ThreatFox IOCs for 2025-04-22
Severity: mediumType: malware
ThreatFox IOCs for 2025-04-22
AI Analysis
Technical Summary
The provided threat intelligence relates to a malware-related report titled "ThreatFox IOCs for 2025-04-22," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under "type:osint," indicating it primarily involves open-source intelligence data rather than a specific malware family or exploit targeting a particular software product. No specific affected product versions or detailed technical indicators are provided, and there are no known exploits in the wild associated with this report at the time of publication. The threat level is indicated as 2 on an unspecified scale, with analysis and distribution scores of 1 and 3 respectively, suggesting moderate dissemination of the intelligence but limited detailed analysis or confirmed impact. The absence of CWEs, patch links, or technical details about the malware's behavior limits the ability to precisely characterize the threat vector or attack methodology. The medium severity tag suggests a moderate risk level, likely due to the potential for this malware or related IOCs to be used in reconnaissance or initial infection stages rather than immediate critical system compromise. The lack of authentication or user interaction requirements is not explicitly stated, but given the OSINT nature and absence of exploit data, it is likely that exploitation would require some level of user or system interaction. Overall, this threat intelligence appears to be an early-stage or informational report on malware-related indicators without confirmed active exploitation or widespread impact at this time.
Potential Impact
For European organizations, the impact of this threat is currently limited due to the absence of known active exploits and the lack of detailed technical indicators. However, the presence of malware-related IOCs in open-source intelligence can signal emerging threats that may be leveraged in targeted attacks, phishing campaigns, or reconnaissance activities. Organizations relying on OSINT for threat detection should consider integrating these IOCs into their monitoring systems to enhance early warning capabilities. The medium severity suggests that while immediate disruption or data compromise is unlikely, there is potential for this threat to evolve or be incorporated into more sophisticated attack chains. European entities in sectors with high exposure to cyber threats—such as finance, critical infrastructure, and government—should remain vigilant. The lack of specific affected products or versions means that the threat could be broadly applicable, increasing the risk of opportunistic attacks if the malware or its variants become weaponized.
Mitigation Recommendations
Given the limited technical details, mitigation should focus on proactive threat intelligence integration and general best practices tailored to OSINT-derived threats: 1) Incorporate the provided IOCs into Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) tools to enable early detection of related indicators. 2) Enhance monitoring of network traffic and system logs for anomalous behavior that may correlate with the reported IOCs. 3) Conduct regular threat hunting exercises focusing on emerging malware signatures and behaviors consistent with the medium severity level. 4) Educate security teams on the importance of OSINT sources like ThreatFox to maintain situational awareness. 5) Maintain up-to-date patching and vulnerability management programs, even though no specific patches are linked, to reduce the attack surface for potential exploitation. 6) Implement strict access controls and network segmentation to limit lateral movement if initial compromise occurs. 7) Prepare incident response playbooks that include procedures for handling malware infections identified through OSINT indicators. These steps go beyond generic advice by emphasizing the integration and operationalization of OSINT data within existing security frameworks.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium, Sweden, Finland
Indicators of Compromise
- domain: newtsda.digital
- domain: snailzg.digital
- domain: crabw.digital
- domain: whippetzx.digital
- domain: zebrai.digital
- domain: hedgehocvg.digital
- domain: tapiretre.digital
- domain: dolphine.digital
- domain: ferretwq.digital
- domain: remorar.digital
- domain: slothwe.digital
- domain: goldfisher.digital
- domain: cpanel.freein-deed.com
- domain: kajec.icu
- domain: rhfvjck.pages.dev
- domain: betiv.fun
- domain: h1.wieldercherub.top
- domain: 886132-coinbase.com
- domain: bookviewreserves.click
- url: https://fuckhdmov.top/desk/loop.js
- domain: fuckhdmov.top
- url: https://fuckhdmov.top/desk/select.js
- url: https://fuckhdmov.top/desk/vis.php
- url: https://itradepay.com/key.zip
- domain: itradepay.com
- file: 94.158.245.81
- hash: 443
- url: https://nettixx.com/4w2e.js
- domain: nettixx.com
- url: https://nettixx.com/js.php
- domain: dashes.cc
- domain: boostcmc.run
- file: 193.161.193.99
- hash: 23612
- domain: kitikixoroshie-23612.portmap.io
- domain: jrtersdfg.pages.dev
- hash: 2fec6773db18d3c4f681fd48fd4e81e1a199419a236118c3347690c0c7c972a6
- hash: 26d66fabea48da55d5fc15a9f7ba07c8e0f28cd3050a20fe5b80c5ab94288037
- file: 147.185.221.27
- hash: 51048
- url: http://ow5dirasuek.com/
- url: http://mkkuei4kdsz.com/
- url: http://lousta.net/
- hash: 0781f7b4128f14317944da5f031650abd4d62d8064b822d97650370477051178
- hash: c437cdf7aac72905317d03eeccfe7ef93519d48742402790b33951fa1b438089
- hash: 0201d2bbe53ec3b7967156f537f896335a381290b4bcf13b06cae21601599e9f
- hash: a0d3fe41b049f46ce46b1cb7ff5e50c8ac6f90b611ee4ce2ae93bfdc6665f9b2
- hash: db48c33fe6f31d410cc958144a0316e119b88b5bdb304eb14bd76fd94d9e5539
- hash: 3492e905d4d5c4a9c63d959d5ce52de8fed9107cace73f5b6ee824a64f860e74
- hash: 3e3c582e1e78c091065c08d32bb5fc61500464f4a74aabe3ab78015ca3f9ee8d
- hash: 41f104c3c18989b80506e90e2e6ad13845e32dc8cabe5b0aecd62ce4bcff3630
- hash: f86a8b33b8c28d76e63812e2cbdecda6fb01e31a97381030951908f843a9e8e7
- hash: 2e6a4c3a338abe691948397d70d6440499fd0e180045c054454cba786a212963
- hash: 8381c3465ec5807f5f28770a8b6ecc735b6d1ab878d636706e8b36f1346d79e2
- hash: 89932b22719de8a9216e5c0a48056f02c2df6a4b06edf3082fdb1c5b7fb1a5aa
- hash: 96190f4bbd67d54598e4d417e436f73cef4988d1ba0a9ff90444ade07c354a0f
- hash: 10ba5fea2e19b769a9bbe9f2243eb0f1885945df0bed2e71e1784901faf2b5f4
- hash: 306623e19147e9a5a4559c2ee15cda08cdbc01f37af2cb2254a4481f76e21d33
- hash: 3b38895db1e8907f3dddd0bca01d50d7316a03dbecfb5e141690297d190a1800
- domain: umpmfss.top
- url: https://umpmfss.top/files/index.php
- url: https://umpmfss.top/files/loop.js
- url: https://umpmfss.top/files/vis.php
- url: https://manwithedhelp.top/files/vi.php
- hash: 452443f4bf7213429571530dff511422a9dae1ea50a75df68ff21cef25cd463a
- hash: e04838e474ec55e88bf529373cfac6a230204c0b3443694907ebbea83ce98153
- hash: 182ec39b0010d3197542d3062699b2c05d5ceceeff730d891e88271453b8dd58
- hash: 9d2f27acc0315d4b40fe4fab49616c15c286b8e06339bd66e51eeeb9fea1a5b0
- hash: f7b491b82dd449fc60c3d916b75fd1d38b40f8d015f38687969ebea42f84df0c
- hash: 354795669a6190adfeeea89bf84e5df18f6082700e34edc01773472cde5693f3
- hash: cb7714f54068d426dbc0329992b54a932016a0a6181537b346073cdda5769736
- url: https://gorillao.digital/pkno
- hash: 6042507ffb8f68f5f8175a10627b7170544e6094716e2ef63afcd5b07f90cce7
- hash: 2228e476e3401f18852616e07a47af31f6524f931bee927d3f2a869ca75c9dbc
- hash: 2693bd4a33cab30fb7553a15f77fad21544a399ccfce5a6faa4b781131513975
- url: https://hizliveguvenimserviceds.com/mzmxnze5mjexy2q3/
- url: https://hizliveguvenmserviceds.com/mzmxnze5mjexy2q3/
- url: https://hizliveguvenserviceds.com/mzmxnze5mjexy2q3/
- url: https://33hizliveguvenserviceds.com/mzmxnze5mjexy2q3/
- url: https://5hizliveguvenserviceds.com/mzmxnze5mjexy2q3/
- hash: f1e945969a1414f7d54b91bf3409705ad9848424a090199ee856cb6acd776d4e
- url: https://hizliveguvenimserviceds.com/mzmxnze5mjexy2q3/
- url: https://hizliveguvenmserviceds.com/mzmxnze5mjexy2q3/
- url: https://hizliveguvenserviceds.com/mzmxnze5mjexy2q3/
- url: https://33hizliveguvenserviceds.com/mzmxnze5mjexy2q3/
- url: https://5hizliveguvenserviceds.com/mzmxnze5mjexy2q3/
- url: http://67.215.225.205:8080/forum/viewtopic.php
- hash: 2c5d5d682f8d91bb96258464906376515ebc3c58964fb7b20f7458704cc5f542
- hash: a6afd2916044b64e05172a07bb89ebc2e5ad32490b2713f2dc1333d4d72ae0bb
- hash: 91f78722befa70651fab2660644704c6333501099c64aa8cbab533898e283c0c
- hash: cc3c99cfb55b50d2133e49022a7a4770375f9863fc1709f5966c8c948ccfbab7
- hash: ea927013c91d0478240f5cce42f19f18f484039f9c4aee1f28bea02d3ae9cdeb
- file: 192.252.176.54
- hash: 80
- file: 47.102.209.177
- hash: 8389
- file: 85.9.204.226
- hash: 4443
- file: 45.81.23.48
- hash: 1888
- file: 141.98.11.26
- hash: 7707
- domain: msfed.socalmediazone.com
- file: 213.152.162.74
- hash: 7513
- file: 157.20.182.68
- hash: 4449
- file: 80.225.221.151
- hash: 443
- file: 34.207.181.116
- hash: 17369
- file: 52.78.63.138
- hash: 26319
- domain: 8y1h12ay4vt22.cfc-execute.gz.baidubce.com
- file: 43.139.124.56
- hash: 80
- file: 47.254.74.170
- hash: 443
- file: 8.149.139.253
- hash: 8888
- file: 66.42.92.55
- hash: 80
- domain: ecs-123-249-34-118.compute.hwclouds-dns.com
- domain: ecs-1-92-78-64.compute.hwclouds-dns.com
- domain: venusgrou.com
- file: 151.242.63.186
- hash: 8808
- file: 176.65.144.95
- hash: 6606
- file: 18.188.51.6
- hash: 443
- file: 38.54.16.144
- hash: 7443
- file: 51.89.54.13
- hash: 8080
- file: 207.244.236.115
- hash: 44567
- file: 27.124.20.194
- hash: 65503
- file: 51.15.194.103
- hash: 443
- file: 45.33.7.49
- hash: 9443
- file: 45.33.7.49
- hash: 80
- file: 45.33.7.49
- hash: 8081
- file: 23.146.40.13
- hash: 60000
- file: 117.72.56.12
- hash: 443
- file: 162.220.11.155
- hash: 3333
- file: 13.60.219.249
- hash: 443
- file: 5.135.167.150
- hash: 3333
- file: 52.57.8.37
- hash: 80
- file: 52.57.8.37
- hash: 443
- file: 13.233.63.18
- hash: 3333
- file: 144.202.30.61
- hash: 13333
- file: 170.64.135.80
- hash: 443
- file: 47.117.80.19
- hash: 443
- file: 134.199.189.31
- hash: 3333
- file: 216.126.229.225
- hash: 443
- file: 216.126.229.225
- hash: 3333
- file: 195.201.169.56
- hash: 8080
- file: 217.18.210.168
- hash: 80
- hash: c82121875584b5607f9d8a9c5c10889a
- hash: 1add9766eb649496bc2fa516902a5965
- hash: 28771790ad093c8efa027edbc680722a
- hash: 6bafa6190e30fcae5dda8017079f9980
- hash: 39fe99d2250954a0d5ed0e9ff9c41d81
- hash: c0193c3b51020b1504c401bb27b84bea
- hash: d811f4b4dc97b25751cd0e8373c533e3
- hash: f58f1d87d32d472d5e97c5bba5c0cb4b
- hash: 155a1d61ba47a8fbb87ba1aced22649e
- hash: b2951204c09e7791d83c58017742b297
- hash: 3f8dbb3a8b881cba220c124323e92e6b
- hash: a20f8391af142d78fa825e38f0f40965
- hash: ffd340da6546fd9727011fa808af4ac1
- hash: 11af5c1051f89e0933646121eefb388b
- hash: 3dc738d44d0a5fe03568e09d59203a79
- hash: eba1596272ff695a1219b1380468293a
- hash: 977fe7712d2c2d8592c094a9de88170c
- hash: 32d93a2ec1007aad3228ced140b31682
- hash: 0a75d6369662af48ce6789d6b313a9a5
- hash: 1b99383c43c36fa94d046dca6423a93b
- hash: 9f9f02ce0d1a1aa6e4e0b2867af09ba0
- hash: 13ace884f11b68fd1d427f3f4effaf76
- hash: 273aa71a0ba88334060922563a8418cc
- hash: 3e748ba8609601283f21b4ecc784efed
- hash: 0c0ece5515f5e2719f0e0a93e1f112dc
- hash: 42bce02c8f6d561f02856a367272b835
- hash: 5b4d60780f6b5bbb6cb0a28fee885422
- hash: 214d097d63c0aa20ae2a833518c583a1
- hash: b7e14409b99a663fa181ec5e2abc8fb3
- hash: ea16d3eb7bafa159c311c7806729ccdd
- hash: 9a3d11b64e78895b8997fc7ad471655e
- hash: efa0d819098dc38d7a92ecd7eaf8a82a
- hash: ef6a62e5ef88cdcc946e8edafe7a2184
- hash: 0e4ee38fe320cfb573a30820198ff442
- hash: 74e6deb66b7845af3eb2d61727bb0bad
- hash: 13baaae3f238bff3b5d3294f66a63bc0
- hash: 949d9523269604db26065f002feef9ae
- hash: a73487356f1f47a6f87c470b150605e9
- hash: 86281388d3cdbc77b337000b0725ea81
- hash: ec189b7ce68cb308139f6a5cf93fd2dc91ccf4432dc09ccaecb9de403a000c73
- hash: 6c054f9013c71ccb7522c1350995066ef5729371641a639a7e38d09d66320bf4
- hash: c3028a3c0c9b037b252c046b1b170116e0edecf8554931445c27f0ddb98785c1
- hash: 19a4339a4396e17fece5fd5b19639aa773c3bb3d8e2f58ee3b8305b95d969215
- hash: 05313e81e28f4c4a13e5f443cd2641181d5de95cdc7e450e097ee23c09758a15
- hash: 80625a787c04188be1992cfa457b11a166e19ff27e5ab499b58e8a7b7d44f2b9
- hash: e78505de8436a1d9978fd03a4e374518be6f3f6f7f4bf18ae59e3f23301ce927
- file: 38.54.6.120
- hash: 56001
- file: 192.30.241.106
- hash: 56001
- file: 38.54.6.120
- hash: 56002
- file: 38.54.6.120
- hash: 56003
- file: 192.30.241.106
- hash: 56003
- domain: pocof.icu
- domain: partdet-id839847.com
- domain: booking.partdet-id839847.com
- file: 116.204.159.28
- hash: 80
- file: 43.142.73.196
- hash: 8443
- file: 47.103.81.25
- hash: 81
- file: 154.205.157.109
- hash: 8443
- file: 8.209.36.249
- hash: 8888
- file: 116.204.159.29
- hash: 80
- file: 8.212.11.156
- hash: 8888
- file: 116.204.159.27
- hash: 80
- url: http://185.215.113.59/dy5h4kus/index.php
- url: https://climatologfy.top/kbud
- url: https://dstarofliught.top/wozd
- url: https://equatorf.run/reiq
- url: https://hemispherexz.top/xapp
- url: https://kpiratetwrath.run/ytus
- url: https://latitudert.live/teui
- url: https://longitudde.digital/wizu
- file: 129.211.28.15
- hash: 7777
- file: 175.24.172.135
- hash: 8800
- file: 1.94.183.238
- hash: 8080
- file: 121.40.127.134
- hash: 8081
- file: 96.9.213.106
- hash: 31337
- file: 159.65.52.75
- hash: 31337
- file: 46.3.98.7
- hash: 31337
- file: 36.227.128.128
- hash: 31337
- file: 14.225.207.73
- hash: 31337
- file: 146.70.213.35
- hash: 8089
- file: 65.2.82.33
- hash: 32764
- file: 188.50.9.48
- hash: 1337
- file: 185.165.171.21
- hash: 443
- url: https://naturesartgistry.today/api
- url: http://88.214.48.93/ea2cb15d61cc476f.php
- url: http://alien-training.com/award.pdf.exe
- domain: is-avi.gl.at.ply.gg
- domain: 89.portmap.io
- file: 45.83.207.17
- hash: 3158
- domain: including-briefly.gl.at.ply.gg
- domain: may-biol.gl.at.ply.gg
- file: 193.161.193.99
- hash: 25009
- domain: rayishim-25009.portmap.io
- domain: kriegerspub.com
- domain: talklc.com
- domain: meerkaty.digital
- domain: bisonq.live
- domain: faqyw.icu
- hash: e28db6a65da2ebcf304873c9a5ed086d
- hash: dd394a40255027c7354123fc0f1a6c05
- hash: 1773e21117bd6a0e17a3975be84ab6ae
- domain: vynen.icu
- file: 185.215.113.59
- hash: 80
- url: http://102.98.85.161:39940/mozi.m
- hash: 28103f745f58a2af71d327012846c022
- hash: 82cb0577a64e59d187ab3174d1095c22
- url: http://185.215.113.59/dy5h4kus/login.php
- file: 88.118.154.192
- hash: 3333
- domain: internetsearch.viewdns.net
- hash: 586a7991bb097e7c4ef676b180f65a6a
- hash: 7fa55bf92073ca2115d70641566ce89b
- hash: ccb993b425257228bd48c0aac20d5027
- url: https://116.202.6.216/
- file: 116.202.6.216
- hash: 443
- url: https://vynen.icu/3e4ab3f83f4a4f09a53d0f2b390d3470.txt
- url: https://vynen.icu/40b9327d1599486cb928d9d8654f8667.txt
- file: 198.135.50.66
- hash: 2404
- file: 116.204.34.3
- hash: 8090
- file: 176.143.53.10
- hash: 7000
- file: 196.251.81.249
- hash: 8808
- file: 45.79.145.180
- hash: 443
- file: 179.61.147.46
- hash: 4449
- file: 13.203.210.189
- hash: 2082
- file: 65.1.112.156
- hash: 47703
- file: 65.1.112.156
- hash: 5903
- file: 91.209.135.231
- hash: 4000
- hash: 1177fecd07e3ad608c745c81225e4544
- hash: 14caab369a364f4dd5f58a7bbca34da6
- hash: 184a4f3f00ca40d10790270a20019bb4
- hash: 30bcac6815ba2375bef3daf22ff28698
- hash: 46cd19c3dac997bfa1a90028a28b5045
- url: http://star7.kro.kr/login/help/show.php?_dom=991
- url: http://star7.kro.kr/login/img/show.php?udt=177
- url: http://www.sign.in.mogovernts.kro.kr/rebin/include.php?_sys=7
- domain: access-apollo-page.r-e.kr
- domain: access-apollo-star7.kro.kr
- file: 189.140.47.222
- hash: 443
- domain: ffmqitnka.pages.dev
- url: https://dsalaccgfa.top/gsooz
- url: https://polandecor.digital/dugg
- url: https://wawrhamer.live/oigbh
- url: https://wquilltayle.live/gksi
- file: 1.94.249.10
- hash: 888
- file: 107.173.60.107
- hash: 443
- file: 8.137.108.138
- hash: 8888
- file: 47.122.55.128
- hash: 443
- file: 113.45.225.150
- hash: 8888
- file: 202.146.218.74
- hash: 2024
- file: 120.46.199.181
- hash: 80
- file: 84.247.153.54
- hash: 443
- domain: integration2-hohc4oi-ql5o2tbhqesto.us-5.magentosite.cloud
- file: 187.63.105.68
- hash: 8808
- file: 35.87.33.198
- hash: 443
- file: 18.139.236.62
- hash: 80
- file: 13.112.11.137
- hash: 80
- file: 87.251.78.239
- hash: 4000
- url: https://scollonllc.it.com/
- url: https://moteev-biznis-man.shop/work.txt
- url: http://89.23.107.240:7777/confirmm2.com/capcha
- file: 39.105.197.12
- hash: 443
- file: 196.251.72.237
- hash: 31337
- file: 167.71.13.103
- hash: 31337
- file: 212.87.221.57
- hash: 1604
- file: 52.21.173.197
- hash: 33060
- domain: c2.trollers.xyz
- url: http://102.97.107.119:50631/mozi.m
- file: 88.214.48.93
- hash: 80
- file: 111.62.92.248
- hash: 443
- file: 124.237.236.89
- hash: 443
- file: 125.39.27.204
- hash: 443
- file: 154.12.22.15
- hash: 443
- file: 43.246.208.241
- hash: 443
- domain: secure.gatecollegesystem.com
- domain: apelmerah.top
- url: https://apelmerah.top/desk/loop.js
- url: https://apelmerah.top/desk/vis.php
- url: https://apelmerah.top/desk/index.php
- url: https://5equatorf.run/reiq
- url: https://xclimatologfy.top/kbud
- url: https://xhemispherexz.top/xapp
- domain: kdxa.gaihwstpzuomtfnu.info
- domain: yfrv.gaihwstpzuomtfnu.info
- domain: yfrv.zkuafimfdwvetxjq.live
- domain: yfrv.zkuafimfdwvetxjq.info
- domain: khbw.byxwgimpbwiskniw.live
- domain: khbw.byxwgimpbwiskniw.info
- domain: eicp.gwyhhcorybwjwuzh.info
- domain: kdxa.gwyhhcorybwjwuzh.info
- domain: eicp.gwyhhcorybwjwuzh.live
- domain: kdxa.zkuafimfdwvetxjq.info
- domain: eicp.gaihwstpzuomtfnu.info
- file: 216.9.225.163
- hash: 44040
- file: 216.9.225.168
- hash: 13960
- file: 216.9.225.168
- hash: 13961
- domain: quiltsticks.xyz
- domain: hobbiesyard.xyz
- domain: taxjudge.icu
- domain: teethbubble.icu
- url: https://hobbiesyard.xyz/art.php
- url: http://taxjudge.icu/apr.php
- url: http://taxjudge.icu/apri.php
- domain: sealyiu.live
- domain: buqoc.icu
- file: 156.244.9.237
- hash: 443
- file: 8.209.36.208
- hash: 8888
- file: 8.134.218.67
- hash: 19999
- url: https://c6quilltayle.live/gksi
- file: 103.47.146.161
- hash: 3222
- file: 43.134.86.188
- hash: 4522
- file: 107.175.32.185
- hash: 2404
- file: 43.163.196.208
- hash: 8443
- file: 193.26.115.218
- hash: 6606
- file: 193.26.115.218
- hash: 7707
- file: 82.147.88.84
- hash: 15647
- url: https://turkeytzq.live/powk
- file: 94.141.122.170
- hash: 8443
- file: 191.13.60.146
- hash: 8081
- file: 115.74.25.138
- hash: 9999
- file: 144.172.95.241
- hash: 8080
- file: 15.157.60.72
- hash: 44818
- file: 57.128.76.137
- hash: 8081
- file: 81.19.131.173
- hash: 19000
- file: 147.185.221.27
- hash: 45031
- domain: introduction-satisfy.gl.at.ply.gg
- url: https://jjpalace.com/4r3e.js
- domain: jjpalace.com
- url: https://jjpalace.com/js.php
- domain: mexitl.com
- hash: 11479866158c4d95b37a9ebe6fb27f50c9cd30a586b50f8e163eb78ecc959b05
- hash: 8caec48f271a30a64b6a54fb2be6f23d69bef737e9002b1faab9fe755212c54a
- file: 43.143.123.40
- hash: 50050
- file: 13.211.233.30
- hash: 2154
- file: 54.151.13.167
- hash: 19080
- file: 86.127.248.32
- hash: 4443
- file: 115.74.25.138
- hash: 5001
- file: 113.23.212.15
- hash: 80
- domain: cdn.soft.qianxin.com
- url: http://182.124.232.215:48236/mozi.m
- file: 107.148.149.107
- hash: 3013
- file: 101.43.131.215
- hash: 443
- file: 128.90.106.191
- hash: 2000
- file: 128.90.106.191
- hash: 4000
- file: 38.132.122.214
- hash: 7443
- file: 174.113.20.53
- hash: 9601
- file: 38.132.122.213
- hash: 7443
- file: 111.229.202.115
- hash: 8443
- file: 115.74.25.138
- hash: 6000
- file: 115.74.25.138
- hash: 6001
- file: 34.243.214.249
- hash: 1961
- file: 15.206.170.157
- hash: 2454
- file: 159.65.91.137
- hash: 7443
- file: 116.2.176.204
- hash: 7443
- file: 54.169.225.216
- hash: 80
- file: 159.65.52.75
- hash: 443
- file: 188.234.232.119
- hash: 443
- file: 35.86.80.194
- hash: 8081
- file: 43.131.5.83
- hash: 80
- file: 43.131.5.83
- hash: 8888
- file: 52.86.74.200
- hash: 443
- file: 8.216.82.145
- hash: 23333
- file: 93.95.228.58
- hash: 443
- url: https://3hemispherexz.top/xapp
- url: https://plongitudde.digital/wizu
- url: https://mequatorf.run/reiq
- domain: 2d2azd2gymkef.cfc-execute.gz.baidubce.com
ThreatFox IOCs for 2025-04-22
Medium
Published: Tue Apr 22 2025 (04/22/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-04-22
AI-Powered Analysis
AILast updated: 06/19/2025, 15:02:57 UTC
Technical Analysis
The provided threat intelligence relates to a malware-related report titled "ThreatFox IOCs for 2025-04-22," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under "type:osint," indicating it primarily involves open-source intelligence data rather than a specific malware family or exploit targeting a particular software product. No specific affected product versions or detailed technical indicators are provided, and there are no known exploits in the wild associated with this report at the time of publication. The threat level is indicated as 2 on an unspecified scale, with analysis and distribution scores of 1 and 3 respectively, suggesting moderate dissemination of the intelligence but limited detailed analysis or confirmed impact. The absence of CWEs, patch links, or technical details about the malware's behavior limits the ability to precisely characterize the threat vector or attack methodology. The medium severity tag suggests a moderate risk level, likely due to the potential for this malware or related IOCs to be used in reconnaissance or initial infection stages rather than immediate critical system compromise. The lack of authentication or user interaction requirements is not explicitly stated, but given the OSINT nature and absence of exploit data, it is likely that exploitation would require some level of user or system interaction. Overall, this threat intelligence appears to be an early-stage or informational report on malware-related indicators without confirmed active exploitation or widespread impact at this time.
Potential Impact
For European organizations, the impact of this threat is currently limited due to the absence of known active exploits and the lack of detailed technical indicators. However, the presence of malware-related IOCs in open-source intelligence can signal emerging threats that may be leveraged in targeted attacks, phishing campaigns, or reconnaissance activities. Organizations relying on OSINT for threat detection should consider integrating these IOCs into their monitoring systems to enhance early warning capabilities. The medium severity suggests that while immediate disruption or data compromise is unlikely, there is potential for this threat to evolve or be incorporated into more sophisticated attack chains. European entities in sectors with high exposure to cyber threats—such as finance, critical infrastructure, and government—should remain vigilant. The lack of specific affected products or versions means that the threat could be broadly applicable, increasing the risk of opportunistic attacks if the malware or its variants become weaponized.
Mitigation Recommendations
Given the limited technical details, mitigation should focus on proactive threat intelligence integration and general best practices tailored to OSINT-derived threats: 1) Incorporate the provided IOCs into Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) tools to enable early detection of related indicators. 2) Enhance monitoring of network traffic and system logs for anomalous behavior that may correlate with the reported IOCs. 3) Conduct regular threat hunting exercises focusing on emerging malware signatures and behaviors consistent with the medium severity level. 4) Educate security teams on the importance of OSINT sources like ThreatFox to maintain situational awareness. 5) Maintain up-to-date patching and vulnerability management programs, even though no specific patches are linked, to reduce the attack surface for potential exploitation. 6) Implement strict access controls and network segmentation to limit lateral movement if initial compromise occurs. 7) Prepare incident response playbooks that include procedures for handling malware infections identified through OSINT indicators. These steps go beyond generic advice by emphasizing the integration and operationalization of OSINT data within existing security frameworks.
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 02c76f75-e3f8-4660-8c39-d15c5ca4e460
- Original Timestamp
- 1745366587
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainnewtsda.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainsnailzg.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaincrabw.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainwhippetzx.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainzebrai.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainhedgehocvg.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaintapiretre.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaindolphine.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainferretwq.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainremorar.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainslothwe.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaingoldfisher.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaincpanel.freein-deed.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainkajec.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainrhfvjck.pages.dev | ClearFake payload delivery domain (confidence level: 100%) | |
domainbetiv.fun | ClearFake payload delivery domain (confidence level: 100%) | |
domainh1.wieldercherub.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domain886132-coinbase.com | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domainbookviewreserves.click | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domainfuckhdmov.top | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainitradepay.com | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainnettixx.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaindashes.cc | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainboostcmc.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainkitikixoroshie-23612.portmap.io | Nanocore RAT botnet C2 domain (confidence level: 100%) | |
domainjrtersdfg.pages.dev | ClearFake payload delivery domain (confidence level: 100%) | |
domainumpmfss.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainmsfed.socalmediazone.com | Hook botnet C2 domain (confidence level: 100%) | |
domain8y1h12ay4vt22.cfc-execute.gz.baidubce.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainecs-123-249-34-118.compute.hwclouds-dns.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainecs-1-92-78-64.compute.hwclouds-dns.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainvenusgrou.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainpocof.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainpartdet-id839847.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainbooking.partdet-id839847.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainis-avi.gl.at.ply.gg | DCRat botnet C2 domain (confidence level: 50%) | |
domain89.portmap.io | NjRAT botnet C2 domain (confidence level: 50%) | |
domainincluding-briefly.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainmay-biol.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainrayishim-25009.portmap.io | NjRAT botnet C2 domain (confidence level: 75%) | |
domainkriegerspub.com | FAKEUPDATES payload delivery domain (confidence level: 50%) | |
domaintalklc.com | FAKEUPDATES payload delivery domain (confidence level: 50%) | |
domainmeerkaty.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainbisonq.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainfaqyw.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainvynen.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaininternetsearch.viewdns.net | Nanocore RAT botnet C2 domain (confidence level: 100%) | |
domainaccess-apollo-page.r-e.kr | Kimsuky botnet C2 domain (confidence level: 50%) | |
domainaccess-apollo-star7.kro.kr | Kimsuky botnet C2 domain (confidence level: 50%) | |
domainffmqitnka.pages.dev | ClearFake payload delivery domain (confidence level: 100%) | |
domainintegration2-hohc4oi-ql5o2tbhqesto.us-5.magentosite.cloud | FAKEUPDATES payload delivery domain (confidence level: 80%) | |
domainc2.trollers.xyz | XWorm botnet C2 domain (confidence level: 50%) | |
domainsecure.gatecollegesystem.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainapelmerah.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainkdxa.gaihwstpzuomtfnu.info | Bashlite botnet C2 domain (confidence level: 75%) | |
domainyfrv.gaihwstpzuomtfnu.info | Bashlite botnet C2 domain (confidence level: 75%) | |
domainyfrv.zkuafimfdwvetxjq.live | Bashlite botnet C2 domain (confidence level: 75%) | |
domainyfrv.zkuafimfdwvetxjq.info | Bashlite botnet C2 domain (confidence level: 75%) | |
domainkhbw.byxwgimpbwiskniw.live | Bashlite botnet C2 domain (confidence level: 75%) | |
domainkhbw.byxwgimpbwiskniw.info | Bashlite botnet C2 domain (confidence level: 75%) | |
domaineicp.gwyhhcorybwjwuzh.info | Bashlite botnet C2 domain (confidence level: 75%) | |
domainkdxa.gwyhhcorybwjwuzh.info | Bashlite botnet C2 domain (confidence level: 75%) | |
domaineicp.gwyhhcorybwjwuzh.live | Bashlite botnet C2 domain (confidence level: 75%) | |
domainkdxa.zkuafimfdwvetxjq.info | Bashlite botnet C2 domain (confidence level: 75%) | |
domaineicp.gaihwstpzuomtfnu.info | Bashlite botnet C2 domain (confidence level: 75%) | |
domainquiltsticks.xyz | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domainhobbiesyard.xyz | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domaintaxjudge.icu | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domainteethbubble.icu | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domainsealyiu.live | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbuqoc.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainintroduction-satisfy.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 75%) | |
domainjjpalace.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainmexitl.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaincdn.soft.qianxin.com | Cobalt Strike botnet C2 domain (confidence level: 50%) | |
domain2d2azd2gymkef.cfc-execute.gz.baidubce.com | Cobalt Strike botnet C2 domain (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://fuckhdmov.top/desk/loop.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://fuckhdmov.top/desk/select.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://fuckhdmov.top/desk/vis.php | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://itradepay.com/key.zip | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://nettixx.com/4w2e.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://nettixx.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://ow5dirasuek.com/ | Neconyd botnet C2 (confidence level: 75%) | |
urlhttp://mkkuei4kdsz.com/ | Neconyd botnet C2 (confidence level: 75%) | |
urlhttp://lousta.net/ | Neconyd botnet C2 (confidence level: 75%) | |
urlhttps://umpmfss.top/files/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://umpmfss.top/files/loop.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://umpmfss.top/files/vis.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://manwithedhelp.top/files/vi.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://gorillao.digital/pkno | Unknown malware botnet C2 (confidence level: 25%) | |
urlhttps://hizliveguvenimserviceds.com/mzmxnze5mjexy2q3/ | Unknown malware botnet C2 (confidence level: 25%) | |
urlhttps://hizliveguvenmserviceds.com/mzmxnze5mjexy2q3/ | Unknown malware botnet C2 (confidence level: 25%) | |
urlhttps://hizliveguvenserviceds.com/mzmxnze5mjexy2q3/ | Unknown malware botnet C2 (confidence level: 25%) | |
urlhttps://33hizliveguvenserviceds.com/mzmxnze5mjexy2q3/ | Unknown malware botnet C2 (confidence level: 25%) | |
urlhttps://5hizliveguvenserviceds.com/mzmxnze5mjexy2q3/ | Unknown malware botnet C2 (confidence level: 25%) | |
urlhttps://hizliveguvenimserviceds.com/mzmxnze5mjexy2q3/ | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://hizliveguvenmserviceds.com/mzmxnze5mjexy2q3/ | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://hizliveguvenserviceds.com/mzmxnze5mjexy2q3/ | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://33hizliveguvenserviceds.com/mzmxnze5mjexy2q3/ | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://5hizliveguvenserviceds.com/mzmxnze5mjexy2q3/ | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://67.215.225.205:8080/forum/viewtopic.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://185.215.113.59/dy5h4kus/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttps://climatologfy.top/kbud | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://dstarofliught.top/wozd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://equatorf.run/reiq | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://hemispherexz.top/xapp | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://kpiratetwrath.run/ytus | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://latitudert.live/teui | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://longitudde.digital/wizu | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://naturesartgistry.today/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttp://88.214.48.93/ea2cb15d61cc476f.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttp://alien-training.com/award.pdf.exe | Meterpreter payload delivery URL (confidence level: 50%) | |
urlhttp://102.98.85.161:39940/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttp://185.215.113.59/dy5h4kus/login.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttps://116.202.6.216/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://vynen.icu/3e4ab3f83f4a4f09a53d0f2b390d3470.txt | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://vynen.icu/40b9327d1599486cb928d9d8654f8667.txt | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://star7.kro.kr/login/help/show.php?_dom=991 | Kimsuky botnet C2 (confidence level: 50%) | |
urlhttp://star7.kro.kr/login/img/show.php?udt=177 | Kimsuky botnet C2 (confidence level: 50%) | |
urlhttp://www.sign.in.mogovernts.kro.kr/rebin/include.php?_sys=7 | Kimsuky botnet C2 (confidence level: 50%) | |
urlhttps://dsalaccgfa.top/gsooz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://polandecor.digital/dugg | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://wawrhamer.live/oigbh | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://wquilltayle.live/gksi | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://scollonllc.it.com/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://moteev-biznis-man.shop/work.txt | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttp://89.23.107.240:7777/confirmm2.com/capcha | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttp://102.97.107.119:50631/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttps://apelmerah.top/desk/loop.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://apelmerah.top/desk/vis.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://apelmerah.top/desk/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://5equatorf.run/reiq | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://xclimatologfy.top/kbud | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://xhemispherexz.top/xapp | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://hobbiesyard.xyz/art.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttp://taxjudge.icu/apr.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttp://taxjudge.icu/apri.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttps://c6quilltayle.live/gksi | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://turkeytzq.live/powk | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://jjpalace.com/4r3e.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://jjpalace.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://182.124.232.215:48236/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttps://3hemispherexz.top/xapp | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://plongitudde.digital/wizu | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://mequatorf.run/reiq | Lumma Stealer botnet C2 (confidence level: 75%) |
File
| Value | Description | Copy |
|---|---|---|
file94.158.245.81 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file193.161.193.99 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file147.185.221.27 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file192.252.176.54 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.102.209.177 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file85.9.204.226 | Sliver botnet C2 server (confidence level: 100%) | |
file45.81.23.48 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file141.98.11.26 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file213.152.162.74 | Venom RAT botnet C2 server (confidence level: 100%) | |
file157.20.182.68 | Venom RAT botnet C2 server (confidence level: 100%) | |
file80.225.221.151 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.207.181.116 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file52.78.63.138 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file43.139.124.56 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file47.254.74.170 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file8.149.139.253 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file66.42.92.55 | Stealc botnet C2 server (confidence level: 100%) | |
file151.242.63.186 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file176.65.144.95 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file18.188.51.6 | Unknown malware botnet C2 server (confidence level: 100%) | |
file38.54.16.144 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.89.54.13 | Sliver botnet C2 server (confidence level: 100%) | |
file207.244.236.115 | Havoc botnet C2 server (confidence level: 100%) | |
file27.124.20.194 | DCRat botnet C2 server (confidence level: 100%) | |
file51.15.194.103 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.33.7.49 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.33.7.49 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.33.7.49 | Unknown malware botnet C2 server (confidence level: 100%) | |
file23.146.40.13 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.72.56.12 | Unknown malware botnet C2 server (confidence level: 100%) | |
file162.220.11.155 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.60.219.249 | Unknown malware botnet C2 server (confidence level: 100%) | |
file5.135.167.150 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.57.8.37 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.57.8.37 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.233.63.18 | Unknown malware botnet C2 server (confidence level: 100%) | |
file144.202.30.61 | Unknown malware botnet C2 server (confidence level: 100%) | |
file170.64.135.80 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.117.80.19 | Unknown malware botnet C2 server (confidence level: 100%) | |
file134.199.189.31 | Unknown malware botnet C2 server (confidence level: 100%) | |
file216.126.229.225 | Unknown malware botnet C2 server (confidence level: 100%) | |
file216.126.229.225 | Unknown malware botnet C2 server (confidence level: 100%) | |
file195.201.169.56 | BianLian botnet C2 server (confidence level: 100%) | |
file217.18.210.168 | Bashlite botnet C2 server (confidence level: 100%) | |
file38.54.6.120 | ResolverRAT botnet C2 server (confidence level: 50%) | |
file192.30.241.106 | ResolverRAT botnet C2 server (confidence level: 50%) | |
file38.54.6.120 | ResolverRAT botnet C2 server (confidence level: 50%) | |
file38.54.6.120 | ResolverRAT botnet C2 server (confidence level: 50%) | |
file192.30.241.106 | ResolverRAT botnet C2 server (confidence level: 50%) | |
file116.204.159.28 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.142.73.196 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.103.81.25 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.205.157.109 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.209.36.249 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file116.204.159.29 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.212.11.156 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file116.204.159.27 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file129.211.28.15 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file175.24.172.135 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file1.94.183.238 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file121.40.127.134 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file96.9.213.106 | Sliver botnet C2 server (confidence level: 50%) | |
file159.65.52.75 | Sliver botnet C2 server (confidence level: 50%) | |
file46.3.98.7 | Sliver botnet C2 server (confidence level: 50%) | |
file36.227.128.128 | Sliver botnet C2 server (confidence level: 50%) | |
file14.225.207.73 | Sliver botnet C2 server (confidence level: 50%) | |
file146.70.213.35 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
file65.2.82.33 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file188.50.9.48 | Quasar RAT botnet C2 server (confidence level: 50%) | |
file185.165.171.21 | Unknown malware botnet C2 server (confidence level: 50%) | |
file45.83.207.17 | NjRAT botnet C2 server (confidence level: 50%) | |
file193.161.193.99 | NjRAT botnet C2 server (confidence level: 75%) | |
file185.215.113.59 | Amadey botnet C2 server (confidence level: 50%) | |
file88.118.154.192 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file116.202.6.216 | Vidar botnet C2 server (confidence level: 100%) | |
file198.135.50.66 | Remcos botnet C2 server (confidence level: 100%) | |
file116.204.34.3 | Sliver botnet C2 server (confidence level: 100%) | |
file176.143.53.10 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.81.249 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.79.145.180 | Havoc botnet C2 server (confidence level: 100%) | |
file179.61.147.46 | Venom RAT botnet C2 server (confidence level: 100%) | |
file13.203.210.189 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file65.1.112.156 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file65.1.112.156 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file91.209.135.231 | Unknown malware botnet C2 server (confidence level: 100%) | |
file189.140.47.222 | QakBot botnet C2 server (confidence level: 75%) | |
file1.94.249.10 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.173.60.107 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.137.108.138 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.122.55.128 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file113.45.225.150 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file202.146.218.74 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.46.199.181 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file84.247.153.54 | Sliver botnet C2 server (confidence level: 100%) | |
file187.63.105.68 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file35.87.33.198 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.139.236.62 | Hook botnet C2 server (confidence level: 100%) | |
file13.112.11.137 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
file87.251.78.239 | Unknown malware botnet C2 server (confidence level: 100%) | |
file39.105.197.12 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file196.251.72.237 | Sliver botnet C2 server (confidence level: 50%) | |
file167.71.13.103 | Sliver botnet C2 server (confidence level: 50%) | |
file212.87.221.57 | DarkComet botnet C2 server (confidence level: 50%) | |
file52.21.173.197 | BlackShades botnet C2 server (confidence level: 50%) | |
file88.214.48.93 | Stealc botnet C2 server (confidence level: 100%) | |
file111.62.92.248 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file124.237.236.89 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file125.39.27.204 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file154.12.22.15 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file43.246.208.241 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file216.9.225.163 | Remcos botnet C2 server (confidence level: 75%) | |
file216.9.225.168 | Remcos botnet C2 server (confidence level: 75%) | |
file216.9.225.168 | Remcos botnet C2 server (confidence level: 75%) | |
file156.244.9.237 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.209.36.208 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.134.218.67 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.47.146.161 | Remcos botnet C2 server (confidence level: 100%) | |
file43.134.86.188 | Remcos botnet C2 server (confidence level: 100%) | |
file107.175.32.185 | Remcos botnet C2 server (confidence level: 100%) | |
file43.163.196.208 | Sliver botnet C2 server (confidence level: 100%) | |
file193.26.115.218 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file193.26.115.218 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file82.147.88.84 | SectopRAT botnet C2 server (confidence level: 100%) | |
file94.141.122.170 | Havoc botnet C2 server (confidence level: 100%) | |
file191.13.60.146 | Havoc botnet C2 server (confidence level: 100%) | |
file115.74.25.138 | Venom RAT botnet C2 server (confidence level: 100%) | |
file144.172.95.241 | DCRat botnet C2 server (confidence level: 100%) | |
file15.157.60.72 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file57.128.76.137 | Chaos botnet C2 server (confidence level: 100%) | |
file81.19.131.173 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file147.185.221.27 | NjRAT botnet C2 server (confidence level: 75%) | |
file43.143.123.40 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file13.211.233.30 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file54.151.13.167 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file86.127.248.32 | Unknown malware botnet C2 server (confidence level: 50%) | |
file115.74.25.138 | Venom RAT botnet C2 server (confidence level: 50%) | |
file113.23.212.15 | Unknown malware botnet C2 server (confidence level: 50%) | |
file107.148.149.107 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file101.43.131.215 | Sliver botnet C2 server (confidence level: 100%) | |
file128.90.106.191 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.106.191 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file38.132.122.214 | Unknown malware botnet C2 server (confidence level: 100%) | |
file174.113.20.53 | Unknown malware botnet C2 server (confidence level: 100%) | |
file38.132.122.213 | Unknown malware botnet C2 server (confidence level: 100%) | |
file111.229.202.115 | Havoc botnet C2 server (confidence level: 100%) | |
file115.74.25.138 | Venom RAT botnet C2 server (confidence level: 100%) | |
file115.74.25.138 | Venom RAT botnet C2 server (confidence level: 100%) | |
file34.243.214.249 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file15.206.170.157 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file159.65.91.137 | Unknown malware botnet C2 server (confidence level: 100%) | |
file116.2.176.204 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.169.225.216 | MimiKatz botnet C2 server (confidence level: 100%) | |
file159.65.52.75 | Sliver botnet C2 server (confidence level: 75%) | |
file188.234.232.119 | QakBot botnet C2 server (confidence level: 75%) | |
file35.86.80.194 | NetSupportManager RAT botnet C2 server (confidence level: 75%) | |
file43.131.5.83 | Sliver botnet C2 server (confidence level: 75%) | |
file43.131.5.83 | Sliver botnet C2 server (confidence level: 75%) | |
file52.86.74.200 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file8.216.82.145 | Sliver botnet C2 server (confidence level: 75%) | |
file93.95.228.58 | Meterpreter botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash23612 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash2fec6773db18d3c4f681fd48fd4e81e1a199419a236118c3347690c0c7c972a6 | AsyncRAT payload (confidence level: 75%) | |
hash26d66fabea48da55d5fc15a9f7ba07c8e0f28cd3050a20fe5b80c5ab94288037 | NjRAT payload (confidence level: 75%) | |
hash51048 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash0781f7b4128f14317944da5f031650abd4d62d8064b822d97650370477051178 | Neconyd payload (confidence level: 75%) | |
hashc437cdf7aac72905317d03eeccfe7ef93519d48742402790b33951fa1b438089 | Lumma Stealer payload (confidence level: 50%) | |
hash0201d2bbe53ec3b7967156f537f896335a381290b4bcf13b06cae21601599e9f | Neconyd payload (confidence level: 75%) | |
hasha0d3fe41b049f46ce46b1cb7ff5e50c8ac6f90b611ee4ce2ae93bfdc6665f9b2 | Remcos payload (confidence level: 75%) | |
hashdb48c33fe6f31d410cc958144a0316e119b88b5bdb304eb14bd76fd94d9e5539 | Remcos payload (confidence level: 75%) | |
hash3492e905d4d5c4a9c63d959d5ce52de8fed9107cace73f5b6ee824a64f860e74 | Remcos payload (confidence level: 75%) | |
hash3e3c582e1e78c091065c08d32bb5fc61500464f4a74aabe3ab78015ca3f9ee8d | Unknown malware payload (confidence level: 75%) | |
hash41f104c3c18989b80506e90e2e6ad13845e32dc8cabe5b0aecd62ce4bcff3630 | Unknown malware payload (confidence level: 100%) | |
hashf86a8b33b8c28d76e63812e2cbdecda6fb01e31a97381030951908f843a9e8e7 | Unknown malware payload (confidence level: 100%) | |
hash2e6a4c3a338abe691948397d70d6440499fd0e180045c054454cba786a212963 | Unknown malware payload (confidence level: 75%) | |
hash8381c3465ec5807f5f28770a8b6ecc735b6d1ab878d636706e8b36f1346d79e2 | Unknown malware payload (confidence level: 75%) | |
hash89932b22719de8a9216e5c0a48056f02c2df6a4b06edf3082fdb1c5b7fb1a5aa | Unknown malware payload (confidence level: 100%) | |
hash96190f4bbd67d54598e4d417e436f73cef4988d1ba0a9ff90444ade07c354a0f | Unknown malware payload (confidence level: 75%) | |
hash10ba5fea2e19b769a9bbe9f2243eb0f1885945df0bed2e71e1784901faf2b5f4 | Unknown malware payload (confidence level: 100%) | |
hash306623e19147e9a5a4559c2ee15cda08cdbc01f37af2cb2254a4481f76e21d33 | Unknown malware payload (confidence level: 100%) | |
hash3b38895db1e8907f3dddd0bca01d50d7316a03dbecfb5e141690297d190a1800 | Unknown malware payload (confidence level: 75%) | |
hash452443f4bf7213429571530dff511422a9dae1ea50a75df68ff21cef25cd463a | Unknown malware payload (confidence level: 50%) | |
hashe04838e474ec55e88bf529373cfac6a230204c0b3443694907ebbea83ce98153 | Unknown malware payload (confidence level: 75%) | |
hash182ec39b0010d3197542d3062699b2c05d5ceceeff730d891e88271453b8dd58 | Unknown malware payload (confidence level: 100%) | |
hash9d2f27acc0315d4b40fe4fab49616c15c286b8e06339bd66e51eeeb9fea1a5b0 | Unknown malware payload (confidence level: 25%) | |
hashf7b491b82dd449fc60c3d916b75fd1d38b40f8d015f38687969ebea42f84df0c | Unknown malware payload (confidence level: 75%) | |
hash354795669a6190adfeeea89bf84e5df18f6082700e34edc01773472cde5693f3 | Unknown malware payload (confidence level: 25%) | |
hashcb7714f54068d426dbc0329992b54a932016a0a6181537b346073cdda5769736 | Unknown malware payload (confidence level: 100%) | |
hash6042507ffb8f68f5f8175a10627b7170544e6094716e2ef63afcd5b07f90cce7 | Unknown malware payload (confidence level: 25%) | |
hash2228e476e3401f18852616e07a47af31f6524f931bee927d3f2a869ca75c9dbc | Unknown malware payload (confidence level: 25%) | |
hash2693bd4a33cab30fb7553a15f77fad21544a399ccfce5a6faa4b781131513975 | Unknown malware payload (confidence level: 50%) | |
hashf1e945969a1414f7d54b91bf3409705ad9848424a090199ee856cb6acd776d4e | Unknown malware payload (confidence level: 25%) | |
hash2c5d5d682f8d91bb96258464906376515ebc3c58964fb7b20f7458704cc5f542 | Unknown malware payload (confidence level: 100%) | |
hasha6afd2916044b64e05172a07bb89ebc2e5ad32490b2713f2dc1333d4d72ae0bb | Unknown malware payload (confidence level: 75%) | |
hash91f78722befa70651fab2660644704c6333501099c64aa8cbab533898e283c0c | Unknown malware payload (confidence level: 75%) | |
hashcc3c99cfb55b50d2133e49022a7a4770375f9863fc1709f5966c8c948ccfbab7 | Unknown malware payload (confidence level: 75%) | |
hashea927013c91d0478240f5cce42f19f18f484039f9c4aee1f28bea02d3ae9cdeb | Unknown malware payload (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8389 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4443 | Sliver botnet C2 server (confidence level: 100%) | |
hash1888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7513 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash17369 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash26319 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Sliver botnet C2 server (confidence level: 100%) | |
hash44567 | Havoc botnet C2 server (confidence level: 100%) | |
hash65503 | DCRat botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8081 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash13333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | BianLian botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hashc82121875584b5607f9d8a9c5c10889a | Cactus payload (confidence level: 50%) | |
hash1add9766eb649496bc2fa516902a5965 | Cactus payload (confidence level: 50%) | |
hash28771790ad093c8efa027edbc680722a | Cactus payload (confidence level: 50%) | |
hash6bafa6190e30fcae5dda8017079f9980 | Cactus payload (confidence level: 50%) | |
hash39fe99d2250954a0d5ed0e9ff9c41d81 | Cactus payload (confidence level: 50%) | |
hashc0193c3b51020b1504c401bb27b84bea | Cactus payload (confidence level: 50%) | |
hashd811f4b4dc97b25751cd0e8373c533e3 | Cactus payload (confidence level: 50%) | |
hashf58f1d87d32d472d5e97c5bba5c0cb4b | Cactus payload (confidence level: 50%) | |
hash155a1d61ba47a8fbb87ba1aced22649e | Cactus payload (confidence level: 50%) | |
hashb2951204c09e7791d83c58017742b297 | Cactus payload (confidence level: 50%) | |
hash3f8dbb3a8b881cba220c124323e92e6b | Cactus payload (confidence level: 50%) | |
hasha20f8391af142d78fa825e38f0f40965 | Cactus payload (confidence level: 50%) | |
hashffd340da6546fd9727011fa808af4ac1 | Cactus payload (confidence level: 50%) | |
hash11af5c1051f89e0933646121eefb388b | Cactus payload (confidence level: 50%) | |
hash3dc738d44d0a5fe03568e09d59203a79 | Cactus payload (confidence level: 50%) | |
hasheba1596272ff695a1219b1380468293a | Cactus payload (confidence level: 50%) | |
hash977fe7712d2c2d8592c094a9de88170c | Cactus payload (confidence level: 50%) | |
hash32d93a2ec1007aad3228ced140b31682 | Cactus payload (confidence level: 50%) | |
hash0a75d6369662af48ce6789d6b313a9a5 | Cactus payload (confidence level: 50%) | |
hash1b99383c43c36fa94d046dca6423a93b | Cactus payload (confidence level: 50%) | |
hash9f9f02ce0d1a1aa6e4e0b2867af09ba0 | Cactus payload (confidence level: 50%) | |
hash13ace884f11b68fd1d427f3f4effaf76 | Cactus payload (confidence level: 50%) | |
hash273aa71a0ba88334060922563a8418cc | Cactus payload (confidence level: 50%) | |
hash3e748ba8609601283f21b4ecc784efed | Cactus payload (confidence level: 50%) | |
hash0c0ece5515f5e2719f0e0a93e1f112dc | Cactus payload (confidence level: 50%) | |
hash42bce02c8f6d561f02856a367272b835 | Cactus payload (confidence level: 50%) | |
hash5b4d60780f6b5bbb6cb0a28fee885422 | Cactus payload (confidence level: 50%) | |
hash214d097d63c0aa20ae2a833518c583a1 | Cactus payload (confidence level: 50%) | |
hashb7e14409b99a663fa181ec5e2abc8fb3 | Cactus payload (confidence level: 50%) | |
hashea16d3eb7bafa159c311c7806729ccdd | Cactus payload (confidence level: 50%) | |
hash9a3d11b64e78895b8997fc7ad471655e | Cactus payload (confidence level: 50%) | |
hashefa0d819098dc38d7a92ecd7eaf8a82a | Cactus payload (confidence level: 50%) | |
hashef6a62e5ef88cdcc946e8edafe7a2184 | Cactus payload (confidence level: 50%) | |
hash0e4ee38fe320cfb573a30820198ff442 | Cactus payload (confidence level: 50%) | |
hash74e6deb66b7845af3eb2d61727bb0bad | Cactus payload (confidence level: 50%) | |
hash13baaae3f238bff3b5d3294f66a63bc0 | Cactus payload (confidence level: 50%) | |
hash949d9523269604db26065f002feef9ae | Cactus payload (confidence level: 50%) | |
hasha73487356f1f47a6f87c470b150605e9 | Cactus payload (confidence level: 50%) | |
hash86281388d3cdbc77b337000b0725ea81 | Cactus payload (confidence level: 50%) | |
hashec189b7ce68cb308139f6a5cf93fd2dc91ccf4432dc09ccaecb9de403a000c73 | ResolverRAT payload (confidence level: 50%) | |
hash6c054f9013c71ccb7522c1350995066ef5729371641a639a7e38d09d66320bf4 | ResolverRAT payload (confidence level: 50%) | |
hashc3028a3c0c9b037b252c046b1b170116e0edecf8554931445c27f0ddb98785c1 | ResolverRAT payload (confidence level: 50%) | |
hash19a4339a4396e17fece5fd5b19639aa773c3bb3d8e2f58ee3b8305b95d969215 | ResolverRAT payload (confidence level: 50%) | |
hash05313e81e28f4c4a13e5f443cd2641181d5de95cdc7e450e097ee23c09758a15 | ResolverRAT payload (confidence level: 50%) | |
hash80625a787c04188be1992cfa457b11a166e19ff27e5ab499b58e8a7b7d44f2b9 | ResolverRAT payload (confidence level: 50%) | |
hashe78505de8436a1d9978fd03a4e374518be6f3f6f7f4bf18ae59e3f23301ce927 | ResolverRAT payload (confidence level: 50%) | |
hash56001 | ResolverRAT botnet C2 server (confidence level: 50%) | |
hash56001 | ResolverRAT botnet C2 server (confidence level: 50%) | |
hash56002 | ResolverRAT botnet C2 server (confidence level: 50%) | |
hash56003 | ResolverRAT botnet C2 server (confidence level: 50%) | |
hash56003 | ResolverRAT botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8800 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash8089 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
hash32764 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash1337 | Quasar RAT botnet C2 server (confidence level: 50%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash3158 | NjRAT botnet C2 server (confidence level: 50%) | |
hash25009 | NjRAT botnet C2 server (confidence level: 75%) | |
hashe28db6a65da2ebcf304873c9a5ed086d | Cactus payload (confidence level: 50%) | |
hashdd394a40255027c7354123fc0f1a6c05 | Cactus payload (confidence level: 50%) | |
hash1773e21117bd6a0e17a3975be84ab6ae | Cactus payload (confidence level: 50%) | |
hash80 | Amadey botnet C2 server (confidence level: 50%) | |
hash28103f745f58a2af71d327012846c022 | Cactus payload (confidence level: 50%) | |
hash82cb0577a64e59d187ab3174d1095c22 | Cactus payload (confidence level: 50%) | |
hash3333 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash586a7991bb097e7c4ef676b180f65a6a | Cactus payload (confidence level: 50%) | |
hash7fa55bf92073ca2115d70641566ce89b | Cactus payload (confidence level: 50%) | |
hashccb993b425257228bd48c0aac20d5027 | Cactus payload (confidence level: 50%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8090 | Sliver botnet C2 server (confidence level: 100%) | |
hash7000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash2082 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash47703 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash5903 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash4000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1177fecd07e3ad608c745c81225e4544 | Kimsuky payload (confidence level: 50%) | |
hash14caab369a364f4dd5f58a7bbca34da6 | Kimsuky payload (confidence level: 50%) | |
hash184a4f3f00ca40d10790270a20019bb4 | Kimsuky payload (confidence level: 50%) | |
hash30bcac6815ba2375bef3daf22ff28698 | Kimsuky payload (confidence level: 50%) | |
hash46cd19c3dac997bfa1a90028a28b5045 | Kimsuky payload (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2024 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
hash4000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 50%) | |
hash33060 | BlackShades botnet C2 server (confidence level: 50%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash44040 | Remcos botnet C2 server (confidence level: 75%) | |
hash13960 | Remcos botnet C2 server (confidence level: 75%) | |
hash13961 | Remcos botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash19999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3222 | Remcos botnet C2 server (confidence level: 100%) | |
hash4522 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash15647 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash8443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8081 | Havoc botnet C2 server (confidence level: 100%) | |
hash9999 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8080 | DCRat botnet C2 server (confidence level: 100%) | |
hash44818 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8081 | Chaos botnet C2 server (confidence level: 100%) | |
hash19000 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash45031 | NjRAT botnet C2 server (confidence level: 75%) | |
hash11479866158c4d95b37a9ebe6fb27f50c9cd30a586b50f8e163eb78ecc959b05 | Unknown malware payload (confidence level: 100%) | |
hash8caec48f271a30a64b6a54fb2be6f23d69bef737e9002b1faab9fe755212c54a | Unknown malware payload (confidence level: 75%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash2154 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash19080 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash4443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash5001 | Venom RAT botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash3013 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash2000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9601 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Havoc botnet C2 server (confidence level: 100%) | |
hash6000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash6001 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash1961 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash2454 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash8081 | NetSupportManager RAT botnet C2 server (confidence level: 75%) | |
hash80 | Sliver botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash23333 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | Meterpreter botnet C2 server (confidence level: 75%) |
Threat ID: 682c7db2e8347ec82d2a43f7
Added to database: 5/20/2025, 1:03:46 PM
Last enriched: 6/19/2025, 3:02:57 PM
Last updated: 8/15/2025, 10:28:54 PM
Views: 13
Related Threats
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumMalwareSat Aug 16 2025
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumMalwareFri Aug 15 2025
Kawabunga, Dude, You've Been Ransomed!
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.