Skip to main content

ThreatFox IOCs for 2025-04-12

Medium
Published: Sat Apr 12 2025 (04/12/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-04-12

AI-Powered Analysis

AILast updated: 06/19/2025, 15:03:42 UTC

Technical Analysis

The provided threat information pertains to a malware-related report titled 'ThreatFox IOCs for 2025-04-12,' sourced from ThreatFox, which is a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under 'type:osint,' indicating that it primarily involves open-source intelligence data rather than a specific malware family or exploit targeting particular software versions. No specific affected product versions or CWE identifiers are provided, and there are no known exploits in the wild associated with this threat at the time of publication. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination potential but limited technical analysis depth. The absence of indicators of compromise (IOCs) in the report implies that the data may be preliminary or focused on intelligence gathering rather than active exploitation. The threat is tagged with 'tlp:white,' indicating that the information is intended for public sharing without restrictions. Overall, this threat appears to be an OSINT-based malware intelligence report with medium severity, primarily serving as a situational awareness update rather than an immediate, active threat vector.

Potential Impact

Given the nature of the threat as an OSINT-based malware intelligence report without specific affected products or active exploits, the direct impact on European organizations is likely limited at this stage. However, the medium severity rating and distribution level of 3 suggest that the malware or associated threat actors could potentially disseminate information or malware samples that might be leveraged in future targeted attacks. European organizations that rely heavily on open-source intelligence for cybersecurity monitoring, threat hunting, or incident response could benefit from integrating this intelligence to enhance their detection capabilities. Conversely, organizations lacking robust OSINT integration might miss early warning signs, potentially increasing their risk exposure. The absence of known exploits reduces the immediate risk of compromise, but the evolving nature of malware threats means that vigilance is necessary. The impact on confidentiality, integrity, and availability is currently low to medium, primarily due to the lack of active exploitation and specific targeting information.

Mitigation Recommendations

1. Integrate ThreatFox and similar OSINT feeds into existing Security Information and Event Management (SIEM) and threat intelligence platforms to enhance situational awareness and early detection capabilities. 2. Establish automated processes to correlate new IOCs from OSINT sources with internal logs and network traffic to identify potential indicators of compromise promptly. 3. Conduct regular threat hunting exercises focusing on emerging malware trends highlighted in OSINT reports to proactively identify latent threats. 4. Train cybersecurity teams on interpreting and operationalizing OSINT data to improve response times and reduce false positives. 5. Maintain up-to-date endpoint detection and response (EDR) solutions capable of leveraging threat intelligence for behavioral analysis, even when specific signatures are unavailable. 6. Collaborate with European cybersecurity information sharing organizations (e.g., ENISA, CERT-EU) to contextualize OSINT findings within regional threat landscapes. 7. Since no patches or specific vulnerabilities are identified, prioritize general cybersecurity hygiene, including network segmentation, least privilege access, and regular backups to mitigate potential future exploitation scenarios.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
4cf32da3-2561-4ba5-9537-b98a6d7fbb24
Original Timestamp
1744502586

Indicators of Compromise

Domain

ValueDescriptionCopy
domaincheck.xiwaj.icu
ClearFake payload delivery domain (confidence level: 100%)
domainmoonlitwayq.run
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainserviceverifcaptcho.com
ClearFake payload delivery domain (confidence level: 100%)
domaincheck.favop.icu
ClearFake payload delivery domain (confidence level: 100%)
domaincheck.huquw.icu
ClearFake payload delivery domain (confidence level: 100%)
domainsegment.intuitivaccountants.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainaccounts.intuitivaccountants.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaindigitalasset.intuitivaccountants.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaintags.intuitivaccountants.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaincheck.vefim.icu
ClearFake payload delivery domain (confidence level: 100%)
domaintenbb10mn.top
CryptBot botnet C2 domain (confidence level: 100%)
domaina1108039.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domainstastom01g.temp.swtest.ru
DCRat botnet C2 domain (confidence level: 100%)
domaina1113269.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domaina1113623.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domaincz23695.tw1.ru
DCRat botnet C2 domain (confidence level: 100%)
domainkis2110wnk.temp.swtest.ru
DCRat botnet C2 domain (confidence level: 100%)
domaina1113201.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domaina1113503.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domaina1113351.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domainmagicelasti.click
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaintendersongwhz.click
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaingluehistspor.click
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainhighpitcheri.click
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainculasova.icu
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainwdcwdwsds.icu
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaineightss8th.top
CryptBot botnet C2 domain (confidence level: 100%)
domainoness1th.top
CryptBot botnet C2 domain (confidence level: 100%)
domainsixss6th.top
CryptBot botnet C2 domain (confidence level: 100%)
domaintenss10th.top
CryptBot botnet C2 domain (confidence level: 100%)
domaineightbb8mn.top
CryptBot botnet C2 domain (confidence level: 100%)
domainonebb1mn.top
CryptBot botnet C2 domain (confidence level: 100%)
domainsixbb6mn.top
CryptBot botnet C2 domain (confidence level: 100%)
domaincheck.pawol.icu
ClearFake payload delivery domain (confidence level: 100%)
domainfeathcrwallet.org
Unknown Stealer botnet C2 domain (confidence level: 100%)
domainelectrum-faq.org
Unknown Stealer botnet C2 domain (confidence level: 100%)
domainen-btc-electrum.newzenler.com
Unknown Stealer botnet C2 domain (confidence level: 100%)
domainatomik-wallet.me
Unknown Stealer botnet C2 domain (confidence level: 100%)
domainoverall-whom.gl.at.ply.gg
NjRAT botnet C2 domain (confidence level: 75%)
domaincheck.dehoz.icu
ClearFake payload delivery domain (confidence level: 100%)
domainsmtp.rupyt.ru
Unknown malware botnet C2 domain (confidence level: 100%)
domainc4wx8kmtsqqba.cfc-execute.bj.baidubce.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaindzccd.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincheck.firoc.icu
ClearFake payload delivery domain (confidence level: 100%)
domainwent-postcard.gl.at.ply.gg
DCRat botnet C2 domain (confidence level: 50%)
domainzorg-c2.duckdns.org
Mirai botnet C2 domain (confidence level: 50%)
domaincontrol-studios.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domainadministration-kinda.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domainshown-narrow.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domaintransportation-physically.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domainskatkat.com
FAKEUPDATES payload delivery domain (confidence level: 50%)
domaindipsafals.digital
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainriseupsz.live
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaintripfflux.world
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainwizmodi.digital
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainadaptwrx.digital
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaindynamiczl.live
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainelvernwood.digital
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainmodtunes.live
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaintiltvc.digital
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaindebt-collection-experts.online
Unknown malware botnet C2 domain (confidence level: 50%)
domaindebt-collection-experts.com
Unknown malware botnet C2 domain (confidence level: 50%)
domainairforce1.mmafan.biz
Grandoreiro botnet C2 domain (confidence level: 50%)
domainbayerischemotorenwerke.nflfan.org
Grandoreiro botnet C2 domain (confidence level: 50%)
domainmichaeljacksontribute.mmafan.biz
Grandoreiro botnet C2 domain (confidence level: 50%)
domainflightradar.mymediapc.net
Grandoreiro botnet C2 domain (confidence level: 50%)
domaincamsobservations.nhlfan.net
Grandoreiro botnet C2 domain (confidence level: 50%)
domainmarronfiveshows.serveexchange.com
Grandoreiro botnet C2 domain (confidence level: 50%)
domainmapfre.homesecuritypc.com
Grandoreiro botnet C2 domain (confidence level: 50%)
domainmercedesbenz.mysecuritycamera.net
Grandoreiro botnet C2 domain (confidence level: 50%)
domainsimpsonsbartmovies.stufftoread.com
Grandoreiro botnet C2 domain (confidence level: 50%)
domainrenault.hosthampster.co
Grandoreiro botnet C2 domain (confidence level: 50%)
domainitalicfonts.org
Unknown malware credit card skimming domain (confidence level: 50%)
domainofficepackage.sourceforge.io
ClipBanker botnet C2 domain (confidence level: 50%)
domainsouthwesternconstructiongroup.site
Unknown malware botnet C2 domain (confidence level: 100%)
domaincheck.jexem.icu
ClearFake payload delivery domain (confidence level: 100%)
domaino.xn--y7aa.cc
Cobalt Strike botnet C2 domain (confidence level: 75%)

Url

ValueDescriptionCopy
urlhttps://3xcelmodo.run/nahd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://3zestmodp.top/zeda
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://blacksmithz.run/yhfh
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://bxcelmodo.run/nahd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://cxcelmodo.run/nahd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://heasyupgw.live/eosz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://lpzestmodp.top/zeda
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://maidenbfair.run/auqwi
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://olsalaccgfa.top/gsooz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://qupmodini.digital/gokk
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://rupmodini.digital/gokk
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://rvsalaccgfa.top/gsooz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://s3liftally.top/xasj
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://imjrxsafer.top/shpaoz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://6.easyupgw.live/eosz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://onproenhann.digital/thnb
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://cchangeaie.top/geps
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://xxcelmodo.run/nahd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://2easyupgw.live/eosz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://check.vefim.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://fsalaccgfa.top/gsooz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://quantyu.bet/aoskwi
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://check.pawol.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.dehoz.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttp://117.209.21.131:56248/mozi.m
Mozi payload delivery URL (confidence level: 50%)
urlhttps://check.firoc.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://pastebin.com/raw/exnhezni
XWorm botnet C2 (confidence level: 50%)
urlhttps://check.jexem.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.qowot.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.pifos.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.cuved.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)

File

ValueDescriptionCopy
file156.208.150.186
Cobalt Strike botnet C2 server (confidence level: 100%)
file196.251.87.226
Cobalt Strike botnet C2 server (confidence level: 100%)
file172.111.189.22
Remcos botnet C2 server (confidence level: 100%)
file186.169.89.162
Remcos botnet C2 server (confidence level: 100%)
file172.111.244.162
Remcos botnet C2 server (confidence level: 100%)
file173.225.103.138
Remcos botnet C2 server (confidence level: 100%)
file107.148.49.212
Sliver botnet C2 server (confidence level: 100%)
file45.11.59.57
Sliver botnet C2 server (confidence level: 100%)
file159.100.18.123
AsyncRAT botnet C2 server (confidence level: 100%)
file186.169.89.162
AsyncRAT botnet C2 server (confidence level: 100%)
file212.34.143.220
Hook botnet C2 server (confidence level: 100%)
file31.177.109.154
Hook botnet C2 server (confidence level: 100%)
file82.5.33.90
Havoc botnet C2 server (confidence level: 100%)
file172.178.115.148
Havoc botnet C2 server (confidence level: 100%)
file172.178.115.148
Havoc botnet C2 server (confidence level: 100%)
file166.108.207.55
Havoc botnet C2 server (confidence level: 100%)
file20.124.86.1
Havoc botnet C2 server (confidence level: 100%)
file172.190.116.65
Havoc botnet C2 server (confidence level: 100%)
file20.55.31.188
Havoc botnet C2 server (confidence level: 100%)
file54.191.132.60
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file176.65.143.172
Bashlite botnet C2 server (confidence level: 100%)
file88.204.123.123
Matanbuchus botnet C2 server (confidence level: 100%)
file156.253.11.43
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.54.17.232
ShadowPad botnet C2 server (confidence level: 90%)
file188.166.231.83
Unknown malware botnet C2 server (confidence level: 100%)
file165.73.102.186
Havoc botnet C2 server (confidence level: 100%)
file54.90.248.127
Havoc botnet C2 server (confidence level: 100%)
file20.124.80.116
Havoc botnet C2 server (confidence level: 100%)
file192.159.99.113
DCRat botnet C2 server (confidence level: 100%)
file196.251.72.215
Unknown malware botnet C2 server (confidence level: 100%)
file124.222.173.29
Unknown malware botnet C2 server (confidence level: 100%)
file43.154.134.124
Unknown malware botnet C2 server (confidence level: 100%)
file47.239.185.101
Unknown malware botnet C2 server (confidence level: 100%)
file45.150.239.247
Unknown malware botnet C2 server (confidence level: 100%)
file111.229.202.115
Unknown malware botnet C2 server (confidence level: 100%)
file43.129.50.77
Unknown malware botnet C2 server (confidence level: 100%)
file156.238.233.10
Unknown malware botnet C2 server (confidence level: 100%)
file106.52.45.184
Unknown malware botnet C2 server (confidence level: 100%)
file143.110.242.174
Unknown malware botnet C2 server (confidence level: 100%)
file34.27.165.68
Unknown malware botnet C2 server (confidence level: 100%)
file172.105.131.22
Unknown malware botnet C2 server (confidence level: 100%)
file18.219.202.136
Unknown malware botnet C2 server (confidence level: 100%)
file94.130.177.9
Unknown malware botnet C2 server (confidence level: 100%)
file194.195.244.9
Unknown malware botnet C2 server (confidence level: 100%)
file54.216.74.72
Unknown malware botnet C2 server (confidence level: 100%)
file139.162.130.103
Unknown malware botnet C2 server (confidence level: 100%)
file157.180.31.129
Unknown malware botnet C2 server (confidence level: 100%)
file188.245.199.56
Unknown malware botnet C2 server (confidence level: 100%)
file194.195.245.164
Unknown malware botnet C2 server (confidence level: 100%)
file15.207.138.40
Unknown malware botnet C2 server (confidence level: 100%)
file51.15.92.203
Unknown malware botnet C2 server (confidence level: 100%)
file172.105.77.160
Unknown malware botnet C2 server (confidence level: 100%)
file194.195.245.173
Unknown malware botnet C2 server (confidence level: 100%)
file52.10.65.254
Unknown malware botnet C2 server (confidence level: 100%)
file51.38.140.84
Bashlite botnet C2 server (confidence level: 90%)
file13.208.166.13
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file54.191.132.60
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file176.123.3.232
Cobalt Strike botnet C2 server (confidence level: 100%)
file27.105.178.16
Cobalt Strike botnet C2 server (confidence level: 100%)
file31.192.107.157
Cobalt Strike botnet C2 server (confidence level: 100%)
file77.223.119.85
AsyncRAT botnet C2 server (confidence level: 75%)
file176.123.3.232
Cobalt Strike botnet C2 server (confidence level: 100%)
file206.188.197.211
Remcos botnet C2 server (confidence level: 100%)
file86.104.252.23
AsyncRAT botnet C2 server (confidence level: 100%)
file185.147.124.90
Quasar RAT botnet C2 server (confidence level: 100%)
file8.155.58.138
Havoc botnet C2 server (confidence level: 100%)
file20.55.31.188
Havoc botnet C2 server (confidence level: 100%)
file176.65.140.166
ERMAC botnet C2 server (confidence level: 100%)
file193.243.147.99
DanaBot botnet C2 server (confidence level: 75%)
file193.39.142.118
DeimosC2 botnet C2 server (confidence level: 75%)
file3.224.197.227
DeimosC2 botnet C2 server (confidence level: 75%)
file50.46.237.192
QakBot botnet C2 server (confidence level: 75%)
file120.83.110.234
Unknown malware botnet C2 server (confidence level: 75%)
file196.251.116.165
AsyncRAT botnet C2 server (confidence level: 75%)
file216.245.184.20
Meterpreter botnet C2 server (confidence level: 75%)
file147.185.221.27
NjRAT botnet C2 server (confidence level: 75%)
file107.174.205.145
Cobalt Strike botnet C2 server (confidence level: 100%)
file104.194.144.31
Sliver botnet C2 server (confidence level: 100%)
file206.123.138.186
AsyncRAT botnet C2 server (confidence level: 100%)
file102.117.171.104
Unknown malware botnet C2 server (confidence level: 100%)
file196.251.84.145
Hook botnet C2 server (confidence level: 100%)
file196.251.115.101
Venom RAT botnet C2 server (confidence level: 100%)
file94.136.189.48
Venom RAT botnet C2 server (confidence level: 100%)
file199.83.103.6
DCRat botnet C2 server (confidence level: 100%)
file119.45.237.141
Cobalt Strike botnet C2 server (confidence level: 75%)
file156.225.17.236
Cobalt Strike botnet C2 server (confidence level: 75%)
file65.49.201.151
Cobalt Strike botnet C2 server (confidence level: 75%)
file88.119.175.162
FAKEUPDATES payload delivery server (confidence level: 100%)
file45.8.114.33
Cobalt Strike botnet C2 server (confidence level: 50%)
file156.251.17.103
Cobalt Strike botnet C2 server (confidence level: 50%)
file101.200.76.102
Cobalt Strike botnet C2 server (confidence level: 50%)
file47.121.123.96
Cobalt Strike botnet C2 server (confidence level: 50%)
file121.43.227.196
Cobalt Strike botnet C2 server (confidence level: 50%)
file104.168.134.191
Cobalt Strike botnet C2 server (confidence level: 50%)
file43.198.246.165
Cobalt Strike botnet C2 server (confidence level: 50%)
file43.139.233.218
Cobalt Strike botnet C2 server (confidence level: 50%)
file106.75.217.30
Cobalt Strike botnet C2 server (confidence level: 50%)
file47.88.90.239
Cobalt Strike botnet C2 server (confidence level: 50%)
file154.204.177.254
Cobalt Strike botnet C2 server (confidence level: 50%)
file156.224.29.3
Cobalt Strike botnet C2 server (confidence level: 50%)
file47.115.227.6
Cobalt Strike botnet C2 server (confidence level: 50%)
file176.126.114.137
Cobalt Strike botnet C2 server (confidence level: 50%)
file156.238.233.21
Cobalt Strike botnet C2 server (confidence level: 50%)
file45.132.181.37
Cobalt Strike botnet C2 server (confidence level: 50%)
file8.153.206.47
Cobalt Strike botnet C2 server (confidence level: 50%)
file39.109.117.51
Cobalt Strike botnet C2 server (confidence level: 50%)
file8.210.78.137
Cobalt Strike botnet C2 server (confidence level: 50%)
file161.35.255.100
Cobalt Strike botnet C2 server (confidence level: 50%)
file192.241.137.101
Cobalt Strike botnet C2 server (confidence level: 50%)
file139.9.103.149
Cobalt Strike botnet C2 server (confidence level: 50%)
file120.55.14.117
Cobalt Strike botnet C2 server (confidence level: 50%)
file121.36.0.126
Cobalt Strike botnet C2 server (confidence level: 50%)
file106.75.227.248
Cobalt Strike botnet C2 server (confidence level: 50%)
file35.215.133.148
Cobalt Strike botnet C2 server (confidence level: 50%)
file47.96.136.148
Cobalt Strike botnet C2 server (confidence level: 50%)
file192.3.211.196
Cobalt Strike botnet C2 server (confidence level: 50%)
file101.200.198.154
Cobalt Strike botnet C2 server (confidence level: 50%)
file27.71.27.210
Cobalt Strike botnet C2 server (confidence level: 50%)
file83.229.124.173
Cobalt Strike botnet C2 server (confidence level: 50%)
file1.92.64.200
Cobalt Strike botnet C2 server (confidence level: 50%)
file113.45.51.178
Cobalt Strike botnet C2 server (confidence level: 50%)
file137.184.143.194
Cobalt Strike botnet C2 server (confidence level: 50%)
file173.212.230.207
Cobalt Strike botnet C2 server (confidence level: 50%)
file156.245.27.211
Cobalt Strike botnet C2 server (confidence level: 50%)
file43.139.233.218
Cobalt Strike botnet C2 server (confidence level: 50%)
file47.253.165.251
Cobalt Strike botnet C2 server (confidence level: 50%)
file47.96.136.148
Cobalt Strike botnet C2 server (confidence level: 50%)
file175.24.227.106
Cobalt Strike botnet C2 server (confidence level: 50%)
file124.222.82.19
Cobalt Strike botnet C2 server (confidence level: 50%)
file64.176.80.20
Cobalt Strike botnet C2 server (confidence level: 50%)
file185.208.159.13
Cobalt Strike botnet C2 server (confidence level: 50%)
file159.65.83.96
Cobalt Strike botnet C2 server (confidence level: 50%)
file113.45.177.81
Cobalt Strike botnet C2 server (confidence level: 50%)
file128.199.235.69
Cobalt Strike botnet C2 server (confidence level: 50%)
file156.245.27.190
Cobalt Strike botnet C2 server (confidence level: 50%)
file89.187.25.26
Cobalt Strike botnet C2 server (confidence level: 50%)
file66.119.15.233
Cobalt Strike botnet C2 server (confidence level: 50%)
file109.248.6.228
Cobalt Strike botnet C2 server (confidence level: 50%)
file196.251.81.47
Cobalt Strike botnet C2 server (confidence level: 50%)
file18.237.2.54
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file35.78.77.46
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file54.176.77.195
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file13.214.172.142
Unknown malware botnet C2 server (confidence level: 50%)
file52.66.245.198
Unknown malware botnet C2 server (confidence level: 50%)
file18.170.3.153
Unknown malware botnet C2 server (confidence level: 50%)
file47.236.172.42
Xtreme RAT botnet C2 server (confidence level: 50%)
file34.177.4.39
Xtreme RAT botnet C2 server (confidence level: 50%)
file15.236.31.249
Unknown malware botnet C2 server (confidence level: 50%)
file66.135.12.255
Quasar RAT botnet C2 server (confidence level: 50%)
file206.123.152.226
DarkComet botnet C2 server (confidence level: 50%)
file84.132.22.48
Ghost RAT botnet C2 server (confidence level: 50%)
file16.170.172.66
BlackShades botnet C2 server (confidence level: 50%)
file107.172.230.179
Havoc botnet C2 server (confidence level: 50%)
file49.113.76.173
Unknown malware botnet C2 server (confidence level: 50%)
file147.185.221.24
XWorm botnet C2 server (confidence level: 50%)
file91.92.255.111
XWorm botnet C2 server (confidence level: 50%)
file147.185.221.27
XWorm botnet C2 server (confidence level: 50%)
file8.146.209.156
Cobalt Strike botnet C2 server (confidence level: 100%)
file37.252.14.141
Remcos botnet C2 server (confidence level: 100%)
file144.172.84.119
Sliver botnet C2 server (confidence level: 100%)
file88.240.210.241
AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.123.28
AsyncRAT botnet C2 server (confidence level: 100%)
file154.44.30.160
Kaiji botnet C2 server (confidence level: 100%)
file8.210.78.137
Cobalt Strike botnet C2 server (confidence level: 100%)
file34.140.184.210
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.9.25.218
Cobalt Strike botnet C2 server (confidence level: 100%)
file174.138.190.94
Remcos botnet C2 server (confidence level: 100%)
file85.192.49.163
Remcos botnet C2 server (confidence level: 100%)
file89.238.176.5
Remcos botnet C2 server (confidence level: 100%)
file104.248.229.157
Sliver botnet C2 server (confidence level: 100%)
file62.85.76.32
AsyncRAT botnet C2 server (confidence level: 100%)
file80.64.30.203
SectopRAT botnet C2 server (confidence level: 100%)
file54.254.120.161
Hook botnet C2 server (confidence level: 100%)
file31.177.109.154
Hook botnet C2 server (confidence level: 100%)
file62.60.191.138
DCRat botnet C2 server (confidence level: 100%)
file35.91.169.160
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file35.91.169.160
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file52.50.88.125
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file3.68.97.150
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file3.68.97.150
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file116.2.184.197
Unknown malware botnet C2 server (confidence level: 100%)
file5.188.230.69
MimiKatz botnet C2 server (confidence level: 100%)
file142.247.84.102
QakBot botnet C2 server (confidence level: 75%)
file156.241.0.7
DOPLUGS botnet C2 server (confidence level: 100%)
file156.241.0.7
DOPLUGS botnet C2 server (confidence level: 100%)
file31.58.239.213
DeimosC2 botnet C2 server (confidence level: 75%)
file52.71.206.212
DeimosC2 botnet C2 server (confidence level: 75%)
file45.66.157.21
Cobalt Strike botnet C2 server (confidence level: 75%)

Hash

ValueDescriptionCopy
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5671
Remcos botnet C2 server (confidence level: 100%)
hash8888
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash30370
Remcos botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash5555
AsyncRAT botnet C2 server (confidence level: 100%)
hash9999
AsyncRAT botnet C2 server (confidence level: 100%)
hash2053
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash80
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash4433
Havoc botnet C2 server (confidence level: 100%)
hash80
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash80
Havoc botnet C2 server (confidence level: 100%)
hash2181
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash23
Bashlite botnet C2 server (confidence level: 100%)
hashce62c3af15d3edc882f3f1daaddbfafc
Unknown malware payload (confidence level: 50%)
hash085e4b56b671e2ddc9d15189a4ea5706
Unknown malware payload (confidence level: 50%)
hashe6691b7ad98c62cb2d6758f0479b54e8
Unknown malware payload (confidence level: 50%)
hash0213a5f72b3ee29a25af64e2ebe7b647
Unknown malware payload (confidence level: 50%)
hashf46150e9b2c107c4d9a2b2574c7df5b8
Unknown malware payload (confidence level: 50%)
hash9f99aa9c1419e0278201af779f2bb592
Unknown malware payload (confidence level: 50%)
hash21e5fc4531031ac7cf7104657aa22cb1
Unknown malware payload (confidence level: 50%)
hash6ed0c7c02dd5d193f870a86eae3be5ce
Unknown malware payload (confidence level: 50%)
hash11ec0c3634172590ada7a56200925db5
Unknown malware payload (confidence level: 50%)
hashf9abf8feb7eb47583990d3120bf2fb20
Unknown malware payload (confidence level: 50%)
hashe66ee37b29fad9831b29203ffd949d36
Unknown malware payload (confidence level: 50%)
hash6e7bd31e25d4c4dbb29d30d87861cf4c
Unknown malware payload (confidence level: 50%)
hash51a3b1ed9a7b443a1b94ce93069eb8f3
Unknown malware payload (confidence level: 50%)
hash4e6b0bb98e6240322c289e59a495c851
Unknown malware payload (confidence level: 50%)
hashf39a9d40772e171bf18ca694e1f28a56
Unknown malware payload (confidence level: 50%)
hash88b58965b495787c88b0f8bea54a047d
Unknown malware payload (confidence level: 50%)
hash1f992a3bb237a94fe4ec3d482eae7096
Unknown malware payload (confidence level: 50%)
hash7d7d0e4dba9040ea6359d0403b467d67
Unknown malware payload (confidence level: 50%)
hash27617844f82a4922071537571b425ef8
Unknown malware payload (confidence level: 50%)
hashe779b870b609ed9e2f3db3130d8c38e9
Unknown malware payload (confidence level: 50%)
hash9cdda0c5d5f456ab98ecd7f4855e839b
Unknown malware payload (confidence level: 50%)
hash61b7946c49e26ce5053835562a7e5661
Unknown malware payload (confidence level: 50%)
hashd7e7f7a702cefe2f8b39938871617c59
Unknown malware payload (confidence level: 50%)
hashe4df4d31cedaa9dd0aaecf0e5a4010f1
Unknown malware payload (confidence level: 50%)
hash707304726d9faef7fd8e57a986f50c1b
Unknown malware payload (confidence level: 50%)
hash8a20ac65aace7fa8a9b52b41455e61c7
Unknown malware payload (confidence level: 50%)
hash3c09174f8f30476900622e5c5d6496dd
Unknown malware payload (confidence level: 50%)
hashe893884274762962a4daa836602a9b9f
Unknown malware payload (confidence level: 50%)
hash79dd5e6d9fa7ce54df329de869e4fb91
Unknown malware payload (confidence level: 50%)
hash5303122f7f613c6a403a7f490a1005f2
Unknown malware payload (confidence level: 50%)
hashae102489e3ef1be7de09b174f3641e3a
Unknown malware payload (confidence level: 50%)
hash6b5023f956ce94a6dc0c76e3228550b6
Unknown malware payload (confidence level: 50%)
hash19cfe29683ad3183cd868ed4850359aa
Unknown malware payload (confidence level: 50%)
hashf6c95f632c3a9f744941701c3e0638e2
Unknown malware payload (confidence level: 50%)
hash443
Matanbuchus botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
ShadowPad botnet C2 server (confidence level: 90%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash888
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash80
Havoc botnet C2 server (confidence level: 100%)
hash2296
DCRat botnet C2 server (confidence level: 100%)
hash3000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash10443
Unknown malware botnet C2 server (confidence level: 100%)
hash3000
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3000
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3000
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3000
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3000
Unknown malware botnet C2 server (confidence level: 100%)
hash3000
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash23
Bashlite botnet C2 server (confidence level: 90%)
hash101
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash81
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash41df43928df0a409d441ef9448039725
Unknown malware payload (confidence level: 50%)
hash5144224cc87dcf4320cd32b24fe62fee
Unknown malware payload (confidence level: 50%)
hash11670df2d595310c83c78bcbc7816dee
Unknown malware payload (confidence level: 50%)
hash23da7c7b7bc6b443d7f427e6c46a52ab
Unknown malware payload (confidence level: 50%)
hash5ae7c48cea736d62f14166a69fad83b5
Unknown malware payload (confidence level: 50%)
hash3ce6625364864a6f51641e584523b964
Unknown malware payload (confidence level: 50%)
hash27a56510e6cebf971ec7549faf3cbc70
Unknown malware payload (confidence level: 50%)
hash05db292ddbc354cbf62b1be5ab7e3a58
Unknown malware payload (confidence level: 50%)
hashfe1ac7a63c712432fd74e387f0c9b6eb
Unknown malware payload (confidence level: 50%)
hashe1bf05955057ed9ecafcb566cbe9504c
Unknown malware payload (confidence level: 50%)
hash4e5f178f790d78f20d489403b15efbb0
Unknown malware payload (confidence level: 50%)
hash7b71dca5f4b634b6c4bac1f936fae3ef
Unknown malware payload (confidence level: 50%)
hash12e6e350d8a3ac7636290802356d671c
Unknown malware payload (confidence level: 50%)
hash63ad87576d9d240fda5297e0cea45542
Unknown malware payload (confidence level: 50%)
hashbbcc84c232237ba0742322b615519dc8
Unknown malware payload (confidence level: 50%)
hasha55fc94d08e567a0392dd82ee3fdc9f0
Unknown malware payload (confidence level: 50%)
hash67961d30a900537dec197145a25b4876
Unknown malware payload (confidence level: 50%)
hash4efd40a6e2661474283c09798ab4fc31
Unknown malware payload (confidence level: 50%)
hashcc5dc8601ed9d0aebfed66e4b185d1bd
Unknown malware payload (confidence level: 50%)
hashe6d8eefbe4e9aceaa240184a9b435b6f
Unknown malware payload (confidence level: 50%)
hash5e1eec7d018f2dbd1280cd0c238e830d
Unknown malware payload (confidence level: 50%)
hash09127f6b39c0c6aab163f010b7086acc
Unknown malware payload (confidence level: 50%)
hash517ac3f7fc52792734b9a00a57cc5ae4
Unknown malware payload (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash52683
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1414
AsyncRAT botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash1080
AsyncRAT botnet C2 server (confidence level: 100%)
hash10000
Quasar RAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash80
ERMAC botnet C2 server (confidence level: 100%)
hash7a99bd570caf0d33464ecfd64d4da58d
Akira payload (confidence level: 50%)
hasha99266340fb6880f8e0a8744b23a8b03
Akira payload (confidence level: 50%)
hash32948677d3fa60b7b755a20c4412658b
Akira payload (confidence level: 50%)
hash4de019c8bde754dc0cb3d50b485816d8
Akira payload (confidence level: 50%)
hashc66e5310eeacd24a96735eafa02ca7eb
Akira payload (confidence level: 50%)
hash5700eef6f154fdae3a22985674b41168
Akira payload (confidence level: 50%)
hash5d4fb327482a0d6c46d28428fccd0a82
Akira payload (confidence level: 50%)
hash0fe4937a7dfa8f212f21f65a496d7713
Akira payload (confidence level: 50%)
hash2052591870714efa3df51a186bf57d75
Akira payload (confidence level: 50%)
hash1965b4ea67c442855e6aebb5a6c67933
Akira payload (confidence level: 50%)
hash6bf95bc0fe536e68e34033a66f620857
Akira payload (confidence level: 50%)
hash0a0bf18c2cb53435d9df2311761fb7b1
Akira payload (confidence level: 50%)
hash0248bf2afb70642288646760bb25a38d
Akira payload (confidence level: 50%)
hash64e4753cab78dcba6072a7c0ba9eeb89
Akira payload (confidence level: 50%)
hash43b0adfed2c14c240931d8e0a3986d9e
Akira payload (confidence level: 50%)
hash443
DanaBot botnet C2 server (confidence level: 75%)
hash9999
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash995
QakBot botnet C2 server (confidence level: 75%)
hash60000
Unknown malware botnet C2 server (confidence level: 75%)
hash7707
AsyncRAT botnet C2 server (confidence level: 75%)
hash8443
Meterpreter botnet C2 server (confidence level: 75%)
hash30866
NjRAT botnet C2 server (confidence level: 75%)
hashf6e5f0ed974c89e2b4a47989fc987c79
Rhysida payload (confidence level: 50%)
hash6742fdde9d5fde37ac5a9c9cbb1f691f
Rhysida payload (confidence level: 50%)
hash7cfba113342f78b5909f606c26fc1dc4
Rhysida payload (confidence level: 50%)
hash6dd8c26f64df37d0c7645b63c9bba51f
Rhysida payload (confidence level: 50%)
hash0cf5491278c7d87e8c3fc88c7f9f26ff
Rhysida payload (confidence level: 50%)
hashd86383882515b7a9218d5f69924feadf
Rhysida payload (confidence level: 50%)
hash3225b95fc72f238ab1e53bfabc11b551
Rhysida payload (confidence level: 50%)
hashddaa09b5c3bf5aa24e300c24905469f2
Rhysida payload (confidence level: 50%)
hash5f3ecd02a94cec2b62bfecd79f5a1d98
Rhysida payload (confidence level: 50%)
hash1888ecf4e90f02ecaaefdb3624825fa2
Rhysida payload (confidence level: 50%)
hashc43f12b8330643c72d21bad3b6cfcf82
Rhysida payload (confidence level: 50%)
hashbea5c2c91e1fa97854c65ece18456b0e
Rhysida payload (confidence level: 50%)
hash93be893ff74816c49f2706f222789027
Rhysida payload (confidence level: 50%)
hash569d2b5701755260514fe1563d7530bb
Rhysida payload (confidence level: 50%)
hash0c8e88877383ccd23a755f429006b437
Rhysida payload (confidence level: 50%)
hash2b825ea77e240d2ab6b6695a602cb07c
Rhysida payload (confidence level: 50%)
hash7dd4de113a97c638518f01760ff4f03c
Rhysida payload (confidence level: 50%)
hash59a9ca795b59161f767b94fc2dece71a
Rhysida payload (confidence level: 50%)
hashfbbb2685cb612b25c50c59c1ffa6e654
Rhysida payload (confidence level: 50%)
hashc9a5e675dbb1f0ce61623f24757a1c72
Rhysida payload (confidence level: 50%)
hash67edfff8250487d97f403c74fed85388
Rhysida payload (confidence level: 50%)
hash1e256229b58061860be8dbf0dc4fe67e
Rhysida payload (confidence level: 50%)
hash44c7d18633b5741db270a6bd378b6f3c
Rhysida payload (confidence level: 50%)
hash26f41a46d0addde100bb9512a130de5e
Rhysida payload (confidence level: 50%)
hash4ef0160b3eb114a94aeedd0bb5716058
Rhysida payload (confidence level: 50%)
hash54416fc42afa9b09ea7e8d8e318f4891
Rhysida payload (confidence level: 50%)
hashfac561bb0f072d29fe6f8ee6072c905a
Rhysida payload (confidence level: 50%)
hash17a22e1b633068dc45df51679df233cc
Rhysida payload (confidence level: 50%)
hash60002
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash1080
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash7070
Venom RAT botnet C2 server (confidence level: 100%)
hash1883
Venom RAT botnet C2 server (confidence level: 100%)
hash80
DCRat botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8833
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash1c76d39f0f6a2b11b6740a99aea91f22617cf319cf1eb13cd45e99b13d34f15b
Unknown Stealer payload (confidence level: 100%)
hashd3c18c41e7aacc9595b25a989db8538aaf3bb02f73e43706f802f3a62e56757b
Unknown Stealer payload (confidence level: 100%)
hash74eac4ff60257db6dcbef047e8b9f23f03f3c328573aadf7091093504405b3a8
Unknown Stealer payload (confidence level: 100%)
hashc045ba517967c058d7991ee74c12cc5a2f3fb6d982422b5ead20afa104202287
Unknown Stealer payload (confidence level: 100%)
hash081c9d3c3497c73cbc16e45ec72b22d4ef6b08427049bfb98c703f15a5fd1e12
Unknown Stealer payload (confidence level: 100%)
hasheebed33306b97dbfdd066fba682d58bcf93143f2b85fcaedf9956ea815e545bf
Unknown Stealer payload (confidence level: 100%)
hash15edec96636f4deeae5c54b3ac9c1fbffae90a7bea6955d0a2fc8e238822800b
Unknown Stealer payload (confidence level: 100%)
hash3781836d7b55f6d266fa933656c20a10c558a172d33cead906cbe7a1397a1320
Unknown Stealer payload (confidence level: 100%)
hashde1ea4ce0bd9be80b5ae356be69d0fdf1541664ccb495f0fe267e91671f5dd44
Unknown Stealer payload (confidence level: 100%)
hash956461c835ab5f9e6bb3e01459c875dab8a37541623f2da44ac32356a8eb3cfb
Unknown Stealer payload (confidence level: 100%)
hash443
FAKEUPDATES payload delivery server (confidence level: 100%)
hash18081
Cobalt Strike botnet C2 server (confidence level: 50%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 50%)
hash80
Cobalt Strike botnet C2 server (confidence level: 50%)
hash4747
Cobalt Strike botnet C2 server (confidence level: 50%)
hash777
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash2082
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8181
Cobalt Strike botnet C2 server (confidence level: 50%)
hash6666
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8222
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Cobalt Strike botnet C2 server (confidence level: 50%)
hash21025
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash17
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash50000
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash789
Unknown malware botnet C2 server (confidence level: 50%)
hash79
Unknown malware botnet C2 server (confidence level: 50%)
hash503
Unknown malware botnet C2 server (confidence level: 50%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 50%)
hash6001
Xtreme RAT botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash50050
Quasar RAT botnet C2 server (confidence level: 50%)
hash16088
DarkComet botnet C2 server (confidence level: 50%)
hash80
Ghost RAT botnet C2 server (confidence level: 50%)
hash554
BlackShades botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash15372
XWorm botnet C2 server (confidence level: 50%)
hash1093
XWorm botnet C2 server (confidence level: 50%)
hash29750
XWorm botnet C2 server (confidence level: 50%)
hash8013
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4242
Remcos botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash808
Kaiji botnet C2 server (confidence level: 100%)
hash81
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash85
Cobalt Strike botnet C2 server (confidence level: 100%)
hash6217
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash57376
Remcos botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash15747
SectopRAT botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash2053
Hook botnet C2 server (confidence level: 100%)
hash8000
DCRat botnet C2 server (confidence level: 100%)
hash43
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash5900
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8000
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash9600
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8000
MimiKatz botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash5985
DOPLUGS botnet C2 server (confidence level: 100%)
hash443
DOPLUGS botnet C2 server (confidence level: 100%)
hash8856
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash2053
Cobalt Strike botnet C2 server (confidence level: 75%)

Threat ID: 682c7db4e8347ec82d2ae020

Added to database: 5/20/2025, 1:03:48 PM

Last enriched: 6/19/2025, 3:03:42 PM

Last updated: 8/13/2025, 3:11:09 PM

Views: 14

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats