Skip to main content

ThreatFox IOCs for 2025-07-04

Medium
Published: Fri Jul 04 2025 (07/04/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-07-04

AI-Powered Analysis

AILast updated: 07/05/2025, 00:24:42 UTC

Technical Analysis

The provided information pertains to a security threat categorized as malware, specifically related to OSINT (Open Source Intelligence) and payload delivery with associated network activity. The data originates from the ThreatFox MISP Feed and is dated July 4, 2025. However, the details are sparse, with no specific affected product versions, no known exploits in the wild, and no patch availability. The threat is tagged with 'type:osint' and 'tlp:white', indicating that the information is publicly shareable and relates to open-source intelligence. The technical details include a threat level of 2 (on an unspecified scale), analysis level 1, and distribution level 3, suggesting moderate distribution but limited analysis depth. No specific indicators of compromise (IOCs) are provided, and there are no CWE identifiers, which limits the ability to pinpoint exact vulnerabilities or attack vectors. Given the categorization under payload delivery and network activity, this threat likely involves malware that is distributed or activated via network channels, potentially leveraging OSINT techniques for targeting or reconnaissance. The absence of patches and known exploits suggests this may be an emerging or theoretical threat rather than an actively exploited vulnerability. Overall, the threat appears to be of medium severity but lacks detailed technical specifics to fully assess its mechanisms or impact vectors.

Potential Impact

For European organizations, the impact of this threat is currently uncertain due to the lack of detailed technical information and absence of known active exploitation. However, given its classification as malware involving payload delivery and network activity, there is a potential risk to confidentiality, integrity, and availability of systems if the malware were to be deployed successfully. European organizations that rely heavily on networked infrastructure and open-source intelligence for operational or strategic purposes could be targeted for reconnaissance or payload delivery. The medium severity rating suggests a moderate risk level, implying that while immediate widespread damage is unlikely, targeted attacks could disrupt operations or lead to data compromise. The absence of patches and known exploits means organizations should remain vigilant and proactive in monitoring network traffic and threat intelligence feeds to detect any emerging indicators related to this threat. The potential impact is heightened for sectors with critical infrastructure or sensitive data, where even moderate malware infections can have significant operational consequences.

Mitigation Recommendations

Given the limited details, mitigation should focus on strengthening network security and enhancing threat detection capabilities. European organizations should: 1) Implement advanced network monitoring and anomaly detection systems to identify unusual payload delivery or network activity patterns associated with malware. 2) Maintain updated threat intelligence feeds, including OSINT sources, to quickly incorporate any emerging IOCs related to this threat. 3) Enforce strict access controls and segmentation to limit malware propagation within networks. 4) Conduct regular security awareness training emphasizing the risks of payload delivery mechanisms and the importance of recognizing suspicious network behavior. 5) Employ endpoint detection and response (EDR) solutions capable of identifying and isolating malware payloads. 6) Prepare incident response plans tailored to malware infections involving network vectors. 7) Since no patches are available, focus on preventive controls and rapid detection rather than remediation through software updates. These measures will help mitigate the risk posed by this threat despite the current lack of detailed exploit information.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
f06897f7-ce66-410a-9c1b-93c28a73f6da
Original Timestamp
1751673786

Indicators of Compromise

Domain

ValueDescriptionCopy
domainmobatek.pro
Unknown Loader payload delivery domain (confidence level: 90%)
domainnas.gddsw.top
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainmer.b2b.9zt.hk
Unknown malware botnet C2 domain (confidence level: 100%)
domain68.227.0.34.bc.googleusercontent.com
Unknown malware botnet C2 domain (confidence level: 100%)
domaindsasinject-58214.portmap.io
XWorm botnet C2 domain (confidence level: 100%)
domainmailing-iv.gl.at.ply.gg
AsyncRAT botnet C2 domain (confidence level: 100%)
domainpulsa2ndrdplogs.duckdns.org
Quasar RAT botnet C2 domain (confidence level: 75%)
domainpulsaratlogs.duckdns.org
Quasar RAT botnet C2 domain (confidence level: 75%)
domainmyaccount.secured-authentication.ru
Havoc botnet C2 domain (confidence level: 100%)
domainupdatemsdnserver.com
StrelaStealer botnet C2 domain (confidence level: 100%)
domainserver.pikachull.ip-ddns.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domain1c.exifit.eu.org
Vidar botnet C2 domain (confidence level: 75%)
domainoskolko.uno
IcedID botnet C2 domain (confidence level: 50%)
domainrvbwtbeitwjeitv.com
Ramnit botnet C2 domain (confidence level: 50%)
domainrequest-bosnia.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domainwickpinto.duckdns.org
XWorm botnet C2 domain (confidence level: 50%)
domaincasupfi.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaincalxzg.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaincljaln.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainemegln.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainflotzi.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaingrkozh.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainharmst.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainhavyfad.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaininvjzc.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainlondqx.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainmeyks.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainmjfqq.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainomahpy.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainpaggdt.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainpnpxsc.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainpowdgl.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainrejpqb.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainsomfhz.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainwhilhi.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domain8diaprinzpistpe.blogspot.com
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaincloud839v3.cyou
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainmedia.cloud839v3.cyou
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainlondonoffvisit.com
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainripple-legal.com
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainripple-regulation.com
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainripple-regulatory.com
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainferjpn.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaingecoea.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainnbwihi.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainodetgw.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainsaleone.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainstabkkf.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainstefeu.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainthiyntf.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainuntuia.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainwhaagd.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainabsqln.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaindealbht.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainiswxch.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainpltefd.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainpofnxk.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainponqcf.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainsenezqj.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainsmoskp.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainsuhvqq.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaindiseysy.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainvetbe.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainfreqbkv.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainbraoto.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainbumualu.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainclehygs.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainleehpfe.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaintalkrt.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainbidafgs.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainfoospjo.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaingrkuek.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainrumidk.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainmajvkra.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainupgrazz.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainwonxw.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaingilyesu.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainfolshvs.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainpitqhms.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaindusjnnn.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainalmzsff.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainfoqdra.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainsulfvo.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainfoqmpk.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaingiyewf.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaintomxlw.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainjewbhl.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainstaman.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainswigddmb.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainimpvmg.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainvietololm.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainwindowsupdatetoasticon.issmarterthanyou.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainsecurityhealthmonitorgiize.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainsecurityhealthsystrays.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainresults-sand.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domainksa-h4ck.ddns.net
NjRAT botnet C2 domain (confidence level: 100%)
domainrisk.preech.top
ValleyRAT botnet C2 domain (confidence level: 100%)
domainfunmusic.servebeer.com
CyberGate botnet C2 domain (confidence level: 100%)
domainxt.exifit.eu.org
Vidar botnet C2 domain (confidence level: 75%)
domaincountryview.info
Unknown Loader botnet C2 domain (confidence level: 100%)
domainmiddleshape.info
Unknown Loader botnet C2 domain (confidence level: 100%)
domainsonplane.info
Unknown Loader botnet C2 domain (confidence level: 100%)
domainboytheory.xyz
Unknown Loader botnet C2 domain (confidence level: 100%)
domainfeedback.bigsightsystems.com
FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainwhiydg.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainwerdqs.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainwesajkh.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainvenxvrc.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainvarjdih.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainvafonp.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainunsmka.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaintamwzen.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainspiioyt.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainshiqgvx.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainriamoyi.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainradlomr.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainquaagq.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainprkovy.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainpoioblz.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainpilqdx.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainnooinys.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainmieydn.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainmasmkl.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainmarktth.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaintrarzcr.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainloxmbi.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainkgqxaa.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainletoxtk.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainlelurr.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaininvdfgq.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainimasau.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainblisao.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainvegwrwv.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaingaylw.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaingastrci.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaingamtxto.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainfifdtm.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaincreewuh.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaindelnsc.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaindeepvqy.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaincucujxc.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainconcvek.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainuneqclj.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainjumpkwo.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainhalnbb.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainjumclx.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaincennqq.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainbouzxme.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainbitjbpc.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaindupldaw.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainiroibk.lat
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainpupkvw.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainduxoq.pics
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainstrah.biz
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainferedo.online
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaindltc.xyz
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainoptica.expert
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaingazladder.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainknv.one
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainrasteks.org
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainrathole.icu
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaindmaap.link
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainselmanaged.fun
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainnot-sized.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainomgwtfbbq123.sytes.net
CyberGate botnet C2 domain (confidence level: 100%)
domainazuredbclitest-tkbum.rs-f815c4c85fb6.postgres.database.azure.com
Hook botnet C2 domain (confidence level: 100%)
domainrates-north.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainsecond-spyware.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainconnecetwise.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainlet12345-61544.portmap.io
Quasar RAT botnet C2 domain (confidence level: 100%)
domaingot-incurred.gl.at.ply.gg
SpyNote botnet C2 domain (confidence level: 100%)
domaincity-communicate.gl.at.ply.gg
SpyNote botnet C2 domain (confidence level: 100%)
domainstpmarche.no-ip.org
CyberGate botnet C2 domain (confidence level: 100%)
domainsonytester.no-ip.biz
CyberGate botnet C2 domain (confidence level: 100%)
domainr3nt3r.no-ip.org
CyberGate botnet C2 domain (confidence level: 100%)
domainchangeintoafly.no-ip.biz
CyberGate botnet C2 domain (confidence level: 100%)
domaintutatara.no-ip.info
CyberGate botnet C2 domain (confidence level: 100%)
domainmaxo.4cloud.click
AsyncRAT botnet C2 domain (confidence level: 100%)
domainprobrad.no-ip.org
CyberGate botnet C2 domain (confidence level: 100%)

File

ValueDescriptionCopy
file83.229.120.98
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.139.210.38
Cobalt Strike botnet C2 server (confidence level: 100%)
file104.207.138.98
NjRAT botnet C2 server (confidence level: 100%)
file60.204.245.37
Cobalt Strike botnet C2 server (confidence level: 100%)
file31.6.7.154
Remcos botnet C2 server (confidence level: 100%)
file91.92.46.250
Remcos botnet C2 server (confidence level: 100%)
file123.163.206.142
Sliver botnet C2 server (confidence level: 100%)
file128.90.106.224
AsyncRAT botnet C2 server (confidence level: 100%)
file84.200.77.140
SectopRAT botnet C2 server (confidence level: 100%)
file141.98.11.22
SectopRAT botnet C2 server (confidence level: 100%)
file3.87.188.100
Unknown malware botnet C2 server (confidence level: 100%)
file107.152.45.119
Havoc botnet C2 server (confidence level: 100%)
file46.246.84.2
DCRat botnet C2 server (confidence level: 100%)
file111.92.240.189
DCRat botnet C2 server (confidence level: 100%)
file134.122.173.67
ValleyRAT botnet C2 server (confidence level: 100%)
file106.55.71.90
Cobalt Strike botnet C2 server (confidence level: 75%)
file103.158.36.17
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.158.36.92
Cobalt Strike botnet C2 server (confidence level: 100%)
file138.68.87.170
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.94.232.254
Ghost RAT botnet C2 server (confidence level: 75%)
file154.94.232.198
Ghost RAT botnet C2 server (confidence level: 75%)
file3.147.68.101
Sliver botnet C2 server (confidence level: 100%)
file88.229.27.40
AsyncRAT botnet C2 server (confidence level: 100%)
file83.249.230.189
AsyncRAT botnet C2 server (confidence level: 100%)
file3.121.114.119
Havoc botnet C2 server (confidence level: 100%)
file111.92.240.219
DCRat botnet C2 server (confidence level: 100%)
file185.231.205.87
Stealc botnet C2 server (confidence level: 100%)
file144.172.117.108
Unknown malware botnet C2 server (confidence level: 100%)
file47.111.24.71
Chaos botnet C2 server (confidence level: 100%)
file179.43.186.234
AdaptixC2 botnet C2 server (confidence level: 100%)
file85.158.110.87
Rhadamanthys botnet C2 server (confidence level: 100%)
file123.56.48.76
Unknown malware botnet C2 server (confidence level: 100%)
file47.111.89.78
Unknown malware botnet C2 server (confidence level: 100%)
file140.99.130.43
Unknown malware botnet C2 server (confidence level: 100%)
file107.174.232.95
Unknown malware botnet C2 server (confidence level: 100%)
file34.58.93.206
Unknown malware botnet C2 server (confidence level: 100%)
file15.161.122.193
Unknown malware botnet C2 server (confidence level: 100%)
file107.21.48.214
Unknown malware botnet C2 server (confidence level: 100%)
file13.60.16.246
Unknown malware botnet C2 server (confidence level: 100%)
file52.208.80.113
Unknown malware botnet C2 server (confidence level: 100%)
file15.223.71.97
Unknown malware botnet C2 server (confidence level: 100%)
file194.164.172.92
Unknown malware botnet C2 server (confidence level: 100%)
file46.237.40.128
Unknown malware botnet C2 server (confidence level: 100%)
file122.152.225.89
Unknown malware botnet C2 server (confidence level: 100%)
file18.195.57.223
Unknown malware botnet C2 server (confidence level: 100%)
file35.229.193.55
Unknown malware botnet C2 server (confidence level: 100%)
file185.28.119.26
Unknown malware botnet C2 server (confidence level: 100%)
file77.105.161.10
NjRAT botnet C2 server (confidence level: 100%)
file47.94.52.245
SquidLoader botnet C2 server (confidence level: 100%)
file103.176.197.40
ValleyRAT botnet C2 server (confidence level: 100%)
file137.220.62.107
FAKEUPDATES botnet C2 server (confidence level: 100%)
file43.154.91.3
FatalRat botnet C2 server (confidence level: 100%)
file94.156.114.219
Quasar RAT botnet C2 server (confidence level: 100%)
file189.159.169.216
Quasar RAT botnet C2 server (confidence level: 100%)
file103.176.197.40
ValleyRAT botnet C2 server (confidence level: 100%)
file23.249.28.155
ValleyRAT botnet C2 server (confidence level: 100%)
file206.238.114.178
ValleyRAT botnet C2 server (confidence level: 100%)
file206.238.114.178
ValleyRAT botnet C2 server (confidence level: 100%)
file156.251.19.36
ValleyRAT botnet C2 server (confidence level: 100%)
file156.251.19.36
ValleyRAT botnet C2 server (confidence level: 100%)
file134.122.173.67
ValleyRAT botnet C2 server (confidence level: 100%)
file134.122.173.67
ValleyRAT botnet C2 server (confidence level: 100%)
file139.159.138.76
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.98.33.163
Cobalt Strike botnet C2 server (confidence level: 100%)
file175.178.85.21
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.137.22.115
RedLine Stealer botnet C2 server (confidence level: 100%)
file64.225.75.165
XWorm botnet C2 server (confidence level: 75%)
file107.175.34.68
XWorm botnet C2 server (confidence level: 75%)
file172.111.139.111
XWorm botnet C2 server (confidence level: 100%)
file94.156.152.54
Koi Stealer botnet C2 server (confidence level: 75%)
file107.175.34.68
Quasar RAT botnet C2 server (confidence level: 75%)
file1.92.153.104
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.94.232.243
Ghost RAT botnet C2 server (confidence level: 100%)
file208.94.246.47
Remcos botnet C2 server (confidence level: 100%)
file151.242.58.40
AsyncRAT botnet C2 server (confidence level: 100%)
file195.66.213.157
PoshC2 botnet C2 server (confidence level: 100%)
file106.75.8.65
Sliver botnet C2 server (confidence level: 75%)
file185.112.101.36
StrelaStealer botnet C2 server (confidence level: 100%)
file144.172.109.72
Sliver botnet C2 server (confidence level: 75%)
file147.50.230.91
Sliver botnet C2 server (confidence level: 75%)
file147.50.230.91
Sliver botnet C2 server (confidence level: 75%)
file147.50.230.91
Sliver botnet C2 server (confidence level: 75%)
file163.181.66.88
DeimosC2 botnet C2 server (confidence level: 75%)
file42.185.157.75
DeimosC2 botnet C2 server (confidence level: 75%)
file5.255.103.206
Eye Pyramid botnet C2 server (confidence level: 75%)
file56.136.54.163
DeimosC2 botnet C2 server (confidence level: 75%)
file98.70.49.169
Brute Ratel C4 botnet C2 server (confidence level: 75%)
file106.14.89.119
Cobalt Strike botnet C2 server (confidence level: 75%)
file117.148.177.211
Cobalt Strike botnet C2 server (confidence level: 75%)
file125.76.82.109
Cobalt Strike botnet C2 server (confidence level: 75%)
file183.131.178.88
Cobalt Strike botnet C2 server (confidence level: 75%)
file218.28.104.157
Cobalt Strike botnet C2 server (confidence level: 75%)
file218.60.175.252
Cobalt Strike botnet C2 server (confidence level: 75%)
file218.92.216.56
Cobalt Strike botnet C2 server (confidence level: 75%)
file27.152.182.60
Cobalt Strike botnet C2 server (confidence level: 75%)
file61.156.44.221
Cobalt Strike botnet C2 server (confidence level: 75%)
file195.211.98.211
Cobalt Strike botnet C2 server (confidence level: 50%)
file107.175.158.208
Cobalt Strike botnet C2 server (confidence level: 50%)
file196.191.244.137
Sliver botnet C2 server (confidence level: 50%)
file135.180.4.247
Sliver botnet C2 server (confidence level: 50%)
file92.118.170.146
Sliver botnet C2 server (confidence level: 50%)
file139.9.221.114
Sliver botnet C2 server (confidence level: 50%)
file35.90.2.59
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file13.231.110.254
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file92.205.161.164
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file194.53.137.35
Unknown malware botnet C2 server (confidence level: 50%)
file170.64.208.80
Unknown malware botnet C2 server (confidence level: 50%)
file195.181.175.131
Xtreme RAT botnet C2 server (confidence level: 50%)
file134.122.176.24
ValleyRAT botnet C2 server (confidence level: 100%)
file121.43.60.1
Ghost RAT botnet C2 server (confidence level: 100%)
file110.41.54.10
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.159.199.184
XWorm botnet C2 server (confidence level: 100%)
file43.155.4.35
XWorm botnet C2 server (confidence level: 100%)
file150.109.120.102
XWorm botnet C2 server (confidence level: 100%)
file154.94.232.242
Ghost RAT botnet C2 server (confidence level: 100%)
file45.192.99.146
Ghost RAT botnet C2 server (confidence level: 100%)
file144.172.96.219
pupy botnet C2 server (confidence level: 100%)
file121.41.69.238
Sliver botnet C2 server (confidence level: 100%)
file217.195.153.118
Sliver botnet C2 server (confidence level: 100%)
file208.123.119.210
Sliver botnet C2 server (confidence level: 100%)
file47.107.248.162
Unknown malware botnet C2 server (confidence level: 100%)
file176.46.157.57
SectopRAT botnet C2 server (confidence level: 100%)
file45.32.107.111
Unknown malware botnet C2 server (confidence level: 100%)
file206.123.128.81
Hook botnet C2 server (confidence level: 100%)
file206.123.128.81
Hook botnet C2 server (confidence level: 100%)
file34.148.218.89
Havoc botnet C2 server (confidence level: 100%)
file195.123.225.126
Havoc botnet C2 server (confidence level: 100%)
file35.90.2.59
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file2.45.246.28
Unknown malware botnet C2 server (confidence level: 100%)
file124.156.101.47
ValleyRAT botnet C2 server (confidence level: 100%)
file154.82.92.181
ValleyRAT botnet C2 server (confidence level: 100%)
file103.79.120.89
PlugX botnet C2 server (confidence level: 100%)
file173.199.71.152
PlugX botnet C2 server (confidence level: 100%)
file38.89.72.133
PlugX botnet C2 server (confidence level: 100%)
file45.152.65.213
PlugX botnet C2 server (confidence level: 100%)
file45.152.66.25
PlugX botnet C2 server (confidence level: 100%)
file45.32.105.184
PlugX botnet C2 server (confidence level: 100%)
file83.229.127.115
PlugX botnet C2 server (confidence level: 100%)
file103.46.185.183
ValleyRAT botnet C2 server (confidence level: 100%)
file172.245.4.223
Remcos botnet C2 server (confidence level: 75%)
file172.245.4.223
Remcos botnet C2 server (confidence level: 75%)
file154.222.24.47
Ghost RAT botnet C2 server (confidence level: 100%)
file172.93.160.93
Remcos botnet C2 server (confidence level: 100%)
file196.251.117.230
Remcos botnet C2 server (confidence level: 100%)
file191.233.20.127
Remcos botnet C2 server (confidence level: 100%)
file35.194.89.202
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.116.62
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.116.62
AsyncRAT botnet C2 server (confidence level: 100%)
file18.213.88.53
Unknown malware botnet C2 server (confidence level: 100%)
file181.162.167.246
Quasar RAT botnet C2 server (confidence level: 100%)
file102.219.210.203
Quasar RAT botnet C2 server (confidence level: 100%)
file185.72.199.103
Quasar RAT botnet C2 server (confidence level: 100%)
file136.144.181.45
Havoc botnet C2 server (confidence level: 100%)
file118.107.46.97
DCRat botnet C2 server (confidence level: 100%)
file118.107.46.92
DCRat botnet C2 server (confidence level: 100%)
file13.59.10.58
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file101.200.193.211
Cobalt Strike botnet C2 server (confidence level: 75%)
file119.28.193.118
ValleyRAT botnet C2 server (confidence level: 100%)
file185.19.85.183
Quasar RAT botnet C2 server (confidence level: 100%)
file81.254.145.114
Quasar RAT botnet C2 server (confidence level: 100%)
file196.251.70.143
XWorm botnet C2 server (confidence level: 100%)
file3.68.56.232
NjRAT botnet C2 server (confidence level: 100%)
file3.67.15.169
NjRAT botnet C2 server (confidence level: 100%)
file3.124.67.191
NjRAT botnet C2 server (confidence level: 100%)
file194.59.31.33
Remcos botnet C2 server (confidence level: 100%)
file107.175.158.208
Cobalt Strike botnet C2 server (confidence level: 100%)
file107.175.158.208
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.96.224.76
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.222.24.175
Ghost RAT botnet C2 server (confidence level: 100%)
file192.159.99.94
Remcos botnet C2 server (confidence level: 100%)
file185.208.159.121
Remcos botnet C2 server (confidence level: 100%)
file179.13.2.162
Remcos botnet C2 server (confidence level: 100%)
file74.235.58.46
Hook botnet C2 server (confidence level: 100%)
file136.144.181.45
Havoc botnet C2 server (confidence level: 100%)
file140.143.242.109
Vshell botnet C2 server (confidence level: 100%)
file109.145.253.19
QakBot botnet C2 server (confidence level: 75%)
file104.245.240.4
WarmCookie botnet C2 server (confidence level: 100%)
file189.140.35.239
QakBot botnet C2 server (confidence level: 75%)
file46.246.222.215
QakBot botnet C2 server (confidence level: 75%)
file113.201.158.191
Cobalt Strike botnet C2 server (confidence level: 75%)
file117.187.245.245
Cobalt Strike botnet C2 server (confidence level: 75%)
file119.96.17.222
Cobalt Strike botnet C2 server (confidence level: 75%)
file182.247.250.209
Cobalt Strike botnet C2 server (confidence level: 75%)
file36.25.254.122
Cobalt Strike botnet C2 server (confidence level: 75%)
file42.202.164.11
Cobalt Strike botnet C2 server (confidence level: 75%)
file60.211.209.111
Cobalt Strike botnet C2 server (confidence level: 75%)
file61.170.88.228
Cobalt Strike botnet C2 server (confidence level: 75%)
file54.233.70.171
XWorm botnet C2 server (confidence level: 100%)
file85.203.4.232
XWorm botnet C2 server (confidence level: 100%)
file185.100.157.217
XWorm botnet C2 server (confidence level: 100%)
file188.212.158.75
XWorm botnet C2 server (confidence level: 100%)
file49.235.64.155
AsyncRAT botnet C2 server (confidence level: 100%)
file93.177.102.241
AsyncRAT botnet C2 server (confidence level: 100%)
file144.172.87.191
AsyncRAT botnet C2 server (confidence level: 100%)
file185.38.142.16
AsyncRAT botnet C2 server (confidence level: 100%)
file191.101.130.236
XWorm botnet C2 server (confidence level: 100%)
file184.190.169.22
AsyncRAT botnet C2 server (confidence level: 100%)
file77.110.117.36
Quasar RAT botnet C2 server (confidence level: 100%)
file31.57.224.68
SpyNote botnet C2 server (confidence level: 100%)
file130.204.171.128
CyberGate botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1177
NjRAT botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash25
Remcos botnet C2 server (confidence level: 100%)
hash40000
Sliver botnet C2 server (confidence level: 100%)
hash4000
AsyncRAT botnet C2 server (confidence level: 100%)
hash9000
SectopRAT botnet C2 server (confidence level: 100%)
hash9000
SectopRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash5000
DCRat botnet C2 server (confidence level: 100%)
hash443
DCRat botnet C2 server (confidence level: 100%)
hash6666
ValleyRAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash14443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash14443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Ghost RAT botnet C2 server (confidence level: 75%)
hash80
Ghost RAT botnet C2 server (confidence level: 75%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash443
DCRat botnet C2 server (confidence level: 100%)
hash80
Stealc botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash47486
Chaos botnet C2 server (confidence level: 100%)
hash4321
AdaptixC2 botnet C2 server (confidence level: 100%)
hash8899
Rhadamanthys botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash10443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash9000
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash4444
Unknown malware botnet C2 server (confidence level: 100%)
hash7000
NjRAT botnet C2 server (confidence level: 100%)
hash443
SquidLoader botnet C2 server (confidence level: 100%)
hash53
ValleyRAT botnet C2 server (confidence level: 100%)
hash88826c773788a68300b0dd78a92af12a
Nitrogen Loader payload (confidence level: 50%)
hashe14d7baf640bfb479e186d0281a27179
Nitrogen Loader payload (confidence level: 50%)
hasha4b24c189f63204efd2b36ce5ab3aaaa
Nitrogen Loader payload (confidence level: 50%)
hash443
FAKEUPDATES botnet C2 server (confidence level: 100%)
hash8081
FatalRat botnet C2 server (confidence level: 100%)
hash57480
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash90
ValleyRAT botnet C2 server (confidence level: 100%)
hash90
ValleyRAT botnet C2 server (confidence level: 100%)
hash55637
ValleyRAT botnet C2 server (confidence level: 100%)
hash55638
ValleyRAT botnet C2 server (confidence level: 100%)
hash21208
ValleyRAT botnet C2 server (confidence level: 100%)
hash20208
ValleyRAT botnet C2 server (confidence level: 100%)
hash8888
ValleyRAT botnet C2 server (confidence level: 100%)
hash80
ValleyRAT botnet C2 server (confidence level: 100%)
hash8000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 100%)
hash55615
RedLine Stealer botnet C2 server (confidence level: 100%)
hash8069
XWorm botnet C2 server (confidence level: 75%)
hash3360
XWorm botnet C2 server (confidence level: 75%)
hash7000
XWorm botnet C2 server (confidence level: 100%)
hash80
Koi Stealer botnet C2 server (confidence level: 75%)
hash3370
Quasar RAT botnet C2 server (confidence level: 75%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Ghost RAT botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
PoshC2 botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 75%)
hash80
StrelaStealer botnet C2 server (confidence level: 100%)
hash8888
Sliver botnet C2 server (confidence level: 75%)
hash8090
Sliver botnet C2 server (confidence level: 75%)
hash8443
Sliver botnet C2 server (confidence level: 75%)
hash8888
Sliver botnet C2 server (confidence level: 75%)
hash4506
DeimosC2 botnet C2 server (confidence level: 75%)
hash4506
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
Eye Pyramid botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
Brute Ratel C4 botnet C2 server (confidence level: 75%)
hash2096
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash2086
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash9306
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash4063
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash47990
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 50%)
hash8880
ValleyRAT botnet C2 server (confidence level: 100%)
hash5252
Ghost RAT botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash23368
XWorm botnet C2 server (confidence level: 100%)
hash23368
XWorm botnet C2 server (confidence level: 100%)
hash23368
XWorm botnet C2 server (confidence level: 100%)
hash80
Ghost RAT botnet C2 server (confidence level: 100%)
hash80
Ghost RAT botnet C2 server (confidence level: 100%)
hash443
pupy botnet C2 server (confidence level: 100%)
hash8888
Sliver botnet C2 server (confidence level: 100%)
hash80
Sliver botnet C2 server (confidence level: 100%)
hash80
Sliver botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash9000
SectopRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash1443
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash18856
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
ValleyRAT botnet C2 server (confidence level: 100%)
hash6689
ValleyRAT botnet C2 server (confidence level: 100%)
hash443
PlugX botnet C2 server (confidence level: 100%)
hash443
PlugX botnet C2 server (confidence level: 100%)
hash443
PlugX botnet C2 server (confidence level: 100%)
hash443
PlugX botnet C2 server (confidence level: 100%)
hash443
PlugX botnet C2 server (confidence level: 100%)
hash443
PlugX botnet C2 server (confidence level: 100%)
hash443
PlugX botnet C2 server (confidence level: 100%)
hash443
ValleyRAT botnet C2 server (confidence level: 100%)
hash13408
Remcos botnet C2 server (confidence level: 75%)
hash13409
Remcos botnet C2 server (confidence level: 75%)
hash80
Ghost RAT botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash5000
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash143
AsyncRAT botnet C2 server (confidence level: 100%)
hash888
AsyncRAT botnet C2 server (confidence level: 100%)
hash7777
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Quasar RAT botnet C2 server (confidence level: 100%)
hash8090
Quasar RAT botnet C2 server (confidence level: 100%)
hash1717
Quasar RAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash443
DCRat botnet C2 server (confidence level: 100%)
hash443
DCRat botnet C2 server (confidence level: 100%)
hash808
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 75%)
hash561
ValleyRAT botnet C2 server (confidence level: 100%)
hash4449
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash1603
XWorm botnet C2 server (confidence level: 100%)
hash11722
NjRAT botnet C2 server (confidence level: 100%)
hash11722
NjRAT botnet C2 server (confidence level: 100%)
hash11722
NjRAT botnet C2 server (confidence level: 100%)
hash1759
Remcos botnet C2 server (confidence level: 100%)
hash2053
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2082
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Ghost RAT botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash80
Havoc botnet C2 server (confidence level: 100%)
hash8082
Vshell botnet C2 server (confidence level: 100%)
hash2222
QakBot botnet C2 server (confidence level: 75%)
hash443
WarmCookie botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash995
QakBot botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash6000
XWorm botnet C2 server (confidence level: 100%)
hash7000
XWorm botnet C2 server (confidence level: 100%)
hash7000
XWorm botnet C2 server (confidence level: 100%)
hash7000
XWorm botnet C2 server (confidence level: 100%)
hash4449
AsyncRAT botnet C2 server (confidence level: 100%)
hash31
AsyncRAT botnet C2 server (confidence level: 100%)
hash1337
AsyncRAT botnet C2 server (confidence level: 100%)
hash4449
AsyncRAT botnet C2 server (confidence level: 100%)
hash8398
XWorm botnet C2 server (confidence level: 100%)
hash4083
AsyncRAT botnet C2 server (confidence level: 100%)
hash8080
Quasar RAT botnet C2 server (confidence level: 100%)
hash7860
SpyNote botnet C2 server (confidence level: 100%)
hash2465
CyberGate botnet C2 server (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttp://89.35.130.147:5810/3dc7f62e.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://updatemsdnserver.com/server.php
StrelaStealer botnet C2 (confidence level: 100%)
urlhttps://1c.exifit.eu.org
Vidar botnet C2 (confidence level: 75%)
urlhttps://drive.google.com/uc?export=download&id=1aqo6iwyu8fxe7qnee8mrzmluznvbdgio
Unknown Loader payload delivery URL (confidence level: 50%)
urlhttp://regalscoin.co/admin/panel/five/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 50%)
urlhttp://clubdemadrespompiglos.com/sse/panelnew/gate.php
Pony botnet C2 (confidence level: 50%)
urlhttps://xt.exifit.eu.org
Vidar botnet C2 (confidence level: 75%)
urlhttps://boytheory.xyz/bin.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttp://sonplane.info/fki.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://feedback.bigsightsystems.com/viewdashboard
FAKEUPDATES botnet C2 (confidence level: 100%)
urlhttps://flagowe.shop/xpal
Lumma Stealer botnet C2 (confidence level: 100%)

Threat ID: 68686d2e6f40f0eb72a41214

Added to database: 7/5/2025, 12:09:18 AM

Last enriched: 7/5/2025, 12:24:42 AM

Last updated: 7/5/2025, 3:09:18 PM

Views: 2

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats