Skip to main content

ThreatFox IOCs for 2025-04-19

Medium
Published: Sat Apr 19 2025 (04/19/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-04-19

AI-Powered Analysis

AILast updated: 06/18/2025, 08:06:04 UTC

Technical Analysis

The provided threat intelligence report titled "ThreatFox IOCs for 2025-04-19" pertains to a malware-related threat categorized under the "osint" product type. The report originates from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. However, the technical details and metadata indicate limited specific information about the malware itself. There are no affected versions listed, no CWE identifiers, no patch links, and no known exploits in the wild. The threat level is indicated as 2 on an unspecified scale, with analysis and distribution scores of 1 and 3 respectively, suggesting a low to moderate distribution but limited analytical detail. The absence of indicators and technical specifics implies that this report primarily serves as a collection or notification of IOCs rather than a detailed malware analysis. The "type:osint" tag and the "tlp:white" marking indicate that the information is openly shareable and derived from open-source intelligence. Overall, this threat appears to be a medium-severity malware-related intelligence update with limited actionable technical details at this time.

Potential Impact

Given the limited technical details and absence of known exploits in the wild, the immediate impact on European organizations is likely to be low to moderate. However, as the threat is categorized as malware and distributed through OSINT channels, there is potential for targeted or opportunistic attacks that could affect confidentiality, integrity, or availability if the malware is deployed effectively. The lack of specific affected versions or vulnerabilities suggests that the malware may be either newly identified or not yet widely exploited. European organizations relying on OSINT tools or platforms that might ingest or process such IOCs could face risks if these indicators are weaponized or if the malware targets specific infrastructure. Potential impacts include data exfiltration, system compromise, or disruption of services, but without further details, these remain speculative. The medium severity rating suggests vigilance but not immediate alarm.

Mitigation Recommendations

1. Enhance OSINT ingestion security: Organizations should validate and sandbox any IOCs or threat intelligence data before integrating them into security monitoring tools to prevent accidental execution or compromise. 2. Monitor threat intelligence feeds: Continuously track updates from ThreatFox and similar platforms for additional context or emerging indicators related to this malware. 3. Strengthen endpoint detection and response (EDR): Deploy and tune EDR solutions to detect anomalous behaviors potentially linked to new or unknown malware. 4. Conduct regular threat hunting: Proactively search for signs of compromise related to the reported IOCs, even if none are currently known. 5. Employee awareness and training: Educate staff on the risks of malware and the importance of cautious handling of OSINT data and suspicious files. 6. Network segmentation and least privilege: Limit the potential spread of malware by segmenting critical systems and enforcing strict access controls. 7. Incident response readiness: Prepare and test incident response plans to quickly address any future detections related to this threat. These measures go beyond generic advice by focusing on the safe handling of OSINT data and proactive detection strategies tailored to the nature of this intelligence.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
f9c9b7e2-7a1a-41b1-8ba7-b4c9b0e1c634
Original Timestamp
1745107387

Indicators of Compromise

Domain

ValueDescriptionCopy
domaincheck.saguf.icu
ClearFake payload delivery domain (confidence level: 100%)
domainht.bzmajiang.cn
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.x6se.buzz
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainec2-16-163-161-107.ap-east-1.compute.amazonaws.com
ShadowPad botnet C2 domain (confidence level: 90%)
domainlynmor.com
FAKEUPDATES payload delivery domain (confidence level: 50%)
domaingrrlspace.com
FAKEUPDATES payload delivery domain (confidence level: 50%)
domainreddit.co.im
Unknown malware payload delivery domain (confidence level: 50%)
domainfuturistx.live
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainsynmedsp.live
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainfour-meme.dev
Unknown malware payload delivery domain (confidence level: 50%)
domain9xuj2tcnm.localto.net
AsyncRAT botnet C2 domain (confidence level: 50%)
domaingo.gets-it.net
AsyncRAT botnet C2 domain (confidence level: 50%)
domainrhymers.duckdns.org
Remcos botnet C2 domain (confidence level: 50%)
domainalthough-cholesterol.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domaininterface-owners.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domainmatch-charity.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domaino-sufficient.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domaincheck.hosam.icu
ClearFake payload delivery domain (confidence level: 100%)
domainoffice.socalmediazone.com
Hook botnet C2 domain (confidence level: 100%)
domainaccount.st4b4n.fr
Havoc botnet C2 domain (confidence level: 100%)
domaincheck.colaj.icu
ClearFake payload delivery domain (confidence level: 100%)
domainlumbersmile.icu
Unknown Loader botnet C2 domain (confidence level: 100%)
domaincheck.wewum.icu
ClearFake payload delivery domain (confidence level: 100%)
domain4gjhr5qxhyaj1.cfc-execute.bj.baidubce.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainyyds.chinaunciom.sbs
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainauth.echelonai.world
Hook botnet C2 domain (confidence level: 100%)
domainmail1.lasthit.store
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainmail2.lasthit.store
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainapi.googleshop.xyz
Cobalt Strike botnet C2 domain (confidence level: 75%)

File

ValueDescriptionCopy
file194.59.31.74
Remcos botnet C2 server (confidence level: 100%)
file196.251.88.99
Remcos botnet C2 server (confidence level: 100%)
file62.60.226.101
Remcos botnet C2 server (confidence level: 100%)
file45.94.31.80
Remcos botnet C2 server (confidence level: 100%)
file192.177.111.67
Remcos botnet C2 server (confidence level: 100%)
file197.224.236.164
Unknown malware botnet C2 server (confidence level: 100%)
file162.250.124.62
Quasar RAT botnet C2 server (confidence level: 100%)
file111.229.202.115
Havoc botnet C2 server (confidence level: 100%)
file171.227.30.106
Venom RAT botnet C2 server (confidence level: 100%)
file35.179.100.140
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file35.78.171.69
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file18.222.12.121
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file18.222.12.121
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file18.222.12.121
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file196.251.80.109
XWorm botnet C2 server (confidence level: 100%)
file176.65.144.18
Bashlite botnet C2 server (confidence level: 75%)
file209.141.33.93
Mirai botnet C2 server (confidence level: 75%)
file45.79.145.180
Sliver botnet C2 server (confidence level: 90%)
file196.251.116.201
Remcos botnet C2 server (confidence level: 100%)
file196.251.69.26
AsyncRAT botnet C2 server (confidence level: 100%)
file2.56.245.216
AsyncRAT botnet C2 server (confidence level: 100%)
file171.227.30.106
Venom RAT botnet C2 server (confidence level: 100%)
file20.240.184.170
ERMAC botnet C2 server (confidence level: 100%)
file147.135.209.16
Unknown malware botnet C2 server (confidence level: 100%)
file147.135.209.16
Unknown malware botnet C2 server (confidence level: 100%)
file13.203.232.69
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file52.91.218.1
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file81.70.202.246
Unknown malware botnet C2 server (confidence level: 100%)
file52.212.98.5
Unknown malware botnet C2 server (confidence level: 100%)
file130.61.248.49
Unknown malware botnet C2 server (confidence level: 100%)
file152.53.130.64
Unknown malware botnet C2 server (confidence level: 100%)
file23.94.212.181
Unknown malware botnet C2 server (confidence level: 100%)
file47.113.227.68
Unknown malware botnet C2 server (confidence level: 100%)
file3.110.28.213
Unknown malware botnet C2 server (confidence level: 100%)
file103.150.92.3
Unknown malware botnet C2 server (confidence level: 100%)
file3.18.121.82
Unknown malware botnet C2 server (confidence level: 100%)
file208.40.7.3
Unknown malware botnet C2 server (confidence level: 100%)
file120.26.235.70
Unknown malware botnet C2 server (confidence level: 100%)
file51.159.187.214
Unknown malware botnet C2 server (confidence level: 100%)
file80.71.149.20
Unknown malware botnet C2 server (confidence level: 100%)
file106.15.227.21
Unknown malware botnet C2 server (confidence level: 100%)
file100.26.43.242
Unknown malware botnet C2 server (confidence level: 100%)
file3.104.57.100
Unknown malware botnet C2 server (confidence level: 100%)
file209.182.239.173
Cobalt Strike botnet C2 server (confidence level: 50%)
file43.133.72.43
Cobalt Strike botnet C2 server (confidence level: 50%)
file54.159.118.2
Cobalt Strike botnet C2 server (confidence level: 50%)
file95.169.25.146
Cobalt Strike botnet C2 server (confidence level: 50%)
file173.249.24.35
Sliver botnet C2 server (confidence level: 50%)
file45.76.156.251
Sliver botnet C2 server (confidence level: 50%)
file137.184.239.125
Sliver botnet C2 server (confidence level: 50%)
file103.68.251.141
DarkComet botnet C2 server (confidence level: 50%)
file35.178.244.216
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file222.89.70.13
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file149.210.62.42
Ghost RAT botnet C2 server (confidence level: 50%)
file188.240.81.233
AsyncRAT botnet C2 server (confidence level: 50%)
file38.102.9.64
Remcos botnet C2 server (confidence level: 50%)
file45.88.91.214
Remcos botnet C2 server (confidence level: 50%)
file121.43.160.89
Cobalt Strike botnet C2 server (confidence level: 100%)
file139.9.61.175
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.86.107.151
Cobalt Strike botnet C2 server (confidence level: 100%)
file176.113.82.51
Cobalt Strike botnet C2 server (confidence level: 100%)
file104.168.57.116
Cobalt Strike botnet C2 server (confidence level: 100%)
file106.75.12.246
Cobalt Strike botnet C2 server (confidence level: 100%)
file23.94.54.13
Cobalt Strike botnet C2 server (confidence level: 100%)
file148.135.90.11
Cobalt Strike botnet C2 server (confidence level: 100%)
file198.98.57.26
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.96.130.111
Cobalt Strike botnet C2 server (confidence level: 100%)
file94.140.114.150
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.45.217.148
Hook botnet C2 server (confidence level: 100%)
file171.227.30.106
Venom RAT botnet C2 server (confidence level: 100%)
file18.116.20.64
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file51.79.160.146
Kaiji botnet C2 server (confidence level: 100%)
file154.201.91.52
Kaiji botnet C2 server (confidence level: 100%)
file176.65.149.67
MooBot botnet C2 server (confidence level: 100%)
file106.75.215.144
Sliver botnet C2 server (confidence level: 75%)
file13.51.167.241
NetSupportManager RAT botnet C2 server (confidence level: 75%)
file71.187.100.156
QakBot botnet C2 server (confidence level: 75%)
file91.92.46.42
Stealc botnet C2 server (confidence level: 100%)
file196.251.70.239
Remcos botnet C2 server (confidence level: 100%)
file185.38.142.128
Remcos botnet C2 server (confidence level: 100%)
file196.251.116.190
Remcos botnet C2 server (confidence level: 100%)
file35.220.140.248
pupy botnet C2 server (confidence level: 100%)
file123.57.20.184
Unknown malware botnet C2 server (confidence level: 100%)
file163.5.210.172
AsyncRAT botnet C2 server (confidence level: 100%)
file81.17.24.234
AsyncRAT botnet C2 server (confidence level: 100%)
file163.172.125.253
AsyncRAT botnet C2 server (confidence level: 100%)
file195.10.205.179
Hook botnet C2 server (confidence level: 100%)
file77.110.106.151
Hook botnet C2 server (confidence level: 100%)
file196.251.87.16
Hook botnet C2 server (confidence level: 100%)
file45.45.217.148
Hook botnet C2 server (confidence level: 100%)
file206.166.251.139
Havoc botnet C2 server (confidence level: 100%)
file188.166.174.146
Havoc botnet C2 server (confidence level: 100%)
file188.166.174.146
Havoc botnet C2 server (confidence level: 100%)
file156.253.227.252
MooBot botnet C2 server (confidence level: 100%)
file111.230.161.5
Cobalt Strike botnet C2 server (confidence level: 75%)
file119.91.246.70
Cobalt Strike botnet C2 server (confidence level: 75%)
file134.175.159.214
Cobalt Strike botnet C2 server (confidence level: 75%)
file176.113.82.51
Cobalt Strike botnet C2 server (confidence level: 75%)
file36.41.71.241
Cobalt Strike botnet C2 server (confidence level: 75%)
file45.83.207.17
NjRAT botnet C2 server (confidence level: 75%)
file88.214.48.65
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.65
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.65
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.66
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.66
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.65
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.65
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.66
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.65
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.65
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.65
Tofsee botnet C2 server (confidence level: 100%)
file47.116.34.88
Cobalt Strike botnet C2 server (confidence level: 100%)
file118.31.118.190
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.142.0.149
Remcos botnet C2 server (confidence level: 100%)
file62.60.226.21
Remcos botnet C2 server (confidence level: 100%)
file31.220.81.57
Remcos botnet C2 server (confidence level: 100%)
file196.251.116.190
Remcos botnet C2 server (confidence level: 100%)
file185.165.170.222
Remcos botnet C2 server (confidence level: 100%)
file196.251.116.158
Remcos botnet C2 server (confidence level: 100%)
file144.91.103.204
Sliver botnet C2 server (confidence level: 100%)
file64.52.80.67
Sliver botnet C2 server (confidence level: 100%)
file89.40.31.130
AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.106.203
AsyncRAT botnet C2 server (confidence level: 100%)
file77.110.106.151
Hook botnet C2 server (confidence level: 100%)
file192.153.57.203
Quasar RAT botnet C2 server (confidence level: 100%)
file185.177.239.155
Havoc botnet C2 server (confidence level: 100%)
file171.227.30.106
Venom RAT botnet C2 server (confidence level: 100%)
file54.219.14.165
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file217.114.43.122
Unknown malware botnet C2 server (confidence level: 100%)
file4.227.206.117
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.200.76.102
Cobalt Strike botnet C2 server (confidence level: 100%)
file179.43.186.234
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.88.186.113
AsyncRAT botnet C2 server (confidence level: 100%)
file188.166.174.146
Havoc botnet C2 server (confidence level: 100%)
file198.135.50.66
Venom RAT botnet C2 server (confidence level: 100%)
file93.198.178.131
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file66.63.187.82
Bashlite botnet C2 server (confidence level: 100%)
file118.161.8.213
QakBot botnet C2 server (confidence level: 75%)
file163.181.143.92
DeimosC2 botnet C2 server (confidence level: 75%)
file50.106.3.62
QakBot botnet C2 server (confidence level: 75%)
file172.104.60.134
Cobalt Strike botnet C2 server (confidence level: 75%)
file152.136.17.91
Cobalt Strike botnet C2 server (confidence level: 75%)
file179.43.186.234
Cobalt Strike botnet C2 server (confidence level: 75%)
file198.98.57.26
Cobalt Strike botnet C2 server (confidence level: 75%)

Hash

ValueDescriptionCopy
hash17527
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash40106
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Quasar RAT botnet C2 server (confidence level: 100%)
hash8083
Havoc botnet C2 server (confidence level: 100%)
hash8000
Venom RAT botnet C2 server (confidence level: 100%)
hash10261
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash1963
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash103
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash2003
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash34203
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
XWorm botnet C2 server (confidence level: 100%)
hash69
Bashlite botnet C2 server (confidence level: 75%)
hash5538
Mirai botnet C2 server (confidence level: 75%)
hash31337
Sliver botnet C2 server (confidence level: 90%)
hash2007
Remcos botnet C2 server (confidence level: 100%)
hash222
AsyncRAT botnet C2 server (confidence level: 100%)
hash4608
AsyncRAT botnet C2 server (confidence level: 100%)
hash5000
Venom RAT botnet C2 server (confidence level: 100%)
hash80
ERMAC botnet C2 server (confidence level: 100%)
hash4433
Unknown malware botnet C2 server (confidence level: 100%)
hash8081
Unknown malware botnet C2 server (confidence level: 100%)
hash2052
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash101
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash6666
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash9205
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3615
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash7000
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash8869
DarkComet botnet C2 server (confidence level: 50%)
hash873
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash9088
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash443
Ghost RAT botnet C2 server (confidence level: 50%)
hash3131
AsyncRAT botnet C2 server (confidence level: 50%)
hash23074
Remcos botnet C2 server (confidence level: 50%)
hash4500
Remcos botnet C2 server (confidence level: 50%)
hash10001
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash81
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash6001
Venom RAT botnet C2 server (confidence level: 100%)
hash4839
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash808
Kaiji botnet C2 server (confidence level: 100%)
hash808
Kaiji botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 75%)
hash9142
NetSupportManager RAT botnet C2 server (confidence level: 75%)
hash2222
QakBot botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash443
Remcos botnet C2 server (confidence level: 100%)
hash4507
Remcos botnet C2 server (confidence level: 100%)
hash8443
pupy botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash300
AsyncRAT botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash8080
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash2086
Cobalt Strike botnet C2 server (confidence level: 75%)
hash6522
NjRAT botnet C2 server (confidence level: 75%)
hash423
Tofsee botnet C2 server (confidence level: 100%)
hash417
Tofsee botnet C2 server (confidence level: 100%)
hash428
Tofsee botnet C2 server (confidence level: 100%)
hash416
Tofsee botnet C2 server (confidence level: 100%)
hash430
Tofsee botnet C2 server (confidence level: 100%)
hash424
Tofsee botnet C2 server (confidence level: 100%)
hash418
Tofsee botnet C2 server (confidence level: 100%)
hash425
Tofsee botnet C2 server (confidence level: 100%)
hash419
Tofsee botnet C2 server (confidence level: 100%)
hash421
Tofsee botnet C2 server (confidence level: 100%)
hash416
Tofsee botnet C2 server (confidence level: 100%)
hash426
Tofsee botnet C2 server (confidence level: 100%)
hash431
Tofsee botnet C2 server (confidence level: 100%)
hash424
Tofsee botnet C2 server (confidence level: 100%)
hash9000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Remcos botnet C2 server (confidence level: 100%)
hash40106
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash4507
Remcos botnet C2 server (confidence level: 100%)
hash31337
Sliver botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash1010
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash8080
Quasar RAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash6000
Venom RAT botnet C2 server (confidence level: 100%)
hash2628
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash4000
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Havoc botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash81
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
Bashlite botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash4506
DeimosC2 botnet C2 server (confidence level: 75%)
hash995
QakBot botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 75%)

Url

ValueDescriptionCopy
urlhttp://10.99.1.101/en-us/supershell/login/auth
Unknown malware botnet C2 (confidence level: 50%)
urlhttps://quicklinks-online.com/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttp://141.164.61.168
Kimsuky botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/9hzqgnjr
XWorm botnet C2 (confidence level: 50%)
urlhttp://182.124.109.206:54689/mozi.m
Mozi payload delivery URL (confidence level: 50%)
urlhttps://fstarofliught.top/wozd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://check.hosam.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.colaj.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttp://lumbersmile.icu/apri.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttp://lumbersmile.icu/apr.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://4asalaccgfa.top/gsooz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://check.wewum.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttp://103.48.64.50:38680/mozi.m
Mozi payload delivery URL (confidence level: 50%)
urlhttp://117.209.117.141:55381/mozi.m
Mozi payload delivery URL (confidence level: 50%)
urlhttp://102.33.34.151:35209/mozi.m
Mozi payload delivery URL (confidence level: 50%)
urlhttp://185.208.158.182:8090/pages/login.php
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://check.pejel.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://8salaccgfa.top/gsooz
Lumma Stealer botnet C2 (confidence level: 75%)

Threat ID: 682acdc4bbaf20d303f21367

Added to database: 5/19/2025, 6:20:52 AM

Last enriched: 6/18/2025, 8:06:04 AM

Last updated: 7/26/2025, 3:30:08 PM

Views: 16

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats