Skip to main content

ThreatFox IOCs for 2025-08-01

Medium
Published: Fri Aug 01 2025 (08/01/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-08-01

AI-Powered Analysis

AILast updated: 08/02/2025, 00:32:44 UTC

Technical Analysis

The provided information pertains to a security threat categorized as malware, specifically related to OSINT (Open Source Intelligence) and payload delivery with associated network activity. The threat is sourced from the ThreatFox MISP Feed and is dated August 1, 2025. However, the details are minimal, with no specific affected software versions or products listed, no known exploits in the wild, and no patch availability. The threat is tagged as 'medium' severity and includes categories such as OSINT, payload delivery, and network activity, suggesting it involves the distribution or delivery of malicious payloads potentially identified through open-source intelligence methods. The technical details indicate a low to moderate threat level (threatLevel: 2) with some analysis and distribution activity noted. No specific indicators of compromise (IOCs) are provided, limiting the ability to identify or detect the threat directly. The absence of CWE identifiers and patch information further restricts detailed technical understanding. Overall, this appears to be a general notification of malware-related activity with an emphasis on OSINT and network-based payload delivery, but lacking concrete technical specifics or actionable intelligence.

Potential Impact

For European organizations, the impact of this threat is currently ambiguous due to the lack of detailed information. Given the medium severity and the involvement of payload delivery and network activity, there is potential for disruption through malware infections that could compromise confidentiality, integrity, or availability of systems. However, without specific affected products or known exploits, the immediate risk appears limited. Organizations relying on OSINT tools or monitoring network traffic for payload delivery mechanisms should be vigilant. The threat could lead to data breaches, unauthorized access, or service interruptions if exploited, but the absence of known exploits and patches suggests it is not actively leveraged in attacks at this time. European entities with critical infrastructure or sensitive data may face increased risk if the threat evolves or if threat actors begin exploiting the identified malware vectors.

Mitigation Recommendations

Given the limited specifics, European organizations should focus on enhancing network monitoring and threat intelligence capabilities to detect unusual payload delivery or network activity patterns. Implementing advanced endpoint detection and response (EDR) solutions that can identify suspicious OSINT-related malware behaviors is advisable. Regularly updating and hardening network defenses, including firewalls and intrusion detection/prevention systems (IDS/IPS), can help mitigate potential exploitation. Organizations should also maintain robust incident response plans tailored to malware infections and ensure staff are trained to recognize phishing or social engineering attempts that could facilitate payload delivery. Collaboration with threat intelligence sharing platforms, including MISP feeds like ThreatFox, will improve situational awareness. Finally, conducting regular security audits and penetration testing focused on network and payload delivery vectors will help identify and remediate vulnerabilities proactively.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
1fc01658-b802-4fbe-9e69-0e578f3bc762
Original Timestamp
1754092985

Indicators of Compromise

Domain

ValueDescriptionCopy
domainsecurity.florerguaerd.com
Unknown malware payload delivery domain (confidence level: 100%)
domainmonchiels.com
Unknown malware payload delivery domain (confidence level: 100%)
domainec2-56-228-12-2.eu-north-1.compute.amazonaws.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainflexreplicahafailoverserver638889507287292352-r32.postgres.database.azure.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainflexreplicahafailoverserver638889507287292352-r32.rs-8fd10fa7e4b4.postgres.database.azure.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainhexa.dnsframe.com
XWorm botnet C2 domain (confidence level: 100%)
domainlate-researcher.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainfacilities-arizona.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaindemo.softlinko.com
Vidar botnet C2 domain (confidence level: 75%)
domainsay-domains.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainmbadaego1.ddnsgeek.com
Remcos botnet C2 domain (confidence level: 100%)
domainserver44.mentality.cloud
Remcos botnet C2 domain (confidence level: 100%)
domainhimself-checks-blood-receptors.trycloudflare.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainclients.lamusicana.com
FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainboth-windsor.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainschool-everyday.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainshould-medications.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainfriendly-mobile.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domainheer-21960.portmap.host
Quasar RAT botnet C2 domain (confidence level: 100%)
domainecko12.ddns.net
CyberGate botnet C2 domain (confidence level: 100%)
domaincgnnzayodgrdwaez5asqw562abwp74tino45k2aeg2wgz6ohuah5rqid.onion
BitRAT botnet C2 domain (confidence level: 100%)
domainstat.softlinko.com
Vidar botnet C2 domain (confidence level: 75%)

File

ValueDescriptionCopy
file172.86.123.55
BeaverTail botnet C2 server (confidence level: 75%)
file172.86.113.18
BeaverTail botnet C2 server (confidence level: 75%)
file45.61.150.67
BeaverTail botnet C2 server (confidence level: 75%)
file147.124.213.19
BeaverTail botnet C2 server (confidence level: 75%)
file67.203.7.205
BeaverTail botnet C2 server (confidence level: 75%)
file47.109.83.84
Cobalt Strike botnet C2 server (confidence level: 100%)
file140.143.194.26
Cobalt Strike botnet C2 server (confidence level: 100%)
file95.111.251.4
Cobalt Strike botnet C2 server (confidence level: 100%)
file51.68.244.175
Remcos botnet C2 server (confidence level: 100%)
file172.94.18.114
Remcos botnet C2 server (confidence level: 100%)
file85.9.205.40
Sliver botnet C2 server (confidence level: 100%)
file124.221.221.58
Unknown malware botnet C2 server (confidence level: 100%)
file102.135.95.11
Hook botnet C2 server (confidence level: 100%)
file181.162.151.148
Quasar RAT botnet C2 server (confidence level: 100%)
file187.212.217.91
Quasar RAT botnet C2 server (confidence level: 100%)
file187.212.217.91
Quasar RAT botnet C2 server (confidence level: 100%)
file187.212.217.91
Quasar RAT botnet C2 server (confidence level: 100%)
file187.212.217.91
Quasar RAT botnet C2 server (confidence level: 100%)
file187.212.217.91
Quasar RAT botnet C2 server (confidence level: 100%)
file187.212.217.91
Quasar RAT botnet C2 server (confidence level: 100%)
file187.212.217.91
Quasar RAT botnet C2 server (confidence level: 100%)
file16.171.254.61
Havoc botnet C2 server (confidence level: 100%)
file202.71.14.166
Havoc botnet C2 server (confidence level: 100%)
file155.254.24.176
Venom RAT botnet C2 server (confidence level: 100%)
file13.247.60.219
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file37.114.50.159
Bashlite botnet C2 server (confidence level: 100%)
file60.204.173.16
Xtreme RAT botnet C2 server (confidence level: 100%)
file121.127.34.130
FAKEUPDATES botnet C2 server (confidence level: 100%)
file178.255.148.204
XWorm botnet C2 server (confidence level: 100%)
file178.255.148.247
XWorm botnet C2 server (confidence level: 100%)
file91.229.79.227
Cobalt Strike botnet C2 server (confidence level: 100%)
file182.16.33.133
Ghost RAT botnet C2 server (confidence level: 75%)
file123.163.206.136
Sliver botnet C2 server (confidence level: 90%)
file2.58.56.225
Remcos botnet C2 server (confidence level: 100%)
file164.68.120.30
AsyncRAT botnet C2 server (confidence level: 100%)
file172.111.244.101
Remcos botnet C2 server (confidence level: 100%)
file45.55.67.75
Unknown malware botnet C2 server (confidence level: 100%)
file93.127.142.157
Hook botnet C2 server (confidence level: 100%)
file35.229.70.136
Quasar RAT botnet C2 server (confidence level: 100%)
file143.198.91.116
Havoc botnet C2 server (confidence level: 100%)
file176.100.37.214
Orcus RAT botnet C2 server (confidence level: 100%)
file159.223.95.109
Unknown malware botnet C2 server (confidence level: 100%)
file107.189.16.163
Lumma Stealer botnet C2 server (confidence level: 100%)
file13.247.60.219
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file122.10.116.19
Kaiji botnet C2 server (confidence level: 100%)
file38.60.171.125
RedLine Stealer botnet C2 server (confidence level: 100%)
file103.207.69.218
Unknown malware botnet C2 server (confidence level: 100%)
file162.213.249.133
Unknown malware botnet C2 server (confidence level: 100%)
file51.250.2.166
Unknown malware botnet C2 server (confidence level: 100%)
file43.131.39.38
Unknown malware botnet C2 server (confidence level: 100%)
file51.255.169.65
Unknown malware botnet C2 server (confidence level: 100%)
file82.165.69.145
Unknown malware botnet C2 server (confidence level: 100%)
file209.38.122.29
Unknown malware botnet C2 server (confidence level: 100%)
file47.108.29.234
Unknown malware botnet C2 server (confidence level: 100%)
file134.209.229.104
Unknown malware botnet C2 server (confidence level: 100%)
file160.250.64.236
Unknown malware botnet C2 server (confidence level: 100%)
file159.69.44.2
Unknown malware botnet C2 server (confidence level: 100%)
file4.213.61.219
Unknown malware botnet C2 server (confidence level: 100%)
file172.232.169.139
Unknown malware botnet C2 server (confidence level: 100%)
file3.138.112.72
Unknown malware botnet C2 server (confidence level: 100%)
file34.80.96.208
Unknown malware botnet C2 server (confidence level: 100%)
file110.41.167.168
Unknown malware botnet C2 server (confidence level: 100%)
file51.250.99.159
Unknown malware botnet C2 server (confidence level: 100%)
file129.153.185.218
Xtreme RAT botnet C2 server (confidence level: 100%)
file106.12.174.164
Sliver botnet C2 server (confidence level: 50%)
file206.189.95.226
Sliver botnet C2 server (confidence level: 50%)
file82.77.149.124
Sliver botnet C2 server (confidence level: 50%)
file192.159.99.71
Sliver botnet C2 server (confidence level: 50%)
file220.124.105.50
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file145.223.69.212
Crimson RAT botnet C2 server (confidence level: 50%)
file147.185.221.18
DCRat botnet C2 server (confidence level: 50%)
file147.185.221.18
DCRat botnet C2 server (confidence level: 50%)
file8.138.205.177
Cobalt Strike botnet C2 server (confidence level: 100%)
file42.113.217.220
Cobalt Strike botnet C2 server (confidence level: 100%)
file178.73.218.11
Vjw0rm botnet C2 server (confidence level: 100%)
file101.201.75.136
Cobalt Strike botnet C2 server (confidence level: 100%)
file37.221.66.178
Cobalt Strike botnet C2 server (confidence level: 100%)
file91.229.76.72
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.86.44.49
Ghost RAT botnet C2 server (confidence level: 100%)
file164.68.120.30
AsyncRAT botnet C2 server (confidence level: 100%)
file31.57.63.237
Havoc botnet C2 server (confidence level: 100%)
file54.198.55.119
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file93.198.181.242
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file13.250.126.10
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file57.182.176.173
Brute Ratel C4 botnet C2 server (confidence level: 100%)
file91.241.93.244
Unknown malware botnet C2 server (confidence level: 100%)
file154.44.28.33
Chaos botnet C2 server (confidence level: 100%)
file144.172.122.100
AdaptixC2 botnet C2 server (confidence level: 100%)
file18.143.195.26
BianLian botnet C2 server (confidence level: 100%)
file23.94.206.25
STRRAT botnet C2 server (confidence level: 100%)
file45.83.31.159
Remcos botnet C2 server (confidence level: 75%)
file154.94.232.243
ValleyRAT botnet C2 server (confidence level: 100%)
file154.94.232.243
ValleyRAT botnet C2 server (confidence level: 100%)
file142.171.168.59
XWorm botnet C2 server (confidence level: 100%)
file45.156.87.212
PureLogs Stealer botnet C2 server (confidence level: 100%)
file54.244.234.231
DeimosC2 botnet C2 server (confidence level: 75%)
file13.220.153.209
Havoc botnet C2 server (confidence level: 75%)
file69.62.65.188
Havoc botnet C2 server (confidence level: 75%)
file80.66.75.12
Tofsee botnet C2 server (confidence level: 100%)
file120.46.72.74
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.99.94.41
Cobalt Strike botnet C2 server (confidence level: 100%)
file147.185.221.24
XWorm botnet C2 server (confidence level: 100%)
file13.60.49.63
Sliver botnet C2 server (confidence level: 100%)
file196.191.244.137
Sliver botnet C2 server (confidence level: 100%)
file146.190.161.203
Unknown malware botnet C2 server (confidence level: 100%)
file16.78.2.231
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file35.189.104.224
MooBot botnet C2 server (confidence level: 100%)
file41.103.158.248
NjRAT botnet C2 server (confidence level: 100%)
file196.251.87.111
Cobalt Strike botnet C2 server (confidence level: 75%)
file89.117.67.50
FAKEUPDATES botnet C2 server (confidence level: 100%)
file146.56.225.103
Cobalt Strike botnet C2 server (confidence level: 50%)
file47.107.249.31
Cobalt Strike botnet C2 server (confidence level: 50%)
file1.15.246.91
Cobalt Strike botnet C2 server (confidence level: 50%)
file137.131.24.201
Cobalt Strike botnet C2 server (confidence level: 50%)
file138.68.157.189
Cobalt Strike botnet C2 server (confidence level: 50%)
file50.118.221.133
Sliver botnet C2 server (confidence level: 50%)
file182.182.158.86
Sliver botnet C2 server (confidence level: 50%)
file188.166.69.208
Sliver botnet C2 server (confidence level: 50%)
file51.112.44.190
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file103.17.172.198
Remcos botnet C2 server (confidence level: 50%)
file5.10.250.239
SectopRAT botnet C2 server (confidence level: 50%)
file196.251.85.56
Havoc botnet C2 server (confidence level: 50%)
file139.99.17.177
XWorm botnet C2 server (confidence level: 100%)
file120.46.72.74
Cobalt Strike botnet C2 server (confidence level: 100%)
file117.72.218.179
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.204.213.69
Ghost RAT botnet C2 server (confidence level: 100%)
file43.251.116.18
Ghost RAT botnet C2 server (confidence level: 100%)
file45.80.158.122
AsyncRAT botnet C2 server (confidence level: 100%)
file18.220.79.189
Unknown malware botnet C2 server (confidence level: 100%)
file4.210.171.193
Unknown malware botnet C2 server (confidence level: 100%)
file188.124.51.141
Unknown malware botnet C2 server (confidence level: 100%)
file43.203.255.221
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file194.5.99.243
Remcos botnet C2 server (confidence level: 100%)
file68.161.181.241
Quasar RAT botnet C2 server (confidence level: 100%)
file194.102.104.47
Quasar RAT botnet C2 server (confidence level: 100%)
file45.192.217.12
ValleyRAT botnet C2 server (confidence level: 100%)
file178.255.148.229
XWorm botnet C2 server (confidence level: 100%)
file147.185.221.29
XWorm botnet C2 server (confidence level: 100%)
file182.16.33.131
Ghost RAT botnet C2 server (confidence level: 100%)
file182.16.33.134
Ghost RAT botnet C2 server (confidence level: 100%)
file166.0.132.184
Sliver botnet C2 server (confidence level: 100%)
file109.172.91.231
Sliver botnet C2 server (confidence level: 100%)
file209.74.77.201
Sliver botnet C2 server (confidence level: 100%)
file50.116.17.55
Sliver botnet C2 server (confidence level: 100%)
file89.197.168.150
Unknown malware botnet C2 server (confidence level: 100%)
file194.87.82.8
Unknown malware botnet C2 server (confidence level: 100%)
file46.246.86.3
DCRat botnet C2 server (confidence level: 100%)
file15.168.61.27
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file45.192.209.86
Kaiji botnet C2 server (confidence level: 100%)
file103.238.235.123
MooBot botnet C2 server (confidence level: 100%)
file20.47.89.205
Xtreme RAT botnet C2 server (confidence level: 100%)
file147.185.221.30
XWorm botnet C2 server (confidence level: 100%)
file182.30.8.113
DeimosC2 botnet C2 server (confidence level: 75%)
file194.87.239.112
DeimosC2 botnet C2 server (confidence level: 75%)
file52.48.172.163
DeimosC2 botnet C2 server (confidence level: 75%)
file67.71.45.64
QakBot botnet C2 server (confidence level: 75%)
file193.161.193.99
XWorm botnet C2 server (confidence level: 100%)
file176.210.69.195
XWorm botnet C2 server (confidence level: 100%)
file192.121.102.225
XWorm botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash1244
BeaverTail botnet C2 server (confidence level: 75%)
hash1224
BeaverTail botnet C2 server (confidence level: 75%)
hash1224
BeaverTail botnet C2 server (confidence level: 75%)
hash1244
BeaverTail botnet C2 server (confidence level: 75%)
hash1244
BeaverTail botnet C2 server (confidence level: 75%)
hash18180
Cobalt Strike botnet C2 server (confidence level: 100%)
hash3389
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash8080
Quasar RAT botnet C2 server (confidence level: 100%)
hash3390
Quasar RAT botnet C2 server (confidence level: 100%)
hash1961
Quasar RAT botnet C2 server (confidence level: 100%)
hash3310
Quasar RAT botnet C2 server (confidence level: 100%)
hash587
Quasar RAT botnet C2 server (confidence level: 100%)
hash1244
Quasar RAT botnet C2 server (confidence level: 100%)
hash631
Quasar RAT botnet C2 server (confidence level: 100%)
hash503
Quasar RAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash6002
Venom RAT botnet C2 server (confidence level: 100%)
hash25565
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
Bashlite botnet C2 server (confidence level: 100%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 100%)
hash443
FAKEUPDATES botnet C2 server (confidence level: 100%)
hash66
XWorm botnet C2 server (confidence level: 100%)
hash66
XWorm botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2100
Ghost RAT botnet C2 server (confidence level: 75%)
hash40000
Sliver botnet C2 server (confidence level: 90%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash222
AsyncRAT botnet C2 server (confidence level: 100%)
hash37830
Remcos botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash143
Quasar RAT botnet C2 server (confidence level: 100%)
hash8080
Havoc botnet C2 server (confidence level: 100%)
hash8000
Orcus RAT botnet C2 server (confidence level: 100%)
hash5000
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Lumma Stealer botnet C2 server (confidence level: 100%)
hash55615
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash808
Kaiji botnet C2 server (confidence level: 100%)
hash80
RedLine Stealer botnet C2 server (confidence level: 100%)
hash1004
Unknown malware botnet C2 server (confidence level: 100%)
hash4000
Unknown malware botnet C2 server (confidence level: 100%)
hash4443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash7788
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 100%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash6001
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash2012
Crimson RAT botnet C2 server (confidence level: 50%)
hash51207
DCRat botnet C2 server (confidence level: 50%)
hash6969
DCRat botnet C2 server (confidence level: 50%)
hash8000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash7044
Vjw0rm botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash3306
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9090
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Ghost RAT botnet C2 server (confidence level: 100%)
hash8888
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash47587
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash81
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8013
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
Brute Ratel C4 botnet C2 server (confidence level: 100%)
hash4000
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Chaos botnet C2 server (confidence level: 100%)
hash8443
AdaptixC2 botnet C2 server (confidence level: 100%)
hash443
BianLian botnet C2 server (confidence level: 100%)
hash3608
STRRAT botnet C2 server (confidence level: 100%)
hash9322
Remcos botnet C2 server (confidence level: 75%)
hash866
ValleyRAT botnet C2 server (confidence level: 100%)
hash668
ValleyRAT botnet C2 server (confidence level: 100%)
hash4441
XWorm botnet C2 server (confidence level: 100%)
hash7705
PureLogs Stealer botnet C2 server (confidence level: 100%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
Havoc botnet C2 server (confidence level: 75%)
hash443
Havoc botnet C2 server (confidence level: 75%)
hash483
Tofsee botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash27521
XWorm botnet C2 server (confidence level: 100%)
hash80
Sliver botnet C2 server (confidence level: 100%)
hash80
Sliver botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash2086
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash999
NjRAT botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
FAKEUPDATES botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50000
Cobalt Strike botnet C2 server (confidence level: 50%)
hash4848
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash32764
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash14344
Remcos botnet C2 server (confidence level: 50%)
hash9000
SectopRAT botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash56001
XWorm botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash803
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Ghost RAT botnet C2 server (confidence level: 100%)
hash80
Ghost RAT botnet C2 server (confidence level: 100%)
hash7077
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash15443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash7204
Remcos botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash8880
ValleyRAT botnet C2 server (confidence level: 100%)
hash66
XWorm botnet C2 server (confidence level: 100%)
hash40748
XWorm botnet C2 server (confidence level: 100%)
hash2100
Ghost RAT botnet C2 server (confidence level: 100%)
hash2100
Ghost RAT botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash8089
Sliver botnet C2 server (confidence level: 100%)
hash8443
Sliver botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash2003
DCRat botnet C2 server (confidence level: 100%)
hash1311
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8888
Kaiji botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 100%)
hash47053
XWorm botnet C2 server (confidence level: 100%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash2222
QakBot botnet C2 server (confidence level: 75%)
hash29763
XWorm botnet C2 server (confidence level: 100%)
hash7777
XWorm botnet C2 server (confidence level: 100%)
hash66
XWorm botnet C2 server (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttp://cq68815.tw1.ru/70807812.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://0367384.netsolhost.com/6n0j.exe
Pony payload delivery URL (confidence level: 50%)
urlhttp://mlcimaging.com/1ckjvug.exe
Pony payload delivery URL (confidence level: 50%)
urlhttp://directgrid.biz/forum/viewtopic.php
Pony botnet C2 (confidence level: 50%)
urlhttp://directgrid.info/forum/viewtopic.php
Pony botnet C2 (confidence level: 50%)
urlhttp://directgrid.net/forum/viewtopic.php
Pony botnet C2 (confidence level: 50%)
urlhttp://cv16139.tw1.ru/f1819877.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://113.44.139.80:443/cmbk
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttps://demo.softlinko.com
Vidar botnet C2 (confidence level: 75%)
urlhttps://zxczxczxczxc.twist2katz.com/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://stealer.cy/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://bardbig.my/tuwo/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://healthyjouprney.tech/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://atten-supporse.biz/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://clients.lamusicana.com/viewdashboard
FAKEUPDATES botnet C2 (confidence level: 100%)
urlhttp://93.127.142.157/
Hook botnet C2 (confidence level: 50%)
urlhttps://witasametry.live/b9kdj3s3c0/login.php
Amadey botnet C2 (confidence level: 50%)
urlhttps://server7.cdneurops.buzz/
Glupteba botnet C2 (confidence level: 50%)
urlhttps://server5.cdneurop.cloud/
Glupteba botnet C2 (confidence level: 50%)
urlhttp://a0992716.xsph.ru/l1nc0in.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://stat.softlinko.com
Vidar botnet C2 (confidence level: 75%)
urlhttp://192.168.33.134:7777/ymub
Cobalt Strike botnet C2 (confidence level: 75%)

Threat ID: 688d591dad5a09ad00cffdde

Added to database: 8/2/2025, 12:17:33 AM

Last enriched: 8/2/2025, 12:32:44 AM

Last updated: 8/2/2025, 12:02:33 PM

Views: 5

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats