Skip to main content

ThreatFox IOCs for 2025-06-09

Medium
Published: Mon Jun 09 2025 (06/09/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-06-09

AI-Powered Analysis

AILast updated: 07/10/2025, 21:03:30 UTC

Technical Analysis

The provided information pertains to a security threat categorized as malware, specifically related to ThreatFox Indicators of Compromise (IOCs) dated 2025-06-09. ThreatFox is a platform that aggregates and shares threat intelligence, particularly IOCs, which are artifacts observed on a network or in operating systems that indicate a potential intrusion. The threat is tagged under OSINT (Open Source Intelligence), payload delivery, and network activity, suggesting it involves the delivery of malicious payloads over a network and is shared as open-source intelligence for detection and analysis purposes. However, the data lacks specific technical details such as affected software versions, exploit mechanisms, or detailed indicators, and no known exploits in the wild have been reported. The threat level is indicated as medium, with a threatLevel score of 2 and distribution score of 3, implying moderate dissemination or relevance. The absence of patches or mitigation links suggests this is more an intelligence feed entry than a newly discovered vulnerability or exploit. The threat appears to be a collection or update of IOCs rather than a standalone exploit or malware strain, serving as a resource for security teams to detect and respond to potential malicious activity. The lack of CWEs and detailed technical analysis limits the ability to pinpoint exact attack vectors or payload specifics. Overall, this represents a medium-severity intelligence update on malware-related network activity and payload delivery indicators, intended to aid detection rather than describing a novel or active exploit.

Potential Impact

For European organizations, the impact of this threat primarily lies in the potential for improved detection and response capabilities through the integration of these IOCs into security monitoring tools. Since no active exploits or specific vulnerabilities are identified, the direct risk of compromise from this threat feed is low. However, failure to incorporate such threat intelligence could leave organizations more vulnerable to malware infections or network intrusions that these IOCs help identify. The medium severity suggests that the threat intelligence may relate to malware campaigns or payload delivery methods that could affect confidentiality, integrity, or availability if successfully executed. European organizations with mature security operations centers (SOCs) and threat intelligence teams stand to benefit most by leveraging this data to enhance their detection rules and incident response. Conversely, organizations lacking such capabilities may be at increased risk of undetected malware activity. The absence of patches or exploit details means the threat is more about awareness and detection than immediate remediation. Overall, the impact is indirect but important for maintaining robust cybersecurity postures in Europe.

Mitigation Recommendations

1. Integrate the provided ThreatFox IOCs into existing Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), and endpoint detection and response (EDR) tools to enhance detection capabilities. 2. Regularly update threat intelligence feeds and ensure automated ingestion of new IOCs to maintain up-to-date defenses. 3. Conduct network traffic analysis focusing on payload delivery mechanisms and suspicious network activity patterns highlighted by the IOCs. 4. Train SOC analysts and incident responders to recognize and investigate alerts generated from these IOCs promptly. 5. Implement network segmentation and strict egress filtering to limit the potential spread or communication of malware payloads. 6. Maintain robust backup and recovery procedures to mitigate impact in case of successful malware infection. 7. Collaborate with information sharing organizations and national cybersecurity centers to contextualize these IOCs within local threat landscapes. 8. Since no patches are available, focus on detection, containment, and response rather than remediation of a specific vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
80599db0-5392-45fb-88b1-32056b1636b5
Original Timestamp
1749513786

Indicators of Compromise

Domain

ValueDescriptionCopy
domainlatarelisafi.pro
Unknown Loader payload delivery domain (confidence level: 90%)
domainanalyticanods.com
Unknown malware payload delivery domain (confidence level: 100%)
domainsecurity.garudflores.com
Unknown malware payload delivery domain (confidence level: 100%)
domainkoslep.com
Unknown malware payload delivery domain (confidence level: 100%)
domainwww.zestarcade.xyz
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainassistance-trash.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaindepartment-monica.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainhatem2youssef.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainhatem2youssef2.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainkhalifarema.zapto.org
Remcos botnet C2 domain (confidence level: 100%)
domainincludes-contents.gl.at.ply.gg
AsyncRAT botnet C2 domain (confidence level: 50%)
domainjcapi.xboxwl.com
AsyncRAT botnet C2 domain (confidence level: 50%)
domaincable-knife.gl.at.ply.gg
DCRat botnet C2 domain (confidence level: 50%)
domainulljq8tna.localto.net
DCRat botnet C2 domain (confidence level: 50%)
domainm1dni9ht.ddns.net
Mirai botnet C2 domain (confidence level: 50%)
domaintest.galaxias.cc
Mirai botnet C2 domain (confidence level: 50%)
domaindrug-demonstrated.gl.at.ply.gg
Nanocore RAT botnet C2 domain (confidence level: 50%)
domainphotographers-ecological.with.playit.plus
NjRAT botnet C2 domain (confidence level: 50%)
domainliberator247.pagekite.me
Quasar RAT botnet C2 domain (confidence level: 50%)
domainishimmiri1.duckdns.org
Remcos botnet C2 domain (confidence level: 50%)
domainishimmiri1bk.duckdns.org
Remcos botnet C2 domain (confidence level: 50%)
domainelromio-50314.portmap.io
XWorm botnet C2 domain (confidence level: 50%)
domaintake-sherman.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaincp71691.tw1.ru
DCRat botnet C2 domain (confidence level: 100%)
domainhotel.wildhorsehotel.net
Mirai botnet C2 domain (confidence level: 100%)
domainwbvhelp.top
Unknown RAT botnet C2 domain (confidence level: 100%)
domainjailykingi.site
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainbevm.fun
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainplayontoy.run
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainlasbmt.xyz
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainmiyelv.xyz
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainkinwlyo.xyz
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaincoedxz.xyz
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaincryymd.xyz
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaingeglrx.xyz
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainswydug.xyz
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainpsalgd.xyz
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaintotplh.xyz
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaingarexqz.xyz
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainfullnjd.xyz
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainherwxtx.xyz
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainthicew.xyz
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainwojbi.xyz
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaindicyth.xyz
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainstomrnd.xyz
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaintotalqt.xyz
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainlixkyf.xyz
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainopalxrr.xyz
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainshutvg.xyz
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainwellrmy.xyz
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainfrustreghm.xyz
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaincountrnncn.xyz
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainwilvrdu.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainplapwf.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainabezgec.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainfavgqu.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainfiles.myamericanmadestory.com
FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainpeqywb.top
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainblackholez.shop
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainaccsrf.top
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainpoxtlb.shop
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainprihxo.shop
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainhugevcdn.pro
Unknown Stealer botnet C2 domain (confidence level: 100%)
domainweb.vfmhelp.top
Unknown RAT botnet C2 domain (confidence level: 100%)
domainloispaigesimenson.com
NetSupportManager RAT payload delivery domain (confidence level: 100%)
domainanunciaconalianzalima.com
NetSupportManager RAT payload delivery domain (confidence level: 100%)
domainthemegaprovider.ddns.net
Havoc botnet C2 domain (confidence level: 100%)
domainqoansbw2.anondns.net
Unknown RAT botnet C2 domain (confidence level: 100%)
domain30.0.4t.com
Vidar botnet C2 domain (confidence level: 100%)
domaindedhq.run
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainpothoai.run
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainhyxhxi.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainsmoapwc.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainacrmfy.live
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainthiroqu.live
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainc-largely.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainpuffin1488.no-ip.biz
DarkComet botnet C2 domain (confidence level: 50%)
domainbotnet.s3ox11.com
Mirai botnet C2 domain (confidence level: 50%)
domainhost.mrighosting.info
Mirai botnet C2 domain (confidence level: 50%)
domainefjeqfqe.ddns.net
Nanocore RAT botnet C2 domain (confidence level: 50%)
domainratsertification.hopto.org
Nanocore RAT botnet C2 domain (confidence level: 50%)
domainyes-dominican.gl.at.ply.gg
NjRAT botnet C2 domain (confidence level: 50%)

Url

ValueDescriptionCopy
urlhttps://www.publynx.com/ajaxaction
FAKEUPDATES botnet C2 (confidence level: 100%)
urlhttps://koslep.com/flare.msi
Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://530182cm.nyashvibe.ru/externalimagepipe_geocpuserverbasewpcentral.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://a1130890.xsph.ru/f1527fee.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://12333333.sasha-solzhenicyn.ru/login
Lumma Stealer botnet C2 (confidence level: 50%)
urlhttp://a1062538.xsph.ru/17156566.php
DCRat botnet C2 (confidence level: 50%)
urlhttp://45.207.212.160/
Hook botnet C2 (confidence level: 50%)
urlhttp://45.207.212.9/
Hook botnet C2 (confidence level: 50%)
urlhttp://154.64.231.82:8888/supershell/login
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://195.82.147.187/login
Lumma Stealer botnet C2 (confidence level: 50%)
urlhttp://47.237.97.169:8888/supershell/login
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://server5.cdneurops.health/
Glupteba botnet C2 (confidence level: 50%)
urlhttp://server9.cdneurop.cloud/
Glupteba botnet C2 (confidence level: 50%)
urlhttp://server14.nisdably.com/
Glupteba botnet C2 (confidence level: 50%)
urlhttp://server10.cdneurops.buzz/
Glupteba botnet C2 (confidence level: 50%)
urlhttp://server4.localstats.org/
Glupteba botnet C2 (confidence level: 50%)
urlhttp://server6.zaoshang.ru/
Glupteba botnet C2 (confidence level: 50%)
urlhttps://onedrive.live.com/download?cid=72ef66c14df86b76&resid=72ef66c14df86b76%21173&authkey=alqcuouptad_r-q
Unknown Loader payload delivery URL (confidence level: 50%)
urlhttps://shool.digital/fdz/api
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://countrnncn.xyz/pxal
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://lixkyf.xyz/taur/api
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://18.193.74.212/requesthttpgeoprocessdatalifepublictemp.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://shutvg.xyz/tamn/api
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://wellrmy.xyz/aotw
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://alignmqsfk.shop/zauw
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://opalxrr.xyz/xoai
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://twinco.top/zapf/api
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://meatmom.icu/art.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://jailykingi.site/api
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://rekrra.run/toia/api
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://files.myamericanmadestory.com/ajaxaction
FAKEUPDATES botnet C2 (confidence level: 100%)
urlhttps://loispaigesimenson.com/lsl/track_is.js
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://loispaigesimenson.com/lsl/index.js
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://anunciaconalianzalima.com/headis.php
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://anunciaconalianzalima.com/psswlwse.zip
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://sstemxehg.shop/gaks
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://30.0.4t.com/
Vidar botnet C2 (confidence level: 100%)
urlhttps://159.69.101.234/
Vidar botnet C2 (confidence level: 100%)
urlhttps://78.47.40.128/
Vidar botnet C2 (confidence level: 100%)
urlhttps://t.me/gu77xt
Vidar botnet C2 (confidence level: 100%)
urlhttps://steamcommunity.com/profiles/76561199863931286
Vidar botnet C2 (confidence level: 100%)
urlhttp://45.204.197.6:8888/supershell/login
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://diamotrix.club/diamo/login.php
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://rurua.fedor-turin.ru/
Lumma Stealer botnet C2 (confidence level: 50%)
urlhttp://843801cm.nyashvibe.ru/external_.php
DCRat botnet C2 (confidence level: 100%)

File

ValueDescriptionCopy
file192.227.247.100
Cobalt Strike botnet C2 server (confidence level: 75%)
file117.72.209.44
Cobalt Strike botnet C2 server (confidence level: 75%)
file113.45.228.7
Cobalt Strike botnet C2 server (confidence level: 75%)
file47.96.128.129
Cobalt Strike botnet C2 server (confidence level: 75%)
file111.229.217.32
Cobalt Strike botnet C2 server (confidence level: 75%)
file43.252.229.158
Cobalt Strike botnet C2 server (confidence level: 75%)
file121.36.53.239
Cobalt Strike botnet C2 server (confidence level: 75%)
file106.75.61.100
Cobalt Strike botnet C2 server (confidence level: 75%)
file1.15.34.67
Cobalt Strike botnet C2 server (confidence level: 75%)
file91.199.163.56
Cobalt Strike botnet C2 server (confidence level: 75%)
file92.65.104.214
Cobalt Strike botnet C2 server (confidence level: 100%)
file82.156.102.187
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.61.106.46
Cobalt Strike botnet C2 server (confidence level: 100%)
file110.41.131.61
Ghost RAT botnet C2 server (confidence level: 100%)
file88.238.139.221
DarkComet botnet C2 server (confidence level: 100%)
file51.83.133.9
Sliver botnet C2 server (confidence level: 100%)
file188.245.255.123
Unknown malware botnet C2 server (confidence level: 100%)
file47.243.67.46
DCRat botnet C2 server (confidence level: 100%)
file34.219.48.185
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file51.38.160.2
Unknown malware botnet C2 server (confidence level: 100%)
file113.106.204.206
Chaos botnet C2 server (confidence level: 100%)
file43.159.42.63
Cobalt Strike botnet C2 server (confidence level: 100%)
file92.65.104.213
Cobalt Strike botnet C2 server (confidence level: 100%)
file34.118.27.53
Sliver botnet C2 server (confidence level: 90%)
file196.251.116.138
AsyncRAT botnet C2 server (confidence level: 100%)
file124.198.132.186
AsyncRAT botnet C2 server (confidence level: 100%)
file124.198.132.186
AsyncRAT botnet C2 server (confidence level: 100%)
file37.27.254.21
Unknown malware botnet C2 server (confidence level: 100%)
file82.115.26.167
Unknown malware botnet C2 server (confidence level: 100%)
file185.241.208.247
Havoc botnet C2 server (confidence level: 100%)
file88.208.3.157
Nimplant botnet C2 server (confidence level: 100%)
file52.78.46.140
Unknown malware botnet C2 server (confidence level: 100%)
file47.108.208.162
Unknown malware botnet C2 server (confidence level: 100%)
file194.110.220.76
Unknown malware botnet C2 server (confidence level: 100%)
file47.100.137.234
Unknown malware botnet C2 server (confidence level: 100%)
file194.110.220.73
Unknown malware botnet C2 server (confidence level: 100%)
file44.204.36.169
Unknown malware botnet C2 server (confidence level: 100%)
file167.235.154.101
Unknown malware botnet C2 server (confidence level: 100%)
file34.195.162.232
Unknown malware botnet C2 server (confidence level: 100%)
file117.72.40.30
Unknown malware botnet C2 server (confidence level: 100%)
file152.42.170.82
Unknown malware botnet C2 server (confidence level: 100%)
file148.230.153.56
Unknown malware botnet C2 server (confidence level: 100%)
file80.79.7.219
Unknown malware botnet C2 server (confidence level: 100%)
file179.43.176.3
Remcos botnet C2 server (confidence level: 100%)
file192.169.69.26
NjRAT botnet C2 server (confidence level: 100%)
file193.233.203.186
Mirai botnet C2 server (confidence level: 75%)
file87.121.84.163
Mirai botnet C2 server (confidence level: 75%)
file64.52.80.103
Sliver botnet C2 server (confidence level: 100%)
file145.223.68.184
Sliver botnet C2 server (confidence level: 100%)
file82.65.203.216
Venom RAT botnet C2 server (confidence level: 100%)
file93.198.178.231
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file45.153.34.181
Rhadamanthys botnet C2 server (confidence level: 100%)
file14.225.204.104
Cobalt Strike botnet C2 server (confidence level: 50%)
file107.173.154.215
Cobalt Strike botnet C2 server (confidence level: 50%)
file112.124.39.205
Cobalt Strike botnet C2 server (confidence level: 50%)
file45.195.197.1
Cobalt Strike botnet C2 server (confidence level: 50%)
file103.103.46.33
Cobalt Strike botnet C2 server (confidence level: 50%)
file148.113.9.166
Unknown malware botnet C2 server (confidence level: 50%)
file51.91.252.135
Unknown malware botnet C2 server (confidence level: 50%)
file167.172.231.158
Sliver botnet C2 server (confidence level: 50%)
file206.206.78.238
Sliver botnet C2 server (confidence level: 50%)
file223.26.76.20
Sliver botnet C2 server (confidence level: 50%)
file95.111.238.110
Sliver botnet C2 server (confidence level: 50%)
file154.62.226.187
Sliver botnet C2 server (confidence level: 50%)
file77.110.105.214
Sliver botnet C2 server (confidence level: 50%)
file196.251.85.209
Sliver botnet C2 server (confidence level: 50%)
file18.201.198.70
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file108.137.71.89
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file108.137.71.89
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file108.137.71.89
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file108.137.71.89
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file108.137.71.89
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file108.137.71.89
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file16.52.40.95
BlackShades botnet C2 server (confidence level: 50%)
file16.52.40.95
BlackShades botnet C2 server (confidence level: 50%)
file51.17.159.176
BlackShades botnet C2 server (confidence level: 50%)
file80.209.230.191
Unknown malware botnet C2 server (confidence level: 50%)
file149.210.76.119
Ghost RAT botnet C2 server (confidence level: 50%)
file37.106.35.42
Poison Ivy botnet C2 server (confidence level: 50%)
file118.122.8.157
Unknown malware botnet C2 server (confidence level: 50%)
file27.102.138.222
Kimsuky botnet C2 server (confidence level: 50%)
file24.158.32.227
QakBot botnet C2 server (confidence level: 75%)
file172.65.175.19
Remcos botnet C2 server (confidence level: 50%)
file94.99.34.46
QakBot botnet C2 server (confidence level: 75%)
file145.223.68.184
Sliver botnet C2 server (confidence level: 50%)
file145.223.68.184
Sliver botnet C2 server (confidence level: 50%)
file145.223.68.184
Sliver payload delivery server (confidence level: 50%)
file121.36.94.149
Ghost RAT botnet C2 server (confidence level: 100%)
file86.54.42.68
Mirai botnet C2 server (confidence level: 100%)
file103.68.181.196
ValleyRAT botnet C2 server (confidence level: 100%)
file1.95.82.232
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.58.204.174
Cobalt Strike botnet C2 server (confidence level: 100%)
file60.205.204.3
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.139.178.211
Cobalt Strike botnet C2 server (confidence level: 100%)
file114.34.241.92
Unknown malware botnet C2 server (confidence level: 100%)
file212.23.222.32
AsyncRAT botnet C2 server (confidence level: 100%)
file185.149.120.38
AsyncRAT botnet C2 server (confidence level: 100%)
file148.135.101.111
Unknown malware botnet C2 server (confidence level: 100%)
file20.195.8.103
Unknown malware botnet C2 server (confidence level: 100%)
file103.85.246.194
Hook botnet C2 server (confidence level: 100%)
file192.144.179.101
Havoc botnet C2 server (confidence level: 100%)
file185.203.118.105
Havoc botnet C2 server (confidence level: 100%)
file13.59.93.28
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file193.5.65.117
Chaos botnet C2 server (confidence level: 100%)
file1.82.253.69
Chaos botnet C2 server (confidence level: 100%)
file123.57.24.157
ValleyRAT botnet C2 server (confidence level: 100%)
file166.88.164.224
FAKEUPDATES botnet C2 server (confidence level: 100%)
file23.227.198.208
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file120.25.121.197
Cobalt Strike botnet C2 server (confidence level: 100%)
file92.65.104.212
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.213.237.239
Cobalt Strike botnet C2 server (confidence level: 100%)
file172.111.200.240
Remcos botnet C2 server (confidence level: 100%)
file51.83.133.9
Sliver botnet C2 server (confidence level: 100%)
file63.133.222.220
AsyncRAT botnet C2 server (confidence level: 100%)
file173.249.29.108
AsyncRAT botnet C2 server (confidence level: 100%)
file18.116.72.245
AsyncRAT botnet C2 server (confidence level: 100%)
file185.208.156.169
AsyncRAT botnet C2 server (confidence level: 100%)
file124.198.132.186
AsyncRAT botnet C2 server (confidence level: 100%)
file8.222.135.47
Unknown malware botnet C2 server (confidence level: 100%)
file95.179.167.116
Havoc botnet C2 server (confidence level: 100%)
file176.9.29.148
Havoc botnet C2 server (confidence level: 100%)
file158.247.202.163
Havoc botnet C2 server (confidence level: 100%)
file94.156.144.8
Havoc botnet C2 server (confidence level: 100%)
file13.245.28.228
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file94.26.90.72
Latrodectus botnet C2 server (confidence level: 90%)
file103.87.10.193
MooBot botnet C2 server (confidence level: 100%)
file151.242.63.156
Unknown RAT botnet C2 server (confidence level: 75%)
file159.69.101.234
Vidar botnet C2 server (confidence level: 100%)
file78.47.40.128
Vidar botnet C2 server (confidence level: 100%)
file91.107.162.239
Vidar botnet C2 server (confidence level: 100%)
file91.99.134.60
Vidar botnet C2 server (confidence level: 100%)
file196.251.88.165
MooBot botnet C2 server (confidence level: 100%)
file78.142.218.142
XWorm botnet C2 server (confidence level: 100%)
file24.199.93.68
Sliver botnet C2 server (confidence level: 50%)
file168.119.108.110
Sliver botnet C2 server (confidence level: 50%)
file23.227.203.158
Nanocore RAT botnet C2 server (confidence level: 50%)
file13.60.198.129
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file193.149.176.31
SectopRAT botnet C2 server (confidence level: 50%)
file64.176.54.73
Havoc botnet C2 server (confidence level: 50%)
file217.119.129.92
Unknown Stealer botnet C2 server (confidence level: 50%)
file120.46.212.33
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.37.25.68
Cobalt Strike botnet C2 server (confidence level: 100%)
file54.91.52.238
Sliver botnet C2 server (confidence level: 100%)
file107.22.116.65
Sliver botnet C2 server (confidence level: 100%)
file38.54.29.25
ShadowPad botnet C2 server (confidence level: 90%)
file128.90.113.229
AsyncRAT botnet C2 server (confidence level: 100%)
file45.138.16.192
AsyncRAT botnet C2 server (confidence level: 100%)
file159.100.9.105
Unknown malware botnet C2 server (confidence level: 100%)
file193.233.113.0
Hook botnet C2 server (confidence level: 100%)
file72.14.179.130
Havoc botnet C2 server (confidence level: 100%)
file16.51.81.255
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file94.26.90.74
Latrodectus botnet C2 server (confidence level: 90%)
file196.251.80.94
RedLine Stealer botnet C2 server (confidence level: 100%)
file185.196.11.241
ResolverRAT botnet C2 server (confidence level: 50%)
file149.28.137.96
Havoc botnet C2 server (confidence level: 75%)
file154.247.28.115
QakBot botnet C2 server (confidence level: 75%)
file45.154.1.195
Cobalt Strike botnet C2 server (confidence level: 75%)
file206.238.220.24
ValleyRAT botnet C2 server (confidence level: 100%)
file67.205.163.232
Chaos botnet C2 server (confidence level: 50%)
file101.72.251.65
Cobalt Strike botnet C2 server (confidence level: 75%)
file182.140.222.79
Cobalt Strike botnet C2 server (confidence level: 75%)
file43.132.216.81
ValleyRAT botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8000
Ghost RAT botnet C2 server (confidence level: 100%)
hash30005
DarkComet botnet C2 server (confidence level: 100%)
hash8443
Sliver botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
DCRat botnet C2 server (confidence level: 100%)
hash39931
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash10000
Unknown malware botnet C2 server (confidence level: 100%)
hash47486
Chaos botnet C2 server (confidence level: 100%)
hash8090
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 90%)
hash7777
AsyncRAT botnet C2 server (confidence level: 100%)
hash4444
AsyncRAT botnet C2 server (confidence level: 100%)
hash8008
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash2408
Nimplant botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash10010
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash10010
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3334
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash9205
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3391
Remcos botnet C2 server (confidence level: 100%)
hash28387
NjRAT botnet C2 server (confidence level: 100%)
hash3778
Mirai botnet C2 server (confidence level: 75%)
hash3778
Mirai botnet C2 server (confidence level: 75%)
hash80
Sliver botnet C2 server (confidence level: 100%)
hash8080
Sliver botnet C2 server (confidence level: 100%)
hash4444
Venom RAT botnet C2 server (confidence level: 100%)
hash81
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash4243
Rhadamanthys botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 50%)
hash9191
Cobalt Strike botnet C2 server (confidence level: 50%)
hash18099
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8083
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash55000
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash9152
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash5252
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash2202
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash12252
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash6002
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash16052
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash16075
BlackShades botnet C2 server (confidence level: 50%)
hash12425
BlackShades botnet C2 server (confidence level: 50%)
hash11
BlackShades botnet C2 server (confidence level: 50%)
hash7443
Unknown malware botnet C2 server (confidence level: 50%)
hash443
Ghost RAT botnet C2 server (confidence level: 50%)
hash3460
Poison Ivy botnet C2 server (confidence level: 50%)
hash10089
Unknown malware botnet C2 server (confidence level: 50%)
hash80
Kimsuky botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash2404
Remcos botnet C2 server (confidence level: 50%)
hash2087
QakBot botnet C2 server (confidence level: 75%)
hash443
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash80
Sliver payload delivery server (confidence level: 50%)
hash8080
Ghost RAT botnet C2 server (confidence level: 100%)
hash1995
Mirai botnet C2 server (confidence level: 100%)
hash1688
ValleyRAT botnet C2 server (confidence level: 100%)
hash88
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash7443
Havoc botnet C2 server (confidence level: 100%)
hash10000
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8080
Chaos botnet C2 server (confidence level: 100%)
hash54681
Chaos botnet C2 server (confidence level: 100%)
hash9999
ValleyRAT botnet C2 server (confidence level: 100%)
hash443
FAKEUPDATES botnet C2 server (confidence level: 100%)
hash443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8880
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8089
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash80
Sliver botnet C2 server (confidence level: 100%)
hash2222
AsyncRAT botnet C2 server (confidence level: 100%)
hash9000
AsyncRAT botnet C2 server (confidence level: 100%)
hash81
AsyncRAT botnet C2 server (confidence level: 100%)
hash6506
AsyncRAT botnet C2 server (confidence level: 100%)
hash6006
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash8443
Havoc botnet C2 server (confidence level: 100%)
hash7523
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443
Latrodectus botnet C2 server (confidence level: 90%)
hash53173
MooBot botnet C2 server (confidence level: 100%)
hash8041
Unknown RAT botnet C2 server (confidence level: 75%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash59211
MooBot botnet C2 server (confidence level: 100%)
hash5353
XWorm botnet C2 server (confidence level: 100%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash54984
Nanocore RAT botnet C2 server (confidence level: 50%)
hash70
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash9000
SectopRAT botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash80
Unknown Stealer botnet C2 server (confidence level: 50%)
hash1112
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash443
ShadowPad botnet C2 server (confidence level: 90%)
hash5000
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash8080
Havoc botnet C2 server (confidence level: 100%)
hash13000
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443
Latrodectus botnet C2 server (confidence level: 90%)
hash1912
RedLine Stealer botnet C2 server (confidence level: 100%)
hash56001
ResolverRAT botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 75%)
hash22
QakBot botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash7777
ValleyRAT botnet C2 server (confidence level: 100%)
hash8080
Chaos botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash499
ValleyRAT botnet C2 server (confidence level: 100%)

Threat ID: 68488af8b74e04a9958ce241

Added to database: 6/10/2025, 7:43:52 PM

Last enriched: 7/10/2025, 9:03:30 PM

Last updated: 8/16/2025, 2:29:57 AM

Views: 35

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats