Skip to main content

ThreatFox IOCs for 2025-03-25

Medium
Published: Tue Mar 25 2025 (03/25/2025, 00:00:00 UTC)
Source: MISP

Description

ThreatFox IOCs for 2025-03-25

AI-Powered Analysis

AILast updated: 07/03/2025, 06:26:56 UTC

Technical Analysis

The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2025-03-25 by ThreatFox, sourced from MISP (Malware Information Sharing Platform). The entry is labeled as 'unknown' type with no specific affected software versions, no associated Common Weakness Enumerations (CWEs), and no known exploits in the wild. The threat level is indicated as low to medium (threatLevel: 2), with minimal analysis (analysis: 1) and moderate distribution (distribution: 3). The absence of technical details, affected products, or concrete attack vectors limits the ability to precisely characterize the threat. The IOCs are tagged as OSINT (Open Source Intelligence) and TLP:WHITE, indicating they are intended for broad sharing without restrictions. Since no concrete indicators or exploit details are provided, this entry appears to be a placeholder or a preliminary report of potential threat intelligence rather than a confirmed or active security threat. The medium severity rating likely reflects caution due to the unknown nature and potential for future development rather than current active exploitation.

Potential Impact

Given the lack of specific technical details, affected systems, or known exploits, the immediate impact on European organizations is difficult to quantify. However, the publication of IOCs suggests that there may be emerging or suspected malicious activity that could target various systems in the future. European organizations that rely on threat intelligence feeds and proactive defense mechanisms may benefit from monitoring these IOCs to detect early signs of compromise. Without concrete exploit information, the risk to confidentiality, integrity, and availability remains theoretical at this stage. Nonetheless, organizations should remain vigilant as unknown threats can evolve rapidly, potentially impacting critical infrastructure, government entities, or private sector companies if the threat materializes.

Mitigation Recommendations

1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) systems and endpoint detection tools to enable early detection of suspicious activity. 2. Maintain up-to-date threat intelligence feeds and subscribe to trusted sources like MISP to receive timely updates on evolving threats. 3. Conduct regular network and endpoint monitoring focusing on anomalous behaviors that could correlate with emerging IOCs. 4. Implement robust incident response procedures to quickly investigate and contain any alerts triggered by these or related IOCs. 5. Engage in information sharing with industry peers and national cybersecurity centers to enhance collective situational awareness. 6. Since no patches or specific vulnerabilities are identified, prioritize general cybersecurity hygiene including timely patching of known vulnerabilities, strong access controls, and user awareness training to reduce attack surface.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3

Indicators of Compromise

Domain

ValueDescriptionCopy
domainprogressiveptgreenvalley.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainwww.amanmail.info
Havoc botnet C2 domain (confidence level: 100%)
domainwww.mkdirjava.com
Havoc botnet C2 domain (confidence level: 100%)
domainelectrumdoge.com
Unknown malware botnet C2 domain (confidence level: 75%)
domainelectrum-avax.com
Unknown malware botnet C2 domain (confidence level: 75%)
domainelectrum-ravencoin.com
Unknown malware botnet C2 domain (confidence level: 75%)
domainelectrum-xmr.net
Unknown malware botnet C2 domain (confidence level: 75%)
domaincpcontacts.aaa.104-168-101-27.cprapid.com
Bashlite botnet C2 domain (confidence level: 100%)
domaincpanel.a.multi-canale.com
Bashlite botnet C2 domain (confidence level: 100%)
domainmail.b.ora-0-web.com
Bashlite botnet C2 domain (confidence level: 100%)
domainwebdisk.aaa.104-168-101-27.cprapid.com
Bashlite botnet C2 domain (confidence level: 100%)
domaincpanel.ora-0-web.com
Bashlite botnet C2 domain (confidence level: 100%)
domainsvchost.iqiyid.icu
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainksmj.ddns.net
Nanocore RAT botnet C2 domain (confidence level: 100%)
domainhacknestm.run
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaingalaxiay.world
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaintrobudrunksz.click
Lumma Stealer botnet C2 domain (confidence level: 100%)
domain5461458.ddns.net
AsyncRAT botnet C2 domain (confidence level: 50%)
domaindadfsfsdfasdfasddfgssdfaafsd-63495.portmap.host
AsyncRAT botnet C2 domain (confidence level: 50%)
domainmmdrza.ddns.net
Quasar RAT botnet C2 domain (confidence level: 50%)
domainblancoestev27.duckdns.org
Remcos botnet C2 domain (confidence level: 50%)
domainruffella1122.duckdns.org
Remcos botnet C2 domain (confidence level: 50%)
domainflame3135-44263.portmap.host
XWorm botnet C2 domain (confidence level: 50%)
domaingmt-sherman.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domainiii-single.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domainpppaa-51102.portmap.host
XWorm botnet C2 domain (confidence level: 50%)
domainh.p.formaxprime.co.uk
Vidar botnet C2 domain (confidence level: 100%)
domainaiwavey.run
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainbyteplusx.digital
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainskynetxc.live
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainpixtreev.run
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainsparkiob.digital
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainappgridn.live
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainwebdisk.oraonweb.com
Bashlite botnet C2 domain (confidence level: 100%)
domainoct2.xyz
Loki Password Stealer (PWS) botnet C2 domain (confidence level: 75%)
domaincompralibri.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainapp.formaxprime.co.uk
Vidar botnet C2 domain (confidence level: 100%)
domainse.app.formaxprime.co.uk
Vidar botnet C2 domain (confidence level: 100%)
domainpersimmon-turquoise344028.vm-host.com
Bashlite botnet C2 domain (confidence level: 100%)
domainhigerson.shop
Lumma Stealer payload delivery domain (confidence level: 100%)
domainamozon.cc
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainkpl-gun77dan.com
Unknown Stealer botnet C2 domain (confidence level: 100%)
domainwebmail.efcommxerce.ru
Hook botnet C2 domain (confidence level: 100%)
domainjmucha.fun
Amadey botnet C2 domain (confidence level: 50%)
domainrootedkrypto-29674.portmap.host
AsyncRAT botnet C2 domain (confidence level: 50%)
domainseverug.com
Ramnit botnet C2 domain (confidence level: 50%)
domainhai1723rat-29066.portmap.host
XenoRAT botnet C2 domain (confidence level: 50%)
domainabuwire123.ddns.net
XWorm botnet C2 domain (confidence level: 50%)
domainsong-direct.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domainthem-hobbies.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domainyear-tim.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domaindns-5hm3l-stf-otbor.online
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainbitcorep.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaindocuments.aruba.cloudconnect-auth0.top
Hook botnet C2 domain (confidence level: 100%)
domaincpanel.efcommxerce.ru
Hook botnet C2 domain (confidence level: 100%)
domainlingardmechanics.shop
Havoc botnet C2 domain (confidence level: 100%)
domainsubdomainhere.klogixsecurity.org
Havoc botnet C2 domain (confidence level: 100%)
domainehchq7m7rpvdr.cfc-execute.bj.baidubce.com
Cobalt Strike botnet C2 domain (confidence level: 75%)

Ip dst|port

ValueDescriptionCopy
ip-dst|port43.160.193.143|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port128.90.113.194|2000
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port209.38.142.255|80
Hook botnet C2 server (confidence level: 100%)
ip-dst|port113.45.132.242|60000
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port213.199.57.185|3333
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port152.203.30.145|8080
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port47.94.7.163|10001
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port144.208.127.241|1313
Remcos botnet C2 server (confidence level: 100%)
ip-dst|port31.58.169.119|8808
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port51.38.215.206|7443
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port103.215.78.176|53
ValleyRAT botnet C2 server (confidence level: 100%)
ip-dst|port14.128.50.21|8080
Cobalt Strike botnet C2 server (confidence level: 75%)
ip-dst|port67.159.18.50|1995
Mirai botnet C2 server (confidence level: 75%)
ip-dst|port169.150.202.83|5552
Nanocore RAT botnet C2 server (confidence level: 100%)
ip-dst|port121.36.215.212|80
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port106.75.245.80|8443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port104.250.169.98|2404
Remcos botnet C2 server (confidence level: 100%)
ip-dst|port38.146.27.151|443
Sliver botnet C2 server (confidence level: 100%)
ip-dst|port45.130.151.163|443
Sliver botnet C2 server (confidence level: 100%)
ip-dst|port23.94.126.113|8808
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port196.251.70.104|6606
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port91.211.248.206|80
Hook botnet C2 server (confidence level: 100%)
ip-dst|port197.133.22.251|8081
Quasar RAT botnet C2 server (confidence level: 100%)
ip-dst|port157.20.182.77|4449
Venom RAT botnet C2 server (confidence level: 100%)
ip-dst|port102.96.189.137|443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
ip-dst|port35.86.98.1|27017
NetSupportManager RAT botnet C2 server (confidence level: 100%)
ip-dst|port167.71.234.19|80
MooBot botnet C2 server (confidence level: 100%)
ip-dst|port159.65.224.196|80
MooBot botnet C2 server (confidence level: 100%)
ip-dst|port117.72.119.63|7088
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port8.213.228.20|4443
Havoc botnet C2 server (confidence level: 100%)
ip-dst|port179.43.152.178|8825
DCRat botnet C2 server (confidence level: 100%)
ip-dst|port43.138.81.38|60000
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port47.238.47.190|60000
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port185.247.224.66|3333
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port113.45.140.119|7777
Cobalt Strike botnet C2 server (confidence level: 50%)
ip-dst|port47.120.46.195|8080
Cobalt Strike botnet C2 server (confidence level: 50%)
ip-dst|port103.149.182.77|2345
Cobalt Strike botnet C2 server (confidence level: 50%)
ip-dst|port104.42.26.200|443
Cobalt Strike botnet C2 server (confidence level: 50%)
ip-dst|port67.219.99.34|443
Cobalt Strike botnet C2 server (confidence level: 50%)
ip-dst|port64.94.84.10|50050
Cobalt Strike botnet C2 server (confidence level: 50%)
ip-dst|port69.57.161.93|31337
Sliver botnet C2 server (confidence level: 50%)
ip-dst|port162.19.228.213|31337
Sliver botnet C2 server (confidence level: 50%)
ip-dst|port62.146.169.174|31337
Sliver botnet C2 server (confidence level: 50%)
ip-dst|port183.134.55.166|10001
Xtreme RAT botnet C2 server (confidence level: 50%)
ip-dst|port170.130.200.118|10001
Xtreme RAT botnet C2 server (confidence level: 50%)
ip-dst|port118.122.8.155|7775
Unknown malware botnet C2 server (confidence level: 50%)
ip-dst|port18.224.18.64|48001
Unknown malware botnet C2 server (confidence level: 50%)
ip-dst|port18.224.18.64|8151
Unknown malware botnet C2 server (confidence level: 50%)
ip-dst|port162.254.86.108|2087
Brute Ratel C4 botnet C2 server (confidence level: 50%)
ip-dst|port84.46.239.89|8089
Brute Ratel C4 botnet C2 server (confidence level: 50%)
ip-dst|port51.195.2.222|3333
Unknown malware botnet C2 server (confidence level: 50%)
ip-dst|port3.0.103.25|3333
Unknown malware botnet C2 server (confidence level: 50%)
ip-dst|port45.83.207.229|1177
NjRAT botnet C2 server (confidence level: 50%)
ip-dst|port91.4.38.47|80
Ghost RAT botnet C2 server (confidence level: 50%)
ip-dst|port56.155.3.36|636
BlackShades botnet C2 server (confidence level: 50%)
ip-dst|port216.9.225.133|57090
Remcos botnet C2 server (confidence level: 75%)
ip-dst|port150.158.110.197|8888
Unknown malware botnet C2 server (confidence level: 50%)
ip-dst|port117.205.172.44|47080
Mozi botnet C2 server (confidence level: 50%)
ip-dst|port147.185.221.26|28568
AsyncRAT botnet C2 server (confidence level: 50%)
ip-dst|port18.197.94.4|6606
AsyncRAT botnet C2 server (confidence level: 50%)
ip-dst|port147.185.221.25|3064
DCRat botnet C2 server (confidence level: 50%)
ip-dst|port147.185.221.25|80
DCRat botnet C2 server (confidence level: 50%)
ip-dst|port194.36.26.109|25514
DCRat botnet C2 server (confidence level: 50%)
ip-dst|port3.127.121.101|3064
DCRat botnet C2 server (confidence level: 50%)
ip-dst|port3.127.121.101|80
DCRat botnet C2 server (confidence level: 50%)
ip-dst|port176.65.144.200|6426
Remcos botnet C2 server (confidence level: 50%)
ip-dst|port113.45.7.54|9999
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port2.58.56.217|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port47.108.158.237|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port159.75.26.73|8010
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port65.20.70.235|443
Remcos botnet C2 server (confidence level: 100%)
ip-dst|port27.124.6.49|2404
Remcos botnet C2 server (confidence level: 100%)
ip-dst|port104.250.169.68|1962
Remcos botnet C2 server (confidence level: 100%)
ip-dst|port199.231.167.54|7707
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port120.24.250.89|7443
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port42.116.59.138|8080
Quasar RAT botnet C2 server (confidence level: 100%)
ip-dst|port172.86.97.13|443
Havoc botnet C2 server (confidence level: 100%)
ip-dst|port43.129.41.152|443
Havoc botnet C2 server (confidence level: 100%)
ip-dst|port18.175.56.117|17450
NetSupportManager RAT botnet C2 server (confidence level: 100%)
ip-dst|port18.175.56.117|60000
NetSupportManager RAT botnet C2 server (confidence level: 100%)
ip-dst|port18.175.56.117|250
NetSupportManager RAT botnet C2 server (confidence level: 100%)
ip-dst|port115.233.60.197|443
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port47.98.153.84|1234
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port42.51.40.85|808
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port103.231.12.252|801
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port8.146.210.125|8080
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port47.93.25.72|82
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port154.39.140.34|8080
Meterpreter botnet C2 server (confidence level: 75%)
ip-dst|port34.245.175.187|80
Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%)
ip-dst|port78.46.253.51|443
Vidar botnet C2 server (confidence level: 100%)
ip-dst|port95.216.180.148|443
Vidar botnet C2 server (confidence level: 100%)
ip-dst|port103.140.154.73|80
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port103.74.192.189|8080
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port206.206.77.88|8888
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port41.188.124.175|443
Havoc botnet C2 server (confidence level: 100%)
ip-dst|port196.251.86.90|443
Havoc botnet C2 server (confidence level: 100%)
ip-dst|port154.205.145.133|2096
Havoc botnet C2 server (confidence level: 100%)
ip-dst|port94.250.249.129|8443
DeimosC2 botnet C2 server (confidence level: 100%)
ip-dst|port103.12.149.85|443
Cobalt Strike botnet C2 server (confidence level: 75%)
ip-dst|port58.87.94.202|443
Cobalt Strike botnet C2 server (confidence level: 75%)
ip-dst|port58.87.94.202|80
Cobalt Strike botnet C2 server (confidence level: 75%)
ip-dst|port115.120.251.188|28080
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port205.198.65.161|8888
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port45.147.7.149|8080
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port192.227.220.27|8808
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port91.99.23.89|7443
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port3.85.11.163|7443
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port102.117.175.16|7443
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port188.166.56.10|7443
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port154.90.63.65|4782
Quasar RAT botnet C2 server (confidence level: 100%)
ip-dst|port38.180.141.143|443
Havoc botnet C2 server (confidence level: 100%)
ip-dst|port45.76.97.76|443
Cobalt Strike botnet C2 server (confidence level: 50%)
ip-dst|port62.234.27.146|3306
Cobalt Strike botnet C2 server (confidence level: 50%)
ip-dst|port47.92.125.40|443
Cobalt Strike botnet C2 server (confidence level: 50%)
ip-dst|port192.46.223.134|31337
Sliver botnet C2 server (confidence level: 50%)
ip-dst|port157.173.112.131|31337
Sliver botnet C2 server (confidence level: 50%)
ip-dst|port172.86.80.221|31337
Sliver botnet C2 server (confidence level: 50%)
ip-dst|port95.131.202.38|8085
Brute Ratel C4 botnet C2 server (confidence level: 50%)
ip-dst|port212.69.167.73|8089
Brute Ratel C4 botnet C2 server (confidence level: 50%)
ip-dst|port34.219.107.81|6633
NetSupportManager RAT botnet C2 server (confidence level: 50%)
ip-dst|port176.82.217.48|6001
NetSupportManager RAT botnet C2 server (confidence level: 50%)
ip-dst|port166.167.30.196|443
Ghost RAT botnet C2 server (confidence level: 50%)
ip-dst|port13.58.46.246|32764
Unknown malware botnet C2 server (confidence level: 50%)
ip-dst|port108.61.187.67|80
Cobalt Strike botnet C2 server (confidence level: 75%)
ip-dst|port206.123.152.103|3911
XWorm botnet C2 server (confidence level: 75%)
ip-dst|port4.234.110.221|443
Cobalt Strike botnet C2 server (confidence level: 75%)
ip-dst|port196.251.70.183|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port120.55.169.128|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port176.65.142.27|4054
Remcos botnet C2 server (confidence level: 100%)
ip-dst|port46.105.31.193|8000
Sliver botnet C2 server (confidence level: 100%)
ip-dst|port35.159.245.137|80
Havoc botnet C2 server (confidence level: 100%)
ip-dst|port173.212.208.95|40056
Havoc botnet C2 server (confidence level: 100%)
ip-dst|port23.160.168.165|7058
Orcus RAT botnet C2 server (confidence level: 100%)
ip-dst|port46.246.82.12|2000
DCRat botnet C2 server (confidence level: 100%)
ip-dst|port18.183.153.54|20546
NetSupportManager RAT botnet C2 server (confidence level: 100%)
ip-dst|port154.205.148.129|8082
ERMAC botnet C2 server (confidence level: 100%)
ip-dst|port175.178.169.151|60000
Unknown malware botnet C2 server (confidence level: 75%)
ip-dst|port2.88.86.152|443
QakBot botnet C2 server (confidence level: 75%)
ip-dst|port216.245.184.116|80
Broomstick botnet C2 server (confidence level: 75%)
ip-dst|port139.9.135.76|18443
Cobalt Strike botnet C2 server (confidence level: 75%)

Url

ValueDescriptionCopy
urlhttp://91.211.248.206/
Hook botnet C2 (confidence level: 50%)
urlhttp://176.65.141.187/
Hook botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/jd8cp7b0
AsyncRAT botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/lbtbvbyi
AsyncRAT botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/j5bthnrr
XWorm botnet C2 (confidence level: 50%)
urlhttps://h.p.formaxprime.co.uk/
Vidar botnet C2 (confidence level: 100%)
urlhttps://4ad74aab.xyz/index.php
DarkWatchman botnet C2 (confidence level: 100%)
urlhttps://compralibri.com/1q2w.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://compralibri.com/js.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://steamcommunity.com/profiles/76561199839170361
Vidar botnet C2 (confidence level: 100%)
urlhttps://t.me/lw25chm
Vidar botnet C2 (confidence level: 100%)
urlhttps://se.app.formaxprime.co.uk/
Vidar botnet C2 (confidence level: 100%)
urlhttps://95.216.180.148/
Vidar botnet C2 (confidence level: 100%)
urlhttps://higerson.shop/playlandmusic.mp3
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://elcctrum.com/download/index.php
Unknown Stealer payload delivery URL (confidence level: 100%)
urlhttps://367524bins7923.b-cdn.net/electrum-4.5.8-setup.exe
Unknown Stealer payload delivery URL (confidence level: 100%)
urlhttp://54.173.207.199:443/mpj6
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://t5impactsupport.world/api
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://jmucha.fun/g5vppphc/index.php
Amadey botnet C2 (confidence level: 50%)
urlhttp://213.176.72.47/api/ytasodysodisowqsytesodgsotasotusnjusn2qs
SmartLoader botnet C2 (confidence level: 75%)
urlhttps://check.dymab.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.ledax.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.cohor.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)

Hash

ValueDescriptionCopy
hash2246f3653b24eb50f8e43be528270178d8b9576b72fce298d97dda6b5865aced
Unknown Stealer payload (confidence level: 100%)
hash2065c11664a7a30b693a8334a37fa049f7221ec39bdad401ebae9c453d453edb
Unknown Stealer payload (confidence level: 100%)
hash1b48785b6098f696992c1f65e814ad9f4e2fe3f61ce57bdf0477c05c19661217
Unknown Stealer payload (confidence level: 100%)
hasha4ef61a4c32010e87894ad322b87d9f24b9b64c20da5b8b53a1545bbcd16e810
Unknown Stealer payload (confidence level: 100%)
hash6deae0104a84d93f5d2e4fd4c8fb3ae218b77129771bd6c5c79bd7a31e621fd2
Unknown Stealer payload (confidence level: 100%)

Threat ID: 6829b2d4c469c0a05b456c63

Added to database: 5/18/2025, 10:13:40 AM

Last enriched: 7/3/2025, 6:26:56 AM

Last updated: 8/16/2025, 9:04:24 AM

Views: 16

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats