ThreatFox IOCs for 2025-01-01
ThreatFox IOCs for 2025-01-01
AI Analysis
Technical Summary
The provided threat intelligence pertains to a malware-related entry titled "ThreatFox IOCs for 2025-01-01," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The entry is categorized under "type:osint," indicating it is related to open-source intelligence gathering or dissemination rather than a specific malware family or exploit. There are no affected product versions or specific vulnerabilities listed, and no known exploits in the wild have been reported. The technical details include a threat level of 2 (on an unspecified scale), an analysis score of 1, and a distribution score of 3, suggesting moderate dissemination or sharing of these IOCs. The absence of concrete technical indicators, such as malware hashes, attack vectors, or exploit mechanisms, implies that this entry serves primarily as a repository or notification of IOCs rather than a direct malware campaign or exploit. The lack of CWE identifiers and patch links further supports that this is not tied to a specific software vulnerability. The threat is tagged with "tlp:white," indicating that the information is not restricted and can be freely shared. Overall, this entry represents a medium-severity informational update on malware-related IOCs intended for open sharing within the cybersecurity community, rather than an active or imminent threat targeting specific systems or products.
Potential Impact
Given the nature of this threat intelligence as a collection of IOCs without direct exploitation or active malware campaigns, the immediate impact on European organizations is limited. However, the dissemination of these IOCs can aid defenders in identifying and mitigating potential threats if these indicators are linked to emerging malware activities. The medium severity rating suggests that while the threat itself is not currently causing widespread damage, it could be leveraged by threat actors in the future. European organizations that rely heavily on OSINT tools and threat intelligence feeds may benefit from integrating these IOCs into their detection systems to enhance situational awareness. The lack of specific affected products or vulnerabilities means there is no direct risk to confidentiality, integrity, or availability at this time. Nonetheless, failure to incorporate such intelligence could delay detection of related malware activities, potentially increasing exposure to future attacks.
Mitigation Recommendations
1. Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities. 2. Regularly update threat intelligence feeds and ensure automated ingestion of new IOCs to maintain up-to-date defenses. 3. Conduct proactive threat hunting exercises using these IOCs to identify any latent or emerging threats within the network. 4. Train security analysts to recognize patterns associated with the shared IOCs and correlate them with other threat intelligence sources. 5. Establish collaboration channels with threat intelligence sharing communities to receive timely updates and contextual information. 6. Since no patches or specific vulnerabilities are identified, focus on maintaining robust general cybersecurity hygiene, including network segmentation, least privilege access, and continuous monitoring. 7. Validate and verify the relevance of IOCs before applying them to avoid false positives that could overwhelm security operations.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
Indicators of Compromise
- file: 208.115.220.58
- hash: 4449
- url: http://jholo.duckdns.org:8181/upload.php
- domain: raw.cloudboats.vip
- url: http://124.70.193.76:8888/supershell/login/
- url: http://113.44.78.183:8888/supershell/login/
- url: http://47.120.37.153:8888/supershell/login/
- domain: s4.serv00.com
- file: 5.39.43.50
- hash: 5234
- file: 45.137.201.181
- hash: 511
- file: 154.37.215.204
- hash: 443
- file: 107.151.240.142
- hash: 5555
- file: 154.37.215.204
- hash: 8888
- domain: vmi2323701.contaboserver.net
- file: 209.38.217.87
- hash: 443
- domain: cpcalendars.pd.194-59-30-152.cprapid.com
- file: 210.89.45.122
- hash: 7443
- url: http://221.14.60.132:53880/mozi.m
- file: 134.175.121.153
- hash: 5045
- url: http://185.239.51.56/externalvmpacketlongpollsqldbfloweruniversalcentral.php
- url: http://891781cm.renyash.ru/processorserverdefaultsqltrafficuniversalwpprivate.php
- url: http://23.94.247.46/pages/login.php
- file: 34.208.255.157
- hash: 1443
- file: 1.94.19.136
- hash: 65533
- file: 46.246.84.7
- hash: 2404
- file: 1.14.104.62
- hash: 8888
- file: 88.201.69.136
- hash: 443
- file: 198.23.227.175
- hash: 7710
- domain: avina.cloud
- file: 86.124.168.255
- hash: 443
- file: 185.243.114.91
- hash: 80
- file: 209.151.153.81
- hash: 8080
- file: 193.31.28.181
- hash: 4004
- domain: ecs-110-41-4-69.compute.hwclouds-dns.com
- domain: ocqztwhhfipaggkyloea.infinitum.space
- file: 101.201.54.74
- hash: 2222
- file: 38.242.146.249
- hash: 90
- file: 94.158.245.27
- hash: 80
- file: 124.221.38.163
- hash: 60000
- file: 20.52.4.154
- hash: 3331
- file: 18.144.21.154
- hash: 587
- file: 94.154.33.140
- hash: 3333
- file: 89.250.65.37
- hash: 3333
- file: 31.7.35.14
- hash: 443
- file: 191.101.241.240
- hash: 3333
- file: 154.53.39.85
- hash: 3333
- file: 88.99.170.132
- hash: 1920
- file: 18.135.30.45
- hash: 4204
- file: 45.76.176.78
- hash: 443
- file: 206.72.197.102
- hash: 30486
- file: 117.72.92.74
- hash: 5555
- file: 110.41.4.69
- hash: 8081
- file: 146.190.91.121
- hash: 46901
- domain: ip66-179-240-177.pbiaas.com
- file: 134.175.248.97
- hash: 80
- file: 150.158.89.168
- hash: 55443
- file: 49.232.133.108
- hash: 50050
- file: 8.147.234.137
- hash: 8999
- domain: www.103-152-255-69.cprapid.com
- file: 34.132.16.207
- hash: 7443
- file: 186.32.225.34
- hash: 8080
- file: 45.141.26.234
- hash: 443
- url: http://recessfriction.sbs/lod.php
- url: http://recessfriction.sbs/dol.php
- url: http://dogdecision.cfd/bar.php
- url: http://487997cm.renyash.top/videoflowergeneratortestpublic.php
- file: 185.222.57.76
- hash: 55615
- file: 147.185.221.24
- hash: 47517
- file: 150.158.121.15
- hash: 62000
- file: 43.134.58.195
- hash: 8080
- file: 46.246.86.16
- hash: 2404
- file: 101.99.75.173
- hash: 80
- file: 91.107.146.68
- hash: 8089
- file: 91.107.146.68
- hash: 80
- file: 91.107.146.68
- hash: 8082
- file: 188.79.46.203
- hash: 443
- file: 195.133.51.144
- hash: 80
- file: 142.93.234.59
- hash: 443
- url: https://awake-weaves.cyou/api
- url: https://brendon-sharjen.biz/api
- url: https://covery-mover.biz/api
- url: https://dare-curbys.biz/api
- url: https://dwell-exclaim.biz/api
- url: https://fadehairucw.store/api
- url: https://formy-spill.biz/api
- url: https://impend-differ.biz/api
- url: https://ingreem-eilish.biz/api
- url: https://outlookyn.cyou/api
- url: https://presticitpo.store/api
- url: https://print-vexer.biz/api
- url: https://scriptyprefej.store/api
- url: https://se-blurry.biz/api
- url: https://sordid-snaked.cyou/api
- url: https://thumbystriw.store/api
- url: https://wisdom-echoes.shop/api
- url: https://wrathful-jammy.cyou/api
- url: https://zinc-sneark.biz/api
- domain: awake-weaves.cyou
- domain: brendon-sharjen.biz
- domain: covery-mover.biz
- domain: dare-curbys.biz
- domain: dwell-exclaim.biz
- domain: formy-spill.biz
- domain: impend-differ.biz
- domain: ingreem-eilish.biz
- domain: outlookyn.cyou
- domain: print-vexer.biz
- domain: se-blurry.biz
- domain: sordid-snaked.cyou
- domain: wisdom-echoes.shop
- domain: wrathful-jammy.cyou
- domain: zinc-sneark.biz
- url: http://94.103.84.173/pages/login.php
- file: 45.93.20.67
- hash: 80
- url: http://101349cm.renyash.ru/videovmgamedefaulttestuniversalwp.php
- file: 147.45.44.42
- hash: 1488
- file: 147.45.44.42
- hash: 2001
- file: 154.216.19.63
- hash: 7290
- file: 154.216.19.63
- hash: 443
- file: 63.32.99.39
- hash: 32764
- file: 157.20.182.8
- hash: 1337
- file: 198.23.227.140
- hash: 8181
- file: 154.91.34.250
- hash: 14555
- file: 23.94.37.42
- hash: 2601
- file: 154.39.239.95
- hash: 1445
- file: 3.22.61.147
- hash: 80
- file: 192.121.163.53
- hash: 31337
- file: 5.253.59.167
- hash: 443
- file: 5.175.237.184
- hash: 443
- file: 45.147.26.131
- hash: 8888
- file: 20.93.23.234
- hash: 7443
- file: 165.232.65.107
- hash: 7443
- file: 185.177.239.131
- hash: 8082
- file: 13.231.139.33
- hash: 9301
- file: 173.199.70.18
- hash: 7443
- domain: usps-mydeliver.com
- file: 23.94.247.46
- hash: 80
- file: 14.241.100.39
- hash: 8080
- file: 154.216.17.241
- hash: 443
- url: http://42.231.223.147:60259/mozi.m
- file: 83.136.208.202
- hash: 4057
- file: 170.205.31.90
- hash: 3333
- file: 69.166.230.200
- hash: 6606
- file: 187.209.210.95
- hash: 4782
- domain: usps-mypackage.com
- domain: chatapi.edureel.ai
- url: http://126987cm.renyash.ru/vmpipejavascript_httpauthlongpollmultiwordpressdle.php
- file: 207.32.218.35
- hash: 7707
ThreatFox IOCs for 2025-01-01
Description
ThreatFox IOCs for 2025-01-01
AI-Powered Analysis
Technical Analysis
The provided threat intelligence pertains to a malware-related entry titled "ThreatFox IOCs for 2025-01-01," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The entry is categorized under "type:osint," indicating it is related to open-source intelligence gathering or dissemination rather than a specific malware family or exploit. There are no affected product versions or specific vulnerabilities listed, and no known exploits in the wild have been reported. The technical details include a threat level of 2 (on an unspecified scale), an analysis score of 1, and a distribution score of 3, suggesting moderate dissemination or sharing of these IOCs. The absence of concrete technical indicators, such as malware hashes, attack vectors, or exploit mechanisms, implies that this entry serves primarily as a repository or notification of IOCs rather than a direct malware campaign or exploit. The lack of CWE identifiers and patch links further supports that this is not tied to a specific software vulnerability. The threat is tagged with "tlp:white," indicating that the information is not restricted and can be freely shared. Overall, this entry represents a medium-severity informational update on malware-related IOCs intended for open sharing within the cybersecurity community, rather than an active or imminent threat targeting specific systems or products.
Potential Impact
Given the nature of this threat intelligence as a collection of IOCs without direct exploitation or active malware campaigns, the immediate impact on European organizations is limited. However, the dissemination of these IOCs can aid defenders in identifying and mitigating potential threats if these indicators are linked to emerging malware activities. The medium severity rating suggests that while the threat itself is not currently causing widespread damage, it could be leveraged by threat actors in the future. European organizations that rely heavily on OSINT tools and threat intelligence feeds may benefit from integrating these IOCs into their detection systems to enhance situational awareness. The lack of specific affected products or vulnerabilities means there is no direct risk to confidentiality, integrity, or availability at this time. Nonetheless, failure to incorporate such intelligence could delay detection of related malware activities, potentially increasing exposure to future attacks.
Mitigation Recommendations
1. Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities. 2. Regularly update threat intelligence feeds and ensure automated ingestion of new IOCs to maintain up-to-date defenses. 3. Conduct proactive threat hunting exercises using these IOCs to identify any latent or emerging threats within the network. 4. Train security analysts to recognize patterns associated with the shared IOCs and correlate them with other threat intelligence sources. 5. Establish collaboration channels with threat intelligence sharing communities to receive timely updates and contextual information. 6. Since no patches or specific vulnerabilities are identified, focus on maintaining robust general cybersecurity hygiene, including network segmentation, least privilege access, and continuous monitoring. 7. Validate and verify the relevance of IOCs before applying them to avoid false positives that could overwhelm security operations.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- ed5fff99-4c23-4da4-813b-320c1bf4eb97
- Original Timestamp
- 1735776186
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file208.115.220.58 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file5.39.43.50 | NjRAT botnet C2 server (confidence level: 75%) | |
file45.137.201.181 | NjRAT botnet C2 server (confidence level: 75%) | |
file154.37.215.204 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.151.240.142 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.37.215.204 | Unknown malware botnet C2 server (confidence level: 100%) | |
file209.38.217.87 | Unknown malware botnet C2 server (confidence level: 100%) | |
file210.89.45.122 | Unknown malware botnet C2 server (confidence level: 100%) | |
file134.175.121.153 | Meterpreter botnet C2 server (confidence level: 100%) | |
file34.208.255.157 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.94.19.136 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file46.246.84.7 | Remcos botnet C2 server (confidence level: 100%) | |
file1.14.104.62 | Unknown malware botnet C2 server (confidence level: 100%) | |
file88.201.69.136 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file198.23.227.175 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file86.124.168.255 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
file185.243.114.91 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
file209.151.153.81 | MimiKatz botnet C2 server (confidence level: 100%) | |
file193.31.28.181 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file101.201.54.74 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.242.146.249 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file94.158.245.27 | MooBot botnet C2 server (confidence level: 100%) | |
file124.221.38.163 | Unknown malware botnet C2 server (confidence level: 100%) | |
file20.52.4.154 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.144.21.154 | Unknown malware botnet C2 server (confidence level: 100%) | |
file94.154.33.140 | Unknown malware botnet C2 server (confidence level: 100%) | |
file89.250.65.37 | Unknown malware botnet C2 server (confidence level: 100%) | |
file31.7.35.14 | Unknown malware botnet C2 server (confidence level: 100%) | |
file191.101.241.240 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.53.39.85 | Unknown malware botnet C2 server (confidence level: 100%) | |
file88.99.170.132 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.135.30.45 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.76.176.78 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file206.72.197.102 | Remcos botnet C2 server (confidence level: 100%) | |
file117.72.92.74 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file110.41.4.69 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file146.190.91.121 | Unknown malware botnet C2 server (confidence level: 100%) | |
file134.175.248.97 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file150.158.89.168 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file49.232.133.108 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.147.234.137 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file34.132.16.207 | Unknown malware botnet C2 server (confidence level: 100%) | |
file186.32.225.34 | MimiKatz botnet C2 server (confidence level: 100%) | |
file45.141.26.234 | XWorm botnet C2 server (confidence level: 100%) | |
file185.222.57.76 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file147.185.221.24 | XenoRAT botnet C2 server (confidence level: 100%) | |
file150.158.121.15 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.134.58.195 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file46.246.86.16 | Remcos botnet C2 server (confidence level: 100%) | |
file101.99.75.173 | Remcos botnet C2 server (confidence level: 100%) | |
file91.107.146.68 | Hook botnet C2 server (confidence level: 100%) | |
file91.107.146.68 | Hook botnet C2 server (confidence level: 100%) | |
file91.107.146.68 | Hook botnet C2 server (confidence level: 100%) | |
file188.79.46.203 | Havoc botnet C2 server (confidence level: 100%) | |
file195.133.51.144 | Havoc botnet C2 server (confidence level: 100%) | |
file142.93.234.59 | BianLian botnet C2 server (confidence level: 100%) | |
file45.93.20.67 | Meduza Stealer payload delivery server (confidence level: 100%) | |
file147.45.44.42 | Rhadamanthys botnet C2 server (confidence level: 50%) | |
file147.45.44.42 | Rhadamanthys botnet C2 server (confidence level: 50%) | |
file154.216.19.63 | Rhadamanthys botnet C2 server (confidence level: 50%) | |
file154.216.19.63 | Rhadamanthys botnet C2 server (confidence level: 50%) | |
file63.32.99.39 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file157.20.182.8 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file198.23.227.140 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file154.91.34.250 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file23.94.37.42 | Mirai botnet C2 server (confidence level: 75%) | |
file154.39.239.95 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file3.22.61.147 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file192.121.163.53 | Sliver botnet C2 server (confidence level: 100%) | |
file5.253.59.167 | Sliver botnet C2 server (confidence level: 100%) | |
file5.175.237.184 | Sliver botnet C2 server (confidence level: 100%) | |
file45.147.26.131 | Unknown malware botnet C2 server (confidence level: 100%) | |
file20.93.23.234 | Unknown malware botnet C2 server (confidence level: 100%) | |
file165.232.65.107 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.177.239.131 | Hook botnet C2 server (confidence level: 100%) | |
file13.231.139.33 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file173.199.70.18 | Unknown malware botnet C2 server (confidence level: 100%) | |
file23.94.247.46 | Unknown malware botnet C2 server (confidence level: 100%) | |
file14.241.100.39 | Chaos botnet C2 server (confidence level: 100%) | |
file154.216.17.241 | BianLian botnet C2 server (confidence level: 100%) | |
file83.136.208.202 | Remcos botnet C2 server (confidence level: 100%) | |
file170.205.31.90 | Remcos botnet C2 server (confidence level: 100%) | |
file69.166.230.200 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file187.209.210.95 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file207.32.218.35 | AsyncRAT botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5234 | NjRAT botnet C2 server (confidence level: 75%) | |
hash511 | NjRAT botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5555 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5045 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash1443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash65533 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7710 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
hash80 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
hash8080 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash4004 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash2222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash90 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3331 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash587 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1920 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4204 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash30486 | Remcos botnet C2 server (confidence level: 100%) | |
hash5555 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash46901 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash55443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash443 | XWorm botnet C2 server (confidence level: 100%) | |
hash55615 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash47517 | XenoRAT botnet C2 server (confidence level: 100%) | |
hash62000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | Remcos botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | BianLian botnet C2 server (confidence level: 100%) | |
hash80 | Meduza Stealer payload delivery server (confidence level: 100%) | |
hash1488 | Rhadamanthys botnet C2 server (confidence level: 50%) | |
hash2001 | Rhadamanthys botnet C2 server (confidence level: 50%) | |
hash7290 | Rhadamanthys botnet C2 server (confidence level: 50%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 50%) | |
hash32764 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash1337 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash8181 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash14555 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash2601 | Mirai botnet C2 server (confidence level: 75%) | |
hash1445 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash9301 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Chaos botnet C2 server (confidence level: 100%) | |
hash443 | BianLian botnet C2 server (confidence level: 100%) | |
hash4057 | Remcos botnet C2 server (confidence level: 100%) | |
hash3333 | Remcos botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://jholo.duckdns.org:8181/upload.php | DarkVision RAT botnet C2 (confidence level: 100%) | |
urlhttp://124.70.193.76:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://113.44.78.183:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://47.120.37.153:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://221.14.60.132:53880/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttp://185.239.51.56/externalvmpacketlongpollsqldbfloweruniversalcentral.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://891781cm.renyash.ru/processorserverdefaultsqltrafficuniversalwpprivate.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://23.94.247.46/pages/login.php | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://recessfriction.sbs/lod.php | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://recessfriction.sbs/dol.php | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://dogdecision.cfd/bar.php | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://487997cm.renyash.top/videoflowergeneratortestpublic.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://awake-weaves.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://brendon-sharjen.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://covery-mover.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://dare-curbys.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://dwell-exclaim.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://fadehairucw.store/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://formy-spill.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://impend-differ.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://ingreem-eilish.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://outlookyn.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://presticitpo.store/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://print-vexer.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://scriptyprefej.store/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://se-blurry.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://sordid-snaked.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://thumbystriw.store/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://wisdom-echoes.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://wrathful-jammy.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://zinc-sneark.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://94.103.84.173/pages/login.php | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://101349cm.renyash.ru/videovmgamedefaulttestuniversalwp.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://42.231.223.147:60259/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttp://126987cm.renyash.ru/vmpipejavascript_httpauthlongpollmultiwordpressdle.php | DCRat botnet C2 (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainraw.cloudboats.vip | Mirai botnet C2 domain (confidence level: 75%) | |
domains4.serv00.com | Agent Tesla botnet C2 domain (confidence level: 50%) | |
domainvmi2323701.contaboserver.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.pd.194-59-30-152.cprapid.com | Hook botnet C2 domain (confidence level: 100%) | |
domainavina.cloud | Havoc botnet C2 domain (confidence level: 100%) | |
domainecs-110-41-4-69.compute.hwclouds-dns.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainocqztwhhfipaggkyloea.infinitum.space | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainip66-179-240-177.pbiaas.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainwww.103-152-255-69.cprapid.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainawake-weaves.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbrendon-sharjen.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincovery-mover.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindare-curbys.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindwell-exclaim.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainformy-spill.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainimpend-differ.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainingreem-eilish.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainoutlookyn.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainprint-vexer.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainse-blurry.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsordid-snaked.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwisdom-echoes.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwrathful-jammy.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainzinc-sneark.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainusps-mydeliver.com | Meduza Stealer botnet C2 domain (confidence level: 100%) | |
domainusps-mypackage.com | Meduza Stealer botnet C2 domain (confidence level: 100%) | |
domainchatapi.edureel.ai | Unknown malware botnet C2 domain (confidence level: 100%) |
Threat ID: 682c7ac0e3e6de8ceb7610d7
Added to database: 5/20/2025, 12:51:12 PM
Last enriched: 6/19/2025, 1:17:57 PM
Last updated: 8/14/2025, 6:03:00 PM
Views: 13
Related Threats
ThreatFox IOCs for 2025-08-16
MediumScammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumThreatFox IOCs for 2025-08-15
MediumThreat Actor Profile: Interlock Ransomware
Medium'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.