Skip to main content

ThreatFox IOCs for 2025-06-16

Medium
Published: Mon Jun 16 2025 (06/16/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-06-16

AI-Powered Analysis

AILast updated: 06/17/2025, 00:34:35 UTC

Technical Analysis

The provided threat information pertains to a set of Indicators of Compromise (IOCs) published on June 16, 2025, by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence) related activities. The threat is described as involving payload delivery and network activity, indicating that it likely relates to the mechanisms by which malicious payloads are distributed or executed within a network environment. However, no specific affected software versions or products are identified, and no known exploits are currently reported in the wild. The threat level is indicated as 2 on an unspecified scale, with analysis and distribution scores suggesting moderate concern. The absence of patch availability and lack of CWE (Common Weakness Enumeration) identifiers imply that this threat may not be tied to a specific vulnerability but rather to observable malicious behaviors or infrastructure used for payload delivery. The TLP (Traffic Light Protocol) classification as white suggests that the information is intended for unrestricted sharing, which aligns with the OSINT nature of the threat. Overall, this threat appears to be a collection of IOCs related to malware delivery and network activity, useful primarily for detection and monitoring rather than indicating an active exploit targeting a specific vulnerability or product.

Potential Impact

For European organizations, the impact of this threat primarily revolves around the potential for malware infiltration through network-based payload delivery mechanisms. Since the threat is associated with OSINT and network activity, it may be leveraged by attackers to identify vulnerable entry points or to distribute malicious payloads within corporate or governmental networks. The lack of specific affected products or versions limits the ability to pinpoint direct technical impacts; however, organizations could face risks including unauthorized access, data exfiltration, or disruption of services if these IOCs correspond to active malware campaigns. Given the medium severity rating and absence of known exploits, the immediate risk may be moderate, but the threat could serve as an early warning for emerging malware distribution tactics. European entities with extensive network infrastructures or those involved in critical sectors such as finance, energy, or government may be particularly sensitive to such network-based threats, as successful payload delivery could compromise confidentiality, integrity, or availability of critical systems.

Mitigation Recommendations

1. Integrate the provided IOCs into existing security monitoring tools such as SIEM (Security Information and Event Management) and IDS/IPS (Intrusion Detection/Prevention Systems) to enhance detection capabilities for related network activity and payload delivery attempts. 2. Conduct regular network traffic analysis focusing on unusual or suspicious payload delivery patterns, especially those matching the characteristics described in the threat intelligence. 3. Employ network segmentation to limit the lateral movement potential of malware if payload delivery is successful. 4. Enhance endpoint detection and response (EDR) solutions to identify and contain malware execution linked to the observed IOCs. 5. Maintain up-to-date threat intelligence feeds and collaborate with information sharing groups to stay informed about any evolution or exploitation of these IOCs. 6. Conduct targeted phishing awareness and network hygiene training for employees to reduce the risk of initial compromise vectors that may be related to payload delivery. 7. Since no patches are available, focus on hardening network perimeter defenses and applying strict access controls to mitigate exploitation opportunities.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
a645cd3b-366d-4b03-a6e1-d9947be0c0ab
Original Timestamp
1750118587

Indicators of Compromise

Domain

ValueDescriptionCopy
domainsecurity.cleodgiflaoer.com
Unknown malware payload delivery domain (confidence level: 100%)
domainemeoxm.com
Unknown malware payload delivery domain (confidence level: 100%)
domainec2-63-33-82-34.eu-west-1.compute.amazonaws.com
Unknown malware botnet C2 domain (confidence level: 100%)
domaindown.ponjs.com
Unknown malware botnet C2 domain (confidence level: 100%)
domain19.171.learnblockchain101.com
Vidar botnet C2 domain (confidence level: 100%)
domainizumisv1.cc
Mirai botnet C2 domain (confidence level: 50%)
domainmdnditly.gotdns.ch
Mirai botnet C2 domain (confidence level: 50%)
domainqwzarterlol.ddns.net
Nanocore RAT botnet C2 domain (confidence level: 50%)
domainhackergtx-23464.portmap.io
Revenge RAT botnet C2 domain (confidence level: 50%)
domaincd-checking.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domainilikefemboys1234-38334.portmap.io
Quasar RAT botnet C2 domain (confidence level: 100%)
domainjamierose-42682.portmap.io
Quasar RAT botnet C2 domain (confidence level: 100%)
domainassociated-bk.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domainckfejrnet.airdns.org
Quasar RAT botnet C2 domain (confidence level: 100%)
domainrule-covers.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domainimhimlmai-61691.portmap.io
Quasar RAT botnet C2 domain (confidence level: 100%)
domainincludes-whose.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domainsvhost.mine.nu
Quasar RAT botnet C2 domain (confidence level: 100%)
domainif-definition.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domainiliketacos12341-30048.portmap.io
Quasar RAT botnet C2 domain (confidence level: 100%)
domainbig-expressed.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domainharunet.airdns.org
Quasar RAT botnet C2 domain (confidence level: 100%)
domainpulsar-tcp.at.remote.it
Quasar RAT botnet C2 domain (confidence level: 100%)
domaingithubrdp-22467.portmap.io
Quasar RAT botnet C2 domain (confidence level: 100%)
domainengineering-ebay.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domainfully-expensive.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domainr.aartzz.pp.ua
Quasar RAT botnet C2 domain (confidence level: 100%)
domaingta5rppppp-61894.portmap.io
Quasar RAT botnet C2 domain (confidence level: 100%)
domainlines-flags.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domainaccommodation-specialist.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domainhis-varied.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domainrepair-oscar.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domainspecter699-31351.portmap.io
Quasar RAT botnet C2 domain (confidence level: 100%)
domainenans-33358.portmap.io
Quasar RAT botnet C2 domain (confidence level: 100%)
domaindugites-44896.portmap.io
Quasar RAT botnet C2 domain (confidence level: 100%)
domainlong-importantly.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domainpacific-astronomy.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domaindewaw64518-23532.portmap.io
Quasar RAT botnet C2 domain (confidence level: 100%)
domainafrica-manufacturing.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domainbrostoplookingformyc2-21003.portmap.io
Quasar RAT botnet C2 domain (confidence level: 100%)
domaindarkarmteam-41484.portmap.io
Quasar RAT botnet C2 domain (confidence level: 100%)
domainb-proper.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domainmexico-shopper.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domainspecification.saferunion.com
FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainheld-lobby.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainlqsword.top
NetSupportManager RAT payload delivery domain (confidence level: 100%)
domainstartupcheetah.com
NetSupportManager RAT payload delivery domain (confidence level: 100%)
domainlifehod833-44653.portmap.host
XWorm botnet C2 domain (confidence level: 100%)
domainpurelogs2025.duckdns.org
XWorm botnet C2 domain (confidence level: 100%)
domainfrancia2028.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainloans-holding.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainmhzlhtools77-42857.portmap.io
XWorm botnet C2 domain (confidence level: 100%)
domainincome-suggests.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaingowanow189-20805.portmap.io
AsyncRAT botnet C2 domain (confidence level: 100%)
domainpicemo1569-41439.portmap.io
AsyncRAT botnet C2 domain (confidence level: 50%)
domainatom1234.ddns.net
DarkComet botnet C2 domain (confidence level: 50%)
domaindcupdate.duckdns.org
DCRat botnet C2 domain (confidence level: 50%)
domainjksban.duckdns.org
DCRat botnet C2 domain (confidence level: 50%)
domainwww.1545.one
Formbook botnet C2 domain (confidence level: 50%)
domainwww.46wu.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.55tg.cyou
Formbook botnet C2 domain (confidence level: 50%)
domainwww.73ha.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.76av124cg.buzz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.7vin.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.88825.vip
Formbook botnet C2 domain (confidence level: 50%)
domainwww.8qp008.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.a866.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.aitresurveyors.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.aragonglobalbrandsteam.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.aseltine.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ast30.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.bikt.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.bramsdeluxedetailing.services
Formbook botnet C2 domain (confidence level: 50%)
domainwww.chemarium.biz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ebmailexprto.click
Formbook botnet C2 domain (confidence level: 50%)
domainwww.eepbrainreorienting.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ender.plus
Formbook botnet C2 domain (confidence level: 50%)
domainwww.endo4d.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.enseicoder.sbs
Formbook botnet C2 domain (confidence level: 50%)
domainwww.eyboardnexus.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.feve.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.gzd.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.h2ct0.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.hzgtd75d3f9fae-98t5vy.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ilviunmul.pro
Formbook botnet C2 domain (confidence level: 50%)
domainwww.inlife.biz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ireplanr.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.juiox.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.lbase.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.lobalprime.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.lon.store
Formbook botnet C2 domain (confidence level: 50%)
domainwww.m29c.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.mfolio.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.nkaraharun1.store
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ogarclean.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.omprar-lixadeira.sbs
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ov-hzwu.live
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ov-payow.win
Formbook botnet C2 domain (confidence level: 50%)
domainwww.pro-gu.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.pruceandstone.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.psdtxb.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.rearypoetry.pro
Formbook botnet C2 domain (confidence level: 50%)
domainwww.reluk.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.risttechfled.cloud
Formbook botnet C2 domain (confidence level: 50%)
domainwww.rugtonow.cfd
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ryptopronetworkcom.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.seav.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.sychological.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.tamilmv.win
Formbook botnet C2 domain (confidence level: 50%)
domainwww.teyrpower.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.trener.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.tudiolegalebarbato.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ubaopenpay.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ui-qskp.win
Formbook botnet C2 domain (confidence level: 50%)
domainwww.umanrightshelp.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.umansgg.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.utopia.contact
Formbook botnet C2 domain (confidence level: 50%)
domainwww.velinhasnoreino.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.vgdns.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.wjlmv.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.yperliquid.credit
Formbook botnet C2 domain (confidence level: 50%)
domainwww.zlnrln.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.zmcx7gpt.top
Formbook botnet C2 domain (confidence level: 50%)
domainbavmv.xyz
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainmail.qaz.tw
Unknown malware botnet C2 domain (confidence level: 100%)
domainjjnfs-61366.portmap.io
XWorm botnet C2 domain (confidence level: 100%)
domaingasfeesethereum.icu
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainidriss.icu
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainmemecor.icu
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaintestnetmonad.icu
Lumma Stealer botnet C2 domain (confidence level: 50%)

Url

ValueDescriptionCopy
urlhttps://emeoxm.com/shield.msi
Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://27.25.158.13:8088/rm1m
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://a1137989.xsph.ru/57a66bf1.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://162838cm.nyashvibe.ru/imagelowupdateprocessprocessorlongpollprotecttestcdn.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://19.171.learnblockchain101.com/
Vidar botnet C2 (confidence level: 100%)
urlhttps://78.47.118.112/
Vidar botnet C2 (confidence level: 100%)
urlhttp://cf01909.tw1.ru/e54bf7d1.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://706858cm.nyashvibe.ru/packetupdatewindowsdatalife.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://inj3ct0rc.com/index.php
SmokeLoader botnet C2 (confidence level: 50%)
urlhttps://discord.com/api/v9/users/@me
Venom RAT botnet C2 (confidence level: 50%)
urlhttp://ca54422.tw1.ru/d843f598.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://hasta.digital/ayr/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://kerosibfsm.digital/guh
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://calpewawd.run/zojf
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://totalqt.xyz/gixz
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://nightdelicatekols.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://cmehh.live/taop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://t.me/qwer1304
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://fecymm.xyz/tpqx/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://t.me/kz_prokla2
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://naturelovet.top/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://dhl-lhome.xyz/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://t.me/mendzmodix
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://020854cm.nyashvibe.ru/tojavascriptmultilocalprivatetempcentral.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://nyashteamshop.ru/c15672f5.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://specification.saferunion.com/ajaxaction
FAKEUPDATES botnet C2 (confidence level: 100%)
urlhttp://cg41011.tw1.ru/6deb54a1.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://zerhoeqcdx.temp.swtest.ru/videolinepacketgametestwordpressdatalife.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://lqsword.top/lsg/bof.js
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://startupcheetah.com/h.php
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://startupcheetah.com/mnoilomi.zip
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttp://a1138565.xsph.ru/29b682a0.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://a1138046.xsph.ru/92d45cfd.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://139.196.172.224:8888/supershell/login/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://152.42.228.180:8888/supershell/login
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://172.94.96.122/
Hook botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/jmqsmpxp
AsyncRAT botnet C2 (confidence level: 50%)
urlhttp://www.1545.one/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.46wu.top/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.55tg.cyou/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.73ha.top/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.76av124cg.buzz/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.7vin.net/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.88825.vip/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.8qp008.online/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.a866.top/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.aitresurveyors.net/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.aragonglobalbrandsteam.net/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.aseltine.net/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ast30.shop/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.bikt.shop/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.bramsdeluxedetailing.services/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.chemarium.biz/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ebmailexprto.click/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.eepbrainreorienting.online/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ender.plus/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.endo4d.xyz/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.enseicoder.sbs/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.eyboardnexus.online/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.feve.online/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.gzd.net/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.h2ct0.top/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.hzgtd75d3f9fae-98t5vy.xyz/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ilviunmul.pro/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.inlife.biz/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ireplanr.info/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.juiox.xyz/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.lbase.shop/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.lobalprime.online/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.lon.store/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.m29c.top/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.mfolio.net/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.nkaraharun1.store/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ogarclean.shop/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.omprar-lixadeira.sbs/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ov-hzwu.live/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ov-payow.win/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.pro-gu.xyz/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.pruceandstone.shop/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.psdtxb.xyz/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rearypoetry.pro/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.reluk.info/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.risttechfled.cloud/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rugtonow.cfd/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ryptopronetworkcom.net/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.seav.top/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.sychological.info/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.tamilmv.win/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.teyrpower.net/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.trener.online/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.tudiolegalebarbato.net/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ubaopenpay.xyz/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ui-qskp.win/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.umanrightshelp.net/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.umansgg.shop/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.utopia.contact/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.velinhasnoreino.online/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.vgdns.net/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.wjlmv.top/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.yperliquid.credit/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.zlnrln.xyz/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.zmcx7gpt.top/o09a/
Formbook botnet C2 (confidence level: 50%)
urlhttp://ce84720.tw1.ru/60487be1.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://cn71919.tw1.ru/4b5a9f46.php
DCRat botnet C2 (confidence level: 100%)

File

ValueDescriptionCopy
file45.197.149.17
Cobalt Strike botnet C2 server (confidence level: 75%)
file111.231.145.137
Cobalt Strike botnet C2 server (confidence level: 75%)
file116.205.143.204
Cobalt Strike botnet C2 server (confidence level: 75%)
file20.81.45.185
Cobalt Strike botnet C2 server (confidence level: 75%)
file34.227.71.104
Cobalt Strike botnet C2 server (confidence level: 75%)
file13.221.71.52
Cobalt Strike botnet C2 server (confidence level: 75%)
file205.209.99.214
Remcos botnet C2 server (confidence level: 100%)
file103.202.55.193
Remcos botnet C2 server (confidence level: 100%)
file193.200.16.184
ShadowPad botnet C2 server (confidence level: 90%)
file172.94.96.209
AsyncRAT botnet C2 server (confidence level: 100%)
file160.22.106.113
Quasar RAT botnet C2 server (confidence level: 100%)
file92.118.113.110
DCRat botnet C2 server (confidence level: 100%)
file54.65.225.126
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file103.136.150.48
Unknown malware botnet C2 server (confidence level: 100%)
file84.252.121.253
Bashlite botnet C2 server (confidence level: 100%)
file123.249.103.174
AdaptixC2 botnet C2 server (confidence level: 100%)
file27.124.34.101
Ghost RAT botnet C2 server (confidence level: 75%)
file196.251.66.21
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.70.71
AsyncRAT botnet C2 server (confidence level: 100%)
file113.22.204.121
Orcus RAT botnet C2 server (confidence level: 100%)
file115.190.44.241
Unknown malware botnet C2 server (confidence level: 100%)
file68.183.190.74
Unknown malware botnet C2 server (confidence level: 100%)
file16.170.225.228
Unknown malware botnet C2 server (confidence level: 100%)
file195.201.225.3
Unknown malware botnet C2 server (confidence level: 100%)
file91.99.102.90
Unknown malware botnet C2 server (confidence level: 100%)
file3.1.6.143
Unknown malware botnet C2 server (confidence level: 100%)
file18.221.91.216
Unknown malware botnet C2 server (confidence level: 100%)
file213.239.255.105
Unknown malware botnet C2 server (confidence level: 100%)
file110.41.44.100
Sliver botnet C2 server (confidence level: 100%)
file66.63.187.22
SectopRAT botnet C2 server (confidence level: 100%)
file193.138.195.22
Venom RAT botnet C2 server (confidence level: 100%)
file13.246.12.142
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file78.47.118.112
Vidar botnet C2 server (confidence level: 100%)
file49.12.119.95
Vidar botnet C2 server (confidence level: 100%)
file47.105.122.4
Cobalt Strike botnet C2 server (confidence level: 100%)
file18.136.205.188
Cobalt Strike botnet C2 server (confidence level: 100%)
file118.178.235.206
Cobalt Strike botnet C2 server (confidence level: 100%)
file120.26.119.109
Cobalt Strike botnet C2 server (confidence level: 100%)
file110.41.169.126
Cobalt Strike botnet C2 server (confidence level: 100%)
file217.154.212.25
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.222.253.61
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.159.57.217
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.147.186.86
Cobalt Strike botnet C2 server (confidence level: 100%)
file107.173.122.193
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.138.140.134
Cobalt Strike botnet C2 server (confidence level: 100%)
file115.238.252.51
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.106.72.191
Cobalt Strike botnet C2 server (confidence level: 100%)
file23.249.28.80
Ghost RAT botnet C2 server (confidence level: 100%)
file185.225.69.182
Sliver botnet C2 server (confidence level: 100%)
file93.204.217.10
AsyncRAT botnet C2 server (confidence level: 100%)
file5.189.21.45
AsyncRAT botnet C2 server (confidence level: 100%)
file172.94.96.143
AsyncRAT botnet C2 server (confidence level: 100%)
file185.130.214.121
Havoc botnet C2 server (confidence level: 100%)
file34.55.12.52
Havoc botnet C2 server (confidence level: 100%)
file34.55.12.52
Havoc botnet C2 server (confidence level: 100%)
file3.69.157.220
DCRat botnet C2 server (confidence level: 100%)
file54.250.206.117
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file117.72.118.156
AdaptixC2 botnet C2 server (confidence level: 100%)
file23.227.199.61
AdaptixC2 botnet C2 server (confidence level: 100%)
file136.32.173.92
Havoc botnet C2 server (confidence level: 75%)
file24.158.33.17
QakBot botnet C2 server (confidence level: 75%)
file35.84.184.254
Unknown malware botnet C2 server (confidence level: 75%)
file154.37.155.198
Cobalt Strike botnet C2 server (confidence level: 50%)
file124.243.178.144
Cobalt Strike botnet C2 server (confidence level: 50%)
file154.85.54.80
Cobalt Strike botnet C2 server (confidence level: 50%)
file146.70.113.140
Cobalt Strike botnet C2 server (confidence level: 50%)
file106.75.218.156
Cobalt Strike botnet C2 server (confidence level: 50%)
file20.6.32.58
Unknown malware botnet C2 server (confidence level: 50%)
file20.162.125.254
Unknown malware botnet C2 server (confidence level: 50%)
file188.40.233.11
Unknown malware botnet C2 server (confidence level: 50%)
file82.221.141.137
Sliver botnet C2 server (confidence level: 50%)
file4.201.154.169
Sliver botnet C2 server (confidence level: 50%)
file66.63.187.89
AsyncRAT botnet C2 server (confidence level: 50%)
file3.129.23.119
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file46.142.145.6
Ghost RAT botnet C2 server (confidence level: 50%)
file13.39.158.86
BlackShades botnet C2 server (confidence level: 50%)
file96.9.124.161
ERMAC botnet C2 server (confidence level: 50%)
file51.94.182.50
Unknown malware botnet C2 server (confidence level: 50%)
file194.62.248.177
DCRat botnet C2 server (confidence level: 50%)
file196.251.116.234
Remcos botnet C2 server (confidence level: 50%)
file216.9.224.122
Remcos botnet C2 server (confidence level: 50%)
file216.9.224.122
Remcos botnet C2 server (confidence level: 50%)
file213.142.157.63
Quasar RAT botnet C2 server (confidence level: 100%)
file51.89.33.176
Quasar RAT botnet C2 server (confidence level: 100%)
file147.185.221.29
Quasar RAT botnet C2 server (confidence level: 100%)
file147.185.221.29
Quasar RAT botnet C2 server (confidence level: 100%)
file118.174.212.139
Quasar RAT botnet C2 server (confidence level: 100%)
file66.63.187.164
Quasar RAT botnet C2 server (confidence level: 100%)
file194.146.38.48
Quasar RAT botnet C2 server (confidence level: 100%)
file85.215.194.143
Quasar RAT botnet C2 server (confidence level: 100%)
file41.216.188.233
Quasar RAT botnet C2 server (confidence level: 100%)
file94.143.231.171
Quasar RAT botnet C2 server (confidence level: 100%)
file31.57.38.63
Quasar RAT botnet C2 server (confidence level: 100%)
file31.13.208.124
Quasar RAT botnet C2 server (confidence level: 100%)
file196.251.83.245
Quasar RAT botnet C2 server (confidence level: 100%)
file74.82.63.205
Quasar RAT botnet C2 server (confidence level: 100%)
file185.81.158.14
Quasar RAT botnet C2 server (confidence level: 100%)
file83.147.255.201
Quasar RAT botnet C2 server (confidence level: 100%)
file151.242.63.239
Quasar RAT botnet C2 server (confidence level: 100%)
file185.254.96.157
Quasar RAT botnet C2 server (confidence level: 100%)
file94.21.25.164
Quasar RAT botnet C2 server (confidence level: 100%)
file149.50.97.147
Quasar RAT botnet C2 server (confidence level: 100%)
file192.159.99.145
Quasar RAT botnet C2 server (confidence level: 100%)
file86.82.149.162
Quasar RAT botnet C2 server (confidence level: 100%)
file78.108.216.225
Quasar RAT botnet C2 server (confidence level: 100%)
file147.185.221.29
Quasar RAT botnet C2 server (confidence level: 100%)
file47.122.121.164
Quasar RAT botnet C2 server (confidence level: 100%)
file185.149.233.28
Remcos botnet C2 server (confidence level: 100%)
file196.251.83.180
Remcos botnet C2 server (confidence level: 75%)
file67.21.33.183
Remcos botnet C2 server (confidence level: 75%)
file67.21.33.183
Remcos botnet C2 server (confidence level: 75%)
file67.21.33.183
Remcos botnet C2 server (confidence level: 75%)
file154.37.212.126
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.137.149.67
Cobalt Strike botnet C2 server (confidence level: 100%)
file1.94.116.218
Cobalt Strike botnet C2 server (confidence level: 100%)
file129.211.66.40
Cobalt Strike botnet C2 server (confidence level: 100%)
file123.55.223.34
Sliver botnet C2 server (confidence level: 100%)
file195.177.94.244
Quasar RAT botnet C2 server (confidence level: 100%)
file34.27.147.214
Havoc botnet C2 server (confidence level: 100%)
file34.134.239.46
Havoc botnet C2 server (confidence level: 100%)
file34.134.239.46
Havoc botnet C2 server (confidence level: 100%)
file34.42.229.193
Havoc botnet C2 server (confidence level: 100%)
file125.25.98.201
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file3.108.66.143
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file185.139.70.96
FAKEUPDATES payload delivery server (confidence level: 100%)
file23.27.134.245
FAKEUPDATES botnet C2 server (confidence level: 100%)
file66.63.187.164
XWorm botnet C2 server (confidence level: 100%)
file66.63.187.164
NjRAT botnet C2 server (confidence level: 100%)
file51.89.166.173
NjRAT botnet C2 server (confidence level: 100%)
file154.94.232.120
ValleyRAT botnet C2 server (confidence level: 100%)
file34.130.77.237
Mirai botnet C2 server (confidence level: 100%)
file196.251.66.110
Remcos botnet C2 server (confidence level: 75%)
file107.172.232.68
Remcos botnet C2 server (confidence level: 75%)
file107.172.232.68
Remcos botnet C2 server (confidence level: 75%)
file38.132.101.38
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file157.254.167.71
FAKEUPDATES botnet C2 server (confidence level: 100%)
file117.72.223.157
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.93.31.78
Cobalt Strike botnet C2 server (confidence level: 100%)
file66.63.187.206
Latrodectus botnet C2 server (confidence level: 90%)
file45.148.18.44
Remcos botnet C2 server (confidence level: 100%)
file45.74.16.85
Remcos botnet C2 server (confidence level: 100%)
file173.225.101.112
Remcos botnet C2 server (confidence level: 100%)
file118.31.41.114
Sliver botnet C2 server (confidence level: 100%)
file196.251.66.21
AsyncRAT botnet C2 server (confidence level: 100%)
file35.224.191.236
Havoc botnet C2 server (confidence level: 100%)
file13.246.35.159
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file51.17.4.106
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file51.17.4.106
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file34.124.173.46
MooBot botnet C2 server (confidence level: 100%)
file5.88.105.223
Unknown malware botnet C2 server (confidence level: 100%)
file45.155.37.24
XWorm botnet C2 server (confidence level: 100%)
file83.168.110.120
RedLine Stealer botnet C2 server (confidence level: 100%)
file87.120.186.37
XWorm botnet C2 server (confidence level: 100%)
file144.172.122.24
XWorm botnet C2 server (confidence level: 100%)
file116.205.143.204
Cobalt Strike botnet C2 server (confidence level: 75%)
file43.100.117.240
ValleyRAT botnet C2 server (confidence level: 100%)
file3.79.63.177
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file13.61.14.119
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file34.134.239.46
Havoc botnet C2 server (confidence level: 50%)
file185.224.128.52
Sliver botnet C2 server (confidence level: 50%)
file152.67.14.88
ShadowPad botnet C2 server (confidence level: 50%)
file144.172.93.250
Unknown malware botnet C2 server (confidence level: 50%)
file193.161.193.99
AsyncRAT botnet C2 server (confidence level: 50%)
file2.58.56.61
Remcos botnet C2 server (confidence level: 50%)
file66.63.187.194
Latrodectus botnet C2 server (confidence level: 90%)
file193.29.59.254
Unknown RAT botnet C2 server (confidence level: 100%)
file196.251.115.59
AsyncRAT botnet C2 server (confidence level: 100%)
file134.122.200.96
Hook botnet C2 server (confidence level: 100%)
file185.72.199.115
Quasar RAT botnet C2 server (confidence level: 100%)
file3.29.129.151
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file5.78.84.144
MimiKatz botnet C2 server (confidence level: 100%)
file38.132.122.145
AdaptixC2 botnet C2 server (confidence level: 100%)
file107.161.154.18
BianLian botnet C2 server (confidence level: 75%)
file130.162.241.34
DeimosC2 botnet C2 server (confidence level: 75%)
file143.244.136.94
Sliver botnet C2 server (confidence level: 75%)
file38.246.73.120
DOPLUGS botnet C2 server (confidence level: 100%)
file38.246.73.120
DOPLUGS botnet C2 server (confidence level: 100%)
file191.112.25.237
QakBot botnet C2 server (confidence level: 75%)
file52.221.211.91
Unknown malware botnet C2 server (confidence level: 75%)
file70.31.125.17
QakBot botnet C2 server (confidence level: 75%)
file211.149.175.185
ValleyRAT botnet C2 server (confidence level: 100%)
file188.212.158.75
NjRAT botnet C2 server (confidence level: 100%)
file47.107.136.106
Cobalt Strike botnet C2 server (confidence level: 75%)

Hash

ValueDescriptionCopy
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash7070
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash80
ShadowPad botnet C2 server (confidence level: 90%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash65430
Quasar RAT botnet C2 server (confidence level: 100%)
hash7777
DCRat botnet C2 server (confidence level: 100%)
hash34666
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash1337
Bashlite botnet C2 server (confidence level: 100%)
hash44321
AdaptixC2 botnet C2 server (confidence level: 100%)
hash6665
Ghost RAT botnet C2 server (confidence level: 75%)
hash2222
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
AsyncRAT botnet C2 server (confidence level: 100%)
hash4444
Orcus RAT botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash1920
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Sliver botnet C2 server (confidence level: 100%)
hash9000
SectopRAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash2403
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash81
Cobalt Strike botnet C2 server (confidence level: 100%)
hash801
Cobalt Strike botnet C2 server (confidence level: 100%)
hash58888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8123
Cobalt Strike botnet C2 server (confidence level: 100%)
hash800
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash14994
Ghost RAT botnet C2 server (confidence level: 100%)
hash80
Sliver botnet C2 server (confidence level: 100%)
hash51124
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash3389
Havoc botnet C2 server (confidence level: 100%)
hash13372
DCRat botnet C2 server (confidence level: 100%)
hash20999
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash4321
AdaptixC2 botnet C2 server (confidence level: 100%)
hash43211
AdaptixC2 botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 75%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash80
Unknown malware botnet C2 server (confidence level: 75%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8082
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8989
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash1337
AsyncRAT botnet C2 server (confidence level: 50%)
hash2404
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash80
Ghost RAT botnet C2 server (confidence level: 50%)
hash3269
BlackShades botnet C2 server (confidence level: 50%)
hash8099
ERMAC botnet C2 server (confidence level: 50%)
hash6308
Unknown malware botnet C2 server (confidence level: 50%)
hash8848
DCRat botnet C2 server (confidence level: 50%)
hash31422
Remcos botnet C2 server (confidence level: 50%)
hash14044
Remcos botnet C2 server (confidence level: 50%)
hash14045
Remcos botnet C2 server (confidence level: 50%)
hash1604
Quasar RAT botnet C2 server (confidence level: 100%)
hash47842
Quasar RAT botnet C2 server (confidence level: 100%)
hash21198
Quasar RAT botnet C2 server (confidence level: 100%)
hash16901
Quasar RAT botnet C2 server (confidence level: 100%)
hash8888
Quasar RAT botnet C2 server (confidence level: 100%)
hash8596
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash4800
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash1533
Quasar RAT botnet C2 server (confidence level: 100%)
hash3333
Quasar RAT botnet C2 server (confidence level: 100%)
hash4847
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash50000
Quasar RAT botnet C2 server (confidence level: 100%)
hash15900
Quasar RAT botnet C2 server (confidence level: 100%)
hash3535
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash4785
Quasar RAT botnet C2 server (confidence level: 100%)
hash19627
Quasar RAT botnet C2 server (confidence level: 100%)
hash51712
Quasar RAT botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 75%)
hash10050
Remcos botnet C2 server (confidence level: 75%)
hash10051
Remcos botnet C2 server (confidence level: 75%)
hash26000
Remcos botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash40000
Sliver botnet C2 server (confidence level: 100%)
hash7001
Quasar RAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash3389
Havoc botnet C2 server (confidence level: 100%)
hash3389
Havoc botnet C2 server (confidence level: 100%)
hash7443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash7547
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443
FAKEUPDATES payload delivery server (confidence level: 100%)
hash443
FAKEUPDATES botnet C2 server (confidence level: 100%)
hash8594
XWorm botnet C2 server (confidence level: 100%)
hash8595
NjRAT botnet C2 server (confidence level: 100%)
hash12321
NjRAT botnet C2 server (confidence level: 100%)
hash9090
ValleyRAT botnet C2 server (confidence level: 100%)
hash5329
Mirai botnet C2 server (confidence level: 100%)
hash5007
Remcos botnet C2 server (confidence level: 75%)
hash7000
Remcos botnet C2 server (confidence level: 75%)
hash7002
Remcos botnet C2 server (confidence level: 75%)
hash443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443
FAKEUPDATES botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Latrodectus botnet C2 server (confidence level: 90%)
hash63513
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash6711
Remcos botnet C2 server (confidence level: 100%)
hash8088
Sliver botnet C2 server (confidence level: 100%)
hash8888
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash29057
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash22636
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash46736
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash50002
XWorm botnet C2 server (confidence level: 100%)
hash43881
RedLine Stealer botnet C2 server (confidence level: 100%)
hash32984
XWorm botnet C2 server (confidence level: 100%)
hash8080
XWorm botnet C2 server (confidence level: 100%)
hash60600
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
ValleyRAT botnet C2 server (confidence level: 100%)
hash5010
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash18059
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash80
Havoc botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash8083
ShadowPad botnet C2 server (confidence level: 50%)
hash443
Unknown malware botnet C2 server (confidence level: 50%)
hash41439
AsyncRAT botnet C2 server (confidence level: 50%)
hash2404
Remcos botnet C2 server (confidence level: 50%)
hash443
Latrodectus botnet C2 server (confidence level: 90%)
hash80
Unknown RAT botnet C2 server (confidence level: 100%)
hash8088
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash1717
Quasar RAT botnet C2 server (confidence level: 100%)
hash135
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8000
MimiKatz botnet C2 server (confidence level: 100%)
hash43211
AdaptixC2 botnet C2 server (confidence level: 100%)
hash8080
BianLian botnet C2 server (confidence level: 75%)
hash8772
DeimosC2 botnet C2 server (confidence level: 75%)
hash8888
Sliver botnet C2 server (confidence level: 75%)
hash5985
DOPLUGS botnet C2 server (confidence level: 100%)
hash443
DOPLUGS botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash60000
Unknown malware botnet C2 server (confidence level: 75%)
hash2222
QakBot botnet C2 server (confidence level: 75%)
hash20801
ValleyRAT botnet C2 server (confidence level: 100%)
hash5556
NjRAT botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)

Threat ID: 6850b485a8c921274384d5ca

Added to database: 6/17/2025, 12:19:18 AM

Last enriched: 6/17/2025, 12:34:35 AM

Last updated: 8/15/2025, 8:07:13 AM

Views: 13

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats