Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

ThreatFox IOCs for 2024-07-28

Medium
Malwaretype:osinttlp:white
Published: Sun Jul 28 2024 (07/28/2024, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2024-07-28

AI-Powered Analysis

AILast updated: 06/27/2025, 10:35:54 UTC

Technical Analysis

The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2024-07-28 by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), network activity, and payload delivery. The data appears to be a collection of threat intelligence indicators rather than a description of a specific vulnerability or exploit. No affected software versions or patches are listed, and there are no known exploits in the wild associated with these IOCs. The threat level is indicated as low to medium (threatLevel: 2), with moderate distribution (distribution: 3) and minimal analysis detail (analysis: 1). The absence of concrete technical details such as malware behavior, attack vectors, or payload specifics limits the ability to provide a detailed technical explanation of an active threat. Instead, this entry serves as an intelligence feed update to inform security teams about emerging or observed network activity and potential payload delivery mechanisms identified through OSINT methods. The lack of CWE identifiers and patch information further suggests this is an intelligence report rather than a direct vulnerability or exploit. Overall, this entry is best understood as a situational awareness update to aid in detection and response rather than an immediate actionable threat.

Potential Impact

Given the nature of the information as OSINT-based IOCs without specific exploit details or affected products, the direct impact on European organizations is currently limited. However, the presence of network activity and payload delivery indicators implies potential reconnaissance or early-stage attack activities that could precede more targeted intrusions. European organizations, especially those with mature security operations centers (SOCs) and threat hunting teams, can leverage these IOCs to enhance detection capabilities and prevent escalation. The medium severity rating suggests that while immediate damage is unlikely, ignoring such intelligence could allow adversaries to establish footholds or exfiltrate data over time. The impact is therefore primarily on the confidentiality and integrity of organizational data if these indicators are linked to active campaigns. Availability impact appears minimal at this stage. Organizations in sectors with high-value data or critical infrastructure should remain vigilant to avoid lateral movement or payload execution that could lead to more severe consequences.

Mitigation Recommendations

To mitigate risks associated with these IOCs, European organizations should integrate the provided indicators into their existing threat intelligence platforms and security information and event management (SIEM) systems for continuous monitoring. Specific steps include: 1) Regularly updating firewall and intrusion detection/prevention system (IDS/IPS) rules to detect network activity matching the IOCs; 2) Conducting proactive threat hunting exercises using these indicators to identify any signs of compromise; 3) Enhancing endpoint detection and response (EDR) capabilities to recognize payload delivery attempts; 4) Ensuring robust network segmentation to limit potential lateral movement if payloads are delivered; 5) Training security analysts to interpret OSINT feeds effectively and correlate them with internal telemetry; 6) Collaborating with national and European cybersecurity information sharing organizations to contextualize these IOCs within broader threat landscapes; 7) Maintaining up-to-date asset inventories to quickly assess exposure to any emerging threats linked to these indicators. Since no patches are available, emphasis should be on detection and containment rather than remediation of a specific vulnerability.

Affected Countries

GermanyGermany
FranceFrance
United KingdomUnited Kingdom
NetherlandsNetherlands
ItalyItaly
SpainSpain
PolandPoland
Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
e9c7eac8-df87-4899-807a-3220c5b07f57
Original Timestamp
1722211389

Indicators of Compromise

File

ValueDescriptionCopy
file94.156.79.190
Venom RAT botnet C2 server (confidence level: 100%)
file193.222.96.24
Venom RAT botnet C2 server (confidence level: 100%)
file185.150.26.210
MooBot botnet C2 server (confidence level: 75%)
file194.59.30.96
RedLine Stealer botnet C2 server (confidence level: 100%)
file122.89.105.29
NjRAT botnet C2 server (confidence level: 75%)
file79.137.202.22
AMOS botnet C2 server (confidence level: 100%)
file178.33.182.65
RedLine Stealer botnet C2 server (confidence level: 100%)
file147.182.130.25
RedLine Stealer botnet C2 server (confidence level: 100%)
file147.185.221.21
NjRAT botnet C2 server (confidence level: 75%)
file167.179.103.233
pupy botnet C2 server (confidence level: 50%)
file47.101.220.44
Cobalt Strike botnet C2 server (confidence level: 50%)
file124.71.136.141
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.222.20.26
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.243.165.127
Cobalt Strike botnet C2 server (confidence level: 100%)
file106.52.196.33
Cobalt Strike botnet C2 server (confidence level: 100%)
file213.255.246.216
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.98.32.127
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.37.26.90
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.109.68.159
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.142.3.234
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.55.197.199
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.37.220.198
Cobalt Strike botnet C2 server (confidence level: 100%)
file123.56.5.48
Cobalt Strike botnet C2 server (confidence level: 100%)
file149.104.22.138
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.138.100.71
Cobalt Strike botnet C2 server (confidence level: 100%)
file213.171.4.129
Mirai botnet C2 server (confidence level: 75%)
file193.42.11.9
Quasar RAT botnet C2 server (confidence level: 100%)
file45.141.151.163
AsyncRAT botnet C2 server (confidence level: 75%)
file45.141.151.163
AsyncRAT botnet C2 server (confidence level: 75%)
file209.141.57.64
MooBot botnet C2 server (confidence level: 75%)
file217.195.153.204
Latrodectus botnet C2 server (confidence level: 75%)
file5.149.248.166
Latrodectus botnet C2 server (confidence level: 75%)
file92.249.48.34
MooBot botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash47925
MooBot botnet C2 server (confidence level: 75%)
hash1912
RedLine Stealer botnet C2 server (confidence level: 100%)
hash10000
NjRAT botnet C2 server (confidence level: 75%)
hash80
AMOS botnet C2 server (confidence level: 100%)
hash32963
RedLine Stealer botnet C2 server (confidence level: 100%)
hash16383
RedLine Stealer botnet C2 server (confidence level: 100%)
hash12292
NjRAT botnet C2 server (confidence level: 75%)
hash53
pupy botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2053
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2053
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8088
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash3778
Mirai botnet C2 server (confidence level: 75%)
hash4329
Quasar RAT botnet C2 server (confidence level: 100%)
hash4449
AsyncRAT botnet C2 server (confidence level: 75%)
hash80
AsyncRAT botnet C2 server (confidence level: 75%)
hash9070
MooBot botnet C2 server (confidence level: 75%)
hash443
Latrodectus botnet C2 server (confidence level: 75%)
hash443
Latrodectus botnet C2 server (confidence level: 75%)
hash56999
MooBot botnet C2 server (confidence level: 100%)
hash212fd19e987c293a3e433514699bed10cbfdb77f
DCRat payload (confidence level: 95%)
hash44f5338948229e66fa0843143857c1442c31137b02eedb34323f48502e27768f
DCRat payload (confidence level: 95%)
hashf4b68c1d68ee0abb05a4a38f8cf08eb3
DCRat payload (confidence level: 95%)
hash1d686b05f745875e28939abe357baedd169b59f5a0d8825b602fd803a6303ba3
Quasar RAT payload (confidence level: 95%)
hashe3e1f7fa42dd68f410bb885f0aefe5e3
Quasar RAT payload (confidence level: 95%)
hashbecfa50992a0a2a797caada700dda2f7738faa5a
SombRAT payload (confidence level: 95%)
hash8cf0382f7f56bc86f6d5cf41a76b23d0cbc64dacf467b84f3c94866951eb9561
SombRAT payload (confidence level: 95%)
hash41eac7506fde8b7d8a7a5182a2c2d0ec
SombRAT payload (confidence level: 95%)
hash08af5675922a91d7b1feb14cf2aba6aa436f1770
DCRat payload (confidence level: 95%)
hash13b6effdaeff58f2ec36b3d353c6d7da8a3294e0f3486de26b5832c63bca91a7
DCRat payload (confidence level: 95%)
hasheb47d4b2517d8ecd744942cbfee7aae9
DCRat payload (confidence level: 95%)
hash3ab6d0d6985550bfc45a803fe3acd84d57e427ba
DanaBot payload (confidence level: 95%)
hasha274888d26740b535e8b11f4e55248229c0a1625e6ba4f08860687565e61641d
DanaBot payload (confidence level: 95%)
hash9512f65eed44bccd7da4ca3d8adb397d
DanaBot payload (confidence level: 95%)
hash565969c88e1ae653057ed8a50c1629ec4aa865eb
Cobalt Strike payload (confidence level: 95%)
hash2f9489f3e8156b9af301dec3b3b1dab701ef26bf936e162c1ece3897a07e2fcf
Cobalt Strike payload (confidence level: 95%)
hash859f1b09f8250ea984662ca697551d2d
Cobalt Strike payload (confidence level: 95%)
hashac38de5564953b63ba3a221ba218364f78d79375
Amadey payload (confidence level: 95%)
hasha5fa23aabe7af2e9417da64e88817b272ac9941d6bdf80e98dca83296177cea7
Amadey payload (confidence level: 95%)
hashe36a340568cf42594f0c60ef1ae6a0b1
Amadey payload (confidence level: 95%)
hash694bf7f0ea0ecfc172d9eb46f24bc2309bf47f4f
Vidar payload (confidence level: 95%)
hash217900ee9e96bcb152005818da2e5382cac579ab6edd540d05f2cdb8c8f4ce8b
Vidar payload (confidence level: 95%)
hash112da2a1307ac2d4bd4f3bdb2b3a8401
Vidar payload (confidence level: 95%)
hash2a474a10371f0eb1c04d62e1e385b25f23edd266
RedLine Stealer payload (confidence level: 95%)
hashc6e60d86605f4ca71680245aded21b05f6306e5c52ace4a5efec28e14f36db5f
RedLine Stealer payload (confidence level: 95%)
hashb3342d61145ef64d216fd5cbc36c7e20
RedLine Stealer payload (confidence level: 95%)
hasha4cde042fd298d350c3b5919bf2b94b05b2c039b
Luca Stealer payload (confidence level: 95%)
hash42f2806e76e10a68e96a44753bc7317fe2118c40db3d52a29efb86fbecb4afef
Luca Stealer payload (confidence level: 95%)
hash14711560b5fc4da2af822a35fcc35ca0
Luca Stealer payload (confidence level: 95%)
hash68b1e94d9f6cf87d9e3dc27068390f0cacc42577
StrelaStealer payload (confidence level: 95%)
hashb0b5cf2772fc3e81209a5ecbd089a23065ddc2c749ca9b55dc0cf29442a8cc80
StrelaStealer payload (confidence level: 95%)
hash317581580830790ce53363b08b599e28
StrelaStealer payload (confidence level: 95%)
hash52a344dc56222a3058ed067f46efc7996a47226d
RedLine Stealer payload (confidence level: 95%)
hash71bfda60ac622c2c4c11a6b317ad9167306770433b33678b4a0a7fcf03a479e9
RedLine Stealer payload (confidence level: 95%)
hash0dc5a31dc31519a64590721ee59fba4a
RedLine Stealer payload (confidence level: 95%)
hash5f3c57ce2a61ba0d5a4c59542fa367a5722d3ede
RedLine Stealer payload (confidence level: 95%)
hash9fd63077fcc03ccc21261074dabbbb5d745d0e4c33a5dff9b7dfcfdd00733270
RedLine Stealer payload (confidence level: 95%)
hashce7b07ba26fdc67f4ea3d550dfb8150d
RedLine Stealer payload (confidence level: 95%)
hash60b08e3589394870c41b46912b5937d2f785b5a0
Agent Tesla payload (confidence level: 95%)
hash4e25695bab3ab85fc29d5ec8858b9caefe193916eabe0d7bfc18059cb23c6757
Agent Tesla payload (confidence level: 95%)
hashf0a32a05a16f6c1a40ea9bd68a155924
Agent Tesla payload (confidence level: 95%)
hashb5c4c516f7c1a269bee576330874547424fe0636
SmokeLoader payload (confidence level: 95%)
hash308ec60837552cde7467ea7adae640c6c2fc41ad2b1de47fb7716093daac2404
SmokeLoader payload (confidence level: 95%)
hash58be9bbf0e004f21716e3de9a4816180
SmokeLoader payload (confidence level: 95%)
hashf63777a8aa7142262b2f016dac89e489789c097f
Stealc payload (confidence level: 95%)
hashf414cc4be55573924bf923bba674bef760e0984b29b100e0f9fb674dc44c3e34
Stealc payload (confidence level: 95%)
hash194eb11dedd169e6985978ac5f1cf54f
Stealc payload (confidence level: 95%)
hash91155a94db9b8a782d8f548089e222a3ea0cd763
DCRat payload (confidence level: 95%)
hash614ce401365ce024703516b81c70d046c667805a89cc7e20808c00cb90f09ac6
DCRat payload (confidence level: 95%)
hashb7db5f131b97e3e308f0e300d2525c9a
DCRat payload (confidence level: 95%)
hash7246761f57892f4c74d13a732253d37d33b99b1b
DCRat payload (confidence level: 95%)
hash20d4ad1ea1b0e483e00c675c91999a02f08dc58e98b8734b693427211b493f49
DCRat payload (confidence level: 95%)
hashb5bd6fefdcbb1f121fff2102ebfbbeb7
DCRat payload (confidence level: 95%)
hash666d86ca4ce9920d950ae73f0bf031f84078d78c
DCRat payload (confidence level: 95%)
hash94f11d5cb25d38c9a50a91dbdc481de91fbc7dd6f647d7638d84138ed0d24a21
DCRat payload (confidence level: 95%)
hashada563883bf3a762a5610a0dece18b0d
DCRat payload (confidence level: 95%)
hash5ca6c45027163d7755b23187287870d1f54f30b9
Stealc payload (confidence level: 95%)
hashc04abb881d9cd5d0666ea980be03a6e0615e92dd303a491b939b18db3ed7f478
Stealc payload (confidence level: 95%)
hashf8a45566a43997a00841331f075c81f7
Stealc payload (confidence level: 95%)
hashe07ad2dbe6f1d361786918c936345473277d02bb
Luca Stealer payload (confidence level: 95%)
hash8277d19c9a6a045a7b1fdf73ad4efacde8acf1492f94a1e78e47a4f42e0339c7
Luca Stealer payload (confidence level: 95%)
hash3714156dcff485e40021eb22a85d33d1
Luca Stealer payload (confidence level: 95%)
hashb1623ce92d4eff62ab7d091bd931c462fa4dc923
Stealc payload (confidence level: 95%)
hash68cb1f36034e6d64e8828388d01b6a714db7b5677307db58867b597e08779ad9
Stealc payload (confidence level: 95%)
hashebc8f43dcc2603f259f5f6f91a71f066
Stealc payload (confidence level: 95%)
hash65bf7523345f51dad273589a1c843452e5ee22d2
NjRAT payload (confidence level: 95%)
hash44eed6970bddad6e65c69efe78615476ee0b162d7419562ba3ff1190252043e4
NjRAT payload (confidence level: 95%)
hash843df290ef3c3d8a36fb35eff2dbacb9
NjRAT payload (confidence level: 95%)
hashafb773763be2b84b10d8ee4bb24157dd45e79a68
Phorpiex payload (confidence level: 95%)
hash772ad3ca0bc4c88bd4042562e8fefb34fe52a1f709622d819f806770e582541b
Phorpiex payload (confidence level: 95%)
hash55bb483e2022b3ff766a80262c1078d5
Phorpiex payload (confidence level: 95%)
hashc730d730e167d68a41a8382823c181ff9a75a891
StrelaStealer payload (confidence level: 95%)
hashd77fbaa35585f25de3f492e4e3d0bfa6f0f73b053fd6a64058766fef75eca04e
StrelaStealer payload (confidence level: 95%)
hash28a85ba5396fcfa8a5f794f04dce35e4
StrelaStealer payload (confidence level: 95%)
hashf5dc006b9e11c8ec456f462ac7eb7441ecd788b5
DanaBot payload (confidence level: 95%)
hashf57ebec60e5466a335a50e27629bd497513b149a31cc69d348bd65c2e05723ed
DanaBot payload (confidence level: 95%)
hash7f561ee0e9d2708b2a3ad12777848117
DanaBot payload (confidence level: 95%)
hashb63546d95ab2ef8f500edbb149a322f594435981
Stealc payload (confidence level: 95%)
hash44f510fd8954cb5d9c33943d67466c930f2e46e1c3531eb7eb4673b677243536
Stealc payload (confidence level: 95%)
hashd675a47a5f12e8900cc5e6373d3f064f
Stealc payload (confidence level: 95%)
hash590e35b4ed837f9e725d91a1cde52fe2db761430
RedLine Stealer payload (confidence level: 95%)
hashfb74fad1629f3f14b108b7b3b6e64c5dd796872e0def13647bf9c36bf046646d
RedLine Stealer payload (confidence level: 95%)
hashae344d12e5a017020ecdcc5da2a2c3d8
RedLine Stealer payload (confidence level: 95%)
hashab79246eb8554127ca8cf8a6baac88d8231498d3
RedLine Stealer payload (confidence level: 95%)
hash06d6d145c1a273e7a52364d3d1f56113faabd17e2c282c44cc7b5a172584580a
RedLine Stealer payload (confidence level: 95%)
hashf22e15f54cb9dac13f377e656c36dbb8
RedLine Stealer payload (confidence level: 95%)
hash4a56607743e91000e2b2ba4e50a116ff6e10d3a4
RedLine Stealer payload (confidence level: 95%)
hashda3a2a3e4b5cc1020e90b84a10056b0a8abd0169aac28ffbe5ca2173465fe7ed
RedLine Stealer payload (confidence level: 95%)
hash0510d6155a6a65adfdfc8a1c5d75952b
RedLine Stealer payload (confidence level: 95%)
hash4737c39fcc3b2294c4f23ba77f6b234c92be668d
Stealc payload (confidence level: 95%)
hash43f5db59709683d5fa3bab0d8b3c9cffe6500af722e678c795ec383edbf44b08
Stealc payload (confidence level: 95%)
hash8c73eea8c4a07427bca0223f6cb08310
Stealc payload (confidence level: 95%)
hash40a0ac3d2ff4534ca9282ea1684dec6ab60779e9
DCRat payload (confidence level: 95%)
hash686f76c2a283db1cfdc79ed605c41c2ca1913f5d4f515643fc939395f80490ca
DCRat payload (confidence level: 95%)
hash79d7dd4400288279ece780e707a911ac
DCRat payload (confidence level: 95%)
hash6df4b4705de9e2a6c058beb0cc8dd190ef8c6105
RedLine Stealer payload (confidence level: 95%)
hash56108855ac9c8d08e01b618e09f9c0538e2e4bf533acdf6ebb560a8d7cabcc76
RedLine Stealer payload (confidence level: 95%)
hash77b729999bce266c50366716d6fd2a21
RedLine Stealer payload (confidence level: 95%)
hash901764258a8f7322c9a4155f70e48e9676c7691e
DanaBot payload (confidence level: 95%)
hash318a4e426669f90ff9b6107f56f0ed47616d9da1335473c8f9f41073ca2d694d
DanaBot payload (confidence level: 95%)
hash9bf782afcc591d031b253116ac34051b
DanaBot payload (confidence level: 95%)
hash320a0c397b4165ea4ff449a1cab48a246022c103
RedLine Stealer payload (confidence level: 95%)
hashde1565a5b502c4e2ddf7dbeed2cc4ef685adb6f0731c386943ee6daee4c4fd85
RedLine Stealer payload (confidence level: 95%)
hash76a8dd96ad6d6a1f4c1e58fa5781b5ea
RedLine Stealer payload (confidence level: 95%)
hash7509e2f5e87871e73bf8b4773aac4cbbd08fc09a
Luca Stealer payload (confidence level: 95%)
hasha9de95f07ea8e928c7fc4cf4f6790578607cbff798d50e59419cc97a6cd6e51c
Luca Stealer payload (confidence level: 95%)
hash35523af27c7ba92dd9b6762e0d22f9d7
Luca Stealer payload (confidence level: 95%)
hasha69c6f84b8c12cf3728a1a604f0b13c9a1a03200
Amadey payload (confidence level: 95%)
hash9eeebefec3e56c3308628ad425c20ae61d5a079c2ca0256f2868709b22baf4b0
Amadey payload (confidence level: 95%)
hash04a2dc3b32b1aea8664b56dc9588b203
Amadey payload (confidence level: 95%)
hash72ee0bd71ecfbf76103efd8f0bc32d386d91fdaf
Formbook payload (confidence level: 95%)
hash97feddcf4ed5c42bfaba5761597b8a00
Formbook payload (confidence level: 95%)
hash129b599295e013389255c16126ae64afd42c9cb4
XWorm payload (confidence level: 95%)
hash6f4697ceaa48de87c8463be064a41834
XWorm payload (confidence level: 95%)
hash3d33e93f771a1c77f2f01c2e15d52307f88d3bf0
DCRat payload (confidence level: 95%)
hash3fc02228a6229bc91c086bc24899361b
DCRat payload (confidence level: 95%)
hashfa081e6b3382910538ee73a1fd7d4a4eb8c7158f
Luca Stealer payload (confidence level: 95%)
hashd68261d75e5b16d3cd7d11220327423f0ca7a90114b5efa9d47acd456558a094
Luca Stealer payload (confidence level: 95%)
hash4bd4bc84a801b02717ca298b83a79d73
Luca Stealer payload (confidence level: 95%)
hashef69b52ba1069b1707bec9004e7507e712c3819a
Luca Stealer payload (confidence level: 95%)
hash11df25dc6197c0dfb7ad8fbd66e576385656a425a5a49abdf330dfcdc334a1d1
Luca Stealer payload (confidence level: 95%)
hash2e7da3d18aac198a656059f14aaa5b5c
Luca Stealer payload (confidence level: 95%)
hashceaf8a8965f8584ed65940f473d78887a9719da3
RedLine Stealer payload (confidence level: 95%)
hashcb8919dfe48ae301848c3d3bc79db7c24b40cdf044ceadbb0b21c0301d8b80b8
RedLine Stealer payload (confidence level: 95%)
hasha1d0144edede68512a25d98dd2f4be2e
RedLine Stealer payload (confidence level: 95%)
hash4d2171617249aa7b477dd8c49854e7399298ee4d72a98af2c907ef9a0fcedab8
DCRat payload (confidence level: 100%)
hash226a0269af13171a409d03931b6012c8a9af097383953242128482df9d75f091
DCRat payload (confidence level: 100%)
hash9b1cc99b69c9936885932acd2010c9572245a7ea290b88730738e15e3fc274bb
DCRat payload (confidence level: 100%)
hashed93efb709eada25a22a6bedd1686106cf9456d221c6ce54d9290ee9133edde8
DCRat payload (confidence level: 100%)
hashea5ecdfb74fe54f34961e4ee889103eabe2b4c9f2d8e0f20dfc93cd3fb595bfa
DCRat payload (confidence level: 100%)
hash54fb1f732205a069f0a0895ebb3b3bffcc34b7c8675e624ca3a8320e620cc916
DCRat payload (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttp://176.74.83.8:58947/mozi.m
Mozi payload delivery URL (confidence level: 50%)
urlhttp://code-yandex.ru/l1nc0in.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://demandlinzei.shop/api
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://185.215.113.101/g99kdj4vsa/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttp://185.244.219.53/l1nc0in.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://92.63.193.127/js_api/bigloadeternal1local/updatetemp/0updatedump_/defaultpollsqllinux/pipe1dle5/update6/asyncmulti9/httpdbtrafficdatalifecdn.php
DCRat botnet C2 (confidence level: 100%)

Domain

ValueDescriptionCopy
domaineuphorianet.xyz
MooBot botnet C2 domain (confidence level: 75%)
domainidea-bernard.gl.at.ply.gg
NjRAT botnet C2 domain (confidence level: 75%)
domainlinnrat.lol
Unknown malware botnet C2 domain (confidence level: 100%)
domaincnc.gay
MooBot botnet C2 domain (confidence level: 100%)

Threat ID: 68367c99182aa0cae2324148

Added to database: 5/28/2025, 3:01:45 AM

Last enriched: 6/27/2025, 10:35:54 AM

Last updated: 8/14/2025, 1:29:48 PM

Views: 10

Related Threats

ThreatFox IOCs for 2025-08-15

Medium
MalwareSat Aug 16 2025

Threat Actor Profile: Interlock Ransomware

Medium
MalwareFri Aug 15 2025

'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan

Medium
MalwareFri Aug 15 2025

Kawabunga, Dude, You've Been Ransomed!

Medium
MalwareFri Aug 15 2025

ERMAC V3.0 Banking Trojan: Full Source Code Leak and Infrastructure Analysis

Medium
MalwareFri Aug 15 2025

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats