Skip to main content

ThreatFox IOCs for 2025-06-20

Medium
Published: Fri Jun 20 2025 (06/20/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-06-20

AI-Powered Analysis

AILast updated: 06/21/2025, 10:50:26 UTC

Technical Analysis

The provided threat intelligence concerns a malware-related entry titled "ThreatFox IOCs for 2025-06-20," sourced from the ThreatFox MISP Feed. The threat is categorized primarily under OSINT (Open Source Intelligence), payload delivery, and network activity, indicating that it involves the distribution or delivery of malicious payloads potentially detected or tracked via OSINT methods. The absence of specific affected product versions or detailed technical indicators suggests that this is a generalized or emerging threat profile rather than a targeted vulnerability in a particular software product. The threat level is rated as 2 on an unspecified scale, with analysis and distribution scores indicating moderate analysis confidence and distribution reach. No known exploits are currently active in the wild, and no patches are available, implying that this threat may be in an early stage of identification or is related to malware that does not exploit software vulnerabilities but rather relies on other infection vectors such as social engineering or network-based delivery. The lack of CWEs (Common Weakness Enumerations) further supports that this is not a vulnerability-based threat but rather a malware campaign or payload delivery mechanism. The technical details and tags emphasize OSINT relevance, suggesting that the threat intelligence is derived from open-source data collection and that the threat may be used for reconnaissance or initial access in cyber operations. Indicators of compromise (IOCs) are not provided, limiting the ability to perform direct detection or correlation with existing security events. Overall, this threat represents a medium-severity malware campaign focused on payload delivery and network activity, with moderate distribution potential but currently no active exploitation or patches available.

Potential Impact

For European organizations, the impact of this malware threat could manifest primarily through network-based payload delivery mechanisms, potentially leading to unauthorized access, data exfiltration, or disruption of services. Since the threat is categorized under OSINT and network activity, attackers may leverage publicly available information to tailor attacks, increasing the likelihood of successful social engineering or spear-phishing campaigns. The absence of known exploits suggests that the malware may rely on user interaction or network vulnerabilities not yet publicly disclosed. European entities with significant digital infrastructure, especially those involved in critical sectors such as finance, energy, and government, could face risks of operational disruption or data breaches. The medium severity rating indicates that while the threat is not currently critical, it warrants attention due to its potential to evolve or be combined with other attack vectors. The lack of patches means organizations cannot rely on traditional vulnerability management and must focus on detection and prevention strategies. Additionally, the OSINT nature of the threat implies that attackers may gather intelligence on European targets to enhance attack precision, increasing the risk of targeted campaigns. The impact on confidentiality, integrity, and availability depends on the payload delivered, which is unspecified, but the network activity tag suggests possible lateral movement or command and control communications that could compromise internal networks.

Mitigation Recommendations

Given the absence of specific patches or known exploits, European organizations should adopt a multi-layered defense strategy focusing on detection, prevention, and response. Practical measures include: 1) Enhancing network monitoring to detect unusual payload delivery or network activity patterns, leveraging advanced threat detection tools capable of analyzing traffic for anomalies and known malware signatures. 2) Implementing strict email and web filtering policies to reduce the risk of malware delivery via phishing or drive-by downloads, including sandboxing of suspicious attachments and URLs. 3) Conducting regular OSINT monitoring to identify emerging indicators related to this threat and updating detection rules accordingly. 4) Strengthening endpoint protection with behavior-based detection to identify malicious payload execution even in the absence of known signatures. 5) Enforcing user awareness training focused on recognizing social engineering tactics that may be used to deliver the payload. 6) Segmenting networks to limit lateral movement in case of infection and ensuring robust incident response plans are in place to quickly contain and remediate infections. 7) Collaborating with threat intelligence sharing platforms to receive timely updates and IOCs as they become available. These steps go beyond generic advice by emphasizing OSINT-driven monitoring and behavior-based detection tailored to the nature of this threat.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
c896ab39-b901-4bec-bae7-b5ce92ee2ed3
Original Timestamp
1750464186

Indicators of Compromise

Domain

ValueDescriptionCopy
domainanalytticasnoden.com
Unknown malware payload delivery domain (confidence level: 100%)
domainsecurity.fweragyrads.com
Unknown malware payload delivery domain (confidence level: 100%)
domainfoepsa.com
Unknown malware payload delivery domain (confidence level: 100%)
domainv361422.hosted-by-vdsina.com
Unknown Stealer botnet C2 domain (confidence level: 100%)
domainc.testcs888.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainc2.moustartline.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainupdate.applefilesync.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainmathiasputzola.com
Unknown malware botnet C2 domain (confidence level: 100%)
domaintax-warrior.gl.at.ply.gg
AsyncRAT botnet C2 domain (confidence level: 50%)
domainus.worldisendmail.ml
Cobalt Strike botnet C2 domain (confidence level: 50%)
domainyn.eoow.cn
Mirai botnet C2 domain (confidence level: 50%)
domainreason-tribal.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domainwe-referring.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domain8vz75cfcfmey5.cfc-execute.bj.baidubce.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincf.1v5sd1c2ds.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincf.testcs888.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainwww.googleapi.top
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainapi.micosoftr.icu
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaind.tstcs888.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaingitlab.sbs
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainr-cdn.icu
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainapi.googleapi.top
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainapi.r-cdn.icu
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaindown.gitlab.sbs
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainapp.symphoniabags.com
FAKEUPDATES botnet C2 domain (confidence level: 100%)
domain0.0.mastermaths.com.sg
Vidar botnet C2 domain (confidence level: 100%)
domaindistrict-graphical.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainlespencer.duckdns.org
XWorm botnet C2 domain (confidence level: 100%)
domainjunie15.duckdns.org
XWorm botnet C2 domain (confidence level: 100%)
domain2tuff-33336.portmap.io
XWorm botnet C2 domain (confidence level: 100%)
domainwww.ddddddddguashjdka.top
ValleyRAT botnet C2 domain (confidence level: 100%)
domainapps.soft-storelive.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainjk002.cc
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainlog.nongfushan.org
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainns1.asdxxcg.top
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainns1.asianinvasion.net
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainns3.jk001.cc
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainns4.jk001.cc
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainoffice.soft-storelive.com
Cobalt Strike botnet C2 domain (confidence level: 75%)

Url

ValueDescriptionCopy
urlhttps://foepsa.com/shield.msi
Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://45.141.233.187/38a5d6b24dac26be.php
Stealc botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/0vnvsaur
AsyncRAT botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/fxnwdeqa
AsyncRAT botnet C2 (confidence level: 50%)
urlhttps://onedrive.live.com/download?cid=0b476d68a3403083&resid=b476d68a3403083%21227&authkey=abk0a0lwlokyhoy
Unknown Loader payload delivery URL (confidence level: 50%)
urlhttp://404830cm.nyashvibe.ru/external_secureprocessprocessordle.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://api.micosoftr.icu/djiowejdf
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.googleapi.top/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://app.symphoniabags.com/ajaxaction
FAKEUPDATES botnet C2 (confidence level: 100%)
urlhttps://0.0.mastermaths.com.sg/
Vidar botnet C2 (confidence level: 100%)
urlhttps://49.13.32.53/
Vidar botnet C2 (confidence level: 100%)

File

ValueDescriptionCopy
file8.137.98.198
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.141.233.66
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.141.233.66
Cobalt Strike botnet C2 server (confidence level: 100%)
file74.119.193.204
Cobalt Strike botnet C2 server (confidence level: 100%)
file78.187.29.22
DarkComet botnet C2 server (confidence level: 100%)
file147.135.215.25
Remcos botnet C2 server (confidence level: 100%)
file62.60.226.198
Remcos botnet C2 server (confidence level: 100%)
file118.195.137.135
Unknown malware botnet C2 server (confidence level: 100%)
file196.251.71.166
AsyncRAT botnet C2 server (confidence level: 100%)
file18.183.72.243
AsyncRAT botnet C2 server (confidence level: 100%)
file45.137.99.106
Unknown malware botnet C2 server (confidence level: 100%)
file102.117.170.175
Unknown malware botnet C2 server (confidence level: 100%)
file212.83.148.39
Unknown malware botnet C2 server (confidence level: 100%)
file80.64.19.55
Hook botnet C2 server (confidence level: 100%)
file159.65.129.249
Havoc botnet C2 server (confidence level: 100%)
file52.195.215.6
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file95.217.15.168
Unknown malware botnet C2 server (confidence level: 100%)
file217.28.130.34
AdaptixC2 botnet C2 server (confidence level: 100%)
file86.106.85.206
AdaptixC2 botnet C2 server (confidence level: 100%)
file45.141.233.67
Latrodectus botnet C2 server (confidence level: 90%)
file8.155.0.238
Cobalt Strike botnet C2 server (confidence level: 75%)
file81.68.225.205
Cobalt Strike botnet C2 server (confidence level: 75%)
file47.103.139.72
Cobalt Strike botnet C2 server (confidence level: 100%)
file3.27.66.78
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.141.233.66
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.138.6.165
Unknown malware botnet C2 server (confidence level: 100%)
file93.115.35.146
AsyncRAT botnet C2 server (confidence level: 100%)
file134.199.200.232
AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.113.223
AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.113.223
AsyncRAT botnet C2 server (confidence level: 100%)
file83.244.71.247
AsyncRAT botnet C2 server (confidence level: 100%)
file159.65.129.249
Havoc botnet C2 server (confidence level: 100%)
file37.72.168.146
Havoc botnet C2 server (confidence level: 100%)
file113.45.192.130
Unknown malware botnet C2 server (confidence level: 100%)
file154.219.119.203
Unknown malware botnet C2 server (confidence level: 100%)
file103.24.179.173
Unknown malware botnet C2 server (confidence level: 100%)
file13.48.133.87
Unknown malware botnet C2 server (confidence level: 100%)
file18.102.201.140
Unknown malware botnet C2 server (confidence level: 100%)
file170.64.178.235
Unknown malware botnet C2 server (confidence level: 100%)
file43.160.199.15
Unknown malware botnet C2 server (confidence level: 100%)
file68.64.177.44
Unknown malware botnet C2 server (confidence level: 100%)
file13.134.56.244
Unknown malware botnet C2 server (confidence level: 100%)
file34.58.230.180
Unknown malware botnet C2 server (confidence level: 100%)
file34.9.31.28
Unknown malware botnet C2 server (confidence level: 100%)
file44.219.215.74
Unknown malware botnet C2 server (confidence level: 100%)
file3.108.166.233
Unknown malware botnet C2 server (confidence level: 100%)
file103.97.200.154
Unknown malware botnet C2 server (confidence level: 100%)
file18.158.172.218
Unknown malware botnet C2 server (confidence level: 100%)
file18.158.172.218
Unknown malware botnet C2 server (confidence level: 100%)
file13.126.56.49
Unknown malware botnet C2 server (confidence level: 100%)
file13.126.56.49
Unknown malware botnet C2 server (confidence level: 100%)
file56.228.20.17
Unknown malware botnet C2 server (confidence level: 100%)
file45.79.187.21
Unknown malware botnet C2 server (confidence level: 100%)
file209.74.83.166
Unknown malware botnet C2 server (confidence level: 100%)
file101.42.100.236
AdaptixC2 botnet C2 server (confidence level: 100%)
file45.141.233.218
Latrodectus botnet C2 server (confidence level: 90%)
file59.110.92.49
Cobalt Strike botnet C2 server (confidence level: 100%)
file114.132.185.236
Cobalt Strike botnet C2 server (confidence level: 100%)
file82.156.156.160
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.155.27.175
Cobalt Strike botnet C2 server (confidence level: 100%)
file162.246.185.77
Remcos botnet C2 server (confidence level: 100%)
file192.140.188.178
Cobalt Strike botnet C2 server (confidence level: 50%)
file175.27.244.187
Cobalt Strike botnet C2 server (confidence level: 50%)
file144.172.107.131
Sliver botnet C2 server (confidence level: 50%)
file172.86.124.75
Sliver botnet C2 server (confidence level: 50%)
file80.78.24.124
Unknown malware botnet C2 server (confidence level: 50%)
file196.251.88.110
AsyncRAT botnet C2 server (confidence level: 50%)
file196.251.83.117
Nanocore RAT botnet C2 server (confidence level: 50%)
file13.245.196.7
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file91.214.78.134
Havoc botnet C2 server (confidence level: 50%)
file45.88.109.34
AdaptixC2 botnet C2 server (confidence level: 50%)
file147.185.221.25
AsyncRAT botnet C2 server (confidence level: 50%)
file138.68.79.95
AsyncRAT botnet C2 server (confidence level: 50%)
file154.127.60.213
Orcus RAT botnet C2 server (confidence level: 50%)
file123.163.223.184
Sliver botnet C2 server (confidence level: 100%)
file35.209.240.186
Sliver botnet C2 server (confidence level: 100%)
file38.147.173.35
Sliver botnet C2 server (confidence level: 100%)
file18.183.72.243
AsyncRAT botnet C2 server (confidence level: 100%)
file194.26.192.145
Quasar RAT botnet C2 server (confidence level: 100%)
file3.137.218.60
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file62.113.59.107
AdaptixC2 botnet C2 server (confidence level: 100%)
file94.141.123.182
Rhadamanthys botnet C2 server (confidence level: 100%)
file2.50.53.131
QakBot botnet C2 server (confidence level: 75%)
file86.106.85.43
Sliver botnet C2 server (confidence level: 75%)
file91.186.208.93
DeimosC2 botnet C2 server (confidence level: 75%)
file45.146.130.129
Unknown Stealer botnet C2 server (confidence level: 75%)
file194.59.31.30
Remcos botnet C2 server (confidence level: 100%)
file69.21.119.169
Meterpreter botnet C2 server (confidence level: 75%)
file1.94.62.205
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.163.84.111
Cobalt Strike botnet C2 server (confidence level: 100%)
file113.44.139.80
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.141.233.66
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.153.182.193
Remcos botnet C2 server (confidence level: 100%)
file150.158.9.124
Sliver botnet C2 server (confidence level: 100%)
file89.34.219.179
Hook botnet C2 server (confidence level: 100%)
file51.96.104.251
Havoc botnet C2 server (confidence level: 100%)
file196.251.72.3
Unknown malware botnet C2 server (confidence level: 100%)
file37.114.41.75
XWorm botnet C2 server (confidence level: 75%)
file45.88.9.205
XWorm botnet C2 server (confidence level: 75%)
file79.141.160.131
XWorm botnet C2 server (confidence level: 75%)
file85.203.4.126
XWorm botnet C2 server (confidence level: 75%)
file103.195.190.49
XWorm botnet C2 server (confidence level: 75%)
file107.150.0.86
XWorm botnet C2 server (confidence level: 75%)
file181.214.48.110
XWorm botnet C2 server (confidence level: 75%)
file185.117.3.224
XWorm botnet C2 server (confidence level: 75%)
file192.159.99.144
XWorm botnet C2 server (confidence level: 75%)
file43.163.107.212
Cobalt Strike botnet C2 server (confidence level: 75%)
file43.163.107.212
Cobalt Strike botnet C2 server (confidence level: 75%)
file194.213.18.10
FAKEUPDATES botnet C2 server (confidence level: 100%)
file49.13.32.53
Vidar botnet C2 server (confidence level: 100%)
file91.99.157.75
Vidar botnet C2 server (confidence level: 100%)
file213.209.150.162
Latrodectus botnet C2 server (confidence level: 90%)
file154.194.35.243
DarkComet botnet C2 server (confidence level: 100%)
file64.176.68.149
Unknown malware botnet C2 server (confidence level: 100%)
file103.237.92.182
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.70.71
AsyncRAT botnet C2 server (confidence level: 100%)
file102.117.161.232
Unknown malware botnet C2 server (confidence level: 100%)
file102.182.124.151
Quasar RAT botnet C2 server (confidence level: 100%)
file201.92.135.205
Havoc botnet C2 server (confidence level: 100%)
file34.227.114.2
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file115.187.41.77
Unknown malware botnet C2 server (confidence level: 100%)
file185.62.58.125
MimiKatz botnet C2 server (confidence level: 100%)
file45.141.233.114
AsyncRAT botnet C2 server (confidence level: 100%)
file68.183.98.89
AsyncRAT botnet C2 server (confidence level: 100%)
file68.183.98.89
AsyncRAT botnet C2 server (confidence level: 100%)
file68.183.98.89
AsyncRAT botnet C2 server (confidence level: 100%)
file213.209.150.163
Latrodectus botnet C2 server (confidence level: 90%)
file101.37.68.76
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.139.104.79
Cobalt Strike botnet C2 server (confidence level: 100%)
file142.54.190.74
Cobalt Strike botnet C2 server (confidence level: 100%)
file67.21.33.183
Remcos botnet C2 server (confidence level: 100%)
file3.238.37.57
Sliver botnet C2 server (confidence level: 100%)
file196.251.83.225
AsyncRAT botnet C2 server (confidence level: 100%)
file158.158.0.196
Unknown malware botnet C2 server (confidence level: 100%)
file159.69.152.161
Havoc botnet C2 server (confidence level: 100%)
file18.230.76.228
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file103.215.78.152
ValleyRAT botnet C2 server (confidence level: 100%)
file103.215.78.152
ValleyRAT botnet C2 server (confidence level: 100%)
file173.242.123.219
DeimosC2 botnet C2 server (confidence level: 75%)
file8.213.236.2
ValleyRAT botnet C2 server (confidence level: 100%)
file8.213.236.2
ValleyRAT botnet C2 server (confidence level: 100%)
file8.213.236.2
ValleyRAT botnet C2 server (confidence level: 100%)
file217.39.53.239
DeimosC2 botnet C2 server (confidence level: 75%)
file52.223.43.230
DeimosC2 botnet C2 server (confidence level: 75%)
file70.31.125.34
QakBot botnet C2 server (confidence level: 75%)
file76.66.169.248
QakBot botnet C2 server (confidence level: 75%)
file113.45.238.149
Cobalt Strike botnet C2 server (confidence level: 75%)
file120.27.235.78
Cobalt Strike botnet C2 server (confidence level: 75%)
file34.250.243.136
Cobalt Strike botnet C2 server (confidence level: 75%)
file43.100.59.154
Cobalt Strike botnet C2 server (confidence level: 75%)
file47.239.127.205
Cobalt Strike botnet C2 server (confidence level: 75%)
file8.209.116.25
Cobalt Strike botnet C2 server (confidence level: 75%)

Hash

ValueDescriptionCopy
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2087
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash81
DarkComet botnet C2 server (confidence level: 100%)
hash2407
Remcos botnet C2 server (confidence level: 100%)
hash40102
Remcos botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash45051
Hook botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash623
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash10443
AdaptixC2 botnet C2 server (confidence level: 100%)
hash43211
AdaptixC2 botnet C2 server (confidence level: 100%)
hash443
Latrodectus botnet C2 server (confidence level: 90%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8001
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash4000
AsyncRAT botnet C2 server (confidence level: 100%)
hash23500
AsyncRAT botnet C2 server (confidence level: 100%)
hash4000
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash2003
AsyncRAT botnet C2 server (confidence level: 100%)
hash8080
Havoc botnet C2 server (confidence level: 100%)
hash11443
Havoc botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash13333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash9999
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash10443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash4443
AdaptixC2 botnet C2 server (confidence level: 100%)
hash443
Latrodectus botnet C2 server (confidence level: 90%)
hash5555
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9090
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4688
Remcos botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash7443
Unknown malware botnet C2 server (confidence level: 50%)
hash1337
AsyncRAT botnet C2 server (confidence level: 50%)
hash54984
Nanocore RAT botnet C2 server (confidence level: 50%)
hash3310
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash123
AdaptixC2 botnet C2 server (confidence level: 50%)
hash34654
AsyncRAT botnet C2 server (confidence level: 50%)
hash36781
AsyncRAT botnet C2 server (confidence level: 50%)
hash50501
Orcus RAT botnet C2 server (confidence level: 50%)
hash40000
Sliver botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash3299
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash4444
AdaptixC2 botnet C2 server (confidence level: 100%)
hash29300
Rhadamanthys botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash8888
Sliver botnet C2 server (confidence level: 75%)
hash2083
DeimosC2 botnet C2 server (confidence level: 75%)
hash80
Unknown Stealer botnet C2 server (confidence level: 75%)
hash1618
Remcos botnet C2 server (confidence level: 100%)
hash443
Meterpreter botnet C2 server (confidence level: 75%)
hash8090
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2096
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Remcos botnet C2 server (confidence level: 100%)
hash80
Sliver botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash4000
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
XWorm botnet C2 server (confidence level: 75%)
hash444
XWorm botnet C2 server (confidence level: 75%)
hash8787
XWorm botnet C2 server (confidence level: 75%)
hash7000
XWorm botnet C2 server (confidence level: 75%)
hash7771
XWorm botnet C2 server (confidence level: 75%)
hash3698
XWorm botnet C2 server (confidence level: 75%)
hash300
XWorm botnet C2 server (confidence level: 75%)
hash2235
XWorm botnet C2 server (confidence level: 75%)
hash7000
XWorm botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
FAKEUPDATES botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash443
Latrodectus botnet C2 server (confidence level: 90%)
hash8636
DarkComet botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash443
AsyncRAT botnet C2 server (confidence level: 100%)
hash7000
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8078
Quasar RAT botnet C2 server (confidence level: 100%)
hash8081
Havoc botnet C2 server (confidence level: 100%)
hash427
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
MimiKatz botnet C2 server (confidence level: 100%)
hash2005
AsyncRAT botnet C2 server (confidence level: 100%)
hash4449
AsyncRAT botnet C2 server (confidence level: 100%)
hash7769
AsyncRAT botnet C2 server (confidence level: 100%)
hash3316
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Latrodectus botnet C2 server (confidence level: 90%)
hash9090
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2700
Remcos botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash7777
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash250
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash6666
ValleyRAT botnet C2 server (confidence level: 100%)
hash8888
ValleyRAT botnet C2 server (confidence level: 100%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash4441
ValleyRAT botnet C2 server (confidence level: 100%)
hash4448
ValleyRAT botnet C2 server (confidence level: 100%)
hash4449
ValleyRAT botnet C2 server (confidence level: 100%)
hash8080
DeimosC2 botnet C2 server (confidence level: 75%)
hash6443
DeimosC2 botnet C2 server (confidence level: 75%)
hash2222
QakBot botnet C2 server (confidence level: 75%)
hash2222
QakBot botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)

Threat ID: 68568e31aded773421b54db4

Added to database: 6/21/2025, 10:49:21 AM

Last enriched: 6/21/2025, 10:50:26 AM

Last updated: 8/17/2025, 8:40:41 PM

Views: 23

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats