Skip to main content

ThreatFox IOCs for 2025-04-19

Medium
Published: Sat Apr 19 2025 (04/19/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-04-19

AI-Powered Analysis

AILast updated: 06/27/2025, 11:22:09 UTC

Technical Analysis

The provided information pertains to a set of Indicators of Compromise (IOCs) published on April 19, 2025, by the ThreatFox MISP feed. These IOCs relate to malware activity characterized primarily by OSINT (Open Source Intelligence) techniques, payload delivery mechanisms, and network activity. The data does not specify any particular malware family, affected software versions, or detailed technical exploits. Instead, it appears to be a collection of threat intelligence indicators intended to aid in detection and response efforts. The threat level is indicated as medium, with no known exploits in the wild or available patches. The absence of CWE identifiers and specific affected versions suggests this is a general threat intelligence update rather than a vulnerability in a particular product. The tags and categories emphasize the use of OSINT for threat detection and the focus on payload delivery and network behavior, which are common in malware campaigns. The technical details show moderate threat level and distribution scores, indicating some level of dissemination but not widespread or critical impact. Overall, this represents a situational awareness update for security teams to monitor and potentially incorporate into their detection systems rather than an active exploit or vulnerability requiring immediate patching.

Potential Impact

For European organizations, the impact of this threat intelligence update is primarily in enhancing situational awareness and improving detection capabilities against malware campaigns that utilize OSINT and network-based payload delivery. Since no specific exploit or vulnerability is identified, the direct risk to confidentiality, integrity, or availability is limited unless these IOCs correspond to active campaigns targeting European entities. However, failure to incorporate such threat intelligence could result in delayed detection of malware infections, leading to potential data breaches, operational disruption, or lateral movement within networks. Organizations with critical infrastructure or sensitive data could face increased risk if attackers leverage these indicators to craft targeted attacks. The medium severity suggests a moderate risk level, emphasizing the need for vigilance but not immediate crisis response.

Mitigation Recommendations

1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection of related malware activity. 2. Conduct regular network traffic analysis focusing on unusual payload delivery patterns and suspicious network activity that align with the threat intelligence. 3. Train security operations teams to recognize and respond to OSINT-driven attack vectors and payload delivery tactics. 4. Maintain up-to-date threat intelligence feeds and ensure automated correlation with internal logs for timely alerts. 5. Implement network segmentation and strict access controls to limit the potential spread of malware if detected. 6. Perform regular threat hunting exercises using the IOCs to proactively identify potential compromises. 7. Collaborate with national and European cybersecurity information sharing organizations to contextualize these IOCs within broader threat trends.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
f9c9b7e2-7a1a-41b1-8ba7-b4c9b0e1c634
Original Timestamp
1745107387

Indicators of Compromise

Domain

ValueDescriptionCopy
domaincheck.saguf.icu
ClearFake payload delivery domain (confidence level: 100%)
domainht.bzmajiang.cn
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.x6se.buzz
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainec2-16-163-161-107.ap-east-1.compute.amazonaws.com
ShadowPad botnet C2 domain (confidence level: 90%)
domainlynmor.com
FAKEUPDATES payload delivery domain (confidence level: 50%)
domaingrrlspace.com
FAKEUPDATES payload delivery domain (confidence level: 50%)
domainreddit.co.im
Unknown malware payload delivery domain (confidence level: 50%)
domainfuturistx.live
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainsynmedsp.live
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainfour-meme.dev
Unknown malware payload delivery domain (confidence level: 50%)
domain9xuj2tcnm.localto.net
AsyncRAT botnet C2 domain (confidence level: 50%)
domaingo.gets-it.net
AsyncRAT botnet C2 domain (confidence level: 50%)
domainrhymers.duckdns.org
Remcos botnet C2 domain (confidence level: 50%)
domainalthough-cholesterol.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domaininterface-owners.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domainmatch-charity.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domaino-sufficient.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domaincheck.hosam.icu
ClearFake payload delivery domain (confidence level: 100%)
domainoffice.socalmediazone.com
Hook botnet C2 domain (confidence level: 100%)
domainaccount.st4b4n.fr
Havoc botnet C2 domain (confidence level: 100%)
domaincheck.colaj.icu
ClearFake payload delivery domain (confidence level: 100%)
domainlumbersmile.icu
Unknown Loader botnet C2 domain (confidence level: 100%)
domaincheck.wewum.icu
ClearFake payload delivery domain (confidence level: 100%)
domain4gjhr5qxhyaj1.cfc-execute.bj.baidubce.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainyyds.chinaunciom.sbs
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainauth.echelonai.world
Hook botnet C2 domain (confidence level: 100%)
domainmail1.lasthit.store
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainmail2.lasthit.store
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainapi.googleshop.xyz
Cobalt Strike botnet C2 domain (confidence level: 75%)

File

ValueDescriptionCopy
file194.59.31.74
Remcos botnet C2 server (confidence level: 100%)
file196.251.88.99
Remcos botnet C2 server (confidence level: 100%)
file62.60.226.101
Remcos botnet C2 server (confidence level: 100%)
file45.94.31.80
Remcos botnet C2 server (confidence level: 100%)
file192.177.111.67
Remcos botnet C2 server (confidence level: 100%)
file197.224.236.164
Unknown malware botnet C2 server (confidence level: 100%)
file162.250.124.62
Quasar RAT botnet C2 server (confidence level: 100%)
file111.229.202.115
Havoc botnet C2 server (confidence level: 100%)
file171.227.30.106
Venom RAT botnet C2 server (confidence level: 100%)
file35.179.100.140
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file35.78.171.69
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file18.222.12.121
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file18.222.12.121
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file18.222.12.121
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file196.251.80.109
XWorm botnet C2 server (confidence level: 100%)
file176.65.144.18
Bashlite botnet C2 server (confidence level: 75%)
file209.141.33.93
Mirai botnet C2 server (confidence level: 75%)
file45.79.145.180
Sliver botnet C2 server (confidence level: 90%)
file196.251.116.201
Remcos botnet C2 server (confidence level: 100%)
file196.251.69.26
AsyncRAT botnet C2 server (confidence level: 100%)
file2.56.245.216
AsyncRAT botnet C2 server (confidence level: 100%)
file171.227.30.106
Venom RAT botnet C2 server (confidence level: 100%)
file20.240.184.170
ERMAC botnet C2 server (confidence level: 100%)
file147.135.209.16
Unknown malware botnet C2 server (confidence level: 100%)
file147.135.209.16
Unknown malware botnet C2 server (confidence level: 100%)
file13.203.232.69
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file52.91.218.1
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file81.70.202.246
Unknown malware botnet C2 server (confidence level: 100%)
file52.212.98.5
Unknown malware botnet C2 server (confidence level: 100%)
file130.61.248.49
Unknown malware botnet C2 server (confidence level: 100%)
file152.53.130.64
Unknown malware botnet C2 server (confidence level: 100%)
file23.94.212.181
Unknown malware botnet C2 server (confidence level: 100%)
file47.113.227.68
Unknown malware botnet C2 server (confidence level: 100%)
file3.110.28.213
Unknown malware botnet C2 server (confidence level: 100%)
file103.150.92.3
Unknown malware botnet C2 server (confidence level: 100%)
file3.18.121.82
Unknown malware botnet C2 server (confidence level: 100%)
file208.40.7.3
Unknown malware botnet C2 server (confidence level: 100%)
file120.26.235.70
Unknown malware botnet C2 server (confidence level: 100%)
file51.159.187.214
Unknown malware botnet C2 server (confidence level: 100%)
file80.71.149.20
Unknown malware botnet C2 server (confidence level: 100%)
file106.15.227.21
Unknown malware botnet C2 server (confidence level: 100%)
file100.26.43.242
Unknown malware botnet C2 server (confidence level: 100%)
file3.104.57.100
Unknown malware botnet C2 server (confidence level: 100%)
file209.182.239.173
Cobalt Strike botnet C2 server (confidence level: 50%)
file43.133.72.43
Cobalt Strike botnet C2 server (confidence level: 50%)
file54.159.118.2
Cobalt Strike botnet C2 server (confidence level: 50%)
file95.169.25.146
Cobalt Strike botnet C2 server (confidence level: 50%)
file173.249.24.35
Sliver botnet C2 server (confidence level: 50%)
file45.76.156.251
Sliver botnet C2 server (confidence level: 50%)
file137.184.239.125
Sliver botnet C2 server (confidence level: 50%)
file103.68.251.141
DarkComet botnet C2 server (confidence level: 50%)
file35.178.244.216
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file222.89.70.13
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file149.210.62.42
Ghost RAT botnet C2 server (confidence level: 50%)
file188.240.81.233
AsyncRAT botnet C2 server (confidence level: 50%)
file38.102.9.64
Remcos botnet C2 server (confidence level: 50%)
file45.88.91.214
Remcos botnet C2 server (confidence level: 50%)
file121.43.160.89
Cobalt Strike botnet C2 server (confidence level: 100%)
file139.9.61.175
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.86.107.151
Cobalt Strike botnet C2 server (confidence level: 100%)
file176.113.82.51
Cobalt Strike botnet C2 server (confidence level: 100%)
file104.168.57.116
Cobalt Strike botnet C2 server (confidence level: 100%)
file106.75.12.246
Cobalt Strike botnet C2 server (confidence level: 100%)
file23.94.54.13
Cobalt Strike botnet C2 server (confidence level: 100%)
file148.135.90.11
Cobalt Strike botnet C2 server (confidence level: 100%)
file198.98.57.26
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.96.130.111
Cobalt Strike botnet C2 server (confidence level: 100%)
file94.140.114.150
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.45.217.148
Hook botnet C2 server (confidence level: 100%)
file171.227.30.106
Venom RAT botnet C2 server (confidence level: 100%)
file18.116.20.64
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file51.79.160.146
Kaiji botnet C2 server (confidence level: 100%)
file154.201.91.52
Kaiji botnet C2 server (confidence level: 100%)
file176.65.149.67
MooBot botnet C2 server (confidence level: 100%)
file106.75.215.144
Sliver botnet C2 server (confidence level: 75%)
file13.51.167.241
NetSupportManager RAT botnet C2 server (confidence level: 75%)
file71.187.100.156
QakBot botnet C2 server (confidence level: 75%)
file91.92.46.42
Stealc botnet C2 server (confidence level: 100%)
file196.251.70.239
Remcos botnet C2 server (confidence level: 100%)
file185.38.142.128
Remcos botnet C2 server (confidence level: 100%)
file196.251.116.190
Remcos botnet C2 server (confidence level: 100%)
file35.220.140.248
pupy botnet C2 server (confidence level: 100%)
file123.57.20.184
Unknown malware botnet C2 server (confidence level: 100%)
file163.5.210.172
AsyncRAT botnet C2 server (confidence level: 100%)
file81.17.24.234
AsyncRAT botnet C2 server (confidence level: 100%)
file163.172.125.253
AsyncRAT botnet C2 server (confidence level: 100%)
file195.10.205.179
Hook botnet C2 server (confidence level: 100%)
file77.110.106.151
Hook botnet C2 server (confidence level: 100%)
file196.251.87.16
Hook botnet C2 server (confidence level: 100%)
file45.45.217.148
Hook botnet C2 server (confidence level: 100%)
file206.166.251.139
Havoc botnet C2 server (confidence level: 100%)
file188.166.174.146
Havoc botnet C2 server (confidence level: 100%)
file188.166.174.146
Havoc botnet C2 server (confidence level: 100%)
file156.253.227.252
MooBot botnet C2 server (confidence level: 100%)
file111.230.161.5
Cobalt Strike botnet C2 server (confidence level: 75%)
file119.91.246.70
Cobalt Strike botnet C2 server (confidence level: 75%)
file134.175.159.214
Cobalt Strike botnet C2 server (confidence level: 75%)
file176.113.82.51
Cobalt Strike botnet C2 server (confidence level: 75%)
file36.41.71.241
Cobalt Strike botnet C2 server (confidence level: 75%)
file45.83.207.17
NjRAT botnet C2 server (confidence level: 75%)
file88.214.48.65
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.65
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.65
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.66
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.66
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.65
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.65
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.66
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.65
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.65
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.65
Tofsee botnet C2 server (confidence level: 100%)
file47.116.34.88
Cobalt Strike botnet C2 server (confidence level: 100%)
file118.31.118.190
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.142.0.149
Remcos botnet C2 server (confidence level: 100%)
file62.60.226.21
Remcos botnet C2 server (confidence level: 100%)
file31.220.81.57
Remcos botnet C2 server (confidence level: 100%)
file196.251.116.190
Remcos botnet C2 server (confidence level: 100%)
file185.165.170.222
Remcos botnet C2 server (confidence level: 100%)
file196.251.116.158
Remcos botnet C2 server (confidence level: 100%)
file144.91.103.204
Sliver botnet C2 server (confidence level: 100%)
file64.52.80.67
Sliver botnet C2 server (confidence level: 100%)
file89.40.31.130
AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.106.203
AsyncRAT botnet C2 server (confidence level: 100%)
file77.110.106.151
Hook botnet C2 server (confidence level: 100%)
file192.153.57.203
Quasar RAT botnet C2 server (confidence level: 100%)
file185.177.239.155
Havoc botnet C2 server (confidence level: 100%)
file171.227.30.106
Venom RAT botnet C2 server (confidence level: 100%)
file54.219.14.165
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file217.114.43.122
Unknown malware botnet C2 server (confidence level: 100%)
file4.227.206.117
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.200.76.102
Cobalt Strike botnet C2 server (confidence level: 100%)
file179.43.186.234
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.88.186.113
AsyncRAT botnet C2 server (confidence level: 100%)
file188.166.174.146
Havoc botnet C2 server (confidence level: 100%)
file198.135.50.66
Venom RAT botnet C2 server (confidence level: 100%)
file93.198.178.131
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file66.63.187.82
Bashlite botnet C2 server (confidence level: 100%)
file118.161.8.213
QakBot botnet C2 server (confidence level: 75%)
file163.181.143.92
DeimosC2 botnet C2 server (confidence level: 75%)
file50.106.3.62
QakBot botnet C2 server (confidence level: 75%)
file172.104.60.134
Cobalt Strike botnet C2 server (confidence level: 75%)
file152.136.17.91
Cobalt Strike botnet C2 server (confidence level: 75%)
file179.43.186.234
Cobalt Strike botnet C2 server (confidence level: 75%)
file198.98.57.26
Cobalt Strike botnet C2 server (confidence level: 75%)

Hash

ValueDescriptionCopy
hash17527
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash40106
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Quasar RAT botnet C2 server (confidence level: 100%)
hash8083
Havoc botnet C2 server (confidence level: 100%)
hash8000
Venom RAT botnet C2 server (confidence level: 100%)
hash10261
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash1963
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash103
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash2003
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash34203
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
XWorm botnet C2 server (confidence level: 100%)
hash69
Bashlite botnet C2 server (confidence level: 75%)
hash5538
Mirai botnet C2 server (confidence level: 75%)
hash31337
Sliver botnet C2 server (confidence level: 90%)
hash2007
Remcos botnet C2 server (confidence level: 100%)
hash222
AsyncRAT botnet C2 server (confidence level: 100%)
hash4608
AsyncRAT botnet C2 server (confidence level: 100%)
hash5000
Venom RAT botnet C2 server (confidence level: 100%)
hash80
ERMAC botnet C2 server (confidence level: 100%)
hash4433
Unknown malware botnet C2 server (confidence level: 100%)
hash8081
Unknown malware botnet C2 server (confidence level: 100%)
hash2052
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash101
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash6666
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash9205
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3615
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash7000
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash8869
DarkComet botnet C2 server (confidence level: 50%)
hash873
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash9088
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash443
Ghost RAT botnet C2 server (confidence level: 50%)
hash3131
AsyncRAT botnet C2 server (confidence level: 50%)
hash23074
Remcos botnet C2 server (confidence level: 50%)
hash4500
Remcos botnet C2 server (confidence level: 50%)
hash10001
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash81
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash6001
Venom RAT botnet C2 server (confidence level: 100%)
hash4839
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash808
Kaiji botnet C2 server (confidence level: 100%)
hash808
Kaiji botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 75%)
hash9142
NetSupportManager RAT botnet C2 server (confidence level: 75%)
hash2222
QakBot botnet C2 server (confidence level: 75%)
hash80
Stealc botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash443
Remcos botnet C2 server (confidence level: 100%)
hash4507
Remcos botnet C2 server (confidence level: 100%)
hash8443
pupy botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash300
AsyncRAT botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash8080
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash2086
Cobalt Strike botnet C2 server (confidence level: 75%)
hash6522
NjRAT botnet C2 server (confidence level: 75%)
hash423
Tofsee botnet C2 server (confidence level: 100%)
hash417
Tofsee botnet C2 server (confidence level: 100%)
hash428
Tofsee botnet C2 server (confidence level: 100%)
hash416
Tofsee botnet C2 server (confidence level: 100%)
hash430
Tofsee botnet C2 server (confidence level: 100%)
hash424
Tofsee botnet C2 server (confidence level: 100%)
hash418
Tofsee botnet C2 server (confidence level: 100%)
hash425
Tofsee botnet C2 server (confidence level: 100%)
hash419
Tofsee botnet C2 server (confidence level: 100%)
hash421
Tofsee botnet C2 server (confidence level: 100%)
hash416
Tofsee botnet C2 server (confidence level: 100%)
hash426
Tofsee botnet C2 server (confidence level: 100%)
hash431
Tofsee botnet C2 server (confidence level: 100%)
hash424
Tofsee botnet C2 server (confidence level: 100%)
hash9000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Remcos botnet C2 server (confidence level: 100%)
hash40106
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash4507
Remcos botnet C2 server (confidence level: 100%)
hash31337
Sliver botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash1010
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash8080
Quasar RAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash6000
Venom RAT botnet C2 server (confidence level: 100%)
hash2628
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash4000
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Havoc botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash81
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
Bashlite botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash4506
DeimosC2 botnet C2 server (confidence level: 75%)
hash995
QakBot botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 75%)

Url

ValueDescriptionCopy
urlhttp://10.99.1.101/en-us/supershell/login/auth
Unknown malware botnet C2 (confidence level: 50%)
urlhttps://quicklinks-online.com/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttp://141.164.61.168
Kimsuky botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/9hzqgnjr
XWorm botnet C2 (confidence level: 50%)
urlhttp://182.124.109.206:54689/mozi.m
Mozi payload delivery URL (confidence level: 50%)
urlhttps://fstarofliught.top/wozd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://check.hosam.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.colaj.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttp://lumbersmile.icu/apri.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttp://lumbersmile.icu/apr.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://4asalaccgfa.top/gsooz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://check.wewum.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttp://103.48.64.50:38680/mozi.m
Mozi payload delivery URL (confidence level: 50%)
urlhttp://117.209.117.141:55381/mozi.m
Mozi payload delivery URL (confidence level: 50%)
urlhttp://102.33.34.151:35209/mozi.m
Mozi payload delivery URL (confidence level: 50%)
urlhttp://185.208.158.182:8090/pages/login.php
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://check.pejel.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://8salaccgfa.top/gsooz
Lumma Stealer botnet C2 (confidence level: 75%)

Threat ID: 68367c96182aa0cae23195a7

Added to database: 5/28/2025, 3:01:42 AM

Last enriched: 6/27/2025, 11:22:09 AM

Last updated: 7/31/2025, 3:45:31 PM

Views: 7

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats