Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

ThreatFox IOCs for 2024-06-03

Medium
Malwaretype:osinttlp:white
Published: Mon Jun 03 2024 (06/03/2024, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2024-06-03

AI-Powered Analysis

AILast updated: 06/18/2025, 19:48:05 UTC

Technical Analysis

The provided threat intelligence concerns a malware-related report titled "ThreatFox IOCs for 2024-06-03," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under the 'osint' product type, indicating that it primarily involves open-source intelligence data rather than a specific software product or version. No affected software versions or specific vulnerabilities are identified, and no Common Weakness Enumerations (CWEs) or patch links are provided. The threat level is rated as 2 on an unspecified scale, with a medium severity classification. The technical details mention a distribution score of 3, suggesting a moderate spread or presence of the malware or associated IOCs. There are no known exploits in the wild linked to this report at the time of publication, and no direct indicators (such as file hashes, IP addresses, or domain names) are included in the data. The absence of detailed technical indicators or exploit information implies that this report serves as a general alert or collection of intelligence rather than a description of an active, targeted campaign or a newly discovered vulnerability. The threat is tagged with 'tlp:white,' indicating that the information is intended for unrestricted sharing. Overall, this intelligence appears to be a medium-severity alert about malware-related IOCs collected or observed around June 3, 2024, without immediate evidence of active exploitation or specific targeted systems.

Potential Impact

Given the lack of specific affected products, versions, or detailed technical indicators, the direct impact on European organizations is currently limited and primarily informational. However, the presence of malware-related IOCs in open-source intelligence suggests ongoing or emerging threats that could potentially be leveraged in future attacks. European organizations, especially those with mature cybersecurity operations, can use this intelligence to enhance their detection capabilities by integrating these IOCs into their security monitoring tools. The medium severity rating indicates a moderate risk level, implying that while no immediate widespread damage is reported, there is a potential for confidentiality, integrity, or availability impacts if the malware is deployed effectively. The absence of known exploits in the wild reduces the immediate threat but does not eliminate the risk of future exploitation. Organizations in sectors with high-value data or critical infrastructure should remain vigilant, as malware threats can evolve rapidly. The broad nature of the report means that the impact assessment must consider the potential for indirect effects, such as increased reconnaissance or preparatory activities by threat actors targeting European entities.

Mitigation Recommendations

To mitigate risks associated with this malware-related threat intelligence, European organizations should: 1) Integrate the provided IOCs from ThreatFox into their Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to improve detection of potential malicious activity. 2) Conduct regular threat hunting exercises using the latest OSINT feeds to identify any early signs of compromise related to these IOCs. 3) Maintain up-to-date malware signatures and heuristic detection capabilities on all endpoint and network security devices. 4) Enhance user awareness training focusing on recognizing phishing and social engineering tactics that often accompany malware distribution. 5) Implement network segmentation and strict access controls to limit lateral movement if an infection occurs. 6) Establish and regularly test incident response plans to ensure rapid containment and remediation in case of malware detection. 7) Collaborate with national Computer Security Incident Response Teams (CSIRTs) and share relevant findings to contribute to collective defense efforts. These measures go beyond generic advice by emphasizing proactive integration of OSINT-derived IOCs and active threat hunting tailored to the evolving malware landscape.

Affected Countries

GermanyGermany
FranceFrance
United KingdomUnited Kingdom
NetherlandsNetherlands
ItalyItaly
SpainSpain
PolandPoland
Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
0f658d93-4b89-43fc-ae4c-8cdd3d42a581
Original Timestamp
1717459386

Indicators of Compromise

Url

ValueDescriptionCopy
urlhttps://ieshua.org/reports.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://ingahanka.de/reports.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttp://221.15.22.4:35121/mozi.m
Mozi payload delivery URL (confidence level: 50%)
urlhttp://b35977a00ebd8086.safe1.lat/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.71.81.174:9998/8zef
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://bvp.ch/transfer-agreement-concept
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://inpersonakbh.dk/reports.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttp://8.222.230.186/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://106.53.207.158:8080/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://139.196.191.50:8088/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://114.132.87.9/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://81.68.253.22/pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://111.229.142.238:6379/ptj
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://bvp.ch/hold-harmless-agreement-car-accident/
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://intermissionhostel.no/reports.php
GootLoader payload delivery URL (confidence level: 100%)
urlhttps://65.108.55.55:9000
Vidar botnet C2 (confidence level: 49%)
urlhttps://91.107.221.88:9000
Vidar botnet C2 (confidence level: 49%)
urlhttps://theonelartist.com/cdn-vs/original.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://theonelartist.com/cdn-vs/cache.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://theonelartist.com/cdn-vs/2per.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://101.35.42.157/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://47.99.194.96/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.245.42.208/_/scs/mail-static/_/js/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://94.232.249.46/tab_home.js
Cobalt Strike botnet C2 (confidence level: 100%)

File

ValueDescriptionCopy
file18.158.249.75
NjRAT botnet C2 server (confidence level: 75%)
file18.192.31.165
NjRAT botnet C2 server (confidence level: 75%)
file3.124.142.205
NjRAT botnet C2 server (confidence level: 75%)
file3.134.125.175
NjRAT botnet C2 server (confidence level: 75%)
file3.125.102.39
NjRAT botnet C2 server (confidence level: 75%)
file193.161.193.99
NjRAT botnet C2 server (confidence level: 75%)
file147.78.103.81
Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%)
file185.159.153.84
Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%)
file212.114.52.163
SystemBC botnet C2 server (confidence level: 100%)
file185.43.220.45
SystemBC botnet C2 server (confidence level: 100%)
file110.42.248.7
AsyncRAT botnet C2 server (confidence level: 100%)
file18.207.197.162
Sliver botnet C2 server (confidence level: 50%)
file117.139.140.7
Deimos botnet C2 server (confidence level: 50%)
file49.119.120.21
Deimos botnet C2 server (confidence level: 50%)
file159.100.29.70
Havoc botnet C2 server (confidence level: 50%)
file70.27.138.67
QakBot botnet C2 server (confidence level: 50%)
file77.126.87.47
QakBot botnet C2 server (confidence level: 50%)
file75.173.34.175
QakBot botnet C2 server (confidence level: 50%)
file105.154.220.55
QakBot botnet C2 server (confidence level: 50%)
file222.239.101.244
DCRat botnet C2 server (confidence level: 50%)
file46.246.86.8
DCRat botnet C2 server (confidence level: 50%)
file13.54.165.166
Unknown malware botnet C2 server (confidence level: 50%)
file147.78.103.131
Unknown malware botnet C2 server (confidence level: 50%)
file91.151.89.217
Unknown malware botnet C2 server (confidence level: 50%)
file50.114.37.52
FAKEUPDATES botnet C2 server (confidence level: 50%)
file149.88.44.159
WhiteSnake Stealer botnet C2 server (confidence level: 100%)
file173.212.209.190
WhiteSnake Stealer botnet C2 server (confidence level: 100%)
file45.147.99.158
WhiteSnake Stealer botnet C2 server (confidence level: 100%)
file8.222.230.186
Cobalt Strike botnet C2 server (confidence level: 100%)
file114.132.87.9
Cobalt Strike botnet C2 server (confidence level: 100%)
file147.45.47.36
RedLine Stealer botnet C2 server (confidence level: 100%)
file96.47.235.152
Remcos botnet C2 server (confidence level: 75%)
file103.179.189.111
AsyncRAT botnet C2 server (confidence level: 75%)
file101.35.42.157
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.85.25.168
Sliver botnet C2 server (confidence level: 50%)
file86.104.72.20
Unknown malware botnet C2 server (confidence level: 50%)
file52.68.210.54
Brute Ratel C4 botnet C2 server (confidence level: 50%)
file140.249.32.175
Deimos botnet C2 server (confidence level: 50%)
file121.37.252.50
Havoc botnet C2 server (confidence level: 50%)
file43.143.170.206
Havoc botnet C2 server (confidence level: 50%)
file103.245.39.231
Havoc botnet C2 server (confidence level: 50%)
file45.92.9.110
Havoc botnet C2 server (confidence level: 50%)
file184.63.156.240
QakBot botnet C2 server (confidence level: 50%)
file39.40.161.183
QakBot botnet C2 server (confidence level: 50%)
file149.109.241.64
QakBot botnet C2 server (confidence level: 50%)
file217.165.157.202
QakBot botnet C2 server (confidence level: 50%)
file35.202.169.153
Unknown malware botnet C2 server (confidence level: 50%)
file106.75.75.24
Unknown malware botnet C2 server (confidence level: 50%)
file47.113.192.177
Unknown malware botnet C2 server (confidence level: 50%)
file8.138.119.106
Unknown malware botnet C2 server (confidence level: 50%)
file35.184.180.199
Unknown malware botnet C2 server (confidence level: 50%)
file94.156.68.17
Unknown malware botnet C2 server (confidence level: 50%)
file47.99.194.96
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.245.42.208
Cobalt Strike botnet C2 server (confidence level: 100%)
file94.232.249.46
Cobalt Strike botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash18801
NjRAT botnet C2 server (confidence level: 75%)
hash18801
NjRAT botnet C2 server (confidence level: 75%)
hash18801
NjRAT botnet C2 server (confidence level: 75%)
hash16424
NjRAT botnet C2 server (confidence level: 75%)
hash16276
NjRAT botnet C2 server (confidence level: 75%)
hash44070
NjRAT botnet C2 server (confidence level: 75%)
hash80
Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%)
hash80
Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%)
hash4044
SystemBC botnet C2 server (confidence level: 100%)
hash4383
SystemBC botnet C2 server (confidence level: 100%)
hash4449
AsyncRAT botnet C2 server (confidence level: 100%)
hash9999
Sliver botnet C2 server (confidence level: 50%)
hash4506
Deimos botnet C2 server (confidence level: 50%)
hash10250
Deimos botnet C2 server (confidence level: 50%)
hash80
Havoc botnet C2 server (confidence level: 50%)
hash2078
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash995
QakBot botnet C2 server (confidence level: 50%)
hash8888
DCRat botnet C2 server (confidence level: 50%)
hash3000
DCRat botnet C2 server (confidence level: 50%)
hash443
Unknown malware botnet C2 server (confidence level: 50%)
hash50555
Unknown malware botnet C2 server (confidence level: 50%)
hash80
Unknown malware botnet C2 server (confidence level: 50%)
hash443
FAKEUPDATES botnet C2 server (confidence level: 50%)
hash80
WhiteSnake Stealer botnet C2 server (confidence level: 100%)
hash4001
WhiteSnake Stealer botnet C2 server (confidence level: 100%)
hash8080
WhiteSnake Stealer botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash27667
RedLine Stealer botnet C2 server (confidence level: 100%)
hash2024
Remcos botnet C2 server (confidence level: 75%)
hash8848
AsyncRAT botnet C2 server (confidence level: 75%)
hashd72628520b0978a1b1be32f975676858c3d3476c
Formbook payload (confidence level: 95%)
hashbcc5a9772d5c0d2a0db971eff31f5a0e6feccdd6cb8defccbea6f00b5967cf38
Formbook payload (confidence level: 95%)
hash6eb32cf2b1d4a3b38ef372e6c1d76b04
Formbook payload (confidence level: 95%)
hasha20426667bc9591e446678c357e32cb969b59caf
RedLine Stealer payload (confidence level: 95%)
hash1a4e9865bdd049e0af9744de415b4bca7da2752ea21ce6c547f37f962b5e6aa9
RedLine Stealer payload (confidence level: 95%)
hashc59018e21b1517bc2743b1d9a3c2391a
RedLine Stealer payload (confidence level: 95%)
hash9f515ba8edefb0c2d1213816472c912c97fa1c8e
RedLine Stealer payload (confidence level: 95%)
hashb3ca04d731ce63ef0fb3cae7db9ae14b8ff9c0ae842b83ac80eaa8ef459f9672
RedLine Stealer payload (confidence level: 95%)
hashd3c642ecc3418adbc9d7675bbdf5162d
RedLine Stealer payload (confidence level: 95%)
hash34a1bc065cd9413b783ad9e0e78d2996415186a4
Agent Tesla payload (confidence level: 95%)
hashd2f23dc9b7b97472f7996e14c836b6571e23c79ee585d6d4c8f13ef7ae101d6e
Agent Tesla payload (confidence level: 95%)
hash2e1fea17aeea8852800f17ead782ca53
Agent Tesla payload (confidence level: 95%)
hash1a54605adbd8e04175831efd65076aed86962f1e
Agent Tesla payload (confidence level: 95%)
hash0cdd89801edc2304d208f9dca70cbe0248f5cf55876c827a275a57560fa396fe
Agent Tesla payload (confidence level: 95%)
hashcfaef1fbcfc3a09ccc8baf621b681025
Agent Tesla payload (confidence level: 95%)
hash0492efdb72f1800210283243ee5be8f08ec3874a
Agent Tesla payload (confidence level: 95%)
hash50e85468becf2a5b858a1cd14362899128ccda25c01b428f52ddc033bb95ad65
Agent Tesla payload (confidence level: 95%)
hashfcb5172319bbca6eb3c03d589404c926
Agent Tesla payload (confidence level: 95%)
hash12bda6495b055744cdbc90b923d173d971d2e911
Formbook payload (confidence level: 95%)
hash3a75fb4d55ecf3434b2efaa95586e88ebb354908ba64007ad660abd022d1a971
Formbook payload (confidence level: 95%)
hash57b103708d48a606283b50b9f02effa1
Formbook payload (confidence level: 95%)
hashaa8cb619778e5086de63ef93d3aea6f9863d4fb8
Formbook payload (confidence level: 95%)
hashd2585129c23de9308dfdc114f4997f8ec6dafa1057669718e27f0467cf66ad2c
Formbook payload (confidence level: 95%)
hash14e46bbab699b36b4dd13c1534c9d6cf
Formbook payload (confidence level: 95%)
hash647722280956067d09d262120776a954b64d4fa2
RedLine Stealer payload (confidence level: 95%)
hashed2658bd38914a6718e2e4f09e6d23c2b6c763e90f93646c580b85c33fd2c59e
RedLine Stealer payload (confidence level: 95%)
hash6e75d28e8c62737302435c206d401ecc
RedLine Stealer payload (confidence level: 95%)
hash19781381bd5043aafbabf0a6d90c1569e58f0d5a
Remcos payload (confidence level: 95%)
hashc4dd9ec83dc0b304101fa6b2f37d93aae8921bab88ca6e49a6a8eb18d390ed79
Remcos payload (confidence level: 95%)
hashfe4ebc62a5498c4d43699abe554febb0
Remcos payload (confidence level: 95%)
hash2efd04525dd2d33d9747dbca351ac66b7e3d6d66
SigLoader payload (confidence level: 95%)
hashc75f6b872b500f4837f0f842407dfec4b94dfd6c7063bae5db970e1af25832c9
SigLoader payload (confidence level: 95%)
hash3df209bb74897aaaec034d5e55b9074a
SigLoader payload (confidence level: 95%)
hash9752572ae0dc227f7c59d941f98c3bbc91b8c2df
Agent Tesla payload (confidence level: 95%)
hash7b5b3b4a6c48e02876912202d71c7a1eb9781dad619e578029127921143ff8cb
Agent Tesla payload (confidence level: 95%)
hash35b192754ef411c65e6584e8f3cc3e43
Agent Tesla payload (confidence level: 95%)
hashb1962c33fd224cded2bf491faf9275b81ea0497c
KrakenKeylogger payload (confidence level: 95%)
hash1be835ea4db4fde3dfee8c6d479ad512901305614850ca3d7d8db9d4a8281fdc
KrakenKeylogger payload (confidence level: 95%)
hashe2e7773968433ec9d72c5bf4b1eb8d21
KrakenKeylogger payload (confidence level: 95%)
hash6a02b0ccedabcbcfd87daecb1644978572c491dd
Stealc payload (confidence level: 95%)
hasha39025ba87aeb692a67eb42b6c674669fc913901ea715cf6916571adb3c61e5c
Stealc payload (confidence level: 95%)
hash984078883ef29280604ea2af64a208ea
Stealc payload (confidence level: 95%)
hash994c395789f7c3c064ac9496f1f90bf2d5aa33c4
Formbook payload (confidence level: 95%)
hashecbe5fc91c1f222a1c53519063e12f750bec0bc4eb392776de2ebcec58d77287
Formbook payload (confidence level: 95%)
hash6c40adafc072321f2ca0749ff31adac8
Formbook payload (confidence level: 95%)
hasha34e2dc19b40abaff6572526a4432647fc99420f
Formbook payload (confidence level: 95%)
hashf5a619550aab65a70f97f1128411ccd053444254ebb1df49d2d908c0e154d66b
Formbook payload (confidence level: 95%)
hash7ed6256cb498f5a987aba753c51da2e8
Formbook payload (confidence level: 95%)
hash5e07a0b068b73b2c98b8aa44d96f2ad3b1b3b5a5
SystemBC payload (confidence level: 95%)
hashdeb1116c4183fb13e12441140167656729cf3a6b32b6488f2b6b72d578536e01
SystemBC payload (confidence level: 95%)
hashd4bed9420bd66fbf3c483e1dacabb726
SystemBC payload (confidence level: 95%)
hashd478161c439a2455370644ad9cd0bed4ed743ab5
Kutaki payload (confidence level: 95%)
hash6cffe7a63ec7e31aee6425c2c6ea5259f16c9e817b4bafbd3a8d8283f86d84d4
Kutaki payload (confidence level: 95%)
hashb53f4a29e8f17c661eff669b55504b59
Kutaki payload (confidence level: 95%)
hash0c924b5d2e26cfdc4c2657b7b43634a1fd815189
KrakenKeylogger payload (confidence level: 95%)
hash03eaee082ee63bf79525e2edeb6f406d2ffca6feab4aada8f03dc98740d28a44
KrakenKeylogger payload (confidence level: 95%)
hash57de6354241c9ed4fa84dd82bcfa4ad9
KrakenKeylogger payload (confidence level: 95%)
hashd973e49364a31c2fa86479b17aaafd80815f49a8
KrakenKeylogger payload (confidence level: 95%)
hash3d42be817eb0a150a642713d3234847e943dce60e98a3e9722d9fa01d5c880c4
KrakenKeylogger payload (confidence level: 95%)
hashd8daf5dd7816250aa778a6f83f073d69
KrakenKeylogger payload (confidence level: 95%)
hashe74d7af541c85d2ac76ca209d731205aa263d227
KrakenKeylogger payload (confidence level: 95%)
hash7f10244723a1708686bb1fb39c9832ac40ce5222cfb8bac5297b15034629ed58
KrakenKeylogger payload (confidence level: 95%)
hashfc7fa4f4fb4426427384e041bac39740
KrakenKeylogger payload (confidence level: 95%)
hashe24bc7db313279667cb17da86e0b7b5e138cbd7b
Agent Tesla payload (confidence level: 95%)
hash1191d3f484d35c7e4d42ac7bcdd2227930f848383873d914e8010bfe637e0122
Agent Tesla payload (confidence level: 95%)
hasha745a3b88dc871f9b23f5f6b1e84e51e
Agent Tesla payload (confidence level: 95%)
hash2e07c02af7599bfb272cb40b6729cc40d34e5066
Agent Tesla payload (confidence level: 95%)
hash8ce818c607ea14dfa89c7a1ffacb4d2ecec45ddc34da65cd1298ad522f317e63
Agent Tesla payload (confidence level: 95%)
hasha87472828e1822c69d04fb6fa679cce5
Agent Tesla payload (confidence level: 95%)
hashd7bfb660bc392f6c8e905382f8fb4bf54db38d05
Agent Tesla payload (confidence level: 95%)
hashd22da7b322ba050e2e39b6b724daec52887e2610b1d461ab8cde4027e7cb4308
Agent Tesla payload (confidence level: 95%)
hash7aef83fe22b74be37f2e77fa5222950d
Agent Tesla payload (confidence level: 95%)
hash1ea7970aa6e223d52f206a9a3d89d8747571b8ee
Remcos payload (confidence level: 95%)
hashedd45e1320b7fbbc8b7ce2907c5bade1e1cc0a92d940fa738b4fa8a0e52e37b7
Remcos payload (confidence level: 95%)
hashbecd8ce44a82d410cd395f4a7651869a
Remcos payload (confidence level: 95%)
hash6a25e71039489abc73306178e9152e552e2446ab
SigLoader payload (confidence level: 95%)
hasha41339abaddb69089a4fbba54fc00769c123de025a1507d0130a3203fb5d0834
SigLoader payload (confidence level: 95%)
hash806a9b20a38e7975e51a48f754515868
SigLoader payload (confidence level: 95%)
hash7146bcad2893ba2eb83885b341a9f8a01336bcb2
Remcos payload (confidence level: 95%)
hash5b59d8ed228cb76f38ac659ed5e4e7673b587a3833ebdef23442147ab5a6b5f2
Remcos payload (confidence level: 95%)
hash216034c93412238fb4c86e8576dded6e
Remcos payload (confidence level: 95%)
hash26dc699a146f17b14f4bae8511a744648a326ccb
Formbook payload (confidence level: 95%)
hashb58ca2a14836ed283ed5b5d653f20c2a42077d4d7b6b4cbe2ad6bc2ab532db07
Formbook payload (confidence level: 95%)
hash7e2124dbe1043d3041d86b37a446c7ae
Formbook payload (confidence level: 95%)
hash6cba8338b2c9edf292cc56419ddf42b4cf5e8a7b
Formbook payload (confidence level: 95%)
hasha9acdedbcc185292379f90b97ab6f584461d59aba50542a8fb50f1c2948d8d8c
Formbook payload (confidence level: 95%)
hashdf9b85d2e11f42d4c6b838c9bb020d3d
Formbook payload (confidence level: 95%)
hashdbfcd82dee641a842920006afd10cb2c157677c4
Agent Tesla payload (confidence level: 95%)
hash905208a3608924e148f0b9bd733eb40c9f02edf10b27b43cd6e742f4bb4f62c3
Agent Tesla payload (confidence level: 95%)
hashdb8636ac6870d96da55bcefd20ee18eb
Agent Tesla payload (confidence level: 95%)
hash7dc3c25615122043bec9ceda719b58be4f2c9af6
Agent Tesla payload (confidence level: 95%)
hash98cb5b0b2e8b3b8fa9fe79ba311ace462ae509669316cf54593b3aac402188f8
Agent Tesla payload (confidence level: 95%)
hash15bf0f43c13fba63ba0ed31dd40dcd3d
Agent Tesla payload (confidence level: 95%)
hashd0579e58bd29087a4bfe46422b2779fb369716aa
Agent Tesla payload (confidence level: 95%)
hash20205ee834a7f1d7e44e139697b1ed8600a3301a5029cbfe9db8dd8a3ae13f20
Agent Tesla payload (confidence level: 95%)
hashf400361c7ea460fe440409388300e3ea
Agent Tesla payload (confidence level: 95%)
hash029b4f886bde1804e201db5bdb261af41de18b72
SigLoader payload (confidence level: 95%)
hasha1ceb961c3797e6999092bc934714401ac7dd83139223ecc8b5e5b2c08e79c5c
SigLoader payload (confidence level: 95%)
hash3ae03f156f2c2f54e69bae05694b5f6b
SigLoader payload (confidence level: 95%)
hash9a902f4b721e08bdc630c72031994e037278592e
Formbook payload (confidence level: 95%)
hash8530446a085c1700fc1ce3e5e21afc356d9701ed553edbfceaed8233ab2c9d95
Formbook payload (confidence level: 95%)
hash5d0711edf41f420c3d84890567b6db3f
Formbook payload (confidence level: 95%)
hash26d6cc6e1d577f78a7d0cf5b0531185305fe7351
Agent Tesla payload (confidence level: 95%)
hash3355e6a64aba410d637dfbe6be4bb831629ca94b25af57d6265043b24317b1d7
Agent Tesla payload (confidence level: 95%)
hash148d6d25d864fbdae734be252cc4c926
Agent Tesla payload (confidence level: 95%)
hashd8a050750f7fdc5038d4164c8f7d247d2cecf7a9
Formbook payload (confidence level: 95%)
hash8b5376bda7dabd5355e17ed2d29a76b466f5197841a35568276c843e332835b4
Formbook payload (confidence level: 95%)
hash461a238903404999e36835284a2eaaf7
Formbook payload (confidence level: 95%)
hasha543433469898da17bf5599c0e45cd8e559e344f
Formbook payload (confidence level: 95%)
hash18bb8b44a363513d2359eaf430f2e0a1559b6405d66269f4a77c3d052cfe01a9
Formbook payload (confidence level: 95%)
hash71813501b8b4a01c69cd70546704265a
Formbook payload (confidence level: 95%)
hash4aa6d9ddde36f5fb0a220a8551710b620f898cb2
Agent Tesla payload (confidence level: 95%)
hash4f3b0833c198dbc9e4ef82ef8f6dbf3d5211540858ee48972384a3fc799d0d5c
Agent Tesla payload (confidence level: 95%)
hash12a2fc06d67f104935d8507367a558b7
Agent Tesla payload (confidence level: 95%)
hash0fd9b3ec5d55916890ce35e8dd47cb6b919576dc
Formbook payload (confidence level: 95%)
hashf303624986bcad8a2b4dcf857b5fc82f54c933082c0849dd633e9c1651afde98
Formbook payload (confidence level: 95%)
hash523007bc2f106dabe9057f0096aa53c3
Formbook payload (confidence level: 95%)
hash5000cc33d347ca97a831a1e8da4ff0e21d6063d8
RedLine Stealer payload (confidence level: 95%)
hashaf9aa22b8ab619d43885d9a8e45d4b3bc0abf031d6c4a0e55ba24e52dbd7440b
RedLine Stealer payload (confidence level: 95%)
hash39696059c052a611f44b44960417cfe2
RedLine Stealer payload (confidence level: 95%)
hash05735b0f2503a5f55cd3799306d80540558c86bf
Agent Tesla payload (confidence level: 95%)
hash031c712370f6c655fdd1e11f2eecae2065106e3f6588415dd9dfb42914e557ec
Agent Tesla payload (confidence level: 95%)
hasha5600816a7e60f1ac466eb56bbfbbbd4
Agent Tesla payload (confidence level: 95%)
hash74a19052a8e57eab17827d88172aa08e270c2171
KrakenKeylogger payload (confidence level: 95%)
hashf801b09d24cdce0bbcbe6787af8881bf78a7d3e7dd807610d7f0766505d9a380
KrakenKeylogger payload (confidence level: 95%)
hash9d42dec969d29b523c3bb2cef28b79c2
KrakenKeylogger payload (confidence level: 95%)
hashff5ca08e6d69cb68a76422e804b0574d551ed20e
AsyncRAT payload (confidence level: 95%)
hash94c1b83e9181e597748af34aa30324fa001324bd12d33b12aa01e2a05ba779d6
AsyncRAT payload (confidence level: 95%)
hash090b76b0c6152ea71f08d1e9ae8f3742
AsyncRAT payload (confidence level: 95%)
hashca669cb8ad948f50ed48c94e573a777f2675674f
Agent Tesla payload (confidence level: 95%)
hash7e9ace80bb54631d6c392281fe75cf4e1b171aebbcc863b7e72054931bde64c8
Agent Tesla payload (confidence level: 95%)
hash9c37c66c98472fa368e39fefbef31906
Agent Tesla payload (confidence level: 95%)
hash471ca8e134500ea255230801392af877a7bf0406
Agent Tesla payload (confidence level: 95%)
hashde56c70d9543d35a0f93def14072e42a9df2b35f5b087fac3bfedd49c3f42ee6
Agent Tesla payload (confidence level: 95%)
hashe7cf57a95364551414e40bf162837aac
Agent Tesla payload (confidence level: 95%)
hash0acb3c5b6a6bd568656c7dc9f2bebaf0ea01207a
RedLine Stealer payload (confidence level: 95%)
hashc54eb244078dcaf2472c85bcce337b152dc24154d6a03004a29e4f4069d49d71
RedLine Stealer payload (confidence level: 95%)
hashc313d79bb52d3dc1a0fdd298a6c47810
RedLine Stealer payload (confidence level: 95%)
hash6dc9f3042ae2074c22e0aaf2e3e3219ff90e5e94
Formbook payload (confidence level: 95%)
hashd3f18f0a0b2c7b7f8e365b00f804f76f0b747824086c5a9530471efd1ebf5174
Formbook payload (confidence level: 95%)
hashf5b20b005cbb604eec709f984166ca68
Formbook payload (confidence level: 95%)
hash60314c8dbbc9c580d2a6fe200c2e1d54d8c50dd4
KrakenKeylogger payload (confidence level: 95%)
hashdd8c615426bbc9886f9b46b963a623ab635ae6e317a244b4165acfd9d82ef26d
KrakenKeylogger payload (confidence level: 95%)
hashe2b13741239300cb44272592622cc9df
KrakenKeylogger payload (confidence level: 95%)
hasha983f060136b7e9cdad0d8104e7e7196fcdf7a64
Formbook payload (confidence level: 95%)
hash2d55ed1991f2e9ce5b6fc82d7c0affe25df64f8e16f300d71d8a6dd62c410794
Formbook payload (confidence level: 95%)
hashd325a77c13e5fd197dee37b78ce8bce0
Formbook payload (confidence level: 95%)
hash9e8ae6773e7e540d6a16fb2b84a4e8d9d67d9d25
Remcos payload (confidence level: 95%)
hashdda1fa947466fe10367cab597941c144606d85b2d03efebee9acdb2c9b0e693a
Remcos payload (confidence level: 95%)
hash6cc46e8806eca732f501d5a2bf6ad434
Remcos payload (confidence level: 95%)
hashddfd08661f0f3a515c3802cf3042b002d1748d53
Agent Tesla payload (confidence level: 95%)
hash564d2275edd8f622be6717d156c627a346f330549ca2f266985e49a4e5e17204
Agent Tesla payload (confidence level: 95%)
hash86b91372dc46212aa7f5310339a6f7f3
Agent Tesla payload (confidence level: 95%)
hashe27a61a67b4c103595135df9567cac7152d93765
Formbook payload (confidence level: 95%)
hashd3b852f73cf956335e5cd16bcf94d255065c04b13dc9efb34fe52fdfe6ffed2d
Formbook payload (confidence level: 95%)
hashd1e338f0c608088b7b5aa2e20c3df8ca
Formbook payload (confidence level: 95%)
hashce261f6bcaab860b7d5ebd23583663ec41ae0464
Formbook payload (confidence level: 95%)
hashc62267c0ef0af138ffca07372e24e4fb0681d0f1b87bfe798a33a14265791985
Formbook payload (confidence level: 95%)
hash4e89b728a15249b6ec84a738866c0f64
Formbook payload (confidence level: 95%)
hash842a457a15cd9b35c930e86aa3adca801231c0c9
Agent Tesla payload (confidence level: 95%)
hashb43813d1e597a0633fc8693d5921688a8b189cfdc6c74fda22e42c2aefa3270c
Agent Tesla payload (confidence level: 95%)
hashb78a41cfedbd72be9cda0c2e8b456b9b
Agent Tesla payload (confidence level: 95%)
hash653f63e14f59b6049559dc487b9f3210ff2bdaef
Formbook payload (confidence level: 95%)
hash1e978f9081a38530567bd778d25cebdf6297ce2f8c6d1fed644d75ac102fd567
Formbook payload (confidence level: 95%)
hash51989583bada20d6d17d602cc0277322
Formbook payload (confidence level: 95%)
hash4e93e38d13481d6bd2439613630976409b67983a
Remcos payload (confidence level: 95%)
hash9962c1342cb0ac4e1af01df52f756b70992a0ced5a53e46f770a196033f3762d
Remcos payload (confidence level: 95%)
hash1729c7a8fa433e28bd4de61cc5317840
Remcos payload (confidence level: 95%)
hash3fd75d798773bbb29b26a4c9b9c0635ff52fee57
MyDoom payload (confidence level: 95%)
hash9a75c8e353df060ec927ada5990402b57764275f2a860d9cf500a661ec3de060
MyDoom payload (confidence level: 95%)
hashcdc7a9e456810fd6d0a5f9129c633c03
MyDoom payload (confidence level: 95%)
hashd27576bb00da17e68f302f4408a74f32e96fc267
Agent Tesla payload (confidence level: 95%)
hashb2e8f6340ca878d0c0a82b6ec6a7d88d9e2dfc6cf72f81bda974d888f95f1713
Agent Tesla payload (confidence level: 95%)
hash078bbe7eaeaf7e7cc2ed22c372de38c4
Agent Tesla payload (confidence level: 95%)
hash46d7a3f48137b25322493c4c7f6504dc61f5ad77
KrakenKeylogger payload (confidence level: 95%)
hash1f51b20b036ab4a0a771bf194dad836cf7102a92b9c08791aa3a0d8e370cc1a3
KrakenKeylogger payload (confidence level: 95%)
hash785969b0d48577558e3dc2a55d58513d
KrakenKeylogger payload (confidence level: 95%)
hash2fa62613a8d66c85b29c29e89482b90c91d96f58
Agent Tesla payload (confidence level: 95%)
hashffdec1b87d247393a922973571b8bfa88219a418230abb916105b170e814950a
Agent Tesla payload (confidence level: 95%)
hash3ad4e0b624ab5e54bb4c9d65aa30ec7e
Agent Tesla payload (confidence level: 95%)
hash4a87e53dc1a570d084e56db622ff95b7d4c421aa
SigLoader payload (confidence level: 95%)
hash5c698ae442a9eb13401817b158b8a20f8bf5fe12d38cd7ef1e809ce9cb7a2805
SigLoader payload (confidence level: 95%)
hash206b78f35e7fbe70a015c9b809c0eb23
SigLoader payload (confidence level: 95%)
hash1e4ab7c68cfc37b5ba9f64415bf1e1a9f07dbe0f
Formbook payload (confidence level: 95%)
hashec7b25cccfa188e36a22599a08c1e73e8fec9feb2dfe2da047b14d67cabfb8af
Formbook payload (confidence level: 95%)
hash7f29957a5bd5e369c982ee3085b294b0
Formbook payload (confidence level: 95%)
hash8f44aa9566f9da9c7086d6da8f080c7a7de52050
Agent Tesla payload (confidence level: 95%)
hash8054c765c0425811e3632409c6bbd9149fde1de08593796957ca55ead7e9e683
Agent Tesla payload (confidence level: 95%)
hashbb277f03c2e761e03643369ef4d9f1da
Agent Tesla payload (confidence level: 95%)
hash83c73ab3c57ad7c32d690b9f3016f1548535c1ff
Agent Tesla payload (confidence level: 95%)
hash91aaa529420c12fbd34da00273de2453c206c09d994802f0b2eb7e89fbe7a0c2
Agent Tesla payload (confidence level: 95%)
hash0554428077178ad08f6323a63f539c20
Agent Tesla payload (confidence level: 95%)
hashc2a9771b309720a91b35b4b3153a114b5a720102
Formbook payload (confidence level: 95%)
hash762efe3855a0243ffc8ea9f326b8dc2c8e00f09a007d492f89dede82c57bf260
Formbook payload (confidence level: 95%)
hash72314affd10ae1bd77e2b94599191c5b
Formbook payload (confidence level: 95%)
hash1f500e20f5230e301b630e0e241dcc9275ea56bc
Formbook payload (confidence level: 95%)
hash495396710558d490b78663c6569edd7f480b16ca3402c806bf84981d3c77e4cf
Formbook payload (confidence level: 95%)
hashce75ac67e0807bc51a33ac11088c0cfe
Formbook payload (confidence level: 95%)
hash10d99e3c5738f923ea81d5c2a636a3982a3eccd5
Formbook payload (confidence level: 95%)
hasha1878af056735af8a426971f730e3bbd7fd4e8eb164fe95460c92cae6e8f2541
Formbook payload (confidence level: 95%)
hash316484a421bb5a632ced2725cb123f24
Formbook payload (confidence level: 95%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Sliver botnet C2 server (confidence level: 50%)
hash7443
Unknown malware botnet C2 server (confidence level: 50%)
hash80
Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash4505
Deimos botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash8443
Havoc botnet C2 server (confidence level: 50%)
hash80
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash995
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash22
QakBot botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash80
Unknown malware botnet C2 server (confidence level: 50%)
hash80
Unknown malware botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)

Domain

ValueDescriptionCopy
domainpendarcc.ir
Loki Password Stealer (PWS) botnet C2 domain (confidence level: 75%)
domainb35977a00ebd8086.safe1.lat
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainlldl.xyz
ACR Stealer botnet C2 domain (confidence level: 100%)
domainllcl.xyz
ACR Stealer botnet C2 domain (confidence level: 100%)
domainllal.xyz
ACR Stealer botnet C2 domain (confidence level: 100%)
domainbaqebei1.online
ClearFake botnet C2 domain (confidence level: 49%)
domaincdnforfiles.xyz
ClearFake botnet C2 domain (confidence level: 49%)
domaind1x9q8w2e4.xyz
ClearFake botnet C2 domain (confidence level: 49%)
domainload.memoryloader.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainmemoryloader.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domaintheonelartist.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainupgrade.mirrorss.top
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainupdate.mirrorss.top
Cobalt Strike botnet C2 domain (confidence level: 100%)

Threat ID: 682b7ba5d3ddd8cef2e8858f

Added to database: 5/19/2025, 6:42:45 PM

Last enriched: 6/18/2025, 7:48:05 PM

Last updated: 8/15/2025, 3:15:18 AM

Views: 11

Related Threats

ThreatFox IOCs for 2025-08-18

Medium
MalwareTue Aug 19 2025

Fake ChatGPT Desktop App Delivering PipeMagic Backdoor, Microsoft

Medium
MalwareMon Aug 18 2025

Phishing Scam with Fake Copyright Notices Drops New Noodlophile Stealer Variant

Medium
MalwareMon Aug 18 2025

ThreatFox IOCs for 2025-08-17

Medium
MalwareMon Aug 18 2025

ThreatFox IOCs for 2025-08-16

Medium
MalwareSun Aug 17 2025

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats