Skip to main content

ThreatFox IOCs for 2025-06-18

Medium
Published: Wed Jun 18 2025 (06/18/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-06-18

AI-Powered Analysis

AILast updated: 06/19/2025, 00:31:37 UTC

Technical Analysis

The provided threat information pertains to a malware-related entry titled "ThreatFox IOCs for 2025-06-18," sourced from the ThreatFox MISP feed. This entry primarily concerns indicators of compromise (IOCs) related to open-source intelligence (OSINT) activities, payload delivery mechanisms, and network activity. The threat is categorized under OSINT and payload delivery, suggesting it involves the collection or use of publicly available information to facilitate malware distribution or network-based attacks. Notably, there are no specific affected software versions or products listed, indicating that this threat is not tied to a particular vulnerability in a software product but rather represents a broader malware campaign or set of indicators. The absence of known exploits in the wild and the lack of available patches further support that this is an intelligence or detection-focused entry rather than a direct exploit of a software flaw. The technical details indicate a moderate threat level (2 on an unspecified scale) with some analysis and distribution activity noted. The lack of concrete indicators or CWEs (Common Weakness Enumerations) limits the ability to pinpoint exact attack vectors or malware families involved. Overall, this entry appears to be a collection or update of IOCs related to malware campaigns that leverage OSINT for payload delivery and network activity, serving as a resource for threat detection and intelligence rather than describing a novel or active exploit targeting specific software.

Potential Impact

For European organizations, the impact of this threat lies primarily in its role as a source of intelligence on malware campaigns that utilize OSINT techniques for payload delivery and network-based operations. While no direct exploit or vulnerability is identified, organizations that fail to incorporate these IOCs into their detection and response workflows may be at increased risk of undetected malware infections or network intrusions. The threat's medium severity suggests a moderate risk of confidentiality breaches, potential integrity compromises through malware payloads, and availability impacts if the malware disrupts network operations. Given the lack of specific affected products, the threat could potentially impact a wide range of organizations, especially those with significant network exposure or those that rely heavily on OSINT-derived data for operational purposes. The absence of known exploits in the wild reduces immediate risk but does not eliminate the possibility of future exploitation or the use of these IOCs by threat actors to enhance their campaigns. European organizations in sectors such as finance, critical infrastructure, and government may face increased risk due to the strategic value of their data and networks, making them attractive targets for malware campaigns leveraging OSINT.

Mitigation Recommendations

To mitigate risks associated with this threat, European organizations should implement the following specific measures: 1) Integrate the latest ThreatFox IOCs into existing security information and event management (SIEM) systems and endpoint detection and response (EDR) tools to enhance detection capabilities against malware payloads and network activity linked to OSINT-driven campaigns. 2) Conduct regular threat hunting exercises focused on network traffic anomalies and suspicious payload delivery patterns that align with the provided IOCs, even in the absence of known exploits. 3) Strengthen network segmentation and monitoring to limit the lateral movement of malware if initial compromise occurs, particularly focusing on segments handling sensitive or critical data. 4) Enhance employee training on recognizing phishing or social engineering attempts that may be informed by OSINT, as these are common initial vectors for payload delivery. 5) Collaborate with national and European cybersecurity information sharing platforms to stay updated on evolving IOCs and threat actor tactics related to OSINT-based malware campaigns. 6) Since no patches are available, emphasize proactive detection and response rather than reliance on vulnerability remediation. 7) Employ network traffic analysis tools capable of identifying unusual outbound connections or command-and-control communications that may be associated with the malware indicated by these IOCs.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
bbeb4908-1500-4f6f-8805-5e459626bf7e
Original Timestamp
1750291386

Indicators of Compromise

Domain

ValueDescriptionCopy
domainsecurity.fizaregiyard.com
Unknown malware payload delivery domain (confidence level: 100%)
domainwepolix.com
Unknown malware payload delivery domain (confidence level: 100%)
domainwww.ssatech.online
AsyncRAT botnet C2 domain (confidence level: 100%)
domainwww.waillyrx5.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domain100.56.171.34.bc.googleusercontent.com
Havoc botnet C2 domain (confidence level: 100%)
domainapis.accountsgoogle.loginlivemiscrosoftonline.duckdns.org
Havoc botnet C2 domain (confidence level: 100%)
domainplay.accountsgooogle.loginlivemiscrosoftonline.duckdns.org
Havoc botnet C2 domain (confidence level: 100%)
domainzoutailian.jlx9.asia
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainecs-113-44-144-145.compute.hwclouds-dns.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainmta73.bwcasino.email
Unknown malware botnet C2 domain (confidence level: 100%)
domainsantutxuht.eus
Unknown malware botnet C2 domain (confidence level: 100%)
domainssl.accountsgoogle.loginlivemiscrosoftonline.duckdns.org
Havoc botnet C2 domain (confidence level: 100%)
domainsingtelcom.site
DOPLUGS botnet C2 domain (confidence level: 100%)
domainnnnpanel.top
Unknown RAT botnet C2 domain (confidence level: 100%)
domain9.20.storysaverr.app
Vidar botnet C2 domain (confidence level: 100%)
domaineraqron.shop
Unknown Stealer botnet C2 domain (confidence level: 100%)
domaingreatthingsstillhappen.duckdns.org
Unknown RAT botnet C2 domain (confidence level: 100%)
domainboss2468.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainactwindowdsdriver.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainupdatedrvier.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainboyz2346.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domaingivedem.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domaingivedem2.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainsecurityhealthmonitor.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainsecurityhealthsystray.accesscam.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domaincloused-flow.site
HijackLoader botnet C2 domain (confidence level: 49%)
domaindebianlist.cfd
HijackLoader botnet C2 domain (confidence level: 49%)
domaincdnnode-01.cfd
HijackLoader botnet C2 domain (confidence level: 49%)
domainservicesmesh.pro
HijackLoader botnet C2 domain (confidence level: 49%)
domainncloud-servers.shop
HijackLoader botnet C2 domain (confidence level: 49%)
domainbrokpolok.shop
HijackLoader botnet C2 domain (confidence level: 49%)
domaind-nodes.shop
HijackLoader botnet C2 domain (confidence level: 49%)
domainuplink-mirrors.shop
HijackLoader botnet C2 domain (confidence level: 49%)
domainnupdate0625.com
Unknown Loader botnet C2 domain (confidence level: 100%)
domainmohamed88.work.gd
Houdini botnet C2 domain (confidence level: 100%)
domainkizitodavina.kozow.com
Houdini botnet C2 domain (confidence level: 100%)
domainunitedigs.org
Unknown Stealer botnet C2 domain (confidence level: 100%)
domaincrownmedicals.com
Spyder Patchwork botnet C2 domain (confidence level: 50%)
domainpopcornstudy.info
Spyder Patchwork botnet C2 domain (confidence level: 50%)
domainpurpleyh.info
Spyder Patchwork botnet C2 domain (confidence level: 50%)
domainredcardboard.info
Spyder Patchwork botnet C2 domain (confidence level: 50%)
domainhosts.dynuddns.com
Unknown RAT botnet C2 domain (confidence level: 100%)
domainarvnd.duckdns.org
Crimson RAT botnet C2 domain (confidence level: 100%)
domainwinter-criminal.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainunit-sap.gl.at.ply.gg
AsyncRAT botnet C2 domain (confidence level: 100%)
domaincocohack.dtdns.net
Revenge RAT botnet C2 domain (confidence level: 100%)
domainshnf-47787.portmap.io
Revenge RAT botnet C2 domain (confidence level: 100%)
domainyj233.e1.luyouxia.net
Revenge RAT botnet C2 domain (confidence level: 100%)
domainyukselofficial.duckdns.org
Revenge RAT botnet C2 domain (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttps://wepolix.com/shield.msi
Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://a1139192.xsph.ru/3ddfcbfe.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://dan-ban.bz/xder.ps1
Unknown Stealer payload delivery URL (confidence level: 100%)
urlhttps://78.47.43.88/
Vidar botnet C2 (confidence level: 100%)
urlhttps://9.20.storysaverr.app/
Vidar botnet C2 (confidence level: 100%)
urlhttps://b1.wreckermodule.life/up
ACR Stealer botnet C2 (confidence level: 100%)
urlhttps://b1.wreckermodule.life/up/f
ACR Stealer botnet C2 (confidence level: 100%)
urlhttps://b1.wreckermodule.life/up/g
ACR Stealer botnet C2 (confidence level: 100%)
urlhttps://b1.wreckermodule.life/up/b
ACR Stealer botnet C2 (confidence level: 100%)
urlhttps://b1.wreckermodule.life/up/p
ACR Stealer botnet C2 (confidence level: 100%)
urlhttps://b1.husbandlandside.top/up
ACR Stealer botnet C2 (confidence level: 100%)
urlhttps://b1.husbandlandside.top/up/g
ACR Stealer botnet C2 (confidence level: 100%)
urlhttps://b1.husbandlandside.top/up/f
ACR Stealer botnet C2 (confidence level: 100%)
urlhttp://nupdate0625.com/server.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttp://47.108.250.101:48332/t6mf
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://91.92.46.53/providervideolineapigeneratordatalifedlepubliccdntemporary.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://knees.nidnaver.cloud/free0510/view.php
Kimsuky botnet C2 (confidence level: 100%)
urlhttp://toes.nidnaver.cloud/free0510/dn.php
Kimsuky botnet C2 (confidence level: 100%)
urlhttp://w7fsbv.onlinewebshop.net/dnl.php
Kimsuky botnet C2 (confidence level: 100%)
urlhttps://stock-investing-basics.com/jessica/wp-includes/js/common/src/get.php
Unknown Stealer botnet C2 (confidence level: 100%)
urlhttps://stock-investing-basics.com/jessica/wp-includes/js/common/src/upload.php
Unknown Stealer botnet C2 (confidence level: 100%)
urlhttps://stock-investing-basics.com/jessica/wp-includes/js/common/src/list.php
Unknown Stealer botnet C2 (confidence level: 100%)
urlhttp://89.150.35.144/cpuprocessdatalifeuploads.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://a1139452.xsph.ru/7a118371.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://a1136783.xsph.ru/f0b26eec.php
DCRat botnet C2 (confidence level: 100%)

File

ValueDescriptionCopy
file8.155.7.173
Cobalt Strike botnet C2 server (confidence level: 100%)
file123.249.3.92
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.104.78.25
Cobalt Strike botnet C2 server (confidence level: 100%)
file196.251.72.80
Remcos botnet C2 server (confidence level: 100%)
file85.209.128.39
AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.106.75
AsyncRAT botnet C2 server (confidence level: 100%)
file151.242.58.75
AsyncRAT botnet C2 server (confidence level: 100%)
file172.94.96.143
AsyncRAT botnet C2 server (confidence level: 100%)
file3.129.217.57
Havoc botnet C2 server (confidence level: 100%)
file46.246.82.3
DCRat botnet C2 server (confidence level: 100%)
file18.100.123.189
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file47.96.164.62
Chaos botnet C2 server (confidence level: 100%)
file18.221.91.216
Unknown malware botnet C2 server (confidence level: 100%)
file196.251.118.249
AdaptixC2 botnet C2 server (confidence level: 100%)
file95.163.158.71
BianLian botnet C2 server (confidence level: 100%)
file110.41.64.140
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.92.144.57
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.126.152.1
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.226.8.163
Cobalt Strike botnet C2 server (confidence level: 100%)
file104.198.32.120
Unknown malware botnet C2 server (confidence level: 100%)
file35.244.112.145
Havoc botnet C2 server (confidence level: 100%)
file3.76.252.105
Havoc botnet C2 server (confidence level: 100%)
file196.251.80.106
DCRat botnet C2 server (confidence level: 100%)
file85.90.196.153
Lumma Stealer botnet C2 server (confidence level: 100%)
file195.82.146.191
Lumma Stealer botnet C2 server (confidence level: 100%)
file195.82.146.191
Lumma Stealer botnet C2 server (confidence level: 100%)
file213.232.235.144
MooBot botnet C2 server (confidence level: 100%)
file83.229.123.144
Unknown malware botnet C2 server (confidence level: 100%)
file117.72.210.182
Unknown malware botnet C2 server (confidence level: 100%)
file98.70.37.51
Unknown malware botnet C2 server (confidence level: 100%)
file139.9.205.149
Unknown malware botnet C2 server (confidence level: 100%)
file3.123.17.30
Unknown malware botnet C2 server (confidence level: 100%)
file103.150.100.184
Unknown malware botnet C2 server (confidence level: 100%)
file178.128.243.207
Unknown malware botnet C2 server (confidence level: 100%)
file192.108.125.31
Unknown malware botnet C2 server (confidence level: 100%)
file4.185.49.89
Unknown malware botnet C2 server (confidence level: 100%)
file213.239.255.106
Unknown malware botnet C2 server (confidence level: 100%)
file34.194.252.119
Unknown malware botnet C2 server (confidence level: 100%)
file141.94.205.28
Unknown malware botnet C2 server (confidence level: 100%)
file39.107.68.127
Unknown malware botnet C2 server (confidence level: 100%)
file85.215.228.111
Unknown malware botnet C2 server (confidence level: 100%)
file52.58.96.117
Unknown malware botnet C2 server (confidence level: 100%)
file47.98.220.237
Unknown malware botnet C2 server (confidence level: 100%)
file85.215.152.43
Unknown malware botnet C2 server (confidence level: 100%)
file4.213.152.243
Unknown malware botnet C2 server (confidence level: 100%)
file103.27.207.3
Unknown malware botnet C2 server (confidence level: 100%)
file52.221.226.171
Unknown malware botnet C2 server (confidence level: 100%)
file35.181.4.126
Unknown malware botnet C2 server (confidence level: 100%)
file35.170.4.194
Unknown malware botnet C2 server (confidence level: 100%)
file161.97.98.228
Unknown malware botnet C2 server (confidence level: 100%)
file164.68.96.211
Unknown malware botnet C2 server (confidence level: 100%)
file115.120.217.77
Cobalt Strike botnet C2 server (confidence level: 100%)
file173.214.166.105
Remcos botnet C2 server (confidence level: 100%)
file82.73.7.177
Cobalt Strike botnet C2 server (confidence level: 100%)
file107.150.0.60
Latrodectus botnet C2 server (confidence level: 90%)
file62.234.169.145
ValleyRAT botnet C2 server (confidence level: 100%)
file192.254.66.109
FAKEUPDATES botnet C2 server (confidence level: 100%)
file31.13.190.10
Remcos botnet C2 server (confidence level: 75%)
file78.47.23.141
Vidar botnet C2 server (confidence level: 100%)
file78.47.43.88
Vidar botnet C2 server (confidence level: 100%)
file106.52.6.128
Cobalt Strike botnet C2 server (confidence level: 100%)
file72.18.215.152
Cobalt Strike botnet C2 server (confidence level: 100%)
file1.94.137.198
Cobalt Strike botnet C2 server (confidence level: 100%)
file5.34.176.103
Cobalt Strike botnet C2 server (confidence level: 100%)
file122.51.68.190
Cobalt Strike botnet C2 server (confidence level: 100%)
file216.9.224.152
Remcos botnet C2 server (confidence level: 75%)
file62.60.247.105
Unknown RAT botnet C2 server (confidence level: 75%)
file139.28.219.38
Remcos botnet C2 server (confidence level: 75%)
file181.206.158.190
Remcos botnet C2 server (confidence level: 75%)
file181.206.158.190
Remcos botnet C2 server (confidence level: 75%)
file37.120.206.166
Remcos botnet C2 server (confidence level: 75%)
file152.89.162.7
Remcos botnet C2 server (confidence level: 100%)
file191.93.118.254
AsyncRAT botnet C2 server (confidence level: 75%)
file47.122.113.29
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.30.201.191
Ghost RAT botnet C2 server (confidence level: 100%)
file3.15.182.56
Sliver botnet C2 server (confidence level: 100%)
file110.41.44.100
Unknown malware botnet C2 server (confidence level: 100%)
file1.13.185.85
Unknown malware botnet C2 server (confidence level: 100%)
file88.252.167.136
AsyncRAT botnet C2 server (confidence level: 100%)
file89.32.41.47
Unknown malware botnet C2 server (confidence level: 100%)
file165.22.72.249
Unknown malware botnet C2 server (confidence level: 100%)
file161.97.78.71
Unknown malware botnet C2 server (confidence level: 100%)
file185.229.119.133
Hook botnet C2 server (confidence level: 100%)
file27.102.132.202
Havoc botnet C2 server (confidence level: 100%)
file191.93.118.254
AsyncRAT botnet C2 server (confidence level: 75%)
file43.250.175.218
DCRat botnet C2 server (confidence level: 100%)
file54.95.193.41
Brute Ratel C4 botnet C2 server (confidence level: 100%)
file172.94.96.245
Remcos botnet C2 server (confidence level: 75%)
file45.8.125.187
Unknown RAT botnet C2 server (confidence level: 75%)
file150.136.135.145
Sliver botnet C2 server (confidence level: 75%)
file188.49.79.81
QakBot botnet C2 server (confidence level: 75%)
file45.32.235.36
DeimosC2 botnet C2 server (confidence level: 75%)
file70.31.125.17
QakBot botnet C2 server (confidence level: 75%)
file85.133.214.245
DeimosC2 botnet C2 server (confidence level: 75%)
file46.246.4.6
Houdini botnet C2 server (confidence level: 75%)
file47.108.250.101
Cobalt Strike botnet C2 server (confidence level: 100%)
file91.210.171.204
Unknown Loader botnet C2 server (confidence level: 75%)
file124.156.147.33
ValleyRAT botnet C2 server (confidence level: 100%)
file170.253.28.193
Meterpreter botnet C2 server (confidence level: 75%)
file217.195.153.81
AsyncRAT botnet C2 server (confidence level: 100%)
file47.238.118.253
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.92.34.168
Cobalt Strike botnet C2 server (confidence level: 100%)
file49.233.35.103
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.120.78.56
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.120.78.56
Cobalt Strike botnet C2 server (confidence level: 100%)
file85.158.110.179
SectopRAT botnet C2 server (confidence level: 100%)
file165.22.72.249
Unknown malware botnet C2 server (confidence level: 100%)
file185.72.199.77
Quasar RAT botnet C2 server (confidence level: 100%)
file16.62.221.28
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file124.222.253.61
Cobalt Strike botnet C2 server (confidence level: 75%)
file191.96.79.137
XWorm botnet C2 server (confidence level: 75%)
file85.90.196.153
Lumma Stealer botnet C2 server (confidence level: 100%)
file46.246.4.6
Houdini botnet C2 server (confidence level: 75%)
file102.88.55.199
Houdini botnet C2 server (confidence level: 75%)
file212.23.222.56
Unknown RAT botnet C2 server (confidence level: 75%)
file3.69.157.220
NjRAT botnet C2 server (confidence level: 75%)
file111.170.19.239
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.55.129.94
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.255.49.28
Remcos botnet C2 server (confidence level: 100%)
file86.54.42.76
Sliver botnet C2 server (confidence level: 100%)
file9.169.156.105
Sliver botnet C2 server (confidence level: 100%)
file54.91.53.71
Unknown malware botnet C2 server (confidence level: 100%)
file171.22.31.199
DCRat botnet C2 server (confidence level: 100%)
file95.163.158.71
BianLian botnet C2 server (confidence level: 100%)
file27.124.2.138
XWorm botnet C2 server (confidence level: 75%)
file191.96.207.213
Unknown RAT botnet C2 server (confidence level: 75%)
file35.158.159.254
NjRAT botnet C2 server (confidence level: 75%)
file138.68.79.95
Nanocore RAT botnet C2 server (confidence level: 75%)
file154.248.78.10
NjRAT botnet C2 server (confidence level: 75%)
file87.121.105.130
AsyncRAT botnet C2 server (confidence level: 100%)
file154.23.178.208
ValleyRAT botnet C2 server (confidence level: 100%)
file174.107.222.28
AsyncRAT botnet C2 server (confidence level: 100%)
file174.107.222.28
AsyncRAT botnet C2 server (confidence level: 100%)
file47.91.237.42
Cobalt Strike botnet C2 server (confidence level: 100%)
file156.238.246.6
Ghost RAT botnet C2 server (confidence level: 100%)
file101.42.239.131
Cobalt Strike botnet C2 server (confidence level: 100%)
file49.233.35.103
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.144.217.213
Ghost RAT botnet C2 server (confidence level: 100%)
file1.13.187.54
Ghost RAT botnet C2 server (confidence level: 100%)
file18.183.72.243
AsyncRAT botnet C2 server (confidence level: 100%)
file185.82.73.108
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.85.2
Venom RAT botnet C2 server (confidence level: 100%)
file94.232.249.166
AdaptixC2 botnet C2 server (confidence level: 100%)
file105.108.32.34
QakBot botnet C2 server (confidence level: 75%)
file66.63.187.187
Eye Pyramid botnet C2 server (confidence level: 75%)
file83.166.242.24
Eye Pyramid botnet C2 server (confidence level: 75%)
file144.172.117.158
Aurotun Stealer botnet C2 server (confidence level: 100%)
file173.249.29.108
AsyncRAT botnet C2 server (confidence level: 100%)
file64.225.77.186
Meterpreter botnet C2 server (confidence level: 75%)

Hash

ValueDescriptionCopy
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash7070
AsyncRAT botnet C2 server (confidence level: 100%)
hash2000
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash5000
DCRat botnet C2 server (confidence level: 100%)
hash8001
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash47486
Chaos botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash4433
AdaptixC2 botnet C2 server (confidence level: 100%)
hash8080
BianLian botnet C2 server (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash6443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8066
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash8080
DCRat botnet C2 server (confidence level: 100%)
hash443
Lumma Stealer botnet C2 server (confidence level: 100%)
hash80
Lumma Stealer botnet C2 server (confidence level: 100%)
hash443
Lumma Stealer botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash4444
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash49152
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2956
Remcos botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Latrodectus botnet C2 server (confidence level: 90%)
hash8888
ValleyRAT botnet C2 server (confidence level: 100%)
hash443
FAKEUPDATES botnet C2 server (confidence level: 100%)
hash10251
Remcos botnet C2 server (confidence level: 75%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash801
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8086
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8909
Remcos botnet C2 server (confidence level: 75%)
hash8770
Unknown RAT botnet C2 server (confidence level: 75%)
hash54872
Remcos botnet C2 server (confidence level: 75%)
hash2404
Remcos botnet C2 server (confidence level: 75%)
hash3001
Remcos botnet C2 server (confidence level: 75%)
hash51029
Remcos botnet C2 server (confidence level: 75%)
hash64070
Remcos botnet C2 server (confidence level: 100%)
hash8848
AsyncRAT botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8000
Ghost RAT botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash3000
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash3000
Unknown malware botnet C2 server (confidence level: 100%)
hash4443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash9000
AsyncRAT botnet C2 server (confidence level: 75%)
hash8080
DCRat botnet C2 server (confidence level: 100%)
hash80
Brute Ratel C4 botnet C2 server (confidence level: 100%)
hash2025
Remcos botnet C2 server (confidence level: 75%)
hash8041
Unknown RAT botnet C2 server (confidence level: 75%)
hash443
Sliver botnet C2 server (confidence level: 75%)
hash995
QakBot botnet C2 server (confidence level: 75%)
hash8035
DeimosC2 botnet C2 server (confidence level: 75%)
hash2078
QakBot botnet C2 server (confidence level: 75%)
hash8983
DeimosC2 botnet C2 server (confidence level: 75%)
hash7044
Houdini botnet C2 server (confidence level: 75%)
hash48332
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Unknown Loader botnet C2 server (confidence level: 75%)
hash446
ValleyRAT botnet C2 server (confidence level: 100%)
hash8443
Meterpreter botnet C2 server (confidence level: 75%)
hash50000
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash15747
SectopRAT botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash1717
Quasar RAT botnet C2 server (confidence level: 100%)
hash34144
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8088
Cobalt Strike botnet C2 server (confidence level: 75%)
hash7000
XWorm botnet C2 server (confidence level: 75%)
hash80
Lumma Stealer botnet C2 server (confidence level: 100%)
hash7050
Houdini botnet C2 server (confidence level: 75%)
hash6704
Houdini botnet C2 server (confidence level: 75%)
hash20341
Unknown RAT botnet C2 server (confidence level: 75%)
hash17831
NjRAT botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash3306
Sliver botnet C2 server (confidence level: 100%)
hash8000
Sliver botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash9000
DCRat botnet C2 server (confidence level: 100%)
hash993
BianLian botnet C2 server (confidence level: 100%)
hash6000
XWorm botnet C2 server (confidence level: 75%)
hash8041
Unknown RAT botnet C2 server (confidence level: 75%)
hash16951
NjRAT botnet C2 server (confidence level: 75%)
hash62194
Nanocore RAT botnet C2 server (confidence level: 75%)
hash5552
NjRAT botnet C2 server (confidence level: 75%)
hash948571781f0a6edfd6d9357441fbfbb8
Crimson RAT payload (confidence level: 100%)
hash33ac03a2a13d5870261233349fc9aef0
Crimson RAT payload (confidence level: 100%)
hash6c3dcb8f513f46eabed0d1564c065ec6
Crimson RAT payload (confidence level: 100%)
hash1337
AsyncRAT botnet C2 server (confidence level: 100%)
hash8880
ValleyRAT botnet C2 server (confidence level: 100%)
hash4449
AsyncRAT botnet C2 server (confidence level: 100%)
hash8888
AsyncRAT botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash6000
Ghost RAT botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8022
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Ghost RAT botnet C2 server (confidence level: 100%)
hash80
Ghost RAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash101
Venom RAT botnet C2 server (confidence level: 100%)
hash1443
AdaptixC2 botnet C2 server (confidence level: 100%)
hash22
QakBot botnet C2 server (confidence level: 75%)
hash443
Eye Pyramid botnet C2 server (confidence level: 75%)
hash443
Eye Pyramid botnet C2 server (confidence level: 75%)
hash7712
Aurotun Stealer botnet C2 server (confidence level: 100%)
hash4212
AsyncRAT botnet C2 server (confidence level: 100%)
hash8001
Meterpreter botnet C2 server (confidence level: 75%)

Threat ID: 685356d833c7acc04607f195

Added to database: 6/19/2025, 12:16:24 AM

Last enriched: 6/19/2025, 12:31:37 AM

Last updated: 8/13/2025, 3:57:44 PM

Views: 22

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats