ThreatFox IOCs for 2025-06-06
Severity: mediumType: malware
ThreatFox IOCs for 2025-06-06
AI Analysis
Technical Summary
The provided information refers to a set of Indicators of Compromise (IOCs) published on June 6, 2025, sourced from the ThreatFox MISP feed. ThreatFox is a platform that aggregates and shares threat intelligence, including malware indicators, network activity, and payload delivery mechanisms. The data classifies the threat under the category of malware with a medium severity level and tags it as OSINT (Open Source Intelligence) related. However, the details are sparse: no specific affected software versions, no known exploits in the wild, no patches available, and no concrete technical details beyond a low threat level (2) and distribution rating (3). The absence of concrete indicators or CWE identifiers limits the ability to analyze the exact nature of the malware or its delivery method. The classification under network activity and payload delivery suggests that the threat involves malicious code transmitted over a network, potentially aiming to compromise systems or exfiltrate data. Given the lack of known exploits and patches, this appears to be an intelligence update rather than an active, widespread threat. The medium severity rating likely reflects the potential for harm if the malware were to be deployed effectively, but the current risk is mitigated by limited distribution and exploitation evidence.
Potential Impact
For European organizations, the impact of this threat is currently limited due to the absence of known active exploits and the lack of specific affected products or versions. However, the presence of malware-related IOCs in threat intelligence feeds indicates a potential risk of future attacks leveraging these indicators. If exploited, such malware could lead to unauthorized access, data exfiltration, or disruption of network services, impacting confidentiality, integrity, and availability. Organizations in sectors with high network exposure or those that rely heavily on open-source intelligence for threat detection may need to be vigilant. The medium severity suggests a moderate risk level, implying that while immediate impact is low, preparedness is necessary to prevent escalation. The lack of patches or mitigations means organizations must rely on detection and response capabilities to manage this threat.
Mitigation Recommendations
Given the nature of this threat as an intelligence update without active exploitation, European organizations should focus on enhancing their detection and response capabilities. Specific recommendations include: 1) Integrate the latest ThreatFox IOCs into existing Security Information and Event Management (SIEM) systems and Endpoint Detection and Response (EDR) tools to enable early detection of related network activity or payload delivery attempts. 2) Conduct regular network traffic analysis to identify anomalous patterns that may correspond to the delivery or execution of malware payloads. 3) Maintain robust incident response plans that include procedures for handling malware infections and network intrusions. 4) Educate security teams on interpreting OSINT feeds and incorporating them into threat hunting activities. 5) Employ network segmentation and strict access controls to limit the spread of malware if an infection occurs. 6) Since no patches are available, prioritize timely application of security updates for all software and systems to reduce the attack surface for potential future exploits. 7) Collaborate with national and European cybersecurity centers to share intelligence and receive updates on evolving threats.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- file: 94.158.245.13
- hash: 443
- domain: relay.thepcboy.com
- url: http://181.174.164.12/kyc
- file: 181.174.164.12
- hash: 80
- url: https://www.cuoreincomune.com/xssrsa.zip
- url: https://cloudflare-check.com/
- url: https://receursroomsinf.world/
- url: https://verfroomsattend.world/
- url: https://extrqnnet-registers.com/
- url: https://otherreviewexnt.com/
- url: https://789pettoys.shop/lsl/index.js
- domain: 789pettoys.shop
- url: https://www.cuoreincomune.com/head.php
- domain: www.cuoreincomune.com
- file: 139.180.217.210
- hash: 4433
- file: 8.155.42.155
- hash: 443
- file: 101.42.13.105
- hash: 443
- domain: security.flaeregaurde.com
- domain: depsox.com
- url: https://depsox.com/flare.msi
- file: 193.104.75.24
- hash: 443
- file: 8.130.190.155
- hash: 9999
- file: 119.45.71.218
- hash: 443
- file: 47.92.108.149
- hash: 80
- file: 47.92.108.149
- hash: 443
- file: 39.107.90.187
- hash: 4433
- file: 106.14.25.74
- hash: 8888
- file: 34.133.43.230
- hash: 7443
- file: 34.45.97.62
- hash: 7443
- file: 103.214.157.231
- hash: 443
- file: 51.79.190.129
- hash: 8089
- file: 185.112.147.18
- hash: 443
- file: 18.231.3.95
- hash: 6005
- file: 18.231.3.95
- hash: 51005
- file: 77.91.66.24
- hash: 7777
- domain: ns1.admlistdel.com
- file: 154.219.108.248
- hash: 80
- file: 2.57.241.35
- hash: 57428
- file: 85.209.156.6
- hash: 443
- file: 108.165.237.188
- hash: 2404
- file: 5.161.17.18
- hash: 41333
- file: 54.234.148.73
- hash: 443
- file: 34.240.152.241
- hash: 3333
- file: 18.225.17.46
- hash: 443
- file: 82.157.209.172
- hash: 3333
- file: 95.217.209.25
- hash: 8080
- file: 35.226.196.129
- hash: 443
- file: 49.235.32.122
- hash: 443
- file: 47.128.188.97
- hash: 443
- file: 74.176.99.107
- hash: 443
- file: 107.175.0.19
- hash: 8083
- file: 68.232.175.95
- hash: 3333
- file: 62.60.226.191
- hash: 1911
- file: 116.202.22.233
- hash: 443
- hash: 71dc9540eb03f2ed4d1b6496b13fe839
- hash: 00fdc504be1788231aa7b7d2d1335893
- hash: d1013bbaa2f151195d563b2b65126fa3
- hash: 3e581aad42a2a9e080a4a676de42f015
- hash: edec051ce461d62fbbd3abf09534b731
- hash: 5cab4fabffeb5903f684c936a90e0b46
- hash: 003291d904b89142bada57a9db732ae7
- hash: 29a2cc59a9ebd334103ce146bca38522
- domain: b1.parsleyhandbook.life
- domain: h4.wiryexclusion.top
- url: https://b1.parsleyhandbook.life/ujs/f1575b64-8492-4e8b-b102-4d26e8c70371
- domain: windows.driversact.store
- file: 8.137.60.154
- hash: 3333
- file: 194.87.10.101
- hash: 80
- file: 158.247.193.230
- hash: 443
- file: 47.102.209.177
- hash: 8899
- file: 101.43.103.154
- hash: 2083
- file: 47.120.61.164
- hash: 50050
- file: 34.176.10.48
- hash: 443
- file: 193.242.184.77
- hash: 7443
- file: 108.137.71.89
- hash: 4602
- file: 13.212.248.223
- hash: 12428
- file: 143.244.136.94
- hash: 31337
- file: 37.27.249.115
- hash: 1604
- file: 91.4.40.105
- hash: 80
- file: 45.77.154.115
- hash: 9000
- file: 109.123.243.148
- hash: 3333
- file: 110.41.44.100
- hash: 4433
- url: https://rurusstore.fedor-turin.ru/login
- url: https://autodiscorver.fedor-turin.ru/login
- url: https://wa.sasha-solzhenicyn.ru/login
- url: https://autodiscover.sasha-solzhenicyn.ru/login
- url: https://www.12333333.sasha-solzhenicyn.ru/login
- url: https://www.rurua.fedor-turin.ru/login
- url: https://mastercardkeys.world/pragmatical
- domain: gou.xiaogoubi.top
- domain: rat13.zapto.org
- url: http://yearofair.club/app/app.exe
- url: http://yearofair.club
- url: https://weekdanys.com
- url: https://weekdanys.com/api/install-failure
- domain: yearofair.club
- domain: prismware.cf
- domain: toolkidi.iptime.org
- url: http://hassanstore.altervista.org/wcfgd4ca/rnky.exe
- url: http://ofismakina.com/glpxngjg/dmgcj80j.exe
- domain: www.adityabirlia.com
- domain: www.fjsanchaz.com
- file: 196.251.69.104
- hash: 2404
- url: https://pastebin.com/mz9e6vaf
- domain: rock-layer.gl.at.ply.gg
- domain: yourmomishighoncrack-29827.portmap.io
- domain: lepidobdkn.digital
- domain: diamotrix.world
- domain: diamotrix.club
- file: 128.90.113.219
- hash: 1018
- file: 31.57.33.26
- hash: 8808
- file: 85.209.156.6
- hash: 31337
- file: 195.82.147.40
- hash: 31337
- file: 16.26.41.189
- hash: 8586
- file: 34.46.0.79
- hash: 3333
- url: https://lumamarket.fun/market?nf
- url: https://pastebin.com/raw/0cfspkb5
- file: 89.23.97.34
- hash: 9000
- domain: fethifethi.zapto.org
- domain: masterclaserok.ddns-ip.net
- file: 196.251.117.238
- hash: 4488
- file: 107.172.190.48
- hash: 80
- domain: administration-ssa-gov.3d-proseriseconn.com
- domain: pulseriseglobal.com
- file: 51.68.182.103
- hash: 8041
- domain: www.publynx.com
- url: https://www.publynx.com/profilelayout
- file: 194.213.18.231
- hash: 443
- file: 104.37.4.151
- hash: 8012
- file: 104.37.4.151
- hash: 8015
- file: 104.37.4.151
- hash: 8016
- file: 176.65.142.199
- hash: 2404
- url: https://islighting.top/nnm/track.js
- domain: islighting.top
- url: https://islighting.top/nnm/index.js
- url: https://markrampton.com//head.php
- url: https://markrampton.com/fssste.zip
- domain: markrampton.com
- file: 195.200.16.29
- hash: 443
- file: 15.228.248.225
- hash: 1024
- url: https://unceasnowj.run/akrj
- file: 5.189.168.52
- hash: 6000
- file: 51.38.140.81
- hash: 7000
- file: 51.89.207.251
- hash: 7899
- file: 54.93.49.23
- hash: 7005
- file: 141.98.157.249
- hash: 1194
- file: 146.19.9.211
- hash: 7000
- file: 147.50.253.15
- hash: 7000
- file: 149.56.244.29
- hash: 157
- file: 185.160.30.39
- hash: 7000
- file: 198.46.243.33
- hash: 5353
- file: 202.79.175.52
- hash: 6666
- file: 212.23.222.28
- hash: 6969
- domain: ivan-turgenev.pro
- domain: vladimir-nabokov.online
- domain: advertozaq.run
- domain: aerosobbyy.live
- domain: alcohoyxrf.run
- domain: analbuctwn.live
- domain: anteceflwq.live
- domain: bariysf.live
- domain: bastinkbpg.run
- domain: bayg.run
- domain: blauaq.live
- domain: camckl.digital
- domain: citywo.live
- domain: claimyourellexir.icu
- domain: claimyourellexir.life
- domain: claimyourellexir.run
- domain: claimyourellexir.top
- domain: cleftipkd.live
- domain: comimif.digital
- domain: contjs.digital
- domain: criminnbkb.run
- domain: dalasisrud.run
- domain: debxbu.run
- domain: destroltee.live
- domain: eastwahljc.live
- domain: epsvy.top
- domain: extnpn.live
- domain: facebgll.run
- domain: fleurdcuyt.digital
- domain: gauntlxdgq.run
- domain: geuscljjs.shop
- domain: goldenwuwy.run
- domain: hamgwji.digital
- domain: heartokait.digital
- domain: hematobmmt.digital
- domain: histiougzo.digital
- domain: inclinwhrd.top
- domain: invertdbdi.top
- domain: jagatwb.live
- domain: japaneonto.digital
- domain: jetd.live
- domain: jusojy.digital
- domain: kerosibfsm.digital
- domain: lenienhywi.run
- domain: lionetgisu.live
- domain: lrqob.live
- domain: madiasdqzr.run
- domain: matoqri.digital
- domain: moufflcmgz.run
- domain: mousehulyb.live
- domain: overtujvky.digital
- domain: pickcwh.run
- domain: pickupkwrp.live
- domain: properiloe.digital
- domain: punfej.run
- domain: puresqrk.live
- domain: ratwzk.run
- domain: repzyb.digital
- domain: revkeqn.run
- domain: ruborfdyi.digital
- domain: scooyp.run
- domain: shoolh.digital
- domain: sneize.run
- domain: spangftsw.digital
- domain: succlnct.icu
- domain: summd.run
- domain: susqhj.run
- domain: toeat.run
- domain: ullyr.run
- domain: unbelao.live
- domain: unceasnowj.run
- domain: uninfowprg.live
- domain: urginll.digital
- domain: veloutgfht.digital
- domain: vinudt.run
- domain: wakljur.live
- domain: walleyphpm.run
- domain: waxnps.live
- domain: weezpu.run
- domain: welldyzb.live
- domain: wrapupcrcs.digital
- domain: xoglabs.top
- domain: xrayz.run
- url: https://16.0.4t.com/
- domain: 16.0.4t.com
- file: 116.202.1.66
- hash: 443
- file: 179.43.186.223
- hash: 82
- file: 204.12.203.52
- hash: 80
- file: 68.64.176.42
- hash: 443
- file: 47.121.212.101
- hash: 8888
- file: 27.25.158.13
- hash: 8088
- file: 47.237.86.35
- hash: 34555
- file: 107.173.154.215
- hash: 8088
- file: 3.0.148.143
- hash: 80
- file: 49.232.197.141
- hash: 51015
- file: 182.16.29.162
- hash: 8520
- file: 172.111.244.108
- hash: 37830
- file: 104.243.242.165
- hash: 4862
- file: 107.172.232.68
- hash: 7001
- file: 149.102.135.177
- hash: 2404
- file: 147.124.211.116
- hash: 2404
- file: 173.230.130.152
- hash: 443
- file: 3.19.238.211
- hash: 443
- file: 8.134.212.93
- hash: 41620
- file: 183.87.151.238
- hash: 443
- file: 129.204.181.147
- hash: 8888
- file: 51.79.190.129
- hash: 80
- file: 45.128.233.99
- hash: 8082
- file: 45.128.233.99
- hash: 8089
- file: 203.159.90.98
- hash: 3330
- file: 181.162.129.226
- hash: 8080
- file: 91.217.91.153
- hash: 443
- file: 193.142.146.158
- hash: 2000
- file: 5.252.153.181
- hash: 7000
- file: 13.114.64.131
- hash: 80
- file: 196.251.69.95
- hash: 1911
- file: 150.136.146.232
- hash: 7443
- file: 46.10.180.67
- hash: 8088
- file: 3.248.249.8
- hash: 443
- file: 185.149.146.41
- hash: 1912
- domain: ns.yukklzwo.vip
- file: 151.227.44.57
- hash: 2096
- url: http://cv83502.tw1.ru/80fd8b9f.php
- file: 192.36.61.111
- hash: 1808
- file: 180.76.144.175
- hash: 80
- file: 43.136.118.94
- hash: 8089
- file: 8.147.115.210
- hash: 80
- file: 8.147.115.210
- hash: 8000
- file: 117.88.57.249
- hash: 1099
- file: 185.104.194.25
- hash: 30304
- file: 192.227.128.139
- hash: 2404
- file: 45.141.215.223
- hash: 9142
- file: 107.172.235.204
- hash: 6000
- file: 107.172.235.204
- hash: 6001
- file: 107.172.235.204
- hash: 6002
- file: 196.251.71.170
- hash: 2404
- file: 35.241.131.245
- hash: 8443
- file: 85.158.57.11
- hash: 443
- file: 103.21.100.244
- hash: 443
- file: 185.112.146.121
- hash: 443
- file: 123.55.209.13
- hash: 40000
- file: 40.78.177.154
- hash: 80
- file: 45.204.197.6
- hash: 8888
- file: 93.149.216.26
- hash: 8808
- file: 51.195.211.236
- hash: 8808
- file: 128.90.113.240
- hash: 5000
- file: 128.90.113.240
- hash: 1018
- file: 128.90.113.219
- hash: 5000
- file: 194.102.180.136
- hash: 7443
- file: 43.163.90.110
- hash: 7443
- file: 134.199.194.208
- hash: 7443
- file: 195.85.115.244
- hash: 7443
- file: 172.81.131.230
- hash: 7443
- file: 37.27.248.162
- hash: 7443
- file: 34.133.43.230
- hash: 443
- file: 5.230.42.175
- hash: 7443
- file: 45.207.212.9
- hash: 8089
- file: 45.207.212.81
- hash: 80
- file: 45.207.212.81
- hash: 8089
- file: 79.133.57.108
- hash: 4782
- domain: 4u-2n-web.com
- domain: microsoft-updata.com
- domain: files.uksouth.cloudapp.azure.com
- file: 158.62.198.124
- hash: 443
- file: 172.104.162.149
- hash: 443
- file: 154.37.155.198
- hash: 443
- file: 72.5.43.114
- hash: 443
- file: 5.200.249.139
- hash: 22
- file: 43.198.205.13
- hash: 55164
- file: 54.193.216.210
- hash: 1201
- file: 184.72.172.252
- hash: 2456
- file: 93.198.190.245
- hash: 81
- file: 62.60.226.166
- hash: 1911
- file: 45.207.212.9
- hash: 8082
- file: 45.207.212.160
- hash: 8082
- domain: login.portal-github.com
- file: 8.141.115.230
- hash: 47486
- file: 13.229.126.45
- hash: 443
- file: 31.58.58.115
- hash: 80
- file: 45.137.70.157
- hash: 1337
- file: 45.153.34.85
- hash: 1912
- url: https://waxnps.live/aoqp/api
- url: http://391316cm.nyashvibe.ru/phpsqlbasepublicdownloads.php
- file: 156.234.228.112
- hash: 6666
- file: 139.59.17.50
- hash: 4321
- file: 18.154.247.71
- hash: 443
- file: 183.232.238.238
- hash: 4506
- file: 193.23.118.126
- hash: 8888
- file: 193.233.48.130
- hash: 443
- file: 2.88.110.72
- hash: 995
- file: 213.120.32.5
- hash: 8080
- file: 213.139.205.152
- hash: 4443
- file: 3.19.238.211
- hash: 8888
- file: 43.141.131.249
- hash: 10250
- file: 45.141.233.243
- hash: 443
- url: https://storagfomp.run/tqtk
- file: 118.107.221.14
- hash: 443
- file: 118.107.221.15
- hash: 443
- url: http://a1134815.xsph.ru/618632a4.php
ThreatFox IOCs for 2025-06-06
Medium
Published: Fri Jun 06 2025 (06/06/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-06-06
AI-Powered Analysis
AILast updated: 07/12/2025, 05:04:14 UTC
Technical Analysis
The provided information refers to a set of Indicators of Compromise (IOCs) published on June 6, 2025, sourced from the ThreatFox MISP feed. ThreatFox is a platform that aggregates and shares threat intelligence, including malware indicators, network activity, and payload delivery mechanisms. The data classifies the threat under the category of malware with a medium severity level and tags it as OSINT (Open Source Intelligence) related. However, the details are sparse: no specific affected software versions, no known exploits in the wild, no patches available, and no concrete technical details beyond a low threat level (2) and distribution rating (3). The absence of concrete indicators or CWE identifiers limits the ability to analyze the exact nature of the malware or its delivery method. The classification under network activity and payload delivery suggests that the threat involves malicious code transmitted over a network, potentially aiming to compromise systems or exfiltrate data. Given the lack of known exploits and patches, this appears to be an intelligence update rather than an active, widespread threat. The medium severity rating likely reflects the potential for harm if the malware were to be deployed effectively, but the current risk is mitigated by limited distribution and exploitation evidence.
Potential Impact
For European organizations, the impact of this threat is currently limited due to the absence of known active exploits and the lack of specific affected products or versions. However, the presence of malware-related IOCs in threat intelligence feeds indicates a potential risk of future attacks leveraging these indicators. If exploited, such malware could lead to unauthorized access, data exfiltration, or disruption of network services, impacting confidentiality, integrity, and availability. Organizations in sectors with high network exposure or those that rely heavily on open-source intelligence for threat detection may need to be vigilant. The medium severity suggests a moderate risk level, implying that while immediate impact is low, preparedness is necessary to prevent escalation. The lack of patches or mitigations means organizations must rely on detection and response capabilities to manage this threat.
Mitigation Recommendations
Given the nature of this threat as an intelligence update without active exploitation, European organizations should focus on enhancing their detection and response capabilities. Specific recommendations include: 1) Integrate the latest ThreatFox IOCs into existing Security Information and Event Management (SIEM) systems and Endpoint Detection and Response (EDR) tools to enable early detection of related network activity or payload delivery attempts. 2) Conduct regular network traffic analysis to identify anomalous patterns that may correspond to the delivery or execution of malware payloads. 3) Maintain robust incident response plans that include procedures for handling malware infections and network intrusions. 4) Educate security teams on interpreting OSINT feeds and incorporating them into threat hunting activities. 5) Employ network segmentation and strict access controls to limit the spread of malware if an infection occurs. 6) Since no patches are available, prioritize timely application of security updates for all software and systems to reduce the attack surface for potential future exploits. 7) Collaborate with national and European cybersecurity centers to share intelligence and receive updates on evolving threats.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 92598831-07ae-404e-80c9-ee9135de0f62
- Original Timestamp
- 1749254586
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file94.158.245.13 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file181.174.164.12 | Unknown Stealer botnet C2 server (confidence level: 50%) | |
file139.180.217.210 | Meterpreter botnet C2 server (confidence level: 75%) | |
file8.155.42.155 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file101.42.13.105 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file193.104.75.24 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.130.190.155 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file119.45.71.218 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.92.108.149 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.92.108.149 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.107.90.187 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.14.25.74 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.133.43.230 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.45.97.62 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.214.157.231 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.79.190.129 | Hook botnet C2 server (confidence level: 100%) | |
file185.112.147.18 | Havoc botnet C2 server (confidence level: 100%) | |
file18.231.3.95 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file18.231.3.95 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file77.91.66.24 | NjRAT botnet C2 server (confidence level: 100%) | |
file154.219.108.248 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file2.57.241.35 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file85.209.156.6 | Sliver botnet C2 server (confidence level: 90%) | |
file108.165.237.188 | Remcos botnet C2 server (confidence level: 100%) | |
file5.161.17.18 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.234.148.73 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.240.152.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.225.17.46 | Unknown malware botnet C2 server (confidence level: 100%) | |
file82.157.209.172 | Unknown malware botnet C2 server (confidence level: 100%) | |
file95.217.209.25 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.226.196.129 | Unknown malware botnet C2 server (confidence level: 100%) | |
file49.235.32.122 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.128.188.97 | Unknown malware botnet C2 server (confidence level: 100%) | |
file74.176.99.107 | Unknown malware botnet C2 server (confidence level: 100%) | |
file107.175.0.19 | Unknown malware botnet C2 server (confidence level: 100%) | |
file68.232.175.95 | Unknown malware botnet C2 server (confidence level: 100%) | |
file62.60.226.191 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file116.202.22.233 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file8.137.60.154 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file194.87.10.101 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file158.247.193.230 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file47.102.209.177 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file101.43.103.154 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file47.120.61.164 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file34.176.10.48 | Unknown malware botnet C2 server (confidence level: 50%) | |
file193.242.184.77 | Unknown malware botnet C2 server (confidence level: 50%) | |
file108.137.71.89 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file13.212.248.223 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file143.244.136.94 | Sliver botnet C2 server (confidence level: 50%) | |
file37.27.249.115 | DarkComet botnet C2 server (confidence level: 50%) | |
file91.4.40.105 | Ghost RAT botnet C2 server (confidence level: 50%) | |
file45.77.154.115 | SectopRAT botnet C2 server (confidence level: 50%) | |
file109.123.243.148 | Unknown malware botnet C2 server (confidence level: 50%) | |
file110.41.44.100 | AdaptixC2 botnet C2 server (confidence level: 50%) | |
file196.251.69.104 | Remcos botnet C2 server (confidence level: 50%) | |
file128.90.113.219 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file31.57.33.26 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file85.209.156.6 | Sliver botnet C2 server (confidence level: 50%) | |
file195.82.147.40 | Sliver botnet C2 server (confidence level: 50%) | |
file16.26.41.189 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file34.46.0.79 | Unknown malware botnet C2 server (confidence level: 50%) | |
file89.23.97.34 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file196.251.117.238 | Remcos botnet C2 server (confidence level: 50%) | |
file107.172.190.48 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file51.68.182.103 | Unknown RAT botnet C2 server (confidence level: 50%) | |
file194.213.18.231 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
file104.37.4.151 | Remcos botnet C2 server (confidence level: 75%) | |
file104.37.4.151 | Remcos botnet C2 server (confidence level: 75%) | |
file104.37.4.151 | Remcos botnet C2 server (confidence level: 75%) | |
file176.65.142.199 | Remcos botnet C2 server (confidence level: 75%) | |
file195.200.16.29 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file15.228.248.225 | Remcos botnet C2 server (confidence level: 100%) | |
file5.189.168.52 | XWorm botnet C2 server (confidence level: 100%) | |
file51.38.140.81 | XWorm botnet C2 server (confidence level: 100%) | |
file51.89.207.251 | XWorm botnet C2 server (confidence level: 100%) | |
file54.93.49.23 | XWorm botnet C2 server (confidence level: 100%) | |
file141.98.157.249 | XWorm botnet C2 server (confidence level: 100%) | |
file146.19.9.211 | XWorm botnet C2 server (confidence level: 100%) | |
file147.50.253.15 | XWorm botnet C2 server (confidence level: 100%) | |
file149.56.244.29 | XWorm botnet C2 server (confidence level: 100%) | |
file185.160.30.39 | XWorm botnet C2 server (confidence level: 100%) | |
file198.46.243.33 | XWorm botnet C2 server (confidence level: 100%) | |
file202.79.175.52 | XWorm botnet C2 server (confidence level: 100%) | |
file212.23.222.28 | XWorm botnet C2 server (confidence level: 100%) | |
file116.202.1.66 | Vidar botnet C2 server (confidence level: 100%) | |
file179.43.186.223 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file204.12.203.52 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file68.64.176.42 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.121.212.101 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file27.25.158.13 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.237.86.35 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.173.154.215 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file3.0.148.143 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file49.232.197.141 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file182.16.29.162 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file172.111.244.108 | Remcos botnet C2 server (confidence level: 100%) | |
file104.243.242.165 | Remcos botnet C2 server (confidence level: 100%) | |
file107.172.232.68 | Remcos botnet C2 server (confidence level: 100%) | |
file149.102.135.177 | Remcos botnet C2 server (confidence level: 100%) | |
file147.124.211.116 | Remcos botnet C2 server (confidence level: 100%) | |
file173.230.130.152 | Sliver botnet C2 server (confidence level: 100%) | |
file3.19.238.211 | Sliver botnet C2 server (confidence level: 100%) | |
file8.134.212.93 | Sliver botnet C2 server (confidence level: 100%) | |
file183.87.151.238 | Unknown malware botnet C2 server (confidence level: 100%) | |
file129.204.181.147 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.79.190.129 | Hook botnet C2 server (confidence level: 100%) | |
file45.128.233.99 | Hook botnet C2 server (confidence level: 100%) | |
file45.128.233.99 | Hook botnet C2 server (confidence level: 100%) | |
file203.159.90.98 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file181.162.129.226 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file91.217.91.153 | Havoc botnet C2 server (confidence level: 100%) | |
file193.142.146.158 | Venom RAT botnet C2 server (confidence level: 100%) | |
file5.252.153.181 | DCRat botnet C2 server (confidence level: 100%) | |
file13.114.64.131 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
file196.251.69.95 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file150.136.146.232 | Unknown malware botnet C2 server (confidence level: 100%) | |
file46.10.180.67 | Chaos botnet C2 server (confidence level: 100%) | |
file3.248.249.8 | Meterpreter botnet C2 server (confidence level: 100%) | |
file185.149.146.41 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file151.227.44.57 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file192.36.61.111 | LimeRAT botnet C2 server (confidence level: 100%) | |
file180.76.144.175 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.136.118.94 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.147.115.210 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.147.115.210 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file117.88.57.249 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.104.194.25 | Remcos botnet C2 server (confidence level: 100%) | |
file192.227.128.139 | Remcos botnet C2 server (confidence level: 100%) | |
file45.141.215.223 | Remcos botnet C2 server (confidence level: 100%) | |
file107.172.235.204 | Remcos botnet C2 server (confidence level: 100%) | |
file107.172.235.204 | Remcos botnet C2 server (confidence level: 100%) | |
file107.172.235.204 | Remcos botnet C2 server (confidence level: 100%) | |
file196.251.71.170 | Remcos botnet C2 server (confidence level: 100%) | |
file35.241.131.245 | Sliver botnet C2 server (confidence level: 100%) | |
file85.158.57.11 | Sliver botnet C2 server (confidence level: 100%) | |
file103.21.100.244 | Sliver botnet C2 server (confidence level: 100%) | |
file185.112.146.121 | Sliver botnet C2 server (confidence level: 100%) | |
file123.55.209.13 | Sliver botnet C2 server (confidence level: 100%) | |
file40.78.177.154 | Sliver botnet C2 server (confidence level: 100%) | |
file45.204.197.6 | Unknown malware botnet C2 server (confidence level: 100%) | |
file93.149.216.26 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file51.195.211.236 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.113.240 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.113.240 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.113.219 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file194.102.180.136 | Unknown malware botnet C2 server (confidence level: 100%) | |
file43.163.90.110 | Unknown malware botnet C2 server (confidence level: 100%) | |
file134.199.194.208 | Unknown malware botnet C2 server (confidence level: 100%) | |
file195.85.115.244 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.81.131.230 | Unknown malware botnet C2 server (confidence level: 100%) | |
file37.27.248.162 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.133.43.230 | Unknown malware botnet C2 server (confidence level: 100%) | |
file5.230.42.175 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.207.212.9 | Hook botnet C2 server (confidence level: 100%) | |
file45.207.212.81 | Hook botnet C2 server (confidence level: 100%) | |
file45.207.212.81 | Hook botnet C2 server (confidence level: 100%) | |
file79.133.57.108 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file158.62.198.124 | Havoc botnet C2 server (confidence level: 100%) | |
file172.104.162.149 | Havoc botnet C2 server (confidence level: 100%) | |
file154.37.155.198 | Havoc botnet C2 server (confidence level: 100%) | |
file72.5.43.114 | Havoc botnet C2 server (confidence level: 100%) | |
file5.200.249.139 | DCRat botnet C2 server (confidence level: 100%) | |
file43.198.205.13 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file54.193.216.210 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file184.72.172.252 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file93.198.190.245 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file62.60.226.166 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file45.207.212.9 | ERMAC botnet C2 server (confidence level: 100%) | |
file45.207.212.160 | ERMAC botnet C2 server (confidence level: 100%) | |
file8.141.115.230 | Chaos botnet C2 server (confidence level: 100%) | |
file13.229.126.45 | Unknown malware botnet C2 server (confidence level: 100%) | |
file31.58.58.115 | Bashlite botnet C2 server (confidence level: 100%) | |
file45.137.70.157 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.153.34.85 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file156.234.228.112 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file139.59.17.50 | AdaptixC2 botnet C2 server (confidence level: 75%) | |
file18.154.247.71 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file183.232.238.238 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file193.23.118.126 | Sliver botnet C2 server (confidence level: 75%) | |
file193.233.48.130 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file2.88.110.72 | QakBot botnet C2 server (confidence level: 75%) | |
file213.120.32.5 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file213.139.205.152 | Sliver botnet C2 server (confidence level: 75%) | |
file3.19.238.211 | Sliver botnet C2 server (confidence level: 75%) | |
file43.141.131.249 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file45.141.233.243 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file118.107.221.14 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file118.107.221.15 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Unknown Stealer botnet C2 server (confidence level: 50%) | |
hash4433 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash6005 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash51005 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash7777 | NjRAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash57428 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 90%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash41333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8083 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1911 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash71dc9540eb03f2ed4d1b6496b13fe839 | Unknown malware payload (confidence level: 50%) | |
hash00fdc504be1788231aa7b7d2d1335893 | Unknown malware payload (confidence level: 50%) | |
hashd1013bbaa2f151195d563b2b65126fa3 | Unknown malware payload (confidence level: 50%) | |
hash3e581aad42a2a9e080a4a676de42f015 | Unknown malware payload (confidence level: 50%) | |
hashedec051ce461d62fbbd3abf09534b731 | Unknown malware payload (confidence level: 50%) | |
hash5cab4fabffeb5903f684c936a90e0b46 | Unknown malware payload (confidence level: 50%) | |
hash003291d904b89142bada57a9db732ae7 | Unknown malware payload (confidence level: 50%) | |
hash29a2cc59a9ebd334103ce146bca38522 | Unknown malware payload (confidence level: 50%) | |
hash3333 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8899 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash2083 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash4602 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash12428 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 50%) | |
hash80 | Ghost RAT botnet C2 server (confidence level: 50%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash4433 | AdaptixC2 botnet C2 server (confidence level: 50%) | |
hash2404 | Remcos botnet C2 server (confidence level: 50%) | |
hash1018 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash8586 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash9000 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash4488 | Remcos botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8041 | Unknown RAT botnet C2 server (confidence level: 50%) | |
hash443 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
hash8012 | Remcos botnet C2 server (confidence level: 75%) | |
hash8015 | Remcos botnet C2 server (confidence level: 75%) | |
hash8016 | Remcos botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 75%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash1024 | Remcos botnet C2 server (confidence level: 100%) | |
hash6000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7899 | XWorm botnet C2 server (confidence level: 100%) | |
hash7005 | XWorm botnet C2 server (confidence level: 100%) | |
hash1194 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash157 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash5353 | XWorm botnet C2 server (confidence level: 100%) | |
hash6666 | XWorm botnet C2 server (confidence level: 100%) | |
hash6969 | XWorm botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash82 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash34555 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash51015 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8520 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash37830 | Remcos botnet C2 server (confidence level: 100%) | |
hash4862 | Remcos botnet C2 server (confidence level: 100%) | |
hash7001 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash41620 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash3330 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash2000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash7000 | DCRat botnet C2 server (confidence level: 100%) | |
hash80 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
hash1911 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8088 | Chaos botnet C2 server (confidence level: 100%) | |
hash443 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash1912 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash2096 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash1808 | LimeRAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8089 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1099 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash30304 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash9142 | Remcos botnet C2 server (confidence level: 100%) | |
hash6000 | Remcos botnet C2 server (confidence level: 100%) | |
hash6001 | Remcos botnet C2 server (confidence level: 100%) | |
hash6002 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash40000 | Sliver botnet C2 server (confidence level: 100%) | |
hash80 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1018 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash22 | DCRat botnet C2 server (confidence level: 100%) | |
hash55164 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash1201 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash2456 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash81 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash1911 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash8082 | ERMAC botnet C2 server (confidence level: 100%) | |
hash8082 | ERMAC botnet C2 server (confidence level: 100%) | |
hash47486 | Chaos botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash1337 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1912 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash4321 | AdaptixC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash4506 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash8080 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash4443 | Sliver botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash10250 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainrelay.thepcboy.com | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domain789pettoys.shop | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainwww.cuoreincomune.com | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainsecurity.flaeregaurde.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domaindepsox.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainns1.admlistdel.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainb1.parsleyhandbook.life | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainh4.wiryexclusion.top | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainwindows.driversact.store | Remcos botnet C2 domain (confidence level: 100%) | |
domaingou.xiaogoubi.top | Cobalt Strike botnet C2 domain (confidence level: 50%) | |
domainrat13.zapto.org | DarkComet botnet C2 domain (confidence level: 50%) | |
domainyearofair.club | Glupteba botnet C2 domain (confidence level: 50%) | |
domainprismware.cf | Mirai botnet C2 domain (confidence level: 50%) | |
domaintoolkidi.iptime.org | NjRAT botnet C2 domain (confidence level: 50%) | |
domainwww.adityabirlia.com | Remcos botnet C2 domain (confidence level: 50%) | |
domainwww.fjsanchaz.com | Remcos botnet C2 domain (confidence level: 50%) | |
domainrock-layer.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainyourmomishighoncrack-29827.portmap.io | XWorm botnet C2 domain (confidence level: 50%) | |
domainlepidobdkn.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaindiamotrix.world | Unknown malware botnet C2 domain (confidence level: 50%) | |
domaindiamotrix.club | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainfethifethi.zapto.org | DarkComet botnet C2 domain (confidence level: 50%) | |
domainmasterclaserok.ddns-ip.net | Remcos botnet C2 domain (confidence level: 50%) | |
domainadministration-ssa-gov.3d-proseriseconn.com | Unknown RAT payload delivery domain (confidence level: 50%) | |
domainpulseriseglobal.com | Unknown RAT botnet C2 domain (confidence level: 50%) | |
domainwww.publynx.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainislighting.top | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainmarkrampton.com | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainivan-turgenev.pro | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainvladimir-nabokov.online | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainadvertozaq.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainaerosobbyy.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainalcohoyxrf.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainanalbuctwn.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainanteceflwq.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainbariysf.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainbastinkbpg.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainbayg.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainblauaq.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaincamckl.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaincitywo.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainclaimyourellexir.icu | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainclaimyourellexir.life | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainclaimyourellexir.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainclaimyourellexir.top | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaincleftipkd.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaincomimif.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaincontjs.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaincriminnbkb.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaindalasisrud.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaindebxbu.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaindestroltee.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaineastwahljc.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainepsvy.top | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainextnpn.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainfacebgll.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainfleurdcuyt.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaingauntlxdgq.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaingeuscljjs.shop | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaingoldenwuwy.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainhamgwji.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainheartokait.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainhematobmmt.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainhistiougzo.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaininclinwhrd.top | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaininvertdbdi.top | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainjagatwb.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainjapaneonto.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainjetd.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainjusojy.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainkerosibfsm.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainlenienhywi.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainlionetgisu.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainlrqob.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainmadiasdqzr.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainmatoqri.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainmoufflcmgz.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainmousehulyb.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainovertujvky.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainpickcwh.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainpickupkwrp.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainproperiloe.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainpunfej.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainpuresqrk.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainratwzk.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainrepzyb.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainrevkeqn.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainruborfdyi.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainscooyp.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainshoolh.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainsneize.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainspangftsw.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainsucclnct.icu | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainsummd.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainsusqhj.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaintoeat.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainullyr.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainunbelao.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainunceasnowj.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainuninfowprg.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainurginll.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainveloutgfht.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainvinudt.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainwakljur.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainwalleyphpm.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainwaxnps.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainweezpu.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainwelldyzb.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainwrapupcrcs.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainxoglabs.top | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainxrayz.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domain16.0.4t.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainns.yukklzwo.vip | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domain4u-2n-web.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainmicrosoft-updata.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainfiles.uksouth.cloudapp.azure.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainlogin.portal-github.com | Unknown malware botnet C2 domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://181.174.164.12/kyc | GootLoader botnet C2 (confidence level: 100%) | |
urlhttps://www.cuoreincomune.com/xssrsa.zip | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://cloudflare-check.com/ | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://receursroomsinf.world/ | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://verfroomsattend.world/ | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://extrqnnet-registers.com/ | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://otherreviewexnt.com/ | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://789pettoys.shop/lsl/index.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://www.cuoreincomune.com/head.php | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://depsox.com/flare.msi | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://b1.parsleyhandbook.life/ujs/f1575b64-8492-4e8b-b102-4d26e8c70371 | Unknown Stealer botnet C2 (confidence level: 100%) | |
urlhttps://rurusstore.fedor-turin.ru/login | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://autodiscorver.fedor-turin.ru/login | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://wa.sasha-solzhenicyn.ru/login | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://autodiscover.sasha-solzhenicyn.ru/login | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://www.12333333.sasha-solzhenicyn.ru/login | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://www.rurua.fedor-turin.ru/login | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://mastercardkeys.world/pragmatical | Crocodilus botnet C2 (confidence level: 50%) | |
urlhttp://yearofair.club/app/app.exe | Glupteba payload delivery URL (confidence level: 50%) | |
urlhttp://yearofair.club | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://weekdanys.com | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://weekdanys.com/api/install-failure | Glupteba botnet C2 (confidence level: 50%) | |
urlhttp://hassanstore.altervista.org/wcfgd4ca/rnky.exe | Pony payload delivery URL (confidence level: 50%) | |
urlhttp://ofismakina.com/glpxngjg/dmgcj80j.exe | Pony payload delivery URL (confidence level: 50%) | |
urlhttps://pastebin.com/mz9e6vaf | XWorm botnet C2 (confidence level: 50%) | |
urlhttps://lumamarket.fun/market?nf | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/raw/0cfspkb5 | AsyncRAT botnet C2 (confidence level: 50%) | |
urlhttps://www.publynx.com/profilelayout | FAKEUPDATES botnet C2 (confidence level: 100%) | |
urlhttps://islighting.top/nnm/track.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://islighting.top/nnm/index.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://markrampton.com//head.php | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://markrampton.com/fssste.zip | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://unceasnowj.run/akrj | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://16.0.4t.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://cv83502.tw1.ru/80fd8b9f.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://waxnps.live/aoqp/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://391316cm.nyashvibe.ru/phpsqlbasepublicdownloads.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://storagfomp.run/tqtk | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://a1134815.xsph.ru/618632a4.php | DCRat botnet C2 (confidence level: 100%) |
Threat ID: 68490f133cd93dcca831da51
Added to database: 6/11/2025, 5:07:31 AM
Last enriched: 7/12/2025, 5:04:14 AM
Last updated: 8/17/2025, 11:27:08 PM
Views: 28
Related Threats
ThreatFox IOCs for 2025-08-17
MediumMalwareMon Aug 18 2025
ThreatFox IOCs for 2025-08-16
MediumMalwareSun Aug 17 2025
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumMalwareSat Aug 16 2025
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.