ThreatFox IOCs for 2025-01-21

Severity: mediumType: malware

AI Analysis

Technical Summary

The provided information pertains to a set of Indicators of Compromise (IOCs) published by ThreatFox on January 21, 2025, categorized under malware with a focus on OSINT (Open Source Intelligence). The data appears to be a collection of threat intelligence indicators rather than a specific malware sample or vulnerability affecting particular software versions. The threat level is indicated as 2 on an unspecified scale, with a medium severity rating assigned. The technical details suggest moderate distribution (level 3) but low analysis and threat levels (1 and 2 respectively), implying that while the indicators are being disseminated, the threat actor's capabilities or the malware's sophistication may be limited or not fully understood. No affected product versions or patch information is provided, and there are no known exploits in the wild associated with these IOCs at this time. The absence of CWEs and specific attack vectors further indicates that this is primarily an intelligence report rather than a direct vulnerability or exploit. The tags classify this as OSINT-related, and the TLP (Traffic Light Protocol) is white, meaning the information is intended for public sharing without restriction. Overall, this threat intelligence release serves as an early warning or situational awareness tool for organizations to recognize potential malicious activity patterns but does not describe an active or imminent exploit scenario.

Potential Impact

For European organizations, the direct impact of these ThreatFox IOCs is currently limited due to the lack of known active exploits or targeted vulnerabilities. However, the dissemination of these IOCs can aid threat detection and response teams in identifying malicious activity early, potentially preventing future compromises. Since the indicators are related to malware and OSINT, organizations involved in critical infrastructure, finance, government, and technology sectors should remain vigilant as these sectors are common targets for malware campaigns leveraging OSINT for reconnaissance and attack planning. The medium severity rating suggests a moderate risk level, primarily from the potential use of these indicators by threat actors to craft targeted attacks. The absence of specific affected products or versions reduces the immediate risk of widespread disruption but does not eliminate the possibility of targeted intrusions using these IOCs as part of a broader attack chain. European entities with mature security operations centers (SOCs) can leverage this intelligence to enhance their detection capabilities, while less prepared organizations may face increased risk if they cannot effectively integrate and act upon such threat intelligence.

Mitigation Recommendations

1. Integrate the provided ThreatFox IOCs into existing threat intelligence platforms and Security Information and Event Management (SIEM) systems to enable automated detection and alerting on related indicators. 2. Conduct proactive threat hunting exercises using these IOCs to identify any signs of compromise or reconnaissance activity within the network. 3. Enhance monitoring of network traffic and endpoint behavior for anomalies that correlate with the indicators, focusing on malware-related activity patterns. 4. Educate security teams on the nature of OSINT-based threats and the importance of timely intelligence sharing to improve response times. 5. Collaborate with national and European cybersecurity information sharing organizations (e.g., ENISA, CERT-EU) to contextualize these IOCs within broader threat landscapes and receive updated intelligence. 6. Regularly update and patch all systems and software, even though no specific vulnerabilities are identified here, to reduce the attack surface for potential malware leveraging OSINT data. 7. Implement strict access controls and network segmentation to limit lateral movement if an intrusion is detected. 8. Establish incident response plans that include procedures for handling malware infections and intelligence-driven alerts.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium, Sweden, Finland

Indicators of Compromise

domain: solve.xtxy.org
url: https://solve.xtxy.org/awjsx.captcha
file: 195.177.92.71
hash: 4258
url: https://kpl-gun77dan.com/ghp/
file: 88.119.165.46
hash: 80
file: 120.76.193.57
hash: 443
file: 82.156.191.68
hash: 443
file: 172.111.139.188
hash: 2404
file: 181.130.8.144
hash: 2404
domain: at-port.net
domain: gotoolinks.org
file: 66.55.74.235
hash: 1000
file: 181.235.145.203
hash: 8888
file: 172.111.250.17
hash: 2403
file: 123.11.255.4
hash: 5873
file: 128.90.122.163
hash: 5555
file: 71.77.229.216
hash: 2222
file: 141.95.114.244
hash: 7707
file: 171.226.86.170
hash: 8808
file: 18.170.59.177
hash: 8082
domain: panel.zackaria.net
domain: pagesupport-activation.net
file: 46.246.80.11
hash: 9090
file: 52.67.181.124
hash: 2
file: 13.214.178.210
hash: 554
file: 3.113.172.92
hash: 80
file: 13.112.66.0
hash: 80
file: 158.178.235.53
hash: 8088
file: 154.213.189.132
hash: 80
file: 181.73.20.67
hash: 8080
url: http://59.184.248.201:44147/mozi.m
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 104.248.130.195
hash: 81
file: 104.248.130.195
hash: 82
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
url: https://covery-mover.biz/api
url: https://dare-curbys.biz/api
url: https://dwell-exclaim.biz/api
url: https://formy-spill.biz/api
url: https://impend-differ.biz/api
url: https://print-vexer.biz/api
url: https://se-blurry.biz/api
url: https://zinc-sneark.biz/api
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 113.250.188.15
hash: 8758
file: 194.102.104.25
hash: 1337
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 47.113.217.92
hash: 18888
file: 20.2.220.82
hash: 55502
file: 68.183.234.239
hash: 28080
domain: online-veiligdoorverbinden.com
domain: indiana317.com
domain: ledger-manage.com
domain: p2fverifynow.com
file: 192.3.146.145
hash: 14645
file: 176.100.36.135
hash: 443
file: 45.141.86.26
hash: 4443
file: 95.163.176.80
hash: 8082
file: 194.59.31.235
hash: 80
file: 213.176.94.228
hash: 80
file: 94.237.91.20
hash: 443
file: 102.96.215.117
hash: 443
file: 217.144.185.198
hash: 51106
file: 89.46.235.60
hash: 8443
file: 85.239.54.99
hash: 23443
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
domain: ec2-18-183-60-128.ap-northeast-1.compute.amazonaws.com
domain: www.receive.llc
file: 82.166.159.58
hash: 443
file: 194.60.201.16
hash: 3388
file: 185.135.195.4
hash: 3333
file: 3.124.25.236
hash: 443
file: 139.59.84.190
hash: 3333
file: 34.101.237.204
hash: 3333
file: 89.251.134.46
hash: 3333
file: 154.53.160.55
hash: 3333
file: 181.32.61.238
hash: 8080
file: 138.197.50.3
hash: 443
file: 13.235.172.221
hash: 80
file: 52.43.67.6
hash: 80
file: 174.138.92.250
hash: 80
file: 174.138.92.250
hash: 443
file: 35.167.94.35
hash: 80
file: 18.254.46.215
hash: 3333
file: 62.68.75.16
hash: 80
file: 89.247.50.29
hash: 80
file: 155.248.216.246
hash: 8083
file: 206.189.190.139
hash: 31337
file: 161.35.164.134
hash: 31337
file: 52.43.67.6
hash: 80
file: 54.68.48.57
hash: 80
url: https://185.219.81.135/c708352984fb7ac0.php
url: https://185.219.81.135/7ea00b0801a6fd7e.php
url: https://185.219.81.132/1089481c07d09d21.php
url: https://abnomrmakio.cyou/api
url: http://213.176.94.228/
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
domain: letsago.freemyip.com
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 31.57.243.64
hash: 6606
file: 31.57.243.64
hash: 7707
file: 31.57.243.64
hash: 8808
domain: youngsweays.my
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
domain: contractsmell.cyou
domain: yokecarvekio.cyou
domain: craveinjuur.shop
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
domain: floratrans.live
file: 212.22.82.118
hash: 6963
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
url: https://steamcommunity.com/profiles/76561199819539662
url: https://t.me/sc1phell
url: https://lfissrtg.rest/
url: https://ijthear.cyou/
url: https://95.217.240.67/
domain: lfissrtg.rest
domain: ijthear.cyou
file: 95.217.240.67
hash: 443
file: 88.99.120.106
hash: 443
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 82.156.191.68
hash: 80
domain: entrarviaverde.com
domain: pitchbookfinance.co
file: 154.216.18.232
hash: 5050
file: 23.226.54.80
hash: 31337
file: 23.226.54.84
hash: 31337
file: 47.90.208.22
hash: 8888
file: 128.90.122.163
hash: 8808
domain: floratechnology.live
file: 192.142.18.78
hash: 443
file: 54.203.151.9
hash: 7134
file: 165.140.85.87
hash: 4098
domain: bitcoin4u.store
domain: alibababet.space
domain: rtpneraca69.site
domain: firstcoltd.com
domain: dirtysocks.phd
domain: cpcalendars.firstcoltd.com
domain: mail.firstcoltd.com
domain: floratechnology.live
file: 18.159.133.90
hash: 80
file: 217.119.129.21
hash: 443
file: 92.255.57.30
hash: 443
domain: demeijer.cfd
domain: praanic.cfd
hash: 03b0c70a40ff259cf9b413ec276f059b
hash: 15437d1d161c4165681432bb9dfcacbe
hash: 18080dba3e9e24bc25b6f5add57c54bd
hash: 209ee1488dc08e52dc2d62c8af9868e6
hash: 23555bde38a454e60882b0d00a05427b
hash: 28b5e64c4a2e64cf4043c52e219e03b1
hash: 314287ede34f29710d8ce943513ece5d
hash: 38df0cfb3cc4cc1a06d97e84dc0c7147
hash: 39fc9dd3a31d2a3f0cdbeb88d4cbfa36
hash: 3ba4f1027bb2d09ff59ae99c19231f23
hash: 3d7c6657d142418af70e66a7036f3c23
hash: 441de21366e408885ca51964a811b2ae
hash: 5806438c0c66f97413371ba17a0af393
hash: 5b8c06079f552b1f4e4f1ef4ba2255d8
hash: 6ccdbdb9fa02780c8fb433a0b8101c01
hash: 6d4f3e79546ca0284b8e53674752311d
hash: 761679c1af3ed5fcce83ca1382f6f3ab
hash: 76c3bfcb5c468c4ff1f33f9d08cf0924
hash: 7716cde6eedb3e7758b5d72811e79476
hash: 7913576ca7a294209ec672d379602404
hash: 7abed7f8d7caddb70a8d2dac9d12fb44
hash: 7da5f162dd91a4821996f047841d1042
hash: 86bc7b19a0a06abe56da2d82123a0585
hash: 9587401557ed606a74f50150c038a942
hash: 986aa0b997111206227f724318da57e9
hash: 9c5bba77b7e48a1c4ee5488599c243e1
hash: b0632d5a9d371aaba82f8eeea48156ee
hash: b3b3aef6d7fa1a06b8564e4ba57887fe
hash: b6e087f86a98d3089a0408b6c18a898c
hash: be9998902ea7d6b475590234af0cf63d
hash: c153ea07e607d0d5fe6e5ad7896d5045
hash: c45dc71e59738f58fd2deb93c1a68899
hash: c6d6b0d8283078e3b3729d66ce8a3cb6
hash: cacc96d43fccbbbc39bcb4a1ccd306dd
hash: cb2b195d9d42ad5a4214436a5043c544
hash: ce7f907128a600429eb711d184d0d354
hash: dbf8a3a4e6c7c59d8f4c01b6eb1f79b5
hash: e357e6cd642c8660e4d37c28325f5b47
hash: f1194fca000bbc9e11d611722a99311b
hash: f878118557e54549e3dedd4d119463ef
domain: awake-weaves.cyou
domain: sordid-snaked.cyou
url: https://lev-tolstoi.com/api
file: 111.32.210.52
hash: 4506
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 154.213.192.22
hash: 6606
file: 37.114.46.58
hash: 1111
domain: solve.pvsu.org
url: https://solve.pvsu.org/awjsx.captcha
url: https://u1.servicelandingkaraoke.shop/shell1.mp4
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 66.181.33.65
hash: 5664
file: 192.30.241.106
hash: 56002
file: 192.30.241.106
hash: 49754
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 193.200.78.24
hash: 3778
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 101.200.38.121
hash: 80
file: 154.204.177.197
hash: 80
file: 101.93.221.5
hash: 8880
file: 85.208.110.57
hash: 4433
file: 161.35.219.59
hash: 1377
file: 104.243.35.175
hash: 6666
file: 82.148.31.69
hash: 7443
file: 194.59.31.59
hash: 8089
file: 3.249.255.190
hash: 4567
file: 34.58.151.162
hash: 443
file: 87.120.127.206
hash: 80
url: http://45.178.250.194:10688/mozi.m
file: 82.64.249.250
hash: 8096
file: 206.119.166.108
hash: 3333
file: 78.46.139.160
hash: 3333
file: 174.138.92.250
hash: 3333
file: 176.124.214.131
hash: 443
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: 50r4nny5m9wtm.cfc-execute.bj.baidubce.com
domain: apiapi.fdsfdsdfdsf.co
domain: cdn.saycold.com
domain: cf.r8.lc
file: 154.221.21.196
hash: 80
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
url: https://n2.aroundpayablequirk.shop/gomc.mov
url: https://kuishupai.top/work/original.js
domain: kuishupai.top
url: https://kuishupai.top/work/index.php
url: https://kuishupai.top/work/help.php
url: https://quickauto24.com/core.zip
url: https://zxcaem.com/6f1d.js
url: https://zxcaem.com/js.php
url: https://santa-reflection-capitol-classifieds.trycloudflare.com/12341234
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
domain: thirtpp13vs.top
domain: home.thirtpp13vs.top
file: 91.202.233.12
hash: 443
file: 96.62.214.33
hash: 3778
domain: nlafhhiffkceadc.top
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
domain: aompiano.xyz
domain: blureditor.club
domain: colorfulmsg.fun
domain: cutekb.fun
domain: easyim.art
domain: ezlifeplugone.art
domain: ezstudio.cloud
domain: fastbrain.cloud
domain: fluidard.store
domain: gamodamo.store
domain: gazgazwall.art
domain: jackmars.online
domain: lmgui.xyz
domain: mmstudio.tech
domain: mmyzj.xyz
domain: nieniba.com
domain: partymaster.top
domain: pcppumps.com
domain: retrowallpaper.pro
domain: rungump.art
domain: stickerlab.fun
domain: stickerlogi.art
domain: trecool.space
domain: ucbatlas.pro
domain: wallpaper4k.online
domain: watermakr.xyz
hash: b2b514a44a24862275d03c4e56055e77
file: 45.77.151.146
hash: 31337
file: 89.23.103.43
hash: 8808
file: 102.32.117.96
hash: 8808
file: 118.70.175.199
hash: 8808
file: 2.59.163.69
hash: 2000
url: https://liuyi.neectar.info/hsdverd_3ed5d/mdswsourt_4rfs
url: https://liuyi.neectar.info/lksderdd_4dferd/jhdfer3s_jh3de
file: 44.207.92.202
hash: 443
domain: liuyi.neectar.info
url: https://lcd-add-palace-switching.trycloudflare.com/12341234
domain: crm.bestintownpro.com
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
url: http://152.42.180.208:8875/supershell/login/
file: 154.223.21.105
hash: 443
file: 45.62.123.85
hash: 2083
file: 54.68.48.57
hash: 80
file: 3.107.14.27
hash: 17
file: 149.210.0.241
hash: 443
file: 15.237.109.92
hash: 3306
file: 62.68.75.16
hash: 80
url: https://proxyyy.pages.dev/
url: https://l1nxx.para.rip/
url: https://wceecsit.international-conference.news
url: https://tcb-announcement.com/internal/security-awareness/report.html
url: https://wallet-web3.com/
url: http://45.131.215.139/c262c2557c712ca5/sqlite3.dll
url: http://45.131.215.139/c262c2557c712ca5/mozglue.dll
url: http://81.161.229.110/htdocs/syfozykfrwceqbe.exe
url: http://212.86.115.216/26ba0768f8501b95.php
domain: itsdrvgon1.ddns.net
domain: millionairedreams2025.duckdns.org
domain: asia-capabilities.gl.at.ply.gg
domain: blood-pattern.gl.at.ply.gg
domain: userxmorma-27072.portmap.host
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
domain: twentpp20vs.top
domain: cu35742.tw1.ru
domain: a1076459.xsph.ru
domain: srv226957.hoster-test.ru
domain: a1076350.xsph.ru
domain: offsetyofcre.bond
domain: rockemineu.bond
domain: broadecatez.bond
domain: handsbigywz.click
domain: woebengeoszis.click
domain: mooncobudy.click
domain: excitingratty.click
domain: basinstingger.cyou
domain: uncoverreduop.cyou
domain: abnomrmakio.cyou
domain: fortpp14vs.top
url: https://uncoverreduop.cyou/api
url: https://basinstingger.cyou/api
url: https://excitingratty.click/api
url: https://mooncobudy.click/api
url: https://woebengeoszis.click/api
url: https://handsbigywz.click/api
url: https://broadecatez.bond/api
url: https://rockemineu.bond/api
url: https://offsetyofcre.bond/api
domain: fiveff5pn.top
domain: fourteenff14pn.top
domain: fiveuu5th.top
domain: fivevv5ft.top
domain: oness1sr.top
domain: twentyuu20th.top
domain: daily-sexually.gl.at.ply.gg
file: 77.91.102.202
hash: 4566
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: c2.tunneltest.store
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 24.199.94.92
hash: 53
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 191.232.190.243
hash: 4444
file: 52.43.67.6
hash: 80
file: 54.68.48.57
hash: 80
file: 1.92.139.71
hash: 4444
file: 62.68.75.16
hash: 80
url: https://pastebin.com/raw/lq5dsdaq
url: https://pastebin.com/raw/f9g6bgdh
domain: slavisa-45970.portmap.host
file: 213.152.187.241
hash: 12776
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
domain: ail-govs.icu
domain: briefreport.nl
domain: govs.info
domain: indiagov.ws
domain: indianarmy.ml
domain: indiandefence.link
domain: indiandefence.nl
domain: putir.shop
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
url: https://a.putir.shop
url: https://b.putir.shop
url: https://email.gov.in.briefreport.nl
url: https://email.gov.in.indiagov.ws
url: https://email.gov.in.indianarmy.ml
url: https://email.gov.in.indiandefence.link
url: https://email.gov.in.indiandefence.nl
url: https://email.gov.in.mailindia.one
url: https://email.gov.in.ministryofdefenceindia.link
url: https://mail.putir.shop
url: https://webmail.putir.shop
url: https://www.email.gov.in.indiagov.ws
url: https://www.email.gov.in.indiandefence.link
url: https://www.email.gov.in.indiandefence.nl
url: https://www.email.gov.in.ministryofdefenceindia.link
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 147.124.216.223
hash: 7788
file: 120.26.164.174
hash: 8099
file: 172.111.216.72
hash: 2404
file: 141.95.114.244
hash: 8808
file: 88.243.168.51
hash: 1010
file: 102.117.168.1
hash: 7443
file: 93.232.107.71
hash: 82
file: 34.170.235.99
hash: 443
file: 154.37.219.249
hash: 60000
domain: brazzyss.xyz
file: 208.73.200.28
hash: 9999
file: 62.210.28.199
hash: 80
url: https://suggestyuoz.biz/api
file: 154.213.192.22
hash: 80
url: https://beevasyeip.bond/api
domain: 530westley.info
domain: artificial-pigment.wiki
domain: soainsaat.xyz
domain: digitalassetagency.xyz
domain: grabsure.com
domain: cannabis-entreprise.com
domain: snyp.shop
domain: site-techonlogy.com
domain: mapogosmello.com
domain: vtuos.com
domain: pancytopenias.com
domain: imzztoken.xyz
domain: skillbeast.site
domain: bienmaigrir.info
domain: ortakoyfirini.xyz
domain: restorativeeducationllc.com
domain: expartcomputer.com
domain: bets-bc-aingz.xyz
domain: prestigerugz.info
domain: d48dk.top
domain: 3skr.uncofig.com
domain: general-hebrew.gl.at.ply.gg
domain: round-nonprofit.gl.at.ply.gg
domain: bad-motor.gl.at.ply.gg
domain: assistance-arbitration.gl.at.ply.gg
domain: purpose-terror.gl.at.ply.gg
domain: networks-vitamin.gl.at.ply.gg
domain: popaylar-28758.portmap.host
domain: w3rtex-42879.portmap.host
file: 2.88.153.41
hash: 995
file: 45.77.46.13
hash: 80
domain: uogapk2.ddns.net
domain: wareface.hldns.ru
domain: c.top4top.net
domain: tigocomunicaciones.duckdns.org
domain: soundcash01.ddns.net
domain: 1brainfix.ddns.net
domain: ikoz.ddns.net
domain: m5drhm.ddns.net
file: 54.87.32.39
hash: 80
domain: tripolexxx.duckdns.org
domain: winsyss.sytes.net
domain: weichdsfiass201209xklsnxnso.duckdns.org
domain: clarocomunicaciones.duckdns.org
domain: houhost.hopto.org
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 87.120.125.185
hash: 6606
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53

ThreatFox IOCs for 2025-01-21

Severity: medium

Type: malware

ThreatFox IOCs for 2025-01-21

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium, Sweden, Finland

Indicators of Compromise

domain: solve.xtxy.org
url: https://solve.xtxy.org/awjsx.captcha
file: 195.177.92.71
hash: 4258
url: https://kpl-gun77dan.com/ghp/
file: 88.119.165.46
hash: 80
file: 120.76.193.57
hash: 443
file: 82.156.191.68
hash: 443
file: 172.111.139.188
hash: 2404
file: 181.130.8.144
hash: 2404
domain: at-port.net
domain: gotoolinks.org
file: 66.55.74.235
hash: 1000
file: 181.235.145.203
hash: 8888
file: 172.111.250.17
hash: 2403
file: 123.11.255.4
hash: 5873
file: 128.90.122.163
hash: 5555
file: 71.77.229.216
hash: 2222
file: 141.95.114.244
hash: 7707
file: 171.226.86.170
hash: 8808
file: 18.170.59.177
hash: 8082
domain: panel.zackaria.net
domain: pagesupport-activation.net
file: 46.246.80.11
hash: 9090
file: 52.67.181.124
hash: 2
file: 13.214.178.210
hash: 554
file: 3.113.172.92
hash: 80
file: 13.112.66.0
hash: 80
file: 158.178.235.53
hash: 8088
file: 154.213.189.132
hash: 80
file: 181.73.20.67
hash: 8080
url: http://59.184.248.201:44147/mozi.m
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 104.248.130.195
hash: 81
file: 104.248.130.195
hash: 82
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
url: https://covery-mover.biz/api
url: https://dare-curbys.biz/api
url: https://dwell-exclaim.biz/api
url: https://formy-spill.biz/api
url: https://impend-differ.biz/api
url: https://print-vexer.biz/api
url: https://se-blurry.biz/api
url: https://zinc-sneark.biz/api
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 113.250.188.15
hash: 8758
file: 194.102.104.25
hash: 1337
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 47.113.217.92
hash: 18888
file: 20.2.220.82
hash: 55502
file: 68.183.234.239
hash: 28080
domain: online-veiligdoorverbinden.com
domain: indiana317.com
domain: ledger-manage.com
domain: p2fverifynow.com
file: 192.3.146.145
hash: 14645
file: 176.100.36.135
hash: 443
file: 45.141.86.26
hash: 4443
file: 95.163.176.80
hash: 8082
file: 194.59.31.235
hash: 80
file: 213.176.94.228
hash: 80
file: 94.237.91.20
hash: 443
file: 102.96.215.117
hash: 443
file: 217.144.185.198
hash: 51106
file: 89.46.235.60
hash: 8443
file: 85.239.54.99
hash: 23443
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
domain: ec2-18-183-60-128.ap-northeast-1.compute.amazonaws.com
domain: www.receive.llc
file: 82.166.159.58
hash: 443
file: 194.60.201.16
hash: 3388
file: 185.135.195.4
hash: 3333
file: 3.124.25.236
hash: 443
file: 139.59.84.190
hash: 3333
file: 34.101.237.204
hash: 3333
file: 89.251.134.46
hash: 3333
file: 154.53.160.55
hash: 3333
file: 181.32.61.238
hash: 8080
file: 138.197.50.3
hash: 443
file: 13.235.172.221
hash: 80
file: 52.43.67.6
hash: 80
file: 174.138.92.250
hash: 80
file: 174.138.92.250
hash: 443
file: 35.167.94.35
hash: 80
file: 18.254.46.215
hash: 3333
file: 62.68.75.16
hash: 80
file: 89.247.50.29
hash: 80
file: 155.248.216.246
hash: 8083
file: 206.189.190.139
hash: 31337
file: 161.35.164.134
hash: 31337
file: 52.43.67.6
hash: 80
file: 54.68.48.57
hash: 80
url: https://185.219.81.135/c708352984fb7ac0.php
url: https://185.219.81.135/7ea00b0801a6fd7e.php
url: https://185.219.81.132/1089481c07d09d21.php
url: https://abnomrmakio.cyou/api
url: http://213.176.94.228/
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
domain: letsago.freemyip.com
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 31.57.243.64
hash: 6606
file: 31.57.243.64
hash: 7707
file: 31.57.243.64
hash: 8808
domain: youngsweays.my
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
domain: contractsmell.cyou
domain: yokecarvekio.cyou
domain: craveinjuur.shop
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
domain: floratrans.live
file: 212.22.82.118
hash: 6963
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
url: https://steamcommunity.com/profiles/76561199819539662
url: https://t.me/sc1phell
url: https://lfissrtg.rest/
url: https://ijthear.cyou/
url: https://95.217.240.67/
domain: lfissrtg.rest
domain: ijthear.cyou
file: 95.217.240.67
hash: 443
file: 88.99.120.106
hash: 443
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 82.156.191.68
hash: 80
domain: entrarviaverde.com
domain: pitchbookfinance.co
file: 154.216.18.232
hash: 5050
file: 23.226.54.80
hash: 31337
file: 23.226.54.84
hash: 31337
file: 47.90.208.22
hash: 8888
file: 128.90.122.163
hash: 8808
domain: floratechnology.live
file: 192.142.18.78
hash: 443
file: 54.203.151.9
hash: 7134
file: 165.140.85.87
hash: 4098
domain: bitcoin4u.store
domain: alibababet.space
domain: rtpneraca69.site
domain: firstcoltd.com
domain: dirtysocks.phd
domain: cpcalendars.firstcoltd.com
domain: mail.firstcoltd.com
domain: floratechnology.live
file: 18.159.133.90
hash: 80
file: 217.119.129.21
hash: 443
file: 92.255.57.30
hash: 443
domain: demeijer.cfd
domain: praanic.cfd
hash: 03b0c70a40ff259cf9b413ec276f059b
hash: 15437d1d161c4165681432bb9dfcacbe
hash: 18080dba3e9e24bc25b6f5add57c54bd
hash: 209ee1488dc08e52dc2d62c8af9868e6
hash: 23555bde38a454e60882b0d00a05427b
hash: 28b5e64c4a2e64cf4043c52e219e03b1
hash: 314287ede34f29710d8ce943513ece5d
hash: 38df0cfb3cc4cc1a06d97e84dc0c7147
hash: 39fc9dd3a31d2a3f0cdbeb88d4cbfa36
hash: 3ba4f1027bb2d09ff59ae99c19231f23
hash: 3d7c6657d142418af70e66a7036f3c23
hash: 441de21366e408885ca51964a811b2ae
hash: 5806438c0c66f97413371ba17a0af393
hash: 5b8c06079f552b1f4e4f1ef4ba2255d8
hash: 6ccdbdb9fa02780c8fb433a0b8101c01
hash: 6d4f3e79546ca0284b8e53674752311d
hash: 761679c1af3ed5fcce83ca1382f6f3ab
hash: 76c3bfcb5c468c4ff1f33f9d08cf0924
hash: 7716cde6eedb3e7758b5d72811e79476
hash: 7913576ca7a294209ec672d379602404
hash: 7abed7f8d7caddb70a8d2dac9d12fb44
hash: 7da5f162dd91a4821996f047841d1042
hash: 86bc7b19a0a06abe56da2d82123a0585
hash: 9587401557ed606a74f50150c038a942
hash: 986aa0b997111206227f724318da57e9
hash: 9c5bba77b7e48a1c4ee5488599c243e1
hash: b0632d5a9d371aaba82f8eeea48156ee
hash: b3b3aef6d7fa1a06b8564e4ba57887fe
hash: b6e087f86a98d3089a0408b6c18a898c
hash: be9998902ea7d6b475590234af0cf63d
hash: c153ea07e607d0d5fe6e5ad7896d5045
hash: c45dc71e59738f58fd2deb93c1a68899
hash: c6d6b0d8283078e3b3729d66ce8a3cb6
hash: cacc96d43fccbbbc39bcb4a1ccd306dd
hash: cb2b195d9d42ad5a4214436a5043c544
hash: ce7f907128a600429eb711d184d0d354
hash: dbf8a3a4e6c7c59d8f4c01b6eb1f79b5
hash: e357e6cd642c8660e4d37c28325f5b47
hash: f1194fca000bbc9e11d611722a99311b
hash: f878118557e54549e3dedd4d119463ef
domain: awake-weaves.cyou
domain: sordid-snaked.cyou
url: https://lev-tolstoi.com/api
file: 111.32.210.52
hash: 4506
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 154.213.192.22
hash: 6606
file: 37.114.46.58
hash: 1111
domain: solve.pvsu.org
url: https://solve.pvsu.org/awjsx.captcha
url: https://u1.servicelandingkaraoke.shop/shell1.mp4
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 66.181.33.65
hash: 5664
file: 192.30.241.106
hash: 56002
file: 192.30.241.106
hash: 49754
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 193.200.78.24
hash: 3778
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 101.200.38.121
hash: 80
file: 154.204.177.197
hash: 80
file: 101.93.221.5
hash: 8880
file: 85.208.110.57
hash: 4433
file: 161.35.219.59
hash: 1377
file: 104.243.35.175
hash: 6666
file: 82.148.31.69
hash: 7443
file: 194.59.31.59
hash: 8089
file: 3.249.255.190
hash: 4567
file: 34.58.151.162
hash: 443
file: 87.120.127.206
hash: 80
url: http://45.178.250.194:10688/mozi.m
file: 82.64.249.250
hash: 8096
file: 206.119.166.108
hash: 3333
file: 78.46.139.160
hash: 3333
file: 174.138.92.250
hash: 3333
file: 176.124.214.131
hash: 443
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: 50r4nny5m9wtm.cfc-execute.bj.baidubce.com
domain: apiapi.fdsfdsdfdsf.co
domain: cdn.saycold.com
domain: cf.r8.lc
file: 154.221.21.196
hash: 80
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
url: https://n2.aroundpayablequirk.shop/gomc.mov
url: https://kuishupai.top/work/original.js
domain: kuishupai.top
url: https://kuishupai.top/work/index.php
url: https://kuishupai.top/work/help.php
url: https://quickauto24.com/core.zip
url: https://zxcaem.com/6f1d.js
url: https://zxcaem.com/js.php
url: https://santa-reflection-capitol-classifieds.trycloudflare.com/12341234
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
domain: thirtpp13vs.top
domain: home.thirtpp13vs.top
file: 91.202.233.12
hash: 443
file: 96.62.214.33
hash: 3778
domain: nlafhhiffkceadc.top
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
domain: aompiano.xyz
domain: blureditor.club
domain: colorfulmsg.fun
domain: cutekb.fun
domain: easyim.art
domain: ezlifeplugone.art
domain: ezstudio.cloud
domain: fastbrain.cloud
domain: fluidard.store
domain: gamodamo.store
domain: gazgazwall.art
domain: jackmars.online
domain: lmgui.xyz
domain: mmstudio.tech
domain: mmyzj.xyz
domain: nieniba.com
domain: partymaster.top
domain: pcppumps.com
domain: retrowallpaper.pro
domain: rungump.art
domain: stickerlab.fun
domain: stickerlogi.art
domain: trecool.space
domain: ucbatlas.pro
domain: wallpaper4k.online
domain: watermakr.xyz
hash: b2b514a44a24862275d03c4e56055e77
file: 45.77.151.146
hash: 31337
file: 89.23.103.43
hash: 8808
file: 102.32.117.96
hash: 8808
file: 118.70.175.199
hash: 8808
file: 2.59.163.69
hash: 2000
url: https://liuyi.neectar.info/hsdverd_3ed5d/mdswsourt_4rfs
url: https://liuyi.neectar.info/lksderdd_4dferd/jhdfer3s_jh3de
file: 44.207.92.202
hash: 443
domain: liuyi.neectar.info
url: https://lcd-add-palace-switching.trycloudflare.com/12341234
domain: crm.bestintownpro.com
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
url: http://152.42.180.208:8875/supershell/login/
file: 154.223.21.105
hash: 443
file: 45.62.123.85
hash: 2083
file: 54.68.48.57
hash: 80
file: 3.107.14.27
hash: 17
file: 149.210.0.241
hash: 443
file: 15.237.109.92
hash: 3306
file: 62.68.75.16
hash: 80
url: https://proxyyy.pages.dev/
url: https://l1nxx.para.rip/
url: https://wceecsit.international-conference.news
url: https://tcb-announcement.com/internal/security-awareness/report.html
url: https://wallet-web3.com/
url: http://45.131.215.139/c262c2557c712ca5/sqlite3.dll
url: http://45.131.215.139/c262c2557c712ca5/mozglue.dll
url: http://81.161.229.110/htdocs/syfozykfrwceqbe.exe
url: http://212.86.115.216/26ba0768f8501b95.php
domain: itsdrvgon1.ddns.net
domain: millionairedreams2025.duckdns.org
domain: asia-capabilities.gl.at.ply.gg
domain: blood-pattern.gl.at.ply.gg
domain: userxmorma-27072.portmap.host
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
domain: twentpp20vs.top
domain: cu35742.tw1.ru
domain: a1076459.xsph.ru
domain: srv226957.hoster-test.ru
domain: a1076350.xsph.ru
domain: offsetyofcre.bond
domain: rockemineu.bond
domain: broadecatez.bond
domain: handsbigywz.click
domain: woebengeoszis.click
domain: mooncobudy.click
domain: excitingratty.click
domain: basinstingger.cyou
domain: uncoverreduop.cyou
domain: abnomrmakio.cyou
domain: fortpp14vs.top
url: https://uncoverreduop.cyou/api
url: https://basinstingger.cyou/api
url: https://excitingratty.click/api
url: https://mooncobudy.click/api
url: https://woebengeoszis.click/api
url: https://handsbigywz.click/api
url: https://broadecatez.bond/api
url: https://rockemineu.bond/api
url: https://offsetyofcre.bond/api
domain: fiveff5pn.top
domain: fourteenff14pn.top
domain: fiveuu5th.top
domain: fivevv5ft.top
domain: oness1sr.top
domain: twentyuu20th.top
domain: daily-sexually.gl.at.ply.gg
file: 77.91.102.202
hash: 4566
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: c2.tunneltest.store
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 24.199.94.92
hash: 53
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 191.232.190.243
hash: 4444
file: 52.43.67.6
hash: 80
file: 54.68.48.57
hash: 80
file: 1.92.139.71
hash: 4444
file: 62.68.75.16
hash: 80
url: https://pastebin.com/raw/lq5dsdaq
url: https://pastebin.com/raw/f9g6bgdh
domain: slavisa-45970.portmap.host
file: 213.152.187.241
hash: 12776
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
domain: ail-govs.icu
domain: briefreport.nl
domain: govs.info
domain: indiagov.ws
domain: indianarmy.ml
domain: indiandefence.link
domain: indiandefence.nl
domain: putir.shop
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
url: https://a.putir.shop
url: https://b.putir.shop
url: https://email.gov.in.briefreport.nl
url: https://email.gov.in.indiagov.ws
url: https://email.gov.in.indianarmy.ml
url: https://email.gov.in.indiandefence.link
url: https://email.gov.in.indiandefence.nl
url: https://email.gov.in.mailindia.one
url: https://email.gov.in.ministryofdefenceindia.link
url: https://mail.putir.shop
url: https://webmail.putir.shop
url: https://www.email.gov.in.indiagov.ws
url: https://www.email.gov.in.indiandefence.link
url: https://www.email.gov.in.indiandefence.nl
url: https://www.email.gov.in.ministryofdefenceindia.link
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 147.124.216.223
hash: 7788
file: 120.26.164.174
hash: 8099
file: 172.111.216.72
hash: 2404
file: 141.95.114.244
hash: 8808
file: 88.243.168.51
hash: 1010
file: 102.117.168.1
hash: 7443
file: 93.232.107.71
hash: 82
file: 34.170.235.99
hash: 443
file: 154.37.219.249
hash: 60000
domain: brazzyss.xyz
file: 208.73.200.28
hash: 9999
file: 62.210.28.199
hash: 80
url: https://suggestyuoz.biz/api
file: 154.213.192.22
hash: 80
url: https://beevasyeip.bond/api
domain: 530westley.info
domain: artificial-pigment.wiki
domain: soainsaat.xyz
domain: digitalassetagency.xyz
domain: grabsure.com
domain: cannabis-entreprise.com
domain: snyp.shop
domain: site-techonlogy.com
domain: mapogosmello.com
domain: vtuos.com
domain: pancytopenias.com
domain: imzztoken.xyz
domain: skillbeast.site
domain: bienmaigrir.info
domain: ortakoyfirini.xyz
domain: restorativeeducationllc.com
domain: expartcomputer.com
domain: bets-bc-aingz.xyz
domain: prestigerugz.info
domain: d48dk.top
domain: 3skr.uncofig.com
domain: general-hebrew.gl.at.ply.gg
domain: round-nonprofit.gl.at.ply.gg
domain: bad-motor.gl.at.ply.gg
domain: assistance-arbitration.gl.at.ply.gg
domain: purpose-terror.gl.at.ply.gg
domain: networks-vitamin.gl.at.ply.gg
domain: popaylar-28758.portmap.host
domain: w3rtex-42879.portmap.host
file: 2.88.153.41
hash: 995
file: 45.77.46.13
hash: 80
domain: uogapk2.ddns.net
domain: wareface.hldns.ru
domain: c.top4top.net
domain: tigocomunicaciones.duckdns.org
domain: soundcash01.ddns.net
domain: 1brainfix.ddns.net
domain: ikoz.ddns.net
domain: m5drhm.ddns.net
file: 54.87.32.39
hash: 80
domain: tripolexxx.duckdns.org
domain: winsyss.sytes.net
domain: weichdsfiass201209xklsnxnso.duckdns.org
domain: clarocomunicaciones.duckdns.org
domain: houhost.hopto.org
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 87.120.125.185
hash: 6606
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53

Source: ThreatFox

Published: Tue Jan 21 2025

ThreatFox IOCs for 2025-01-21

Medium

Malwaretype:osint tlp:white

Published: Tue Jan 21 2025 (01/21/2025, 00:00:00 UTC)

Source: ThreatFox

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2025-01-21

AI-Powered Analysis

AILast updated: 06/19/2025, 16:32:53 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: aff55039-ac56-4909-99eb-c59ecd86a69b
Original Timestamp: 1737504187

Indicators of Compromise

Domain

Value	Description	Copy
domainsolve.xtxy.org	ClearFake payload delivery domain (confidence level: 100%)
domainat-port.net	Remcos botnet C2 domain (confidence level: 100%)
domaingotoolinks.org	Remcos botnet C2 domain (confidence level: 100%)
domainpanel.zackaria.net	Hook botnet C2 domain (confidence level: 100%)
domainpagesupport-activation.net	Havoc botnet C2 domain (confidence level: 100%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainonline-veiligdoorverbinden.com	Remcos botnet C2 domain (confidence level: 100%)
domainindiana317.com	Remcos botnet C2 domain (confidence level: 100%)
domainledger-manage.com	Remcos botnet C2 domain (confidence level: 100%)
domainp2fverifynow.com	Remcos botnet C2 domain (confidence level: 100%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainec2-18-183-60-128.ap-northeast-1.compute.amazonaws.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.receive.llc	Unknown malware botnet C2 domain (confidence level: 100%)
domainletsago.freemyip.com	AsyncRAT botnet C2 domain (confidence level: 50%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainyoungsweays.my	Lumma Stealer botnet C2 domain (confidence level: 50%)
domaincontractsmell.cyou	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainyokecarvekio.cyou	Lumma Stealer botnet C2 domain (confidence level: 50%)
domaincraveinjuur.shop	Lumma Stealer botnet C2 domain (confidence level: 50%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainfloratrans.live	Rhadamanthys botnet C2 domain (confidence level: 100%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainlfissrtg.rest	Vidar botnet C2 domain (confidence level: 100%)
domainijthear.cyou	Vidar botnet C2 domain (confidence level: 100%)
domainentrarviaverde.com	Remcos botnet C2 domain (confidence level: 100%)
domainpitchbookfinance.co	Remcos botnet C2 domain (confidence level: 100%)
domainfloratechnology.live	Rhadamanthys botnet C2 domain (confidence level: 100%)
domainbitcoin4u.store	Rhadamanthys payload delivery domain (confidence level: 100%)
domainalibababet.space	Rhadamanthys payload delivery domain (confidence level: 100%)
domainrtpneraca69.site	Rhadamanthys payload delivery domain (confidence level: 100%)
domainfirstcoltd.com	Rhadamanthys payload delivery domain (confidence level: 100%)
domaindirtysocks.phd	Rhadamanthys payload delivery domain (confidence level: 100%)
domaincpcalendars.firstcoltd.com	Rhadamanthys payload delivery domain (confidence level: 100%)
domainmail.firstcoltd.com	Rhadamanthys payload delivery domain (confidence level: 100%)
domainfloratechnology.live	Rhadamanthys payload delivery domain (confidence level: 100%)
domaindemeijer.cfd	AMOS botnet C2 domain (confidence level: 100%)
domainpraanic.cfd	AMOS botnet C2 domain (confidence level: 100%)
domainawake-weaves.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainsordid-snaked.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainsolve.pvsu.org	ClearFake payload delivery domain (confidence level: 100%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domain50r4nny5m9wtm.cfc-execute.bj.baidubce.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainapiapi.fdsfdsdfdsf.co	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincdn.saycold.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainkuishupai.top	FAKEUPDATES payload delivery domain (confidence level: 100%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainthirtpp13vs.top	CryptBot botnet C2 domain (confidence level: 100%)
domainhome.thirtpp13vs.top	CryptBot botnet C2 domain (confidence level: 100%)
domainnlafhhiffkceadc.top	FAKEUPDATES payload delivery domain (confidence level: 75%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainaompiano.xyz	Joker botnet C2 domain (confidence level: 75%)
domainblureditor.club	Joker botnet C2 domain (confidence level: 75%)
domaincolorfulmsg.fun	Joker botnet C2 domain (confidence level: 75%)
domaincutekb.fun	Joker botnet C2 domain (confidence level: 75%)
domaineasyim.art	Joker botnet C2 domain (confidence level: 75%)
domainezlifeplugone.art	Joker botnet C2 domain (confidence level: 75%)
domainezstudio.cloud	Joker botnet C2 domain (confidence level: 75%)
domainfastbrain.cloud	Joker botnet C2 domain (confidence level: 75%)
domainfluidard.store	Joker botnet C2 domain (confidence level: 75%)
domaingamodamo.store	Joker botnet C2 domain (confidence level: 75%)
domaingazgazwall.art	Joker botnet C2 domain (confidence level: 75%)
domainjackmars.online	Joker botnet C2 domain (confidence level: 75%)
domainlmgui.xyz	Joker botnet C2 domain (confidence level: 75%)
domainmmstudio.tech	Joker botnet C2 domain (confidence level: 75%)
domainmmyzj.xyz	Joker botnet C2 domain (confidence level: 75%)
domainnieniba.com	Joker botnet C2 domain (confidence level: 75%)
domainpartymaster.top	Joker botnet C2 domain (confidence level: 75%)
domainpcppumps.com	Joker botnet C2 domain (confidence level: 75%)
domainretrowallpaper.pro	Joker botnet C2 domain (confidence level: 75%)
domainrungump.art	Joker botnet C2 domain (confidence level: 75%)
domainstickerlab.fun	Joker botnet C2 domain (confidence level: 75%)
domainstickerlogi.art	Joker botnet C2 domain (confidence level: 75%)
domaintrecool.space	Joker botnet C2 domain (confidence level: 75%)
domainucbatlas.pro	Joker botnet C2 domain (confidence level: 75%)
domainwallpaper4k.online	Joker botnet C2 domain (confidence level: 75%)
domainwatermakr.xyz	Joker botnet C2 domain (confidence level: 75%)
domainliuyi.neectar.info	Unknown malware payload delivery domain (confidence level: 100%)
domaincrm.bestintownpro.com	FAKEUPDATES botnet C2 domain (confidence level: 100%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainitsdrvgon1.ddns.net	NjRAT botnet C2 domain (confidence level: 50%)
domainmillionairedreams2025.duckdns.org	Remcos botnet C2 domain (confidence level: 50%)
domainasia-capabilities.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domainblood-pattern.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domainuserxmorma-27072.portmap.host	XWorm botnet C2 domain (confidence level: 50%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaintwentpp20vs.top	CryptBot botnet C2 domain (confidence level: 100%)
domaincu35742.tw1.ru	DCRat botnet C2 domain (confidence level: 100%)
domaina1076459.xsph.ru	DCRat botnet C2 domain (confidence level: 100%)
domainsrv226957.hoster-test.ru	DCRat botnet C2 domain (confidence level: 100%)
domaina1076350.xsph.ru	DCRat botnet C2 domain (confidence level: 100%)
domainoffsetyofcre.bond	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainrockemineu.bond	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainbroadecatez.bond	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainhandsbigywz.click	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainwoebengeoszis.click	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainmooncobudy.click	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainexcitingratty.click	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainbasinstingger.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainuncoverreduop.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainabnomrmakio.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainfortpp14vs.top	CryptBot botnet C2 domain (confidence level: 100%)
domainfiveff5pn.top	CryptBot botnet C2 domain (confidence level: 100%)
domainfourteenff14pn.top	CryptBot botnet C2 domain (confidence level: 100%)
domainfiveuu5th.top	CryptBot botnet C2 domain (confidence level: 100%)
domainfivevv5ft.top	CryptBot botnet C2 domain (confidence level: 100%)
domainoness1sr.top	CryptBot botnet C2 domain (confidence level: 100%)
domaintwentyuu20th.top	CryptBot botnet C2 domain (confidence level: 100%)
domaindaily-sexually.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainc2.tunneltest.store	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainslavisa-45970.portmap.host	XWorm botnet C2 domain (confidence level: 50%)
domainail-govs.icu	Unknown malware botnet C2 domain (confidence level: 50%)
domainbriefreport.nl	Unknown malware botnet C2 domain (confidence level: 50%)
domaingovs.info	Unknown malware botnet C2 domain (confidence level: 50%)
domainindiagov.ws	Unknown malware botnet C2 domain (confidence level: 50%)
domainindianarmy.ml	Unknown malware botnet C2 domain (confidence level: 50%)
domainindiandefence.link	Unknown malware botnet C2 domain (confidence level: 50%)
domainindiandefence.nl	Unknown malware botnet C2 domain (confidence level: 50%)
domainputir.shop	Unknown malware botnet C2 domain (confidence level: 50%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainbrazzyss.xyz	Bashlite botnet C2 domain (confidence level: 100%)
domain530westley.info	Formbook botnet C2 domain (confidence level: 50%)
domainartificial-pigment.wiki	Formbook botnet C2 domain (confidence level: 50%)
domainsoainsaat.xyz	Formbook botnet C2 domain (confidence level: 50%)
domaindigitalassetagency.xyz	Formbook botnet C2 domain (confidence level: 50%)
domaingrabsure.com	Formbook botnet C2 domain (confidence level: 50%)
domaincannabis-entreprise.com	Formbook botnet C2 domain (confidence level: 50%)
domainsnyp.shop	Formbook botnet C2 domain (confidence level: 50%)
domainsite-techonlogy.com	Formbook botnet C2 domain (confidence level: 50%)
domainmapogosmello.com	Formbook botnet C2 domain (confidence level: 50%)
domainvtuos.com	Formbook botnet C2 domain (confidence level: 50%)
domainpancytopenias.com	Formbook botnet C2 domain (confidence level: 50%)
domainimzztoken.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainskillbeast.site	Formbook botnet C2 domain (confidence level: 50%)
domainbienmaigrir.info	Formbook botnet C2 domain (confidence level: 50%)
domainortakoyfirini.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainrestorativeeducationllc.com	Formbook botnet C2 domain (confidence level: 50%)
domainexpartcomputer.com	Formbook botnet C2 domain (confidence level: 50%)
domainbets-bc-aingz.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainprestigerugz.info	Formbook botnet C2 domain (confidence level: 50%)
domaind48dk.top	Formbook botnet C2 domain (confidence level: 50%)
domain3skr.uncofig.com	XWorm botnet C2 domain (confidence level: 50%)
domaingeneral-hebrew.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domainround-nonprofit.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domainbad-motor.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domainassistance-arbitration.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domainpurpose-terror.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domainnetworks-vitamin.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domainpopaylar-28758.portmap.host	XWorm botnet C2 domain (confidence level: 50%)
domainw3rtex-42879.portmap.host	XWorm botnet C2 domain (confidence level: 50%)
domainuogapk2.ddns.net	NjRAT botnet C2 domain (confidence level: 50%)
domainwareface.hldns.ru	NjRAT botnet C2 domain (confidence level: 50%)
domainc.top4top.net	NjRAT botnet C2 domain (confidence level: 50%)
domaintigocomunicaciones.duckdns.org	NjRAT botnet C2 domain (confidence level: 50%)
domainsoundcash01.ddns.net	NjRAT botnet C2 domain (confidence level: 50%)
domain1brainfix.ddns.net	NjRAT botnet C2 domain (confidence level: 50%)
domainikoz.ddns.net	NjRAT botnet C2 domain (confidence level: 50%)
domainm5drhm.ddns.net	NjRAT botnet C2 domain (confidence level: 50%)
domaintripolexxx.duckdns.org	NjRAT botnet C2 domain (confidence level: 50%)
domainwinsyss.sytes.net	NjRAT botnet C2 domain (confidence level: 50%)
domainweichdsfiass201209xklsnxnso.duckdns.org	NjRAT botnet C2 domain (confidence level: 50%)
domainclarocomunicaciones.duckdns.org	NjRAT botnet C2 domain (confidence level: 50%)
domainhouhost.hopto.org	NjRAT botnet C2 domain (confidence level: 50%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)

Url

Value	Description	Copy
urlhttps://solve.xtxy.org/awjsx.captcha	Lumma Stealer payload delivery URL (confidence level: 50%)
urlhttps://kpl-gun77dan.com/ghp/	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://59.184.248.201:44147/mozi.m	Mozi payload delivery URL (confidence level: 50%)
urlhttps://covery-mover.biz/api	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://dare-curbys.biz/api	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://dwell-exclaim.biz/api	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://formy-spill.biz/api	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://impend-differ.biz/api	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://print-vexer.biz/api	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://se-blurry.biz/api	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://zinc-sneark.biz/api	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://185.219.81.135/c708352984fb7ac0.php	Stealc botnet C2 (confidence level: 50%)
urlhttps://185.219.81.135/7ea00b0801a6fd7e.php	Stealc botnet C2 (confidence level: 50%)
urlhttps://185.219.81.132/1089481c07d09d21.php	Stealc botnet C2 (confidence level: 50%)
urlhttps://abnomrmakio.cyou/api	Lumma Stealer botnet C2 (confidence level: 50%)
urlhttp://213.176.94.228/	Hook botnet C2 (confidence level: 50%)
urlhttps://steamcommunity.com/profiles/76561199819539662	Vidar botnet C2 (confidence level: 100%)
urlhttps://t.me/sc1phell	Vidar botnet C2 (confidence level: 100%)
urlhttps://lfissrtg.rest/	Vidar botnet C2 (confidence level: 100%)
urlhttps://ijthear.cyou/	Vidar botnet C2 (confidence level: 100%)
urlhttps://95.217.240.67/	Vidar botnet C2 (confidence level: 100%)
urlhttps://lev-tolstoi.com/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://solve.pvsu.org/awjsx.captcha	Lumma Stealer payload delivery URL (confidence level: 75%)
urlhttps://u1.servicelandingkaraoke.shop/shell1.mp4	Unknown malware payload delivery URL (confidence level: 50%)
urlhttp://45.178.250.194:10688/mozi.m	Mozi payload delivery URL (confidence level: 50%)
urlhttps://n2.aroundpayablequirk.shop/gomc.mov	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://kuishupai.top/work/original.js	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://kuishupai.top/work/index.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://kuishupai.top/work/help.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://quickauto24.com/core.zip	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://zxcaem.com/6f1d.js	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://zxcaem.com/js.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://santa-reflection-capitol-classifieds.trycloudflare.com/12341234	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://liuyi.neectar.info/hsdverd_3ed5d/mdswsourt_4rfs	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://liuyi.neectar.info/lksderdd_4dferd/jhdfer3s_jh3de	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://lcd-add-palace-switching.trycloudflare.com/12341234	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://152.42.180.208:8875/supershell/login/	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://proxyyy.pages.dev/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://l1nxx.para.rip/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://wceecsit.international-conference.news	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://tcb-announcement.com/internal/security-awareness/report.html	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://wallet-web3.com/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttp://45.131.215.139/c262c2557c712ca5/sqlite3.dll	Stealc payload delivery URL (confidence level: 50%)
urlhttp://45.131.215.139/c262c2557c712ca5/mozglue.dll	Stealc payload delivery URL (confidence level: 50%)
urlhttp://81.161.229.110/htdocs/syfozykfrwceqbe.exe	MASS Logger payload delivery URL (confidence level: 50%)
urlhttp://212.86.115.216/26ba0768f8501b95.php	Stealc botnet C2 (confidence level: 50%)
urlhttps://uncoverreduop.cyou/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://basinstingger.cyou/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://excitingratty.click/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://mooncobudy.click/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://woebengeoszis.click/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://handsbigywz.click/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://broadecatez.bond/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://rockemineu.bond/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://offsetyofcre.bond/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://pastebin.com/raw/lq5dsdaq	XWorm botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/f9g6bgdh	XWorm botnet C2 (confidence level: 50%)
urlhttps://a.putir.shop	Unknown malware botnet C2 (confidence level: 50%)
urlhttps://b.putir.shop	Unknown malware botnet C2 (confidence level: 50%)
urlhttps://email.gov.in.briefreport.nl	Unknown malware botnet C2 (confidence level: 50%)
urlhttps://email.gov.in.indiagov.ws	Unknown malware botnet C2 (confidence level: 50%)
urlhttps://email.gov.in.indianarmy.ml	Unknown malware botnet C2 (confidence level: 50%)
urlhttps://email.gov.in.indiandefence.link	Unknown malware botnet C2 (confidence level: 50%)
urlhttps://email.gov.in.indiandefence.nl	Unknown malware botnet C2 (confidence level: 50%)
urlhttps://email.gov.in.mailindia.one	Unknown malware botnet C2 (confidence level: 50%)
urlhttps://email.gov.in.ministryofdefenceindia.link	Unknown malware botnet C2 (confidence level: 50%)
urlhttps://mail.putir.shop	Unknown malware botnet C2 (confidence level: 50%)
urlhttps://webmail.putir.shop	Unknown malware botnet C2 (confidence level: 50%)
urlhttps://www.email.gov.in.indiagov.ws	Unknown malware botnet C2 (confidence level: 50%)
urlhttps://www.email.gov.in.indiandefence.link	Unknown malware botnet C2 (confidence level: 50%)
urlhttps://www.email.gov.in.indiandefence.nl	Unknown malware botnet C2 (confidence level: 50%)
urlhttps://www.email.gov.in.ministryofdefenceindia.link	Unknown malware botnet C2 (confidence level: 50%)
urlhttps://suggestyuoz.biz/api	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://beevasyeip.bond/api	Lumma Stealer botnet C2 (confidence level: 50%)

File

Value	Description	Copy
file195.177.92.71	Bashlite botnet C2 server (confidence level: 75%)
file88.119.165.46	SystemBC botnet C2 server (confidence level: 75%)
file120.76.193.57	Cobalt Strike botnet C2 server (confidence level: 100%)
file82.156.191.68	Cobalt Strike botnet C2 server (confidence level: 100%)
file172.111.139.188	Remcos botnet C2 server (confidence level: 100%)
file181.130.8.144	Remcos botnet C2 server (confidence level: 100%)
file66.55.74.235	Remcos botnet C2 server (confidence level: 100%)
file181.235.145.203	Remcos botnet C2 server (confidence level: 100%)
file172.111.250.17	Remcos botnet C2 server (confidence level: 100%)
file123.11.255.4	Unknown malware botnet C2 server (confidence level: 100%)
file128.90.122.163	AsyncRAT botnet C2 server (confidence level: 100%)
file71.77.229.216	AsyncRAT botnet C2 server (confidence level: 100%)
file141.95.114.244	AsyncRAT botnet C2 server (confidence level: 100%)
file171.226.86.170	AsyncRAT botnet C2 server (confidence level: 100%)
file18.170.59.177	Hook botnet C2 server (confidence level: 100%)
file46.246.80.11	DCRat botnet C2 server (confidence level: 100%)
file52.67.181.124	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file13.214.178.210	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file3.113.172.92	Brute Ratel C4 botnet C2 server (confidence level: 100%)
file13.112.66.0	Brute Ratel C4 botnet C2 server (confidence level: 100%)
file158.178.235.53	Kaiji botnet C2 server (confidence level: 100%)
file154.213.189.132	Unknown malware botnet C2 server (confidence level: 100%)
file181.73.20.67	AsyncRAT botnet C2 server (confidence level: 75%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file104.248.130.195	NjRAT botnet C2 server (confidence level: 75%)
file104.248.130.195	NjRAT botnet C2 server (confidence level: 75%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file113.250.188.15	Cobalt Strike botnet C2 server (confidence level: 75%)
file194.102.104.25	Cobalt Strike botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file47.113.217.92	Cobalt Strike botnet C2 server (confidence level: 100%)
file20.2.220.82	Cobalt Strike botnet C2 server (confidence level: 100%)
file68.183.234.239	Cobalt Strike botnet C2 server (confidence level: 100%)
file192.3.146.145	Remcos botnet C2 server (confidence level: 100%)
file176.100.36.135	Sliver botnet C2 server (confidence level: 100%)
file45.141.86.26	Matanbuchus botnet C2 server (confidence level: 100%)
file95.163.176.80	Hook botnet C2 server (confidence level: 100%)
file194.59.31.235	Hook botnet C2 server (confidence level: 100%)
file213.176.94.228	Hook botnet C2 server (confidence level: 100%)
file94.237.91.20	Havoc botnet C2 server (confidence level: 100%)
file102.96.215.117	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file217.144.185.198	Unknown malware botnet C2 server (confidence level: 100%)
file89.46.235.60	BianLian botnet C2 server (confidence level: 100%)
file85.239.54.99	BianLian botnet C2 server (confidence level: 100%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.166.159.58	Unknown malware botnet C2 server (confidence level: 100%)
file194.60.201.16	Unknown malware botnet C2 server (confidence level: 100%)
file185.135.195.4	Unknown malware botnet C2 server (confidence level: 100%)
file3.124.25.236	Unknown malware botnet C2 server (confidence level: 100%)
file139.59.84.190	Unknown malware botnet C2 server (confidence level: 100%)
file34.101.237.204	Unknown malware botnet C2 server (confidence level: 100%)
file89.251.134.46	Unknown malware botnet C2 server (confidence level: 100%)
file154.53.160.55	Unknown malware botnet C2 server (confidence level: 100%)
file181.32.61.238	Unknown malware botnet C2 server (confidence level: 100%)
file138.197.50.3	Unknown malware botnet C2 server (confidence level: 100%)
file13.235.172.221	Unknown malware botnet C2 server (confidence level: 100%)
file52.43.67.6	Unknown malware botnet C2 server (confidence level: 100%)
file174.138.92.250	Unknown malware botnet C2 server (confidence level: 100%)
file174.138.92.250	Unknown malware botnet C2 server (confidence level: 100%)
file35.167.94.35	Unknown malware botnet C2 server (confidence level: 100%)
file18.254.46.215	Unknown malware botnet C2 server (confidence level: 100%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 50%)
file89.247.50.29	Ghost RAT botnet C2 server (confidence level: 50%)
file155.248.216.246	ShadowPad botnet C2 server (confidence level: 50%)
file206.189.190.139	Sliver botnet C2 server (confidence level: 50%)
file161.35.164.134	Sliver botnet C2 server (confidence level: 50%)
file52.43.67.6	Unknown malware botnet C2 server (confidence level: 50%)
file54.68.48.57	Unknown malware botnet C2 server (confidence level: 50%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file31.57.243.64	AsyncRAT botnet C2 server (confidence level: 50%)
file31.57.243.64	AsyncRAT botnet C2 server (confidence level: 50%)
file31.57.243.64	AsyncRAT botnet C2 server (confidence level: 50%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file212.22.82.118	Bashlite botnet C2 server (confidence level: 75%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file95.217.240.67	Vidar botnet C2 server (confidence level: 100%)
file88.99.120.106	Vidar botnet C2 server (confidence level: 100%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.156.191.68	Cobalt Strike botnet C2 server (confidence level: 100%)
file154.216.18.232	Remcos botnet C2 server (confidence level: 100%)
file23.226.54.80	Sliver botnet C2 server (confidence level: 100%)
file23.226.54.84	Sliver botnet C2 server (confidence level: 100%)
file47.90.208.22	Unknown malware botnet C2 server (confidence level: 100%)
file128.90.122.163	AsyncRAT botnet C2 server (confidence level: 100%)
file192.142.18.78	Havoc botnet C2 server (confidence level: 100%)
file54.203.151.9	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file165.140.85.87	Crimson RAT botnet C2 server (confidence level: 100%)
file18.159.133.90	Cobalt Strike botnet C2 server (confidence level: 100%)
file217.119.129.21	Rhadamanthys botnet C2 server (confidence level: 75%)
file92.255.57.30	Rhadamanthys botnet C2 server (confidence level: 75%)
file111.32.210.52	DeimosC2 botnet C2 server (confidence level: 75%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file154.213.192.22	Bashlite botnet C2 server (confidence level: 100%)
file37.114.46.58	Bashlite botnet C2 server (confidence level: 100%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file66.181.33.65	Rhadamanthys botnet C2 server (confidence level: 100%)
file192.30.241.106	AsyncRAT botnet C2 server (confidence level: 100%)
file192.30.241.106	AsyncRAT botnet C2 server (confidence level: 100%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file193.200.78.24	Mirai botnet C2 server (confidence level: 75%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file101.200.38.121	Cobalt Strike botnet C2 server (confidence level: 100%)
file154.204.177.197	Cobalt Strike botnet C2 server (confidence level: 100%)
file101.93.221.5	Cobalt Strike botnet C2 server (confidence level: 100%)
file85.208.110.57	Cobalt Strike botnet C2 server (confidence level: 100%)
file161.35.219.59	Remcos botnet C2 server (confidence level: 100%)
file104.243.35.175	AsyncRAT botnet C2 server (confidence level: 100%)
file82.148.31.69	Unknown malware botnet C2 server (confidence level: 100%)
file194.59.31.59	Hook botnet C2 server (confidence level: 100%)
file3.249.255.190	Quasar RAT botnet C2 server (confidence level: 100%)
file34.58.151.162	PoshC2 botnet C2 server (confidence level: 100%)
file87.120.127.206	Unknown malware botnet C2 server (confidence level: 100%)
file82.64.249.250	Unknown malware botnet C2 server (confidence level: 100%)
file206.119.166.108	Unknown malware botnet C2 server (confidence level: 100%)
file78.46.139.160	Unknown malware botnet C2 server (confidence level: 100%)
file174.138.92.250	Unknown malware botnet C2 server (confidence level: 100%)
file176.124.214.131	Unknown malware botnet C2 server (confidence level: 100%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file154.221.21.196	Cobalt Strike botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file91.202.233.12	DanaBot botnet C2 server (confidence level: 75%)
file96.62.214.33	Mirai botnet C2 server (confidence level: 75%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file45.77.151.146	Sliver botnet C2 server (confidence level: 100%)
file89.23.103.43	AsyncRAT botnet C2 server (confidence level: 100%)
file102.32.117.96	AsyncRAT botnet C2 server (confidence level: 100%)
file118.70.175.199	AsyncRAT botnet C2 server (confidence level: 100%)
file2.59.163.69	Venom RAT botnet C2 server (confidence level: 100%)
file44.207.92.202	PoshC2 botnet C2 server (confidence level: 100%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file154.223.21.105	Cobalt Strike botnet C2 server (confidence level: 50%)
file45.62.123.85	Cobalt Strike botnet C2 server (confidence level: 50%)
file54.68.48.57	Cobalt Strike botnet C2 server (confidence level: 50%)
file3.107.14.27	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file149.210.0.241	Ghost RAT botnet C2 server (confidence level: 50%)
file15.237.109.92	BlackShades botnet C2 server (confidence level: 50%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 50%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file77.91.102.202	XWorm botnet C2 server (confidence level: 100%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file24.199.94.92	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file191.232.190.243	Unknown malware botnet C2 server (confidence level: 50%)
file52.43.67.6	Unknown malware botnet C2 server (confidence level: 50%)
file54.68.48.57	Unknown malware botnet C2 server (confidence level: 50%)
file1.92.139.71	Cobalt Strike botnet C2 server (confidence level: 50%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 50%)
file213.152.187.241	Remcos botnet C2 server (confidence level: 75%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file147.124.216.223	NjRAT botnet C2 server (confidence level: 100%)
file120.26.164.174	Cobalt Strike botnet C2 server (confidence level: 100%)
file172.111.216.72	Remcos botnet C2 server (confidence level: 100%)
file141.95.114.244	AsyncRAT botnet C2 server (confidence level: 100%)
file88.243.168.51	AsyncRAT botnet C2 server (confidence level: 100%)
file102.117.168.1	Unknown malware botnet C2 server (confidence level: 100%)
file93.232.107.71	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file34.170.235.99	PoshC2 botnet C2 server (confidence level: 100%)
file154.37.219.249	Kaiji botnet C2 server (confidence level: 100%)
file208.73.200.28	BianLian botnet C2 server (confidence level: 100%)
file62.210.28.199	BianLian botnet C2 server (confidence level: 100%)
file154.213.192.22	Mirai payload delivery server (confidence level: 50%)
file2.88.153.41	QakBot botnet C2 server (confidence level: 75%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file87.120.125.185	AsyncRAT botnet C2 server (confidence level: 100%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)

Hash

Value	Description	Copy
hash4258	Bashlite botnet C2 server (confidence level: 75%)
hash80	SystemBC botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash1000	Remcos botnet C2 server (confidence level: 100%)
hash8888	Remcos botnet C2 server (confidence level: 100%)
hash2403	Remcos botnet C2 server (confidence level: 100%)
hash5873	Unknown malware botnet C2 server (confidence level: 100%)
hash5555	AsyncRAT botnet C2 server (confidence level: 100%)
hash2222	AsyncRAT botnet C2 server (confidence level: 100%)
hash7707	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash8082	Hook botnet C2 server (confidence level: 100%)
hash9090	DCRat botnet C2 server (confidence level: 100%)
hash2	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash554	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80	Brute Ratel C4 botnet C2 server (confidence level: 100%)
hash80	Brute Ratel C4 botnet C2 server (confidence level: 100%)
hash8088	Kaiji botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	NjRAT botnet C2 server (confidence level: 75%)
hash82	NjRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash8758	Cobalt Strike botnet C2 server (confidence level: 75%)
hash1337	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash18888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash55502	Cobalt Strike botnet C2 server (confidence level: 100%)
hash28080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash14645	Remcos botnet C2 server (confidence level: 100%)
hash443	Sliver botnet C2 server (confidence level: 100%)
hash4443	Matanbuchus botnet C2 server (confidence level: 100%)
hash8082	Hook botnet C2 server (confidence level: 100%)
hash80	Hook botnet C2 server (confidence level: 100%)
hash80	Hook botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash51106	Unknown malware botnet C2 server (confidence level: 100%)
hash8443	BianLian botnet C2 server (confidence level: 100%)
hash23443	BianLian botnet C2 server (confidence level: 100%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash3388	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Havoc botnet C2 server (confidence level: 50%)
hash80	Ghost RAT botnet C2 server (confidence level: 50%)
hash8083	ShadowPad botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash80	Unknown malware botnet C2 server (confidence level: 50%)
hash80	Unknown malware botnet C2 server (confidence level: 50%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash6606	AsyncRAT botnet C2 server (confidence level: 50%)
hash7707	AsyncRAT botnet C2 server (confidence level: 50%)
hash8808	AsyncRAT botnet C2 server (confidence level: 50%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash6963	Bashlite botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash5050	Remcos botnet C2 server (confidence level: 100%)
hash31337	Sliver botnet C2 server (confidence level: 100%)
hash31337	Sliver botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash7134	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash4098	Crimson RAT botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Rhadamanthys botnet C2 server (confidence level: 75%)
hash443	Rhadamanthys botnet C2 server (confidence level: 75%)
hash03b0c70a40ff259cf9b413ec276f059b	AMOS payload (confidence level: 100%)
hash15437d1d161c4165681432bb9dfcacbe	AMOS payload (confidence level: 100%)
hash18080dba3e9e24bc25b6f5add57c54bd	AMOS payload (confidence level: 100%)
hash209ee1488dc08e52dc2d62c8af9868e6	AMOS payload (confidence level: 100%)
hash23555bde38a454e60882b0d00a05427b	AMOS payload (confidence level: 100%)
hash28b5e64c4a2e64cf4043c52e219e03b1	AMOS payload (confidence level: 100%)
hash314287ede34f29710d8ce943513ece5d	AMOS payload (confidence level: 100%)
hash38df0cfb3cc4cc1a06d97e84dc0c7147	AMOS payload (confidence level: 100%)
hash39fc9dd3a31d2a3f0cdbeb88d4cbfa36	AMOS payload (confidence level: 100%)
hash3ba4f1027bb2d09ff59ae99c19231f23	AMOS payload (confidence level: 100%)
hash3d7c6657d142418af70e66a7036f3c23	AMOS payload (confidence level: 100%)
hash441de21366e408885ca51964a811b2ae	AMOS payload (confidence level: 100%)
hash5806438c0c66f97413371ba17a0af393	AMOS payload (confidence level: 100%)
hash5b8c06079f552b1f4e4f1ef4ba2255d8	AMOS payload (confidence level: 100%)
hash6ccdbdb9fa02780c8fb433a0b8101c01	AMOS payload (confidence level: 100%)
hash6d4f3e79546ca0284b8e53674752311d	AMOS payload (confidence level: 100%)
hash761679c1af3ed5fcce83ca1382f6f3ab	AMOS payload (confidence level: 100%)
hash76c3bfcb5c468c4ff1f33f9d08cf0924	AMOS payload (confidence level: 100%)
hash7716cde6eedb3e7758b5d72811e79476	AMOS payload (confidence level: 100%)
hash7913576ca7a294209ec672d379602404	AMOS payload (confidence level: 100%)
hash7abed7f8d7caddb70a8d2dac9d12fb44	AMOS payload (confidence level: 100%)
hash7da5f162dd91a4821996f047841d1042	AMOS payload (confidence level: 100%)
hash86bc7b19a0a06abe56da2d82123a0585	AMOS payload (confidence level: 100%)
hash9587401557ed606a74f50150c038a942	AMOS payload (confidence level: 100%)
hash986aa0b997111206227f724318da57e9	AMOS payload (confidence level: 100%)
hash9c5bba77b7e48a1c4ee5488599c243e1	AMOS payload (confidence level: 100%)
hashb0632d5a9d371aaba82f8eeea48156ee	AMOS payload (confidence level: 100%)
hashb3b3aef6d7fa1a06b8564e4ba57887fe	AMOS payload (confidence level: 100%)
hashb6e087f86a98d3089a0408b6c18a898c	AMOS payload (confidence level: 100%)
hashbe9998902ea7d6b475590234af0cf63d	AMOS payload (confidence level: 100%)
hashc153ea07e607d0d5fe6e5ad7896d5045	AMOS payload (confidence level: 100%)
hashc45dc71e59738f58fd2deb93c1a68899	AMOS payload (confidence level: 100%)
hashc6d6b0d8283078e3b3729d66ce8a3cb6	AMOS payload (confidence level: 100%)
hashcacc96d43fccbbbc39bcb4a1ccd306dd	AMOS payload (confidence level: 100%)
hashcb2b195d9d42ad5a4214436a5043c544	AMOS payload (confidence level: 100%)
hashce7f907128a600429eb711d184d0d354	AMOS payload (confidence level: 100%)
hashdbf8a3a4e6c7c59d8f4c01b6eb1f79b5	AMOS payload (confidence level: 100%)
hashe357e6cd642c8660e4d37c28325f5b47	AMOS payload (confidence level: 100%)
hashf1194fca000bbc9e11d611722a99311b	AMOS payload (confidence level: 100%)
hashf878118557e54549e3dedd4d119463ef	AMOS payload (confidence level: 100%)
hash4506	DeimosC2 botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash6606	Bashlite botnet C2 server (confidence level: 100%)
hash1111	Bashlite botnet C2 server (confidence level: 100%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash5664	Rhadamanthys botnet C2 server (confidence level: 100%)
hash56002	AsyncRAT botnet C2 server (confidence level: 100%)
hash49754	AsyncRAT botnet C2 server (confidence level: 100%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash3778	Mirai botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8880	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433	Cobalt Strike botnet C2 server (confidence level: 100%)
hash1377	Remcos botnet C2 server (confidence level: 100%)
hash6666	AsyncRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash8089	Hook botnet C2 server (confidence level: 100%)
hash4567	Quasar RAT botnet C2 server (confidence level: 100%)
hash443	PoshC2 botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash8096	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	DanaBot botnet C2 server (confidence level: 75%)
hash3778	Mirai botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hashb2b514a44a24862275d03c4e56055e77	Unknown malware payload (confidence level: 100%)
hash31337	Sliver botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash2000	Venom RAT botnet C2 server (confidence level: 100%)
hash443	PoshC2 botnet C2 server (confidence level: 100%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash2083	Cobalt Strike botnet C2 server (confidence level: 50%)
hash80	Cobalt Strike botnet C2 server (confidence level: 50%)
hash17	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash443	Ghost RAT botnet C2 server (confidence level: 50%)
hash3306	BlackShades botnet C2 server (confidence level: 50%)
hash80	Havoc botnet C2 server (confidence level: 50%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash4566	XWorm botnet C2 server (confidence level: 100%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash4444	Unknown malware botnet C2 server (confidence level: 50%)
hash80	Unknown malware botnet C2 server (confidence level: 50%)
hash80	Unknown malware botnet C2 server (confidence level: 50%)
hash4444	Cobalt Strike botnet C2 server (confidence level: 50%)
hash80	Havoc botnet C2 server (confidence level: 50%)
hash12776	Remcos botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash7788	NjRAT botnet C2 server (confidence level: 100%)
hash8099	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash1010	AsyncRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash82	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443	PoshC2 botnet C2 server (confidence level: 100%)
hash60000	Kaiji botnet C2 server (confidence level: 100%)
hash9999	BianLian botnet C2 server (confidence level: 100%)
hash80	BianLian botnet C2 server (confidence level: 100%)
hash80	Mirai payload delivery server (confidence level: 50%)
hash995	QakBot botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash6606	AsyncRAT botnet C2 server (confidence level: 100%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)

Threat ID: 682c7dc1e8347ec82d2dabeb

Added to database: 5/20/2025, 1:04:01 PM

Last enriched: 6/19/2025, 4:32:53 PM

Last updated: 8/12/2025, 2:14:19 PM

Related Threats

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2025-01-21

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2025-01-21

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Domain

Url

File

Hash

Related Threats

ThreatFox IOCs for 2025-08-18

Fake ChatGPT Desktop App Delivering PipeMagic Backdoor, Microsoft

Phishing Scam with Fake Copyright Notices Drops New Noodlophile Stealer Variant

ThreatFox IOCs for 2025-08-17

ThreatFox IOCs for 2025-08-16

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility