ThreatFox IOCs for 2025-03-25

Severity: mediumType: unknown

AI Analysis

Technical Summary

The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2025-03-25 by ThreatFox, sourced from MISP (Malware Information Sharing Platform). The entry is labeled as 'unknown' type with no specific affected software versions, no associated Common Weakness Enumerations (CWEs), and no known exploits in the wild. The threat level is indicated as low to medium (threatLevel: 2), with minimal analysis (analysis: 1) and moderate distribution (distribution: 3). The absence of technical details, affected products, or concrete attack vectors limits the ability to precisely characterize the threat. The IOCs are tagged as OSINT (Open Source Intelligence) and TLP:WHITE, indicating they are intended for broad sharing without restrictions. Since no concrete indicators or exploit details are provided, this entry appears to be a placeholder or a preliminary report of potential threat intelligence rather than a confirmed or active security threat. The medium severity rating likely reflects caution due to the unknown nature and potential for future development rather than current active exploitation.

Potential Impact

Given the lack of specific technical details, affected systems, or known exploits, the immediate impact on European organizations is difficult to quantify. However, the publication of IOCs suggests that there may be emerging or suspected malicious activity that could target various systems in the future. European organizations that rely on threat intelligence feeds and proactive defense mechanisms may benefit from monitoring these IOCs to detect early signs of compromise. Without concrete exploit information, the risk to confidentiality, integrity, and availability remains theoretical at this stage. Nonetheless, organizations should remain vigilant as unknown threats can evolve rapidly, potentially impacting critical infrastructure, government entities, or private sector companies if the threat materializes.

Mitigation Recommendations

1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) systems and endpoint detection tools to enable early detection of suspicious activity. 2. Maintain up-to-date threat intelligence feeds and subscribe to trusted sources like MISP to receive timely updates on evolving threats. 3. Conduct regular network and endpoint monitoring focusing on anomalous behaviors that could correlate with emerging IOCs. 4. Implement robust incident response procedures to quickly investigate and contain any alerts triggered by these or related IOCs. 5. Engage in information sharing with industry peers and national cybersecurity centers to enhance collective situational awareness. 6. Since no patches or specific vulnerabilities are identified, prioritize general cybersecurity hygiene including timely patching of known vulnerabilities, strong access controls, and user awareness training to reduce attack surface.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain

Indicators of Compromise

domain: progressiveptgreenvalley.com
ip-dst|port: 43.160.193.143|443
ip-dst|port: 128.90.113.194|2000
ip-dst|port: 209.38.142.255|80
domain: www.amanmail.info
domain: www.mkdirjava.com
ip-dst|port: 113.45.132.242|60000
ip-dst|port: 213.199.57.185|3333
ip-dst|port: 152.203.30.145|8080
ip-dst|port: 47.94.7.163|10001
domain: electrumdoge.com
domain: electrum-avax.com
domain: electrum-ravencoin.com
domain: electrum-xmr.net
ip-dst|port: 144.208.127.241|1313
ip-dst|port: 31.58.169.119|8808
ip-dst|port: 51.38.215.206|7443
domain: cpcontacts.aaa.104-168-101-27.cprapid.com
domain: cpanel.a.multi-canale.com
domain: mail.b.ora-0-web.com
domain: webdisk.aaa.104-168-101-27.cprapid.com
domain: cpanel.ora-0-web.com
ip-dst|port: 103.215.78.176|53
domain: svchost.iqiyid.icu
ip-dst|port: 14.128.50.21|8080
ip-dst|port: 67.159.18.50|1995
ip-dst|port: 169.150.202.83|5552
domain: ksmj.ddns.net
ip-dst|port: 121.36.215.212|80
ip-dst|port: 106.75.245.80|8443
ip-dst|port: 104.250.169.98|2404
ip-dst|port: 38.146.27.151|443
ip-dst|port: 45.130.151.163|443
ip-dst|port: 23.94.126.113|8808
ip-dst|port: 196.251.70.104|6606
ip-dst|port: 91.211.248.206|80
ip-dst|port: 197.133.22.251|8081
ip-dst|port: 157.20.182.77|4449
ip-dst|port: 102.96.189.137|443
ip-dst|port: 35.86.98.1|27017
ip-dst|port: 167.71.234.19|80
ip-dst|port: 159.65.224.196|80
ip-dst|port: 117.72.119.63|7088
ip-dst|port: 8.213.228.20|4443
ip-dst|port: 179.43.152.178|8825
ip-dst|port: 43.138.81.38|60000
ip-dst|port: 47.238.47.190|60000
ip-dst|port: 185.247.224.66|3333
domain: hacknestm.run
domain: galaxiay.world
domain: trobudrunksz.click
ip-dst|port: 113.45.140.119|7777
ip-dst|port: 47.120.46.195|8080
ip-dst|port: 103.149.182.77|2345
ip-dst|port: 104.42.26.200|443
ip-dst|port: 67.219.99.34|443
ip-dst|port: 64.94.84.10|50050
ip-dst|port: 69.57.161.93|31337
ip-dst|port: 162.19.228.213|31337
ip-dst|port: 62.146.169.174|31337
ip-dst|port: 183.134.55.166|10001
ip-dst|port: 170.130.200.118|10001
ip-dst|port: 118.122.8.155|7775
ip-dst|port: 18.224.18.64|48001
ip-dst|port: 18.224.18.64|8151
ip-dst|port: 162.254.86.108|2087
ip-dst|port: 84.46.239.89|8089
ip-dst|port: 51.195.2.222|3333
ip-dst|port: 3.0.103.25|3333
ip-dst|port: 45.83.207.229|1177
ip-dst|port: 91.4.38.47|80
ip-dst|port: 56.155.3.36|636
ip-dst|port: 216.9.225.133|57090
ip-dst|port: 150.158.110.197|8888
ip-dst|port: 117.205.172.44|47080
url: http://91.211.248.206/
url: http://176.65.141.187/
url: https://pastebin.com/raw/jd8cp7b0
url: https://pastebin.com/raw/lbtbvbyi
domain: 5461458.ddns.net
domain: dadfsfsdfasdfasddfgssdfaafsd-63495.portmap.host
ip-dst|port: 147.185.221.26|28568
ip-dst|port: 18.197.94.4|6606
ip-dst|port: 147.185.221.25|3064
ip-dst|port: 147.185.221.25|80
ip-dst|port: 194.36.26.109|25514
ip-dst|port: 3.127.121.101|3064
ip-dst|port: 3.127.121.101|80
domain: mmdrza.ddns.net
domain: blancoestev27.duckdns.org
domain: ruffella1122.duckdns.org
ip-dst|port: 176.65.144.200|6426
url: https://pastebin.com/raw/j5bthnrr
domain: flame3135-44263.portmap.host
domain: gmt-sherman.gl.at.ply.gg
domain: iii-single.gl.at.ply.gg
domain: pppaa-51102.portmap.host
url: https://h.p.formaxprime.co.uk/
domain: h.p.formaxprime.co.uk
domain: aiwavey.run
domain: byteplusx.digital
domain: skynetxc.live
domain: pixtreev.run
domain: sparkiob.digital
domain: appgridn.live
ip-dst|port: 113.45.7.54|9999
ip-dst|port: 2.58.56.217|443
ip-dst|port: 47.108.158.237|443
ip-dst|port: 159.75.26.73|8010
ip-dst|port: 65.20.70.235|443
ip-dst|port: 27.124.6.49|2404
ip-dst|port: 104.250.169.68|1962
ip-dst|port: 199.231.167.54|7707
ip-dst|port: 120.24.250.89|7443
ip-dst|port: 42.116.59.138|8080
ip-dst|port: 172.86.97.13|443
ip-dst|port: 43.129.41.152|443
ip-dst|port: 18.175.56.117|17450
ip-dst|port: 18.175.56.117|60000
ip-dst|port: 18.175.56.117|250
ip-dst|port: 115.233.60.197|443
domain: webdisk.oraonweb.com
url: https://4ad74aab.xyz/index.php
ip-dst|port: 47.98.153.84|1234
ip-dst|port: 42.51.40.85|808
ip-dst|port: 103.231.12.252|801
ip-dst|port: 8.146.210.125|8080
ip-dst|port: 47.93.25.72|82
ip-dst|port: 154.39.140.34|8080
ip-dst|port: 34.245.175.187|80
domain: oct2.xyz
url: https://compralibri.com/1q2w.js
domain: compralibri.com
url: https://compralibri.com/js.php
url: https://steamcommunity.com/profiles/76561199839170361
url: https://t.me/lw25chm
url: https://se.app.formaxprime.co.uk/
url: https://95.216.180.148/
domain: app.formaxprime.co.uk
domain: se.app.formaxprime.co.uk
ip-dst|port: 78.46.253.51|443
ip-dst|port: 95.216.180.148|443
ip-dst|port: 103.140.154.73|80
ip-dst|port: 103.74.192.189|8080
ip-dst|port: 206.206.77.88|8888
ip-dst|port: 41.188.124.175|443
ip-dst|port: 196.251.86.90|443
ip-dst|port: 154.205.145.133|2096
ip-dst|port: 94.250.249.129|8443
domain: persimmon-turquoise344028.vm-host.com
url: https://higerson.shop/playlandmusic.mp3
domain: higerson.shop
domain: amozon.cc
ip-dst|port: 103.12.149.85|443
ip-dst|port: 58.87.94.202|443
ip-dst|port: 58.87.94.202|80
url: https://elcctrum.com/download/index.php
url: https://367524bins7923.b-cdn.net/electrum-4.5.8-setup.exe
hash: 2246f3653b24eb50f8e43be528270178d8b9576b72fce298d97dda6b5865aced
domain: kpl-gun77dan.com
url: http://54.173.207.199:443/mpj6
url: https://t5impactsupport.world/api
ip-dst|port: 115.120.251.188|28080
ip-dst|port: 205.198.65.161|8888
ip-dst|port: 45.147.7.149|8080
ip-dst|port: 192.227.220.27|8808
ip-dst|port: 91.99.23.89|7443
ip-dst|port: 3.85.11.163|7443
ip-dst|port: 102.117.175.16|7443
ip-dst|port: 188.166.56.10|7443
domain: webmail.efcommxerce.ru
ip-dst|port: 154.90.63.65|4782
ip-dst|port: 38.180.141.143|443
hash: 2065c11664a7a30b693a8334a37fa049f7221ec39bdad401ebae9c453d453edb
ip-dst|port: 45.76.97.76|443
ip-dst|port: 62.234.27.146|3306
ip-dst|port: 47.92.125.40|443
ip-dst|port: 192.46.223.134|31337
ip-dst|port: 157.173.112.131|31337
ip-dst|port: 172.86.80.221|31337
ip-dst|port: 95.131.202.38|8085
ip-dst|port: 212.69.167.73|8089
ip-dst|port: 34.219.107.81|6633
ip-dst|port: 176.82.217.48|6001
ip-dst|port: 166.167.30.196|443
ip-dst|port: 13.58.46.246|32764
url: http://jmucha.fun/g5vppphc/index.php
domain: jmucha.fun
domain: rootedkrypto-29674.portmap.host
domain: severug.com
domain: hai1723rat-29066.portmap.host
domain: abuwire123.ddns.net
domain: song-direct.gl.at.ply.gg
domain: them-hobbies.gl.at.ply.gg
domain: year-tim.gl.at.ply.gg
ip-dst|port: 108.61.187.67|80
ip-dst|port: 206.123.152.103|3911
ip-dst|port: 4.234.110.221|443
hash: 1b48785b6098f696992c1f65e814ad9f4e2fe3f61ce57bdf0477c05c19661217
hash: a4ef61a4c32010e87894ad322b87d9f24b9b64c20da5b8b53a1545bbcd16e810
hash: 6deae0104a84d93f5d2e4fd4c8fb3ae218b77129771bd6c5c79bd7a31e621fd2
url: http://213.176.72.47/api/ytasodysodisowqsytesodgsotasotusnjusn2qs
domain: dns-5hm3l-stf-otbor.online
domain: bitcorep.digital
url: https://check.dymab.icu/gkcxv.google
ip-dst|port: 196.251.70.183|443
ip-dst|port: 120.55.169.128|443
ip-dst|port: 176.65.142.27|4054
ip-dst|port: 46.105.31.193|8000
domain: documents.aruba.cloudconnect-auth0.top
domain: cpanel.efcommxerce.ru
ip-dst|port: 35.159.245.137|80
ip-dst|port: 173.212.208.95|40056
domain: lingardmechanics.shop
domain: subdomainhere.klogixsecurity.org
ip-dst|port: 23.160.168.165|7058
ip-dst|port: 46.246.82.12|2000
ip-dst|port: 18.183.153.54|20546
ip-dst|port: 154.205.148.129|8082
url: https://check.ledax.icu/gkcxv.google
ip-dst|port: 175.178.169.151|60000
ip-dst|port: 2.88.86.152|443
ip-dst|port: 216.245.184.116|80
url: https://check.cohor.icu/gkcxv.google
domain: ehchq7m7rpvdr.cfc-execute.bj.baidubce.com
ip-dst|port: 139.9.135.76|18443

ThreatFox IOCs for 2025-03-25

Severity: medium

Type: unknown

ThreatFox IOCs for 2025-03-25

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain

Indicators of Compromise

domain: progressiveptgreenvalley.com
ip-dst|port: 43.160.193.143|443
ip-dst|port: 128.90.113.194|2000
ip-dst|port: 209.38.142.255|80
domain: www.amanmail.info
domain: www.mkdirjava.com
ip-dst|port: 113.45.132.242|60000
ip-dst|port: 213.199.57.185|3333
ip-dst|port: 152.203.30.145|8080
ip-dst|port: 47.94.7.163|10001
domain: electrumdoge.com
domain: electrum-avax.com
domain: electrum-ravencoin.com
domain: electrum-xmr.net
ip-dst|port: 144.208.127.241|1313
ip-dst|port: 31.58.169.119|8808
ip-dst|port: 51.38.215.206|7443
domain: cpcontacts.aaa.104-168-101-27.cprapid.com
domain: cpanel.a.multi-canale.com
domain: mail.b.ora-0-web.com
domain: webdisk.aaa.104-168-101-27.cprapid.com
domain: cpanel.ora-0-web.com
ip-dst|port: 103.215.78.176|53
domain: svchost.iqiyid.icu
ip-dst|port: 14.128.50.21|8080
ip-dst|port: 67.159.18.50|1995
ip-dst|port: 169.150.202.83|5552
domain: ksmj.ddns.net
ip-dst|port: 121.36.215.212|80
ip-dst|port: 106.75.245.80|8443
ip-dst|port: 104.250.169.98|2404
ip-dst|port: 38.146.27.151|443
ip-dst|port: 45.130.151.163|443
ip-dst|port: 23.94.126.113|8808
ip-dst|port: 196.251.70.104|6606
ip-dst|port: 91.211.248.206|80
ip-dst|port: 197.133.22.251|8081
ip-dst|port: 157.20.182.77|4449
ip-dst|port: 102.96.189.137|443
ip-dst|port: 35.86.98.1|27017
ip-dst|port: 167.71.234.19|80
ip-dst|port: 159.65.224.196|80
ip-dst|port: 117.72.119.63|7088
ip-dst|port: 8.213.228.20|4443
ip-dst|port: 179.43.152.178|8825
ip-dst|port: 43.138.81.38|60000
ip-dst|port: 47.238.47.190|60000
ip-dst|port: 185.247.224.66|3333
domain: hacknestm.run
domain: galaxiay.world
domain: trobudrunksz.click
ip-dst|port: 113.45.140.119|7777
ip-dst|port: 47.120.46.195|8080
ip-dst|port: 103.149.182.77|2345
ip-dst|port: 104.42.26.200|443
ip-dst|port: 67.219.99.34|443
ip-dst|port: 64.94.84.10|50050
ip-dst|port: 69.57.161.93|31337
ip-dst|port: 162.19.228.213|31337
ip-dst|port: 62.146.169.174|31337
ip-dst|port: 183.134.55.166|10001
ip-dst|port: 170.130.200.118|10001
ip-dst|port: 118.122.8.155|7775
ip-dst|port: 18.224.18.64|48001
ip-dst|port: 18.224.18.64|8151
ip-dst|port: 162.254.86.108|2087
ip-dst|port: 84.46.239.89|8089
ip-dst|port: 51.195.2.222|3333
ip-dst|port: 3.0.103.25|3333
ip-dst|port: 45.83.207.229|1177
ip-dst|port: 91.4.38.47|80
ip-dst|port: 56.155.3.36|636
ip-dst|port: 216.9.225.133|57090
ip-dst|port: 150.158.110.197|8888
ip-dst|port: 117.205.172.44|47080
url: http://91.211.248.206/
url: http://176.65.141.187/
url: https://pastebin.com/raw/jd8cp7b0
url: https://pastebin.com/raw/lbtbvbyi
domain: 5461458.ddns.net
domain: dadfsfsdfasdfasddfgssdfaafsd-63495.portmap.host
ip-dst|port: 147.185.221.26|28568
ip-dst|port: 18.197.94.4|6606
ip-dst|port: 147.185.221.25|3064
ip-dst|port: 147.185.221.25|80
ip-dst|port: 194.36.26.109|25514
ip-dst|port: 3.127.121.101|3064
ip-dst|port: 3.127.121.101|80
domain: mmdrza.ddns.net
domain: blancoestev27.duckdns.org
domain: ruffella1122.duckdns.org
ip-dst|port: 176.65.144.200|6426
url: https://pastebin.com/raw/j5bthnrr
domain: flame3135-44263.portmap.host
domain: gmt-sherman.gl.at.ply.gg
domain: iii-single.gl.at.ply.gg
domain: pppaa-51102.portmap.host
url: https://h.p.formaxprime.co.uk/
domain: h.p.formaxprime.co.uk
domain: aiwavey.run
domain: byteplusx.digital
domain: skynetxc.live
domain: pixtreev.run
domain: sparkiob.digital
domain: appgridn.live
ip-dst|port: 113.45.7.54|9999
ip-dst|port: 2.58.56.217|443
ip-dst|port: 47.108.158.237|443
ip-dst|port: 159.75.26.73|8010
ip-dst|port: 65.20.70.235|443
ip-dst|port: 27.124.6.49|2404
ip-dst|port: 104.250.169.68|1962
ip-dst|port: 199.231.167.54|7707
ip-dst|port: 120.24.250.89|7443
ip-dst|port: 42.116.59.138|8080
ip-dst|port: 172.86.97.13|443
ip-dst|port: 43.129.41.152|443
ip-dst|port: 18.175.56.117|17450
ip-dst|port: 18.175.56.117|60000
ip-dst|port: 18.175.56.117|250
ip-dst|port: 115.233.60.197|443
domain: webdisk.oraonweb.com
url: https://4ad74aab.xyz/index.php
ip-dst|port: 47.98.153.84|1234
ip-dst|port: 42.51.40.85|808
ip-dst|port: 103.231.12.252|801
ip-dst|port: 8.146.210.125|8080
ip-dst|port: 47.93.25.72|82
ip-dst|port: 154.39.140.34|8080
ip-dst|port: 34.245.175.187|80
domain: oct2.xyz
url: https://compralibri.com/1q2w.js
domain: compralibri.com
url: https://compralibri.com/js.php
url: https://steamcommunity.com/profiles/76561199839170361
url: https://t.me/lw25chm
url: https://se.app.formaxprime.co.uk/
url: https://95.216.180.148/
domain: app.formaxprime.co.uk
domain: se.app.formaxprime.co.uk
ip-dst|port: 78.46.253.51|443
ip-dst|port: 95.216.180.148|443
ip-dst|port: 103.140.154.73|80
ip-dst|port: 103.74.192.189|8080
ip-dst|port: 206.206.77.88|8888
ip-dst|port: 41.188.124.175|443
ip-dst|port: 196.251.86.90|443
ip-dst|port: 154.205.145.133|2096
ip-dst|port: 94.250.249.129|8443
domain: persimmon-turquoise344028.vm-host.com
url: https://higerson.shop/playlandmusic.mp3
domain: higerson.shop
domain: amozon.cc
ip-dst|port: 103.12.149.85|443
ip-dst|port: 58.87.94.202|443
ip-dst|port: 58.87.94.202|80
url: https://elcctrum.com/download/index.php
url: https://367524bins7923.b-cdn.net/electrum-4.5.8-setup.exe
hash: 2246f3653b24eb50f8e43be528270178d8b9576b72fce298d97dda6b5865aced
domain: kpl-gun77dan.com
url: http://54.173.207.199:443/mpj6
url: https://t5impactsupport.world/api
ip-dst|port: 115.120.251.188|28080
ip-dst|port: 205.198.65.161|8888
ip-dst|port: 45.147.7.149|8080
ip-dst|port: 192.227.220.27|8808
ip-dst|port: 91.99.23.89|7443
ip-dst|port: 3.85.11.163|7443
ip-dst|port: 102.117.175.16|7443
ip-dst|port: 188.166.56.10|7443
domain: webmail.efcommxerce.ru
ip-dst|port: 154.90.63.65|4782
ip-dst|port: 38.180.141.143|443
hash: 2065c11664a7a30b693a8334a37fa049f7221ec39bdad401ebae9c453d453edb
ip-dst|port: 45.76.97.76|443
ip-dst|port: 62.234.27.146|3306
ip-dst|port: 47.92.125.40|443
ip-dst|port: 192.46.223.134|31337
ip-dst|port: 157.173.112.131|31337
ip-dst|port: 172.86.80.221|31337
ip-dst|port: 95.131.202.38|8085
ip-dst|port: 212.69.167.73|8089
ip-dst|port: 34.219.107.81|6633
ip-dst|port: 176.82.217.48|6001
ip-dst|port: 166.167.30.196|443
ip-dst|port: 13.58.46.246|32764
url: http://jmucha.fun/g5vppphc/index.php
domain: jmucha.fun
domain: rootedkrypto-29674.portmap.host
domain: severug.com
domain: hai1723rat-29066.portmap.host
domain: abuwire123.ddns.net
domain: song-direct.gl.at.ply.gg
domain: them-hobbies.gl.at.ply.gg
domain: year-tim.gl.at.ply.gg
ip-dst|port: 108.61.187.67|80
ip-dst|port: 206.123.152.103|3911
ip-dst|port: 4.234.110.221|443
hash: 1b48785b6098f696992c1f65e814ad9f4e2fe3f61ce57bdf0477c05c19661217
hash: a4ef61a4c32010e87894ad322b87d9f24b9b64c20da5b8b53a1545bbcd16e810
hash: 6deae0104a84d93f5d2e4fd4c8fb3ae218b77129771bd6c5c79bd7a31e621fd2
url: http://213.176.72.47/api/ytasodysodisowqsytesodgsotasotusnjusn2qs
domain: dns-5hm3l-stf-otbor.online
domain: bitcorep.digital
url: https://check.dymab.icu/gkcxv.google
ip-dst|port: 196.251.70.183|443
ip-dst|port: 120.55.169.128|443
ip-dst|port: 176.65.142.27|4054
ip-dst|port: 46.105.31.193|8000
domain: documents.aruba.cloudconnect-auth0.top
domain: cpanel.efcommxerce.ru
ip-dst|port: 35.159.245.137|80
ip-dst|port: 173.212.208.95|40056
domain: lingardmechanics.shop
domain: subdomainhere.klogixsecurity.org
ip-dst|port: 23.160.168.165|7058
ip-dst|port: 46.246.82.12|2000
ip-dst|port: 18.183.153.54|20546
ip-dst|port: 154.205.148.129|8082
url: https://check.ledax.icu/gkcxv.google
ip-dst|port: 175.178.169.151|60000
ip-dst|port: 2.88.86.152|443
ip-dst|port: 216.245.184.116|80
url: https://check.cohor.icu/gkcxv.google
domain: ehchq7m7rpvdr.cfc-execute.bj.baidubce.com
ip-dst|port: 139.9.135.76|18443

Source: MISP

Published: Tue Mar 25 2025

ThreatFox IOCs for 2025-03-25

Medium

Unknowntype:OSINT tlp:white

Published: Tue Mar 25 2025 (03/25/2025, 00:00:00 UTC)

Source: MISP

Description

ThreatFox IOCs for 2025-03-25

AI-Powered Analysis

AILast updated: 07/03/2025, 06:26:56 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3

Indicators of Compromise

Domain

Value	Description	Copy
domainprogressiveptgreenvalley.com	FAKEUPDATES payload delivery domain (confidence level: 100%)
domainwww.amanmail.info	Havoc botnet C2 domain (confidence level: 100%)
domainwww.mkdirjava.com	Havoc botnet C2 domain (confidence level: 100%)
domainelectrumdoge.com	Unknown malware botnet C2 domain (confidence level: 75%)
domainelectrum-avax.com	Unknown malware botnet C2 domain (confidence level: 75%)
domainelectrum-ravencoin.com	Unknown malware botnet C2 domain (confidence level: 75%)
domainelectrum-xmr.net	Unknown malware botnet C2 domain (confidence level: 75%)
domaincpcontacts.aaa.104-168-101-27.cprapid.com	Bashlite botnet C2 domain (confidence level: 100%)
domaincpanel.a.multi-canale.com	Bashlite botnet C2 domain (confidence level: 100%)
domainmail.b.ora-0-web.com	Bashlite botnet C2 domain (confidence level: 100%)
domainwebdisk.aaa.104-168-101-27.cprapid.com	Bashlite botnet C2 domain (confidence level: 100%)
domaincpanel.ora-0-web.com	Bashlite botnet C2 domain (confidence level: 100%)
domainsvchost.iqiyid.icu	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainksmj.ddns.net	Nanocore RAT botnet C2 domain (confidence level: 100%)
domainhacknestm.run	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaingalaxiay.world	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaintrobudrunksz.click	Lumma Stealer botnet C2 domain (confidence level: 100%)
domain5461458.ddns.net	AsyncRAT botnet C2 domain (confidence level: 50%)
domaindadfsfsdfasdfasddfgssdfaafsd-63495.portmap.host	AsyncRAT botnet C2 domain (confidence level: 50%)
domainmmdrza.ddns.net	Quasar RAT botnet C2 domain (confidence level: 50%)
domainblancoestev27.duckdns.org	Remcos botnet C2 domain (confidence level: 50%)
domainruffella1122.duckdns.org	Remcos botnet C2 domain (confidence level: 50%)
domainflame3135-44263.portmap.host	XWorm botnet C2 domain (confidence level: 50%)
domaingmt-sherman.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domainiii-single.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domainpppaa-51102.portmap.host	XWorm botnet C2 domain (confidence level: 50%)
domainh.p.formaxprime.co.uk	Vidar botnet C2 domain (confidence level: 100%)
domainaiwavey.run	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainbyteplusx.digital	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainskynetxc.live	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainpixtreev.run	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainsparkiob.digital	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainappgridn.live	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainwebdisk.oraonweb.com	Bashlite botnet C2 domain (confidence level: 100%)
domainoct2.xyz	Loki Password Stealer (PWS) botnet C2 domain (confidence level: 75%)
domaincompralibri.com	FAKEUPDATES payload delivery domain (confidence level: 100%)
domainapp.formaxprime.co.uk	Vidar botnet C2 domain (confidence level: 100%)
domainse.app.formaxprime.co.uk	Vidar botnet C2 domain (confidence level: 100%)
domainpersimmon-turquoise344028.vm-host.com	Bashlite botnet C2 domain (confidence level: 100%)
domainhigerson.shop	Lumma Stealer payload delivery domain (confidence level: 100%)
domainamozon.cc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainkpl-gun77dan.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainwebmail.efcommxerce.ru	Hook botnet C2 domain (confidence level: 100%)
domainjmucha.fun	Amadey botnet C2 domain (confidence level: 50%)
domainrootedkrypto-29674.portmap.host	AsyncRAT botnet C2 domain (confidence level: 50%)
domainseverug.com	Ramnit botnet C2 domain (confidence level: 50%)
domainhai1723rat-29066.portmap.host	XenoRAT botnet C2 domain (confidence level: 50%)
domainabuwire123.ddns.net	XWorm botnet C2 domain (confidence level: 50%)
domainsong-direct.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domainthem-hobbies.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domainyear-tim.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domaindns-5hm3l-stf-otbor.online	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainbitcorep.digital	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaindocuments.aruba.cloudconnect-auth0.top	Hook botnet C2 domain (confidence level: 100%)
domaincpanel.efcommxerce.ru	Hook botnet C2 domain (confidence level: 100%)
domainlingardmechanics.shop	Havoc botnet C2 domain (confidence level: 100%)
domainsubdomainhere.klogixsecurity.org	Havoc botnet C2 domain (confidence level: 100%)
domainehchq7m7rpvdr.cfc-execute.bj.baidubce.com	Cobalt Strike botnet C2 domain (confidence level: 75%)

Ip dst|port

Value	Description	Copy
ip-dst\|port43.160.193.143\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port128.90.113.194\|2000	AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst\|port209.38.142.255\|80	Hook botnet C2 server (confidence level: 100%)
ip-dst\|port113.45.132.242\|60000	Unknown malware botnet C2 server (confidence level: 100%)
ip-dst\|port213.199.57.185\|3333	Unknown malware botnet C2 server (confidence level: 100%)
ip-dst\|port152.203.30.145\|8080	Unknown malware botnet C2 server (confidence level: 100%)
ip-dst\|port47.94.7.163\|10001	Unknown malware botnet C2 server (confidence level: 100%)
ip-dst\|port144.208.127.241\|1313	Remcos botnet C2 server (confidence level: 100%)
ip-dst\|port31.58.169.119\|8808	AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst\|port51.38.215.206\|7443	Unknown malware botnet C2 server (confidence level: 100%)
ip-dst\|port103.215.78.176\|53	ValleyRAT botnet C2 server (confidence level: 100%)
ip-dst\|port14.128.50.21\|8080	Cobalt Strike botnet C2 server (confidence level: 75%)
ip-dst\|port67.159.18.50\|1995	Mirai botnet C2 server (confidence level: 75%)
ip-dst\|port169.150.202.83\|5552	Nanocore RAT botnet C2 server (confidence level: 100%)
ip-dst\|port121.36.215.212\|80	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port106.75.245.80\|8443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port104.250.169.98\|2404	Remcos botnet C2 server (confidence level: 100%)
ip-dst\|port38.146.27.151\|443	Sliver botnet C2 server (confidence level: 100%)
ip-dst\|port45.130.151.163\|443	Sliver botnet C2 server (confidence level: 100%)
ip-dst\|port23.94.126.113\|8808	AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst\|port196.251.70.104\|6606	AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst\|port91.211.248.206\|80	Hook botnet C2 server (confidence level: 100%)
ip-dst\|port197.133.22.251\|8081	Quasar RAT botnet C2 server (confidence level: 100%)
ip-dst\|port157.20.182.77\|4449	Venom RAT botnet C2 server (confidence level: 100%)
ip-dst\|port102.96.189.137\|443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
ip-dst\|port35.86.98.1\|27017	NetSupportManager RAT botnet C2 server (confidence level: 100%)
ip-dst\|port167.71.234.19\|80	MooBot botnet C2 server (confidence level: 100%)
ip-dst\|port159.65.224.196\|80	MooBot botnet C2 server (confidence level: 100%)
ip-dst\|port117.72.119.63\|7088	Unknown malware botnet C2 server (confidence level: 100%)
ip-dst\|port8.213.228.20\|4443	Havoc botnet C2 server (confidence level: 100%)
ip-dst\|port179.43.152.178\|8825	DCRat botnet C2 server (confidence level: 100%)
ip-dst\|port43.138.81.38\|60000	Unknown malware botnet C2 server (confidence level: 100%)
ip-dst\|port47.238.47.190\|60000	Unknown malware botnet C2 server (confidence level: 100%)
ip-dst\|port185.247.224.66\|3333	Unknown malware botnet C2 server (confidence level: 100%)
ip-dst\|port113.45.140.119\|7777	Cobalt Strike botnet C2 server (confidence level: 50%)
ip-dst\|port47.120.46.195\|8080	Cobalt Strike botnet C2 server (confidence level: 50%)
ip-dst\|port103.149.182.77\|2345	Cobalt Strike botnet C2 server (confidence level: 50%)
ip-dst\|port104.42.26.200\|443	Cobalt Strike botnet C2 server (confidence level: 50%)
ip-dst\|port67.219.99.34\|443	Cobalt Strike botnet C2 server (confidence level: 50%)
ip-dst\|port64.94.84.10\|50050	Cobalt Strike botnet C2 server (confidence level: 50%)
ip-dst\|port69.57.161.93\|31337	Sliver botnet C2 server (confidence level: 50%)
ip-dst\|port162.19.228.213\|31337	Sliver botnet C2 server (confidence level: 50%)
ip-dst\|port62.146.169.174\|31337	Sliver botnet C2 server (confidence level: 50%)
ip-dst\|port183.134.55.166\|10001	Xtreme RAT botnet C2 server (confidence level: 50%)
ip-dst\|port170.130.200.118\|10001	Xtreme RAT botnet C2 server (confidence level: 50%)
ip-dst\|port118.122.8.155\|7775	Unknown malware botnet C2 server (confidence level: 50%)
ip-dst\|port18.224.18.64\|48001	Unknown malware botnet C2 server (confidence level: 50%)
ip-dst\|port18.224.18.64\|8151	Unknown malware botnet C2 server (confidence level: 50%)
ip-dst\|port162.254.86.108\|2087	Brute Ratel C4 botnet C2 server (confidence level: 50%)
ip-dst\|port84.46.239.89\|8089	Brute Ratel C4 botnet C2 server (confidence level: 50%)
ip-dst\|port51.195.2.222\|3333	Unknown malware botnet C2 server (confidence level: 50%)
ip-dst\|port3.0.103.25\|3333	Unknown malware botnet C2 server (confidence level: 50%)
ip-dst\|port45.83.207.229\|1177	NjRAT botnet C2 server (confidence level: 50%)
ip-dst\|port91.4.38.47\|80	Ghost RAT botnet C2 server (confidence level: 50%)
ip-dst\|port56.155.3.36\|636	BlackShades botnet C2 server (confidence level: 50%)
ip-dst\|port216.9.225.133\|57090	Remcos botnet C2 server (confidence level: 75%)
ip-dst\|port150.158.110.197\|8888	Unknown malware botnet C2 server (confidence level: 50%)
ip-dst\|port117.205.172.44\|47080	Mozi botnet C2 server (confidence level: 50%)
ip-dst\|port147.185.221.26\|28568	AsyncRAT botnet C2 server (confidence level: 50%)
ip-dst\|port18.197.94.4\|6606	AsyncRAT botnet C2 server (confidence level: 50%)
ip-dst\|port147.185.221.25\|3064	DCRat botnet C2 server (confidence level: 50%)
ip-dst\|port147.185.221.25\|80	DCRat botnet C2 server (confidence level: 50%)
ip-dst\|port194.36.26.109\|25514	DCRat botnet C2 server (confidence level: 50%)
ip-dst\|port3.127.121.101\|3064	DCRat botnet C2 server (confidence level: 50%)
ip-dst\|port3.127.121.101\|80	DCRat botnet C2 server (confidence level: 50%)
ip-dst\|port176.65.144.200\|6426	Remcos botnet C2 server (confidence level: 50%)
ip-dst\|port113.45.7.54\|9999	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port2.58.56.217\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port47.108.158.237\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port159.75.26.73\|8010	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port65.20.70.235\|443	Remcos botnet C2 server (confidence level: 100%)
ip-dst\|port27.124.6.49\|2404	Remcos botnet C2 server (confidence level: 100%)
ip-dst\|port104.250.169.68\|1962	Remcos botnet C2 server (confidence level: 100%)
ip-dst\|port199.231.167.54\|7707	AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst\|port120.24.250.89\|7443	Unknown malware botnet C2 server (confidence level: 100%)
ip-dst\|port42.116.59.138\|8080	Quasar RAT botnet C2 server (confidence level: 100%)
ip-dst\|port172.86.97.13\|443	Havoc botnet C2 server (confidence level: 100%)
ip-dst\|port43.129.41.152\|443	Havoc botnet C2 server (confidence level: 100%)
ip-dst\|port18.175.56.117\|17450	NetSupportManager RAT botnet C2 server (confidence level: 100%)
ip-dst\|port18.175.56.117\|60000	NetSupportManager RAT botnet C2 server (confidence level: 100%)
ip-dst\|port18.175.56.117\|250	NetSupportManager RAT botnet C2 server (confidence level: 100%)
ip-dst\|port115.233.60.197\|443	Unknown malware botnet C2 server (confidence level: 100%)
ip-dst\|port47.98.153.84\|1234	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port42.51.40.85\|808	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port103.231.12.252\|801	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port8.146.210.125\|8080	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port47.93.25.72\|82	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port154.39.140.34\|8080	Meterpreter botnet C2 server (confidence level: 75%)
ip-dst\|port34.245.175.187\|80	Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%)
ip-dst\|port78.46.253.51\|443	Vidar botnet C2 server (confidence level: 100%)
ip-dst\|port95.216.180.148\|443	Vidar botnet C2 server (confidence level: 100%)
ip-dst\|port103.140.154.73\|80	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port103.74.192.189\|8080	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port206.206.77.88\|8888	Unknown malware botnet C2 server (confidence level: 100%)
ip-dst\|port41.188.124.175\|443	Havoc botnet C2 server (confidence level: 100%)
ip-dst\|port196.251.86.90\|443	Havoc botnet C2 server (confidence level: 100%)
ip-dst\|port154.205.145.133\|2096	Havoc botnet C2 server (confidence level: 100%)
ip-dst\|port94.250.249.129\|8443	DeimosC2 botnet C2 server (confidence level: 100%)
ip-dst\|port103.12.149.85\|443	Cobalt Strike botnet C2 server (confidence level: 75%)
ip-dst\|port58.87.94.202\|443	Cobalt Strike botnet C2 server (confidence level: 75%)
ip-dst\|port58.87.94.202\|80	Cobalt Strike botnet C2 server (confidence level: 75%)
ip-dst\|port115.120.251.188\|28080	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port205.198.65.161\|8888	Unknown malware botnet C2 server (confidence level: 100%)
ip-dst\|port45.147.7.149\|8080	AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst\|port192.227.220.27\|8808	AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst\|port91.99.23.89\|7443	Unknown malware botnet C2 server (confidence level: 100%)
ip-dst\|port3.85.11.163\|7443	Unknown malware botnet C2 server (confidence level: 100%)
ip-dst\|port102.117.175.16\|7443	Unknown malware botnet C2 server (confidence level: 100%)
ip-dst\|port188.166.56.10\|7443	Unknown malware botnet C2 server (confidence level: 100%)
ip-dst\|port154.90.63.65\|4782	Quasar RAT botnet C2 server (confidence level: 100%)
ip-dst\|port38.180.141.143\|443	Havoc botnet C2 server (confidence level: 100%)
ip-dst\|port45.76.97.76\|443	Cobalt Strike botnet C2 server (confidence level: 50%)
ip-dst\|port62.234.27.146\|3306	Cobalt Strike botnet C2 server (confidence level: 50%)
ip-dst\|port47.92.125.40\|443	Cobalt Strike botnet C2 server (confidence level: 50%)
ip-dst\|port192.46.223.134\|31337	Sliver botnet C2 server (confidence level: 50%)
ip-dst\|port157.173.112.131\|31337	Sliver botnet C2 server (confidence level: 50%)
ip-dst\|port172.86.80.221\|31337	Sliver botnet C2 server (confidence level: 50%)
ip-dst\|port95.131.202.38\|8085	Brute Ratel C4 botnet C2 server (confidence level: 50%)
ip-dst\|port212.69.167.73\|8089	Brute Ratel C4 botnet C2 server (confidence level: 50%)
ip-dst\|port34.219.107.81\|6633	NetSupportManager RAT botnet C2 server (confidence level: 50%)
ip-dst\|port176.82.217.48\|6001	NetSupportManager RAT botnet C2 server (confidence level: 50%)
ip-dst\|port166.167.30.196\|443	Ghost RAT botnet C2 server (confidence level: 50%)
ip-dst\|port13.58.46.246\|32764	Unknown malware botnet C2 server (confidence level: 50%)
ip-dst\|port108.61.187.67\|80	Cobalt Strike botnet C2 server (confidence level: 75%)
ip-dst\|port206.123.152.103\|3911	XWorm botnet C2 server (confidence level: 75%)
ip-dst\|port4.234.110.221\|443	Cobalt Strike botnet C2 server (confidence level: 75%)
ip-dst\|port196.251.70.183\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port120.55.169.128\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port176.65.142.27\|4054	Remcos botnet C2 server (confidence level: 100%)
ip-dst\|port46.105.31.193\|8000	Sliver botnet C2 server (confidence level: 100%)
ip-dst\|port35.159.245.137\|80	Havoc botnet C2 server (confidence level: 100%)
ip-dst\|port173.212.208.95\|40056	Havoc botnet C2 server (confidence level: 100%)
ip-dst\|port23.160.168.165\|7058	Orcus RAT botnet C2 server (confidence level: 100%)
ip-dst\|port46.246.82.12\|2000	DCRat botnet C2 server (confidence level: 100%)
ip-dst\|port18.183.153.54\|20546	NetSupportManager RAT botnet C2 server (confidence level: 100%)
ip-dst\|port154.205.148.129\|8082	ERMAC botnet C2 server (confidence level: 100%)
ip-dst\|port175.178.169.151\|60000	Unknown malware botnet C2 server (confidence level: 75%)
ip-dst\|port2.88.86.152\|443	QakBot botnet C2 server (confidence level: 75%)
ip-dst\|port216.245.184.116\|80	Broomstick botnet C2 server (confidence level: 75%)
ip-dst\|port139.9.135.76\|18443	Cobalt Strike botnet C2 server (confidence level: 75%)

Url

Value	Description	Copy
urlhttp://91.211.248.206/	Hook botnet C2 (confidence level: 50%)
urlhttp://176.65.141.187/	Hook botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/jd8cp7b0	AsyncRAT botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/lbtbvbyi	AsyncRAT botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/j5bthnrr	XWorm botnet C2 (confidence level: 50%)
urlhttps://h.p.formaxprime.co.uk/	Vidar botnet C2 (confidence level: 100%)
urlhttps://4ad74aab.xyz/index.php	DarkWatchman botnet C2 (confidence level: 100%)
urlhttps://compralibri.com/1q2w.js	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://compralibri.com/js.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://steamcommunity.com/profiles/76561199839170361	Vidar botnet C2 (confidence level: 100%)
urlhttps://t.me/lw25chm	Vidar botnet C2 (confidence level: 100%)
urlhttps://se.app.formaxprime.co.uk/	Vidar botnet C2 (confidence level: 100%)
urlhttps://95.216.180.148/	Vidar botnet C2 (confidence level: 100%)
urlhttps://higerson.shop/playlandmusic.mp3	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://elcctrum.com/download/index.php	Unknown Stealer payload delivery URL (confidence level: 100%)
urlhttps://367524bins7923.b-cdn.net/electrum-4.5.8-setup.exe	Unknown Stealer payload delivery URL (confidence level: 100%)
urlhttp://54.173.207.199:443/mpj6	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://t5impactsupport.world/api	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://jmucha.fun/g5vppphc/index.php	Amadey botnet C2 (confidence level: 50%)
urlhttp://213.176.72.47/api/ytasodysodisowqsytesodgsotasotusnjusn2qs	SmartLoader botnet C2 (confidence level: 75%)
urlhttps://check.dymab.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.ledax.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.cohor.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)

Hash

Value	Description	Copy
hash2246f3653b24eb50f8e43be528270178d8b9576b72fce298d97dda6b5865aced	Unknown Stealer payload (confidence level: 100%)
hash2065c11664a7a30b693a8334a37fa049f7221ec39bdad401ebae9c453d453edb	Unknown Stealer payload (confidence level: 100%)
hash1b48785b6098f696992c1f65e814ad9f4e2fe3f61ce57bdf0477c05c19661217	Unknown Stealer payload (confidence level: 100%)
hasha4ef61a4c32010e87894ad322b87d9f24b9b64c20da5b8b53a1545bbcd16e810	Unknown Stealer payload (confidence level: 100%)
hash6deae0104a84d93f5d2e4fd4c8fb3ae218b77129771bd6c5c79bd7a31e621fd2	Unknown Stealer payload (confidence level: 100%)

Threat ID: 6829b2d4c469c0a05b456c63

Added to database: 5/18/2025, 10:13:40 AM

Last enriched: 7/3/2025, 6:26:56 AM

Last updated: 8/16/2025, 9:04:24 AM

Related Threats

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2025-03-25

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2025-03-25

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Domain

Ip dst|port

Url

Hash

Related Threats

ThreatFox IOCs for 2025-08-18

ThreatFox IOCs for 2025-08-17

ThreatFox IOCs for 2025-08-16

ThreatFox IOCs for 2025-08-15

ThreatFox IOCs for 2025-08-14

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility