Skip to main content

ThreatFox IOCs for 2025-01-04

Medium
Published: Sat Jan 04 2025 (01/04/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-01-04

AI-Powered Analysis

AILast updated: 06/19/2025, 16:16:50 UTC

Technical Analysis

The provided information pertains to a set of Indicators of Compromise (IOCs) related to a malware threat cataloged under the title 'ThreatFox IOCs for 2025-01-04.' ThreatFox is a known open-source threat intelligence sharing platform that aggregates and disseminates threat data, including malware signatures and behavioral indicators. The threat is classified as malware with a medium severity level, but no specific affected software versions or products are identified beyond a generic 'osint' product type, indicating that the data is primarily related to open-source intelligence rather than a specific software vulnerability or exploit. The technical details indicate a low to moderate threat level (threatLevel: 2 on an unspecified scale), with some analysis and distribution metrics provided, but no known exploits in the wild have been reported. The absence of concrete CWEs, patch links, or detailed technical indicators suggests that this is a preliminary or generalized intelligence update rather than a detailed vulnerability report. The threat is tagged with 'type:osint' and 'tlp:white,' indicating that the information is intended for unrestricted sharing and is derived from open-source intelligence. The lack of indicators and affected versions limits the ability to pinpoint exact attack vectors or malware behavior, but the presence of IOCs implies that this intelligence could be used to detect or prevent malware infections if integrated into security monitoring systems.

Potential Impact

For European organizations, the impact of this threat is currently limited due to the absence of known active exploits and the general nature of the IOCs. However, the dissemination of these IOCs can enhance detection capabilities against emerging malware campaigns if integrated into security operations centers (SOCs) and threat hunting activities. The medium severity rating suggests that while the threat is not immediately critical, it could potentially be leveraged in targeted attacks or as part of broader malware campaigns affecting confidentiality, integrity, or availability if exploited. European organizations relying heavily on open-source intelligence tools or sharing platforms may find value in these IOCs for early warning and proactive defense. The lack of specific affected products or versions means the threat is more about awareness and preparedness than immediate remediation. Nevertheless, organizations in sectors with high exposure to malware, such as finance, critical infrastructure, and government, should remain vigilant as threat actors often use OSINT-derived data to craft sophisticated attacks.

Mitigation Recommendations

Given the nature of the threat as a set of IOCs without specific exploit details, mitigation should focus on enhancing detection and response capabilities. Organizations should: 1) Integrate the provided IOCs into existing intrusion detection and prevention systems (IDS/IPS), endpoint detection and response (EDR) tools, and security information and event management (SIEM) platforms to improve visibility. 2) Conduct regular threat hunting exercises using these IOCs to identify potential infections or suspicious activities early. 3) Maintain up-to-date threat intelligence feeds and ensure that security teams are trained to interpret and act on OSINT-derived data. 4) Implement network segmentation and strict access controls to limit malware propagation if an infection occurs. 5) Encourage information sharing within industry-specific ISACs (Information Sharing and Analysis Centers) to contextualize these IOCs with sector-specific threats. 6) Since no patches or specific vulnerabilities are identified, focus on general best practices such as timely software updates, user awareness training, and robust backup strategies to mitigate potential impacts from malware infections.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
a0eb1951-d34f-432c-950b-4d3dd64ce296
Original Timestamp
1736035386

Indicators of Compromise

Hash

ValueDescriptionCopy
hash5fb5b9beb44997a6d1baf950a8bf05b94aa59406d82ba2fea27eb13c497d4b18
Mirai payload (confidence level: 100%)
hash47925
MooBot botnet C2 server (confidence level: 75%)
hash38241
Mirai botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash9999
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash17777
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash55177
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash80
Bashlite botnet C2 server (confidence level: 100%)
hash443
ValleyRAT botnet C2 server (confidence level: 100%)
hash9735
Ghost RAT botnet C2 server (confidence level: 100%)
hash28055
NjRAT botnet C2 server (confidence level: 75%)
hash63645
Mirai botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash56003
AsyncRAT botnet C2 server (confidence level: 100%)
hash56005
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash80
Havoc botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash23
Bashlite botnet C2 server (confidence level: 100%)
hash8080
Bashlite botnet C2 server (confidence level: 100%)
hash2052
Cobalt Strike botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Quasar RAT botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8433
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash10011
Unknown malware botnet C2 server (confidence level: 100%)
hash8000
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash4444
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3790
Meterpreter botnet C2 server (confidence level: 50%)
hash7044
Vjw0rm botnet C2 server (confidence level: 100%)
hash44662
STRRAT botnet C2 server (confidence level: 100%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash54138
BlackShades botnet C2 server (confidence level: 50%)
hash1023
BlackShades botnet C2 server (confidence level: 50%)
hash9418
BlackShades botnet C2 server (confidence level: 50%)
hash63256
Unknown malware botnet C2 server (confidence level: 50%)
hash63256
Unknown malware botnet C2 server (confidence level: 50%)
hash63256
Unknown malware botnet C2 server (confidence level: 50%)
hash1604
NjRAT botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Sliver botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash8000
DCRat botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1234
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9001
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
ValleyRAT botnet C2 server (confidence level: 100%)
hash7777
Unknown malware botnet C2 server (confidence level: 50%)
hash7777
Unknown malware botnet C2 server (confidence level: 50%)
hash7777
Unknown malware botnet C2 server (confidence level: 50%)
hash7777
Unknown malware botnet C2 server (confidence level: 50%)
hash7777
Unknown malware botnet C2 server (confidence level: 50%)
hash7777
Unknown malware botnet C2 server (confidence level: 50%)
hash7777
Unknown malware botnet C2 server (confidence level: 50%)
hash7777
Unknown malware botnet C2 server (confidence level: 50%)
hash7777
Unknown malware botnet C2 server (confidence level: 50%)
hash37
Unknown malware botnet C2 server (confidence level: 50%)
hash12000
Unknown malware botnet C2 server (confidence level: 50%)
hash4443
Unknown malware botnet C2 server (confidence level: 50%)
hash443
Unknown malware botnet C2 server (confidence level: 50%)
hash4443
Unknown malware botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash8082
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4443
Sliver botnet C2 server (confidence level: 100%)
hash56003
AsyncRAT botnet C2 server (confidence level: 100%)
hash56005
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
Quasar RAT botnet C2 server (confidence level: 100%)
hash8080
ERMAC botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash64103
BianLian botnet C2 server (confidence level: 100%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash80
Cobalt Strike botnet C2 server (confidence level: 50%)
hash6666
Cobalt Strike botnet C2 server (confidence level: 50%)
hash9095
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash6666
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8803
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash25505
ValleyRAT botnet C2 server (confidence level: 75%)
hash25505
ValleyRAT botnet C2 server (confidence level: 75%)
hash25505
ValleyRAT botnet C2 server (confidence level: 75%)
hash7443
Unknown malware botnet C2 server (confidence level: 50%)
hash7777
Unknown malware botnet C2 server (confidence level: 100%)
hash7777
Unknown malware botnet C2 server (confidence level: 100%)
hash7777
Unknown malware botnet C2 server (confidence level: 100%)
hash7777
Unknown malware botnet C2 server (confidence level: 100%)
hash7777
Unknown malware botnet C2 server (confidence level: 100%)
hash7777
Unknown malware botnet C2 server (confidence level: 100%)
hash7777
Unknown malware botnet C2 server (confidence level: 100%)
hash7777
Unknown malware botnet C2 server (confidence level: 100%)
hash7777
Unknown malware botnet C2 server (confidence level: 100%)
hash7777
Unknown malware botnet C2 server (confidence level: 100%)
hash7777
Unknown malware botnet C2 server (confidence level: 100%)
hash7777
Unknown malware botnet C2 server (confidence level: 100%)
hash7777
Unknown malware botnet C2 server (confidence level: 100%)
hash3778
Mirai botnet C2 server (confidence level: 75%)
hash9091
ValleyRAT botnet C2 server (confidence level: 100%)
hash1800
AsyncRAT botnet C2 server (confidence level: 50%)
hash58685
NjRAT botnet C2 server (confidence level: 75%)
hash80
Ghost RAT botnet C2 server (confidence level: 50%)
hash8443
Havoc botnet C2 server (confidence level: 50%)
hash443
ValleyRAT botnet C2 server (confidence level: 100%)
hash8088
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8089
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash16666
Sliver botnet C2 server (confidence level: 100%)
hash8888
Sliver botnet C2 server (confidence level: 100%)
hash80
ShadowPad botnet C2 server (confidence level: 90%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash8081
DCRat botnet C2 server (confidence level: 100%)
hash3478
PlugX botnet C2 server (confidence level: 90%)
hash443
PlugX botnet C2 server (confidence level: 90%)
hash4433
ValleyRAT botnet C2 server (confidence level: 100%)
hash10443
ValleyRAT botnet C2 server (confidence level: 100%)
hash80
RedLine Stealer botnet C2 server (confidence level: 100%)
hash15666
Meduza Stealer botnet C2 server (confidence level: 100%)
hash10000
NjRAT botnet C2 server (confidence level: 100%)

File

ValueDescriptionCopy
file89.169.4.44
MooBot botnet C2 server (confidence level: 75%)
file31.13.224.14
Mirai botnet C2 server (confidence level: 75%)
file5.44.252.28
Cobalt Strike botnet C2 server (confidence level: 100%)
file123.60.135.110
Cobalt Strike botnet C2 server (confidence level: 100%)
file106.75.76.252
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.12.35.156
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.139.141.253
Unknown malware botnet C2 server (confidence level: 100%)
file128.90.113.89
AsyncRAT botnet C2 server (confidence level: 100%)
file69.166.230.200
AsyncRAT botnet C2 server (confidence level: 100%)
file54.202.8.211
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file54.202.8.211
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file154.213.190.241
MooBot botnet C2 server (confidence level: 100%)
file94.156.227.153
Bashlite botnet C2 server (confidence level: 100%)
file103.97.176.69
ValleyRAT botnet C2 server (confidence level: 100%)
file221.132.67.76
Ghost RAT botnet C2 server (confidence level: 100%)
file147.185.221.19
NjRAT botnet C2 server (confidence level: 75%)
file41.216.189.243
Mirai botnet C2 server (confidence level: 75%)
file123.30.186.248
Cobalt Strike botnet C2 server (confidence level: 100%)
file111.119.239.229
Cobalt Strike botnet C2 server (confidence level: 100%)
file193.142.146.42
Remcos botnet C2 server (confidence level: 100%)
file154.37.221.178
Unknown malware botnet C2 server (confidence level: 100%)
file49.113.75.108
Unknown malware botnet C2 server (confidence level: 100%)
file39.105.170.136
Unknown malware botnet C2 server (confidence level: 100%)
file104.243.34.54
AsyncRAT botnet C2 server (confidence level: 100%)
file103.37.40.74
AsyncRAT botnet C2 server (confidence level: 100%)
file103.37.40.74
AsyncRAT botnet C2 server (confidence level: 100%)
file95.179.159.159
Unknown malware botnet C2 server (confidence level: 100%)
file154.216.18.93
Hook botnet C2 server (confidence level: 100%)
file209.74.66.221
Havoc botnet C2 server (confidence level: 100%)
file139.162.187.197
MooBot botnet C2 server (confidence level: 100%)
file45.128.233.186
Bashlite botnet C2 server (confidence level: 100%)
file167.114.127.89
Bashlite botnet C2 server (confidence level: 100%)
file23.247.130.245
Cobalt Strike botnet C2 server (confidence level: 100%)
file89.58.7.126
Unknown malware botnet C2 server (confidence level: 100%)
file181.162.169.84
Quasar RAT botnet C2 server (confidence level: 100%)
file35.184.90.147
Unknown malware botnet C2 server (confidence level: 100%)
file39.105.170.136
Unknown malware botnet C2 server (confidence level: 100%)
file39.107.213.134
Unknown malware botnet C2 server (confidence level: 100%)
file45.56.75.75
Unknown malware botnet C2 server (confidence level: 100%)
file68.221.170.211
Unknown malware botnet C2 server (confidence level: 100%)
file20.55.69.115
Unknown malware botnet C2 server (confidence level: 100%)
file48.218.244.101
Unknown malware botnet C2 server (confidence level: 100%)
file209.38.184.200
Unknown malware botnet C2 server (confidence level: 100%)
file212.227.245.79
Unknown malware botnet C2 server (confidence level: 100%)
file54.84.101.208
Unknown malware botnet C2 server (confidence level: 100%)
file111.33.165.150
Unknown malware botnet C2 server (confidence level: 100%)
file3.34.191.96
Unknown malware botnet C2 server (confidence level: 100%)
file45.55.187.97
Unknown malware botnet C2 server (confidence level: 100%)
file89.147.108.253
Unknown malware botnet C2 server (confidence level: 100%)
file4.226.44.20
Unknown malware botnet C2 server (confidence level: 100%)
file123.249.101.76
Unknown malware botnet C2 server (confidence level: 100%)
file47.113.184.170
Unknown malware botnet C2 server (confidence level: 100%)
file95.217.185.212
Unknown malware botnet C2 server (confidence level: 100%)
file3.17.119.151
Unknown malware botnet C2 server (confidence level: 100%)
file111.231.69.51
Meterpreter botnet C2 server (confidence level: 50%)
file46.246.14.67
Vjw0rm botnet C2 server (confidence level: 100%)
file46.246.14.67
STRRAT botnet C2 server (confidence level: 100%)
file54.38.52.14
Sliver botnet C2 server (confidence level: 50%)
file38.54.17.74
Sliver botnet C2 server (confidence level: 50%)
file78.141.205.114
Sliver botnet C2 server (confidence level: 50%)
file152.42.136.113
Sliver botnet C2 server (confidence level: 50%)
file23.168.152.27
Sliver botnet C2 server (confidence level: 50%)
file81.19.140.237
Sliver botnet C2 server (confidence level: 50%)
file209.141.42.6
Sliver botnet C2 server (confidence level: 50%)
file178.157.82.141
Sliver botnet C2 server (confidence level: 50%)
file146.190.17.255
Sliver botnet C2 server (confidence level: 50%)
file8.222.186.154
Sliver botnet C2 server (confidence level: 50%)
file190.14.37.12
Sliver botnet C2 server (confidence level: 50%)
file46.23.108.19
Sliver botnet C2 server (confidence level: 50%)
file47.109.65.22
Sliver botnet C2 server (confidence level: 50%)
file81.70.253.23
Sliver botnet C2 server (confidence level: 50%)
file194.4.49.8
Sliver botnet C2 server (confidence level: 50%)
file107.175.209.173
Sliver botnet C2 server (confidence level: 50%)
file194.59.30.158
Sliver botnet C2 server (confidence level: 50%)
file111.119.222.52
Sliver botnet C2 server (confidence level: 50%)
file195.90.225.71
Sliver botnet C2 server (confidence level: 50%)
file172.234.231.235
Sliver botnet C2 server (confidence level: 50%)
file8.216.82.145
Sliver botnet C2 server (confidence level: 50%)
file41.216.183.47
Sliver botnet C2 server (confidence level: 50%)
file194.26.213.66
Sliver botnet C2 server (confidence level: 50%)
file43.156.17.19
Sliver botnet C2 server (confidence level: 50%)
file45.115.236.152
Sliver botnet C2 server (confidence level: 50%)
file191.232.34.142
Sliver botnet C2 server (confidence level: 50%)
file103.85.25.90
Sliver botnet C2 server (confidence level: 50%)
file154.205.155.89
Sliver botnet C2 server (confidence level: 50%)
file165.227.206.56
Sliver botnet C2 server (confidence level: 50%)
file36.138.32.109
Sliver botnet C2 server (confidence level: 50%)
file103.117.120.68
Sliver botnet C2 server (confidence level: 50%)
file87.120.115.229
Sliver botnet C2 server (confidence level: 50%)
file208.73.206.122
Sliver botnet C2 server (confidence level: 50%)
file185.104.181.15
Sliver botnet C2 server (confidence level: 50%)
file209.182.225.150
Sliver botnet C2 server (confidence level: 50%)
file193.142.147.51
Sliver botnet C2 server (confidence level: 50%)
file162.33.179.250
Sliver botnet C2 server (confidence level: 50%)
file87.120.113.209
Sliver botnet C2 server (confidence level: 50%)
file161.35.177.212
Sliver botnet C2 server (confidence level: 50%)
file20.117.118.95
Sliver botnet C2 server (confidence level: 50%)
file185.216.68.124
Sliver botnet C2 server (confidence level: 50%)
file94.156.177.150
Sliver botnet C2 server (confidence level: 50%)
file159.223.229.0
Sliver botnet C2 server (confidence level: 50%)
file79.99.41.95
Sliver botnet C2 server (confidence level: 50%)
file37.120.178.79
Sliver botnet C2 server (confidence level: 50%)
file161.35.25.134
Sliver botnet C2 server (confidence level: 50%)
file151.236.220.113
Sliver botnet C2 server (confidence level: 50%)
file47.242.214.83
Sliver botnet C2 server (confidence level: 50%)
file3.124.115.208
BlackShades botnet C2 server (confidence level: 50%)
file15.156.199.145
BlackShades botnet C2 server (confidence level: 50%)
file13.49.46.48
BlackShades botnet C2 server (confidence level: 50%)
file213.136.57.21
Unknown malware botnet C2 server (confidence level: 50%)
file180.94.159.233
Unknown malware botnet C2 server (confidence level: 50%)
file210.3.209.18
Unknown malware botnet C2 server (confidence level: 50%)
file204.95.99.26
NjRAT botnet C2 server (confidence level: 75%)
file1.94.115.186
Cobalt Strike botnet C2 server (confidence level: 100%)
file82.156.0.140
Cobalt Strike botnet C2 server (confidence level: 100%)
file89.44.196.25
Cobalt Strike botnet C2 server (confidence level: 100%)
file166.108.232.68
Sliver botnet C2 server (confidence level: 100%)
file87.120.115.7
Hook botnet C2 server (confidence level: 100%)
file46.246.14.11
DCRat botnet C2 server (confidence level: 100%)
file82.156.108.180
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.140.131.77
Cobalt Strike botnet C2 server (confidence level: 100%)
file122.10.115.27
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.130.92.171
Cobalt Strike botnet C2 server (confidence level: 100%)
file106.75.76.252
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.131.189.5
Cobalt Strike botnet C2 server (confidence level: 100%)
file211.159.148.197
ValleyRAT botnet C2 server (confidence level: 100%)
file77.79.25.25
Unknown malware botnet C2 server (confidence level: 50%)
file77.79.4.77
Unknown malware botnet C2 server (confidence level: 50%)
file194.190.59.239
Unknown malware botnet C2 server (confidence level: 50%)
file83.15.244.74
Unknown malware botnet C2 server (confidence level: 50%)
file24.159.199.12
Unknown malware botnet C2 server (confidence level: 50%)
file71.86.42.220
Unknown malware botnet C2 server (confidence level: 50%)
file152.206.219.54
Unknown malware botnet C2 server (confidence level: 50%)
file223.17.188.132
Unknown malware botnet C2 server (confidence level: 50%)
file178.162.79.3
Unknown malware botnet C2 server (confidence level: 50%)
file54.199.65.64
Unknown malware botnet C2 server (confidence level: 50%)
file35.180.204.6
Unknown malware botnet C2 server (confidence level: 50%)
file154.31.217.203
Unknown malware botnet C2 server (confidence level: 50%)
file38.129.66.7
Unknown malware botnet C2 server (confidence level: 50%)
file64.227.161.180
Unknown malware botnet C2 server (confidence level: 50%)
file43.156.94.188
Sliver botnet C2 server (confidence level: 50%)
file139.84.208.224
Sliver botnet C2 server (confidence level: 50%)
file43.143.48.234
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.38.251.177
Cobalt Strike botnet C2 server (confidence level: 100%)
file111.230.53.71
Cobalt Strike botnet C2 server (confidence level: 100%)
file5.44.252.28
Cobalt Strike botnet C2 server (confidence level: 100%)
file194.58.68.112
Sliver botnet C2 server (confidence level: 100%)
file103.37.40.77
AsyncRAT botnet C2 server (confidence level: 100%)
file103.37.40.77
AsyncRAT botnet C2 server (confidence level: 100%)
file92.108.91.121
Quasar RAT botnet C2 server (confidence level: 100%)
file178.215.224.133
ERMAC botnet C2 server (confidence level: 100%)
file87.121.86.64
MooBot botnet C2 server (confidence level: 100%)
file23.227.198.237
BianLian botnet C2 server (confidence level: 100%)
file77.238.233.217
Cobalt Strike botnet C2 server (confidence level: 50%)
file124.221.174.136
Cobalt Strike botnet C2 server (confidence level: 50%)
file34.237.237.84
Cobalt Strike botnet C2 server (confidence level: 50%)
file103.243.25.70
Cobalt Strike botnet C2 server (confidence level: 50%)
file116.196.92.13
Cobalt Strike botnet C2 server (confidence level: 50%)
file85.209.156.2
Cobalt Strike botnet C2 server (confidence level: 50%)
file121.37.41.191
Cobalt Strike botnet C2 server (confidence level: 50%)
file113.44.79.187
Cobalt Strike botnet C2 server (confidence level: 50%)
file143.198.235.51
Cobalt Strike botnet C2 server (confidence level: 50%)
file38.207.177.216
Cobalt Strike botnet C2 server (confidence level: 50%)
file45.77.45.45
Cobalt Strike botnet C2 server (confidence level: 50%)
file18.175.223.129
Cobalt Strike botnet C2 server (confidence level: 50%)
file107.172.140.211
Cobalt Strike botnet C2 server (confidence level: 50%)
file47.93.243.161
Cobalt Strike botnet C2 server (confidence level: 50%)
file121.62.16.173
ValleyRAT botnet C2 server (confidence level: 75%)
file121.62.16.160
ValleyRAT botnet C2 server (confidence level: 75%)
file121.62.23.192
ValleyRAT botnet C2 server (confidence level: 75%)
file102.117.174.219
Unknown malware botnet C2 server (confidence level: 50%)
file188.117.141.123
Unknown malware botnet C2 server (confidence level: 100%)
file103.30.87.130
Unknown malware botnet C2 server (confidence level: 100%)
file184.189.187.198
Unknown malware botnet C2 server (confidence level: 100%)
file202.126.208.62
Unknown malware botnet C2 server (confidence level: 100%)
file109.194.42.217
Unknown malware botnet C2 server (confidence level: 100%)
file143.170.164.140
Unknown malware botnet C2 server (confidence level: 100%)
file165.220.130.166
Unknown malware botnet C2 server (confidence level: 100%)
file208.91.180.200
Unknown malware botnet C2 server (confidence level: 100%)
file165.220.157.175
Unknown malware botnet C2 server (confidence level: 100%)
file91.194.190.97
Unknown malware botnet C2 server (confidence level: 100%)
file195.95.234.40
Unknown malware botnet C2 server (confidence level: 100%)
file184.74.50.100
Unknown malware botnet C2 server (confidence level: 100%)
file61.220.104.77
Unknown malware botnet C2 server (confidence level: 100%)
file102.211.232.40
Mirai botnet C2 server (confidence level: 75%)
file137.220.229.61
ValleyRAT botnet C2 server (confidence level: 100%)
file64.237.149.93
AsyncRAT botnet C2 server (confidence level: 50%)
file147.185.221.24
NjRAT botnet C2 server (confidence level: 75%)
file80.59.36.43
Ghost RAT botnet C2 server (confidence level: 50%)
file172.94.30.35
Havoc botnet C2 server (confidence level: 50%)
file211.159.148.197
ValleyRAT botnet C2 server (confidence level: 100%)
file43.239.223.143
Unknown malware botnet C2 server (confidence level: 100%)
file110.41.43.248
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.113.104.43
Cobalt Strike botnet C2 server (confidence level: 100%)
file117.50.186.71
Cobalt Strike botnet C2 server (confidence level: 100%)
file179.43.171.201
Unknown malware botnet C2 server (confidence level: 100%)
file45.82.84.41
Remcos botnet C2 server (confidence level: 100%)
file52.204.27.109
Remcos botnet C2 server (confidence level: 100%)
file152.42.161.88
Sliver botnet C2 server (confidence level: 100%)
file170.106.136.132
Sliver botnet C2 server (confidence level: 100%)
file185.117.89.125
ShadowPad botnet C2 server (confidence level: 90%)
file95.216.188.229
Unknown malware botnet C2 server (confidence level: 100%)
file80.87.206.175
Unknown malware botnet C2 server (confidence level: 100%)
file178.215.224.138
Hook botnet C2 server (confidence level: 100%)
file116.203.56.216
DCRat botnet C2 server (confidence level: 100%)
file39.105.24.38
PlugX botnet C2 server (confidence level: 90%)
file39.105.24.38
PlugX botnet C2 server (confidence level: 90%)
file156.234.7.37
ValleyRAT botnet C2 server (confidence level: 100%)
file156.234.7.37
ValleyRAT botnet C2 server (confidence level: 100%)
file81.177.6.78
RedLine Stealer botnet C2 server (confidence level: 100%)
file66.63.187.173
Meduza Stealer botnet C2 server (confidence level: 100%)
file196.119.98.31
NjRAT botnet C2 server (confidence level: 100%)

Domain

ValueDescriptionCopy
domainseyfhg.work.gd
MooBot botnet C2 domain (confidence level: 75%)
domainhangindgheu.click
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaintirepublicerj.shop
Lumma Stealer payload delivery domain (confidence level: 75%)
domaincloudewahsj.shop
Lumma Stealer payload delivery domain (confidence level: 75%)
domainnoisycuttej.shop
Lumma Stealer payload delivery domain (confidence level: 75%)
domainwholersorie.shop
Lumma Stealer payload delivery domain (confidence level: 75%)
domainframekgirus.shop
Lumma Stealer payload delivery domain (confidence level: 75%)
domainrabidcowse.shop
Lumma Stealer payload delivery domain (confidence level: 75%)
domainnearycrepso.shop
Lumma Stealer payload delivery domain (confidence level: 75%)
domaingrubbytellek.click
Lumma Stealer payload delivery domain (confidence level: 75%)
domainabruptyopsn.shop
Lumma Stealer payload delivery domain (confidence level: 75%)
domaincyprecoofamerica.com
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincircle-o.io
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainapm.vpce.gdw55e.upgrade1.zip
Havoc botnet C2 domain (confidence level: 100%)
domainusps-online.com
Meduza Stealer botnet C2 domain (confidence level: 100%)
domainjersey-prize.gl.at.ply.gg
NjRAT botnet C2 domain (confidence level: 75%)
domainacc.mllcrosoft.com
Havoc botnet C2 domain (confidence level: 100%)
domainusps-sureness.com
Meduza Stealer botnet C2 domain (confidence level: 100%)
domainwww.sofianeyaya.fr
Unknown malware botnet C2 domain (confidence level: 100%)
domainecs-124-71-137-28.compute.hwclouds-dns.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaingui.microsoft-onedrive.upgrade1.zip
Havoc botnet C2 domain (confidence level: 100%)
domainusual-moneys.com
Bashlite botnet C2 domain (confidence level: 100%)
domainsumup.live
Hook botnet C2 domain (confidence level: 100%)
domainwww.globalsystemsupport.com
Havoc botnet C2 domain (confidence level: 100%)
domainaccount.upgrade1.zip
Havoc botnet C2 domain (confidence level: 100%)
domaingui.mllcrosoft.com
Havoc botnet C2 domain (confidence level: 100%)
domainddosme.twilight.zip
ValleyRAT botnet C2 domain (confidence level: 75%)
domainqq.ouyang7770.com
ValleyRAT botnet C2 domain (confidence level: 75%)
domainlemonsmp.work.gd
Mirai botnet C2 domain (confidence level: 100%)
domainbroworker5s.com
Unknown malware payload delivery domain (confidence level: 100%)
domainbrowork2er.cc
Unknown malware payload delivery domain (confidence level: 100%)
domainbetween-youth.gl.at.ply.gg
NjRAT botnet C2 domain (confidence level: 75%)
domainpixelize.cloud
Hook botnet C2 domain (confidence level: 100%)
domainsso.microsoft-onedrive.upgrade1.zip
Havoc botnet C2 domain (confidence level: 100%)
domainevents.api.upgrade1.zip
Havoc botnet C2 domain (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttps://check.qlkwr.com/awjsx.captcha
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://klipdalygeo.shop/ginni.mp4
Lumma Stealer payload delivery URL (confidence level: 75%)
urlhttp://190.128.153.54:64700/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://190.109.178.139:24931/4
Mirai payload delivery URL (confidence level: 75%)
urlhttp://79.119.55.204:1911/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://186.33.113.75:3689/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://94.137.31.250:8993/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://103.50.7.126:3689/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://91.200.115.75:2086/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://188.114.68.131:3000/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://196.202.194.133:63946/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://186.33.110.239:2121/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://186.33.117.22:8545/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://105.213.84.53:4444/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://89.215.188.163:41800/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://95.154.70.215:1314/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://46.246.164.241:9765/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://177.23.93.50:9306/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://95.105.41.79:50100/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://186.33.113.195:8801/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://185.226.17.104:4782/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://186.33.110.83:60001/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://77.76.80.223:3000/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://87.4.241.105:5005/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://130.204.214.199:5560/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://160.155.16.204:5446/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://79.34.21.17:46528/
Mirai payload delivery URL (confidence level: 75%)
urlhttp://179.12.51.141:38553/
Mirai payload delivery URL (confidence level: 75%)
urlhttp://103.237.174.238:7001
Mirai payload delivery URL (confidence level: 75%)
urlhttp://103.84.37.101:19439
Mirai payload delivery URL (confidence level: 75%)
urlhttp://112.78.42.90:29620
Mirai payload delivery URL (confidence level: 75%)
urlhttp://154.126.178.16:30629
Mirai payload delivery URL (confidence level: 75%)
urlhttp://85.72.39.196:39497/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://43.230.158.100:42063/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://202.131.244.202:30068/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://202.191.123.196:27033/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://46.20.63.220:54770/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://190.205.35.203:44238/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://36.64.23.219:16021/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://5.188.145.60:58103/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://91.192.153.73:53020/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://88.135.140.194:58387/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://182.253.60.197:46757/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://89.28.58.97:37382/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://180.92.233.78:25155/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://203.176.137.54:39516/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://146.66.164.51:59592/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://79.127.76.34:51525/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://210.4.69.226:44803/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://77.40.49.162:16097/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://201.234.151.229:47684/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://121.101.130.14:49784/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://213.6.74.138:39286/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://83.1.241.6:62288/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://195.218.152.38:7093/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://217.171.55.168:10055/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://89.40.54.142:44298/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://182.93.84.57:63686/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://212.237.112.109:54692/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://91.92.82.180:17789/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://103.93.176.116:51065/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://190.186.115.41:54059/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://115.188.121.248:4062/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://130.0.219.207:27096/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://103.43.7.93:7601/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://109.69.79.44:55952/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://200.255.164.35:64406/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://190.52.34.253:40486/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://83.239.105.190:63796/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://36.95.35.49:40708/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://185.131.240.71:52561/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://195.211.197.30:10994/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://93.175.223.140:5544/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://213.221.36.18:7124/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://116.58.39.59:13057/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://202.5.52.110:37085/bin.sh
Mirai payload delivery URL (confidence level: 75%)
urlhttp://202.5.52.110:37085/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://195.218.152.38:7093/bin.sh
Mirai payload delivery URL (confidence level: 75%)
urlhttp://146.196.97.231:19590/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://185.19.119.228:50266/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://177.220.157.134:20907/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://213.184.249.83:56304/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://92.38.45.132:51519/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://177.131.121.199:12006/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://186.4.222.76:19066/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://187.95.124.125:58300/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://193.189.188.129:40630/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://181.10.211.18:2617/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://163.53.205.56:32999/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://202.148.18.218:30944/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://185.29.162.101:3788/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://188.0.251.2:52872/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://201.245.165.67:16287/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://77.49.193.166:20000/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://185.43.228.126:2473/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://195.162.70.5:2060/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://77.91.137.168:13945/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://185.114.137.114:23308/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://178.34.182.186:34662/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://186.211.153.18:42419/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://202.59.90.106:62207/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://200.69.219.25:6584/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://202.166.220.109:59928/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://190.246.165.66:1145/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://195.162.70.105:34207/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://188.191.16.250:14894/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://200.116.1.90:25508/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://203.150.128.89:17524/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://194.183.186.164:50835/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://178.222.134.59:15713/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://197.155.64.126:47085/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://193.95.254.50:40630/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://202.148.20.138:24291/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://178.212.51.54:9195/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://178.19.183.14:6116/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://87.14.24.141:17949/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://146.196.120.194:45995/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://103.69.89.229:21502/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://195.98.68.52:41604/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://188.175.134.62:4496/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://103.203.92.41:7120/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://94.43.59.154:30924/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://84.43.49.111:1194/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://62.152.23.177:14418/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://200.61.163.235:27538/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://85.133.154.94:50435/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://181.112.153.78:7046/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://85.130.70.76:58241/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://46.167.196.225:6989/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://103.90.207.58:41059/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://71.83.248.9:43754/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://88.199.42.31:61023/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://103.93.177.61:26431/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://139.255.78.211:62967/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://203.128.76.99:58053/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://178.169.136.50:16723/i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://200.122.211.138:31644/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://27.147.132.114:38521/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://103.61.103.83:2620/mozi.m
Mirai payload delivery URL (confidence level: 75%)
urlhttp://202.63.242.37:43762/mozi.m
Mirai payload delivery URL (confidence level: 75%)
urlhttp://103.1.157.126:20748/mozi.m
Mirai payload delivery URL (confidence level: 75%)
urlhttp://103.165.58.235:59082/mozi.m
Mirai payload delivery URL (confidence level: 75%)
urlhttp://77.70.95.84:27048/mozi.m
Mirai payload delivery URL (confidence level: 75%)
urlhttp://190.109.189.120:49416/
Mirai payload delivery URL (confidence level: 75%)
urlhttp://217.144.173.240:2559/.i
Mirai payload delivery URL (confidence level: 75%)
urlhttp://77.87.236.131:32971/mozi.m
Mirai payload delivery URL (confidence level: 75%)
urlhttp://103.163.208.252:8888/supershell/login/
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://chongmei33.myddns.rocks:7044/is-ready
Houdini botnet C2 (confidence level: 100%)
urlhttp://watertreecapital.com/ponyz/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://pdiroasdasadas.atwebpages.com/l1nc0in.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://495112cm.renyash.ru/vmlinemultiuniversalwp.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://178.124.176.209:12455/wall1.exe
Unknown malware payload delivery URL (confidence level: 50%)
urlhttp://178.124.176.209:12455/windows.exe
Unknown malware payload delivery URL (confidence level: 50%)
urlhttp://178.124.176.209:12455/diskdrive.exe
Unknown malware payload delivery URL (confidence level: 50%)
urlhttp://178.124.176.209:12455/h2testw.exe
Unknown malware payload delivery URL (confidence level: 50%)
urlhttp://178.124.176.209:12455/p2mdell.exe
Unknown malware payload delivery URL (confidence level: 50%)
urlhttp://178.124.176.209:12455/update.exe
Unknown malware payload delivery URL (confidence level: 50%)
urlhttp://62.109.6.177/javascript/updateexternaluniversalbase/dbjavascript1cdn/pollsql/requesthttpdefaultbase.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://154.29.71.9/eternalcpuimage/publicto7poll/betterpacketwindowsapi/83/asyncpublicvideo6/7protect/6linux/tracklowbigload/sqlvoiddbprivatetraffic/publicdlelongpoll/dbcdn.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://103.163.208.252:8888/supershell/login
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://107.172.157.80:8888/supershell/login
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://47.120.37.153:8888/supershell/login
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://113.44.78.183:8888/supershell/login
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://124.70.193.76:8888/supershell/login
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://178.255.244.176:8888/supershell/login
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://107.189.28.92:8888/supershell/login
Unknown malware botnet C2 (confidence level: 50%)
urlhttps://altadefinizioneapp.com/api
Lumma Stealer botnet C2 (confidence level: 50%)
urlhttps://onefreex.com/api
Lumma Stealer botnet C2 (confidence level: 50%)
urlhttps://80.85.241.225/ef05b005854373ec.php
Stealc botnet C2 (confidence level: 50%)
urlhttps://81.19.137.220/72e62e029dc81ebf.php
Stealc botnet C2 (confidence level: 50%)
urlhttps://94.228.169.55/7baff47bec0ff5db.php
Stealc botnet C2 (confidence level: 50%)
urlhttps://77.73.131.100/a2f524d70db7d1a7.php
Stealc botnet C2 (confidence level: 50%)
urlhttps://185.106.94.206/4e815d9f1ec482dd.php
Stealc botnet C2 (confidence level: 50%)
urlhttps://185.215.113.20/gb9fskvs/index.php
Amadey botnet C2 (confidence level: 50%)
urlhttp://condition-clearance.gl.at.ply.gg:7070
NjRAT botnet C2 (confidence level: 100%)
urlhttp://srpmx.ddns.net:5552
NjRAT botnet C2 (confidence level: 100%)
urlhttp://ali2015.noip.me:1177
NjRAT botnet C2 (confidence level: 100%)
urlhttp://kakam50.no-ip.biz:5552
NjRAT botnet C2 (confidence level: 100%)
urlhttp://klawess1.no-ip.org:1177
NjRAT botnet C2 (confidence level: 100%)
urlhttp://10cpanel.hackcrack.io:33982
NjRAT botnet C2 (confidence level: 100%)
urlhttp://toothless.myq-see.com:1177
NjRAT botnet C2 (confidence level: 100%)
urlhttp://loosseer1212.no-ip.biz:1177
NjRAT botnet C2 (confidence level: 100%)
urlhttp://abolhb.com:505
NjRAT botnet C2 (confidence level: 100%)
urlhttp://hayderblack.no-ip.org:5552
NjRAT botnet C2 (confidence level: 100%)
urlhttp://legend7mood.no-ip.biz:1177
NjRAT botnet C2 (confidence level: 100%)
urlhttp://nouhparo.no-ip.biz:1177
NjRAT botnet C2 (confidence level: 100%)
urlhttp://ahmadayad2014.no-ip.biz:1177
NjRAT botnet C2 (confidence level: 100%)
urlhttp://tekken.zapto.org:92
NjRAT botnet C2 (confidence level: 100%)
urlhttp://islamachour.no-ip.org:1177
NjRAT botnet C2 (confidence level: 100%)
urlhttp://aliaaaiub2000.no-ip.org:1177
NjRAT botnet C2 (confidence level: 100%)
urlhttp://backdoor25.no-ip.org:81
NjRAT botnet C2 (confidence level: 100%)
urlhttp://iamsprey.ddns.net:1605
NjRAT botnet C2 (confidence level: 100%)
urlhttp://abood147741.noip.me:81
NjRAT botnet C2 (confidence level: 100%)
urlhttp://alkh20.no-ip.biz:5552
NjRAT botnet C2 (confidence level: 100%)
urlhttp://kazimali00.no-ip.org:5552
NjRAT botnet C2 (confidence level: 100%)
urlhttp://softtofu.uy.to:5552
NjRAT botnet C2 (confidence level: 100%)
urlhttp://yoryounes.no-ip.biz:1177
NjRAT botnet C2 (confidence level: 100%)
urlhttp://kartoxamc.ga:4726
NjRAT botnet C2 (confidence level: 100%)
urlhttp://medo-m919.no-ip.biz:1177
NjRAT botnet C2 (confidence level: 100%)
urlhttp://yyytuit7rt.no-ip.org:6622
NjRAT botnet C2 (confidence level: 100%)
urlhttp://ezzbn.noip.me:1177
NjRAT botnet C2 (confidence level: 100%)
urlhttp://darkdx2002.no-ip.biz:1177
NjRAT botnet C2 (confidence level: 100%)
urlhttp://helpme.no-ip.org:125
NjRAT botnet C2 (confidence level: 100%)
urlhttp://startitit2-23969.portmap.host:1604
NjRAT botnet C2 (confidence level: 100%)
urlhttp://g574h9hd9.duckdns.org:1605
NjRAT botnet C2 (confidence level: 100%)
urlhttp://rudghks.ddns.net:2396
NjRAT botnet C2 (confidence level: 100%)
urlhttp://halimoullah.no-ip.org:1234
NjRAT botnet C2 (confidence level: 100%)
urlhttp://confirmation.myvnc.com:5552
NjRAT botnet C2 (confidence level: 100%)
urlhttp://aaaar2aaat2.ddns.net:1177
NjRAT botnet C2 (confidence level: 100%)
urlhttp://blackmagix.no-ip.org:1177
NjRAT botnet C2 (confidence level: 100%)
urlhttp://medohack.no-ip.biz:1117
NjRAT botnet C2 (confidence level: 100%)
urlhttp://skandar001007.ddns.net:1101
NjRAT botnet C2 (confidence level: 100%)
urlhttp://ailail07821532043.no-ip.biz:1177
NjRAT botnet C2 (confidence level: 100%)
urlhttp://np21tda.no-ip.biz:1604
NjRAT botnet C2 (confidence level: 100%)
urlhttp://hardysalah.no-ip.biz:1177
NjRAT botnet C2 (confidence level: 100%)
urlhttp://110xxx.zapto.org:1177
NjRAT botnet C2 (confidence level: 100%)
urlhttp://najrat13.no-ip.info:1177
NjRAT botnet C2 (confidence level: 100%)
urlhttp://f3609e192fe8d18133.servehalflife.com:1380
NjRAT botnet C2 (confidence level: 100%)
urlhttp://customers-edmonton.gl.at.ply.gg:28608
NjRAT botnet C2 (confidence level: 100%)
urlhttp://colyfigo777.hopto.org:1177
NjRAT botnet C2 (confidence level: 100%)
urlhttp://abu-saleh.no-ip.biz:1177
NjRAT botnet C2 (confidence level: 100%)
urlhttp://abukamal.hopto.org:1177
NjRAT botnet C2 (confidence level: 100%)
urlhttp://jastn.ddns.net:5552
NjRAT botnet C2 (confidence level: 100%)
urlhttp://nigro02.no-ip.info:1177
NjRAT botnet C2 (confidence level: 100%)
urlhttp://between-youth.gl.at.ply.gg:58685
NjRAT botnet C2 (confidence level: 100%)
urlhttp://81.177.6.78/iremotepanel
RedLine Stealer botnet C2 (confidence level: 100%)

Threat ID: 682c7dc3e8347ec82d2e3bf6

Added to database: 5/20/2025, 1:04:03 PM

Last enriched: 6/19/2025, 4:16:50 PM

Last updated: 8/19/2025, 12:11:56 AM

Views: 666

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats