Skip to main content

ThreatFox IOCs for 2025-01-08

Medium
Published: Wed Jan 08 2025 (01/08/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-01-08

AI-Powered Analysis

AILast updated: 06/19/2025, 15:34:12 UTC

Technical Analysis

The provided threat intelligence pertains to a malware-related report titled 'ThreatFox IOCs for 2025-01-08,' sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under 'type:osint,' indicating that it primarily involves open-source intelligence data rather than specific vulnerabilities or exploits tied to particular software versions or products. No affected software versions or patches are listed, and there are no known exploits in the wild associated with this threat at the time of publication. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination or visibility within threat intelligence communities. The absence of concrete IOCs or CWE identifiers limits the ability to pinpoint exact attack vectors or malware behavior. Overall, this report appears to be a collection or update of IOCs related to malware activities, intended for situational awareness and early warning rather than indicating an active, widespread exploit campaign.

Potential Impact

For European organizations, the impact of this threat is currently limited due to the lack of known exploits and specific affected products or versions. However, the presence of malware-related IOCs in ThreatFox suggests that there may be emerging or low-level malware campaigns that could target organizations relying on open-source intelligence or those monitoring threat feeds for early detection. If these IOCs correspond to malware capable of data exfiltration, lateral movement, or persistence, affected organizations could face confidentiality breaches, operational disruptions, or reputational damage. The medium severity rating reflects a moderate risk level, implying that while immediate widespread impact is unlikely, vigilance is necessary to prevent potential escalation. Organizations in sectors with high exposure to cyber threats, such as finance, critical infrastructure, and government, should consider this intelligence as part of their broader threat landscape monitoring.

Mitigation Recommendations

Given the nature of this threat as an OSINT-based malware IOC update without specific exploit details, mitigation should focus on enhancing detection and response capabilities rather than patching specific vulnerabilities. Recommendations include: 1) Integrate the latest ThreatFox IOCs into Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to improve detection of related malware activity. 2) Conduct regular threat hunting exercises using updated IOCs to identify potential compromises early. 3) Maintain robust network segmentation and least privilege access controls to limit malware propagation if infection occurs. 4) Ensure comprehensive logging and monitoring of network traffic and endpoint behavior to detect anomalies. 5) Train security teams to interpret and act on OSINT feeds effectively, emphasizing correlation with internal telemetry. 6) Participate in information sharing communities to receive timely updates on evolving threats. These measures go beyond generic advice by focusing on proactive intelligence integration and operational readiness tailored to OSINT-derived malware indicators.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
d382365b-036f-4793-b279-7449190fe8ee
Original Timestamp
1736380986

Indicators of Compromise

Domain

ValueDescriptionCopy
domainbiznessclinic.life
FAKEUPDATES payload delivery domain (confidence level: 100%)
domaincharteredpracticingprofessionals.org
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainloveinactiongroup.org
FAKEUPDATES payload delivery domain (confidence level: 100%)
domaintherbo.org
FAKEUPDATES payload delivery domain (confidence level: 100%)
domaintwistforcepo.cfd
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainliftgoodus.cfd
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainfastysticke.sbs
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincheck.qlkwr.com
ClearFake payload delivery domain (confidence level: 50%)
domainfinzydev.click
NjRAT botnet C2 domain (confidence level: 75%)
domainwww.sumup.live
Hook botnet C2 domain (confidence level: 100%)
domainoutlook.offfec.me
Unknown malware botnet C2 domain (confidence level: 100%)
domainwltk03.sbs
Vidar botnet C2 domain (confidence level: 100%)
domain2ajeeps.info
Hook botnet C2 domain (confidence level: 100%)
domainaccounts.app-cloud.link
Havoc botnet C2 domain (confidence level: 100%)
domainwww.phantom-security.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainhangotouic.xyz
RedLine Stealer botnet C2 domain (confidence level: 50%)
domainssl.mllcrosoft.com
Havoc botnet C2 domain (confidence level: 100%)
domainbxikebdyxv.com
Vidar botnet C2 domain (confidence level: 100%)
domainfive5vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainforttj14vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainraysre.com
FAKEUPDATES payload delivery domain (confidence level: 75%)
domainmunicipioalcidiadechicamocha.ddnsgeek.com
Remcos botnet C2 domain (confidence level: 100%)
domaintlabs-za.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainlogin.mllcrosoft.com
Havoc botnet C2 domain (confidence level: 100%)
domainimg1.mllcrosoft.com
Havoc botnet C2 domain (confidence level: 100%)
domaintracking-usps.com
Meduza Stealer botnet C2 domain (confidence level: 100%)
domainguidemytax.com
NetSupportManager RAT botnet C2 domain (confidence level: 100%)
domainfantomri.beget.tech
DCRat botnet C2 domain (confidence level: 100%)
domaina1072021.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domainl99250gh.beget.tech
DCRat botnet C2 domain (confidence level: 100%)
domainf1072057.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domaincq12403.tw1.ru
DCRat botnet C2 domain (confidence level: 100%)
domaina1071765.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domaincd38713.tw1.ru
DCRat botnet C2 domain (confidence level: 100%)
domainrobinsharez.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainhandscreamny.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainsoundtappysk.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainchipdonkeruz.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainletterdrive.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainapporholis.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincrowdwarek.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainversersleep.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainfemalsabler.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainshowpanicke.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainfixerwingh.click
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainrainstofixx.click
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincomplexforkz.click
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainhurtyfallyer.click
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainsniffdropy.click
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainquantitypitt.click
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaininvinciblepol.click
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainfoundchohi.click
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaintruckerconner.click
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainworkableefferz.click
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainstartydashek.click
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincrownybusher.click
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainskidjazzyric.click
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainabdibingjwhs.click
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainclockermuzisc.click
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainpullynailksu.click
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainnonstopshawk.cyou
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainskinfuzzerz.cyou
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainfairiespar.cyou
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainmiscreanntyj.cyou
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainbeattalkerz.cyou
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainmonkeycutte.cyou
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainrhythmsellk.cyou
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainstomachyumem.cyou
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainholidayeyeus.cyou
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainthrowlette.cyou
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainowerinternal.sbs
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainscaredsensa.sbs
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainremakeveile.sbs
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainshadeplucjek.sbs
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainblofel.unidadedeterapiaintensiva.sbs
Astaroth botnet C2 domain (confidence level: 100%)
domainblojanpal.ultrassomterapico.sbs
Astaroth botnet C2 domain (confidence level: 100%)
domainblolanqual0.scannerdecorpointeiro.sbs
Astaroth botnet C2 domain (confidence level: 100%)
domainbrusonder.scannerdecorpointeiro.sbs
Astaroth botnet C2 domain (confidence level: 100%)
domainclabel.sistemadeimagem.sbs
Astaroth botnet C2 domain (confidence level: 100%)
domaincrilunxil.equipamentodereanimacao.sbs
Astaroth botnet C2 domain (confidence level: 100%)
domaincrinonranfar.fotobiomodulacao.sbs
Astaroth botnet C2 domain (confidence level: 100%)
domaincroel.sistemadeimagem.sbs
Astaroth botnet C2 domain (confidence level: 100%)
domaindretar.ultrassomterapico.sbs
Astaroth botnet C2 domain (confidence level: 100%)
domaindrobancol.insuflador.sbs
Astaroth botnet C2 domain (confidence level: 100%)
domaindrorol.insuflador.sbs
Astaroth botnet C2 domain (confidence level: 100%)
domaindroronluntar.equipamentoderadiografia.sbs
Astaroth botnet C2 domain (confidence level: 100%)
domainflipinfenqual.unidadedeterapiaintensiva.sbs
Astaroth botnet C2 domain (confidence level: 100%)
domainflipor.analisadordegases.sbs
Astaroth botnet C2 domain (confidence level: 100%)
domainplanpenkinal.aparelhodeterapiaintensiva.sbs
Astaroth botnet C2 domain (confidence level: 100%)
domainplozinim.analisadordegases.sbs
Astaroth botnet C2 domain (confidence level: 100%)
domainprimonfel615.fotobiomodulacao.sbs
Astaroth botnet C2 domain (confidence level: 100%)
domainprisar.equipamentoderadiografia.sbs
Astaroth botnet C2 domain (confidence level: 100%)
domainspruvinal5.equipamentodereanimacao.sbs
Astaroth botnet C2 domain (confidence level: 100%)
domaintreriz.aparelhodeterapiaintensiva.sbs
Astaroth botnet C2 domain (confidence level: 100%)
domainsolve.bogx.org
ClearFake payload delivery domain (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttps://biznessclinic.life/work/original.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://biznessclinic.life/work/index.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://biznessclinic.life/work/download.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://charteredpracticingprofessionals.org/work/original.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://charteredpracticingprofessionals.org/work/download.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://charteredpracticingprofessionals.org/work/index.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://loveinactiongroup.org/work/original.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://loveinactiongroup.org/work/index.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://loveinactiongroup.org/work/download.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://therbo.org/work/original.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://therbo.org/work/index.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://therbo.org/work/download.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://phoenior.beget.tech/c72b0ba3.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://95.217.25.164
Vidar botnet C2 (confidence level: 100%)
urlhttp://46.227.184.209:44913/mozi.m
Mozi payload delivery URL (confidence level: 50%)
urlhttps://sereneoasis.shop/api
Lumma Stealer botnet C2 (confidence level: 50%)
urlhttps://chipdonkeruz.shop/api
Lumma Stealer botnet C2 (confidence level: 50%)
urlhttps://soundtappysk.shop/api
Lumma Stealer botnet C2 (confidence level: 50%)
urlhttps://femalsabler.shop/api
Lumma Stealer botnet C2 (confidence level: 50%)
urlhttps://letterdrive.shop/api
Lumma Stealer botnet C2 (confidence level: 50%)
urlhttps://crowdwarek.shop/api
Lumma Stealer botnet C2 (confidence level: 50%)
urlhttps://handscreamny.shop/api
Lumma Stealer botnet C2 (confidence level: 50%)
urlhttp://62.204.41.163/2c3d53f1da5ea53a/mozglue.dll
Stealc payload delivery URL (confidence level: 50%)
urlhttp://185.231.69.191/ec05bb5a9eb90166/sqlite3.dll
Stealc payload delivery URL (confidence level: 50%)
urlhttp://85.28.47.4/69934896f997d5bb/sqlite3.dll
Stealc payload delivery URL (confidence level: 50%)
urlhttps://lusii.oss-ap-southeast-1.aliyuncs.com/re2.mp4
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://wltk03.sbs/
Vidar botnet C2 (confidence level: 100%)
urlhttps://ferrydero.com/gopros/verify.txt
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://robinsharez.shop/api
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://handscreamny.shop/api
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://chipdonkeruz.shop/api
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://versersleep.shop/api
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://crowdwarek.shop/api
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://apporholis.shop/api
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://femalsabler.shop/api
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://soundtappysk.shop/api
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttp://you-checked.com/cf/verify/7362731/check
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://cfffee.sbs/
Vidar botnet C2 (confidence level: 100%)
urlhttps://bxikebdyxv.com/
Vidar botnet C2 (confidence level: 100%)
urlhttps://grutt.click/
Vidar botnet C2 (confidence level: 100%)
urlhttps://sputnik-1985.com/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://shademom.icu/n25.php
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://maskmom.sbs/dol.php
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://pub-9c4ec7f3f95c448b85e464d2b533aac1.r2.dev/captcha-verify-approvals-system.html
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://apporholis.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://robinsharez.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://versersleep.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://handscreamny.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://furisiticoffers.info/6772b3c23b94c233440b9234?ref_id=14529777983820835093
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttp://generatorauc.pro/676532b046cfbdecfd800dbf?c=aodifgcvywuaa4acafrxfwasaaaaaaab
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://sos-de-muc-1.exo.io/asist/last/check/keep-browsing-to-continue-web-55.html
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttp://casterliveshow.org/6756cf5adbcf3bff0cb911ff
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://raysre.com/5p7i.js
FAKEUPDATES payload delivery URL (confidence level: 75%)
urlhttps://raysre.com/js.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://canjjclmlnicbga.top/1.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://netgenius.life/bbbb.zip
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://ddrmovies.fun/work/original.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://ddrmovies.fun/work/index.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://tlabs-za.com/work/original.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://838596cm.nyafka.top/linelongpolllinuxflowercentraluploads.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://185.177.239.66/javascript3public8/_uploadsline0/cpu1/protectwindowshttplongpoll/1python/traffic8game/longpolldb1vm/defaultwordpress/cpuwordpressjavascript/universalgamegeoeternal/generatortest/3/sqlcpuprovider/wordpress7python/pollvm/totrack/test/defaultimagegame7/protect/eternalhttpwindowsuploadsdownloadstemporary.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://shadeplucjek.sbs/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://remakeveile.sbs/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://scaredsensa.sbs/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://owerinternal.sbs/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://throwlette.cyou/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://holidayeyeus.cyou/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://stomachyumem.cyou/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://rhythmsellk.cyou/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://miscreanntyj.cyou/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://nonstopshawk.cyou/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://pullynailksu.click/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://clockermuzisc.click/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://abdibingjwhs.click/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://skidjazzyric.click/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://crownybusher.click/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://workableefferz.click/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://startydashek.click/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://truckerconner.click/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://foundchohi.click/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://invinciblepol.click/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://quantitypitt.click/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://sniffdropy.click/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://hurtyfallyer.click/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://complexforkz.click/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://fixerwingh.click/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://rainstofixx.click/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://showpanicke.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://505905cm.n9shka.top/imagepolllinuxcentral.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://burjuiwm.beget.tech/353bf960.php
DCRat botnet C2 (confidence level: 100%)

File

ValueDescriptionCopy
file104.21.9.171
Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%)
file77.90.22.45
NjRAT botnet C2 server (confidence level: 75%)
file212.192.13.142
Cobalt Strike botnet C2 server (confidence level: 50%)
file45.42.40.155
Cobalt Strike payload delivery server (confidence level: 100%)
file79.124.60.186
Mirai botnet C2 server (confidence level: 75%)
file164.92.250.100
Unknown malware botnet C2 server (confidence level: 100%)
file174.138.86.13
Havoc botnet C2 server (confidence level: 100%)
file15.152.31.8
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file20.169.230.2
ERMAC botnet C2 server (confidence level: 100%)
file62.210.116.3
Meduza Stealer botnet C2 server (confidence level: 100%)
file87.121.86.144
MooBot botnet C2 server (confidence level: 100%)
file154.127.56.84
Mirai botnet C2 server (confidence level: 75%)
file106.75.62.120
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.40.19.66
Cobalt Strike botnet C2 server (confidence level: 100%)
file172.245.185.204
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.200.51.22
Remcos botnet C2 server (confidence level: 100%)
file111.119.217.0
Sliver botnet C2 server (confidence level: 100%)
file168.100.10.198
Unknown malware botnet C2 server (confidence level: 75%)
file154.91.90.234
ValleyRAT botnet C2 server (confidence level: 100%)
file206.237.31.191
Unknown malware botnet C2 server (confidence level: 100%)
file101.132.154.90
Unknown malware botnet C2 server (confidence level: 100%)
file180.76.120.104
Unknown malware botnet C2 server (confidence level: 100%)
file38.38.251.34
Unknown malware botnet C2 server (confidence level: 100%)
file170.187.156.240
Unknown malware botnet C2 server (confidence level: 100%)
file93.183.80.103
Unknown malware botnet C2 server (confidence level: 100%)
file174.138.70.44
Unknown malware botnet C2 server (confidence level: 100%)
file217.192.236.53
Unknown malware botnet C2 server (confidence level: 100%)
file34.100.253.121
Unknown malware botnet C2 server (confidence level: 100%)
file134.209.209.126
Unknown malware botnet C2 server (confidence level: 100%)
file109.199.125.181
Unknown malware botnet C2 server (confidence level: 100%)
file83.229.82.13
Unknown malware botnet C2 server (confidence level: 100%)
file4.251.8.211
Unknown malware botnet C2 server (confidence level: 100%)
file3.210.90.55
Unknown malware botnet C2 server (confidence level: 100%)
file142.171.3.163
Cobalt Strike botnet C2 server (confidence level: 50%)
file172.232.44.165
Unknown malware botnet C2 server (confidence level: 50%)
file192.235.96.137
Ghost RAT botnet C2 server (confidence level: 50%)
file64.130.197.71
Unknown malware botnet C2 server (confidence level: 50%)
file188.254.244.251
Unknown malware botnet C2 server (confidence level: 50%)
file155.138.252.60
RedLine Stealer botnet C2 server (confidence level: 50%)
file80.85.137.119
RedLine Stealer botnet C2 server (confidence level: 50%)
file154.82.85.107
ValleyRAT botnet C2 server (confidence level: 100%)
file107.173.2.22
Cobalt Strike botnet C2 server (confidence level: 100%)
file64.7.199.119
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.200.51.19
Remcos botnet C2 server (confidence level: 100%)
file141.95.114.240
Remcos botnet C2 server (confidence level: 100%)
file80.76.49.186
Remcos botnet C2 server (confidence level: 100%)
file102.117.169.87
Unknown malware botnet C2 server (confidence level: 100%)
file93.123.109.246
Hook botnet C2 server (confidence level: 100%)
file18.231.172.87
Havoc botnet C2 server (confidence level: 100%)
file185.10.68.146
Havoc botnet C2 server (confidence level: 100%)
file176.188.105.70
Havoc botnet C2 server (confidence level: 100%)
file109.123.236.241
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.107.114.125
Cobalt Strike botnet C2 server (confidence level: 100%)
file89.23.97.121
RedLine Stealer botnet C2 server (confidence level: 100%)
file39.107.227.94
Cobalt Strike botnet C2 server (confidence level: 100%)
file115.120.210.236
Cobalt Strike botnet C2 server (confidence level: 100%)
file94.159.113.213
Matanbuchus botnet C2 server (confidence level: 60%)
file39.105.134.96
Cobalt Strike botnet C2 server (confidence level: 100%)
file113.44.79.187
Cobalt Strike botnet C2 server (confidence level: 100%)
file93.113.25.206
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.100.77.129
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.97.5.243
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.100.82.221
Cobalt Strike botnet C2 server (confidence level: 100%)
file1.92.137.130
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.200.51.8
Remcos botnet C2 server (confidence level: 100%)
file45.200.51.8
Remcos botnet C2 server (confidence level: 100%)
file87.120.113.92
Sliver botnet C2 server (confidence level: 100%)
file123.11.142.173
Unknown malware botnet C2 server (confidence level: 100%)
file43.128.242.138
Unknown malware botnet C2 server (confidence level: 100%)
file45.154.98.25
AsyncRAT botnet C2 server (confidence level: 100%)
file209.145.56.0
AsyncRAT botnet C2 server (confidence level: 100%)
file13.72.250.0
AsyncRAT botnet C2 server (confidence level: 100%)
file173.44.139.179
AsyncRAT botnet C2 server (confidence level: 100%)
file93.123.109.246
Hook botnet C2 server (confidence level: 100%)
file65.109.209.40
Havoc botnet C2 server (confidence level: 100%)
file207.148.121.17
Havoc botnet C2 server (confidence level: 100%)
file89.117.49.234
Venom RAT botnet C2 server (confidence level: 100%)
file31.58.58.187
DCRat botnet C2 server (confidence level: 100%)
file18.202.197.17
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file13.203.156.41
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file89.187.28.164
MooBot botnet C2 server (confidence level: 100%)
file87.121.86.2
MimiKatz botnet C2 server (confidence level: 100%)
file141.98.10.115
Mirai botnet C2 server (confidence level: 75%)
file103.82.249.78
NjRAT botnet C2 server (confidence level: 100%)
file154.37.220.109
ValleyRAT botnet C2 server (confidence level: 100%)
file92.255.85.135
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file47.92.173.253
Cobalt Strike botnet C2 server (confidence level: 100%)
file111.173.106.18
ValleyRAT botnet C2 server (confidence level: 100%)
file111.173.106.115
ValleyRAT botnet C2 server (confidence level: 100%)
file129.226.213.170
Unknown malware botnet C2 server (confidence level: 100%)
file31.13.224.194
AsyncRAT botnet C2 server (confidence level: 100%)
file209.94.56.86
MimiKatz botnet C2 server (confidence level: 100%)
file45.138.16.193
xmrig botnet C2 server (confidence level: 100%)
file103.107.104.61
PlugX botnet C2 server (confidence level: 60%)

Hash

ValueDescriptionCopy
hash80
Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%)
hash3333
NjRAT botnet C2 server (confidence level: 75%)
hash8880
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike payload delivery server (confidence level: 100%)
hash3277
Mirai botnet C2 server (confidence level: 75%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash2003
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8082
ERMAC botnet C2 server (confidence level: 100%)
hash80
Meduza Stealer botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash3778
Mirai botnet C2 server (confidence level: 75%)
hash8000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash7000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Remcos botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 75%)
hash4433
ValleyRAT botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash8081
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3132
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 50%)
hash4443
Unknown malware botnet C2 server (confidence level: 50%)
hash443
Ghost RAT botnet C2 server (confidence level: 50%)
hash63256
Unknown malware botnet C2 server (confidence level: 50%)
hash7777
Unknown malware botnet C2 server (confidence level: 50%)
hash48926
RedLine Stealer botnet C2 server (confidence level: 50%)
hash45288
RedLine Stealer botnet C2 server (confidence level: 50%)
hash15091
ValleyRAT botnet C2 server (confidence level: 100%)
hash222
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash42069
Havoc botnet C2 server (confidence level: 100%)
hash80
Havoc botnet C2 server (confidence level: 100%)
hash8088
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1112
RedLine Stealer botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Matanbuchus botnet C2 server (confidence level: 60%)
hash558fe8c705bbd035f886cc02acee3fdfa50398e74795f62d182e01225d58e2e2
Lumma Stealer payload (confidence level: 100%)
hash586b3a854631ed30c8aefbde7edcf3a725d7c40a4a56c8ebc17aeb64979ea442
Lumma Stealer payload (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8801
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash20013
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash8080
Remcos botnet C2 server (confidence level: 100%)
hash31337
Sliver botnet C2 server (confidence level: 100%)
hash5873
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash7001
AsyncRAT botnet C2 server (confidence level: 100%)
hash5555
AsyncRAT botnet C2 server (confidence level: 100%)
hash8080
AsyncRAT botnet C2 server (confidence level: 100%)
hash8078
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash4321
Venom RAT botnet C2 server (confidence level: 100%)
hash25565
DCRat botnet C2 server (confidence level: 100%)
hash5903
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash18084
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash8080
MimiKatz botnet C2 server (confidence level: 100%)
hash1302
Mirai botnet C2 server (confidence level: 75%)
hash3158
NjRAT botnet C2 server (confidence level: 100%)
hash5858
ValleyRAT botnet C2 server (confidence level: 100%)
hash443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash25507
ValleyRAT botnet C2 server (confidence level: 100%)
hash25602
ValleyRAT botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash8000
MimiKatz botnet C2 server (confidence level: 100%)
hash80
xmrig botnet C2 server (confidence level: 100%)
hash5000
PlugX botnet C2 server (confidence level: 60%)

Threat ID: 682c7dc2e8347ec82d2e1300

Added to database: 5/20/2025, 1:04:02 PM

Last enriched: 6/19/2025, 3:34:12 PM

Last updated: 8/17/2025, 6:23:25 PM

Views: 19

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats