Skip to main content

ThreatFox IOCs for 2024-12-16

Medium
Published: Mon Dec 16 2024 (12/16/2024, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2024-12-16

AI-Powered Analysis

AILast updated: 06/27/2025, 10:51:22 UTC

Technical Analysis

The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2024-12-16 by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), network activity, and payload delivery. The data appears to be a collection of threat intelligence indicators rather than a specific vulnerability or exploit targeting a particular product or version. The absence of affected versions and patch availability suggests that this is not a newly discovered software vulnerability but rather intelligence related to ongoing or emerging malware campaigns or threat actor activities. The threat level is indicated as medium, with technical details showing moderate distribution (3) and low threat level (2) and analysis (1) scores, implying that while the threat is recognized, it may not be widespread or highly sophisticated at this time. The lack of known exploits in the wild further supports that this is intelligence gathering or preparatory activity rather than an active, high-impact attack. The classification under OSINT and network activity suggests that the threat involves monitoring or exploitation of network communications, possibly involving delivery of malicious payloads through network vectors. However, the absence of specific technical indicators or detailed attack vectors limits the ability to precisely define the malware behavior or its attack mechanisms.

Potential Impact

For European organizations, the impact of this threat is currently assessed as moderate due to the medium severity rating and the nature of the threat as OSINT-related malware activity. Potential impacts include unauthorized network activity leading to data exfiltration, reconnaissance, or delivery of malicious payloads that could compromise confidentiality and integrity of information systems. Given the lack of specific exploit details or known active campaigns, the immediate risk may be limited, but organizations should remain vigilant as such intelligence often precedes more targeted attacks. The impact could be more pronounced for sectors relying heavily on networked infrastructure and sensitive data, such as finance, government, and critical infrastructure. The threat's focus on payload delivery could lead to secondary infections or lateral movement within networks if exploited successfully.

Mitigation Recommendations

European organizations should enhance their threat intelligence capabilities by integrating feeds like ThreatFox into their security monitoring systems to detect and respond to emerging IOCs promptly. Network segmentation and strict access controls can limit the spread of any payload delivered through network activity. Employing advanced network traffic analysis and anomaly detection tools will help identify suspicious communications indicative of this threat. Regular employee training on recognizing phishing or social engineering attempts that may serve as initial infection vectors is essential. Since no patches are available, organizations should focus on proactive detection and containment strategies, including timely updating of endpoint protection platforms and ensuring robust incident response plans are in place. Collaboration with national and European cybersecurity agencies to share intelligence and best practices will also strengthen defenses against evolving threats.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
f1929418-652e-4f88-b7e1-88bb782c2692
Original Timestamp
1734393787

Indicators of Compromise

File

ValueDescriptionCopy
file147.185.221.24
NjRAT botnet C2 server (confidence level: 75%)
file47.98.185.157
Cobalt Strike botnet C2 server (confidence level: 75%)
file52.166.123.20
Cobalt Strike botnet C2 server (confidence level: 75%)
file18.170.117.232
Cobalt Strike botnet C2 server (confidence level: 75%)
file45.137.81.84
Cobalt Strike botnet C2 server (confidence level: 75%)
file34.244.213.212
Cobalt Strike botnet C2 server (confidence level: 75%)
file47.92.77.57
Cobalt Strike botnet C2 server (confidence level: 100%)
file61.135.130.190
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.145.229.234
Cobalt Strike botnet C2 server (confidence level: 100%)
file120.79.135.77
Cobalt Strike botnet C2 server (confidence level: 100%)
file61.135.130.191
Cobalt Strike botnet C2 server (confidence level: 100%)
file211.149.243.119
Cobalt Strike botnet C2 server (confidence level: 100%)
file1.94.141.87
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.83.233.177
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.46.12.68
Cobalt Strike botnet C2 server (confidence level: 100%)
file1.94.113.115
Cobalt Strike botnet C2 server (confidence level: 100%)
file113.45.153.104
Cobalt Strike botnet C2 server (confidence level: 100%)
file218.30.103.192
Cobalt Strike botnet C2 server (confidence level: 100%)
file148.135.44.218
Cobalt Strike botnet C2 server (confidence level: 100%)
file123.57.245.136
Cobalt Strike botnet C2 server (confidence level: 100%)
file218.30.103.198
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.92.130.102
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.202.33.84
Cobalt Strike botnet C2 server (confidence level: 100%)
file218.30.103.182
Cobalt Strike botnet C2 server (confidence level: 100%)
file23.27.101.82
Cobalt Strike botnet C2 server (confidence level: 100%)
file82.67.60.21
Cobalt Strike botnet C2 server (confidence level: 100%)
file218.30.103.130
Cobalt Strike botnet C2 server (confidence level: 100%)
file118.89.198.206
Cobalt Strike botnet C2 server (confidence level: 100%)
file61.135.130.179
Cobalt Strike botnet C2 server (confidence level: 100%)
file74.48.77.147
Cobalt Strike botnet C2 server (confidence level: 100%)
file3.15.169.57
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.40.120.206
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.234.72.56
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.140.186.155
Cobalt Strike botnet C2 server (confidence level: 100%)
file2.56.125.55
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.119.99.5
Cobalt Strike botnet C2 server (confidence level: 100%)
file104.131.174.71
Cobalt Strike botnet C2 server (confidence level: 100%)
file35.232.8.38
Cobalt Strike botnet C2 server (confidence level: 100%)
file36.133.19.66
Cobalt Strike botnet C2 server (confidence level: 100%)
file218.30.103.189
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.12.82.72
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.92.213.224
Cobalt Strike botnet C2 server (confidence level: 100%)
file218.30.103.168
Cobalt Strike botnet C2 server (confidence level: 100%)
file118.25.85.56
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.35.210.224
Cobalt Strike botnet C2 server (confidence level: 100%)
file52.56.196.38
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.201.87.109
Cobalt Strike botnet C2 server (confidence level: 100%)
file106.38.201.40
Cobalt Strike botnet C2 server (confidence level: 100%)
file36.133.18.101
Cobalt Strike botnet C2 server (confidence level: 100%)
file18.234.229.2
Cobalt Strike botnet C2 server (confidence level: 100%)
file44.222.217.17
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.122.69.106
Cobalt Strike botnet C2 server (confidence level: 100%)
file64.225.127.146
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.71.0.187
Cobalt Strike botnet C2 server (confidence level: 100%)
file99.79.73.121
Cobalt Strike botnet C2 server (confidence level: 100%)
file167.179.81.6
Cobalt Strike botnet C2 server (confidence level: 100%)
file3.236.59.222
Cobalt Strike botnet C2 server (confidence level: 100%)
file119.45.251.70
Cobalt Strike botnet C2 server (confidence level: 100%)
file3.230.115.153
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.92.92.147
Cobalt Strike botnet C2 server (confidence level: 100%)
file64.237.48.195
Cobalt Strike botnet C2 server (confidence level: 100%)
file44.209.166.148
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.3.39.166
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.100.73.161
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.155.54.29
Cobalt Strike botnet C2 server (confidence level: 100%)
file64.94.84.219
Cobalt Strike botnet C2 server (confidence level: 100%)
file20.5.43.62
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.241.162.4
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.36.53.239
Cobalt Strike botnet C2 server (confidence level: 100%)
file82.67.60.21
Cobalt Strike botnet C2 server (confidence level: 100%)
file20.5.43.62
Cobalt Strike botnet C2 server (confidence level: 100%)
file216.9.224.113
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.126.21.197
Cobalt Strike botnet C2 server (confidence level: 100%)
file18.138.186.108
Cobalt Strike botnet C2 server (confidence level: 100%)
file142.171.11.197
Unknown malware botnet C2 server (confidence level: 100%)
file198.244.206.8
AsyncRAT botnet C2 server (confidence level: 100%)
file185.133.248.219
AsyncRAT botnet C2 server (confidence level: 100%)
file194.26.192.165
AsyncRAT botnet C2 server (confidence level: 100%)
file194.26.192.165
AsyncRAT botnet C2 server (confidence level: 100%)
file194.26.192.165
AsyncRAT botnet C2 server (confidence level: 100%)
file194.26.192.42
Hook botnet C2 server (confidence level: 100%)
file14.128.54.9
Venom RAT botnet C2 server (confidence level: 100%)
file206.189.37.158
MooBot botnet C2 server (confidence level: 100%)
file45.130.147.118
BianLian botnet C2 server (confidence level: 100%)
file38.180.190.6
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.180.190.6
Cobalt Strike botnet C2 server (confidence level: 100%)
file207.32.217.167
AsyncRAT botnet C2 server (confidence level: 100%)
file142.11.201.38
AsyncRAT botnet C2 server (confidence level: 100%)
file156.195.247.146
AsyncRAT botnet C2 server (confidence level: 100%)
file142.11.201.34
AsyncRAT botnet C2 server (confidence level: 100%)
file194.26.192.165
AsyncRAT botnet C2 server (confidence level: 100%)
file138.197.182.249
Unknown malware botnet C2 server (confidence level: 100%)
file103.29.189.125
Havoc botnet C2 server (confidence level: 100%)
file106.53.98.153
Unknown malware botnet C2 server (confidence level: 100%)
file156.224.139.149
Unknown malware botnet C2 server (confidence level: 100%)
file47.98.162.159
Unknown malware botnet C2 server (confidence level: 100%)
file8.130.68.92
Unknown malware botnet C2 server (confidence level: 100%)
file3.85.56.197
Unknown malware botnet C2 server (confidence level: 100%)
file156.67.104.213
Unknown malware botnet C2 server (confidence level: 100%)
file3.80.194.159
Unknown malware botnet C2 server (confidence level: 100%)
file45.144.3.125
Unknown malware botnet C2 server (confidence level: 100%)
file5.249.255.11
Unknown malware botnet C2 server (confidence level: 100%)
file34.204.72.250
Unknown malware botnet C2 server (confidence level: 100%)
file92.205.235.62
Unknown malware botnet C2 server (confidence level: 100%)
file13.51.200.102
Unknown malware botnet C2 server (confidence level: 100%)
file3.127.190.89
Unknown malware botnet C2 server (confidence level: 100%)
file13.212.27.210
Unknown malware botnet C2 server (confidence level: 100%)
file97.74.95.62
Unknown malware botnet C2 server (confidence level: 100%)
file109.237.26.196
Unknown malware botnet C2 server (confidence level: 100%)
file140.143.159.234
Unknown malware botnet C2 server (confidence level: 100%)
file66.78.40.32
Unknown malware botnet C2 server (confidence level: 100%)
file18.135.30.45
Unknown malware botnet C2 server (confidence level: 100%)
file70.104.186.131
AsyncRAT botnet C2 server (confidence level: 75%)
file70.104.186.131
AsyncRAT botnet C2 server (confidence level: 75%)
file70.104.186.131
AsyncRAT botnet C2 server (confidence level: 75%)
file96.248.52.125
AsyncRAT botnet C2 server (confidence level: 75%)
file98.51.190.130
Quasar RAT botnet C2 server (confidence level: 100%)
file116.203.12.241
Vidar botnet C2 server (confidence level: 100%)
file154.216.17.204
Remcos botnet C2 server (confidence level: 75%)
file194.87.85.114
Sliver botnet C2 server (confidence level: 100%)
file172.245.118.19
Unknown malware botnet C2 server (confidence level: 100%)
file142.11.201.37
AsyncRAT botnet C2 server (confidence level: 100%)
file142.11.201.35
AsyncRAT botnet C2 server (confidence level: 100%)
file195.191.218.27
Hook botnet C2 server (confidence level: 100%)
file195.191.218.27
Hook botnet C2 server (confidence level: 100%)
file59.16.126.150
Havoc botnet C2 server (confidence level: 100%)
file93.232.105.202
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file194.26.192.42
ERMAC botnet C2 server (confidence level: 100%)
file172.236.62.73
Unknown malware botnet C2 server (confidence level: 100%)
file172.236.62.97
Unknown malware botnet C2 server (confidence level: 100%)
file172.236.62.97
Unknown malware botnet C2 server (confidence level: 100%)
file212.87.222.185
Lumma Stealer payload delivery server (confidence level: 100%)
file82.67.60.21
Cobalt Strike botnet C2 server (confidence level: 100%)
file20.5.43.62
Cobalt Strike botnet C2 server (confidence level: 100%)
file112.126.82.114
Cobalt Strike botnet C2 server (confidence level: 100%)
file178.255.245.160
Cobalt Strike botnet C2 server (confidence level: 100%)
file42.192.226.194
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.43.89.114
Unknown malware botnet C2 server (confidence level: 100%)
file69.166.230.200
AsyncRAT botnet C2 server (confidence level: 100%)
file160.30.45.213
Hook botnet C2 server (confidence level: 100%)
file138.68.152.143
Havoc botnet C2 server (confidence level: 100%)
file104.248.156.143
MooBot botnet C2 server (confidence level: 100%)
file119.8.114.116
Cobalt Strike botnet C2 server (confidence level: 100%)
file119.8.114.116
Cobalt Strike botnet C2 server (confidence level: 100%)
file147.185.221.24
NjRAT botnet C2 server (confidence level: 75%)
file206.188.196.173
Unknown malware botnet C2 server (confidence level: 75%)
file147.45.126.31
Socks5 Systemz botnet C2 server (confidence level: 100%)
file140.99.164.77
SystemBC botnet C2 server (confidence level: 50%)
file47.245.94.193
Unknown malware botnet C2 server (confidence level: 75%)
file47.245.94.193
Unknown malware botnet C2 server (confidence level: 75%)
file185.196.11.47
Mirai botnet C2 server (confidence level: 75%)
file38.207.178.183
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.126.21.129
Cobalt Strike botnet C2 server (confidence level: 100%)
file89.110.87.72
Remcos botnet C2 server (confidence level: 100%)
file35.224.99.235
AsyncRAT botnet C2 server (confidence level: 100%)
file45.61.137.71
Unknown malware botnet C2 server (confidence level: 75%)
file45.56.69.210
Unknown malware botnet C2 server (confidence level: 100%)
file3.64.4.198
AsyncRAT botnet C2 server (confidence level: 100%)
file89.58.51.107
Unknown malware botnet C2 server (confidence level: 75%)
file188.40.187.137
Unknown malware botnet C2 server (confidence level: 75%)
file188.40.187.158
Unknown malware botnet C2 server (confidence level: 75%)
file188.40.187.159
Unknown malware botnet C2 server (confidence level: 75%)
file188.40.187.160
Unknown malware botnet C2 server (confidence level: 75%)
file188.40.187.161
Unknown malware botnet C2 server (confidence level: 75%)
file188.40.187.162
Unknown malware botnet C2 server (confidence level: 75%)
file188.40.187.163
Unknown malware botnet C2 server (confidence level: 75%)
file188.40.187.165
Unknown malware botnet C2 server (confidence level: 75%)
file188.40.187.174
Unknown malware botnet C2 server (confidence level: 75%)
file120.46.56.20
Meterpreter botnet C2 server (confidence level: 100%)
file189.1.245.145
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.120.33.31
Cobalt Strike botnet C2 server (confidence level: 100%)
file128.90.123.136
AsyncRAT botnet C2 server (confidence level: 100%)
file209.74.66.221
Havoc botnet C2 server (confidence level: 100%)
file172.233.73.236
Unknown malware botnet C2 server (confidence level: 100%)
file64.20.34.146
Unknown malware botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash27437
NjRAT botnet C2 server (confidence level: 75%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash10443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash14250
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2087
Cobalt Strike botnet C2 server (confidence level: 100%)
hash444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash50443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash10250
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash59443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash18084
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash10250
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash7788
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2087
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8844
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash222
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
AsyncRAT botnet C2 server (confidence level: 100%)
hash222
AsyncRAT botnet C2 server (confidence level: 100%)
hash777
AsyncRAT botnet C2 server (confidence level: 100%)
hash4444
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash8880
Venom RAT botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash443
BianLian botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash888
AsyncRAT botnet C2 server (confidence level: 100%)
hash8097
AsyncRAT botnet C2 server (confidence level: 100%)
hash222
AsyncRAT botnet C2 server (confidence level: 100%)
hash8097
AsyncRAT botnet C2 server (confidence level: 100%)
hash2222
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash53333
Unknown malware botnet C2 server (confidence level: 100%)
hash5998
Unknown malware botnet C2 server (confidence level: 100%)
hash4210
Unknown malware botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 75%)
hash7707
AsyncRAT botnet C2 server (confidence level: 75%)
hash8808
AsyncRAT botnet C2 server (confidence level: 75%)
hash8031
AsyncRAT botnet C2 server (confidence level: 75%)
hash20
Quasar RAT botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 75%)
hash31337
Sliver botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8097
AsyncRAT botnet C2 server (confidence level: 100%)
hash8097
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash57172
Havoc botnet C2 server (confidence level: 100%)
hash81
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8080
ERMAC botnet C2 server (confidence level: 100%)
hash25364
Unknown malware botnet C2 server (confidence level: 100%)
hash6728
Unknown malware botnet C2 server (confidence level: 100%)
hash25565
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Lumma Stealer payload delivery server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8082
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash31521
NjRAT botnet C2 server (confidence level: 75%)
hash80
Unknown malware botnet C2 server (confidence level: 75%)
hash80
Socks5 Systemz botnet C2 server (confidence level: 100%)
hash80
SystemBC botnet C2 server (confidence level: 50%)
hash80
Unknown malware botnet C2 server (confidence level: 75%)
hash443
Unknown malware botnet C2 server (confidence level: 75%)
hash59962
Mirai botnet C2 server (confidence level: 75%)
hashab6a985dbef013596ac79ca5117ef77c
Akira payload (confidence level: 50%)
hash8088
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Remcos botnet C2 server (confidence level: 100%)
hash2000
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 75%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash12811
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 75%)
hash80
Unknown malware botnet C2 server (confidence level: 75%)
hash80
Unknown malware botnet C2 server (confidence level: 75%)
hash80
Unknown malware botnet C2 server (confidence level: 75%)
hash80
Unknown malware botnet C2 server (confidence level: 75%)
hash80
Unknown malware botnet C2 server (confidence level: 75%)
hash80
Unknown malware botnet C2 server (confidence level: 75%)
hash80
Unknown malware botnet C2 server (confidence level: 75%)
hash80
Unknown malware botnet C2 server (confidence level: 75%)
hash80
Unknown malware botnet C2 server (confidence level: 75%)
hash5bad559d96e10e6fd3ae45c16de8cc88c160231cf4300651aafbbd9dff313817
Unknown malware payload (confidence level: 100%)
hashb558f0b1444be5df69027315f7aad563c54a3f791cebbb96a56fce7e5176f8f5
Unknown malware payload (confidence level: 100%)
hash59823
Meterpreter botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash18245
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)

Domain

ValueDescriptionCopy
domaincarolina-oxide.gl.at.ply.gg
NjRAT botnet C2 domain (confidence level: 75%)
domaintheinb.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainferp.googledns.io
Blister botnet C2 domain (confidence level: 49%)
domainhk-dns.secssl.com
Blister botnet C2 domain (confidence level: 49%)
domainhk-dns.winsiked.com
Blister botnet C2 domain (confidence level: 49%)
domainhk-dns.wkossclsaleklddeff.is
Blister botnet C2 domain (confidence level: 49%)
domainhk-dns.wkossclsaleklddeff.io
Blister botnet C2 domain (confidence level: 49%)
domainwww.silentlegion.duckdns.org
Unknown malware botnet C2 domain (confidence level: 100%)
domaint1p9jbex8g.silentlegion.duckdns.org
Unknown malware botnet C2 domain (confidence level: 100%)
domainsedone.online
Vidar botnet C2 domain (confidence level: 100%)
domainec2-98-84-163-18.compute-1.amazonaws.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.sleepy-khorana.193-239-86-216.plesk.page
Havoc botnet C2 domain (confidence level: 100%)
domainportal.avina.cloud
Havoc botnet C2 domain (confidence level: 100%)
domaincapitalunionbank.co
Havoc botnet C2 domain (confidence level: 100%)
domainec2-54-234-71-196.compute-1.amazonaws.com
Havoc botnet C2 domain (confidence level: 100%)
domainsectors.bowentaxlaw.com
FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainklarnaportal.icu
Lumma Stealer payload delivery domain (confidence level: 100%)
domaintwentygr20sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainfivegr5sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domaincq13555.tw1.ru
DCRat botnet C2 domain (confidence level: 100%)
domaina1060897.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domainf1060404.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domaina1056005.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domainzloyvah4.beget.tech
DCRat botnet C2 domain (confidence level: 100%)
domainf1061210.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domaina1055970.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domainbrovetop.beget.tech
DCRat botnet C2 domain (confidence level: 100%)
domaina1058850.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domaingameovw4.beget.tech
DCRat botnet C2 domain (confidence level: 100%)
domaina1057856.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domaina1057638.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domainf1059060.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domaineighttg8sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domaintentg10sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainsixtg6sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainlewdtworre.click
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainipv6.172-208-106-5.cprapid.com
Havoc botnet C2 domain (confidence level: 100%)
domainawake-weaves.cyou
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainpassworoggre.click
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainsordid-snaked.cyou
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainwrathful-jammy.cyou
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincz91659.tw1.ru
DCRat botnet C2 domain (confidence level: 100%)
domain38165cm.darkproducts.ru
DCRat botnet C2 domain (confidence level: 100%)
domainf1064330.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domainamoamosss.com
Amadey botnet C2 domain (confidence level: 100%)
domaintibetin.com
FAKEUPDATES payload delivery domain (confidence level: 75%)
domainnovember-knife.gl.at.ply.gg
NjRAT botnet C2 domain (confidence level: 75%)
domaincmiklajbmincnbe.top
Unknown malware botnet C2 domain (confidence level: 100%)
domaindeanbimjnlbkgec.top
Unknown malware botnet C2 domain (confidence level: 100%)
domainbusinessinsanjose.info
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainbhaighhdebikfge.top
Unknown malware botnet C2 domain (confidence level: 100%)
domainbkkeiekjfcdaaen.top
Unknown malware botnet C2 domain (confidence level: 100%)
domaincignjjgmdnbchhc.top
Unknown malware botnet C2 domain (confidence level: 100%)
domaincnbhhabgjabmfab.top
Unknown malware botnet C2 domain (confidence level: 100%)
domaindcliihflnaeacln.top
Unknown malware botnet C2 domain (confidence level: 100%)
domaindejlehfiiibgbcm.top
Unknown malware botnet C2 domain (confidence level: 100%)
domaindlbfdiabhhdaifg.top
Unknown malware botnet C2 domain (confidence level: 100%)
domainfbeadhdmmbidklg.top
Unknown malware botnet C2 domain (confidence level: 100%)
domainfnglhhdcdilllhh.top
Unknown malware botnet C2 domain (confidence level: 100%)
domainhkbafhbghbehhda.top
Unknown malware botnet C2 domain (confidence level: 100%)
domainjembhhnabanmeij.top
Unknown malware botnet C2 domain (confidence level: 100%)
domainjhkddhnllikecni.top
Unknown malware botnet C2 domain (confidence level: 100%)
domainklmnnilmahlkcje.top
Unknown malware botnet C2 domain (confidence level: 100%)
domainmcajijknegnbbga.top
Unknown malware botnet C2 domain (confidence level: 100%)
domainmknjddllgakhaje.top
Unknown malware botnet C2 domain (confidence level: 100%)
domainnaajagigfikmhfj.top
Unknown malware botnet C2 domain (confidence level: 100%)
domainnmchehjjkbnfiak.top
Unknown malware botnet C2 domain (confidence level: 100%)
domainpareek.info
FAKEUPDATES payload delivery domain (confidence level: 100%)
domaindepostsolo.biz
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainrossarnold.info
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainfivetk5pn.top
CryptBot botnet C2 domain (confidence level: 100%)
domainf1057735.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domaina1048940.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domainsanboxland.pro
Amadey botnet C2 domain (confidence level: 100%)
domainegaolife.info
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainglispalin.xin
Unknown malware botnet C2 domain (confidence level: 75%)
domainwodresomdaymomentum.org
SystemBC botnet C2 domain (confidence level: 100%)
domaintech-tribune.shop
Amadey botnet C2 domain (confidence level: 100%)
domaingardenhub-fitlife2.com
Amadey botnet C2 domain (confidence level: 100%)
domaingardenhub-fitlife3.com
Amadey botnet C2 domain (confidence level: 100%)
domainservers.vlrt-gap.com
Mirai botnet C2 domain (confidence level: 75%)
domainawake-weaves.cyou
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainsordid-snaked.cyou
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainwrathful-jammy.cyou
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainportal-klarna.com
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainabrasigehs.my
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainhafiznor3374.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainf1063431.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domain156.65.16.34.bc.googleusercontent.com
MimiKatz botnet C2 domain (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttps://theinb.com/6h6d4.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://theinb.com/js.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://matelitcleaning.com/webpanel/panel/login.php
Gomorrah stealer botnet C2 (confidence level: 100%)
urlhttp://48.210.203.51:8888/supershell/login/
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://154.216.17.90
Stealc botnet C2 (confidence level: 100%)
urlhttps://jimeqey.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://sedone.online/
Vidar botnet C2 (confidence level: 100%)
urlhttps://cineft.online/
Vidar botnet C2 (confidence level: 100%)
urlhttps://65.109.242.111/
Vidar botnet C2 (confidence level: 100%)
urlhttps://116.203.12.241/
Vidar botnet C2 (confidence level: 100%)
urlhttps://naubeautylus.ch/headerfrontend
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://proship.ae/wp-log
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://cyprecoofamerica.com/plugins/invoice
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://klarnaportal.icu/kunde2637252/rechnungsportal/invoice12468251.html
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://lewdtworre.click/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://theinb.com/tr4d4.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://193.124.185.16/gamebigloadhttp/apidumpjavascript/5game/process/vmtoserverlinuxuploads.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://tibetin.com/4fda4.js
FAKEUPDATES payload delivery URL (confidence level: 75%)
urlhttp://103.210.101.22:42717/mozi.m
Mozi payload delivery URL (confidence level: 50%)
urlhttp://wodresomdaymomentum.org/password.php
SystemBC botnet C2 (confidence level: 100%)
urlhttp://sanboxland.pro/3ofn3jf3e2ljk/login.php
Amadey botnet C2 (confidence level: 100%)
urlhttps://185.81.68.147/7vhfjke3/login.php
Amadey botnet C2 (confidence level: 100%)
urlhttps://185.81.68.148/8fvu5jh4dbs/login.php
Amadey botnet C2 (confidence level: 100%)
urlhttps://businessinsanjose.info/work/original.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://businessinsanjose.info/work/index.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://businessinsanjose.info/work/download.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://businessinsanjose.info/work/yyy.zip
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://impend-differ.biz/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://print-vexer.biz/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://dare-curbys.biz/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://covery-mover.biz/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://formy-spill.biz/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://dwell-exclaim.biz/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://zinc-sneark.biz/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://se-blurry.biz/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://drive-connect.cyou/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://sordid-snaked.cyou/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://awake-weaves.cyou/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://wrathful-jammy.cyou/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://pareek.info/work/yyy.zip
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://pareek.info/work/index.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://78.41.139.3/password.php
SystemBC botnet C2 (confidence level: 100%)
urlhttps://pareek.info/work/download.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://pareek.info/work/original.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://depostsolo.biz/work/yyy.zip
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://depostsolo.biz/work/download.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://depostsolo.biz/work/original.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://depostsolo.biz/work/index.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://rossarnold.info/work/original.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://rossarnold.info/work/yyy.zip
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://rossarnold.info/work/index.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://rossarnold.info/work/download.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://egaolife.info/work/yyy.zip
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://egaolife.info/work/index.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://tibetin.com/js.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://ngub8zb38ib.top/1.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://egaolife.info/work/original.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://egaolife.info/work/download.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://tech-tribune.shop/plqvfd4d5/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttp://moviecentral-petparade.com/g9jvjfd73/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttp://connect.resourcecloud.shop/plqvfd4d5/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttp://gardenhub-fitlife.com/g9jvjfd73/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttp://sanboxland.pro/3ofn3jf3e2ljk/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttps://happyjourney.shop/api
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://185.215.113.31:82/api/getkeyloggers
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://185.215.113.31:83/api/getkeyloggers
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://185.215.113.31:85/api/getkeyloggers
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://185.215.113.31/api/getkeyloggers
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://185.76.79.112:85/api/getkeyloggers
Anatsa botnet C2 (confidence level: 50%)
urlhttp://91.215.85.55:85/api/getkeyloggers
Unknown malware botnet C2 (confidence level: 50%)
urlhttps://sordid-snaked.cyou/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://awake-weaves.cyou/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://wrathful-jammy.cyou/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://portal-klarna.com/kunde2637252/rechnungsportal/invoice12468251.html
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://abrasigehs.my/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://92.119.114.51/2048ca003d511226.php
Stealc botnet C2 (confidence level: 100%)
urlhttp://749858cm.renyash.ru/javascriptrequestapibaseprivate.php
DCRat botnet C2 (confidence level: 100%)

Threat ID: 68367c98182aa0cae231eefe

Added to database: 5/28/2025, 3:01:44 AM

Last enriched: 6/27/2025, 10:51:22 AM

Last updated: 8/17/2025, 3:03:18 PM

Views: 19

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats