ThreatFox IOCs for 2024-12-16
Severity: mediumType: malware
ThreatFox IOCs for 2024-12-16
AI Analysis
Technical Summary
The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2024-12-16 by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), network activity, and payload delivery. The data appears to be a collection of threat intelligence indicators rather than a specific vulnerability or exploit targeting a particular product or version. The absence of affected versions and patch availability suggests that this is not a newly discovered software vulnerability but rather intelligence related to ongoing or emerging malware campaigns or threat actor activities. The threat level is indicated as medium, with technical details showing moderate distribution (3) and low threat level (2) and analysis (1) scores, implying that while the threat is recognized, it may not be widespread or highly sophisticated at this time. The lack of known exploits in the wild further supports that this is intelligence gathering or preparatory activity rather than an active, high-impact attack. The classification under OSINT and network activity suggests that the threat involves monitoring or exploitation of network communications, possibly involving delivery of malicious payloads through network vectors. However, the absence of specific technical indicators or detailed attack vectors limits the ability to precisely define the malware behavior or its attack mechanisms.
Potential Impact
For European organizations, the impact of this threat is currently assessed as moderate due to the medium severity rating and the nature of the threat as OSINT-related malware activity. Potential impacts include unauthorized network activity leading to data exfiltration, reconnaissance, or delivery of malicious payloads that could compromise confidentiality and integrity of information systems. Given the lack of specific exploit details or known active campaigns, the immediate risk may be limited, but organizations should remain vigilant as such intelligence often precedes more targeted attacks. The impact could be more pronounced for sectors relying heavily on networked infrastructure and sensitive data, such as finance, government, and critical infrastructure. The threat's focus on payload delivery could lead to secondary infections or lateral movement within networks if exploited successfully.
Mitigation Recommendations
European organizations should enhance their threat intelligence capabilities by integrating feeds like ThreatFox into their security monitoring systems to detect and respond to emerging IOCs promptly. Network segmentation and strict access controls can limit the spread of any payload delivered through network activity. Employing advanced network traffic analysis and anomaly detection tools will help identify suspicious communications indicative of this threat. Regular employee training on recognizing phishing or social engineering attempts that may serve as initial infection vectors is essential. Since no patches are available, organizations should focus on proactive detection and containment strategies, including timely updating of endpoint protection platforms and ensuring robust incident response plans are in place. Collaboration with national and European cybersecurity agencies to share intelligence and best practices will also strengthen defenses against evolving threats.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- file: 147.185.221.24
- hash: 27437
- domain: carolina-oxide.gl.at.ply.gg
- url: https://theinb.com/6h6d4.js
- domain: theinb.com
- url: https://theinb.com/js.php
- url: https://matelitcleaning.com/webpanel/panel/login.php
- file: 47.98.185.157
- hash: 8080
- file: 52.166.123.20
- hash: 443
- file: 18.170.117.232
- hash: 80
- file: 45.137.81.84
- hash: 443
- file: 34.244.213.212
- hash: 443
- file: 47.92.77.57
- hash: 443
- file: 61.135.130.190
- hash: 443
- file: 45.145.229.234
- hash: 443
- file: 120.79.135.77
- hash: 443
- file: 61.135.130.191
- hash: 443
- file: 211.149.243.119
- hash: 10443
- file: 1.94.141.87
- hash: 50050
- file: 47.83.233.177
- hash: 443
- file: 38.46.12.68
- hash: 14250
- file: 1.94.113.115
- hash: 443
- file: 113.45.153.104
- hash: 443
- file: 218.30.103.192
- hash: 443
- file: 148.135.44.218
- hash: 4433
- file: 123.57.245.136
- hash: 8888
- file: 218.30.103.198
- hash: 443
- file: 47.92.130.102
- hash: 443
- file: 43.202.33.84
- hash: 80
- file: 218.30.103.182
- hash: 443
- file: 23.27.101.82
- hash: 80
- file: 82.67.60.21
- hash: 80
- file: 218.30.103.130
- hash: 443
- file: 118.89.198.206
- hash: 2087
- file: 61.135.130.179
- hash: 444
- file: 74.48.77.147
- hash: 443
- file: 3.15.169.57
- hash: 443
- file: 121.40.120.206
- hash: 80
- file: 103.234.72.56
- hash: 443
- file: 103.140.186.155
- hash: 443
- file: 2.56.125.55
- hash: 443
- file: 45.119.99.5
- hash: 50443
- file: 104.131.174.71
- hash: 443
- file: 35.232.8.38
- hash: 80
- file: 36.133.19.66
- hash: 10250
- file: 218.30.103.189
- hash: 443
- file: 154.12.82.72
- hash: 80
- file: 47.92.213.224
- hash: 443
- file: 218.30.103.168
- hash: 443
- file: 118.25.85.56
- hash: 443
- file: 101.35.210.224
- hash: 59443
- file: 52.56.196.38
- hash: 443
- file: 154.201.87.109
- hash: 18084
- file: 106.38.201.40
- hash: 8443
- file: 36.133.18.101
- hash: 10250
- file: 18.234.229.2
- hash: 443
- file: 44.222.217.17
- hash: 80
- file: 47.122.69.106
- hash: 443
- file: 64.225.127.146
- hash: 443
- file: 124.71.0.187
- hash: 8443
- file: 99.79.73.121
- hash: 443
- file: 167.179.81.6
- hash: 4433
- file: 3.236.59.222
- hash: 443
- file: 119.45.251.70
- hash: 80
- file: 3.230.115.153
- hash: 443
- file: 47.92.92.147
- hash: 443
- file: 64.237.48.195
- hash: 443
- file: 44.209.166.148
- hash: 443
- file: 192.3.39.166
- hash: 7788
- file: 39.100.73.161
- hash: 443
- file: 45.155.54.29
- hash: 80
- file: 64.94.84.219
- hash: 443
- file: 20.5.43.62
- hash: 80
- file: 192.241.162.4
- hash: 443
- file: 121.36.53.239
- hash: 8080
- file: 82.67.60.21
- hash: 80
- file: 20.5.43.62
- hash: 80
- domain: ferp.googledns.io
- domain: hk-dns.secssl.com
- domain: hk-dns.winsiked.com
- domain: hk-dns.wkossclsaleklddeff.is
- domain: hk-dns.wkossclsaleklddeff.io
- url: http://48.210.203.51:8888/supershell/login/
- file: 216.9.224.113
- hash: 443
- file: 101.126.21.197
- hash: 2087
- file: 18.138.186.108
- hash: 8844
- file: 142.171.11.197
- hash: 8888
- file: 198.244.206.8
- hash: 222
- file: 185.133.248.219
- hash: 80
- file: 194.26.192.165
- hash: 222
- file: 194.26.192.165
- hash: 777
- file: 194.26.192.165
- hash: 4444
- file: 194.26.192.42
- hash: 80
- file: 14.128.54.9
- hash: 8880
- file: 206.189.37.158
- hash: 80
- domain: www.silentlegion.duckdns.org
- file: 45.130.147.118
- hash: 443
- file: 38.180.190.6
- hash: 80
- file: 38.180.190.6
- hash: 443
- file: 207.32.217.167
- hash: 888
- file: 142.11.201.38
- hash: 8097
- file: 156.195.247.146
- hash: 222
- file: 142.11.201.34
- hash: 8097
- file: 194.26.192.165
- hash: 2222
- file: 138.197.182.249
- hash: 7443
- file: 103.29.189.125
- hash: 443
- domain: t1p9jbex8g.silentlegion.duckdns.org
- domain: sedone.online
- domain: ec2-98-84-163-18.compute-1.amazonaws.com
- domain: www.sleepy-khorana.193-239-86-216.plesk.page
- domain: portal.avina.cloud
- domain: capitalunionbank.co
- domain: ec2-54-234-71-196.compute-1.amazonaws.com
- file: 106.53.98.153
- hash: 60000
- file: 156.224.139.149
- hash: 60000
- file: 47.98.162.159
- hash: 60000
- file: 8.130.68.92
- hash: 60000
- file: 3.85.56.197
- hash: 3333
- file: 156.67.104.213
- hash: 3333
- file: 3.80.194.159
- hash: 3333
- file: 45.144.3.125
- hash: 3333
- file: 5.249.255.11
- hash: 3333
- file: 34.204.72.250
- hash: 3333
- file: 92.205.235.62
- hash: 3333
- file: 13.51.200.102
- hash: 3333
- file: 3.127.190.89
- hash: 3333
- file: 13.212.27.210
- hash: 3333
- file: 97.74.95.62
- hash: 3333
- file: 109.237.26.196
- hash: 443
- file: 140.143.159.234
- hash: 53333
- file: 66.78.40.32
- hash: 5998
- file: 18.135.30.45
- hash: 4210
- file: 70.104.186.131
- hash: 6606
- file: 70.104.186.131
- hash: 7707
- file: 70.104.186.131
- hash: 8808
- file: 96.248.52.125
- hash: 8031
- file: 98.51.190.130
- hash: 20
- url: http://154.216.17.90
- url: https://jimeqey.shop/api
- domain: sectors.bowentaxlaw.com
- file: 116.203.12.241
- hash: 443
- url: https://sedone.online/
- url: https://cineft.online/
- url: https://65.109.242.111/
- url: https://116.203.12.241/
- file: 154.216.17.204
- hash: 2404
- file: 194.87.85.114
- hash: 31337
- file: 172.245.118.19
- hash: 8888
- file: 142.11.201.37
- hash: 8097
- file: 142.11.201.35
- hash: 8097
- file: 195.191.218.27
- hash: 80
- file: 195.191.218.27
- hash: 8089
- file: 59.16.126.150
- hash: 57172
- file: 93.232.105.202
- hash: 81
- file: 194.26.192.42
- hash: 8080
- file: 172.236.62.73
- hash: 25364
- file: 172.236.62.97
- hash: 6728
- file: 172.236.62.97
- hash: 25565
- url: https://naubeautylus.ch/headerfrontend
- url: https://proship.ae/wp-log
- url: https://cyprecoofamerica.com/plugins/invoice
- file: 212.87.222.185
- hash: 80
- url: https://klarnaportal.icu/kunde2637252/rechnungsportal/invoice12468251.html
- domain: klarnaportal.icu
- file: 82.67.60.21
- hash: 80
- file: 20.5.43.62
- hash: 80
- domain: twentygr20sb.top
- domain: fivegr5sb.top
- domain: cq13555.tw1.ru
- domain: a1060897.xsph.ru
- domain: f1060404.xsph.ru
- domain: a1056005.xsph.ru
- domain: zloyvah4.beget.tech
- domain: f1061210.xsph.ru
- domain: a1055970.xsph.ru
- domain: brovetop.beget.tech
- domain: a1058850.xsph.ru
- domain: gameovw4.beget.tech
- domain: a1057856.xsph.ru
- domain: a1057638.xsph.ru
- domain: f1059060.xsph.ru
- domain: eighttg8sb.top
- domain: tentg10sb.top
- domain: sixtg6sb.top
- domain: lewdtworre.click
- url: https://lewdtworre.click/api
- file: 112.126.82.114
- hash: 80
- file: 178.255.245.160
- hash: 8082
- file: 42.192.226.194
- hash: 8081
- file: 101.43.89.114
- hash: 8888
- file: 69.166.230.200
- hash: 8888
- file: 160.30.45.213
- hash: 80
- file: 138.68.152.143
- hash: 443
- domain: ipv6.172-208-106-5.cprapid.com
- file: 104.248.156.143
- hash: 80
- domain: awake-weaves.cyou
- domain: passworoggre.click
- domain: sordid-snaked.cyou
- domain: wrathful-jammy.cyou
- url: https://theinb.com/tr4d4.js
- domain: cz91659.tw1.ru
- domain: 38165cm.darkproducts.ru
- domain: f1064330.xsph.ru
- domain: amoamosss.com
- domain: tibetin.com
- url: http://193.124.185.16/gamebigloadhttp/apidumpjavascript/5game/process/vmtoserverlinuxuploads.php
- url: https://tibetin.com/4fda4.js
- file: 119.8.114.116
- hash: 80
- file: 119.8.114.116
- hash: 443
- file: 147.185.221.24
- hash: 31521
- domain: november-knife.gl.at.ply.gg
- file: 206.188.196.173
- hash: 80
- url: http://103.210.101.22:42717/mozi.m
- url: http://wodresomdaymomentum.org/password.php
- url: http://sanboxland.pro/3ofn3jf3e2ljk/login.php
- domain: cmiklajbmincnbe.top
- domain: deanbimjnlbkgec.top
- url: https://185.81.68.147/7vhfjke3/login.php
- url: https://185.81.68.148/8fvu5jh4dbs/login.php
- url: https://businessinsanjose.info/work/original.js
- domain: businessinsanjose.info
- url: https://businessinsanjose.info/work/index.php
- url: https://businessinsanjose.info/work/download.php
- url: https://businessinsanjose.info/work/yyy.zip
- url: https://impend-differ.biz/api
- url: https://print-vexer.biz/api
- url: https://dare-curbys.biz/api
- url: https://covery-mover.biz/api
- url: https://formy-spill.biz/api
- url: https://dwell-exclaim.biz/api
- url: https://zinc-sneark.biz/api
- url: https://se-blurry.biz/api
- url: https://drive-connect.cyou/api
- url: https://sordid-snaked.cyou/api
- url: https://awake-weaves.cyou/api
- url: https://wrathful-jammy.cyou/api
- domain: bhaighhdebikfge.top
- domain: bkkeiekjfcdaaen.top
- domain: cignjjgmdnbchhc.top
- domain: cnbhhabgjabmfab.top
- domain: dcliihflnaeacln.top
- domain: dejlehfiiibgbcm.top
- domain: dlbfdiabhhdaifg.top
- domain: fbeadhdmmbidklg.top
- domain: fnglhhdcdilllhh.top
- domain: hkbafhbghbehhda.top
- domain: jembhhnabanmeij.top
- domain: jhkddhnllikecni.top
- domain: klmnnilmahlkcje.top
- domain: mcajijknegnbbga.top
- domain: mknjddllgakhaje.top
- domain: naajagigfikmhfj.top
- domain: nmchehjjkbnfiak.top
- domain: pareek.info
- url: https://pareek.info/work/yyy.zip
- file: 147.45.126.31
- hash: 80
- url: https://pareek.info/work/index.php
- url: http://78.41.139.3/password.php
- url: https://pareek.info/work/download.php
- url: https://pareek.info/work/original.js
- file: 140.99.164.77
- hash: 80
- domain: depostsolo.biz
- url: https://depostsolo.biz/work/yyy.zip
- url: https://depostsolo.biz/work/download.php
- url: https://depostsolo.biz/work/original.js
- url: https://depostsolo.biz/work/index.php
- domain: rossarnold.info
- domain: fivetk5pn.top
- domain: f1057735.xsph.ru
- domain: a1048940.xsph.ru
- url: https://rossarnold.info/work/original.js
- domain: sanboxland.pro
- url: https://rossarnold.info/work/yyy.zip
- url: https://rossarnold.info/work/index.php
- url: https://rossarnold.info/work/download.php
- domain: egaolife.info
- url: https://egaolife.info/work/yyy.zip
- url: https://egaolife.info/work/index.php
- url: https://tibetin.com/js.php
- url: http://ngub8zb38ib.top/1.php
- url: https://egaolife.info/work/original.js
- url: https://egaolife.info/work/download.php
- domain: glispalin.xin
- file: 47.245.94.193
- hash: 80
- file: 47.245.94.193
- hash: 443
- domain: wodresomdaymomentum.org
- url: http://tech-tribune.shop/plqvfd4d5/index.php
- domain: tech-tribune.shop
- url: http://moviecentral-petparade.com/g9jvjfd73/index.php
- url: http://connect.resourcecloud.shop/plqvfd4d5/index.php
- domain: gardenhub-fitlife2.com
- domain: gardenhub-fitlife3.com
- url: http://gardenhub-fitlife.com/g9jvjfd73/index.php
- url: http://sanboxland.pro/3ofn3jf3e2ljk/index.php
- url: https://happyjourney.shop/api
- url: http://185.215.113.31:82/api/getkeyloggers
- url: http://185.215.113.31:83/api/getkeyloggers
- url: http://185.215.113.31:85/api/getkeyloggers
- url: http://185.215.113.31/api/getkeyloggers
- url: http://185.76.79.112:85/api/getkeyloggers
- url: http://91.215.85.55:85/api/getkeyloggers
- file: 185.196.11.47
- hash: 59962
- domain: servers.vlrt-gap.com
- domain: awake-weaves.cyou
- domain: sordid-snaked.cyou
- domain: wrathful-jammy.cyou
- url: https://sordid-snaked.cyou/api
- url: https://awake-weaves.cyou/api
- url: https://wrathful-jammy.cyou/api
- domain: portal-klarna.com
- url: https://portal-klarna.com/kunde2637252/rechnungsportal/invoice12468251.html
- url: https://abrasigehs.my/api
- domain: abrasigehs.my
- hash: ab6a985dbef013596ac79ca5117ef77c
- file: 38.207.178.183
- hash: 8088
- file: 101.126.21.129
- hash: 80
- file: 89.110.87.72
- hash: 80
- file: 35.224.99.235
- hash: 2000
- file: 45.61.137.71
- hash: 80
- file: 45.56.69.210
- hash: 3333
- url: http://92.119.114.51/2048ca003d511226.php
- domain: hafiznor3374.duckdns.org
- file: 3.64.4.198
- hash: 12811
- file: 89.58.51.107
- hash: 80
- file: 188.40.187.137
- hash: 80
- file: 188.40.187.158
- hash: 80
- file: 188.40.187.159
- hash: 80
- file: 188.40.187.160
- hash: 80
- file: 188.40.187.161
- hash: 80
- file: 188.40.187.162
- hash: 80
- file: 188.40.187.163
- hash: 80
- file: 188.40.187.165
- hash: 80
- file: 188.40.187.174
- hash: 80
- hash: 5bad559d96e10e6fd3ae45c16de8cc88c160231cf4300651aafbbd9dff313817
- hash: b558f0b1444be5df69027315f7aad563c54a3f791cebbb96a56fce7e5176f8f5
- domain: f1063431.xsph.ru
- file: 120.46.56.20
- hash: 59823
- file: 189.1.245.145
- hash: 443
- file: 47.120.33.31
- hash: 9999
- file: 128.90.123.136
- hash: 9999
- file: 209.74.66.221
- hash: 443
- file: 172.233.73.236
- hash: 18245
- domain: 156.65.16.34.bc.googleusercontent.com
- file: 64.20.34.146
- hash: 80
- url: http://749858cm.renyash.ru/javascriptrequestapibaseprivate.php
ThreatFox IOCs for 2024-12-16
Medium
Published: Mon Dec 16 2024 (12/16/2024, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2024-12-16
AI-Powered Analysis
AILast updated: 06/27/2025, 10:51:22 UTC
Technical Analysis
The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2024-12-16 by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), network activity, and payload delivery. The data appears to be a collection of threat intelligence indicators rather than a specific vulnerability or exploit targeting a particular product or version. The absence of affected versions and patch availability suggests that this is not a newly discovered software vulnerability but rather intelligence related to ongoing or emerging malware campaigns or threat actor activities. The threat level is indicated as medium, with technical details showing moderate distribution (3) and low threat level (2) and analysis (1) scores, implying that while the threat is recognized, it may not be widespread or highly sophisticated at this time. The lack of known exploits in the wild further supports that this is intelligence gathering or preparatory activity rather than an active, high-impact attack. The classification under OSINT and network activity suggests that the threat involves monitoring or exploitation of network communications, possibly involving delivery of malicious payloads through network vectors. However, the absence of specific technical indicators or detailed attack vectors limits the ability to precisely define the malware behavior or its attack mechanisms.
Potential Impact
For European organizations, the impact of this threat is currently assessed as moderate due to the medium severity rating and the nature of the threat as OSINT-related malware activity. Potential impacts include unauthorized network activity leading to data exfiltration, reconnaissance, or delivery of malicious payloads that could compromise confidentiality and integrity of information systems. Given the lack of specific exploit details or known active campaigns, the immediate risk may be limited, but organizations should remain vigilant as such intelligence often precedes more targeted attacks. The impact could be more pronounced for sectors relying heavily on networked infrastructure and sensitive data, such as finance, government, and critical infrastructure. The threat's focus on payload delivery could lead to secondary infections or lateral movement within networks if exploited successfully.
Mitigation Recommendations
European organizations should enhance their threat intelligence capabilities by integrating feeds like ThreatFox into their security monitoring systems to detect and respond to emerging IOCs promptly. Network segmentation and strict access controls can limit the spread of any payload delivered through network activity. Employing advanced network traffic analysis and anomaly detection tools will help identify suspicious communications indicative of this threat. Regular employee training on recognizing phishing or social engineering attempts that may serve as initial infection vectors is essential. Since no patches are available, organizations should focus on proactive detection and containment strategies, including timely updating of endpoint protection platforms and ensuring robust incident response plans are in place. Collaboration with national and European cybersecurity agencies to share intelligence and best practices will also strengthen defenses against evolving threats.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- f1929418-652e-4f88-b7e1-88bb782c2692
- Original Timestamp
- 1734393787
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file147.185.221.24 | NjRAT botnet C2 server (confidence level: 75%) | |
file47.98.185.157 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file52.166.123.20 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file18.170.117.232 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file45.137.81.84 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file34.244.213.212 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file47.92.77.57 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file61.135.130.190 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.145.229.234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.79.135.77 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file61.135.130.191 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file211.149.243.119 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.94.141.87 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.83.233.177 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.46.12.68 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.94.113.115 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file113.45.153.104 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file218.30.103.192 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file148.135.44.218 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.57.245.136 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file218.30.103.198 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.92.130.102 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.202.33.84 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file218.30.103.182 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.27.101.82 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file82.67.60.21 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file218.30.103.130 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.89.198.206 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file61.135.130.179 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file74.48.77.147 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file3.15.169.57 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.40.120.206 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.234.72.56 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.140.186.155 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file2.56.125.55 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.119.99.5 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file104.131.174.71 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file35.232.8.38 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file36.133.19.66 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file218.30.103.189 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.12.82.72 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.92.213.224 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file218.30.103.168 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.25.85.56 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.35.210.224 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file52.56.196.38 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.201.87.109 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.38.201.40 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file36.133.18.101 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file18.234.229.2 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file44.222.217.17 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.122.69.106 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file64.225.127.146 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.71.0.187 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file99.79.73.121 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file167.179.81.6 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file3.236.59.222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file119.45.251.70 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file3.230.115.153 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.92.92.147 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file64.237.48.195 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file44.209.166.148 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file192.3.39.166 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.100.73.161 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.155.54.29 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file64.94.84.219 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file20.5.43.62 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file192.241.162.4 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.36.53.239 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file82.67.60.21 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file20.5.43.62 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file216.9.224.113 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.126.21.197 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file18.138.186.108 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file142.171.11.197 | Unknown malware botnet C2 server (confidence level: 100%) | |
file198.244.206.8 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.133.248.219 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file194.26.192.165 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file194.26.192.165 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file194.26.192.165 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file194.26.192.42 | Hook botnet C2 server (confidence level: 100%) | |
file14.128.54.9 | Venom RAT botnet C2 server (confidence level: 100%) | |
file206.189.37.158 | MooBot botnet C2 server (confidence level: 100%) | |
file45.130.147.118 | BianLian botnet C2 server (confidence level: 100%) | |
file38.180.190.6 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.180.190.6 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file207.32.217.167 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file142.11.201.38 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file156.195.247.146 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file142.11.201.34 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file194.26.192.165 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file138.197.182.249 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.29.189.125 | Havoc botnet C2 server (confidence level: 100%) | |
file106.53.98.153 | Unknown malware botnet C2 server (confidence level: 100%) | |
file156.224.139.149 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.98.162.159 | Unknown malware botnet C2 server (confidence level: 100%) | |
file8.130.68.92 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.85.56.197 | Unknown malware botnet C2 server (confidence level: 100%) | |
file156.67.104.213 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.80.194.159 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.144.3.125 | Unknown malware botnet C2 server (confidence level: 100%) | |
file5.249.255.11 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.204.72.250 | Unknown malware botnet C2 server (confidence level: 100%) | |
file92.205.235.62 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.51.200.102 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.127.190.89 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.212.27.210 | Unknown malware botnet C2 server (confidence level: 100%) | |
file97.74.95.62 | Unknown malware botnet C2 server (confidence level: 100%) | |
file109.237.26.196 | Unknown malware botnet C2 server (confidence level: 100%) | |
file140.143.159.234 | Unknown malware botnet C2 server (confidence level: 100%) | |
file66.78.40.32 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.135.30.45 | Unknown malware botnet C2 server (confidence level: 100%) | |
file70.104.186.131 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file70.104.186.131 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file70.104.186.131 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file96.248.52.125 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file98.51.190.130 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file116.203.12.241 | Vidar botnet C2 server (confidence level: 100%) | |
file154.216.17.204 | Remcos botnet C2 server (confidence level: 75%) | |
file194.87.85.114 | Sliver botnet C2 server (confidence level: 100%) | |
file172.245.118.19 | Unknown malware botnet C2 server (confidence level: 100%) | |
file142.11.201.37 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file142.11.201.35 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file195.191.218.27 | Hook botnet C2 server (confidence level: 100%) | |
file195.191.218.27 | Hook botnet C2 server (confidence level: 100%) | |
file59.16.126.150 | Havoc botnet C2 server (confidence level: 100%) | |
file93.232.105.202 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file194.26.192.42 | ERMAC botnet C2 server (confidence level: 100%) | |
file172.236.62.73 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.236.62.97 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.236.62.97 | Unknown malware botnet C2 server (confidence level: 100%) | |
file212.87.222.185 | Lumma Stealer payload delivery server (confidence level: 100%) | |
file82.67.60.21 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file20.5.43.62 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file112.126.82.114 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file178.255.245.160 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file42.192.226.194 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.43.89.114 | Unknown malware botnet C2 server (confidence level: 100%) | |
file69.166.230.200 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file160.30.45.213 | Hook botnet C2 server (confidence level: 100%) | |
file138.68.152.143 | Havoc botnet C2 server (confidence level: 100%) | |
file104.248.156.143 | MooBot botnet C2 server (confidence level: 100%) | |
file119.8.114.116 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file119.8.114.116 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file147.185.221.24 | NjRAT botnet C2 server (confidence level: 75%) | |
file206.188.196.173 | Unknown malware botnet C2 server (confidence level: 75%) | |
file147.45.126.31 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file140.99.164.77 | SystemBC botnet C2 server (confidence level: 50%) | |
file47.245.94.193 | Unknown malware botnet C2 server (confidence level: 75%) | |
file47.245.94.193 | Unknown malware botnet C2 server (confidence level: 75%) | |
file185.196.11.47 | Mirai botnet C2 server (confidence level: 75%) | |
file38.207.178.183 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.126.21.129 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file89.110.87.72 | Remcos botnet C2 server (confidence level: 100%) | |
file35.224.99.235 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.61.137.71 | Unknown malware botnet C2 server (confidence level: 75%) | |
file45.56.69.210 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.64.4.198 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file89.58.51.107 | Unknown malware botnet C2 server (confidence level: 75%) | |
file188.40.187.137 | Unknown malware botnet C2 server (confidence level: 75%) | |
file188.40.187.158 | Unknown malware botnet C2 server (confidence level: 75%) | |
file188.40.187.159 | Unknown malware botnet C2 server (confidence level: 75%) | |
file188.40.187.160 | Unknown malware botnet C2 server (confidence level: 75%) | |
file188.40.187.161 | Unknown malware botnet C2 server (confidence level: 75%) | |
file188.40.187.162 | Unknown malware botnet C2 server (confidence level: 75%) | |
file188.40.187.163 | Unknown malware botnet C2 server (confidence level: 75%) | |
file188.40.187.165 | Unknown malware botnet C2 server (confidence level: 75%) | |
file188.40.187.174 | Unknown malware botnet C2 server (confidence level: 75%) | |
file120.46.56.20 | Meterpreter botnet C2 server (confidence level: 100%) | |
file189.1.245.145 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.120.33.31 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file128.90.123.136 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file209.74.66.221 | Havoc botnet C2 server (confidence level: 100%) | |
file172.233.73.236 | Unknown malware botnet C2 server (confidence level: 100%) | |
file64.20.34.146 | Unknown malware botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash27437 | NjRAT botnet C2 server (confidence level: 75%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash10443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash14250 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2087 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash10250 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash59443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash18084 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash10250 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7788 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2087 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8844 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash777 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4444 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8880 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash443 | BianLian botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8097 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8097 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash53333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5998 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4210 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash8031 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash20 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 75%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8097 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8097 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash57172 | Havoc botnet C2 server (confidence level: 100%) | |
hash81 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8080 | ERMAC botnet C2 server (confidence level: 100%) | |
hash25364 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6728 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash25565 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Lumma Stealer payload delivery server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8082 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash31521 | NjRAT botnet C2 server (confidence level: 75%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash80 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash80 | SystemBC botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash59962 | Mirai botnet C2 server (confidence level: 75%) | |
hashab6a985dbef013596ac79ca5117ef77c | Akira payload (confidence level: 50%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Remcos botnet C2 server (confidence level: 100%) | |
hash2000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash12811 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash5bad559d96e10e6fd3ae45c16de8cc88c160231cf4300651aafbbd9dff313817 | Unknown malware payload (confidence level: 100%) | |
hashb558f0b1444be5df69027315f7aad563c54a3f791cebbb96a56fce7e5176f8f5 | Unknown malware payload (confidence level: 100%) | |
hash59823 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash18245 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domaincarolina-oxide.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 75%) | |
domaintheinb.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainferp.googledns.io | Blister botnet C2 domain (confidence level: 49%) | |
domainhk-dns.secssl.com | Blister botnet C2 domain (confidence level: 49%) | |
domainhk-dns.winsiked.com | Blister botnet C2 domain (confidence level: 49%) | |
domainhk-dns.wkossclsaleklddeff.is | Blister botnet C2 domain (confidence level: 49%) | |
domainhk-dns.wkossclsaleklddeff.io | Blister botnet C2 domain (confidence level: 49%) | |
domainwww.silentlegion.duckdns.org | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaint1p9jbex8g.silentlegion.duckdns.org | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainsedone.online | Vidar botnet C2 domain (confidence level: 100%) | |
domainec2-98-84-163-18.compute-1.amazonaws.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainwww.sleepy-khorana.193-239-86-216.plesk.page | Havoc botnet C2 domain (confidence level: 100%) | |
domainportal.avina.cloud | Havoc botnet C2 domain (confidence level: 100%) | |
domaincapitalunionbank.co | Havoc botnet C2 domain (confidence level: 100%) | |
domainec2-54-234-71-196.compute-1.amazonaws.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainsectors.bowentaxlaw.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainklarnaportal.icu | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domaintwentygr20sb.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfivegr5sb.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaincq13555.tw1.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1060897.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainf1060404.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1056005.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainzloyvah4.beget.tech | DCRat botnet C2 domain (confidence level: 100%) | |
domainf1061210.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1055970.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainbrovetop.beget.tech | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1058850.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaingameovw4.beget.tech | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1057856.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1057638.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainf1059060.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaineighttg8sb.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintentg10sb.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsixtg6sb.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainlewdtworre.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainipv6.172-208-106-5.cprapid.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainawake-weaves.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpassworoggre.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsordid-snaked.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwrathful-jammy.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincz91659.tw1.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domain38165cm.darkproducts.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainf1064330.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainamoamosss.com | Amadey botnet C2 domain (confidence level: 100%) | |
domaintibetin.com | FAKEUPDATES payload delivery domain (confidence level: 75%) | |
domainnovember-knife.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 75%) | |
domaincmiklajbmincnbe.top | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaindeanbimjnlbkgec.top | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainbusinessinsanjose.info | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainbhaighhdebikfge.top | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainbkkeiekjfcdaaen.top | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincignjjgmdnbchhc.top | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincnbhhabgjabmfab.top | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaindcliihflnaeacln.top | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaindejlehfiiibgbcm.top | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaindlbfdiabhhdaifg.top | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainfbeadhdmmbidklg.top | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainfnglhhdcdilllhh.top | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainhkbafhbghbehhda.top | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainjembhhnabanmeij.top | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainjhkddhnllikecni.top | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainklmnnilmahlkcje.top | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainmcajijknegnbbga.top | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainmknjddllgakhaje.top | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainnaajagigfikmhfj.top | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainnmchehjjkbnfiak.top | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainpareek.info | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaindepostsolo.biz | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainrossarnold.info | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainfivetk5pn.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainf1057735.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1048940.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainsanboxland.pro | Amadey botnet C2 domain (confidence level: 100%) | |
domainegaolife.info | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainglispalin.xin | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainwodresomdaymomentum.org | SystemBC botnet C2 domain (confidence level: 100%) | |
domaintech-tribune.shop | Amadey botnet C2 domain (confidence level: 100%) | |
domaingardenhub-fitlife2.com | Amadey botnet C2 domain (confidence level: 100%) | |
domaingardenhub-fitlife3.com | Amadey botnet C2 domain (confidence level: 100%) | |
domainservers.vlrt-gap.com | Mirai botnet C2 domain (confidence level: 75%) | |
domainawake-weaves.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsordid-snaked.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwrathful-jammy.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainportal-klarna.com | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainabrasigehs.my | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhafiznor3374.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainf1063431.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domain156.65.16.34.bc.googleusercontent.com | MimiKatz botnet C2 domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://theinb.com/6h6d4.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://theinb.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://matelitcleaning.com/webpanel/panel/login.php | Gomorrah stealer botnet C2 (confidence level: 100%) | |
urlhttp://48.210.203.51:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://154.216.17.90 | Stealc botnet C2 (confidence level: 100%) | |
urlhttps://jimeqey.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://sedone.online/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://cineft.online/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://65.109.242.111/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://116.203.12.241/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://naubeautylus.ch/headerfrontend | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://proship.ae/wp-log | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://cyprecoofamerica.com/plugins/invoice | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://klarnaportal.icu/kunde2637252/rechnungsportal/invoice12468251.html | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://lewdtworre.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://theinb.com/tr4d4.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://193.124.185.16/gamebigloadhttp/apidumpjavascript/5game/process/vmtoserverlinuxuploads.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://tibetin.com/4fda4.js | FAKEUPDATES payload delivery URL (confidence level: 75%) | |
urlhttp://103.210.101.22:42717/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttp://wodresomdaymomentum.org/password.php | SystemBC botnet C2 (confidence level: 100%) | |
urlhttp://sanboxland.pro/3ofn3jf3e2ljk/login.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttps://185.81.68.147/7vhfjke3/login.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttps://185.81.68.148/8fvu5jh4dbs/login.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttps://businessinsanjose.info/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://businessinsanjose.info/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://businessinsanjose.info/work/download.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://businessinsanjose.info/work/yyy.zip | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://impend-differ.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://print-vexer.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://dare-curbys.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://covery-mover.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://formy-spill.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://dwell-exclaim.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://zinc-sneark.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://se-blurry.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://drive-connect.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://sordid-snaked.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://awake-weaves.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://wrathful-jammy.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://pareek.info/work/yyy.zip | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://pareek.info/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://78.41.139.3/password.php | SystemBC botnet C2 (confidence level: 100%) | |
urlhttps://pareek.info/work/download.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://pareek.info/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://depostsolo.biz/work/yyy.zip | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://depostsolo.biz/work/download.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://depostsolo.biz/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://depostsolo.biz/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://rossarnold.info/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://rossarnold.info/work/yyy.zip | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://rossarnold.info/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://rossarnold.info/work/download.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://egaolife.info/work/yyy.zip | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://egaolife.info/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://tibetin.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://ngub8zb38ib.top/1.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://egaolife.info/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://egaolife.info/work/download.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://tech-tribune.shop/plqvfd4d5/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://moviecentral-petparade.com/g9jvjfd73/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://connect.resourcecloud.shop/plqvfd4d5/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://gardenhub-fitlife.com/g9jvjfd73/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://sanboxland.pro/3ofn3jf3e2ljk/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttps://happyjourney.shop/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://185.215.113.31:82/api/getkeyloggers | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://185.215.113.31:83/api/getkeyloggers | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://185.215.113.31:85/api/getkeyloggers | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://185.215.113.31/api/getkeyloggers | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://185.76.79.112:85/api/getkeyloggers | Anatsa botnet C2 (confidence level: 50%) | |
urlhttp://91.215.85.55:85/api/getkeyloggers | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://sordid-snaked.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://awake-weaves.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://wrathful-jammy.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://portal-klarna.com/kunde2637252/rechnungsportal/invoice12468251.html | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://abrasigehs.my/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://92.119.114.51/2048ca003d511226.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://749858cm.renyash.ru/javascriptrequestapibaseprivate.php | DCRat botnet C2 (confidence level: 100%) |
Threat ID: 68367c98182aa0cae231eefe
Added to database: 5/28/2025, 3:01:44 AM
Last enriched: 6/27/2025, 10:51:22 AM
Last updated: 8/13/2025, 6:57:37 PM
Views: 18
Related Threats
ThreatFox IOCs for 2025-08-16
MediumMalwareSun Aug 17 2025
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumMalwareSat Aug 16 2025
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.