ThreatFox IOCs for 2025-06-13
Severity: mediumType: malware
ThreatFox IOCs for 2025-06-13
AI Analysis
Technical Summary
The provided threat intelligence pertains to a malware-related report titled "ThreatFox IOCs for 2025-06-13," sourced from the ThreatFox MISP Feed. The threat is categorized primarily under OSINT (Open Source Intelligence), network activity, and payload delivery, indicating that it involves the collection and dissemination of indicators of compromise (IOCs) related to malware campaigns or network-based threats. The absence of specific affected versions or products suggests that this intelligence is more focused on threat detection and monitoring rather than a vulnerability in a particular software product. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, which collectively imply a moderate presence and dissemination of the threat indicators. No known exploits in the wild or patches are available, and no specific CWEs (Common Weakness Enumerations) are associated, reinforcing that this is an intelligence feed rather than a direct vulnerability or exploit. The lack of indicators in the provided data limits the granularity of technical analysis, but the classification under OSINT and payload delivery suggests that the threat involves the delivery of malicious payloads possibly through network vectors, with an emphasis on monitoring and detection rather than active exploitation. The TLP (Traffic Light Protocol) white tag indicates that the information is intended for unrestricted sharing, which is typical for OSINT feeds designed to enhance collective situational awareness among cybersecurity professionals.
Potential Impact
For European organizations, the primary impact of this threat lies in its role as a source of actionable intelligence rather than a direct attack vector. The dissemination of IOCs related to malware and network activity can enhance the ability of security teams to detect and respond to emerging threats. However, if these IOCs are incomplete or outdated, there is a risk of false negatives or delayed detection, potentially allowing malicious payloads to infiltrate networks undetected. Given the medium severity rating and the absence of known active exploits, the immediate risk to confidentiality, integrity, and availability is moderate. Nonetheless, organizations relying heavily on OSINT feeds for threat detection should ensure the integration of such intelligence into their security operations to maintain situational awareness. The lack of patches or specific vulnerable products means that traditional vulnerability management approaches are less applicable, shifting the focus to network monitoring and incident response capabilities. European entities with critical infrastructure, financial services, and government sectors may find this intelligence particularly relevant due to their high exposure to targeted malware campaigns and the strategic importance of maintaining robust threat detection mechanisms.
Mitigation Recommendations
1. Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities for malware and network-based threats. 2. Regularly update and validate OSINT feeds to ensure the relevance and accuracy of indicators, reducing false positives and negatives. 3. Employ network segmentation and strict access controls to limit the potential spread of malicious payloads detected through these indicators. 4. Conduct continuous training for security analysts on interpreting and acting upon OSINT-derived intelligence to improve response times and effectiveness. 5. Implement automated alerting mechanisms triggered by matches to ThreatFox IOCs to enable rapid incident response. 6. Collaborate with European cybersecurity information sharing communities to contextualize ThreatFox data within regional threat landscapes. 7. Since no patches are available, focus on proactive threat hunting and anomaly detection to identify novel or evolving payload delivery methods that may not yet be covered by existing IOCs.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- url: https://u6re.dezceccc.ru/zldat!voguciearvyb/
- url: https://0spw.dezceccc.ru/@3zm8siv4yqu01/
- url: https://wqngm.dezceccc.ru/t0v!rb7kxfpoxpiw/
- domain: s8os.tvknzupwbdfg.es
- domain: ug1fyhmfbjfgalckjkoq1i7mdmejkiantb82qxx7zffn9hfl5jnz.rcxpffxvge.es
- domain: b1.hashgranite.top
- domain: b1.husbandlandside.top
- domain: b1.crushedwildly.top
- domain: b1.encountergulf.world
- domain: b1.wreckermodule.life
- domain: security.gyaerdfiared.com
- domain: popcies.com
- url: https://popcies.com/shield.msi
- file: 122.10.117.18
- hash: 443
- file: 47.98.130.151
- hash: 443
- file: 38.207.178.63
- hash: 443
- file: 39.105.201.242
- hash: 443
- file: 107.175.30.227
- hash: 443
- file: 43.153.162.106
- hash: 443
- file: 47.92.141.198
- hash: 443
- file: 114.96.89.69
- hash: 443
- file: 117.72.79.68
- hash: 443
- domain: ananalyticsnodes.com
- url: http://134.209.111.11:8080/build.apk
- url: https://lemon.snapitweb.com/build.apk
- file: 82.157.8.52
- hash: 7878
- file: 110.41.152.105
- hash: 10443
- file: 121.127.231.163
- hash: 8082
- file: 121.127.231.161
- hash: 80
- file: 121.127.231.161
- hash: 8089
- file: 65.109.145.253
- hash: 443
- file: 172.94.111.195
- hash: 8848
- file: 143.92.148.183
- hash: 443
- file: 38.132.122.198
- hash: 43211
- file: 45.145.7.134
- hash: 443
- domain: jenkins.diteng.site
- file: 124.222.229.235
- hash: 8088
- file: 179.43.186.223
- hash: 5901
- file: 172.94.96.24
- hash: 8089
- file: 43.136.99.254
- hash: 60000
- file: 51.21.182.193
- hash: 8000
- file: 52.157.241.27
- hash: 80
- file: 188.166.179.219
- hash: 3333
- file: 35.222.139.203
- hash: 10443
- file: 188.213.173.207
- hash: 3333
- file: 38.179.64.254
- hash: 3333
- file: 34.93.198.148
- hash: 443
- file: 34.93.198.148
- hash: 3333
- file: 195.146.11.13
- hash: 3333
- file: 139.59.5.10
- hash: 3333
- file: 167.99.203.212
- hash: 3333
- file: 3.99.159.196
- hash: 443
- file: 193.26.115.62
- hash: 909
- file: 79.241.109.7
- hash: 81
- file: 13.233.140.193
- hash: 51117
- file: 45.137.99.191
- hash: 19000
- file: 101.126.157.9
- hash: 6666
- file: 130.250.191.35
- hash: 6565
- file: 91.107.141.66
- hash: 31337
- file: 192.95.44.36
- hash: 31337
- file: 188.132.202.45
- hash: 31337
- file: 35.184.95.33
- hash: 31337
- file: 104.161.20.163
- hash: 31337
- file: 54.67.30.185
- hash: 9020
- file: 35.177.232.236
- hash: 11112
- file: 54.67.30.185
- hash: 12220
- file: 43.201.102.238
- hash: 5858
- file: 161.97.138.238
- hash: 8888
- file: 164.92.210.147
- hash: 7443
- file: 84.46.239.239
- hash: 2083
- file: 149.210.5.144
- hash: 443
- file: 47.129.184.50
- hash: 37
- file: 62.113.59.30
- hash: 8080
- file: 51.16.244.120
- hash: 4949
- url: https://www.rucat.fedor-turin.ru/login
- url: http://121.127.231.161/
- url: http://27.106.116.66:8888/supershell/login
- url: http://server9.localstats.org/
- url: http://server14.cdneurops.buzz/
- url: http://server10.mastiakele.ae.org/
- url: http://server4.zaoshang.ru/
- url: http://server6.cdneurops.shop/
- url: https://api.telegram.org/bot7750288569:aagazuwjoyb6k4ajxvf49hldun9wkpyxopa/
- domain: as58.duckdns.org
- domain: karaka34.no-ip.org
- domain: youcefhcr.noip.me
- domain: irritaspec.xyz.parsvana-grp.biz
- domain: unemtyq.xyz
- domain: olzoxo.xyz
- domain: oblieg.xyz
- domain: myxokgc.xyz
- domain: leutjm.xyz
- domain: harmrvw.xyz
- domain: fetaokt.xyz
- domain: unlfee.xyz
- domain: tilmx.xyz
- domain: guerp.xyz
- domain: afcafe.kro.kr
- domain: dirwear.000webhostapp.com
- domain: download.uberlingen.com
- domain: hyper.cadorg.p-e.kr
- domain: jieun.dothome.co.kr
- domain: nauji.n-e.kr
- domain: nocamoto.o-r.kr
- domain: nomera.n-e.kr
- domain: onsungtong.n-e.kr
- domain: peras1.n-e.kr
- domain: update.screawear.ga
- domain: vamboo.n-e.kr
- domain: woana.n-e.kr
- domain: msgmicrosoft.com
- domain: dng-microsof-event.org
- domain: assetsmsn-micosot.org
- domain: dns-gowindows-ds.org
- domain: teamsmsg-ns.live
- domain: windows-msgas.org
- domain: windows-msg-as.org
- domain: eventsdat-amicrosoft.live
- domain: windows-msg-as.com
- domain: teams-msg-microsoft.live
- domain: dnsgowindows-ds.live
- domain: windows-msg-as.live
- domain: settings-win-data-microsoft.org
- domain: events-dat-amicrosoft.live
- domain: assets-msn.live
- domain: dns-microsofts.com
- domain: teams-msg.live
- domain: windows-ds-time.live
- domain: windowsds-time.live
- domain: assets-msn-ds.org
- domain: iarm.co.kr
- domain: teams-msg-ns.com
- domain: canismajor.mysoroush.com
- domain: swiftlymeds.com
- domain: configedge-assets.live
- domain: dnsg-windows-ds-data.com
- domain: windows-msn-cn.org
- domain: assets-msn-ds.live
- domain: teams-msg.com
- domain: silverithm-dispatch.store
- domain: settings-datamicrosoft.live
- domain: events-datamicrosoft.live
- domain: orion.mysoroush.com
- domain: configedge-assets.org
- domain: payment.mysoroush.com
- domain: events-data-microsoft.live
- domain: grupomax-api.marcalgyn.com.br
- domain: eventsdata-microsoft-live.com
- domain: dnsg-windows-ds-data.live
- domain: events-data-microsoft.com
- domain: assets-msnmicosot-ds.live
- file: 79.110.50.74
- hash: 7090
- domain: appmacintosh.com
- file: 51.21.190.246
- hash: 9001
- file: 216.9.224.122
- hash: 14088
- file: 216.9.224.122
- hash: 14089
- file: 216.9.224.122
- hash: 14098
- file: 216.9.224.122
- hash: 14099
- file: 112.74.74.107
- hash: 443
- file: 113.44.89.172
- hash: 80
- file: 38.55.129.85
- hash: 80
- file: 38.55.129.85
- hash: 8082
- file: 1.15.64.49
- hash: 443
- file: 193.134.209.130
- hash: 8888
- file: 152.42.228.180
- hash: 8888
- file: 128.90.113.239
- hash: 8808
- file: 144.91.92.251
- hash: 8808
- file: 5.253.59.185
- hash: 4449
- file: 101.43.91.234
- hash: 8880
- file: 94.232.40.129
- hash: 80
- file: 54.176.71.134
- hash: 11112
- file: 115.187.41.77
- hash: 80
- file: 89.41.26.181
- hash: 43211
- file: 147.185.221.29
- hash: 17532
- file: 185.204.168.16
- hash: 4782
- file: 154.62.226.187
- hash: 8888
- file: 213.190.81.19
- hash: 443
- file: 218.255.179.148
- hash: 47097
- domain: psedrfjygyugyufyt.duckdns.org
- file: 87.117.2.29
- hash: 1337
- domain: shadow.steelpanman.com
- domain: tonicables.top
- domain: mail.tonicables.top
- file: 185.244.151.84
- hash: 587
- file: 155.94.155.214
- hash: 8849
- file: 115.187.41.77
- hash: 7000
- url: https://ledger.ftp4cbc.com/
- url: https://ledger.ftp4cbc.com/ledger-setup/view.clientsetup.exe
- domain: i58fca.com
- file: 216.155.139.132
- hash: 8041
- url: http://185.82.218.145/fumade.php
- url: https://tools-booster.com/
- url: https://filedn.eu/lhbiintdoiruvcbqhkbv6mu/s.txt
- url: https://filedn.eu/lhbiintdoiruvcbqhkbv6mu/package.zip
- url: http://185.82.218.145/index.php
- url: https://dropthefile.com/cloudflare
- url: https://dropthefile.com/msedge.exe
- url: https://dropthefile.com/driver.a3x
- file: 107.172.232.84
- hash: 2468
- url: https://axetrade-capital.com/
- domain: wershishir.duckdns.org
- file: 216.250.253.8
- hash: 2429
- url: https://stealer.cy/psc?uid=12
- url: https://stealer.cy/py-captcha?uid=12
- url: https://stealer.cy/static/packaged_py.zip
- file: 107.172.232.83
- hash: 4190
- url: https://birdeemusic.com/diagnostics.php
- url: http://saftyplace.com/15151.txt
- url: https://verif.submub.xyz/
- url: http://94.159.105.149/verifed.txt
- url: https://91.212.166.204/
- url: http://91.212.166.204/7564243512.txt
- url: http://91.212.166.204/twinkle.exe
- url: https://tradewithbridges.net/
- url: https://dropthefile.com/recaptcha
- domain: wmieventlogonlinehelp.duckdns.org
- domain: ktsol.help
- url: https://saokwe.xyz/plxa/api
- file: 47.97.102.95
- hash: 8080
- file: 124.71.110.163
- hash: 12150
- file: 154.9.227.175
- hash: 8808
- file: 60.204.222.186
- hash: 443
- file: 121.167.147.80
- hash: 10000
- file: 167.71.212.18
- hash: 3333
- file: 176.82.216.124
- hash: 6000
- url: http://server16.cdneurops.shop/
- url: http://server1.cdneurops.health/
- domain: jblaki.duckdns.org
- domain: jblakibk.duckdns.org
- domain: quanthic.cloud
- domain: www.vesglobal.org
- file: 47.97.154.223
- hash: 80
- file: 1.94.118.247
- hash: 80
- file: 106.14.75.102
- hash: 80
- file: 115.175.33.14
- hash: 80
- file: 82.156.102.187
- hash: 80
- file: 115.190.77.251
- hash: 443
- file: 118.31.0.235
- hash: 443
- file: 118.31.168.158
- hash: 9999
- file: 121.43.209.81
- hash: 8888
- file: 111.230.111.45
- hash: 80
- file: 39.99.235.147
- hash: 443
- file: 45.86.163.183
- hash: 80
- file: 13.78.86.133
- hash: 8080
- file: 94.156.177.121
- hash: 9000
- file: 196.251.66.21
- hash: 222
- file: 128.90.113.239
- hash: 1018
- file: 45.138.16.192
- hash: 6606
- file: 45.138.16.192
- hash: 7707
- file: 77.90.153.249
- hash: 443
- file: 119.45.25.207
- hash: 8443
- file: 102.117.162.215
- hash: 7443
- file: 121.127.231.198
- hash: 8082
- file: 45.155.69.107
- hash: 443
- file: 62.102.148.131
- hash: 59394
- file: 47.121.136.191
- hash: 443
- file: 39.108.79.95
- hash: 3389
- file: 151.236.16.111
- hash: 724
- url: https://api.telegram.org/bot7582984790:aafnoqnxwabd5rluhnbrakwomifcbnleb2s/sendmessage?chat_id=
- url: https://api.telegram.org/bot7622063138:aaf_zxwxu7ng9xtake0rq4oocsc1560u_fi/sendmessage?chat_id=
- url: https://api.telegram.org/bot6010484967:aaguu_cft6xz4n2pmy1ytjpay6zohat2eak/sendmessage?chat_id=
- url: https://app.qms2go.com/ajaxaction
- domain: app.qms2go.com
- file: 95.169.180.239
- hash: 443
- url: https://universaltechnology.top/lsg/track.js
- domain: universaltechnology.top
- url: https://universaltechnology.top/lsg/index.js
- url: https://northwindimmigration.com/head.php
- url: https://northwindimmigration.com/mwiszsws.zip
- domain: northwindimmigration.com
- url: http://sgbusibo.beget.tech/e93e9f80.php
- file: 47.98.151.171
- hash: 80
- file: 118.178.190.87
- hash: 8888
- file: 43.138.193.228
- hash: 9090
- file: 92.119.114.76
- hash: 6025
- file: 196.251.83.210
- hash: 5000
- file: 45.141.233.239
- hash: 443
- file: 128.90.113.17
- hash: 8808
- file: 196.251.66.21
- hash: 4444
- file: 213.209.143.170
- hash: 4443
- file: 121.127.231.163
- hash: 80
- file: 196.251.114.4
- hash: 4000
- file: 20.17.96.220
- hash: 60000
- file: 146.190.110.91
- hash: 3389
- file: 104.249.26.240
- hash: 9090
- domain: football-wonder.gl.at.ply.gg
- domain: nadine21347-42251.portmap.io
- file: 193.26.115.138
- hash: 1337
- file: 207.167.64.24
- hash: 5058
- file: 8.212.56.13
- hash: 53
- domain: iyrdadxx.ddns.net
- file: 104.245.104.22
- hash: 7077
- domain: mariocar1406.duckdns.org
- domain: procesoexitos1.duckdns.org
- domain: informesespeciales123.duckdns.org
- domain: newrecaerga1.duckdns.org
- domain: companianuevoano.duckdns.org
- domain: estreno1-caso.duckdns.org
- domain: warzones12.duckdns.org
- file: 124.198.132.191
- hash: 1520
- domain: soskaxasy.duckdns.org
- domain: something-newfoundland.gl.at.ply.gg
- file: 47.109.48.57
- hash: 443
- file: 101.133.229.117
- hash: 18089
- file: 159.75.240.74
- hash: 6443
- file: 27.124.34.90
- hash: 6665
- file: 121.127.231.198
- hash: 80
- file: 154.90.54.98
- hash: 50555
- file: 194.26.192.127
- hash: 443
- file: 89.41.26.187
- hash: 43211
- file: 94.198.52.210
- hash: 3043
- file: 102.156.230.175
- hash: 443
- file: 189.140.11.205
- hash: 443
- file: 45.207.197.50
- hash: 31001
- file: 99.83.154.161
- hash: 443
- file: 18.205.24.126
- hash: 443
- url: http://cb74197.tw1.ru/9e49cc06.php
ThreatFox IOCs for 2025-06-13
Medium
Published: Fri Jun 13 2025 (06/13/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-06-13
AI-Powered Analysis
AILast updated: 06/14/2025, 00:34:30 UTC
Technical Analysis
The provided threat intelligence pertains to a malware-related report titled "ThreatFox IOCs for 2025-06-13," sourced from the ThreatFox MISP Feed. The threat is categorized primarily under OSINT (Open Source Intelligence), network activity, and payload delivery, indicating that it involves the collection and dissemination of indicators of compromise (IOCs) related to malware campaigns or network-based threats. The absence of specific affected versions or products suggests that this intelligence is more focused on threat detection and monitoring rather than a vulnerability in a particular software product. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, which collectively imply a moderate presence and dissemination of the threat indicators. No known exploits in the wild or patches are available, and no specific CWEs (Common Weakness Enumerations) are associated, reinforcing that this is an intelligence feed rather than a direct vulnerability or exploit. The lack of indicators in the provided data limits the granularity of technical analysis, but the classification under OSINT and payload delivery suggests that the threat involves the delivery of malicious payloads possibly through network vectors, with an emphasis on monitoring and detection rather than active exploitation. The TLP (Traffic Light Protocol) white tag indicates that the information is intended for unrestricted sharing, which is typical for OSINT feeds designed to enhance collective situational awareness among cybersecurity professionals.
Potential Impact
For European organizations, the primary impact of this threat lies in its role as a source of actionable intelligence rather than a direct attack vector. The dissemination of IOCs related to malware and network activity can enhance the ability of security teams to detect and respond to emerging threats. However, if these IOCs are incomplete or outdated, there is a risk of false negatives or delayed detection, potentially allowing malicious payloads to infiltrate networks undetected. Given the medium severity rating and the absence of known active exploits, the immediate risk to confidentiality, integrity, and availability is moderate. Nonetheless, organizations relying heavily on OSINT feeds for threat detection should ensure the integration of such intelligence into their security operations to maintain situational awareness. The lack of patches or specific vulnerable products means that traditional vulnerability management approaches are less applicable, shifting the focus to network monitoring and incident response capabilities. European entities with critical infrastructure, financial services, and government sectors may find this intelligence particularly relevant due to their high exposure to targeted malware campaigns and the strategic importance of maintaining robust threat detection mechanisms.
Mitigation Recommendations
1. Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities for malware and network-based threats. 2. Regularly update and validate OSINT feeds to ensure the relevance and accuracy of indicators, reducing false positives and negatives. 3. Employ network segmentation and strict access controls to limit the potential spread of malicious payloads detected through these indicators. 4. Conduct continuous training for security analysts on interpreting and acting upon OSINT-derived intelligence to improve response times and effectiveness. 5. Implement automated alerting mechanisms triggered by matches to ThreatFox IOCs to enable rapid incident response. 6. Collaborate with European cybersecurity information sharing communities to contextualize ThreatFox data within regional threat landscapes. 7. Since no patches are available, focus on proactive threat hunting and anomaly detection to identify novel or evolving payload delivery methods that may not yet be covered by existing IOCs.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 5cdc7025-7269-4961-b903-ade560d04caf
- Original Timestamp
- 1749859386
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://u6re.dezceccc.ru/zldat!voguciearvyb/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://0spw.dezceccc.ru/@3zm8siv4yqu01/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://wqngm.dezceccc.ru/t0v!rb7kxfpoxpiw/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://popcies.com/shield.msi | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://134.209.111.11:8080/build.apk | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://lemon.snapitweb.com/build.apk | Unknown malware botnet C2 (confidence level: 75%) | |
urlhttps://www.rucat.fedor-turin.ru/login | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttp://121.127.231.161/ | Hook botnet C2 (confidence level: 50%) | |
urlhttp://27.106.116.66:8888/supershell/login | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://server9.localstats.org/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttp://server14.cdneurops.buzz/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttp://server10.mastiakele.ae.org/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttp://server4.zaoshang.ru/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttp://server6.cdneurops.shop/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://api.telegram.org/bot7750288569:aagazuwjoyb6k4ajxvf49hldun9wkpyxopa/ | Agent Tesla botnet C2 (confidence level: 50%) | |
urlhttps://ledger.ftp4cbc.com/ | Unknown RAT payload delivery URL (confidence level: 50%) | |
urlhttps://ledger.ftp4cbc.com/ledger-setup/view.clientsetup.exe | Unknown RAT payload delivery URL (confidence level: 50%) | |
urlhttp://185.82.218.145/fumade.php | Koi Stealer botnet C2 (confidence level: 100%) | |
urlhttps://tools-booster.com/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://filedn.eu/lhbiintdoiruvcbqhkbv6mu/s.txt | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://filedn.eu/lhbiintdoiruvcbqhkbv6mu/package.zip | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttp://185.82.218.145/index.php | Koi Stealer botnet C2 (confidence level: 100%) | |
urlhttps://dropthefile.com/cloudflare | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://dropthefile.com/msedge.exe | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://dropthefile.com/driver.a3x | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://axetrade-capital.com/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://stealer.cy/psc?uid=12 | Unknown Stealer payload delivery URL (confidence level: 50%) | |
urlhttps://stealer.cy/py-captcha?uid=12 | Unknown Stealer payload delivery URL (confidence level: 50%) | |
urlhttps://stealer.cy/static/packaged_py.zip | Unknown Stealer payload delivery URL (confidence level: 50%) | |
urlhttps://birdeemusic.com/diagnostics.php | Satacom botnet C2 (confidence level: 100%) | |
urlhttp://saftyplace.com/15151.txt | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://verif.submub.xyz/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttp://94.159.105.149/verifed.txt | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://91.212.166.204/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttp://91.212.166.204/7564243512.txt | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttp://91.212.166.204/twinkle.exe | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://tradewithbridges.net/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://dropthefile.com/recaptcha | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://saokwe.xyz/plxa/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://server16.cdneurops.shop/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttp://server1.cdneurops.health/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://api.telegram.org/bot7582984790:aafnoqnxwabd5rluhnbrakwomifcbnleb2s/sendmessage?chat_id= | Stealerium botnet C2 (confidence level: 50%) | |
urlhttps://api.telegram.org/bot7622063138:aaf_zxwxu7ng9xtake0rq4oocsc1560u_fi/sendmessage?chat_id= | Stealerium botnet C2 (confidence level: 50%) | |
urlhttps://api.telegram.org/bot6010484967:aaguu_cft6xz4n2pmy1ytjpay6zohat2eak/sendmessage?chat_id= | Stealerium botnet C2 (confidence level: 50%) | |
urlhttps://app.qms2go.com/ajaxaction | FAKEUPDATES botnet C2 (confidence level: 100%) | |
urlhttps://universaltechnology.top/lsg/track.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://universaltechnology.top/lsg/index.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://northwindimmigration.com/head.php | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://northwindimmigration.com/mwiszsws.zip | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttp://sgbusibo.beget.tech/e93e9f80.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://cb74197.tw1.ru/9e49cc06.php | DCRat botnet C2 (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domains8os.tvknzupwbdfg.es | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainug1fyhmfbjfgalckjkoq1i7mdmejkiantb82qxx7zffn9hfl5jnz.rcxpffxvge.es | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainb1.hashgranite.top | ACR Stealer botnet C2 domain (confidence level: 75%) | |
domainb1.husbandlandside.top | ACR Stealer botnet C2 domain (confidence level: 75%) | |
domainb1.crushedwildly.top | ACR Stealer botnet C2 domain (confidence level: 75%) | |
domainb1.encountergulf.world | ACR Stealer botnet C2 domain (confidence level: 75%) | |
domainb1.wreckermodule.life | ACR Stealer botnet C2 domain (confidence level: 75%) | |
domainsecurity.gyaerdfiared.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainpopcies.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainananalyticsnodes.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainjenkins.diteng.site | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainas58.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainkaraka34.no-ip.org | DarkComet botnet C2 domain (confidence level: 50%) | |
domainyoucefhcr.noip.me | NjRAT botnet C2 domain (confidence level: 50%) | |
domainirritaspec.xyz.parsvana-grp.biz | Remcos botnet C2 domain (confidence level: 50%) | |
domainunemtyq.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainolzoxo.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainoblieg.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainmyxokgc.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainleutjm.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainharmrvw.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainfetaokt.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainunlfee.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaintilmx.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainguerp.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainafcafe.kro.kr | Kimsuky botnet C2 domain (confidence level: 50%) | |
domaindirwear.000webhostapp.com | Kimsuky botnet C2 domain (confidence level: 50%) | |
domaindownload.uberlingen.com | Kimsuky botnet C2 domain (confidence level: 50%) | |
domainhyper.cadorg.p-e.kr | Kimsuky botnet C2 domain (confidence level: 50%) | |
domainjieun.dothome.co.kr | Kimsuky botnet C2 domain (confidence level: 50%) | |
domainnauji.n-e.kr | Kimsuky botnet C2 domain (confidence level: 50%) | |
domainnocamoto.o-r.kr | Kimsuky botnet C2 domain (confidence level: 50%) | |
domainnomera.n-e.kr | Kimsuky botnet C2 domain (confidence level: 50%) | |
domainonsungtong.n-e.kr | Kimsuky botnet C2 domain (confidence level: 50%) | |
domainperas1.n-e.kr | Kimsuky botnet C2 domain (confidence level: 50%) | |
domainupdate.screawear.ga | Kimsuky botnet C2 domain (confidence level: 50%) | |
domainvamboo.n-e.kr | Kimsuky botnet C2 domain (confidence level: 50%) | |
domainwoana.n-e.kr | Kimsuky botnet C2 domain (confidence level: 50%) | |
domainmsgmicrosoft.com | Interlock botnet C2 domain (confidence level: 50%) | |
domaindng-microsof-event.org | Interlock botnet C2 domain (confidence level: 50%) | |
domainassetsmsn-micosot.org | Interlock botnet C2 domain (confidence level: 50%) | |
domaindns-gowindows-ds.org | Interlock botnet C2 domain (confidence level: 50%) | |
domainteamsmsg-ns.live | Interlock botnet C2 domain (confidence level: 50%) | |
domainwindows-msgas.org | Interlock botnet C2 domain (confidence level: 50%) | |
domainwindows-msg-as.org | Interlock botnet C2 domain (confidence level: 50%) | |
domaineventsdat-amicrosoft.live | Interlock botnet C2 domain (confidence level: 50%) | |
domainwindows-msg-as.com | Interlock botnet C2 domain (confidence level: 50%) | |
domainteams-msg-microsoft.live | Interlock botnet C2 domain (confidence level: 50%) | |
domaindnsgowindows-ds.live | Interlock botnet C2 domain (confidence level: 50%) | |
domainwindows-msg-as.live | Interlock botnet C2 domain (confidence level: 50%) | |
domainsettings-win-data-microsoft.org | Interlock botnet C2 domain (confidence level: 50%) | |
domainevents-dat-amicrosoft.live | Interlock botnet C2 domain (confidence level: 50%) | |
domainassets-msn.live | Interlock botnet C2 domain (confidence level: 50%) | |
domaindns-microsofts.com | Interlock botnet C2 domain (confidence level: 50%) | |
domainteams-msg.live | Interlock botnet C2 domain (confidence level: 50%) | |
domainwindows-ds-time.live | Interlock botnet C2 domain (confidence level: 50%) | |
domainwindowsds-time.live | Interlock botnet C2 domain (confidence level: 50%) | |
domainassets-msn-ds.org | Interlock botnet C2 domain (confidence level: 50%) | |
domainiarm.co.kr | Interlock botnet C2 domain (confidence level: 50%) | |
domainteams-msg-ns.com | Interlock botnet C2 domain (confidence level: 50%) | |
domaincanismajor.mysoroush.com | Interlock botnet C2 domain (confidence level: 50%) | |
domainswiftlymeds.com | Interlock botnet C2 domain (confidence level: 50%) | |
domainconfigedge-assets.live | Interlock botnet C2 domain (confidence level: 50%) | |
domaindnsg-windows-ds-data.com | Interlock botnet C2 domain (confidence level: 50%) | |
domainwindows-msn-cn.org | Interlock botnet C2 domain (confidence level: 50%) | |
domainassets-msn-ds.live | Interlock botnet C2 domain (confidence level: 50%) | |
domainteams-msg.com | Interlock botnet C2 domain (confidence level: 50%) | |
domainsilverithm-dispatch.store | Interlock botnet C2 domain (confidence level: 50%) | |
domainsettings-datamicrosoft.live | Interlock botnet C2 domain (confidence level: 50%) | |
domainevents-datamicrosoft.live | Interlock botnet C2 domain (confidence level: 50%) | |
domainorion.mysoroush.com | Interlock botnet C2 domain (confidence level: 50%) | |
domainconfigedge-assets.org | Interlock botnet C2 domain (confidence level: 50%) | |
domainpayment.mysoroush.com | Interlock botnet C2 domain (confidence level: 50%) | |
domainevents-data-microsoft.live | Interlock botnet C2 domain (confidence level: 50%) | |
domaingrupomax-api.marcalgyn.com.br | Interlock botnet C2 domain (confidence level: 50%) | |
domaineventsdata-microsoft-live.com | Interlock botnet C2 domain (confidence level: 50%) | |
domaindnsg-windows-ds-data.live | Interlock botnet C2 domain (confidence level: 50%) | |
domainevents-data-microsoft.com | Interlock botnet C2 domain (confidence level: 50%) | |
domainassets-msnmicosot-ds.live | Interlock botnet C2 domain (confidence level: 50%) | |
domainappmacintosh.com | AMOS payload delivery domain (confidence level: 75%) | |
domainpsedrfjygyugyufyt.duckdns.org | ArrowRAT botnet C2 domain (confidence level: 100%) | |
domainshadow.steelpanman.com | XWorm botnet C2 domain (confidence level: 100%) | |
domaintonicables.top | VIP Keylogger botnet C2 domain (confidence level: 100%) | |
domainmail.tonicables.top | VIP Keylogger botnet C2 domain (confidence level: 100%) | |
domaini58fca.com | Unknown RAT botnet C2 domain (confidence level: 50%) | |
domainwershishir.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainwmieventlogonlinehelp.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainktsol.help | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainjblaki.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainjblakibk.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainquanthic.cloud | Unknown malware payload delivery domain (confidence level: 50%) | |
domainwww.vesglobal.org | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainapp.qms2go.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainuniversaltechnology.top | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainnorthwindimmigration.com | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainfootball-wonder.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainnadine21347-42251.portmap.io | XWorm botnet C2 domain (confidence level: 100%) | |
domainiyrdadxx.ddns.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainmariocar1406.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainprocesoexitos1.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaininformesespeciales123.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainnewrecaerga1.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaincompanianuevoano.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainestreno1-caso.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainwarzones12.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainsoskaxasy.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainsomething-newfoundland.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file122.10.117.18 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file47.98.130.151 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.207.178.63 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file39.105.201.242 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file107.175.30.227 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file43.153.162.106 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file47.92.141.198 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file114.96.89.69 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file117.72.79.68 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file82.157.8.52 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file110.41.152.105 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.127.231.163 | Hook botnet C2 server (confidence level: 100%) | |
file121.127.231.161 | Hook botnet C2 server (confidence level: 100%) | |
file121.127.231.161 | Hook botnet C2 server (confidence level: 100%) | |
file65.109.145.253 | Havoc botnet C2 server (confidence level: 100%) | |
file172.94.111.195 | DCRat botnet C2 server (confidence level: 100%) | |
file143.92.148.183 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file38.132.122.198 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file45.145.7.134 | Unknown Stealer payload delivery server (confidence level: 75%) | |
file124.222.229.235 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file179.43.186.223 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.94.96.24 | Hook botnet C2 server (confidence level: 100%) | |
file43.136.99.254 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.21.182.193 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.157.241.27 | Unknown malware botnet C2 server (confidence level: 100%) | |
file188.166.179.219 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.222.139.203 | Unknown malware botnet C2 server (confidence level: 100%) | |
file188.213.173.207 | Unknown malware botnet C2 server (confidence level: 100%) | |
file38.179.64.254 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.93.198.148 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.93.198.148 | Unknown malware botnet C2 server (confidence level: 100%) | |
file195.146.11.13 | Unknown malware botnet C2 server (confidence level: 100%) | |
file139.59.5.10 | Unknown malware botnet C2 server (confidence level: 100%) | |
file167.99.203.212 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.99.159.196 | Unknown malware botnet C2 server (confidence level: 100%) | |
file193.26.115.62 | Remcos botnet C2 server (confidence level: 100%) | |
file79.241.109.7 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.233.140.193 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file45.137.99.191 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file101.126.157.9 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file130.250.191.35 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file91.107.141.66 | Sliver botnet C2 server (confidence level: 50%) | |
file192.95.44.36 | Sliver botnet C2 server (confidence level: 50%) | |
file188.132.202.45 | Sliver botnet C2 server (confidence level: 50%) | |
file35.184.95.33 | Sliver botnet C2 server (confidence level: 50%) | |
file104.161.20.163 | Sliver botnet C2 server (confidence level: 50%) | |
file54.67.30.185 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file35.177.232.236 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file54.67.30.185 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file43.201.102.238 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file161.97.138.238 | Unknown malware botnet C2 server (confidence level: 50%) | |
file164.92.210.147 | Unknown malware botnet C2 server (confidence level: 50%) | |
file84.46.239.239 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
file149.210.5.144 | Ghost RAT botnet C2 server (confidence level: 50%) | |
file47.129.184.50 | BlackShades botnet C2 server (confidence level: 50%) | |
file62.113.59.30 | Havoc botnet C2 server (confidence level: 50%) | |
file51.16.244.120 | Unknown malware botnet C2 server (confidence level: 50%) | |
file79.110.50.74 | Remcos botnet C2 server (confidence level: 75%) | |
file51.21.190.246 | Sliver botnet C2 server (confidence level: 50%) | |
file216.9.224.122 | Remcos botnet C2 server (confidence level: 75%) | |
file216.9.224.122 | Remcos botnet C2 server (confidence level: 75%) | |
file216.9.224.122 | Remcos botnet C2 server (confidence level: 75%) | |
file216.9.224.122 | Remcos botnet C2 server (confidence level: 75%) | |
file112.74.74.107 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file113.44.89.172 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.55.129.85 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.55.129.85 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.15.64.49 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file193.134.209.130 | Unknown malware botnet C2 server (confidence level: 100%) | |
file152.42.228.180 | Unknown malware botnet C2 server (confidence level: 100%) | |
file128.90.113.239 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file144.91.92.251 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file5.253.59.185 | Venom RAT botnet C2 server (confidence level: 100%) | |
file101.43.91.234 | Venom RAT botnet C2 server (confidence level: 100%) | |
file94.232.40.129 | Venom RAT botnet C2 server (confidence level: 100%) | |
file54.176.71.134 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file115.187.41.77 | XWorm botnet C2 server (confidence level: 100%) | |
file89.41.26.181 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file147.185.221.29 | NjRAT botnet C2 server (confidence level: 100%) | |
file185.204.168.16 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file154.62.226.187 | Sliver botnet C2 server (confidence level: 75%) | |
file213.190.81.19 | Sliver botnet C2 server (confidence level: 75%) | |
file218.255.179.148 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file87.117.2.29 | ArrowRAT botnet C2 server (confidence level: 75%) | |
file185.244.151.84 | VIP Keylogger botnet C2 server (confidence level: 75%) | |
file155.94.155.214 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file115.187.41.77 | XWorm botnet C2 server (confidence level: 100%) | |
file216.155.139.132 | Unknown RAT botnet C2 server (confidence level: 50%) | |
file107.172.232.84 | Unknown RAT botnet C2 server (confidence level: 75%) | |
file216.250.253.8 | Remcos botnet C2 server (confidence level: 75%) | |
file107.172.232.83 | Remcos botnet C2 server (confidence level: 75%) | |
file47.97.102.95 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file124.71.110.163 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file154.9.227.175 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file60.204.222.186 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file121.167.147.80 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file167.71.212.18 | Unknown malware botnet C2 server (confidence level: 50%) | |
file176.82.216.124 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file47.97.154.223 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.94.118.247 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.14.75.102 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file115.175.33.14 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file82.156.102.187 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file115.190.77.251 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.31.0.235 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.31.168.158 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.43.209.81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.230.111.45 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.99.235.147 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.86.163.183 | Unknown RAT botnet C2 server (confidence level: 100%) | |
file13.78.86.133 | Sliver botnet C2 server (confidence level: 100%) | |
file94.156.177.121 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.66.21 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.113.239 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.138.16.192 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.138.16.192 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file77.90.153.249 | Latrodectus botnet C2 server (confidence level: 90%) | |
file119.45.25.207 | Unknown malware botnet C2 server (confidence level: 100%) | |
file102.117.162.215 | Unknown malware botnet C2 server (confidence level: 100%) | |
file121.127.231.198 | Hook botnet C2 server (confidence level: 100%) | |
file45.155.69.107 | Havoc botnet C2 server (confidence level: 100%) | |
file62.102.148.131 | Orcus RAT botnet C2 server (confidence level: 100%) | |
file47.121.136.191 | Unknown malware botnet C2 server (confidence level: 100%) | |
file39.108.79.95 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file151.236.16.111 | BianLian botnet C2 server (confidence level: 100%) | |
file95.169.180.239 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
file47.98.151.171 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.178.190.87 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.138.193.228 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file92.119.114.76 | Remcos botnet C2 server (confidence level: 100%) | |
file196.251.83.210 | Remcos botnet C2 server (confidence level: 100%) | |
file45.141.233.239 | Latrodectus botnet C2 server (confidence level: 90%) | |
file128.90.113.17 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.66.21 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file213.209.143.170 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file121.127.231.163 | Hook botnet C2 server (confidence level: 100%) | |
file196.251.114.4 | Unknown malware botnet C2 server (confidence level: 100%) | |
file20.17.96.220 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file146.190.110.91 | XWorm botnet C2 server (confidence level: 100%) | |
file104.249.26.240 | XWorm botnet C2 server (confidence level: 100%) | |
file193.26.115.138 | XWorm botnet C2 server (confidence level: 100%) | |
file207.167.64.24 | Mirai botnet C2 server (confidence level: 100%) | |
file8.212.56.13 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file104.245.104.22 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file124.198.132.191 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file47.109.48.57 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.133.229.117 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file159.75.240.74 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file27.124.34.90 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file121.127.231.198 | Hook botnet C2 server (confidence level: 100%) | |
file154.90.54.98 | Hook botnet C2 server (confidence level: 100%) | |
file194.26.192.127 | Nimplant botnet C2 server (confidence level: 100%) | |
file89.41.26.187 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file94.198.52.210 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file102.156.230.175 | QakBot botnet C2 server (confidence level: 75%) | |
file189.140.11.205 | QakBot botnet C2 server (confidence level: 75%) | |
file45.207.197.50 | Havoc botnet C2 server (confidence level: 75%) | |
file99.83.154.161 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file18.205.24.126 | Meterpreter botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash7878 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash10443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash43211 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash443 | Unknown Stealer payload delivery server (confidence level: 75%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5901 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash909 | Remcos botnet C2 server (confidence level: 100%) | |
hash81 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash51117 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash19000 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash6565 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash9020 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash11112 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash12220 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash5858 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash2083 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
hash443 | Ghost RAT botnet C2 server (confidence level: 50%) | |
hash37 | BlackShades botnet C2 server (confidence level: 50%) | |
hash8080 | Havoc botnet C2 server (confidence level: 50%) | |
hash4949 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash7090 | Remcos botnet C2 server (confidence level: 75%) | |
hash9001 | Sliver botnet C2 server (confidence level: 50%) | |
hash14088 | Remcos botnet C2 server (confidence level: 75%) | |
hash14089 | Remcos botnet C2 server (confidence level: 75%) | |
hash14098 | Remcos botnet C2 server (confidence level: 75%) | |
hash14099 | Remcos botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8082 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8880 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash80 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash11112 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | XWorm botnet C2 server (confidence level: 100%) | |
hash43211 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash17532 | NjRAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 75%) | |
hash47097 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash1337 | ArrowRAT botnet C2 server (confidence level: 75%) | |
hash587 | VIP Keylogger botnet C2 server (confidence level: 75%) | |
hash8849 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash8041 | Unknown RAT botnet C2 server (confidence level: 50%) | |
hash2468 | Unknown RAT botnet C2 server (confidence level: 75%) | |
hash2429 | Remcos botnet C2 server (confidence level: 75%) | |
hash4190 | Remcos botnet C2 server (confidence level: 75%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash12150 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8808 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash10000 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash6000 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Unknown RAT botnet C2 server (confidence level: 100%) | |
hash8080 | Sliver botnet C2 server (confidence level: 100%) | |
hash9000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1018 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 90%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash59394 | Orcus RAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3389 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash724 | BianLian botnet C2 server (confidence level: 100%) | |
hash443 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9090 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6025 | Remcos botnet C2 server (confidence level: 100%) | |
hash5000 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 90%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4444 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4443 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash4000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash3389 | XWorm botnet C2 server (confidence level: 100%) | |
hash9090 | XWorm botnet C2 server (confidence level: 100%) | |
hash1337 | XWorm botnet C2 server (confidence level: 100%) | |
hash5058 | Mirai botnet C2 server (confidence level: 100%) | |
hash53 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash7077 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1520 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash18089 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6665 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash50555 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Nimplant botnet C2 server (confidence level: 100%) | |
hash43211 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash3043 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash31001 | Havoc botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Meterpreter botnet C2 server (confidence level: 75%) |
Threat ID: 684cc003a8c9212743811543
Added to database: 6/14/2025, 12:19:16 AM
Last enriched: 6/14/2025, 12:34:30 AM
Last updated: 6/14/2025, 1:30:33 AM
Views: 1
Related Threats
Graphite Caught: First Forensic Confirmation of Paragon's iOS Mercenary Spyware Finds Journalists Targeted
MediumMalwareFri Jun 13 2025
Know thyself, know thy environment
MediumMalwareFri Jun 13 2025
What is the Real Relationship between WordPress Hackers and Malicious Adtech?
MediumMalwareFri Jun 13 2025
Beware of AI Pickpockets: Pickai Backdoor Spreading Through ComfyUI Vulnerability
MediumMalwareFri Jun 13 2025
Understanding CyberEYE RAT Builder: Capabilities and Implications
MediumMalwareFri Jun 13 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.