ThreatFox IOCs for 2025-04-30
Severity: mediumType: malware
ThreatFox IOCs for 2025-04-30
AI Analysis
Technical Summary
The provided threat intelligence pertains to a malware-related entry titled "ThreatFox IOCs for 2025-04-30," sourced from ThreatFox, an OSINT (Open Source Intelligence) platform. The entry appears to be a collection or update of Indicators of Compromise (IOCs) related to malware activities as of April 30, 2025. However, the technical details are minimal, with no specific affected software versions, no Common Weakness Enumerations (CWEs), and no patch links provided. The threat level is indicated as 2 on an unspecified scale, with analysis rated at 1 and distribution at 3, suggesting moderate dissemination but limited analytical depth. No known exploits are currently reported in the wild, and no direct technical indicators or attack vectors are described. The severity is marked as medium, which aligns with the moderate threat level and distribution. Given the lack of detailed technical information, it is likely that this entry serves as a general alert or repository update for malware-related IOCs rather than a description of a novel or active exploit. The absence of affected versions or products implies that the threat may be generic or broadly applicable to multiple environments rather than targeting a specific software or hardware platform. The TLP (Traffic Light Protocol) white tag indicates that the information is intended for unrestricted sharing, suggesting that the data is not sensitive or restricted. Overall, this threat entry represents a moderate-level malware-related intelligence update with limited actionable technical specifics at this time.
Potential Impact
For European organizations, the impact of this threat is currently limited due to the absence of detailed exploit information or known active attacks. However, the presence of malware-related IOCs implies a potential risk of infection or compromise if these indicators are relevant to the organization's environment. The moderate distribution level suggests that the malware or associated indicators may be circulating within certain communities or sectors, possibly increasing the risk of exposure. European entities involved in cybersecurity monitoring, threat intelligence sharing, or incident response may find value in integrating these IOCs into their detection systems to enhance early warning capabilities. Without specific affected products or vulnerabilities, the direct impact on confidentiality, integrity, or availability remains uncertain but is likely moderate. Organizations with mature security operations centers (SOCs) and threat hunting capabilities can leverage this information to proactively identify potential infections or reconnaissance activities. The lack of known exploits in the wild reduces the immediate threat level but does not eliminate the risk of future exploitation or targeted campaigns leveraging these IOCs.
Mitigation Recommendations
1. Integrate the provided IOCs into existing security monitoring tools such as SIEMs, IDS/IPS, and endpoint detection and response (EDR) platforms to enhance detection capabilities. 2. Conduct regular threat hunting exercises focusing on the indicators associated with this update to identify any early signs of compromise. 3. Maintain up-to-date malware signatures and heuristic detection rules to improve the likelihood of identifying related malware activity. 4. Enhance network segmentation and implement strict access controls to limit lateral movement should an infection occur. 5. Promote user awareness training focused on recognizing phishing and social engineering tactics, as these are common malware delivery methods. 6. Collaborate with national and European cybersecurity information sharing organizations to receive timely updates and contextual threat intelligence. 7. Regularly review and update incident response plans to incorporate procedures for handling malware infections related to emerging IOCs. These recommendations go beyond generic advice by emphasizing proactive integration of IOCs, threat hunting, and collaboration within European cybersecurity frameworks.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- domain: mentor.omgwowhq.org
- domain: mypah.press
- hash: 983a20479a281a182d33b75c0945e447
- hash: 4fe99e5dc101170750d8ece6ea066155
- hash: dc344328208c3481587d0aab1005fcdd
- hash: 10911494fa52daee0279972f91fded01
- hash: 24ccd142ff83e8622f00f5443ea5cb2d
- hash: a6980e543efa40771ed1dcf84b29d732
- hash: a162a5c5ab72b3783215f52b9edc3680
- hash: 600371ebab1e29429f06a5b1909056e5
- hash: 0067679c7033139bcbb273840494b324
- hash: 602d720f1184d2ad739568cbf6403331
- hash: ec5b1a6de3564c26c4e0e804e6bc2ecb
- hash: f05b57cdc3420acc359efe9e4941c428
- hash: 0168a4daa9598e991e140057e59438f6
- hash: 6be23d5a1ff1e9cbe99fe7f7c49a5607
- hash: e874240a53fc353bc770f507445cc061
- hash: eb46bc3e2ad88149176ef33c9fea087a
- hash: bdf6ac02664baea655b103d50bdfd6ec
- hash: bd29231bc4f2c6d2f22fa026e2eaca40
- hash: 6b0631f823e171da4b7e9350f61a0536
- hash: 49b53d3c715ec879efeb51d386b9d923
- domain: crrtwright.top
- domain: min-js-lib.pages.dev
- domain: greenhoet.top
- url: https://tsoi-zhiv.com/login
- domain: nodepathr.run
- domain: h1.exceptionicon.top
- file: 175.107.38.81
- hash: 8100
- domain: hywod.press
- domain: lyqej.press
- hash: 44285363a25d16417837cf949b9493ec71a94a957fa59c007aad48149fa38235
- hash: 4ea04c70a903300423462f26891a47de633716efe058cfe62c2fa71ed9009e7c
- domain: wakor.press
- domain: moriartybirds.click
- domain: niaolas.top
- url: https://leeling.top/sign/in
- domain: leeling.top
- domain: netscoute.digital
- file: 47.115.227.6
- hash: 4432
- file: 23.94.200.251
- hash: 8088
- file: 43.142.157.142
- hash: 80
- file: 39.101.135.210
- hash: 80
- file: 148.66.16.228
- hash: 443
- file: 148.66.16.227
- hash: 443
- file: 148.66.16.229
- hash: 80
- file: 185.39.17.25
- hash: 443
- file: 137.184.190.241
- hash: 8080
- file: 188.218.201.194
- hash: 8808
- file: 173.44.139.179
- hash: 7272
- file: 173.208.162.225
- hash: 7443
- file: 104.248.5.186
- hash: 443
- file: 54.206.1.218
- hash: 443
- file: 146.70.24.193
- hash: 443
- file: 23.227.199.118
- hash: 14443
- file: 209.141.55.248
- hash: 80
- file: 147.124.219.157
- hash: 19000
- domain: wlandersmountain.click
- url: https://1geographys.run/eirq
- url: https://cmwoodpeckersd.run/glsk
- url: https://corexlaib.top/xzea
- url: https://datamanipy.run/bent
- url: https://datawavej.digital/bafy
- url: https://techchaiun.live/qwes
- url: https://vecturar.top/zsia
- url: https://4zenithcorde.top/auid
- url: https://eaglekl.digital/eand
- url: https://ibearjk.live/benj
- url: https://pblockhubr.live/jhgf
- url: https://wtechguidet.digital/apdo
- file: 124.223.32.16
- hash: 8080
- file: 148.66.16.226
- hash: 80
- file: 148.66.16.226
- hash: 443
- file: 51.20.93.22
- hash: 443
- file: 128.90.113.26
- hash: 2000
- file: 128.90.113.26
- hash: 4000
- file: 128.90.113.26
- hash: 8808
- file: 38.76.247.230
- hash: 7443
- file: 107.172.102.50
- hash: 7443
- file: 173.208.162.225
- hash: 443
- file: 194.164.194.149
- hash: 4443
- file: 45.134.39.5
- hash: 80
- file: 45.134.39.5
- hash: 8089
- file: 103.127.135.159
- hash: 8008
- file: 91.99.67.156
- hash: 443
- file: 137.184.89.150
- hash: 8080
- file: 103.8.185.170
- hash: 3333
- file: 44.231.48.102
- hash: 443
- file: 3.141.206.31
- hash: 8443
- file: 3.129.118.20
- hash: 443
- file: 172.208.53.96
- hash: 8080
- file: 89.248.170.161
- hash: 8080
- file: 149.90.103.193
- hash: 3333
- file: 34.72.179.141
- hash: 3333
- file: 43.205.218.182
- hash: 80
- file: 5.78.77.165
- hash: 3333
- file: 3.142.104.17
- hash: 443
- file: 52.14.245.245
- hash: 443
- file: 35.173.246.249
- hash: 3333
- file: 3.216.45.175
- hash: 443
- domain: nkdnopfdabcj.izipy.com
- domain: muvom.press
- file: 113.44.168.133
- hash: 8888
- file: 103.233.253.26
- hash: 9999
- file: 8.138.19.182
- hash: 808
- file: 124.70.204.188
- hash: 443
- file: 154.201.74.112
- hash: 8001
- file: 189.1.229.235
- hash: 1234
- url: http://canopyselected.com/nwxf4tjx9nrn34/index.php
- file: 62.60.234.10
- hash: 1488
- hash: 84b88ac81e4872ff3bf15c72f431d101
- hash: 47386ee20a6a94830ee4fa38b419a6f7
- hash: f257d37c05d29e725071a900ef49f1c9
- hash: d0706d40e65e2dc6452c2279a4ab882c
- url: http://185.101.93.54/avg/14840646743032cdbox.php
- domain: jezyq.press
- url: https://stewframe.icu/art.php
- url: https://8piratetwrath.run/ytus
- url: https://xcelmodo.run/api
- url: https://ihemispherexz.top/xapp
- url: https://narwhaltr.live/saud
- url: https://ustarofliught.top/wozd
- domain: brandihx.run
- domain: victoreqs.run
- file: 34.93.12.185
- hash: 443
- file: 47.108.158.237
- hash: 9999
- file: 148.66.16.230
- hash: 443
- file: 148.66.16.230
- hash: 80
- file: 47.129.6.50
- hash: 443
- file: 139.180.217.142
- hash: 8888
- file: 45.138.16.100
- hash: 8808
- file: 196.251.116.152
- hash: 4444
- file: 172.188.218.53
- hash: 7443
- file: 152.42.195.54
- hash: 443
- file: 195.82.147.63
- hash: 8080
- file: 15.157.69.142
- hash: 40257
- domain: tuboos.pages.dev
- domain: yuun.pages.dev
- domain: jumstor.cloud
- url: https://5datamanipy.run/bent
- url: https://btechwaveg.run/oipz
- url: https://ddatawavej.digital/bafy
- url: https://mzenithcorde.top/auid
- url: https://qvecturar.top/zsia
- url: https://ybearjk.live/benj
- url: https://xtechsyncq.run/riid
- url: https://brandihx.run/lowp
- url: https://kdatawavej.digital/bafy
- url: https://ktechsyncq.run/riid
- file: 184.97.3.210
- hash: 8080
- file: 185.101.38.39
- hash: 2405
- file: 185.244.30.102
- hash: 2404
- file: 196.251.84.214
- hash: 8001
- file: 198.135.49.120
- hash: 2404
- url: https://cbtcgeared.live/lbak
- file: 94.26.90.81
- hash: 7771
- domain: vytoz.press
- url: https://vdatamanipy.run/bent
- url: https://wvecturar.top/zsia
- file: 4.240.2.164
- hash: 8443
- file: 70.31.125.193
- hash: 2078
- file: 98.177.107.151
- hash: 60448
- url: https://cleaner-consideration-thoroughly-personally.trycloudflare.com/sign/in
- domain: cleaner-consideration-thoroughly-personally.trycloudflare.com
- domain: u1.spiritismprotozoan.bet
- domain: zivad.press
- url: https://wpiratetwrath.run/ytus
- file: 39.101.171.116
- hash: 4433
- file: 121.5.157.134
- hash: 443
- file: 49.232.143.137
- hash: 8081
- file: 180.76.244.133
- hash: 80
- file: 178.128.171.5
- hash: 28409
- domain: quizzical-golick.94-156-177-241.plesk.page
- file: 188.27.76.253
- hash: 8080
- file: 109.176.202.86
- hash: 80
- file: 41.216.189.234
- hash: 839
- file: 43.255.158.248
- hash: 11453
- file: 62.60.226.173
- hash: 19000
- domain: bebir.press
- domain: 666.20240829.xyz
- file: 42.194.172.155
- hash: 808
- domain: portal.bottomlinepracticesolutions.com
- domain: novow.press
- url: https://portal.bottomlinepracticesolutions.com/profilelayout
- file: 166.88.164.186
- hash: 443
- domain: h1.riverbankrejoicing.top
- url: https://doriot.info
- domain: doriot.info
- file: 176.65.134.30
- hash: 7070
- file: 209.141.50.64
- hash: 12121
- domain: neon.galaxias.cc
- domain: guket.press
- url: https://leannon.top/sign/in
- domain: leannon.top
- url: https://yourcialsupply.top/ifh/min.js
- domain: yourcialsupply.top
- url: https://yourcialsupply.top/ifh/select.js
- url: https://yourcialsupply.top/ifh/lll.php
- url: https://uncustomary.org/kiscos.zip
- file: 47.237.1.28
- hash: 8083
- file: 111.230.18.219
- hash: 8443
- file: 45.55.107.101
- hash: 443
- file: 34.102.113.135
- hash: 31337
- file: 15.235.37.196
- hash: 31337
- file: 139.162.13.178
- hash: 31337
- file: 192.99.38.139
- hash: 31337
- file: 185.17.3.70
- hash: 31337
- file: 193.168.144.149
- hash: 31337
- file: 47.236.136.247
- hash: 31337
- file: 3.147.28.47
- hash: 8545
- file: 118.122.8.155
- hash: 12130
- file: 118.122.8.156
- hash: 811
- file: 118.122.8.154
- hash: 811
- file: 118.122.8.157
- hash: 811
- file: 118.122.8.155
- hash: 811
- file: 77.239.99.150
- hash: 9000
- file: 193.176.23.5
- hash: 9000
- file: 92.118.151.157
- hash: 9000
- file: 92.255.57.32
- hash: 9000
- file: 51.44.180.18
- hash: 17
- file: 13.200.255.42
- hash: 175
- file: 136.144.164.95
- hash: 35002
- file: 34.16.115.86
- hash: 3333
- file: 16.171.171.2
- hash: 4444
- file: 4.237.56.192
- hash: 3333
- file: 95.131.202.38
- hash: 8089
- file: 45.207.58.182
- hash: 8009
- file: 69.24.199.27
- hash: 1800
- file: 18.132.192.123
- hash: 7218
- file: 62.106.66.116
- hash: 80
- url: http://45.192.164.239:8888/supershell/login
- url: http://111.119.255.45:8888/supershell/login
- url: http://207.244.199.46/index.php
- url: http://144.91.124.44/
- url: http://tsoi-zhiv.com
- url: http://185.39.17.122/som9unr/index.php
- url: https://pastebin.com/raw/s14cuu5g
- domain: businesses-exposure.gl.at.ply.gg
- domain: engineering-groups.gl.at.ply.gg
- domain: ernjklnbwerkj-42355.portmap.io
- url: http://www.329-homeremodel.sbs/mk20/
- url: http://www.4260389.xyz/mk20/
- url: http://www.4260524.xyz/mk20/
- url: http://www.4270864.xyz/mk20/
- url: http://www.4271030.xyz/mk20/
- url: http://www.5z6hmy3.top/mk20/
- url: http://www.612tw.net/mk20/
- url: http://www.74bet.app/mk20/
- url: http://www.7579.loan/mk20/
- url: http://www.7jhm.top/mk20/
- url: http://www.97p7sa2.xyz/mk20/
- url: http://www.9phm.top/mk20/
- url: http://www.adekclimatecontrol.online/mk20/
- url: http://www.arthes.app/mk20/
- url: http://www.atasha.group/mk20/
- url: http://www.attaa-king-fast.online/mk20/
- url: http://www.bbrwv.sbs/mk20/
- url: http://www.bere6.sbs/mk20/
- url: http://www.ccng90.cyou/mk20/
- url: http://www.ealthywatches.online/mk20/
- url: http://www.eartlandflagssy.shop/mk20/
- url: http://www.empobetteklif.vip/mk20/
- url: http://www.erasync.shop/mk20/
- url: http://www.fqozq.top/mk20/
- url: http://www.gleyucx.xyz/mk20/
- url: http://www.gsp631.top/mk20/
- url: http://www.gsp644.top/mk20/
- url: http://www.hatsuptocachee.net/mk20/
- url: http://www.heautocademy.net/mk20/
- url: http://www.heitcommunity.info/mk20/
- url: http://www.hljbh.top/mk20/
- url: http://www.hmfdjxvnbsn.xyz/mk20/
- url: http://www.ickisaprick.net/mk20/
- url: http://www.iep.cloud/mk20/
- url: http://www.ilosportsy.shop/mk20/
- url: http://www.iwmn.cyou/mk20/
- url: http://www.jjhldejorbvw.xyz/mk20/
- url: http://www.k008.casino/mk20/
- url: http://www.lgox.bot/mk20/
- url: http://www.limpsepublishing.online/mk20/
- url: http://www.lotpersen789.xyz/mk20/
- url: http://www.luegreencloud.net/mk20/
- url: http://www.nbox.box/mk20/
- url: http://www.niteview.shop/mk20/
- url: http://www.nline4u.net/mk20/
- url: http://www.okf.net/mk20/
- url: http://www.om-dszi.vip/mk20/
- url: http://www.ordfilm-fans.online/mk20/
- url: http://www.otosnap.pics/mk20/
- url: http://www.oundationsystems.xyz/mk20/
- url: http://www.owaniowa.info/mk20/
- url: http://www.pl7bn.cfd/mk20/
- url: http://www.rabsmp.shop/mk20/
- url: http://www.rostaten.xyz/mk20/
- url: http://www.rpxpdgpjn.xyz/mk20/
- url: http://www.t69oo.xyz/mk20/
- url: http://www.ucky.business/mk20/
- url: http://www.ulegame.top/mk20/
- url: http://www.unezstock.net/mk20/
- url: http://www.uperpaws.online/mk20/
- url: http://www.vhxvj.cfd/mk20/
- url: http://www.wandafilmfestival.net/mk20/
- url: http://www.xbrp6.top/mk20/
- url: http://www.ysteryclick84.top/mk20/
- url: http://www.zqp5.cyou/mk20/
- domain: www.329-homeremodel.sbs
- domain: www.4260389.xyz
- domain: www.4260524.xyz
- domain: www.4270864.xyz
- domain: www.4271030.xyz
- domain: www.5z6hmy3.top
- domain: www.612tw.net
- domain: www.74bet.app
- domain: www.7579.loan
- domain: www.7jhm.top
- domain: www.97p7sa2.xyz
- domain: www.9phm.top
- domain: www.adekclimatecontrol.online
- domain: www.arthes.app
- domain: www.atasha.group
- domain: www.attaa-king-fast.online
- domain: www.bbrwv.sbs
- domain: www.bere6.sbs
- domain: www.ccng90.cyou
- domain: www.ealthywatches.online
- domain: www.eartlandflagssy.shop
- domain: www.empobetteklif.vip
- domain: www.erasync.shop
- domain: www.fqozq.top
- domain: www.gleyucx.xyz
- domain: www.gsp631.top
- domain: www.gsp644.top
- domain: www.hatsuptocachee.net
- domain: www.heautocademy.net
- domain: www.heitcommunity.info
- domain: www.hljbh.top
- domain: www.hmfdjxvnbsn.xyz
- domain: www.ickisaprick.net
- domain: www.iep.cloud
- domain: www.ilosportsy.shop
- domain: www.iwmn.cyou
- domain: www.jjhldejorbvw.xyz
- domain: www.k008.casino
- domain: www.lgox.bot
- domain: www.limpsepublishing.online
- domain: www.lotpersen789.xyz
- domain: www.luegreencloud.net
- domain: www.nbox.box
- domain: www.niteview.shop
- domain: www.nline4u.net
- domain: www.okf.net
- domain: www.om-dszi.vip
- domain: www.ordfilm-fans.online
- domain: www.otosnap.pics
- domain: www.oundationsystems.xyz
- domain: www.owaniowa.info
- domain: www.pl7bn.cfd
- domain: www.rabsmp.shop
- domain: www.rostaten.xyz
- domain: www.rpxpdgpjn.xyz
- domain: www.t69oo.xyz
- domain: www.ucky.business
- domain: www.ulegame.top
- domain: www.unezstock.net
- domain: www.uperpaws.online
- domain: www.vhxvj.cfd
- domain: www.xbrp6.top
- domain: www.ysteryclick84.top
- domain: www.zqp5.cyou
- domain: mywebh.kro.kr
- domain: 1puohi7iyi.loclx.io
- domain: mxsunami.gotdns.ch
- file: 216.9.225.168
- hash: 14305
- file: 216.9.225.168
- hash: 14306
- domain: 3214r214r12412-50274.portmap.io
- domain: opportunity-commitment.gl.at.ply.gg
- domain: shopping-noted.gl.at.ply.gg
- domain: life223.center
- domain: aloud745.asia
- domain: dashboard.peripl.app
- domain: darjkafsg.digital
- domain: medimado.run
- domain: viriatoe.live
- domain: exitiumt.digital
- domain: opusculy.top
- domain: civitasu.run
- domain: praetori.live
- file: 8.138.189.93
- hash: 10001
- file: 208.123.119.210
- hash: 12721
- file: 146.70.137.90
- hash: 3000
- file: 98.217.73.238
- hash: 8808
- file: 195.82.147.63
- hash: 591
- file: 13.127.100.43
- hash: 20548
- domain: lysez.press
- file: 185.39.17.122
- hash: 80
- url: http://185.39.17.122/som9unr/login.php
- domain: scriptao.digital
- domain: disciplipna.top
- domain: zimwl.press
- file: 37.27.117.170
- hash: 8888
- domain: u1.barbellblurry.today
- file: 110.41.60.33
- hash: 81
- file: 47.116.116.87
- hash: 8888
- file: 49.232.143.137
- hash: 8888
- file: 170.205.37.29
- hash: 80
- file: 172.166.104.19
- hash: 443
- file: 45.86.86.49
- hash: 9000
- file: 194.113.245.11
- hash: 8474
- file: 107.143.144.156
- hash: 8080
- file: 107.175.44.106
- hash: 443
- file: 116.26.11.126
- hash: 36099
- file: 144.172.94.163
- hash: 2404
- file: 147.189.128.43
- hash: 2404
- file: 172.111.244.142
- hash: 35889
- file: 172.245.208.17
- hash: 14646
- file: 176.65.134.34
- hash: 7070
- file: 196.251.85.124
- hash: 2404
- file: 208.123.119.210
- hash: 443
- file: 3.115.250.72
- hash: 443
- file: 3.232.226.225
- hash: 443
- file: 3.75.6.25
- hash: 443
- file: 3.96.152.27
- hash: 2535
- file: 35.152.200.44
- hash: 443
- file: 39.40.136.162
- hash: 995
- file: 46.246.210.158
- hash: 995
- file: 47.129.6.50
- hash: 8888
- file: 52.223.43.230
- hash: 7443
- file: 52.56.163.20
- hash: 443
- file: 65.153.151.61
- hash: 8800
- file: 70.31.125.144
- hash: 2078
- file: 75.2.99.37
- hash: 443
- file: 77.244.220.81
- hash: 6443
- file: 78.168.1.119
- hash: 443
- file: 94.228.113.197
- hash: 4701
- domain: ns1.dmakk.cn
- domain: ns2.dmakk.cn
- file: 18.140.63.132
- hash: 53
- url: https://1i45praetori.live/vepr
- url: https://3disciplipna.top/eqwu
- url: https://3g-sviriatoe.live/laopx
- url: https://5opusculy.top/keaj
- url: https://civitasu.run/werrp
- url: https://exitiumt.digital/xane
- url: https://opusculy.top/keaj
- url: https://ovecturar.top/zsia
- url: https://praetori.live/vepr
- url: https://scriptao.digital/vpep
- url: https://viriatoe.live/laopx
- url: https://ncorexlaib.top/xzea
- url: https://utechsyncq.run/riid
- url: https://5civitasu.run/werrp
- url: https://disciplipna.top/eqwu
- url: https://jscriptao.digital/vpep
- url: https://tpbrandihx.run/lowp
- url: https://elonfgshadow.live/xawi
- url: https://dzenithcorde.top/auid
- url: https://htechguidet.digital/apdo
- url: https://6autogearw.live/tapsz
- url: https://edatawavej.digital/bafy
- url: https://gbrandihx.run/lowp
- url: https://sviriatoe.live/laopx
- url: https://triremeo.digital/akds
- url: https://wzenithcorde.top/auid
- url: https://zcivitasu.run/werrp
ThreatFox IOCs for 2025-04-30
Medium
Published: Wed Apr 30 2025 (04/30/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-04-30
AI-Powered Analysis
AILast updated: 06/19/2025, 15:02:04 UTC
Technical Analysis
The provided threat intelligence pertains to a malware-related entry titled "ThreatFox IOCs for 2025-04-30," sourced from ThreatFox, an OSINT (Open Source Intelligence) platform. The entry appears to be a collection or update of Indicators of Compromise (IOCs) related to malware activities as of April 30, 2025. However, the technical details are minimal, with no specific affected software versions, no Common Weakness Enumerations (CWEs), and no patch links provided. The threat level is indicated as 2 on an unspecified scale, with analysis rated at 1 and distribution at 3, suggesting moderate dissemination but limited analytical depth. No known exploits are currently reported in the wild, and no direct technical indicators or attack vectors are described. The severity is marked as medium, which aligns with the moderate threat level and distribution. Given the lack of detailed technical information, it is likely that this entry serves as a general alert or repository update for malware-related IOCs rather than a description of a novel or active exploit. The absence of affected versions or products implies that the threat may be generic or broadly applicable to multiple environments rather than targeting a specific software or hardware platform. The TLP (Traffic Light Protocol) white tag indicates that the information is intended for unrestricted sharing, suggesting that the data is not sensitive or restricted. Overall, this threat entry represents a moderate-level malware-related intelligence update with limited actionable technical specifics at this time.
Potential Impact
For European organizations, the impact of this threat is currently limited due to the absence of detailed exploit information or known active attacks. However, the presence of malware-related IOCs implies a potential risk of infection or compromise if these indicators are relevant to the organization's environment. The moderate distribution level suggests that the malware or associated indicators may be circulating within certain communities or sectors, possibly increasing the risk of exposure. European entities involved in cybersecurity monitoring, threat intelligence sharing, or incident response may find value in integrating these IOCs into their detection systems to enhance early warning capabilities. Without specific affected products or vulnerabilities, the direct impact on confidentiality, integrity, or availability remains uncertain but is likely moderate. Organizations with mature security operations centers (SOCs) and threat hunting capabilities can leverage this information to proactively identify potential infections or reconnaissance activities. The lack of known exploits in the wild reduces the immediate threat level but does not eliminate the risk of future exploitation or targeted campaigns leveraging these IOCs.
Mitigation Recommendations
1. Integrate the provided IOCs into existing security monitoring tools such as SIEMs, IDS/IPS, and endpoint detection and response (EDR) platforms to enhance detection capabilities. 2. Conduct regular threat hunting exercises focusing on the indicators associated with this update to identify any early signs of compromise. 3. Maintain up-to-date malware signatures and heuristic detection rules to improve the likelihood of identifying related malware activity. 4. Enhance network segmentation and implement strict access controls to limit lateral movement should an infection occur. 5. Promote user awareness training focused on recognizing phishing and social engineering tactics, as these are common malware delivery methods. 6. Collaborate with national and European cybersecurity information sharing organizations to receive timely updates and contextual threat intelligence. 7. Regularly review and update incident response plans to incorporate procedures for handling malware infections related to emerging IOCs. These recommendations go beyond generic advice by emphasizing proactive integration of IOCs, threat hunting, and collaboration within European cybersecurity frameworks.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 39abdf9b-258e-4612-ad2e-b8b93954db93
- Original Timestamp
- 1746057787
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainmentor.omgwowhq.org | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainmypah.press | ClearFake payload delivery domain (confidence level: 100%) | |
domaincrrtwright.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainmin-js-lib.pages.dev | ClearFake payload delivery domain (confidence level: 100%) | |
domaingreenhoet.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainnodepathr.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainh1.exceptionicon.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhywod.press | ClearFake payload delivery domain (confidence level: 100%) | |
domainlyqej.press | ClearFake payload delivery domain (confidence level: 100%) | |
domainwakor.press | ClearFake payload delivery domain (confidence level: 100%) | |
domainmoriartybirds.click | Unknown Loader payload delivery domain (confidence level: 100%) | |
domainniaolas.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainleeling.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainnetscoute.digital | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwlandersmountain.click | Unknown Loader payload delivery domain (confidence level: 100%) | |
domainnkdnopfdabcj.izipy.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainmuvom.press | ClearFake payload delivery domain (confidence level: 100%) | |
domainjezyq.press | ClearFake payload delivery domain (confidence level: 100%) | |
domainbrandihx.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainvictoreqs.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintuboos.pages.dev | ClearFake payload delivery domain (confidence level: 100%) | |
domainyuun.pages.dev | ClearFake payload delivery domain (confidence level: 100%) | |
domainjumstor.cloud | ClearFake payload delivery domain (confidence level: 100%) | |
domainvytoz.press | ClearFake payload delivery domain (confidence level: 100%) | |
domaincleaner-consideration-thoroughly-personally.trycloudflare.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainu1.spiritismprotozoan.bet | ClearFake botnet C2 domain (confidence level: 75%) | |
domainzivad.press | ClearFake payload delivery domain (confidence level: 100%) | |
domainquizzical-golick.94-156-177-241.plesk.page | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainbebir.press | ClearFake payload delivery domain (confidence level: 100%) | |
domain666.20240829.xyz | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainportal.bottomlinepracticesolutions.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainnovow.press | ClearFake payload delivery domain (confidence level: 100%) | |
domainh1.riverbankrejoicing.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindoriot.info | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainneon.galaxias.cc | Mirai botnet C2 domain (confidence level: 75%) | |
domainguket.press | ClearFake payload delivery domain (confidence level: 100%) | |
domainleannon.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainyourcialsupply.top | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainbusinesses-exposure.gl.at.ply.gg | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainengineering-groups.gl.at.ply.gg | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainernjklnbwerkj-42355.portmap.io | DCRat botnet C2 domain (confidence level: 50%) | |
domainwww.329-homeremodel.sbs | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.4260389.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.4260524.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.4270864.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.4271030.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.5z6hmy3.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.612tw.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.74bet.app | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.7579.loan | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.7jhm.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.97p7sa2.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.9phm.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.adekclimatecontrol.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.arthes.app | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.atasha.group | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.attaa-king-fast.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.bbrwv.sbs | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.bere6.sbs | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ccng90.cyou | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ealthywatches.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.eartlandflagssy.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.empobetteklif.vip | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.erasync.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.fqozq.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.gleyucx.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.gsp631.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.gsp644.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.hatsuptocachee.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.heautocademy.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.heitcommunity.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.hljbh.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.hmfdjxvnbsn.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ickisaprick.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.iep.cloud | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ilosportsy.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.iwmn.cyou | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.jjhldejorbvw.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.k008.casino | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.lgox.bot | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.limpsepublishing.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.lotpersen789.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.luegreencloud.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.nbox.box | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.niteview.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.nline4u.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.okf.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.om-dszi.vip | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ordfilm-fans.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.otosnap.pics | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.oundationsystems.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.owaniowa.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.pl7bn.cfd | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.rabsmp.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.rostaten.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.rpxpdgpjn.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.t69oo.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ucky.business | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ulegame.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.unezstock.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.uperpaws.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.vhxvj.cfd | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.xbrp6.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ysteryclick84.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.zqp5.cyou | Formbook botnet C2 domain (confidence level: 50%) | |
domainmywebh.kro.kr | Mirai botnet C2 domain (confidence level: 50%) | |
domain1puohi7iyi.loclx.io | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainmxsunami.gotdns.ch | Remcos botnet C2 domain (confidence level: 50%) | |
domain3214r214r12412-50274.portmap.io | XWorm botnet C2 domain (confidence level: 50%) | |
domainopportunity-commitment.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainshopping-noted.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainlife223.center | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainaloud745.asia | Unknown malware botnet C2 domain (confidence level: 50%) | |
domaindashboard.peripl.app | Unknown malware botnet C2 domain (confidence level: 50%) | |
domaindarjkafsg.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainmedimado.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainviriatoe.live | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainexitiumt.digital | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainopusculy.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincivitasu.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpraetori.live | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainlysez.press | ClearFake payload delivery domain (confidence level: 100%) | |
domainscriptao.digital | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindisciplipna.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainzimwl.press | ClearFake payload delivery domain (confidence level: 100%) | |
domainu1.barbellblurry.today | ClearFake botnet C2 domain (confidence level: 100%) | |
domainns1.dmakk.cn | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns2.dmakk.cn | Cobalt Strike botnet C2 domain (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash983a20479a281a182d33b75c0945e447 | Medusa payload (confidence level: 50%) | |
hash4fe99e5dc101170750d8ece6ea066155 | Medusa payload (confidence level: 50%) | |
hashdc344328208c3481587d0aab1005fcdd | Medusa payload (confidence level: 50%) | |
hash10911494fa52daee0279972f91fded01 | Medusa payload (confidence level: 50%) | |
hash24ccd142ff83e8622f00f5443ea5cb2d | Medusa payload (confidence level: 50%) | |
hasha6980e543efa40771ed1dcf84b29d732 | Medusa payload (confidence level: 50%) | |
hasha162a5c5ab72b3783215f52b9edc3680 | Medusa payload (confidence level: 50%) | |
hash600371ebab1e29429f06a5b1909056e5 | Medusa payload (confidence level: 50%) | |
hash0067679c7033139bcbb273840494b324 | Medusa payload (confidence level: 50%) | |
hash602d720f1184d2ad739568cbf6403331 | Medusa payload (confidence level: 50%) | |
hashec5b1a6de3564c26c4e0e804e6bc2ecb | Medusa payload (confidence level: 50%) | |
hashf05b57cdc3420acc359efe9e4941c428 | Medusa payload (confidence level: 50%) | |
hash0168a4daa9598e991e140057e59438f6 | Medusa payload (confidence level: 50%) | |
hash6be23d5a1ff1e9cbe99fe7f7c49a5607 | Medusa payload (confidence level: 50%) | |
hashe874240a53fc353bc770f507445cc061 | Medusa payload (confidence level: 50%) | |
hasheb46bc3e2ad88149176ef33c9fea087a | Medusa payload (confidence level: 50%) | |
hashbdf6ac02664baea655b103d50bdfd6ec | Medusa payload (confidence level: 50%) | |
hashbd29231bc4f2c6d2f22fa026e2eaca40 | Medusa payload (confidence level: 50%) | |
hash6b0631f823e171da4b7e9350f61a0536 | Medusa payload (confidence level: 50%) | |
hash49b53d3c715ec879efeb51d386b9d923 | Medusa payload (confidence level: 50%) | |
hash8100 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash44285363a25d16417837cf949b9493ec71a94a957fa59c007aad48149fa38235 | Unknown malware payload (confidence level: 100%) | |
hash4ea04c70a903300423462f26891a47de633716efe058cfe62c2fa71ed9009e7c | Unknown malware payload (confidence level: 100%) | |
hash4432 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8080 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7272 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash14443 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash19000 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 90%) | |
hash2000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash8008 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash808 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1488 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash84b88ac81e4872ff3bf15c72f431d101 | MedusaLocker payload (confidence level: 50%) | |
hash47386ee20a6a94830ee4fa38b419a6f7 | MedusaLocker payload (confidence level: 50%) | |
hashf257d37c05d29e725071a900ef49f1c9 | MedusaLocker payload (confidence level: 50%) | |
hashd0706d40e65e2dc6452c2279a4ab882c | MedusaLocker payload (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4444 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8080 | DCRat botnet C2 server (confidence level: 100%) | |
hash40257 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8080 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash2405 | Remcos botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 75%) | |
hash8001 | Remcos botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 75%) | |
hash7771 | XWorm botnet C2 server (confidence level: 75%) | |
hash8443 | Havoc botnet C2 server (confidence level: 75%) | |
hash2078 | QakBot botnet C2 server (confidence level: 75%) | |
hash60448 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash28409 | Sliver botnet C2 server (confidence level: 100%) | |
hash8080 | Orcus RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash839 | Bashlite botnet C2 server (confidence level: 100%) | |
hash11453 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash19000 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash808 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
hash7070 | Remcos botnet C2 server (confidence level: 75%) | |
hash12121 | Mirai botnet C2 server (confidence level: 75%) | |
hash8083 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash8545 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash12130 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash811 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash811 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash811 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash811 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 50%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 50%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 50%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 50%) | |
hash17 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash175 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash35002 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash4444 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8089 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
hash8009 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash1800 | Remcos botnet C2 server (confidence level: 50%) | |
hash7218 | BlackShades botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash14305 | Remcos botnet C2 server (confidence level: 50%) | |
hash14306 | Remcos botnet C2 server (confidence level: 50%) | |
hash10001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash12721 | Sliver botnet C2 server (confidence level: 100%) | |
hash3000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash591 | DCRat botnet C2 server (confidence level: 100%) | |
hash20548 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Amadey botnet C2 server (confidence level: 50%) | |
hash8888 | Mirai botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash9000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8474 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash8080 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash36099 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 75%) | |
hash35889 | Remcos botnet C2 server (confidence level: 75%) | |
hash14646 | Remcos botnet C2 server (confidence level: 75%) | |
hash7070 | Remcos botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash2535 | Remcos botnet C2 server (confidence level: 75%) | |
hash443 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash7443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8800 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash2078 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash6443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash4701 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://tsoi-zhiv.com/login | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://leeling.top/sign/in | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://1geographys.run/eirq | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://cmwoodpeckersd.run/glsk | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://corexlaib.top/xzea | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://datamanipy.run/bent | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://datawavej.digital/bafy | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://techchaiun.live/qwes | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://vecturar.top/zsia | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://4zenithcorde.top/auid | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://eaglekl.digital/eand | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ibearjk.live/benj | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://pblockhubr.live/jhgf | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://wtechguidet.digital/apdo | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://canopyselected.com/nwxf4tjx9nrn34/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://185.101.93.54/avg/14840646743032cdbox.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttps://stewframe.icu/art.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttps://8piratetwrath.run/ytus | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://xcelmodo.run/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ihemispherexz.top/xapp | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://narwhaltr.live/saud | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ustarofliught.top/wozd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://5datamanipy.run/bent | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://btechwaveg.run/oipz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ddatawavej.digital/bafy | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://mzenithcorde.top/auid | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://qvecturar.top/zsia | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ybearjk.live/benj | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://xtechsyncq.run/riid | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://brandihx.run/lowp | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://kdatawavej.digital/bafy | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ktechsyncq.run/riid | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://cbtcgeared.live/lbak | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://vdatamanipy.run/bent | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://wvecturar.top/zsia | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://cleaner-consideration-thoroughly-personally.trycloudflare.com/sign/in | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://wpiratetwrath.run/ytus | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://portal.bottomlinepracticesolutions.com/profilelayout | FAKEUPDATES botnet C2 (confidence level: 100%) | |
urlhttps://doriot.info | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://leannon.top/sign/in | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://yourcialsupply.top/ifh/min.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://yourcialsupply.top/ifh/select.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://yourcialsupply.top/ifh/lll.php | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://uncustomary.org/kiscos.zip | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttp://45.192.164.239:8888/supershell/login | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://111.119.255.45:8888/supershell/login | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://207.244.199.46/index.php | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://144.91.124.44/ | Hook botnet C2 (confidence level: 50%) | |
urlhttp://tsoi-zhiv.com | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttp://185.39.17.122/som9unr/index.php | Amadey botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/raw/s14cuu5g | AsyncRAT botnet C2 (confidence level: 50%) | |
urlhttp://www.329-homeremodel.sbs/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.4260389.xyz/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.4260524.xyz/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.4270864.xyz/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.4271030.xyz/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.5z6hmy3.top/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.612tw.net/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.74bet.app/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.7579.loan/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.7jhm.top/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.97p7sa2.xyz/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.9phm.top/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.adekclimatecontrol.online/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.arthes.app/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.atasha.group/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.attaa-king-fast.online/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.bbrwv.sbs/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.bere6.sbs/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ccng90.cyou/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ealthywatches.online/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.eartlandflagssy.shop/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.empobetteklif.vip/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.erasync.shop/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.fqozq.top/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.gleyucx.xyz/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.gsp631.top/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.gsp644.top/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.hatsuptocachee.net/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.heautocademy.net/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.heitcommunity.info/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.hljbh.top/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.hmfdjxvnbsn.xyz/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ickisaprick.net/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.iep.cloud/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ilosportsy.shop/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.iwmn.cyou/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.jjhldejorbvw.xyz/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.k008.casino/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.lgox.bot/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.limpsepublishing.online/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.lotpersen789.xyz/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.luegreencloud.net/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nbox.box/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.niteview.shop/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nline4u.net/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.okf.net/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.om-dszi.vip/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ordfilm-fans.online/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.otosnap.pics/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.oundationsystems.xyz/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.owaniowa.info/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.pl7bn.cfd/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rabsmp.shop/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rostaten.xyz/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rpxpdgpjn.xyz/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.t69oo.xyz/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ucky.business/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ulegame.top/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.unezstock.net/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.uperpaws.online/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.vhxvj.cfd/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.wandafilmfestival.net/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.xbrp6.top/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ysteryclick84.top/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.zqp5.cyou/mk20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://185.39.17.122/som9unr/login.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttps://1i45praetori.live/vepr | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://3disciplipna.top/eqwu | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://3g-sviriatoe.live/laopx | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://5opusculy.top/keaj | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://civitasu.run/werrp | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://exitiumt.digital/xane | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://opusculy.top/keaj | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ovecturar.top/zsia | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://praetori.live/vepr | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://scriptao.digital/vpep | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://viriatoe.live/laopx | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ncorexlaib.top/xzea | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://utechsyncq.run/riid | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://5civitasu.run/werrp | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://disciplipna.top/eqwu | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://jscriptao.digital/vpep | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://tpbrandihx.run/lowp | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://elonfgshadow.live/xawi | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://dzenithcorde.top/auid | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://htechguidet.digital/apdo | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://6autogearw.live/tapsz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://edatawavej.digital/bafy | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://gbrandihx.run/lowp | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://sviriatoe.live/laopx | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://triremeo.digital/akds | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://wzenithcorde.top/auid | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://zcivitasu.run/werrp | Lumma Stealer botnet C2 (confidence level: 75%) |
File
| Value | Description | Copy |
|---|---|---|
file175.107.38.81 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.115.227.6 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.94.200.251 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.142.157.142 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.101.135.210 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file148.66.16.228 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file148.66.16.227 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file148.66.16.229 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.39.17.25 | Sliver botnet C2 server (confidence level: 100%) | |
file137.184.190.241 | Sliver botnet C2 server (confidence level: 100%) | |
file188.218.201.194 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file173.44.139.179 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file173.208.162.225 | Unknown malware botnet C2 server (confidence level: 100%) | |
file104.248.5.186 | Havoc botnet C2 server (confidence level: 100%) | |
file54.206.1.218 | Havoc botnet C2 server (confidence level: 100%) | |
file146.70.24.193 | Havoc botnet C2 server (confidence level: 100%) | |
file23.227.199.118 | Havoc botnet C2 server (confidence level: 100%) | |
file209.141.55.248 | MooBot botnet C2 server (confidence level: 100%) | |
file147.124.219.157 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file124.223.32.16 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file148.66.16.226 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file148.66.16.226 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file51.20.93.22 | Sliver botnet C2 server (confidence level: 90%) | |
file128.90.113.26 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.113.26 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.113.26 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file38.76.247.230 | Unknown malware botnet C2 server (confidence level: 100%) | |
file107.172.102.50 | Unknown malware botnet C2 server (confidence level: 100%) | |
file173.208.162.225 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.164.194.149 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.134.39.5 | Hook botnet C2 server (confidence level: 100%) | |
file45.134.39.5 | Hook botnet C2 server (confidence level: 100%) | |
file103.127.135.159 | Unknown malware botnet C2 server (confidence level: 100%) | |
file91.99.67.156 | Unknown malware botnet C2 server (confidence level: 100%) | |
file137.184.89.150 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.8.185.170 | Unknown malware botnet C2 server (confidence level: 100%) | |
file44.231.48.102 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.141.206.31 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.129.118.20 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.208.53.96 | Unknown malware botnet C2 server (confidence level: 100%) | |
file89.248.170.161 | Unknown malware botnet C2 server (confidence level: 100%) | |
file149.90.103.193 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.72.179.141 | Unknown malware botnet C2 server (confidence level: 100%) | |
file43.205.218.182 | Unknown malware botnet C2 server (confidence level: 100%) | |
file5.78.77.165 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.142.104.17 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.14.245.245 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.173.246.249 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.216.45.175 | Unknown malware botnet C2 server (confidence level: 100%) | |
file113.44.168.133 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.233.253.26 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.138.19.182 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.70.204.188 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.201.74.112 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file189.1.229.235 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file62.60.234.10 | Unknown malware botnet C2 server (confidence level: 75%) | |
file34.93.12.185 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.108.158.237 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file148.66.16.230 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file148.66.16.230 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.129.6.50 | Sliver botnet C2 server (confidence level: 100%) | |
file139.180.217.142 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.138.16.100 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.116.152 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file172.188.218.53 | Unknown malware botnet C2 server (confidence level: 100%) | |
file152.42.195.54 | Havoc botnet C2 server (confidence level: 100%) | |
file195.82.147.63 | DCRat botnet C2 server (confidence level: 100%) | |
file15.157.69.142 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file184.97.3.210 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file185.101.38.39 | Remcos botnet C2 server (confidence level: 75%) | |
file185.244.30.102 | Remcos botnet C2 server (confidence level: 75%) | |
file196.251.84.214 | Remcos botnet C2 server (confidence level: 75%) | |
file198.135.49.120 | Remcos botnet C2 server (confidence level: 75%) | |
file94.26.90.81 | XWorm botnet C2 server (confidence level: 75%) | |
file4.240.2.164 | Havoc botnet C2 server (confidence level: 75%) | |
file70.31.125.193 | QakBot botnet C2 server (confidence level: 75%) | |
file98.177.107.151 | Meterpreter botnet C2 server (confidence level: 75%) | |
file39.101.171.116 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.5.157.134 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file49.232.143.137 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file180.76.244.133 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file178.128.171.5 | Sliver botnet C2 server (confidence level: 100%) | |
file188.27.76.253 | Orcus RAT botnet C2 server (confidence level: 100%) | |
file109.176.202.86 | MooBot botnet C2 server (confidence level: 100%) | |
file41.216.189.234 | Bashlite botnet C2 server (confidence level: 100%) | |
file43.255.158.248 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file62.60.226.173 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file42.194.172.155 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file166.88.164.186 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
file176.65.134.30 | Remcos botnet C2 server (confidence level: 75%) | |
file209.141.50.64 | Mirai botnet C2 server (confidence level: 75%) | |
file47.237.1.28 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file111.230.18.219 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file45.55.107.101 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file34.102.113.135 | Sliver botnet C2 server (confidence level: 50%) | |
file15.235.37.196 | Sliver botnet C2 server (confidence level: 50%) | |
file139.162.13.178 | Sliver botnet C2 server (confidence level: 50%) | |
file192.99.38.139 | Sliver botnet C2 server (confidence level: 50%) | |
file185.17.3.70 | Sliver botnet C2 server (confidence level: 50%) | |
file193.168.144.149 | Sliver botnet C2 server (confidence level: 50%) | |
file47.236.136.247 | Sliver botnet C2 server (confidence level: 50%) | |
file3.147.28.47 | Unknown malware botnet C2 server (confidence level: 50%) | |
file118.122.8.155 | Unknown malware botnet C2 server (confidence level: 50%) | |
file118.122.8.156 | Unknown malware botnet C2 server (confidence level: 50%) | |
file118.122.8.154 | Unknown malware botnet C2 server (confidence level: 50%) | |
file118.122.8.157 | Unknown malware botnet C2 server (confidence level: 50%) | |
file118.122.8.155 | Unknown malware botnet C2 server (confidence level: 50%) | |
file77.239.99.150 | SectopRAT botnet C2 server (confidence level: 50%) | |
file193.176.23.5 | SectopRAT botnet C2 server (confidence level: 50%) | |
file92.118.151.157 | SectopRAT botnet C2 server (confidence level: 50%) | |
file92.255.57.32 | SectopRAT botnet C2 server (confidence level: 50%) | |
file51.44.180.18 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file13.200.255.42 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file136.144.164.95 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file34.16.115.86 | Unknown malware botnet C2 server (confidence level: 50%) | |
file16.171.171.2 | Unknown malware botnet C2 server (confidence level: 50%) | |
file4.237.56.192 | Unknown malware botnet C2 server (confidence level: 50%) | |
file95.131.202.38 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
file45.207.58.182 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file69.24.199.27 | Remcos botnet C2 server (confidence level: 50%) | |
file18.132.192.123 | BlackShades botnet C2 server (confidence level: 50%) | |
file62.106.66.116 | Unknown malware botnet C2 server (confidence level: 50%) | |
file216.9.225.168 | Remcos botnet C2 server (confidence level: 50%) | |
file216.9.225.168 | Remcos botnet C2 server (confidence level: 50%) | |
file8.138.189.93 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file208.123.119.210 | Sliver botnet C2 server (confidence level: 100%) | |
file146.70.137.90 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file98.217.73.238 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file195.82.147.63 | DCRat botnet C2 server (confidence level: 100%) | |
file13.127.100.43 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file185.39.17.122 | Amadey botnet C2 server (confidence level: 50%) | |
file37.27.117.170 | Mirai botnet C2 server (confidence level: 100%) | |
file110.41.60.33 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.116.116.87 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file49.232.143.137 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file170.205.37.29 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.166.104.19 | Havoc botnet C2 server (confidence level: 100%) | |
file45.86.86.49 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.113.245.11 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file107.143.144.156 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file107.175.44.106 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file116.26.11.126 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file144.172.94.163 | Remcos botnet C2 server (confidence level: 75%) | |
file147.189.128.43 | Remcos botnet C2 server (confidence level: 75%) | |
file172.111.244.142 | Remcos botnet C2 server (confidence level: 75%) | |
file172.245.208.17 | Remcos botnet C2 server (confidence level: 75%) | |
file176.65.134.34 | Remcos botnet C2 server (confidence level: 75%) | |
file196.251.85.124 | Remcos botnet C2 server (confidence level: 75%) | |
file208.123.119.210 | Sliver botnet C2 server (confidence level: 75%) | |
file3.115.250.72 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file3.232.226.225 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file3.75.6.25 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file3.96.152.27 | Remcos botnet C2 server (confidence level: 75%) | |
file35.152.200.44 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file39.40.136.162 | QakBot botnet C2 server (confidence level: 75%) | |
file46.246.210.158 | QakBot botnet C2 server (confidence level: 75%) | |
file47.129.6.50 | Sliver botnet C2 server (confidence level: 75%) | |
file52.223.43.230 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file52.56.163.20 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file65.153.151.61 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file70.31.125.144 | QakBot botnet C2 server (confidence level: 75%) | |
file75.2.99.37 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file77.244.220.81 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file78.168.1.119 | QakBot botnet C2 server (confidence level: 75%) | |
file94.228.113.197 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file18.140.63.132 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Threat ID: 682c7db2e8347ec82d2a3593
Added to database: 5/20/2025, 1:03:46 PM
Last enriched: 6/19/2025, 3:02:04 PM
Last updated: 8/16/2025, 8:54:10 AM
Views: 16
Related Threats
ThreatFox IOCs for 2025-08-16
MediumMalwareSun Aug 17 2025
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumMalwareSat Aug 16 2025
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.