ThreatFox IOCs for 2025-04-20
Severity: mediumType: malware
ThreatFox IOCs for 2025-04-20
AI Analysis
Technical Summary
The provided threat intelligence pertains to a malware-related report titled "ThreatFox IOCs for 2025-04-20," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The entry is classified under the 'malware' type and is associated with OSINT (Open Source Intelligence) products, indicating that the information may be derived from publicly available sources or shared for awareness and defensive purposes. The technical details include a threat level rated as 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination or reach. However, there are no specific affected versions, CWE identifiers, patch links, or known exploits in the wild associated with this entry. The absence of concrete indicators of compromise (IOCs) such as hashes, IP addresses, or domain names limits the ability to perform detailed technical correlation or detection. The threat is tagged with 'tlp:white,' indicating that the information is intended for public sharing without restrictions. Overall, this entry appears to be a medium-severity malware-related intelligence update with limited technical specifics and no immediate evidence of active exploitation or targeted campaigns.
Potential Impact
Given the limited technical details and lack of known exploits in the wild, the immediate impact on European organizations is likely to be low to medium. However, the presence of malware-related intelligence suggests a potential risk if the threat evolves or if related malware variants emerge targeting systems within Europe. The absence of specific affected products or versions complicates targeted defense strategies. European organizations relying on OSINT feeds or threat intelligence platforms like ThreatFox may benefit from early awareness but should not consider this a direct or imminent threat without further contextual information. Potential impacts could include unauthorized access, data exfiltration, or disruption if the malware were to be weaponized or if related IOCs become active. The medium severity rating implies that while the threat is not critical, organizations should maintain vigilance, especially those in sectors with high exposure to malware threats such as finance, critical infrastructure, and government entities.
Mitigation Recommendations
Integrate ThreatFox and similar OSINT feeds into existing Security Information and Event Management (SIEM) systems to enhance detection capabilities for emerging IOCs. Conduct regular threat hunting exercises focusing on malware behaviors and patterns consistent with medium-level threats, even in the absence of specific IOCs. Maintain up-to-date endpoint protection solutions with heuristic and behavior-based detection to identify novel or unknown malware variants. Implement network segmentation and strict access controls to limit lateral movement should a malware infection occur. Educate security teams on the importance of monitoring OSINT sources and validating threat intelligence before operationalizing it. Establish incident response playbooks that include procedures for handling medium-severity malware threats, emphasizing containment and eradication. Regularly review and update vulnerability management programs to reduce attack surfaces that malware could exploit indirectly.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
Indicators of Compromise
- file: 88.214.48.65
- hash: 422
- file: 88.214.48.66
- hash: 420
- file: 88.214.48.64
- hash: 428
- file: 88.214.48.65
- hash: 430
- file: 88.214.48.64
- hash: 420
- file: 88.214.48.64
- hash: 419
- file: 88.214.48.66
- hash: 428
- file: 88.214.48.65
- hash: 420
- file: 88.214.48.64
- hash: 430
- file: 147.185.221.27
- hash: 47881
- domain: yet-continental.gl.at.ply.gg
- file: 88.214.48.66
- hash: 431
- file: 88.214.48.64
- hash: 431
- file: 88.214.48.64
- hash: 417
- file: 88.214.48.64
- hash: 427
- file: 88.214.48.64
- hash: 425
- file: 88.214.48.65
- hash: 427
- file: 88.214.48.64
- hash: 422
- file: 88.214.48.65
- hash: 421
- file: 88.214.48.66
- hash: 422
- domain: check.pejel.icu
- file: 88.214.48.66
- hash: 426
- hash: dee2ecb51fbfa2f1de9dbe9a7524da12
- hash: bcd51ee1df396f07af0b0a345a6dbaf4
- hash: 935d7db2557d62a55a23b6020d42351c
- hash: b5e1521ea5ffa2d5ec13cef61ffe363d
- file: 88.214.48.66
- hash: 423
- file: 88.214.48.64
- hash: 423
- file: 88.214.48.64
- hash: 421
- url: http://172.82.91.106/p.txt
- file: 88.243.7.236
- hash: 1604
- file: 88.214.48.66
- hash: 425
- file: 88.214.48.66
- hash: 424
- file: 88.214.48.65
- hash: 426
- file: 88.214.48.66
- hash: 419
- file: 88.214.48.66
- hash: 429
- file: 88.214.48.65
- hash: 429
- domain: ladoicese.org
- file: 88.214.48.66
- hash: 418
- file: 88.214.48.64
- hash: 429
- file: 88.214.48.66
- hash: 417
- file: 3.67.15.169
- hash: 13573
- file: 35.157.111.131
- hash: 13573
- domain: kaohej.com
- domain: core.kaohej.com
- domain: kaohej.info
- domain: core.kaohej.info
- domain: kaohej.org
- domain: core.kaohej.org
- file: 88.214.48.64
- hash: 416
- file: 88.214.48.65
- hash: 418
- file: 120.26.139.176
- hash: 8080
- file: 173.212.245.215
- hash: 80
- file: 49.232.62.197
- hash: 443
- file: 62.60.226.114
- hash: 40103
- file: 193.168.143.13
- hash: 443
- file: 144.91.103.204
- hash: 8443
- file: 91.208.184.195
- hash: 7412
- file: 196.251.69.26
- hash: 888
- file: 196.251.69.26
- hash: 2222
- file: 196.251.116.155
- hash: 8443
- file: 2.59.117.173
- hash: 8089
- file: 83.217.209.65
- hash: 8089
- domain: react.socalmediazone.com
- file: 118.195.162.44
- hash: 443
- file: 5.161.207.95
- hash: 8080
- file: 171.227.30.106
- hash: 9999
- file: 3.69.197.94
- hash: 44818
- file: 134.175.89.138
- hash: 80
- file: 8.213.235.187
- hash: 10443
- file: 88.214.48.66
- hash: 427
- file: 212.237.218.41
- hash: 80
- file: 196.251.90.83
- hash: 3000
- file: 103.39.79.160
- hash: 8443
- file: 84.247.148.249
- hash: 8443
- file: 23.227.167.188
- hash: 8808
- file: 47.128.167.206
- hash: 80
- file: 171.22.31.46
- hash: 80
- domain: o.socalmediazone.com
- file: 196.251.87.16
- hash: 8089
- file: 45.33.7.49
- hash: 8080
- file: 51.15.194.103
- hash: 4443
- file: 36.138.95.31
- hash: 60000
- file: 192.145.45.61
- hash: 3333
- file: 65.108.209.233
- hash: 4444
- file: 38.242.221.155
- hash: 3333
- file: 192.145.28.124
- hash: 4443
- file: 52.204.130.225
- hash: 443
- file: 52.72.220.219
- hash: 443
- file: 101.200.29.152
- hash: 3333
- file: 47.94.8.20
- hash: 3333
- file: 51.178.141.34
- hash: 1234
- file: 1.92.144.199
- hash: 3333
- file: 52.139.216.69
- hash: 8080
- file: 165.232.47.88
- hash: 3333
- file: 157.230.97.17
- hash: 1724
- file: 3.7.190.114
- hash: 443
- file: 174.35.59.229
- hash: 13333
- file: 111.229.149.224
- hash: 3333
- file: 118.184.187.174
- hash: 54681
- file: 107.150.0.237
- hash: 8080
- domain: autodiscover.aa.104-168-101-27.cprapid.com
- file: 2.122.168.171
- hash: 443
- file: 154.246.33.169
- hash: 443
- file: 185.39.17.70
- hash: 8848
- file: 103.89.137.180
- hash: 80
- file: 146.19.170.222
- hash: 443
- file: 2.57.241.52
- hash: 80
- url: https://dustfurniture.xyz/art.php
- url: http://pancakebag.xyz/bik.php
- url: http://auntapproval.icu/apr.php
- url: http://auntapproval.icu/apri.php
- domain: lowwood.xyz
- url: https://3quilltayle.live/gksi
- file: 185.9.146.38
- hash: 443
- file: 43.133.72.43
- hash: 80
- file: 124.70.203.28
- hash: 10443
- file: 47.93.135.155
- hash: 31337
- file: 43.131.5.83
- hash: 31337
- file: 65.38.98.101
- hash: 31337
- file: 185.141.216.95
- hash: 31337
- file: 138.197.61.237
- hash: 31337
- file: 3.123.4.89
- hash: 21025
- file: 3.123.4.89
- hash: 1025
- file: 54.180.138.77
- hash: 7634
- file: 13.203.75.50
- hash: 21025
- file: 13.245.82.245
- hash: 9761
- file: 13.37.233.32
- hash: 8723
- file: 3.26.2.255
- hash: 902
- file: 171.227.30.106
- hash: 5001
- file: 108.141.125.190
- hash: 3333
- url: http://196.251.72.215:3000/
- url: http://196.251.72.216:3000/
- url: http://196.251.87.16/
- url: http://partner-id3695.com/
- url: https://odash.aarkernerse.com/
- domain: envio10-04-25.duckdns.org
- file: 185.94.29.209
- hash: 8080
- file: 194.59.30.194
- hash: 6606
- file: 194.59.30.194
- hash: 7707
- file: 194.59.30.194
- hash: 8808
- domain: boards-essential.gl.at.ply.gg
- domain: earth-schedules.gl.at.ply.gg
- domain: summer-malaysia.gl.at.ply.gg
- domain: technical-equally.gl.at.ply.g
- file: 111.180.190.199
- hash: 31880
- file: 111.180.190.199
- hash: 8848
- file: 176.65.134.55
- hash: 3470
- file: 77.105.161.9
- hash: 3232
- domain: bot.argus-services.xyz
- url: https://pastebin.com/raw/nfvynppg
- file: 107.174.85.153
- hash: 443
- file: 125.77.172.64
- hash: 8888
- file: 45.230.255.103
- hash: 8000
- file: 194.59.31.31
- hash: 2500
- url: https://pastebin.com/raw/00mybwuz
- file: 137.184.35.179
- hash: 8888
- file: 163.172.125.253
- hash: 400
- file: 13.250.199.140
- hash: 80
- file: 181.162.178.29
- hash: 8080
- domain: hiesa-56152.portmap.host
- domain: feb-travelers.gl.at.ply.gg
- file: 54.212.58.238
- hash: 32298
- file: 162.216.112.124
- hash: 8088
- file: 198.2.208.57
- hash: 1523
- domain: check.pikip.icu
- url: https://check.pikip.icu/gkcxv.google
- url: http://a8.xquwjhogz.ru/53lem5c/
- url: http://cjgo.qdgekfr.es/4duz/
- url: http://pub-4cb2d2ab6eaf43e8bf67c734cdf12e01.r2.dev/indexx.html?
- url: http://yw.vyponky.es/zwre/
- url: http://mm4c.kmyrtgic.com/ngk03wlh/$sealogistics.ve@slurpmail.net
- url: http://hkn.omxdjymjrp.es/da3ycqo0/
- url: http://tsd.oqitjjf.es/nongo/
- url: http://bvmffod.oqitjjf.es/nongo/
- url: http://if.wntfxw.es/iboctllz/
- url: http://bobcroft.me/wp-oistne/index.html
- url: http://gardon.blob.core.windows.net/gardon/gardon.html
- url: http://2fqw.ozeubkt.ru/bfakpv/
- url: http://x1.qkbnkruvtjo.es/uvq9w4jk/
- url: http://4d.examzl.es/22jxe9ka/
- url: http://ttp.mindlooip.ru/fvc68/
- url: http://4lw.tytprngxckyk.es/red/
- url: http://c5r.ykgznx.es/3bkuu985ym8vgeu/
- url: http://art.zkmwcsprv.es/iisbetmi/
- url: http://bhj9j.cgehpee.es/9crzk/
- url: http://4pl.bzlvvm.es/wpm6/
- url: http://8q.azpbc.es/wgfhz9i/
- url: http://mwp.riywmc.es/m0wvbcga/
- url: http://uja5.gpkfnynp.es/gqncds8idt8ti9j/
- url: http://v7wd.jbifnidlafjb.es/wqd2hea/
- url: http://kya8k-fdm4.hcwniwgrqy.es/rt5c/
- url: http://1y.zuxsc.es/dnvci/
- url: http://laucc-fdm4.hcwniwgrqy.es/rt5c/
- url: http://90.bpahhcicdbw.es/9rgxd7g5st7wqpf/
- url: http://gtnc.erwelrastoc.ru/kyt5d/
- url: http://4fu36-cosaction.hcwniwgrqy.es/rt5c/
- url: http://fpc8.usktcp.es/fkyj/
- url: http://api.us2.500apps.com/mailsend/v1/click/555860/372270/227/651/238?url=https%3a//hugofajardo.com.br/wp-content/bitill/prevents/bill/copper/go/loop/index&t=n#bwf0dghldy5jb2nocmfuqgfncmkub2hpby5nb3y=
- url: http://bjq.yclnjj.es/4swhfy2z/
- url: http://0eaw.ykgznx.es/3bkuu985ym8vgeu/
- url: http://uka.xvypywmiv.es/l1wvb/
- url: http://t6y.zdzhwsdskx.es/poavxb/
- url: http://bz.yyevowobz.es/mucnjv6/
- url: http://eb.kyvankvg.es/wdky1/
- url: http://gd.yvgherre.ru/rpsylky/
- url: http://htu.fzpoqs.es/cukg/
- url: http://tli.manisnionti.ru/9nge/
- url: http://ek.kyvankvg.es/wdky1/
- url: http://ilovecondo.net/redirectpage.aspx?url=https://hyi.ozsicprvvbo.ru/wox/
- url: http://hyi.ozsicprvvbo.ru/wox/
- url: http://fhhp.yclnjj.es/4swhfy2z/
- url: http://wl7.htheaded.ru/mwfbcbz/
- url: http://s8.ingolothy.ru/xbq3wdj/
- url: http://n1.izowddta.es/o97yr9kq/
- url: http://nt.maiupr.es/mcy5ppt/
- url: http://eastgold.xyxmusr.es/anewa/
- url: http://mbtrzn.sdcaznbe.es/o06kif/
- url: http://plfo.zdzhwsdskx.es/poavxb/
- url: http://oit.qlhtjv.es/1qbiaha/
- url: http://mongreta.blob.core.windows.net/mongreta/mongreta.html
- url: http://7xlg.rkqymjx.es/c7r4/
- url: http://nvzz.cxprnvhh.es/sguejwf/
- url: http://oqd.qwivrle.es/jxxf4rdj/
- url: http://4829482948294829482948294829482948482948.uronfecit.ru/hlnz62kk/
- url: http://pub-4cb2d2ab6eaf43e8bf67c734cdf12e01.r2.dev/indexx.html?3mail@slurpmail.net
- url: http://uivd.rzvpovoqysa.es/2ns5x6/
- url: http://yiv.stqevw.ru/mx2ovzlqy/%23xwlunders@slurpmail.net
- url: http://hp0vrx.utepfqpn.es/kehl/
- url: http://rff.rrtussgb.es/eqxhz/
- url: http://z9j.hflumi.es/ssxkohf/
- url: http://kxi.riywmc.es/m0wvbcga/
- url: http://y4.keusxhpgy.es/1jgkofpl/
- url: http://incture.xgtfctr.es/uocms/
- url: http://1nc.smlyhe.es/t6gxxj4z/
- url: http://t445xrxe.bavdaea.es/ppxzv/
- url: http://5jp.rbitatiab.ru/jgx71p/
- url: http://yv.qhynyhmkhob.es/uwqofq/
- url: http://bereila.blob.core.windows.net/bereila/bereila.html
- url: http://nnkn.oaczr.es/wclezf/
- url: http://6p.ziyzgd.es/hw30u4y6/
- url: http://ibi4.ueinrrv.es/joqz06s/
- url: http://ji.qslwif.es/tjor/
- url: http://oj.elindactori.ru/msg1w31/
- url: http://t5.wfuxsnwjnjb.es/activ/$/
- url: http://oyoa.wcjysnwknbgv.es/taine4k0/%23slee@slurpmail.net
- url: http://ndd.ifnqmlwx.es/1pcfpg/
- url: http://gaj6u.hjywaif.es/kgtkh4o0/
- url: http://pub-4cb2d2ab6eaf43e8bf67c734cdf12e01.r2.dev/indexx.html?matt.woodbury@slurpmail.net
- url: http://blog.tytprngxckyk.es/red/
- url: http://hze.phiachiphe.ru/xqczefkg/
- url: http://9rgf.datafforge.ru/xxzeoy/
- url: http://assignideate.dsudag.es/eme4si/
- url: http://cqne.zuxsc.es/dnvci/$mattf@jfrealestate.com
- url: http://dto.bpdaokygwg.es/70bdkbd4anto6gd/
- url: http://axcd.iwwhyw.es/w63ksk/
- url: http://hlq.lbhoci.es/f4mmzlxu/
- url: https://pstarofliught.top/wozd
- url: https://v7salaccgfa.top/gsooz
- url: https://3salaccgfa.top/gsooz
- url: https://dquilltayle.live/gksi
- url: https://lpiratetwrath.run/ytus
- file: 67.71.45.223
- hash: 2222
- file: 176.65.149.155
- hash: 8080
- url: https://lquilltayle.live/gksi
- file: 107.149.213.17
- hash: 1430
- file: 107.149.213.18
- hash: 1430
- file: 137.175.86.215
- hash: 1430
- file: 137.175.86.216
- hash: 1430
- file: 137.175.86.217
- hash: 1430
- file: 137.175.86.219
- hash: 1430
- file: 137.175.90.209
- hash: 1430
- file: 137.175.90.210
- hash: 1430
- file: 137.175.90.211
- hash: 1430
- file: 137.175.90.212
- hash: 1430
- file: 137.175.90.213
- hash: 1430
- file: 198.2.208.57
- hash: 1430
- file: 198.2.208.59
- hash: 1430
- file: 198.2.208.60
- hash: 1430
- file: 198.2.208.61
- hash: 1430
- file: 3.67.62.142
- hash: 18188
- url: https://wnighetwhisper.top/lekd
- url: https://check.carin.icu/gkcxv.google
- domain: check.carin.icu
- file: 47.93.25.72
- hash: 9088
- file: 107.148.49.212
- hash: 31337
- file: 203.245.0.121
- hash: 443
- file: 52.18.3.105
- hash: 4506
- file: 31.25.24.159
- hash: 7777
- file: 47.109.203.76
- hash: 8080
- file: 116.204.85.234
- hash: 80
- file: 101.36.122.13
- hash: 80
- file: 107.150.0.56
- hash: 8808
- url: https://kick.us.com/
- url: https://kick.us.com/fwgwng.bat
- file: 171.227.30.106
- hash: 5002
- file: 173.249.198.224
- hash: 8547
- file: 156.238.245.37
- hash: 8080
- file: 95.140.156.252
- hash: 80
- url: http://203.245.0.121
- file: 80.241.209.53
- hash: 12182
- domain: technical-equally.gl.at.ply.gg
- file: 45.88.186.43
- hash: 7232
- domain: r-tube.ru
- file: 43.139.50.42
- hash: 62005
- file: 31.58.51.98
- hash: 24529
- file: 31.58.51.98
- hash: 59999
- file: 51.38.137.114
- hash: 3771
- file: 103.178.235.240
- hash: 3778
- file: 103.178.235.240
- hash: 9555
- file: 104.168.101.27
- hash: 1412
- file: 104.168.101.27
- hash: 3211
- file: 176.65.137.221
- hash: 41214
- file: 176.65.137.221
- hash: 12312
- file: 176.65.138.240
- hash: 3778
- file: 176.65.140.174
- hash: 1995
- file: 176.65.140.174
- hash: 1337
- file: 176.65.141.183
- hash: 101
- file: 176.65.142.252
- hash: 25634
- file: 176.65.144.193
- hash: 26425
- file: 176.65.144.193
- hash: 44115
- file: 176.65.144.253
- hash: 9654
- file: 185.196.9.222
- hash: 2211
- file: 185.196.9.222
- hash: 7733
- file: 192.241.146.135
- hash: 3778
- file: 192.241.146.135
- hash: 9555
- file: 196.251.71.29
- hash: 56412
- file: 196.251.71.29
- hash: 25478
- file: 196.251.80.200
- hash: 3912
- file: 216.9.224.47
- hash: 1312
- file: 216.9.224.47
- hash: 3912
- file: 213.209.143.24
- hash: 34411
- file: 103.77.241.250
- hash: 2023
- file: 103.77.241.250
- hash: 2025
- file: 89.187.28.82
- hash: 3778
- file: 66.63.187.82
- hash: 6666
- file: 205.185.125.181
- hash: 56412
- file: 205.185.125.181
- hash: 420
- file: 61.7.209.115
- hash: 3211
- file: 61.7.209.115
- hash: 207
- file: 45.125.12.175
- hash: 23966
- domain: academy.entrepreneurwealthhub.com
- domain: hub.unlimitedcashflowevent.com
- domain: ceo.cowholesaling.com
- domain: newsite.iapmd.org
- domain: cpanel.buyjlindustriesonline.com
- domain: webmail.ebuildingsource.com
- domain: subscribe.bigeznola.com
- domain: customer.aaddigitalstrategies.com
- domain: regular.ptbaconsulting.com
- domain: check.pivum.icu
- url: https://check.pivum.icu/gkcxv.google
- file: 94.156.115.12
- hash: 43957
- domain: ddwall.duckdns.org
- domain: itunesextractor.com
- file: 120.27.162.47
- hash: 80
- file: 117.23.59.90
- hash: 8000
- file: 8.140.25.155
- hash: 8089
- file: 36.133.14.65
- hash: 9090
- file: 16.163.161.107
- hash: 53
- file: 3.8.78.144
- hash: 8808
- file: 109.120.137.57
- hash: 8808
- file: 46.201.81.233
- hash: 443
- domain: neathealth.beauty
- file: 146.56.51.149
- hash: 443
- domain: check.juket.icu
- url: https://check.juket.icu/gkcxv.google
- file: 146.19.170.222
- hash: 4443
- url: http://117.248.206.180:54905/mozi.m
- file: 47.97.0.235
- hash: 6666
- file: 45.227.253.91
- hash: 32400
- file: 47.99.169.201
- hash: 50050
- file: 1.94.105.46
- hash: 50050
- file: 84.46.239.239
- hash: 4443
- file: 37.13.39.51
- hash: 6001
- file: 54.90.144.239
- hash: 4321
- file: 67.217.228.14
- hash: 8080
- domain: given-neither.gl.at.ply.gg
- domain: botnet9.ddns.net
- file: 193.26.115.218
- hash: 8808
- file: 155.138.241.220
- hash: 8888
- file: 196.251.115.31
- hash: 5555
- file: 88.119.169.53
- hash: 7443
- file: 45.32.124.13
- hash: 4782
- file: 18.176.122.97
- hash: 80
- file: 45.144.50.8
- hash: 443
- url: https://check.letoq.icu/gkcxv.google
- domain: api.xiaoyaoruchu.com
ThreatFox IOCs for 2025-04-20
Medium
Published: Sun Apr 20 2025 (04/20/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-04-20
AI-Powered Analysis
AILast updated: 06/19/2025, 15:18:54 UTC
Technical Analysis
The provided threat intelligence pertains to a malware-related report titled "ThreatFox IOCs for 2025-04-20," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The entry is classified under the 'malware' type and is associated with OSINT (Open Source Intelligence) products, indicating that the information may be derived from publicly available sources or shared for awareness and defensive purposes. The technical details include a threat level rated as 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination or reach. However, there are no specific affected versions, CWE identifiers, patch links, or known exploits in the wild associated with this entry. The absence of concrete indicators of compromise (IOCs) such as hashes, IP addresses, or domain names limits the ability to perform detailed technical correlation or detection. The threat is tagged with 'tlp:white,' indicating that the information is intended for public sharing without restrictions. Overall, this entry appears to be a medium-severity malware-related intelligence update with limited technical specifics and no immediate evidence of active exploitation or targeted campaigns.
Potential Impact
Given the limited technical details and lack of known exploits in the wild, the immediate impact on European organizations is likely to be low to medium. However, the presence of malware-related intelligence suggests a potential risk if the threat evolves or if related malware variants emerge targeting systems within Europe. The absence of specific affected products or versions complicates targeted defense strategies. European organizations relying on OSINT feeds or threat intelligence platforms like ThreatFox may benefit from early awareness but should not consider this a direct or imminent threat without further contextual information. Potential impacts could include unauthorized access, data exfiltration, or disruption if the malware were to be weaponized or if related IOCs become active. The medium severity rating implies that while the threat is not critical, organizations should maintain vigilance, especially those in sectors with high exposure to malware threats such as finance, critical infrastructure, and government entities.
Mitigation Recommendations
Integrate ThreatFox and similar OSINT feeds into existing Security Information and Event Management (SIEM) systems to enhance detection capabilities for emerging IOCs. Conduct regular threat hunting exercises focusing on malware behaviors and patterns consistent with medium-level threats, even in the absence of specific IOCs. Maintain up-to-date endpoint protection solutions with heuristic and behavior-based detection to identify novel or unknown malware variants. Implement network segmentation and strict access controls to limit lateral movement should a malware infection occur. Educate security teams on the importance of monitoring OSINT sources and validating threat intelligence before operationalizing it. Establish incident response playbooks that include procedures for handling medium-severity malware threats, emphasizing containment and eradication. Regularly review and update vulnerability management programs to reduce attack surfaces that malware could exploit indirectly.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 88a0cef2-7922-4a3d-af21-6329c8d7252e
- Original Timestamp
- 1745193787
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file88.214.48.65 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.66 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.64 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.65 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.64 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.64 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.66 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.65 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.64 | Tofsee botnet C2 server (confidence level: 100%) | |
file147.185.221.27 | NjRAT botnet C2 server (confidence level: 75%) | |
file88.214.48.66 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.64 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.64 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.64 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.64 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.65 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.64 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.65 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.66 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.66 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.66 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.64 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.64 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.243.7.236 | DarkComet botnet C2 server (confidence level: 100%) | |
file88.214.48.66 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.66 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.65 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.66 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.66 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.65 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.66 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.64 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.66 | Tofsee botnet C2 server (confidence level: 100%) | |
file3.67.15.169 | NjRAT botnet C2 server (confidence level: 75%) | |
file35.157.111.131 | NjRAT botnet C2 server (confidence level: 75%) | |
file88.214.48.64 | Tofsee botnet C2 server (confidence level: 100%) | |
file88.214.48.65 | Tofsee botnet C2 server (confidence level: 100%) | |
file120.26.139.176 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file173.212.245.215 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file49.232.62.197 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file62.60.226.114 | Remcos botnet C2 server (confidence level: 100%) | |
file193.168.143.13 | Sliver botnet C2 server (confidence level: 100%) | |
file144.91.103.204 | Sliver botnet C2 server (confidence level: 100%) | |
file91.208.184.195 | Unknown malware botnet C2 server (confidence level: 100%) | |
file196.251.69.26 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.69.26 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.116.155 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file2.59.117.173 | Hook botnet C2 server (confidence level: 100%) | |
file83.217.209.65 | Hook botnet C2 server (confidence level: 100%) | |
file118.195.162.44 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file5.161.207.95 | Havoc botnet C2 server (confidence level: 100%) | |
file171.227.30.106 | Venom RAT botnet C2 server (confidence level: 100%) | |
file3.69.197.94 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file134.175.89.138 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file8.213.235.187 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file88.214.48.66 | Tofsee botnet C2 server (confidence level: 100%) | |
file212.237.218.41 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file196.251.90.83 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.79.160 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file84.247.148.249 | Sliver botnet C2 server (confidence level: 90%) | |
file23.227.167.188 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file47.128.167.206 | Hook botnet C2 server (confidence level: 100%) | |
file171.22.31.46 | Hook botnet C2 server (confidence level: 100%) | |
file196.251.87.16 | Hook botnet C2 server (confidence level: 100%) | |
file45.33.7.49 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.15.194.103 | Unknown malware botnet C2 server (confidence level: 100%) | |
file36.138.95.31 | Unknown malware botnet C2 server (confidence level: 100%) | |
file192.145.45.61 | Unknown malware botnet C2 server (confidence level: 100%) | |
file65.108.209.233 | Unknown malware botnet C2 server (confidence level: 100%) | |
file38.242.221.155 | Unknown malware botnet C2 server (confidence level: 100%) | |
file192.145.28.124 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.204.130.225 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.72.220.219 | Unknown malware botnet C2 server (confidence level: 100%) | |
file101.200.29.152 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.94.8.20 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.178.141.34 | Unknown malware botnet C2 server (confidence level: 100%) | |
file1.92.144.199 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.139.216.69 | Unknown malware botnet C2 server (confidence level: 100%) | |
file165.232.47.88 | Unknown malware botnet C2 server (confidence level: 100%) | |
file157.230.97.17 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.7.190.114 | Unknown malware botnet C2 server (confidence level: 100%) | |
file174.35.59.229 | Unknown malware botnet C2 server (confidence level: 100%) | |
file111.229.149.224 | Unknown malware botnet C2 server (confidence level: 100%) | |
file118.184.187.174 | Chaos botnet C2 server (confidence level: 100%) | |
file107.150.0.237 | Chaos botnet C2 server (confidence level: 100%) | |
file2.122.168.171 | QakBot botnet C2 server (confidence level: 100%) | |
file154.246.33.169 | QakBot botnet C2 server (confidence level: 100%) | |
file185.39.17.70 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file103.89.137.180 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file146.19.170.222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file2.57.241.52 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.9.146.38 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file43.133.72.43 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file124.70.203.28 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file47.93.135.155 | Sliver botnet C2 server (confidence level: 50%) | |
file43.131.5.83 | Sliver botnet C2 server (confidence level: 50%) | |
file65.38.98.101 | Sliver botnet C2 server (confidence level: 50%) | |
file185.141.216.95 | Sliver botnet C2 server (confidence level: 50%) | |
file138.197.61.237 | Sliver botnet C2 server (confidence level: 50%) | |
file3.123.4.89 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file3.123.4.89 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file54.180.138.77 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file13.203.75.50 | BlackShades botnet C2 server (confidence level: 50%) | |
file13.245.82.245 | BlackShades botnet C2 server (confidence level: 50%) | |
file13.37.233.32 | Unknown malware botnet C2 server (confidence level: 50%) | |
file3.26.2.255 | Unknown malware botnet C2 server (confidence level: 50%) | |
file171.227.30.106 | Venom RAT botnet C2 server (confidence level: 50%) | |
file108.141.125.190 | Unknown malware botnet C2 server (confidence level: 50%) | |
file185.94.29.209 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file194.59.30.194 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file194.59.30.194 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file194.59.30.194 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file111.180.190.199 | DCRat botnet C2 server (confidence level: 50%) | |
file111.180.190.199 | DCRat botnet C2 server (confidence level: 50%) | |
file176.65.134.55 | DCRat botnet C2 server (confidence level: 50%) | |
file77.105.161.9 | DCRat botnet C2 server (confidence level: 50%) | |
file107.174.85.153 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file125.77.172.64 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.230.255.103 | Remcos botnet C2 server (confidence level: 100%) | |
file194.59.31.31 | Remcos botnet C2 server (confidence level: 100%) | |
file137.184.35.179 | Unknown malware botnet C2 server (confidence level: 100%) | |
file163.172.125.253 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file13.250.199.140 | Hook botnet C2 server (confidence level: 100%) | |
file181.162.178.29 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file54.212.58.238 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file162.216.112.124 | BianLian botnet C2 server (confidence level: 100%) | |
file198.2.208.57 | XOR DDoS botnet C2 server (confidence level: 50%) | |
file67.71.45.223 | QakBot botnet C2 server (confidence level: 75%) | |
file176.65.149.155 | Meterpreter botnet C2 server (confidence level: 75%) | |
file107.149.213.17 | XOR DDoS botnet C2 server (confidence level: 75%) | |
file107.149.213.18 | XOR DDoS botnet C2 server (confidence level: 75%) | |
file137.175.86.215 | XOR DDoS botnet C2 server (confidence level: 75%) | |
file137.175.86.216 | XOR DDoS botnet C2 server (confidence level: 75%) | |
file137.175.86.217 | XOR DDoS botnet C2 server (confidence level: 75%) | |
file137.175.86.219 | XOR DDoS botnet C2 server (confidence level: 75%) | |
file137.175.90.209 | XOR DDoS botnet C2 server (confidence level: 75%) | |
file137.175.90.210 | XOR DDoS botnet C2 server (confidence level: 75%) | |
file137.175.90.211 | XOR DDoS botnet C2 server (confidence level: 75%) | |
file137.175.90.212 | XOR DDoS botnet C2 server (confidence level: 75%) | |
file137.175.90.213 | XOR DDoS botnet C2 server (confidence level: 75%) | |
file198.2.208.57 | XOR DDoS botnet C2 server (confidence level: 75%) | |
file198.2.208.59 | XOR DDoS botnet C2 server (confidence level: 75%) | |
file198.2.208.60 | XOR DDoS botnet C2 server (confidence level: 75%) | |
file198.2.208.61 | XOR DDoS botnet C2 server (confidence level: 75%) | |
file3.67.62.142 | NjRAT botnet C2 server (confidence level: 75%) | |
file47.93.25.72 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file107.148.49.212 | Sliver botnet C2 server (confidence level: 50%) | |
file203.245.0.121 | Kimsuky botnet C2 server (confidence level: 50%) | |
file52.18.3.105 | Unknown malware botnet C2 server (confidence level: 50%) | |
file31.25.24.159 | Unknown malware botnet C2 server (confidence level: 50%) | |
file47.109.203.76 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file116.204.85.234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.36.122.13 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.150.0.56 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file171.227.30.106 | Venom RAT botnet C2 server (confidence level: 100%) | |
file173.249.198.224 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
file156.238.245.37 | ERMAC botnet C2 server (confidence level: 100%) | |
file95.140.156.252 | Bashlite botnet C2 server (confidence level: 100%) | |
file80.241.209.53 | CapraRAT botnet C2 server (confidence level: 50%) | |
file45.88.186.43 | XWorm botnet C2 server (confidence level: 50%) | |
file43.139.50.42 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file31.58.51.98 | Mirai botnet C2 server (confidence level: 100%) | |
file31.58.51.98 | Mirai botnet C2 server (confidence level: 100%) | |
file51.38.137.114 | Mirai botnet C2 server (confidence level: 100%) | |
file103.178.235.240 | Mirai botnet C2 server (confidence level: 100%) | |
file103.178.235.240 | Mirai botnet C2 server (confidence level: 100%) | |
file104.168.101.27 | Mirai botnet C2 server (confidence level: 100%) | |
file104.168.101.27 | Mirai botnet C2 server (confidence level: 100%) | |
file176.65.137.221 | Mirai botnet C2 server (confidence level: 100%) | |
file176.65.137.221 | Mirai botnet C2 server (confidence level: 100%) | |
file176.65.138.240 | Mirai botnet C2 server (confidence level: 100%) | |
file176.65.140.174 | Mirai botnet C2 server (confidence level: 100%) | |
file176.65.140.174 | Mirai botnet C2 server (confidence level: 100%) | |
file176.65.141.183 | Mirai botnet C2 server (confidence level: 100%) | |
file176.65.142.252 | Mirai botnet C2 server (confidence level: 100%) | |
file176.65.144.193 | Mirai botnet C2 server (confidence level: 100%) | |
file176.65.144.193 | Mirai botnet C2 server (confidence level: 100%) | |
file176.65.144.253 | Mirai botnet C2 server (confidence level: 100%) | |
file185.196.9.222 | Mirai botnet C2 server (confidence level: 100%) | |
file185.196.9.222 | Mirai botnet C2 server (confidence level: 100%) | |
file192.241.146.135 | Mirai botnet C2 server (confidence level: 100%) | |
file192.241.146.135 | Mirai botnet C2 server (confidence level: 100%) | |
file196.251.71.29 | Mirai botnet C2 server (confidence level: 100%) | |
file196.251.71.29 | Mirai botnet C2 server (confidence level: 100%) | |
file196.251.80.200 | Mirai botnet C2 server (confidence level: 100%) | |
file216.9.224.47 | Mirai botnet C2 server (confidence level: 100%) | |
file216.9.224.47 | Mirai botnet C2 server (confidence level: 100%) | |
file213.209.143.24 | Mirai botnet C2 server (confidence level: 100%) | |
file103.77.241.250 | Mirai botnet C2 server (confidence level: 100%) | |
file103.77.241.250 | Mirai botnet C2 server (confidence level: 100%) | |
file89.187.28.82 | Mirai botnet C2 server (confidence level: 100%) | |
file66.63.187.82 | Mirai botnet C2 server (confidence level: 100%) | |
file205.185.125.181 | Mirai botnet C2 server (confidence level: 100%) | |
file205.185.125.181 | Mirai botnet C2 server (confidence level: 100%) | |
file61.7.209.115 | Mirai botnet C2 server (confidence level: 100%) | |
file61.7.209.115 | Mirai botnet C2 server (confidence level: 100%) | |
file45.125.12.175 | Bashlite botnet C2 server (confidence level: 75%) | |
file94.156.115.12 | MooBot botnet C2 server (confidence level: 75%) | |
file120.27.162.47 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file117.23.59.90 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.140.25.155 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file36.133.14.65 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file16.163.161.107 | ShadowPad botnet C2 server (confidence level: 90%) | |
file3.8.78.144 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file109.120.137.57 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file46.201.81.233 | Havoc botnet C2 server (confidence level: 100%) | |
file146.56.51.149 | Unknown malware botnet C2 server (confidence level: 100%) | |
file146.19.170.222 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file47.97.0.235 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file45.227.253.91 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file47.99.169.201 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file1.94.105.46 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file84.46.239.239 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
file37.13.39.51 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file54.90.144.239 | BlackShades botnet C2 server (confidence level: 50%) | |
file67.217.228.14 | FAKEUPDATES payload delivery server (confidence level: 50%) | |
file193.26.115.218 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file155.138.241.220 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.115.31 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file88.119.169.53 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.32.124.13 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file18.176.122.97 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
file45.144.50.8 | Meterpreter botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash422 | Tofsee botnet C2 server (confidence level: 100%) | |
hash420 | Tofsee botnet C2 server (confidence level: 100%) | |
hash428 | Tofsee botnet C2 server (confidence level: 100%) | |
hash430 | Tofsee botnet C2 server (confidence level: 100%) | |
hash420 | Tofsee botnet C2 server (confidence level: 100%) | |
hash419 | Tofsee botnet C2 server (confidence level: 100%) | |
hash428 | Tofsee botnet C2 server (confidence level: 100%) | |
hash420 | Tofsee botnet C2 server (confidence level: 100%) | |
hash430 | Tofsee botnet C2 server (confidence level: 100%) | |
hash47881 | NjRAT botnet C2 server (confidence level: 75%) | |
hash431 | Tofsee botnet C2 server (confidence level: 100%) | |
hash431 | Tofsee botnet C2 server (confidence level: 100%) | |
hash417 | Tofsee botnet C2 server (confidence level: 100%) | |
hash427 | Tofsee botnet C2 server (confidence level: 100%) | |
hash425 | Tofsee botnet C2 server (confidence level: 100%) | |
hash427 | Tofsee botnet C2 server (confidence level: 100%) | |
hash422 | Tofsee botnet C2 server (confidence level: 100%) | |
hash421 | Tofsee botnet C2 server (confidence level: 100%) | |
hash422 | Tofsee botnet C2 server (confidence level: 100%) | |
hash426 | Tofsee botnet C2 server (confidence level: 100%) | |
hashdee2ecb51fbfa2f1de9dbe9a7524da12 | Unknown malware payload (confidence level: 50%) | |
hashbcd51ee1df396f07af0b0a345a6dbaf4 | Unknown malware payload (confidence level: 50%) | |
hash935d7db2557d62a55a23b6020d42351c | Unknown malware payload (confidence level: 50%) | |
hashb5e1521ea5ffa2d5ec13cef61ffe363d | Unknown malware payload (confidence level: 50%) | |
hash423 | Tofsee botnet C2 server (confidence level: 100%) | |
hash423 | Tofsee botnet C2 server (confidence level: 100%) | |
hash421 | Tofsee botnet C2 server (confidence level: 100%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 100%) | |
hash425 | Tofsee botnet C2 server (confidence level: 100%) | |
hash424 | Tofsee botnet C2 server (confidence level: 100%) | |
hash426 | Tofsee botnet C2 server (confidence level: 100%) | |
hash419 | Tofsee botnet C2 server (confidence level: 100%) | |
hash429 | Tofsee botnet C2 server (confidence level: 100%) | |
hash429 | Tofsee botnet C2 server (confidence level: 100%) | |
hash418 | Tofsee botnet C2 server (confidence level: 100%) | |
hash429 | Tofsee botnet C2 server (confidence level: 100%) | |
hash417 | Tofsee botnet C2 server (confidence level: 100%) | |
hash13573 | NjRAT botnet C2 server (confidence level: 75%) | |
hash13573 | NjRAT botnet C2 server (confidence level: 75%) | |
hash416 | Tofsee botnet C2 server (confidence level: 100%) | |
hash418 | Tofsee botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash40103 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash7412 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8443 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8080 | Havoc botnet C2 server (confidence level: 100%) | |
hash9999 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash44818 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash10443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash427 | Tofsee botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 90%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4444 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1234 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1724 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash13333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash54681 | Chaos botnet C2 server (confidence level: 100%) | |
hash8080 | Chaos botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 100%) | |
hash8848 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash10443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash21025 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash1025 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash7634 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash21025 | BlackShades botnet C2 server (confidence level: 50%) | |
hash9761 | BlackShades botnet C2 server (confidence level: 50%) | |
hash8723 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash902 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash5001 | Venom RAT botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8080 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash31880 | DCRat botnet C2 server (confidence level: 50%) | |
hash8848 | DCRat botnet C2 server (confidence level: 50%) | |
hash3470 | DCRat botnet C2 server (confidence level: 50%) | |
hash3232 | DCRat botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8000 | Remcos botnet C2 server (confidence level: 100%) | |
hash2500 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash400 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash32298 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8088 | BianLian botnet C2 server (confidence level: 100%) | |
hash1523 | XOR DDoS botnet C2 server (confidence level: 50%) | |
hash2222 | QakBot botnet C2 server (confidence level: 75%) | |
hash8080 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash1430 | XOR DDoS botnet C2 server (confidence level: 75%) | |
hash1430 | XOR DDoS botnet C2 server (confidence level: 75%) | |
hash1430 | XOR DDoS botnet C2 server (confidence level: 75%) | |
hash1430 | XOR DDoS botnet C2 server (confidence level: 75%) | |
hash1430 | XOR DDoS botnet C2 server (confidence level: 75%) | |
hash1430 | XOR DDoS botnet C2 server (confidence level: 75%) | |
hash1430 | XOR DDoS botnet C2 server (confidence level: 75%) | |
hash1430 | XOR DDoS botnet C2 server (confidence level: 75%) | |
hash1430 | XOR DDoS botnet C2 server (confidence level: 75%) | |
hash1430 | XOR DDoS botnet C2 server (confidence level: 75%) | |
hash1430 | XOR DDoS botnet C2 server (confidence level: 75%) | |
hash1430 | XOR DDoS botnet C2 server (confidence level: 75%) | |
hash1430 | XOR DDoS botnet C2 server (confidence level: 75%) | |
hash1430 | XOR DDoS botnet C2 server (confidence level: 75%) | |
hash1430 | XOR DDoS botnet C2 server (confidence level: 75%) | |
hash18188 | NjRAT botnet C2 server (confidence level: 75%) | |
hash9088 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash443 | Kimsuky botnet C2 server (confidence level: 50%) | |
hash4506 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash7777 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5002 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8547 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
hash8080 | ERMAC botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash12182 | CapraRAT botnet C2 server (confidence level: 50%) | |
hash7232 | XWorm botnet C2 server (confidence level: 50%) | |
hash62005 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash24529 | Mirai botnet C2 server (confidence level: 100%) | |
hash59999 | Mirai botnet C2 server (confidence level: 100%) | |
hash3771 | Mirai botnet C2 server (confidence level: 100%) | |
hash3778 | Mirai botnet C2 server (confidence level: 100%) | |
hash9555 | Mirai botnet C2 server (confidence level: 100%) | |
hash1412 | Mirai botnet C2 server (confidence level: 100%) | |
hash3211 | Mirai botnet C2 server (confidence level: 100%) | |
hash41214 | Mirai botnet C2 server (confidence level: 100%) | |
hash12312 | Mirai botnet C2 server (confidence level: 100%) | |
hash3778 | Mirai botnet C2 server (confidence level: 100%) | |
hash1995 | Mirai botnet C2 server (confidence level: 100%) | |
hash1337 | Mirai botnet C2 server (confidence level: 100%) | |
hash101 | Mirai botnet C2 server (confidence level: 100%) | |
hash25634 | Mirai botnet C2 server (confidence level: 100%) | |
hash26425 | Mirai botnet C2 server (confidence level: 100%) | |
hash44115 | Mirai botnet C2 server (confidence level: 100%) | |
hash9654 | Mirai botnet C2 server (confidence level: 100%) | |
hash2211 | Mirai botnet C2 server (confidence level: 100%) | |
hash7733 | Mirai botnet C2 server (confidence level: 100%) | |
hash3778 | Mirai botnet C2 server (confidence level: 100%) | |
hash9555 | Mirai botnet C2 server (confidence level: 100%) | |
hash56412 | Mirai botnet C2 server (confidence level: 100%) | |
hash25478 | Mirai botnet C2 server (confidence level: 100%) | |
hash3912 | Mirai botnet C2 server (confidence level: 100%) | |
hash1312 | Mirai botnet C2 server (confidence level: 100%) | |
hash3912 | Mirai botnet C2 server (confidence level: 100%) | |
hash34411 | Mirai botnet C2 server (confidence level: 100%) | |
hash2023 | Mirai botnet C2 server (confidence level: 100%) | |
hash2025 | Mirai botnet C2 server (confidence level: 100%) | |
hash3778 | Mirai botnet C2 server (confidence level: 100%) | |
hash6666 | Mirai botnet C2 server (confidence level: 100%) | |
hash56412 | Mirai botnet C2 server (confidence level: 100%) | |
hash420 | Mirai botnet C2 server (confidence level: 100%) | |
hash3211 | Mirai botnet C2 server (confidence level: 100%) | |
hash207 | Mirai botnet C2 server (confidence level: 100%) | |
hash23966 | Bashlite botnet C2 server (confidence level: 75%) | |
hash43957 | MooBot botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8089 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9090 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash53 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash6666 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash32400 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash4443 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
hash6001 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash4321 | BlackShades botnet C2 server (confidence level: 50%) | |
hash8080 | FAKEUPDATES payload delivery server (confidence level: 50%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5555 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash80 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
hash443 | Meterpreter botnet C2 server (confidence level: 75%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainyet-continental.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 75%) | |
domaincheck.pejel.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainladoicese.org | Unknown malware payload delivery domain (confidence level: 100%) | |
domainkaohej.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaincore.kaohej.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainkaohej.info | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaincore.kaohej.info | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainkaohej.org | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaincore.kaohej.org | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainreact.socalmediazone.com | Hook botnet C2 domain (confidence level: 100%) | |
domaino.socalmediazone.com | Hook botnet C2 domain (confidence level: 100%) | |
domainautodiscover.aa.104-168-101-27.cprapid.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainlowwood.xyz | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domainenvio10-04-25.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainboards-essential.gl.at.ply.gg | DCRat botnet C2 domain (confidence level: 50%) | |
domainearth-schedules.gl.at.ply.gg | DCRat botnet C2 domain (confidence level: 50%) | |
domainsummer-malaysia.gl.at.ply.gg | DCRat botnet C2 domain (confidence level: 50%) | |
domaintechnical-equally.gl.at.ply.g | DCRat botnet C2 domain (confidence level: 50%) | |
domainbot.argus-services.xyz | Mirai botnet C2 domain (confidence level: 50%) | |
domainhiesa-56152.portmap.host | XWorm botnet C2 domain (confidence level: 50%) | |
domainfeb-travelers.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domaincheck.pikip.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.carin.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaintechnical-equally.gl.at.ply.gg | DCRat botnet C2 domain (confidence level: 50%) | |
domainr-tube.ru | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainacademy.entrepreneurwealthhub.com | FAKEUPDATES botnet C2 domain (confidence level: 50%) | |
domainhub.unlimitedcashflowevent.com | FAKEUPDATES botnet C2 domain (confidence level: 50%) | |
domainceo.cowholesaling.com | FAKEUPDATES botnet C2 domain (confidence level: 50%) | |
domainnewsite.iapmd.org | FAKEUPDATES botnet C2 domain (confidence level: 50%) | |
domaincpanel.buyjlindustriesonline.com | FAKEUPDATES botnet C2 domain (confidence level: 50%) | |
domainwebmail.ebuildingsource.com | FAKEUPDATES botnet C2 domain (confidence level: 50%) | |
domainsubscribe.bigeznola.com | FAKEUPDATES botnet C2 domain (confidence level: 50%) | |
domaincustomer.aaddigitalstrategies.com | FAKEUPDATES botnet C2 domain (confidence level: 50%) | |
domainregular.ptbaconsulting.com | FAKEUPDATES botnet C2 domain (confidence level: 50%) | |
domaincheck.pivum.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainddwall.duckdns.org | MooBot botnet C2 domain (confidence level: 75%) | |
domainitunesextractor.com | FAKEUPDATES payload delivery domain (confidence level: 80%) | |
domainneathealth.beauty | Havoc botnet C2 domain (confidence level: 100%) | |
domaincheck.juket.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaingiven-neither.gl.at.ply.gg | DCRat botnet C2 domain (confidence level: 50%) | |
domainbotnet9.ddns.net | Mirai botnet C2 domain (confidence level: 50%) | |
domainapi.xiaoyaoruchu.com | Cobalt Strike botnet C2 domain (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://172.82.91.106/p.txt | XOR DDoS payload delivery URL (confidence level: 100%) | |
urlhttps://dustfurniture.xyz/art.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttp://pancakebag.xyz/bik.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttp://auntapproval.icu/apr.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttp://auntapproval.icu/apri.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttps://3quilltayle.live/gksi | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://196.251.72.215:3000/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://196.251.72.216:3000/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://196.251.87.16/ | Hook botnet C2 (confidence level: 50%) | |
urlhttp://partner-id3695.com/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://odash.aarkernerse.com/ | Unknown RAT payload delivery URL (confidence level: 50%) | |
urlhttps://pastebin.com/raw/nfvynppg | NjRAT botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/raw/00mybwuz | XWorm botnet C2 (confidence level: 50%) | |
urlhttps://check.pikip.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://a8.xquwjhogz.ru/53lem5c/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://cjgo.qdgekfr.es/4duz/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://pub-4cb2d2ab6eaf43e8bf67c734cdf12e01.r2.dev/indexx.html? | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://yw.vyponky.es/zwre/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://mm4c.kmyrtgic.com/ngk03wlh/$sealogistics.ve@slurpmail.net | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://hkn.omxdjymjrp.es/da3ycqo0/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://tsd.oqitjjf.es/nongo/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://bvmffod.oqitjjf.es/nongo/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://if.wntfxw.es/iboctllz/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://bobcroft.me/wp-oistne/index.html | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://gardon.blob.core.windows.net/gardon/gardon.html | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://2fqw.ozeubkt.ru/bfakpv/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://x1.qkbnkruvtjo.es/uvq9w4jk/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://4d.examzl.es/22jxe9ka/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://ttp.mindlooip.ru/fvc68/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://4lw.tytprngxckyk.es/red/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://c5r.ykgznx.es/3bkuu985ym8vgeu/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://art.zkmwcsprv.es/iisbetmi/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://bhj9j.cgehpee.es/9crzk/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://4pl.bzlvvm.es/wpm6/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://8q.azpbc.es/wgfhz9i/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://mwp.riywmc.es/m0wvbcga/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://uja5.gpkfnynp.es/gqncds8idt8ti9j/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://v7wd.jbifnidlafjb.es/wqd2hea/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://kya8k-fdm4.hcwniwgrqy.es/rt5c/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://1y.zuxsc.es/dnvci/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://laucc-fdm4.hcwniwgrqy.es/rt5c/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://90.bpahhcicdbw.es/9rgxd7g5st7wqpf/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://gtnc.erwelrastoc.ru/kyt5d/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://4fu36-cosaction.hcwniwgrqy.es/rt5c/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://fpc8.usktcp.es/fkyj/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://api.us2.500apps.com/mailsend/v1/click/555860/372270/227/651/238?url=https%3a//hugofajardo.com.br/wp-content/bitill/prevents/bill/copper/go/loop/index&t=n#bwf0dghldy5jb2nocmfuqgfncmkub2hpby5nb3y= | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://bjq.yclnjj.es/4swhfy2z/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://0eaw.ykgznx.es/3bkuu985ym8vgeu/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://uka.xvypywmiv.es/l1wvb/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://t6y.zdzhwsdskx.es/poavxb/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://bz.yyevowobz.es/mucnjv6/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://eb.kyvankvg.es/wdky1/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://gd.yvgherre.ru/rpsylky/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://htu.fzpoqs.es/cukg/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://tli.manisnionti.ru/9nge/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://ek.kyvankvg.es/wdky1/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://ilovecondo.net/redirectpage.aspx?url=https://hyi.ozsicprvvbo.ru/wox/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://hyi.ozsicprvvbo.ru/wox/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://fhhp.yclnjj.es/4swhfy2z/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://wl7.htheaded.ru/mwfbcbz/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://s8.ingolothy.ru/xbq3wdj/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://n1.izowddta.es/o97yr9kq/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://nt.maiupr.es/mcy5ppt/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://eastgold.xyxmusr.es/anewa/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://mbtrzn.sdcaznbe.es/o06kif/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://plfo.zdzhwsdskx.es/poavxb/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://oit.qlhtjv.es/1qbiaha/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://mongreta.blob.core.windows.net/mongreta/mongreta.html | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://7xlg.rkqymjx.es/c7r4/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://nvzz.cxprnvhh.es/sguejwf/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://oqd.qwivrle.es/jxxf4rdj/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://4829482948294829482948294829482948482948.uronfecit.ru/hlnz62kk/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://pub-4cb2d2ab6eaf43e8bf67c734cdf12e01.r2.dev/indexx.html?3mail@slurpmail.net | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://uivd.rzvpovoqysa.es/2ns5x6/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://yiv.stqevw.ru/mx2ovzlqy/%23xwlunders@slurpmail.net | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://hp0vrx.utepfqpn.es/kehl/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://rff.rrtussgb.es/eqxhz/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://z9j.hflumi.es/ssxkohf/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://kxi.riywmc.es/m0wvbcga/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://y4.keusxhpgy.es/1jgkofpl/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://incture.xgtfctr.es/uocms/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://1nc.smlyhe.es/t6gxxj4z/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://t445xrxe.bavdaea.es/ppxzv/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://5jp.rbitatiab.ru/jgx71p/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://yv.qhynyhmkhob.es/uwqofq/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://bereila.blob.core.windows.net/bereila/bereila.html | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://nnkn.oaczr.es/wclezf/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://6p.ziyzgd.es/hw30u4y6/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://ibi4.ueinrrv.es/joqz06s/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://ji.qslwif.es/tjor/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://oj.elindactori.ru/msg1w31/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://t5.wfuxsnwjnjb.es/activ/$/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://oyoa.wcjysnwknbgv.es/taine4k0/%23slee@slurpmail.net | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://ndd.ifnqmlwx.es/1pcfpg/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://gaj6u.hjywaif.es/kgtkh4o0/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://pub-4cb2d2ab6eaf43e8bf67c734cdf12e01.r2.dev/indexx.html?matt.woodbury@slurpmail.net | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://blog.tytprngxckyk.es/red/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://hze.phiachiphe.ru/xqczefkg/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://9rgf.datafforge.ru/xxzeoy/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://assignideate.dsudag.es/eme4si/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://cqne.zuxsc.es/dnvci/$mattf@jfrealestate.com | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://dto.bpdaokygwg.es/70bdkbd4anto6gd/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://axcd.iwwhyw.es/w63ksk/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://hlq.lbhoci.es/f4mmzlxu/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://pstarofliught.top/wozd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://v7salaccgfa.top/gsooz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://3salaccgfa.top/gsooz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://dquilltayle.live/gksi | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://lpiratetwrath.run/ytus | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://lquilltayle.live/gksi | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://wnighetwhisper.top/lekd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://check.carin.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://kick.us.com/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://kick.us.com/fwgwng.bat | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttp://203.245.0.121 | Kimsuky botnet C2 (confidence level: 50%) | |
urlhttps://check.pivum.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.juket.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://117.248.206.180:54905/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttps://check.letoq.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) |
Threat ID: 682c7db3e8347ec82d2a5423
Added to database: 5/20/2025, 1:03:47 PM
Last enriched: 6/19/2025, 3:18:54 PM
Last updated: 8/2/2025, 5:02:09 PM
Views: 30
Related Threats
A Mega Malware Analysis Tutorial Featuring Donut-Generated Shellcode
MediumMalwareThu Aug 14 2025
PhantomCard: New NFC-driven Android malware emerging in Brazil
MediumMalwareThu Aug 14 2025
ThreatFox IOCs for 2025-08-13
MediumMalwareThu Aug 14 2025
Efimer Trojan Steals Crypto, Hacks WordPress Sites via Torrents and Phishing
MediumMalwareWed Aug 13 2025
Silent Watcher: Dissecting Cmimai Stealer's VBS Payload
MediumMalwareWed Aug 13 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.