ThreatFox IOCs for 2025-01-31

Severity: mediumType: malware

AI Analysis

Technical Summary

The provided information describes a set of Indicators of Compromise (IOCs) from the ThreatFox MISP feed dated January 31, 2025, categorized under malware and OSINT (Open Source Intelligence). The data appears to be a collection of threat intelligence indicators related to network activity and payload delivery mechanisms. However, the details are sparse, with no specific affected product versions, no known exploits in the wild, and no patches available. The threat level is indicated as medium, with a threatLevel score of 2 (on an unspecified scale), analysis score of 1, and distribution score of 3, suggesting moderate dissemination but limited technical detail. The category tags imply that these IOCs are related to monitoring or detecting malicious network activity and payload delivery, which could be used by defenders to identify or block malware infections or intrusions. Since no specific malware family, attack vector, or vulnerability is described, this appears to be an intelligence feed update rather than a direct vulnerability or exploit. The absence of CWEs and patch information further supports that this is a threat intelligence update rather than a newly discovered vulnerability or active exploit. The TLP (Traffic Light Protocol) white tag indicates that the information is intended for public sharing without restriction. Overall, this entry represents a medium-severity malware-related threat intelligence update focusing on network activity and payload delivery indicators, useful for defensive monitoring but lacking detailed exploit or vulnerability context.

Potential Impact

For European organizations, the impact of this threat intelligence update is primarily in enhancing detection and response capabilities rather than indicating an immediate or active compromise risk. Since no specific exploit or vulnerability is identified, the direct risk to confidentiality, integrity, or availability is limited. However, the presence of new or updated IOCs related to malware payload delivery and network activity could help organizations identify ongoing or emerging malware campaigns targeting their networks. This can improve incident response times and reduce potential damage from malware infections. Organizations relying on threat intelligence feeds like ThreatFox can integrate these IOCs into their security monitoring tools (e.g., SIEM, IDS/IPS) to better detect malicious activity. The medium severity suggests that while the threat is not critical, it should not be ignored, especially in sectors with high exposure to malware attacks such as finance, critical infrastructure, and government. The lack of known exploits in the wild reduces immediate urgency but does not preclude future exploitation. Therefore, European organizations should consider this intelligence as part of their broader threat landscape awareness and maintain vigilance in monitoring network traffic and payload delivery attempts.

Mitigation Recommendations

1. Integrate the provided IOCs into existing security monitoring platforms such as SIEM, IDS/IPS, and endpoint detection and response (EDR) solutions to enhance detection capabilities. 2. Conduct regular network traffic analysis focusing on payload delivery patterns and anomalous network activity that align with the indicators. 3. Maintain up-to-date threat intelligence feeds and ensure security teams are trained to interpret and act on OSINT-derived indicators. 4. Implement network segmentation and strict egress filtering to limit the spread and communication of malware payloads within the network. 5. Conduct regular phishing and malware awareness training for employees to reduce the risk of initial infection vectors. 6. Perform routine vulnerability assessments and patch management to reduce the attack surface, even though no specific patches are indicated here. 7. Establish incident response playbooks that incorporate the use of updated IOCs for rapid containment and remediation. 8. Collaborate with national and European cybersecurity centers (e.g., ENISA) to share and receive timely threat intelligence updates.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland

Indicators of Compromise

url: http://touxzw.ir/sccc/five/pvqdq929bsx_a_d_m1n_a.php
url: http://52.229.166.98:8888/supershell/login/
url: http://47.97.114.229:8888/supershell/login/
url: https://occasional-peterson-blast-sussex.trycloudflare.com/cloudfls
url: https://ppdpharmaco.com/5k5g.js
domain: ppdpharmaco.com
url: https://ppdpharmaco.com/js.php
url: https://bit1.smogturfprance.shop/cacaduk.captcha
file: 18.217.210.12
hash: 43957
url: https://portable2016.top/work/original.js
domain: portable2016.top
url: https://portable2016.top/work/index.php
url: https://portable2016.top/work/upl.php
url: https://cansupeker.com/folder.zip
url: http://92.255.57.155/yxnwkvfks28y/login.php
domain: solve.zyde.org
domain: mstr-x2-giveaway.com
domain: saylor-giveaway.com
domain: saylor-giveaway.info
domain: saylor-giveaway.pro
domain: saylor-giveaways.com
domain: saylor-x2crypto.com
domain: saylor-x2giveaway.co
domain: saylor-x2giveaways.com
domain: saylorgiveaway.net
domain: saylorgiveaway.com
domain: airdrop-xrp.com
domain: bg-xrp.com
domain: brad-2x.com
domain: drop-xrp.com
domain: event-rockstar.com
domain: invest-cardano.com
domain: invest-solana.com
domain: ms2saylor.com
domain: spacex-events.com
domain: tvorotech.online
domain: inshdigit.sbs
domain: bartender.top
domain: solve.feqy.org
url: https://solve.zyde.org/awjsx.captcha
url: https://solve.feqy.org/awjsx.captcha
url: http://149.88.78.49:8888/supershell/login/
file: 5.75.234.8
hash: 2596
domain: j4n6foy.localto.net
url: https://dreamcloudsite.xyz/mzzkntlintu4ndhl/
file: 189.158.232.16
hash: 8181
file: 179.13.3.202
hash: 8085
file: 94.156.105.136
hash: 2222
file: 94.156.105.138
hash: 2222
file: 139.59.34.92
hash: 7443
file: 91.132.51.35
hash: 80
file: 111.227.97.43
hash: 14782
domain: accounts2.app-cloud.link
domain: api.adviseur-oakk.nl
file: 18.171.153.42
hash: 80
file: 93.88.203.80
hash: 443
file: 54.156.194.68
hash: 443
file: 78.41.139.3
hash: 80
file: 44.206.88.121
hash: 8443
file: 42.231.168.199
hash: 5873
file: 144.172.92.114
hash: 3000
file: 191.96.207.70
hash: 6606
file: 191.96.207.70
hash: 7707
file: 94.156.105.136
hash: 7777
file: 185.42.12.85
hash: 15647
file: 44.244.111.179
hash: 16189
file: 8.134.108.73
hash: 60000
file: 67.202.29.80
hash: 443
file: 168.119.57.134
hash: 13373
file: 13.60.58.82
hash: 80
file: 35.206.155.207
hash: 443
file: 3.228.159.27
hash: 443
file: 34.1.162.42
hash: 3333
file: 46.101.162.88
hash: 3333
file: 13.201.101.72
hash: 8443
file: 195.58.36.137
hash: 3333
file: 105.156.110.103
hash: 995
file: 198.46.178.132
hash: 8690
url: https://fashiontrends2023.biz/api
url: https://knowninshea.shop/api
url: https://sweepyribs.lat/api
url: https://spottyalle.biz/api
url: https://techgasreview.biz/api
domain: sohit13140-34151.portmap.host
domain: coluich1220.duckdns.org
domain: kaziahlds-23371.portmap.io
domain: happythepeppie.ddns.net
domain: ducksro.duckdns.org
domain: creditagricole.zapto.org
file: 124.170.69.79
hash: 4782
file: 87.228.57.81
hash: 4782
file: 109.248.151.166
hash: 61537
file: 100.120.140.9
hash: 4444
file: 112.134.23.228
hash: 4782
file: 125.25.56.200
hash: 4782
domain: deadpoolstart2035.duckdns.org
domain: deadpoolstart2036.duckdns.org
domain: bertel5.duckdns.org
domain: deadpoolstart2037.duckdns.org
file: 62.60.190.141
hash: 4056
file: 62.60.190.141
hash: 3232
file: 85.31.47.31
hash: 1860
file: 105.100.250.154
hash: 39687
file: 147.185.221.25
hash: 40021
file: 62.60.190.196
hash: 3232
file: 105.101.179.171
hash: 38672
file: 147.185.221.25
hash: 36411
file: 94.156.166.213
hash: 1700
file: 62.60.190.196
hash: 4449
domain: door-bottom.gl.at.ply.gg
domain: text-eh.gl.at.ply.gg
domain: large-weak.gl.at.ply.gg
domain: mean-signal.gl.at.ply.gg
domain: only-desk.gl.at.ply.gg
domain: hall-shine.gl.at.ply.gg
domain: systems-budget.gl.at.ply.gg
domain: put-welfare.gl.at.ply.gg
domain: projects-secretary.gl.at.ply.gg
domain: card-funny.gl.at.ply.gg
domain: rootsaul.work.gd
domain: break-aaron.gl.at.ply.gg
domain: female-adapter.gl.at.ply.gg
domain: egornigga-64579.portmap.host
domain: cheatjunkies.ru
domain: homepage-radios.gl.at.ply.gg
domain: lake-gui.gl.at.ply.gg
domain: conditions-protecting.gl.at.ply.gg
domain: goga123321-28259.portmap.host
file: 196.119.218.2
hash: 6070
file: 185.241.208.111
hash: 7050
file: 147.185.221.24
hash: 18557
file: 94.156.166.213
hash: 1300
file: 3.140.253.241
hash: 443
file: 45.94.31.236
hash: 60000
file: 185.7.214.54
hash: 4411
file: 62.60.190.196
hash: 8000
file: 87.120.115.209
hash: 5000
file: 193.161.193.99
hash: 32899
file: 91.84.104.75
hash: 443
file: 107.174.65.146
hash: 1194
file: 195.177.94.177
hash: 443
file: 154.12.253.45
hash: 6606
file: 174.138.16.40
hash: 7443
file: 82.165.150.130
hash: 7443
file: 188.248.160.177
hash: 2404
file: 188.248.160.177
hash: 7000
file: 188.248.160.177
hash: 37215
file: 188.248.160.177
hash: 47428
file: 13.60.93.51
hash: 9876
file: 54.70.120.69
hash: 38035
file: 23.227.198.237
hash: 13937
file: 5.255.106.12
hash: 80
url: https://tacscc.com/5s41.js
domain: tacscc.com
url: https://tacscc.com/js.php
file: 13.125.52.28
hash: 4730
file: 146.70.87.141
hash: 8888
file: 193.203.49.90
hash: 443
file: 195.208.25.141
hash: 8888
file: 94.154.35.99
hash: 443
domain: solve.wyji.org
file: 124.222.48.227
hash: 1111
file: 111.173.82.176
hash: 8443
file: 124.223.33.83
hash: 4433
file: 170.130.165.157
hash: 80
file: 170.130.165.157
hash: 8080
file: 35.89.241.123
hash: 9084
file: 192.129.178.62
hash: 9002
url: http://154.216.20.246/4bbfd212e4bc2b67.php
url: http://51.21.41.165:5555/
url: https://pastebin.com/raw/mwg2cxem
domain: grahthousand-64131.portmap.host
domain: per-cassette.gl.at.ply.gg
domain: acttwindows.duckdns.org
url: https://pastebin.com/raw/86kgq8zf
domain: eoogg.top
file: 101.43.166.60
hash: 5555
domain: wp-cdn.top
hash: 362af8118f437f9139556c59437544ae1489376dc4118027c24c8d5ce4d84e48
hash: 330dffe834ebbe4042747bbe00b4575629ba8f2507bccf746763cacf63d655bb
hash: 33cba89eeeaf139a798b7fa07ff6919dd0c4c6cf4106b659e4e56f15b5809287
hash: 552d53f473096c55a3937c8512a06863133a97c3478ad6b1535e1976d1e0d45f
hash: 64209e2348e6d503ee518459d0487d636639fa5e5298d28093a5ad41390ef6b0
hash: 67f371a683b2be4c8002f89492cd29d96dceabdbfd36641a27be761ee64605b1
hash: 73ad6be67691b65cee251d098f2541eef3cab2853ad509dac72d8eff5bd85bc0
hash: 7cbfbce482071c6df823f09d83c6868d0b1208e8ceb70147b64c52bb8b48bdb8
hash: 839de445f714a32f36670b590eba7fc68b1115b885ac8d689d7b344189521012
hash: bea4f753707eba4088e8a51818d9de8e9ad0138495338402f05c5c7a800695a6
hash: f3c37b1de5983b30b9ae70c525f97727a56d3874533db1a6e3dc1355bfbf37ec
hash: fd0ef425d34b56d0bc08bd93e6ecb11541bd834b9d4d417187373b17055c862e
domain: geraatualiza.com
domain: masterdow.com
domain: geraupdate.com
url: https://btee.geontrigame.com/mvkrouhawm
url: https://qmnw.daowsistem.com/fayikyeund
url: https://bhju.daowsistem.com/iwywybzqxk
url: https://lgfd.daowsistem.com/riqojhyvnr
url: https://leme.daowsistem.com/omzowcicwp
url: https://igow.scortma.com/fqieghffbm
url: https://quit.scortma.com/xzcpnnfhxi
url: https://llue.geontrigame.com/byyyfydxyf
url: https://cxmp.scortma.com/qfutdbtqqu
url: https://xrxw.scortma.com/gmdroacyvi
url: https://qfab.geontrigame.com/vfofnzihsm
url: https://tbet.geontrigame.com/zxchzzmism
url: https://yezh.geontrigame.com/vxewhcacbfqnsw
domain: solve.qabi.org
file: 185.232.205.36
hash: 443
url: https://getyour.cyou
domain: getyour.cyou
file: 77.239.102.124
hash: 80
file: 80.66.76.39
hash: 80
file: 213.252.247.119
hash: 1111
file: 128.90.128.199
hash: 8808
file: 31.57.166.52
hash: 7707
file: 194.164.194.149
hash: 7443
file: 3.141.7.174
hash: 5000
file: 91.132.51.35
hash: 8082
file: 85.235.151.5
hash: 8080
file: 162.252.173.12
hash: 8000
file: 91.229.239.19
hash: 31337
file: 159.223.207.140
hash: 31337
file: 143.198.158.86
hash: 31337
domain: urabotnet.duckdns.org
domain: change-harvest.gl.at.ply.gg
domain: www.gzxingyu.cloud
file: 120.79.150.243
hash: 2086
file: 120.79.150.243
hash: 443
file: 52.54.142.255
hash: 443
file: 162.252.173.12
hash: 443
file: 31.57.166.52
hash: 6606
file: 46.246.84.10
hash: 3000
file: 89.148.137.44
hash: 2222
url: https://gameofthronesmemes.top/work/original.js
domain: gameofthronesmemes.top
url: https://gameofthronesmemes.top/work/index.php
url: https://gameofthronesmemes.top/work/upl.php
file: 192.129.178.60
hash: 9002
file: 192.129.178.61
hash: 9002
file: 94.156.105.138
hash: 444
file: 80.92.206.190
hash: 443
file: 34.248.255.15
hash: 6653
file: 3.142.177.119
hash: 443
url: https://muscleinitai.biz/api
url: https://bmdcompany.com/
file: 217.8.117.165
hash: 8080
file: 185.7.214.250
hash: 2426
domain: nicekboupdatedgood.duckdns.org
domain: www.caravanehamburg.de
domain: enviameplata.kozow.com
file: 185.62.190.121
hash: 5205
file: 47.79.90.233
hash: 80
file: 45.141.76.97
hash: 8085
file: 185.196.10.96
hash: 2404
file: 51.159.167.68
hash: 443
file: 85.239.232.226
hash: 6666
file: 158.220.83.114
hash: 1001
file: 81.226.66.92
hash: 25565
file: 219.143.134.20
hash: 8010
domain: office.miicrosofts.org
url: http://ffjihcnfkhihlmd.top/1.php
file: 123.136.93.211
hash: 8036
url: http://192.168.130.131:443/hqky
url: http://192.10.135.210:45577/mozi.m
file: 37.221.67.141
hash: 3000
file: 193.134.210.161
hash: 443
file: 140.228.29.53
hash: 2404
file: 94.156.105.136
hash: 4444
file: 176.65.144.125
hash: 1504
file: 38.255.37.248
hash: 8245
file: 38.255.37.248
hash: 8808
file: 37.27.248.226
hash: 80
file: 92.255.85.21
hash: 45051
file: 104.168.12.21
hash: 40056
file: 178.250.188.81
hash: 8888
file: 18.193.6.217
hash: 4433
file: 5.181.158.24
hash: 443
domain: helpdesk.technicalsecurityops.org
file: 185.87.150.205
hash: 53
domain: theeyefirewall.su
hash: 597b84ba23e16b24ec17288981bbf65c84b6ba3bb07df6620378a1907692fb86
hash: 6a070dc9614dbb9a76092258fdc8bd758f69126c73787dc7d2af9aebd436e7ec
hash: b41e29e745b69f3e8c11d105e7e050fd9e08ff1e22efd97fd4c239a9095d708b
hash: b5d1cf8b222162567f46281e792145774689c205701a02f3723cf6fb13a429de
hash: 1e74bcd24e30947bd14cef6731ca63f69df060ba3dcac88b2321171335a6e8ef
hash: e06c3f5c32aaa422e66056290eb566065afe2ce611fe019f3ba804af939ac1a3
domain: lanmangraphics.com
domain: errorreporting.net
domain: internalsecurity.us
domain: tieringservice.com
domain: automation-embedding.com
domain: retaildemo.info
domain: enrollmentdm.com
domain: underwearshopfor.com
domain: rss-feed-monitoring.com
domain: futuresfurnitures.com
domain: lookup.ink
domain: background-services.net
domain: cloud-mail.ink
file: 91.92.120.132
hash: 80
file: 70.184.193.3
hash: 3306
file: 143.198.95.22
hash: 31337
domain: js.sfqj321.buzz
domain: wehelpgood.xyz
file: 144.34.161.75
hash: 8080
file: 170.130.165.157
hash: 443
file: 185.87.150.205
hash: 443

ThreatFox IOCs for 2025-01-31

Severity: medium

Type: malware

ThreatFox IOCs for 2025-01-31

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland

Indicators of Compromise

url: http://touxzw.ir/sccc/five/pvqdq929bsx_a_d_m1n_a.php
url: http://52.229.166.98:8888/supershell/login/
url: http://47.97.114.229:8888/supershell/login/
url: https://occasional-peterson-blast-sussex.trycloudflare.com/cloudfls
url: https://ppdpharmaco.com/5k5g.js
domain: ppdpharmaco.com
url: https://ppdpharmaco.com/js.php
url: https://bit1.smogturfprance.shop/cacaduk.captcha
file: 18.217.210.12
hash: 43957
url: https://portable2016.top/work/original.js
domain: portable2016.top
url: https://portable2016.top/work/index.php
url: https://portable2016.top/work/upl.php
url: https://cansupeker.com/folder.zip
url: http://92.255.57.155/yxnwkvfks28y/login.php
domain: solve.zyde.org
domain: mstr-x2-giveaway.com
domain: saylor-giveaway.com
domain: saylor-giveaway.info
domain: saylor-giveaway.pro
domain: saylor-giveaways.com
domain: saylor-x2crypto.com
domain: saylor-x2giveaway.co
domain: saylor-x2giveaways.com
domain: saylorgiveaway.net
domain: saylorgiveaway.com
domain: airdrop-xrp.com
domain: bg-xrp.com
domain: brad-2x.com
domain: drop-xrp.com
domain: event-rockstar.com
domain: invest-cardano.com
domain: invest-solana.com
domain: ms2saylor.com
domain: spacex-events.com
domain: tvorotech.online
domain: inshdigit.sbs
domain: bartender.top
domain: solve.feqy.org
url: https://solve.zyde.org/awjsx.captcha
url: https://solve.feqy.org/awjsx.captcha
url: http://149.88.78.49:8888/supershell/login/
file: 5.75.234.8
hash: 2596
domain: j4n6foy.localto.net
url: https://dreamcloudsite.xyz/mzzkntlintu4ndhl/
file: 189.158.232.16
hash: 8181
file: 179.13.3.202
hash: 8085
file: 94.156.105.136
hash: 2222
file: 94.156.105.138
hash: 2222
file: 139.59.34.92
hash: 7443
file: 91.132.51.35
hash: 80
file: 111.227.97.43
hash: 14782
domain: accounts2.app-cloud.link
domain: api.adviseur-oakk.nl
file: 18.171.153.42
hash: 80
file: 93.88.203.80
hash: 443
file: 54.156.194.68
hash: 443
file: 78.41.139.3
hash: 80
file: 44.206.88.121
hash: 8443
file: 42.231.168.199
hash: 5873
file: 144.172.92.114
hash: 3000
file: 191.96.207.70
hash: 6606
file: 191.96.207.70
hash: 7707
file: 94.156.105.136
hash: 7777
file: 185.42.12.85
hash: 15647
file: 44.244.111.179
hash: 16189
file: 8.134.108.73
hash: 60000
file: 67.202.29.80
hash: 443
file: 168.119.57.134
hash: 13373
file: 13.60.58.82
hash: 80
file: 35.206.155.207
hash: 443
file: 3.228.159.27
hash: 443
file: 34.1.162.42
hash: 3333
file: 46.101.162.88
hash: 3333
file: 13.201.101.72
hash: 8443
file: 195.58.36.137
hash: 3333
file: 105.156.110.103
hash: 995
file: 198.46.178.132
hash: 8690
url: https://fashiontrends2023.biz/api
url: https://knowninshea.shop/api
url: https://sweepyribs.lat/api
url: https://spottyalle.biz/api
url: https://techgasreview.biz/api
domain: sohit13140-34151.portmap.host
domain: coluich1220.duckdns.org
domain: kaziahlds-23371.portmap.io
domain: happythepeppie.ddns.net
domain: ducksro.duckdns.org
domain: creditagricole.zapto.org
file: 124.170.69.79
hash: 4782
file: 87.228.57.81
hash: 4782
file: 109.248.151.166
hash: 61537
file: 100.120.140.9
hash: 4444
file: 112.134.23.228
hash: 4782
file: 125.25.56.200
hash: 4782
domain: deadpoolstart2035.duckdns.org
domain: deadpoolstart2036.duckdns.org
domain: bertel5.duckdns.org
domain: deadpoolstart2037.duckdns.org
file: 62.60.190.141
hash: 4056
file: 62.60.190.141
hash: 3232
file: 85.31.47.31
hash: 1860
file: 105.100.250.154
hash: 39687
file: 147.185.221.25
hash: 40021
file: 62.60.190.196
hash: 3232
file: 105.101.179.171
hash: 38672
file: 147.185.221.25
hash: 36411
file: 94.156.166.213
hash: 1700
file: 62.60.190.196
hash: 4449
domain: door-bottom.gl.at.ply.gg
domain: text-eh.gl.at.ply.gg
domain: large-weak.gl.at.ply.gg
domain: mean-signal.gl.at.ply.gg
domain: only-desk.gl.at.ply.gg
domain: hall-shine.gl.at.ply.gg
domain: systems-budget.gl.at.ply.gg
domain: put-welfare.gl.at.ply.gg
domain: projects-secretary.gl.at.ply.gg
domain: card-funny.gl.at.ply.gg
domain: rootsaul.work.gd
domain: break-aaron.gl.at.ply.gg
domain: female-adapter.gl.at.ply.gg
domain: egornigga-64579.portmap.host
domain: cheatjunkies.ru
domain: homepage-radios.gl.at.ply.gg
domain: lake-gui.gl.at.ply.gg
domain: conditions-protecting.gl.at.ply.gg
domain: goga123321-28259.portmap.host
file: 196.119.218.2
hash: 6070
file: 185.241.208.111
hash: 7050
file: 147.185.221.24
hash: 18557
file: 94.156.166.213
hash: 1300
file: 3.140.253.241
hash: 443
file: 45.94.31.236
hash: 60000
file: 185.7.214.54
hash: 4411
file: 62.60.190.196
hash: 8000
file: 87.120.115.209
hash: 5000
file: 193.161.193.99
hash: 32899
file: 91.84.104.75
hash: 443
file: 107.174.65.146
hash: 1194
file: 195.177.94.177
hash: 443
file: 154.12.253.45
hash: 6606
file: 174.138.16.40
hash: 7443
file: 82.165.150.130
hash: 7443
file: 188.248.160.177
hash: 2404
file: 188.248.160.177
hash: 7000
file: 188.248.160.177
hash: 37215
file: 188.248.160.177
hash: 47428
file: 13.60.93.51
hash: 9876
file: 54.70.120.69
hash: 38035
file: 23.227.198.237
hash: 13937
file: 5.255.106.12
hash: 80
url: https://tacscc.com/5s41.js
domain: tacscc.com
url: https://tacscc.com/js.php
file: 13.125.52.28
hash: 4730
file: 146.70.87.141
hash: 8888
file: 193.203.49.90
hash: 443
file: 195.208.25.141
hash: 8888
file: 94.154.35.99
hash: 443
domain: solve.wyji.org
file: 124.222.48.227
hash: 1111
file: 111.173.82.176
hash: 8443
file: 124.223.33.83
hash: 4433
file: 170.130.165.157
hash: 80
file: 170.130.165.157
hash: 8080
file: 35.89.241.123
hash: 9084
file: 192.129.178.62
hash: 9002
url: http://154.216.20.246/4bbfd212e4bc2b67.php
url: http://51.21.41.165:5555/
url: https://pastebin.com/raw/mwg2cxem
domain: grahthousand-64131.portmap.host
domain: per-cassette.gl.at.ply.gg
domain: acttwindows.duckdns.org
url: https://pastebin.com/raw/86kgq8zf
domain: eoogg.top
file: 101.43.166.60
hash: 5555
domain: wp-cdn.top
hash: 362af8118f437f9139556c59437544ae1489376dc4118027c24c8d5ce4d84e48
hash: 330dffe834ebbe4042747bbe00b4575629ba8f2507bccf746763cacf63d655bb
hash: 33cba89eeeaf139a798b7fa07ff6919dd0c4c6cf4106b659e4e56f15b5809287
hash: 552d53f473096c55a3937c8512a06863133a97c3478ad6b1535e1976d1e0d45f
hash: 64209e2348e6d503ee518459d0487d636639fa5e5298d28093a5ad41390ef6b0
hash: 67f371a683b2be4c8002f89492cd29d96dceabdbfd36641a27be761ee64605b1
hash: 73ad6be67691b65cee251d098f2541eef3cab2853ad509dac72d8eff5bd85bc0
hash: 7cbfbce482071c6df823f09d83c6868d0b1208e8ceb70147b64c52bb8b48bdb8
hash: 839de445f714a32f36670b590eba7fc68b1115b885ac8d689d7b344189521012
hash: bea4f753707eba4088e8a51818d9de8e9ad0138495338402f05c5c7a800695a6
hash: f3c37b1de5983b30b9ae70c525f97727a56d3874533db1a6e3dc1355bfbf37ec
hash: fd0ef425d34b56d0bc08bd93e6ecb11541bd834b9d4d417187373b17055c862e
domain: geraatualiza.com
domain: masterdow.com
domain: geraupdate.com
url: https://btee.geontrigame.com/mvkrouhawm
url: https://qmnw.daowsistem.com/fayikyeund
url: https://bhju.daowsistem.com/iwywybzqxk
url: https://lgfd.daowsistem.com/riqojhyvnr
url: https://leme.daowsistem.com/omzowcicwp
url: https://igow.scortma.com/fqieghffbm
url: https://quit.scortma.com/xzcpnnfhxi
url: https://llue.geontrigame.com/byyyfydxyf
url: https://cxmp.scortma.com/qfutdbtqqu
url: https://xrxw.scortma.com/gmdroacyvi
url: https://qfab.geontrigame.com/vfofnzihsm
url: https://tbet.geontrigame.com/zxchzzmism
url: https://yezh.geontrigame.com/vxewhcacbfqnsw
domain: solve.qabi.org
file: 185.232.205.36
hash: 443
url: https://getyour.cyou
domain: getyour.cyou
file: 77.239.102.124
hash: 80
file: 80.66.76.39
hash: 80
file: 213.252.247.119
hash: 1111
file: 128.90.128.199
hash: 8808
file: 31.57.166.52
hash: 7707
file: 194.164.194.149
hash: 7443
file: 3.141.7.174
hash: 5000
file: 91.132.51.35
hash: 8082
file: 85.235.151.5
hash: 8080
file: 162.252.173.12
hash: 8000
file: 91.229.239.19
hash: 31337
file: 159.223.207.140
hash: 31337
file: 143.198.158.86
hash: 31337
domain: urabotnet.duckdns.org
domain: change-harvest.gl.at.ply.gg
domain: www.gzxingyu.cloud
file: 120.79.150.243
hash: 2086
file: 120.79.150.243
hash: 443
file: 52.54.142.255
hash: 443
file: 162.252.173.12
hash: 443
file: 31.57.166.52
hash: 6606
file: 46.246.84.10
hash: 3000
file: 89.148.137.44
hash: 2222
url: https://gameofthronesmemes.top/work/original.js
domain: gameofthronesmemes.top
url: https://gameofthronesmemes.top/work/index.php
url: https://gameofthronesmemes.top/work/upl.php
file: 192.129.178.60
hash: 9002
file: 192.129.178.61
hash: 9002
file: 94.156.105.138
hash: 444
file: 80.92.206.190
hash: 443
file: 34.248.255.15
hash: 6653
file: 3.142.177.119
hash: 443
url: https://muscleinitai.biz/api
url: https://bmdcompany.com/
file: 217.8.117.165
hash: 8080
file: 185.7.214.250
hash: 2426
domain: nicekboupdatedgood.duckdns.org
domain: www.caravanehamburg.de
domain: enviameplata.kozow.com
file: 185.62.190.121
hash: 5205
file: 47.79.90.233
hash: 80
file: 45.141.76.97
hash: 8085
file: 185.196.10.96
hash: 2404
file: 51.159.167.68
hash: 443
file: 85.239.232.226
hash: 6666
file: 158.220.83.114
hash: 1001
file: 81.226.66.92
hash: 25565
file: 219.143.134.20
hash: 8010
domain: office.miicrosofts.org
url: http://ffjihcnfkhihlmd.top/1.php
file: 123.136.93.211
hash: 8036
url: http://192.168.130.131:443/hqky
url: http://192.10.135.210:45577/mozi.m
file: 37.221.67.141
hash: 3000
file: 193.134.210.161
hash: 443
file: 140.228.29.53
hash: 2404
file: 94.156.105.136
hash: 4444
file: 176.65.144.125
hash: 1504
file: 38.255.37.248
hash: 8245
file: 38.255.37.248
hash: 8808
file: 37.27.248.226
hash: 80
file: 92.255.85.21
hash: 45051
file: 104.168.12.21
hash: 40056
file: 178.250.188.81
hash: 8888
file: 18.193.6.217
hash: 4433
file: 5.181.158.24
hash: 443
domain: helpdesk.technicalsecurityops.org
file: 185.87.150.205
hash: 53
domain: theeyefirewall.su
hash: 597b84ba23e16b24ec17288981bbf65c84b6ba3bb07df6620378a1907692fb86
hash: 6a070dc9614dbb9a76092258fdc8bd758f69126c73787dc7d2af9aebd436e7ec
hash: b41e29e745b69f3e8c11d105e7e050fd9e08ff1e22efd97fd4c239a9095d708b
hash: b5d1cf8b222162567f46281e792145774689c205701a02f3723cf6fb13a429de
hash: 1e74bcd24e30947bd14cef6731ca63f69df060ba3dcac88b2321171335a6e8ef
hash: e06c3f5c32aaa422e66056290eb566065afe2ce611fe019f3ba804af939ac1a3
domain: lanmangraphics.com
domain: errorreporting.net
domain: internalsecurity.us
domain: tieringservice.com
domain: automation-embedding.com
domain: retaildemo.info
domain: enrollmentdm.com
domain: underwearshopfor.com
domain: rss-feed-monitoring.com
domain: futuresfurnitures.com
domain: lookup.ink
domain: background-services.net
domain: cloud-mail.ink
file: 91.92.120.132
hash: 80
file: 70.184.193.3
hash: 3306
file: 143.198.95.22
hash: 31337
domain: js.sfqj321.buzz
domain: wehelpgood.xyz
file: 144.34.161.75
hash: 8080
file: 170.130.165.157
hash: 443
file: 185.87.150.205
hash: 443

Source: ThreatFox MISP Feed

Published: Fri Jan 31 2025

ThreatFox IOCs for 2025-01-31

Medium

Malwaretype:osint tlp:white

Published: Fri Jan 31 2025 (01/31/2025, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2025-01-31

AI-Powered Analysis

AILast updated: 06/27/2025, 10:21:11 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: e7599bde-2cd6-47a5-8cdf-be7ec9899110
Original Timestamp: 1738368186

Indicators of Compromise

Url

Value	Description	Copy
urlhttp://touxzw.ir/sccc/five/pvqdq929bsx_a_d_m1n_a.php	LokiBot botnet C2 (confidence level: 100%)
urlhttp://52.229.166.98:8888/supershell/login/	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://47.97.114.229:8888/supershell/login/	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://occasional-peterson-blast-sussex.trycloudflare.com/cloudfls	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://ppdpharmaco.com/5k5g.js	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://ppdpharmaco.com/js.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://bit1.smogturfprance.shop/cacaduk.captcha	Unknown Loader payload delivery URL (confidence level: 50%)
urlhttps://portable2016.top/work/original.js	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://portable2016.top/work/index.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://portable2016.top/work/upl.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://cansupeker.com/folder.zip	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://92.255.57.155/yxnwkvfks28y/login.php	Amadey botnet C2 (confidence level: 100%)
urlhttps://solve.zyde.org/awjsx.captcha	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://solve.feqy.org/awjsx.captcha	ClearFake payload delivery URL (confidence level: 100%)
urlhttp://149.88.78.49:8888/supershell/login/	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://dreamcloudsite.xyz/mzzkntlintu4ndhl/	Coper botnet C2 (confidence level: 100%)
urlhttps://fashiontrends2023.biz/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://knowninshea.shop/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://sweepyribs.lat/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://spottyalle.biz/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://techgasreview.biz/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://tacscc.com/5s41.js	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://tacscc.com/js.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://154.216.20.246/4bbfd212e4bc2b67.php	Stealc botnet C2 (confidence level: 50%)
urlhttp://51.21.41.165:5555/	Unknown malware botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/mwg2cxem	AsyncRAT botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/86kgq8zf	XWorm botnet C2 (confidence level: 50%)
urlhttps://btee.geontrigame.com/mvkrouhawm	Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://qmnw.daowsistem.com/fayikyeund	Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://bhju.daowsistem.com/iwywybzqxk	Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://lgfd.daowsistem.com/riqojhyvnr	Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://leme.daowsistem.com/omzowcicwp	Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://igow.scortma.com/fqieghffbm	Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://quit.scortma.com/xzcpnnfhxi	Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://llue.geontrigame.com/byyyfydxyf	Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://cxmp.scortma.com/qfutdbtqqu	Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://xrxw.scortma.com/gmdroacyvi	Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://qfab.geontrigame.com/vfofnzihsm	Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://tbet.geontrigame.com/zxchzzmism	Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://yezh.geontrigame.com/vxewhcacbfqnsw	Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://getyour.cyou	Vidar botnet C2 (confidence level: 100%)
urlhttps://gameofthronesmemes.top/work/original.js	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://gameofthronesmemes.top/work/index.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://gameofthronesmemes.top/work/upl.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://muscleinitai.biz/api	Lumma Stealer botnet C2 (confidence level: 50%)
urlhttps://bmdcompany.com/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://ffjihcnfkhihlmd.top/1.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://192.168.130.131:443/hqky	Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://192.10.135.210:45577/mozi.m	Mozi payload delivery URL (confidence level: 50%)

Domain

Value	Description	Copy
domainppdpharmaco.com	FAKEUPDATES payload delivery domain (confidence level: 100%)
domainportable2016.top	FAKEUPDATES payload delivery domain (confidence level: 100%)
domainsolve.zyde.org	ClearFake payload delivery domain (confidence level: 100%)
domainmstr-x2-giveaway.com	CryptoNight payload delivery domain (confidence level: 50%)
domainsaylor-giveaway.com	CryptoNight payload delivery domain (confidence level: 50%)
domainsaylor-giveaway.info	CryptoNight payload delivery domain (confidence level: 50%)
domainsaylor-giveaway.pro	CryptoNight payload delivery domain (confidence level: 50%)
domainsaylor-giveaways.com	CryptoNight payload delivery domain (confidence level: 50%)
domainsaylor-x2crypto.com	CryptoNight payload delivery domain (confidence level: 50%)
domainsaylor-x2giveaway.co	CryptoNight payload delivery domain (confidence level: 50%)
domainsaylor-x2giveaways.com	CryptoNight payload delivery domain (confidence level: 50%)
domainsaylorgiveaway.net	CryptoNight payload delivery domain (confidence level: 50%)
domainsaylorgiveaway.com	CryptoNight payload delivery domain (confidence level: 50%)
domainairdrop-xrp.com	CryptoNight payload delivery domain (confidence level: 50%)
domainbg-xrp.com	CryptoNight payload delivery domain (confidence level: 50%)
domainbrad-2x.com	CryptoNight payload delivery domain (confidence level: 50%)
domaindrop-xrp.com	CryptoNight payload delivery domain (confidence level: 50%)
domainevent-rockstar.com	CryptoNight payload delivery domain (confidence level: 50%)
domaininvest-cardano.com	CryptoNight payload delivery domain (confidence level: 50%)
domaininvest-solana.com	CryptoNight payload delivery domain (confidence level: 50%)
domainms2saylor.com	CryptoNight payload delivery domain (confidence level: 50%)
domainspacex-events.com	CryptoNight payload delivery domain (confidence level: 50%)
domaintvorotech.online	magecart credit card skimming domain (confidence level: 100%)
domaininshdigit.sbs	magecart credit card skimming domain (confidence level: 100%)
domainbartender.top	magecart credit card skimming domain (confidence level: 100%)
domainsolve.feqy.org	ClearFake payload delivery domain (confidence level: 100%)
domainj4n6foy.localto.net	NjRAT botnet C2 domain (confidence level: 75%)
domainaccounts2.app-cloud.link	Havoc botnet C2 domain (confidence level: 100%)
domainapi.adviseur-oakk.nl	Havoc botnet C2 domain (confidence level: 100%)
domainsohit13140-34151.portmap.host	Quasar RAT botnet C2 domain (confidence level: 100%)
domaincoluich1220.duckdns.org	Quasar RAT botnet C2 domain (confidence level: 100%)
domainkaziahlds-23371.portmap.io	Quasar RAT botnet C2 domain (confidence level: 100%)
domainhappythepeppie.ddns.net	Quasar RAT botnet C2 domain (confidence level: 100%)
domainducksro.duckdns.org	Quasar RAT botnet C2 domain (confidence level: 100%)
domaincreditagricole.zapto.org	Quasar RAT botnet C2 domain (confidence level: 100%)
domaindeadpoolstart2035.duckdns.org	AsyncRAT botnet C2 domain (confidence level: 100%)
domaindeadpoolstart2036.duckdns.org	AsyncRAT botnet C2 domain (confidence level: 100%)
domainbertel5.duckdns.org	AsyncRAT botnet C2 domain (confidence level: 100%)
domaindeadpoolstart2037.duckdns.org	AsyncRAT botnet C2 domain (confidence level: 100%)
domaindoor-bottom.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domaintext-eh.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainlarge-weak.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainmean-signal.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainonly-desk.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainhall-shine.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainsystems-budget.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainput-welfare.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainprojects-secretary.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domaincard-funny.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainrootsaul.work.gd	XWorm botnet C2 domain (confidence level: 100%)
domainbreak-aaron.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainfemale-adapter.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainegornigga-64579.portmap.host	XWorm botnet C2 domain (confidence level: 100%)
domaincheatjunkies.ru	XWorm botnet C2 domain (confidence level: 100%)
domainhomepage-radios.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainlake-gui.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainconditions-protecting.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domaingoga123321-28259.portmap.host	XWorm botnet C2 domain (confidence level: 100%)
domaintacscc.com	FAKEUPDATES payload delivery domain (confidence level: 100%)
domainsolve.wyji.org	ClearFake payload delivery domain (confidence level: 100%)
domaingrahthousand-64131.portmap.host	AsyncRAT botnet C2 domain (confidence level: 50%)
domainper-cassette.gl.at.ply.gg	Quasar RAT botnet C2 domain (confidence level: 50%)
domainacttwindows.duckdns.org	Remcos botnet C2 domain (confidence level: 50%)
domaineoogg.top	FAKEUPDATES payload delivery domain (confidence level: 50%)
domainwp-cdn.top	Unknown malware payload delivery domain (confidence level: 100%)
domaingeraatualiza.com	Unknown Stealer botnet C2 domain (confidence level: 50%)
domainmasterdow.com	Unknown Stealer botnet C2 domain (confidence level: 50%)
domaingeraupdate.com	Unknown Stealer botnet C2 domain (confidence level: 50%)
domainsolve.qabi.org	ClearFake payload delivery domain (confidence level: 100%)
domaingetyour.cyou	Vidar botnet C2 domain (confidence level: 100%)
domainurabotnet.duckdns.org	Mirai botnet C2 domain (confidence level: 50%)
domainchange-harvest.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domainwww.gzxingyu.cloud	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaingameofthronesmemes.top	FAKEUPDATES payload delivery domain (confidence level: 100%)
domainnicekboupdatedgood.duckdns.org	Remcos botnet C2 domain (confidence level: 100%)
domainwww.caravanehamburg.de	Remcos botnet C2 domain (confidence level: 100%)
domainenviameplata.kozow.com	Remcos botnet C2 domain (confidence level: 100%)
domainoffice.miicrosofts.org	Unknown malware botnet C2 domain (confidence level: 100%)
domainhelpdesk.technicalsecurityops.org	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaintheeyefirewall.su	Mirai botnet C2 domain (confidence level: 50%)
domainlanmangraphics.com	Unknown malware botnet C2 domain (confidence level: 50%)
domainerrorreporting.net	Unknown malware botnet C2 domain (confidence level: 50%)
domaininternalsecurity.us	Unknown malware botnet C2 domain (confidence level: 50%)
domaintieringservice.com	Unknown malware botnet C2 domain (confidence level: 50%)
domainautomation-embedding.com	Unknown malware botnet C2 domain (confidence level: 50%)
domainretaildemo.info	Unknown malware botnet C2 domain (confidence level: 50%)
domainenrollmentdm.com	Unknown malware botnet C2 domain (confidence level: 50%)
domainunderwearshopfor.com	Unknown malware botnet C2 domain (confidence level: 50%)
domainrss-feed-monitoring.com	Unknown malware botnet C2 domain (confidence level: 50%)
domainfuturesfurnitures.com	Unknown malware botnet C2 domain (confidence level: 50%)
domainlookup.ink	HATVIBE botnet C2 domain (confidence level: 50%)
domainbackground-services.net	HATVIBE botnet C2 domain (confidence level: 50%)
domaincloud-mail.ink	Unknown malware botnet C2 domain (confidence level: 50%)
domainjs.sfqj321.buzz	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainwehelpgood.xyz	Cobalt Strike botnet C2 domain (confidence level: 75%)

File

Value	Description	Copy
file18.217.210.12	MooBot botnet C2 server (confidence level: 75%)
file5.75.234.8	NjRAT botnet C2 server (confidence level: 75%)
file189.158.232.16	Unknown malware botnet C2 server (confidence level: 100%)
file179.13.3.202	Remcos botnet C2 server (confidence level: 100%)
file94.156.105.136	AsyncRAT botnet C2 server (confidence level: 100%)
file94.156.105.138	AsyncRAT botnet C2 server (confidence level: 100%)
file139.59.34.92	Unknown malware botnet C2 server (confidence level: 100%)
file91.132.51.35	Hook botnet C2 server (confidence level: 100%)
file111.227.97.43	Quasar RAT botnet C2 server (confidence level: 100%)
file18.171.153.42	MooBot botnet C2 server (confidence level: 100%)
file93.88.203.80	Latrodectus botnet C2 server (confidence level: 75%)
file54.156.194.68	Cobalt Strike botnet C2 server (confidence level: 75%)
file78.41.139.3	SystemBC botnet C2 server (confidence level: 60%)
file44.206.88.121	Sliver botnet C2 server (confidence level: 100%)
file42.231.168.199	Unknown malware botnet C2 server (confidence level: 100%)
file144.172.92.114	AsyncRAT botnet C2 server (confidence level: 100%)
file191.96.207.70	AsyncRAT botnet C2 server (confidence level: 100%)
file191.96.207.70	AsyncRAT botnet C2 server (confidence level: 100%)
file94.156.105.136	AsyncRAT botnet C2 server (confidence level: 100%)
file185.42.12.85	SectopRAT botnet C2 server (confidence level: 100%)
file44.244.111.179	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file8.134.108.73	Unknown malware botnet C2 server (confidence level: 100%)
file67.202.29.80	Unknown malware botnet C2 server (confidence level: 100%)
file168.119.57.134	Unknown malware botnet C2 server (confidence level: 100%)
file13.60.58.82	Unknown malware botnet C2 server (confidence level: 100%)
file35.206.155.207	Unknown malware botnet C2 server (confidence level: 100%)
file3.228.159.27	Unknown malware botnet C2 server (confidence level: 100%)
file34.1.162.42	Unknown malware botnet C2 server (confidence level: 100%)
file46.101.162.88	Unknown malware botnet C2 server (confidence level: 100%)
file13.201.101.72	Unknown malware botnet C2 server (confidence level: 100%)
file195.58.36.137	Unknown malware botnet C2 server (confidence level: 100%)
file105.156.110.103	QakBot botnet C2 server (confidence level: 100%)
file198.46.178.132	Remcos botnet C2 server (confidence level: 75%)
file124.170.69.79	Quasar RAT botnet C2 server (confidence level: 100%)
file87.228.57.81	Quasar RAT botnet C2 server (confidence level: 100%)
file109.248.151.166	Quasar RAT botnet C2 server (confidence level: 100%)
file100.120.140.9	Quasar RAT botnet C2 server (confidence level: 100%)
file112.134.23.228	Quasar RAT botnet C2 server (confidence level: 100%)
file125.25.56.200	Quasar RAT botnet C2 server (confidence level: 100%)
file62.60.190.141	AsyncRAT botnet C2 server (confidence level: 100%)
file62.60.190.141	AsyncRAT botnet C2 server (confidence level: 100%)
file85.31.47.31	AsyncRAT botnet C2 server (confidence level: 100%)
file105.100.250.154	AsyncRAT botnet C2 server (confidence level: 100%)
file147.185.221.25	AsyncRAT botnet C2 server (confidence level: 100%)
file62.60.190.196	AsyncRAT botnet C2 server (confidence level: 100%)
file105.101.179.171	AsyncRAT botnet C2 server (confidence level: 100%)
file147.185.221.25	AsyncRAT botnet C2 server (confidence level: 100%)
file94.156.166.213	AsyncRAT botnet C2 server (confidence level: 100%)
file62.60.190.196	AsyncRAT botnet C2 server (confidence level: 100%)
file196.119.218.2	XWorm botnet C2 server (confidence level: 100%)
file185.241.208.111	XWorm botnet C2 server (confidence level: 100%)
file147.185.221.24	XWorm botnet C2 server (confidence level: 100%)
file94.156.166.213	XWorm botnet C2 server (confidence level: 100%)
file3.140.253.241	XWorm botnet C2 server (confidence level: 100%)
file45.94.31.236	XWorm botnet C2 server (confidence level: 100%)
file185.7.214.54	XWorm botnet C2 server (confidence level: 100%)
file62.60.190.196	XWorm botnet C2 server (confidence level: 100%)
file87.120.115.209	XWorm botnet C2 server (confidence level: 100%)
file193.161.193.99	XWorm botnet C2 server (confidence level: 100%)
file91.84.104.75	Cobalt Strike botnet C2 server (confidence level: 100%)
file107.174.65.146	Remcos botnet C2 server (confidence level: 100%)
file195.177.94.177	Remcos botnet C2 server (confidence level: 100%)
file154.12.253.45	AsyncRAT botnet C2 server (confidence level: 100%)
file174.138.16.40	Unknown malware botnet C2 server (confidence level: 100%)
file82.165.150.130	Unknown malware botnet C2 server (confidence level: 100%)
file188.248.160.177	Quasar RAT botnet C2 server (confidence level: 100%)
file188.248.160.177	Quasar RAT botnet C2 server (confidence level: 100%)
file188.248.160.177	Quasar RAT botnet C2 server (confidence level: 100%)
file188.248.160.177	Quasar RAT botnet C2 server (confidence level: 100%)
file13.60.93.51	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file54.70.120.69	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file23.227.198.237	BianLian botnet C2 server (confidence level: 100%)
file5.255.106.12	BianLian botnet C2 server (confidence level: 100%)
file13.125.52.28	NetSupportManager RAT botnet C2 server (confidence level: 75%)
file146.70.87.141	Eye Pyramid botnet C2 server (confidence level: 75%)
file193.203.49.90	RansomHub botnet C2 server (confidence level: 75%)
file195.208.25.141	Eye Pyramid botnet C2 server (confidence level: 75%)
file94.154.35.99	DanaBot botnet C2 server (confidence level: 75%)
file124.222.48.227	Cobalt Strike botnet C2 server (confidence level: 50%)
file111.173.82.176	Cobalt Strike botnet C2 server (confidence level: 50%)
file124.223.33.83	Cobalt Strike botnet C2 server (confidence level: 50%)
file170.130.165.157	Cobalt Strike botnet C2 server (confidence level: 50%)
file170.130.165.157	Cobalt Strike botnet C2 server (confidence level: 50%)
file35.89.241.123	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file192.129.178.62	DCRat botnet C2 server (confidence level: 50%)
file101.43.166.60	Cobalt Strike botnet C2 server (confidence level: 100%)
file185.232.205.36	FAKEUPDATES payload delivery server (confidence level: 100%)
file77.239.102.124	Cobalt Strike botnet C2 server (confidence level: 100%)
file80.66.76.39	Cobalt Strike botnet C2 server (confidence level: 100%)
file213.252.247.119	Remcos botnet C2 server (confidence level: 100%)
file128.90.128.199	AsyncRAT botnet C2 server (confidence level: 100%)
file31.57.166.52	AsyncRAT botnet C2 server (confidence level: 100%)
file194.164.194.149	Unknown malware botnet C2 server (confidence level: 100%)
file3.141.7.174	Havoc botnet C2 server (confidence level: 100%)
file91.132.51.35	ERMAC botnet C2 server (confidence level: 100%)
file85.235.151.5	BianLian botnet C2 server (confidence level: 100%)
file162.252.173.12	RansomHub botnet C2 server (confidence level: 100%)
file91.229.239.19	Sliver botnet C2 server (confidence level: 50%)
file159.223.207.140	Sliver botnet C2 server (confidence level: 50%)
file143.198.158.86	Sliver botnet C2 server (confidence level: 50%)
file120.79.150.243	Cobalt Strike botnet C2 server (confidence level: 75%)
file120.79.150.243	Cobalt Strike botnet C2 server (confidence level: 75%)
file52.54.142.255	Cobalt Strike botnet C2 server (confidence level: 75%)
file162.252.173.12	RansomHub botnet C2 server (confidence level: 75%)
file31.57.166.52	AsyncRAT botnet C2 server (confidence level: 75%)
file46.246.84.10	DCRat botnet C2 server (confidence level: 75%)
file89.148.137.44	QakBot botnet C2 server (confidence level: 75%)
file192.129.178.60	DCRat botnet C2 server (confidence level: 50%)
file192.129.178.61	DCRat botnet C2 server (confidence level: 50%)
file94.156.105.138	AsyncRAT botnet C2 server (confidence level: 50%)
file80.92.206.190	Nanocore RAT botnet C2 server (confidence level: 50%)
file34.248.255.15	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file3.142.177.119	Cobalt Strike botnet C2 server (confidence level: 50%)
file217.8.117.165	BitRAT botnet C2 server (confidence level: 100%)
file185.7.214.250	Remcos botnet C2 server (confidence level: 100%)
file185.62.190.121	Ave Maria botnet C2 server (confidence level: 100%)
file47.79.90.233	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.141.76.97	Cobalt Strike botnet C2 server (confidence level: 100%)
file185.196.10.96	Remcos botnet C2 server (confidence level: 100%)
file51.159.167.68	Sliver botnet C2 server (confidence level: 100%)
file85.239.232.226	AsyncRAT botnet C2 server (confidence level: 100%)
file158.220.83.114	AsyncRAT botnet C2 server (confidence level: 100%)
file81.226.66.92	Quasar RAT botnet C2 server (confidence level: 100%)
file219.143.134.20	Havoc botnet C2 server (confidence level: 100%)
file123.136.93.211	Cobalt Strike botnet C2 server (confidence level: 50%)
file37.221.67.141	Cobalt Strike botnet C2 server (confidence level: 100%)
file193.134.210.161	Cobalt Strike botnet C2 server (confidence level: 100%)
file140.228.29.53	Remcos botnet C2 server (confidence level: 100%)
file94.156.105.136	AsyncRAT botnet C2 server (confidence level: 100%)
file176.65.144.125	AsyncRAT botnet C2 server (confidence level: 100%)
file38.255.37.248	AsyncRAT botnet C2 server (confidence level: 100%)
file38.255.37.248	AsyncRAT botnet C2 server (confidence level: 100%)
file37.27.248.226	Hook botnet C2 server (confidence level: 100%)
file92.255.85.21	Hook botnet C2 server (confidence level: 100%)
file104.168.12.21	Havoc botnet C2 server (confidence level: 100%)
file178.250.188.81	Venom RAT botnet C2 server (confidence level: 100%)
file18.193.6.217	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file5.181.158.24	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file185.87.150.205	Cobalt Strike botnet C2 server (confidence level: 75%)
file91.92.120.132	BeaverTail botnet C2 server (confidence level: 50%)
file70.184.193.3	Xtreme RAT botnet C2 server (confidence level: 50%)
file143.198.95.22	Sliver botnet C2 server (confidence level: 50%)
file144.34.161.75	Cobalt Strike botnet C2 server (confidence level: 75%)
file170.130.165.157	Cobalt Strike botnet C2 server (confidence level: 75%)
file185.87.150.205	Cobalt Strike botnet C2 server (confidence level: 75%)

Hash

Value	Description	Copy
hash43957	MooBot botnet C2 server (confidence level: 75%)
hash2596	NjRAT botnet C2 server (confidence level: 75%)
hash8181	Unknown malware botnet C2 server (confidence level: 100%)
hash8085	Remcos botnet C2 server (confidence level: 100%)
hash2222	AsyncRAT botnet C2 server (confidence level: 100%)
hash2222	AsyncRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Hook botnet C2 server (confidence level: 100%)
hash14782	Quasar RAT botnet C2 server (confidence level: 100%)
hash80	MooBot botnet C2 server (confidence level: 100%)
hash443	Latrodectus botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	SystemBC botnet C2 server (confidence level: 60%)
hash8443	Sliver botnet C2 server (confidence level: 100%)
hash5873	Unknown malware botnet C2 server (confidence level: 100%)
hash3000	AsyncRAT botnet C2 server (confidence level: 100%)
hash6606	AsyncRAT botnet C2 server (confidence level: 100%)
hash7707	AsyncRAT botnet C2 server (confidence level: 100%)
hash7777	AsyncRAT botnet C2 server (confidence level: 100%)
hash15647	SectopRAT botnet C2 server (confidence level: 100%)
hash16189	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash60000	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash13373	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash8443	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash995	QakBot botnet C2 server (confidence level: 100%)
hash8690	Remcos botnet C2 server (confidence level: 75%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash61537	Quasar RAT botnet C2 server (confidence level: 100%)
hash4444	Quasar RAT botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash4056	AsyncRAT botnet C2 server (confidence level: 100%)
hash3232	AsyncRAT botnet C2 server (confidence level: 100%)
hash1860	AsyncRAT botnet C2 server (confidence level: 100%)
hash39687	AsyncRAT botnet C2 server (confidence level: 100%)
hash40021	AsyncRAT botnet C2 server (confidence level: 100%)
hash3232	AsyncRAT botnet C2 server (confidence level: 100%)
hash38672	AsyncRAT botnet C2 server (confidence level: 100%)
hash36411	AsyncRAT botnet C2 server (confidence level: 100%)
hash1700	AsyncRAT botnet C2 server (confidence level: 100%)
hash4449	AsyncRAT botnet C2 server (confidence level: 100%)
hash6070	XWorm botnet C2 server (confidence level: 100%)
hash7050	XWorm botnet C2 server (confidence level: 100%)
hash18557	XWorm botnet C2 server (confidence level: 100%)
hash1300	XWorm botnet C2 server (confidence level: 100%)
hash443	XWorm botnet C2 server (confidence level: 100%)
hash60000	XWorm botnet C2 server (confidence level: 100%)
hash4411	XWorm botnet C2 server (confidence level: 100%)
hash8000	XWorm botnet C2 server (confidence level: 100%)
hash5000	XWorm botnet C2 server (confidence level: 100%)
hash32899	XWorm botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash1194	Remcos botnet C2 server (confidence level: 100%)
hash443	Remcos botnet C2 server (confidence level: 100%)
hash6606	AsyncRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash2404	Quasar RAT botnet C2 server (confidence level: 100%)
hash7000	Quasar RAT botnet C2 server (confidence level: 100%)
hash37215	Quasar RAT botnet C2 server (confidence level: 100%)
hash47428	Quasar RAT botnet C2 server (confidence level: 100%)
hash9876	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash38035	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash13937	BianLian botnet C2 server (confidence level: 100%)
hash80	BianLian botnet C2 server (confidence level: 100%)
hash4730	NetSupportManager RAT botnet C2 server (confidence level: 75%)
hash8888	Eye Pyramid botnet C2 server (confidence level: 75%)
hash443	RansomHub botnet C2 server (confidence level: 75%)
hash8888	Eye Pyramid botnet C2 server (confidence level: 75%)
hash443	DanaBot botnet C2 server (confidence level: 75%)
hash1111	Cobalt Strike botnet C2 server (confidence level: 50%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash4433	Cobalt Strike botnet C2 server (confidence level: 50%)
hash80	Cobalt Strike botnet C2 server (confidence level: 50%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 50%)
hash9084	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash9002	DCRat botnet C2 server (confidence level: 50%)
hash5555	Cobalt Strike botnet C2 server (confidence level: 100%)
hash362af8118f437f9139556c59437544ae1489376dc4118027c24c8d5ce4d84e48	Unknown Stealer payload (confidence level: 50%)
hash330dffe834ebbe4042747bbe00b4575629ba8f2507bccf746763cacf63d655bb	Unknown Stealer payload (confidence level: 50%)
hash33cba89eeeaf139a798b7fa07ff6919dd0c4c6cf4106b659e4e56f15b5809287	Unknown Stealer payload (confidence level: 50%)
hash552d53f473096c55a3937c8512a06863133a97c3478ad6b1535e1976d1e0d45f	Unknown Stealer payload (confidence level: 50%)
hash64209e2348e6d503ee518459d0487d636639fa5e5298d28093a5ad41390ef6b0	Unknown Stealer payload (confidence level: 50%)
hash67f371a683b2be4c8002f89492cd29d96dceabdbfd36641a27be761ee64605b1	Unknown Stealer payload (confidence level: 50%)
hash73ad6be67691b65cee251d098f2541eef3cab2853ad509dac72d8eff5bd85bc0	Unknown Stealer payload (confidence level: 50%)
hash7cbfbce482071c6df823f09d83c6868d0b1208e8ceb70147b64c52bb8b48bdb8	Unknown Stealer payload (confidence level: 50%)
hash839de445f714a32f36670b590eba7fc68b1115b885ac8d689d7b344189521012	Unknown Stealer payload (confidence level: 50%)
hashbea4f753707eba4088e8a51818d9de8e9ad0138495338402f05c5c7a800695a6	Unknown Stealer payload (confidence level: 50%)
hashf3c37b1de5983b30b9ae70c525f97727a56d3874533db1a6e3dc1355bfbf37ec	Unknown Stealer payload (confidence level: 50%)
hashfd0ef425d34b56d0bc08bd93e6ecb11541bd834b9d4d417187373b17055c862e	Unknown Stealer payload (confidence level: 50%)
hash443	FAKEUPDATES payload delivery server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash1111	Remcos botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash7707	AsyncRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash5000	Havoc botnet C2 server (confidence level: 100%)
hash8082	ERMAC botnet C2 server (confidence level: 100%)
hash8080	BianLian botnet C2 server (confidence level: 100%)
hash8000	RansomHub botnet C2 server (confidence level: 100%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash2086	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	RansomHub botnet C2 server (confidence level: 75%)
hash6606	AsyncRAT botnet C2 server (confidence level: 75%)
hash3000	DCRat botnet C2 server (confidence level: 75%)
hash2222	QakBot botnet C2 server (confidence level: 75%)
hash9002	DCRat botnet C2 server (confidence level: 50%)
hash9002	DCRat botnet C2 server (confidence level: 50%)
hash444	AsyncRAT botnet C2 server (confidence level: 50%)
hash443	Nanocore RAT botnet C2 server (confidence level: 50%)
hash6653	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash8080	BitRAT botnet C2 server (confidence level: 100%)
hash2426	Remcos botnet C2 server (confidence level: 100%)
hash5205	Ave Maria botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8085	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash443	Sliver botnet C2 server (confidence level: 100%)
hash6666	AsyncRAT botnet C2 server (confidence level: 100%)
hash1001	AsyncRAT botnet C2 server (confidence level: 100%)
hash25565	Quasar RAT botnet C2 server (confidence level: 100%)
hash8010	Havoc botnet C2 server (confidence level: 100%)
hash8036	Cobalt Strike botnet C2 server (confidence level: 50%)
hash3000	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash4444	AsyncRAT botnet C2 server (confidence level: 100%)
hash1504	AsyncRAT botnet C2 server (confidence level: 100%)
hash8245	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash80	Hook botnet C2 server (confidence level: 100%)
hash45051	Hook botnet C2 server (confidence level: 100%)
hash40056	Havoc botnet C2 server (confidence level: 100%)
hash8888	Venom RAT botnet C2 server (confidence level: 100%)
hash4433	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash597b84ba23e16b24ec17288981bbf65c84b6ba3bb07df6620378a1907692fb86	Mirai payload (confidence level: 50%)
hash6a070dc9614dbb9a76092258fdc8bd758f69126c73787dc7d2af9aebd436e7ec	Mirai payload (confidence level: 50%)
hashb41e29e745b69f3e8c11d105e7e050fd9e08ff1e22efd97fd4c239a9095d708b	Mirai payload (confidence level: 50%)
hashb5d1cf8b222162567f46281e792145774689c205701a02f3723cf6fb13a429de	Mirai payload (confidence level: 50%)
hash1e74bcd24e30947bd14cef6731ca63f69df060ba3dcac88b2321171335a6e8ef	Mirai payload (confidence level: 50%)
hashe06c3f5c32aaa422e66056290eb566065afe2ce611fe019f3ba804af939ac1a3	Mirai payload (confidence level: 50%)
hash80	BeaverTail botnet C2 server (confidence level: 50%)
hash3306	Xtreme RAT botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)

Threat ID: 68367c9a182aa0cae23257b7

Added to database: 5/28/2025, 3:01:46 AM

Last enriched: 6/27/2025, 10:21:11 AM

Last updated: 8/14/2025, 3:54:04 PM

Related Threats

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2025-01-31

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2025-01-31

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Url

Domain

File

Hash

Related Threats

ThreatFox IOCs for 2025-08-18

Fake ChatGPT Desktop App Delivering PipeMagic Backdoor, Microsoft

Phishing Scam with Fake Copyright Notices Drops New Noodlophile Stealer Variant

ThreatFox IOCs for 2025-08-17

ThreatFox IOCs for 2025-08-16

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility