Skip to main content

ThreatFox IOCs for 2025-07-07

Medium
Published: Mon Jul 07 2025 (07/07/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-07-07

AI-Powered Analysis

AILast updated: 07/08/2025, 00:24:46 UTC

Technical Analysis

The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2025-07-07 by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), network activity, and payload delivery. The data appears to be a collection of threat intelligence indicators rather than a description of a specific malware variant or exploit. No affected software versions or specific vulnerabilities are identified, and there are no known exploits in the wild linked to these IOCs. The threat level is indicated as medium, with a threatLevel score of 2, analysis score of 1, and distribution score of 3, suggesting moderate dissemination and some level of analysis but limited technical detail. The absence of patch availability and lack of CWE identifiers imply that this is not tied to a known software vulnerability but rather to observed malicious network behaviors or payload delivery mechanisms detected through OSINT methods. The TLP (Traffic Light Protocol) is white, indicating the information is publicly shareable without restriction. Overall, this entry serves as a situational awareness update providing network defenders with potential indicators to monitor but lacks detailed technical specifics about the malware or attack vectors.

Potential Impact

For European organizations, the impact of these IOCs depends largely on their ability to integrate and act upon this threat intelligence within their security monitoring frameworks. Since no specific exploited vulnerabilities or malware payload details are provided, the direct risk is moderate. However, the presence of network activity and payload delivery tags suggests potential risks of intrusion attempts or malware infections if these indicators correspond to active campaigns. Organizations relying on OSINT feeds for threat detection can use these IOCs to enhance their detection capabilities and potentially prevent compromise. The lack of known exploits in the wild reduces immediate urgency, but the medium severity rating indicates that vigilance is warranted. European entities with critical infrastructure or sensitive data may face increased risk if these IOCs relate to targeted campaigns, especially if attackers leverage these indicators to bypass defenses or deliver payloads.

Mitigation Recommendations

1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to enable real-time detection of related network activity. 2. Conduct regular threat hunting exercises using these IOCs to identify any signs of compromise or suspicious payload delivery attempts within the network. 3. Enhance network segmentation and implement strict egress filtering to limit the potential spread or communication of malicious payloads. 4. Maintain up-to-date endpoint protection solutions capable of detecting and blocking payloads associated with these indicators. 5. Train security teams to recognize and respond to network activity patterns consistent with the provided threat intelligence. 6. Collaborate with national and European cybersecurity information sharing organizations to contextualize these IOCs within broader threat landscapes. 7. Since no patches are available, focus on detection and response capabilities rather than remediation of software vulnerabilities.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
cab53ffe-9400-4aa9-85c9-56c2e89aec80
Original Timestamp
1751932987

Indicators of Compromise

Domain

ValueDescriptionCopy
domainservicezqp.lol
Unknown malware credit card skimming domain (confidence level: 100%)
domainb1.a.exifit.ir
Vidar botnet C2 domain (confidence level: 100%)
domainlegder-live-desktop.net
Unknown malware payload delivery domain (confidence level: 100%)
domainforbescheck.top
Unknown malware payload delivery domain (confidence level: 100%)
domainnnnnssss-64548.portmap.io
XWorm botnet C2 domain (confidence level: 100%)
domainnuevboprogreso.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domain296azure-64092.portmap.io
AsyncRAT botnet C2 domain (confidence level: 50%)
domainmadara21-54023.portmap.io
DarkComet botnet C2 domain (confidence level: 50%)
domainuranet.duckdns.org
Mirai botnet C2 domain (confidence level: 50%)
domainnode.ozzytzy-anomali-adminjomok.panel-store-pterodactyl.my.id
Havoc botnet C2 domain (confidence level: 100%)
domainlbkequityexchange.com
Unknown malware payload delivery domain (confidence level: 100%)
domainsummer25hot.org
NetSupportManager RAT botnet C2 domain (confidence level: 100%)
domainfarahsaamer.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainremdynu1.accesscam.org
Remcos botnet C2 domain (confidence level: 100%)
domainremdynu2.accesscam.org
Remcos botnet C2 domain (confidence level: 100%)
domainhajouts8koumis9.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainhajouts8koumis910.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainwisedreams-53895.portmap.io
Quasar RAT botnet C2 domain (confidence level: 100%)
domainstable.lanpdt.info
FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainanoteryo.top
NetSupportManager RAT payload delivery domain (confidence level: 100%)
domainvideoproduction.demostagingserver.com
NetSupportManager RAT payload delivery domain (confidence level: 100%)
domainmugu3.ydns.eu
Quasar RAT botnet C2 domain (confidence level: 75%)
domainc83-249-230-189.bredband.tele2.se
AsyncRAT botnet C2 domain (confidence level: 100%)
domainen.earthen.io
ShadowPad botnet C2 domain (confidence level: 95%)
domainambakgroup.com
Remcos botnet C2 domain (confidence level: 100%)
domainwindows11.webredirect.org
Remcos botnet C2 domain (confidence level: 100%)
domainslitterline.xyz
Remcos botnet C2 domain (confidence level: 100%)
domainrem.specialtyfoodnetwork.site
Remcos botnet C2 domain (confidence level: 100%)
domainnglocalhost.com
NjRAT botnet C2 domain (confidence level: 100%)
domainamazon.capeturk.com
Revenge RAT botnet C2 domain (confidence level: 100%)
domaintarek777.no-ip.biz
CyberGate botnet C2 domain (confidence level: 100%)
domainreportedfall.no-ip.biz
CyberGate botnet C2 domain (confidence level: 100%)
domainblog.ictstudents.help
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaindns2.e-twfpg.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainlogin.ictstudents.help
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainns1.bsetop.top
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainns2.bsetop.top
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainns3.bsetop.top
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainsupport.desktop.wales
Cobalt Strike botnet C2 domain (confidence level: 75%)
domain17.5.exifit.ir
Vidar botnet C2 domain (confidence level: 75%)

File

ValueDescriptionCopy
file189.1.226.116
Cobalt Strike botnet C2 server (confidence level: 100%)
file114.132.190.235
Ghost RAT botnet C2 server (confidence level: 100%)
file128.90.115.156
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.116.62
AsyncRAT botnet C2 server (confidence level: 100%)
file103.230.69.188
Unknown malware botnet C2 server (confidence level: 100%)
file5.181.2.21
Havoc botnet C2 server (confidence level: 100%)
file52.167.137.175
Havoc botnet C2 server (confidence level: 100%)
file35.180.203.168
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file13.233.168.184
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file134.209.207.184
Bashlite botnet C2 server (confidence level: 100%)
file160.218.107.14
Bashlite botnet C2 server (confidence level: 100%)
file154.91.180.29
AdaptixC2 botnet C2 server (confidence level: 100%)
file108.61.252.113
Empire Downloader botnet C2 server (confidence level: 100%)
file206.238.114.75
ValleyRAT botnet C2 server (confidence level: 100%)
file45.204.192.216
FatalRat botnet C2 server (confidence level: 100%)
file36.133.99.108
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.176.197.34
Ghost RAT botnet C2 server (confidence level: 75%)
file196.251.116.62
AsyncRAT botnet C2 server (confidence level: 100%)
file5.181.2.21
Havoc botnet C2 server (confidence level: 100%)
file37.72.168.146
Havoc botnet C2 server (confidence level: 100%)
file13.246.42.27
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file51.20.248.15
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file40.176.253.172
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file13.60.201.128
Unknown malware botnet C2 server (confidence level: 100%)
file65.0.55.238
Unknown malware botnet C2 server (confidence level: 100%)
file34.195.162.188
Unknown malware botnet C2 server (confidence level: 100%)
file54.91.60.122
Unknown malware botnet C2 server (confidence level: 100%)
file3.127.89.233
Unknown malware botnet C2 server (confidence level: 100%)
file122.50.5.70
Unknown malware botnet C2 server (confidence level: 100%)
file89.110.81.103
Empire Downloader botnet C2 server (confidence level: 100%)
file116.202.182.34
Vidar botnet C2 server (confidence level: 100%)
file196.251.69.238
Remcos botnet C2 server (confidence level: 100%)
file118.195.235.103
AsyncRAT botnet C2 server (confidence level: 100%)
file45.153.22.11
Quasar RAT botnet C2 server (confidence level: 100%)
file206.238.114.75
ValleyRAT botnet C2 server (confidence level: 100%)
file150.95.26.55
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.239.69.149
Cobalt Strike botnet C2 server (confidence level: 100%)
file88.218.93.71
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file114.55.29.53
Cobalt Strike botnet C2 server (confidence level: 50%)
file1.92.138.71
Cobalt Strike botnet C2 server (confidence level: 50%)
file47.109.140.12
Cobalt Strike botnet C2 server (confidence level: 50%)
file221.132.29.137
Cobalt Strike botnet C2 server (confidence level: 50%)
file51.68.231.231
Sliver botnet C2 server (confidence level: 50%)
file142.44.35.188
Sliver botnet C2 server (confidence level: 50%)
file38.244.195.30
Sliver botnet C2 server (confidence level: 50%)
file121.186.76.168
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file205.185.114.104
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file170.64.207.117
Unknown malware botnet C2 server (confidence level: 50%)
file196.251.116.62
AsyncRAT botnet C2 server (confidence level: 50%)
file178.19.240.193
DarkComet botnet C2 server (confidence level: 50%)
file84.132.23.65
Ghost RAT botnet C2 server (confidence level: 50%)
file51.250.8.230
Unknown malware botnet C2 server (confidence level: 50%)
file213.209.150.147
XWorm botnet C2 server (confidence level: 100%)
file194.59.30.123
STRRAT botnet C2 server (confidence level: 100%)
file119.8.127.123
Cobalt Strike botnet C2 server (confidence level: 100%)
file117.72.70.150
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.143.81.95
Cobalt Strike botnet C2 server (confidence level: 100%)
file196.251.116.62
AsyncRAT botnet C2 server (confidence level: 100%)
file168.231.110.190
Unknown malware botnet C2 server (confidence level: 100%)
file16.24.145.72
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file13.38.41.124
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file185.196.11.182
Broomstick botnet C2 server (confidence level: 75%)
file24.158.36.34
QakBot botnet C2 server (confidence level: 75%)
file23.249.29.68
ValleyRAT botnet C2 server (confidence level: 100%)
file43.198.149.5
ValleyRAT botnet C2 server (confidence level: 100%)
file147.185.221.29
NjRAT botnet C2 server (confidence level: 100%)
file193.161.193.99
Quasar RAT botnet C2 server (confidence level: 100%)
file106.14.2.243
pupy botnet C2 server (confidence level: 100%)
file47.121.130.60
Unknown malware botnet C2 server (confidence level: 100%)
file141.11.1.120
Unknown malware botnet C2 server (confidence level: 100%)
file94.31.108.120
AsyncRAT botnet C2 server (confidence level: 100%)
file94.31.108.120
AsyncRAT botnet C2 server (confidence level: 100%)
file94.31.108.120
AsyncRAT botnet C2 server (confidence level: 100%)
file176.46.157.64
RedLine Stealer botnet C2 server (confidence level: 100%)
file45.156.87.219
Stealc botnet C2 server (confidence level: 100%)
file194.213.18.34
FAKEUPDATES botnet C2 server (confidence level: 100%)
file129.204.130.127
Cobalt Strike botnet C2 server (confidence level: 75%)
file43.139.59.122
Cobalt Strike botnet C2 server (confidence level: 75%)
file212.115.41.175
Remcos botnet C2 server (confidence level: 75%)
file149.22.227.64
Quasar RAT botnet C2 server (confidence level: 75%)
file166.88.164.42
FAKEUPDATES botnet C2 server (confidence level: 100%)
file3.126.37.18
NjRAT botnet C2 server (confidence level: 100%)
file18.192.93.86
NjRAT botnet C2 server (confidence level: 100%)
file18.156.13.209
NjRAT botnet C2 server (confidence level: 100%)
file18.157.68.73
NjRAT botnet C2 server (confidence level: 100%)
file147.185.221.29
XWorm botnet C2 server (confidence level: 100%)
file27.147.169.101
Nanocore RAT botnet C2 server (confidence level: 100%)
file27.147.169.101
XWorm botnet C2 server (confidence level: 75%)
file156.238.225.44
Cobalt Strike botnet C2 server (confidence level: 100%)
file193.31.28.49
Remcos botnet C2 server (confidence level: 100%)
file172.81.61.168
Remcos botnet C2 server (confidence level: 100%)
file176.46.157.34
Remcos botnet C2 server (confidence level: 100%)
file176.46.157.34
Remcos botnet C2 server (confidence level: 100%)
file5.101.81.63
Remcos botnet C2 server (confidence level: 100%)
file185.25.50.35
Remcos botnet C2 server (confidence level: 100%)
file91.92.46.250
Remcos botnet C2 server (confidence level: 100%)
file124.198.131.29
Remcos botnet C2 server (confidence level: 100%)
file45.201.216.189
Sliver botnet C2 server (confidence level: 100%)
file80.64.19.69
Aurotun Stealer botnet C2 server (confidence level: 100%)
file156.246.3.189
Unknown malware botnet C2 server (confidence level: 100%)
file161.97.76.244
Unknown malware botnet C2 server (confidence level: 100%)
file64.227.189.57
Unknown malware botnet C2 server (confidence level: 100%)
file54.65.51.137
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file18.208.220.64
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file95.164.123.60
Rhadamanthys botnet C2 server (confidence level: 100%)
file196.251.69.82
N-W0rm botnet C2 server (confidence level: 100%)
file128.199.132.98
XWorm botnet C2 server (confidence level: 100%)
file45.156.87.226
Remcos botnet C2 server (confidence level: 100%)
file87.120.186.37
Quasar RAT botnet C2 server (confidence level: 100%)
file89.39.121.31
Quasar RAT botnet C2 server (confidence level: 100%)
file154.94.232.242
ValleyRAT botnet C2 server (confidence level: 100%)
file154.94.232.242
ValleyRAT botnet C2 server (confidence level: 100%)
file43.100.117.240
ValleyRAT botnet C2 server (confidence level: 100%)
file43.100.117.240
ValleyRAT botnet C2 server (confidence level: 100%)
file23.249.28.155
ValleyRAT botnet C2 server (confidence level: 100%)
file193.142.146.64
BitRAT botnet C2 server (confidence level: 100%)
file54.177.153.237
Unknown malware botnet C2 server (confidence level: 50%)
file157.230.34.254
Sliver botnet C2 server (confidence level: 50%)
file15.185.82.178
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file16.51.99.163
BlackShades botnet C2 server (confidence level: 50%)
file107.154.172.8
AdaptixC2 botnet C2 server (confidence level: 50%)
file51.250.8.230
Unknown malware botnet C2 server (confidence level: 50%)
file213.209.150.171
XWorm botnet C2 server (confidence level: 100%)
file147.185.221.20
XWorm botnet C2 server (confidence level: 50%)
file35.78.222.198
Cobalt Strike botnet C2 server (confidence level: 75%)
file48.220.32.191
Cobalt Strike botnet C2 server (confidence level: 75%)
file5.188.86.168
Cobalt Strike botnet C2 server (confidence level: 75%)
file119.91.235.213
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.117.143.185
Cobalt Strike botnet C2 server (confidence level: 100%)
file196.251.84.172
Remcos botnet C2 server (confidence level: 100%)
file196.189.21.73
Sliver botnet C2 server (confidence level: 100%)
file77.90.153.204
AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.115.156
AsyncRAT botnet C2 server (confidence level: 100%)
file172.86.105.40
Hook botnet C2 server (confidence level: 100%)
file148.66.21.235
DCRat botnet C2 server (confidence level: 100%)
file148.66.21.238
DCRat botnet C2 server (confidence level: 100%)
file148.66.21.234
DCRat botnet C2 server (confidence level: 100%)
file196.120.15.116
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file105.96.53.240
QakBot botnet C2 server (confidence level: 75%)
file110.42.229.59
Havoc botnet C2 server (confidence level: 75%)
file16.64.3.63
DeimosC2 botnet C2 server (confidence level: 75%)
file176.44.55.45
QakBot botnet C2 server (confidence level: 75%)
file182.30.42.80
DeimosC2 botnet C2 server (confidence level: 75%)
file182.30.50.169
DeimosC2 botnet C2 server (confidence level: 75%)
file184.63.156.132
QakBot botnet C2 server (confidence level: 75%)
file52.27.77.62
DeimosC2 botnet C2 server (confidence level: 75%)
file83.110.196.162
QakBot botnet C2 server (confidence level: 75%)
file85.239.52.249
Broomstick botnet C2 server (confidence level: 75%)
file88.129.147.201
DeimosC2 botnet C2 server (confidence level: 75%)
file27.106.96.167
Empire Downloader botnet C2 server (confidence level: 100%)
file123.56.43.176
Empire Downloader botnet C2 server (confidence level: 100%)
file161.97.87.37
Empire Downloader botnet C2 server (confidence level: 100%)
file81.70.172.120
Empire Downloader botnet C2 server (confidence level: 100%)
file165.22.209.134
Empire Downloader botnet C2 server (confidence level: 100%)
file152.42.156.19
Empire Downloader botnet C2 server (confidence level: 100%)
file89.58.40.80
Empire Downloader botnet C2 server (confidence level: 100%)
file80.15.141.250
Empire Downloader botnet C2 server (confidence level: 100%)
file47.96.125.204
Unknown malware botnet C2 server (confidence level: 100%)
file173.234.30.74
Xtreme RAT botnet C2 server (confidence level: 100%)
file223.247.220.26
Xtreme RAT botnet C2 server (confidence level: 100%)
file92.205.165.168
Xtreme RAT botnet C2 server (confidence level: 100%)
file3.74.27.83
Quasar RAT botnet C2 server (confidence level: 100%)
file147.185.221.29
XWorm botnet C2 server (confidence level: 100%)
file193.37.69.44
Meterpreter botnet C2 server (confidence level: 75%)

Hash

ValueDescriptionCopy
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Ghost RAT botnet C2 server (confidence level: 100%)
hash5000
AsyncRAT botnet C2 server (confidence level: 100%)
hash8888
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash18572
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash26160
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash23
Bashlite botnet C2 server (confidence level: 100%)
hash80
Bashlite botnet C2 server (confidence level: 100%)
hash41433
AdaptixC2 botnet C2 server (confidence level: 100%)
hash4321
Empire Downloader botnet C2 server (confidence level: 100%)
hash7482d1cece44511ee978f8d418040867
Nitrogen Loader payload (confidence level: 50%)
hash32211
ValleyRAT botnet C2 server (confidence level: 100%)
hash8081
FatalRat botnet C2 server (confidence level: 100%)
hash08759d9ea2712d693891c870bbebbde3
Unknown malware payload (confidence level: 50%)
hash4443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Ghost RAT botnet C2 server (confidence level: 75%)
hash222
AsyncRAT botnet C2 server (confidence level: 100%)
hash1000
Havoc botnet C2 server (confidence level: 100%)
hash45677
Havoc botnet C2 server (confidence level: 100%)
hash1963
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash23642
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash45207
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Empire Downloader botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash2424
Quasar RAT botnet C2 server (confidence level: 100%)
hash32212
ValleyRAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 50%)
hash2233
Cobalt Strike botnet C2 server (confidence level: 50%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash6001
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash8157
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash80
Unknown malware botnet C2 server (confidence level: 50%)
hash444
AsyncRAT botnet C2 server (confidence level: 50%)
hash5938
DarkComet botnet C2 server (confidence level: 50%)
hash80
Ghost RAT botnet C2 server (confidence level: 50%)
hash20001
Unknown malware botnet C2 server (confidence level: 50%)
hash6000
XWorm botnet C2 server (confidence level: 100%)
hash1750
STRRAT botnet C2 server (confidence level: 100%)
hash59981
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2222
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash7207
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash20001
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
Broomstick botnet C2 server (confidence level: 75%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash90
ValleyRAT botnet C2 server (confidence level: 100%)
hash6628
ValleyRAT botnet C2 server (confidence level: 100%)
hash34904
NjRAT botnet C2 server (confidence level: 100%)
hash53895
Quasar RAT botnet C2 server (confidence level: 100%)
hash443
pupy botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash1912
RedLine Stealer botnet C2 server (confidence level: 100%)
hash80
Stealc botnet C2 server (confidence level: 100%)
hash443
FAKEUPDATES botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 75%)
hash16465
Remcos botnet C2 server (confidence level: 75%)
hash1111
Quasar RAT botnet C2 server (confidence level: 75%)
hash443
FAKEUPDATES botnet C2 server (confidence level: 100%)
hash15761
NjRAT botnet C2 server (confidence level: 100%)
hash15761
NjRAT botnet C2 server (confidence level: 100%)
hash15761
NjRAT botnet C2 server (confidence level: 100%)
hash15761
NjRAT botnet C2 server (confidence level: 100%)
hash60301
XWorm botnet C2 server (confidence level: 100%)
hash9999
Nanocore RAT botnet C2 server (confidence level: 100%)
hash7000
XWorm botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5946
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash8808
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash443
Remcos botnet C2 server (confidence level: 100%)
hash21
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash65535
Sliver botnet C2 server (confidence level: 100%)
hash35672
Aurotun Stealer botnet C2 server (confidence level: 100%)
hash9397
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash2762
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash50580
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash1303
Rhadamanthys botnet C2 server (confidence level: 100%)
hash49002
N-W0rm botnet C2 server (confidence level: 100%)
hash1177
XWorm botnet C2 server (confidence level: 100%)
hash9373
Remcos botnet C2 server (confidence level: 100%)
hash57480
Quasar RAT botnet C2 server (confidence level: 100%)
hash55500
Quasar RAT botnet C2 server (confidence level: 100%)
hash6666
ValleyRAT botnet C2 server (confidence level: 100%)
hash8888
ValleyRAT botnet C2 server (confidence level: 100%)
hash443
ValleyRAT botnet C2 server (confidence level: 100%)
hash801
ValleyRAT botnet C2 server (confidence level: 100%)
hash443
ValleyRAT botnet C2 server (confidence level: 100%)
hash5456
BitRAT botnet C2 server (confidence level: 100%)
hash12543
Unknown malware botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash2761
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash15
BlackShades botnet C2 server (confidence level: 50%)
hash16010
AdaptixC2 botnet C2 server (confidence level: 50%)
hash21379
Unknown malware botnet C2 server (confidence level: 50%)
hash5010
XWorm botnet C2 server (confidence level: 100%)
hash21790
XWorm botnet C2 server (confidence level: 50%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5000
Remcos botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash8080
AsyncRAT botnet C2 server (confidence level: 100%)
hash2000
AsyncRAT botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash80
DCRat botnet C2 server (confidence level: 100%)
hash80
DCRat botnet C2 server (confidence level: 100%)
hash80
DCRat botnet C2 server (confidence level: 100%)
hash443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash32103
QakBot botnet C2 server (confidence level: 75%)
hash7000
Havoc botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash995
QakBot botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash80
Broomstick botnet C2 server (confidence level: 75%)
hash8080
DeimosC2 botnet C2 server (confidence level: 75%)
hash4173
Empire Downloader botnet C2 server (confidence level: 100%)
hash4173
Empire Downloader botnet C2 server (confidence level: 100%)
hash1337
Empire Downloader botnet C2 server (confidence level: 100%)
hash4173
Empire Downloader botnet C2 server (confidence level: 100%)
hash443
Empire Downloader botnet C2 server (confidence level: 100%)
hash443
Empire Downloader botnet C2 server (confidence level: 100%)
hash1337
Empire Downloader botnet C2 server (confidence level: 100%)
hash9993
Empire Downloader botnet C2 server (confidence level: 100%)
hash40945
Unknown malware botnet C2 server (confidence level: 100%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 100%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 100%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 100%)
hash19275
Quasar RAT botnet C2 server (confidence level: 100%)
hash32655
XWorm botnet C2 server (confidence level: 100%)
hash443
Meterpreter botnet C2 server (confidence level: 75%)

Url

ValueDescriptionCopy
urlhttp://89.35.130.147:58819/983a7643.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://a0747299.xsph.ru/_defaultwindows.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://b1.a.exifit.ir/
Vidar botnet C2 (confidence level: 100%)
urlhttps://116.202.182.34/
Vidar botnet C2 (confidence level: 100%)
urlhttps://parcel-tracks.live/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://a1055919.xsph.ru/84c32770.php
DCRat botnet C2 (confidence level: 50%)
urlhttp://inventscience.st:443/hsiy
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://inventscience.st:443/jcoa
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://a1144817.xsph.ru/1e3e1c5f.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://lbkequityexchange.com/eqtrn.exe
AsyncRAT payload delivery URL (confidence level: 100%)
urlhttp://a1144925.xsph.ru/945a7ca3.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://elopmgg.top/irwq
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://45.156.87.219
Stealc botnet C2 (confidence level: 100%)
urlhttp://45.156.87.219/7ab1be8d3f144ac7.php
Stealc botnet C2 (confidence level: 100%)
urlhttps://stable.lanpdt.info/viewdashboard
FAKEUPDATES botnet C2 (confidence level: 100%)
urlhttp://92.42.99.73/videolowserversqlprivateuploads.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://elta-couriiirr.top/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://animals713.temp.swtest.ru/longpollbigloaddefault.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://pastebin.com/raw/m9sq3rbn
XWorm botnet C2 (confidence level: 50%)
urlhttps://91.99.201.76
Vidar botnet C2 (confidence level: 75%)
urlhttps://17.5.exifit.ir
Vidar botnet C2 (confidence level: 75%)

Threat ID: 686c61ae6f40f0eb72ee1c5e

Added to database: 7/8/2025, 12:09:18 AM

Last enriched: 7/8/2025, 12:24:46 AM

Last updated: 7/8/2025, 11:54:18 PM

Views: 8

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats