ThreatFox IOCs for 2024-12-27
Severity: mediumType: malware
ThreatFox IOCs for 2024-12-27
AI Analysis
Technical Summary
The provided information pertains to a malware-related threat identified as 'ThreatFox IOCs for 2024-12-27,' sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under 'type:osint,' indicating that it primarily involves open-source intelligence techniques or data. No specific affected software versions or products are listed, and no direct exploits are currently known to be active in the wild. The technical details assign a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination potential but limited immediate impact or sophistication. The absence of concrete indicators or CWEs (Common Weakness Enumerations) limits the ability to pinpoint exact attack vectors or malware capabilities. The threat is tagged with TLP:WHITE, indicating that the information is intended for public sharing without restrictions. Overall, this appears to be an intelligence report summarizing IOCs related to malware activity without detailing a specific vulnerability or exploit, serving as a resource for situational awareness rather than an alert about an active, high-risk threat.
Potential Impact
For European organizations, the impact of this threat is currently assessed as medium, reflecting the moderate threat level and distribution potential. Since no specific affected products or versions are identified, the direct risk to confidentiality, integrity, or availability is uncertain but likely limited at this stage. However, the dissemination of malware-related IOCs can aid attackers in refining their tactics or enable defenders to enhance detection capabilities. Organizations relying heavily on OSINT tools or platforms similar to those referenced may face increased exposure if related malware campaigns evolve. The lack of known active exploits reduces immediate risk, but the presence of distributed IOCs suggests ongoing reconnaissance or preparatory activity that could precede targeted attacks. European entities involved in critical infrastructure, finance, or government sectors should remain vigilant, as these sectors are frequent targets of malware campaigns leveraging OSINT for reconnaissance and initial access.
Mitigation Recommendations
Given the nature of this threat as an OSINT-related malware IOC report without specific vulnerabilities, mitigation should focus on enhancing detection and response capabilities rather than patching. Organizations should: 1) Integrate updated IOCs from ThreatFox and similar platforms into their Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to improve early detection of related malware activity. 2) Conduct regular threat hunting exercises using the latest OSINT-derived indicators to identify potential compromises. 3) Harden OSINT and intelligence gathering tools by restricting access, applying least privilege principles, and monitoring for unusual activity. 4) Educate security teams on the evolving threat landscape related to OSINT-based malware to improve incident response readiness. 5) Collaborate with national and European cybersecurity centers to share intelligence and receive timely updates on emerging threats. These steps go beyond generic advice by emphasizing proactive intelligence integration and operational readiness tailored to OSINT-related malware threats.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- domain: enethost.com
- url: https://enethost.com/2w3e.js
- domain: amcikressimleri.xyz
- url: https://amcikressimleri.xyz/work/original.js
- url: https://amcikressimleri.xyz/work/download.php
- url: https://amcikressimleri.xyz/work/index.php
- url: https://enethost.com/js.php
- domain: klipnogijuu.shop
- domain: mindhandru.buzz
- file: 37.202.222.79
- hash: 3778
- url: https://kirmizibeyazfiltre.com/mwqxmmuxnmeyymu4/
- url: https://varburalar436.top/owrmm2uzmtbinjg4/
- file: 203.104.42.154
- hash: 4443
- file: 82.153.138.40
- hash: 31337
- file: 141.164.49.53
- hash: 8443
- file: 185.158.251.61
- hash: 8888
- file: 116.203.178.175
- hash: 5555
- file: 128.90.59.155
- hash: 7070
- file: 3.15.238.173
- hash: 16339
- file: 3.78.220.221
- hash: 2086
- file: 80.76.49.171
- hash: 80
- file: 87.120.112.234
- hash: 80
- domain: unitedkingdomdiplomat.org
- file: 82.157.76.20
- hash: 9907
- file: 212.227.63.113
- hash: 59666
- domain: plutoc2.site
- url: http://185.43.5.145/serveruniversaluploadsdatalife/voiddb/cpupython/localdefaultsecuremariadb/local/updategame/providereternalpacketupdatebigloaddefaultbaselinux.php
- file: 3.107.99.202
- hash: 80
- file: 3.107.99.202
- hash: 443
- file: 101.200.144.181
- hash: 8888
- file: 47.76.203.143
- hash: 8089
- file: 198.167.199.137
- hash: 19132
- file: 188.68.229.55
- hash: 80
- file: 80.76.49.97
- hash: 80
- file: 52.150.237.12
- hash: 80
- domain: www.sofakingclean.pro
- url: https://begguinnerz.biz/api
- url: http://93.123.39.135/129edec4272dc2c8.php
- url: http://193.233.74.31/13cecbdad86667b0.php
- file: 194.87.254.64
- hash: 443
- domain: www.micheeasodh.top
- domain: 107-172-159-50-host.colocrossing.com
- file: 147.135.209.16
- hash: 443
- file: 107.174.252.107
- hash: 60000
- file: 43.138.150.207
- hash: 60000
- file: 23.247.130.245
- hash: 60000
- file: 101.200.144.181
- hash: 60000
- file: 81.0.219.234
- hash: 443
- file: 122.51.155.123
- hash: 8080
- file: 3.249.185.44
- hash: 3333
- file: 165.232.84.215
- hash: 1337
- file: 48.209.82.226
- hash: 3333
- file: 204.13.237.238
- hash: 3333
- file: 43.139.243.122
- hash: 3333
- file: 3.80.129.13
- hash: 3636
- file: 40.71.229.202
- hash: 8081
- file: 44.202.0.60
- hash: 3333
- file: 52.51.113.126
- hash: 3333
- file: 79.107.142.160
- hash: 995
- file: 202.79.172.47
- hash: 7259
- file: 185.228.82.21
- hash: 4782
- url: https://t.me/k04aelv
- domain: pinlateofficial.xyz
- file: 154.83.31.183
- hash: 6666
- domain: begguinnerz.biz
- domain: tubnzy3uvz.top
- file: 154.213.190.241
- hash: 1791
- domain: awake-weaves.cyou
- domain: lev-tolstoi.com
- domain: peelyitemsn.click
- domain: sordid-snaked.cyou
- domain: wrathful-jammy.cyou
- url: https://awake-weaves.cyou/api
- url: https://lev-tolstoi.com/api
- url: https://peelyitemsn.click/api
- url: https://sordid-snaked.cyou/api
- url: https://wrathful-jammy.cyou/api
- domain: volcanohushe.click
- url: https://volcanohushe.click/api
- domain: wellofflyric.click
- url: https://klipsyzogey.shop/api
- url: https://wellofflyric.click/api
- url: https://aspecteirs.lat/api
- url: https://breezysmiterz.click/api
- url: https://crosshuaht.lat/api
- url: https://discokeyus.lat/api
- url: https://energyaffai.lat/api
- url: https://grannyejh.lat/api
- url: https://lev-tolstoi.com/api
- url: https://necklacebudi.lat/api
- url: https://rapeflowwj.lat/api
- url: https://sustainskelet.lat/api
- domain: breezysmiterz.click
- domain: lev-tolstoi.com
- domain: chillysalvagk.click
- domain: lev-tolstoi.com
- url: https://chillysalvagk.click/api
- url: https://lev-tolstoi.com/api
- url: https://hollowrefuz.click/api
- domain: hollowrefuz.click
- domain: ladybughge.click
- domain: lev-tolstoi.com
- domain: pickduccker.click
- domain: tougheryer.click
- url: https://ladybughge.click/api
- url: https://lev-tolstoi.com/api
- url: https://pickduccker.click/api
- url: https://tougheryer.click/api
- file: 118.107.44.112
- hash: 18091
- domain: digoperonodice3.online
- file: 18.167.52.240
- hash: 6666
- file: 47.103.75.89
- hash: 6666
- file: 152.32.201.202
- hash: 443
- file: 83.229.122.83
- hash: 443
- file: 198.181.32.32
- hash: 80
- file: 89.117.72.46
- hash: 80
- file: 192.238.134.76
- hash: 56003
- file: 192.238.134.76
- hash: 56004
- file: 113.44.37.89
- hash: 81
- file: 192.238.134.76
- hash: 56005
- file: 106.54.207.245
- hash: 443
- domain: s0licitud-virtual-enlinea.top
- file: 103.30.40.70
- hash: 443
- domain: www.t1p9jbex8g.silentlegion.duckdns.org
- file: 154.37.219.91
- hash: 443
- file: 115.120.210.236
- hash: 8090
- file: 120.194.219.28
- hash: 7777
- file: 118.195.154.247
- hash: 80
- domain: fa5lt.xyz
- url: https://fa5lt.xyz/
- file: 103.199.100.97
- hash: 8080
- domain: v-tamin.lol
- file: 156.224.26.128
- hash: 6666
- file: 3.71.225.231
- hash: 19331
- file: 18.192.31.30
- hash: 19331
- file: 118.107.44.219
- hash: 19091
- file: 137.175.124.48
- hash: 80
- file: 120.53.236.231
- hash: 8080
- file: 123.57.193.212
- hash: 6666
- file: 123.57.193.212
- hash: 7777
- file: 155.94.204.229
- hash: 9999
- file: 111.90.147.138
- hash: 2404
- file: 102.117.160.161
- hash: 7443
- file: 40.76.116.9
- hash: 4444
- file: 198.167.199.200
- hash: 19132
- file: 146.19.254.74
- hash: 3333
- file: 104.225.129.101
- hash: 35247
- domain: home.fortth14ht.top
- domain: fortth14ht.top
- url: https://potentie24nl.xyz/work/mmmm.zip
- domain: potentie24nl.xyz
- domain: eldercity.xyz
- url: https://eldercity.xyz/work/original.js
- url: https://eldercity.xyz/work/index.php
- url: https://eldercity.xyz/work/download.php
- domain: discoves.com
- url: https://discoves.com/6yje.js
- url: https://discoves.com/js.php
- domain: kl-219.040-241.qualityplusbuilders.com
- url: https://kl-219.040-241.qualityplusbuilders.com/work/original.js
- url: https://kl-219.040-241.qualityplusbuilders.com/work/download.php
- url: https://kl-219.040-241.qualityplusbuilders.com/work/index.php
- domain: zmdb.lievartmens.eu.com
- url: https://zmdb.lievartmens.eu.com/work/original.js
- url: https://zmdb.lievartmens.eu.com/work/download.php
- url: https://zmdb.lievartmens.eu.com/work/index.php
- file: 52.28.112.211
- hash: 18952
- file: 3.121.139.82
- hash: 18952
- url: http://mbuz73hb7z3.top/1.php
- file: 194.59.30.69
- hash: 16589
- domain: awake-weaves.cyou
- domain: itsrevolutionmagnus.xyz
- domain: lev-tolstoi.com
- domain: sordid-snaked.cyou
- domain: wrathful-jammy.cyou
- url: https://awake-weaves.cyou/api
- url: https://itsrevolutionmagnus.xyz/api
- url: https://lev-tolstoi.com/api
- url: https://sordid-snaked.cyou/api
- url: https://wrathful-jammy.cyou/api
- url: https://lev-tolstoi.com/api
- url: https://wetlivelky.click/api
- domain: sublime.goldmasterallstars.com
- domain: appliacnesot.buzz
- domain: cashfuzysao.buzz
- domain: hummskitnj.buzz
- domain: inherineau.buzz
- domain: lev-tolstoi.com
- domain: prisonyfork.buzz
- domain: rebuildeso.buzz
- domain: scentniej.buzz
- domain: screwamusresz.buzz
- domain: wetlivelky.click
- url: http://5.175.237.74/guruitddos/rpcsecurity.x86
- url: http://5.175.237.74/guruitddos/rpcsecurity.mips
- url: http://5.175.237.74/guruitddos/rpcsecurity.mpsl
- url: http://5.175.237.74/guruitddos/rpcsecurity.arm
- url: http://5.175.237.74/guruitddos/rpcsecurity.arm5
- url: http://5.175.237.74/guruitddos/rpcsecurity.arm6
- url: http://5.175.237.74/guruitddos/rpcsecurity.arm7
- url: http://5.175.237.74/guruitddos/rpcsecurity.ppc
- url: http://5.175.237.74/guruitddos/rpcsecurity.m68k
- url: http://5.175.237.74/guruitddos/rpcsecurity.sh4
- url: http://5.175.237.74/guruitddos/rpcsecurity.spc
- url: http://5.175.237.74/guruitddos/rpcsecurity.arc
- url: http://5.175.237.74/guruitddos/rpcsecurity.x86_64
- url: http://5.175.237.74/guruitddos3.sh
- url: https://sublime.goldmasterallstars.com/work/original.js
- hash: dabea48424778cafb411d40e3a7be0aa
- hash: 7f662812ede5182b5c29a0fbc2ea1194
- hash: d99430feacfb948d67173cd93b881da8
- hash: 45f53406574ec998c32fcdac9732e618
- hash: 63559d2751b8fa7972e8bb3c0f583075
- hash: d25a590c776a9d9399359be68a5d8369
- hash: b42000c87e42345dffd95c15b6ac2428
- hash: 909e68d7f9baf5b2c79023ca027aa132
- hash: acf3af534c08142a00aa4bada685b7be
- hash: 1c70ca073699d65f73811b7248f73147
- hash: cd019eb2c9a7126644e93fa90baf1a08
- hash: 7e83ac9f8b9ae088c5336df0d874926f
- hash: 39bff6dfbebcc7384aeffa2fa223740d
- hash: c01f89f66afa819108643774b814bfaf
- url: https://sublime.goldmasterallstars.com/work/index.php
- domain: gradefuture.click
- url: https://sublime.goldmasterallstars.com/work/download.php
- domain: walkyvulgari.click
- domain: cegu.shop
- domain: lev-tolstoi.com
- domain: covery-mover.biz
- domain: dare-curbys.biz
- domain: dwell-exclaim.biz
- domain: formy-spill.biz
- domain: impend-differ.biz
- domain: print-vexer.biz
- domain: se-blurry.biz
- domain: zinc-sneark.biz
- url: https://covery-mover.biz/api
- url: https://dare-curbys.biz/api
- url: https://dwell-exclaim.biz/api
- url: https://formy-spill.biz/api
- url: https://impend-differ.biz/api
- url: https://print-vexer.biz/api
- url: https://se-blurry.biz/api
- url: https://zinc-sneark.biz/api
- domain: freespace2384.duckdns.org
- file: 87.121.86.214
- hash: 3441
- file: 94.131.15.11
- hash: 443
- file: 3.82.48.174
- hash: 443
- file: 51.44.108.157
- hash: 443
- file: 45.82.253.140
- hash: 443
- file: 45.82.253.143
- hash: 443
- file: 95.141.41.30
- hash: 3028
- file: 5.34.180.183
- hash: 3028
- file: 178.215.236.192
- hash: 443
- file: 5.34.180.195
- hash: 443
- file: 5.34.180.195
- hash: 3028
- file: 95.141.41.9
- hash: 443
- file: 95.141.41.9
- hash: 2818
- file: 95.141.41.9
- hash: 8123
- file: 95.141.41.9
- hash: 8888
- file: 193.149.129.63
- hash: 3028
- file: 207.148.81.243
- hash: 3028
- file: 156.233.225.39
- hash: 3028
- file: 66.63.187.111
- hash: 443
- file: 66.63.187.111
- hash: 3028
- domain: lonylexpedn.my
- domain: commentbeseeh.click
- domain: ganhogosi.xyz
- url: https://ganhogosi.xyz/work/original.js
- url: https://ganhogosi.xyz/work/download.php
- url: https://ganhogosi.xyz/work/index.php
- domain: 123-hame.xyz
- url: https://123-hame.xyz/work/original.js
- url: https://123-hame.xyz/work/download.php
- url: https://123-hame.xyz/work/index.php
- domain: cobolrationumelawrtewarms.com
- file: 47.92.92.78
- hash: 8888
- file: 87.120.84.56
- hash: 2404
- file: 185.241.208.87
- hash: 2404
- file: 45.200.148.209
- hash: 80
- file: 88.243.27.104
- hash: 5000
- file: 35.85.152.199
- hash: 623
- file: 35.85.152.199
- hash: 8773
- file: 102.96.189.112
- hash: 443
- file: 54.75.221.101
- hash: 1098
- file: 18.209.65.151
- hash: 4444
- url: http://a1067345.xsph.ru/l1nc0in.php
- file: 181.71.216.203
- hash: 3020
- file: 15.206.66.46
- hash: 443
- file: 103.74.192.183
- hash: 443
- file: 103.74.192.183
- hash: 5555
- file: 113.44.153.158
- hash: 8888
- file: 111.90.147.138
- hash: 8080
- file: 34.96.239.183
- hash: 443
- file: 51.44.82.197
- hash: 443
- file: 93.233.127.42
- hash: 51124
- file: 165.232.164.245
- hash: 443
- file: 91.227.18.174
- hash: 443
- file: 18.130.15.97
- hash: 1521
- file: 43.207.32.128
- hash: 119
- file: 65.49.204.212
- hash: 80
- file: 154.213.190.251
- hash: 80
ThreatFox IOCs for 2024-12-27
Medium
Published: Fri Dec 27 2024 (12/27/2024, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2024-12-27
AI-Powered Analysis
AILast updated: 06/19/2025, 15:47:44 UTC
Technical Analysis
The provided information pertains to a malware-related threat identified as 'ThreatFox IOCs for 2024-12-27,' sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under 'type:osint,' indicating that it primarily involves open-source intelligence techniques or data. No specific affected software versions or products are listed, and no direct exploits are currently known to be active in the wild. The technical details assign a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination potential but limited immediate impact or sophistication. The absence of concrete indicators or CWEs (Common Weakness Enumerations) limits the ability to pinpoint exact attack vectors or malware capabilities. The threat is tagged with TLP:WHITE, indicating that the information is intended for public sharing without restrictions. Overall, this appears to be an intelligence report summarizing IOCs related to malware activity without detailing a specific vulnerability or exploit, serving as a resource for situational awareness rather than an alert about an active, high-risk threat.
Potential Impact
For European organizations, the impact of this threat is currently assessed as medium, reflecting the moderate threat level and distribution potential. Since no specific affected products or versions are identified, the direct risk to confidentiality, integrity, or availability is uncertain but likely limited at this stage. However, the dissemination of malware-related IOCs can aid attackers in refining their tactics or enable defenders to enhance detection capabilities. Organizations relying heavily on OSINT tools or platforms similar to those referenced may face increased exposure if related malware campaigns evolve. The lack of known active exploits reduces immediate risk, but the presence of distributed IOCs suggests ongoing reconnaissance or preparatory activity that could precede targeted attacks. European entities involved in critical infrastructure, finance, or government sectors should remain vigilant, as these sectors are frequent targets of malware campaigns leveraging OSINT for reconnaissance and initial access.
Mitigation Recommendations
Given the nature of this threat as an OSINT-related malware IOC report without specific vulnerabilities, mitigation should focus on enhancing detection and response capabilities rather than patching. Organizations should: 1) Integrate updated IOCs from ThreatFox and similar platforms into their Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to improve early detection of related malware activity. 2) Conduct regular threat hunting exercises using the latest OSINT-derived indicators to identify potential compromises. 3) Harden OSINT and intelligence gathering tools by restricting access, applying least privilege principles, and monitoring for unusual activity. 4) Educate security teams on the evolving threat landscape related to OSINT-based malware to improve incident response readiness. 5) Collaborate with national and European cybersecurity centers to share intelligence and receive timely updates on emerging threats. These steps go beyond generic advice by emphasizing proactive intelligence integration and operational readiness tailored to OSINT-related malware threats.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- ddfc678e-38bc-4e01-ab60-b7d54ea03375
- Original Timestamp
- 1735344188
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainenethost.com | FAKEUPDATES payload delivery domain (confidence level: 75%) | |
domainamcikressimleri.xyz | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainklipnogijuu.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmindhandru.buzz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainunitedkingdomdiplomat.org | Matanbuchus botnet C2 domain (confidence level: 75%) | |
domainplutoc2.site | Mirai botnet C2 domain (confidence level: 75%) | |
domainwww.sofakingclean.pro | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainwww.micheeasodh.top | ShadowPad botnet C2 domain (confidence level: 90%) | |
domain107-172-159-50-host.colocrossing.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainpinlateofficial.xyz | Azorult botnet C2 domain (confidence level: 100%) | |
domainbegguinnerz.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintubnzy3uvz.top | Unknown malware payload delivery domain (confidence level: 100%) | |
domainawake-weaves.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainlev-tolstoi.com | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpeelyitemsn.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsordid-snaked.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwrathful-jammy.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainvolcanohushe.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwellofflyric.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbreezysmiterz.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainlev-tolstoi.com | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainchillysalvagk.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainlev-tolstoi.com | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhollowrefuz.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainladybughge.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainlev-tolstoi.com | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpickduccker.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintougheryer.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindigoperonodice3.online | Azorult botnet C2 domain (confidence level: 100%) | |
domains0licitud-virtual-enlinea.top | Meduza Stealer botnet C2 domain (confidence level: 100%) | |
domainwww.t1p9jbex8g.silentlegion.duckdns.org | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainfa5lt.xyz | Vidar botnet C2 domain (confidence level: 100%) | |
domainv-tamin.lol | Vidar botnet C2 domain (confidence level: 100%) | |
domainhome.fortth14ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfortth14ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainpotentie24nl.xyz | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaineldercity.xyz | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaindiscoves.com | FAKEUPDATES payload delivery domain (confidence level: 75%) | |
domainkl-219.040-241.qualityplusbuilders.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainzmdb.lievartmens.eu.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainawake-weaves.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainitsrevolutionmagnus.xyz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainlev-tolstoi.com | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsordid-snaked.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwrathful-jammy.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsublime.goldmasterallstars.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainappliacnesot.buzz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincashfuzysao.buzz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhummskitnj.buzz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaininherineau.buzz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainlev-tolstoi.com | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainprisonyfork.buzz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainrebuildeso.buzz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainscentniej.buzz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainscrewamusresz.buzz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwetlivelky.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingradefuture.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwalkyvulgari.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincegu.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainlev-tolstoi.com | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincovery-mover.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindare-curbys.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindwell-exclaim.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainformy-spill.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainimpend-differ.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainprint-vexer.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainse-blurry.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainzinc-sneark.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfreespace2384.duckdns.org | DarkVision RAT botnet C2 domain (confidence level: 100%) | |
domainlonylexpedn.my | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincommentbeseeh.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainganhogosi.xyz | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domain123-hame.xyz | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaincobolrationumelawrtewarms.com | Amadey botnet C2 domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://enethost.com/2w3e.js | FAKEUPDATES payload delivery URL (confidence level: 75%) | |
urlhttps://amcikressimleri.xyz/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://amcikressimleri.xyz/work/download.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://amcikressimleri.xyz/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://enethost.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://kirmizibeyazfiltre.com/mwqxmmuxnmeyymu4/ | Coper botnet C2 (confidence level: 100%) | |
urlhttps://varburalar436.top/owrmm2uzmtbinjg4/ | Coper botnet C2 (confidence level: 100%) | |
urlhttp://185.43.5.145/serveruniversaluploadsdatalife/voiddb/cpupython/localdefaultsecuremariadb/local/updategame/providereternalpacketupdatebigloaddefaultbaselinux.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://begguinnerz.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://93.123.39.135/129edec4272dc2c8.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://193.233.74.31/13cecbdad86667b0.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttps://t.me/k04aelv | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://awake-weaves.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://lev-tolstoi.com/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://peelyitemsn.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://sordid-snaked.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://wrathful-jammy.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://volcanohushe.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://klipsyzogey.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://wellofflyric.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://aspecteirs.lat/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://breezysmiterz.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://crosshuaht.lat/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://discokeyus.lat/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://energyaffai.lat/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://grannyejh.lat/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://lev-tolstoi.com/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://necklacebudi.lat/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://rapeflowwj.lat/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://sustainskelet.lat/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://chillysalvagk.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://lev-tolstoi.com/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://hollowrefuz.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://ladybughge.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://lev-tolstoi.com/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://pickduccker.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://tougheryer.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://fa5lt.xyz/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://potentie24nl.xyz/work/mmmm.zip | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://eldercity.xyz/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://eldercity.xyz/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://eldercity.xyz/work/download.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://discoves.com/6yje.js | FAKEUPDATES payload delivery URL (confidence level: 75%) | |
urlhttps://discoves.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 75%) | |
urlhttps://kl-219.040-241.qualityplusbuilders.com/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://kl-219.040-241.qualityplusbuilders.com/work/download.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://kl-219.040-241.qualityplusbuilders.com/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://zmdb.lievartmens.eu.com/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://zmdb.lievartmens.eu.com/work/download.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://zmdb.lievartmens.eu.com/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://mbuz73hb7z3.top/1.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://awake-weaves.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://itsrevolutionmagnus.xyz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://lev-tolstoi.com/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://sordid-snaked.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://wrathful-jammy.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://lev-tolstoi.com/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://wetlivelky.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://5.175.237.74/guruitddos/rpcsecurity.x86 | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://5.175.237.74/guruitddos/rpcsecurity.mips | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://5.175.237.74/guruitddos/rpcsecurity.mpsl | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://5.175.237.74/guruitddos/rpcsecurity.arm | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://5.175.237.74/guruitddos/rpcsecurity.arm5 | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://5.175.237.74/guruitddos/rpcsecurity.arm6 | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://5.175.237.74/guruitddos/rpcsecurity.arm7 | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://5.175.237.74/guruitddos/rpcsecurity.ppc | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://5.175.237.74/guruitddos/rpcsecurity.m68k | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://5.175.237.74/guruitddos/rpcsecurity.sh4 | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://5.175.237.74/guruitddos/rpcsecurity.spc | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://5.175.237.74/guruitddos/rpcsecurity.arc | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://5.175.237.74/guruitddos/rpcsecurity.x86_64 | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://5.175.237.74/guruitddos3.sh | Mirai payload delivery URL (confidence level: 75%) | |
urlhttps://sublime.goldmasterallstars.com/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://sublime.goldmasterallstars.com/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://sublime.goldmasterallstars.com/work/download.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://covery-mover.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://dare-curbys.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://dwell-exclaim.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://formy-spill.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://impend-differ.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://print-vexer.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://se-blurry.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://zinc-sneark.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://ganhogosi.xyz/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://ganhogosi.xyz/work/download.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://ganhogosi.xyz/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://123-hame.xyz/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://123-hame.xyz/work/download.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://123-hame.xyz/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://a1067345.xsph.ru/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file37.202.222.79 | Mirai botnet C2 server (confidence level: 75%) | |
file203.104.42.154 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file82.153.138.40 | Sliver botnet C2 server (confidence level: 100%) | |
file141.164.49.53 | ShadowPad botnet C2 server (confidence level: 90%) | |
file185.158.251.61 | Unknown malware botnet C2 server (confidence level: 100%) | |
file116.203.178.175 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.59.155 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file3.15.238.173 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file3.78.220.221 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file80.76.49.171 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
file87.120.112.234 | MooBot botnet C2 server (confidence level: 100%) | |
file82.157.76.20 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file212.227.63.113 | Mirai botnet C2 server (confidence level: 75%) | |
file3.107.99.202 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file3.107.99.202 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.200.144.181 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.76.203.143 | Hook botnet C2 server (confidence level: 100%) | |
file198.167.199.137 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file188.68.229.55 | Havoc botnet C2 server (confidence level: 100%) | |
file80.76.49.97 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
file52.150.237.12 | MooBot botnet C2 server (confidence level: 100%) | |
file194.87.254.64 | Sliver botnet C2 server (confidence level: 90%) | |
file147.135.209.16 | Unknown malware botnet C2 server (confidence level: 100%) | |
file107.174.252.107 | Unknown malware botnet C2 server (confidence level: 100%) | |
file43.138.150.207 | Unknown malware botnet C2 server (confidence level: 100%) | |
file23.247.130.245 | Unknown malware botnet C2 server (confidence level: 100%) | |
file101.200.144.181 | Unknown malware botnet C2 server (confidence level: 100%) | |
file81.0.219.234 | Unknown malware botnet C2 server (confidence level: 100%) | |
file122.51.155.123 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.249.185.44 | Unknown malware botnet C2 server (confidence level: 100%) | |
file165.232.84.215 | Unknown malware botnet C2 server (confidence level: 100%) | |
file48.209.82.226 | Unknown malware botnet C2 server (confidence level: 100%) | |
file204.13.237.238 | Unknown malware botnet C2 server (confidence level: 100%) | |
file43.139.243.122 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.80.129.13 | Unknown malware botnet C2 server (confidence level: 100%) | |
file40.71.229.202 | Unknown malware botnet C2 server (confidence level: 100%) | |
file44.202.0.60 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.51.113.126 | Unknown malware botnet C2 server (confidence level: 100%) | |
file79.107.142.160 | QakBot botnet C2 server (confidence level: 100%) | |
file202.79.172.47 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file185.228.82.21 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file154.83.31.183 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file154.213.190.241 | Mirai botnet C2 server (confidence level: 75%) | |
file118.107.44.112 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file18.167.52.240 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file47.103.75.89 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file152.32.201.202 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file83.229.122.83 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file198.181.32.32 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file89.117.72.46 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file192.238.134.76 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file192.238.134.76 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file113.44.37.89 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file192.238.134.76 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file106.54.207.245 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.30.40.70 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.37.219.91 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file115.120.210.236 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.194.219.28 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.195.154.247 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.199.100.97 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file156.224.26.128 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file3.71.225.231 | NjRAT botnet C2 server (confidence level: 75%) | |
file18.192.31.30 | NjRAT botnet C2 server (confidence level: 75%) | |
file118.107.44.219 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file137.175.124.48 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.53.236.231 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.57.193.212 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.57.193.212 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file155.94.204.229 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.90.147.138 | Remcos botnet C2 server (confidence level: 100%) | |
file102.117.160.161 | Unknown malware botnet C2 server (confidence level: 100%) | |
file40.76.116.9 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file198.167.199.200 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file146.19.254.74 | Unknown malware botnet C2 server (confidence level: 100%) | |
file104.225.129.101 | BianLian botnet C2 server (confidence level: 100%) | |
file52.28.112.211 | NjRAT botnet C2 server (confidence level: 75%) | |
file3.121.139.82 | NjRAT botnet C2 server (confidence level: 75%) | |
file194.59.30.69 | XenoRAT botnet C2 server (confidence level: 100%) | |
file87.121.86.214 | DarkVision RAT botnet C2 server (confidence level: 75%) | |
file94.131.15.11 | DanaBot botnet C2 server (confidence level: 100%) | |
file3.82.48.174 | DanaBot botnet C2 server (confidence level: 100%) | |
file51.44.108.157 | DanaBot botnet C2 server (confidence level: 100%) | |
file45.82.253.140 | DanaBot botnet C2 server (confidence level: 100%) | |
file45.82.253.143 | DanaBot botnet C2 server (confidence level: 100%) | |
file95.141.41.30 | Coper botnet C2 server (confidence level: 100%) | |
file5.34.180.183 | Coper botnet C2 server (confidence level: 100%) | |
file178.215.236.192 | Coper botnet C2 server (confidence level: 100%) | |
file5.34.180.195 | Coper botnet C2 server (confidence level: 100%) | |
file5.34.180.195 | Coper botnet C2 server (confidence level: 100%) | |
file95.141.41.9 | Coper botnet C2 server (confidence level: 100%) | |
file95.141.41.9 | Coper botnet C2 server (confidence level: 100%) | |
file95.141.41.9 | Coper botnet C2 server (confidence level: 100%) | |
file95.141.41.9 | Coper botnet C2 server (confidence level: 100%) | |
file193.149.129.63 | Coper botnet C2 server (confidence level: 100%) | |
file207.148.81.243 | Coper botnet C2 server (confidence level: 100%) | |
file156.233.225.39 | Coper botnet C2 server (confidence level: 100%) | |
file66.63.187.111 | Coper botnet C2 server (confidence level: 100%) | |
file66.63.187.111 | Coper botnet C2 server (confidence level: 100%) | |
file47.92.92.78 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file87.120.84.56 | Remcos botnet C2 server (confidence level: 100%) | |
file185.241.208.87 | Remcos botnet C2 server (confidence level: 100%) | |
file45.200.148.209 | Hook botnet C2 server (confidence level: 100%) | |
file88.243.27.104 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file35.85.152.199 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file35.85.152.199 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file102.96.189.112 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file54.75.221.101 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file18.209.65.151 | Meterpreter botnet C2 server (confidence level: 100%) | |
file181.71.216.203 | Remcos botnet C2 server (confidence level: 100%) | |
file15.206.66.46 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.74.192.183 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.74.192.183 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file113.44.153.158 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.90.147.138 | Remcos botnet C2 server (confidence level: 100%) | |
file34.96.239.183 | Sliver botnet C2 server (confidence level: 100%) | |
file51.44.82.197 | Sliver botnet C2 server (confidence level: 100%) | |
file93.233.127.42 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file165.232.164.245 | Havoc botnet C2 server (confidence level: 100%) | |
file91.227.18.174 | Orcus RAT botnet C2 server (confidence level: 100%) | |
file18.130.15.97 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file43.207.32.128 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file65.49.204.212 | Nimplant botnet C2 server (confidence level: 100%) | |
file154.213.190.251 | MooBot botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash3778 | Mirai botnet C2 server (confidence level: 75%) | |
hash4443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash8443 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5555 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7070 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash16339 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash2086 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash9907 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash59666 | Mirai botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash19132 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 90%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1337 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3636 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8081 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash995 | QakBot botnet C2 server (confidence level: 100%) | |
hash7259 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash1791 | Mirai botnet C2 server (confidence level: 75%) | |
hash18091 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash6666 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash56003 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash56004 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash56005 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8090 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash19331 | NjRAT botnet C2 server (confidence level: 75%) | |
hash19331 | NjRAT botnet C2 server (confidence level: 75%) | |
hash19091 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6666 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4444 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash19132 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash35247 | BianLian botnet C2 server (confidence level: 100%) | |
hash18952 | NjRAT botnet C2 server (confidence level: 75%) | |
hash18952 | NjRAT botnet C2 server (confidence level: 75%) | |
hash16589 | XenoRAT botnet C2 server (confidence level: 100%) | |
hashdabea48424778cafb411d40e3a7be0aa | Mirai payload (confidence level: 75%) | |
hash7f662812ede5182b5c29a0fbc2ea1194 | Mirai payload (confidence level: 75%) | |
hashd99430feacfb948d67173cd93b881da8 | Mirai payload (confidence level: 75%) | |
hash45f53406574ec998c32fcdac9732e618 | Mirai payload (confidence level: 75%) | |
hash63559d2751b8fa7972e8bb3c0f583075 | Mirai payload (confidence level: 75%) | |
hashd25a590c776a9d9399359be68a5d8369 | Mirai payload (confidence level: 75%) | |
hashb42000c87e42345dffd95c15b6ac2428 | Mirai payload (confidence level: 75%) | |
hash909e68d7f9baf5b2c79023ca027aa132 | Mirai payload (confidence level: 75%) | |
hashacf3af534c08142a00aa4bada685b7be | Mirai payload (confidence level: 75%) | |
hash1c70ca073699d65f73811b7248f73147 | Mirai payload (confidence level: 75%) | |
hashcd019eb2c9a7126644e93fa90baf1a08 | Mirai payload (confidence level: 75%) | |
hash7e83ac9f8b9ae088c5336df0d874926f | Mirai payload (confidence level: 75%) | |
hash39bff6dfbebcc7384aeffa2fa223740d | Mirai payload (confidence level: 75%) | |
hashc01f89f66afa819108643774b814bfaf | Mirai payload (confidence level: 75%) | |
hash3441 | DarkVision RAT botnet C2 server (confidence level: 75%) | |
hash443 | DanaBot botnet C2 server (confidence level: 100%) | |
hash443 | DanaBot botnet C2 server (confidence level: 100%) | |
hash443 | DanaBot botnet C2 server (confidence level: 100%) | |
hash443 | DanaBot botnet C2 server (confidence level: 100%) | |
hash443 | DanaBot botnet C2 server (confidence level: 100%) | |
hash3028 | Coper botnet C2 server (confidence level: 100%) | |
hash3028 | Coper botnet C2 server (confidence level: 100%) | |
hash443 | Coper botnet C2 server (confidence level: 100%) | |
hash443 | Coper botnet C2 server (confidence level: 100%) | |
hash3028 | Coper botnet C2 server (confidence level: 100%) | |
hash443 | Coper botnet C2 server (confidence level: 100%) | |
hash2818 | Coper botnet C2 server (confidence level: 100%) | |
hash8123 | Coper botnet C2 server (confidence level: 100%) | |
hash8888 | Coper botnet C2 server (confidence level: 100%) | |
hash3028 | Coper botnet C2 server (confidence level: 100%) | |
hash3028 | Coper botnet C2 server (confidence level: 100%) | |
hash3028 | Coper botnet C2 server (confidence level: 100%) | |
hash443 | Coper botnet C2 server (confidence level: 100%) | |
hash3028 | Coper botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash5000 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash623 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8773 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash1098 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash4444 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3020 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5555 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash51124 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Orcus RAT botnet C2 server (confidence level: 100%) | |
hash1521 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash119 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Nimplant botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) |
Threat ID: 682c7dc3e8347ec82d2e497b
Added to database: 5/20/2025, 1:04:03 PM
Last enriched: 6/19/2025, 3:47:44 PM
Last updated: 8/13/2025, 4:19:42 PM
Views: 10
Related Threats
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumMalwareSat Aug 16 2025
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumMalwareFri Aug 15 2025
Kawabunga, Dude, You've Been Ransomed!
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.