ThreatFox IOCs for 2025-04-23

Severity: mediumType: malware

AI Analysis

Technical Summary

The provided threat information pertains to a malware-related entry titled 'ThreatFox IOCs for 2025-04-23,' sourced from ThreatFox, which is a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under 'type:osint' and 'tlp:white,' indicating that it is open-source intelligence with no restrictions on sharing. There are no specific affected product versions or CWE identifiers listed, and no patch links or known exploits in the wild have been reported. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate distribution but limited analysis depth. The absence of concrete indicators of compromise or detailed technical behavior limits the ability to precisely characterize the malware's functionality, infection vectors, or payload. Given the lack of detailed technical specifics, it is likely that this entry serves as a general alert or a collection of IOCs rather than a detailed malware analysis. The threat's medium severity rating suggests a moderate risk level, possibly due to the potential for distribution or impact, but without confirmed active exploitation or widespread impact at this time.

Potential Impact

For European organizations, the impact of this threat appears to be moderate based on the medium severity rating and the distribution score of 3. Without specific details on the malware's capabilities, it is difficult to assess precise impacts on confidentiality, integrity, or availability. However, malware with moderate distribution potential could lead to data breaches, unauthorized access, or service disruptions if successfully deployed. The lack of known exploits in the wild reduces immediate risk, but organizations should remain vigilant. European entities involved in sectors with high reliance on OSINT tools or those frequently targeted by malware campaigns (such as finance, critical infrastructure, and government) may face increased risk if this malware evolves or is leveraged in targeted attacks. The absence of authentication or user interaction requirements is unknown, but given the medium severity, some level of user interaction or exploitation complexity may be involved, potentially limiting the scope of impact.

Mitigation Recommendations

Given the limited technical details, mitigation should focus on proactive threat hunting and strengthening detection capabilities. Organizations should: 1) Integrate ThreatFox IOCs into existing security information and event management (SIEM) and endpoint detection and response (EDR) tools to enhance detection of related indicators. 2) Conduct regular OSINT monitoring to identify emerging threats and update defenses accordingly. 3) Implement network segmentation and strict access controls to limit malware spread if infection occurs. 4) Enforce robust user awareness training to reduce the risk of social engineering or phishing vectors that may be associated with malware delivery. 5) Maintain up-to-date backups and incident response plans to mitigate potential impacts. 6) Collaborate with national cybersecurity centers and information sharing groups to receive timely updates on evolving threats. These steps go beyond generic advice by emphasizing integration of specific IOCs, OSINT monitoring, and inter-organizational collaboration tailored to the nature of this threat.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland

Indicators of Compromise

domain: vaboz.icu
hash: 22d316aec1664b148ee2ab8a197c7de477557ce9dcea250705053364bd98d1b2
hash: 8d15ca4f77aee1d2915234a148624d9fd8cd77b9efad32f4810492eb258977e2
hash: 9682fec5e1f3bfc01de99bb261bf4e584172f80570cdd8fe95ac13e03d263df5
domain: gthfjdk.pages.dev
domain: security-check-u8a6.com
domain: tc.easingaffix.site
hash: e140c8cb0a9ce96828119f040135a3b70d1c9ebbdea53dad954eb9cce70984fd
url: http://gdcbghvjyqy7jclk.onion.top/
hash: 7bc17129e3b6cc9d701dfb94a2f1c0415851cd485213605d1ebfaf701b831c5b
hash: 2b7bce9189fc62f088029ed3323206faf3b3d5e0ef7b107ac48a98eb321711c3
hash: 144289ed4d6a68c184b1793d8d2b3c7bbeb94d6bca179c4906a71f294b47a573
file: 217.18.210.168
hash: 4444
hash: 36ddeb8e1fcdc46781cd49306f2ca9c244190e3e82dd6290dfabe73b8b524c4d
hash: 99d63f07a16f4e69fd4ad58efa142eadd2b4082aed2ab0e8250fea035930e6ba
hash: 4e96b970367d1ae4d6b09fa0f4bbf363ee4d197753997142c3f51ba358008ef7
hash: 131ac5a7ea4aba832db8bd4b0cd7bc9e6f58343d4e788a67d22831c957c449ec
hash: 79283dac982adcfe31549d4f20f7b12bf636aa4fddaab72044364e042c8dac74
hash: bc272a48cc7f5db6edd615b710416e815468fb895233292879ccd72947c548e7
domain: sdfikguoriqoir.cloud
domain: checkuserseverdday.cloud
domain: flexingoto.cloud
hash: 7f939e9607c3a8d54397f509f76399e94504640deeb61577eb835e2e4bd7b30d
hash: 54986ad161a02d54df7cbc86e28e5ff059a6203349edd2db9ef72a9aa66952db
file: 147.185.221.26
hash: 50000
domain: manufacturer-viewing.gl.at.ply.gg
domain: nuwof.icu
file: 3.66.86.18
hash: 80
file: 196.251.118.128
hash: 8080
file: 209.250.246.205
hash: 443
file: 175.27.137.222
hash: 80
file: 106.75.210.106
hash: 80
file: 109.120.137.79
hash: 101
file: 54.39.19.186
hash: 443
file: 209.200.252.75
hash: 8888
file: 128.90.106.191
hash: 8808
file: 197.224.239.175
hash: 7443
file: 196.251.87.16
hash: 8082
file: 198.135.52.184
hash: 4444
file: 154.82.66.210
hash: 5671
hash: 01d6f868c146805dd8fbe924256bc2a51885afa4f547b27326b446075ce03567
hash: f22bf062fdf20998774007969d312052af9db728cfaa8388a56ad9b96d1a6531
hash: 2a0d8f3171763db72ca3a34f7cb499eb636fd44eda29645d4f4ca9a019d136c4
hash: 969aaf7841da3d91dcf91f7a17171afa05b62dc77cc146cb909ddf7d8eb803df
domain: en-bitcoin.org
file: 14.103.169.65
hash: 443
domain: ecs-27-106-109-232.compute.hwclouds-dns.com
file: 196.251.72.189
hash: 8080
file: 43.133.41.106
hash: 80
file: 185.254.198.90
hash: 443
file: 185.146.232.86
hash: 19752
file: 64.227.140.144
hash: 53487
file: 66.63.187.252
hash: 8808
file: 45.81.23.47
hash: 1888
domain: www.evaluationcurrency.com
domain: advath.socalmediazone.com
file: 172.65.164.86
hash: 443
file: 173.249.24.35
hash: 8000
file: 206.188.197.197
hash: 443
domain: 20-255-61-139.cprapid.com
file: 186.169.63.145
hash: 8090
file: 27.124.20.217
hash: 65503
file: 27.124.20.183
hash: 65503
file: 51.15.194.103
hash: 8443
file: 194.87.190.73
hash: 443
file: 195.62.48.195
hash: 80
file: 67.207.73.203
hash: 1724
file: 83.149.93.149
hash: 3333
file: 3.132.156.130
hash: 8443
file: 35.193.71.154
hash: 10443
file: 3.125.210.176
hash: 3333
file: 212.98.168.28
hash: 3333
file: 3.222.229.79
hash: 443
file: 167.172.161.109
hash: 3333
file: 149.104.30.249
hash: 9999
file: 168.138.12.215
hash: 8080
file: 3.126.146.104
hash: 3333
file: 3.136.93.180
hash: 443
file: 13.60.92.230
hash: 3333
file: 67.131.59.192
hash: 23
file: 41.226.122.34
hash: 443
url: https://ilongitudde.digital/wizu
file: 185.39.19.20
hash: 417
file: 185.39.19.20
hash: 431
file: 185.39.19.20
hash: 416
file: 185.39.19.20
hash: 419
file: 45.136.15.39
hash: 8443
file: 101.126.21.197
hash: 8443
file: 149.104.11.50
hash: 7001
file: 15.223.199.62
hash: 21
file: 13.247.61.156
hash: 37
file: 185.254.198.90
hash: 31337
file: 185.62.87.191
hash: 444
file: 91.81.248.10
hash: 7443
file: 151.80.60.181
hash: 3333
url: https://fansly.ad/
domain: assaa.freeddns.org
url: https://pastebin.com/raw/mxvfk6sh
domain: hiraganadev-35044.portmap.host
domain: beginning-convenient.gl.at.ply.gg
domain: click-vsnet.gl.at.ply.gg
file: 185.39.19.20
hash: 430
file: 185.39.19.20
hash: 427
file: 185.39.19.20
hash: 424
file: 185.39.19.20
hash: 423
file: 185.39.19.20
hash: 420
file: 185.39.19.20
hash: 425
file: 185.39.19.20
hash: 422
url: https://5.75.220.172/
url: https://5.75.214.250/
file: 5.75.220.172
hash: 443
file: 5.75.214.250
hash: 443
hash: 204ab69b6ace47847f4ccddca710d94bfe54aa0922d41673df554841259b1c89
hash: e3d9b7c97de71dfb5f45627714a10325bd02ccf2a5ff958ee44555a488ac3d70
file: 185.39.19.20
hash: 426
hash: ed1124a44b31f70d74ac2e2417795ffdc7978b41e7579e5929f0e1b425ca41bc
hash: dc6f32fd29fe8c93d70c8c095f8a1bc686e5552023bfcf053a49f5e1da2f3dcc
hash: e52f188ccfc2813718588a583c771fda6abfba095687d4842cf4a45efc40d90f
hash: 5f8283e8bcfbe31467458552fe568c7e797b3de10d30dd6c3a751857c7070f80
file: 185.39.19.20
hash: 421
hash: 8a1b16f2739247705cf700bc3a858bd8a0868dd4e080c53aeb2d7dda6a6aeff1
hash: b7e1d5a31c274596885e61c20daf9fe12042ebb53cfcb6b398c17163e2b6df79
hash: 902a2a0a2a5f61d201afb7898e86b91d2e7a73dc7a925c8184dca555537cdcc9
hash: e1f15261e1b80bdd3c67dfa783a11a831ab87454d67934fa66a597ea9910a564
file: 110.41.45.6
hash: 2095
file: 120.27.10.43
hash: 6080
file: 47.237.20.48
hash: 443
file: 39.100.78.155
hash: 7777
file: 94.72.104.145
hash: 8081
file: 176.65.134.169
hash: 4700
domain: fukuq.icu
url: http://rabbitsweek.icu/bik.php
url: http://monthmeasure.icu/apri.php
url: http://monthmeasure.icu/apr.php
url: http://sleepplants.icu/limps.php
domain: monthmeasure.icu
url: https://armlamp.icu/art.php
url: https://1zlatitudert.live/teui
file: 103.136.43.20
hash: 47524
url: https://apelmerah.top/desk/trust.zip
file: 123.60.87.158
hash: 8090
file: 156.244.9.237
hash: 80
file: 175.27.137.222
hash: 4433
file: 196.251.69.26
hash: 8808
file: 104.245.106.30
hash: 6606
file: 104.245.106.30
hash: 7707
file: 196.251.81.249
hash: 6606
file: 196.251.81.249
hash: 7707
file: 193.201.9.252
hash: 15647
file: 185.14.92.177
hash: 7443
domain: touchstonesinvestments.com
domain: bgptools-wildcard-confirmed.duocphamhoanghuonghh.com
file: 116.212.185.242
hash: 8081
file: 47.254.247.118
hash: 443
domain: ip-96-126-124-158.cloudezapp.io
domain: payu-doladowania.com
file: 194.59.30.50
hash: 4449
file: 103.251.164.121
hash: 80
file: 67.207.161.237
hash: 1321
url: https://ecoexpanpd.live/tnbz
file: 69.157.7.189
hash: 2222
file: 185.39.19.20
hash: 418
domain: zabo.0x504.com
domain: nuxul.icu
file: 185.39.19.20
hash: 428
domain: juhup.icu
file: 8.137.108.138
hash: 7777
file: 192.241.137.101
hash: 443
file: 3.144.188.154
hash: 2067
file: 54.189.181.127
hash: 16098
file: 13.232.63.191
hash: 4321
file: 185.235.178.14
hash: 31337
url: http://107.173.61.146:8888/supershell/login
url: https://www.vtmarkets.top/
url: http://www.7needsofpatients.com/s1/
url: http://www.9cri.accountant/s1/
url: http://www.aandswholesale.com/s1/
url: http://www.adithyavm.com/s1/
url: http://www.ads-line.com/s1/
url: http://www.airmediabda.com/s1/
url: http://www.amcmadmen.com/s1/
url: http://www.amonlineb.com/s1/
url: http://www.animalnooz.info/s1/
url: http://www.appin.tech/s1/
url: http://www.bbbav93931.com/s1/
url: http://www.bojny.net/s1/
url: http://www.bufdv.com/s1/
url: http://www.cagschools.com/s1/
url: http://www.cex.party/s1/
url: http://www.cirquedumarina.com/s1/
url: http://www.counsellingsupervisor.com/s1/
url: http://www.cuchilleria.net/s1/
url: http://www.d55105.com/s1/
url: http://www.dondavidaltopalermo.com/s1/
url: http://www.doomcrowoffical.com/s1/
url: http://www.faraon-beth6.com/s1/
url: http://www.freedom100plan.info/s1/
url: http://www.ghyxm.info/s1/
url: http://www.gmecpn.men/s1/
url: http://www.goodkindtrue.com/s1/
url: http://www.gzsanj.com/s1/
url: http://www.hami.link/s1/
url: http://www.harmonyviolin.win/s1/
url: http://www.hemalipaterl.com/s1/
url: http://www.jennashrivercoaching.com/s1/
url: http://www.jinchenjin.com/s1/
url: http://www.kimbhoh.info/s1/
url: http://www.la-forme-matrice.com/s1/
url: http://www.lifemindmed.com/s1/
url: http://www.lineagro.com/s1/
url: http://www.liveoverseasconference.com/s1/
url: http://www.mad.foundation/s1/
url: http://www.michaellobato.com/s1/
url: http://www.moneyprime.net/s1/
url: http://www.myaeh.info/s1/
url: http://www.mycarefamily.net/s1/
url: http://www.nostalgicexpress.com/s1/
url: http://www.nowgopaint.com/s1/
url: http://www.nulunauniversity.com/s1/
url: http://www.petal.parts/s1/
url: http://www.plombierslivrygargan.com/s1/
url: http://www.rencornachine.com/s1/
url: http://www.sanmarinoseries.com/s1/
url: http://www.seadragonfob.com/s1/
url: http://www.surfbumapparel.com/s1/
url: http://www.taylormthomas.net/s1/
url: http://www.testvmsept07yyyyy.site/s1/
url: http://www.themodaempire.com/s1/
url: http://www.time4beauty-blog.info/s1/
url: http://www.tuthofilly.info/s1/
url: http://www.uniqueeyez.com/s1/
url: http://www.wamohssurgery.com/s1/
url: http://www.wwwvn602.com/s1/
url: http://www.wx-newtork.net/s1/
url: http://www.xn--950bn7a776apfal10cnib.com/s1/
url: http://www.xn--bescheidprfung-psb.com/s1/
url: http://www.yemail.email/s1/
url: http://www.youngminds.place/s1/
url: http://www.yuklemeislemi.online/s1l/
domain: www.yuklemeislemi.online
domain: www.7needsofpatients.com
domain: www.9cri.accountant
domain: www.aandswholesale.com
domain: www.adithyavm.com
domain: www.ads-line.com
domain: www.airmediabda.com
domain: www.amcmadmen.com
domain: www.amonlineb.com
domain: www.animalnooz.info
domain: www.appin.tech
domain: www.bbbav93931.com
domain: www.bojny.net
domain: www.bufdv.com
domain: www.cagschools.com
domain: www.cex.party
domain: www.cirquedumarina.com
domain: www.counsellingsupervisor.com
domain: www.cuchilleria.net
domain: www.d55105.com
domain: www.dondavidaltopalermo.com
domain: www.doomcrowoffical.com
domain: www.faraon-beth6.com
domain: www.freedom100plan.info
domain: www.ghyxm.info
domain: www.gmecpn.men
domain: www.goodkindtrue.com
domain: www.gzsanj.com
domain: www.hami.link
domain: www.harmonyviolin.win
domain: www.hemalipaterl.com
domain: www.jennashrivercoaching.com
domain: www.jinchenjin.com
domain: www.kimbhoh.info
domain: www.la-forme-matrice.com
domain: www.lifemindmed.com
domain: www.lineagro.com
domain: www.liveoverseasconference.com
domain: www.mad.foundation
domain: www.michaellobato.com
domain: www.moneyprime.net
domain: www.myaeh.info
domain: www.mycarefamily.net
domain: www.nostalgicexpress.com
domain: www.nowgopaint.com
domain: www.nulunauniversity.com
domain: www.petal.parts
domain: www.plombierslivrygargan.com
domain: www.rencornachine.com
domain: www.sanmarinoseries.com
domain: www.seadragonfob.com
domain: www.surfbumapparel.com
domain: www.taylormthomas.net
domain: www.testvmsept07yyyyy.site
domain: www.themodaempire.com
domain: www.time4beauty-blog.info
domain: www.tuthofilly.info
domain: www.uniqueeyez.com
domain: www.wamohssurgery.com
domain: www.wwwvn602.com
domain: www.wx-newtork.net
domain: www.xn--950bn7a776apfal10cnib.com
domain: www.xn--bescheidprfung-psb.com
domain: www.yemail.email
domain: www.youngminds.place
file: 94.156.227.204
hash: 1912
domain: hajouts8koumis5.duckdns.org
domain: hajouts8koumis6.duckdns.org
domain: fartgo21oursts1.duckdns.org
domain: fartgo21oursts2.duckdns.org
domain: fartgo21oursts3.duckdns.org
domain: security-2k7q-check.com
domain: nynoj.icu
domain: shelducopk.digital
domain: keywestuy.digital
domain: vampirebioat.digital
domain: manateeiu.digital
domain: quollgjk.digital
domain: shrimpcvd.digital
domain: pldcbus.digital
domain: tarantutyla.digital
domain: bullfrogvc.digital
domain: kangaroojh.digital
file: 149.104.29.129
hash: 8081
file: 123.249.20.20
hash: 80
file: 123.249.20.20
hash: 8443
file: 118.195.189.82
hash: 80
file: 106.75.21.94
hash: 8443
file: 101.126.10.97
hash: 8443
file: 104.37.4.27
hash: 2404
file: 109.120.137.86
hash: 101
file: 172.94.9.164
hash: 1962
file: 128.90.113.170
hash: 2000
file: 115.74.25.138
hash: 8000
domain: palid.icu
file: 86.54.42.245
hash: 4443
file: 13.38.11.108
hash: 88
file: 13.38.11.108
hash: 8888
domain: pebeg.icu
domain: eztest.site
file: 107.174.67.215
hash: 9312
file: 114.132.180.69
hash: 443
file: 119.29.28.34
hash: 8443
file: 193.5.65.115
hash: 80
domain: mysyv.icu
file: 82.115.223.118
hash: 80
domain: www.ishimotors.com
domain: dafeq.icu
url: https://www.ishimotors.com/profilelayout
file: 23.146.184.28
hash: 443
domain: solidewi.com
file: 159.203.2.140
hash: 443
file: 39.100.84.28
hash: 443
file: 95.131.202.38
hash: 9443
file: 212.69.167.73
hash: 9443
file: 31.172.74.201
hash: 31337
file: 218.104.52.188
hash: 9205
url: https://api.telegram.org/bot7309095694:aaexfdt7c83fftvgyimcrdzyyxx9okr4q6g/
domain: popbaggy.ignorelist.com
domain: zainezw.duckdns.org
url: https://pastebin.com/raw/kxhntszw
file: 196.251.115.101
hash: 5892
domain: junyk.icu
file: 142.202.242.184
hash: 8808
file: 128.90.113.170
hash: 4000
file: 23.95.106.22
hash: 8808
file: 102.117.171.208
hash: 7443
domain: akkiosk.org
file: 213.209.150.170
hash: 9841
file: 158.180.231.221
hash: 443
file: 114.132.94.52
hash: 5050
domain: incog.live
file: 147.185.221.27
hash: 57016
domain: panel-thrown.gl.at.ply.gg
file: 147.185.221.27
hash: 52684
domain: recommended-collins.gl.at.ply.gg
file: 35.205.244.23
hash: 80
url: http://207.244.199.46/
hash: 8d15df9b107c2c98ca561a2bea9f1387c3687e9f23e3c25e9776f261b63ff22e
hash: 05608a7f1f6c6ab7f1e054053af1e5c4176d1f44dc8b131bf241c5dd5294c342
hash: d266e4ae9e46504def36744d170d95d87665d6f5af8099151d70e241f417877a
hash: efaf4b2360c2b943bb51cde01836e0745a3ed38d94e84de924c2f74076fbd4ea
hash: 351db80d86453028f1a1bde8d16136f4b925cc55c0a954b1d1f9067de62e598e
hash: b7f01198732955d7261150fa1d841349aba6a3cc536c7e692a540096cd0e0537
hash: 89ce70ccdfe8bb5080e69ca1acc0e58738f3144d5687b898994ad26e88c39c6d
hash: 9f112964675cd66cd8122eb346d7f03a94ce3697a4c96de6deb14f4507d14868
hash: 9a02d81aa8b75ad8cc58b4baace4b39b0e0aded9d584feea7f50857b9b644e3b
domain: ayzyw.top
url: https://ayzyw.top/nlm/loop.js
hash: 9206ac7204fc6fde14170f4f0822b9abc9cbee6dd82e016cbc9b6da8bf94db88
file: 154.44.10.82
hash: 53
url: https://ayzyw.top/nlm/index.php
url: https://ayzyw.top/nlm/sss.php
hash: c34e2cb80c9634fb0a93d36c1e5eee342f2ae3df3aad66e23122074783d1c8ce
hash: eadacc96ceb24880d14b5a458c094daab81093d5ccf5e26f5a24971b4e18e8cb
hash: 8f9173f2fd2297bbd569d57845aef3f3f15b89b8b70fe1124b5c3e6876f69512
hash: 528e0d168d97d3b64700337727d303c417b7a765e94a189b754453f7d38fde48
domain: soficave.com
url: https://soficave.com/nlm/loop.js
url: https://soficave.com/nlm/sss.php
hash: 3424b126a66f15984149eb747f0dce0c0fa2ce55c48412872b882a8431fb0175
hash: 7b3ee6a79bd16371dacd622c02e3c8c865954f35a1c0dff40abb7e0647f191c4
hash: bd154de4db9a219b756eddfb0eddea6ec10b1e0be6ebc08708eb919fa725de8d
hash: 4188f89602c036c38fe155ad68a1dc5c0b6bb7cec17e8cdb80be4e7c357f729e
hash: 7bff1241ddba7252cc2c7357b606cd3ec43b7e163a503c299e4817b16a2246c2
domain: mtowner.com
hash: df606f6074f38a8a1709f9114ca01644fd753dbb831bb11559655f57514bf3ce
url: https://mtowner.com/5t4r.js
hash: 259b6cb483006335ef9bf5c15632d5e0ba70cb44131ed632d3229bd2f9ad03fc
url: https://mtowner.com/4e3r.js
url: https://mtowner.com/js.php
domain: kasej.icu
file: 176.65.134.100
hash: 31679
hash: f1bc762a4fe42958cdd16248e28e4b709a4fec3cb6c525449c288254f58ce088
hash: 7214788f224a5a3d28dad41ac8a3459463bb99deeb0f27ccb102e7e52dffb3e9
hash: c0706de8a1342f8a1e3832c66dd1c1eaba8396a5cbaa1ba47d2caa180d274db8
domain: pejnguin.live
hash: 28dd67b5397684e59eb37047ef61e20b01178f314b9073946355e8fcc312acd5
hash: 871c82dfad063dc69336f053d528604a110fd46809f27851abf23fe1f96058d3
domain: jellyfisnbnh.live
domain: h1.glucoseranger.digital
hash: db1fec34718760b8378bdfb1767a20606dcfdb016cd4569f17f43c1a173edb56
url: https://guitarcars.icu/art.php
url: http://factisland.icu/apr.php
url: http://factisland.icu/apri.php
domain: factisland.icu
domain: decisioniron.xyz
hash: 83201235a6e7e38ce418f0b29aae080965371c562b28ddfadf1696b9fc9d141c
url: https://gstarofliught.top/wozd
hash: d481bf5c7614fb84c2ece90f6fcb3b7d3d5265814e2375efa8fe5343e8d1fd16
file: 77.110.116.47
hash: 443
file: 77.110.116.47
hash: 80
file: 31.58.136.13
hash: 443
file: 121.37.217.210
hash: 8443
file: 124.71.139.142
hash: 80
file: 120.46.16.37
hash: 1144
file: 119.8.108.74
hash: 443
file: 175.27.137.222
hash: 888
file: 107.175.32.184
hash: 2405
file: 107.174.65.156
hash: 2404
file: 192.142.0.149
hash: 443
file: 172.245.25.184
hash: 2404
file: 173.214.166.105
hash: 4352
file: 154.37.213.163
hash: 8888
file: 51.175.8.79
hash: 4444
file: 164.90.180.58
hash: 7443
file: 143.110.213.30
hash: 7443
file: 65.38.121.128
hash: 7443
file: 164.92.184.73
hash: 7443
domain: relyheins.org
file: 18.199.99.219
hash: 42969
file: 54.250.0.227
hash: 80
file: 52.69.244.101
hash: 80
file: 191.96.235.70
hash: 80
file: 194.233.76.207
hash: 443
file: 102.159.226.238
hash: 443
file: 140.245.122.39
hash: 443
file: 107.189.25.246
hash: 443
file: 47.238.140.204
hash: 5544
file: 93.113.25.219
hash: 31337
file: 62.171.170.49
hash: 31337
file: 47.120.46.210
hash: 31337
file: 169.55.107.211
hash: 10250
file: 5.183.95.24
hash: 80
file: 52.33.227.95
hash: 80
file: 91.107.227.174
hash: 443
url: https://cloudflare.eclassexperts.com/
file: 190.145.78.30
hash: 444
file: 191.112.31.229
hash: 443
domain: dum555.duckdns.org
file: 194.163.188.142
hash: 9191
file: 24.62.238.14
hash: 443
file: 69.157.7.189
hash: 2078
file: 75.2.11.125
hash: 8128
file: 8.211.157.140
hash: 2002
file: 195.2.75.24
hash: 33334
file: 116.162.153.163
hash: 443
file: 119.8.108.74
hash: 80
file: 120.232.158.114
hash: 443
file: 122.246.30.27
hash: 443
file: 157.148.125.106
hash: 443
file: 202.144.192.24
hash: 443
file: 219.144.88.175
hash: 443
domain: wunep.icu

ThreatFox IOCs for 2025-04-23

Severity: medium

Type: malware

ThreatFox IOCs for 2025-04-23

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland

Indicators of Compromise

domain: vaboz.icu
hash: 22d316aec1664b148ee2ab8a197c7de477557ce9dcea250705053364bd98d1b2
hash: 8d15ca4f77aee1d2915234a148624d9fd8cd77b9efad32f4810492eb258977e2
hash: 9682fec5e1f3bfc01de99bb261bf4e584172f80570cdd8fe95ac13e03d263df5
domain: gthfjdk.pages.dev
domain: security-check-u8a6.com
domain: tc.easingaffix.site
hash: e140c8cb0a9ce96828119f040135a3b70d1c9ebbdea53dad954eb9cce70984fd
url: http://gdcbghvjyqy7jclk.onion.top/
hash: 7bc17129e3b6cc9d701dfb94a2f1c0415851cd485213605d1ebfaf701b831c5b
hash: 2b7bce9189fc62f088029ed3323206faf3b3d5e0ef7b107ac48a98eb321711c3
hash: 144289ed4d6a68c184b1793d8d2b3c7bbeb94d6bca179c4906a71f294b47a573
file: 217.18.210.168
hash: 4444
hash: 36ddeb8e1fcdc46781cd49306f2ca9c244190e3e82dd6290dfabe73b8b524c4d
hash: 99d63f07a16f4e69fd4ad58efa142eadd2b4082aed2ab0e8250fea035930e6ba
hash: 4e96b970367d1ae4d6b09fa0f4bbf363ee4d197753997142c3f51ba358008ef7
hash: 131ac5a7ea4aba832db8bd4b0cd7bc9e6f58343d4e788a67d22831c957c449ec
hash: 79283dac982adcfe31549d4f20f7b12bf636aa4fddaab72044364e042c8dac74
hash: bc272a48cc7f5db6edd615b710416e815468fb895233292879ccd72947c548e7
domain: sdfikguoriqoir.cloud
domain: checkuserseverdday.cloud
domain: flexingoto.cloud
hash: 7f939e9607c3a8d54397f509f76399e94504640deeb61577eb835e2e4bd7b30d
hash: 54986ad161a02d54df7cbc86e28e5ff059a6203349edd2db9ef72a9aa66952db
file: 147.185.221.26
hash: 50000
domain: manufacturer-viewing.gl.at.ply.gg
domain: nuwof.icu
file: 3.66.86.18
hash: 80
file: 196.251.118.128
hash: 8080
file: 209.250.246.205
hash: 443
file: 175.27.137.222
hash: 80
file: 106.75.210.106
hash: 80
file: 109.120.137.79
hash: 101
file: 54.39.19.186
hash: 443
file: 209.200.252.75
hash: 8888
file: 128.90.106.191
hash: 8808
file: 197.224.239.175
hash: 7443
file: 196.251.87.16
hash: 8082
file: 198.135.52.184
hash: 4444
file: 154.82.66.210
hash: 5671
hash: 01d6f868c146805dd8fbe924256bc2a51885afa4f547b27326b446075ce03567
hash: f22bf062fdf20998774007969d312052af9db728cfaa8388a56ad9b96d1a6531
hash: 2a0d8f3171763db72ca3a34f7cb499eb636fd44eda29645d4f4ca9a019d136c4
hash: 969aaf7841da3d91dcf91f7a17171afa05b62dc77cc146cb909ddf7d8eb803df
domain: en-bitcoin.org
file: 14.103.169.65
hash: 443
domain: ecs-27-106-109-232.compute.hwclouds-dns.com
file: 196.251.72.189
hash: 8080
file: 43.133.41.106
hash: 80
file: 185.254.198.90
hash: 443
file: 185.146.232.86
hash: 19752
file: 64.227.140.144
hash: 53487
file: 66.63.187.252
hash: 8808
file: 45.81.23.47
hash: 1888
domain: www.evaluationcurrency.com
domain: advath.socalmediazone.com
file: 172.65.164.86
hash: 443
file: 173.249.24.35
hash: 8000
file: 206.188.197.197
hash: 443
domain: 20-255-61-139.cprapid.com
file: 186.169.63.145
hash: 8090
file: 27.124.20.217
hash: 65503
file: 27.124.20.183
hash: 65503
file: 51.15.194.103
hash: 8443
file: 194.87.190.73
hash: 443
file: 195.62.48.195
hash: 80
file: 67.207.73.203
hash: 1724
file: 83.149.93.149
hash: 3333
file: 3.132.156.130
hash: 8443
file: 35.193.71.154
hash: 10443
file: 3.125.210.176
hash: 3333
file: 212.98.168.28
hash: 3333
file: 3.222.229.79
hash: 443
file: 167.172.161.109
hash: 3333
file: 149.104.30.249
hash: 9999
file: 168.138.12.215
hash: 8080
file: 3.126.146.104
hash: 3333
file: 3.136.93.180
hash: 443
file: 13.60.92.230
hash: 3333
file: 67.131.59.192
hash: 23
file: 41.226.122.34
hash: 443
url: https://ilongitudde.digital/wizu
file: 185.39.19.20
hash: 417
file: 185.39.19.20
hash: 431
file: 185.39.19.20
hash: 416
file: 185.39.19.20
hash: 419
file: 45.136.15.39
hash: 8443
file: 101.126.21.197
hash: 8443
file: 149.104.11.50
hash: 7001
file: 15.223.199.62
hash: 21
file: 13.247.61.156
hash: 37
file: 185.254.198.90
hash: 31337
file: 185.62.87.191
hash: 444
file: 91.81.248.10
hash: 7443
file: 151.80.60.181
hash: 3333
url: https://fansly.ad/
domain: assaa.freeddns.org
url: https://pastebin.com/raw/mxvfk6sh
domain: hiraganadev-35044.portmap.host
domain: beginning-convenient.gl.at.ply.gg
domain: click-vsnet.gl.at.ply.gg
file: 185.39.19.20
hash: 430
file: 185.39.19.20
hash: 427
file: 185.39.19.20
hash: 424
file: 185.39.19.20
hash: 423
file: 185.39.19.20
hash: 420
file: 185.39.19.20
hash: 425
file: 185.39.19.20
hash: 422
url: https://5.75.220.172/
url: https://5.75.214.250/
file: 5.75.220.172
hash: 443
file: 5.75.214.250
hash: 443
hash: 204ab69b6ace47847f4ccddca710d94bfe54aa0922d41673df554841259b1c89
hash: e3d9b7c97de71dfb5f45627714a10325bd02ccf2a5ff958ee44555a488ac3d70
file: 185.39.19.20
hash: 426
hash: ed1124a44b31f70d74ac2e2417795ffdc7978b41e7579e5929f0e1b425ca41bc
hash: dc6f32fd29fe8c93d70c8c095f8a1bc686e5552023bfcf053a49f5e1da2f3dcc
hash: e52f188ccfc2813718588a583c771fda6abfba095687d4842cf4a45efc40d90f
hash: 5f8283e8bcfbe31467458552fe568c7e797b3de10d30dd6c3a751857c7070f80
file: 185.39.19.20
hash: 421
hash: 8a1b16f2739247705cf700bc3a858bd8a0868dd4e080c53aeb2d7dda6a6aeff1
hash: b7e1d5a31c274596885e61c20daf9fe12042ebb53cfcb6b398c17163e2b6df79
hash: 902a2a0a2a5f61d201afb7898e86b91d2e7a73dc7a925c8184dca555537cdcc9
hash: e1f15261e1b80bdd3c67dfa783a11a831ab87454d67934fa66a597ea9910a564
file: 110.41.45.6
hash: 2095
file: 120.27.10.43
hash: 6080
file: 47.237.20.48
hash: 443
file: 39.100.78.155
hash: 7777
file: 94.72.104.145
hash: 8081
file: 176.65.134.169
hash: 4700
domain: fukuq.icu
url: http://rabbitsweek.icu/bik.php
url: http://monthmeasure.icu/apri.php
url: http://monthmeasure.icu/apr.php
url: http://sleepplants.icu/limps.php
domain: monthmeasure.icu
url: https://armlamp.icu/art.php
url: https://1zlatitudert.live/teui
file: 103.136.43.20
hash: 47524
url: https://apelmerah.top/desk/trust.zip
file: 123.60.87.158
hash: 8090
file: 156.244.9.237
hash: 80
file: 175.27.137.222
hash: 4433
file: 196.251.69.26
hash: 8808
file: 104.245.106.30
hash: 6606
file: 104.245.106.30
hash: 7707
file: 196.251.81.249
hash: 6606
file: 196.251.81.249
hash: 7707
file: 193.201.9.252
hash: 15647
file: 185.14.92.177
hash: 7443
domain: touchstonesinvestments.com
domain: bgptools-wildcard-confirmed.duocphamhoanghuonghh.com
file: 116.212.185.242
hash: 8081
file: 47.254.247.118
hash: 443
domain: ip-96-126-124-158.cloudezapp.io
domain: payu-doladowania.com
file: 194.59.30.50
hash: 4449
file: 103.251.164.121
hash: 80
file: 67.207.161.237
hash: 1321
url: https://ecoexpanpd.live/tnbz
file: 69.157.7.189
hash: 2222
file: 185.39.19.20
hash: 418
domain: zabo.0x504.com
domain: nuxul.icu
file: 185.39.19.20
hash: 428
domain: juhup.icu
file: 8.137.108.138
hash: 7777
file: 192.241.137.101
hash: 443
file: 3.144.188.154
hash: 2067
file: 54.189.181.127
hash: 16098
file: 13.232.63.191
hash: 4321
file: 185.235.178.14
hash: 31337
url: http://107.173.61.146:8888/supershell/login
url: https://www.vtmarkets.top/
url: http://www.7needsofpatients.com/s1/
url: http://www.9cri.accountant/s1/
url: http://www.aandswholesale.com/s1/
url: http://www.adithyavm.com/s1/
url: http://www.ads-line.com/s1/
url: http://www.airmediabda.com/s1/
url: http://www.amcmadmen.com/s1/
url: http://www.amonlineb.com/s1/
url: http://www.animalnooz.info/s1/
url: http://www.appin.tech/s1/
url: http://www.bbbav93931.com/s1/
url: http://www.bojny.net/s1/
url: http://www.bufdv.com/s1/
url: http://www.cagschools.com/s1/
url: http://www.cex.party/s1/
url: http://www.cirquedumarina.com/s1/
url: http://www.counsellingsupervisor.com/s1/
url: http://www.cuchilleria.net/s1/
url: http://www.d55105.com/s1/
url: http://www.dondavidaltopalermo.com/s1/
url: http://www.doomcrowoffical.com/s1/
url: http://www.faraon-beth6.com/s1/
url: http://www.freedom100plan.info/s1/
url: http://www.ghyxm.info/s1/
url: http://www.gmecpn.men/s1/
url: http://www.goodkindtrue.com/s1/
url: http://www.gzsanj.com/s1/
url: http://www.hami.link/s1/
url: http://www.harmonyviolin.win/s1/
url: http://www.hemalipaterl.com/s1/
url: http://www.jennashrivercoaching.com/s1/
url: http://www.jinchenjin.com/s1/
url: http://www.kimbhoh.info/s1/
url: http://www.la-forme-matrice.com/s1/
url: http://www.lifemindmed.com/s1/
url: http://www.lineagro.com/s1/
url: http://www.liveoverseasconference.com/s1/
url: http://www.mad.foundation/s1/
url: http://www.michaellobato.com/s1/
url: http://www.moneyprime.net/s1/
url: http://www.myaeh.info/s1/
url: http://www.mycarefamily.net/s1/
url: http://www.nostalgicexpress.com/s1/
url: http://www.nowgopaint.com/s1/
url: http://www.nulunauniversity.com/s1/
url: http://www.petal.parts/s1/
url: http://www.plombierslivrygargan.com/s1/
url: http://www.rencornachine.com/s1/
url: http://www.sanmarinoseries.com/s1/
url: http://www.seadragonfob.com/s1/
url: http://www.surfbumapparel.com/s1/
url: http://www.taylormthomas.net/s1/
url: http://www.testvmsept07yyyyy.site/s1/
url: http://www.themodaempire.com/s1/
url: http://www.time4beauty-blog.info/s1/
url: http://www.tuthofilly.info/s1/
url: http://www.uniqueeyez.com/s1/
url: http://www.wamohssurgery.com/s1/
url: http://www.wwwvn602.com/s1/
url: http://www.wx-newtork.net/s1/
url: http://www.xn--950bn7a776apfal10cnib.com/s1/
url: http://www.xn--bescheidprfung-psb.com/s1/
url: http://www.yemail.email/s1/
url: http://www.youngminds.place/s1/
url: http://www.yuklemeislemi.online/s1l/
domain: www.yuklemeislemi.online
domain: www.7needsofpatients.com
domain: www.9cri.accountant
domain: www.aandswholesale.com
domain: www.adithyavm.com
domain: www.ads-line.com
domain: www.airmediabda.com
domain: www.amcmadmen.com
domain: www.amonlineb.com
domain: www.animalnooz.info
domain: www.appin.tech
domain: www.bbbav93931.com
domain: www.bojny.net
domain: www.bufdv.com
domain: www.cagschools.com
domain: www.cex.party
domain: www.cirquedumarina.com
domain: www.counsellingsupervisor.com
domain: www.cuchilleria.net
domain: www.d55105.com
domain: www.dondavidaltopalermo.com
domain: www.doomcrowoffical.com
domain: www.faraon-beth6.com
domain: www.freedom100plan.info
domain: www.ghyxm.info
domain: www.gmecpn.men
domain: www.goodkindtrue.com
domain: www.gzsanj.com
domain: www.hami.link
domain: www.harmonyviolin.win
domain: www.hemalipaterl.com
domain: www.jennashrivercoaching.com
domain: www.jinchenjin.com
domain: www.kimbhoh.info
domain: www.la-forme-matrice.com
domain: www.lifemindmed.com
domain: www.lineagro.com
domain: www.liveoverseasconference.com
domain: www.mad.foundation
domain: www.michaellobato.com
domain: www.moneyprime.net
domain: www.myaeh.info
domain: www.mycarefamily.net
domain: www.nostalgicexpress.com
domain: www.nowgopaint.com
domain: www.nulunauniversity.com
domain: www.petal.parts
domain: www.plombierslivrygargan.com
domain: www.rencornachine.com
domain: www.sanmarinoseries.com
domain: www.seadragonfob.com
domain: www.surfbumapparel.com
domain: www.taylormthomas.net
domain: www.testvmsept07yyyyy.site
domain: www.themodaempire.com
domain: www.time4beauty-blog.info
domain: www.tuthofilly.info
domain: www.uniqueeyez.com
domain: www.wamohssurgery.com
domain: www.wwwvn602.com
domain: www.wx-newtork.net
domain: www.xn--950bn7a776apfal10cnib.com
domain: www.xn--bescheidprfung-psb.com
domain: www.yemail.email
domain: www.youngminds.place
file: 94.156.227.204
hash: 1912
domain: hajouts8koumis5.duckdns.org
domain: hajouts8koumis6.duckdns.org
domain: fartgo21oursts1.duckdns.org
domain: fartgo21oursts2.duckdns.org
domain: fartgo21oursts3.duckdns.org
domain: security-2k7q-check.com
domain: nynoj.icu
domain: shelducopk.digital
domain: keywestuy.digital
domain: vampirebioat.digital
domain: manateeiu.digital
domain: quollgjk.digital
domain: shrimpcvd.digital
domain: pldcbus.digital
domain: tarantutyla.digital
domain: bullfrogvc.digital
domain: kangaroojh.digital
file: 149.104.29.129
hash: 8081
file: 123.249.20.20
hash: 80
file: 123.249.20.20
hash: 8443
file: 118.195.189.82
hash: 80
file: 106.75.21.94
hash: 8443
file: 101.126.10.97
hash: 8443
file: 104.37.4.27
hash: 2404
file: 109.120.137.86
hash: 101
file: 172.94.9.164
hash: 1962
file: 128.90.113.170
hash: 2000
file: 115.74.25.138
hash: 8000
domain: palid.icu
file: 86.54.42.245
hash: 4443
file: 13.38.11.108
hash: 88
file: 13.38.11.108
hash: 8888
domain: pebeg.icu
domain: eztest.site
file: 107.174.67.215
hash: 9312
file: 114.132.180.69
hash: 443
file: 119.29.28.34
hash: 8443
file: 193.5.65.115
hash: 80
domain: mysyv.icu
file: 82.115.223.118
hash: 80
domain: www.ishimotors.com
domain: dafeq.icu
url: https://www.ishimotors.com/profilelayout
file: 23.146.184.28
hash: 443
domain: solidewi.com
file: 159.203.2.140
hash: 443
file: 39.100.84.28
hash: 443
file: 95.131.202.38
hash: 9443
file: 212.69.167.73
hash: 9443
file: 31.172.74.201
hash: 31337
file: 218.104.52.188
hash: 9205
url: https://api.telegram.org/bot7309095694:aaexfdt7c83fftvgyimcrdzyyxx9okr4q6g/
domain: popbaggy.ignorelist.com
domain: zainezw.duckdns.org
url: https://pastebin.com/raw/kxhntszw
file: 196.251.115.101
hash: 5892
domain: junyk.icu
file: 142.202.242.184
hash: 8808
file: 128.90.113.170
hash: 4000
file: 23.95.106.22
hash: 8808
file: 102.117.171.208
hash: 7443
domain: akkiosk.org
file: 213.209.150.170
hash: 9841
file: 158.180.231.221
hash: 443
file: 114.132.94.52
hash: 5050
domain: incog.live
file: 147.185.221.27
hash: 57016
domain: panel-thrown.gl.at.ply.gg
file: 147.185.221.27
hash: 52684
domain: recommended-collins.gl.at.ply.gg
file: 35.205.244.23
hash: 80
url: http://207.244.199.46/
hash: 8d15df9b107c2c98ca561a2bea9f1387c3687e9f23e3c25e9776f261b63ff22e
hash: 05608a7f1f6c6ab7f1e054053af1e5c4176d1f44dc8b131bf241c5dd5294c342
hash: d266e4ae9e46504def36744d170d95d87665d6f5af8099151d70e241f417877a
hash: efaf4b2360c2b943bb51cde01836e0745a3ed38d94e84de924c2f74076fbd4ea
hash: 351db80d86453028f1a1bde8d16136f4b925cc55c0a954b1d1f9067de62e598e
hash: b7f01198732955d7261150fa1d841349aba6a3cc536c7e692a540096cd0e0537
hash: 89ce70ccdfe8bb5080e69ca1acc0e58738f3144d5687b898994ad26e88c39c6d
hash: 9f112964675cd66cd8122eb346d7f03a94ce3697a4c96de6deb14f4507d14868
hash: 9a02d81aa8b75ad8cc58b4baace4b39b0e0aded9d584feea7f50857b9b644e3b
domain: ayzyw.top
url: https://ayzyw.top/nlm/loop.js
hash: 9206ac7204fc6fde14170f4f0822b9abc9cbee6dd82e016cbc9b6da8bf94db88
file: 154.44.10.82
hash: 53
url: https://ayzyw.top/nlm/index.php
url: https://ayzyw.top/nlm/sss.php
hash: c34e2cb80c9634fb0a93d36c1e5eee342f2ae3df3aad66e23122074783d1c8ce
hash: eadacc96ceb24880d14b5a458c094daab81093d5ccf5e26f5a24971b4e18e8cb
hash: 8f9173f2fd2297bbd569d57845aef3f3f15b89b8b70fe1124b5c3e6876f69512
hash: 528e0d168d97d3b64700337727d303c417b7a765e94a189b754453f7d38fde48
domain: soficave.com
url: https://soficave.com/nlm/loop.js
url: https://soficave.com/nlm/sss.php
hash: 3424b126a66f15984149eb747f0dce0c0fa2ce55c48412872b882a8431fb0175
hash: 7b3ee6a79bd16371dacd622c02e3c8c865954f35a1c0dff40abb7e0647f191c4
hash: bd154de4db9a219b756eddfb0eddea6ec10b1e0be6ebc08708eb919fa725de8d
hash: 4188f89602c036c38fe155ad68a1dc5c0b6bb7cec17e8cdb80be4e7c357f729e
hash: 7bff1241ddba7252cc2c7357b606cd3ec43b7e163a503c299e4817b16a2246c2
domain: mtowner.com
hash: df606f6074f38a8a1709f9114ca01644fd753dbb831bb11559655f57514bf3ce
url: https://mtowner.com/5t4r.js
hash: 259b6cb483006335ef9bf5c15632d5e0ba70cb44131ed632d3229bd2f9ad03fc
url: https://mtowner.com/4e3r.js
url: https://mtowner.com/js.php
domain: kasej.icu
file: 176.65.134.100
hash: 31679
hash: f1bc762a4fe42958cdd16248e28e4b709a4fec3cb6c525449c288254f58ce088
hash: 7214788f224a5a3d28dad41ac8a3459463bb99deeb0f27ccb102e7e52dffb3e9
hash: c0706de8a1342f8a1e3832c66dd1c1eaba8396a5cbaa1ba47d2caa180d274db8
domain: pejnguin.live
hash: 28dd67b5397684e59eb37047ef61e20b01178f314b9073946355e8fcc312acd5
hash: 871c82dfad063dc69336f053d528604a110fd46809f27851abf23fe1f96058d3
domain: jellyfisnbnh.live
domain: h1.glucoseranger.digital
hash: db1fec34718760b8378bdfb1767a20606dcfdb016cd4569f17f43c1a173edb56
url: https://guitarcars.icu/art.php
url: http://factisland.icu/apr.php
url: http://factisland.icu/apri.php
domain: factisland.icu
domain: decisioniron.xyz
hash: 83201235a6e7e38ce418f0b29aae080965371c562b28ddfadf1696b9fc9d141c
url: https://gstarofliught.top/wozd
hash: d481bf5c7614fb84c2ece90f6fcb3b7d3d5265814e2375efa8fe5343e8d1fd16
file: 77.110.116.47
hash: 443
file: 77.110.116.47
hash: 80
file: 31.58.136.13
hash: 443
file: 121.37.217.210
hash: 8443
file: 124.71.139.142
hash: 80
file: 120.46.16.37
hash: 1144
file: 119.8.108.74
hash: 443
file: 175.27.137.222
hash: 888
file: 107.175.32.184
hash: 2405
file: 107.174.65.156
hash: 2404
file: 192.142.0.149
hash: 443
file: 172.245.25.184
hash: 2404
file: 173.214.166.105
hash: 4352
file: 154.37.213.163
hash: 8888
file: 51.175.8.79
hash: 4444
file: 164.90.180.58
hash: 7443
file: 143.110.213.30
hash: 7443
file: 65.38.121.128
hash: 7443
file: 164.92.184.73
hash: 7443
domain: relyheins.org
file: 18.199.99.219
hash: 42969
file: 54.250.0.227
hash: 80
file: 52.69.244.101
hash: 80
file: 191.96.235.70
hash: 80
file: 194.233.76.207
hash: 443
file: 102.159.226.238
hash: 443
file: 140.245.122.39
hash: 443
file: 107.189.25.246
hash: 443
file: 47.238.140.204
hash: 5544
file: 93.113.25.219
hash: 31337
file: 62.171.170.49
hash: 31337
file: 47.120.46.210
hash: 31337
file: 169.55.107.211
hash: 10250
file: 5.183.95.24
hash: 80
file: 52.33.227.95
hash: 80
file: 91.107.227.174
hash: 443
url: https://cloudflare.eclassexperts.com/
file: 190.145.78.30
hash: 444
file: 191.112.31.229
hash: 443
domain: dum555.duckdns.org
file: 194.163.188.142
hash: 9191
file: 24.62.238.14
hash: 443
file: 69.157.7.189
hash: 2078
file: 75.2.11.125
hash: 8128
file: 8.211.157.140
hash: 2002
file: 195.2.75.24
hash: 33334
file: 116.162.153.163
hash: 443
file: 119.8.108.74
hash: 80
file: 120.232.158.114
hash: 443
file: 122.246.30.27
hash: 443
file: 157.148.125.106
hash: 443
file: 202.144.192.24
hash: 443
file: 219.144.88.175
hash: 443
domain: wunep.icu

Source: ThreatFox

Published: Wed Apr 23 2025

ThreatFox IOCs for 2025-04-23

Medium

Malwaretype:osint tlp:white

Published: Wed Apr 23 2025 (04/23/2025, 00:00:00 UTC)

Source: ThreatFox

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2025-04-23

AI-Powered Analysis

AILast updated: 06/19/2025, 15:19:47 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: 2830f98c-b039-4961-a90c-10985ac410c0
Original Timestamp: 1745452988

Indicators of Compromise

Domain

Value	Description	Copy
domainvaboz.icu	ClearFake payload delivery domain (confidence level: 100%)
domaingthfjdk.pages.dev	ClearFake payload delivery domain (confidence level: 100%)
domainsecurity-check-u8a6.com	ClearFake payload delivery domain (confidence level: 100%)
domaintc.easingaffix.site	ClearFake payload delivery domain (confidence level: 100%)
domainsdfikguoriqoir.cloud	ClearFake payload delivery domain (confidence level: 100%)
domaincheckuserseverdday.cloud	ClearFake payload delivery domain (confidence level: 100%)
domainflexingoto.cloud	ClearFake payload delivery domain (confidence level: 100%)
domainmanufacturer-viewing.gl.at.ply.gg	Nanocore RAT botnet C2 domain (confidence level: 100%)
domainnuwof.icu	ClearFake payload delivery domain (confidence level: 100%)
domainen-bitcoin.org	Unknown malware credit card skimming domain (confidence level: 100%)
domainecs-27-106-109-232.compute.hwclouds-dns.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.evaluationcurrency.com	Unknown malware botnet C2 domain (confidence level: 100%)
domainadvath.socalmediazone.com	Hook botnet C2 domain (confidence level: 100%)
domain20-255-61-139.cprapid.com	Havoc botnet C2 domain (confidence level: 100%)
domainassaa.freeddns.org	AsyncRAT botnet C2 domain (confidence level: 50%)
domainhiraganadev-35044.portmap.host	XWorm botnet C2 domain (confidence level: 50%)
domainbeginning-convenient.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domainclick-vsnet.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domainfukuq.icu	ClearFake payload delivery domain (confidence level: 100%)
domainmonthmeasure.icu	Unknown Loader botnet C2 domain (confidence level: 100%)
domaintouchstonesinvestments.com	Hook botnet C2 domain (confidence level: 100%)
domainbgptools-wildcard-confirmed.duocphamhoanghuonghh.com	Hook botnet C2 domain (confidence level: 100%)
domainip-96-126-124-158.cloudezapp.io	Havoc botnet C2 domain (confidence level: 100%)
domainpayu-doladowania.com	Havoc botnet C2 domain (confidence level: 100%)
domainzabo.0x504.com	Mirai botnet C2 domain (confidence level: 75%)
domainnuxul.icu	ClearFake payload delivery domain (confidence level: 100%)
domainjuhup.icu	ClearFake payload delivery domain (confidence level: 100%)
domainwww.yuklemeislemi.online	Formbook botnet C2 domain (confidence level: 50%)
domainwww.7needsofpatients.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.9cri.accountant	Formbook botnet C2 domain (confidence level: 50%)
domainwww.aandswholesale.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.adithyavm.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ads-line.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.airmediabda.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.amcmadmen.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.amonlineb.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.animalnooz.info	Formbook botnet C2 domain (confidence level: 50%)
domainwww.appin.tech	Formbook botnet C2 domain (confidence level: 50%)
domainwww.bbbav93931.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.bojny.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.bufdv.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.cagschools.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.cex.party	Formbook botnet C2 domain (confidence level: 50%)
domainwww.cirquedumarina.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.counsellingsupervisor.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.cuchilleria.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.d55105.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.dondavidaltopalermo.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.doomcrowoffical.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.faraon-beth6.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.freedom100plan.info	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ghyxm.info	Formbook botnet C2 domain (confidence level: 50%)
domainwww.gmecpn.men	Formbook botnet C2 domain (confidence level: 50%)
domainwww.goodkindtrue.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.gzsanj.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.hami.link	Formbook botnet C2 domain (confidence level: 50%)
domainwww.harmonyviolin.win	Formbook botnet C2 domain (confidence level: 50%)
domainwww.hemalipaterl.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.jennashrivercoaching.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.jinchenjin.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.kimbhoh.info	Formbook botnet C2 domain (confidence level: 50%)
domainwww.la-forme-matrice.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.lifemindmed.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.lineagro.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.liveoverseasconference.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.mad.foundation	Formbook botnet C2 domain (confidence level: 50%)
domainwww.michaellobato.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.moneyprime.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.myaeh.info	Formbook botnet C2 domain (confidence level: 50%)
domainwww.mycarefamily.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.nostalgicexpress.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.nowgopaint.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.nulunauniversity.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.petal.parts	Formbook botnet C2 domain (confidence level: 50%)
domainwww.plombierslivrygargan.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.rencornachine.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.sanmarinoseries.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.seadragonfob.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.surfbumapparel.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.taylormthomas.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.testvmsept07yyyyy.site	Formbook botnet C2 domain (confidence level: 50%)
domainwww.themodaempire.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.time4beauty-blog.info	Formbook botnet C2 domain (confidence level: 50%)
domainwww.tuthofilly.info	Formbook botnet C2 domain (confidence level: 50%)
domainwww.uniqueeyez.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.wamohssurgery.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.wwwvn602.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.wx-newtork.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.xn--950bn7a776apfal10cnib.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.xn--bescheidprfung-psb.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.yemail.email	Formbook botnet C2 domain (confidence level: 50%)
domainwww.youngminds.place	Formbook botnet C2 domain (confidence level: 50%)
domainhajouts8koumis5.duckdns.org	Remcos botnet C2 domain (confidence level: 100%)
domainhajouts8koumis6.duckdns.org	Remcos botnet C2 domain (confidence level: 100%)
domainfartgo21oursts1.duckdns.org	Remcos botnet C2 domain (confidence level: 100%)
domainfartgo21oursts2.duckdns.org	Remcos botnet C2 domain (confidence level: 100%)
domainfartgo21oursts3.duckdns.org	Remcos botnet C2 domain (confidence level: 100%)
domainsecurity-2k7q-check.com	ClearFake payload delivery domain (confidence level: 100%)
domainnynoj.icu	ClearFake payload delivery domain (confidence level: 100%)
domainshelducopk.digital	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainkeywestuy.digital	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainvampirebioat.digital	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainmanateeiu.digital	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainquollgjk.digital	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainshrimpcvd.digital	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainpldcbus.digital	Lumma Stealer botnet C2 domain (confidence level: 75%)
domaintarantutyla.digital	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainbullfrogvc.digital	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainkangaroojh.digital	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainpalid.icu	ClearFake payload delivery domain (confidence level: 100%)
domainpebeg.icu	ClearFake payload delivery domain (confidence level: 100%)
domaineztest.site	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainmysyv.icu	ClearFake payload delivery domain (confidence level: 100%)
domainwww.ishimotors.com	FAKEUPDATES botnet C2 domain (confidence level: 100%)
domaindafeq.icu	ClearFake payload delivery domain (confidence level: 100%)
domainsolidewi.com	FAKEUPDATES payload delivery domain (confidence level: 100%)
domainpopbaggy.ignorelist.com	Remcos botnet C2 domain (confidence level: 50%)
domainzainezw.duckdns.org	Remcos botnet C2 domain (confidence level: 50%)
domainjunyk.icu	ClearFake payload delivery domain (confidence level: 100%)
domainakkiosk.org	Hook botnet C2 domain (confidence level: 100%)
domainincog.live	Unknown malware botnet C2 domain (confidence level: 100%)
domainpanel-thrown.gl.at.ply.gg	NjRAT botnet C2 domain (confidence level: 75%)
domainrecommended-collins.gl.at.ply.gg	NjRAT botnet C2 domain (confidence level: 75%)
domainayzyw.top	FAKEUPDATES payload delivery domain (confidence level: 100%)
domainsoficave.com	FAKEUPDATES payload delivery domain (confidence level: 100%)
domainmtowner.com	FAKEUPDATES payload delivery domain (confidence level: 100%)
domainkasej.icu	ClearFake payload delivery domain (confidence level: 100%)
domainpejnguin.live	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainjellyfisnbnh.live	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainh1.glucoseranger.digital	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainfactisland.icu	Unknown Loader botnet C2 domain (confidence level: 100%)
domaindecisioniron.xyz	Unknown Loader botnet C2 domain (confidence level: 100%)
domainrelyheins.org	Hook botnet C2 domain (confidence level: 100%)
domaindum555.duckdns.org	Remcos botnet C2 domain (confidence level: 50%)
domainwunep.icu	ClearFake payload delivery domain (confidence level: 100%)

Hash

Value	Description	Copy
hash22d316aec1664b148ee2ab8a197c7de477557ce9dcea250705053364bd98d1b2	Unknown malware payload (confidence level: 75%)
hash8d15ca4f77aee1d2915234a148624d9fd8cd77b9efad32f4810492eb258977e2	Unknown malware payload (confidence level: 75%)
hash9682fec5e1f3bfc01de99bb261bf4e584172f80570cdd8fe95ac13e03d263df5	Unknown malware payload (confidence level: 75%)
hashe140c8cb0a9ce96828119f040135a3b70d1c9ebbdea53dad954eb9cce70984fd	Unknown malware payload (confidence level: 100%)
hash7bc17129e3b6cc9d701dfb94a2f1c0415851cd485213605d1ebfaf701b831c5b	Unknown malware payload (confidence level: 75%)
hash2b7bce9189fc62f088029ed3323206faf3b3d5e0ef7b107ac48a98eb321711c3	Unknown malware payload (confidence level: 75%)
hash144289ed4d6a68c184b1793d8d2b3c7bbeb94d6bca179c4906a71f294b47a573	Unknown malware payload (confidence level: 75%)
hash4444	Unknown malware botnet C2 server (confidence level: 50%)
hash36ddeb8e1fcdc46781cd49306f2ca9c244190e3e82dd6290dfabe73b8b524c4d	Unknown malware payload (confidence level: 50%)
hash99d63f07a16f4e69fd4ad58efa142eadd2b4082aed2ab0e8250fea035930e6ba	Unknown malware payload (confidence level: 75%)
hash4e96b970367d1ae4d6b09fa0f4bbf363ee4d197753997142c3f51ba358008ef7	Unknown malware payload (confidence level: 75%)
hash131ac5a7ea4aba832db8bd4b0cd7bc9e6f58343d4e788a67d22831c957c449ec	Unknown malware payload (confidence level: 75%)
hash79283dac982adcfe31549d4f20f7b12bf636aa4fddaab72044364e042c8dac74	Unknown malware payload (confidence level: 100%)
hashbc272a48cc7f5db6edd615b710416e815468fb895233292879ccd72947c548e7	Unknown malware payload (confidence level: 75%)
hash7f939e9607c3a8d54397f509f76399e94504640deeb61577eb835e2e4bd7b30d	Unknown malware payload (confidence level: 75%)
hash54986ad161a02d54df7cbc86e28e5ff059a6203349edd2db9ef72a9aa66952db	Unknown malware payload (confidence level: 75%)
hash50000	Nanocore RAT botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash101	Remcos botnet C2 server (confidence level: 100%)
hash443	Remcos botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash8082	Hook botnet C2 server (confidence level: 100%)
hash4444	Venom RAT botnet C2 server (confidence level: 100%)
hash5671	DCRat botnet C2 server (confidence level: 100%)
hash01d6f868c146805dd8fbe924256bc2a51885afa4f547b27326b446075ce03567	Unknown malware payload (confidence level: 100%)
hashf22bf062fdf20998774007969d312052af9db728cfaa8388a56ad9b96d1a6531	Unknown malware payload (confidence level: 100%)
hash2a0d8f3171763db72ca3a34f7cb499eb636fd44eda29645d4f4ca9a019d136c4	Unknown malware payload (confidence level: 100%)
hash969aaf7841da3d91dcf91f7a17171afa05b62dc77cc146cb909ddf7d8eb803df	Unknown malware payload (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Sliver botnet C2 server (confidence level: 90%)
hash19752	Sliver botnet C2 server (confidence level: 90%)
hash53487	Sliver botnet C2 server (confidence level: 90%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash1888	AsyncRAT botnet C2 server (confidence level: 100%)
hash443	Remcos botnet C2 server (confidence level: 100%)
hash8000	Sliver botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash8090	DCRat botnet C2 server (confidence level: 100%)
hash65503	DCRat botnet C2 server (confidence level: 100%)
hash65503	DCRat botnet C2 server (confidence level: 100%)
hash8443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash80	XehookStealer botnet C2 server (confidence level: 100%)
hash1724	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash8443	Unknown malware botnet C2 server (confidence level: 100%)
hash10443	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash9999	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash23	Bashlite botnet C2 server (confidence level: 90%)
hash443	QakBot botnet C2 server (confidence level: 100%)
hash417	Tofsee botnet C2 server (confidence level: 100%)
hash431	Tofsee botnet C2 server (confidence level: 100%)
hash416	Tofsee botnet C2 server (confidence level: 100%)
hash419	Tofsee botnet C2 server (confidence level: 100%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash7001	Cobalt Strike botnet C2 server (confidence level: 50%)
hash21	BlackShades botnet C2 server (confidence level: 50%)
hash37	BlackShades botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash444	AsyncRAT botnet C2 server (confidence level: 50%)
hash7443	Unknown malware botnet C2 server (confidence level: 50%)
hash3333	Unknown malware botnet C2 server (confidence level: 50%)
hash430	Tofsee botnet C2 server (confidence level: 100%)
hash427	Tofsee botnet C2 server (confidence level: 100%)
hash424	Tofsee botnet C2 server (confidence level: 100%)
hash423	Tofsee botnet C2 server (confidence level: 100%)
hash420	Tofsee botnet C2 server (confidence level: 100%)
hash425	Tofsee botnet C2 server (confidence level: 100%)
hash422	Tofsee botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash204ab69b6ace47847f4ccddca710d94bfe54aa0922d41673df554841259b1c89	Unknown malware payload (confidence level: 75%)
hashe3d9b7c97de71dfb5f45627714a10325bd02ccf2a5ff958ee44555a488ac3d70	Unknown malware payload (confidence level: 75%)
hash426	Tofsee botnet C2 server (confidence level: 100%)
hashed1124a44b31f70d74ac2e2417795ffdc7978b41e7579e5929f0e1b425ca41bc	Unknown malware payload (confidence level: 50%)
hashdc6f32fd29fe8c93d70c8c095f8a1bc686e5552023bfcf053a49f5e1da2f3dcc	Unknown malware payload (confidence level: 50%)
hashe52f188ccfc2813718588a583c771fda6abfba095687d4842cf4a45efc40d90f	Unknown malware payload (confidence level: 75%)
hash5f8283e8bcfbe31467458552fe568c7e797b3de10d30dd6c3a751857c7070f80	Unknown malware payload (confidence level: 75%)
hash421	Tofsee botnet C2 server (confidence level: 100%)
hash8a1b16f2739247705cf700bc3a858bd8a0868dd4e080c53aeb2d7dda6a6aeff1	Unknown malware payload (confidence level: 75%)
hashb7e1d5a31c274596885e61c20daf9fe12042ebb53cfcb6b398c17163e2b6df79	Unknown malware payload (confidence level: 75%)
hash902a2a0a2a5f61d201afb7898e86b91d2e7a73dc7a925c8184dca555537cdcc9	Unknown malware payload (confidence level: 75%)
hashe1f15261e1b80bdd3c67dfa783a11a831ab87454d67934fa66a597ea9910a564	Unknown malware payload (confidence level: 100%)
hash2095	Cobalt Strike botnet C2 server (confidence level: 100%)
hash6080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash7777	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4700	Remcos botnet C2 server (confidence level: 75%)
hash47524	Mirai botnet C2 server (confidence level: 75%)
hash8090	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash6606	AsyncRAT botnet C2 server (confidence level: 100%)
hash7707	AsyncRAT botnet C2 server (confidence level: 100%)
hash6606	AsyncRAT botnet C2 server (confidence level: 100%)
hash7707	AsyncRAT botnet C2 server (confidence level: 100%)
hash15647	SectopRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash8081	Quasar RAT botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash4449	Venom RAT botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash1321	XWorm botnet C2 server (confidence level: 75%)
hash2222	QakBot botnet C2 server (confidence level: 75%)
hash418	Tofsee botnet C2 server (confidence level: 100%)
hash428	Tofsee botnet C2 server (confidence level: 100%)
hash7777	Cobalt Strike botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash2067	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash16098	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash4321	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash1912	RedLine Stealer botnet C2 server (confidence level: 50%)
hash8081	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash101	Remcos botnet C2 server (confidence level: 100%)
hash1962	Remcos botnet C2 server (confidence level: 100%)
hash2000	AsyncRAT botnet C2 server (confidence level: 100%)
hash8000	Venom RAT botnet C2 server (confidence level: 100%)
hash4443	DCRat botnet C2 server (confidence level: 100%)
hash88	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8888	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash9312	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	FAKEUPDATES botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash9443	Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash9443	Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash9205	Unknown malware botnet C2 server (confidence level: 50%)
hash5892	XWorm botnet C2 server (confidence level: 50%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash4000	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash9841	Quasar RAT botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash5050	Venom RAT botnet C2 server (confidence level: 100%)
hash57016	NjRAT botnet C2 server (confidence level: 75%)
hash52684	NjRAT botnet C2 server (confidence level: 75%)
hash80	MimiKatz botnet C2 server (confidence level: 100%)
hash8d15df9b107c2c98ca561a2bea9f1387c3687e9f23e3c25e9776f261b63ff22e	Unknown malware payload (confidence level: 75%)
hash05608a7f1f6c6ab7f1e054053af1e5c4176d1f44dc8b131bf241c5dd5294c342	Unknown malware payload (confidence level: 75%)
hashd266e4ae9e46504def36744d170d95d87665d6f5af8099151d70e241f417877a	Unknown malware payload (confidence level: 75%)
hashefaf4b2360c2b943bb51cde01836e0745a3ed38d94e84de924c2f74076fbd4ea	Unknown malware payload (confidence level: 75%)
hash351db80d86453028f1a1bde8d16136f4b925cc55c0a954b1d1f9067de62e598e	Unknown malware payload (confidence level: 25%)
hashb7f01198732955d7261150fa1d841349aba6a3cc536c7e692a540096cd0e0537	Unknown malware payload (confidence level: 75%)
hash89ce70ccdfe8bb5080e69ca1acc0e58738f3144d5687b898994ad26e88c39c6d	Unknown malware payload (confidence level: 75%)
hash9f112964675cd66cd8122eb346d7f03a94ce3697a4c96de6deb14f4507d14868	Unknown malware payload (confidence level: 75%)
hash9a02d81aa8b75ad8cc58b4baace4b39b0e0aded9d584feea7f50857b9b644e3b	Unknown malware payload (confidence level: 25%)
hash9206ac7204fc6fde14170f4f0822b9abc9cbee6dd82e016cbc9b6da8bf94db88	Unknown malware payload (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hashc34e2cb80c9634fb0a93d36c1e5eee342f2ae3df3aad66e23122074783d1c8ce	Unknown malware payload (confidence level: 75%)
hasheadacc96ceb24880d14b5a458c094daab81093d5ccf5e26f5a24971b4e18e8cb	Unknown malware payload (confidence level: 75%)
hash8f9173f2fd2297bbd569d57845aef3f3f15b89b8b70fe1124b5c3e6876f69512	Unknown malware payload (confidence level: 75%)
hash528e0d168d97d3b64700337727d303c417b7a765e94a189b754453f7d38fde48	Unknown malware payload (confidence level: 100%)
hash3424b126a66f15984149eb747f0dce0c0fa2ce55c48412872b882a8431fb0175	Unknown malware payload (confidence level: 75%)
hash7b3ee6a79bd16371dacd622c02e3c8c865954f35a1c0dff40abb7e0647f191c4	Unknown malware payload (confidence level: 75%)
hashbd154de4db9a219b756eddfb0eddea6ec10b1e0be6ebc08708eb919fa725de8d	Unknown malware payload (confidence level: 75%)
hash4188f89602c036c38fe155ad68a1dc5c0b6bb7cec17e8cdb80be4e7c357f729e	Unknown malware payload (confidence level: 75%)
hash7bff1241ddba7252cc2c7357b606cd3ec43b7e163a503c299e4817b16a2246c2	Unknown malware payload (confidence level: 75%)
hashdf606f6074f38a8a1709f9114ca01644fd753dbb831bb11559655f57514bf3ce	Unknown malware payload (confidence level: 75%)
hash259b6cb483006335ef9bf5c15632d5e0ba70cb44131ed632d3229bd2f9ad03fc	Unknown malware payload (confidence level: 75%)
hash31679	Unknown malware botnet C2 server (confidence level: 75%)
hashf1bc762a4fe42958cdd16248e28e4b709a4fec3cb6c525449c288254f58ce088	Unknown malware payload (confidence level: 75%)
hash7214788f224a5a3d28dad41ac8a3459463bb99deeb0f27ccb102e7e52dffb3e9	Unknown malware payload (confidence level: 75%)
hashc0706de8a1342f8a1e3832c66dd1c1eaba8396a5cbaa1ba47d2caa180d274db8	Unknown malware payload (confidence level: 75%)
hash28dd67b5397684e59eb37047ef61e20b01178f314b9073946355e8fcc312acd5	Unknown malware payload (confidence level: 75%)
hash871c82dfad063dc69336f053d528604a110fd46809f27851abf23fe1f96058d3	Unknown malware payload (confidence level: 75%)
hashdb1fec34718760b8378bdfb1767a20606dcfdb016cd4569f17f43c1a173edb56	Unknown malware payload (confidence level: 75%)
hash83201235a6e7e38ce418f0b29aae080965371c562b28ddfadf1696b9fc9d141c	Unknown malware payload (confidence level: 75%)
hashd481bf5c7614fb84c2ece90f6fcb3b7d3d5265814e2375efa8fe5343e8d1fd16	Unknown malware payload (confidence level: 25%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash1144	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2405	Remcos botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash443	Remcos botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash4352	Remcos botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash4444	AsyncRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash42969	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80	Brute Ratel C4 botnet C2 server (confidence level: 100%)
hash80	Brute Ratel C4 botnet C2 server (confidence level: 100%)
hash80	MooBot botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	QakBot botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash5544	Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash10250	DeimosC2 botnet C2 server (confidence level: 75%)
hash80	Unknown malware botnet C2 server (confidence level: 50%)
hash80	Unknown malware botnet C2 server (confidence level: 50%)
hash443	Unknown malware botnet C2 server (confidence level: 50%)
hash444	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	QakBot botnet C2 server (confidence level: 75%)
hash9191	Sliver botnet C2 server (confidence level: 75%)
hash443	QakBot botnet C2 server (confidence level: 75%)
hash2078	QakBot botnet C2 server (confidence level: 75%)
hash8128	DeimosC2 botnet C2 server (confidence level: 75%)
hash2002	Meterpreter botnet C2 server (confidence level: 75%)
hash33334	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)

Url

Value	Description	Copy
urlhttp://gdcbghvjyqy7jclk.onion.top/	Unknown malware botnet C2 (confidence level: 75%)
urlhttps://ilongitudde.digital/wizu	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://fansly.ad/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://pastebin.com/raw/mxvfk6sh	XWorm botnet C2 (confidence level: 50%)
urlhttps://5.75.220.172/	Vidar botnet C2 (confidence level: 100%)
urlhttps://5.75.214.250/	Vidar botnet C2 (confidence level: 100%)
urlhttp://rabbitsweek.icu/bik.php	Unknown Loader botnet C2 (confidence level: 100%)
urlhttp://monthmeasure.icu/apri.php	Unknown Loader botnet C2 (confidence level: 100%)
urlhttp://monthmeasure.icu/apr.php	Unknown Loader botnet C2 (confidence level: 100%)
urlhttp://sleepplants.icu/limps.php	Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://armlamp.icu/art.php	Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://1zlatitudert.live/teui	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://apelmerah.top/desk/trust.zip	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://ecoexpanpd.live/tnbz	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://107.173.61.146:8888/supershell/login	Unknown malware botnet C2 (confidence level: 50%)
urlhttps://www.vtmarkets.top/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttp://www.7needsofpatients.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.9cri.accountant/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.aandswholesale.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.adithyavm.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ads-line.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.airmediabda.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.amcmadmen.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.amonlineb.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.animalnooz.info/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.appin.tech/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.bbbav93931.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.bojny.net/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.bufdv.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.cagschools.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.cex.party/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.cirquedumarina.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.counsellingsupervisor.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.cuchilleria.net/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.d55105.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.dondavidaltopalermo.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.doomcrowoffical.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.faraon-beth6.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.freedom100plan.info/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ghyxm.info/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.gmecpn.men/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.goodkindtrue.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.gzsanj.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.hami.link/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.harmonyviolin.win/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.hemalipaterl.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.jennashrivercoaching.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.jinchenjin.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.kimbhoh.info/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.la-forme-matrice.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.lifemindmed.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.lineagro.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.liveoverseasconference.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.mad.foundation/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.michaellobato.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.moneyprime.net/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.myaeh.info/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.mycarefamily.net/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.nostalgicexpress.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.nowgopaint.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.nulunauniversity.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.petal.parts/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.plombierslivrygargan.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rencornachine.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.sanmarinoseries.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.seadragonfob.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.surfbumapparel.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.taylormthomas.net/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.testvmsept07yyyyy.site/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.themodaempire.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.time4beauty-blog.info/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.tuthofilly.info/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.uniqueeyez.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.wamohssurgery.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.wwwvn602.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.wx-newtork.net/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.xn--950bn7a776apfal10cnib.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.xn--bescheidprfung-psb.com/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.yemail.email/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.youngminds.place/s1/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.yuklemeislemi.online/s1l/	Formbook botnet C2 (confidence level: 50%)
urlhttps://www.ishimotors.com/profilelayout	FAKEUPDATES botnet C2 (confidence level: 100%)
urlhttps://api.telegram.org/bot7309095694:aaexfdt7c83fftvgyimcrdzyyxx9okr4q6g/	Agent Tesla botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/kxhntszw	XWorm botnet C2 (confidence level: 50%)
urlhttp://207.244.199.46/	Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://ayzyw.top/nlm/loop.js	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://ayzyw.top/nlm/index.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://ayzyw.top/nlm/sss.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://soficave.com/nlm/loop.js	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://soficave.com/nlm/sss.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://mtowner.com/5t4r.js	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://mtowner.com/4e3r.js	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://mtowner.com/js.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://guitarcars.icu/art.php	Unknown Loader botnet C2 (confidence level: 100%)
urlhttp://factisland.icu/apr.php	Unknown Loader botnet C2 (confidence level: 100%)
urlhttp://factisland.icu/apri.php	Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://gstarofliught.top/wozd	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://cloudflare.eclassexperts.com/	Unknown malware payload delivery URL (confidence level: 50%)

File

Value	Description	Copy
file217.18.210.168	Unknown malware botnet C2 server (confidence level: 50%)
file147.185.221.26	Nanocore RAT botnet C2 server (confidence level: 100%)
file3.66.86.18	Cobalt Strike botnet C2 server (confidence level: 100%)
file196.251.118.128	Cobalt Strike botnet C2 server (confidence level: 100%)
file209.250.246.205	Cobalt Strike botnet C2 server (confidence level: 100%)
file175.27.137.222	Cobalt Strike botnet C2 server (confidence level: 100%)
file106.75.210.106	Cobalt Strike botnet C2 server (confidence level: 100%)
file109.120.137.79	Remcos botnet C2 server (confidence level: 100%)
file54.39.19.186	Remcos botnet C2 server (confidence level: 100%)
file209.200.252.75	Unknown malware botnet C2 server (confidence level: 100%)
file128.90.106.191	AsyncRAT botnet C2 server (confidence level: 100%)
file197.224.239.175	Unknown malware botnet C2 server (confidence level: 100%)
file196.251.87.16	Hook botnet C2 server (confidence level: 100%)
file198.135.52.184	Venom RAT botnet C2 server (confidence level: 100%)
file154.82.66.210	DCRat botnet C2 server (confidence level: 100%)
file14.103.169.65	Cobalt Strike botnet C2 server (confidence level: 75%)
file196.251.72.189	Cobalt Strike botnet C2 server (confidence level: 100%)
file43.133.41.106	Cobalt Strike botnet C2 server (confidence level: 100%)
file185.254.198.90	Sliver botnet C2 server (confidence level: 90%)
file185.146.232.86	Sliver botnet C2 server (confidence level: 90%)
file64.227.140.144	Sliver botnet C2 server (confidence level: 90%)
file66.63.187.252	AsyncRAT botnet C2 server (confidence level: 100%)
file45.81.23.47	AsyncRAT botnet C2 server (confidence level: 100%)
file172.65.164.86	Remcos botnet C2 server (confidence level: 100%)
file173.249.24.35	Sliver botnet C2 server (confidence level: 100%)
file206.188.197.197	Havoc botnet C2 server (confidence level: 100%)
file186.169.63.145	DCRat botnet C2 server (confidence level: 100%)
file27.124.20.217	DCRat botnet C2 server (confidence level: 100%)
file27.124.20.183	DCRat botnet C2 server (confidence level: 100%)
file51.15.194.103	Unknown malware botnet C2 server (confidence level: 100%)
file194.87.190.73	Unknown malware botnet C2 server (confidence level: 100%)
file195.62.48.195	XehookStealer botnet C2 server (confidence level: 100%)
file67.207.73.203	Unknown malware botnet C2 server (confidence level: 100%)
file83.149.93.149	Unknown malware botnet C2 server (confidence level: 100%)
file3.132.156.130	Unknown malware botnet C2 server (confidence level: 100%)
file35.193.71.154	Unknown malware botnet C2 server (confidence level: 100%)
file3.125.210.176	Unknown malware botnet C2 server (confidence level: 100%)
file212.98.168.28	Unknown malware botnet C2 server (confidence level: 100%)
file3.222.229.79	Unknown malware botnet C2 server (confidence level: 100%)
file167.172.161.109	Unknown malware botnet C2 server (confidence level: 100%)
file149.104.30.249	Unknown malware botnet C2 server (confidence level: 100%)
file168.138.12.215	Unknown malware botnet C2 server (confidence level: 100%)
file3.126.146.104	Unknown malware botnet C2 server (confidence level: 100%)
file3.136.93.180	Unknown malware botnet C2 server (confidence level: 100%)
file13.60.92.230	Unknown malware botnet C2 server (confidence level: 100%)
file67.131.59.192	Bashlite botnet C2 server (confidence level: 90%)
file41.226.122.34	QakBot botnet C2 server (confidence level: 100%)
file185.39.19.20	Tofsee botnet C2 server (confidence level: 100%)
file185.39.19.20	Tofsee botnet C2 server (confidence level: 100%)
file185.39.19.20	Tofsee botnet C2 server (confidence level: 100%)
file185.39.19.20	Tofsee botnet C2 server (confidence level: 100%)
file45.136.15.39	Cobalt Strike botnet C2 server (confidence level: 50%)
file101.126.21.197	Cobalt Strike botnet C2 server (confidence level: 50%)
file149.104.11.50	Cobalt Strike botnet C2 server (confidence level: 50%)
file15.223.199.62	BlackShades botnet C2 server (confidence level: 50%)
file13.247.61.156	BlackShades botnet C2 server (confidence level: 50%)
file185.254.198.90	Sliver botnet C2 server (confidence level: 50%)
file185.62.87.191	AsyncRAT botnet C2 server (confidence level: 50%)
file91.81.248.10	Unknown malware botnet C2 server (confidence level: 50%)
file151.80.60.181	Unknown malware botnet C2 server (confidence level: 50%)
file185.39.19.20	Tofsee botnet C2 server (confidence level: 100%)
file185.39.19.20	Tofsee botnet C2 server (confidence level: 100%)
file185.39.19.20	Tofsee botnet C2 server (confidence level: 100%)
file185.39.19.20	Tofsee botnet C2 server (confidence level: 100%)
file185.39.19.20	Tofsee botnet C2 server (confidence level: 100%)
file185.39.19.20	Tofsee botnet C2 server (confidence level: 100%)
file185.39.19.20	Tofsee botnet C2 server (confidence level: 100%)
file5.75.220.172	Vidar botnet C2 server (confidence level: 100%)
file5.75.214.250	Vidar botnet C2 server (confidence level: 100%)
file185.39.19.20	Tofsee botnet C2 server (confidence level: 100%)
file185.39.19.20	Tofsee botnet C2 server (confidence level: 100%)
file110.41.45.6	Cobalt Strike botnet C2 server (confidence level: 100%)
file120.27.10.43	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.237.20.48	Cobalt Strike botnet C2 server (confidence level: 100%)
file39.100.78.155	Cobalt Strike botnet C2 server (confidence level: 100%)
file94.72.104.145	Cobalt Strike botnet C2 server (confidence level: 100%)
file176.65.134.169	Remcos botnet C2 server (confidence level: 75%)
file103.136.43.20	Mirai botnet C2 server (confidence level: 75%)
file123.60.87.158	Cobalt Strike botnet C2 server (confidence level: 100%)
file156.244.9.237	Cobalt Strike botnet C2 server (confidence level: 100%)
file175.27.137.222	Cobalt Strike botnet C2 server (confidence level: 100%)
file196.251.69.26	AsyncRAT botnet C2 server (confidence level: 100%)
file104.245.106.30	AsyncRAT botnet C2 server (confidence level: 100%)
file104.245.106.30	AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.81.249	AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.81.249	AsyncRAT botnet C2 server (confidence level: 100%)
file193.201.9.252	SectopRAT botnet C2 server (confidence level: 100%)
file185.14.92.177	Unknown malware botnet C2 server (confidence level: 100%)
file116.212.185.242	Quasar RAT botnet C2 server (confidence level: 100%)
file47.254.247.118	Havoc botnet C2 server (confidence level: 100%)
file194.59.30.50	Venom RAT botnet C2 server (confidence level: 100%)
file103.251.164.121	Unknown malware botnet C2 server (confidence level: 100%)
file67.207.161.237	XWorm botnet C2 server (confidence level: 75%)
file69.157.7.189	QakBot botnet C2 server (confidence level: 75%)
file185.39.19.20	Tofsee botnet C2 server (confidence level: 100%)
file185.39.19.20	Tofsee botnet C2 server (confidence level: 100%)
file8.137.108.138	Cobalt Strike botnet C2 server (confidence level: 50%)
file192.241.137.101	Cobalt Strike botnet C2 server (confidence level: 50%)
file3.144.188.154	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file54.189.181.127	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file13.232.63.191	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file185.235.178.14	Sliver botnet C2 server (confidence level: 50%)
file94.156.227.204	RedLine Stealer botnet C2 server (confidence level: 50%)
file149.104.29.129	Cobalt Strike botnet C2 server (confidence level: 100%)
file123.249.20.20	Cobalt Strike botnet C2 server (confidence level: 100%)
file123.249.20.20	Cobalt Strike botnet C2 server (confidence level: 100%)
file118.195.189.82	Cobalt Strike botnet C2 server (confidence level: 100%)
file106.75.21.94	Cobalt Strike botnet C2 server (confidence level: 100%)
file101.126.10.97	Cobalt Strike botnet C2 server (confidence level: 100%)
file104.37.4.27	Remcos botnet C2 server (confidence level: 100%)
file109.120.137.86	Remcos botnet C2 server (confidence level: 100%)
file172.94.9.164	Remcos botnet C2 server (confidence level: 100%)
file128.90.113.170	AsyncRAT botnet C2 server (confidence level: 100%)
file115.74.25.138	Venom RAT botnet C2 server (confidence level: 100%)
file86.54.42.245	DCRat botnet C2 server (confidence level: 100%)
file13.38.11.108	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file13.38.11.108	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file107.174.67.215	Cobalt Strike botnet C2 server (confidence level: 75%)
file114.132.180.69	Cobalt Strike botnet C2 server (confidence level: 75%)
file119.29.28.34	Cobalt Strike botnet C2 server (confidence level: 75%)
file193.5.65.115	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.115.223.118	Cobalt Strike botnet C2 server (confidence level: 75%)
file23.146.184.28	FAKEUPDATES botnet C2 server (confidence level: 100%)
file159.203.2.140	Cobalt Strike botnet C2 server (confidence level: 50%)
file39.100.84.28	Cobalt Strike botnet C2 server (confidence level: 50%)
file95.131.202.38	Brute Ratel C4 botnet C2 server (confidence level: 50%)
file212.69.167.73	Brute Ratel C4 botnet C2 server (confidence level: 50%)
file31.172.74.201	Sliver botnet C2 server (confidence level: 50%)
file218.104.52.188	Unknown malware botnet C2 server (confidence level: 50%)
file196.251.115.101	XWorm botnet C2 server (confidence level: 50%)
file142.202.242.184	AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.113.170	AsyncRAT botnet C2 server (confidence level: 100%)
file23.95.106.22	AsyncRAT botnet C2 server (confidence level: 100%)
file102.117.171.208	Unknown malware botnet C2 server (confidence level: 100%)
file213.209.150.170	Quasar RAT botnet C2 server (confidence level: 100%)
file158.180.231.221	Havoc botnet C2 server (confidence level: 100%)
file114.132.94.52	Venom RAT botnet C2 server (confidence level: 100%)
file147.185.221.27	NjRAT botnet C2 server (confidence level: 75%)
file147.185.221.27	NjRAT botnet C2 server (confidence level: 75%)
file35.205.244.23	MimiKatz botnet C2 server (confidence level: 100%)
file154.44.10.82	Cobalt Strike botnet C2 server (confidence level: 75%)
file176.65.134.100	Unknown malware botnet C2 server (confidence level: 75%)
file77.110.116.47	Cobalt Strike botnet C2 server (confidence level: 100%)
file77.110.116.47	Cobalt Strike botnet C2 server (confidence level: 100%)
file31.58.136.13	Cobalt Strike botnet C2 server (confidence level: 100%)
file121.37.217.210	Cobalt Strike botnet C2 server (confidence level: 100%)
file124.71.139.142	Cobalt Strike botnet C2 server (confidence level: 100%)
file120.46.16.37	Cobalt Strike botnet C2 server (confidence level: 100%)
file119.8.108.74	Cobalt Strike botnet C2 server (confidence level: 100%)
file175.27.137.222	Cobalt Strike botnet C2 server (confidence level: 100%)
file107.175.32.184	Remcos botnet C2 server (confidence level: 100%)
file107.174.65.156	Remcos botnet C2 server (confidence level: 100%)
file192.142.0.149	Remcos botnet C2 server (confidence level: 100%)
file172.245.25.184	Remcos botnet C2 server (confidence level: 100%)
file173.214.166.105	Remcos botnet C2 server (confidence level: 100%)
file154.37.213.163	Unknown malware botnet C2 server (confidence level: 100%)
file51.175.8.79	AsyncRAT botnet C2 server (confidence level: 100%)
file164.90.180.58	Unknown malware botnet C2 server (confidence level: 100%)
file143.110.213.30	Unknown malware botnet C2 server (confidence level: 100%)
file65.38.121.128	Unknown malware botnet C2 server (confidence level: 100%)
file164.92.184.73	Unknown malware botnet C2 server (confidence level: 100%)
file18.199.99.219	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file54.250.0.227	Brute Ratel C4 botnet C2 server (confidence level: 100%)
file52.69.244.101	Brute Ratel C4 botnet C2 server (confidence level: 100%)
file191.96.235.70	MooBot botnet C2 server (confidence level: 100%)
file194.233.76.207	Unknown malware botnet C2 server (confidence level: 100%)
file102.159.226.238	QakBot botnet C2 server (confidence level: 75%)
file140.245.122.39	DeimosC2 botnet C2 server (confidence level: 75%)
file107.189.25.246	Cobalt Strike botnet C2 server (confidence level: 50%)
file47.238.140.204	Cobalt Strike botnet C2 server (confidence level: 50%)
file93.113.25.219	Sliver botnet C2 server (confidence level: 50%)
file62.171.170.49	Sliver botnet C2 server (confidence level: 50%)
file47.120.46.210	Sliver botnet C2 server (confidence level: 50%)
file169.55.107.211	DeimosC2 botnet C2 server (confidence level: 75%)
file5.183.95.24	Unknown malware botnet C2 server (confidence level: 50%)
file52.33.227.95	Unknown malware botnet C2 server (confidence level: 50%)
file91.107.227.174	Unknown malware botnet C2 server (confidence level: 50%)
file190.145.78.30	DeimosC2 botnet C2 server (confidence level: 75%)
file191.112.31.229	QakBot botnet C2 server (confidence level: 75%)
file194.163.188.142	Sliver botnet C2 server (confidence level: 75%)
file24.62.238.14	QakBot botnet C2 server (confidence level: 75%)
file69.157.7.189	QakBot botnet C2 server (confidence level: 75%)
file75.2.11.125	DeimosC2 botnet C2 server (confidence level: 75%)
file8.211.157.140	Meterpreter botnet C2 server (confidence level: 75%)
file195.2.75.24	Unknown malware botnet C2 server (confidence level: 100%)
file116.162.153.163	Cobalt Strike botnet C2 server (confidence level: 75%)
file119.8.108.74	Cobalt Strike botnet C2 server (confidence level: 75%)
file120.232.158.114	Cobalt Strike botnet C2 server (confidence level: 75%)
file122.246.30.27	Cobalt Strike botnet C2 server (confidence level: 75%)
file157.148.125.106	Cobalt Strike botnet C2 server (confidence level: 75%)
file202.144.192.24	Cobalt Strike botnet C2 server (confidence level: 75%)
file219.144.88.175	Cobalt Strike botnet C2 server (confidence level: 75%)

Threat ID: 682c7db2e8347ec82d2a48d0

Added to database: 5/20/2025, 1:03:46 PM

Last enriched: 6/19/2025, 3:19:47 PM

Last updated: 8/5/2025, 1:37:18 PM

Related Threats

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2025-04-23

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2025-04-23

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Domain

Hash

Url

File

Related Threats

ThreatFox IOCs for 2025-08-12

Challenge for human and AI reverse engineers

A New Threat Actor Targeting Geopolitical Hotbeds

New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises

Russian-Linked Curly COMrades Deploy New MucorAgent Malware in Europe

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility