ThreatFox IOCs for 2024-11-02
ThreatFox IOCs for 2024-11-02
AI Analysis
Technical Summary
The provided threat information pertains to a malware-related intelligence report titled 'ThreatFox IOCs for 2024-11-02,' sourced from ThreatFox. The threat is categorized under OSINT (Open Source Intelligence), network activity, and payload delivery, indicating that it involves the collection and dissemination of Indicators of Compromise (IOCs) related to malware campaigns or network-based threats. The absence of specific affected versions or products suggests this is a general intelligence update rather than a vulnerability tied to a particular software product. The threat level is indicated as 2 (on an unspecified scale), with moderate distribution (level 3) and minimal analysis (level 1), implying that the threat is somewhat widespread but not deeply analyzed or understood yet. No patches are available, and no known exploits are currently active in the wild, which suggests that this intelligence is primarily for situational awareness and proactive defense rather than immediate incident response. The lack of detailed technical indicators or CWEs (Common Weakness Enumerations) further supports that this is an OSINT feed focused on network activity and payload delivery mechanisms rather than a specific exploit or vulnerability. The 'tlp:white' tag indicates that the information is publicly shareable without restriction, which aligns with the OSINT nature of the data. Overall, this threat intelligence report serves as a situational update on emerging or ongoing malware-related network activities, emphasizing the importance of monitoring network traffic and payload delivery methods to detect potential threats early.
Potential Impact
For European organizations, the impact of this threat is primarily related to the potential for increased exposure to malware campaigns that utilize network-based payload delivery. Since the threat is disseminated through OSINT channels and involves network activity, organizations with extensive internet-facing infrastructure or those heavily reliant on network communications could face risks of malware infiltration, data exfiltration, or service disruption. The medium severity rating suggests a moderate risk level, meaning that while immediate critical damage is unlikely, persistent or widespread infections could lead to operational disruptions, compromise of sensitive data, or degradation of network performance. The lack of specific affected products or versions means that the threat could potentially impact a broad range of systems, especially those that do not have robust network monitoring or intrusion detection capabilities. European organizations in sectors such as finance, critical infrastructure, telecommunications, and government may be particularly sensitive due to their strategic importance and the value of their data. Additionally, the absence of known exploits in the wild currently reduces the immediate risk but does not eliminate the possibility of future exploitation as threat actors analyze and leverage the provided IOCs.
Mitigation Recommendations
Given the OSINT and network activity focus of this threat, European organizations should implement enhanced network monitoring and anomaly detection to identify unusual payload delivery attempts. Specific recommendations include: 1) Deploy and regularly update network intrusion detection/prevention systems (IDS/IPS) with the latest threat intelligence feeds, including those from ThreatFox, to detect known IOCs and suspicious network patterns. 2) Conduct regular network traffic analysis to identify unusual outbound or inbound connections that could indicate payload delivery or command-and-control communications. 3) Implement strict network segmentation to limit lateral movement in case of infection. 4) Enforce robust email and web filtering solutions to reduce the risk of malware payload delivery via phishing or drive-by downloads. 5) Maintain up-to-date endpoint protection platforms with behavioral analysis capabilities to detect and block unknown or polymorphic malware. 6) Engage in threat hunting exercises using the latest OSINT data to proactively identify potential compromises. 7) Train security teams to interpret and act upon OSINT reports effectively, integrating them into incident response workflows. These measures go beyond generic advice by emphasizing proactive network-level defenses and the integration of OSINT into operational security processes.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium, Sweden, Finland
Indicators of Compromise
- file: 39.100.100.54
- hash: 8443
- file: 124.70.141.78
- hash: 80
- file: 82.115.223.88
- hash: 80
- file: 88.209.248.69
- hash: 6606
- file: 192.3.95.164
- hash: 8000
- file: 192.3.95.164
- hash: 8090
- file: 161.35.88.226
- hash: 7443
- file: 217.107.219.171
- hash: 80
- file: 45.149.241.241
- hash: 8089
- file: 45.149.241.241
- hash: 50555
- url: https://mundiprep.com/work/index.php
- domain: mundiprep.com
- file: 1.94.6.24
- hash: 4444
- domain: loader.ssag00v-0ffical.com
- domain: teebro1800.dynamic-dns.net
- file: 179.13.10.157
- hash: 8088
- file: 185.157.162.126
- hash: 1991
- file: 61.216.37.4
- hash: 2404
- file: 18.202.226.109
- hash: 443
- file: 92.255.57.31
- hash: 15647
- file: 4.240.117.185
- hash: 7443
- domain: mx5.deitie.asia
- file: 3.136.231.230
- hash: 443
- file: 171.43.196.20
- hash: 8088
- file: 83.136.254.53
- hash: 8000
- file: 123.60.81.51
- hash: 80
- file: 39.100.108.3
- hash: 80
- file: 38.180.94.234
- hash: 1234
- file: 31.13.224.12
- hash: 61512
- file: 31.13.224.13
- hash: 61513
- file: 43.135.183.120
- hash: 443
- file: 140.143.142.93
- hash: 8888
- file: 39.100.100.54
- hash: 443
- file: 185.208.156.248
- hash: 2404
- domain: orchestratb.cyou
- file: 161.35.88.226
- hash: 443
- domain: www.izoa.netsons.org
- domain: releases.gotraffic.fr
- file: 154.216.19.64
- hash: 3778
- file: 51.75.171.9
- hash: 5151
- file: 2.57.149.133
- hash: 1912
- file: 4.228.228.120
- hash: 7000
- file: 45.130.145.59
- hash: 4404
- file: 51.20.118.144
- hash: 69
- file: 94.46.207.10
- hash: 1177
- file: 159.223.206.14
- hash: 7000
- file: 178.215.224.96
- hash: 7886
- file: 185.84.161.76
- hash: 7000
- file: 159.223.206.14
- hash: 80
- file: 159.223.206.14
- hash: 443
- file: 107.149.212.147
- hash: 4449
- file: 108.228.0.61
- hash: 39506
- domain: ninjo19ht.top
- domain: onejo1ht.top
- domain: sevjoi17ht.top
- domain: sixjo16ht.top
- domain: eightjo18ht.top
- domain: fivejp5ht.top
- domain: neinjp9ht.top
- domain: sivjp6ht.top
- domain: tenjp10ht.top
- domain: twojo2ht.top
- file: 124.221.127.90
- hash: 9876
- file: 202.131.82.180
- hash: 80
- file: 45.14.226.152
- hash: 443
- file: 103.97.178.234
- hash: 80
- file: 38.207.185.207
- hash: 80
- file: 154.12.19.25
- hash: 80
- file: 39.101.162.36
- hash: 8888
- file: 101.200.56.205
- hash: 80
- file: 45.61.137.234
- hash: 443
- file: 183.128.141.238
- hash: 5005
- file: 154.12.253.45
- hash: 8088
- file: 92.255.57.33
- hash: 15647
- file: 46.101.85.96
- hash: 80
- file: 45.40.96.97
- hash: 1018
- file: 45.40.96.97
- hash: 2019
- file: 45.40.96.97
- hash: 2020
- file: 45.40.96.97
- hash: 2021
- file: 45.40.96.97
- hash: 2900
- file: 45.40.96.97
- hash: 3313
- file: 45.40.96.97
- hash: 3314
- file: 45.40.96.97
- hash: 5155
- file: 45.40.96.97
- hash: 5505
- file: 45.40.96.97
- hash: 6606
- file: 45.40.96.97
- hash: 6666
- file: 45.40.96.97
- hash: 7707
- file: 45.40.96.97
- hash: 8808
- file: 45.40.96.97
- hash: 9442
- file: 45.40.96.97
- hash: 9443
- file: 45.40.96.97
- hash: 9999
- file: 45.14.226.152
- hash: 80
- file: 8.138.18.181
- hash: 80
- file: 139.196.26.120
- hash: 48584
- file: 128.90.129.125
- hash: 9999
- file: 102.117.160.175
- hash: 7443
- file: 223.155.16.205
- hash: 23333
- file: 223.155.16.206
- hash: 23333
- file: 45.10.243.34
- hash: 1999
- file: 128.90.129.125
- hash: 9442
- file: 185.215.113.64
- hash: 443
- file: 3.128.254.91
- hash: 5050
- url: http://62.204.41.163/c882d91d1df1bdb3.php
- file: 66.63.169.17
- hash: 1979
- url: http://95.215.207.167/076106d399a0a4a4.php
- url: http://k83398f9.beget.tech/l1nc0in.php
- file: 39.106.152.236
- hash: 11443
- url: http://147.45.45.201/pipesql/provider/eternalvoiddb/wordpress6/uploads67/6windows/linepipejavascriptgeobasedatalifewppubliccdn.php
- file: 4.154.103.4
- hash: 54321
- file: 147.185.221.23
- hash: 37212
- url: http://cm45075.tw1.ru/603c38ec.php
- file: 109.172.94.66
- hash: 15666
- url: http://109.120.176.203/api/crazyfish.php
- url: http://194.135.20.4/8/traffic/dumpprivatewp2/bigload8/downloadsgame/temporarymulti6/wplinux/line1/3packetbase/downloadsapipublicto/3tempcdnpublic/private8towp/58cpuasync/26api/javascriptjs/javascript/default/eternalimageprovider/eternaltopollpacketlowapiprotecttrafficwordpress.php
- file: 54.234.69.32
- hash: 333
- file: 52.70.134.237
- hash: 5222
- file: 128.90.129.125
- hash: 5505
- file: 128.90.129.125
- hash: 3314
- file: 128.90.129.125
- hash: 8808
- file: 128.90.129.125
- hash: 6666
- file: 103.186.117.76
- hash: 7707
- url: http://39.106.152.236:11443/load
- file: 103.186.117.76
- hash: 6606
- file: 103.186.117.76
- hash: 8808
- file: 103.187.117.76
- hash: 5584
- file: 154.216.18.171
- hash: 5584
- url: http://95.215.207.66/f4e83cc9bf3bad72.php
- domain: tcfor4pn.top
- url: http://36.48.28.57:44338/mozi.m
- url: http://withcwallet.com/l1nc0in.php
- file: 212.162.149.72
- hash: 27667
- file: 47.96.12.53
- hash: 80
- file: 147.182.171.187
- hash: 443
- file: 23.239.28.166
- hash: 443
- file: 8.220.195.135
- hash: 443
- file: 64.225.60.194
- hash: 7443
- file: 67.207.86.159
- hash: 7443
- file: 45.149.241.113
- hash: 80
- file: 20.163.30.93
- hash: 22
- file: 157.66.197.221
- hash: 8082
- file: 212.162.149.73
- hash: 27667
- file: 154.216.20.57
- hash: 3434
- domain: eightjp8vs.top
ThreatFox IOCs for 2024-11-02
Description
ThreatFox IOCs for 2024-11-02
AI-Powered Analysis
Technical Analysis
The provided threat information pertains to a malware-related intelligence report titled 'ThreatFox IOCs for 2024-11-02,' sourced from ThreatFox. The threat is categorized under OSINT (Open Source Intelligence), network activity, and payload delivery, indicating that it involves the collection and dissemination of Indicators of Compromise (IOCs) related to malware campaigns or network-based threats. The absence of specific affected versions or products suggests this is a general intelligence update rather than a vulnerability tied to a particular software product. The threat level is indicated as 2 (on an unspecified scale), with moderate distribution (level 3) and minimal analysis (level 1), implying that the threat is somewhat widespread but not deeply analyzed or understood yet. No patches are available, and no known exploits are currently active in the wild, which suggests that this intelligence is primarily for situational awareness and proactive defense rather than immediate incident response. The lack of detailed technical indicators or CWEs (Common Weakness Enumerations) further supports that this is an OSINT feed focused on network activity and payload delivery mechanisms rather than a specific exploit or vulnerability. The 'tlp:white' tag indicates that the information is publicly shareable without restriction, which aligns with the OSINT nature of the data. Overall, this threat intelligence report serves as a situational update on emerging or ongoing malware-related network activities, emphasizing the importance of monitoring network traffic and payload delivery methods to detect potential threats early.
Potential Impact
For European organizations, the impact of this threat is primarily related to the potential for increased exposure to malware campaigns that utilize network-based payload delivery. Since the threat is disseminated through OSINT channels and involves network activity, organizations with extensive internet-facing infrastructure or those heavily reliant on network communications could face risks of malware infiltration, data exfiltration, or service disruption. The medium severity rating suggests a moderate risk level, meaning that while immediate critical damage is unlikely, persistent or widespread infections could lead to operational disruptions, compromise of sensitive data, or degradation of network performance. The lack of specific affected products or versions means that the threat could potentially impact a broad range of systems, especially those that do not have robust network monitoring or intrusion detection capabilities. European organizations in sectors such as finance, critical infrastructure, telecommunications, and government may be particularly sensitive due to their strategic importance and the value of their data. Additionally, the absence of known exploits in the wild currently reduces the immediate risk but does not eliminate the possibility of future exploitation as threat actors analyze and leverage the provided IOCs.
Mitigation Recommendations
Given the OSINT and network activity focus of this threat, European organizations should implement enhanced network monitoring and anomaly detection to identify unusual payload delivery attempts. Specific recommendations include: 1) Deploy and regularly update network intrusion detection/prevention systems (IDS/IPS) with the latest threat intelligence feeds, including those from ThreatFox, to detect known IOCs and suspicious network patterns. 2) Conduct regular network traffic analysis to identify unusual outbound or inbound connections that could indicate payload delivery or command-and-control communications. 3) Implement strict network segmentation to limit lateral movement in case of infection. 4) Enforce robust email and web filtering solutions to reduce the risk of malware payload delivery via phishing or drive-by downloads. 5) Maintain up-to-date endpoint protection platforms with behavioral analysis capabilities to detect and block unknown or polymorphic malware. 6) Engage in threat hunting exercises using the latest OSINT data to proactively identify potential compromises. 7) Train security teams to interpret and act upon OSINT reports effectively, integrating them into incident response workflows. These measures go beyond generic advice by emphasizing proactive network-level defenses and the integration of OSINT into operational security processes.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- ffba5e3d-a038-406b-b572-7498ad17070f
- Original Timestamp
- 1730592190
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file39.100.100.54 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.70.141.78 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file82.115.223.88 | Unknown malware botnet C2 server (confidence level: 100%) | |
file88.209.248.69 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file192.3.95.164 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file192.3.95.164 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file161.35.88.226 | Unknown malware botnet C2 server (confidence level: 100%) | |
file217.107.219.171 | Hook botnet C2 server (confidence level: 100%) | |
file45.149.241.241 | Hook botnet C2 server (confidence level: 100%) | |
file45.149.241.241 | Hook botnet C2 server (confidence level: 100%) | |
file1.94.6.24 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file179.13.10.157 | Remcos botnet C2 server (confidence level: 100%) | |
file185.157.162.126 | Remcos botnet C2 server (confidence level: 100%) | |
file61.216.37.4 | Remcos botnet C2 server (confidence level: 100%) | |
file18.202.226.109 | Sliver botnet C2 server (confidence level: 100%) | |
file92.255.57.31 | SectopRAT botnet C2 server (confidence level: 100%) | |
file4.240.117.185 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.136.231.230 | Havoc botnet C2 server (confidence level: 100%) | |
file171.43.196.20 | Unknown malware botnet C2 server (confidence level: 100%) | |
file83.136.254.53 | MimiKatz botnet C2 server (confidence level: 100%) | |
file123.60.81.51 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.100.108.3 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.180.94.234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file31.13.224.12 | Quasar RAT botnet C2 server (confidence level: 75%) | |
file31.13.224.13 | Quasar RAT botnet C2 server (confidence level: 75%) | |
file43.135.183.120 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file140.143.142.93 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.100.100.54 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.208.156.248 | Remcos botnet C2 server (confidence level: 100%) | |
file161.35.88.226 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.216.19.64 | Mirai botnet C2 server (confidence level: 75%) | |
file51.75.171.9 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file2.57.149.133 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file4.228.228.120 | XWorm botnet C2 server (confidence level: 100%) | |
file45.130.145.59 | XWorm botnet C2 server (confidence level: 100%) | |
file51.20.118.144 | XWorm botnet C2 server (confidence level: 100%) | |
file94.46.207.10 | XWorm botnet C2 server (confidence level: 100%) | |
file159.223.206.14 | XWorm botnet C2 server (confidence level: 100%) | |
file178.215.224.96 | XWorm botnet C2 server (confidence level: 100%) | |
file185.84.161.76 | XWorm botnet C2 server (confidence level: 100%) | |
file159.223.206.14 | XWorm botnet C2 server (confidence level: 100%) | |
file159.223.206.14 | XWorm botnet C2 server (confidence level: 100%) | |
file107.149.212.147 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file108.228.0.61 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file124.221.127.90 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file202.131.82.180 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.14.226.152 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.97.178.234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.207.185.207 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.12.19.25 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.101.162.36 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.200.56.205 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.61.137.234 | Sliver botnet C2 server (confidence level: 100%) | |
file183.128.141.238 | Sliver botnet C2 server (confidence level: 100%) | |
file154.12.253.45 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file92.255.57.33 | SectopRAT botnet C2 server (confidence level: 100%) | |
file46.101.85.96 | Havoc botnet C2 server (confidence level: 100%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.40.96.97 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.14.226.152 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.138.18.181 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file139.196.26.120 | Sliver botnet C2 server (confidence level: 100%) | |
file128.90.129.125 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file102.117.160.175 | Unknown malware botnet C2 server (confidence level: 100%) | |
file223.155.16.205 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file223.155.16.206 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file45.10.243.34 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file128.90.129.125 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.215.113.64 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file3.128.254.91 | NjRAT botnet C2 server (confidence level: 100%) | |
file66.63.169.17 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file39.106.152.236 | Meterpreter botnet C2 server (confidence level: 100%) | |
file4.154.103.4 | Meterpreter botnet C2 server (confidence level: 100%) | |
file147.185.221.23 | NjRAT botnet C2 server (confidence level: 100%) | |
file109.172.94.66 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
file54.234.69.32 | Revenge RAT botnet C2 server (confidence level: 100%) | |
file52.70.134.237 | Revenge RAT botnet C2 server (confidence level: 100%) | |
file128.90.129.125 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.129.125 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.129.125 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.129.125 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file103.186.117.76 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file103.186.117.76 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file103.186.117.76 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file103.187.117.76 | Remcos botnet C2 server (confidence level: 75%) | |
file154.216.18.171 | Remcos botnet C2 server (confidence level: 75%) | |
file212.162.149.72 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file47.96.12.53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file147.182.171.187 | Sliver botnet C2 server (confidence level: 100%) | |
file23.239.28.166 | Sliver botnet C2 server (confidence level: 100%) | |
file8.220.195.135 | Sliver botnet C2 server (confidence level: 100%) | |
file64.225.60.194 | Unknown malware botnet C2 server (confidence level: 100%) | |
file67.207.86.159 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.149.241.113 | Hook botnet C2 server (confidence level: 100%) | |
file20.163.30.93 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file157.66.197.221 | ERMAC botnet C2 server (confidence level: 100%) | |
file212.162.149.73 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file154.216.20.57 | Hook botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8090 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash50555 | Hook botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Remcos botnet C2 server (confidence level: 100%) | |
hash1991 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash15647 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8088 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8000 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash61512 | Quasar RAT botnet C2 server (confidence level: 75%) | |
hash61513 | Quasar RAT botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3778 | Mirai botnet C2 server (confidence level: 75%) | |
hash5151 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash1912 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash4404 | XWorm botnet C2 server (confidence level: 100%) | |
hash69 | XWorm botnet C2 server (confidence level: 100%) | |
hash1177 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7886 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash80 | XWorm botnet C2 server (confidence level: 100%) | |
hash443 | XWorm botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash39506 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9876 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash5005 | Sliver botnet C2 server (confidence level: 100%) | |
hash8088 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash15647 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash1018 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash2019 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash2020 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash2021 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash2900 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash3313 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash3314 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash5155 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash5505 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash6666 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash9442 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash9443 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash9999 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash48584 | Sliver botnet C2 server (confidence level: 100%) | |
hash9999 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash23333 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash23333 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash1999 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash9442 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash5050 | NjRAT botnet C2 server (confidence level: 100%) | |
hash1979 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash11443 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash54321 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash37212 | NjRAT botnet C2 server (confidence level: 100%) | |
hash15666 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
hash333 | Revenge RAT botnet C2 server (confidence level: 100%) | |
hash5222 | Revenge RAT botnet C2 server (confidence level: 100%) | |
hash5505 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash3314 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6666 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash5584 | Remcos botnet C2 server (confidence level: 75%) | |
hash5584 | Remcos botnet C2 server (confidence level: 75%) | |
hash27667 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash22 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8082 | ERMAC botnet C2 server (confidence level: 100%) | |
hash27667 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash3434 | Hook botnet C2 server (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://mundiprep.com/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://62.204.41.163/c882d91d1df1bdb3.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://95.215.207.167/076106d399a0a4a4.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://k83398f9.beget.tech/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://147.45.45.201/pipesql/provider/eternalvoiddb/wordpress6/uploads67/6windows/linepipejavascriptgeobasedatalifewppubliccdn.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://cm45075.tw1.ru/603c38ec.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://109.120.176.203/api/crazyfish.php | PrivateLoader botnet C2 (confidence level: 100%) | |
urlhttp://194.135.20.4/8/traffic/dumpprivatewp2/bigload8/downloadsgame/temporarymulti6/wplinux/line1/3packetbase/downloadsapipublicto/3tempcdnpublic/private8towp/58cpuasync/26api/javascriptjs/javascript/default/eternalimageprovider/eternaltopollpacketlowapiprotecttrafficwordpress.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://39.106.152.236:11443/load | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://95.215.207.66/f4e83cc9bf3bad72.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://36.48.28.57:44338/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttp://withcwallet.com/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainmundiprep.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainloader.ssag00v-0ffical.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainteebro1800.dynamic-dns.net | Remcos botnet C2 domain (confidence level: 100%) | |
domainmx5.deitie.asia | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainorchestratb.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwww.izoa.netsons.org | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainreleases.gotraffic.fr | MimiKatz botnet C2 domain (confidence level: 100%) | |
domainninjo19ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainonejo1ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsevjoi17ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsixjo16ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaineightjo18ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfivejp5ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainneinjp9ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsivjp6ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintenjp10ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintwojo2ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintcfor4pn.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaineightjp8vs.top | CryptBot botnet C2 domain (confidence level: 100%) |
Threat ID: 682acdc2bbaf20d303f1411d
Added to database: 5/19/2025, 6:20:50 AM
Last enriched: 6/18/2025, 9:35:32 AM
Last updated: 8/11/2025, 5:13:17 AM
Views: 9
Related Threats
ThreatFox IOCs for 2025-08-18
MediumFake ChatGPT Desktop App Delivering PipeMagic Backdoor, Microsoft
MediumPhishing Scam with Fake Copyright Notices Drops New Noodlophile Stealer Variant
MediumThreatFox IOCs for 2025-08-17
MediumThreatFox IOCs for 2025-08-16
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.