Skip to main content

ThreatFox IOCs for 2025-06-22

Medium
Published: Sun Jun 22 2025 (06/22/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-06-22

AI-Powered Analysis

AILast updated: 06/23/2025, 00:20:00 UTC

Technical Analysis

The provided threat intelligence pertains to a malware-related report titled "ThreatFox IOCs for 2025-06-22," sourced from the ThreatFox MISP Feed. The threat is categorized under OSINT (Open Source Intelligence), network activity, and payload delivery, indicating that it involves the collection or use of publicly available information to facilitate malicious payload distribution over networks. However, the technical details are limited, with no specific affected product versions or detailed indicators of compromise (IOCs) provided. The threat level is rated as 2 on an unspecified scale, with analysis and distribution scores of 1 and 3 respectively, suggesting moderate dissemination but limited analytical depth. No known exploits in the wild or available patches exist, and no CWE (Common Weakness Enumeration) identifiers are associated, implying that this is either a newly observed threat or one that leverages generic OSINT techniques rather than exploiting specific software vulnerabilities. The absence of authentication or user interaction requirements is not explicitly stated, but given the nature of OSINT and network-based payload delivery, some level of user or system interaction may be necessary for successful exploitation. Overall, this threat appears to be a medium-severity malware campaign leveraging OSINT for payload delivery, but with limited technical specifics available for deeper forensic or defensive analysis.

Potential Impact

For European organizations, the impact of this threat could manifest primarily through the compromise of networked systems via payload delivery mechanisms informed by OSINT. This could lead to unauthorized access, data exfiltration, or disruption of services depending on the payload's nature. Given the medium severity and lack of known exploits, immediate widespread disruption is unlikely; however, targeted attacks could leverage this threat to gain footholds in critical infrastructure, corporate networks, or government systems. The use of OSINT suggests attackers may be tailoring payloads based on publicly available information about targets, increasing the risk for organizations with significant online exposure or those operating in sectors with high-value data. The absence of patches and the lack of detailed IOCs complicate detection and response efforts, potentially allowing attackers to operate undetected for longer periods. European entities with extensive networked environments and reliance on open-source intelligence for threat modeling should be particularly vigilant.

Mitigation Recommendations

Given the limited technical details and absence of patches, mitigation should focus on enhancing network monitoring and threat detection capabilities. Organizations should implement advanced network traffic analysis tools capable of identifying anomalous payload delivery patterns, especially those informed by OSINT-derived tactics. Employing threat intelligence sharing platforms to gather updated IOCs and behavioral indicators related to this threat will improve situational awareness. Network segmentation and strict access controls can limit lateral movement if a payload is successfully delivered. Additionally, organizations should conduct regular OSINT assessments on their digital footprint to understand what information is publicly available that could be leveraged by attackers. Employee training on recognizing phishing or social engineering attempts tied to OSINT-derived campaigns will reduce the risk of initial compromise. Finally, deploying endpoint detection and response (EDR) solutions with heuristic and behavioral analysis can help identify and contain unknown malware variants associated with this threat.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
9247a1c9-d356-4436-9e99-057c5d3b89f1
Original Timestamp
1750636986

Indicators of Compromise

Domain

ValueDescriptionCopy
domainns1.basicvitals.com
Brute Ratel C4 botnet C2 domain (confidence level: 100%)
domainsecurity.gyredoflzares.com
Unknown malware payload delivery domain (confidence level: 100%)
domaingowqpaz.com
Unknown malware payload delivery domain (confidence level: 100%)
domaintest.manageenglne.com
Unknown Loader payload delivery domain (confidence level: 90%)
domainecs-113-44-139-80.compute.hwclouds-dns.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainelgg.santutxuht.eus
Unknown malware botnet C2 domain (confidence level: 100%)
domainwww.dulcidora.com.br
Havoc botnet C2 domain (confidence level: 100%)
domainjusthk.saoken.me
Unknown malware botnet C2 domain (confidence level: 100%)
domaintrezor-io-start.typedream.app
Unknown malware botnet C2 domain (confidence level: 100%)
domainregional-evaluate.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainde5.localto.net
Quasar RAT botnet C2 domain (confidence level: 100%)
domainwaohsfs-48136.portmap.io
XWorm botnet C2 domain (confidence level: 100%)
domainseason-clothes.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainasasas44-58548.portmap.io
Quasar RAT botnet C2 domain (confidence level: 100%)
domainmyhost5.ddns.net
Quasar RAT botnet C2 domain (confidence level: 100%)
domainhackblue.zapto.org
DarkComet botnet C2 domain (confidence level: 100%)
domainsnezze-27701.portmap.io
Quasar RAT botnet C2 domain (confidence level: 100%)
domainholycrappycrap.no-ip.org
DarkComet botnet C2 domain (confidence level: 100%)
domainb1.cornmealjustly.lat
ACR Stealer botnet C2 domain (confidence level: 100%)
domainpanel333222111.icu
Unknown malware botnet C2 domain (confidence level: 100%)
domainespinyskibidi-40205.portmap.host
Quasar RAT botnet C2 domain (confidence level: 100%)
domainjohncollins55-29335.portmap.io
Quasar RAT botnet C2 domain (confidence level: 100%)
domainns1.ns.xiaotusu.top
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainns2.ns.xiaotusu.top
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainsp.b0t.me
Cobalt Strike botnet C2 domain (confidence level: 75%)
domain1357965137-bafd04zr1t.ap-guangzhou.tencentscf.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainfazstpgnpnqb0.cfc-execute.bj.baidubce.com
Cobalt Strike botnet C2 domain (confidence level: 75%)

File

ValueDescriptionCopy
file147.45.45.156
Havoc botnet C2 server (confidence level: 100%)
file196.251.117.41
Cobalt Strike botnet C2 server (confidence level: 100%)
file157.230.218.246
Cobalt Strike botnet C2 server (confidence level: 100%)
file77.73.131.91
SectopRAT botnet C2 server (confidence level: 100%)
file154.61.80.43
Hook botnet C2 server (confidence level: 100%)
file185.72.199.116
Quasar RAT botnet C2 server (confidence level: 100%)
file179.113.39.3
Venom RAT botnet C2 server (confidence level: 100%)
file204.13.236.238
Venom RAT botnet C2 server (confidence level: 100%)
file102.46.109.60
DCRat botnet C2 server (confidence level: 100%)
file23.94.99.5
DCRat botnet C2 server (confidence level: 100%)
file54.154.145.60
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file104.21.84.25
Cobalt Strike botnet C2 server (confidence level: 75%)
file119.45.160.154
Unknown malware botnet C2 server (confidence level: 100%)
file89.23.97.45
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.83.225
AsyncRAT botnet C2 server (confidence level: 100%)
file45.95.42.238
Hook botnet C2 server (confidence level: 100%)
file83.7.213.183
Havoc botnet C2 server (confidence level: 100%)
file15.160.201.4
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file15.157.63.71
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file89.42.88.254
MooBot botnet C2 server (confidence level: 100%)
file120.76.243.150
Unknown malware botnet C2 server (confidence level: 100%)
file34.234.147.190
Unknown malware botnet C2 server (confidence level: 100%)
file20.160.219.70
Unknown malware botnet C2 server (confidence level: 100%)
file138.68.140.60
Unknown malware botnet C2 server (confidence level: 100%)
file194.233.66.58
Unknown malware botnet C2 server (confidence level: 100%)
file16.171.15.154
Unknown malware botnet C2 server (confidence level: 100%)
file109.70.24.35
Unknown malware botnet C2 server (confidence level: 100%)
file13.210.249.235
Unknown malware botnet C2 server (confidence level: 100%)
file185.105.109.98
Unknown malware botnet C2 server (confidence level: 100%)
file138.68.146.199
Unknown malware botnet C2 server (confidence level: 100%)
file107.161.154.83
BianLian botnet C2 server (confidence level: 100%)
file49.234.190.156
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.105.65.102
Cobalt Strike botnet C2 server (confidence level: 100%)
file122.164.178.173
Cobalt Strike botnet C2 server (confidence level: 100%)
file90.132.217.39
Cobalt Strike botnet C2 server (confidence level: 100%)
file129.204.103.151
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.238.234.146
Cobalt Strike botnet C2 server (confidence level: 100%)
file176.96.131.92
Mirai botnet C2 server (confidence level: 75%)
file193.239.237.85
Unknown Loader botnet C2 server (confidence level: 75%)
file90.132.217.39
Cobalt Strike botnet C2 server (confidence level: 100%)
file117.72.193.96
Cobalt Strike botnet C2 server (confidence level: 100%)
file23.226.54.31
Cobalt Strike botnet C2 server (confidence level: 100%)
file31.220.43.248
Sliver botnet C2 server (confidence level: 100%)
file208.91.189.183
AsyncRAT botnet C2 server (confidence level: 100%)
file34.55.163.144
Unknown malware botnet C2 server (confidence level: 100%)
file45.95.42.238
Hook botnet C2 server (confidence level: 100%)
file216.9.225.45
Remcos botnet C2 server (confidence level: 75%)
file118.253.172.111
DeimosC2 botnet C2 server (confidence level: 75%)
file185.117.91.4
Eye Pyramid botnet C2 server (confidence level: 75%)
file70.31.125.34
QakBot botnet C2 server (confidence level: 75%)
file173.249.29.108
AsyncRAT botnet C2 server (confidence level: 100%)
file173.249.29.108
XWorm botnet C2 server (confidence level: 100%)
file185.55.240.111
AsyncRAT botnet C2 server (confidence level: 100%)
file103.105.103.3
Meterpreter botnet C2 server (confidence level: 75%)
file124.220.205.147
Cobalt Strike botnet C2 server (confidence level: 100%)
file114.55.43.55
Cobalt Strike botnet C2 server (confidence level: 100%)
file107.174.127.172
Cobalt Strike botnet C2 server (confidence level: 100%)
file107.174.127.172
Cobalt Strike botnet C2 server (confidence level: 100%)
file172.81.130.46
AsyncRAT botnet C2 server (confidence level: 100%)
file194.180.48.186
AsyncRAT botnet C2 server (confidence level: 100%)
file57.155.89.101
Unknown malware botnet C2 server (confidence level: 100%)
file51.38.137.98
MooBot botnet C2 server (confidence level: 100%)
file172.236.140.140
Unknown malware botnet C2 server (confidence level: 100%)
file85.9.206.45
MimiKatz botnet C2 server (confidence level: 100%)
file43.156.15.56
AdaptixC2 botnet C2 server (confidence level: 100%)
file124.70.219.41
Cobalt Strike botnet C2 server (confidence level: 75%)
file45.141.151.174
Quasar RAT botnet C2 server (confidence level: 100%)
file45.153.34.229
Rhadamanthys botnet C2 server (confidence level: 100%)
file154.222.31.14
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.149.146.41
Rhadamanthys botnet C2 server (confidence level: 100%)
file139.28.219.36
Remcos botnet C2 server (confidence level: 100%)
file196.251.70.128
Remcos botnet C2 server (confidence level: 100%)
file185.208.158.175
Remcos botnet C2 server (confidence level: 100%)
file193.56.135.167
Remcos botnet C2 server (confidence level: 100%)
file216.9.224.215
Remcos botnet C2 server (confidence level: 100%)
file196.251.83.251
Remcos botnet C2 server (confidence level: 100%)
file91.199.42.144
Remcos botnet C2 server (confidence level: 100%)
file213.209.143.110
Remcos botnet C2 server (confidence level: 100%)
file79.110.49.116
Remcos botnet C2 server (confidence level: 100%)
file196.251.83.225
AsyncRAT botnet C2 server (confidence level: 100%)
file185.156.72.11
SectopRAT botnet C2 server (confidence level: 100%)
file34.61.138.114
Unknown malware botnet C2 server (confidence level: 100%)
file82.153.138.236
Unknown malware botnet C2 server (confidence level: 100%)
file20.195.8.103
Unknown malware botnet C2 server (confidence level: 100%)
file157.230.38.27
Havoc botnet C2 server (confidence level: 100%)
file134.199.192.154
Bashlite botnet C2 server (confidence level: 100%)
file185.208.158.168
AdaptixC2 botnet C2 server (confidence level: 100%)
file103.82.21.119
Quasar RAT botnet C2 server (confidence level: 100%)
file45.91.202.249
Stealc botnet C2 server (confidence level: 100%)
file178.236.252.126
Stealc botnet C2 server (confidence level: 100%)
file43.250.174.49
ValleyRAT botnet C2 server (confidence level: 100%)
file119.91.227.214
Cobalt Strike botnet C2 server (confidence level: 100%)
file115.159.125.103
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.34.83.159
Ghost RAT botnet C2 server (confidence level: 100%)
file102.96.148.134
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file18.130.226.244
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file43.209.3.230
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file103.69.194.85
Sliver botnet C2 server (confidence level: 75%)
file159.0.2.127
QakBot botnet C2 server (confidence level: 75%)
file167.250.204.162
Unknown malware botnet C2 server (confidence level: 75%)
file3.31.175.167
DeimosC2 botnet C2 server (confidence level: 75%)
file34.203.174.32
DeimosC2 botnet C2 server (confidence level: 75%)
file104.248.16.75
Cobalt Strike botnet C2 server (confidence level: 75%)
file119.8.124.29
Cobalt Strike botnet C2 server (confidence level: 75%)
file8.218.77.224
Cobalt Strike botnet C2 server (confidence level: 75%)

Hash

ValueDescriptionCopy
hash51000
Havoc botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9000
SectopRAT botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash1717
Quasar RAT botnet C2 server (confidence level: 100%)
hash7000
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4445
DCRat botnet C2 server (confidence level: 100%)
hash8848
DCRat botnet C2 server (confidence level: 100%)
hash8090
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash2096
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash2222
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash7443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash1962
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash8088
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
BianLian botnet C2 server (confidence level: 100%)
hash801
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5555
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5683
Mirai botnet C2 server (confidence level: 75%)
hash443
Unknown Loader botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8043
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash42422
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash8987
Remcos botnet C2 server (confidence level: 75%)
hash4506
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
Eye Pyramid botnet C2 server (confidence level: 75%)
hash2078
QakBot botnet C2 server (confidence level: 75%)
hash1452
AsyncRAT botnet C2 server (confidence level: 100%)
hash4145
XWorm botnet C2 server (confidence level: 100%)
hash4449
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Meterpreter botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash23456
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash4444
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8000
MimiKatz botnet C2 server (confidence level: 100%)
hash4321
AdaptixC2 botnet C2 server (confidence level: 100%)
hash7070
Cobalt Strike botnet C2 server (confidence level: 75%)
hash1604
Quasar RAT botnet C2 server (confidence level: 100%)
hash443
Rhadamanthys botnet C2 server (confidence level: 100%)
hash8808
Cobalt Strike botnet C2 server (confidence level: 100%)
hash14431
Rhadamanthys botnet C2 server (confidence level: 100%)
hash54872
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2973
Remcos botnet C2 server (confidence level: 100%)
hash9373
Remcos botnet C2 server (confidence level: 100%)
hash2080
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash8888
AsyncRAT botnet C2 server (confidence level: 100%)
hash9000
SectopRAT botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash13337
Havoc botnet C2 server (confidence level: 100%)
hash23
Bashlite botnet C2 server (confidence level: 100%)
hash4321
AdaptixC2 botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash80
Stealc botnet C2 server (confidence level: 100%)
hash80
Stealc botnet C2 server (confidence level: 100%)
hash8848
ValleyRAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash888
Ghost RAT botnet C2 server (confidence level: 100%)
hash443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash18244
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash3306
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8888
Sliver botnet C2 server (confidence level: 75%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash60000
Unknown malware botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash9081
Cobalt Strike botnet C2 server (confidence level: 75%)

Url

ValueDescriptionCopy
urlhttp://147.45.45.156:51000/challenge
Havoc botnet C2 (confidence level: 100%)
urlhttp://147.45.45.156:51000/fetch
Havoc botnet C2 (confidence level: 100%)
urlhttps://147.45.45.156/
Havoc botnet C2 (confidence level: 100%)
urlhttps://147.45.45.156:51000/fetch
Havoc botnet C2 (confidence level: 100%)
urlhttps://147.45.45.156:51000/challenge
Havoc botnet C2 (confidence level: 100%)
urlhttps://gowqpaz.com/shield.msi
Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://vuelaviajero.com/wp-includes/images/belashrt.php
Koi Loader botnet C2 (confidence level: 100%)
urlhttps://www.vuelaviajero.com/wp-includes/images/belashrt.php
Koi Loader botnet C2 (confidence level: 100%)
urlhttps://vuelaviajero.com/wp-includes/images/berylinewh.php
Koi Loader botnet C2 (confidence level: 100%)
urlhttps://www.vuelaviajero.com/wp-includes/images/berylinewh.php
Koi Loader botnet C2 (confidence level: 100%)
urlhttp://89.36.231.26/sempstrywork.php
Koi Stealer botnet C2 (confidence level: 100%)
urlhttp://89.36.231.26/index.php
Koi Stealer botnet C2 (confidence level: 100%)
urlhttps://throwfree.com/auth
Unknown Loader botnet C2 (confidence level: 100%)
urlhttp://45.91.202.249/4d508511aa6b4a4e.php
Stealc botnet C2 (confidence level: 100%)
urlhttp://178.236.252.126/d1efdd996aae4f49.php
Stealc botnet C2 (confidence level: 100%)

Threat ID: 68589d8b179a4edd60b5bfb6

Added to database: 6/23/2025, 12:19:23 AM

Last enriched: 6/23/2025, 12:20:00 AM

Last updated: 8/18/2025, 9:40:09 AM

Views: 35

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats