Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

ThreatFox IOCs for 2025-05-12

Medium
Malwaretype:osinttlp:white
Published: Mon May 12 2025 (05/12/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-05-12

AI-Powered Analysis

AILast updated: 06/19/2025, 15:18:27 UTC

Technical Analysis

The provided information pertains to a malware threat identified through ThreatFox IOCs dated 2025-05-12. The threat is categorized under 'type:osint,' indicating it is related to open-source intelligence or derived from OSINT sources. No specific affected software versions or products are listed, and no CWE (Common Weakness Enumeration) identifiers are provided, which limits the granularity of the technical details. The threat level is indicated as 2 on an unspecified scale, with analysis and distribution values of 1 and 3 respectively, suggesting moderate distribution but limited detailed analysis. There are no known exploits in the wild, and no patch links are provided, implying that this threat may be newly identified or not yet actively exploited. The absence of indicators of compromise (IOCs) in the data further limits direct detection or response actions. The threat is tagged with 'tlp:white,' meaning the information is intended for public sharing without restrictions. Overall, this appears to be an emerging malware threat identified through OSINT channels, with limited technical details and no active exploitation reported at this time.

Potential Impact

Given the limited technical details and absence of known exploits, the immediate impact on European organizations is likely low to medium. However, as a malware threat with moderate distribution potential, it could pose risks to confidentiality, integrity, and availability if it evolves or is leveraged in targeted attacks. European organizations relying heavily on open-source intelligence tools or platforms related to the 'osint' category might be at increased risk. Potential impacts include data exfiltration, system compromise, or disruption of services if the malware gains foothold. The lack of specific affected versions or products complicates precise impact assessment, but organizations in sectors with high OSINT usage—such as cybersecurity firms, government intelligence agencies, and critical infrastructure operators—should remain vigilant. The medium severity rating suggests that while the threat is not currently critical, it warrants monitoring and proactive defense measures.

Mitigation Recommendations

1. Enhance monitoring of OSINT-related tools and platforms for unusual activity or indicators of compromise, even if specific IOCs are not yet available. 2. Implement strict network segmentation and access controls around systems handling OSINT data to limit potential malware spread. 3. Conduct regular threat intelligence updates and integrate emerging IOCs from ThreatFox and other reputable sources as they become available. 4. Employ endpoint detection and response (EDR) solutions with heuristic and behavioral analysis capabilities to detect novel malware variants. 5. Train security teams to recognize signs of malware infections related to OSINT tools and encourage prompt incident reporting. 6. Maintain up-to-date backups and test recovery procedures to mitigate potential data loss or ransomware scenarios. 7. Collaborate with national cybersecurity centers and information sharing organizations to stay informed about evolving threats in the OSINT domain.

Affected Countries

GermanyGermany
FranceFrance
United KingdomUnited Kingdom
NetherlandsNetherlands
BelgiumBelgium
SwedenSweden
FinlandFinland
Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
9bd00c33-c78c-4268-b984-3923d8fd815d
Original Timestamp
1747094585

Indicators of Compromise

File

ValueDescriptionCopy
file31.57.243.142
FAKEUPDATES botnet C2 server (confidence level: 100%)
file49.232.128.209
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.219.226.29
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.120.37.142
Cobalt Strike botnet C2 server (confidence level: 100%)
file106.53.191.52
Cobalt Strike botnet C2 server (confidence level: 100%)
file106.53.191.52
Cobalt Strike botnet C2 server (confidence level: 100%)
file77.90.185.28
Remcos botnet C2 server (confidence level: 100%)
file94.237.82.115
Sliver botnet C2 server (confidence level: 100%)
file112.126.77.39
Unknown malware botnet C2 server (confidence level: 100%)
file196.251.118.253
AsyncRAT botnet C2 server (confidence level: 100%)
file176.65.134.77
AsyncRAT botnet C2 server (confidence level: 100%)
file143.110.183.41
Unknown malware botnet C2 server (confidence level: 100%)
file31.59.184.185
Hook botnet C2 server (confidence level: 100%)
file13.38.77.215
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file79.239.114.113
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file13.247.182.227
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file185.156.72.19
Tofsee botnet C2 server (confidence level: 100%)
file185.156.72.19
Tofsee botnet C2 server (confidence level: 100%)
file185.156.72.19
Tofsee botnet C2 server (confidence level: 100%)
file185.156.72.19
Tofsee botnet C2 server (confidence level: 100%)
file185.156.72.43
Tofsee botnet C2 server (confidence level: 100%)
file185.156.72.19
Tofsee botnet C2 server (confidence level: 100%)
file185.156.72.19
Tofsee botnet C2 server (confidence level: 100%)
file185.156.72.43
Tofsee botnet C2 server (confidence level: 100%)
file185.156.72.19
Tofsee botnet C2 server (confidence level: 100%)
file185.156.72.43
Tofsee botnet C2 server (confidence level: 100%)
file185.156.72.43
Tofsee botnet C2 server (confidence level: 100%)
file185.156.72.19
Tofsee botnet C2 server (confidence level: 100%)
file185.156.72.19
Tofsee botnet C2 server (confidence level: 100%)
file185.156.72.43
Tofsee botnet C2 server (confidence level: 100%)
file185.156.72.19
Tofsee botnet C2 server (confidence level: 100%)
file185.156.72.43
Tofsee botnet C2 server (confidence level: 100%)
file185.156.72.43
Tofsee botnet C2 server (confidence level: 100%)
file185.156.72.19
Tofsee botnet C2 server (confidence level: 100%)
file185.156.72.43
Tofsee botnet C2 server (confidence level: 100%)
file185.156.72.43
Tofsee botnet C2 server (confidence level: 100%)
file185.156.72.19
Tofsee botnet C2 server (confidence level: 100%)
file185.156.72.19
Tofsee botnet C2 server (confidence level: 100%)
file185.156.72.19
Tofsee botnet C2 server (confidence level: 100%)
file185.156.72.43
Tofsee botnet C2 server (confidence level: 100%)
file185.156.72.43
Tofsee botnet C2 server (confidence level: 100%)
file185.156.72.43
Tofsee botnet C2 server (confidence level: 100%)
file185.156.72.43
Tofsee botnet C2 server (confidence level: 100%)
file185.39.17.38
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file83.222.190.174
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file185.156.72.19
Tofsee botnet C2 server (confidence level: 100%)
file185.156.72.43
Tofsee botnet C2 server (confidence level: 100%)
file175.178.120.225
Cobalt Strike botnet C2 server (confidence level: 75%)
file196.251.71.99
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.132.120.20
Sliver botnet C2 server (confidence level: 90%)
file176.65.141.111
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.118.253
AsyncRAT botnet C2 server (confidence level: 100%)
file91.222.173.167
Unknown malware botnet C2 server (confidence level: 100%)
file31.59.184.185
Hook botnet C2 server (confidence level: 100%)
file112.193.145.30
DCRat botnet C2 server (confidence level: 100%)
file176.65.138.55
MooBot botnet C2 server (confidence level: 100%)
file82.66.215.115
Unknown malware botnet C2 server (confidence level: 100%)
file3.109.121.218
Unknown malware botnet C2 server (confidence level: 100%)
file35.156.20.50
Unknown malware botnet C2 server (confidence level: 100%)
file35.156.20.50
Unknown malware botnet C2 server (confidence level: 100%)
file137.220.205.227
Unknown malware botnet C2 server (confidence level: 100%)
file137.220.205.225
Unknown malware botnet C2 server (confidence level: 100%)
file111.90.151.147
Unknown malware botnet C2 server (confidence level: 100%)
file80.79.7.239
Unknown malware botnet C2 server (confidence level: 100%)
file1.214.64.187
Unknown malware botnet C2 server (confidence level: 100%)
file23.95.216.90
Unknown malware botnet C2 server (confidence level: 100%)
file64.23.148.212
Unknown malware botnet C2 server (confidence level: 100%)
file104.168.148.26
Unknown malware botnet C2 server (confidence level: 100%)
file185.156.72.43
Tofsee botnet C2 server (confidence level: 100%)
file103.252.137.107
Mirai botnet C2 server (confidence level: 75%)
file115.159.71.204
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.227.152.100
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.122.20.70
Cobalt Strike botnet C2 server (confidence level: 100%)
file150.109.45.37
Cobalt Strike botnet C2 server (confidence level: 50%)
file43.139.124.56
Cobalt Strike botnet C2 server (confidence level: 50%)
file101.43.94.35
Cobalt Strike botnet C2 server (confidence level: 50%)
file47.120.45.216
Cobalt Strike botnet C2 server (confidence level: 50%)
file192.3.199.107
Sliver botnet C2 server (confidence level: 50%)
file154.39.150.23
NjRAT botnet C2 server (confidence level: 50%)
file8.222.139.189
Xtreme RAT botnet C2 server (confidence level: 50%)
file104.37.4.144
Remcos botnet C2 server (confidence level: 75%)
file27.102.138.154
Kimsuky botnet C2 server (confidence level: 50%)
file113.45.75.229
Unknown malware botnet C2 server (confidence level: 50%)
file193.32.249.160
AsyncRAT botnet C2 server (confidence level: 50%)
file193.32.249.160
AsyncRAT botnet C2 server (confidence level: 50%)
file193.32.249.160
AsyncRAT botnet C2 server (confidence level: 50%)
file193.32.249.160
AsyncRAT botnet C2 server (confidence level: 50%)
file193.32.249.160
AsyncRAT botnet C2 server (confidence level: 50%)
file194.140.115.26
AsyncRAT botnet C2 server (confidence level: 50%)
file194.140.115.26
AsyncRAT botnet C2 server (confidence level: 50%)
file194.140.115.26
AsyncRAT botnet C2 server (confidence level: 50%)
file206.206.77.63
AsyncRAT botnet C2 server (confidence level: 50%)
file206.206.77.63
AsyncRAT botnet C2 server (confidence level: 50%)
file206.206.77.63
AsyncRAT botnet C2 server (confidence level: 50%)
file118.237.151.254
DarkComet botnet C2 server (confidence level: 50%)
file95.68.221.95
DCRat botnet C2 server (confidence level: 50%)
file147.185.221.27
NjRAT botnet C2 server (confidence level: 50%)
file45.134.140.162
NjRAT botnet C2 server (confidence level: 50%)
file83.52.140.245
Orcus RAT botnet C2 server (confidence level: 50%)
file83.58.129.56
Orcus RAT botnet C2 server (confidence level: 50%)
file116.38.148.218
Orcus RAT botnet C2 server (confidence level: 50%)
file147.185.221.28
XWorm botnet C2 server (confidence level: 50%)
file172.111.224.98
XWorm botnet C2 server (confidence level: 75%)
file196.251.115.153
Remcos botnet C2 server (confidence level: 75%)
file154.21.201.41
ValleyRAT botnet C2 server (confidence level: 100%)
file149.88.71.241
Cobalt Strike botnet C2 server (confidence level: 100%)
file5.75.210.140
Vidar botnet C2 server (confidence level: 100%)
file152.32.164.186
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.222.21.53
Cobalt Strike botnet C2 server (confidence level: 100%)
file216.219.85.188
Cobalt Strike botnet C2 server (confidence level: 100%)
file172.111.137.162
Remcos botnet C2 server (confidence level: 100%)
file80.77.25.233
Remcos botnet C2 server (confidence level: 100%)
file88.229.2.85
AsyncRAT botnet C2 server (confidence level: 100%)
file88.229.2.85
AsyncRAT botnet C2 server (confidence level: 100%)
file54.211.188.176
Unknown malware botnet C2 server (confidence level: 100%)
file5.8.19.5
Hook botnet C2 server (confidence level: 100%)
file62.146.224.126
Quasar RAT botnet C2 server (confidence level: 100%)
file18.171.211.137
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file81.0.247.170
Unknown malware botnet C2 server (confidence level: 100%)
file81.0.247.170
Unknown malware botnet C2 server (confidence level: 100%)
file81.0.247.170
Unknown malware botnet C2 server (confidence level: 100%)
file81.0.247.170
Unknown malware botnet C2 server (confidence level: 100%)
file81.0.247.170
Unknown malware botnet C2 server (confidence level: 100%)
file81.0.247.170
Unknown malware botnet C2 server (confidence level: 100%)
file81.0.247.170
Unknown malware botnet C2 server (confidence level: 100%)
file149.28.131.74
Havoc botnet C2 server (confidence level: 75%)
file45.40.245.61
Unknown malware botnet C2 server (confidence level: 75%)
file196.251.86.199
Remcos botnet C2 server (confidence level: 75%)
file176.65.142.31
Remcos botnet C2 server (confidence level: 75%)
file176.65.141.47
Remcos botnet C2 server (confidence level: 75%)
file8.134.80.60
Cobalt Strike botnet C2 server (confidence level: 50%)
file82.29.71.164
Sliver botnet C2 server (confidence level: 50%)
file196.251.80.173
Unknown malware botnet C2 server (confidence level: 50%)
file3.22.65.167
Unknown malware botnet C2 server (confidence level: 50%)
file45.137.22.119
Remcos botnet C2 server (confidence level: 50%)
file154.197.69.150
AsyncRAT botnet C2 server (confidence level: 75%)
file103.159.50.40
Meterpreter botnet C2 server (confidence level: 75%)
file121.37.237.16
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.100.106.36
Cobalt Strike botnet C2 server (confidence level: 100%)
file151.242.69.94
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.41.97.26
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.153.205.30
Cobalt Strike botnet C2 server (confidence level: 100%)
file1.92.100.230
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.201.83.215
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.139.104.79
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.100.87.118
Cobalt Strike botnet C2 server (confidence level: 100%)
file216.250.253.128
Remcos botnet C2 server (confidence level: 100%)
file103.136.150.193
Unknown malware botnet C2 server (confidence level: 100%)
file176.65.142.228
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.80.235
Unknown malware botnet C2 server (confidence level: 100%)
file109.69.62.228
DCRat botnet C2 server (confidence level: 100%)
file118.107.46.23
ValleyRAT botnet C2 server (confidence level: 100%)
file38.46.13.82
ValleyRAT botnet C2 server (confidence level: 100%)
file8.153.204.140
Cobalt Strike botnet C2 server (confidence level: 75%)
file209.54.102.133
Remcos botnet C2 server (confidence level: 75%)
file47.117.95.84
Cobalt Strike botnet C2 server (confidence level: 100%)
file196.251.69.233
Cobalt Strike botnet C2 server (confidence level: 100%)
file83.149.72.49
Remcos botnet C2 server (confidence level: 100%)
file185.112.83.238
Sliver botnet C2 server (confidence level: 100%)
file196.251.86.13
AsyncRAT botnet C2 server (confidence level: 100%)
file5.8.19.5
Hook botnet C2 server (confidence level: 100%)
file139.162.149.223
Havoc botnet C2 server (confidence level: 100%)
file20.86.144.84
Havoc botnet C2 server (confidence level: 100%)
file81.0.247.170
Unknown malware botnet C2 server (confidence level: 100%)
file156.244.13.67
MimiKatz botnet C2 server (confidence level: 100%)
file198.12.83.91
Remcos botnet C2 server (confidence level: 100%)
file47.239.129.136
ValleyRAT botnet C2 server (confidence level: 100%)
file118.178.187.223
Cobalt Strike botnet C2 server (confidence level: 100%)
file104.37.172.227
Remcos botnet C2 server (confidence level: 100%)
file27.106.125.187
Unknown malware botnet C2 server (confidence level: 100%)
file95.214.55.246
AsyncRAT botnet C2 server (confidence level: 100%)
file45.141.233.34
Latrodectus botnet C2 server (confidence level: 90%)
file51.89.115.254
Quasar RAT botnet C2 server (confidence level: 100%)
file185.196.11.90
Havoc botnet C2 server (confidence level: 100%)
file162.248.225.187
Havoc botnet C2 server (confidence level: 100%)
file209.141.34.106
Bashlite botnet C2 server (confidence level: 100%)
file45.33.88.161
Sliver botnet C2 server (confidence level: 50%)
file93.115.172.185
Sliver botnet C2 server (confidence level: 50%)
file176.100.37.198
Sliver botnet C2 server (confidence level: 50%)
file209.200.252.75
Sliver botnet C2 server (confidence level: 50%)
file223.109.175.247
Xtreme RAT botnet C2 server (confidence level: 50%)
file91.4.35.118
Ghost RAT botnet C2 server (confidence level: 50%)
file129.226.72.96
ValleyRAT botnet C2 server (confidence level: 100%)
file27.102.138.154
Kimsuky botnet C2 server (confidence level: 50%)
file68.235.43.14
Remcos botnet C2 server (confidence level: 50%)
file107.152.33.179
Sliver botnet C2 server (confidence level: 75%)
file144.208.127.129
Sliver botnet C2 server (confidence level: 75%)
file75.2.43.104
DeimosC2 botnet C2 server (confidence level: 75%)
file38.54.112.234
Cobalt Strike botnet C2 server (confidence level: 75%)
file51.38.140.87
Mirai botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash443
FAKEUPDATES botnet C2 server (confidence level: 100%)
hash3306
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash4443
Sliver botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash4444
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash59555
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash62843
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash9999
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash416
Tofsee botnet C2 server (confidence level: 100%)
hash424
Tofsee botnet C2 server (confidence level: 100%)
hash425
Tofsee botnet C2 server (confidence level: 100%)
hash431
Tofsee botnet C2 server (confidence level: 100%)
hash431
Tofsee botnet C2 server (confidence level: 100%)
hash418
Tofsee botnet C2 server (confidence level: 100%)
hash419
Tofsee botnet C2 server (confidence level: 100%)
hash419
Tofsee botnet C2 server (confidence level: 100%)
hash420
Tofsee botnet C2 server (confidence level: 100%)
hash426
Tofsee botnet C2 server (confidence level: 100%)
hash424
Tofsee botnet C2 server (confidence level: 100%)
hash423
Tofsee botnet C2 server (confidence level: 100%)
hash429
Tofsee botnet C2 server (confidence level: 100%)
hash422
Tofsee botnet C2 server (confidence level: 100%)
hash430
Tofsee botnet C2 server (confidence level: 100%)
hash425
Tofsee botnet C2 server (confidence level: 100%)
hash423
Tofsee botnet C2 server (confidence level: 100%)
hash422
Tofsee botnet C2 server (confidence level: 100%)
hash429
Tofsee botnet C2 server (confidence level: 100%)
hash416
Tofsee botnet C2 server (confidence level: 100%)
hash426
Tofsee botnet C2 server (confidence level: 100%)
hash428
Tofsee botnet C2 server (confidence level: 100%)
hash421
Tofsee botnet C2 server (confidence level: 100%)
hash420
Tofsee botnet C2 server (confidence level: 100%)
hash418
Tofsee botnet C2 server (confidence level: 100%)
hash421
Tofsee botnet C2 server (confidence level: 100%)
hasha784d468f58f0732c061ca4273483fd729ba09b0
Quasar RAT payload (confidence level: 95%)
hash265a192ffd55277de3706b6134c4282280655ad376e328f41d937e33c69edfaf
Quasar RAT payload (confidence level: 95%)
hash473c337547351c6db76b01f39b71ec78
Quasar RAT payload (confidence level: 95%)
hash67847bd84e5d118041806a7e8d5b869f66868c02
AsyncRAT payload (confidence level: 95%)
hash71d114483f05683c0c8384062fd8f52588e735e3ee471a183e747c3bf3e7b252
AsyncRAT payload (confidence level: 95%)
hash57ba26178c4195ffb7fff620a6301dc8
AsyncRAT payload (confidence level: 95%)
hash40f01eb73fc2dde84ad4272a4f89afc10bfe782f
AsyncRAT payload (confidence level: 95%)
hashabe24803d79ebe74093a6fbdf37a989732d847c6682093886285caecaac50cdc
AsyncRAT payload (confidence level: 95%)
hash4fa689865498bfcf29bbc81a00dc48f3
AsyncRAT payload (confidence level: 95%)
hash5ed35a5b958f27ed88bd9daba4852ad34fb92618
ValleyRAT payload (confidence level: 95%)
hash49ace861126dea98811a915729d0215584cd11bc30d3b8c0353be646f2668285
ValleyRAT payload (confidence level: 95%)
hash197e77f0333ba0421d976de42c0a04f2
ValleyRAT payload (confidence level: 95%)
hash52e8c7ad2ce5b6388e611205a4f00c0fbf0585e7
DCRat payload (confidence level: 95%)
hasha0834a5313a2495b355d76a7e07fb35b332dd32c629fe090914e85989b1ee800
DCRat payload (confidence level: 95%)
hash3cba0184cc7008966a863a9b80dcc100
DCRat payload (confidence level: 95%)
hashc9e2ad7a2aef5d1246c0d03d80fbed9e92785700
NjRAT payload (confidence level: 95%)
hash2dba986101ad125c0be30b92fcc4098ae78187d68f25a85677dac2592b978e4d
NjRAT payload (confidence level: 95%)
hash0e68ae641adaac6ac7776b088f1113c1
NjRAT payload (confidence level: 95%)
hash9a6423c3c2b64ef5b4756fe5d9f648460d9ec1a4
TinyNuke payload (confidence level: 95%)
hash4f95ac617c436b748175dc09856e835ce7911ae9ad904b36237756e366bf727f
TinyNuke payload (confidence level: 95%)
hash80363cf53ed46bafdd5267122cecc241
TinyNuke payload (confidence level: 95%)
hashb6c6ede64f0598390186132112e075d4654fad0e
htpRAT payload (confidence level: 95%)
hash6ac7a6bc2961e3e94af22c2f38cbd1a145b54dca4e68ed92912f347a1344aa2e
htpRAT payload (confidence level: 95%)
hash58c9595bd1cb578586df900c9db7d07b
htpRAT payload (confidence level: 95%)
hash1b833f3511a0c281315890640c90a03d284ca84b
Luca Stealer payload (confidence level: 95%)
hash56ccc228bc714fb165567a1f160e74ba459de0306cb3951b329f4f8f27c0be2e
Luca Stealer payload (confidence level: 95%)
hash17ebadf6b235721c25ac746e6c1345a1
Luca Stealer payload (confidence level: 95%)
hash132ff8c9aa8d22bc77444ce306b3f3e326d20386
KrakenKeylogger payload (confidence level: 95%)
hash4939389065fc2a29f48c0fa96199456b8e030bf997b89dce60c2702e706fa692
KrakenKeylogger payload (confidence level: 95%)
hasha9d8e098c55e7c0b531cc9e1cb7e40b0
KrakenKeylogger payload (confidence level: 95%)
hash0fd52e5e47565323d4b0a7ebb4df9971c06cd5ba
AsyncRAT payload (confidence level: 95%)
hashe22479542da314d41da623dd86740e38da3563ea109c0f258e1f6c8993fd468f
AsyncRAT payload (confidence level: 95%)
hashce2cb8a1f095fc4f1f642e0b4735256c
AsyncRAT payload (confidence level: 95%)
hasha6ee95a9d4acae19d10e44ef7a48896e36ee3ef5
Formbook payload (confidence level: 95%)
hash396d863b28cfe0297b99865faa37c6a7079547e0c275bbed4c4c0ce7451af4d3
Formbook payload (confidence level: 95%)
hash40cd9945dcd762e8d9374576449e1d9f
Formbook payload (confidence level: 95%)
hashe1b35cce24c7aa21162a5e05207fab159ee0f6d7
Agent Tesla payload (confidence level: 95%)
hash67de427d26d8bb94784e5b4665107868098c61ee2f661cbeeda85af6cb9a4ab3
Agent Tesla payload (confidence level: 95%)
hash71f99b26766ca3d0d179885b6a4e3edc
Agent Tesla payload (confidence level: 95%)
hashc0c79432b3e47a762109acea0dfcabc1f3a1839f
Mars Stealer payload (confidence level: 95%)
hashb112c6343f5c1b4219731e3b29bf736d407a25a4604c26555078bf2ccf3b0858
Mars Stealer payload (confidence level: 95%)
hash361acd5c1bff693490bb0127b0ad77de
Mars Stealer payload (confidence level: 95%)
hashbf65d6054224fb32b51aba0c8850051f92c926b8
Mars Stealer payload (confidence level: 95%)
hashe79f079f5bc087cf851a297998ae75610abe8e43a6cb59a5c24ed29481b1b926
Mars Stealer payload (confidence level: 95%)
hash5a0ec88a6afcc4cc16456531337ed89a
Mars Stealer payload (confidence level: 95%)
hashe61d84368324038c2bd0a69c02aa8c323833bb21
Mars Stealer payload (confidence level: 95%)
hashc1a5a544419c22693be2f08f720b946515922bba6e308730dfd8a7a20b789dd2
Mars Stealer payload (confidence level: 95%)
hashb01c367667c6b1fc0713b439eb532fb8
Mars Stealer payload (confidence level: 95%)
hash4f9c2111bb4d661ac36cb65c760c5121c71fa733
Mars Stealer payload (confidence level: 95%)
hash4e41b22377ee4f59e1bd635ac8c83cba7127157abb3f7d5d867f6bb4e187608b
Mars Stealer payload (confidence level: 95%)
hash185725b5ac920d44f34182717d075e3b
Mars Stealer payload (confidence level: 95%)
hash073e89d73d7ab971544511050e57ab754692f10b
Mars Stealer payload (confidence level: 95%)
hash8afcfadadb144c772e19963d8543a84d0a7d46894574b711429e40a75b3787b4
Mars Stealer payload (confidence level: 95%)
hash4c02b7e7b5fc1ca9219fe2f543a86182
Mars Stealer payload (confidence level: 95%)
hashc833bddb456f029ab24de4b36d2b4374304f036a
Mars Stealer payload (confidence level: 95%)
hash129bdd9d1844a5e00122a5944badf613eaa64afbad37836550e481ce9f0a80c6
Mars Stealer payload (confidence level: 95%)
hash2f169b9e8702260a27ed33284e32b0f2
Mars Stealer payload (confidence level: 95%)
hashdf7320f30fbcc810865ed9f2ea25a96ea158737a
Mars Stealer payload (confidence level: 95%)
hashf82358cb55f3bd2aaf77386ebb4b19054f6eda4650bfc15210997f59a11afe68
Mars Stealer payload (confidence level: 95%)
hashb0782cb461bda0957c5e9d0431fc5d91
Mars Stealer payload (confidence level: 95%)
hash41ba306f48f0f3a04f497fda50e76fadc9b9466b
Mars Stealer payload (confidence level: 95%)
hash7ed9db6320038627a2a3b0b2bde50ee6e41379a830b6470e2983aa876190be57
Mars Stealer payload (confidence level: 95%)
hashecb0412748224ab11f79cdd732a95e56
Mars Stealer payload (confidence level: 95%)
hash7fbba68796db877c4bd26404faae8f4810a6425f
Mars Stealer payload (confidence level: 95%)
hash692526eb7b58ff78d370ee6490c58da54cba0cb6582ede927a19f97b77d0171c
Mars Stealer payload (confidence level: 95%)
hash094807d91484422204336db45f336917
Mars Stealer payload (confidence level: 95%)
hash86859b8122cb25d8ae7a9632153109550eff6e85
Mars Stealer payload (confidence level: 95%)
hash0bda0e0b99cdf78348386968ca222e12bc3d4926119104db72b7c1251a3129d7
Mars Stealer payload (confidence level: 95%)
hash02a8880a5384cb7788ac0ecf7367721c
Mars Stealer payload (confidence level: 95%)
hash486e5fd36f91b0faf5e3248aa72958abb2b55f10
Mars Stealer payload (confidence level: 95%)
hash36142ac0131124372ef6fc0f64df925623f43b687bf65d75e465140b770b61cc
Mars Stealer payload (confidence level: 95%)
hasha0ac458279ad8acd2e85ca8e6bcfbfc2
Mars Stealer payload (confidence level: 95%)
hash384e1021c05d14cb584114ef4b4556b14163f420
Nanocore RAT payload (confidence level: 95%)
hash4aed1ba42dab82b5c4520e68c97f2ea1d9e1df992571d3254c1408da0416e694
Nanocore RAT payload (confidence level: 95%)
hash04bf402511fc9046c00629e898d8af42
Nanocore RAT payload (confidence level: 95%)
hasheee35af293377c7021bc4691f275859d993e610d
Mars Stealer payload (confidence level: 95%)
hash884c637f138433417ce9bc7e7e0fbab6e6a793289bcfd361db1e2bbef129523f
Mars Stealer payload (confidence level: 95%)
hash4c5857ed825f2a654bf8fc04860ff761
Mars Stealer payload (confidence level: 95%)
hash33283f8e0b2fc3bd06151974ea9150d4860a2a85
Mars Stealer payload (confidence level: 95%)
hash417
Tofsee botnet C2 server (confidence level: 100%)
hash2af20bf92ef56372650dd578c9862776438fa3ec2c3282ed29441c6c7cfb12ad
Mars Stealer payload (confidence level: 95%)
hashb9a6a6cbee9a710c922b0823a6bcb8a6
Mars Stealer payload (confidence level: 95%)
hash84caf1ce68a7be9f80273e0cca471c9fd01aee29
DUBrute payload (confidence level: 95%)
hash5aa035ebc3359ee8517d99569c8881fcb7f48ab7e9a2f101f7e7ec23e636c79b
DUBrute payload (confidence level: 95%)
hashf502ad2fa88e872169df51790e946440
DUBrute payload (confidence level: 95%)
hash7561482d237e65c659a1168417c76e4e5644bee4
Agent Tesla payload (confidence level: 95%)
hash28373687a52ac6ba638435a111fd0c246e254fc59e3668adb618e02a51f59f60
Agent Tesla payload (confidence level: 95%)
hash856102cfda75f9868f7df29d3e79c485
Agent Tesla payload (confidence level: 95%)
hash57db1f7070d71b752c4a8457d53908752a6c23c6
GCleaner payload (confidence level: 95%)
hash0379d402a94f960380d7d91e3bfa106eeac01cd39ae7b0ba5010ba737088a215
GCleaner payload (confidence level: 95%)
hashef9aa4d03a69e69bbc44867f8436001d
GCleaner payload (confidence level: 95%)
hash6d6aa91abe5a845fd307b4d9a1c2b7ed65521c09
Nanocore RAT payload (confidence level: 95%)
hash7c563e7249a222861f18b8155e331465ad1989f4a794b6d8dbdc95a146c9b2ed
Nanocore RAT payload (confidence level: 95%)
hashcf98a3d138c42ae9d174b4e110e72e62
Nanocore RAT payload (confidence level: 95%)
hash32c7667bee59f36cf14ee12d95a56343a897b87c
Quasar RAT payload (confidence level: 95%)
hash4bd736e9b854135e6c3f7f26d8666f7c227dfa111848ecf7ff769373cddeefd2
Quasar RAT payload (confidence level: 95%)
hashd1dbaaa2c975f4e853fd933b9760840c
Quasar RAT payload (confidence level: 95%)
hashdfa1c058af0433db147f759d206c5c57c0693a7e
NetWire RC payload (confidence level: 95%)
hashb7b65dbd30ad4b73017275bf43f046b3ec0b76c1f55898e092fd5340ff9c2b7b
NetWire RC payload (confidence level: 95%)
hash51484f0c0f9854f9f74ca609569ce11b
NetWire RC payload (confidence level: 95%)
hash378f81a84b8994dc0918910aea61b1e7e74f70c9
ValleyRAT payload (confidence level: 95%)
hash8f63fc50d833c7135fc49f755bf91dbe675c2421508698de92a4938c3bd1679d
ValleyRAT payload (confidence level: 95%)
hash9a78a571e9cb9d04d816bacc94ada164
ValleyRAT payload (confidence level: 95%)
hash5765d23c4b8c21b2aa7208acc92ee09e174a45bf
Ghost RAT payload (confidence level: 95%)
hash122e308d760f8f3b757b7e9dc59f71777b9e33726645057ef2e8ef5617700ea5
Ghost RAT payload (confidence level: 95%)
hash4c6d98b261a33641998127bc76862e53
Ghost RAT payload (confidence level: 95%)
hash84b80b8680ba7c775d85b4c41dcd26d4aba3b3d2
Luca Stealer payload (confidence level: 95%)
hashc5f6c6344e61f8f135012900a161a9c615bd5dacb212bc9535e5b52f668efeb2
Luca Stealer payload (confidence level: 95%)
hash990aeb75940bf9c0be7ca51c670c4489
Luca Stealer payload (confidence level: 95%)
hash75b5e6bdf69929c6851f2133f0d3b43c145e8030
Luca Stealer payload (confidence level: 95%)
hashe5a79aed0ffca9caace7460bdeff409085abcad86010a7c954d3f8e12c6ab8ea
Luca Stealer payload (confidence level: 95%)
hash38c5ab8b149671d0e1a909293855a2cc
Luca Stealer payload (confidence level: 95%)
hashb30fc6a47f9ad18f9051ce9b2db195465239a7ce
Troldesh payload (confidence level: 95%)
hash5f84809a778841f1dc64bc43d6bb1a822d6aa04a3ae65c5f9ad31a7fcb2cbca9
Troldesh payload (confidence level: 95%)
hash31058b2f10d9d0ea0a095085f7f48419
Troldesh payload (confidence level: 95%)
hashca271e07ae74aa2187f75e7486119b5f9533a1aa
Troldesh payload (confidence level: 95%)
hasha5544b2883cfaf8c1e95d59d047a46d8327bc3f3f0b1c16a0353d82b9c3d3b5c
Troldesh payload (confidence level: 95%)
hash37a4cbcfc097dfea1e537f6fde3124bf
Troldesh payload (confidence level: 95%)
hashbf56664c726424df6fe582d73af86b664747c754
Luca Stealer payload (confidence level: 95%)
hasha36e03e286f46259a47681d46e7cb983f40b3b3111ae3ad446ec3fbe8f3e438f
Luca Stealer payload (confidence level: 95%)
hash21f230a80b6efa2015832191abdacde8
Luca Stealer payload (confidence level: 95%)
hashb7b75331fe7777c8bfb2376a775e15d1342760e8
Luca Stealer payload (confidence level: 95%)
hash0421d508cf4c4a8253cb7f6fd7a723709f9da5f0c58d7fec9171c1bc9ad481f5
Luca Stealer payload (confidence level: 95%)
hash0f3189ac59cf4e45e331972594be7d81
Luca Stealer payload (confidence level: 95%)
hashb50192430dd38a3f3922aa43a0c77be5636c555a
Luca Stealer payload (confidence level: 95%)
hash490f0fcdf8776373889153bd7b8c6e1ff0604b4aa0107d050d7b67589c8c03d6
Luca Stealer payload (confidence level: 95%)
hash74d288aa79a500c2451e9785d48318c5
Luca Stealer payload (confidence level: 95%)
hash3c927353ae25058234cbd03b011f059f5f292d64
Lambert payload (confidence level: 95%)
hash7ea4f2335075f72bbf25fa98aa8b69da7035267b3ffe1b7dc1bbb0594c1bd4e7
Lambert payload (confidence level: 95%)
hash9366c49321749cf12f679f298692ab8c
Lambert payload (confidence level: 95%)
hashd645fff92ae60a5fde73e1f62aef82f40cf6a1d2
XWorm payload (confidence level: 95%)
hash9198c970d6b61c1f22b6e2e4065fd99e8fd107c3bb8162c8aef56559459e9ff1
XWorm payload (confidence level: 95%)
hasha0b724a087d8e87aa0571726265153a3
XWorm payload (confidence level: 95%)
hash558faad25f2c2721337615cde1e22d83e69dbb6e
Skimer payload (confidence level: 95%)
hash30c466aa6d9145c72a136fc32947b570f5732f4f047aef639ac91aff7aeb365b
Skimer payload (confidence level: 95%)
hashec30d8352ce6529536317a6e6285d8d9
Skimer payload (confidence level: 95%)
hash0f346024d922443d44deb4b1708ad1e847152a81
Colony payload (confidence level: 95%)
hash23834e45fd6694c22a37549837d00819290d9643602f87d67cb43b15f8f86638
Colony payload (confidence level: 95%)
hash0c0646acc1fe0827c2160201c546a525
Colony payload (confidence level: 95%)
hashe12a3c69701f45957ac5b00b64af38fc4efda36f
Troldesh payload (confidence level: 95%)
hashc0e4894f3a0d23d0d47b0c270ceeb78543f775abaf013b33de8b1d3cd46e0ed8
Troldesh payload (confidence level: 95%)
hash3b4e4c29cb3442dff17f8522f67f00f7
Troldesh payload (confidence level: 95%)
hash2b5bd8a7e9233d30db1fbdbb113bba48732453a7
Luca Stealer payload (confidence level: 95%)
hash918cd73d0a5ee4473de1c125bca5c6596b5eac3055afd44d4c7a6430dd19d72e
Luca Stealer payload (confidence level: 95%)
hash4fd948ec7c9183bd9a02faea99378c5f
Luca Stealer payload (confidence level: 95%)
hash6f15342115bf0f809470493353b1d63a61581f89
LockFile payload (confidence level: 95%)
hash354a362811b8917bd7245cdd43fe12de9ca3f5f6afe5a2ec97eec81c400a4101
LockFile payload (confidence level: 95%)
hash411599fd87fec52a617a521bd9a574b9
LockFile payload (confidence level: 95%)
hash443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash417
Tofsee botnet C2 server (confidence level: 100%)
hash430
Tofsee botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash28371
Sliver botnet C2 server (confidence level: 90%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash2053
Hook botnet C2 server (confidence level: 100%)
hash8244
DCRat botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash8096
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash9090
Unknown malware botnet C2 server (confidence level: 100%)
hash9090
Unknown malware botnet C2 server (confidence level: 100%)
hash2083
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8088
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash428
Tofsee botnet C2 server (confidence level: 100%)
hash12121
Mirai botnet C2 server (confidence level: 75%)
hash801
Cobalt Strike botnet C2 server (confidence level: 100%)
hash801
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9090
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 50%)
hash180
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8055
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash443
NjRAT botnet C2 server (confidence level: 50%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 50%)
hash2404
Remcos botnet C2 server (confidence level: 75%)
hash443
Kimsuky botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash54926
AsyncRAT botnet C2 server (confidence level: 50%)
hash6606
AsyncRAT botnet C2 server (confidence level: 50%)
hash7707
AsyncRAT botnet C2 server (confidence level: 50%)
hash8080
AsyncRAT botnet C2 server (confidence level: 50%)
hash8808
AsyncRAT botnet C2 server (confidence level: 50%)
hash6606
AsyncRAT botnet C2 server (confidence level: 50%)
hash7707
AsyncRAT botnet C2 server (confidence level: 50%)
hash8808
AsyncRAT botnet C2 server (confidence level: 50%)
hash6606
AsyncRAT botnet C2 server (confidence level: 50%)
hash7707
AsyncRAT botnet C2 server (confidence level: 50%)
hash8808
AsyncRAT botnet C2 server (confidence level: 50%)
hash1492
DarkComet botnet C2 server (confidence level: 50%)
hash7777
DCRat botnet C2 server (confidence level: 50%)
hash39536
NjRAT botnet C2 server (confidence level: 50%)
hash55960
NjRAT botnet C2 server (confidence level: 50%)
hash10134
Orcus RAT botnet C2 server (confidence level: 50%)
hash10134
Orcus RAT botnet C2 server (confidence level: 50%)
hash5505
Orcus RAT botnet C2 server (confidence level: 50%)
hash24405
XWorm botnet C2 server (confidence level: 50%)
hash3911
XWorm botnet C2 server (confidence level: 75%)
hash3421
Remcos botnet C2 server (confidence level: 75%)
hash80
ValleyRAT botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8088
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2096
Cobalt Strike botnet C2 server (confidence level: 100%)
hash46167
Remcos botnet C2 server (confidence level: 100%)
hash80
Remcos botnet C2 server (confidence level: 100%)
hash111
AsyncRAT botnet C2 server (confidence level: 100%)
hash222
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash2053
Hook botnet C2 server (confidence level: 100%)
hash443
Quasar RAT botnet C2 server (confidence level: 100%)
hash5432
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash25
Unknown malware botnet C2 server (confidence level: 100%)
hash110
Unknown malware botnet C2 server (confidence level: 100%)
hash143
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash587
Unknown malware botnet C2 server (confidence level: 100%)
hash993
Unknown malware botnet C2 server (confidence level: 100%)
hash995
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 75%)
hash60000
Unknown malware botnet C2 server (confidence level: 75%)
hash2404
Remcos botnet C2 server (confidence level: 75%)
hash9090
Remcos botnet C2 server (confidence level: 75%)
hash7070
Remcos botnet C2 server (confidence level: 75%)
hash12345
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash7443
Unknown malware botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash15302
Remcos botnet C2 server (confidence level: 50%)
hash4449
AsyncRAT botnet C2 server (confidence level: 75%)
hash8080
Meterpreter botnet C2 server (confidence level: 75%)
hash81
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8043
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7777
DCRat botnet C2 server (confidence level: 100%)
hash27979
ValleyRAT botnet C2 server (confidence level: 100%)
hash27997
ValleyRAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hashdadb12e40e8901c626da98888faf3808571aa2c0c4ef4aa51538b419f5fb8692
XWorm payload (confidence level: 50%)
hash466e6a46ae231f4642d2b7637c48ad97dc8ff998ea7bc7ecd42a2a4d0dc756f5
XWorm payload (confidence level: 50%)
hash5f40c7dc1ada65ce3ccef268ae6740e9adedb14e7f2fb4722b74c8a710c04948
XWorm payload (confidence level: 50%)
hash8076
Remcos botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8088
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Remcos botnet C2 server (confidence level: 100%)
hash4443
Sliver botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash8001
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash465
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
MimiKatz botnet C2 server (confidence level: 100%)
hash40734
Remcos botnet C2 server (confidence level: 100%)
hash6666
ValleyRAT botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash14645
Remcos botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8282
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Latrodectus botnet C2 server (confidence level: 90%)
hash443
Quasar RAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash80
Bashlite botnet C2 server (confidence level: 100%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 50%)
hash80
Ghost RAT botnet C2 server (confidence level: 50%)
hash9527
ValleyRAT botnet C2 server (confidence level: 100%)
hash80
Kimsuky botnet C2 server (confidence level: 50%)
hash58849
Remcos botnet C2 server (confidence level: 50%)
hash443
Sliver botnet C2 server (confidence level: 75%)
hash8443
Sliver botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash3778
Mirai botnet C2 server (confidence level: 100%)

Domain

ValueDescriptionCopy
domainelectrurm.com
Unknown malware botnet C2 domain (confidence level: 75%)
domainbestwallet.my-profai.com
Poseidon Stealer botnet C2 domain (confidence level: 100%)
domaintradingview.little-mouse.xyz
Poseidon Stealer botnet C2 domain (confidence level: 100%)
domaingodblessyou.world
NetSupportManager RAT botnet C2 domain (confidence level: 100%)
domainblessyoumother.world
NetSupportManager RAT botnet C2 domain (confidence level: 100%)
domain14j1eqpwe044f.cfc-execute.bj.baidubce.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainplaynest.tech
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainsst.zidd0o.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwebmail.tempoestil.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainmail.tempoestil.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainautodiscover.tempoestil.com
Unknown malware botnet C2 domain (confidence level: 100%)
domaintraxanhc2.duckdns.org
Mirai botnet C2 domain (confidence level: 75%)
domainneguh.run
ClearFake payload delivery domain (confidence level: 100%)
domainview.mexcs.shop
Kimsuky botnet C2 domain (confidence level: 50%)
domainss037.no-ip.biz
DarkComet botnet C2 domain (confidence level: 50%)
domainmicrosoftdefenderr.serveftp.com
Nanocore RAT botnet C2 domain (confidence level: 50%)
domainmilitary-nelson.at.playit.gg
Nanocore RAT botnet C2 domain (confidence level: 50%)
domainaprendizleao.no-ip.org
NjRAT botnet C2 domain (confidence level: 50%)
domainxxxploit.ddns.net
NjRAT botnet C2 domain (confidence level: 50%)
domainmembers-path.at.playit.gg
Orcus RAT botnet C2 domain (confidence level: 50%)
domainplutoniumxxx.kro.kr
Orcus RAT botnet C2 domain (confidence level: 50%)
domainbadass3456-45555.portmap.host
Quasar RAT botnet C2 domain (confidence level: 50%)
domaindagodnox.ddns.net
Quasar RAT botnet C2 domain (confidence level: 50%)
domainelhombre3176-56154.portmap.io
Quasar RAT botnet C2 domain (confidence level: 50%)
domainharbingerofdeath-46635.portmap.io
Quasar RAT botnet C2 domain (confidence level: 50%)
domainharoborobo971-30110.portmap.host
Quasar RAT botnet C2 domain (confidence level: 50%)
domainimpala701-47727.portmap.host
Quasar RAT botnet C2 domain (confidence level: 50%)
domainmongrel38-43817.portmap.host
Quasar RAT botnet C2 domain (confidence level: 50%)
domainpearlharbor953-54421.portmap.host
Quasar RAT botnet C2 domain (confidence level: 50%)
domainrawcostura80-56041.portmap.io
Quasar RAT botnet C2 domain (confidence level: 50%)
domainshirosensei2486-37140.portmap.host
Quasar RAT botnet C2 domain (confidence level: 50%)
domainzuckkyrabi198-60433.portmap.io
Quasar RAT botnet C2 domain (confidence level: 50%)
domaincursuve.ddns.net
Remcos botnet C2 domain (confidence level: 50%)
domaininstitute-trademarks.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domaincoachhoney.info
Unknown Loader botnet C2 domain (confidence level: 100%)
domainsheetmorning.xyz
Unknown Loader botnet C2 domain (confidence level: 100%)
domainbotangroup.duckdns.org
XWorm botnet C2 domain (confidence level: 100%)
domaintt.cbrw.ru
ClearFake payload delivery domain (confidence level: 100%)
domaincoinomi.space
Unknown Loader payload delivery domain (confidence level: 90%)
domain32.aa.4t.com
Vidar botnet C2 domain (confidence level: 100%)
domaindazzling-dhawan.94-156-177-241.plesk.page
AsyncRAT botnet C2 domain (confidence level: 100%)
domainaccess.accessingdiba.posteid-a365.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainwww.exchangeodds.live
Unknown malware botnet C2 domain (confidence level: 100%)
domainc.paypal.posteid-a365.com
Unknown malware botnet C2 domain (confidence level: 100%)
domaincsp.posteid-a365.com
Unknown malware botnet C2 domain (confidence level: 100%)
domaintofukai.cfd
ClearFake payload delivery domain (confidence level: 100%)
domainwww.0189.vip
Formbook botnet C2 domain (confidence level: 50%)
domainwww.06157.club
Formbook botnet C2 domain (confidence level: 50%)
domainwww.0929.locker
Formbook botnet C2 domain (confidence level: 50%)
domainwww.0psrx.sbs
Formbook botnet C2 domain (confidence level: 50%)
domainwww.1500.sbs
Formbook botnet C2 domain (confidence level: 50%)
domainwww.1kkee321.lat
Formbook botnet C2 domain (confidence level: 50%)
domainwww.20840682.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.2345bgnrty.lol
Formbook botnet C2 domain (confidence level: 50%)
domainwww.3groupe.business
Formbook botnet C2 domain (confidence level: 50%)
domainwww.4249984.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.4249987.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.4260380.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.4260576.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.4270911.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.4loj.cyou
Formbook botnet C2 domain (confidence level: 50%)
domainwww.6wvpeijflqtm.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.8299.vip
Formbook botnet C2 domain (confidence level: 50%)
domainwww.acauchocolateonline.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ahamasskate.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.aiasangels.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ailis.cfd
Formbook botnet C2 domain (confidence level: 50%)
domainwww.alancedteam.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ameweb.cloud
Formbook botnet C2 domain (confidence level: 50%)
domainwww.aminvip3210.sbs
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ammem.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.andersbro.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ar6toprea.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ar79872479489.today
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ardedout.store
Formbook botnet C2 domain (confidence level: 50%)
domainwww.arehouse-jobs-52853.bond
Formbook botnet C2 domain (confidence level: 50%)
domainwww.arkettelligence.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.arveno.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.asereward.cloud
Formbook botnet C2 domain (confidence level: 50%)
domainwww.asternky.university
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ataleague.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.avada129.casino
Formbook botnet C2 domain (confidence level: 50%)
domainwww.avada566.casino
Formbook botnet C2 domain (confidence level: 50%)
domainwww.azerian.fun
Formbook botnet C2 domain (confidence level: 50%)
domainwww.b-us-stone-panels-27f.today
Formbook botnet C2 domain (confidence level: 50%)
domainwww.conomicaccelerationzones.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.devgirdi.cfd
Formbook botnet C2 domain (confidence level: 50%)
domainwww.dgx0i.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.eaconfactory.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ealallergystudyhall.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.eddingready.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.eforcertx5090.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.egapay.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.egapersoneaals.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.egapromodealsdirect.world
Formbook botnet C2 domain (confidence level: 50%)
domainwww.eilaiquan.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.eltatechnologies.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.elzz.store
Formbook botnet C2 domain (confidence level: 50%)
domainwww.emzone.asia
Formbook botnet C2 domain (confidence level: 50%)
domainwww.eomappa.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ercowboy.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.erityhub.tech
Formbook botnet C2 domain (confidence level: 50%)
domainwww.esignedbyclaire.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.etrev.world
Formbook botnet C2 domain (confidence level: 50%)
domainwww.etwaymkrwell.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.eviewyourdata.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.fghfghf.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.gbdth.cfd
Formbook botnet C2 domain (confidence level: 50%)
domainwww.gencewebinaire.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.gkdemy.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.hatchadoin.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.hcar.asia
Formbook botnet C2 domain (confidence level: 50%)
domainwww.hescxpoi.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.iami-florida-county.cfd
Formbook botnet C2 domain (confidence level: 50%)
domainwww.idas-development.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.implyhome.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.iomar.biz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.iringpartnersinc.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ishlist.run
Formbook botnet C2 domain (confidence level: 50%)
domainwww.isneyai.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.itmap.group
Formbook botnet C2 domain (confidence level: 50%)
domainwww.itness-center-id-5619388.world
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ivajjmahal.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.jhekite.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.lainfacedproductions.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.laza.construction
Formbook botnet C2 domain (confidence level: 50%)
domainwww.lexacons.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ljorge.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.llabordage-team.tech
Formbook botnet C2 domain (confidence level: 50%)
domainwww.lus-size-swimsuit.today
Formbook botnet C2 domain (confidence level: 50%)
domainwww.msp672.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.naughtbooks.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.naycrystalsava.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ncryptchat.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ndreas-marketing.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.nipers.digital
Formbook botnet C2 domain (confidence level: 50%)
domainwww.notherattributeecosystem.pro
Formbook botnet C2 domain (confidence level: 50%)
domainwww.nsitechsolatam.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ntelligenceplatform.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ochafariasbusiness.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.odeinfra.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.omfortemporium.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ommodity-market-29.click
Formbook botnet C2 domain (confidence level: 50%)
domainwww.oogleplay.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ordphanter.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ouasd.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.oyle-lawgroup.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.pblanket.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.pcuappconnect-7x.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.perturear.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.rade-your-teacher.store
Formbook botnet C2 domain (confidence level: 50%)
domainwww.raft-opia.app
Formbook botnet C2 domain (confidence level: 50%)
domainwww.rainontheterrain.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.rca-nc-test-13.fyi
Formbook botnet C2 domain (confidence level: 50%)
domainwww.reaatendimento.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.reefiremaxapk.pro
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ridgingruralcommunities.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.rimeone.fun
Formbook botnet C2 domain (confidence level: 50%)
domainwww.romof.irish
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ronbloodtattoos.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ryt.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.scritorioonline.store
Formbook botnet C2 domain (confidence level: 50%)
domainwww.sghgs.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.spainproxy129.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.tfe2f.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.tp-jos178-a1.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ubliccnfdcbqae.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.usclecarsales.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ustraliafamilycare.store
Formbook botnet C2 domain (confidence level: 50%)
domainwww.vatardesigns.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.vx1s297.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.y71751.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.yesite.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.zcc90.sbs
Formbook botnet C2 domain (confidence level: 50%)
domainbyamba.webredirect.org
Remcos botnet C2 domain (confidence level: 50%)
domainkabla.duckdns.org
Remcos botnet C2 domain (confidence level: 50%)
domainjeqov.run
ClearFake payload delivery domain (confidence level: 100%)
domainnet-2-45-248-130.cust.vodafonedsl.it
Unknown malware botnet C2 domain (confidence level: 100%)
domaincp.exchangeodds.live
Unknown malware botnet C2 domain (confidence level: 100%)
domaintvmovies.online
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainudevd.microsoftools.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainchinapark.top
NetSupportManager RAT payload delivery domain (confidence level: 100%)
domaintotalsolucao.com
NetSupportManager RAT payload delivery domain (confidence level: 100%)
domainwww.roammco.com
FAKEUPDATES botnet C2 domain (confidence level: 100%)
domaindynk.run
ClearFake payload delivery domain (confidence level: 100%)
domainlykr.run
ClearFake payload delivery domain (confidence level: 100%)
domainqupt.run
ClearFake payload delivery domain (confidence level: 100%)
domainxelw.run
ClearFake payload delivery domain (confidence level: 100%)
domainjipg.run
ClearFake payload delivery domain (confidence level: 100%)
domainsulf.run
ClearFake payload delivery domain (confidence level: 100%)
domainbiuropgcnc.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainbiuropgcncbk.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainjunm.run
ClearFake payload delivery domain (confidence level: 100%)
domainnygz.run
ClearFake payload delivery domain (confidence level: 100%)
domainbalp.run
ClearFake payload delivery domain (confidence level: 100%)
domainlicz.run
ClearFake payload delivery domain (confidence level: 100%)
domainkpnoq8eil.localto.net
AsyncRAT botnet C2 domain (confidence level: 50%)
domainhackeroibambini-38888.portmap.io
Nanocore RAT botnet C2 domain (confidence level: 50%)
domainaliendemon.no-ip.org
NjRAT botnet C2 domain (confidence level: 50%)
domainwilliamou.no-ip.biz
NjRAT botnet C2 domain (confidence level: 50%)
domainsuave0316.ddns.net
Remcos botnet C2 domain (confidence level: 50%)
domainasusupdateserver.asuscomm.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainvclpg.run
ClearFake payload delivery domain (confidence level: 100%)
domainffjdc.run
ClearFake payload delivery domain (confidence level: 100%)
domainaliyun-prvhqgdlsj.cn-hangzhou.fcapp.run
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainmmgdt.run
ClearFake payload delivery domain (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttp://traveljournal-techinsights.com/api/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttps://roomplot.icu/art.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttp://disciply.nl/tmp/
SmokeLoader botnet C2 (confidence level: 100%)
urlhttp://textbin.net/raw/ohar02rduo
AsyncRAT botnet C2 (confidence level: 50%)
urlhttp://crowsalt.icu/tri.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://0wninepicchf.bet/lznd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://5-4meteorplyp.live/lekp
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://6posseswsnc.top/akds
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://9featurlyin.top/pdal
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://barmgek.digital/bmx
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://dinterpwthc.digital/juab
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://govercovtcg.top/juhd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://gsaraucahkbm.live/baneb
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://lblackswmxc.top/bgry
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://tfeaturlyin.top/pdal
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://wblackswmxc.top/bgry
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://xfeaturlyin.top/pdal
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://1meteorplyp.live/lekp
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://eblackswmxc.top/bgry
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://fblackswmxc.top/bgry
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://iflowerexju.bet/lanz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ngposseswsnc.top/akds
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://oblackswmxc.top/bgry
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ometeorplyp.live/lekp
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://qeasterxeen.run/zavc
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://qovercovtcg.top/juhd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://qposseswsnc.top/akds
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://uaraucahkbm.live/baneb
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://povercovtcg.top/juhd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://eovercovtcg.top/juhd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://gblackswmxc.top/bgry
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://taraucahkbm.live/baneb
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://45.194.17.148:8888/supershell/login/
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://5.75.210.140/
Vidar botnet C2 (confidence level: 100%)
urlhttps://32.aa.4t.com/
Vidar botnet C2 (confidence level: 100%)
urlhttp://www.0189.vip/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.06157.club/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.0929.locker/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.0psrx.sbs/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.1500.sbs/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.1kkee321.lat/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.20840682.xyz/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.2345bgnrty.lol/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.3groupe.business/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.4249984.xyz/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.4249987.xyz/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.4260380.xyz/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.4260576.xyz/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.4270911.xyz/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.4loj.cyou/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.6wvpeijflqtm.xyz/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.8299.vip/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.acauchocolateonline.shop/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ahamasskate.xyz/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.aiasangels.online/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ailis.cfd/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.alancedteam.info/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ameweb.cloud/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.aminvip3210.sbs/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ammem.info/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.andersbro.net/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ar6toprea.online/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ar79872479489.today/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ardedout.store/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.arehouse-jobs-52853.bond/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.arkettelligence.net/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.arveno.online/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.asereward.cloud/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.asternky.university/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ataleague.xyz/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.avada129.casino/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.avada566.casino/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.azerian.fun/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.b-us-stone-panels-27f.today/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.conomicaccelerationzones.net/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.devgirdi.cfd/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.dgx0i.top/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.eaconfactory.xyz/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ealallergystudyhall.online/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.eddingready.net/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.eforcertx5090.shop/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.egapay.shop/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.egapersoneaals.online/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.egapromodealsdirect.world/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.eilaiquan.xyz/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.eltatechnologies.info/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.elzz.store/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.emzone.asia/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.eomappa.net/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ercowboy.net/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.erityhub.tech/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.esignedbyclaire.info/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.etrev.world/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.etwaymkrwell.xyz/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.eviewyourdata.online/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.fghfghf.top/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.gbdth.cfd/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.gencewebinaire.net/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.gkdemy.net/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.hatchadoin.net/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.hcar.asia/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.hescxpoi.xyz/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.iami-florida-county.cfd/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.idas-development.info/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.implyhome.info/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.iomar.biz/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.iringpartnersinc.net/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ishlist.run/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.isneyai.online/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.itmap.group/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.itness-center-id-5619388.world/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ivajjmahal.shop/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.jhekite.shop/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.lainfacedproductions.xyz/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.laza.construction/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.lexacons.net/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.limpsepublishing.online/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ljorge.online/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.llabordage-team.tech/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.lus-size-swimsuit.today/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.mallelectricarsgb.bond/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.msp672.top/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.naughtbooks.info/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.naycrystalsava.shop/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ncryptchat.xyz/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ndreas-marketing.xyz/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.nipers.digital/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.notherattributeecosystem.pro/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.nsitechsolatam.net/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ntelligenceplatform.xyz/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ochafariasbusiness.online/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.odeinfra.xyz/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.omfortemporium.online/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ommodity-market-29.click/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.oogleplay.xyz/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ordphanter.info/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ouasd.xyz/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.oyle-lawgroup.online/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.pblanket.xyz/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.pcuappconnect-7x.online/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.perturear.xyz/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rade-your-teacher.store/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.raft-opia.app/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rainontheterrain.net/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rca-nc-test-13.fyi/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.reaatendimento.online/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.reefiremaxapk.pro/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ridgingruralcommunities.net/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rimeone.fun/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.romof.irish/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ronbloodtattoos.net/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ryt.net/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.scritorioonline.store/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.sghgs.xyz/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.spainproxy129.xyz/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.tfe2f.shop/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.tp-jos178-a1.online/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ubliccnfdcbqae.xyz/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.usclecarsales.online/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ustraliafamilycare.store/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.vatardesigns.xyz/kp18/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.vx1s297.top/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.y71751.xyz/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.yesite.online/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.zcc90.sbs/o82h/
Formbook botnet C2 (confidence level: 50%)
urlhttps://chinapark.top/fs/select.js
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://chinapark.top/fs/lll.php
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://totalsolucao.com/fsco.zip
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://www.roammco.com/profilelayout
FAKEUPDATES botnet C2 (confidence level: 100%)
urlhttps://8overcovtcg.top/juhd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ifeaturlyin.top/pdal
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://covercovtcg.top/juhd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://hvoznessxyy.life/bnaz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://nzmedtipp.live/mnvzx
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://dflowerexju.bet/lanz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://plumbbujjh.live/twnt
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://qdoovercovtcg.top/juhd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://52.199.49.4:7284/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://atezzz.atwebpages.com/1bfb1f66.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://captcha.suna.bet/5p5vtys3n4
AMOS payload delivery URL (confidence level: 100%)
urlhttp://112.126.77.39:8888/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://view.mexcs.shop
Kimsuky botnet C2 (confidence level: 50%)
urlhttps://discord.com/api/webhooks/938420152268115979/gbld0enqkdwrwc8vme5in_nqlycyfzkn_wq48f9rbqwaf9o_29tnubwgjg2bfqlldn8s
Unknown Loader payload delivery URL (confidence level: 50%)
urlhttps://cdn.discordapp.com/attachments/831225076187660348/902512908485935114/shost.exe
Unknown Loader payload delivery URL (confidence level: 50%)

Threat ID: 682c7db1e8347ec82d29f867

Added to database: 5/20/2025, 1:03:45 PM

Last enriched: 6/19/2025, 3:18:27 PM

Last updated: 8/15/2025, 9:45:25 AM

Views: 24

Related Threats

ThreatFox IOCs for 2025-08-18

Medium
MalwareTue Aug 19 2025

Fake ChatGPT Desktop App Delivering PipeMagic Backdoor, Microsoft

Medium
MalwareMon Aug 18 2025

Phishing Scam with Fake Copyright Notices Drops New Noodlophile Stealer Variant

Medium
MalwareMon Aug 18 2025

ThreatFox IOCs for 2025-08-17

Medium
MalwareMon Aug 18 2025

ThreatFox IOCs for 2025-08-16

Medium
MalwareSun Aug 17 2025

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats