Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

ThreatFox IOCs for 2025-05-03

Medium
Malwaretype:osinttlp:white
Published: Sat May 03 2025 (05/03/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-05-03

AI-Powered Analysis

AILast updated: 06/19/2025, 15:34:00 UTC

Technical Analysis

The provided information pertains to a malware threat identified as "ThreatFox IOCs for 2025-05-03," sourced from ThreatFox, which is a platform known for sharing Indicators of Compromise (IOCs) related to various cyber threats. The threat is categorized under malware and is associated with OSINT (Open Source Intelligence) tools or data, as indicated by the product tag "osint." There are no specific affected versions or products listed, which suggests that this entry may be a collection or update of IOCs rather than a vulnerability tied to a particular software version. The threat level is rated as 2 on an unspecified scale, with an analysis rating of 1 and a distribution rating of 3, implying moderate threat dissemination but limited detailed analysis available. No known exploits in the wild have been reported, and no patch links or CWE identifiers are provided, indicating that this is likely an intelligence report rather than a direct vulnerability or exploit. The absence of indicators in the data suggests that the detailed IOCs are either not included here or are to be retrieved from the ThreatFox platform directly. The tags include "type:osint" and "tlp:white," the latter indicating that the information is freely shareable without restrictions. Overall, this entry appears to be a medium-severity malware-related intelligence update focusing on OSINT-related threats, with limited technical details and no direct exploit evidence at this time.

Potential Impact

For European organizations, the impact of this threat is currently assessed as medium, primarily due to the lack of specific exploit details or active attacks reported. However, given that the threat relates to malware and OSINT, there is a potential risk of data exposure, espionage, or targeted attacks leveraging publicly available intelligence. Organizations relying heavily on OSINT tools or those that integrate OSINT data into their security operations may face increased risk if malicious actors use these IOCs to craft targeted malware campaigns or social engineering attacks. The medium severity suggests that while immediate disruption or data loss is unlikely, there is a credible threat that could lead to confidentiality breaches or integrity compromises if leveraged effectively. The absence of known exploits in the wild reduces the immediate risk but does not eliminate the potential for future exploitation. European entities involved in critical infrastructure, government, defense, or sectors with high reliance on OSINT for threat intelligence could be more sensitive to this threat. Additionally, the distribution rating of 3 indicates that the threat or its indicators have a moderate spread, which could facilitate wider targeting if weaponized.

Mitigation Recommendations

Given the nature of this threat as an OSINT-related malware intelligence update without direct exploit details, mitigation should focus on enhancing detection and response capabilities rather than patching specific vulnerabilities. European organizations should: 1) Integrate the latest IOCs from ThreatFox into their Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to improve detection of related malware activity. 2) Conduct regular threat hunting exercises focusing on OSINT-related attack vectors and malware behaviors to identify early signs of compromise. 3) Harden OSINT tool usage by enforcing strict access controls, validating data sources, and monitoring for anomalous activities linked to OSINT platforms. 4) Educate security teams about the evolving threat landscape related to OSINT to improve incident response readiness. 5) Collaborate with national and European cybersecurity centers to share intelligence and receive timely updates on emerging threats. 6) Implement network segmentation and least privilege principles to limit malware propagation if an infection occurs. These steps go beyond generic advice by emphasizing proactive intelligence integration, operational readiness, and collaboration tailored to the OSINT context of the threat.

Affected Countries

GermanyGermany
FranceFrance
United KingdomUnited Kingdom
NetherlandsNetherlands
BelgiumBelgium
ItalyItaly
SpainSpain
PolandPoland
SwedenSweden
FinlandFinland
Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
640a4dd5-a665-45d0-90a6-e197c6eb563a
Original Timestamp
1746316986

Indicators of Compromise

File

ValueDescriptionCopy
file196.251.84.250
Mirai botnet C2 server (confidence level: 75%)
file212.192.13.62
Cobalt Strike botnet C2 server (confidence level: 100%)
file46.30.188.46
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.89.142.72
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.63.106.176
Remcos botnet C2 server (confidence level: 100%)
file96.9.124.219
Remcos botnet C2 server (confidence level: 100%)
file124.198.131.216
AsyncRAT botnet C2 server (confidence level: 100%)
file45.9.149.38
Havoc botnet C2 server (confidence level: 100%)
file196.120.76.93
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file51.44.221.38
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file51.44.221.38
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file18.217.106.242
Unknown malware botnet C2 server (confidence level: 100%)
file51.38.137.113
MooBot botnet C2 server (confidence level: 75%)
file1.95.44.29
Cobalt Strike botnet C2 server (confidence level: 75%)
file1.95.8.175
Cobalt Strike botnet C2 server (confidence level: 75%)
file129.28.81.156
Cobalt Strike botnet C2 server (confidence level: 75%)
file199.7.140.220
Cobalt Strike botnet C2 server (confidence level: 75%)
file49.232.99.145
Cobalt Strike botnet C2 server (confidence level: 75%)
file196.251.115.230
Ave Maria botnet C2 server (confidence level: 100%)
file35.179.154.120
AsyncRAT botnet C2 server (confidence level: 100%)
file66.179.94.187
AsyncRAT botnet C2 server (confidence level: 100%)
file176.65.141.72
Hook botnet C2 server (confidence level: 100%)
file45.82.152.218
Havoc botnet C2 server (confidence level: 100%)
file45.88.91.162
ERMAC botnet C2 server (confidence level: 100%)
file206.206.76.49
Unknown malware botnet C2 server (confidence level: 100%)
file51.38.137.113
MooBot botnet C2 server (confidence level: 100%)
file155.2.192.168
Unknown malware botnet C2 server (confidence level: 100%)
file3.129.253.119
Unknown malware botnet C2 server (confidence level: 100%)
file35.173.72.237
Unknown malware botnet C2 server (confidence level: 100%)
file3.124.207.127
Unknown malware botnet C2 server (confidence level: 100%)
file63.32.89.115
Unknown malware botnet C2 server (confidence level: 100%)
file54.228.132.247
Unknown malware botnet C2 server (confidence level: 100%)
file217.182.61.37
Unknown malware botnet C2 server (confidence level: 100%)
file56.228.32.98
Unknown malware botnet C2 server (confidence level: 100%)
file13.60.48.174
Unknown malware botnet C2 server (confidence level: 100%)
file57.129.141.228
Unknown malware botnet C2 server (confidence level: 100%)
file13.60.65.67
Unknown malware botnet C2 server (confidence level: 100%)
file147.161.28.216
Unknown malware botnet C2 server (confidence level: 100%)
file52.19.219.186
Unknown malware botnet C2 server (confidence level: 100%)
file35.156.44.111
Unknown malware botnet C2 server (confidence level: 100%)
file57.129.13.75
Unknown malware botnet C2 server (confidence level: 100%)
file168.231.105.122
Unknown malware botnet C2 server (confidence level: 100%)
file56.228.14.172
Unknown malware botnet C2 server (confidence level: 100%)
file38.242.207.50
Unknown malware botnet C2 server (confidence level: 100%)
file95.179.176.211
Unknown malware botnet C2 server (confidence level: 100%)
file43.218.44.43
Unknown malware botnet C2 server (confidence level: 100%)
file176.65.140.37
Mirai botnet C2 server (confidence level: 75%)
file47.96.251.170
Cobalt Strike botnet C2 server (confidence level: 100%)
file42.192.112.17
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.37.224.68
Cobalt Strike botnet C2 server (confidence level: 100%)
file80.76.49.24
Remcos botnet C2 server (confidence level: 100%)
file172.111.139.83
Remcos botnet C2 server (confidence level: 100%)
file62.60.226.21
Remcos botnet C2 server (confidence level: 100%)
file62.60.226.21
Remcos botnet C2 server (confidence level: 100%)
file14.237.50.14
AsyncRAT botnet C2 server (confidence level: 100%)
file102.117.166.157
Unknown malware botnet C2 server (confidence level: 100%)
file185.196.10.54
Hook botnet C2 server (confidence level: 100%)
file176.144.206.234
Quasar RAT botnet C2 server (confidence level: 100%)
file129.28.81.156
Cobalt Strike botnet C2 server (confidence level: 75%)
file129.28.81.156
Cobalt Strike botnet C2 server (confidence level: 75%)
file49.232.99.145
Cobalt Strike botnet C2 server (confidence level: 75%)
file49.232.99.145
Cobalt Strike botnet C2 server (confidence level: 75%)
file8.148.27.195
Cobalt Strike botnet C2 server (confidence level: 100%)
file66.63.187.166
Remcos botnet C2 server (confidence level: 100%)
file80.64.18.70
Sliver botnet C2 server (confidence level: 100%)
file37.120.155.36
AsyncRAT botnet C2 server (confidence level: 100%)
file155.138.146.111
Unknown malware botnet C2 server (confidence level: 100%)
file185.196.10.54
Hook botnet C2 server (confidence level: 100%)
file94.26.90.237
Hook botnet C2 server (confidence level: 100%)
file161.97.138.238
Havoc botnet C2 server (confidence level: 100%)
file81.19.141.47
BianLian botnet C2 server (confidence level: 100%)
file185.196.9.158
AsyncRAT botnet C2 server (confidence level: 100%)
file8.135.237.16
Cobalt Strike botnet C2 server (confidence level: 50%)
file107.173.62.59
Cobalt Strike botnet C2 server (confidence level: 50%)
file154.204.57.57
Cobalt Strike botnet C2 server (confidence level: 50%)
file167.71.27.117
Cobalt Strike botnet C2 server (confidence level: 50%)
file34.139.107.37
Cobalt Strike botnet C2 server (confidence level: 50%)
file40.77.86.17
Cobalt Strike botnet C2 server (confidence level: 50%)
file34.139.107.37
Cobalt Strike botnet C2 server (confidence level: 50%)
file175.24.201.160
Cobalt Strike botnet C2 server (confidence level: 50%)
file107.172.86.55
Cobalt Strike botnet C2 server (confidence level: 50%)
file209.38.87.198
Sliver botnet C2 server (confidence level: 50%)
file45.94.31.85
Sliver botnet C2 server (confidence level: 50%)
file23.94.2.147
Sliver botnet C2 server (confidence level: 50%)
file4.201.193.83
Sliver botnet C2 server (confidence level: 50%)
file156.224.78.123
Sliver botnet C2 server (confidence level: 50%)
file207.244.224.112
Sliver botnet C2 server (confidence level: 50%)
file51.91.105.136
Sliver botnet C2 server (confidence level: 50%)
file167.172.29.156
Sliver botnet C2 server (confidence level: 50%)
file190.14.37.132
Sliver botnet C2 server (confidence level: 50%)
file38.147.171.158
Sliver botnet C2 server (confidence level: 50%)
file196.251.115.119
Sliver botnet C2 server (confidence level: 50%)
file209.38.186.227
Sliver botnet C2 server (confidence level: 50%)
file194.32.77.209
Sliver botnet C2 server (confidence level: 50%)
file176.65.144.221
Sliver botnet C2 server (confidence level: 50%)
file198.58.116.254
Sliver botnet C2 server (confidence level: 50%)
file118.122.8.221
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file98.103.64.132
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file13.208.248.19
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file54.151.101.117
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file13.115.247.117
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file51.52.92.243
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file220.124.100.162
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file162.254.85.213
Brute Ratel C4 botnet C2 server (confidence level: 50%)
file146.70.213.35
Brute Ratel C4 botnet C2 server (confidence level: 50%)
file84.46.239.89
Brute Ratel C4 botnet C2 server (confidence level: 50%)
file162.254.86.108
Brute Ratel C4 botnet C2 server (confidence level: 50%)
file129.134.160.6
Ghost RAT botnet C2 server (confidence level: 50%)
file217.154.50.174
Unknown malware botnet C2 server (confidence level: 50%)
file167.86.124.217
Unknown malware botnet C2 server (confidence level: 50%)
file172.191.60.202
Unknown malware botnet C2 server (confidence level: 50%)
file185.147.124.94
SectopRAT botnet C2 server (confidence level: 50%)
file195.82.147.132
SectopRAT botnet C2 server (confidence level: 50%)
file158.247.202.109
Kimsuky botnet C2 server (confidence level: 50%)
file27.102.138.156
Kimsuky botnet C2 server (confidence level: 50%)
file158.247.207.197
Kimsuky botnet C2 server (confidence level: 50%)
file2.56.109.21
DarkComet botnet C2 server (confidence level: 50%)
file87.251.244.188
Xtreme RAT botnet C2 server (confidence level: 50%)
file13.61.196.0
BlackShades botnet C2 server (confidence level: 50%)
file54.67.4.13
BlackShades botnet C2 server (confidence level: 50%)
file172.236.164.27
Unknown malware botnet C2 server (confidence level: 50%)
file154.197.69.11
NjRAT botnet C2 server (confidence level: 50%)
file194.59.30.175
Venom RAT botnet C2 server (confidence level: 50%)
file154.29.79.7
AsyncRAT botnet C2 server (confidence level: 50%)
file185.177.239.206
AsyncRAT botnet C2 server (confidence level: 50%)
file185.177.239.206
AsyncRAT botnet C2 server (confidence level: 50%)
file197.48.124.155
AsyncRAT botnet C2 server (confidence level: 50%)
file2.58.56.164
AsyncRAT botnet C2 server (confidence level: 50%)
file85.96.132.196
DarkComet botnet C2 server (confidence level: 50%)
file147.185.221.28
DCRat botnet C2 server (confidence level: 50%)
file147.185.221.28
DCRat botnet C2 server (confidence level: 50%)
file147.185.221.28
DCRat botnet C2 server (confidence level: 50%)
file193.158.181.218
DCRat botnet C2 server (confidence level: 50%)
file192.252.180.196
SpyNote botnet C2 server (confidence level: 50%)
file102.41.53.11
XWorm botnet C2 server (confidence level: 50%)
file45.38.170.114
GhostSocks botnet C2 server (confidence level: 100%)
file196.251.73.23
Remcos botnet C2 server (confidence level: 100%)
file88.119.174.198
Sliver botnet C2 server (confidence level: 100%)
file5.252.153.103
AsyncRAT botnet C2 server (confidence level: 100%)
file91.103.252.97
Hook botnet C2 server (confidence level: 100%)
file34.93.33.26
Quasar RAT botnet C2 server (confidence level: 100%)
file16.171.253.150
Havoc botnet C2 server (confidence level: 100%)
file66.42.102.29
DCRat botnet C2 server (confidence level: 100%)
file84.228.159.85
MooBot botnet C2 server (confidence level: 100%)
file192.238.206.11
Cobalt Strike botnet C2 server (confidence level: 100%)
file196.251.81.84
Remcos botnet C2 server (confidence level: 100%)
file101.201.76.1
Sliver botnet C2 server (confidence level: 100%)
file128.90.113.30
AsyncRAT botnet C2 server (confidence level: 100%)
file222.106.222.152
Quasar RAT botnet C2 server (confidence level: 100%)
file196.251.70.182
Venom RAT botnet C2 server (confidence level: 100%)
file54.236.199.83
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file104.200.73.83
BianLian botnet C2 server (confidence level: 100%)
file34.200.80.96
DeimosC2 botnet C2 server (confidence level: 75%)
file82.78.122.13
QakBot botnet C2 server (confidence level: 75%)
file148.251.43.15
AsyncRAT botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash5555
Mirai botnet C2 server (confidence level: 75%)
hash9543
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash5006
Remcos botnet C2 server (confidence level: 100%)
hash4444
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash52200
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash60000
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash4444
Unknown malware botnet C2 server (confidence level: 100%)
hash43957
MooBot botnet C2 server (confidence level: 75%)
hash2083
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8001
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8008
Cobalt Strike botnet C2 server (confidence level: 75%)
hash18443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8008
Cobalt Strike botnet C2 server (confidence level: 75%)
hash5212
Ave Maria botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
AsyncRAT botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash80
ERMAC botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash8081
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash4443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash4433
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3390
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash1312
Mirai botnet C2 server (confidence level: 75%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash801
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash10505
Remcos botnet C2 server (confidence level: 100%)
hash2405
Remcos botnet C2 server (confidence level: 100%)
hash30303
Remcos botnet C2 server (confidence level: 100%)
hash30304
Remcos botnet C2 server (confidence level: 100%)
hash8080
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash8007
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8009
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8007
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8009
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash3434
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash8443
BianLian botnet C2 server (confidence level: 100%)
hash8806
AsyncRAT botnet C2 server (confidence level: 100%)
hash2223
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash80
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash12443
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash6514
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash5150
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash49
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash11
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash6102
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash6001
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash8089
Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash5986
Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash9443
Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash4443
Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash443
Ghost RAT botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash9000
SectopRAT botnet C2 server (confidence level: 50%)
hash9000
SectopRAT botnet C2 server (confidence level: 50%)
hash80
Kimsuky botnet C2 server (confidence level: 50%)
hash443
Kimsuky botnet C2 server (confidence level: 50%)
hash80
Kimsuky botnet C2 server (confidence level: 50%)
hash1604
DarkComet botnet C2 server (confidence level: 50%)
hash4001
Xtreme RAT botnet C2 server (confidence level: 50%)
hash3050
BlackShades botnet C2 server (confidence level: 50%)
hash10022
BlackShades botnet C2 server (confidence level: 50%)
hash4443
Unknown malware botnet C2 server (confidence level: 50%)
hash1177
NjRAT botnet C2 server (confidence level: 50%)
hash1337
Venom RAT botnet C2 server (confidence level: 50%)
hash6606
AsyncRAT botnet C2 server (confidence level: 50%)
hash6606
AsyncRAT botnet C2 server (confidence level: 50%)
hash7707
AsyncRAT botnet C2 server (confidence level: 50%)
hash5505
AsyncRAT botnet C2 server (confidence level: 50%)
hash10143
AsyncRAT botnet C2 server (confidence level: 50%)
hash1604
DarkComet botnet C2 server (confidence level: 50%)
hash1111
DCRat botnet C2 server (confidence level: 50%)
hash7788
DCRat botnet C2 server (confidence level: 50%)
hash9686
DCRat botnet C2 server (confidence level: 50%)
hash1111
DCRat botnet C2 server (confidence level: 50%)
hash7771
SpyNote botnet C2 server (confidence level: 50%)
hash5505
XWorm botnet C2 server (confidence level: 50%)
hash443
GhostSocks botnet C2 server (confidence level: 100%)
hash5001
Remcos botnet C2 server (confidence level: 100%)
hash31337
Sliver botnet C2 server (confidence level: 100%)
hash7000
AsyncRAT botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash8080
Quasar RAT botnet C2 server (confidence level: 100%)
hash80
Havoc botnet C2 server (confidence level: 100%)
hash4449
DCRat botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4000
Remcos botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash2000
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Quasar RAT botnet C2 server (confidence level: 100%)
hash7000
Venom RAT botnet C2 server (confidence level: 100%)
hash2404
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash748
BianLian botnet C2 server (confidence level: 100%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)

Domain

ValueDescriptionCopy
domainformydab.run
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincnc.vietdediserver.shop
MooBot botnet C2 domain (confidence level: 75%)
domainzhansankun.top
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainecs-124-71-139-126.compute.hwclouds-dns.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainec2-54-208-187-156.compute-1.amazonaws.com
Unknown malware botnet C2 domain (confidence level: 100%)
domain50-116-22-186.ip.linodeusercontent.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainc29e033b-f060-412e-87c6-c2320be33a8d-8888.tenants.hivecompute.ai
Unknown malware botnet C2 domain (confidence level: 100%)
domain139-216-164-122.sta.dodo.net.au
QakBot botnet C2 domain (confidence level: 100%)
domaincromatsfewbears.top
Unknown Loader payload delivery domain (confidence level: 100%)
domainxqrs69.scwill.my.id
Havoc botnet C2 domain (confidence level: 100%)
domainapi-cloud-service.com
Cobalt Strike botnet C2 domain (confidence level: 50%)
domainplayers-lawyer.gl.at.ply.gg
DCRat botnet C2 domain (confidence level: 50%)
domainizumi-sv.f5.si
Mirai botnet C2 domain (confidence level: 50%)
domainnnbotnet.duckdns.org
Mirai botnet C2 domain (confidence level: 50%)
domainsapoud.ddns.net
Mirai botnet C2 domain (confidence level: 50%)
domainshoptool.store
Mirai botnet C2 domain (confidence level: 50%)
domainmyduck1590.duckdns.org
Nanocore RAT botnet C2 domain (confidence level: 50%)
domainalidax.ddns.net
NjRAT botnet C2 domain (confidence level: 50%)
domainand-britain.gl.at.ply.gg
NjRAT botnet C2 domain (confidence level: 50%)
domainbrolyx92.duckdns.org
NjRAT botnet C2 domain (confidence level: 50%)
domainnj9590.duckdns.org
NjRAT botnet C2 domain (confidence level: 50%)
domainsubfrontier.duckdns.org
NjRAT botnet C2 domain (confidence level: 50%)
domainext.fskartd.xyz
Orcus RAT botnet C2 domain (confidence level: 50%)
domainext.voxyii.online
Orcus RAT botnet C2 domain (confidence level: 50%)
domainmiraculousubiquity.ddns.net
Orcus RAT botnet C2 domain (confidence level: 50%)
domainfolz1.duckdns.org
Quasar RAT botnet C2 domain (confidence level: 50%)
domainfolz2.duckdns.org
Quasar RAT botnet C2 domain (confidence level: 50%)
domainfolz3.duckdns.org
Quasar RAT botnet C2 domain (confidence level: 50%)
domainfolz4.duckdns.org
Quasar RAT botnet C2 domain (confidence level: 50%)
domainfolz5.duckdns.org
Quasar RAT botnet C2 domain (confidence level: 50%)
domainjanedoe.ydns.eu
Quasar RAT botnet C2 domain (confidence level: 50%)
domainogallah-38436.portmap.io
Quasar RAT botnet C2 domain (confidence level: 50%)
domainenviamelejos2025.kozow.com
Remcos botnet C2 domain (confidence level: 50%)
domainelias061010-46923.portmap.io
XWorm botnet C2 domain (confidence level: 50%)
domainrecord-mean.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domainuhaknews.com
FAKEUPDATES botnet C2 domain (confidence level: 50%)
domainwfyzizcy.eza
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaintbczyczdp.eza
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainhzwgpctypld.eza
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainncznzotwpqr.eza
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainspxtdaspcpik.eza
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainezaelwpyeh.eza
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaingtctotdh.eza
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainlipsdonny.com
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainnarwhaltr.live
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainrabbitw.run
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainwarldonvu.live
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainbaseurzv.run
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainlemuruy.live
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainscriptorumh.live
Lumma Stealer botnet C2 domain (confidence level: 50%)

Url

ValueDescriptionCopy
urlhttps://4eczamedikal.org/vax
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://forijinalecza.org/jub
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://torijinalecza.net/kazd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://zeczakozmetik.net/qop
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://a1123026.xsph.ru/8fe7454a.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://5tortoisgfe.top/paxk
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://0scriptao.digital/vpep
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://fouynaatgm.temp.swtest.ru/pipeprocessorprivatetemp.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://4lopusculy.top/keaj
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://7praetori.live/vepr
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://xbrandihx.run/lowp
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://smedicalbitkisel.net/juj
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://zorjinalecza.net/lxaz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://0fclarmodq.top/qoxo
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://fluxcraft22.myartsonline.com/165ac327.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://182.122.217.246:55603/mozi.m
Mozi payload delivery URL (confidence level: 50%)
urlhttp://8.219.49.148:8888/supershell/login
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://114.55.28.140:18088/supershell/login
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://49.234.198.243:8888/supershell/login
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://159.75.154.118:8888/supershell/login
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://118.178.224.193:18088/supershell/login
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://185.196.10.54/
Hook botnet C2 (confidence level: 50%)
urlhttp://213.209.150.234:50555/
Hook botnet C2 (confidence level: 50%)
urlhttp://154.61.80.193/
Hook botnet C2 (confidence level: 50%)
urlhttp://27.124.4.224:50555/
Hook botnet C2 (confidence level: 50%)
urlhttp://83.217.209.65:50555/
Hook botnet C2 (confidence level: 50%)
urlhttp://27.124.4.223:50555/
Hook botnet C2 (confidence level: 50%)
urlhttp://27.124.4.217:50555/
Hook botnet C2 (confidence level: 50%)
urlhttp://62.60.226.20/38751b14af054d7d.php
Stealc botnet C2 (confidence level: 50%)
urlhttp://89.42.88.41:8080/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://185.147.124.212/
Unknown malware botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/2q991bze
XWorm botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/mqfwcqrz
XWorm botnet C2 (confidence level: 50%)
urlhttp://ct60515.tw1.ru/d457e8cf.php
DCRat botnet C2 (confidence level: 100%)

Threat ID: 682c7db2e8347ec82d2a1d00

Added to database: 5/20/2025, 1:03:46 PM

Last enriched: 6/19/2025, 3:34:00 PM

Last updated: 8/13/2025, 4:22:52 PM

Views: 13

Related Threats

On Going Malvertising Attack Spreads New Crypto Stealing PS1Bot Malware

Medium
MalwareThu Aug 14 2025

A Mega Malware Analysis Tutorial Featuring Donut-Generated Shellcode

Medium
MalwareThu Aug 14 2025

PhantomCard: New NFC-driven Android malware emerging in Brazil

Medium
MalwareThu Aug 14 2025

ThreatFox IOCs for 2025-08-13

Medium
MalwareThu Aug 14 2025

Efimer Trojan Steals Crypto, Hacks WordPress Sites via Torrents and Phishing

Medium
MalwareWed Aug 13 2025

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats