Skip to main content

ThreatFox IOCs for 2024-08-25

Medium
Published: Sun Aug 25 2024 (08/25/2024, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2024-08-25

AI-Powered Analysis

AILast updated: 06/27/2025, 10:21:22 UTC

Technical Analysis

The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2024-08-25 by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), network activity, and payload delivery. The data appears to be a collection of threat intelligence indicators rather than a description of a specific malware family or exploit. No affected software versions or patches are listed, and no known exploits in the wild have been reported. The threat level is rated as medium (threatLevel: 2), with moderate distribution (3) and minimal analysis (1), indicating that this is likely an early-stage or low-confidence intelligence report. The absence of detailed technical indicators or payload specifics limits the ability to deeply analyze the malware behavior or attack vectors. The classification under OSINT and network activity suggests that these IOCs are intended to support detection and monitoring efforts rather than describing a novel or active exploit. The lack of CWE identifiers and patch information further supports that this is an intelligence feed update rather than a newly discovered vulnerability or active threat campaign. Overall, this threat intelligence update provides useful data points for security teams to enhance their detection capabilities but does not describe an immediate or critical threat requiring urgent remediation.

Potential Impact

For European organizations, the impact of this threat intelligence update is primarily in the realm of enhanced situational awareness and improved detection capabilities. Since no active exploits or specific vulnerabilities are identified, the direct risk to confidentiality, integrity, or availability is limited at this stage. However, the presence of new IOCs related to malware and payload delivery means that organizations should be vigilant for potential network intrusions or malware infections that could leverage these indicators. The medium severity rating suggests a moderate risk level, implying that while no immediate widespread attacks are reported, the threat actors may be preparing or conducting low-level reconnaissance or delivery attempts. European entities with critical infrastructure, financial services, or government networks should consider integrating these IOCs into their security monitoring tools to detect early signs of compromise. Failure to do so could delay incident detection and response, potentially increasing the impact if the threat evolves into active exploitation.

Mitigation Recommendations

1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) systems and threat intelligence platforms to enhance detection of related network activity and payload delivery attempts. 2. Conduct proactive network traffic analysis focusing on anomalies that match the behavioral patterns suggested by the OSINT and network activity tags. 3. Update intrusion detection and prevention systems (IDS/IPS) with signatures derived from these IOCs to block or alert on suspicious communications. 4. Perform regular endpoint and network scans to identify any signs of malware infections or unauthorized payload deliveries. 5. Educate security teams on the nature of OSINT-based threat intelligence to improve contextual understanding and response prioritization. 6. Maintain up-to-date asset inventories and ensure segmentation of critical systems to limit potential lateral movement if an infection occurs. 7. Monitor threat intelligence feeds continuously for updates that may provide more detailed indicators or exploit information related to this threat. 8. Since no patches are available, focus on detection and containment strategies rather than remediation of a specific vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
e69359c5-afeb-4aac-a562-2a8542849bc2
Original Timestamp
1724630587

Indicators of Compromise

File

ValueDescriptionCopy
file92.249.48.64
Nova Stealer botnet C2 server (confidence level: 100%)
file92.249.48.64
Nova Stealer botnet C2 server (confidence level: 100%)
file142.171.227.226
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.120.52.176
Cobalt Strike botnet C2 server (confidence level: 100%)
file83.233.243.109
DarkComet botnet C2 server (confidence level: 100%)
file118.163.177.120
Remcos botnet C2 server (confidence level: 100%)
file35.91.95.28
Sliver botnet C2 server (confidence level: 100%)
file2.59.134.73
AsyncRAT botnet C2 server (confidence level: 100%)
file34.30.202.89
Unknown malware botnet C2 server (confidence level: 100%)
file176.98.40.202
Stealc botnet C2 server (confidence level: 100%)
file157.245.65.139
NjRAT botnet C2 server (confidence level: 75%)
file87.98.135.134
FastCash botnet C2 server (confidence level: 50%)
file172.111.186.124
Remcos botnet C2 server (confidence level: 100%)
file172.211.254.214
Sliver botnet C2 server (confidence level: 100%)
file112.124.39.205
Unknown malware botnet C2 server (confidence level: 100%)
file23.95.106.22
AsyncRAT botnet C2 server (confidence level: 100%)
file182.106.149.83
Kaiji botnet C2 server (confidence level: 100%)
file110.185.53.210
Cobalt Strike botnet C2 server (confidence level: 100%)
file150.158.36.17
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.243.85.106
Cobalt Strike botnet C2 server (confidence level: 100%)
file50.63.8.251
Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%)
file107.172.140.211
Cobalt Strike botnet C2 server (confidence level: 100%)
file118.25.144.3
Cobalt Strike botnet C2 server (confidence level: 100%)
file118.25.144.3
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.76.30.15
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.138.171.224
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.100.1.145
Cobalt Strike botnet C2 server (confidence level: 100%)
file89.32.41.177
Remcos botnet C2 server (confidence level: 100%)
file46.183.223.84
Remcos botnet C2 server (confidence level: 100%)
file45.76.255.68
Sliver botnet C2 server (confidence level: 100%)
file45.55.194.173
AsyncRAT botnet C2 server (confidence level: 100%)
file185.104.195.215
AsyncRAT botnet C2 server (confidence level: 100%)
file54.227.68.178
Unknown malware botnet C2 server (confidence level: 100%)
file92.40.112.165
Quasar RAT botnet C2 server (confidence level: 100%)
file75.119.136.117
Havoc botnet C2 server (confidence level: 100%)
file75.119.136.117
Havoc botnet C2 server (confidence level: 100%)
file52.233.199.88
Havoc botnet C2 server (confidence level: 100%)
file37.1.220.7
Venom RAT botnet C2 server (confidence level: 100%)
file85.209.11.155
AMOS botnet C2 server (confidence level: 100%)
file154.216.17.18
RedLine Stealer botnet C2 server (confidence level: 100%)
file147.45.44.148
RedLine Stealer botnet C2 server (confidence level: 100%)
file94.156.65.203
RedLine Stealer botnet C2 server (confidence level: 100%)
file43.136.90.70
Cobalt Strike botnet C2 server (confidence level: 100%)
file95.169.196.16
Sliver botnet C2 server (confidence level: 100%)
file83.229.124.115
Unknown malware botnet C2 server (confidence level: 100%)
file50.114.5.231
Unknown malware botnet C2 server (confidence level: 100%)
file192.151.243.230
Unknown malware botnet C2 server (confidence level: 100%)
file54.227.68.178
Unknown malware botnet C2 server (confidence level: 100%)
file91.92.246.203
Hook botnet C2 server (confidence level: 100%)
file142.202.242.185
Hook botnet C2 server (confidence level: 100%)
file142.202.242.185
Hook botnet C2 server (confidence level: 100%)
file31.220.80.82
Havoc botnet C2 server (confidence level: 100%)
file193.222.99.19
ERMAC botnet C2 server (confidence level: 100%)
file89.208.97.95
Meduza Stealer botnet C2 server (confidence level: 100%)
file192.95.20.235
Unknown malware botnet C2 server (confidence level: 100%)
file192.95.20.235
Unknown malware botnet C2 server (confidence level: 100%)
file192.95.20.235
Unknown malware botnet C2 server (confidence level: 100%)
file192.95.20.235
Unknown malware botnet C2 server (confidence level: 100%)
file81.70.24.225
Cobalt Strike botnet C2 server (confidence level: 100%)
file118.25.177.108
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.100.1.145
Cobalt Strike botnet C2 server (confidence level: 100%)
file142.171.228.22
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.130.234.180
Cobalt Strike botnet C2 server (confidence level: 100%)
file193.26.115.159
AsyncRAT botnet C2 server (confidence level: 100%)
file193.26.115.159
AsyncRAT botnet C2 server (confidence level: 100%)
file194.49.68.19
RedLine Stealer botnet C2 server (confidence level: 100%)
file121.37.227.115
Cobalt Strike botnet C2 server (confidence level: 100%)
file65.21.66.217
Remcos botnet C2 server (confidence level: 100%)
file162.251.94.114
Unknown malware botnet C2 server (confidence level: 100%)
file51.254.67.181
AsyncRAT botnet C2 server (confidence level: 100%)
file171.233.26.60
Venom RAT botnet C2 server (confidence level: 100%)
file171.233.26.60
Venom RAT botnet C2 server (confidence level: 100%)
file23.237.106.59
DCRat botnet C2 server (confidence level: 100%)
file91.92.247.203
RedLine Stealer botnet C2 server (confidence level: 100%)
file13.60.45.175
ERMAC botnet C2 server (confidence level: 100%)
file91.92.255.65
ERMAC botnet C2 server (confidence level: 100%)
file38.180.213.253
Stealc botnet C2 server (confidence level: 100%)
file91.92.250.21
BianLian botnet C2 server (confidence level: 100%)
file91.92.250.21
BianLian botnet C2 server (confidence level: 100%)
file123.57.30.129
Meterpreter botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash443
Nova Stealer botnet C2 server (confidence level: 100%)
hash3000
Nova Stealer botnet C2 server (confidence level: 100%)
hash0fe2fbc84387624cd894a02f4b4ba6b8ce92003b
Mars Stealer payload (confidence level: 95%)
hasha59640e1fd35cc864861dda2e4fb1fdcadbb6a0668fcb3bf9ff5ab2675ad8d4e
Mars Stealer payload (confidence level: 95%)
hashe22588b227673158f945994b75891b19
Mars Stealer payload (confidence level: 95%)
hashbc9c7bdb87936f580871374b60ccb9392770594d
Quasar RAT payload (confidence level: 95%)
hash378d287411180c7a4a675116862bd810b8250a7c11a3c5fd04b04ef59e0e4cf8
Quasar RAT payload (confidence level: 95%)
hashca283d3c1cccde01d5fca1e37c3fddb6
Quasar RAT payload (confidence level: 95%)
hash6ae60c2879ebe69ac40d149ed5a608250d022dce
Quasar RAT payload (confidence level: 95%)
hashc1dd6ce8d69876282a88739c537d5a2369a19c4b6cf360af5983c12c9dc3f2d6
Quasar RAT payload (confidence level: 95%)
hash3053a2a43ba2fbc6e3e3ecbecde806d1
Quasar RAT payload (confidence level: 95%)
hashdddbf37fe2be08bccb2ebf153a5639a22ac7bf3e
Cobalt Strike payload (confidence level: 95%)
hash31eb20b5c7a48b125b80229b085e19088463e388f8a76e948e37b8c40aad1ecd
Cobalt Strike payload (confidence level: 95%)
hashd0ad1150a2e7c9699e00e265bf46d236
Cobalt Strike payload (confidence level: 95%)
hash48143e0e7c6909471c855cc73331817aa4550adf
Cobalt Strike payload (confidence level: 95%)
hash2210845f0274e605766418df2a9f81c15d8e1f383e445a5b01a385fbfecc9fa3
Cobalt Strike payload (confidence level: 95%)
hash06acac40f95b938cc52dd263fd39f631
Cobalt Strike payload (confidence level: 95%)
hash7459682c7f90430350a850c281b54d6fb877367d
Mars Stealer payload (confidence level: 95%)
hash57716a4b2bcadec1a8ed2a88e33f79e49deb095f18f71eafd05ec18b80c60691
Mars Stealer payload (confidence level: 95%)
hashec11395a4f9b30672b9392e14e684c24
Mars Stealer payload (confidence level: 95%)
hash72db227875a4de40b244910682e45983e833e305
Vidar payload (confidence level: 95%)
hashd53641a8cbaa9208b0efa58d6dda60c62a8883ed4eea4bd9507ed761cf648d34
Vidar payload (confidence level: 95%)
hash13facf5abdf5f741c24b640b0e60347a
Vidar payload (confidence level: 95%)
hashe96e226f5b62ccfbcf886e10d374c268ba1756ae
RedLine Stealer payload (confidence level: 95%)
hash9ae5e9a733c073e37ca44d3405d1f5d0c62c9f4a045ab5add8c293986516ebfb
RedLine Stealer payload (confidence level: 95%)
hashfc3e901fdbe99e7af967d7cc694596d7
RedLine Stealer payload (confidence level: 95%)
hashe87cb7c759cc51997479815733b8b6040aca4839
RedLine Stealer payload (confidence level: 95%)
hash9363c7e1f53307e5ff04f282616f2204d8b1167cfbc4210378ade6a06ff337af
RedLine Stealer payload (confidence level: 95%)
hash5a906023e898f54a6476852576224727
RedLine Stealer payload (confidence level: 95%)
hash16e00b046fd09937b40ad374b2ed998242bf3549
Mars Stealer payload (confidence level: 95%)
hash9690eff3fd51fb5810464f53529bb39b4327fb74c75be52e9bd5565ae3ee1ec7
Mars Stealer payload (confidence level: 95%)
hashacd6100b0f2c783fe09740e441c8db8d
Mars Stealer payload (confidence level: 95%)
hash060ce631d5bae0bdb4c9f20caba8bb69bf727f35
Luca Stealer payload (confidence level: 95%)
hash1cd67fdb3775cbff262e7f7763fac8c3c86730d855611c3b236e8b99ec80d02b
Luca Stealer payload (confidence level: 95%)
hash8aa82edc08c49bb81cb4c45e6d6d72fd
Luca Stealer payload (confidence level: 95%)
hash612e077979d300cf07a9b725eb38be21ce0bf772e9c3ca8812a6971ece45c07b
Luca Stealer payload (confidence level: 95%)
hash4ce96096ccbda0661b401db44bc42b91
Luca Stealer payload (confidence level: 95%)
hasha884da24f2887388a986cea172fba15444fff8c5
Luca Stealer payload (confidence level: 95%)
hashe0be120f524ee2bbfe7878f69f836d422139c4e4e4ad8feee7a2a9c3a19b0585
Luca Stealer payload (confidence level: 95%)
hashc5b35da7aa7f99460eaa845b640d25ac
Luca Stealer payload (confidence level: 95%)
hash5c62dda88b6a57f404ddd39f4c38a2cc8e667041
Luca Stealer payload (confidence level: 95%)
hashf35f0e4e75cecd966522d441ee8e8a736b3ed4cffb7c09e95b20181bc807f932
Luca Stealer payload (confidence level: 95%)
hash2c506a37b9c8aaabb0adfd87c2a59904
Luca Stealer payload (confidence level: 95%)
hash34f0738f8c4937e508c27f0391cedbf07fe571f7
DCRat payload (confidence level: 95%)
hash1dd72465d073061b2d444bf5765b27db4b1ce6e501f142c5b49ea221ac3da1f3
DCRat payload (confidence level: 95%)
hashbac096285504e0dd7865ece7088293e4
DCRat payload (confidence level: 95%)
hash409e193c2b3a98551e800ed2327ae03c65e932c8
NjRAT payload (confidence level: 95%)
hash411ad55772b124c0bd043cf23bc4b17ea5c4148e76118bc62f767dacc4651486
NjRAT payload (confidence level: 95%)
hash0aed5461aac50ce1f8e2ecd99f3015d7
NjRAT payload (confidence level: 95%)
hash048a7040dd1cd1237f90fe3c88bac49fe8654f3f
DCRat payload (confidence level: 95%)
hashea6805bd9c1003cdbf40519d712c7bb6c09246a69f0b72c8b62e830f9606b9d1
DCRat payload (confidence level: 95%)
hashf2d12112667e6027cbd4f42b91914da6
DCRat payload (confidence level: 95%)
hashc04f035e8408d7d25bf14801d82b6d5c0d17067d
NjRAT payload (confidence level: 95%)
hash529ff848c96ad5781e1fca999b5abdbcf40fc9696f3a1e4171418bb40ca34ff0
NjRAT payload (confidence level: 95%)
hash32acbdf48472ba783782b6e201bdff5d
NjRAT payload (confidence level: 95%)
hasha3188fbec97b43c8eb09fdf153e720a05b6d23ca
NjRAT payload (confidence level: 95%)
hashd29f332c6b049cd51cef8b50e0174f1e9e8aa0a50858558490a64bbd23291a56
NjRAT payload (confidence level: 95%)
hashe29081b6a3a9204379abd03cb3c8b622
NjRAT payload (confidence level: 95%)
hashf367a442469bbec9b95eb7c4e0c8feeff26a2830
NjRAT payload (confidence level: 95%)
hashe560edabaaf6994cf185437eda9e4115bcc48a25d94ce402b610b949053c68c0
NjRAT payload (confidence level: 95%)
hash18eda6136733eeceecffb3ba497a625d
NjRAT payload (confidence level: 95%)
hash768a08aaf63b19621d33b99018dbdf576805c84e
DCRat payload (confidence level: 95%)
hash6b2b12acaa74119ad165b5961c1e913f5272f6bf535f424788fd1fbf4151ee41
DCRat payload (confidence level: 95%)
hash8af7ce731b2ed48aabb19211713e89d9
DCRat payload (confidence level: 95%)
hash5f5b6c54c0b5f97ee88741f111810f2ee2bffd59
DCRat payload (confidence level: 95%)
hash7232002541379d1fba33273ae77d8e552460f1f49ca493445c47b7a6954c4e85
DCRat payload (confidence level: 95%)
hash87f5940bb1f5de9d2109d07e55b2ada6
DCRat payload (confidence level: 95%)
hash89ef702587884d38b07ebe0f7353e708d9569a62
DCRat payload (confidence level: 95%)
hash1353ef9da4acb986188b6aae8930ecd1618afc282c4f9d6a85b7f07412d93efd
DCRat payload (confidence level: 95%)
hash785607a320f7338a45583ba5a4351cfc
DCRat payload (confidence level: 95%)
hashd13bd9e562517ddc27ec7dcae2619647617b35e3
CryptBot payload (confidence level: 95%)
hash9a4b0c02ec1fa56e2f1bd9993c466d114de05dafec3f6c59d3819337186d1f56
CryptBot payload (confidence level: 95%)
hashef31dfefa7ff0ef6833a6063f6df82f1
CryptBot payload (confidence level: 95%)
hash56dc4d4bac3ef0a46b1146a58eccdc773222db0c
Mars Stealer payload (confidence level: 95%)
hash4c840a0355723638725621473ca6d5c98cb9efec4c848b10d57c9ab4883c413b
Mars Stealer payload (confidence level: 95%)
hash9f3505d4d53376c68d28e5c76449d6f9
Mars Stealer payload (confidence level: 95%)
hash5ae47c67c6b046a6e807dddb6178dbfad43c888e
Amadey payload (confidence level: 95%)
hash29db4d6bce2297d878cfef9b5ffc452dc7299a25b53219fa215cce7f7bdd3910
Amadey payload (confidence level: 95%)
hash9ca88a66e64760c3338dc5c1928c80be
Amadey payload (confidence level: 95%)
hash2332c791227ccb9c846c1059173e4323204a9aab
Vidar payload (confidence level: 95%)
hash464e16f6d92d3c9eddeef69f7b1416fefb97817732155fe3549f37986d26fc44
Vidar payload (confidence level: 95%)
hash377dcc031a12d3c0189afe684e4ad41e
Vidar payload (confidence level: 95%)
hash5e9138aef64b86235fed9cfbc8428661c9e36733
Vidar payload (confidence level: 95%)
hashdbbacaf728af45c13e7aa9538090d6795d4fa7ace887d6f0823007a55414a1a1
Vidar payload (confidence level: 95%)
hash867a688580e309ccdbada474210871f1
Vidar payload (confidence level: 95%)
hasha3b291b0a99a09cc1a04466d00bb4f1487d9a676
DCRat payload (confidence level: 95%)
hasha6e19c2cf15b81f781b1a4d4caaf46a0e6b6a65618d8eba75e76dd2556dc6738
DCRat payload (confidence level: 95%)
hash6f821e04af6032f28a92b3879871251e
DCRat payload (confidence level: 95%)
hashcce1245acbcb29a3a6f60130c2e8f22ac2d982fc
DCRat payload (confidence level: 95%)
hash506a31efcda3ac332e2f7ea696b967aeb7f96dc028812500b8f9c69f3201769c
DCRat payload (confidence level: 95%)
hash1d583232f3c2b05528bc0933838bfc11
DCRat payload (confidence level: 95%)
hashbb5bfff621d2691a8461a77e25f87ec13957176a
Vidar payload (confidence level: 95%)
hash3891b4ca289d3c1ed1e73d2af779191c414552b79302a3546b45a43e2afe0423
Vidar payload (confidence level: 95%)
hashad8a02a68b36bd0c78428d3552feacce
Vidar payload (confidence level: 95%)
hash526b9bf54fdf9a21e0f5715f48e5ff1a3daa9ec2
Mars Stealer payload (confidence level: 95%)
hash8e74f5644140e614077e5317d5ffb5ca0f828ed4870e1d6c1faf442c851e1909
Mars Stealer payload (confidence level: 95%)
hash0df1eb83d7ed49150b934fe7f68585af
Mars Stealer payload (confidence level: 95%)
hash935590495562e460c2e028220c583cc93ec97c30
Quasar RAT payload (confidence level: 95%)
hash59b6f157ec7087a025c17d6beecf7d7f3f49106319fbf05708eef51d79b9eee9
Quasar RAT payload (confidence level: 95%)
hash3ba0319e73189975e4d8a212772eddc1
Quasar RAT payload (confidence level: 95%)
hash8dd0c01b473845cd911596be18820ff4aa01d8f4
Mars Stealer payload (confidence level: 95%)
hash6f6f1d53025ee680fdc92c64d14b887ed61275521e2ac6f493ad8f1c7f8f1392
Mars Stealer payload (confidence level: 95%)
hash695927c3f75ae50325a1a4a129a7b869
Mars Stealer payload (confidence level: 95%)
hash5937f4afeb659fc93819ccfd6be8606c99516480
DCRat payload (confidence level: 95%)
hash0f209cb2bc8f4817c0992f50aa2131c257b203709e6b3b436a8d02f424c39036
DCRat payload (confidence level: 95%)
hash66f19eef920db73f28b651a7c34208a7
DCRat payload (confidence level: 95%)
hash68b4ab6a88385348fb1808286ac3586c15ef73ef
DCRat payload (confidence level: 95%)
hash294003b3626890da222c7aeb34f7ac71cec614026c686fd88df269cc175a0e8c
DCRat payload (confidence level: 95%)
hash392fcfb7445ce64079d2de971877520e
DCRat payload (confidence level: 95%)
hashfb153921a2a82b46022745c37595347b6f6065e3
DCRat payload (confidence level: 95%)
hashfad9c2f147e0559c2f483f0643c01a0120710b07b15e9c9773d6eab00f15e289
DCRat payload (confidence level: 95%)
hash2c03dd0e127867ade0480bf34520df59
DCRat payload (confidence level: 95%)
hashf2688c3f49fec062e9ad7a2dec3571cd668aa879
Remcos payload (confidence level: 95%)
hash895417f8fd168a02d71365994d4e4500cdbf31af01be6ce8998fc38a342cac2e
Remcos payload (confidence level: 95%)
hash91dd6ee8e62b032c8264b3b55e69eddb
Remcos payload (confidence level: 95%)
hash7ae9c93f0c69bc86cd7d1abcf34340667a2d791c
Remcos payload (confidence level: 95%)
hash2e6db642fad3918398b520cf655d6ca7fc040bd177e30a30bd7f549adb4e48c0
Remcos payload (confidence level: 95%)
hash5ba3af74071e58c1f18c22ac35c6cbb7
Remcos payload (confidence level: 95%)
hashf520c1ee04094f60d01539828944d4b2dbed86ae
Remcos payload (confidence level: 95%)
hashebf07e4c648bebfec66ac5c4e95b7341d9ccaa4fafa7b086ce5e42c6b6c92364
Remcos payload (confidence level: 95%)
hashb2cbf968f1a211f8c606807dfa721950
Remcos payload (confidence level: 95%)
hash9f3b3c5c600416806ca99050f0fe8428e0215720
Remcos payload (confidence level: 95%)
hash94338a235c9207ba31032496ba04d39ae887a3155c15d57347307df2dfa16242
Remcos payload (confidence level: 95%)
hashf4aedd9c8b06bf6f30404ae4c5de18c0
Remcos payload (confidence level: 95%)
hash1f68020795a419c8c0b46ef4a74d0e375783c81d
Remcos payload (confidence level: 95%)
hash5a1f12b580396d4c4053edbaaa6165f560c04d65824000b622bf5b1183ba65f0
Remcos payload (confidence level: 95%)
hash65f73a1eda1fd44232d6e8ee36c27e30
Remcos payload (confidence level: 95%)
hash26133c4416d55db05059bf81d5d74db024c184a9
Stealc payload (confidence level: 95%)
hashdbf55dd5c00f37ec49e1b661228adcc0a286b3eabb35d2f85fc34d82076107f6
Stealc payload (confidence level: 95%)
hash89f3026dea32a83cc17b59f7590d9467
Stealc payload (confidence level: 95%)
hashf4e131fb802281cbe7b70f3f8b25d9d8410e0379
RedLine Stealer payload (confidence level: 95%)
hashfc1e9a1378fdb34e8c938554eaa897134232b07e9401e60f0667dc119c3c2ed3
RedLine Stealer payload (confidence level: 95%)
hash58c6ec5a74a80def1f37f7956da11a26
RedLine Stealer payload (confidence level: 95%)
hash46357d747dc6020ce8b4b8119e015b9dfefdeb4e
Stealc payload (confidence level: 95%)
hashd806c7e9f4a145593b209dac56b31058a10f4f1d3a9d825a954ef1a182716b28
Stealc payload (confidence level: 95%)
hash19a0699324a13b72885d9173e232d256
Stealc payload (confidence level: 95%)
hash27337907aa2d151ca7f8588ee9b6892e53585bb0
RokRAT payload (confidence level: 95%)
hash15b7a9a420c80d9e2609f3933a23b233ddb6b3a0a6d0f28a92a20d2016f36cd7
RokRAT payload (confidence level: 95%)
hash2b6f6836db46f93418fadfdb93672fe5
RokRAT payload (confidence level: 95%)
hash5f2482231a30ccbb63ab5812aee9949e7cfe5b84
RedLine Stealer payload (confidence level: 95%)
hash743c48a643d48ec97873c45298b5e1a7133fe8471d73d367f10c68f362cc3afa
RedLine Stealer payload (confidence level: 95%)
hash36e771f9b85e70e37e00dcfb42ee9310
RedLine Stealer payload (confidence level: 95%)
hash05038709ecd74850a5ab6b9e0b9d917f0fddfabf
Mars Stealer payload (confidence level: 95%)
hashf6ad3f81a2498a92af40c1a8a874b47bcbe195556d1f90f394d369e4220e1000
Mars Stealer payload (confidence level: 95%)
hash9e41e4631ef9238898ba873225640fee
Mars Stealer payload (confidence level: 95%)
hashfa206876084178b61238d11b860443acc571b965
Stealc payload (confidence level: 95%)
hasha51f55434ef4466043357f63161a7e4a91194b7a8bcb53d7d6074135446f29ce
Stealc payload (confidence level: 95%)
hash517723763103f23dcd3a692066db6aee
Stealc payload (confidence level: 95%)
hashadc4875af06ccc210f8144efdb1d051ce2df05f9
DCRat payload (confidence level: 95%)
hashcccb59dbcce9a68ffed699333477bba15ef02b19de9e5a345eed09e87440fc28
DCRat payload (confidence level: 95%)
hash153fe198ddf7bf4207de76b3275726f6
DCRat payload (confidence level: 95%)
hashf9ba0b5b57d56314264a088a2f0830635da2a206
Feodo payload (confidence level: 95%)
hash9e9c2fb86b9215aabb51108105b5c5a553f9c2d4904f8f03c4a8b7ff3602c989
Feodo payload (confidence level: 95%)
hash459061967c92b83083c24ed4963e7a18
Feodo payload (confidence level: 95%)
hash2c0f8074c7f1d2124e35b9312911fd644f0b4249
DCRat payload (confidence level: 95%)
hashf7d6ace1d14be5e48b704abc0df8bbd3b3928e36c392cf0cf57a155baa0bddfb
DCRat payload (confidence level: 95%)
hash4494d1663352f5b006a2b1cc503f6523
DCRat payload (confidence level: 95%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2222
Cobalt Strike botnet C2 server (confidence level: 100%)
hash55555
DarkComet botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash80
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Stealc botnet C2 server (confidence level: 100%)
hash22354
NjRAT botnet C2 server (confidence level: 75%)
hash443
FastCash botnet C2 server (confidence level: 50%)
hash7777
Remcos botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash7790
AsyncRAT botnet C2 server (confidence level: 100%)
hash808
Kaiji botnet C2 server (confidence level: 100%)
hash8123
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1111
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash9898
Remcos botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash9090
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash4444
Quasar RAT botnet C2 server (confidence level: 100%)
hash80
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash80
Havoc botnet C2 server (confidence level: 100%)
hash1605
Venom RAT botnet C2 server (confidence level: 100%)
hash80
AMOS botnet C2 server (confidence level: 100%)
hash7766
RedLine Stealer botnet C2 server (confidence level: 100%)
hash7766
RedLine Stealer botnet C2 server (confidence level: 100%)
hash8383
RedLine Stealer botnet C2 server (confidence level: 100%)
hash4443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash31337
Sliver botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash3000
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash8082
Hook botnet C2 server (confidence level: 100%)
hash8085
Havoc botnet C2 server (confidence level: 100%)
hash3001
ERMAC botnet C2 server (confidence level: 100%)
hash80
Meduza Stealer botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3000
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash6666
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash4483
RedLine Stealer botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash5002
Venom RAT botnet C2 server (confidence level: 100%)
hash5001
Venom RAT botnet C2 server (confidence level: 100%)
hash9999
DCRat botnet C2 server (confidence level: 100%)
hash1911
RedLine Stealer botnet C2 server (confidence level: 100%)
hash80
ERMAC botnet C2 server (confidence level: 100%)
hash80
ERMAC botnet C2 server (confidence level: 100%)
hash80
Stealc botnet C2 server (confidence level: 100%)
hash20001
BianLian botnet C2 server (confidence level: 100%)
hash20002
BianLian botnet C2 server (confidence level: 100%)
hash17788
Meterpreter botnet C2 server (confidence level: 100%)

Domain

ValueDescriptionCopy
domainnova-screen-webview.com
Nova Stealer botnet C2 domain (confidence level: 100%)
domainhellokittymeowmeow.xyz
Unknown malware botnet C2 domain (confidence level: 100%)
domainapi.hellokittymeowmeow.xyz
Unknown malware botnet C2 domain (confidence level: 100%)
domainzealous-pine-98499.pktriot.net
NjRAT botnet C2 domain (confidence level: 75%)
domaineloquentcs.com
Loki Password Stealer (PWS) botnet C2 domain (confidence level: 75%)
domainajsdiaolke.shop
ClearFake payload delivery domain (confidence level: 100%)
domaincaffegclasiqwp.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaintraineiwnqo.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainmillyscroqwp.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaindeadlywarfare.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainip235.ip-192-95-20.net
Unknown malware botnet C2 domain (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttp://39.65.243.230:43209/mozi.m
Mozi payload delivery URL (confidence level: 50%)
urlhttp://572335cm.n9sh.top/cpuserverasyncuniversal.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://ntkdnj.oy4wvawf.pro:80/functionalstatus/spssrjtsgp21e9h7ytlyk9p87tixirl61fmtj5a
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttps://reagoofydwqioo.shop/api
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://671893cm.n9shka.top/eternalpipelowprocessdbdatalifewppubliccdn.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://calcuatllitwop.shop/api
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://largerryskwhq.shop/api
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://182.117.41.106:42748/mozi.m
Mozi payload delivery URL (confidence level: 50%)

Threat ID: 68367c9a182aa0cae23254a1

Added to database: 5/28/2025, 3:01:46 AM

Last enriched: 6/27/2025, 10:21:22 AM

Last updated: 8/17/2025, 10:06:53 PM

Views: 9

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats