ThreatFox IOCs for 2024-07-16
Severity: mediumType: malware
ThreatFox IOCs for 2024-07-16
AI Analysis
Technical Summary
The provided threat intelligence relates to a malware category entry titled "ThreatFox IOCs for 2024-07-16," sourced from ThreatFox, an OSINT (Open Source Intelligence) platform. The entry primarily serves as a collection or report of Indicators of Compromise (IOCs) relevant to malware activity observed or compiled as of July 16, 2024. However, the information lacks specific technical details about the malware's behavior, attack vectors, affected software versions, or exploitation methods. The threat level is indicated as 2 (on an unspecified scale), with a medium severity rating assigned. There are no known exploits in the wild, no Common Weakness Enumerations (CWEs) linked, and no patch references, suggesting this is either a newly identified or low-profile threat without active exploitation campaigns currently documented. The distribution score of 3 implies a moderate spread or presence of the malware or its IOCs within monitored environments. The absence of affected versions and detailed technical indicators limits the ability to pinpoint exact vulnerabilities or attack mechanisms. Overall, this entry appears to be an OSINT-based malware IOC report intended to inform security teams about potential emerging threats, rather than a detailed vulnerability or exploit advisory.
Potential Impact
Given the limited technical details and absence of known exploits in the wild, the immediate impact on European organizations is likely to be low to medium. However, the presence of malware-related IOCs suggests potential reconnaissance or preparatory activity that could precede targeted attacks. European organizations relying on OSINT feeds and threat intelligence platforms may benefit from early awareness but should remain vigilant for any escalation. If the malware were to be leveraged in future campaigns, impacts could include data compromise, disruption of services, or unauthorized access depending on the malware's capabilities, which remain unspecified. The medium severity rating indicates a moderate risk that could affect confidentiality, integrity, or availability if exploited. Organizations in critical infrastructure, finance, or government sectors in Europe should consider this threat in their broader threat landscape assessments, especially given the evolving cyber threat environment.
Mitigation Recommendations
1. Integrate ThreatFox and similar OSINT feeds into existing Security Information and Event Management (SIEM) systems to enable automated detection and correlation of emerging IOCs. 2. Conduct regular threat hunting exercises focusing on the identified IOCs once available, to proactively identify any signs of compromise. 3. Maintain up-to-date endpoint detection and response (EDR) solutions capable of detecting anomalous behaviors associated with unknown or emerging malware. 4. Enhance network segmentation and apply strict access controls to limit lateral movement should an infection occur. 5. Train security operations teams to interpret and act upon OSINT-derived intelligence, emphasizing the importance of early detection even when detailed technical data is sparse. 6. Establish incident response playbooks that include procedures for handling alerts derived from OSINT malware IOC reports. 7. Collaborate with national Computer Emergency Response Teams (CERTs) and information sharing organizations to receive timely updates and context on emerging threats.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- file: 91.92.249.167
- hash: 28788
- file: 38.181.25.40
- hash: 8899
- file: 95.65.165.151
- hash: 4444
- file: 64.190.113.27
- hash: 8081
- file: 104.194.154.198
- hash: 80
- file: 167.71.85.87
- hash: 80
- file: 45.152.65.39
- hash: 9999
- file: 198.46.145.130
- hash: 50050
- file: 38.180.204.127
- hash: 17052
- file: 150.158.155.208
- hash: 63636
- file: 8.138.150.198
- hash: 8899
- file: 178.254.41.13
- hash: 23
- url: http://ozero.top/pythonphp_cpubase.php
- file: 89.213.177.93
- hash: 7000
- file: 89.213.177.100
- hash: 7000
- file: 8.223.29.254
- hash: 443
- file: 163.44.196.162
- hash: 443
- file: 118.24.89.121
- hash: 80
- file: 124.222.92.17
- hash: 80
- file: 39.98.37.146
- hash: 8080
- file: 116.198.232.235
- hash: 8088
- file: 140.143.146.248
- hash: 443
- file: 8.130.113.74
- hash: 443
- file: 121.199.56.173
- hash: 8443
- file: 106.14.69.133
- hash: 8081
- file: 124.222.97.236
- hash: 9090
- file: 47.97.71.149
- hash: 7777
- file: 118.194.237.184
- hash: 80
- file: 103.113.70.89
- hash: 80
- file: 140.143.146.248
- hash: 80
- file: 8.223.20.63
- hash: 443
- file: 45.61.136.83
- hash: 443
- file: 91.208.73.75
- hash: 82
- file: 172.245.184.135
- hash: 8888
- file: 8.134.12.90
- hash: 7777
- url: http://rocheholding.top/rudolph/five/fre.php
- file: 185.222.57.153
- hash: 55615
- file: 147.185.221.21
- hash: 15158
- url: https://lettecoft.com/live/
- url: https://ultroawest.com/live/
- file: 185.222.57.74
- hash: 55615
- url: http://77.105.133.27/api/firepro.php
- url: http://77.105.133.27/api/firecom.php
- file: 191.232.181.180
- hash: 8443
- file: 191.232.181.180
- hash: 443
- url: http://papka.top/pythondefaultsqlbasetrackcentral.php
- url: http://77.105.133.27/api/flash.php
- file: 77.91.77.178
- hash: 80
- file: 91.92.248.167
- hash: 1294
- file: 2.58.80.130
- hash: 6606
- domain: away-displays.gl.at.ply.gg
- url: http://77.105.133.27/api/twofish.php
- url: http://117.198.11.56:55036/mozi.m
- url: http://178.208.86.27/3/basevoiddbcentral/1/basemulti/privatelongpoll/_to/8linuxwordpressvm/dbsecure/5db/62mariadb/55pipeimage/2authprotectupdate/8updatedatalife/externalvmtosecureapilinuxflowergeneratorprivatetemp.php
- file: 95.211.6.240
- hash: 57887
- url: http://verose.top/alpha/five/fre.php
- domain: verose.top
- file: 104.21.95.88
- hash: 80
- file: 213.109.202.15
- hash: 15647
- file: 37.130.98.195
- hash: 1604
- file: 78.142.29.49
- hash: 4443
- url: http://217.28.222.194/linuxprocessgeoimage/5/vm5/2traffictempapi/9php/httpapibasewindowsdatalifedlelocalpublictempcentral.php
- file: 168.119.197.51
- hash: 80
- file: 168.119.197.51
- hash: 443
- file: 103.146.179.110
- hash: 9443
- file: 47.97.97.167
- hash: 80
- file: 84.38.182.16
- hash: 443
- file: 42.51.37.127
- hash: 50050
- file: 124.222.72.51
- hash: 4433
- url: http://124.222.72.51:4433/ty7y
- hash: 5790e528e7a31624698be513cfde41434c00fa08
- hash: 2d4791c66db346075cc3811dedc19b66cdda13d8deb7ef3c5aa44843e8e61597
- hash: 5cebc6552eb1d0665391ddbe8a25bfff
- hash: dea55ab65d2dd759039ea069fc1f7fe055a96da9
- hash: 480f4a5849d419021dfa30782d4242f59415e83aca301abb1e2784f8eff882cf
- hash: 3431f70e334efd4bc2d2620f26ea1dcc
- hash: db48a055cb6b0a92aa87d77e96c0c31c68f63cec
- hash: 75128be2810392ee9cb9f4d4c847332bd943a321179bb3bc13395bf546caa2fe
- hash: 8b7c477a89b7c69d52da4cc6c9656ac1
- hash: 7776a6811c5dd56540a085c48cccf7b900ae03f0
- hash: 1a5910ce3b26031816250a63e0c2d77d14b73aafa45623d01f1d2de9bd46bdbe
- hash: 04977e6f52297b61a6fffa8e5e236841
- hash: 2d6766a409d628bb1cd8c6370b5a98c82c6c9f2b
- hash: 9bdce73f40c53af0dc3958ab553bea222729f61523865f223b3f2298e220dd8e
- hash: b9bccd35addce48384491a98e1b89eb5
- hash: 2489fe5be3f2bd1e5e2c57a9cfe24ca2e941ef3f
- hash: df27f957caf63ff475d1fdbe1b997be86e3386ee12662def309874fae4e89914
- hash: ff4521a6c0f1f267d7f1b5b9620665d8
- hash: 10ac0bbf6ab7e2db1d53a93973bf73573160eeab
- hash: 304555a63b7a431a158fd9e527bdfcb7610f6dfa9231f4184f2e80e85a0dc520
- hash: 2e2358523bbe722450a7e49eed0534b6
- hash: 8785577efa8d243aea6683aa3c183f7759ea0fd4
- hash: 5991707a9afd5e5878bf330a63c09576dc1fa95f454b1452888b9672461f4128
- hash: 16e8d80c431155a82874e0162490c4c9
- hash: 2fc39383047d4511422160b534eab0bf12290831
- hash: 979e6920fc27cda0cb462b26f221a6e521e3974ae737022db7215747f54ff349
- hash: 464234f49cc53201fc4a8976c99b0499
- hash: 0e51ac74967a4771cc5b0e0fa16039da7d1ad97b
- hash: 05f763c6293bbf6ea3cb055043265326f6d714b30b7032a6fcbe236bf46233d9
- hash: cdad057bf858cecb47bcf67d3b9fe985
- hash: 0357d6888093126979c92dd2c9601fe032e54f60
- hash: e79e83851d7a1d359a9c2aa4a8ad42790a7d4671d2fa832c908c4ec2374319b9
- hash: a7ead26bba76400ba28b16d673d09ca9
- hash: acfc93b40ed21ce5e0c9aadd327a462ff21b24ca
- hash: 646456f832bf387fc22d1c5a26e2adb6473c19045994a54948c0dc07aca07022
- hash: dd0ae853e22eae3fd92bb4ff64b0bae1
- hash: 8cdd658a350750a2c95eed87a20fe8a22159c50a
- hash: 0822d4c51c466544072ac07dd5c2dbf4143431fb6955a05911600fed50d0229a
- hash: a907d2e6edda829467a10bc8a87cb76f
- hash: 4d9ef1a9e7a99e2bc6da280b14705d0660cd27ac
- hash: bed59c144540d5cd1662becc04e1d7cb2c974023ae5cc1689d6070961561d8b1
- hash: fdbffab12910e6d406fb7ee60afaf6ed
- hash: 214a6276da8f2ead192d1cb28cf6afd514752eec
- hash: 45546f324eb60085374045715890404ffe9ecbd9c15cbcfcb6828fdfd87179fa
- hash: 1cc7ec4c91b811c75bb9621120b95dd4
- hash: cc1d3d2bc07d84b4bb4f013535294b68a6469aa0
- hash: d977affbd15e007cb41e7954b06fe12bdbd67685fb61dc0f3454c1623ab3790c
- hash: 2b91f0a7163102b5677b28886c67f6ca
- hash: 983a574e4dd4a09308e5c42ad318d9d13e15bc8c
- hash: d3958cd070eae6b6cc81e8608e7599185e7498e6713aa5a8d1b0b0c6967927a2
- hash: 5c35ba06589f696cc838a4592c32cfad
- hash: 7075acf1c62e44653f5c834a14b56cd342f0ae5a
- hash: 05b3ae9c167cf06edf52dc99127dfd516e24ead51e9da7d3fbf230124e7063e1
- hash: f6ed869b733b1f2aa3bdd06040f3372a
- hash: cc4c8cc215cf766a06242d2d1e528f5c797e3d26
- hash: 0541e6973f6989836c83e0159249d9e8a1dc17e4f97935625b5f601a58d26b74
- hash: fa60e693583699ca08d0a1c472b61e49
- hash: 7aa599e8015acce39808380c98270fbb62eecb73
- hash: b6dcb01c7c91f76249539cfdd025d171ebbc37c2e19842b3f1d13122200de356
- hash: 0bb47290ac45642ac44a00846eda74e2
- hash: afdc1837050a457afd697805789fb9d4fdfa26fd
- hash: 284400d9826ea96d5b987da41c6814e144df297cd1bb244bbe8c970c75ee82f7
- hash: d734d8b0e8245adb55e95e1d8295f53a
- hash: 605c0ff486e3a06575fad1970104d910718393ef
- hash: 32965bb299871138e7c54b5cc9d82a212704ff8c30790f9e8583c31087074d05
- hash: 40c826d3c854b7891ac0cdd99681f9b5
- hash: 88d8a5da92a92cf691f2f2e14006dd53b16246b8
- hash: 5a2ff424e21c1ab4f0e32bb5eb18f93e7f5a3abb3a401cd69b71598fde93e24c
- hash: fcffb57c9793b9c6a75398d596870a7e
- hash: c018438f53cead5fc650c0843fd611949e18f9f4
- hash: 924b0124cf3bab75460848e2beacd4562367d4faf4df3f55c8d9333c6bac69d9
- hash: 89c28f1673d7cbfbfb25b4758f1b388f
- hash: aa0adb1fbb53c641b496576510325cb472b7a1b8
- hash: b77792487c03ffa2343cc4406834d7b3246608635d70b9bbcb43bfd6d48abb3e
- hash: 7287e41cfb376388b55cee149649dc13
- hash: d3b4cbd9727d13bf1e16bfec841e7d1f397ba5ad
- hash: 284f26ae087d73b251064270b831c25b67a7d58eafc44ed33a4412af283c7ad5
- hash: ad915436621d70a8a804bf1196c4e40f
- hash: 60b373bcd072ff1f31cb32abcb9f26387cfacb9e
- hash: 1bca88ef695a571b209d53645981a5bf0d005491ee35b4bf7fb5890c4f7fb8d5
- hash: 76e42ae7f8be751dc2802f8429acad56
- hash: f8dda828c59aad8aff6eb9787302f1b3b9fe23de
- hash: b8e467f289aaf7e2328c24b98415ab9102bad8bd92100624643cf904c1979668
- hash: 24d20705fb54d4d58041ada67e071d21
- hash: 5f93883cdd47b1e782dbbb057031071249f44291
- hash: e7d816812a96c1bb4ba1e6095c9b050c69259390227b72a0a7f9427dc857375b
- hash: 072aad77cce7422245b6650cf58356b4
- hash: 3094520ee106d245e151d389cdd20a00f750733c
- hash: 6def0a0a848f5f4a1327ba3f02280023bdb1819ca22e5ff056c5d6d114d56dd3
- hash: b31578b9c024ebe7b0370eebd54bc4c6
- hash: f18a4ad694af5ba50a7697b4cb66308454c555d9
- hash: b62b6592549d56b573efdd053c73e37542742301fffbeb786a60c227564b97a3
- hash: 11fdce42422f8ed518fedf290f5bfc3c
- hash: 16fcc47dee4d1aa73911dfe855e2053a27df176a
- hash: 9ad8a7c40f6360a17fa6a3d50bb25e97e87b042a6ae1555d089e32f0ab6d08a8
- hash: 24a0fca0ed4e41562a676366af495f6a
- hash: eb4a99acdc4b638528902c8e8480bc1f58a457b5
- hash: b9d43a80163b702f8c3d2aac0409bb2d945368e68b9c4cbe29e888ceff2fb953
- hash: 22c86949178066a53d70309553f8b44e
- hash: 421b526ab7b03c4fb1529af55074b4cf1fba30af
- hash: 1a295933a80907bda689b231e5295eae86bd19b21964ee8669ceb5598c9d714d
- hash: 8a43a10dc1358f554584a7e8c5dfdf1a
- hash: f17ce69341d644b50e54486ced5aba88d211d909
- hash: 2588628567a389739902b81ee0da9ade0fb2581cfb0f7e8a4e77eb7c8c9686d7
- hash: f825119aac9f5634df19940feb8860da
- hash: 3ffdbd4b2654ae4e28fc4d3d7713fa37879246e5
- hash: 86f7459bb61b6eaf595824dc945f72659d557a8bdda517153053e734d80d7799
- hash: b304d1b9a4e3e8a6bdf932493f2548b8
- hash: 94354e25977358516c6a392c846aebbecfd3fbf6
- hash: e1a050359e21a28ac438ac34b62c378ba189cedee822b36d57b56c0a06943776
- hash: e00863c7ece5fc345abbe571476bf8e8
- hash: d671d93d15b4408119403a6c0b7268bd08b46b99
- hash: 66f3ab9e1eca16bc971fb9aa09434da6394a5e9eaf2edc0c0306436b25b6ccfc
- hash: 98a3be9edc1d95d06e572a847e18de0d
- hash: f6fafa30ee19097e50d8cc7b911a3218420a3b16
- hash: 8169fbe9bf02387ec00bae17cf93137897320557b364701b381bad3bbb80c9dc
- hash: 0fdceb221f7bdc06a88ddae393516d1f
- hash: 73cd182e2d269f488f720b965c5bbe61173fbb8d
- hash: 035cc649301d7ae83a5c20d6349f525054cf255dc0213ad86ffa17f8c68316af
- hash: f492311c1d075329c0a8be65da3181a2
- hash: 5126c64c9d6d539c8c413d70076dde6a908c3ad2
- hash: 868582a9b771968c6a81d446f2eefe693818cb02c04271e75735b4a790965c8b
- hash: 181a4569ecf8f635b6e51d0a1cf5b865
- hash: df42bf9b188be6ca16016e38cdacd77c5a2b6410
- hash: 9528d4e63d41c6c17b151d183d9cd4d89201733968f0bdb71f66847396e9fcad
- hash: 73e271884d53151e7ba3154b9027b6b5
- hash: 609581eee3ccccce42c45e424248205d0580c31a
- hash: 9eedd7551fb43bd6f2c943b872401b872bf40378eb9bcea89dddfdada6890d69
- hash: e61ce7f6d3fca14c99db78efb3564bbd
- hash: 2b73fc1855c7a36c910c4ea402fe74c378c2b7de
- hash: e04440c875bc9a884bb63b42b1203b26b9a510651fea4d9ddf679f64dab6cb7d
- hash: dfe61847968d1f336a55754d6db22170
- hash: aafae1935dd3c6ea0242e7293f22f4418cbc433b
- hash: 98a4d4ed613648b4287f0f9909959e9fc1e4ca1863478034187b14de3188f7cf
- hash: 577dbffa5469802ed221c987f0ba9640
- hash: b4e71d96e49ea9e3046d82bf3ef8e44d18de71bf
- hash: 7e3e934402c751f953a3f4a3c6c5591142e9902185bdab102e09be1f9095c0d1
- hash: b31a2a144a79c6e164f92d76b6077775
- hash: 71cdf9575d5de275dc56f4c15e891253051893d2
- hash: d60df4333857d715edee8797d08e4b0a91df3215391046f7a001ddcb6860b60d
- hash: 1e957f255fa66760fe9494e9fe0c89a8
- hash: 8b6cbb526b8c80321af05a0b890ab9360fc367dd
- hash: 089c427ce0cf50c38600eb31732d2124fb058981011a01adb58fc00df0c831b0
- hash: 6ba6a6c1cf987ef38ab155566823a5b9
- hash: 5ae607ffc92f6400b1d345e474a1a65fc8178634
- hash: 889098c1cda089237f79b8b545c9b434f872793785817293962442e53d9e2d1c
- hash: 3a8b0643142a5e7a4a7e2aa6873f8f6c
- hash: 9b580189f34e444c817a83824063a983d51e6477
- hash: 889e0cd9c866498cbc4dfd966e069d50b3f7e6a62949a1e152675a1e30192e25
- hash: fa5ce5c2a282bcb5938d18297024ca10
- hash: 9e1302aaabccb29247948ded46c92fca6d1fa2a0
- hash: d37fe4f855049ecab456f1badc8f52afecf4d6ee3d7d43de84b7e0940dbb7399
- hash: 13c0e83573fffeb4e951929815daf4e1
- hash: 689376a01eedaa37df77f054efbcb48ab637856d
- hash: a11e5e97a308ee046545cfe0167079f89968f9a1d7ae0b8a9dbc7dc39cbe2e09
- hash: dd4f5cbd58b0f61c045bb5dd0a843fa5
- hash: 8b8a2917ef73daaf784a895cd0a509780580389f
- hash: 069720172b5a5c8864dd3ab7cf716058eb03af6350bab7e6d9d6b2edea10030a
- hash: e33efc3f7651107c9c03ef76cb239769
- hash: 512d4739314c1f019e57897a1e5176488a7fa929
- hash: dd748e04276a2d77490012f8373d8b6be0baa76140c9c3b649f43caec20c919a
- hash: 108f1fb53a61d46e8df4331ed0724c9d
- hash: 601c93e6a5d46feecb2f02302abe85d479cf9685
- hash: f746fa8eb3b2eda0f6e57502abf00b25026aed7f4cb74bff7d9346e5e4efe4fb
- hash: 186847f0a58a13c9af7f9e5691d10e30
- hash: 88e5e842d8c97844560c0a82df933ca640a1cd4d
- hash: 452dbb17639025fa094cd813c15b8eaab94e0e1247f53b277da2780b3b024e87
- hash: 926daff09010b775a4bcb191869c9b46
- hash: e3d273eaa76ab582fb5b838247e353d0ba7f5a91
- hash: 80fc8a632e482b50356c24f84a04f72dcec1c88d1259c5f8b121c5acc6135b93
- hash: e61141a7ae1bbdd5fb0434f2c946b566
- hash: 05dab7d32c03873e57e61e0d09272441bba37b77
- hash: fb20f2515799981b9b526e6326f5fb1b3e54b200119ee1d02141d0513aa34fc3
- hash: 48a2dfb8bd26c063ba24cbbfc0422a35
- hash: c9d4234b93182397a5b68b6b67695110c389bc46
- hash: 52990bf933f0f2a42cd09836a9767b9311de387e851ac4927f1856ddc6e63824
- hash: 291ecd26a4b75fb579fa0c49f55d8466
- hash: aa8958821102f0e6528156c487ad647f45066244
- hash: d6c46400ac8ac5d5a7c2820a211b6a760495e4f58e76b72b09bb5819c294674d
- hash: 5dd0f3ef8fbdee1796e6d982466bf65e
- hash: 4b38b88543dfdca2330a82fecf51ef471f40aeaa
- hash: e5761fbb135d29bcc23feb09ef09aafc4d7b49f0bb64793dae3adc3a5160e8ac
- hash: f2290d91936eb97f18ade533cbf3df2b
- hash: e973a0dfd474db79ec65564eec25e0e6d97b1f68
- hash: 9f0a3a5caa4240f1aae236ac243a17186e5200983749966cb6b07f311a660302
- hash: b5e5ab5981583514fb27193e548e45c2
- hash: 5af51fc45f01df84922050caa8c47acd5fff53ca
- hash: 62d92a3b2c0ee7f125f15a606659b4675a85e4053c5d82221caed28a49635b2e
- hash: 4d80294b3e66e7c45202fab188cdf894
- hash: b681bde9b1659bc78a591335af90de25f47d0c84
- hash: fa3157e7c4a98fa03ae41b01f7832b81cd35015d7bead4e335262e2211f79f79
- hash: d438e195de9a54a24fd947c64259acf3
- file: 185.222.57.67
- hash: 55615
- file: 147.185.221.20
- hash: 9336
- url: http://92.63.101.139/externalvmpipetoprocessserverprotectcdn.php
- file: 147.185.221.21
- hash: 18082
- url: https://hippieblissprovising.com/cdn-vs/original.js
- domain: hippieblissprovising.com
- url: https://hippieblissprovising.com/cdn-vs/cache.php
- url: http://hippieblissprovising.com/cdn-vs/33per.php
- file: 51.91.35.148
- hash: 443
- file: 147.185.221.21
- hash: 6240
- file: 176.97.210.241
- hash: 5552
ThreatFox IOCs for 2024-07-16
Medium
Published: Tue Jul 16 2024 (07/16/2024, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2024-07-16
AI-Powered Analysis
AILast updated: 06/18/2025, 07:50:47 UTC
Technical Analysis
The provided threat intelligence relates to a malware category entry titled "ThreatFox IOCs for 2024-07-16," sourced from ThreatFox, an OSINT (Open Source Intelligence) platform. The entry primarily serves as a collection or report of Indicators of Compromise (IOCs) relevant to malware activity observed or compiled as of July 16, 2024. However, the information lacks specific technical details about the malware's behavior, attack vectors, affected software versions, or exploitation methods. The threat level is indicated as 2 (on an unspecified scale), with a medium severity rating assigned. There are no known exploits in the wild, no Common Weakness Enumerations (CWEs) linked, and no patch references, suggesting this is either a newly identified or low-profile threat without active exploitation campaigns currently documented. The distribution score of 3 implies a moderate spread or presence of the malware or its IOCs within monitored environments. The absence of affected versions and detailed technical indicators limits the ability to pinpoint exact vulnerabilities or attack mechanisms. Overall, this entry appears to be an OSINT-based malware IOC report intended to inform security teams about potential emerging threats, rather than a detailed vulnerability or exploit advisory.
Potential Impact
Given the limited technical details and absence of known exploits in the wild, the immediate impact on European organizations is likely to be low to medium. However, the presence of malware-related IOCs suggests potential reconnaissance or preparatory activity that could precede targeted attacks. European organizations relying on OSINT feeds and threat intelligence platforms may benefit from early awareness but should remain vigilant for any escalation. If the malware were to be leveraged in future campaigns, impacts could include data compromise, disruption of services, or unauthorized access depending on the malware's capabilities, which remain unspecified. The medium severity rating indicates a moderate risk that could affect confidentiality, integrity, or availability if exploited. Organizations in critical infrastructure, finance, or government sectors in Europe should consider this threat in their broader threat landscape assessments, especially given the evolving cyber threat environment.
Mitigation Recommendations
1. Integrate ThreatFox and similar OSINT feeds into existing Security Information and Event Management (SIEM) systems to enable automated detection and correlation of emerging IOCs. 2. Conduct regular threat hunting exercises focusing on the identified IOCs once available, to proactively identify any signs of compromise. 3. Maintain up-to-date endpoint detection and response (EDR) solutions capable of detecting anomalous behaviors associated with unknown or emerging malware. 4. Enhance network segmentation and apply strict access controls to limit lateral movement should an infection occur. 5. Train security operations teams to interpret and act upon OSINT-derived intelligence, emphasizing the importance of early detection even when detailed technical data is sparse. 6. Establish incident response playbooks that include procedures for handling alerts derived from OSINT malware IOC reports. 7. Collaborate with national Computer Emergency Response Teams (CERTs) and information sharing organizations to receive timely updates and context on emerging threats.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- f8d65f02-102d-4319-ada8-ae3f448f3f1f
- Original Timestamp
- 1721174588
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file91.92.249.167 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file38.181.25.40 | Venom RAT botnet C2 server (confidence level: 80%) | |
file95.65.165.151 | Venom RAT botnet C2 server (confidence level: 80%) | |
file64.190.113.27 | Venom RAT botnet C2 server (confidence level: 80%) | |
file104.194.154.198 | RecordBreaker botnet C2 server (confidence level: 80%) | |
file167.71.85.87 | Hook botnet C2 server (confidence level: 80%) | |
file45.152.65.39 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file198.46.145.130 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file38.180.204.127 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file150.158.155.208 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file8.138.150.198 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file178.254.41.13 | MooBot botnet C2 server (confidence level: 80%) | |
file89.213.177.93 | XWorm botnet C2 server (confidence level: 100%) | |
file89.213.177.100 | XWorm botnet C2 server (confidence level: 100%) | |
file8.223.29.254 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file163.44.196.162 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.24.89.121 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.222.92.17 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.98.37.146 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file116.198.232.235 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file140.143.146.248 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.130.113.74 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.199.56.173 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.14.69.133 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.222.97.236 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.97.71.149 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.194.237.184 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.113.70.89 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file140.143.146.248 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.223.20.63 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.61.136.83 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.208.73.75 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.245.184.135 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.134.12.90 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.222.57.153 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file147.185.221.21 | NjRAT botnet C2 server (confidence level: 75%) | |
file185.222.57.74 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file191.232.181.180 | Unknown malware botnet C2 server (confidence level: 100%) | |
file191.232.181.180 | Unknown malware botnet C2 server (confidence level: 100%) | |
file77.91.77.178 | AMOS botnet C2 server (confidence level: 100%) | |
file91.92.248.167 | XenoRAT botnet C2 server (confidence level: 100%) | |
file2.58.80.130 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file95.211.6.240 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file104.21.95.88 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%) | |
file213.109.202.15 | SectopRAT botnet C2 server (confidence level: 100%) | |
file37.130.98.195 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file78.142.29.49 | Venom RAT botnet C2 server (confidence level: 80%) | |
file168.119.197.51 | Vidar botnet C2 server (confidence level: 80%) | |
file168.119.197.51 | Vidar botnet C2 server (confidence level: 80%) | |
file103.146.179.110 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file47.97.97.167 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file84.38.182.16 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file42.51.37.127 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file124.222.72.51 | Meterpreter botnet C2 server (confidence level: 100%) | |
file185.222.57.67 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file147.185.221.20 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file147.185.221.21 | NjRAT botnet C2 server (confidence level: 75%) | |
file51.91.35.148 | Unidentified 111 (Latrodectus) botnet C2 server (confidence level: 75%) | |
file147.185.221.21 | NjRAT botnet C2 server (confidence level: 100%) | |
file176.97.210.241 | NjRAT botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash28788 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash8899 | Venom RAT botnet C2 server (confidence level: 80%) | |
hash4444 | Venom RAT botnet C2 server (confidence level: 80%) | |
hash8081 | Venom RAT botnet C2 server (confidence level: 80%) | |
hash80 | RecordBreaker botnet C2 server (confidence level: 80%) | |
hash80 | Hook botnet C2 server (confidence level: 80%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash17052 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash63636 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash8899 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash23 | MooBot botnet C2 server (confidence level: 80%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9090 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash82 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash55615 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash15158 | NjRAT botnet C2 server (confidence level: 75%) | |
hash55615 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | AMOS botnet C2 server (confidence level: 100%) | |
hash1294 | XenoRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash57887 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%) | |
hash15647 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash1604 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash4443 | Venom RAT botnet C2 server (confidence level: 80%) | |
hash80 | Vidar botnet C2 server (confidence level: 80%) | |
hash443 | Vidar botnet C2 server (confidence level: 80%) | |
hash9443 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash4433 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash5790e528e7a31624698be513cfde41434c00fa08 | Cobalt Strike payload (confidence level: 95%) | |
hash2d4791c66db346075cc3811dedc19b66cdda13d8deb7ef3c5aa44843e8e61597 | Cobalt Strike payload (confidence level: 95%) | |
hash5cebc6552eb1d0665391ddbe8a25bfff | Cobalt Strike payload (confidence level: 95%) | |
hashdea55ab65d2dd759039ea069fc1f7fe055a96da9 | DCRat payload (confidence level: 95%) | |
hash480f4a5849d419021dfa30782d4242f59415e83aca301abb1e2784f8eff882cf | DCRat payload (confidence level: 95%) | |
hash3431f70e334efd4bc2d2620f26ea1dcc | DCRat payload (confidence level: 95%) | |
hashdb48a055cb6b0a92aa87d77e96c0c31c68f63cec | KrakenKeylogger payload (confidence level: 95%) | |
hash75128be2810392ee9cb9f4d4c847332bd943a321179bb3bc13395bf546caa2fe | KrakenKeylogger payload (confidence level: 95%) | |
hash8b7c477a89b7c69d52da4cc6c9656ac1 | KrakenKeylogger payload (confidence level: 95%) | |
hash7776a6811c5dd56540a085c48cccf7b900ae03f0 | SombRAT payload (confidence level: 95%) | |
hash1a5910ce3b26031816250a63e0c2d77d14b73aafa45623d01f1d2de9bd46bdbe | SombRAT payload (confidence level: 95%) | |
hash04977e6f52297b61a6fffa8e5e236841 | SombRAT payload (confidence level: 95%) | |
hash2d6766a409d628bb1cd8c6370b5a98c82c6c9f2b | Amadey payload (confidence level: 95%) | |
hash9bdce73f40c53af0dc3958ab553bea222729f61523865f223b3f2298e220dd8e | Amadey payload (confidence level: 95%) | |
hashb9bccd35addce48384491a98e1b89eb5 | Amadey payload (confidence level: 95%) | |
hash2489fe5be3f2bd1e5e2c57a9cfe24ca2e941ef3f | Agent Tesla payload (confidence level: 95%) | |
hashdf27f957caf63ff475d1fdbe1b997be86e3386ee12662def309874fae4e89914 | Agent Tesla payload (confidence level: 95%) | |
hashff4521a6c0f1f267d7f1b5b9620665d8 | Agent Tesla payload (confidence level: 95%) | |
hash10ac0bbf6ab7e2db1d53a93973bf73573160eeab | LPEClient payload (confidence level: 95%) | |
hash304555a63b7a431a158fd9e527bdfcb7610f6dfa9231f4184f2e80e85a0dc520 | LPEClient payload (confidence level: 95%) | |
hash2e2358523bbe722450a7e49eed0534b6 | LPEClient payload (confidence level: 95%) | |
hash8785577efa8d243aea6683aa3c183f7759ea0fd4 | Vidar payload (confidence level: 95%) | |
hash5991707a9afd5e5878bf330a63c09576dc1fa95f454b1452888b9672461f4128 | Vidar payload (confidence level: 95%) | |
hash16e8d80c431155a82874e0162490c4c9 | Vidar payload (confidence level: 95%) | |
hash2fc39383047d4511422160b534eab0bf12290831 | Agent Tesla payload (confidence level: 95%) | |
hash979e6920fc27cda0cb462b26f221a6e521e3974ae737022db7215747f54ff349 | Agent Tesla payload (confidence level: 95%) | |
hash464234f49cc53201fc4a8976c99b0499 | Agent Tesla payload (confidence level: 95%) | |
hash0e51ac74967a4771cc5b0e0fa16039da7d1ad97b | Loki Password Stealer (PWS) payload (confidence level: 95%) | |
hash05f763c6293bbf6ea3cb055043265326f6d714b30b7032a6fcbe236bf46233d9 | Loki Password Stealer (PWS) payload (confidence level: 95%) | |
hashcdad057bf858cecb47bcf67d3b9fe985 | Loki Password Stealer (PWS) payload (confidence level: 95%) | |
hash0357d6888093126979c92dd2c9601fe032e54f60 | Agent Tesla payload (confidence level: 95%) | |
hashe79e83851d7a1d359a9c2aa4a8ad42790a7d4671d2fa832c908c4ec2374319b9 | Agent Tesla payload (confidence level: 95%) | |
hasha7ead26bba76400ba28b16d673d09ca9 | Agent Tesla payload (confidence level: 95%) | |
hashacfc93b40ed21ce5e0c9aadd327a462ff21b24ca | Agent Tesla payload (confidence level: 95%) | |
hash646456f832bf387fc22d1c5a26e2adb6473c19045994a54948c0dc07aca07022 | Agent Tesla payload (confidence level: 95%) | |
hashdd0ae853e22eae3fd92bb4ff64b0bae1 | Agent Tesla payload (confidence level: 95%) | |
hash8cdd658a350750a2c95eed87a20fe8a22159c50a | Troldesh payload (confidence level: 95%) | |
hash0822d4c51c466544072ac07dd5c2dbf4143431fb6955a05911600fed50d0229a | Troldesh payload (confidence level: 95%) | |
hasha907d2e6edda829467a10bc8a87cb76f | Troldesh payload (confidence level: 95%) | |
hash4d9ef1a9e7a99e2bc6da280b14705d0660cd27ac | KrakenKeylogger payload (confidence level: 95%) | |
hashbed59c144540d5cd1662becc04e1d7cb2c974023ae5cc1689d6070961561d8b1 | KrakenKeylogger payload (confidence level: 95%) | |
hashfdbffab12910e6d406fb7ee60afaf6ed | KrakenKeylogger payload (confidence level: 95%) | |
hash214a6276da8f2ead192d1cb28cf6afd514752eec | RedLine Stealer payload (confidence level: 95%) | |
hash45546f324eb60085374045715890404ffe9ecbd9c15cbcfcb6828fdfd87179fa | RedLine Stealer payload (confidence level: 95%) | |
hash1cc7ec4c91b811c75bb9621120b95dd4 | RedLine Stealer payload (confidence level: 95%) | |
hashcc1d3d2bc07d84b4bb4f013535294b68a6469aa0 | DCRat payload (confidence level: 95%) | |
hashd977affbd15e007cb41e7954b06fe12bdbd67685fb61dc0f3454c1623ab3790c | DCRat payload (confidence level: 95%) | |
hash2b91f0a7163102b5677b28886c67f6ca | DCRat payload (confidence level: 95%) | |
hash983a574e4dd4a09308e5c42ad318d9d13e15bc8c | Socks5 Systemz payload (confidence level: 95%) | |
hashd3958cd070eae6b6cc81e8608e7599185e7498e6713aa5a8d1b0b0c6967927a2 | Socks5 Systemz payload (confidence level: 95%) | |
hash5c35ba06589f696cc838a4592c32cfad | Socks5 Systemz payload (confidence level: 95%) | |
hash7075acf1c62e44653f5c834a14b56cd342f0ae5a | Formbook payload (confidence level: 95%) | |
hash05b3ae9c167cf06edf52dc99127dfd516e24ead51e9da7d3fbf230124e7063e1 | Formbook payload (confidence level: 95%) | |
hashf6ed869b733b1f2aa3bdd06040f3372a | Formbook payload (confidence level: 95%) | |
hashcc4c8cc215cf766a06242d2d1e528f5c797e3d26 | Formbook payload (confidence level: 95%) | |
hash0541e6973f6989836c83e0159249d9e8a1dc17e4f97935625b5f601a58d26b74 | Formbook payload (confidence level: 95%) | |
hashfa60e693583699ca08d0a1c472b61e49 | Formbook payload (confidence level: 95%) | |
hash7aa599e8015acce39808380c98270fbb62eecb73 | AsyncRAT payload (confidence level: 95%) | |
hashb6dcb01c7c91f76249539cfdd025d171ebbc37c2e19842b3f1d13122200de356 | AsyncRAT payload (confidence level: 95%) | |
hash0bb47290ac45642ac44a00846eda74e2 | AsyncRAT payload (confidence level: 95%) | |
hashafdc1837050a457afd697805789fb9d4fdfa26fd | KrakenKeylogger payload (confidence level: 95%) | |
hash284400d9826ea96d5b987da41c6814e144df297cd1bb244bbe8c970c75ee82f7 | KrakenKeylogger payload (confidence level: 95%) | |
hashd734d8b0e8245adb55e95e1d8295f53a | KrakenKeylogger payload (confidence level: 95%) | |
hash605c0ff486e3a06575fad1970104d910718393ef | Formbook payload (confidence level: 95%) | |
hash32965bb299871138e7c54b5cc9d82a212704ff8c30790f9e8583c31087074d05 | Formbook payload (confidence level: 95%) | |
hash40c826d3c854b7891ac0cdd99681f9b5 | Formbook payload (confidence level: 95%) | |
hash88d8a5da92a92cf691f2f2e14006dd53b16246b8 | RedLine Stealer payload (confidence level: 95%) | |
hash5a2ff424e21c1ab4f0e32bb5eb18f93e7f5a3abb3a401cd69b71598fde93e24c | RedLine Stealer payload (confidence level: 95%) | |
hashfcffb57c9793b9c6a75398d596870a7e | RedLine Stealer payload (confidence level: 95%) | |
hashc018438f53cead5fc650c0843fd611949e18f9f4 | KrakenKeylogger payload (confidence level: 95%) | |
hash924b0124cf3bab75460848e2beacd4562367d4faf4df3f55c8d9333c6bac69d9 | KrakenKeylogger payload (confidence level: 95%) | |
hash89c28f1673d7cbfbfb25b4758f1b388f | KrakenKeylogger payload (confidence level: 95%) | |
hashaa0adb1fbb53c641b496576510325cb472b7a1b8 | Formbook payload (confidence level: 95%) | |
hashb77792487c03ffa2343cc4406834d7b3246608635d70b9bbcb43bfd6d48abb3e | Formbook payload (confidence level: 95%) | |
hash7287e41cfb376388b55cee149649dc13 | Formbook payload (confidence level: 95%) | |
hashd3b4cbd9727d13bf1e16bfec841e7d1f397ba5ad | Formbook payload (confidence level: 95%) | |
hash284f26ae087d73b251064270b831c25b67a7d58eafc44ed33a4412af283c7ad5 | Formbook payload (confidence level: 95%) | |
hashad915436621d70a8a804bf1196c4e40f | Formbook payload (confidence level: 95%) | |
hash60b373bcd072ff1f31cb32abcb9f26387cfacb9e | RokRAT payload (confidence level: 95%) | |
hash1bca88ef695a571b209d53645981a5bf0d005491ee35b4bf7fb5890c4f7fb8d5 | RokRAT payload (confidence level: 95%) | |
hash76e42ae7f8be751dc2802f8429acad56 | RokRAT payload (confidence level: 95%) | |
hashf8dda828c59aad8aff6eb9787302f1b3b9fe23de | Stealc payload (confidence level: 95%) | |
hashb8e467f289aaf7e2328c24b98415ab9102bad8bd92100624643cf904c1979668 | Stealc payload (confidence level: 95%) | |
hash24d20705fb54d4d58041ada67e071d21 | Stealc payload (confidence level: 95%) | |
hash5f93883cdd47b1e782dbbb057031071249f44291 | Formbook payload (confidence level: 95%) | |
hashe7d816812a96c1bb4ba1e6095c9b050c69259390227b72a0a7f9427dc857375b | Formbook payload (confidence level: 95%) | |
hash072aad77cce7422245b6650cf58356b4 | Formbook payload (confidence level: 95%) | |
hash3094520ee106d245e151d389cdd20a00f750733c | Formbook payload (confidence level: 95%) | |
hash6def0a0a848f5f4a1327ba3f02280023bdb1819ca22e5ff056c5d6d114d56dd3 | Formbook payload (confidence level: 95%) | |
hashb31578b9c024ebe7b0370eebd54bc4c6 | Formbook payload (confidence level: 95%) | |
hashf18a4ad694af5ba50a7697b4cb66308454c555d9 | DCRat payload (confidence level: 95%) | |
hashb62b6592549d56b573efdd053c73e37542742301fffbeb786a60c227564b97a3 | DCRat payload (confidence level: 95%) | |
hash11fdce42422f8ed518fedf290f5bfc3c | DCRat payload (confidence level: 95%) | |
hash16fcc47dee4d1aa73911dfe855e2053a27df176a | RedLine Stealer payload (confidence level: 95%) | |
hash9ad8a7c40f6360a17fa6a3d50bb25e97e87b042a6ae1555d089e32f0ab6d08a8 | RedLine Stealer payload (confidence level: 95%) | |
hash24a0fca0ed4e41562a676366af495f6a | RedLine Stealer payload (confidence level: 95%) | |
hasheb4a99acdc4b638528902c8e8480bc1f58a457b5 | RedLine Stealer payload (confidence level: 95%) | |
hashb9d43a80163b702f8c3d2aac0409bb2d945368e68b9c4cbe29e888ceff2fb953 | RedLine Stealer payload (confidence level: 95%) | |
hash22c86949178066a53d70309553f8b44e | RedLine Stealer payload (confidence level: 95%) | |
hash421b526ab7b03c4fb1529af55074b4cf1fba30af | Loki Password Stealer (PWS) payload (confidence level: 95%) | |
hash1a295933a80907bda689b231e5295eae86bd19b21964ee8669ceb5598c9d714d | Loki Password Stealer (PWS) payload (confidence level: 95%) | |
hash8a43a10dc1358f554584a7e8c5dfdf1a | Loki Password Stealer (PWS) payload (confidence level: 95%) | |
hashf17ce69341d644b50e54486ced5aba88d211d909 | Agent Tesla payload (confidence level: 95%) | |
hash2588628567a389739902b81ee0da9ade0fb2581cfb0f7e8a4e77eb7c8c9686d7 | Agent Tesla payload (confidence level: 95%) | |
hashf825119aac9f5634df19940feb8860da | Agent Tesla payload (confidence level: 95%) | |
hash3ffdbd4b2654ae4e28fc4d3d7713fa37879246e5 | Agent Tesla payload (confidence level: 95%) | |
hash86f7459bb61b6eaf595824dc945f72659d557a8bdda517153053e734d80d7799 | Agent Tesla payload (confidence level: 95%) | |
hashb304d1b9a4e3e8a6bdf932493f2548b8 | Agent Tesla payload (confidence level: 95%) | |
hash94354e25977358516c6a392c846aebbecfd3fbf6 | Agent Tesla payload (confidence level: 95%) | |
hashe1a050359e21a28ac438ac34b62c378ba189cedee822b36d57b56c0a06943776 | Agent Tesla payload (confidence level: 95%) | |
hashe00863c7ece5fc345abbe571476bf8e8 | Agent Tesla payload (confidence level: 95%) | |
hashd671d93d15b4408119403a6c0b7268bd08b46b99 | Stealc payload (confidence level: 95%) | |
hash66f3ab9e1eca16bc971fb9aa09434da6394a5e9eaf2edc0c0306436b25b6ccfc | Stealc payload (confidence level: 95%) | |
hash98a3be9edc1d95d06e572a847e18de0d | Stealc payload (confidence level: 95%) | |
hashf6fafa30ee19097e50d8cc7b911a3218420a3b16 | Formbook payload (confidence level: 95%) | |
hash8169fbe9bf02387ec00bae17cf93137897320557b364701b381bad3bbb80c9dc | Formbook payload (confidence level: 95%) | |
hash0fdceb221f7bdc06a88ddae393516d1f | Formbook payload (confidence level: 95%) | |
hash73cd182e2d269f488f720b965c5bbe61173fbb8d | Stealc payload (confidence level: 95%) | |
hash035cc649301d7ae83a5c20d6349f525054cf255dc0213ad86ffa17f8c68316af | Stealc payload (confidence level: 95%) | |
hashf492311c1d075329c0a8be65da3181a2 | Stealc payload (confidence level: 95%) | |
hash5126c64c9d6d539c8c413d70076dde6a908c3ad2 | KrakenKeylogger payload (confidence level: 95%) | |
hash868582a9b771968c6a81d446f2eefe693818cb02c04271e75735b4a790965c8b | KrakenKeylogger payload (confidence level: 95%) | |
hash181a4569ecf8f635b6e51d0a1cf5b865 | KrakenKeylogger payload (confidence level: 95%) | |
hashdf42bf9b188be6ca16016e38cdacd77c5a2b6410 | Formbook payload (confidence level: 95%) | |
hash9528d4e63d41c6c17b151d183d9cd4d89201733968f0bdb71f66847396e9fcad | Formbook payload (confidence level: 95%) | |
hash73e271884d53151e7ba3154b9027b6b5 | Formbook payload (confidence level: 95%) | |
hash609581eee3ccccce42c45e424248205d0580c31a | KrakenKeylogger payload (confidence level: 95%) | |
hash9eedd7551fb43bd6f2c943b872401b872bf40378eb9bcea89dddfdada6890d69 | KrakenKeylogger payload (confidence level: 95%) | |
hashe61ce7f6d3fca14c99db78efb3564bbd | KrakenKeylogger payload (confidence level: 95%) | |
hash2b73fc1855c7a36c910c4ea402fe74c378c2b7de | Remcos payload (confidence level: 95%) | |
hashe04440c875bc9a884bb63b42b1203b26b9a510651fea4d9ddf679f64dab6cb7d | Remcos payload (confidence level: 95%) | |
hashdfe61847968d1f336a55754d6db22170 | Remcos payload (confidence level: 95%) | |
hashaafae1935dd3c6ea0242e7293f22f4418cbc433b | Remcos payload (confidence level: 95%) | |
hash98a4d4ed613648b4287f0f9909959e9fc1e4ca1863478034187b14de3188f7cf | Remcos payload (confidence level: 95%) | |
hash577dbffa5469802ed221c987f0ba9640 | Remcos payload (confidence level: 95%) | |
hashb4e71d96e49ea9e3046d82bf3ef8e44d18de71bf | DDKeylogger payload (confidence level: 95%) | |
hash7e3e934402c751f953a3f4a3c6c5591142e9902185bdab102e09be1f9095c0d1 | DDKeylogger payload (confidence level: 95%) | |
hashb31a2a144a79c6e164f92d76b6077775 | DDKeylogger payload (confidence level: 95%) | |
hash71cdf9575d5de275dc56f4c15e891253051893d2 | KrakenKeylogger payload (confidence level: 95%) | |
hashd60df4333857d715edee8797d08e4b0a91df3215391046f7a001ddcb6860b60d | KrakenKeylogger payload (confidence level: 95%) | |
hash1e957f255fa66760fe9494e9fe0c89a8 | KrakenKeylogger payload (confidence level: 95%) | |
hash8b6cbb526b8c80321af05a0b890ab9360fc367dd | DDKeylogger payload (confidence level: 95%) | |
hash089c427ce0cf50c38600eb31732d2124fb058981011a01adb58fc00df0c831b0 | DDKeylogger payload (confidence level: 95%) | |
hash6ba6a6c1cf987ef38ab155566823a5b9 | DDKeylogger payload (confidence level: 95%) | |
hash5ae607ffc92f6400b1d345e474a1a65fc8178634 | Agent Tesla payload (confidence level: 95%) | |
hash889098c1cda089237f79b8b545c9b434f872793785817293962442e53d9e2d1c | Agent Tesla payload (confidence level: 95%) | |
hash3a8b0643142a5e7a4a7e2aa6873f8f6c | Agent Tesla payload (confidence level: 95%) | |
hash9b580189f34e444c817a83824063a983d51e6477 | Amadey payload (confidence level: 95%) | |
hash889e0cd9c866498cbc4dfd966e069d50b3f7e6a62949a1e152675a1e30192e25 | Amadey payload (confidence level: 95%) | |
hashfa5ce5c2a282bcb5938d18297024ca10 | Amadey payload (confidence level: 95%) | |
hash9e1302aaabccb29247948ded46c92fca6d1fa2a0 | Formbook payload (confidence level: 95%) | |
hashd37fe4f855049ecab456f1badc8f52afecf4d6ee3d7d43de84b7e0940dbb7399 | Formbook payload (confidence level: 95%) | |
hash13c0e83573fffeb4e951929815daf4e1 | Formbook payload (confidence level: 95%) | |
hash689376a01eedaa37df77f054efbcb48ab637856d | Loki Password Stealer (PWS) payload (confidence level: 95%) | |
hasha11e5e97a308ee046545cfe0167079f89968f9a1d7ae0b8a9dbc7dc39cbe2e09 | Loki Password Stealer (PWS) payload (confidence level: 95%) | |
hashdd4f5cbd58b0f61c045bb5dd0a843fa5 | Loki Password Stealer (PWS) payload (confidence level: 95%) | |
hash8b8a2917ef73daaf784a895cd0a509780580389f | MetaStealer payload (confidence level: 95%) | |
hash069720172b5a5c8864dd3ab7cf716058eb03af6350bab7e6d9d6b2edea10030a | MetaStealer payload (confidence level: 95%) | |
hashe33efc3f7651107c9c03ef76cb239769 | MetaStealer payload (confidence level: 95%) | |
hash512d4739314c1f019e57897a1e5176488a7fa929 | Meterpreter payload (confidence level: 95%) | |
hashdd748e04276a2d77490012f8373d8b6be0baa76140c9c3b649f43caec20c919a | Meterpreter payload (confidence level: 95%) | |
hash108f1fb53a61d46e8df4331ed0724c9d | Meterpreter payload (confidence level: 95%) | |
hash601c93e6a5d46feecb2f02302abe85d479cf9685 | KrakenKeylogger payload (confidence level: 95%) | |
hashf746fa8eb3b2eda0f6e57502abf00b25026aed7f4cb74bff7d9346e5e4efe4fb | KrakenKeylogger payload (confidence level: 95%) | |
hash186847f0a58a13c9af7f9e5691d10e30 | KrakenKeylogger payload (confidence level: 95%) | |
hash88e5e842d8c97844560c0a82df933ca640a1cd4d | Stealc payload (confidence level: 95%) | |
hash452dbb17639025fa094cd813c15b8eaab94e0e1247f53b277da2780b3b024e87 | Stealc payload (confidence level: 95%) | |
hash926daff09010b775a4bcb191869c9b46 | Stealc payload (confidence level: 95%) | |
hashe3d273eaa76ab582fb5b838247e353d0ba7f5a91 | Formbook payload (confidence level: 95%) | |
hash80fc8a632e482b50356c24f84a04f72dcec1c88d1259c5f8b121c5acc6135b93 | Formbook payload (confidence level: 95%) | |
hashe61141a7ae1bbdd5fb0434f2c946b566 | Formbook payload (confidence level: 95%) | |
hash05dab7d32c03873e57e61e0d09272441bba37b77 | Formbook payload (confidence level: 95%) | |
hashfb20f2515799981b9b526e6326f5fb1b3e54b200119ee1d02141d0513aa34fc3 | Formbook payload (confidence level: 95%) | |
hash48a2dfb8bd26c063ba24cbbfc0422a35 | Formbook payload (confidence level: 95%) | |
hashc9d4234b93182397a5b68b6b67695110c389bc46 | Agent Tesla payload (confidence level: 95%) | |
hash52990bf933f0f2a42cd09836a9767b9311de387e851ac4927f1856ddc6e63824 | Agent Tesla payload (confidence level: 95%) | |
hash291ecd26a4b75fb579fa0c49f55d8466 | Agent Tesla payload (confidence level: 95%) | |
hashaa8958821102f0e6528156c487ad647f45066244 | DCRat payload (confidence level: 95%) | |
hashd6c46400ac8ac5d5a7c2820a211b6a760495e4f58e76b72b09bb5819c294674d | DCRat payload (confidence level: 95%) | |
hash5dd0f3ef8fbdee1796e6d982466bf65e | DCRat payload (confidence level: 95%) | |
hash4b38b88543dfdca2330a82fecf51ef471f40aeaa | Stealc payload (confidence level: 95%) | |
hashe5761fbb135d29bcc23feb09ef09aafc4d7b49f0bb64793dae3adc3a5160e8ac | Stealc payload (confidence level: 95%) | |
hashf2290d91936eb97f18ade533cbf3df2b | Stealc payload (confidence level: 95%) | |
hashe973a0dfd474db79ec65564eec25e0e6d97b1f68 | Agent Tesla payload (confidence level: 95%) | |
hash9f0a3a5caa4240f1aae236ac243a17186e5200983749966cb6b07f311a660302 | Agent Tesla payload (confidence level: 95%) | |
hashb5e5ab5981583514fb27193e548e45c2 | Agent Tesla payload (confidence level: 95%) | |
hash5af51fc45f01df84922050caa8c47acd5fff53ca | SigLoader payload (confidence level: 95%) | |
hash62d92a3b2c0ee7f125f15a606659b4675a85e4053c5d82221caed28a49635b2e | SigLoader payload (confidence level: 95%) | |
hash4d80294b3e66e7c45202fab188cdf894 | SigLoader payload (confidence level: 95%) | |
hashb681bde9b1659bc78a591335af90de25f47d0c84 | Agent Tesla payload (confidence level: 95%) | |
hashfa3157e7c4a98fa03ae41b01f7832b81cd35015d7bead4e335262e2211f79f79 | Agent Tesla payload (confidence level: 95%) | |
hashd438e195de9a54a24fd947c64259acf3 | Agent Tesla payload (confidence level: 95%) | |
hash55615 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash9336 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash18082 | NjRAT botnet C2 server (confidence level: 75%) | |
hash443 | Unidentified 111 (Latrodectus) botnet C2 server (confidence level: 75%) | |
hash6240 | NjRAT botnet C2 server (confidence level: 100%) | |
hash5552 | NjRAT botnet C2 server (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://ozero.top/pythonphp_cpubase.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://rocheholding.top/rudolph/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttps://lettecoft.com/live/ | Unidentified 111 (Latrodectus) botnet C2 (confidence level: 49%) | |
urlhttps://ultroawest.com/live/ | Unidentified 111 (Latrodectus) botnet C2 (confidence level: 49%) | |
urlhttp://77.105.133.27/api/firepro.php | PrivateLoader botnet C2 (confidence level: 100%) | |
urlhttp://77.105.133.27/api/firecom.php | PrivateLoader botnet C2 (confidence level: 100%) | |
urlhttp://papka.top/pythondefaultsqlbasetrackcentral.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://77.105.133.27/api/flash.php | PrivateLoader botnet C2 (confidence level: 100%) | |
urlhttp://77.105.133.27/api/twofish.php | PrivateLoader botnet C2 (confidence level: 100%) | |
urlhttp://117.198.11.56:55036/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttp://178.208.86.27/3/basevoiddbcentral/1/basemulti/privatelongpoll/_to/8linuxwordpressvm/dbsecure/5db/62mariadb/55pipeimage/2authprotectupdate/8updatedatalife/externalvmtosecureapilinuxflowergeneratorprivatetemp.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://verose.top/alpha/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://217.28.222.194/linuxprocessgeoimage/5/vm5/2traffictempapi/9php/httpapibasewindowsdatalifedlelocalpublictempcentral.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://124.222.72.51:4433/ty7y | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://92.63.101.139/externalvmpipetoprocessserverprotectcdn.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://hippieblissprovising.com/cdn-vs/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://hippieblissprovising.com/cdn-vs/cache.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://hippieblissprovising.com/cdn-vs/33per.php | FAKEUPDATES payload delivery URL (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainaway-displays.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 75%) | |
domainverose.top | Loki Password Stealer (PWS) botnet C2 domain (confidence level: 100%) | |
domainhippieblissprovising.com | FAKEUPDATES payload delivery domain (confidence level: 100%) |
Threat ID: 682acdc4bbaf20d303f252c9
Added to database: 5/19/2025, 6:20:52 AM
Last enriched: 6/18/2025, 7:50:47 AM
Last updated: 8/13/2025, 4:31:57 PM
Views: 13
Related Threats
ThreatFox IOCs for 2025-08-16
MediumMalwareSun Aug 17 2025
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumMalwareSat Aug 16 2025
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.