ThreatFox IOCs for 2024-10-10
ThreatFox IOCs for 2024-10-10
AI Analysis
Technical Summary
The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2024-10-10 via the ThreatFox MISP feed, categorized under malware with a focus on OSINT (Open Source Intelligence), network activity, and payload delivery. ThreatFox is a platform that aggregates and shares threat intelligence data, including IOCs related to malware campaigns and network threats. However, the details here are minimal, lacking specific affected software versions, detailed technical indicators, or exploit mechanisms. The threat is tagged as 'medium' severity and classified primarily as OSINT-related, indicating that the data is likely intended for situational awareness and threat hunting rather than describing a novel or actively exploited vulnerability. The absence of known exploits in the wild and no available patches further suggests this is intelligence about observed malicious activity or infrastructure rather than a direct vulnerability or zero-day exploit. The technical details show a moderate threat level (2 out of an unspecified scale), limited analysis (1), and moderate distribution (3), which may imply the threat is somewhat widespread but not highly sophisticated or impactful at this time. Overall, this represents a collection of threat intelligence indicators useful for detection and response but does not describe a specific, exploitable vulnerability or active malware campaign with detailed attack vectors.
Potential Impact
For European organizations, the impact of this threat intelligence is primarily in enhancing detection and response capabilities rather than mitigating an immediate, high-risk exploit. Since no specific affected products or vulnerabilities are identified, the direct risk to confidentiality, integrity, or availability is limited. However, the presence of payload delivery and network activity tags indicates that the underlying threats could facilitate malware infections or network intrusions if corresponding vulnerabilities or misconfigurations exist in organizational environments. European entities with mature security operations centers (SOCs) can leverage these IOCs to improve monitoring and threat hunting, potentially reducing the dwell time of attackers. Organizations lacking robust threat intelligence integration may not benefit as much, potentially increasing exposure to related malware campaigns. The medium severity rating suggests vigilance but not urgent emergency response. The lack of known exploits in the wild reduces immediate risk but does not preclude future exploitation if threat actors adapt these indicators into active campaigns.
Mitigation Recommendations
1. Integrate the provided IOCs from ThreatFox into existing security information and event management (SIEM) and endpoint detection and response (EDR) systems to enhance detection capabilities. 2. Conduct regular threat hunting exercises using these indicators to identify any signs of compromise or related malicious activity within the network. 3. Maintain up-to-date network segmentation and strict access controls to limit the potential impact of payload delivery attempts. 4. Ensure all systems are patched and hardened against known vulnerabilities, even though no specific patches are indicated here, to reduce the attack surface. 5. Educate security teams on the nature of OSINT-based threat intelligence to improve interpretation and operationalization of such data. 6. Collaborate with national and European cybersecurity information sharing organizations to contextualize these IOCs within broader threat trends. 7. Monitor for updates from ThreatFox and other intelligence sources for any escalation or new exploit information related to these indicators.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- url: https://49.13.89.149
- url: https://195.201.118.191
- url: https://steamcommunity.com/profiles/76561199751190313
- url: https://65.108.57.141/
- url: https://195.201.118.191/
- url: https://116.202.179.237/
- url: http://159.69.178.243/
- url: http://168.119.243.238/
- url: http://116.203.6.107/
- file: 54.215.126.153
- hash: 80
- file: 5.95.41.85
- hash: 443
- url: https://dissapoiznw.store
- domain: cfd-regulations.com
- domain: avatrade-supervision.com
- domain: avatrade-global.com
- domain: avatrade-regulation.com
- domain: avatrade-compliance.com
- domain: avatrade-services.com
- url: http://863811cm.nyafka.top/video_requestpacketupdategeneratorpublic.php
- url: http://185.215.113.26/dem7ktu/index.php
- file: 46.8.236.23
- hash: 7443
- url: http://200.6.88.146:37277/mozi.m
- file: 113.45.220.201
- hash: 80
- file: 121.37.128.90
- hash: 80
- file: 124.222.176.39
- hash: 801
- file: 139.159.251.99
- hash: 9104
- file: 1.94.131.204
- hash: 5555
- file: 110.40.137.97
- hash: 80
- file: 94.232.247.97
- hash: 443
- file: 59.110.123.108
- hash: 443
- file: 159.138.153.205
- hash: 2095
- file: 64.188.20.210
- hash: 3800
- file: 45.152.161.204
- hash: 4782
- url: http://62.204.41.176/edd20096ecef326d.php
- file: 91.222.173.140
- hash: 80
- file: 94.156.166.34
- hash: 8083
- domain: heche.top
- domain: sixvr16ht.top
- domain: forkj4ht.top
- file: 3.74.27.83
- hash: 14987
- file: 18.192.31.30
- hash: 14987
- file: 3.71.225.231
- hash: 14987
- file: 3.78.28.71
- hash: 14987
- file: 67.220.95.213
- hash: 1290
- file: 81.161.238.213
- hash: 1999
- file: 141.98.11.122
- hash: 25596
- file: 209.141.42.202
- hash: 666
- file: 45.139.104.161
- hash: 3778
- file: 5.59.249.232
- hash: 1337
- file: 160.22.160.59
- hash: 1312
- file: 46.8.229.204
- hash: 56744
- file: 205.185.120.246
- hash: 10496
- file: 5.59.249.210
- hash: 1024
- url: https://mobbipenju.store
- file: 193.161.193.99
- hash: 41878
- file: 79.137.199.150
- hash: 4449
- file: 185.106.92.86
- hash: 4040
- url: https://clearancek.site
- url: https://megaarmshop.com/trade/original.js
- domain: megaarmshop.com
- url: https://megaarmshop.com/trade/index.php
- url: https://megaarmshop.com/trade/fix.php
- url: https://megaarmshop.com/trade/d.php
- file: 103.186.116.108
- hash: 3456
- url: https://drawwyobstacw.sbs
- url: https://condifendteu.sbs
- url: https://ehticsprocw.sbs
- url: https://vennurviot.sbs
- url: https://resinedyw.sbs
- url: https://enlargkiw.sbs
- url: https://allocatinow.sbs
- url: https://mathcucom.sbs
- url: https://dormynwj.buzz
- url: https://magneticcosi.buzz
- file: 188.190.10.12
- hash: 1912
- url: https://basizuw.buzz
- file: 103.67.163.155
- hash: 18534
- url: https://bathdoomgaz.store
- file: 103.161.35.64
- hash: 80
- file: 45.74.36.73
- hash: 443
- file: 47.103.147.200
- hash: 4444
- file: 121.37.203.142
- hash: 9999
- file: 124.71.5.199
- hash: 8888
- file: 62.234.89.129
- hash: 8081
- file: 172.86.65.68
- hash: 18443
- file: 172.86.65.68
- hash: 443
- file: 39.105.131.50
- hash: 88
- file: 45.32.184.200
- hash: 8443
- file: 186.7.32.172
- hash: 8181
- file: 86.38.225.26
- hash: 2404
- file: 181.235.200.130
- hash: 8888
- domain: microsoft.gotdns.ch
- file: 87.120.125.84
- hash: 31337
- file: 209.222.98.197
- hash: 443
- file: 144.126.151.240
- hash: 2002
- file: 87.120.114.217
- hash: 7443
- domain: www.bamgup.com
- domain: ec2-54-215-126-153.us-west-1.compute.amazonaws.com
- file: 4.201.154.55
- hash: 443
- file: 20.83.27.106
- hash: 443
- file: 154.37.219.145
- hash: 443
- file: 128.199.228.36
- hash: 4444
- file: 188.27.174.128
- hash: 8080
- file: 87.120.127.57
- hash: 1024
- file: 54.37.225.27
- hash: 8443
- file: 185.241.208.167
- hash: 7443
- domain: fast.dimagnific.ru
- domain: poczta.revolut-disabled-email.net
- domain: login.revolut-disable-email.com
- url: http://91.211.249.223/456e447e968afe0e.php
- file: 24.152.39.227
- hash: 4449
- file: 195.66.213.69
- hash: 4444
- file: 165.227.113.183
- hash: 443
- file: 142.171.168.59
- hash: 2083
- file: 43.245.198.226
- hash: 443
- file: 47.100.180.123
- hash: 50055
- file: 167.88.165.216
- hash: 2404
- file: 45.138.16.176
- hash: 5057
- file: 101.99.94.69
- hash: 80
- file: 101.99.94.69
- hash: 2404
- file: 101.99.94.69
- hash: 8090
- file: 140.82.63.209
- hash: 8443
- file: 173.230.131.20
- hash: 443
- file: 5.189.175.225
- hash: 80
- file: 217.69.15.243
- hash: 443
- file: 172.96.142.69
- hash: 8082
- file: 181.161.18.123
- hash: 8080
- file: 175.178.170.90
- hash: 8080
- file: 154.37.220.109
- hash: 443
- file: 107.178.101.250
- hash: 7443
- domain: outlook.revolut-disable-email.com
- file: 45.200.148.61
- hash: 65012
- url: http://f0908023.xsph.ru/l1nc0in.php
ThreatFox IOCs for 2024-10-10
Description
ThreatFox IOCs for 2024-10-10
AI-Powered Analysis
Technical Analysis
The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2024-10-10 via the ThreatFox MISP feed, categorized under malware with a focus on OSINT (Open Source Intelligence), network activity, and payload delivery. ThreatFox is a platform that aggregates and shares threat intelligence data, including IOCs related to malware campaigns and network threats. However, the details here are minimal, lacking specific affected software versions, detailed technical indicators, or exploit mechanisms. The threat is tagged as 'medium' severity and classified primarily as OSINT-related, indicating that the data is likely intended for situational awareness and threat hunting rather than describing a novel or actively exploited vulnerability. The absence of known exploits in the wild and no available patches further suggests this is intelligence about observed malicious activity or infrastructure rather than a direct vulnerability or zero-day exploit. The technical details show a moderate threat level (2 out of an unspecified scale), limited analysis (1), and moderate distribution (3), which may imply the threat is somewhat widespread but not highly sophisticated or impactful at this time. Overall, this represents a collection of threat intelligence indicators useful for detection and response but does not describe a specific, exploitable vulnerability or active malware campaign with detailed attack vectors.
Potential Impact
For European organizations, the impact of this threat intelligence is primarily in enhancing detection and response capabilities rather than mitigating an immediate, high-risk exploit. Since no specific affected products or vulnerabilities are identified, the direct risk to confidentiality, integrity, or availability is limited. However, the presence of payload delivery and network activity tags indicates that the underlying threats could facilitate malware infections or network intrusions if corresponding vulnerabilities or misconfigurations exist in organizational environments. European entities with mature security operations centers (SOCs) can leverage these IOCs to improve monitoring and threat hunting, potentially reducing the dwell time of attackers. Organizations lacking robust threat intelligence integration may not benefit as much, potentially increasing exposure to related malware campaigns. The medium severity rating suggests vigilance but not urgent emergency response. The lack of known exploits in the wild reduces immediate risk but does not preclude future exploitation if threat actors adapt these indicators into active campaigns.
Mitigation Recommendations
1. Integrate the provided IOCs from ThreatFox into existing security information and event management (SIEM) and endpoint detection and response (EDR) systems to enhance detection capabilities. 2. Conduct regular threat hunting exercises using these indicators to identify any signs of compromise or related malicious activity within the network. 3. Maintain up-to-date network segmentation and strict access controls to limit the potential impact of payload delivery attempts. 4. Ensure all systems are patched and hardened against known vulnerabilities, even though no specific patches are indicated here, to reduce the attack surface. 5. Educate security teams on the nature of OSINT-based threat intelligence to improve interpretation and operationalization of such data. 6. Collaborate with national and European cybersecurity information sharing organizations to contextualize these IOCs within broader threat trends. 7. Monitor for updates from ThreatFox and other intelligence sources for any escalation or new exploit information related to these indicators.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- e9ec1f4c-8552-4bfb-878d-9610d3d02a59
- Original Timestamp
- 1728604988
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://49.13.89.149 | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://195.201.118.191 | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://steamcommunity.com/profiles/76561199751190313 | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://65.108.57.141/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://195.201.118.191/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://116.202.179.237/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://159.69.178.243/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://168.119.243.238/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://116.203.6.107/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://dissapoiznw.store | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://863811cm.nyafka.top/video_requestpacketupdategeneratorpublic.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://185.215.113.26/dem7ktu/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://200.6.88.146:37277/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttp://62.204.41.176/edd20096ecef326d.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttps://mobbipenju.store | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://clearancek.site | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://megaarmshop.com/trade/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://megaarmshop.com/trade/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://megaarmshop.com/trade/fix.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://megaarmshop.com/trade/d.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://drawwyobstacw.sbs | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://condifendteu.sbs | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://ehticsprocw.sbs | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://vennurviot.sbs | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://resinedyw.sbs | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://enlargkiw.sbs | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://allocatinow.sbs | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://mathcucom.sbs | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://dormynwj.buzz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://magneticcosi.buzz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://basizuw.buzz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://bathdoomgaz.store | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://91.211.249.223/456e447e968afe0e.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://f0908023.xsph.ru/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file54.215.126.153 | Hook botnet C2 server (confidence level: 100%) | |
file5.95.41.85 | Unknown malware botnet C2 server (confidence level: 100%) | |
file46.8.236.23 | Havoc botnet C2 server (confidence level: 100%) | |
file113.45.220.201 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.37.128.90 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.222.176.39 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file139.159.251.99 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.94.131.204 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file110.40.137.97 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file94.232.247.97 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file59.110.123.108 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file159.138.153.205 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file64.188.20.210 | Remcos botnet C2 server (confidence level: 75%) | |
file45.152.161.204 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file91.222.173.140 | DarkGate botnet C2 server (confidence level: 100%) | |
file94.156.166.34 | Hook botnet C2 server (confidence level: 100%) | |
file3.74.27.83 | NjRAT botnet C2 server (confidence level: 100%) | |
file18.192.31.30 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.71.225.231 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.78.28.71 | NjRAT botnet C2 server (confidence level: 100%) | |
file67.220.95.213 | Mirai botnet C2 server (confidence level: 100%) | |
file81.161.238.213 | Mirai botnet C2 server (confidence level: 100%) | |
file141.98.11.122 | Mirai botnet C2 server (confidence level: 100%) | |
file209.141.42.202 | Mirai botnet C2 server (confidence level: 100%) | |
file45.139.104.161 | Mirai botnet C2 server (confidence level: 100%) | |
file5.59.249.232 | Mirai botnet C2 server (confidence level: 100%) | |
file160.22.160.59 | Mirai botnet C2 server (confidence level: 100%) | |
file46.8.229.204 | MooBot botnet C2 server (confidence level: 100%) | |
file205.185.120.246 | MooBot botnet C2 server (confidence level: 100%) | |
file5.59.249.210 | Bashlite botnet C2 server (confidence level: 100%) | |
file193.161.193.99 | NjRAT botnet C2 server (confidence level: 100%) | |
file79.137.199.150 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file185.106.92.86 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file103.186.116.108 | Ave Maria botnet C2 server (confidence level: 100%) | |
file188.190.10.12 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file103.67.163.155 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file103.161.35.64 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.74.36.73 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.103.147.200 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.37.203.142 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.71.5.199 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file62.234.89.129 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.86.65.68 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.86.65.68 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.105.131.50 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.32.184.200 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file186.7.32.172 | Unknown malware botnet C2 server (confidence level: 100%) | |
file86.38.225.26 | Remcos botnet C2 server (confidence level: 100%) | |
file181.235.200.130 | Remcos botnet C2 server (confidence level: 100%) | |
file87.120.125.84 | Sliver botnet C2 server (confidence level: 100%) | |
file209.222.98.197 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file144.126.151.240 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file87.120.114.217 | Unknown malware botnet C2 server (confidence level: 100%) | |
file4.201.154.55 | Havoc botnet C2 server (confidence level: 100%) | |
file20.83.27.106 | Havoc botnet C2 server (confidence level: 100%) | |
file154.37.219.145 | Venom RAT botnet C2 server (confidence level: 100%) | |
file128.199.228.36 | Unknown malware botnet C2 server (confidence level: 100%) | |
file188.27.174.128 | Orcus RAT botnet C2 server (confidence level: 100%) | |
file87.120.127.57 | DCRat botnet C2 server (confidence level: 100%) | |
file54.37.225.27 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.241.208.167 | Unknown malware botnet C2 server (confidence level: 100%) | |
file24.152.39.227 | NjRAT botnet C2 server (confidence level: 100%) | |
file195.66.213.69 | Bashlite botnet C2 server (confidence level: 100%) | |
file165.227.113.183 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file142.171.168.59 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.245.198.226 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.100.180.123 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file167.88.165.216 | Remcos botnet C2 server (confidence level: 100%) | |
file45.138.16.176 | Remcos botnet C2 server (confidence level: 100%) | |
file101.99.94.69 | Remcos botnet C2 server (confidence level: 100%) | |
file101.99.94.69 | Remcos botnet C2 server (confidence level: 100%) | |
file101.99.94.69 | Remcos botnet C2 server (confidence level: 100%) | |
file140.82.63.209 | pupy botnet C2 server (confidence level: 100%) | |
file173.230.131.20 | Sliver botnet C2 server (confidence level: 100%) | |
file5.189.175.225 | Sliver botnet C2 server (confidence level: 100%) | |
file217.69.15.243 | ShadowPad botnet C2 server (confidence level: 90%) | |
file172.96.142.69 | Hook botnet C2 server (confidence level: 100%) | |
file181.161.18.123 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file175.178.170.90 | Venom RAT botnet C2 server (confidence level: 100%) | |
file154.37.220.109 | Venom RAT botnet C2 server (confidence level: 100%) | |
file107.178.101.250 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.200.148.61 | RedLine Stealer botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash801 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9104 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5555 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2095 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3800 | Remcos botnet C2 server (confidence level: 75%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash80 | DarkGate botnet C2 server (confidence level: 100%) | |
hash8083 | Hook botnet C2 server (confidence level: 100%) | |
hash14987 | NjRAT botnet C2 server (confidence level: 100%) | |
hash14987 | NjRAT botnet C2 server (confidence level: 100%) | |
hash14987 | NjRAT botnet C2 server (confidence level: 100%) | |
hash14987 | NjRAT botnet C2 server (confidence level: 100%) | |
hash1290 | Mirai botnet C2 server (confidence level: 100%) | |
hash1999 | Mirai botnet C2 server (confidence level: 100%) | |
hash25596 | Mirai botnet C2 server (confidence level: 100%) | |
hash666 | Mirai botnet C2 server (confidence level: 100%) | |
hash3778 | Mirai botnet C2 server (confidence level: 100%) | |
hash1337 | Mirai botnet C2 server (confidence level: 100%) | |
hash1312 | Mirai botnet C2 server (confidence level: 100%) | |
hash56744 | MooBot botnet C2 server (confidence level: 100%) | |
hash10496 | MooBot botnet C2 server (confidence level: 100%) | |
hash1024 | Bashlite botnet C2 server (confidence level: 100%) | |
hash41878 | NjRAT botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash4040 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash3456 | Ave Maria botnet C2 server (confidence level: 100%) | |
hash1912 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash18534 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash18443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash88 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8181 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | Remcos botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2002 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash4444 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Orcus RAT botnet C2 server (confidence level: 100%) | |
hash1024 | DCRat botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4449 | NjRAT botnet C2 server (confidence level: 100%) | |
hash4444 | Bashlite botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2083 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50055 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash5057 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8090 | Remcos botnet C2 server (confidence level: 100%) | |
hash8443 | pupy botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash80 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8080 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash443 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash65012 | RedLine Stealer botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domaincfd-regulations.com | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domainavatrade-supervision.com | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domainavatrade-global.com | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domainavatrade-regulation.com | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domainavatrade-compliance.com | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domainavatrade-services.com | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domainheche.top | XehookStealer botnet C2 domain (confidence level: 100%) | |
domainsixvr16ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainforkj4ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainmegaarmshop.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainmicrosoft.gotdns.ch | Remcos botnet C2 domain (confidence level: 100%) | |
domainwww.bamgup.com | Hook botnet C2 domain (confidence level: 100%) | |
domainec2-54-215-126-153.us-west-1.compute.amazonaws.com | Hook botnet C2 domain (confidence level: 100%) | |
domainfast.dimagnific.ru | Meduza Stealer botnet C2 domain (confidence level: 100%) | |
domainpoczta.revolut-disabled-email.net | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainlogin.revolut-disable-email.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainoutlook.revolut-disable-email.com | Unknown malware botnet C2 domain (confidence level: 100%) |
Threat ID: 68367c99182aa0cae232406f
Added to database: 5/28/2025, 3:01:45 AM
Last enriched: 6/27/2025, 10:36:05 AM
Last updated: 7/28/2025, 8:45:31 PM
Views: 20
Related Threats
ThreatFox IOCs for 2025-08-02
MediumNew Attack Uses Windows Shortcut Files to Install REMCOS Backdoor
MediumMalicious AI-generated npm package hits Solana users
MediumThreatFox IOCs for 2025-08-01
MediumOSINT - Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.