ThreatFox IOCs for 2025-03-26
Severity: mediumType: malware
ThreatFox IOCs for 2025-03-26
AI Analysis
Technical Summary
The provided threat intelligence pertains to a malware-related report titled "ThreatFox IOCs for 2025-03-26," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under 'type:osint' and tagged with 'tlp:white,' indicating that the information is publicly shareable without restrictions. The threat is classified as malware, but no specific malware family, variant, or affected software versions are detailed. There are no associated Common Weakness Enumerations (CWEs), patch links, or known exploits in the wild, suggesting that this is either a newly identified threat or a collection of IOCs without confirmed active exploitation. The technical details include a threat level of 2 (on an unspecified scale), an analysis level of 1, and a distribution level of 3, which may imply moderate dissemination or detection frequency. The absence of indicators in the provided data limits the ability to perform signature-based detection or targeted hunting. Overall, the information appears to be a general IOC update rather than a detailed technical report on a specific malware campaign or vulnerability. The lack of affected versions or products beyond a generic 'osint' product category further suggests this is an intelligence feed rather than a vulnerability advisory. Given the medium severity rating assigned by the source, the threat likely poses a moderate risk, potentially involving malware samples or indicators that could be leveraged in reconnaissance or early-stage intrusion activities.
Potential Impact
For European organizations, the impact of this threat is currently limited by the lack of detailed exploitation data or confirmed active campaigns. However, the presence of malware-related IOCs in ThreatFox indicates potential reconnaissance or preparatory activity that could precede targeted attacks. European entities relying on open-source intelligence (OSINT) tools or platforms may be indirectly affected if these IOCs are related to malware targeting such environments. The medium severity suggests that while immediate disruption or data compromise is unlikely, organizations should remain vigilant as these IOCs could be used to identify vulnerable systems or facilitate lateral movement in future attacks. The absence of known exploits in the wild reduces the immediate risk but does not eliminate the possibility of emerging threats leveraging these indicators. Consequently, European organizations, especially those in critical infrastructure, finance, and government sectors, should consider this intelligence as part of their broader threat landscape monitoring to preempt potential malware intrusions.
Mitigation Recommendations
1. Integrate the provided IOCs from ThreatFox into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities, even if the indicators are currently sparse. 2. Conduct proactive threat hunting exercises focusing on malware behaviors and network anomalies that could correlate with the medium severity threat level. 3. Maintain up-to-date OSINT tools and ensure that all related software components are patched and configured securely, even though no specific affected versions are listed. 4. Enhance user awareness training to recognize phishing or social engineering tactics that often precede malware deployment, as early-stage indicators might be subtle. 5. Collaborate with European cybersecurity information sharing organizations (e.g., ENISA, CERT-EU) to receive timely updates and contextual analysis related to these IOCs. 6. Implement network segmentation and strict access controls to limit potential lateral movement should malware be introduced. 7. Regularly review and update incident response plans to incorporate scenarios involving emerging malware threats identified through OSINT feeds.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- url: http://46.8.226.196/scripts/4thepool_miner.sh
- domain: check.dymab.icu
- domain: check.ledax.icu
- url: https://ronsamuel.com/4r4r.js
- domain: ronsamuel.com
- url: https://ronsamuel.com/js.php
- domain: check.cohor.icu
- domain: glowceeralk.online
- domain: wordingvenuo.fun
- url: https://176.65.142.161/f698bbaeef359c28.php
- url: https://193.233.74.31/13cecbdad86667b0.php
- url: https://185.215.113.37/e2b1563c6670f193.php
- url: https://45.93.20.28/85a1cacf11314eb8.php
- url: https://45.93.20.64/96d56f5c90701384.php
- url: https://185.215.113.115/c4becf79229cb002.php
- url: https://62.204.41.177/edd20096ecef326d.php
- url: https://95.182.97.58/84b7b6f977dd1c65.php
- url: https://93.123.39.135/129edec4272dc2c8.php
- url: https://195.10.205.117/3d3d9476182c2057.php
- url: https://213.209.150.220/d7f85cd3e24a4757.php
- url: https://95.216.112.83/413a030d85acf448.php
- url: https://185.5.248.95/c1377b94d43eacea.php
- url: https://179.43.162.2/d8ab11e9f7bc9c13.php
- url: https://176.124.192.200/bef7fb05c9ef6540.php
- url: https://146.70.161.51/273d9c8034a95cb4.php
- url: https://93.233.254.53/278c2fb3d8583f0e.php
- url: https://91.202.233.158/e96ea2db21fa9a1b.php
- url: https://104.245.240.18/d7f85cd3e24a4757.php
- url: https://193.233.254.53/278c2fb3d8583f0e.php
- url: https://171.22.28.221/5c06c05b7b34e8e6.php
- url: https://62.204.41.159/edd20096ecef326d.php
- url: https://95.215.204.182/4d3324bde875e159.php
- url: https://45.91.201.142/e344542ca4922af9.php
- hash: 3d0a2acde59420d172510cf5c8fa9aec68583d36fd57edeb9dff45c14499be80
- file: 14.128.34.67
- hash: 443
- file: 120.55.14.3
- hash: 4444
- domain: confident-archimedes.179-43-176-3.plesk.page
- file: 65.108.103.92
- hash: 2404
- file: 179.13.1.59
- hash: 6189
- file: 172.111.162.48
- hash: 1995
- domain: ec2-18-167-254-207.ap-east-1.compute.amazonaws.com
- file: 172.111.245.69
- hash: 9907
- file: 185.208.156.169
- hash: 6505
- file: 176.65.142.73
- hash: 6606
- file: 176.65.142.73
- hash: 7707
- file: 193.42.36.133
- hash: 2003
- file: 95.217.218.240
- hash: 7443
- file: 104.198.70.52
- hash: 443
- file: 31.177.110.65
- hash: 2053
- file: 176.65.141.187
- hash: 8089
- domain: login.my.gov.au.upgrade1.zip
- domain: mail.multi-canale.com
- file: 45.11.229.22
- hash: 3000
- domain: check.zynyx.icu
- url: https://check.zynyx.icu/gkcxv.google
- file: 176.65.144.232
- hash: 3778
- domain: cstest250326.iqiyic.icu
- domain: qiaoshen.top
- file: 104.219.239.2
- hash: 2404
- file: 65.20.70.235
- hash: 80
- file: 104.245.240.158
- hash: 2404
- file: 3.224.129.209
- hash: 443
- file: 2.37.187.46
- hash: 8808
- file: 196.251.69.103
- hash: 8888
- file: 176.65.142.73
- hash: 8808
- file: 154.205.148.129
- hash: 8089
- file: 207.180.213.75
- hash: 4782
- file: 38.54.115.190
- hash: 47739
- file: 194.48.248.71
- hash: 443
- file: 159.54.139.230
- hash: 22533
- file: 52.201.232.45
- hash: 554
- file: 34.172.208.55
- hash: 443
- file: 85.239.34.236
- hash: 80
- domain: mail.b.multi-canale.com
- domain: cpanel.d.multi-canale.com
- domain: webmail.a.ora-0-web.com
- file: 86.54.42.224
- hash: 19000
- file: 35.88.163.52
- hash: 443
- file: 176.65.142.65
- hash: 7707
- file: 176.65.142.65
- hash: 6606
- file: 45.150.34.163
- hash: 80
- file: 196.251.86.168
- hash: 60000
- file: 142.44.157.112
- hash: 3333
- file: 149.50.137.180
- hash: 2087
- file: 20.109.40.35
- hash: 3333
- file: 82.65.255.173
- hash: 80
- file: 47.238.242.78
- hash: 26333
- file: 51.158.106.82
- hash: 443
- file: 20.218.170.123
- hash: 3333
- file: 40.71.17.246
- hash: 3333
- file: 212.81.188.105
- hash: 3334
- file: 111.229.35.131
- hash: 443
- domain: ferrousz.digital
- domain: mettoolx.live
- file: 148.66.2.194
- hash: 9999
- file: 110.41.185.80
- hash: 8889
- file: 1.12.254.118
- hash: 50050
- file: 46.101.75.53
- hash: 443
- file: 103.176.145.162
- hash: 8443
- file: 45.9.149.112
- hash: 80
- file: 141.164.37.48
- hash: 443
- file: 45.9.149.142
- hash: 80
- file: 210.114.12.10
- hash: 443
- file: 158.247.211.14
- hash: 80
- file: 210.114.11.131
- hash: 80
- file: 23.168.152.21
- hash: 31337
- file: 119.28.113.215
- hash: 31337
- file: 173.232.146.149
- hash: 31337
- file: 50.85.119.227
- hash: 3333
- url: http://205.198.65.161:8888/supershell/login
- file: 84.32.231.72
- hash: 8808
- domain: letaryzipthone.ddns.net
- domain: putix.ddns.net
- domain: servicio.reposterializzart.info
- domain: knokaaa-35772.portmap.host
- domain: accommodation-cambridge.gl.at.ply.gg
- domain: multi-referral.gl.at.ply.gg
- domain: aadvento.run
- domain: airwanhder.shop
- domain: cosmosyf.top
- domain: galarona.bet
- domain: netbitec.live
- domain: soliduso.digital
- domain: javascripterhub.com
- domain: masteringjscode.com
- domain: javascriptsynergy.com
- domain: interactivejsworld.com
- domain: dynamicjsdevelopers.co
- domain: check.viqon.icu
- url: https://check.viqon.icu/gkcxv.google
- file: 95.215.206.151
- hash: 443
- domain: check.gytat.icu
- url: https://check.gytat.icu/gkcxv.google
- domain: dreamvacationstop.top
- domain: herophombyre.top
- file: 118.178.89.112
- hash: 80
- file: 103.214.172.10
- hash: 443
- file: 68.183.93.106
- hash: 80
- file: 113.44.151.118
- hash: 8088
- file: 45.134.36.25
- hash: 9443
- file: 120.55.14.3
- hash: 801
- file: 39.107.68.127
- hash: 8111
- file: 103.20.102.131
- hash: 8848
- file: 149.88.84.102
- hash: 10086
- file: 150.158.46.102
- hash: 80
- file: 84.32.220.50
- hash: 4468
- file: 49.13.68.31
- hash: 49136
- file: 103.186.101.114
- hash: 1884
- file: 213.199.41.54
- hash: 9999
- file: 154.31.206.225
- hash: 8888
- file: 154.31.216.212
- hash: 8888
- file: 65.19.178.73
- hash: 8808
- file: 194.195.241.185
- hash: 7443
- file: 84.32.9.223
- hash: 7443
- file: 45.125.66.45
- hash: 8089
- file: 172.104.147.101
- hash: 80
- file: 31.177.110.65
- hash: 80
- domain: cn.mhknex555.com
- file: 81.177.215.30
- hash: 4449
- file: 186.169.36.44
- hash: 8090
- file: 154.82.92.74
- hash: 9999
- file: 172.104.147.101
- hash: 8080
- file: 104.36.229.243
- hash: 443
- file: 159.203.143.205
- hash: 40056
- file: 45.86.231.115
- hash: 55555
- file: 50.46.255.143
- hash: 995
- file: 94.250.249.129
- hash: 4443
- file: 109.72.93.55
- hash: 443
- file: 196.251.83.129
- hash: 8443
- domain: check.lipog.icu
- url: https://check.lipog.icu/gkcxv.google
- file: 45.141.215.107
- hash: 7000
- domain: stvann.onlinewebshop.net
- domain: a1106540.xsph.ru
- domain: cosmicov.live
- url: https://cosmicov.live/api
- file: 47.106.229.212
- hash: 80
- file: 82.156.206.199
- hash: 8082
- hash: 205589629ead5d3c1d9e914b49c08589
- hash: d37594e06b180d71d1612e6fd61e02a2
- hash: df0dcae2fbd51e2319f9ea46517f4398
- hash: ea084a42dc0796e98677235de2eb2020
- hash: 8dc613df28d63907d1b686a8b0c480bf
- hash: ba365cabaca2381b0955ed1f2af9b609
- hash: 74f27fb712ad76c9b39398c93e5d94a8
- hash: 834d44a077ef00f7b27c64998d8553a9
- hash: a48060248c624cb8edce7415dcf142b1
- hash: d68c82bfa227f4f8e10f640d1c5b341e
- hash: 1ae94a7f35590456e535130a6febe2b7
- file: 203.245.0.121
- hash: 80
- file: 158.247.243.122
- hash: 80
- file: 193.135.9.187
- hash: 31337
- file: 95.158.10.196
- hash: 1604
- file: 170.64.176.152
- hash: 7443
- domain: check.helij.icu
- url: https://check.helij.icu/gkcxv.google
- file: 118.25.94.61
- hash: 8443
- file: 8.222.192.178
- hash: 443
- file: 107.172.148.197
- hash: 14646
- file: 216.9.225.172
- hash: 7070
- file: 1.94.125.195
- hash: 8888
- file: 103.143.230.128
- hash: 8888
- file: 193.42.36.133
- hash: 8808
- domain: simplepifj.world
- file: 74.176.200.142
- hash: 443
- file: 195.82.146.32
- hash: 591
- file: 31.57.77.16
- hash: 23
- domain: cpcalendars.versioneonline.com
- domain: autodiscover.h.web-app-on.com
- domain: cpcalendars.m.web-app-on.com
- file: 51.44.180.176
- hash: 8080
- file: 176.65.143.152
- hash: 19000
- url: http://115.233.60.197:8081/jquery-3.3.2.slim.min.js
- url: http://146.196.52.51:7777/pixel
- file: 192.3.101.149
- hash: 6565
- domain: 86nr8m27y8m94.cfc-execute.bj.baidubce.com
- domain: ccc.ufoxing.com
- domain: cdn.chatgpt-cdn.com
- file: 110.41.76.82
- hash: 9999
- file: 124.221.30.83
- hash: 18444
- file: 128.1.157.229
- hash: 80
- file: 47.116.40.141
- hash: 54322
- file: 47.243.99.248
- hash: 2053
- file: 47.89.66.226
- hash: 80
- file: 47.89.66.230
- hash: 80
- url: https://pixtreev.run/lkauz
- url: https://skynetxc.live/aksopa
- url: https://sparkiob.digital/keasup
- url: https://ferrousz.digital/gsapz
- url: https://hacknestm.run/nbdha
- domain: dynamicjsdevelopers.com
- file: 193.46.217.168
- hash: 443
- domain: vegetablebasket.icu
- domain: check.vased.icu
- url: https://check.vased.icu/gkcxv.google
- domain: forfsakencoilddxga.com
- domain: caprofklfkzttripwith.com
- domain: serviceauthfoap.com
- domain: check.higuh.icu
- url: https://check.higuh.icu/gkcxv.google
- domain: bb990a9a6fafe.duckdns.org
- domain: abuwire123h.ddns.net
- file: 176.65.141.214
- hash: 1111
- domain: scotwire.ddns.net
- file: 176.65.144.22
- hash: 1111
- domain: check.quzis.icu
- url: https://check.quzis.icu/gkcxv.google
- url: https://inteklabs.com/2g6n.js
- domain: inteklabs.com
- url: https://inteklabs.com/js.php
- file: 83.229.127.159
- hash: 8080
- file: 156.245.14.10
- hash: 9192
- file: 185.208.159.165
- hash: 2404
- file: 139.59.50.35
- hash: 7443
- file: 107.189.20.2
- hash: 80
- url: https://xiolewarentiom.com/test/
- domain: forefilarem.com
- domain: xiolewarentiom.com
- file: 213.209.129.92
- hash: 8372
- file: 193.32.162.27
- hash: 7331
- file: 193.32.162.27
- hash: 18129
- file: 185.194.205.79
- hash: 1337
- file: 206.238.115.207
- hash: 18088
- file: 5.141.215.107
- hash: 7000
- file: 172.86.93.104
- hash: 7771
- domain: visasecurity.net
- domain: 519nmcj312v7y.cfc-execute.bj.baidubce.com
- file: 103.135.45.110
- hash: 99
- url: http://59.88.23.194:49027/mozi.m
- url: https://xx.ap.formaxprime.co.uk/
- url: https://e.x.formaxprime.co.uk/
- url: https://78.46.233.25/
- url: https://167.235.59.196/
- domain: xx.ap.formaxprime.co.uk
- domain: e.x.formaxprime.co.uk
- file: 78.46.233.25
- hash: 443
- file: 87.121.84.145
- hash: 5555
- domain: ns1.connectlink.top
- domain: ns2.connectlink.top
- domain: ns3.connectlink.top
- file: 38.55.198.247
- hash: 53
- file: 88.31.16.17
- hash: 6001
- file: 88.112.168.157
- hash: 6000
- url: http://www.18y6s32s.top/kk18/
- url: http://www.249.top/kk18/
- url: http://www.24kzty991r.shop/kk18/
- url: http://www.67frmu442r.shop/kk18/
- url: http://www.6851044.vip/kk18/
- url: http://www.86r5.info/kk18/
- url: http://www.ajbke.shop/kk18/
- url: http://www.alo4d.net/kk18/
- url: http://www.amilianm.store/kk18/
- url: http://www.ampbelltx.info/kk18/
- url: http://www.antappecah001.mom/kk18/
- url: http://www.arrisseedse.shop/kk18/
- url: http://www.avidhost.site/kk18/
- url: http://www.bvljoe.solutions/kk18/
- url: http://www.dc-gmbh.net/kk18/
- url: http://www.dinara.best/kk18/
- url: http://www.eddings-56794.bond/kk18/
- url: http://www.efundee.help/kk18/
- url: http://www.ennyandpearljewellery.net/kk18/
- url: http://www.ental-insurance-us-631.xyz/kk18/
- url: http://www.ertbz.xyz/kk18/
- url: http://www.essonsandblessings.shop/kk18/
- url: http://www.ewdq.top/kk18/
- url: http://www.ewssphere.one/kk18/
- url: http://www.gtttttt224.top/kk18/
- url: http://www.haiyaoder.top/kk18/
- url: http://www.hrgreret.online/kk18/
- url: http://www.ibdobreva.art/kk18/
- url: http://www.ideosha.vip/kk18/
- url: http://www.igna.store/kk18/
- url: http://www.ikskp.top/kk18/
- url: http://www.inetask.net/kk18/
- url: http://www.inlinwangziyi.fun/kk18/
- url: http://www.ipcity.net/kk18/
- url: http://www.itchen-design-57211.bond/kk18/
- url: http://www.iuzhou15.top/kk18/
- url: http://www.lobelifecom.net/kk18/
- url: http://www.lowfy1.store/kk18/
- url: http://www.luxfyxerflow.info/kk18/
- url: http://www.lzgwcxlgtrf.sbs/kk18/
- url: http://www.name.vip/kk18/
- url: http://www.nxezvnjtk.xyz/kk18/
- url: http://www.ogel.kim/kk18/
- url: http://www.ogel.loan/kk18/
- url: http://www.omovremont.store/kk18/
- url: http://www.onfitdentwithkat.net/kk18/
- url: http://www.oodwar.shop/kk18/
- url: http://www.ophackerkampala256.store/kk18/
- url: http://www.oymcfaddin.art/kk18/
- url: http://www.plate.online/kk18/
- url: http://www.ransitplus.biz/kk18/
- url: http://www.rick-mason-jobs-27365.bond/kk18/
- url: http://www.riwh.bid/kk18/
- url: http://www.roblemclassified.online/kk18/
- url: http://www.robuzj.property/kk18/
- url: http://www.roperty4tshwane.online/kk18/
- url: http://www.rttherapies.art/kk18/
- url: http://www.temwork.info/kk18/
- url: http://www.trahlkraft.pro/kk18/
- url: http://www.ubyqtbzs7i6n.buzz/kk18/
- url: http://www.unas.shop/kk18/
- url: http://www.wqo.xyz/kk18/
- url: http://www.ykbai.website/kk18/
- url: http://www.zfah.agency/kk18/
- url: http://www.zzicasino-21.buzz/kk18/
- domain: www.18y6s32s.top
- domain: www.249.top
- domain: www.24kzty991r.shop
- domain: www.67frmu442r.shop
- domain: www.6851044.vip
- domain: www.86r5.info
- domain: www.ajbke.shop
- domain: www.alo4d.net
- domain: www.amilianm.store
- domain: www.ampbelltx.info
- domain: www.antappecah001.mom
- domain: www.arrisseedse.shop
- domain: www.avidhost.site
- domain: www.bvljoe.solutions
- domain: www.dc-gmbh.net
- domain: www.dinara.best
- domain: www.eddings-56794.bond
- domain: www.efundee.help
- domain: www.ennyandpearljewellery.net
- domain: www.ental-insurance-us-631.xyz
- domain: www.ertbz.xyz
- domain: www.essonsandblessings.shop
- domain: www.ewdq.top
- domain: www.ewssphere.one
- domain: www.gtttttt224.top
- domain: www.haiyaoder.top
- domain: www.hrgreret.online
- domain: www.ibdobreva.art
- domain: www.ideosha.vip
- domain: www.igna.store
- domain: www.ikskp.top
- domain: www.inetask.net
- domain: www.inlinwangziyi.fun
- domain: www.ipcity.net
- domain: www.itchen-design-57211.bond
- domain: www.iuzhou15.top
- domain: www.lobelifecom.net
- domain: www.lowfy1.store
- domain: www.luxfyxerflow.info
- domain: www.lzgwcxlgtrf.sbs
- domain: www.name.vip
- domain: www.nxezvnjtk.xyz
- domain: www.ogel.kim
- domain: www.ogel.loan
- domain: www.omovremont.store
- domain: www.onfitdentwithkat.net
- domain: www.oodwar.shop
- domain: www.ophackerkampala256.store
- domain: www.oymcfaddin.art
- domain: www.plate.online
- domain: www.ransitplus.biz
- domain: www.rick-mason-jobs-27365.bond
- domain: www.riwh.bid
- domain: www.roblemclassified.online
- domain: www.robuzj.property
- domain: www.roperty4tshwane.online
- domain: www.rttherapies.art
- domain: www.temwork.info
- domain: www.trahlkraft.pro
- domain: www.ubyqtbzs7i6n.buzz
- domain: www.unas.shop
- domain: www.wqo.xyz
- domain: www.ykbai.website
- domain: www.zfah.agency
- domain: www.zzicasino-21.buzz
- domain: hhnnss.ddns.net
- domain: developed-headline.gl.at.ply.gg
- domain: however-prairie.gl.at.ply.gg
- domain: park-meetup.gl.at.ply.gg
- file: 165.154.203.220
- hash: 80
- file: 121.37.134.174
- hash: 8080
- file: 120.55.169.128
- hash: 8880
- file: 196.251.87.226
- hash: 4433
- file: 52.173.131.28
- hash: 8443
- file: 139.59.35.118
- hash: 7443
- file: 45.79.191.168
- hash: 80
- file: 197.133.27.126
- hash: 8081
- file: 85.217.184.73
- hash: 443
- domain: hiltonrp.fvds.ru
- domain: allied-constructionllc.online
- file: 45.61.160.127
- hash: 3333
- file: 110.40.47.5
- hash: 60000
- file: 13.217.66.6
- hash: 443
- file: 43.156.109.61
- hash: 60000
- file: 45.152.66.103
- hash: 60000
- file: 148.66.2.194
- hash: 8082
- file: 148.66.2.196
- hash: 8082
ThreatFox IOCs for 2025-03-26
Medium
Published: Wed Mar 26 2025 (03/26/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-03-26
AI-Powered Analysis
AILast updated: 06/19/2025, 15:18:42 UTC
Technical Analysis
The provided threat intelligence pertains to a malware-related report titled "ThreatFox IOCs for 2025-03-26," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under 'type:osint' and tagged with 'tlp:white,' indicating that the information is publicly shareable without restrictions. The threat is classified as malware, but no specific malware family, variant, or affected software versions are detailed. There are no associated Common Weakness Enumerations (CWEs), patch links, or known exploits in the wild, suggesting that this is either a newly identified threat or a collection of IOCs without confirmed active exploitation. The technical details include a threat level of 2 (on an unspecified scale), an analysis level of 1, and a distribution level of 3, which may imply moderate dissemination or detection frequency. The absence of indicators in the provided data limits the ability to perform signature-based detection or targeted hunting. Overall, the information appears to be a general IOC update rather than a detailed technical report on a specific malware campaign or vulnerability. The lack of affected versions or products beyond a generic 'osint' product category further suggests this is an intelligence feed rather than a vulnerability advisory. Given the medium severity rating assigned by the source, the threat likely poses a moderate risk, potentially involving malware samples or indicators that could be leveraged in reconnaissance or early-stage intrusion activities.
Potential Impact
For European organizations, the impact of this threat is currently limited by the lack of detailed exploitation data or confirmed active campaigns. However, the presence of malware-related IOCs in ThreatFox indicates potential reconnaissance or preparatory activity that could precede targeted attacks. European entities relying on open-source intelligence (OSINT) tools or platforms may be indirectly affected if these IOCs are related to malware targeting such environments. The medium severity suggests that while immediate disruption or data compromise is unlikely, organizations should remain vigilant as these IOCs could be used to identify vulnerable systems or facilitate lateral movement in future attacks. The absence of known exploits in the wild reduces the immediate risk but does not eliminate the possibility of emerging threats leveraging these indicators. Consequently, European organizations, especially those in critical infrastructure, finance, and government sectors, should consider this intelligence as part of their broader threat landscape monitoring to preempt potential malware intrusions.
Mitigation Recommendations
1. Integrate the provided IOCs from ThreatFox into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities, even if the indicators are currently sparse. 2. Conduct proactive threat hunting exercises focusing on malware behaviors and network anomalies that could correlate with the medium severity threat level. 3. Maintain up-to-date OSINT tools and ensure that all related software components are patched and configured securely, even though no specific affected versions are listed. 4. Enhance user awareness training to recognize phishing or social engineering tactics that often precede malware deployment, as early-stage indicators might be subtle. 5. Collaborate with European cybersecurity information sharing organizations (e.g., ENISA, CERT-EU) to receive timely updates and contextual analysis related to these IOCs. 6. Implement network segmentation and strict access controls to limit potential lateral movement should malware be introduced. 7. Regularly review and update incident response plans to incorporate scenarios involving emerging malware threats identified through OSINT feeds.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- c9c4a007-2eaf-4010-99d4-cecbcf7e4314
- Original Timestamp
- 1743033786
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://46.8.226.196/scripts/4thepool_miner.sh | Unknown malware payload delivery URL (confidence level: 75%) | |
urlhttps://ronsamuel.com/4r4r.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://ronsamuel.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://176.65.142.161/f698bbaeef359c28.php | Stealc botnet C2 (confidence level: 75%) | |
urlhttps://193.233.74.31/13cecbdad86667b0.php | Stealc botnet C2 (confidence level: 75%) | |
urlhttps://185.215.113.37/e2b1563c6670f193.php | Stealc botnet C2 (confidence level: 75%) | |
urlhttps://45.93.20.28/85a1cacf11314eb8.php | Stealc botnet C2 (confidence level: 75%) | |
urlhttps://45.93.20.64/96d56f5c90701384.php | Stealc botnet C2 (confidence level: 75%) | |
urlhttps://185.215.113.115/c4becf79229cb002.php | Stealc botnet C2 (confidence level: 75%) | |
urlhttps://62.204.41.177/edd20096ecef326d.php | Stealc botnet C2 (confidence level: 75%) | |
urlhttps://95.182.97.58/84b7b6f977dd1c65.php | Stealc botnet C2 (confidence level: 75%) | |
urlhttps://93.123.39.135/129edec4272dc2c8.php | Stealc botnet C2 (confidence level: 75%) | |
urlhttps://195.10.205.117/3d3d9476182c2057.php | Stealc botnet C2 (confidence level: 75%) | |
urlhttps://213.209.150.220/d7f85cd3e24a4757.php | Stealc botnet C2 (confidence level: 75%) | |
urlhttps://95.216.112.83/413a030d85acf448.php | Stealc botnet C2 (confidence level: 75%) | |
urlhttps://185.5.248.95/c1377b94d43eacea.php | Stealc botnet C2 (confidence level: 75%) | |
urlhttps://179.43.162.2/d8ab11e9f7bc9c13.php | Stealc botnet C2 (confidence level: 75%) | |
urlhttps://176.124.192.200/bef7fb05c9ef6540.php | Stealc botnet C2 (confidence level: 75%) | |
urlhttps://146.70.161.51/273d9c8034a95cb4.php | Stealc botnet C2 (confidence level: 75%) | |
urlhttps://93.233.254.53/278c2fb3d8583f0e.php | Stealc botnet C2 (confidence level: 75%) | |
urlhttps://91.202.233.158/e96ea2db21fa9a1b.php | Stealc botnet C2 (confidence level: 75%) | |
urlhttps://104.245.240.18/d7f85cd3e24a4757.php | Stealc botnet C2 (confidence level: 75%) | |
urlhttps://193.233.254.53/278c2fb3d8583f0e.php | Stealc botnet C2 (confidence level: 75%) | |
urlhttps://171.22.28.221/5c06c05b7b34e8e6.php | Stealc botnet C2 (confidence level: 75%) | |
urlhttps://62.204.41.159/edd20096ecef326d.php | Stealc botnet C2 (confidence level: 75%) | |
urlhttps://95.215.204.182/4d3324bde875e159.php | Stealc botnet C2 (confidence level: 75%) | |
urlhttps://45.91.201.142/e344542ca4922af9.php | Stealc botnet C2 (confidence level: 75%) | |
urlhttps://check.zynyx.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://205.198.65.161:8888/supershell/login | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://check.viqon.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.gytat.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.lipog.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://cosmicov.live/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://check.helij.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://115.233.60.197:8081/jquery-3.3.2.slim.min.js | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://146.196.52.51:7777/pixel | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttps://pixtreev.run/lkauz | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://skynetxc.live/aksopa | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://sparkiob.digital/keasup | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://ferrousz.digital/gsapz | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://hacknestm.run/nbdha | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://check.vased.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.higuh.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.quzis.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://inteklabs.com/2g6n.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://inteklabs.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://xiolewarentiom.com/test/ | Latrodectus botnet C2 (confidence level: 100%) | |
urlhttp://59.88.23.194:49027/mozi.m | Mozi payload delivery URL (confidence level: 75%) | |
urlhttps://xx.ap.formaxprime.co.uk/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://e.x.formaxprime.co.uk/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://78.46.233.25/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://167.235.59.196/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://www.18y6s32s.top/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.249.top/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.24kzty991r.shop/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.67frmu442r.shop/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.6851044.vip/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.86r5.info/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ajbke.shop/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.alo4d.net/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.amilianm.store/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ampbelltx.info/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.antappecah001.mom/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.arrisseedse.shop/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.avidhost.site/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.bvljoe.solutions/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.dc-gmbh.net/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.dinara.best/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.eddings-56794.bond/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.efundee.help/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ennyandpearljewellery.net/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ental-insurance-us-631.xyz/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ertbz.xyz/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.essonsandblessings.shop/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ewdq.top/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ewssphere.one/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.gtttttt224.top/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.haiyaoder.top/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.hrgreret.online/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ibdobreva.art/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ideosha.vip/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.igna.store/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ikskp.top/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.inetask.net/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.inlinwangziyi.fun/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ipcity.net/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.itchen-design-57211.bond/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.iuzhou15.top/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.lobelifecom.net/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.lowfy1.store/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.luxfyxerflow.info/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.lzgwcxlgtrf.sbs/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.name.vip/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nxezvnjtk.xyz/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ogel.kim/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ogel.loan/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.omovremont.store/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.onfitdentwithkat.net/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.oodwar.shop/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ophackerkampala256.store/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.oymcfaddin.art/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.plate.online/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ransitplus.biz/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rick-mason-jobs-27365.bond/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.riwh.bid/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.roblemclassified.online/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.robuzj.property/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.roperty4tshwane.online/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rttherapies.art/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.temwork.info/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.trahlkraft.pro/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ubyqtbzs7i6n.buzz/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.unas.shop/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.wqo.xyz/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ykbai.website/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.zfah.agency/kk18/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.zzicasino-21.buzz/kk18/ | Formbook botnet C2 (confidence level: 50%) |
Domain
| Value | Description | Copy |
|---|---|---|
domaincheck.dymab.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.ledax.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainronsamuel.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaincheck.cohor.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainglowceeralk.online | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainwordingvenuo.fun | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainconfident-archimedes.179-43-176-3.plesk.page | Remcos botnet C2 domain (confidence level: 100%) | |
domainec2-18-167-254-207.ap-east-1.compute.amazonaws.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainlogin.my.gov.au.upgrade1.zip | Havoc botnet C2 domain (confidence level: 100%) | |
domainmail.multi-canale.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domaincheck.zynyx.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincstest250326.iqiyic.icu | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainqiaoshen.top | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainmail.b.multi-canale.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domaincpanel.d.multi-canale.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainwebmail.a.ora-0-web.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainferrousz.digital | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmettoolx.live | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainletaryzipthone.ddns.net | DCRat botnet C2 domain (confidence level: 50%) | |
domainputix.ddns.net | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainservicio.reposterializzart.info | Remcos botnet C2 domain (confidence level: 50%) | |
domainknokaaa-35772.portmap.host | XenoRAT botnet C2 domain (confidence level: 50%) | |
domainaccommodation-cambridge.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainmulti-referral.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainaadvento.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainairwanhder.shop | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaincosmosyf.top | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaingalarona.bet | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainnetbitec.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainsoliduso.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainjavascripterhub.com | FAKEUPDATES payload delivery domain (confidence level: 50%) | |
domainmasteringjscode.com | FAKEUPDATES payload delivery domain (confidence level: 50%) | |
domainjavascriptsynergy.com | FAKEUPDATES payload delivery domain (confidence level: 50%) | |
domaininteractivejsworld.com | FAKEUPDATES payload delivery domain (confidence level: 50%) | |
domaindynamicjsdevelopers.co | FAKEUPDATES payload delivery domain (confidence level: 50%) | |
domaincheck.viqon.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.gytat.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaindreamvacationstop.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainherophombyre.top | Unknown malware payload delivery domain (confidence level: 100%) | |
domaincn.mhknex555.com | Hook botnet C2 domain (confidence level: 100%) | |
domaincheck.lipog.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainstvann.onlinewebshop.net | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1106540.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaincosmicov.live | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincheck.helij.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainsimplepifj.world | Hook botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.versioneonline.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainautodiscover.h.web-app-on.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.m.web-app-on.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domain86nr8m27y8m94.cfc-execute.bj.baidubce.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainccc.ufoxing.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaincdn.chatgpt-cdn.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaindynamicjsdevelopers.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainvegetablebasket.icu | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domaincheck.vased.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainforfsakencoilddxga.com | ClearFake payload delivery domain (confidence level: 100%) | |
domaincaprofklfkzttripwith.com | ClearFake payload delivery domain (confidence level: 100%) | |
domainserviceauthfoap.com | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.higuh.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainbb990a9a6fafe.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainabuwire123h.ddns.net | XWorm botnet C2 domain (confidence level: 100%) | |
domainscotwire.ddns.net | XWorm botnet C2 domain (confidence level: 100%) | |
domaincheck.quzis.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaininteklabs.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainforefilarem.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domainxiolewarentiom.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domainvisasecurity.net | SpyNote payload delivery domain (confidence level: 100%) | |
domain519nmcj312v7y.cfc-execute.bj.baidubce.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainxx.ap.formaxprime.co.uk | Vidar botnet C2 domain (confidence level: 100%) | |
domaine.x.formaxprime.co.uk | Vidar botnet C2 domain (confidence level: 100%) | |
domainns1.connectlink.top | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns2.connectlink.top | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns3.connectlink.top | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainwww.18y6s32s.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.249.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.24kzty991r.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.67frmu442r.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.6851044.vip | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.86r5.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ajbke.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.alo4d.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.amilianm.store | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ampbelltx.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.antappecah001.mom | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.arrisseedse.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.avidhost.site | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.bvljoe.solutions | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.dc-gmbh.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.dinara.best | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.eddings-56794.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.efundee.help | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ennyandpearljewellery.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ental-insurance-us-631.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ertbz.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.essonsandblessings.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ewdq.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ewssphere.one | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.gtttttt224.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.haiyaoder.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.hrgreret.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ibdobreva.art | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ideosha.vip | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.igna.store | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ikskp.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.inetask.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.inlinwangziyi.fun | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ipcity.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.itchen-design-57211.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.iuzhou15.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.lobelifecom.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.lowfy1.store | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.luxfyxerflow.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.lzgwcxlgtrf.sbs | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.name.vip | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.nxezvnjtk.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ogel.kim | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ogel.loan | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.omovremont.store | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.onfitdentwithkat.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.oodwar.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ophackerkampala256.store | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.oymcfaddin.art | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.plate.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ransitplus.biz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.rick-mason-jobs-27365.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.riwh.bid | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.roblemclassified.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.robuzj.property | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.roperty4tshwane.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.rttherapies.art | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.temwork.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.trahlkraft.pro | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ubyqtbzs7i6n.buzz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.unas.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.wqo.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ykbai.website | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.zfah.agency | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.zzicasino-21.buzz | Formbook botnet C2 domain (confidence level: 50%) | |
domainhhnnss.ddns.net | NjRAT botnet C2 domain (confidence level: 50%) | |
domaindeveloped-headline.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainhowever-prairie.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainpark-meetup.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainhiltonrp.fvds.ru | Havoc botnet C2 domain (confidence level: 100%) | |
domainallied-constructionllc.online | Unknown malware botnet C2 domain (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash3d0a2acde59420d172510cf5c8fa9aec68583d36fd57edeb9dff45c14499be80 | SpyBanker payload (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash6189 | Remcos botnet C2 server (confidence level: 100%) | |
hash1995 | Remcos botnet C2 server (confidence level: 100%) | |
hash9907 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6505 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2003 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2053 | Hook botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash3000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3778 | Mirai botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash47739 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash22533 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash554 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | PoshC2 botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash19000 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 90%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | ERMAC botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2087 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash26333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3334 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8889 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash80 | Kimsuky botnet C2 server (confidence level: 50%) | |
hash443 | Kimsuky botnet C2 server (confidence level: 50%) | |
hash80 | Kimsuky botnet C2 server (confidence level: 50%) | |
hash443 | Kimsuky botnet C2 server (confidence level: 50%) | |
hash80 | Kimsuky botnet C2 server (confidence level: 50%) | |
hash80 | Kimsuky botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash443 | Socks5 Systemz botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash801 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8111 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8848 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash10086 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4468 | Remcos botnet C2 server (confidence level: 100%) | |
hash49136 | Remcos botnet C2 server (confidence level: 100%) | |
hash1884 | Remcos botnet C2 server (confidence level: 100%) | |
hash9999 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8090 | DCRat botnet C2 server (confidence level: 100%) | |
hash9999 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
hash8080 | ERMAC botnet C2 server (confidence level: 100%) | |
hash443 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash40056 | Havoc botnet C2 server (confidence level: 75%) | |
hash55555 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash4443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash8443 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8082 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash205589629ead5d3c1d9e914b49c08589 | Akira payload (confidence level: 50%) | |
hashd37594e06b180d71d1612e6fd61e02a2 | Akira payload (confidence level: 50%) | |
hashdf0dcae2fbd51e2319f9ea46517f4398 | Akira payload (confidence level: 50%) | |
hashea084a42dc0796e98677235de2eb2020 | Akira payload (confidence level: 50%) | |
hash8dc613df28d63907d1b686a8b0c480bf | Akira payload (confidence level: 50%) | |
hashba365cabaca2381b0955ed1f2af9b609 | Akira payload (confidence level: 50%) | |
hash74f27fb712ad76c9b39398c93e5d94a8 | Akira payload (confidence level: 50%) | |
hash834d44a077ef00f7b27c64998d8553a9 | Akira payload (confidence level: 50%) | |
hasha48060248c624cb8edce7415dcf142b1 | Akira payload (confidence level: 50%) | |
hashd68c82bfa227f4f8e10f640d1c5b341e | Akira payload (confidence level: 50%) | |
hash1ae94a7f35590456e535130a6febe2b7 | Akira payload (confidence level: 50%) | |
hash80 | Kimsuky botnet C2 server (confidence level: 50%) | |
hash80 | Kimsuky botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash14646 | Remcos botnet C2 server (confidence level: 100%) | |
hash7070 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash591 | DCRat botnet C2 server (confidence level: 100%) | |
hash23 | Bashlite botnet C2 server (confidence level: 100%) | |
hash8080 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash19000 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash6565 | Remcos botnet C2 server (confidence level: 75%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash18444 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54322 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash2053 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash1111 | XWorm botnet C2 server (confidence level: 75%) | |
hash1111 | XWorm botnet C2 server (confidence level: 75%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9192 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash8372 | Mirai botnet C2 server (confidence level: 100%) | |
hash7331 | Mirai botnet C2 server (confidence level: 100%) | |
hash18129 | Mirai botnet C2 server (confidence level: 100%) | |
hash1337 | Mirai botnet C2 server (confidence level: 100%) | |
hash18088 | Nitol botnet C2 server (confidence level: 75%) | |
hash7000 | XWorm botnet C2 server (confidence level: 75%) | |
hash7771 | SpyNote botnet C2 server (confidence level: 75%) | |
hash99 | Mirai botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash5555 | Mirai botnet C2 server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash6001 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash6000 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8880 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8081 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash443 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash8082 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8082 | Cobalt Strike botnet C2 server (confidence level: 75%) |
File
| Value | Description | Copy |
|---|---|---|
file14.128.34.67 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.55.14.3 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file65.108.103.92 | Remcos botnet C2 server (confidence level: 100%) | |
file179.13.1.59 | Remcos botnet C2 server (confidence level: 100%) | |
file172.111.162.48 | Remcos botnet C2 server (confidence level: 100%) | |
file172.111.245.69 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.208.156.169 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file176.65.142.73 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file176.65.142.73 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file193.42.36.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file95.217.218.240 | Unknown malware botnet C2 server (confidence level: 100%) | |
file104.198.70.52 | Unknown malware botnet C2 server (confidence level: 100%) | |
file31.177.110.65 | Hook botnet C2 server (confidence level: 100%) | |
file176.65.141.187 | Hook botnet C2 server (confidence level: 100%) | |
file45.11.229.22 | Unknown malware botnet C2 server (confidence level: 100%) | |
file176.65.144.232 | Mirai botnet C2 server (confidence level: 75%) | |
file104.219.239.2 | Remcos botnet C2 server (confidence level: 100%) | |
file65.20.70.235 | Remcos botnet C2 server (confidence level: 100%) | |
file104.245.240.158 | Remcos botnet C2 server (confidence level: 100%) | |
file3.224.129.209 | Sliver botnet C2 server (confidence level: 100%) | |
file2.37.187.46 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.69.103 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file176.65.142.73 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file154.205.148.129 | Hook botnet C2 server (confidence level: 100%) | |
file207.180.213.75 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file38.54.115.190 | Havoc botnet C2 server (confidence level: 100%) | |
file194.48.248.71 | Havoc botnet C2 server (confidence level: 100%) | |
file159.54.139.230 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.201.232.45 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file34.172.208.55 | PoshC2 botnet C2 server (confidence level: 100%) | |
file85.239.34.236 | MooBot botnet C2 server (confidence level: 100%) | |
file86.54.42.224 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file35.88.163.52 | Sliver botnet C2 server (confidence level: 90%) | |
file176.65.142.65 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file176.65.142.65 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.150.34.163 | ERMAC botnet C2 server (confidence level: 100%) | |
file196.251.86.168 | Unknown malware botnet C2 server (confidence level: 100%) | |
file142.44.157.112 | Unknown malware botnet C2 server (confidence level: 100%) | |
file149.50.137.180 | Unknown malware botnet C2 server (confidence level: 100%) | |
file20.109.40.35 | Unknown malware botnet C2 server (confidence level: 100%) | |
file82.65.255.173 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.238.242.78 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.158.106.82 | Unknown malware botnet C2 server (confidence level: 100%) | |
file20.218.170.123 | Unknown malware botnet C2 server (confidence level: 100%) | |
file40.71.17.246 | Unknown malware botnet C2 server (confidence level: 100%) | |
file212.81.188.105 | Unknown malware botnet C2 server (confidence level: 100%) | |
file111.229.35.131 | Unknown malware botnet C2 server (confidence level: 100%) | |
file148.66.2.194 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file110.41.185.80 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file1.12.254.118 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file46.101.75.53 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file103.176.145.162 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file45.9.149.112 | Kimsuky botnet C2 server (confidence level: 50%) | |
file141.164.37.48 | Kimsuky botnet C2 server (confidence level: 50%) | |
file45.9.149.142 | Kimsuky botnet C2 server (confidence level: 50%) | |
file210.114.12.10 | Kimsuky botnet C2 server (confidence level: 50%) | |
file158.247.211.14 | Kimsuky botnet C2 server (confidence level: 50%) | |
file210.114.11.131 | Kimsuky botnet C2 server (confidence level: 50%) | |
file23.168.152.21 | Sliver botnet C2 server (confidence level: 50%) | |
file119.28.113.215 | Sliver botnet C2 server (confidence level: 50%) | |
file173.232.146.149 | Sliver botnet C2 server (confidence level: 50%) | |
file50.85.119.227 | Unknown malware botnet C2 server (confidence level: 50%) | |
file84.32.231.72 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file95.215.206.151 | Socks5 Systemz botnet C2 server (confidence level: 75%) | |
file118.178.89.112 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.214.172.10 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file68.183.93.106 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file113.44.151.118 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.134.36.25 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.55.14.3 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.107.68.127 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.20.102.131 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file149.88.84.102 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file150.158.46.102 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file84.32.220.50 | Remcos botnet C2 server (confidence level: 100%) | |
file49.13.68.31 | Remcos botnet C2 server (confidence level: 100%) | |
file103.186.101.114 | Remcos botnet C2 server (confidence level: 100%) | |
file213.199.41.54 | Sliver botnet C2 server (confidence level: 100%) | |
file154.31.206.225 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.31.216.212 | Unknown malware botnet C2 server (confidence level: 100%) | |
file65.19.178.73 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file194.195.241.185 | Unknown malware botnet C2 server (confidence level: 100%) | |
file84.32.9.223 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.125.66.45 | Hook botnet C2 server (confidence level: 100%) | |
file172.104.147.101 | Hook botnet C2 server (confidence level: 100%) | |
file31.177.110.65 | Hook botnet C2 server (confidence level: 100%) | |
file81.177.215.30 | Venom RAT botnet C2 server (confidence level: 100%) | |
file186.169.36.44 | DCRat botnet C2 server (confidence level: 100%) | |
file154.82.92.74 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
file172.104.147.101 | ERMAC botnet C2 server (confidence level: 100%) | |
file104.36.229.243 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file159.203.143.205 | Havoc botnet C2 server (confidence level: 75%) | |
file45.86.231.115 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file50.46.255.143 | QakBot botnet C2 server (confidence level: 75%) | |
file94.250.249.129 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file109.72.93.55 | Meterpreter botnet C2 server (confidence level: 75%) | |
file196.251.83.129 | Meterpreter botnet C2 server (confidence level: 75%) | |
file45.141.215.107 | XWorm botnet C2 server (confidence level: 100%) | |
file47.106.229.212 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file82.156.206.199 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file203.245.0.121 | Kimsuky botnet C2 server (confidence level: 50%) | |
file158.247.243.122 | Kimsuky botnet C2 server (confidence level: 50%) | |
file193.135.9.187 | Sliver botnet C2 server (confidence level: 50%) | |
file95.158.10.196 | DarkComet botnet C2 server (confidence level: 50%) | |
file170.64.176.152 | Unknown malware botnet C2 server (confidence level: 50%) | |
file118.25.94.61 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.222.192.178 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.172.148.197 | Remcos botnet C2 server (confidence level: 100%) | |
file216.9.225.172 | Remcos botnet C2 server (confidence level: 100%) | |
file1.94.125.195 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.143.230.128 | Unknown malware botnet C2 server (confidence level: 100%) | |
file193.42.36.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file74.176.200.142 | Havoc botnet C2 server (confidence level: 100%) | |
file195.82.146.32 | DCRat botnet C2 server (confidence level: 100%) | |
file31.57.77.16 | Bashlite botnet C2 server (confidence level: 100%) | |
file51.44.180.176 | MimiKatz botnet C2 server (confidence level: 100%) | |
file176.65.143.152 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file192.3.101.149 | Remcos botnet C2 server (confidence level: 75%) | |
file110.41.76.82 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file124.221.30.83 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file128.1.157.229 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file47.116.40.141 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file47.243.99.248 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file47.89.66.226 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file47.89.66.230 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file193.46.217.168 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file176.65.141.214 | XWorm botnet C2 server (confidence level: 75%) | |
file176.65.144.22 | XWorm botnet C2 server (confidence level: 75%) | |
file83.229.127.159 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.245.14.10 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.208.159.165 | Remcos botnet C2 server (confidence level: 100%) | |
file139.59.50.35 | Unknown malware botnet C2 server (confidence level: 100%) | |
file107.189.20.2 | MooBot botnet C2 server (confidence level: 100%) | |
file213.209.129.92 | Mirai botnet C2 server (confidence level: 100%) | |
file193.32.162.27 | Mirai botnet C2 server (confidence level: 100%) | |
file193.32.162.27 | Mirai botnet C2 server (confidence level: 100%) | |
file185.194.205.79 | Mirai botnet C2 server (confidence level: 100%) | |
file206.238.115.207 | Nitol botnet C2 server (confidence level: 75%) | |
file5.141.215.107 | XWorm botnet C2 server (confidence level: 75%) | |
file172.86.93.104 | SpyNote botnet C2 server (confidence level: 75%) | |
file103.135.45.110 | Mirai botnet C2 server (confidence level: 100%) | |
file78.46.233.25 | Vidar botnet C2 server (confidence level: 100%) | |
file87.121.84.145 | Mirai botnet C2 server (confidence level: 100%) | |
file38.55.198.247 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file88.31.16.17 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file88.112.168.157 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file165.154.203.220 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.37.134.174 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.55.169.128 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file196.251.87.226 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file52.173.131.28 | Sliver botnet C2 server (confidence level: 100%) | |
file139.59.35.118 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.79.191.168 | Hook botnet C2 server (confidence level: 100%) | |
file197.133.27.126 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file85.217.184.73 | Havoc botnet C2 server (confidence level: 100%) | |
file45.61.160.127 | Unknown malware botnet C2 server (confidence level: 100%) | |
file110.40.47.5 | Unknown malware botnet C2 server (confidence level: 75%) | |
file13.217.66.6 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file43.156.109.61 | Unknown malware botnet C2 server (confidence level: 75%) | |
file45.152.66.103 | Unknown malware botnet C2 server (confidence level: 75%) | |
file148.66.2.194 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file148.66.2.196 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Threat ID: 682c7db7e8347ec82d2bdd71
Added to database: 5/20/2025, 1:03:51 PM
Last enriched: 6/19/2025, 3:18:42 PM
Last updated: 8/18/2025, 9:51:57 AM
Views: 34
Related Threats
ThreatFox IOCs for 2025-08-17
MediumMalwareMon Aug 18 2025
ThreatFox IOCs for 2025-08-16
MediumMalwareSun Aug 17 2025
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumMalwareSat Aug 16 2025
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.