Skip to main content

ThreatFox IOCs for 2025-07-01

Medium
Published: Tue Jul 01 2025 (07/01/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-07-01

AI-Powered Analysis

AILast updated: 07/02/2025, 00:24:32 UTC

Technical Analysis

The provided information pertains to a set of Indicators of Compromise (IOCs) from the ThreatFox MISP Feed dated July 1, 2025. The threat is categorized as malware-related, specifically focusing on OSINT (Open Source Intelligence), network activity, and payload delivery. However, the details are sparse, with no specific affected software versions, no known exploits in the wild, and no patches available. The threat level is indicated as medium (threatLevel 2 on an unspecified scale), with moderate distribution (3) and minimal analysis (1), suggesting that this is an early-stage or low-profile threat. The absence of concrete technical details, such as specific malware families, attack vectors, or payload characteristics, limits the depth of analysis. The IOCs themselves are not provided, which restricts the ability to identify or detect this threat directly. The classification as OSINT and network activity implies that the threat may involve reconnaissance or data gathering activities, possibly as a precursor to more damaging payload delivery. The lack of known exploits and patches suggests this is not a vulnerability but rather a threat intelligence update highlighting observed malicious activity or infrastructure. Overall, this appears to be a medium-severity malware-related threat focused on network reconnaissance and payload delivery, with limited current impact but potential for escalation if further developed or exploited.

Potential Impact

For European organizations, the impact of this threat is currently moderate due to the lack of known exploits and specific affected systems. However, the presence of network activity and payload delivery components indicates a risk of unauthorized data collection or initial compromise attempts. If leveraged effectively by threat actors, this could lead to data breaches, espionage, or foothold establishment within networks. European entities with significant digital infrastructure, especially those in critical sectors such as finance, energy, and government, could face increased risk if the threat evolves. The absence of patches or mitigations means organizations must rely on detection and prevention strategies. The medium severity suggests that while immediate disruption or damage is unlikely, the threat could be part of a broader attack campaign or reconnaissance phase preceding more severe attacks. Therefore, vigilance and proactive monitoring are essential to mitigate potential impacts on confidentiality, integrity, and availability of systems.

Mitigation Recommendations

Given the nature of this threat, European organizations should implement enhanced network monitoring to detect unusual network activity indicative of reconnaissance or payload delivery attempts. Deploying advanced threat detection tools that leverage behavioral analytics and threat intelligence feeds, including the ThreatFox IOCs once available, will improve early detection capabilities. Network segmentation and strict access controls can limit lateral movement if initial compromise occurs. Regularly updating and tuning intrusion detection/prevention systems (IDS/IPS) to recognize emerging patterns associated with this threat is critical. Organizations should also conduct threat hunting exercises focused on OSINT-related indicators and suspicious payload delivery mechanisms. Employee awareness training on phishing and social engineering can reduce the risk of initial infection vectors. Since no patches are available, reliance on layered security controls, including endpoint detection and response (EDR) solutions, firewalls, and network anomaly detection, is vital. Collaboration with national cybersecurity centers and sharing threat intelligence within industry sectors can enhance collective defense.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
9f10ed12-f9d2-4ba6-91d6-db47347ca37f
Original Timestamp
1751414586

Indicators of Compromise

Domain

ValueDescriptionCopy
domainweb-rabby.org
Unknown malware botnet C2 domain (confidence level: 100%)
domainsecurity.fsealengurrad.com
Unknown malware payload delivery domain (confidence level: 100%)
domainpoqers.com
Unknown malware payload delivery domain (confidence level: 100%)
domainaccounts.podform.site
Unknown malware botnet C2 domain (confidence level: 100%)
domain360sec-dns.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainsusni-swap.net
Unknown malware botnet C2 domain (confidence level: 75%)
domaindexsceerner.org
Unknown malware botnet C2 domain (confidence level: 75%)
domainplay.rubyhall.in.net
Unknown malware botnet C2 domain (confidence level: 100%)
domainwin2officialgray.win
Unknown malware botnet C2 domain (confidence level: 100%)
domainalong-rid.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainnulltraces-38627.portmap.io
Quasar RAT botnet C2 domain (confidence level: 100%)
domainnulltraces-62756.portmap.io
Quasar RAT botnet C2 domain (confidence level: 100%)
domainhot-filing.gl.at.ply.gg
AsyncRAT botnet C2 domain (confidence level: 50%)
domainbulon.trumdvfb.com
Mirai botnet C2 domain (confidence level: 50%)
domainvip.jbvipnetwork.cc
Mirai botnet C2 domain (confidence level: 50%)
domainbuukas.duckdns.org
Remcos botnet C2 domain (confidence level: 50%)
domainintelligentopennetworkingawards.com
Unknown Stealer payload delivery domain (confidence level: 100%)
domainstoreshomeestudiosfluworks.xyz
Unknown Stealer payload delivery domain (confidence level: 100%)
domaincnm.h0xtopsec.vip
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainlanguagenose.info
Unknown Stealer botnet C2 domain (confidence level: 100%)
domaincuttingedgetechworks.com
Unknown RAT botnet C2 domain (confidence level: 100%)
domainmofagovpk-hq.co
SideWinder botnet C2 domain (confidence level: 50%)
domaincons.mofagovpk.co
SideWinder botnet C2 domain (confidence level: 50%)
domainmofa-govpk.co
SideWinder botnet C2 domain (confidence level: 50%)
domainmofagovbd.com
SideWinder botnet C2 domain (confidence level: 100%)
domainnvloi.mofagovbd.com
SideWinder botnet C2 domain (confidence level: 100%)
domainmofa-gov-bd.com
SideWinder botnet C2 domain (confidence level: 100%)
domainmofa-govbd.com
SideWinder botnet C2 domain (confidence level: 100%)
domaintod.treasury.gov.lk.mofa-govbd.com
SideWinder botnet C2 domain (confidence level: 100%)
domainerd.gov.lk.mofa-govbd.com
SideWinder botnet C2 domain (confidence level: 100%)
domainftp.mofa-govbd.com
SideWinder botnet C2 domain (confidence level: 100%)
domainyahoo.com.mofa-govbd.com
SideWinder botnet C2 domain (confidence level: 100%)
domainmail.mofa-govbd.com
SideWinder botnet C2 domain (confidence level: 100%)
domainmod.mofa-govbd.com
SideWinder botnet C2 domain (confidence level: 100%)
domainmhapsd.gov.bd.mofa-govbd.com
SideWinder botnet C2 domain (confidence level: 100%)
domainmofa.gov.bd.mofa-govbd.com
SideWinder botnet C2 domain (confidence level: 100%)
domainmofa-govbd.org
SideWinder botnet C2 domain (confidence level: 100%)
domainsafecityctd.com
SideWinder botnet C2 domain (confidence level: 50%)
domainislamabadpolice.org
SideWinder botnet C2 domain (confidence level: 50%)
domaingreenpop.info
Unknown malware botnet C2 domain (confidence level: 50%)
domainhreatlittleheaven.info
Unknown malware botnet C2 domain (confidence level: 50%)
domainksecure.bio
Unknown malware botnet C2 domain (confidence level: 50%)
domainpineappleworld.info
Unknown malware botnet C2 domain (confidence level: 50%)
domainplumpinr.info
Unknown malware botnet C2 domain (confidence level: 50%)
domainsunmelonontheway.info
Unknown malware botnet C2 domain (confidence level: 50%)
domainvibrantforest.info
Unknown malware botnet C2 domain (confidence level: 50%)
domaindjlmwd9b-80.euw.devtunnels.ms
Havoc botnet C2 domain (confidence level: 100%)
domainofkkfd24.work.gd
AsyncRAT botnet C2 domain (confidence level: 100%)
domainzenforexpvtltd.hopto.org
XWorm botnet C2 domain (confidence level: 100%)
domainweneedverysweetgirlwholovesmebetterthana.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainwigroups.com
Remcos botnet C2 domain (confidence level: 100%)
domainlionvs.gotdns.ch
Remcos botnet C2 domain (confidence level: 100%)
domainmxsunamz.gotdns.ch
Remcos botnet C2 domain (confidence level: 100%)
domainmdnsserver.com
Remcos botnet C2 domain (confidence level: 100%)
domainwww.autoauctionsdirect.net
Unknown Loader payload delivery domain (confidence level: 100%)
domain47sqwjxze4941.cfc-execute.su.baidubce.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domain0.x.exifit.eu.org
Vidar botnet C2 domain (confidence level: 75%)
domaincpanel.thekooljack.com
FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainaccounts.directllinegroup.co.uk
Havoc botnet C2 domain (confidence level: 100%)
domainfbsvm.cam
Unknown malware botnet C2 domain (confidence level: 100%)
domainamaprox.shop
Unknown Stealer botnet C2 domain (confidence level: 100%)
domainvltalmex.com.mx
Remcos botnet C2 domain (confidence level: 100%)
domain00283643bbm.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainexper.mywire.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domaindczip3.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainsuchdevil-25933.portmap.io
NjRAT botnet C2 domain (confidence level: 100%)
domainmalahh.oixrv2gn.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domain73w6tr0x1tnay.cfc-execute.bj.baidubce.com
Cobalt Strike botnet C2 domain (confidence level: 75%)

File

ValueDescriptionCopy
file27.17.150.148
Cobalt Strike botnet C2 server (confidence level: 100%)
file66.63.162.161
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.139.11.123
Cobalt Strike botnet C2 server (confidence level: 100%)
file196.251.117.230
Remcos botnet C2 server (confidence level: 100%)
file77.83.207.163
Remcos botnet C2 server (confidence level: 100%)
file35.170.185.100
Sliver botnet C2 server (confidence level: 100%)
file49.113.78.135
Unknown malware botnet C2 server (confidence level: 100%)
file196.251.115.156
AsyncRAT botnet C2 server (confidence level: 100%)
file172.111.150.118
AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.113.179
AsyncRAT botnet C2 server (confidence level: 100%)
file185.185.70.248
DCRat botnet C2 server (confidence level: 100%)
file185.169.54.63
DCRat botnet C2 server (confidence level: 100%)
file110.40.80.89
Kaiji botnet C2 server (confidence level: 100%)
file23.227.199.37
AdaptixC2 botnet C2 server (confidence level: 100%)
file146.70.87.237
AdaptixC2 botnet C2 server (confidence level: 100%)
file78.155.194.221
RedLine Stealer botnet C2 server (confidence level: 100%)
file118.89.182.140
Cobalt Strike botnet C2 server (confidence level: 75%)
file154.89.205.162
Cobalt Strike botnet C2 server (confidence level: 75%)
file43.199.113.11
ValleyRAT botnet C2 server (confidence level: 100%)
file47.121.24.204
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.138.22.149
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.100.72.166
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.92.106.246
Cobalt Strike botnet C2 server (confidence level: 100%)
file64.23.212.247
Sliver botnet C2 server (confidence level: 90%)
file172.94.96.108
AsyncRAT botnet C2 server (confidence level: 100%)
file164.90.158.221
Unknown malware botnet C2 server (confidence level: 100%)
file13.232.53.239
Unknown malware botnet C2 server (confidence level: 100%)
file31.210.36.97
Venom RAT botnet C2 server (confidence level: 100%)
file154.89.149.6
Unknown malware botnet C2 server (confidence level: 100%)
file23.26.125.189
Unknown malware botnet C2 server (confidence level: 100%)
file52.72.160.166
Unknown malware botnet C2 server (confidence level: 100%)
file3.127.178.108
Unknown malware botnet C2 server (confidence level: 100%)
file52.0.185.94
Unknown malware botnet C2 server (confidence level: 100%)
file35.157.53.219
Unknown malware botnet C2 server (confidence level: 100%)
file62.171.149.204
Unknown malware botnet C2 server (confidence level: 100%)
file46.36.38.80
Unknown malware botnet C2 server (confidence level: 100%)
file35.156.71.128
Unknown malware botnet C2 server (confidence level: 100%)
file35.156.71.128
Unknown malware botnet C2 server (confidence level: 100%)
file35.156.224.7
Unknown malware botnet C2 server (confidence level: 100%)
file35.156.224.7
Unknown malware botnet C2 server (confidence level: 100%)
file189.130.110.83
Unknown malware botnet C2 server (confidence level: 100%)
file13.229.39.24
Unknown malware botnet C2 server (confidence level: 100%)
file217.199.254.35
Unknown malware botnet C2 server (confidence level: 100%)
file23.254.225.125
Remcos botnet C2 server (confidence level: 100%)
file20.189.123.10
Unknown malware botnet C2 server (confidence level: 100%)
file45.94.31.124
Remcos botnet C2 server (confidence level: 100%)
file195.191.218.23
Remcos botnet C2 server (confidence level: 100%)
file45.138.50.75
Remcos botnet C2 server (confidence level: 100%)
file192.3.176.155
Remcos botnet C2 server (confidence level: 100%)
file2.58.56.13
Remcos botnet C2 server (confidence level: 100%)
file38.242.208.134
Remcos botnet C2 server (confidence level: 100%)
file173.225.102.145
Remcos botnet C2 server (confidence level: 100%)
file77.83.207.163
Remcos botnet C2 server (confidence level: 100%)
file13.37.239.254
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file16.63.101.3
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file13.127.151.53
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file196.251.86.61
Bashlite botnet C2 server (confidence level: 100%)
file38.132.122.141
AdaptixC2 botnet C2 server (confidence level: 100%)
file89.23.98.145
Rhadamanthys botnet C2 server (confidence level: 100%)
file157.254.167.84
FAKEUPDATES botnet C2 server (confidence level: 100%)
file192.227.135.201
Remcos botnet C2 server (confidence level: 100%)
file101.68.205.43
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.106.26.150
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.154.23.39
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.122.62.142
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.96.138.107
Cobalt Strike botnet C2 server (confidence level: 100%)
file111.231.20.243
Cobalt Strike botnet C2 server (confidence level: 100%)
file196.251.83.210
Remcos botnet C2 server (confidence level: 100%)
file86.131.107.165
Quasar RAT botnet C2 server (confidence level: 100%)
file69.58.93.96
Quasar RAT botnet C2 server (confidence level: 100%)
file40.76.123.249
RedLine Stealer botnet C2 server (confidence level: 100%)
file8.218.231.88
ValleyRAT botnet C2 server (confidence level: 100%)
file8.218.231.88
ValleyRAT botnet C2 server (confidence level: 100%)
file43.248.173.17
ValleyRAT botnet C2 server (confidence level: 100%)
file43.248.173.17
ValleyRAT botnet C2 server (confidence level: 100%)
file43.248.173.17
ValleyRAT botnet C2 server (confidence level: 100%)
file107.148.237.76
Cobalt Strike botnet C2 server (confidence level: 50%)
file107.172.143.14
Sliver botnet C2 server (confidence level: 50%)
file178.128.140.47
Sliver botnet C2 server (confidence level: 50%)
file178.172.244.120
Sliver botnet C2 server (confidence level: 50%)
file72.5.43.7
Sliver botnet C2 server (confidence level: 50%)
file54.190.221.77
Unknown malware botnet C2 server (confidence level: 50%)
file196.251.85.220
Unknown malware botnet C2 server (confidence level: 50%)
file205.185.114.104
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file66.23.207.210
Xtreme RAT botnet C2 server (confidence level: 50%)
file94.98.222.175
Poison Ivy botnet C2 server (confidence level: 50%)
file3.28.207.122
BlackShades botnet C2 server (confidence level: 50%)
file205.185.114.104
Unknown malware botnet C2 server (confidence level: 50%)
file147.185.221.29
AsyncRAT botnet C2 server (confidence level: 50%)
file185.18.222.241
AsyncRAT botnet C2 server (confidence level: 50%)
file185.18.222.241
AsyncRAT botnet C2 server (confidence level: 50%)
file185.18.222.241
AsyncRAT botnet C2 server (confidence level: 50%)
file45.82.254.44
Remcos botnet C2 server (confidence level: 75%)
file116.202.181.52
Vidar botnet C2 server (confidence level: 100%)
file116.202.186.71
Vidar botnet C2 server (confidence level: 100%)
file1.94.134.161
Cobalt Strike botnet C2 server (confidence level: 100%)
file209.146.115.172
Cobalt Strike botnet C2 server (confidence level: 100%)
file209.146.115.172
Cobalt Strike botnet C2 server (confidence level: 100%)
file118.31.173.90
Cobalt Strike botnet C2 server (confidence level: 100%)
file59.110.94.21
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.111.9.150
Sliver botnet C2 server (confidence level: 100%)
file34.87.122.145
Sliver botnet C2 server (confidence level: 100%)
file172.94.96.108
AsyncRAT botnet C2 server (confidence level: 100%)
file45.221.115.160
Unknown malware botnet C2 server (confidence level: 100%)
file37.187.37.111
DCRat botnet C2 server (confidence level: 100%)
file18.101.182.152
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file179.95.194.18
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file3.25.68.150
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file43.162.122.245
Unknown malware botnet C2 server (confidence level: 100%)
file196.251.83.44
Nanocore RAT botnet C2 server (confidence level: 100%)
file89.116.44.149
FAKEUPDATES botnet C2 server (confidence level: 100%)
file120.53.14.145
Havoc botnet C2 server (confidence level: 75%)
file140.238.58.71
DeimosC2 botnet C2 server (confidence level: 75%)
file216.137.216.185
QakBot botnet C2 server (confidence level: 75%)
file221.181.64.114
DeimosC2 botnet C2 server (confidence level: 75%)
file42.194.179.129
Havoc botnet C2 server (confidence level: 75%)
file43.138.209.230
Havoc botnet C2 server (confidence level: 75%)
file43.141.132.166
DeimosC2 botnet C2 server (confidence level: 75%)
file92.116.90.188
DeimosC2 botnet C2 server (confidence level: 75%)
file162.19.161.200
Unknown RAT botnet C2 server (confidence level: 75%)
file217.156.50.228
Unknown Loader botnet C2 server (confidence level: 75%)
file113.44.92.25
Cobalt Strike botnet C2 server (confidence level: 100%)
file137.175.84.7
Cobalt Strike botnet C2 server (confidence level: 100%)
file113.45.47.3
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.137.98.198
Cobalt Strike botnet C2 server (confidence level: 100%)
file163.5.149.28
Remcos botnet C2 server (confidence level: 100%)
file206.123.145.132
Remcos botnet C2 server (confidence level: 100%)
file198.55.98.242
Remcos botnet C2 server (confidence level: 100%)
file12.202.180.102
AsyncRAT botnet C2 server (confidence level: 100%)
file172.94.96.108
AsyncRAT botnet C2 server (confidence level: 100%)
file172.94.96.108
AsyncRAT botnet C2 server (confidence level: 100%)
file107.189.25.109
SectopRAT botnet C2 server (confidence level: 100%)
file52.232.96.143
Unknown malware botnet C2 server (confidence level: 100%)
file185.165.171.136
Unknown malware botnet C2 server (confidence level: 100%)
file176.34.42.250
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file176.34.42.250
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file196.251.87.245
Bashlite botnet C2 server (confidence level: 100%)
file208.87.200.129
ValleyRAT botnet C2 server (confidence level: 100%)
file208.87.200.129
ValleyRAT botnet C2 server (confidence level: 100%)
file143.92.32.68
ValleyRAT botnet C2 server (confidence level: 100%)
file143.92.32.68
ValleyRAT botnet C2 server (confidence level: 100%)
file143.92.32.68
ValleyRAT botnet C2 server (confidence level: 100%)
file185.186.26.225
FAKEUPDATES payload delivery server (confidence level: 100%)
file60.205.107.16
Cobalt Strike botnet C2 server (confidence level: 75%)
file106.53.52.127
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.100.72.166
Cobalt Strike botnet C2 server (confidence level: 100%)
file49.232.159.76
Ghost RAT botnet C2 server (confidence level: 100%)
file122.51.142.58
Unknown malware botnet C2 server (confidence level: 100%)
file43.250.174.240
Unknown malware botnet C2 server (confidence level: 100%)
file206.123.128.50
AsyncRAT botnet C2 server (confidence level: 100%)
file52.232.96.156
Unknown malware botnet C2 server (confidence level: 100%)
file52.232.101.42
Unknown malware botnet C2 server (confidence level: 100%)
file160.25.73.199
Quasar RAT botnet C2 server (confidence level: 100%)
file150.109.111.98
Havoc botnet C2 server (confidence level: 100%)
file157.230.34.254
Havoc botnet C2 server (confidence level: 100%)
file196.251.86.169
Bashlite botnet C2 server (confidence level: 100%)
file94.237.87.254
MimiKatz botnet C2 server (confidence level: 100%)
file192.169.69.26
Nanocore RAT botnet C2 server (confidence level: 100%)
file196.251.117.195
Ave Maria botnet C2 server (confidence level: 75%)
file185.238.169.158
RedLine Stealer botnet C2 server (confidence level: 100%)
file185.119.58.241
RedLine Stealer botnet C2 server (confidence level: 100%)
file103.176.197.24
ValleyRAT botnet C2 server (confidence level: 100%)
file103.176.197.24
ValleyRAT botnet C2 server (confidence level: 100%)
file196.119.245.85
NjRAT botnet C2 server (confidence level: 100%)
file139.180.129.54
Cobalt Strike botnet C2 server (confidence level: 75%)
file35.159.177.27
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.136.15.74
Cobalt Strike botnet C2 server (confidence level: 100%)
file104.243.254.98
Remcos botnet C2 server (confidence level: 100%)
file144.172.89.242
Sliver botnet C2 server (confidence level: 100%)
file47.83.173.1
Unknown malware botnet C2 server (confidence level: 100%)
file172.94.96.108
AsyncRAT botnet C2 server (confidence level: 100%)
file77.246.110.116
Havoc botnet C2 server (confidence level: 100%)
file196.251.87.244
Bashlite botnet C2 server (confidence level: 100%)
file109.73.202.146
Sliver botnet C2 server (confidence level: 75%)
file118.89.81.66
Havoc botnet C2 server (confidence level: 75%)
file164.92.112.82
Sliver botnet C2 server (confidence level: 75%)
file173.187.24.139
QakBot botnet C2 server (confidence level: 75%)
file182.30.54.199
DeimosC2 botnet C2 server (confidence level: 75%)
file94.49.8.198
QakBot botnet C2 server (confidence level: 75%)
file78.128.113.98
Quasar RAT botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash56245
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash5003
Remcos botnet C2 server (confidence level: 100%)
hash9000
Sliver botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash1000
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash7777
DCRat botnet C2 server (confidence level: 100%)
hash8848
DCRat botnet C2 server (confidence level: 100%)
hash88
Kaiji botnet C2 server (confidence level: 100%)
hash4321
AdaptixC2 botnet C2 server (confidence level: 100%)
hash43211
AdaptixC2 botnet C2 server (confidence level: 100%)
hash80
RedLine Stealer botnet C2 server (confidence level: 100%)
hash2053
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash6666
ValleyRAT botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 90%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash2000
Venom RAT botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash7574
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash30370
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash1243
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2427
Remcos botnet C2 server (confidence level: 100%)
hash4728
Remcos botnet C2 server (confidence level: 100%)
hash5002
Remcos botnet C2 server (confidence level: 100%)
hash25434
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash81
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash1224
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
Bashlite botnet C2 server (confidence level: 100%)
hash43211
AdaptixC2 botnet C2 server (confidence level: 100%)
hash8900
Rhadamanthys botnet C2 server (confidence level: 100%)
hash443
FAKEUPDATES botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash801
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1234
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash801
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5002
Remcos botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash1912
RedLine Stealer botnet C2 server (confidence level: 100%)
hash8080
ValleyRAT botnet C2 server (confidence level: 100%)
hash8181
ValleyRAT botnet C2 server (confidence level: 100%)
hash10451
ValleyRAT botnet C2 server (confidence level: 100%)
hash10452
ValleyRAT botnet C2 server (confidence level: 100%)
hash10453
ValleyRAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash7443
Unknown malware botnet C2 server (confidence level: 50%)
hash833
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 50%)
hash3460
Poison Ivy botnet C2 server (confidence level: 50%)
hash9160
BlackShades botnet C2 server (confidence level: 50%)
hash57779
Unknown malware botnet C2 server (confidence level: 50%)
hash54412
AsyncRAT botnet C2 server (confidence level: 50%)
hash6606
AsyncRAT botnet C2 server (confidence level: 50%)
hash7707
AsyncRAT botnet C2 server (confidence level: 50%)
hash8808
AsyncRAT botnet C2 server (confidence level: 50%)
hash9373
Remcos botnet C2 server (confidence level: 75%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8008
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Sliver botnet C2 server (confidence level: 100%)
hash8080
Sliver botnet C2 server (confidence level: 100%)
hash8888
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7777
DCRat botnet C2 server (confidence level: 100%)
hash18245
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash9990
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash2456
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash4000
Unknown malware botnet C2 server (confidence level: 100%)
hash50050
Nanocore RAT botnet C2 server (confidence level: 100%)
hash443
FAKEUPDATES botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash4506
DeimosC2 botnet C2 server (confidence level: 75%)
hash4433
Havoc botnet C2 server (confidence level: 75%)
hash443
Havoc botnet C2 server (confidence level: 75%)
hash10250
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash14f6a3a80b44d687c589dbd428a0599b4c04ce5c0f796345cbfba23697667b1a
Stealc payload (confidence level: 100%)
hash325d05c3c2895ddf394ff109ac7622b286f56b1383d39904f3a6739ec9b2e4a8
Stealc payload (confidence level: 100%)
hash8041
Unknown RAT botnet C2 server (confidence level: 75%)
hash8176
Unknown Loader botnet C2 server (confidence level: 75%)
hash829df7d978774486998cd130487396654c4486536e37ee0ad92c5b355f27e10d
Stealc payload (confidence level: 100%)
hash87192f75948a2407cfd3b126c3f13a0dbe4eb5579ce4683b1e2a007b17ccfc9a
Stealc payload (confidence level: 100%)
hash56233bac07f4f9c43585e485e70b6169
Unknown malware payload (confidence level: 50%)
hasha523bf5dca0f2a4ace0cf766d9225343
Unknown malware payload (confidence level: 50%)
hashad6104a503b46bf6ea505fe8b3182970
Unknown malware payload (confidence level: 50%)
hashbf795a376233032d05766a396b3d6e08
Unknown malware payload (confidence level: 50%)
hashfc6ac85fc9367c51b678fe77ad2d94d3
AMOS payload (confidence level: 100%)
hash6d55dda53e21bee4d6a005d2a886a0c1
AMOS payload (confidence level: 100%)
hash1013a1560acd661924673f97c7879d12
AMOS payload (confidence level: 100%)
hash68315ad0b43a379b3d60913bc98335da
AMOS payload (confidence level: 100%)
hash8d428d2ba3347e27ccabac95e5608167
AMOS payload (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8899
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5009
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash7647
Remcos botnet C2 server (confidence level: 100%)
hash8797
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash7777
AsyncRAT botnet C2 server (confidence level: 100%)
hash9000
SectopRAT botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash465
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash2665
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
Bashlite botnet C2 server (confidence level: 100%)
hash8888
ValleyRAT botnet C2 server (confidence level: 100%)
hash6666
ValleyRAT botnet C2 server (confidence level: 100%)
hash9090
ValleyRAT botnet C2 server (confidence level: 100%)
hash9091
ValleyRAT botnet C2 server (confidence level: 100%)
hash9092
ValleyRAT botnet C2 server (confidence level: 100%)
hash443
FAKEUPDATES payload delivery server (confidence level: 100%)
hash8389
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash10443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8000
Ghost RAT botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash2404
Quasar RAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash80
Bashlite botnet C2 server (confidence level: 100%)
hash8000
MimiKatz botnet C2 server (confidence level: 100%)
hash1985
Nanocore RAT botnet C2 server (confidence level: 100%)
hash7222
Ave Maria botnet C2 server (confidence level: 75%)
hash7765
RedLine Stealer botnet C2 server (confidence level: 100%)
hash60134
RedLine Stealer botnet C2 server (confidence level: 100%)
hash53
ValleyRAT botnet C2 server (confidence level: 100%)
hash90
ValleyRAT botnet C2 server (confidence level: 100%)
hash10000
NjRAT botnet C2 server (confidence level: 100%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash808
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash8443
Sliver botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash80
Bashlite botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 75%)
hash443
Havoc botnet C2 server (confidence level: 75%)
hash8888
Sliver botnet C2 server (confidence level: 75%)
hash995
QakBot botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash995
QakBot botnet C2 server (confidence level: 75%)
hash5850
Quasar RAT botnet C2 server (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttp://66.63.187.70/pages/login.php
Unknown malware botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/ufpdhea9
AsyncRAT botnet C2 (confidence level: 50%)
urlhttp://172.86.75.38/e5b309d293924536.php
Stealc botnet C2 (confidence level: 100%)
urlhttp://ct83204.tw1.ru/3bce0858.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://0.x.exifit.eu.org
Vidar botnet C2 (confidence level: 75%)
urlhttps://cpanel.thekooljack.com/viewdashboard
FAKEUPDATES botnet C2 (confidence level: 100%)
urlhttps://bibigigatrols.com/work/
Latrodectus botnet C2 (confidence level: 75%)
urlhttps://larioiokolid.com/work/
Latrodectus botnet C2 (confidence level: 75%)
urlhttps://shop.aeroboutiquepanama.com/selectra_planilla/sistemax.php
Unknown Stealer botnet C2 (confidence level: 100%)
urlhttp://a1120527.xsph.ru/l1nc0in.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://a1080242.xsph.ru/4317b3e5.php
DCRat botnet C2 (confidence level: 100%)

Threat ID: 686478ae6f40f0eb7290e14f

Added to database: 7/2/2025, 12:09:18 AM

Last enriched: 7/2/2025, 12:24:32 AM

Last updated: 7/4/2025, 1:54:38 PM

Views: 10

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats