Skip to main content

ThreatFox IOCs for 2025-06-30

Medium
Published: Mon Jun 30 2025 (06/30/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-06-30

AI-Powered Analysis

AILast updated: 07/01/2025, 00:24:48 UTC

Technical Analysis

The provided information pertains to a security threat categorized as malware, specifically related to OSINT (Open Source Intelligence) and payload delivery with associated network activity. The threat is sourced from the ThreatFox MISP Feed and is dated June 30, 2025. The data indicates that this is a medium severity threat with no known exploits in the wild, no affected product versions, and no available patches. The threat appears to be primarily focused on the distribution of payloads through network activity, likely leveraging OSINT techniques for reconnaissance or delivery. The absence of specific indicators of compromise (IOCs) or detailed technical vulnerabilities limits the ability to define precise attack vectors or affected software. The threat level is rated as 2 on an unspecified scale, with moderate analysis and distribution scores, suggesting a moderate potential for spread or impact. Given the lack of CVEs or CWEs, this threat seems to be more about observed malicious activity or campaign intelligence rather than a specific software vulnerability. It may represent emerging malware or a campaign identified through OSINT methods, emphasizing the importance of monitoring network traffic and payload delivery mechanisms.

Potential Impact

For European organizations, the impact of this threat could manifest as unauthorized payload delivery leading to potential malware infections, data exfiltration, or network disruptions. Since the threat involves network activity and payload delivery, organizations with exposed network services or insufficient monitoring could be at risk. The medium severity suggests that while the threat is not immediately critical, it could facilitate further compromise if leveraged effectively by attackers. The lack of known exploits in the wild reduces immediate risk but does not eliminate the possibility of future exploitation. European entities involved in critical infrastructure, finance, or government sectors could face operational disruptions or data breaches if targeted. The OSINT nature of the threat implies attackers may be using publicly available information to tailor attacks, increasing the risk of successful social engineering or targeted payload delivery campaigns.

Mitigation Recommendations

To mitigate this threat, European organizations should enhance network monitoring to detect unusual payload delivery or network activity patterns, employing advanced intrusion detection and prevention systems (IDS/IPS) with updated threat intelligence feeds. Implementing strict egress and ingress filtering can reduce exposure to malicious payloads. Organizations should conduct regular OSINT-based threat hunting to identify potential reconnaissance activities against their infrastructure. Network segmentation and application whitelisting can limit the impact of successful payload delivery. Employee training on recognizing social engineering attempts and suspicious communications is essential due to the OSINT-driven nature of the threat. Since no patches are available, focus should be on detection and response capabilities, including timely incident response plans and forensic readiness to analyze and contain any infections promptly.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
abc472f1-142e-4fbf-b29b-934fba281b94
Original Timestamp
1751328185

Indicators of Compromise

Hash

ValueDescriptionCopy
hashb0874e98a3b25ffc94279b765c2442bb4ec1e4d3bfc3b13d90bdba7d0ac78fc5
Banload payload (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash3727
Remcos botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash4444
Orcus RAT botnet C2 server (confidence level: 100%)
hash7170
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash51030
Brute Ratel C4 botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash23
Bashlite botnet C2 server (confidence level: 100%)
hash8080
xmrig botnet C2 server (confidence level: 100%)
hash8081
FatalRat botnet C2 server (confidence level: 100%)
hash6666
ValleyRAT botnet C2 server (confidence level: 100%)
hashe2d7d65a347b3638f81939192294eb13
Unknown malware payload (confidence level: 50%)
hash2bf543faf679a374af5fc4848eea5a98
Unknown malware payload (confidence level: 50%)
hash2e07a4de9e6ba84728fbdf27384ea0b9
Unknown malware payload (confidence level: 50%)
hashcc1da5f900c8d38f4d56006549e6734c
Unknown malware payload (confidence level: 50%)
hash82afcebc49f49b758de83b3275c91137
Unknown malware payload (confidence level: 50%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash4444
Quasar RAT botnet C2 server (confidence level: 100%)
hash9090
Venom RAT botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash33331
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8081
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash2000
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash51144
Unknown malware botnet C2 server (confidence level: 100%)
hash5902
Rhadamanthys botnet C2 server (confidence level: 100%)
hash444
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8009
Cobalt Strike botnet C2 server (confidence level: 50%)
hash1025
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8000
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash80
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash1337
Unknown malware botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash443
Ghost RAT botnet C2 server (confidence level: 50%)
hash443
Ghost RAT botnet C2 server (confidence level: 50%)
hash80
Ghost RAT botnet C2 server (confidence level: 50%)
hash80
Ghost RAT botnet C2 server (confidence level: 50%)
hash8083
ShadowPad botnet C2 server (confidence level: 50%)
hash2067
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash2154
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash1604
DarkComet botnet C2 server (confidence level: 50%)
hash1604
DarkComet botnet C2 server (confidence level: 50%)
hash80
Unknown malware botnet C2 server (confidence level: 50%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 50%)
hash9898
DCRat botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash80
Unknown RAT botnet C2 server (confidence level: 50%)
hash443
Kimsuky botnet C2 server (confidence level: 50%)
hash50443
Mozi botnet C2 server (confidence level: 50%)
hash47243
AsyncRAT botnet C2 server (confidence level: 50%)
hash53670
Nanocore RAT botnet C2 server (confidence level: 50%)
hash2229
NetWire RC botnet C2 server (confidence level: 50%)
hash7778
SpyNote botnet C2 server (confidence level: 50%)
hash443
Vidar botnet C2 server (confidence level: 75%)
hash443
Vidar botnet C2 server (confidence level: 75%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8006
ValleyRAT botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash18443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9090
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash1018
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash18950
Quasar RAT botnet C2 server (confidence level: 100%)
hash9300
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash51200
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Bashlite botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash6500
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash3657
ValleyRAT botnet C2 server (confidence level: 100%)
hash2906
Remcos botnet C2 server (confidence level: 100%)
hash1337
PureLogs Stealer botnet C2 server (confidence level: 66%)
hash7781
PureLogs Stealer botnet C2 server (confidence level: 66%)
hash4444
Meterpreter botnet C2 server (confidence level: 75%)
hash1012
XWorm botnet C2 server (confidence level: 88%)
hash8080
XWorm botnet C2 server (confidence level: 66%)
hash8780
XWorm botnet C2 server (confidence level: 99%)
hash36465
XWorm botnet C2 server (confidence level: 99%)
hash80
Stealc botnet C2 server (confidence level: 88%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash40000
Sliver botnet C2 server (confidence level: 100%)
hash7000
AsyncRAT botnet C2 server (confidence level: 100%)
hash5222
AsyncRAT botnet C2 server (confidence level: 100%)
hash5969
AsyncRAT botnet C2 server (confidence level: 100%)
hash222
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash82
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash20574
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash1024
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash18244
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash61000
Chaos botnet C2 server (confidence level: 100%)
hash8099
XWorm botnet C2 server (confidence level: 100%)
hash52111
ValleyRAT botnet C2 server (confidence level: 100%)
hash443
FAKEUPDATES botnet C2 server (confidence level: 100%)
hash5858
Remcos botnet C2 server (confidence level: 75%)
hash11111
Cobalt Strike botnet C2 server (confidence level: 50%)
hash6661
Cobalt Strike botnet C2 server (confidence level: 50%)
hash4445
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8866
Cobalt Strike botnet C2 server (confidence level: 50%)
hash55443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash990
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash15
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash2008
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash4063
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash3306
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash3001
AsyncRAT botnet C2 server (confidence level: 50%)
hash444
AsyncRAT botnet C2 server (confidence level: 50%)
hash8090
Unknown malware botnet C2 server (confidence level: 50%)
hash7443
Unknown malware botnet C2 server (confidence level: 50%)
hash54984
Nanocore RAT botnet C2 server (confidence level: 50%)
hash4002
Xtreme RAT botnet C2 server (confidence level: 50%)
hash443
Ghost RAT botnet C2 server (confidence level: 50%)
hash9000
SectopRAT botnet C2 server (confidence level: 50%)
hash20909
Remcos botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 75%)
hash0433393db68ff35f1daa147b987b5795
Akira payload (confidence level: 50%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash7712
Aurotun Stealer botnet C2 server (confidence level: 100%)
hash8888
Rhadamanthys botnet C2 server (confidence level: 75%)
hash5222
Revenge RAT botnet C2 server (confidence level: 100%)
hash5017
N-W0rm botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash6534
Remcos botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash555
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Venom RAT botnet C2 server (confidence level: 100%)
hash443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash1244
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash2199
Crimson RAT botnet C2 server (confidence level: 100%)
hash43211
AdaptixC2 botnet C2 server (confidence level: 100%)
hash1eef40b82b5e84b44d33c0a6bb7a8cbea086db321bf455f0e6dab8336c6af50b
DragonForce payload (confidence level: 100%)
hashf5df98b344242c5eaad1fce421c640fadd71f7f21379d2bf7309001dfeb25972
DragonForce payload (confidence level: 100%)
hasha399a293cc3f25f6250ebee65e6e60e818831925769d540354275e9ad87bb5bb
DragonForce payload (confidence level: 100%)
hash24e8ef41ead6fc45d9a7ec2c306fd04373eaa93bbae0bd1551a10234574d0e07
DragonForce payload (confidence level: 100%)
hashdf5ab9015833023a03f92a797e20196672c1d6525501a9f9a94a45b0904c7403
DragonForce payload (confidence level: 100%)
hashb714cb02cfd5d67e1502b45242636ee6b35c1b609072d3082378c50a177df15d
DragonForce payload (confidence level: 100%)
hash1ccf8baf11427fae273ffed587b41c857fa2d8f3d3c6c0ddaa1fe4835f665eba
DragonForce payload (confidence level: 100%)
hashd67a475f72ca65fd1ac5fd3be2f1cce2db78ba074f54dc4c4738d374d0eb19c7
DragonForce payload (confidence level: 100%)
hash8a193db0ff08237f63c036d422f52276a4e575476763dc391455ed5b12269c07
DragonForce payload (confidence level: 100%)
hash6782ad0c3efc0d0520dc2088e952c504f6a069c36a0308b88c7daadd600250a9
DragonForce payload (confidence level: 100%)
hashd06b5a200292fedcfb4d4aecac32387a2e5b5bb09aaab5199c56bab3031257d6
DragonForce payload (confidence level: 100%)
hash6677e07bcccdeb28e532bb030f2ff2e4e39049caf6a1a0f9cd7f50e6d829daac
DragonForce payload (confidence level: 100%)
hashb9ee022489931c6b68b63b0ae34eb1b4ef141e9bb456e84034603a9ae04e5db9
DragonForce payload (confidence level: 100%)
hash80e3a04fa68be799b3c91737e1918f8394b250603a231a251524244e4d7f77d9
DragonForce payload (confidence level: 100%)
hashd626eb0565fac677fdc13fb0555967dc31e600c74fbbd110b744f8e3a59dd3f9
DragonForce payload (confidence level: 100%)
hash822ceefb12b030f2ff28dcda6776addda77b041dbb48d2e3a8c305721f4cc8ef
DragonForce payload (confidence level: 100%)
hashb9bba02d18bacc4bc8d9e4f70657d381568075590cc9d0e7590327d854224b32
DragonForce payload (confidence level: 100%)
hashc844d02c91d5e6dc293de80085ad2f69b5c44bc46ec9fdaa4e3efbda062c871c
DragonForce payload (confidence level: 100%)
hashba1be94550898eedb10eb73cb5383a2d1050e96ec4df8e0bf680d3e76a9e2429
DragonForce payload (confidence level: 100%)
hashb10129c175c007148dd4f5aff4d7fb61eb3e4b0ed4897fea6b33e90555f2b845
DragonForce payload (confidence level: 100%)
hash70afd8efb34382badead93ae104d958256de6be8054227ccc85fe95d5c5f9db0
DragonForce payload (confidence level: 100%)
hash01f1e82d4c2b04a4652348fb18bb480396db2229c4fd22d2be1ea58e6bf4a570
DragonForce payload (confidence level: 100%)
hashd4de7d7990114c51056afeedb827d880549d5761aac6bdef0f14cb17c25103b3
DragonForce payload (confidence level: 100%)
hash312ca1a8e35dcf5b80b1526948bd1081fed2293b31d061635e9f048f3fe5eb83
DragonForce payload (confidence level: 100%)
hash9999
Havoc botnet C2 server (confidence level: 75%)
hash443
Havoc botnet C2 server (confidence level: 75%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash9011
ValleyRAT botnet C2 server (confidence level: 100%)

Domain

ValueDescriptionCopy
domainsecurity.flqergoaurd.com
Unknown malware payload delivery domain (confidence level: 100%)
domainpobikc.com
Unknown malware payload delivery domain (confidence level: 100%)
domainnotifications.rubyhall.in.net
Unknown malware botnet C2 domain (confidence level: 100%)
domainwww3.accounts.rubyhall.in.net
Unknown malware botnet C2 domain (confidence level: 100%)
domain114.138.61.34.bc.googleusercontent.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainapis.rubyhall.in.net
Unknown malware botnet C2 domain (confidence level: 100%)
domainec2-3-145-32-11.us-east-2.compute.amazonaws.com
Havoc botnet C2 domain (confidence level: 100%)
domainsecurityhealthsystray.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 50%)
domainabc.galaxias.cc
Mirai botnet C2 domain (confidence level: 50%)
domainapi.chanlevip.site
Mirai botnet C2 domain (confidence level: 50%)
domainfearoxe.duckdns.org
Mirai botnet C2 domain (confidence level: 50%)
domainhellocamel.p-e.kr
Mirai botnet C2 domain (confidence level: 50%)
domainmafia.trumdvfb.com
Mirai botnet C2 domain (confidence level: 50%)
domainimportant-ala.gl.at.ply.gg
Nanocore RAT botnet C2 domain (confidence level: 50%)
domainrobinmmadi.servehumour.com
NetWire RC botnet C2 domain (confidence level: 50%)
domainmyaw.no-ip.biz
NjRAT botnet C2 domain (confidence level: 50%)
domainrrfasdsa-27990.portmap.io
Quasar RAT botnet C2 domain (confidence level: 50%)
domainwizzyandrichy.hopto.org
Remcos botnet C2 domain (confidence level: 50%)
domainbuilt-punch.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domaingalilaospa.com
PureLogs Stealer botnet C2 domain (confidence level: 50%)
domain12.35.redc.eu.org
Vidar botnet C2 domain (confidence level: 100%)
domainds.exifit.eu.org
Vidar botnet C2 domain (confidence level: 100%)
domainqr.ap.4t.com
Vidar botnet C2 domain (confidence level: 75%)
domain17.aa.4t.com
Vidar botnet C2 domain (confidence level: 75%)
domainodyssey1.to
Unknown Stealer botnet C2 domain (confidence level: 50%)
domainodyssey-st.com
Unknown Stealer botnet C2 domain (confidence level: 50%)
domainput-ladder.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainads-teachers.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainuwammunachimso.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainb0dnyoxrn.localto.net
NjRAT botnet C2 domain (confidence level: 100%)
domainrbmlh.xyz
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainosetigolumdede.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainbit-bathrooms.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainbackupindvy.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainjava-romance.gl.at.ply.gg
NjRAT botnet C2 domain (confidence level: 100%)
domainadvertising-mary.gl.at.ply.gg
NjRAT botnet C2 domain (confidence level: 100%)
domainiujqdwh-61305.portmap.io
SpyNote botnet C2 domain (confidence level: 100%)
domainauth.bobbleflatfoot.lat
ACR Stealer botnet C2 domain (confidence level: 100%)
domainsample.tcroadgear.com
FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainc2.atomdata.xyz
Mirai botnet C2 domain (confidence level: 50%)
domainmotre.jbvpshosti.com
Mirai botnet C2 domain (confidence level: 50%)
domainchukwunweikefrankokiteamaekeibeku.ydns.eu
Remcos botnet C2 domain (confidence level: 100%)
domainmarketlumma.ru
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainprezud.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainmoslet.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainmahrox.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaintakefhq.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaincouplpx.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainflizsf.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainnorthav.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainpiejfw.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainliqz.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainirremr.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainimperfl.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainsmoozof.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainthicpl.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaintheuid.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainuponou.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainstrupc.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainenadpn.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaincryswfn.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaincziv.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainfalsiu.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainjaizmf.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainisstdd.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainheojy.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainnysux.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainaligey.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainschiad.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainpapsklg.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaingrhod.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainlighri.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainglhvps.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainrenoex.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainparlqo.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainjuslcl.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaincentbua.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainnybzxz.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainsenylup.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainusecdvo.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaintretpn.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaindarkibn.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainyufxt.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaindecyzz.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaincouamcs.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainasy5858c.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainasy5858d.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainasy5858b.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainasy5858a.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainnewstartagain.servequake.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainnewstartagain50.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainsyqkar3wt.localto.net
Quasar RAT botnet C2 domain (confidence level: 100%)
domainmike-ie.at.ply.gg
NjRAT botnet C2 domain (confidence level: 100%)
domain6.p.exifit.eu.org
Vidar botnet C2 domain (confidence level: 75%)
domainreporting.teams.m365.acenm.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainoutlook.teams.m365.acenm.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainokta.teams.m365.acenm.com
Unknown malware botnet C2 domain (confidence level: 100%)
domaing.sst.teams.m365.acenm.com
Unknown malware botnet C2 domain (confidence level: 100%)
domaingui.teams.m365.acenm.com
Unknown malware botnet C2 domain (confidence level: 100%)
domaincsp.teams.m365.acenm.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainacc.teams.m365.acenm.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainapm.vpce.gdw55e.teams.m365.acenm.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainsso.teams.m365.acenm.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainaccount.teams.m365.acenm.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainlive.teams.m365.acenm.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainevents.api.teams.m365.acenm.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainssl.teams.m365.acenm.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainok.teams.m365.acenm.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainns1.cooke-int.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainns1.nmd5.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainns2.nmd5.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainwww.csgo-csgo-go.it.com
Cobalt Strike botnet C2 domain (confidence level: 75%)

File

ValueDescriptionCopy
file116.193.170.74
Cobalt Strike botnet C2 server (confidence level: 100%)
file116.193.170.77
Cobalt Strike botnet C2 server (confidence level: 100%)
file116.193.170.75
Cobalt Strike botnet C2 server (confidence level: 100%)
file116.193.170.76
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.159.99.10
Remcos botnet C2 server (confidence level: 100%)
file173.225.102.145
Remcos botnet C2 server (confidence level: 100%)
file196.251.86.71
Sliver botnet C2 server (confidence level: 100%)
file1.54.160.205
Orcus RAT botnet C2 server (confidence level: 100%)
file18.170.213.135
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file8.217.196.192
Brute Ratel C4 botnet C2 server (confidence level: 100%)
file5.89.242.114
Unknown malware botnet C2 server (confidence level: 100%)
file3.106.188.239
Unknown malware botnet C2 server (confidence level: 100%)
file109.77.7.181
Bashlite botnet C2 server (confidence level: 100%)
file196.251.86.71
xmrig botnet C2 server (confidence level: 100%)
file206.238.114.5
FatalRat botnet C2 server (confidence level: 100%)
file47.76.202.30
ValleyRAT botnet C2 server (confidence level: 100%)
file47.92.106.246
Cobalt Strike botnet C2 server (confidence level: 100%)
file180.76.133.249
Cobalt Strike botnet C2 server (confidence level: 100%)
file196.251.115.143
AsyncRAT botnet C2 server (confidence level: 100%)
file134.199.153.141
Unknown malware botnet C2 server (confidence level: 100%)
file77.90.153.169
Hook botnet C2 server (confidence level: 100%)
file146.70.215.60
Quasar RAT botnet C2 server (confidence level: 100%)
file87.121.79.21
Venom RAT botnet C2 server (confidence level: 100%)
file84.234.17.121
Unknown malware botnet C2 server (confidence level: 100%)
file129.204.155.166
Unknown malware botnet C2 server (confidence level: 100%)
file34.246.252.191
Unknown malware botnet C2 server (confidence level: 100%)
file52.58.221.53
Unknown malware botnet C2 server (confidence level: 100%)
file103.175.218.112
Unknown malware botnet C2 server (confidence level: 100%)
file16.170.227.41
Unknown malware botnet C2 server (confidence level: 100%)
file200.92.152.190
Unknown malware botnet C2 server (confidence level: 100%)
file62.210.124.33
Unknown malware botnet C2 server (confidence level: 100%)
file65.0.130.57
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file77.83.207.151
Unknown malware botnet C2 server (confidence level: 100%)
file77.73.129.44
Rhadamanthys botnet C2 server (confidence level: 100%)
file121.61.98.217
Cobalt Strike botnet C2 server (confidence level: 50%)
file132.232.166.80
Cobalt Strike botnet C2 server (confidence level: 50%)
file82.202.173.167
Cobalt Strike botnet C2 server (confidence level: 50%)
file217.154.212.25
Cobalt Strike botnet C2 server (confidence level: 50%)
file47.94.54.30
Cobalt Strike botnet C2 server (confidence level: 50%)
file20.206.138.78
Cobalt Strike botnet C2 server (confidence level: 50%)
file52.22.18.149
Cobalt Strike botnet C2 server (confidence level: 50%)
file35.91.181.115
Cobalt Strike botnet C2 server (confidence level: 50%)
file103.103.46.55
Cobalt Strike botnet C2 server (confidence level: 50%)
file92.119.96.59
Cobalt Strike botnet C2 server (confidence level: 50%)
file103.56.19.86
Sliver botnet C2 server (confidence level: 50%)
file157.245.144.9
Sliver botnet C2 server (confidence level: 50%)
file68.183.237.222
Sliver botnet C2 server (confidence level: 50%)
file109.73.202.146
Sliver botnet C2 server (confidence level: 50%)
file45.136.15.6
Sliver botnet C2 server (confidence level: 50%)
file209.38.212.39
Sliver botnet C2 server (confidence level: 50%)
file185.213.240.25
Sliver botnet C2 server (confidence level: 50%)
file23.227.203.244
Sliver botnet C2 server (confidence level: 50%)
file34.132.104.246
Sliver botnet C2 server (confidence level: 50%)
file216.120.201.133
Sliver botnet C2 server (confidence level: 50%)
file164.90.197.183
Sliver botnet C2 server (confidence level: 50%)
file149.56.12.194
Sliver botnet C2 server (confidence level: 50%)
file135.181.172.68
Unknown malware botnet C2 server (confidence level: 50%)
file35.192.187.146
Unknown malware botnet C2 server (confidence level: 50%)
file85.215.173.240
Unknown malware botnet C2 server (confidence level: 50%)
file24.199.101.235
Unknown malware botnet C2 server (confidence level: 50%)
file129.134.160.4
Ghost RAT botnet C2 server (confidence level: 50%)
file149.210.67.218
Ghost RAT botnet C2 server (confidence level: 50%)
file91.4.41.235
Ghost RAT botnet C2 server (confidence level: 50%)
file185.68.215.146
Ghost RAT botnet C2 server (confidence level: 50%)
file80.225.209.211
ShadowPad botnet C2 server (confidence level: 50%)
file3.29.93.102
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file54.193.88.160
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file37.148.209.127
DarkComet botnet C2 server (confidence level: 50%)
file189.150.93.156
DarkComet botnet C2 server (confidence level: 50%)
file77.110.113.7
Unknown malware botnet C2 server (confidence level: 50%)
file223.109.206.162
Xtreme RAT botnet C2 server (confidence level: 50%)
file108.165.100.252
DCRat botnet C2 server (confidence level: 50%)
file196.251.73.155
Havoc botnet C2 server (confidence level: 50%)
file193.29.59.248
Unknown RAT botnet C2 server (confidence level: 50%)
file27.102.138.169
Kimsuky botnet C2 server (confidence level: 50%)
file117.216.185.180
Mozi botnet C2 server (confidence level: 50%)
file147.185.221.29
AsyncRAT botnet C2 server (confidence level: 50%)
file147.185.221.29
Nanocore RAT botnet C2 server (confidence level: 50%)
file37.9.53.122
NetWire RC botnet C2 server (confidence level: 50%)
file38.95.173.116
SpyNote botnet C2 server (confidence level: 50%)
file116.203.167.110
Vidar botnet C2 server (confidence level: 75%)
file116.202.184.145
Vidar botnet C2 server (confidence level: 75%)
file140.99.130.43
Cobalt Strike botnet C2 server (confidence level: 100%)
file110.42.203.222
Cobalt Strike botnet C2 server (confidence level: 100%)
file109.120.137.74
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.140.163.67
ValleyRAT botnet C2 server (confidence level: 100%)
file185.156.73.52
Cobalt Strike botnet C2 server (confidence level: 100%)
file150.158.98.7
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.92.34.168
Cobalt Strike botnet C2 server (confidence level: 100%)
file137.175.97.242
Cobalt Strike botnet C2 server (confidence level: 100%)
file23.27.201.30
Sliver botnet C2 server (confidence level: 100%)
file47.76.29.196
Unknown malware botnet C2 server (confidence level: 100%)
file128.90.113.179
AsyncRAT botnet C2 server (confidence level: 100%)
file143.198.29.141
Unknown malware botnet C2 server (confidence level: 100%)
file66.228.58.244
Quasar RAT botnet C2 server (confidence level: 100%)
file65.0.130.57
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file65.0.130.57
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file43.159.53.42
Unknown malware botnet C2 server (confidence level: 100%)
file207.167.64.24
Bashlite botnet C2 server (confidence level: 100%)
file1.161.122.249
QakBot botnet C2 server (confidence level: 75%)
file13.248.186.157
DeimosC2 botnet C2 server (confidence level: 75%)
file38.60.252.77
Cobalt Strike botnet C2 server (confidence level: 75%)
file198.23.175.35
Remcos botnet C2 server (confidence level: 100%)
file196.251.72.222
Remcos botnet C2 server (confidence level: 100%)
file154.91.84.54
ValleyRAT botnet C2 server (confidence level: 100%)
file196.251.71.110
Remcos botnet C2 server (confidence level: 100%)
file185.100.157.161
PureLogs Stealer botnet C2 server (confidence level: 66%)
file198.46.178.137
PureLogs Stealer botnet C2 server (confidence level: 66%)
file188.166.179.128
Meterpreter botnet C2 server (confidence level: 75%)
file84.38.129.46
XWorm botnet C2 server (confidence level: 88%)
file89.144.60.15
XWorm botnet C2 server (confidence level: 66%)
file198.12.126.169
XWorm botnet C2 server (confidence level: 99%)
file216.250.252.224
XWorm botnet C2 server (confidence level: 99%)
file185.231.69.176
Stealc botnet C2 server (confidence level: 88%)
file104.37.5.194
Remcos botnet C2 server (confidence level: 100%)
file123.55.208.75
Sliver botnet C2 server (confidence level: 100%)
file196.251.87.133
AsyncRAT botnet C2 server (confidence level: 100%)
file45.74.10.38
AsyncRAT botnet C2 server (confidence level: 100%)
file191.96.207.250
AsyncRAT botnet C2 server (confidence level: 100%)
file78.161.14.229
AsyncRAT botnet C2 server (confidence level: 100%)
file16.171.5.23
Unknown malware botnet C2 server (confidence level: 100%)
file93.232.111.2
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file18.167.126.213
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file18.167.126.213
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file3.38.95.53
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file104.250.135.50
Chaos botnet C2 server (confidence level: 100%)
file154.40.47.26
XWorm botnet C2 server (confidence level: 100%)
file156.234.58.194
ValleyRAT botnet C2 server (confidence level: 100%)
file166.88.164.79
FAKEUPDATES botnet C2 server (confidence level: 100%)
file195.177.94.9
Remcos botnet C2 server (confidence level: 75%)
file129.226.212.179
Cobalt Strike botnet C2 server (confidence level: 50%)
file14.103.154.84
Cobalt Strike botnet C2 server (confidence level: 50%)
file176.126.114.137
Cobalt Strike botnet C2 server (confidence level: 50%)
file103.243.24.130
Cobalt Strike botnet C2 server (confidence level: 50%)
file157.230.184.163
Cobalt Strike botnet C2 server (confidence level: 50%)
file157.230.184.163
Cobalt Strike botnet C2 server (confidence level: 50%)
file114.67.230.150
Cobalt Strike botnet C2 server (confidence level: 50%)
file91.225.217.174
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file34.229.233.140
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file13.201.10.2
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file34.240.13.90
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file178.128.19.183
Sliver botnet C2 server (confidence level: 50%)
file185.156.202.203
Sliver botnet C2 server (confidence level: 50%)
file78.161.14.229
AsyncRAT botnet C2 server (confidence level: 50%)
file78.161.14.229
AsyncRAT botnet C2 server (confidence level: 50%)
file45.192.176.72
Unknown malware botnet C2 server (confidence level: 50%)
file106.14.51.126
Unknown malware botnet C2 server (confidence level: 50%)
file71.46.121.182
Nanocore RAT botnet C2 server (confidence level: 50%)
file166.255.181.65
Xtreme RAT botnet C2 server (confidence level: 50%)
file149.210.43.152
Ghost RAT botnet C2 server (confidence level: 50%)
file185.93.89.139
SectopRAT botnet C2 server (confidence level: 50%)
file31.57.38.195
Remcos botnet C2 server (confidence level: 100%)
file185.121.233.71
Quasar RAT botnet C2 server (confidence level: 75%)
file18.196.52.53
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.47.107.103
Cobalt Strike botnet C2 server (confidence level: 100%)
file172.192.13.92
Cobalt Strike botnet C2 server (confidence level: 100%)
file139.84.218.221
Sliver botnet C2 server (confidence level: 100%)
file84.200.17.240
Aurotun Stealer botnet C2 server (confidence level: 100%)
file45.153.34.134
Rhadamanthys botnet C2 server (confidence level: 75%)
file18.231.121.65
Revenge RAT botnet C2 server (confidence level: 100%)
file112.2.16.110
N-W0rm botnet C2 server (confidence level: 100%)
file158.160.179.129
Cobalt Strike botnet C2 server (confidence level: 100%)
file23.224.194.175
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.227.253.10
Cobalt Strike botnet C2 server (confidence level: 100%)
file113.44.176.164
Cobalt Strike botnet C2 server (confidence level: 100%)
file157.230.187.242
Cobalt Strike botnet C2 server (confidence level: 100%)
file110.42.203.222
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.122.95.37
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.211.230.55
Remcos botnet C2 server (confidence level: 100%)
file170.39.184.193
Remcos botnet C2 server (confidence level: 100%)
file5.252.153.84
Remcos botnet C2 server (confidence level: 100%)
file62.171.148.172
Sliver botnet C2 server (confidence level: 100%)
file185.62.87.191
AsyncRAT botnet C2 server (confidence level: 100%)
file83.217.208.19
Venom RAT botnet C2 server (confidence level: 100%)
file102.100.54.55
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file78.12.244.199
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file209.145.56.66
Crimson RAT botnet C2 server (confidence level: 100%)
file23.227.203.248
AdaptixC2 botnet C2 server (confidence level: 100%)
file164.92.112.82
Havoc botnet C2 server (confidence level: 75%)
file42.194.179.129
Havoc botnet C2 server (confidence level: 75%)
file85.110.181.216
QakBot botnet C2 server (confidence level: 75%)
file47.107.136.106
Cobalt Strike botnet C2 server (confidence level: 75%)
file8.220.182.237
ValleyRAT botnet C2 server (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttp://196.251.116.200/d79737dfb3a8401a.php
Stealc botnet C2 (confidence level: 50%)
urlhttp://31.43.185.30/ku9f3ton/login.php
Amadey botnet C2 (confidence level: 50%)
urlhttp://48.210.223.56:8080/supershell/login
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://44.211.217.70/
Hook botnet C2 (confidence level: 50%)
urlhttp://154.0.170.61:88/pages/login.php
Unknown malware botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/4d1ykxxt
AsyncRAT botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/cwx2e1qs
AsyncRAT botnet C2 (confidence level: 50%)
urlhttps://onedrive.live.com/download?cid=7c3bbcb226195604&resid=7c3bbcb226195604%21107&authkey=ahbjnu2mopli-jo
Unknown Loader payload delivery URL (confidence level: 50%)
urlhttps://12.35.redc.eu.org/
Vidar botnet C2 (confidence level: 100%)
urlhttps://ds.exifit.eu.org/
Vidar botnet C2 (confidence level: 100%)
urlhttps://116.202.184.145/
Vidar botnet C2 (confidence level: 100%)
urlhttps://qr.ap.4t.com
Vidar botnet C2 (confidence level: 75%)
urlhttps://17.aa.4t.com
Vidar botnet C2 (confidence level: 75%)
urlhttps://tarewry.xyz/gaie
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://185.231.69.176/0a01b272aae84503.php
Stealc botnet C2 (confidence level: 100%)
urlhttp://31.59.40.115/07f82c4c47d99755.php
Stealc botnet C2 (confidence level: 100%)
urlhttps://shadeplant.xyz/bin.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://rbmlh.xyz/lakd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://sample.tcroadgear.com/viewdashboard
FAKEUPDATES botnet C2 (confidence level: 100%)
urlhttps://storage-static4f6575d55box.s3.eu-west-1.amazonaws.com/mzocc3tzkxuxaqt?em
Latrodectus payload delivery URL (confidence level: 95%)
urlhttps://amountboy.xyz/bin.php
Unknown Loader botnet C2 (confidence level: 50%)
urlhttp://a1141936.xsph.ru/fa3c5f87.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://steamcommunity.com/profiles/76561199872233764
Vidar botnet C2 (confidence level: 75%)
urlhttps://t.me/q0l0o
Vidar botnet C2 (confidence level: 75%)
urlhttps://116.202.186.71
Vidar botnet C2 (confidence level: 75%)
urlhttps://6.p.exifit.eu.org
Vidar botnet C2 (confidence level: 75%)

Threat ID: 6863272e6f40f0eb728d9662

Added to database: 7/1/2025, 12:09:18 AM

Last enriched: 7/1/2025, 12:24:48 AM

Last updated: 7/14/2025, 7:52:03 AM

Views: 29

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats