Skip to main content

ThreatFox IOCs for 2025-05-15

Medium
Published: Thu May 15 2025 (05/15/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-05-15

AI-Powered Analysis

AILast updated: 06/19/2025, 14:05:52 UTC

Technical Analysis

The provided threat information pertains to a malware-related security threat identified as "ThreatFox IOCs for 2025-05-15." The threat is categorized under the "osint" product type, indicating that it likely involves open-source intelligence data or tools. The data includes indicators of compromise (IOCs) collected and shared via ThreatFox, a platform known for aggregating threat intelligence. However, the specific technical details about the malware's behavior, attack vectors, or affected software versions are not provided, and no known exploits in the wild have been reported. The threat level is rated as 2 on an unspecified scale, with an analysis rating of 1 and a distribution rating of 3, suggesting moderate dissemination potential but limited detailed analysis. The absence of affected versions and patch links implies that this threat may be related to emerging or less well-defined malware samples rather than a known vulnerability in a specific product. The tags "type:osint" and "tlp:white" indicate that the information is publicly shareable and relates to open-source intelligence, which may be used for reconnaissance or initial stages of an attack. Overall, this threat appears to be a medium-severity malware-related intelligence report with limited technical specifics and no active exploitation currently documented.

Potential Impact

For European organizations, the impact of this threat is currently moderate due to the lack of detailed exploitation data and absence of known active attacks. However, since the threat involves malware and is disseminated through open-source intelligence channels, it could be leveraged by threat actors for reconnaissance, initial access, or lateral movement within networks. The medium severity rating suggests potential risks to confidentiality, integrity, or availability if the malware is deployed effectively. European entities relying heavily on OSINT tools or platforms similar to ThreatFox might face increased exposure to reconnaissance activities or targeted malware campaigns. Additionally, sectors with high sensitivity to malware infections, such as finance, critical infrastructure, and government, could experience operational disruptions or data breaches if this threat evolves or is weaponized. The lack of authentication or user interaction details limits precise impact assessment, but the distribution rating indicates a moderate potential for spread, which could affect multiple organizations if exploited.

Mitigation Recommendations

Given the limited technical details, European organizations should adopt a proactive and layered defense approach. Specific recommendations include: 1) Enhance monitoring of OSINT platforms and threat intelligence feeds to detect emerging IOCs related to this malware promptly. 2) Implement network segmentation and strict access controls to limit malware propagation if initial compromise occurs. 3) Conduct regular threat hunting exercises focusing on malware behaviors associated with OSINT-based reconnaissance and delivery mechanisms. 4) Ensure endpoint detection and response (EDR) solutions are updated and configured to detect anomalous activities potentially linked to this threat. 5) Train security teams to recognize and respond to early indicators of malware infections, especially those originating from open-source intelligence sources. 6) Collaborate with national and European cybersecurity centers to share intelligence and receive timely alerts about developments related to this threat. These measures go beyond generic advice by focusing on the unique aspects of OSINT-related malware dissemination and the need for active threat intelligence integration.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
f50b8cca-387f-4f85-9417-4d0b7524c63f
Original Timestamp
1747353786

Indicators of Compromise

Domain

ValueDescriptionCopy
domainsaxecocnak.live
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainemphatakpn.bet
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainlaminaflbx.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainbrandenfrancseet.sbs
Unknown Loader payload delivery domain (confidence level: 100%)
domainfmovies123.top
NetSupportManager RAT payload delivery domain (confidence level: 100%)
domainndgpt.ru
ClearFake payload delivery domain (confidence level: 100%)
domainzdqdc.ru
ClearFake payload delivery domain (confidence level: 100%)
domainec2-54-183-101-23.us-west-1.compute.amazonaws.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainflowergrandeseen.sbs
Unknown Loader payload delivery domain (confidence level: 100%)
domainconsole24.online
Unknown Loader payload delivery domain (confidence level: 100%)
domaindvwct.ru
ClearFake payload delivery domain (confidence level: 100%)
domainmahsa2283qt9.mahsaaminivpn.com
Hook botnet C2 domain (confidence level: 100%)
domainwebpanel.elementfx.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainecs-113-44-39-1.compute.hwclouds-dns.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainsilver-map.gl.at.ply.gg
Remcos botnet C2 domain (confidence level: 50%)
domainfrederichoms.com
FAKEUPDATES payload delivery domain (confidence level: 50%)
domaintool.municipiodechepo.org
Unknown malware botnet C2 domain (confidence level: 50%)
domainapi.incapdns.kz
Unknown malware botnet C2 domain (confidence level: 50%)
domainblog.jasonlees.com
Unknown malware botnet C2 domain (confidence level: 50%)
domainreport.monicabellucci.kz
Unknown malware botnet C2 domain (confidence level: 50%)
domaindeveloper.master.org.kz
Unknown malware botnet C2 domain (confidence level: 50%)
domaincast.voxcdn.kz
Unknown malware botnet C2 domain (confidence level: 50%)
domainhost.moresecurity.kz
Unknown malware botnet C2 domain (confidence level: 50%)
domainryanberardi.com
Unknown malware botnet C2 domain (confidence level: 50%)
domainonlinemail.kz
Unknown malware botnet C2 domain (confidence level: 50%)
domaincontactlistsagregator.com
Unknown malware botnet C2 domain (confidence level: 50%)
domainblameaowi.run
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainchangenwg.run
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainflamingof.run
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainbootplate.info
Unknown Loader botnet C2 domain (confidence level: 100%)
domainsistertable.xyz
Unknown Loader botnet C2 domain (confidence level: 100%)
domain16.16.4t.com
Vidar botnet C2 domain (confidence level: 100%)
domainanna-akhmatova.com
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainjerusd.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaingolconz.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincladwybn.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainou.qymj.ru
ClearFake payload delivery domain (confidence level: 100%)
domainfanclubsemantics.sbs
Unknown Loader payload delivery domain (confidence level: 100%)
domainaneesh-technomakest.duckdns.org
Remcos botnet C2 domain (confidence level: 50%)
domainaneesh-technomakestbk.duckdns.org
Remcos botnet C2 domain (confidence level: 50%)
domainwss.telegrma.app
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainstealer.cy
Unknown Stealer payload delivery domain (confidence level: 50%)
domainwww.rivercitymech.biz
FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainawndsjkduiukekwltdadjwadawds.ru
Unknown Stealer botnet C2 domain (confidence level: 50%)
domainpentagonstealer.ru
Unknown Stealer botnet C2 domain (confidence level: 50%)
domainpentagon.cy
Unknown Stealer botnet C2 domain (confidence level: 50%)
domaintestwebsite01-70h.pages.dev
Unknown Stealer botnet C2 domain (confidence level: 50%)
domainbadgervolleyball.org
NetSupportManager RAT payload delivery domain (confidence level: 100%)
domainqv.gahq.ru
ClearFake payload delivery domain (confidence level: 100%)
domain8r.czlw.ru
ClearFake payload delivery domain (confidence level: 100%)

File

ValueDescriptionCopy
file47.96.114.159
Cobalt Strike botnet C2 server (confidence level: 100%)
file159.65.9.106
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.115.202.126
Cobalt Strike botnet C2 server (confidence level: 100%)
file205.198.88.140
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.100.76.142
Cobalt Strike botnet C2 server (confidence level: 100%)
file134.175.229.167
Cobalt Strike botnet C2 server (confidence level: 100%)
file196.251.85.128
Remcos botnet C2 server (confidence level: 100%)
file172.111.244.102
Remcos botnet C2 server (confidence level: 100%)
file3.17.164.16
Sliver botnet C2 server (confidence level: 100%)
file8.218.254.239
Unknown malware botnet C2 server (confidence level: 100%)
file186.169.82.245
AsyncRAT botnet C2 server (confidence level: 100%)
file3.215.185.215
AsyncRAT botnet C2 server (confidence level: 100%)
file45.141.84.229
SectopRAT botnet C2 server (confidence level: 100%)
file206.206.126.216
Hook botnet C2 server (confidence level: 100%)
file37.252.19.120
Havoc botnet C2 server (confidence level: 100%)
file194.195.251.227
Unknown malware botnet C2 server (confidence level: 100%)
file182.16.26.210
ValleyRAT botnet C2 server (confidence level: 100%)
file193.124.41.54
Cobalt Strike botnet C2 server (confidence level: 100%)
file175.27.250.248
Unknown malware botnet C2 server (confidence level: 100%)
file128.90.106.147
AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.113.220
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.116.59
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.116.59
AsyncRAT botnet C2 server (confidence level: 100%)
file54.36.114.72
Unknown malware botnet C2 server (confidence level: 100%)
file35.227.3.131
Unknown malware botnet C2 server (confidence level: 100%)
file156.208.9.253
DCRat botnet C2 server (confidence level: 100%)
file217.18.210.142
DCRat botnet C2 server (confidence level: 100%)
file80.74.28.101
Unknown malware botnet C2 server (confidence level: 100%)
file45.249.244.192
Unknown malware botnet C2 server (confidence level: 100%)
file5.129.200.87
Unknown malware botnet C2 server (confidence level: 100%)
file49.12.113.198
Unknown malware botnet C2 server (confidence level: 100%)
file132.220.9.187
Unknown malware botnet C2 server (confidence level: 100%)
file18.141.207.185
Unknown malware botnet C2 server (confidence level: 100%)
file209.74.83.112
Unknown malware botnet C2 server (confidence level: 100%)
file134.199.174.247
Unknown malware botnet C2 server (confidence level: 100%)
file191.252.214.71
Unknown malware botnet C2 server (confidence level: 100%)
file34.93.255.12
Unknown malware botnet C2 server (confidence level: 100%)
file172.189.165.37
Unknown malware botnet C2 server (confidence level: 100%)
file147.135.75.234
Unknown malware botnet C2 server (confidence level: 100%)
file203.177.95.83
Unknown malware botnet C2 server (confidence level: 100%)
file194.206.75.137
Unknown malware botnet C2 server (confidence level: 100%)
file185.181.8.193
Unknown malware botnet C2 server (confidence level: 100%)
file13.51.128.227
Unknown malware botnet C2 server (confidence level: 100%)
file13.51.246.31
Unknown malware botnet C2 server (confidence level: 100%)
file4.180.175.67
Unknown malware botnet C2 server (confidence level: 100%)
file172.190.97.151
Unknown malware botnet C2 server (confidence level: 100%)
file52.29.87.239
Unknown malware botnet C2 server (confidence level: 100%)
file52.29.87.239
Unknown malware botnet C2 server (confidence level: 100%)
file46.36.41.35
Unknown malware botnet C2 server (confidence level: 100%)
file35.182.126.131
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file45.66.248.239
Latrodectus botnet C2 server (confidence level: 90%)
file8.134.70.73
Cobalt Strike botnet C2 server (confidence level: 100%)
file113.45.137.206
Cobalt Strike botnet C2 server (confidence level: 100%)
file212.162.155.38
Cobalt Strike botnet C2 server (confidence level: 100%)
file139.9.197.63
Cobalt Strike botnet C2 server (confidence level: 100%)
file18.167.69.145
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.92.142.110
Cobalt Strike botnet C2 server (confidence level: 100%)
file66.181.36.218
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.133.180.138
AsyncRAT botnet C2 server (confidence level: 75%)
file216.9.224.158
Remcos botnet C2 server (confidence level: 75%)
file216.9.224.158
Remcos botnet C2 server (confidence level: 75%)
file166.88.182.216
FAKEUPDATES botnet C2 server (confidence level: 100%)
file78.47.78.115
Vidar botnet C2 server (confidence level: 100%)
file49.12.106.231
Vidar botnet C2 server (confidence level: 100%)
file156.238.233.94
Cobalt Strike botnet C2 server (confidence level: 100%)
file193.43.91.117
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.70.25.169
Cobalt Strike botnet C2 server (confidence level: 100%)
file198.55.102.43
Remcos botnet C2 server (confidence level: 100%)
file172.94.9.180
Remcos botnet C2 server (confidence level: 100%)
file120.55.126.188
Sliver botnet C2 server (confidence level: 100%)
file121.127.33.197
Unknown malware botnet C2 server (confidence level: 100%)
file172.81.135.7
AsyncRAT botnet C2 server (confidence level: 100%)
file23.145.40.108
Unknown malware botnet C2 server (confidence level: 100%)
file192.227.209.49
Unknown malware botnet C2 server (confidence level: 100%)
file47.128.228.209
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file47.128.228.209
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file45.150.34.16
MooBot botnet C2 server (confidence level: 100%)
file111.230.6.33
Unknown malware botnet C2 server (confidence level: 100%)
file192.227.128.8
Cobalt Strike botnet C2 server (confidence level: 100%)
file143.198.86.20
Cobalt Strike botnet C2 server (confidence level: 100%)
file205.185.122.202
Cobalt Strike botnet C2 server (confidence level: 100%)
file81.69.17.187
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.92.218.188
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.126.136.95
Cobalt Strike botnet C2 server (confidence level: 100%)
file34.237.228.97
Cobalt Strike botnet C2 server (confidence level: 100%)
file106.225.242.93
DeimosC2 botnet C2 server (confidence level: 75%)
file164.90.170.149
Havoc botnet C2 server (confidence level: 75%)
file191.112.19.228
QakBot botnet C2 server (confidence level: 75%)
file44.197.118.25
Havoc botnet C2 server (confidence level: 75%)
file70.27.138.240
QakBot botnet C2 server (confidence level: 75%)
file112.121.172.10
ValleyRAT botnet C2 server (confidence level: 100%)
file206.238.115.155
AsyncRAT botnet C2 server (confidence level: 75%)
file206.238.115.155
AsyncRAT botnet C2 server (confidence level: 75%)
file156.243.1.71
Meterpreter botnet C2 server (confidence level: 75%)
file54.90.144.239
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file148.113.214.176
Remcos botnet C2 server (confidence level: 50%)
file191.96.39.104
Remcos botnet C2 server (confidence level: 50%)
file47.109.177.97
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.153.206.206
Cobalt Strike botnet C2 server (confidence level: 100%)
file1.15.174.189
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.92.15.53
Cobalt Strike botnet C2 server (confidence level: 100%)
file118.178.189.206
Cobalt Strike botnet C2 server (confidence level: 100%)
file118.178.188.203
Cobalt Strike botnet C2 server (confidence level: 100%)
file120.27.197.246
Cobalt Strike botnet C2 server (confidence level: 100%)
file51.89.204.11
Remcos botnet C2 server (confidence level: 100%)
file142.171.3.163
Unknown malware botnet C2 server (confidence level: 100%)
file128.90.106.147
AsyncRAT botnet C2 server (confidence level: 100%)
file144.172.104.135
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.116.59
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.116.59
AsyncRAT botnet C2 server (confidence level: 100%)
file3.226.74.199
Unknown malware botnet C2 server (confidence level: 100%)
file34.148.218.89
Havoc botnet C2 server (confidence level: 100%)
file20.67.242.112
Havoc botnet C2 server (confidence level: 100%)
file47.121.30.118
Vshell botnet C2 server (confidence level: 100%)
file120.70.25.169
Cobalt Strike botnet C2 server (confidence level: 75%)
file104.223.123.147
Cobalt Strike botnet C2 server (confidence level: 100%)
file134.175.229.167
Cobalt Strike botnet C2 server (confidence level: 100%)
file85.239.52.195
Latrodectus botnet C2 server (confidence level: 90%)
file45.86.230.235
Latrodectus botnet C2 server (confidence level: 90%)
file141.98.6.13
Hook botnet C2 server (confidence level: 100%)
file159.89.17.182
Havoc botnet C2 server (confidence level: 100%)
file47.128.236.179
MimiKatz botnet C2 server (confidence level: 100%)
file185.222.57.92
RedLine Stealer botnet C2 server (confidence level: 100%)
file60.204.169.16
Cobalt Strike botnet C2 server (confidence level: 100%)
file119.28.116.34
Cobalt Strike botnet C2 server (confidence level: 100%)
file179.12.116.83
Remcos botnet C2 server (confidence level: 100%)
file103.79.76.40
pupy botnet C2 server (confidence level: 100%)
file5.35.125.78
Sliver botnet C2 server (confidence level: 100%)
file5.35.125.78
Sliver botnet C2 server (confidence level: 100%)
file156.244.7.77
Unknown malware botnet C2 server (confidence level: 100%)
file176.65.140.223
Hook botnet C2 server (confidence level: 100%)
file172.86.110.114
Havoc botnet C2 server (confidence level: 100%)
file37.252.19.120
Havoc botnet C2 server (confidence level: 100%)
file5.12.198.153
Orcus RAT botnet C2 server (confidence level: 100%)
file139.59.242.226
MooBot botnet C2 server (confidence level: 100%)
file185.146.232.235
Unknown malware botnet C2 server (confidence level: 100%)
file13.209.225.120
DeimosC2 botnet C2 server (confidence level: 75%)
file172.86.110.114
Havoc botnet C2 server (confidence level: 75%)
file18.142.54.122
BianLian botnet C2 server (confidence level: 75%)
file194.219.251.137
QakBot botnet C2 server (confidence level: 75%)
file35.239.145.98
DeimosC2 botnet C2 server (confidence level: 75%)
file45.134.62.106
DeimosC2 botnet C2 server (confidence level: 75%)
file70.27.138.240
QakBot botnet C2 server (confidence level: 75%)
file75.2.11.125
DeimosC2 botnet C2 server (confidence level: 75%)

Hash

ValueDescriptionCopy
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9998
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8086
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9090
Remcos botnet C2 server (confidence level: 100%)
hash37830
Remcos botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash9999
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash15647
SectopRAT botnet C2 server (confidence level: 100%)
hash8082
Hook botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash4000
Unknown malware botnet C2 server (confidence level: 100%)
hash56105
ValleyRAT botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash2000
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash2222
AsyncRAT botnet C2 server (confidence level: 100%)
hash7777
AsyncRAT botnet C2 server (confidence level: 100%)
hash3001
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash4445
DCRat botnet C2 server (confidence level: 100%)
hash1995
DCRat botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash3434
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3000
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash9876
Unknown malware botnet C2 server (confidence level: 100%)
hash833
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443
Latrodectus botnet C2 server (confidence level: 90%)
hashbf3b43f5e4398ac810f005200519e096349b2237587d920d3c9b83525bb6bafc
DarkCloud Stealer payload (confidence level: 50%)
hash9940de30f3930cf0d0e9e9c8769148594240d11242fcd6c9dd9e9f572f68ac01
DarkCloud Stealer payload (confidence level: 50%)
hash30738450f69c3de74971368192a4a647e4ed9c658f076459e42683b110baf371
DarkCloud Stealer payload (confidence level: 50%)
hash1269c968258999930b573682699fe72de72d96401e3beb314ae91baf0e0e49e8
DarkCloud Stealer payload (confidence level: 50%)
hash7777
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1234
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash6432
AsyncRAT botnet C2 server (confidence level: 75%)
hash13403
Remcos botnet C2 server (confidence level: 75%)
hash13404
Remcos botnet C2 server (confidence level: 75%)
hash443
FAKEUPDATES botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash1962
Remcos botnet C2 server (confidence level: 100%)
hash8443
Sliver botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8000
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash3260
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8010
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash2082
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4506
DeimosC2 botnet C2 server (confidence level: 75%)
hash8000
Havoc botnet C2 server (confidence level: 75%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash4ebd79e8935076a7916e19650f98cc8c20aef4fb5c9da57807b472ee012d6d8c
Lumma Stealer payload (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 75%)
hash2222
QakBot botnet C2 server (confidence level: 75%)
hash6666
ValleyRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 75%)
hash7707
AsyncRAT botnet C2 server (confidence level: 75%)
hash443
Meterpreter botnet C2 server (confidence level: 75%)
hash11112
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash4090
Remcos botnet C2 server (confidence level: 50%)
hash23083
Remcos botnet C2 server (confidence level: 50%)
hash88
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8896
Cobalt Strike botnet C2 server (confidence level: 100%)
hash81
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash64387
Remcos botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash4000
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash222
AsyncRAT botnet C2 server (confidence level: 100%)
hash888
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash4443
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash8082
Vshell botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash10002
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Latrodectus botnet C2 server (confidence level: 90%)
hash443
Latrodectus botnet C2 server (confidence level: 90%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash80
MimiKatz botnet C2 server (confidence level: 100%)
hash55615
RedLine Stealer botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash8444
pupy botnet C2 server (confidence level: 100%)
hash8443
Sliver botnet C2 server (confidence level: 100%)
hash31337
Sliver botnet C2 server (confidence level: 100%)
hash11949
Unknown malware botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash80
Havoc botnet C2 server (confidence level: 100%)
hash8080
Orcus RAT botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash4000
Unknown malware botnet C2 server (confidence level: 100%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash8443
Havoc botnet C2 server (confidence level: 75%)
hash443
BianLian botnet C2 server (confidence level: 75%)
hash995
QakBot botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash2376
DeimosC2 botnet C2 server (confidence level: 75%)
hash2078
QakBot botnet C2 server (confidence level: 75%)
hash8127
DeimosC2 botnet C2 server (confidence level: 75%)

Url

ValueDescriptionCopy
urlhttps://fmovies123.top/fix/select.js
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://fmovies123.top/fix/his.php
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://probuildgroupusa.com/xsxs.zip
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttp://ck92448.tw1.ru/5d8ad51b.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://7lancery.digital/goj
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://files.catbox.moe/olyfi3.001
DarkCloud Stealer payload delivery URL (confidence level: 50%)
urlhttp://206.206.126.216/
Hook botnet C2 (confidence level: 50%)
urlhttps://onedrive.live.com/download?cid=74f1199a49c3215b&resid=74f1199a49c3215b%21122&authkey=aagy326uc3bhn_ks
Unknown Loader payload delivery URL (confidence level: 50%)
urlhttp://crackarithmetic.icu/glo.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://mflowerexju.bet/lanz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://nposseswsnc.top/akds
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ycornerdurv.top/adwq
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://4featurlyin.top/pdal
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://demphatakpn.bet/ladk
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://o9cornerdurv.top/adwq
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ylaminaflbx.shop/twoq
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://raraucahkbm.live/baneb
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://wfeaturlyin.top/pdal
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://steamcommunity.com/profiles/76561199855598339
Vidar botnet C2 (confidence level: 100%)
urlhttps://t.me/eom25h
Vidar botnet C2 (confidence level: 100%)
urlhttps://16.16.4t.com/
Vidar botnet C2 (confidence level: 100%)
urlhttps://49.12.106.231/
Vidar botnet C2 (confidence level: 100%)
urlhttps://pub-d4469a7a24f7423989c5026116ada945.r2.dev/vpncmgr.exe
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://12.innospark.cloud/vpnmcg.txt
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://eqcobwuxr.digital/mnf
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://7meteorplyp.live/lekp
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://milkwevvmw.run/gakz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://winterpwthc.digital/juab
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://a0651821.xsph.ru/multiasync.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://anna-akhmatova.com/login
Lumma Stealer botnet C2 (confidence level: 50%)
urlhttps://lovingcaredisabilityservices.com.au/up/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://ch1.s3.fr-par.scw.cloud/two-factor-auth-challenge-next-v6b7.html
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://payment-verify.com/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttp://103.171.35.26:9443/dot.gif
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttps://stealer.cy
Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://16testcawepr.run/dsap
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://6laminaflbx.shop/twoq
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://www.rivercitymech.biz/profilelayout
FAKEUPDATES botnet C2 (confidence level: 100%)
urlhttps://8jugulagklc.live/roek
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://jemphatakpn.bet/ladk
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://zsaxecocnak.live/manj
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://chiasmymnb.live/godk
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://regopramide.top/lav/xf_addon.js
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://regopramide.top/lav/select.js
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://regopramide.top/lav/lll.php
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://badgervolleyball.org/fsos.zip
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://qfeaturlyin.top/pdal
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://77.246.158.103/securetrafficpublic.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://8r.czlw.ru/2f5a9e85-ee81-41df-8f15-e83a4ffac6c2
ClearFake payload delivery URL (confidence level: 50%)
urlhttps://2otestcawepr.run/dsap
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://psearchilyo.run/gsna
Lumma Stealer botnet C2 (confidence level: 75%)

Threat ID: 682c7ab9e3e6de8ceb73f782

Added to database: 5/20/2025, 12:51:05 PM

Last enriched: 6/19/2025, 2:05:52 PM

Last updated: 8/11/2025, 10:01:00 AM

Views: 10

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats