Skip to main content

ThreatFox IOCs for 2025-04-15

Medium
Published: Tue Apr 15 2025 (04/15/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-04-15

AI-Powered Analysis

AILast updated: 06/27/2025, 10:51:12 UTC

Technical Analysis

The provided information describes a set of Indicators of Compromise (IOCs) related to malware activity, published on April 15, 2025, sourced from the ThreatFox MISP feed. The threat is categorized under OSINT (Open Source Intelligence), payload delivery, and network activity, indicating that it involves malware distribution and network-based operations. However, no specific affected software versions or products are listed, and no known exploits in the wild have been reported. The threat level is indicated as medium (threatLevel: 2), with moderate distribution (3) and minimal analysis (1) available. The absence of detailed technical indicators or CWEs (Common Weakness Enumerations) limits the granularity of the analysis. The threat appears to be a general malware campaign or activity monitored through OSINT channels, focusing on network-based payload delivery mechanisms. The lack of patch availability suggests that this is not a vulnerability in software but rather a malware threat relying on existing attack vectors. The TLP (Traffic Light Protocol) white tag indicates that the information is publicly shareable without restriction. Overall, this threat represents a medium-level malware campaign with network activity and payload delivery components, but with limited technical details and no direct exploit or vulnerability identified.

Potential Impact

For European organizations, this malware-related threat could result in unauthorized payload delivery and network compromise, potentially leading to data exfiltration, disruption of services, or lateral movement within networks. Given the lack of specific affected products or versions, the impact is likely broad but nonspecific, affecting organizations that may be targeted through network-based malware delivery methods. The medium severity suggests that while the threat is credible, it may not currently be widespread or highly sophisticated. However, European entities with critical infrastructure or sensitive data could face operational disruptions or confidentiality breaches if targeted. The absence of known exploits in the wild reduces immediate risk but does not eliminate the potential for future exploitation or targeted attacks leveraging these IOCs. Organizations relying on network perimeter defenses and endpoint security should remain vigilant to detect and mitigate payload delivery attempts associated with this threat.

Mitigation Recommendations

Given the nature of this threat as a malware campaign with network activity, European organizations should implement advanced network monitoring and intrusion detection systems capable of identifying unusual payload delivery patterns. Regularly updating and tuning security information and event management (SIEM) systems to incorporate new IOCs from ThreatFox and other OSINT feeds will enhance detection capabilities. Employ network segmentation to limit lateral movement in case of infection and enforce strict access controls. Endpoint protection platforms should be configured to detect and block known malware signatures and behaviors. Conduct regular employee training on phishing and social engineering tactics, as these are common malware delivery vectors. Since no patches are available, focus on proactive threat hunting and incident response readiness. Additionally, organizations should subscribe to threat intelligence feeds to stay informed about evolving indicators and tactics related to this malware activity.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
f0d01ee2-1b31-4a55-a418-d6f33c97e3d1
Original Timestamp
1744761788

Indicators of Compromise

Domain

ValueDescriptionCopy
domaincheck.symad.icu
ClearFake payload delivery domain (confidence level: 100%)
domainuochut.shop
FAKEUPDATES payload delivery domain (confidence level: 100%)
domaingillilandlandscape.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainwww.chamberscertifiedbookkeeping.com
FAKEUPDATES botnet C2 domain (confidence level: 100%)
domain0k6v5xuhp.localto.net
SpyNote credit card skimming domain (confidence level: 100%)
domainamoliera.org
ClearFake payload delivery domain (confidence level: 100%)
domainsecurity.flargyard.com
ClearFake payload delivery domain (confidence level: 100%)
domaingoclouder.com
ClearFake payload delivery domain (confidence level: 100%)
domainanalytiwave.com
ClearFake payload delivery domain (confidence level: 100%)
domainsecurity.secuclauf.com
ClearFake payload delivery domain (confidence level: 100%)
domainamoliera.com
ClearFake payload delivery domain (confidence level: 100%)
domaincore.amoliera.com
ClearFake payload delivery domain (confidence level: 100%)
domainamoliera.info
ClearFake payload delivery domain (confidence level: 100%)
domaincore.amoliera.info
ClearFake payload delivery domain (confidence level: 100%)
domaincore.amoliera.org
ClearFake payload delivery domain (confidence level: 100%)
domaincheck.qevub.icu
ClearFake payload delivery domain (confidence level: 100%)
domaincheck.wyzof.icu
ClearFake payload delivery domain (confidence level: 100%)
domainoutlook.trpeiprzak.com
Unknown malware botnet C2 domain (confidence level: 100%)
domaincdn.trpeiprzak.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainwww.mail-googlservice.site
Unknown malware botnet C2 domain (confidence level: 100%)
domainmyaccount.mail-googlservice.site
Unknown malware botnet C2 domain (confidence level: 100%)
domainmail.aa.104-168-101-27.cprapid.com
Bashlite botnet C2 domain (confidence level: 100%)
domainvvrn.akkba.cloud
Rhadamanthys botnet C2 domain (confidence level: 100%)
domainlogging.intuitupdate-us.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainassets.intuitivaccountants.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainplugin.intuitupdate-us.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainaccounts.intuitupdate-us.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainmail.mail-googlservice.site
Unknown malware botnet C2 domain (confidence level: 100%)
domaincheck.pilod.icu
ClearFake payload delivery domain (confidence level: 100%)
domainb.surfaceconsoling.makeup
Lumma Stealer payload delivery domain (confidence level: 100%)
domaincheck.tumyr.icu
ClearFake payload delivery domain (confidence level: 100%)
domainfair-functionality.gl.at.ply.gg
DCRat botnet C2 domain (confidence level: 50%)
domainfotamene.com
Glupteba botnet C2 domain (confidence level: 50%)
domainhumisnee.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver1.2makestorage.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver1.fotamene.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver1.humisnee.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver1.sndvoices.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver10.2makestorage.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver10.fotamene.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver10.humisnee.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver10.sndvoices.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver2.2makestorage.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver2.fotamene.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver2.humisnee.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver2.sndvoices.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver3.2makestorage.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver3.fotamene.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver3.humisnee.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver3.sndvoices.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver4.2makestorage.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver4.fotamene.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver4.humisnee.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver4.sndvoices.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver5.2makestorage.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver5.fotamene.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver5.humisnee.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver5.sndvoices.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver6.2makestorage.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver6.fotamene.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver6.humisnee.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver6.sndvoices.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver7.2makestorage.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver7.fotamene.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver7.humisnee.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver7.sndvoices.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver8.2makestorage.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver8.fotamene.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver8.humisnee.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver8.sndvoices.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver9.2makestorage.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver9.fotamene.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver9.humisnee.com
Glupteba botnet C2 domain (confidence level: 50%)
domainserver9.sndvoices.com
Glupteba botnet C2 domain (confidence level: 50%)
domainchris1212242-26290.portmap.io
Quasar RAT botnet C2 domain (confidence level: 50%)
domainaquesolp.run
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainowlflright.digital
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainqualityow.store
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaindryguitttaow.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaintimerlesssaga.run
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainiqronrose.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainthiefbshadow.run
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainfoggy-doggy.site
Unknown Stealer botnet C2 domain (confidence level: 50%)
domainvelvet5nssrv.shop
Unknown Stealer botnet C2 domain (confidence level: 50%)
domaincdn-upload-files.buzz
Unknown Stealer botnet C2 domain (confidence level: 50%)
domainbuildit-right.buzz
Unknown Stealer botnet C2 domain (confidence level: 50%)
domaingo-cars-cheaprest.cfd
Unknown Stealer botnet C2 domain (confidence level: 50%)
domainworld-of-guides.buzz
Unknown Stealer botnet C2 domain (confidence level: 50%)
domainsonorous-horizon-cfd.cfd
Unknown Stealer botnet C2 domain (confidence level: 50%)
domainip85.215.173.244.pbiaas.com
Havoc botnet C2 domain (confidence level: 100%)
domaincheck.sinyx.icu
ClearFake payload delivery domain (confidence level: 100%)
domainmaxbusinessworld.duckdns.org
XWorm botnet C2 domain (confidence level: 100%)
domaininiii.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domaininiiibk.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainoghupimpim.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainoghupol.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainbackup419.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainql.ap.4t.com
Vidar botnet C2 domain (confidence level: 100%)
domainip122.ip-51-195-231.eu
Hook botnet C2 domain (confidence level: 100%)
domaincheck.zezar.icu
ClearFake payload delivery domain (confidence level: 100%)
domainmflowthai.world
Lumma Stealer botnet C2 domain (confidence level: 25%)
domaincorreoaergentino.top
Lumma Stealer botnet C2 domain (confidence level: 25%)
domaincorreoargenetino.top
Lumma Stealer botnet C2 domain (confidence level: 25%)
domainstrange-spence.51-195-231-122.plesk.page
Hook botnet C2 domain (confidence level: 100%)
domainobjective-mayer.51-195-231-122.plesk.page
Hook botnet C2 domain (confidence level: 100%)
domainphpmyadmin.carsrpg.online
Havoc botnet C2 domain (confidence level: 100%)
domaincheck.lukus.icu
ClearFake payload delivery domain (confidence level: 100%)
domainmrhelwans.giize.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainecs-124-70-142-36.compute.hwclouds-dns.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainshop.nongfushan.org
Cobalt Strike botnet C2 domain (confidence level: 75%)

Url

ValueDescriptionCopy
urlhttps://uochut.shop/help/loop.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://uochut.shop/help/index.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://uochut.shop/help/ops.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://gillilandlandscape.com/winston.zip
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://westrosei.live/agoz
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://amssh.co/windows
powershell_web_backdoor payload delivery URL (confidence level: 100%)
urlhttps://amssh.co/spotify
powershell_web_backdoor payload delivery URL (confidence level: 100%)
urlhttps://check.pilod.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttp://198.50.242.157:442/pages/login.php
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://ins.sg/office
powershell_web_backdoor payload delivery URL (confidence level: 100%)
urlhttps://getli.cc/capcut
powershell_web_backdoor payload delivery URL (confidence level: 100%)
urlhttps://b.surfaceconsoling.makeup/d6d0c07fe5ee8c61f23e1cf95c5035fc
Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://check.tumyr.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://partner-id3695.com/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://85.198.109.144/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://www.lllyoutube.com/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://consume-policy.com/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://twitch.wales/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://login-safelink.com/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://pastebin.com/raw/ttvmd42u
AsyncRAT botnet C2 (confidence level: 50%)
urlhttps://2makestorage.com
Glupteba botnet C2 (confidence level: 50%)
urlhttps://fotamene.com
Glupteba botnet C2 (confidence level: 50%)
urlhttps://fotamene.com/app/app.exe
Glupteba botnet C2 (confidence level: 50%)
urlhttps://humisnee.com/sb.php
Glupteba botnet C2 (confidence level: 50%)
urlhttps://humisnee.com/sbmstart.php
Glupteba botnet C2 (confidence level: 50%)
urlhttps://sndvoices.com
Glupteba botnet C2 (confidence level: 50%)
urlhttps://sndvoices.com/api/install-failure
Glupteba botnet C2 (confidence level: 50%)
urlhttp://kbcximoaqhffxnm.top/1.php?s=527
MintsLoader botnet C2 (confidence level: 100%)
urlhttp://5.252.153.120:3000/log
Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://check.sinyx.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttp://microsoft.com/up
ACR Stealer botnet C2 (confidence level: 100%)
urlhttps://redbluezone.com/diagnostics.php
Satacom botnet C2 (confidence level: 100%)
urlhttps://ochangeaie.top/geps
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://1zestmodp.top/zeda
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://192.168.211.130:5566/w8lb
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttps://1travewlio.shop/znxbhi
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://fsighbtseeing.shop/asjnzh
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://r1qesccapewz.run/ansbwqy
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ql.ap.4t.com/
Vidar botnet C2 (confidence level: 100%)
urlhttps://check.zezar.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://proenhann.digital/thnb
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://tclarmodq.top/qoxo
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://check.babuc.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.lukus.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.vegyt.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)

File

ValueDescriptionCopy
file94.158.245.66
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file185.239.48.173
Bashlite botnet C2 server (confidence level: 75%)
file207.244.199.46
Unknown malware botnet C2 server (confidence level: 100%)
file18.197.239.109
NjRAT botnet C2 server (confidence level: 75%)
file192.142.18.214
Cobalt Strike botnet C2 server (confidence level: 100%)
file198.167.198.12
Remcos botnet C2 server (confidence level: 100%)
file207.148.37.85
ShadowPad botnet C2 server (confidence level: 90%)
file207.148.37.86
ShadowPad botnet C2 server (confidence level: 90%)
file176.65.142.245
AsyncRAT botnet C2 server (confidence level: 100%)
file174.138.8.142
Unknown malware botnet C2 server (confidence level: 100%)
file66.63.187.42
Havoc botnet C2 server (confidence level: 100%)
file31.57.228.28
Havoc botnet C2 server (confidence level: 100%)
file186.169.93.49
DCRat botnet C2 server (confidence level: 100%)
file192.142.18.214
Cobalt Strike botnet C2 server (confidence level: 75%)
file3.14.153.229
Sliver botnet C2 server (confidence level: 90%)
file13.251.254.197
Hook botnet C2 server (confidence level: 100%)
file3.36.76.212
Havoc botnet C2 server (confidence level: 100%)
file45.94.31.18
DCRat botnet C2 server (confidence level: 100%)
file38.49.40.240
DCRat botnet C2 server (confidence level: 100%)
file185.235.137.237
Ares botnet C2 server (confidence level: 90%)
file107.149.255.14
Unknown malware botnet C2 server (confidence level: 100%)
file152.203.23.21
Unknown malware botnet C2 server (confidence level: 100%)
file16.171.195.51
Unknown malware botnet C2 server (confidence level: 100%)
file35.82.92.185
Unknown malware botnet C2 server (confidence level: 100%)
file18.195.225.167
Unknown malware botnet C2 server (confidence level: 100%)
file45.201.216.188
Unknown malware botnet C2 server (confidence level: 100%)
file129.146.74.84
Unknown malware botnet C2 server (confidence level: 100%)
file51.75.125.53
Unknown malware botnet C2 server (confidence level: 100%)
file193.43.72.177
Unknown malware botnet C2 server (confidence level: 100%)
file65.109.110.239
Unknown malware botnet C2 server (confidence level: 100%)
file65.108.245.62
Unknown malware botnet C2 server (confidence level: 100%)
file216.238.88.13
Unknown malware botnet C2 server (confidence level: 100%)
file37.187.190.46
Unknown malware botnet C2 server (confidence level: 100%)
file196.251.71.155
Remcos botnet C2 server (confidence level: 100%)
file193.142.146.70
Remcos botnet C2 server (confidence level: 100%)
file179.61.237.133
Remcos botnet C2 server (confidence level: 100%)
file209.94.63.205
Sliver botnet C2 server (confidence level: 100%)
file35.183.81.251
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file144.172.73.78
Unknown malware botnet C2 server (confidence level: 100%)
file59.92.163.151
Mirai botnet C2 server (confidence level: 75%)
file117.212.166.143
Mirai botnet C2 server (confidence level: 75%)
file139.99.133.178
Mirai botnet C2 server (confidence level: 75%)
file148.64.64.237
Mirai botnet C2 server (confidence level: 75%)
file77.163.38.24
Mirai botnet C2 server (confidence level: 75%)
file138.201.253.6
Mirai botnet C2 server (confidence level: 75%)
file104.131.117.190
Mirai botnet C2 server (confidence level: 75%)
file46.232.210.29
Mirai botnet C2 server (confidence level: 75%)
file84.53.216.128
Mirai botnet C2 server (confidence level: 75%)
file123.56.185.43
Mirai botnet C2 server (confidence level: 75%)
file117.195.84.95
Mirai botnet C2 server (confidence level: 75%)
file112.246.160.45
Mirai botnet C2 server (confidence level: 75%)
file222.133.85.137
Mirai botnet C2 server (confidence level: 75%)
file120.85.93.244
Mirai botnet C2 server (confidence level: 75%)
file113.25.209.204
Mirai botnet C2 server (confidence level: 75%)
file111.182.234.93
Mirai botnet C2 server (confidence level: 75%)
file177.91.21.88
Mirai botnet C2 server (confidence level: 75%)
file112.121.151.104
Mirai botnet C2 server (confidence level: 75%)
file59.99.197.255
Mirai botnet C2 server (confidence level: 75%)
file39.89.147.248
Mirai botnet C2 server (confidence level: 75%)
file115.63.251.69
Mirai botnet C2 server (confidence level: 75%)
file27.194.84.29
Mirai botnet C2 server (confidence level: 75%)
file27.202.255.111
Mirai botnet C2 server (confidence level: 75%)
file113.9.125.219
Mirai botnet C2 server (confidence level: 75%)
file91.239.77.159
Mirai botnet C2 server (confidence level: 75%)
file188.209.56.7
Mirai botnet C2 server (confidence level: 75%)
file188.209.56.49
Mirai botnet C2 server (confidence level: 75%)
file59.92.161.114
Mirai botnet C2 server (confidence level: 75%)
file178.72.75.241
Mirai botnet C2 server (confidence level: 75%)
file185.107.95.68
Mirai botnet C2 server (confidence level: 75%)
file200.73.138.20
Mirai botnet C2 server (confidence level: 75%)
file116.68.97.58
Mirai botnet C2 server (confidence level: 75%)
file59.89.220.90
Mirai botnet C2 server (confidence level: 75%)
file107.172.8.26
Cobalt Strike botnet C2 server (confidence level: 50%)
file78.141.215.160
Sliver botnet C2 server (confidence level: 50%)
file62.146.176.213
Sliver botnet C2 server (confidence level: 50%)
file52.143.174.249
Sliver botnet C2 server (confidence level: 50%)
file150.109.63.104
Sliver botnet C2 server (confidence level: 50%)
file116.205.242.143
Sliver botnet C2 server (confidence level: 50%)
file146.56.229.98
Sliver botnet C2 server (confidence level: 50%)
file172.234.198.96
Unknown malware botnet C2 server (confidence level: 50%)
file49.13.158.110
Unknown malware botnet C2 server (confidence level: 50%)
file54.226.119.204
Unknown malware botnet C2 server (confidence level: 50%)
file162.254.86.108
Brute Ratel C4 botnet C2 server (confidence level: 50%)
file44.204.188.88
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file91.4.39.122
Ghost RAT botnet C2 server (confidence level: 50%)
file141.164.61.89
Kimsuky botnet C2 server (confidence level: 50%)
file196.251.73.58
AsyncRAT botnet C2 server (confidence level: 50%)
file216.9.225.163
Remcos botnet C2 server (confidence level: 50%)
file182.92.124.142
Cobalt Strike botnet C2 server (confidence level: 100%)
file182.92.124.142
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.138.176.66
Cobalt Strike botnet C2 server (confidence level: 100%)
file123.249.42.68
Cobalt Strike botnet C2 server (confidence level: 100%)
file106.75.19.90
Cobalt Strike botnet C2 server (confidence level: 100%)
file196.251.72.108
Remcos botnet C2 server (confidence level: 100%)
file198.144.189.79
Remcos botnet C2 server (confidence level: 100%)
file185.208.158.139
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.73.189
AsyncRAT botnet C2 server (confidence level: 100%)
file82.147.85.160
Hook botnet C2 server (confidence level: 100%)
file194.59.30.50
Unknown malware botnet C2 server (confidence level: 100%)
file148.113.214.176
Remcos botnet C2 server (confidence level: 75%)
file156.245.27.190
Sliver botnet C2 server (confidence level: 75%)
file156.245.27.190
Sliver botnet C2 server (confidence level: 75%)
file34.16.57.191
BianLian botnet C2 server (confidence level: 75%)
file39.108.142.219
Cobalt Strike botnet C2 server (confidence level: 75%)
file98.177.107.142
Meterpreter botnet C2 server (confidence level: 75%)
file47.111.102.202
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.236.228.9
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.108.229.121
Cobalt Strike botnet C2 server (confidence level: 100%)
file106.75.217.30
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.236.231.64
Remcos botnet C2 server (confidence level: 75%)
file45.81.115.40
AsyncRAT botnet C2 server (confidence level: 75%)
file5.252.153.120
Unknown Loader botnet C2 server (confidence level: 75%)
file95.164.53.146
Unknown Loader botnet C2 server (confidence level: 75%)
file206.123.152.36
XWorm botnet C2 server (confidence level: 75%)
file104.168.7.12
Houdini botnet C2 server (confidence level: 75%)
file196.251.85.180
Remcos botnet C2 server (confidence level: 75%)
file185.157.162.21
Remcos botnet C2 server (confidence level: 75%)
file192.169.69.26
Remcos botnet C2 server (confidence level: 75%)
file216.9.225.168
Remcos botnet C2 server (confidence level: 75%)
file216.9.225.168
Remcos botnet C2 server (confidence level: 75%)
file147.124.216.223
Remcos botnet C2 server (confidence level: 75%)
file196.251.89.167
AsyncRAT botnet C2 server (confidence level: 75%)
file120.27.235.78
Cobalt Strike botnet C2 server (confidence level: 100%)
file120.27.235.78
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.9.226.185
Cobalt Strike botnet C2 server (confidence level: 100%)
file146.56.229.98
Sliver botnet C2 server (confidence level: 100%)
file64.176.50.187
ShadowPad botnet C2 server (confidence level: 90%)
file45.141.233.154
AsyncRAT botnet C2 server (confidence level: 100%)
file149.28.174.215
Havoc botnet C2 server (confidence level: 100%)
file188.166.205.148
Havoc botnet C2 server (confidence level: 100%)
file13.251.44.61
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file35.180.232.55
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file35.180.232.55
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file143.244.167.164
Bashlite botnet C2 server (confidence level: 100%)
file38.49.42.212
XWorm botnet C2 server (confidence level: 100%)
file176.34.84.216
BianLian botnet C2 server (confidence level: 100%)
file146.235.38.234
SpyNote botnet C2 server (confidence level: 100%)
file135.119.90.211
Unknown malware botnet C2 server (confidence level: 100%)
file20.163.14.102
Unknown malware botnet C2 server (confidence level: 100%)
file13.89.124.211
Unknown malware botnet C2 server (confidence level: 100%)
file198.235.24.162
Unknown malware botnet C2 server (confidence level: 100%)
file47.250.189.199
Lumma Stealer botnet C2 server (confidence level: 25%)
file47.250.189.199
Lumma Stealer botnet C2 server (confidence level: 25%)
file47.250.189.199
Lumma Stealer botnet C2 server (confidence level: 25%)
file88.240.210.241
DarkComet botnet C2 server (confidence level: 100%)
file49.0.243.129
Cobalt Strike botnet C2 server (confidence level: 100%)
file3.125.40.198
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.70.137.116
Cobalt Strike botnet C2 server (confidence level: 100%)
file172.111.150.197
Remcos botnet C2 server (confidence level: 100%)
file194.59.31.217
Remcos botnet C2 server (confidence level: 100%)
file217.64.149.45
Remcos botnet C2 server (confidence level: 100%)
file176.65.134.159
Hook botnet C2 server (confidence level: 100%)
file13.60.67.41
Hook botnet C2 server (confidence level: 100%)
file34.134.221.76
Havoc botnet C2 server (confidence level: 100%)
file47.83.134.97
Havoc botnet C2 server (confidence level: 100%)
file165.22.248.142
Havoc botnet C2 server (confidence level: 100%)
file143.92.36.191
DCRat botnet C2 server (confidence level: 100%)
file143.92.36.187
DCRat botnet C2 server (confidence level: 100%)
file20.197.224.169
DCRat botnet C2 server (confidence level: 100%)
file15.207.247.17
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file15.236.90.232
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file106.15.6.181
Vshell botnet C2 server (confidence level: 100%)
file88.214.27.89
Cobalt Strike botnet C2 server (confidence level: 75%)
file104.21.83.121
Cobalt Strike botnet C2 server (confidence level: 75%)
file134.175.253.33
Cobalt Strike botnet C2 server (confidence level: 75%)
file107.150.0.72
Remcos botnet C2 server (confidence level: 100%)
file13.60.34.23
Sliver botnet C2 server (confidence level: 100%)
file144.172.92.114
AsyncRAT botnet C2 server (confidence level: 100%)
file45.141.233.154
AsyncRAT botnet C2 server (confidence level: 100%)
file64.226.94.119
Unknown malware botnet C2 server (confidence level: 100%)
file95.182.100.3
Unknown malware botnet C2 server (confidence level: 100%)
file45.145.42.103
Venom RAT botnet C2 server (confidence level: 100%)
file3.238.57.178
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file34.30.196.214
Unknown malware botnet C2 server (confidence level: 100%)
file116.176.35.3
DeimosC2 botnet C2 server (confidence level: 75%)
file166.88.55.133
DOPLUGS botnet C2 server (confidence level: 100%)
file62.60.226.9
Stealc botnet C2 server (confidence level: 75%)
file66.9.169.170
QakBot botnet C2 server (confidence level: 75%)
file70.27.138.189
QakBot botnet C2 server (confidence level: 75%)
file78.176.228.39
QakBot botnet C2 server (confidence level: 75%)
file8.130.171.18
Havoc botnet C2 server (confidence level: 75%)
file120.27.235.78
Cobalt Strike botnet C2 server (confidence level: 75%)

Hash

ValueDescriptionCopy
hash443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash4258
Bashlite botnet C2 server (confidence level: 75%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash11862
NjRAT botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8817
Remcos botnet C2 server (confidence level: 100%)
hash443
ShadowPad botnet C2 server (confidence level: 90%)
hash443
ShadowPad botnet C2 server (confidence level: 90%)
hash963
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash8090
DCRat botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Sliver botnet C2 server (confidence level: 90%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash80
DCRat botnet C2 server (confidence level: 100%)
hash8888
DCRat botnet C2 server (confidence level: 100%)
hash24156
Ares botnet C2 server (confidence level: 90%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8088
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3000
Unknown malware botnet C2 server (confidence level: 100%)
hash1194
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash56004
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash4443
Sliver botnet C2 server (confidence level: 100%)
hash37913
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8090
Unknown malware botnet C2 server (confidence level: 100%)
hash6881
Mirai botnet C2 server (confidence level: 75%)
hash6881
Mirai botnet C2 server (confidence level: 75%)
hash6881
Mirai botnet C2 server (confidence level: 75%)
hash6881
Mirai botnet C2 server (confidence level: 75%)
hash51417
Mirai botnet C2 server (confidence level: 75%)
hash51413
Mirai botnet C2 server (confidence level: 75%)
hash51413
Mirai botnet C2 server (confidence level: 75%)
hash12509
Mirai botnet C2 server (confidence level: 75%)
hash3585
Mirai botnet C2 server (confidence level: 75%)
hash9150
Mirai botnet C2 server (confidence level: 75%)
hash20759
Mirai botnet C2 server (confidence level: 75%)
hash8000
Mirai botnet C2 server (confidence level: 75%)
hash8000
Mirai botnet C2 server (confidence level: 75%)
hash15122
Mirai botnet C2 server (confidence level: 75%)
hash30301
Mirai botnet C2 server (confidence level: 75%)
hash30301
Mirai botnet C2 server (confidence level: 75%)
hash34110
Mirai botnet C2 server (confidence level: 75%)
hash1434
Mirai botnet C2 server (confidence level: 75%)
hash57616
Mirai botnet C2 server (confidence level: 75%)
hash8082
Mirai botnet C2 server (confidence level: 75%)
hash8082
Mirai botnet C2 server (confidence level: 75%)
hash8081
Mirai botnet C2 server (confidence level: 75%)
hash8081
Mirai botnet C2 server (confidence level: 75%)
hash14204
Mirai botnet C2 server (confidence level: 75%)
hash28820
Mirai botnet C2 server (confidence level: 75%)
hash28046
Mirai botnet C2 server (confidence level: 75%)
hash28100
Mirai botnet C2 server (confidence level: 75%)
hash56652
Mirai botnet C2 server (confidence level: 75%)
hash18970
Mirai botnet C2 server (confidence level: 75%)
hash28109
Mirai botnet C2 server (confidence level: 75%)
hash34156
Mirai botnet C2 server (confidence level: 75%)
hash6256
Mirai botnet C2 server (confidence level: 75%)
hash48489
Mirai botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash10443
Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash4150
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash80
Ghost RAT botnet C2 server (confidence level: 50%)
hash443
Kimsuky botnet C2 server (confidence level: 50%)
hash2443
AsyncRAT botnet C2 server (confidence level: 50%)
hash34040
Remcos botnet C2 server (confidence level: 50%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash8000
AsyncRAT botnet C2 server (confidence level: 100%)
hash1080
AsyncRAT botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash2409
Remcos botnet C2 server (confidence level: 75%)
hash20931
Sliver botnet C2 server (confidence level: 75%)
hash8888
Sliver botnet C2 server (confidence level: 75%)
hash443
BianLian botnet C2 server (confidence level: 75%)
hash46886
Cobalt Strike botnet C2 server (confidence level: 75%)
hash60445
Meterpreter botnet C2 server (confidence level: 75%)
hash7777
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1089
Remcos botnet C2 server (confidence level: 75%)
hash1951
AsyncRAT botnet C2 server (confidence level: 75%)
hash3000
Unknown Loader botnet C2 server (confidence level: 75%)
hash3000
Unknown Loader botnet C2 server (confidence level: 75%)
hash3977
XWorm botnet C2 server (confidence level: 75%)
hash6892
Houdini botnet C2 server (confidence level: 75%)
hash4098
Remcos botnet C2 server (confidence level: 75%)
hash59111
Remcos botnet C2 server (confidence level: 75%)
hash57376
Remcos botnet C2 server (confidence level: 75%)
hash13405
Remcos botnet C2 server (confidence level: 75%)
hash13406
Remcos botnet C2 server (confidence level: 75%)
hash5577
Remcos botnet C2 server (confidence level: 75%)
hash100
AsyncRAT botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash443
ShadowPad botnet C2 server (confidence level: 90%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash6667
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash101
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash7001
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash23
Bashlite botnet C2 server (confidence level: 100%)
hash80
XWorm botnet C2 server (confidence level: 100%)
hash443
BianLian botnet C2 server (confidence level: 100%)
hash6266
SpyNote botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash57338
Unknown malware botnet C2 server (confidence level: 100%)
hash32724
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Lumma Stealer botnet C2 server (confidence level: 25%)
hash22
Lumma Stealer botnet C2 server (confidence level: 25%)
hash443
Lumma Stealer botnet C2 server (confidence level: 25%)
hash1604
DarkComet botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash83
Cobalt Strike botnet C2 server (confidence level: 100%)
hash3872
Remcos botnet C2 server (confidence level: 100%)
hash17527
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash8082
Hook botnet C2 server (confidence level: 100%)
hash3389
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash80
Havoc botnet C2 server (confidence level: 100%)
hash443
DCRat botnet C2 server (confidence level: 100%)
hash443
DCRat botnet C2 server (confidence level: 100%)
hash6000
DCRat botnet C2 server (confidence level: 100%)
hash58603
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash771
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8082
Vshell botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash1521
Cobalt Strike botnet C2 server (confidence level: 75%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash8000
Sliver botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash8080
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash2222
Venom RAT botnet C2 server (confidence level: 100%)
hash2281
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash4506
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DOPLUGS botnet C2 server (confidence level: 100%)
hash80
Stealc botnet C2 server (confidence level: 75%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash2222
QakBot botnet C2 server (confidence level: 75%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash8080
Havoc botnet C2 server (confidence level: 75%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 75%)

Threat ID: 68367c98182aa0cae231f107

Added to database: 5/28/2025, 3:01:44 AM

Last enriched: 6/27/2025, 10:51:12 AM

Last updated: 8/1/2025, 3:29:40 AM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats