Skip to main content

ThreatFox IOCs for 2024-12-28

Medium
Published: Sat Dec 28 2024 (12/28/2024, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2024-12-28

AI-Powered Analysis

AILast updated: 06/19/2025, 15:32:54 UTC

Technical Analysis

The provided threat information pertains to a malware-related entry titled "ThreatFox IOCs for 2024-12-28," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under "type:osint," indicating that it is related to open-source intelligence gathering or dissemination rather than a specific software product or version. No specific affected versions or products are listed, and there are no associated Common Weakness Enumerations (CWEs) or patch links, suggesting that this entry is more of an intelligence report rather than a vulnerability tied to a particular software flaw. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, which may imply moderate threat presence and distribution. There are no known exploits in the wild, and no indicators of compromise (IOCs) are provided in the data. The severity is marked as medium, but no CVSS score is assigned. The lack of detailed technical specifics, such as malware behavior, attack vectors, or targeted systems, limits the depth of technical analysis. However, the classification as malware and the presence on ThreatFox suggest that this threat could involve malicious software potentially used for reconnaissance, data collection, or other malicious activities leveraging OSINT techniques or targeting OSINT tools or data. The TLP (Traffic Light Protocol) white tag indicates that the information is publicly shareable without restriction.

Potential Impact

Given the limited technical details, the potential impact on European organizations is primarily speculative but can be inferred based on the nature of OSINT-related malware. Such malware could be used to gather sensitive information, conduct reconnaissance, or facilitate further attacks by harvesting intelligence from open sources or compromised systems. The medium severity rating suggests a moderate risk level, potentially impacting confidentiality if sensitive data is exfiltrated. Integrity and availability impacts appear less likely given the absence of known exploits or destructive capabilities. European organizations relying heavily on OSINT tools or those involved in intelligence, defense, or critical infrastructure sectors could face increased risk if this malware targets their information-gathering processes or systems. The absence of known exploits in the wild reduces immediate risk but does not preclude future exploitation or targeted campaigns. Overall, the impact is moderate, with a focus on information confidentiality and potential preparatory stages for more severe attacks.

Mitigation Recommendations

1. Enhance monitoring of network traffic and endpoint behavior for unusual patterns that could indicate OSINT-related malware activity, even in the absence of specific IOCs. 2. Implement strict access controls and segmentation for systems involved in OSINT activities to limit lateral movement and data exposure. 3. Regularly update and audit OSINT tools and related software to ensure they are not vulnerable to exploitation or misuse. 4. Conduct user awareness training focused on recognizing social engineering tactics that might be used to deploy OSINT malware. 5. Employ threat intelligence sharing platforms to stay updated on emerging IOCs and tactics related to OSINT malware. 6. Use sandboxing and behavioral analysis tools to detect and analyze suspicious files or activities related to OSINT operations. 7. Develop incident response plans specifically addressing reconnaissance and information-gathering threats to enable rapid containment and remediation.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
62550532-a7b3-47ee-9b9b-8fd7dafdd13d
Original Timestamp
1735430587

Indicators of Compromise

Url

ValueDescriptionCopy
urlhttp://8.222.194.183:8888/supershell/login/
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://sonar.inndata.xyz
Hook botnet C2 (confidence level: 100%)
urlhttp://52.140.39.118
Hook botnet C2 (confidence level: 100%)
urlhttp://selaras-stage-web.inndata.xyz
Hook botnet C2 (confidence level: 100%)
urlhttp://154.216.20.210
Hook botnet C2 (confidence level: 100%)
urlhttp://185.196.9.228
Hook botnet C2 (confidence level: 100%)
urlhttp://107.175.48.27
Hook botnet C2 (confidence level: 100%)
urlhttp://185.11.61.95
Hook botnet C2 (confidence level: 100%)
urlhttp://154.216.19.101
Hook botnet C2 (confidence level: 100%)
urlhttp://154.37.219.91:8888/supershell/login/
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://ksarcftp.com/updater.php
Satacom botnet C2 (confidence level: 100%)
urlhttps://ras2.shop/up
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://ras2.shop/up/b
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://laborersquei.click/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://cegu.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://klipvumisui.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://lackadausaz.click/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://47.90.135.102:443/2vcr
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttps://parallellywko.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://tightuteop.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://jammywritej.click/api
Lumma Stealer botnet C2 (confidence level: 50%)
urlhttps://ambiwa.com/5o0e.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://ambiwa.com/js.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://alleybikeru.click/api
Lumma Stealer botnet C2 (confidence level: 50%)
urlhttp://219.156.96.47:41486/mozi.m
Mozi payload delivery URL (confidence level: 50%)
urlhttp://117.199.19.169:40252/mozi.m
Mozi payload delivery URL (confidence level: 50%)
urlhttp://048038cm.renyash.ru/pipepacketprocessgeneratordownloads.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://001031cm.nyashteam.ru/pythonprocessdefaultwordpressdatalifetempcdndownloads.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://ce58027.tw1.ru/4fe1d043.php
DCRat botnet C2 (confidence level: 100%)

File

ValueDescriptionCopy
file8.222.194.183
Unknown malware botnet C2 server (confidence level: 100%)
file147.45.44.216
Meduza Stealer botnet C2 server (confidence level: 100%)
file83.229.120.159
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.121.137.189
Cobalt Strike botnet C2 server (confidence level: 100%)
file213.199.39.146
Cobalt Strike botnet C2 server (confidence level: 100%)
file213.199.39.146
Cobalt Strike botnet C2 server (confidence level: 100%)
file117.72.78.81
Cobalt Strike botnet C2 server (confidence level: 100%)
file54.39.233.87
Remcos botnet C2 server (confidence level: 100%)
file94.156.167.37
Remcos botnet C2 server (confidence level: 100%)
file198.244.238.84
Remcos botnet C2 server (confidence level: 100%)
file198.244.238.84
Remcos botnet C2 server (confidence level: 100%)
file93.123.109.154
Remcos botnet C2 server (confidence level: 100%)
file81.71.155.224
Sliver botnet C2 server (confidence level: 100%)
file54.233.192.91
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file35.179.177.158
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file54.71.6.246
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file5.154.181.87
Meduza Stealer botnet C2 server (confidence level: 100%)
file64.71.152.199
Cobalt Strike botnet C2 server (confidence level: 100%)
file94.103.125.11
Cobalt Strike botnet C2 server (confidence level: 100%)
file94.103.125.11
Cobalt Strike botnet C2 server (confidence level: 100%)
file189.1.219.125
Cobalt Strike botnet C2 server (confidence level: 100%)
file148.135.19.111
Cobalt Strike botnet C2 server (confidence level: 100%)
file116.62.139.38
Sliver botnet C2 server (confidence level: 100%)
file104.193.69.142
Sliver botnet C2 server (confidence level: 100%)
file152.42.136.113
Sliver botnet C2 server (confidence level: 100%)
file149.102.147.106
AsyncRAT botnet C2 server (confidence level: 100%)
file102.117.167.52
Unknown malware botnet C2 server (confidence level: 100%)
file185.198.234.213
Havoc botnet C2 server (confidence level: 100%)
file194.26.192.21
ERMAC botnet C2 server (confidence level: 100%)
file8.217.72.211
Sliver botnet C2 server (confidence level: 90%)
file65.109.242.203
Vidar botnet C2 server (confidence level: 100%)
file103.136.150.117
Unknown malware botnet C2 server (confidence level: 100%)
file101.200.120.13
Unknown malware botnet C2 server (confidence level: 100%)
file5.196.234.112
Unknown malware botnet C2 server (confidence level: 100%)
file89.47.50.205
Unknown malware botnet C2 server (confidence level: 100%)
file54.93.180.246
Unknown malware botnet C2 server (confidence level: 100%)
file3.104.95.164
Unknown malware botnet C2 server (confidence level: 100%)
file143.244.176.33
Unknown malware botnet C2 server (confidence level: 100%)
file47.129.203.7
Unknown malware botnet C2 server (confidence level: 100%)
file35.81.110.202
Unknown malware botnet C2 server (confidence level: 100%)
file20.78.37.199
Unknown malware botnet C2 server (confidence level: 100%)
file67.205.183.175
Unknown malware botnet C2 server (confidence level: 100%)
file13.53.206.203
Unknown malware botnet C2 server (confidence level: 100%)
file111.92.243.182
Unknown malware botnet C2 server (confidence level: 100%)
file35.87.51.10
Unknown malware botnet C2 server (confidence level: 100%)
file178.250.170.86
Unknown malware botnet C2 server (confidence level: 100%)
file195.74.238.205
QakBot botnet C2 server (confidence level: 100%)
file88.234.26.154
QakBot botnet C2 server (confidence level: 100%)
file78.176.251.137
QakBot botnet C2 server (confidence level: 100%)
file139.198.30.159
Cobalt Strike botnet C2 server (confidence level: 100%)
file104.251.218.253
Cobalt Strike botnet C2 server (confidence level: 100%)
file112.126.94.134
Cobalt Strike botnet C2 server (confidence level: 100%)
file156.244.19.46
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.36.63.137
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.97.96.147
Cobalt Strike botnet C2 server (confidence level: 100%)
file209.141.47.117
MooBot botnet C2 server (confidence level: 75%)
file154.37.219.91
Unknown malware botnet C2 server (confidence level: 100%)
file45.92.9.110
Sliver botnet C2 server (confidence level: 100%)
file123.11.253.99
Unknown malware botnet C2 server (confidence level: 100%)
file2.58.56.217
Hook botnet C2 server (confidence level: 100%)
file195.10.205.38
Orcus RAT botnet C2 server (confidence level: 100%)
file185.196.8.68
Rhadamanthys botnet C2 server (confidence level: 50%)
file83.222.191.146
Bashlite botnet C2 server (confidence level: 75%)
file27.106.119.252
Cobalt Strike botnet C2 server (confidence level: 100%)
file198.181.32.32
Cobalt Strike botnet C2 server (confidence level: 100%)
file104.243.254.103
Remcos botnet C2 server (confidence level: 100%)
file194.59.30.53
Remcos botnet C2 server (confidence level: 100%)
file45.82.84.41
Remcos botnet C2 server (confidence level: 100%)
file45.82.84.41
Remcos botnet C2 server (confidence level: 100%)
file172.235.14.61
Sliver botnet C2 server (confidence level: 100%)
file81.19.140.237
Sliver botnet C2 server (confidence level: 100%)
file194.26.192.165
AsyncRAT botnet C2 server (confidence level: 100%)
file194.26.192.165
AsyncRAT botnet C2 server (confidence level: 100%)
file92.255.57.75
SectopRAT botnet C2 server (confidence level: 100%)
file134.209.249.56
Unknown malware botnet C2 server (confidence level: 100%)
file87.120.127.237
Hook botnet C2 server (confidence level: 100%)
file51.17.112.90
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file13.38.49.150
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file160.191.175.187
MooBot botnet C2 server (confidence level: 100%)
file98.159.236.221
Bashlite botnet C2 server (confidence level: 100%)
file156.238.243.161
Cobalt Strike botnet C2 server (confidence level: 100%)
file87.120.115.26
Cobalt Strike botnet C2 server (confidence level: 100%)
file118.194.249.212
ShadowPad botnet C2 server (confidence level: 90%)
file78.171.102.136
AsyncRAT botnet C2 server (confidence level: 100%)
file78.171.102.136
AsyncRAT botnet C2 server (confidence level: 100%)
file78.171.102.136
AsyncRAT botnet C2 server (confidence level: 100%)
file78.171.102.136
AsyncRAT botnet C2 server (confidence level: 100%)
file78.171.102.136
AsyncRAT botnet C2 server (confidence level: 100%)
file149.102.147.106
AsyncRAT botnet C2 server (confidence level: 100%)
file102.117.175.201
Unknown malware botnet C2 server (confidence level: 100%)
file13.38.19.250
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file3.27.91.209
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file110.42.33.174
ValleyRAT botnet C2 server (confidence level: 100%)
file58.181.38.161
Ghost RAT botnet C2 server (confidence level: 100%)
file206.238.198.14
ValleyRAT botnet C2 server (confidence level: 100%)
file46.175.150.13
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.6.216.144
Cobalt Strike botnet C2 server (confidence level: 100%)
file123.249.26.90
Cobalt Strike botnet C2 server (confidence level: 100%)
file165.154.98.216
Cobalt Strike botnet C2 server (confidence level: 100%)
file80.76.51.19
Remcos botnet C2 server (confidence level: 100%)
file61.28.233.21
Sliver botnet C2 server (confidence level: 100%)
file64.188.9.175
AsyncRAT botnet C2 server (confidence level: 100%)
file45.141.87.50
SectopRAT botnet C2 server (confidence level: 100%)
file45.200.148.209
Hook botnet C2 server (confidence level: 100%)
file194.59.30.152
Hook botnet C2 server (confidence level: 100%)
file194.59.30.152
Hook botnet C2 server (confidence level: 100%)
file94.156.167.42
Venom RAT botnet C2 server (confidence level: 100%)
file94.156.167.42
DCRat botnet C2 server (confidence level: 100%)
file35.78.206.123
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file35.181.5.63
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file3.26.42.181
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file184.94.215.147
BianLian botnet C2 server (confidence level: 100%)
file3.127.138.57
NjRAT botnet C2 server (confidence level: 100%)
file18.157.68.73
NjRAT botnet C2 server (confidence level: 100%)
file18.197.239.5
NjRAT botnet C2 server (confidence level: 100%)
file83.222.191.146
Mirai botnet C2 server (confidence level: 100%)
file106.54.31.97
Ghost RAT botnet C2 server (confidence level: 100%)
file8.218.163.85
ValleyRAT botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash15666
Meduza Stealer botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash8888
Remcos botnet C2 server (confidence level: 100%)
hash8889
Remcos botnet C2 server (confidence level: 100%)
hash6881
Remcos botnet C2 server (confidence level: 100%)
hash8443
Sliver botnet C2 server (confidence level: 100%)
hash1911
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash7001
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash22011
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
Meduza Stealer botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash31337
Sliver botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash8080
ERMAC botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 90%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash9999
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash995
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash82
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1999
MooBot botnet C2 server (confidence level: 75%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Sliver botnet C2 server (confidence level: 100%)
hash5873
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash3306
Orcus RAT botnet C2 server (confidence level: 100%)
hash7257
Rhadamanthys botnet C2 server (confidence level: 50%)
hash35342
Bashlite botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash60782
Remcos botnet C2 server (confidence level: 100%)
hash3389
Remcos botnet C2 server (confidence level: 100%)
hash8080
Remcos botnet C2 server (confidence level: 100%)
hash31337
Sliver botnet C2 server (confidence level: 100%)
hash8080
Sliver botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash15747
SectopRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash9142
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash32995
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash23
Bashlite botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
ShadowPad botnet C2 server (confidence level: 90%)
hash60
AsyncRAT botnet C2 server (confidence level: 100%)
hash888
AsyncRAT botnet C2 server (confidence level: 100%)
hash2003
AsyncRAT botnet C2 server (confidence level: 100%)
hash2004
AsyncRAT botnet C2 server (confidence level: 100%)
hash20000
AsyncRAT botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash6719
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash6666
ValleyRAT botnet C2 server (confidence level: 100%)
hash10798
Ghost RAT botnet C2 server (confidence level: 100%)
hash9091
ValleyRAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8082
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash3008
AsyncRAT botnet C2 server (confidence level: 100%)
hash15747
SectopRAT botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash5000
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
DCRat botnet C2 server (confidence level: 100%)
hash35857
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash28080
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash47929
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash53
BianLian botnet C2 server (confidence level: 100%)
hash11048
NjRAT botnet C2 server (confidence level: 100%)
hash11048
NjRAT botnet C2 server (confidence level: 100%)
hash11048
NjRAT botnet C2 server (confidence level: 100%)
hash33211
Mirai botnet C2 server (confidence level: 100%)
hash8810
Ghost RAT botnet C2 server (confidence level: 100%)
hash9091
ValleyRAT botnet C2 server (confidence level: 100%)

Domain

ValueDescriptionCopy
domainapi.primusext.pro
Unknown malware payload delivery domain (confidence level: 25%)
domainprimusext.pro
Unknown malware payload delivery domain (confidence level: 25%)
domainapi.cyberhavenext.pro
Unknown malware payload delivery domain (confidence level: 25%)
domaincyberhavenext.pro
Unknown malware payload delivery domain (confidence level: 25%)
domainiobit.pro
Unknown malware payload delivery domain (confidence level: 25%)
domainapi.videodownloadhelper.pro
Unknown malware payload delivery domain (confidence level: 25%)
domainvideodownloadhelper.pro
Unknown malware payload delivery domain (confidence level: 25%)
domainapi.censortracker.pro
Unknown malware payload delivery domain (confidence level: 25%)
domaincensortracker.pro
Unknown malware payload delivery domain (confidence level: 25%)
domainapi.dearflip.pro
Unknown malware payload delivery domain (confidence level: 25%)
domaininternxtvpn.pro
Unknown malware payload delivery domain (confidence level: 25%)
domainapi.yescaptcha.pro
Unknown malware payload delivery domain (confidence level: 25%)
domainyescaptcha.pro
Unknown malware payload delivery domain (confidence level: 25%)
domainapi.proxyswitchyomega.pro
Unknown malware payload delivery domain (confidence level: 25%)
domainapi.yujaverity.info
Unknown malware payload delivery domain (confidence level: 25%)
domainyujaverity.info
Unknown malware payload delivery domain (confidence level: 25%)
domaincastorus.info
Unknown malware payload delivery domain (confidence level: 25%)
domainapi.parrottalks.info
Unknown malware payload delivery domain (confidence level: 25%)
domainparrottalks.info
Unknown malware payload delivery domain (confidence level: 25%)
domainapi.bookmarkfc.info
Unknown malware payload delivery domain (confidence level: 25%)
domainbookmarkfc.info
Unknown malware payload delivery domain (confidence level: 25%)
domainapi.uvoice.live
Unknown malware payload delivery domain (confidence level: 25%)
domainuvoice.live
Unknown malware payload delivery domain (confidence level: 25%)
domainstingyerasjhru.click
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainklipvumisui.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainlev-tolstoi.com
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainsofakingclean.pro
Unknown malware botnet C2 domain (confidence level: 100%)
domainec2-3-21-97-241.us-east-2.compute.amazonaws.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainecs-110-41-147-219.compute.hwclouds-dns.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.hacking.grayhatbangladesh.com
BlackNET RAT botnet C2 domain (confidence level: 100%)
domainksarcftp.com
Satacom botnet C2 domain (confidence level: 100%)
domain185-196-9-195.cprapid.com
Havoc botnet C2 domain (confidence level: 100%)
domainras2.shop
Unknown malware botnet C2 domain (confidence level: 100%)
domainlumbercare.sbs
Unknown malware botnet C2 domain (confidence level: 100%)
domainfinatick.com
VenomLNK payload delivery domain (confidence level: 100%)
domainparallellywko.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaintightuteop.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainambiwa.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainalleybikeru.click
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainfiveth5sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainsixth6sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domaintwentyth20sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domaineighth8sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainoneth1sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainhome.twentyth20ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainfortth14sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainthirtth13sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainnineth9sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domaintenth10sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainthirtth13ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domaintwentyth20ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainhome.fiveth5sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainharlemsupport.com
DarkGate botnet C2 domain (confidence level: 100%)
domainedge.microcoft.co
AsyncRAT botnet C2 domain (confidence level: 100%)
domaincmaster-57540.portmap.io
Quasar RAT botnet C2 domain (confidence level: 100%)
domainsecurity.cecbank.online
Havoc botnet C2 domain (confidence level: 100%)

Threat ID: 682c7dc3e8347ec82d2e4838

Added to database: 5/20/2025, 1:04:03 PM

Last enriched: 6/19/2025, 3:32:54 PM

Last updated: 8/16/2025, 2:44:41 AM

Views: 13

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats