ThreatFox IOCs for 2025-04-05
ThreatFox IOCs for 2025-04-05
AI Analysis
Technical Summary
The provided threat intelligence relates to a malware-related report titled "ThreatFox IOCs for 2025-04-05," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under "type:osint," indicating it primarily involves open-source intelligence data rather than a specific malware family or exploit. No specific affected product versions or detailed technical indicators are provided, and there are no known exploits currently active in the wild. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination potential but limited analytical depth or confirmed impact. The absence of CWE identifiers, patch links, or concrete IOCs limits the ability to pinpoint exact attack vectors or malware behavior. Overall, this appears to be an early-stage or low-confidence intelligence report highlighting potential malware-related activity without concrete exploitation details or targeted vulnerabilities.
Potential Impact
Given the lack of detailed technical information and absence of known exploits, the immediate impact on European organizations is likely limited. However, the presence of malware-related IOCs in open-source intelligence suggests a potential for reconnaissance or preparatory activity that could precede more targeted attacks. European organizations relying on OSINT feeds for threat detection might benefit from integrating this data to enhance situational awareness. The medium severity rating implies some risk to confidentiality, integrity, or availability if the malware were to be deployed effectively, but without specifics, the scale and scope of impact remain uncertain. Potential impacts could include data exfiltration, system compromise, or disruption if the malware targets critical infrastructure or enterprise environments. Organizations in sectors with high exposure to OSINT-driven threats, such as cybersecurity firms, government agencies, and critical infrastructure operators, should remain vigilant.
Mitigation Recommendations
1. Enhance OSINT Monitoring: Integrate ThreatFox and similar OSINT feeds into existing Security Information and Event Management (SIEM) systems to detect emerging IOCs promptly. 2. Proactive Threat Hunting: Conduct targeted threat hunting exercises focusing on behaviors and artifacts associated with malware indicated by ThreatFox reports, even if specific IOCs are not yet available. 3. Network Segmentation: Limit lateral movement potential by segmenting networks, especially for critical systems, to contain any potential malware spread. 4. Endpoint Detection and Response (EDR): Deploy and fine-tune EDR solutions to detect anomalous behaviors indicative of malware activity, such as unusual process executions or network connections. 5. User Awareness and Training: Educate employees about emerging threats and the importance of reporting suspicious activities, as early detection can mitigate impact. 6. Patch Management: Although no patches are linked to this threat, maintaining up-to-date systems reduces the attack surface for malware leveraging known vulnerabilities. 7. Incident Response Preparedness: Update incident response plans to incorporate scenarios involving OSINT-derived malware threats, ensuring rapid containment and remediation.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- file: 107.189.16.122
- hash: 1224
- file: 45.59.163.55
- hash: 1244
- file: 66.235.168.238
- hash: 1244
- file: 107.189.16.176
- hash: 1224
- file: 45.61.151.71
- hash: 1224
- file: 45.59.163.56
- hash: 1244
- file: 67.203.7.205
- hash: 1244
- file: 91.92.46.229
- hash: 9000
- file: 91.240.118.6
- hash: 9000
- file: 150.241.83.227
- hash: 9000
- file: 149.248.78.209
- hash: 9000
- file: 82.117.255.225
- hash: 9000
- file: 3.132.75.97
- hash: 55520
- file: 52.14.24.94
- hash: 80
- file: 31.177.110.225
- hash: 8080
- file: 3.132.75.97
- hash: 55521
- file: 52.14.24.94
- hash: 81
- file: 3.132.75.97
- hash: 55530
- file: 3.132.75.97
- hash: 55531
- url: http://193.239.237.40/52a50518b868057e.php
- file: 195.154.114.232
- hash: 8443
- file: 141.98.112.241
- hash: 7070
- file: 34.58.196.177
- hash: 2000
- file: 141.98.112.241
- hash: 80
- file: 15.152.42.175
- hash: 49943
- file: 15.152.42.175
- hash: 6443
- file: 15.152.42.175
- hash: 15443
- file: 13.251.129.97
- hash: 443
- file: 45.196.239.74
- hash: 808
- domain: mail.a.ora-0-web.com
- file: 46.101.114.89
- hash: 19000
- file: 132.145.75.68
- hash: 7021
- domain: dtdgsbsfg.localto.net
- file: 20.168.34.229
- hash: 8086
- file: 38.110.228.116
- hash: 443
- file: 172.94.53.67
- hash: 3191
- file: 103.186.101.114
- hash: 8550
- domain: music.amazehome.xyz
- domain: cloud.amazehome.xyz
- file: 128.90.113.107
- hash: 2000
- file: 190.247.133.30
- hash: 7676
- domain: autodiscover.ora-0-web.com
- file: 43.133.58.79
- hash: 60000
- file: 161.35.255.100
- hash: 60000
- file: 47.107.251.108
- hash: 60000
- file: 212.34.141.212
- hash: 5555
- file: 20.25.197.51
- hash: 3333
- file: 43.203.59.106
- hash: 80
- file: 95.217.47.242
- hash: 3342
- file: 20.29.76.113
- hash: 443
- file: 23.88.61.216
- hash: 443
- file: 115.120.237.152
- hash: 3333
- file: 181.40.66.214
- hash: 3333
- file: 34.253.74.8
- hash: 443
- file: 3.145.169.176
- hash: 3333
- domain: mintbehavior.xyz
- domain: trailrifle.xyz
- domain: grainink.website
- file: 92.255.57.221
- hash: 1414
- url: http://trailrifle.xyz/ury.php
- url: http://trailrifle.xyz/uri.php
- file: 92.255.85.66
- hash: 1414
- url: https://jtargett.top/dsangt
- url: https://tgalxnetb.today/gsuiao
- url: https://wjrxsafer.top/shpaoz
- file: 92.255.85.2
- hash: 1414
- url: https://healgeni.live/qwtossi
- file: 129.226.90.183
- hash: 9999
- file: 1.94.37.223
- hash: 443
- file: 8.209.221.211
- hash: 55812
- file: 185.104.115.101
- hash: 443
- file: 139.59.167.14
- hash: 23500
- file: 78.164.223.72
- hash: 2003
- domain: ip87-106-116-156.pbiaas.com
- file: 46.29.166.15
- hash: 443
- file: 45.9.100.168
- hash: 4433
- file: 141.94.53.217
- hash: 55555
- file: 37.107.26.2
- hash: 443
- file: 46.21.153.146
- hash: 80
- file: 47.105.109.241
- hash: 82
- file: 103.193.148.158
- hash: 80
- file: 120.46.192.50
- hash: 80
- url: https://uplifthj.digital/ppdk
- url: https://joyousczx.live/yauge
- url: https://7grxeasyw.digital/xxepw
- url: https://lxrfxcaseq.live/gspaz
- url: https://2xrfxcaseq.live/gspaz
- url: https://palpableafs.live/bysiz
- file: 45.129.185.128
- hash: 81
- file: 45.88.186.85
- hash: 7707
- file: 52.77.168.45
- hash: 80
- file: 213.209.150.234
- hash: 8089
- file: 192.71.172.2
- hash: 443
- file: 159.13.56.149
- hash: 443
- domain: test44401.duckdns.org
- file: 45.92.1.116
- hash: 8090
- url: https://nrhxhube.run/pogrs
- url: https://paraperw.live/smphn
- url: https://sparaperw.live/smphn
- url: https://appnavia.live/paozko
- url: https://darjkafsg.digital/aoiz
- url: https://jstarcloc.bet/goksao
- url: https://kpuerrogfh.live/iqwez
- url: https://qplantainklj.run/opafg
- url: https://aywmedici.top/noagis
- url: https://tadvennture.top/gksiio
- url: https://transfosdrm.live/qwopr
- url: https://4advennture.top/gksiio
- url: https://bjrxsafer.top/shpaoz
- url: https://pquavabvc.top/iuzhd
- url: https://sgalxnetb.today/gsuiao
- url: https://8xrfxcaseq.live/gspaz
- url: https://ljrxsafer.top/shpaoz
- url: https://miropilw.run/oags
- url: https://phywmedici.top/noagis
- url: https://1btargett.top/dsangt
- url: https://xkrxspint.digital/kendwz
- url: https://9advennture.top/gksiio
- url: https://fpuerrogfh.live/iqwez
- url: https://h0pepperiop.digital/oage
- url: https://5ironloxp.live/aksdd
- url: https://dgalxnetb.today/gsuiao
- url: https://onavstarx.shop/foajsi
- url: https://8rambutanvcx.run/adioz
- url: https://iplpepperiop.digital/oage
- file: 166.108.234.74
- hash: 8089
- file: 138.201.196.83
- hash: 7080
- file: 45.88.186.85
- hash: 6606
- file: 64.7.198.136
- hash: 7443
- file: 125.25.107.91
- hash: 7443
- file: 3.85.103.12
- hash: 7000
- file: 196.251.83.99
- hash: 8080
- file: 206.189.206.214
- hash: 80
- file: 103.122.221.199
- hash: 80
- file: 173.225.99.47
- hash: 3858
- file: 176.65.143.159
- hash: 8808
- file: 102.117.171.94
- hash: 7443
- file: 31.59.131.10
- hash: 8089
- file: 45.88.186.129
- hash: 80
- file: 196.251.117.165
- hash: 4444
- file: 45.155.126.183
- hash: 4444
- file: 100.27.33.179
- hash: 18946
- file: 163.181.78.86
- hash: 4506
- file: 51.222.96.9
- hash: 443
- file: 51.222.96.9
- hash: 80
- domain: debian.whoareu.top
- file: 129.226.212.179
- hash: 2052
ThreatFox IOCs for 2025-04-05
Description
ThreatFox IOCs for 2025-04-05
AI-Powered Analysis
Technical Analysis
The provided threat intelligence relates to a malware-related report titled "ThreatFox IOCs for 2025-04-05," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under "type:osint," indicating it primarily involves open-source intelligence data rather than a specific malware family or exploit. No specific affected product versions or detailed technical indicators are provided, and there are no known exploits currently active in the wild. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination potential but limited analytical depth or confirmed impact. The absence of CWE identifiers, patch links, or concrete IOCs limits the ability to pinpoint exact attack vectors or malware behavior. Overall, this appears to be an early-stage or low-confidence intelligence report highlighting potential malware-related activity without concrete exploitation details or targeted vulnerabilities.
Potential Impact
Given the lack of detailed technical information and absence of known exploits, the immediate impact on European organizations is likely limited. However, the presence of malware-related IOCs in open-source intelligence suggests a potential for reconnaissance or preparatory activity that could precede more targeted attacks. European organizations relying on OSINT feeds for threat detection might benefit from integrating this data to enhance situational awareness. The medium severity rating implies some risk to confidentiality, integrity, or availability if the malware were to be deployed effectively, but without specifics, the scale and scope of impact remain uncertain. Potential impacts could include data exfiltration, system compromise, or disruption if the malware targets critical infrastructure or enterprise environments. Organizations in sectors with high exposure to OSINT-driven threats, such as cybersecurity firms, government agencies, and critical infrastructure operators, should remain vigilant.
Mitigation Recommendations
1. Enhance OSINT Monitoring: Integrate ThreatFox and similar OSINT feeds into existing Security Information and Event Management (SIEM) systems to detect emerging IOCs promptly. 2. Proactive Threat Hunting: Conduct targeted threat hunting exercises focusing on behaviors and artifacts associated with malware indicated by ThreatFox reports, even if specific IOCs are not yet available. 3. Network Segmentation: Limit lateral movement potential by segmenting networks, especially for critical systems, to contain any potential malware spread. 4. Endpoint Detection and Response (EDR): Deploy and fine-tune EDR solutions to detect anomalous behaviors indicative of malware activity, such as unusual process executions or network connections. 5. User Awareness and Training: Educate employees about emerging threats and the importance of reporting suspicious activities, as early detection can mitigate impact. 6. Patch Management: Although no patches are linked to this threat, maintaining up-to-date systems reduces the attack surface for malware leveraging known vulnerabilities. 7. Incident Response Preparedness: Update incident response plans to incorporate scenarios involving OSINT-derived malware threats, ensuring rapid containment and remediation.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 5752b87a-6be9-47f9-8e29-0895f432255b
- Original Timestamp
- 1743897787
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file107.189.16.122 | InvisibleFerret payload delivery server (confidence level: 75%) | |
file45.59.163.55 | InvisibleFerret payload delivery server (confidence level: 75%) | |
file66.235.168.238 | InvisibleFerret payload delivery server (confidence level: 75%) | |
file107.189.16.176 | InvisibleFerret payload delivery server (confidence level: 75%) | |
file45.61.151.71 | InvisibleFerret payload delivery server (confidence level: 75%) | |
file45.59.163.56 | InvisibleFerret payload delivery server (confidence level: 75%) | |
file67.203.7.205 | InvisibleFerret payload delivery server (confidence level: 75%) | |
file91.92.46.229 | SectopRAT botnet C2 server (confidence level: 100%) | |
file91.240.118.6 | SectopRAT botnet C2 server (confidence level: 100%) | |
file150.241.83.227 | SectopRAT botnet C2 server (confidence level: 100%) | |
file149.248.78.209 | SectopRAT botnet C2 server (confidence level: 100%) | |
file82.117.255.225 | SectopRAT botnet C2 server (confidence level: 100%) | |
file3.132.75.97 | vo1d botnet C2 server (confidence level: 100%) | |
file52.14.24.94 | vo1d botnet C2 server (confidence level: 100%) | |
file31.177.110.225 | BitRAT botnet C2 server (confidence level: 100%) | |
file3.132.75.97 | vo1d botnet C2 server (confidence level: 100%) | |
file52.14.24.94 | vo1d botnet C2 server (confidence level: 100%) | |
file3.132.75.97 | vo1d botnet C2 server (confidence level: 100%) | |
file3.132.75.97 | vo1d botnet C2 server (confidence level: 100%) | |
file195.154.114.232 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file141.98.112.241 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file34.58.196.177 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file141.98.112.241 | Venom RAT botnet C2 server (confidence level: 100%) | |
file15.152.42.175 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file15.152.42.175 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file15.152.42.175 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.251.129.97 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file45.196.239.74 | Kaiji botnet C2 server (confidence level: 100%) | |
file46.101.114.89 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file132.145.75.68 | DarkComet botnet C2 server (confidence level: 100%) | |
file20.168.34.229 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.110.228.116 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.94.53.67 | Remcos botnet C2 server (confidence level: 100%) | |
file103.186.101.114 | Remcos botnet C2 server (confidence level: 100%) | |
file128.90.113.107 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file190.247.133.30 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file43.133.58.79 | Unknown malware botnet C2 server (confidence level: 100%) | |
file161.35.255.100 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.107.251.108 | Unknown malware botnet C2 server (confidence level: 100%) | |
file212.34.141.212 | Unknown malware botnet C2 server (confidence level: 100%) | |
file20.25.197.51 | Unknown malware botnet C2 server (confidence level: 100%) | |
file43.203.59.106 | Unknown malware botnet C2 server (confidence level: 100%) | |
file95.217.47.242 | Unknown malware botnet C2 server (confidence level: 100%) | |
file20.29.76.113 | Unknown malware botnet C2 server (confidence level: 100%) | |
file23.88.61.216 | Unknown malware botnet C2 server (confidence level: 100%) | |
file115.120.237.152 | Unknown malware botnet C2 server (confidence level: 100%) | |
file181.40.66.214 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.253.74.8 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.145.169.176 | Unknown malware botnet C2 server (confidence level: 100%) | |
file92.255.57.221 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file92.255.85.66 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file92.255.85.2 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file129.226.90.183 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.94.37.223 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.209.221.211 | Remcos botnet C2 server (confidence level: 100%) | |
file185.104.115.101 | Sliver botnet C2 server (confidence level: 100%) | |
file139.59.167.14 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file78.164.223.72 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file46.29.166.15 | Havoc botnet C2 server (confidence level: 100%) | |
file45.9.100.168 | Havoc botnet C2 server (confidence level: 100%) | |
file141.94.53.217 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file37.107.26.2 | QakBot botnet C2 server (confidence level: 75%) | |
file46.21.153.146 | Rhysida botnet C2 server (confidence level: 75%) | |
file47.105.109.241 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.193.148.158 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.46.192.50 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.129.185.128 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.88.186.85 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file52.77.168.45 | Hook botnet C2 server (confidence level: 100%) | |
file213.209.150.234 | Hook botnet C2 server (confidence level: 100%) | |
file192.71.172.2 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file159.13.56.149 | Havoc botnet C2 server (confidence level: 100%) | |
file45.92.1.116 | Venom RAT botnet C2 server (confidence level: 100%) | |
file166.108.234.74 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file138.201.196.83 | Remcos botnet C2 server (confidence level: 100%) | |
file45.88.186.85 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file64.7.198.136 | Unknown malware botnet C2 server (confidence level: 100%) | |
file125.25.107.91 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file3.85.103.12 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file196.251.83.99 | ERMAC botnet C2 server (confidence level: 100%) | |
file206.189.206.214 | MooBot botnet C2 server (confidence level: 100%) | |
file103.122.221.199 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file173.225.99.47 | Remcos botnet C2 server (confidence level: 100%) | |
file176.65.143.159 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file102.117.171.94 | Unknown malware botnet C2 server (confidence level: 100%) | |
file31.59.131.10 | Hook botnet C2 server (confidence level: 100%) | |
file45.88.186.129 | Hook botnet C2 server (confidence level: 100%) | |
file196.251.117.165 | Havoc botnet C2 server (confidence level: 100%) | |
file45.155.126.183 | Venom RAT botnet C2 server (confidence level: 100%) | |
file100.27.33.179 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file163.181.78.86 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file51.222.96.9 | Rhysida botnet C2 server (confidence level: 75%) | |
file51.222.96.9 | Rhysida botnet C2 server (confidence level: 75%) | |
file129.226.212.179 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash1224 | InvisibleFerret payload delivery server (confidence level: 75%) | |
hash1244 | InvisibleFerret payload delivery server (confidence level: 75%) | |
hash1244 | InvisibleFerret payload delivery server (confidence level: 75%) | |
hash1224 | InvisibleFerret payload delivery server (confidence level: 75%) | |
hash1224 | InvisibleFerret payload delivery server (confidence level: 75%) | |
hash1244 | InvisibleFerret payload delivery server (confidence level: 75%) | |
hash1244 | InvisibleFerret payload delivery server (confidence level: 75%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash55520 | vo1d botnet C2 server (confidence level: 100%) | |
hash80 | vo1d botnet C2 server (confidence level: 100%) | |
hash8080 | BitRAT botnet C2 server (confidence level: 100%) | |
hash55521 | vo1d botnet C2 server (confidence level: 100%) | |
hash81 | vo1d botnet C2 server (confidence level: 100%) | |
hash55530 | vo1d botnet C2 server (confidence level: 100%) | |
hash55531 | vo1d botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7070 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash49943 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash6443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash15443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash808 | Kaiji botnet C2 server (confidence level: 100%) | |
hash19000 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash7021 | DarkComet botnet C2 server (confidence level: 100%) | |
hash8086 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3191 | Remcos botnet C2 server (confidence level: 100%) | |
hash8550 | Remcos botnet C2 server (confidence level: 100%) | |
hash2000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7676 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5555 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3342 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1414 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash1414 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash1414 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash55812 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash23500 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2003 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash4433 | Havoc botnet C2 server (confidence level: 100%) | |
hash55555 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash80 | Rhysida botnet C2 server (confidence level: 75%) | |
hash82 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8090 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8089 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7080 | Remcos botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash7000 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8080 | ERMAC botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3858 | Remcos botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash4444 | Havoc botnet C2 server (confidence level: 100%) | |
hash4444 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash18946 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash4506 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Rhysida botnet C2 server (confidence level: 75%) | |
hash80 | Rhysida botnet C2 server (confidence level: 75%) | |
hash2052 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://193.239.237.40/52a50518b868057e.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://trailrifle.xyz/ury.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttp://trailrifle.xyz/uri.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttps://jtargett.top/dsangt | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://tgalxnetb.today/gsuiao | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://wjrxsafer.top/shpaoz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://healgeni.live/qwtossi | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://uplifthj.digital/ppdk | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://joyousczx.live/yauge | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://7grxeasyw.digital/xxepw | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://lxrfxcaseq.live/gspaz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://2xrfxcaseq.live/gspaz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://palpableafs.live/bysiz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://nrhxhube.run/pogrs | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://paraperw.live/smphn | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://sparaperw.live/smphn | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://appnavia.live/paozko | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://darjkafsg.digital/aoiz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://jstarcloc.bet/goksao | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://kpuerrogfh.live/iqwez | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://qplantainklj.run/opafg | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://aywmedici.top/noagis | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://tadvennture.top/gksiio | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://transfosdrm.live/qwopr | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://4advennture.top/gksiio | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://bjrxsafer.top/shpaoz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://pquavabvc.top/iuzhd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://sgalxnetb.today/gsuiao | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://8xrfxcaseq.live/gspaz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ljrxsafer.top/shpaoz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://miropilw.run/oags | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://phywmedici.top/noagis | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://1btargett.top/dsangt | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://xkrxspint.digital/kendwz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://9advennture.top/gksiio | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://fpuerrogfh.live/iqwez | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://h0pepperiop.digital/oage | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://5ironloxp.live/aksdd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://dgalxnetb.today/gsuiao | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://onavstarx.shop/foajsi | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://8rambutanvcx.run/adioz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://iplpepperiop.digital/oage | Lumma Stealer botnet C2 (confidence level: 75%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainmail.a.ora-0-web.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domaindtdgsbsfg.localto.net | DarkComet botnet C2 domain (confidence level: 100%) | |
domainmusic.amazehome.xyz | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaincloud.amazehome.xyz | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainautodiscover.ora-0-web.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainmintbehavior.xyz | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domaintrailrifle.xyz | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domaingrainink.website | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domainip87-106-116-156.pbiaas.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaintest44401.duckdns.org | Havoc botnet C2 domain (confidence level: 100%) | |
domaindebian.whoareu.top | Cobalt Strike botnet C2 domain (confidence level: 75%) |
Threat ID: 682c7db5e8347ec82d2b070a
Added to database: 5/20/2025, 1:03:49 PM
Last enriched: 6/19/2025, 4:04:15 PM
Last updated: 8/10/2025, 3:11:10 PM
Views: 9
Related Threats
Malvertising campaign leads to PS1Bot, a multi-stage malware framework
MediumThreatFox IOCs for 2025-08-12
MediumChallenge for human and AI reverse engineers
MediumA New Threat Actor Targeting Geopolitical Hotbeds
MediumNew Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.