ThreatFox IOCs for 2025-06-08
ThreatFox IOCs for 2025-06-08
AI Analysis
Technical Summary
The provided information pertains to a set of Indicators of Compromise (IOCs) published on June 8, 2025, sourced from the ThreatFox MISP feed. These IOCs are categorized under malware-related activity, specifically focusing on OSINT (Open Source Intelligence), network activity, and payload delivery. However, the data lacks detailed technical specifics such as affected software versions, exploit mechanisms, or concrete malware signatures. The threat level is indicated as medium, with no known exploits in the wild and no available patches. The absence of CWE identifiers and detailed indicators limits the ability to precisely characterize the malware or its operational tactics, techniques, and procedures (TTPs). The threat appears to be primarily informational, providing intelligence on potential network-based payload delivery mechanisms, which could be leveraged by attackers to compromise systems. Given the nature of OSINT and network activity tags, this threat likely involves reconnaissance and initial infection vectors that could be used to deliver malicious payloads. The lack of patch availability suggests that this may not be a vulnerability in software but rather a threat actor's campaign or malware family identified through network indicators. Overall, this threat represents a medium-level risk primarily due to its potential for payload delivery via network vectors, but with limited immediate exploitation evidence or direct impact data.
Potential Impact
For European organizations, the impact of this threat is currently moderate due to the absence of known active exploits and specific affected software versions. However, the presence of network activity and payload delivery indicators suggests a risk of initial compromise through network-based attacks, which could lead to unauthorized access, data exfiltration, or further malware deployment. Organizations with extensive network exposure or those relying on OSINT tools might be more susceptible if attackers leverage these indicators to craft targeted attacks. The medium severity implies that while immediate widespread disruption is unlikely, there is a tangible risk of infiltration that could escalate if combined with other vulnerabilities or social engineering tactics. European entities in critical infrastructure, finance, and government sectors should be vigilant, as successful payload delivery could undermine confidentiality, integrity, and availability of sensitive systems. The lack of patches means mitigation must focus on detection and prevention rather than remediation of a software flaw.
Mitigation Recommendations
Given the nature of this threat, European organizations should implement enhanced network monitoring to detect unusual payload delivery attempts and suspicious network activity consistent with the provided IOCs once available. Deploying and regularly updating intrusion detection and prevention systems (IDS/IPS) with threat intelligence feeds such as ThreatFox can improve early detection capabilities. Network segmentation and strict access controls can limit the lateral movement of any payloads delivered. Organizations should also conduct regular threat hunting exercises using the latest OSINT indicators to identify potential compromises early. Employee training on recognizing phishing and social engineering attempts remains critical, as payload delivery often involves user interaction. Since no patches are available, maintaining up-to-date endpoint protection platforms and applying security hardening best practices will reduce the attack surface. Finally, sharing intelligence within European cybersecurity communities can help track evolving tactics related to this threat.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- file: 91.212.166.205
- hash: 80
- file: 91.212.166.204
- hash: 80
- file: 39.103.58.78
- hash: 443
- file: 124.156.107.3
- hash: 443
- file: 43.136.118.94
- hash: 443
- domain: security.folregaurd.com
- domain: dekmos.com
- url: https://dekmos.com/flare.msi
- file: 124.222.152.64
- hash: 8022
- file: 192.159.99.207
- hash: 8808
- file: 78.175.189.137
- hash: 444
- file: 101.99.94.46
- hash: 4782
- file: 15.185.76.54
- hash: 17387
- file: 85.158.108.139
- hash: 19892
- file: 198.135.55.145
- hash: 19000
- file: 185.39.206.250
- hash: 8888
- file: 114.132.180.154
- hash: 443
- url: http://fsdas3421fds.x10.mx/eternallineprocesspublic.php
- file: 170.130.165.112
- hash: 443
- file: 192.36.57.164
- hash: 443
- file: 89.46.232.247
- hash: 443
- file: 47.96.128.129
- hash: 80
- file: 185.82.73.108
- hash: 8808
- file: 43.100.119.40
- hash: 60000
- file: 194.110.220.78
- hash: 10010
- file: 37.59.107.60
- hash: 3333
- file: 98.84.165.181
- hash: 3333
- file: 3.146.100.83
- hash: 443
- file: 144.126.135.1
- hash: 443
- file: 95.216.161.54
- hash: 443
- file: 159.223.244.83
- hash: 8080
- file: 18.156.49.107
- hash: 80
- file: 18.156.49.107
- hash: 443
- file: 185.213.44.185
- hash: 443
- file: 218.149.15.51
- hash: 3333
- file: 146.59.226.87
- hash: 8444
- file: 3.28.207.190
- hash: 9042
- file: 43.217.81.52
- hash: 81
- file: 43.198.89.167
- hash: 1024
- file: 3.81.110.95
- hash: 2003
- file: 3.81.110.95
- hash: 5903
- file: 62.60.226.199
- hash: 80
- file: 45.153.34.167
- hash: 19000
- domain: e-batvrod.pro
- file: 79.110.49.104
- hash: 2404
- file: 154.64.231.82
- hash: 8888
- file: 124.198.132.30
- hash: 8808
- file: 213.209.143.170
- hash: 4442
- file: 38.54.23.36
- hash: 11949
- file: 45.114.60.56
- hash: 8443
- file: 176.65.137.186
- hash: 2118
- file: 13.125.160.234
- hash: 50580
- file: 52.15.69.140
- hash: 9600
- file: 196.251.81.98
- hash: 80
- file: 62.60.226.44
- hash: 8888
- file: 163.181.121.85
- hash: 4506
- file: 203.159.90.59
- hash: 4321
- file: 103.176.197.37
- hash: 443
- file: 178.250.188.29
- hash: 7000
- file: 37.221.93.95
- hash: 8080
- domain: click-jackets.gl.at.ply.gg
- domain: mrmega-28915.portmap.io
- domain: raketa909-53062.portmap.io
- domain: outside-sand.gl.at.ply.gg
- domain: krasnov-20846.portmap.io
- url: http://5.252.153.62/9ac416e3d978da3b.php
- domain: feed-option.gl.at.ply.gg
- file: 147.185.221.28
- hash: 58623
- file: 203.91.72.240
- hash: 22222
- file: 181.162.174.69
- hash: 8080
- file: 51.112.44.201
- hash: 28871
- file: 34.243.22.57
- hash: 445
- domain: breachforums.live
- file: 196.251.81.100
- hash: 80
- file: 63.33.197.123
- hash: 443
- file: 101.200.124.122
- hash: 8000
- file: 160.22.160.122
- hash: 443
- file: 62.60.226.176
- hash: 19000
- file: 103.151.229.180
- hash: 8080
- file: 103.195.150.180
- hash: 8443
- file: 167.88.168.76
- hash: 8443
- file: 198.176.59.38
- hash: 443
- file: 24.199.80.119
- hash: 443
- file: 38.180.147.173
- hash: 8443
- file: 45.141.103.5
- hash: 443
- file: 47.117.143.12
- hash: 8082
- file: 64.7.199.118
- hash: 443
- file: 81.181.111.41
- hash: 80
- file: 167.71.194.232
- hash: 8080
- file: 165.232.45.57
- hash: 8080
- file: 164.90.131.51
- hash: 8080
- file: 146.190.122.195
- hash: 443
- file: 147.66.16.230
- hash: 443
- file: 192.210.206.196
- hash: 443
- file: 206.189.245.178
- hash: 8080
- file: 64.227.191.81
- hash: 8080
- file: 45.207.211.159
- hash: 1818
- file: 118.107.44.159
- hash: 1818
- file: 45.207.196.26
- hash: 1818
- domain: apply-orange.gl.at.ply.gg
- domain: cba.abc92.ru
- domain: lieri.ru
- file: 31.207.76.246
- hash: 8443
- file: 185.175.58.109
- hash: 4444
- domain: proportmapper04-43455.portmap.io
- file: 185.241.208.96
- hash: 8088
- domain: twinkfinder.nl
- file: 185.29.55.79
- hash: 443
- domain: crimson-unit-2561.kopis56799.workers.dev
- domain: ec2-server-noisy-band-0fe8.focapaj280.workers.dev
- file: 45.207.212.160
- hash: 8089
- file: 46.208.61.117
- hash: 8000
- domain: autistabot-64075.portmap.io
- domain: ayham-hacked.sytes.net
- domain: websiteorgek.duckdns.org
- domain: paper-improved.gl.at.ply.gg
- domain: run-basement.gl.at.ply.gg
- file: 119.45.29.172
- hash: 443
- file: 117.72.209.44
- hash: 81
- file: 113.45.228.7
- hash: 6000
- file: 154.222.24.202
- hash: 8888
- file: 124.198.132.186
- hash: 8808
- file: 93.198.177.105
- hash: 81
- file: 125.25.108.76
- hash: 7443
- file: 144.172.117.65
- hash: 80
- file: 138.197.229.229
- hash: 8080
- file: 37.114.50.115
- hash: 1337
- file: 158.69.129.111
- hash: 80
- domain: cybersim-44901.portmap.io
- domain: sandbox-64001.portmap.io
- domain: zylora-30517.portmap.io
- file: 176.65.149.229
- hash: 181
- file: 158.69.129.111
- hash: 181
- domain: dlkjkoifdjewilkj-37923.portmap.io
- file: 103.245.231.8
- hash: 1024
- domain: javv-36324.portmap.io
- file: 80.76.49.192
- hash: 7712
- domain: join-critical.gl.at.ply.gg
- file: 194.59.31.116
- hash: 7000
- domain: teste0001.ddns.net
- domain: mamuttt53-60020.portmap.io
- file: 162.248.224.223
- hash: 443
- file: 162.248.224.223
- hash: 7882
- domain: florida-deaths.gl.at.ply.gg
- domain: new-cite.gl.at.ply.gg
- domain: kingdom-reject.gl.at.ply.gg
- domain: numbers-passion.gl.at.ply.gg
- domain: s1gnal-39566.portmap.io
- file: 51.83.133.9
- hash: 443
- file: 124.198.132.186
- hash: 8888
- file: 144.172.106.67
- hash: 4444
- file: 124.70.144.47
- hash: 4444
- file: 203.159.90.59
- hash: 4444
- file: 144.172.106.67
- hash: 4895
- file: 43.255.159.28
- hash: 4321
- file: 23.227.196.19
- hash: 43211
- file: 23.227.203.128
- hash: 43211
- file: 89.45.4.74
- hash: 43211
- file: 23.227.203.191
- hash: 43211
- file: 146.70.44.174
- hash: 43211
- file: 146.70.87.64
- hash: 43211
- file: 139.59.113.130
- hash: 1024
- file: 23.227.203.205
- hash: 43211
- file: 38.132.122.161
- hash: 43211
- file: 146.70.41.167
- hash: 43211
- file: 41.216.188.71
- hash: 3741
ThreatFox IOCs for 2025-06-08
Description
ThreatFox IOCs for 2025-06-08
AI-Powered Analysis
Technical Analysis
The provided information pertains to a set of Indicators of Compromise (IOCs) published on June 8, 2025, sourced from the ThreatFox MISP feed. These IOCs are categorized under malware-related activity, specifically focusing on OSINT (Open Source Intelligence), network activity, and payload delivery. However, the data lacks detailed technical specifics such as affected software versions, exploit mechanisms, or concrete malware signatures. The threat level is indicated as medium, with no known exploits in the wild and no available patches. The absence of CWE identifiers and detailed indicators limits the ability to precisely characterize the malware or its operational tactics, techniques, and procedures (TTPs). The threat appears to be primarily informational, providing intelligence on potential network-based payload delivery mechanisms, which could be leveraged by attackers to compromise systems. Given the nature of OSINT and network activity tags, this threat likely involves reconnaissance and initial infection vectors that could be used to deliver malicious payloads. The lack of patch availability suggests that this may not be a vulnerability in software but rather a threat actor's campaign or malware family identified through network indicators. Overall, this threat represents a medium-level risk primarily due to its potential for payload delivery via network vectors, but with limited immediate exploitation evidence or direct impact data.
Potential Impact
For European organizations, the impact of this threat is currently moderate due to the absence of known active exploits and specific affected software versions. However, the presence of network activity and payload delivery indicators suggests a risk of initial compromise through network-based attacks, which could lead to unauthorized access, data exfiltration, or further malware deployment. Organizations with extensive network exposure or those relying on OSINT tools might be more susceptible if attackers leverage these indicators to craft targeted attacks. The medium severity implies that while immediate widespread disruption is unlikely, there is a tangible risk of infiltration that could escalate if combined with other vulnerabilities or social engineering tactics. European entities in critical infrastructure, finance, and government sectors should be vigilant, as successful payload delivery could undermine confidentiality, integrity, and availability of sensitive systems. The lack of patches means mitigation must focus on detection and prevention rather than remediation of a software flaw.
Mitigation Recommendations
Given the nature of this threat, European organizations should implement enhanced network monitoring to detect unusual payload delivery attempts and suspicious network activity consistent with the provided IOCs once available. Deploying and regularly updating intrusion detection and prevention systems (IDS/IPS) with threat intelligence feeds such as ThreatFox can improve early detection capabilities. Network segmentation and strict access controls can limit the lateral movement of any payloads delivered. Organizations should also conduct regular threat hunting exercises using the latest OSINT indicators to identify potential compromises early. Employee training on recognizing phishing and social engineering attempts remains critical, as payload delivery often involves user interaction. Since no patches are available, maintaining up-to-date endpoint protection platforms and applying security hardening best practices will reduce the attack surface. Finally, sharing intelligence within European cybersecurity communities can help track evolving tactics related to this threat.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- bc08140d-324c-495c-91ee-cf1da8465f86
- Original Timestamp
- 1749427385
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file91.212.166.205 | Lumma Stealer botnet C2 server (confidence level: 100%) | |
file91.212.166.204 | Lumma Stealer botnet C2 server (confidence level: 100%) | |
file39.103.58.78 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file124.156.107.3 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file43.136.118.94 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file124.222.152.64 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file192.159.99.207 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file78.175.189.137 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file101.99.94.46 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file15.185.76.54 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file85.158.108.139 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file198.135.55.145 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file185.39.206.250 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file114.132.180.154 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file170.130.165.112 | WarmCookie botnet C2 server (confidence level: 100%) | |
file192.36.57.164 | WarmCookie botnet C2 server (confidence level: 100%) | |
file89.46.232.247 | WarmCookie botnet C2 server (confidence level: 100%) | |
file47.96.128.129 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.82.73.108 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file43.100.119.40 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.110.220.78 | Unknown malware botnet C2 server (confidence level: 100%) | |
file37.59.107.60 | Unknown malware botnet C2 server (confidence level: 100%) | |
file98.84.165.181 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.146.100.83 | Unknown malware botnet C2 server (confidence level: 100%) | |
file144.126.135.1 | Unknown malware botnet C2 server (confidence level: 100%) | |
file95.216.161.54 | Unknown malware botnet C2 server (confidence level: 100%) | |
file159.223.244.83 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.156.49.107 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.156.49.107 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.213.44.185 | Unknown malware botnet C2 server (confidence level: 100%) | |
file218.149.15.51 | Unknown malware botnet C2 server (confidence level: 100%) | |
file146.59.226.87 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.28.207.190 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file43.217.81.52 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file43.198.89.167 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file3.81.110.95 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file3.81.110.95 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file62.60.226.199 | Stealc botnet C2 server (confidence level: 100%) | |
file45.153.34.167 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file79.110.49.104 | Remcos botnet C2 server (confidence level: 100%) | |
file154.64.231.82 | Unknown malware botnet C2 server (confidence level: 100%) | |
file124.198.132.30 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file213.209.143.170 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file38.54.23.36 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.114.60.56 | Havoc botnet C2 server (confidence level: 100%) | |
file176.65.137.186 | DCRat botnet C2 server (confidence level: 100%) | |
file13.125.160.234 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file52.15.69.140 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file196.251.81.98 | Bashlite botnet C2 server (confidence level: 100%) | |
file62.60.226.44 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file163.181.121.85 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file203.159.90.59 | AdaptixC2 botnet C2 server (confidence level: 75%) | |
file103.176.197.37 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file178.250.188.29 | XWorm botnet C2 server (confidence level: 100%) | |
file37.221.93.95 | XWorm botnet C2 server (confidence level: 100%) | |
file147.185.221.28 | NjRAT botnet C2 server (confidence level: 100%) | |
file203.91.72.240 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file181.162.174.69 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file51.112.44.201 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file34.243.22.57 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file196.251.81.100 | Bashlite botnet C2 server (confidence level: 100%) | |
file63.33.197.123 | MimiKatz botnet C2 server (confidence level: 100%) | |
file101.200.124.122 | MimiKatz botnet C2 server (confidence level: 100%) | |
file160.22.160.122 | Unknown malware botnet C2 server (confidence level: 100%) | |
file62.60.226.176 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file103.151.229.180 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.195.150.180 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file167.88.168.76 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file198.176.59.38 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file24.199.80.119 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.180.147.173 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.141.103.5 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.117.143.12 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file64.7.199.118 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file81.181.111.41 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file167.71.194.232 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file165.232.45.57 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file164.90.131.51 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file146.190.122.195 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file147.66.16.230 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file192.210.206.196 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file206.189.245.178 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file64.227.191.81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.207.211.159 | XWorm botnet C2 server (confidence level: 100%) | |
file118.107.44.159 | XWorm botnet C2 server (confidence level: 100%) | |
file45.207.196.26 | XWorm botnet C2 server (confidence level: 100%) | |
file31.207.76.246 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file185.175.58.109 | Remcos botnet C2 server (confidence level: 100%) | |
file185.241.208.96 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.29.55.79 | Mirai botnet C2 server (confidence level: 100%) | |
file45.207.212.160 | Hook botnet C2 server (confidence level: 100%) | |
file46.208.61.117 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file119.45.29.172 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file117.72.209.44 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file113.45.228.7 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.222.24.202 | Unknown malware botnet C2 server (confidence level: 100%) | |
file124.198.132.186 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file93.198.177.105 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file125.25.108.76 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file144.172.117.65 | MooBot botnet C2 server (confidence level: 100%) | |
file138.197.229.229 | Chaos botnet C2 server (confidence level: 100%) | |
file37.114.50.115 | Unknown malware botnet C2 server (confidence level: 100%) | |
file158.69.129.111 | Unknown malware botnet C2 server (confidence level: 100%) | |
file176.65.149.229 | Mirai botnet C2 server (confidence level: 100%) | |
file158.69.129.111 | Mirai botnet C2 server (confidence level: 100%) | |
file103.245.231.8 | Mirai botnet C2 server (confidence level: 100%) | |
file80.76.49.192 | Aurotun Stealer botnet C2 server (confidence level: 100%) | |
file194.59.31.116 | XWorm botnet C2 server (confidence level: 100%) | |
file162.248.224.223 | RansomHub botnet C2 server (confidence level: 75%) | |
file162.248.224.223 | RansomHub botnet C2 server (confidence level: 75%) | |
file51.83.133.9 | Sliver botnet C2 server (confidence level: 100%) | |
file124.198.132.186 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file144.172.106.67 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file124.70.144.47 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file203.159.90.59 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file144.172.106.67 | BazarBackdoor botnet C2 server (confidence level: 100%) | |
file43.255.159.28 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file23.227.196.19 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file23.227.203.128 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file89.45.4.74 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file23.227.203.191 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file146.70.44.174 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file146.70.87.64 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file139.59.113.130 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file23.227.203.205 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file38.132.122.161 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file146.70.41.167 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file41.216.188.71 | Quasar RAT botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash80 | Lumma Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Lumma Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8022 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash444 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash17387 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash19892 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash19000 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash8888 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | WarmCookie botnet C2 server (confidence level: 100%) | |
hash443 | WarmCookie botnet C2 server (confidence level: 100%) | |
hash443 | WarmCookie botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10010 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8444 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9042 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash81 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash1024 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash2003 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash5903 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash19000 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4442 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash11949 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Havoc botnet C2 server (confidence level: 100%) | |
hash2118 | DCRat botnet C2 server (confidence level: 100%) | |
hash50580 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash9600 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash8888 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash4506 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash4321 | AdaptixC2 botnet C2 server (confidence level: 75%) | |
hash443 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash8080 | XWorm botnet C2 server (confidence level: 100%) | |
hash58623 | NjRAT botnet C2 server (confidence level: 100%) | |
hash22222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash28871 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash445 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash443 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash8000 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash19000 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8082 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1818 | XWorm botnet C2 server (confidence level: 100%) | |
hash1818 | XWorm botnet C2 server (confidence level: 100%) | |
hash1818 | XWorm botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash4444 | Remcos botnet C2 server (confidence level: 100%) | |
hash8088 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Mirai botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash8000 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash81 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash7443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash8080 | Chaos botnet C2 server (confidence level: 100%) | |
hash1337 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash181 | Mirai botnet C2 server (confidence level: 100%) | |
hash181 | Mirai botnet C2 server (confidence level: 100%) | |
hash1024 | Mirai botnet C2 server (confidence level: 100%) | |
hash7712 | Aurotun Stealer botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash443 | RansomHub botnet C2 server (confidence level: 75%) | |
hash7882 | RansomHub botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4444 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash4444 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash4444 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash4895 | BazarBackdoor botnet C2 server (confidence level: 100%) | |
hash4321 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash43211 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash43211 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash43211 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash43211 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash43211 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash43211 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash1024 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash43211 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash43211 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash43211 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash3741 | Quasar RAT botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainsecurity.folregaurd.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domaindekmos.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domaine-batvrod.pro | Unknown Loader payload delivery domain (confidence level: 90%) | |
domainclick-jackets.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainmrmega-28915.portmap.io | XWorm botnet C2 domain (confidence level: 100%) | |
domainraketa909-53062.portmap.io | XWorm botnet C2 domain (confidence level: 100%) | |
domainoutside-sand.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainkrasnov-20846.portmap.io | XWorm botnet C2 domain (confidence level: 100%) | |
domainfeed-option.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainbreachforums.live | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainapply-orange.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaincba.abc92.ru | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainlieri.ru | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainproportmapper04-43455.portmap.io | XWorm botnet C2 domain (confidence level: 100%) | |
domaintwinkfinder.nl | Mirai botnet C2 domain (confidence level: 100%) | |
domaincrimson-unit-2561.kopis56799.workers.dev | SMOKEDHAM botnet C2 domain (confidence level: 50%) | |
domainec2-server-noisy-band-0fe8.focapaj280.workers.dev | SMOKEDHAM botnet C2 domain (confidence level: 50%) | |
domainautistabot-64075.portmap.io | NjRAT botnet C2 domain (confidence level: 100%) | |
domainayham-hacked.sytes.net | NjRAT botnet C2 domain (confidence level: 100%) | |
domainwebsiteorgek.duckdns.org | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainpaper-improved.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainrun-basement.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaincybersim-44901.portmap.io | XWorm botnet C2 domain (confidence level: 100%) | |
domainsandbox-64001.portmap.io | XWorm botnet C2 domain (confidence level: 100%) | |
domainzylora-30517.portmap.io | XWorm botnet C2 domain (confidence level: 100%) | |
domaindlkjkoifdjewilkj-37923.portmap.io | XWorm botnet C2 domain (confidence level: 100%) | |
domainjavv-36324.portmap.io | XWorm botnet C2 domain (confidence level: 100%) | |
domainjoin-critical.gl.at.ply.gg | Remcos botnet C2 domain (confidence level: 100%) | |
domainteste0001.ddns.net | DarkComet botnet C2 domain (confidence level: 100%) | |
domainmamuttt53-60020.portmap.io | XWorm botnet C2 domain (confidence level: 100%) | |
domainflorida-deaths.gl.at.ply.gg | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainnew-cite.gl.at.ply.gg | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainkingdom-reject.gl.at.ply.gg | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainnumbers-passion.gl.at.ply.gg | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domains1gnal-39566.portmap.io | Unknown RAT botnet C2 domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://dekmos.com/flare.msi | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://fsdas3421fds.x10.mx/eternallineprocesspublic.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://5.252.153.62/9ac416e3d978da3b.php | Stealc botnet C2 (confidence level: 100%) |
Threat ID: 68490f133cd93dcca831c5f8
Added to database: 6/11/2025, 5:07:31 AM
Last enriched: 7/12/2025, 5:03:48 AM
Last updated: 8/15/2025, 4:07:02 PM
Views: 22
Related Threats
ThreatFox IOCs for 2025-08-16
MediumScammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumThreatFox IOCs for 2025-08-15
MediumThreat Actor Profile: Interlock Ransomware
Medium'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.