Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

ThreatFox IOCs for 2024-07-31

Medium
Malwaretype:osinttlp:white
Published: Wed Jul 31 2024 (07/31/2024, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2024-07-31

AI-Powered Analysis

AILast updated: 06/19/2025, 13:16:44 UTC

Technical Analysis

The provided threat intelligence pertains to a malware-related report titled 'ThreatFox IOCs for 2024-07-31,' sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under 'malware' with a medium severity rating and is associated with OSINT (Open Source Intelligence) tools or data, as indicated by the product field and tags. However, there are no specific affected software versions, CWE identifiers, or patch links provided, suggesting that this report primarily serves as an intelligence update rather than detailing a newly discovered vulnerability or exploit. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, which may imply moderate threat presence and dissemination. Notably, there are no known exploits in the wild linked to this threat at the time of publication, and no concrete Indicators of Compromise (IOCs) are listed, limiting the ability to perform targeted detection or response actions. The absence of detailed technical indicators or attack vectors suggests that this intelligence is likely preparatory or observational, possibly aggregating data on emerging malware trends or campaigns without immediate active exploitation. The TLP (Traffic Light Protocol) designation 'white' indicates that the information is publicly shareable without restriction, further supporting the notion that this is an open intelligence update rather than a confidential alert. Overall, this threat intelligence entry provides a medium-level alert about malware-related activity observed or anticipated as of July 31, 2024, but lacks actionable technical specifics or evidence of active exploitation.

Potential Impact

Given the lack of specific affected products, versions, or exploit details, the direct impact on European organizations is currently limited. However, the medium severity rating and distribution score of 3 suggest that the malware or related threats could have moderate dissemination potential, possibly affecting organizations that rely on OSINT tools or consume open-source threat intelligence feeds. Potential impacts include exposure to malware infections that could compromise confidentiality, integrity, or availability if the malware is deployed in targeted campaigns. European organizations involved in cybersecurity, intelligence analysis, or those using OSINT platforms might be more exposed due to their engagement with such data sources. The absence of known exploits in the wild reduces immediate risk, but the presence of this intelligence indicates a need for vigilance. If the malware evolves or is weaponized, impacts could escalate to data breaches, operational disruptions, or reputational damage. Therefore, European entities should consider this threat as a situational awareness update rather than an immediate operational threat.

Mitigation Recommendations

1. Enhance monitoring of OSINT feeds and threat intelligence platforms like ThreatFox to detect any updates or emerging IOCs related to this malware. 2. Implement robust endpoint detection and response (EDR) solutions capable of identifying anomalous behaviors associated with malware, even in the absence of specific signatures. 3. Conduct regular threat hunting exercises focusing on malware indicators and behaviors common in OSINT-related threats. 4. Educate security teams on the importance of validating and contextualizing OSINT data to avoid false positives or overlooking subtle threat indicators. 5. Maintain up-to-date patch management and system hardening practices to reduce the attack surface, even though no specific vulnerabilities are identified here. 6. Establish incident response playbooks that incorporate scenarios involving emerging malware threats with limited initial indicators. 7. Collaborate with European cybersecurity information sharing organizations (e.g., ENISA, CERT-EU) to receive timely alerts and share findings related to this threat. 8. Limit exposure by controlling access to OSINT tools and ensuring that only authorized personnel can interact with potentially risky intelligence sources.

Affected Countries

GermanyGermany
FranceFrance
United KingdomUnited Kingdom
NetherlandsNetherlands
ItalyItaly
SpainSpain
BelgiumBelgium
SwedenSweden
Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
eefaacf2-4a5a-4f77-9bb3-0daef49da5a9
Original Timestamp
1722470588

Indicators of Compromise

File

ValueDescriptionCopy
file18.192.93.86
NjRAT botnet C2 server (confidence level: 75%)
file3.126.37.18
NjRAT botnet C2 server (confidence level: 75%)
file18.157.68.73
NjRAT botnet C2 server (confidence level: 75%)
file18.197.239.5
NjRAT botnet C2 server (confidence level: 75%)
file103.117.141.96
Latrodectus botnet C2 server (confidence level: 75%)
file41.140.55.35
NjRAT botnet C2 server (confidence level: 75%)
file162.212.158.246
AsyncRAT botnet C2 server (confidence level: 75%)
file194.87.210.134
Rshell botnet C2 server (confidence level: 100%)
file8.130.172.150
Cobalt Strike botnet C2 server (confidence level: 100%)
file147.185.221.21
NjRAT botnet C2 server (confidence level: 100%)
file45.80.158.32
Remcos botnet C2 server (confidence level: 75%)
file175.178.23.198
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.134.124.127
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.204.33.90
Cobalt Strike botnet C2 server (confidence level: 100%)
file23.94.205.103
Cobalt Strike botnet C2 server (confidence level: 100%)
file113.45.158.80
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.98.212.175
Cobalt Strike botnet C2 server (confidence level: 100%)
file117.50.180.189
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.43.174.203
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.108.188.196
Cobalt Strike botnet C2 server (confidence level: 100%)
file111.92.243.14
Cobalt Strike botnet C2 server (confidence level: 100%)
file112.124.38.48
Cobalt Strike botnet C2 server (confidence level: 100%)
file82.156.30.62
Cobalt Strike botnet C2 server (confidence level: 100%)
file120.27.224.11
Cobalt Strike botnet C2 server (confidence level: 100%)
file106.15.229.159
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.113.194.49
Cobalt Strike botnet C2 server (confidence level: 100%)
file57.154.15.121
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.120.60.201
Cobalt Strike botnet C2 server (confidence level: 100%)
file118.107.4.232
Cobalt Strike botnet C2 server (confidence level: 100%)
file111.230.61.6
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.222.20.26
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.223.54.76
Cobalt Strike botnet C2 server (confidence level: 100%)
file150.158.44.218
Cobalt Strike botnet C2 server (confidence level: 100%)
file64.112.41.60
Cobalt Strike botnet C2 server (confidence level: 100%)
file23.94.205.103
Cobalt Strike botnet C2 server (confidence level: 100%)
file206.189.230.244
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.152.170.232
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.133.156.190
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.37.227.115
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.43.27.196
Cobalt Strike botnet C2 server (confidence level: 100%)
file204.10.160.139
Remcos botnet C2 server (confidence level: 75%)
file185.81.114.243
Latrodectus botnet C2 server (confidence level: 75%)
file185.196.8.214
Socks5 Systemz botnet C2 server (confidence level: 100%)
file91.92.249.172
RedLine Stealer botnet C2 server (confidence level: 100%)
file77.105.135.19
Unknown malware botnet C2 server (confidence level: 100%)
file91.92.240.171
RedLine Stealer botnet C2 server (confidence level: 100%)
file212.162.149.80
Remcos botnet C2 server (confidence level: 75%)
file91.92.240.75
Remcos botnet C2 server (confidence level: 75%)
file157.66.25.16
RedLine Stealer botnet C2 server (confidence level: 100%)
file147.45.47.104
RedLine Stealer botnet C2 server (confidence level: 100%)
file3.66.38.117
Nanocore RAT botnet C2 server (confidence level: 100%)
file18.197.239.109
Nanocore RAT botnet C2 server (confidence level: 100%)
file52.28.247.255
Nanocore RAT botnet C2 server (confidence level: 100%)
file3.69.157.220
Nanocore RAT botnet C2 server (confidence level: 100%)
file3.68.171.119
Nanocore RAT botnet C2 server (confidence level: 100%)
file3.69.115.178
Nanocore RAT botnet C2 server (confidence level: 100%)
file45.11.59.247
WarmCookie botnet C2 server (confidence level: 50%)

Hash

ValueDescriptionCopy
hash14407
NjRAT botnet C2 server (confidence level: 75%)
hash14407
NjRAT botnet C2 server (confidence level: 75%)
hash14407
NjRAT botnet C2 server (confidence level: 75%)
hash14407
NjRAT botnet C2 server (confidence level: 75%)
hash443
Latrodectus botnet C2 server (confidence level: 75%)
hash10000
NjRAT botnet C2 server (confidence level: 75%)
hash22
AsyncRAT botnet C2 server (confidence level: 75%)
hash43245
Rshell botnet C2 server (confidence level: 100%)
hash1787
Cobalt Strike botnet C2 server (confidence level: 100%)
hash33869
NjRAT botnet C2 server (confidence level: 100%)
hash61009
Remcos botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9990
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8088
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2083
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9090
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1314
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8011
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8088
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 75%)
hash443
Latrodectus botnet C2 server (confidence level: 75%)
hash80
Socks5 Systemz botnet C2 server (confidence level: 100%)
hash27667
RedLine Stealer botnet C2 server (confidence level: 100%)
hash6655
Unknown malware botnet C2 server (confidence level: 100%)
hash32837
RedLine Stealer botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 75%)
hash2404
Remcos botnet C2 server (confidence level: 75%)
hash47818
RedLine Stealer botnet C2 server (confidence level: 100%)
hash8432
RedLine Stealer botnet C2 server (confidence level: 100%)
hash13201
Nanocore RAT botnet C2 server (confidence level: 100%)
hash13201
Nanocore RAT botnet C2 server (confidence level: 100%)
hash13201
Nanocore RAT botnet C2 server (confidence level: 100%)
hash13201
Nanocore RAT botnet C2 server (confidence level: 100%)
hash13201
Nanocore RAT botnet C2 server (confidence level: 100%)
hash13201
Nanocore RAT botnet C2 server (confidence level: 100%)
hashc440409a8093c7b8c3ef11881bb4be889a491127
Socks5 Systemz payload (confidence level: 95%)
hash5f368a7a339e485c3795a21bea867e9ea0606c3c66f7ca3c3b4a644a70d05228
Socks5 Systemz payload (confidence level: 95%)
hash38a4f01b629b6188b3dc1efa69200242
Socks5 Systemz payload (confidence level: 95%)
hash590e60bd792ead11cbd507c4de8ca9f77a3757a9
Socks5 Systemz payload (confidence level: 95%)
hash258ecd1cb153a2a450ad5404f7c55a7dea44edb54da650ffa1165d7158dee94b
Socks5 Systemz payload (confidence level: 95%)
hash3a8c9f010a87038a151bcee14aed51d5
Socks5 Systemz payload (confidence level: 95%)
hash5afee0c45f59cdd18b24375d3ac3051d9accde66
Socks5 Systemz payload (confidence level: 95%)
hasha51b75ef6b4fb020c834b8d1b58c11de532ee6171ea94a645f5986630332de26
Socks5 Systemz payload (confidence level: 95%)
hashffc2b0891fc6c848aca2afba9894d9ce
Socks5 Systemz payload (confidence level: 95%)
hash3bf745f5e576de3036d0e7ce01127495eafa24ef
Socks5 Systemz payload (confidence level: 95%)
hash9364698aabc3bc3b4882baa2a468dbded4663fb172a39e9a87641d0321f05c96
Socks5 Systemz payload (confidence level: 95%)
hash30d614aa120290b85615ea46102a699a
Socks5 Systemz payload (confidence level: 95%)
hashc308cabedd7a713dd1fc32aaa6705dc5eecc1d9d
Amadey payload (confidence level: 95%)
hash99a29cda31238b782aaeff757e19e80d8c8043b657af2a6cf46643bc60d381ed
Amadey payload (confidence level: 95%)
hash16897527a96a8dbd1b6f310cb0d9e3cd
Amadey payload (confidence level: 95%)
hash257ba49074bbcf2e216907dd5b8b07edb63af736
NjRAT payload (confidence level: 95%)
hashe2e6e72e4178791e6741a7125f941e337f7ab9457db68dd4be3f6bfe36ac1d4d
NjRAT payload (confidence level: 95%)
hash17e5e3705fa7acd98e7a0dee49def5f0
NjRAT payload (confidence level: 95%)
hashda162b0daf02ee8cf89a011f4a2876efb4694552
DCRat payload (confidence level: 95%)
hash2bb6c2c2394ec60767a70db1d9098af76e1142de9e9ad9e94c52207c121088a8
DCRat payload (confidence level: 95%)
hash263dca09ac216848fa0ce9aea1f1aa04
DCRat payload (confidence level: 95%)
hashd3cd8127ecd525a03001c03532aab598eb7a6f09
Babadeda payload (confidence level: 95%)
hash9f523ce60e9424958356f832fc4a0bf3e63ecf8458e58b576fc2791b8e70c024
Babadeda payload (confidence level: 95%)
hashd814f729adcc56f25a18ee56c73b06af
Babadeda payload (confidence level: 95%)
hash0c5eef0eec3e9f7a03708f71c70a1d591b38712f
Stealc payload (confidence level: 95%)
hash745c8f38e2cd894f6ce759e3096333b3b219a25bdf1446558cac4a92d0cb4e51
Stealc payload (confidence level: 95%)
hashfcdc969dbc2996ce6a0c91c3ae526258
Stealc payload (confidence level: 95%)
hash91f670d8b27cd8a5f32700c58fec2a1b35942f1e
Socks5 Systemz payload (confidence level: 95%)
hash9016f29156d47c3b546d2c3591462cadeda43202e6b3a313b1977ca17bc8f244
Socks5 Systemz payload (confidence level: 95%)
hash6802bcc0bba9c2887713f5137ff4ad89
Socks5 Systemz payload (confidence level: 95%)
hash58cf50ee0ca21c155e2289c112d7f556cc1eba83
KrakenKeylogger payload (confidence level: 95%)
hash39d1db9cca45315f220c27a3de0fffe5d071c2a0c69c6e91efabe0655d61baf9
KrakenKeylogger payload (confidence level: 95%)
hash7143e893afabe3912cd1e64585318ed7
KrakenKeylogger payload (confidence level: 95%)
hash82d8f3e13fc9623f9c40d468ca3509d2e6330a7e
Agent Tesla payload (confidence level: 95%)
hash4a79a8b83afd4feb2fd2e130d54f667fa9ee6c61ecf7d61efed3753ab2450775
Agent Tesla payload (confidence level: 95%)
hashd8eeed05506336c7f7613dca3d09de5b
Agent Tesla payload (confidence level: 95%)
hash7c23a7ea336ceb57d3c9d43b38b5d7e6b2265443
Nanocore RAT payload (confidence level: 95%)
hashc00ff750da6d963181a49a76e0ec0c39bd58fa6f8926227543c3d65246ac4a17
Nanocore RAT payload (confidence level: 95%)
hash2d5b4052ba6e888d0a2e8b044bc04651
Nanocore RAT payload (confidence level: 95%)
hashf0215a7f600ee104f6da49ea142578d835046d2d
Agent Tesla payload (confidence level: 95%)
hash5c4064658cfc929bb45169b4ea8f237984acd8f92ee45892c1b05bffc61cf0aa
Agent Tesla payload (confidence level: 95%)
hash8bc29f39922f7905925d0f58e95f1a4a
Agent Tesla payload (confidence level: 95%)
hash212767a89a7ee933c4c36225dd7872a852b4a893
Socks5 Systemz payload (confidence level: 95%)
hashdf2a73d62d5706ab059daf98d8e97e682287bd915ec0ca5fd1760171b9869a51
Socks5 Systemz payload (confidence level: 95%)
hashf48e42a4f90d5daa4a95940b17db287f
Socks5 Systemz payload (confidence level: 95%)
hash1e24e56a08bb2a3fa0b4b598dfdfcfc2940a11c0
DCRat payload (confidence level: 95%)
hash09ca6cbcafca3cb6da07a4aa1067854e5e2bd9ebc2f45f9bad3e40a3e78f7eec
DCRat payload (confidence level: 95%)
hash2c0408ed58ce46555c1297c18e6ee3eb
DCRat payload (confidence level: 95%)
hash93f08869422ff5110f363fd62d457fff9a013718
RedLine Stealer payload (confidence level: 95%)
hasheb30714b71fd1cc008d3fcbfee9735807527d6342a14c4898162ed48957d7650
RedLine Stealer payload (confidence level: 95%)
hash25c305d127aba1ca0802f96df1894c8b
RedLine Stealer payload (confidence level: 95%)
hash3827fb839bf19978713d678a01c67521435e08cb
Cobalt Strike payload (confidence level: 95%)
hashfbd81946e630cebcbab32fba27293c750e2acf676b6815180f8ffe0b202e52c4
Cobalt Strike payload (confidence level: 95%)
hashb56d6ab051f14d159e44ec2b114a7880
Cobalt Strike payload (confidence level: 95%)
hash9f344e9fb4033e840df6010d77b81d9114735371
Remcos payload (confidence level: 95%)
hashbeab8e4807348f541127980db412b7f6099b27ae94039514f1826833b21ec517
Remcos payload (confidence level: 95%)
hash8d2c9b6f9bef7fea802a3ba5bf60e224
Remcos payload (confidence level: 95%)
hashd7dcd3443e26f3aa823112d10ded852691ca7506
Remcos payload (confidence level: 95%)
hashe36fe2f4f27260c436b2c5ae5b8c1b714939fa70338742ae346eefa6b5acce72
Remcos payload (confidence level: 95%)
hash5593aee33b8afa3fb19dc5c898affaa4
Remcos payload (confidence level: 95%)
hash6a49b35ad439fb057e60d6b2a82553524fc73332
Remcos payload (confidence level: 95%)
hashf3241ace2c07ddccf58c09add567265ea2ad9ff820bf696db21cc8f3642c2779
Remcos payload (confidence level: 95%)
hash43fc33e9d0b3ff57eef8b3b44cb35367
Remcos payload (confidence level: 95%)
hashc3fa7d3cf9bb9032ed059cf2136a9d5252fcd6e7
Socks5 Systemz payload (confidence level: 95%)
hashadcde787a75fa1df4c1e1abf54c13cbfaf014f6b910c074bfae4576a900834d2
Socks5 Systemz payload (confidence level: 95%)
hash0222fc9efea5f01d8f72d5c965439343
Socks5 Systemz payload (confidence level: 95%)
hash6d7851995ab78f14367b5d33c68034752f6f7d82
Socks5 Systemz payload (confidence level: 95%)
hash35c1dd0c091271adcb8ebee5db2be736f14e48afdb05076191f6160cc020f614
Socks5 Systemz payload (confidence level: 95%)
hash1d68e00dcfec745e5019621578f23e2f
Socks5 Systemz payload (confidence level: 95%)
hash1e323c23b20007998b7c104a27cfd1b5c0f878f2
Socks5 Systemz payload (confidence level: 95%)
hashe79b1536ac9710a2fffc8bf4d3337e344aee2897d116dd48b9a4c4e174d49acf
Socks5 Systemz payload (confidence level: 95%)
hash596116c65df4aa37c8018dc9acc4eb56
Socks5 Systemz payload (confidence level: 95%)
hashe2a31457e3660d3e4faf900d183517bd7f74487f
KrakenKeylogger payload (confidence level: 95%)
hash432ed4f549a0d6e1e674e3542ede6f59027c26586f9497192312bb778bc1f889
KrakenKeylogger payload (confidence level: 95%)
hashe647ed7ef0559cc91f7d934f4c0bc90b
KrakenKeylogger payload (confidence level: 95%)
hash6e3e50b32d75102b5657cb49c5d097951fae155f
AsyncRAT payload (confidence level: 95%)
hash07ed90ecdab75f680a5203e3e46c6edd4c5c55054d495bfdacf159f8ba7de9f8
AsyncRAT payload (confidence level: 95%)
hash0fff9f167535095430314e1e82a8e78b
AsyncRAT payload (confidence level: 95%)
hash14206fe90c51756b347d94fd21fffb07dbc1338a
Socks5 Systemz payload (confidence level: 95%)
hashc131cb51cf9ad72483df8504488433a085302cdbb10d4d5e1d89bbdb748bb12a
Socks5 Systemz payload (confidence level: 95%)
hashdef10a94a0f8c3628f3a506c4ee7b397
Socks5 Systemz payload (confidence level: 95%)
hash2e42e60b3d8106c011d62ccae1f8cbad4d6f17e1
MimiKatz payload (confidence level: 95%)
hash6d74ed0eda4cf7f7edb2f8982cc706e84a402008fc74f442d898da7d6be05143
MimiKatz payload (confidence level: 95%)
hashfc91223bf922e0925a5f682249c0a9c7
MimiKatz payload (confidence level: 95%)
hash4243cc3717a371b2fdf4a7eb0387ea3b19a62764
Formbook payload (confidence level: 95%)
hash078b3704bde85e8ad84e4c21ca910f5d5367843bbecc2a384acc3fd89cd3553c
Formbook payload (confidence level: 95%)
hash4a699c45efa52f13210361413ebd9358
Formbook payload (confidence level: 95%)
hash0ba35aec11df0302ebecb6cd92eef0c4e865da88
RedLine Stealer payload (confidence level: 95%)
hashb8d0c12cd1fe8fb827ec3c886627049399c2d6e38af34f7550817ef827794c87
RedLine Stealer payload (confidence level: 95%)
hashc3d090aedfcd7d5df3ff177d653e30fe
RedLine Stealer payload (confidence level: 95%)
hash3a788806582516a4ff25b80bbe59c8c8ed5834a0
Nitol payload (confidence level: 95%)
hash84fe8b4885f1959623a8ff97586ca1cd3603aa14b16549b67a43cba4e1cfeed6
Nitol payload (confidence level: 95%)
hash3376a276b02838bfb0396e9bec598f8f
Nitol payload (confidence level: 95%)
hash8b43d4ddcf3f368b6826195ef32cdaabf490cebe
Remcos payload (confidence level: 95%)
hash47ae5e8821f923b9b7f2ae71662b47ddad143af408d04ab3c75469a51d440c50
Remcos payload (confidence level: 95%)
hashad28c90c45849816958cdb8675649489
Remcos payload (confidence level: 95%)
hasha4b4af213c8d09520ad7fb1cec0c2f1552b8e925
Agent Tesla payload (confidence level: 95%)
hashcdd7df460178e0239fb3342ac3f97e920069e5b2aac1c9c343923241f1b60b87
Agent Tesla payload (confidence level: 95%)
hash2c324a432107f58bfe651eda729c50f0
Agent Tesla payload (confidence level: 95%)
hash537ffa002af21f12241e27536c793a7af2037b3b
KrakenKeylogger payload (confidence level: 95%)
hashd742fb7077c4643099b2a969537ec53cd326af9388c063f86db018fc925b1e30
KrakenKeylogger payload (confidence level: 95%)
hash24f2175694ba1e14103300f554a3ee25
KrakenKeylogger payload (confidence level: 95%)
hashe0197027ab678a4558a6fac053051a898ab2446f
Agent Tesla payload (confidence level: 95%)
hash88e81b3ce5ac8ea73503bda113bf3e8df80928b7521c349e5e4cf46d118ea419
Agent Tesla payload (confidence level: 95%)
hash91463a6b4347b48270d4e9c25445194b
Agent Tesla payload (confidence level: 95%)
hashf400da83e925b1c2fd7c35b847dfd9b7c06200ce
Socks5 Systemz payload (confidence level: 95%)
hashe609e82d949e7d651a97dc59c7e3c9c32bc1e2ba51dc2c3cd474f75af40e69e0
Socks5 Systemz payload (confidence level: 95%)
hash815296be88e364a036f9d63f88aa39bd
Socks5 Systemz payload (confidence level: 95%)
hash8555fece6005d6ca4a95380a0bb4b0a52ce1b0d6
Agent Tesla payload (confidence level: 95%)
hash4d1527ce09d716a68f0a548a3fab80d2223028460e036f43b579f211b91b0ff3
Agent Tesla payload (confidence level: 95%)
hashd3536f1bd7ee2fe4f343aeb0a71e1f8e
Agent Tesla payload (confidence level: 95%)
hash7b0445e03ec80edb503ec8b5922c4bc12a50f30c
Formbook payload (confidence level: 95%)
hash0d9ed8e0ff58036e9395568a8979de8eeb6c96023f72479978961dd2fa5fde7f
Formbook payload (confidence level: 95%)
hashf1d14ce82813169c6000f256ef463209
Formbook payload (confidence level: 95%)
hashe6a77ba0666b9000014f47445a5d998cff792935
Agent Tesla payload (confidence level: 95%)
hash3834f34032f5db407ab11440441c1958dd4826da8eb29248391e00cff1c42659
Agent Tesla payload (confidence level: 95%)
hasha6061e297e321b6f35fbc4fc08823532
Agent Tesla payload (confidence level: 95%)
hashd7babb79e3f7f0241e719319425a237e020139c5
RedLine Stealer payload (confidence level: 95%)
hashd8b9c51d5a83768c30ca2d35d6a14bc3eafa4438c0a225086ee5b051a8aadd4b
RedLine Stealer payload (confidence level: 95%)
hashd41c6e2d4340e88aa75bdd1aac2ef75f
RedLine Stealer payload (confidence level: 95%)
hash5e8d0f97fa5838d4d0a22ff1622d5b7ba3d3f48b
RedLine Stealer payload (confidence level: 95%)
hash3f2a538487752f1c35b02c32e9bf2d14d84da017076bd8c66a7185d4de32baf7
RedLine Stealer payload (confidence level: 95%)
hashae1e4fd4b5705d09889764b54e47322f
RedLine Stealer payload (confidence level: 95%)
hashe53f537867a3b6eeb692f1fda37399d450ac6a89
Agent Tesla payload (confidence level: 95%)
hashf7a1aa0c15f9aeae70772b19fa78577a61a1e889693a413429202bd7e817d96b
Agent Tesla payload (confidence level: 95%)
hash9c953d3e83752cff06732fabb81ecd5e
Agent Tesla payload (confidence level: 95%)
hashc284620ea7642b7de6689f8424db63788d562aec
KrakenKeylogger payload (confidence level: 95%)
hashe43b71bf229e6167ea0bb5e87622ecbd85a4a351cc1173a0d4a52b25977f1244
KrakenKeylogger payload (confidence level: 95%)
hash7556516a356db3c6d92afd04d3b1b351
KrakenKeylogger payload (confidence level: 95%)
hashcd2e6daa5a20510ca430fd4ad0e7297f3658308e
Formbook payload (confidence level: 95%)
hash29d57050ee10327642136e9e1a394ca996b42b95bae45d3dd44e392cec83c027
Formbook payload (confidence level: 95%)
hashfad2601b8d3ae921451df530f754a105
Formbook payload (confidence level: 95%)
hash1b93b5b001ae6be86bb95ab952175761f0f244b9
KrakenKeylogger payload (confidence level: 95%)
hash4e74448019c0b55fa12a52fc6b417151937fa14e83a07d63184f216b6887152a
KrakenKeylogger payload (confidence level: 95%)
hashbbc1dfc1e7c8e75be660e1550e353909
KrakenKeylogger payload (confidence level: 95%)
hash9ffb91dd4bc137542b8dde7e342171975d16a5e8
Glupteba payload (confidence level: 95%)
hashfb951d3186b65a831453a187f6ee313af91de289c43c246f0e25a62657c919c8
Glupteba payload (confidence level: 95%)
hash8f0f7c4746e7b01f4150337b885dfa81
Glupteba payload (confidence level: 95%)
hash1290a765549a9e6619b8fa43112304b33dd0ed5b
Formbook payload (confidence level: 95%)
hash158c8861036425f4e7b9df9a610a0e23d45a811c2916aa697cb01491b493e539
Formbook payload (confidence level: 95%)
hash002c833ff6ecaac50c4ef23b36189bbc
Formbook payload (confidence level: 95%)
hash2c094fe1e7da8809dab88c276b3a39df524bdbb8
KrakenKeylogger payload (confidence level: 95%)
hash33eaa856217c202c7c33225322e8b1dc6106f4fe9597ae1d74ffb1c0c5b9c4e9
KrakenKeylogger payload (confidence level: 95%)
hash7dd0ede2acdaeecb737e8874ff369de9
KrakenKeylogger payload (confidence level: 95%)
hash10fdd2415e4beba537cca412e7b34be2978259f5
KrakenKeylogger payload (confidence level: 95%)
hashec0cb53f3f7dd573b6449bed509234445870faabe3134f554f48ac150ae99de2
KrakenKeylogger payload (confidence level: 95%)
hash66c5a4a76296b7920698d79fa2528fe2
KrakenKeylogger payload (confidence level: 95%)
hash5d27cb31dc5c2fea85d4fc161bf044861126dcee
RedLine Stealer payload (confidence level: 95%)
hash58b696529cf06561c1cae309f5abd2eb30dcb5e8de1d649cab3ec8fcc7d90073
RedLine Stealer payload (confidence level: 95%)
hash9570a6c76a23fee9f7afe1e5e5d972ce
RedLine Stealer payload (confidence level: 95%)
hash5f45a26c898a2fad0da08a6c4ba626e52619a599
MetaStealer payload (confidence level: 95%)
hashb091e38b4cdf341c2733c6e8c2199afd4ee05fc9f921a37c8e555198f1ec2e12
MetaStealer payload (confidence level: 95%)
hash92a20ba91b4d3b89b57aa95a120667ae
MetaStealer payload (confidence level: 95%)
hash71f2129bd9f19b86552b160da4841997805a375c
Socks5 Systemz payload (confidence level: 95%)
hash2c90d977b28730793bf9d6be7873b8d8ba7f55194737da0dd282e388740e9475
Socks5 Systemz payload (confidence level: 95%)
hashc586b1bf38c1e9a83e29f062750826b4
Socks5 Systemz payload (confidence level: 95%)
hash3db2833a506acf05d379b603e54d7e7bf9facd5f
Agent Tesla payload (confidence level: 95%)
hash36609ed28222d995170a36e1d4df63fcf518bece4a965e5674cc5a03c2d2b324
Agent Tesla payload (confidence level: 95%)
hashe433558ced9cd543207bd7bc7da5b361
Agent Tesla payload (confidence level: 95%)
hash80
WarmCookie botnet C2 server (confidence level: 50%)

Url

ValueDescriptionCopy
urlhttp://a1010630.xsph.ru/74dd937b.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://101.43.103.253:8080/emtw
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://8.130.172.150:1787/hkcg
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://cx76022.tw1.ru/669eb395.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://myanswerpronto.com/cdn-vs/original.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://myanswerpronto.com/cdn-vs/main.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://myanswerpronto.com/cdn-vs/22per.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://111.230.41.191:8443/uc/validate/check.do
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://a1011643.xsph.ru/fa4cd07b.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://47.103.87.12:443/ptj
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://kolasau6.beget.tech/1366c419.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://ammycanedpors.shop/api
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://chequedxmznp.shop/api
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://egorepetiiiosn.shop/api
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://faceddullinhs.shop/api
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://illnesmunxkza.shop/api
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://shelterryujxo.shop/api
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://shootydowtqosm.shop/api
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://triallyforwhgh.shop/api
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://072212cm.nyashsens.top/externallinetoupdategamelongpollserverlinuxdle.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://194.26.232.193/temporary/process8geopython/securelocal/testcpu/universallinepublic/baseline/javascript/apiimagepublic/basesecureuniversalrequest/multipython/http/99/8imagerequest/processortraffic.php
DCRat botnet C2 (confidence level: 100%)

Domain

ValueDescriptionCopy
domainmyanswerpronto.com
FAKEUPDATES payload delivery domain (confidence level: 100%)

Threat ID: 682c7abde3e6de8ceb7564ea

Added to database: 5/20/2025, 12:51:09 PM

Last enriched: 6/19/2025, 1:16:44 PM

Last updated: 8/12/2025, 11:37:13 AM

Views: 12

Related Threats

On Going Malvertising Attack Spreads New Crypto Stealing PS1Bot Malware

Medium
MalwareThu Aug 14 2025

A Mega Malware Analysis Tutorial Featuring Donut-Generated Shellcode

Medium
MalwareThu Aug 14 2025

PhantomCard: New NFC-driven Android malware emerging in Brazil

Medium
MalwareThu Aug 14 2025

ThreatFox IOCs for 2025-08-13

Medium
MalwareThu Aug 14 2025

Efimer Trojan Steals Crypto, Hacks WordPress Sites via Torrents and Phishing

Medium
MalwareWed Aug 13 2025

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats