ThreatFox IOCs for 2025-04-15
ThreatFox IOCs for 2025-04-15
AI Analysis
Technical Summary
The provided information describes a set of Indicators of Compromise (IOCs) related to malware activity, published on April 15, 2025, sourced from the ThreatFox MISP feed. The threat is categorized under OSINT (Open Source Intelligence), payload delivery, and network activity, indicating that it involves malware distribution and network-based operations. However, no specific affected software versions or products are listed, and no known exploits in the wild have been reported. The threat level is indicated as medium (threatLevel: 2), with moderate distribution (3) and minimal analysis (1) available. The absence of detailed technical indicators or CWEs (Common Weakness Enumerations) limits the granularity of the analysis. The threat appears to be a general malware campaign or activity monitored through OSINT channels, focusing on network-based payload delivery mechanisms. The lack of patch availability suggests that this is not a vulnerability in software but rather a malware threat relying on existing attack vectors. The TLP (Traffic Light Protocol) white tag indicates that the information is publicly shareable without restriction. Overall, this threat represents a medium-level malware campaign with network activity and payload delivery components, but with limited technical details and no direct exploit or vulnerability identified.
Potential Impact
For European organizations, this malware-related threat could result in unauthorized payload delivery and network compromise, potentially leading to data exfiltration, disruption of services, or lateral movement within networks. Given the lack of specific affected products or versions, the impact is likely broad but nonspecific, affecting organizations that may be targeted through network-based malware delivery methods. The medium severity suggests that while the threat is credible, it may not currently be widespread or highly sophisticated. However, European entities with critical infrastructure or sensitive data could face operational disruptions or confidentiality breaches if targeted. The absence of known exploits in the wild reduces immediate risk but does not eliminate the potential for future exploitation or targeted attacks leveraging these IOCs. Organizations relying on network perimeter defenses and endpoint security should remain vigilant to detect and mitigate payload delivery attempts associated with this threat.
Mitigation Recommendations
Given the nature of this threat as a malware campaign with network activity, European organizations should implement advanced network monitoring and intrusion detection systems capable of identifying unusual payload delivery patterns. Regularly updating and tuning security information and event management (SIEM) systems to incorporate new IOCs from ThreatFox and other OSINT feeds will enhance detection capabilities. Employ network segmentation to limit lateral movement in case of infection and enforce strict access controls. Endpoint protection platforms should be configured to detect and block known malware signatures and behaviors. Conduct regular employee training on phishing and social engineering tactics, as these are common malware delivery vectors. Since no patches are available, focus on proactive threat hunting and incident response readiness. Additionally, organizations should subscribe to threat intelligence feeds to stay informed about evolving indicators and tactics related to this malware activity.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- domain: check.symad.icu
- url: https://uochut.shop/help/loop.js
- domain: uochut.shop
- url: https://uochut.shop/help/index.php
- url: https://uochut.shop/help/ops.php
- url: https://gillilandlandscape.com/winston.zip
- domain: gillilandlandscape.com
- file: 94.158.245.66
- hash: 443
- domain: www.chamberscertifiedbookkeeping.com
- file: 185.239.48.173
- hash: 4258
- file: 207.244.199.46
- hash: 80
- domain: 0k6v5xuhp.localto.net
- url: https://westrosei.live/agoz
- domain: amoliera.org
- domain: security.flargyard.com
- domain: goclouder.com
- domain: analytiwave.com
- domain: security.secuclauf.com
- domain: amoliera.com
- domain: core.amoliera.com
- domain: amoliera.info
- domain: core.amoliera.info
- domain: core.amoliera.org
- domain: check.qevub.icu
- file: 18.197.239.109
- hash: 11862
- url: https://amssh.co/windows
- url: https://amssh.co/spotify
- domain: check.wyzof.icu
- file: 192.142.18.214
- hash: 443
- file: 198.167.198.12
- hash: 8817
- file: 207.148.37.85
- hash: 443
- file: 207.148.37.86
- hash: 443
- file: 176.65.142.245
- hash: 963
- file: 174.138.8.142
- hash: 7443
- file: 66.63.187.42
- hash: 443
- file: 31.57.228.28
- hash: 443
- file: 186.169.93.49
- hash: 8090
- domain: outlook.trpeiprzak.com
- domain: cdn.trpeiprzak.com
- domain: www.mail-googlservice.site
- domain: myaccount.mail-googlservice.site
- domain: mail.aa.104-168-101-27.cprapid.com
- domain: vvrn.akkba.cloud
- file: 192.142.18.214
- hash: 80
- domain: logging.intuitupdate-us.com
- domain: assets.intuitivaccountants.com
- domain: plugin.intuitupdate-us.com
- domain: accounts.intuitupdate-us.com
- file: 3.14.153.229
- hash: 443
- file: 13.251.254.197
- hash: 80
- file: 3.36.76.212
- hash: 443
- file: 45.94.31.18
- hash: 80
- file: 38.49.40.240
- hash: 8888
- file: 185.235.137.237
- hash: 24156
- file: 107.149.255.14
- hash: 60000
- domain: mail.mail-googlservice.site
- file: 152.203.23.21
- hash: 8080
- file: 16.171.195.51
- hash: 3333
- file: 35.82.92.185
- hash: 443
- file: 18.195.225.167
- hash: 3333
- file: 45.201.216.188
- hash: 8088
- file: 129.146.74.84
- hash: 8443
- file: 51.75.125.53
- hash: 443
- file: 193.43.72.177
- hash: 3000
- file: 65.109.110.239
- hash: 1194
- file: 65.108.245.62
- hash: 3333
- file: 216.238.88.13
- hash: 443
- file: 37.187.190.46
- hash: 3333
- file: 196.251.71.155
- hash: 2404
- file: 193.142.146.70
- hash: 56004
- file: 179.61.237.133
- hash: 2404
- file: 209.94.63.205
- hash: 4443
- file: 35.183.81.251
- hash: 37913
- file: 144.172.73.78
- hash: 8090
- domain: check.pilod.icu
- url: https://check.pilod.icu/gkcxv.google
- url: http://198.50.242.157:442/pages/login.php
- url: https://ins.sg/office
- file: 59.92.163.151
- hash: 6881
- file: 117.212.166.143
- hash: 6881
- file: 139.99.133.178
- hash: 6881
- file: 148.64.64.237
- hash: 6881
- file: 77.163.38.24
- hash: 51417
- file: 138.201.253.6
- hash: 51413
- file: 104.131.117.190
- hash: 51413
- file: 46.232.210.29
- hash: 12509
- file: 84.53.216.128
- hash: 3585
- file: 123.56.185.43
- hash: 9150
- file: 117.195.84.95
- hash: 20759
- file: 112.246.160.45
- hash: 8000
- file: 222.133.85.137
- hash: 8000
- file: 120.85.93.244
- hash: 15122
- file: 113.25.209.204
- hash: 30301
- file: 111.182.234.93
- hash: 30301
- file: 177.91.21.88
- hash: 34110
- file: 112.121.151.104
- hash: 1434
- file: 59.99.197.255
- hash: 57616
- file: 39.89.147.248
- hash: 8082
- file: 115.63.251.69
- hash: 8082
- file: 27.194.84.29
- hash: 8081
- file: 27.202.255.111
- hash: 8081
- file: 113.9.125.219
- hash: 14204
- file: 91.239.77.159
- hash: 28820
- file: 188.209.56.7
- hash: 28046
- file: 188.209.56.49
- hash: 28100
- file: 59.92.161.114
- hash: 56652
- file: 178.72.75.241
- hash: 18970
- file: 185.107.95.68
- hash: 28109
- file: 200.73.138.20
- hash: 34156
- file: 116.68.97.58
- hash: 6256
- file: 59.89.220.90
- hash: 48489
- url: https://getli.cc/capcut
- url: https://b.surfaceconsoling.makeup/d6d0c07fe5ee8c61f23e1cf95c5035fc
- domain: b.surfaceconsoling.makeup
- domain: check.tumyr.icu
- url: https://check.tumyr.icu/gkcxv.google
- file: 107.172.8.26
- hash: 443
- file: 78.141.215.160
- hash: 31337
- file: 62.146.176.213
- hash: 31337
- file: 52.143.174.249
- hash: 31337
- file: 150.109.63.104
- hash: 31337
- file: 116.205.242.143
- hash: 31337
- file: 146.56.229.98
- hash: 31337
- file: 172.234.198.96
- hash: 3333
- file: 49.13.158.110
- hash: 3333
- file: 54.226.119.204
- hash: 3333
- file: 162.254.86.108
- hash: 10443
- file: 44.204.188.88
- hash: 4150
- file: 91.4.39.122
- hash: 80
- file: 141.164.61.89
- hash: 443
- url: https://partner-id3695.com/
- url: https://85.198.109.144/
- url: https://www.lllyoutube.com/
- url: https://consume-policy.com/
- url: https://twitch.wales/
- url: https://login-safelink.com/
- url: https://pastebin.com/raw/ttvmd42u
- file: 196.251.73.58
- hash: 2443
- domain: fair-functionality.gl.at.ply.gg
- url: https://2makestorage.com
- url: https://fotamene.com
- url: https://fotamene.com/app/app.exe
- url: https://humisnee.com/sb.php
- url: https://humisnee.com/sbmstart.php
- url: https://sndvoices.com
- url: https://sndvoices.com/api/install-failure
- domain: fotamene.com
- domain: humisnee.com
- domain: server1.2makestorage.com
- domain: server1.fotamene.com
- domain: server1.humisnee.com
- domain: server1.sndvoices.com
- domain: server10.2makestorage.com
- domain: server10.fotamene.com
- domain: server10.humisnee.com
- domain: server10.sndvoices.com
- domain: server2.2makestorage.com
- domain: server2.fotamene.com
- domain: server2.humisnee.com
- domain: server2.sndvoices.com
- domain: server3.2makestorage.com
- domain: server3.fotamene.com
- domain: server3.humisnee.com
- domain: server3.sndvoices.com
- domain: server4.2makestorage.com
- domain: server4.fotamene.com
- domain: server4.humisnee.com
- domain: server4.sndvoices.com
- domain: server5.2makestorage.com
- domain: server5.fotamene.com
- domain: server5.humisnee.com
- domain: server5.sndvoices.com
- domain: server6.2makestorage.com
- domain: server6.fotamene.com
- domain: server6.humisnee.com
- domain: server6.sndvoices.com
- domain: server7.2makestorage.com
- domain: server7.fotamene.com
- domain: server7.humisnee.com
- domain: server7.sndvoices.com
- domain: server8.2makestorage.com
- domain: server8.fotamene.com
- domain: server8.humisnee.com
- domain: server8.sndvoices.com
- domain: server9.2makestorage.com
- domain: server9.fotamene.com
- domain: server9.humisnee.com
- domain: server9.sndvoices.com
- domain: chris1212242-26290.portmap.io
- file: 216.9.225.163
- hash: 34040
- domain: aquesolp.run
- domain: owlflright.digital
- domain: qualityow.store
- domain: dryguitttaow.shop
- domain: timerlesssaga.run
- domain: iqronrose.top
- domain: thiefbshadow.run
- domain: foggy-doggy.site
- domain: velvet5nssrv.shop
- domain: cdn-upload-files.buzz
- domain: buildit-right.buzz
- domain: go-cars-cheaprest.cfd
- domain: world-of-guides.buzz
- domain: sonorous-horizon-cfd.cfd
- file: 182.92.124.142
- hash: 80
- file: 182.92.124.142
- hash: 443
- file: 8.138.176.66
- hash: 443
- file: 123.249.42.68
- hash: 443
- file: 106.75.19.90
- hash: 443
- file: 196.251.72.108
- hash: 2404
- file: 198.144.189.79
- hash: 2404
- file: 185.208.158.139
- hash: 8000
- file: 196.251.73.189
- hash: 1080
- file: 82.147.85.160
- hash: 8089
- domain: ip85.215.173.244.pbiaas.com
- file: 194.59.30.50
- hash: 7443
- file: 148.113.214.176
- hash: 2409
- file: 156.245.27.190
- hash: 20931
- file: 156.245.27.190
- hash: 8888
- file: 34.16.57.191
- hash: 443
- file: 39.108.142.219
- hash: 46886
- file: 98.177.107.142
- hash: 60445
- file: 47.111.102.202
- hash: 7777
- file: 185.236.228.9
- hash: 8080
- file: 47.108.229.121
- hash: 8888
- file: 106.75.217.30
- hash: 443
- file: 185.236.231.64
- hash: 1089
- url: http://kbcximoaqhffxnm.top/1.php?s=527
- file: 45.81.115.40
- hash: 1951
- domain: check.sinyx.icu
- file: 5.252.153.120
- hash: 3000
- url: http://5.252.153.120:3000/log
- url: https://check.sinyx.icu/gkcxv.google
- file: 95.164.53.146
- hash: 3000
- url: http://microsoft.com/up
- url: https://redbluezone.com/diagnostics.php
- url: https://ochangeaie.top/geps
- file: 206.123.152.36
- hash: 3977
- domain: maxbusinessworld.duckdns.org
- file: 104.168.7.12
- hash: 6892
- file: 196.251.85.180
- hash: 4098
- domain: iniii.duckdns.org
- file: 185.157.162.21
- hash: 59111
- domain: iniiibk.duckdns.org
- domain: oghupimpim.duckdns.org
- domain: oghupol.duckdns.org
- domain: backup419.duckdns.org
- file: 192.169.69.26
- hash: 57376
- file: 216.9.225.168
- hash: 13405
- file: 216.9.225.168
- hash: 13406
- url: https://1zestmodp.top/zeda
- file: 147.124.216.223
- hash: 5577
- url: http://192.168.211.130:5566/w8lb
- url: https://1travewlio.shop/znxbhi
- url: https://fsighbtseeing.shop/asjnzh
- url: https://r1qesccapewz.run/ansbwqy
- file: 196.251.89.167
- hash: 100
- domain: ql.ap.4t.com
- url: https://ql.ap.4t.com/
- file: 120.27.235.78
- hash: 80
- file: 120.27.235.78
- hash: 443
- file: 154.9.226.185
- hash: 80
- file: 146.56.229.98
- hash: 443
- file: 64.176.50.187
- hash: 443
- file: 45.141.233.154
- hash: 8808
- domain: ip122.ip-51-195-231.eu
- file: 149.28.174.215
- hash: 443
- file: 188.166.205.148
- hash: 443
- file: 13.251.44.61
- hash: 6667
- file: 35.180.232.55
- hash: 101
- file: 35.180.232.55
- hash: 7001
- file: 143.244.167.164
- hash: 23
- file: 38.49.42.212
- hash: 80
- file: 176.34.84.216
- hash: 443
- domain: check.zezar.icu
- url: https://check.zezar.icu/gkcxv.google
- file: 146.235.38.234
- hash: 6266
- file: 135.119.90.211
- hash: 443
- file: 20.163.14.102
- hash: 443
- file: 13.89.124.211
- hash: 57338
- file: 198.235.24.162
- hash: 32724
- domain: mflowthai.world
- domain: correoaergentino.top
- domain: correoargenetino.top
- file: 47.250.189.199
- hash: 80
- file: 47.250.189.199
- hash: 22
- file: 47.250.189.199
- hash: 443
- file: 88.240.210.241
- hash: 1604
- url: https://proenhann.digital/thnb
- url: https://tclarmodq.top/qoxo
- url: https://check.babuc.icu/gkcxv.google
- file: 49.0.243.129
- hash: 8080
- file: 3.125.40.198
- hash: 80
- file: 124.70.137.116
- hash: 83
- file: 172.111.150.197
- hash: 3872
- file: 194.59.31.217
- hash: 17527
- file: 217.64.149.45
- hash: 2404
- file: 176.65.134.159
- hash: 80
- domain: strange-spence.51-195-231-122.plesk.page
- domain: objective-mayer.51-195-231-122.plesk.page
- file: 13.60.67.41
- hash: 8082
- file: 34.134.221.76
- hash: 3389
- file: 47.83.134.97
- hash: 443
- file: 165.22.248.142
- hash: 80
- domain: phpmyadmin.carsrpg.online
- file: 143.92.36.191
- hash: 443
- file: 143.92.36.187
- hash: 443
- file: 20.197.224.169
- hash: 6000
- file: 15.207.247.17
- hash: 58603
- file: 15.236.90.232
- hash: 771
- file: 106.15.6.181
- hash: 8082
- file: 88.214.27.89
- hash: 80
- file: 104.21.83.121
- hash: 80
- file: 134.175.253.33
- hash: 1521
- url: https://check.lukus.icu/gkcxv.google
- domain: check.lukus.icu
- file: 107.150.0.72
- hash: 2404
- file: 13.60.34.23
- hash: 8000
- domain: mrhelwans.giize.com
- file: 144.172.92.114
- hash: 7707
- file: 45.141.233.154
- hash: 8080
- file: 64.226.94.119
- hash: 443
- file: 95.182.100.3
- hash: 7443
- file: 45.145.42.103
- hash: 2222
- file: 3.238.57.178
- hash: 2281
- file: 34.30.196.214
- hash: 7443
- domain: ecs-124-70-142-36.compute.hwclouds-dns.com
- url: https://check.vegyt.icu/gkcxv.google
- file: 116.176.35.3
- hash: 4506
- file: 166.88.55.133
- hash: 443
- file: 62.60.226.9
- hash: 80
- file: 66.9.169.170
- hash: 443
- file: 70.27.138.189
- hash: 2222
- file: 78.176.228.39
- hash: 443
- file: 8.130.171.18
- hash: 8080
- domain: shop.nongfushan.org
- file: 120.27.235.78
- hash: 8443
ThreatFox IOCs for 2025-04-15
Description
ThreatFox IOCs for 2025-04-15
AI-Powered Analysis
Technical Analysis
The provided information describes a set of Indicators of Compromise (IOCs) related to malware activity, published on April 15, 2025, sourced from the ThreatFox MISP feed. The threat is categorized under OSINT (Open Source Intelligence), payload delivery, and network activity, indicating that it involves malware distribution and network-based operations. However, no specific affected software versions or products are listed, and no known exploits in the wild have been reported. The threat level is indicated as medium (threatLevel: 2), with moderate distribution (3) and minimal analysis (1) available. The absence of detailed technical indicators or CWEs (Common Weakness Enumerations) limits the granularity of the analysis. The threat appears to be a general malware campaign or activity monitored through OSINT channels, focusing on network-based payload delivery mechanisms. The lack of patch availability suggests that this is not a vulnerability in software but rather a malware threat relying on existing attack vectors. The TLP (Traffic Light Protocol) white tag indicates that the information is publicly shareable without restriction. Overall, this threat represents a medium-level malware campaign with network activity and payload delivery components, but with limited technical details and no direct exploit or vulnerability identified.
Potential Impact
For European organizations, this malware-related threat could result in unauthorized payload delivery and network compromise, potentially leading to data exfiltration, disruption of services, or lateral movement within networks. Given the lack of specific affected products or versions, the impact is likely broad but nonspecific, affecting organizations that may be targeted through network-based malware delivery methods. The medium severity suggests that while the threat is credible, it may not currently be widespread or highly sophisticated. However, European entities with critical infrastructure or sensitive data could face operational disruptions or confidentiality breaches if targeted. The absence of known exploits in the wild reduces immediate risk but does not eliminate the potential for future exploitation or targeted attacks leveraging these IOCs. Organizations relying on network perimeter defenses and endpoint security should remain vigilant to detect and mitigate payload delivery attempts associated with this threat.
Mitigation Recommendations
Given the nature of this threat as a malware campaign with network activity, European organizations should implement advanced network monitoring and intrusion detection systems capable of identifying unusual payload delivery patterns. Regularly updating and tuning security information and event management (SIEM) systems to incorporate new IOCs from ThreatFox and other OSINT feeds will enhance detection capabilities. Employ network segmentation to limit lateral movement in case of infection and enforce strict access controls. Endpoint protection platforms should be configured to detect and block known malware signatures and behaviors. Conduct regular employee training on phishing and social engineering tactics, as these are common malware delivery vectors. Since no patches are available, focus on proactive threat hunting and incident response readiness. Additionally, organizations should subscribe to threat intelligence feeds to stay informed about evolving indicators and tactics related to this malware activity.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- f0d01ee2-1b31-4a55-a418-d6f33c97e3d1
- Original Timestamp
- 1744761788
Indicators of Compromise
Domain
Value | Description | Copy |
---|---|---|
domaincheck.symad.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainuochut.shop | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaingillilandlandscape.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainwww.chamberscertifiedbookkeeping.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domain0k6v5xuhp.localto.net | SpyNote credit card skimming domain (confidence level: 100%) | |
domainamoliera.org | ClearFake payload delivery domain (confidence level: 100%) | |
domainsecurity.flargyard.com | ClearFake payload delivery domain (confidence level: 100%) | |
domaingoclouder.com | ClearFake payload delivery domain (confidence level: 100%) | |
domainanalytiwave.com | ClearFake payload delivery domain (confidence level: 100%) | |
domainsecurity.secuclauf.com | ClearFake payload delivery domain (confidence level: 100%) | |
domainamoliera.com | ClearFake payload delivery domain (confidence level: 100%) | |
domaincore.amoliera.com | ClearFake payload delivery domain (confidence level: 100%) | |
domainamoliera.info | ClearFake payload delivery domain (confidence level: 100%) | |
domaincore.amoliera.info | ClearFake payload delivery domain (confidence level: 100%) | |
domaincore.amoliera.org | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.qevub.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.wyzof.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainoutlook.trpeiprzak.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincdn.trpeiprzak.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainwww.mail-googlservice.site | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainmyaccount.mail-googlservice.site | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainmail.aa.104-168-101-27.cprapid.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainvvrn.akkba.cloud | Rhadamanthys botnet C2 domain (confidence level: 100%) | |
domainlogging.intuitupdate-us.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainassets.intuitivaccountants.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainplugin.intuitupdate-us.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainaccounts.intuitupdate-us.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainmail.mail-googlservice.site | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincheck.pilod.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainb.surfaceconsoling.makeup | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domaincheck.tumyr.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainfair-functionality.gl.at.ply.gg | DCRat botnet C2 domain (confidence level: 50%) | |
domainfotamene.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainhumisnee.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver1.2makestorage.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver1.fotamene.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver1.humisnee.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver1.sndvoices.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver10.2makestorage.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver10.fotamene.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver10.humisnee.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver10.sndvoices.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver2.2makestorage.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver2.fotamene.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver2.humisnee.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver2.sndvoices.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver3.2makestorage.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver3.fotamene.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver3.humisnee.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver3.sndvoices.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver4.2makestorage.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver4.fotamene.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver4.humisnee.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver4.sndvoices.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver5.2makestorage.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver5.fotamene.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver5.humisnee.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver5.sndvoices.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver6.2makestorage.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver6.fotamene.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver6.humisnee.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver6.sndvoices.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver7.2makestorage.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver7.fotamene.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver7.humisnee.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver7.sndvoices.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver8.2makestorage.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver8.fotamene.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver8.humisnee.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver8.sndvoices.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver9.2makestorage.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver9.fotamene.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver9.humisnee.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainserver9.sndvoices.com | Glupteba botnet C2 domain (confidence level: 50%) | |
domainchris1212242-26290.portmap.io | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainaquesolp.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainowlflright.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainqualityow.store | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaindryguitttaow.shop | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaintimerlesssaga.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainiqronrose.top | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainthiefbshadow.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainfoggy-doggy.site | Unknown Stealer botnet C2 domain (confidence level: 50%) | |
domainvelvet5nssrv.shop | Unknown Stealer botnet C2 domain (confidence level: 50%) | |
domaincdn-upload-files.buzz | Unknown Stealer botnet C2 domain (confidence level: 50%) | |
domainbuildit-right.buzz | Unknown Stealer botnet C2 domain (confidence level: 50%) | |
domaingo-cars-cheaprest.cfd | Unknown Stealer botnet C2 domain (confidence level: 50%) | |
domainworld-of-guides.buzz | Unknown Stealer botnet C2 domain (confidence level: 50%) | |
domainsonorous-horizon-cfd.cfd | Unknown Stealer botnet C2 domain (confidence level: 50%) | |
domainip85.215.173.244.pbiaas.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincheck.sinyx.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainmaxbusinessworld.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domaininiii.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domaininiiibk.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainoghupimpim.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainoghupol.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainbackup419.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainql.ap.4t.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainip122.ip-51-195-231.eu | Hook botnet C2 domain (confidence level: 100%) | |
domaincheck.zezar.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainmflowthai.world | Lumma Stealer botnet C2 domain (confidence level: 25%) | |
domaincorreoaergentino.top | Lumma Stealer botnet C2 domain (confidence level: 25%) | |
domaincorreoargenetino.top | Lumma Stealer botnet C2 domain (confidence level: 25%) | |
domainstrange-spence.51-195-231-122.plesk.page | Hook botnet C2 domain (confidence level: 100%) | |
domainobjective-mayer.51-195-231-122.plesk.page | Hook botnet C2 domain (confidence level: 100%) | |
domainphpmyadmin.carsrpg.online | Havoc botnet C2 domain (confidence level: 100%) | |
domaincheck.lukus.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainmrhelwans.giize.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainecs-124-70-142-36.compute.hwclouds-dns.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainshop.nongfushan.org | Cobalt Strike botnet C2 domain (confidence level: 75%) |
Url
Value | Description | Copy |
---|---|---|
urlhttps://uochut.shop/help/loop.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://uochut.shop/help/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://uochut.shop/help/ops.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://gillilandlandscape.com/winston.zip | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://westrosei.live/agoz | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://amssh.co/windows | powershell_web_backdoor payload delivery URL (confidence level: 100%) | |
urlhttps://amssh.co/spotify | powershell_web_backdoor payload delivery URL (confidence level: 100%) | |
urlhttps://check.pilod.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://198.50.242.157:442/pages/login.php | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://ins.sg/office | powershell_web_backdoor payload delivery URL (confidence level: 100%) | |
urlhttps://getli.cc/capcut | powershell_web_backdoor payload delivery URL (confidence level: 100%) | |
urlhttps://b.surfaceconsoling.makeup/d6d0c07fe5ee8c61f23e1cf95c5035fc | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://check.tumyr.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://partner-id3695.com/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://85.198.109.144/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://www.lllyoutube.com/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://consume-policy.com/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://twitch.wales/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://login-safelink.com/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://pastebin.com/raw/ttvmd42u | AsyncRAT botnet C2 (confidence level: 50%) | |
urlhttps://2makestorage.com | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://fotamene.com | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://fotamene.com/app/app.exe | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://humisnee.com/sb.php | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://humisnee.com/sbmstart.php | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://sndvoices.com | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://sndvoices.com/api/install-failure | Glupteba botnet C2 (confidence level: 50%) | |
urlhttp://kbcximoaqhffxnm.top/1.php?s=527 | MintsLoader botnet C2 (confidence level: 100%) | |
urlhttp://5.252.153.120:3000/log | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttps://check.sinyx.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://microsoft.com/up | ACR Stealer botnet C2 (confidence level: 100%) | |
urlhttps://redbluezone.com/diagnostics.php | Satacom botnet C2 (confidence level: 100%) | |
urlhttps://ochangeaie.top/geps | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://1zestmodp.top/zeda | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://192.168.211.130:5566/w8lb | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttps://1travewlio.shop/znxbhi | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://fsighbtseeing.shop/asjnzh | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://r1qesccapewz.run/ansbwqy | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ql.ap.4t.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://check.zezar.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://proenhann.digital/thnb | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://tclarmodq.top/qoxo | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://check.babuc.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.lukus.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.vegyt.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) |
File
Value | Description | Copy |
---|---|---|
file94.158.245.66 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file185.239.48.173 | Bashlite botnet C2 server (confidence level: 75%) | |
file207.244.199.46 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.197.239.109 | NjRAT botnet C2 server (confidence level: 75%) | |
file192.142.18.214 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file198.167.198.12 | Remcos botnet C2 server (confidence level: 100%) | |
file207.148.37.85 | ShadowPad botnet C2 server (confidence level: 90%) | |
file207.148.37.86 | ShadowPad botnet C2 server (confidence level: 90%) | |
file176.65.142.245 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file174.138.8.142 | Unknown malware botnet C2 server (confidence level: 100%) | |
file66.63.187.42 | Havoc botnet C2 server (confidence level: 100%) | |
file31.57.228.28 | Havoc botnet C2 server (confidence level: 100%) | |
file186.169.93.49 | DCRat botnet C2 server (confidence level: 100%) | |
file192.142.18.214 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file3.14.153.229 | Sliver botnet C2 server (confidence level: 90%) | |
file13.251.254.197 | Hook botnet C2 server (confidence level: 100%) | |
file3.36.76.212 | Havoc botnet C2 server (confidence level: 100%) | |
file45.94.31.18 | DCRat botnet C2 server (confidence level: 100%) | |
file38.49.40.240 | DCRat botnet C2 server (confidence level: 100%) | |
file185.235.137.237 | Ares botnet C2 server (confidence level: 90%) | |
file107.149.255.14 | Unknown malware botnet C2 server (confidence level: 100%) | |
file152.203.23.21 | Unknown malware botnet C2 server (confidence level: 100%) | |
file16.171.195.51 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.82.92.185 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.195.225.167 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.201.216.188 | Unknown malware botnet C2 server (confidence level: 100%) | |
file129.146.74.84 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.75.125.53 | Unknown malware botnet C2 server (confidence level: 100%) | |
file193.43.72.177 | Unknown malware botnet C2 server (confidence level: 100%) | |
file65.109.110.239 | Unknown malware botnet C2 server (confidence level: 100%) | |
file65.108.245.62 | Unknown malware botnet C2 server (confidence level: 100%) | |
file216.238.88.13 | Unknown malware botnet C2 server (confidence level: 100%) | |
file37.187.190.46 | Unknown malware botnet C2 server (confidence level: 100%) | |
file196.251.71.155 | Remcos botnet C2 server (confidence level: 100%) | |
file193.142.146.70 | Remcos botnet C2 server (confidence level: 100%) | |
file179.61.237.133 | Remcos botnet C2 server (confidence level: 100%) | |
file209.94.63.205 | Sliver botnet C2 server (confidence level: 100%) | |
file35.183.81.251 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file144.172.73.78 | Unknown malware botnet C2 server (confidence level: 100%) | |
file59.92.163.151 | Mirai botnet C2 server (confidence level: 75%) | |
file117.212.166.143 | Mirai botnet C2 server (confidence level: 75%) | |
file139.99.133.178 | Mirai botnet C2 server (confidence level: 75%) | |
file148.64.64.237 | Mirai botnet C2 server (confidence level: 75%) | |
file77.163.38.24 | Mirai botnet C2 server (confidence level: 75%) | |
file138.201.253.6 | Mirai botnet C2 server (confidence level: 75%) | |
file104.131.117.190 | Mirai botnet C2 server (confidence level: 75%) | |
file46.232.210.29 | Mirai botnet C2 server (confidence level: 75%) | |
file84.53.216.128 | Mirai botnet C2 server (confidence level: 75%) | |
file123.56.185.43 | Mirai botnet C2 server (confidence level: 75%) | |
file117.195.84.95 | Mirai botnet C2 server (confidence level: 75%) | |
file112.246.160.45 | Mirai botnet C2 server (confidence level: 75%) | |
file222.133.85.137 | Mirai botnet C2 server (confidence level: 75%) | |
file120.85.93.244 | Mirai botnet C2 server (confidence level: 75%) | |
file113.25.209.204 | Mirai botnet C2 server (confidence level: 75%) | |
file111.182.234.93 | Mirai botnet C2 server (confidence level: 75%) | |
file177.91.21.88 | Mirai botnet C2 server (confidence level: 75%) | |
file112.121.151.104 | Mirai botnet C2 server (confidence level: 75%) | |
file59.99.197.255 | Mirai botnet C2 server (confidence level: 75%) | |
file39.89.147.248 | Mirai botnet C2 server (confidence level: 75%) | |
file115.63.251.69 | Mirai botnet C2 server (confidence level: 75%) | |
file27.194.84.29 | Mirai botnet C2 server (confidence level: 75%) | |
file27.202.255.111 | Mirai botnet C2 server (confidence level: 75%) | |
file113.9.125.219 | Mirai botnet C2 server (confidence level: 75%) | |
file91.239.77.159 | Mirai botnet C2 server (confidence level: 75%) | |
file188.209.56.7 | Mirai botnet C2 server (confidence level: 75%) | |
file188.209.56.49 | Mirai botnet C2 server (confidence level: 75%) | |
file59.92.161.114 | Mirai botnet C2 server (confidence level: 75%) | |
file178.72.75.241 | Mirai botnet C2 server (confidence level: 75%) | |
file185.107.95.68 | Mirai botnet C2 server (confidence level: 75%) | |
file200.73.138.20 | Mirai botnet C2 server (confidence level: 75%) | |
file116.68.97.58 | Mirai botnet C2 server (confidence level: 75%) | |
file59.89.220.90 | Mirai botnet C2 server (confidence level: 75%) | |
file107.172.8.26 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file78.141.215.160 | Sliver botnet C2 server (confidence level: 50%) | |
file62.146.176.213 | Sliver botnet C2 server (confidence level: 50%) | |
file52.143.174.249 | Sliver botnet C2 server (confidence level: 50%) | |
file150.109.63.104 | Sliver botnet C2 server (confidence level: 50%) | |
file116.205.242.143 | Sliver botnet C2 server (confidence level: 50%) | |
file146.56.229.98 | Sliver botnet C2 server (confidence level: 50%) | |
file172.234.198.96 | Unknown malware botnet C2 server (confidence level: 50%) | |
file49.13.158.110 | Unknown malware botnet C2 server (confidence level: 50%) | |
file54.226.119.204 | Unknown malware botnet C2 server (confidence level: 50%) | |
file162.254.86.108 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
file44.204.188.88 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file91.4.39.122 | Ghost RAT botnet C2 server (confidence level: 50%) | |
file141.164.61.89 | Kimsuky botnet C2 server (confidence level: 50%) | |
file196.251.73.58 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file216.9.225.163 | Remcos botnet C2 server (confidence level: 50%) | |
file182.92.124.142 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file182.92.124.142 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.138.176.66 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.249.42.68 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.75.19.90 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file196.251.72.108 | Remcos botnet C2 server (confidence level: 100%) | |
file198.144.189.79 | Remcos botnet C2 server (confidence level: 100%) | |
file185.208.158.139 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.73.189 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file82.147.85.160 | Hook botnet C2 server (confidence level: 100%) | |
file194.59.30.50 | Unknown malware botnet C2 server (confidence level: 100%) | |
file148.113.214.176 | Remcos botnet C2 server (confidence level: 75%) | |
file156.245.27.190 | Sliver botnet C2 server (confidence level: 75%) | |
file156.245.27.190 | Sliver botnet C2 server (confidence level: 75%) | |
file34.16.57.191 | BianLian botnet C2 server (confidence level: 75%) | |
file39.108.142.219 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file98.177.107.142 | Meterpreter botnet C2 server (confidence level: 75%) | |
file47.111.102.202 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.236.228.9 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.108.229.121 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.75.217.30 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.236.231.64 | Remcos botnet C2 server (confidence level: 75%) | |
file45.81.115.40 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file5.252.153.120 | Unknown Loader botnet C2 server (confidence level: 75%) | |
file95.164.53.146 | Unknown Loader botnet C2 server (confidence level: 75%) | |
file206.123.152.36 | XWorm botnet C2 server (confidence level: 75%) | |
file104.168.7.12 | Houdini botnet C2 server (confidence level: 75%) | |
file196.251.85.180 | Remcos botnet C2 server (confidence level: 75%) | |
file185.157.162.21 | Remcos botnet C2 server (confidence level: 75%) | |
file192.169.69.26 | Remcos botnet C2 server (confidence level: 75%) | |
file216.9.225.168 | Remcos botnet C2 server (confidence level: 75%) | |
file216.9.225.168 | Remcos botnet C2 server (confidence level: 75%) | |
file147.124.216.223 | Remcos botnet C2 server (confidence level: 75%) | |
file196.251.89.167 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file120.27.235.78 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.27.235.78 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.9.226.185 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file146.56.229.98 | Sliver botnet C2 server (confidence level: 100%) | |
file64.176.50.187 | ShadowPad botnet C2 server (confidence level: 90%) | |
file45.141.233.154 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file149.28.174.215 | Havoc botnet C2 server (confidence level: 100%) | |
file188.166.205.148 | Havoc botnet C2 server (confidence level: 100%) | |
file13.251.44.61 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file35.180.232.55 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file35.180.232.55 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file143.244.167.164 | Bashlite botnet C2 server (confidence level: 100%) | |
file38.49.42.212 | XWorm botnet C2 server (confidence level: 100%) | |
file176.34.84.216 | BianLian botnet C2 server (confidence level: 100%) | |
file146.235.38.234 | SpyNote botnet C2 server (confidence level: 100%) | |
file135.119.90.211 | Unknown malware botnet C2 server (confidence level: 100%) | |
file20.163.14.102 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.89.124.211 | Unknown malware botnet C2 server (confidence level: 100%) | |
file198.235.24.162 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.250.189.199 | Lumma Stealer botnet C2 server (confidence level: 25%) | |
file47.250.189.199 | Lumma Stealer botnet C2 server (confidence level: 25%) | |
file47.250.189.199 | Lumma Stealer botnet C2 server (confidence level: 25%) | |
file88.240.210.241 | DarkComet botnet C2 server (confidence level: 100%) | |
file49.0.243.129 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file3.125.40.198 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.70.137.116 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.111.150.197 | Remcos botnet C2 server (confidence level: 100%) | |
file194.59.31.217 | Remcos botnet C2 server (confidence level: 100%) | |
file217.64.149.45 | Remcos botnet C2 server (confidence level: 100%) | |
file176.65.134.159 | Hook botnet C2 server (confidence level: 100%) | |
file13.60.67.41 | Hook botnet C2 server (confidence level: 100%) | |
file34.134.221.76 | Havoc botnet C2 server (confidence level: 100%) | |
file47.83.134.97 | Havoc botnet C2 server (confidence level: 100%) | |
file165.22.248.142 | Havoc botnet C2 server (confidence level: 100%) | |
file143.92.36.191 | DCRat botnet C2 server (confidence level: 100%) | |
file143.92.36.187 | DCRat botnet C2 server (confidence level: 100%) | |
file20.197.224.169 | DCRat botnet C2 server (confidence level: 100%) | |
file15.207.247.17 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file15.236.90.232 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file106.15.6.181 | Vshell botnet C2 server (confidence level: 100%) | |
file88.214.27.89 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file104.21.83.121 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file134.175.253.33 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file107.150.0.72 | Remcos botnet C2 server (confidence level: 100%) | |
file13.60.34.23 | Sliver botnet C2 server (confidence level: 100%) | |
file144.172.92.114 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.141.233.154 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file64.226.94.119 | Unknown malware botnet C2 server (confidence level: 100%) | |
file95.182.100.3 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.145.42.103 | Venom RAT botnet C2 server (confidence level: 100%) | |
file3.238.57.178 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file34.30.196.214 | Unknown malware botnet C2 server (confidence level: 100%) | |
file116.176.35.3 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file166.88.55.133 | DOPLUGS botnet C2 server (confidence level: 100%) | |
file62.60.226.9 | Stealc botnet C2 server (confidence level: 75%) | |
file66.9.169.170 | QakBot botnet C2 server (confidence level: 75%) | |
file70.27.138.189 | QakBot botnet C2 server (confidence level: 75%) | |
file78.176.228.39 | QakBot botnet C2 server (confidence level: 75%) | |
file8.130.171.18 | Havoc botnet C2 server (confidence level: 75%) | |
file120.27.235.78 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Hash
Value | Description | Copy |
---|---|---|
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash4258 | Bashlite botnet C2 server (confidence level: 75%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash11862 | NjRAT botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8817 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash963 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8090 | DCRat botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 90%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | DCRat botnet C2 server (confidence level: 100%) | |
hash8888 | DCRat botnet C2 server (confidence level: 100%) | |
hash24156 | Ares botnet C2 server (confidence level: 90%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8088 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1194 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash56004 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash4443 | Sliver botnet C2 server (confidence level: 100%) | |
hash37913 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8090 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6881 | Mirai botnet C2 server (confidence level: 75%) | |
hash6881 | Mirai botnet C2 server (confidence level: 75%) | |
hash6881 | Mirai botnet C2 server (confidence level: 75%) | |
hash6881 | Mirai botnet C2 server (confidence level: 75%) | |
hash51417 | Mirai botnet C2 server (confidence level: 75%) | |
hash51413 | Mirai botnet C2 server (confidence level: 75%) | |
hash51413 | Mirai botnet C2 server (confidence level: 75%) | |
hash12509 | Mirai botnet C2 server (confidence level: 75%) | |
hash3585 | Mirai botnet C2 server (confidence level: 75%) | |
hash9150 | Mirai botnet C2 server (confidence level: 75%) | |
hash20759 | Mirai botnet C2 server (confidence level: 75%) | |
hash8000 | Mirai botnet C2 server (confidence level: 75%) | |
hash8000 | Mirai botnet C2 server (confidence level: 75%) | |
hash15122 | Mirai botnet C2 server (confidence level: 75%) | |
hash30301 | Mirai botnet C2 server (confidence level: 75%) | |
hash30301 | Mirai botnet C2 server (confidence level: 75%) | |
hash34110 | Mirai botnet C2 server (confidence level: 75%) | |
hash1434 | Mirai botnet C2 server (confidence level: 75%) | |
hash57616 | Mirai botnet C2 server (confidence level: 75%) | |
hash8082 | Mirai botnet C2 server (confidence level: 75%) | |
hash8082 | Mirai botnet C2 server (confidence level: 75%) | |
hash8081 | Mirai botnet C2 server (confidence level: 75%) | |
hash8081 | Mirai botnet C2 server (confidence level: 75%) | |
hash14204 | Mirai botnet C2 server (confidence level: 75%) | |
hash28820 | Mirai botnet C2 server (confidence level: 75%) | |
hash28046 | Mirai botnet C2 server (confidence level: 75%) | |
hash28100 | Mirai botnet C2 server (confidence level: 75%) | |
hash56652 | Mirai botnet C2 server (confidence level: 75%) | |
hash18970 | Mirai botnet C2 server (confidence level: 75%) | |
hash28109 | Mirai botnet C2 server (confidence level: 75%) | |
hash34156 | Mirai botnet C2 server (confidence level: 75%) | |
hash6256 | Mirai botnet C2 server (confidence level: 75%) | |
hash48489 | Mirai botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash10443 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
hash4150 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash80 | Ghost RAT botnet C2 server (confidence level: 50%) | |
hash443 | Kimsuky botnet C2 server (confidence level: 50%) | |
hash2443 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash34040 | Remcos botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1080 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2409 | Remcos botnet C2 server (confidence level: 75%) | |
hash20931 | Sliver botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | BianLian botnet C2 server (confidence level: 75%) | |
hash46886 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash60445 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1089 | Remcos botnet C2 server (confidence level: 75%) | |
hash1951 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash3000 | Unknown Loader botnet C2 server (confidence level: 75%) | |
hash3000 | Unknown Loader botnet C2 server (confidence level: 75%) | |
hash3977 | XWorm botnet C2 server (confidence level: 75%) | |
hash6892 | Houdini botnet C2 server (confidence level: 75%) | |
hash4098 | Remcos botnet C2 server (confidence level: 75%) | |
hash59111 | Remcos botnet C2 server (confidence level: 75%) | |
hash57376 | Remcos botnet C2 server (confidence level: 75%) | |
hash13405 | Remcos botnet C2 server (confidence level: 75%) | |
hash13406 | Remcos botnet C2 server (confidence level: 75%) | |
hash5577 | Remcos botnet C2 server (confidence level: 75%) | |
hash100 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash6667 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash101 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash7001 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash23 | Bashlite botnet C2 server (confidence level: 100%) | |
hash80 | XWorm botnet C2 server (confidence level: 100%) | |
hash443 | BianLian botnet C2 server (confidence level: 100%) | |
hash6266 | SpyNote botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash57338 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash32724 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Lumma Stealer botnet C2 server (confidence level: 25%) | |
hash22 | Lumma Stealer botnet C2 server (confidence level: 25%) | |
hash443 | Lumma Stealer botnet C2 server (confidence level: 25%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash83 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3872 | Remcos botnet C2 server (confidence level: 100%) | |
hash17527 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash3389 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | DCRat botnet C2 server (confidence level: 100%) | |
hash443 | DCRat botnet C2 server (confidence level: 100%) | |
hash6000 | DCRat botnet C2 server (confidence level: 100%) | |
hash58603 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash771 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8082 | Vshell botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash1521 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8000 | Sliver botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8080 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2222 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash2281 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4506 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DOPLUGS botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash2222 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash8080 | Havoc botnet C2 server (confidence level: 75%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Threat ID: 68367c98182aa0cae231f107
Added to database: 5/28/2025, 3:01:44 AM
Last enriched: 6/27/2025, 10:51:12 AM
Last updated: 8/1/2025, 3:29:40 AM
Views: 11
Related Threats
ThreatFox IOCs for 2025-08-17
MediumThreatFox IOCs for 2025-08-16
MediumScammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumThreatFox IOCs for 2025-08-15
MediumThreat Actor Profile: Interlock Ransomware
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.