ThreatFox IOCs for 2025-06-21
ThreatFox IOCs for 2025-06-21
AI Analysis
Technical Summary
The provided threat information pertains to a malware-related intelligence update from the ThreatFox MISP Feed dated June 21, 2025. This update primarily focuses on Indicators of Compromise (IOCs) related to OSINT (Open Source Intelligence) activities, payload delivery mechanisms, and network activity patterns. The threat is categorized under OSINT and payload delivery, suggesting that it involves the use of publicly available information or reconnaissance techniques to facilitate the delivery of malicious payloads over network channels. No specific affected product versions or software are identified, indicating that the threat may be generic or broadly applicable rather than targeting a particular software vulnerability. The absence of known exploits in the wild and the lack of available patches imply that this threat is either newly identified or not yet actively exploited on a large scale. The technical details assign a threat level of 2 (on an unspecified scale), with moderate distribution (level 3) and minimal analysis (level 1), reflecting limited but notable dissemination and understanding. The lack of concrete IOCs or detailed technical indicators limits the ability to perform deep forensic or signature-based detection. Overall, this threat appears to be an emerging or low-maturity malware campaign leveraging OSINT techniques for payload delivery via network vectors, with a medium severity rating assigned by the source.
Potential Impact
For European organizations, the impact of this threat could manifest primarily through increased exposure to malware infections initiated via network-based payload delivery methods informed by OSINT reconnaissance. Given the generic nature of the threat and absence of specific targeted vulnerabilities, the risk is more aligned with opportunistic attacks rather than highly targeted intrusions. Potential impacts include unauthorized access, data exfiltration, disruption of network services, and compromise of endpoint integrity. Organizations with extensive network exposure, especially those relying on open-source intelligence for operational purposes or those with less mature network monitoring capabilities, may face elevated risks. The medium severity suggests that while the threat is not immediately critical, it could serve as a precursor to more advanced attacks if left unmitigated. The lack of patches or known exploits indicates that traditional patch management will not mitigate this threat, emphasizing the need for proactive detection and network defense strategies.
Mitigation Recommendations
1. Enhance network monitoring to detect anomalous payload delivery patterns and suspicious OSINT-related reconnaissance activities, leveraging behavioral analytics rather than relying solely on signature-based detection. 2. Implement strict network segmentation to limit the lateral movement potential of any malware introduced via network payloads. 3. Employ threat intelligence sharing platforms to stay updated on emerging IOCs related to this threat as they become available, enabling timely detection and response. 4. Conduct regular employee training focused on recognizing social engineering and phishing attempts that may serve as initial infection vectors, especially those leveraging OSINT-derived information. 5. Utilize advanced endpoint detection and response (EDR) solutions capable of identifying and isolating suspicious payload execution. 6. Review and harden firewall and intrusion detection/prevention system (IDS/IPS) configurations to block known malicious network traffic patterns associated with payload delivery. 7. Since no patches are available, prioritize incident response readiness and establish clear procedures for containment and eradication upon detection of related activity.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- url: http://somanydomain.anondns.net
- file: 83.229.87.221
- hash: 1440
- file: 185.64.106.73
- hash: 12233
- domain: security.fpwergwavrd.com
- domain: posugxa.com
- url: https://posugxa.com/shield.msi
- file: 38.54.15.75
- hash: 19174
- file: 38.54.15.75
- hash: 16326
- domain: microsoftcdnlicense.putinswin.es
- file: 195.2.78.159
- hash: 35348
- file: 8.137.98.198
- hash: 8080
- file: 47.101.187.219
- hash: 81
- file: 142.54.190.74
- hash: 443
- file: 177.255.89.100
- hash: 2404
- file: 82.205.83.111
- hash: 1099
- file: 196.251.83.225
- hash: 222
- file: 196.251.83.225
- hash: 4444
- file: 128.90.113.223
- hash: 5000
- file: 46.173.214.80
- hash: 9443
- file: 18.230.76.228
- hash: 10000
- file: 18.230.76.228
- hash: 12000
- domain: dd.tstcs888.com
- file: 118.107.221.146
- hash: 443
- file: 39.173.159.64
- hash: 80
- file: 45.91.171.107
- hash: 1337
- file: 193.112.101.108
- hash: 6908
- file: 38.55.129.94
- hash: 8080
- file: 113.45.29.125
- hash: 8888
- file: 20.169.159.207
- hash: 443
- file: 129.211.169.198
- hash: 8888
- file: 196.251.83.225
- hash: 888
- domain: 172.91.188.35.bc.googleusercontent.com
- domain: 120.32.198.104.bc.googleusercontent.com
- file: 91.99.142.220
- hash: 25565
- file: 113.45.177.81
- hash: 80
- file: 37.72.168.146
- hash: 14443
- file: 13.208.193.77
- hash: 465
- file: 20.2.2.169
- hash: 8082
- file: 115.190.77.6
- hash: 60000
- file: 122.51.218.18
- hash: 60000
- file: 198.144.189.78
- hash: 80
- file: 98.70.37.51
- hash: 8443
- file: 178.20.41.194
- hash: 3333
- file: 64.23.143.189
- hash: 3333
- file: 159.223.247.20
- hash: 3333
- file: 172.236.140.140
- hash: 8080
- file: 18.196.114.197
- hash: 80
- file: 18.196.114.197
- hash: 443
- file: 3.79.194.88
- hash: 443
- file: 54.203.122.22
- hash: 443
- file: 13.48.133.87
- hash: 80
- file: 3.145.164.129
- hash: 8081
- file: 54.219.247.200
- hash: 3333
- file: 8.130.72.84
- hash: 3333
- file: 52.33.48.202
- hash: 443
- file: 178.62.224.115
- hash: 17069
- file: 177.93.133.229
- hash: 443
- domain: ec2-54-250-175-201.ap-northeast-1.compute.amazonaws.com
- file: 35.183.17.109
- hash: 3333
- file: 3.108.166.233
- hash: 80
- file: 154.205.145.243
- hash: 8443
- file: 35.167.62.125
- hash: 443
- file: 135.235.35.109
- hash: 3333
- file: 121.36.62.154
- hash: 8082
- file: 101.35.95.220
- hash: 8081
- file: 185.224.128.52
- hash: 4443
- file: 45.159.50.117
- hash: 8443
- file: 154.89.203.181
- hash: 8888
- file: 182.92.159.149
- hash: 8888
- file: 185.82.73.108
- hash: 7707
- file: 147.182.217.64
- hash: 443
- file: 54.253.241.166
- hash: 7547
- file: 130.164.161.236
- hash: 443
- file: 41.216.188.159
- hash: 80
- file: 87.121.84.155
- hash: 80
- file: 159.65.233.1
- hash: 443
- file: 163.181.94.101
- hash: 4506
- file: 24.177.65.54
- hash: 443
- file: 27.115.121.2
- hash: 5672
- file: 91.108.189.131
- hash: 443
- domain: webapi.360se.dpdns.org
- file: 121.16.47.117
- hash: 2096
- domain: anyukov-43802.portmap.io
- file: 160.202.133.143
- hash: 6343
- file: 1.12.233.147
- hash: 1499
- file: 185.55.240.111
- hash: 4782
- file: 192.227.144.34
- hash: 4693
- file: 196.251.80.125
- hash: 4782
- file: 198.98.59.180
- hash: 80
- file: 198.98.59.180
- hash: 3778
- file: 46.8.122.64
- hash: 1555
- file: 46.8.122.64
- hash: 2555
- file: 193.222.96.100
- hash: 5555
- domain: return-aug.gl.at.ply.gg
- domain: hamster-exchange.top
- file: 46.173.214.80
- hash: 8443
- file: 192.227.227.241
- hash: 7077
- file: 5.175.234.59
- hash: 4488
- file: 151.242.63.239
- hash: 6969
- file: 84.154.191.111
- hash: 81
- file: 181.12.250.37
- hash: 5610
- file: 3.38.192.195
- hash: 4444
- file: 50.18.143.103
- hash: 50025
- file: 8.156.73.92
- hash: 47486
- file: 93.115.21.186
- hash: 80
- file: 38.180.152.36
- hash: 19000
- file: 43.155.4.35
- hash: 15151
- file: 150.109.120.102
- hash: 15151
- file: 43.159.199.184
- hash: 15151
- file: 38.91.118.226
- hash: 5531
- file: 202.79.172.16
- hash: 6666
- domain: www.commicaute.com
- file: 101.42.239.131
- hash: 8787
- file: 134.122.204.168
- hash: 443
- file: 166.88.96.120
- hash: 443
- file: 192.253.229.133
- hash: 443
- file: 45.125.67.232
- hash: 443
- file: 23.95.60.6
- hash: 14657
- file: 23.95.60.6
- hash: 14658
- domain: foncar.duckdns.org
- file: 3.27.66.78
- hash: 2096
- file: 209.200.252.21
- hash: 53
- file: 212.34.145.235
- hash: 9000
- file: 91.99.105.252
- hash: 7443
- file: 178.128.243.207
- hash: 443
- file: 13.53.198.166
- hash: 995
- domain: mkidech.zapto.org
- domain: api.todesks.help
- domain: ns1.mailinfo.life
- domain: ns1.todesks.help
- domain: ns2.admlistdel.com
- domain: ns2.mailinfo.life
- domain: ns2.todesks.help
- domain: ns3.admlistdel.com
- file: 101.42.239.131
- hash: 53
- file: 107.173.122.193
- hash: 53
- file: 38.207.176.86
- hash: 53
- file: 45.74.16.86
- hash: 443
- file: 43.139.185.214
- hash: 80
- file: 124.198.132.143
- hash: 1000
- file: 185.156.72.33
- hash: 9000
- file: 54.163.38.198
- hash: 443
- file: 154.61.80.43
- hash: 8089
- file: 13.234.32.95
- hash: 4841
- file: 43.198.203.105
- hash: 102
- file: 31.31.203.114
- hash: 80
- file: 23.88.69.148
- hash: 443
- file: 109.195.179.146
- hash: 1604
- file: 93.127.134.37
- hash: 10020
- domain: ratforme.ddns.net
- domain: catherinekey1965-28715.portmap.io
- file: 185.222.59.81
- hash: 2404
- file: 192.3.3.139
- hash: 45682
- domain: zombiedomain.sytes.net
- domain: ansy10jun.duckdns.org
- domain: asegurar3octubre.duckdns.org
- domain: asegurar2octubre.duckdns.org
- file: 31.57.38.93
- hash: 4449
- file: 213.142.151.94
- hash: 6606
- file: 213.142.151.94
- hash: 7707
- file: 213.142.151.94
- hash: 8808
- file: 45.141.26.147
- hash: 7000
- file: 77.105.166.57
- hash: 7000
- domain: ms-pupils.gl.at.ply.gg
ThreatFox IOCs for 2025-06-21
Description
ThreatFox IOCs for 2025-06-21
AI-Powered Analysis
Technical Analysis
The provided threat information pertains to a malware-related intelligence update from the ThreatFox MISP Feed dated June 21, 2025. This update primarily focuses on Indicators of Compromise (IOCs) related to OSINT (Open Source Intelligence) activities, payload delivery mechanisms, and network activity patterns. The threat is categorized under OSINT and payload delivery, suggesting that it involves the use of publicly available information or reconnaissance techniques to facilitate the delivery of malicious payloads over network channels. No specific affected product versions or software are identified, indicating that the threat may be generic or broadly applicable rather than targeting a particular software vulnerability. The absence of known exploits in the wild and the lack of available patches imply that this threat is either newly identified or not yet actively exploited on a large scale. The technical details assign a threat level of 2 (on an unspecified scale), with moderate distribution (level 3) and minimal analysis (level 1), reflecting limited but notable dissemination and understanding. The lack of concrete IOCs or detailed technical indicators limits the ability to perform deep forensic or signature-based detection. Overall, this threat appears to be an emerging or low-maturity malware campaign leveraging OSINT techniques for payload delivery via network vectors, with a medium severity rating assigned by the source.
Potential Impact
For European organizations, the impact of this threat could manifest primarily through increased exposure to malware infections initiated via network-based payload delivery methods informed by OSINT reconnaissance. Given the generic nature of the threat and absence of specific targeted vulnerabilities, the risk is more aligned with opportunistic attacks rather than highly targeted intrusions. Potential impacts include unauthorized access, data exfiltration, disruption of network services, and compromise of endpoint integrity. Organizations with extensive network exposure, especially those relying on open-source intelligence for operational purposes or those with less mature network monitoring capabilities, may face elevated risks. The medium severity suggests that while the threat is not immediately critical, it could serve as a precursor to more advanced attacks if left unmitigated. The lack of patches or known exploits indicates that traditional patch management will not mitigate this threat, emphasizing the need for proactive detection and network defense strategies.
Mitigation Recommendations
1. Enhance network monitoring to detect anomalous payload delivery patterns and suspicious OSINT-related reconnaissance activities, leveraging behavioral analytics rather than relying solely on signature-based detection. 2. Implement strict network segmentation to limit the lateral movement potential of any malware introduced via network payloads. 3. Employ threat intelligence sharing platforms to stay updated on emerging IOCs related to this threat as they become available, enabling timely detection and response. 4. Conduct regular employee training focused on recognizing social engineering and phishing attempts that may serve as initial infection vectors, especially those leveraging OSINT-derived information. 5. Utilize advanced endpoint detection and response (EDR) solutions capable of identifying and isolating suspicious payload execution. 6. Review and harden firewall and intrusion detection/prevention system (IDS/IPS) configurations to block known malicious network traffic patterns associated with payload delivery. 7. Since no patches are available, prioritize incident response readiness and establish clear procedures for containment and eradication upon detection of related activity.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 9680840e-69b2-4ed1-8f38-dc2855b0ed18
- Original Timestamp
- 1750550586
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://somanydomain.anondns.net | Mirai payload delivery URL (confidence level: 100%) | |
urlhttps://posugxa.com/shield.msi | Unknown malware payload delivery URL (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file83.229.87.221 | Mirai botnet C2 server (confidence level: 100%) | |
file185.64.106.73 | BazarBackdoor botnet C2 server (confidence level: 100%) | |
file38.54.15.75 | Mirai botnet C2 server (confidence level: 100%) | |
file38.54.15.75 | Mirai botnet C2 server (confidence level: 100%) | |
file195.2.78.159 | Mirai botnet C2 server (confidence level: 100%) | |
file8.137.98.198 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.101.187.219 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file142.54.190.74 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file177.255.89.100 | Remcos botnet C2 server (confidence level: 100%) | |
file82.205.83.111 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.83.225 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.83.225 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.113.223 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file46.173.214.80 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.230.76.228 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file18.230.76.228 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file118.107.221.146 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file39.173.159.64 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file45.91.171.107 | Mirai botnet C2 server (confidence level: 100%) | |
file193.112.101.108 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file38.55.129.94 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file113.45.29.125 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file20.169.159.207 | Sliver botnet C2 server (confidence level: 90%) | |
file129.211.169.198 | Unknown malware botnet C2 server (confidence level: 100%) | |
file196.251.83.225 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file91.99.142.220 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file113.45.177.81 | Havoc botnet C2 server (confidence level: 100%) | |
file37.72.168.146 | Havoc botnet C2 server (confidence level: 100%) | |
file13.208.193.77 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file20.2.2.169 | Unknown malware botnet C2 server (confidence level: 100%) | |
file115.190.77.6 | Unknown malware botnet C2 server (confidence level: 100%) | |
file122.51.218.18 | Unknown malware botnet C2 server (confidence level: 100%) | |
file198.144.189.78 | Bashlite botnet C2 server (confidence level: 100%) | |
file98.70.37.51 | Unknown malware botnet C2 server (confidence level: 100%) | |
file178.20.41.194 | Unknown malware botnet C2 server (confidence level: 100%) | |
file64.23.143.189 | Unknown malware botnet C2 server (confidence level: 100%) | |
file159.223.247.20 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.236.140.140 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.196.114.197 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.196.114.197 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.79.194.88 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.203.122.22 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.48.133.87 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.145.164.129 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.219.247.200 | Unknown malware botnet C2 server (confidence level: 100%) | |
file8.130.72.84 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.33.48.202 | Unknown malware botnet C2 server (confidence level: 100%) | |
file178.62.224.115 | Unknown malware botnet C2 server (confidence level: 100%) | |
file177.93.133.229 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.183.17.109 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.108.166.233 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.205.145.243 | BianLian botnet C2 server (confidence level: 100%) | |
file35.167.62.125 | Unknown malware botnet C2 server (confidence level: 100%) | |
file135.235.35.109 | Unknown malware botnet C2 server (confidence level: 100%) | |
file121.36.62.154 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.35.95.220 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.224.128.52 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.159.50.117 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.89.203.181 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.92.159.149 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.82.73.108 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file147.182.217.64 | Havoc botnet C2 server (confidence level: 100%) | |
file54.253.241.166 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file130.164.161.236 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file41.216.188.159 | MooBot botnet C2 server (confidence level: 100%) | |
file87.121.84.155 | MooBot botnet C2 server (confidence level: 100%) | |
file159.65.233.1 | BianLian botnet C2 server (confidence level: 100%) | |
file163.181.94.101 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file24.177.65.54 | QakBot botnet C2 server (confidence level: 75%) | |
file27.115.121.2 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file91.108.189.131 | Sliver botnet C2 server (confidence level: 75%) | |
file121.16.47.117 | Meterpreter botnet C2 server (confidence level: 75%) | |
file160.202.133.143 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file1.12.233.147 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.55.240.111 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file192.227.144.34 | Remcos botnet C2 server (confidence level: 100%) | |
file196.251.80.125 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file198.98.59.180 | Mirai botnet C2 server (confidence level: 100%) | |
file198.98.59.180 | Mirai botnet C2 server (confidence level: 100%) | |
file46.8.122.64 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file46.8.122.64 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file193.222.96.100 | XWorm botnet C2 server (confidence level: 100%) | |
file46.173.214.80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file192.227.227.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file5.175.234.59 | Venom RAT botnet C2 server (confidence level: 100%) | |
file151.242.63.239 | Venom RAT botnet C2 server (confidence level: 100%) | |
file84.154.191.111 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file181.12.250.37 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file3.38.192.195 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file50.18.143.103 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file8.156.73.92 | Chaos botnet C2 server (confidence level: 100%) | |
file93.115.21.186 | MimiKatz botnet C2 server (confidence level: 100%) | |
file38.180.152.36 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file43.155.4.35 | XWorm botnet C2 server (confidence level: 100%) | |
file150.109.120.102 | XWorm botnet C2 server (confidence level: 100%) | |
file43.159.199.184 | XWorm botnet C2 server (confidence level: 100%) | |
file38.91.118.226 | XWorm botnet C2 server (confidence level: 100%) | |
file202.79.172.16 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file101.42.239.131 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file134.122.204.168 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file166.88.96.120 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file192.253.229.133 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file45.125.67.232 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file23.95.60.6 | Remcos botnet C2 server (confidence level: 100%) | |
file23.95.60.6 | Remcos botnet C2 server (confidence level: 100%) | |
file3.27.66.78 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file209.200.252.21 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file212.34.145.235 | SectopRAT botnet C2 server (confidence level: 100%) | |
file91.99.105.252 | Unknown malware botnet C2 server (confidence level: 100%) | |
file178.128.243.207 | Havoc botnet C2 server (confidence level: 100%) | |
file13.53.198.166 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file101.42.239.131 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file107.173.122.193 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.207.176.86 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file45.74.16.86 | Bashlite botnet C2 server (confidence level: 100%) | |
file43.139.185.214 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.198.132.143 | Remcos botnet C2 server (confidence level: 100%) | |
file185.156.72.33 | SectopRAT botnet C2 server (confidence level: 100%) | |
file54.163.38.198 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.61.80.43 | Hook botnet C2 server (confidence level: 100%) | |
file13.234.32.95 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file43.198.203.105 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file31.31.203.114 | Stealc botnet C2 server (confidence level: 100%) | |
file23.88.69.148 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file109.195.179.146 | DarkComet botnet C2 server (confidence level: 100%) | |
file93.127.134.37 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file185.222.59.81 | Remcos botnet C2 server (confidence level: 100%) | |
file192.3.3.139 | Remcos botnet C2 server (confidence level: 100%) | |
file31.57.38.93 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file213.142.151.94 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file213.142.151.94 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file213.142.151.94 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.141.26.147 | XWorm botnet C2 server (confidence level: 100%) | |
file77.105.166.57 | XWorm botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash1440 | Mirai botnet C2 server (confidence level: 100%) | |
hash12233 | BazarBackdoor botnet C2 server (confidence level: 100%) | |
hash19174 | Mirai botnet C2 server (confidence level: 100%) | |
hash16326 | Mirai botnet C2 server (confidence level: 100%) | |
hash35348 | Mirai botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash1099 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4444 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10000 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash12000 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash1337 | Mirai botnet C2 server (confidence level: 100%) | |
hash6908 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 90%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash25565 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash14443 | Havoc botnet C2 server (confidence level: 100%) | |
hash465 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8082 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8081 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash17069 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | BianLian botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8082 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash7547 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash443 | BianLian botnet C2 server (confidence level: 100%) | |
hash4506 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash5672 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 75%) | |
hash2096 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash6343 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash1499 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4693 | Remcos botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash80 | Mirai botnet C2 server (confidence level: 100%) | |
hash3778 | Mirai botnet C2 server (confidence level: 100%) | |
hash1555 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash2555 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash5555 | XWorm botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7077 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4488 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash6969 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash81 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash5610 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash4444 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash50025 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash47486 | Chaos botnet C2 server (confidence level: 100%) | |
hash80 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash19000 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash15151 | XWorm botnet C2 server (confidence level: 100%) | |
hash15151 | XWorm botnet C2 server (confidence level: 100%) | |
hash15151 | XWorm botnet C2 server (confidence level: 100%) | |
hash5531 | XWorm botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8787 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash14657 | Remcos botnet C2 server (confidence level: 100%) | |
hash14658 | Remcos botnet C2 server (confidence level: 100%) | |
hash2096 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash53 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash995 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Bashlite botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1000 | Remcos botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash4841 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash102 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 100%) | |
hash10020 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash45682 | Remcos botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainsecurity.fpwergwavrd.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainposugxa.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainmicrosoftcdnlicense.putinswin.es | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domaindd.tstcs888.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domain172.91.188.35.bc.googleusercontent.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domain120.32.198.104.bc.googleusercontent.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainec2-54-250-175-201.ap-northeast-1.compute.amazonaws.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainwebapi.360se.dpdns.org | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainanyukov-43802.portmap.io | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainreturn-aug.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainhamster-exchange.top | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainwww.commicaute.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainfoncar.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainmkidech.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainapi.todesks.help | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns1.mailinfo.life | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns1.todesks.help | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns2.admlistdel.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns2.mailinfo.life | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns2.todesks.help | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns3.admlistdel.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainratforme.ddns.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaincatherinekey1965-28715.portmap.io | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainzombiedomain.sytes.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainansy10jun.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainasegurar3octubre.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainasegurar2octubre.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainms-pupils.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) |
Threat ID: 68574922d804313c2171b4d3
Added to database: 6/22/2025, 12:06:58 AM
Last enriched: 6/22/2025, 12:10:32 AM
Last updated: 8/17/2025, 8:42:00 PM
Views: 22
Related Threats
ThreatFox IOCs for 2025-08-17
MediumThreatFox IOCs for 2025-08-16
MediumScammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumThreatFox IOCs for 2025-08-15
MediumThreat Actor Profile: Interlock Ransomware
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.