ThreatFox IOCs for 2024-11-02
ThreatFox IOCs for 2024-11-02
AI Analysis
Technical Summary
The provided information describes a security threat categorized as malware, specifically related to OSINT (Open Source Intelligence) and network activity with a focus on payload delivery. The threat is sourced from the ThreatFox MISP feed and is labeled with a medium severity level. However, the details are sparse: there are no affected versions listed, no known exploits in the wild, no patches available, and no specific indicators of compromise (IOCs) provided. The threat appears to be a collection or report of IOCs related to malware activity observed or predicted around the date 2024-11-02. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination or detection frequency. The tags and categories indicate that this threat relates to OSINT and network-based payload delivery mechanisms, which typically involve the use of publicly available information to facilitate or enhance cyber attacks, often through phishing, malware distribution, or command and control communications. Given the lack of specific technical details such as malware family, attack vectors, or exploited vulnerabilities, this appears to be an early or generalized alert rather than a detailed threat report. The absence of CVEs or CWEs and no patch availability further supports that this is not tied to a known software vulnerability but rather to malware activity detected through network or OSINT methods.
Potential Impact
For European organizations, the impact of this threat is currently difficult to quantify precisely due to the lack of detailed technical information. However, malware associated with OSINT and network payload delivery can lead to significant risks including data exfiltration, system compromise, and disruption of services. Medium severity suggests that while the threat is notable, it may not be immediately critical or widespread. European entities that rely heavily on networked infrastructure and have exposure to open internet services could be vulnerable to initial infection vectors such as phishing or drive-by downloads. The potential impact includes loss of confidentiality if sensitive data is accessed or stolen, integrity issues if malware alters data or system configurations, and availability concerns if payloads include ransomware or destructive components. The lack of known exploits in the wild may indicate that this threat is either emerging or under active monitoring, but organizations should remain vigilant as malware threats can evolve rapidly. The use of OSINT techniques by attackers may also imply targeted reconnaissance against European organizations, increasing the risk for sectors with high-value data or critical infrastructure.
Mitigation Recommendations
Given the nature of the threat and the limited specific details, European organizations should implement targeted mitigations beyond generic advice: 1) Enhance OSINT monitoring capabilities to detect and analyze emerging threat indicators relevant to their sector and geography. 2) Strengthen network defenses by deploying advanced intrusion detection and prevention systems capable of identifying unusual payload delivery patterns. 3) Conduct regular phishing simulation exercises and user awareness training focused on recognizing social engineering tactics that leverage OSINT data. 4) Implement strict network segmentation and least privilege access controls to limit malware propagation if an infection occurs. 5) Maintain up-to-date endpoint detection and response (EDR) solutions with behavioral analysis to detect unknown or polymorphic malware payloads. 6) Collaborate with national and European cybersecurity information sharing platforms to receive timely updates on emerging threats and IOCs. 7) Prepare incident response plans that include procedures for malware containment, eradication, and forensic analysis to quickly address infections related to this threat type.
Affected Countries
Germany, France, United Kingdom, Italy, Netherlands, Belgium, Spain, Poland
Indicators of Compromise
- file: 39.100.100.54
- hash: 8443
- file: 124.70.141.78
- hash: 80
- file: 82.115.223.88
- hash: 80
- file: 88.209.248.69
- hash: 6606
- file: 192.3.95.164
- hash: 8000
- file: 192.3.95.164
- hash: 8090
- file: 161.35.88.226
- hash: 7443
- file: 217.107.219.171
- hash: 80
- file: 45.149.241.241
- hash: 8089
- file: 45.149.241.241
- hash: 50555
- url: https://mundiprep.com/work/index.php
- domain: mundiprep.com
- file: 1.94.6.24
- hash: 4444
- domain: loader.ssag00v-0ffical.com
- domain: teebro1800.dynamic-dns.net
- file: 179.13.10.157
- hash: 8088
- file: 185.157.162.126
- hash: 1991
- file: 61.216.37.4
- hash: 2404
- file: 18.202.226.109
- hash: 443
- file: 92.255.57.31
- hash: 15647
- file: 4.240.117.185
- hash: 7443
- domain: mx5.deitie.asia
- file: 3.136.231.230
- hash: 443
- file: 171.43.196.20
- hash: 8088
- file: 83.136.254.53
- hash: 8000
- file: 123.60.81.51
- hash: 80
- file: 39.100.108.3
- hash: 80
- file: 38.180.94.234
- hash: 1234
- file: 31.13.224.12
- hash: 61512
- file: 31.13.224.13
- hash: 61513
- file: 43.135.183.120
- hash: 443
- file: 140.143.142.93
- hash: 8888
- file: 39.100.100.54
- hash: 443
- file: 185.208.156.248
- hash: 2404
- domain: orchestratb.cyou
- file: 161.35.88.226
- hash: 443
- domain: www.izoa.netsons.org
- domain: releases.gotraffic.fr
- file: 154.216.19.64
- hash: 3778
- file: 51.75.171.9
- hash: 5151
- file: 2.57.149.133
- hash: 1912
- file: 4.228.228.120
- hash: 7000
- file: 45.130.145.59
- hash: 4404
- file: 51.20.118.144
- hash: 69
- file: 94.46.207.10
- hash: 1177
- file: 159.223.206.14
- hash: 7000
- file: 178.215.224.96
- hash: 7886
- file: 185.84.161.76
- hash: 7000
- file: 159.223.206.14
- hash: 80
- file: 159.223.206.14
- hash: 443
- file: 107.149.212.147
- hash: 4449
- file: 108.228.0.61
- hash: 39506
- domain: ninjo19ht.top
- domain: onejo1ht.top
- domain: sevjoi17ht.top
- domain: sixjo16ht.top
- domain: eightjo18ht.top
- domain: fivejp5ht.top
- domain: neinjp9ht.top
- domain: sivjp6ht.top
- domain: tenjp10ht.top
- domain: twojo2ht.top
- file: 124.221.127.90
- hash: 9876
- file: 202.131.82.180
- hash: 80
- file: 45.14.226.152
- hash: 443
- file: 103.97.178.234
- hash: 80
- file: 38.207.185.207
- hash: 80
- file: 154.12.19.25
- hash: 80
- file: 39.101.162.36
- hash: 8888
- file: 101.200.56.205
- hash: 80
- file: 45.61.137.234
- hash: 443
- file: 183.128.141.238
- hash: 5005
- file: 154.12.253.45
- hash: 8088
- file: 92.255.57.33
- hash: 15647
- file: 46.101.85.96
- hash: 80
- file: 45.40.96.97
- hash: 1018
- file: 45.40.96.97
- hash: 2019
- file: 45.40.96.97
- hash: 2020
- file: 45.40.96.97
- hash: 2021
- file: 45.40.96.97
- hash: 2900
- file: 45.40.96.97
- hash: 3313
- file: 45.40.96.97
- hash: 3314
- file: 45.40.96.97
- hash: 5155
- file: 45.40.96.97
- hash: 5505
- file: 45.40.96.97
- hash: 6606
- file: 45.40.96.97
- hash: 6666
- file: 45.40.96.97
- hash: 7707
- file: 45.40.96.97
- hash: 8808
- file: 45.40.96.97
- hash: 9442
- file: 45.40.96.97
- hash: 9443
- file: 45.40.96.97
- hash: 9999
- file: 45.14.226.152
- hash: 80
- file: 8.138.18.181
- hash: 80
- file: 139.196.26.120
- hash: 48584
- file: 128.90.129.125
- hash: 9999
- file: 102.117.160.175
- hash: 7443
- file: 223.155.16.205
- hash: 23333
- file: 223.155.16.206
- hash: 23333
- file: 45.10.243.34
- hash: 1999
- file: 128.90.129.125
- hash: 9442
- file: 185.215.113.64
- hash: 443
- file: 3.128.254.91
- hash: 5050
- url: http://62.204.41.163/c882d91d1df1bdb3.php
- file: 66.63.169.17
- hash: 1979
- url: http://95.215.207.167/076106d399a0a4a4.php
- url: http://k83398f9.beget.tech/l1nc0in.php
- file: 39.106.152.236
- hash: 11443
- url: http://147.45.45.201/pipesql/provider/eternalvoiddb/wordpress6/uploads67/6windows/linepipejavascriptgeobasedatalifewppubliccdn.php
- file: 4.154.103.4
- hash: 54321
- file: 147.185.221.23
- hash: 37212
- url: http://cm45075.tw1.ru/603c38ec.php
- file: 109.172.94.66
- hash: 15666
- url: http://109.120.176.203/api/crazyfish.php
- url: http://194.135.20.4/8/traffic/dumpprivatewp2/bigload8/downloadsgame/temporarymulti6/wplinux/line1/3packetbase/downloadsapipublicto/3tempcdnpublic/private8towp/58cpuasync/26api/javascriptjs/javascript/default/eternalimageprovider/eternaltopollpacketlowapiprotecttrafficwordpress.php
- file: 54.234.69.32
- hash: 333
- file: 52.70.134.237
- hash: 5222
- file: 128.90.129.125
- hash: 5505
- file: 128.90.129.125
- hash: 3314
- file: 128.90.129.125
- hash: 8808
- file: 128.90.129.125
- hash: 6666
- file: 103.186.117.76
- hash: 7707
- url: http://39.106.152.236:11443/load
- file: 103.186.117.76
- hash: 6606
- file: 103.186.117.76
- hash: 8808
- file: 103.187.117.76
- hash: 5584
- file: 154.216.18.171
- hash: 5584
- url: http://95.215.207.66/f4e83cc9bf3bad72.php
- domain: tcfor4pn.top
- url: http://36.48.28.57:44338/mozi.m
- url: http://withcwallet.com/l1nc0in.php
- file: 212.162.149.72
- hash: 27667
- file: 47.96.12.53
- hash: 80
- file: 147.182.171.187
- hash: 443
- file: 23.239.28.166
- hash: 443
- file: 8.220.195.135
- hash: 443
- file: 64.225.60.194
- hash: 7443
- file: 67.207.86.159
- hash: 7443
- file: 45.149.241.113
- hash: 80
- file: 20.163.30.93
- hash: 22
- file: 157.66.197.221
- hash: 8082
- file: 212.162.149.73
- hash: 27667
- file: 154.216.20.57
- hash: 3434
- domain: eightjp8vs.top
ThreatFox IOCs for 2024-11-02
Description
ThreatFox IOCs for 2024-11-02
AI-Powered Analysis
Technical Analysis
The provided information describes a security threat categorized as malware, specifically related to OSINT (Open Source Intelligence) and network activity with a focus on payload delivery. The threat is sourced from the ThreatFox MISP feed and is labeled with a medium severity level. However, the details are sparse: there are no affected versions listed, no known exploits in the wild, no patches available, and no specific indicators of compromise (IOCs) provided. The threat appears to be a collection or report of IOCs related to malware activity observed or predicted around the date 2024-11-02. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination or detection frequency. The tags and categories indicate that this threat relates to OSINT and network-based payload delivery mechanisms, which typically involve the use of publicly available information to facilitate or enhance cyber attacks, often through phishing, malware distribution, or command and control communications. Given the lack of specific technical details such as malware family, attack vectors, or exploited vulnerabilities, this appears to be an early or generalized alert rather than a detailed threat report. The absence of CVEs or CWEs and no patch availability further supports that this is not tied to a known software vulnerability but rather to malware activity detected through network or OSINT methods.
Potential Impact
For European organizations, the impact of this threat is currently difficult to quantify precisely due to the lack of detailed technical information. However, malware associated with OSINT and network payload delivery can lead to significant risks including data exfiltration, system compromise, and disruption of services. Medium severity suggests that while the threat is notable, it may not be immediately critical or widespread. European entities that rely heavily on networked infrastructure and have exposure to open internet services could be vulnerable to initial infection vectors such as phishing or drive-by downloads. The potential impact includes loss of confidentiality if sensitive data is accessed or stolen, integrity issues if malware alters data or system configurations, and availability concerns if payloads include ransomware or destructive components. The lack of known exploits in the wild may indicate that this threat is either emerging or under active monitoring, but organizations should remain vigilant as malware threats can evolve rapidly. The use of OSINT techniques by attackers may also imply targeted reconnaissance against European organizations, increasing the risk for sectors with high-value data or critical infrastructure.
Mitigation Recommendations
Given the nature of the threat and the limited specific details, European organizations should implement targeted mitigations beyond generic advice: 1) Enhance OSINT monitoring capabilities to detect and analyze emerging threat indicators relevant to their sector and geography. 2) Strengthen network defenses by deploying advanced intrusion detection and prevention systems capable of identifying unusual payload delivery patterns. 3) Conduct regular phishing simulation exercises and user awareness training focused on recognizing social engineering tactics that leverage OSINT data. 4) Implement strict network segmentation and least privilege access controls to limit malware propagation if an infection occurs. 5) Maintain up-to-date endpoint detection and response (EDR) solutions with behavioral analysis to detect unknown or polymorphic malware payloads. 6) Collaborate with national and European cybersecurity information sharing platforms to receive timely updates on emerging threats and IOCs. 7) Prepare incident response plans that include procedures for malware containment, eradication, and forensic analysis to quickly address infections related to this threat type.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- ffba5e3d-a038-406b-b572-7498ad17070f
- Original Timestamp
- 1730592190
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file39.100.100.54 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.70.141.78 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file82.115.223.88 | Unknown malware botnet C2 server (confidence level: 100%) | |
file88.209.248.69 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file192.3.95.164 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file192.3.95.164 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file161.35.88.226 | Unknown malware botnet C2 server (confidence level: 100%) | |
file217.107.219.171 | Hook botnet C2 server (confidence level: 100%) | |
file45.149.241.241 | Hook botnet C2 server (confidence level: 100%) | |
file45.149.241.241 | Hook botnet C2 server (confidence level: 100%) | |
file1.94.6.24 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file179.13.10.157 | Remcos botnet C2 server (confidence level: 100%) | |
file185.157.162.126 | Remcos botnet C2 server (confidence level: 100%) | |
file61.216.37.4 | Remcos botnet C2 server (confidence level: 100%) | |
file18.202.226.109 | Sliver botnet C2 server (confidence level: 100%) | |
file92.255.57.31 | SectopRAT botnet C2 server (confidence level: 100%) | |
file4.240.117.185 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.136.231.230 | Havoc botnet C2 server (confidence level: 100%) | |
file171.43.196.20 | Unknown malware botnet C2 server (confidence level: 100%) | |
file83.136.254.53 | MimiKatz botnet C2 server (confidence level: 100%) | |
file123.60.81.51 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.100.108.3 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.180.94.234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file31.13.224.12 | Quasar RAT botnet C2 server (confidence level: 75%) | |
file31.13.224.13 | Quasar RAT botnet C2 server (confidence level: 75%) | |
file43.135.183.120 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file140.143.142.93 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.100.100.54 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.208.156.248 | Remcos botnet C2 server (confidence level: 100%) | |
file161.35.88.226 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.216.19.64 | Mirai botnet C2 server (confidence level: 75%) | |
file51.75.171.9 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file2.57.149.133 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file4.228.228.120 | XWorm botnet C2 server (confidence level: 100%) | |
file45.130.145.59 | XWorm botnet C2 server (confidence level: 100%) | |
file51.20.118.144 | XWorm botnet C2 server (confidence level: 100%) | |
file94.46.207.10 | XWorm botnet C2 server (confidence level: 100%) | |
file159.223.206.14 | XWorm botnet C2 server (confidence level: 100%) | |
file178.215.224.96 | XWorm botnet C2 server (confidence level: 100%) | |
file185.84.161.76 | XWorm botnet C2 server (confidence level: 100%) | |
file159.223.206.14 | XWorm botnet C2 server (confidence level: 100%) | |
file159.223.206.14 | XWorm botnet C2 server (confidence level: 100%) | |
file107.149.212.147 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file108.228.0.61 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file124.221.127.90 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file202.131.82.180 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.14.226.152 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.97.178.234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.207.185.207 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.12.19.25 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.101.162.36 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.200.56.205 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.61.137.234 | Sliver botnet C2 server (confidence level: 100%) | |
file183.128.141.238 | Sliver botnet C2 server (confidence level: 100%) | |
file154.12.253.45 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file92.255.57.33 | SectopRAT botnet C2 server (confidence level: 100%) | |
file46.101.85.96 | Havoc botnet C2 server (confidence level: 100%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.14.226.152 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.138.18.181 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file139.196.26.120 | Sliver botnet C2 server (confidence level: 100%) | |
file128.90.129.125 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file102.117.160.175 | Unknown malware botnet C2 server (confidence level: 100%) | |
file223.155.16.205 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file223.155.16.206 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file45.10.243.34 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file128.90.129.125 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.215.113.64 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file3.128.254.91 | NjRAT botnet C2 server (confidence level: 100%) | |
file66.63.169.17 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file39.106.152.236 | Meterpreter botnet C2 server (confidence level: 100%) | |
file4.154.103.4 | Meterpreter botnet C2 server (confidence level: 100%) | |
file147.185.221.23 | NjRAT botnet C2 server (confidence level: 100%) | |
file109.172.94.66 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
file54.234.69.32 | Revenge RAT botnet C2 server (confidence level: 100%) | |
file52.70.134.237 | Revenge RAT botnet C2 server (confidence level: 100%) | |
file128.90.129.125 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.129.125 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.129.125 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.129.125 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file103.186.117.76 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file103.186.117.76 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file103.186.117.76 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file103.187.117.76 | Remcos botnet C2 server (confidence level: 75%) | |
file154.216.18.171 | Remcos botnet C2 server (confidence level: 75%) | |
file212.162.149.72 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file47.96.12.53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file147.182.171.187 | Sliver botnet C2 server (confidence level: 100%) | |
file23.239.28.166 | Sliver botnet C2 server (confidence level: 100%) | |
file8.220.195.135 | Sliver botnet C2 server (confidence level: 100%) | |
file64.225.60.194 | Unknown malware botnet C2 server (confidence level: 100%) | |
file67.207.86.159 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.149.241.113 | Hook botnet C2 server (confidence level: 100%) | |
file20.163.30.93 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file157.66.197.221 | ERMAC botnet C2 server (confidence level: 100%) | |
file212.162.149.73 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file154.216.20.57 | Hook botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8090 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash50555 | Hook botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Remcos botnet C2 server (confidence level: 100%) | |
hash1991 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash15647 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8088 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8000 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash61512 | Quasar RAT botnet C2 server (confidence level: 75%) | |
hash61513 | Quasar RAT botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3778 | Mirai botnet C2 server (confidence level: 75%) | |
hash5151 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash1912 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash4404 | XWorm botnet C2 server (confidence level: 100%) | |
hash69 | XWorm botnet C2 server (confidence level: 100%) | |
hash1177 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7886 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash80 | XWorm botnet C2 server (confidence level: 100%) | |
hash443 | XWorm botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash39506 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9876 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash5005 | Sliver botnet C2 server (confidence level: 100%) | |
hash8088 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash15647 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash1018 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash2019 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash2020 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash2021 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash2900 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash3313 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash3314 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash5155 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash5505 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash6666 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash9442 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash9443 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash9999 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash48584 | Sliver botnet C2 server (confidence level: 100%) | |
hash9999 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash23333 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash23333 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash1999 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash9442 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash5050 | NjRAT botnet C2 server (confidence level: 100%) | |
hash1979 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash11443 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash54321 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash37212 | NjRAT botnet C2 server (confidence level: 100%) | |
hash15666 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
hash333 | Revenge RAT botnet C2 server (confidence level: 100%) | |
hash5222 | Revenge RAT botnet C2 server (confidence level: 100%) | |
hash5505 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash3314 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6666 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash5584 | Remcos botnet C2 server (confidence level: 75%) | |
hash5584 | Remcos botnet C2 server (confidence level: 75%) | |
hash27667 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash22 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8082 | ERMAC botnet C2 server (confidence level: 100%) | |
hash27667 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash3434 | Hook botnet C2 server (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://mundiprep.com/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://62.204.41.163/c882d91d1df1bdb3.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://95.215.207.167/076106d399a0a4a4.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://k83398f9.beget.tech/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://147.45.45.201/pipesql/provider/eternalvoiddb/wordpress6/uploads67/6windows/linepipejavascriptgeobasedatalifewppubliccdn.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://cm45075.tw1.ru/603c38ec.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://109.120.176.203/api/crazyfish.php | PrivateLoader botnet C2 (confidence level: 100%) | |
urlhttp://194.135.20.4/8/traffic/dumpprivatewp2/bigload8/downloadsgame/temporarymulti6/wplinux/line1/3packetbase/downloadsapipublicto/3tempcdnpublic/private8towp/58cpuasync/26api/javascriptjs/javascript/default/eternalimageprovider/eternaltopollpacketlowapiprotecttrafficwordpress.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://39.106.152.236:11443/load | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://95.215.207.66/f4e83cc9bf3bad72.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://36.48.28.57:44338/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttp://withcwallet.com/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainmundiprep.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainloader.ssag00v-0ffical.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainteebro1800.dynamic-dns.net | Remcos botnet C2 domain (confidence level: 100%) | |
domainmx5.deitie.asia | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainorchestratb.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwww.izoa.netsons.org | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainreleases.gotraffic.fr | MimiKatz botnet C2 domain (confidence level: 100%) | |
domainninjo19ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainonejo1ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsevjoi17ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsixjo16ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaineightjo18ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfivejp5ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainneinjp9ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsivjp6ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintenjp10ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintwojo2ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintcfor4pn.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaineightjp8vs.top | CryptBot botnet C2 domain (confidence level: 100%) |
Threat ID: 68359c995d5f0974d01dfa4b
Added to database: 5/27/2025, 11:06:01 AM
Last enriched: 7/5/2025, 10:56:57 PM
Last updated: 8/14/2025, 4:54:18 PM
Views: 11
Related Threats
ThreatFox IOCs for 2025-08-16
MediumScammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumThreatFox IOCs for 2025-08-15
MediumThreat Actor Profile: Interlock Ransomware
Medium'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.