ThreatFox IOCs for 2024-10-26
ThreatFox IOCs for 2024-10-26
AI Analysis
Technical Summary
The provided threat intelligence pertains to a malware-related report titled 'ThreatFox IOCs for 2024-10-26,' sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under 'type:osint,' indicating it is derived from open-source intelligence rather than proprietary or classified sources. There are no specific affected product versions or detailed technical indicators included in the data, and no known exploits are reported to be actively used in the wild. The threat level is indicated as 2 on an unspecified scale, with analysis and distribution scores of 1 and 3 respectively, suggesting limited analysis depth but moderate distribution potential. The absence of CWEs, patch links, or detailed technical descriptions implies that this report serves primarily as an informational update rather than a detailed vulnerability advisory. The lack of indicators of compromise (IOCs) further limits the ability to perform targeted detection or response actions. Overall, this intelligence appears to be a general alert about emerging malware-related activity or IOCs collected on the specified date, without concrete evidence of active exploitation or specific affected systems.
Potential Impact
Given the limited technical details and absence of known active exploits, the immediate impact on European organizations is likely to be low to medium. However, the distribution score of 3 suggests that the malware or associated IOCs may be moderately widespread or have the potential for broader dissemination. European organizations that rely heavily on open-source intelligence tools or share threat data with global partners might encounter these IOCs in their environments. The lack of specific affected products or versions means that the threat could be generic or targeting multiple platforms, which complicates precise impact assessment. Potential impacts include increased risk of malware infection, data exfiltration, or system compromise if the malware is deployed successfully. However, without evidence of active exploitation or targeted campaigns, the threat currently represents a moderate risk primarily from a situational awareness perspective rather than an immediate operational threat.
Mitigation Recommendations
1. Enhance monitoring for unusual network traffic and system behaviors that could indicate malware activity, especially focusing on indicators from open-source intelligence feeds like ThreatFox. 2. Integrate ThreatFox and similar OSINT sources into existing Security Information and Event Management (SIEM) systems to automate IOC ingestion and correlation. 3. Conduct regular threat hunting exercises using the latest IOCs and behavioral patterns associated with emerging malware to identify potential infections early. 4. Maintain up-to-date endpoint protection solutions with heuristic and behavioral detection capabilities to identify unknown or polymorphic malware variants. 5. Promote information sharing within industry-specific Information Sharing and Analysis Centers (ISACs) to stay informed about evolving threats and mitigation strategies. 6. Implement strict network segmentation and least privilege access controls to limit potential malware spread within organizational networks. 7. Conduct user awareness training focused on recognizing phishing and social engineering tactics that often serve as initial infection vectors for malware. These measures go beyond generic advice by emphasizing integration of OSINT feeds, proactive threat hunting, and collaborative defense tailored to the nature of the reported threat.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- domain: explorationmsn.store
- domain: cemeteryun.cyou
- file: 62.204.41.150
- hash: 443
- file: 146.235.228.60
- hash: 11112
- file: 119.29.202.88
- hash: 80
- file: 106.14.127.122
- hash: 30217
- file: 89.213.51.15
- hash: 48563
- file: 185.104.195.215
- hash: 6666
- url: https://crisiwarny.store/api
- url: https://founpiuer.store/api
- url: https://navygenerayk.store/api
- url: https://necklacedmny.store/api
- url: http://rustpidc.beget.tech/l1nc0in.php
- file: 167.99.69.166
- hash: 8888
- file: 117.72.103.29
- hash: 8080
- file: 38.6.177.11
- hash: 2222
- file: 185.186.76.151
- hash: 443
- file: 111.90.140.83
- hash: 443
- file: 111.90.140.83
- hash: 80
- file: 172.233.177.224
- hash: 8000
- file: 51.195.219.100
- hash: 3000
- file: 51.195.219.100
- hash: 7443
- file: 23.143.168.16
- hash: 443
- file: 93.123.109.187
- hash: 443
- file: 76.204.56.154
- hash: 4443
- file: 72.18.215.108
- hash: 443
- file: 46.246.82.21
- hash: 8080
- file: 154.213.187.92
- hash: 1336
- file: 103.135.101.188
- hash: 10496
- domain: js.liveya.org
- file: 185.198.234.147
- hash: 800
- file: 110.40.167.191
- hash: 7777
- file: 198.98.57.26
- hash: 2096
- file: 117.72.103.29
- hash: 80
- file: 103.159.64.203
- hash: 8880
- file: 103.37.41.116
- hash: 8081
- file: 124.222.182.200
- hash: 8081
- file: 159.223.36.127
- hash: 80
- file: 82.157.180.53
- hash: 86
- file: 103.37.41.118
- hash: 8081
- file: 45.115.236.152
- hash: 1234
- file: 47.106.159.229
- hash: 84
- file: 39.100.93.1
- hash: 443
- url: http://20.25.126.96:443/bdds
- url: http://20.25.126.96:443/sp6d
- url: http://20.25.126.96:443/wu8y
- url: http://utahsadventurefamily.shop:443/voorraad/hyundai/ioniq-6
- file: 54.253.7.109
- hash: 4447
- file: 107.148.36.43
- hash: 8986
- file: 114.55.100.165
- hash: 19999
- file: 87.120.117.217
- hash: 443
- file: 185.106.92.43
- hash: 443
- file: 185.196.10.242
- hash: 7736
- file: 137.184.150.148
- hash: 31337
- file: 103.94.76.9
- hash: 8888
- file: 187.35.7.84
- hash: 5000
- file: 94.103.125.186
- hash: 8000
- file: 46.246.14.18
- hash: 5000
- file: 190.123.46.53
- hash: 80
- file: 103.77.246.171
- hash: 80
- file: 31.41.244.13
- hash: 25834
- url: https://thumbi.cfd/api
- url: http://rollsroys.top/externaljsapisql.php
- file: 43.246.208.193
- hash: 443
- file: 118.89.66.192
- hash: 8888
- file: 118.89.66.192
- hash: 9999
- file: 124.223.186.148
- hash: 60020
- file: 78.161.6.8
- hash: 222
- file: 78.161.6.8
- hash: 888
- file: 78.161.6.8
- hash: 2004
- file: 78.161.6.8
- hash: 8888
- file: 207.148.83.9
- hash: 7443
- file: 204.48.22.193
- hash: 7443
- file: 51.89.224.171
- hash: 3001
- file: 185.173.37.164
- hash: 80
- file: 193.233.113.179
- hash: 50555
- file: 64.176.199.40
- hash: 8088
- file: 45.95.169.122
- hash: 1337
- domain: cpcalendars.bmzbaumaschinen.com
- domain: js1.search-st1.com
- domain: search-dl1.com
- domain: webmail.mg-plant.com
- file: 185.150.24.68
- hash: 80
- file: 185.150.24.67
- hash: 80
- file: 88.119.175.247
- hash: 443
- file: 78.111.91.21
- hash: 443
- domain: timeless-tales.shop
- domain: dns.cdn-serveri68n-googleapis.org
- file: 91.240.118.89
- hash: 15647
- url: http://94.141.122.159/baf27292fb61e144.php
- file: 129.204.45.99
- hash: 443
- file: 107.174.39.159
- hash: 80
- file: 118.89.116.174
- hash: 443
- file: 185.198.234.147
- hash: 443
- file: 82.157.180.53
- hash: 80
- file: 118.89.124.190
- hash: 9999
- file: 116.205.237.158
- hash: 10012
- file: 45.11.180.200
- hash: 444
- file: 8.154.18.17
- hash: 8090
- file: 79.116.68.10
- hash: 2404
- file: 18.144.159.211
- hash: 443
- file: 149.28.159.61
- hash: 443
- file: 85.7.223.113
- hash: 9090
- file: 31.220.49.60
- hash: 80
- file: 165.227.158.213
- hash: 443
- file: 185.174.101.203
- hash: 443
- file: 167.71.160.223
- hash: 443
- file: 152.53.66.68
- hash: 80
- domain: search-jrd.com
- url: http://185.215.113.217/coreopt/index.php
- file: 185.215.113.217
- hash: 80
- file: 147.45.47.210
- hash: 15647
- url: http://79.124.78.148/inure.php
- file: 79.124.78.148
- hash: 80
- file: 141.11.218.13
- hash: 10481
- file: 5.230.77.102
- hash: 2404
- file: 67.217.240.33
- hash: 443
- file: 67.217.240.34
- hash: 443
- file: 78.161.6.8
- hash: 2003
- file: 78.161.6.8
- hash: 20000
- file: 38.180.242.26
- hash: 80
- file: 188.227.57.57
- hash: 8080
- file: 185.215.113.214
- hash: 80
- file: 190.123.46.52
- hash: 80
- file: 113.106.204.21
- hash: 8089
- domain: bmzbaumaschinen.com
- file: 3.78.28.71
- hash: 10698
- file: 52.57.120.10
- hash: 10698
- file: 18.153.198.123
- hash: 10698
ThreatFox IOCs for 2024-10-26
Description
ThreatFox IOCs for 2024-10-26
AI-Powered Analysis
Technical Analysis
The provided threat intelligence pertains to a malware-related report titled 'ThreatFox IOCs for 2024-10-26,' sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under 'type:osint,' indicating it is derived from open-source intelligence rather than proprietary or classified sources. There are no specific affected product versions or detailed technical indicators included in the data, and no known exploits are reported to be actively used in the wild. The threat level is indicated as 2 on an unspecified scale, with analysis and distribution scores of 1 and 3 respectively, suggesting limited analysis depth but moderate distribution potential. The absence of CWEs, patch links, or detailed technical descriptions implies that this report serves primarily as an informational update rather than a detailed vulnerability advisory. The lack of indicators of compromise (IOCs) further limits the ability to perform targeted detection or response actions. Overall, this intelligence appears to be a general alert about emerging malware-related activity or IOCs collected on the specified date, without concrete evidence of active exploitation or specific affected systems.
Potential Impact
Given the limited technical details and absence of known active exploits, the immediate impact on European organizations is likely to be low to medium. However, the distribution score of 3 suggests that the malware or associated IOCs may be moderately widespread or have the potential for broader dissemination. European organizations that rely heavily on open-source intelligence tools or share threat data with global partners might encounter these IOCs in their environments. The lack of specific affected products or versions means that the threat could be generic or targeting multiple platforms, which complicates precise impact assessment. Potential impacts include increased risk of malware infection, data exfiltration, or system compromise if the malware is deployed successfully. However, without evidence of active exploitation or targeted campaigns, the threat currently represents a moderate risk primarily from a situational awareness perspective rather than an immediate operational threat.
Mitigation Recommendations
1. Enhance monitoring for unusual network traffic and system behaviors that could indicate malware activity, especially focusing on indicators from open-source intelligence feeds like ThreatFox. 2. Integrate ThreatFox and similar OSINT sources into existing Security Information and Event Management (SIEM) systems to automate IOC ingestion and correlation. 3. Conduct regular threat hunting exercises using the latest IOCs and behavioral patterns associated with emerging malware to identify potential infections early. 4. Maintain up-to-date endpoint protection solutions with heuristic and behavioral detection capabilities to identify unknown or polymorphic malware variants. 5. Promote information sharing within industry-specific Information Sharing and Analysis Centers (ISACs) to stay informed about evolving threats and mitigation strategies. 6. Implement strict network segmentation and least privilege access controls to limit potential malware spread within organizational networks. 7. Conduct user awareness training focused on recognizing phishing and social engineering tactics that often serve as initial infection vectors for malware. These measures go beyond generic advice by emphasizing integration of OSINT feeds, proactive threat hunting, and collaborative defense tailored to the nature of the reported threat.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- ebb82d36-e8c6-4ffe-9c92-e5520d2e16de
- Original Timestamp
- 1729987388
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainexplorationmsn.store | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincemeteryun.cyou | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainjs.liveya.org | MooBot botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.bmzbaumaschinen.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainjs1.search-st1.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainsearch-dl1.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainwebmail.mg-plant.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domaintimeless-tales.shop | Amadey botnet C2 domain (confidence level: 100%) | |
domaindns.cdn-serveri68n-googleapis.org | Amadey botnet C2 domain (confidence level: 100%) | |
domainsearch-jrd.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainbmzbaumaschinen.com | Bashlite botnet C2 domain (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file62.204.41.150 | Stealc botnet C2 server (confidence level: 100%) | |
file146.235.228.60 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file119.29.202.88 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.14.127.122 | Sliver botnet C2 server (confidence level: 100%) | |
file89.213.51.15 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.104.195.215 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file167.99.69.166 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file117.72.103.29 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.6.177.11 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.186.76.151 | ShadowPad botnet C2 server (confidence level: 90%) | |
file111.90.140.83 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file111.90.140.83 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file172.233.177.224 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file51.195.219.100 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.195.219.100 | Unknown malware botnet C2 server (confidence level: 100%) | |
file23.143.168.16 | Unknown malware botnet C2 server (confidence level: 100%) | |
file93.123.109.187 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file76.204.56.154 | Havoc botnet C2 server (confidence level: 100%) | |
file72.18.215.108 | Havoc botnet C2 server (confidence level: 100%) | |
file46.246.82.21 | DCRat botnet C2 server (confidence level: 100%) | |
file154.213.187.92 | Stealc botnet C2 server (confidence level: 100%) | |
file103.135.101.188 | MooBot botnet C2 server (confidence level: 75%) | |
file185.198.234.147 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file110.40.167.191 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file198.98.57.26 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file117.72.103.29 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.159.64.203 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.37.41.116 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.222.182.200 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file159.223.36.127 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file82.157.180.53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.37.41.118 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.115.236.152 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.106.159.229 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.100.93.1 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file54.253.7.109 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file107.148.36.43 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file114.55.100.165 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file87.120.117.217 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.106.92.43 | Latrodectus botnet C2 server (confidence level: 75%) | |
file185.196.10.242 | Remcos botnet C2 server (confidence level: 100%) | |
file137.184.150.148 | Sliver botnet C2 server (confidence level: 100%) | |
file103.94.76.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file187.35.7.84 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file94.103.125.186 | Venom RAT botnet C2 server (confidence level: 100%) | |
file46.246.14.18 | DCRat botnet C2 server (confidence level: 100%) | |
file190.123.46.53 | MooBot botnet C2 server (confidence level: 100%) | |
file103.77.246.171 | MooBot botnet C2 server (confidence level: 100%) | |
file31.41.244.13 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file43.246.208.193 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.89.66.192 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.89.66.192 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.223.186.148 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file78.161.6.8 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file78.161.6.8 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file78.161.6.8 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file78.161.6.8 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file207.148.83.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file204.48.22.193 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.89.224.171 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.173.37.164 | Hook botnet C2 server (confidence level: 100%) | |
file193.233.113.179 | Hook botnet C2 server (confidence level: 100%) | |
file64.176.199.40 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file45.95.169.122 | Bashlite botnet C2 server (confidence level: 100%) | |
file185.150.24.68 | Bashlite botnet C2 server (confidence level: 100%) | |
file185.150.24.67 | Bashlite botnet C2 server (confidence level: 100%) | |
file88.119.175.247 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
file78.111.91.21 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file91.240.118.89 | Amadey botnet C2 server (confidence level: 100%) | |
file129.204.45.99 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.174.39.159 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.89.116.174 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.198.234.147 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file82.157.180.53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.89.124.190 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file116.205.237.158 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.11.180.200 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.154.18.17 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file79.116.68.10 | Remcos botnet C2 server (confidence level: 100%) | |
file18.144.159.211 | Sliver botnet C2 server (confidence level: 100%) | |
file149.28.159.61 | ShadowPad botnet C2 server (confidence level: 90%) | |
file85.7.223.113 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file31.220.49.60 | Hook botnet C2 server (confidence level: 100%) | |
file165.227.158.213 | Havoc botnet C2 server (confidence level: 100%) | |
file185.174.101.203 | Havoc botnet C2 server (confidence level: 100%) | |
file167.71.160.223 | Havoc botnet C2 server (confidence level: 100%) | |
file152.53.66.68 | MooBot botnet C2 server (confidence level: 100%) | |
file185.215.113.217 | Amadey botnet C2 server (confidence level: 50%) | |
file147.45.47.210 | SectopRAT botnet C2 server (confidence level: 100%) | |
file79.124.78.148 | Koi Loader botnet C2 server (confidence level: 100%) | |
file141.11.218.13 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file5.230.77.102 | Remcos botnet C2 server (confidence level: 100%) | |
file67.217.240.33 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file67.217.240.34 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file78.161.6.8 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file78.161.6.8 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file38.180.242.26 | Poseidon Stealer botnet C2 server (confidence level: 100%) | |
file188.227.57.57 | ERMAC botnet C2 server (confidence level: 100%) | |
file185.215.113.214 | Stealc botnet C2 server (confidence level: 100%) | |
file190.123.46.52 | MooBot botnet C2 server (confidence level: 100%) | |
file113.106.204.21 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.78.28.71 | NjRAT botnet C2 server (confidence level: 100%) | |
file52.57.120.10 | NjRAT botnet C2 server (confidence level: 100%) | |
file18.153.198.123 | NjRAT botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash443 | Stealc botnet C2 server (confidence level: 100%) | |
hash11112 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash30217 | Sliver botnet C2 server (confidence level: 100%) | |
hash48563 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6666 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash443 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash3000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8080 | DCRat botnet C2 server (confidence level: 100%) | |
hash1336 | Stealc botnet C2 server (confidence level: 100%) | |
hash10496 | MooBot botnet C2 server (confidence level: 75%) | |
hash800 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2096 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8880 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash86 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash84 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4447 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8986 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash19999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 75%) | |
hash7736 | Remcos botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5000 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash5000 | DCRat botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash25834 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash60020 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2004 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3001 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash50555 | Hook botnet C2 server (confidence level: 100%) | |
hash8088 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash1337 | Bashlite botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash443 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash15647 | Amadey botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash10012 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8090 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash9090 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash80 | Amadey botnet C2 server (confidence level: 50%) | |
hash15647 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash80 | Koi Loader botnet C2 server (confidence level: 100%) | |
hash10481 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2003 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash20000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Poseidon Stealer botnet C2 server (confidence level: 100%) | |
hash8080 | ERMAC botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash8089 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10698 | NjRAT botnet C2 server (confidence level: 100%) | |
hash10698 | NjRAT botnet C2 server (confidence level: 100%) | |
hash10698 | NjRAT botnet C2 server (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://crisiwarny.store/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://founpiuer.store/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://navygenerayk.store/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://necklacedmny.store/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://rustpidc.beget.tech/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://20.25.126.96:443/bdds | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://20.25.126.96:443/sp6d | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://20.25.126.96:443/wu8y | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://utahsadventurefamily.shop:443/voorraad/hyundai/ioniq-6 | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttps://thumbi.cfd/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://rollsroys.top/externaljsapisql.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://94.141.122.159/baf27292fb61e144.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://185.215.113.217/coreopt/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://79.124.78.148/inure.php | Koi Loader botnet C2 (confidence level: 100%) |
Threat ID: 682c7ac0e3e6de8ceb763549
Added to database: 5/20/2025, 12:51:12 PM
Last enriched: 6/19/2025, 1:17:33 PM
Last updated: 8/15/2025, 7:17:50 PM
Views: 13
Related Threats
ThreatFox IOCs for 2025-08-16
MediumScammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumThreatFox IOCs for 2025-08-15
MediumThreat Actor Profile: Interlock Ransomware
Medium'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.