Skip to main content

ThreatFox IOCs for 2025-03-26

Medium
Published: Wed Mar 26 2025 (03/26/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-03-26

AI-Powered Analysis

AILast updated: 06/19/2025, 15:18:42 UTC

Technical Analysis

The provided threat intelligence pertains to a malware-related report titled "ThreatFox IOCs for 2025-03-26," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under 'type:osint' and tagged with 'tlp:white,' indicating that the information is publicly shareable without restrictions. The threat is classified as malware, but no specific malware family, variant, or affected software versions are detailed. There are no associated Common Weakness Enumerations (CWEs), patch links, or known exploits in the wild, suggesting that this is either a newly identified threat or a collection of IOCs without confirmed active exploitation. The technical details include a threat level of 2 (on an unspecified scale), an analysis level of 1, and a distribution level of 3, which may imply moderate dissemination or detection frequency. The absence of indicators in the provided data limits the ability to perform signature-based detection or targeted hunting. Overall, the information appears to be a general IOC update rather than a detailed technical report on a specific malware campaign or vulnerability. The lack of affected versions or products beyond a generic 'osint' product category further suggests this is an intelligence feed rather than a vulnerability advisory. Given the medium severity rating assigned by the source, the threat likely poses a moderate risk, potentially involving malware samples or indicators that could be leveraged in reconnaissance or early-stage intrusion activities.

Potential Impact

For European organizations, the impact of this threat is currently limited by the lack of detailed exploitation data or confirmed active campaigns. However, the presence of malware-related IOCs in ThreatFox indicates potential reconnaissance or preparatory activity that could precede targeted attacks. European entities relying on open-source intelligence (OSINT) tools or platforms may be indirectly affected if these IOCs are related to malware targeting such environments. The medium severity suggests that while immediate disruption or data compromise is unlikely, organizations should remain vigilant as these IOCs could be used to identify vulnerable systems or facilitate lateral movement in future attacks. The absence of known exploits in the wild reduces the immediate risk but does not eliminate the possibility of emerging threats leveraging these indicators. Consequently, European organizations, especially those in critical infrastructure, finance, and government sectors, should consider this intelligence as part of their broader threat landscape monitoring to preempt potential malware intrusions.

Mitigation Recommendations

1. Integrate the provided IOCs from ThreatFox into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities, even if the indicators are currently sparse. 2. Conduct proactive threat hunting exercises focusing on malware behaviors and network anomalies that could correlate with the medium severity threat level. 3. Maintain up-to-date OSINT tools and ensure that all related software components are patched and configured securely, even though no specific affected versions are listed. 4. Enhance user awareness training to recognize phishing or social engineering tactics that often precede malware deployment, as early-stage indicators might be subtle. 5. Collaborate with European cybersecurity information sharing organizations (e.g., ENISA, CERT-EU) to receive timely updates and contextual analysis related to these IOCs. 6. Implement network segmentation and strict access controls to limit potential lateral movement should malware be introduced. 7. Regularly review and update incident response plans to incorporate scenarios involving emerging malware threats identified through OSINT feeds.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
c9c4a007-2eaf-4010-99d4-cecbcf7e4314
Original Timestamp
1743033786

Indicators of Compromise

Url

ValueDescriptionCopy
urlhttp://46.8.226.196/scripts/4thepool_miner.sh
Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://ronsamuel.com/4r4r.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://ronsamuel.com/js.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://176.65.142.161/f698bbaeef359c28.php
Stealc botnet C2 (confidence level: 75%)
urlhttps://193.233.74.31/13cecbdad86667b0.php
Stealc botnet C2 (confidence level: 75%)
urlhttps://185.215.113.37/e2b1563c6670f193.php
Stealc botnet C2 (confidence level: 75%)
urlhttps://45.93.20.28/85a1cacf11314eb8.php
Stealc botnet C2 (confidence level: 75%)
urlhttps://45.93.20.64/96d56f5c90701384.php
Stealc botnet C2 (confidence level: 75%)
urlhttps://185.215.113.115/c4becf79229cb002.php
Stealc botnet C2 (confidence level: 75%)
urlhttps://62.204.41.177/edd20096ecef326d.php
Stealc botnet C2 (confidence level: 75%)
urlhttps://95.182.97.58/84b7b6f977dd1c65.php
Stealc botnet C2 (confidence level: 75%)
urlhttps://93.123.39.135/129edec4272dc2c8.php
Stealc botnet C2 (confidence level: 75%)
urlhttps://195.10.205.117/3d3d9476182c2057.php
Stealc botnet C2 (confidence level: 75%)
urlhttps://213.209.150.220/d7f85cd3e24a4757.php
Stealc botnet C2 (confidence level: 75%)
urlhttps://95.216.112.83/413a030d85acf448.php
Stealc botnet C2 (confidence level: 75%)
urlhttps://185.5.248.95/c1377b94d43eacea.php
Stealc botnet C2 (confidence level: 75%)
urlhttps://179.43.162.2/d8ab11e9f7bc9c13.php
Stealc botnet C2 (confidence level: 75%)
urlhttps://176.124.192.200/bef7fb05c9ef6540.php
Stealc botnet C2 (confidence level: 75%)
urlhttps://146.70.161.51/273d9c8034a95cb4.php
Stealc botnet C2 (confidence level: 75%)
urlhttps://93.233.254.53/278c2fb3d8583f0e.php
Stealc botnet C2 (confidence level: 75%)
urlhttps://91.202.233.158/e96ea2db21fa9a1b.php
Stealc botnet C2 (confidence level: 75%)
urlhttps://104.245.240.18/d7f85cd3e24a4757.php
Stealc botnet C2 (confidence level: 75%)
urlhttps://193.233.254.53/278c2fb3d8583f0e.php
Stealc botnet C2 (confidence level: 75%)
urlhttps://171.22.28.221/5c06c05b7b34e8e6.php
Stealc botnet C2 (confidence level: 75%)
urlhttps://62.204.41.159/edd20096ecef326d.php
Stealc botnet C2 (confidence level: 75%)
urlhttps://95.215.204.182/4d3324bde875e159.php
Stealc botnet C2 (confidence level: 75%)
urlhttps://45.91.201.142/e344542ca4922af9.php
Stealc botnet C2 (confidence level: 75%)
urlhttps://check.zynyx.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttp://205.198.65.161:8888/supershell/login
Unknown malware botnet C2 (confidence level: 50%)
urlhttps://check.viqon.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.gytat.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.lipog.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cosmicov.live/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://check.helij.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttp://115.233.60.197:8081/jquery-3.3.2.slim.min.js
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://146.196.52.51:7777/pixel
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttps://pixtreev.run/lkauz
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://skynetxc.live/aksopa
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://sparkiob.digital/keasup
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://ferrousz.digital/gsapz
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://hacknestm.run/nbdha
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://check.vased.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.higuh.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.quzis.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://inteklabs.com/2g6n.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://inteklabs.com/js.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://xiolewarentiom.com/test/
Latrodectus botnet C2 (confidence level: 100%)
urlhttp://59.88.23.194:49027/mozi.m
Mozi payload delivery URL (confidence level: 75%)
urlhttps://xx.ap.formaxprime.co.uk/
Vidar botnet C2 (confidence level: 100%)
urlhttps://e.x.formaxprime.co.uk/
Vidar botnet C2 (confidence level: 100%)
urlhttps://78.46.233.25/
Vidar botnet C2 (confidence level: 100%)
urlhttps://167.235.59.196/
Vidar botnet C2 (confidence level: 100%)
urlhttp://www.18y6s32s.top/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.249.top/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.24kzty991r.shop/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.67frmu442r.shop/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.6851044.vip/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.86r5.info/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ajbke.shop/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.alo4d.net/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.amilianm.store/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ampbelltx.info/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.antappecah001.mom/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.arrisseedse.shop/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.avidhost.site/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.bvljoe.solutions/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.dc-gmbh.net/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.dinara.best/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.eddings-56794.bond/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.efundee.help/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ennyandpearljewellery.net/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ental-insurance-us-631.xyz/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ertbz.xyz/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.essonsandblessings.shop/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ewdq.top/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ewssphere.one/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.gtttttt224.top/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.haiyaoder.top/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.hrgreret.online/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ibdobreva.art/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ideosha.vip/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.igna.store/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ikskp.top/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.inetask.net/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.inlinwangziyi.fun/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ipcity.net/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.itchen-design-57211.bond/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.iuzhou15.top/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.lobelifecom.net/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.lowfy1.store/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.luxfyxerflow.info/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.lzgwcxlgtrf.sbs/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.name.vip/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.nxezvnjtk.xyz/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ogel.kim/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ogel.loan/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.omovremont.store/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.onfitdentwithkat.net/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.oodwar.shop/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ophackerkampala256.store/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.oymcfaddin.art/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.plate.online/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ransitplus.biz/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rick-mason-jobs-27365.bond/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.riwh.bid/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.roblemclassified.online/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.robuzj.property/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.roperty4tshwane.online/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rttherapies.art/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.temwork.info/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.trahlkraft.pro/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ubyqtbzs7i6n.buzz/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.unas.shop/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.wqo.xyz/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ykbai.website/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.zfah.agency/kk18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.zzicasino-21.buzz/kk18/
Formbook botnet C2 (confidence level: 50%)

Domain

ValueDescriptionCopy
domaincheck.dymab.icu
ClearFake payload delivery domain (confidence level: 100%)
domaincheck.ledax.icu
ClearFake payload delivery domain (confidence level: 100%)
domainronsamuel.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domaincheck.cohor.icu
ClearFake payload delivery domain (confidence level: 100%)
domainglowceeralk.online
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainwordingvenuo.fun
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainconfident-archimedes.179-43-176-3.plesk.page
Remcos botnet C2 domain (confidence level: 100%)
domainec2-18-167-254-207.ap-east-1.compute.amazonaws.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainlogin.my.gov.au.upgrade1.zip
Havoc botnet C2 domain (confidence level: 100%)
domainmail.multi-canale.com
Bashlite botnet C2 domain (confidence level: 100%)
domaincheck.zynyx.icu
ClearFake payload delivery domain (confidence level: 100%)
domaincstest250326.iqiyic.icu
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainqiaoshen.top
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainmail.b.multi-canale.com
Bashlite botnet C2 domain (confidence level: 100%)
domaincpanel.d.multi-canale.com
Bashlite botnet C2 domain (confidence level: 100%)
domainwebmail.a.ora-0-web.com
Bashlite botnet C2 domain (confidence level: 100%)
domainferrousz.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainmettoolx.live
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainletaryzipthone.ddns.net
DCRat botnet C2 domain (confidence level: 50%)
domainputix.ddns.net
Quasar RAT botnet C2 domain (confidence level: 50%)
domainservicio.reposterializzart.info
Remcos botnet C2 domain (confidence level: 50%)
domainknokaaa-35772.portmap.host
XenoRAT botnet C2 domain (confidence level: 50%)
domainaccommodation-cambridge.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domainmulti-referral.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domainaadvento.run
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainairwanhder.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaincosmosyf.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaingalarona.bet
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainnetbitec.live
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainsoliduso.digital
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainjavascripterhub.com
FAKEUPDATES payload delivery domain (confidence level: 50%)
domainmasteringjscode.com
FAKEUPDATES payload delivery domain (confidence level: 50%)
domainjavascriptsynergy.com
FAKEUPDATES payload delivery domain (confidence level: 50%)
domaininteractivejsworld.com
FAKEUPDATES payload delivery domain (confidence level: 50%)
domaindynamicjsdevelopers.co
FAKEUPDATES payload delivery domain (confidence level: 50%)
domaincheck.viqon.icu
ClearFake payload delivery domain (confidence level: 100%)
domaincheck.gytat.icu
ClearFake payload delivery domain (confidence level: 100%)
domaindreamvacationstop.top
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainherophombyre.top
Unknown malware payload delivery domain (confidence level: 100%)
domaincn.mhknex555.com
Hook botnet C2 domain (confidence level: 100%)
domaincheck.lipog.icu
ClearFake payload delivery domain (confidence level: 100%)
domainstvann.onlinewebshop.net
DCRat botnet C2 domain (confidence level: 100%)
domaina1106540.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domaincosmicov.live
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincheck.helij.icu
ClearFake payload delivery domain (confidence level: 100%)
domainsimplepifj.world
Hook botnet C2 domain (confidence level: 100%)
domaincpcalendars.versioneonline.com
Bashlite botnet C2 domain (confidence level: 100%)
domainautodiscover.h.web-app-on.com
Bashlite botnet C2 domain (confidence level: 100%)
domaincpcalendars.m.web-app-on.com
Bashlite botnet C2 domain (confidence level: 100%)
domain86nr8m27y8m94.cfc-execute.bj.baidubce.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainccc.ufoxing.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincdn.chatgpt-cdn.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaindynamicjsdevelopers.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainvegetablebasket.icu
Unknown Loader botnet C2 domain (confidence level: 100%)
domaincheck.vased.icu
ClearFake payload delivery domain (confidence level: 100%)
domainforfsakencoilddxga.com
ClearFake payload delivery domain (confidence level: 100%)
domaincaprofklfkzttripwith.com
ClearFake payload delivery domain (confidence level: 100%)
domainserviceauthfoap.com
ClearFake payload delivery domain (confidence level: 100%)
domaincheck.higuh.icu
ClearFake payload delivery domain (confidence level: 100%)
domainbb990a9a6fafe.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainabuwire123h.ddns.net
XWorm botnet C2 domain (confidence level: 100%)
domainscotwire.ddns.net
XWorm botnet C2 domain (confidence level: 100%)
domaincheck.quzis.icu
ClearFake payload delivery domain (confidence level: 100%)
domaininteklabs.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainforefilarem.com
Latrodectus botnet C2 domain (confidence level: 100%)
domainxiolewarentiom.com
Latrodectus botnet C2 domain (confidence level: 100%)
domainvisasecurity.net
SpyNote payload delivery domain (confidence level: 100%)
domain519nmcj312v7y.cfc-execute.bj.baidubce.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainxx.ap.formaxprime.co.uk
Vidar botnet C2 domain (confidence level: 100%)
domaine.x.formaxprime.co.uk
Vidar botnet C2 domain (confidence level: 100%)
domainns1.connectlink.top
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainns2.connectlink.top
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainns3.connectlink.top
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainwww.18y6s32s.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.249.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.24kzty991r.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.67frmu442r.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.6851044.vip
Formbook botnet C2 domain (confidence level: 50%)
domainwww.86r5.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ajbke.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.alo4d.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.amilianm.store
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ampbelltx.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.antappecah001.mom
Formbook botnet C2 domain (confidence level: 50%)
domainwww.arrisseedse.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.avidhost.site
Formbook botnet C2 domain (confidence level: 50%)
domainwww.bvljoe.solutions
Formbook botnet C2 domain (confidence level: 50%)
domainwww.dc-gmbh.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.dinara.best
Formbook botnet C2 domain (confidence level: 50%)
domainwww.eddings-56794.bond
Formbook botnet C2 domain (confidence level: 50%)
domainwww.efundee.help
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ennyandpearljewellery.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ental-insurance-us-631.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ertbz.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.essonsandblessings.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ewdq.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ewssphere.one
Formbook botnet C2 domain (confidence level: 50%)
domainwww.gtttttt224.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.haiyaoder.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.hrgreret.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ibdobreva.art
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ideosha.vip
Formbook botnet C2 domain (confidence level: 50%)
domainwww.igna.store
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ikskp.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.inetask.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.inlinwangziyi.fun
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ipcity.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.itchen-design-57211.bond
Formbook botnet C2 domain (confidence level: 50%)
domainwww.iuzhou15.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.lobelifecom.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.lowfy1.store
Formbook botnet C2 domain (confidence level: 50%)
domainwww.luxfyxerflow.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.lzgwcxlgtrf.sbs
Formbook botnet C2 domain (confidence level: 50%)
domainwww.name.vip
Formbook botnet C2 domain (confidence level: 50%)
domainwww.nxezvnjtk.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ogel.kim
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ogel.loan
Formbook botnet C2 domain (confidence level: 50%)
domainwww.omovremont.store
Formbook botnet C2 domain (confidence level: 50%)
domainwww.onfitdentwithkat.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.oodwar.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ophackerkampala256.store
Formbook botnet C2 domain (confidence level: 50%)
domainwww.oymcfaddin.art
Formbook botnet C2 domain (confidence level: 50%)
domainwww.plate.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ransitplus.biz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.rick-mason-jobs-27365.bond
Formbook botnet C2 domain (confidence level: 50%)
domainwww.riwh.bid
Formbook botnet C2 domain (confidence level: 50%)
domainwww.roblemclassified.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.robuzj.property
Formbook botnet C2 domain (confidence level: 50%)
domainwww.roperty4tshwane.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.rttherapies.art
Formbook botnet C2 domain (confidence level: 50%)
domainwww.temwork.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.trahlkraft.pro
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ubyqtbzs7i6n.buzz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.unas.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.wqo.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ykbai.website
Formbook botnet C2 domain (confidence level: 50%)
domainwww.zfah.agency
Formbook botnet C2 domain (confidence level: 50%)
domainwww.zzicasino-21.buzz
Formbook botnet C2 domain (confidence level: 50%)
domainhhnnss.ddns.net
NjRAT botnet C2 domain (confidence level: 50%)
domaindeveloped-headline.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domainhowever-prairie.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domainpark-meetup.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domainhiltonrp.fvds.ru
Havoc botnet C2 domain (confidence level: 100%)
domainallied-constructionllc.online
Unknown malware botnet C2 domain (confidence level: 100%)

Hash

ValueDescriptionCopy
hash3d0a2acde59420d172510cf5c8fa9aec68583d36fd57edeb9dff45c14499be80
SpyBanker payload (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash6189
Remcos botnet C2 server (confidence level: 100%)
hash1995
Remcos botnet C2 server (confidence level: 100%)
hash9907
AsyncRAT botnet C2 server (confidence level: 100%)
hash6505
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash2003
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash2053
Hook botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash3000
Unknown malware botnet C2 server (confidence level: 100%)
hash3778
Mirai botnet C2 server (confidence level: 75%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash80
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash8888
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash47739
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash22533
Unknown malware botnet C2 server (confidence level: 100%)
hash554
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443
PoshC2 botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash19000
Rhadamanthys botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 90%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
ERMAC botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash2087
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash26333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3334
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8889
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash80
Kimsuky botnet C2 server (confidence level: 50%)
hash443
Kimsuky botnet C2 server (confidence level: 50%)
hash80
Kimsuky botnet C2 server (confidence level: 50%)
hash443
Kimsuky botnet C2 server (confidence level: 50%)
hash80
Kimsuky botnet C2 server (confidence level: 50%)
hash80
Kimsuky botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash8808
AsyncRAT botnet C2 server (confidence level: 50%)
hash443
Socks5 Systemz botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8088
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash801
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8111
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8848
AsyncRAT botnet C2 server (confidence level: 75%)
hash10086
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4468
Remcos botnet C2 server (confidence level: 100%)
hash49136
Remcos botnet C2 server (confidence level: 100%)
hash1884
Remcos botnet C2 server (confidence level: 100%)
hash9999
Sliver botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash8090
DCRat botnet C2 server (confidence level: 100%)
hash9999
Brute Ratel C4 botnet C2 server (confidence level: 100%)
hash8080
ERMAC botnet C2 server (confidence level: 100%)
hash443
Eye Pyramid botnet C2 server (confidence level: 75%)
hash40056
Havoc botnet C2 server (confidence level: 75%)
hash55555
Eye Pyramid botnet C2 server (confidence level: 75%)
hash995
QakBot botnet C2 server (confidence level: 75%)
hash4443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
Meterpreter botnet C2 server (confidence level: 75%)
hash8443
Meterpreter botnet C2 server (confidence level: 75%)
hash7000
XWorm botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8082
Cobalt Strike botnet C2 server (confidence level: 100%)
hash205589629ead5d3c1d9e914b49c08589
Akira payload (confidence level: 50%)
hashd37594e06b180d71d1612e6fd61e02a2
Akira payload (confidence level: 50%)
hashdf0dcae2fbd51e2319f9ea46517f4398
Akira payload (confidence level: 50%)
hashea084a42dc0796e98677235de2eb2020
Akira payload (confidence level: 50%)
hash8dc613df28d63907d1b686a8b0c480bf
Akira payload (confidence level: 50%)
hashba365cabaca2381b0955ed1f2af9b609
Akira payload (confidence level: 50%)
hash74f27fb712ad76c9b39398c93e5d94a8
Akira payload (confidence level: 50%)
hash834d44a077ef00f7b27c64998d8553a9
Akira payload (confidence level: 50%)
hasha48060248c624cb8edce7415dcf142b1
Akira payload (confidence level: 50%)
hashd68c82bfa227f4f8e10f640d1c5b341e
Akira payload (confidence level: 50%)
hash1ae94a7f35590456e535130a6febe2b7
Akira payload (confidence level: 50%)
hash80
Kimsuky botnet C2 server (confidence level: 50%)
hash80
Kimsuky botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash1604
DarkComet botnet C2 server (confidence level: 50%)
hash7443
Unknown malware botnet C2 server (confidence level: 50%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash14646
Remcos botnet C2 server (confidence level: 100%)
hash7070
Remcos botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash591
DCRat botnet C2 server (confidence level: 100%)
hash23
Bashlite botnet C2 server (confidence level: 100%)
hash8080
MimiKatz botnet C2 server (confidence level: 100%)
hash19000
Rhadamanthys botnet C2 server (confidence level: 100%)
hash6565
Remcos botnet C2 server (confidence level: 75%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 75%)
hash18444
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash54322
Cobalt Strike botnet C2 server (confidence level: 75%)
hash2053
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
FAKEUPDATES payload delivery server (confidence level: 100%)
hash1111
XWorm botnet C2 server (confidence level: 75%)
hash1111
XWorm botnet C2 server (confidence level: 75%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9192
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash8372
Mirai botnet C2 server (confidence level: 100%)
hash7331
Mirai botnet C2 server (confidence level: 100%)
hash18129
Mirai botnet C2 server (confidence level: 100%)
hash1337
Mirai botnet C2 server (confidence level: 100%)
hash18088
Nitol botnet C2 server (confidence level: 75%)
hash7000
XWorm botnet C2 server (confidence level: 75%)
hash7771
SpyNote botnet C2 server (confidence level: 75%)
hash99
Mirai botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash5555
Mirai botnet C2 server (confidence level: 100%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash6001
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash6000
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8880
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Sliver botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash8081
Quasar RAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 75%)
hash443
Eye Pyramid botnet C2 server (confidence level: 75%)
hash60000
Unknown malware botnet C2 server (confidence level: 75%)
hash60000
Unknown malware botnet C2 server (confidence level: 75%)
hash8082
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8082
Cobalt Strike botnet C2 server (confidence level: 75%)

File

ValueDescriptionCopy
file14.128.34.67
Cobalt Strike botnet C2 server (confidence level: 100%)
file120.55.14.3
Cobalt Strike botnet C2 server (confidence level: 100%)
file65.108.103.92
Remcos botnet C2 server (confidence level: 100%)
file179.13.1.59
Remcos botnet C2 server (confidence level: 100%)
file172.111.162.48
Remcos botnet C2 server (confidence level: 100%)
file172.111.245.69
AsyncRAT botnet C2 server (confidence level: 100%)
file185.208.156.169
AsyncRAT botnet C2 server (confidence level: 100%)
file176.65.142.73
AsyncRAT botnet C2 server (confidence level: 100%)
file176.65.142.73
AsyncRAT botnet C2 server (confidence level: 100%)
file193.42.36.133
AsyncRAT botnet C2 server (confidence level: 100%)
file95.217.218.240
Unknown malware botnet C2 server (confidence level: 100%)
file104.198.70.52
Unknown malware botnet C2 server (confidence level: 100%)
file31.177.110.65
Hook botnet C2 server (confidence level: 100%)
file176.65.141.187
Hook botnet C2 server (confidence level: 100%)
file45.11.229.22
Unknown malware botnet C2 server (confidence level: 100%)
file176.65.144.232
Mirai botnet C2 server (confidence level: 75%)
file104.219.239.2
Remcos botnet C2 server (confidence level: 100%)
file65.20.70.235
Remcos botnet C2 server (confidence level: 100%)
file104.245.240.158
Remcos botnet C2 server (confidence level: 100%)
file3.224.129.209
Sliver botnet C2 server (confidence level: 100%)
file2.37.187.46
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.69.103
AsyncRAT botnet C2 server (confidence level: 100%)
file176.65.142.73
AsyncRAT botnet C2 server (confidence level: 100%)
file154.205.148.129
Hook botnet C2 server (confidence level: 100%)
file207.180.213.75
Quasar RAT botnet C2 server (confidence level: 100%)
file38.54.115.190
Havoc botnet C2 server (confidence level: 100%)
file194.48.248.71
Havoc botnet C2 server (confidence level: 100%)
file159.54.139.230
Unknown malware botnet C2 server (confidence level: 100%)
file52.201.232.45
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file34.172.208.55
PoshC2 botnet C2 server (confidence level: 100%)
file85.239.34.236
MooBot botnet C2 server (confidence level: 100%)
file86.54.42.224
Rhadamanthys botnet C2 server (confidence level: 100%)
file35.88.163.52
Sliver botnet C2 server (confidence level: 90%)
file176.65.142.65
AsyncRAT botnet C2 server (confidence level: 100%)
file176.65.142.65
AsyncRAT botnet C2 server (confidence level: 100%)
file45.150.34.163
ERMAC botnet C2 server (confidence level: 100%)
file196.251.86.168
Unknown malware botnet C2 server (confidence level: 100%)
file142.44.157.112
Unknown malware botnet C2 server (confidence level: 100%)
file149.50.137.180
Unknown malware botnet C2 server (confidence level: 100%)
file20.109.40.35
Unknown malware botnet C2 server (confidence level: 100%)
file82.65.255.173
Unknown malware botnet C2 server (confidence level: 100%)
file47.238.242.78
Unknown malware botnet C2 server (confidence level: 100%)
file51.158.106.82
Unknown malware botnet C2 server (confidence level: 100%)
file20.218.170.123
Unknown malware botnet C2 server (confidence level: 100%)
file40.71.17.246
Unknown malware botnet C2 server (confidence level: 100%)
file212.81.188.105
Unknown malware botnet C2 server (confidence level: 100%)
file111.229.35.131
Unknown malware botnet C2 server (confidence level: 100%)
file148.66.2.194
Cobalt Strike botnet C2 server (confidence level: 50%)
file110.41.185.80
Cobalt Strike botnet C2 server (confidence level: 50%)
file1.12.254.118
Cobalt Strike botnet C2 server (confidence level: 50%)
file46.101.75.53
Cobalt Strike botnet C2 server (confidence level: 50%)
file103.176.145.162
Cobalt Strike botnet C2 server (confidence level: 50%)
file45.9.149.112
Kimsuky botnet C2 server (confidence level: 50%)
file141.164.37.48
Kimsuky botnet C2 server (confidence level: 50%)
file45.9.149.142
Kimsuky botnet C2 server (confidence level: 50%)
file210.114.12.10
Kimsuky botnet C2 server (confidence level: 50%)
file158.247.211.14
Kimsuky botnet C2 server (confidence level: 50%)
file210.114.11.131
Kimsuky botnet C2 server (confidence level: 50%)
file23.168.152.21
Sliver botnet C2 server (confidence level: 50%)
file119.28.113.215
Sliver botnet C2 server (confidence level: 50%)
file173.232.146.149
Sliver botnet C2 server (confidence level: 50%)
file50.85.119.227
Unknown malware botnet C2 server (confidence level: 50%)
file84.32.231.72
AsyncRAT botnet C2 server (confidence level: 50%)
file95.215.206.151
Socks5 Systemz botnet C2 server (confidence level: 75%)
file118.178.89.112
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.214.172.10
Cobalt Strike botnet C2 server (confidence level: 100%)
file68.183.93.106
Cobalt Strike botnet C2 server (confidence level: 100%)
file113.44.151.118
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.134.36.25
Cobalt Strike botnet C2 server (confidence level: 100%)
file120.55.14.3
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.107.68.127
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.20.102.131
AsyncRAT botnet C2 server (confidence level: 75%)
file149.88.84.102
Cobalt Strike botnet C2 server (confidence level: 100%)
file150.158.46.102
Cobalt Strike botnet C2 server (confidence level: 100%)
file84.32.220.50
Remcos botnet C2 server (confidence level: 100%)
file49.13.68.31
Remcos botnet C2 server (confidence level: 100%)
file103.186.101.114
Remcos botnet C2 server (confidence level: 100%)
file213.199.41.54
Sliver botnet C2 server (confidence level: 100%)
file154.31.206.225
Unknown malware botnet C2 server (confidence level: 100%)
file154.31.216.212
Unknown malware botnet C2 server (confidence level: 100%)
file65.19.178.73
AsyncRAT botnet C2 server (confidence level: 100%)
file194.195.241.185
Unknown malware botnet C2 server (confidence level: 100%)
file84.32.9.223
Unknown malware botnet C2 server (confidence level: 100%)
file45.125.66.45
Hook botnet C2 server (confidence level: 100%)
file172.104.147.101
Hook botnet C2 server (confidence level: 100%)
file31.177.110.65
Hook botnet C2 server (confidence level: 100%)
file81.177.215.30
Venom RAT botnet C2 server (confidence level: 100%)
file186.169.36.44
DCRat botnet C2 server (confidence level: 100%)
file154.82.92.74
Brute Ratel C4 botnet C2 server (confidence level: 100%)
file172.104.147.101
ERMAC botnet C2 server (confidence level: 100%)
file104.36.229.243
Eye Pyramid botnet C2 server (confidence level: 75%)
file159.203.143.205
Havoc botnet C2 server (confidence level: 75%)
file45.86.231.115
Eye Pyramid botnet C2 server (confidence level: 75%)
file50.46.255.143
QakBot botnet C2 server (confidence level: 75%)
file94.250.249.129
DeimosC2 botnet C2 server (confidence level: 75%)
file109.72.93.55
Meterpreter botnet C2 server (confidence level: 75%)
file196.251.83.129
Meterpreter botnet C2 server (confidence level: 75%)
file45.141.215.107
XWorm botnet C2 server (confidence level: 100%)
file47.106.229.212
Cobalt Strike botnet C2 server (confidence level: 100%)
file82.156.206.199
Cobalt Strike botnet C2 server (confidence level: 100%)
file203.245.0.121
Kimsuky botnet C2 server (confidence level: 50%)
file158.247.243.122
Kimsuky botnet C2 server (confidence level: 50%)
file193.135.9.187
Sliver botnet C2 server (confidence level: 50%)
file95.158.10.196
DarkComet botnet C2 server (confidence level: 50%)
file170.64.176.152
Unknown malware botnet C2 server (confidence level: 50%)
file118.25.94.61
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.222.192.178
Cobalt Strike botnet C2 server (confidence level: 100%)
file107.172.148.197
Remcos botnet C2 server (confidence level: 100%)
file216.9.225.172
Remcos botnet C2 server (confidence level: 100%)
file1.94.125.195
Unknown malware botnet C2 server (confidence level: 100%)
file103.143.230.128
Unknown malware botnet C2 server (confidence level: 100%)
file193.42.36.133
AsyncRAT botnet C2 server (confidence level: 100%)
file74.176.200.142
Havoc botnet C2 server (confidence level: 100%)
file195.82.146.32
DCRat botnet C2 server (confidence level: 100%)
file31.57.77.16
Bashlite botnet C2 server (confidence level: 100%)
file51.44.180.176
MimiKatz botnet C2 server (confidence level: 100%)
file176.65.143.152
Rhadamanthys botnet C2 server (confidence level: 100%)
file192.3.101.149
Remcos botnet C2 server (confidence level: 75%)
file110.41.76.82
Cobalt Strike botnet C2 server (confidence level: 75%)
file124.221.30.83
Cobalt Strike botnet C2 server (confidence level: 75%)
file128.1.157.229
Cobalt Strike botnet C2 server (confidence level: 75%)
file47.116.40.141
Cobalt Strike botnet C2 server (confidence level: 75%)
file47.243.99.248
Cobalt Strike botnet C2 server (confidence level: 75%)
file47.89.66.226
Cobalt Strike botnet C2 server (confidence level: 75%)
file47.89.66.230
Cobalt Strike botnet C2 server (confidence level: 75%)
file193.46.217.168
FAKEUPDATES payload delivery server (confidence level: 100%)
file176.65.141.214
XWorm botnet C2 server (confidence level: 75%)
file176.65.144.22
XWorm botnet C2 server (confidence level: 75%)
file83.229.127.159
Cobalt Strike botnet C2 server (confidence level: 100%)
file156.245.14.10
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.208.159.165
Remcos botnet C2 server (confidence level: 100%)
file139.59.50.35
Unknown malware botnet C2 server (confidence level: 100%)
file107.189.20.2
MooBot botnet C2 server (confidence level: 100%)
file213.209.129.92
Mirai botnet C2 server (confidence level: 100%)
file193.32.162.27
Mirai botnet C2 server (confidence level: 100%)
file193.32.162.27
Mirai botnet C2 server (confidence level: 100%)
file185.194.205.79
Mirai botnet C2 server (confidence level: 100%)
file206.238.115.207
Nitol botnet C2 server (confidence level: 75%)
file5.141.215.107
XWorm botnet C2 server (confidence level: 75%)
file172.86.93.104
SpyNote botnet C2 server (confidence level: 75%)
file103.135.45.110
Mirai botnet C2 server (confidence level: 100%)
file78.46.233.25
Vidar botnet C2 server (confidence level: 100%)
file87.121.84.145
Mirai botnet C2 server (confidence level: 100%)
file38.55.198.247
Cobalt Strike botnet C2 server (confidence level: 75%)
file88.31.16.17
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file88.112.168.157
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file165.154.203.220
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.37.134.174
Cobalt Strike botnet C2 server (confidence level: 100%)
file120.55.169.128
Cobalt Strike botnet C2 server (confidence level: 100%)
file196.251.87.226
Cobalt Strike botnet C2 server (confidence level: 100%)
file52.173.131.28
Sliver botnet C2 server (confidence level: 100%)
file139.59.35.118
Unknown malware botnet C2 server (confidence level: 100%)
file45.79.191.168
Hook botnet C2 server (confidence level: 100%)
file197.133.27.126
Quasar RAT botnet C2 server (confidence level: 100%)
file85.217.184.73
Havoc botnet C2 server (confidence level: 100%)
file45.61.160.127
Unknown malware botnet C2 server (confidence level: 100%)
file110.40.47.5
Unknown malware botnet C2 server (confidence level: 75%)
file13.217.66.6
Eye Pyramid botnet C2 server (confidence level: 75%)
file43.156.109.61
Unknown malware botnet C2 server (confidence level: 75%)
file45.152.66.103
Unknown malware botnet C2 server (confidence level: 75%)
file148.66.2.194
Cobalt Strike botnet C2 server (confidence level: 75%)
file148.66.2.196
Cobalt Strike botnet C2 server (confidence level: 75%)

Threat ID: 682c7db7e8347ec82d2bdd71

Added to database: 5/20/2025, 1:03:51 PM

Last enriched: 6/19/2025, 3:18:42 PM

Last updated: 8/18/2025, 9:51:57 AM

Views: 34

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats