ThreatFox IOCs for 2025-02-02
Severity: mediumType: malware
ThreatFox IOCs for 2025-02-02
AI Analysis
Technical Summary
The provided information pertains to a set of Indicators of Compromise (IOCs) published on February 2, 2025, sourced from the ThreatFox MISP feed. These IOCs are categorized under 'malware' with a focus on OSINT (Open Source Intelligence), payload delivery, and network activity. However, the data lacks specific details about the malware family, attack vectors, affected software versions, or exploitation techniques. The threat level is indicated as medium with a threatLevel score of 2 (on an unspecified scale), analysis score of 1, and distribution score of 3, suggesting moderate dissemination but limited detailed analysis or confirmed impact. No known exploits in the wild or patches are available, and no Common Weakness Enumerations (CWEs) are associated. The absence of indicators and technical specifics limits the ability to perform a deep technical dissection. Essentially, this entry appears to be a general OSINT-based alert highlighting potential malware-related network activity and payload delivery mechanisms, but without concrete actionable intelligence or confirmed active exploitation. The 'tlp:white' tag indicates the information is publicly shareable without restrictions. Overall, this represents a medium-level alert about emerging or observed malware-related activity, primarily serving as a situational awareness update rather than a detailed threat report.
Potential Impact
For European organizations, the impact of this threat is currently limited due to the lack of detailed exploitation information, absence of known active exploits, and no patch availability. The medium severity suggests potential risks if the malware payloads or network activities become more widespread or targeted. Potential impacts could include unauthorized network access, data exfiltration, or service disruption if payload delivery mechanisms are successful. However, without specific affected products or vulnerabilities, the threat remains generic. European entities with extensive network exposure or those relying on OSINT feeds for threat intelligence might benefit from monitoring these IOCs to preemptively detect suspicious activity. The lack of detailed indicators reduces immediate operational impact but underscores the need for vigilance in network monitoring and incident response readiness.
Mitigation Recommendations
Given the limited technical details, mitigation should focus on enhancing network security posture and threat detection capabilities. Organizations should: 1) Continuously update and tune intrusion detection/prevention systems (IDS/IPS) and endpoint detection and response (EDR) tools to recognize emerging malware behaviors and network anomalies. 2) Integrate ThreatFox and other OSINT feeds into Security Information and Event Management (SIEM) platforms to correlate and analyze potential indicators proactively. 3) Conduct regular network traffic analysis to identify unusual payload delivery attempts or suspicious network activity. 4) Maintain robust segmentation and least privilege principles to limit malware propagation if an infection occurs. 5) Educate security teams to interpret and act on OSINT-derived alerts, even when detailed exploit information is unavailable. 6) Prepare incident response plans that can adapt to emerging threats with limited initial data. These steps go beyond generic advice by emphasizing proactive OSINT integration and adaptive detection strategies.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
Indicators of Compromise
- domain: solve.kxlv.org
- file: 3.71.225.231
- hash: 16168
- url: https://goldenbirdzone.xyz/mzzkntlintu4ndhl/
- file: 166.108.238.159
- hash: 443
- file: 83.115.186.91
- hash: 2222
- file: 163.5.112.59
- hash: 2404
- domain: goody.work.gd
- file: 123.11.142.103
- hash: 5873
- file: 135.148.89.85
- hash: 7077
- domain: hedra.app-tools.info
- file: 102.117.172.239
- hash: 7443
- file: 111.196.132.41
- hash: 8443
- file: 185.224.0.242
- hash: 80
- domain: ulgroup.miicrosofts.org
- domain: wcpstatic.miicrosofts.org
- file: 151.236.16.144
- hash: 64250
- url: http://110.183.25.12:53456/mozi.m
- file: 27.25.158.108
- hash: 6666
- url: https://solve.kxlv.org/awjsx.captcha
- file: 94.159.113.84
- hash: 443
- url: http://tsukanjz.beget.tech/0cd9aef8.php
- file: 5.199.166.188
- hash: 443
- file: 51.210.97.109
- hash: 443
- file: 206.81.6.248
- hash: 4444
- file: 45.143.235.118
- hash: 10999
- file: 54.153.18.222
- hash: 8808
- file: 163.5.169.43
- hash: 888
- file: 163.5.169.43
- hash: 2222
- file: 185.42.12.247
- hash: 15747
- file: 160.238.36.36
- hash: 443
- file: 192.248.158.190
- hash: 7443
- domain: ec2-18-170-59-177.eu-west-2.compute.amazonaws.com
- file: 157.230.233.220
- hash: 55650
- file: 161.35.165.208
- hash: 3333
- file: 3.69.0.183
- hash: 443
- file: 195.201.102.31
- hash: 3333
- file: 20.248.157.71
- hash: 3333
- file: 159.89.231.115
- hash: 3333
- file: 161.35.139.18
- hash: 443
- file: 78.46.181.175
- hash: 443
- file: 194.163.144.198
- hash: 8080
- file: 35.152.60.157
- hash: 443
- file: 3.79.233.6
- hash: 80
- file: 13.213.28.222
- hash: 3333
- file: 3.137.175.225
- hash: 3333
- file: 67.169.147.121
- hash: 23
- domain: mm.underarmpresumingsubscript.shop
- file: 37.97.133.8
- hash: 3333
- file: 150.158.33.10
- hash: 50003
- file: 91.231.186.41
- hash: 31337
- file: 82.115.223.50
- hash: 31337
- file: 202.173.160.66
- hash: 31337
- file: 87.120.114.165
- hash: 1337
- file: 63.33.57.73
- hash: 113
- file: 38.180.61.247
- hash: 30001
- file: 195.2.70.38
- hash: 30001
- file: 91.142.74.28
- hash: 30001
- file: 46.8.232.106
- hash: 30001
- file: 195.200.31.22
- hash: 25016
- file: 46.8.236.61
- hash: 30001
- file: 77.238.224.56
- hash: 30001
- file: 77.238.245.11
- hash: 30001
- file: 77.238.245.233
- hash: 30001
- file: 91.212.166.91
- hash: 30001
- url: http://185.215.113.115/c4becf79229cb002.php
- url: http://223.11.60.184:35597/mozi.m
- url: https://pastebin.com/raw/z20rzvuq
- file: 104.238.190.12
- hash: 6000
- domain: table-hon.gl.at.ply.gg
- domain: solve.vsdd.org
- file: 51.38.119.240
- hash: 8808
- file: 94.156.105.136
- hash: 5555
- file: 139.59.34.92
- hash: 443
- file: 176.65.144.250
- hash: 8082
- file: 20.26.234.252
- hash: 443
- file: 83.136.249.203
- hash: 8080
- file: 54.238.247.179
- hash: 8088
- file: 106.14.151.205
- hash: 80
- file: 176.65.134.36
- hash: 8000
- file: 195.20.18.146
- hash: 8080
- file: 89.23.97.211
- hash: 4022
- file: 45.10.83.157
- hash: 8000
- file: 45.10.81.188
- hash: 8000
- file: 45.10.81.111
- hash: 8000
- file: 3.64.4.198
- hash: 15938
- url: https://securesways.click/api
- file: 71.12.4.174
- hash: 443
- file: 147.45.255.116
- hash: 8444
- url: http://activequestion.ru/externallongpollflowerwpdlelocalprivatecentral.php
- url: http://a1077057.xsph.ru/ac5e408b.php
- domain: solve.rlvw.org
- file: 82.147.84.189
- hash: 8080
- file: 117.50.178.197
- hash: 57982
- file: 107.151.251.169
- hash: 2086
- file: 163.5.169.248
- hash: 2404
- file: 5.199.166.10
- hash: 443
- file: 62.146.226.225
- hash: 6606
- file: 163.5.169.43
- hash: 222
- file: 130.195.222.141
- hash: 4444
- file: 158.220.83.114
- hash: 1002
- file: 84.154.190.183
- hash: 81
- file: 54.67.80.225
- hash: 15664
- domain: service-rchqbzvz-1301033415.sh.tencentapigw.com
- file: 124.156.152.46
- hash: 80
- file: 150.158.33.10
- hash: 80
- domain: babamirai31.duckdns.org
- url: https://pastebin.com/raw/7fjrtf2f
- domain: bin-mud.gl.at.ply.gg
- domain: late-outdoors.gl.at.ply.gg
- file: 147.185.221.25
- hash: 27113
- file: 102.156.4.62
- hash: 1177
- domain: postpix.shop
- url: https://genericfixer.com/sysfixsync/kernel-patches/january-2025/fixomatic.php
- file: 49.4.9.38
- hash: 2000
- file: 5.205.191.98
- hash: 6001
- file: 47.238.105.182
- hash: 31337
- file: 148.66.22.194
- hash: 443
- file: 62.60.226.42
- hash: 43155
- file: 23.148.144.62
- hash: 2025
- file: 129.153.159.161
- hash: 47963
- file: 198.167.210.62
- hash: 8808
- file: 80.64.30.2
- hash: 15747
- file: 45.33.110.200
- hash: 7443
- file: 159.89.173.66
- hash: 7443
- domain: usaa.miicrosofts.org
- domain: yunger.ddns.cam
- domain: uthinker.ddns.cam
- domain: bctabsogebtmoutsgs.duckdns.org
- domain: deabcbecaconmougot.duckdns.org
- domain: trumpsha.mypi.co
- domain: cveight8ht.top
- domain: tzsixt16sb.top
- domain: tzthirt13sb.top
- domain: chwerfw63932.macan.chost.com.ua
- domain: dcrat1337.atwebpages.com
- domain: subduedkinlkly.shop
- domain: securesways.click
- domain: humdrumviosl.click
- domain: wanyajarysu.click
- domain: answerzeypher.biz
- domain: aromaticridz.biz
- domain: drinkeracte.biz
- domain: overttriter.biz
- domain: operregula.biz
- domain: mannyrahse.biz
- domain: maintainhaat.biz
- domain: homellygage.biz
- domain: hatesomeber.biz
- domain: versesoffe.biz
- domain: thangolekke.biz
- domain: springobtainn.biz
- domain: slimdresser.biz
- domain: shakeiarrep.biz
- domain: railwaiberred.biz
- domain: peacesallyek.biz
- domain: zoomsedat.biz
- domain: xenoporren.biz
- domain: worshipstrar.biz
- domain: weartemptr.biz
- domain: runnedarred.com
- url: https://subduedkinlkly.shop/api
- url: https://runnedarred.com/api
- url: https://drinkeracte.biz/api
- url: https://aromaticridz.biz/api
- url: https://answerzeypher.biz/api
- url: https://wanyajarysu.click/api
- url: https://humdrumviosl.click/api
- domain: solve.nrxk.org
- domain: loud-states-matter.loca.lt
- domain: are-though.gl.at.ply.gg
- domain: memesense.xyz
- url: https://mac-only.team/smp/getfile.php
- domain: mac-only.team
- domain: rivalillicitlytransfer.shop
- url: https://rivalillicitlytransfer.shop/up
- url: https://rivalillicitlytransfer.shop/up/b
- url: https://rivalillicitlytransfer.shop/ujs/
- file: 5.104.208.253
- hash: 3000
- file: 84.32.23.56
- hash: 443
- file: 84.32.23.8
- hash: 443
- file: 49.113.76.82
- hash: 8888
- file: 181.161.12.137
- hash: 8080
- file: 45.151.153.17
- hash: 8888
- file: 94.156.177.244
- hash: 4449
- file: 13.245.230.214
- hash: 9201
- domain: secure.miicrosofts.org
- file: 142.247.196.137
- hash: 443
- file: 188.54.79.3
- hash: 443
- file: 5.202.11.34
- hash: 888
- file: 67.71.45.148
- hash: 2222
- file: 8.218.34.120
- hash: 2783
- domain: parcelinn.com
- file: 61.3.106.59
- hash: 51106
- file: 144.91.79.54
- hash: 54984
- file: 161.35.40.73
- hash: 31337
- file: 194.87.226.134
- hash: 1337
- file: 194.87.226.75
- hash: 1337
- file: 194.87.226.220
- hash: 1337
- file: 109.196.100.211
- hash: 1337
- domain: p1.hamsterservers.boats
- domain: pool-1.hamsterservers.boats
- file: 195.19.93.122
- hash: 1337
- file: 89.23.106.222
- hash: 1337
ThreatFox IOCs for 2025-02-02
Medium
Published: Sun Feb 02 2025 (02/02/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-02-02
AI-Powered Analysis
AILast updated: 06/27/2025, 10:35:29 UTC
Technical Analysis
The provided information pertains to a set of Indicators of Compromise (IOCs) published on February 2, 2025, sourced from the ThreatFox MISP feed. These IOCs are categorized under 'malware' with a focus on OSINT (Open Source Intelligence), payload delivery, and network activity. However, the data lacks specific details about the malware family, attack vectors, affected software versions, or exploitation techniques. The threat level is indicated as medium with a threatLevel score of 2 (on an unspecified scale), analysis score of 1, and distribution score of 3, suggesting moderate dissemination but limited detailed analysis or confirmed impact. No known exploits in the wild or patches are available, and no Common Weakness Enumerations (CWEs) are associated. The absence of indicators and technical specifics limits the ability to perform a deep technical dissection. Essentially, this entry appears to be a general OSINT-based alert highlighting potential malware-related network activity and payload delivery mechanisms, but without concrete actionable intelligence or confirmed active exploitation. The 'tlp:white' tag indicates the information is publicly shareable without restrictions. Overall, this represents a medium-level alert about emerging or observed malware-related activity, primarily serving as a situational awareness update rather than a detailed threat report.
Potential Impact
For European organizations, the impact of this threat is currently limited due to the lack of detailed exploitation information, absence of known active exploits, and no patch availability. The medium severity suggests potential risks if the malware payloads or network activities become more widespread or targeted. Potential impacts could include unauthorized network access, data exfiltration, or service disruption if payload delivery mechanisms are successful. However, without specific affected products or vulnerabilities, the threat remains generic. European entities with extensive network exposure or those relying on OSINT feeds for threat intelligence might benefit from monitoring these IOCs to preemptively detect suspicious activity. The lack of detailed indicators reduces immediate operational impact but underscores the need for vigilance in network monitoring and incident response readiness.
Mitigation Recommendations
Given the limited technical details, mitigation should focus on enhancing network security posture and threat detection capabilities. Organizations should: 1) Continuously update and tune intrusion detection/prevention systems (IDS/IPS) and endpoint detection and response (EDR) tools to recognize emerging malware behaviors and network anomalies. 2) Integrate ThreatFox and other OSINT feeds into Security Information and Event Management (SIEM) platforms to correlate and analyze potential indicators proactively. 3) Conduct regular network traffic analysis to identify unusual payload delivery attempts or suspicious network activity. 4) Maintain robust segmentation and least privilege principles to limit malware propagation if an infection occurs. 5) Educate security teams to interpret and act on OSINT-derived alerts, even when detailed exploit information is unavailable. 6) Prepare incident response plans that can adapt to emerging threats with limited initial data. These steps go beyond generic advice by emphasizing proactive OSINT integration and adaptive detection strategies.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- e98173bc-7f45-488c-a450-d6e51aeacc47
- Original Timestamp
- 1738540987
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainsolve.kxlv.org | ClearFake payload delivery domain (confidence level: 100%) | |
domaingoody.work.gd | Remcos botnet C2 domain (confidence level: 100%) | |
domainhedra.app-tools.info | Poseidon Stealer botnet C2 domain (confidence level: 100%) | |
domainulgroup.miicrosofts.org | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainwcpstatic.miicrosofts.org | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainec2-18-170-59-177.eu-west-2.compute.amazonaws.com | ERMAC botnet C2 domain (confidence level: 100%) | |
domainmm.underarmpresumingsubscript.shop | ACR Stealer botnet C2 domain (confidence level: 100%) | |
domaintable-hon.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainsolve.vsdd.org | ClearFake payload delivery domain (confidence level: 100%) | |
domainsolve.rlvw.org | ClearFake payload delivery domain (confidence level: 100%) | |
domainservice-rchqbzvz-1301033415.sh.tencentapigw.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainbabamirai31.duckdns.org | Mirai botnet C2 domain (confidence level: 50%) | |
domainbin-mud.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainlate-outdoors.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainpostpix.shop | NjRAT botnet C2 domain (confidence level: 75%) | |
domainusaa.miicrosofts.org | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainyunger.ddns.cam | Mirai botnet C2 domain (confidence level: 100%) | |
domainuthinker.ddns.cam | Mirai botnet C2 domain (confidence level: 100%) | |
domainbctabsogebtmoutsgs.duckdns.org | Mirai botnet C2 domain (confidence level: 100%) | |
domaindeabcbecaconmougot.duckdns.org | Mirai botnet C2 domain (confidence level: 100%) | |
domaintrumpsha.mypi.co | Mirai botnet C2 domain (confidence level: 100%) | |
domaincveight8ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintzsixt16sb.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintzthirt13sb.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainchwerfw63932.macan.chost.com.ua | DCRat botnet C2 domain (confidence level: 100%) | |
domaindcrat1337.atwebpages.com | DCRat botnet C2 domain (confidence level: 100%) | |
domainsubduedkinlkly.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsecuresways.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhumdrumviosl.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwanyajarysu.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainanswerzeypher.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainaromaticridz.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindrinkeracte.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainoverttriter.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainoperregula.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmannyrahse.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmaintainhaat.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhomellygage.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhatesomeber.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainversesoffe.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainthangolekke.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainspringobtainn.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainslimdresser.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainshakeiarrep.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainrailwaiberred.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpeacesallyek.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainzoomsedat.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainxenoporren.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainworshipstrar.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainweartemptr.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainrunnedarred.com | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsolve.nrxk.org | ClearFake payload delivery domain (confidence level: 100%) | |
domainloud-states-matter.loca.lt | XWorm botnet C2 domain (confidence level: 50%) | |
domainare-though.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainmemesense.xyz | XWorm botnet C2 domain (confidence level: 50%) | |
domainmac-only.team | AMOS botnet C2 domain (confidence level: 100%) | |
domainrivalillicitlytransfer.shop | ACR Stealer botnet C2 domain (confidence level: 100%) | |
domainsecure.miicrosofts.org | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainparcelinn.com | Azorult botnet C2 domain (confidence level: 50%) | |
domainp1.hamsterservers.boats | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainpool-1.hamsterservers.boats | Unknown malware botnet C2 domain (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file3.71.225.231 | NjRAT botnet C2 server (confidence level: 75%) | |
file166.108.238.159 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file83.115.186.91 | DarkComet botnet C2 server (confidence level: 100%) | |
file163.5.112.59 | Remcos botnet C2 server (confidence level: 100%) | |
file123.11.142.103 | Unknown malware botnet C2 server (confidence level: 100%) | |
file135.148.89.85 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file102.117.172.239 | Unknown malware botnet C2 server (confidence level: 100%) | |
file111.196.132.41 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
file185.224.0.242 | MooBot botnet C2 server (confidence level: 100%) | |
file151.236.16.144 | BianLian botnet C2 server (confidence level: 100%) | |
file27.25.158.108 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file94.159.113.84 | Matanbuchus botnet C2 server (confidence level: 60%) | |
file5.199.166.188 | pupy botnet C2 server (confidence level: 100%) | |
file51.210.97.109 | Sliver botnet C2 server (confidence level: 100%) | |
file206.81.6.248 | Sliver botnet C2 server (confidence level: 100%) | |
file45.143.235.118 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.153.18.222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file163.5.169.43 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file163.5.169.43 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.42.12.247 | SectopRAT botnet C2 server (confidence level: 100%) | |
file160.238.36.36 | Unknown malware botnet C2 server (confidence level: 100%) | |
file192.248.158.190 | Unknown malware botnet C2 server (confidence level: 100%) | |
file157.230.233.220 | MooBot botnet C2 server (confidence level: 100%) | |
file161.35.165.208 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.69.0.183 | Unknown malware botnet C2 server (confidence level: 100%) | |
file195.201.102.31 | Unknown malware botnet C2 server (confidence level: 100%) | |
file20.248.157.71 | Unknown malware botnet C2 server (confidence level: 100%) | |
file159.89.231.115 | Unknown malware botnet C2 server (confidence level: 100%) | |
file161.35.139.18 | Unknown malware botnet C2 server (confidence level: 100%) | |
file78.46.181.175 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.163.144.198 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.152.60.157 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.79.233.6 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.213.28.222 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.137.175.225 | Unknown malware botnet C2 server (confidence level: 100%) | |
file67.169.147.121 | Bashlite botnet C2 server (confidence level: 90%) | |
file37.97.133.8 | Unknown malware botnet C2 server (confidence level: 50%) | |
file150.158.33.10 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file91.231.186.41 | Sliver botnet C2 server (confidence level: 50%) | |
file82.115.223.50 | Sliver botnet C2 server (confidence level: 50%) | |
file202.173.160.66 | Sliver botnet C2 server (confidence level: 50%) | |
file87.120.114.165 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file63.33.57.73 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file38.180.61.247 | GhostSocks botnet C2 server (confidence level: 75%) | |
file195.2.70.38 | GhostSocks botnet C2 server (confidence level: 75%) | |
file91.142.74.28 | GhostSocks botnet C2 server (confidence level: 75%) | |
file46.8.232.106 | GhostSocks botnet C2 server (confidence level: 75%) | |
file195.200.31.22 | GhostSocks botnet C2 server (confidence level: 75%) | |
file46.8.236.61 | GhostSocks botnet C2 server (confidence level: 75%) | |
file77.238.224.56 | GhostSocks botnet C2 server (confidence level: 75%) | |
file77.238.245.11 | GhostSocks botnet C2 server (confidence level: 75%) | |
file77.238.245.233 | GhostSocks botnet C2 server (confidence level: 75%) | |
file91.212.166.91 | GhostSocks botnet C2 server (confidence level: 75%) | |
file104.238.190.12 | XWorm botnet C2 server (confidence level: 50%) | |
file51.38.119.240 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file94.156.105.136 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file139.59.34.92 | Unknown malware botnet C2 server (confidence level: 100%) | |
file176.65.144.250 | Hook botnet C2 server (confidence level: 100%) | |
file20.26.234.252 | Havoc botnet C2 server (confidence level: 100%) | |
file83.136.249.203 | MimiKatz botnet C2 server (confidence level: 100%) | |
file54.238.247.179 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.14.151.205 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file176.65.134.36 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file195.20.18.146 | Phemedrone Stealer botnet C2 server (confidence level: 75%) | |
file89.23.97.211 | Rhadamanthys botnet C2 server (confidence level: 75%) | |
file45.10.83.157 | PureLogs Stealer botnet C2 server (confidence level: 75%) | |
file45.10.81.188 | PureLogs Stealer botnet C2 server (confidence level: 75%) | |
file45.10.81.111 | PureLogs Stealer botnet C2 server (confidence level: 75%) | |
file3.64.4.198 | NjRAT botnet C2 server (confidence level: 100%) | |
file71.12.4.174 | QakBot botnet C2 server (confidence level: 75%) | |
file147.45.255.116 | Meterpreter botnet C2 server (confidence level: 75%) | |
file82.147.84.189 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file117.50.178.197 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.151.251.169 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file163.5.169.248 | Remcos botnet C2 server (confidence level: 100%) | |
file5.199.166.10 | pupy botnet C2 server (confidence level: 100%) | |
file62.146.226.225 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file163.5.169.43 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file130.195.222.141 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file158.220.83.114 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file84.154.190.183 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file54.67.80.225 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file124.156.152.46 | Unknown RAT botnet C2 server (confidence level: 50%) | |
file150.158.33.10 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file147.185.221.25 | XWorm botnet C2 server (confidence level: 50%) | |
file102.156.4.62 | NjRAT botnet C2 server (confidence level: 100%) | |
file49.4.9.38 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file5.205.191.98 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file47.238.105.182 | Sliver botnet C2 server (confidence level: 50%) | |
file148.66.22.194 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file62.60.226.42 | Remcos botnet C2 server (confidence level: 100%) | |
file23.148.144.62 | Remcos botnet C2 server (confidence level: 100%) | |
file129.153.159.161 | Unknown malware botnet C2 server (confidence level: 100%) | |
file198.167.210.62 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file80.64.30.2 | SectopRAT botnet C2 server (confidence level: 100%) | |
file45.33.110.200 | Unknown malware botnet C2 server (confidence level: 100%) | |
file159.89.173.66 | Unknown malware botnet C2 server (confidence level: 100%) | |
file5.104.208.253 | DarkComet botnet C2 server (confidence level: 100%) | |
file84.32.23.56 | pupy botnet C2 server (confidence level: 100%) | |
file84.32.23.8 | pupy botnet C2 server (confidence level: 100%) | |
file49.113.76.82 | Unknown malware botnet C2 server (confidence level: 100%) | |
file181.161.12.137 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file45.151.153.17 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file94.156.177.244 | Venom RAT botnet C2 server (confidence level: 100%) | |
file13.245.230.214 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file142.247.196.137 | QakBot botnet C2 server (confidence level: 75%) | |
file188.54.79.3 | QakBot botnet C2 server (confidence level: 75%) | |
file5.202.11.34 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file67.71.45.148 | QakBot botnet C2 server (confidence level: 75%) | |
file8.218.34.120 | Sliver botnet C2 server (confidence level: 75%) | |
file61.3.106.59 | Mozi botnet C2 server (confidence level: 50%) | |
file144.91.79.54 | Nanocore RAT botnet C2 server (confidence level: 50%) | |
file161.35.40.73 | Sliver botnet C2 server (confidence level: 50%) | |
file194.87.226.134 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.87.226.75 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.87.226.220 | Unknown malware botnet C2 server (confidence level: 100%) | |
file109.196.100.211 | Unknown malware botnet C2 server (confidence level: 100%) | |
file195.19.93.122 | Unknown malware botnet C2 server (confidence level: 100%) | |
file89.23.106.222 | Unknown malware botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash16168 | NjRAT botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2222 | DarkComet botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash5873 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7077 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash64250 | BianLian botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash443 | Matanbuchus botnet C2 server (confidence level: 60%) | |
hash443 | pupy botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash4444 | Sliver botnet C2 server (confidence level: 100%) | |
hash10999 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash15747 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash55650 | MooBot botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash23 | Bashlite botnet C2 server (confidence level: 90%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash50003 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash1337 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash113 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash30001 | GhostSocks botnet C2 server (confidence level: 75%) | |
hash30001 | GhostSocks botnet C2 server (confidence level: 75%) | |
hash30001 | GhostSocks botnet C2 server (confidence level: 75%) | |
hash30001 | GhostSocks botnet C2 server (confidence level: 75%) | |
hash25016 | GhostSocks botnet C2 server (confidence level: 75%) | |
hash30001 | GhostSocks botnet C2 server (confidence level: 75%) | |
hash30001 | GhostSocks botnet C2 server (confidence level: 75%) | |
hash30001 | GhostSocks botnet C2 server (confidence level: 75%) | |
hash30001 | GhostSocks botnet C2 server (confidence level: 75%) | |
hash30001 | GhostSocks botnet C2 server (confidence level: 75%) | |
hash6000 | XWorm botnet C2 server (confidence level: 50%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5555 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8080 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Phemedrone Stealer botnet C2 server (confidence level: 75%) | |
hash4022 | Rhadamanthys botnet C2 server (confidence level: 75%) | |
hash8000 | PureLogs Stealer botnet C2 server (confidence level: 75%) | |
hash8000 | PureLogs Stealer botnet C2 server (confidence level: 75%) | |
hash8000 | PureLogs Stealer botnet C2 server (confidence level: 75%) | |
hash15938 | NjRAT botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash8444 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash57982 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2086 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | pupy botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4444 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1002 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash81 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash15664 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Unknown RAT botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash27113 | XWorm botnet C2 server (confidence level: 50%) | |
hash1177 | NjRAT botnet C2 server (confidence level: 100%) | |
hash2000 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash6001 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash43155 | Remcos botnet C2 server (confidence level: 100%) | |
hash2025 | Remcos botnet C2 server (confidence level: 100%) | |
hash47963 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash15747 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3000 | DarkComet botnet C2 server (confidence level: 100%) | |
hash443 | pupy botnet C2 server (confidence level: 100%) | |
hash443 | pupy botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8888 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash9201 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash888 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash2222 | QakBot botnet C2 server (confidence level: 75%) | |
hash2783 | Sliver botnet C2 server (confidence level: 75%) | |
hash51106 | Mozi botnet C2 server (confidence level: 50%) | |
hash54984 | Nanocore RAT botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash1337 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1337 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1337 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1337 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1337 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1337 | Unknown malware botnet C2 server (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://goldenbirdzone.xyz/mzzkntlintu4ndhl/ | Coper botnet C2 (confidence level: 100%) | |
urlhttp://110.183.25.12:53456/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttps://solve.kxlv.org/awjsx.captcha | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://tsukanjz.beget.tech/0cd9aef8.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://185.215.113.115/c4becf79229cb002.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttp://223.11.60.184:35597/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttps://pastebin.com/raw/z20rzvuq | XWorm botnet C2 (confidence level: 50%) | |
urlhttps://securesways.click/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://activequestion.ru/externallongpollflowerwpdlelocalprivatecentral.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://a1077057.xsph.ru/ac5e408b.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://pastebin.com/raw/7fjrtf2f | XWorm botnet C2 (confidence level: 50%) | |
urlhttps://genericfixer.com/sysfixsync/kernel-patches/january-2025/fixomatic.php | Matanbuchus botnet C2 (confidence level: 100%) | |
urlhttps://subduedkinlkly.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://runnedarred.com/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://drinkeracte.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://aromaticridz.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://answerzeypher.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://wanyajarysu.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://humdrumviosl.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://mac-only.team/smp/getfile.php | AMOS botnet C2 (confidence level: 100%) | |
urlhttps://rivalillicitlytransfer.shop/up | ACR Stealer botnet C2 (confidence level: 100%) | |
urlhttps://rivalillicitlytransfer.shop/up/b | ACR Stealer botnet C2 (confidence level: 100%) | |
urlhttps://rivalillicitlytransfer.shop/ujs/ | ACR Stealer botnet C2 (confidence level: 100%) |
Threat ID: 68367c99182aa0cae232460f
Added to database: 5/28/2025, 3:01:45 AM
Last enriched: 6/27/2025, 10:35:29 AM
Last updated: 8/13/2025, 2:39:53 PM
Views: 16
Related Threats
ThreatFox IOCs for 2025-08-17
MediumMalwareMon Aug 18 2025
ThreatFox IOCs for 2025-08-16
MediumMalwareSun Aug 17 2025
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumMalwareSat Aug 16 2025
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.