Skip to main content

ThreatFox IOCs for 2025-07-03

Medium
Published: Thu Jul 03 2025 (07/03/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-07-03

AI-Powered Analysis

AILast updated: 07/04/2025, 00:24:34 UTC

Technical Analysis

The provided information pertains to a set of Indicators of Compromise (IOCs) from the ThreatFox MISP feed dated July 3, 2025. These IOCs are related to malware activities categorized under OSINT (Open Source Intelligence), network activity, and payload delivery. However, the data lacks specific technical details such as affected software versions, exact malware family names, or detailed attack vectors. The threat is classified with a medium severity level and a threat level of 2 on an unspecified scale, indicating a moderate risk. There are no known exploits in the wild, no patches available, and no Common Weakness Enumerations (CWEs) associated, suggesting that this is more of an intelligence gathering or monitoring report rather than an active, widespread exploit. The absence of indicators and detailed technical analysis limits the ability to fully characterize the malware's behavior, infection mechanisms, or persistence techniques. The mention of OSINT and network activity implies that the threat may involve reconnaissance or data collection phases, possibly used to facilitate subsequent payload delivery. Overall, this appears to be a preliminary or informational report on malware-related network activity rather than a direct vulnerability or exploit targeting specific products or versions.

Potential Impact

For European organizations, the impact of this threat is currently limited due to the lack of concrete exploit details or active campaigns. However, the presence of network activity and payload delivery tags suggests potential risks if these IOCs are used to detect or block malicious traffic. Organizations relying on OSINT for threat intelligence may benefit from integrating these IOCs into their detection systems to enhance situational awareness. The medium severity rating indicates that while immediate damage or compromise is unlikely, failure to monitor or respond to such intelligence could allow adversaries to conduct reconnaissance or prepare for more targeted attacks. European entities in sectors with high exposure to network-based threats, such as finance, critical infrastructure, and government, should remain vigilant. The absence of patches or known exploits reduces urgency but does not eliminate the need for proactive monitoring and incident response readiness.

Mitigation Recommendations

Given the nature of this threat as an OSINT-related IOC feed without specific exploit details, mitigation should focus on enhancing detection and response capabilities rather than patching. European organizations should: 1) Integrate the provided IOCs into existing Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to identify suspicious network activity early. 2) Employ network segmentation and strict egress filtering to limit potential payload delivery and lateral movement. 3) Conduct regular threat hunting exercises using updated IOC feeds like ThreatFox to identify any signs of compromise. 4) Maintain up-to-date threat intelligence sharing with relevant Information Sharing and Analysis Centers (ISACs) and national cybersecurity agencies. 5) Train security teams to recognize patterns of reconnaissance and payload delivery phases to respond swiftly. 6) Ensure robust logging and monitoring of network traffic, especially for unusual outbound connections that may indicate data exfiltration or command and control communications.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
20417bf2-eea8-4dec-b553-27ab37f9bea2
Original Timestamp
1751587386

Indicators of Compromise

Domain

ValueDescriptionCopy
domainpartopikoto.live
Rhadamanthys botnet C2 domain (confidence level: 100%)
domainsecurity.folapegiaurd.com
Unknown malware payload delivery domain (confidence level: 100%)
domainperjaxs.com
Unknown malware payload delivery domain (confidence level: 100%)
domainapi.xiaomis.lol
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainuser.thinkg.cc
Cobalt Strike botnet C2 domain (confidence level: 75%)
domain1ri7zwh3k.localto.net
AsyncRAT botnet C2 domain (confidence level: 50%)
domainnamit-37666.portmap.io
AsyncRAT botnet C2 domain (confidence level: 50%)
domainn-survivors.gl.at.ply.gg
DCRat botnet C2 domain (confidence level: 50%)
domainkatanaa.zapto.org
Mirai botnet C2 domain (confidence level: 50%)
domainadd-adolescent.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domainrabby.en-web3.com
Unknown malware botnet C2 domain (confidence level: 100%)
domain80.t.exifit.eu.org
Vidar botnet C2 domain (confidence level: 75%)
domainshow.thailisting.net
Havoc botnet C2 domain (confidence level: 100%)
domainec2-13-114-32-108.ap-northeast-1.compute.amazonaws.com
Havoc botnet C2 domain (confidence level: 100%)
domainmyhost.misecure.com
Revenge RAT botnet C2 domain (confidence level: 100%)
domainmyhost.servepics.com
Revenge RAT botnet C2 domain (confidence level: 100%)
domainroccbqw.pics
Lumma Stealer botnet C2 domain (confidence level: 66%)
domaincbakk.xyz
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaingit.xtertexter.com
FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainbackupjs.ddns.net
XWorm botnet C2 domain (confidence level: 50%)
domainssaspeed.top
Unknown RAT botnet C2 domain (confidence level: 100%)
domainvertex0110.sbs
Unknown RAT botnet C2 domain (confidence level: 100%)
domaintest2.scacasdxc.love
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaintest3.scacasdxc.love
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaintest4.scacasdxc.love
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaintest5.scacasdxc.love
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaintest6.scacasdxc.love
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaintest7.scacasdxc.love
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaintest8.scacasdxc.love
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaintest9.scacasdxc.love
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainsound-vietnam.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainnewjewel.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainevidence-ecommerce.gl.at.ply.gg
Remcos botnet C2 domain (confidence level: 100%)
domainratlordvc.ddns.net
AsyncRAT botnet C2 domain (confidence level: 100%)
domaindegene000-47221.portmap.io
Quasar RAT botnet C2 domain (confidence level: 100%)
domain63tefarz8.localto.net
Quasar RAT botnet C2 domain (confidence level: 100%)
domainwhitegambit.com
Unknown Stealer botnet C2 domain (confidence level: 100%)

File

ValueDescriptionCopy
file83.217.209.230
Rhadamanthys botnet C2 server (confidence level: 100%)
file47.100.184.216
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.37.175.15
Cobalt Strike botnet C2 server (confidence level: 100%)
file27.18.19.29
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.94.76.244
Cobalt Strike botnet C2 server (confidence level: 100%)
file182.160.1.146
Cobalt Strike botnet C2 server (confidence level: 100%)
file104.243.254.19
AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.113.73
AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.113.73
AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.113.73
AsyncRAT botnet C2 server (confidence level: 100%)
file172.94.96.108
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.85.119
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.85.119
AsyncRAT botnet C2 server (confidence level: 100%)
file176.98.186.8
SectopRAT botnet C2 server (confidence level: 100%)
file34.30.106.150
Unknown malware botnet C2 server (confidence level: 100%)
file181.162.165.34
Quasar RAT botnet C2 server (confidence level: 100%)
file198.7.124.59
Havoc botnet C2 server (confidence level: 100%)
file34.219.200.70
Havoc botnet C2 server (confidence level: 100%)
file186.169.61.249
DCRat botnet C2 server (confidence level: 100%)
file194.59.31.54
Remcos botnet C2 server (confidence level: 100%)
file113.44.87.199
Cobalt Strike botnet C2 server (confidence level: 75%)
file217.154.212.25
Cobalt Strike botnet C2 server (confidence level: 75%)
file45.88.186.30
XWorm botnet C2 server (confidence level: 100%)
file47.109.176.248
Cobalt Strike botnet C2 server (confidence level: 100%)
file107.173.35.167
Cobalt Strike botnet C2 server (confidence level: 100%)
file110.40.185.107
Cobalt Strike botnet C2 server (confidence level: 100%)
file46.8.122.216
Unknown malware botnet C2 server (confidence level: 100%)
file150.109.78.145
Unknown malware botnet C2 server (confidence level: 100%)
file88.229.27.40
AsyncRAT botnet C2 server (confidence level: 100%)
file88.229.27.40
AsyncRAT botnet C2 server (confidence level: 100%)
file106.14.59.171
Unknown malware botnet C2 server (confidence level: 100%)
file191.101.218.129
Unknown malware botnet C2 server (confidence level: 100%)
file45.74.16.202
Hook botnet C2 server (confidence level: 100%)
file13.251.236.197
Quasar RAT botnet C2 server (confidence level: 100%)
file107.150.0.12
Venom RAT botnet C2 server (confidence level: 100%)
file54.238.203.127
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file147.93.4.110
Unknown malware botnet C2 server (confidence level: 100%)
file103.124.105.76
Unknown malware botnet C2 server (confidence level: 100%)
file47.111.7.199
Unknown malware botnet C2 server (confidence level: 100%)
file8.133.201.86
Unknown malware botnet C2 server (confidence level: 100%)
file4.254.92.167
Unknown malware botnet C2 server (confidence level: 100%)
file47.129.56.7
Unknown malware botnet C2 server (confidence level: 100%)
file52.55.187.183
Unknown malware botnet C2 server (confidence level: 100%)
file13.200.74.236
Unknown malware botnet C2 server (confidence level: 100%)
file172.245.242.116
Unknown malware botnet C2 server (confidence level: 100%)
file18.195.57.223
Unknown malware botnet C2 server (confidence level: 100%)
file3.123.188.180
Unknown malware botnet C2 server (confidence level: 100%)
file146.190.126.60
Unknown malware botnet C2 server (confidence level: 100%)
file194.164.172.92
Unknown malware botnet C2 server (confidence level: 100%)
file181.32.34.214
Unknown malware botnet C2 server (confidence level: 100%)
file172.245.242.117
Unknown malware botnet C2 server (confidence level: 100%)
file34.194.47.73
Unknown malware botnet C2 server (confidence level: 100%)
file20.83.186.216
Unknown malware botnet C2 server (confidence level: 100%)
file20.83.186.216
Unknown malware botnet C2 server (confidence level: 100%)
file157.20.214.70
Unknown malware botnet C2 server (confidence level: 100%)
file103.119.63.154
Unknown malware botnet C2 server (confidence level: 100%)
file82.223.203.191
Unknown malware botnet C2 server (confidence level: 100%)
file3.123.206.73
Unknown malware botnet C2 server (confidence level: 100%)
file3.123.206.73
Unknown malware botnet C2 server (confidence level: 100%)
file195.20.17.189
Octopus botnet C2 server (confidence level: 100%)
file27.124.46.112
ValleyRAT botnet C2 server (confidence level: 100%)
file154.91.226.8
ValleyRAT botnet C2 server (confidence level: 100%)
file196.251.84.176
Remcos botnet C2 server (confidence level: 100%)
file79.215.181.187
AsyncRAT botnet C2 server (confidence level: 100%)
file79.215.181.187
AsyncRAT botnet C2 server (confidence level: 100%)
file79.215.181.187
AsyncRAT botnet C2 server (confidence level: 100%)
file79.215.181.187
AsyncRAT botnet C2 server (confidence level: 100%)
file5.42.65.97
Quasar RAT botnet C2 server (confidence level: 100%)
file107.220.107.200
Quasar RAT botnet C2 server (confidence level: 100%)
file206.238.221.17
ValleyRAT botnet C2 server (confidence level: 100%)
file45.95.42.237
Cobalt Strike botnet C2 server (confidence level: 50%)
file122.51.218.18
Cobalt Strike botnet C2 server (confidence level: 50%)
file20.246.72.225
Cobalt Strike botnet C2 server (confidence level: 50%)
file47.95.31.143
Cobalt Strike botnet C2 server (confidence level: 50%)
file154.201.93.48
Sliver botnet C2 server (confidence level: 50%)
file170.75.160.9
Sliver botnet C2 server (confidence level: 50%)
file66.78.40.28
Sliver botnet C2 server (confidence level: 50%)
file148.253.85.89
Sliver botnet C2 server (confidence level: 50%)
file154.126.75.178
Sliver botnet C2 server (confidence level: 50%)
file103.119.63.154
Unknown malware botnet C2 server (confidence level: 50%)
file13.39.112.151
Unknown malware botnet C2 server (confidence level: 50%)
file13.39.112.151
Unknown malware botnet C2 server (confidence level: 50%)
file212.69.167.73
Brute Ratel C4 botnet C2 server (confidence level: 50%)
file3.106.138.20
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file27.102.137.242
Kimsuky botnet C2 server (confidence level: 50%)
file154.194.35.243
AsyncRAT botnet C2 server (confidence level: 50%)
file151.243.218.201
XWorm botnet C2 server (confidence level: 100%)
file39.106.250.88
Cobalt Strike botnet C2 server (confidence level: 100%)
file120.46.46.166
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.93.28.105
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.133.177.17
Cobalt Strike botnet C2 server (confidence level: 100%)
file42.194.249.150
Cobalt Strike botnet C2 server (confidence level: 100%)
file114.55.26.79
Cobalt Strike botnet C2 server (confidence level: 100%)
file175.178.45.197
Cobalt Strike botnet C2 server (confidence level: 100%)
file1.14.60.254
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.82.68.10
Cobalt Strike botnet C2 server (confidence level: 100%)
file194.15.46.225
Remcos botnet C2 server (confidence level: 100%)
file107.172.232.88
Remcos botnet C2 server (confidence level: 100%)
file65.21.212.93
Remcos botnet C2 server (confidence level: 100%)
file173.225.102.145
Remcos botnet C2 server (confidence level: 100%)
file38.255.49.38
Remcos botnet C2 server (confidence level: 100%)
file196.251.69.242
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.85.119
AsyncRAT botnet C2 server (confidence level: 100%)
file88.229.27.40
AsyncRAT botnet C2 server (confidence level: 100%)
file154.12.61.191
Hook botnet C2 server (confidence level: 100%)
file86.54.42.116
DCRat botnet C2 server (confidence level: 100%)
file65.2.180.166
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file147.93.4.112
Unknown malware botnet C2 server (confidence level: 100%)
file147.93.4.109
Unknown malware botnet C2 server (confidence level: 100%)
file45.207.38.115
ValleyRAT botnet C2 server (confidence level: 100%)
file116.62.107.27
Havoc botnet C2 server (confidence level: 75%)
file178.172.244.120
Sliver botnet C2 server (confidence level: 75%)
file182.30.26.165
DeimosC2 botnet C2 server (confidence level: 75%)
file2.50.12.4
QakBot botnet C2 server (confidence level: 75%)
file46.246.166.149
QakBot botnet C2 server (confidence level: 75%)
file69.157.7.239
QakBot botnet C2 server (confidence level: 75%)
file185.174.101.218
XWorm botnet C2 server (confidence level: 100%)
file154.205.138.38
Sliver botnet C2 server (confidence level: 50%)
file23.102.30.120
Meterpreter botnet C2 server (confidence level: 75%)
file101.43.150.197
Cobalt Strike botnet C2 server (confidence level: 100%)
file113.44.72.175
Ghost RAT botnet C2 server (confidence level: 100%)
file103.202.55.149
Remcos botnet C2 server (confidence level: 100%)
file193.29.57.190
Unknown RAT botnet C2 server (confidence level: 100%)
file192.3.255.103
Sliver botnet C2 server (confidence level: 100%)
file38.54.42.48
ShadowPad botnet C2 server (confidence level: 90%)
file104.250.172.146
AsyncRAT botnet C2 server (confidence level: 100%)
file198.23.227.140
AsyncRAT botnet C2 server (confidence level: 100%)
file34.140.122.13
Unknown malware botnet C2 server (confidence level: 100%)
file185.72.199.72
Quasar RAT botnet C2 server (confidence level: 100%)
file172.86.84.43
Havoc botnet C2 server (confidence level: 100%)
file43.198.88.243
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file54.233.16.132
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file212.56.32.249
Unknown malware botnet C2 server (confidence level: 100%)
file45.207.38.115
ValleyRAT botnet C2 server (confidence level: 100%)
file45.128.12.37
SpyNote botnet C2 server (confidence level: 100%)
file45.128.12.123
SpyNote botnet C2 server (confidence level: 100%)
file206.119.174.101
ValleyRAT botnet C2 server (confidence level: 100%)
file106.53.131.179
Cobalt Strike botnet C2 server (confidence level: 75%)
file111.230.216.96
Cobalt Strike botnet C2 server (confidence level: 75%)
file160.250.129.6
Cobalt Strike botnet C2 server (confidence level: 75%)
file193.112.116.193
Cobalt Strike botnet C2 server (confidence level: 75%)
file43.138.153.161
Cobalt Strike botnet C2 server (confidence level: 75%)
file81.71.249.228
Cobalt Strike botnet C2 server (confidence level: 75%)
file81.71.249.57
Cobalt Strike botnet C2 server (confidence level: 75%)
file123.57.2.124
Cobalt Strike botnet C2 server (confidence level: 50%)
file192.140.188.178
Cobalt Strike botnet C2 server (confidence level: 50%)
file217.154.212.25
Cobalt Strike botnet C2 server (confidence level: 50%)
file120.46.46.166
Cobalt Strike botnet C2 server (confidence level: 50%)
file101.35.95.220
Cobalt Strike botnet C2 server (confidence level: 50%)
file1.94.239.203
Cobalt Strike botnet C2 server (confidence level: 50%)
file8.152.193.151
Cobalt Strike botnet C2 server (confidence level: 50%)
file13.39.112.151
Unknown malware botnet C2 server (confidence level: 50%)
file13.39.112.151
Unknown malware botnet C2 server (confidence level: 50%)
file13.39.112.151
Unknown malware botnet C2 server (confidence level: 50%)
file13.39.112.151
Unknown malware botnet C2 server (confidence level: 50%)
file13.39.112.151
Unknown malware botnet C2 server (confidence level: 50%)
file13.39.112.151
Unknown malware botnet C2 server (confidence level: 50%)
file205.185.114.104
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file3.106.138.20
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file84.46.239.89
Brute Ratel C4 botnet C2 server (confidence level: 50%)
file148.113.214.176
Remcos botnet C2 server (confidence level: 50%)
file172.245.152.196
Remcos botnet C2 server (confidence level: 50%)
file8.138.166.162
Cobalt Strike botnet C2 server (confidence level: 100%)
file160.202.229.22
Ghost RAT botnet C2 server (confidence level: 100%)
file160.202.229.10
Ghost RAT botnet C2 server (confidence level: 100%)
file155.254.24.139
Remcos botnet C2 server (confidence level: 100%)
file196.251.117.113
Remcos botnet C2 server (confidence level: 100%)
file20.2.139.87
Unknown malware botnet C2 server (confidence level: 100%)
file196.251.72.21
AsyncRAT botnet C2 server (confidence level: 100%)
file104.1.253.104
AsyncRAT botnet C2 server (confidence level: 100%)
file88.229.27.40
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.85.119
AsyncRAT botnet C2 server (confidence level: 100%)
file147.93.4.111
Unknown malware botnet C2 server (confidence level: 100%)
file34.203.227.204
Cobalt Strike botnet C2 server (confidence level: 75%)
file147.185.221.22
XWorm botnet C2 server (confidence level: 100%)
file206.119.174.101
ValleyRAT botnet C2 server (confidence level: 100%)
file206.119.174.101
ValleyRAT botnet C2 server (confidence level: 100%)
file43.224.226.100
ValleyRAT botnet C2 server (confidence level: 100%)
file43.224.226.100
ValleyRAT botnet C2 server (confidence level: 100%)
file43.224.226.100
ValleyRAT botnet C2 server (confidence level: 100%)
file156.251.18.221
ValleyRAT botnet C2 server (confidence level: 100%)
file176.160.157.96
XWorm botnet C2 server (confidence level: 100%)
file132.232.234.223
Quasar RAT botnet C2 server (confidence level: 100%)
file154.223.21.216
Quasar RAT botnet C2 server (confidence level: 75%)
file83.143.112.163
XWorm botnet C2 server (confidence level: 100%)
file123.60.130.187
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.97.166.6
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.43.150.197
Cobalt Strike botnet C2 server (confidence level: 100%)
file112.125.19.107
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.61.98.164
Cobalt Strike botnet C2 server (confidence level: 100%)
file160.202.229.24
Ghost RAT botnet C2 server (confidence level: 100%)
file160.202.229.26
Ghost RAT botnet C2 server (confidence level: 100%)
file172.81.132.171
Sliver botnet C2 server (confidence level: 100%)
file196.251.71.36
AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.113.73
AsyncRAT botnet C2 server (confidence level: 100%)
file37.187.37.111
DCRat botnet C2 server (confidence level: 100%)
file16.79.68.103
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file37.116.229.222
Unknown malware botnet C2 server (confidence level: 100%)
file45.129.0.102
AdaptixC2 botnet C2 server (confidence level: 100%)
file156.154.120.49
DeimosC2 botnet C2 server (confidence level: 75%)
file161.189.39.102
DeimosC2 botnet C2 server (confidence level: 75%)
file172.236.1.218
Havoc botnet C2 server (confidence level: 75%)
file194.180.188.223
DeimosC2 botnet C2 server (confidence level: 75%)
file197.3.170.96
QakBot botnet C2 server (confidence level: 75%)
file38.50.168.187
DeimosC2 botnet C2 server (confidence level: 75%)
file69.157.7.239
QakBot botnet C2 server (confidence level: 75%)
file94.102.59.177
Unknown malware botnet C2 server (confidence level: 100%)
file104.207.138.98
AsyncRAT botnet C2 server (confidence level: 100%)
file147.185.221.17
XWorm botnet C2 server (confidence level: 100%)
file161.248.87.240
ValleyRAT botnet C2 server (confidence level: 100%)
file47.82.113.47
ValleyRAT botnet C2 server (confidence level: 100%)
file209.46.127.132
Meterpreter botnet C2 server (confidence level: 75%)

Hash

ValueDescriptionCopy
hash443
Rhadamanthys botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash56245
Cobalt Strike botnet C2 server (confidence level: 100%)
hash7001
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash1018
AsyncRAT botnet C2 server (confidence level: 100%)
hash2000
AsyncRAT botnet C2 server (confidence level: 100%)
hash5222
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash9000
SectopRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Quasar RAT botnet C2 server (confidence level: 100%)
hash8443
Havoc botnet C2 server (confidence level: 100%)
hash80
Havoc botnet C2 server (confidence level: 100%)
hash8090
DCRat botnet C2 server (confidence level: 100%)
hash6220
Remcos botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 75%)
hash1717
XWorm botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8001
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash1000
AsyncRAT botnet C2 server (confidence level: 100%)
hash9999
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash5000
Quasar RAT botnet C2 server (confidence level: 100%)
hash2001
Venom RAT botnet C2 server (confidence level: 100%)
hash4841
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash4000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash2053
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Octopus botnet C2 server (confidence level: 100%)
hash8880
ValleyRAT botnet C2 server (confidence level: 100%)
hash8880
ValleyRAT botnet C2 server (confidence level: 100%)
hash5000
Remcos botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash55667
AsyncRAT botnet C2 server (confidence level: 100%)
hash4449
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash4433
ValleyRAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash4449
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash8443
Unknown malware botnet C2 server (confidence level: 50%)
hash17000
Unknown malware botnet C2 server (confidence level: 50%)
hash50000
Unknown malware botnet C2 server (confidence level: 50%)
hash6443
Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash8428
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash443
Kimsuky botnet C2 server (confidence level: 50%)
hash8301
AsyncRAT botnet C2 server (confidence level: 50%)
hash6000
XWorm botnet C2 server (confidence level: 100%)
hash1234
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8082
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash55525
Cobalt Strike botnet C2 server (confidence level: 100%)
hash56687
Remcos botnet C2 server (confidence level: 100%)
hash2525
Remcos botnet C2 server (confidence level: 100%)
hash2441
Remcos botnet C2 server (confidence level: 100%)
hash2967
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash7000
AsyncRAT botnet C2 server (confidence level: 100%)
hash222
AsyncRAT botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash8854
DCRat botnet C2 server (confidence level: 100%)
hash831
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash8002
ValleyRAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 75%)
hash80
Sliver botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash995
QakBot botnet C2 server (confidence level: 75%)
hash2222
QakBot botnet C2 server (confidence level: 75%)
hash6000
XWorm botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 50%)
hash8080
Meterpreter botnet C2 server (confidence level: 75%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2020
Ghost RAT botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash80
Unknown RAT botnet C2 server (confidence level: 100%)
hash80
Sliver botnet C2 server (confidence level: 100%)
hash443
ShadowPad botnet C2 server (confidence level: 90%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash5252
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash1717
Quasar RAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash3000
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash14166
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash8001
ValleyRAT botnet C2 server (confidence level: 100%)
hash1001
SpyNote botnet C2 server (confidence level: 100%)
hash1009
SpyNote botnet C2 server (confidence level: 100%)
hash443
ValleyRAT botnet C2 server (confidence level: 100%)
hash8086
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8086
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8086
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8086
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8086
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8086
Cobalt Strike botnet C2 server (confidence level: 75%)
hash6666
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8089
Cobalt Strike botnet C2 server (confidence level: 50%)
hash9000
Cobalt Strike botnet C2 server (confidence level: 50%)
hash6666
Cobalt Strike botnet C2 server (confidence level: 50%)
hash18088
Cobalt Strike botnet C2 server (confidence level: 50%)
hash3333
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8900
Unknown malware botnet C2 server (confidence level: 50%)
hash50100
Unknown malware botnet C2 server (confidence level: 50%)
hash12350
Unknown malware botnet C2 server (confidence level: 50%)
hash30000
Unknown malware botnet C2 server (confidence level: 50%)
hash35250
Unknown malware botnet C2 server (confidence level: 50%)
hash8500
Unknown malware botnet C2 server (confidence level: 50%)
hash50102
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash12378
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash4443
Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash2405
Remcos botnet C2 server (confidence level: 50%)
hash27000
Remcos botnet C2 server (confidence level: 50%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Ghost RAT botnet C2 server (confidence level: 100%)
hash9999
Ghost RAT botnet C2 server (confidence level: 100%)
hash23212
Remcos botnet C2 server (confidence level: 100%)
hash9090
Remcos botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash7777
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash3000
AsyncRAT botnet C2 server (confidence level: 100%)
hash888
AsyncRAT botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash47930
XWorm botnet C2 server (confidence level: 100%)
hash80
ValleyRAT botnet C2 server (confidence level: 100%)
hash8080
ValleyRAT botnet C2 server (confidence level: 100%)
hash9090
ValleyRAT botnet C2 server (confidence level: 100%)
hash9091
ValleyRAT botnet C2 server (confidence level: 100%)
hash9092
ValleyRAT botnet C2 server (confidence level: 100%)
hash6628
ValleyRAT botnet C2 server (confidence level: 100%)
hash8887
XWorm botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 75%)
hash4444
XWorm botnet C2 server (confidence level: 100%)
hash8012
Cobalt Strike botnet C2 server (confidence level: 100%)
hash6001
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Ghost RAT botnet C2 server (confidence level: 100%)
hash9999
Ghost RAT botnet C2 server (confidence level: 100%)
hash8080
Sliver botnet C2 server (confidence level: 100%)
hash7777
AsyncRAT botnet C2 server (confidence level: 100%)
hash5000
AsyncRAT botnet C2 server (confidence level: 100%)
hash9999
DCRat botnet C2 server (confidence level: 100%)
hash52126
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
AdaptixC2 botnet C2 server (confidence level: 100%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash8883
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
Havoc botnet C2 server (confidence level: 75%)
hash2002
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash8080
DeimosC2 botnet C2 server (confidence level: 75%)
hash2078
QakBot botnet C2 server (confidence level: 75%)
hash3000
Unknown malware botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash22365
XWorm botnet C2 server (confidence level: 100%)
hash8877
ValleyRAT botnet C2 server (confidence level: 100%)
hash3010
ValleyRAT botnet C2 server (confidence level: 100%)
hash8443
Meterpreter botnet C2 server (confidence level: 75%)

Url

ValueDescriptionCopy
urlhttp://346720cm.nyashvibe.ru/phprequesttrafficdletemp.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://110.41.44.100:8888/supershell/login
Unknown malware botnet C2 (confidence level: 50%)
urlhttps://paste.ee/r/7467kw7n/0
AsyncRAT botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/avggnpms
DCRat botnet C2 (confidence level: 50%)
urlhttp://a1141531.xsph.ru/3c06570f.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://co55281.tw1.ru/130665bb.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://80.t.exifit.eu.org
Vidar botnet C2 (confidence level: 75%)
urlhttps://londqx.top/xjdq
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://git.xtertexter.com/viewdashboard
FAKEUPDATES botnet C2 (confidence level: 100%)
urlhttps://wonxw.top/lakd
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://185.194.175.132:8000/pages/login.php
Unknown malware botnet C2 (confidence level: 50%)
urlhttps://ricedonkey.sbs/bin.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttp://ci03912.tw1.ru/21e9ffe0.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://powdgl.lat/atid
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://giyewf.shop/gbtw
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://pnpxsc.pics/ajbu
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://t.me/sadwq223123asdsad
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://braoto.top/wsxz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://cbakk.xyz/ajng
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://roccbqw.pics/guwq
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://62.109.31.71/pluginmath/rule/systemlimitdjango/boot/script/python/data/mobilewaranti/rulerecord/corephp/jslow.php
DCRat botnet C2 (confidence level: 100%)

Threat ID: 68671bae6f40f0eb729e1a35

Added to database: 7/4/2025, 12:09:18 AM

Last enriched: 7/4/2025, 12:24:34 AM

Last updated: 7/5/2025, 1:54:50 PM

Views: 4

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats