ThreatFox IOCs for 2025-06-20
ThreatFox IOCs for 2025-06-20
AI Analysis
Technical Summary
The provided threat intelligence concerns a malware-related entry titled "ThreatFox IOCs for 2025-06-20," sourced from the ThreatFox MISP Feed. The threat is categorized primarily under OSINT (Open Source Intelligence), payload delivery, and network activity, indicating that it involves the distribution or delivery of malicious payloads potentially detected or tracked via OSINT methods. The absence of specific affected product versions or detailed technical indicators suggests that this is a generalized or emerging threat profile rather than a targeted vulnerability in a particular software product. The threat level is rated as 2 on an unspecified scale, with analysis and distribution scores indicating moderate analysis confidence and distribution reach. No known exploits are currently active in the wild, and no patches are available, implying that this threat may be in an early stage of identification or is related to malware that does not exploit software vulnerabilities but rather relies on other infection vectors such as social engineering or network-based delivery. The lack of CWEs (Common Weakness Enumerations) further supports that this is not a vulnerability-based threat but rather a malware campaign or payload delivery mechanism. The technical details and tags emphasize OSINT relevance, suggesting that the threat intelligence is derived from open-source data collection and that the threat may be used for reconnaissance or initial access in cyber operations. Indicators of compromise (IOCs) are not provided, limiting the ability to perform direct detection or correlation with existing security events. Overall, this threat represents a medium-severity malware campaign focused on payload delivery and network activity, with moderate distribution potential but currently no active exploitation or patches available.
Potential Impact
For European organizations, the impact of this malware threat could manifest primarily through network-based payload delivery mechanisms, potentially leading to unauthorized access, data exfiltration, or disruption of services. Since the threat is categorized under OSINT and network activity, attackers may leverage publicly available information to tailor attacks, increasing the likelihood of successful social engineering or spear-phishing campaigns. The absence of known exploits suggests that the malware may rely on user interaction or network vulnerabilities not yet publicly disclosed. European entities with significant digital infrastructure, especially those involved in critical sectors such as finance, energy, and government, could face risks of operational disruption or data breaches. The medium severity rating indicates that while the threat is not currently critical, it warrants attention due to its potential to evolve or be combined with other attack vectors. The lack of patches means organizations cannot rely on traditional vulnerability management and must focus on detection and prevention strategies. Additionally, the OSINT nature of the threat implies that attackers may gather intelligence on European targets to enhance attack precision, increasing the risk of targeted campaigns. The impact on confidentiality, integrity, and availability depends on the payload delivered, which is unspecified, but the network activity tag suggests possible lateral movement or command and control communications that could compromise internal networks.
Mitigation Recommendations
Given the absence of specific patches or known exploits, European organizations should adopt a multi-layered defense strategy focusing on detection, prevention, and response. Practical measures include: 1) Enhancing network monitoring to detect unusual payload delivery or network activity patterns, leveraging advanced threat detection tools capable of analyzing traffic for anomalies and known malware signatures. 2) Implementing strict email and web filtering policies to reduce the risk of malware delivery via phishing or drive-by downloads, including sandboxing of suspicious attachments and URLs. 3) Conducting regular OSINT monitoring to identify emerging indicators related to this threat and updating detection rules accordingly. 4) Strengthening endpoint protection with behavior-based detection to identify malicious payload execution even in the absence of known signatures. 5) Enforcing user awareness training focused on recognizing social engineering tactics that may be used to deliver the payload. 6) Segmenting networks to limit lateral movement in case of infection and ensuring robust incident response plans are in place to quickly contain and remediate infections. 7) Collaborating with threat intelligence sharing platforms to receive timely updates and IOCs as they become available. These steps go beyond generic advice by emphasizing OSINT-driven monitoring and behavior-based detection tailored to the nature of this threat.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- domain: analytticasnoden.com
- domain: security.fweragyrads.com
- domain: foepsa.com
- url: https://foepsa.com/shield.msi
- file: 8.137.98.198
- hash: 80
- file: 45.141.233.66
- hash: 443
- file: 45.141.233.66
- hash: 2087
- file: 74.119.193.204
- hash: 80
- file: 78.187.29.22
- hash: 81
- file: 147.135.215.25
- hash: 2407
- file: 62.60.226.198
- hash: 40102
- file: 118.195.137.135
- hash: 8888
- file: 196.251.71.166
- hash: 8808
- file: 18.183.72.243
- hash: 7707
- file: 45.137.99.106
- hash: 7443
- file: 102.117.170.175
- hash: 7443
- file: 212.83.148.39
- hash: 443
- file: 80.64.19.55
- hash: 45051
- file: 159.65.129.249
- hash: 443
- file: 52.195.215.6
- hash: 623
- file: 95.217.15.168
- hash: 3333
- file: 217.28.130.34
- hash: 10443
- file: 86.106.85.206
- hash: 43211
- domain: v361422.hosted-by-vdsina.com
- file: 45.141.233.67
- hash: 443
- domain: c.testcs888.com
- domain: c2.moustartline.com
- file: 8.155.0.238
- hash: 80
- file: 81.68.225.205
- hash: 8443
- file: 47.103.139.72
- hash: 8443
- file: 3.27.66.78
- hash: 8001
- file: 45.141.233.66
- hash: 8443
- file: 8.138.6.165
- hash: 8888
- file: 93.115.35.146
- hash: 4000
- file: 134.199.200.232
- hash: 23500
- file: 128.90.113.223
- hash: 4000
- file: 128.90.113.223
- hash: 8808
- file: 83.244.71.247
- hash: 2003
- domain: update.applefilesync.com
- domain: mathiasputzola.com
- file: 159.65.129.249
- hash: 8080
- file: 37.72.168.146
- hash: 11443
- file: 113.45.192.130
- hash: 60000
- file: 154.219.119.203
- hash: 60000
- file: 103.24.179.173
- hash: 13333
- file: 13.48.133.87
- hash: 3333
- file: 18.102.201.140
- hash: 443
- file: 170.64.178.235
- hash: 3333
- file: 43.160.199.15
- hash: 3333
- file: 68.64.177.44
- hash: 9999
- file: 13.134.56.244
- hash: 443
- file: 34.58.230.180
- hash: 10443
- file: 34.9.31.28
- hash: 443
- file: 44.219.215.74
- hash: 443
- file: 3.108.166.233
- hash: 443
- file: 103.97.200.154
- hash: 8080
- file: 18.158.172.218
- hash: 443
- file: 18.158.172.218
- hash: 80
- file: 13.126.56.49
- hash: 443
- file: 13.126.56.49
- hash: 80
- file: 56.228.20.17
- hash: 443
- file: 45.79.187.21
- hash: 3333
- file: 209.74.83.166
- hash: 443
- file: 101.42.100.236
- hash: 4443
- file: 45.141.233.218
- hash: 443
- file: 59.110.92.49
- hash: 5555
- file: 114.132.185.236
- hash: 9090
- file: 82.156.156.160
- hash: 443
- file: 8.155.27.175
- hash: 80
- file: 162.246.185.77
- hash: 4688
- file: 192.140.188.178
- hash: 80
- file: 175.27.244.187
- hash: 443
- file: 144.172.107.131
- hash: 31337
- file: 172.86.124.75
- hash: 31337
- file: 80.78.24.124
- hash: 7443
- file: 196.251.88.110
- hash: 1337
- file: 196.251.83.117
- hash: 54984
- file: 13.245.196.7
- hash: 3310
- file: 91.214.78.134
- hash: 443
- file: 45.88.109.34
- hash: 123
- url: http://45.141.233.187/38a5d6b24dac26be.php
- url: https://pastebin.com/raw/0vnvsaur
- url: https://pastebin.com/raw/fxnwdeqa
- domain: tax-warrior.gl.at.ply.gg
- file: 147.185.221.25
- hash: 34654
- file: 138.68.79.95
- hash: 36781
- domain: us.worldisendmail.ml
- url: https://onedrive.live.com/download?cid=0b476d68a3403083&resid=b476d68a3403083%21227&authkey=abk0a0lwlokyhoy
- domain: yn.eoow.cn
- file: 154.127.60.213
- hash: 50501
- domain: reason-tribal.gl.at.ply.gg
- domain: we-referring.gl.at.ply.gg
- url: http://404830cm.nyashvibe.ru/external_secureprocessprocessordle.php
- file: 123.163.223.184
- hash: 40000
- file: 35.209.240.186
- hash: 443
- file: 38.147.173.35
- hash: 443
- file: 18.183.72.243
- hash: 6606
- file: 194.26.192.145
- hash: 4782
- file: 3.137.218.60
- hash: 3299
- file: 62.113.59.107
- hash: 4444
- file: 94.141.123.182
- hash: 29300
- file: 2.50.53.131
- hash: 443
- file: 86.106.85.43
- hash: 8888
- file: 91.186.208.93
- hash: 2083
- domain: 8vz75cfcfmey5.cfc-execute.bj.baidubce.com
- domain: cf.1v5sd1c2ds.com
- domain: cf.testcs888.com
- file: 45.146.130.129
- hash: 80
- file: 194.59.31.30
- hash: 1618
- file: 69.21.119.169
- hash: 443
- file: 1.94.62.205
- hash: 8090
- file: 43.163.84.111
- hash: 80
- file: 113.44.139.80
- hash: 443
- file: 45.141.233.66
- hash: 2096
- file: 185.153.182.193
- hash: 443
- file: 150.158.9.124
- hash: 80
- file: 89.34.219.179
- hash: 80
- file: 51.96.104.251
- hash: 443
- file: 196.251.72.3
- hash: 4000
- file: 37.114.41.75
- hash: 8080
- file: 45.88.9.205
- hash: 444
- file: 79.141.160.131
- hash: 8787
- file: 85.203.4.126
- hash: 7000
- file: 103.195.190.49
- hash: 7771
- file: 107.150.0.86
- hash: 3698
- file: 181.214.48.110
- hash: 300
- file: 185.117.3.224
- hash: 2235
- file: 192.159.99.144
- hash: 7000
- domain: www.googleapi.top
- domain: api.micosoftr.icu
- url: https://api.micosoftr.icu/djiowejdf
- url: https://www.googleapi.top/jquery-3.3.1.min.js
- file: 43.163.107.212
- hash: 443
- domain: d.tstcs888.com
- domain: gitlab.sbs
- domain: r-cdn.icu
- domain: api.googleapi.top
- domain: api.r-cdn.icu
- domain: down.gitlab.sbs
- file: 43.163.107.212
- hash: 8443
- domain: app.symphoniabags.com
- url: https://app.symphoniabags.com/ajaxaction
- file: 194.213.18.10
- hash: 443
- url: https://0.0.mastermaths.com.sg/
- url: https://49.13.32.53/
- domain: 0.0.mastermaths.com.sg
- file: 49.13.32.53
- hash: 443
- file: 91.99.157.75
- hash: 443
- file: 213.209.150.162
- hash: 443
- file: 154.194.35.243
- hash: 8636
- file: 64.176.68.149
- hash: 8888
- file: 103.237.92.182
- hash: 443
- file: 196.251.70.71
- hash: 7000
- file: 102.117.161.232
- hash: 7443
- file: 102.182.124.151
- hash: 8078
- file: 201.92.135.205
- hash: 8081
- file: 34.227.114.2
- hash: 427
- file: 115.187.41.77
- hash: 7443
- file: 185.62.58.125
- hash: 80
- domain: district-graphical.gl.at.ply.gg
- file: 45.141.233.114
- hash: 2005
- domain: lespencer.duckdns.org
- domain: junie15.duckdns.org
- domain: 2tuff-33336.portmap.io
- file: 68.183.98.89
- hash: 4449
- file: 68.183.98.89
- hash: 7769
- file: 68.183.98.89
- hash: 3316
- file: 213.209.150.163
- hash: 443
- file: 101.37.68.76
- hash: 9090
- file: 43.139.104.79
- hash: 80
- file: 142.54.190.74
- hash: 80
- file: 67.21.33.183
- hash: 2700
- file: 3.238.37.57
- hash: 443
- file: 196.251.83.225
- hash: 7777
- file: 158.158.0.196
- hash: 443
- file: 159.69.152.161
- hash: 443
- file: 18.230.76.228
- hash: 250
- file: 103.215.78.152
- hash: 6666
- file: 103.215.78.152
- hash: 8888
- file: 173.242.123.219
- hash: 443
- file: 8.213.236.2
- hash: 4441
- file: 8.213.236.2
- hash: 4448
- file: 8.213.236.2
- hash: 4449
- file: 217.39.53.239
- hash: 8080
- domain: www.ddddddddguashjdka.top
- file: 52.223.43.230
- hash: 6443
- file: 70.31.125.34
- hash: 2222
- file: 76.66.169.248
- hash: 2222
- domain: apps.soft-storelive.com
- domain: jk002.cc
- domain: log.nongfushan.org
- domain: ns1.asdxxcg.top
- domain: ns1.asianinvasion.net
- domain: ns3.jk001.cc
- domain: ns4.jk001.cc
- domain: office.soft-storelive.com
- file: 113.45.238.149
- hash: 53
- file: 120.27.235.78
- hash: 53
- file: 34.250.243.136
- hash: 53
- file: 43.100.59.154
- hash: 53
- file: 47.239.127.205
- hash: 53
- file: 8.209.116.25
- hash: 53
ThreatFox IOCs for 2025-06-20
Description
ThreatFox IOCs for 2025-06-20
AI-Powered Analysis
Technical Analysis
The provided threat intelligence concerns a malware-related entry titled "ThreatFox IOCs for 2025-06-20," sourced from the ThreatFox MISP Feed. The threat is categorized primarily under OSINT (Open Source Intelligence), payload delivery, and network activity, indicating that it involves the distribution or delivery of malicious payloads potentially detected or tracked via OSINT methods. The absence of specific affected product versions or detailed technical indicators suggests that this is a generalized or emerging threat profile rather than a targeted vulnerability in a particular software product. The threat level is rated as 2 on an unspecified scale, with analysis and distribution scores indicating moderate analysis confidence and distribution reach. No known exploits are currently active in the wild, and no patches are available, implying that this threat may be in an early stage of identification or is related to malware that does not exploit software vulnerabilities but rather relies on other infection vectors such as social engineering or network-based delivery. The lack of CWEs (Common Weakness Enumerations) further supports that this is not a vulnerability-based threat but rather a malware campaign or payload delivery mechanism. The technical details and tags emphasize OSINT relevance, suggesting that the threat intelligence is derived from open-source data collection and that the threat may be used for reconnaissance or initial access in cyber operations. Indicators of compromise (IOCs) are not provided, limiting the ability to perform direct detection or correlation with existing security events. Overall, this threat represents a medium-severity malware campaign focused on payload delivery and network activity, with moderate distribution potential but currently no active exploitation or patches available.
Potential Impact
For European organizations, the impact of this malware threat could manifest primarily through network-based payload delivery mechanisms, potentially leading to unauthorized access, data exfiltration, or disruption of services. Since the threat is categorized under OSINT and network activity, attackers may leverage publicly available information to tailor attacks, increasing the likelihood of successful social engineering or spear-phishing campaigns. The absence of known exploits suggests that the malware may rely on user interaction or network vulnerabilities not yet publicly disclosed. European entities with significant digital infrastructure, especially those involved in critical sectors such as finance, energy, and government, could face risks of operational disruption or data breaches. The medium severity rating indicates that while the threat is not currently critical, it warrants attention due to its potential to evolve or be combined with other attack vectors. The lack of patches means organizations cannot rely on traditional vulnerability management and must focus on detection and prevention strategies. Additionally, the OSINT nature of the threat implies that attackers may gather intelligence on European targets to enhance attack precision, increasing the risk of targeted campaigns. The impact on confidentiality, integrity, and availability depends on the payload delivered, which is unspecified, but the network activity tag suggests possible lateral movement or command and control communications that could compromise internal networks.
Mitigation Recommendations
Given the absence of specific patches or known exploits, European organizations should adopt a multi-layered defense strategy focusing on detection, prevention, and response. Practical measures include: 1) Enhancing network monitoring to detect unusual payload delivery or network activity patterns, leveraging advanced threat detection tools capable of analyzing traffic for anomalies and known malware signatures. 2) Implementing strict email and web filtering policies to reduce the risk of malware delivery via phishing or drive-by downloads, including sandboxing of suspicious attachments and URLs. 3) Conducting regular OSINT monitoring to identify emerging indicators related to this threat and updating detection rules accordingly. 4) Strengthening endpoint protection with behavior-based detection to identify malicious payload execution even in the absence of known signatures. 5) Enforcing user awareness training focused on recognizing social engineering tactics that may be used to deliver the payload. 6) Segmenting networks to limit lateral movement in case of infection and ensuring robust incident response plans are in place to quickly contain and remediate infections. 7) Collaborating with threat intelligence sharing platforms to receive timely updates and IOCs as they become available. These steps go beyond generic advice by emphasizing OSINT-driven monitoring and behavior-based detection tailored to the nature of this threat.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- c896ab39-b901-4bec-bae7-b5ce92ee2ed3
- Original Timestamp
- 1750464186
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainanalytticasnoden.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainsecurity.fweragyrads.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainfoepsa.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainv361422.hosted-by-vdsina.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainc.testcs888.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainc2.moustartline.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainupdate.applefilesync.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainmathiasputzola.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaintax-warrior.gl.at.ply.gg | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainus.worldisendmail.ml | Cobalt Strike botnet C2 domain (confidence level: 50%) | |
domainyn.eoow.cn | Mirai botnet C2 domain (confidence level: 50%) | |
domainreason-tribal.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainwe-referring.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domain8vz75cfcfmey5.cfc-execute.bj.baidubce.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaincf.1v5sd1c2ds.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaincf.testcs888.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainwww.googleapi.top | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainapi.micosoftr.icu | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaind.tstcs888.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaingitlab.sbs | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainr-cdn.icu | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainapi.googleapi.top | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainapi.r-cdn.icu | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaindown.gitlab.sbs | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainapp.symphoniabags.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domain0.0.mastermaths.com.sg | Vidar botnet C2 domain (confidence level: 100%) | |
domaindistrict-graphical.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainlespencer.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domainjunie15.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domain2tuff-33336.portmap.io | XWorm botnet C2 domain (confidence level: 100%) | |
domainwww.ddddddddguashjdka.top | ValleyRAT botnet C2 domain (confidence level: 100%) | |
domainapps.soft-storelive.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainjk002.cc | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainlog.nongfushan.org | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns1.asdxxcg.top | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns1.asianinvasion.net | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns3.jk001.cc | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns4.jk001.cc | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainoffice.soft-storelive.com | Cobalt Strike botnet C2 domain (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://foepsa.com/shield.msi | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://45.141.233.187/38a5d6b24dac26be.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/raw/0vnvsaur | AsyncRAT botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/raw/fxnwdeqa | AsyncRAT botnet C2 (confidence level: 50%) | |
urlhttps://onedrive.live.com/download?cid=0b476d68a3403083&resid=b476d68a3403083%21227&authkey=abk0a0lwlokyhoy | Unknown Loader payload delivery URL (confidence level: 50%) | |
urlhttp://404830cm.nyashvibe.ru/external_secureprocessprocessordle.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://api.micosoftr.icu/djiowejdf | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://www.googleapi.top/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://app.symphoniabags.com/ajaxaction | FAKEUPDATES botnet C2 (confidence level: 100%) | |
urlhttps://0.0.mastermaths.com.sg/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://49.13.32.53/ | Vidar botnet C2 (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file8.137.98.198 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.141.233.66 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.141.233.66 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file74.119.193.204 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file78.187.29.22 | DarkComet botnet C2 server (confidence level: 100%) | |
file147.135.215.25 | Remcos botnet C2 server (confidence level: 100%) | |
file62.60.226.198 | Remcos botnet C2 server (confidence level: 100%) | |
file118.195.137.135 | Unknown malware botnet C2 server (confidence level: 100%) | |
file196.251.71.166 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file18.183.72.243 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.137.99.106 | Unknown malware botnet C2 server (confidence level: 100%) | |
file102.117.170.175 | Unknown malware botnet C2 server (confidence level: 100%) | |
file212.83.148.39 | Unknown malware botnet C2 server (confidence level: 100%) | |
file80.64.19.55 | Hook botnet C2 server (confidence level: 100%) | |
file159.65.129.249 | Havoc botnet C2 server (confidence level: 100%) | |
file52.195.215.6 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file95.217.15.168 | Unknown malware botnet C2 server (confidence level: 100%) | |
file217.28.130.34 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file86.106.85.206 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file45.141.233.67 | Latrodectus botnet C2 server (confidence level: 90%) | |
file8.155.0.238 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file81.68.225.205 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file47.103.139.72 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file3.27.66.78 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.141.233.66 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.138.6.165 | Unknown malware botnet C2 server (confidence level: 100%) | |
file93.115.35.146 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file134.199.200.232 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.113.223 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.113.223 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file83.244.71.247 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file159.65.129.249 | Havoc botnet C2 server (confidence level: 100%) | |
file37.72.168.146 | Havoc botnet C2 server (confidence level: 100%) | |
file113.45.192.130 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.219.119.203 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.24.179.173 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.48.133.87 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.102.201.140 | Unknown malware botnet C2 server (confidence level: 100%) | |
file170.64.178.235 | Unknown malware botnet C2 server (confidence level: 100%) | |
file43.160.199.15 | Unknown malware botnet C2 server (confidence level: 100%) | |
file68.64.177.44 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.134.56.244 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.58.230.180 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.9.31.28 | Unknown malware botnet C2 server (confidence level: 100%) | |
file44.219.215.74 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.108.166.233 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.97.200.154 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.158.172.218 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.158.172.218 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.126.56.49 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.126.56.49 | Unknown malware botnet C2 server (confidence level: 100%) | |
file56.228.20.17 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.79.187.21 | Unknown malware botnet C2 server (confidence level: 100%) | |
file209.74.83.166 | Unknown malware botnet C2 server (confidence level: 100%) | |
file101.42.100.236 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file45.141.233.218 | Latrodectus botnet C2 server (confidence level: 90%) | |
file59.110.92.49 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file114.132.185.236 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file82.156.156.160 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.155.27.175 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file162.246.185.77 | Remcos botnet C2 server (confidence level: 100%) | |
file192.140.188.178 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file175.27.244.187 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file144.172.107.131 | Sliver botnet C2 server (confidence level: 50%) | |
file172.86.124.75 | Sliver botnet C2 server (confidence level: 50%) | |
file80.78.24.124 | Unknown malware botnet C2 server (confidence level: 50%) | |
file196.251.88.110 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file196.251.83.117 | Nanocore RAT botnet C2 server (confidence level: 50%) | |
file13.245.196.7 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file91.214.78.134 | Havoc botnet C2 server (confidence level: 50%) | |
file45.88.109.34 | AdaptixC2 botnet C2 server (confidence level: 50%) | |
file147.185.221.25 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file138.68.79.95 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file154.127.60.213 | Orcus RAT botnet C2 server (confidence level: 50%) | |
file123.163.223.184 | Sliver botnet C2 server (confidence level: 100%) | |
file35.209.240.186 | Sliver botnet C2 server (confidence level: 100%) | |
file38.147.173.35 | Sliver botnet C2 server (confidence level: 100%) | |
file18.183.72.243 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file194.26.192.145 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file3.137.218.60 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file62.113.59.107 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file94.141.123.182 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file2.50.53.131 | QakBot botnet C2 server (confidence level: 75%) | |
file86.106.85.43 | Sliver botnet C2 server (confidence level: 75%) | |
file91.186.208.93 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file45.146.130.129 | Unknown Stealer botnet C2 server (confidence level: 75%) | |
file194.59.31.30 | Remcos botnet C2 server (confidence level: 100%) | |
file69.21.119.169 | Meterpreter botnet C2 server (confidence level: 75%) | |
file1.94.62.205 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.163.84.111 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file113.44.139.80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.141.233.66 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.153.182.193 | Remcos botnet C2 server (confidence level: 100%) | |
file150.158.9.124 | Sliver botnet C2 server (confidence level: 100%) | |
file89.34.219.179 | Hook botnet C2 server (confidence level: 100%) | |
file51.96.104.251 | Havoc botnet C2 server (confidence level: 100%) | |
file196.251.72.3 | Unknown malware botnet C2 server (confidence level: 100%) | |
file37.114.41.75 | XWorm botnet C2 server (confidence level: 75%) | |
file45.88.9.205 | XWorm botnet C2 server (confidence level: 75%) | |
file79.141.160.131 | XWorm botnet C2 server (confidence level: 75%) | |
file85.203.4.126 | XWorm botnet C2 server (confidence level: 75%) | |
file103.195.190.49 | XWorm botnet C2 server (confidence level: 75%) | |
file107.150.0.86 | XWorm botnet C2 server (confidence level: 75%) | |
file181.214.48.110 | XWorm botnet C2 server (confidence level: 75%) | |
file185.117.3.224 | XWorm botnet C2 server (confidence level: 75%) | |
file192.159.99.144 | XWorm botnet C2 server (confidence level: 75%) | |
file43.163.107.212 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file43.163.107.212 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file194.213.18.10 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
file49.13.32.53 | Vidar botnet C2 server (confidence level: 100%) | |
file91.99.157.75 | Vidar botnet C2 server (confidence level: 100%) | |
file213.209.150.162 | Latrodectus botnet C2 server (confidence level: 90%) | |
file154.194.35.243 | DarkComet botnet C2 server (confidence level: 100%) | |
file64.176.68.149 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.237.92.182 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.70.71 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file102.117.161.232 | Unknown malware botnet C2 server (confidence level: 100%) | |
file102.182.124.151 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file201.92.135.205 | Havoc botnet C2 server (confidence level: 100%) | |
file34.227.114.2 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file115.187.41.77 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.62.58.125 | MimiKatz botnet C2 server (confidence level: 100%) | |
file45.141.233.114 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file68.183.98.89 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file68.183.98.89 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file68.183.98.89 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file213.209.150.163 | Latrodectus botnet C2 server (confidence level: 90%) | |
file101.37.68.76 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.139.104.79 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file142.54.190.74 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file67.21.33.183 | Remcos botnet C2 server (confidence level: 100%) | |
file3.238.37.57 | Sliver botnet C2 server (confidence level: 100%) | |
file196.251.83.225 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file158.158.0.196 | Unknown malware botnet C2 server (confidence level: 100%) | |
file159.69.152.161 | Havoc botnet C2 server (confidence level: 100%) | |
file18.230.76.228 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file103.215.78.152 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file103.215.78.152 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file173.242.123.219 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file8.213.236.2 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file8.213.236.2 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file8.213.236.2 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file217.39.53.239 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file52.223.43.230 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file70.31.125.34 | QakBot botnet C2 server (confidence level: 75%) | |
file76.66.169.248 | QakBot botnet C2 server (confidence level: 75%) | |
file113.45.238.149 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file120.27.235.78 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file34.250.243.136 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file43.100.59.154 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file47.239.127.205 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file8.209.116.25 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2087 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | DarkComet botnet C2 server (confidence level: 100%) | |
hash2407 | Remcos botnet C2 server (confidence level: 100%) | |
hash40102 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash45051 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash623 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10443 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash43211 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 90%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash23500 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2003 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8080 | Havoc botnet C2 server (confidence level: 100%) | |
hash11443 | Havoc botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash13333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9999 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4443 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 90%) | |
hash5555 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9090 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4688 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash1337 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash54984 | Nanocore RAT botnet C2 server (confidence level: 50%) | |
hash3310 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash123 | AdaptixC2 botnet C2 server (confidence level: 50%) | |
hash34654 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash36781 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash50501 | Orcus RAT botnet C2 server (confidence level: 50%) | |
hash40000 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash3299 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash4444 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash29300 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash2083 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash80 | Unknown Stealer botnet C2 server (confidence level: 75%) | |
hash1618 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash8090 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2096 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | Sliver botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash4000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | XWorm botnet C2 server (confidence level: 75%) | |
hash444 | XWorm botnet C2 server (confidence level: 75%) | |
hash8787 | XWorm botnet C2 server (confidence level: 75%) | |
hash7000 | XWorm botnet C2 server (confidence level: 75%) | |
hash7771 | XWorm botnet C2 server (confidence level: 75%) | |
hash3698 | XWorm botnet C2 server (confidence level: 75%) | |
hash300 | XWorm botnet C2 server (confidence level: 75%) | |
hash2235 | XWorm botnet C2 server (confidence level: 75%) | |
hash7000 | XWorm botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 90%) | |
hash8636 | DarkComet botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8078 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8081 | Havoc botnet C2 server (confidence level: 100%) | |
hash427 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash2005 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7769 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash3316 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 90%) | |
hash9090 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2700 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash7777 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash250 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8888 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash4441 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash4448 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash4449 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8080 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash6443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash2222 | QakBot botnet C2 server (confidence level: 75%) | |
hash2222 | QakBot botnet C2 server (confidence level: 75%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Threat ID: 68568e31aded773421b54db4
Added to database: 6/21/2025, 10:49:21 AM
Last enriched: 6/21/2025, 10:50:26 AM
Last updated: 8/17/2025, 8:40:41 PM
Views: 23
Related Threats
ThreatFox IOCs for 2025-08-18
MediumFake ChatGPT Desktop App Delivering PipeMagic Backdoor, Microsoft
MediumPhishing Scam with Fake Copyright Notices Drops New Noodlophile Stealer Variant
MediumThreatFox IOCs for 2025-08-17
MediumThreatFox IOCs for 2025-08-16
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.