Skip to main content

ThreatFox IOCs for 2025-03-27

Medium
Published: Thu Mar 27 2025 (03/27/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-03-27

AI-Powered Analysis

AILast updated: 06/19/2025, 15:17:11 UTC

Technical Analysis

The provided threat intelligence pertains to a malware-related report titled "ThreatFox IOCs for 2025-03-27," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under "osint" (open-source intelligence) and is tagged with "type:osint" and "tlp:white," indicating that the information is intended for wide distribution without restrictions. No specific affected product versions or CWE identifiers are provided, and there are no patch links or known exploits in the wild associated with this threat at the time of publication. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination potential but limited analytical depth. The absence of concrete IOCs or detailed technical indicators limits the ability to perform a granular technical dissection of the malware's behavior, infection vectors, or payload characteristics. Given the lack of detailed technical data, it appears this report serves as a general alert or a placeholder for emerging malware-related intelligence rather than a detailed vulnerability or exploit advisory. The threat's medium severity classification reflects a moderate risk posture, likely due to the potential for malware activity but without evidence of active exploitation or widespread impact at this time.

Potential Impact

For European organizations, the impact of this threat is currently limited due to the absence of known exploits in the wild and the lack of detailed technical indicators. However, the presence of malware-related IOCs in open-source intelligence repositories like ThreatFox suggests that threat actors may be preparing or conducting reconnaissance activities that could precede targeted attacks. European entities relying on OSINT feeds for threat detection and response may benefit from early awareness but should remain vigilant. Potential impacts include increased risk of malware infections that could compromise confidentiality, integrity, or availability of systems if the malware were to be deployed effectively. The medium severity rating indicates that while immediate risk is not critical, organizations should not disregard the threat, especially those in sectors with high-value targets such as finance, critical infrastructure, and government services. The lack of specific affected products or versions means that the threat could be broad or generic, potentially impacting multiple platforms or environments if exploited.

Mitigation Recommendations

Given the limited technical details, mitigation should focus on strengthening general malware defense and OSINT integration practices. European organizations should: 1) Continuously monitor and integrate updated IOCs from ThreatFox and similar OSINT platforms into their security information and event management (SIEM) systems to enhance detection capabilities. 2) Employ advanced endpoint protection solutions with behavioral analysis to detect and block unknown or emerging malware variants. 3) Conduct regular threat hunting exercises focusing on anomalies that may correlate with emerging IOCs. 4) Maintain rigorous patch management and system hardening practices to reduce the attack surface, even though no specific patches are indicated. 5) Educate security teams on interpreting and operationalizing OSINT data effectively to avoid false positives and ensure timely response. 6) Collaborate with national and European cybersecurity centers (e.g., ENISA) to share intelligence and receive guidance on emerging threats. These steps go beyond generic advice by emphasizing proactive OSINT integration and behavioral detection tailored to the nature of the threat intelligence provided.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
947c688b-0485-4168-9f94-6ec0fa379eaf
Original Timestamp
1743120185

Indicators of Compromise

Domain

ValueDescriptionCopy
domainanvilixx.run
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainbarcastb.live
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainfurnexyz.live
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainingotfyx.live
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainmeltwaym.digital
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainoreflown.run
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainrodstepv.digital
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainsteelioc.digital
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainb897b98721.b-cdn.net
Unknown Stealer payload delivery domain (confidence level: 100%)
domainblackhats.thehomeserver.net
xmrig payload delivery domain (confidence level: 100%)
domaindashboard.rath3r.xyz
Havoc botnet C2 domain (confidence level: 100%)
domainjwt.cpyc.at
Havoc botnet C2 domain (confidence level: 100%)
domainx.cpyc.at
Havoc botnet C2 domain (confidence level: 100%)
domainmail.104-168-101-27.cprapid.com
Bashlite botnet C2 domain (confidence level: 100%)
domaincpcalendars.e.multi-canale.com
Bashlite botnet C2 domain (confidence level: 100%)
domainwebdisk.c.multi-canale.com
Bashlite botnet C2 domain (confidence level: 100%)
domainalloyupr.run
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainweb.mhknex555.com
Hook botnet C2 domain (confidence level: 100%)
domaincpcontacts.c.ora-0-web.com
Bashlite botnet C2 domain (confidence level: 100%)
domainwebmail.continueoraweb.com
Bashlite botnet C2 domain (confidence level: 100%)
domainautodiscover.d.multi-canale.com
Bashlite botnet C2 domain (confidence level: 100%)
domainmail.oraonweb.com
Bashlite botnet C2 domain (confidence level: 100%)
domainfreeimagecdn.com
Unknown Loader botnet C2 domain (confidence level: 50%)
domainmvnrepo.net
Unknown Loader botnet C2 domain (confidence level: 50%)
domainenvio25-03.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 50%)
domainenvio25-3.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 50%)
domainextr6.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 50%)
domainfather-ever.gl.at.ply.gg
AsyncRAT botnet C2 domain (confidence level: 50%)
domain7908pt.4cloud.click
Remcos botnet C2 domain (confidence level: 50%)
domainabby.work.gd
Remcos botnet C2 domain (confidence level: 50%)
domainrumbaya.com
FAKEUPDATES payload delivery domain (confidence level: 50%)
domainnetcorde.run
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainw.ap.formaxprime.co.uk
Vidar botnet C2 domain (confidence level: 100%)
domainenetlabq.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainmail.i.web-app-on.com
Bashlite botnet C2 domain (confidence level: 100%)
domainforgeitt.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainweldmaxi.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainsteeliow.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincastlaby.live
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainmetalixq.run
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainmetworkp.run
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainscrapixo.live
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainsmeltedx.run
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincheck.hulak.icu
ClearFake payload delivery domain (confidence level: 100%)
domaincs.qiaoshen.top
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaingod.qiaoshen.top
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainwww.mail163.com.pl
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainmoldifye.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainrodcastx.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincodemaxq.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainhacknowl.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaintechbitl.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainironwebi.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaindevpathq.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaintechhubq.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainscraplyo.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaindatagymx.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainqrtechh.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainalgosetr.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainweldhubt.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainappzoner.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainironmodw.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainsteeluxz.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaindevcodeu.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainweldorae.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainplugboth.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainferromny.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincan-features.gl.at.ply.gg
NjRAT botnet C2 domain (confidence level: 75%)
domaincheck.togis.icu
ClearFake payload delivery domain (confidence level: 100%)
domainoregearp.run
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainoreheatq.live
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincastmaxw.run
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainsteelixr.live
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainsmeltingt.run
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincheck.tuqad.icu
ClearFake payload delivery domain (confidence level: 100%)
domainvds2405267.my-ihor.ru
Havoc botnet C2 domain (confidence level: 100%)
domaincheck.sacyd.icu
ClearFake payload delivery domain (confidence level: 100%)
domaincheck.bufok.icu
ClearFake payload delivery domain (confidence level: 100%)
domainty.ap.4t.com
Vidar botnet C2 domain (confidence level: 100%)
domaingalactich.today
Lumma Stealer botnet C2 domain (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttps://oreflown.run/biags
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://meltmetu.live/dvozdw
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://89.169.12.119/api/ytasodysodisowqsytesodgsotasotusnjusn2qs
SmartLoader botnet C2 (confidence level: 75%)
urlhttp://45.79.191.168/
Hook botnet C2 (confidence level: 50%)
urlhttps://uatsfdtasfytdafsytads.in.net/mtbiytaymtk0nzjj/
Coper botnet C2 (confidence level: 80%)
urlhttps://myytasdtfasydtfaysfdast.net/mtbiytaymtk0nzjj/
Coper botnet C2 (confidence level: 80%)
urlhttps://mkaosdkasdbasidbas.life/mtbiytaymtk0nzjj/
Coper botnet C2 (confidence level: 80%)
urlhttps://ksmkldaksmaosdmaoskmad.pics/mtbiytaymtk0nzjj/
Coper botnet C2 (confidence level: 80%)
urlhttps://qutwdgtqwduqtgquwtd.fun/mtbiytaymtk0nzjj/
Coper botnet C2 (confidence level: 80%)
urlhttps://mklqwmdkqmwdkqwoodqw.tech/mtbiytaymtk0nzjj/
Coper botnet C2 (confidence level: 80%)
urlhttps://asytdfaystfdaystfda.site/mtbiytaymtk0nzjj/
Coper botnet C2 (confidence level: 80%)
urlhttps://autsgduaysgdasgu.shop/mtbiytaymtk0nzjj/
Coper botnet C2 (confidence level: 80%)
urlhttps://maksmdkamskdmaskm.life/mtbiytaymtk0nzjj/
Coper botnet C2 (confidence level: 80%)
urlhttps://kjhxckjskcjsnckd.online/mtbiytaymtk0nzjj/
Coper botnet C2 (confidence level: 80%)
urlhttps://w.ap.formaxprime.co.uk/
Vidar botnet C2 (confidence level: 100%)
urlhttps://forgeitt.digital/sogidn
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://castlaby.live/naogd
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://metalixq.run/xias
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://steeliow.digital/xzdwqd
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://check.hulak.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.togis.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.tuqad.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.sacyd.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.bufok.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://ty.ap.4t.com/
Vidar botnet C2 (confidence level: 100%)
urlhttps://check.nawym.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.hequf.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.pipyq.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.tyzof.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.cofat.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)

Hash

ValueDescriptionCopy
hashfb439167075ca2232679869ae9501c5eeee88521125163cc1869f9629428b295
Unknown Stealer payload (confidence level: 100%)
hash85032533512bdb54e039a85d7efffb0ff9763c91ecb514e4be57fb3de368e6c3
Unknown Stealer payload (confidence level: 100%)
hash4276c72dbb9bac81420e1e69e556e8e3a3c77451915696bbfd350091d9c29f2c
Unknown Stealer payload (confidence level: 100%)
hash5f5fd8971f6dec74eb4320d73d57cb4a041947c5f2de8ee8e2746817b86065b0
Unknown Stealer payload (confidence level: 100%)
hashb9134031ec0418a45d49513bff1111ed630f3057b0e06ba65aefcca68e9745e5
Unknown Stealer payload (confidence level: 100%)
hashfdfc4b7e0f12d446cc09c42866ceed377726509ca7f0e5692680634a12d91e3b
Unknown Stealer payload (confidence level: 100%)
hashf49c7d0a52733ee8fb5fae539abb27aaf66eaf0bcc7518dc0904c6194bc6bc75
Unknown Stealer payload (confidence level: 100%)
hasheeaf09ee31afe603fa192427becc2137ca477caf5f5c2d86aeba9a67626390bb
Unknown Stealer payload (confidence level: 100%)
hashd4d1452706568d531b8fbae55f14f1d375985fe6928240ccaf3a7bf8df25fdd2
Unknown Stealer payload (confidence level: 100%)
hash7c99241f68b29a4e2aa41f03c86412f074796b6cd6c4be92174476827542e4b9
Unknown Stealer payload (confidence level: 100%)
hashb8ca3fa5335f7d157fb1ed78c55a1ef75f06cdc1a9dca6879042a21e1e8f8f99
Unknown Stealer payload (confidence level: 100%)
hasha0224bf056a03e1d664aa6550208d55d539211fa811ba2ecd31834346a197480
Unknown Stealer payload (confidence level: 100%)
hash7b4bd8daccc403544f6b8b3040281db82cce5b95ab6f12198fba289c2b900701
Unknown Stealer payload (confidence level: 100%)
hash9c49bd46b0613633c46d49e8940e48136c5b2e0c03b198e33c100bd3e3d20a0e
Unknown Stealer payload (confidence level: 100%)
hash602b73c3f589154f26a4916c778adb5192f01f62e97d159a7cdd4da86902e9b5
Unknown Stealer payload (confidence level: 100%)
hash4cfa0ed4076dc097eb8e49f9bc60b50abc23f5315faf1eaa13fe2c70615d7b9e
Unknown Stealer payload (confidence level: 100%)
hash4b1f9f928a0dfc8241e9c11ff48b4ca0da076958f3cb364c0c27a183ff58d93e
Unknown Stealer payload (confidence level: 100%)
hash36d7b890ccfa7c7e9deeb493015f226f10b36c782a059652ecf3fa28fe9ee46d
Unknown Stealer payload (confidence level: 100%)
hash47217bea65985ed938d0ec23c0ca5aed519ab86daae00e6181376e6e2305a2cf
Unknown Stealer payload (confidence level: 100%)
hash0e3fea5526aa7354516a716a748e7a0561c476b90b0ffc454c86a63db1775f46
Unknown Stealer payload (confidence level: 100%)
hash311c0324f7e594e2857f01bc9902ce5240a510c1d7473208e2bf44873d389c0f
Unknown Stealer payload (confidence level: 100%)
hash10b88dc57f20704b3d3d1c7b6cebe31052ef712e0366b7feffd83c2ff5ef3131
Unknown Stealer payload (confidence level: 100%)
hash22c4c8a862513a106e0dd1a80d255ad6a5e9b8b9a22308993f57dfede92a5456
Unknown Stealer payload (confidence level: 100%)
hash1312
Mirai botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash25
Remcos botnet C2 server (confidence level: 100%)
hash443
Remcos botnet C2 server (confidence level: 100%)
hash8888
Remcos botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash7777
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash54984
Nanocore RAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash80
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash7045
DCRat botnet C2 server (confidence level: 100%)
hash9000
DCRat botnet C2 server (confidence level: 100%)
hash1521
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash103
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash503
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash54681
Chaos botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Bashlite botnet C2 server (confidence level: 100%)
hash443
Bashlite botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash7001
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash8888
Sliver botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash3000
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash45051
Hook botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash8082
ERMAC botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8081
MimiKatz botnet C2 server (confidence level: 100%)
hash65533
Unknown malware botnet C2 server (confidence level: 100%)
hash4444
AsyncRAT botnet C2 server (confidence level: 100%)
hash1000
AsyncRAT botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash8001
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash6969
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash81
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash8081
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8000
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash20000
AsyncRAT botnet C2 server (confidence level: 50%)
hash8700
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash8126
BlackShades botnet C2 server (confidence level: 50%)
hash80
Unknown malware botnet C2 server (confidence level: 50%)
hash443
Unknown malware botnet C2 server (confidence level: 50%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash80
Sliver botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash5000
AsyncRAT botnet C2 server (confidence level: 100%)
hash9907
AsyncRAT botnet C2 server (confidence level: 100%)
hash7077
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Quasar RAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash12443
Havoc botnet C2 server (confidence level: 100%)
hash8082
ERMAC botnet C2 server (confidence level: 100%)
hash4506
DeimosC2 botnet C2 server (confidence level: 75%)
hash4506
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
Sliver botnet C2 server (confidence level: 75%)
hash8000
Sliver botnet C2 server (confidence level: 75%)
hash995
QakBot botnet C2 server (confidence level: 75%)
hash443
Eye Pyramid botnet C2 server (confidence level: 75%)
hash8868
DeimosC2 botnet C2 server (confidence level: 75%)
hash60000
Unknown malware botnet C2 server (confidence level: 75%)
hash2222
QakBot botnet C2 server (confidence level: 75%)
hash8443
Havoc botnet C2 server (confidence level: 75%)
hashbe15f62d14d1cbe2aecce8396f4c6289
Unknown malware payload (confidence level: 50%)
hash80
Meterpreter botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash7077
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash5555
AsyncRAT botnet C2 server (confidence level: 100%)
hash2002
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash36063
Mirai botnet C2 server (confidence level: 100%)
hash9192
Cobalt Strike botnet C2 server (confidence level: 75%)
hash2052
Cobalt Strike botnet C2 server (confidence level: 75%)
hash2095
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash83
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8086
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2918
NjRAT botnet C2 server (confidence level: 75%)
hash667d24d659242b95fd7a1c8d1738b1272e0b76aac68c07f97e4e9d2d737db627
AdWind payload (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2087
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash888
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash3955
AsyncRAT botnet C2 server (confidence level: 100%)
hash8010
Unknown malware botnet C2 server (confidence level: 100%)
hash2096
Havoc botnet C2 server (confidence level: 100%)
hash8090
DCRat botnet C2 server (confidence level: 100%)
hash33389
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1070
Remcos botnet C2 server (confidence level: 100%)
hash14646
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash80
Sliver botnet C2 server (confidence level: 100%)
hash2004
AsyncRAT botnet C2 server (confidence level: 100%)
hash2000
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash8808
Quasar RAT botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 75%)
hash7443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash10250
DeimosC2 botnet C2 server (confidence level: 75%)

File

ValueDescriptionCopy
file212.64.199.191
Mirai botnet C2 server (confidence level: 75%)
file47.92.71.92
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.155.1.95
Cobalt Strike botnet C2 server (confidence level: 100%)
file144.172.92.114
Remcos botnet C2 server (confidence level: 100%)
file52.9.229.248
Remcos botnet C2 server (confidence level: 100%)
file152.204.228.76
Remcos botnet C2 server (confidence level: 100%)
file23.247.131.191
Unknown malware botnet C2 server (confidence level: 100%)
file196.251.70.240
AsyncRAT botnet C2 server (confidence level: 100%)
file94.154.35.80
AsyncRAT botnet C2 server (confidence level: 100%)
file154.205.148.129
Hook botnet C2 server (confidence level: 100%)
file45.150.34.163
Hook botnet C2 server (confidence level: 100%)
file193.233.202.90
Nanocore RAT botnet C2 server (confidence level: 100%)
file134.209.157.90
Havoc botnet C2 server (confidence level: 100%)
file85.23.46.61
Havoc botnet C2 server (confidence level: 100%)
file13.61.8.192
Havoc botnet C2 server (confidence level: 100%)
file146.70.49.42
DCRat botnet C2 server (confidence level: 100%)
file45.133.180.154
DCRat botnet C2 server (confidence level: 100%)
file52.193.58.5
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file52.65.232.189
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file52.65.232.189
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file8.156.73.92
Chaos botnet C2 server (confidence level: 100%)
file43.160.207.83
Unknown malware botnet C2 server (confidence level: 100%)
file147.50.240.18
Bashlite botnet C2 server (confidence level: 100%)
file147.50.240.18
Bashlite botnet C2 server (confidence level: 100%)
file159.138.34.52
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.137.109.17
Cobalt Strike botnet C2 server (confidence level: 100%)
file196.251.86.168
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.253.246.132
Remcos botnet C2 server (confidence level: 100%)
file194.56.225.6
Remcos botnet C2 server (confidence level: 100%)
file45.121.51.2
Sliver botnet C2 server (confidence level: 100%)
file45.152.149.12
AsyncRAT botnet C2 server (confidence level: 100%)
file38.242.243.204
AsyncRAT botnet C2 server (confidence level: 100%)
file176.100.36.135
Unknown malware botnet C2 server (confidence level: 100%)
file83.150.218.113
Unknown malware botnet C2 server (confidence level: 100%)
file95.217.60.176
Hook botnet C2 server (confidence level: 100%)
file35.84.3.139
Havoc botnet C2 server (confidence level: 100%)
file45.33.122.33
ERMAC botnet C2 server (confidence level: 100%)
file194.62.167.215
Unknown malware botnet C2 server (confidence level: 100%)
file216.176.190.164
Unknown malware botnet C2 server (confidence level: 100%)
file159.65.128.86
Unknown malware botnet C2 server (confidence level: 100%)
file73.213.108.128
MimiKatz botnet C2 server (confidence level: 100%)
file188.245.119.161
Unknown malware botnet C2 server (confidence level: 100%)
file196.251.72.213
AsyncRAT botnet C2 server (confidence level: 100%)
file78.171.42.106
AsyncRAT botnet C2 server (confidence level: 100%)
file74.48.25.232
Unknown malware botnet C2 server (confidence level: 100%)
file120.26.131.62
Unknown malware botnet C2 server (confidence level: 100%)
file45.152.64.192
Unknown malware botnet C2 server (confidence level: 100%)
file31.182.43.164
Unknown malware botnet C2 server (confidence level: 100%)
file13.40.200.234
Unknown malware botnet C2 server (confidence level: 100%)
file142.103.134.40
Unknown malware botnet C2 server (confidence level: 100%)
file188.219.222.196
Unknown malware botnet C2 server (confidence level: 100%)
file144.48.8.50
Unknown malware botnet C2 server (confidence level: 100%)
file170.64.133.166
Unknown malware botnet C2 server (confidence level: 100%)
file1.94.128.210
Unknown malware botnet C2 server (confidence level: 100%)
file152.203.23.92
Unknown malware botnet C2 server (confidence level: 100%)
file213.209.129.104
Unknown malware botnet C2 server (confidence level: 100%)
file34.148.215.191
Unknown malware botnet C2 server (confidence level: 100%)
file35.159.18.180
Unknown malware botnet C2 server (confidence level: 100%)
file137.184.17.43
Unknown malware botnet C2 server (confidence level: 100%)
file82.65.255.173
Unknown malware botnet C2 server (confidence level: 100%)
file3.88.205.221
Unknown malware botnet C2 server (confidence level: 100%)
file13.48.140.162
Unknown malware botnet C2 server (confidence level: 100%)
file3.105.64.152
Unknown malware botnet C2 server (confidence level: 100%)
file31.130.150.13
Sliver botnet C2 server (confidence level: 50%)
file66.220.29.133
Sliver botnet C2 server (confidence level: 50%)
file78.171.42.106
AsyncRAT botnet C2 server (confidence level: 50%)
file27.254.69.17
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file54.233.36.163
BlackShades botnet C2 server (confidence level: 50%)
file45.86.162.143
Unknown malware botnet C2 server (confidence level: 50%)
file5.223.46.186
Unknown malware botnet C2 server (confidence level: 50%)
file120.26.131.62
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.94.19.89
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.159.99.137
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.12.108.15
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.37.86.181
Cobalt Strike botnet C2 server (confidence level: 100%)
file196.251.72.143
Remcos botnet C2 server (confidence level: 100%)
file45.192.100.198
Sliver botnet C2 server (confidence level: 100%)
file39.99.32.24
Unknown malware botnet C2 server (confidence level: 100%)
file185.72.9.141
AsyncRAT botnet C2 server (confidence level: 100%)
file172.111.245.67
AsyncRAT botnet C2 server (confidence level: 100%)
file45.119.211.13
AsyncRAT botnet C2 server (confidence level: 100%)
file89.47.113.71
AsyncRAT botnet C2 server (confidence level: 100%)
file52.33.2.63
Unknown malware botnet C2 server (confidence level: 100%)
file176.65.143.133
Unknown malware botnet C2 server (confidence level: 100%)
file121.120.28.188
Quasar RAT botnet C2 server (confidence level: 100%)
file106.75.62.22
Havoc botnet C2 server (confidence level: 100%)
file146.70.24.151
Havoc botnet C2 server (confidence level: 100%)
file45.79.191.168
ERMAC botnet C2 server (confidence level: 100%)
file111.31.37.46
DeimosC2 botnet C2 server (confidence level: 75%)
file118.253.171.65
DeimosC2 botnet C2 server (confidence level: 75%)
file142.171.51.88
Sliver botnet C2 server (confidence level: 75%)
file142.171.51.88
Sliver botnet C2 server (confidence level: 75%)
file188.49.62.65
QakBot botnet C2 server (confidence level: 75%)
file194.55.137.3
Eye Pyramid botnet C2 server (confidence level: 75%)
file219.229.81.202
DeimosC2 botnet C2 server (confidence level: 75%)
file49.234.14.123
Unknown malware botnet C2 server (confidence level: 75%)
file70.31.125.64
QakBot botnet C2 server (confidence level: 75%)
file85.217.184.73
Havoc botnet C2 server (confidence level: 75%)
file104.41.153.203
Meterpreter botnet C2 server (confidence level: 75%)
file103.140.154.111
Cobalt Strike botnet C2 server (confidence level: 100%)
file1.92.148.169
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.43.29.8
Cobalt Strike botnet C2 server (confidence level: 100%)
file128.90.113.117
AsyncRAT botnet C2 server (confidence level: 100%)
file72.167.40.98
AsyncRAT botnet C2 server (confidence level: 100%)
file157.254.237.166
AsyncRAT botnet C2 server (confidence level: 100%)
file81.17.24.234
AsyncRAT botnet C2 server (confidence level: 100%)
file89.47.113.83
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.70.240
AsyncRAT botnet C2 server (confidence level: 100%)
file193.42.36.133
AsyncRAT botnet C2 server (confidence level: 100%)
file176.100.36.135
Unknown malware botnet C2 server (confidence level: 100%)
file176.65.141.167
Hook botnet C2 server (confidence level: 100%)
file45.61.132.47
Havoc botnet C2 server (confidence level: 100%)
file94.156.189.245
Havoc botnet C2 server (confidence level: 100%)
file167.86.190.189
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file124.70.142.36
Unknown malware botnet C2 server (confidence level: 100%)
file196.251.86.49
Mirai botnet C2 server (confidence level: 100%)
file103.234.72.118
Cobalt Strike botnet C2 server (confidence level: 75%)
file120.55.169.128
Cobalt Strike botnet C2 server (confidence level: 75%)
file120.55.169.128
Cobalt Strike botnet C2 server (confidence level: 75%)
file103.143.142.39
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.152.192.117
Cobalt Strike botnet C2 server (confidence level: 100%)
file199.180.115.3
Cobalt Strike botnet C2 server (confidence level: 100%)
file139.9.192.127
Cobalt Strike botnet C2 server (confidence level: 100%)
file158.69.0.124
Cobalt Strike botnet C2 server (confidence level: 100%)
file147.185.221.23
NjRAT botnet C2 server (confidence level: 75%)
file154.37.219.98
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.138.9.113
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.82.92.74
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.133.229.117
Cobalt Strike botnet C2 server (confidence level: 100%)
file23.95.193.207
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.130.107.173
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.197.150.76
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.108.39.159
Cobalt Strike botnet C2 server (confidence level: 100%)
file51.92.38.49
Sliver botnet C2 server (confidence level: 100%)
file115.120.251.188
Unknown malware botnet C2 server (confidence level: 100%)
file47.239.54.235
Unknown malware botnet C2 server (confidence level: 100%)
file78.171.42.106
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.69.124
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.69.124
AsyncRAT botnet C2 server (confidence level: 100%)
file156.245.11.12
AsyncRAT botnet C2 server (confidence level: 100%)
file194.195.241.185
Unknown malware botnet C2 server (confidence level: 100%)
file38.54.86.240
Havoc botnet C2 server (confidence level: 100%)
file195.82.146.32
DCRat botnet C2 server (confidence level: 100%)
file35.93.230.174
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file88.99.125.82
Vidar botnet C2 server (confidence level: 100%)
file75.127.89.194
Cobalt Strike botnet C2 server (confidence level: 100%)
file156.238.233.21
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.106.15.73
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.227.168.165
Remcos botnet C2 server (confidence level: 100%)
file192.227.168.165
Remcos botnet C2 server (confidence level: 100%)
file188.93.233.42
Remcos botnet C2 server (confidence level: 100%)
file13.229.224.94
Sliver botnet C2 server (confidence level: 100%)
file78.171.42.106
AsyncRAT botnet C2 server (confidence level: 100%)
file193.42.36.133
AsyncRAT botnet C2 server (confidence level: 100%)
file43.224.227.246
Hook botnet C2 server (confidence level: 100%)
file83.147.53.67
Quasar RAT botnet C2 server (confidence level: 100%)
file114.132.166.230
Unknown malware botnet C2 server (confidence level: 75%)
file119.23.189.216
DeimosC2 botnet C2 server (confidence level: 75%)
file188.49.62.65
QakBot botnet C2 server (confidence level: 75%)
file222.126.140.44
DeimosC2 botnet C2 server (confidence level: 75%)

Threat ID: 682c7db7e8347ec82d2bd387

Added to database: 5/20/2025, 1:03:51 PM

Last enriched: 6/19/2025, 3:17:11 PM

Last updated: 7/29/2025, 6:10:04 AM

Views: 7

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats