ThreatFox IOCs for 2025-03-19
Severity: mediumType: malware
ThreatFox IOCs for 2025-03-19
AI Analysis
Technical Summary
The provided threat intelligence pertains to a malware-related report titled "ThreatFox IOCs for 2025-03-19," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under the 'type:osint' tag, indicating it is primarily an open-source intelligence collection rather than a detailed technical vulnerability or exploit disclosure. No specific affected product versions or software are identified, and no Common Weakness Enumerations (CWEs) or patch information are provided. The threat level is rated as 2 on an unspecified scale, with a medium severity classification. The analysis and distribution scores suggest limited analysis depth (1) but a moderate distribution level (3), implying that the malware or its indicators have some degree of spread or presence in the wild, although no known exploits are currently active. The absence of detailed technical indicators, exploit mechanisms, or targeted vulnerabilities limits the ability to perform a deep technical dissection. However, the nature of ThreatFox IOCs typically involves sharing malware hashes, IP addresses, domains, or other artifacts useful for detection and response. Given the lack of direct exploit information, this intelligence likely serves as a situational awareness update to inform security teams about emerging or ongoing malware campaigns detected through OSINT methods.
Potential Impact
For European organizations, the medium severity malware threat indicated by this report suggests a moderate risk primarily related to detection and response capabilities rather than immediate critical compromise. The malware’s distribution score implies it could be present in multiple environments, potentially affecting confidentiality through data exfiltration, integrity via unauthorized modifications, or availability if it includes destructive or disruptive payloads. However, the absence of known exploits in the wild and lack of detailed attack vectors reduces the immediacy of the threat. European entities with extensive digital footprints, particularly those relying on open-source intelligence feeds or threat-sharing platforms, may face increased exposure if their detection systems are not updated with the latest IOCs. The impact could be more pronounced in sectors with high-value data or critical infrastructure, where even medium-severity malware can cause operational disruptions or data breaches if undetected. Additionally, the lack of authentication or user interaction details suggests the malware might propagate through automated means or indirect infection vectors, which could complicate containment efforts.
Mitigation Recommendations
Given the nature of this threat as an OSINT-based malware IOC report with limited technical specifics, mitigation should focus on enhancing detection, monitoring, and response capabilities. European organizations should: 1) Integrate the latest ThreatFox IOCs into their Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to improve identification of potential infections. 2) Conduct regular threat hunting exercises using updated IOC feeds to proactively identify and isolate affected systems. 3) Strengthen network segmentation to limit malware spread in case of infection. 4) Implement strict access controls and continuous monitoring to detect anomalous behavior indicative of malware activity. 5) Maintain up-to-date backups and incident response plans tailored to malware scenarios. 6) Collaborate with national Computer Security Incident Response Teams (CSIRTs) and share intelligence to enhance collective defense. These measures go beyond generic advice by emphasizing proactive IOC integration, threat hunting, and inter-organizational cooperation specific to the nature of OSINT-derived malware threats.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
Indicators of Compromise
- domain: check.opie6.icu
- url: https://65.21.118.116/7b10d5d78fdd0/onedrive
- domain: helloworld-f1f.pages.dev
- domain: message.zoo-ciry.shop
- domain: googlelivenews.com
- domain: sv3.xxyybb.xyz
- domain: bind-new-connect.click
- domain: microsoftasps.com
- domain: ywnjb.webaudiomessages.xyz
- domain: www.paloaltonetworkhelp.com
- domain: o.webaudiomessages.xyz
- domain: msfed.webaudiomessages.xyz
- domain: traduc.com
- domain: update-connection-to.help
- domain: megabrountake.click
- domain: videoshosting.live
- domain: foxit-up.date
- domain: www.zoom-software-download.com
- domain: tauxhoraire.com
- domain: connect-to-cdn.info
- domain: vn3hg.webaudiomessages.xyz
- domain: montagbadenmehr.cfd
- domain: zoom-up.date
- domain: ulgroup.webaudiomessages.xyz
- domain: flowersmayer.click
- domain: regular-update-your-software.org
- domain: sso.webaudiomessages.xyz
- domain: sci.webaudiomessages.xyz
- domain: smusxath.webaudiomessages.xyz
- domain: ssl-reload-connect.help
- domain: cdn-connect.info
- domain: connect-stable.xyz
- url: https://check.xemyrai6.icu/gkcxv.google?i=a2bb6c82-5139-4bea-85cf-516180fb783c
- domain: ooooi1.pages.dev
- domain: ezzat.adultdns.net
- file: 147.185.221.26
- hash: 27706
- url: http://3nsb51.icu/dk341/index.php
- url: http://bc8c1.cfd/pl341/index.php
- url: http://home.onebs1sr.top/hqwmoxkcydsxgzddlhwh174
- domain: youbeshitmanjho.tk
- file: 196.251.83.188
- hash: 443
- file: 103.12.149.85
- hash: 80
- file: 68.168.223.108
- hash: 7070
- file: 176.65.134.115
- hash: 2404
- domain: mail.185-38-142-181.cprapid.com
- file: 163.5.160.87
- hash: 443
- file: 46.105.147.139
- hash: 2222
- file: 37.156.46.83
- hash: 25
- domain: ec2-51-21-219-123.eu-north-1.compute.amazonaws.com
- file: 3.96.173.28
- hash: 443
- file: 160.191.245.154
- hash: 7000
- file: 171.232.0.161
- hash: 9999
- file: 82.115.223.11
- hash: 4477
- file: 176.65.144.27
- hash: 4000
- file: 18.217.59.108
- hash: 19790
- domain: www.illuminarebusiness.com
- file: 209.141.59.9
- hash: 3778
- url: http://219.68.235.149:52006/mozi.m
- url: http://89.169.12.115/api/ytasodysodisowqsytesodgsotasotusnjusn2qs
- url: https://kimjohan.com/5r1w.js
- domain: check.etau0.icu
- url: https://check.etau0.icu/gkcxv.google
- file: 216.218.135.117
- hash: 8501
- domain: filestlggtwerka.hopto.org
- file: 142.171.116.94
- hash: 88
- file: 124.222.38.4
- hash: 443
- file: 78.141.212.135
- hash: 443
- file: 178.62.245.228
- hash: 443
- file: 103.149.72.120
- hash: 80
- file: 80.255.6.5
- hash: 443
- file: 62.146.226.21
- hash: 443
- file: 171.232.0.161
- hash: 5001
- file: 181.235.4.114
- hash: 8090
- file: 34.219.188.83
- hash: 33604
- domain: mail.web-app-on.com
- domain: autodiscover.gfjd.104-168-101-27.cprapid.com
- domain: webmail.a.multi-canale.com
- domain: webmail.e.ora-0-web.com
- domain: webdisk.ora-0-web.com
- file: 93.183.93.208
- hash: 8443
- file: 171.232.0.161
- hash: 6000
- file: 152.136.174.71
- hash: 60000
- file: 207.167.67.34
- hash: 60000
- file: 194.62.167.215
- hash: 8080
- file: 18.196.253.192
- hash: 80
- file: 18.196.253.192
- hash: 443
- file: 152.203.30.124
- hash: 8080
- file: 20.51.229.168
- hash: 443
- file: 15.222.7.71
- hash: 80
- file: 23.226.75.246
- hash: 8080
- file: 3.216.203.91
- hash: 443
- file: 3.144.87.174
- hash: 443
- file: 34.226.83.200
- hash: 8080
- file: 63.177.170.151
- hash: 443
- file: 79.133.57.206
- hash: 443
- file: 206.119.173.17
- hash: 8888
- file: 34.27.58.59
- hash: 10443
- file: 154.12.235.22
- hash: 443
- file: 201.194.200.153
- hash: 443
- domain: check.aguu5.icu
- url: https://check.aguu5.icu/gkcxv.google
- url: https://effectsstardust.shop/up/
- file: 68.178.207.33
- hash: 7776
- url: http://suitpicture.xyz/ers.php
- url: http://steamcompany.xyz/ary.php
- url: http://steamcompany.xyz/ari.php
- file: 47.99.169.201
- hash: 82
- file: 8.152.152.181
- hash: 5555
- url: http://pobudil.ru/providerphpdefaulttemporary.php
- file: 172.86.106.24
- hash: 443
- file: 101.37.79.189
- hash: 80
- file: 8.133.199.150
- hash: 443
- file: 111.229.78.104
- hash: 4444
- file: 206.123.152.36
- hash: 3191
- file: 43.226.229.198
- hash: 2404
- file: 46.105.147.139
- hash: 888
- file: 128.90.106.163
- hash: 2000
- file: 196.251.84.194
- hash: 143
- file: 92.118.112.28
- hash: 80
- file: 83.217.209.87
- hash: 80
- domain: www.tocion.com
- domain: www.cozamosa13.com
- file: 196.251.87.82
- hash: 443
- file: 134.122.128.85
- hash: 4433
- file: 134.122.128.87
- hash: 4433
- file: 52.53.228.88
- hash: 2078
- file: 39.106.3.184
- hash: 47486
- domain: cpcalendars.b.ora-0-web.com
- domain: cpanel.web-app-on.com
- domain: cpcontacts.ora-0-web.com
- domain: mail.d.ora-0-web.com
- domain: cpanel.b.ora-0-web.com
- domain: aaa.104-168-101-27.cprapid.com
- domain: webmail.ora-0-web.com
- url: http://navalny.top/pipe_windowstrafficcdn.php
- domain: check.apoa3.icu
- url: https://check.apoa3.icu/gkcxv.google
- url: http://assikapr27.temp.swtest.ru/videorequestprocessgamewptempdownloads.php
- domain: 1318014164-39a8is5k9d.ap-singapore.tencentscf.com
- domain: incident.zilab.ru
- file: 213.94.218.23
- hash: 80
- url: https://formenista.com/test/
- url: https://reidenhetic.com/test/
- hash: 3e063dc0de937df5841cb9c2ff3e4651
- hash: 5c254d25751269892b6f02d6c6384aef
- url: http://vanhelvuuo4k3xsiq626zkqvp6kobc2abry5wowxqysibmqs5yjh4uqd.onion/
- url: http://vanhelwmbf2bwzw7gmseg36qqm4ekc5uuhqbsew4eihzcahyq7sukzad.onion/
- url: http://vanhelxjo52qr2ixcmtjayqqrcodkuh36n7uq7q7xj23ggotyr3y72yd.onion/
- url: http://vanhelcbxqt4tqie6fuevfng2bsdtxgc7xslo2yo7nitaacdfrlpxnqd.onion/
- url: http://vanhelqmjstkvlhrjwzgjzpq422iku6wlggiz5y5r3rmfdeiaj3ljaid.onion/
- url: http://vanhelsokskrlaacilyfmtuqqa5haikubsjaokw47f3pt3uoivh6cgad.onion/
- url: http://vanheltarnbfjhuvggbncniap56dscnzz5yf6yjmxqivqmb5r2gmllad.onion/
- url: https://tecnogrup.com/4q7u.js
- domain: tecnogrup.com
- url: https://tecnogrup.com/js.php
- file: 116.205.188.204
- hash: 8080
- file: 207.148.126.16
- hash: 8080
- file: 154.91.180.173
- hash: 443
- file: 116.205.118.173
- hash: 10443
- file: 172.94.9.177
- hash: 1962
- file: 185.208.156.45
- hash: 14646
- file: 147.185.221.26
- hash: 57385
- domain: result-disco.gl.at.ply.gg
- file: 196.251.73.189
- hash: 7707
- file: 196.251.118.95
- hash: 6606
- file: 23.95.106.22
- hash: 5505
- file: 45.141.86.82
- hash: 15747
- file: 64.23.207.221
- hash: 7443
- file: 51.79.186.233
- hash: 5000
- file: 51.38.137.108
- hash: 80
- file: 52.178.102.206
- hash: 8888
- domain: gugrant11.duckdns.org
- url: http://117.209.83.91:41333/mozi.m
- domain: dongfangshuye.xyz
- file: 152.136.17.91
- hash: 7989
- file: 156.238.233.109
- hash: 8443
- url: https://tecnogrup.com/1q2w.js
- url: http://87.106.52.7:6008/index.php
- url: https://45.141.86.26/techguardsecuresuite/
- url: http://45.141.86.26:4443/techguardsecuresuite/
- url: http://k1n4a.online/hl341/index.php
- url: http://469473cm.nyashware.ru/processorsqlgeneratorprivatetemp.php
- file: 152.42.185.238
- hash: 2323
- file: 109.116.210.232
- hash: 88
- file: 43.207.79.213
- hash: 443
- file: 116.181.1.54
- hash: 7443
- file: 92.118.112.28
- hash: 2053
- domain: mail.efcommxerce.ru
- file: 148.66.21.237
- hash: 4433
- domain: cpcalendars.i.web-app-on.com
- domain: webdisk.m.web-app-on.com
- domain: autodiscover.versioneonline.com
- domain: cpcontacts.web-app-on.com
- domain: cpcalendars.web-app-on.com
- file: 38.49.40.130
- hash: 80
- domain: cngov-gov-xejpcmqhyb.cn-shanghai.fcapp.run
- file: 124.221.117.90
- hash: 443
- file: 124.221.117.90
- hash: 88
- url: http://soulflower.com.mx/ext/eno/gate.php
- file: 104.219.238.26
- hash: 16383
- url: http://rartwn76g2.temp.swtest.ru/542fa3f6.php
- url: https://check.asiu4.icu/gkcxv.google
- url: https://ftargett.top/api
- url: https://gselfdefens.bet/api
- url: https://1armamenti.world/api
- url: https://soothingpitllow.icu/api
- url: https://tanimnalha.icu/api
- url: https://hbugildbett.top/api
- url: https://nmrodularmall.top/api
- file: 84.201.174.9
- hash: 443
- file: 115.126.83.121
- hash: 80
- file: 109.73.207.115
- hash: 80
- file: 47.93.28.103
- hash: 80
- file: 68.168.223.108
- hash: 30380
- file: 64.226.81.244
- hash: 443
- file: 192.253.229.239
- hash: 8888
- file: 207.231.111.146
- hash: 77
- file: 207.231.111.146
- hash: 7
- file: 196.251.84.194
- hash: 1080
- file: 45.200.51.96
- hash: 16521
- file: 110.43.122.248
- hash: 7443
- file: 212.86.115.210
- hash: 80
- file: 212.86.115.210
- hash: 8089
- file: 156.253.228.5
- hash: 80
- file: 156.253.228.5
- hash: 8089
- file: 65.109.133.207
- hash: 2555
- file: 46.74.133.208
- hash: 3510
- file: 143.198.186.79
- hash: 443
- file: 146.190.173.119
- hash: 443
- file: 160.191.244.57
- hash: 7000
- file: 154.201.68.239
- hash: 443
- file: 110.42.227.156
- hash: 8848
- file: 54.203.9.92
- hash: 1961
- file: 83.168.69.59
- hash: 80
- file: 176.126.103.64
- hash: 4000
- file: 47.97.178.157
- hash: 47486
- file: 20.74.209.192
- hash: 8084
- file: 129.28.112.191
- hash: 60000
- file: 168.100.10.165
- hash: 80
- file: 172.86.116.76
- hash: 443
- file: 8.213.237.202
- hash: 5000
- file: 8.213.237.202
- hash: 443
- file: 211.138.124.146
- hash: 4506
- file: 38.150.7.206
- hash: 8443
- file: 39.185.245.153
- hash: 4506
- file: 54.90.212.140
- hash: 443
- file: 8.130.74.99
- hash: 60000
- file: 86.190.166.154
- hash: 2222
- file: 103.79.120.74
- hash: 5000
- file: 111.229.78.104
- hash: 80
- file: 20.74.209.192
- hash: 8080
- domain: a1104094.xsph.ru
- domain: co35066.tw1.ru
- domain: a1104037.xsph.ru
- domain: flyxaway.live
- domain: battlefie.shop
- domain: soothingpitllow.icu
- url: https://flyxaway.live/api
- url: https://pselfdefens.bet/api
- url: https://4armoryarch.shop/api
- file: 106.75.174.5
- hash: 432
- file: 83.219.250.119
- hash: 8443
- file: 106.14.126.40
- hash: 443
- file: 172.86.80.66
- hash: 8443
- file: 113.44.73.159
- hash: 1234
ThreatFox IOCs for 2025-03-19
Medium
Published: Wed Mar 19 2025 (03/19/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-03-19
AI-Powered Analysis
AILast updated: 06/19/2025, 15:04:50 UTC
Technical Analysis
The provided threat intelligence pertains to a malware-related report titled "ThreatFox IOCs for 2025-03-19," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under the 'type:osint' tag, indicating it is primarily an open-source intelligence collection rather than a detailed technical vulnerability or exploit disclosure. No specific affected product versions or software are identified, and no Common Weakness Enumerations (CWEs) or patch information are provided. The threat level is rated as 2 on an unspecified scale, with a medium severity classification. The analysis and distribution scores suggest limited analysis depth (1) but a moderate distribution level (3), implying that the malware or its indicators have some degree of spread or presence in the wild, although no known exploits are currently active. The absence of detailed technical indicators, exploit mechanisms, or targeted vulnerabilities limits the ability to perform a deep technical dissection. However, the nature of ThreatFox IOCs typically involves sharing malware hashes, IP addresses, domains, or other artifacts useful for detection and response. Given the lack of direct exploit information, this intelligence likely serves as a situational awareness update to inform security teams about emerging or ongoing malware campaigns detected through OSINT methods.
Potential Impact
For European organizations, the medium severity malware threat indicated by this report suggests a moderate risk primarily related to detection and response capabilities rather than immediate critical compromise. The malware’s distribution score implies it could be present in multiple environments, potentially affecting confidentiality through data exfiltration, integrity via unauthorized modifications, or availability if it includes destructive or disruptive payloads. However, the absence of known exploits in the wild and lack of detailed attack vectors reduces the immediacy of the threat. European entities with extensive digital footprints, particularly those relying on open-source intelligence feeds or threat-sharing platforms, may face increased exposure if their detection systems are not updated with the latest IOCs. The impact could be more pronounced in sectors with high-value data or critical infrastructure, where even medium-severity malware can cause operational disruptions or data breaches if undetected. Additionally, the lack of authentication or user interaction details suggests the malware might propagate through automated means or indirect infection vectors, which could complicate containment efforts.
Mitigation Recommendations
Given the nature of this threat as an OSINT-based malware IOC report with limited technical specifics, mitigation should focus on enhancing detection, monitoring, and response capabilities. European organizations should: 1) Integrate the latest ThreatFox IOCs into their Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to improve identification of potential infections. 2) Conduct regular threat hunting exercises using updated IOC feeds to proactively identify and isolate affected systems. 3) Strengthen network segmentation to limit malware spread in case of infection. 4) Implement strict access controls and continuous monitoring to detect anomalous behavior indicative of malware activity. 5) Maintain up-to-date backups and incident response plans tailored to malware scenarios. 6) Collaborate with national Computer Security Incident Response Teams (CSIRTs) and share intelligence to enhance collective defense. These measures go beyond generic advice by emphasizing proactive IOC integration, threat hunting, and inter-organizational cooperation specific to the nature of OSINT-derived malware threats.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 7e02b0d5-beda-4758-804a-5be1a777135a
- Original Timestamp
- 1742428988
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domaincheck.opie6.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainhelloworld-f1f.pages.dev | ClearFake payload delivery domain (confidence level: 100%) | |
domainmessage.zoo-ciry.shop | ClearFake payload delivery domain (confidence level: 100%) | |
domaingooglelivenews.com | ShadowPad botnet C2 domain (confidence level: 95%) | |
domainsv3.xxyybb.xyz | ShadowPad botnet C2 domain (confidence level: 95%) | |
domainbind-new-connect.click | SectopRAT payload delivery domain (confidence level: 90%) | |
domainmicrosoftasps.com | ShadowPad botnet C2 domain (confidence level: 95%) | |
domainywnjb.webaudiomessages.xyz | SectopRAT payload delivery domain (confidence level: 90%) | |
domainwww.paloaltonetworkhelp.com | ShadowPad botnet C2 domain (confidence level: 95%) | |
domaino.webaudiomessages.xyz | SectopRAT payload delivery domain (confidence level: 90%) | |
domainmsfed.webaudiomessages.xyz | SectopRAT payload delivery domain (confidence level: 90%) | |
domaintraduc.com | SectopRAT payload delivery domain (confidence level: 90%) | |
domainupdate-connection-to.help | SectopRAT payload delivery domain (confidence level: 90%) | |
domainmegabrountake.click | SectopRAT payload delivery domain (confidence level: 90%) | |
domainvideoshosting.live | SectopRAT payload delivery domain (confidence level: 90%) | |
domainfoxit-up.date | SectopRAT payload delivery domain (confidence level: 90%) | |
domainwww.zoom-software-download.com | SectopRAT payload delivery domain (confidence level: 90%) | |
domaintauxhoraire.com | SectopRAT payload delivery domain (confidence level: 90%) | |
domainconnect-to-cdn.info | SectopRAT payload delivery domain (confidence level: 90%) | |
domainvn3hg.webaudiomessages.xyz | SectopRAT payload delivery domain (confidence level: 90%) | |
domainmontagbadenmehr.cfd | SectopRAT payload delivery domain (confidence level: 90%) | |
domainzoom-up.date | SectopRAT payload delivery domain (confidence level: 90%) | |
domainulgroup.webaudiomessages.xyz | SectopRAT payload delivery domain (confidence level: 90%) | |
domainflowersmayer.click | SectopRAT payload delivery domain (confidence level: 90%) | |
domainregular-update-your-software.org | SectopRAT payload delivery domain (confidence level: 90%) | |
domainsso.webaudiomessages.xyz | SectopRAT payload delivery domain (confidence level: 90%) | |
domainsci.webaudiomessages.xyz | SectopRAT payload delivery domain (confidence level: 90%) | |
domainsmusxath.webaudiomessages.xyz | SectopRAT payload delivery domain (confidence level: 90%) | |
domainssl-reload-connect.help | SectopRAT payload delivery domain (confidence level: 90%) | |
domaincdn-connect.info | SectopRAT payload delivery domain (confidence level: 90%) | |
domainconnect-stable.xyz | SectopRAT payload delivery domain (confidence level: 90%) | |
domainooooi1.pages.dev | ClearFake payload delivery domain (confidence level: 100%) | |
domainezzat.adultdns.net | NjRAT botnet C2 domain (confidence level: 75%) | |
domainyoubeshitmanjho.tk | Nanocore RAT botnet C2 domain (confidence level: 100%) | |
domainmail.185-38-142-181.cprapid.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainec2-51-21-219-123.eu-north-1.compute.amazonaws.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwww.illuminarebusiness.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domaincheck.etau0.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainfilestlggtwerka.hopto.org | NjRAT botnet C2 domain (confidence level: 75%) | |
domainmail.web-app-on.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainautodiscover.gfjd.104-168-101-27.cprapid.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainwebmail.a.multi-canale.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainwebmail.e.ora-0-web.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainwebdisk.ora-0-web.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domaincheck.aguu5.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainwww.tocion.com | Hook botnet C2 domain (confidence level: 100%) | |
domainwww.cozamosa13.com | Hook botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.b.ora-0-web.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domaincpanel.web-app-on.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.ora-0-web.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainmail.d.ora-0-web.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domaincpanel.b.ora-0-web.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainaaa.104-168-101-27.cprapid.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainwebmail.ora-0-web.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domaincheck.apoa3.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domain1318014164-39a8is5k9d.ap-singapore.tencentscf.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainincident.zilab.ru | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaintecnogrup.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainresult-disco.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 75%) | |
domaingugrant11.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domaindongfangshuye.xyz | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainmail.efcommxerce.ru | Hook botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.i.web-app-on.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainwebdisk.m.web-app-on.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainautodiscover.versioneonline.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.web-app-on.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.web-app-on.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domaincngov-gov-xejpcmqhyb.cn-shanghai.fcapp.run | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaina1104094.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainco35066.tw1.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1104037.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainflyxaway.live | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbattlefie.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsoothingpitllow.icu | Lumma Stealer botnet C2 domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://65.21.118.116/7b10d5d78fdd0/onedrive | Rhadamanthys botnet C2 (confidence level: 100%) | |
urlhttps://check.xemyrai6.icu/gkcxv.google?i=a2bb6c82-5139-4bea-85cf-516180fb783c | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttp://3nsb51.icu/dk341/index.php | Azorult botnet C2 (confidence level: 100%) | |
urlhttp://bc8c1.cfd/pl341/index.php | Azorult botnet C2 (confidence level: 100%) | |
urlhttp://home.onebs1sr.top/hqwmoxkcydsxgzddlhwh174 | CryptBot botnet C2 (confidence level: 100%) | |
urlhttp://219.68.235.149:52006/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttp://89.169.12.115/api/ytasodysodisowqsytesodgsotasotusnjusn2qs | SmartLoader botnet C2 (confidence level: 75%) | |
urlhttps://kimjohan.com/5r1w.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://check.etau0.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.aguu5.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://effectsstardust.shop/up/ | ACR Stealer botnet C2 (confidence level: 100%) | |
urlhttp://suitpicture.xyz/ers.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttp://steamcompany.xyz/ary.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttp://steamcompany.xyz/ari.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttp://pobudil.ru/providerphpdefaulttemporary.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://navalny.top/pipe_windowstrafficcdn.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://check.apoa3.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://assikapr27.temp.swtest.ru/videorequestprocessgamewptempdownloads.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://formenista.com/test/ | Latrodectus botnet C2 (confidence level: 100%) | |
urlhttps://reidenhetic.com/test/ | Latrodectus botnet C2 (confidence level: 100%) | |
urlhttp://vanhelvuuo4k3xsiq626zkqvp6kobc2abry5wowxqysibmqs5yjh4uqd.onion/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://vanhelwmbf2bwzw7gmseg36qqm4ekc5uuhqbsew4eihzcahyq7sukzad.onion/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://vanhelxjo52qr2ixcmtjayqqrcodkuh36n7uq7q7xj23ggotyr3y72yd.onion/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://vanhelcbxqt4tqie6fuevfng2bsdtxgc7xslo2yo7nitaacdfrlpxnqd.onion/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://vanhelqmjstkvlhrjwzgjzpq422iku6wlggiz5y5r3rmfdeiaj3ljaid.onion/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://vanhelsokskrlaacilyfmtuqqa5haikubsjaokw47f3pt3uoivh6cgad.onion/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://vanheltarnbfjhuvggbncniap56dscnzz5yf6yjmxqivqmb5r2gmllad.onion/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://tecnogrup.com/4q7u.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://tecnogrup.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://117.209.83.91:41333/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttps://tecnogrup.com/1q2w.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://87.106.52.7:6008/index.php | Azorult botnet C2 (confidence level: 100%) | |
urlhttps://45.141.86.26/techguardsecuresuite/ | Matanbuchus botnet C2 (confidence level: 100%) | |
urlhttp://45.141.86.26:4443/techguardsecuresuite/ | Matanbuchus botnet C2 (confidence level: 100%) | |
urlhttp://k1n4a.online/hl341/index.php | Azorult botnet C2 (confidence level: 100%) | |
urlhttp://469473cm.nyashware.ru/processorsqlgeneratorprivatetemp.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://soulflower.com.mx/ext/eno/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://rartwn76g2.temp.swtest.ru/542fa3f6.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://check.asiu4.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://ftargett.top/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://gselfdefens.bet/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://1armamenti.world/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://soothingpitllow.icu/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://tanimnalha.icu/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://hbugildbett.top/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://nmrodularmall.top/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://flyxaway.live/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://pselfdefens.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://4armoryarch.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file147.185.221.26 | NjRAT botnet C2 server (confidence level: 75%) | |
file196.251.83.188 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.12.149.85 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file68.168.223.108 | Remcos botnet C2 server (confidence level: 100%) | |
file176.65.134.115 | Remcos botnet C2 server (confidence level: 100%) | |
file163.5.160.87 | Remcos botnet C2 server (confidence level: 100%) | |
file46.105.147.139 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file37.156.46.83 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file3.96.173.28 | Havoc botnet C2 server (confidence level: 100%) | |
file160.191.245.154 | Venom RAT botnet C2 server (confidence level: 100%) | |
file171.232.0.161 | Venom RAT botnet C2 server (confidence level: 100%) | |
file82.115.223.11 | Venom RAT botnet C2 server (confidence level: 100%) | |
file176.65.144.27 | DCRat botnet C2 server (confidence level: 100%) | |
file18.217.59.108 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file209.141.59.9 | Mirai botnet C2 server (confidence level: 75%) | |
file216.218.135.117 | NjRAT botnet C2 server (confidence level: 100%) | |
file142.171.116.94 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.222.38.4 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file78.141.212.135 | pupy botnet C2 server (confidence level: 100%) | |
file178.62.245.228 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.149.72.120 | Hook botnet C2 server (confidence level: 100%) | |
file80.255.6.5 | Havoc botnet C2 server (confidence level: 100%) | |
file62.146.226.21 | Havoc botnet C2 server (confidence level: 100%) | |
file171.232.0.161 | Venom RAT botnet C2 server (confidence level: 100%) | |
file181.235.4.114 | DCRat botnet C2 server (confidence level: 100%) | |
file34.219.188.83 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file93.183.93.208 | BianLian botnet C2 server (confidence level: 100%) | |
file171.232.0.161 | Venom RAT botnet C2 server (confidence level: 100%) | |
file152.136.174.71 | Unknown malware botnet C2 server (confidence level: 100%) | |
file207.167.67.34 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.62.167.215 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.196.253.192 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.196.253.192 | Unknown malware botnet C2 server (confidence level: 100%) | |
file152.203.30.124 | Unknown malware botnet C2 server (confidence level: 100%) | |
file20.51.229.168 | Unknown malware botnet C2 server (confidence level: 100%) | |
file15.222.7.71 | Unknown malware botnet C2 server (confidence level: 100%) | |
file23.226.75.246 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.216.203.91 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.144.87.174 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.226.83.200 | Unknown malware botnet C2 server (confidence level: 100%) | |
file63.177.170.151 | Unknown malware botnet C2 server (confidence level: 100%) | |
file79.133.57.206 | Unknown malware botnet C2 server (confidence level: 100%) | |
file206.119.173.17 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.27.58.59 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.12.235.22 | Unknown malware botnet C2 server (confidence level: 100%) | |
file201.194.200.153 | QakBot botnet C2 server (confidence level: 100%) | |
file68.178.207.33 | Unknown RAT botnet C2 server (confidence level: 75%) | |
file47.99.169.201 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.152.152.181 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.86.106.24 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.37.79.189 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.133.199.150 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.229.78.104 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file206.123.152.36 | Remcos botnet C2 server (confidence level: 100%) | |
file43.226.229.198 | Remcos botnet C2 server (confidence level: 100%) | |
file46.105.147.139 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.106.163 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.84.194 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file92.118.112.28 | Hook botnet C2 server (confidence level: 100%) | |
file83.217.209.87 | Hook botnet C2 server (confidence level: 100%) | |
file196.251.87.82 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file134.122.128.85 | DCRat botnet C2 server (confidence level: 100%) | |
file134.122.128.87 | DCRat botnet C2 server (confidence level: 100%) | |
file52.53.228.88 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file39.106.3.184 | Chaos botnet C2 server (confidence level: 100%) | |
file213.94.218.23 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file116.205.188.204 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file207.148.126.16 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.91.180.173 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file116.205.118.173 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.94.9.177 | Remcos botnet C2 server (confidence level: 100%) | |
file185.208.156.45 | Remcos botnet C2 server (confidence level: 100%) | |
file147.185.221.26 | NjRAT botnet C2 server (confidence level: 75%) | |
file196.251.73.189 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.118.95 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file23.95.106.22 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.141.86.82 | SectopRAT botnet C2 server (confidence level: 100%) | |
file64.23.207.221 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.79.186.233 | Venom RAT botnet C2 server (confidence level: 100%) | |
file51.38.137.108 | MooBot botnet C2 server (confidence level: 100%) | |
file52.178.102.206 | MimiKatz botnet C2 server (confidence level: 100%) | |
file152.136.17.91 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file156.238.233.109 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file152.42.185.238 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file109.116.210.232 | DarkComet botnet C2 server (confidence level: 100%) | |
file43.207.79.213 | Sliver botnet C2 server (confidence level: 100%) | |
file116.181.1.54 | Unknown malware botnet C2 server (confidence level: 100%) | |
file92.118.112.28 | Hook botnet C2 server (confidence level: 100%) | |
file148.66.21.237 | DCRat botnet C2 server (confidence level: 100%) | |
file38.49.40.130 | XWorm botnet C2 server (confidence level: 100%) | |
file124.221.117.90 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file124.221.117.90 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file104.219.238.26 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file84.201.174.9 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file115.126.83.121 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file109.73.207.115 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.93.28.103 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file68.168.223.108 | Remcos botnet C2 server (confidence level: 100%) | |
file64.226.81.244 | Sliver botnet C2 server (confidence level: 100%) | |
file192.253.229.239 | Unknown malware botnet C2 server (confidence level: 100%) | |
file207.231.111.146 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file207.231.111.146 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.84.194 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.200.51.96 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file110.43.122.248 | Unknown malware botnet C2 server (confidence level: 100%) | |
file212.86.115.210 | Hook botnet C2 server (confidence level: 100%) | |
file212.86.115.210 | Hook botnet C2 server (confidence level: 100%) | |
file156.253.228.5 | Hook botnet C2 server (confidence level: 100%) | |
file156.253.228.5 | Hook botnet C2 server (confidence level: 100%) | |
file65.109.133.207 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file46.74.133.208 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file143.198.186.79 | Havoc botnet C2 server (confidence level: 100%) | |
file146.190.173.119 | Havoc botnet C2 server (confidence level: 100%) | |
file160.191.244.57 | Venom RAT botnet C2 server (confidence level: 100%) | |
file154.201.68.239 | DCRat botnet C2 server (confidence level: 100%) | |
file110.42.227.156 | DCRat botnet C2 server (confidence level: 100%) | |
file54.203.9.92 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file83.168.69.59 | MooBot botnet C2 server (confidence level: 100%) | |
file176.126.103.64 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.97.178.157 | Chaos botnet C2 server (confidence level: 100%) | |
file20.74.209.192 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file129.28.112.191 | Unknown malware botnet C2 server (confidence level: 75%) | |
file168.100.10.165 | Broomstick botnet C2 server (confidence level: 75%) | |
file172.86.116.76 | Havoc botnet C2 server (confidence level: 75%) | |
file8.213.237.202 | PlugX botnet C2 server (confidence level: 90%) | |
file8.213.237.202 | PlugX botnet C2 server (confidence level: 90%) | |
file211.138.124.146 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file38.150.7.206 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file39.185.245.153 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file54.90.212.140 | Brute Ratel C4 botnet C2 server (confidence level: 75%) | |
file8.130.74.99 | Unknown malware botnet C2 server (confidence level: 75%) | |
file86.190.166.154 | QakBot botnet C2 server (confidence level: 75%) | |
file103.79.120.74 | PlugX botnet C2 server (confidence level: 60%) | |
file111.229.78.104 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file20.74.209.192 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file106.75.174.5 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file83.219.250.119 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.14.126.40 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.86.80.66 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file113.44.73.159 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash27706 | NjRAT botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7070 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Remcos botnet C2 server (confidence level: 100%) | |
hash2222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash25 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash7000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash9999 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash4477 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash4000 | DCRat botnet C2 server (confidence level: 100%) | |
hash19790 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash3778 | Mirai botnet C2 server (confidence level: 75%) | |
hash8501 | NjRAT botnet C2 server (confidence level: 100%) | |
hash88 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | pupy botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash5001 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8090 | DCRat botnet C2 server (confidence level: 100%) | |
hash33604 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8443 | BianLian botnet C2 server (confidence level: 100%) | |
hash6000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 100%) | |
hash7776 | Unknown RAT botnet C2 server (confidence level: 75%) | |
hash82 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5555 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3191 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash143 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4433 | DCRat botnet C2 server (confidence level: 100%) | |
hash4433 | DCRat botnet C2 server (confidence level: 100%) | |
hash2078 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash47486 | Chaos botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash3e063dc0de937df5841cb9c2ff3e4651 | Unknown malware payload (confidence level: 50%) | |
hash5c254d25751269892b6f02d6c6384aef | Unknown malware payload (confidence level: 50%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash10443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1962 | Remcos botnet C2 server (confidence level: 100%) | |
hash14646 | Remcos botnet C2 server (confidence level: 100%) | |
hash57385 | NjRAT botnet C2 server (confidence level: 75%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5505 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash15747 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash8888 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash7989 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash2323 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash88 | DarkComet botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2053 | Hook botnet C2 server (confidence level: 100%) | |
hash4433 | DCRat botnet C2 server (confidence level: 100%) | |
hash80 | XWorm botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash88 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash16383 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash30380 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash77 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1080 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash16521 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash2555 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash3510 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash7000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash443 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash1961 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash4000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash47486 | Chaos botnet C2 server (confidence level: 100%) | |
hash8084 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash80 | Broomstick botnet C2 server (confidence level: 75%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash5000 | PlugX botnet C2 server (confidence level: 90%) | |
hash443 | PlugX botnet C2 server (confidence level: 90%) | |
hash4506 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash4506 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Brute Ratel C4 botnet C2 server (confidence level: 75%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash2222 | QakBot botnet C2 server (confidence level: 75%) | |
hash5000 | PlugX botnet C2 server (confidence level: 60%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash432 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1234 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Threat ID: 682c7db8e8347ec82d2bf9fc
Added to database: 5/20/2025, 1:03:52 PM
Last enriched: 6/19/2025, 3:04:50 PM
Last updated: 8/11/2025, 7:15:51 PM
Views: 16
Related Threats
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumMalwareSat Aug 16 2025
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumMalwareFri Aug 15 2025
Kawabunga, Dude, You've Been Ransomed!
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.