Skip to main content

ThreatFox IOCs for 2025-01-15

Medium
Published: Wed Jan 15 2025 (01/15/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-01-15

AI-Powered Analysis

AILast updated: 06/19/2025, 15:48:36 UTC

Technical Analysis

The provided threat intelligence pertains to a malware-related entry titled "ThreatFox IOCs for 2025-01-15," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The entry is categorized under "type:osint," indicating it is primarily an open-source intelligence report rather than a direct vulnerability or exploit targeting a specific product or version. No specific affected software versions or products are listed, and no Common Weakness Enumerations (CWEs) or patch links are provided. The technical details mention a threat level of 2 (on an unspecified scale), an analysis score of 1, and a distribution score of 3, suggesting moderate dissemination or visibility within threat intelligence communities. There are no known exploits in the wild associated with this malware, and no indicators of compromise (IOCs) are included in the data. The absence of detailed technical indicators, exploit information, or targeted products implies that this entry serves as a general alert or collection of IOCs rather than a description of a novel or active malware campaign. The "tlp:white" tag indicates that the information is not restricted and can be freely shared. Overall, this threat intelligence entry provides limited actionable technical detail but signals the presence of malware-related IOCs circulating as of January 15, 2025, which may be useful for security teams to incorporate into their detection and monitoring systems.

Potential Impact

Given the lack of specific affected products, versions, or detailed technical indicators, the direct impact of this threat on European organizations is difficult to quantify precisely. However, the presence of malware-related IOCs in open-source intelligence feeds suggests a potential for detection and mitigation of malware infections if these IOCs are integrated into security monitoring tools. The medium severity rating indicates a moderate risk level, possibly reflecting the malware's capability to affect confidentiality, integrity, or availability if successfully deployed. European organizations, especially those with mature security operations centers (SOCs) and threat intelligence capabilities, can leverage these IOCs to enhance their detection capabilities. However, without known active exploits or targeted campaigns, the immediate risk of widespread disruption or data compromise remains limited. The threat may be more relevant as part of a broader threat landscape monitoring effort rather than an urgent operational concern.

Mitigation Recommendations

1. Integrate the provided IOCs from ThreatFox into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities. 2. Continuously update threat intelligence feeds and ensure automated ingestion of OSINT sources like ThreatFox to maintain up-to-date situational awareness. 3. Conduct regular threat hunting exercises using the latest IOCs to identify potential infections or suspicious activities within the network. 4. Maintain robust endpoint protection solutions with behavioral detection capabilities to identify malware that may not yet be associated with known IOCs. 5. Educate security teams on the importance of OSINT sources and encourage collaboration with threat intelligence communities to share and validate emerging threats. 6. Since no patches or specific vulnerabilities are identified, focus on general best practices such as network segmentation, least privilege access, and timely incident response readiness to mitigate potential malware impacts.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
7decd11c-0ae5-4a6f-8e10-c3583c6f0296
Original Timestamp
1736986151

Indicators of Compromise

Domain

ValueDescriptionCopy
domainwebmail.wltstockinsights.com
Havoc botnet C2 domain (confidence level: 100%)
domaincpcontacts.wltstockinsights.com
Havoc botnet C2 domain (confidence level: 100%)
domaint11.wltstockinsights.com
Havoc botnet C2 domain (confidence level: 100%)
domainwltstockinsights.com
Havoc botnet C2 domain (confidence level: 100%)
domainwststis05.wltstockinsights.com
Havoc botnet C2 domain (confidence level: 100%)
domainwststis01.wltstockinsights.com
Havoc botnet C2 domain (confidence level: 100%)
domain365safemail.com
PlugX botnet C2 domain (confidence level: 100%)
domaindriveswindows.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainacc.upgrade1.zip
Havoc botnet C2 domain (confidence level: 100%)
domainvpn567288128.softether.net
Meduza Stealer botnet C2 domain (confidence level: 100%)
domainns3177629.ip-51-195-60.eu
Unknown malware botnet C2 domain (confidence level: 100%)
domainhi-tin.gl.at.ply.gg
NjRAT botnet C2 domain (confidence level: 75%)
domainhdebljjjfidlnec.top
FAKEUPDATES payload delivery domain (confidence level: 75%)
domaindlnelagmjgeaime.top
FAKEUPDATES payload delivery domain (confidence level: 75%)
domaindeecmnfemamgjed.top
FAKEUPDATES payload delivery domain (confidence level: 75%)
domainbot.tianyadd.top
Mirai botnet C2 domain (confidence level: 50%)
domainc0vid.ddns.net
Mirai botnet C2 domain (confidence level: 50%)
domaincrystalc2.duckdns.org
Mirai botnet C2 domain (confidence level: 50%)
domainkillbaidu.top
Mirai botnet C2 domain (confidence level: 50%)
domainrnyim-54-151-198-235.a.free.pinggy.link
Quasar RAT botnet C2 domain (confidence level: 50%)
domaintoolsbox.ydns.eu
Quasar RAT botnet C2 domain (confidence level: 50%)
domaintreeofwealth.freemyip.com
Remcos botnet C2 domain (confidence level: 50%)
domaintreeofwealthyz.freemyip.com
Remcos botnet C2 domain (confidence level: 50%)
domainfurniture-tray.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domainhink-ruth.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domainehjdilgfljdimkg.top
FAKEUPDATES payload delivery domain (confidence level: 75%)
domainmgubu48bnxi43.top
FAKEUPDATES payload delivery domain (confidence level: 75%)
domainlalclenfjhkinbn.top
FAKEUPDATES payload delivery domain (confidence level: 75%)
domainbusiness-activation.net
Havoc botnet C2 domain (confidence level: 100%)
domainweixe.ir
Unknown malware payload delivery domain (confidence level: 50%)
domaincf.r8.lc
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincf.r8.lc
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincf.r8.lc
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincf.r8.lc
Cobalt Strike botnet C2 domain (confidence level: 75%)

Url

ValueDescriptionCopy
urlhttps://captcha.nxgengames.com/printer_driver.exe
Unidentified 001 payload delivery URL (confidence level: 100%)
urlhttp://101.32.40.22/recaptcha-verify
Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://45.155.249.215/xxx.zip
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://maxcgi.com/25e.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://maxcgi.com/js.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://185.157.213.71/fakeurl.htm
NetSupportManager RAT botnet C2 (confidence level: 100%)
urlhttps://slippyhost.cfd/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://dainfiffxy.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://giftermelde.cfd/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://jumplilltk.cfd/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://sos-ch-gva-2.exo.io/instance-of/verification/proceeding-next-step-i.html
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttp://formoreup.xyz/675accab9dc953769e8622fb
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttp://sos-ch-gva-2.exo.io/instance-of/verification/you-have-to-pass-this-step-2.html
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttp://sos-ch-gva-2.exo.io/instance-of/verification/pass-this-step-to-continue-s5.html
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttp://sos-ch-gva-2.exo.io/instance-of/verification/have-to-pass-this-step-2.html
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttp://topspent.xyz/677e1aa102c4de8f78eaa3b3
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttp://sos-ch-gva-2.exo.io/instance-of/verification/pass-this-step-to-continue-s6.html
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttp://sos-ch-gva-2.exo.io/instance-of/verification/path-to-next-7.html
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttp://dealzforu.pro/6767b3ffc925390379d215c4
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttp://sos-ch-gva-2.exo.io/instance-of/verification/must-clear-this-check-rii.html
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttp://sos-ch-gva-2.exo.io/instance-of/verification/pass-to-continue-s7.html
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttp://sos-ch-gva-2.exo.io/instance-of/verification/path-to-next.html
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttp://202.131.82.167/
Hook botnet C2 (confidence level: 50%)
urlhttp://87.120.115.20/
Hook botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/4f8hydd7
DCRat botnet C2 (confidence level: 50%)
urlhttps://u1.grapplereturnunstamped.shop/sh_ujaf3.mp3
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://pastebin.com/raw/4yfeuscj
XWorm botnet C2 (confidence level: 50%)
urlhttp://www.hbvc.xyz/a01d/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ustonehuman.info/a01d/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.radantobin.photography/g49t/
Formbook botnet C2 (confidence level: 50%)

File

ValueDescriptionCopy
file161.35.127.139
Unidentified 001 payload delivery server (confidence level: 100%)
file51.21.41.165
Unidentified 001 payload delivery server (confidence level: 100%)
file101.32.40.22
Unidentified 001 payload delivery server (confidence level: 100%)
file51.21.41.165
Unknown malware payload delivery server (confidence level: 100%)
file103.79.120.92
PlugX botnet C2 server (confidence level: 100%)
file103.79.120.85
PlugX botnet C2 server (confidence level: 100%)
file38.180.251.217
FAKEUPDATES botnet C2 server (confidence level: 100%)
file45.77.54.219
Pink botnet C2 server (confidence level: 100%)
file181.206.158.190
AsyncRAT botnet C2 server (confidence level: 100%)
file62.60.229.89
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.117.120.68
Cobalt Strike botnet C2 server (confidence level: 100%)
file37.27.220.239
DarkComet botnet C2 server (confidence level: 100%)
file138.68.81.155
Remcos botnet C2 server (confidence level: 100%)
file49.113.79.4
Unknown malware botnet C2 server (confidence level: 100%)
file152.250.38.80
Quasar RAT botnet C2 server (confidence level: 100%)
file94.247.42.205
Quasar RAT botnet C2 server (confidence level: 100%)
file43.129.40.31
Havoc botnet C2 server (confidence level: 100%)
file209.38.254.182
Havoc botnet C2 server (confidence level: 100%)
file130.164.189.158
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file52.38.129.113
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file45.136.196.76
Meduza Stealer botnet C2 server (confidence level: 100%)
file185.142.53.190
Bashlite botnet C2 server (confidence level: 100%)
file104.200.73.216
BianLian botnet C2 server (confidence level: 100%)
file147.185.221.25
NjRAT botnet C2 server (confidence level: 75%)
file18.157.68.73
NjRAT botnet C2 server (confidence level: 75%)
file18.197.239.5
NjRAT botnet C2 server (confidence level: 75%)
file3.127.138.57
NjRAT botnet C2 server (confidence level: 75%)
file18.156.13.209
NjRAT botnet C2 server (confidence level: 75%)
file3.126.37.18
NjRAT botnet C2 server (confidence level: 75%)
file18.157.68.73
NjRAT botnet C2 server (confidence level: 75%)
file18.192.93.86
NjRAT botnet C2 server (confidence level: 75%)
file101.99.92.189
Nanocore RAT botnet C2 server (confidence level: 100%)
file139.224.33.120
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.64.230.51
Cobalt Strike botnet C2 server (confidence level: 100%)
file87.120.112.98
Remcos botnet C2 server (confidence level: 100%)
file185.157.162.126
Remcos botnet C2 server (confidence level: 100%)
file1.13.164.84
Unknown malware botnet C2 server (confidence level: 100%)
file175.178.123.40
Unknown malware botnet C2 server (confidence level: 100%)
file141.95.114.243
AsyncRAT botnet C2 server (confidence level: 100%)
file84.32.231.185
AsyncRAT botnet C2 server (confidence level: 100%)
file87.120.125.253
AsyncRAT botnet C2 server (confidence level: 100%)
file95.216.85.167
AsyncRAT botnet C2 server (confidence level: 100%)
file212.51.144.135
Unknown malware botnet C2 server (confidence level: 100%)
file78.141.215.185
Unknown malware botnet C2 server (confidence level: 100%)
file105.155.232.51
Venom RAT botnet C2 server (confidence level: 100%)
file105.155.232.51
Venom RAT botnet C2 server (confidence level: 100%)
file105.155.232.51
Venom RAT botnet C2 server (confidence level: 100%)
file105.155.232.51
Venom RAT botnet C2 server (confidence level: 100%)
file54.150.26.198
Brute Ratel C4 botnet C2 server (confidence level: 100%)
file168.100.11.184
Unknown malware botnet C2 server (confidence level: 75%)
file87.121.86.130
MooBot botnet C2 server (confidence level: 100%)
file86.107.101.94
BianLian botnet C2 server (confidence level: 100%)
file106.75.145.218
Unknown malware botnet C2 server (confidence level: 100%)
file128.140.56.103
Unknown malware botnet C2 server (confidence level: 100%)
file16.171.227.23
Unknown malware botnet C2 server (confidence level: 100%)
file217.15.161.80
Unknown malware botnet C2 server (confidence level: 100%)
file23.22.97.251
Unknown malware botnet C2 server (confidence level: 100%)
file172.187.169.46
Unknown malware botnet C2 server (confidence level: 100%)
file35.195.47.66
Unknown malware botnet C2 server (confidence level: 100%)
file3.21.238.4
Unknown malware botnet C2 server (confidence level: 100%)
file54.68.48.57
Unknown malware botnet C2 server (confidence level: 100%)
file13.237.105.168
Unknown malware botnet C2 server (confidence level: 100%)
file202.10.41.155
Unknown malware botnet C2 server (confidence level: 100%)
file45.32.149.76
Unknown malware botnet C2 server (confidence level: 100%)
file34.253.153.63
Unknown malware botnet C2 server (confidence level: 100%)
file49.13.90.175
Unknown malware botnet C2 server (confidence level: 100%)
file106.54.48.60
Unknown malware botnet C2 server (confidence level: 100%)
file83.147.19.133
Unknown malware botnet C2 server (confidence level: 100%)
file3.110.87.34
Unknown malware botnet C2 server (confidence level: 100%)
file142.11.227.160
Cobalt Strike botnet C2 server (confidence level: 50%)
file162.244.24.30
Cobalt Strike botnet C2 server (confidence level: 50%)
file3.108.53.155
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file3.138.201.5
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file174.77.180.50
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file121.89.205.206
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file103.164.76.42
Sliver botnet C2 server (confidence level: 50%)
file45.154.98.181
AsyncRAT botnet C2 server (confidence level: 50%)
file45.74.4.14
DarkComet botnet C2 server (confidence level: 50%)
file94.98.225.30
Poison Ivy botnet C2 server (confidence level: 50%)
file193.218.118.148
Unknown malware botnet C2 server (confidence level: 50%)
file139.196.181.1
Cobalt Strike botnet C2 server (confidence level: 100%)
file120.46.60.126
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.35.45.108
Cobalt Strike botnet C2 server (confidence level: 100%)
file112.21.124.242
Cobalt Strike botnet C2 server (confidence level: 100%)
file150.109.116.156
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.71.205.153
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.130.134.35
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.143.235.189
Cobalt Strike botnet C2 server (confidence level: 100%)
file140.82.63.209
pupy botnet C2 server (confidence level: 100%)
file139.162.184.152
Sliver botnet C2 server (confidence level: 100%)
file47.238.99.93
Sliver botnet C2 server (confidence level: 100%)
file85.31.47.56
AsyncRAT botnet C2 server (confidence level: 100%)
file158.220.83.114
AsyncRAT botnet C2 server (confidence level: 100%)
file31.58.169.195
AsyncRAT botnet C2 server (confidence level: 100%)
file31.58.169.195
AsyncRAT botnet C2 server (confidence level: 100%)
file43.134.28.242
Unknown malware botnet C2 server (confidence level: 100%)
file154.216.20.177
Quasar RAT botnet C2 server (confidence level: 100%)
file13.208.209.19
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file13.208.209.19
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file13.208.209.19
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file147.182.139.208
Brute Ratel C4 botnet C2 server (confidence level: 75%)
file154.29.138.84
DeimosC2 botnet C2 server (confidence level: 75%)
file185.101.38.7
Havoc botnet C2 server (confidence level: 75%)
file70.31.125.226
QakBot botnet C2 server (confidence level: 75%)
file18.157.68.73
NjRAT botnet C2 server (confidence level: 75%)
file20.8.18.90
Unknown malware botnet C2 server (confidence level: 75%)
file64.52.80.94
Meduza Stealer botnet C2 server (confidence level: 75%)
file80.76.49.97
Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20
Sliver botnet C2 server (confidence level: 75%)
file35.77.10.21
Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13
Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7
Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21
Cobalt Strike botnet C2 server (confidence level: 75%)
file45.77.46.13
Havoc botnet C2 server (confidence level: 75%)
file5.78.85.47
Havoc botnet C2 server (confidence level: 75%)
file62.68.75.16
Havoc botnet C2 server (confidence level: 75%)
file66.42.98.90
pupy botnet C2 server (confidence level: 75%)
file45.39.199.206
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.37.23.44
Cobalt Strike botnet C2 server (confidence level: 100%)
file65.38.121.138
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.36.112.223
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.153.144.78
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.8.177.102
Cobalt Strike botnet C2 server (confidence level: 100%)
file87.120.114.31
Remcos botnet C2 server (confidence level: 100%)
file154.221.24.148
Sliver botnet C2 server (confidence level: 100%)
file154.92.19.71
Unknown malware botnet C2 server (confidence level: 100%)
file128.90.122.153
AsyncRAT botnet C2 server (confidence level: 100%)
file116.100.113.150
AsyncRAT botnet C2 server (confidence level: 100%)
file85.31.47.149
AsyncRAT botnet C2 server (confidence level: 100%)
file87.120.125.253
AsyncRAT botnet C2 server (confidence level: 100%)
file51.84.67.174
Unknown malware botnet C2 server (confidence level: 100%)
file102.117.175.249
Unknown malware botnet C2 server (confidence level: 100%)
file79.107.204.206
Unknown malware botnet C2 server (confidence level: 100%)
file79.107.204.206
Unknown malware botnet C2 server (confidence level: 100%)
file79.107.204.206
Unknown malware botnet C2 server (confidence level: 100%)
file79.107.204.206
Unknown malware botnet C2 server (confidence level: 100%)
file79.107.204.206
Unknown malware botnet C2 server (confidence level: 100%)
file79.107.204.206
Unknown malware botnet C2 server (confidence level: 100%)
file79.107.204.206
Unknown malware botnet C2 server (confidence level: 100%)
file79.107.204.206
Unknown malware botnet C2 server (confidence level: 100%)
file79.107.204.206
Unknown malware botnet C2 server (confidence level: 100%)
file79.107.204.206
Unknown malware botnet C2 server (confidence level: 100%)
file79.107.204.206
Unknown malware botnet C2 server (confidence level: 100%)
file79.107.204.206
Unknown malware botnet C2 server (confidence level: 100%)
file79.107.204.206
Unknown malware botnet C2 server (confidence level: 100%)
file79.107.204.206
Unknown malware botnet C2 server (confidence level: 100%)
file79.107.204.206
Unknown malware botnet C2 server (confidence level: 100%)
file79.107.204.206
Unknown malware botnet C2 server (confidence level: 100%)
file79.107.204.206
Unknown malware botnet C2 server (confidence level: 100%)
file79.107.204.206
Unknown malware botnet C2 server (confidence level: 100%)
file79.107.204.206
Unknown malware botnet C2 server (confidence level: 100%)
file79.107.204.206
Unknown malware botnet C2 server (confidence level: 100%)
file79.107.204.206
Unknown malware botnet C2 server (confidence level: 100%)
file79.107.204.206
Unknown malware botnet C2 server (confidence level: 100%)
file79.107.204.206
Unknown malware botnet C2 server (confidence level: 100%)
file178.20.209.25
Hook botnet C2 server (confidence level: 100%)
file45.63.1.122
Stealc botnet C2 server (confidence level: 100%)
file62.210.28.199
BianLian botnet C2 server (confidence level: 100%)
file87.121.86.6
Remcos botnet C2 server (confidence level: 75%)
file185.196.10.242
Remcos botnet C2 server (confidence level: 100%)
file172.94.9.167
Remcos botnet C2 server (confidence level: 100%)
file172.94.9.68
AsyncRAT botnet C2 server (confidence level: 100%)
file8.219.86.28
Havoc botnet C2 server (confidence level: 100%)
file79.110.49.164
Sliver botnet C2 server (confidence level: 50%)
file178.217.169.232
Sliver botnet C2 server (confidence level: 50%)
file181.64.27.115
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file44.244.120.160
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file45.77.129.134
Xtreme RAT botnet C2 server (confidence level: 50%)
file108.181.251.57
Xtreme RAT botnet C2 server (confidence level: 50%)
file13.36.240.203
BlackShades botnet C2 server (confidence level: 50%)
file54.202.22.196
BlackShades botnet C2 server (confidence level: 50%)
file142.11.227.160
Cobalt Strike botnet C2 server (confidence level: 50%)
file154.64.231.1
Cobalt Strike botnet C2 server (confidence level: 50%)
file3.108.211.207
Unknown malware botnet C2 server (confidence level: 50%)
file20.189.117.246
Cobalt Strike botnet C2 server (confidence level: 100%)
file106.75.247.91
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.205.28.16
Cobalt Strike botnet C2 server (confidence level: 100%)
file117.72.118.156
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.133.241.202
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.153.97.202
Cobalt Strike botnet C2 server (confidence level: 100%)
file110.41.2.207
Cobalt Strike botnet C2 server (confidence level: 75%)
file122.51.255.185
Cobalt Strike botnet C2 server (confidence level: 75%)
file149.28.23.91
Cobalt Strike botnet C2 server (confidence level: 75%)
file154.83.12.115
Cobalt Strike botnet C2 server (confidence level: 75%)
file159.65.212.71
Cobalt Strike botnet C2 server (confidence level: 75%)
file175.24.234.176
Cobalt Strike botnet C2 server (confidence level: 75%)
file20.5.43.62
Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50
Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19
Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63
Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63
Cobalt Strike botnet C2 server (confidence level: 75%)
file67.205.174.37
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.198.49.14
Unknown malware botnet C2 server (confidence level: 100%)
file54.39.233.87
AsyncRAT botnet C2 server (confidence level: 100%)
file45.95.233.86
AsyncRAT botnet C2 server (confidence level: 100%)
file176.126.114.68
AsyncRAT botnet C2 server (confidence level: 100%)
file45.202.35.12
AsyncRAT botnet C2 server (confidence level: 100%)
file134.122.169.74
Hook botnet C2 server (confidence level: 100%)
file185.223.31.253
Quasar RAT botnet C2 server (confidence level: 100%)
file35.93.4.251
Havoc botnet C2 server (confidence level: 100%)
file181.235.12.51
DCRat botnet C2 server (confidence level: 100%)
file35.183.128.122
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file35.183.128.122
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file35.183.128.122
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file151.236.22.19
BianLian botnet C2 server (confidence level: 100%)
file104.225.129.101
BianLian botnet C2 server (confidence level: 100%)
file117.24.3.182
DeimosC2 botnet C2 server (confidence level: 75%)
file13.36.240.203
NetSupportManager RAT botnet C2 server (confidence level: 75%)
file176.44.116.109
QakBot botnet C2 server (confidence level: 75%)
file189.140.71.105
QakBot botnet C2 server (confidence level: 75%)
file45.207.215.229
Viper RAT botnet C2 server (confidence level: 75%)

Hash

ValueDescriptionCopy
hash80
Unidentified 001 payload delivery server (confidence level: 100%)
hash80
Unidentified 001 payload delivery server (confidence level: 100%)
hash80
Unidentified 001 payload delivery server (confidence level: 100%)
hash443
Unknown malware payload delivery server (confidence level: 100%)
hash443
PlugX botnet C2 server (confidence level: 100%)
hash443
PlugX botnet C2 server (confidence level: 100%)
hash443
FAKEUPDATES botnet C2 server (confidence level: 100%)
hash30899
Pink botnet C2 server (confidence level: 100%)
hash8000
AsyncRAT botnet C2 server (confidence level: 100%)
hash1201
Cobalt Strike botnet C2 server (confidence level: 100%)
hash13000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash3000
DarkComet botnet C2 server (confidence level: 100%)
hash4200
Remcos botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash5000
Quasar RAT botnet C2 server (confidence level: 100%)
hash3577
Quasar RAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash27637
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
Meduza Stealer botnet C2 server (confidence level: 100%)
hash80
Bashlite botnet C2 server (confidence level: 100%)
hash3389
BianLian botnet C2 server (confidence level: 100%)
hash14413
NjRAT botnet C2 server (confidence level: 75%)
hash14206
NjRAT botnet C2 server (confidence level: 75%)
hash14206
NjRAT botnet C2 server (confidence level: 75%)
hash14206
NjRAT botnet C2 server (confidence level: 75%)
hash18768
NjRAT botnet C2 server (confidence level: 75%)
hash18768
NjRAT botnet C2 server (confidence level: 75%)
hash18768
NjRAT botnet C2 server (confidence level: 75%)
hash18768
NjRAT botnet C2 server (confidence level: 75%)
hash3202
Nanocore RAT botnet C2 server (confidence level: 100%)
hash20001
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash1994
Remcos botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash4444
AsyncRAT botnet C2 server (confidence level: 100%)
hash222
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash4327
Venom RAT botnet C2 server (confidence level: 100%)
hash39910
Venom RAT botnet C2 server (confidence level: 100%)
hash2375
Venom RAT botnet C2 server (confidence level: 100%)
hash4000
Venom RAT botnet C2 server (confidence level: 100%)
hash80
Brute Ratel C4 botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 75%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash80
BianLian botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash1333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash9205
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash80
Cobalt Strike botnet C2 server (confidence level: 50%)
hash5938
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash13
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash8574
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash60129
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash444
AsyncRAT botnet C2 server (confidence level: 50%)
hash16008
DarkComet botnet C2 server (confidence level: 50%)
hash3460
Poison Ivy botnet C2 server (confidence level: 50%)
hash21
Unknown malware botnet C2 server (confidence level: 50%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash7777
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash7777
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2095
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash42333
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
pupy botnet C2 server (confidence level: 100%)
hash31337
Sliver botnet C2 server (confidence level: 100%)
hash8880
Sliver botnet C2 server (confidence level: 100%)
hash7777
AsyncRAT botnet C2 server (confidence level: 100%)
hash1000
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash6000
Quasar RAT botnet C2 server (confidence level: 100%)
hash3000
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash5900
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash40600
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443
Brute Ratel C4 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
Havoc botnet C2 server (confidence level: 75%)
hash2222
QakBot botnet C2 server (confidence level: 75%)
hash13018
NjRAT botnet C2 server (confidence level: 75%)
hash80
Unknown malware botnet C2 server (confidence level: 75%)
hash80
Meduza Stealer botnet C2 server (confidence level: 75%)
hash80
Meduza Stealer botnet C2 server (confidence level: 75%)
hash80
Sliver botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
Havoc botnet C2 server (confidence level: 75%)
hash80
Havoc botnet C2 server (confidence level: 75%)
hash80
Havoc botnet C2 server (confidence level: 75%)
hash53
pupy botnet C2 server (confidence level: 75%)
hash7777
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash7500
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash28080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash21035
Remcos botnet C2 server (confidence level: 100%)
hash8443
Sliver botnet C2 server (confidence level: 100%)
hash39988
Unknown malware botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash2222
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8020
Unknown malware botnet C2 server (confidence level: 100%)
hash13106
Unknown malware botnet C2 server (confidence level: 100%)
hash18214
Unknown malware botnet C2 server (confidence level: 100%)
hash20546
Unknown malware botnet C2 server (confidence level: 100%)
hash22168
Unknown malware botnet C2 server (confidence level: 100%)
hash37030
Unknown malware botnet C2 server (confidence level: 100%)
hash4840
Unknown malware botnet C2 server (confidence level: 100%)
hash7170
Unknown malware botnet C2 server (confidence level: 100%)
hash38093
Unknown malware botnet C2 server (confidence level: 100%)
hash46260
Unknown malware botnet C2 server (confidence level: 100%)
hash58309
Unknown malware botnet C2 server (confidence level: 100%)
hash2052
Unknown malware botnet C2 server (confidence level: 100%)
hash26130
Unknown malware botnet C2 server (confidence level: 100%)
hash37400
Unknown malware botnet C2 server (confidence level: 100%)
hash6009
Unknown malware botnet C2 server (confidence level: 100%)
hash6744
Unknown malware botnet C2 server (confidence level: 100%)
hash9072
Unknown malware botnet C2 server (confidence level: 100%)
hash11300
Unknown malware botnet C2 server (confidence level: 100%)
hash34305
Unknown malware botnet C2 server (confidence level: 100%)
hash49592
Unknown malware botnet C2 server (confidence level: 100%)
hash56812
Unknown malware botnet C2 server (confidence level: 100%)
hash21
Unknown malware botnet C2 server (confidence level: 100%)
hash103
Unknown malware botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash80
Stealc botnet C2 server (confidence level: 100%)
hash443
BianLian botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 75%)
hash2408
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash1994
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash8406
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash873
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 50%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 50%)
hash15
BlackShades botnet C2 server (confidence level: 50%)
hash11112
BlackShades botnet C2 server (confidence level: 50%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Unknown malware botnet C2 server (confidence level: 50%)
hash1132
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8090
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash88
Cobalt Strike botnet C2 server (confidence level: 100%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash2053
Cobalt Strike botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash81
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
AsyncRAT botnet C2 server (confidence level: 100%)
hash8082
Hook botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash80
Havoc botnet C2 server (confidence level: 100%)
hash8090
DCRat botnet C2 server (confidence level: 100%)
hash2000
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash5900
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash58000
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash3375
BianLian botnet C2 server (confidence level: 100%)
hash63618
BianLian botnet C2 server (confidence level: 100%)
hash3c33aa8d1b962ec6a107897d80d34a5d0b99899e
Unknown malware payload (confidence level: 50%)
hash0339415f8f3e2b1eb6b24ed08c3a311210893a6e
Unknown malware payload (confidence level: 50%)
hash95c8073cc4d8b80ceddb8384977ddc7bbcb30d8c
Unknown malware payload (confidence level: 50%)
hash12fda6d480166d8e98294745de1cfdcf52dbfa41
Unknown malware payload (confidence level: 50%)
hash08b30f5ffa490e15fb3735d69545c67392ea24e9
Unknown malware payload (confidence level: 50%)
hashc8b8bd5384eff0fe3a3a0af82c378f620b7dc625
Unknown malware payload (confidence level: 50%)
hash4505
DeimosC2 botnet C2 server (confidence level: 75%)
hash9142
NetSupportManager RAT botnet C2 server (confidence level: 75%)
hash995
QakBot botnet C2 server (confidence level: 75%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash60000
Viper RAT botnet C2 server (confidence level: 75%)

Threat ID: 682c7dc2e8347ec82d2e0279

Added to database: 5/20/2025, 1:04:02 PM

Last enriched: 6/19/2025, 3:48:36 PM

Last updated: 8/13/2025, 4:40:39 PM

Views: 12

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats