Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

ThreatFox IOCs for 2025-01-02

Medium
Malwaretype:osinttlp:white
Published: Thu Jan 02 2025 (01/02/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-01-02

AI-Powered Analysis

AILast updated: 06/19/2025, 15:48:24 UTC

Technical Analysis

The provided threat intelligence pertains to a malware-related report titled 'ThreatFox IOCs for 2025-01-02,' sourced from ThreatFox. The report appears to focus on Indicators of Compromise (IOCs) related to malware activity, categorized under OSINT (Open Source Intelligence) with no specific affected product versions or detailed technical indicators included. The threat level is indicated as 2 on an unspecified scale, with an analysis rating of 1 and a distribution rating of 3, suggesting moderate dissemination but limited detailed analysis or technical depth. No known exploits in the wild are reported, and no patch information or CWE (Common Weakness Enumeration) identifiers are provided. The absence of specific technical details such as malware behavior, attack vectors, or targeted vulnerabilities limits the ability to deeply analyze the threat. The tags 'type:osint' and 'tlp:white' imply that the information is publicly shareable and derived from open sources. Overall, this threat intelligence entry appears to be a general collection or update of malware-related IOCs without direct evidence of active exploitation or targeted campaigns at the time of publication.

Potential Impact

Given the lack of detailed technical indicators and absence of known exploits in the wild, the immediate impact on European organizations is likely limited. However, the distribution rating of 3 suggests that the malware or its indicators are moderately disseminated, which could imply potential for future targeting or broader infection if leveraged by threat actors. European organizations relying on OSINT feeds and threat intelligence platforms may benefit from awareness but should not expect immediate operational impact. The medium severity rating indicates a moderate risk level, possibly reflecting the potential for reconnaissance or preparatory activity rather than active compromise. Confidentiality, integrity, and availability impacts are uncertain due to insufficient data, but the lack of authentication or user interaction details suggests that exploitation complexity is not clearly defined. European sectors with high reliance on threat intelligence for cybersecurity operations, such as financial services, critical infrastructure, and government agencies, should monitor for updates to this threat to preempt escalation.

Mitigation Recommendations

1. Enhance OSINT Integration: European organizations should ensure their security operations centers (SOCs) integrate updated IOCs from ThreatFox and similar platforms promptly to improve detection capabilities. 2. Proactive Threat Hunting: Conduct proactive threat hunting exercises focusing on the indicators once they become available, especially in network traffic and endpoint logs, to identify any early signs of compromise. 3. Strengthen Monitoring and Logging: Improve monitoring of network and endpoint activities, emphasizing anomaly detection that could indicate malware presence, even in the absence of specific IOCs. 4. Employee Awareness: Maintain regular cybersecurity awareness training emphasizing cautious handling of unsolicited files or links, as the lack of user interaction details does not preclude social engineering vectors. 5. Incident Response Preparedness: Update incident response plans to incorporate procedures for handling emerging malware threats from OSINT sources, ensuring rapid containment and remediation. 6. Collaboration and Information Sharing: Engage with European cybersecurity information sharing communities (e.g., ENISA, CERT-EU) to receive timely updates and share findings related to this threat.

Affected Countries

GermanyGermany
FranceFrance
United KingdomUnited Kingdom
NetherlandsNetherlands
ItalyItaly
SpainSpain
PolandPoland
Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
577d4140-83c3-4740-b4ae-0251ef74b6fb
Original Timestamp
1735862586

Indicators of Compromise

File

ValueDescriptionCopy
file45.200.149.249
Mirai botnet C2 server (confidence level: 75%)
file107.178.108.41
Agent Tesla botnet C2 server (confidence level: 100%)
file162.241.62.63
Agent Tesla botnet C2 server (confidence level: 100%)
file152.42.226.16
Cobalt Strike botnet C2 server (confidence level: 50%)
file198.23.227.140
AsyncRAT botnet C2 server (confidence level: 50%)
file45.204.218.173
Hook botnet C2 server (confidence level: 50%)
file193.168.173.66
Nanocore RAT botnet C2 server (confidence level: 100%)
file69.174.100.12
Remcos botnet C2 server (confidence level: 100%)
file95.169.196.36
Brute Ratel C4 botnet C2 server (confidence level: 50%)
file95.169.196.118
Brute Ratel C4 botnet C2 server (confidence level: 50%)
file106.75.18.52
Havoc botnet C2 server (confidence level: 100%)
file174.138.76.181
brute_ratel botnet C2 server (confidence level: 100%)
file47.238.194.253
brute_ratel botnet C2 server (confidence level: 100%)
file18.166.178.41
brute_ratel botnet C2 server (confidence level: 100%)
file193.83.7.1
AsyncRAT botnet C2 server (confidence level: 100%)
file2.58.56.77
Hook botnet C2 server (confidence level: 100%)
file86.124.24.8
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.24.8
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.24.8
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.24.8
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.24.8
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.24.8
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.24.8
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.24.8
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.24.8
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.24.8
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.24.8
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.24.8
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.24.8
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.24.8
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.24.8
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.24.8
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.24.8
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.24.8
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.24.8
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.24.8
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.24.8
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.24.8
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.24.8
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.24.8
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.24.8
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.24.8
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.24.8
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.24.8
Quasar RAT botnet C2 server (confidence level: 100%)
file18.201.102.245
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file89.208.231.155
brute_ratel botnet C2 server (confidence level: 100%)
file167.235.250.66
Unknown malware botnet C2 server (confidence level: 100%)
file18.118.61.33
brute_ratel botnet C2 server (confidence level: 100%)
file152.42.180.173
brute_ratel botnet C2 server (confidence level: 100%)
file34.213.47.69
brute_ratel botnet C2 server (confidence level: 100%)
file142.132.190.156
brute_ratel botnet C2 server (confidence level: 100%)
file142.132.190.156
brute_ratel botnet C2 server (confidence level: 100%)
file34.154.11.138
brute_ratel botnet C2 server (confidence level: 100%)
file35.89.139.12
brute_ratel botnet C2 server (confidence level: 100%)
file142.93.139.164
brute_ratel botnet C2 server (confidence level: 100%)
file189.1.227.239
brute_ratel botnet C2 server (confidence level: 100%)
file43.198.12.208
brute_ratel botnet C2 server (confidence level: 100%)
file47.237.202.96
brute_ratel botnet C2 server (confidence level: 100%)
file60.204.234.238
brute_ratel botnet C2 server (confidence level: 100%)
file34.214.45.212
brute_ratel botnet C2 server (confidence level: 100%)
file165.232.151.250
brute_ratel botnet C2 server (confidence level: 100%)
file104.129.181.195
brute_ratel botnet C2 server (confidence level: 100%)
file104.129.181.195
brute_ratel botnet C2 server (confidence level: 100%)
file34.154.249.225
brute_ratel botnet C2 server (confidence level: 100%)
file64.176.81.87
brute_ratel botnet C2 server (confidence level: 100%)
file47.239.236.221
brute_ratel botnet C2 server (confidence level: 100%)
file161.35.73.220
brute_ratel botnet C2 server (confidence level: 100%)
file161.35.73.220
brute_ratel botnet C2 server (confidence level: 100%)
file185.82.126.147
brute_ratel botnet C2 server (confidence level: 100%)
file185.82.126.147
brute_ratel botnet C2 server (confidence level: 100%)
file18.132.191.71
brute_ratel botnet C2 server (confidence level: 100%)
file18.175.147.93
brute_ratel botnet C2 server (confidence level: 100%)
file18.175.147.93
brute_ratel botnet C2 server (confidence level: 100%)
file209.38.192.207
brute_ratel botnet C2 server (confidence level: 100%)
file85.208.139.120
brute_ratel botnet C2 server (confidence level: 100%)
file180.131.145.103
brute_ratel botnet C2 server (confidence level: 100%)
file8.215.48.214
Brute Ratel C4 botnet C2 server (confidence level: 100%)
file196.2.1.141
Cobalt Strike botnet C2 server (confidence level: 100%)
file216.23.184.169
Cobalt Strike botnet C2 server (confidence level: 100%)
file202.66.172.124
Cobalt Strike botnet C2 server (confidence level: 100%)
file202.66.172.124
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.225.27.226
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.225.27.226
Cobalt Strike botnet C2 server (confidence level: 100%)
file52.41.235.46
Cobalt Strike botnet C2 server (confidence level: 100%)
file1.14.160.224
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.34.82.117
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.36.122.50
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.231.74.38
Cobalt Strike botnet C2 server (confidence level: 100%)
file108.165.57.5
Cobalt Strike botnet C2 server (confidence level: 100%)
file111.229.148.68
Cobalt Strike botnet C2 server (confidence level: 100%)
file113.44.67.52
Cobalt Strike botnet C2 server (confidence level: 100%)
file118.25.91.151
Cobalt Strike botnet C2 server (confidence level: 100%)
file118.25.91.151
Cobalt Strike botnet C2 server (confidence level: 100%)
file123.249.45.6
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.222.124.9
Cobalt Strike botnet C2 server (confidence level: 100%)
file137.184.183.6
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.238.134.113
ValleyRAT botnet C2 server (confidence level: 100%)
file147.45.47.88
Cobalt Strike botnet C2 server (confidence level: 100%)
file120.48.116.118
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.195.65.40
Sliver botnet C2 server (confidence level: 100%)
file162.216.243.15
AsyncRAT botnet C2 server (confidence level: 100%)
file198.167.199.130
Quasar RAT botnet C2 server (confidence level: 100%)
file172.190.218.195
Havoc botnet C2 server (confidence level: 100%)
file134.122.169.57
ERMAC botnet C2 server (confidence level: 100%)
file178.215.224.65
ERMAC botnet C2 server (confidence level: 100%)
file195.66.213.24
Unknown malware botnet C2 server (confidence level: 100%)
file154.205.137.203
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.3.160.167
Cobalt Strike botnet C2 server (confidence level: 100%)
file206.238.199.133
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.181.47.247
Cobalt Strike botnet C2 server (confidence level: 100%)
file42.193.230.26
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.139.216.112
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.155.250.85
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.76.49.150
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.92.214.161
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.99.93.43
Cobalt Strike botnet C2 server (confidence level: 100%)
file60.205.123.140
Cobalt Strike botnet C2 server (confidence level: 100%)
file79.132.128.110
Cobalt Strike botnet C2 server (confidence level: 100%)
file80.76.49.123
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.61.0.81
Cobalt Strike botnet C2 server (confidence level: 100%)
file81.70.236.142
Cobalt Strike botnet C2 server (confidence level: 100%)
file102.117.160.152
Unknown malware botnet C2 server (confidence level: 100%)
file37.27.214.36
Vidar botnet C2 server (confidence level: 100%)
file117.72.90.62
Unknown malware botnet C2 server (confidence level: 100%)
file111.230.246.41
Unknown malware botnet C2 server (confidence level: 100%)
file47.95.169.24
Unknown malware botnet C2 server (confidence level: 100%)
file51.75.72.230
Unknown malware botnet C2 server (confidence level: 100%)
file172.105.41.81
Unknown malware botnet C2 server (confidence level: 100%)
file146.103.40.91
Unknown malware botnet C2 server (confidence level: 100%)
file103.16.117.92
Unknown malware botnet C2 server (confidence level: 100%)
file82.156.175.18
Unknown malware botnet C2 server (confidence level: 100%)
file83.229.127.87
Cobalt Strike botnet C2 server (confidence level: 100%)
file18.232.155.135
Cobalt Strike botnet C2 server (confidence level: 100%)
file207.148.104.88
Cobalt Strike botnet C2 server (confidence level: 100%)
file54.167.251.151
Cobalt Strike botnet C2 server (confidence level: 100%)
file54.199.51.106
Cobalt Strike botnet C2 server (confidence level: 100%)
file54.206.151.199
Cobalt Strike botnet C2 server (confidence level: 100%)
file54.238.39.64
Cobalt Strike botnet C2 server (confidence level: 100%)
file116.203.13.109
Vidar botnet C2 server (confidence level: 100%)
file187.224.155.169
Unknown malware botnet C2 server (confidence level: 100%)
file91.235.143.28
Remcos botnet C2 server (confidence level: 100%)
file103.67.163.105
Remcos botnet C2 server (confidence level: 100%)
file5.180.96.152
pupy botnet C2 server (confidence level: 100%)
file81.214.76.68
AsyncRAT botnet C2 server (confidence level: 100%)
file81.214.76.68
AsyncRAT botnet C2 server (confidence level: 100%)
file81.214.76.68
AsyncRAT botnet C2 server (confidence level: 100%)
file81.214.76.68
AsyncRAT botnet C2 server (confidence level: 100%)
file198.23.227.140
AsyncRAT botnet C2 server (confidence level: 100%)
file103.37.40.78
AsyncRAT botnet C2 server (confidence level: 100%)
file45.204.218.173
Hook botnet C2 server (confidence level: 100%)
file198.167.199.224
Quasar RAT botnet C2 server (confidence level: 100%)
file172.81.133.87
Venom RAT botnet C2 server (confidence level: 100%)
file103.74.93.242
DeimosC2 botnet C2 server (confidence level: 100%)
file34.1.142.70
ValleyRAT botnet C2 server (confidence level: 100%)
file141.147.143.12
Cobalt Strike botnet C2 server (confidence level: 100%)
file87.120.115.8
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.241.126.68
Cobalt Strike botnet C2 server (confidence level: 100%)
file119.91.64.209
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.217.37.213
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.141.26.234
XWorm botnet C2 server (confidence level: 100%)
file185.148.3.216
Quasar RAT botnet C2 server (confidence level: 100%)
file185.172.175.125
NjRAT botnet C2 server (confidence level: 100%)
file43.136.177.76
Meterpreter botnet C2 server (confidence level: 100%)
file23.226.57.67
ValleyRAT botnet C2 server (confidence level: 100%)
file117.18.13.97
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.37.40.76
AsyncRAT botnet C2 server (confidence level: 100%)
file103.37.40.76
AsyncRAT botnet C2 server (confidence level: 100%)
file93.183.78.36
RMS botnet C2 server (confidence level: 100%)
file185.65.68.247
NjRAT botnet C2 server (confidence level: 100%)
file43.133.239.91
Cobalt Strike botnet C2 server (confidence level: 50%)
file43.246.208.199
Cobalt Strike botnet C2 server (confidence level: 50%)
file45.76.206.45
Cobalt Strike botnet C2 server (confidence level: 50%)
file47.99.120.15
Cobalt Strike botnet C2 server (confidence level: 50%)
file94.232.43.211
Cobalt Strike botnet C2 server (confidence level: 50%)
file207.231.109.20
Cobalt Strike botnet C2 server (confidence level: 50%)
file209.38.116.17
Cobalt Strike botnet C2 server (confidence level: 50%)
file2.37.211.140
Brute Ratel C4 botnet C2 server (confidence level: 50%)
file86.124.25.57
Quasar RAT botnet C2 server (confidence level: 50%)
file86.124.25.57
Quasar RAT botnet C2 server (confidence level: 50%)
file86.124.25.57
Quasar RAT botnet C2 server (confidence level: 50%)
file86.124.25.57
Quasar RAT botnet C2 server (confidence level: 50%)
file86.124.25.57
Quasar RAT botnet C2 server (confidence level: 50%)
file86.124.25.57
Quasar RAT botnet C2 server (confidence level: 50%)
file86.124.25.57
Quasar RAT botnet C2 server (confidence level: 50%)
file86.124.25.57
Quasar RAT botnet C2 server (confidence level: 50%)
file86.124.25.57
Quasar RAT botnet C2 server (confidence level: 50%)
file86.124.25.57
Quasar RAT botnet C2 server (confidence level: 50%)
file86.124.25.57
Quasar RAT botnet C2 server (confidence level: 50%)
file86.124.25.57
Quasar RAT botnet C2 server (confidence level: 50%)
file86.124.25.57
Quasar RAT botnet C2 server (confidence level: 50%)
file86.124.25.57
Quasar RAT botnet C2 server (confidence level: 50%)
file86.124.25.57
Quasar RAT botnet C2 server (confidence level: 50%)
file86.124.25.57
Quasar RAT botnet C2 server (confidence level: 50%)
file86.124.25.57
Quasar RAT botnet C2 server (confidence level: 50%)
file82.156.108.180
Cobalt Strike botnet C2 server (confidence level: 100%)
file113.44.90.0
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.19.190.97
Ghost RAT botnet C2 server (confidence level: 100%)
file42.119.96.173
Orcus RAT botnet C2 server (confidence level: 100%)
file18.144.53.225
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file156.251.17.243
ValleyRAT botnet C2 server (confidence level: 100%)
file81.214.76.68
AsyncRAT botnet C2 server (confidence level: 100%)
file82.67.51.130
Nanocore RAT botnet C2 server (confidence level: 100%)
file179.43.171.201
Unknown malware botnet C2 server (confidence level: 100%)
file172.111.250.17
Remcos botnet C2 server (confidence level: 100%)
file87.120.115.7
Hook botnet C2 server (confidence level: 100%)
file164.92.215.178
ERMAC botnet C2 server (confidence level: 100%)
file23.140.8.132
Remcos botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash2601
Mirai botnet C2 server (confidence level: 75%)
hash587
Agent Tesla botnet C2 server (confidence level: 100%)
hash21
Agent Tesla botnet C2 server (confidence level: 100%)
hash59060
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8099
AsyncRAT botnet C2 server (confidence level: 50%)
hash80
Hook botnet C2 server (confidence level: 50%)
hash139
Nanocore RAT botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash1337
Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash1337
Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash9001
Havoc botnet C2 server (confidence level: 100%)
hash8443
brute_ratel botnet C2 server (confidence level: 100%)
hash80
brute_ratel botnet C2 server (confidence level: 100%)
hash80
brute_ratel botnet C2 server (confidence level: 100%)
hash4444
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash21
Quasar RAT botnet C2 server (confidence level: 100%)
hash82
Quasar RAT botnet C2 server (confidence level: 100%)
hash4072
Quasar RAT botnet C2 server (confidence level: 100%)
hash5006
Quasar RAT botnet C2 server (confidence level: 100%)
hash5000
Quasar RAT botnet C2 server (confidence level: 100%)
hash995
Quasar RAT botnet C2 server (confidence level: 100%)
hash2078
Quasar RAT botnet C2 server (confidence level: 100%)
hash2762
Quasar RAT botnet C2 server (confidence level: 100%)
hash11829
Quasar RAT botnet C2 server (confidence level: 100%)
hash80
Quasar RAT botnet C2 server (confidence level: 100%)
hash8545
Quasar RAT botnet C2 server (confidence level: 100%)
hash32671
Quasar RAT botnet C2 server (confidence level: 100%)
hash1194
Quasar RAT botnet C2 server (confidence level: 100%)
hash14036
Quasar RAT botnet C2 server (confidence level: 100%)
hash28147
Quasar RAT botnet C2 server (confidence level: 100%)
hash3299
Quasar RAT botnet C2 server (confidence level: 100%)
hash18604
Quasar RAT botnet C2 server (confidence level: 100%)
hash32400
Quasar RAT botnet C2 server (confidence level: 100%)
hash36682
Quasar RAT botnet C2 server (confidence level: 100%)
hash500
Quasar RAT botnet C2 server (confidence level: 100%)
hash3390
Quasar RAT botnet C2 server (confidence level: 100%)
hash56454
Quasar RAT botnet C2 server (confidence level: 100%)
hash443
Quasar RAT botnet C2 server (confidence level: 100%)
hash627
Quasar RAT botnet C2 server (confidence level: 100%)
hash6009
Quasar RAT botnet C2 server (confidence level: 100%)
hash6544
Quasar RAT botnet C2 server (confidence level: 100%)
hash8443
Quasar RAT botnet C2 server (confidence level: 100%)
hash10084
Quasar RAT botnet C2 server (confidence level: 100%)
hash55410
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
brute_ratel botnet C2 server (confidence level: 100%)
hash8090
Unknown malware botnet C2 server (confidence level: 100%)
hash80
brute_ratel botnet C2 server (confidence level: 100%)
hash443
brute_ratel botnet C2 server (confidence level: 100%)
hash443
brute_ratel botnet C2 server (confidence level: 100%)
hash443
brute_ratel botnet C2 server (confidence level: 100%)
hash8181
brute_ratel botnet C2 server (confidence level: 100%)
hash443
brute_ratel botnet C2 server (confidence level: 100%)
hash443
brute_ratel botnet C2 server (confidence level: 100%)
hash443
brute_ratel botnet C2 server (confidence level: 100%)
hash8443
brute_ratel botnet C2 server (confidence level: 100%)
hash80
brute_ratel botnet C2 server (confidence level: 100%)
hash443
brute_ratel botnet C2 server (confidence level: 100%)
hash80
brute_ratel botnet C2 server (confidence level: 100%)
hash443
brute_ratel botnet C2 server (confidence level: 100%)
hash443
brute_ratel botnet C2 server (confidence level: 100%)
hash1433
brute_ratel botnet C2 server (confidence level: 100%)
hash1443
brute_ratel botnet C2 server (confidence level: 100%)
hash443
brute_ratel botnet C2 server (confidence level: 100%)
hash443
brute_ratel botnet C2 server (confidence level: 100%)
hash443
brute_ratel botnet C2 server (confidence level: 100%)
hash443
brute_ratel botnet C2 server (confidence level: 100%)
hash8443
brute_ratel botnet C2 server (confidence level: 100%)
hash4433
brute_ratel botnet C2 server (confidence level: 100%)
hash443
brute_ratel botnet C2 server (confidence level: 100%)
hash80
brute_ratel botnet C2 server (confidence level: 100%)
hash8443
brute_ratel botnet C2 server (confidence level: 100%)
hash443
brute_ratel botnet C2 server (confidence level: 100%)
hash8443
brute_ratel botnet C2 server (confidence level: 100%)
hash443
brute_ratel botnet C2 server (confidence level: 100%)
hash443
brute_ratel botnet C2 server (confidence level: 100%)
hash443
Brute Ratel C4 botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash7000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash7001
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8889
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8011
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8011
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433
ValleyRAT botnet C2 server (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9876
Cobalt Strike botnet C2 server (confidence level: 100%)
hash31337
Sliver botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash19132
Quasar RAT botnet C2 server (confidence level: 100%)
hash8089
Havoc botnet C2 server (confidence level: 100%)
hash80
ERMAC botnet C2 server (confidence level: 100%)
hash80
ERMAC botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9008
Cobalt Strike botnet C2 server (confidence level: 100%)
hash6666
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4321
Cobalt Strike botnet C2 server (confidence level: 100%)
hash444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8991
Cobalt Strike botnet C2 server (confidence level: 100%)
hash6666
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1111
Cobalt Strike botnet C2 server (confidence level: 100%)
hash444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8031
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9092
Cobalt Strike botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash8181
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Remcos botnet C2 server (confidence level: 100%)
hash3435
Remcos botnet C2 server (confidence level: 100%)
hash443
pupy botnet C2 server (confidence level: 100%)
hash3002
AsyncRAT botnet C2 server (confidence level: 100%)
hash3003
AsyncRAT botnet C2 server (confidence level: 100%)
hash3004
AsyncRAT botnet C2 server (confidence level: 100%)
hash3001
AsyncRAT botnet C2 server (confidence level: 100%)
hash7710
AsyncRAT botnet C2 server (confidence level: 100%)
hash56005
AsyncRAT botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash19132
Quasar RAT botnet C2 server (confidence level: 100%)
hash8008
Venom RAT botnet C2 server (confidence level: 100%)
hash8443
DeimosC2 botnet C2 server (confidence level: 100%)
hash80
ValleyRAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash3306
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2096
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8088
Cobalt Strike botnet C2 server (confidence level: 100%)
hash7000
XWorm botnet C2 server (confidence level: 100%)
hash4000
Quasar RAT botnet C2 server (confidence level: 100%)
hash505
NjRAT botnet C2 server (confidence level: 100%)
hash6666
Meterpreter botnet C2 server (confidence level: 100%)
hash4433
ValleyRAT botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash56003
AsyncRAT botnet C2 server (confidence level: 100%)
hash56005
AsyncRAT botnet C2 server (confidence level: 100%)
hash63655
RMS botnet C2 server (confidence level: 100%)
hash6522
NjRAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash81
Cobalt Strike botnet C2 server (confidence level: 50%)
hash7443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8099
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash9002
Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash8139
Quasar RAT botnet C2 server (confidence level: 50%)
hash8443
Quasar RAT botnet C2 server (confidence level: 50%)
hash9091
Quasar RAT botnet C2 server (confidence level: 50%)
hash9898
Quasar RAT botnet C2 server (confidence level: 50%)
hash55553
Quasar RAT botnet C2 server (confidence level: 50%)
hash9398
Quasar RAT botnet C2 server (confidence level: 50%)
hash8140
Quasar RAT botnet C2 server (confidence level: 50%)
hash7548
Quasar RAT botnet C2 server (confidence level: 50%)
hash5001
Quasar RAT botnet C2 server (confidence level: 50%)
hash8880
Quasar RAT botnet C2 server (confidence level: 50%)
hash10250
Quasar RAT botnet C2 server (confidence level: 50%)
hash10000
Quasar RAT botnet C2 server (confidence level: 50%)
hash9443
Quasar RAT botnet C2 server (confidence level: 50%)
hash6443
Quasar RAT botnet C2 server (confidence level: 50%)
hash3001
Quasar RAT botnet C2 server (confidence level: 50%)
hash7071
Quasar RAT botnet C2 server (confidence level: 50%)
hash9001
Quasar RAT botnet C2 server (confidence level: 50%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash999
Ghost RAT botnet C2 server (confidence level: 100%)
hash4444
Orcus RAT botnet C2 server (confidence level: 100%)
hash104
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash17093
ValleyRAT botnet C2 server (confidence level: 100%)
hash5500
AsyncRAT botnet C2 server (confidence level: 100%)
hash54984
Nanocore RAT botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash2023
Remcos botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash80
ERMAC botnet C2 server (confidence level: 100%)
hash22022
Remcos botnet C2 server (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttps://wildspiritzm.top/ytzhzjlioddlyti4/
Coper botnet C2 (confidence level: 100%)
urlhttps://hamkarada24.top/owrmm2uzmtbinjg4/
Coper botnet C2 (confidence level: 100%)
urlhttp://cj15501.tw1.ru/c39768a5.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://37.27.214.36
Vidar botnet C2 (confidence level: 100%)
urlhttps://65.109.242.14
Vidar botnet C2 (confidence level: 100%)
urlhttp://pw334.castledev.ru/l1nc0in.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://f1069581.xsph.ru/l1nc0in.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://a1068999.xsph.ru/l1nc0in.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://62.109.1.101/phpline/defaultbaselocal/bigloadproviderlowline/multiline5game/multiupdatevm6/secure1/linuxdumpdownloads/asyncwordpressvoiddb8/universalexternallow/dump0linux/1geopubliclow/flower0temporary/9cpu/pythonpacketgame.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://797441cm.n9shteam2.top/videouploads.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://smartoffer-captcha-verification.b-cdn.net/last-step-to-go-solve.html
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://sos-ch-gva-2-exo-io.b-cdn.net/last-step-to-go-re5.html
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://37.27.214.36/
Vidar botnet C2 (confidence level: 100%)
urlhttps://h7h7h7.online/
Vidar botnet C2 (confidence level: 100%)
urlhttps://sectionobligationpow.site/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://185.81.68.147/data.php
Amadey botnet C2 (confidence level: 100%)
urlhttp://185.148.3.216/5fr5gthkjdg71
Quasar RAT payload delivery URL (confidence level: 100%)
urlhttp://45.116.78.127:443/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://event.windowserrorapis.com:8443/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttps://mirugby.com/5op9.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://mirugby.com/js.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://mnudybh4unh.top/1.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://yoursd.site/
Vidar botnet C2 (confidence level: 100%)
urlhttp://a1069594.xsph.ru/l1nc0in.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://f1047670.xsph.ru/l1nc0in.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://f1070307.xsph.ru/3b39b74d.php
DCRat botnet C2 (confidence level: 100%)

Domain

ValueDescriptionCopy
domainaccount.fortinet.app
Havoc botnet C2 domain (confidence level: 100%)
domainbot.lingfengfs.com
ERMAC botnet C2 domain (confidence level: 100%)
domainh7h7h7.online
Vidar botnet C2 domain (confidence level: 100%)
domainntsteallers.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainslot.buyaiphoneonline.com
FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainhome.fiveth5vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domaineighth8vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainhome.oneth1vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainnineth9vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainsixth6vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainabolhb.com
NjRAT botnet C2 domain (confidence level: 75%)
domainmirugby.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainvmi2283794.contaboserver.net
Havoc botnet C2 domain (confidence level: 100%)
domainmail.cryp-domedows.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainyoursd.site
Vidar botnet C2 domain (confidence level: 100%)
domainsixtj6ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domaineightj8ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainonetj1ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainlogin.upgrade1.zip
Havoc botnet C2 domain (confidence level: 100%)
domainpanel.pokemulti.fr
Unknown malware botnet C2 domain (confidence level: 100%)
domainfivetj5ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domaineightj8vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainci26757.tw1.ru
DCRat botnet C2 domain (confidence level: 100%)
domainolegpivo.tw1.ru
DCRat botnet C2 domain (confidence level: 100%)
domainf1070723.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domaineesdtr23c4e.atwebpages.com
DCRat botnet C2 domain (confidence level: 100%)
domaina1070107.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domainromanopi.beget.tech
DCRat botnet C2 domain (confidence level: 100%)
domaina1070366.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domain93752cm.darkproducts.ru
DCRat botnet C2 domain (confidence level: 100%)
domain112025ct.darkproducts.ru
DCRat botnet C2 domain (confidence level: 100%)
domainhome.fortth14vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainhome.eightj8vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domaineleventj11ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainforttj14ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainforttj14vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainhome.tentj10vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainninetj9ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainninetj9vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainsixtj6vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domaintentj10ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainthirttj13vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domaintwentytj20ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domaintwentytj20vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domaintentj10vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainonetj1vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainfivetj5vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainhome.eleventj11ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domaintenth10vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainthirtth13vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domaintwentyth20vs.top
CryptBot botnet C2 domain (confidence level: 100%)

Threat ID: 682c7dc3e8347ec82d2e3525

Added to database: 5/20/2025, 1:04:03 PM

Last enriched: 6/19/2025, 3:48:24 PM

Last updated: 8/16/2025, 9:37:49 AM

Views: 16

Related Threats

ThreatFox IOCs for 2025-08-16

Medium
MalwareSun Aug 17 2025

Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities

Medium
MalwareSat Aug 16 2025

ThreatFox IOCs for 2025-08-15

Medium
MalwareSat Aug 16 2025

Threat Actor Profile: Interlock Ransomware

Medium
MalwareFri Aug 15 2025

'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan

Medium
MalwareFri Aug 15 2025

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats