ThreatFox IOCs for 2025-01-22

Severity: mediumType: malware

AI Analysis

Technical Summary

The provided information pertains to a set of Indicators of Compromise (IOCs) published on January 22, 2025, by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), payload delivery, and network activity. However, the data lacks specific technical details such as affected software versions, exploit mechanisms, or concrete indicators. The threat is tagged as 'medium' severity and is primarily informational, serving as a repository of IOCs rather than describing a novel or active exploit. The absence of known exploits in the wild and no available patches further suggests this is an intelligence update rather than an emergent vulnerability or active attack vector. The technical metadata indicates a low to moderate threat level (threatLevel: 2), moderate distribution (3), and minimal analysis (1), reinforcing the notion that this is a collection of intelligence data rather than a direct threat. Overall, this entry functions as an OSINT resource to aid in detection and response rather than describing a new or ongoing security threat.

Potential Impact

Given the nature of the information as a set of IOCs without specific exploit details or active attack campaigns, the direct impact on European organizations is limited. The primary value lies in enhancing situational awareness and improving detection capabilities within security operations centers (SOCs). Organizations that integrate these IOCs into their threat intelligence platforms can better identify potential malicious activity related to malware payload delivery or suspicious network behavior. However, without concrete exploit details or active campaigns, the risk of immediate compromise or operational disruption remains low. European entities relying on OSINT feeds for threat detection will benefit from this data to fine-tune their defenses, but it does not represent an immediate or critical threat vector.

Mitigation Recommendations

To effectively utilize this intelligence, European organizations should: 1) Integrate the provided IOCs into existing Security Information and Event Management (SIEM) systems and endpoint detection and response (EDR) tools to enhance detection of related malicious activities. 2) Regularly update threat intelligence feeds to maintain current awareness of emerging threats and IOCs. 3) Conduct periodic threat hunting exercises using these IOCs to proactively identify potential compromises. 4) Ensure network monitoring solutions are configured to detect anomalous payload delivery and suspicious network activity patterns associated with the IOCs. 5) Maintain robust incident response procedures to quickly investigate and remediate any alerts triggered by these indicators. Since no patches or direct exploits are indicated, focus should remain on detection and response rather than remediation.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland

Indicators of Compromise

url: https://metro-offset-imposed-behind.trycloudflare.com/ytjstast
url: https://llewen.com/4f1qw.js
url: https://spa-step-hopkins-islands.trycloudflare.com/erfgtrtt
url: http://nlafhhiffkceadc.top/1.php
url: http://43.156.95.75:8888/supershell/login/
domain: newgoodfoodmarket.com
domain: newgreenvibes.com
url: https://babbebange.cyou/api
url: https://sensatiogener.sbs/api
url: https://reflectepatt.click/api
url: https://writeimgaiin.cyou/api
url: https://kitestarepatt.click/api
file: 116.62.8.222
hash: 3389
file: 185.208.159.166
hash: 8807
file: 138.124.54.133
hash: 8089
file: 194.59.31.59
hash: 80
file: 159.65.230.103
hash: 443
file: 171.41.199.170
hash: 25565
file: 46.246.80.14
hash: 9000
file: 46.246.6.5
hash: 8000
file: 3.113.130.207
hash: 80
file: 172.233.163.104
hash: 4000
file: 213.153.47.41
hash: 80
file: 94.237.76.69
hash: 8000
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 111.229.110.232
hash: 12345
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 8.149.128.131
hash: 14521
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 192.144.32.84
hash: 16383
file: 104.155.138.21
hash: 6988
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 202.162.99.38
hash: 80
file: 104.168.133.238
hash: 8080
file: 66.206.27.24
hash: 80
file: 45.192.96.63
hash: 6001
file: 154.204.177.197
hash: 8080
file: 87.120.112.98
hash: 8090
file: 157.173.120.37
hash: 8093
file: 198.167.193.90
hash: 8808
file: 45.125.66.30
hash: 80
file: 141.95.114.244
hash: 6606
file: 102.117.161.221
hash: 7443
file: 41.216.183.202
hash: 808
file: 94.250.203.131
hash: 80
file: 94.198.40.6
hash: 20022
file: 128.254.230.110
hash: 443
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
domain: susec.xyz
file: 202.95.15.194
hash: 60000
file: 104.194.9.75
hash: 60000
file: 202.95.15.197
hash: 60000
file: 202.95.15.193
hash: 60000
file: 13.239.83.148
hash: 443
file: 18.117.181.112
hash: 8082
file: 141.100.235.131
hash: 80
file: 3.255.138.152
hash: 3333
file: 46.105.51.89
hash: 3333
file: 64.227.134.241
hash: 3333
file: 18.254.2.172
hash: 3333
file: 138.197.50.3
hash: 80
file: 129.148.35.169
hash: 3333
file: 43.202.201.202
hash: 80
file: 161.35.72.122
hash: 3333
file: 85.235.74.64
hash: 8808
url: https://crystaltreasures.shop/get-going-forward.html
url: https://milta.shop/next-page-proceeding-waitv1.html
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
url: http://92542cm.darkproducts.ru/l1nc0in.php
file: 90.113.178.145
hash: 9033
file: 74.178.90.36
hash: 443
file: 195.123.241.24
hash: 443
file: 207.90.238.46
hash: 443
hash: f009ec775b2daa5a0f38dc2593a3c231611bea7cb579363915d9be1135b00455
hash: 3d0e55bd3c84e6cb35559ef1d0f2ef72a21e0f3793a9158d514f12f46b0aff85
hash: 801525d7239e46f9c22d7e7bcd163abcfb29fc0770ff417f5fc62bfb005ec7ac
hash: ea2b3bf32cc27e959e19c365fa2f6e5310ef2e76d3d0ed2df3fb5945f9afc9e7
hash: 4b6a008c8b85803dc19a8286f33cad963425d37c4ca0b1a9454a854db3273dad
hash: a23560a3b9a9578dcd70bcd01434b2053940d6be36e543df8e4d36931ca9ea63
domain: nhjndjemlimakmk.top
domain: ikebnbckbjlmfjf.top
domain: gbkiafbmhbmbkkl.top
url: http://175.107.38.208:40212/mozi.m
file: 73.63.222.152
hash: 4782
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 94.110.195.220
hash: 3333
file: 52.43.67.6
hash: 80
file: 54.68.48.57
hash: 80
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 62.68.75.16
hash: 80
domain: egybest.cfd
domain: bfgnet.cfd
domain: hdking.cfd
domain: yogeshlond.cfd
domain: explosem.cfd
file: 104.248.130.195
hash: 88
url: https://fingerboarding.com/cha/
url: https://gemini-desktop.com/
url: http://45.131.215.139/4c0eeee3a4b86b26.php
file: 172.86.108.55
hash: 7771
domain: sulfux.ddns.net
file: 134.209.99.214
hash: 1337
domain: javaupdate.100chickens.biz
domain: wexos47815-61484.portmap.host
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 121.37.170.202
hash: 60020
file: 178.73.218.5
hash: 2404
domain: www.proudquitter.com
file: 8.134.220.192
hash: 8000
file: 192.227.249.119
hash: 6666
file: 47.112.118.101
hash: 8888
file: 109.248.151.159
hash: 1005
file: 45.126.208.175
hash: 8808
file: 85.239.237.148
hash: 7777
file: 103.195.101.225
hash: 6606
file: 91.208.206.85
hash: 80
file: 46.183.220.18
hash: 42228
file: 195.177.95.27
hash: 8080
file: 91.208.206.85
hash: 8080
url: https://hongbaow.info/1wrcvzw4ksdnbntt/cqwf4vqlofzqfkc7.php
domain: app.andredenault.com
domain: xscapezo.capetown
file: 31.13.224.69
hash: 49731
file: 47.99.151.120
hash: 1234
file: 1.92.139.71
hash: 80
file: 113.44.152.64
hash: 10001
file: 47.238.68.246
hash: 1234
file: 155.138.253.99
hash: 443
file: 2.88.143.105
hash: 995
file: 38.253.28.229
hash: 8080
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 15.207.222.135
hash: 443
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
url: http://vikincdesigns.com/front.php
domain: eleveniii11vt.top
domain: elevenii11vt.top
domain: a1076687.xsph.ru
domain: a1076662.xsph.ru
domain: dimkssud.beget.tech
domain: beevasyeip.bond
domain: granystearr.bond
domain: tranuqlekper.bond
domain: quarrelepek.bond
domain: danceselfyprem.shop
domain: disgusterproduc.shop
domain: babbebange.cyou
domain: earthfarile.cyou
domain: suggestyuoz.biz
domain: toppyneedus.biz
domain: hoursuhouy.biz
domain: lightdeerysua.biz
domain: measlyrefusz.biz
domain: pleasedcfrown.biz
domain: mixedrecipew.biz
domain: affordtempyo.biz
domain: impolitewearr.biz
url: https://disgusterproduc.shop/api
url: https://danceselfyprem.shop/api
url: https://quarrelepek.bond/api
url: https://granystearr.bond/api
url: https://tranuqlekper.bond/api
url: https://impolitewearr.biz/api
url: https://affordtempyo.biz/api
url: https://pleasedcfrown.biz/api
url: https://mixedrecipew.biz/api
url: https://measlyrefusz.biz/api
url: https://hoursuhouy.biz/api
url: https://lightdeerysua.biz/api
url: https://toppyneedus.biz/api
url: https://earthfarile.cyou/api
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
url: http://447320cm.nyashnyash.ru/js_packetlinuxwordpressdatalife.php
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 52.43.67.6
hash: 80
file: 54.68.48.57
hash: 80
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 88.218.170.171
hash: 31337
file: 95.211.182.120
hash: 1967
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 13.208.125.136
hash: 44158
file: 62.68.75.16
hash: 80
url: https://halfstaff.org/up/
url: https://www.wallet-web3.com/
url: http://45.91.201.142/ef0d63d53ef3bb6c/sqlite3.dll
url: https://185.237.165.47/9b5e67be63d48ab6/vcruntime140.dll
url: https://185.237.165.47/9b5e67be63d48ab6/mozglue.dll
url: http://147.124.214.129:1244
url: http://147.124.214.129:1244/keys
url: http://147.124.214.129:1244/pdown
url: http://173.211.106.101:1245
url: http://173.211.106.101:1245/brow
url: http://173.211.106.101:1245/bow
url: http://173.211.106.101:1245/adc
file: 173.211.106.101
hash: 1245
hash: 47830f7007b4317dc8ce1b16f3ae79f9f7e964db456c34e00473fba94bb713eb
hash: 6a104f07ab6c5711b6bc8bf6ff956ab8cd597a388002a966e980c5ec9678b5b0
domain: sendandendco.dynu.net
domain: kosha.cbu.net
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 147.185.221.25
hash: 15719
domain: kdjdajdijijff.com
domain: skatteverkett.com
file: 87.120.112.109
hash: 7443
url: https://album-anthony-rn-submission.trycloudflare.com/25423565
url: http://525833cm.nyashnyash.ru/providerserverprotecttrafficdlepublic.php
url: http://cg37346.tw1.ru/ceb69d50.php
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: api.wlndows.net
domain: cf.r8.lc
domain: clould.ip-ddns.com
domain: fuck.looklook13.sbs
file: 121.4.99.161
hash: 443
file: 155.102.0.179
hash: 443
file: 163.181.228.194
hash: 443
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 38.207.178.43
hash: 8813
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 45.137.22.227
hash: 55615
url: http://31.58.58.231/_multidump/updatejs/low/_7private/update/private0javascript/videowordpress/datalifeexternal3/generator/to/jsrequesttemp.php
url: https://amazingmassivei.shop/api
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
domain: teamt.com
domain: embabirealestate.com
domain: prihodafabricduct.com
domain: mspexteriors.com
domain: ceresenvironmental.com
domain: www.groundonemn.com
file: 52.43.67.6
hash: 80
file: 54.68.48.57
hash: 80
url: https://liveskortv.icu/work/original.js
domain: liveskortv.icu
url: https://liveskortv.icu/work/index.php
url: https://liveskortv.icu/work/files.php
url: https://quickauto24.com/trust.zip
file: 2.143.95.145
hash: 6001
file: 62.68.75.16
hash: 80
url: http://604647cm.renyash.ru/externaleternalvmtogeomultibasewordpresstemporary.php
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
url: http://178.215.224.78:8888/supershell/login/
url: http://723223cm.renyash.ru/linedownloads.php
url: https://tlfiyat.shop/
domain: tlfiyat.shop
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 94.156.167.138
hash: 8085
file: 13.201.30.7
hash: 443
file: 5.101.150.252
hash: 443
file: 15.237.45.6
hash: 17778
file: 156.238.253.27
hash: 808
file: 5.22.211.97
hash: 8080
file: 92.255.85.66
hash: 7000
domain: simply-exotic.gl.at.ply.gg
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 87.120.125.185
hash: 6606
file: 192.144.32.84
hash: 16383
file: 104.155.138.21
hash: 6988
url: http://92542cm.darkproducts.ru/l1nc0in.php
file: 73.63.222.152
hash: 4782
url: http://447320cm.nyashnyash.ru/js_packetlinuxwordpressdatalife.php
file: 95.211.182.120
hash: 1967
file: 147.185.221.25
hash: 15719
url: http://525833cm.nyashnyash.ru/providerserverprotecttrafficdlepublic.php
url: http://cg37346.tw1.ru/ceb69d50.php
file: 45.137.22.227
hash: 55615
file: 85.235.74.64
hash: 8808
url: http://31.58.58.231/_multidump/updatejs/low/_7private/update/private0javascript/videowordpress/datalifeexternal3/generator/to/jsrequesttemp.php
file: 90.113.178.145
hash: 9033
url: http://604647cm.renyash.ru/externaleternalvmtogeomultibasewordpresstemporary.php
url: http://723223cm.renyash.ru/linedownloads.php
file: 144.202.34.169
hash: 443
file: 185.196.8.37
hash: 80
file: 94.156.177.41
hash: 80
file: 52.87.248.40
hash: 80
file: 62.60.226.62
hash: 80
domain: aviorlee.co.il
file: 87.120.112.242
hash: 8000
domain: wowawowa05.temp.swtest.ru
domain: longhorngn.temp.swtest.ru
domain: androsovpa.temp.swtest.ru
domain: tseytlinvo.temp.swtest.ru
file: 138.124.101.41
hash: 80
file: 66.63.187.173
hash: 80
file: 45.130.145.152
hash: 80
file: 64.176.183.187
hash: 38990
file: 92.51.2.17
hash: 443
file: 38.207.177.166
hash: 31337
file: 34.168.112.184
hash: 3333
url: https://www.groundonemn.com/up/
url: https://ceresenvironmental.com/up/
url: https://embabirealestate.com/up/
url: https://teamt.com/up/
url: https://seedifly.fund/
url: https://digifilestorage.com/data/
url: http://45.91.201.142/ef0d63d53ef3bb6c/mozglue.dll
domain: station-gps.gl.at.ply.gg
url: https://pastebin.com/raw/eza6j63t
domain: ad-stayed.gl.at.ply.gg
domain: publication-glossary.gl.at.ply.gg
file: 2.58.56.182
hash: 2404
file: 3.86.153.4
hash: 443
file: 3.94.26.46
hash: 443
file: 45.82.85.50
hash: 443
file: 45.82.85.50
hash: 8000
file: 45.83.31.62
hash: 8808
file: 5.35.36.120
hash: 443
file: 5.78.46.203
hash: 2404
file: 5.8.63.178
hash: 443
file: 50.35.138.102
hash: 443
file: 50.35.140.145
hash: 443
file: 66.55.74.235
hash: 8000
file: 70.31.125.180
hash: 2222
file: 75.2.86.109
hash: 443
file: 81.17.31.98
hash: 1124
file: 85.31.47.121
hash: 80
file: 85.31.47.149
hash: 6606
file: 85.31.47.208
hash: 222
file: 85.31.47.208
hash: 2222
file: 85.31.47.208
hash: 4444
file: 85.31.47.208
hash: 7777
file: 93.82.24.249
hash: 8000
domain: ng.623866.xyz
file: 23.27.48.4
hash: 8080
file: 39.98.40.53
hash: 8888
file: 45.91.81.246
hash: 80
file: 47.97.153.87
hash: 8443
url: http://www.emza.xyz/g10k/
url: http://www.wiftly.company/g10k/
url: http://www.mindap.xyz/g10k/
url: http://www.ensentoto.cloud/g10k/
url: http://www.idrift.net/g10k/
domain: emza.xyz
domain: wiftly.company
domain: mindap.xyz
domain: ensentoto.cloud
domain: www.idrift.net
url: https://vglweb.com/6r9i.js
domain: vglweb.com
url: https://vglweb.com/js.php
domain: ns1.zonstcom.com
domain: ns2.zonstcom.com
file: 154.37.223.57
hash: 53
file: 92.51.2.17
hash: 84
file: 4.228.230.190
hash: 4443
file: 13.247.185.57
hash: 11
file: 31.202.43.10
hash: 1604
url: http://85.31.47.121/
domain: meming-28826.portmap.host
file: 31.57.102.138
hash: 80
file: 156.238.249.185
hash: 8888
file: 8.219.211.139
hash: 80
file: 77.91.70.254
hash: 24046
file: 186.169.34.70
hash: 8888
file: 213.159.66.34
hash: 2404
file: 194.59.31.139
hash: 46530
file: 194.26.192.99
hash: 8808
file: 181.162.155.66
hash: 8080
file: 170.238.45.112
hash: 6000
file: 46.246.14.9
hash: 5000
file: 69.46.15.169
hash: 80
file: 69.46.15.169
hash: 3389
file: 162.252.173.100
hash: 80
file: 176.44.93.183
hash: 995
file: 201.103.172.59
hash: 995
file: 27.64.99.119
hash: 8808
file: 46.246.245.32
hash: 995
file: 54.95.38.246
hash: 80
file: 85.31.47.104
hash: 6606
file: 95.10.41.28
hash: 443
file: 188.166.149.250
hash: 443
file: 160.179.160.252
hash: 10134
url: https://jlolaw.com/up/
domain: shaileshvisionaryastrologer.com
hash: 2a9e9815739f5144d7442229cfb9bfcf
hash: c90930423cae1497d13dd3e764ee35ed
hash: 8a41a304faa8bbbd061fe95daf4dd071
hash: 2a18a668c24e74be52fd61052b4c6a86
hash: 5fcbc8afc0ec7f07d80a7e87fd18cd6a
hash: ff53f28c95b765146b84f02c9237ac7e
hash: 145b745f4905b7739f9a33891be2fdd0
hash: 5e28e67a184932109bdaaeb6354061fa
hash: d2e407f7198d3cd66f9e588f78703206
hash: 66171f0bea07f847386536a9f3fe4a55
hash: 4c036a75b65adde90eb37c8c6088aa15
hash: b4dcd8425db9edd22c5442c63eec0d6f
domain: yogeshlond.cfd
domain: hdking.cfd
domain: bfgnet.cfd
domain: explosem.cfd
domain: thirtii13vt.top
domain: dimkssfx.beget.tech
domain: a1076853.xsph.ru
domain: cj79318.tw1.ru
domain: dimksseo.beget.tech
domain: it-ords.ru
domain: reflecpolit.shop
domain: markedgroud.shop
domain: versedkinfe.sbs
file: 20.124.90.24
hash: 80
url: https://reflecpolit.shop/api
url: https://markedgroud.shop/api
url: https://versedkinfe.sbs/api
domain: twelvii12vt.top
domain: tenvv10fr.top
domain: elevenpp11vs.top
domain: tenii10vt.top
domain: niness9sb.top
domain: ninevv9fr.top
domain: oness1sb.top
domain: tenpp10vs.top
domain: tenuu10th.top
domain: thirteuu12th.top
domain: thirtyss13sb.top
domain: twelvpp12vs.top
domain: twenss20sb.top
domain: elevenqq11vt.top

ThreatFox IOCs for 2025-01-22

Severity: medium

Type: malware

ThreatFox IOCs for 2025-01-22

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland

Indicators of Compromise

url: https://metro-offset-imposed-behind.trycloudflare.com/ytjstast
url: https://llewen.com/4f1qw.js
url: https://spa-step-hopkins-islands.trycloudflare.com/erfgtrtt
url: http://nlafhhiffkceadc.top/1.php
url: http://43.156.95.75:8888/supershell/login/
domain: newgoodfoodmarket.com
domain: newgreenvibes.com
url: https://babbebange.cyou/api
url: https://sensatiogener.sbs/api
url: https://reflectepatt.click/api
url: https://writeimgaiin.cyou/api
url: https://kitestarepatt.click/api
file: 116.62.8.222
hash: 3389
file: 185.208.159.166
hash: 8807
file: 138.124.54.133
hash: 8089
file: 194.59.31.59
hash: 80
file: 159.65.230.103
hash: 443
file: 171.41.199.170
hash: 25565
file: 46.246.80.14
hash: 9000
file: 46.246.6.5
hash: 8000
file: 3.113.130.207
hash: 80
file: 172.233.163.104
hash: 4000
file: 213.153.47.41
hash: 80
file: 94.237.76.69
hash: 8000
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 111.229.110.232
hash: 12345
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 8.149.128.131
hash: 14521
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 192.144.32.84
hash: 16383
file: 104.155.138.21
hash: 6988
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 202.162.99.38
hash: 80
file: 104.168.133.238
hash: 8080
file: 66.206.27.24
hash: 80
file: 45.192.96.63
hash: 6001
file: 154.204.177.197
hash: 8080
file: 87.120.112.98
hash: 8090
file: 157.173.120.37
hash: 8093
file: 198.167.193.90
hash: 8808
file: 45.125.66.30
hash: 80
file: 141.95.114.244
hash: 6606
file: 102.117.161.221
hash: 7443
file: 41.216.183.202
hash: 808
file: 94.250.203.131
hash: 80
file: 94.198.40.6
hash: 20022
file: 128.254.230.110
hash: 443
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
domain: susec.xyz
file: 202.95.15.194
hash: 60000
file: 104.194.9.75
hash: 60000
file: 202.95.15.197
hash: 60000
file: 202.95.15.193
hash: 60000
file: 13.239.83.148
hash: 443
file: 18.117.181.112
hash: 8082
file: 141.100.235.131
hash: 80
file: 3.255.138.152
hash: 3333
file: 46.105.51.89
hash: 3333
file: 64.227.134.241
hash: 3333
file: 18.254.2.172
hash: 3333
file: 138.197.50.3
hash: 80
file: 129.148.35.169
hash: 3333
file: 43.202.201.202
hash: 80
file: 161.35.72.122
hash: 3333
file: 85.235.74.64
hash: 8808
url: https://crystaltreasures.shop/get-going-forward.html
url: https://milta.shop/next-page-proceeding-waitv1.html
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
url: http://92542cm.darkproducts.ru/l1nc0in.php
file: 90.113.178.145
hash: 9033
file: 74.178.90.36
hash: 443
file: 195.123.241.24
hash: 443
file: 207.90.238.46
hash: 443
hash: f009ec775b2daa5a0f38dc2593a3c231611bea7cb579363915d9be1135b00455
hash: 3d0e55bd3c84e6cb35559ef1d0f2ef72a21e0f3793a9158d514f12f46b0aff85
hash: 801525d7239e46f9c22d7e7bcd163abcfb29fc0770ff417f5fc62bfb005ec7ac
hash: ea2b3bf32cc27e959e19c365fa2f6e5310ef2e76d3d0ed2df3fb5945f9afc9e7
hash: 4b6a008c8b85803dc19a8286f33cad963425d37c4ca0b1a9454a854db3273dad
hash: a23560a3b9a9578dcd70bcd01434b2053940d6be36e543df8e4d36931ca9ea63
domain: nhjndjemlimakmk.top
domain: ikebnbckbjlmfjf.top
domain: gbkiafbmhbmbkkl.top
url: http://175.107.38.208:40212/mozi.m
file: 73.63.222.152
hash: 4782
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 94.110.195.220
hash: 3333
file: 52.43.67.6
hash: 80
file: 54.68.48.57
hash: 80
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 62.68.75.16
hash: 80
domain: egybest.cfd
domain: bfgnet.cfd
domain: hdking.cfd
domain: yogeshlond.cfd
domain: explosem.cfd
file: 104.248.130.195
hash: 88
url: https://fingerboarding.com/cha/
url: https://gemini-desktop.com/
url: http://45.131.215.139/4c0eeee3a4b86b26.php
file: 172.86.108.55
hash: 7771
domain: sulfux.ddns.net
file: 134.209.99.214
hash: 1337
domain: javaupdate.100chickens.biz
domain: wexos47815-61484.portmap.host
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 121.37.170.202
hash: 60020
file: 178.73.218.5
hash: 2404
domain: www.proudquitter.com
file: 8.134.220.192
hash: 8000
file: 192.227.249.119
hash: 6666
file: 47.112.118.101
hash: 8888
file: 109.248.151.159
hash: 1005
file: 45.126.208.175
hash: 8808
file: 85.239.237.148
hash: 7777
file: 103.195.101.225
hash: 6606
file: 91.208.206.85
hash: 80
file: 46.183.220.18
hash: 42228
file: 195.177.95.27
hash: 8080
file: 91.208.206.85
hash: 8080
url: https://hongbaow.info/1wrcvzw4ksdnbntt/cqwf4vqlofzqfkc7.php
domain: app.andredenault.com
domain: xscapezo.capetown
file: 31.13.224.69
hash: 49731
file: 47.99.151.120
hash: 1234
file: 1.92.139.71
hash: 80
file: 113.44.152.64
hash: 10001
file: 47.238.68.246
hash: 1234
file: 155.138.253.99
hash: 443
file: 2.88.143.105
hash: 995
file: 38.253.28.229
hash: 8080
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 15.207.222.135
hash: 443
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
url: http://vikincdesigns.com/front.php
domain: eleveniii11vt.top
domain: elevenii11vt.top
domain: a1076687.xsph.ru
domain: a1076662.xsph.ru
domain: dimkssud.beget.tech
domain: beevasyeip.bond
domain: granystearr.bond
domain: tranuqlekper.bond
domain: quarrelepek.bond
domain: danceselfyprem.shop
domain: disgusterproduc.shop
domain: babbebange.cyou
domain: earthfarile.cyou
domain: suggestyuoz.biz
domain: toppyneedus.biz
domain: hoursuhouy.biz
domain: lightdeerysua.biz
domain: measlyrefusz.biz
domain: pleasedcfrown.biz
domain: mixedrecipew.biz
domain: affordtempyo.biz
domain: impolitewearr.biz
url: https://disgusterproduc.shop/api
url: https://danceselfyprem.shop/api
url: https://quarrelepek.bond/api
url: https://granystearr.bond/api
url: https://tranuqlekper.bond/api
url: https://impolitewearr.biz/api
url: https://affordtempyo.biz/api
url: https://pleasedcfrown.biz/api
url: https://mixedrecipew.biz/api
url: https://measlyrefusz.biz/api
url: https://hoursuhouy.biz/api
url: https://lightdeerysua.biz/api
url: https://toppyneedus.biz/api
url: https://earthfarile.cyou/api
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
url: http://447320cm.nyashnyash.ru/js_packetlinuxwordpressdatalife.php
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 52.43.67.6
hash: 80
file: 54.68.48.57
hash: 80
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 88.218.170.171
hash: 31337
file: 95.211.182.120
hash: 1967
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 13.208.125.136
hash: 44158
file: 62.68.75.16
hash: 80
url: https://halfstaff.org/up/
url: https://www.wallet-web3.com/
url: http://45.91.201.142/ef0d63d53ef3bb6c/sqlite3.dll
url: https://185.237.165.47/9b5e67be63d48ab6/vcruntime140.dll
url: https://185.237.165.47/9b5e67be63d48ab6/mozglue.dll
url: http://147.124.214.129:1244
url: http://147.124.214.129:1244/keys
url: http://147.124.214.129:1244/pdown
url: http://173.211.106.101:1245
url: http://173.211.106.101:1245/brow
url: http://173.211.106.101:1245/bow
url: http://173.211.106.101:1245/adc
file: 173.211.106.101
hash: 1245
hash: 47830f7007b4317dc8ce1b16f3ae79f9f7e964db456c34e00473fba94bb713eb
hash: 6a104f07ab6c5711b6bc8bf6ff956ab8cd597a388002a966e980c5ec9678b5b0
domain: sendandendco.dynu.net
domain: kosha.cbu.net
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 147.185.221.25
hash: 15719
domain: kdjdajdijijff.com
domain: skatteverkett.com
file: 87.120.112.109
hash: 7443
url: https://album-anthony-rn-submission.trycloudflare.com/25423565
url: http://525833cm.nyashnyash.ru/providerserverprotecttrafficdlepublic.php
url: http://cg37346.tw1.ru/ceb69d50.php
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: api.wlndows.net
domain: cf.r8.lc
domain: clould.ip-ddns.com
domain: fuck.looklook13.sbs
file: 121.4.99.161
hash: 443
file: 155.102.0.179
hash: 443
file: 163.181.228.194
hash: 443
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 38.207.178.43
hash: 8813
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 45.137.22.227
hash: 55615
url: http://31.58.58.231/_multidump/updatejs/low/_7private/update/private0javascript/videowordpress/datalifeexternal3/generator/to/jsrequesttemp.php
url: https://amazingmassivei.shop/api
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
domain: teamt.com
domain: embabirealestate.com
domain: prihodafabricduct.com
domain: mspexteriors.com
domain: ceresenvironmental.com
domain: www.groundonemn.com
file: 52.43.67.6
hash: 80
file: 54.68.48.57
hash: 80
url: https://liveskortv.icu/work/original.js
domain: liveskortv.icu
url: https://liveskortv.icu/work/index.php
url: https://liveskortv.icu/work/files.php
url: https://quickauto24.com/trust.zip
file: 2.143.95.145
hash: 6001
file: 62.68.75.16
hash: 80
url: http://604647cm.renyash.ru/externaleternalvmtogeomultibasewordpresstemporary.php
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
url: http://178.215.224.78:8888/supershell/login/
url: http://723223cm.renyash.ru/linedownloads.php
url: https://tlfiyat.shop/
domain: tlfiyat.shop
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 94.156.167.138
hash: 8085
file: 13.201.30.7
hash: 443
file: 5.101.150.252
hash: 443
file: 15.237.45.6
hash: 17778
file: 156.238.253.27
hash: 808
file: 5.22.211.97
hash: 8080
file: 92.255.85.66
hash: 7000
domain: simply-exotic.gl.at.ply.gg
file: 45.77.46.13
hash: 80
file: 54.87.32.39
hash: 80
file: 62.68.75.16
hash: 80
file: 64.52.80.94
hash: 80
file: 66.42.98.90
hash: 53
file: 80.76.49.97
hash: 80
file: 94.23.84.20
hash: 80
domain: cf.r8.lc
file: 20.5.43.62
hash: 80
file: 35.77.10.21
hash: 53
file: 35.79.20.13
hash: 53
file: 35.79.20.7
hash: 53
file: 51.96.90.80
hash: 53
file: 80.64.30.50
hash: 81
file: 81.70.49.19
hash: 80
file: 82.67.60.21
hash: 53
file: 94.20.88.63
hash: 53
file: 87.120.125.185
hash: 6606
file: 192.144.32.84
hash: 16383
file: 104.155.138.21
hash: 6988
url: http://92542cm.darkproducts.ru/l1nc0in.php
file: 73.63.222.152
hash: 4782
url: http://447320cm.nyashnyash.ru/js_packetlinuxwordpressdatalife.php
file: 95.211.182.120
hash: 1967
file: 147.185.221.25
hash: 15719
url: http://525833cm.nyashnyash.ru/providerserverprotecttrafficdlepublic.php
url: http://cg37346.tw1.ru/ceb69d50.php
file: 45.137.22.227
hash: 55615
file: 85.235.74.64
hash: 8808
url: http://31.58.58.231/_multidump/updatejs/low/_7private/update/private0javascript/videowordpress/datalifeexternal3/generator/to/jsrequesttemp.php
file: 90.113.178.145
hash: 9033
url: http://604647cm.renyash.ru/externaleternalvmtogeomultibasewordpresstemporary.php
url: http://723223cm.renyash.ru/linedownloads.php
file: 144.202.34.169
hash: 443
file: 185.196.8.37
hash: 80
file: 94.156.177.41
hash: 80
file: 52.87.248.40
hash: 80
file: 62.60.226.62
hash: 80
domain: aviorlee.co.il
file: 87.120.112.242
hash: 8000
domain: wowawowa05.temp.swtest.ru
domain: longhorngn.temp.swtest.ru
domain: androsovpa.temp.swtest.ru
domain: tseytlinvo.temp.swtest.ru
file: 138.124.101.41
hash: 80
file: 66.63.187.173
hash: 80
file: 45.130.145.152
hash: 80
file: 64.176.183.187
hash: 38990
file: 92.51.2.17
hash: 443
file: 38.207.177.166
hash: 31337
file: 34.168.112.184
hash: 3333
url: https://www.groundonemn.com/up/
url: https://ceresenvironmental.com/up/
url: https://embabirealestate.com/up/
url: https://teamt.com/up/
url: https://seedifly.fund/
url: https://digifilestorage.com/data/
url: http://45.91.201.142/ef0d63d53ef3bb6c/mozglue.dll
domain: station-gps.gl.at.ply.gg
url: https://pastebin.com/raw/eza6j63t
domain: ad-stayed.gl.at.ply.gg
domain: publication-glossary.gl.at.ply.gg
file: 2.58.56.182
hash: 2404
file: 3.86.153.4
hash: 443
file: 3.94.26.46
hash: 443
file: 45.82.85.50
hash: 443
file: 45.82.85.50
hash: 8000
file: 45.83.31.62
hash: 8808
file: 5.35.36.120
hash: 443
file: 5.78.46.203
hash: 2404
file: 5.8.63.178
hash: 443
file: 50.35.138.102
hash: 443
file: 50.35.140.145
hash: 443
file: 66.55.74.235
hash: 8000
file: 70.31.125.180
hash: 2222
file: 75.2.86.109
hash: 443
file: 81.17.31.98
hash: 1124
file: 85.31.47.121
hash: 80
file: 85.31.47.149
hash: 6606
file: 85.31.47.208
hash: 222
file: 85.31.47.208
hash: 2222
file: 85.31.47.208
hash: 4444
file: 85.31.47.208
hash: 7777
file: 93.82.24.249
hash: 8000
domain: ng.623866.xyz
file: 23.27.48.4
hash: 8080
file: 39.98.40.53
hash: 8888
file: 45.91.81.246
hash: 80
file: 47.97.153.87
hash: 8443
url: http://www.emza.xyz/g10k/
url: http://www.wiftly.company/g10k/
url: http://www.mindap.xyz/g10k/
url: http://www.ensentoto.cloud/g10k/
url: http://www.idrift.net/g10k/
domain: emza.xyz
domain: wiftly.company
domain: mindap.xyz
domain: ensentoto.cloud
domain: www.idrift.net
url: https://vglweb.com/6r9i.js
domain: vglweb.com
url: https://vglweb.com/js.php
domain: ns1.zonstcom.com
domain: ns2.zonstcom.com
file: 154.37.223.57
hash: 53
file: 92.51.2.17
hash: 84
file: 4.228.230.190
hash: 4443
file: 13.247.185.57
hash: 11
file: 31.202.43.10
hash: 1604
url: http://85.31.47.121/
domain: meming-28826.portmap.host
file: 31.57.102.138
hash: 80
file: 156.238.249.185
hash: 8888
file: 8.219.211.139
hash: 80
file: 77.91.70.254
hash: 24046
file: 186.169.34.70
hash: 8888
file: 213.159.66.34
hash: 2404
file: 194.59.31.139
hash: 46530
file: 194.26.192.99
hash: 8808
file: 181.162.155.66
hash: 8080
file: 170.238.45.112
hash: 6000
file: 46.246.14.9
hash: 5000
file: 69.46.15.169
hash: 80
file: 69.46.15.169
hash: 3389
file: 162.252.173.100
hash: 80
file: 176.44.93.183
hash: 995
file: 201.103.172.59
hash: 995
file: 27.64.99.119
hash: 8808
file: 46.246.245.32
hash: 995
file: 54.95.38.246
hash: 80
file: 85.31.47.104
hash: 6606
file: 95.10.41.28
hash: 443
file: 188.166.149.250
hash: 443
file: 160.179.160.252
hash: 10134
url: https://jlolaw.com/up/
domain: shaileshvisionaryastrologer.com
hash: 2a9e9815739f5144d7442229cfb9bfcf
hash: c90930423cae1497d13dd3e764ee35ed
hash: 8a41a304faa8bbbd061fe95daf4dd071
hash: 2a18a668c24e74be52fd61052b4c6a86
hash: 5fcbc8afc0ec7f07d80a7e87fd18cd6a
hash: ff53f28c95b765146b84f02c9237ac7e
hash: 145b745f4905b7739f9a33891be2fdd0
hash: 5e28e67a184932109bdaaeb6354061fa
hash: d2e407f7198d3cd66f9e588f78703206
hash: 66171f0bea07f847386536a9f3fe4a55
hash: 4c036a75b65adde90eb37c8c6088aa15
hash: b4dcd8425db9edd22c5442c63eec0d6f
domain: yogeshlond.cfd
domain: hdking.cfd
domain: bfgnet.cfd
domain: explosem.cfd
domain: thirtii13vt.top
domain: dimkssfx.beget.tech
domain: a1076853.xsph.ru
domain: cj79318.tw1.ru
domain: dimksseo.beget.tech
domain: it-ords.ru
domain: reflecpolit.shop
domain: markedgroud.shop
domain: versedkinfe.sbs
file: 20.124.90.24
hash: 80
url: https://reflecpolit.shop/api
url: https://markedgroud.shop/api
url: https://versedkinfe.sbs/api
domain: twelvii12vt.top
domain: tenvv10fr.top
domain: elevenpp11vs.top
domain: tenii10vt.top
domain: niness9sb.top
domain: ninevv9fr.top
domain: oness1sb.top
domain: tenpp10vs.top
domain: tenuu10th.top
domain: thirteuu12th.top
domain: thirtyss13sb.top
domain: twelvpp12vs.top
domain: twenss20sb.top
domain: elevenqq11vt.top

Source: ThreatFox MISP Feed

Published: Wed Jan 22 2025

ThreatFox IOCs for 2025-01-22

Medium

Malwaretype:osint tlp:white

Published: Wed Jan 22 2025 (01/22/2025, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2025-01-22

AI-Powered Analysis

AILast updated: 06/27/2025, 11:21:30 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: f7b64290-acc9-496d-9eca-5eaf02e88d31
Original Timestamp: 1737590587

Indicators of Compromise

Url

Value	Description	Copy
urlhttps://metro-offset-imposed-behind.trycloudflare.com/ytjstast	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://llewen.com/4f1qw.js	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://spa-step-hopkins-islands.trycloudflare.com/erfgtrtt	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://nlafhhiffkceadc.top/1.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://43.156.95.75:8888/supershell/login/	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://babbebange.cyou/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://sensatiogener.sbs/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://reflectepatt.click/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://writeimgaiin.cyou/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://kitestarepatt.click/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://crystaltreasures.shop/get-going-forward.html	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://milta.shop/next-page-proceeding-waitv1.html	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttp://92542cm.darkproducts.ru/l1nc0in.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://175.107.38.208:40212/mozi.m	Mozi payload delivery URL (confidence level: 50%)
urlhttps://fingerboarding.com/cha/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://gemini-desktop.com/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttp://45.131.215.139/4c0eeee3a4b86b26.php	Stealc botnet C2 (confidence level: 100%)
urlhttps://hongbaow.info/1wrcvzw4ksdnbntt/cqwf4vqlofzqfkc7.php	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://vikincdesigns.com/front.php	Satacom botnet C2 (confidence level: 100%)
urlhttps://disgusterproduc.shop/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://danceselfyprem.shop/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://quarrelepek.bond/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://granystearr.bond/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://tranuqlekper.bond/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://impolitewearr.biz/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://affordtempyo.biz/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://pleasedcfrown.biz/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://mixedrecipew.biz/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://measlyrefusz.biz/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://hoursuhouy.biz/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://lightdeerysua.biz/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://toppyneedus.biz/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://earthfarile.cyou/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://447320cm.nyashnyash.ru/js_packetlinuxwordpressdatalife.php	DCRat botnet C2 (confidence level: 100%)
urlhttps://halfstaff.org/up/	Unknown malware botnet C2 (confidence level: 50%)
urlhttps://www.wallet-web3.com/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://45.91.201.142/ef0d63d53ef3bb6c/sqlite3.dll	Stealc botnet C2 (confidence level: 50%)
urlhttps://185.237.165.47/9b5e67be63d48ab6/vcruntime140.dll	Stealc botnet C2 (confidence level: 50%)
urlhttps://185.237.165.47/9b5e67be63d48ab6/mozglue.dll	Stealc botnet C2 (confidence level: 50%)
urlhttp://147.124.214.129:1244	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://147.124.214.129:1244/keys	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://147.124.214.129:1244/pdown	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://173.211.106.101:1245	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://173.211.106.101:1245/brow	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://173.211.106.101:1245/bow	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://173.211.106.101:1245/adc	Unknown malware botnet C2 (confidence level: 50%)
urlhttps://album-anthony-rn-submission.trycloudflare.com/25423565	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://525833cm.nyashnyash.ru/providerserverprotecttrafficdlepublic.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://cg37346.tw1.ru/ceb69d50.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://31.58.58.231/_multidump/updatejs/low/_7private/update/private0javascript/videowordpress/datalifeexternal3/generator/to/jsrequesttemp.php	DCRat botnet C2 (confidence level: 100%)
urlhttps://amazingmassivei.shop/api	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://liveskortv.icu/work/original.js	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://liveskortv.icu/work/index.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://liveskortv.icu/work/files.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://quickauto24.com/trust.zip	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://604647cm.renyash.ru/externaleternalvmtogeomultibasewordpresstemporary.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://178.215.224.78:8888/supershell/login/	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://723223cm.renyash.ru/linedownloads.php	DCRat botnet C2 (confidence level: 100%)
urlhttps://tlfiyat.shop/	Vidar botnet C2 (confidence level: 100%)
urlhttp://92542cm.darkproducts.ru/l1nc0in.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://447320cm.nyashnyash.ru/js_packetlinuxwordpressdatalife.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://525833cm.nyashnyash.ru/providerserverprotecttrafficdlepublic.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://cg37346.tw1.ru/ceb69d50.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://31.58.58.231/_multidump/updatejs/low/_7private/update/private0javascript/videowordpress/datalifeexternal3/generator/to/jsrequesttemp.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://604647cm.renyash.ru/externaleternalvmtogeomultibasewordpresstemporary.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://723223cm.renyash.ru/linedownloads.php	DCRat botnet C2 (confidence level: 100%)
urlhttps://www.groundonemn.com/up/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://ceresenvironmental.com/up/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://embabirealestate.com/up/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://teamt.com/up/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://seedifly.fund/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://digifilestorage.com/data/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttp://45.91.201.142/ef0d63d53ef3bb6c/mozglue.dll	Stealc payload delivery URL (confidence level: 50%)
urlhttps://pastebin.com/raw/eza6j63t	XWorm botnet C2 (confidence level: 50%)
urlhttp://www.emza.xyz/g10k/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.wiftly.company/g10k/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.mindap.xyz/g10k/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ensentoto.cloud/g10k/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.idrift.net/g10k/	Formbook botnet C2 (confidence level: 50%)
urlhttps://vglweb.com/6r9i.js	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://vglweb.com/js.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://85.31.47.121/	Hook botnet C2 (confidence level: 50%)
urlhttps://jlolaw.com/up/	Lumma Stealer payload delivery URL (confidence level: 50%)
urlhttps://reflecpolit.shop/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://markedgroud.shop/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://versedkinfe.sbs/api	Lumma Stealer botnet C2 (confidence level: 100%)

Domain

Value	Description	Copy
domainnewgoodfoodmarket.com	FAKEUPDATES payload delivery domain (confidence level: 100%)
domainnewgreenvibes.com	FAKEUPDATES payload delivery domain (confidence level: 100%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainsusec.xyz	Cobalt Strike botnet C2 domain (confidence level: 100%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainnhjndjemlimakmk.top	FAKEUPDATES payload delivery domain (confidence level: 75%)
domainikebnbckbjlmfjf.top	FAKEUPDATES payload delivery domain (confidence level: 75%)
domaingbkiafbmhbmbkkl.top	FAKEUPDATES payload delivery domain (confidence level: 75%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainegybest.cfd	AMOS botnet C2 domain (confidence level: 100%)
domainbfgnet.cfd	AMOS botnet C2 domain (confidence level: 100%)
domainhdking.cfd	AMOS botnet C2 domain (confidence level: 100%)
domainyogeshlond.cfd	AMOS botnet C2 domain (confidence level: 100%)
domainexplosem.cfd	AMOS botnet C2 domain (confidence level: 100%)
domainsulfux.ddns.net	Nanocore RAT botnet C2 domain (confidence level: 50%)
domainjavaupdate.100chickens.biz	NetWire RC botnet C2 domain (confidence level: 50%)
domainwexos47815-61484.portmap.host	Quasar RAT botnet C2 domain (confidence level: 50%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainwww.proudquitter.com	Remcos botnet C2 domain (confidence level: 100%)
domainapp.andredenault.com	FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainxscapezo.capetown	AsyncRAT botnet C2 domain (confidence level: 75%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaineleveniii11vt.top	CryptBot botnet C2 domain (confidence level: 100%)
domainelevenii11vt.top	CryptBot botnet C2 domain (confidence level: 100%)
domaina1076687.xsph.ru	DCRat botnet C2 domain (confidence level: 100%)
domaina1076662.xsph.ru	DCRat botnet C2 domain (confidence level: 100%)
domaindimkssud.beget.tech	DCRat botnet C2 domain (confidence level: 100%)
domainbeevasyeip.bond	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaingranystearr.bond	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaintranuqlekper.bond	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainquarrelepek.bond	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaindanceselfyprem.shop	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaindisgusterproduc.shop	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainbabbebange.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainearthfarile.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainsuggestyuoz.biz	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaintoppyneedus.biz	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainhoursuhouy.biz	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainlightdeerysua.biz	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainmeaslyrefusz.biz	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainpleasedcfrown.biz	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainmixedrecipew.biz	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainaffordtempyo.biz	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainimpolitewearr.biz	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainsendandendco.dynu.net	AsyncRAT botnet C2 domain (confidence level: 50%)
domainkosha.cbu.net	Mirai botnet C2 domain (confidence level: 50%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainkdjdajdijijff.com	Remcos botnet C2 domain (confidence level: 100%)
domainskatteverkett.com	Remcos botnet C2 domain (confidence level: 100%)
domainapi.wlndows.net	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainclould.ip-ddns.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainfuck.looklook13.sbs	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainteamt.com	Unknown malware payload delivery domain (confidence level: 100%)
domainembabirealestate.com	Unknown malware payload delivery domain (confidence level: 100%)
domainprihodafabricduct.com	Unknown malware payload delivery domain (confidence level: 100%)
domainmspexteriors.com	Unknown malware payload delivery domain (confidence level: 100%)
domainceresenvironmental.com	Unknown malware payload delivery domain (confidence level: 100%)
domainwww.groundonemn.com	Unknown malware payload delivery domain (confidence level: 100%)
domainliveskortv.icu	FAKEUPDATES payload delivery domain (confidence level: 100%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaintlfiyat.shop	Vidar botnet C2 domain (confidence level: 100%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainsimply-exotic.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domaincf.r8.lc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainaviorlee.co.il	Gomorrah stealer botnet C2 domain (confidence level: 50%)
domainwowawowa05.temp.swtest.ru	NixScare Stealer botnet C2 domain (confidence level: 50%)
domainlonghorngn.temp.swtest.ru	NixScare Stealer botnet C2 domain (confidence level: 50%)
domainandrosovpa.temp.swtest.ru	NixScare Stealer botnet C2 domain (confidence level: 50%)
domaintseytlinvo.temp.swtest.ru	NixScare Stealer botnet C2 domain (confidence level: 50%)
domainstation-gps.gl.at.ply.gg	NjRAT botnet C2 domain (confidence level: 50%)
domainad-stayed.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domainpublication-glossary.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domainng.623866.xyz	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainemza.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwiftly.company	Formbook botnet C2 domain (confidence level: 50%)
domainmindap.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainensentoto.cloud	Formbook botnet C2 domain (confidence level: 50%)
domainwww.idrift.net	Formbook botnet C2 domain (confidence level: 50%)
domainvglweb.com	FAKEUPDATES payload delivery domain (confidence level: 100%)
domainns1.zonstcom.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainns2.zonstcom.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainmeming-28826.portmap.host	Quasar RAT botnet C2 domain (confidence level: 50%)
domainshaileshvisionaryastrologer.com	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainyogeshlond.cfd	AMOS payload delivery domain (confidence level: 50%)
domainhdking.cfd	AMOS payload delivery domain (confidence level: 50%)
domainbfgnet.cfd	AMOS payload delivery domain (confidence level: 50%)
domainexplosem.cfd	AMOS payload delivery domain (confidence level: 50%)
domainthirtii13vt.top	CryptBot botnet C2 domain (confidence level: 100%)
domaindimkssfx.beget.tech	DCRat botnet C2 domain (confidence level: 100%)
domaina1076853.xsph.ru	DCRat botnet C2 domain (confidence level: 100%)
domaincj79318.tw1.ru	DCRat botnet C2 domain (confidence level: 100%)
domaindimksseo.beget.tech	DCRat botnet C2 domain (confidence level: 100%)
domainit-ords.ru	DCRat botnet C2 domain (confidence level: 100%)
domainreflecpolit.shop	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainmarkedgroud.shop	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainversedkinfe.sbs	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaintwelvii12vt.top	CryptBot botnet C2 domain (confidence level: 100%)
domaintenvv10fr.top	CryptBot botnet C2 domain (confidence level: 100%)
domainelevenpp11vs.top	CryptBot botnet C2 domain (confidence level: 100%)
domaintenii10vt.top	CryptBot botnet C2 domain (confidence level: 100%)
domainniness9sb.top	CryptBot botnet C2 domain (confidence level: 100%)
domainninevv9fr.top	CryptBot botnet C2 domain (confidence level: 100%)
domainoness1sb.top	CryptBot botnet C2 domain (confidence level: 100%)
domaintenpp10vs.top	CryptBot botnet C2 domain (confidence level: 100%)
domaintenuu10th.top	CryptBot botnet C2 domain (confidence level: 100%)
domainthirteuu12th.top	CryptBot botnet C2 domain (confidence level: 100%)
domainthirtyss13sb.top	CryptBot botnet C2 domain (confidence level: 100%)
domaintwelvpp12vs.top	CryptBot botnet C2 domain (confidence level: 100%)
domaintwenss20sb.top	CryptBot botnet C2 domain (confidence level: 100%)
domainelevenqq11vt.top	CryptBot botnet C2 domain (confidence level: 100%)

File

Value	Description	Copy
file116.62.8.222	Cobalt Strike botnet C2 server (confidence level: 100%)
file185.208.159.166	AsyncRAT botnet C2 server (confidence level: 100%)
file138.124.54.133	Hook botnet C2 server (confidence level: 100%)
file194.59.31.59	Hook botnet C2 server (confidence level: 100%)
file159.65.230.103	Havoc botnet C2 server (confidence level: 100%)
file171.41.199.170	DCRat botnet C2 server (confidence level: 100%)
file46.246.80.14	DCRat botnet C2 server (confidence level: 100%)
file46.246.6.5	DCRat botnet C2 server (confidence level: 100%)
file3.113.130.207	Brute Ratel C4 botnet C2 server (confidence level: 100%)
file172.233.163.104	Unknown malware botnet C2 server (confidence level: 100%)
file213.153.47.41	Bashlite botnet C2 server (confidence level: 100%)
file94.237.76.69	MimiKatz botnet C2 server (confidence level: 100%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file111.229.110.232	Cobalt Strike botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file8.149.128.131	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file192.144.32.84	RedLine Stealer botnet C2 server (confidence level: 100%)
file104.155.138.21	NetWire RC botnet C2 server (confidence level: 100%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file202.162.99.38	Cobalt Strike botnet C2 server (confidence level: 100%)
file104.168.133.238	Cobalt Strike botnet C2 server (confidence level: 100%)
file66.206.27.24	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.192.96.63	Cobalt Strike botnet C2 server (confidence level: 100%)
file154.204.177.197	Cobalt Strike botnet C2 server (confidence level: 100%)
file87.120.112.98	Remcos botnet C2 server (confidence level: 100%)
file157.173.120.37	Sliver botnet C2 server (confidence level: 100%)
file198.167.193.90	AsyncRAT botnet C2 server (confidence level: 100%)
file45.125.66.30	AsyncRAT botnet C2 server (confidence level: 100%)
file141.95.114.244	AsyncRAT botnet C2 server (confidence level: 100%)
file102.117.161.221	Unknown malware botnet C2 server (confidence level: 100%)
file41.216.183.202	Orcus RAT botnet C2 server (confidence level: 100%)
file94.250.203.131	MooBot botnet C2 server (confidence level: 100%)
file94.198.40.6	BianLian botnet C2 server (confidence level: 100%)
file128.254.230.110	BianLian botnet C2 server (confidence level: 100%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file202.95.15.194	Unknown malware botnet C2 server (confidence level: 100%)
file104.194.9.75	Unknown malware botnet C2 server (confidence level: 100%)
file202.95.15.197	Unknown malware botnet C2 server (confidence level: 100%)
file202.95.15.193	Unknown malware botnet C2 server (confidence level: 100%)
file13.239.83.148	Unknown malware botnet C2 server (confidence level: 100%)
file18.117.181.112	Unknown malware botnet C2 server (confidence level: 100%)
file141.100.235.131	Unknown malware botnet C2 server (confidence level: 100%)
file3.255.138.152	Unknown malware botnet C2 server (confidence level: 100%)
file46.105.51.89	Unknown malware botnet C2 server (confidence level: 100%)
file64.227.134.241	Unknown malware botnet C2 server (confidence level: 100%)
file18.254.2.172	Unknown malware botnet C2 server (confidence level: 100%)
file138.197.50.3	Unknown malware botnet C2 server (confidence level: 100%)
file129.148.35.169	Unknown malware botnet C2 server (confidence level: 100%)
file43.202.201.202	Unknown malware botnet C2 server (confidence level: 100%)
file161.35.72.122	Unknown malware botnet C2 server (confidence level: 100%)
file85.235.74.64	AsyncRAT botnet C2 server (confidence level: 75%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file90.113.178.145	Nanocore RAT botnet C2 server (confidence level: 75%)
file74.178.90.36	Unknown malware botnet C2 server (confidence level: 50%)
file195.123.241.24	Unknown malware botnet C2 server (confidence level: 50%)
file207.90.238.46	Unknown malware botnet C2 server (confidence level: 50%)
file73.63.222.152	Quasar RAT botnet C2 server (confidence level: 100%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file94.110.195.220	Unknown malware botnet C2 server (confidence level: 50%)
file52.43.67.6	Unknown malware botnet C2 server (confidence level: 50%)
file54.68.48.57	Unknown malware botnet C2 server (confidence level: 50%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 50%)
file104.248.130.195	NjRAT botnet C2 server (confidence level: 75%)
file172.86.108.55	XWorm botnet C2 server (confidence level: 100%)
file134.209.99.214	NjRAT botnet C2 server (confidence level: 100%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file121.37.170.202	Cobalt Strike botnet C2 server (confidence level: 100%)
file178.73.218.5	Remcos botnet C2 server (confidence level: 100%)
file8.134.220.192	Sliver botnet C2 server (confidence level: 100%)
file192.227.249.119	Sliver botnet C2 server (confidence level: 100%)
file47.112.118.101	Unknown malware botnet C2 server (confidence level: 100%)
file109.248.151.159	AsyncRAT botnet C2 server (confidence level: 100%)
file45.126.208.175	AsyncRAT botnet C2 server (confidence level: 100%)
file85.239.237.148	AsyncRAT botnet C2 server (confidence level: 100%)
file103.195.101.225	AsyncRAT botnet C2 server (confidence level: 100%)
file91.208.206.85	Hook botnet C2 server (confidence level: 100%)
file46.183.220.18	Quasar RAT botnet C2 server (confidence level: 100%)
file195.177.95.27	ERMAC botnet C2 server (confidence level: 100%)
file91.208.206.85	ERMAC botnet C2 server (confidence level: 100%)
file31.13.224.69	AsyncRAT botnet C2 server (confidence level: 75%)
file47.99.151.120	Cobalt Strike botnet C2 server (confidence level: 100%)
file1.92.139.71	Cobalt Strike botnet C2 server (confidence level: 100%)
file113.44.152.64	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.238.68.246	Cobalt Strike botnet C2 server (confidence level: 100%)
file155.138.253.99	Eye Pyramid botnet C2 server (confidence level: 75%)
file2.88.143.105	QakBot botnet C2 server (confidence level: 75%)
file38.253.28.229	DeimosC2 botnet C2 server (confidence level: 75%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file15.207.222.135	Meterpreter botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file52.43.67.6	Unknown malware botnet C2 server (confidence level: 50%)
file54.68.48.57	Unknown malware botnet C2 server (confidence level: 50%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file88.218.170.171	Sliver botnet C2 server (confidence level: 50%)
file95.211.182.120	AsyncRAT botnet C2 server (confidence level: 100%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file13.208.125.136	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 50%)
file173.211.106.101	Unknown malware botnet C2 server (confidence level: 50%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file147.185.221.25	NjRAT botnet C2 server (confidence level: 100%)
file87.120.112.109	Unknown malware botnet C2 server (confidence level: 100%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file121.4.99.161	Cobalt Strike botnet C2 server (confidence level: 75%)
file155.102.0.179	Cobalt Strike botnet C2 server (confidence level: 75%)
file163.181.228.194	Cobalt Strike botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file38.207.178.43	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file45.137.22.227	RedLine Stealer botnet C2 server (confidence level: 100%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file52.43.67.6	Unknown malware botnet C2 server (confidence level: 50%)
file54.68.48.57	Unknown malware botnet C2 server (confidence level: 50%)
file2.143.95.145	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 50%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.156.167.138	Cobalt Strike botnet C2 server (confidence level: 100%)
file13.201.30.7	Havoc botnet C2 server (confidence level: 100%)
file5.101.150.252	Havoc botnet C2 server (confidence level: 100%)
file15.237.45.6	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file156.238.253.27	Kaiji botnet C2 server (confidence level: 100%)
file5.22.211.97	MimiKatz botnet C2 server (confidence level: 100%)
file92.255.85.66	XWorm botnet C2 server (confidence level: 75%)
file45.77.46.13	Havoc botnet C2 server (confidence level: 75%)
file54.87.32.39	AsyncRAT botnet C2 server (confidence level: 75%)
file62.68.75.16	Havoc botnet C2 server (confidence level: 75%)
file64.52.80.94	Meduza Stealer botnet C2 server (confidence level: 75%)
file66.42.98.90	pupy botnet C2 server (confidence level: 75%)
file80.76.49.97	Meduza Stealer botnet C2 server (confidence level: 75%)
file94.23.84.20	Sliver botnet C2 server (confidence level: 75%)
file20.5.43.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.10.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.79.20.7	Cobalt Strike botnet C2 server (confidence level: 75%)
file51.96.90.80	Cobalt Strike botnet C2 server (confidence level: 75%)
file80.64.30.50	Cobalt Strike botnet C2 server (confidence level: 75%)
file81.70.49.19	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.67.60.21	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.20.88.63	Cobalt Strike botnet C2 server (confidence level: 75%)
file87.120.125.185	AsyncRAT botnet C2 server (confidence level: 100%)
file192.144.32.84	RedLine Stealer botnet C2 server (confidence level: 100%)
file104.155.138.21	NetWire RC botnet C2 server (confidence level: 100%)
file73.63.222.152	Quasar RAT botnet C2 server (confidence level: 100%)
file95.211.182.120	AsyncRAT botnet C2 server (confidence level: 100%)
file147.185.221.25	NjRAT botnet C2 server (confidence level: 100%)
file45.137.22.227	RedLine Stealer botnet C2 server (confidence level: 100%)
file85.235.74.64	AsyncRAT botnet C2 server (confidence level: 75%)
file90.113.178.145	Nanocore RAT botnet C2 server (confidence level: 75%)
file144.202.34.169	Emotet botnet C2 server (confidence level: 75%)
file185.196.8.37	Amadey botnet C2 server (confidence level: 50%)
file94.156.177.41	Loki Password Stealer (PWS) botnet C2 server (confidence level: 50%)
file52.87.248.40	Chaos botnet C2 server (confidence level: 50%)
file62.60.226.62	Meduza Stealer botnet C2 server (confidence level: 50%)
file87.120.112.242	Spectre Rat botnet C2 server (confidence level: 50%)
file138.124.101.41	Meduza Stealer botnet C2 server (confidence level: 50%)
file66.63.187.173	Meduza Stealer botnet C2 server (confidence level: 50%)
file45.130.145.152	Meduza Stealer botnet C2 server (confidence level: 50%)
file64.176.183.187	Pink botnet C2 server (confidence level: 100%)
file92.51.2.17	Cobalt Strike botnet C2 server (confidence level: 50%)
file38.207.177.166	Sliver botnet C2 server (confidence level: 50%)
file34.168.112.184	Unknown malware botnet C2 server (confidence level: 50%)
file2.58.56.182	Remcos botnet C2 server (confidence level: 75%)
file3.86.153.4	BianLian botnet C2 server (confidence level: 75%)
file3.94.26.46	Eye Pyramid botnet C2 server (confidence level: 75%)
file45.82.85.50	RansomHub botnet C2 server (confidence level: 75%)
file45.82.85.50	RansomHub botnet C2 server (confidence level: 75%)
file45.83.31.62	AsyncRAT botnet C2 server (confidence level: 75%)
file5.35.36.120	Eye Pyramid botnet C2 server (confidence level: 75%)
file5.78.46.203	Remcos botnet C2 server (confidence level: 75%)
file5.8.63.178	RansomHub botnet C2 server (confidence level: 75%)
file50.35.138.102	QakBot botnet C2 server (confidence level: 75%)
file50.35.140.145	QakBot botnet C2 server (confidence level: 75%)
file66.55.74.235	AsyncRAT botnet C2 server (confidence level: 75%)
file70.31.125.180	QakBot botnet C2 server (confidence level: 75%)
file75.2.86.109	DeimosC2 botnet C2 server (confidence level: 75%)
file81.17.31.98	BianLian botnet C2 server (confidence level: 75%)
file85.31.47.121	Hook botnet C2 server (confidence level: 75%)
file85.31.47.149	AsyncRAT botnet C2 server (confidence level: 75%)
file85.31.47.208	AsyncRAT botnet C2 server (confidence level: 75%)
file85.31.47.208	AsyncRAT botnet C2 server (confidence level: 75%)
file85.31.47.208	AsyncRAT botnet C2 server (confidence level: 75%)
file85.31.47.208	AsyncRAT botnet C2 server (confidence level: 75%)
file93.82.24.249	Eye Pyramid botnet C2 server (confidence level: 75%)
file23.27.48.4	Cobalt Strike botnet C2 server (confidence level: 75%)
file39.98.40.53	Cobalt Strike botnet C2 server (confidence level: 75%)
file45.91.81.246	Cobalt Strike botnet C2 server (confidence level: 75%)
file47.97.153.87	Cobalt Strike botnet C2 server (confidence level: 75%)
file154.37.223.57	Cobalt Strike botnet C2 server (confidence level: 75%)
file92.51.2.17	Cobalt Strike botnet C2 server (confidence level: 50%)
file4.228.230.190	Unknown malware botnet C2 server (confidence level: 50%)
file13.247.185.57	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file31.202.43.10	DarkComet botnet C2 server (confidence level: 50%)
file31.57.102.138	Cobalt Strike botnet C2 server (confidence level: 100%)
file156.238.249.185	Cobalt Strike botnet C2 server (confidence level: 100%)
file8.219.211.139	Cobalt Strike botnet C2 server (confidence level: 100%)
file77.91.70.254	Remcos botnet C2 server (confidence level: 100%)
file186.169.34.70	Remcos botnet C2 server (confidence level: 100%)
file213.159.66.34	Remcos botnet C2 server (confidence level: 100%)
file194.59.31.139	Remcos botnet C2 server (confidence level: 100%)
file194.26.192.99	AsyncRAT botnet C2 server (confidence level: 100%)
file181.162.155.66	Quasar RAT botnet C2 server (confidence level: 100%)
file170.238.45.112	DCRat botnet C2 server (confidence level: 100%)
file46.246.14.9	DCRat botnet C2 server (confidence level: 100%)
file69.46.15.169	BianLian botnet C2 server (confidence level: 100%)
file69.46.15.169	BianLian botnet C2 server (confidence level: 100%)
file162.252.173.100	BianLian botnet C2 server (confidence level: 100%)
file176.44.93.183	QakBot botnet C2 server (confidence level: 75%)
file201.103.172.59	QakBot botnet C2 server (confidence level: 75%)
file27.64.99.119	AsyncRAT botnet C2 server (confidence level: 75%)
file46.246.245.32	QakBot botnet C2 server (confidence level: 75%)
file54.95.38.246	Brute Ratel C4 botnet C2 server (confidence level: 75%)
file85.31.47.104	AsyncRAT botnet C2 server (confidence level: 75%)
file95.10.41.28	QakBot botnet C2 server (confidence level: 75%)
file188.166.149.250	Cobalt Strike botnet C2 server (confidence level: 75%)
file160.179.160.252	Orcus RAT botnet C2 server (confidence level: 50%)
file20.124.90.24	Cobalt Strike botnet C2 server (confidence level: 100%)

Hash

Value	Description	Copy
hash3389	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8807	AsyncRAT botnet C2 server (confidence level: 100%)
hash8089	Hook botnet C2 server (confidence level: 100%)
hash80	Hook botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash25565	DCRat botnet C2 server (confidence level: 100%)
hash9000	DCRat botnet C2 server (confidence level: 100%)
hash8000	DCRat botnet C2 server (confidence level: 100%)
hash80	Brute Ratel C4 botnet C2 server (confidence level: 100%)
hash4000	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Bashlite botnet C2 server (confidence level: 100%)
hash8000	MimiKatz botnet C2 server (confidence level: 100%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash12345	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash14521	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash16383	RedLine Stealer botnet C2 server (confidence level: 100%)
hash6988	NetWire RC botnet C2 server (confidence level: 100%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash6001	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8090	Remcos botnet C2 server (confidence level: 100%)
hash8093	Sliver botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash80	AsyncRAT botnet C2 server (confidence level: 100%)
hash6606	AsyncRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash808	Orcus RAT botnet C2 server (confidence level: 100%)
hash80	MooBot botnet C2 server (confidence level: 100%)
hash20022	BianLian botnet C2 server (confidence level: 100%)
hash443	BianLian botnet C2 server (confidence level: 100%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash60000	Unknown malware botnet C2 server (confidence level: 100%)
hash60000	Unknown malware botnet C2 server (confidence level: 100%)
hash60000	Unknown malware botnet C2 server (confidence level: 100%)
hash60000	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash8082	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash9033	Nanocore RAT botnet C2 server (confidence level: 75%)
hash443	Unknown malware botnet C2 server (confidence level: 50%)
hash443	Unknown malware botnet C2 server (confidence level: 50%)
hash443	Unknown malware botnet C2 server (confidence level: 50%)
hashf009ec775b2daa5a0f38dc2593a3c231611bea7cb579363915d9be1135b00455	Unknown malware payload (confidence level: 50%)
hash3d0e55bd3c84e6cb35559ef1d0f2ef72a21e0f3793a9158d514f12f46b0aff85	Unknown malware payload (confidence level: 50%)
hash801525d7239e46f9c22d7e7bcd163abcfb29fc0770ff417f5fc62bfb005ec7ac	Unknown malware payload (confidence level: 50%)
hashea2b3bf32cc27e959e19c365fa2f6e5310ef2e76d3d0ed2df3fb5945f9afc9e7	Unknown malware payload (confidence level: 50%)
hash4b6a008c8b85803dc19a8286f33cad963425d37c4ca0b1a9454a854db3273dad	Unknown malware payload (confidence level: 50%)
hasha23560a3b9a9578dcd70bcd01434b2053940d6be36e543df8e4d36931ca9ea63	Unknown malware payload (confidence level: 50%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash3333	Unknown malware botnet C2 server (confidence level: 50%)
hash80	Unknown malware botnet C2 server (confidence level: 50%)
hash80	Unknown malware botnet C2 server (confidence level: 50%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 50%)
hash88	NjRAT botnet C2 server (confidence level: 75%)
hash7771	XWorm botnet C2 server (confidence level: 100%)
hash1337	NjRAT botnet C2 server (confidence level: 100%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash60020	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash8000	Sliver botnet C2 server (confidence level: 100%)
hash6666	Sliver botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash1005	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash7777	AsyncRAT botnet C2 server (confidence level: 100%)
hash6606	AsyncRAT botnet C2 server (confidence level: 100%)
hash80	Hook botnet C2 server (confidence level: 100%)
hash42228	Quasar RAT botnet C2 server (confidence level: 100%)
hash8080	ERMAC botnet C2 server (confidence level: 100%)
hash8080	ERMAC botnet C2 server (confidence level: 100%)
hash49731	AsyncRAT botnet C2 server (confidence level: 75%)
hash1234	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash10001	Cobalt Strike botnet C2 server (confidence level: 100%)
hash1234	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Eye Pyramid botnet C2 server (confidence level: 75%)
hash995	QakBot botnet C2 server (confidence level: 75%)
hash8080	DeimosC2 botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash443	Meterpreter botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Unknown malware botnet C2 server (confidence level: 50%)
hash80	Unknown malware botnet C2 server (confidence level: 50%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash1967	AsyncRAT botnet C2 server (confidence level: 100%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash44158	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash80	Havoc botnet C2 server (confidence level: 50%)
hash1245	Unknown malware botnet C2 server (confidence level: 50%)
hash47830f7007b4317dc8ce1b16f3ae79f9f7e964db456c34e00473fba94bb713eb	Unknown malware payload (confidence level: 50%)
hash6a104f07ab6c5711b6bc8bf6ff956ab8cd597a388002a966e980c5ec9678b5b0	Unknown malware payload (confidence level: 50%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash15719	NjRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash8813	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash55615	RedLine Stealer botnet C2 server (confidence level: 100%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Unknown malware botnet C2 server (confidence level: 50%)
hash80	Unknown malware botnet C2 server (confidence level: 50%)
hash6001	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash80	Havoc botnet C2 server (confidence level: 50%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash8085	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash17778	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash808	Kaiji botnet C2 server (confidence level: 100%)
hash8080	MimiKatz botnet C2 server (confidence level: 100%)
hash7000	XWorm botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Havoc botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash53	pupy botnet C2 server (confidence level: 75%)
hash80	Meduza Stealer botnet C2 server (confidence level: 75%)
hash80	Sliver botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash6606	AsyncRAT botnet C2 server (confidence level: 100%)
hash16383	RedLine Stealer botnet C2 server (confidence level: 100%)
hash6988	NetWire RC botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash1967	AsyncRAT botnet C2 server (confidence level: 100%)
hash15719	NjRAT botnet C2 server (confidence level: 100%)
hash55615	RedLine Stealer botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 75%)
hash9033	Nanocore RAT botnet C2 server (confidence level: 75%)
hash443	Emotet botnet C2 server (confidence level: 75%)
hash80	Amadey botnet C2 server (confidence level: 50%)
hash80	Loki Password Stealer (PWS) botnet C2 server (confidence level: 50%)
hash80	Chaos botnet C2 server (confidence level: 50%)
hash80	Meduza Stealer botnet C2 server (confidence level: 50%)
hash8000	Spectre Rat botnet C2 server (confidence level: 50%)
hash80	Meduza Stealer botnet C2 server (confidence level: 50%)
hash80	Meduza Stealer botnet C2 server (confidence level: 50%)
hash80	Meduza Stealer botnet C2 server (confidence level: 50%)
hash38990	Pink botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash3333	Unknown malware botnet C2 server (confidence level: 50%)
hash2404	Remcos botnet C2 server (confidence level: 75%)
hash443	BianLian botnet C2 server (confidence level: 75%)
hash443	Eye Pyramid botnet C2 server (confidence level: 75%)
hash443	RansomHub botnet C2 server (confidence level: 75%)
hash8000	RansomHub botnet C2 server (confidence level: 75%)
hash8808	AsyncRAT botnet C2 server (confidence level: 75%)
hash443	Eye Pyramid botnet C2 server (confidence level: 75%)
hash2404	Remcos botnet C2 server (confidence level: 75%)
hash443	RansomHub botnet C2 server (confidence level: 75%)
hash443	QakBot botnet C2 server (confidence level: 75%)
hash443	QakBot botnet C2 server (confidence level: 75%)
hash8000	AsyncRAT botnet C2 server (confidence level: 75%)
hash2222	QakBot botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash1124	BianLian botnet C2 server (confidence level: 75%)
hash80	Hook botnet C2 server (confidence level: 75%)
hash6606	AsyncRAT botnet C2 server (confidence level: 75%)
hash222	AsyncRAT botnet C2 server (confidence level: 75%)
hash2222	AsyncRAT botnet C2 server (confidence level: 75%)
hash4444	AsyncRAT botnet C2 server (confidence level: 75%)
hash7777	AsyncRAT botnet C2 server (confidence level: 75%)
hash8000	Eye Pyramid botnet C2 server (confidence level: 75%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 75%)
hash8888	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash84	Cobalt Strike botnet C2 server (confidence level: 50%)
hash4443	Unknown malware botnet C2 server (confidence level: 50%)
hash11	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash1604	DarkComet botnet C2 server (confidence level: 50%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash24046	Remcos botnet C2 server (confidence level: 100%)
hash8888	Remcos botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash46530	Remcos botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash8080	Quasar RAT botnet C2 server (confidence level: 100%)
hash6000	DCRat botnet C2 server (confidence level: 100%)
hash5000	DCRat botnet C2 server (confidence level: 100%)
hash80	BianLian botnet C2 server (confidence level: 100%)
hash3389	BianLian botnet C2 server (confidence level: 100%)
hash80	BianLian botnet C2 server (confidence level: 100%)
hash995	QakBot botnet C2 server (confidence level: 75%)
hash995	QakBot botnet C2 server (confidence level: 75%)
hash8808	AsyncRAT botnet C2 server (confidence level: 75%)
hash995	QakBot botnet C2 server (confidence level: 75%)
hash80	Brute Ratel C4 botnet C2 server (confidence level: 75%)
hash6606	AsyncRAT botnet C2 server (confidence level: 75%)
hash443	QakBot botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash10134	Orcus RAT botnet C2 server (confidence level: 50%)
hash2a9e9815739f5144d7442229cfb9bfcf	AMOS payload (confidence level: 50%)
hashc90930423cae1497d13dd3e764ee35ed	AMOS payload (confidence level: 50%)
hash8a41a304faa8bbbd061fe95daf4dd071	AMOS payload (confidence level: 50%)
hash2a18a668c24e74be52fd61052b4c6a86	AMOS payload (confidence level: 50%)
hash5fcbc8afc0ec7f07d80a7e87fd18cd6a	AMOS payload (confidence level: 50%)
hashff53f28c95b765146b84f02c9237ac7e	AMOS payload (confidence level: 50%)
hash145b745f4905b7739f9a33891be2fdd0	AMOS payload (confidence level: 50%)
hash5e28e67a184932109bdaaeb6354061fa	AMOS payload (confidence level: 50%)
hashd2e407f7198d3cd66f9e588f78703206	AMOS payload (confidence level: 50%)
hash66171f0bea07f847386536a9f3fe4a55	AMOS payload (confidence level: 50%)
hash4c036a75b65adde90eb37c8c6088aa15	AMOS payload (confidence level: 50%)
hashb4dcd8425db9edd22c5442c63eec0d6f	AMOS payload (confidence level: 50%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)

Threat ID: 68367c97182aa0cae231a15f

Added to database: 5/28/2025, 3:01:43 AM

Last enriched: 6/27/2025, 11:21:30 AM

Last updated: 8/16/2025, 1:52:49 PM

Related Threats

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2025-01-22

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2025-01-22

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Url

Domain

File

Hash

Related Threats

Fake ChatGPT Desktop App Delivering PipeMagic Backdoor, Microsoft

Phishing Scam with Fake Copyright Notices Drops New Noodlophile Stealer Variant

ThreatFox IOCs for 2025-08-17

ThreatFox IOCs for 2025-08-16

Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility