ThreatFox IOCs for 2024-07-16
Severity: mediumType: malware
ThreatFox IOCs for 2024-07-16
AI Analysis
Technical Summary
The provided information pertains to a set of Indicators of Compromise (IOCs) published on July 16, 2024, sourced from the ThreatFox MISP feed. The threat is categorized as malware-related, specifically involving OSINT (Open Source Intelligence), network activity, and payload delivery. However, the details are minimal, with no specific affected products or versions listed, no known exploits in the wild, and no patches available. The threat level is indicated as 2 (on an unspecified scale), with moderate distribution (3) and low analysis (1) scores, suggesting limited technical detail or confirmed impact at this time. The absence of concrete technical indicators, such as malware signatures, attack vectors, or exploitation methods, limits the ability to provide a detailed technical explanation. The threat appears to be related to the collection and dissemination of OSINT data that could be used for network reconnaissance or as part of payload delivery mechanisms in malware campaigns. Given the 'tlp:white' tag, the information is intended for public sharing, indicating no immediate critical or sensitive threat intelligence. Overall, this appears to be an early-stage or low-confidence report of potential malware activity involving OSINT techniques, with limited actionable details.
Potential Impact
For European organizations, the impact of this threat is currently assessed as low to medium due to the lack of specific exploit details or confirmed active campaigns. If the malware or network activity involves payload delivery, there is a potential risk of unauthorized access, data exfiltration, or disruption of services. However, without identified affected systems or known exploits, the immediate risk remains theoretical. Organizations relying heavily on OSINT for threat intelligence or those with extensive network exposure could be more susceptible if adversaries leverage these IOCs for targeted attacks. The absence of patches or mitigation guidance suggests that the threat is either not fully understood or not yet exploited in a way that requires urgent remediation. European entities should remain vigilant, especially those in critical infrastructure, finance, and government sectors, as these are common targets for malware campaigns involving network reconnaissance and payload delivery.
Mitigation Recommendations
Given the limited technical details, mitigation should focus on strengthening general network security and OSINT handling practices. Specific recommendations include: 1) Enhancing network monitoring to detect unusual outbound or inbound traffic patterns that could indicate payload delivery or command and control communications. 2) Implementing strict access controls and segmentation to limit the spread of potential malware payloads. 3) Regularly updating threat intelligence feeds and correlating them with internal logs to identify any matches with emerging IOCs. 4) Training security teams to recognize OSINT-based reconnaissance activities and to validate the credibility of OSINT sources. 5) Employing sandboxing and behavioral analysis tools to detect suspicious payloads before they execute in production environments. 6) Maintaining robust incident response plans that include procedures for handling malware infections and network intrusions. These steps go beyond generic advice by focusing on proactive detection and containment strategies tailored to OSINT-related threats and payload delivery mechanisms.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- file: 91.92.249.167
- hash: 28788
- file: 38.181.25.40
- hash: 8899
- file: 95.65.165.151
- hash: 4444
- file: 64.190.113.27
- hash: 8081
- file: 104.194.154.198
- hash: 80
- file: 167.71.85.87
- hash: 80
- file: 45.152.65.39
- hash: 9999
- file: 198.46.145.130
- hash: 50050
- file: 38.180.204.127
- hash: 17052
- file: 150.158.155.208
- hash: 63636
- file: 8.138.150.198
- hash: 8899
- file: 178.254.41.13
- hash: 23
- url: http://ozero.top/pythonphp_cpubase.php
- file: 89.213.177.93
- hash: 7000
- file: 89.213.177.100
- hash: 7000
- file: 8.223.29.254
- hash: 443
- file: 163.44.196.162
- hash: 443
- file: 118.24.89.121
- hash: 80
- file: 124.222.92.17
- hash: 80
- file: 39.98.37.146
- hash: 8080
- file: 116.198.232.235
- hash: 8088
- file: 140.143.146.248
- hash: 443
- file: 8.130.113.74
- hash: 443
- file: 121.199.56.173
- hash: 8443
- file: 106.14.69.133
- hash: 8081
- file: 124.222.97.236
- hash: 9090
- file: 47.97.71.149
- hash: 7777
- file: 118.194.237.184
- hash: 80
- file: 103.113.70.89
- hash: 80
- file: 140.143.146.248
- hash: 80
- file: 8.223.20.63
- hash: 443
- file: 45.61.136.83
- hash: 443
- file: 91.208.73.75
- hash: 82
- file: 172.245.184.135
- hash: 8888
- file: 8.134.12.90
- hash: 7777
- url: http://rocheholding.top/rudolph/five/fre.php
- file: 185.222.57.153
- hash: 55615
- file: 147.185.221.21
- hash: 15158
- url: https://lettecoft.com/live/
- url: https://ultroawest.com/live/
- file: 185.222.57.74
- hash: 55615
- url: http://77.105.133.27/api/firepro.php
- url: http://77.105.133.27/api/firecom.php
- file: 191.232.181.180
- hash: 8443
- file: 191.232.181.180
- hash: 443
- url: http://papka.top/pythondefaultsqlbasetrackcentral.php
- url: http://77.105.133.27/api/flash.php
- file: 77.91.77.178
- hash: 80
- file: 91.92.248.167
- hash: 1294
- file: 2.58.80.130
- hash: 6606
- domain: away-displays.gl.at.ply.gg
- url: http://77.105.133.27/api/twofish.php
- url: http://117.198.11.56:55036/mozi.m
- url: http://178.208.86.27/3/basevoiddbcentral/1/basemulti/privatelongpoll/_to/8linuxwordpressvm/dbsecure/5db/62mariadb/55pipeimage/2authprotectupdate/8updatedatalife/externalvmtosecureapilinuxflowergeneratorprivatetemp.php
- file: 95.211.6.240
- hash: 57887
- url: http://verose.top/alpha/five/fre.php
- domain: verose.top
- file: 104.21.95.88
- hash: 80
- file: 213.109.202.15
- hash: 15647
- file: 37.130.98.195
- hash: 1604
- file: 78.142.29.49
- hash: 4443
- url: http://217.28.222.194/linuxprocessgeoimage/5/vm5/2traffictempapi/9php/httpapibasewindowsdatalifedlelocalpublictempcentral.php
- file: 168.119.197.51
- hash: 80
- file: 168.119.197.51
- hash: 443
- file: 103.146.179.110
- hash: 9443
- file: 47.97.97.167
- hash: 80
- file: 84.38.182.16
- hash: 443
- file: 42.51.37.127
- hash: 50050
- file: 124.222.72.51
- hash: 4433
- url: http://124.222.72.51:4433/ty7y
- hash: 5790e528e7a31624698be513cfde41434c00fa08
- hash: 2d4791c66db346075cc3811dedc19b66cdda13d8deb7ef3c5aa44843e8e61597
- hash: 5cebc6552eb1d0665391ddbe8a25bfff
- hash: dea55ab65d2dd759039ea069fc1f7fe055a96da9
- hash: 480f4a5849d419021dfa30782d4242f59415e83aca301abb1e2784f8eff882cf
- hash: 3431f70e334efd4bc2d2620f26ea1dcc
- hash: db48a055cb6b0a92aa87d77e96c0c31c68f63cec
- hash: 75128be2810392ee9cb9f4d4c847332bd943a321179bb3bc13395bf546caa2fe
- hash: 8b7c477a89b7c69d52da4cc6c9656ac1
- hash: 7776a6811c5dd56540a085c48cccf7b900ae03f0
- hash: 1a5910ce3b26031816250a63e0c2d77d14b73aafa45623d01f1d2de9bd46bdbe
- hash: 04977e6f52297b61a6fffa8e5e236841
- hash: 2d6766a409d628bb1cd8c6370b5a98c82c6c9f2b
- hash: 9bdce73f40c53af0dc3958ab553bea222729f61523865f223b3f2298e220dd8e
- hash: b9bccd35addce48384491a98e1b89eb5
- hash: 2489fe5be3f2bd1e5e2c57a9cfe24ca2e941ef3f
- hash: df27f957caf63ff475d1fdbe1b997be86e3386ee12662def309874fae4e89914
- hash: ff4521a6c0f1f267d7f1b5b9620665d8
- hash: 10ac0bbf6ab7e2db1d53a93973bf73573160eeab
- hash: 304555a63b7a431a158fd9e527bdfcb7610f6dfa9231f4184f2e80e85a0dc520
- hash: 2e2358523bbe722450a7e49eed0534b6
- hash: 8785577efa8d243aea6683aa3c183f7759ea0fd4
- hash: 5991707a9afd5e5878bf330a63c09576dc1fa95f454b1452888b9672461f4128
- hash: 16e8d80c431155a82874e0162490c4c9
- hash: 2fc39383047d4511422160b534eab0bf12290831
- hash: 979e6920fc27cda0cb462b26f221a6e521e3974ae737022db7215747f54ff349
- hash: 464234f49cc53201fc4a8976c99b0499
- hash: 0e51ac74967a4771cc5b0e0fa16039da7d1ad97b
- hash: 05f763c6293bbf6ea3cb055043265326f6d714b30b7032a6fcbe236bf46233d9
- hash: cdad057bf858cecb47bcf67d3b9fe985
- hash: 0357d6888093126979c92dd2c9601fe032e54f60
- hash: e79e83851d7a1d359a9c2aa4a8ad42790a7d4671d2fa832c908c4ec2374319b9
- hash: a7ead26bba76400ba28b16d673d09ca9
- hash: acfc93b40ed21ce5e0c9aadd327a462ff21b24ca
- hash: 646456f832bf387fc22d1c5a26e2adb6473c19045994a54948c0dc07aca07022
- hash: dd0ae853e22eae3fd92bb4ff64b0bae1
- hash: 8cdd658a350750a2c95eed87a20fe8a22159c50a
- hash: 0822d4c51c466544072ac07dd5c2dbf4143431fb6955a05911600fed50d0229a
- hash: a907d2e6edda829467a10bc8a87cb76f
- hash: 4d9ef1a9e7a99e2bc6da280b14705d0660cd27ac
- hash: bed59c144540d5cd1662becc04e1d7cb2c974023ae5cc1689d6070961561d8b1
- hash: fdbffab12910e6d406fb7ee60afaf6ed
- hash: 214a6276da8f2ead192d1cb28cf6afd514752eec
- hash: 45546f324eb60085374045715890404ffe9ecbd9c15cbcfcb6828fdfd87179fa
- hash: 1cc7ec4c91b811c75bb9621120b95dd4
- hash: cc1d3d2bc07d84b4bb4f013535294b68a6469aa0
- hash: d977affbd15e007cb41e7954b06fe12bdbd67685fb61dc0f3454c1623ab3790c
- hash: 2b91f0a7163102b5677b28886c67f6ca
- hash: 983a574e4dd4a09308e5c42ad318d9d13e15bc8c
- hash: d3958cd070eae6b6cc81e8608e7599185e7498e6713aa5a8d1b0b0c6967927a2
- hash: 5c35ba06589f696cc838a4592c32cfad
- hash: 7075acf1c62e44653f5c834a14b56cd342f0ae5a
- hash: 05b3ae9c167cf06edf52dc99127dfd516e24ead51e9da7d3fbf230124e7063e1
- hash: f6ed869b733b1f2aa3bdd06040f3372a
- hash: cc4c8cc215cf766a06242d2d1e528f5c797e3d26
- hash: 0541e6973f6989836c83e0159249d9e8a1dc17e4f97935625b5f601a58d26b74
- hash: fa60e693583699ca08d0a1c472b61e49
- hash: 7aa599e8015acce39808380c98270fbb62eecb73
- hash: b6dcb01c7c91f76249539cfdd025d171ebbc37c2e19842b3f1d13122200de356
- hash: 0bb47290ac45642ac44a00846eda74e2
- hash: afdc1837050a457afd697805789fb9d4fdfa26fd
- hash: 284400d9826ea96d5b987da41c6814e144df297cd1bb244bbe8c970c75ee82f7
- hash: d734d8b0e8245adb55e95e1d8295f53a
- hash: 605c0ff486e3a06575fad1970104d910718393ef
- hash: 32965bb299871138e7c54b5cc9d82a212704ff8c30790f9e8583c31087074d05
- hash: 40c826d3c854b7891ac0cdd99681f9b5
- hash: 88d8a5da92a92cf691f2f2e14006dd53b16246b8
- hash: 5a2ff424e21c1ab4f0e32bb5eb18f93e7f5a3abb3a401cd69b71598fde93e24c
- hash: fcffb57c9793b9c6a75398d596870a7e
- hash: c018438f53cead5fc650c0843fd611949e18f9f4
- hash: 924b0124cf3bab75460848e2beacd4562367d4faf4df3f55c8d9333c6bac69d9
- hash: 89c28f1673d7cbfbfb25b4758f1b388f
- hash: aa0adb1fbb53c641b496576510325cb472b7a1b8
- hash: b77792487c03ffa2343cc4406834d7b3246608635d70b9bbcb43bfd6d48abb3e
- hash: 7287e41cfb376388b55cee149649dc13
- hash: d3b4cbd9727d13bf1e16bfec841e7d1f397ba5ad
- hash: 284f26ae087d73b251064270b831c25b67a7d58eafc44ed33a4412af283c7ad5
- hash: ad915436621d70a8a804bf1196c4e40f
- hash: 60b373bcd072ff1f31cb32abcb9f26387cfacb9e
- hash: 1bca88ef695a571b209d53645981a5bf0d005491ee35b4bf7fb5890c4f7fb8d5
- hash: 76e42ae7f8be751dc2802f8429acad56
- hash: f8dda828c59aad8aff6eb9787302f1b3b9fe23de
- hash: b8e467f289aaf7e2328c24b98415ab9102bad8bd92100624643cf904c1979668
- hash: 24d20705fb54d4d58041ada67e071d21
- hash: 5f93883cdd47b1e782dbbb057031071249f44291
- hash: e7d816812a96c1bb4ba1e6095c9b050c69259390227b72a0a7f9427dc857375b
- hash: 072aad77cce7422245b6650cf58356b4
- hash: 3094520ee106d245e151d389cdd20a00f750733c
- hash: 6def0a0a848f5f4a1327ba3f02280023bdb1819ca22e5ff056c5d6d114d56dd3
- hash: b31578b9c024ebe7b0370eebd54bc4c6
- hash: f18a4ad694af5ba50a7697b4cb66308454c555d9
- hash: b62b6592549d56b573efdd053c73e37542742301fffbeb786a60c227564b97a3
- hash: 11fdce42422f8ed518fedf290f5bfc3c
- hash: 16fcc47dee4d1aa73911dfe855e2053a27df176a
- hash: 9ad8a7c40f6360a17fa6a3d50bb25e97e87b042a6ae1555d089e32f0ab6d08a8
- hash: 24a0fca0ed4e41562a676366af495f6a
- hash: eb4a99acdc4b638528902c8e8480bc1f58a457b5
- hash: b9d43a80163b702f8c3d2aac0409bb2d945368e68b9c4cbe29e888ceff2fb953
- hash: 22c86949178066a53d70309553f8b44e
- hash: 421b526ab7b03c4fb1529af55074b4cf1fba30af
- hash: 1a295933a80907bda689b231e5295eae86bd19b21964ee8669ceb5598c9d714d
- hash: 8a43a10dc1358f554584a7e8c5dfdf1a
- hash: f17ce69341d644b50e54486ced5aba88d211d909
- hash: 2588628567a389739902b81ee0da9ade0fb2581cfb0f7e8a4e77eb7c8c9686d7
- hash: f825119aac9f5634df19940feb8860da
- hash: 3ffdbd4b2654ae4e28fc4d3d7713fa37879246e5
- hash: 86f7459bb61b6eaf595824dc945f72659d557a8bdda517153053e734d80d7799
- hash: b304d1b9a4e3e8a6bdf932493f2548b8
- hash: 94354e25977358516c6a392c846aebbecfd3fbf6
- hash: e1a050359e21a28ac438ac34b62c378ba189cedee822b36d57b56c0a06943776
- hash: e00863c7ece5fc345abbe571476bf8e8
- hash: d671d93d15b4408119403a6c0b7268bd08b46b99
- hash: 66f3ab9e1eca16bc971fb9aa09434da6394a5e9eaf2edc0c0306436b25b6ccfc
- hash: 98a3be9edc1d95d06e572a847e18de0d
- hash: f6fafa30ee19097e50d8cc7b911a3218420a3b16
- hash: 8169fbe9bf02387ec00bae17cf93137897320557b364701b381bad3bbb80c9dc
- hash: 0fdceb221f7bdc06a88ddae393516d1f
- hash: 73cd182e2d269f488f720b965c5bbe61173fbb8d
- hash: 035cc649301d7ae83a5c20d6349f525054cf255dc0213ad86ffa17f8c68316af
- hash: f492311c1d075329c0a8be65da3181a2
- hash: 5126c64c9d6d539c8c413d70076dde6a908c3ad2
- hash: 868582a9b771968c6a81d446f2eefe693818cb02c04271e75735b4a790965c8b
- hash: 181a4569ecf8f635b6e51d0a1cf5b865
- hash: df42bf9b188be6ca16016e38cdacd77c5a2b6410
- hash: 9528d4e63d41c6c17b151d183d9cd4d89201733968f0bdb71f66847396e9fcad
- hash: 73e271884d53151e7ba3154b9027b6b5
- hash: 609581eee3ccccce42c45e424248205d0580c31a
- hash: 9eedd7551fb43bd6f2c943b872401b872bf40378eb9bcea89dddfdada6890d69
- hash: e61ce7f6d3fca14c99db78efb3564bbd
- hash: 2b73fc1855c7a36c910c4ea402fe74c378c2b7de
- hash: e04440c875bc9a884bb63b42b1203b26b9a510651fea4d9ddf679f64dab6cb7d
- hash: dfe61847968d1f336a55754d6db22170
- hash: aafae1935dd3c6ea0242e7293f22f4418cbc433b
- hash: 98a4d4ed613648b4287f0f9909959e9fc1e4ca1863478034187b14de3188f7cf
- hash: 577dbffa5469802ed221c987f0ba9640
- hash: b4e71d96e49ea9e3046d82bf3ef8e44d18de71bf
- hash: 7e3e934402c751f953a3f4a3c6c5591142e9902185bdab102e09be1f9095c0d1
- hash: b31a2a144a79c6e164f92d76b6077775
- hash: 71cdf9575d5de275dc56f4c15e891253051893d2
- hash: d60df4333857d715edee8797d08e4b0a91df3215391046f7a001ddcb6860b60d
- hash: 1e957f255fa66760fe9494e9fe0c89a8
- hash: 8b6cbb526b8c80321af05a0b890ab9360fc367dd
- hash: 089c427ce0cf50c38600eb31732d2124fb058981011a01adb58fc00df0c831b0
- hash: 6ba6a6c1cf987ef38ab155566823a5b9
- hash: 5ae607ffc92f6400b1d345e474a1a65fc8178634
- hash: 889098c1cda089237f79b8b545c9b434f872793785817293962442e53d9e2d1c
- hash: 3a8b0643142a5e7a4a7e2aa6873f8f6c
- hash: 9b580189f34e444c817a83824063a983d51e6477
- hash: 889e0cd9c866498cbc4dfd966e069d50b3f7e6a62949a1e152675a1e30192e25
- hash: fa5ce5c2a282bcb5938d18297024ca10
- hash: 9e1302aaabccb29247948ded46c92fca6d1fa2a0
- hash: d37fe4f855049ecab456f1badc8f52afecf4d6ee3d7d43de84b7e0940dbb7399
- hash: 13c0e83573fffeb4e951929815daf4e1
- hash: 689376a01eedaa37df77f054efbcb48ab637856d
- hash: a11e5e97a308ee046545cfe0167079f89968f9a1d7ae0b8a9dbc7dc39cbe2e09
- hash: dd4f5cbd58b0f61c045bb5dd0a843fa5
- hash: 8b8a2917ef73daaf784a895cd0a509780580389f
- hash: 069720172b5a5c8864dd3ab7cf716058eb03af6350bab7e6d9d6b2edea10030a
- hash: e33efc3f7651107c9c03ef76cb239769
- hash: 512d4739314c1f019e57897a1e5176488a7fa929
- hash: dd748e04276a2d77490012f8373d8b6be0baa76140c9c3b649f43caec20c919a
- hash: 108f1fb53a61d46e8df4331ed0724c9d
- hash: 601c93e6a5d46feecb2f02302abe85d479cf9685
- hash: f746fa8eb3b2eda0f6e57502abf00b25026aed7f4cb74bff7d9346e5e4efe4fb
- hash: 186847f0a58a13c9af7f9e5691d10e30
- hash: 88e5e842d8c97844560c0a82df933ca640a1cd4d
- hash: 452dbb17639025fa094cd813c15b8eaab94e0e1247f53b277da2780b3b024e87
- hash: 926daff09010b775a4bcb191869c9b46
- hash: e3d273eaa76ab582fb5b838247e353d0ba7f5a91
- hash: 80fc8a632e482b50356c24f84a04f72dcec1c88d1259c5f8b121c5acc6135b93
- hash: e61141a7ae1bbdd5fb0434f2c946b566
- hash: 05dab7d32c03873e57e61e0d09272441bba37b77
- hash: fb20f2515799981b9b526e6326f5fb1b3e54b200119ee1d02141d0513aa34fc3
- hash: 48a2dfb8bd26c063ba24cbbfc0422a35
- hash: c9d4234b93182397a5b68b6b67695110c389bc46
- hash: 52990bf933f0f2a42cd09836a9767b9311de387e851ac4927f1856ddc6e63824
- hash: 291ecd26a4b75fb579fa0c49f55d8466
- hash: aa8958821102f0e6528156c487ad647f45066244
- hash: d6c46400ac8ac5d5a7c2820a211b6a760495e4f58e76b72b09bb5819c294674d
- hash: 5dd0f3ef8fbdee1796e6d982466bf65e
- hash: 4b38b88543dfdca2330a82fecf51ef471f40aeaa
- hash: e5761fbb135d29bcc23feb09ef09aafc4d7b49f0bb64793dae3adc3a5160e8ac
- hash: f2290d91936eb97f18ade533cbf3df2b
- hash: e973a0dfd474db79ec65564eec25e0e6d97b1f68
- hash: 9f0a3a5caa4240f1aae236ac243a17186e5200983749966cb6b07f311a660302
- hash: b5e5ab5981583514fb27193e548e45c2
- hash: 5af51fc45f01df84922050caa8c47acd5fff53ca
- hash: 62d92a3b2c0ee7f125f15a606659b4675a85e4053c5d82221caed28a49635b2e
- hash: 4d80294b3e66e7c45202fab188cdf894
- hash: b681bde9b1659bc78a591335af90de25f47d0c84
- hash: fa3157e7c4a98fa03ae41b01f7832b81cd35015d7bead4e335262e2211f79f79
- hash: d438e195de9a54a24fd947c64259acf3
- file: 185.222.57.67
- hash: 55615
- file: 147.185.221.20
- hash: 9336
- url: http://92.63.101.139/externalvmpipetoprocessserverprotectcdn.php
- file: 147.185.221.21
- hash: 18082
- url: https://hippieblissprovising.com/cdn-vs/original.js
- domain: hippieblissprovising.com
- url: https://hippieblissprovising.com/cdn-vs/cache.php
- url: http://hippieblissprovising.com/cdn-vs/33per.php
- file: 51.91.35.148
- hash: 443
- file: 147.185.221.21
- hash: 6240
- file: 176.97.210.241
- hash: 5552
ThreatFox IOCs for 2024-07-16
Medium
Published: Tue Jul 16 2024 (07/16/2024, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2024-07-16
AI-Powered Analysis
AILast updated: 06/27/2025, 11:21:56 UTC
Technical Analysis
The provided information pertains to a set of Indicators of Compromise (IOCs) published on July 16, 2024, sourced from the ThreatFox MISP feed. The threat is categorized as malware-related, specifically involving OSINT (Open Source Intelligence), network activity, and payload delivery. However, the details are minimal, with no specific affected products or versions listed, no known exploits in the wild, and no patches available. The threat level is indicated as 2 (on an unspecified scale), with moderate distribution (3) and low analysis (1) scores, suggesting limited technical detail or confirmed impact at this time. The absence of concrete technical indicators, such as malware signatures, attack vectors, or exploitation methods, limits the ability to provide a detailed technical explanation. The threat appears to be related to the collection and dissemination of OSINT data that could be used for network reconnaissance or as part of payload delivery mechanisms in malware campaigns. Given the 'tlp:white' tag, the information is intended for public sharing, indicating no immediate critical or sensitive threat intelligence. Overall, this appears to be an early-stage or low-confidence report of potential malware activity involving OSINT techniques, with limited actionable details.
Potential Impact
For European organizations, the impact of this threat is currently assessed as low to medium due to the lack of specific exploit details or confirmed active campaigns. If the malware or network activity involves payload delivery, there is a potential risk of unauthorized access, data exfiltration, or disruption of services. However, without identified affected systems or known exploits, the immediate risk remains theoretical. Organizations relying heavily on OSINT for threat intelligence or those with extensive network exposure could be more susceptible if adversaries leverage these IOCs for targeted attacks. The absence of patches or mitigation guidance suggests that the threat is either not fully understood or not yet exploited in a way that requires urgent remediation. European entities should remain vigilant, especially those in critical infrastructure, finance, and government sectors, as these are common targets for malware campaigns involving network reconnaissance and payload delivery.
Mitigation Recommendations
Given the limited technical details, mitigation should focus on strengthening general network security and OSINT handling practices. Specific recommendations include: 1) Enhancing network monitoring to detect unusual outbound or inbound traffic patterns that could indicate payload delivery or command and control communications. 2) Implementing strict access controls and segmentation to limit the spread of potential malware payloads. 3) Regularly updating threat intelligence feeds and correlating them with internal logs to identify any matches with emerging IOCs. 4) Training security teams to recognize OSINT-based reconnaissance activities and to validate the credibility of OSINT sources. 5) Employing sandboxing and behavioral analysis tools to detect suspicious payloads before they execute in production environments. 6) Maintaining robust incident response plans that include procedures for handling malware infections and network intrusions. These steps go beyond generic advice by focusing on proactive detection and containment strategies tailored to OSINT-related threats and payload delivery mechanisms.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- f8d65f02-102d-4319-ada8-ae3f448f3f1f
- Original Timestamp
- 1721174588
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file91.92.249.167 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file38.181.25.40 | Venom RAT botnet C2 server (confidence level: 80%) | |
file95.65.165.151 | Venom RAT botnet C2 server (confidence level: 80%) | |
file64.190.113.27 | Venom RAT botnet C2 server (confidence level: 80%) | |
file104.194.154.198 | RecordBreaker botnet C2 server (confidence level: 80%) | |
file167.71.85.87 | Hook botnet C2 server (confidence level: 80%) | |
file45.152.65.39 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file198.46.145.130 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file38.180.204.127 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file150.158.155.208 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file8.138.150.198 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file178.254.41.13 | MooBot botnet C2 server (confidence level: 80%) | |
file89.213.177.93 | XWorm botnet C2 server (confidence level: 100%) | |
file89.213.177.100 | XWorm botnet C2 server (confidence level: 100%) | |
file8.223.29.254 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file163.44.196.162 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.24.89.121 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.222.92.17 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.98.37.146 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file116.198.232.235 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file140.143.146.248 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.130.113.74 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.199.56.173 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.14.69.133 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.222.97.236 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.97.71.149 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.194.237.184 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.113.70.89 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file140.143.146.248 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.223.20.63 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.61.136.83 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.208.73.75 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.245.184.135 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.134.12.90 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.222.57.153 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file147.185.221.21 | NjRAT botnet C2 server (confidence level: 75%) | |
file185.222.57.74 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file191.232.181.180 | Unknown malware botnet C2 server (confidence level: 100%) | |
file191.232.181.180 | Unknown malware botnet C2 server (confidence level: 100%) | |
file77.91.77.178 | AMOS botnet C2 server (confidence level: 100%) | |
file91.92.248.167 | XenoRAT botnet C2 server (confidence level: 100%) | |
file2.58.80.130 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file95.211.6.240 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file104.21.95.88 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%) | |
file213.109.202.15 | SectopRAT botnet C2 server (confidence level: 100%) | |
file37.130.98.195 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file78.142.29.49 | Venom RAT botnet C2 server (confidence level: 80%) | |
file168.119.197.51 | Vidar botnet C2 server (confidence level: 80%) | |
file168.119.197.51 | Vidar botnet C2 server (confidence level: 80%) | |
file103.146.179.110 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file47.97.97.167 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file84.38.182.16 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file42.51.37.127 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file124.222.72.51 | Meterpreter botnet C2 server (confidence level: 100%) | |
file185.222.57.67 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file147.185.221.20 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file147.185.221.21 | NjRAT botnet C2 server (confidence level: 75%) | |
file51.91.35.148 | Unidentified 111 (Latrodectus) botnet C2 server (confidence level: 75%) | |
file147.185.221.21 | NjRAT botnet C2 server (confidence level: 100%) | |
file176.97.210.241 | NjRAT botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash28788 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash8899 | Venom RAT botnet C2 server (confidence level: 80%) | |
hash4444 | Venom RAT botnet C2 server (confidence level: 80%) | |
hash8081 | Venom RAT botnet C2 server (confidence level: 80%) | |
hash80 | RecordBreaker botnet C2 server (confidence level: 80%) | |
hash80 | Hook botnet C2 server (confidence level: 80%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash17052 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash63636 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash8899 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash23 | MooBot botnet C2 server (confidence level: 80%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9090 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash82 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash55615 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash15158 | NjRAT botnet C2 server (confidence level: 75%) | |
hash55615 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | AMOS botnet C2 server (confidence level: 100%) | |
hash1294 | XenoRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash57887 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%) | |
hash15647 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash1604 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash4443 | Venom RAT botnet C2 server (confidence level: 80%) | |
hash80 | Vidar botnet C2 server (confidence level: 80%) | |
hash443 | Vidar botnet C2 server (confidence level: 80%) | |
hash9443 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash4433 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash5790e528e7a31624698be513cfde41434c00fa08 | Cobalt Strike payload (confidence level: 95%) | |
hash2d4791c66db346075cc3811dedc19b66cdda13d8deb7ef3c5aa44843e8e61597 | Cobalt Strike payload (confidence level: 95%) | |
hash5cebc6552eb1d0665391ddbe8a25bfff | Cobalt Strike payload (confidence level: 95%) | |
hashdea55ab65d2dd759039ea069fc1f7fe055a96da9 | DCRat payload (confidence level: 95%) | |
hash480f4a5849d419021dfa30782d4242f59415e83aca301abb1e2784f8eff882cf | DCRat payload (confidence level: 95%) | |
hash3431f70e334efd4bc2d2620f26ea1dcc | DCRat payload (confidence level: 95%) | |
hashdb48a055cb6b0a92aa87d77e96c0c31c68f63cec | KrakenKeylogger payload (confidence level: 95%) | |
hash75128be2810392ee9cb9f4d4c847332bd943a321179bb3bc13395bf546caa2fe | KrakenKeylogger payload (confidence level: 95%) | |
hash8b7c477a89b7c69d52da4cc6c9656ac1 | KrakenKeylogger payload (confidence level: 95%) | |
hash7776a6811c5dd56540a085c48cccf7b900ae03f0 | SombRAT payload (confidence level: 95%) | |
hash1a5910ce3b26031816250a63e0c2d77d14b73aafa45623d01f1d2de9bd46bdbe | SombRAT payload (confidence level: 95%) | |
hash04977e6f52297b61a6fffa8e5e236841 | SombRAT payload (confidence level: 95%) | |
hash2d6766a409d628bb1cd8c6370b5a98c82c6c9f2b | Amadey payload (confidence level: 95%) | |
hash9bdce73f40c53af0dc3958ab553bea222729f61523865f223b3f2298e220dd8e | Amadey payload (confidence level: 95%) | |
hashb9bccd35addce48384491a98e1b89eb5 | Amadey payload (confidence level: 95%) | |
hash2489fe5be3f2bd1e5e2c57a9cfe24ca2e941ef3f | Agent Tesla payload (confidence level: 95%) | |
hashdf27f957caf63ff475d1fdbe1b997be86e3386ee12662def309874fae4e89914 | Agent Tesla payload (confidence level: 95%) | |
hashff4521a6c0f1f267d7f1b5b9620665d8 | Agent Tesla payload (confidence level: 95%) | |
hash10ac0bbf6ab7e2db1d53a93973bf73573160eeab | LPEClient payload (confidence level: 95%) | |
hash304555a63b7a431a158fd9e527bdfcb7610f6dfa9231f4184f2e80e85a0dc520 | LPEClient payload (confidence level: 95%) | |
hash2e2358523bbe722450a7e49eed0534b6 | LPEClient payload (confidence level: 95%) | |
hash8785577efa8d243aea6683aa3c183f7759ea0fd4 | Vidar payload (confidence level: 95%) | |
hash5991707a9afd5e5878bf330a63c09576dc1fa95f454b1452888b9672461f4128 | Vidar payload (confidence level: 95%) | |
hash16e8d80c431155a82874e0162490c4c9 | Vidar payload (confidence level: 95%) | |
hash2fc39383047d4511422160b534eab0bf12290831 | Agent Tesla payload (confidence level: 95%) | |
hash979e6920fc27cda0cb462b26f221a6e521e3974ae737022db7215747f54ff349 | Agent Tesla payload (confidence level: 95%) | |
hash464234f49cc53201fc4a8976c99b0499 | Agent Tesla payload (confidence level: 95%) | |
hash0e51ac74967a4771cc5b0e0fa16039da7d1ad97b | Loki Password Stealer (PWS) payload (confidence level: 95%) | |
hash05f763c6293bbf6ea3cb055043265326f6d714b30b7032a6fcbe236bf46233d9 | Loki Password Stealer (PWS) payload (confidence level: 95%) | |
hashcdad057bf858cecb47bcf67d3b9fe985 | Loki Password Stealer (PWS) payload (confidence level: 95%) | |
hash0357d6888093126979c92dd2c9601fe032e54f60 | Agent Tesla payload (confidence level: 95%) | |
hashe79e83851d7a1d359a9c2aa4a8ad42790a7d4671d2fa832c908c4ec2374319b9 | Agent Tesla payload (confidence level: 95%) | |
hasha7ead26bba76400ba28b16d673d09ca9 | Agent Tesla payload (confidence level: 95%) | |
hashacfc93b40ed21ce5e0c9aadd327a462ff21b24ca | Agent Tesla payload (confidence level: 95%) | |
hash646456f832bf387fc22d1c5a26e2adb6473c19045994a54948c0dc07aca07022 | Agent Tesla payload (confidence level: 95%) | |
hashdd0ae853e22eae3fd92bb4ff64b0bae1 | Agent Tesla payload (confidence level: 95%) | |
hash8cdd658a350750a2c95eed87a20fe8a22159c50a | Troldesh payload (confidence level: 95%) | |
hash0822d4c51c466544072ac07dd5c2dbf4143431fb6955a05911600fed50d0229a | Troldesh payload (confidence level: 95%) | |
hasha907d2e6edda829467a10bc8a87cb76f | Troldesh payload (confidence level: 95%) | |
hash4d9ef1a9e7a99e2bc6da280b14705d0660cd27ac | KrakenKeylogger payload (confidence level: 95%) | |
hashbed59c144540d5cd1662becc04e1d7cb2c974023ae5cc1689d6070961561d8b1 | KrakenKeylogger payload (confidence level: 95%) | |
hashfdbffab12910e6d406fb7ee60afaf6ed | KrakenKeylogger payload (confidence level: 95%) | |
hash214a6276da8f2ead192d1cb28cf6afd514752eec | RedLine Stealer payload (confidence level: 95%) | |
hash45546f324eb60085374045715890404ffe9ecbd9c15cbcfcb6828fdfd87179fa | RedLine Stealer payload (confidence level: 95%) | |
hash1cc7ec4c91b811c75bb9621120b95dd4 | RedLine Stealer payload (confidence level: 95%) | |
hashcc1d3d2bc07d84b4bb4f013535294b68a6469aa0 | DCRat payload (confidence level: 95%) | |
hashd977affbd15e007cb41e7954b06fe12bdbd67685fb61dc0f3454c1623ab3790c | DCRat payload (confidence level: 95%) | |
hash2b91f0a7163102b5677b28886c67f6ca | DCRat payload (confidence level: 95%) | |
hash983a574e4dd4a09308e5c42ad318d9d13e15bc8c | Socks5 Systemz payload (confidence level: 95%) | |
hashd3958cd070eae6b6cc81e8608e7599185e7498e6713aa5a8d1b0b0c6967927a2 | Socks5 Systemz payload (confidence level: 95%) | |
hash5c35ba06589f696cc838a4592c32cfad | Socks5 Systemz payload (confidence level: 95%) | |
hash7075acf1c62e44653f5c834a14b56cd342f0ae5a | Formbook payload (confidence level: 95%) | |
hash05b3ae9c167cf06edf52dc99127dfd516e24ead51e9da7d3fbf230124e7063e1 | Formbook payload (confidence level: 95%) | |
hashf6ed869b733b1f2aa3bdd06040f3372a | Formbook payload (confidence level: 95%) | |
hashcc4c8cc215cf766a06242d2d1e528f5c797e3d26 | Formbook payload (confidence level: 95%) | |
hash0541e6973f6989836c83e0159249d9e8a1dc17e4f97935625b5f601a58d26b74 | Formbook payload (confidence level: 95%) | |
hashfa60e693583699ca08d0a1c472b61e49 | Formbook payload (confidence level: 95%) | |
hash7aa599e8015acce39808380c98270fbb62eecb73 | AsyncRAT payload (confidence level: 95%) | |
hashb6dcb01c7c91f76249539cfdd025d171ebbc37c2e19842b3f1d13122200de356 | AsyncRAT payload (confidence level: 95%) | |
hash0bb47290ac45642ac44a00846eda74e2 | AsyncRAT payload (confidence level: 95%) | |
hashafdc1837050a457afd697805789fb9d4fdfa26fd | KrakenKeylogger payload (confidence level: 95%) | |
hash284400d9826ea96d5b987da41c6814e144df297cd1bb244bbe8c970c75ee82f7 | KrakenKeylogger payload (confidence level: 95%) | |
hashd734d8b0e8245adb55e95e1d8295f53a | KrakenKeylogger payload (confidence level: 95%) | |
hash605c0ff486e3a06575fad1970104d910718393ef | Formbook payload (confidence level: 95%) | |
hash32965bb299871138e7c54b5cc9d82a212704ff8c30790f9e8583c31087074d05 | Formbook payload (confidence level: 95%) | |
hash40c826d3c854b7891ac0cdd99681f9b5 | Formbook payload (confidence level: 95%) | |
hash88d8a5da92a92cf691f2f2e14006dd53b16246b8 | RedLine Stealer payload (confidence level: 95%) | |
hash5a2ff424e21c1ab4f0e32bb5eb18f93e7f5a3abb3a401cd69b71598fde93e24c | RedLine Stealer payload (confidence level: 95%) | |
hashfcffb57c9793b9c6a75398d596870a7e | RedLine Stealer payload (confidence level: 95%) | |
hashc018438f53cead5fc650c0843fd611949e18f9f4 | KrakenKeylogger payload (confidence level: 95%) | |
hash924b0124cf3bab75460848e2beacd4562367d4faf4df3f55c8d9333c6bac69d9 | KrakenKeylogger payload (confidence level: 95%) | |
hash89c28f1673d7cbfbfb25b4758f1b388f | KrakenKeylogger payload (confidence level: 95%) | |
hashaa0adb1fbb53c641b496576510325cb472b7a1b8 | Formbook payload (confidence level: 95%) | |
hashb77792487c03ffa2343cc4406834d7b3246608635d70b9bbcb43bfd6d48abb3e | Formbook payload (confidence level: 95%) | |
hash7287e41cfb376388b55cee149649dc13 | Formbook payload (confidence level: 95%) | |
hashd3b4cbd9727d13bf1e16bfec841e7d1f397ba5ad | Formbook payload (confidence level: 95%) | |
hash284f26ae087d73b251064270b831c25b67a7d58eafc44ed33a4412af283c7ad5 | Formbook payload (confidence level: 95%) | |
hashad915436621d70a8a804bf1196c4e40f | Formbook payload (confidence level: 95%) | |
hash60b373bcd072ff1f31cb32abcb9f26387cfacb9e | RokRAT payload (confidence level: 95%) | |
hash1bca88ef695a571b209d53645981a5bf0d005491ee35b4bf7fb5890c4f7fb8d5 | RokRAT payload (confidence level: 95%) | |
hash76e42ae7f8be751dc2802f8429acad56 | RokRAT payload (confidence level: 95%) | |
hashf8dda828c59aad8aff6eb9787302f1b3b9fe23de | Stealc payload (confidence level: 95%) | |
hashb8e467f289aaf7e2328c24b98415ab9102bad8bd92100624643cf904c1979668 | Stealc payload (confidence level: 95%) | |
hash24d20705fb54d4d58041ada67e071d21 | Stealc payload (confidence level: 95%) | |
hash5f93883cdd47b1e782dbbb057031071249f44291 | Formbook payload (confidence level: 95%) | |
hashe7d816812a96c1bb4ba1e6095c9b050c69259390227b72a0a7f9427dc857375b | Formbook payload (confidence level: 95%) | |
hash072aad77cce7422245b6650cf58356b4 | Formbook payload (confidence level: 95%) | |
hash3094520ee106d245e151d389cdd20a00f750733c | Formbook payload (confidence level: 95%) | |
hash6def0a0a848f5f4a1327ba3f02280023bdb1819ca22e5ff056c5d6d114d56dd3 | Formbook payload (confidence level: 95%) | |
hashb31578b9c024ebe7b0370eebd54bc4c6 | Formbook payload (confidence level: 95%) | |
hashf18a4ad694af5ba50a7697b4cb66308454c555d9 | DCRat payload (confidence level: 95%) | |
hashb62b6592549d56b573efdd053c73e37542742301fffbeb786a60c227564b97a3 | DCRat payload (confidence level: 95%) | |
hash11fdce42422f8ed518fedf290f5bfc3c | DCRat payload (confidence level: 95%) | |
hash16fcc47dee4d1aa73911dfe855e2053a27df176a | RedLine Stealer payload (confidence level: 95%) | |
hash9ad8a7c40f6360a17fa6a3d50bb25e97e87b042a6ae1555d089e32f0ab6d08a8 | RedLine Stealer payload (confidence level: 95%) | |
hash24a0fca0ed4e41562a676366af495f6a | RedLine Stealer payload (confidence level: 95%) | |
hasheb4a99acdc4b638528902c8e8480bc1f58a457b5 | RedLine Stealer payload (confidence level: 95%) | |
hashb9d43a80163b702f8c3d2aac0409bb2d945368e68b9c4cbe29e888ceff2fb953 | RedLine Stealer payload (confidence level: 95%) | |
hash22c86949178066a53d70309553f8b44e | RedLine Stealer payload (confidence level: 95%) | |
hash421b526ab7b03c4fb1529af55074b4cf1fba30af | Loki Password Stealer (PWS) payload (confidence level: 95%) | |
hash1a295933a80907bda689b231e5295eae86bd19b21964ee8669ceb5598c9d714d | Loki Password Stealer (PWS) payload (confidence level: 95%) | |
hash8a43a10dc1358f554584a7e8c5dfdf1a | Loki Password Stealer (PWS) payload (confidence level: 95%) | |
hashf17ce69341d644b50e54486ced5aba88d211d909 | Agent Tesla payload (confidence level: 95%) | |
hash2588628567a389739902b81ee0da9ade0fb2581cfb0f7e8a4e77eb7c8c9686d7 | Agent Tesla payload (confidence level: 95%) | |
hashf825119aac9f5634df19940feb8860da | Agent Tesla payload (confidence level: 95%) | |
hash3ffdbd4b2654ae4e28fc4d3d7713fa37879246e5 | Agent Tesla payload (confidence level: 95%) | |
hash86f7459bb61b6eaf595824dc945f72659d557a8bdda517153053e734d80d7799 | Agent Tesla payload (confidence level: 95%) | |
hashb304d1b9a4e3e8a6bdf932493f2548b8 | Agent Tesla payload (confidence level: 95%) | |
hash94354e25977358516c6a392c846aebbecfd3fbf6 | Agent Tesla payload (confidence level: 95%) | |
hashe1a050359e21a28ac438ac34b62c378ba189cedee822b36d57b56c0a06943776 | Agent Tesla payload (confidence level: 95%) | |
hashe00863c7ece5fc345abbe571476bf8e8 | Agent Tesla payload (confidence level: 95%) | |
hashd671d93d15b4408119403a6c0b7268bd08b46b99 | Stealc payload (confidence level: 95%) | |
hash66f3ab9e1eca16bc971fb9aa09434da6394a5e9eaf2edc0c0306436b25b6ccfc | Stealc payload (confidence level: 95%) | |
hash98a3be9edc1d95d06e572a847e18de0d | Stealc payload (confidence level: 95%) | |
hashf6fafa30ee19097e50d8cc7b911a3218420a3b16 | Formbook payload (confidence level: 95%) | |
hash8169fbe9bf02387ec00bae17cf93137897320557b364701b381bad3bbb80c9dc | Formbook payload (confidence level: 95%) | |
hash0fdceb221f7bdc06a88ddae393516d1f | Formbook payload (confidence level: 95%) | |
hash73cd182e2d269f488f720b965c5bbe61173fbb8d | Stealc payload (confidence level: 95%) | |
hash035cc649301d7ae83a5c20d6349f525054cf255dc0213ad86ffa17f8c68316af | Stealc payload (confidence level: 95%) | |
hashf492311c1d075329c0a8be65da3181a2 | Stealc payload (confidence level: 95%) | |
hash5126c64c9d6d539c8c413d70076dde6a908c3ad2 | KrakenKeylogger payload (confidence level: 95%) | |
hash868582a9b771968c6a81d446f2eefe693818cb02c04271e75735b4a790965c8b | KrakenKeylogger payload (confidence level: 95%) | |
hash181a4569ecf8f635b6e51d0a1cf5b865 | KrakenKeylogger payload (confidence level: 95%) | |
hashdf42bf9b188be6ca16016e38cdacd77c5a2b6410 | Formbook payload (confidence level: 95%) | |
hash9528d4e63d41c6c17b151d183d9cd4d89201733968f0bdb71f66847396e9fcad | Formbook payload (confidence level: 95%) | |
hash73e271884d53151e7ba3154b9027b6b5 | Formbook payload (confidence level: 95%) | |
hash609581eee3ccccce42c45e424248205d0580c31a | KrakenKeylogger payload (confidence level: 95%) | |
hash9eedd7551fb43bd6f2c943b872401b872bf40378eb9bcea89dddfdada6890d69 | KrakenKeylogger payload (confidence level: 95%) | |
hashe61ce7f6d3fca14c99db78efb3564bbd | KrakenKeylogger payload (confidence level: 95%) | |
hash2b73fc1855c7a36c910c4ea402fe74c378c2b7de | Remcos payload (confidence level: 95%) | |
hashe04440c875bc9a884bb63b42b1203b26b9a510651fea4d9ddf679f64dab6cb7d | Remcos payload (confidence level: 95%) | |
hashdfe61847968d1f336a55754d6db22170 | Remcos payload (confidence level: 95%) | |
hashaafae1935dd3c6ea0242e7293f22f4418cbc433b | Remcos payload (confidence level: 95%) | |
hash98a4d4ed613648b4287f0f9909959e9fc1e4ca1863478034187b14de3188f7cf | Remcos payload (confidence level: 95%) | |
hash577dbffa5469802ed221c987f0ba9640 | Remcos payload (confidence level: 95%) | |
hashb4e71d96e49ea9e3046d82bf3ef8e44d18de71bf | DDKeylogger payload (confidence level: 95%) | |
hash7e3e934402c751f953a3f4a3c6c5591142e9902185bdab102e09be1f9095c0d1 | DDKeylogger payload (confidence level: 95%) | |
hashb31a2a144a79c6e164f92d76b6077775 | DDKeylogger payload (confidence level: 95%) | |
hash71cdf9575d5de275dc56f4c15e891253051893d2 | KrakenKeylogger payload (confidence level: 95%) | |
hashd60df4333857d715edee8797d08e4b0a91df3215391046f7a001ddcb6860b60d | KrakenKeylogger payload (confidence level: 95%) | |
hash1e957f255fa66760fe9494e9fe0c89a8 | KrakenKeylogger payload (confidence level: 95%) | |
hash8b6cbb526b8c80321af05a0b890ab9360fc367dd | DDKeylogger payload (confidence level: 95%) | |
hash089c427ce0cf50c38600eb31732d2124fb058981011a01adb58fc00df0c831b0 | DDKeylogger payload (confidence level: 95%) | |
hash6ba6a6c1cf987ef38ab155566823a5b9 | DDKeylogger payload (confidence level: 95%) | |
hash5ae607ffc92f6400b1d345e474a1a65fc8178634 | Agent Tesla payload (confidence level: 95%) | |
hash889098c1cda089237f79b8b545c9b434f872793785817293962442e53d9e2d1c | Agent Tesla payload (confidence level: 95%) | |
hash3a8b0643142a5e7a4a7e2aa6873f8f6c | Agent Tesla payload (confidence level: 95%) | |
hash9b580189f34e444c817a83824063a983d51e6477 | Amadey payload (confidence level: 95%) | |
hash889e0cd9c866498cbc4dfd966e069d50b3f7e6a62949a1e152675a1e30192e25 | Amadey payload (confidence level: 95%) | |
hashfa5ce5c2a282bcb5938d18297024ca10 | Amadey payload (confidence level: 95%) | |
hash9e1302aaabccb29247948ded46c92fca6d1fa2a0 | Formbook payload (confidence level: 95%) | |
hashd37fe4f855049ecab456f1badc8f52afecf4d6ee3d7d43de84b7e0940dbb7399 | Formbook payload (confidence level: 95%) | |
hash13c0e83573fffeb4e951929815daf4e1 | Formbook payload (confidence level: 95%) | |
hash689376a01eedaa37df77f054efbcb48ab637856d | Loki Password Stealer (PWS) payload (confidence level: 95%) | |
hasha11e5e97a308ee046545cfe0167079f89968f9a1d7ae0b8a9dbc7dc39cbe2e09 | Loki Password Stealer (PWS) payload (confidence level: 95%) | |
hashdd4f5cbd58b0f61c045bb5dd0a843fa5 | Loki Password Stealer (PWS) payload (confidence level: 95%) | |
hash8b8a2917ef73daaf784a895cd0a509780580389f | MetaStealer payload (confidence level: 95%) | |
hash069720172b5a5c8864dd3ab7cf716058eb03af6350bab7e6d9d6b2edea10030a | MetaStealer payload (confidence level: 95%) | |
hashe33efc3f7651107c9c03ef76cb239769 | MetaStealer payload (confidence level: 95%) | |
hash512d4739314c1f019e57897a1e5176488a7fa929 | Meterpreter payload (confidence level: 95%) | |
hashdd748e04276a2d77490012f8373d8b6be0baa76140c9c3b649f43caec20c919a | Meterpreter payload (confidence level: 95%) | |
hash108f1fb53a61d46e8df4331ed0724c9d | Meterpreter payload (confidence level: 95%) | |
hash601c93e6a5d46feecb2f02302abe85d479cf9685 | KrakenKeylogger payload (confidence level: 95%) | |
hashf746fa8eb3b2eda0f6e57502abf00b25026aed7f4cb74bff7d9346e5e4efe4fb | KrakenKeylogger payload (confidence level: 95%) | |
hash186847f0a58a13c9af7f9e5691d10e30 | KrakenKeylogger payload (confidence level: 95%) | |
hash88e5e842d8c97844560c0a82df933ca640a1cd4d | Stealc payload (confidence level: 95%) | |
hash452dbb17639025fa094cd813c15b8eaab94e0e1247f53b277da2780b3b024e87 | Stealc payload (confidence level: 95%) | |
hash926daff09010b775a4bcb191869c9b46 | Stealc payload (confidence level: 95%) | |
hashe3d273eaa76ab582fb5b838247e353d0ba7f5a91 | Formbook payload (confidence level: 95%) | |
hash80fc8a632e482b50356c24f84a04f72dcec1c88d1259c5f8b121c5acc6135b93 | Formbook payload (confidence level: 95%) | |
hashe61141a7ae1bbdd5fb0434f2c946b566 | Formbook payload (confidence level: 95%) | |
hash05dab7d32c03873e57e61e0d09272441bba37b77 | Formbook payload (confidence level: 95%) | |
hashfb20f2515799981b9b526e6326f5fb1b3e54b200119ee1d02141d0513aa34fc3 | Formbook payload (confidence level: 95%) | |
hash48a2dfb8bd26c063ba24cbbfc0422a35 | Formbook payload (confidence level: 95%) | |
hashc9d4234b93182397a5b68b6b67695110c389bc46 | Agent Tesla payload (confidence level: 95%) | |
hash52990bf933f0f2a42cd09836a9767b9311de387e851ac4927f1856ddc6e63824 | Agent Tesla payload (confidence level: 95%) | |
hash291ecd26a4b75fb579fa0c49f55d8466 | Agent Tesla payload (confidence level: 95%) | |
hashaa8958821102f0e6528156c487ad647f45066244 | DCRat payload (confidence level: 95%) | |
hashd6c46400ac8ac5d5a7c2820a211b6a760495e4f58e76b72b09bb5819c294674d | DCRat payload (confidence level: 95%) | |
hash5dd0f3ef8fbdee1796e6d982466bf65e | DCRat payload (confidence level: 95%) | |
hash4b38b88543dfdca2330a82fecf51ef471f40aeaa | Stealc payload (confidence level: 95%) | |
hashe5761fbb135d29bcc23feb09ef09aafc4d7b49f0bb64793dae3adc3a5160e8ac | Stealc payload (confidence level: 95%) | |
hashf2290d91936eb97f18ade533cbf3df2b | Stealc payload (confidence level: 95%) | |
hashe973a0dfd474db79ec65564eec25e0e6d97b1f68 | Agent Tesla payload (confidence level: 95%) | |
hash9f0a3a5caa4240f1aae236ac243a17186e5200983749966cb6b07f311a660302 | Agent Tesla payload (confidence level: 95%) | |
hashb5e5ab5981583514fb27193e548e45c2 | Agent Tesla payload (confidence level: 95%) | |
hash5af51fc45f01df84922050caa8c47acd5fff53ca | SigLoader payload (confidence level: 95%) | |
hash62d92a3b2c0ee7f125f15a606659b4675a85e4053c5d82221caed28a49635b2e | SigLoader payload (confidence level: 95%) | |
hash4d80294b3e66e7c45202fab188cdf894 | SigLoader payload (confidence level: 95%) | |
hashb681bde9b1659bc78a591335af90de25f47d0c84 | Agent Tesla payload (confidence level: 95%) | |
hashfa3157e7c4a98fa03ae41b01f7832b81cd35015d7bead4e335262e2211f79f79 | Agent Tesla payload (confidence level: 95%) | |
hashd438e195de9a54a24fd947c64259acf3 | Agent Tesla payload (confidence level: 95%) | |
hash55615 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash9336 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash18082 | NjRAT botnet C2 server (confidence level: 75%) | |
hash443 | Unidentified 111 (Latrodectus) botnet C2 server (confidence level: 75%) | |
hash6240 | NjRAT botnet C2 server (confidence level: 100%) | |
hash5552 | NjRAT botnet C2 server (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://ozero.top/pythonphp_cpubase.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://rocheholding.top/rudolph/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttps://lettecoft.com/live/ | Unidentified 111 (Latrodectus) botnet C2 (confidence level: 49%) | |
urlhttps://ultroawest.com/live/ | Unidentified 111 (Latrodectus) botnet C2 (confidence level: 49%) | |
urlhttp://77.105.133.27/api/firepro.php | PrivateLoader botnet C2 (confidence level: 100%) | |
urlhttp://77.105.133.27/api/firecom.php | PrivateLoader botnet C2 (confidence level: 100%) | |
urlhttp://papka.top/pythondefaultsqlbasetrackcentral.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://77.105.133.27/api/flash.php | PrivateLoader botnet C2 (confidence level: 100%) | |
urlhttp://77.105.133.27/api/twofish.php | PrivateLoader botnet C2 (confidence level: 100%) | |
urlhttp://117.198.11.56:55036/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttp://178.208.86.27/3/basevoiddbcentral/1/basemulti/privatelongpoll/_to/8linuxwordpressvm/dbsecure/5db/62mariadb/55pipeimage/2authprotectupdate/8updatedatalife/externalvmtosecureapilinuxflowergeneratorprivatetemp.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://verose.top/alpha/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://217.28.222.194/linuxprocessgeoimage/5/vm5/2traffictempapi/9php/httpapibasewindowsdatalifedlelocalpublictempcentral.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://124.222.72.51:4433/ty7y | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://92.63.101.139/externalvmpipetoprocessserverprotectcdn.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://hippieblissprovising.com/cdn-vs/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://hippieblissprovising.com/cdn-vs/cache.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://hippieblissprovising.com/cdn-vs/33per.php | FAKEUPDATES payload delivery URL (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainaway-displays.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 75%) | |
domainverose.top | Loki Password Stealer (PWS) botnet C2 domain (confidence level: 100%) | |
domainhippieblissprovising.com | FAKEUPDATES payload delivery domain (confidence level: 100%) |
Threat ID: 68367c96182aa0cae231984e
Added to database: 5/28/2025, 3:01:42 AM
Last enriched: 6/27/2025, 11:21:56 AM
Last updated: 8/16/2025, 10:15:25 AM
Views: 10
Related Threats
ThreatFox IOCs for 2025-08-16
MediumMalwareSun Aug 17 2025
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumMalwareSat Aug 16 2025
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.