ThreatFox IOCs for 2025-02-03
Severity: mediumType: malware
ThreatFox IOCs for 2025-02-03
AI Analysis
Technical Summary
The provided threat intelligence pertains to a malware-related report titled "ThreatFox IOCs for 2025-02-03," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under the 'osint' product type, indicating that it primarily involves open-source intelligence data related to malware threats. However, the information lacks specific details about the malware family, attack vectors, affected software versions, or technical indicators such as file hashes, IP addresses, or domains. The threat level is indicated as 2 on an unspecified scale, with an analysis rating of 1 and distribution rating of 3, suggesting moderate threat presence and distribution. No known exploits in the wild are reported, and no patches or mitigations are directly linked to this threat. The absence of Common Weakness Enumerations (CWEs) and detailed technical data limits the granularity of the analysis. The tags include 'type:osint' and 'tlp:white,' indicating that the information is publicly shareable without restrictions. Overall, this threat intelligence appears to be a general notification of malware-related IOCs collected or observed on the specified date, without concrete actionable details or evidence of active exploitation at this time.
Potential Impact
Given the limited technical details and absence of known exploits in the wild, the immediate impact on European organizations is likely to be low to medium. The threat represents potential malware activity identified through open-source intelligence, which could be indicative of emerging or evolving threats. European organizations relying on OSINT feeds for threat detection may find value in integrating these IOCs into their security monitoring to enhance situational awareness. However, without specific malware behavior, attack vectors, or targeted sectors, the direct risk to confidentiality, integrity, or availability remains uncertain. The medium severity rating suggests a moderate concern, possibly due to the distribution rating of 3, implying some level of dissemination or prevalence. Organizations should remain vigilant, especially those in sectors commonly targeted by malware campaigns, such as finance, critical infrastructure, and government, as these sectors could be indirectly affected if the threat evolves or is leveraged in targeted attacks.
Mitigation Recommendations
1. Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities. 2. Conduct regular threat hunting exercises using the latest OSINT feeds to identify any signs of compromise related to these IOCs. 3. Maintain up-to-date malware definitions and ensure endpoint protection platforms are configured to detect emerging threats. 4. Implement network segmentation and strict access controls to limit potential malware spread within organizational networks. 5. Educate security teams on monitoring OSINT sources like ThreatFox for early warning signs and incorporate these feeds into incident response playbooks. 6. Since no patches are available, focus on proactive detection and containment strategies rather than reactive patching. 7. Collaborate with national Computer Emergency Response Teams (CERTs) and information sharing communities to receive timely updates on any developments related to these IOCs.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium, Sweden, Finland
Indicators of Compromise
- domain: solve.nohz.org
- domain: durumm.click
- url: https://durumm.click
- url: https://parcelinn.com/wp-content/images/panel/admin.php
- domain: stchkr.rest
- url: https://stchkr.rest
- file: 138.124.119.98
- hash: 80
- file: 123.11.142.102
- hash: 5873
- file: 85.239.232.11
- hash: 6666
- file: 195.177.95.160
- hash: 3819
- file: 159.65.29.33
- hash: 443
- domain: adviseur.adviseur-oakk.nl
- file: 45.86.155.74
- hash: 80
- domain: mmcapi.miicrosofts.org
- file: 5.199.166.185
- hash: 443
- file: 109.107.140.195
- hash: 21755
- file: 163.5.169.43
- hash: 8888
- file: 47.108.227.114
- hash: 8080
- file: 37.27.182.109
- hash: 443
- file: 110.40.147.170
- hash: 60000
- file: 13.235.237.32
- hash: 443
- file: 15.165.141.150
- hash: 80
- file: 147.182.224.107
- hash: 3333
- file: 172.105.35.42
- hash: 3333
- file: 18.184.91.155
- hash: 80
- file: 18.184.91.155
- hash: 443
- file: 209.38.167.100
- hash: 3333
- file: 52.91.24.43
- hash: 8080
- file: 161.35.162.231
- hash: 3333
- file: 188.34.188.16
- hash: 3333
- file: 143.110.167.55
- hash: 3333
- file: 185.87.50.129
- hash: 3333
- file: 72.250.39.129
- hash: 3333
- file: 124.71.68.77
- hash: 3333
- file: 109.242.113.18
- hash: 995
- domain: vivaforevew.com
- domain: wersogkiwgow.com
- url: https://natureinspirged.top/api
- file: 176.65.144.121
- hash: 5689
- file: 24.199.76.180
- hash: 31337
- file: 52.56.52.148
- hash: 31337
- file: 89.208.113.56
- hash: 31337
- file: 51.79.160.112
- hash: 31337
- file: 34.245.41.38
- hash: 7634
- file: 18.117.81.88
- hash: 2628
- file: 196.64.210.33
- hash: 10134
- file: 112.74.48.245
- hash: 9205
- file: 54.153.151.182
- hash: 443
- file: 3.10.225.225
- hash: 443
- domain: solve.gesz.org
- file: 47.102.139.183
- hash: 18085
- domain: grand-ad.gl.at.ply.gg
- domain: slitt-62494.portmap.host
- url: https://loud-states-matter.loca.lt
- file: 172.111.138.100
- hash: 1336
- domain: solve.zexd.org
- domain: sg-auth.life
- file: 103.71.23.162
- hash: 443
- domain: pepegich.live
- domain: tradesync.dev
- url: http://www.arehouse-inventory-97550.bond/i62s/
- url: http://www.uamentesaudavel.shop/i62s/
- url: http://www.nio.xyz/i62s/
- url: http://www.rginine12.live/i62s/
- url: http://www.ourmet94goodies.shop/i62s/
- url: http://www.dveo.xyz/i62s/
- url: http://www.epp.xyz/i62s/
- url: http://www.lexbreus.art/i62s/
- url: http://www.nline-gaming-32533.bond/i62s/
- url: http://www.znetio.info/i62s/
- url: http://www.hosaround.net/i62s/
- url: http://www.ecurity-apps-53798.bond/i62s/
- url: http://www.treamtiendat.xyz/i62s/
- url: http://www.ngomoney.online/i62s/
- url: http://www.wig.xyz/i62s/
- url: http://www.ills-au.today/i62s/
- url: http://www.megavine.shop/i62s/
- url: http://www.hatsea.net/i62s/
- url: http://www.nvestore.xyz/i62s/
- url: http://www.pasupplies.online/i62s/
- url: http://www.i-analyst.online/i62s/
- url: http://www.olos.fun/i62s/
- url: http://www.mmfedex.online/i62s/
- url: http://www.utterinstallationmiamifl.net/i62s/
- url: http://www.ontenhiburan.lat/i62s/
- url: http://www.lataoplomo.shop/i62s/
- url: http://www.iliarslot77.club/i62s/
- url: http://www.eusx.xyz/i62s/
- url: http://www.astebud.xyz/i62s/
- url: http://www.imaopro.shop/i62s/
- url: http://www.icovideo.motorcycles/i62s/
- url: http://www.hees.xyz/i62s/
- url: http://www.uajialihan.net/i62s/
- url: http://www.mbags.online/i62s/
- url: http://www.ytsxv.xyz/i62s/
- url: http://www.pps-88306.bond/i62s/
- url: http://www.urnuiet.biz/i62s/
- url: http://www.lute.xyz/i62s/
- url: http://www.kds.store/i62s/
- url: http://www.nstaplan.xyz/i62s/
- url: http://www.orezenpulse.ltd/i62s/
- url: http://www.elfast-cruisetours.today/i62s/
- url: http://www.kohtom486.vip/i62s/
- url: http://www.65six6.shop/i62s/
- url: http://www.imelightbeauty.store/i62s/
- url: http://www.5469.vip/i62s/
- url: http://www.utomation-tools-31065.bond/i62s/
- url: http://www.lassical.fun/i62s/
- url: http://www.oridion.net/i62s/
- url: http://www.ir49.buzz/i62s/
- url: http://www.irrwrsr.icu/i62s/
- url: http://www.aco4dkuy.online/i62s/
- url: http://www.owden.zone/i62s/
- url: http://www.lotbonus.xyz/i62s/
- url: http://www.udoudou.fun/i62s/
- url: http://www.nkomega.shop/i62s/
- url: http://www.dbgtv.info/i62s/
- url: http://www.owardhammerpleasure35.sbs/i62s/
- url: http://www.iirv.bid/i62s/
- url: http://www.rosperityconsultinggroup.net/i62s/
- url: http://www.rediksi-lexitoto.art/i62s/
- url: http://www.v02.net/i62s/
- url: http://www.ind-singles3.live/i62s/
- url: http://www.est-sellers.net/i62s/
- url: http://www.rmaossoares.shop/i62s/
- domain: www.arehouse-inventory-97550.bond
- domain: www.uamentesaudavel.shop
- domain: www.nio.xyz
- domain: www.rginine12.live
- domain: www.ourmet94goodies.shop
- domain: www.dveo.xyz
- domain: www.epp.xyz
- domain: www.lexbreus.art
- domain: www.nline-gaming-32533.bond
- domain: www.znetio.info
- domain: www.hosaround.net
- domain: www.ecurity-apps-53798.bond
- domain: www.treamtiendat.xyz
- domain: www.ngomoney.online
- domain: www.wig.xyz
- domain: www.ills-au.today
- domain: www.megavine.shop
- domain: www.hatsea.net
- domain: www.nvestore.xyz
- domain: www.pasupplies.online
- domain: www.i-analyst.online
- domain: www.olos.fun
- domain: www.mmfedex.online
- domain: www.utterinstallationmiamifl.net
- domain: www.ontenhiburan.lat
- domain: www.lataoplomo.shop
- domain: www.iliarslot77.club
- domain: www.eusx.xyz
- domain: www.astebud.xyz
- domain: www.imaopro.shop
- domain: www.icovideo.motorcycles
- domain: www.hees.xyz
- domain: www.uajialihan.net
- domain: www.mbags.online
- domain: www.ytsxv.xyz
- domain: www.pps-88306.bond
- domain: www.urnuiet.biz
- domain: www.lute.xyz
- domain: www.kds.store
- domain: www.nstaplan.xyz
- domain: www.orezenpulse.ltd
- domain: www.elfast-cruisetours.today
- domain: www.kohtom486.vip
- domain: www.65six6.shop
- domain: www.imelightbeauty.store
- domain: www.5469.vip
- domain: www.utomation-tools-31065.bond
- domain: www.lassical.fun
- domain: www.oridion.net
- domain: www.ir49.buzz
- domain: www.irrwrsr.icu
- domain: www.aco4dkuy.online
- domain: www.owden.zone
- domain: www.lotbonus.xyz
- domain: www.udoudou.fun
- domain: www.nkomega.shop
- domain: www.dbgtv.info
- domain: www.owardhammerpleasure35.sbs
- domain: www.iirv.bid
- domain: www.rosperityconsultinggroup.net
- domain: www.rediksi-lexitoto.art
- domain: www.v02.net
- domain: www.ind-singles3.live
- domain: www.est-sellers.net
- domain: www.rmaossoares.shop
- url: https://cipherinvest.xyz/
- url: https://greenblock.me/
- url: https://cryptocompass.dev/
- url: https://accessbullx.com/
- domain: tazrn.animaliaoqisso.com
- domain: bullx.network
- domain: tokenscan.info
- domain: cryptocompass.dev
- domain: cipherinvest.xyz
- domain: marketscan.me
- domain: ai-helper.xyz
- domain: wipeout.pages.dev
- domain: nexustrade.club
- domain: stakesol.pro
- domain: marketsearch.me
- domain: accessbullx.com
- domain: greenblock.me
- domain: pumpingpulls.pw
- domain: tokentrove.dev
- domain: rtcrypsm.xyz
- domain: rtcrypsm.pages.dev
- domain: searchesdex.me
- file: 176.96.131.195
- hash: 8081
- file: 176.96.131.236
- hash: 8081
- file: 31.42.184.188
- hash: 2404
- file: 44.201.201.174
- hash: 8000
- file: 44.201.201.174
- hash: 8081
- file: 80.240.26.220
- hash: 8808
- file: 62.146.226.225
- hash: 7707
- file: 13.247.238.154
- hash: 9936
- file: 88.17.113.40
- hash: 443
- file: 13.60.212.91
- hash: 56358
- file: 176.65.134.155
- hash: 8080
- file: 80.76.51.200
- hash: 80
- domain: safeguard-authenticate.com
- domain: front-end228.xyz
- domain: 7aha7o1azo0xz6fh.life
- domain: www.safeguard-verify.com
- domain: www.tele-verify.com
- domain: neofinancebrasil.com
- domain: telegram-verif.com
- domain: safeguard-tg.com
- domain: solve.waqj.org
- domain: www.safeguardrobot.net
- domain: safenguxx.xyz
- domain: safeguardaccept.com
- domain: tohrut.com
- domain: safeguard-page.pages.dev
- domain: oct.mom
- domain: safegurad.app
- domain: telegramweb.world
- domain: bv.pe
- domain: yv67i33v15o7.com
- domain: gsfeb2oz1ub4.com
- domain: 7p0g93pcg0zs.com
- domain: 92p1ka158tr2.com
- domain: gtpn6s454us8.com
- domain: buildonbeam.support
- url: https://37.27.182.109/
- file: 116.202.2.159
- hash: 443
- file: 188.49.76.191
- hash: 995
- file: 193.233.48.167
- hash: 443
- file: 3.145.146.232
- hash: 2079
- file: 8.219.62.204
- hash: 1025
- hash: b86aacec897b8376c23647c4f0e78fba
- hash: 15796971d60f9d71ad162060f0f76a02
- hash: eab3acdd2b9415686df2c0f8bacb08e9
- hash: 2be48ff323cb01f43f28e4572cbe9b92
- hash: ab18e1692b7ba3b99c854573aa2cb3dc
- domain: solve.lnww.org
- file: 45.13.151.59
- hash: 666
- url: https://impossiblekdo.click/api
- url: https://idioinc.com/5t4a.js
- domain: idioinc.com
- url: https://idioinc.com/js.php
- file: 52.57.205.103
- hash: 80
- file: 163.5.210.118
- hash: 6667
- file: 45.125.66.195
- hash: 8808
- file: 192.3.189.150
- hash: 8808
- file: 102.117.173.7
- hash: 7443
- file: 35.226.135.244
- hash: 6667
- file: 217.15.160.54
- hash: 8848
- file: 3.27.109.240
- hash: 50001
- file: 3.27.109.240
- hash: 501
- file: 3.27.109.240
- hash: 20001
- file: 3.27.109.240
- hash: 49501
- file: 37.114.37.96
- hash: 3000
- file: 51.81.104.115
- hash: 80
- file: 109.107.189.92
- hash: 9999
- domain: hub.t1brime-dev.ru
- file: 141.98.197.31
- hash: 21755
- url: https://vbcsd.top/work/original.js
- domain: vbcsd.top
- url: https://vbcsd.top/work/index.php
- url: https://vbcsd.top/work/upl.php
- url: https://www.neoarchiinc.com/update.zip
- file: 114.67.112.45
- hash: 10001
- file: 162.255.116.92
- hash: 10001
- file: 203.96.177.194
- hash: 31337
- file: 3.110.165.90
- hash: 4949
- file: 199.247.0.169
- hash: 4449
- file: 199.247.0.169
- hash: 7000
- file: 185.218.137.129
- hash: 443
- url: http://kb1u.icu/gi341/index.php
- url: https://boost-spoken-exhaust-guatemala.trycloudflare.com/12341234
- file: 74.50.80.166
- hash: 55555
- domain: jbxfrd.autumn-network.xyz
- file: 103.96.75.73
- hash: 443
- file: 51.20.94.18
- hash: 9600
- file: 70.183.74.228
- hash: 8081
- domain: solve.qlpb.org
- url: https://compettevaoucs.digital/api
- file: 85.31.47.84
- hash: 5339
- file: 176.97.117.181
- hash: 2404
- file: 46.101.127.46
- hash: 7443
- file: 47.99.78.222
- hash: 4444
- file: 184.73.77.124
- hash: 7000
- file: 184.73.77.124
- hash: 14000
- file: 52.67.16.135
- hash: 2082
- file: 52.67.16.135
- hash: 42032
- url: https://ballekshoerz.digital/api
- domain: solve.reqy.bet
- domain: solve.vyzu.bet
- url: https://test.peperoncinochepassione.it/
- url: https://globalcuisinerecipes.biz/api
- file: 213.238.177.46
- hash: 1604
- file: 185.147.125.77
- hash: 4782
- file: 147.45.44.68
- hash: 4782
- file: 161.129.37.116
- hash: 65535
- file: 217.195.197.192
- hash: 1604
- domain: sigmadm420-46661.portmap.host
- domain: lot-clothes.gl.at.ply.gg
- domain: dragonbornwashere-43022.portmap.host
- domain: rigoc45241-20031.portmap.host
- domain: sunday-n.gl.at.ply.gg
- domain: hapansystem.hopto.org
- domain: payment-rivers.gl.at.ply.gg
- domain: pasto2025.duckdns.org
- domain: eg4x4.casacam.net
- file: 147.185.221.22
- hash: 16160
- file: 147.185.221.25
- hash: 46315
- file: 64.7.199.232
- hash: 7000
- file: 143.198.150.161
- hash: 7000
- file: 141.226.242.22
- hash: 1111
- file: 147.185.221.25
- hash: 45465
- file: 94.131.109.101
- hash: 1488
- file: 31.6.1.32
- hash: 7000
- file: 185.7.214.211
- hash: 4444
- file: 80.76.49.116
- hash: 7000
- file: 206.71.149.7
- hash: 7000
- file: 76.122.172.142
- hash: 7777
- file: 193.161.193.99
- hash: 37483
- file: 193.161.193.99
- hash: 23707
- file: 5.181.187.157
- hash: 1337
- file: 147.185.221.25
- hash: 43033
- file: 193.161.193.99
- hash: 31297
- file: 45.141.26.227
- hash: 7000
- file: 193.161.193.99
- hash: 52898
- file: 62.195.230.120
- hash: 5674
- domain: effect-weeks.gl.at.ply.gg
- domain: nokia-leading.gl.at.ply.gg
- domain: thu-why.gl.at.ply.gg
- domain: thursday-ultram.gl.at.ply.gg
- domain: yocheezy-32987.portmap.host
- domain: understand-shakira.gl.at.ply.gg
- domain: al-three.gl.at.ply.gg
- domain: its-inch.gl.at.ply.gg
- domain: person-mustang.gl.at.ply.gg
- domain: included-output.gl.at.ply.gg
- domain: deal-pairs.gl.at.ply.gg
- domain: shel1a-20631.portmap.host
- domain: profile-pixels.gl.at.ply.gg
- domain: game-they.gl.at.ply.gg
- domain: names-copying.gl.at.ply.gg
- domain: technical-heart.gl.at.ply.gg
- domain: family-floors.gl.at.ply.gg
- domain: matter-sets.gl.at.ply.gg
- domain: ii-aim.gl.at.ply.gg
- domain: url-murphy.gl.at.ply.gg
- domain: rxndom-48542.portmap.host
- domain: calendar-merely.gl.at.ply.gg
- domain: until-oils.gl.at.ply.gg
- domain: yes-dec.gl.at.ply.gg
- domain: restaurants-stan.gl.at.ply.gg
- domain: our-incidents.gl.at.ply.gg
- domain: early-issue.gl.at.ply.gg
- domain: xml-calculate.gl.at.ply.gg
- domain: than-adaptation.gl.at.ply.gg
- domain: homes-lee.gl.at.ply.gg
- domain: uses-charged.gl.at.ply.gg
- domain: wednesday-super.gl.at.ply.gg
- domain: work-ian.gl.at.ply.gg
- domain: package-foods.gl.at.ply.gg
- domain: updates-aqua.gl.at.ply.gg
- url: https://memesense.xyz
- domain: serveurdk.no-ip.org
- domain: synchronical.no-ip.biz
- domain: minicl55.no-ip.biz
- domain: akela.no-ip.org
- domain: kowed.zapto.org
- domain: lundinzzz.no-ip.biz
- domain: dcomet.no-ip.biz
- domain: thatlad.no-ip.org
- domain: wvg.no-ip.info
- domain: cybergate13.no-ip.org
- domain: snappletm.no-ip.org
- domain: zombienetwork.no-ip.net
- domain: ms-health-monitor.com
- domain: rozayleekimishere.duckdns.org
- domain: jomandamindlee.duckdns.org
- domain: gojust.publicvm.com
- domain: gracedynu.gleeze.com
- file: 194.5.98.122
- hash: 5550
- domain: amersec.no-ip.info
- domain: loosthacker1k18.ddns.net
- domain: jnjn.redirectme.net
- domain: amersoft.dnsdojo.com
- domain: abdo198916.linkpc.net
- domain: walido.serveftp.com
- domain: allowpermision2-29216.portmap.host
- domain: words-mandatory.gl.at.ply.gg
- domain: learning-concerned.gl.at.ply.gg
- domain: bayan.ddns.net
- url: http://113.30.168.221:48205/mozi.m
- file: 64.225.52.129
- hash: 1301
- file: 139.59.226.19
- hash: 1293
- file: 157.245.56.174
- hash: 1388
- file: 128.199.35.104
- hash: 1292
- file: 185.244.150.142
- hash: 1457
- file: 185.244.150.136
- hash: 1486
- file: 194.36.191.25
- hash: 1470
- file: 185.106.123.122
- hash: 1521
- file: 185.106.123.117
- hash: 1521
- file: 194.107.126.7
- hash: 23
- file: 194.107.126.7
- hash: 25
- file: 194.107.126.7
- hash: 99
- file: 194.107.126.7
- hash: 123
- file: 194.107.126.7
- hash: 2222
- file: 194.107.126.7
- hash: 3333
- file: 107.174.67.215
- hash: 50050
- url: https://mail.vipspar.com/
- domain: cnc.kotomari-vn.dev
- domain: srv.vlrt-gap.com
- domain: rdtgtdrgfd-56277.portmap.host
- file: 5.20.170.15
- hash: 443
- file: 64.226.88.211
- hash: 443
- file: 158.160.4.206
- hash: 8080
- file: 85.239.232.214
- hash: 6666
- file: 128.90.123.223
- hash: 5000
- file: 128.90.123.223
- hash: 9999
- file: 185.42.12.250
- hash: 15647
- file: 185.42.12.250
- hash: 15747
- file: 172.86.64.138
- hash: 8090
- file: 201.42.217.177
- hash: 8081
- file: 46.246.4.7
- hash: 8080
- file: 170.238.45.112
- hash: 7000
- file: 47.96.13.97
- hash: 50050
- file: 188.49.76.191
- hash: 443
- file: 3.76.199.53
- hash: 2405
- file: 3.13.214.116
- hash: 443
- domain: coolodyinvest.com
ThreatFox IOCs for 2025-02-03
Medium
Published: Mon Feb 03 2025 (02/03/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-02-03
AI-Powered Analysis
AILast updated: 06/19/2025, 15:48:12 UTC
Technical Analysis
The provided threat intelligence pertains to a malware-related report titled "ThreatFox IOCs for 2025-02-03," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under the 'osint' product type, indicating that it primarily involves open-source intelligence data related to malware threats. However, the information lacks specific details about the malware family, attack vectors, affected software versions, or technical indicators such as file hashes, IP addresses, or domains. The threat level is indicated as 2 on an unspecified scale, with an analysis rating of 1 and distribution rating of 3, suggesting moderate threat presence and distribution. No known exploits in the wild are reported, and no patches or mitigations are directly linked to this threat. The absence of Common Weakness Enumerations (CWEs) and detailed technical data limits the granularity of the analysis. The tags include 'type:osint' and 'tlp:white,' indicating that the information is publicly shareable without restrictions. Overall, this threat intelligence appears to be a general notification of malware-related IOCs collected or observed on the specified date, without concrete actionable details or evidence of active exploitation at this time.
Potential Impact
Given the limited technical details and absence of known exploits in the wild, the immediate impact on European organizations is likely to be low to medium. The threat represents potential malware activity identified through open-source intelligence, which could be indicative of emerging or evolving threats. European organizations relying on OSINT feeds for threat detection may find value in integrating these IOCs into their security monitoring to enhance situational awareness. However, without specific malware behavior, attack vectors, or targeted sectors, the direct risk to confidentiality, integrity, or availability remains uncertain. The medium severity rating suggests a moderate concern, possibly due to the distribution rating of 3, implying some level of dissemination or prevalence. Organizations should remain vigilant, especially those in sectors commonly targeted by malware campaigns, such as finance, critical infrastructure, and government, as these sectors could be indirectly affected if the threat evolves or is leveraged in targeted attacks.
Mitigation Recommendations
1. Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities. 2. Conduct regular threat hunting exercises using the latest OSINT feeds to identify any signs of compromise related to these IOCs. 3. Maintain up-to-date malware definitions and ensure endpoint protection platforms are configured to detect emerging threats. 4. Implement network segmentation and strict access controls to limit potential malware spread within organizational networks. 5. Educate security teams on monitoring OSINT sources like ThreatFox for early warning signs and incorporate these feeds into incident response playbooks. 6. Since no patches are available, focus on proactive detection and containment strategies rather than reactive patching. 7. Collaborate with national Computer Emergency Response Teams (CERTs) and information sharing communities to receive timely updates on any developments related to these IOCs.
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- d5360c54-58a8-456f-acfb-3e65575032ce
- Original Timestamp
- 1738627389
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainsolve.nohz.org | ClearFake payload delivery domain (confidence level: 100%) | |
domaindurumm.click | Vidar botnet C2 domain (confidence level: 100%) | |
domainstchkr.rest | Vidar botnet C2 domain (confidence level: 100%) | |
domainadviseur.adviseur-oakk.nl | Havoc botnet C2 domain (confidence level: 100%) | |
domainmmcapi.miicrosofts.org | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainvivaforevew.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domainwersogkiwgow.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domainsolve.gesz.org | ClearFake payload delivery domain (confidence level: 100%) | |
domaingrand-ad.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainslitt-62494.portmap.host | XWorm botnet C2 domain (confidence level: 50%) | |
domainsolve.zexd.org | ClearFake payload delivery domain (confidence level: 100%) | |
domainsg-auth.life | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domainpepegich.live | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domaintradesync.dev | Venom RAT payload delivery domain (confidence level: 100%) | |
domainwww.arehouse-inventory-97550.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.uamentesaudavel.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.nio.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.rginine12.live | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ourmet94goodies.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.dveo.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.epp.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.lexbreus.art | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.nline-gaming-32533.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.znetio.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.hosaround.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ecurity-apps-53798.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.treamtiendat.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ngomoney.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.wig.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ills-au.today | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.megavine.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.hatsea.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.nvestore.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.pasupplies.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.i-analyst.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.olos.fun | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.mmfedex.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.utterinstallationmiamifl.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ontenhiburan.lat | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.lataoplomo.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.iliarslot77.club | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.eusx.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.astebud.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.imaopro.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.icovideo.motorcycles | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.hees.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.uajialihan.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.mbags.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ytsxv.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.pps-88306.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.urnuiet.biz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.lute.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.kds.store | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.nstaplan.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.orezenpulse.ltd | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.elfast-cruisetours.today | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.kohtom486.vip | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.65six6.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.imelightbeauty.store | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.5469.vip | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.utomation-tools-31065.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.lassical.fun | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.oridion.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ir49.buzz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.irrwrsr.icu | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.aco4dkuy.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.owden.zone | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.lotbonus.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.udoudou.fun | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.nkomega.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.dbgtv.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.owardhammerpleasure35.sbs | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.iirv.bid | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.rosperityconsultinggroup.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.rediksi-lexitoto.art | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.v02.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ind-singles3.live | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.est-sellers.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.rmaossoares.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domaintazrn.animaliaoqisso.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainbullx.network | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaintokenscan.info | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaincryptocompass.dev | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaincipherinvest.xyz | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainmarketscan.me | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainai-helper.xyz | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainwipeout.pages.dev | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainnexustrade.club | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainstakesol.pro | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainmarketsearch.me | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainaccessbullx.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaingreenblock.me | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainpumpingpulls.pw | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaintokentrove.dev | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainrtcrypsm.xyz | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainrtcrypsm.pages.dev | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainsearchesdex.me | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainsafeguard-authenticate.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainfront-end228.xyz | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domain7aha7o1azo0xz6fh.life | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainwww.safeguard-verify.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainwww.tele-verify.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainneofinancebrasil.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaintelegram-verif.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainsafeguard-tg.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainsolve.waqj.org | ClearFake payload delivery domain (confidence level: 100%) | |
domainwww.safeguardrobot.net | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainsafenguxx.xyz | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainsafeguardaccept.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaintohrut.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainsafeguard-page.pages.dev | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainoct.mom | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainsafegurad.app | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaintelegramweb.world | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainbv.pe | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainyv67i33v15o7.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaingsfeb2oz1ub4.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domain7p0g93pcg0zs.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domain92p1ka158tr2.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaingtpn6s454us8.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainbuildonbeam.support | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainsolve.lnww.org | ClearFake payload delivery domain (confidence level: 100%) | |
domainidioinc.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainhub.t1brime-dev.ru | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainvbcsd.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainjbxfrd.autumn-network.xyz | MooBot botnet C2 domain (confidence level: 100%) | |
domainsolve.qlpb.org | ClearFake payload delivery domain (confidence level: 100%) | |
domainsolve.reqy.bet | ClearFake payload delivery domain (confidence level: 100%) | |
domainsolve.vyzu.bet | ClearFake payload delivery domain (confidence level: 100%) | |
domainsigmadm420-46661.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainlot-clothes.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaindragonbornwashere-43022.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainrigoc45241-20031.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainsunday-n.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainhapansystem.hopto.org | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainpayment-rivers.gl.at.ply.gg | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainpasto2025.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaineg4x4.casacam.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaineffect-weeks.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainnokia-leading.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainthu-why.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainthursday-ultram.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainyocheezy-32987.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainunderstand-shakira.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainal-three.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainits-inch.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainperson-mustang.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainincluded-output.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaindeal-pairs.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainshel1a-20631.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainprofile-pixels.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaingame-they.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainnames-copying.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaintechnical-heart.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainfamily-floors.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainmatter-sets.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainii-aim.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainurl-murphy.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainrxndom-48542.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domaincalendar-merely.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainuntil-oils.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainyes-dec.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainrestaurants-stan.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainour-incidents.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainearly-issue.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainxml-calculate.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainthan-adaptation.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainhomes-lee.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainuses-charged.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainwednesday-super.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainwork-ian.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainpackage-foods.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainupdates-aqua.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainserveurdk.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainsynchronical.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainminicl55.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainakela.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainkowed.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainlundinzzz.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domaindcomet.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainthatlad.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainwvg.no-ip.info | DarkComet botnet C2 domain (confidence level: 100%) | |
domaincybergate13.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainsnappletm.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainzombienetwork.no-ip.net | DarkComet botnet C2 domain (confidence level: 100%) | |
domainms-health-monitor.com | NetWire RC botnet C2 domain (confidence level: 100%) | |
domainrozayleekimishere.duckdns.org | NetWire RC botnet C2 domain (confidence level: 100%) | |
domainjomandamindlee.duckdns.org | NetWire RC botnet C2 domain (confidence level: 100%) | |
domaingojust.publicvm.com | NetWire RC botnet C2 domain (confidence level: 100%) | |
domaingracedynu.gleeze.com | NetWire RC botnet C2 domain (confidence level: 100%) | |
domainamersec.no-ip.info | Xtreme RAT botnet C2 domain (confidence level: 100%) | |
domainloosthacker1k18.ddns.net | Xtreme RAT botnet C2 domain (confidence level: 100%) | |
domainjnjn.redirectme.net | Xtreme RAT botnet C2 domain (confidence level: 100%) | |
domainamersoft.dnsdojo.com | Xtreme RAT botnet C2 domain (confidence level: 100%) | |
domainabdo198916.linkpc.net | Xtreme RAT botnet C2 domain (confidence level: 100%) | |
domainwalido.serveftp.com | Xtreme RAT botnet C2 domain (confidence level: 100%) | |
domainallowpermision2-29216.portmap.host | SpyNote botnet C2 domain (confidence level: 100%) | |
domainwords-mandatory.gl.at.ply.gg | SpyNote botnet C2 domain (confidence level: 100%) | |
domainlearning-concerned.gl.at.ply.gg | SpyNote botnet C2 domain (confidence level: 100%) | |
domainbayan.ddns.net | SpyNote botnet C2 domain (confidence level: 100%) | |
domaincnc.kotomari-vn.dev | Mirai botnet C2 domain (confidence level: 50%) | |
domainsrv.vlrt-gap.com | Mirai botnet C2 domain (confidence level: 50%) | |
domainrdtgtdrgfd-56277.portmap.host | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domaincoolodyinvest.com | Cobalt Strike botnet C2 domain (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://durumm.click | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://parcelinn.com/wp-content/images/panel/admin.php | Azorult botnet C2 (confidence level: 100%) | |
urlhttps://stchkr.rest | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://natureinspirged.top/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://loud-states-matter.loca.lt | XWorm botnet C2 (confidence level: 50%) | |
urlhttp://www.arehouse-inventory-97550.bond/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.uamentesaudavel.shop/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nio.xyz/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rginine12.live/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ourmet94goodies.shop/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.dveo.xyz/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.epp.xyz/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.lexbreus.art/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nline-gaming-32533.bond/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.znetio.info/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.hosaround.net/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ecurity-apps-53798.bond/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.treamtiendat.xyz/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ngomoney.online/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.wig.xyz/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ills-au.today/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.megavine.shop/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.hatsea.net/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nvestore.xyz/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.pasupplies.online/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.i-analyst.online/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.olos.fun/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.mmfedex.online/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.utterinstallationmiamifl.net/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ontenhiburan.lat/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.lataoplomo.shop/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.iliarslot77.club/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.eusx.xyz/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.astebud.xyz/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.imaopro.shop/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.icovideo.motorcycles/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.hees.xyz/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.uajialihan.net/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.mbags.online/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ytsxv.xyz/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.pps-88306.bond/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.urnuiet.biz/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.lute.xyz/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.kds.store/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nstaplan.xyz/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.orezenpulse.ltd/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.elfast-cruisetours.today/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.kohtom486.vip/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.65six6.shop/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.imelightbeauty.store/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.5469.vip/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.utomation-tools-31065.bond/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.lassical.fun/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.oridion.net/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ir49.buzz/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.irrwrsr.icu/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.aco4dkuy.online/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.owden.zone/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.lotbonus.xyz/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.udoudou.fun/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nkomega.shop/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.dbgtv.info/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.owardhammerpleasure35.sbs/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.iirv.bid/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rosperityconsultinggroup.net/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rediksi-lexitoto.art/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.v02.net/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ind-singles3.live/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.est-sellers.net/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rmaossoares.shop/i62s/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttps://cipherinvest.xyz/ | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://greenblock.me/ | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://cryptocompass.dev/ | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://accessbullx.com/ | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://37.27.182.109/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://impossiblekdo.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://idioinc.com/5t4a.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://idioinc.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://vbcsd.top/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://vbcsd.top/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://vbcsd.top/work/upl.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://www.neoarchiinc.com/update.zip | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://kb1u.icu/gi341/index.php | Azorult botnet C2 (confidence level: 75%) | |
urlhttps://boost-spoken-exhaust-guatemala.trycloudflare.com/12341234 | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://compettevaoucs.digital/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ballekshoerz.digital/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://test.peperoncinochepassione.it/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://globalcuisinerecipes.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://memesense.xyz | XWorm botnet C2 (confidence level: 100%) | |
urlhttp://113.30.168.221:48205/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttps://mail.vipspar.com/ | Unknown malware payload delivery URL (confidence level: 50%) |
File
| Value | Description | Copy |
|---|---|---|
file138.124.119.98 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.11.142.102 | Unknown malware botnet C2 server (confidence level: 100%) | |
file85.239.232.11 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file195.177.95.160 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file159.65.29.33 | Havoc botnet C2 server (confidence level: 100%) | |
file45.86.155.74 | MooBot botnet C2 server (confidence level: 100%) | |
file5.199.166.185 | pupy botnet C2 server (confidence level: 100%) | |
file109.107.140.195 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file163.5.169.43 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file47.108.227.114 | Unknown malware botnet C2 server (confidence level: 100%) | |
file37.27.182.109 | Vidar botnet C2 server (confidence level: 100%) | |
file110.40.147.170 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.235.237.32 | Unknown malware botnet C2 server (confidence level: 100%) | |
file15.165.141.150 | Unknown malware botnet C2 server (confidence level: 100%) | |
file147.182.224.107 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.105.35.42 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.184.91.155 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.184.91.155 | Unknown malware botnet C2 server (confidence level: 100%) | |
file209.38.167.100 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.91.24.43 | Unknown malware botnet C2 server (confidence level: 100%) | |
file161.35.162.231 | Unknown malware botnet C2 server (confidence level: 100%) | |
file188.34.188.16 | Unknown malware botnet C2 server (confidence level: 100%) | |
file143.110.167.55 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.87.50.129 | Unknown malware botnet C2 server (confidence level: 100%) | |
file72.250.39.129 | Unknown malware botnet C2 server (confidence level: 100%) | |
file124.71.68.77 | Unknown malware botnet C2 server (confidence level: 100%) | |
file109.242.113.18 | QakBot botnet C2 server (confidence level: 100%) | |
file176.65.144.121 | Remcos botnet C2 server (confidence level: 75%) | |
file24.199.76.180 | Sliver botnet C2 server (confidence level: 50%) | |
file52.56.52.148 | Sliver botnet C2 server (confidence level: 50%) | |
file89.208.113.56 | Sliver botnet C2 server (confidence level: 50%) | |
file51.79.160.112 | Sliver botnet C2 server (confidence level: 50%) | |
file34.245.41.38 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file18.117.81.88 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file196.64.210.33 | Orcus RAT botnet C2 server (confidence level: 50%) | |
file112.74.48.245 | Unknown malware botnet C2 server (confidence level: 50%) | |
file54.153.151.182 | Unknown malware botnet C2 server (confidence level: 50%) | |
file3.10.225.225 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file47.102.139.183 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file172.111.138.100 | XWorm botnet C2 server (confidence level: 75%) | |
file103.71.23.162 | Lumma Stealer payload delivery server (confidence level: 75%) | |
file176.96.131.195 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file176.96.131.236 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file31.42.184.188 | Remcos botnet C2 server (confidence level: 100%) | |
file44.201.201.174 | Sliver botnet C2 server (confidence level: 100%) | |
file44.201.201.174 | Sliver botnet C2 server (confidence level: 100%) | |
file80.240.26.220 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file62.146.226.225 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file13.247.238.154 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file88.17.113.40 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.60.212.91 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file176.65.134.155 | ERMAC botnet C2 server (confidence level: 100%) | |
file80.76.51.200 | ERMAC botnet C2 server (confidence level: 100%) | |
file116.202.2.159 | Vidar botnet C2 server (confidence level: 100%) | |
file188.49.76.191 | QakBot botnet C2 server (confidence level: 75%) | |
file193.233.48.167 | Sliver botnet C2 server (confidence level: 75%) | |
file3.145.146.232 | NetSupportManager RAT botnet C2 server (confidence level: 75%) | |
file8.219.62.204 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file45.13.151.59 | Bashlite botnet C2 server (confidence level: 75%) | |
file52.57.205.103 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file163.5.210.118 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.125.66.195 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file192.3.189.150 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file102.117.173.7 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.226.135.244 | Venom RAT botnet C2 server (confidence level: 100%) | |
file217.15.160.54 | DCRat botnet C2 server (confidence level: 100%) | |
file3.27.109.240 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file3.27.109.240 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file3.27.109.240 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file3.27.109.240 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file37.114.37.96 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.81.104.115 | Unknown malware botnet C2 server (confidence level: 100%) | |
file109.107.189.92 | Unknown malware botnet C2 server (confidence level: 100%) | |
file141.98.197.31 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file114.67.112.45 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file162.255.116.92 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file203.96.177.194 | Sliver botnet C2 server (confidence level: 50%) | |
file3.110.165.90 | Unknown malware botnet C2 server (confidence level: 50%) | |
file199.247.0.169 | Venom RAT botnet C2 server (confidence level: 100%) | |
file199.247.0.169 | Venom RAT botnet C2 server (confidence level: 100%) | |
file185.218.137.129 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file74.50.80.166 | MooBot botnet C2 server (confidence level: 75%) | |
file103.96.75.73 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file51.20.94.18 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file70.183.74.228 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file85.31.47.84 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%) | |
file176.97.117.181 | Remcos botnet C2 server (confidence level: 100%) | |
file46.101.127.46 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.99.78.222 | Havoc botnet C2 server (confidence level: 100%) | |
file184.73.77.124 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file184.73.77.124 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file52.67.16.135 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file52.67.16.135 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file213.238.177.46 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file185.147.125.77 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file147.45.44.68 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file161.129.37.116 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file217.195.197.192 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file147.185.221.22 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file147.185.221.25 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file64.7.199.232 | XWorm botnet C2 server (confidence level: 100%) | |
file143.198.150.161 | XWorm botnet C2 server (confidence level: 100%) | |
file141.226.242.22 | XWorm botnet C2 server (confidence level: 100%) | |
file147.185.221.25 | XWorm botnet C2 server (confidence level: 100%) | |
file94.131.109.101 | XWorm botnet C2 server (confidence level: 100%) | |
file31.6.1.32 | XWorm botnet C2 server (confidence level: 100%) | |
file185.7.214.211 | XWorm botnet C2 server (confidence level: 100%) | |
file80.76.49.116 | XWorm botnet C2 server (confidence level: 100%) | |
file206.71.149.7 | XWorm botnet C2 server (confidence level: 100%) | |
file76.122.172.142 | XWorm botnet C2 server (confidence level: 100%) | |
file193.161.193.99 | XWorm botnet C2 server (confidence level: 100%) | |
file193.161.193.99 | XWorm botnet C2 server (confidence level: 100%) | |
file5.181.187.157 | XWorm botnet C2 server (confidence level: 100%) | |
file147.185.221.25 | XWorm botnet C2 server (confidence level: 100%) | |
file193.161.193.99 | XWorm botnet C2 server (confidence level: 100%) | |
file45.141.26.227 | XWorm botnet C2 server (confidence level: 100%) | |
file193.161.193.99 | XWorm botnet C2 server (confidence level: 100%) | |
file62.195.230.120 | XWorm botnet C2 server (confidence level: 100%) | |
file194.5.98.122 | NetWire RC botnet C2 server (confidence level: 100%) | |
file64.225.52.129 | Mirai botnet C2 server (confidence level: 100%) | |
file139.59.226.19 | Mirai botnet C2 server (confidence level: 100%) | |
file157.245.56.174 | Mirai botnet C2 server (confidence level: 100%) | |
file128.199.35.104 | Mirai botnet C2 server (confidence level: 100%) | |
file185.244.150.142 | Mirai botnet C2 server (confidence level: 100%) | |
file185.244.150.136 | Mirai botnet C2 server (confidence level: 100%) | |
file194.36.191.25 | Mirai botnet C2 server (confidence level: 100%) | |
file185.106.123.122 | Mirai botnet C2 server (confidence level: 100%) | |
file185.106.123.117 | Mirai botnet C2 server (confidence level: 100%) | |
file194.107.126.7 | Mirai botnet C2 server (confidence level: 100%) | |
file194.107.126.7 | Mirai botnet C2 server (confidence level: 100%) | |
file194.107.126.7 | Mirai botnet C2 server (confidence level: 100%) | |
file194.107.126.7 | Mirai botnet C2 server (confidence level: 100%) | |
file194.107.126.7 | Mirai botnet C2 server (confidence level: 100%) | |
file194.107.126.7 | Mirai botnet C2 server (confidence level: 100%) | |
file107.174.67.215 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file5.20.170.15 | DarkComet botnet C2 server (confidence level: 100%) | |
file64.226.88.211 | Sliver botnet C2 server (confidence level: 100%) | |
file158.160.4.206 | Sliver botnet C2 server (confidence level: 100%) | |
file85.239.232.214 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.123.223 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.123.223 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.42.12.250 | SectopRAT botnet C2 server (confidence level: 100%) | |
file185.42.12.250 | SectopRAT botnet C2 server (confidence level: 100%) | |
file172.86.64.138 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file201.42.217.177 | Havoc botnet C2 server (confidence level: 100%) | |
file46.246.4.7 | DCRat botnet C2 server (confidence level: 100%) | |
file170.238.45.112 | DCRat botnet C2 server (confidence level: 100%) | |
file47.96.13.97 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file188.49.76.191 | QakBot botnet C2 server (confidence level: 75%) | |
file3.76.199.53 | NetSupportManager RAT botnet C2 server (confidence level: 75%) | |
file3.13.214.116 | Meterpreter botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5873 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6666 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash3819 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash443 | pupy botnet C2 server (confidence level: 100%) | |
hash21755 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash995 | QakBot botnet C2 server (confidence level: 100%) | |
hash5689 | Remcos botnet C2 server (confidence level: 75%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash7634 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash2628 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash10134 | Orcus RAT botnet C2 server (confidence level: 50%) | |
hash9205 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash18085 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash1336 | XWorm botnet C2 server (confidence level: 75%) | |
hash443 | Lumma Stealer payload delivery server (confidence level: 75%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8000 | Sliver botnet C2 server (confidence level: 100%) | |
hash8081 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9936 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash56358 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8080 | ERMAC botnet C2 server (confidence level: 100%) | |
hash80 | ERMAC botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 75%) | |
hash2079 | NetSupportManager RAT botnet C2 server (confidence level: 75%) | |
hash1025 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hashb86aacec897b8376c23647c4f0e78fba | LockBit payload (confidence level: 50%) | |
hash15796971d60f9d71ad162060f0f76a02 | LockBit payload (confidence level: 50%) | |
hasheab3acdd2b9415686df2c0f8bacb08e9 | LockBit payload (confidence level: 50%) | |
hash2be48ff323cb01f43f28e4572cbe9b92 | LockBit payload (confidence level: 50%) | |
hashab18e1692b7ba3b99c854573aa2cb3dc | LockBit payload (confidence level: 50%) | |
hash666 | Bashlite botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6667 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6667 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash50001 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash501 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash20001 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash49501 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash3000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9999 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash21755 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash4949 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash7000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash55555 | MooBot botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash9600 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash8081 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash5339 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4444 | Havoc botnet C2 server (confidence level: 100%) | |
hash7000 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash14000 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash2082 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash42032 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash1604 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash65535 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash1604 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash16160 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash46315 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash1111 | XWorm botnet C2 server (confidence level: 100%) | |
hash45465 | XWorm botnet C2 server (confidence level: 100%) | |
hash1488 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash4444 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7777 | XWorm botnet C2 server (confidence level: 100%) | |
hash37483 | XWorm botnet C2 server (confidence level: 100%) | |
hash23707 | XWorm botnet C2 server (confidence level: 100%) | |
hash1337 | XWorm botnet C2 server (confidence level: 100%) | |
hash43033 | XWorm botnet C2 server (confidence level: 100%) | |
hash31297 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash52898 | XWorm botnet C2 server (confidence level: 100%) | |
hash5674 | XWorm botnet C2 server (confidence level: 100%) | |
hash5550 | NetWire RC botnet C2 server (confidence level: 100%) | |
hash1301 | Mirai botnet C2 server (confidence level: 100%) | |
hash1293 | Mirai botnet C2 server (confidence level: 100%) | |
hash1388 | Mirai botnet C2 server (confidence level: 100%) | |
hash1292 | Mirai botnet C2 server (confidence level: 100%) | |
hash1457 | Mirai botnet C2 server (confidence level: 100%) | |
hash1486 | Mirai botnet C2 server (confidence level: 100%) | |
hash1470 | Mirai botnet C2 server (confidence level: 100%) | |
hash1521 | Mirai botnet C2 server (confidence level: 100%) | |
hash1521 | Mirai botnet C2 server (confidence level: 100%) | |
hash23 | Mirai botnet C2 server (confidence level: 100%) | |
hash25 | Mirai botnet C2 server (confidence level: 100%) | |
hash99 | Mirai botnet C2 server (confidence level: 100%) | |
hash123 | Mirai botnet C2 server (confidence level: 100%) | |
hash2222 | Mirai botnet C2 server (confidence level: 100%) | |
hash3333 | Mirai botnet C2 server (confidence level: 100%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | DarkComet botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8080 | Sliver botnet C2 server (confidence level: 100%) | |
hash6666 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9999 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash15647 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash15747 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash8090 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8081 | Havoc botnet C2 server (confidence level: 100%) | |
hash8080 | DCRat botnet C2 server (confidence level: 100%) | |
hash7000 | DCRat botnet C2 server (confidence level: 100%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash2405 | NetSupportManager RAT botnet C2 server (confidence level: 75%) | |
hash443 | Meterpreter botnet C2 server (confidence level: 75%) |
Threat ID: 682c7dc0e8347ec82d2d8337
Added to database: 5/20/2025, 1:04:00 PM
Last enriched: 6/19/2025, 3:48:12 PM
Last updated: 8/13/2025, 1:27:46 AM
Views: 12
Related Threats
ThreatFox IOCs for 2025-08-14
MediumMalwareFri Aug 15 2025
On Going Malvertising Attack Spreads New Crypto Stealing PS1Bot Malware
MediumMalwareThu Aug 14 2025
A Mega Malware Analysis Tutorial Featuring Donut-Generated Shellcode
MediumMalwareThu Aug 14 2025
PhantomCard: New NFC-driven Android malware emerging in Brazil
MediumMalwareThu Aug 14 2025
ThreatFox IOCs for 2025-08-13
MediumMalwareThu Aug 14 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.