Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

ThreatFox IOCs for 2024-09-16

Medium
Malwaretype:osinttlp:white
Published: Mon Sep 16 2024 (09/16/2024, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2024-09-16

AI-Powered Analysis

AILast updated: 06/18/2025, 09:06:26 UTC

Technical Analysis

The provided information pertains to a malware-related threat identified as "ThreatFox IOCs for 2024-09-16," categorized primarily under OSINT (Open Source Intelligence), network activity, and payload delivery. The threat is sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The technical details indicate a moderate threat level (2 on an unspecified scale), with limited analysis (level 1) and a higher distribution rating (level 3), suggesting that while the threat is moderately severe, it has a relatively broad distribution or potential reach. No specific affected versions or products are listed, and there are no known exploits in the wild or available patches, which implies that this threat may be emerging or primarily used for reconnaissance and information gathering rather than active exploitation. The absence of CWEs (Common Weakness Enumerations) and detailed technical indicators limits the ability to pinpoint exact attack vectors or malware behavior. The classification under OSINT and network activity suggests that the threat involves the collection or use of publicly available information to facilitate payload delivery, potentially as part of a larger attack chain. The TLP (Traffic Light Protocol) designation of white indicates that the information is intended for unrestricted sharing, which is typical for OSINT-related data. Overall, this threat appears to be an intelligence-gathering or reconnaissance malware with moderate distribution potential but limited immediate impact or exploitation evidence.

Potential Impact

For European organizations, the primary impact of this threat lies in its potential to facilitate targeted attacks through the collection and analysis of open-source intelligence, which can be used to tailor subsequent payload delivery or network intrusion attempts. While no direct exploitation or active malware payloads are confirmed, the threat's capability to gather sensitive information can undermine confidentiality and enable more sophisticated attacks such as spear-phishing, credential theft, or lateral movement within networks. Organizations in sectors with high exposure to OSINT-based reconnaissance—such as government, defense, critical infrastructure, and large enterprises—may face increased risk of targeted follow-on attacks. The lack of known exploits and patches suggests that immediate operational disruption or data integrity compromise is unlikely; however, the threat can serve as a precursor to more damaging intrusions if not detected and mitigated early. The network activity component also raises concerns about potential covert communication channels or data exfiltration attempts that could impact availability if leveraged in denial-of-service or resource exhaustion attacks.

Mitigation Recommendations

Given the OSINT and network activity nature of this threat, European organizations should implement enhanced monitoring of network traffic for unusual patterns indicative of reconnaissance or payload delivery attempts. Specific recommendations include: 1) Deploy and tune network intrusion detection/prevention systems (IDS/IPS) to identify and block known or suspicious payload delivery mechanisms, even in the absence of specific IOCs. 2) Conduct regular threat hunting exercises focusing on anomalous outbound connections that may indicate data exfiltration or command-and-control communication. 3) Harden external-facing assets by minimizing publicly exposed information that could be leveraged by OSINT tools, including reviewing and restricting metadata and sensitive details in public documents and websites. 4) Implement strict segmentation and access controls to limit lateral movement if initial reconnaissance leads to intrusion. 5) Educate staff on the risks of social engineering attacks that may be facilitated by OSINT-derived intelligence. 6) Maintain up-to-date threat intelligence feeds and integrate them into security operations to quickly identify emerging indicators related to this threat. 7) Since no patches are available, focus on detection and response capabilities rather than remediation through software updates.

Affected Countries

GermanyGermany
FranceFrance
United KingdomUnited Kingdom
ItalyItaly
NetherlandsNetherlands
BelgiumBelgium
SpainSpain
PolandPoland
SwedenSweden
FinlandFinland
Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
fda5f360-6a54-415f-b954-bca7c86138b0
Original Timestamp
1726531386

Indicators of Compromise

File

ValueDescriptionCopy
file198.44.173.90
Cobalt Strike botnet C2 server (confidence level: 100%)
file175.178.13.109
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.142.146.11
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.129.178.60
Remcos botnet C2 server (confidence level: 100%)
file141.95.84.40
Remcos botnet C2 server (confidence level: 100%)
file121.199.28.252
Cobalt Strike botnet C2 server (confidence level: 100%)
file5.161.231.57
Venom RAT botnet C2 server (confidence level: 100%)
file109.199.108.1
Crimson RAT botnet C2 server (confidence level: 100%)
file185.229.9.27
BianLian botnet C2 server (confidence level: 100%)
file147.185.221.18
NjRAT botnet C2 server (confidence level: 100%)
file159.69.100.83
Vidar botnet C2 server (confidence level: 100%)
file119.91.95.88
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.236.42.74
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.72.57.35
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.202.35.104
Hook botnet C2 server (confidence level: 100%)
file141.11.95.183
Quasar RAT botnet C2 server (confidence level: 100%)
file193.161.193.99
Quasar RAT botnet C2 server (confidence level: 100%)
file92.60.77.97
Havoc botnet C2 server (confidence level: 100%)
file149.248.79.215
Nimplant botnet C2 server (confidence level: 100%)
file89.197.154.116
Meterpreter botnet C2 server (confidence level: 100%)
file112.44.197.77
Cobalt Strike botnet C2 server (confidence level: 100%)
file83.229.124.173
Cobalt Strike botnet C2 server (confidence level: 100%)
file149.28.28.9
ShadowPad botnet C2 server (confidence level: 90%)
file62.157.233.146
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file204.10.160.212
RedLine Stealer botnet C2 server (confidence level: 100%)
file154.216.17.155
XenoRAT botnet C2 server (confidence level: 100%)
file185.10.18.183
Cobalt Strike botnet C2 server (confidence level: 100%)
file142.171.214.90
Cobalt Strike botnet C2 server (confidence level: 100%)
file88.119.175.153
AsyncRAT botnet C2 server (confidence level: 75%)
file88.119.175.153
AsyncRAT botnet C2 server (confidence level: 75%)
file88.119.175.153
AsyncRAT botnet C2 server (confidence level: 75%)
file45.66.231.103
Nanocore RAT botnet C2 server (confidence level: 75%)
file176.97.64.184
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.137.147.254
Cobalt Strike botnet C2 server (confidence level: 100%)
file122.51.17.194
Cobalt Strike botnet C2 server (confidence level: 100%)
file67.203.7.162
Remcos botnet C2 server (confidence level: 100%)
file91.92.240.228
Remcos botnet C2 server (confidence level: 100%)
file167.172.42.118
Unknown malware botnet C2 server (confidence level: 100%)
file46.246.80.17
DCRat botnet C2 server (confidence level: 100%)
file188.126.90.5
DCRat botnet C2 server (confidence level: 100%)
file85.209.11.174
Stealc botnet C2 server (confidence level: 100%)
file45.12.254.21
Cobalt Strike botnet C2 server (confidence level: 100%)
file157.245.59.80
Cobalt Strike botnet C2 server (confidence level: 100%)
file213.109.202.146
Cobalt Strike botnet C2 server (confidence level: 100%)
file46.246.84.4
Remcos botnet C2 server (confidence level: 100%)
file128.90.123.30
AsyncRAT botnet C2 server (confidence level: 100%)
file89.117.23.22
AsyncRAT botnet C2 server (confidence level: 100%)
file91.92.248.34
Hook botnet C2 server (confidence level: 100%)
file23.251.33.77
Hook botnet C2 server (confidence level: 100%)
file47.99.65.37
Quasar RAT botnet C2 server (confidence level: 100%)
file89.22.234.92
Havoc botnet C2 server (confidence level: 100%)
file45.66.231.150
Venom RAT botnet C2 server (confidence level: 100%)
file103.130.213.224
MooBot botnet C2 server (confidence level: 100%)
file77.105.135.85
RedLine Stealer botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash61900
Cobalt Strike botnet C2 server (confidence level: 100%)
hash6122
Remcos botnet C2 server (confidence level: 100%)
hash37
Remcos botnet C2 server (confidence level: 100%)
hash15241
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash21886
Crimson RAT botnet C2 server (confidence level: 100%)
hash443
BianLian botnet C2 server (confidence level: 100%)
hash61276
NjRAT botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash1606
Quasar RAT botnet C2 server (confidence level: 100%)
hash34101
Quasar RAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash80
Nimplant botnet C2 server (confidence level: 100%)
hash7810
Meterpreter botnet C2 server (confidence level: 100%)
hash30440
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
ShadowPad botnet C2 server (confidence level: 90%)
hash5555
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash28798
RedLine Stealer botnet C2 server (confidence level: 100%)
hash1358
XenoRAT botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 75%)
hash7707
AsyncRAT botnet C2 server (confidence level: 75%)
hash8808
AsyncRAT botnet C2 server (confidence level: 75%)
hash7754
Nanocore RAT botnet C2 server (confidence level: 75%)
hash7777
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash4040
DCRat botnet C2 server (confidence level: 100%)
hash5000
DCRat botnet C2 server (confidence level: 100%)
hash80
Stealc botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9090
Remcos botnet C2 server (confidence level: 100%)
hash9999
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash8082
Hook botnet C2 server (confidence level: 100%)
hash8043
Quasar RAT botnet C2 server (confidence level: 100%)
hash8443
Havoc botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash47823
RedLine Stealer botnet C2 server (confidence level: 100%)
hash07d889db87532544414f9fc089ac19f2921bfb18
RedLine Stealer payload (confidence level: 95%)
hash1a088af9cd8038f62470f2a8a3436db8b384a1b27d29acee352faf5efcc191b9
RedLine Stealer payload (confidence level: 95%)
hash7b941f7d216075afc69f94af5f9564ed
RedLine Stealer payload (confidence level: 95%)
hash6a2e81c26a76a4397fcbb2444428d61fe6f6c6e4
Vidar payload (confidence level: 95%)
hash5ddb5598f1156d0ea44502cfbe89fdb6805c6b4be08cd33fd1a963b94544918e
Vidar payload (confidence level: 95%)
hash65ac3fe80ceced1ad72a4ab03dfd14f2
Vidar payload (confidence level: 95%)
hasha6dd703797a20166df01471163f77cd92aaa0613
Mars Stealer payload (confidence level: 95%)
hashc7c2fda0027361d7d5544a311da9e36058b845bb4e78c988d533be42edf02138
Mars Stealer payload (confidence level: 95%)
hash6b3a661f028fcc8fdc9b04f4916b4324
Mars Stealer payload (confidence level: 95%)
hash39d5988591cc576efe40b96b043e0377432154c1
Socks5 Systemz payload (confidence level: 95%)
hashea37f59c460310e9cd54556d686ae35a60010fe7ce85d73b313adcfe7c466cc8
Socks5 Systemz payload (confidence level: 95%)
hash02648833cff924a6af0cd9b11ee1ac79
Socks5 Systemz payload (confidence level: 95%)
hash04af1e6bbbb694c39c206e59506a41a9896d6b7b
Sliver payload (confidence level: 95%)
hash6f78ea9e8979708d7fd0f449777aa8d2bc334fef17b94b2a03b16e68ae6e3a26
Sliver payload (confidence level: 95%)
hash281d706e2b25ea67735d3e59855076ba
Sliver payload (confidence level: 95%)
hash384195098214bdf47139c05316c539961de8d563
AsyncRAT payload (confidence level: 95%)
hashee797b840b20434c5b95ccba9c6987d5be1b445b74ecc629665d36fbf08b212e
AsyncRAT payload (confidence level: 95%)
hash73ec6d494460f8ab057e034d75c1267e
AsyncRAT payload (confidence level: 95%)
hash2c6049aea2eb3e257f7e8e08424d6767dc4b51ea
Cobalt Strike payload (confidence level: 95%)
hash8b3f9e03355126225924ed8112b7916e0dddc260dee74c4fb72b02f6ea76bb58
Cobalt Strike payload (confidence level: 95%)
hash567381ee89c758794e9c619262885899
Cobalt Strike payload (confidence level: 95%)
hashea8a7e28b49c9d2073725463220e09bfcfaac872
Vidar payload (confidence level: 95%)
hashc67c9fdc96742ea8ed38f21193d31eaad94ddc43bb7fb0f3ef88d17d102008b0
Vidar payload (confidence level: 95%)
hashedc11cbcd01efa9a0e3a79f841ec39ed
Vidar payload (confidence level: 95%)
hash1a5bd38da38058f8ebedf58588404a30a219cfc4
Mars Stealer payload (confidence level: 95%)
hash2bac0508680cb0cdf61b10a529c4a97dfc0562fe85b740abfef0ee2ff97a9fc2
Mars Stealer payload (confidence level: 95%)
hashd9a0d0bd3606832f828062ed0e67f6a1
Mars Stealer payload (confidence level: 95%)
hasha1669d33a5b53f9c501c01ec2bc7e155a6964a38
Agent Tesla payload (confidence level: 95%)
hash696a1a956d00c895f0716efdec49515d65deae2edd12cad87c13c29f31fbd360
Agent Tesla payload (confidence level: 95%)
hashe0d57a92476711a3438a44fa205e1720
Agent Tesla payload (confidence level: 95%)
hash79c230385060a3c4cc5d7723746108690eaad77d
Loki Password Stealer (PWS) payload (confidence level: 95%)
hash1eb1ecc1ff01e9f4934a79daa57db69c96f975b90d649429417c560c1d36bab1
Loki Password Stealer (PWS) payload (confidence level: 95%)
hash0eebf2973fe171b460162f942300a434
Loki Password Stealer (PWS) payload (confidence level: 95%)
hash6e724342395a34ddde7f97042808ab9c9f4a23d2
Mars Stealer payload (confidence level: 95%)
hashb5858838add411f77ea240aa078458b744e3d95597ab2e436ccfb43ed4604cbe
Mars Stealer payload (confidence level: 95%)
hashf1e8bc7285deedad371203681fea9bd1
Mars Stealer payload (confidence level: 95%)
hash252c90496e1d30c85af718df02053f2bf876b5fa
Agent Tesla payload (confidence level: 95%)
hash2f871dc858b7320d26415f760957201d60691eee8d3939eb2e443a2ee8bad3ef
Agent Tesla payload (confidence level: 95%)
hashfcbeee4d98c0149d7a4d77544584a4b1
Agent Tesla payload (confidence level: 95%)
hashb877433d0992385bc5fd8dc10db6982c6a97499f
PrivateLoader payload (confidence level: 95%)
hashc2f99e83841e2f7e1fb0db047e5439fbe10a8d4b991a20e17a25686ea330f012
PrivateLoader payload (confidence level: 95%)
hash51382bcf878d6c578ddee380fa6747f8
PrivateLoader payload (confidence level: 95%)
hash141478ef2b8aa54c1b14a54c8c194a3bfeef67a4
Stealc payload (confidence level: 95%)
hash56653d71f83b1263af7291639aa6e6ca4d2052320e4e401116d6115199100463
Stealc payload (confidence level: 95%)
hash8905b2eec5c9e841d1a73a232ab12f9e
Stealc payload (confidence level: 95%)
hash642c7dd025dc31d39b26af7a7be53ba617e78bd4
Nanocore RAT payload (confidence level: 95%)
hash6c22578a9080fc7f38d949df46f1bb88f386fd17ad76d78cac31e5b7782a2685
Nanocore RAT payload (confidence level: 95%)
hashd0c54245dc16324c9170c419f2500737
Nanocore RAT payload (confidence level: 95%)
hash48278c926d2e97905a791c018004d07175919d1f
KrakenKeylogger payload (confidence level: 95%)
hash98270fc07f41677127b9490d540aa5c4aa32b78706a2c288e93bbf9d95e5d901
KrakenKeylogger payload (confidence level: 95%)
hashdd4f1c6a119d800280dccc0f7a53ec18
KrakenKeylogger payload (confidence level: 95%)
hash2e8a1ac7e0adc0c54486a1f6728eaf9d23412fa1
Stealc payload (confidence level: 95%)
hash3db9cbca822b45e8eeecf10c9406aafe52608688a2cd24a9128512e1ee3fa13c
Stealc payload (confidence level: 95%)
hash044395c65ea412a8e2b39fddfdca0ce6
Stealc payload (confidence level: 95%)
hash82701715da9268f25137db08b10b7f948f51979a
Formbook payload (confidence level: 95%)
hash132a28671034b037faa51caddce290592b1874e3a34da5c93eaf6a7de5fd86d2
Formbook payload (confidence level: 95%)
hash7e99ec4f1bfbea05db916544697117ab
Formbook payload (confidence level: 95%)
hash46340e2c73465325dfaa08713dd17fb9f0545175
Formbook payload (confidence level: 95%)
hash844f80fb6631e7c9b75d7aba7ff2aac99c24d43ea2778f6436576cc1faa951ea
Formbook payload (confidence level: 95%)
hash1382f6afc614a8983e886176191065b4
Formbook payload (confidence level: 95%)
hash834e56fdbada1ccddd506fc12eb883155b671281
Socks5 Systemz payload (confidence level: 95%)
hashd9ada9e0625b3d794146200935969bbb5f8a6ad3a998b1408617574bcc9e524f
Socks5 Systemz payload (confidence level: 95%)
hash6b0969eed91d044d6c30af82c4fe58f0
Socks5 Systemz payload (confidence level: 95%)
hash3d1bac7342eff07e1f5682e7ad591f0be2eff9d4
Vidar payload (confidence level: 95%)
hash434f2dc20a710077ba861c9a118223c51f04662d6edcb492812c6468e4cede48
Vidar payload (confidence level: 95%)
hash0d2bcf6e8f35ef48b85b997e23fbec5f
Vidar payload (confidence level: 95%)
hashbceaade79890b40a5cc74bd9c25ec50cb45de7d7
Mars Stealer payload (confidence level: 95%)
hash3f9daff50fd608eb15026903bf89ad2aafae0b344f0fd82e9ea82d4071a781d7
Mars Stealer payload (confidence level: 95%)
hashc2959894fc8b6dc3059469fed76e49af
Mars Stealer payload (confidence level: 95%)
hash0957f0570c7e2f9d38e78664282762fc43964e0d
Vidar payload (confidence level: 95%)
hash56453e3c7fe50caac1128195b65d335e3c387c6ba251143f5c3419e6512d3b66
Vidar payload (confidence level: 95%)
hash0d02e72a7fe2f6b2a120782b8a64c0a2
Vidar payload (confidence level: 95%)
hash1ec1891c37d87fc565d93557a6b4d08da151badb
Vidar payload (confidence level: 95%)
hashe4c2d3c019cf5161619d1f6ef5a76d7fb68f0cc9d4b0d004653e38bff42edf19
Vidar payload (confidence level: 95%)
hash5c984dd83c65ae6b6f2d93a60ae40bfd
Vidar payload (confidence level: 95%)
hasha9dba1169743ce98aaf3274ee9f326d6653daccc
Stealc payload (confidence level: 95%)
hashb9673575887a25b4a4c64327361e4054c188b15f2fb07518ab9cfc987c6aa9fc
Stealc payload (confidence level: 95%)
hash0a5fe33186f309bfe062d32af0bb1127
Stealc payload (confidence level: 95%)
hash1cb8ecc17deb4fe003c72e99029faec2d57313ab
Formbook payload (confidence level: 95%)
hashfb4e1cd3c6776ad26213bbb64a2b6952316fa7ff476c80ac47ce123073860704
Formbook payload (confidence level: 95%)
hashfecb0dbaee8535511cc2ffd3dad076fc
Formbook payload (confidence level: 95%)
hash09fb7dfdebf14c7dc717bcae13fd783b5990b125
Agent Tesla payload (confidence level: 95%)
hash224acdb9d88561b1cde77dc3faaa8779092ff77036b776adb490b46c6f423b4f
Agent Tesla payload (confidence level: 95%)
hash444b2ed4ceead125eeb3ba5f76119972
Agent Tesla payload (confidence level: 95%)
hashdadf075fdc48d59398c97e3e9a83fcb45a75e02a
RokRAT payload (confidence level: 95%)
hash1c19018dec9dbe68fc48099c662be25062e7a43e6658bf396c6cc8fb2f6d21af
RokRAT payload (confidence level: 95%)
hash3688756f43ff292c6431c90f7928dec6
RokRAT payload (confidence level: 95%)
hashbd68085cdde5c022a04cd0b847c251cedbcfb803
Formbook payload (confidence level: 95%)
hashbbb5fe2263561f00e3a76d332fb123b752f89b8698dd618048951a5572b29939
Formbook payload (confidence level: 95%)
hashcbd29c7c9b1433ad6f61507f3199cecf
Formbook payload (confidence level: 95%)
hashb23e75b94b84b31edaa0793b1228c444254effa2
Formbook payload (confidence level: 95%)
hashaf4f28ed9e5d8205220c60f42668e6576233f54885c63fcaf43c2315328f45f1
Formbook payload (confidence level: 95%)
hash312f45637432b1efec858ed32bdef462
Formbook payload (confidence level: 95%)
hashd6571de0753e73907a8467ee23ca8e349794be2d
RedLine Stealer payload (confidence level: 95%)
hash5cba91d402d617686ac0520d932273d36145c787de8a2701107ad09a1611af18
RedLine Stealer payload (confidence level: 95%)
hash7afe13cb0b2c04250f7abf8d6a802977
RedLine Stealer payload (confidence level: 95%)
hashded622b6250c878aa7426a09ad24acbc771d0c93
RedLine Stealer payload (confidence level: 95%)
hashadb48e837c64225368f526117c0c8012793b6df23b37daee4eef688a9a84531e
RedLine Stealer payload (confidence level: 95%)
hashd31601ca43856ceb25d0a34bf0e64086
RedLine Stealer payload (confidence level: 95%)
hashaffc54728fe657ee7c1be15d8d3b502f7d17d28c
Stealc payload (confidence level: 95%)
hash8075620c17e17a2b207561a491e1cb873b5fa86fe2df1b4130a3f0afb05a67ab
Stealc payload (confidence level: 95%)
hash8bc68fd89fc539a6f195fb11cafff7dd
Stealc payload (confidence level: 95%)
hashb118fc0a049a79e08a2df407ceb0de2871fe0c2e
Formbook payload (confidence level: 95%)
hash15ff4bad6e829e4c628dd982b57687b73b514f2c42d3d08923b7d66bf2f78e80
Formbook payload (confidence level: 95%)
hashd930bdc12b0d6c17c9004c0dac1d1f5b
Formbook payload (confidence level: 95%)
hash60c22cad04e3644f4ab189c704eca040e5830714
KrakenKeylogger payload (confidence level: 95%)
hash50afbb5786348b105169f2f43ee06df61786016e93b88b4eb417b86c86d12ab4
KrakenKeylogger payload (confidence level: 95%)
hashc47a7e7c427e21daf50c887ec6fbf198
KrakenKeylogger payload (confidence level: 95%)
hashd9993371feabfdb0373e41a87bb96da7bfd38aab
Formbook payload (confidence level: 95%)
hash09edebd23b683ff9f0d12e599191cf5858761e35f65c3002d3b4518f75929b8d
Formbook payload (confidence level: 95%)
hash55b7ca1f4de005212784ef17a56e0821
Formbook payload (confidence level: 95%)
hash572524da19348cd202b7f2304b4326deada51e34
DDKeylogger payload (confidence level: 95%)
hash75026903440f9c71297846a8e232f4b4b281cd7db2f60567e6a039ccdb65a08b
DDKeylogger payload (confidence level: 95%)
hash47dae21810f09fccd6b0277670afa589
DDKeylogger payload (confidence level: 95%)
hashe1d94a2f32700d2241a47e2e85d7022312c5aaee
Agent Tesla payload (confidence level: 95%)
hashb022a18a5fb9dee80dee6dd38efea10871455da10d8154fbba8b069c9965ef4b
Agent Tesla payload (confidence level: 95%)
hashb164dfd51cba1133766fb4e7266d91c3
Agent Tesla payload (confidence level: 95%)
hash9d4a15fa76819d3e0e9805bf12de5446d23d5f87
Cobalt Strike payload (confidence level: 95%)
hash47adb1ae9ffe0dc2dfe1cb8463952fdd60b1178512271b79a50bc86e4f999c4b
Cobalt Strike payload (confidence level: 95%)
hash96642d59d4a6af8ffc428761fd89faa8
Cobalt Strike payload (confidence level: 95%)
hasha3712c6d8a8c9c276f9548104c30a0d93846683e
Cobalt Strike payload (confidence level: 95%)
hash007f15fb78cc210767621e11018fd28994260d38b7f73d26b3abeae6cb73f896
Cobalt Strike payload (confidence level: 95%)
hash5fc3ea82f3f90af543b2a26235463e3a
Cobalt Strike payload (confidence level: 95%)
hash795b3a9d225307e7662f3b4073ee830b661e5154
Luca Stealer payload (confidence level: 95%)
hashbb870923c6ac61383177d3bb41726ea290a29a4a762fd681dec3d4f6cc19ed93
Luca Stealer payload (confidence level: 95%)
hash3875e3d17a0d70ec7fcaeddc071c3952
Luca Stealer payload (confidence level: 95%)
hashbcef79da67710f2691a2f9f1d63815aa58fb8707
NetSupportManager RAT payload (confidence level: 95%)
hash6ec2acc681da0597eeb30a40a34d5d1054152b18eb1e77e9c02a4dc77c030985
NetSupportManager RAT payload (confidence level: 95%)
hash2f0cbfa0f285df217fac1faad59fa80f
NetSupportManager RAT payload (confidence level: 95%)
hash8f1003d9bd8194b486634df3bbe6dbd64b923e9f
Vidar payload (confidence level: 95%)
hasha1d7a27d0db33680df06c7b7ac1a58ba17c18843af52782f57ec7f94bb023a75
Vidar payload (confidence level: 95%)
hash3817c947e0d26bde329f7481b6d76709
Vidar payload (confidence level: 95%)
hash5ac3eb8cce76ada7f394526b9957416905c5e0b8
Cobalt Strike payload (confidence level: 95%)
hash9881f416f578c0e68d1bd1465811a46be30fb45a8191ba82d6d9e0a1d5dc839c
Cobalt Strike payload (confidence level: 95%)
hashb19ec1d7a82986dbeab3f166a946eee9
Cobalt Strike payload (confidence level: 95%)
hashf1da07d11332465fbf5c456660d756350dbff889
Luca Stealer payload (confidence level: 95%)
hash7bf0a7a8bf646c29d39ad64c36b6baae45572cee1ef7695bff3923aa3726705c
Luca Stealer payload (confidence level: 95%)
hash23f66b62580e25c71d847802432019f5
Luca Stealer payload (confidence level: 95%)
hash0e4941e5e4299d04b9408194542c7362bcabcd2f
Vidar payload (confidence level: 95%)
hashbe442a04bc031b4dc72835efeeeb025e9a103c8012382173965fba30bd3a96b9
Vidar payload (confidence level: 95%)
hashac7314c596e766b8f4f368579e2e0f8f
Vidar payload (confidence level: 95%)
hash73707a6facef7e1750fb6d47f3aa840558b17a30
Mars Stealer payload (confidence level: 95%)
hash32d0ae27d9ae49a224785cd08bae82b0ec4e944145cb2f106873f70fc2908fe7
Mars Stealer payload (confidence level: 95%)
hashb1394501c618f78b74c3ca0c2d81a33b
Mars Stealer payload (confidence level: 95%)
hashf30e50655abeb2509fa313fdef291afddc9d8218
RedLine Stealer payload (confidence level: 95%)
hash36befc5f19af22b3b731c573b8244d7e70a594730789351b3470dcfcaf9a7e71
RedLine Stealer payload (confidence level: 95%)
hashd3d2aafaf86262baa7528e397f1ce761
RedLine Stealer payload (confidence level: 95%)
hash26be0e107ee83ed8cf3e04fcd0937e0be5228ea1
SigLoader payload (confidence level: 95%)
hashb0b62e7ff94d68b2352f690236d7d8dc8d40113b2a18102f1e6a9492fd6bf2e7
SigLoader payload (confidence level: 95%)
hash5993ff93b68cf1f66f13d073ef61eaa6
SigLoader payload (confidence level: 95%)
hash5161cc329e2fdda24218898bf637bb47a29daea2
XWorm payload (confidence level: 95%)
hash130b8c87664cf95a9fee611a0c14098a4da51f6b768260ad40a7d28ff895aaf0
XWorm payload (confidence level: 95%)
hash7afabb528ce69e3a40dec6c3253ef854
XWorm payload (confidence level: 95%)
hash9cc9183479bba4738319df432708485d5e4a18d2
Vidar payload (confidence level: 95%)
hash393fdc548e466ad14530d328eae10582ee3397539b118bd37040f2489d14d004
Vidar payload (confidence level: 95%)
hashbfb262695846160319eff924751694cb
Vidar payload (confidence level: 95%)
hash9860f7310436e129d0e667254f40a6108b872d11
DCRat payload (confidence level: 95%)
hashe412cff14b15f8734935b193a36c5a4d72957c2976899b8ffeb27cd0f68b6146
DCRat payload (confidence level: 95%)
hash2949263d0b572599e62a19e9e13339b7
DCRat payload (confidence level: 95%)
hash2a05766b09b4b28cd4a1facf20c211075eae636c
RedLine Stealer payload (confidence level: 95%)
hashccd618556eeb84dc0835e09b6e64560f46ad3b36709644916de265f1da3e1d6a
RedLine Stealer payload (confidence level: 95%)
hashfef7cb7c3bd0e8204e3e7fecc544e6e6
RedLine Stealer payload (confidence level: 95%)
hash2dd9ced6021c1f1e8f772ead665e70ee4250c238
Remcos payload (confidence level: 95%)
hashc1f36f8ad9a6360ed406ff3e84dd9b9a765e6edea3d9beb7e5c303230001fd13
Remcos payload (confidence level: 95%)
hash32fdfac1be3eeb287976d70b621ba718
Remcos payload (confidence level: 95%)

Domain

ValueDescriptionCopy
domainwww.hdobussl.ethergases.app
Hook botnet C2 domain (confidence level: 100%)
domainwwwwwwstaging.ethergases.app
Hook botnet C2 domain (confidence level: 100%)
domainwww.backend.ethergases.app
Hook botnet C2 domain (confidence level: 100%)
domainwww.m.ethergases.app
Hook botnet C2 domain (confidence level: 100%)
domainklkizwp.ethergases.app
Hook botnet C2 domain (confidence level: 100%)
domainwww.analytic.ethergases.app
Hook botnet C2 domain (confidence level: 100%)
domainwww1.ethergases.app
Hook botnet C2 domain (confidence level: 100%)
domainxn--premit-0eb.xyz
Hook botnet C2 domain (confidence level: 100%)
domaintasuju.xyz
XehookStealer botnet C2 domain (confidence level: 100%)
domaincdnhou.bbbdfsdfsfffdddd.top
ERMAC botnet C2 domain (confidence level: 100%)
domaintherapy.emergencepsychservices.com
FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainsmolcatkgi.shop
ClearFake payload delivery domain (confidence level: 100%)
domainlolimpissed.xyz
Nova Stealer botnet C2 domain (confidence level: 100%)
domainimap.dateupdata.com
GhostEmperor botnet C2 domain (confidence level: 49%)
domainwhizability.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainwww.dashboards.ethergases.org
Hook botnet C2 domain (confidence level: 100%)
domainrds1.pythr.net
Hook botnet C2 domain (confidence level: 100%)
domainwww.gatewaycitrix.pythr.net
Hook botnet C2 domain (confidence level: 100%)
domainwww.wwwwwwclientesvpn.pythr.net
Hook botnet C2 domain (confidence level: 100%)
domainsuperset.pythr.net
Hook botnet C2 domain (confidence level: 100%)
domainwww.ethergases.app
Hook botnet C2 domain (confidence level: 100%)
domainwww.wwwwww.ethergases.org
Hook botnet C2 domain (confidence level: 100%)
domainsuperset.ethergases.org
Hook botnet C2 domain (confidence level: 100%)
domainmetrics.ethergases.org
Hook botnet C2 domain (confidence level: 100%)
domainwww.publicsecure.pythr.net
Hook botnet C2 domain (confidence level: 100%)
domainwwwwww2024.ethergases.org
Hook botnet C2 domain (confidence level: 100%)
domainwww.wwwapps.pythr.net
Hook botnet C2 domain (confidence level: 100%)
domainwwwbackend.ethergases.app
Hook botnet C2 domain (confidence level: 100%)
domainsecure.ethergases.org
Hook botnet C2 domain (confidence level: 100%)
domainsecure.ethergases.app
Hook botnet C2 domain (confidence level: 100%)
domainwww.wwwwwwapp.ethergases.org
Hook botnet C2 domain (confidence level: 100%)
domainlohhnwwwssl.ethergases.app
Hook botnet C2 domain (confidence level: 100%)
domainwww.report.ethergases.app
Hook botnet C2 domain (confidence level: 100%)
domainwww.wwwsupersets.pythr.net
Hook botnet C2 domain (confidence level: 100%)
domainanalytic.pythr.net
Hook botnet C2 domain (confidence level: 100%)
domain2024.ethergases.app
Hook botnet C2 domain (confidence level: 100%)
domainforecast.ethergases.app
Hook botnet C2 domain (confidence level: 100%)
domainlaunchpads-metis.org
Hook botnet C2 domain (confidence level: 100%)
domainwww.wwwbackend.ethergases.app
Hook botnet C2 domain (confidence level: 100%)
domainwww.superset.pythr.net
Hook botnet C2 domain (confidence level: 100%)
domainwww.rds.pythr.net
Hook botnet C2 domain (confidence level: 100%)
domainwww.wwwforum.ethergases.app
Hook botnet C2 domain (confidence level: 100%)
domainwww.supersets.ethergases.app
Hook botnet C2 domain (confidence level: 100%)
domainlekjblabvirtual.pythr.net
Hook botnet C2 domain (confidence level: 100%)
domainlogin.ethergases.app
Hook botnet C2 domain (confidence level: 100%)
domainwww.ebmail.pythr.net
Hook botnet C2 domain (confidence level: 100%)
domainwww.www2024.ethergases.org
Hook botnet C2 domain (confidence level: 100%)
domainhou.fffazzfhggs.top
ERMAC botnet C2 domain (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttp://a1017742.xsph.ru/65bfc527.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://20789cm.darkproducts.ru/l1nc0in.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://159.69.100.83/
Vidar botnet C2 (confidence level: 100%)
urlhttps://murderryewowp.shop/api
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://whizability.com/cdn-vs/original.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://whizability.com/cdn-vs/index.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://whizability.com/cdn-vs/update.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://whizability.com/cdn-vs/data.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://biribizidurdursun310.xyz/ntqzzmi0ytdmmjnl/
Coper botnet C2 (confidence level: 80%)
urlhttps://biribizidurdursun36.xyz/ntqzzmi0ytdmmjnl/
Coper botnet C2 (confidence level: 80%)
urlhttps://3biribizidurdursun36.xyz/ntqzzmi0ytdmmjnl/
Coper botnet C2 (confidence level: 80%)
urlhttps://4biribizidurdursun36.xyz/ntqzzmi0ytdmmjnl/
Coper botnet C2 (confidence level: 80%)
urlhttps://5biribizidurdursun36.xyz/ntqzzmi0ytdmmjnl/
Coper botnet C2 (confidence level: 80%)
urlhttps://5biribizidurdursun361.net/ntqzzmi0ytdmmjnl/
Coper botnet C2 (confidence level: 80%)
urlhttps://5biribizidurdursun536.com/ntqzzmi0ytdmmjnl/
Coper botnet C2 (confidence level: 80%)
urlhttps://46.19.138.93/mmm4njczntuyyjay/
Coper botnet C2 (confidence level: 80%)
urlhttps://primesecgate.com/mmm4njczntuyyjay/
Coper botnet C2 (confidence level: 80%)
urlhttps://1primesecgate.net/mmm4njczntuyyjay/
Coper botnet C2 (confidence level: 80%)
urlhttps://2primesecgate.xyz/mmm4njczntuyyjay/
Coper botnet C2 (confidence level: 80%)
urlhttps://3primesecgate.com/mmm4njczntuyyjay
Coper botnet C2 (confidence level: 80%)
urlhttps://4primesecgate.com/mmm4njczntuyyjay/
Coper botnet C2 (confidence level: 80%)
urlhttp://89.169.53.206/api/crazyfish.php
PrivateLoader botnet C2 (confidence level: 100%)

Threat ID: 682acdc3bbaf20d303f1bc4e

Added to database: 5/19/2025, 6:20:51 AM

Last enriched: 6/18/2025, 9:06:26 AM

Last updated: 7/28/2025, 3:50:22 AM

Views: 7

Related Threats

ThreatFox IOCs for 2025-08-11

Medium
MalwareTue Aug 12 2025

From ClickFix to Command: A Full PowerShell Attack Chain

Medium
MalwareMon Aug 11 2025

North Korean Group ScarCruft Expands From Spying to Ransomware Attacks

Medium
MalwareMon Aug 11 2025

MedusaLocker ransomware group is looking for pentesters

Medium
MalwareMon Aug 11 2025

ThreatFox IOCs for 2025-08-10

Medium
MalwareMon Aug 11 2025

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats