ThreatFox IOCs for 2025-04-24
Severity: mediumType: malware
ThreatFox IOCs for 2025-04-24
AI Analysis
Technical Summary
The provided threat intelligence pertains to a malware-related entry titled "ThreatFox IOCs for 2025-04-24," sourced from ThreatFox, an OSINT (Open Source Intelligence) platform. The entry is categorized under OSINT, payload delivery, and network activity, indicating that it involves malware distribution mechanisms and network-based indicators of compromise (IOCs). However, the data lacks specific affected versions, detailed technical indicators, or exploit descriptions. The severity is marked as medium, with no known exploits in the wild and no available patches, suggesting this is either a newly identified threat or a collection of IOCs without active exploitation. The technical details include a threat level of 2 (on an unspecified scale), analysis level 1, and distribution level 3, which may imply moderate dissemination potential but limited analysis depth. The absence of CWEs (Common Weakness Enumerations) and patch information further indicates that this is an intelligence report focused on detection rather than a vulnerability with a direct fix. The lack of indicators in the report limits the ability to perform signature-based detection or behavioral analysis. Overall, this threat appears to be a medium-level malware threat primarily relevant for OSINT and network monitoring teams, emphasizing the importance of monitoring network activity for payload delivery attempts and leveraging updated threat intelligence feeds to detect potential infections.
Potential Impact
For European organizations, the impact of this threat is currently moderate due to the medium severity rating and absence of known active exploits. However, the malware's association with payload delivery and network activity suggests potential risks including unauthorized access, data exfiltration, or lateral movement within networks if successfully deployed. Organizations relying heavily on OSINT tools or those with extensive network exposure may face increased risk. The lack of patches and specific mitigation details means that detection and response capabilities are critical to minimizing impact. If the malware payloads evolve or are integrated into targeted campaigns, critical infrastructure, financial institutions, and government agencies in Europe could experience disruptions, data breaches, or reputational damage. The threat's distribution level indicates a moderate spread, which could affect multiple sectors simultaneously, emphasizing the need for proactive network monitoring and incident response readiness.
Mitigation Recommendations
Integrate ThreatFox and similar OSINT feeds into existing Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to enhance detection of emerging IOCs related to this malware. Conduct regular network traffic analysis focusing on unusual payload delivery patterns or anomalous network activity that could indicate malware distribution attempts. Implement strict network segmentation to limit lateral movement in case of infection, especially isolating critical systems and sensitive data repositories. Enhance endpoint detection and response (EDR) capabilities with behavioral analytics to identify suspicious payload execution even in the absence of known signatures. Train security teams to recognize and respond to early signs of payload delivery attacks, including phishing or spear-phishing campaigns that may serve as initial infection vectors. Maintain up-to-date backups and verify their integrity regularly to ensure rapid recovery if malware leads to data compromise or ransomware scenarios. Collaborate with national and European cybersecurity centers (e.g., ENISA) to share intelligence and receive timely alerts on evolving threats related to this malware.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- hash: e7444b62dcb531132353d3d769f2963e70d146583a3ec94765fee140a4bc11a9
- hash: 37402bbc031a233108bd09776b6143bc3476805557560bb0a61bac966d4b4118
- hash: 24be50c52e97d3a197f9215f390160f3be24cb6325c4f3dd3aed28e93181fc52
- domain: vyzap.icu
- hash: d4b09937bd7dbbd61dc84051a9b96f2c3e3bc10a711473fabc04d460a6f1e5b7
- hash: 7fd4dfb52087b38b35b9728714d903c23e7645737607dd6a4ba44bab99aabb9e
- hash: c49757ac008b2f3e58b76da2a1812e26ef601a809c2622efb353c4fc92e39449
- hash: c5f79bf3a4d68a78dba47934ca6ba12d646d3aa2f45699e3ccd6525726b5803a
- url: https://bpchangeaie.top/geps
- hash: f97280d7fd9ad4077469d8ea85c389af3f57bd79a1c4a6f8cdb4b16bbbc0b270
- domain: vickmarine.com
- url: https://vickmarine.com/3w1s.js
- domain: tc1.easingaffix.site
- domain: mrdltd.com
- url: https://mrdltd.com/5q2g.js
- file: 193.161.193.99
- hash: 56152
- domain: iguanadx.run
- domain: tycok.icu
- hash: 088cf60b3630da9d0b4fa437bfa7b8c6f589262ccfd025dc229be818709dfada
- domain: dealmakerwealthsociety.com
- domain: id.webaudiomessages.xyz
- domain: mansionsnowy.click
- domain: outlook.webaudiomessages.xyz
- domain: airbluefootgear.com
- domain: fastylamberta.click
- domain: react.webaudiomessages.xyz
- domain: walkinsonbeer.click
- url: https://atrandu.lt/wp-content/plugins/wp-automatic/pwlbdv.php?gdqg=q32e
- url: https://crushingthehairbiz.com/wp-content/plugins/wp-automatic/dwyrnb.php?dpf=1kw5q
- url: https://emblemat.com/moszna/wp-content/plugins/resads/mfls.php?id=z3m8addgydqo8tnqiyri
- url: https://www.wearerescue.com/wp-login.php?redirect_to=https%3a%2f%2fwww.wearerescue.com%2fwp-content%2fplugins%2fresads%2fmfls.php%3fid%3dqwspuwlh23twhnr6fmpi&bp-auth=1&action=bpnoaccess
- url: https://setecores.com.br/wp-content/plugins/resads/mfls.php?id=z8gvgx523ii0amyem9qw
- url: http://twizt.net
- hash: 2f16aaee07be96aadaad389ef9fd1f7c3b41352ddafc3ddd4396b1a065e6e5c7
- hash: afa620a74f7689af08e95b979f763260d327e8dd99822e983169d2ce7358e9ae
- hash: 7ad9ed23a91643b517e82ad5740d24eca16bcae21cfe1c0da78ee80e0d1d3f02
- hash: 93d38e4cadaba09d904c7aae90763e8ae3ae76a10a81ee331a365d78b7b123bf
- hash: 07394ab960ab570348b01cd338fab5c62e19bb3e7b1c7e1fc8d54b4980ad4196
- url: https://3piratetwrath.run/ytus
- hash: 26419c804866d6dc84519a441cf24d6e6aec0873baded47b53435c23b3988a8c
- hash: 580e5ed7a6adb244400c5e103ec30808845b08fac5390f1306aace0505c1d56b
- hash: c3ace44f55bc551c095b0a87b7fd6f36b879c7d1b4884a27dfd742e3246710e8
- hash: 1478f3c7bd18975c28b416594ebf0d0f512664cbdd36fa3e6a5a0e52efc06d49
- hash: 9f853270989312dc74fd62d9dbfe7a443d8c2204753bf9133b08c1df88db0844
- hash: ba41d3e87ee762faabcb29295688b73b3c4b600e4b8f58f2b5c65f3870a82d2d
- hash: 3a22118865632de462bb62ae039f12e731cb4994ad73a2d7cb183c91c41e5f99
- domain: lorda.hopto.org
- file: 194.110.247.90
- hash: 15390
- domain: eicp.byxwgimpbwiskniw.info
- domain: geographys.run
- domain: tropiscbs.live
- domain: cartograhphy.top
- domain: biosphxere.digital
- domain: topographky.top
- domain: vigorbridgoe.top
- url: http://gluerrs.com/init1234
- url: http://grodis.cc/init1234
- url: http://kloders.com/init1234
- file: 192.3.118.5
- hash: 2404
- file: 186.169.81.137
- hash: 8888
- file: 154.12.40.188
- hash: 8888
- file: 186.169.81.137
- hash: 9999
- file: 157.66.26.148
- hash: 8888
- file: 164.90.172.49
- hash: 7443
- file: 154.12.16.122
- hash: 19999
- file: 18.224.153.152
- hash: 9999
- file: 3.25.188.83
- hash: 30228
- domain: sso.zalopay.site
- domain: portal.zalopay.site
- file: 23.136.44.116
- hash: 3000
- domain: pepuq.icu
- domain: ginoz.icu
- domain: rocyg.icu
- domain: gubuj.icu
- domain: jahoc.icu
- domain: cdn-credit-d814.101archstreet.workers.dev
- file: 106.55.69.180
- hash: 8888
- file: 185.196.11.181
- hash: 1433
- file: 185.196.11.181
- hash: 80
- file: 81.71.248.248
- hash: 8888
- domain: gutom.icu
- domain: cuxer.icu
- domain: piver.icu
- domain: ecs-116-205-242-143.compute.hwclouds-dns.com
- file: 60.205.183.232
- hash: 4433
- file: 23.146.40.13
- hash: 2086
- file: 111.124.203.18
- hash: 8088
- file: 101.132.91.240
- hash: 80
- file: 51.89.54.13
- hash: 31337
- file: 38.60.199.31
- hash: 8888
- file: 95.129.234.5
- hash: 8808
- file: 107.175.32.184
- hash: 2404
- file: 107.175.32.185
- hash: 2405
- file: 193.56.135.115
- hash: 80
- file: 193.56.135.115
- hash: 443
- file: 193.56.135.115
- hash: 8080
- file: 172.105.213.140
- hash: 4433
- file: 172.105.213.140
- hash: 8888
- file: 45.33.7.49
- hash: 4433
- domain: fallenminer.com
- file: 154.44.10.33
- hash: 60000
- file: 45.76.251.42
- hash: 80
- domain: login.zalopay.site
- domain: account.zalopay.site
- file: 54.37.136.114
- hash: 3333
- file: 172.210.176.139
- hash: 443
- file: 34.211.59.218
- hash: 443
- file: 82.112.244.87
- hash: 3333
- file: 121.40.87.143
- hash: 3333
- file: 18.211.221.99
- hash: 2083
- file: 3.126.234.72
- hash: 443
- file: 128.199.172.144
- hash: 3333
- file: 120.26.234.98
- hash: 3333
- file: 161.97.108.198
- hash: 443
- file: 13.49.225.120
- hash: 3333
- file: 34.16.115.86
- hash: 443
- file: 103.196.155.17
- hash: 8888
- file: 43.203.56.212
- hash: 80
- file: 103.180.165.159
- hash: 3399
- file: 194.87.190.73
- hash: 3333
- file: 146.190.236.178
- hash: 3333
- file: 64.227.181.100
- hash: 3333
- file: 38.47.255.181
- hash: 9999
- file: 18.222.246.200
- hash: 443
- file: 193.57.27.25
- hash: 3333
- file: 3.69.54.234
- hash: 5985
- file: 52.33.244.242
- hash: 80
- file: 47.86.224.163
- hash: 443
- file: 175.41.179.174
- hash: 80
- domain: ndgadfqwywqe.pages.dev
- domain: jjiiiiiiiiijjjj.pages.dev
- domain: flamencobeents.click
- domain: koonenmagaziner.click
- domain: gutenortherad.click
- domain: cdn-app-server.vewojo9572.workers.dev
- domain: hobir.icu
- domain: hylur.icu
- file: 121.43.63.183
- hash: 80
- file: 3.83.247.253
- hash: 444
- file: 44.242.215.251
- hash: 9999
- file: 44.242.215.251
- hash: 5249
- file: 111.229.202.115
- hash: 31337
- file: 196.119.210.163
- hash: 54984
- file: 13.208.161.251
- hash: 2181
- file: 38.60.199.31
- hash: 5000
- url: https://v98acd.ssafileaccess.ru/
- domain: hamditebz-51107.portmap.io
- file: 37.1.207.4
- hash: 1415
- domain: sewektrip.shop
- domain: windows.ddnsguru.com
- file: 31.58.169.193
- hash: 8041
- file: 31.58.169.193
- hash: 443
- file: 166.88.14.137
- hash: 8001
- file: 107.172.146.104
- hash: 7777
- file: 103.117.120.98
- hash: 8000
- url: http://38.60.199.31:5000/supershell/login/
- hash: 5c039bb6b4a517caf6d518138c23749b97504b89bb1afc1235237a105491ccd9
- domain: gyner.icu
- hash: 9a7c0adedc4c68760e49274700218507
- url: https://renkpin.net/zdblmtc4yzkwodk2/
- url: https://lospallos25.com/zdblmtc4yzkwodk2/
- url: https://sinagogdahaham1453.com/zdblmtc4yzkwodk2/
- url: https://santorinotornado5.com/zdblmtc4yzkwodk2/
- url: https://hahohahohoahoa.com/zdblmtc4yzkwodk2/
- domain: tazaz.icu
- url: http://94.158.247.5:8888/supershell/login/
- file: 107.173.191.16
- hash: 80
- file: 43.138.81.232
- hash: 50051
- file: 47.122.55.128
- hash: 8888
- file: 154.219.104.89
- hash: 443
- domain: 185-38-142-128.cprapid.com
- file: 20.89.67.216
- hash: 443
- file: 191.93.113.197
- hash: 9000
- file: 82.223.48.201
- hash: 1433
- file: 18.169.110.44
- hash: 7443
- domain: nationwidedirectlender.org
- file: 47.17.64.199
- hash: 5555
- file: 111.92.242.209
- hash: 5671
- file: 13.208.169.228
- hash: 10260
- file: 54.180.250.167
- hash: 10001
- file: 54.180.250.167
- hash: 27651
- file: 51.68.128.171
- hash: 80
- file: 13.248.204.3
- hash: 10004
- file: 173.207.107.203
- hash: 443
- file: 51.89.54.13
- hash: 8888
- domain: woodpeckersd.run
- domain: wolverineas.top
- url: http://152.36.128.18/cgi-bin/p.cgi?r=72&i=13i915o3fg6i2h12
- url: http://152.36.128.18/cgi-bin/p.cgi?add=aw5mbyb7dqp2nc4wmlzfvw5pedy0dqp1ynvudhuymja0lwftzdy0ltiwmjuwmza3lwvultancg0kmxggqu1eievqwumguhjvy2vzc29ydqoymdexmdcyigtcdqprru1vdqptdgfuzgfyzcbqqybfatq0mezyicsgueljwcwgmtk5nl8ncg0kdqpvynvudhugmjiumdquncbmvfmgjiaymi4wnc40iexuuyaosmftbxkgsmvsbhlmaxnoksagjibib29rd29ybs9zawqgjiancg0kl3vzci9zymlulw0kidiwoji2ojmwihvwidigbwlulcagmsb1c2vylcagbg9hzcbhdmvyywdloiawlje0lcawlja4lcawljazfde3ndu0mzk5otanckxpbnv4ihvidw50dtiymdqtyw1knjqtmjayntazmdctzw4tmca1lje1ljatmta1lwdlbmvyawmgizexns1vynvudhugu01qie1vbibbchigmtugmdk6nti6mdqgvvrdidiwmjqgedg2xzy0ihg4nl82ncb4odzfnjqgr05vl0xpbnv4dqp9dqo_&i=13i915o3fg6i2h12&h=ubuntu2204-amd64-20250307-en-0&enckey=9lmgclpdcswkxflcped0bzkyr8cwp2xu6xue4v4lack3wfgaj2ieuz+lzzu/j4rlz1ehga0hlarqaclmysgcwfsduqjsetappuvjiy1s8rqamz/waa6ak81fi4pv2rsc6tqesyz/bc1tvvbc7tjl/pmr7jmy4wiza0mlaosjv2m=
- domain: fyquc.icu
- domain: timov.icu
- url: https://vickmarine.com/js.php
- url: https://qwlpert.com/srv/log
- domain: qwlpert.com
- domain: lupuj.icu
- file: 43.134.117.243
- hash: 80
- file: 45.136.125.85
- hash: 8080
- file: 66.103.199.102
- hash: 8080
- file: 8.130.111.109
- hash: 80
- file: 101.35.228.105
- hash: 3333
- file: 66.55.77.28
- hash: 8080
- file: 176.65.144.162
- hash: 5222
- file: 188.218.81.203
- hash: 8808
- file: 103.74.100.219
- hash: 8082
- file: 107.172.230.178
- hash: 443
- file: 154.197.69.143
- hash: 7000
- file: 185.208.159.120
- hash: 4444
- file: 86.54.42.245
- hash: 8090
- file: 18.185.239.0
- hash: 2086
- file: 79.133.51.132
- hash: 8443
- file: 37.143.15.110
- hash: 8888
- file: 104.233.210.195
- hash: 8000
- file: 120.27.10.43
- hash: 9999
- domain: pypim.icu
- domain: dvrhelper.anondns.net
- domain: techsupport.anondns.net
- domain: rustbot.anondns.net
- domain: miraisucks.anondns.net
- hash: 76a487a46cfeb94eb5a6290ceffabb923c35befe71a1a3b7b7d67341a40bc454
- hash: 75d031e8faaf3aa0e9cafd5ef0fd7de1a2a80aaa245a9e92bae6433a17f48385
- hash: fbdd5cba193a5e097cd12694efe14a15eb0fc059623f82da6c0bf99cbcfa22f8
- hash: 0dde88e9e5a0670e19c3b3e864de1b6319aaf92989739602e55b494b09873fbe
- hash: 15c9d7a63fa419305d7f2710b63f71cc38178973c0ccf6d437ce8b6feeca4ee1
- hash: 427399864232c6c099f183704b23bff241c7e0de642e9eec66cc56890e8a6304
- hash: 4f0ba25183ecb79a0721037a0ff9452fa8c19448f82943deca01b36555f2cc99
- hash: c0abb19b3a72bd2785e8b567e82300423da672a463eefdeda6dd60872ff0e072
- hash: dae8dae748be54ba0d5785ab27b1fdf42b7e66c48ab19177d4981bcc032cfb1c
- hash: 9f098920613bd0390d6485936256a67ae310b633124cfbf503936904e69a81bf
- hash: e547306d6dee4b5b2b6ce3e989b9713a5c21ebe3fefa0f5c1a1ea37cec37e20f
- hash: b910e77ee686d7d6769fab8cb8f9b17a4609c4e164bb4ed80d9717d9ddad364f
- hash: 44a526f20c592fd95b4f7d61974c6f87701e33776b68a5d0b44ccd2fa3f48c5d
- hash: efb0153047b08aa1876e1e4e97a082f6cb05af75479e1e9069b77d98473a11f4
- hash: 9a9b5bdeb1f23736ceffba623c8950d627a791a0b40c4d44ae2f80e02a43955d
- hash: 5dc90cbb0f69f283ccf52a2a79b3dfe94ee8b3474cf6474cfcbe9f66f245a55d
- hash: b68e2d852ad157fc01da34e11aa24a5ab30845b706d7827b8119a3e648ce2cf1
- hash: 9e660ce74e1bdb0a75293758200b03efd5f807e7896665addb684e0ffb53afd2
- hash: ec9e77f1185f644462305184cf8afcf5d12c7eb524a2d3f4090a658a198c20ce
- hash: 114b460012412411363c9a3ab0246e48a584ce86fc6c0b7855495ec531dd05a1
- hash: 1697fd5230f7f09a7b43fee1a1693013ed98beeb7a182cd3f0393d93dd1b7576
- domain: u1.putdownpopcorn.digital
- domain: vekeq.icu
- url: https://cartograhphy.top/ixau
- url: https://geographys.run/eirq
- url: https://ltropiscbs.live/iuwxx
- url: https://rbiosphxere.digital/tqoa
- url: https://topographky.top/xlak
- url: https://vigorbridgoe.top/banb
- url: https://woodpeckersd.run/glsk
- domain: ui.chnaiuincom.cfd
- domain: usd1g6.cyou
- file: 101.132.91.240
- hash: 443
- file: 112.196.222.13
- hash: 443
- file: 121.43.63.183
- hash: 443
- domain: pybal.icu
- domain: promo.kimmwhite.com
- domain: byqaj.press
- url: https://promo.kimmwhite.com/profilelayout
- file: 166.88.164.240
- hash: 443
- domain: qegyx.press
- domain: hikig.press
- url: https://2hemispherexz.top/xapp
- url: https://3biosphxere.digital/tqoa
- url: https://biosphxere.digital/tqoa
- url: https://edumakerb.digital/gffh
- url: https://igeographys.run/eirq
- url: https://tropiscbs.live/iuwxx
- url: https://yequatorf.run/reiq
- url: http://93.190.143.101:667/ie9compatviewlist.xml
- domain: bobab.press
- domain: penev.press
- file: 1.94.233.201
- hash: 8001
- file: 18.222.49.62
- hash: 3755
- file: 154.26.154.57
- hash: 2404
- file: 34.102.113.135
- hash: 443
- file: 66.55.77.28
- hash: 443
- file: 80.209.243.125
- hash: 15747
- file: 49.12.197.66
- hash: 7443
- file: 115.74.25.138
- hash: 5000
- file: 115.74.25.138
- hash: 5002
- file: 18.144.20.237
- hash: 54443
- file: 18.185.239.0
- hash: 27236
- file: 111.67.206.166
- hash: 808
- domain: cogov.press
- file: 62.60.154.3
- hash: 443
- domain: vezof.press
- file: 193.187.172.163
- hash: 443
- file: 212.34.130.72
- hash: 15072
- file: 77.238.237.190
- hash: 15072
- file: 185.245.106.67
- hash: 15072
- domain: ns.aqjcjss.top
- domain: jsmakert.shop
- url: https://jsmakert.shop/nlm/index.php
- url: https://jsmakert.shop/nlm/sll.php
- url: https://jsmakert.shop/nlm/flex.js
- url: https://umpmfss.top/files/files/autolaunch.zip
- domain: www.ambiopharmconsultingltd.com
- domain: www.ugconsultanceltd.com
- file: 43.248.78.215
- hash: 51200
- domain: badnesspandemic.shop
- url: http://badnesspandemic.shop/up/b
- domain: rcraftstipaddrsrv17.duckdns.org
- file: 120.46.217.53
- hash: 8000
- file: 38.207.176.43
- hash: 80
- file: 179.61.237.133
- hash: 9090
- file: 85.158.108.187
- hash: 40106
- file: 82.24.182.111
- hash: 9090
- file: 152.42.172.255
- hash: 8443
- file: 108.181.218.70
- hash: 8808
- file: 176.65.134.81
- hash: 8808
- file: 102.117.170.93
- hash: 7443
- file: 13.229.27.66
- hash: 80
- file: 8.134.82.30
- hash: 8888
- file: 179.43.186.237
- hash: 8081
- file: 86.54.42.245
- hash: 8080
- file: 45.11.229.230
- hash: 80
- file: 95.216.184.3
- hash: 8080
- domain: ssh.setuap1.sbs
- file: 45.207.210.146
- hash: 55667
- file: 111.229.202.115
- hash: 8888
- file: 141.95.33.218
- hash: 443
- file: 38.60.203.20
- hash: 8088
- file: 2.88.143.171
- hash: 443
- file: 45.197.150.76
- hash: 60000
- file: 51.84.110.214
- hash: 47223
- file: 52.237.80.94
- hash: 40000
- file: 88.237.133.108
- hash: 443
- file: 185.237.206.213
- hash: 8443
- url: https://yvigorbridgoe.top/banb
- domain: u1.spottyscary.top
- url: https://astarofliught.top/wozd
- url: https://4quilltayle.live/gksi
- url: https://rusconfi.run/pokd
- url: https://slliftally.top/xasj
- url: https://4climatologfy.top/kbud
- url: https://netscoute.digital/quwe
- domain: harmonyos.life
- file: 23.146.40.13
- hash: 2082
ThreatFox IOCs for 2025-04-24
Medium
Published: Thu Apr 24 2025 (04/24/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-04-24
AI-Powered Analysis
AILast updated: 06/18/2025, 09:21:23 UTC
Technical Analysis
The provided threat intelligence pertains to a malware-related entry titled "ThreatFox IOCs for 2025-04-24," sourced from ThreatFox, an OSINT (Open Source Intelligence) platform. The entry is categorized under OSINT, payload delivery, and network activity, indicating that it involves malware distribution mechanisms and network-based indicators of compromise (IOCs). However, the data lacks specific affected versions, detailed technical indicators, or exploit descriptions. The severity is marked as medium, with no known exploits in the wild and no available patches, suggesting this is either a newly identified threat or a collection of IOCs without active exploitation. The technical details include a threat level of 2 (on an unspecified scale), analysis level 1, and distribution level 3, which may imply moderate dissemination potential but limited analysis depth. The absence of CWEs (Common Weakness Enumerations) and patch information further indicates that this is an intelligence report focused on detection rather than a vulnerability with a direct fix. The lack of indicators in the report limits the ability to perform signature-based detection or behavioral analysis. Overall, this threat appears to be a medium-level malware threat primarily relevant for OSINT and network monitoring teams, emphasizing the importance of monitoring network activity for payload delivery attempts and leveraging updated threat intelligence feeds to detect potential infections.
Potential Impact
For European organizations, the impact of this threat is currently moderate due to the medium severity rating and absence of known active exploits. However, the malware's association with payload delivery and network activity suggests potential risks including unauthorized access, data exfiltration, or lateral movement within networks if successfully deployed. Organizations relying heavily on OSINT tools or those with extensive network exposure may face increased risk. The lack of patches and specific mitigation details means that detection and response capabilities are critical to minimizing impact. If the malware payloads evolve or are integrated into targeted campaigns, critical infrastructure, financial institutions, and government agencies in Europe could experience disruptions, data breaches, or reputational damage. The threat's distribution level indicates a moderate spread, which could affect multiple sectors simultaneously, emphasizing the need for proactive network monitoring and incident response readiness.
Mitigation Recommendations
Integrate ThreatFox and similar OSINT feeds into existing Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to enhance detection of emerging IOCs related to this malware. Conduct regular network traffic analysis focusing on unusual payload delivery patterns or anomalous network activity that could indicate malware distribution attempts. Implement strict network segmentation to limit lateral movement in case of infection, especially isolating critical systems and sensitive data repositories. Enhance endpoint detection and response (EDR) capabilities with behavioral analytics to identify suspicious payload execution even in the absence of known signatures. Train security teams to recognize and respond to early signs of payload delivery attacks, including phishing or spear-phishing campaigns that may serve as initial infection vectors. Maintain up-to-date backups and verify their integrity regularly to ensure rapid recovery if malware leads to data compromise or ransomware scenarios. Collaborate with national and European cybersecurity centers (e.g., ENISA) to share intelligence and receive timely alerts on evolving threats related to this malware.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- ff888623-e2fc-4b32-822a-0eb0707790bc
- Original Timestamp
- 1745539387
Indicators of Compromise
Hash
| Value | Description | Copy |
|---|---|---|
hashe7444b62dcb531132353d3d769f2963e70d146583a3ec94765fee140a4bc11a9 | Unknown malware payload (confidence level: 75%) | |
hash37402bbc031a233108bd09776b6143bc3476805557560bb0a61bac966d4b4118 | Unknown malware payload (confidence level: 50%) | |
hash24be50c52e97d3a197f9215f390160f3be24cb6325c4f3dd3aed28e93181fc52 | Unknown malware payload (confidence level: 100%) | |
hashd4b09937bd7dbbd61dc84051a9b96f2c3e3bc10a711473fabc04d460a6f1e5b7 | Unknown malware payload (confidence level: 25%) | |
hash7fd4dfb52087b38b35b9728714d903c23e7645737607dd6a4ba44bab99aabb9e | Unknown malware payload (confidence level: 75%) | |
hashc49757ac008b2f3e58b76da2a1812e26ef601a809c2622efb353c4fc92e39449 | Unknown malware payload (confidence level: 75%) | |
hashc5f79bf3a4d68a78dba47934ca6ba12d646d3aa2f45699e3ccd6525726b5803a | Unknown malware payload (confidence level: 75%) | |
hashf97280d7fd9ad4077469d8ea85c389af3f57bd79a1c4a6f8cdb4b16bbbc0b270 | Unknown malware payload (confidence level: 50%) | |
hash56152 | NjRAT botnet C2 server (confidence level: 75%) | |
hash088cf60b3630da9d0b4fa437bfa7b8c6f589262ccfd025dc229be818709dfada | Unknown malware payload (confidence level: 75%) | |
hash2f16aaee07be96aadaad389ef9fd1f7c3b41352ddafc3ddd4396b1a065e6e5c7 | Unknown malware payload (confidence level: 50%) | |
hashafa620a74f7689af08e95b979f763260d327e8dd99822e983169d2ce7358e9ae | Unknown malware payload (confidence level: 75%) | |
hash7ad9ed23a91643b517e82ad5740d24eca16bcae21cfe1c0da78ee80e0d1d3f02 | Unknown malware payload (confidence level: 75%) | |
hash93d38e4cadaba09d904c7aae90763e8ae3ae76a10a81ee331a365d78b7b123bf | Unknown malware payload (confidence level: 75%) | |
hash07394ab960ab570348b01cd338fab5c62e19bb3e7b1c7e1fc8d54b4980ad4196 | Unknown malware payload (confidence level: 75%) | |
hash26419c804866d6dc84519a441cf24d6e6aec0873baded47b53435c23b3988a8c | Unknown malware payload (confidence level: 50%) | |
hash580e5ed7a6adb244400c5e103ec30808845b08fac5390f1306aace0505c1d56b | Unknown malware payload (confidence level: 75%) | |
hashc3ace44f55bc551c095b0a87b7fd6f36b879c7d1b4884a27dfd742e3246710e8 | Unknown malware payload (confidence level: 25%) | |
hash1478f3c7bd18975c28b416594ebf0d0f512664cbdd36fa3e6a5a0e52efc06d49 | Unknown malware payload (confidence level: 75%) | |
hash9f853270989312dc74fd62d9dbfe7a443d8c2204753bf9133b08c1df88db0844 | Unknown malware payload (confidence level: 100%) | |
hashba41d3e87ee762faabcb29295688b73b3c4b600e4b8f58f2b5c65f3870a82d2d | Unknown malware payload (confidence level: 75%) | |
hash3a22118865632de462bb62ae039f12e731cb4994ad73a2d7cb183c91c41e5f99 | Unknown malware payload (confidence level: 75%) | |
hash15390 | Mirai botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9999 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash19999 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash9999 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash30228 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash3000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash1433 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2086 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 90%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2405 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4433 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4433 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Sliver botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2083 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3399 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9999 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5985 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash444 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash9999 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash5249 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash54984 | Nanocore RAT botnet C2 server (confidence level: 50%) | |
hash2181 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash5000 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash1415 | Remcos botnet C2 server (confidence level: 50%) | |
hash8041 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5c039bb6b4a517caf6d518138c23749b97504b89bb1afc1235237a105491ccd9 | Unknown malware payload (confidence level: 75%) | |
hash9a7c0adedc4c68760e49274700218507 | Unknown malware payload (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50051 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash9000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1433 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5555 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash5671 | DCRat botnet C2 server (confidence level: 100%) | |
hash10260 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash10001 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash27651 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash10004 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3333 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash7000 | DCRat botnet C2 server (confidence level: 100%) | |
hash4444 | DCRat botnet C2 server (confidence level: 100%) | |
hash8090 | DCRat botnet C2 server (confidence level: 100%) | |
hash2086 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash8000 | xmrig botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash76a487a46cfeb94eb5a6290ceffabb923c35befe71a1a3b7b7d67341a40bc454 | Mirai payload (confidence level: 100%) | |
hash75d031e8faaf3aa0e9cafd5ef0fd7de1a2a80aaa245a9e92bae6433a17f48385 | Mirai payload (confidence level: 100%) | |
hashfbdd5cba193a5e097cd12694efe14a15eb0fc059623f82da6c0bf99cbcfa22f8 | Mirai payload (confidence level: 100%) | |
hash0dde88e9e5a0670e19c3b3e864de1b6319aaf92989739602e55b494b09873fbe | Mirai payload (confidence level: 100%) | |
hash15c9d7a63fa419305d7f2710b63f71cc38178973c0ccf6d437ce8b6feeca4ee1 | Mirai payload (confidence level: 100%) | |
hash427399864232c6c099f183704b23bff241c7e0de642e9eec66cc56890e8a6304 | Mirai payload (confidence level: 100%) | |
hash4f0ba25183ecb79a0721037a0ff9452fa8c19448f82943deca01b36555f2cc99 | Mirai payload (confidence level: 100%) | |
hashc0abb19b3a72bd2785e8b567e82300423da672a463eefdeda6dd60872ff0e072 | Mirai payload (confidence level: 100%) | |
hashdae8dae748be54ba0d5785ab27b1fdf42b7e66c48ab19177d4981bcc032cfb1c | Mirai payload (confidence level: 100%) | |
hash9f098920613bd0390d6485936256a67ae310b633124cfbf503936904e69a81bf | Mirai payload (confidence level: 100%) | |
hashe547306d6dee4b5b2b6ce3e989b9713a5c21ebe3fefa0f5c1a1ea37cec37e20f | Mirai payload (confidence level: 100%) | |
hashb910e77ee686d7d6769fab8cb8f9b17a4609c4e164bb4ed80d9717d9ddad364f | Mirai payload (confidence level: 100%) | |
hash44a526f20c592fd95b4f7d61974c6f87701e33776b68a5d0b44ccd2fa3f48c5d | Mirai payload (confidence level: 100%) | |
hashefb0153047b08aa1876e1e4e97a082f6cb05af75479e1e9069b77d98473a11f4 | Mirai payload (confidence level: 100%) | |
hash9a9b5bdeb1f23736ceffba623c8950d627a791a0b40c4d44ae2f80e02a43955d | Mirai payload (confidence level: 100%) | |
hash5dc90cbb0f69f283ccf52a2a79b3dfe94ee8b3474cf6474cfcbe9f66f245a55d | Mirai payload (confidence level: 100%) | |
hashb68e2d852ad157fc01da34e11aa24a5ab30845b706d7827b8119a3e648ce2cf1 | Mirai payload (confidence level: 100%) | |
hash9e660ce74e1bdb0a75293758200b03efd5f807e7896665addb684e0ffb53afd2 | Mirai payload (confidence level: 100%) | |
hashec9e77f1185f644462305184cf8afcf5d12c7eb524a2d3f4090a658a198c20ce | Mirai payload (confidence level: 100%) | |
hash114b460012412411363c9a3ab0246e48a584ce86fc6c0b7855495ec531dd05a1 | Mirai payload (confidence level: 100%) | |
hash1697fd5230f7f09a7b43fee1a1693013ed98beeb7a182cd3f0393d93dd1b7576 | Mirai payload (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
hash8001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3755 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash15747 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash5002 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash54443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash27236 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash808 | Kaiji botnet C2 server (confidence level: 100%) | |
hash443 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
hash443 | GhostSocks botnet C2 server (confidence level: 100%) | |
hash15072 | GhostSocks botnet C2 server (confidence level: 100%) | |
hash15072 | GhostSocks botnet C2 server (confidence level: 100%) | |
hash15072 | GhostSocks botnet C2 server (confidence level: 100%) | |
hash51200 | lightSpy botnet C2 server (confidence level: 100%) | |
hash8000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9090 | Remcos botnet C2 server (confidence level: 100%) | |
hash40106 | Remcos botnet C2 server (confidence level: 100%) | |
hash9090 | Remcos botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8888 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8081 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8080 | DCRat botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash8080 | Chaos botnet C2 server (confidence level: 100%) | |
hash55667 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8088 | DOPLUGS botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash47223 | NetSupportManager RAT botnet C2 server (confidence level: 75%) | |
hash40000 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash8443 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash2082 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainvyzap.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainvickmarine.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaintc1.easingaffix.site | ClearFake payload delivery domain (confidence level: 100%) | |
domainmrdltd.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainiguanadx.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintycok.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaindealmakerwealthsociety.com | FAKEUPDATES payload delivery domain (confidence level: 90%) | |
domainid.webaudiomessages.xyz | Unknown Loader payload delivery domain (confidence level: 100%) | |
domainmansionsnowy.click | Unknown Loader payload delivery domain (confidence level: 100%) | |
domainoutlook.webaudiomessages.xyz | Unknown Loader payload delivery domain (confidence level: 100%) | |
domainairbluefootgear.com | FAKEUPDATES payload delivery domain (confidence level: 90%) | |
domainfastylamberta.click | Unknown Loader payload delivery domain (confidence level: 100%) | |
domainreact.webaudiomessages.xyz | Unknown Loader payload delivery domain (confidence level: 100%) | |
domainwalkinsonbeer.click | Unknown Loader payload delivery domain (confidence level: 100%) | |
domainlorda.hopto.org | Mirai botnet C2 domain (confidence level: 100%) | |
domaineicp.byxwgimpbwiskniw.info | Mirai botnet C2 domain (confidence level: 100%) | |
domaingeographys.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintropiscbs.live | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincartograhphy.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbiosphxere.digital | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintopographky.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainvigorbridgoe.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsso.zalopay.site | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainportal.zalopay.site | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainpepuq.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainginoz.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainrocyg.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaingubuj.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainjahoc.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincdn-credit-d814.101archstreet.workers.dev | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaingutom.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincuxer.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainpiver.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainecs-116-205-242-143.compute.hwclouds-dns.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainfallenminer.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainlogin.zalopay.site | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainaccount.zalopay.site | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainndgadfqwywqe.pages.dev | ClearFake payload delivery domain (confidence level: 100%) | |
domainjjiiiiiiiiijjjj.pages.dev | ClearFake payload delivery domain (confidence level: 100%) | |
domainflamencobeents.click | Unknown Loader payload delivery domain (confidence level: 100%) | |
domainkoonenmagaziner.click | Unknown Loader payload delivery domain (confidence level: 100%) | |
domaingutenortherad.click | Unknown Loader payload delivery domain (confidence level: 100%) | |
domaincdn-app-server.vewojo9572.workers.dev | SMOKEDHAM botnet C2 domain (confidence level: 100%) | |
domainhobir.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainhylur.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainhamditebz-51107.portmap.io | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainsewektrip.shop | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainwindows.ddnsguru.com | Unknown malware botnet C2 domain (confidence level: 50%) | |
domaingyner.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaintazaz.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domain185-38-142-128.cprapid.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainnationwidedirectlender.org | Hook botnet C2 domain (confidence level: 100%) | |
domainwoodpeckersd.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwolverineas.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfyquc.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaintimov.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainqwlpert.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainlupuj.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainpypim.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaindvrhelper.anondns.net | Mirai botnet C2 domain (confidence level: 100%) | |
domaintechsupport.anondns.net | Mirai botnet C2 domain (confidence level: 100%) | |
domainrustbot.anondns.net | Mirai botnet C2 domain (confidence level: 100%) | |
domainmiraisucks.anondns.net | Mirai botnet C2 domain (confidence level: 100%) | |
domainu1.putdownpopcorn.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainvekeq.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainui.chnaiuincom.cfd | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainusd1g6.cyou | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainpybal.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainpromo.kimmwhite.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainbyqaj.press | ClearFake payload delivery domain (confidence level: 100%) | |
domainqegyx.press | ClearFake payload delivery domain (confidence level: 100%) | |
domainhikig.press | ClearFake payload delivery domain (confidence level: 100%) | |
domainbobab.press | ClearFake payload delivery domain (confidence level: 100%) | |
domainpenev.press | ClearFake payload delivery domain (confidence level: 100%) | |
domaincogov.press | ClearFake payload delivery domain (confidence level: 100%) | |
domainvezof.press | ClearFake payload delivery domain (confidence level: 100%) | |
domainns.aqjcjss.top | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainjsmakert.shop | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainwww.ambiopharmconsultingltd.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainwww.ugconsultanceltd.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainbadnesspandemic.shop | ACR Stealer botnet C2 domain (confidence level: 100%) | |
domainrcraftstipaddrsrv17.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domainssh.setuap1.sbs | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainu1.spottyscary.top | ClearFake botnet C2 domain (confidence level: 100%) | |
domainharmonyos.life | Cobalt Strike botnet C2 domain (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://bpchangeaie.top/geps | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://vickmarine.com/3w1s.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://mrdltd.com/5q2g.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://atrandu.lt/wp-content/plugins/wp-automatic/pwlbdv.php?gdqg=q32e | Latrodectus payload delivery URL (confidence level: 95%) | |
urlhttps://crushingthehairbiz.com/wp-content/plugins/wp-automatic/dwyrnb.php?dpf=1kw5q | Latrodectus payload delivery URL (confidence level: 95%) | |
urlhttps://emblemat.com/moszna/wp-content/plugins/resads/mfls.php?id=z3m8addgydqo8tnqiyri | Latrodectus payload delivery URL (confidence level: 95%) | |
urlhttps://www.wearerescue.com/wp-login.php?redirect_to=https%3a%2f%2fwww.wearerescue.com%2fwp-content%2fplugins%2fresads%2fmfls.php%3fid%3dqwspuwlh23twhnr6fmpi&bp-auth=1&action=bpnoaccess | Latrodectus payload delivery URL (confidence level: 95%) | |
urlhttps://setecores.com.br/wp-content/plugins/resads/mfls.php?id=z8gvgx523ii0amyem9qw | Latrodectus payload delivery URL (confidence level: 95%) | |
urlhttp://twizt.net | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://3piratetwrath.run/ytus | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://gluerrs.com/init1234 | Unknown RAT botnet C2 (confidence level: 100%) | |
urlhttp://grodis.cc/init1234 | Unknown RAT botnet C2 (confidence level: 100%) | |
urlhttp://kloders.com/init1234 | Unknown RAT botnet C2 (confidence level: 100%) | |
urlhttps://v98acd.ssafileaccess.ru/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttp://38.60.199.31:5000/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://renkpin.net/zdblmtc4yzkwodk2/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://lospallos25.com/zdblmtc4yzkwodk2/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://sinagogdahaham1453.com/zdblmtc4yzkwodk2/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://santorinotornado5.com/zdblmtc4yzkwodk2/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://hahohahohoahoa.com/zdblmtc4yzkwodk2/ | Coper botnet C2 (confidence level: 80%) | |
urlhttp://94.158.247.5:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://152.36.128.18/cgi-bin/p.cgi?r=72&i=13i915o3fg6i2h12 | Prometei botnet C2 (confidence level: 100%) | |
urlhttp://152.36.128.18/cgi-bin/p.cgi?add=aw5mbyb7dqp2nc4wmlzfvw5pedy0dqp1ynvudhuymja0lwftzdy0ltiwmjuwmza3lwvultancg0kmxggqu1eievqwumguhjvy2vzc29ydqoymdexmdcyigtcdqprru1vdqptdgfuzgfyzcbqqybfatq0mezyicsgueljwcwgmtk5nl8ncg0kdqpvynvudhugmjiumdquncbmvfmgjiaymi4wnc40iexuuyaosmftbxkgsmvsbhlmaxnoksagjibib29rd29ybs9zawqgjiancg0kl3vzci9zymlulw0kidiwoji2ojmwihvwidigbwlulcagmsb1c2vylcagbg9hzcbhdmvyywdloiawlje0lcawlja4lcawljazfde3ndu0mzk5otanckxpbnv4ihvidw50dtiymdqtyw1knjqtmjayntazmdctzw4tmca1lje1ljatmta1lwdlbmvyawmgizexns1vynvudhugu01qie1vbibbchigmtugmdk6nti6mdqgvvrdidiwmjqgedg2xzy0ihg4nl82ncb4odzfnjqgr05vl0xpbnv4dqp9dqo_&i=13i915o3fg6i2h12&h=ubuntu2204-amd64-20250307-en-0&enckey=9lmgclpdcswkxflcped0bzkyr8cwp2xu6xue4v4lack3wfgaj2ieuz+lzzu/j4rlz1ehga0hlarqaclmysgcwfsduqjsetappuvjiy1s8rqamz/waa6ak81fi4pv2rsc6tqesyz/bc1tvvbc7tjl/pmr7jmy4wiza0mlaosjv2m= | Prometei botnet C2 (confidence level: 100%) | |
urlhttps://vickmarine.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://qwlpert.com/srv/log | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://cartograhphy.top/ixau | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://geographys.run/eirq | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ltropiscbs.live/iuwxx | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://rbiosphxere.digital/tqoa | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://topographky.top/xlak | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://vigorbridgoe.top/banb | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://woodpeckersd.run/glsk | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://promo.kimmwhite.com/profilelayout | FAKEUPDATES botnet C2 (confidence level: 100%) | |
urlhttps://2hemispherexz.top/xapp | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://3biosphxere.digital/tqoa | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://biosphxere.digital/tqoa | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://edumakerb.digital/gffh | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://igeographys.run/eirq | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://tropiscbs.live/iuwxx | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://yequatorf.run/reiq | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://93.190.143.101:667/ie9compatviewlist.xml | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttps://jsmakert.shop/nlm/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://jsmakert.shop/nlm/sll.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://jsmakert.shop/nlm/flex.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://umpmfss.top/files/files/autolaunch.zip | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://badnesspandemic.shop/up/b | ACR Stealer botnet C2 (confidence level: 100%) | |
urlhttps://yvigorbridgoe.top/banb | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://astarofliught.top/wozd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://4quilltayle.live/gksi | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://rusconfi.run/pokd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://slliftally.top/xasj | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://4climatologfy.top/kbud | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://netscoute.digital/quwe | Lumma Stealer botnet C2 (confidence level: 75%) |
File
| Value | Description | Copy |
|---|---|---|
file193.161.193.99 | NjRAT botnet C2 server (confidence level: 75%) | |
file194.110.247.90 | Mirai botnet C2 server (confidence level: 100%) | |
file192.3.118.5 | Remcos botnet C2 server (confidence level: 100%) | |
file186.169.81.137 | Remcos botnet C2 server (confidence level: 100%) | |
file154.12.40.188 | Unknown malware botnet C2 server (confidence level: 100%) | |
file186.169.81.137 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file157.66.26.148 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file164.90.172.49 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.12.16.122 | Venom RAT botnet C2 server (confidence level: 100%) | |
file18.224.153.152 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file3.25.188.83 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file23.136.44.116 | Unknown malware botnet C2 server (confidence level: 100%) | |
file106.55.69.180 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file185.196.11.181 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file185.196.11.181 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file81.71.248.248 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file60.205.183.232 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.146.40.13 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.124.203.18 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.132.91.240 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file51.89.54.13 | Sliver botnet C2 server (confidence level: 90%) | |
file38.60.199.31 | Unknown malware botnet C2 server (confidence level: 100%) | |
file95.129.234.5 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file107.175.32.184 | Remcos botnet C2 server (confidence level: 100%) | |
file107.175.32.185 | Remcos botnet C2 server (confidence level: 100%) | |
file193.56.135.115 | Unknown malware botnet C2 server (confidence level: 100%) | |
file193.56.135.115 | Unknown malware botnet C2 server (confidence level: 100%) | |
file193.56.135.115 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.105.213.140 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.105.213.140 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.33.7.49 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.44.10.33 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.76.251.42 | Sliver botnet C2 server (confidence level: 100%) | |
file54.37.136.114 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.210.176.139 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.211.59.218 | Unknown malware botnet C2 server (confidence level: 100%) | |
file82.112.244.87 | Unknown malware botnet C2 server (confidence level: 100%) | |
file121.40.87.143 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.211.221.99 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.126.234.72 | Unknown malware botnet C2 server (confidence level: 100%) | |
file128.199.172.144 | Unknown malware botnet C2 server (confidence level: 100%) | |
file120.26.234.98 | Unknown malware botnet C2 server (confidence level: 100%) | |
file161.97.108.198 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.49.225.120 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.16.115.86 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.196.155.17 | Unknown malware botnet C2 server (confidence level: 100%) | |
file43.203.56.212 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.180.165.159 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.87.190.73 | Unknown malware botnet C2 server (confidence level: 100%) | |
file146.190.236.178 | Unknown malware botnet C2 server (confidence level: 100%) | |
file64.227.181.100 | Unknown malware botnet C2 server (confidence level: 100%) | |
file38.47.255.181 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.222.246.200 | Unknown malware botnet C2 server (confidence level: 100%) | |
file193.57.27.25 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.69.54.234 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file52.33.244.242 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.86.224.163 | Unknown malware botnet C2 server (confidence level: 100%) | |
file175.41.179.174 | MimiKatz botnet C2 server (confidence level: 100%) | |
file121.43.63.183 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file3.83.247.253 | Unknown malware botnet C2 server (confidence level: 50%) | |
file44.242.215.251 | Unknown malware botnet C2 server (confidence level: 50%) | |
file44.242.215.251 | Unknown malware botnet C2 server (confidence level: 50%) | |
file111.229.202.115 | Sliver botnet C2 server (confidence level: 50%) | |
file196.119.210.163 | Nanocore RAT botnet C2 server (confidence level: 50%) | |
file13.208.161.251 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file38.60.199.31 | Unknown malware botnet C2 server (confidence level: 50%) | |
file37.1.207.4 | Remcos botnet C2 server (confidence level: 50%) | |
file31.58.169.193 | Unknown malware botnet C2 server (confidence level: 50%) | |
file31.58.169.193 | Unknown malware botnet C2 server (confidence level: 50%) | |
file166.88.14.137 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.172.146.104 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.117.120.98 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.173.191.16 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.138.81.232 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.122.55.128 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.219.104.89 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file20.89.67.216 | Sliver botnet C2 server (confidence level: 100%) | |
file191.93.113.197 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file82.223.48.201 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file18.169.110.44 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.17.64.199 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file111.92.242.209 | DCRat botnet C2 server (confidence level: 100%) | |
file13.208.169.228 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file54.180.250.167 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file54.180.250.167 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file51.68.128.171 | MooBot botnet C2 server (confidence level: 100%) | |
file13.248.204.3 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file173.207.107.203 | QakBot botnet C2 server (confidence level: 75%) | |
file51.89.54.13 | Sliver botnet C2 server (confidence level: 75%) | |
file43.134.117.243 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.136.125.85 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file66.103.199.102 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.130.111.109 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.35.228.105 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file66.55.77.28 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file176.65.144.162 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file188.218.81.203 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file103.74.100.219 | Hook botnet C2 server (confidence level: 100%) | |
file107.172.230.178 | Havoc botnet C2 server (confidence level: 100%) | |
file154.197.69.143 | DCRat botnet C2 server (confidence level: 100%) | |
file185.208.159.120 | DCRat botnet C2 server (confidence level: 100%) | |
file86.54.42.245 | DCRat botnet C2 server (confidence level: 100%) | |
file18.185.239.0 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file79.133.51.132 | Unknown malware botnet C2 server (confidence level: 100%) | |
file37.143.15.110 | MimiKatz botnet C2 server (confidence level: 100%) | |
file104.233.210.195 | xmrig botnet C2 server (confidence level: 100%) | |
file120.27.10.43 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.132.91.240 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file112.196.222.13 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file121.43.63.183 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file166.88.164.240 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
file1.94.233.201 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file18.222.49.62 | Remcos botnet C2 server (confidence level: 100%) | |
file154.26.154.57 | Remcos botnet C2 server (confidence level: 100%) | |
file34.102.113.135 | Sliver botnet C2 server (confidence level: 100%) | |
file66.55.77.28 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file80.209.243.125 | SectopRAT botnet C2 server (confidence level: 100%) | |
file49.12.197.66 | Unknown malware botnet C2 server (confidence level: 100%) | |
file115.74.25.138 | Venom RAT botnet C2 server (confidence level: 100%) | |
file115.74.25.138 | Venom RAT botnet C2 server (confidence level: 100%) | |
file18.144.20.237 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file18.185.239.0 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file111.67.206.166 | Kaiji botnet C2 server (confidence level: 100%) | |
file62.60.154.3 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
file193.187.172.163 | GhostSocks botnet C2 server (confidence level: 100%) | |
file212.34.130.72 | GhostSocks botnet C2 server (confidence level: 100%) | |
file77.238.237.190 | GhostSocks botnet C2 server (confidence level: 100%) | |
file185.245.106.67 | GhostSocks botnet C2 server (confidence level: 100%) | |
file43.248.78.215 | lightSpy botnet C2 server (confidence level: 100%) | |
file120.46.217.53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.207.176.43 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file179.61.237.133 | Remcos botnet C2 server (confidence level: 100%) | |
file85.158.108.187 | Remcos botnet C2 server (confidence level: 100%) | |
file82.24.182.111 | Remcos botnet C2 server (confidence level: 100%) | |
file152.42.172.255 | Sliver botnet C2 server (confidence level: 100%) | |
file108.181.218.70 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file176.65.134.81 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file102.117.170.93 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.229.27.66 | Hook botnet C2 server (confidence level: 100%) | |
file8.134.82.30 | Venom RAT botnet C2 server (confidence level: 100%) | |
file179.43.186.237 | Venom RAT botnet C2 server (confidence level: 100%) | |
file86.54.42.245 | DCRat botnet C2 server (confidence level: 100%) | |
file45.11.229.230 | MooBot botnet C2 server (confidence level: 100%) | |
file95.216.184.3 | Chaos botnet C2 server (confidence level: 100%) | |
file45.207.210.146 | Unknown malware botnet C2 server (confidence level: 100%) | |
file111.229.202.115 | Sliver botnet C2 server (confidence level: 75%) | |
file141.95.33.218 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file38.60.203.20 | DOPLUGS botnet C2 server (confidence level: 100%) | |
file2.88.143.171 | QakBot botnet C2 server (confidence level: 75%) | |
file45.197.150.76 | Unknown malware botnet C2 server (confidence level: 75%) | |
file51.84.110.214 | NetSupportManager RAT botnet C2 server (confidence level: 75%) | |
file52.237.80.94 | Unknown malware botnet C2 server (confidence level: 75%) | |
file88.237.133.108 | QakBot botnet C2 server (confidence level: 75%) | |
file185.237.206.213 | Meterpreter botnet C2 server (confidence level: 75%) | |
file23.146.40.13 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Threat ID: 682acdc2bbaf20d303f181bb
Added to database: 5/19/2025, 6:20:50 AM
Last enriched: 6/18/2025, 9:21:23 AM
Last updated: 8/11/2025, 9:31:34 PM
Views: 28
Related Threats
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumMalwareFri Aug 15 2025
Kawabunga, Dude, You've Been Ransomed!
MediumMalwareFri Aug 15 2025
ERMAC V3.0 Banking Trojan: Full Source Code Leak and Infrastructure Analysis
MediumMalwareFri Aug 15 2025
Threat Bulletin: Fire in the Woods – A New Variant of FireWood
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.