumPhishing Scam with Fake Copyright Notices Drops New Noodlophile Stealer Variant
MediumThreatFox IOCs for 2025-08-17
MediumThreatFox IOCs for 2025-08-16
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.