Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

ThreatFox IOCs for 2025-01-31

Medium
Malwaretype:osinttlp:white
Published: Fri Jan 31 2025 (01/31/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-01-31

AI-Powered Analysis

AILast updated: 06/27/2025, 10:21:11 UTC

Technical Analysis

The provided information describes a set of Indicators of Compromise (IOCs) from the ThreatFox MISP feed dated January 31, 2025, categorized under malware and OSINT (Open Source Intelligence). The data appears to be a collection of threat intelligence indicators related to network activity and payload delivery mechanisms. However, the details are sparse, with no specific affected product versions, no known exploits in the wild, and no patches available. The threat level is indicated as medium, with a threatLevel score of 2 (on an unspecified scale), analysis score of 1, and distribution score of 3, suggesting moderate dissemination but limited technical detail. The category tags imply that these IOCs are related to monitoring or detecting malicious network activity and payload delivery, which could be used by defenders to identify or block malware infections or intrusions. Since no specific malware family, attack vector, or vulnerability is described, this appears to be an intelligence feed update rather than a direct vulnerability or exploit. The absence of CWEs and patch information further supports that this is a threat intelligence update rather than a newly discovered vulnerability or active exploit. The TLP (Traffic Light Protocol) white tag indicates that the information is intended for public sharing without restriction. Overall, this entry represents a medium-severity malware-related threat intelligence update focusing on network activity and payload delivery indicators, useful for defensive monitoring but lacking detailed exploit or vulnerability context.

Potential Impact

For European organizations, the impact of this threat intelligence update is primarily in enhancing detection and response capabilities rather than indicating an immediate or active compromise risk. Since no specific exploit or vulnerability is identified, the direct risk to confidentiality, integrity, or availability is limited. However, the presence of new or updated IOCs related to malware payload delivery and network activity could help organizations identify ongoing or emerging malware campaigns targeting their networks. This can improve incident response times and reduce potential damage from malware infections. Organizations relying on threat intelligence feeds like ThreatFox can integrate these IOCs into their security monitoring tools (e.g., SIEM, IDS/IPS) to better detect malicious activity. The medium severity suggests that while the threat is not critical, it should not be ignored, especially in sectors with high exposure to malware attacks such as finance, critical infrastructure, and government. The lack of known exploits in the wild reduces immediate urgency but does not preclude future exploitation. Therefore, European organizations should consider this intelligence as part of their broader threat landscape awareness and maintain vigilance in monitoring network traffic and payload delivery attempts.

Mitigation Recommendations

1. Integrate the provided IOCs into existing security monitoring platforms such as SIEM, IDS/IPS, and endpoint detection and response (EDR) solutions to enhance detection capabilities. 2. Conduct regular network traffic analysis focusing on payload delivery patterns and anomalous network activity that align with the indicators. 3. Maintain up-to-date threat intelligence feeds and ensure security teams are trained to interpret and act on OSINT-derived indicators. 4. Implement network segmentation and strict egress filtering to limit the spread and communication of malware payloads within the network. 5. Conduct regular phishing and malware awareness training for employees to reduce the risk of initial infection vectors. 6. Perform routine vulnerability assessments and patch management to reduce the attack surface, even though no specific patches are indicated here. 7. Establish incident response playbooks that incorporate the use of updated IOCs for rapid containment and remediation. 8. Collaborate with national and European cybersecurity centers (e.g., ENISA) to share and receive timely threat intelligence updates.

Affected Countries

GermanyGermany
FranceFrance
United KingdomUnited Kingdom
NetherlandsNetherlands
ItalyItaly
SpainSpain
PolandPoland
Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
e7599bde-2cd6-47a5-8cdf-be7ec9899110
Original Timestamp
1738368186

Indicators of Compromise

Url

ValueDescriptionCopy
urlhttp://touxzw.ir/sccc/five/pvqdq929bsx_a_d_m1n_a.php
LokiBot botnet C2 (confidence level: 100%)
urlhttp://52.229.166.98:8888/supershell/login/
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://47.97.114.229:8888/supershell/login/
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://occasional-peterson-blast-sussex.trycloudflare.com/cloudfls
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://ppdpharmaco.com/5k5g.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://ppdpharmaco.com/js.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://bit1.smogturfprance.shop/cacaduk.captcha
Unknown Loader payload delivery URL (confidence level: 50%)
urlhttps://portable2016.top/work/original.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://portable2016.top/work/index.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://portable2016.top/work/upl.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://cansupeker.com/folder.zip
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://92.255.57.155/yxnwkvfks28y/login.php
Amadey botnet C2 (confidence level: 100%)
urlhttps://solve.zyde.org/awjsx.captcha
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://solve.feqy.org/awjsx.captcha
ClearFake payload delivery URL (confidence level: 100%)
urlhttp://149.88.78.49:8888/supershell/login/
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://dreamcloudsite.xyz/mzzkntlintu4ndhl/
Coper botnet C2 (confidence level: 100%)
urlhttps://fashiontrends2023.biz/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://knowninshea.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://sweepyribs.lat/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://spottyalle.biz/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://techgasreview.biz/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://tacscc.com/5s41.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://tacscc.com/js.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://154.216.20.246/4bbfd212e4bc2b67.php
Stealc botnet C2 (confidence level: 50%)
urlhttp://51.21.41.165:5555/
Unknown malware botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/mwg2cxem
AsyncRAT botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/86kgq8zf
XWorm botnet C2 (confidence level: 50%)
urlhttps://btee.geontrigame.com/mvkrouhawm
Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://qmnw.daowsistem.com/fayikyeund
Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://bhju.daowsistem.com/iwywybzqxk
Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://lgfd.daowsistem.com/riqojhyvnr
Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://leme.daowsistem.com/omzowcicwp
Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://igow.scortma.com/fqieghffbm
Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://quit.scortma.com/xzcpnnfhxi
Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://llue.geontrigame.com/byyyfydxyf
Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://cxmp.scortma.com/qfutdbtqqu
Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://xrxw.scortma.com/gmdroacyvi
Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://qfab.geontrigame.com/vfofnzihsm
Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://tbet.geontrigame.com/zxchzzmism
Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://yezh.geontrigame.com/vxewhcacbfqnsw
Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://getyour.cyou
Vidar botnet C2 (confidence level: 100%)
urlhttps://gameofthronesmemes.top/work/original.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://gameofthronesmemes.top/work/index.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://gameofthronesmemes.top/work/upl.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://muscleinitai.biz/api
Lumma Stealer botnet C2 (confidence level: 50%)
urlhttps://bmdcompany.com/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://ffjihcnfkhihlmd.top/1.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://192.168.130.131:443/hqky
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://192.10.135.210:45577/mozi.m
Mozi payload delivery URL (confidence level: 50%)

Domain

ValueDescriptionCopy
domainppdpharmaco.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainportable2016.top
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainsolve.zyde.org
ClearFake payload delivery domain (confidence level: 100%)
domainmstr-x2-giveaway.com
CryptoNight payload delivery domain (confidence level: 50%)
domainsaylor-giveaway.com
CryptoNight payload delivery domain (confidence level: 50%)
domainsaylor-giveaway.info
CryptoNight payload delivery domain (confidence level: 50%)
domainsaylor-giveaway.pro
CryptoNight payload delivery domain (confidence level: 50%)
domainsaylor-giveaways.com
CryptoNight payload delivery domain (confidence level: 50%)
domainsaylor-x2crypto.com
CryptoNight payload delivery domain (confidence level: 50%)
domainsaylor-x2giveaway.co
CryptoNight payload delivery domain (confidence level: 50%)
domainsaylor-x2giveaways.com
CryptoNight payload delivery domain (confidence level: 50%)
domainsaylorgiveaway.net
CryptoNight payload delivery domain (confidence level: 50%)
domainsaylorgiveaway.com
CryptoNight payload delivery domain (confidence level: 50%)
domainairdrop-xrp.com
CryptoNight payload delivery domain (confidence level: 50%)
domainbg-xrp.com
CryptoNight payload delivery domain (confidence level: 50%)
domainbrad-2x.com
CryptoNight payload delivery domain (confidence level: 50%)
domaindrop-xrp.com
CryptoNight payload delivery domain (confidence level: 50%)
domainevent-rockstar.com
CryptoNight payload delivery domain (confidence level: 50%)
domaininvest-cardano.com
CryptoNight payload delivery domain (confidence level: 50%)
domaininvest-solana.com
CryptoNight payload delivery domain (confidence level: 50%)
domainms2saylor.com
CryptoNight payload delivery domain (confidence level: 50%)
domainspacex-events.com
CryptoNight payload delivery domain (confidence level: 50%)
domaintvorotech.online
magecart credit card skimming domain (confidence level: 100%)
domaininshdigit.sbs
magecart credit card skimming domain (confidence level: 100%)
domainbartender.top
magecart credit card skimming domain (confidence level: 100%)
domainsolve.feqy.org
ClearFake payload delivery domain (confidence level: 100%)
domainj4n6foy.localto.net
NjRAT botnet C2 domain (confidence level: 75%)
domainaccounts2.app-cloud.link
Havoc botnet C2 domain (confidence level: 100%)
domainapi.adviseur-oakk.nl
Havoc botnet C2 domain (confidence level: 100%)
domainsohit13140-34151.portmap.host
Quasar RAT botnet C2 domain (confidence level: 100%)
domaincoluich1220.duckdns.org
Quasar RAT botnet C2 domain (confidence level: 100%)
domainkaziahlds-23371.portmap.io
Quasar RAT botnet C2 domain (confidence level: 100%)
domainhappythepeppie.ddns.net
Quasar RAT botnet C2 domain (confidence level: 100%)
domainducksro.duckdns.org
Quasar RAT botnet C2 domain (confidence level: 100%)
domaincreditagricole.zapto.org
Quasar RAT botnet C2 domain (confidence level: 100%)
domaindeadpoolstart2035.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domaindeadpoolstart2036.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainbertel5.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domaindeadpoolstart2037.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domaindoor-bottom.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaintext-eh.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainlarge-weak.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainmean-signal.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainonly-desk.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainhall-shine.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainsystems-budget.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainput-welfare.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainprojects-secretary.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaincard-funny.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainrootsaul.work.gd
XWorm botnet C2 domain (confidence level: 100%)
domainbreak-aaron.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainfemale-adapter.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainegornigga-64579.portmap.host
XWorm botnet C2 domain (confidence level: 100%)
domaincheatjunkies.ru
XWorm botnet C2 domain (confidence level: 100%)
domainhomepage-radios.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainlake-gui.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainconditions-protecting.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaingoga123321-28259.portmap.host
XWorm botnet C2 domain (confidence level: 100%)
domaintacscc.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainsolve.wyji.org
ClearFake payload delivery domain (confidence level: 100%)
domaingrahthousand-64131.portmap.host
AsyncRAT botnet C2 domain (confidence level: 50%)
domainper-cassette.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 50%)
domainacttwindows.duckdns.org
Remcos botnet C2 domain (confidence level: 50%)
domaineoogg.top
FAKEUPDATES payload delivery domain (confidence level: 50%)
domainwp-cdn.top
Unknown malware payload delivery domain (confidence level: 100%)
domaingeraatualiza.com
Unknown Stealer botnet C2 domain (confidence level: 50%)
domainmasterdow.com
Unknown Stealer botnet C2 domain (confidence level: 50%)
domaingeraupdate.com
Unknown Stealer botnet C2 domain (confidence level: 50%)
domainsolve.qabi.org
ClearFake payload delivery domain (confidence level: 100%)
domaingetyour.cyou
Vidar botnet C2 domain (confidence level: 100%)
domainurabotnet.duckdns.org
Mirai botnet C2 domain (confidence level: 50%)
domainchange-harvest.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domainwww.gzxingyu.cloud
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaingameofthronesmemes.top
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainnicekboupdatedgood.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainwww.caravanehamburg.de
Remcos botnet C2 domain (confidence level: 100%)
domainenviameplata.kozow.com
Remcos botnet C2 domain (confidence level: 100%)
domainoffice.miicrosofts.org
Unknown malware botnet C2 domain (confidence level: 100%)
domainhelpdesk.technicalsecurityops.org
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaintheeyefirewall.su
Mirai botnet C2 domain (confidence level: 50%)
domainlanmangraphics.com
Unknown malware botnet C2 domain (confidence level: 50%)
domainerrorreporting.net
Unknown malware botnet C2 domain (confidence level: 50%)
domaininternalsecurity.us
Unknown malware botnet C2 domain (confidence level: 50%)
domaintieringservice.com
Unknown malware botnet C2 domain (confidence level: 50%)
domainautomation-embedding.com
Unknown malware botnet C2 domain (confidence level: 50%)
domainretaildemo.info
Unknown malware botnet C2 domain (confidence level: 50%)
domainenrollmentdm.com
Unknown malware botnet C2 domain (confidence level: 50%)
domainunderwearshopfor.com
Unknown malware botnet C2 domain (confidence level: 50%)
domainrss-feed-monitoring.com
Unknown malware botnet C2 domain (confidence level: 50%)
domainfuturesfurnitures.com
Unknown malware botnet C2 domain (confidence level: 50%)
domainlookup.ink
HATVIBE botnet C2 domain (confidence level: 50%)
domainbackground-services.net
HATVIBE botnet C2 domain (confidence level: 50%)
domaincloud-mail.ink
Unknown malware botnet C2 domain (confidence level: 50%)
domainjs.sfqj321.buzz
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainwehelpgood.xyz
Cobalt Strike botnet C2 domain (confidence level: 75%)

File

ValueDescriptionCopy
file18.217.210.12
MooBot botnet C2 server (confidence level: 75%)
file5.75.234.8
NjRAT botnet C2 server (confidence level: 75%)
file189.158.232.16
Unknown malware botnet C2 server (confidence level: 100%)
file179.13.3.202
Remcos botnet C2 server (confidence level: 100%)
file94.156.105.136
AsyncRAT botnet C2 server (confidence level: 100%)
file94.156.105.138
AsyncRAT botnet C2 server (confidence level: 100%)
file139.59.34.92
Unknown malware botnet C2 server (confidence level: 100%)
file91.132.51.35
Hook botnet C2 server (confidence level: 100%)
file111.227.97.43
Quasar RAT botnet C2 server (confidence level: 100%)
file18.171.153.42
MooBot botnet C2 server (confidence level: 100%)
file93.88.203.80
Latrodectus botnet C2 server (confidence level: 75%)
file54.156.194.68
Cobalt Strike botnet C2 server (confidence level: 75%)
file78.41.139.3
SystemBC botnet C2 server (confidence level: 60%)
file44.206.88.121
Sliver botnet C2 server (confidence level: 100%)
file42.231.168.199
Unknown malware botnet C2 server (confidence level: 100%)
file144.172.92.114
AsyncRAT botnet C2 server (confidence level: 100%)
file191.96.207.70
AsyncRAT botnet C2 server (confidence level: 100%)
file191.96.207.70
AsyncRAT botnet C2 server (confidence level: 100%)
file94.156.105.136
AsyncRAT botnet C2 server (confidence level: 100%)
file185.42.12.85
SectopRAT botnet C2 server (confidence level: 100%)
file44.244.111.179
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file8.134.108.73
Unknown malware botnet C2 server (confidence level: 100%)
file67.202.29.80
Unknown malware botnet C2 server (confidence level: 100%)
file168.119.57.134
Unknown malware botnet C2 server (confidence level: 100%)
file13.60.58.82
Unknown malware botnet C2 server (confidence level: 100%)
file35.206.155.207
Unknown malware botnet C2 server (confidence level: 100%)
file3.228.159.27
Unknown malware botnet C2 server (confidence level: 100%)
file34.1.162.42
Unknown malware botnet C2 server (confidence level: 100%)
file46.101.162.88
Unknown malware botnet C2 server (confidence level: 100%)
file13.201.101.72
Unknown malware botnet C2 server (confidence level: 100%)
file195.58.36.137
Unknown malware botnet C2 server (confidence level: 100%)
file105.156.110.103
QakBot botnet C2 server (confidence level: 100%)
file198.46.178.132
Remcos botnet C2 server (confidence level: 75%)
file124.170.69.79
Quasar RAT botnet C2 server (confidence level: 100%)
file87.228.57.81
Quasar RAT botnet C2 server (confidence level: 100%)
file109.248.151.166
Quasar RAT botnet C2 server (confidence level: 100%)
file100.120.140.9
Quasar RAT botnet C2 server (confidence level: 100%)
file112.134.23.228
Quasar RAT botnet C2 server (confidence level: 100%)
file125.25.56.200
Quasar RAT botnet C2 server (confidence level: 100%)
file62.60.190.141
AsyncRAT botnet C2 server (confidence level: 100%)
file62.60.190.141
AsyncRAT botnet C2 server (confidence level: 100%)
file85.31.47.31
AsyncRAT botnet C2 server (confidence level: 100%)
file105.100.250.154
AsyncRAT botnet C2 server (confidence level: 100%)
file147.185.221.25
AsyncRAT botnet C2 server (confidence level: 100%)
file62.60.190.196
AsyncRAT botnet C2 server (confidence level: 100%)
file105.101.179.171
AsyncRAT botnet C2 server (confidence level: 100%)
file147.185.221.25
AsyncRAT botnet C2 server (confidence level: 100%)
file94.156.166.213
AsyncRAT botnet C2 server (confidence level: 100%)
file62.60.190.196
AsyncRAT botnet C2 server (confidence level: 100%)
file196.119.218.2
XWorm botnet C2 server (confidence level: 100%)
file185.241.208.111
XWorm botnet C2 server (confidence level: 100%)
file147.185.221.24
XWorm botnet C2 server (confidence level: 100%)
file94.156.166.213
XWorm botnet C2 server (confidence level: 100%)
file3.140.253.241
XWorm botnet C2 server (confidence level: 100%)
file45.94.31.236
XWorm botnet C2 server (confidence level: 100%)
file185.7.214.54
XWorm botnet C2 server (confidence level: 100%)
file62.60.190.196
XWorm botnet C2 server (confidence level: 100%)
file87.120.115.209
XWorm botnet C2 server (confidence level: 100%)
file193.161.193.99
XWorm botnet C2 server (confidence level: 100%)
file91.84.104.75
Cobalt Strike botnet C2 server (confidence level: 100%)
file107.174.65.146
Remcos botnet C2 server (confidence level: 100%)
file195.177.94.177
Remcos botnet C2 server (confidence level: 100%)
file154.12.253.45
AsyncRAT botnet C2 server (confidence level: 100%)
file174.138.16.40
Unknown malware botnet C2 server (confidence level: 100%)
file82.165.150.130
Unknown malware botnet C2 server (confidence level: 100%)
file188.248.160.177
Quasar RAT botnet C2 server (confidence level: 100%)
file188.248.160.177
Quasar RAT botnet C2 server (confidence level: 100%)
file188.248.160.177
Quasar RAT botnet C2 server (confidence level: 100%)
file188.248.160.177
Quasar RAT botnet C2 server (confidence level: 100%)
file13.60.93.51
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file54.70.120.69
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file23.227.198.237
BianLian botnet C2 server (confidence level: 100%)
file5.255.106.12
BianLian botnet C2 server (confidence level: 100%)
file13.125.52.28
NetSupportManager RAT botnet C2 server (confidence level: 75%)
file146.70.87.141
Eye Pyramid botnet C2 server (confidence level: 75%)
file193.203.49.90
RansomHub botnet C2 server (confidence level: 75%)
file195.208.25.141
Eye Pyramid botnet C2 server (confidence level: 75%)
file94.154.35.99
DanaBot botnet C2 server (confidence level: 75%)
file124.222.48.227
Cobalt Strike botnet C2 server (confidence level: 50%)
file111.173.82.176
Cobalt Strike botnet C2 server (confidence level: 50%)
file124.223.33.83
Cobalt Strike botnet C2 server (confidence level: 50%)
file170.130.165.157
Cobalt Strike botnet C2 server (confidence level: 50%)
file170.130.165.157
Cobalt Strike botnet C2 server (confidence level: 50%)
file35.89.241.123
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file192.129.178.62
DCRat botnet C2 server (confidence level: 50%)
file101.43.166.60
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.232.205.36
FAKEUPDATES payload delivery server (confidence level: 100%)
file77.239.102.124
Cobalt Strike botnet C2 server (confidence level: 100%)
file80.66.76.39
Cobalt Strike botnet C2 server (confidence level: 100%)
file213.252.247.119
Remcos botnet C2 server (confidence level: 100%)
file128.90.128.199
AsyncRAT botnet C2 server (confidence level: 100%)
file31.57.166.52
AsyncRAT botnet C2 server (confidence level: 100%)
file194.164.194.149
Unknown malware botnet C2 server (confidence level: 100%)
file3.141.7.174
Havoc botnet C2 server (confidence level: 100%)
file91.132.51.35
ERMAC botnet C2 server (confidence level: 100%)
file85.235.151.5
BianLian botnet C2 server (confidence level: 100%)
file162.252.173.12
RansomHub botnet C2 server (confidence level: 100%)
file91.229.239.19
Sliver botnet C2 server (confidence level: 50%)
file159.223.207.140
Sliver botnet C2 server (confidence level: 50%)
file143.198.158.86
Sliver botnet C2 server (confidence level: 50%)
file120.79.150.243
Cobalt Strike botnet C2 server (confidence level: 75%)
file120.79.150.243
Cobalt Strike botnet C2 server (confidence level: 75%)
file52.54.142.255
Cobalt Strike botnet C2 server (confidence level: 75%)
file162.252.173.12
RansomHub botnet C2 server (confidence level: 75%)
file31.57.166.52
AsyncRAT botnet C2 server (confidence level: 75%)
file46.246.84.10
DCRat botnet C2 server (confidence level: 75%)
file89.148.137.44
QakBot botnet C2 server (confidence level: 75%)
file192.129.178.60
DCRat botnet C2 server (confidence level: 50%)
file192.129.178.61
DCRat botnet C2 server (confidence level: 50%)
file94.156.105.138
AsyncRAT botnet C2 server (confidence level: 50%)
file80.92.206.190
Nanocore RAT botnet C2 server (confidence level: 50%)
file34.248.255.15
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file3.142.177.119
Cobalt Strike botnet C2 server (confidence level: 50%)
file217.8.117.165
BitRAT botnet C2 server (confidence level: 100%)
file185.7.214.250
Remcos botnet C2 server (confidence level: 100%)
file185.62.190.121
Ave Maria botnet C2 server (confidence level: 100%)
file47.79.90.233
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.141.76.97
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.196.10.96
Remcos botnet C2 server (confidence level: 100%)
file51.159.167.68
Sliver botnet C2 server (confidence level: 100%)
file85.239.232.226
AsyncRAT botnet C2 server (confidence level: 100%)
file158.220.83.114
AsyncRAT botnet C2 server (confidence level: 100%)
file81.226.66.92
Quasar RAT botnet C2 server (confidence level: 100%)
file219.143.134.20
Havoc botnet C2 server (confidence level: 100%)
file123.136.93.211
Cobalt Strike botnet C2 server (confidence level: 50%)
file37.221.67.141
Cobalt Strike botnet C2 server (confidence level: 100%)
file193.134.210.161
Cobalt Strike botnet C2 server (confidence level: 100%)
file140.228.29.53
Remcos botnet C2 server (confidence level: 100%)
file94.156.105.136
AsyncRAT botnet C2 server (confidence level: 100%)
file176.65.144.125
AsyncRAT botnet C2 server (confidence level: 100%)
file38.255.37.248
AsyncRAT botnet C2 server (confidence level: 100%)
file38.255.37.248
AsyncRAT botnet C2 server (confidence level: 100%)
file37.27.248.226
Hook botnet C2 server (confidence level: 100%)
file92.255.85.21
Hook botnet C2 server (confidence level: 100%)
file104.168.12.21
Havoc botnet C2 server (confidence level: 100%)
file178.250.188.81
Venom RAT botnet C2 server (confidence level: 100%)
file18.193.6.217
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file5.181.158.24
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file185.87.150.205
Cobalt Strike botnet C2 server (confidence level: 75%)
file91.92.120.132
BeaverTail botnet C2 server (confidence level: 50%)
file70.184.193.3
Xtreme RAT botnet C2 server (confidence level: 50%)
file143.198.95.22
Sliver botnet C2 server (confidence level: 50%)
file144.34.161.75
Cobalt Strike botnet C2 server (confidence level: 75%)
file170.130.165.157
Cobalt Strike botnet C2 server (confidence level: 75%)
file185.87.150.205
Cobalt Strike botnet C2 server (confidence level: 75%)

Hash

ValueDescriptionCopy
hash43957
MooBot botnet C2 server (confidence level: 75%)
hash2596
NjRAT botnet C2 server (confidence level: 75%)
hash8181
Unknown malware botnet C2 server (confidence level: 100%)
hash8085
Remcos botnet C2 server (confidence level: 100%)
hash2222
AsyncRAT botnet C2 server (confidence level: 100%)
hash2222
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash14782
Quasar RAT botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash443
Latrodectus botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
SystemBC botnet C2 server (confidence level: 60%)
hash8443
Sliver botnet C2 server (confidence level: 100%)
hash5873
Unknown malware botnet C2 server (confidence level: 100%)
hash3000
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash7777
AsyncRAT botnet C2 server (confidence level: 100%)
hash15647
SectopRAT botnet C2 server (confidence level: 100%)
hash16189
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash13373
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash995
QakBot botnet C2 server (confidence level: 100%)
hash8690
Remcos botnet C2 server (confidence level: 75%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash61537
Quasar RAT botnet C2 server (confidence level: 100%)
hash4444
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash4056
AsyncRAT botnet C2 server (confidence level: 100%)
hash3232
AsyncRAT botnet C2 server (confidence level: 100%)
hash1860
AsyncRAT botnet C2 server (confidence level: 100%)
hash39687
AsyncRAT botnet C2 server (confidence level: 100%)
hash40021
AsyncRAT botnet C2 server (confidence level: 100%)
hash3232
AsyncRAT botnet C2 server (confidence level: 100%)
hash38672
AsyncRAT botnet C2 server (confidence level: 100%)
hash36411
AsyncRAT botnet C2 server (confidence level: 100%)
hash1700
AsyncRAT botnet C2 server (confidence level: 100%)
hash4449
AsyncRAT botnet C2 server (confidence level: 100%)
hash6070
XWorm botnet C2 server (confidence level: 100%)
hash7050
XWorm botnet C2 server (confidence level: 100%)
hash18557
XWorm botnet C2 server (confidence level: 100%)
hash1300
XWorm botnet C2 server (confidence level: 100%)
hash443
XWorm botnet C2 server (confidence level: 100%)
hash60000
XWorm botnet C2 server (confidence level: 100%)
hash4411
XWorm botnet C2 server (confidence level: 100%)
hash8000
XWorm botnet C2 server (confidence level: 100%)
hash5000
XWorm botnet C2 server (confidence level: 100%)
hash32899
XWorm botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1194
Remcos botnet C2 server (confidence level: 100%)
hash443
Remcos botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash2404
Quasar RAT botnet C2 server (confidence level: 100%)
hash7000
Quasar RAT botnet C2 server (confidence level: 100%)
hash37215
Quasar RAT botnet C2 server (confidence level: 100%)
hash47428
Quasar RAT botnet C2 server (confidence level: 100%)
hash9876
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash38035
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash13937
BianLian botnet C2 server (confidence level: 100%)
hash80
BianLian botnet C2 server (confidence level: 100%)
hash4730
NetSupportManager RAT botnet C2 server (confidence level: 75%)
hash8888
Eye Pyramid botnet C2 server (confidence level: 75%)
hash443
RansomHub botnet C2 server (confidence level: 75%)
hash8888
Eye Pyramid botnet C2 server (confidence level: 75%)
hash443
DanaBot botnet C2 server (confidence level: 75%)
hash1111
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 50%)
hash80
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 50%)
hash9084
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash9002
DCRat botnet C2 server (confidence level: 50%)
hash5555
Cobalt Strike botnet C2 server (confidence level: 100%)
hash362af8118f437f9139556c59437544ae1489376dc4118027c24c8d5ce4d84e48
Unknown Stealer payload (confidence level: 50%)
hash330dffe834ebbe4042747bbe00b4575629ba8f2507bccf746763cacf63d655bb
Unknown Stealer payload (confidence level: 50%)
hash33cba89eeeaf139a798b7fa07ff6919dd0c4c6cf4106b659e4e56f15b5809287
Unknown Stealer payload (confidence level: 50%)
hash552d53f473096c55a3937c8512a06863133a97c3478ad6b1535e1976d1e0d45f
Unknown Stealer payload (confidence level: 50%)
hash64209e2348e6d503ee518459d0487d636639fa5e5298d28093a5ad41390ef6b0
Unknown Stealer payload (confidence level: 50%)
hash67f371a683b2be4c8002f89492cd29d96dceabdbfd36641a27be761ee64605b1
Unknown Stealer payload (confidence level: 50%)
hash73ad6be67691b65cee251d098f2541eef3cab2853ad509dac72d8eff5bd85bc0
Unknown Stealer payload (confidence level: 50%)
hash7cbfbce482071c6df823f09d83c6868d0b1208e8ceb70147b64c52bb8b48bdb8
Unknown Stealer payload (confidence level: 50%)
hash839de445f714a32f36670b590eba7fc68b1115b885ac8d689d7b344189521012
Unknown Stealer payload (confidence level: 50%)
hashbea4f753707eba4088e8a51818d9de8e9ad0138495338402f05c5c7a800695a6
Unknown Stealer payload (confidence level: 50%)
hashf3c37b1de5983b30b9ae70c525f97727a56d3874533db1a6e3dc1355bfbf37ec
Unknown Stealer payload (confidence level: 50%)
hashfd0ef425d34b56d0bc08bd93e6ecb11541bd834b9d4d417187373b17055c862e
Unknown Stealer payload (confidence level: 50%)
hash443
FAKEUPDATES payload delivery server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1111
Remcos botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash5000
Havoc botnet C2 server (confidence level: 100%)
hash8082
ERMAC botnet C2 server (confidence level: 100%)
hash8080
BianLian botnet C2 server (confidence level: 100%)
hash8000
RansomHub botnet C2 server (confidence level: 100%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash2086
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
RansomHub botnet C2 server (confidence level: 75%)
hash6606
AsyncRAT botnet C2 server (confidence level: 75%)
hash3000
DCRat botnet C2 server (confidence level: 75%)
hash2222
QakBot botnet C2 server (confidence level: 75%)
hash9002
DCRat botnet C2 server (confidence level: 50%)
hash9002
DCRat botnet C2 server (confidence level: 50%)
hash444
AsyncRAT botnet C2 server (confidence level: 50%)
hash443
Nanocore RAT botnet C2 server (confidence level: 50%)
hash6653
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8080
BitRAT botnet C2 server (confidence level: 100%)
hash2426
Remcos botnet C2 server (confidence level: 100%)
hash5205
Ave Maria botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8085
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash6666
AsyncRAT botnet C2 server (confidence level: 100%)
hash1001
AsyncRAT botnet C2 server (confidence level: 100%)
hash25565
Quasar RAT botnet C2 server (confidence level: 100%)
hash8010
Havoc botnet C2 server (confidence level: 100%)
hash8036
Cobalt Strike botnet C2 server (confidence level: 50%)
hash3000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash4444
AsyncRAT botnet C2 server (confidence level: 100%)
hash1504
AsyncRAT botnet C2 server (confidence level: 100%)
hash8245
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash45051
Hook botnet C2 server (confidence level: 100%)
hash40056
Havoc botnet C2 server (confidence level: 100%)
hash8888
Venom RAT botnet C2 server (confidence level: 100%)
hash4433
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash597b84ba23e16b24ec17288981bbf65c84b6ba3bb07df6620378a1907692fb86
Mirai payload (confidence level: 50%)
hash6a070dc9614dbb9a76092258fdc8bd758f69126c73787dc7d2af9aebd436e7ec
Mirai payload (confidence level: 50%)
hashb41e29e745b69f3e8c11d105e7e050fd9e08ff1e22efd97fd4c239a9095d708b
Mirai payload (confidence level: 50%)
hashb5d1cf8b222162567f46281e792145774689c205701a02f3723cf6fb13a429de
Mirai payload (confidence level: 50%)
hash1e74bcd24e30947bd14cef6731ca63f69df060ba3dcac88b2321171335a6e8ef
Mirai payload (confidence level: 50%)
hashe06c3f5c32aaa422e66056290eb566065afe2ce611fe019f3ba804af939ac1a3
Mirai payload (confidence level: 50%)
hash80
BeaverTail botnet C2 server (confidence level: 50%)
hash3306
Xtreme RAT botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)

Threat ID: 68367c9a182aa0cae23257b7

Added to database: 5/28/2025, 3:01:46 AM

Last enriched: 6/27/2025, 10:21:11 AM

Last updated: 8/13/2025, 3:40:21 PM

Views: 19

Related Threats

A Mega Malware Analysis Tutorial Featuring Donut-Generated Shellcode

Medium
MalwareThu Aug 14 2025

PhantomCard: New NFC-driven Android malware emerging in Brazil

Medium
MalwareThu Aug 14 2025

ThreatFox IOCs for 2025-08-13

Medium
MalwareThu Aug 14 2025

Efimer Trojan Steals Crypto, Hacks WordPress Sites via Torrents and Phishing

Medium
MalwareWed Aug 13 2025

Silent Watcher: Dissecting Cmimai Stealer's VBS Payload

Medium
MalwareWed Aug 13 2025

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats