ThreatFox IOCs for 2025-06-23
ThreatFox IOCs for 2025-06-23
AI Analysis
Technical Summary
The provided threat intelligence concerns a malware-related entry titled "ThreatFox IOCs for 2025-06-23," sourced from the ThreatFox MISP feed. The threat is categorized primarily under OSINT (Open Source Intelligence), network activity, and payload delivery, indicating that it involves the collection and dissemination of indicators of compromise (IOCs) related to malware campaigns or network-based threats. The absence of specific affected product versions and the classification under 'osint' suggest that this entry is more of a threat intelligence artifact rather than a direct vulnerability or exploit targeting a particular software product. The technical details indicate a moderate threat level (2 on an unspecified scale), with some analysis and distribution activity noted, but no known exploits in the wild or patches available. The lack of CWEs and patch information further supports that this is an intelligence feed entry rather than a software vulnerability. The threat likely represents newly observed IOCs or patterns related to malware payload delivery mechanisms, which can be used by defenders to enhance detection and response capabilities. The 'tlp:white' tag indicates that the information is intended for wide distribution, emphasizing its role as a shared intelligence resource rather than a confidential alert about an active exploit. Overall, this threat entry serves as an OSINT resource to inform security teams about emerging malware-related network activities and payload delivery methods, enabling proactive defense measures.
Potential Impact
For European organizations, the impact of this threat is primarily indirect but significant in terms of enhancing situational awareness and improving detection capabilities. Since the threat entry does not describe a direct exploit or vulnerability but rather provides IOCs and intelligence related to malware payload delivery, its main value lies in enabling organizations to identify and mitigate potential malware infections early. Failure to incorporate such intelligence could lead to delayed detection of malware campaigns, increasing the risk of data breaches, operational disruptions, or lateral movement within networks. Given the medium severity rating and absence of known exploits, the immediate risk to confidentiality, integrity, and availability is moderate. However, organizations that do not leverage this intelligence may face higher exposure to evolving malware threats. The threat's focus on network activity and payload delivery suggests that organizations with extensive network infrastructure and internet-facing services are more susceptible to related attacks if they lack adequate monitoring and response capabilities.
Mitigation Recommendations
1. Integrate the provided IOCs from the ThreatFox feed into existing Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to enhance detection of related malware activity. 2. Regularly update threat intelligence platforms with feeds like ThreatFox to maintain current awareness of emerging malware payload delivery techniques. 3. Conduct network traffic analysis focusing on anomalous payload delivery patterns and suspicious network activity that align with the indicators provided. 4. Implement strict network segmentation and enforce least privilege principles to limit the potential spread of malware if payload delivery attempts succeed. 5. Train security operations teams to recognize and respond to the specific network behaviors and payload delivery methods highlighted by the intelligence. 6. Employ endpoint detection and response (EDR) solutions capable of identifying and mitigating malware payloads based on behavioral indicators. 7. Since no patches are available, emphasize proactive detection and containment rather than reliance on vulnerability remediation. 8. Collaborate with information sharing communities to exchange insights and validate the relevance of the IOCs within the European threat landscape.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- url: https://app2.symphoniabags.com/
- domain: app2.symphoniabags.com
- url: https://photo.suziestuder.com/viewdashboard
- domain: photo.suziestuder.com
- file: 23.27.134.21
- hash: 443
- file: 77.110.115.191
- hash: 443
- file: 39.105.169.190
- hash: 28080
- file: 23.226.54.63
- hash: 8043
- file: 43.162.114.79
- hash: 31337
- file: 157.230.178.249
- hash: 443
- file: 34.61.138.114
- hash: 7443
- file: 185.167.234.157
- hash: 80
- file: 73.234.3.3
- hash: 25565
- file: 46.19.46.99
- hash: 8000
- file: 54.160.149.207
- hash: 18244
- file: 194.5.212.164
- hash: 8080
- file: 88.198.15.183
- hash: 19000
- hash: 4575ddc65497f954a1c2d8c085b53a7dc6de1ed3e5a8817505cf595abd3f16a7
- hash: d821b01e64a0a34b786e282112039412130c78bf92c5ebf8bf6629c199673525
- hash: 699cd1a833827a701c589ae0655bc9191fa39daff94d011ca5a1b62b0ce8a9f0
- file: 23.226.54.25
- hash: 8043
- file: 23.226.54.77
- hash: 8043
- file: 46.101.114.218
- hash: 8443
- file: 154.219.107.192
- hash: 8080
- file: 75.69.164.4
- hash: 8808
- file: 196.251.71.222
- hash: 2404
- file: 77.83.207.163
- hash: 5005
- file: 31.57.219.16
- hash: 5938
- domain: static.161.152.69.159.clients.your-server.de
- file: 144.172.96.106
- hash: 80
- file: 144.172.96.106
- hash: 443
- file: 18.182.3.254
- hash: 3306
- file: 3.96.153.247
- hash: 33389
- file: 51.92.135.136
- hash: 20000
- file: 39.104.49.132
- hash: 60000
- file: 154.205.147.110
- hash: 80
- file: 51.210.182.99
- hash: 4994
- file: 122.112.217.26
- hash: 8023
- file: 47.130.80.88
- hash: 8880
- file: 54.185.39.125
- hash: 443
- file: 93.99.104.9
- hash: 3456
- file: 177.93.133.229
- hash: 3333
- file: 31.97.8.97
- hash: 8443
- file: 35.82.232.130
- hash: 443
- file: 44.241.58.88
- hash: 443
- file: 13.125.238.0
- hash: 3333
- file: 188.245.74.229
- hash: 3333
- file: 136.243.148.42
- hash: 636
- file: 181.4.188.28
- hash: 443
- url: https://myinetverif.cloud/f5l.dof
- file: 185.142.53.233
- hash: 80
- file: 196.251.117.41
- hash: 443
- file: 43.139.185.214
- hash: 1234
- url: https://fangvessel.icu/bin.php
- domain: onmolatori.icu
- file: 91.142.78.216
- hash: 1337
- domain: security.flinaregaozrd.com
- domain: faospe.com
- url: https://faospe.com/shield.msi
- file: 47.109.145.121
- hash: 8080
- file: 121.36.62.154
- hash: 80
- file: 124.220.205.147
- hash: 443
- file: 113.44.139.80
- hash: 887
- file: 1.94.134.92
- hash: 8080
- file: 119.45.115.168
- hash: 8888
- file: 47.251.102.141
- hash: 3306
- file: 88.252.167.136
- hash: 1002
- file: 221.165.219.73
- hash: 8888
- url: https://steamcommunity.com/profiles/76561199869630181
- url: https://t.me/l07tp
- url: https://116.202.176.52/
- url: https://f3.xo.mastermaths.com.sg/
- domain: f3.xo.mastermaths.com.sg
- file: 116.202.176.52
- hash: 443
- file: 195.201.254.239
- hash: 443
- domain: surfshark.pw
- file: 196.251.81.212
- hash: 2404
- file: 31.46.251.137
- hash: 2404
- file: 112.126.95.177
- hash: 8888
- file: 107.175.158.208
- hash: 80
- file: 107.175.158.208
- hash: 443
- file: 106.13.74.33
- hash: 443
- file: 119.91.227.214
- hash: 80
- file: 198.23.223.131
- hash: 80
- file: 45.138.16.246
- hash: 6606
- file: 43.162.114.79
- hash: 8888
- file: 195.3.223.146
- hash: 5551
- file: 185.156.72.28
- hash: 9000
- file: 64.227.123.59
- hash: 7443
- file: 196.251.87.27
- hash: 7443
- file: 102.117.168.208
- hash: 7443
- domain: shallowrepurpose.top
- file: 61.4.109.91
- hash: 443
- file: 185.216.116.234
- hash: 8080
- file: 93.232.106.230
- hash: 82
- file: 54.154.62.82
- hash: 81
- file: 91.84.109.91
- hash: 80
- file: 101.43.161.91
- hash: 8080
- file: 75.2.11.125
- hash: 8124
- file: 99.83.209.160
- hash: 8122
- domain: search.2y3rn846.com
- domain: wwwsec.top
- file: 103.243.27.247
- hash: 443
- file: 216.9.224.122
- hash: 13608
- file: 216.9.224.122
- hash: 13609
- file: 154.9.242.87
- hash: 8843
- file: 23.226.54.77
- hash: 443
- domain: kids-indeed.gl.at.ply.gg
- domain: people-climbing.gl.at.ply.gg
- domain: would-pepper.gl.at.ply.gg
- domain: apple-go.gl.at.ply.gg
- domain: conhostlogsdown.sytes.net
- file: 179.52.210.122
- hash: 4444
- file: 179.52.210.122
- hash: 9944
- file: 196.251.81.214
- hash: 2404
- file: 161.77.75.195
- hash: 50100
- file: 196.251.83.192
- hash: 2404
- domain: vselectbrasil.ddns.net
- domain: selectbackup.ddns.net
- file: 18.230.228.127
- hash: 1024
- file: 151.177.61.79
- hash: 4782
- file: 20.107.53.25
- hash: 25535
- domain: am164aa.kro.kr
- domain: s4ntiselac0m3-44679.portmap.io
- file: 5.129.211.88
- hash: 80
- file: 119.91.227.214
- hash: 8443
- file: 196.251.80.237
- hash: 2404
- file: 77.83.207.163
- hash: 5004
- file: 45.80.158.80
- hash: 2404
- file: 176.46.157.33
- hash: 9000
- domain: vmi1705427.contaboserver.net
- file: 13.211.207.49
- hash: 80
- file: 3.86.105.71
- hash: 5901
- file: 77.90.153.86
- hash: 443
- file: 8.138.147.68
- hash: 16337
- url: http://185.156.72.89/nzcwzue/login.php
- url: http://185.156.72.8/diamo/login.php
- file: 185.156.72.89
- hash: 80
- file: 185.156.72.8
- hash: 80
- url: http://olympiwurer.biz/c05a96621c8f4279.php
- domain: olympiwurer.biz
- file: 45.141.233.187
- hash: 80
- file: 185.208.158.168
- hash: 8443
- file: 196.251.117.41
- hash: 1234
- file: 23.226.54.38
- hash: 8043
- file: 107.174.88.61
- hash: 8443
- file: 196.251.88.113
- hash: 1337
- file: 104.36.83.230
- hash: 8808
- file: 196.251.83.225
- hash: 444
- file: 154.49.3.1
- hash: 47443
- file: 185.72.199.101
- hash: 1717
- file: 208.91.189.7
- hash: 5000
- domain: mythcc.evilpony.win
- file: 18.100.124.119
- hash: 789
- file: 54.87.185.33
- hash: 6667
- file: 54.87.185.33
- hash: 20717
- file: 176.96.131.92
- hash: 80
- file: 139.9.190.100
- hash: 8888
- file: 144.172.101.161
- hash: 8888
- file: 193.32.151.21
- hash: 46108
- file: 34.206.244.60
- hash: 443
- url: http://35.208.197.227:443/awrs
- file: 46.246.165.122
- hash: 995
- file: 8.130.113.207
- hash: 443
- file: 154.91.85.70
- hash: 6680
- file: 212.67.17.43
- hash: 32
- url: http://776162cm.shnyash.ru/providerline_securedefaultsqllocal.php
- file: 8.218.93.187
- hash: 7777
- file: 8.213.236.2
- hash: 6666
- url: http://a1139671.xsph.ru/85ccfc0f.php
- file: 85.117.242.6
- hash: 1985
- file: 196.251.70.223
- hash: 78
- url: http://rotomet.mycpanel.rs/ssl/zxc/fre.php
- file: 121.36.94.149
- hash: 8888
- url: http://a1139711.xsph.ru/d53e2703.php
- file: 107.172.232.92
- hash: 1912
- file: 188.212.158.75
- hash: 5557
- domain: cdn.feilvbing111.top
- domain: mail.printermaintenanceservice.com
- domain: ns1.ceshi897.cn
- domain: ns2.ceshi897.cn
- domain: ns3.ceshi897.cn
- domain: owa.printermaintenanceservice.com
- domain: profile.printermaintenanceservice.com
- file: 104.223.120.202
- hash: 53
- file: 110.40.147.170
- hash: 8003
- file: 124.222.114.76
- hash: 2200
- file: 124.222.74.146
- hash: 6666
- file: 146.56.229.241
- hash: 443
- file: 146.70.113.140
- hash: 80
- file: 154.219.109.205
- hash: 53
- file: 20.2.91.65
- hash: 443
- file: 23.226.54.31
- hash: 443
ThreatFox IOCs for 2025-06-23
Description
ThreatFox IOCs for 2025-06-23
AI-Powered Analysis
Technical Analysis
The provided threat intelligence concerns a malware-related entry titled "ThreatFox IOCs for 2025-06-23," sourced from the ThreatFox MISP feed. The threat is categorized primarily under OSINT (Open Source Intelligence), network activity, and payload delivery, indicating that it involves the collection and dissemination of indicators of compromise (IOCs) related to malware campaigns or network-based threats. The absence of specific affected product versions and the classification under 'osint' suggest that this entry is more of a threat intelligence artifact rather than a direct vulnerability or exploit targeting a particular software product. The technical details indicate a moderate threat level (2 on an unspecified scale), with some analysis and distribution activity noted, but no known exploits in the wild or patches available. The lack of CWEs and patch information further supports that this is an intelligence feed entry rather than a software vulnerability. The threat likely represents newly observed IOCs or patterns related to malware payload delivery mechanisms, which can be used by defenders to enhance detection and response capabilities. The 'tlp:white' tag indicates that the information is intended for wide distribution, emphasizing its role as a shared intelligence resource rather than a confidential alert about an active exploit. Overall, this threat entry serves as an OSINT resource to inform security teams about emerging malware-related network activities and payload delivery methods, enabling proactive defense measures.
Potential Impact
For European organizations, the impact of this threat is primarily indirect but significant in terms of enhancing situational awareness and improving detection capabilities. Since the threat entry does not describe a direct exploit or vulnerability but rather provides IOCs and intelligence related to malware payload delivery, its main value lies in enabling organizations to identify and mitigate potential malware infections early. Failure to incorporate such intelligence could lead to delayed detection of malware campaigns, increasing the risk of data breaches, operational disruptions, or lateral movement within networks. Given the medium severity rating and absence of known exploits, the immediate risk to confidentiality, integrity, and availability is moderate. However, organizations that do not leverage this intelligence may face higher exposure to evolving malware threats. The threat's focus on network activity and payload delivery suggests that organizations with extensive network infrastructure and internet-facing services are more susceptible to related attacks if they lack adequate monitoring and response capabilities.
Mitigation Recommendations
1. Integrate the provided IOCs from the ThreatFox feed into existing Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to enhance detection of related malware activity. 2. Regularly update threat intelligence platforms with feeds like ThreatFox to maintain current awareness of emerging malware payload delivery techniques. 3. Conduct network traffic analysis focusing on anomalous payload delivery patterns and suspicious network activity that align with the indicators provided. 4. Implement strict network segmentation and enforce least privilege principles to limit the potential spread of malware if payload delivery attempts succeed. 5. Train security operations teams to recognize and respond to the specific network behaviors and payload delivery methods highlighted by the intelligence. 6. Employ endpoint detection and response (EDR) solutions capable of identifying and mitigating malware payloads based on behavioral indicators. 7. Since no patches are available, emphasize proactive detection and containment rather than reliance on vulnerability remediation. 8. Collaborate with information sharing communities to exchange insights and validate the relevance of the IOCs within the European threat landscape.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 735e136a-56a1-42d3-bb43-aa6ad523eee3
- Original Timestamp
- 1750723386
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://app2.symphoniabags.com/ | FAKEUPDATES botnet C2 (confidence level: 100%) | |
urlhttps://photo.suziestuder.com/viewdashboard | FAKEUPDATES botnet C2 (confidence level: 100%) | |
urlhttps://myinetverif.cloud/f5l.dof | Lumma Stealer payload delivery URL (confidence level: 50%) | |
urlhttps://fangvessel.icu/bin.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttps://faospe.com/shield.msi | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://steamcommunity.com/profiles/76561199869630181 | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://t.me/l07tp | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://116.202.176.52/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://f3.xo.mastermaths.com.sg/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://185.156.72.89/nzcwzue/login.php | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://185.156.72.8/diamo/login.php | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://olympiwurer.biz/c05a96621c8f4279.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://35.208.197.227:443/awrs | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://776162cm.shnyash.ru/providerline_securedefaultsqllocal.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://a1139671.xsph.ru/85ccfc0f.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://rotomet.mycpanel.rs/ssl/zxc/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://a1139711.xsph.ru/d53e2703.php | DCRat botnet C2 (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainapp2.symphoniabags.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainphoto.suziestuder.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainstatic.161.152.69.159.clients.your-server.de | Havoc botnet C2 domain (confidence level: 100%) | |
domainonmolatori.icu | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainsecurity.flinaregaozrd.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainfaospe.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainf3.xo.mastermaths.com.sg | Vidar botnet C2 domain (confidence level: 100%) | |
domainsurfshark.pw | Unknown Loader payload delivery domain (confidence level: 90%) | |
domainshallowrepurpose.top | Havoc botnet C2 domain (confidence level: 100%) | |
domainsearch.2y3rn846.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainwwwsec.top | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainkids-indeed.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainpeople-climbing.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainwould-pepper.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainapple-go.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainconhostlogsdown.sytes.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainvselectbrasil.ddns.net | Remcos botnet C2 domain (confidence level: 100%) | |
domainselectbackup.ddns.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainam164aa.kro.kr | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domains4ntiselac0m3-44679.portmap.io | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainvmi1705427.contaboserver.net | Havoc botnet C2 domain (confidence level: 100%) | |
domainolympiwurer.biz | Stealc botnet C2 domain (confidence level: 100%) | |
domainmythcc.evilpony.win | Havoc botnet C2 domain (confidence level: 100%) | |
domaincdn.feilvbing111.top | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainmail.printermaintenanceservice.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns1.ceshi897.cn | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns2.ceshi897.cn | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns3.ceshi897.cn | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainowa.printermaintenanceservice.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainprofile.printermaintenanceservice.com | Cobalt Strike botnet C2 domain (confidence level: 75%) |
File
| Value | Description | Copy |
|---|---|---|
file23.27.134.21 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
file77.110.115.191 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
file39.105.169.190 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.54.63 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.162.114.79 | Sliver botnet C2 server (confidence level: 100%) | |
file157.230.178.249 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.61.138.114 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.167.234.157 | Hook botnet C2 server (confidence level: 100%) | |
file73.234.3.3 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file46.19.46.99 | Havoc botnet C2 server (confidence level: 100%) | |
file54.160.149.207 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file194.5.212.164 | BianLian botnet C2 server (confidence level: 100%) | |
file88.198.15.183 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file23.226.54.25 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.54.77 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file46.101.114.218 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.219.107.192 | Ghost RAT botnet C2 server (confidence level: 75%) | |
file75.69.164.4 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.71.222 | Remcos botnet C2 server (confidence level: 100%) | |
file77.83.207.163 | Remcos botnet C2 server (confidence level: 100%) | |
file31.57.219.16 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file144.172.96.106 | Lumma Stealer botnet C2 server (confidence level: 100%) | |
file144.172.96.106 | Lumma Stealer botnet C2 server (confidence level: 100%) | |
file18.182.3.254 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file3.96.153.247 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file51.92.135.136 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file39.104.49.132 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.205.147.110 | Stealc botnet C2 server (confidence level: 100%) | |
file51.210.182.99 | Unknown malware botnet C2 server (confidence level: 100%) | |
file122.112.217.26 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.130.80.88 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.185.39.125 | Unknown malware botnet C2 server (confidence level: 100%) | |
file93.99.104.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file177.93.133.229 | Unknown malware botnet C2 server (confidence level: 100%) | |
file31.97.8.97 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.82.232.130 | Unknown malware botnet C2 server (confidence level: 100%) | |
file44.241.58.88 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.125.238.0 | Unknown malware botnet C2 server (confidence level: 100%) | |
file188.245.74.229 | Unknown malware botnet C2 server (confidence level: 100%) | |
file136.243.148.42 | BianLian botnet C2 server (confidence level: 100%) | |
file181.4.188.28 | QakBot botnet C2 server (confidence level: 100%) | |
file185.142.53.233 | Mirai payload delivery server (confidence level: 100%) | |
file196.251.117.41 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.139.185.214 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.142.78.216 | Unknown Stealer botnet C2 server (confidence level: 75%) | |
file47.109.145.121 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.36.62.154 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.220.205.147 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file113.44.139.80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.94.134.92 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file119.45.115.168 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.251.102.141 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file88.252.167.136 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file221.165.219.73 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file116.202.176.52 | Vidar botnet C2 server (confidence level: 100%) | |
file195.201.254.239 | Vidar botnet C2 server (confidence level: 100%) | |
file196.251.81.212 | Remcos botnet C2 server (confidence level: 75%) | |
file31.46.251.137 | Remcos botnet C2 server (confidence level: 75%) | |
file112.126.95.177 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.175.158.208 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.175.158.208 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.13.74.33 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file119.91.227.214 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file198.23.223.131 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.138.16.246 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file43.162.114.79 | Sliver botnet C2 server (confidence level: 75%) | |
file195.3.223.146 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.156.72.28 | SectopRAT botnet C2 server (confidence level: 100%) | |
file64.227.123.59 | Unknown malware botnet C2 server (confidence level: 100%) | |
file196.251.87.27 | Unknown malware botnet C2 server (confidence level: 100%) | |
file102.117.168.208 | Unknown malware botnet C2 server (confidence level: 100%) | |
file61.4.109.91 | Havoc botnet C2 server (confidence level: 100%) | |
file185.216.116.234 | Venom RAT botnet C2 server (confidence level: 100%) | |
file93.232.106.230 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file54.154.62.82 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file91.84.109.91 | Unknown Stealer botnet C2 server (confidence level: 100%) | |
file101.43.161.91 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file75.2.11.125 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file99.83.209.160 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file103.243.27.247 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file216.9.224.122 | Remcos botnet C2 server (confidence level: 75%) | |
file216.9.224.122 | Remcos botnet C2 server (confidence level: 75%) | |
file154.9.242.87 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file23.226.54.77 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file179.52.210.122 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file179.52.210.122 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.81.214 | Remcos botnet C2 server (confidence level: 100%) | |
file161.77.75.195 | Remcos botnet C2 server (confidence level: 100%) | |
file196.251.83.192 | Remcos botnet C2 server (confidence level: 100%) | |
file18.230.228.127 | Remcos botnet C2 server (confidence level: 100%) | |
file151.177.61.79 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file20.107.53.25 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file5.129.211.88 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file119.91.227.214 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file196.251.80.237 | Remcos botnet C2 server (confidence level: 100%) | |
file77.83.207.163 | Remcos botnet C2 server (confidence level: 100%) | |
file45.80.158.80 | Remcos botnet C2 server (confidence level: 100%) | |
file176.46.157.33 | SectopRAT botnet C2 server (confidence level: 100%) | |
file13.211.207.49 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file3.86.105.71 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file77.90.153.86 | Latrodectus botnet C2 server (confidence level: 90%) | |
file8.138.147.68 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file185.156.72.89 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.156.72.8 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.141.233.187 | Stealc botnet C2 server (confidence level: 100%) | |
file185.208.158.168 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file196.251.117.41 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.54.38 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.174.88.61 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file196.251.88.113 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file104.36.83.230 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.83.225 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file154.49.3.1 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.72.199.101 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file208.91.189.7 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file18.100.124.119 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file54.87.185.33 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file54.87.185.33 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file176.96.131.92 | Bashlite botnet C2 server (confidence level: 100%) | |
file139.9.190.100 | Sliver botnet C2 server (confidence level: 75%) | |
file144.172.101.161 | Sliver botnet C2 server (confidence level: 75%) | |
file193.32.151.21 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file34.206.244.60 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file46.246.165.122 | QakBot botnet C2 server (confidence level: 75%) | |
file8.130.113.207 | Havoc botnet C2 server (confidence level: 75%) | |
file154.91.85.70 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file212.67.17.43 | N-W0rm botnet C2 server (confidence level: 100%) | |
file8.218.93.187 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file8.213.236.2 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file85.117.242.6 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file196.251.70.223 | Remcos botnet C2 server (confidence level: 100%) | |
file121.36.94.149 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file107.172.232.92 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file188.212.158.75 | NjRAT botnet C2 server (confidence level: 100%) | |
file104.223.120.202 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file110.40.147.170 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file124.222.114.76 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file124.222.74.146 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file146.56.229.241 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file146.70.113.140 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file154.219.109.205 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file20.2.91.65 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file23.226.54.31 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash443 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
hash443 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
hash28080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8043 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash25565 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8000 | Havoc botnet C2 server (confidence level: 100%) | |
hash18244 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8080 | BianLian botnet C2 server (confidence level: 100%) | |
hash19000 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash4575ddc65497f954a1c2d8c085b53a7dc6de1ed3e5a8817505cf595abd3f16a7 | Unknown malware payload (confidence level: 50%) | |
hashd821b01e64a0a34b786e282112039412130c78bf92c5ebf8bf6629c199673525 | Unknown malware payload (confidence level: 50%) | |
hash699cd1a833827a701c589ae0655bc9191fa39daff94d011ca5a1b62b0ce8a9f0 | Unknown malware payload (confidence level: 100%) | |
hash8043 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8043 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Ghost RAT botnet C2 server (confidence level: 75%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash5005 | Remcos botnet C2 server (confidence level: 100%) | |
hash5938 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash80 | Lumma Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Lumma Stealer botnet C2 server (confidence level: 100%) | |
hash3306 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash33389 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash20000 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash4994 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8023 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8880 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3456 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash636 | BianLian botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 100%) | |
hash80 | Mirai payload delivery server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1337 | Unknown Stealer botnet C2 server (confidence level: 75%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash887 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3306 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1002 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8888 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 75%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash5551 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8080 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash82 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash81 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Unknown Stealer botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8124 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8122 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash13608 | Remcos botnet C2 server (confidence level: 75%) | |
hash13609 | Remcos botnet C2 server (confidence level: 75%) | |
hash8843 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash4444 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9944 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash50100 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash1024 | Remcos botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash25535 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash5004 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash80 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash5901 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 90%) | |
hash16337 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8043 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1337 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash444 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash47443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1717 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash5000 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash789 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash6667 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash20717 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash46108 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash6680 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash32 | N-W0rm botnet C2 server (confidence level: 100%) | |
hash7777 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash1985 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash78 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash1912 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash5557 | NjRAT botnet C2 server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8003 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash2200 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash6666 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Threat ID: 6859ecbadec26fc862d8b4cc
Added to database: 6/24/2025, 12:09:30 AM
Last enriched: 6/24/2025, 12:25:15 AM
Last updated: 8/18/2025, 6:20:13 AM
Views: 34
Related Threats
ThreatFox IOCs for 2025-08-17
MediumThreatFox IOCs for 2025-08-16
MediumScammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumThreatFox IOCs for 2025-08-15
MediumThreat Actor Profile: Interlock Ransomware
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.