ThreatFox IOCs for 2025-01-09
Severity: mediumType: malware
ThreatFox IOCs for 2025-01-09
AI Analysis
Technical Summary
The provided threat intelligence relates to a malware-related report titled "ThreatFox IOCs for 2025-01-09," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat data. The report is categorized under "type:osint," indicating it primarily involves open-source intelligence data rather than a specific malware family or exploit. No specific affected software versions or products are identified, and there are no associated Common Weakness Enumerations (CWEs) or patch links provided. The technical details indicate a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination or presence in the wild. However, the report explicitly states there are no known exploits in the wild at the time of publication (January 9, 2025). The absence of concrete IOCs or technical specifics limits the ability to detail the malware's behavior, infection vectors, or payload characteristics. Given the nature of ThreatFox as an OSINT platform, this report likely aggregates emerging or suspected malware indicators that require further validation. The "tlp:white" tag indicates the information is not restricted and can be freely shared, which supports broad awareness but also suggests the threat is not currently considered highly sensitive or critical. Overall, this intelligence appears to be an early-stage or low-confidence alert about malware-related activity without confirmed active exploitation or detailed technical signatures.
Potential Impact
For European organizations, the potential impact of this threat is currently limited due to the lack of confirmed active exploitation and absence of detailed technical indicators. Since no specific affected products or versions are identified, it is difficult to assess direct risks to operational systems. However, the presence of malware-related IOCs in OSINT repositories can signal emerging threats that may evolve into targeted campaigns. European entities involved in cybersecurity monitoring, threat intelligence sharing, and incident response may need to incorporate these IOCs into their detection frameworks to enhance early warning capabilities. The medium severity rating suggests a moderate risk level, implying that while immediate disruption or data compromise is unlikely, vigilance is warranted. Organizations with extensive digital footprints, especially those in critical infrastructure, finance, or government sectors, should remain alert for any updates or expanded details that could indicate active exploitation. The lack of known exploits in the wild reduces the immediate threat to confidentiality, integrity, and availability, but the potential for future exploitation remains if threat actors leverage these indicators for targeted attacks.
Mitigation Recommendations
Given the limited technical details and absence of specific affected products, mitigation should focus on proactive threat intelligence integration and general best practices tailored to emerging malware threats. European organizations should: 1) Integrate the provided IOCs from ThreatFox into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enable early detection of related activity. 2) Enhance monitoring of network traffic and endpoint behavior for anomalies that may correlate with emerging malware patterns, even if not explicitly identified in this report. 3) Maintain up-to-date threat intelligence feeds and participate in information sharing communities such as CERT-EU and sector-specific ISACs to receive timely updates on any escalation or new findings related to these IOCs. 4) Conduct regular security awareness training emphasizing the importance of recognizing suspicious activity and reporting potential incidents promptly. 5) Implement strict access controls and network segmentation to limit potential lateral movement should any malware attempt to exploit vulnerabilities in the future. 6) Prepare incident response plans that can rapidly incorporate new threat intelligence and adapt to evolving malware tactics. These steps go beyond generic advice by emphasizing the integration of OSINT-derived IOCs into operational security workflows and fostering collaborative defense mechanisms within the European cybersecurity ecosystem.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- file: 101.132.154.90
- hash: 2087
- file: 47.116.213.201
- hash: 443
- file: 38.207.171.156
- hash: 8443
- file: 206.206.76.193
- hash: 6666
- file: 8.148.6.140
- hash: 80
- file: 43.133.36.25
- hash: 8083
- file: 172.245.210.113
- hash: 31337
- file: 18.218.8.239
- hash: 31337
- file: 45.55.171.200
- hash: 31337
- file: 125.103.71.200
- hash: 161
- file: 47.98.40.4
- hash: 9205
- url: https://94.142.138.48/f9f76ae4bb7811d9.php
- url: https://162.0.238.10/752e382b4dcf5e3f.php
- url: https://94.142.138.48/54982f23330528c2/vcruntime140.dll
- url: https://94.142.138.48/54982f23330528c2/sqlite3.dll
- url: https://94.142.138.48/54982f23330528c2/mozglue.dll
- url: https://162.0.238.10/dbe4ef521ee4cc21/vcruntime140.dll
- url: https://162.0.238.10/dbe4ef521ee4cc21/sqlite3.dll
- url: https://162.0.238.10/dbe4ef521ee4cc21/mozglue.dll
- url: http://clustersf.com/ray-verify.html
- url: http://93.123.109.246/
- url: http://185.177.239.211/
- domain: abc248597df-25592.portmap.host
- domain: code1.ydns.eu
- domain: proxy-23784689475645.com
- domain: rency.ydns.eu
- domain: ubxn6j9dc.localto.net
- domain: wqo9.firewall-gateway.de
- domain: luiscaseres.gleeze.com
- domain: teebro1800.dynamic-dns.net
- domain: teewire.ydns.eu
- domain: ergsea.ydns.eu
- file: 45.95.169.129
- hash: 3778
- file: 8.152.219.98
- hash: 443
- file: 166.108.195.169
- hash: 9998
- file: 38.129.66.6
- hash: 443
- file: 45.138.16.236
- hash: 5001
- file: 147.185.221.24
- hash: 47287
- domain: financial-amanda.gl.at.ply.gg
- file: 39.104.28.176
- hash: 999
- file: 154.91.64.40
- hash: 8089
- file: 91.223.3.146
- hash: 2404
- file: 172.111.252.249
- hash: 80
- file: 45.88.91.207
- hash: 2404
- file: 185.195.64.115
- hash: 2404
- file: 45.200.51.19
- hash: 2404
- file: 198.244.238.84
- hash: 8884
- file: 156.245.19.15
- hash: 3958
- domain: myaccount.app-cloud.link
- domain: ok.microsoft.upgrade1.zip
- domain: events.api.microsoft.upgrade1.zip
- domain: acc.microsoft.upgrade1.zip
- file: 85.239.237.148
- hash: 1998
- domain: r2build.shop
- url: https://r2build.shop
- url: https://95.217.24.143
- file: 111.173.106.115
- hash: 25512
- url: http://62.109.16.145/protect4dump/externalupdatedle/requestlongpollpublicrequest/cdnjs/linuxasyncjavascript/provider/trafficuniversalapi/vmjavascripteternal1/db/requestdatalife/imagevideolineserverprotectlinuxasynctest.php
- file: 188.120.254.229
- hash: 8001
- file: 39.108.145.133
- hash: 33892
- file: 62.109.30.217
- hash: 8001
- file: 101.126.15.202
- hash: 20001
- file: 94.159.113.213
- hash: 80
- file: 98.70.54.204
- hash: 80
- domain: www.brabuk.info
- domain: res.upgrade1.zip
- file: 159.223.171.199
- hash: 4449
- domain: woo-headless-bcknd.maksimer.es
- file: 187.56.238.128
- hash: 5000
- domain: live.microsoft-onedrive.upgrade1.zip
- file: 115.120.225.7
- hash: 60000
- file: 121.36.4.116
- hash: 60000
- file: 14.128.37.56
- hash: 60000
- file: 120.26.120.100
- hash: 60000
- domain: www.microsoft-onedrive.trunetkings.xyz.trunetkings.xyz
- file: 121.41.1.87
- hash: 3333
- file: 49.12.67.17
- hash: 443
- file: 140.238.244.115
- hash: 3333
- file: 3.78.176.245
- hash: 8443
- file: 194.29.186.225
- hash: 443
- file: 67.205.152.22
- hash: 3333
- file: 13.53.190.233
- hash: 3333
- file: 167.99.20.79
- hash: 3333
- file: 207.148.1.212
- hash: 443
- file: 192.155.90.71
- hash: 3333
- file: 67.205.137.225
- hash: 3333
- file: 34.128.74.228
- hash: 443
- file: 45.138.16.193
- hash: 7575
- file: 5.252.153.10
- hash: 4447
- domain: quinceisoz.cam
- file: 45.149.241.217
- hash: 54984
- file: 86.162.137.60
- hash: 54984
- file: 138.197.14.247
- hash: 31337
- file: 45.174.16.110
- hash: 53
- file: 51.158.167.123
- hash: 443
- file: 208.85.19.241
- hash: 3333
- url: http://95.215.207.195/86fcb855254ff44e/sqlite3.dll
- url: http://95.215.207.195/86fcb855254ff44e/mozglue.dll
- url: http://157.90.248.141/d9e00e90e18cf915/vcruntime140.dll
- url: http://98.70.54.204/
- url: https://pub-9c4ec7f3f95c448b85e464d2b533aac1.r2.dev/captcha-verify-approvals-system.html
- url: https://sos-de-muc-1.exo.io/asist/last/check/keep-browsing-to-continue-s7.html
- url: http://generatorauc.pro/676532b046cfbdecfd800dbf?c=abvpfmd9zwuaa4acaelufwasaaaaaabg
- file: 43.163.80.208
- hash: 2095
- file: 159.75.229.64
- hash: 8088
- file: 113.45.171.5
- hash: 8888
- file: 38.207.171.156
- hash: 443
- file: 193.134.210.161
- hash: 80
- file: 119.28.65.139
- hash: 8088
- file: 38.12.1.42
- hash: 443
- file: 59.110.136.135
- hash: 180
- file: 47.97.90.187
- hash: 8443
- file: 14.128.37.56
- hash: 7443
- file: 123.60.1.127
- hash: 8888
- file: 128.90.106.188
- hash: 9999
- file: 98.70.54.204
- hash: 8089
- file: 111.231.57.250
- hash: 9600
- file: 143.198.202.107
- hash: 5000
- file: 3.111.34.33
- hash: 20256
- file: 3.111.34.33
- hash: 19556
- file: 45.155.250.30
- hash: 3333
- file: 94.198.40.6
- hash: 20001
- hash: 931396d6332709956237cf76ee246b01
- hash: 08f630cc1005bad662dcdd478fff28d3
- domain: static.buyweatherstriponline.com
- domain: relivonline.com
- domain: frillsforspills.com
- hash: 00b1dbb467fd9362fd4f5a3e76ef16f3b4abe4fb620e62aa00a7bdae67c0042a
- hash: a6e44787ce9ccbcf4b60bb74db99a6f1954b0404f42de69b7b3294a3597e2848
- hash: e6c75ba5d611e79d680ea437a8d874d2d001003fd2297c0f20f1ed06471bc002
- hash: 7d54679530cec59ef4c71f059c3b6da8f654e2a316fa4689319db0ab35572880
- hash: 8975061562d23fe044b62d89324687e6f03203062c6c026797795df247f4be30
- hash: e3dbee51df9dd78d9b3d643f7d7f9c7cb84b88819647d436f1a595d7c1a51e87
- hash: 810838fe05bf0fac2ca9659efa6d2d5bb6f0e324ce9330ad1ba6ec636844fb84
- hash: 70c8b18ece14adc1d775e9eb5c4de116f2d4a283818ad69dd967fc1127130ec2
- file: 103.107.104.61
- hash: 443
- url: https://exodvs.com/4e1q.js
- domain: exodvs.com
- url: https://exodvs.com/js.php
- file: 87.120.116.245
- hash: 2404
- file: 38.134.148.108
- hash: 4433
- file: 154.37.221.253
- hash: 443
- file: 45.114.60.56
- hash: 31337
- file: 66.23.205.235
- hash: 10001
- file: 65.2.121.244
- hash: 7443
- file: 154.42.164.142
- hash: 6000
- file: 79.140.230.226
- hash: 4949
- file: 18.212.27.17
- hash: 593
- file: 65.116.183.70
- hash: 443
- file: 137.117.193.178
- hash: 6000
- file: 2.140.190.104
- hash: 6001
- file: 61.76.179.79
- hash: 6001
- file: 54.152.83.70
- hash: 4150
- file: 80.229.15.254
- hash: 6000
- file: 52.142.146.146
- hash: 6000
- file: 81.45.67.197
- hash: 5432
- file: 37.97.101.75
- hash: 5001
- file: 51.20.250.8
- hash: 55554
- file: 5.205.127.254
- hash: 6001
- file: 1.94.232.200
- hash: 80
- file: 82.156.0.140
- hash: 443
- file: 103.24.179.18
- hash: 7004
- file: 112.74.184.37
- hash: 9999
- file: 101.36.117.41
- hash: 8081
- file: 23.148.144.62
- hash: 2404
- file: 45.200.51.22
- hash: 2404
- file: 42.228.212.72
- hash: 5873
- file: 154.12.253.45
- hash: 7077
- file: 102.117.172.27
- hash: 7443
- file: 45.12.134.181
- hash: 8080
- file: 57.129.80.87
- hash: 8443
- domain: okta.mllcrosoft.com
- domain: csp.mllcrosoft.com
- file: 43.201.0.57
- hash: 3000
- file: 45.61.158.240
- hash: 1912
- file: 198.98.53.199
- hash: 808
- file: 198.98.60.244
- hash: 80
- file: 192.95.19.98
- hash: 80
- file: 192.95.19.98
- hash: 443
- domain: clamfluffys.click
- file: 34.126.154.165
- hash: 2376
- domain: binoto.site
- file: 49.12.115.0
- hash: 443
- file: 95.217.24.143
- hash: 443
- url: https://49.12.115.0/
- url: https://116.203.13.109/
- url: https://95.217.24.143/
- url: https://r2build.shop/
- url: https://binoto.site/
- domain: hoppricerwir.cyou
- url: http://jejmbadfmeenlnk.top/1.php
- url: https://bingazo.digital/work/original.js
- domain: bingazo.digital
- url: https://bingazo.digital/work/index.php
- url: https://bingazo.digital/work/download.php
- url: https://mffaccessories.com/zz.zip
- file: 147.124.212.147
- hash: 443
- file: 147.185.221.22
- hash: 1108
- domain: sat-triumph.gl.at.ply.gg
- file: 188.55.202.22
- hash: 1337
- file: 87.120.116.245
- hash: 2400
- file: 78.135.83.58
- hash: 7777
- file: 185.241.208.178
- hash: 31337
- file: 185.23.238.145
- hash: 443
- url: http://178.22.31.96/cb8373ac6348bc41/sqlite3.dll
- url: http://95.215.207.195/86fcb855254ff44e/vcruntime140.dll
- url: http://sat-triumph.gl.at.ply.gg:1108
- file: 120.53.249.148
- hash: 40001
- file: 79.133.51.126
- hash: 443
- file: 85.239.246.117
- hash: 443
- file: 115.120.210.236
- hash: 9999
- file: 4.145.106.87
- hash: 443
- file: 43.246.208.207
- hash: 8080
- file: 108.61.177.39
- hash: 8888
- file: 20.8.97.39
- hash: 443
- file: 18.191.204.120
- hash: 995
- file: 120.48.34.233
- hash: 808
- file: 156.244.19.7
- hash: 8000
- domain: o0p2e195m0-34052.portmap.host
- url: https://pastebin.com/raw/fevfje98
- file: 178.215.224.223
- hash: 1985
- url: http://517300cm.renyash.ru/pipejavascriptdefaulttrafficwp.php
- url: http://47.121.190.121:81/r9dn
- url: http://ce17561.tw1.ru/321b99b3.php
- url: http://a1071290.xsph.ru/l1nc0in.php
- url: http://ch28439.tw1.ru/4ecb2f9a.php
- domain: f1072181.xsph.ru
- domain: cg15356.tw1.ru
- domain: f1072439.xsph.ru
- domain: a1070543.xsph.ru
- domain: artemcw8.beget.tech
- domain: a1037709.xsph.ru
- domain: secretarydiff.click
- domain: advicebedsu.click
- domain: shearairybom.click
- domain: migratteabid.click
- domain: brasspausez.click
- domain: chiefdramatico.click
- domain: robinwindyu.click
- domain: breathauthorit.cyou
- domain: relatiounces.cyou
- domain: fishubuckerz.cyou
- domain: imbibegoos.cyou
- domain: lethalrleju.cyou
- domain: inventcopper.cyou
- domain: induceboori.cyou
- domain: charminammoc.cyou
- domain: desiredirefus.cyou
- domain: nippypreciosu.cyou
- domain: convergelivek.cyou
- domain: greatvacuutos.cyou
- domain: exultanturue.cyou
- domain: lumbersayr.cyou
- domain: reallycaster.cyou
- domain: truculengisau.biz
- domain: punishzement.biz
- domain: grandiouseziu.biz
- domain: nuttyshopr.biz
- domain: spookycappy.biz
- domain: fraggielek.biz
- domain: thumpecnskeak.biz
- domain: flockanxiius.sbs
- domain: freefacerz.sbs
- domain: bashusolici.sbs
- url: https://bashusolici.sbs/api
- url: https://freefacerz.sbs/api
- url: https://flockanxiius.sbs/api
- url: https://thumpecnskeak.biz/api
- url: https://fraggielek.biz/api
- url: https://spookycappy.biz/api
- url: https://nuttyshopr.biz/api
- url: https://grandiouseziu.biz/api
- url: https://punishzement.biz/api
- url: https://truculengisau.biz/api
- url: https://reallycaster.cyou/api
- url: https://lumbersayr.cyou/api
- url: https://exultanturue.cyou/api
- url: https://greatvacuutos.cyou/api
- url: https://convergelivek.cyou/api
- url: https://nippypreciosu.cyou/api
- url: https://desiredirefus.cyou/api
- url: https://charminammoc.cyou/api
- url: https://induceboori.cyou/api
- url: https://inventcopper.cyou/api
- url: https://lethalrleju.cyou/api
- url: https://imbibegoos.cyou/api
- url: https://relatiounces.cyou/api
- url: https://fishubuckerz.cyou/api
- url: https://breathauthorit.cyou/api
- url: https://robinwindyu.click/api
- url: https://chiefdramatico.click/api
- url: https://brasspausez.click/api
- url: https://migratteabid.click/api
- url: https://advicebedsu.click/api
- url: https://shearairybom.click/api
- url: https://secretarydiff.click/api
- domain: oneyt1vt.top
- domain: pforten14.top
- domain: ptwenten20.top
- domain: ptreten13vt.top
- domain: onetj1vs.top
- url: http://47.121.190.121:81/agdq
- url: http://a1071196.xsph.ru/l1nc0in.php
ThreatFox IOCs for 2025-01-09
Medium
Published: Thu Jan 09 2025 (01/09/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-01-09
AI-Powered Analysis
AILast updated: 06/19/2025, 15:48:00 UTC
Technical Analysis
The provided threat intelligence relates to a malware-related report titled "ThreatFox IOCs for 2025-01-09," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat data. The report is categorized under "type:osint," indicating it primarily involves open-source intelligence data rather than a specific malware family or exploit. No specific affected software versions or products are identified, and there are no associated Common Weakness Enumerations (CWEs) or patch links provided. The technical details indicate a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination or presence in the wild. However, the report explicitly states there are no known exploits in the wild at the time of publication (January 9, 2025). The absence of concrete IOCs or technical specifics limits the ability to detail the malware's behavior, infection vectors, or payload characteristics. Given the nature of ThreatFox as an OSINT platform, this report likely aggregates emerging or suspected malware indicators that require further validation. The "tlp:white" tag indicates the information is not restricted and can be freely shared, which supports broad awareness but also suggests the threat is not currently considered highly sensitive or critical. Overall, this intelligence appears to be an early-stage or low-confidence alert about malware-related activity without confirmed active exploitation or detailed technical signatures.
Potential Impact
For European organizations, the potential impact of this threat is currently limited due to the lack of confirmed active exploitation and absence of detailed technical indicators. Since no specific affected products or versions are identified, it is difficult to assess direct risks to operational systems. However, the presence of malware-related IOCs in OSINT repositories can signal emerging threats that may evolve into targeted campaigns. European entities involved in cybersecurity monitoring, threat intelligence sharing, and incident response may need to incorporate these IOCs into their detection frameworks to enhance early warning capabilities. The medium severity rating suggests a moderate risk level, implying that while immediate disruption or data compromise is unlikely, vigilance is warranted. Organizations with extensive digital footprints, especially those in critical infrastructure, finance, or government sectors, should remain alert for any updates or expanded details that could indicate active exploitation. The lack of known exploits in the wild reduces the immediate threat to confidentiality, integrity, and availability, but the potential for future exploitation remains if threat actors leverage these indicators for targeted attacks.
Mitigation Recommendations
Given the limited technical details and absence of specific affected products, mitigation should focus on proactive threat intelligence integration and general best practices tailored to emerging malware threats. European organizations should: 1) Integrate the provided IOCs from ThreatFox into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enable early detection of related activity. 2) Enhance monitoring of network traffic and endpoint behavior for anomalies that may correlate with emerging malware patterns, even if not explicitly identified in this report. 3) Maintain up-to-date threat intelligence feeds and participate in information sharing communities such as CERT-EU and sector-specific ISACs to receive timely updates on any escalation or new findings related to these IOCs. 4) Conduct regular security awareness training emphasizing the importance of recognizing suspicious activity and reporting potential incidents promptly. 5) Implement strict access controls and network segmentation to limit potential lateral movement should any malware attempt to exploit vulnerabilities in the future. 6) Prepare incident response plans that can rapidly incorporate new threat intelligence and adapt to evolving malware tactics. These steps go beyond generic advice by emphasizing the integration of OSINT-derived IOCs into operational security workflows and fostering collaborative defense mechanisms within the European cybersecurity ecosystem.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- abb29d66-2adb-4e86-8089-7a14ed824a44
- Original Timestamp
- 1736467385
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file101.132.154.90 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file47.116.213.201 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file38.207.171.156 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file206.206.76.193 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file8.148.6.140 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file43.133.36.25 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file172.245.210.113 | Sliver botnet C2 server (confidence level: 50%) | |
file18.218.8.239 | Sliver botnet C2 server (confidence level: 50%) | |
file45.55.171.200 | Sliver botnet C2 server (confidence level: 50%) | |
file125.103.71.200 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file47.98.40.4 | Unknown malware botnet C2 server (confidence level: 50%) | |
file45.95.169.129 | Mirai botnet C2 server (confidence level: 75%) | |
file8.152.219.98 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file166.108.195.169 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file38.129.66.6 | Unknown malware botnet C2 server (confidence level: 50%) | |
file45.138.16.236 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file147.185.221.24 | NjRAT botnet C2 server (confidence level: 75%) | |
file39.104.28.176 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.91.64.40 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.223.3.146 | Remcos botnet C2 server (confidence level: 100%) | |
file172.111.252.249 | Remcos botnet C2 server (confidence level: 100%) | |
file45.88.91.207 | Remcos botnet C2 server (confidence level: 100%) | |
file185.195.64.115 | Remcos botnet C2 server (confidence level: 100%) | |
file45.200.51.19 | Remcos botnet C2 server (confidence level: 100%) | |
file198.244.238.84 | Remcos botnet C2 server (confidence level: 100%) | |
file156.245.19.15 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file85.239.237.148 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file111.173.106.115 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file188.120.254.229 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.108.145.133 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file62.109.30.217 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.126.15.202 | Sliver botnet C2 server (confidence level: 100%) | |
file94.159.113.213 | Matanbuchus botnet C2 server (confidence level: 100%) | |
file98.70.54.204 | Hook botnet C2 server (confidence level: 100%) | |
file159.223.171.199 | Venom RAT botnet C2 server (confidence level: 100%) | |
file187.56.238.128 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file115.120.225.7 | Unknown malware botnet C2 server (confidence level: 100%) | |
file121.36.4.116 | Unknown malware botnet C2 server (confidence level: 100%) | |
file14.128.37.56 | Unknown malware botnet C2 server (confidence level: 100%) | |
file120.26.120.100 | Unknown malware botnet C2 server (confidence level: 100%) | |
file121.41.1.87 | Unknown malware botnet C2 server (confidence level: 100%) | |
file49.12.67.17 | Unknown malware botnet C2 server (confidence level: 100%) | |
file140.238.244.115 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.78.176.245 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.29.186.225 | Unknown malware botnet C2 server (confidence level: 100%) | |
file67.205.152.22 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.53.190.233 | Unknown malware botnet C2 server (confidence level: 100%) | |
file167.99.20.79 | Unknown malware botnet C2 server (confidence level: 100%) | |
file207.148.1.212 | Unknown malware botnet C2 server (confidence level: 100%) | |
file192.155.90.71 | Unknown malware botnet C2 server (confidence level: 100%) | |
file67.205.137.225 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.128.74.228 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.138.16.193 | xmrig botnet C2 server (confidence level: 50%) | |
file5.252.153.10 | Remcos botnet C2 server (confidence level: 75%) | |
file45.149.241.217 | Nanocore RAT botnet C2 server (confidence level: 50%) | |
file86.162.137.60 | Nanocore RAT botnet C2 server (confidence level: 50%) | |
file138.197.14.247 | Sliver botnet C2 server (confidence level: 50%) | |
file45.174.16.110 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file51.158.167.123 | Unknown malware botnet C2 server (confidence level: 50%) | |
file208.85.19.241 | Unknown malware botnet C2 server (confidence level: 50%) | |
file43.163.80.208 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file159.75.229.64 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file113.45.171.5 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.207.171.156 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file193.134.210.161 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file119.28.65.139 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.12.1.42 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file59.110.136.135 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.97.90.187 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file14.128.37.56 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.60.1.127 | Unknown malware botnet C2 server (confidence level: 100%) | |
file128.90.106.188 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file98.70.54.204 | Hook botnet C2 server (confidence level: 100%) | |
file111.231.57.250 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file143.198.202.107 | Venom RAT botnet C2 server (confidence level: 100%) | |
file3.111.34.33 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file3.111.34.33 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file45.155.250.30 | Unknown malware botnet C2 server (confidence level: 100%) | |
file94.198.40.6 | BianLian botnet C2 server (confidence level: 100%) | |
file103.107.104.61 | PlugX botnet C2 server (confidence level: 90%) | |
file87.120.116.245 | Remcos botnet C2 server (confidence level: 75%) | |
file38.134.148.108 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file154.37.221.253 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file45.114.60.56 | Sliver botnet C2 server (confidence level: 50%) | |
file66.23.205.235 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file65.2.121.244 | Unknown malware botnet C2 server (confidence level: 50%) | |
file154.42.164.142 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file79.140.230.226 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file18.212.27.17 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file65.116.183.70 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file137.117.193.178 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file2.140.190.104 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file61.76.179.79 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file54.152.83.70 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file80.229.15.254 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file52.142.146.146 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file81.45.67.197 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file37.97.101.75 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file51.20.250.8 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file5.205.127.254 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file1.94.232.200 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file82.156.0.140 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.24.179.18 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file112.74.184.37 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.36.117.41 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.148.144.62 | Remcos botnet C2 server (confidence level: 100%) | |
file45.200.51.22 | Remcos botnet C2 server (confidence level: 100%) | |
file42.228.212.72 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.12.253.45 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file102.117.172.27 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.12.134.181 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file57.129.80.87 | Havoc botnet C2 server (confidence level: 100%) | |
file43.201.0.57 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file45.61.158.240 | Crimson RAT botnet C2 server (confidence level: 100%) | |
file198.98.53.199 | Kaiji botnet C2 server (confidence level: 100%) | |
file198.98.60.244 | MooBot botnet C2 server (confidence level: 100%) | |
file192.95.19.98 | Sliver botnet C2 server (confidence level: 100%) | |
file192.95.19.98 | Sliver botnet C2 server (confidence level: 100%) | |
file34.126.154.165 | Sliver botnet C2 server (confidence level: 100%) | |
file49.12.115.0 | Vidar botnet C2 server (confidence level: 100%) | |
file95.217.24.143 | Vidar botnet C2 server (confidence level: 100%) | |
file147.124.212.147 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file147.185.221.22 | NjRAT botnet C2 server (confidence level: 75%) | |
file188.55.202.22 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file87.120.116.245 | Remcos botnet C2 server (confidence level: 75%) | |
file78.135.83.58 | DCRat botnet C2 server (confidence level: 100%) | |
file185.241.208.178 | Sliver botnet C2 server (confidence level: 50%) | |
file185.23.238.145 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file120.53.249.148 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file79.133.51.126 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file85.239.246.117 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file115.120.210.236 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file4.145.106.87 | Sliver botnet C2 server (confidence level: 100%) | |
file43.246.208.207 | ShadowPad botnet C2 server (confidence level: 90%) | |
file108.61.177.39 | Unknown malware botnet C2 server (confidence level: 100%) | |
file20.8.97.39 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.191.204.120 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file120.48.34.233 | Kaiji botnet C2 server (confidence level: 100%) | |
file156.244.19.7 | MimiKatz botnet C2 server (confidence level: 100%) | |
file178.215.224.223 | NjRAT botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash2087 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash6666 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8083 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash161 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash9205 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash3778 | Mirai botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash9998 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash5001 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash47287 | NjRAT botnet C2 server (confidence level: 75%) | |
hash999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8089 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8884 | Remcos botnet C2 server (confidence level: 100%) | |
hash3958 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1998 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash25512 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash33892 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20001 | Sliver botnet C2 server (confidence level: 100%) | |
hash80 | Matanbuchus botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash5000 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7575 | xmrig botnet C2 server (confidence level: 50%) | |
hash4447 | Remcos botnet C2 server (confidence level: 75%) | |
hash54984 | Nanocore RAT botnet C2 server (confidence level: 50%) | |
hash54984 | Nanocore RAT botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash53 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash2095 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash180 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9999 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash9600 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash5000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash20256 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash19556 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash20001 | BianLian botnet C2 server (confidence level: 100%) | |
hash931396d6332709956237cf76ee246b01 | Unknown malware payload (confidence level: 50%) | |
hash08f630cc1005bad662dcdd478fff28d3 | Unknown malware payload (confidence level: 50%) | |
hash00b1dbb467fd9362fd4f5a3e76ef16f3b4abe4fb620e62aa00a7bdae67c0042a | Rhadamanthys payload (confidence level: 100%) | |
hasha6e44787ce9ccbcf4b60bb74db99a6f1954b0404f42de69b7b3294a3597e2848 | Rhadamanthys payload (confidence level: 100%) | |
hashe6c75ba5d611e79d680ea437a8d874d2d001003fd2297c0f20f1ed06471bc002 | Lumma Stealer payload (confidence level: 100%) | |
hash7d54679530cec59ef4c71f059c3b6da8f654e2a316fa4689319db0ab35572880 | Coinminer payload (confidence level: 100%) | |
hash8975061562d23fe044b62d89324687e6f03203062c6c026797795df247f4be30 | Coinminer payload (confidence level: 100%) | |
hashe3dbee51df9dd78d9b3d643f7d7f9c7cb84b88819647d436f1a595d7c1a51e87 | Coinminer payload (confidence level: 100%) | |
hash810838fe05bf0fac2ca9659efa6d2d5bb6f0e324ce9330ad1ba6ec636844fb84 | Coinminer payload (confidence level: 100%) | |
hash70c8b18ece14adc1d775e9eb5c4de116f2d4a283818ad69dd967fc1127130ec2 | NjRAT payload (confidence level: 100%) | |
hash443 | PlugX botnet C2 server (confidence level: 90%) | |
hash2404 | Remcos botnet C2 server (confidence level: 75%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash6000 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash4949 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash593 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash6000 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash6001 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash6001 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash4150 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash6000 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash6000 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash5432 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash5001 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash55554 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash6001 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7004 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash5873 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7077 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8443 | Havoc botnet C2 server (confidence level: 100%) | |
hash3000 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash1912 | Crimson RAT botnet C2 server (confidence level: 100%) | |
hash808 | Kaiji botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash80 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash2376 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1108 | NjRAT botnet C2 server (confidence level: 75%) | |
hash1337 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash2400 | Remcos botnet C2 server (confidence level: 75%) | |
hash7777 | DCRat botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash40001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8080 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash995 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash808 | Kaiji botnet C2 server (confidence level: 100%) | |
hash8000 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash1985 | NjRAT botnet C2 server (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://94.142.138.48/f9f76ae4bb7811d9.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttps://162.0.238.10/752e382b4dcf5e3f.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttps://94.142.138.48/54982f23330528c2/vcruntime140.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttps://94.142.138.48/54982f23330528c2/sqlite3.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttps://94.142.138.48/54982f23330528c2/mozglue.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttps://162.0.238.10/dbe4ef521ee4cc21/vcruntime140.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttps://162.0.238.10/dbe4ef521ee4cc21/sqlite3.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttps://162.0.238.10/dbe4ef521ee4cc21/mozglue.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://clustersf.com/ray-verify.html | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttp://93.123.109.246/ | Hook botnet C2 (confidence level: 50%) | |
urlhttp://185.177.239.211/ | Hook botnet C2 (confidence level: 50%) | |
urlhttps://r2build.shop | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.217.24.143 | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://62.109.16.145/protect4dump/externalupdatedle/requestlongpollpublicrequest/cdnjs/linuxasyncjavascript/provider/trafficuniversalapi/vmjavascripteternal1/db/requestdatalife/imagevideolineserverprotectlinuxasynctest.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://95.215.207.195/86fcb855254ff44e/sqlite3.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://95.215.207.195/86fcb855254ff44e/mozglue.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://157.90.248.141/d9e00e90e18cf915/vcruntime140.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://98.70.54.204/ | Hook botnet C2 (confidence level: 50%) | |
urlhttps://pub-9c4ec7f3f95c448b85e464d2b533aac1.r2.dev/captcha-verify-approvals-system.html | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://sos-de-muc-1.exo.io/asist/last/check/keep-browsing-to-continue-s7.html | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttp://generatorauc.pro/676532b046cfbdecfd800dbf?c=abvpfmd9zwuaa4acaelufwasaaaaaabg | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://exodvs.com/4e1q.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://exodvs.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://49.12.115.0/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://116.203.13.109/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.217.24.143/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://r2build.shop/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://binoto.site/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://jejmbadfmeenlnk.top/1.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://bingazo.digital/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://bingazo.digital/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://bingazo.digital/work/download.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://mffaccessories.com/zz.zip | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://178.22.31.96/cb8373ac6348bc41/sqlite3.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://95.215.207.195/86fcb855254ff44e/vcruntime140.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://sat-triumph.gl.at.ply.gg:1108 | NjRAT botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/raw/fevfje98 | DCRat botnet C2 (confidence level: 50%) | |
urlhttp://517300cm.renyash.ru/pipejavascriptdefaulttrafficwp.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://47.121.190.121:81/r9dn | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://ce17561.tw1.ru/321b99b3.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://a1071290.xsph.ru/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://ch28439.tw1.ru/4ecb2f9a.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://bashusolici.sbs/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://freefacerz.sbs/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://flockanxiius.sbs/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://thumpecnskeak.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://fraggielek.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://spookycappy.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://nuttyshopr.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://grandiouseziu.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://punishzement.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://truculengisau.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://reallycaster.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://lumbersayr.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://exultanturue.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://greatvacuutos.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://convergelivek.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://nippypreciosu.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://desiredirefus.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://charminammoc.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://induceboori.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://inventcopper.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://lethalrleju.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://imbibegoos.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://relatiounces.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://fishubuckerz.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://breathauthorit.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://robinwindyu.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://chiefdramatico.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://brasspausez.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://migratteabid.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://advicebedsu.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://shearairybom.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://secretarydiff.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://47.121.190.121:81/agdq | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://a1071196.xsph.ru/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainabc248597df-25592.portmap.host | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domaincode1.ydns.eu | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainproxy-23784689475645.com | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainrency.ydns.eu | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainubxn6j9dc.localto.net | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainwqo9.firewall-gateway.de | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainluiscaseres.gleeze.com | Remcos botnet C2 domain (confidence level: 50%) | |
domainteebro1800.dynamic-dns.net | Remcos botnet C2 domain (confidence level: 50%) | |
domainteewire.ydns.eu | Remcos botnet C2 domain (confidence level: 50%) | |
domainergsea.ydns.eu | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainfinancial-amanda.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 75%) | |
domainmyaccount.app-cloud.link | Havoc botnet C2 domain (confidence level: 100%) | |
domainok.microsoft.upgrade1.zip | Havoc botnet C2 domain (confidence level: 100%) | |
domainevents.api.microsoft.upgrade1.zip | Havoc botnet C2 domain (confidence level: 100%) | |
domainacc.microsoft.upgrade1.zip | Havoc botnet C2 domain (confidence level: 100%) | |
domainr2build.shop | Vidar botnet C2 domain (confidence level: 100%) | |
domainwww.brabuk.info | Hook botnet C2 domain (confidence level: 100%) | |
domainres.upgrade1.zip | Havoc botnet C2 domain (confidence level: 100%) | |
domainwoo-headless-bcknd.maksimer.es | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainlive.microsoft-onedrive.upgrade1.zip | Havoc botnet C2 domain (confidence level: 100%) | |
domainwww.microsoft-onedrive.trunetkings.xyz.trunetkings.xyz | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainquinceisoz.cam | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainstatic.buyweatherstriponline.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainrelivonline.com | PlugX botnet C2 domain (confidence level: 75%) | |
domainfrillsforspills.com | PlugX botnet C2 domain (confidence level: 75%) | |
domainexodvs.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainokta.mllcrosoft.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincsp.mllcrosoft.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainclamfluffys.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbinoto.site | Vidar botnet C2 domain (confidence level: 100%) | |
domainhoppricerwir.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbingazo.digital | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainsat-triumph.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 75%) | |
domaino0p2e195m0-34052.portmap.host | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainf1072181.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaincg15356.tw1.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainf1072439.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1070543.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainartemcw8.beget.tech | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1037709.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainsecretarydiff.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainadvicebedsu.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainshearairybom.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmigratteabid.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbrasspausez.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainchiefdramatico.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainrobinwindyu.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbreathauthorit.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainrelatiounces.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfishubuckerz.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainimbibegoos.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainlethalrleju.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaininventcopper.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaininduceboori.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincharminammoc.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindesiredirefus.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainnippypreciosu.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainconvergelivek.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingreatvacuutos.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainexultanturue.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainlumbersayr.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainreallycaster.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintruculengisau.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpunishzement.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingrandiouseziu.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainnuttyshopr.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainspookycappy.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfraggielek.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainthumpecnskeak.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainflockanxiius.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfreefacerz.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbashusolici.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainoneyt1vt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainpforten14.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainptwenten20.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainptreten13vt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainonetj1vs.top | CryptBot botnet C2 domain (confidence level: 100%) |
Threat ID: 682c7dc3e8347ec82d2e1a2c
Added to database: 5/20/2025, 1:04:03 PM
Last enriched: 6/19/2025, 3:48:00 PM
Last updated: 8/13/2025, 6:34:50 PM
Views: 17
Related Threats
ThreatFox IOCs for 2025-08-13
MediumMalwareThu Aug 14 2025
Efimer Trojan Steals Crypto, Hacks WordPress Sites via Torrents and Phishing
MediumMalwareWed Aug 13 2025
Silent Watcher: Dissecting Cmimai Stealer's VBS Payload
MediumMalwareWed Aug 13 2025
CastleLoader Analysis
MediumMalwareWed Aug 13 2025
The Dark Side of Parental Control Apps
MediumMalwareWed Aug 13 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.