ThreatFox IOCs for 2025-04-07

Severity: mediumType: malware

AI Analysis

Technical Summary

The provided threat information pertains to a malware-related intelligence report titled "ThreatFox IOCs for 2025-04-07," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under the "osint" product type, indicating that it primarily involves open-source intelligence data rather than a specific software product or version. No specific affected versions or software products are identified, and there are no associated Common Weakness Enumerations (CWEs) or patch links, suggesting that this report does not describe a newly discovered vulnerability in a particular software but rather focuses on malware indicators and related threat intelligence. The technical details indicate a threat level of 2 on an unspecified scale, an analysis rating of 1, and a distribution rating of 3, which may imply moderate threat severity and a relatively widespread distribution or detection of the malware or its indicators. The absence of known exploits in the wild and lack of specific IOCs in the report further suggest that this intelligence is preliminary or general in nature, possibly serving as an early warning or situational awareness update rather than a report on an active, targeted campaign. Given the lack of detailed technical specifics such as malware behavior, attack vectors, or targeted vulnerabilities, the threat appears to be an informational update on malware-related IOCs rather than a direct exploit or vulnerability. The "tlp:white" tag indicates that the information is intended for broad sharing without restrictions, supporting the idea that this is open-source intelligence data meant for general awareness. In summary, this threat report provides a medium-severity alert about malware-related indicators collected and disseminated through ThreatFox, without detailing specific affected systems, exploitation methods, or active campaigns. It serves as a general intelligence update rather than a description of a critical or high-impact vulnerability or malware outbreak.

Potential Impact

For European organizations, the impact of this threat is currently limited due to the lack of specific exploitation details or active campaigns. However, the dissemination of malware-related IOCs can aid threat actors in refining their attack methods or targeting strategies if these indicators are leveraged maliciously. The medium severity rating suggests a moderate risk level, potentially involving malware that could affect confidentiality, integrity, or availability if successfully deployed. European organizations relying on open-source intelligence feeds for threat detection and response may benefit from incorporating these IOCs into their security monitoring to enhance early detection capabilities. Conversely, the absence of detailed attack vectors or affected products means that organizations cannot yet prioritize specific defensive measures beyond general vigilance. The threat's distribution rating implies that the malware or its indicators may be widespread, increasing the likelihood of incidental exposure or scanning attempts. Overall, the impact is moderate and primarily informational at this stage, but organizations should remain alert for any updates that provide more actionable intelligence or evidence of active exploitation targeting European infrastructure or enterprises.

Mitigation Recommendations

Given the general nature of this threat intelligence update, mitigation should focus on enhancing detection and response capabilities rather than patching specific vulnerabilities. European organizations should: 1. Integrate the provided IOCs from ThreatFox into their Security Information and Event Management (SIEM) systems and endpoint detection and response (EDR) tools to improve identification of potential malware activity. 2. Conduct regular threat hunting exercises using updated OSINT feeds to proactively detect signs of compromise related to these or similar malware indicators. 3. Maintain up-to-date malware signatures and heuristic detection capabilities within antivirus and anti-malware solutions. 4. Ensure robust network segmentation and least privilege access controls to limit potential malware spread if an infection occurs. 5. Promote user awareness and training focused on recognizing phishing and social engineering tactics, as these remain common malware delivery vectors. 6. Monitor ThreatFox and other reputable OSINT sources for updates or additional context that could refine defensive postures or reveal active exploitation. These measures go beyond generic advice by emphasizing the operational integration of OSINT-derived IOCs and proactive threat hunting tailored to the evolving intelligence landscape.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland

Indicators of Compromise

file: 1.94.105.46
hash: 81
file: 212.47.75.55
hash: 6666
file: 167.86.116.179
hash: 8808
file: 196.251.84.194
hash: 8808
domain: ec2-18-138-195-208.ap-southeast-1.compute.amazonaws.com
file: 45.88.186.129
hash: 8089
file: 172.105.91.248
hash: 443
domain: office365.farmandconstructionequipment.com
file: 3.79.45.173
hash: 38690
file: 31.15.18.21
hash: 80
file: 45.137.70.91
hash: 80
file: 147.185.221.23
hash: 31296
domain: lesbian-stereo.gl.at.ply.gg
file: 114.132.166.145
hash: 3389
domain: cloud1.amazehome.xyz
file: 156.224.29.3
hash: 443
file: 47.108.39.159
hash: 4446
file: 176.65.141.98
hash: 7707
file: 196.251.117.108
hash: 8444
file: 78.164.223.72
hash: 3000
domain: ec2-54-68-184-184.us-west-2.compute.amazonaws.com
domain: ec2-13-238-124-252.ap-southeast-2.compute.amazonaws.com
file: 212.162.149.99
hash: 2404
file: 20.84.67.23
hash: 60000
file: 121.36.73.30
hash: 60000
file: 43.143.94.53
hash: 60000
file: 45.141.233.145
hash: 1664
domain: foryoumedical.ddns.net
file: 78.47.126.174
hash: 3333
file: 188.165.136.58
hash: 3333
file: 184.82.103.190
hash: 3333
file: 34.236.182.101
hash: 443
file: 44.207.113.4
hash: 443
file: 178.128.45.61
hash: 80
file: 45.77.38.170
hash: 3333
file: 198.74.59.101
hash: 443
file: 40.113.161.166
hash: 3333
file: 3.125.192.194
hash: 80
file: 68.183.103.145
hash: 443
file: 5.2.159.157
hash: 33331
file: 139.59.234.138
hash: 3333
file: 117.50.188.222
hash: 523
file: 157.180.72.155
hash: 3333
file: 3.108.122.237
hash: 3333
file: 85.9.192.29
hash: 8000
file: 107.175.87.142
hash: 443
file: 185.14.29.4
hash: 443
file: 185.14.31.72
hash: 443
file: 185.65.202.183
hash: 443
file: 185.99.2.202
hash: 443
file: 188.165.62.2
hash: 443
file: 192.3.193.162
hash: 443
file: 194.5.250.178
hash: 443
file: 194.5.250.179
hash: 443
file: 195.54.32.12
hash: 443
file: 198.15.119.121
hash: 443
file: 198.15.119.71
hash: 443
file: 212.80.217.243
hash: 443
file: 31.131.21.30
hash: 443
file: 5.182.210.120
hash: 443
file: 5.34.177.194
hash: 443
file: 89.191.234.89
hash: 443
url: http://117.217.128.103:50261/mozi.m
url: https://steamcommunity.com/profiles/76561199843252735
url: https://t.me/f07nd
url: https://qe.ap.4t.com/
url: https://5.75.215.128/
domain: qe.ap.4t.com
file: 5.75.215.128
hash: 443
hash: c8c64113076101d13ee6dfad4ce1c934
hash: 84b3d2b5c6ba0d6627e74c2c89f3b9a3
hash: bb62d73fcab6f29f95f9919e1dc0932c
hash: 0f8b20c367c6cb2c2726a3495d1d8d28
file: 124.71.106.116
hash: 8080
file: 120.138.19.63
hash: 443
file: 144.172.92.114
hash: 8808
file: 176.65.143.159
hash: 7707
file: 176.65.143.159
hash: 6606
domain: zestmedo.top
file: 181.41.201.188
hash: 2053
file: 195.211.191.174
hash: 5938
file: 54.249.53.66
hash: 80
file: 165.22.17.157
hash: 80
domain: content.up-edu-mx.shop
domain: ssl.up-edu-mx.shop
domain: webmail.webprocediweb.com
domain: cpanel.versioneonline.com
domain: cpcontacts.m.web-app-on.com
file: 194.28.226.181
hash: 443
file: 121.40.208.196
hash: 80
file: 120.55.169.128
hash: 801
file: 70.27.138.65
hash: 2078
url: https://lapsack.com/3q7q.js
domain: lapsack.com
url: https://lapsack.com/js.php
file: 192.238.206.6
hash: 8847
file: 3.146.93.253
hash: 55600
domain: gecsge4e1e5427f8.com
file: 139.196.126.161
hash: 8080
file: 47.122.66.99
hash: 80
file: 47.109.177.97
hash: 2222
file: 111.68.1.218
hash: 80
file: 46.21.153.155
hash: 8081
file: 38.242.248.109
hash: 2404
file: 20.89.182.93
hash: 8888
file: 192.159.99.106
hash: 8808
file: 31.57.166.49
hash: 8808
file: 78.164.223.72
hash: 2004
file: 107.172.100.174
hash: 7443
file: 34.219.245.253
hash: 7443
file: 181.41.201.188
hash: 80
file: 139.162.149.223
hash: 443
file: 119.3.221.6
hash: 4444
file: 111.90.151.162
hash: 8443
domain: accounts.up-edu-mx.shop
domain: myaccount.up-edu-mx.shop
domain: myvrhost.viottoholdings.com
file: 3.146.93.253
hash: 55501
file: 3.146.93.253
hash: 55590
file: 3.146.93.253
hash: 55500
file: 52.15.213.182
hash: 80
domain: yt3cvkj43ws.pages.dev
domain: nhgfdc-ok.pages.dev
domain: 6rzj5pnk8zqwt.cfc-execute.bj.baidubce.com
file: 139.129.23.77
hash: 443
file: 3.146.93.253
hash: 55502
url: https://cf.jolttapestry.fun/7456f63a46cc318334a70159aa3c4291
domain: cf.jolttapestry.fun
file: 196.251.92.84
hash: 45111
domain: qx.ap.4t.com
domain: opimendu.digital
domain: h1.catnipreggae.shop
url: https://kjpuerrogfh.live/iqwez
url: https://ltargett.top/dsangt
url: https://irambutanvcx.run/adioz
url: https://mfurthert.run/azpp
url: https://shiftmodh.run/doxz
file: 142.11.206.127
hash: 443
file: 38.181.35.237
hash: 443
domain: easyfwdr.digital
file: 185.215.113.51
hash: 80
file: 185.156.73.98
hash: 80
domain: reformzv.digital
domain: hopezx.run
domain: reboundui.live
url: https://modtunes.live/gooz
url: https://opimendu.digital/poqwe
url: https://zgplantainklj.run/opafg
domain: puerrogfh.live
domain: quavabvc.top
domain: furthert.run
domain: rambutanvcx.run
url: https://enhancety.digital/kedi
url: https://fresheslam.run/qywix
file: 45.12.91.12
hash: 8443
file: 77.239.101.226
hash: 443
file: 195.201.27.141
hash: 31337
file: 171.244.40.248
hash: 31337
file: 45.79.43.128
hash: 31337
file: 178.183.165.218
hash: 10080
file: 45.88.186.160
hash: 1337
file: 158.247.220.151
hash: 80
url: https://almeida.clientepj.com/almeida/contador.php
file: 196.251.86.242
hash: 2404
url: http://118.178.89.212:8888/supershell/login/
url: http://118.195.149.202:8888/supershell/login/
url: http://123.60.23.234:8888/supershell/login/
url: http://117.72.119.63:7088/supershell/login/
file: 124.70.99.224
hash: 4443
file: 84.196.87.46
hash: 2404
file: 35.194.13.156
hash: 7443
file: 107.172.100.174
hash: 443
file: 8.218.97.73
hash: 65503
file: 160.187.246.152
hash: 80
url: https://qtargett.top/dsangt
file: 194.28.226.181
hash: 30001
domain: demo.spfspassa.xyz
domain: old.spfspassa.xyz
domain: gbtx.duckdns.org
domain: transxx.duckdns.org
domain: texz.jhpublicaffairs.ie
domain: zestyasd.run
url: http://yarnwool.xyz/grun.php
url: http://requesttendency.icu/uri.php
url: http://requesttendency.icu/ury.php
domain: requesttendency.icu
domain: cureboto.run
url: https://ak0amca.24secur.ru/
url: https://m2ds.securessadownloads.ru/
url: https://m2ds.securessadownloads.ru/s
url: https://comnfigrationclientpanel.securessafiles.ru/
url: https://zargleflump.x10.mx/
url: http://login.securedmicrosoft365.com/
url: http://api.securedmicrosoft365.com/
url: https://palsmedq.run/agozn
url: http://cdn.securedmicrosoft365.com/
url: http://storage.securedmicrosoft365.com/
url: https://komi.cam/
url: https://claim-pamp.fun/
url: https://roomnum-998388.world/
url: https://booking.complaintguest2.com/
url: https://april-boking-recapt09993748.com/
url: https://confirmbooking7.com/
url: https://bookskkas.xyz/
url: https://talentstack.icu/
url: https://bookpartn.com/
url: https://bookisnd.it.com/
url: https://coinspaceteam.com/
url: https://soubtcevent.com/
url: https://appeal.wiki/
file: 166.108.204.240
hash: 7777
file: 18.117.46.40
hash: 7777
file: 217.154.22.69
hash: 3333
file: 54.246.30.38
hash: 3333
file: 102.211.120.2
hash: 3333
file: 113.45.201.80
hash: 9205
file: 105.197.218.132
hash: 1177
domain: heavendie.no-ip.org
domain: service.neugumma.my
domain: officer-nec.gl.at.ply.gg
domain: nzobaku.ddns.net
domain: somsom22.duckdns.org
file: 138.124.89.153
hash: 41555
url: https://pastebin.com/raw/g6gmyacm
domain: hosting10-38853.portmap.io
domain: language-apnic.gl.at.ply.gg
domain: tesifa-38287.portmap.io
file: 193.161.193.99
hash: 38853
url: https://0targett.top/dsangt
url: https://2ywmedici.top/noagis
url: https://4rhxhube.run/pogrs
url: https://apuerrogfh.live/iqwez
url: https://easyfwdr.digital/azxs
url: https://fescapadue.live/spzkwq
url: https://furthert.run/azpp
url: https://jjrxsafer.top/shpaoz
url: https://nadvennture.top/gksiio
url: https://reformzv.digital/guud
url: https://upuerrogfh.live/iqwez
url: https://uywmedici.top/noagis
url: https://vquavabvc.top/iuzhd
file: 114.132.166.145
hash: 7723
file: 120.76.158.8
hash: 443
file: 196.251.117.67
hash: 8808
file: 46.246.4.12
hash: 1000
file: 34.133.215.114
hash: 7443
file: 45.146.234.153
hash: 443
file: 185.255.92.151
hash: 5000
url: https://travelilx.top/gskaiz
url: https://xplantainklj.run/opafg

ThreatFox IOCs for 2025-04-07

Severity: medium

Type: malware

ThreatFox IOCs for 2025-04-07

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland

Indicators of Compromise

file: 1.94.105.46
hash: 81
file: 212.47.75.55
hash: 6666
file: 167.86.116.179
hash: 8808
file: 196.251.84.194
hash: 8808
domain: ec2-18-138-195-208.ap-southeast-1.compute.amazonaws.com
file: 45.88.186.129
hash: 8089
file: 172.105.91.248
hash: 443
domain: office365.farmandconstructionequipment.com
file: 3.79.45.173
hash: 38690
file: 31.15.18.21
hash: 80
file: 45.137.70.91
hash: 80
file: 147.185.221.23
hash: 31296
domain: lesbian-stereo.gl.at.ply.gg
file: 114.132.166.145
hash: 3389
domain: cloud1.amazehome.xyz
file: 156.224.29.3
hash: 443
file: 47.108.39.159
hash: 4446
file: 176.65.141.98
hash: 7707
file: 196.251.117.108
hash: 8444
file: 78.164.223.72
hash: 3000
domain: ec2-54-68-184-184.us-west-2.compute.amazonaws.com
domain: ec2-13-238-124-252.ap-southeast-2.compute.amazonaws.com
file: 212.162.149.99
hash: 2404
file: 20.84.67.23
hash: 60000
file: 121.36.73.30
hash: 60000
file: 43.143.94.53
hash: 60000
file: 45.141.233.145
hash: 1664
domain: foryoumedical.ddns.net
file: 78.47.126.174
hash: 3333
file: 188.165.136.58
hash: 3333
file: 184.82.103.190
hash: 3333
file: 34.236.182.101
hash: 443
file: 44.207.113.4
hash: 443
file: 178.128.45.61
hash: 80
file: 45.77.38.170
hash: 3333
file: 198.74.59.101
hash: 443
file: 40.113.161.166
hash: 3333
file: 3.125.192.194
hash: 80
file: 68.183.103.145
hash: 443
file: 5.2.159.157
hash: 33331
file: 139.59.234.138
hash: 3333
file: 117.50.188.222
hash: 523
file: 157.180.72.155
hash: 3333
file: 3.108.122.237
hash: 3333
file: 85.9.192.29
hash: 8000
file: 107.175.87.142
hash: 443
file: 185.14.29.4
hash: 443
file: 185.14.31.72
hash: 443
file: 185.65.202.183
hash: 443
file: 185.99.2.202
hash: 443
file: 188.165.62.2
hash: 443
file: 192.3.193.162
hash: 443
file: 194.5.250.178
hash: 443
file: 194.5.250.179
hash: 443
file: 195.54.32.12
hash: 443
file: 198.15.119.121
hash: 443
file: 198.15.119.71
hash: 443
file: 212.80.217.243
hash: 443
file: 31.131.21.30
hash: 443
file: 5.182.210.120
hash: 443
file: 5.34.177.194
hash: 443
file: 89.191.234.89
hash: 443
url: http://117.217.128.103:50261/mozi.m
url: https://steamcommunity.com/profiles/76561199843252735
url: https://t.me/f07nd
url: https://qe.ap.4t.com/
url: https://5.75.215.128/
domain: qe.ap.4t.com
file: 5.75.215.128
hash: 443
hash: c8c64113076101d13ee6dfad4ce1c934
hash: 84b3d2b5c6ba0d6627e74c2c89f3b9a3
hash: bb62d73fcab6f29f95f9919e1dc0932c
hash: 0f8b20c367c6cb2c2726a3495d1d8d28
file: 124.71.106.116
hash: 8080
file: 120.138.19.63
hash: 443
file: 144.172.92.114
hash: 8808
file: 176.65.143.159
hash: 7707
file: 176.65.143.159
hash: 6606
domain: zestmedo.top
file: 181.41.201.188
hash: 2053
file: 195.211.191.174
hash: 5938
file: 54.249.53.66
hash: 80
file: 165.22.17.157
hash: 80
domain: content.up-edu-mx.shop
domain: ssl.up-edu-mx.shop
domain: webmail.webprocediweb.com
domain: cpanel.versioneonline.com
domain: cpcontacts.m.web-app-on.com
file: 194.28.226.181
hash: 443
file: 121.40.208.196
hash: 80
file: 120.55.169.128
hash: 801
file: 70.27.138.65
hash: 2078
url: https://lapsack.com/3q7q.js
domain: lapsack.com
url: https://lapsack.com/js.php
file: 192.238.206.6
hash: 8847
file: 3.146.93.253
hash: 55600
domain: gecsge4e1e5427f8.com
file: 139.196.126.161
hash: 8080
file: 47.122.66.99
hash: 80
file: 47.109.177.97
hash: 2222
file: 111.68.1.218
hash: 80
file: 46.21.153.155
hash: 8081
file: 38.242.248.109
hash: 2404
file: 20.89.182.93
hash: 8888
file: 192.159.99.106
hash: 8808
file: 31.57.166.49
hash: 8808
file: 78.164.223.72
hash: 2004
file: 107.172.100.174
hash: 7443
file: 34.219.245.253
hash: 7443
file: 181.41.201.188
hash: 80
file: 139.162.149.223
hash: 443
file: 119.3.221.6
hash: 4444
file: 111.90.151.162
hash: 8443
domain: accounts.up-edu-mx.shop
domain: myaccount.up-edu-mx.shop
domain: myvrhost.viottoholdings.com
file: 3.146.93.253
hash: 55501
file: 3.146.93.253
hash: 55590
file: 3.146.93.253
hash: 55500
file: 52.15.213.182
hash: 80
domain: yt3cvkj43ws.pages.dev
domain: nhgfdc-ok.pages.dev
domain: 6rzj5pnk8zqwt.cfc-execute.bj.baidubce.com
file: 139.129.23.77
hash: 443
file: 3.146.93.253
hash: 55502
url: https://cf.jolttapestry.fun/7456f63a46cc318334a70159aa3c4291
domain: cf.jolttapestry.fun
file: 196.251.92.84
hash: 45111
domain: qx.ap.4t.com
domain: opimendu.digital
domain: h1.catnipreggae.shop
url: https://kjpuerrogfh.live/iqwez
url: https://ltargett.top/dsangt
url: https://irambutanvcx.run/adioz
url: https://mfurthert.run/azpp
url: https://shiftmodh.run/doxz
file: 142.11.206.127
hash: 443
file: 38.181.35.237
hash: 443
domain: easyfwdr.digital
file: 185.215.113.51
hash: 80
file: 185.156.73.98
hash: 80
domain: reformzv.digital
domain: hopezx.run
domain: reboundui.live
url: https://modtunes.live/gooz
url: https://opimendu.digital/poqwe
url: https://zgplantainklj.run/opafg
domain: puerrogfh.live
domain: quavabvc.top
domain: furthert.run
domain: rambutanvcx.run
url: https://enhancety.digital/kedi
url: https://fresheslam.run/qywix
file: 45.12.91.12
hash: 8443
file: 77.239.101.226
hash: 443
file: 195.201.27.141
hash: 31337
file: 171.244.40.248
hash: 31337
file: 45.79.43.128
hash: 31337
file: 178.183.165.218
hash: 10080
file: 45.88.186.160
hash: 1337
file: 158.247.220.151
hash: 80
url: https://almeida.clientepj.com/almeida/contador.php
file: 196.251.86.242
hash: 2404
url: http://118.178.89.212:8888/supershell/login/
url: http://118.195.149.202:8888/supershell/login/
url: http://123.60.23.234:8888/supershell/login/
url: http://117.72.119.63:7088/supershell/login/
file: 124.70.99.224
hash: 4443
file: 84.196.87.46
hash: 2404
file: 35.194.13.156
hash: 7443
file: 107.172.100.174
hash: 443
file: 8.218.97.73
hash: 65503
file: 160.187.246.152
hash: 80
url: https://qtargett.top/dsangt
file: 194.28.226.181
hash: 30001
domain: demo.spfspassa.xyz
domain: old.spfspassa.xyz
domain: gbtx.duckdns.org
domain: transxx.duckdns.org
domain: texz.jhpublicaffairs.ie
domain: zestyasd.run
url: http://yarnwool.xyz/grun.php
url: http://requesttendency.icu/uri.php
url: http://requesttendency.icu/ury.php
domain: requesttendency.icu
domain: cureboto.run
url: https://ak0amca.24secur.ru/
url: https://m2ds.securessadownloads.ru/
url: https://m2ds.securessadownloads.ru/s
url: https://comnfigrationclientpanel.securessafiles.ru/
url: https://zargleflump.x10.mx/
url: http://login.securedmicrosoft365.com/
url: http://api.securedmicrosoft365.com/
url: https://palsmedq.run/agozn
url: http://cdn.securedmicrosoft365.com/
url: http://storage.securedmicrosoft365.com/
url: https://komi.cam/
url: https://claim-pamp.fun/
url: https://roomnum-998388.world/
url: https://booking.complaintguest2.com/
url: https://april-boking-recapt09993748.com/
url: https://confirmbooking7.com/
url: https://bookskkas.xyz/
url: https://talentstack.icu/
url: https://bookpartn.com/
url: https://bookisnd.it.com/
url: https://coinspaceteam.com/
url: https://soubtcevent.com/
url: https://appeal.wiki/
file: 166.108.204.240
hash: 7777
file: 18.117.46.40
hash: 7777
file: 217.154.22.69
hash: 3333
file: 54.246.30.38
hash: 3333
file: 102.211.120.2
hash: 3333
file: 113.45.201.80
hash: 9205
file: 105.197.218.132
hash: 1177
domain: heavendie.no-ip.org
domain: service.neugumma.my
domain: officer-nec.gl.at.ply.gg
domain: nzobaku.ddns.net
domain: somsom22.duckdns.org
file: 138.124.89.153
hash: 41555
url: https://pastebin.com/raw/g6gmyacm
domain: hosting10-38853.portmap.io
domain: language-apnic.gl.at.ply.gg
domain: tesifa-38287.portmap.io
file: 193.161.193.99
hash: 38853
url: https://0targett.top/dsangt
url: https://2ywmedici.top/noagis
url: https://4rhxhube.run/pogrs
url: https://apuerrogfh.live/iqwez
url: https://easyfwdr.digital/azxs
url: https://fescapadue.live/spzkwq
url: https://furthert.run/azpp
url: https://jjrxsafer.top/shpaoz
url: https://nadvennture.top/gksiio
url: https://reformzv.digital/guud
url: https://upuerrogfh.live/iqwez
url: https://uywmedici.top/noagis
url: https://vquavabvc.top/iuzhd
file: 114.132.166.145
hash: 7723
file: 120.76.158.8
hash: 443
file: 196.251.117.67
hash: 8808
file: 46.246.4.12
hash: 1000
file: 34.133.215.114
hash: 7443
file: 45.146.234.153
hash: 443
file: 185.255.92.151
hash: 5000
url: https://travelilx.top/gskaiz
url: https://xplantainklj.run/opafg

Source: ThreatFox

Published: Mon Apr 07 2025

ThreatFox IOCs for 2025-04-07

Medium

Malwaretype:osint tlp:white

Published: Mon Apr 07 2025 (04/07/2025, 00:00:00 UTC)

Source: ThreatFox

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2025-04-07

AI-Powered Analysis

AILast updated: 06/19/2025, 14:50:16 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: 7b159254-dc57-4b3c-8155-6d01d565faeb
Original Timestamp: 1744070586

Indicators of Compromise

File

Value	Description	Copy
file1.94.105.46	Cobalt Strike botnet C2 server (confidence level: 100%)
file212.47.75.55	Sliver botnet C2 server (confidence level: 100%)
file167.86.116.179	AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.84.194	AsyncRAT botnet C2 server (confidence level: 100%)
file45.88.186.129	Hook botnet C2 server (confidence level: 100%)
file172.105.91.248	Havoc botnet C2 server (confidence level: 100%)
file3.79.45.173	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file31.15.18.21	MooBot botnet C2 server (confidence level: 100%)
file45.137.70.91	MooBot botnet C2 server (confidence level: 100%)
file147.185.221.23	NjRAT botnet C2 server (confidence level: 75%)
file114.132.166.145	Cobalt Strike botnet C2 server (confidence level: 75%)
file156.224.29.3	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.108.39.159	Cobalt Strike botnet C2 server (confidence level: 100%)
file176.65.141.98	AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.117.108	AsyncRAT botnet C2 server (confidence level: 100%)
file78.164.223.72	AsyncRAT botnet C2 server (confidence level: 100%)
file212.162.149.99	Remcos botnet C2 server (confidence level: 100%)
file20.84.67.23	Unknown malware botnet C2 server (confidence level: 100%)
file121.36.73.30	Unknown malware botnet C2 server (confidence level: 100%)
file43.143.94.53	Unknown malware botnet C2 server (confidence level: 100%)
file45.141.233.145	Nanocore RAT botnet C2 server (confidence level: 100%)
file78.47.126.174	Unknown malware botnet C2 server (confidence level: 100%)
file188.165.136.58	Unknown malware botnet C2 server (confidence level: 100%)
file184.82.103.190	Unknown malware botnet C2 server (confidence level: 100%)
file34.236.182.101	Unknown malware botnet C2 server (confidence level: 100%)
file44.207.113.4	Unknown malware botnet C2 server (confidence level: 100%)
file178.128.45.61	Unknown malware botnet C2 server (confidence level: 100%)
file45.77.38.170	Unknown malware botnet C2 server (confidence level: 100%)
file198.74.59.101	Unknown malware botnet C2 server (confidence level: 100%)
file40.113.161.166	Unknown malware botnet C2 server (confidence level: 100%)
file3.125.192.194	Unknown malware botnet C2 server (confidence level: 100%)
file68.183.103.145	Unknown malware botnet C2 server (confidence level: 100%)
file5.2.159.157	Unknown malware botnet C2 server (confidence level: 100%)
file139.59.234.138	Unknown malware botnet C2 server (confidence level: 100%)
file117.50.188.222	Unknown malware botnet C2 server (confidence level: 100%)
file157.180.72.155	Unknown malware botnet C2 server (confidence level: 100%)
file3.108.122.237	Unknown malware botnet C2 server (confidence level: 100%)
file85.9.192.29	MimiKatz botnet C2 server (confidence level: 100%)
file107.175.87.142	TrickBot botnet C2 server (confidence level: 75%)
file185.14.29.4	TrickBot botnet C2 server (confidence level: 75%)
file185.14.31.72	TrickBot botnet C2 server (confidence level: 75%)
file185.65.202.183	TrickBot botnet C2 server (confidence level: 75%)
file185.99.2.202	TrickBot botnet C2 server (confidence level: 75%)
file188.165.62.2	TrickBot botnet C2 server (confidence level: 75%)
file192.3.193.162	TrickBot botnet C2 server (confidence level: 75%)
file194.5.250.178	TrickBot botnet C2 server (confidence level: 75%)
file194.5.250.179	TrickBot botnet C2 server (confidence level: 75%)
file195.54.32.12	TrickBot botnet C2 server (confidence level: 75%)
file198.15.119.121	TrickBot botnet C2 server (confidence level: 75%)
file198.15.119.71	TrickBot botnet C2 server (confidence level: 75%)
file212.80.217.243	TrickBot botnet C2 server (confidence level: 75%)
file31.131.21.30	TrickBot botnet C2 server (confidence level: 75%)
file5.182.210.120	TrickBot botnet C2 server (confidence level: 75%)
file5.34.177.194	TrickBot botnet C2 server (confidence level: 75%)
file89.191.234.89	TrickBot botnet C2 server (confidence level: 75%)
file5.75.215.128	Vidar botnet C2 server (confidence level: 100%)
file124.71.106.116	Cobalt Strike botnet C2 server (confidence level: 100%)
file120.138.19.63	Sliver botnet C2 server (confidence level: 100%)
file144.172.92.114	AsyncRAT botnet C2 server (confidence level: 100%)
file176.65.143.159	AsyncRAT botnet C2 server (confidence level: 100%)
file176.65.143.159	AsyncRAT botnet C2 server (confidence level: 100%)
file181.41.201.188	Hook botnet C2 server (confidence level: 100%)
file195.211.191.174	Quasar RAT botnet C2 server (confidence level: 100%)
file54.249.53.66	Brute Ratel C4 botnet C2 server (confidence level: 100%)
file165.22.17.157	ERMAC botnet C2 server (confidence level: 100%)
file194.28.226.181	GhostSocks botnet C2 server (confidence level: 75%)
file121.40.208.196	Cobalt Strike botnet C2 server (confidence level: 100%)
file120.55.169.128	Cobalt Strike botnet C2 server (confidence level: 100%)
file70.27.138.65	QakBot botnet C2 server (confidence level: 75%)
file192.238.206.6	AsyncRAT botnet C2 server (confidence level: 75%)
file3.146.93.253	vo1d botnet C2 server (confidence level: 100%)
file139.196.126.161	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.122.66.99	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.109.177.97	Cobalt Strike botnet C2 server (confidence level: 100%)
file111.68.1.218	Cobalt Strike botnet C2 server (confidence level: 100%)
file46.21.153.155	Cobalt Strike botnet C2 server (confidence level: 100%)
file38.242.248.109	Remcos botnet C2 server (confidence level: 100%)
file20.89.182.93	Unknown malware botnet C2 server (confidence level: 100%)
file192.159.99.106	AsyncRAT botnet C2 server (confidence level: 100%)
file31.57.166.49	AsyncRAT botnet C2 server (confidence level: 100%)
file78.164.223.72	AsyncRAT botnet C2 server (confidence level: 100%)
file107.172.100.174	Unknown malware botnet C2 server (confidence level: 100%)
file34.219.245.253	Unknown malware botnet C2 server (confidence level: 100%)
file181.41.201.188	Hook botnet C2 server (confidence level: 100%)
file139.162.149.223	Havoc botnet C2 server (confidence level: 100%)
file119.3.221.6	Havoc botnet C2 server (confidence level: 100%)
file111.90.151.162	Brute Ratel C4 botnet C2 server (confidence level: 100%)
file3.146.93.253	vo1d botnet C2 server (confidence level: 100%)
file3.146.93.253	vo1d botnet C2 server (confidence level: 100%)
file3.146.93.253	vo1d botnet C2 server (confidence level: 100%)
file52.15.213.182	vo1d botnet C2 server (confidence level: 100%)
file139.129.23.77	Cobalt Strike botnet C2 server (confidence level: 75%)
file3.146.93.253	vo1d botnet C2 server (confidence level: 100%)
file196.251.92.84	Remcos botnet C2 server (confidence level: 75%)
file142.11.206.127	FAKEUPDATES payload delivery server (confidence level: 75%)
file38.181.35.237	ValleyRAT botnet C2 server (confidence level: 75%)
file185.215.113.51	Lumma Stealer botnet C2 server (confidence level: 50%)
file185.156.73.98	GCleaner botnet C2 server (confidence level: 75%)
file45.12.91.12	Cobalt Strike botnet C2 server (confidence level: 50%)
file77.239.101.226	Cobalt Strike botnet C2 server (confidence level: 50%)
file195.201.27.141	Sliver botnet C2 server (confidence level: 50%)
file171.244.40.248	Sliver botnet C2 server (confidence level: 50%)
file45.79.43.128	Sliver botnet C2 server (confidence level: 50%)
file178.183.165.218	Xtreme RAT botnet C2 server (confidence level: 50%)
file45.88.186.160	DCRat botnet C2 server (confidence level: 50%)
file158.247.220.151	Kimsuky botnet C2 server (confidence level: 50%)
file196.251.86.242	Remcos botnet C2 server (confidence level: 75%)
file124.70.99.224	Cobalt Strike botnet C2 server (confidence level: 100%)
file84.196.87.46	Remcos botnet C2 server (confidence level: 100%)
file35.194.13.156	Unknown malware botnet C2 server (confidence level: 100%)
file107.172.100.174	Unknown malware botnet C2 server (confidence level: 100%)
file8.218.97.73	DCRat botnet C2 server (confidence level: 100%)
file160.187.246.152	MooBot botnet C2 server (confidence level: 100%)
file194.28.226.181	GhostSocks botnet C2 server (confidence level: 100%)
file166.108.204.240	Cobalt Strike botnet C2 server (confidence level: 50%)
file18.117.46.40	Unknown malware botnet C2 server (confidence level: 50%)
file217.154.22.69	Unknown malware botnet C2 server (confidence level: 50%)
file54.246.30.38	Unknown malware botnet C2 server (confidence level: 50%)
file102.211.120.2	Unknown malware botnet C2 server (confidence level: 50%)
file113.45.201.80	Unknown malware botnet C2 server (confidence level: 50%)
file105.197.218.132	NjRAT botnet C2 server (confidence level: 50%)
file138.124.89.153	Remcos botnet C2 server (confidence level: 50%)
file193.161.193.99	XWorm botnet C2 server (confidence level: 50%)
file114.132.166.145	Cobalt Strike botnet C2 server (confidence level: 100%)
file120.76.158.8	Cobalt Strike botnet C2 server (confidence level: 100%)
file196.251.117.67	AsyncRAT botnet C2 server (confidence level: 100%)
file46.246.4.12	AsyncRAT botnet C2 server (confidence level: 100%)
file34.133.215.114	Unknown malware botnet C2 server (confidence level: 100%)
file45.146.234.153	Havoc botnet C2 server (confidence level: 100%)
file185.255.92.151	DCRat botnet C2 server (confidence level: 100%)

Hash

Value	Description	Copy
hash81	Cobalt Strike botnet C2 server (confidence level: 100%)
hash6666	Sliver botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash8089	Hook botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash38690	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80	MooBot botnet C2 server (confidence level: 100%)
hash80	MooBot botnet C2 server (confidence level: 100%)
hash31296	NjRAT botnet C2 server (confidence level: 75%)
hash3389	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4446	Cobalt Strike botnet C2 server (confidence level: 100%)
hash7707	AsyncRAT botnet C2 server (confidence level: 100%)
hash8444	AsyncRAT botnet C2 server (confidence level: 100%)
hash3000	AsyncRAT botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash60000	Unknown malware botnet C2 server (confidence level: 100%)
hash60000	Unknown malware botnet C2 server (confidence level: 100%)
hash60000	Unknown malware botnet C2 server (confidence level: 100%)
hash1664	Nanocore RAT botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash33331	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash523	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash8000	MimiKatz botnet C2 server (confidence level: 100%)
hash443	TrickBot botnet C2 server (confidence level: 75%)
hash443	TrickBot botnet C2 server (confidence level: 75%)
hash443	TrickBot botnet C2 server (confidence level: 75%)
hash443	TrickBot botnet C2 server (confidence level: 75%)
hash443	TrickBot botnet C2 server (confidence level: 75%)
hash443	TrickBot botnet C2 server (confidence level: 75%)
hash443	TrickBot botnet C2 server (confidence level: 75%)
hash443	TrickBot botnet C2 server (confidence level: 75%)
hash443	TrickBot botnet C2 server (confidence level: 75%)
hash443	TrickBot botnet C2 server (confidence level: 75%)
hash443	TrickBot botnet C2 server (confidence level: 75%)
hash443	TrickBot botnet C2 server (confidence level: 75%)
hash443	TrickBot botnet C2 server (confidence level: 75%)
hash443	TrickBot botnet C2 server (confidence level: 75%)
hash443	TrickBot botnet C2 server (confidence level: 75%)
hash443	TrickBot botnet C2 server (confidence level: 75%)
hash443	TrickBot botnet C2 server (confidence level: 75%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hashc8c64113076101d13ee6dfad4ce1c934	Unknown malware payload (confidence level: 50%)
hash84b3d2b5c6ba0d6627e74c2c89f3b9a3	Unknown malware payload (confidence level: 50%)
hashbb62d73fcab6f29f95f9919e1dc0932c	Unknown malware payload (confidence level: 50%)
hash0f8b20c367c6cb2c2726a3495d1d8d28	Unknown malware payload (confidence level: 50%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Sliver botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash7707	AsyncRAT botnet C2 server (confidence level: 100%)
hash6606	AsyncRAT botnet C2 server (confidence level: 100%)
hash2053	Hook botnet C2 server (confidence level: 100%)
hash5938	Quasar RAT botnet C2 server (confidence level: 100%)
hash80	Brute Ratel C4 botnet C2 server (confidence level: 100%)
hash80	ERMAC botnet C2 server (confidence level: 100%)
hash443	GhostSocks botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash801	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2078	QakBot botnet C2 server (confidence level: 75%)
hash8847	AsyncRAT botnet C2 server (confidence level: 75%)
hash55600	vo1d botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2222	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash2004	AsyncRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Hook botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash4444	Havoc botnet C2 server (confidence level: 100%)
hash8443	Brute Ratel C4 botnet C2 server (confidence level: 100%)
hash55501	vo1d botnet C2 server (confidence level: 100%)
hash55590	vo1d botnet C2 server (confidence level: 100%)
hash55500	vo1d botnet C2 server (confidence level: 100%)
hash80	vo1d botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash55502	vo1d botnet C2 server (confidence level: 100%)
hash45111	Remcos botnet C2 server (confidence level: 75%)
hash443	FAKEUPDATES payload delivery server (confidence level: 75%)
hash443	ValleyRAT botnet C2 server (confidence level: 75%)
hash80	Lumma Stealer botnet C2 server (confidence level: 50%)
hash80	GCleaner botnet C2 server (confidence level: 75%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash10080	Xtreme RAT botnet C2 server (confidence level: 50%)
hash1337	DCRat botnet C2 server (confidence level: 50%)
hash80	Kimsuky botnet C2 server (confidence level: 50%)
hash2404	Remcos botnet C2 server (confidence level: 75%)
hash4443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash65503	DCRat botnet C2 server (confidence level: 100%)
hash80	MooBot botnet C2 server (confidence level: 100%)
hash30001	GhostSocks botnet C2 server (confidence level: 100%)
hash7777	Cobalt Strike botnet C2 server (confidence level: 50%)
hash7777	Unknown malware botnet C2 server (confidence level: 50%)
hash3333	Unknown malware botnet C2 server (confidence level: 50%)
hash3333	Unknown malware botnet C2 server (confidence level: 50%)
hash3333	Unknown malware botnet C2 server (confidence level: 50%)
hash9205	Unknown malware botnet C2 server (confidence level: 50%)
hash1177	NjRAT botnet C2 server (confidence level: 50%)
hash41555	Remcos botnet C2 server (confidence level: 50%)
hash38853	XWorm botnet C2 server (confidence level: 50%)
hash7723	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash1000	AsyncRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash5000	DCRat botnet C2 server (confidence level: 100%)

Domain

Value	Description	Copy
domainec2-18-138-195-208.ap-southeast-1.compute.amazonaws.com	Hook botnet C2 domain (confidence level: 100%)
domainoffice365.farmandconstructionequipment.com	Havoc botnet C2 domain (confidence level: 100%)
domainlesbian-stereo.gl.at.ply.gg	NjRAT botnet C2 domain (confidence level: 75%)
domaincloud1.amazehome.xyz	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainec2-54-68-184-184.us-west-2.compute.amazonaws.com	Havoc botnet C2 domain (confidence level: 100%)
domainec2-13-238-124-252.ap-southeast-2.compute.amazonaws.com	Havoc botnet C2 domain (confidence level: 100%)
domainforyoumedical.ddns.net	Nanocore RAT botnet C2 domain (confidence level: 100%)
domainqe.ap.4t.com	Vidar botnet C2 domain (confidence level: 100%)
domainzestmedo.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincontent.up-edu-mx.shop	Unknown malware botnet C2 domain (confidence level: 100%)
domainssl.up-edu-mx.shop	Unknown malware botnet C2 domain (confidence level: 100%)
domainwebmail.webprocediweb.com	Bashlite botnet C2 domain (confidence level: 100%)
domaincpanel.versioneonline.com	Bashlite botnet C2 domain (confidence level: 100%)
domaincpcontacts.m.web-app-on.com	Bashlite botnet C2 domain (confidence level: 100%)
domainlapsack.com	FAKEUPDATES payload delivery domain (confidence level: 100%)
domaingecsge4e1e5427f8.com	vo1d botnet C2 domain (confidence level: 100%)
domainaccounts.up-edu-mx.shop	Unknown malware botnet C2 domain (confidence level: 100%)
domainmyaccount.up-edu-mx.shop	Unknown malware botnet C2 domain (confidence level: 100%)
domainmyvrhost.viottoholdings.com	FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainyt3cvkj43ws.pages.dev	ClearFake payload delivery domain (confidence level: 100%)
domainnhgfdc-ok.pages.dev	ClearFake payload delivery domain (confidence level: 100%)
domain6rzj5pnk8zqwt.cfc-execute.bj.baidubce.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincf.jolttapestry.fun	Rhadamanthys payload delivery domain (confidence level: 100%)
domainqx.ap.4t.com	Vidar botnet C2 domain (confidence level: 75%)
domainopimendu.digital	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainh1.catnipreggae.shop	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaineasyfwdr.digital	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainreformzv.digital	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainhopezx.run	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainreboundui.live	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainpuerrogfh.live	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainquavabvc.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainfurthert.run	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainrambutanvcx.run	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaindemo.spfspassa.xyz	Unknown RAT botnet C2 domain (confidence level: 50%)
domainold.spfspassa.xyz	Unknown RAT botnet C2 domain (confidence level: 50%)
domaingbtx.duckdns.org	Unknown RAT botnet C2 domain (confidence level: 50%)
domaintransxx.duckdns.org	Unknown RAT botnet C2 domain (confidence level: 50%)
domaintexz.jhpublicaffairs.ie	Unknown RAT botnet C2 domain (confidence level: 50%)
domainzestyasd.run	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainrequesttendency.icu	Unknown Loader botnet C2 domain (confidence level: 100%)
domaincureboto.run	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainheavendie.no-ip.org	DarkComet botnet C2 domain (confidence level: 50%)
domainservice.neugumma.my	Mirai botnet C2 domain (confidence level: 50%)
domainofficer-nec.gl.at.ply.gg	Quasar RAT botnet C2 domain (confidence level: 50%)
domainnzobaku.ddns.net	Remcos botnet C2 domain (confidence level: 50%)
domainsomsom22.duckdns.org	Remcos botnet C2 domain (confidence level: 50%)
domainhosting10-38853.portmap.io	XWorm botnet C2 domain (confidence level: 50%)
domainlanguage-apnic.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domaintesifa-38287.portmap.io	XWorm botnet C2 domain (confidence level: 50%)

Url

Value	Description	Copy
urlhttp://117.217.128.103:50261/mozi.m	Mozi payload delivery URL (confidence level: 50%)
urlhttps://steamcommunity.com/profiles/76561199843252735	Vidar botnet C2 (confidence level: 100%)
urlhttps://t.me/f07nd	Vidar botnet C2 (confidence level: 100%)
urlhttps://qe.ap.4t.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://5.75.215.128/	Vidar botnet C2 (confidence level: 100%)
urlhttps://lapsack.com/3q7q.js	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://lapsack.com/js.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://cf.jolttapestry.fun/7456f63a46cc318334a70159aa3c4291	Rhadamanthys payload delivery URL (confidence level: 100%)
urlhttps://kjpuerrogfh.live/iqwez	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ltargett.top/dsangt	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://irambutanvcx.run/adioz	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://mfurthert.run/azpp	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://shiftmodh.run/doxz	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://modtunes.live/gooz	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://opimendu.digital/poqwe	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://zgplantainklj.run/opafg	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://enhancety.digital/kedi	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://fresheslam.run/qywix	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://almeida.clientepj.com/almeida/contador.php	Unknown Stealer botnet C2 (confidence level: 100%)
urlhttp://118.178.89.212:8888/supershell/login/	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://118.195.149.202:8888/supershell/login/	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://123.60.23.234:8888/supershell/login/	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://117.72.119.63:7088/supershell/login/	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://qtargett.top/dsangt	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://yarnwool.xyz/grun.php	Unknown Loader botnet C2 (confidence level: 100%)
urlhttp://requesttendency.icu/uri.php	Unknown Loader botnet C2 (confidence level: 100%)
urlhttp://requesttendency.icu/ury.php	Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://ak0amca.24secur.ru/	Unknown RAT payload delivery URL (confidence level: 50%)
urlhttps://m2ds.securessadownloads.ru/	Unknown RAT payload delivery URL (confidence level: 50%)
urlhttps://m2ds.securessadownloads.ru/s	Unknown RAT payload delivery URL (confidence level: 50%)
urlhttps://comnfigrationclientpanel.securessafiles.ru/	Unknown RAT payload delivery URL (confidence level: 50%)
urlhttps://zargleflump.x10.mx/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttp://login.securedmicrosoft365.com/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttp://api.securedmicrosoft365.com/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://palsmedq.run/agozn	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://cdn.securedmicrosoft365.com/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttp://storage.securedmicrosoft365.com/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://komi.cam/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://claim-pamp.fun/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://roomnum-998388.world/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://booking.complaintguest2.com/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://april-boking-recapt09993748.com/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://confirmbooking7.com/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://bookskkas.xyz/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://talentstack.icu/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://bookpartn.com/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://bookisnd.it.com/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://coinspaceteam.com/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://soubtcevent.com/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://appeal.wiki/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://pastebin.com/raw/g6gmyacm	XWorm botnet C2 (confidence level: 50%)
urlhttps://0targett.top/dsangt	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://2ywmedici.top/noagis	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://4rhxhube.run/pogrs	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://apuerrogfh.live/iqwez	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://easyfwdr.digital/azxs	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://fescapadue.live/spzkwq	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://furthert.run/azpp	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://jjrxsafer.top/shpaoz	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://nadvennture.top/gksiio	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://reformzv.digital/guud	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://upuerrogfh.live/iqwez	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://uywmedici.top/noagis	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://vquavabvc.top/iuzhd	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://travelilx.top/gskaiz	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://xplantainklj.run/opafg	Lumma Stealer botnet C2 (confidence level: 75%)

Threat ID: 682c7db4e8347ec82d2af512

Added to database: 5/20/2025, 1:03:48 PM

Last enriched: 6/19/2025, 2:50:16 PM

Last updated: 8/12/2025, 10:49:17 AM

Related Threats

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2025-04-07

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2025-04-07

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

File

Hash

Domain

Url

Related Threats

ThreatFox IOCs for 2025-08-12

Challenge for human and AI reverse engineers

A New Threat Actor Targeting Geopolitical Hotbeds

New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises

Russian-Linked Curly COMrades Deploy New MucorAgent Malware in Europe

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility