ThreatFox IOCs for 2024-10-27
ThreatFox IOCs for 2024-10-27
AI Analysis
Technical Summary
The provided information relates to a set of Indicators of Compromise (IOCs) published on 2024-10-27 by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), network activity, and payload delivery. The data appears to be a collection of threat intelligence indicators rather than a description of a specific vulnerability or exploit. No affected software versions or specific malware families are identified, and there are no known exploits in the wild tied to this IOC set. The threat level is rated as medium, with a threatLevel metric of 2 (on an unspecified scale), analysis level of 1, and distribution level of 3, indicating moderate dissemination of these indicators. The absence of patch availability and lack of CWE identifiers suggest this is not a vulnerability but rather intelligence on potentially malicious network or payload activity. The lack of technical details such as attack vectors, exploitation methods, or payload specifics limits the ability to provide a detailed technical breakdown. Overall, this appears to be a general OSINT feed update providing network and payload-related IOCs for monitoring and detection purposes rather than a direct, active threat or vulnerability.
Potential Impact
For European organizations, the impact of this IOC set is primarily in enhancing detection capabilities rather than mitigating an immediate active threat. Since no specific malware or exploit is detailed, the direct risk to confidentiality, integrity, or availability is unclear. However, these IOCs can help security teams identify suspicious network activity or payload delivery attempts that might be part of broader attack campaigns. Organizations relying on threat intelligence feeds can integrate these IOCs into their security monitoring tools to improve early detection and response. The medium severity rating suggests a moderate level of concern, likely reflecting the potential for these indicators to be associated with ongoing or emerging threats. Without concrete exploit details, the impact remains largely preventive and intelligence-driven rather than reactive to an active compromise.
Mitigation Recommendations
European organizations should incorporate these IOCs into their existing security monitoring and threat detection platforms such as SIEMs, IDS/IPS, and endpoint detection and response (EDR) systems. Regularly updating threat intelligence feeds and correlating these IOCs with internal logs can help identify suspicious activity early. Network segmentation and strict payload inspection policies can reduce the risk of successful payload delivery. Additionally, organizations should maintain robust incident response plans to investigate alerts triggered by these IOCs. Since no patches are available, emphasis should be placed on detection and containment. Sharing findings with relevant national cybersecurity centers or ISACs can enhance collective defense. Finally, continuous training for security analysts on interpreting and acting upon OSINT-derived IOCs will improve operational effectiveness.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- url: http://185.215.113.217/coreopt/login.php
- file: 147.185.221.23
- hash: 32547
- domain: race-frequent.gl.at.ply.gg
- url: https://94.156.253.20/nznlmdmzywexmzk1/
- url: https://staris7542352r23.net/nznlmdmzywexmzk1/
- url: https://staris6442352r23.net/nznlmdmzywexmzk1/
- url: https://staris5342352r23.net/nznlmdmzywexmzk1/
- url: https://staris4242352r23.net/nznlmdmzywexmzk1/
- url: https://staris3142352r23.net/nznlmdmzywexmzk1/
- file: 156.238.252.65
- hash: 1443
- file: 52.250.71.36
- hash: 80
- file: 3.71.225.231
- hash: 10698
- file: 18.192.31.30
- hash: 10698
- file: 3.74.27.83
- hash: 10698
- file: 49.113.79.193
- hash: 8888
- file: 103.106.202.21
- hash: 8888
- file: 34.70.255.193
- hash: 80
- file: 198.167.199.173
- hash: 19132
- file: 13.251.3.88
- hash: 80
- file: 139.59.145.252
- hash: 443
- file: 57.180.74.95
- hash: 80
- domain: www.185-150-24-68.cprapid.com
- domain: search-slv.com
- domain: search-spd.com
- domain: search-gld.com
- file: 37.202.222.231
- hash: 80
- url: http://304773cm.n9shteam.in/jscpugamegeneratorprivate.php
- file: 5.42.92.74
- hash: 7175
- url: http://93.127.223.191:8888/supershell/login/
- file: 80.66.89.52
- hash: 3212
- file: 135.125.189.140
- hash: 19498
- url: https://opinieni.store/api
- file: 221.234.44.21
- hash: 81
- file: 87.120.116.31
- hash: 80
- file: 107.174.180.24
- hash: 80
- domain: 111-90-140-34.cprapid.com
- file: 185.196.8.98
- hash: 8172
- file: 8.218.213.245
- hash: 80
- file: 103.106.202.25
- hash: 8888
- file: 213.176.67.24
- hash: 8888
- file: 92.40.114.224
- hash: 4444
- file: 193.107.109.49
- hash: 9090
- file: 148.113.165.11
- hash: 2323
- file: 159.65.114.94
- hash: 80
- file: 103.78.0.51
- hash: 23
- file: 45.137.198.204
- hash: 1337
- domain: stats.search-st1.com
- file: 87.120.165.61
- hash: 80
- url: http://185.215.113.206/e2b1563c6670f193.php
- url: http://194.15.46.65/7f031eb0d257b290.php
- file: 87.120.115.20
- hash: 28332
- url: http://104.154.53.10/pages/login.php
- file: 45.152.161.204
- hash: 6522
- file: 110.40.141.38
- hash: 8081
- file: 149.88.88.43
- hash: 443
- file: 85.17.107.2
- hash: 2404
- file: 192.3.176.145
- hash: 2404
- file: 172.94.9.171
- hash: 2404
- file: 85.214.64.117
- hash: 443
- file: 193.41.226.233
- hash: 4444
- file: 95.250.141.214
- hash: 1927
- file: 64.69.34.217
- hash: 8082
- file: 154.213.187.12
- hash: 1336
- file: 154.213.187.91
- hash: 1336
- file: 20.151.152.98
- hash: 443
- domain: mail.webpanel777.pl
- file: 94.141.123.127
- hash: 80
- file: 209.151.154.222
- hash: 8080
- file: 154.213.185.248
- hash: 666
- file: 185.196.10.71
- hash: 2222
- file: 80.75.212.206
- hash: 1024
- file: 51.38.128.242
- hash: 9999
- file: 5.59.248.145
- hash: 1024
- file: 64.235.37.140
- hash: 1024
- file: 93.123.85.205
- hash: 9999
- file: 87.120.113.3
- hash: 9999
- file: 129.146.248.40
- hash: 8986
- file: 149.104.28.211
- hash: 443
- file: 42.193.53.72
- hash: 4243
- file: 111.231.21.165
- hash: 8688
- domain: mail.111-90-140-34.cprapid.com
- file: 87.120.117.212
- hash: 7717
- file: 43.199.62.116
- hash: 443
- file: 124.221.2.15
- hash: 8888
- file: 213.176.67.24
- hash: 9999
- file: 91.184.232.123
- hash: 443
- file: 37.220.31.58
- hash: 8082
- file: 154.213.187.84
- hash: 1336
- file: 154.213.187.90
- hash: 1336
- file: 159.223.54.213
- hash: 80
- domain: cpcontacts.spainparkvillas.com
- file: 45.156.86.24
- hash: 38241
- domain: yellowchink.pirate
- file: 103.186.116.99
- hash: 58934
- url: http://103.106.202.25:8888/supershell/login/
- url: http://195.2.79.32/_packetcpudefaultuniversal.php
- file: 193.233.113.184
- hash: 27667
- file: 45.83.31.61
- hash: 80
- file: 101.133.238.18
- hash: 9001
- file: 45.14.226.71
- hash: 443
- file: 113.45.136.230
- hash: 443
- file: 87.120.117.217
- hash: 80
- file: 47.92.106.33
- hash: 9999
- file: 37.220.31.58
- hash: 80
- file: 87.120.115.120
- hash: 8088
- file: 198.167.199.159
- hash: 19132
- file: 85.209.11.15
- hash: 1911
- file: 154.213.187.17
- hash: 1336
- file: 154.213.187.48
- hash: 1336
- file: 82.115.223.38
- hash: 80
- file: 106.55.181.138
- hash: 8888
- url: http://185.215.113.206/6c4adf523b719729.php
- file: 31.177.108.43
- hash: 81
- url: http://windowsxp.top/externaltophppollcpuupdatetrafficpublic.php
- url: http://49.68.28.31:40435/mozi.m
- url: http://artema1m.beget.tech/l1nc0in.php
- file: 47.113.150.236
- hash: 8888
- file: 74.48.83.22
- hash: 9999
- file: 41.249.160.126
- hash: 8080
- file: 67.219.111.231
- hash: 7443
- file: 193.181.35.247
- hash: 7443
- domain: bulkmailsms.com
- file: 83.49.214.212
- hash: 443
- file: 157.254.223.253
- hash: 80
- file: 62.204.41.177
- hash: 80
- file: 62.204.41.176
- hash: 80
- file: 62.204.41.150
- hash: 80
- url: http://80.66.89.37/cpu/2tolinuxexternal/cdntrafficlow/geoexternalgeneratorapi/http_bigloadtrack/sql5/jsgeoupdate2/multi/centraldump/bigloadsecure/7/eternalimagecpuwindowstrafficdleprivate.php
- url: https://authorisev.site/api
- url: https://contemteny.site/api
- url: https://dilemmadu.site/api
- url: https://faulteyotk.site/api
- url: https://goalyfeastz.site/api
- url: https://seallysl.site/api
- url: https://servicedny.site/api
ThreatFox IOCs for 2024-10-27
Description
ThreatFox IOCs for 2024-10-27
AI-Powered Analysis
Technical Analysis
The provided information relates to a set of Indicators of Compromise (IOCs) published on 2024-10-27 by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), network activity, and payload delivery. The data appears to be a collection of threat intelligence indicators rather than a description of a specific vulnerability or exploit. No affected software versions or specific malware families are identified, and there are no known exploits in the wild tied to this IOC set. The threat level is rated as medium, with a threatLevel metric of 2 (on an unspecified scale), analysis level of 1, and distribution level of 3, indicating moderate dissemination of these indicators. The absence of patch availability and lack of CWE identifiers suggest this is not a vulnerability but rather intelligence on potentially malicious network or payload activity. The lack of technical details such as attack vectors, exploitation methods, or payload specifics limits the ability to provide a detailed technical breakdown. Overall, this appears to be a general OSINT feed update providing network and payload-related IOCs for monitoring and detection purposes rather than a direct, active threat or vulnerability.
Potential Impact
For European organizations, the impact of this IOC set is primarily in enhancing detection capabilities rather than mitigating an immediate active threat. Since no specific malware or exploit is detailed, the direct risk to confidentiality, integrity, or availability is unclear. However, these IOCs can help security teams identify suspicious network activity or payload delivery attempts that might be part of broader attack campaigns. Organizations relying on threat intelligence feeds can integrate these IOCs into their security monitoring tools to improve early detection and response. The medium severity rating suggests a moderate level of concern, likely reflecting the potential for these indicators to be associated with ongoing or emerging threats. Without concrete exploit details, the impact remains largely preventive and intelligence-driven rather than reactive to an active compromise.
Mitigation Recommendations
European organizations should incorporate these IOCs into their existing security monitoring and threat detection platforms such as SIEMs, IDS/IPS, and endpoint detection and response (EDR) systems. Regularly updating threat intelligence feeds and correlating these IOCs with internal logs can help identify suspicious activity early. Network segmentation and strict payload inspection policies can reduce the risk of successful payload delivery. Additionally, organizations should maintain robust incident response plans to investigate alerts triggered by these IOCs. Since no patches are available, emphasis should be placed on detection and containment. Sharing findings with relevant national cybersecurity centers or ISACs can enhance collective defense. Finally, continuous training for security analysts on interpreting and acting upon OSINT-derived IOCs will improve operational effectiveness.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- eda0f39f-2bab-41fb-937e-1c49ef81926e
- Original Timestamp
- 1730073787
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://185.215.113.217/coreopt/login.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttps://94.156.253.20/nznlmdmzywexmzk1/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://staris7542352r23.net/nznlmdmzywexmzk1/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://staris6442352r23.net/nznlmdmzywexmzk1/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://staris5342352r23.net/nznlmdmzywexmzk1/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://staris4242352r23.net/nznlmdmzywexmzk1/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://staris3142352r23.net/nznlmdmzywexmzk1/ | Coper botnet C2 (confidence level: 80%) | |
urlhttp://304773cm.n9shteam.in/jscpugamegeneratorprivate.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://93.127.223.191:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://opinieni.store/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://185.215.113.206/e2b1563c6670f193.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://194.15.46.65/7f031eb0d257b290.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://104.154.53.10/pages/login.php | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://103.106.202.25:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://195.2.79.32/_packetcpudefaultuniversal.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://185.215.113.206/6c4adf523b719729.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://windowsxp.top/externaltophppollcpuupdatetrafficpublic.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://49.68.28.31:40435/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttp://artema1m.beget.tech/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://80.66.89.37/cpu/2tolinuxexternal/cdntrafficlow/geoexternalgeneratorapi/http_bigloadtrack/sql5/jsgeoupdate2/multi/centraldump/bigloadsecure/7/eternalimagecpuwindowstrafficdleprivate.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://authorisev.site/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://contemteny.site/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://dilemmadu.site/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://faulteyotk.site/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://goalyfeastz.site/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://seallysl.site/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://servicedny.site/api | Lumma Stealer botnet C2 (confidence level: 75%) |
File
| Value | Description | Copy |
|---|---|---|
file147.185.221.23 | NjRAT botnet C2 server (confidence level: 75%) | |
file156.238.252.65 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file52.250.71.36 | Sliver botnet C2 server (confidence level: 100%) | |
file3.71.225.231 | NjRAT botnet C2 server (confidence level: 75%) | |
file18.192.31.30 | NjRAT botnet C2 server (confidence level: 75%) | |
file3.74.27.83 | NjRAT botnet C2 server (confidence level: 75%) | |
file49.113.79.193 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.106.202.21 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.70.255.193 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file198.167.199.173 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file13.251.3.88 | Havoc botnet C2 server (confidence level: 100%) | |
file139.59.145.252 | Havoc botnet C2 server (confidence level: 100%) | |
file57.180.74.95 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
file37.202.222.231 | Bashlite botnet C2 server (confidence level: 100%) | |
file5.42.92.74 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file80.66.89.52 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file135.125.189.140 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file221.234.44.21 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file87.120.116.31 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.174.180.24 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.196.8.98 | Remcos botnet C2 server (confidence level: 100%) | |
file8.218.213.245 | ShadowPad botnet C2 server (confidence level: 90%) | |
file103.106.202.25 | Unknown malware botnet C2 server (confidence level: 100%) | |
file213.176.67.24 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file92.40.114.224 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file193.107.109.49 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file148.113.165.11 | DCRat botnet C2 server (confidence level: 100%) | |
file159.65.114.94 | MooBot botnet C2 server (confidence level: 100%) | |
file103.78.0.51 | Bashlite botnet C2 server (confidence level: 100%) | |
file45.137.198.204 | Bashlite botnet C2 server (confidence level: 100%) | |
file87.120.165.61 | Bashlite botnet C2 server (confidence level: 100%) | |
file87.120.115.20 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file45.152.161.204 | NjRAT botnet C2 server (confidence level: 100%) | |
file110.40.141.38 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.88.88.43 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file85.17.107.2 | Remcos botnet C2 server (confidence level: 100%) | |
file192.3.176.145 | Remcos botnet C2 server (confidence level: 100%) | |
file172.94.9.171 | Remcos botnet C2 server (confidence level: 100%) | |
file85.214.64.117 | Havoc botnet C2 server (confidence level: 100%) | |
file193.41.226.233 | Venom RAT botnet C2 server (confidence level: 100%) | |
file95.250.141.214 | Venom RAT botnet C2 server (confidence level: 100%) | |
file64.69.34.217 | Vshell botnet C2 server (confidence level: 100%) | |
file154.213.187.12 | Stealc botnet C2 server (confidence level: 100%) | |
file154.213.187.91 | Stealc botnet C2 server (confidence level: 100%) | |
file20.151.152.98 | Unknown malware botnet C2 server (confidence level: 100%) | |
file94.141.123.127 | Bashlite botnet C2 server (confidence level: 100%) | |
file209.151.154.222 | MimiKatz botnet C2 server (confidence level: 100%) | |
file154.213.185.248 | Mirai botnet C2 server (confidence level: 75%) | |
file185.196.10.71 | Mirai botnet C2 server (confidence level: 75%) | |
file80.75.212.206 | Mirai botnet C2 server (confidence level: 75%) | |
file51.38.128.242 | Mirai botnet C2 server (confidence level: 75%) | |
file5.59.248.145 | Mirai botnet C2 server (confidence level: 100%) | |
file64.235.37.140 | Mirai botnet C2 server (confidence level: 100%) | |
file93.123.85.205 | Mirai botnet C2 server (confidence level: 100%) | |
file87.120.113.3 | Mirai botnet C2 server (confidence level: 100%) | |
file129.146.248.40 | Mirai botnet C2 server (confidence level: 100%) | |
file149.104.28.211 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file42.193.53.72 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.231.21.165 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file87.120.117.212 | Remcos botnet C2 server (confidence level: 100%) | |
file43.199.62.116 | pupy botnet C2 server (confidence level: 100%) | |
file124.221.2.15 | Unknown malware botnet C2 server (confidence level: 100%) | |
file213.176.67.24 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file91.184.232.123 | Unknown malware botnet C2 server (confidence level: 100%) | |
file37.220.31.58 | Hook botnet C2 server (confidence level: 100%) | |
file154.213.187.84 | Stealc botnet C2 server (confidence level: 100%) | |
file154.213.187.90 | Stealc botnet C2 server (confidence level: 100%) | |
file159.223.54.213 | MooBot botnet C2 server (confidence level: 100%) | |
file45.156.86.24 | Mirai botnet C2 server (confidence level: 100%) | |
file103.186.116.99 | Remcos botnet C2 server (confidence level: 75%) | |
file193.233.113.184 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file45.83.31.61 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.133.238.18 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.14.226.71 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file113.45.136.230 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file87.120.117.217 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.92.106.33 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file37.220.31.58 | Hook botnet C2 server (confidence level: 100%) | |
file87.120.115.120 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file198.167.199.159 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file85.209.11.15 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file154.213.187.17 | Stealc botnet C2 server (confidence level: 100%) | |
file154.213.187.48 | Stealc botnet C2 server (confidence level: 100%) | |
file82.115.223.38 | Stealc botnet C2 server (confidence level: 100%) | |
file106.55.181.138 | MimiKatz botnet C2 server (confidence level: 100%) | |
file31.177.108.43 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file47.113.150.236 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file74.48.83.22 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file41.249.160.126 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file67.219.111.231 | Unknown malware botnet C2 server (confidence level: 100%) | |
file193.181.35.247 | Unknown malware botnet C2 server (confidence level: 100%) | |
file83.49.214.212 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file157.254.223.253 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
file62.204.41.177 | Stealc botnet C2 server (confidence level: 100%) | |
file62.204.41.176 | Stealc botnet C2 server (confidence level: 100%) | |
file62.204.41.150 | Stealc botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash32547 | NjRAT botnet C2 server (confidence level: 75%) | |
hash1443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Sliver botnet C2 server (confidence level: 100%) | |
hash10698 | NjRAT botnet C2 server (confidence level: 75%) | |
hash10698 | NjRAT botnet C2 server (confidence level: 75%) | |
hash10698 | NjRAT botnet C2 server (confidence level: 75%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash19132 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash7175 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash3212 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash19498 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8172 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4444 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash9090 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash2323 | DCRat botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash23 | Bashlite botnet C2 server (confidence level: 100%) | |
hash1337 | Bashlite botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash28332 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash6522 | NjRAT botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash4444 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash1927 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8082 | Vshell botnet C2 server (confidence level: 100%) | |
hash1336 | Stealc botnet C2 server (confidence level: 100%) | |
hash1336 | Stealc botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash8080 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash666 | Mirai botnet C2 server (confidence level: 75%) | |
hash2222 | Mirai botnet C2 server (confidence level: 75%) | |
hash1024 | Mirai botnet C2 server (confidence level: 75%) | |
hash9999 | Mirai botnet C2 server (confidence level: 75%) | |
hash1024 | Mirai botnet C2 server (confidence level: 100%) | |
hash1024 | Mirai botnet C2 server (confidence level: 100%) | |
hash9999 | Mirai botnet C2 server (confidence level: 100%) | |
hash9999 | Mirai botnet C2 server (confidence level: 100%) | |
hash8986 | Mirai botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4243 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8688 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7717 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | pupy botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9999 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash1336 | Stealc botnet C2 server (confidence level: 100%) | |
hash1336 | Stealc botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash38241 | Mirai botnet C2 server (confidence level: 100%) | |
hash58934 | Remcos botnet C2 server (confidence level: 75%) | |
hash27667 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8088 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash19132 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash1911 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash1336 | Stealc botnet C2 server (confidence level: 100%) | |
hash1336 | Stealc botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash8888 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash81 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8080 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainrace-frequent.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 75%) | |
domainwww.185-150-24-68.cprapid.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainsearch-slv.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainsearch-spd.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainsearch-gld.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domain111-90-140-34.cprapid.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainstats.search-st1.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainmail.webpanel777.pl | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainmail.111-90-140-34.cprapid.com | Remcos botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.spainparkvillas.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainyellowchink.pirate | Mirai botnet C2 domain (confidence level: 100%) | |
domainbulkmailsms.com | Hook botnet C2 domain (confidence level: 100%) |
Threat ID: 68367c99182aa0cae2321c03
Added to database: 5/28/2025, 3:01:45 AM
Last enriched: 6/27/2025, 10:50:37 AM
Last updated: 12/3/2025, 2:28:25 AM
Views: 38
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
ThreatFox IOCs for 2025-12-02
MediumMuddyWater strikes Israel with advanced MuddyViper malware
MediumNK Hackers Push 200 Malicious npm Packages with OtterCookie Malware
MediumResearchers Capture Lazarus APT's Remote-Worker Scheme Live on Camera
MediumThreatFox IOCs for 2025-12-01
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.