Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

ThreatFox IOCs for 2025-05-04

Medium
Malwaretype:osinttlp:white
Published: Sun May 04 2025 (05/04/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-05-04

AI-Powered Analysis

AILast updated: 06/18/2025, 19:17:33 UTC

Technical Analysis

The provided threat intelligence entry titled "ThreatFox IOCs for 2025-05-04" relates to a malware-type threat categorized under OSINT (Open Source Intelligence) tools or data. The entry originates from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence. However, the technical details are minimal, with no specific affected product versions, no CWE identifiers, no patch links, and no known exploits in the wild. The threat level is indicated as 2 on an unspecified scale, with analysis and distribution values of 1 and 3 respectively, suggesting limited analysis and moderate distribution potential. The absence of indicators and detailed technical information implies that this entry likely represents a collection or update of IOCs rather than a direct malware sample or exploit. The classification as "type:osint" and the TLP (Traffic Light Protocol) white tag indicate that the information is intended for wide distribution and is related to open-source intelligence gathering or sharing. Given the lack of concrete technical specifics such as attack vectors, payload details, or targeted vulnerabilities, the threat appears to be informational in nature, possibly serving as a repository or update of threat intelligence data rather than an active, exploitable malware campaign. This limits the ability to perform a deep technical analysis but suggests a focus on monitoring and intelligence sharing within the cybersecurity community.

Potential Impact

For European organizations, the direct impact of this threat is currently low to medium due to the absence of known exploits or active campaigns. Since the entry primarily represents OSINT-related IOCs without specific malware payloads or attack mechanisms, the immediate risk to confidentiality, integrity, or availability is limited. However, the distribution of such intelligence can indirectly impact organizations by informing threat actors or defenders about emerging trends or potential targets. European entities that rely heavily on threat intelligence feeds for proactive defense may benefit from this information, while adversaries might use it to refine their tactics. The lack of targeted product versions or affected systems means that no particular sector or infrastructure is explicitly at risk. Nonetheless, organizations should remain vigilant, as OSINT-based malware or campaigns can evolve rapidly, and the presence of distributed IOCs could precede more active threats. The medium severity rating suggests a moderate concern, primarily from an intelligence and preparedness perspective rather than immediate operational disruption.

Mitigation Recommendations

Given the nature of this threat as an OSINT IOC update without direct exploit or malware payload, mitigation should focus on enhancing threat intelligence integration and operational readiness. European organizations should: 1) Ensure their security operations centers (SOCs) and threat intelligence teams ingest and correlate these IOCs with internal telemetry to detect any related suspicious activity early. 2) Maintain updated and comprehensive endpoint detection and response (EDR) solutions capable of leveraging IOC feeds for proactive hunting. 3) Conduct regular threat hunting exercises focused on emerging OSINT indicators to identify potential reconnaissance or preparatory activities. 4) Collaborate with national and European cybersecurity information sharing organizations (e.g., ENISA, CERT-EU) to contextualize these IOCs within broader threat landscapes. 5) Avoid generic patching advice since no specific vulnerabilities are identified; instead, focus on strengthening detection capabilities and incident response readiness. 6) Educate staff on recognizing social engineering or phishing attempts that might leverage OSINT-derived information. These steps will help organizations convert the intelligence into actionable defense measures despite the lack of direct exploit details.

Affected Countries

GermanyGermany
FranceFrance
United KingdomUnited Kingdom
NetherlandsNetherlands
ItalyItaly
SpainSpain
PolandPoland
Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
0fcd0c79-824b-4d17-b9f4-2c6166d4ce34
Original Timestamp
1746403385

Indicators of Compromise

Domain

ValueDescriptionCopy
domainwebexone.org
Unknown Loader payload delivery domain (confidence level: 100%)
domainraw.foxthreatnointel.vip
Mirai botnet C2 domain (confidence level: 75%)
domainaccountfun.digital
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainhomelecyfi.digital
Lumma Stealer botnet C2 domain (confidence level: 75%)
domaingobacknihq.digital
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainsuiadris.digital
Lumma Stealer botnet C2 domain (confidence level: 75%)
domaincaverimared.digital
Lumma Stealer botnet C2 domain (confidence level: 75%)
domaincoms-gs.com
Hook botnet C2 domain (confidence level: 100%)
domainbmjpaperpqck.com
Hook botnet C2 domain (confidence level: 100%)
domaintcangcm.com
Unknown malware payload delivery domain (confidence level: 100%)
domaindesablums.com
Unknown malware payload delivery domain (confidence level: 100%)
domaintrusltwcllct.com
Unknown malware payload delivery domain (confidence level: 100%)
domaincoiincmi.com
Unknown malware payload delivery domain (confidence level: 100%)
domainelcctrum.cc
Unknown malware payload delivery domain (confidence level: 100%)
domain0maill.com
Unknown malware payload delivery domain (confidence level: 100%)
domainus-ledger.io
Unknown malware botnet C2 domain (confidence level: 50%)
domaindgtseso-sedes.cfd
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainveltyzo.shop
Hook botnet C2 domain (confidence level: 100%)
domaintheuni-swap.com
Unknown malware botnet C2 domain (confidence level: 50%)
domaingotoaa.sytes.net
AsyncRAT botnet C2 domain (confidence level: 50%)
domainfoundation-appropriate.gl.at.ply.gg
DCRat botnet C2 domain (confidence level: 50%)
domaindirect-conventional.gl.at.ply.gg
NjRAT botnet C2 domain (confidence level: 50%)
domainsalesmanpaypals-52908.portmap.io
Quasar RAT botnet C2 domain (confidence level: 50%)
domainthree-comparative.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 50%)
domainmcjacademy.cyou
Remcos botnet C2 domain (confidence level: 50%)
domaingmug.uncofig.com
XWorm botnet C2 domain (confidence level: 50%)
domainkiwibobby-55937.portmap.io
XWorm botnet C2 domain (confidence level: 50%)
domainalpaca-flnance.com
Unknown malware payload delivery domain (confidence level: 50%)
domainblinkory.shop
Hook botnet C2 domain (confidence level: 100%)
domainapp.alpacaflnance.com
Unknown malware botnet C2 domain (confidence level: 50%)
domaindapp.radar-home.com
Unknown malware botnet C2 domain (confidence level: 50%)
domainraydium.io-sol.vip
Unknown malware botnet C2 domain (confidence level: 50%)
domainsushi.swap-ether.net
Unknown malware botnet C2 domain (confidence level: 50%)
domaincamelot.exc-v3.org
Unknown malware botnet C2 domain (confidence level: 50%)
domainkodiak.finance.io-v6.bet
Unknown malware botnet C2 domain (confidence level: 50%)
domainapp.spookyswap-v3.com
Unknown malware botnet C2 domain (confidence level: 50%)
domainbiswap.org-earn.com
Unknown malware botnet C2 domain (confidence level: 50%)
domainvelodrome.finance-superchain.org
Unknown malware botnet C2 domain (confidence level: 50%)
domainapp-uni-infos.com
Unknown malware botnet C2 domain (confidence level: 75%)
domainadfs.fdwx.net
Havoc botnet C2 domain (confidence level: 100%)
domainen-bitcoin.org
Unknown malware botnet C2 domain (confidence level: 75%)
domainbitccincore.com
Unknown malware payload delivery domain (confidence level: 75%)
domainbrolyx95.duckdns.org
Quasar RAT botnet C2 domain (confidence level: 100%)
domainweb.raihelp.top
Unknown RAT botnet C2 domain (confidence level: 100%)
domaintybhelp.top
Unknown RAT botnet C2 domain (confidence level: 100%)
domainweb.chohelp.top
Unknown RAT botnet C2 domain (confidence level: 100%)
domaindimmergauntlet.ru
ClearFake payload delivery domain (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttp://185.235.167.122:8888/supershell/login/
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://arsoln2r.beget.tech/fj43384ft63/eternaltocpuprocessserveruniversaldatalife.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://aeneasq.live/nmgj
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://baseurzv.run/asuz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://borijinalecza.org/jub
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://fmedicalbitkisel.net/juj
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ftortoisgfe.top/paxk
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ksnakejh.top/adsk
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://xsnakejh.top/adsk
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ztortoisgfe.top/paxk
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://sformydab.run/gaus
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://117.200.148.155:50879/mozi.m
Mozi payload delivery URL (confidence level: 50%)
urlhttp://5.199.166.102/login
Unknown malware botnet C2 (confidence level: 50%)
urlhttps://0opusculy.top/keaj
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://porijinalecza.net/kazd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://zmedicalbitkisel.net/juj
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://dhemispherexz.top/xapp
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://hexitiumt.digital/xane
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ljorijinalecza.org/jub
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://porjinalecza.net/lxaz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://quaestort.live/toquw
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://scivitasu.run/werrp
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://idcomplaint1.com/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://complaintreservaid1.com/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://idcomplaint2.com/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://admin-protect.help/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://blockinsight.net/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://nahamcon2025asdasd.pages.dev/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://pumpfunaaexposed.pages.dev/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://pumpcommunity.pages.dev/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://www.banki.kancelariaoxford.pl/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://cloudflare.eradigitalibl.com/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://travelersi.com/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://kap.magicitbd.com/?__cf_chl_tk=4mbqffrgmpasvve_gztefjch0gnh_5jlfaoxdb5rihaihuyx55sbisx_l_aqka68wdkb9wlw2hjsypra-1745944629-1.0.1.1-osozzbc1k5aoqw9wswty
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://computonline.xyz/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://sky-shiiyu.moe/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttp://84.200.154.182/sign-in
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://ct57262.tw1.ru/l1nc0in.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://desablums.com/f6j84vsdbngie2/tangem-setup-x64.exe
Unknown Stealer payload delivery URL (confidence level: 100%)
urlhttps://desablums.com/f6j84vsdbngie2/trustwallet-setup-latest-x64.exe
Unknown Stealer payload delivery URL (confidence level: 100%)
urlhttps://desablums.com/f6j84vsdbngie2/coinomi-wallet-setup-x64.exe
Unknown Stealer payload delivery URL (confidence level: 100%)
urlhttps://desablums.com/f6j84vsdbngie2/trezor-suite-25.4.2-win-x64-setup.exe
Unknown Stealer payload delivery URL (confidence level: 100%)
urlhttps://alicante-news.com/?uid=df4379cf-467b-4d2f-895f-94511d7b4308
Unknown Stealer payload delivery URL (confidence level: 100%)
urlhttps://bitccincore.com/index.php?uid=1e5a8bfa-c19a-45d4-8f5a-d763a769029a
Unknown Stealer payload delivery URL (confidence level: 100%)
urlhttp://80.64.18.63/tom4ku9v/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttps://throatsalt.icu/art.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://stitchtransport.icu/art.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://8opusculy.top/keaj
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://drypingzyr.run/ariq
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://dscriptao.digital/vpep
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ycivitasu.run/werrp
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://1tortoisgfe.top/paxk
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://4orijinalecza.org/jub
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://8orjinalecza.net/lxaz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ceczamedikal.org/vax
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://dsnakejh.top/adsk
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://heczamedikal.org/vax
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://jsnakejh.top/adsk
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://lsnakejh.top/adsk
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://veczamedikal.org/vax
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://vvecturar.top/zsia
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://wmedicalbitkisel.net/juj
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://zaeneasq.live/nmgj
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://1snakejh.top/adsk
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://5vecturar.top/zsia
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://9medicalbitkisel.net/juj
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://esnakejh.top/adsk
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://forijinalecza.net/kazd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://o1orjinalecza.net/lxaz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://oeczakozmetik.net/qop
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://q0eczakozmetik.net/qop
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://seczamedikal.org/vax
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://zorijinalecza.net/kazd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://zreczamedikal.org/vax
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://vmedicalbitkisel.net/juj
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://115.48.148.187:60817/mozi.m
Mozi payload delivery URL (confidence level: 50%)

File

ValueDescriptionCopy
file176.65.144.197
Mirai botnet C2 server (confidence level: 75%)
file193.227.129.75
Remcos botnet C2 server (confidence level: 100%)
file128.90.113.30
AsyncRAT botnet C2 server (confidence level: 100%)
file185.208.156.169
AsyncRAT botnet C2 server (confidence level: 100%)
file139.64.172.67
Havoc botnet C2 server (confidence level: 100%)
file161.35.194.66
Unknown malware botnet C2 server (confidence level: 100%)
file45.81.23.48
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.83.223
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.83.223
AsyncRAT botnet C2 server (confidence level: 100%)
file24.152.36.216
AsyncRAT botnet C2 server (confidence level: 100%)
file89.23.97.32
Hook botnet C2 server (confidence level: 100%)
file93.198.180.238
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file3.255.90.197
Unknown malware botnet C2 server (confidence level: 100%)
file52.213.183.75
Unknown malware botnet C2 server (confidence level: 100%)
file13.60.26.38
Unknown malware botnet C2 server (confidence level: 100%)
file107.155.87.39
Unknown malware botnet C2 server (confidence level: 100%)
file185.221.152.164
Unknown malware botnet C2 server (confidence level: 100%)
file51.178.26.15
Unknown malware botnet C2 server (confidence level: 100%)
file3.124.207.127
Unknown malware botnet C2 server (confidence level: 100%)
file13.125.164.1
Unknown malware botnet C2 server (confidence level: 100%)
file15.235.167.145
Unknown malware botnet C2 server (confidence level: 100%)
file34.241.214.245
Unknown malware botnet C2 server (confidence level: 100%)
file13.201.89.149
Unknown malware botnet C2 server (confidence level: 100%)
file63.33.56.166
Unknown malware botnet C2 server (confidence level: 100%)
file13.49.0.94
Unknown malware botnet C2 server (confidence level: 100%)
file16.171.230.230
Unknown malware botnet C2 server (confidence level: 100%)
file188.40.233.29
Unknown malware botnet C2 server (confidence level: 100%)
file142.171.29.139
Unknown malware botnet C2 server (confidence level: 100%)
file63.33.197.184
Unknown malware botnet C2 server (confidence level: 100%)
file13.60.228.174
Unknown malware botnet C2 server (confidence level: 100%)
file4.237.239.58
Unknown malware botnet C2 server (confidence level: 100%)
file164.92.69.60
Unknown malware botnet C2 server (confidence level: 100%)
file47.76.168.32
Cobalt Strike botnet C2 server (confidence level: 100%)
file51.38.192.140
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.148.27.195
Cobalt Strike botnet C2 server (confidence level: 100%)
file161.248.238.54
Mirai botnet C2 server (confidence level: 75%)
file8.138.189.93
Cobalt Strike botnet C2 server (confidence level: 50%)
file43.139.124.56
Cobalt Strike botnet C2 server (confidence level: 50%)
file185.147.124.148
SectopRAT botnet C2 server (confidence level: 50%)
file85.209.128.31
SectopRAT botnet C2 server (confidence level: 50%)
file206.189.116.120
Unknown malware botnet C2 server (confidence level: 50%)
file64.23.133.41
Unknown malware botnet C2 server (confidence level: 50%)
file148.66.11.10
ValleyRAT botnet C2 server (confidence level: 100%)
file38.110.228.216
Sliver botnet C2 server (confidence level: 50%)
file13.49.46.253
PoshC2 botnet C2 server (confidence level: 50%)
file54.236.199.83
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file117.209.82.28
Mozi botnet C2 server (confidence level: 50%)
file123.60.135.200
Cobalt Strike botnet C2 server (confidence level: 100%)
file206.238.114.38
Cobalt Strike botnet C2 server (confidence level: 100%)
file146.70.41.206
Sliver botnet C2 server (confidence level: 100%)
file196.251.92.3
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.115.33
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.115.33
AsyncRAT botnet C2 server (confidence level: 100%)
file173.255.232.239
Unknown malware botnet C2 server (confidence level: 100%)
file47.236.177.123
Havoc botnet C2 server (confidence level: 100%)
file86.93.140.187
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file101.109.205.1
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file54.169.64.63
DeimosC2 botnet C2 server (confidence level: 75%)
file70.31.125.150
QakBot botnet C2 server (confidence level: 75%)
file143.92.60.22
ValleyRAT botnet C2 server (confidence level: 100%)
file18.189.194.55
Havoc botnet C2 server (confidence level: 100%)
file38.134.148.175
BianLian botnet C2 server (confidence level: 100%)
file123.60.135.200
Cobalt Strike botnet C2 server (confidence level: 75%)
file152.42.199.84
Cobalt Strike botnet C2 server (confidence level: 75%)
file23.249.29.117
ValleyRAT botnet C2 server (confidence level: 100%)
file195.211.191.54
Remcos botnet C2 server (confidence level: 100%)
file185.177.239.241
NjRAT botnet C2 server (confidence level: 100%)
file45.204.197.88
ValleyRAT botnet C2 server (confidence level: 100%)
file45.204.199.73
ValleyRAT botnet C2 server (confidence level: 100%)
file161.35.255.100
Cobalt Strike botnet C2 server (confidence level: 100%)
file94.198.96.166
Remcos botnet C2 server (confidence level: 100%)
file45.74.15.233
Remcos botnet C2 server (confidence level: 100%)
file47.86.232.155
Venom RAT botnet C2 server (confidence level: 100%)
file161.248.238.54
Mirai botnet C2 server (confidence level: 75%)
file27.124.44.132
ValleyRAT botnet C2 server (confidence level: 100%)
file80.64.18.63
Amadey botnet C2 server (confidence level: 50%)
file107.173.4.8
Remcos botnet C2 server (confidence level: 100%)
file179.13.0.197
Remcos botnet C2 server (confidence level: 100%)
file192.3.171.198
Remcos botnet C2 server (confidence level: 100%)
file176.65.141.69
Remcos botnet C2 server (confidence level: 100%)
file84.46.243.167
Sliver botnet C2 server (confidence level: 100%)
file213.209.143.43
AsyncRAT botnet C2 server (confidence level: 100%)
file24.152.36.216
AsyncRAT botnet C2 server (confidence level: 100%)
file24.152.36.216
AsyncRAT botnet C2 server (confidence level: 100%)
file45.141.215.109
Quasar RAT botnet C2 server (confidence level: 100%)
file56.124.32.96
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file34.220.174.146
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file62.171.138.173
MooBot botnet C2 server (confidence level: 100%)
file103.141.158.19
DeimosC2 botnet C2 server (confidence level: 75%)
file209.38.186.227
Sliver botnet C2 server (confidence level: 75%)
file38.147.171.158
Sliver botnet C2 server (confidence level: 75%)
file5.163.185.129
QakBot botnet C2 server (confidence level: 75%)
file78.128.112.209
Havoc botnet C2 server (confidence level: 75%)

Hash

ValueDescriptionCopy
hash443
Mirai botnet C2 server (confidence level: 75%)
hash6595
Remcos botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash6503
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hasha34bfc8c1c24202c196092d56ed01b498c9f75e10ea7ccd1f923138ca4919be3
Unknown malware payload (confidence level: 100%)
hash4e457efa717ec715f61c3a62017df2cefe183298a984031cce26dbeaa5cc497e
Unknown malware payload (confidence level: 100%)
hash89d8347999067a3a60691e009e17e3aa19c98668a77f0d1de313bd67ed409de7
Unknown malware payload (confidence level: 100%)
hasheb08b6f4565b1eaa752e5cffd71287738befa6e0bd99a41e45b1ec104df0388e
Unknown malware payload (confidence level: 100%)
hash1777
AsyncRAT botnet C2 server (confidence level: 100%)
hash7777
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash4000
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash81
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash3434
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash4444
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9001
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1995
Mirai botnet C2 server (confidence level: 75%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash9000
SectopRAT botnet C2 server (confidence level: 50%)
hash9000
SectopRAT botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash31337
Unknown malware botnet C2 server (confidence level: 50%)
hash4433
ValleyRAT botnet C2 server (confidence level: 100%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash443
PoshC2 botnet C2 server (confidence level: 50%)
hash2154
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash45666
Mozi botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8081
Havoc botnet C2 server (confidence level: 100%)
hash443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash7443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash2222
QakBot botnet C2 server (confidence level: 75%)
hash9568
ValleyRAT botnet C2 server (confidence level: 100%)
hash9090
Havoc botnet C2 server (confidence level: 100%)
hash443
BianLian botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8089
Cobalt Strike botnet C2 server (confidence level: 75%)
hash5555
ValleyRAT botnet C2 server (confidence level: 100%)
hash3980
Remcos botnet C2 server (confidence level: 100%)
hash2222
NjRAT botnet C2 server (confidence level: 100%)
hash1991
ValleyRAT botnet C2 server (confidence level: 100%)
hash7777
ValleyRAT botnet C2 server (confidence level: 100%)
hash976be23dcb1c0ef84fddb791762960bf75f02a029a2e7877282cedf1c1190e42
Unknown Stealer payload (confidence level: 100%)
hash194121aa2739d716f5cb3ca2ea051e9d39c7abc32cfef86a31345f2ef7277d8d
Unknown Stealer payload (confidence level: 100%)
hash55556
Cobalt Strike botnet C2 server (confidence level: 100%)
hash52190
Remcos botnet C2 server (confidence level: 100%)
hash3402
Remcos botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash57899
Mirai botnet C2 server (confidence level: 75%)
hash80
ValleyRAT botnet C2 server (confidence level: 100%)
hash80
Amadey botnet C2 server (confidence level: 50%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash14646
Remcos botnet C2 server (confidence level: 100%)
hash443
Remcos botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash8888
AsyncRAT botnet C2 server (confidence level: 100%)
hash5000
AsyncRAT botnet C2 server (confidence level: 100%)
hash2000
AsyncRAT botnet C2 server (confidence level: 100%)
hash2000
Quasar RAT botnet C2 server (confidence level: 100%)
hash13123
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash20141
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash8888
Sliver botnet C2 server (confidence level: 75%)
hash8888
Sliver botnet C2 server (confidence level: 75%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash48965
Havoc botnet C2 server (confidence level: 75%)

Threat ID: 682b7baad3ddd8cef2ea6d35

Added to database: 5/19/2025, 6:42:50 PM

Last enriched: 6/18/2025, 7:17:33 PM

Last updated: 8/14/2025, 8:58:04 AM

Views: 15

Related Threats

'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan

Medium
MalwareFri Aug 15 2025

Kawabunga, Dude, You've Been Ransomed!

Medium
MalwareFri Aug 15 2025

ERMAC V3.0 Banking Trojan: Full Source Code Leak and Infrastructure Analysis

Medium
MalwareFri Aug 15 2025

Threat Bulletin: Fire in the Woods – A New Variant of FireWood

Medium
MalwareFri Aug 15 2025

This 'SAP Ariba Quote' Isn't What It Seems—It's Ransomware

Medium
MalwareFri Aug 15 2025

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats