ThreatFox IOCs for 2025-04-26
Severity: mediumType: malware
ThreatFox IOCs for 2025-04-26
AI Analysis
Technical Summary
The provided information pertains to a malware threat identified as 'ThreatFox IOCs for 2025-04-26,' sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) related to various cyber threats. The threat is categorized under 'malware' with a medium severity rating and is tagged as 'type:osint' and 'tlp:white,' indicating that the information is openly shareable and relates to open-source intelligence. There are no specific affected product versions or CWE identifiers listed, and no known exploits in the wild have been reported at the time of publication. The technical details include a threat level of 2, an analysis rating of 1, and a distribution rating of 3, suggesting moderate threat presence and distribution. However, the absence of detailed technical indicators, such as malware behavior, infection vectors, or payload specifics, limits the depth of technical analysis. The threat appears to be a collection or update of IOCs rather than a single exploit or malware strain, implying it may be used to detect or track malicious activities rather than representing a direct attack vector itself. The lack of patch links and affected versions further supports that this is an intelligence update rather than a vulnerability or exploit targeting specific software.
Potential Impact
Given the nature of this threat as an IOC update related to malware, the direct impact on European organizations is primarily in the domain of threat detection and situational awareness rather than immediate compromise. Organizations that integrate ThreatFox IOCs into their security monitoring tools can enhance their ability to detect and respond to malware-related activities. However, without specific exploit details or active campaigns, the immediate risk of infection or breach is low. The medium severity rating suggests that while the threat is not currently critical, it warrants attention to prevent potential future exploitation. European organizations relying on OSINT feeds for threat intelligence will benefit from incorporating these IOCs to improve their detection capabilities. Failure to do so might result in delayed identification of malware infections or related malicious activities, potentially impacting confidentiality, integrity, or availability if the underlying malware is activated. The absence of known exploits in the wild reduces the urgency but does not eliminate the need for vigilance, especially in sectors with high-value targets such as finance, critical infrastructure, and government.
Mitigation Recommendations
1. Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities. 2. Regularly update threat intelligence feeds to ensure the latest IOCs are available for correlation and alerting. 3. Conduct proactive threat hunting exercises using the provided IOCs to identify any latent or undetected malware presence within the network. 4. Enhance network segmentation and implement strict access controls to limit malware propagation if detected. 5. Train security operations teams to recognize and respond to alerts generated by these IOCs promptly. 6. Collaborate with national and European cybersecurity centers (e.g., ENISA) to share findings and receive contextual threat intelligence. 7. Since no patches are associated, focus on detection and response rather than patch management for this specific threat. 8. Maintain up-to-date backups and incident response plans to mitigate potential impacts if malware infections are identified.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium
Indicators of Compromise
- domain: geoecony.live
- domain: greeconoimy.run
- domain: hindecoo.live
- domain: eurowatchw.run
- domain: eurastratse.live
- hash: c2359bab629d4bab069b8170fe4d0cdffd9706bea70c36f26fd3d6afd269aeb7
- domain: tugrambling.shop
- domain: boxingcasualty.shop
- domain: yeaio.shop
- domain: dentistdomestic.shop
- domain: wildlifeautograph.shop
- domain: aoaee.shop
- hash: 5d57b78dc15dbdcd7aecda533b87dddcbbdfd4776c618b70ee94d4d718719b1f
- hash: 2a1177e56c1e0a47f830b44d239743b105d607131985166b04d9f73ca8c0f2d8
- hash: 0e4c0deb869f6fb31f6d44df1b3fbb77be9a0836c836699ab57a633f5580b71a
- hash: 33de9859e072e7ac501084ff7a9fe2fbc36d77ce7f00e4f75bf92db1eb88adfa
- hash: dff295c3e3547eab603b38131a52e31177b1745fe79bfedf4c5a97c8029bb306
- file: 146.19.143.149
- hash: 515
- domain: netnet.lol
- domain: sticker-88l.pages.dev
- url: https://ronthom.com/2y5t.js
- domain: ronthom.com
- url: https://ronthom.com/js.php
- file: 185.39.19.20
- hash: 429
- file: 194.87.209.28
- hash: 23
- domain: matur.press
- url: https://haidao10.top/www/good.js
- url: https://haidao10.top/www/index.php?0drf8bcr
- url: https://haidao10.top/www/sss.php
- url: https://todocarritos.top/www/files/proxy.zip?a9b3d8daa70919f77bf5a2f9&a9b3d8daa70919f77bf5a2f9
- url: https://www.coligeme.org/cloudflare.msi
- domain: www.coligeme.org
- domain: haidao10.top
- url: https://todocarritos.top/www/good.js
- domain: todocarritos.top
- url: https://todocarritos.top/www/select.js
- url: https://todocarritos.top/www/sss.php
- domain: lookyloo.circl.lu
- domain: chromeinstall.xyz
- domain: rdixit.github.io
- domain: klintaps.org
- domain: jadhaoagroinds.com
- domain: update.clcc.cl
- domain: updateyoubrousergoogle.com
- domain: arbitrag38.ru
- url: https://core.coligeme.com/cloudflare.msi
- domain: core.coligeme.com
- domain: manta-network-v2.us
- domain: tronilnk.com
- domain: en-trezor.io
- domain: atumicwallet.com
- domain: trust.wallet-web3.ing
- domain: coinomi.ing
- domain: defii-larna.net
- url: https://islonline.org/d.js
- url: https://erectilehelp.top/www/select.js
- domain: erectilehelp.top
- url: https://erectilehelp.top/www/sss.php
- domain: h1.unalteredaccuracy.shop
- domain: transdataa.digital
- url: https://transdataa.digital/xwpa
- file: 47.86.100.87
- hash: 443
- file: 157.230.42.240
- hash: 8443
- file: 156.244.7.187
- hash: 8888
- file: 38.146.27.84
- hash: 8808
- file: 198.23.227.140
- hash: 8801
- file: 54.184.31.128
- hash: 7443
- file: 152.42.138.246
- hash: 80
- file: 185.241.208.161
- hash: 80
- file: 3.84.178.184
- hash: 443
- file: 13.246.3.184
- hash: 2403
- file: 185.241.208.161
- hash: 8080
- url: https://security.cloflardg.com/b6c4d1a9f8g3h7e5n6b5a9de4f
- domain: security.cloflardg.com
- url: https://security.cloflardg.com/wordpress
- url: https://komijon.com/cloudflare.msi
- domain: komijon.com
- domain: qeqek.press
- url: https://fgeographys.run/eirq
- url: https://ncartograhphy.top/ixau
- url: https://pbiosphxere.digital/tqoa
- url: https://vclimatologfy.top/kbud
- hash: 10f02ed5ce084881608fda64a12b4e3b7b34e0bcaf99789bb957e2d33f0acbd5
- hash: f85a155d3f75cab12843688f02cec2774cb952c8e020cf764be181c81973e59b
- url: http://45.230.66.42:11826/mozi.m
- url: https://1biosphxere.digital/tqoa
- url: https://mcartograhphy.top/ixau
- url: https://otopographky.top/xlak
- url: https://www.komijon.org/cloudflare.msi
- domain: www.komijon.org
- domain: shequw.huixueweng.com
- file: 113.45.225.150
- hash: 9999
- file: 36.134.33.170
- hash: 4433
- file: 192.159.99.119
- hash: 8000
- file: 196.251.116.152
- hash: 222
- file: 134.122.184.23
- hash: 5671
- file: 134.122.184.32
- hash: 5671
- file: 129.211.28.117
- hash: 8443
- file: 111.229.202.130
- hash: 8933
- file: 172.174.202.217
- hash: 60000
- file: 8.152.194.88
- hash: 60000
- file: 83.3.213.194
- hash: 3333
- file: 34.40.34.80
- hash: 4141
- file: 43.202.136.28
- hash: 443
- file: 3.148.62.248
- hash: 8443
- file: 140.143.159.70
- hash: 3333
- file: 51.75.22.182
- hash: 8080
- file: 34.247.190.66
- hash: 443
- file: 43.202.120.54
- hash: 443
- file: 44.201.173.193
- hash: 443
- file: 150.109.117.131
- hash: 443
- file: 43.202.161.12
- hash: 443
- file: 134.122.22.5
- hash: 3333
- file: 35.157.26.81
- hash: 443
- file: 20.197.44.216
- hash: 3333
- file: 43.138.181.97
- hash: 3333
- file: 3.101.191.16
- hash: 3636
- file: 128.140.102.15
- hash: 443
- file: 35.84.54.233
- hash: 80
- file: 13.60.48.25
- hash: 443
- file: 13.238.144.187
- hash: 443
- file: 41.175.29.98
- hash: 3333
- file: 173.224.122.193
- hash: 3333
- file: 3.253.128.155
- hash: 443
- file: 221.234.131.137
- hash: 8443
- file: 104.168.96.138
- hash: 16001
- file: 52.23.156.175
- hash: 50100
- file: 52.23.156.175
- hash: 55200
- file: 52.23.156.175
- hash: 14900
- file: 18.212.89.240
- hash: 15
- file: 172.232.27.20
- hash: 31337
- file: 165.22.212.253
- hash: 31337
- file: 154.22.5.87
- hash: 7443
- url: http://80.78.28.147/
- url: https://zfbezhefbzhbdfbzdufbuzbdf.pages.dev/
- url: https://zoomnews.net/
- domain: teklits.com
- file: 38.181.44.107
- hash: 88
- file: 38.207.176.43
- hash: 8088
- file: 81.69.249.141
- hash: 8080
- file: 47.122.122.68
- hash: 81
- file: 47.122.122.68
- hash: 80
- file: 47.108.158.237
- hash: 8888
- file: 111.229.121.53
- hash: 57878
- file: 47.111.117.97
- hash: 80
- file: 196.251.116.152
- hash: 5555
- file: 196.251.116.152
- hash: 7777
- file: 3.0.125.83
- hash: 80
- domain: login.socalmediazone.com
- file: 45.164.125.139
- hash: 7171
- file: 54.165.221.106
- hash: 10859
- file: 3.107.166.83
- hash: 55174
- file: 107.191.48.137
- hash: 443
- domain: cabym.press
- file: 172.94.53.162
- hash: 1361
- file: 176.98.186.10
- hash: 80
- file: 185.244.30.101
- hash: 2404
- url: https://api.telegram.org/bot7381501080:aaef6ov30zeozs2sgutisqhwb_z4gqtpoqu/sendmessage?chat_id=7881071100
- file: 38.242.155.5
- hash: 2404
- file: 45.88.186.77
- hash: 2404
- file: 70.31.125.227
- hash: 2078
- file: 86.123.199.140
- hash: 443
- domain: becel.press
- url: https://smart-american.com/j.js
- url: https://haidao10.top/www/select.js
- url: https://todocarritos.top/www/files/teleram.zip
- url: https://gocloudes.com/6a1f2b3c4d5e6f7a8b9c0d1e2f3a4b5/
- url: https://security.flacgaurd.com/b6c4d1a9f8g3h7e5n6b5a9de4f
- domain: security.flacgaurd.com
- url: https://security.flacgaurd.com/wordpress
- url: https://zemiosp.com/cloud.msi
- domain: zemiosp.com
- file: 147.185.221.27
- hash: 31185
- domain: team-evaluating.gl.at.ply.gg
- domain: biwiv.press
- file: 134.3.182.224
- hash: 443
- file: 66.103.199.102
- hash: 6666
- file: 39.101.171.116
- hash: 443
- file: 166.88.14.137
- hash: 8443
- file: 115.159.92.22
- hash: 80
- file: 3.127.37.193
- hash: 443
- file: 206.238.196.130
- hash: 443
- file: 196.251.116.152
- hash: 888
- file: 80.209.243.125
- hash: 15647
- file: 84.247.148.249
- hash: 7443
- file: 94.26.90.62
- hash: 443
- file: 13.244.87.214
- hash: 6006
- file: 3.26.144.235
- hash: 9142
- file: 3.26.144.235
- hash: 31242
- file: 123.249.0.46
- hash: 80
- domain: farav.press
- url: http://117.209.1.114:53127/mozi.m
- url: https://mediaflowq.run/aeui
- url: https://ubiosphxere.digital/tqoa
- url: https://xvigorbridgoe.top/banb
- file: 185.218.87.34
- hash: 443
- file: 8.135.240.90
- hash: 443
- file: 54.244.226.5
- hash: 80
- file: 45.141.101.131
- hash: 31337
- file: 216.107.138.186
- hash: 31337
- file: 161.35.151.71
- hash: 31337
- file: 158.176.11.88
- hash: 31337
- file: 103.233.8.39
- hash: 31337
- file: 35.182.188.168
- hash: 10013
- file: 52.23.156.175
- hash: 35100
- file: 118.122.8.155
- hash: 12571
- file: 44.243.105.226
- hash: 4063
- file: 84.46.239.89
- hash: 8443
- file: 110.43.68.73
- hash: 10001
- file: 92.255.57.35
- hash: 9000
- file: 13.49.223.229
- hash: 4444
- domain: streamingrpots.duckdns.org
- domain: bid-nova.gl.at.ply.gg
- domain: superaidol-42726.portmap.io
- domain: typoi-53795.portmap.io
- file: 101.201.76.1
- hash: 80
- file: 43.153.225.68
- hash: 8888
- file: 118.107.221.15
- hash: 80
- file: 60.204.152.14
- hash: 80
- file: 60.204.152.14
- hash: 443
- file: 45.192.164.239
- hash: 8888
- file: 94.156.177.241
- hash: 80
- file: 91.235.234.50
- hash: 8808
- file: 172.86.66.7
- hash: 7443
- file: 34.23.216.158
- hash: 7443
- file: 31.58.58.237
- hash: 80
- file: 194.26.135.9
- hash: 41674
- file: 194.26.135.10
- hash: 41674
- file: 154.216.20.137
- hash: 41674
- url: https://bhungreecoq.run/tqow
- url: https://flongitudde.digital/wizu
- file: 121.40.87.143
- hash: 443
- file: 120.46.217.53
- hash: 8090
- file: 91.231.182.140
- hash: 443
- file: 152.42.195.237
- hash: 8000
- file: 45.141.233.154
- hash: 555
- file: 163.172.125.253
- hash: 411
- file: 64.227.101.209
- hash: 443
- file: 5.252.155.84
- hash: 8089
- file: 13.251.180.166
- hash: 80
- file: 43.139.57.190
- hash: 50001
- file: 176.143.53.10
- hash: 81
- file: 181.206.158.190
- hash: 1000
- file: 20.54.80.208
- hash: 80
- file: 38.60.203.20
- hash: 5000
- file: 104.37.4.100
- hash: 6000
- file: 104.37.4.100
- hash: 6002
- file: 104.37.4.101
- hash: 6000
- file: 104.37.4.101
- hash: 6001
- file: 120.46.194.198
- hash: 60000
- file: 142.171.44.245
- hash: 443
- file: 156.244.7.203
- hash: 443
- file: 156.244.7.203
- hash: 8090
- file: 18.218.8.239
- hash: 8888
- file: 185.39.17.180
- hash: 80
- file: 192.9.244.150
- hash: 443
- file: 39.40.139.205
- hash: 995
- file: 5.8.18.103
- hash: 6856
- file: 67.211.216.77
- hash: 5555
- file: 79.119.15.161
- hash: 443
- file: 8.211.157.140
- hash: 2001
- domain: logced.com
- url: https://stropiscbs.live/iuwxx
- url: https://uwoodpeckersd.run/glsk
- file: 124.223.220.137
- hash: 80
ThreatFox IOCs for 2025-04-26
Medium
Published: Sat Apr 26 2025 (04/26/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-04-26
AI-Powered Analysis
AILast updated: 06/19/2025, 15:02:23 UTC
Technical Analysis
The provided information pertains to a malware threat identified as 'ThreatFox IOCs for 2025-04-26,' sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) related to various cyber threats. The threat is categorized under 'malware' with a medium severity rating and is tagged as 'type:osint' and 'tlp:white,' indicating that the information is openly shareable and relates to open-source intelligence. There are no specific affected product versions or CWE identifiers listed, and no known exploits in the wild have been reported at the time of publication. The technical details include a threat level of 2, an analysis rating of 1, and a distribution rating of 3, suggesting moderate threat presence and distribution. However, the absence of detailed technical indicators, such as malware behavior, infection vectors, or payload specifics, limits the depth of technical analysis. The threat appears to be a collection or update of IOCs rather than a single exploit or malware strain, implying it may be used to detect or track malicious activities rather than representing a direct attack vector itself. The lack of patch links and affected versions further supports that this is an intelligence update rather than a vulnerability or exploit targeting specific software.
Potential Impact
Given the nature of this threat as an IOC update related to malware, the direct impact on European organizations is primarily in the domain of threat detection and situational awareness rather than immediate compromise. Organizations that integrate ThreatFox IOCs into their security monitoring tools can enhance their ability to detect and respond to malware-related activities. However, without specific exploit details or active campaigns, the immediate risk of infection or breach is low. The medium severity rating suggests that while the threat is not currently critical, it warrants attention to prevent potential future exploitation. European organizations relying on OSINT feeds for threat intelligence will benefit from incorporating these IOCs to improve their detection capabilities. Failure to do so might result in delayed identification of malware infections or related malicious activities, potentially impacting confidentiality, integrity, or availability if the underlying malware is activated. The absence of known exploits in the wild reduces the urgency but does not eliminate the need for vigilance, especially in sectors with high-value targets such as finance, critical infrastructure, and government.
Mitigation Recommendations
1. Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities. 2. Regularly update threat intelligence feeds to ensure the latest IOCs are available for correlation and alerting. 3. Conduct proactive threat hunting exercises using the provided IOCs to identify any latent or undetected malware presence within the network. 4. Enhance network segmentation and implement strict access controls to limit malware propagation if detected. 5. Train security operations teams to recognize and respond to alerts generated by these IOCs promptly. 6. Collaborate with national and European cybersecurity centers (e.g., ENISA) to share findings and receive contextual threat intelligence. 7. Since no patches are associated, focus on detection and response rather than patch management for this specific threat. 8. Maintain up-to-date backups and incident response plans to mitigate potential impacts if malware infections are identified.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 145c18ba-4b3d-4785-9d43-00157a0962c5
- Original Timestamp
- 1745712187
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domaingeoecony.live | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaingreeconoimy.run | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainhindecoo.live | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaineurowatchw.run | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaineurastratse.live | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaintugrambling.shop | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainboxingcasualty.shop | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainyeaio.shop | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaindentistdomestic.shop | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainwildlifeautograph.shop | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainaoaee.shop | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainnetnet.lol | ClearFake payload delivery domain (confidence level: 100%) | |
domainsticker-88l.pages.dev | ClearFake payload delivery domain (confidence level: 100%) | |
domainronthom.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainmatur.press | ClearFake payload delivery domain (confidence level: 100%) | |
domainwww.coligeme.org | Unknown malware payload delivery domain (confidence level: 100%) | |
domainhaidao10.top | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domaintodocarritos.top | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainlookyloo.circl.lu | FAKEUPDATES payload delivery domain (confidence level: 80%) | |
domainchromeinstall.xyz | FAKEUPDATES payload delivery domain (confidence level: 80%) | |
domainrdixit.github.io | FAKEUPDATES payload delivery domain (confidence level: 80%) | |
domainklintaps.org | FAKEUPDATES payload delivery domain (confidence level: 80%) | |
domainjadhaoagroinds.com | FAKEUPDATES payload delivery domain (confidence level: 80%) | |
domainupdate.clcc.cl | FAKEUPDATES payload delivery domain (confidence level: 80%) | |
domainupdateyoubrousergoogle.com | FAKEUPDATES payload delivery domain (confidence level: 80%) | |
domainarbitrag38.ru | FAKEUPDATES payload delivery domain (confidence level: 80%) | |
domaincore.coligeme.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainmanta-network-v2.us | Formbook botnet C2 domain (confidence level: 50%) | |
domaintronilnk.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainen-trezor.io | Formbook botnet C2 domain (confidence level: 50%) | |
domainatumicwallet.com | Formbook botnet C2 domain (confidence level: 50%) | |
domaintrust.wallet-web3.ing | Formbook botnet C2 domain (confidence level: 50%) | |
domaincoinomi.ing | Formbook botnet C2 domain (confidence level: 50%) | |
domaindefii-larna.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainerectilehelp.top | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainh1.unalteredaccuracy.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintransdataa.digital | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsecurity.cloflardg.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainkomijon.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainqeqek.press | ClearFake payload delivery domain (confidence level: 100%) | |
domainwww.komijon.org | Unknown malware payload delivery domain (confidence level: 100%) | |
domainshequw.huixueweng.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainteklits.com | FAKEUPDATES payload delivery domain (confidence level: 50%) | |
domainlogin.socalmediazone.com | Hook botnet C2 domain (confidence level: 100%) | |
domaincabym.press | ClearFake payload delivery domain (confidence level: 100%) | |
domainbecel.press | ClearFake payload delivery domain (confidence level: 100%) | |
domainsecurity.flacgaurd.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainzemiosp.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainteam-evaluating.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 75%) | |
domainbiwiv.press | ClearFake payload delivery domain (confidence level: 100%) | |
domainfarav.press | ClearFake payload delivery domain (confidence level: 100%) | |
domainstreamingrpots.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainbid-nova.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainsuperaidol-42726.portmap.io | XWorm botnet C2 domain (confidence level: 50%) | |
domaintypoi-53795.portmap.io | XWorm botnet C2 domain (confidence level: 50%) | |
domainlogced.com | DOPLUGS botnet C2 domain (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hashc2359bab629d4bab069b8170fe4d0cdffd9706bea70c36f26fd3d6afd269aeb7 | Unknown malware payload (confidence level: 25%) | |
hash5d57b78dc15dbdcd7aecda533b87dddcbbdfd4776c618b70ee94d4d718719b1f | Unknown malware payload (confidence level: 25%) | |
hash2a1177e56c1e0a47f830b44d239743b105d607131985166b04d9f73ca8c0f2d8 | Unknown malware payload (confidence level: 50%) | |
hash0e4c0deb869f6fb31f6d44df1b3fbb77be9a0836c836699ab57a633f5580b71a | Unknown malware payload (confidence level: 25%) | |
hash33de9859e072e7ac501084ff7a9fe2fbc36d77ce7f00e4f75bf92db1eb88adfa | Unknown malware payload (confidence level: 50%) | |
hashdff295c3e3547eab603b38131a52e31177b1745fe79bfedf4c5a97c8029bb306 | Unknown malware payload (confidence level: 75%) | |
hash515 | Bashlite botnet C2 server (confidence level: 75%) | |
hash429 | Tofsee botnet C2 server (confidence level: 100%) | |
hash23 | Bashlite botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8801 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash2403 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8080 | ERMAC botnet C2 server (confidence level: 100%) | |
hash10f02ed5ce084881608fda64a12b4e3b7b34e0bcaf99789bb957e2d33f0acbd5 | Unknown Stealer payload (confidence level: 100%) | |
hashf85a155d3f75cab12843688f02cec2774cb952c8e020cf764be181c81973e59b | Unknown Stealer payload (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5671 | DCRat botnet C2 server (confidence level: 100%) | |
hash5671 | DCRat botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8933 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4141 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3636 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash16001 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50100 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash55200 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash14900 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash15 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash88 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash57878 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5555 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7777 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash7171 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash10859 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash55174 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
hash1361 | Remcos botnet C2 server (confidence level: 75%) | |
hash80 | Stealc botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 75%) | |
hash2078 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash31185 | NjRAT botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6666 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash15647 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash6006 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash9142 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash31242 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash10013 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash35100 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash12571 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash4063 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash8443 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 50%) | |
hash4444 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash41674 | I2PRAT botnet C2 server (confidence level: 50%) | |
hash41674 | I2PRAT botnet C2 server (confidence level: 100%) | |
hash41674 | I2PRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8090 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8000 | Sliver botnet C2 server (confidence level: 100%) | |
hash555 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash411 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash50001 | Havoc botnet C2 server (confidence level: 100%) | |
hash81 | DCRat botnet C2 server (confidence level: 100%) | |
hash1000 | DCRat botnet C2 server (confidence level: 100%) | |
hash80 | ERMAC botnet C2 server (confidence level: 100%) | |
hash5000 | DOPLUGS botnet C2 server (confidence level: 100%) | |
hash6000 | Remcos botnet C2 server (confidence level: 75%) | |
hash6002 | Remcos botnet C2 server (confidence level: 75%) | |
hash6000 | Remcos botnet C2 server (confidence level: 75%) | |
hash6001 | Remcos botnet C2 server (confidence level: 75%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | DOPLUGS botnet C2 server (confidence level: 100%) | |
hash8090 | DOPLUGS botnet C2 server (confidence level: 100%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash80 | Stealc botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash6856 | Remcos botnet C2 server (confidence level: 75%) | |
hash5555 | Remcos botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash2001 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) |
File
| Value | Description | Copy |
|---|---|---|
file146.19.143.149 | Bashlite botnet C2 server (confidence level: 75%) | |
file185.39.19.20 | Tofsee botnet C2 server (confidence level: 100%) | |
file194.87.209.28 | Bashlite botnet C2 server (confidence level: 75%) | |
file47.86.100.87 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file157.230.42.240 | Sliver botnet C2 server (confidence level: 100%) | |
file156.244.7.187 | Unknown malware botnet C2 server (confidence level: 100%) | |
file38.146.27.84 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file198.23.227.140 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file54.184.31.128 | Unknown malware botnet C2 server (confidence level: 100%) | |
file152.42.138.246 | Hook botnet C2 server (confidence level: 100%) | |
file185.241.208.161 | Hook botnet C2 server (confidence level: 100%) | |
file3.84.178.184 | Havoc botnet C2 server (confidence level: 100%) | |
file13.246.3.184 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file185.241.208.161 | ERMAC botnet C2 server (confidence level: 100%) | |
file113.45.225.150 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file36.134.33.170 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file192.159.99.119 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.116.152 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file134.122.184.23 | DCRat botnet C2 server (confidence level: 100%) | |
file134.122.184.32 | DCRat botnet C2 server (confidence level: 100%) | |
file129.211.28.117 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.229.202.130 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.174.202.217 | Unknown malware botnet C2 server (confidence level: 100%) | |
file8.152.194.88 | Unknown malware botnet C2 server (confidence level: 100%) | |
file83.3.213.194 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.40.34.80 | Unknown malware botnet C2 server (confidence level: 100%) | |
file43.202.136.28 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.148.62.248 | Unknown malware botnet C2 server (confidence level: 100%) | |
file140.143.159.70 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.75.22.182 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.247.190.66 | Unknown malware botnet C2 server (confidence level: 100%) | |
file43.202.120.54 | Unknown malware botnet C2 server (confidence level: 100%) | |
file44.201.173.193 | Unknown malware botnet C2 server (confidence level: 100%) | |
file150.109.117.131 | Unknown malware botnet C2 server (confidence level: 100%) | |
file43.202.161.12 | Unknown malware botnet C2 server (confidence level: 100%) | |
file134.122.22.5 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.157.26.81 | Unknown malware botnet C2 server (confidence level: 100%) | |
file20.197.44.216 | Unknown malware botnet C2 server (confidence level: 100%) | |
file43.138.181.97 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.101.191.16 | Unknown malware botnet C2 server (confidence level: 100%) | |
file128.140.102.15 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.84.54.233 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.60.48.25 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.238.144.187 | Unknown malware botnet C2 server (confidence level: 100%) | |
file41.175.29.98 | Unknown malware botnet C2 server (confidence level: 100%) | |
file173.224.122.193 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.253.128.155 | Unknown malware botnet C2 server (confidence level: 100%) | |
file221.234.131.137 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file104.168.96.138 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file52.23.156.175 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file52.23.156.175 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file52.23.156.175 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file18.212.89.240 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file172.232.27.20 | Sliver botnet C2 server (confidence level: 50%) | |
file165.22.212.253 | Sliver botnet C2 server (confidence level: 50%) | |
file154.22.5.87 | Unknown malware botnet C2 server (confidence level: 50%) | |
file38.181.44.107 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.207.176.43 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file81.69.249.141 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.122.122.68 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.122.122.68 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.108.158.237 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.229.121.53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.111.117.97 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file196.251.116.152 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.116.152 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file3.0.125.83 | Hook botnet C2 server (confidence level: 100%) | |
file45.164.125.139 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file54.165.221.106 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file3.107.166.83 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file107.191.48.137 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
file172.94.53.162 | Remcos botnet C2 server (confidence level: 75%) | |
file176.98.186.10 | Stealc botnet C2 server (confidence level: 75%) | |
file185.244.30.101 | Remcos botnet C2 server (confidence level: 75%) | |
file38.242.155.5 | Remcos botnet C2 server (confidence level: 75%) | |
file45.88.186.77 | Remcos botnet C2 server (confidence level: 75%) | |
file70.31.125.227 | QakBot botnet C2 server (confidence level: 75%) | |
file86.123.199.140 | QakBot botnet C2 server (confidence level: 75%) | |
file147.185.221.27 | NjRAT botnet C2 server (confidence level: 75%) | |
file134.3.182.224 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file66.103.199.102 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.101.171.116 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file166.88.14.137 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file115.159.92.22 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file3.127.37.193 | Sliver botnet C2 server (confidence level: 100%) | |
file206.238.196.130 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.116.152 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file80.209.243.125 | SectopRAT botnet C2 server (confidence level: 100%) | |
file84.247.148.249 | Unknown malware botnet C2 server (confidence level: 100%) | |
file94.26.90.62 | Havoc botnet C2 server (confidence level: 100%) | |
file13.244.87.214 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file3.26.144.235 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file3.26.144.235 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file123.249.0.46 | MimiKatz botnet C2 server (confidence level: 100%) | |
file185.218.87.34 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file8.135.240.90 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file54.244.226.5 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file45.141.101.131 | Sliver botnet C2 server (confidence level: 50%) | |
file216.107.138.186 | Sliver botnet C2 server (confidence level: 50%) | |
file161.35.151.71 | Sliver botnet C2 server (confidence level: 50%) | |
file158.176.11.88 | Sliver botnet C2 server (confidence level: 50%) | |
file103.233.8.39 | Sliver botnet C2 server (confidence level: 50%) | |
file35.182.188.168 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file52.23.156.175 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file118.122.8.155 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file44.243.105.226 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file84.46.239.89 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
file110.43.68.73 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file92.255.57.35 | SectopRAT botnet C2 server (confidence level: 50%) | |
file13.49.223.229 | Unknown malware botnet C2 server (confidence level: 50%) | |
file101.201.76.1 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.153.225.68 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.107.221.15 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file60.204.152.14 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file60.204.152.14 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.192.164.239 | Unknown malware botnet C2 server (confidence level: 100%) | |
file94.156.177.241 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file91.235.234.50 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file172.86.66.7 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.23.216.158 | Unknown malware botnet C2 server (confidence level: 100%) | |
file31.58.58.237 | MooBot botnet C2 server (confidence level: 100%) | |
file194.26.135.9 | I2PRAT botnet C2 server (confidence level: 50%) | |
file194.26.135.10 | I2PRAT botnet C2 server (confidence level: 100%) | |
file154.216.20.137 | I2PRAT botnet C2 server (confidence level: 100%) | |
file121.40.87.143 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.46.217.53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.231.182.140 | Sliver botnet C2 server (confidence level: 100%) | |
file152.42.195.237 | Sliver botnet C2 server (confidence level: 100%) | |
file45.141.233.154 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file163.172.125.253 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file64.227.101.209 | Unknown malware botnet C2 server (confidence level: 100%) | |
file5.252.155.84 | Hook botnet C2 server (confidence level: 100%) | |
file13.251.180.166 | Hook botnet C2 server (confidence level: 100%) | |
file43.139.57.190 | Havoc botnet C2 server (confidence level: 100%) | |
file176.143.53.10 | DCRat botnet C2 server (confidence level: 100%) | |
file181.206.158.190 | DCRat botnet C2 server (confidence level: 100%) | |
file20.54.80.208 | ERMAC botnet C2 server (confidence level: 100%) | |
file38.60.203.20 | DOPLUGS botnet C2 server (confidence level: 100%) | |
file104.37.4.100 | Remcos botnet C2 server (confidence level: 75%) | |
file104.37.4.100 | Remcos botnet C2 server (confidence level: 75%) | |
file104.37.4.101 | Remcos botnet C2 server (confidence level: 75%) | |
file104.37.4.101 | Remcos botnet C2 server (confidence level: 75%) | |
file120.46.194.198 | Unknown malware botnet C2 server (confidence level: 75%) | |
file142.171.44.245 | Sliver botnet C2 server (confidence level: 75%) | |
file156.244.7.203 | DOPLUGS botnet C2 server (confidence level: 100%) | |
file156.244.7.203 | DOPLUGS botnet C2 server (confidence level: 100%) | |
file18.218.8.239 | Sliver botnet C2 server (confidence level: 75%) | |
file185.39.17.180 | Stealc botnet C2 server (confidence level: 75%) | |
file192.9.244.150 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file39.40.139.205 | QakBot botnet C2 server (confidence level: 75%) | |
file5.8.18.103 | Remcos botnet C2 server (confidence level: 75%) | |
file67.211.216.77 | Remcos botnet C2 server (confidence level: 75%) | |
file79.119.15.161 | QakBot botnet C2 server (confidence level: 75%) | |
file8.211.157.140 | Meterpreter botnet C2 server (confidence level: 75%) | |
file124.223.220.137 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://ronthom.com/2y5t.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://ronthom.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://haidao10.top/www/good.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://haidao10.top/www/index.php?0drf8bcr | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://haidao10.top/www/sss.php | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://todocarritos.top/www/files/proxy.zip?a9b3d8daa70919f77bf5a2f9&a9b3d8daa70919f77bf5a2f9 | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://www.coligeme.org/cloudflare.msi | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://todocarritos.top/www/good.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://todocarritos.top/www/select.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://todocarritos.top/www/sss.php | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://core.coligeme.com/cloudflare.msi | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://islonline.org/d.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://erectilehelp.top/www/select.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://erectilehelp.top/www/sss.php | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://transdataa.digital/xwpa | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://security.cloflardg.com/b6c4d1a9f8g3h7e5n6b5a9de4f | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://security.cloflardg.com/wordpress | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://komijon.com/cloudflare.msi | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://fgeographys.run/eirq | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ncartograhphy.top/ixau | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://pbiosphxere.digital/tqoa | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://vclimatologfy.top/kbud | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://45.230.66.42:11826/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttps://1biosphxere.digital/tqoa | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://mcartograhphy.top/ixau | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://otopographky.top/xlak | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://www.komijon.org/cloudflare.msi | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://80.78.28.147/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://zfbezhefbzhbdfbzdufbuzbdf.pages.dev/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://zoomnews.net/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://api.telegram.org/bot7381501080:aaef6ov30zeozs2sgutisqhwb_z4gqtpoqu/sendmessage?chat_id=7881071100 | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://smart-american.com/j.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://haidao10.top/www/select.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://todocarritos.top/www/files/teleram.zip | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://gocloudes.com/6a1f2b3c4d5e6f7a8b9c0d1e2f3a4b5/ | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://security.flacgaurd.com/b6c4d1a9f8g3h7e5n6b5a9de4f | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://security.flacgaurd.com/wordpress | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://zemiosp.com/cloud.msi | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://117.209.1.114:53127/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttps://mediaflowq.run/aeui | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ubiosphxere.digital/tqoa | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://xvigorbridgoe.top/banb | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://bhungreecoq.run/tqow | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://flongitudde.digital/wizu | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://stropiscbs.live/iuwxx | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://uwoodpeckersd.run/glsk | Lumma Stealer botnet C2 (confidence level: 75%) |
Threat ID: 682c7db2e8347ec82d2a3b76
Added to database: 5/20/2025, 1:03:46 PM
Last enriched: 6/19/2025, 3:02:23 PM
Last updated: 8/14/2025, 7:31:42 PM
Views: 16
Related Threats
ThreatFox IOCs for 2025-08-17
MediumMalwareMon Aug 18 2025
ThreatFox IOCs for 2025-08-16
MediumMalwareSun Aug 17 2025
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumMalwareSat Aug 16 2025
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.