ThreatFox IOCs for 2025-04-08
Severity: mediumType: malware
ThreatFox IOCs for 2025-04-08
AI Analysis
Technical Summary
The provided information pertains to a malware-related threat identified as "ThreatFox IOCs for 2025-04-08." The threat is categorized under the 'type:osint' tag, indicating that it is related to open-source intelligence (OSINT) data collection or dissemination. The threat does not specify affected product versions, nor does it list any specific Common Weakness Enumerations (CWEs) or patch links, suggesting that it may be a newly identified or emerging threat with limited technical details publicly available. The threat level is indicated as 2 on an unspecified scale, with a medium severity rating assigned. The analysis and distribution metrics (1 and 3 respectively) imply that while the threat has been analyzed to some extent, its distribution is relatively widespread or notable. There are no known exploits in the wild, which suggests that active exploitation has not been observed or confirmed at the time of publication. The absence of indicators of compromise (IOCs) in the data limits the ability to identify specific attack vectors or payloads. Given the nature of OSINT-related malware, the threat likely involves the collection, aggregation, or misuse of publicly available information, potentially for reconnaissance or preparatory stages of cyberattacks. The lack of detailed technical data constrains a full technical breakdown, but the threat's classification as malware indicates it could involve malicious code designed to infiltrate systems, exfiltrate data, or facilitate further compromise.
Potential Impact
For European organizations, the potential impact of this OSINT-related malware threat could manifest primarily in the confidentiality and integrity domains. If the malware is designed to collect or manipulate open-source intelligence, it could be used to gather sensitive organizational information, leading to targeted attacks such as spear-phishing, social engineering, or supply chain compromises. The medium severity rating and lack of known exploits suggest that immediate widespread damage is unlikely; however, the threat could serve as a precursor to more severe attacks if leveraged effectively by threat actors. European organizations with significant digital footprints or those operating in sectors with high strategic value (e.g., finance, critical infrastructure, government) may face increased risk of reconnaissance and subsequent targeted intrusions. The absence of known exploits in the wild reduces the immediacy of risk but does not eliminate the potential for future exploitation. Additionally, the malware’s distribution metric indicates a moderate level of spread, which could increase exposure if not mitigated.
Mitigation Recommendations
Given the limited technical details, mitigation should focus on proactive and specific measures tailored to OSINT-related malware threats: 1) Enhance monitoring of network traffic and endpoints for unusual data aggregation activities that may indicate OSINT data collection attempts. 2) Implement strict access controls and data classification policies to limit exposure of sensitive information that could be harvested via OSINT techniques. 3) Conduct regular threat hunting exercises focusing on reconnaissance behaviors and anomalous OSINT-related activities within the network. 4) Educate employees on the risks of oversharing information on public platforms and enforce policies to minimize inadvertent data leakage. 5) Utilize threat intelligence feeds to stay updated on emerging OSINT malware indicators and adapt detection rules accordingly. 6) Deploy advanced endpoint detection and response (EDR) solutions capable of identifying suspicious processes related to data collection or exfiltration. 7) Segment networks to reduce the lateral movement potential if initial compromise occurs. These measures go beyond generic advice by targeting the specific nature of OSINT-related malware and its reconnaissance-driven modus operandi.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- domain: modgears.run
- url: https://lawofcjdj.com/4r6t.js
- domain: lawofcjdj.com
- url: https://lawofcjdj.com/js.php
- url: https://ciceksepetilove.com/zgzlztniythimjcx/
- url: https://erdalbesikc123iler.com/zgzlztniythimjcx/
- url: https://effyleydi2020.com/zgzlztniythimjcx/
- url: https://karamelpeteksepet1.com/zgzlztniythimjcx/
- url: https://mutfakcinecolar.com/zgzlztniythimjcx/
- domain: cdn.horse-shadow-key.vip
- domain: securityverifservice.com
- domain: captcha-verify-9h5v.com
- domain: syflejkmurbsdwp.top
- domain: jdjmdlalamlcgfh.top
- file: 196.119.226.177
- hash: 1604
- file: 128.90.113.204
- hash: 8808
- file: 178.128.246.187
- hash: 7443
- file: 167.99.66.81
- hash: 7443
- file: 174.113.16.60
- hash: 9601
- domain: ec2-13-61-8-192.eu-north-1.compute.amazonaws.com
- file: 157.20.182.72
- hash: 4449
- file: 157.20.182.70
- hash: 4449
- file: 3.128.25.18
- hash: 8081
- file: 165.22.17.157
- hash: 8080
- file: 58.215.146.108
- hash: 54681
- file: 128.90.106.201
- hash: 4000
- file: 181.41.201.142
- hash: 80
- file: 45.83.143.163
- hash: 80
- file: 45.83.143.163
- hash: 8089
- domain: 23-227-199-59.static.hvvc.us
- file: 45.88.186.118
- hash: 2404
- file: 5.181.157.176
- hash: 33389
- file: 5.181.157.69
- hash: 33389
- file: 103.118.244.27
- hash: 8000
- file: 117.72.70.150
- hash: 60000
- file: 147.45.165.185
- hash: 80
- file: 104.168.114.162
- hash: 53333
- file: 51.38.48.205
- hash: 443
- file: 83.142.124.238
- hash: 3333
- file: 38.55.198.143
- hash: 8333
- file: 155.138.213.165
- hash: 443
- file: 134.209.171.89
- hash: 443
- file: 18.225.17.67
- hash: 8443
- file: 3.109.51.37
- hash: 8080
- file: 3.148.33.201
- hash: 443
- file: 3.125.192.194
- hash: 443
- file: 23.20.184.113
- hash: 3333
- file: 69.62.123.142
- hash: 8080
- file: 149.248.52.199
- hash: 3333
- file: 41.226.107.176
- hash: 443
- file: 125.24.175.85
- hash: 7443
- file: 102.96.148.166
- hash: 443
- domain: autodiscover.d.ora-0-web.com
- domain: cpcontacts.d.multi-canale.com
- url: http://volcanobusiness.icu/art.php
- url: http://quillexperience.icu/jump.php
- url: http://writingdrink.icu/ury.php
- url: http://writingdrink.icu/uri.php
- domain: keyhall.icu
- domain: marc5858asyn.duckdns.org
- file: 195.186.208.193
- hash: 5858
- file: 47.238.112.35
- hash: 18443
- file: 134.175.220.144
- hash: 80
- file: 23.95.108.174
- hash: 8990
- file: 154.44.28.115
- hash: 18443
- file: 103.27.108.111
- hash: 18443
- file: 144.172.86.64
- hash: 8443
- file: 34.176.88.29
- hash: 3333
- file: 179.1.230.38
- hash: 3333
- domain: q32o084df.duckdns.org
- file: 211.197.164.131
- hash: 6000
- file: 52.10.229.69
- hash: 11112
- file: 159.89.108.174
- hash: 31337
- file: 45.81.23.63
- hash: 443
- file: 188.137.68.141
- hash: 80
- file: 3.36.68.12
- hash: 1521
- file: 194.219.181.40
- hash: 3030
- domain: brkksylunm.duckdns.org
- domain: srlyxktyxm.duckdns.org
- file: 104.250.169.3
- hash: 18970
- url: https://chasegiveaway.site/
- url: https://www.captcha-cf.com/?__cf_chl_tk=wwwrkjoq_dpn539dtgexyvwpvsjiwwjyvo4yk97vylcbww3dl0s.klqn39sh021b4c_w9su_nq310rwm-1744050690-1.0.1.1-cjpxmfiaynw.q9h5nee7
- domain: transporting-displays.with.playit.plus
- domain: joyousczx.live
- domain: palpableafs.live
- domain: advancesg.live
- domain: bragawhitx.duckdns.org
- domain: grebolugvtx.duckdns.org
- file: 172.94.9.134
- hash: 19700
- file: 46.246.80.71
- hash: 7044
- file: 192.169.69.26
- hash: 52190
- url: https://ezdoll.shop/onematchfun.ogg
- domain: ezdoll.shop
- domain: ototoiititiakkfkfk.com
- url: https://qd.ap.4t.com/
- domain: qd.ap.4t.com
- url: https://cometasr.shop/kaskizo
- url: https://itouvrlane.bet/askwjq
- url: http://d3f5.online/tl341/index.php
- url: https://lholidamyup.today/aozkns
- url: https://vwxayfarer.live/alosnz
- file: 196.251.92.11
- hash: 1912
- file: 39.105.18.86
- hash: 443
- file: 8.156.75.252
- hash: 8081
- file: 144.202.42.37
- hash: 2003
- file: 94.159.113.152
- hash: 80
- file: 45.81.23.64
- hash: 443
- file: 18.136.73.1
- hash: 80
- file: 13.60.192.44
- hash: 4782
- file: 23.137.104.78
- hash: 4000
- domain: cpanel.a.ora-0-web.com
- file: 8.134.106.98
- hash: 87
- file: 8.134.106.98
- hash: 84
- file: 160.191.243.33
- hash: 2023
- file: 62.60.235.90
- hash: 42555
- file: 23.175.50.123
- hash: 5884
- file: 194.0.234.223
- hash: 8080
- domain: check.riced.icu
- url: https://check.riced.icu/gkcxv.google
- file: 206.123.152.101
- hash: 3399
- file: 204.10.161.147
- hash: 5009
- file: 45.77.133.111
- hash: 50050
- file: 43.143.114.43
- hash: 443
- file: 46.8.225.251
- hash: 31337
- file: 38.55.124.179
- hash: 31337
- file: 95.125.152.200
- hash: 6000
- file: 45.145.228.80
- hash: 9333
- url: http://45.83.143.163/
- url: https://kicklive.cc/
- url: https://api.telegram.org/bot7843184775:aahobe0-fzn1xu2pdbhbohnzf23tev9nlak/
- url: https://pastebin.com/raw/aevgd2nn
- domain: rhrexa.duckdns.org
- file: 34.173.63.153
- hash: 963
- url: http://www.0red.xyz/u02r/
- url: http://www.17pcuo430r.shop/u02r/
- url: http://www.1garagedoor.online/u02r/
- url: http://www.abysitter-service-97519.bond/u02r/
- url: http://www.admachin3.shop/u02r/
- url: http://www.ainsdrop.fun/u02r/
- url: http://www.akeit.studio/u02r/
- url: http://www.ampmonkey.net/u02r/
- url: http://www.apitalentryplussteerhubweb.xyz/u02r/
- url: http://www.arbary.shop/u02r/
- url: http://www.atchband.info/u02r/
- url: http://www.atlx.net/u02r/
- url: http://www.azete.biz/u02r/
- url: http://www.bbabet.pro/u02r/
- url: http://www.cnba77.sbs/u02r/
- url: http://www.esignsmith.online/u02r/
- url: http://www.esturist.website/u02r/
- url: http://www.ewsinprague.click/u02r/
- url: http://www.eyn.ltd/u02r/
- url: http://www.givens.info/u02r/
- url: http://www.gresale.net/u02r/
- url: http://www.gvyv.cfd/u02r/
- url: http://www.hewagonbox.club/u02r/
- url: http://www.iabetgirisi.net/u02r/
- url: http://www.iamtemp2.online/u02r/
- url: http://www.igeast.xyz/u02r/
- url: http://www.isspoppydesignava.shop/u02r/
- url: http://www.itchellstreamhub.online/u02r/
- url: http://www.ivevr.online/u02r/
- url: http://www.lexavegaspgs22.club/u02r/
- url: http://www.linkcopilots.xyz/u02r/
- url: http://www.llaadharservices.shop/u02r/
- url: http://www.mescorp.online/u02r/
- url: http://www.metrxip.online/u02r/
- url: http://www.mployment-lawyer-near-me.cfd/u02r/
- url: http://www.ngineering-near-me.cfd/u02r/
- url: http://www.nimesyentai.biz/u02r/
- url: http://www.nline-advertising-23082.bond/u02r/
- url: http://www.nventory-software-74785.bond/u02r/
- url: http://www.oans-credits-97557.bond/u02r/
- url: http://www.obcases.online/u02r/
- url: http://www.ocy1f.shop/u02r/
- url: http://www.olehavenq.shop/u02r/
- url: http://www.omevisionpro.online/u02r/
- url: http://www.oolplusservis.online/u02r/
- url: http://www.or-yes.info/u02r/
- url: http://www.orcerush.xyz/u02r/
- url: http://www.orldofconsumption.shop/u02r/
- url: http://www.ouse-cleaning-us-6811.shop/u02r/
- url: http://www.pin-win-bonanza.xyz/u02r/
- url: http://www.pinrqube.shop/u02r/
- url: http://www.playcash.fun/u02r/
- url: http://www.portsterminal.xyz/u02r/
- url: http://www.rain-pipe-cleaning-4530.bond/u02r/
- url: http://www.rbitsgateway.xyz/u02r/
- url: http://www.reamcloudpoint.sbs/u02r/
- url: http://www.remlinclub.online/u02r/
- url: http://www.riplead.shop/u02r/
- url: http://www.rvoyager.xyz/u02r/
- url: http://www.ursing-home-51.bond/u02r/
- url: http://www.usshelter.net/u02r/
- url: http://www.vitream4.online/u02r/
- url: http://www.wanttoliveathelena57west.net/u02r/
- url: http://www.zd.online/u02r/
- domain: www.-design.tech
- domain: www.0red.xyz
- domain: www.17pcuo430r.shop
- domain: www.1garagedoor.online
- domain: www.abysitter-service-97519.bond
- domain: www.admachin3.shop
- domain: www.ainsdrop.fun
- domain: www.akeit.studio
- domain: www.ampmonkey.net
- domain: www.apitalentryplussteerhubweb.xyz
- domain: www.arbary.shop
- domain: www.atchband.info
- domain: www.atlx.net
- domain: www.azete.biz
- domain: www.bbabet.pro
- domain: www.cnba77.sbs
- domain: www.esignsmith.online
- domain: www.esturist.website
- domain: www.ewsinprague.click
- domain: www.eyn.ltd
- domain: www.givens.info
- domain: www.gresale.net
- domain: www.gvyv.cfd
- domain: www.hewagonbox.club
- domain: www.iabetgirisi.net
- domain: www.iamtemp2.online
- domain: www.igeast.xyz
- domain: www.isspoppydesignava.shop
- domain: www.itchellstreamhub.online
- domain: www.ivevr.online
- domain: www.lexavegaspgs22.club
- domain: www.linkcopilots.xyz
- domain: www.llaadharservices.shop
- domain: www.mescorp.online
- domain: www.metrxip.online
- domain: www.mployment-lawyer-near-me.cfd
- domain: www.ngineering-near-me.cfd
- domain: www.nimesyentai.biz
- domain: www.nline-advertising-23082.bond
- domain: www.nventory-software-74785.bond
- domain: www.oans-credits-97557.bond
- domain: www.obcases.online
- domain: www.ocy1f.shop
- domain: www.olehavenq.shop
- domain: www.omevisionpro.online
- domain: www.oolplusservis.online
- domain: www.or-yes.info
- domain: www.orcerush.xyz
- domain: www.orldofconsumption.shop
- domain: www.ouse-cleaning-us-6811.shop
- domain: www.pin-win-bonanza.xyz
- domain: www.pinrqube.shop
- domain: www.playcash.fun
- domain: www.portsterminal.xyz
- domain: www.rain-pipe-cleaning-4530.bond
- domain: www.rbitsgateway.xyz
- domain: www.reamcloudpoint.sbs
- domain: www.remlinclub.online
- domain: www.riplead.shop
- domain: www.rvoyager.xyz
- domain: www.ursing-home-51.bond
- domain: www.vitream4.online
- domain: www.wanttoliveathelena57west.net
- domain: www.zd.online
- domain: sixtyfivevsb.ydns.eu
- domain: thirtyfivevs.crabdance.com
- domain: ikechi2.duckdns.org
- domain: oni22.duckdns.org
- file: 185.82.126.3
- hash: 4444
- file: 47.121.191.208
- hash: 88
- file: 23.95.193.207
- hash: 2053
- file: 46.31.77.178
- hash: 80
- file: 172.111.137.165
- hash: 46167
- file: 5.181.157.69
- hash: 21
- file: 149.81.74.204
- hash: 443
- file: 157.173.198.175
- hash: 443
- file: 85.215.173.244
- hash: 8000
- file: 107.175.209.187
- hash: 8443
- file: 128.90.106.149
- hash: 4000
- file: 34.170.74.230
- hash: 7443
- file: 84.21.173.243
- hash: 80
- file: 80.211.202.226
- hash: 443
- file: 34.217.16.27
- hash: 16992
- file: 34.226.138.182
- hash: 29667
- file: 13.57.217.123
- hash: 32107
- file: 45.192.215.195
- hash: 808
- domain: xai830k.com
- file: 94.176.45.152
- hash: 8000
- file: 89.238.176.13
- hash: 80
- domain: customer.adroitbookkeepingsolutions.com
- file: 216.9.225.168
- hash: 13498
- file: 216.9.225.168
- hash: 14646
- file: 216.9.225.168
- hash: 14656
- file: 216.9.225.168
- hash: 14658
- url: https://leasyfwdr.digital/azxs
- url: https://salaccgfa.top/gsooz
- url: https://soursopsf.run/gsoiao
- file: 3.127.253.86
- hash: 12981
- file: 52.28.112.211
- hash: 12981
- file: 35.158.159.254
- hash: 12981
- domain: booking.partner-id345871.com
- url: https://gsejewelers.com/5r3e.js
- domain: gsejewelers.com
- url: https://gsejewelers.com/js.php
- domain: soursopsf.run
- file: 91.219.238.207
- hash: 7000
- url: https://nelsonsys.com/5y7y.js
- domain: nelsonsys.com
- url: https://nelsonsys.com/js.php
- domain: check.zatij.icu
- url: https://check.zatij.icu/gkcxv.google
- url: https://check.wejyj.icu/gkcxv.google
- domain: check.wejyj.icu
- url: http://20.89.182.93:8888/supershell/login/
- url: https://gsejewelers.com/4e2w.js
- domain: check.novax.icu
- file: 20.197.8.128
- hash: 7771
- file: 185.39.19.51
- hash: 423
- file: 117.72.84.144
- hash: 443
- file: 119.45.178.251
- hash: 8888
- file: 62.234.24.38
- hash: 8089
- file: 120.76.158.8
- hash: 80
- file: 172.111.162.219
- hash: 80
- file: 20.77.64.172
- hash: 7443
- file: 154.61.76.233
- hash: 8080
- file: 196.189.21.66
- hash: 443
- file: 187.112.166.60
- hash: 7000
- file: 213.226.127.102
- hash: 8085
- file: 62.60.226.84
- hash: 19000
- file: 185.39.19.50
- hash: 423
- file: 185.39.19.50
- hash: 430
- file: 185.39.19.50
- hash: 426
- file: 185.39.19.51
- hash: 425
- file: 185.39.19.50
- hash: 425
- file: 185.39.19.50
- hash: 420
- file: 185.39.19.51
- hash: 416
- file: 185.39.19.51
- hash: 426
- file: 185.39.19.51
- hash: 422
- file: 185.39.19.51
- hash: 421
- file: 185.39.19.50
- hash: 427
- file: 185.39.19.50
- hash: 428
- file: 185.39.19.50
- hash: 422
- file: 185.39.19.51
- hash: 431
- file: 185.39.19.50
- hash: 419
- file: 185.39.19.51
- hash: 419
- file: 185.39.19.51
- hash: 424
- file: 14.128.37.56
- hash: 9443
- file: 115.120.236.12
- hash: 8002
- file: 106.53.44.15
- hash: 8001
- file: 115.120.232.177
- hash: 7788
- file: 119.29.229.212
- hash: 8002
- file: 194.33.42.144
- hash: 31337
- file: 103.30.76.254
- hash: 31337
- file: 51.158.120.162
- hash: 31337
- file: 162.254.85.213
- hash: 8085
- file: 123.60.12.89
- hash: 8002
- file: 122.51.65.190
- hash: 8841
- url: https://zestmedo.top/login
- url: https://lum-market.fun/
- url: https://roomsvisitor999837.world/
- url: https://youtube-watch-vwt16hzkwhdy.com/
- url: https://api.telegram.org/bot7082905567:aafthqun2usor5wt8zctytgzcefonxulr-a/
- file: 135.0.42.37
- hash: 5552
- domain: check.maxec.icu
- domain: check.doguw.icu
- domain: check.sanyq.icu
- domain: check.xelan.icu
- domain: check.fenin.icu
- domain: check.jetex.icu
- domain: check.kosif.icu
- domain: check.fihoj.icu
- domain: check.bumac.icu
- domain: check.togez.icu
- domain: check.botuh.icu
- domain: check.hydod.icu
- domain: check.zixit.icu
- domain: check.nafih.icu
- domain: check.vexij.icu
- domain: check.zuxod.icu
- domain: check.gedub.icu
- domain: check.sosys.icu
- domain: check.buzaq.icu
- domain: check.cepax.icu
- domain: check.lemaw.icu
- domain: check.jyheq.icu
- domain: check.gibal.icu
- domain: check.cixop.icu
- domain: check.sorix.icu
- domain: check.dazyc.icu
- domain: check.qaxyn.icu
- domain: check.pijuk.icu
- domain: check.poxuv.icu
- domain: check.cymyv.icu
- domain: check.giriq.icu
- domain: check.bukuu.icu
- domain: check.nuxiy.icu
- domain: check.xamuy.icu
- domain: check.lafae.icu
- domain: check.rajuy.icu
- domain: check.gihua.icu
- domain: check.donau.icu
- domain: check.dobai.icu
- domain: check.lacoa.icu
- domain: check.kywau.icu
- domain: check.dasoc.icu
- domain: check.zaqob.icu
- domain: check.xuxyf.icu
- domain: check.wewit.icu
- domain: check.kedep.icu
- domain: check.gekan.icu
- domain: check.riced.icu
- domain: check.zatij.icu
- domain: check.wejyj.icu
- file: 162.14.110.82
- hash: 443
- file: 149.104.26.224
- hash: 80
- file: 104.249.131.230
- hash: 2404
- file: 49.113.77.114
- hash: 8888
- file: 196.251.81.25
- hash: 5345
- file: 196.251.88.44
- hash: 80
- file: 18.141.22.174
- hash: 80
- file: 165.73.102.186
- hash: 443
- file: 185.232.204.60
- hash: 80
- url: https://check.nikys.icu/gkcxv.google
ThreatFox IOCs for 2025-04-08
Medium
Published: Tue Apr 08 2025 (04/08/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-04-08
AI-Powered Analysis
AILast updated: 06/19/2025, 15:03:30 UTC
Technical Analysis
The provided information pertains to a malware-related threat identified as "ThreatFox IOCs for 2025-04-08." The threat is categorized under the 'type:osint' tag, indicating that it is related to open-source intelligence (OSINT) data collection or dissemination. The threat does not specify affected product versions, nor does it list any specific Common Weakness Enumerations (CWEs) or patch links, suggesting that it may be a newly identified or emerging threat with limited technical details publicly available. The threat level is indicated as 2 on an unspecified scale, with a medium severity rating assigned. The analysis and distribution metrics (1 and 3 respectively) imply that while the threat has been analyzed to some extent, its distribution is relatively widespread or notable. There are no known exploits in the wild, which suggests that active exploitation has not been observed or confirmed at the time of publication. The absence of indicators of compromise (IOCs) in the data limits the ability to identify specific attack vectors or payloads. Given the nature of OSINT-related malware, the threat likely involves the collection, aggregation, or misuse of publicly available information, potentially for reconnaissance or preparatory stages of cyberattacks. The lack of detailed technical data constrains a full technical breakdown, but the threat's classification as malware indicates it could involve malicious code designed to infiltrate systems, exfiltrate data, or facilitate further compromise.
Potential Impact
For European organizations, the potential impact of this OSINT-related malware threat could manifest primarily in the confidentiality and integrity domains. If the malware is designed to collect or manipulate open-source intelligence, it could be used to gather sensitive organizational information, leading to targeted attacks such as spear-phishing, social engineering, or supply chain compromises. The medium severity rating and lack of known exploits suggest that immediate widespread damage is unlikely; however, the threat could serve as a precursor to more severe attacks if leveraged effectively by threat actors. European organizations with significant digital footprints or those operating in sectors with high strategic value (e.g., finance, critical infrastructure, government) may face increased risk of reconnaissance and subsequent targeted intrusions. The absence of known exploits in the wild reduces the immediacy of risk but does not eliminate the potential for future exploitation. Additionally, the malware’s distribution metric indicates a moderate level of spread, which could increase exposure if not mitigated.
Mitigation Recommendations
Given the limited technical details, mitigation should focus on proactive and specific measures tailored to OSINT-related malware threats: 1) Enhance monitoring of network traffic and endpoints for unusual data aggregation activities that may indicate OSINT data collection attempts. 2) Implement strict access controls and data classification policies to limit exposure of sensitive information that could be harvested via OSINT techniques. 3) Conduct regular threat hunting exercises focusing on reconnaissance behaviors and anomalous OSINT-related activities within the network. 4) Educate employees on the risks of oversharing information on public platforms and enforce policies to minimize inadvertent data leakage. 5) Utilize threat intelligence feeds to stay updated on emerging OSINT malware indicators and adapt detection rules accordingly. 6) Deploy advanced endpoint detection and response (EDR) solutions capable of identifying suspicious processes related to data collection or exfiltration. 7) Segment networks to reduce the lateral movement potential if initial compromise occurs. These measures go beyond generic advice by targeting the specific nature of OSINT-related malware and its reconnaissance-driven modus operandi.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 5041a6dd-07f9-4c82-b170-d439e78474ab
- Original Timestamp
- 1744156986
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainmodgears.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainlawofcjdj.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaincdn.horse-shadow-key.vip | ClearFake payload delivery domain (confidence level: 100%) | |
domainsecurityverifservice.com | ClearFake payload delivery domain (confidence level: 100%) | |
domaincaptcha-verify-9h5v.com | ClearFake payload delivery domain (confidence level: 100%) | |
domainsyflejkmurbsdwp.top | MintsLoader botnet C2 domain (confidence level: 75%) | |
domainjdjmdlalamlcgfh.top | MintsLoader botnet C2 domain (confidence level: 75%) | |
domainec2-13-61-8-192.eu-north-1.compute.amazonaws.com | Havoc botnet C2 domain (confidence level: 100%) | |
domain23-227-199-59.static.hvvc.us | Havoc botnet C2 domain (confidence level: 100%) | |
domainautodiscover.d.ora-0-web.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.d.multi-canale.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainkeyhall.icu | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domainmarc5858asyn.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainq32o084df.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainbrkksylunm.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domainsrlyxktyxm.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domaintransporting-displays.with.playit.plus | XWorm botnet C2 domain (confidence level: 50%) | |
domainjoyousczx.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainpalpableafs.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainadvancesg.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainbragawhitx.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domaingrebolugvtx.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domainezdoll.shop | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domainototoiititiakkfkfk.com | ClearFake payload delivery domain (confidence level: 100%) | |
domainqd.ap.4t.com | Vidar botnet C2 domain (confidence level: 100%) | |
domaincpanel.a.ora-0-web.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domaincheck.riced.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainrhrexa.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainwww.-design.tech | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.0red.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.17pcuo430r.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.1garagedoor.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.abysitter-service-97519.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.admachin3.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ainsdrop.fun | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.akeit.studio | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ampmonkey.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.apitalentryplussteerhubweb.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.arbary.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.atchband.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.atlx.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.azete.biz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.bbabet.pro | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.cnba77.sbs | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.esignsmith.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.esturist.website | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ewsinprague.click | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.eyn.ltd | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.givens.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.gresale.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.gvyv.cfd | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.hewagonbox.club | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.iabetgirisi.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.iamtemp2.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.igeast.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.isspoppydesignava.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.itchellstreamhub.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ivevr.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.lexavegaspgs22.club | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.linkcopilots.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.llaadharservices.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.mescorp.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.metrxip.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.mployment-lawyer-near-me.cfd | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ngineering-near-me.cfd | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.nimesyentai.biz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.nline-advertising-23082.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.nventory-software-74785.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.oans-credits-97557.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.obcases.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ocy1f.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.olehavenq.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.omevisionpro.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.oolplusservis.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.or-yes.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.orcerush.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.orldofconsumption.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ouse-cleaning-us-6811.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.pin-win-bonanza.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.pinrqube.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.playcash.fun | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.portsterminal.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.rain-pipe-cleaning-4530.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.rbitsgateway.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.reamcloudpoint.sbs | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.remlinclub.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.riplead.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.rvoyager.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ursing-home-51.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.vitream4.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.wanttoliveathelena57west.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.zd.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainsixtyfivevsb.ydns.eu | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainthirtyfivevs.crabdance.com | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainikechi2.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainoni22.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainxai830k.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincustomer.adroitbookkeepingsolutions.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainbooking.partner-id345871.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domaingsejewelers.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainsoursopsf.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainnelsonsys.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaincheck.zatij.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.wejyj.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.novax.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.maxec.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.doguw.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.sanyq.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.xelan.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.fenin.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.jetex.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.kosif.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.fihoj.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.bumac.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.togez.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.botuh.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.hydod.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.zixit.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.nafih.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.vexij.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.zuxod.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.gedub.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.sosys.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.buzaq.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.cepax.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.lemaw.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.jyheq.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.gibal.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.cixop.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.sorix.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.dazyc.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.qaxyn.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.pijuk.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.poxuv.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.cymyv.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.giriq.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.bukuu.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.nuxiy.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.xamuy.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.lafae.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.rajuy.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.gihua.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.donau.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.dobai.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.lacoa.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.kywau.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.dasoc.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.zaqob.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.xuxyf.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.wewit.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.kedep.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.gekan.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.riced.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.zatij.icu | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.wejyj.icu | ClearFake botnet C2 domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://lawofcjdj.com/4r6t.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://lawofcjdj.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://ciceksepetilove.com/zgzlztniythimjcx/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://erdalbesikc123iler.com/zgzlztniythimjcx/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://effyleydi2020.com/zgzlztniythimjcx/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://karamelpeteksepet1.com/zgzlztniythimjcx/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://mutfakcinecolar.com/zgzlztniythimjcx/ | Coper botnet C2 (confidence level: 80%) | |
urlhttp://volcanobusiness.icu/art.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttp://quillexperience.icu/jump.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttp://writingdrink.icu/ury.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttp://writingdrink.icu/uri.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttps://chasegiveaway.site/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://www.captcha-cf.com/?__cf_chl_tk=wwwrkjoq_dpn539dtgexyvwpvsjiwwjyvo4yk97vylcbww3dl0s.klqn39sh021b4c_w9su_nq310rwm-1744050690-1.0.1.1-cjpxmfiaynw.q9h5nee7 | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://ezdoll.shop/onematchfun.ogg | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://qd.ap.4t.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://cometasr.shop/kaskizo | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://itouvrlane.bet/askwjq | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://d3f5.online/tl341/index.php | Azorult botnet C2 (confidence level: 75%) | |
urlhttps://lholidamyup.today/aozkns | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://vwxayfarer.live/alosnz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://check.riced.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://45.83.143.163/ | Hook botnet C2 (confidence level: 50%) | |
urlhttps://kicklive.cc/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://api.telegram.org/bot7843184775:aahobe0-fzn1xu2pdbhbohnzf23tev9nlak/ | Agent Tesla botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/raw/aevgd2nn | AsyncRAT botnet C2 (confidence level: 50%) | |
urlhttp://www.0red.xyz/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.17pcuo430r.shop/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.1garagedoor.online/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.abysitter-service-97519.bond/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.admachin3.shop/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ainsdrop.fun/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.akeit.studio/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ampmonkey.net/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.apitalentryplussteerhubweb.xyz/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.arbary.shop/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.atchband.info/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.atlx.net/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.azete.biz/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.bbabet.pro/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.cnba77.sbs/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.esignsmith.online/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.esturist.website/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ewsinprague.click/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.eyn.ltd/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.givens.info/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.gresale.net/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.gvyv.cfd/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.hewagonbox.club/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.iabetgirisi.net/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.iamtemp2.online/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.igeast.xyz/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.isspoppydesignava.shop/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.itchellstreamhub.online/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ivevr.online/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.lexavegaspgs22.club/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.linkcopilots.xyz/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.llaadharservices.shop/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.mescorp.online/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.metrxip.online/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.mployment-lawyer-near-me.cfd/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ngineering-near-me.cfd/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nimesyentai.biz/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nline-advertising-23082.bond/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nventory-software-74785.bond/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.oans-credits-97557.bond/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.obcases.online/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ocy1f.shop/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.olehavenq.shop/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.omevisionpro.online/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.oolplusservis.online/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.or-yes.info/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.orcerush.xyz/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.orldofconsumption.shop/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ouse-cleaning-us-6811.shop/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.pin-win-bonanza.xyz/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.pinrqube.shop/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.playcash.fun/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.portsterminal.xyz/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rain-pipe-cleaning-4530.bond/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rbitsgateway.xyz/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.reamcloudpoint.sbs/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.remlinclub.online/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.riplead.shop/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rvoyager.xyz/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ursing-home-51.bond/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.usshelter.net/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.vitream4.online/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.wanttoliveathelena57west.net/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.zd.online/u02r/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttps://leasyfwdr.digital/azxs | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://salaccgfa.top/gsooz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://soursopsf.run/gsoiao | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://gsejewelers.com/5r3e.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://gsejewelers.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://nelsonsys.com/5y7y.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://nelsonsys.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://check.zatij.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.wejyj.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://20.89.182.93:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://gsejewelers.com/4e2w.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://zestmedo.top/login | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://lum-market.fun/ | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://roomsvisitor999837.world/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://youtube-watch-vwt16hzkwhdy.com/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://api.telegram.org/bot7082905567:aafthqun2usor5wt8zctytgzcefonxulr-a/ | Agent Tesla botnet C2 (confidence level: 50%) | |
urlhttps://check.nikys.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file196.119.226.177 | DarkComet botnet C2 server (confidence level: 100%) | |
file128.90.113.204 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file178.128.246.187 | Unknown malware botnet C2 server (confidence level: 100%) | |
file167.99.66.81 | Unknown malware botnet C2 server (confidence level: 100%) | |
file174.113.16.60 | Unknown malware botnet C2 server (confidence level: 100%) | |
file157.20.182.72 | Venom RAT botnet C2 server (confidence level: 100%) | |
file157.20.182.70 | Venom RAT botnet C2 server (confidence level: 100%) | |
file3.128.25.18 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file165.22.17.157 | ERMAC botnet C2 server (confidence level: 100%) | |
file58.215.146.108 | Chaos botnet C2 server (confidence level: 100%) | |
file128.90.106.201 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file181.41.201.142 | Hook botnet C2 server (confidence level: 100%) | |
file45.83.143.163 | Hook botnet C2 server (confidence level: 100%) | |
file45.83.143.163 | Hook botnet C2 server (confidence level: 100%) | |
file45.88.186.118 | Remcos botnet C2 server (confidence level: 100%) | |
file5.181.157.176 | Remcos botnet C2 server (confidence level: 100%) | |
file5.181.157.69 | Remcos botnet C2 server (confidence level: 100%) | |
file103.118.244.27 | Sliver botnet C2 server (confidence level: 100%) | |
file117.72.70.150 | Unknown malware botnet C2 server (confidence level: 100%) | |
file147.45.165.185 | Unknown malware botnet C2 server (confidence level: 100%) | |
file104.168.114.162 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.38.48.205 | Unknown malware botnet C2 server (confidence level: 100%) | |
file83.142.124.238 | Unknown malware botnet C2 server (confidence level: 100%) | |
file38.55.198.143 | Unknown malware botnet C2 server (confidence level: 100%) | |
file155.138.213.165 | Unknown malware botnet C2 server (confidence level: 100%) | |
file134.209.171.89 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.225.17.67 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.109.51.37 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.148.33.201 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.125.192.194 | Unknown malware botnet C2 server (confidence level: 100%) | |
file23.20.184.113 | Unknown malware botnet C2 server (confidence level: 100%) | |
file69.62.123.142 | Unknown malware botnet C2 server (confidence level: 100%) | |
file149.248.52.199 | Unknown malware botnet C2 server (confidence level: 100%) | |
file41.226.107.176 | QakBot botnet C2 server (confidence level: 100%) | |
file125.24.175.85 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file102.96.148.166 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file195.186.208.193 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file47.238.112.35 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file134.175.220.144 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file23.95.108.174 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file154.44.28.115 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file103.27.108.111 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file144.172.86.64 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file34.176.88.29 | Unknown malware botnet C2 server (confidence level: 50%) | |
file179.1.230.38 | Unknown malware botnet C2 server (confidence level: 50%) | |
file211.197.164.131 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file52.10.229.69 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file159.89.108.174 | Sliver botnet C2 server (confidence level: 50%) | |
file45.81.23.63 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file188.137.68.141 | Ghost RAT botnet C2 server (confidence level: 50%) | |
file3.36.68.12 | Unknown malware botnet C2 server (confidence level: 50%) | |
file194.219.181.40 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file104.250.169.3 | XWorm botnet C2 server (confidence level: 75%) | |
file172.94.9.134 | XWorm botnet C2 server (confidence level: 75%) | |
file46.246.80.71 | Houdini botnet C2 server (confidence level: 75%) | |
file192.169.69.26 | Remcos botnet C2 server (confidence level: 75%) | |
file196.251.92.11 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file39.105.18.86 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.156.75.252 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file144.202.42.37 | Remcos botnet C2 server (confidence level: 100%) | |
file94.159.113.152 | Matanbuchus botnet C2 server (confidence level: 100%) | |
file45.81.23.64 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file18.136.73.1 | Hook botnet C2 server (confidence level: 100%) | |
file13.60.192.44 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file23.137.104.78 | Unknown malware botnet C2 server (confidence level: 100%) | |
file8.134.106.98 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.134.106.98 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file160.191.243.33 | MooBot botnet C2 server (confidence level: 75%) | |
file62.60.235.90 | Remcos botnet C2 server (confidence level: 75%) | |
file23.175.50.123 | Remcos botnet C2 server (confidence level: 75%) | |
file194.0.234.223 | Mirai botnet C2 server (confidence level: 75%) | |
file206.123.152.101 | XWorm botnet C2 server (confidence level: 75%) | |
file204.10.161.147 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.77.133.111 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file43.143.114.43 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file46.8.225.251 | Sliver botnet C2 server (confidence level: 50%) | |
file38.55.124.179 | Sliver botnet C2 server (confidence level: 50%) | |
file95.125.152.200 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file45.145.228.80 | Unknown malware botnet C2 server (confidence level: 50%) | |
file34.173.63.153 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file185.82.126.3 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.121.191.208 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.95.193.207 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file46.31.77.178 | DarkComet botnet C2 server (confidence level: 100%) | |
file172.111.137.165 | Remcos botnet C2 server (confidence level: 100%) | |
file5.181.157.69 | Remcos botnet C2 server (confidence level: 100%) | |
file149.81.74.204 | Sliver botnet C2 server (confidence level: 100%) | |
file157.173.198.175 | Sliver botnet C2 server (confidence level: 100%) | |
file85.215.173.244 | Sliver botnet C2 server (confidence level: 100%) | |
file107.175.209.187 | Sliver botnet C2 server (confidence level: 100%) | |
file128.90.106.149 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file34.170.74.230 | Unknown malware botnet C2 server (confidence level: 100%) | |
file84.21.173.243 | Hook botnet C2 server (confidence level: 100%) | |
file80.211.202.226 | Havoc botnet C2 server (confidence level: 100%) | |
file34.217.16.27 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file34.226.138.182 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.57.217.123 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file45.192.215.195 | Kaiji botnet C2 server (confidence level: 100%) | |
file94.176.45.152 | MimiKatz botnet C2 server (confidence level: 100%) | |
file89.238.176.13 | MimiKatz botnet C2 server (confidence level: 100%) | |
file216.9.225.168 | Remcos botnet C2 server (confidence level: 75%) | |
file216.9.225.168 | Remcos botnet C2 server (confidence level: 75%) | |
file216.9.225.168 | Remcos botnet C2 server (confidence level: 75%) | |
file216.9.225.168 | Remcos botnet C2 server (confidence level: 75%) | |
file3.127.253.86 | NjRAT botnet C2 server (confidence level: 75%) | |
file52.28.112.211 | NjRAT botnet C2 server (confidence level: 75%) | |
file35.158.159.254 | NjRAT botnet C2 server (confidence level: 75%) | |
file91.219.238.207 | XWorm botnet C2 server (confidence level: 75%) | |
file20.197.8.128 | TangleBot botnet C2 server (confidence level: 75%) | |
file185.39.19.51 | Tofsee botnet C2 server (confidence level: 100%) | |
file117.72.84.144 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file119.45.178.251 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file62.234.24.38 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.76.158.8 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.111.162.219 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file20.77.64.172 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.61.76.233 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file196.189.21.66 | Havoc botnet C2 server (confidence level: 100%) | |
file187.112.166.60 | Venom RAT botnet C2 server (confidence level: 100%) | |
file213.226.127.102 | MimiKatz botnet C2 server (confidence level: 100%) | |
file62.60.226.84 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file185.39.19.50 | Tofsee botnet C2 server (confidence level: 100%) | |
file185.39.19.50 | Tofsee botnet C2 server (confidence level: 100%) | |
file185.39.19.50 | Tofsee botnet C2 server (confidence level: 100%) | |
file185.39.19.51 | Tofsee botnet C2 server (confidence level: 100%) | |
file185.39.19.50 | Tofsee botnet C2 server (confidence level: 100%) | |
file185.39.19.50 | Tofsee botnet C2 server (confidence level: 100%) | |
file185.39.19.51 | Tofsee botnet C2 server (confidence level: 100%) | |
file185.39.19.51 | Tofsee botnet C2 server (confidence level: 100%) | |
file185.39.19.51 | Tofsee botnet C2 server (confidence level: 100%) | |
file185.39.19.51 | Tofsee botnet C2 server (confidence level: 100%) | |
file185.39.19.50 | Tofsee botnet C2 server (confidence level: 100%) | |
file185.39.19.50 | Tofsee botnet C2 server (confidence level: 100%) | |
file185.39.19.50 | Tofsee botnet C2 server (confidence level: 100%) | |
file185.39.19.51 | Tofsee botnet C2 server (confidence level: 100%) | |
file185.39.19.50 | Tofsee botnet C2 server (confidence level: 100%) | |
file185.39.19.51 | Tofsee botnet C2 server (confidence level: 100%) | |
file185.39.19.51 | Tofsee botnet C2 server (confidence level: 100%) | |
file14.128.37.56 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file115.120.236.12 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file106.53.44.15 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file115.120.232.177 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file119.29.229.212 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file194.33.42.144 | Sliver botnet C2 server (confidence level: 50%) | |
file103.30.76.254 | Sliver botnet C2 server (confidence level: 50%) | |
file51.158.120.162 | Sliver botnet C2 server (confidence level: 50%) | |
file162.254.85.213 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
file123.60.12.89 | ShadowPad botnet C2 server (confidence level: 50%) | |
file122.51.65.190 | Unknown malware botnet C2 server (confidence level: 50%) | |
file135.0.42.37 | NjRAT botnet C2 server (confidence level: 50%) | |
file162.14.110.82 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.104.26.224 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file104.249.131.230 | Remcos botnet C2 server (confidence level: 100%) | |
file49.113.77.114 | Unknown malware botnet C2 server (confidence level: 100%) | |
file196.251.81.25 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.88.44 | Hook botnet C2 server (confidence level: 100%) | |
file18.141.22.174 | Hook botnet C2 server (confidence level: 100%) | |
file165.73.102.186 | Havoc botnet C2 server (confidence level: 100%) | |
file185.232.204.60 | Bashlite botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash1604 | DarkComet botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9601 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8081 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8080 | ERMAC botnet C2 server (confidence level: 100%) | |
hash54681 | Chaos botnet C2 server (confidence level: 100%) | |
hash4000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash33389 | Remcos botnet C2 server (confidence level: 100%) | |
hash33389 | Remcos botnet C2 server (confidence level: 100%) | |
hash8000 | Sliver botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash53333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 100%) | |
hash7443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash5858 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash18443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8990 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash18443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash18443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash6000 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash11112 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash443 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash80 | Ghost RAT botnet C2 server (confidence level: 50%) | |
hash1521 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash3030 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash18970 | XWorm botnet C2 server (confidence level: 75%) | |
hash19700 | XWorm botnet C2 server (confidence level: 75%) | |
hash7044 | Houdini botnet C2 server (confidence level: 75%) | |
hash52190 | Remcos botnet C2 server (confidence level: 75%) | |
hash1912 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2003 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | Matanbuchus botnet C2 server (confidence level: 100%) | |
hash443 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash87 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash84 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2023 | MooBot botnet C2 server (confidence level: 75%) | |
hash42555 | Remcos botnet C2 server (confidence level: 75%) | |
hash5884 | Remcos botnet C2 server (confidence level: 75%) | |
hash8080 | Mirai botnet C2 server (confidence level: 75%) | |
hash3399 | XWorm botnet C2 server (confidence level: 75%) | |
hash5009 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash6000 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash9333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash963 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash88 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2053 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | DarkComet botnet C2 server (confidence level: 100%) | |
hash46167 | Remcos botnet C2 server (confidence level: 100%) | |
hash21 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8000 | Sliver botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash4000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash16992 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash29667 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash32107 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash808 | Kaiji botnet C2 server (confidence level: 100%) | |
hash8000 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash80 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash13498 | Remcos botnet C2 server (confidence level: 75%) | |
hash14646 | Remcos botnet C2 server (confidence level: 75%) | |
hash14656 | Remcos botnet C2 server (confidence level: 75%) | |
hash14658 | Remcos botnet C2 server (confidence level: 75%) | |
hash12981 | NjRAT botnet C2 server (confidence level: 75%) | |
hash12981 | NjRAT botnet C2 server (confidence level: 75%) | |
hash12981 | NjRAT botnet C2 server (confidence level: 75%) | |
hash7000 | XWorm botnet C2 server (confidence level: 75%) | |
hash7771 | TangleBot botnet C2 server (confidence level: 75%) | |
hash423 | Tofsee botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8089 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash7000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8085 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash19000 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash423 | Tofsee botnet C2 server (confidence level: 100%) | |
hash430 | Tofsee botnet C2 server (confidence level: 100%) | |
hash426 | Tofsee botnet C2 server (confidence level: 100%) | |
hash425 | Tofsee botnet C2 server (confidence level: 100%) | |
hash425 | Tofsee botnet C2 server (confidence level: 100%) | |
hash420 | Tofsee botnet C2 server (confidence level: 100%) | |
hash416 | Tofsee botnet C2 server (confidence level: 100%) | |
hash426 | Tofsee botnet C2 server (confidence level: 100%) | |
hash422 | Tofsee botnet C2 server (confidence level: 100%) | |
hash421 | Tofsee botnet C2 server (confidence level: 100%) | |
hash427 | Tofsee botnet C2 server (confidence level: 100%) | |
hash428 | Tofsee botnet C2 server (confidence level: 100%) | |
hash422 | Tofsee botnet C2 server (confidence level: 100%) | |
hash431 | Tofsee botnet C2 server (confidence level: 100%) | |
hash419 | Tofsee botnet C2 server (confidence level: 100%) | |
hash419 | Tofsee botnet C2 server (confidence level: 100%) | |
hash424 | Tofsee botnet C2 server (confidence level: 100%) | |
hash9443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8002 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8001 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash7788 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8002 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash8085 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
hash8002 | ShadowPad botnet C2 server (confidence level: 50%) | |
hash8841 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash5552 | NjRAT botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5345 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) |
Threat ID: 682c7db4e8347ec82d2b00e2
Added to database: 5/20/2025, 1:03:48 PM
Last enriched: 6/19/2025, 3:03:30 PM
Last updated: 8/16/2025, 5:44:52 PM
Views: 14
Related Threats
ThreatFox IOCs for 2025-08-16
MediumMalwareSun Aug 17 2025
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumMalwareSat Aug 16 2025
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.