ThreatFox IOCs for 2024-12-30
Severity: mediumType: malware
ThreatFox IOCs for 2024-12-30
AI Analysis
Technical Summary
The provided threat intelligence relates to a malware category entry titled "ThreatFox IOCs for 2024-12-30," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The entry is classified under 'malware' with a medium severity rating and is tagged as 'type:osint' and 'tlp:white,' indicating that the information is open and shareable without restrictions. The technical details specify a threat level of 2 (on an unspecified scale), an analysis level of 1, and a distribution level of 3, suggesting moderate dissemination or availability of the malware or its indicators. However, there are no specific affected versions, CWE identifiers, patch links, or known exploits in the wild associated with this entry, and no concrete technical indicators such as hashes, IPs, or domains are provided. The product field is noted as 'osint,' implying that the data is related to open-source intelligence rather than a particular software product or platform. Overall, this entry appears to be a general IOC release or a collection of threat intelligence related to malware activity rather than a detailed vulnerability or exploit targeting a specific system or software. The lack of detailed technical indicators or exploit information limits the ability to perform a deep technical analysis of the malware's behavior, infection vectors, or payload specifics.
Potential Impact
Given the absence of detailed technical indicators or exploit information, the direct impact on European organizations is difficult to quantify precisely. However, as this is a malware-related IOC release with medium severity, it suggests a potential risk of malware infections that could affect confidentiality, integrity, or availability of organizational systems if the malware is deployed successfully. The medium severity rating indicates that while the threat is not currently known to be exploited in the wild, the malware or its indicators could be leveraged in targeted or opportunistic attacks. European organizations that rely heavily on open-source intelligence feeds or integrate ThreatFox data into their security operations may benefit from early detection capabilities. The impact could range from minor disruptions to moderate operational impacts depending on the malware's capabilities, which are unspecified here. Without known exploits or specific affected products, the threat is more likely to be opportunistic or preparatory in nature rather than an immediate critical risk.
Mitigation Recommendations
1. Integrate ThreatFox and similar OSINT feeds into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance early detection of emerging malware indicators. 2. Conduct regular threat hunting exercises using the latest IOC data from ThreatFox to identify potential infections or suspicious activities within the network. 3. Maintain up-to-date endpoint protection solutions that can leverage heuristic and behavioral detection to identify unknown or emerging malware variants. 4. Educate security teams on the importance of monitoring OSINT sources like ThreatFox for timely threat intelligence updates. 5. Implement network segmentation and strict access controls to limit malware propagation if an infection occurs. 6. Regularly review and update incident response plans to incorporate procedures for handling malware infections identified through OSINT sources. 7. Since no patches or specific vulnerabilities are associated, focus on general cybersecurity hygiene, including timely software updates, user awareness training, and robust backup strategies.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain
Indicators of Compromise
- url: https://sublime.goldmasterallstars.com/work/yyy.zip
- domain: dfgh.online
- domain: fannleadyn.click
- domain: gripfizz.click
- url: http://alleybikeru.click/api
- url: http://cycahao.shop/api
- url: http://doqevue.shop/api
- url: http://futipoy.shop/api
- url: http://happyjourney.shop/api
- url: http://jigateu.shop/api
- url: http://jimeqey.shop/api
- url: http://kemuvao.shop/api
- url: http://keqirai.shop/api
- url: http://lumbluesky.shop/api
- url: http://lumcopiqua6.shop/api
- url: http://lumcozynest.shop/api
- url: http://lumcyjukui.shop/api
- url: http://lumdukekiy.shop/api
- url: http://lumfokim.shop/api
- url: http://lumgentlewave.shop/api
- url: http://lumkecuq.shop/api
- url: http://lumlacumii.shop/api
- url: http://lumlasolyo.shop/api
- url: http://lumlideweo.shop/api
- url: http://lummomusuo.shop/api
- url: http://lummozudey.shop/api
- url: http://lumpeguwey.shop/api
- url: http://lumqalij.shop/api
- url: http://lumquvonee.shop/api
- url: http://lumramavyy.shop/api
- url: http://lumsawedua.shop/api
- url: http://lumsuxinya.shop/api
- url: http://lumtechtribune.shop/api
- url: http://lumtovusao.shop/api
- url: http://lumzacynuy.shop/api
- url: http://lumzenspace.shop/api
- url: http://lumzulyj.shop/api
- url: http://mexocey.shop/api
- url: http://nagurui.shop/api
- url: http://nykidio.shop/api
- url: http://rixokye.shop/api
- url: http://sibyree.shop/api
- url: http://toqyxuy.shop/api
- url: http://wusaryy5.shop/api
- url: http://xohivao.shop/api
- url: https://s4zartuk4.top/owrmm2uzmtbinjg4/
- file: 43.128.78.2
- hash: 443
- file: 141.136.44.179
- hash: 7777
- file: 185.49.126.69
- hash: 2404
- file: 102.117.169.175
- hash: 7443
- file: 81.161.238.225
- hash: 8082
- file: 65.38.120.211
- hash: 33486
- file: 3.11.80.137
- hash: 20256
- domain: usps-online-safe.com
- file: 178.208.89.150
- hash: 80
- file: 94.103.84.173
- hash: 80
- domain: hstdb234.xyz
- file: 185.32.84.151
- hash: 80
- url: http://eygds.info/api.php
- file: 154.82.85.79
- hash: 18091
- file: 27.124.34.140
- hash: 6666
- file: 5.180.82.40
- hash: 3390
- file: 86.124.25.57
- hash: 39654
- file: 86.124.25.57
- hash: 1723
- file: 86.124.25.57
- hash: 8010
- file: 86.124.25.57
- hash: 20256
- file: 86.124.25.57
- hash: 33585
- file: 86.124.25.57
- hash: 9142
- file: 86.124.25.57
- hash: 830
- file: 86.124.25.57
- hash: 7473
- file: 86.124.25.57
- hash: 37777
- file: 86.124.25.57
- hash: 40000
- file: 86.124.25.57
- hash: 60567
- file: 86.124.25.57
- hash: 119
- file: 86.124.25.57
- hash: 16858
- file: 86.124.25.57
- hash: 24181
- file: 86.124.25.57
- hash: 25309
- file: 86.124.25.57
- hash: 40529
- file: 86.124.25.57
- hash: 831
- file: 86.124.25.57
- hash: 42494
- file: 86.124.25.57
- hash: 5900
- file: 86.124.25.57
- hash: 32048
- file: 86.124.25.57
- hash: 50001
- file: 86.124.25.57
- hash: 5986
- file: 86.124.25.57
- hash: 12938
- file: 86.124.25.57
- hash: 21012
- file: 86.124.25.57
- hash: 58899
- file: 86.124.25.57
- hash: 46529
- file: 86.124.25.57
- hash: 2404
- file: 86.124.25.57
- hash: 5060
- file: 86.124.25.57
- hash: 15443
- file: 86.124.25.57
- hash: 30005
- file: 86.124.25.57
- hash: 41112
- file: 86.124.25.57
- hash: 833
- file: 86.124.25.57
- hash: 8389
- file: 86.124.25.57
- hash: 9020
- file: 86.124.25.57
- hash: 17309
- file: 86.124.25.57
- hash: 26257
- file: 86.124.25.57
- hash: 55325
- file: 86.124.25.57
- hash: 53863
- file: 86.124.25.57
- hash: 16993
- file: 86.124.25.57
- hash: 3389
- file: 86.124.25.57
- hash: 8877
- file: 86.124.25.57
- hash: 13014
- file: 86.124.25.57
- hash: 25569
- file: 86.124.25.57
- hash: 33849
- file: 86.124.25.57
- hash: 52200
- file: 86.124.25.57
- hash: 2079
- file: 86.124.25.57
- hash: 8089
- file: 86.124.25.57
- hash: 17512
- file: 86.124.25.57
- hash: 28658
- file: 54.92.179.181
- hash: 443
- file: 107.150.23.137
- hash: 9909
- domain: kurama.ltd
- domain: mcp.infinitum.space
- domain: mc-api.infinitum.space
- file: 115.120.242.123
- hash: 8888
- file: 86.124.25.57
- hash: 80
- domain: amassadvertising.com
- file: 65.20.73.111
- hash: 5000
- file: 106.75.240.215
- hash: 60000
- file: 189.1.222.98
- hash: 60000
- file: 121.41.167.75
- hash: 60000
- file: 38.147.173.167
- hash: 60000
- file: 188.130.238.72
- hash: 3333
- file: 52.247.228.16
- hash: 3333
- file: 3.78.253.196
- hash: 443
- file: 121.40.146.238
- hash: 9999
- file: 89.251.22.108
- hash: 3333
- file: 138.197.43.100
- hash: 3333
- file: 91.221.150.203
- hash: 3333
- file: 104.248.13.200
- hash: 3333
- file: 18.135.30.45
- hash: 4114
- file: 41.62.208.14
- hash: 443
- file: 62.1.222.116
- hash: 995
- file: 201.194.200.62
- hash: 443
- file: 47.120.15.4
- hash: 80
- file: 182.92.157.223
- hash: 8888
- file: 123.56.172.153
- hash: 4433
- file: 3.71.225.231
- hash: 10095
- file: 18.153.198.123
- hash: 10095
- file: 18.192.31.30
- hash: 10095
- file: 193.227.129.84
- hash: 2440
- file: 49.113.72.182
- hash: 8888
- file: 92.255.57.36
- hash: 15747
- file: 92.255.57.35
- hash: 15747
- file: 92.255.57.32
- hash: 15747
- file: 83.217.209.91
- hash: 8082
- file: 198.167.199.139
- hash: 19132
- file: 154.21.201.53
- hash: 6002
- domain: hvc.adc-aero.online
- domain: 2c8b3f19-0325-4acc-a3dd-31a918e4dbf5.random.2-okta.com
- file: 171.250.183.66
- hash: 6000
- file: 178.208.89.139
- hash: 80
- file: 43.198.244.13
- hash: 8000
- domain: chain.buyclosersonline.com
- url: http://p0.ssl.qhimg.com.cdn.dnsv1.com:80/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
- file: 91.223.3.156
- hash: 7707
- file: 91.223.3.156
- hash: 8808
- hash: f0ac8625af9d1c712ab150214282fa9f
- hash: a2cce95c15e92389bdc9cae07f132788
- hash: bb1940d0bf95170692fa7337e9766611
- hash: 44512d17e8d71a3aeec8da8cdf680b03
- hash: c75950b998dadf88b17dfc8625ae95d5
- hash: e362b5c0e0b719c0096b264fdc4399a5
- hash: 6b1c50c8bfdaae57df937683a5a038fe
- hash: 62e37543d34e1c4fd6bd017c3fac6fd4
- hash: 884e93bfc38c7810dd50b03df36a21d1
- hash: c3b9c8b07f7422818b268bbcf726a1a9
- hash: ccdff4b1fcc7f0bf1fee65fe759c2f63
- hash: 9ec644b8ee9774cffc1263fa6b34ec64
- url: https://discord.com/api/webhooks/1321328602792460330/q9cqmuqhpmnla8ycgfiwcn1qsmd8szezhv5rcfriuyx8uwu2bsg3fdw4gr1c7avhjqhm
- url: https://solve.vwglq.com/awjxs.captcha?u=db1df324-8145-4238-a11a-7fca5c1a84be
- url: https://deduhko.klipzyroloo.shop/mazkk.eml
- url: https://solve.gevaq.com/awjxs.captcha?u=71723741-81f2-4e2f-915a-b3bed54203a6
- url: https://q.klipzyroloo.shop/grpc.eml
- url: https://deduhko.klipzyroloo.shop/dmg.xml
- url: https://learningypr.click/api
- domain: klipzyroloo.shop
- domain: learningypr.click
- domain: deduhko.klipzyroloo.shop
- url: https://acceptbaleeri.shop/api
- url: http://31.41.244.11/files/6151862750/exbhgu9.exe
- url: http://31.41.244.11/files/cryshy/random.exe
- url: http://31.41.244.11/files/6858984867/6qlvb9i.exe
- url: http://31.41.244.11/files/none/random.exe
- url: http://31.41.244.11/files/6797680669/ishmpkn.exe
- url: http://31.41.244.11/files/unitederror/random.exe
- url: http://31.41.244.11/files/7837761420/hwf8n69.exe
- url: http://162.248.227.2/c978b91b47469f3f.php
- url: https://t.me/w211et
- url: https://nwweek.sbs/
- url: https://sdoout.lol/
- url: https://95.217.27.90/
- url: https://65.109.242.203/
- domain: sdoout.lol
- file: 95.217.27.90
- hash: 443
- url: https://usps-sureness.com
- url: http://107.189.28.92:8888/supershell/login/
- file: 120.48.116.118
- hash: 22222
- file: 81.214.76.68
- hash: 888
- file: 81.214.76.68
- hash: 2003
- file: 81.214.76.68
- hash: 2004
- file: 81.214.76.68
- hash: 20000
- file: 92.255.57.34
- hash: 15747
- file: 198.38.87.31
- hash: 7443
- file: 202.95.12.234
- hash: 80
- domain: autodiscover.pe.194-59-30-152.cprapid.com
- domain: cpanel.pf.194-59-30-152.cprapid.com
- domain: 5-154-181-87.cprapid.com
- file: 194.59.30.122
- hash: 80
- file: 178.208.89.147
- hash: 80
- file: 45.94.31.89
- hash: 80
- file: 160.30.204.142
- hash: 54984
- file: 87.120.125.152
- hash: 54984
- file: 193.34.212.115
- hash: 444
- file: 194.26.192.165
- hash: 444
- url: http://tseytlinvo.temp.swtest.ru/upload/
- url: http://g982890f.beget.tech/
- domain: wowawowa05.temp.swtest.ru
- domain: longhorngn.temp.swtest.ru
- url: http://androsovpa.temp.swtest.ru/
- domain: androsovpa.temp.swtest.ru
- url: http://longhorngn.temp.swtest.ru/
- domain: g982890f.beget.tech
- domain: tseytlinvo.temp.swtest.ru
- url: http://wowawowa05.temp.swtest.ru/upload/
- domain: im0.site
- domain: sincar212.duckdns.org
- domain: updated212.duckdns.org
- domain: ffkk212.duckdns.org
- domain: nineth9pn.top
- domain: sixth6pn.top
- domain: gcafin.com
- url: https://gcafin.com/5u5r.js
- url: https://gcafin.com/js.php
- domain: nuvye89bjz4.top
- url: http://nuvye89bjz4.top/1.php
- file: 160.16.200.77
- hash: 80
- file: 160.16.200.77
- hash: 443
- file: 111.229.17.56
- hash: 443
- domain: abruptyopsn.shop
- domain: cloudewahsj.shop
- domain: fancywaxxers.shop
- domain: framekgirus.shop
- domain: nearycrepso.shop
- domain: noisycuttej.shop
- domain: rabidcowse.shop
- domain: tirepublicerj.shop
- domain: wholersorie.shop
- domain: marrieddinn.click
- url: http://185.196.8.37/gd85kkjf/login.php
- file: 172.111.187.6
- hash: 443
- file: 45.204.217.98
- hash: 2003
- file: 113.45.192.130
- hash: 58899
- file: 39.108.145.133
- hash: 33891
- file: 173.211.106.233
- hash: 2404
- file: 43.246.208.207
- hash: 443
- file: 92.255.57.33
- hash: 15747
- file: 92.255.57.37
- hash: 15747
- domain: mail.pf.194-59-30-152.cprapid.com
- domain: globalsystemsupport.com
- file: 45.88.91.239
- hash: 80
- domain: server1.quantumcrisp.com
- file: 185.117.90.16
- hash: 443
- file: 45.141.86.98
- hash: 443
- url: https://213.109.202.106/mzuymgi3mtixowfk/
- url: https://aliatabakastabasdumerasdangs.com/mzuymgi3mtixowfk/
- url: https://aliatabakastakiasasddarkharamilers.com/mzuymgi3mtixowf/
- url: https://alibabacankasdirkhaasdramiler.net/mzuymgi3mtixowfk/
- url: https://alibabacankiasdrkfsdfgharamiler.com/mzuymgi3mtixowfk/
- url: https://kirkharamilsaderveaasdgflibabacans.net/mzuymgi3mtixowfk/
- url: https://kirkharamasdilersavsadgshgastayinebea.com/mzuymgi3mtixowfk/
- url: https://azisswravaas5.xyz/mdq4yzc4ntjkytg4/
- url: https://azisswravaas34.xyz/mdq4yzc4ntjkytg4/
- url: https://azisswrav44as2.xyz/mdq4yzc4ntjkytg4/
- url: https://azisswrava333as2.xyz/mdq4yzc4ntjkytg4/
- url: http://91.211.250.231/1337268cc1cad308.php
- file: 121.43.152.186
- hash: 80
- file: 160.22.121.92
- hash: 80
- domain: ipv6.194-59-30-152.cprapid.com
- file: 171.250.183.66
- hash: 5000
- file: 171.250.183.66
- hash: 9999
- domain: vimeworldserverstat.serveminecraft.net
- file: 125.24.166.105
- hash: 7443
- file: 185.203.240.77
- hash: 80
- file: 209.74.77.200
- hash: 4443
- file: 58.181.38.161
- hash: 10799
- file: 23.235.165.54
- hash: 6666
ThreatFox IOCs for 2024-12-30
Medium
Published: Mon Dec 30 2024 (12/30/2024, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2024-12-30
AI-Powered Analysis
AILast updated: 06/19/2025, 16:46:53 UTC
Technical Analysis
The provided threat intelligence relates to a malware category entry titled "ThreatFox IOCs for 2024-12-30," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The entry is classified under 'malware' with a medium severity rating and is tagged as 'type:osint' and 'tlp:white,' indicating that the information is open and shareable without restrictions. The technical details specify a threat level of 2 (on an unspecified scale), an analysis level of 1, and a distribution level of 3, suggesting moderate dissemination or availability of the malware or its indicators. However, there are no specific affected versions, CWE identifiers, patch links, or known exploits in the wild associated with this entry, and no concrete technical indicators such as hashes, IPs, or domains are provided. The product field is noted as 'osint,' implying that the data is related to open-source intelligence rather than a particular software product or platform. Overall, this entry appears to be a general IOC release or a collection of threat intelligence related to malware activity rather than a detailed vulnerability or exploit targeting a specific system or software. The lack of detailed technical indicators or exploit information limits the ability to perform a deep technical analysis of the malware's behavior, infection vectors, or payload specifics.
Potential Impact
Given the absence of detailed technical indicators or exploit information, the direct impact on European organizations is difficult to quantify precisely. However, as this is a malware-related IOC release with medium severity, it suggests a potential risk of malware infections that could affect confidentiality, integrity, or availability of organizational systems if the malware is deployed successfully. The medium severity rating indicates that while the threat is not currently known to be exploited in the wild, the malware or its indicators could be leveraged in targeted or opportunistic attacks. European organizations that rely heavily on open-source intelligence feeds or integrate ThreatFox data into their security operations may benefit from early detection capabilities. The impact could range from minor disruptions to moderate operational impacts depending on the malware's capabilities, which are unspecified here. Without known exploits or specific affected products, the threat is more likely to be opportunistic or preparatory in nature rather than an immediate critical risk.
Mitigation Recommendations
1. Integrate ThreatFox and similar OSINT feeds into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance early detection of emerging malware indicators. 2. Conduct regular threat hunting exercises using the latest IOC data from ThreatFox to identify potential infections or suspicious activities within the network. 3. Maintain up-to-date endpoint protection solutions that can leverage heuristic and behavioral detection to identify unknown or emerging malware variants. 4. Educate security teams on the importance of monitoring OSINT sources like ThreatFox for timely threat intelligence updates. 5. Implement network segmentation and strict access controls to limit malware propagation if an infection occurs. 6. Regularly review and update incident response plans to incorporate procedures for handling malware infections identified through OSINT sources. 7. Since no patches or specific vulnerabilities are associated, focus on general cybersecurity hygiene, including timely software updates, user awareness training, and robust backup strategies.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 7cf9be7d-554c-45d8-8c87-82858ed51dcd
- Original Timestamp
- 1735603390
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://sublime.goldmasterallstars.com/work/yyy.zip | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://alleybikeru.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://cycahao.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://doqevue.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://futipoy.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://happyjourney.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://jigateu.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://jimeqey.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://kemuvao.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://keqirai.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://lumbluesky.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://lumcopiqua6.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://lumcozynest.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://lumcyjukui.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://lumdukekiy.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://lumfokim.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://lumgentlewave.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://lumkecuq.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://lumlacumii.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://lumlasolyo.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://lumlideweo.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://lummomusuo.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://lummozudey.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://lumpeguwey.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://lumqalij.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://lumquvonee.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://lumramavyy.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://lumsawedua.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://lumsuxinya.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://lumtechtribune.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://lumtovusao.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://lumzacynuy.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://lumzenspace.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://lumzulyj.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://mexocey.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://nagurui.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://nykidio.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://rixokye.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://sibyree.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://toqyxuy.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://wusaryy5.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://xohivao.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://s4zartuk4.top/owrmm2uzmtbinjg4/ | Coper botnet C2 (confidence level: 100%) | |
urlhttp://eygds.info/api.php | Agent Tesla botnet C2 (confidence level: 100%) | |
urlhttp://p0.ssl.qhimg.com.cdn.dnsv1.com:80/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttps://discord.com/api/webhooks/1321328602792460330/q9cqmuqhpmnla8ycgfiwcn1qsmd8szezhv5rcfriuyx8uwu2bsg3fdw4gr1c7avhjqhm | Unknown malware botnet C2 (confidence level: 75%) | |
urlhttps://solve.vwglq.com/awjxs.captcha?u=db1df324-8145-4238-a11a-7fca5c1a84be | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://deduhko.klipzyroloo.shop/mazkk.eml | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://solve.gevaq.com/awjxs.captcha?u=71723741-81f2-4e2f-915a-b3bed54203a6 | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://q.klipzyroloo.shop/grpc.eml | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://deduhko.klipzyroloo.shop/dmg.xml | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://learningypr.click/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://acceptbaleeri.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://31.41.244.11/files/6151862750/exbhgu9.exe | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttp://31.41.244.11/files/cryshy/random.exe | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttp://31.41.244.11/files/6858984867/6qlvb9i.exe | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttp://31.41.244.11/files/none/random.exe | Lumar payload delivery URL (confidence level: 100%) | |
urlhttp://31.41.244.11/files/6797680669/ishmpkn.exe | Lumar payload delivery URL (confidence level: 100%) | |
urlhttp://31.41.244.11/files/unitederror/random.exe | Stealc payload delivery URL (confidence level: 100%) | |
urlhttp://31.41.244.11/files/7837761420/hwf8n69.exe | Stealc payload delivery URL (confidence level: 100%) | |
urlhttp://162.248.227.2/c978b91b47469f3f.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttps://t.me/w211et | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://nwweek.sbs/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://sdoout.lol/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.217.27.90/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://65.109.242.203/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://usps-sureness.com | Meduza Stealer botnet C2 (confidence level: 50%) | |
urlhttp://107.189.28.92:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://tseytlinvo.temp.swtest.ru/upload/ | NixScare Stealer botnet C2 (confidence level: 100%) | |
urlhttp://g982890f.beget.tech/ | NixScare Stealer botnet C2 (confidence level: 100%) | |
urlhttp://androsovpa.temp.swtest.ru/ | NixScare Stealer botnet C2 (confidence level: 100%) | |
urlhttp://longhorngn.temp.swtest.ru/ | NixScare Stealer botnet C2 (confidence level: 100%) | |
urlhttp://wowawowa05.temp.swtest.ru/upload/ | NixScare Stealer botnet C2 (confidence level: 100%) | |
urlhttps://gcafin.com/5u5r.js | FAKEUPDATES payload delivery URL (confidence level: 75%) | |
urlhttps://gcafin.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 75%) | |
urlhttp://nuvye89bjz4.top/1.php | FAKEUPDATES payload delivery URL (confidence level: 75%) | |
urlhttp://185.196.8.37/gd85kkjf/login.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttps://213.109.202.106/mzuymgi3mtixowfk/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://aliatabakastabasdumerasdangs.com/mzuymgi3mtixowfk/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://aliatabakastakiasasddarkharamilers.com/mzuymgi3mtixowf/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://alibabacankasdirkhaasdramiler.net/mzuymgi3mtixowfk/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://alibabacankiasdrkfsdfgharamiler.com/mzuymgi3mtixowfk/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://kirkharamilsaderveaasdgflibabacans.net/mzuymgi3mtixowfk/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://kirkharamasdilersavsadgshgastayinebea.com/mzuymgi3mtixowfk/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://azisswravaas5.xyz/mdq4yzc4ntjkytg4/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://azisswravaas34.xyz/mdq4yzc4ntjkytg4/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://azisswrav44as2.xyz/mdq4yzc4ntjkytg4/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://azisswrava333as2.xyz/mdq4yzc4ntjkytg4/ | Coper botnet C2 (confidence level: 80%) | |
urlhttp://91.211.250.231/1337268cc1cad308.php | Stealc botnet C2 (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domaindfgh.online | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfannleadyn.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingripfizz.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainusps-online-safe.com | Meduza Stealer botnet C2 domain (confidence level: 100%) | |
domainhstdb234.xyz | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainkurama.ltd | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainmcp.infinitum.space | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainmc-api.infinitum.space | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainamassadvertising.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainhvc.adc-aero.online | Havoc botnet C2 domain (confidence level: 100%) | |
domain2c8b3f19-0325-4acc-a3dd-31a918e4dbf5.random.2-okta.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainchain.buyclosersonline.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainklipzyroloo.shop | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainlearningypr.click | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaindeduhko.klipzyroloo.shop | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainsdoout.lol | Vidar botnet C2 domain (confidence level: 100%) | |
domainautodiscover.pe.194-59-30-152.cprapid.com | Hook botnet C2 domain (confidence level: 100%) | |
domaincpanel.pf.194-59-30-152.cprapid.com | Hook botnet C2 domain (confidence level: 100%) | |
domain5-154-181-87.cprapid.com | Meduza Stealer botnet C2 domain (confidence level: 100%) | |
domainwowawowa05.temp.swtest.ru | NixScare Stealer botnet C2 domain (confidence level: 50%) | |
domainlonghorngn.temp.swtest.ru | NixScare Stealer botnet C2 domain (confidence level: 50%) | |
domainandrosovpa.temp.swtest.ru | NixScare Stealer botnet C2 domain (confidence level: 50%) | |
domaing982890f.beget.tech | NixScare Stealer botnet C2 domain (confidence level: 50%) | |
domaintseytlinvo.temp.swtest.ru | NixScare Stealer botnet C2 domain (confidence level: 50%) | |
domainim0.site | PlugX botnet C2 domain (confidence level: 75%) | |
domainsincar212.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainupdated212.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainffkk212.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainnineth9pn.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsixth6pn.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaingcafin.com | FAKEUPDATES payload delivery domain (confidence level: 75%) | |
domainnuvye89bjz4.top | FAKEUPDATES payload delivery domain (confidence level: 75%) | |
domainabruptyopsn.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincloudewahsj.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfancywaxxers.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainframekgirus.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainnearycrepso.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainnoisycuttej.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainrabidcowse.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintirepublicerj.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwholersorie.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmarrieddinn.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmail.pf.194-59-30-152.cprapid.com | Hook botnet C2 domain (confidence level: 100%) | |
domainglobalsystemsupport.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainserver1.quantumcrisp.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainipv6.194-59-30-152.cprapid.com | Hook botnet C2 domain (confidence level: 100%) | |
domainvimeworldserverstat.serveminecraft.net | Orcus RAT botnet C2 domain (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file43.128.78.2 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file141.136.44.179 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.49.126.69 | Remcos botnet C2 server (confidence level: 100%) | |
file102.117.169.175 | Unknown malware botnet C2 server (confidence level: 100%) | |
file81.161.238.225 | Hook botnet C2 server (confidence level: 100%) | |
file65.38.120.211 | DCRat botnet C2 server (confidence level: 100%) | |
file3.11.80.137 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file178.208.89.150 | Stealc botnet C2 server (confidence level: 100%) | |
file94.103.84.173 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.32.84.151 | Bashlite botnet C2 server (confidence level: 100%) | |
file154.82.85.79 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file27.124.34.140 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file5.180.82.40 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file54.92.179.181 | Havoc botnet C2 server (confidence level: 100%) | |
file107.150.23.137 | DCRat botnet C2 server (confidence level: 100%) | |
file115.120.242.123 | Unknown malware botnet C2 server (confidence level: 100%) | |
file86.124.25.57 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file65.20.73.111 | Unknown malware botnet C2 server (confidence level: 100%) | |
file106.75.240.215 | Unknown malware botnet C2 server (confidence level: 100%) | |
file189.1.222.98 | Unknown malware botnet C2 server (confidence level: 100%) | |
file121.41.167.75 | Unknown malware botnet C2 server (confidence level: 100%) | |
file38.147.173.167 | Unknown malware botnet C2 server (confidence level: 100%) | |
file188.130.238.72 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.247.228.16 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.78.253.196 | Unknown malware botnet C2 server (confidence level: 100%) | |
file121.40.146.238 | Unknown malware botnet C2 server (confidence level: 100%) | |
file89.251.22.108 | Unknown malware botnet C2 server (confidence level: 100%) | |
file138.197.43.100 | Unknown malware botnet C2 server (confidence level: 100%) | |
file91.221.150.203 | Unknown malware botnet C2 server (confidence level: 100%) | |
file104.248.13.200 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.135.30.45 | Unknown malware botnet C2 server (confidence level: 100%) | |
file41.62.208.14 | QakBot botnet C2 server (confidence level: 100%) | |
file62.1.222.116 | QakBot botnet C2 server (confidence level: 100%) | |
file201.194.200.62 | QakBot botnet C2 server (confidence level: 100%) | |
file47.120.15.4 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file182.92.157.223 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.56.172.153 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file3.71.225.231 | NjRAT botnet C2 server (confidence level: 75%) | |
file18.153.198.123 | NjRAT botnet C2 server (confidence level: 75%) | |
file18.192.31.30 | NjRAT botnet C2 server (confidence level: 75%) | |
file193.227.129.84 | Remcos botnet C2 server (confidence level: 100%) | |
file49.113.72.182 | Unknown malware botnet C2 server (confidence level: 100%) | |
file92.255.57.36 | SectopRAT botnet C2 server (confidence level: 100%) | |
file92.255.57.35 | SectopRAT botnet C2 server (confidence level: 100%) | |
file92.255.57.32 | SectopRAT botnet C2 server (confidence level: 100%) | |
file83.217.209.91 | Hook botnet C2 server (confidence level: 100%) | |
file198.167.199.139 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file154.21.201.53 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file171.250.183.66 | Venom RAT botnet C2 server (confidence level: 100%) | |
file178.208.89.139 | Stealc botnet C2 server (confidence level: 100%) | |
file43.198.244.13 | MimiKatz botnet C2 server (confidence level: 100%) | |
file91.223.3.156 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file91.223.3.156 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file95.217.27.90 | Vidar botnet C2 server (confidence level: 100%) | |
file120.48.116.118 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file81.214.76.68 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file81.214.76.68 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file81.214.76.68 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file81.214.76.68 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file92.255.57.34 | SectopRAT botnet C2 server (confidence level: 100%) | |
file198.38.87.31 | Unknown malware botnet C2 server (confidence level: 100%) | |
file202.95.12.234 | Hook botnet C2 server (confidence level: 100%) | |
file194.59.30.122 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
file178.208.89.147 | Stealc botnet C2 server (confidence level: 100%) | |
file45.94.31.89 | Hook botnet C2 server (confidence level: 50%) | |
file160.30.204.142 | Nanocore RAT botnet C2 server (confidence level: 50%) | |
file87.120.125.152 | Nanocore RAT botnet C2 server (confidence level: 50%) | |
file193.34.212.115 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file194.26.192.165 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file160.16.200.77 | Unknown malware botnet C2 server (confidence level: 100%) | |
file160.16.200.77 | Unknown malware botnet C2 server (confidence level: 100%) | |
file111.229.17.56 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.111.187.6 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.204.217.98 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file113.45.192.130 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.108.145.133 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file173.211.106.233 | Remcos botnet C2 server (confidence level: 100%) | |
file43.246.208.207 | ShadowPad botnet C2 server (confidence level: 90%) | |
file92.255.57.33 | SectopRAT botnet C2 server (confidence level: 100%) | |
file92.255.57.37 | SectopRAT botnet C2 server (confidence level: 100%) | |
file45.88.91.239 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
file185.117.90.16 | Latrodectus botnet C2 server (confidence level: 50%) | |
file45.141.86.98 | Matanbuchus botnet C2 server (confidence level: 60%) | |
file121.43.152.186 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file160.22.121.92 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file171.250.183.66 | Venom RAT botnet C2 server (confidence level: 100%) | |
file171.250.183.66 | Venom RAT botnet C2 server (confidence level: 100%) | |
file125.24.166.105 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file185.203.240.77 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
file209.74.77.200 | Chaos botnet C2 server (confidence level: 100%) | |
file58.181.38.161 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file23.235.165.54 | ValleyRAT botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7777 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash33486 | DCRat botnet C2 server (confidence level: 100%) | |
hash20256 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash18091 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash3390 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash39654 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash1723 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8010 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash20256 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash33585 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash9142 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash830 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash7473 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash37777 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash40000 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash60567 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash119 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash16858 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash24181 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash25309 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash40529 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash831 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash42494 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash5900 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash32048 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash50001 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash5986 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash12938 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash21012 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash58899 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash46529 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash2404 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash5060 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash15443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash30005 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash41112 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash833 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8389 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash9020 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash17309 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash26257 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash55325 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash53863 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash16993 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash3389 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8877 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash13014 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash25569 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash33849 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash52200 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash2079 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8089 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash17512 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash28658 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash9909 | DCRat botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash5000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9999 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4114 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 100%) | |
hash995 | QakBot botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash10095 | NjRAT botnet C2 server (confidence level: 75%) | |
hash10095 | NjRAT botnet C2 server (confidence level: 75%) | |
hash10095 | NjRAT botnet C2 server (confidence level: 75%) | |
hash2440 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash15747 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash15747 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash15747 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash19132 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash6002 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash6000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash8000 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hashf0ac8625af9d1c712ab150214282fa9f | Lumma Stealer payload (confidence level: 50%) | |
hasha2cce95c15e92389bdc9cae07f132788 | Lumma Stealer payload (confidence level: 50%) | |
hashbb1940d0bf95170692fa7337e9766611 | Lumma Stealer payload (confidence level: 50%) | |
hash44512d17e8d71a3aeec8da8cdf680b03 | Lumma Stealer payload (confidence level: 50%) | |
hashc75950b998dadf88b17dfc8625ae95d5 | Lumma Stealer payload (confidence level: 50%) | |
hashe362b5c0e0b719c0096b264fdc4399a5 | Lumma Stealer payload (confidence level: 50%) | |
hash6b1c50c8bfdaae57df937683a5a038fe | Lumma Stealer payload (confidence level: 50%) | |
hash62e37543d34e1c4fd6bd017c3fac6fd4 | Lumma Stealer payload (confidence level: 50%) | |
hash884e93bfc38c7810dd50b03df36a21d1 | Lumma Stealer payload (confidence level: 50%) | |
hashc3b9c8b07f7422818b268bbcf726a1a9 | Lumma Stealer payload (confidence level: 50%) | |
hashccdff4b1fcc7f0bf1fee65fe759c2f63 | Lumma Stealer payload (confidence level: 50%) | |
hash9ec644b8ee9774cffc1263fa6b34ec64 | Lumma Stealer payload (confidence level: 50%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash22222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2003 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2004 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash20000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash15747 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 50%) | |
hash54984 | Nanocore RAT botnet C2 server (confidence level: 50%) | |
hash54984 | Nanocore RAT botnet C2 server (confidence level: 50%) | |
hash444 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash444 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2003 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash58899 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash33891 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash15747 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash15747 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash80 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 50%) | |
hash443 | Matanbuchus botnet C2 server (confidence level: 60%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash9999 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash7443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
hash4443 | Chaos botnet C2 server (confidence level: 100%) | |
hash10799 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) |
Threat ID: 682c7dc3e8347ec82d2e50df
Added to database: 5/20/2025, 1:04:03 PM
Last enriched: 6/19/2025, 4:46:53 PM
Last updated: 8/14/2025, 11:03:50 PM
Views: 11
Related Threats
ThreatFox IOCs for 2025-08-14
MediumMalwareFri Aug 15 2025
On Going Malvertising Attack Spreads New Crypto Stealing PS1Bot Malware
MediumMalwareThu Aug 14 2025
A Mega Malware Analysis Tutorial Featuring Donut-Generated Shellcode
MediumMalwareThu Aug 14 2025
PhantomCard: New NFC-driven Android malware emerging in Brazil
MediumMalwareThu Aug 14 2025
ThreatFox IOCs for 2025-08-13
MediumMalwareThu Aug 14 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.