ThreatFox IOCs for 2025-04-21
ThreatFox IOCs for 2025-04-21
AI Analysis
Technical Summary
The provided threat intelligence pertains to a malware-related entry titled "ThreatFox IOCs for 2025-04-21," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs). The threat is categorized under 'type:osint,' indicating it is primarily an open-source intelligence collection or dissemination rather than a direct exploit or vulnerability in a specific product. No specific affected software versions or products are identified, and there are no associated Common Weakness Enumerations (CWEs) or patch links, suggesting that this entry is more focused on sharing threat indicators rather than describing a novel vulnerability or exploit. The technical details indicate a threat level of 2 on an unspecified scale, with analysis and distribution scores of 1 and 3 respectively, implying moderate distribution but limited analysis depth. There are no known exploits in the wild, and no indicators of compromise are provided within the data. The absence of detailed technical specifics, such as malware behavior, attack vectors, or targeted systems, limits the ability to perform a deep technical dissection. However, the classification as malware and the medium severity rating suggest that the threat could potentially be used in campaigns involving malware dissemination or infection, possibly leveraging OSINT techniques for reconnaissance or targeting. The TLP (Traffic Light Protocol) white tag indicates that the information is publicly shareable without restriction, which aligns with the open-source nature of the data. Overall, this entry appears to be a general alert or repository update of malware-related IOCs rather than a description of a new or active threat campaign.
Potential Impact
Given the lack of specific affected products or detailed malware characteristics, the direct impact on European organizations is difficult to quantify precisely. However, the medium severity rating and malware classification imply potential risks such as unauthorized access, data exfiltration, or disruption of services if these IOCs are linked to active malware campaigns. European organizations, especially those relying heavily on open-source intelligence for threat detection or those in sectors commonly targeted by malware (e.g., finance, critical infrastructure, government), may face increased exposure if these IOCs correspond to emerging threats. The absence of known exploits in the wild reduces immediate risk but does not preclude future exploitation. The distribution score suggests moderate dissemination, which could lead to wider exposure if leveraged by threat actors. The lack of authentication or user interaction details prevents assessment of exploitation complexity, but malware threats generally pose risks to confidentiality, integrity, and availability of systems. Therefore, European entities should remain vigilant, particularly those with mature security operations centers (SOCs) that can integrate these IOCs into their detection frameworks to preempt potential infections.
Mitigation Recommendations
1. Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) and endpoint detection and response (EDR) tools to enhance detection capabilities against emerging malware threats. 2. Conduct regular threat hunting exercises using updated OSINT feeds to identify potential indicators related to this threat. 3. Maintain up-to-date malware signature databases and heuristic detection rules to improve identification of novel or polymorphic malware variants. 4. Enhance user awareness training focusing on recognizing phishing and social engineering tactics that often serve as initial infection vectors for malware. 5. Implement network segmentation and strict access controls to limit lateral movement in case of infection. 6. Employ robust backup and recovery procedures to mitigate the impact of potential ransomware or destructive malware. 7. Collaborate with national and European cybersecurity information sharing platforms to receive timely updates and share intelligence related to this threat. 8. Since no patches or specific vulnerabilities are identified, focus on general malware defense best practices and continuous monitoring rather than patch management for this specific threat.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- domain: tracklist22.pages.dev
- domain: security-check-l2j4.com
- domain: sound-designer-v21.pages.dev
- domain: morbulao.sbs
- domain: thefurrybazaar.biz
- file: 193.233.237.109
- hash: 1912
- domain: check.letoq.icu
- url: http://192.210.175.31/pages/login.php
- file: 8.138.125.200
- hash: 80
- file: 96.9.125.197
- hash: 1690
- file: 45.95.42.190
- hash: 8001
- file: 194.26.192.213
- hash: 7077
- file: 194.26.192.232
- hash: 7077
- file: 196.251.115.136
- hash: 8808
- domain: sslassla.com
- file: 192.46.223.145
- hash: 7443
- domain: ec2-47-128-167-206.ap-southeast-1.compute.amazonaws.com
- file: 207.244.236.115
- hash: 443
- file: 193.83.224.70
- hash: 4444
- file: 13.214.141.247
- hash: 5432
- file: 18.228.26.120
- hash: 10813
- file: 15.168.164.74
- hash: 11102
- file: 176.100.36.71
- hash: 80
- file: 185.193.125.249
- hash: 4000
- file: 63.133.222.220
- hash: 65122
- domain: vpn2.hackcrack.io
- file: 104.168.7.12
- hash: 50572
- file: 171.22.31.46
- hash: 8089
- file: 43.156.249.97
- hash: 6000
- file: 91.245.255.53
- hash: 40056
- domain: rnv.nxts.eu.org
- file: 45.33.7.49
- hash: 8000
- file: 45.33.7.49
- hash: 8090
- file: 172.105.213.140
- hash: 4444
- file: 172.105.213.140
- hash: 443
- file: 85.9.200.235
- hash: 4443
- file: 119.45.254.168
- hash: 60000
- file: 202.95.12.160
- hash: 60000
- file: 47.117.39.114
- hash: 60000
- file: 45.145.229.222
- hash: 60000
- file: 20.75.49.74
- hash: 3333
- file: 3.110.153.176
- hash: 3333
- file: 3.111.3.123
- hash: 3333
- file: 133.125.37.249
- hash: 3333
- file: 3.18.244.77
- hash: 3333
- file: 3.8.142.184
- hash: 3333
- file: 3.81.69.245
- hash: 5672
- file: 101.35.16.183
- hash: 3333
- file: 3.144.180.65
- hash: 4444
- file: 3.71.232.128
- hash: 80
- file: 3.71.232.128
- hash: 443
- file: 217.182.35.154
- hash: 3333
- hash: 9c5698924d4d1881efaf88651a304cb3
- hash: 448f1796fe8de02194b21c0715e0a5f6
- hash: b32a8951fc4c2e4c2d63d17200ca0032
- hash: 714b31629c37dee57038ca4e52ef65ac
- hash: 71c109f3bf4da2fc0173b9bcff07e979
- hash: 41050b2b9f619cdd9916e3bdd5b9f2f9
- hash: 0da1f4ede654e83241eaad7719a708a0
- hash: f94d17b5f232e9cfd2255ca9823cb18a
- hash: 8b3a45ebb7f2331e90ac57a2a20536fd
- hash: 8dbd57b042bc63b9ecdc9e3e5506ce85
- hash: a0efa7fb6dff1e035510ec1f42e083e4
- url: http://vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion/
- url: http://cuuhrxbg52c5agytmtjpwfu7mrs4xtaitc4mukkiy2kqdxeqbcmuhaid.onion/
- url: http://4ldgw2wuidqu5ef3rzx4byonf3y7rdnh43jiw2z4sbtjiwic6gkov7yd.onion/
- url: http://zktnif5vckhmz5tyrukp5bamatbfhkxjnb23rspsanyzywcrx3bvtqad.onion/
- url: http://77nrxelcwh47yikvpaz2rvtsten4sen2elybo5r5st6wlxsbitv255qd.onion/
- url: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion/
- url: http://p6wmotxzvg34tdmpwm4beqgrcyp5iys43snkccsahnw74la3k3xx6pad.onion/
- url: http://brain4zoadgr6clxecixffvxjsw43cflyprnpfeak72nfh664kqqriyd.onion/
- domain: vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion
- domain: cuuhrxbg52c5agytmtjpwfu7mrs4xtaitc4mukkiy2kqdxeqbcmuhaid.onion
- domain: 4ldgw2wuidqu5ef3rzx4byonf3y7rdnh43jiw2z4sbtjiwic6gkov7yd.onion
- domain: zktnif5vckhmz5tyrukp5bamatbfhkxjnb23rspsanyzywcrx3bvtqad.onion
- domain: 77nrxelcwh47yikvpaz2rvtsten4sen2elybo5r5st6wlxsbitv255qd.onion
- domain: mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
- domain: p6wmotxzvg34tdmpwm4beqgrcyp5iys43snkccsahnw74la3k3xx6pad.onion
- domain: brain4zoadgr6clxecixffvxjsw43cflyprnpfeak72nfh664kqqriyd.onion
- file: 23.254.228.84
- hash: 443
- file: 47.93.4.110
- hash: 8081
- file: 47.254.74.170
- hash: 13561
- file: 104.168.33.19
- hash: 2404
- file: 163.172.125.253
- hash: 406
- file: 196.251.118.210
- hash: 49998
- file: 63.176.170.74
- hash: 48382
- file: 13.231.249.197
- hash: 22305
- file: 18.156.77.132
- hash: 2000
- file: 18.156.77.132
- hash: 51200
- file: 18.180.239.207
- hash: 80
- file: 47.109.206.114
- hash: 443
- url: http://10.2.61.145:2222/vbs2
- url: https://sblackeblast.run/giabst
- file: 66.78.40.163
- hash: 46921
- file: 79.119.57.252
- hash: 443
- file: 154.201.75.152
- hash: 8088
- file: 154.12.22.15
- hash: 80
- file: 103.100.209.109
- hash: 443
- file: 8.138.119.70
- hash: 8443
- file: 185.9.146.38
- hash: 80
- domain: hemispherexz.top
- domain: equatorf.run
- domain: latitudert.live
- file: 107.189.28.127
- hash: 58431
- file: 8.212.124.162
- hash: 8888
- file: 121.37.23.116
- hash: 8080
- file: 43.139.124.56
- hash: 8888
- file: 43.139.124.56
- hash: 443
- file: 111.124.203.18
- hash: 443
- file: 42.192.114.39
- hash: 5555
- file: 115.120.196.108
- hash: 9999
- domain: ip143.ip-51-195-193.eu
- file: 189.142.53.80
- hash: 8080
- file: 176.65.144.95
- hash: 7707
- file: 23.227.167.188
- hash: 7707
- file: 128.90.106.169
- hash: 2000
- file: 128.90.106.169
- hash: 4000
- file: 128.90.106.169
- hash: 8808
- file: 196.251.116.131
- hash: 7707
- file: 82.147.88.84
- hash: 15747
- file: 84.32.25.119
- hash: 443
- file: 54.232.61.174
- hash: 29618
- file: 54.232.61.174
- hash: 44818
- file: 18.215.167.6
- hash: 104
- file: 18.215.167.6
- hash: 2454
- file: 47.119.142.39
- hash: 443
- url: https://8zestmodp.top/zeda
- url: https://vchangeaie.top/geps
- url: http://70.40.41.125:47097/mozi.m
- file: 152.136.17.91
- hash: 6666
- file: 185.156.175.60
- hash: 42827
- file: 43.134.118.235
- hash: 443
- file: 113.45.247.72
- hash: 9527
- file: 115.175.67.174
- hash: 1111
- file: 123.207.42.139
- hash: 9999
- file: 123.60.215.96
- hash: 9999
- file: 115.120.232.177
- hash: 4444
- file: 152.136.17.91
- hash: 50050
- file: 15.223.196.63
- hash: 50000
- file: 15.223.196.63
- hash: 50100
- file: 15.223.196.63
- hash: 8500
- file: 15.223.196.63
- hash: 8200
- file: 15.223.196.63
- hash: 17000
- file: 38.148.241.220
- hash: 31337
- file: 84.46.248.162
- hash: 31337
- file: 4.201.201.54
- hash: 31337
- file: 60.17.4.86
- hash: 7443
- file: 56.228.3.202
- hash: 4282
- file: 147.50.253.154
- hash: 1177
- file: 136.144.164.95
- hash: 8166
- file: 62.60.226.233
- hash: 3000
- url: https://v31v2x.ssafileaccess.ru/
- file: 3.25.125.234
- hash: 4782
- file: 31.223.72.70
- hash: 1604
- domain: carolina-candles.gl.at.ply.gg
- file: 45.144.214.123
- hash: 6374
- domain: background-estates.gl.at.ply.gg
- file: 196.251.80.109
- hash: 6969
- file: 195.206.234.30
- hash: 8041
- domain: textilmarkt.com
- domain: a1111903.xsph.ru
- domain: a1112024.xsph.ru
- domain: a1111976.xsph.ru
- domain: a1111617.xsph.ru
- domain: a1115545.xsph.ru
- domain: a1116616.xsph.ru
- file: 113.44.255.118
- hash: 80
- file: 39.106.159.206
- hash: 10086
- file: 8.154.40.38
- hash: 80
- domain: ns1.cmbsxfvpnsupport.website
- domain: ns2.cmbsxfvpnsupport.website
- file: 94.72.104.145
- hash: 443
- file: 101.35.6.67
- hash: 8888
- file: 176.65.139.78
- hash: 1952
- file: 196.251.115.182
- hash: 2404
- file: 107.172.4.163
- hash: 2404
- file: 172.81.132.221
- hash: 2121
- file: 13.217.2.22
- hash: 443
- file: 104.245.106.30
- hash: 8808
- file: 152.53.55.12
- hash: 7443
- file: 20.255.61.139
- hash: 80
- file: 47.242.209.239
- hash: 65503
- file: 172.190.216.61
- hash: 8081
- file: 51.44.8.103
- hash: 15000
- file: 176.120.66.174
- hash: 80
- url: https://vporcupineq.digital/gsoz
- file: 1.94.105.194
- hash: 8081
- file: 166.88.61.35
- hash: 443
- file: 166.88.61.35
- hash: 80
- file: 38.95.173.116
- hash: 443
- file: 38.95.173.116
- hash: 80
- file: 47.109.206.114
- hash: 8081
- file: 49.113.74.158
- hash: 8888
- file: 196.251.115.43
- hash: 8808
- file: 206.71.149.182
- hash: 8808
- file: 83.217.209.186
- hash: 8082
- file: 80.66.81.75
- hash: 443
- domain: ec2-13-233-246-131.ap-south-1.compute.amazonaws.com
- file: 88.119.175.233
- hash: 443
- domain: office300.duckdns.org
- domain: www.x-fx.net
- file: 35.181.61.21
- hash: 20095
- file: 35.180.71.126
- hash: 9300
- file: 35.180.71.126
- hash: 7000
- file: 95.164.38.201
- hash: 443
- file: 138.197.61.237
- hash: 8888
- file: 14.225.33.238
- hash: 80
- file: 191.112.11.31
- hash: 443
- file: 47.93.135.155
- hash: 8888
- file: 52.143.143.239
- hash: 443
- file: 85.103.143.121
- hash: 443
- file: 185.158.248.206
- hash: 443
- file: 69.55.62.10
- hash: 8080
- file: 69.55.62.10
- hash: 8081
- domain: ajs.july.cc
- domain: ej2a599x7hw7j.cfc-execute.su.baidubce.com
ThreatFox IOCs for 2025-04-21
Description
ThreatFox IOCs for 2025-04-21
AI-Powered Analysis
Technical Analysis
The provided threat intelligence pertains to a malware-related entry titled "ThreatFox IOCs for 2025-04-21," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs). The threat is categorized under 'type:osint,' indicating it is primarily an open-source intelligence collection or dissemination rather than a direct exploit or vulnerability in a specific product. No specific affected software versions or products are identified, and there are no associated Common Weakness Enumerations (CWEs) or patch links, suggesting that this entry is more focused on sharing threat indicators rather than describing a novel vulnerability or exploit. The technical details indicate a threat level of 2 on an unspecified scale, with analysis and distribution scores of 1 and 3 respectively, implying moderate distribution but limited analysis depth. There are no known exploits in the wild, and no indicators of compromise are provided within the data. The absence of detailed technical specifics, such as malware behavior, attack vectors, or targeted systems, limits the ability to perform a deep technical dissection. However, the classification as malware and the medium severity rating suggest that the threat could potentially be used in campaigns involving malware dissemination or infection, possibly leveraging OSINT techniques for reconnaissance or targeting. The TLP (Traffic Light Protocol) white tag indicates that the information is publicly shareable without restriction, which aligns with the open-source nature of the data. Overall, this entry appears to be a general alert or repository update of malware-related IOCs rather than a description of a new or active threat campaign.
Potential Impact
Given the lack of specific affected products or detailed malware characteristics, the direct impact on European organizations is difficult to quantify precisely. However, the medium severity rating and malware classification imply potential risks such as unauthorized access, data exfiltration, or disruption of services if these IOCs are linked to active malware campaigns. European organizations, especially those relying heavily on open-source intelligence for threat detection or those in sectors commonly targeted by malware (e.g., finance, critical infrastructure, government), may face increased exposure if these IOCs correspond to emerging threats. The absence of known exploits in the wild reduces immediate risk but does not preclude future exploitation. The distribution score suggests moderate dissemination, which could lead to wider exposure if leveraged by threat actors. The lack of authentication or user interaction details prevents assessment of exploitation complexity, but malware threats generally pose risks to confidentiality, integrity, and availability of systems. Therefore, European entities should remain vigilant, particularly those with mature security operations centers (SOCs) that can integrate these IOCs into their detection frameworks to preempt potential infections.
Mitigation Recommendations
1. Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) and endpoint detection and response (EDR) tools to enhance detection capabilities against emerging malware threats. 2. Conduct regular threat hunting exercises using updated OSINT feeds to identify potential indicators related to this threat. 3. Maintain up-to-date malware signature databases and heuristic detection rules to improve identification of novel or polymorphic malware variants. 4. Enhance user awareness training focusing on recognizing phishing and social engineering tactics that often serve as initial infection vectors for malware. 5. Implement network segmentation and strict access controls to limit lateral movement in case of infection. 6. Employ robust backup and recovery procedures to mitigate the impact of potential ransomware or destructive malware. 7. Collaborate with national and European cybersecurity information sharing platforms to receive timely updates and share intelligence related to this threat. 8. Since no patches or specific vulnerabilities are identified, focus on general malware defense best practices and continuous monitoring rather than patch management for this specific threat.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 31937e5c-a8ad-4fdc-a765-3f32078ce752
- Original Timestamp
- 1745280186
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domaintracklist22.pages.dev | ClearFake payload delivery domain (confidence level: 100%) | |
domainsecurity-check-l2j4.com | ClearFake payload delivery domain (confidence level: 100%) | |
domainsound-designer-v21.pages.dev | ClearFake payload delivery domain (confidence level: 100%) | |
domainmorbulao.sbs | ClearFake payload delivery domain (confidence level: 100%) | |
domainthefurrybazaar.biz | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.letoq.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainsslassla.com | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainec2-47-128-167-206.ap-southeast-1.compute.amazonaws.com | Hook botnet C2 domain (confidence level: 100%) | |
domainvpn2.hackcrack.io | NjRAT botnet C2 domain (confidence level: 75%) | |
domainrnv.nxts.eu.org | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainvkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion | Unknown malware botnet C2 domain (confidence level: 50%) | |
domaincuuhrxbg52c5agytmtjpwfu7mrs4xtaitc4mukkiy2kqdxeqbcmuhaid.onion | Unknown malware botnet C2 domain (confidence level: 50%) | |
domain4ldgw2wuidqu5ef3rzx4byonf3y7rdnh43jiw2z4sbtjiwic6gkov7yd.onion | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainzktnif5vckhmz5tyrukp5bamatbfhkxjnb23rspsanyzywcrx3bvtqad.onion | Unknown malware botnet C2 domain (confidence level: 50%) | |
domain77nrxelcwh47yikvpaz2rvtsten4sen2elybo5r5st6wlxsbitv255qd.onion | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainmybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainp6wmotxzvg34tdmpwm4beqgrcyp5iys43snkccsahnw74la3k3xx6pad.onion | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainbrain4zoadgr6clxecixffvxjsw43cflyprnpfeak72nfh664kqqriyd.onion | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainhemispherexz.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainequatorf.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainlatitudert.live | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainip143.ip-51-195-193.eu | Remcos botnet C2 domain (confidence level: 100%) | |
domaincarolina-candles.gl.at.ply.gg | DCRat botnet C2 domain (confidence level: 50%) | |
domainbackground-estates.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domaintextilmarkt.com | Unknown RAT botnet C2 domain (confidence level: 50%) | |
domaina1111903.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1112024.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1111976.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1111617.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1115545.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1116616.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainns1.cmbsxfvpnsupport.website | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns2.cmbsxfvpnsupport.website | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainec2-13-233-246-131.ap-south-1.compute.amazonaws.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainoffice300.duckdns.org | Havoc botnet C2 domain (confidence level: 100%) | |
domainwww.x-fx.net | Havoc botnet C2 domain (confidence level: 100%) | |
domainajs.july.cc | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainej2a599x7hw7j.cfc-execute.su.baidubce.com | Cobalt Strike botnet C2 domain (confidence level: 75%) |
File
| Value | Description | Copy |
|---|---|---|
file193.233.237.109 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file8.138.125.200 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file96.9.125.197 | DarkComet botnet C2 server (confidence level: 100%) | |
file45.95.42.190 | Sliver botnet C2 server (confidence level: 100%) | |
file194.26.192.213 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file194.26.192.232 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.115.136 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file192.46.223.145 | Unknown malware botnet C2 server (confidence level: 100%) | |
file207.244.236.115 | Havoc botnet C2 server (confidence level: 100%) | |
file193.83.224.70 | DCRat botnet C2 server (confidence level: 100%) | |
file13.214.141.247 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file18.228.26.120 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file15.168.164.74 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file176.100.36.71 | MooBot botnet C2 server (confidence level: 100%) | |
file185.193.125.249 | Unknown malware botnet C2 server (confidence level: 100%) | |
file63.133.222.220 | NjRAT botnet C2 server (confidence level: 75%) | |
file104.168.7.12 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file171.22.31.46 | Hook botnet C2 server (confidence level: 100%) | |
file43.156.249.97 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file91.245.255.53 | Havoc botnet C2 server (confidence level: 100%) | |
file45.33.7.49 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.33.7.49 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.105.213.140 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.105.213.140 | Unknown malware botnet C2 server (confidence level: 100%) | |
file85.9.200.235 | Sliver botnet C2 server (confidence level: 100%) | |
file119.45.254.168 | Unknown malware botnet C2 server (confidence level: 100%) | |
file202.95.12.160 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.117.39.114 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.145.229.222 | Unknown malware botnet C2 server (confidence level: 100%) | |
file20.75.49.74 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.110.153.176 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.111.3.123 | Unknown malware botnet C2 server (confidence level: 100%) | |
file133.125.37.249 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.18.244.77 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.8.142.184 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.81.69.245 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file101.35.16.183 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.144.180.65 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.71.232.128 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.71.232.128 | Unknown malware botnet C2 server (confidence level: 100%) | |
file217.182.35.154 | Unknown malware botnet C2 server (confidence level: 100%) | |
file23.254.228.84 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.93.4.110 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.254.74.170 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file104.168.33.19 | Remcos botnet C2 server (confidence level: 100%) | |
file163.172.125.253 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.118.210 | Havoc botnet C2 server (confidence level: 100%) | |
file63.176.170.74 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.231.249.197 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file18.156.77.132 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file18.156.77.132 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file18.180.239.207 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
file47.109.206.114 | Unknown malware botnet C2 server (confidence level: 100%) | |
file66.78.40.163 | Havoc botnet C2 server (confidence level: 75%) | |
file79.119.57.252 | QakBot botnet C2 server (confidence level: 75%) | |
file154.201.75.152 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.12.22.15 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.100.209.109 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.138.119.70 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.9.146.38 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file107.189.28.127 | MooBot botnet C2 server (confidence level: 75%) | |
file8.212.124.162 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.37.23.116 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.139.124.56 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.139.124.56 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.124.203.18 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file42.192.114.39 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file115.120.196.108 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file189.142.53.80 | Sliver botnet C2 server (confidence level: 100%) | |
file176.65.144.95 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file23.227.167.188 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.106.169 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.106.169 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.106.169 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.116.131 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file82.147.88.84 | SectopRAT botnet C2 server (confidence level: 100%) | |
file84.32.25.119 | Havoc botnet C2 server (confidence level: 100%) | |
file54.232.61.174 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file54.232.61.174 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file18.215.167.6 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file18.215.167.6 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file47.119.142.39 | Unknown malware botnet C2 server (confidence level: 100%) | |
file152.136.17.91 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file185.156.175.60 | Remcos botnet C2 server (confidence level: 75%) | |
file43.134.118.235 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file113.45.247.72 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file115.175.67.174 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file123.207.42.139 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file123.60.215.96 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file115.120.232.177 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file152.136.17.91 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file15.223.196.63 | BlackShades botnet C2 server (confidence level: 50%) | |
file15.223.196.63 | BlackShades botnet C2 server (confidence level: 50%) | |
file15.223.196.63 | BlackShades botnet C2 server (confidence level: 50%) | |
file15.223.196.63 | BlackShades botnet C2 server (confidence level: 50%) | |
file15.223.196.63 | BlackShades botnet C2 server (confidence level: 50%) | |
file38.148.241.220 | Sliver botnet C2 server (confidence level: 50%) | |
file84.46.248.162 | Sliver botnet C2 server (confidence level: 50%) | |
file4.201.201.54 | Sliver botnet C2 server (confidence level: 50%) | |
file60.17.4.86 | Unknown malware botnet C2 server (confidence level: 50%) | |
file56.228.3.202 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file147.50.253.154 | NjRAT botnet C2 server (confidence level: 50%) | |
file136.144.164.95 | Unknown malware botnet C2 server (confidence level: 50%) | |
file62.60.226.233 | Unknown Loader botnet C2 server (confidence level: 50%) | |
file3.25.125.234 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file31.223.72.70 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file45.144.214.123 | Remcos botnet C2 server (confidence level: 50%) | |
file196.251.80.109 | XWorm botnet C2 server (confidence level: 50%) | |
file195.206.234.30 | Unknown RAT botnet C2 server (confidence level: 50%) | |
file113.44.255.118 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.106.159.206 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.154.40.38 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file94.72.104.145 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.35.6.67 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file176.65.139.78 | Remcos botnet C2 server (confidence level: 100%) | |
file196.251.115.182 | Remcos botnet C2 server (confidence level: 100%) | |
file107.172.4.163 | Remcos botnet C2 server (confidence level: 100%) | |
file172.81.132.221 | Remcos botnet C2 server (confidence level: 100%) | |
file13.217.2.22 | Sliver botnet C2 server (confidence level: 100%) | |
file104.245.106.30 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file152.53.55.12 | Unknown malware botnet C2 server (confidence level: 100%) | |
file20.255.61.139 | Havoc botnet C2 server (confidence level: 100%) | |
file47.242.209.239 | DCRat botnet C2 server (confidence level: 100%) | |
file172.190.216.61 | DCRat botnet C2 server (confidence level: 100%) | |
file51.44.8.103 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file176.120.66.174 | MooBot botnet C2 server (confidence level: 100%) | |
file1.94.105.194 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file166.88.61.35 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file166.88.61.35 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.95.173.116 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.95.173.116 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file47.109.206.114 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file49.113.74.158 | Unknown malware botnet C2 server (confidence level: 100%) | |
file196.251.115.43 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file206.71.149.182 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file83.217.209.186 | Hook botnet C2 server (confidence level: 100%) | |
file80.66.81.75 | Havoc botnet C2 server (confidence level: 100%) | |
file88.119.175.233 | Havoc botnet C2 server (confidence level: 100%) | |
file35.181.61.21 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file35.180.71.126 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file35.180.71.126 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file95.164.38.201 | Stealc botnet C2 server (confidence level: 100%) | |
file138.197.61.237 | Sliver botnet C2 server (confidence level: 75%) | |
file14.225.33.238 | Havoc botnet C2 server (confidence level: 75%) | |
file191.112.11.31 | QakBot botnet C2 server (confidence level: 75%) | |
file47.93.135.155 | Sliver botnet C2 server (confidence level: 75%) | |
file52.143.143.239 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file85.103.143.121 | QakBot botnet C2 server (confidence level: 75%) | |
file185.158.248.206 | Meterpreter botnet C2 server (confidence level: 75%) | |
file69.55.62.10 | Meterpreter botnet C2 server (confidence level: 75%) | |
file69.55.62.10 | Meterpreter botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash1912 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1690 | DarkComet botnet C2 server (confidence level: 100%) | |
hash8001 | Sliver botnet C2 server (confidence level: 100%) | |
hash7077 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7077 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash4444 | DCRat botnet C2 server (confidence level: 100%) | |
hash5432 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash10813 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash11102 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash4000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash65122 | NjRAT botnet C2 server (confidence level: 75%) | |
hash50572 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash6000 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash40056 | Havoc botnet C2 server (confidence level: 100%) | |
hash8000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8090 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4444 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4443 | Sliver botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5672 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4444 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9c5698924d4d1881efaf88651a304cb3 | Unknown malware payload (confidence level: 50%) | |
hash448f1796fe8de02194b21c0715e0a5f6 | Unknown malware payload (confidence level: 50%) | |
hashb32a8951fc4c2e4c2d63d17200ca0032 | Unknown malware payload (confidence level: 50%) | |
hash714b31629c37dee57038ca4e52ef65ac | Unknown malware payload (confidence level: 50%) | |
hash71c109f3bf4da2fc0173b9bcff07e979 | Unknown malware payload (confidence level: 50%) | |
hash41050b2b9f619cdd9916e3bdd5b9f2f9 | Unknown malware payload (confidence level: 50%) | |
hash0da1f4ede654e83241eaad7719a708a0 | Unknown malware payload (confidence level: 50%) | |
hashf94d17b5f232e9cfd2255ca9823cb18a | Unknown malware payload (confidence level: 50%) | |
hash8b3a45ebb7f2331e90ac57a2a20536fd | Unknown malware payload (confidence level: 50%) | |
hash8dbd57b042bc63b9ecdc9e3e5506ce85 | Unknown malware payload (confidence level: 50%) | |
hasha0efa7fb6dff1e035510ec1f42e083e4 | Unknown malware payload (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash13561 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash406 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash49998 | Havoc botnet C2 server (confidence level: 100%) | |
hash48382 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash22305 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash2000 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash51200 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash46921 | Havoc botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash58431 | MooBot botnet C2 server (confidence level: 75%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5555 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Sliver botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash15747 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash29618 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash44818 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash104 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash2454 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6666 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash42827 | Remcos botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash9527 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash1111 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50000 | BlackShades botnet C2 server (confidence level: 50%) | |
hash50100 | BlackShades botnet C2 server (confidence level: 50%) | |
hash8500 | BlackShades botnet C2 server (confidence level: 50%) | |
hash8200 | BlackShades botnet C2 server (confidence level: 50%) | |
hash17000 | BlackShades botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash4282 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash1177 | NjRAT botnet C2 server (confidence level: 50%) | |
hash8166 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash3000 | Unknown Loader botnet C2 server (confidence level: 50%) | |
hash4782 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash1604 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash6374 | Remcos botnet C2 server (confidence level: 50%) | |
hash6969 | XWorm botnet C2 server (confidence level: 50%) | |
hash8041 | Unknown RAT botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash10086 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1952 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2121 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash65503 | DCRat botnet C2 server (confidence level: 100%) | |
hash8081 | DCRat botnet C2 server (confidence level: 100%) | |
hash15000 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash20095 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash9300 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash7000 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | Stealc botnet C2 server (confidence level: 100%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash80 | Havoc botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash8080 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash8081 | Meterpreter botnet C2 server (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://192.210.175.31/pages/login.php | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://cuuhrxbg52c5agytmtjpwfu7mrs4xtaitc4mukkiy2kqdxeqbcmuhaid.onion/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://4ldgw2wuidqu5ef3rzx4byonf3y7rdnh43jiw2z4sbtjiwic6gkov7yd.onion/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://zktnif5vckhmz5tyrukp5bamatbfhkxjnb23rspsanyzywcrx3bvtqad.onion/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://77nrxelcwh47yikvpaz2rvtsten4sen2elybo5r5st6wlxsbitv255qd.onion/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://p6wmotxzvg34tdmpwm4beqgrcyp5iys43snkccsahnw74la3k3xx6pad.onion/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://brain4zoadgr6clxecixffvxjsw43cflyprnpfeak72nfh664kqqriyd.onion/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://10.2.61.145:2222/vbs2 | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttps://sblackeblast.run/giabst | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://8zestmodp.top/zeda | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://vchangeaie.top/geps | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://70.40.41.125:47097/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttps://v31v2x.ssafileaccess.ru/ | Unknown RAT payload delivery URL (confidence level: 50%) | |
urlhttps://vporcupineq.digital/gsoz | Lumma Stealer botnet C2 (confidence level: 75%) |
Threat ID: 682c7db2e8347ec82d2a4052
Added to database: 5/20/2025, 1:03:46 PM
Last enriched: 6/19/2025, 2:50:03 PM
Last updated: 8/11/2025, 9:58:09 AM
Views: 13
Related Threats
AI brings back real trojan horse malware
MediumMalvertising campaign leads to PS1Bot, a multi-stage malware framework
MediumThreatFox IOCs for 2025-08-12
MediumChallenge for human and AI reverse engineers
MediumA New Threat Actor Targeting Geopolitical Hotbeds
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.