Reconnecting to live updates…
ThreatFox IOCs for 2024-12-29
Severity: mediumType: malware
ThreatFox IOCs for 2024-12-29
AI Analysis
Technical Summary
The provided threat intelligence pertains to a malware-related report titled "ThreatFox IOCs for 2024-12-29," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under "type:osint," indicating it is primarily an open-source intelligence collection rather than a direct vulnerability or exploit targeting a specific product or version. No specific affected software versions or products are identified, and no Common Weakness Enumerations (CWEs) or patch links are provided. The technical details include a threat level rated as 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination or sharing of this intelligence. There are no known exploits in the wild associated with this threat at the time of publication (December 29, 2024). The absence of specific IOCs or technical indicators limits the ability to perform a detailed technical dissection of the malware itself. The medium severity rating assigned likely reflects the potential for this intelligence to inform defensive measures rather than indicating an active, high-impact malware campaign. Overall, this entry appears to be a collection or update of IOCs related to malware activity, intended to aid security teams in detection and response rather than describing a novel or actively exploited vulnerability or malware strain.
Potential Impact
Given the lack of specific affected products, versions, or detailed technical indicators, the direct impact on European organizations is difficult to quantify. However, the dissemination of malware-related IOCs can enhance the detection capabilities of security teams, potentially reducing the risk of successful malware infections. Conversely, if these IOCs relate to emerging or evolving malware strains, organizations that fail to integrate this intelligence into their security monitoring may face increased risk of compromise. European organizations, particularly those with mature security operations centers (SOCs) and threat intelligence programs, can leverage this information to improve their threat detection and incident response. The medium severity suggests that while the threat is not currently critical, it warrants attention to prevent escalation. The absence of known exploits in the wild reduces immediate risk but does not eliminate the possibility of future exploitation. Therefore, the impact is primarily on the confidentiality, integrity, and availability of systems if the malware associated with these IOCs were to be deployed successfully. The scope is broad given the unspecified nature of affected systems, implying that organizations across various sectors could be targeted if the malware becomes active.
Mitigation Recommendations
To effectively mitigate risks associated with this threat intelligence, European organizations should: 1) Integrate the provided IOCs into their existing security information and event management (SIEM) systems and endpoint detection and response (EDR) tools to enhance detection capabilities. 2) Conduct regular threat hunting exercises using these IOCs to proactively identify potential compromises. 3) Maintain up-to-date threat intelligence feeds and ensure timely dissemination of relevant indicators to all security teams. 4) Implement network segmentation and strict access controls to limit the lateral movement of malware should an infection occur. 5) Enhance user awareness training focusing on malware delivery vectors, even though specific vectors are not detailed here, as general vigilance reduces risk. 6) Regularly review and update incident response plans to incorporate scenarios involving malware detection based on new IOCs. 7) Collaborate with national and European cybersecurity agencies to share intelligence and receive updates on emerging threats. These steps go beyond generic advice by emphasizing proactive integration of IOCs, threat hunting, and inter-organizational collaboration tailored to the nature of this intelligence.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium, Sweden, Finland
Indicators of Compromise
- file: 147.185.221.24
- hash: 50300
- domain: printer-nebraska.gl.at.ply.gg
- file: 212.227.135.15
- hash: 59666
- file: 18.192.93.86
- hash: 11048
- file: 18.156.13.209
- hash: 11048
- file: 193.200.78.37
- hash: 33966
- domain: raw.intenseapi.com
- file: 107.178.223.183
- hash: 80
- url: https://kaderserininsamimiyansimalari.xyz/nzkzymvjmjc2oguz/
- url: https://dostlukveduygusalbaglarinkaderi.xyz/nzkzymvjmjc2oguz/
- file: 152.32.240.71
- hash: 80
- file: 47.90.142.15
- hash: 80
- file: 5.175.237.184
- hash: 7443
- domain: vpn636567983.softether.net
- domain: n8229h55.sprintdatacenter.net
- file: 52.87.173.188
- hash: 23894
- file: 13.230.79.217
- hash: 80
- file: 146.190.72.164
- hash: 8085
- file: 154.82.113.139
- hash: 63701
- url: http://ilusharx.beget.tech/l1nc0in.php
- domain: nwweek.sbs
- domain: vidars.su
- url: https://65.109.242.203
- url: https://steamcommunity.com/profiles/76561199811540174
- file: 43.134.58.195
- hash: 80
- file: 8.218.174.208
- hash: 443
- domain: ec2-15-206-66-46.ap-south-1.compute.amazonaws.com
- file: 45.154.98.29
- hash: 80
- file: 120.46.82.207
- hash: 60000
- file: 23.254.161.117
- hash: 60000
- file: 120.194.219.28
- hash: 60000
- file: 3.82.152.138
- hash: 443
- file: 47.97.117.128
- hash: 3333
- file: 139.59.65.108
- hash: 3333
- file: 213.74.172.12
- hash: 80
- file: 213.74.172.12
- hash: 443
- file: 35.81.110.202
- hash: 80
- file: 39.184.227.96
- hash: 3333
- file: 34.64.110.8
- hash: 3333
- file: 185.229.224.21
- hash: 2176
- file: 18.135.30.45
- hash: 4082
- file: 194.219.104.67
- hash: 995
- domain: veinfear.cfd
- domain: cookfrog.cfd
- url: https://fallyjustif.click/api
- domain: fallyjustif.click
- file: 139.9.106.230
- hash: 7777
- file: 15.235.198.100
- hash: 443
- file: 139.224.49.34
- hash: 10443
- file: 154.64.254.10
- hash: 443
- file: 47.94.87.178
- hash: 80
- file: 166.108.200.10
- hash: 8443
- file: 123.249.26.90
- hash: 82
- file: 182.237.8.222
- hash: 80
- file: 47.90.135.102
- hash: 5555
- file: 47.108.82.27
- hash: 89
- file: 92.119.124.214
- hash: 21435
- file: 107.172.157.80
- hash: 8888
- file: 160.191.89.55
- hash: 8888
- file: 44.192.128.61
- hash: 47877
- file: 60.204.234.238
- hash: 53790
- file: 185.196.9.85
- hash: 80
- file: 85.31.47.4
- hash: 80
- domain: fivenaii.click
- url: https://fivenaii.click/api
- url: https://simplerapplau.click/api
- domain: simplerapplau.click
- url: https://rurallyrishz.click/api
- domain: rurallyrishz.click
- url: https://kikoschmidt.com/updater.php
- url: http://cy52165.tw1.ru/l1nc0in.php
- url: http://0.tcp.ngrok.io:19521
- url: http://127.0.0.1:2510
- url: http://168.61.222.215:5400
- url: http://185.29.9.125:2404
- url: http://192.168.18:2404
- url: http://192.3.64.152:2559
- url: http://194.5.98.81:2510
- url: http://194.5.98.81:7123
- url: http://213.183.58.19:4000
- url: http://64.44.139.178:7200
- url: http://65.21.127.164:4783
- url: http://79.134.225.23:6666
- url: http://79.134.225.7:2050
- url: http://80.76.51.46:2404
- url: http://91.193.75.145:1604
- url: http://azuite.ddns.net:7667
- url: http://casino.ddnss.de:2403
- url: http://cee.work.gd:2531
- url: http://chinnyann.ddns.net:3131
- url: http://chinnyann.duckdns.org:3131
- url: http://defenderavs.mooo.com:2022
- url: http://dftyuj.duckdns.org:6666
- url: http://duckdne7832732.duckdns.org:1718
- url: http://eaidali.ddns.net:4784
- url: http://egommbute2020.ddns.net:7171
- url: http://emedoo.ddns.net:5050
- url: http://fgbgfyby.loseyourip.com:6666
- url: http://goddywin.freedynamicdns.net:6712
- url: http://hillsong5566.ydns.eu:6666
- url: http://honeypotresearchteam.duckdns.org:28453
- url: http://incidencias6645.ddns.net:8638
- url: http://insidelife1.ddns.net:2123
- url: http://lplazadtemins.duckdns.org:443
- url: http://mikoniko.zapto.org:2425
- url: http://mikonikoa.zapto.org:2425
- url: http://mikonikob.zapto.org:2425
- url: http://mikonikoc.zapto.org:2425
- url: http://mikonikod.zapto.org:2425
- url: http://mikonikoe.zapto.org:2425
- url: http://mikonikof.zapto.org:2425
- url: http://mikonikog.zapto.org:2425
- url: http://mikonikoh.zapto.org:2425
- url: http://mikonikoi.zapto.org:2425
- url: http://mikonikoj.zapto.org:2425
- url: http://mikonikok.zapto.org:2425
- url: http://mikonikol.zapto.org:2425
- url: http://mikonikom.zapto.org:2425
- url: http://mikonikon.zapto.org:2425
- url: http://mikonikoo.zapto.org:2425
- url: http://mikonikop.zapto.org:2425
- url: http://mikonikoq.zapto.org:2425
- url: http://mikonikor.zapto.org:2425
- url: http://mikonikos.zapto.org:2425
- url: http://newstaticfreepoint24.ddns-ip.net:3020
- url: http://nickman12-46565.portmap.io:1735
- url: http://nickman12-46565.portmap.io:46565
- url: http://nomansland.ddns.net:6122
- url: http://pentester0.accesscam.org:56796
- url: http://pentester03.gleeze.com:28454
- url: http://prayerarequesttojah.ddns.net:4344
- url: http://rambolastblood.ddns.net:6327
- url: http://rlbotz.duckdns.org:2404
- url: http://rmcnewprojectadd.duckdns.org:14645
- url: http://rownip.mooo.com:2404
- url: http://salford1.ddns.net:2404
- url: http://salford2.ddns.net:2404
- url: http://salford3.ddns.net:2404
- url: http://salma12.myftp.org:2525
- url: http://startitit2-23969.portmap.host:1604
- url: http://systemcontrol.ddns.net:45000
- url: http://systemcontrol2.ddns.net:45000
- url: http://tobi12345.hopto.org:50501
- url: http://u864246.nerdpol.ovh:2404
- url: http://u864246.nsupdate.info:2404
- url: http://u864246.tk:2404
- url: http://www.kesaihk.com:5004
- url: http://www.rmagent.biz:7181
- url: http://www.stellionlab.com:5004
- url: http://xred.mooo.com
- url: http://zubby2468.hopto.org:8975
- file: 104.219.215.160
- hash: 4449
- file: 147.185.221.18
- hash: 63974
- file: 147.185.221.24
- hash: 33931
- file: 147.185.221.24
- hash: 6606
- file: 147.185.221.24
- hash: 7707
- file: 87.120.113.125
- hash: 2101
- file: 87.120.113.125
- hash: 55644
- file: 147.185.221.24
- hash: 8808
- file: 51.89.44.68
- hash: 8848
- url: http://4.tcp.eu.ngrok.io:1604
- url: http://4.tcp.eu.ngrok.io:16961
- url: http://4.tcp.eu.ngrok.io:6606
- url: http://4.tcp.eu.ngrok.io:7707
- url: http://4.tcp.eu.ngrok.io:8808
- url: http://2.tcp.ngrok.io:17971
- url: http://5.tcp.eu.ngrok.io:1234
- url: http://5.tcp.eu.ngrok.io:18738
- url: http://5.tcp.eu.ngrok.io:8848
- url: http://2dod.ddns.net:6666
- url: http://6.tcp.eu.ngrok.io:14778
- url: http://6.tcp.eu.ngrok.io:1604
- url: http://6.tcp.eu.ngrok.io:6606
- url: http://6.tcp.eu.ngrok.io:7707
- url: http://6.tcp.eu.ngrok.io:8808
- url: http://above-recognize.gl.at.ply.gg:1337
- url: http://antivirus-ssl.myiphost.com:195
- url: http://bahautopilotusatzfeder.xyz:2011
- url: http://bigdaddy-service.biz:6606
- url: http://bigdaddy-service.biz:7707
- url: http://bigdaddy-service.biz:8808
- url: http://carlosmenguallora09.duckdns.org:1994
- url: http://cdt.3utilities.com:2222
- url: http://cdt.3utilities.com:3303
- url: http://cdt.3utilities.com:4404
- url: http://cdt.3utilities.com:5505
- url: http://cdt.3utilities.com:6606
- url: http://cdt.3utilities.com:7707
- url: http://cdt.3utilities.com:8808
- url: http://chromedata.accesscam.org:2222
- url: http://chromedata.accesscam.org:3303
- url: http://chromedata.accesscam.org:4404
- url: http://chromedata.accesscam.org:5122
- url: http://chromedata.accesscam.org:5155
- url: http://chromedata.accesscam.org:5505
- url: http://chromedata.accesscam.org:6606
- url: http://chromedata.accesscam.org:7707
- url: http://chromedata.accesscam.org:8001
- url: http://chromedata.accesscam.org:8808
- url: http://chromedata.accesscam.org:8888
- url: http://chromedata.accesscam.org:9000
- url: http://chromedata.accesscam.org:9999
- url: http://churchmon.ddns.net:6606
- url: http://churchmon.ddns.net:7707
- url: http://churchmon.ddns.net:8808
- url: http://churchmon21.ddns.net:6606
- url: http://churchmon21.ddns.net:7707
- url: http://churchmon21.ddns.net:8808
- url: http://churchmon22.ddns.net:6606
- url: http://churchmon22.ddns.net:7707
- url: http://churchmon22.ddns.net:8808
- url: http://corporation.warzonedns.com:9341
- url: http://crazydns.linkpc.net:5900
- url: http://daveblack.publicvm.com:3861
- url: http://devnodes.duckdns.org:6905
- url: http://dofucks.com:12482
- url: http://domain13.ddns.net:10000
- url: http://domain13.ddns.net:650
- url: http://donzola.duckdns.org:2000
- url: http://egypt2.camdvr.org:301
- url: http://eichstaett.duckdns.org:2011
- url: http://fahrzeugtechnik24zusatzfeder.de:4099
- url: http://fahrzeugtechnik24zusatzfeder.de:5801
- url: http://feb23-pandor.duckdns.org:25045
- url: http://fejong.duckdns.org:25045
- url: http://g896696.duckdns.org:7343
- url: http://gratedmonth.duckdns.org:8890
- url: http://hakim32.ddns.net:2000
- url: http://heheyanel.ddns.net:4444
- url: http://info.ctxcel.com:443
- url: http://jt8iyre.localto.net:2101
- url: http://jt8iyre.localto.net:55644
- url: http://jyzjkjj.com:8848
- url: http://loans-merchant.gl.at.ply.gg:50335
- url: http://machine3.duckdns.org:2200
- url: http://milla.publicvm.com:6606
- url: http://milla.publicvm.com:7707
- url: http://milla.publicvm.com:8808
- url: http://newstartagain.servequake.com:6606
- url: http://newstartagain.servequake.com:7707
- url: http://newstartagain.servequake.com:8808
- url: http://newstartagain50.duckdns.org:6606
- url: http://newstartagain50.duckdns.org:7707
- url: http://newstartagain50.duckdns.org:8808
- url: http://novachrono.dyndns-ip.com:51396
- url: http://novachrono.dyndns-ip.com:51397
- url: http://novachrono.dyndns-ip.com:51399
- url: http://novachrono.dyndns-ip.com:55319
- url: http://pettbull.ddns.net:4782
- url: http://pettbull.ddns.net:53896
- url: http://pettbull.ddns.net:6606
- url: http://pettbull.ddns.net:7707
- url: http://pettbull.ddns.net:8808
- url: http://polymoly.info:4199
- url: http://private115.duckdns.org:12482
- url: http://renver.duckdns.org:6606
- url: http://resulttoday2.duckdns.org:6111
- url: http://ronymahmoud.casacam.net:6606
- url: http://ronymahmoud.casacam.net:7707
- url: http://ronymahmoud.casacam.net:8808
- url: http://run-neither.gl.at.ply.gg:33834
- url: http://ry8325585.duckdns.org:6087
- url: http://sat-bowling.gl.at.ply.gg:7707
- url: http://semdoublebacks5f.ooguy.com:5001
- url: http://sk.servemp3.com:6606
- url: http://sk.servemp3.com:7707
- url: http://sk.servemp3.com:8808
- url: http://sky01.publicvm.com:9217
- url: http://testloggbot23-37268.portmap.host:37268
- url: http://treppen.duckdns.org:4099
- url: http://treppen.duckdns.org:5801
- url: http://venom12345.duckdns.org:4449
- url: http://venomunverified.duckdns.org:4449
- url: http://vvat22.con-ip.com:7707
- url: http://yedbopds.duckdns.org:9056
- url: http://zzzpmax.ddns.net:6666
- domain: eleventh11pt.top
- domain: fiveth5ht.top
- domain: eighth8pn.top
- domain: oneth1pn.top
- domain: xclre2wq.beget.tech
- domain: 123863.darkproducts.ru
- domain: 71941.darkproducts.ru
- domain: cz37182.tw1.ru
- domain: f1066369.xsph.ru
- domain: a1068999.xsph.ru
- domain: cx79992.tw1.ru
- domain: a1069038.xsph.ru
- domain: f1069581.xsph.ru
- domain: cn67735.tw1.ru
- domain: cq02494.tw1.ru
- domain: cy52165.tw1.ru
- domain: 23742.darkproducts.ru
- domain: pw334.castledev.ru
- file: 45.144.136.86
- hash: 82
- file: 118.25.228.87
- hash: 80
- file: 101.132.147.63
- hash: 80
- domain: home.fiveth5ht.top
- domain: home.oneth1ht.top
- domain: eighth8ht.top
- domain: home.eighth8ht.top
- domain: oneth1ht.top
- domain: sixth6ht.top
- domain: fiveth5pn.top
- domain: home.eighth8pn.top
- domain: tenth10ht.top
- file: 206.238.198.14
- hash: 18852
- file: 124.222.39.154
- hash: 80
- file: 46.175.150.13
- hash: 80
- file: 163.5.112.11
- hash: 2404
- file: 8.209.221.211
- hash: 21854
- file: 156.224.29.253
- hash: 8082
- domain: ec2-54-92-179-181.compute-1.amazonaws.com
- file: 3.38.211.194
- hash: 2077
- file: 54.186.30.8
- hash: 623
- file: 45.154.98.96
- hash: 8080
- domain: occ1red.pro
- file: 194.59.31.31
- hash: 80
- file: 79.110.49.200
- hash: 80
- file: 167.71.69.135
- hash: 443
- file: 8.212.101.195
- hash: 1122
- url: https://pentagonstealer.ru/login
- url: https://104.168.136.74/video-questions/create/531fbaedf67046d6904478f15d3e7142
- url: https://23.254.130.171/video-questions/create/531fbaedf67046d6904478f15d3e7142
- url: https://23.254.132.62/video-questions/create/531fbaedf67046d6904478f15d3e7142
- url: https://23.254.244.74/video-questions/create/531fbaedf67046d6904478f15d3e7142
- url: https://app.hiringinterview.org/video-questions/create/531fbaedf67046d6904478f15d3e7142
- url: https://app.willoassess.com/video-questions/create/531fbaedf67046d6904478f15d3e7142
- url: https://app.wtalents.us/video-questions/create/531fbaedf67046d6904478f15d3e7142
- url: https://hiringinterview.org/video-questions/create/531fbaedf67046d6904478f15d3e7142
- url: https://interviewnest.org/video-questions/create/531fbaedf67046d6904478f15d3e7142
- url: https://mail.wtalents.us/video-questions/create/531fbaedf67046d6904478f15d3e7142
- url: https://vid.blockchain-assess.com/video-questions/create/531fbaedf67046d6904478f15d3e71
- url: https://vid.willoassess.com/video-questions/create/531fbaedf67046d6904478f15d3e7142
- url: https://werhiring.willomexcvip.us/video-questions/create/531fbaedf67046d6904478f15d3e71
- url: https://wtalents.us/video-questions/create/531fbaedf67046d6904478f15d3e7142
- url: https://www.app.blockchain-assess.com/video-questions/create/531fbaedf67046d6904478f15d
- url: https://www.app.hiringinterview.org/video-questions/create/531fbaedf67046d6904478f15d3e
- url: https://www.app.interviewnest.org/video-questions/create/531fbaedf67046d6904478f15d3e71
- url: https://www.app.willoassess.com/video-questions/create/531fbaedf67046d6904478f15d3e7142
- url: https://www.app.willomexcvip.us/video-questions/create/531fbaedf67046d6904478f15d3e7142
- url: https://www.app.wtalents.us/video-questions/create/531fbaedf67046d6904478f15d3e7142
- url: https://www.vid.blockchain-assess.com/video-questions/create/531fbaedf67046d6904478f15d
- url: https://www.vid.willoassess.com/video-questions/create/531fbaedf67046d6904478f15d3e7142
- url: https://www.werhiring.willomexcvip.us/video-questions/create/531fbaedf67046d6904478f15d
- url: https://www.wtalents.us/video-questions/create/531fbaedf67046d6904478f15d3e7142
- file: 3.121.139.82
- hash: 17275
- file: 193.111.248.108
- hash: 33966
- file: 198.13.34.16
- hash: 9090
- file: 107.207.210.230
- hash: 2404
- file: 101.99.75.173
- hash: 22
- file: 192.119.110.114
- hash: 2404
- file: 159.223.229.0
- hash: 443
- file: 45.141.86.98
- hash: 4443
- file: 194.26.192.165
- hash: 6606
- file: 96.18.247.142
- hash: 7443
- file: 47.129.103.18
- hash: 24961
- file: 178.208.89.155
- hash: 80
- file: 66.63.187.214
- hash: 80
- domain: www.miner.2025ca.site
- domain: mail.kapilapiii.com
- domain: www.api.edureel.ai
- file: 51.195.60.102
- hash: 80
- url: http://141.98.9.20/81bd01okzh1z
- url: http://141.98.9.201/81bd01okzh1z
- url: http://141.98.9.202/81bd01okzh1z
- url: http://141.98.9.203/81bd01okzh1z
- url: http://193.124.185.50/81bd01okzh1z
- url: http://193.124.185.53/81bd01okzh1z
- url: http://193.124.185.54/81bd01okzh1z
- url: https://abruptyopsn.shop/api
- url: https://cloudewahsj.shop/api
- url: https://framekgirus.shop/api
- url: https://nearycrepso.shop/api
- url: https://noisycuttej.shop/api
- url: https://rabidcowse.shop/api
- url: https://tirepublicerj.shop/api
- url: https://wholersorie.shop/api
- url: https://fantafab.com/81bd01okzh1z
- file: 108.174.194.58
- hash: 7707
- url: https://25php.duckdns.org/work/original.js
- url: https://25php.duckdns.org/work/index.php
- url: https://25php.duckdns.org/work/download.php
- url: https://25php.duckdns.org/work/yyy.zip
- domain: 25php.duckdns.org
- url: http://kevinflansburg.com/updater.php
- url: http://cr39969.tw1.ru/47f8d9e3.php
- file: 192.3.231.133
- hash: 443
- file: 103.192.179.97
- hash: 443
- file: 172.86.64.38
- hash: 5000
- file: 20.193.140.195
- hash: 8000
- file: 64.225.27.237
- hash: 8808
- file: 198.23.227.175
- hash: 80
- file: 193.203.238.136
- hash: 8080
- file: 171.250.183.66
- hash: 6001
- file: 171.250.183.66
- hash: 8000
- file: 35.178.190.68
- hash: 5222
- file: 54.69.63.53
- hash: 2404
- file: 47.109.178.63
- hash: 8082
- file: 172.104.165.70
- hash: 80
- domain: ksmshop.fr
- file: 101.99.94.64
- hash: 2404
- file: 101.99.94.64
- hash: 465
- file: 101.99.94.64
- hash: 50000
- file: 101.99.94.64
- hash: 80
- file: 101.99.94.64
- hash: 8080
- url: https://fancywaxxers.shop/api
- url: http://185.216.71.4/feed7c30357659ed.php
ThreatFox IOCs for 2024-12-29
0
MediumPublished: Sun Dec 29 2024 (12/29/2024, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2024-12-29
AI-Powered Analysis
AILast updated: 06/19/2025, 15:49:35 UTC
Technical Analysis
The provided threat intelligence pertains to a malware-related report titled "ThreatFox IOCs for 2024-12-29," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under "type:osint," indicating it is primarily an open-source intelligence collection rather than a direct vulnerability or exploit targeting a specific product or version. No specific affected software versions or products are identified, and no Common Weakness Enumerations (CWEs) or patch links are provided. The technical details include a threat level rated as 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination or sharing of this intelligence. There are no known exploits in the wild associated with this threat at the time of publication (December 29, 2024). The absence of specific IOCs or technical indicators limits the ability to perform a detailed technical dissection of the malware itself. The medium severity rating assigned likely reflects the potential for this intelligence to inform defensive measures rather than indicating an active, high-impact malware campaign. Overall, this entry appears to be a collection or update of IOCs related to malware activity, intended to aid security teams in detection and response rather than describing a novel or actively exploited vulnerability or malware strain.
Potential Impact
Given the lack of specific affected products, versions, or detailed technical indicators, the direct impact on European organizations is difficult to quantify. However, the dissemination of malware-related IOCs can enhance the detection capabilities of security teams, potentially reducing the risk of successful malware infections. Conversely, if these IOCs relate to emerging or evolving malware strains, organizations that fail to integrate this intelligence into their security monitoring may face increased risk of compromise. European organizations, particularly those with mature security operations centers (SOCs) and threat intelligence programs, can leverage this information to improve their threat detection and incident response. The medium severity suggests that while the threat is not currently critical, it warrants attention to prevent escalation. The absence of known exploits in the wild reduces immediate risk but does not eliminate the possibility of future exploitation. Therefore, the impact is primarily on the confidentiality, integrity, and availability of systems if the malware associated with these IOCs were to be deployed successfully. The scope is broad given the unspecified nature of affected systems, implying that organizations across various sectors could be targeted if the malware becomes active.
Mitigation Recommendations
To effectively mitigate risks associated with this threat intelligence, European organizations should: 1) Integrate the provided IOCs into their existing security information and event management (SIEM) systems and endpoint detection and response (EDR) tools to enhance detection capabilities. 2) Conduct regular threat hunting exercises using these IOCs to proactively identify potential compromises. 3) Maintain up-to-date threat intelligence feeds and ensure timely dissemination of relevant indicators to all security teams. 4) Implement network segmentation and strict access controls to limit the lateral movement of malware should an infection occur. 5) Enhance user awareness training focusing on malware delivery vectors, even though specific vectors are not detailed here, as general vigilance reduces risk. 6) Regularly review and update incident response plans to incorporate scenarios involving malware detection based on new IOCs. 7) Collaborate with national and European cybersecurity agencies to share intelligence and receive updates on emerging threats. These steps go beyond generic advice by emphasizing proactive integration of IOCs, threat hunting, and inter-organizational collaboration tailored to the nature of this intelligence.
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 024b3a81-1b16-41bb-9dd2-12c2a64c3ac1
- Original Timestamp
- 1735516988
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file147.185.221.24 | NjRAT botnet C2 server (confidence level: 75%) | |
file212.227.135.15 | Mirai botnet C2 server (confidence level: 75%) | |
file18.192.93.86 | NjRAT botnet C2 server (confidence level: 75%) | |
file18.156.13.209 | NjRAT botnet C2 server (confidence level: 75%) | |
file193.200.78.37 | Mirai botnet C2 server (confidence level: 75%) | |
file107.178.223.183 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%) | |
file152.32.240.71 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.90.142.15 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file5.175.237.184 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.87.173.188 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.230.79.217 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
file146.190.72.164 | MimiKatz botnet C2 server (confidence level: 100%) | |
file154.82.113.139 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file43.134.58.195 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.218.174.208 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.154.98.29 | Hook botnet C2 server (confidence level: 100%) | |
file120.46.82.207 | Unknown malware botnet C2 server (confidence level: 100%) | |
file23.254.161.117 | Unknown malware botnet C2 server (confidence level: 100%) | |
file120.194.219.28 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.82.152.138 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.97.117.128 | Unknown malware botnet C2 server (confidence level: 100%) | |
file139.59.65.108 | Unknown malware botnet C2 server (confidence level: 100%) | |
file213.74.172.12 | Unknown malware botnet C2 server (confidence level: 100%) | |
file213.74.172.12 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.81.110.202 | Unknown malware botnet C2 server (confidence level: 100%) | |
file39.184.227.96 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.64.110.8 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.229.224.21 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.135.30.45 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.219.104.67 | QakBot botnet C2 server (confidence level: 100%) | |
file139.9.106.230 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file15.235.198.100 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file139.224.49.34 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.64.254.10 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.94.87.178 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file166.108.200.10 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.249.26.90 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file182.237.8.222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.90.135.102 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.108.82.27 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file92.119.124.214 | Unknown malware botnet C2 server (confidence level: 100%) | |
file107.172.157.80 | Unknown malware botnet C2 server (confidence level: 100%) | |
file160.191.89.55 | Venom RAT botnet C2 server (confidence level: 100%) | |
file44.192.128.61 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file60.204.234.238 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
file185.196.9.85 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
file85.31.47.4 | MooBot botnet C2 server (confidence level: 100%) | |
file104.219.215.160 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file147.185.221.18 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file147.185.221.24 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file147.185.221.24 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file147.185.221.24 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file87.120.113.125 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file87.120.113.125 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file147.185.221.24 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file51.89.44.68 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.144.136.86 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.25.228.87 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.132.147.63 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file206.238.198.14 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file124.222.39.154 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file46.175.150.13 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file163.5.112.11 | Remcos botnet C2 server (confidence level: 100%) | |
file8.209.221.211 | Remcos botnet C2 server (confidence level: 100%) | |
file156.224.29.253 | Hook botnet C2 server (confidence level: 100%) | |
file3.38.211.194 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file54.186.30.8 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file45.154.98.96 | ERMAC botnet C2 server (confidence level: 100%) | |
file194.59.31.31 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
file79.110.49.200 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
file167.71.69.135 | BianLian botnet C2 server (confidence level: 100%) | |
file8.212.101.195 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file3.121.139.82 | NjRAT botnet C2 server (confidence level: 75%) | |
file193.111.248.108 | Mirai botnet C2 server (confidence level: 75%) | |
file198.13.34.16 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.207.210.230 | DarkComet botnet C2 server (confidence level: 100%) | |
file101.99.75.173 | Remcos botnet C2 server (confidence level: 100%) | |
file192.119.110.114 | Remcos botnet C2 server (confidence level: 100%) | |
file159.223.229.0 | Sliver botnet C2 server (confidence level: 100%) | |
file45.141.86.98 | Matanbuchus botnet C2 server (confidence level: 100%) | |
file194.26.192.165 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file96.18.247.142 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.129.103.18 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file178.208.89.155 | Stealc botnet C2 server (confidence level: 100%) | |
file66.63.187.214 | Stealc botnet C2 server (confidence level: 100%) | |
file51.195.60.102 | Unknown malware botnet C2 server (confidence level: 100%) | |
file108.174.194.58 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file192.3.231.133 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.192.179.97 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.86.64.38 | Remcos botnet C2 server (confidence level: 100%) | |
file20.193.140.195 | Sliver botnet C2 server (confidence level: 100%) | |
file64.225.27.237 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file198.23.227.175 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file193.203.238.136 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file171.250.183.66 | Venom RAT botnet C2 server (confidence level: 100%) | |
file171.250.183.66 | Venom RAT botnet C2 server (confidence level: 100%) | |
file35.178.190.68 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file54.69.63.53 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file47.109.178.63 | Vshell botnet C2 server (confidence level: 100%) | |
file172.104.165.70 | MooBot botnet C2 server (confidence level: 100%) | |
file101.99.94.64 | Remcos botnet C2 server (confidence level: 75%) | |
file101.99.94.64 | Remcos botnet C2 server (confidence level: 75%) | |
file101.99.94.64 | Remcos botnet C2 server (confidence level: 75%) | |
file101.99.94.64 | Remcos botnet C2 server (confidence level: 75%) | |
file101.99.94.64 | Remcos botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash50300 | NjRAT botnet C2 server (confidence level: 75%) | |
hash59666 | Mirai botnet C2 server (confidence level: 75%) | |
hash11048 | NjRAT botnet C2 server (confidence level: 75%) | |
hash11048 | NjRAT botnet C2 server (confidence level: 75%) | |
hash33966 | Mirai botnet C2 server (confidence level: 75%) | |
hash80 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash23894 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
hash8085 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash63701 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2176 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4082 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash995 | QakBot botnet C2 server (confidence level: 100%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash10443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash82 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5555 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash89 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash21435 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash47877 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash53790 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
hash80 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash63974 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash33931 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2101 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash55644 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8848 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash82 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash18852 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash21854 | Remcos botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash2077 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash623 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8080 | ERMAC botnet C2 server (confidence level: 100%) | |
hash80 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
hash443 | BianLian botnet C2 server (confidence level: 100%) | |
hash1122 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash17275 | NjRAT botnet C2 server (confidence level: 75%) | |
hash33966 | Mirai botnet C2 server (confidence level: 75%) | |
hash9090 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | DarkComet botnet C2 server (confidence level: 100%) | |
hash22 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash4443 | Matanbuchus botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash24961 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5000 | Remcos botnet C2 server (confidence level: 100%) | |
hash8000 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash6001 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash5222 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash2404 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8082 | Vshell botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 75%) | |
hash465 | Remcos botnet C2 server (confidence level: 75%) | |
hash50000 | Remcos botnet C2 server (confidence level: 75%) | |
hash80 | Remcos botnet C2 server (confidence level: 75%) | |
hash8080 | Remcos botnet C2 server (confidence level: 75%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainprinter-nebraska.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 75%) | |
domainraw.intenseapi.com | Mirai botnet C2 domain (confidence level: 75%) | |
domainvpn636567983.softether.net | Havoc botnet C2 domain (confidence level: 100%) | |
domainn8229h55.sprintdatacenter.net | Havoc botnet C2 domain (confidence level: 100%) | |
domainnwweek.sbs | Vidar botnet C2 domain (confidence level: 100%) | |
domainvidars.su | Vidar botnet C2 domain (confidence level: 100%) | |
domainec2-15-206-66-46.ap-south-1.compute.amazonaws.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainveinfear.cfd | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincookfrog.cfd | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainfallyjustif.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfivenaii.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsimplerapplau.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainrurallyrishz.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaineleventh11pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfiveth5ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaineighth8pn.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainoneth1pn.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainxclre2wq.beget.tech | DCRat botnet C2 domain (confidence level: 100%) | |
domain123863.darkproducts.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domain71941.darkproducts.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaincz37182.tw1.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainf1066369.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1068999.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaincx79992.tw1.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1069038.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainf1069581.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaincn67735.tw1.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaincq02494.tw1.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaincy52165.tw1.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domain23742.darkproducts.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainpw334.castledev.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainhome.fiveth5ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhome.oneth1ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaineighth8ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhome.eighth8ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainoneth1ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsixth6ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfiveth5pn.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhome.eighth8pn.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintenth10ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainec2-54-92-179-181.compute-1.amazonaws.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainocc1red.pro | Meduza Stealer botnet C2 domain (confidence level: 100%) | |
domainwww.miner.2025ca.site | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainmail.kapilapiii.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainwww.api.edureel.ai | Unknown malware botnet C2 domain (confidence level: 100%) | |
domain25php.duckdns.org | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainksmshop.fr | Unknown malware botnet C2 domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://kaderserininsamimiyansimalari.xyz/nzkzymvjmjc2oguz/ | Coper botnet C2 (confidence level: 100%) | |
urlhttps://dostlukveduygusalbaglarinkaderi.xyz/nzkzymvjmjc2oguz/ | Coper botnet C2 (confidence level: 100%) | |
urlhttp://ilusharx.beget.tech/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://65.109.242.203 | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://steamcommunity.com/profiles/76561199811540174 | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://fallyjustif.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://fivenaii.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://simplerapplau.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://rurallyrishz.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://kikoschmidt.com/updater.php | Satacom botnet C2 (confidence level: 100%) | |
urlhttp://cy52165.tw1.ru/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://0.tcp.ngrok.io:19521 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://127.0.0.1:2510 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://168.61.222.215:5400 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://185.29.9.125:2404 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://192.168.18:2404 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://192.3.64.152:2559 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://194.5.98.81:2510 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://194.5.98.81:7123 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://213.183.58.19:4000 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://64.44.139.178:7200 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://65.21.127.164:4783 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://79.134.225.23:6666 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://79.134.225.7:2050 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://80.76.51.46:2404 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://91.193.75.145:1604 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://azuite.ddns.net:7667 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://casino.ddnss.de:2403 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://cee.work.gd:2531 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://chinnyann.ddns.net:3131 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://chinnyann.duckdns.org:3131 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://defenderavs.mooo.com:2022 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://dftyuj.duckdns.org:6666 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://duckdne7832732.duckdns.org:1718 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://eaidali.ddns.net:4784 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://egommbute2020.ddns.net:7171 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://emedoo.ddns.net:5050 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://fgbgfyby.loseyourip.com:6666 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://goddywin.freedynamicdns.net:6712 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://hillsong5566.ydns.eu:6666 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://honeypotresearchteam.duckdns.org:28453 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://incidencias6645.ddns.net:8638 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://insidelife1.ddns.net:2123 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://lplazadtemins.duckdns.org:443 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://mikoniko.zapto.org:2425 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://mikonikoa.zapto.org:2425 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://mikonikob.zapto.org:2425 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://mikonikoc.zapto.org:2425 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://mikonikod.zapto.org:2425 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://mikonikoe.zapto.org:2425 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://mikonikof.zapto.org:2425 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://mikonikog.zapto.org:2425 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://mikonikoh.zapto.org:2425 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://mikonikoi.zapto.org:2425 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://mikonikoj.zapto.org:2425 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://mikonikok.zapto.org:2425 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://mikonikol.zapto.org:2425 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://mikonikom.zapto.org:2425 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://mikonikon.zapto.org:2425 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://mikonikoo.zapto.org:2425 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://mikonikop.zapto.org:2425 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://mikonikoq.zapto.org:2425 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://mikonikor.zapto.org:2425 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://mikonikos.zapto.org:2425 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://newstaticfreepoint24.ddns-ip.net:3020 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://nickman12-46565.portmap.io:1735 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://nickman12-46565.portmap.io:46565 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://nomansland.ddns.net:6122 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://pentester0.accesscam.org:56796 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://pentester03.gleeze.com:28454 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://prayerarequesttojah.ddns.net:4344 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://rambolastblood.ddns.net:6327 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://rlbotz.duckdns.org:2404 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://rmcnewprojectadd.duckdns.org:14645 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://rownip.mooo.com:2404 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://salford1.ddns.net:2404 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://salford2.ddns.net:2404 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://salford3.ddns.net:2404 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://salma12.myftp.org:2525 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://startitit2-23969.portmap.host:1604 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://systemcontrol.ddns.net:45000 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://systemcontrol2.ddns.net:45000 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://tobi12345.hopto.org:50501 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://u864246.nerdpol.ovh:2404 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://u864246.nsupdate.info:2404 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://u864246.tk:2404 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://www.kesaihk.com:5004 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://www.rmagent.biz:7181 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://www.stellionlab.com:5004 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://xred.mooo.com | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://zubby2468.hopto.org:8975 | Remcos botnet C2 (confidence level: 75%) | |
urlhttp://4.tcp.eu.ngrok.io:1604 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://4.tcp.eu.ngrok.io:16961 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://4.tcp.eu.ngrok.io:6606 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://4.tcp.eu.ngrok.io:7707 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://4.tcp.eu.ngrok.io:8808 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://2.tcp.ngrok.io:17971 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://5.tcp.eu.ngrok.io:1234 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://5.tcp.eu.ngrok.io:18738 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://5.tcp.eu.ngrok.io:8848 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://2dod.ddns.net:6666 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://6.tcp.eu.ngrok.io:14778 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://6.tcp.eu.ngrok.io:1604 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://6.tcp.eu.ngrok.io:6606 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://6.tcp.eu.ngrok.io:7707 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://6.tcp.eu.ngrok.io:8808 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://above-recognize.gl.at.ply.gg:1337 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://antivirus-ssl.myiphost.com:195 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://bahautopilotusatzfeder.xyz:2011 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://bigdaddy-service.biz:6606 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://bigdaddy-service.biz:7707 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://bigdaddy-service.biz:8808 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://carlosmenguallora09.duckdns.org:1994 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://cdt.3utilities.com:2222 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://cdt.3utilities.com:3303 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://cdt.3utilities.com:4404 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://cdt.3utilities.com:5505 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://cdt.3utilities.com:6606 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://cdt.3utilities.com:7707 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://cdt.3utilities.com:8808 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://chromedata.accesscam.org:2222 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://chromedata.accesscam.org:3303 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://chromedata.accesscam.org:4404 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://chromedata.accesscam.org:5122 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://chromedata.accesscam.org:5155 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://chromedata.accesscam.org:5505 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://chromedata.accesscam.org:6606 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://chromedata.accesscam.org:7707 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://chromedata.accesscam.org:8001 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://chromedata.accesscam.org:8808 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://chromedata.accesscam.org:8888 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://chromedata.accesscam.org:9000 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://chromedata.accesscam.org:9999 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://churchmon.ddns.net:6606 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://churchmon.ddns.net:7707 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://churchmon.ddns.net:8808 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://churchmon21.ddns.net:6606 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://churchmon21.ddns.net:7707 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://churchmon21.ddns.net:8808 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://churchmon22.ddns.net:6606 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://churchmon22.ddns.net:7707 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://churchmon22.ddns.net:8808 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://corporation.warzonedns.com:9341 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://crazydns.linkpc.net:5900 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://daveblack.publicvm.com:3861 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://devnodes.duckdns.org:6905 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://dofucks.com:12482 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://domain13.ddns.net:10000 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://domain13.ddns.net:650 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://donzola.duckdns.org:2000 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://egypt2.camdvr.org:301 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://eichstaett.duckdns.org:2011 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://fahrzeugtechnik24zusatzfeder.de:4099 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://fahrzeugtechnik24zusatzfeder.de:5801 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://feb23-pandor.duckdns.org:25045 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://fejong.duckdns.org:25045 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://g896696.duckdns.org:7343 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://gratedmonth.duckdns.org:8890 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://hakim32.ddns.net:2000 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://heheyanel.ddns.net:4444 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://info.ctxcel.com:443 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://jt8iyre.localto.net:2101 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://jt8iyre.localto.net:55644 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://jyzjkjj.com:8848 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://loans-merchant.gl.at.ply.gg:50335 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://machine3.duckdns.org:2200 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://milla.publicvm.com:6606 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://milla.publicvm.com:7707 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://milla.publicvm.com:8808 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://newstartagain.servequake.com:6606 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://newstartagain.servequake.com:7707 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://newstartagain.servequake.com:8808 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://newstartagain50.duckdns.org:6606 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://newstartagain50.duckdns.org:7707 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://newstartagain50.duckdns.org:8808 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://novachrono.dyndns-ip.com:51396 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://novachrono.dyndns-ip.com:51397 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://novachrono.dyndns-ip.com:51399 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://novachrono.dyndns-ip.com:55319 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://pettbull.ddns.net:4782 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://pettbull.ddns.net:53896 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://pettbull.ddns.net:6606 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://pettbull.ddns.net:7707 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://pettbull.ddns.net:8808 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://polymoly.info:4199 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://private115.duckdns.org:12482 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://renver.duckdns.org:6606 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://resulttoday2.duckdns.org:6111 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://ronymahmoud.casacam.net:6606 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://ronymahmoud.casacam.net:7707 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://ronymahmoud.casacam.net:8808 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://run-neither.gl.at.ply.gg:33834 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://ry8325585.duckdns.org:6087 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://sat-bowling.gl.at.ply.gg:7707 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://semdoublebacks5f.ooguy.com:5001 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://sk.servemp3.com:6606 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://sk.servemp3.com:7707 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://sk.servemp3.com:8808 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://sky01.publicvm.com:9217 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://testloggbot23-37268.portmap.host:37268 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://treppen.duckdns.org:4099 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://treppen.duckdns.org:5801 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://venom12345.duckdns.org:4449 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://venomunverified.duckdns.org:4449 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://vvat22.con-ip.com:7707 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://yedbopds.duckdns.org:9056 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://zzzpmax.ddns.net:6666 | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttps://pentagonstealer.ru/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://104.168.136.74/video-questions/create/531fbaedf67046d6904478f15d3e7142 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://23.254.130.171/video-questions/create/531fbaedf67046d6904478f15d3e7142 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://23.254.132.62/video-questions/create/531fbaedf67046d6904478f15d3e7142 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://23.254.244.74/video-questions/create/531fbaedf67046d6904478f15d3e7142 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://app.hiringinterview.org/video-questions/create/531fbaedf67046d6904478f15d3e7142 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://app.willoassess.com/video-questions/create/531fbaedf67046d6904478f15d3e7142 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://app.wtalents.us/video-questions/create/531fbaedf67046d6904478f15d3e7142 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://hiringinterview.org/video-questions/create/531fbaedf67046d6904478f15d3e7142 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://interviewnest.org/video-questions/create/531fbaedf67046d6904478f15d3e7142 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://mail.wtalents.us/video-questions/create/531fbaedf67046d6904478f15d3e7142 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://vid.blockchain-assess.com/video-questions/create/531fbaedf67046d6904478f15d3e71 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://vid.willoassess.com/video-questions/create/531fbaedf67046d6904478f15d3e7142 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://werhiring.willomexcvip.us/video-questions/create/531fbaedf67046d6904478f15d3e71 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://wtalents.us/video-questions/create/531fbaedf67046d6904478f15d3e7142 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://www.app.blockchain-assess.com/video-questions/create/531fbaedf67046d6904478f15d | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://www.app.hiringinterview.org/video-questions/create/531fbaedf67046d6904478f15d3e | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://www.app.interviewnest.org/video-questions/create/531fbaedf67046d6904478f15d3e71 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://www.app.willoassess.com/video-questions/create/531fbaedf67046d6904478f15d3e7142 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://www.app.willomexcvip.us/video-questions/create/531fbaedf67046d6904478f15d3e7142 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://www.app.wtalents.us/video-questions/create/531fbaedf67046d6904478f15d3e7142 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://www.vid.blockchain-assess.com/video-questions/create/531fbaedf67046d6904478f15d | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://www.vid.willoassess.com/video-questions/create/531fbaedf67046d6904478f15d3e7142 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://www.werhiring.willomexcvip.us/video-questions/create/531fbaedf67046d6904478f15d | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://www.wtalents.us/video-questions/create/531fbaedf67046d6904478f15d3e7142 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://141.98.9.20/81bd01okzh1z | AMOS botnet C2 (confidence level: 100%) | |
urlhttp://141.98.9.201/81bd01okzh1z | AMOS botnet C2 (confidence level: 100%) | |
urlhttp://141.98.9.202/81bd01okzh1z | AMOS botnet C2 (confidence level: 100%) | |
urlhttp://141.98.9.203/81bd01okzh1z | AMOS botnet C2 (confidence level: 100%) | |
urlhttp://193.124.185.50/81bd01okzh1z | AMOS botnet C2 (confidence level: 100%) | |
urlhttp://193.124.185.53/81bd01okzh1z | AMOS botnet C2 (confidence level: 100%) | |
urlhttp://193.124.185.54/81bd01okzh1z | AMOS botnet C2 (confidence level: 100%) | |
urlhttps://abruptyopsn.shop/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://cloudewahsj.shop/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://framekgirus.shop/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://nearycrepso.shop/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://noisycuttej.shop/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://rabidcowse.shop/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://tirepublicerj.shop/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://wholersorie.shop/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://fantafab.com/81bd01okzh1z | AMOS botnet C2 (confidence level: 100%) | |
urlhttps://25php.duckdns.org/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://25php.duckdns.org/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://25php.duckdns.org/work/download.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://25php.duckdns.org/work/yyy.zip | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://kevinflansburg.com/updater.php | Satacom botnet C2 (confidence level: 100%) | |
urlhttp://cr39969.tw1.ru/47f8d9e3.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://fancywaxxers.shop/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://185.216.71.4/feed7c30357659ed.php | Stealc botnet C2 (confidence level: 100%) |
Threat ID: 682c7dc3e8347ec82d2e4d2b
Added to database: 5/20/2025, 1:04:03 PM
Last enriched: 6/19/2025, 3:49:35 PM
Last updated: 12/1/2025, 6:15:30 PM
Views: 34
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
New Albiriox Android Malware Developed by Russian Cybercriminals
MediumMalwareMon Dec 01 2025
Webinar: The "Agentic" Trojan Horse: Why the New AI Browsers War is a Nightmare for Security Teams
MediumMalwareMon Dec 01 2025
New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control
MediumMalwareMon Dec 01 2025
ThreatFox IOCs for 2025-11-30
MediumMalwareMon Dec 01 2025
ThreatFox IOCs for 2025-11-29
MediumMalwareSun Nov 30 2025
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.