ThreatFox IOCs for 2024-12-25
ThreatFox IOCs for 2024-12-25
AI Analysis
Technical Summary
The provided threat intelligence concerns a malware-related report titled "ThreatFox IOCs for 2024-12-25," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under "type:osint," indicating it primarily relates to open-source intelligence gathering or dissemination rather than a specific exploit or vulnerability. No specific affected product versions or detailed technical indicators are provided, and no known exploits are currently active in the wild. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination or sharing of this intelligence. The absence of CWE identifiers, patch links, or detailed attack vectors implies that this report serves more as a collection or update of IOCs rather than describing a novel or active malware campaign. The lack of indicators and detailed technical data limits the ability to perform deep technical analysis; however, the medium severity rating suggests that while the threat may not be immediately critical, it warrants attention and monitoring. Given the nature of ThreatFox as a repository for threat intelligence, this report likely aims to inform security teams about emerging or ongoing malware-related activities detected through OSINT methods, enabling proactive defense measures.
Potential Impact
For European organizations, the impact of this threat is currently limited due to the absence of active exploits and detailed technical indicators. However, the dissemination of malware-related IOCs can aid threat actors in refining their tactics or enable defenders to enhance detection capabilities. If these IOCs pertain to malware targeting common enterprise systems or widely used software, European entities could face risks such as data breaches, operational disruption, or espionage if the malware is later weaponized. The medium severity rating suggests a moderate risk level, implying that while immediate damage is unlikely, the threat could evolve or be leveraged in targeted attacks. European organizations with mature security operations centers (SOCs) and threat intelligence teams can benefit from integrating these IOCs to improve situational awareness. Conversely, entities lacking such capabilities might be at a disadvantage if the threat escalates. The lack of specific affected products or versions also means that the threat is not currently tied to a particular vulnerability, reducing the immediacy of patching or mitigation efforts but emphasizing the need for vigilance in monitoring network and endpoint behaviors.
Mitigation Recommendations
1. Integrate ThreatFox IOCs into existing security information and event management (SIEM) and endpoint detection and response (EDR) platforms to enhance detection of related malware activity. 2. Conduct regular threat hunting exercises using the latest OSINT feeds to identify potential indicators of compromise within the network. 3. Maintain up-to-date asset inventories and monitor for unusual network traffic or endpoint behavior that could indicate malware presence. 4. Implement network segmentation and strict access controls to limit lateral movement should an infection occur. 5. Educate security teams on the importance of OSINT sources like ThreatFox to stay informed about emerging threats and adjust defensive postures accordingly. 6. Since no patches or specific vulnerabilities are identified, focus on strengthening general cybersecurity hygiene, including timely application of security updates for all software and operating systems. 7. Collaborate with national and European cybersecurity agencies to share intelligence and receive alerts about evolving threats related to these IOCs.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium, Sweden, Finland
Indicators of Compromise
- url: http://nubxz4ubhxz9i.top/1.php
- domain: haimasher.xyz
- url: https://haimasher.xyz/work/download.php
- url: https://haimasher.xyz/work/original.js
- url: https://haimasher.xyz/work/index.php
- domain: suclub.xyz
- url: https://suclub.xyz/work/original.js
- url: https://suclub.xyz/work/index.php
- url: https://suclub.xyz/work/download.php
- domain: ecs-119-3-154-143.compute.hwclouds-dns.com
- file: 3.68.171.119
- hash: 11145
- url: https://starbursttc.top/ytzhzjlioddlyti4/
- file: 111.229.178.230
- hash: 50040
- file: 47.99.62.123
- hash: 8088
- file: 156.251.25.152
- hash: 2096
- file: 89.110.99.169
- hash: 443
- file: 176.188.105.70
- hash: 443
- file: 35.77.221.213
- hash: 389
- file: 194.59.30.192
- hash: 80
- file: 1.94.234.116
- hash: 808
- file: 178.215.238.69
- hash: 80
- file: 213.136.90.188
- hash: 8081
- file: 185.229.9.27
- hash: 993
- url: http://154.85.54.80:8888/supershell/login/
- file: 156.224.26.96
- hash: 6666
- file: 27.106.119.252
- hash: 2095
- file: 161.35.177.212
- hash: 443
- file: 192.3.238.130
- hash: 8888
- file: 102.117.173.224
- hash: 7443
- file: 198.167.199.230
- hash: 19132
- file: 64.176.162.142
- hash: 443
- file: 85.31.47.75
- hash: 5060
- file: 35.95.118.9
- hash: 49502
- file: 54.206.65.193
- hash: 83
- file: 13.113.63.238
- hash: 80
- file: 2.59.133.137
- hash: 1337
- file: 5.22.222.243
- hash: 80
- url: http://62.109.25.165/logdata/rulelog/auto/message/logdemocpupref/demo/providervideo_dletemp.php
- domain: ncuahsd.top
- domain: www.sapress.help
- file: 107.189.28.92
- hash: 8888
- file: 139.84.133.240
- hash: 4430
- file: 154.90.48.6
- hash: 51
- file: 154.93.37.225
- hash: 564
- file: 139.162.17.240
- hash: 63981
- file: 139.162.17.240
- hash: 80
- file: 139.162.17.240
- hash: 8080
- file: 139.162.17.240
- hash: 10443
- file: 139.162.17.240
- hash: 50580
- file: 139.162.17.240
- hash: 56522
- file: 1.95.9.142
- hash: 60000
- file: 1.94.215.81
- hash: 60000
- file: 52.91.84.198
- hash: 8080
- file: 20.55.104.201
- hash: 443
- file: 106.75.215.144
- hash: 3333
- file: 50.215.111.235
- hash: 3333
- file: 65.1.86.246
- hash: 3333
- file: 13.232.142.242
- hash: 443
- file: 89.110.88.100
- hash: 2053
- file: 159.65.129.37
- hash: 8080
- file: 101.43.88.224
- hash: 465
- file: 118.26.38.176
- hash: 3333
- file: 219.136.209.179
- hash: 3333
- file: 13.87.246.199
- hash: 3333
- file: 41.59.254.45
- hash: 80
- file: 110.34.27.20
- hash: 3333
- file: 18.219.40.66
- hash: 3333
- file: 18.135.30.45
- hash: 4224
- file: 147.185.221.24
- hash: 37290
- url: http://154.18.239.212:8888/supershell/login/
- file: 154.18.239.212
- hash: 8888
- file: 113.44.75.176
- hash: 443
- file: 48.210.29.251
- hash: 8001
- file: 47.92.81.162
- hash: 8088
- file: 47.98.175.179
- hash: 80
- file: 124.222.59.8
- hash: 8009
- file: 149.104.30.45
- hash: 80
- file: 43.139.204.206
- hash: 9443
- file: 60.188.59.126
- hash: 8099
- file: 3.114.169.53
- hash: 80
- file: 8.140.60.23
- hash: 80
- file: 5.252.153.32
- hash: 8082
- domain: aa.charming-feistel.194-26-192-29.plesk.page
- file: 194.26.192.29
- hash: 8082
- file: 194.26.192.29
- hash: 8089
- file: 136.144.160.175
- hash: 40056
- file: 13.244.61.79
- hash: 50001
- file: 144.48.8.243
- hash: 808
- file: 178.215.238.36
- hash: 1337
- file: 185.193.48.92
- hash: 4675
- file: 185.196.9.67
- hash: 80
- file: 87.120.120.7
- hash: 1912
- file: 154.198.49.151
- hash: 6666
- file: 82.156.0.140
- hash: 6666
- file: 156.244.19.46
- hash: 5555
- file: 110.42.232.120
- hash: 80
- file: 47.100.130.85
- hash: 4567
- file: 113.44.37.89
- hash: 4444
- domain: consirepdi.biz
- file: 157.245.146.223
- hash: 8773
- file: 198.167.199.208
- hash: 19132
- file: 43.204.112.34
- hash: 443
- file: 50.18.195.138
- hash: 7443
- file: 34.134.212.77
- hash: 7443
- file: 85.209.133.91
- hash: 80
- domain: api.edureel.ai
- domain: chinagov.one
- file: 134.122.155.90
- hash: 9091
- file: 85.239.34.134
- hash: 6666
- domain: prapor03212.ddns.net
- file: 158.140.133.56
- hash: 8090
- file: 18.198.77.177
- hash: 17275
- file: 52.28.112.211
- hash: 17275
- file: 116.203.8.178
- hash: 443
- file: 95.217.241.133
- hash: 443
- url: https://d4chil.xyz/
- url: https://95.217.241.133/
- domain: d4chil.xyz
- domain: charsi.sbs
- url: https://charsi.sbs/
- file: 116.203.14.4
- hash: 443
- url: https://fastard.com/v6s5.js
- domain: fastard.com
- url: https://fastard.com/js.php
- url: http://whware.top/requestlowgeolongpollwordpress.php
- file: 62.76.233.246
- hash: 80
- file: 159.138.151.224
- hash: 8888
- file: 182.92.206.168
- hash: 8888
- file: 85.108.110.41
- hash: 888
- file: 85.108.110.41
- hash: 2003
- domain: abaftebeetl.biz
- file: 165.154.32.94
- hash: 443
- file: 3.226.113.51
- hash: 80
- file: 3.226.113.51
- hash: 443
- file: 194.26.192.42
- hash: 9090
- file: 147.45.45.2
- hash: 80
- file: 159.100.17.87
- hash: 80
- url: http://159.138.35.116:8888/supershell/login/
- file: 147.185.221.18
- hash: 42876
- url: http://328579cm.renyash.ru/vmmulti.php
- file: 123.56.43.176
- hash: 443
- file: 123.56.43.176
- hash: 2086
- file: 152.32.201.202
- hash: 446
- file: 212.34.131.71
- hash: 80
- file: 49.113.76.153
- hash: 8888
- file: 62.133.61.124
- hash: 443
- file: 192.238.134.73
- hash: 56003
- file: 192.238.134.73
- hash: 56004
- file: 192.238.134.73
- hash: 56005
- file: 185.216.68.189
- hash: 8080
- file: 86.124.25.57
- hash: 2077
- file: 86.124.25.57
- hash: 2323
- file: 86.124.25.57
- hash: 9301
- file: 86.124.25.57
- hash: 12238
- file: 86.124.25.57
- hash: 20786
- file: 86.124.25.57
- hash: 529
- file: 86.124.25.57
- hash: 1883
- file: 86.124.25.57
- hash: 6000
- file: 86.124.25.57
- hash: 8006
- file: 86.124.25.57
- hash: 8812
- file: 86.124.25.57
- hash: 50995
- file: 86.124.25.57
- hash: 631
- file: 86.124.25.57
- hash: 57689
- file: 86.124.25.57
- hash: 3425
- file: 86.124.25.57
- hash: 5432
- file: 86.124.25.57
- hash: 623
- file: 86.124.25.57
- hash: 9090
- file: 86.124.25.57
- hash: 44818
- file: 86.124.25.57
- hash: 51005
- file: 86.124.25.57
- hash: 24301
- file: 86.124.25.57
- hash: 48597
- file: 86.124.25.57
- hash: 63023
- file: 86.124.25.57
- hash: 2000
- file: 86.124.25.57
- hash: 2455
- file: 86.124.25.57
- hash: 16992
- file: 86.124.25.57
- hash: 58877
- file: 86.124.25.57
- hash: 1098
- file: 86.124.25.57
- hash: 5984
- file: 86.124.25.57
- hash: 6334
- file: 165.232.75.214
- hash: 443
- file: 172.94.30.35
- hash: 9000
- file: 173.46.80.137
- hash: 7443
- file: 166.108.226.235
- hash: 8082
- file: 147.45.78.8
- hash: 80
ThreatFox IOCs for 2024-12-25
Description
ThreatFox IOCs for 2024-12-25
AI-Powered Analysis
Technical Analysis
The provided threat intelligence concerns a malware-related report titled "ThreatFox IOCs for 2024-12-25," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under "type:osint," indicating it primarily relates to open-source intelligence gathering or dissemination rather than a specific exploit or vulnerability. No specific affected product versions or detailed technical indicators are provided, and no known exploits are currently active in the wild. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination or sharing of this intelligence. The absence of CWE identifiers, patch links, or detailed attack vectors implies that this report serves more as a collection or update of IOCs rather than describing a novel or active malware campaign. The lack of indicators and detailed technical data limits the ability to perform deep technical analysis; however, the medium severity rating suggests that while the threat may not be immediately critical, it warrants attention and monitoring. Given the nature of ThreatFox as a repository for threat intelligence, this report likely aims to inform security teams about emerging or ongoing malware-related activities detected through OSINT methods, enabling proactive defense measures.
Potential Impact
For European organizations, the impact of this threat is currently limited due to the absence of active exploits and detailed technical indicators. However, the dissemination of malware-related IOCs can aid threat actors in refining their tactics or enable defenders to enhance detection capabilities. If these IOCs pertain to malware targeting common enterprise systems or widely used software, European entities could face risks such as data breaches, operational disruption, or espionage if the malware is later weaponized. The medium severity rating suggests a moderate risk level, implying that while immediate damage is unlikely, the threat could evolve or be leveraged in targeted attacks. European organizations with mature security operations centers (SOCs) and threat intelligence teams can benefit from integrating these IOCs to improve situational awareness. Conversely, entities lacking such capabilities might be at a disadvantage if the threat escalates. The lack of specific affected products or versions also means that the threat is not currently tied to a particular vulnerability, reducing the immediacy of patching or mitigation efforts but emphasizing the need for vigilance in monitoring network and endpoint behaviors.
Mitigation Recommendations
1. Integrate ThreatFox IOCs into existing security information and event management (SIEM) and endpoint detection and response (EDR) platforms to enhance detection of related malware activity. 2. Conduct regular threat hunting exercises using the latest OSINT feeds to identify potential indicators of compromise within the network. 3. Maintain up-to-date asset inventories and monitor for unusual network traffic or endpoint behavior that could indicate malware presence. 4. Implement network segmentation and strict access controls to limit lateral movement should an infection occur. 5. Educate security teams on the importance of OSINT sources like ThreatFox to stay informed about emerging threats and adjust defensive postures accordingly. 6. Since no patches or specific vulnerabilities are identified, focus on strengthening general cybersecurity hygiene, including timely application of security updates for all software and operating systems. 7. Collaborate with national and European cybersecurity agencies to share intelligence and receive alerts about evolving threats related to these IOCs.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- d0b2c0ba-0c66-4a8c-93f3-86bdb0ff815b
- Original Timestamp
- 1735171391
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://nubxz4ubhxz9i.top/1.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://haimasher.xyz/work/download.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://haimasher.xyz/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://haimasher.xyz/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://suclub.xyz/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://suclub.xyz/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://suclub.xyz/work/download.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://starbursttc.top/ytzhzjlioddlyti4/ | Coper botnet C2 (confidence level: 100%) | |
urlhttp://154.85.54.80:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://62.109.25.165/logdata/rulelog/auto/message/logdemocpupref/demo/providervideo_dletemp.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://154.18.239.212:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://d4chil.xyz/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.217.241.133/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://charsi.sbs/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://fastard.com/v6s5.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://fastard.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://whware.top/requestlowgeolongpollwordpress.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://159.138.35.116:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://328579cm.renyash.ru/vmmulti.php | DCRat botnet C2 (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainhaimasher.xyz | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainsuclub.xyz | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainecs-119-3-154-143.compute.hwclouds-dns.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainncuahsd.top | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainwww.sapress.help | ShadowPad botnet C2 domain (confidence level: 90%) | |
domainaa.charming-feistel.194-26-192-29.plesk.page | Hook botnet C2 domain (confidence level: 100%) | |
domainconsirepdi.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainapi.edureel.ai | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainchinagov.one | MooBot botnet C2 domain (confidence level: 100%) | |
domainprapor03212.ddns.net | NjRAT botnet C2 domain (confidence level: 75%) | |
domaind4chil.xyz | Vidar botnet C2 domain (confidence level: 100%) | |
domaincharsi.sbs | Vidar botnet C2 domain (confidence level: 100%) | |
domainfastard.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainabaftebeetl.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file3.68.171.119 | NjRAT botnet C2 server (confidence level: 75%) | |
file111.229.178.230 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.99.62.123 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.251.25.152 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file89.110.99.169 | Havoc botnet C2 server (confidence level: 100%) | |
file176.188.105.70 | Havoc botnet C2 server (confidence level: 100%) | |
file35.77.221.213 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file194.59.30.192 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
file1.94.234.116 | Kaiji botnet C2 server (confidence level: 100%) | |
file178.215.238.69 | Bashlite botnet C2 server (confidence level: 100%) | |
file213.136.90.188 | XWorm botnet C2 server (confidence level: 100%) | |
file185.229.9.27 | BianLian botnet C2 server (confidence level: 100%) | |
file156.224.26.96 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file27.106.119.252 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file161.35.177.212 | Sliver botnet C2 server (confidence level: 100%) | |
file192.3.238.130 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file102.117.173.224 | Unknown malware botnet C2 server (confidence level: 100%) | |
file198.167.199.230 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file64.176.162.142 | Havoc botnet C2 server (confidence level: 100%) | |
file85.31.47.75 | Venom RAT botnet C2 server (confidence level: 100%) | |
file35.95.118.9 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file54.206.65.193 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.113.63.238 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
file2.59.133.137 | Unknown malware botnet C2 server (confidence level: 100%) | |
file5.22.222.243 | Unknown malware botnet C2 server (confidence level: 100%) | |
file107.189.28.92 | Unknown malware botnet C2 server (confidence level: 100%) | |
file139.84.133.240 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.90.48.6 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.93.37.225 | Unknown malware botnet C2 server (confidence level: 100%) | |
file139.162.17.240 | Unknown malware botnet C2 server (confidence level: 100%) | |
file139.162.17.240 | Unknown malware botnet C2 server (confidence level: 100%) | |
file139.162.17.240 | Unknown malware botnet C2 server (confidence level: 100%) | |
file139.162.17.240 | Unknown malware botnet C2 server (confidence level: 100%) | |
file139.162.17.240 | Unknown malware botnet C2 server (confidence level: 100%) | |
file139.162.17.240 | Unknown malware botnet C2 server (confidence level: 100%) | |
file1.95.9.142 | Unknown malware botnet C2 server (confidence level: 100%) | |
file1.94.215.81 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.91.84.198 | Unknown malware botnet C2 server (confidence level: 100%) | |
file20.55.104.201 | Unknown malware botnet C2 server (confidence level: 100%) | |
file106.75.215.144 | Unknown malware botnet C2 server (confidence level: 100%) | |
file50.215.111.235 | Unknown malware botnet C2 server (confidence level: 100%) | |
file65.1.86.246 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.232.142.242 | Unknown malware botnet C2 server (confidence level: 100%) | |
file89.110.88.100 | Unknown malware botnet C2 server (confidence level: 100%) | |
file159.65.129.37 | Unknown malware botnet C2 server (confidence level: 100%) | |
file101.43.88.224 | Unknown malware botnet C2 server (confidence level: 100%) | |
file118.26.38.176 | Unknown malware botnet C2 server (confidence level: 100%) | |
file219.136.209.179 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.87.246.199 | Unknown malware botnet C2 server (confidence level: 100%) | |
file41.59.254.45 | Unknown malware botnet C2 server (confidence level: 100%) | |
file110.34.27.20 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.219.40.66 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.135.30.45 | Unknown malware botnet C2 server (confidence level: 100%) | |
file147.185.221.24 | NjRAT botnet C2 server (confidence level: 100%) | |
file154.18.239.212 | Unknown malware botnet C2 server (confidence level: 100%) | |
file113.44.75.176 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file48.210.29.251 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.92.81.162 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.98.175.179 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.222.59.8 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.104.30.45 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.139.204.206 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file60.188.59.126 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file3.114.169.53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.140.60.23 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file5.252.153.32 | Hook botnet C2 server (confidence level: 100%) | |
file194.26.192.29 | Hook botnet C2 server (confidence level: 100%) | |
file194.26.192.29 | Hook botnet C2 server (confidence level: 100%) | |
file136.144.160.175 | Havoc botnet C2 server (confidence level: 100%) | |
file13.244.61.79 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file144.48.8.243 | Kaiji botnet C2 server (confidence level: 100%) | |
file178.215.238.36 | Bashlite botnet C2 server (confidence level: 100%) | |
file185.193.48.92 | BianLian botnet C2 server (confidence level: 100%) | |
file185.196.9.67 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file87.120.120.7 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file154.198.49.151 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file82.156.0.140 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.244.19.46 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file110.42.232.120 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.100.130.85 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file113.44.37.89 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file157.245.146.223 | Unknown malware botnet C2 server (confidence level: 100%) | |
file198.167.199.208 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file43.204.112.34 | Havoc botnet C2 server (confidence level: 100%) | |
file50.18.195.138 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.134.212.77 | Unknown malware botnet C2 server (confidence level: 100%) | |
file85.209.133.91 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
file134.122.155.90 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file85.239.34.134 | Bashlite botnet C2 server (confidence level: 75%) | |
file158.140.133.56 | Responder botnet C2 server (confidence level: 50%) | |
file18.198.77.177 | NjRAT botnet C2 server (confidence level: 75%) | |
file52.28.112.211 | NjRAT botnet C2 server (confidence level: 75%) | |
file116.203.8.178 | Vidar botnet C2 server (confidence level: 100%) | |
file95.217.241.133 | Vidar botnet C2 server (confidence level: 100%) | |
file116.203.14.4 | Vidar botnet C2 server (confidence level: 100%) | |
file62.76.233.246 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file159.138.151.224 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.92.206.168 | Unknown malware botnet C2 server (confidence level: 100%) | |
file85.108.110.41 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file85.108.110.41 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file165.154.32.94 | Havoc botnet C2 server (confidence level: 100%) | |
file3.226.113.51 | Havoc botnet C2 server (confidence level: 100%) | |
file3.226.113.51 | Havoc botnet C2 server (confidence level: 100%) | |
file194.26.192.42 | Venom RAT botnet C2 server (confidence level: 100%) | |
file147.45.45.2 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
file159.100.17.87 | MooBot botnet C2 server (confidence level: 100%) | |
file147.185.221.18 | NjRAT botnet C2 server (confidence level: 100%) | |
file123.56.43.176 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.56.43.176 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file152.32.201.202 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file212.34.131.71 | Remcos botnet C2 server (confidence level: 100%) | |
file49.113.76.153 | Unknown malware botnet C2 server (confidence level: 100%) | |
file62.133.61.124 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file192.238.134.73 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file192.238.134.73 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file192.238.134.73 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.216.68.189 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file165.232.75.214 | Havoc botnet C2 server (confidence level: 100%) | |
file172.94.30.35 | Havoc botnet C2 server (confidence level: 100%) | |
file173.46.80.137 | Unknown malware botnet C2 server (confidence level: 100%) | |
file166.108.226.235 | Vshell botnet C2 server (confidence level: 100%) | |
file147.45.78.8 | Meduza Stealer botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash11145 | NjRAT botnet C2 server (confidence level: 75%) | |
hash50040 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2096 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash389 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
hash808 | Kaiji botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash8081 | XWorm botnet C2 server (confidence level: 100%) | |
hash993 | BianLian botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash2095 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash19132 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash5060 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash49502 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash83 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
hash1337 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4430 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash51 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash564 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash63981 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash50580 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash56522 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2053 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash465 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4224 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash37290 | NjRAT botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8009 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8099 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash40056 | Havoc botnet C2 server (confidence level: 100%) | |
hash50001 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash808 | Kaiji botnet C2 server (confidence level: 100%) | |
hash1337 | Bashlite botnet C2 server (confidence level: 100%) | |
hash4675 | BianLian botnet C2 server (confidence level: 100%) | |
hash80 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1912 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash6666 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5555 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4567 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8773 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash19132 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
hash9091 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash6666 | Bashlite botnet C2 server (confidence level: 75%) | |
hash8090 | Responder botnet C2 server (confidence level: 50%) | |
hash17275 | NjRAT botnet C2 server (confidence level: 75%) | |
hash17275 | NjRAT botnet C2 server (confidence level: 75%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2003 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash9090 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash80 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash42876 | NjRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2086 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash446 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash56003 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash56004 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash56005 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash2077 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash2323 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash9301 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash12238 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash20786 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash529 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash1883 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash6000 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8006 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8812 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash50995 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash631 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash57689 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash3425 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash5432 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash623 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash9090 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash44818 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash51005 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash24301 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash48597 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash63023 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash2000 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash2455 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash16992 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash58877 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash1098 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash5984 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash6334 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash9000 | Havoc botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8082 | Vshell botnet C2 server (confidence level: 100%) | |
hash80 | Meduza Stealer botnet C2 server (confidence level: 100%) |
Threat ID: 682c7dc4e8347ec82d2eab77
Added to database: 5/20/2025, 1:04:04 PM
Last enriched: 6/19/2025, 3:33:19 PM
Last updated: 8/6/2025, 10:44:16 AM
Views: 10
Related Threats
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumThreatFox IOCs for 2025-08-15
MediumThreat Actor Profile: Interlock Ransomware
Medium'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumKawabunga, Dude, You've Been Ransomed!
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.