ThreatFox IOCs for 2024-12-24
Severity: mediumType: malware
ThreatFox IOCs for 2024-12-24
AI Analysis
Technical Summary
The provided threat intelligence concerns a malware-related report titled "ThreatFox IOCs for 2024-12-24," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under "type:osint," indicating it is related to open-source intelligence or derived from publicly available information. The report does not specify affected software versions, specific malware families, or detailed technical characteristics such as attack vectors, payload behaviors, or exploitation methods. The absence of Common Weakness Enumerations (CWEs) and patch links suggests that this intelligence is more focused on sharing IOCs rather than describing a novel vulnerability or exploit. The threat level is indicated as 2 (on an unspecified scale), with analysis and distribution values of 1 and 3 respectively, implying moderate confidence in the analysis and a relatively higher distribution or prevalence of the threat. No known exploits in the wild have been reported, and no direct indicators (such as IP addresses, hashes, or domains) are provided in this summary. The medium severity rating assigned by the source suggests that while the threat is not currently critical, it warrants attention and monitoring. Overall, this intelligence appears to be a routine update of malware-related IOCs intended for use in threat detection and response, rather than an alert about a new or actively exploited vulnerability or malware campaign.
Potential Impact
For European organizations, the potential impact of this threat is currently limited due to the lack of detailed exploit information and absence of known active exploitation. However, given the malware classification and distribution rating, there is a risk that these IOCs could be associated with malware campaigns targeting various sectors. If leveraged by threat actors, such malware could compromise confidentiality by exfiltrating sensitive data, impact integrity through unauthorized modifications, or affect availability by disrupting services. The medium severity rating indicates moderate risk, suggesting that while immediate widespread damage is unlikely, organizations should remain vigilant. The lack of specific affected products or versions means the threat could be broad, potentially impacting organizations that rely on open-source intelligence tools or monitoring systems that ingest such IOCs. European entities involved in cybersecurity monitoring, threat intelligence sharing, or those with exposure to malware distribution channels may be more susceptible. The absence of known exploits in the wild reduces the immediate threat level but does not eliminate the possibility of future exploitation or targeted attacks leveraging these IOCs.
Mitigation Recommendations
1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities. 2. Regularly update threat intelligence feeds and ensure automated ingestion of ThreatFox data to maintain up-to-date situational awareness. 3. Conduct targeted threat hunting exercises focusing on the indicators once available, especially within network traffic, logs, and endpoint behaviors. 4. Strengthen network segmentation and implement strict access controls to limit lateral movement in case of malware infection. 5. Educate security teams on interpreting and operationalizing OSINT-derived IOCs to improve response times. 6. Maintain robust backup and recovery procedures to mitigate potential availability impacts. 7. Monitor for any updates or alerts from ThreatFox or related sources that may provide additional technical details or exploit information. 8. Collaborate with national Computer Emergency Response Teams (CERTs) and industry Information Sharing and Analysis Centers (ISACs) to share intelligence and coordinate defenses.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium
Indicators of Compromise
- file: 111.119.239.73
- hash: 6667
- file: 3.104.76.120
- hash: 443
- file: 47.105.55.111
- hash: 20000
- file: 47.98.194.85
- hash: 433
- file: 103.145.107.203
- hash: 8080
- file: 47.92.208.100
- hash: 443
- file: 154.201.65.7
- hash: 8000
- file: 42.51.49.85
- hash: 8888
- file: 172.111.244.98
- hash: 2889
- file: 85.208.69.51
- hash: 31337
- file: 5.189.221.41
- hash: 443
- file: 87.120.113.94
- hash: 8888
- file: 212.23.222.206
- hash: 9000
- file: 193.233.112.81
- hash: 7443
- file: 80.76.49.16
- hash: 7443
- file: 62.133.61.78
- hash: 443
- file: 54.95.208.190
- hash: 443
- file: 52.215.25.229
- hash: 443
- domain: mail.pinkveda.com
- file: 108.181.199.23
- hash: 5000
- file: 130.164.138.166
- hash: 443
- file: 64.52.80.94
- hash: 80
- domain: www.team-endurancecom.sofianeyaya.fr
- file: 8.153.97.202
- hash: 81
- file: 8.153.97.202
- hash: 3389
- file: 124.71.199.112
- hash: 80
- file: 110.41.165.237
- hash: 80
- file: 111.119.234.149
- hash: 80
- file: 60.204.224.75
- hash: 9999
- file: 91.199.154.103
- hash: 443
- file: 45.32.51.228
- hash: 8080
- file: 1.94.185.149
- hash: 8888
- file: 193.26.115.117
- hash: 8080
- file: 172.111.245.35
- hash: 9907
- file: 78.164.29.133
- hash: 888
- file: 78.164.29.133
- hash: 2003
- file: 78.164.29.133
- hash: 2004
- file: 78.164.29.133
- hash: 20000
- file: 194.26.192.200
- hash: 80
- file: 81.161.238.225
- hash: 80
- file: 45.154.98.70
- hash: 80
- file: 87.121.86.244
- hash: 80
- file: 193.107.109.33
- hash: 45654
- file: 82.65.180.207
- hash: 5986
- file: 95.179.233.26
- hash: 443
- domain: web.app-cloud.link
- file: 104.219.215.160
- hash: 8008
- file: 3.26.31.73
- hash: 18245
- file: 13.246.11.167
- hash: 4730
- file: 50.18.195.138
- hash: 8443
- file: 45.154.98.70
- hash: 8080
- file: 45.82.255.215
- hash: 80
- file: 149.88.80.145
- hash: 80
- domain: server-64-20-34-146.da.direct
- file: 151.236.16.40
- hash: 57144
- file: 154.84.19.161
- hash: 6666
- domain: ecs-1-94-172-68.compute.hwclouds-dns.com
- domain: ccccccccccccccccccccccccc.cc13.cn
- domain: 6.cc13.cn
- domain: ec2-13-59-178-90.us-east-2.compute.amazonaws.com
- domain: charming-feistel.194-26-192-29.plesk.page
- file: 45.141.177.4
- hash: 80
- file: 45.141.177.4
- hash: 7443
- domain: connect-emea.com
- file: 139.84.133.240
- hash: 8088
- file: 176.58.115.197
- hash: 357
- file: 172.104.146.25
- hash: 51
- file: 114.132.229.242
- hash: 60000
- file: 149.104.27.20
- hash: 60000
- file: 83.229.122.191
- hash: 60000
- file: 78.46.244.219
- hash: 3333
- file: 1.94.19.136
- hash: 65530
- file: 129.211.168.251
- hash: 8888
- file: 15.206.245.213
- hash: 3333
- file: 135.181.136.22
- hash: 30133
- file: 123.60.140.194
- hash: 5000
- file: 47.115.55.127
- hash: 3333
- file: 13.48.120.250
- hash: 3333
- file: 157.230.228.36
- hash: 443
- file: 101.43.88.224
- hash: 995
- file: 66.78.40.84
- hash: 5998
- file: 142.171.227.243
- hash: 18082
- file: 50.236.89.7
- hash: 3333
- file: 158.160.102.0
- hash: 3333
- file: 13.234.202.128
- hash: 443
- file: 82.157.233.147
- hash: 443
- file: 81.17.29.9
- hash: 3333
- file: 107.148.49.244
- hash: 995
- file: 165.232.174.179
- hash: 3333
- file: 13.60.202.65
- hash: 3333
- file: 3.128.146.218
- hash: 8443
- file: 157.230.164.90
- hash: 443
- file: 130.43.22.126
- hash: 995
- file: 156.224.26.111
- hash: 6666
- url: https://enterwahsh.biz/api
- file: 149.28.120.105
- hash: 443
- file: 47.95.238.45
- hash: 443
- file: 47.100.130.85
- hash: 8000
- file: 115.159.197.233
- hash: 80
- file: 134.175.158.225
- hash: 443
- file: 8.222.209.150
- hash: 4444
- file: 122.51.144.101
- hash: 801
- file: 77.92.145.190
- hash: 8080
- file: 175.24.234.176
- hash: 443
- file: 89.213.184.75
- hash: 8088
- file: 8.134.59.41
- hash: 80
- domain: driblbemris.lat
- domain: hungrypaster.click
- url: https://lev-tolstoi.com/api
- url: https://sickyicyerh.click/api
- domain: lev-tolstoi.com
- domain: sickyicyerh.click
- url: https://lev-tolstoi.com/api
- url: https://moanungsnake.click/api
- domain: lev-tolstoi.com
- domain: moanungsnake.click
- url: https://fannleadyn.click/api
- url: https://denimcard.com/updater.php
- domain: denimcard.com
- url: http://kazart4q.beget.tech/048f71db.php
- file: 123.60.183.172
- hash: 8088
- file: 8.153.97.202
- hash: 443
- file: 120.24.51.177
- hash: 8081
- file: 122.51.22.201
- hash: 80
- file: 23.94.169.124
- hash: 9090
- file: 1.15.225.146
- hash: 8888
- file: 88.209.248.128
- hash: 80
- file: 65.38.120.21
- hash: 7443
- file: 15.237.132.145
- hash: 2095
- file: 52.16.157.89
- hash: 2086
- file: 84.154.178.61
- hash: 81
- file: 84.154.178.61
- hash: 82
- file: 185.222.58.90
- hash: 55615
- url: https://observerfry.lat/api
- url: https://lev-tolstoi.com/api
- domain: lev-tolstoi.com
- domain: observerfry.lat
- file: 43.140.212.191
- hash: 7000
- file: 103.152.254.64
- hash: 8080
- file: 144.126.149.221
- hash: 6606
- file: 102.117.166.0
- hash: 7443
- file: 155.138.133.23
- hash: 7443
- file: 185.196.8.12
- hash: 7443
- file: 84.247.172.112
- hash: 12015
- file: 23.239.11.153
- hash: 284
- file: 139.162.17.182
- hash: 420
- file: 110.41.34.125
- hash: 60000
- file: 111.229.129.219
- hash: 60000
- file: 18.171.54.169
- hash: 3333
- file: 193.31.41.94
- hash: 3333
- file: 31.220.98.20
- hash: 443
- file: 118.195.162.17
- hash: 8888
- file: 34.56.10.90
- hash: 10443
- file: 101.43.88.224
- hash: 25
- file: 185.121.15.192
- hash: 80
- url: http://twentytk20ht.top/v1/upload.php
- file: 67.203.7.209
- hash: 1244
- url: http://mrpon108.beget.tech/b5f8f8bd.php
- file: 39.98.48.153
- hash: 6443
- file: 103.67.162.242
- hash: 2404
- file: 118.107.46.108
- hash: 56004
- file: 102.117.168.81
- hash: 7443
- file: 62.60.238.194
- hash: 80
- file: 13.231.253.174
- hash: 59179
- file: 209.97.169.148
- hash: 6666
- file: 178.128.222.24
- hash: 6666
- domain: thirtth13pn.top
- file: 185.196.8.105
- hash: 59962
- domain: srvy.vlrt-gap.com
- url: http://117.215.219.183:56294/mozi.m
- url: http://185.231.69.191/f190e2808a5419c3.php
- domain: dhusch.com
- url: https://dhusch.com/6vs5.js
- domain: we-careu.xyz
- url: https://we-careu.xyz/work/original.js
- url: https://dhusch.com/js.php
- url: https://we-careu.xyz/work/index.php
- url: https://we-careu.xyz/work/download.php
- url: http://45.130.145.152/auth/login
- url: http://66.63.187.173/auth/login
- url: http://138.124.101.41/auth/login
- file: 176.126.114.68
- hash: 1025
- url: https://eddit.me/veety/
- file: 84.247.147.214
- hash: 8080
- file: 43.138.147.74
- hash: 4782
- url: http://154.9.254.60:8888/supershell/login/
- file: 154.9.254.60
- hash: 8888
- file: 139.84.142.56
- hash: 443
- file: 47.92.200.20
- hash: 443
- file: 82.156.19.76
- hash: 2083
- file: 47.92.83.128
- hash: 443
- file: 43.136.69.151
- hash: 50002
- file: 101.43.254.21
- hash: 8443
- file: 207.148.24.22
- hash: 443
- file: 179.13.5.17
- hash: 8020
- file: 194.26.192.29
- hash: 80
- file: 104.248.123.182
- hash: 4443
- domain: ec2-13-43-58-188.eu-west-2.compute.amazonaws.com
- file: 179.13.5.17
- hash: 8010
- file: 15.236.123.155
- hash: 3128
- file: 116.2.185.245
- hash: 7443
- file: 138.124.53.89
- hash: 80
- file: 159.89.205.160
- hash: 8080
- domain: trailbuddymaps.com
- url: https://trailbuddymaps.com/updater.php
- file: 45.76.253.210
- hash: 443
- url: http://121.40.55.28:80/aqfe
- file: 113.45.202.9
- hash: 80
- file: 123.60.81.230
- hash: 80
- file: 141.98.197.31
- hash: 9580
- file: 60.204.248.8
- hash: 80
- file: 113.44.192.126
- hash: 80
- file: 47.109.200.55
- hash: 80
- file: 103.234.72.222
- hash: 443
- file: 103.234.72.222
- hash: 2095
- file: 172.245.244.69
- hash: 2404
- file: 193.142.147.51
- hash: 8443
- domain: egypt2.camdvr.org
- domain: sasaa.kozow.com
- file: 102.117.169.182
- hash: 7443
- file: 194.26.192.200
- hash: 8082
- file: 45.141.177.4
- hash: 10443
- file: 3.106.183.189
- hash: 5938
- file: 185.147.124.104
- hash: 443
- file: 5.42.223.135
- hash: 7443
- domain: cryp-domedows.com
- file: 185.196.8.218
- hash: 8080
- url: http://135.181.65.216/ee45b7c5e4cb75cb.php
- file: 34.34.145.103
- hash: 443
- file: 34.83.67.185
- hash: 443
- file: 34.169.99.17
- hash: 443
- file: 35.195.45.98
- hash: 443
ThreatFox IOCs for 2024-12-24
Medium
Published: Tue Dec 24 2024 (12/24/2024, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2024-12-24
AI-Powered Analysis
AILast updated: 06/19/2025, 15:35:01 UTC
Technical Analysis
The provided threat intelligence concerns a malware-related report titled "ThreatFox IOCs for 2024-12-24," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under "type:osint," indicating it is related to open-source intelligence or derived from publicly available information. The report does not specify affected software versions, specific malware families, or detailed technical characteristics such as attack vectors, payload behaviors, or exploitation methods. The absence of Common Weakness Enumerations (CWEs) and patch links suggests that this intelligence is more focused on sharing IOCs rather than describing a novel vulnerability or exploit. The threat level is indicated as 2 (on an unspecified scale), with analysis and distribution values of 1 and 3 respectively, implying moderate confidence in the analysis and a relatively higher distribution or prevalence of the threat. No known exploits in the wild have been reported, and no direct indicators (such as IP addresses, hashes, or domains) are provided in this summary. The medium severity rating assigned by the source suggests that while the threat is not currently critical, it warrants attention and monitoring. Overall, this intelligence appears to be a routine update of malware-related IOCs intended for use in threat detection and response, rather than an alert about a new or actively exploited vulnerability or malware campaign.
Potential Impact
For European organizations, the potential impact of this threat is currently limited due to the lack of detailed exploit information and absence of known active exploitation. However, given the malware classification and distribution rating, there is a risk that these IOCs could be associated with malware campaigns targeting various sectors. If leveraged by threat actors, such malware could compromise confidentiality by exfiltrating sensitive data, impact integrity through unauthorized modifications, or affect availability by disrupting services. The medium severity rating indicates moderate risk, suggesting that while immediate widespread damage is unlikely, organizations should remain vigilant. The lack of specific affected products or versions means the threat could be broad, potentially impacting organizations that rely on open-source intelligence tools or monitoring systems that ingest such IOCs. European entities involved in cybersecurity monitoring, threat intelligence sharing, or those with exposure to malware distribution channels may be more susceptible. The absence of known exploits in the wild reduces the immediate threat level but does not eliminate the possibility of future exploitation or targeted attacks leveraging these IOCs.
Mitigation Recommendations
1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities. 2. Regularly update threat intelligence feeds and ensure automated ingestion of ThreatFox data to maintain up-to-date situational awareness. 3. Conduct targeted threat hunting exercises focusing on the indicators once available, especially within network traffic, logs, and endpoint behaviors. 4. Strengthen network segmentation and implement strict access controls to limit lateral movement in case of malware infection. 5. Educate security teams on interpreting and operationalizing OSINT-derived IOCs to improve response times. 6. Maintain robust backup and recovery procedures to mitigate potential availability impacts. 7. Monitor for any updates or alerts from ThreatFox or related sources that may provide additional technical details or exploit information. 8. Collaborate with national Computer Emergency Response Teams (CERTs) and industry Information Sharing and Analysis Centers (ISACs) to share intelligence and coordinate defenses.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 92bdc750-b4c3-4138-9546-17ba6e6ffbe9
- Original Timestamp
- 1735084987
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file111.119.239.73 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file3.104.76.120 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.105.55.111 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.98.194.85 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.145.107.203 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.92.208.100 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.201.65.7 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file42.51.49.85 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file172.111.244.98 | Remcos botnet C2 server (confidence level: 100%) | |
file85.208.69.51 | Sliver botnet C2 server (confidence level: 100%) | |
file5.189.221.41 | ShadowPad botnet C2 server (confidence level: 90%) | |
file87.120.113.94 | Unknown malware botnet C2 server (confidence level: 100%) | |
file212.23.222.206 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file193.233.112.81 | Unknown malware botnet C2 server (confidence level: 100%) | |
file80.76.49.16 | Unknown malware botnet C2 server (confidence level: 100%) | |
file62.133.61.78 | Havoc botnet C2 server (confidence level: 100%) | |
file54.95.208.190 | Havoc botnet C2 server (confidence level: 100%) | |
file52.215.25.229 | Havoc botnet C2 server (confidence level: 100%) | |
file108.181.199.23 | DCRat botnet C2 server (confidence level: 100%) | |
file130.164.138.166 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file64.52.80.94 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
file8.153.97.202 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.153.97.202 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.71.199.112 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file110.41.165.237 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.119.234.149 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file60.204.224.75 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.199.154.103 | Sliver botnet C2 server (confidence level: 100%) | |
file45.32.51.228 | ShadowPad botnet C2 server (confidence level: 90%) | |
file1.94.185.149 | Unknown malware botnet C2 server (confidence level: 100%) | |
file193.26.115.117 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file172.111.245.35 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file78.164.29.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file78.164.29.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file78.164.29.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file78.164.29.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file194.26.192.200 | Hook botnet C2 server (confidence level: 100%) | |
file81.161.238.225 | Hook botnet C2 server (confidence level: 100%) | |
file45.154.98.70 | Hook botnet C2 server (confidence level: 100%) | |
file87.121.86.244 | Hook botnet C2 server (confidence level: 100%) | |
file193.107.109.33 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file82.65.180.207 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file95.179.233.26 | Havoc botnet C2 server (confidence level: 100%) | |
file104.219.215.160 | Venom RAT botnet C2 server (confidence level: 100%) | |
file3.26.31.73 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.246.11.167 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file50.18.195.138 | DeimosC2 botnet C2 server (confidence level: 100%) | |
file45.154.98.70 | ERMAC botnet C2 server (confidence level: 100%) | |
file45.82.255.215 | MooBot botnet C2 server (confidence level: 100%) | |
file149.88.80.145 | MooBot botnet C2 server (confidence level: 100%) | |
file151.236.16.40 | BianLian botnet C2 server (confidence level: 100%) | |
file154.84.19.161 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file45.141.177.4 | Havoc botnet C2 server (confidence level: 100%) | |
file45.141.177.4 | Havoc botnet C2 server (confidence level: 100%) | |
file139.84.133.240 | Unknown malware botnet C2 server (confidence level: 100%) | |
file176.58.115.197 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.104.146.25 | Unknown malware botnet C2 server (confidence level: 100%) | |
file114.132.229.242 | Unknown malware botnet C2 server (confidence level: 100%) | |
file149.104.27.20 | Unknown malware botnet C2 server (confidence level: 100%) | |
file83.229.122.191 | Unknown malware botnet C2 server (confidence level: 100%) | |
file78.46.244.219 | Unknown malware botnet C2 server (confidence level: 100%) | |
file1.94.19.136 | Unknown malware botnet C2 server (confidence level: 100%) | |
file129.211.168.251 | Unknown malware botnet C2 server (confidence level: 100%) | |
file15.206.245.213 | Unknown malware botnet C2 server (confidence level: 100%) | |
file135.181.136.22 | Unknown malware botnet C2 server (confidence level: 100%) | |
file123.60.140.194 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.115.55.127 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.48.120.250 | Unknown malware botnet C2 server (confidence level: 100%) | |
file157.230.228.36 | Unknown malware botnet C2 server (confidence level: 100%) | |
file101.43.88.224 | Unknown malware botnet C2 server (confidence level: 100%) | |
file66.78.40.84 | Unknown malware botnet C2 server (confidence level: 100%) | |
file142.171.227.243 | Unknown malware botnet C2 server (confidence level: 100%) | |
file50.236.89.7 | Unknown malware botnet C2 server (confidence level: 100%) | |
file158.160.102.0 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.234.202.128 | Unknown malware botnet C2 server (confidence level: 100%) | |
file82.157.233.147 | Unknown malware botnet C2 server (confidence level: 100%) | |
file81.17.29.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file107.148.49.244 | Unknown malware botnet C2 server (confidence level: 100%) | |
file165.232.174.179 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.60.202.65 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.128.146.218 | Unknown malware botnet C2 server (confidence level: 100%) | |
file157.230.164.90 | BianLian botnet C2 server (confidence level: 100%) | |
file130.43.22.126 | QakBot botnet C2 server (confidence level: 100%) | |
file156.224.26.111 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file149.28.120.105 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
file47.95.238.45 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.100.130.85 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file115.159.197.233 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file134.175.158.225 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.222.209.150 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file122.51.144.101 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file77.92.145.190 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file175.24.234.176 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file89.213.184.75 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.134.59.41 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.60.183.172 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.153.97.202 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.24.51.177 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file122.51.22.201 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.94.169.124 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.15.225.146 | Unknown malware botnet C2 server (confidence level: 100%) | |
file88.209.248.128 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file65.38.120.21 | Unknown malware botnet C2 server (confidence level: 100%) | |
file15.237.132.145 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file52.16.157.89 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file84.154.178.61 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file84.154.178.61 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file185.222.58.90 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file43.140.212.191 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.152.254.64 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file144.126.149.221 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file102.117.166.0 | Unknown malware botnet C2 server (confidence level: 100%) | |
file155.138.133.23 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.196.8.12 | Unknown malware botnet C2 server (confidence level: 100%) | |
file84.247.172.112 | Ares botnet C2 server (confidence level: 90%) | |
file23.239.11.153 | Unknown malware botnet C2 server (confidence level: 100%) | |
file139.162.17.182 | Unknown malware botnet C2 server (confidence level: 100%) | |
file110.41.34.125 | Unknown malware botnet C2 server (confidence level: 100%) | |
file111.229.129.219 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.171.54.169 | Unknown malware botnet C2 server (confidence level: 100%) | |
file193.31.41.94 | Unknown malware botnet C2 server (confidence level: 100%) | |
file31.220.98.20 | Unknown malware botnet C2 server (confidence level: 100%) | |
file118.195.162.17 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.56.10.90 | Unknown malware botnet C2 server (confidence level: 100%) | |
file101.43.88.224 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.121.15.192 | CryptBot botnet C2 server (confidence level: 75%) | |
file67.203.7.209 | Unknown malware botnet C2 server (confidence level: 75%) | |
file39.98.48.153 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.67.162.242 | Remcos botnet C2 server (confidence level: 100%) | |
file118.107.46.108 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file102.117.168.81 | Unknown malware botnet C2 server (confidence level: 100%) | |
file62.60.238.194 | Havoc botnet C2 server (confidence level: 100%) | |
file13.231.253.174 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file209.97.169.148 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file178.128.222.24 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file185.196.8.105 | Mirai botnet C2 server (confidence level: 75%) | |
file176.126.114.68 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file84.247.147.214 | MimiKatz payload delivery server (confidence level: 100%) | |
file43.138.147.74 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file154.9.254.60 | Unknown malware botnet C2 server (confidence level: 100%) | |
file139.84.142.56 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.92.200.20 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file82.156.19.76 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.92.83.128 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.136.69.151 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.43.254.21 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file207.148.24.22 | Sliver botnet C2 server (confidence level: 100%) | |
file179.13.5.17 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file194.26.192.29 | Hook botnet C2 server (confidence level: 100%) | |
file104.248.123.182 | Havoc botnet C2 server (confidence level: 100%) | |
file179.13.5.17 | DCRat botnet C2 server (confidence level: 100%) | |
file15.236.123.155 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file116.2.185.245 | Unknown malware botnet C2 server (confidence level: 100%) | |
file138.124.53.89 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
file159.89.205.160 | MimiKatz botnet C2 server (confidence level: 100%) | |
file45.76.253.210 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file113.45.202.9 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.60.81.230 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file141.98.197.31 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file60.204.248.8 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file113.44.192.126 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.109.200.55 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.234.72.222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.234.72.222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.245.244.69 | Remcos botnet C2 server (confidence level: 100%) | |
file193.142.147.51 | Sliver botnet C2 server (confidence level: 100%) | |
file102.117.169.182 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.26.192.200 | Hook botnet C2 server (confidence level: 100%) | |
file45.141.177.4 | Havoc botnet C2 server (confidence level: 100%) | |
file3.106.183.189 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file185.147.124.104 | PoshC2 botnet C2 server (confidence level: 100%) | |
file5.42.223.135 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.196.8.218 | Chaos botnet C2 server (confidence level: 100%) | |
file34.34.145.103 | DanaBot botnet C2 server (confidence level: 100%) | |
file34.83.67.185 | DanaBot botnet C2 server (confidence level: 100%) | |
file34.169.99.17 | DanaBot botnet C2 server (confidence level: 100%) | |
file35.195.45.98 | DanaBot botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash6667 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8000 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash8888 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash2889 | Remcos botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash5000 | DCRat botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3389 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8080 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9907 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2003 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2004 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash20000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash45654 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash5986 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8008 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash18245 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash4730 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8443 | DeimosC2 botnet C2 server (confidence level: 100%) | |
hash8080 | ERMAC botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash57144 | BianLian botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash7443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8088 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash357 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash51 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash65530 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash30133 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash995 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5998 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash18082 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash995 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | BianLian botnet C2 server (confidence level: 100%) | |
hash995 | QakBot botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash443 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash801 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9090 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2095 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash2086 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash81 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash82 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash55615 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash7000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash12015 | Ares botnet C2 server (confidence level: 90%) | |
hash284 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash420 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash25 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | CryptBot botnet C2 server (confidence level: 75%) | |
hash1244 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash6443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash56004 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash59179 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash59962 | Mirai botnet C2 server (confidence level: 75%) | |
hash1025 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8080 | MimiKatz payload delivery server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2083 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50002 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8020 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash4443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8010 | DCRat botnet C2 server (confidence level: 100%) | |
hash3128 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
hash8080 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9580 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2095 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash10443 | Havoc botnet C2 server (confidence level: 100%) | |
hash5938 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | PoshC2 botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Chaos botnet C2 server (confidence level: 100%) | |
hash443 | DanaBot botnet C2 server (confidence level: 100%) | |
hash443 | DanaBot botnet C2 server (confidence level: 100%) | |
hash443 | DanaBot botnet C2 server (confidence level: 100%) | |
hash443 | DanaBot botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainmail.pinkveda.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwww.team-endurancecom.sofianeyaya.fr | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainweb.app-cloud.link | Havoc botnet C2 domain (confidence level: 100%) | |
domainserver-64-20-34-146.da.direct | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainecs-1-94-172-68.compute.hwclouds-dns.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainccccccccccccccccccccccccc.cc13.cn | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domain6.cc13.cn | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainec2-13-59-178-90.us-east-2.compute.amazonaws.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincharming-feistel.194-26-192-29.plesk.page | Hook botnet C2 domain (confidence level: 100%) | |
domainconnect-emea.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaindriblbemris.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhungrypaster.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainlev-tolstoi.com | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsickyicyerh.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainlev-tolstoi.com | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmoanungsnake.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindenimcard.com | Satacom botnet C2 domain (confidence level: 100%) | |
domainlev-tolstoi.com | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainobserverfry.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainthirtth13pn.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsrvy.vlrt-gap.com | Mirai botnet C2 domain (confidence level: 75%) | |
domaindhusch.com | FAKEUPDATES payload delivery domain (confidence level: 75%) | |
domainwe-careu.xyz | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainec2-13-43-58-188.eu-west-2.compute.amazonaws.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaintrailbuddymaps.com | Satacom botnet C2 domain (confidence level: 100%) | |
domainegypt2.camdvr.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainsasaa.kozow.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaincryp-domedows.com | Unknown malware botnet C2 domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://enterwahsh.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://lev-tolstoi.com/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://sickyicyerh.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://lev-tolstoi.com/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://moanungsnake.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://fannleadyn.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://denimcard.com/updater.php | Satacom botnet C2 (confidence level: 100%) | |
urlhttp://kazart4q.beget.tech/048f71db.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://observerfry.lat/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://lev-tolstoi.com/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://twentytk20ht.top/v1/upload.php | CryptBot botnet C2 (confidence level: 100%) | |
urlhttp://mrpon108.beget.tech/b5f8f8bd.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://117.215.219.183:56294/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttp://185.231.69.191/f190e2808a5419c3.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttps://dhusch.com/6vs5.js | FAKEUPDATES payload delivery URL (confidence level: 75%) | |
urlhttps://we-careu.xyz/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://dhusch.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 75%) | |
urlhttps://we-careu.xyz/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://we-careu.xyz/work/download.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://45.130.145.152/auth/login | Meduza Stealer botnet C2 (confidence level: 100%) | |
urlhttp://66.63.187.173/auth/login | Meduza Stealer botnet C2 (confidence level: 100%) | |
urlhttp://138.124.101.41/auth/login | Meduza Stealer botnet C2 (confidence level: 100%) | |
urlhttps://eddit.me/veety/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://154.9.254.60:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://trailbuddymaps.com/updater.php | Satacom botnet C2 (confidence level: 100%) | |
urlhttp://121.40.55.28:80/aqfe | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://135.181.65.216/ee45b7c5e4cb75cb.php | Stealc botnet C2 (confidence level: 100%) |
Threat ID: 682c7dc4e8347ec82d2eae63
Added to database: 5/20/2025, 1:04:04 PM
Last enriched: 6/19/2025, 3:35:01 PM
Last updated: 7/28/2025, 10:48:13 AM
Views: 6
Related Threats
ThreatFox IOCs for 2025-08-13
MediumMalwareThu Aug 14 2025
Efimer Trojan Steals Crypto, Hacks WordPress Sites via Torrents and Phishing
MediumMalwareWed Aug 13 2025
Silent Watcher: Dissecting Cmimai Stealer's VBS Payload
MediumMalwareWed Aug 13 2025
CastleLoader Analysis
MediumMalwareWed Aug 13 2025
The Dark Side of Parental Control Apps
MediumMalwareWed Aug 13 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.