Skip to main content

ThreatFox IOCs for 2025-04-06

Medium
Published: Sun Apr 06 2025 (04/06/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-04-06

AI-Powered Analysis

AILast updated: 06/19/2025, 15:01:51 UTC

Technical Analysis

The provided threat intelligence pertains to a malware-related report titled "ThreatFox IOCs for 2025-04-06," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat data. The report is categorized under "type:osint," indicating that it primarily involves open-source intelligence data rather than a specific malware family or exploit. No specific affected product versions or detailed technical characteristics of the malware are provided, and there are no associated Common Weakness Enumerations (CWEs) or patch links. The threat level is indicated as 2 on an unspecified scale, with a medium severity rating assigned by the source. The analysis score is 1, and distribution is rated 3, suggesting a moderate level of dissemination or potential reach. There are no known exploits in the wild linked to this threat at the time of publication, and no concrete indicators of compromise (IOCs) are listed. The absence of detailed technical data, such as attack vectors, payload behavior, or targeted vulnerabilities, limits the ability to perform a deep technical dissection. However, the classification as malware and the medium severity imply a potential risk that warrants attention, especially given the distribution rating. The lack of authentication or user interaction details suggests that the threat's exploitation complexity is unclear. Overall, this appears to be an early-stage or low-profile malware threat with moderate distribution potential but limited current impact evidence.

Potential Impact

For European organizations, the impact of this threat is currently assessed as moderate due to the medium severity rating and the distribution score of 3. Without specific details on the malware's capabilities, it is difficult to ascertain precise effects on confidentiality, integrity, or availability. However, malware typically poses risks such as data exfiltration, system disruption, or unauthorized access. The absence of known exploits in the wild reduces immediate risk but does not preclude future exploitation. European entities relying on open-source intelligence tools or platforms similar to ThreatFox might be indirectly affected if the malware targets such environments or leverages OSINT data for reconnaissance. The potential impact could be more pronounced in sectors with high reliance on OSINT for threat detection, such as cybersecurity firms, government agencies, and critical infrastructure operators. Additionally, the medium severity suggests that while the threat is not currently critical, it could evolve or be part of a broader attack campaign. Organizations should remain vigilant, especially given the moderate distribution rating, which implies a non-negligible spread or presence.

Mitigation Recommendations

Given the limited technical details, mitigation should focus on enhancing general malware defense and OSINT data handling practices. Specific recommendations include: 1) Implement robust endpoint protection solutions with updated malware signatures and heuristic detection capabilities to identify and block unknown or emerging threats. 2) Monitor OSINT platforms and threat intelligence feeds closely for updates or new IOCs related to this malware to enable timely detection and response. 3) Enforce strict access controls and network segmentation around systems that consume or process OSINT data to limit lateral movement in case of compromise. 4) Conduct regular threat hunting exercises focusing on unusual activity patterns that could indicate malware presence, especially in environments handling open-source intelligence. 5) Educate security teams on the importance of validating OSINT sources and integrating multiple intelligence feeds to reduce reliance on potentially compromised data. 6) Maintain up-to-date backups and incident response plans tailored to malware incidents to minimize operational disruption. These measures go beyond generic advice by emphasizing OSINT-specific risk management and proactive threat intelligence integration.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
29ef4424-a95c-42d2-b432-f8855984f7d4
Original Timestamp
1743984187

Indicators of Compromise

File

ValueDescriptionCopy
file176.65.144.18
Bashlite botnet C2 server (confidence level: 75%)
file45.93.20.64
Stealc botnet C2 server (confidence level: 50%)
file45.93.20.28
Stealc botnet C2 server (confidence level: 50%)
file81.19.131.77
Stealc botnet C2 server (confidence level: 50%)
file38.246.253.80
Cobalt Strike botnet C2 server (confidence level: 100%)
file78.164.223.72
AsyncRAT botnet C2 server (confidence level: 100%)
file179.100.48.53
Quasar RAT botnet C2 server (confidence level: 100%)
file196.251.118.210
Havoc botnet C2 server (confidence level: 100%)
file43.206.154.248
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file138.68.79.95
NjRAT botnet C2 server (confidence level: 75%)
file108.186.255.119
Unknown malware botnet C2 server (confidence level: 100%)
file8.220.176.89
Unknown malware botnet C2 server (confidence level: 100%)
file176.65.143.159
AsyncRAT botnet C2 server (confidence level: 100%)
file176.65.144.32
AsyncRAT botnet C2 server (confidence level: 100%)
file78.164.223.72
AsyncRAT botnet C2 server (confidence level: 100%)
file13.36.177.151
Unknown malware botnet C2 server (confidence level: 100%)
file176.65.144.237
Hook botnet C2 server (confidence level: 100%)
file31.59.131.10
Hook botnet C2 server (confidence level: 100%)
file213.159.68.41
Hook botnet C2 server (confidence level: 100%)
file34.219.245.253
Havoc botnet C2 server (confidence level: 100%)
file196.251.117.88
Remcos botnet C2 server (confidence level: 100%)
file109.248.6.228
Sliver botnet C2 server (confidence level: 100%)
file45.137.198.124
MooBot botnet C2 server (confidence level: 100%)
file185.17.3.70
Sliver botnet C2 server (confidence level: 100%)
file159.203.16.243
Unknown malware botnet C2 server (confidence level: 100%)
file154.38.162.182
Unknown malware botnet C2 server (confidence level: 100%)
file18.194.7.178
Unknown malware botnet C2 server (confidence level: 100%)
file3.23.103.84
Unknown malware botnet C2 server (confidence level: 100%)
file85.215.131.84
Unknown malware botnet C2 server (confidence level: 100%)
file13.232.52.251
Unknown malware botnet C2 server (confidence level: 100%)
file13.238.81.224
Unknown malware botnet C2 server (confidence level: 100%)
file183.179.149.2
Unknown malware botnet C2 server (confidence level: 100%)
file54.205.7.84
Unknown malware botnet C2 server (confidence level: 100%)
file154.55.115.48
Unknown malware botnet C2 server (confidence level: 100%)
file13.78.86.115
Unknown malware botnet C2 server (confidence level: 100%)
file65.38.98.61
Unknown malware botnet C2 server (confidence level: 100%)
file52.224.246.147
Unknown malware botnet C2 server (confidence level: 100%)
file3.127.102.68
Unknown malware botnet C2 server (confidence level: 100%)
file3.127.102.68
Unknown malware botnet C2 server (confidence level: 100%)
file54.243.26.20
Unknown malware botnet C2 server (confidence level: 100%)
file13.201.186.65
Unknown malware botnet C2 server (confidence level: 100%)
file3.85.158.49
Unknown malware botnet C2 server (confidence level: 100%)
file47.108.216.208
Unknown malware botnet C2 server (confidence level: 100%)
file147.185.221.27
NjRAT botnet C2 server (confidence level: 75%)
file44.204.211.51
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file179.95.197.65
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file78.47.105.59
Vidar botnet C2 server (confidence level: 75%)
file176.65.144.253
Mirai botnet C2 server (confidence level: 75%)
file144.202.100.226
RedLine Stealer botnet C2 server (confidence level: 100%)
file129.226.212.179
Cobalt Strike botnet C2 server (confidence level: 100%)
file129.226.212.179
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.52.242.41
Remcos botnet C2 server (confidence level: 100%)
file172.111.244.211
AsyncRAT botnet C2 server (confidence level: 100%)
file95.217.34.113
AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.113.107
AsyncRAT botnet C2 server (confidence level: 100%)
file96.2.91.102
Unknown malware botnet C2 server (confidence level: 100%)
file185.196.11.208
Unknown malware botnet C2 server (confidence level: 100%)
file18.138.195.208
Hook botnet C2 server (confidence level: 100%)
file176.65.144.237
Hook botnet C2 server (confidence level: 100%)
file13.208.71.18
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file115.29.224.229
MimiKatz botnet C2 server (confidence level: 100%)
file147.124.211.116
Rhysida botnet C2 server (confidence level: 75%)
file147.124.211.116
Rhysida botnet C2 server (confidence level: 75%)
file173.187.25.9
QakBot botnet C2 server (confidence level: 75%)
file35.169.63.213
DeimosC2 botnet C2 server (confidence level: 75%)
file38.132.122.163
Eye Pyramid botnet C2 server (confidence level: 75%)
file85.239.62.195
Rhysida botnet C2 server (confidence level: 75%)
file85.239.62.195
Rhysida botnet C2 server (confidence level: 75%)
file129.226.212.179
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.106.229.212
Cobalt Strike botnet C2 server (confidence level: 100%)
file83.229.121.234
Cobalt Strike botnet C2 server (confidence level: 100%)
file191.232.247.88
Sliver botnet C2 server (confidence level: 100%)
file128.90.113.107
AsyncRAT botnet C2 server (confidence level: 100%)
file102.117.168.190
Unknown malware botnet C2 server (confidence level: 100%)
file64.226.68.251
Unknown malware botnet C2 server (confidence level: 100%)
file45.141.233.171
Hook botnet C2 server (confidence level: 100%)
file87.120.166.48
Hook botnet C2 server (confidence level: 100%)
file31.59.131.10
Hook botnet C2 server (confidence level: 100%)
file176.65.137.250
Havoc botnet C2 server (confidence level: 100%)
file45.139.104.170
Venom RAT botnet C2 server (confidence level: 100%)
file107.174.192.179
DarkVision RAT botnet C2 server (confidence level: 75%)
file82.29.67.160
DarkVision RAT botnet C2 server (confidence level: 75%)
file47.106.229.212
Cobalt Strike botnet C2 server (confidence level: 100%)
file143.110.241.106
Sliver botnet C2 server (confidence level: 100%)
file176.65.141.98
AsyncRAT botnet C2 server (confidence level: 100%)
file188.126.90.65
AsyncRAT botnet C2 server (confidence level: 100%)
file34.23.94.159
Unknown malware botnet C2 server (confidence level: 100%)
file45.141.233.172
Hook botnet C2 server (confidence level: 100%)
file45.88.186.129
Hook botnet C2 server (confidence level: 100%)
file13.246.40.30
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file52.47.171.145
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file35.79.81.8
Brute Ratel C4 botnet C2 server (confidence level: 100%)
file176.65.144.253
Mirai botnet C2 server (confidence level: 100%)
file149.88.84.102
Cobalt Strike botnet C2 server (confidence level: 50%)
file111.229.108.128
Cobalt Strike botnet C2 server (confidence level: 50%)
file166.88.61.176
Cobalt Strike botnet C2 server (confidence level: 50%)
file15.229.22.115
Cobalt Strike botnet C2 server (confidence level: 50%)
file15.229.22.115
Cobalt Strike botnet C2 server (confidence level: 50%)
file47.96.136.148
Cobalt Strike botnet C2 server (confidence level: 50%)
file18.227.13.197
Cobalt Strike botnet C2 server (confidence level: 50%)
file129.204.146.115
Cobalt Strike botnet C2 server (confidence level: 50%)
file64.176.44.186
Cobalt Strike botnet C2 server (confidence level: 50%)
file142.202.190.39
Sliver botnet C2 server (confidence level: 50%)
file157.180.44.116
Sliver botnet C2 server (confidence level: 50%)
file138.124.116.155
Sliver botnet C2 server (confidence level: 50%)
file45.76.143.197
Sliver botnet C2 server (confidence level: 50%)
file143.198.1.58
Sliver botnet C2 server (confidence level: 50%)
file159.223.233.165
Sliver botnet C2 server (confidence level: 50%)
file194.35.12.15
Sliver botnet C2 server (confidence level: 50%)
file185.208.158.227
Sliver botnet C2 server (confidence level: 50%)
file192.161.162.116
Sliver botnet C2 server (confidence level: 50%)
file38.180.62.25
Sliver botnet C2 server (confidence level: 50%)
file165.22.37.20
Sliver botnet C2 server (confidence level: 50%)
file18.162.82.100
Sliver botnet C2 server (confidence level: 50%)
file45.38.42.187
Sliver botnet C2 server (confidence level: 50%)
file37.60.244.185
Sliver botnet C2 server (confidence level: 50%)
file24.137.215.163
Sliver botnet C2 server (confidence level: 50%)
file157.173.192.228
Sliver botnet C2 server (confidence level: 50%)
file167.71.240.130
Sliver botnet C2 server (confidence level: 50%)
file206.206.76.53
Sliver botnet C2 server (confidence level: 50%)
file36.227.134.100
Sliver botnet C2 server (confidence level: 50%)
file136.144.163.253
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file47.129.114.201
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file54.178.49.171
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file54.167.126.234
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file18.119.101.156
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file65.39.69.46
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file23.24.178.33
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file34.216.6.87
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file141.164.37.48
Kimsuky botnet C2 server (confidence level: 50%)
file158.247.255.100
Kimsuky botnet C2 server (confidence level: 50%)
file204.12.253.10
Kimsuky botnet C2 server (confidence level: 50%)
file194.127.192.94
Unknown malware botnet C2 server (confidence level: 50%)
file110.42.45.101
Unknown malware botnet C2 server (confidence level: 50%)
file118.26.39.189
Unknown malware botnet C2 server (confidence level: 50%)
file84.46.239.89
Brute Ratel C4 botnet C2 server (confidence level: 50%)
file152.204.236.49
AsyncRAT botnet C2 server (confidence level: 50%)
file51.159.110.219
Xtreme RAT botnet C2 server (confidence level: 50%)
file18.175.163.249
BlackShades botnet C2 server (confidence level: 50%)
file195.82.146.32
DCRat botnet C2 server (confidence level: 50%)
file177.136.225.145
Havoc botnet C2 server (confidence level: 50%)
file54.160.167.20
Unknown malware botnet C2 server (confidence level: 50%)
file117.212.172.74
Mozi botnet C2 server (confidence level: 50%)
file176.100.37.198
Sliver botnet C2 server (confidence level: 100%)
file163.5.32.183
AsyncRAT botnet C2 server (confidence level: 100%)
file78.164.223.72
AsyncRAT botnet C2 server (confidence level: 100%)
file96.9.125.174
Unknown malware botnet C2 server (confidence level: 100%)
file196.251.70.173
Hook botnet C2 server (confidence level: 100%)
file159.223.171.199
Venom RAT botnet C2 server (confidence level: 100%)
file52.47.171.145
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file185.39.206.11
ERMAC botnet C2 server (confidence level: 100%)
file5.95.41.119
Unknown malware botnet C2 server (confidence level: 100%)
file101.37.12.180
Chaos botnet C2 server (confidence level: 100%)
file143.110.241.106
Sliver botnet C2 server (confidence level: 75%)
file188.4.199.72
QakBot botnet C2 server (confidence level: 75%)

Hash

ValueDescriptionCopy
hash666
Bashlite botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 50%)
hash80
Stealc botnet C2 server (confidence level: 50%)
hash80
Stealc botnet C2 server (confidence level: 50%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash20000
AsyncRAT botnet C2 server (confidence level: 100%)
hash5000
Quasar RAT botnet C2 server (confidence level: 100%)
hash8082
Havoc botnet C2 server (confidence level: 100%)
hash2079
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash6522
NjRAT botnet C2 server (confidence level: 75%)
hash40000
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash7777
AsyncRAT botnet C2 server (confidence level: 100%)
hash7777
AsyncRAT botnet C2 server (confidence level: 100%)
hash1000
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash8082
Hook botnet C2 server (confidence level: 100%)
hash8082
Hook botnet C2 server (confidence level: 100%)
hash10080
Havoc botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash8080
Sliver botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash88
Sliver botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash55535
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash81
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash17182
NjRAT botnet C2 server (confidence level: 75%)
hash26223
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash9990
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 75%)
hash56999
Mirai botnet C2 server (confidence level: 75%)
hash1912
RedLine Stealer botnet C2 server (confidence level: 100%)
hash10001
Cobalt Strike botnet C2 server (confidence level: 100%)
hash20000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Remcos botnet C2 server (confidence level: 100%)
hash9907
AsyncRAT botnet C2 server (confidence level: 100%)
hash69
AsyncRAT botnet C2 server (confidence level: 100%)
hash4000
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash49331
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
MimiKatz botnet C2 server (confidence level: 100%)
hash443
Rhysida botnet C2 server (confidence level: 75%)
hash80
Rhysida botnet C2 server (confidence level: 75%)
hash995
QakBot botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash8888
Eye Pyramid botnet C2 server (confidence level: 75%)
hash443
Rhysida botnet C2 server (confidence level: 75%)
hash80
Rhysida botnet C2 server (confidence level: 75%)
hash10002
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash31337
Sliver botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8880
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash25
Venom RAT botnet C2 server (confidence level: 100%)
hash80
DarkVision RAT botnet C2 server (confidence level: 75%)
hash443
DarkVision RAT botnet C2 server (confidence level: 75%)
hash801
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash7031
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash8082
Hook botnet C2 server (confidence level: 100%)
hash1961
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
Brute Ratel C4 botnet C2 server (confidence level: 100%)
hash12972
Mirai botnet C2 server (confidence level: 100%)
hash6666
Cobalt Strike botnet C2 server (confidence level: 50%)
hash12233
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash80
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8099
Cobalt Strike botnet C2 server (confidence level: 50%)
hash80
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash63210
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash9312
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash9333
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash8728
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash17
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash11000
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash5001
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash5454
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash9306
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash80
Kimsuky botnet C2 server (confidence level: 50%)
hash443
Kimsuky botnet C2 server (confidence level: 50%)
hash443
Kimsuky botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash9205
Unknown malware botnet C2 server (confidence level: 50%)
hash9443
Unknown malware botnet C2 server (confidence level: 50%)
hash10443
Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash9999
AsyncRAT botnet C2 server (confidence level: 50%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 50%)
hash2762
BlackShades botnet C2 server (confidence level: 50%)
hash4443
DCRat botnet C2 server (confidence level: 50%)
hash8443
Havoc botnet C2 server (confidence level: 50%)
hash2048
Unknown malware botnet C2 server (confidence level: 50%)
hash50997
Mozi botnet C2 server (confidence level: 50%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash888
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash4443
Venom RAT botnet C2 server (confidence level: 100%)
hash16993
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
ERMAC botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash47486
Chaos botnet C2 server (confidence level: 100%)
hash2083
Sliver botnet C2 server (confidence level: 75%)
hash995
QakBot botnet C2 server (confidence level: 75%)

Domain

ValueDescriptionCopy
domainpepperiop.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincaptcha-verify-6r4x.com
ClearFake payload delivery domain (confidence level: 100%)
domaincaptcha-verify-2q7y.com
ClearFake payload delivery domain (confidence level: 100%)
domainbravelyko.run
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainnalandareporter.com
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainwww.leszartistes.art
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainpower.moon-river-coin.xyz
ClearFake payload delivery domain (confidence level: 100%)
domainaccount.farmandconstructionequipment.com
Havoc botnet C2 domain (confidence level: 100%)
domainautodiscover.b.ora-0-web.com
Bashlite botnet C2 domain (confidence level: 100%)
domainmail.e.multi-canale.com
Bashlite botnet C2 domain (confidence level: 100%)
domaincpcalendars.b.multi-canale.com
Bashlite botnet C2 domain (confidence level: 100%)
domainmail.eversioneweb.com
Bashlite botnet C2 domain (confidence level: 100%)
domainproximus-me.com
Havoc botnet C2 domain (confidence level: 100%)
domainogs.farmandconstructionequipment.com
Havoc botnet C2 domain (confidence level: 100%)
domainlake-observation.gl.at.ply.gg
NjRAT botnet C2 domain (confidence level: 75%)
domainqq.ap.4t.com
Vidar botnet C2 domain (confidence level: 100%)
domainxiaoll.com
AMOS botnet C2 domain (confidence level: 100%)
domainnet-killer.ooguy.com
MooBot botnet C2 domain (confidence level: 100%)
domainnet-killer.cameraddns.net
MooBot botnet C2 domain (confidence level: 100%)
domainmost-killer.duckdns.org
MooBot botnet C2 domain (confidence level: 100%)
domainconnect.antiwifi.dev
Mirai botnet C2 domain (confidence level: 75%)
domainus02web-zoom.icu
Unknown malware botnet C2 domain (confidence level: 100%)
domainzoom-us.live
RedLine Stealer payload delivery domain (confidence level: 100%)
domainus06web.zoom-us.live
RedLine Stealer payload delivery domain (confidence level: 100%)
domainquanmingl.com
Hook botnet C2 domain (confidence level: 100%)
domaincpcontacts.e.ora-0-web.com
Bashlite botnet C2 domain (confidence level: 100%)
domainaf5n6505ezcdp.cfc-execute.bj.baidubce.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincbqk67k2sd04d.cfc-execute.bj.baidubce.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainf4jr3v36b1sd7.cfc-execute.bj.baidubce.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainplantainklj.run
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainjavv-46764.portmap.host
XWorm botnet C2 domain (confidence level: 50%)
domainwould-perspectives.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domainlanding.survival-kitz.co
Unknown Loader botnet C2 domain (confidence level: 50%)
domaincandidt.live
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainingotyxx.live
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainliberatuie.run
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainstyleclinic-beautyicon.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaincoi.coicoi.filegear-sg.me
Cobalt Strike botnet C2 domain (confidence level: 75%)

Url

ValueDescriptionCopy
urlhttp://103.142.102.1:8888/supershell/login/
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://45.93.20.64/c090b39aa5004512.php
Stealc botnet C2 (confidence level: 50%)
urlhttp://45.93.20.28/3d15e67552d448ff.php
Stealc botnet C2 (confidence level: 50%)
urlhttp://81.19.131.77/6f35b3aacc54463f.php
Stealc botnet C2 (confidence level: 50%)
urlhttps://qq.ap.4t.com/
Vidar botnet C2 (confidence level: 100%)
urlhttps://xiaoll.com/macshare.php
AMOS botnet C2 (confidence level: 100%)
urlhttps://5pepperiop.digital/oage
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://7advennture.top/gksiio
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://7quavabvc.top/iuzhd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://cplantainklj.run/opafg
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://fjrxsafer.top/shpaoz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://gpuerrogfh.live/iqwez
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://mrambutanvcx.run/adioz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://npepperiop.digital/oage
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://1quavabvc.top/iuzhd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://8jrxsafer.top/shpaoz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://bplantainklj.run/opafg
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://njywmedici.top/noagis
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://tzpuerrogfh.live/iqwez
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://xpuerrogfh.live/iqwez
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://2plantainklj.run/opafg
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://6puerrogfh.live/iqwez
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://7jrxsafer.top/shpaoz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://kquavabvc.top/iuzhd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://sadvennture.top/gksiio
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://srambutanvcx.run/adioz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://yplantainklj.run/opafg
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://0quavabvc.top/iuzhd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://flourishfo.run/ayuio
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://iquavabvc.top/iuzhd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ptargett.top/dsangt
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://gquavabvc.top/iuzhd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://1ywmedici.top/noagis
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://6plantainklj.run/opafg
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ujjrxsafer.top/shpaoz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://vpepperiop.digital/oage
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://advancesg.live/aoias
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://6ywmedici.top/noagis
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://gplantainklj.run/opafg
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://zestyasd.run/igsup
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://31.59.131.10/
Hook botnet C2 (confidence level: 50%)
urlhttp://176.65.144.237/
Hook botnet C2 (confidence level: 50%)
urlhttp://45.88.186.129/
Hook botnet C2 (confidence level: 50%)
urlhttp://176.117.68.103/
Hook botnet C2 (confidence level: 50%)
urlhttp://176.65.143.191/
Hook botnet C2 (confidence level: 50%)
urlhttp://176.65.143.173/m0xmdru/login.php
Amadey botnet C2 (confidence level: 50%)

Threat ID: 682c7db4e8347ec82d2af207

Added to database: 5/20/2025, 1:03:48 PM

Last enriched: 6/19/2025, 3:01:51 PM

Last updated: 8/16/2025, 9:01:30 AM

Views: 17

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats