ThreatFox IOCs for 2025-01-08
ThreatFox IOCs for 2025-01-08
AI Analysis
Technical Summary
The provided threat intelligence pertains to a malware-related report titled 'ThreatFox IOCs for 2025-01-08,' sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under 'type:osint,' indicating that it primarily involves open-source intelligence data rather than specific vulnerabilities or exploits tied to particular software versions or products. No affected software versions or patches are listed, and there are no known exploits in the wild associated with this threat at the time of publication. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination or visibility within threat intelligence communities. The absence of concrete IOCs or CWE identifiers limits the ability to pinpoint exact attack vectors or malware behavior. Overall, this report appears to be a collection or update of IOCs related to malware activities, intended for situational awareness and early warning rather than indicating an active, widespread exploit campaign.
Potential Impact
For European organizations, the impact of this threat is currently limited due to the lack of known exploits and specific affected products or versions. However, the presence of malware-related IOCs in ThreatFox suggests that there may be emerging or low-level malware campaigns that could target organizations relying on open-source intelligence or those monitoring threat feeds for early detection. If these IOCs correspond to malware capable of data exfiltration, lateral movement, or persistence, affected organizations could face confidentiality breaches, operational disruptions, or reputational damage. The medium severity rating reflects a moderate risk level, implying that while immediate widespread impact is unlikely, vigilance is necessary to prevent potential escalation. Organizations in sectors with high exposure to cyber threats, such as finance, critical infrastructure, and government, should consider this intelligence as part of their broader threat landscape monitoring.
Mitigation Recommendations
Given the nature of this threat as an OSINT-based malware IOC update without specific exploit details, mitigation should focus on enhancing detection and response capabilities rather than patching specific vulnerabilities. Recommendations include: 1) Integrate the latest ThreatFox IOCs into Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to improve detection of related malware activity. 2) Conduct regular threat hunting exercises using updated IOCs to identify potential compromises early. 3) Maintain robust network segmentation and least privilege access controls to limit malware propagation if infection occurs. 4) Ensure comprehensive logging and monitoring of network traffic and endpoint behavior to detect anomalies. 5) Train security teams to interpret and act on OSINT feeds effectively, emphasizing correlation with internal telemetry. 6) Participate in information sharing communities to receive timely updates on evolving threats. These measures go beyond generic advice by focusing on proactive intelligence integration and operational readiness tailored to OSINT-derived malware indicators.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- domain: biznessclinic.life
- url: https://biznessclinic.life/work/original.js
- url: https://biznessclinic.life/work/index.php
- url: https://biznessclinic.life/work/download.php
- file: 104.21.9.171
- hash: 80
- file: 77.90.22.45
- hash: 3333
- domain: charteredpracticingprofessionals.org
- url: https://charteredpracticingprofessionals.org/work/original.js
- url: https://charteredpracticingprofessionals.org/work/download.php
- url: https://charteredpracticingprofessionals.org/work/index.php
- domain: loveinactiongroup.org
- url: https://loveinactiongroup.org/work/original.js
- url: https://loveinactiongroup.org/work/index.php
- url: https://loveinactiongroup.org/work/download.php
- domain: therbo.org
- url: https://therbo.org/work/original.js
- url: https://therbo.org/work/index.php
- url: https://therbo.org/work/download.php
- domain: twistforcepo.cfd
- domain: liftgoodus.cfd
- domain: fastysticke.sbs
- file: 212.192.13.142
- hash: 8880
- domain: check.qlkwr.com
- file: 45.42.40.155
- hash: 443
- file: 79.124.60.186
- hash: 3277
- domain: finzydev.click
- file: 164.92.250.100
- hash: 443
- domain: www.sumup.live
- file: 174.138.86.13
- hash: 443
- file: 15.152.31.8
- hash: 2003
- file: 20.169.230.2
- hash: 8082
- file: 62.210.116.3
- hash: 80
- file: 87.121.86.144
- hash: 80
- domain: outlook.offfec.me
- domain: wltk03.sbs
- url: http://phoenior.beget.tech/c72b0ba3.php
- url: https://95.217.25.164
- url: http://46.227.184.209:44913/mozi.m
- file: 154.127.56.84
- hash: 3778
- file: 106.75.62.120
- hash: 8000
- file: 121.40.19.66
- hash: 7000
- file: 172.245.185.204
- hash: 80
- file: 45.200.51.22
- hash: 8080
- file: 111.119.217.0
- hash: 443
- domain: 2ajeeps.info
- domain: accounts.app-cloud.link
- file: 168.100.10.198
- hash: 80
- file: 154.91.90.234
- hash: 4433
- domain: www.phantom-security.com
- file: 206.237.31.191
- hash: 80
- file: 101.132.154.90
- hash: 60000
- file: 180.76.120.104
- hash: 60000
- file: 38.38.251.34
- hash: 60000
- file: 170.187.156.240
- hash: 3333
- file: 93.183.80.103
- hash: 3333
- file: 174.138.70.44
- hash: 3333
- file: 217.192.236.53
- hash: 8080
- file: 34.100.253.121
- hash: 80
- file: 134.209.209.126
- hash: 8081
- file: 109.199.125.181
- hash: 3333
- file: 83.229.82.13
- hash: 3132
- file: 4.251.8.211
- hash: 3333
- file: 3.210.90.55
- hash: 3333
- file: 142.171.3.163
- hash: 9999
- file: 172.232.44.165
- hash: 4443
- file: 192.235.96.137
- hash: 443
- file: 64.130.197.71
- hash: 63256
- file: 188.254.244.251
- hash: 7777
- url: https://sereneoasis.shop/api
- url: https://chipdonkeruz.shop/api
- url: https://soundtappysk.shop/api
- url: https://femalsabler.shop/api
- url: https://letterdrive.shop/api
- url: https://crowdwarek.shop/api
- url: https://handscreamny.shop/api
- url: http://62.204.41.163/2c3d53f1da5ea53a/mozglue.dll
- url: http://185.231.69.191/ec05bb5a9eb90166/sqlite3.dll
- url: http://85.28.47.4/69934896f997d5bb/sqlite3.dll
- file: 155.138.252.60
- hash: 48926
- file: 80.85.137.119
- hash: 45288
- domain: hangotouic.xyz
- file: 154.82.85.107
- hash: 15091
- url: https://lusii.oss-ap-southeast-1.aliyuncs.com/re2.mp4
- url: https://wltk03.sbs/
- url: https://ferrydero.com/gopros/verify.txt
- url: https://robinsharez.shop/api
- url: https://handscreamny.shop/api
- url: https://chipdonkeruz.shop/api
- url: https://versersleep.shop/api
- url: https://crowdwarek.shop/api
- url: https://apporholis.shop/api
- url: https://femalsabler.shop/api
- url: https://soundtappysk.shop/api
- url: http://you-checked.com/cf/verify/7362731/check
- file: 107.173.2.22
- hash: 222
- file: 64.7.199.119
- hash: 80
- file: 45.200.51.19
- hash: 8080
- file: 141.95.114.240
- hash: 2404
- file: 80.76.49.186
- hash: 2404
- file: 102.117.169.87
- hash: 7443
- file: 93.123.109.246
- hash: 8089
- file: 18.231.172.87
- hash: 443
- file: 185.10.68.146
- hash: 42069
- domain: ssl.mllcrosoft.com
- file: 176.188.105.70
- hash: 80
- file: 109.123.236.241
- hash: 8088
- domain: bxikebdyxv.com
- url: https://cfffee.sbs/
- url: https://bxikebdyxv.com/
- url: https://grutt.click/
- file: 39.107.114.125
- hash: 5000
- url: https://sputnik-1985.com/api
- url: http://shademom.icu/n25.php
- url: http://maskmom.sbs/dol.php
- url: https://pub-9c4ec7f3f95c448b85e464d2b533aac1.r2.dev/captcha-verify-approvals-system.html
- url: https://apporholis.shop/api
- url: https://robinsharez.shop/api
- url: https://versersleep.shop/api
- url: http://handscreamny.shop/api
- url: http://furisiticoffers.info/6772b3c23b94c233440b9234?ref_id=14529777983820835093
- url: http://generatorauc.pro/676532b046cfbdecfd800dbf?c=aodifgcvywuaa4acafrxfwasaaaaaaab
- url: https://sos-de-muc-1.exo.io/asist/last/check/keep-browsing-to-continue-web-55.html
- url: http://casterliveshow.org/6756cf5adbcf3bff0cb911ff
- file: 89.23.97.121
- hash: 1112
- file: 39.107.227.94
- hash: 80
- file: 115.120.210.236
- hash: 8888
- file: 94.159.113.213
- hash: 443
- domain: five5vt.top
- domain: forttj14vs.top
- domain: raysre.com
- url: https://raysre.com/5p7i.js
- url: https://raysre.com/js.php
- url: http://canjjclmlnicbga.top/1.php
- url: https://netgenius.life/bbbb.zip
- domain: municipioalcidiadechicamocha.ddnsgeek.com
- hash: 558fe8c705bbd035f886cc02acee3fdfa50398e74795f62d182e01225d58e2e2
- hash: 586b3a854631ed30c8aefbde7edcf3a725d7c40a4a56c8ebc17aeb64979ea442
- url: https://ddrmovies.fun/work/original.js
- url: https://ddrmovies.fun/work/index.php
- domain: tlabs-za.com
- file: 39.105.134.96
- hash: 443
- file: 113.44.79.187
- hash: 8801
- file: 93.113.25.206
- hash: 80
- file: 39.100.77.129
- hash: 80
- file: 47.97.5.243
- hash: 8888
- file: 39.100.82.221
- hash: 443
- file: 1.92.137.130
- hash: 20013
- file: 45.200.51.8
- hash: 2404
- file: 45.200.51.8
- hash: 8080
- file: 87.120.113.92
- hash: 31337
- url: https://tlabs-za.com/work/original.js
- file: 123.11.142.173
- hash: 5873
- file: 43.128.242.138
- hash: 8888
- file: 45.154.98.25
- hash: 7001
- file: 209.145.56.0
- hash: 5555
- file: 13.72.250.0
- hash: 8080
- file: 173.44.139.179
- hash: 8078
- file: 93.123.109.246
- hash: 80
- file: 65.109.209.40
- hash: 443
- domain: login.mllcrosoft.com
- file: 207.148.121.17
- hash: 443
- domain: img1.mllcrosoft.com
- file: 89.117.49.234
- hash: 4321
- file: 31.58.58.187
- hash: 25565
- file: 18.202.197.17
- hash: 5903
- file: 13.203.156.41
- hash: 18084
- domain: tracking-usps.com
- file: 89.187.28.164
- hash: 80
- file: 87.121.86.2
- hash: 8080
- url: http://838596cm.nyafka.top/linelongpolllinuxflowercentraluploads.php
- file: 141.98.10.115
- hash: 1302
- file: 103.82.249.78
- hash: 3158
- url: http://185.177.239.66/javascript3public8/_uploadsline0/cpu1/protectwindowshttplongpoll/1python/traffic8game/longpolldb1vm/defaultwordpress/cpuwordpressjavascript/universalgamegeoeternal/generatortest/3/sqlcpuprovider/wordpress7python/pollvm/totrack/test/defaultimagegame7/protect/eternalhttpwindowsuploadsdownloadstemporary.php
- file: 154.37.220.109
- hash: 5858
- domain: guidemytax.com
- file: 92.255.85.135
- hash: 443
- domain: fantomri.beget.tech
- domain: a1072021.xsph.ru
- domain: l99250gh.beget.tech
- domain: f1072057.xsph.ru
- domain: cq12403.tw1.ru
- domain: a1071765.xsph.ru
- domain: cd38713.tw1.ru
- domain: robinsharez.shop
- domain: handscreamny.shop
- domain: soundtappysk.shop
- domain: chipdonkeruz.shop
- domain: letterdrive.shop
- domain: apporholis.shop
- domain: crowdwarek.shop
- domain: versersleep.shop
- domain: femalsabler.shop
- domain: showpanicke.shop
- domain: fixerwingh.click
- domain: rainstofixx.click
- domain: complexforkz.click
- domain: hurtyfallyer.click
- domain: sniffdropy.click
- domain: quantitypitt.click
- domain: invinciblepol.click
- domain: foundchohi.click
- domain: truckerconner.click
- domain: workableefferz.click
- domain: startydashek.click
- domain: crownybusher.click
- domain: skidjazzyric.click
- domain: abdibingjwhs.click
- domain: clockermuzisc.click
- domain: pullynailksu.click
- domain: nonstopshawk.cyou
- domain: skinfuzzerz.cyou
- domain: fairiespar.cyou
- domain: miscreanntyj.cyou
- domain: beattalkerz.cyou
- domain: monkeycutte.cyou
- domain: rhythmsellk.cyou
- domain: stomachyumem.cyou
- domain: holidayeyeus.cyou
- domain: throwlette.cyou
- domain: owerinternal.sbs
- domain: scaredsensa.sbs
- domain: remakeveile.sbs
- domain: shadeplucjek.sbs
- file: 47.92.173.253
- hash: 80
- url: https://shadeplucjek.sbs/api
- url: https://remakeveile.sbs/api
- url: https://scaredsensa.sbs/api
- url: https://owerinternal.sbs/api
- url: https://throwlette.cyou/api
- url: https://holidayeyeus.cyou/api
- url: https://stomachyumem.cyou/api
- url: https://rhythmsellk.cyou/api
- url: https://miscreanntyj.cyou/api
- url: https://nonstopshawk.cyou/api
- url: https://pullynailksu.click/api
- url: https://clockermuzisc.click/api
- url: https://abdibingjwhs.click/api
- url: https://skidjazzyric.click/api
- url: https://crownybusher.click/api
- url: https://workableefferz.click/api
- url: https://startydashek.click/api
- url: https://truckerconner.click/api
- url: https://foundchohi.click/api
- url: https://invinciblepol.click/api
- url: https://quantitypitt.click/api
- url: https://sniffdropy.click/api
- url: https://hurtyfallyer.click/api
- url: https://complexforkz.click/api
- url: https://fixerwingh.click/api
- url: https://rainstofixx.click/api
- url: https://showpanicke.shop/api
- domain: blofel.unidadedeterapiaintensiva.sbs
- domain: blojanpal.ultrassomterapico.sbs
- domain: blolanqual0.scannerdecorpointeiro.sbs
- domain: brusonder.scannerdecorpointeiro.sbs
- domain: clabel.sistemadeimagem.sbs
- domain: crilunxil.equipamentodereanimacao.sbs
- domain: crinonranfar.fotobiomodulacao.sbs
- domain: croel.sistemadeimagem.sbs
- domain: dretar.ultrassomterapico.sbs
- domain: drobancol.insuflador.sbs
- domain: drorol.insuflador.sbs
- domain: droronluntar.equipamentoderadiografia.sbs
- domain: flipinfenqual.unidadedeterapiaintensiva.sbs
- domain: flipor.analisadordegases.sbs
- domain: planpenkinal.aparelhodeterapiaintensiva.sbs
- domain: plozinim.analisadordegases.sbs
- domain: primonfel615.fotobiomodulacao.sbs
- domain: prisar.equipamentoderadiografia.sbs
- domain: spruvinal5.equipamentodereanimacao.sbs
- domain: treriz.aparelhodeterapiaintensiva.sbs
- domain: solve.bogx.org
- url: http://505905cm.n9shka.top/imagepolllinuxcentral.php
- file: 111.173.106.18
- hash: 25507
- file: 111.173.106.115
- hash: 25602
- file: 129.226.213.170
- hash: 8888
- file: 31.13.224.194
- hash: 8808
- file: 209.94.56.86
- hash: 8000
- file: 45.138.16.193
- hash: 80
- url: http://burjuiwm.beget.tech/353bf960.php
- file: 103.107.104.61
- hash: 5000
ThreatFox IOCs for 2025-01-08
Description
ThreatFox IOCs for 2025-01-08
AI-Powered Analysis
Technical Analysis
The provided threat intelligence pertains to a malware-related report titled 'ThreatFox IOCs for 2025-01-08,' sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under 'type:osint,' indicating that it primarily involves open-source intelligence data rather than specific vulnerabilities or exploits tied to particular software versions or products. No affected software versions or patches are listed, and there are no known exploits in the wild associated with this threat at the time of publication. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination or visibility within threat intelligence communities. The absence of concrete IOCs or CWE identifiers limits the ability to pinpoint exact attack vectors or malware behavior. Overall, this report appears to be a collection or update of IOCs related to malware activities, intended for situational awareness and early warning rather than indicating an active, widespread exploit campaign.
Potential Impact
For European organizations, the impact of this threat is currently limited due to the lack of known exploits and specific affected products or versions. However, the presence of malware-related IOCs in ThreatFox suggests that there may be emerging or low-level malware campaigns that could target organizations relying on open-source intelligence or those monitoring threat feeds for early detection. If these IOCs correspond to malware capable of data exfiltration, lateral movement, or persistence, affected organizations could face confidentiality breaches, operational disruptions, or reputational damage. The medium severity rating reflects a moderate risk level, implying that while immediate widespread impact is unlikely, vigilance is necessary to prevent potential escalation. Organizations in sectors with high exposure to cyber threats, such as finance, critical infrastructure, and government, should consider this intelligence as part of their broader threat landscape monitoring.
Mitigation Recommendations
Given the nature of this threat as an OSINT-based malware IOC update without specific exploit details, mitigation should focus on enhancing detection and response capabilities rather than patching specific vulnerabilities. Recommendations include: 1) Integrate the latest ThreatFox IOCs into Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to improve detection of related malware activity. 2) Conduct regular threat hunting exercises using updated IOCs to identify potential compromises early. 3) Maintain robust network segmentation and least privilege access controls to limit malware propagation if infection occurs. 4) Ensure comprehensive logging and monitoring of network traffic and endpoint behavior to detect anomalies. 5) Train security teams to interpret and act on OSINT feeds effectively, emphasizing correlation with internal telemetry. 6) Participate in information sharing communities to receive timely updates on evolving threats. These measures go beyond generic advice by focusing on proactive intelligence integration and operational readiness tailored to OSINT-derived malware indicators.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- d382365b-036f-4793-b279-7449190fe8ee
- Original Timestamp
- 1736380986
Indicators of Compromise
Domain
Value | Description | Copy |
---|---|---|
domainbiznessclinic.life | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaincharteredpracticingprofessionals.org | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainloveinactiongroup.org | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaintherbo.org | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaintwistforcepo.cfd | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainliftgoodus.cfd | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfastysticke.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincheck.qlkwr.com | ClearFake payload delivery domain (confidence level: 50%) | |
domainfinzydev.click | NjRAT botnet C2 domain (confidence level: 75%) | |
domainwww.sumup.live | Hook botnet C2 domain (confidence level: 100%) | |
domainoutlook.offfec.me | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainwltk03.sbs | Vidar botnet C2 domain (confidence level: 100%) | |
domain2ajeeps.info | Hook botnet C2 domain (confidence level: 100%) | |
domainaccounts.app-cloud.link | Havoc botnet C2 domain (confidence level: 100%) | |
domainwww.phantom-security.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainhangotouic.xyz | RedLine Stealer botnet C2 domain (confidence level: 50%) | |
domainssl.mllcrosoft.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainbxikebdyxv.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainfive5vt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainforttj14vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainraysre.com | FAKEUPDATES payload delivery domain (confidence level: 75%) | |
domainmunicipioalcidiadechicamocha.ddnsgeek.com | Remcos botnet C2 domain (confidence level: 100%) | |
domaintlabs-za.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainlogin.mllcrosoft.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainimg1.mllcrosoft.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaintracking-usps.com | Meduza Stealer botnet C2 domain (confidence level: 100%) | |
domainguidemytax.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainfantomri.beget.tech | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1072021.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainl99250gh.beget.tech | DCRat botnet C2 domain (confidence level: 100%) | |
domainf1072057.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaincq12403.tw1.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1071765.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaincd38713.tw1.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainrobinsharez.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhandscreamny.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsoundtappysk.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainchipdonkeruz.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainletterdrive.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainapporholis.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincrowdwarek.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainversersleep.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfemalsabler.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainshowpanicke.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfixerwingh.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainrainstofixx.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincomplexforkz.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhurtyfallyer.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsniffdropy.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainquantitypitt.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaininvinciblepol.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfoundchohi.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintruckerconner.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainworkableefferz.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainstartydashek.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincrownybusher.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainskidjazzyric.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainabdibingjwhs.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainclockermuzisc.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpullynailksu.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainnonstopshawk.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainskinfuzzerz.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfairiespar.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmiscreanntyj.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbeattalkerz.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmonkeycutte.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainrhythmsellk.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainstomachyumem.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainholidayeyeus.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainthrowlette.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainowerinternal.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainscaredsensa.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainremakeveile.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainshadeplucjek.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainblofel.unidadedeterapiaintensiva.sbs | Astaroth botnet C2 domain (confidence level: 100%) | |
domainblojanpal.ultrassomterapico.sbs | Astaroth botnet C2 domain (confidence level: 100%) | |
domainblolanqual0.scannerdecorpointeiro.sbs | Astaroth botnet C2 domain (confidence level: 100%) | |
domainbrusonder.scannerdecorpointeiro.sbs | Astaroth botnet C2 domain (confidence level: 100%) | |
domainclabel.sistemadeimagem.sbs | Astaroth botnet C2 domain (confidence level: 100%) | |
domaincrilunxil.equipamentodereanimacao.sbs | Astaroth botnet C2 domain (confidence level: 100%) | |
domaincrinonranfar.fotobiomodulacao.sbs | Astaroth botnet C2 domain (confidence level: 100%) | |
domaincroel.sistemadeimagem.sbs | Astaroth botnet C2 domain (confidence level: 100%) | |
domaindretar.ultrassomterapico.sbs | Astaroth botnet C2 domain (confidence level: 100%) | |
domaindrobancol.insuflador.sbs | Astaroth botnet C2 domain (confidence level: 100%) | |
domaindrorol.insuflador.sbs | Astaroth botnet C2 domain (confidence level: 100%) | |
domaindroronluntar.equipamentoderadiografia.sbs | Astaroth botnet C2 domain (confidence level: 100%) | |
domainflipinfenqual.unidadedeterapiaintensiva.sbs | Astaroth botnet C2 domain (confidence level: 100%) | |
domainflipor.analisadordegases.sbs | Astaroth botnet C2 domain (confidence level: 100%) | |
domainplanpenkinal.aparelhodeterapiaintensiva.sbs | Astaroth botnet C2 domain (confidence level: 100%) | |
domainplozinim.analisadordegases.sbs | Astaroth botnet C2 domain (confidence level: 100%) | |
domainprimonfel615.fotobiomodulacao.sbs | Astaroth botnet C2 domain (confidence level: 100%) | |
domainprisar.equipamentoderadiografia.sbs | Astaroth botnet C2 domain (confidence level: 100%) | |
domainspruvinal5.equipamentodereanimacao.sbs | Astaroth botnet C2 domain (confidence level: 100%) | |
domaintreriz.aparelhodeterapiaintensiva.sbs | Astaroth botnet C2 domain (confidence level: 100%) | |
domainsolve.bogx.org | ClearFake payload delivery domain (confidence level: 100%) |
Url
Value | Description | Copy |
---|---|---|
urlhttps://biznessclinic.life/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://biznessclinic.life/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://biznessclinic.life/work/download.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://charteredpracticingprofessionals.org/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://charteredpracticingprofessionals.org/work/download.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://charteredpracticingprofessionals.org/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://loveinactiongroup.org/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://loveinactiongroup.org/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://loveinactiongroup.org/work/download.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://therbo.org/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://therbo.org/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://therbo.org/work/download.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://phoenior.beget.tech/c72b0ba3.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://95.217.25.164 | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://46.227.184.209:44913/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttps://sereneoasis.shop/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://chipdonkeruz.shop/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://soundtappysk.shop/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://femalsabler.shop/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://letterdrive.shop/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://crowdwarek.shop/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://handscreamny.shop/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttp://62.204.41.163/2c3d53f1da5ea53a/mozglue.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://185.231.69.191/ec05bb5a9eb90166/sqlite3.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://85.28.47.4/69934896f997d5bb/sqlite3.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttps://lusii.oss-ap-southeast-1.aliyuncs.com/re2.mp4 | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://wltk03.sbs/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ferrydero.com/gopros/verify.txt | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://robinsharez.shop/api | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://handscreamny.shop/api | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://chipdonkeruz.shop/api | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://versersleep.shop/api | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://crowdwarek.shop/api | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://apporholis.shop/api | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://femalsabler.shop/api | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://soundtappysk.shop/api | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttp://you-checked.com/cf/verify/7362731/check | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://cfffee.sbs/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://bxikebdyxv.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://grutt.click/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://sputnik-1985.com/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://shademom.icu/n25.php | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://maskmom.sbs/dol.php | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://pub-9c4ec7f3f95c448b85e464d2b533aac1.r2.dev/captcha-verify-approvals-system.html | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://apporholis.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://robinsharez.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://versersleep.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://handscreamny.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://furisiticoffers.info/6772b3c23b94c233440b9234?ref_id=14529777983820835093 | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttp://generatorauc.pro/676532b046cfbdecfd800dbf?c=aodifgcvywuaa4acafrxfwasaaaaaaab | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://sos-de-muc-1.exo.io/asist/last/check/keep-browsing-to-continue-web-55.html | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttp://casterliveshow.org/6756cf5adbcf3bff0cb911ff | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://raysre.com/5p7i.js | FAKEUPDATES payload delivery URL (confidence level: 75%) | |
urlhttps://raysre.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://canjjclmlnicbga.top/1.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://netgenius.life/bbbb.zip | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://ddrmovies.fun/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://ddrmovies.fun/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://tlabs-za.com/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://838596cm.nyafka.top/linelongpolllinuxflowercentraluploads.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://185.177.239.66/javascript3public8/_uploadsline0/cpu1/protectwindowshttplongpoll/1python/traffic8game/longpolldb1vm/defaultwordpress/cpuwordpressjavascript/universalgamegeoeternal/generatortest/3/sqlcpuprovider/wordpress7python/pollvm/totrack/test/defaultimagegame7/protect/eternalhttpwindowsuploadsdownloadstemporary.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://shadeplucjek.sbs/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://remakeveile.sbs/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://scaredsensa.sbs/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://owerinternal.sbs/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://throwlette.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://holidayeyeus.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://stomachyumem.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://rhythmsellk.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://miscreanntyj.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://nonstopshawk.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://pullynailksu.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://clockermuzisc.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://abdibingjwhs.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://skidjazzyric.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://crownybusher.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://workableefferz.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://startydashek.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://truckerconner.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://foundchohi.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://invinciblepol.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://quantitypitt.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://sniffdropy.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://hurtyfallyer.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://complexforkz.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://fixerwingh.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://rainstofixx.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://showpanicke.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://505905cm.n9shka.top/imagepolllinuxcentral.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://burjuiwm.beget.tech/353bf960.php | DCRat botnet C2 (confidence level: 100%) |
File
Value | Description | Copy |
---|---|---|
file104.21.9.171 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%) | |
file77.90.22.45 | NjRAT botnet C2 server (confidence level: 75%) | |
file212.192.13.142 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file45.42.40.155 | Cobalt Strike payload delivery server (confidence level: 100%) | |
file79.124.60.186 | Mirai botnet C2 server (confidence level: 75%) | |
file164.92.250.100 | Unknown malware botnet C2 server (confidence level: 100%) | |
file174.138.86.13 | Havoc botnet C2 server (confidence level: 100%) | |
file15.152.31.8 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file20.169.230.2 | ERMAC botnet C2 server (confidence level: 100%) | |
file62.210.116.3 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
file87.121.86.144 | MooBot botnet C2 server (confidence level: 100%) | |
file154.127.56.84 | Mirai botnet C2 server (confidence level: 75%) | |
file106.75.62.120 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.40.19.66 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.245.185.204 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.200.51.22 | Remcos botnet C2 server (confidence level: 100%) | |
file111.119.217.0 | Sliver botnet C2 server (confidence level: 100%) | |
file168.100.10.198 | Unknown malware botnet C2 server (confidence level: 75%) | |
file154.91.90.234 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file206.237.31.191 | Unknown malware botnet C2 server (confidence level: 100%) | |
file101.132.154.90 | Unknown malware botnet C2 server (confidence level: 100%) | |
file180.76.120.104 | Unknown malware botnet C2 server (confidence level: 100%) | |
file38.38.251.34 | Unknown malware botnet C2 server (confidence level: 100%) | |
file170.187.156.240 | Unknown malware botnet C2 server (confidence level: 100%) | |
file93.183.80.103 | Unknown malware botnet C2 server (confidence level: 100%) | |
file174.138.70.44 | Unknown malware botnet C2 server (confidence level: 100%) | |
file217.192.236.53 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.100.253.121 | Unknown malware botnet C2 server (confidence level: 100%) | |
file134.209.209.126 | Unknown malware botnet C2 server (confidence level: 100%) | |
file109.199.125.181 | Unknown malware botnet C2 server (confidence level: 100%) | |
file83.229.82.13 | Unknown malware botnet C2 server (confidence level: 100%) | |
file4.251.8.211 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.210.90.55 | Unknown malware botnet C2 server (confidence level: 100%) | |
file142.171.3.163 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file172.232.44.165 | Unknown malware botnet C2 server (confidence level: 50%) | |
file192.235.96.137 | Ghost RAT botnet C2 server (confidence level: 50%) | |
file64.130.197.71 | Unknown malware botnet C2 server (confidence level: 50%) | |
file188.254.244.251 | Unknown malware botnet C2 server (confidence level: 50%) | |
file155.138.252.60 | RedLine Stealer botnet C2 server (confidence level: 50%) | |
file80.85.137.119 | RedLine Stealer botnet C2 server (confidence level: 50%) | |
file154.82.85.107 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file107.173.2.22 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file64.7.199.119 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.200.51.19 | Remcos botnet C2 server (confidence level: 100%) | |
file141.95.114.240 | Remcos botnet C2 server (confidence level: 100%) | |
file80.76.49.186 | Remcos botnet C2 server (confidence level: 100%) | |
file102.117.169.87 | Unknown malware botnet C2 server (confidence level: 100%) | |
file93.123.109.246 | Hook botnet C2 server (confidence level: 100%) | |
file18.231.172.87 | Havoc botnet C2 server (confidence level: 100%) | |
file185.10.68.146 | Havoc botnet C2 server (confidence level: 100%) | |
file176.188.105.70 | Havoc botnet C2 server (confidence level: 100%) | |
file109.123.236.241 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.107.114.125 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file89.23.97.121 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file39.107.227.94 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file115.120.210.236 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file94.159.113.213 | Matanbuchus botnet C2 server (confidence level: 60%) | |
file39.105.134.96 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file113.44.79.187 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file93.113.25.206 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.100.77.129 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.97.5.243 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.100.82.221 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.92.137.130 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.200.51.8 | Remcos botnet C2 server (confidence level: 100%) | |
file45.200.51.8 | Remcos botnet C2 server (confidence level: 100%) | |
file87.120.113.92 | Sliver botnet C2 server (confidence level: 100%) | |
file123.11.142.173 | Unknown malware botnet C2 server (confidence level: 100%) | |
file43.128.242.138 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.154.98.25 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file209.145.56.0 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file13.72.250.0 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file173.44.139.179 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file93.123.109.246 | Hook botnet C2 server (confidence level: 100%) | |
file65.109.209.40 | Havoc botnet C2 server (confidence level: 100%) | |
file207.148.121.17 | Havoc botnet C2 server (confidence level: 100%) | |
file89.117.49.234 | Venom RAT botnet C2 server (confidence level: 100%) | |
file31.58.58.187 | DCRat botnet C2 server (confidence level: 100%) | |
file18.202.197.17 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.203.156.41 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file89.187.28.164 | MooBot botnet C2 server (confidence level: 100%) | |
file87.121.86.2 | MimiKatz botnet C2 server (confidence level: 100%) | |
file141.98.10.115 | Mirai botnet C2 server (confidence level: 75%) | |
file103.82.249.78 | NjRAT botnet C2 server (confidence level: 100%) | |
file154.37.220.109 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file92.255.85.135 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file47.92.173.253 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.173.106.18 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file111.173.106.115 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file129.226.213.170 | Unknown malware botnet C2 server (confidence level: 100%) | |
file31.13.224.194 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file209.94.56.86 | MimiKatz botnet C2 server (confidence level: 100%) | |
file45.138.16.193 | xmrig botnet C2 server (confidence level: 100%) | |
file103.107.104.61 | PlugX botnet C2 server (confidence level: 60%) |
Hash
Value | Description | Copy |
---|---|---|
hash80 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%) | |
hash3333 | NjRAT botnet C2 server (confidence level: 75%) | |
hash8880 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike payload delivery server (confidence level: 100%) | |
hash3277 | Mirai botnet C2 server (confidence level: 75%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash2003 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8082 | ERMAC botnet C2 server (confidence level: 100%) | |
hash80 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash3778 | Mirai botnet C2 server (confidence level: 75%) | |
hash8000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash4433 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8081 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3132 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash4443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash443 | Ghost RAT botnet C2 server (confidence level: 50%) | |
hash63256 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash7777 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash48926 | RedLine Stealer botnet C2 server (confidence level: 50%) | |
hash45288 | RedLine Stealer botnet C2 server (confidence level: 50%) | |
hash15091 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash42069 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1112 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Matanbuchus botnet C2 server (confidence level: 60%) | |
hash558fe8c705bbd035f886cc02acee3fdfa50398e74795f62d182e01225d58e2e2 | Lumma Stealer payload (confidence level: 100%) | |
hash586b3a854631ed30c8aefbde7edcf3a725d7c40a4a56c8ebc17aeb64979ea442 | Lumma Stealer payload (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8801 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20013 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8080 | Remcos botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash5873 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7001 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5555 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8080 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8078 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash4321 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash25565 | DCRat botnet C2 server (confidence level: 100%) | |
hash5903 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash18084 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash8080 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash1302 | Mirai botnet C2 server (confidence level: 75%) | |
hash3158 | NjRAT botnet C2 server (confidence level: 100%) | |
hash5858 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash25507 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash25602 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8000 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash80 | xmrig botnet C2 server (confidence level: 100%) | |
hash5000 | PlugX botnet C2 server (confidence level: 60%) |
Threat ID: 682c7dc2e8347ec82d2e1300
Added to database: 5/20/2025, 1:04:02 PM
Last enriched: 6/19/2025, 3:34:12 PM
Last updated: 8/15/2025, 1:50:45 AM
Views: 18
Related Threats
ThreatFox IOCs for 2025-08-16
MediumScammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumThreatFox IOCs for 2025-08-15
MediumThreat Actor Profile: Interlock Ransomware
Medium'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.