Skip to main content

ThreatFox IOCs for 2025-05-11

Medium
Published: Sun May 11 2025 (05/11/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-05-11

AI-Powered Analysis

AILast updated: 06/19/2025, 15:31:53 UTC

Technical Analysis

The provided information pertains to a malware-related threat identified as "ThreatFox IOCs for 2025-05-11," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under "type:osint," indicating it is related to open-source intelligence, but no specific affected software versions or products are listed, and no detailed technical indicators or attack vectors are provided. The threat level is marked as 2 on an unspecified scale, with an analysis rating of 1 and a distribution rating of 3, suggesting moderate dissemination potential but limited analytical detail. There are no known exploits in the wild, no associated Common Weakness Enumerations (CWEs), and no patch information available. The absence of detailed technical data such as attack methods, payload characteristics, or targeted vulnerabilities limits the ability to perform a deep technical assessment. However, the classification as malware and the presence of IOCs imply that this threat involves malicious software potentially used for reconnaissance, data collection, or other malicious activities leveraging OSINT techniques. The TLP (Traffic Light Protocol) designation is white, indicating the information is publicly shareable without restriction. Overall, this appears to be an early-stage or low-profile malware threat with limited current impact but potential for wider distribution given the distribution rating.

Potential Impact

For European organizations, the impact of this threat is currently assessed as medium but largely theoretical due to the lack of concrete exploit details or active campaigns. The malware's association with OSINT suggests it could be used to gather intelligence or facilitate further attacks rather than causing immediate disruption or data destruction. Potential impacts include unauthorized data collection, privacy breaches, and the establishment of footholds for subsequent intrusions. Given the absence of known exploits in the wild, immediate operational disruption or data loss is unlikely at this stage. However, organizations involved in sensitive sectors such as government, defense, critical infrastructure, and large enterprises could face increased risk if the malware evolves or is leveraged in targeted campaigns. The medium severity reflects the potential for escalation rather than confirmed widespread harm. The lack of authentication or user interaction details prevents precise impact modeling, but the malware's distribution rating suggests it could propagate through automated or semi-automated means, increasing exposure risk.

Mitigation Recommendations

1. Enhance network monitoring to detect unusual outbound traffic patterns that may indicate OSINT-related malware activity, focusing on connections to suspicious or newly identified IOCs once they become available. 2. Implement strict data access controls and segmentation to limit the malware's ability to gather or exfiltrate sensitive information. 3. Employ threat intelligence sharing platforms to stay updated on emerging IOCs related to this threat and integrate them into intrusion detection/prevention systems (IDS/IPS). 4. Conduct regular security awareness training emphasizing the risks of OSINT-based reconnaissance and malware, even when no direct user interaction is required. 5. Harden endpoint security by deploying advanced malware detection solutions capable of behavioral analysis to identify novel or low-signature threats. 6. Prepare incident response plans that include procedures for analyzing and mitigating OSINT-related malware infections, ensuring rapid containment and remediation. 7. Given the lack of patches, prioritize proactive detection and containment strategies rather than relying on software updates. 8. Collaborate with national cybersecurity centers and industry groups to share findings and receive timely alerts about threat evolution.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
c4434e1f-442f-4683-a6dc-dfe10f51ea89
Original Timestamp
1747008186

Indicators of Compromise

Domain

ValueDescriptionCopy
domainwybod.run
ClearFake payload delivery domain (confidence level: 100%)
domainflowerexju.bet
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaineasterxeen.run
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainaraucahkbm.live
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainposseswsnc.top
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainfeaturlyin.top
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainfiwyj.run
ClearFake payload delivery domain (confidence level: 100%)
domaingoogle-chrome.western-servers.net
FAKEUPDATES payload delivery domain (confidence level: 80%)
domainwww.google-chrome.info
FAKEUPDATES payload delivery domain (confidence level: 80%)
domainkyjej.run
ClearFake payload delivery domain (confidence level: 100%)
domainjyjev.run
ClearFake payload delivery domain (confidence level: 100%)
domainsliv.ph4nt0m.fr
Havoc botnet C2 domain (confidence level: 100%)
domaincyleb.run
ClearFake payload delivery domain (confidence level: 100%)
domainwww.joydome.xyz
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainpixelpitstop.xyz
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaingamespheres.xyz
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaincpcalendars.tempoestil.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainelectrunn.org
Unknown malware botnet C2 domain (confidence level: 75%)
domainfepez.run
ClearFake payload delivery domain (confidence level: 100%)
domaindn-master.ddns.net
DarkComet botnet C2 domain (confidence level: 50%)
domainenzomtp.dragonia-pvp.fr
Nanocore RAT botnet C2 domain (confidence level: 50%)
domainzizo.myftp.org
NjRAT botnet C2 domain (confidence level: 50%)
domainirc.xinxin.cam
Quasar RAT botnet C2 domain (confidence level: 50%)
domainxenqxd-42269.portmap.host
Quasar RAT botnet C2 domain (confidence level: 50%)
domaincov.ph4nt0m.fr
Havoc botnet C2 domain (confidence level: 100%)
domainniggerkiller69.duckdns.org
Quasar RAT botnet C2 domain (confidence level: 50%)
domainsorov.run
ClearFake payload delivery domain (confidence level: 100%)
domainftp.hitplas.ro
Agent Tesla botnet C2 domain (confidence level: 50%)
domainftp.haliza.com.my
Agent Tesla botnet C2 domain (confidence level: 50%)
domainftp.fosna.net
Agent Tesla botnet C2 domain (confidence level: 50%)
domainpexab.run
ClearFake payload delivery domain (confidence level: 100%)
domaindjkms-32561.portmap.host
Nanocore RAT botnet C2 domain (confidence level: 50%)
domain1re0-61442.portmap.io
NjRAT botnet C2 domain (confidence level: 50%)
domainlogin.mexc-signin.kro.kr
Kimsuky botnet C2 domain (confidence level: 50%)
domainmagical-lumiere.94-156-177-241.plesk.page
AsyncRAT botnet C2 domain (confidence level: 100%)
domainkepov.run
ClearFake payload delivery domain (confidence level: 100%)
domainciwid.run
ClearFake payload delivery domain (confidence level: 100%)
domainmygar.run
ClearFake payload delivery domain (confidence level: 100%)
domainelectrurn.com
Unknown malware botnet C2 domain (confidence level: 75%)
domainelectrurn.org
Unknown malware botnet C2 domain (confidence level: 75%)
domaindhaker.ddns.net
DarkComet botnet C2 domain (confidence level: 50%)
domainraypun.eastus.cloudapp.azure.com
DarkComet botnet C2 domain (confidence level: 50%)
domainsamrat4-56907.portmap.io
Quasar RAT botnet C2 domain (confidence level: 50%)
domainlancery.digital
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainmetalliko-industr.ru
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainns1.shamless.sbs
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainskyprotech.ru
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincv.cbrw.ru
ClearFake payload delivery domain (confidence level: 100%)
domainsijyh.run
ClearFake payload delivery domain (confidence level: 100%)

File

ValueDescriptionCopy
file38.207.176.60
Cobalt Strike botnet C2 server (confidence level: 100%)
file104.160.187.230
Cobalt Strike botnet C2 server (confidence level: 100%)
file148.66.2.197
Cobalt Strike botnet C2 server (confidence level: 100%)
file1.14.200.238
Cobalt Strike botnet C2 server (confidence level: 100%)
file82.156.105.55
Cobalt Strike botnet C2 server (confidence level: 100%)
file67.211.216.77
Remcos botnet C2 server (confidence level: 100%)
file154.198.50.83
Unknown malware botnet C2 server (confidence level: 100%)
file138.199.162.81
AsyncRAT botnet C2 server (confidence level: 100%)
file85.215.107.125
AsyncRAT botnet C2 server (confidence level: 100%)
file93.95.230.53
Unknown malware botnet C2 server (confidence level: 100%)
file51.38.140.91
MooBot botnet C2 server (confidence level: 100%)
file51.89.204.75
Unknown malware botnet C2 server (confidence level: 100%)
file64.23.243.220
Unknown malware botnet C2 server (confidence level: 100%)
file110.42.45.117
Cobalt Strike botnet C2 server (confidence level: 75%)
file154.219.109.205
Cobalt Strike botnet C2 server (confidence level: 75%)
file185.208.159.224
Cobalt Strike botnet C2 server (confidence level: 75%)
file8.131.118.10
Cobalt Strike botnet C2 server (confidence level: 100%)
file13.209.176.201
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.192.104.206
Cobalt Strike botnet C2 server (confidence level: 100%)
file3.215.185.215
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.114.17
AsyncRAT botnet C2 server (confidence level: 100%)
file79.110.49.72
AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.113.42
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.86.13
AsyncRAT botnet C2 server (confidence level: 100%)
file176.65.144.114
Hook botnet C2 server (confidence level: 100%)
file20.217.80.197
ERMAC botnet C2 server (confidence level: 100%)
file47.109.190.151
Unknown malware botnet C2 server (confidence level: 100%)
file177.39.220.26
Unknown malware botnet C2 server (confidence level: 100%)
file54.90.199.244
Unknown malware botnet C2 server (confidence level: 100%)
file81.70.236.111
Unknown malware botnet C2 server (confidence level: 100%)
file193.123.83.19
Unknown malware botnet C2 server (confidence level: 100%)
file159.89.162.159
Unknown malware botnet C2 server (confidence level: 100%)
file5.255.118.52
Unknown malware botnet C2 server (confidence level: 100%)
file13.60.65.130
Unknown malware botnet C2 server (confidence level: 100%)
file92.36.141.43
Unknown malware botnet C2 server (confidence level: 100%)
file20.227.93.232
Unknown malware botnet C2 server (confidence level: 100%)
file23.95.197.208
Bashlite botnet C2 server (confidence level: 100%)
file103.45.68.135
Cobalt Strike botnet C2 server (confidence level: 100%)
file118.178.192.36
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.45.68.135
Cobalt Strike botnet C2 server (confidence level: 100%)
file216.219.85.188
Cobalt Strike botnet C2 server (confidence level: 100%)
file118.178.192.36
Cobalt Strike botnet C2 server (confidence level: 100%)
file115.175.39.35
Cobalt Strike botnet C2 server (confidence level: 50%)
file185.208.159.224
Cobalt Strike botnet C2 server (confidence level: 50%)
file101.43.94.35
Cobalt Strike botnet C2 server (confidence level: 50%)
file185.234.247.119
Sliver botnet C2 server (confidence level: 50%)
file107.172.29.162
Sliver botnet C2 server (confidence level: 50%)
file107.152.33.179
Sliver botnet C2 server (confidence level: 50%)
file217.160.208.94
Sliver botnet C2 server (confidence level: 50%)
file144.202.86.212
Sliver botnet C2 server (confidence level: 50%)
file212.11.64.225
Sliver botnet C2 server (confidence level: 50%)
file107.189.18.56
SectopRAT botnet C2 server (confidence level: 50%)
file95.131.202.38
Brute Ratel C4 botnet C2 server (confidence level: 50%)
file43.198.88.206
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file94.141.122.183
Unknown malware botnet C2 server (confidence level: 50%)
file147.185.221.28
XWorm botnet C2 server (confidence level: 50%)
file120.26.199.12
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.219.232.189
Cobalt Strike botnet C2 server (confidence level: 100%)
file92.63.197.45
Cobalt Strike botnet C2 server (confidence level: 100%)
file209.74.81.22
Cobalt Strike botnet C2 server (confidence level: 100%)
file139.9.92.182
Cobalt Strike botnet C2 server (confidence level: 100%)
file139.9.92.182
Cobalt Strike botnet C2 server (confidence level: 100%)
file172.111.244.103
Remcos botnet C2 server (confidence level: 100%)
file177.124.72.27
Sliver botnet C2 server (confidence level: 100%)
file88.229.2.85
AsyncRAT botnet C2 server (confidence level: 100%)
file88.229.2.85
AsyncRAT botnet C2 server (confidence level: 100%)
file185.143.241.98
Havoc botnet C2 server (confidence level: 100%)
file102.100.54.53
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file144.172.73.64
MooBot botnet C2 server (confidence level: 100%)
file45.80.158.239
Quasar RAT botnet C2 server (confidence level: 50%)
file15.197.85.202
DeimosC2 botnet C2 server (confidence level: 75%)
file177.124.72.27
Sliver botnet C2 server (confidence level: 75%)
file24.158.35.3
QakBot botnet C2 server (confidence level: 75%)
file54.198.212.23
DeimosC2 botnet C2 server (confidence level: 75%)
file80.66.75.39
Tofsee botnet C2 server (confidence level: 100%)
file136.243.131.47
Agent Tesla botnet C2 server (confidence level: 50%)
file110.4.45.197
Agent Tesla botnet C2 server (confidence level: 50%)
file173.254.31.34
Agent Tesla botnet C2 server (confidence level: 50%)
file92.63.197.45
Meterpreter botnet C2 server (confidence level: 75%)
file83.229.121.235
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.227.152.100
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.227.152.100
Cobalt Strike botnet C2 server (confidence level: 100%)
file116.62.126.115
Cobalt Strike botnet C2 server (confidence level: 100%)
file113.17.35.148
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.242.235.45
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.115.222.119
Cobalt Strike botnet C2 server (confidence level: 100%)
file209.58.181.226
Remcos botnet C2 server (confidence level: 100%)
file103.157.28.180
Remcos botnet C2 server (confidence level: 100%)
file144.172.94.163
Remcos botnet C2 server (confidence level: 100%)
file161.97.116.56
Nimplant botnet C2 server (confidence level: 100%)
file156.251.179.116
Cobalt Strike botnet C2 server (confidence level: 50%)
file135.220.19.84
Sliver botnet C2 server (confidence level: 50%)
file110.43.68.80
Xtreme RAT botnet C2 server (confidence level: 50%)
file45.138.159.2
SectopRAT botnet C2 server (confidence level: 50%)
file158.247.247.157
Kimsuky botnet C2 server (confidence level: 50%)
file117.72.119.212
Unknown malware botnet C2 server (confidence level: 50%)
file176.65.134.78
Remcos botnet C2 server (confidence level: 50%)
file185.196.11.181
Cobalt Strike botnet C2 server (confidence level: 75%)
file116.62.30.120
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.207.179.194
Cobalt Strike botnet C2 server (confidence level: 100%)
file152.136.145.153
Ghost RAT botnet C2 server (confidence level: 100%)
file193.26.115.199
Remcos botnet C2 server (confidence level: 100%)
file191.96.207.235
Remcos botnet C2 server (confidence level: 100%)
file120.53.15.200
AsyncRAT botnet C2 server (confidence level: 100%)
file206.238.115.155
AsyncRAT botnet C2 server (confidence level: 100%)
file3.215.185.215
AsyncRAT botnet C2 server (confidence level: 100%)
file176.65.141.225
AsyncRAT botnet C2 server (confidence level: 100%)
file176.65.141.225
AsyncRAT botnet C2 server (confidence level: 100%)
file176.65.141.225
AsyncRAT botnet C2 server (confidence level: 100%)
file176.65.142.228
AsyncRAT botnet C2 server (confidence level: 100%)
file102.117.163.86
Unknown malware botnet C2 server (confidence level: 100%)
file193.23.219.54
Unknown malware botnet C2 server (confidence level: 100%)
file176.65.144.221
Unknown malware botnet C2 server (confidence level: 100%)
file51.89.204.75
Unknown malware botnet C2 server (confidence level: 100%)
file4.193.160.64
MimiKatz botnet C2 server (confidence level: 100%)
file47.236.58.201
Cobalt Strike botnet C2 server (confidence level: 50%)
file47.120.45.216
Cobalt Strike botnet C2 server (confidence level: 50%)
file47.238.140.204
Cobalt Strike botnet C2 server (confidence level: 50%)
file43.156.57.179
Cobalt Strike botnet C2 server (confidence level: 50%)
file54.252.215.88
Sliver botnet C2 server (confidence level: 50%)
file45.151.62.134
Sliver botnet C2 server (confidence level: 50%)
file159.223.205.104
Sliver botnet C2 server (confidence level: 50%)
file31.128.216.7
Unknown malware botnet C2 server (confidence level: 50%)
file49.228.131.165
NjRAT botnet C2 server (confidence level: 100%)
file176.98.178.4
Cobalt Strike botnet C2 server (confidence level: 75%)
file176.98.178.55
Cobalt Strike botnet C2 server (confidence level: 75%)
file185.227.152.100
Cobalt Strike botnet C2 server (confidence level: 75%)
file217.198.5.240
Cobalt Strike botnet C2 server (confidence level: 75%)
file103.131.131.92
Remcos botnet C2 server (confidence level: 100%)
file103.157.28.180
Remcos botnet C2 server (confidence level: 100%)
file185.112.83.238
Sliver botnet C2 server (confidence level: 100%)
file49.113.73.193
Unknown malware botnet C2 server (confidence level: 100%)
file176.65.142.228
AsyncRAT botnet C2 server (confidence level: 100%)
file193.143.1.236
Poseidon Stealer botnet C2 server (confidence level: 100%)
file196.251.73.47
Havoc botnet C2 server (confidence level: 100%)
file154.21.201.16
Havoc botnet C2 server (confidence level: 100%)
file18.177.128.103
Brute Ratel C4 botnet C2 server (confidence level: 100%)
file141.147.108.142
Chaos botnet C2 server (confidence level: 100%)
file121.9.235.32
Chaos botnet C2 server (confidence level: 100%)
file23.24.41.225
QakBot botnet C2 server (confidence level: 75%)
file46.236.195.130
DeimosC2 botnet C2 server (confidence level: 75%)
file14.128.63.6
ValleyRAT botnet C2 server (confidence level: 100%)
file43.255.159.28
Cobalt Strike botnet C2 server (confidence level: 75%)

Hash

ValueDescriptionCopy
hash5003
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash21
Cobalt Strike botnet C2 server (confidence level: 100%)
hash3306
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash3396
Remcos botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash1961
AsyncRAT botnet C2 server (confidence level: 100%)
hash1231
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash2096
Cobalt Strike botnet C2 server (confidence level: 75%)
hash1433
Cobalt Strike botnet C2 server (confidence level: 75%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash52683
Cobalt Strike botnet C2 server (confidence level: 100%)
hash6003
Cobalt Strike botnet C2 server (confidence level: 100%)
hash7001
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash2000
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash50555
Hook botnet C2 server (confidence level: 100%)
hash80
ERMAC botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash4443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Bashlite botnet C2 server (confidence level: 100%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5555
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8088
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash9000
SectopRAT botnet C2 server (confidence level: 50%)
hash2083
Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash13
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash443
Unknown malware botnet C2 server (confidence level: 50%)
hash23258
XWorm botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2095
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9001
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash37830
Remcos botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash888
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash9999
MooBot botnet C2 server (confidence level: 100%)
hash5939
Quasar RAT botnet C2 server (confidence level: 50%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash8888
Sliver botnet C2 server (confidence level: 75%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash420
Tofsee botnet C2 server (confidence level: 100%)
hash21
Agent Tesla botnet C2 server (confidence level: 50%)
hash21
Agent Tesla botnet C2 server (confidence level: 50%)
hash21
Agent Tesla botnet C2 server (confidence level: 50%)
hash8443
Meterpreter botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2086
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8008
Cobalt Strike botnet C2 server (confidence level: 100%)
hash6513
Remcos botnet C2 server (confidence level: 100%)
hash80
Remcos botnet C2 server (confidence level: 100%)
hash2427
Remcos botnet C2 server (confidence level: 100%)
hash443
Nimplant botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 50%)
hash9000
SectopRAT botnet C2 server (confidence level: 50%)
hash443
Kimsuky botnet C2 server (confidence level: 50%)
hash9205
Unknown malware botnet C2 server (confidence level: 50%)
hash45682
Remcos botnet C2 server (confidence level: 50%)
hash9908
Cobalt Strike botnet C2 server (confidence level: 75%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8000
Ghost RAT botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash6001
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash8081
MimiKatz botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 50%)
hash9009
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8990
Cobalt Strike botnet C2 server (confidence level: 50%)
hash80
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash7777
Unknown malware botnet C2 server (confidence level: 50%)
hash2427
NjRAT botnet C2 server (confidence level: 100%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash443
Remcos botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Poseidon Stealer botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash7878
Havoc botnet C2 server (confidence level: 100%)
hash80
Brute Ratel C4 botnet C2 server (confidence level: 100%)
hash80
Chaos botnet C2 server (confidence level: 100%)
hash54681
Chaos botnet C2 server (confidence level: 100%)
hash995
QakBot botnet C2 server (confidence level: 75%)
hash87
DeimosC2 botnet C2 server (confidence level: 75%)
hash6666
ValleyRAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)

Url

ValueDescriptionCopy
urlhttps://topguningit.com/test/
Latrodectus botnet C2 (confidence level: 100%)
urlhttps://lofiramegi.com/test/
Latrodectus botnet C2 (confidence level: 100%)
urlhttp://154.198.50.83:8888/supershell/login/
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://176.65.144.114:50555/
Hook botnet C2 (confidence level: 50%)
urlhttp://103.116.8.240:50555/
Hook botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/r9a1gjxb
XWorm botnet C2 (confidence level: 50%)
urlhttps://egirlcam.com/
Quasar RAT payload delivery URL (confidence level: 50%)
urlhttp://odyssey-st.com/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://61.3.26.117:55159/mozi.m
Mozi payload delivery URL (confidence level: 50%)
urlhttps://login.mexc-signin.kro.kr
Kimsuky botnet C2 (confidence level: 50%)
urlhttp://212194cm.nyashware.ru/phppacketmultibaseuniversaltrackuploadsdownloads.php
DCRat botnet C2 (confidence level: 100%)

Threat ID: 682c7db1e8347ec82d29ed51

Added to database: 5/20/2025, 1:03:45 PM

Last enriched: 6/19/2025, 3:31:53 PM

Last updated: 8/8/2025, 7:15:26 AM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats