ThreatFox IOCs for 2025-06-09
ThreatFox IOCs for 2025-06-09
AI Analysis
Technical Summary
The provided information pertains to a security threat categorized as malware, specifically related to ThreatFox Indicators of Compromise (IOCs) dated 2025-06-09. ThreatFox is a platform that aggregates and shares threat intelligence, particularly IOCs, which are artifacts observed on a network or in operating systems that indicate a potential intrusion. The threat is tagged under OSINT (Open Source Intelligence), payload delivery, and network activity, suggesting it involves the delivery of malicious payloads over a network and is shared as open-source intelligence for detection and analysis purposes. However, the data lacks specific technical details such as affected software versions, exploit mechanisms, or detailed indicators, and no known exploits in the wild have been reported. The threat level is indicated as medium, with a threatLevel score of 2 and distribution score of 3, implying moderate dissemination or relevance. The absence of patches or mitigation links suggests this is more an intelligence feed entry than a newly discovered vulnerability or exploit. The threat appears to be a collection or update of IOCs rather than a standalone exploit or malware strain, serving as a resource for security teams to detect and respond to potential malicious activity. The lack of CWEs and detailed technical analysis limits the ability to pinpoint exact attack vectors or payload specifics. Overall, this represents a medium-severity intelligence update on malware-related network activity and payload delivery indicators, intended to aid detection rather than describing a novel or active exploit.
Potential Impact
For European organizations, the impact of this threat primarily lies in the potential for improved detection and response capabilities through the integration of these IOCs into security monitoring tools. Since no active exploits or specific vulnerabilities are identified, the direct risk of compromise from this threat feed is low. However, failure to incorporate such threat intelligence could leave organizations more vulnerable to malware infections or network intrusions that these IOCs help identify. The medium severity suggests that the threat intelligence may relate to malware campaigns or payload delivery methods that could affect confidentiality, integrity, or availability if successfully executed. European organizations with mature security operations centers (SOCs) and threat intelligence teams stand to benefit most by leveraging this data to enhance their detection rules and incident response. Conversely, organizations lacking such capabilities may be at increased risk of undetected malware activity. The absence of patches or exploit details means the threat is more about awareness and detection than immediate remediation. Overall, the impact is indirect but important for maintaining robust cybersecurity postures in Europe.
Mitigation Recommendations
1. Integrate the provided ThreatFox IOCs into existing Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), and endpoint detection and response (EDR) tools to enhance detection capabilities. 2. Regularly update threat intelligence feeds and ensure automated ingestion of new IOCs to maintain up-to-date defenses. 3. Conduct network traffic analysis focusing on payload delivery mechanisms and suspicious network activity patterns highlighted by the IOCs. 4. Train SOC analysts and incident responders to recognize and investigate alerts generated from these IOCs promptly. 5. Implement network segmentation and strict egress filtering to limit the potential spread or communication of malware payloads. 6. Maintain robust backup and recovery procedures to mitigate impact in case of successful malware infection. 7. Collaborate with information sharing organizations and national cybersecurity centers to contextualize these IOCs within local threat landscapes. 8. Since no patches are available, focus on detection, containment, and response rather than remediation of a specific vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- domain: latarelisafi.pro
- url: https://www.publynx.com/ajaxaction
- domain: analyticanods.com
- domain: security.garudflores.com
- domain: koslep.com
- url: https://koslep.com/flare.msi
- file: 192.227.247.100
- hash: 443
- file: 117.72.209.44
- hash: 443
- file: 113.45.228.7
- hash: 443
- file: 47.96.128.129
- hash: 443
- file: 111.229.217.32
- hash: 443
- file: 43.252.229.158
- hash: 443
- file: 121.36.53.239
- hash: 443
- file: 106.75.61.100
- hash: 443
- file: 1.15.34.67
- hash: 443
- file: 91.199.163.56
- hash: 443
- file: 92.65.104.214
- hash: 8080
- file: 82.156.102.187
- hash: 443
- file: 121.61.106.46
- hash: 444
- file: 110.41.131.61
- hash: 8000
- file: 88.238.139.221
- hash: 30005
- file: 51.83.133.9
- hash: 8443
- file: 188.245.255.123
- hash: 443
- file: 47.243.67.46
- hash: 8888
- file: 34.219.48.185
- hash: 39931
- file: 51.38.160.2
- hash: 10000
- file: 113.106.204.206
- hash: 47486
- url: http://530182cm.nyashvibe.ru/externalimagepipe_geocpuserverbasewpcentral.php
- url: http://a1130890.xsph.ru/f1527fee.php
- domain: www.zestarcade.xyz
- file: 43.159.42.63
- hash: 8090
- file: 92.65.104.213
- hash: 8080
- file: 34.118.27.53
- hash: 443
- file: 196.251.116.138
- hash: 7777
- file: 124.198.132.186
- hash: 4444
- file: 124.198.132.186
- hash: 8008
- file: 37.27.254.21
- hash: 443
- file: 82.115.26.167
- hash: 7443
- file: 185.241.208.247
- hash: 443
- file: 88.208.3.157
- hash: 2408
- file: 52.78.46.140
- hash: 60000
- file: 47.108.208.162
- hash: 60000
- file: 194.110.220.76
- hash: 10010
- file: 47.100.137.234
- hash: 3333
- file: 194.110.220.73
- hash: 10010
- file: 44.204.36.169
- hash: 3333
- file: 167.235.154.101
- hash: 3334
- file: 34.195.162.232
- hash: 443
- file: 117.72.40.30
- hash: 9205
- file: 152.42.170.82
- hash: 3333
- file: 148.230.153.56
- hash: 3333
- file: 80.79.7.219
- hash: 3333
- file: 179.43.176.3
- hash: 3391
- file: 192.169.69.26
- hash: 28387
- file: 193.233.203.186
- hash: 3778
- file: 87.121.84.163
- hash: 3778
- file: 64.52.80.103
- hash: 80
- file: 145.223.68.184
- hash: 8080
- file: 82.65.203.216
- hash: 4444
- file: 93.198.178.231
- hash: 81
- file: 45.153.34.181
- hash: 4243
- domain: assistance-trash.gl.at.ply.gg
- domain: department-monica.gl.at.ply.gg
- domain: hatem2youssef.duckdns.org
- domain: hatem2youssef2.duckdns.org
- domain: khalifarema.zapto.org
- file: 14.225.204.104
- hash: 80
- file: 107.173.154.215
- hash: 9191
- file: 112.124.39.205
- hash: 18099
- file: 45.195.197.1
- hash: 8083
- file: 103.103.46.33
- hash: 443
- file: 148.113.9.166
- hash: 3333
- file: 51.91.252.135
- hash: 3333
- file: 167.172.231.158
- hash: 31337
- file: 206.206.78.238
- hash: 31337
- file: 223.26.76.20
- hash: 31337
- file: 95.111.238.110
- hash: 31337
- file: 154.62.226.187
- hash: 31337
- file: 77.110.105.214
- hash: 31337
- file: 196.251.85.209
- hash: 31337
- file: 18.201.198.70
- hash: 55000
- file: 108.137.71.89
- hash: 9152
- file: 108.137.71.89
- hash: 5252
- file: 108.137.71.89
- hash: 2202
- file: 108.137.71.89
- hash: 12252
- file: 108.137.71.89
- hash: 6002
- file: 108.137.71.89
- hash: 16052
- file: 16.52.40.95
- hash: 16075
- file: 16.52.40.95
- hash: 12425
- file: 51.17.159.176
- hash: 11
- file: 80.209.230.191
- hash: 7443
- file: 149.210.76.119
- hash: 443
- file: 37.106.35.42
- hash: 3460
- file: 118.122.8.157
- hash: 10089
- file: 27.102.138.222
- hash: 80
- url: https://12333333.sasha-solzhenicyn.ru/login
- url: http://a1062538.xsph.ru/17156566.php
- url: http://45.207.212.160/
- url: http://45.207.212.9/
- url: http://154.64.231.82:8888/supershell/login
- url: http://195.82.147.187/login
- url: http://47.237.97.169:8888/supershell/login
- url: http://server5.cdneurops.health/
- url: http://server9.cdneurop.cloud/
- url: http://server14.nisdably.com/
- url: http://server10.cdneurops.buzz/
- url: http://server4.localstats.org/
- url: http://server6.zaoshang.ru/
- file: 24.158.32.227
- hash: 443
- domain: includes-contents.gl.at.ply.gg
- domain: jcapi.xboxwl.com
- domain: cable-knife.gl.at.ply.gg
- domain: ulljq8tna.localto.net
- url: https://onedrive.live.com/download?cid=72ef66c14df86b76&resid=72ef66c14df86b76%21173&authkey=alqcuouptad_r-q
- domain: m1dni9ht.ddns.net
- domain: test.galaxias.cc
- domain: drug-demonstrated.gl.at.ply.gg
- domain: photographers-ecological.with.playit.plus
- domain: liberator247.pagekite.me
- domain: ishimmiri1.duckdns.org
- domain: ishimmiri1bk.duckdns.org
- file: 172.65.175.19
- hash: 2404
- domain: elromio-50314.portmap.io
- file: 94.99.34.46
- hash: 2087
- file: 145.223.68.184
- hash: 443
- file: 145.223.68.184
- hash: 31337
- file: 145.223.68.184
- hash: 80
- file: 121.36.94.149
- hash: 8080
- domain: take-sherman.gl.at.ply.gg
- domain: cp71691.tw1.ru
- url: https://shool.digital/fdz/api
- domain: hotel.wildhorsehotel.net
- file: 86.54.42.68
- hash: 1995
- url: https://countrnncn.xyz/pxal
- url: https://lixkyf.xyz/taur/api
- url: http://18.193.74.212/requesthttpgeoprocessdatalifepublictemp.php
- url: https://shutvg.xyz/tamn/api
- url: https://wellrmy.xyz/aotw
- url: https://alignmqsfk.shop/zauw
- url: https://opalxrr.xyz/xoai
- url: https://twinco.top/zapf/api
- domain: wbvhelp.top
- url: https://meatmom.icu/art.php
- domain: jailykingi.site
- file: 103.68.181.196
- hash: 1688
- url: https://jailykingi.site/api
- domain: bevm.fun
- domain: playontoy.run
- domain: lasbmt.xyz
- domain: miyelv.xyz
- domain: kinwlyo.xyz
- domain: coedxz.xyz
- domain: cryymd.xyz
- domain: geglrx.xyz
- domain: swydug.xyz
- domain: psalgd.xyz
- domain: totplh.xyz
- domain: garexqz.xyz
- domain: fullnjd.xyz
- domain: herwxtx.xyz
- domain: thicew.xyz
- domain: wojbi.xyz
- domain: dicyth.xyz
- domain: stomrnd.xyz
- domain: totalqt.xyz
- domain: lixkyf.xyz
- domain: opalxrr.xyz
- domain: shutvg.xyz
- domain: wellrmy.xyz
- domain: frustreghm.xyz
- domain: countrnncn.xyz
- file: 1.95.82.232
- hash: 88
- file: 154.58.204.174
- hash: 443
- url: https://rekrra.run/toia/api
- file: 60.205.204.3
- hash: 443
- file: 43.139.178.211
- hash: 80
- file: 114.34.241.92
- hash: 443
- file: 212.23.222.32
- hash: 8808
- file: 185.149.120.38
- hash: 8808
- file: 148.135.101.111
- hash: 7443
- file: 20.195.8.103
- hash: 7443
- file: 103.85.246.194
- hash: 8089
- file: 192.144.179.101
- hash: 443
- file: 185.203.118.105
- hash: 7443
- file: 13.59.93.28
- hash: 10000
- file: 193.5.65.117
- hash: 8080
- file: 1.82.253.69
- hash: 54681
- domain: wilvrdu.top
- domain: plapwf.top
- domain: abezgec.top
- domain: favgqu.shop
- file: 123.57.24.157
- hash: 9999
- url: https://files.myamericanmadestory.com/ajaxaction
- domain: files.myamericanmadestory.com
- file: 166.88.164.224
- hash: 443
- domain: peqywb.top
- domain: blackholez.shop
- domain: accsrf.top
- domain: poxtlb.shop
- domain: prihxo.shop
- domain: hugevcdn.pro
- domain: web.vfmhelp.top
- url: https://loispaigesimenson.com/lsl/track_is.js
- domain: loispaigesimenson.com
- url: https://loispaigesimenson.com/lsl/index.js
- url: https://anunciaconalianzalima.com/headis.php
- url: https://anunciaconalianzalima.com/psswlwse.zip
- domain: anunciaconalianzalima.com
- file: 23.227.198.208
- hash: 443
- url: https://sstemxehg.shop/gaks
- file: 120.25.121.197
- hash: 8880
- file: 92.65.104.212
- hash: 8080
- file: 8.213.237.239
- hash: 8089
- file: 172.111.200.240
- hash: 2404
- file: 51.83.133.9
- hash: 80
- file: 63.133.222.220
- hash: 2222
- file: 173.249.29.108
- hash: 9000
- file: 18.116.72.245
- hash: 81
- file: 185.208.156.169
- hash: 6506
- file: 124.198.132.186
- hash: 6006
- file: 8.222.135.47
- hash: 7443
- domain: themegaprovider.ddns.net
- file: 95.179.167.116
- hash: 443
- file: 176.9.29.148
- hash: 443
- file: 158.247.202.163
- hash: 443
- file: 94.156.144.8
- hash: 8443
- file: 13.245.28.228
- hash: 7523
- file: 94.26.90.72
- hash: 443
- file: 103.87.10.193
- hash: 53173
- domain: qoansbw2.anondns.net
- file: 151.242.63.156
- hash: 8041
- url: https://30.0.4t.com/
- url: https://159.69.101.234/
- url: https://78.47.40.128/
- file: 159.69.101.234
- hash: 443
- file: 78.47.40.128
- hash: 443
- domain: 30.0.4t.com
- url: https://t.me/gu77xt
- url: https://steamcommunity.com/profiles/76561199863931286
- file: 91.107.162.239
- hash: 443
- file: 91.99.134.60
- hash: 443
- file: 196.251.88.165
- hash: 59211
- domain: dedhq.run
- domain: pothoai.run
- domain: hyxhxi.shop
- domain: smoapwc.shop
- domain: acrmfy.live
- domain: thiroqu.live
- domain: c-largely.gl.at.ply.gg
- file: 78.142.218.142
- hash: 5353
- file: 24.199.93.68
- hash: 31337
- file: 168.119.108.110
- hash: 31337
- file: 23.227.203.158
- hash: 54984
- file: 13.60.198.129
- hash: 70
- file: 193.149.176.31
- hash: 9000
- file: 64.176.54.73
- hash: 443
- file: 217.119.129.92
- hash: 80
- url: http://45.204.197.6:8888/supershell/login
- url: http://diamotrix.club/diamo/login.php
- url: http://rurua.fedor-turin.ru/
- domain: puffin1488.no-ip.biz
- domain: botnet.s3ox11.com
- domain: host.mrighosting.info
- domain: efjeqfqe.ddns.net
- domain: ratsertification.hopto.org
- domain: yes-dominican.gl.at.ply.gg
- file: 120.46.212.33
- hash: 1112
- file: 121.37.25.68
- hash: 80
- file: 54.91.52.238
- hash: 443
- file: 107.22.116.65
- hash: 443
- file: 38.54.29.25
- hash: 443
- file: 128.90.113.229
- hash: 5000
- file: 45.138.16.192
- hash: 8808
- file: 159.100.9.105
- hash: 7443
- file: 193.233.113.0
- hash: 80
- file: 72.14.179.130
- hash: 8080
- file: 16.51.81.255
- hash: 13000
- file: 94.26.90.74
- hash: 443
- file: 196.251.80.94
- hash: 1912
- file: 185.196.11.241
- hash: 56001
- file: 149.28.137.96
- hash: 443
- file: 154.247.28.115
- hash: 22
- file: 45.154.1.195
- hash: 53
- file: 206.238.220.24
- hash: 7777
- url: http://843801cm.nyashvibe.ru/external_.php
- file: 67.205.163.232
- hash: 8080
- file: 101.72.251.65
- hash: 443
- file: 182.140.222.79
- hash: 443
- file: 43.132.216.81
- hash: 499
ThreatFox IOCs for 2025-06-09
Description
ThreatFox IOCs for 2025-06-09
AI-Powered Analysis
Technical Analysis
The provided information pertains to a security threat categorized as malware, specifically related to ThreatFox Indicators of Compromise (IOCs) dated 2025-06-09. ThreatFox is a platform that aggregates and shares threat intelligence, particularly IOCs, which are artifacts observed on a network or in operating systems that indicate a potential intrusion. The threat is tagged under OSINT (Open Source Intelligence), payload delivery, and network activity, suggesting it involves the delivery of malicious payloads over a network and is shared as open-source intelligence for detection and analysis purposes. However, the data lacks specific technical details such as affected software versions, exploit mechanisms, or detailed indicators, and no known exploits in the wild have been reported. The threat level is indicated as medium, with a threatLevel score of 2 and distribution score of 3, implying moderate dissemination or relevance. The absence of patches or mitigation links suggests this is more an intelligence feed entry than a newly discovered vulnerability or exploit. The threat appears to be a collection or update of IOCs rather than a standalone exploit or malware strain, serving as a resource for security teams to detect and respond to potential malicious activity. The lack of CWEs and detailed technical analysis limits the ability to pinpoint exact attack vectors or payload specifics. Overall, this represents a medium-severity intelligence update on malware-related network activity and payload delivery indicators, intended to aid detection rather than describing a novel or active exploit.
Potential Impact
For European organizations, the impact of this threat primarily lies in the potential for improved detection and response capabilities through the integration of these IOCs into security monitoring tools. Since no active exploits or specific vulnerabilities are identified, the direct risk of compromise from this threat feed is low. However, failure to incorporate such threat intelligence could leave organizations more vulnerable to malware infections or network intrusions that these IOCs help identify. The medium severity suggests that the threat intelligence may relate to malware campaigns or payload delivery methods that could affect confidentiality, integrity, or availability if successfully executed. European organizations with mature security operations centers (SOCs) and threat intelligence teams stand to benefit most by leveraging this data to enhance their detection rules and incident response. Conversely, organizations lacking such capabilities may be at increased risk of undetected malware activity. The absence of patches or exploit details means the threat is more about awareness and detection than immediate remediation. Overall, the impact is indirect but important for maintaining robust cybersecurity postures in Europe.
Mitigation Recommendations
1. Integrate the provided ThreatFox IOCs into existing Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), and endpoint detection and response (EDR) tools to enhance detection capabilities. 2. Regularly update threat intelligence feeds and ensure automated ingestion of new IOCs to maintain up-to-date defenses. 3. Conduct network traffic analysis focusing on payload delivery mechanisms and suspicious network activity patterns highlighted by the IOCs. 4. Train SOC analysts and incident responders to recognize and investigate alerts generated from these IOCs promptly. 5. Implement network segmentation and strict egress filtering to limit the potential spread or communication of malware payloads. 6. Maintain robust backup and recovery procedures to mitigate impact in case of successful malware infection. 7. Collaborate with information sharing organizations and national cybersecurity centers to contextualize these IOCs within local threat landscapes. 8. Since no patches are available, focus on detection, containment, and response rather than remediation of a specific vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 80599db0-5392-45fb-88b1-32056b1636b5
- Original Timestamp
- 1749513786
Indicators of Compromise
Domain
Value | Description | Copy |
---|---|---|
domainlatarelisafi.pro | Unknown Loader payload delivery domain (confidence level: 90%) | |
domainanalyticanods.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainsecurity.garudflores.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainkoslep.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainwww.zestarcade.xyz | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainassistance-trash.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaindepartment-monica.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainhatem2youssef.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainhatem2youssef2.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainkhalifarema.zapto.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainincludes-contents.gl.at.ply.gg | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainjcapi.xboxwl.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaincable-knife.gl.at.ply.gg | DCRat botnet C2 domain (confidence level: 50%) | |
domainulljq8tna.localto.net | DCRat botnet C2 domain (confidence level: 50%) | |
domainm1dni9ht.ddns.net | Mirai botnet C2 domain (confidence level: 50%) | |
domaintest.galaxias.cc | Mirai botnet C2 domain (confidence level: 50%) | |
domaindrug-demonstrated.gl.at.ply.gg | Nanocore RAT botnet C2 domain (confidence level: 50%) | |
domainphotographers-ecological.with.playit.plus | NjRAT botnet C2 domain (confidence level: 50%) | |
domainliberator247.pagekite.me | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainishimmiri1.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainishimmiri1bk.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainelromio-50314.portmap.io | XWorm botnet C2 domain (confidence level: 50%) | |
domaintake-sherman.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaincp71691.tw1.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainhotel.wildhorsehotel.net | Mirai botnet C2 domain (confidence level: 100%) | |
domainwbvhelp.top | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainjailykingi.site | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbevm.fun | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainplayontoy.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainlasbmt.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainmiyelv.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainkinwlyo.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaincoedxz.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaincryymd.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaingeglrx.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainswydug.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainpsalgd.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaintotplh.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaingarexqz.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainfullnjd.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainherwxtx.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainthicew.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainwojbi.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaindicyth.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainstomrnd.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaintotalqt.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainlixkyf.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainopalxrr.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainshutvg.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainwellrmy.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainfrustreghm.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaincountrnncn.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainwilvrdu.top | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainplapwf.top | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainabezgec.top | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainfavgqu.shop | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainfiles.myamericanmadestory.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainpeqywb.top | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainblackholez.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainaccsrf.top | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainpoxtlb.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainprihxo.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainhugevcdn.pro | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainweb.vfmhelp.top | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainloispaigesimenson.com | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainanunciaconalianzalima.com | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainthemegaprovider.ddns.net | Havoc botnet C2 domain (confidence level: 100%) | |
domainqoansbw2.anondns.net | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domain30.0.4t.com | Vidar botnet C2 domain (confidence level: 100%) | |
domaindedhq.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainpothoai.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainhyxhxi.shop | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainsmoapwc.shop | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainacrmfy.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainthiroqu.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainc-largely.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainpuffin1488.no-ip.biz | DarkComet botnet C2 domain (confidence level: 50%) | |
domainbotnet.s3ox11.com | Mirai botnet C2 domain (confidence level: 50%) | |
domainhost.mrighosting.info | Mirai botnet C2 domain (confidence level: 50%) | |
domainefjeqfqe.ddns.net | Nanocore RAT botnet C2 domain (confidence level: 50%) | |
domainratsertification.hopto.org | Nanocore RAT botnet C2 domain (confidence level: 50%) | |
domainyes-dominican.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 50%) |
Url
Value | Description | Copy |
---|---|---|
urlhttps://www.publynx.com/ajaxaction | FAKEUPDATES botnet C2 (confidence level: 100%) | |
urlhttps://koslep.com/flare.msi | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://530182cm.nyashvibe.ru/externalimagepipe_geocpuserverbasewpcentral.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://a1130890.xsph.ru/f1527fee.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://12333333.sasha-solzhenicyn.ru/login | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttp://a1062538.xsph.ru/17156566.php | DCRat botnet C2 (confidence level: 50%) | |
urlhttp://45.207.212.160/ | Hook botnet C2 (confidence level: 50%) | |
urlhttp://45.207.212.9/ | Hook botnet C2 (confidence level: 50%) | |
urlhttp://154.64.231.82:8888/supershell/login | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://195.82.147.187/login | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttp://47.237.97.169:8888/supershell/login | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://server5.cdneurops.health/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttp://server9.cdneurop.cloud/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttp://server14.nisdably.com/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttp://server10.cdneurops.buzz/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttp://server4.localstats.org/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttp://server6.zaoshang.ru/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://onedrive.live.com/download?cid=72ef66c14df86b76&resid=72ef66c14df86b76%21173&authkey=alqcuouptad_r-q | Unknown Loader payload delivery URL (confidence level: 50%) | |
urlhttps://shool.digital/fdz/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://countrnncn.xyz/pxal | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://lixkyf.xyz/taur/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://18.193.74.212/requesthttpgeoprocessdatalifepublictemp.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://shutvg.xyz/tamn/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://wellrmy.xyz/aotw | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://alignmqsfk.shop/zauw | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://opalxrr.xyz/xoai | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://twinco.top/zapf/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://meatmom.icu/art.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttps://jailykingi.site/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://rekrra.run/toia/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://files.myamericanmadestory.com/ajaxaction | FAKEUPDATES botnet C2 (confidence level: 100%) | |
urlhttps://loispaigesimenson.com/lsl/track_is.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://loispaigesimenson.com/lsl/index.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://anunciaconalianzalima.com/headis.php | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://anunciaconalianzalima.com/psswlwse.zip | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://sstemxehg.shop/gaks | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://30.0.4t.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://159.69.101.234/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://78.47.40.128/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://t.me/gu77xt | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://steamcommunity.com/profiles/76561199863931286 | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://45.204.197.6:8888/supershell/login | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://diamotrix.club/diamo/login.php | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://rurua.fedor-turin.ru/ | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttp://843801cm.nyashvibe.ru/external_.php | DCRat botnet C2 (confidence level: 100%) |
File
Value | Description | Copy |
---|---|---|
file192.227.247.100 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file117.72.209.44 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file113.45.228.7 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file47.96.128.129 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file111.229.217.32 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file43.252.229.158 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file121.36.53.239 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file106.75.61.100 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file1.15.34.67 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file91.199.163.56 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file92.65.104.214 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file82.156.102.187 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.61.106.46 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file110.41.131.61 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file88.238.139.221 | DarkComet botnet C2 server (confidence level: 100%) | |
file51.83.133.9 | Sliver botnet C2 server (confidence level: 100%) | |
file188.245.255.123 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.243.67.46 | DCRat botnet C2 server (confidence level: 100%) | |
file34.219.48.185 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file51.38.160.2 | Unknown malware botnet C2 server (confidence level: 100%) | |
file113.106.204.206 | Chaos botnet C2 server (confidence level: 100%) | |
file43.159.42.63 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file92.65.104.213 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file34.118.27.53 | Sliver botnet C2 server (confidence level: 90%) | |
file196.251.116.138 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file124.198.132.186 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file124.198.132.186 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file37.27.254.21 | Unknown malware botnet C2 server (confidence level: 100%) | |
file82.115.26.167 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.241.208.247 | Havoc botnet C2 server (confidence level: 100%) | |
file88.208.3.157 | Nimplant botnet C2 server (confidence level: 100%) | |
file52.78.46.140 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.108.208.162 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.110.220.76 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.100.137.234 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.110.220.73 | Unknown malware botnet C2 server (confidence level: 100%) | |
file44.204.36.169 | Unknown malware botnet C2 server (confidence level: 100%) | |
file167.235.154.101 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.195.162.232 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.72.40.30 | Unknown malware botnet C2 server (confidence level: 100%) | |
file152.42.170.82 | Unknown malware botnet C2 server (confidence level: 100%) | |
file148.230.153.56 | Unknown malware botnet C2 server (confidence level: 100%) | |
file80.79.7.219 | Unknown malware botnet C2 server (confidence level: 100%) | |
file179.43.176.3 | Remcos botnet C2 server (confidence level: 100%) | |
file192.169.69.26 | NjRAT botnet C2 server (confidence level: 100%) | |
file193.233.203.186 | Mirai botnet C2 server (confidence level: 75%) | |
file87.121.84.163 | Mirai botnet C2 server (confidence level: 75%) | |
file64.52.80.103 | Sliver botnet C2 server (confidence level: 100%) | |
file145.223.68.184 | Sliver botnet C2 server (confidence level: 100%) | |
file82.65.203.216 | Venom RAT botnet C2 server (confidence level: 100%) | |
file93.198.178.231 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file45.153.34.181 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file14.225.204.104 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file107.173.154.215 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file112.124.39.205 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file45.195.197.1 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file103.103.46.33 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file148.113.9.166 | Unknown malware botnet C2 server (confidence level: 50%) | |
file51.91.252.135 | Unknown malware botnet C2 server (confidence level: 50%) | |
file167.172.231.158 | Sliver botnet C2 server (confidence level: 50%) | |
file206.206.78.238 | Sliver botnet C2 server (confidence level: 50%) | |
file223.26.76.20 | Sliver botnet C2 server (confidence level: 50%) | |
file95.111.238.110 | Sliver botnet C2 server (confidence level: 50%) | |
file154.62.226.187 | Sliver botnet C2 server (confidence level: 50%) | |
file77.110.105.214 | Sliver botnet C2 server (confidence level: 50%) | |
file196.251.85.209 | Sliver botnet C2 server (confidence level: 50%) | |
file18.201.198.70 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file108.137.71.89 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file108.137.71.89 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file108.137.71.89 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file108.137.71.89 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file108.137.71.89 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file108.137.71.89 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file16.52.40.95 | BlackShades botnet C2 server (confidence level: 50%) | |
file16.52.40.95 | BlackShades botnet C2 server (confidence level: 50%) | |
file51.17.159.176 | BlackShades botnet C2 server (confidence level: 50%) | |
file80.209.230.191 | Unknown malware botnet C2 server (confidence level: 50%) | |
file149.210.76.119 | Ghost RAT botnet C2 server (confidence level: 50%) | |
file37.106.35.42 | Poison Ivy botnet C2 server (confidence level: 50%) | |
file118.122.8.157 | Unknown malware botnet C2 server (confidence level: 50%) | |
file27.102.138.222 | Kimsuky botnet C2 server (confidence level: 50%) | |
file24.158.32.227 | QakBot botnet C2 server (confidence level: 75%) | |
file172.65.175.19 | Remcos botnet C2 server (confidence level: 50%) | |
file94.99.34.46 | QakBot botnet C2 server (confidence level: 75%) | |
file145.223.68.184 | Sliver botnet C2 server (confidence level: 50%) | |
file145.223.68.184 | Sliver botnet C2 server (confidence level: 50%) | |
file145.223.68.184 | Sliver payload delivery server (confidence level: 50%) | |
file121.36.94.149 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file86.54.42.68 | Mirai botnet C2 server (confidence level: 100%) | |
file103.68.181.196 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file1.95.82.232 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.58.204.174 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file60.205.204.3 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.139.178.211 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file114.34.241.92 | Unknown malware botnet C2 server (confidence level: 100%) | |
file212.23.222.32 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.149.120.38 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file148.135.101.111 | Unknown malware botnet C2 server (confidence level: 100%) | |
file20.195.8.103 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.85.246.194 | Hook botnet C2 server (confidence level: 100%) | |
file192.144.179.101 | Havoc botnet C2 server (confidence level: 100%) | |
file185.203.118.105 | Havoc botnet C2 server (confidence level: 100%) | |
file13.59.93.28 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file193.5.65.117 | Chaos botnet C2 server (confidence level: 100%) | |
file1.82.253.69 | Chaos botnet C2 server (confidence level: 100%) | |
file123.57.24.157 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file166.88.164.224 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
file23.227.198.208 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file120.25.121.197 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file92.65.104.212 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.213.237.239 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.111.200.240 | Remcos botnet C2 server (confidence level: 100%) | |
file51.83.133.9 | Sliver botnet C2 server (confidence level: 100%) | |
file63.133.222.220 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file173.249.29.108 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file18.116.72.245 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.208.156.169 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file124.198.132.186 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file8.222.135.47 | Unknown malware botnet C2 server (confidence level: 100%) | |
file95.179.167.116 | Havoc botnet C2 server (confidence level: 100%) | |
file176.9.29.148 | Havoc botnet C2 server (confidence level: 100%) | |
file158.247.202.163 | Havoc botnet C2 server (confidence level: 100%) | |
file94.156.144.8 | Havoc botnet C2 server (confidence level: 100%) | |
file13.245.28.228 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file94.26.90.72 | Latrodectus botnet C2 server (confidence level: 90%) | |
file103.87.10.193 | MooBot botnet C2 server (confidence level: 100%) | |
file151.242.63.156 | Unknown RAT botnet C2 server (confidence level: 75%) | |
file159.69.101.234 | Vidar botnet C2 server (confidence level: 100%) | |
file78.47.40.128 | Vidar botnet C2 server (confidence level: 100%) | |
file91.107.162.239 | Vidar botnet C2 server (confidence level: 100%) | |
file91.99.134.60 | Vidar botnet C2 server (confidence level: 100%) | |
file196.251.88.165 | MooBot botnet C2 server (confidence level: 100%) | |
file78.142.218.142 | XWorm botnet C2 server (confidence level: 100%) | |
file24.199.93.68 | Sliver botnet C2 server (confidence level: 50%) | |
file168.119.108.110 | Sliver botnet C2 server (confidence level: 50%) | |
file23.227.203.158 | Nanocore RAT botnet C2 server (confidence level: 50%) | |
file13.60.198.129 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file193.149.176.31 | SectopRAT botnet C2 server (confidence level: 50%) | |
file64.176.54.73 | Havoc botnet C2 server (confidence level: 50%) | |
file217.119.129.92 | Unknown Stealer botnet C2 server (confidence level: 50%) | |
file120.46.212.33 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.37.25.68 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file54.91.52.238 | Sliver botnet C2 server (confidence level: 100%) | |
file107.22.116.65 | Sliver botnet C2 server (confidence level: 100%) | |
file38.54.29.25 | ShadowPad botnet C2 server (confidence level: 90%) | |
file128.90.113.229 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.138.16.192 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file159.100.9.105 | Unknown malware botnet C2 server (confidence level: 100%) | |
file193.233.113.0 | Hook botnet C2 server (confidence level: 100%) | |
file72.14.179.130 | Havoc botnet C2 server (confidence level: 100%) | |
file16.51.81.255 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file94.26.90.74 | Latrodectus botnet C2 server (confidence level: 90%) | |
file196.251.80.94 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file185.196.11.241 | ResolverRAT botnet C2 server (confidence level: 50%) | |
file149.28.137.96 | Havoc botnet C2 server (confidence level: 75%) | |
file154.247.28.115 | QakBot botnet C2 server (confidence level: 75%) | |
file45.154.1.195 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file206.238.220.24 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file67.205.163.232 | Chaos botnet C2 server (confidence level: 50%) | |
file101.72.251.65 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file182.140.222.79 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file43.132.216.81 | ValleyRAT botnet C2 server (confidence level: 100%) |
Hash
Value | Description | Copy |
---|---|---|
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8000 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash30005 | DarkComet botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | DCRat botnet C2 server (confidence level: 100%) | |
hash39931 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash10000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash47486 | Chaos botnet C2 server (confidence level: 100%) | |
hash8090 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 90%) | |
hash7777 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4444 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8008 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash2408 | Nimplant botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10010 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10010 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3334 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9205 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3391 | Remcos botnet C2 server (confidence level: 100%) | |
hash28387 | NjRAT botnet C2 server (confidence level: 100%) | |
hash3778 | Mirai botnet C2 server (confidence level: 75%) | |
hash3778 | Mirai botnet C2 server (confidence level: 75%) | |
hash80 | Sliver botnet C2 server (confidence level: 100%) | |
hash8080 | Sliver botnet C2 server (confidence level: 100%) | |
hash4444 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash81 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash4243 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash9191 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash18099 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8083 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash55000 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash9152 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash5252 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash2202 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash12252 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash6002 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash16052 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash16075 | BlackShades botnet C2 server (confidence level: 50%) | |
hash12425 | BlackShades botnet C2 server (confidence level: 50%) | |
hash11 | BlackShades botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash443 | Ghost RAT botnet C2 server (confidence level: 50%) | |
hash3460 | Poison Ivy botnet C2 server (confidence level: 50%) | |
hash10089 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Kimsuky botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 50%) | |
hash2087 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash80 | Sliver payload delivery server (confidence level: 50%) | |
hash8080 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash1995 | Mirai botnet C2 server (confidence level: 100%) | |
hash1688 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash88 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash7443 | Havoc botnet C2 server (confidence level: 100%) | |
hash10000 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8080 | Chaos botnet C2 server (confidence level: 100%) | |
hash54681 | Chaos botnet C2 server (confidence level: 100%) | |
hash9999 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash443 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8880 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8089 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | Sliver botnet C2 server (confidence level: 100%) | |
hash2222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash81 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6506 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6006 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8443 | Havoc botnet C2 server (confidence level: 100%) | |
hash7523 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 90%) | |
hash53173 | MooBot botnet C2 server (confidence level: 100%) | |
hash8041 | Unknown RAT botnet C2 server (confidence level: 75%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash59211 | MooBot botnet C2 server (confidence level: 100%) | |
hash5353 | XWorm botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash54984 | Nanocore RAT botnet C2 server (confidence level: 50%) | |
hash70 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash80 | Unknown Stealer botnet C2 server (confidence level: 50%) | |
hash1112 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash5000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8080 | Havoc botnet C2 server (confidence level: 100%) | |
hash13000 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 90%) | |
hash1912 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash56001 | ResolverRAT botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash22 | QakBot botnet C2 server (confidence level: 75%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash7777 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8080 | Chaos botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash499 | ValleyRAT botnet C2 server (confidence level: 100%) |
Threat ID: 68488af8b74e04a9958ce241
Added to database: 6/10/2025, 7:43:52 PM
Last enriched: 7/10/2025, 9:03:30 PM
Last updated: 8/16/2025, 2:29:57 AM
Views: 35
Related Threats
ThreatFox IOCs for 2025-08-15
MediumThreat Actor Profile: Interlock Ransomware
Medium'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumKawabunga, Dude, You've Been Ransomed!
MediumERMAC V3.0 Banking Trojan: Full Source Code Leak and Infrastructure Analysis
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.