Reconnecting to live updates…
ThreatFox IOCs for 2025-01-13
Severity: mediumType: malware
ThreatFox IOCs for 2025-01-13
AI Analysis
Technical Summary
The provided threat intelligence pertains to a malware-related report titled 'ThreatFox IOCs for 2025-01-13,' sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under 'malware' with a medium severity rating and is tagged as 'type:osint' and 'tlp:white,' indicating that the information is openly shareable without restrictions. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination potential. However, there are no specific affected product versions, CWE identifiers, patch links, or known exploits in the wild associated with this threat. Additionally, no concrete indicators such as file hashes, IP addresses, or domain names are provided, limiting the ability to perform targeted detection or response. The absence of detailed technical indicators and exploit information implies that this report is more of a preparatory or informational nature, possibly aggregating IOCs for future reference rather than describing an active or imminent threat. The 'osint' product tag suggests that this intelligence is derived from open-source intelligence gathering rather than proprietary or closed-source detection methods. Overall, this threat intelligence entry appears to be a general update or collection of IOCs related to malware activity without immediate actionable exploitation details.
Potential Impact
Given the lack of specific technical indicators, affected software versions, or known active exploits, the immediate impact on European organizations is likely limited. However, the medium severity rating and moderate distribution score indicate that the malware or associated IOCs could be part of a broader campaign or emerging threat that may evolve. European organizations, especially those relying on open-source intelligence tools or platforms that aggregate such data, might face risks if these IOCs correspond to malware variants targeting their environments. Potential impacts include unauthorized access, data exfiltration, or disruption if the malware is deployed successfully. The absence of known exploits in the wild reduces the likelihood of immediate compromise but does not eliminate future risk. Organizations involved in cybersecurity monitoring, threat hunting, or incident response could benefit from integrating these IOCs into their detection frameworks to enhance situational awareness. The impact is more pronounced for sectors with high exposure to malware threats, such as finance, critical infrastructure, and government entities within Europe.
Mitigation Recommendations
1. Integrate the provided IOCs from ThreatFox into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities, even though specific indicators are not listed here, organizations should monitor ThreatFox for updates. 2. Maintain up-to-date threat intelligence feeds and subscribe to platforms like ThreatFox to receive timely IOC updates and contextual information. 3. Conduct regular threat hunting exercises focusing on malware behaviors and patterns that align with the medium severity threat level indicated. 4. Ensure robust endpoint protection solutions are deployed and configured to detect and block malware activities, including heuristic and behavioral analysis capabilities. 5. Implement network segmentation and strict access controls to limit malware propagation in case of infection. 6. Educate security teams on the importance of open-source intelligence and how to leverage TLP:white tagged information responsibly. 7. Since no patches or CVEs are associated, focus on proactive monitoring and anomaly detection rather than patch management for this specific threat. 8. Collaborate with European cybersecurity information sharing organizations (e.g., ENISA, CERT-EU) to contextualize and respond to emerging threats effectively.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- domain: daxon.giize.com
- file: 45.61.159.148
- hash: 1111
- domain: awake-weaves.cyou
- domain: sordid-snaked.cyou
- domain: wrathful-jammy.cyou
- domain: japanese-cross.gl.at.ply.gg
- domain: p8stolo-29468.portmap.host
- domain: adilfgilitter-43126.portmap.host
- domain: awiero-42728.portmap.host
- domain: edit-beats.gl.at.ply.gg
- domain: plan-view.gl.at.ply.gg
- domain: right-cleared.gl.at.ply.gg
- domain: sale-er.gl.at.ply.gg
- domain: storage-plugin.gl.at.ply.gg
- domain: misha-lomonosov.com
- url: https://pbvtckjkrtht.top/ytzhzjlioddlyti4/
- file: 87.120.126.73
- hash: 8000
- file: 203.227.62.91
- hash: 443
- file: 38.55.193.31
- hash: 443
- file: 108.165.237.230
- hash: 8808
- file: 141.95.114.241
- hash: 8808
- file: 167.114.145.155
- hash: 8808
- file: 185.101.104.3
- hash: 8808
- file: 54.179.92.3
- hash: 443
- file: 181.162.162.136
- hash: 8080
- domain: res.mllcrosoft.com
- file: 185.196.10.2
- hash: 443
- url: http://175.148.157.145:47965/mozi.m
- domain: dckhgjimeghemhl.top
- url: http://dckhgjimeghemhl.top/0obs5ktr2vhtr.php?id=vault&key=76127545828&s=527
- url: http://jejmbadfmeenlnk.top/tfm6euy09zhtr.php
- domain: jejmbadfmeenlnk.top
- url: http://canjjclmlnicbga.top/vo50gtns7dhtr.php
- domain: canjjclmlnicbga.top
- domain: kmaealcfcalhcac.top
- url: http://kmaealcfcalhcac.top/qzotx2r4w7htr.php
- file: 64.190.113.229
- hash: 80
- domain: bmbuz83hhhhg73.top
- domain: ksdgbx9oenj.top
- domain: pitibnzi4un.top
- domain: afnfdijahijefmh.top
- domain: iblaehgffmflamn.top
- domain: bfhdkgmmhdbikgj.top
- domain: kdemjgebjimkanl.top
- domain: cmacnnkfbhlcncm.top
- domain: bkkeiekjfcdaaen.top
- domain: jlijkijkkklbkjn.top
- domain: ruhybh74ub.top
- domain: fdsgujhnby.top
- domain: mubuzb3vvv.top
- domain: mnudybh4unh.top
- domain: mbuz73hb7z3.top
- domain: nubxz4ubhxz9i.top
- domain: poeiughybzu222.top
- domain: poubnxu3jubz.top
- domain: lgbibzuehbz.top
- domain: ohunhebzhbu3.top
- domain: sdubvlbbuz3vzzz.top
- domain: bnbuzu49ibz4.top
- domain: shd9inbjz4.top
- domain: ngub8zb38ib.top
- domain: gkn33hxueub.top
- domain: mnvuz3gvy3.top
- domain: jhubzgv3.top
- domain: bmadfjbhnijhckh.top
- domain: jhkenjhehiadfbn.top
- domain: fgghahagiiekjhg.top
- domain: nbcjihgecijhmnl.top
- domain: hkmlchlbjibdafd.top
- domain: bginkhdndigadkj.top
- file: 104.168.45.25
- hash: 80
- file: 18.212.130.9
- hash: 4443
- file: 198.12.127.223
- hash: 80
- domain: miutubzxe.top
- domain: ghybu8as.top
- domain: iiuthbuzev.top
- domain: bnayvhgb8.top
- domain: kffgkjmjangegkg.top
- domain: gnmdjjckbgddaie.top
- domain: cignjjgmdnbchhc.top
- domain: mcajijknegnbbga.top
- domain: ikhgijabfnkajem.top
- domain: eebchjechginddk.top
- domain: anjmhjidinfmlci.top
- domain: khcjgjmfjgdleag.top
- domain: gbkffjcglabkmne.top
- domain: ckebfjgimhmjgmb.top
- domain: melmejkjaakiakn.top
- domain: imfiejalbhhgijl.top
- domain: ehnediemcaffbij.top
- domain: abhbdiiaehdejgh.top
- domain: kjalcimbfaaddff.top
- domain: gdihcicdghmcldd.top
- domain: cmcebigeiajbfcb.top
- domain: mgjabikgjhhambm.top
- domain: iadkainhkafngnk.top
- domain: ejlhaidjmhcmami.top
- file: 162.33.178.216
- hash: 80
- file: 64.52.80.74
- hash: 80
- file: 45.61.136.166
- hash: 80
- file: 64.52.80.100
- hash: 80
- file: 54.83.104.93
- hash: 1433
- file: 45.77.153.108
- hash: 80
- file: 45.77.153.108
- hash: 443
- file: 64.176.35.214
- hash: 443
- domain: cpcontacts.sumup.live
- file: 198.167.199.190
- hash: 19132
- file: 190.203.34.71
- hash: 443
- file: 165.227.237.151
- hash: 443
- domain: g.sst.upgrade1.zip
- file: 41.250.78.102
- hash: 4099
- file: 41.250.78.102
- hash: 21309
- file: 41.250.78.102
- hash: 2080
- file: 41.250.78.102
- hash: 17309
- file: 41.250.78.102
- hash: 49152
- file: 41.250.78.102
- hash: 1311
- file: 41.250.78.102
- hash: 7547
- file: 41.250.78.102
- hash: 35304
- file: 41.250.78.102
- hash: 37777
- file: 41.250.78.102
- hash: 44818
- file: 41.250.78.102
- hash: 788
- file: 41.250.78.102
- hash: 3631
- file: 41.250.78.102
- hash: 5168
- file: 41.250.78.102
- hash: 1912
- file: 41.250.78.102
- hash: 2083
- file: 41.250.78.102
- hash: 23066
- file: 41.250.78.102
- hash: 8636
- file: 41.250.78.102
- hash: 33635
- file: 41.250.78.102
- hash: 13401
- file: 41.250.78.102
- hash: 24531
- file: 41.250.78.102
- hash: 2222
- file: 41.250.78.102
- hash: 2323
- file: 41.250.78.102
- hash: 8080
- file: 41.250.78.102
- hash: 2456
- file: 41.250.78.102
- hash: 10443
- file: 41.250.78.102
- hash: 20935
- file: 41.250.78.102
- hash: 65306
- file: 41.250.78.102
- hash: 6362
- file: 41.250.78.102
- hash: 8081
- file: 41.250.78.102
- hash: 50172
- file: 41.250.78.102
- hash: 4444
- file: 41.250.78.102
- hash: 17777
- file: 41.250.78.102
- hash: 24312
- file: 41.250.78.102
- hash: 10239
- file: 41.250.78.102
- hash: 12226
- file: 41.250.78.102
- hash: 1961
- file: 41.250.78.102
- hash: 2087
- file: 41.250.78.102
- hash: 2380
- file: 41.250.78.102
- hash: 28498
- file: 41.250.78.102
- hash: 42246
- file: 41.250.78.102
- hash: 16993
- file: 41.250.78.102
- hash: 49646
- file: 41.250.78.102
- hash: 80
- file: 41.250.78.102
- hash: 789
- file: 41.250.78.102
- hash: 10814
- file: 41.250.78.102
- hash: 8443
- file: 41.250.78.102
- hash: 22222
- file: 41.250.78.102
- hash: 554
- file: 41.250.78.102
- hash: 4541
- file: 41.250.78.102
- hash: 16417
- file: 41.250.78.102
- hash: 5433
- file: 41.250.78.102
- hash: 12598
- file: 41.250.78.102
- hash: 41700
- file: 144.202.127.142
- hash: 80
- domain: info.royalreturns.org
- file: 147.182.231.136
- hash: 3333
- domain: wings.pokemulti.fr
- file: 86.120.23.71
- hash: 5000
- file: 88.198.119.36
- hash: 443
- file: 1.94.61.238
- hash: 60000
- file: 74.225.130.162
- hash: 443
- file: 185.119.90.224
- hash: 3333
- file: 217.160.234.90
- hash: 3553
- file: 46.101.33.238
- hash: 3333
- file: 159.75.174.58
- hash: 9205
- file: 138.199.149.107
- hash: 443
- file: 212.227.80.125
- hash: 8443
- file: 41.230.194.38
- hash: 443
- hash: 834f137f9039041bccb4b414154a596c
- hash: b99bdb8880e4ef03727885ea50a4a2fc
- domain: maximu.sbs
- url: https://116.203.166.124
- hash: 73744280fb8e7db578c9303b7620fb16
- url: http://103.200.85.238:59852/mozi.m
- hash: c233aec7917cf34294c19dd60ff79a6e0fac5ed6f0cb57af98013c08201a7a1c
- hash: 66dbf939c00b09d8d22c692864b68c4a602e7a59c4b925b2e2bef57b1ad047bd
- hash: dcf536edd67a98868759f4e72bcbd1f4404c70048a2a3257e77d8af06cb036ac
- hash: b1ef7b267d887e34bf0242a94b38e7dc9fd5e6f8b2c5c440ce4ec98cc74642fb
- hash: 5226ea8e0f516565ba825a1bbed10020982c16414750237068b602c5b4ac6abd
- hash: e622f3b743c7fc0a011b07a2e656aa2b5e50a4876721bcf1f405d582ca4cda22
- hash: 20ed21bfdb7aa970b12e7368eba8e26a711752f1cc5416b6fd6629d0e2a44e5d
- hash: dd15ce869aa79884753e3baad19b0437075202be86268b84f3ec2303e1ecd966
- hash: 7e223a685d5324491bcacf3127869f9f3ec5d5100c5e7cb5af45a227e6ab4603
- domain: order.buyanemostatonline.com
- file: 52.212.200.0
- hash: 4949
- file: 103.68.251.141
- hash: 1604
- file: 154.91.4.5
- hash: 3333
- file: 181.50.73.64
- hash: 9398
- file: 116.203.11.8
- hash: 443
- url: https://maximu.sbs/
- url: https://88.198.119.36/
- file: 47.128.167.72
- hash: 81
- file: 178.255.222.6
- hash: 8080
- domain: sub172.duckdns.org
- file: 94.232.40.32
- hash: 443
- file: 124.70.134.194
- hash: 443
- file: 212.34.147.3
- hash: 80
- domain: interacdeposittransfer10001.com
- file: 121.199.10.233
- hash: 443
- file: 5.252.178.185
- hash: 8080
- file: 144.217.36.75
- hash: 8808
- file: 88.243.168.51
- hash: 20000
- file: 39.100.75.168
- hash: 7443
- file: 79.241.99.57
- hash: 82
- file: 77.105.147.74
- hash: 4000
- file: 85.239.54.99
- hash: 5362
- url: http://106.53.83.169:60127/updates.rss
- file: 93.123.109.39
- hash: 4449
- url: http://this-is-the.b-cdn.net/last/stage/verification/pass-this-step-to-continue.html
- url: http://you-have-to-i.b-cdn.net/last/stage/verification/pass-this-step-to-continue.html
- file: 91.193.19.109
- hash: 13333
- file: 50.18.195.138
- hash: 8444
- file: 195.177.92.88
- hash: 1912
- file: 217.69.2.169
- hash: 80
- domain: mailg-id.one
- domain: ados.fyicompsol.xyz
- domain: kens.fyicompsol.xyz
- domain: kila.fyicompsol.xyz
- domain: rkde.fyicompsol.xyz
- domain: alshamtech.nl
- domain: valhafather.xyz
- domain: fqbe23.xyz
- url: https://prpages.com/4e2e.js
- domain: prpages.com
- url: https://prpages.com/js.php
- url: http://lggknhaffleahbh.top/1.php
- domain: offerszone.click
- domain: sharethewebs.cfd
- domain: wordpress-redirect.biz
- domain: valhafather.xyz
- domain: fqbe23.xyz
- domain: email.gov.in.ministryofdefenceindia.link
- file: 52.73.20.0
- hash: 80
- file: 89.117.109.189
- hash: 31337
- file: 165.22.91.195
- hash: 10001
- file: 72.5.43.162
- hash: 444
- url: https://94.156.177.41/mars/five/pvqdq929bsx_a_d_m1n_a.php
- url: https://77.83.175.91/69d96d770568584a.php
- url: https://77.220.212.32/eb51242cada87444.php
- url: http://154.216.20.246/f493d73b2e06dbd2/sqlite3.dll
- url: http://154.216.20.246/f493d73b2e06dbd2/mozglue.dll
- url: https://45.88.76.207/4b4e7c1351c9e2eb/sqlite3.dll
- url: http://147.45.44.190/dace046278f1f1ba/vcruntime140.dll
- url: http://147.45.44.190/dace046278f1f1ba/sqlite3.dll
- url: http://62.204.41.163/2c3d53f1da5ea53a/vcruntime140.dll
- url: http://5.188.86.231/20bec3f306af6847/vcruntime140.dll
- url: http://5.188.86.231/20bec3f306af6847/sqlite3.dll
- domain: vpsdns.casacam.net
- domain: awake-weaves.cyou
- domain: covery-mover.biz
- domain: dare-curbys.biz
- domain: dwell-exclaim.biz
- domain: fixxyplanterv.click
- domain: formy-spill.biz
- domain: impend-differ.biz
- domain: mutterunurse.click
- domain: print-vexer.biz
- domain: se-blurry.biz
- domain: sordid-snaked.cyou
- domain: wrathful-jammy.cyou
- domain: zinc-sneark.biz
- domain: accommodation-necessity.gl.at.ply.gg
- domain: adilfgilitter-43126.portmap.host
- domain: around-surprise.gl.at.ply.gg
- domain: edit-beats.gl.at.ply.gg
- domain: likejunk-40343.portmap.host
- domain: right-cleared.gl.at.ply.gg
- file: 23.247.130.245
- hash: 80
- file: 148.135.86.38
- hash: 80
- file: 207.148.121.17
- hash: 8080
- file: 38.134.148.115
- hash: 443
- file: 47.120.60.180
- hash: 2222
- file: 49.232.65.225
- hash: 6005
- file: 111.180.144.115
- hash: 8888
- file: 173.44.139.179
- hash: 80
- file: 31.58.169.105
- hash: 6606
- file: 31.58.169.105
- hash: 7707
- file: 91.191.213.118
- hash: 6606
- file: 87.120.116.169
- hash: 7707
- file: 188.127.247.213
- hash: 6606
- file: 188.127.247.213
- hash: 7707
- file: 128.90.113.97
- hash: 9999
- file: 67.219.111.218
- hash: 7443
- file: 195.133.51.108
- hash: 443
- domain: floradocs.live
- domain: wordpress-redirect.biz
- domain: data-redirect.biz
- domain: wordpress-request.com
- domain: wordpress-defense.com
- domain: redirect-security.digital
- domain: wordpress-secirity.org
- domain: wordpress-safety.org
- domain: wordpress-team.org
- domain: wordpress-control.org
- domain: wordpress-secure.org
- domain: serverproxy-v2homes.life
- domain: panel-alert-v1.homes
- file: 198.12.127.223
- hash: 443
- file: 54.162.3.167
- hash: 1433
- domain: js-stats.com
- domain: googlsearchings.shop
- domain: googlsearchings.sbs
- domain: googlsearchings.online
- domain: googlsearchings.guru
- domain: googlsearchings.cfd
- domain: googlsearchings.art
- domain: royaltyfree.click
- domain: royaltyfree.pics
- domain: sharethewebs.click
- domain: sharethewebs.online
- domain: sharethewebs.art
- domain: royaltyfree.quest
- domain: googlsearchings.click
- domain: googlsearchings.quest
- domain: googlsearchings.xyz
- domain: googlsearchings.wiki
- domain: googlsearchings.site
- url: http://www.eautylab.fun/g10y/
- url: https://taymodel.top/work/original.js
- domain: taymodel.top
- url: https://taymodel.top/work/index.php
- url: https://taymodel.top/work/help.php
- url: https://mffaccessories.com/debug.zip
- domain: royaltyfree.cfd
- domain: royaltyfree.fun
- domain: royaltyfree.online
- domain: royaltyfree.site
- domain: accept.bar
- domain: amocha.xyz
- domain: cdn-webstats.com
- domain: clearnetfab.net
- domain: fallodick87-78.sbs
- domain: cd.iconstaff.top
- domain: cdn.iconstaff.top
- domain: cdn.inspectdlet.net
- domain: jqueryuslibs.com
- domain: jstatic201.com
- domain: lererikal.org
- domain: mamatmavali.ru
- domain: nothingillegal.bond
- domain: paie-locli.com
- domain: sellerstat.site
- domain: statsseo.com
- domain: statstoday.org
- domain: vincaolet.xyz
- domain: webexcelsior.org
- domain: admin.capctha.world
- domain: capctha.world
- file: 185.77.174.191
- hash: 443
- file: 155.138.225.144
- hash: 2053
- url: http://www.milp.store/2j93/
- domain: curtainykeo.lat
- domain: loodyswif.lat
- domain: urtainykeo.lat
- domain: inickypwk.lat
- domain: ickykiduz.lat
- domain: eggelatez.lat
- domain: iniatureyu.lat
- domain: avorraiykj.lat
- domain: hoefeatthe.lat
- domain: ashyceehsu.lat
- file: 157.230.12.133
- hash: 443
- domain: poisonx.in
- file: 185.174.101.126
- hash: 2405
- file: 212.34.147.3
- hash: 8080
- file: 107.155.93.118
- hash: 8808
- file: 45.149.241.217
- hash: 8808
- domain: microsoft-onedrive.upgrade1.zip
- domain: accounts4.app-cloud.link
- file: 13.208.43.151
- hash: 503
- file: 35.76.114.8
- hash: 56549
- url: https://curtainykeo.lat/api
- url: https://loodyswif.lat/api
- url: https://urtainykeo.lat/api
- url: https://inickypwk.lat/api
- url: https://ickykiduz.lat/api
- url: https://eggelatez.lat/api
- url: https://iniatureyu.lat/api
- url: https://avorraiykj.lat/api
- url: https://hoefeatthe.lat/api
- url: https://ashyceehsu.lat/api
- domain: www.jvsov.top
- file: 110.42.252.7
- hash: 31337
- file: 188.245.67.69
- hash: 31337
- file: 103.57.130.241
- hash: 54984
- file: 118.178.89.212
- hash: 4434
- file: 173.249.54.213
- hash: 4443
- file: 13.208.63.232
- hash: 4282
- file: 147.185.221.24
- hash: 21180
- file: 147.185.221.24
- hash: 4444
- domain: home789.no-ip.biz
- domain: other-little.gl.at.ply.gg
- domain: www.kposlifestyle.design
- file: 194.180.48.18
- hash: 45265
- domain: myskibiditoilet.zapto.org
- url: http://www.se-online.net/g10y/
- url: http://www.sertc.xyz/g10y/
- url: http://www.aelo.xyz/g10y/
- url: http://www.elax.xyz/g10y/
- url: https://royaltyfree.click/api
- domain: identify-wpenglne.com
- url: https://116.203.11.8/
- domain: avgus.rest
- file: 123.60.183.172
- hash: 2443
- file: 164.215.103.82
- hash: 80
- file: 157.230.12.133
- hash: 80
- file: 124.221.5.207
- hash: 1444
- file: 95.214.234.153
- hash: 443
- file: 104.243.35.241
- hash: 8808
- file: 109.199.101.109
- hash: 1000
- file: 91.191.213.118
- hash: 7000
- file: 154.12.229.73
- hash: 8808
- file: 84.32.188.164
- hash: 39635
- file: 45.12.142.154
- hash: 443
- file: 113.44.50.33
- hash: 4782
- file: 3.70.183.47
- hash: 2
- file: 209.151.154.69
- hash: 8000
- file: 115.120.246.236
- hash: 60000
- file: 149.104.30.51
- hash: 60000
- file: 149.28.157.236
- hash: 8888
- file: 197.0.15.67
- hash: 443
- file: 34.42.9.169
- hash: 443
- file: 62.68.75.16
- hash: 40056
- file: 88.234.24.213
- hash: 443
- file: 203.144.184.187
- hash: 8594
- file: 212.115.109.161
- hash: 6000
- domain: elevenff11pn.top
- domain: eternitysystems.online
- domain: cs55120.tw1.ru
- domain: andre2tn.beget.tech
- domain: medicaljummtj.shop
- domain: toppywook.shop
- domain: burnwastefulke.shop
- domain: shootmixxej.shop
- domain: overtyfruitz.shop
- domain: ripehungryde.click
- domain: skatestringje.click
- domain: kiterexchangez.click
- domain: cultureddirtys.click
- domain: produceresov.click
- domain: supplyedtwoz.click
- domain: corruptedusz.cyou
- domain: motivatefaul.cyou
- domain: rifledford.cyou
- domain: breakfasutwy.cyou
- domain: priceygoveiuz.cyou
- domain: welcomeabjesu.cyou
- domain: fascinatterz.cyou
- url: https://fascinatterz.cyou/api
- url: https://welcomeabjesu.cyou/api
- url: https://priceygoveiuz.cyou/api
- url: https://breakfasutwy.cyou/api
- url: https://rifledford.cyou/api
- url: https://motivatefaul.cyou/api
- url: https://corruptedusz.cyou/api
- url: https://supplyedtwoz.click/api
- url: https://produceresov.click/api
- url: https://cultureddirtys.click/api
- url: https://kiterexchangez.click/api
- url: https://skatestringje.click/api
- url: https://ripehungryde.click/api
- url: https://overtyfruitz.shop/api
- url: https://shootmixxej.shop/api
- url: https://burnwastefulke.shop/api
- url: https://medicaljummtj.shop/api
- domain: oneb1pt.top
- domain: thretenb13vs.top
- domain: elevenb11vs.top
- domain: neinb9pt.top
- domain: neinb9vs.top
- domain: tenb10vs.top
- domain: twelverb12vs.top
- file: 85.192.29.60
- hash: 5173
- file: 45.136.51.217
- hash: 5173
ThreatFox IOCs for 2025-01-13
0
MediumPublished: Mon Jan 13 2025 (01/13/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-01-13
AI-Powered Analysis
AILast updated: 06/19/2025, 16:05:34 UTC
Technical Analysis
The provided threat intelligence pertains to a malware-related report titled 'ThreatFox IOCs for 2025-01-13,' sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under 'malware' with a medium severity rating and is tagged as 'type:osint' and 'tlp:white,' indicating that the information is openly shareable without restrictions. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination potential. However, there are no specific affected product versions, CWE identifiers, patch links, or known exploits in the wild associated with this threat. Additionally, no concrete indicators such as file hashes, IP addresses, or domain names are provided, limiting the ability to perform targeted detection or response. The absence of detailed technical indicators and exploit information implies that this report is more of a preparatory or informational nature, possibly aggregating IOCs for future reference rather than describing an active or imminent threat. The 'osint' product tag suggests that this intelligence is derived from open-source intelligence gathering rather than proprietary or closed-source detection methods. Overall, this threat intelligence entry appears to be a general update or collection of IOCs related to malware activity without immediate actionable exploitation details.
Potential Impact
Given the lack of specific technical indicators, affected software versions, or known active exploits, the immediate impact on European organizations is likely limited. However, the medium severity rating and moderate distribution score indicate that the malware or associated IOCs could be part of a broader campaign or emerging threat that may evolve. European organizations, especially those relying on open-source intelligence tools or platforms that aggregate such data, might face risks if these IOCs correspond to malware variants targeting their environments. Potential impacts include unauthorized access, data exfiltration, or disruption if the malware is deployed successfully. The absence of known exploits in the wild reduces the likelihood of immediate compromise but does not eliminate future risk. Organizations involved in cybersecurity monitoring, threat hunting, or incident response could benefit from integrating these IOCs into their detection frameworks to enhance situational awareness. The impact is more pronounced for sectors with high exposure to malware threats, such as finance, critical infrastructure, and government entities within Europe.
Mitigation Recommendations
1. Integrate the provided IOCs from ThreatFox into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities, even though specific indicators are not listed here, organizations should monitor ThreatFox for updates. 2. Maintain up-to-date threat intelligence feeds and subscribe to platforms like ThreatFox to receive timely IOC updates and contextual information. 3. Conduct regular threat hunting exercises focusing on malware behaviors and patterns that align with the medium severity threat level indicated. 4. Ensure robust endpoint protection solutions are deployed and configured to detect and block malware activities, including heuristic and behavioral analysis capabilities. 5. Implement network segmentation and strict access controls to limit malware propagation in case of infection. 6. Educate security teams on the importance of open-source intelligence and how to leverage TLP:white tagged information responsibly. 7. Since no patches or CVEs are associated, focus on proactive monitoring and anomaly detection rather than patch management for this specific threat. 8. Collaborate with European cybersecurity information sharing organizations (e.g., ENISA, CERT-EU) to contextualize and respond to emerging threats effectively.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 959554af-637e-49dd-bf4c-7b91d7a36a11
- Original Timestamp
- 1736812987
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domaindaxon.giize.com | DCRat botnet C2 domain (confidence level: 50%) | |
domainawake-weaves.cyou | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainsordid-snaked.cyou | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainwrathful-jammy.cyou | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainjapanese-cross.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 50%) | |
domainp8stolo-29468.portmap.host | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainadilfgilitter-43126.portmap.host | XWorm botnet C2 domain (confidence level: 50%) | |
domainawiero-42728.portmap.host | XWorm botnet C2 domain (confidence level: 50%) | |
domainedit-beats.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainplan-view.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainright-cleared.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainsale-er.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainstorage-plugin.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainmisha-lomonosov.com | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainres.mllcrosoft.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaindckhgjimeghemhl.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainjejmbadfmeenlnk.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaincanjjclmlnicbga.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainkmaealcfcalhcac.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainbmbuz83hhhhg73.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainksdgbx9oenj.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainpitibnzi4un.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainafnfdijahijefmh.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainiblaehgffmflamn.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainbfhdkgmmhdbikgj.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainkdemjgebjimkanl.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaincmacnnkfbhlcncm.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainbkkeiekjfcdaaen.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainjlijkijkkklbkjn.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainruhybh74ub.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainfdsgujhnby.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainmubuzb3vvv.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainmnudybh4unh.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainmbuz73hb7z3.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainnubxz4ubhxz9i.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainpoeiughybzu222.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainpoubnxu3jubz.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainlgbibzuehbz.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainohunhebzhbu3.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainsdubvlbbuz3vzzz.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainbnbuzu49ibz4.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainshd9inbjz4.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainngub8zb38ib.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaingkn33hxueub.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainmnvuz3gvy3.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainjhubzgv3.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainbmadfjbhnijhckh.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainjhkenjhehiadfbn.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainfgghahagiiekjhg.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainnbcjihgecijhmnl.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainhkmlchlbjibdafd.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainbginkhdndigadkj.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainmiutubzxe.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainghybu8as.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainiiuthbuzev.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainbnayvhgb8.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainkffgkjmjangegkg.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaingnmdjjckbgddaie.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaincignjjgmdnbchhc.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainmcajijknegnbbga.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainikhgijabfnkajem.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaineebchjechginddk.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainanjmhjidinfmlci.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainkhcjgjmfjgdleag.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaingbkffjcglabkmne.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainckebfjgimhmjgmb.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainmelmejkjaakiakn.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainimfiejalbhhgijl.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainehnediemcaffbij.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainabhbdiiaehdejgh.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainkjalcimbfaaddff.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaingdihcicdghmcldd.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaincmcebigeiajbfcb.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainmgjabikgjhhambm.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainiadkainhkafngnk.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainejlhaidjmhcmami.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaincpcontacts.sumup.live | Hook botnet C2 domain (confidence level: 100%) | |
domaing.sst.upgrade1.zip | Havoc botnet C2 domain (confidence level: 100%) | |
domaininfo.royalreturns.org | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainwings.pokemulti.fr | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainmaximu.sbs | Vidar botnet C2 domain (confidence level: 100%) | |
domainorder.buyanemostatonline.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainsub172.duckdns.org | Crimson RAT botnet C2 domain (confidence level: 100%) | |
domaininteracdeposittransfer10001.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainmailg-id.one | DUCKTAIL botnet C2 domain (confidence level: 100%) | |
domainados.fyicompsol.xyz | Spyder Patchwork payload delivery domain (confidence level: 100%) | |
domainkens.fyicompsol.xyz | Spyder Patchwork payload delivery domain (confidence level: 100%) | |
domainkila.fyicompsol.xyz | Spyder Patchwork payload delivery domain (confidence level: 100%) | |
domainrkde.fyicompsol.xyz | Spyder Patchwork payload delivery domain (confidence level: 100%) | |
domainalshamtech.nl | DUCKTAIL payload delivery domain (confidence level: 100%) | |
domainvalhafather.xyz | Unknown malware credit card skimming domain (confidence level: 50%) | |
domainfqbe23.xyz | Unknown malware credit card skimming domain (confidence level: 50%) | |
domainprpages.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainofferszone.click | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domainsharethewebs.cfd | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domainwordpress-redirect.biz | magecart botnet C2 domain (confidence level: 100%) | |
domainvalhafather.xyz | magecart botnet C2 domain (confidence level: 100%) | |
domainfqbe23.xyz | magecart botnet C2 domain (confidence level: 100%) | |
domainemail.gov.in.ministryofdefenceindia.link | Crimson RAT botnet C2 domain (confidence level: 50%) | |
domainvpsdns.casacam.net | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainawake-weaves.cyou | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaincovery-mover.biz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaindare-curbys.biz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaindwell-exclaim.biz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainfixxyplanterv.click | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainformy-spill.biz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainimpend-differ.biz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainmutterunurse.click | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainprint-vexer.biz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainse-blurry.biz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainsordid-snaked.cyou | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainwrathful-jammy.cyou | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainzinc-sneark.biz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainaccommodation-necessity.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainadilfgilitter-43126.portmap.host | XWorm botnet C2 domain (confidence level: 50%) | |
domainaround-surprise.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainedit-beats.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainlikejunk-40343.portmap.host | XWorm botnet C2 domain (confidence level: 50%) | |
domainright-cleared.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainfloradocs.live | Rhadamanthys botnet C2 domain (confidence level: 100%) | |
domainwordpress-redirect.biz | magecart botnet C2 domain (confidence level: 100%) | |
domaindata-redirect.biz | magecart botnet C2 domain (confidence level: 100%) | |
domainwordpress-request.com | magecart botnet C2 domain (confidence level: 100%) | |
domainwordpress-defense.com | magecart botnet C2 domain (confidence level: 100%) | |
domainredirect-security.digital | magecart botnet C2 domain (confidence level: 100%) | |
domainwordpress-secirity.org | magecart botnet C2 domain (confidence level: 100%) | |
domainwordpress-safety.org | magecart botnet C2 domain (confidence level: 100%) | |
domainwordpress-team.org | magecart botnet C2 domain (confidence level: 100%) | |
domainwordpress-control.org | magecart botnet C2 domain (confidence level: 100%) | |
domainwordpress-secure.org | magecart botnet C2 domain (confidence level: 100%) | |
domainserverproxy-v2homes.life | magecart botnet C2 domain (confidence level: 100%) | |
domainpanel-alert-v1.homes | magecart botnet C2 domain (confidence level: 100%) | |
domainjs-stats.com | magecart botnet C2 domain (confidence level: 100%) | |
domaingooglsearchings.shop | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domaingooglsearchings.sbs | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domaingooglsearchings.online | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domaingooglsearchings.guru | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domaingooglsearchings.cfd | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domaingooglsearchings.art | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domainroyaltyfree.click | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domainroyaltyfree.pics | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domainsharethewebs.click | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domainsharethewebs.online | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domainsharethewebs.art | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domainroyaltyfree.quest | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domaingooglsearchings.click | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domaingooglsearchings.quest | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domaingooglsearchings.xyz | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domaingooglsearchings.wiki | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domaingooglsearchings.site | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domaintaymodel.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainroyaltyfree.cfd | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domainroyaltyfree.fun | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domainroyaltyfree.online | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domainroyaltyfree.site | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domainaccept.bar | magecart botnet C2 domain (confidence level: 100%) | |
domainamocha.xyz | magecart botnet C2 domain (confidence level: 100%) | |
domaincdn-webstats.com | magecart botnet C2 domain (confidence level: 100%) | |
domainclearnetfab.net | magecart botnet C2 domain (confidence level: 100%) | |
domainfallodick87-78.sbs | magecart botnet C2 domain (confidence level: 100%) | |
domaincd.iconstaff.top | magecart botnet C2 domain (confidence level: 100%) | |
domaincdn.iconstaff.top | magecart botnet C2 domain (confidence level: 100%) | |
domaincdn.inspectdlet.net | magecart botnet C2 domain (confidence level: 100%) | |
domainjqueryuslibs.com | magecart botnet C2 domain (confidence level: 100%) | |
domainjstatic201.com | magecart botnet C2 domain (confidence level: 100%) | |
domainlererikal.org | magecart botnet C2 domain (confidence level: 100%) | |
domainmamatmavali.ru | magecart botnet C2 domain (confidence level: 100%) | |
domainnothingillegal.bond | magecart botnet C2 domain (confidence level: 100%) | |
domainpaie-locli.com | magecart botnet C2 domain (confidence level: 100%) | |
domainsellerstat.site | magecart botnet C2 domain (confidence level: 100%) | |
domainstatsseo.com | magecart botnet C2 domain (confidence level: 100%) | |
domainstatstoday.org | magecart botnet C2 domain (confidence level: 100%) | |
domainvincaolet.xyz | magecart botnet C2 domain (confidence level: 100%) | |
domainwebexcelsior.org | magecart botnet C2 domain (confidence level: 100%) | |
domainadmin.capctha.world | Unknown malware payload delivery domain (confidence level: 100%) | |
domaincapctha.world | Unknown malware payload delivery domain (confidence level: 100%) | |
domaincurtainykeo.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainloodyswif.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainurtainykeo.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaininickypwk.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainickykiduz.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaineggelatez.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaininiatureyu.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainavorraiykj.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhoefeatthe.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainashyceehsu.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpoisonx.in | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainmicrosoft-onedrive.upgrade1.zip | Havoc botnet C2 domain (confidence level: 100%) | |
domainaccounts4.app-cloud.link | Havoc botnet C2 domain (confidence level: 100%) | |
domainwww.jvsov.top | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainhome789.no-ip.biz | NjRAT botnet C2 domain (confidence level: 50%) | |
domainother-little.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainwww.kposlifestyle.design | Remcos botnet C2 domain (confidence level: 50%) | |
domainmyskibiditoilet.zapto.org | XWorm botnet C2 domain (confidence level: 50%) | |
domainidentify-wpenglne.com | FAKEUPDATES payload delivery domain (confidence level: 75%) | |
domainavgus.rest | Vidar botnet C2 domain (confidence level: 100%) | |
domainelevenff11pn.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaineternitysystems.online | DCRat botnet C2 domain (confidence level: 100%) | |
domaincs55120.tw1.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainandre2tn.beget.tech | DCRat botnet C2 domain (confidence level: 100%) | |
domainmedicaljummtj.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintoppywook.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainburnwastefulke.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainshootmixxej.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainovertyfruitz.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainripehungryde.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainskatestringje.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainkiterexchangez.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincultureddirtys.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainproduceresov.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsupplyedtwoz.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincorruptedusz.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmotivatefaul.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainrifledford.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbreakfasutwy.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpriceygoveiuz.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwelcomeabjesu.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfascinatterz.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainoneb1pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainthretenb13vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainelevenb11vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainneinb9pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainneinb9vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintenb10vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintwelverb12vs.top | CryptBot botnet C2 domain (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file45.61.159.148 | DCRat botnet C2 server (confidence level: 50%) | |
file87.120.126.73 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file203.227.62.91 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.55.193.31 | Sliver botnet C2 server (confidence level: 100%) | |
file108.165.237.230 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file141.95.114.241 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file167.114.145.155 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.101.104.3 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file54.179.92.3 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file181.162.162.136 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file185.196.10.2 | Latrodectus botnet C2 server (confidence level: 75%) | |
file64.190.113.229 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file104.168.45.25 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file18.212.130.9 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file198.12.127.223 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file162.33.178.216 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file64.52.80.74 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file45.61.136.166 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file64.52.80.100 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file54.83.104.93 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.77.153.108 | ShadowPad botnet C2 server (confidence level: 90%) | |
file45.77.153.108 | ShadowPad botnet C2 server (confidence level: 90%) | |
file64.176.35.214 | ShadowPad botnet C2 server (confidence level: 90%) | |
file198.167.199.190 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file190.203.34.71 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file165.227.237.151 | Havoc botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file41.250.78.102 | Venom RAT botnet C2 server (confidence level: 100%) | |
file144.202.127.142 | Stealc botnet C2 server (confidence level: 100%) | |
file147.182.231.136 | Unknown malware botnet C2 server (confidence level: 100%) | |
file86.120.23.71 | Unknown malware botnet C2 server (confidence level: 100%) | |
file88.198.119.36 | Vidar botnet C2 server (confidence level: 100%) | |
file1.94.61.238 | Unknown malware botnet C2 server (confidence level: 100%) | |
file74.225.130.162 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.119.90.224 | Unknown malware botnet C2 server (confidence level: 100%) | |
file217.160.234.90 | Unknown malware botnet C2 server (confidence level: 100%) | |
file46.101.33.238 | Unknown malware botnet C2 server (confidence level: 100%) | |
file159.75.174.58 | Unknown malware botnet C2 server (confidence level: 100%) | |
file138.199.149.107 | Unknown malware botnet C2 server (confidence level: 100%) | |
file212.227.80.125 | Unknown malware botnet C2 server (confidence level: 100%) | |
file41.230.194.38 | QakBot botnet C2 server (confidence level: 100%) | |
file52.212.200.0 | Unknown malware botnet C2 server (confidence level: 50%) | |
file103.68.251.141 | DarkComet botnet C2 server (confidence level: 50%) | |
file154.91.4.5 | Unknown malware botnet C2 server (confidence level: 50%) | |
file181.50.73.64 | Unknown malware botnet C2 server (confidence level: 50%) | |
file116.203.11.8 | Vidar botnet C2 server (confidence level: 100%) | |
file47.128.167.72 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file178.255.222.6 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file94.232.40.32 | Latrodectus botnet C2 server (confidence level: 75%) | |
file124.70.134.194 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file212.34.147.3 | Remcos botnet C2 server (confidence level: 100%) | |
file121.199.10.233 | Sliver botnet C2 server (confidence level: 100%) | |
file5.252.178.185 | ShadowPad botnet C2 server (confidence level: 90%) | |
file144.217.36.75 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file88.243.168.51 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file39.100.75.168 | Unknown malware botnet C2 server (confidence level: 100%) | |
file79.241.99.57 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file77.105.147.74 | Unknown malware botnet C2 server (confidence level: 100%) | |
file85.239.54.99 | BianLian botnet C2 server (confidence level: 100%) | |
file93.123.109.39 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file91.193.19.109 | xmrig botnet C2 server (confidence level: 49%) | |
file50.18.195.138 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file195.177.92.88 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file217.69.2.169 | AMOS botnet C2 server (confidence level: 100%) | |
file52.73.20.0 | Unknown malware botnet C2 server (confidence level: 50%) | |
file89.117.109.189 | Sliver botnet C2 server (confidence level: 50%) | |
file165.22.91.195 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file72.5.43.162 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file23.247.130.245 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file148.135.86.38 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file207.148.121.17 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.134.148.115 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.120.60.180 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file49.232.65.225 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.180.144.115 | Unknown malware botnet C2 server (confidence level: 100%) | |
file173.44.139.179 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file31.58.169.105 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file31.58.169.105 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file91.191.213.118 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file87.120.116.169 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file188.127.247.213 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file188.127.247.213 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.113.97 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file67.219.111.218 | Unknown malware botnet C2 server (confidence level: 100%) | |
file195.133.51.108 | Havoc botnet C2 server (confidence level: 100%) | |
file198.12.127.223 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file54.162.3.167 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file185.77.174.191 | QakBot botnet C2 server (confidence level: 75%) | |
file155.138.225.144 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file157.230.12.133 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.174.101.126 | Remcos botnet C2 server (confidence level: 100%) | |
file212.34.147.3 | Remcos botnet C2 server (confidence level: 100%) | |
file107.155.93.118 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.149.241.217 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file13.208.43.151 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file35.76.114.8 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file110.42.252.7 | Sliver payload delivery server (confidence level: 50%) | |
file188.245.67.69 | Sliver payload delivery server (confidence level: 50%) | |
file103.57.130.241 | Nanocore RAT payload delivery server (confidence level: 50%) | |
file118.178.89.212 | Cobalt Strike payload delivery server (confidence level: 50%) | |
file173.249.54.213 | Unknown malware botnet C2 server (confidence level: 50%) | |
file13.208.63.232 | Unknown malware botnet C2 server (confidence level: 50%) | |
file147.185.221.24 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file147.185.221.24 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file194.180.48.18 | Remcos botnet C2 server (confidence level: 50%) | |
file123.60.183.172 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file164.215.103.82 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file157.230.12.133 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.221.5.207 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file95.214.234.153 | Remcos botnet C2 server (confidence level: 100%) | |
file104.243.35.241 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file109.199.101.109 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file91.191.213.118 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file154.12.229.73 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file84.32.188.164 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.12.142.154 | Unknown malware botnet C2 server (confidence level: 100%) | |
file113.44.50.33 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file3.70.183.47 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file209.151.154.69 | MimiKatz botnet C2 server (confidence level: 100%) | |
file115.120.246.236 | Viper RAT botnet C2 server (confidence level: 75%) | |
file149.104.30.51 | Viper RAT botnet C2 server (confidence level: 75%) | |
file149.28.157.236 | Sliver botnet C2 server (confidence level: 75%) | |
file197.0.15.67 | QakBot botnet C2 server (confidence level: 75%) | |
file34.42.9.169 | DanaBot botnet C2 server (confidence level: 75%) | |
file62.68.75.16 | Havoc botnet C2 server (confidence level: 75%) | |
file88.234.24.213 | QakBot botnet C2 server (confidence level: 75%) | |
file203.144.184.187 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file212.115.109.161 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file85.192.29.60 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file45.136.51.217 | Quasar RAT botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash1111 | DCRat botnet C2 server (confidence level: 50%) | |
hash8000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 75%) | |
hash80 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash4443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash80 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash80 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash80 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash1433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash19132 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash4099 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash21309 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash2080 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash17309 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash49152 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash1311 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash7547 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash35304 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash37777 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash44818 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash788 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash3631 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash5168 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash1912 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash2083 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash23066 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8636 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash33635 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash13401 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash24531 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash2222 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash2323 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8080 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash2456 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash10443 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash20935 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash65306 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash6362 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8081 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash50172 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash4444 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash17777 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash24312 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash10239 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash12226 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash1961 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash2087 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash2380 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash28498 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash42246 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash16993 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash49646 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash80 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash789 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash10814 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8443 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash22222 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash554 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash4541 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash16417 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash5433 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash12598 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash41700 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3553 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9205 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 100%) | |
hash834f137f9039041bccb4b414154a596c | Akira payload (confidence level: 50%) | |
hashb99bdb8880e4ef03727885ea50a4a2fc | Akira payload (confidence level: 50%) | |
hash73744280fb8e7db578c9303b7620fb16 | Unknown malware payload (confidence level: 50%) | |
hashc233aec7917cf34294c19dd60ff79a6e0fac5ed6f0cb57af98013c08201a7a1c | Unknown malware payload (confidence level: 50%) | |
hash66dbf939c00b09d8d22c692864b68c4a602e7a59c4b925b2e2bef57b1ad047bd | Unknown malware payload (confidence level: 50%) | |
hashdcf536edd67a98868759f4e72bcbd1f4404c70048a2a3257e77d8af06cb036ac | Unknown malware payload (confidence level: 50%) | |
hashb1ef7b267d887e34bf0242a94b38e7dc9fd5e6f8b2c5c440ce4ec98cc74642fb | Unknown malware payload (confidence level: 50%) | |
hash5226ea8e0f516565ba825a1bbed10020982c16414750237068b602c5b4ac6abd | Unknown malware payload (confidence level: 50%) | |
hashe622f3b743c7fc0a011b07a2e656aa2b5e50a4876721bcf1f405d582ca4cda22 | Unknown malware payload (confidence level: 50%) | |
hash20ed21bfdb7aa970b12e7368eba8e26a711752f1cc5416b6fd6629d0e2a44e5d | Unknown malware payload (confidence level: 50%) | |
hashdd15ce869aa79884753e3baad19b0437075202be86268b84f3ec2303e1ecd966 | Unknown malware payload (confidence level: 50%) | |
hash7e223a685d5324491bcacf3127869f9f3ec5d5100c5e7cb5af45a227e6ab4603 | Unknown malware payload (confidence level: 50%) | |
hash4949 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash9398 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8080 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash20000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash82 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash4000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5362 | BianLian botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash13333 | xmrig botnet C2 server (confidence level: 49%) | |
hash8444 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash1912 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash80 | AMOS botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash444 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6005 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9999 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash1433 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash2053 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2405 | Remcos botnet C2 server (confidence level: 100%) | |
hash8080 | Remcos botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash503 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash56549 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver payload delivery server (confidence level: 50%) | |
hash31337 | Sliver payload delivery server (confidence level: 50%) | |
hash54984 | Nanocore RAT payload delivery server (confidence level: 50%) | |
hash4434 | Cobalt Strike payload delivery server (confidence level: 50%) | |
hash4443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash4282 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash21180 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash4444 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash45265 | Remcos botnet C2 server (confidence level: 50%) | |
hash2443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Remcos botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash39635 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash2 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8000 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash60000 | Viper RAT botnet C2 server (confidence level: 75%) | |
hash60000 | Viper RAT botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | DanaBot botnet C2 server (confidence level: 75%) | |
hash40056 | Havoc botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash8594 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash6000 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash5173 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash5173 | Quasar RAT botnet C2 server (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://pbvtckjkrtht.top/ytzhzjlioddlyti4/ | Coper botnet C2 (confidence level: 100%) | |
urlhttp://175.148.157.145:47965/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttp://dckhgjimeghemhl.top/0obs5ktr2vhtr.php?id=vault&key=76127545828&s=527 | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://jejmbadfmeenlnk.top/tfm6euy09zhtr.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://canjjclmlnicbga.top/vo50gtns7dhtr.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://kmaealcfcalhcac.top/qzotx2r4w7htr.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://116.203.166.124 | Vidar botnet C2 (confidence level: 50%) | |
urlhttp://103.200.85.238:59852/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttps://maximu.sbs/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://88.198.119.36/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://106.53.83.169:60127/updates.rss | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://this-is-the.b-cdn.net/last/stage/verification/pass-this-step-to-continue.html | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttp://you-have-to-i.b-cdn.net/last/stage/verification/pass-this-step-to-continue.html | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://prpages.com/4e2e.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://prpages.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://lggknhaffleahbh.top/1.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://94.156.177.41/mars/five/pvqdq929bsx_a_d_m1n_a.php | LokiBot botnet C2 (confidence level: 50%) | |
urlhttps://77.83.175.91/69d96d770568584a.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttps://77.220.212.32/eb51242cada87444.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttp://154.216.20.246/f493d73b2e06dbd2/sqlite3.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://154.216.20.246/f493d73b2e06dbd2/mozglue.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttps://45.88.76.207/4b4e7c1351c9e2eb/sqlite3.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://147.45.44.190/dace046278f1f1ba/vcruntime140.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://147.45.44.190/dace046278f1f1ba/sqlite3.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://62.204.41.163/2c3d53f1da5ea53a/vcruntime140.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://5.188.86.231/20bec3f306af6847/vcruntime140.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://5.188.86.231/20bec3f306af6847/sqlite3.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://www.eautylab.fun/g10y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttps://taymodel.top/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://taymodel.top/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://taymodel.top/work/help.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://mffaccessories.com/debug.zip | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://www.milp.store/2j93/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttps://curtainykeo.lat/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://loodyswif.lat/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://urtainykeo.lat/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://inickypwk.lat/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://ickykiduz.lat/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://eggelatez.lat/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://iniatureyu.lat/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://avorraiykj.lat/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://hoefeatthe.lat/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://ashyceehsu.lat/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://www.se-online.net/g10y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.sertc.xyz/g10y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.aelo.xyz/g10y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.elax.xyz/g10y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttps://royaltyfree.click/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://116.203.11.8/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://fascinatterz.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://welcomeabjesu.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://priceygoveiuz.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://breakfasutwy.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://rifledford.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://motivatefaul.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://corruptedusz.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://supplyedtwoz.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://produceresov.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://cultureddirtys.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://kiterexchangez.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://skatestringje.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://ripehungryde.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://overtyfruitz.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://shootmixxej.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://burnwastefulke.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://medicaljummtj.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) |
Threat ID: 682c7dc2e8347ec82d2e094d
Added to database: 5/20/2025, 1:04:02 PM
Last enriched: 6/19/2025, 4:05:34 PM
Last updated: 11/26/2025, 5:33:04 PM
Views: 48
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
Microsoft Teams Flaw in Guest Chat Exposes Users to Malware Attacks
MediumMalwareWed Nov 26 2025
Fake Battlefield 6 Downloads Are Spreading Malware, Stealing Player Data
MediumMalwareWed Nov 26 2025
Inside DPRK's Fake Job Platform Targeting U.S. AI Talent
MediumMalwareWed Nov 26 2025
macOS Malware Deploys in Fake Job Scams
MediumMalwareWed Nov 26 2025
The 'Bear' attacks: what we learned about the phishing campaign targeting Russian organizations
MediumMalwareWed Nov 26 2025
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.