ThreatFox IOCs for 2025-08-01
Severity: mediumType: malware
ThreatFox IOCs for 2025-08-01
AI Analysis
Technical Summary
The provided information pertains to a security threat categorized as malware, specifically related to OSINT (Open Source Intelligence) and payload delivery with associated network activity. The threat is sourced from the ThreatFox MISP Feed and is dated August 1, 2025. However, the details are minimal, with no specific affected software versions or products listed, no known exploits in the wild, and no patch availability. The threat is tagged as 'medium' severity and includes categories such as OSINT, payload delivery, and network activity, suggesting it involves the distribution or delivery of malicious payloads potentially identified through open-source intelligence methods. The technical details indicate a low to moderate threat level (threatLevel: 2) with some analysis and distribution activity noted. No specific indicators of compromise (IOCs) are provided, limiting the ability to identify or detect the threat directly. The absence of CWE identifiers and patch information further restricts detailed technical understanding. Overall, this appears to be a general notification of malware-related activity with an emphasis on OSINT and network-based payload delivery, but lacking concrete technical specifics or actionable intelligence.
Potential Impact
For European organizations, the impact of this threat is currently ambiguous due to the lack of detailed information. Given the medium severity and the involvement of payload delivery and network activity, there is potential for disruption through malware infections that could compromise confidentiality, integrity, or availability of systems. However, without specific affected products or known exploits, the immediate risk appears limited. Organizations relying on OSINT tools or monitoring network traffic for payload delivery mechanisms should be vigilant. The threat could lead to data breaches, unauthorized access, or service interruptions if exploited, but the absence of known exploits and patches suggests it is not actively leveraged in attacks at this time. European entities with critical infrastructure or sensitive data may face increased risk if the threat evolves or if threat actors begin exploiting the identified malware vectors.
Mitigation Recommendations
Given the limited specifics, European organizations should focus on enhancing network monitoring and threat intelligence capabilities to detect unusual payload delivery or network activity patterns. Implementing advanced endpoint detection and response (EDR) solutions that can identify suspicious OSINT-related malware behaviors is advisable. Regularly updating and hardening network defenses, including firewalls and intrusion detection/prevention systems (IDS/IPS), can help mitigate potential exploitation. Organizations should also maintain robust incident response plans tailored to malware infections and ensure staff are trained to recognize phishing or social engineering attempts that could facilitate payload delivery. Collaboration with threat intelligence sharing platforms, including MISP feeds like ThreatFox, will improve situational awareness. Finally, conducting regular security audits and penetration testing focused on network and payload delivery vectors will help identify and remediate vulnerabilities proactively.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- domain: security.florerguaerd.com
- domain: monchiels.com
- file: 172.86.123.55
- hash: 1244
- file: 172.86.113.18
- hash: 1224
- file: 45.61.150.67
- hash: 1224
- file: 147.124.213.19
- hash: 1244
- file: 67.203.7.205
- hash: 1244
- file: 47.109.83.84
- hash: 18180
- file: 140.143.194.26
- hash: 3389
- file: 95.111.251.4
- hash: 80
- file: 51.68.244.175
- hash: 2404
- file: 172.94.18.114
- hash: 2404
- file: 85.9.205.40
- hash: 443
- file: 124.221.221.58
- hash: 8888
- file: 102.135.95.11
- hash: 8089
- file: 181.162.151.148
- hash: 8080
- file: 187.212.217.91
- hash: 3390
- file: 187.212.217.91
- hash: 1961
- file: 187.212.217.91
- hash: 3310
- file: 187.212.217.91
- hash: 587
- file: 187.212.217.91
- hash: 1244
- file: 187.212.217.91
- hash: 631
- file: 187.212.217.91
- hash: 503
- file: 16.171.254.61
- hash: 443
- file: 202.71.14.166
- hash: 443
- file: 155.254.24.176
- hash: 6002
- file: 13.247.60.219
- hash: 25565
- file: 37.114.50.159
- hash: 80
- file: 60.204.173.16
- hash: 10001
- file: 121.127.34.130
- hash: 443
- url: http://cq68815.tw1.ru/70807812.php
- file: 178.255.148.204
- hash: 66
- file: 178.255.148.247
- hash: 66
- file: 91.229.79.227
- hash: 8080
- file: 182.16.33.133
- hash: 2100
- file: 123.163.206.136
- hash: 40000
- file: 2.58.56.225
- hash: 2404
- file: 164.68.120.30
- hash: 222
- file: 172.111.244.101
- hash: 37830
- domain: ec2-56-228-12-2.eu-north-1.compute.amazonaws.com
- domain: flexreplicahafailoverserver638889507287292352-r32.postgres.database.azure.com
- domain: flexreplicahafailoverserver638889507287292352-r32.rs-8fd10fa7e4b4.postgres.database.azure.com
- file: 45.55.67.75
- hash: 7443
- file: 93.127.142.157
- hash: 80
- file: 35.229.70.136
- hash: 143
- file: 143.198.91.116
- hash: 8080
- file: 176.100.37.214
- hash: 8000
- file: 159.223.95.109
- hash: 5000
- file: 107.189.16.163
- hash: 443
- file: 13.247.60.219
- hash: 55615
- file: 122.10.116.19
- hash: 808
- file: 38.60.171.125
- hash: 80
- file: 103.207.69.218
- hash: 1004
- file: 162.213.249.133
- hash: 4000
- file: 51.250.2.166
- hash: 4443
- file: 43.131.39.38
- hash: 3333
- file: 51.255.169.65
- hash: 3333
- file: 82.165.69.145
- hash: 3333
- file: 209.38.122.29
- hash: 3333
- file: 47.108.29.234
- hash: 3333
- file: 134.209.229.104
- hash: 443
- file: 160.250.64.236
- hash: 3333
- file: 159.69.44.2
- hash: 7788
- file: 4.213.61.219
- hash: 443
- file: 172.232.169.139
- hash: 443
- file: 3.138.112.72
- hash: 8080
- file: 34.80.96.208
- hash: 3333
- file: 110.41.167.168
- hash: 3333
- file: 51.250.99.159
- hash: 3333
- file: 129.153.185.218
- hash: 10001
- file: 106.12.174.164
- hash: 31337
- file: 206.189.95.226
- hash: 31337
- file: 82.77.149.124
- hash: 31337
- file: 192.159.99.71
- hash: 31337
- file: 220.124.105.50
- hash: 6001
- file: 145.223.69.212
- hash: 2012
- file: 147.185.221.18
- hash: 51207
- file: 147.185.221.18
- hash: 6969
- url: http://0367384.netsolhost.com/6n0j.exe
- url: http://mlcimaging.com/1ckjvug.exe
- url: http://directgrid.biz/forum/viewtopic.php
- url: http://directgrid.info/forum/viewtopic.php
- url: http://directgrid.net/forum/viewtopic.php
- domain: hexa.dnsframe.com
- domain: late-researcher.gl.at.ply.gg
- domain: facilities-arizona.gl.at.ply.gg
- file: 8.138.205.177
- hash: 8000
- file: 42.113.217.220
- hash: 4444
- file: 178.73.218.11
- hash: 7044
- file: 101.201.75.136
- hash: 80
- file: 37.221.66.178
- hash: 3306
- file: 91.229.76.72
- hash: 9090
- file: 103.86.44.49
- hash: 80
- file: 164.68.120.30
- hash: 8888
- file: 31.57.63.237
- hash: 443
- file: 54.198.55.119
- hash: 47587
- file: 93.198.181.242
- hash: 81
- file: 13.250.126.10
- hash: 8013
- file: 57.182.176.173
- hash: 80
- file: 91.241.93.244
- hash: 4000
- file: 154.44.28.33
- hash: 8080
- file: 144.172.122.100
- hash: 8443
- file: 18.143.195.26
- hash: 443
- file: 23.94.206.25
- hash: 3608
- file: 45.83.31.159
- hash: 9322
- file: 154.94.232.243
- hash: 866
- file: 154.94.232.243
- hash: 668
- file: 142.171.168.59
- hash: 4441
- file: 45.156.87.212
- hash: 7705
- file: 54.244.234.231
- hash: 443
- url: http://cv16139.tw1.ru/f1819877.php
- file: 13.220.153.209
- hash: 443
- file: 69.62.65.188
- hash: 443
- file: 80.66.75.12
- hash: 483
- url: http://113.44.139.80:443/cmbk
- url: https://demo.softlinko.com
- domain: demo.softlinko.com
- url: https://zxczxczxczxc.twist2katz.com/login
- url: https://stealer.cy/login
- file: 120.46.72.74
- hash: 80
- file: 47.99.94.41
- hash: 80
- domain: say-domains.gl.at.ply.gg
- domain: mbadaego1.ddnsgeek.com
- domain: server44.mentality.cloud
- file: 147.185.221.24
- hash: 27521
- file: 13.60.49.63
- hash: 80
- file: 196.191.244.137
- hash: 80
- url: https://bardbig.my/tuwo/api
- url: https://healthyjouprney.tech/api
- url: https://atten-supporse.biz/api
- file: 146.190.161.203
- hash: 7443
- file: 16.78.2.231
- hash: 2086
- file: 35.189.104.224
- hash: 80
- file: 41.103.158.248
- hash: 999
- domain: himself-checks-blood-receptors.trycloudflare.com
- file: 196.251.87.111
- hash: 8888
- domain: clients.lamusicana.com
- url: https://clients.lamusicana.com/viewdashboard
- file: 89.117.67.50
- hash: 443
- file: 146.56.225.103
- hash: 80
- file: 47.107.249.31
- hash: 50000
- file: 1.15.246.91
- hash: 4848
- file: 137.131.24.201
- hash: 8081
- file: 138.68.157.189
- hash: 443
- file: 50.118.221.133
- hash: 31337
- file: 182.182.158.86
- hash: 31337
- file: 188.166.69.208
- hash: 31337
- file: 51.112.44.190
- hash: 32764
- file: 103.17.172.198
- hash: 14344
- file: 5.10.250.239
- hash: 9000
- file: 196.251.85.56
- hash: 443
- url: http://93.127.142.157/
- url: https://witasametry.live/b9kdj3s3c0/login.php
- url: https://server7.cdneurops.buzz/
- url: https://server5.cdneurop.cloud/
- file: 139.99.17.177
- hash: 56001
- url: http://a0992716.xsph.ru/l1nc0in.php
- file: 120.46.72.74
- hash: 8080
- file: 117.72.218.179
- hash: 803
- file: 45.204.213.69
- hash: 80
- file: 43.251.116.18
- hash: 80
- file: 45.80.158.122
- hash: 7077
- file: 18.220.79.189
- hash: 443
- file: 4.210.171.193
- hash: 7443
- file: 188.124.51.141
- hash: 7443
- file: 43.203.255.221
- hash: 15443
- domain: both-windsor.gl.at.ply.gg
- domain: school-everyday.gl.at.ply.gg
- domain: should-medications.gl.at.ply.gg
- file: 194.5.99.243
- hash: 7204
- file: 68.161.181.241
- hash: 4782
- domain: friendly-mobile.gl.at.ply.gg
- file: 194.102.104.47
- hash: 4782
- domain: heer-21960.portmap.host
- domain: ecko12.ddns.net
- domain: cgnnzayodgrdwaez5asqw562abwp74tino45k2aeg2wgz6ohuah5rqid.onion
- url: https://stat.softlinko.com
- domain: stat.softlinko.com
- file: 45.192.217.12
- hash: 8880
- file: 178.255.148.229
- hash: 66
- file: 147.185.221.29
- hash: 40748
- file: 182.16.33.131
- hash: 2100
- file: 182.16.33.134
- hash: 2100
- file: 166.0.132.184
- hash: 443
- file: 109.172.91.231
- hash: 443
- file: 209.74.77.201
- hash: 8089
- file: 50.116.17.55
- hash: 8443
- file: 89.197.168.150
- hash: 7443
- file: 194.87.82.8
- hash: 7443
- file: 46.246.86.3
- hash: 2003
- file: 15.168.61.27
- hash: 1311
- file: 45.192.209.86
- hash: 8888
- file: 103.238.235.123
- hash: 80
- file: 20.47.89.205
- hash: 10001
- file: 147.185.221.30
- hash: 47053
- file: 182.30.8.113
- hash: 443
- file: 194.87.239.112
- hash: 443
- file: 52.48.172.163
- hash: 443
- file: 67.71.45.64
- hash: 2222
- file: 193.161.193.99
- hash: 29763
- file: 176.210.69.195
- hash: 7777
- file: 192.121.102.225
- hash: 66
- url: http://192.168.33.134:7777/ymub
ThreatFox IOCs for 2025-08-01
Medium
Published: Fri Aug 01 2025 (08/01/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-08-01
AI-Powered Analysis
AILast updated: 08/02/2025, 00:32:44 UTC
Technical Analysis
The provided information pertains to a security threat categorized as malware, specifically related to OSINT (Open Source Intelligence) and payload delivery with associated network activity. The threat is sourced from the ThreatFox MISP Feed and is dated August 1, 2025. However, the details are minimal, with no specific affected software versions or products listed, no known exploits in the wild, and no patch availability. The threat is tagged as 'medium' severity and includes categories such as OSINT, payload delivery, and network activity, suggesting it involves the distribution or delivery of malicious payloads potentially identified through open-source intelligence methods. The technical details indicate a low to moderate threat level (threatLevel: 2) with some analysis and distribution activity noted. No specific indicators of compromise (IOCs) are provided, limiting the ability to identify or detect the threat directly. The absence of CWE identifiers and patch information further restricts detailed technical understanding. Overall, this appears to be a general notification of malware-related activity with an emphasis on OSINT and network-based payload delivery, but lacking concrete technical specifics or actionable intelligence.
Potential Impact
For European organizations, the impact of this threat is currently ambiguous due to the lack of detailed information. Given the medium severity and the involvement of payload delivery and network activity, there is potential for disruption through malware infections that could compromise confidentiality, integrity, or availability of systems. However, without specific affected products or known exploits, the immediate risk appears limited. Organizations relying on OSINT tools or monitoring network traffic for payload delivery mechanisms should be vigilant. The threat could lead to data breaches, unauthorized access, or service interruptions if exploited, but the absence of known exploits and patches suggests it is not actively leveraged in attacks at this time. European entities with critical infrastructure or sensitive data may face increased risk if the threat evolves or if threat actors begin exploiting the identified malware vectors.
Mitigation Recommendations
Given the limited specifics, European organizations should focus on enhancing network monitoring and threat intelligence capabilities to detect unusual payload delivery or network activity patterns. Implementing advanced endpoint detection and response (EDR) solutions that can identify suspicious OSINT-related malware behaviors is advisable. Regularly updating and hardening network defenses, including firewalls and intrusion detection/prevention systems (IDS/IPS), can help mitigate potential exploitation. Organizations should also maintain robust incident response plans tailored to malware infections and ensure staff are trained to recognize phishing or social engineering attempts that could facilitate payload delivery. Collaboration with threat intelligence sharing platforms, including MISP feeds like ThreatFox, will improve situational awareness. Finally, conducting regular security audits and penetration testing focused on network and payload delivery vectors will help identify and remediate vulnerabilities proactively.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 1fc01658-b802-4fbe-9e69-0e578f3bc762
- Original Timestamp
- 1754092985
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainsecurity.florerguaerd.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainmonchiels.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainec2-56-228-12-2.eu-north-1.compute.amazonaws.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainflexreplicahafailoverserver638889507287292352-r32.postgres.database.azure.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainflexreplicahafailoverserver638889507287292352-r32.rs-8fd10fa7e4b4.postgres.database.azure.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainhexa.dnsframe.com | XWorm botnet C2 domain (confidence level: 100%) | |
domainlate-researcher.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainfacilities-arizona.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaindemo.softlinko.com | Vidar botnet C2 domain (confidence level: 75%) | |
domainsay-domains.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainmbadaego1.ddnsgeek.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainserver44.mentality.cloud | Remcos botnet C2 domain (confidence level: 100%) | |
domainhimself-checks-blood-receptors.trycloudflare.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainclients.lamusicana.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainboth-windsor.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainschool-everyday.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainshould-medications.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainfriendly-mobile.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainheer-21960.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainecko12.ddns.net | CyberGate botnet C2 domain (confidence level: 100%) | |
domaincgnnzayodgrdwaez5asqw562abwp74tino45k2aeg2wgz6ohuah5rqid.onion | BitRAT botnet C2 domain (confidence level: 100%) | |
domainstat.softlinko.com | Vidar botnet C2 domain (confidence level: 75%) |
File
| Value | Description | Copy |
|---|---|---|
file172.86.123.55 | BeaverTail botnet C2 server (confidence level: 75%) | |
file172.86.113.18 | BeaverTail botnet C2 server (confidence level: 75%) | |
file45.61.150.67 | BeaverTail botnet C2 server (confidence level: 75%) | |
file147.124.213.19 | BeaverTail botnet C2 server (confidence level: 75%) | |
file67.203.7.205 | BeaverTail botnet C2 server (confidence level: 75%) | |
file47.109.83.84 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file140.143.194.26 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file95.111.251.4 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file51.68.244.175 | Remcos botnet C2 server (confidence level: 100%) | |
file172.94.18.114 | Remcos botnet C2 server (confidence level: 100%) | |
file85.9.205.40 | Sliver botnet C2 server (confidence level: 100%) | |
file124.221.221.58 | Unknown malware botnet C2 server (confidence level: 100%) | |
file102.135.95.11 | Hook botnet C2 server (confidence level: 100%) | |
file181.162.151.148 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file187.212.217.91 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file187.212.217.91 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file187.212.217.91 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file187.212.217.91 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file187.212.217.91 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file187.212.217.91 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file187.212.217.91 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file16.171.254.61 | Havoc botnet C2 server (confidence level: 100%) | |
file202.71.14.166 | Havoc botnet C2 server (confidence level: 100%) | |
file155.254.24.176 | Venom RAT botnet C2 server (confidence level: 100%) | |
file13.247.60.219 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file37.114.50.159 | Bashlite botnet C2 server (confidence level: 100%) | |
file60.204.173.16 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file121.127.34.130 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
file178.255.148.204 | XWorm botnet C2 server (confidence level: 100%) | |
file178.255.148.247 | XWorm botnet C2 server (confidence level: 100%) | |
file91.229.79.227 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file182.16.33.133 | Ghost RAT botnet C2 server (confidence level: 75%) | |
file123.163.206.136 | Sliver botnet C2 server (confidence level: 90%) | |
file2.58.56.225 | Remcos botnet C2 server (confidence level: 100%) | |
file164.68.120.30 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file172.111.244.101 | Remcos botnet C2 server (confidence level: 100%) | |
file45.55.67.75 | Unknown malware botnet C2 server (confidence level: 100%) | |
file93.127.142.157 | Hook botnet C2 server (confidence level: 100%) | |
file35.229.70.136 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file143.198.91.116 | Havoc botnet C2 server (confidence level: 100%) | |
file176.100.37.214 | Orcus RAT botnet C2 server (confidence level: 100%) | |
file159.223.95.109 | Unknown malware botnet C2 server (confidence level: 100%) | |
file107.189.16.163 | Lumma Stealer botnet C2 server (confidence level: 100%) | |
file13.247.60.219 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file122.10.116.19 | Kaiji botnet C2 server (confidence level: 100%) | |
file38.60.171.125 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file103.207.69.218 | Unknown malware botnet C2 server (confidence level: 100%) | |
file162.213.249.133 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.250.2.166 | Unknown malware botnet C2 server (confidence level: 100%) | |
file43.131.39.38 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.255.169.65 | Unknown malware botnet C2 server (confidence level: 100%) | |
file82.165.69.145 | Unknown malware botnet C2 server (confidence level: 100%) | |
file209.38.122.29 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.108.29.234 | Unknown malware botnet C2 server (confidence level: 100%) | |
file134.209.229.104 | Unknown malware botnet C2 server (confidence level: 100%) | |
file160.250.64.236 | Unknown malware botnet C2 server (confidence level: 100%) | |
file159.69.44.2 | Unknown malware botnet C2 server (confidence level: 100%) | |
file4.213.61.219 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.232.169.139 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.138.112.72 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.80.96.208 | Unknown malware botnet C2 server (confidence level: 100%) | |
file110.41.167.168 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.250.99.159 | Unknown malware botnet C2 server (confidence level: 100%) | |
file129.153.185.218 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file106.12.174.164 | Sliver botnet C2 server (confidence level: 50%) | |
file206.189.95.226 | Sliver botnet C2 server (confidence level: 50%) | |
file82.77.149.124 | Sliver botnet C2 server (confidence level: 50%) | |
file192.159.99.71 | Sliver botnet C2 server (confidence level: 50%) | |
file220.124.105.50 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file145.223.69.212 | Crimson RAT botnet C2 server (confidence level: 50%) | |
file147.185.221.18 | DCRat botnet C2 server (confidence level: 50%) | |
file147.185.221.18 | DCRat botnet C2 server (confidence level: 50%) | |
file8.138.205.177 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file42.113.217.220 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file178.73.218.11 | Vjw0rm botnet C2 server (confidence level: 100%) | |
file101.201.75.136 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file37.221.66.178 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.229.76.72 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.86.44.49 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file164.68.120.30 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file31.57.63.237 | Havoc botnet C2 server (confidence level: 100%) | |
file54.198.55.119 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file93.198.181.242 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.250.126.10 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file57.182.176.173 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
file91.241.93.244 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.44.28.33 | Chaos botnet C2 server (confidence level: 100%) | |
file144.172.122.100 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file18.143.195.26 | BianLian botnet C2 server (confidence level: 100%) | |
file23.94.206.25 | STRRAT botnet C2 server (confidence level: 100%) | |
file45.83.31.159 | Remcos botnet C2 server (confidence level: 75%) | |
file154.94.232.243 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file154.94.232.243 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file142.171.168.59 | XWorm botnet C2 server (confidence level: 100%) | |
file45.156.87.212 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
file54.244.234.231 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file13.220.153.209 | Havoc botnet C2 server (confidence level: 75%) | |
file69.62.65.188 | Havoc botnet C2 server (confidence level: 75%) | |
file80.66.75.12 | Tofsee botnet C2 server (confidence level: 100%) | |
file120.46.72.74 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.99.94.41 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file147.185.221.24 | XWorm botnet C2 server (confidence level: 100%) | |
file13.60.49.63 | Sliver botnet C2 server (confidence level: 100%) | |
file196.191.244.137 | Sliver botnet C2 server (confidence level: 100%) | |
file146.190.161.203 | Unknown malware botnet C2 server (confidence level: 100%) | |
file16.78.2.231 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file35.189.104.224 | MooBot botnet C2 server (confidence level: 100%) | |
file41.103.158.248 | NjRAT botnet C2 server (confidence level: 100%) | |
file196.251.87.111 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file89.117.67.50 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
file146.56.225.103 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file47.107.249.31 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file1.15.246.91 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file137.131.24.201 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file138.68.157.189 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file50.118.221.133 | Sliver botnet C2 server (confidence level: 50%) | |
file182.182.158.86 | Sliver botnet C2 server (confidence level: 50%) | |
file188.166.69.208 | Sliver botnet C2 server (confidence level: 50%) | |
file51.112.44.190 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file103.17.172.198 | Remcos botnet C2 server (confidence level: 50%) | |
file5.10.250.239 | SectopRAT botnet C2 server (confidence level: 50%) | |
file196.251.85.56 | Havoc botnet C2 server (confidence level: 50%) | |
file139.99.17.177 | XWorm botnet C2 server (confidence level: 100%) | |
file120.46.72.74 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file117.72.218.179 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.204.213.69 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file43.251.116.18 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file45.80.158.122 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file18.220.79.189 | Unknown malware botnet C2 server (confidence level: 100%) | |
file4.210.171.193 | Unknown malware botnet C2 server (confidence level: 100%) | |
file188.124.51.141 | Unknown malware botnet C2 server (confidence level: 100%) | |
file43.203.255.221 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file194.5.99.243 | Remcos botnet C2 server (confidence level: 100%) | |
file68.161.181.241 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file194.102.104.47 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file45.192.217.12 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file178.255.148.229 | XWorm botnet C2 server (confidence level: 100%) | |
file147.185.221.29 | XWorm botnet C2 server (confidence level: 100%) | |
file182.16.33.131 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file182.16.33.134 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file166.0.132.184 | Sliver botnet C2 server (confidence level: 100%) | |
file109.172.91.231 | Sliver botnet C2 server (confidence level: 100%) | |
file209.74.77.201 | Sliver botnet C2 server (confidence level: 100%) | |
file50.116.17.55 | Sliver botnet C2 server (confidence level: 100%) | |
file89.197.168.150 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.87.82.8 | Unknown malware botnet C2 server (confidence level: 100%) | |
file46.246.86.3 | DCRat botnet C2 server (confidence level: 100%) | |
file15.168.61.27 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file45.192.209.86 | Kaiji botnet C2 server (confidence level: 100%) | |
file103.238.235.123 | MooBot botnet C2 server (confidence level: 100%) | |
file20.47.89.205 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file147.185.221.30 | XWorm botnet C2 server (confidence level: 100%) | |
file182.30.8.113 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file194.87.239.112 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file52.48.172.163 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file67.71.45.64 | QakBot botnet C2 server (confidence level: 75%) | |
file193.161.193.99 | XWorm botnet C2 server (confidence level: 100%) | |
file176.210.69.195 | XWorm botnet C2 server (confidence level: 100%) | |
file192.121.102.225 | XWorm botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash1244 | BeaverTail botnet C2 server (confidence level: 75%) | |
hash1224 | BeaverTail botnet C2 server (confidence level: 75%) | |
hash1224 | BeaverTail botnet C2 server (confidence level: 75%) | |
hash1244 | BeaverTail botnet C2 server (confidence level: 75%) | |
hash1244 | BeaverTail botnet C2 server (confidence level: 75%) | |
hash18180 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3389 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash3390 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash1961 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash3310 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash587 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash1244 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash631 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash503 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash6002 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash25565 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash443 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
hash66 | XWorm botnet C2 server (confidence level: 100%) | |
hash66 | XWorm botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2100 | Ghost RAT botnet C2 server (confidence level: 75%) | |
hash40000 | Sliver botnet C2 server (confidence level: 90%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash37830 | Remcos botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash143 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8080 | Havoc botnet C2 server (confidence level: 100%) | |
hash8000 | Orcus RAT botnet C2 server (confidence level: 100%) | |
hash5000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Lumma Stealer botnet C2 server (confidence level: 100%) | |
hash55615 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash808 | Kaiji botnet C2 server (confidence level: 100%) | |
hash80 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash1004 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7788 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash6001 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash2012 | Crimson RAT botnet C2 server (confidence level: 50%) | |
hash51207 | DCRat botnet C2 server (confidence level: 50%) | |
hash6969 | DCRat botnet C2 server (confidence level: 50%) | |
hash8000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7044 | Vjw0rm botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3306 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9090 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash47587 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash81 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8013 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
hash4000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Chaos botnet C2 server (confidence level: 100%) | |
hash8443 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash443 | BianLian botnet C2 server (confidence level: 100%) | |
hash3608 | STRRAT botnet C2 server (confidence level: 100%) | |
hash9322 | Remcos botnet C2 server (confidence level: 75%) | |
hash866 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash668 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash4441 | XWorm botnet C2 server (confidence level: 100%) | |
hash7705 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash483 | Tofsee botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash27521 | XWorm botnet C2 server (confidence level: 100%) | |
hash80 | Sliver botnet C2 server (confidence level: 100%) | |
hash80 | Sliver botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2086 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash999 | NjRAT botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50000 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash4848 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash32764 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash14344 | Remcos botnet C2 server (confidence level: 50%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash56001 | XWorm botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash803 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash80 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash7077 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash15443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash7204 | Remcos botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8880 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash66 | XWorm botnet C2 server (confidence level: 100%) | |
hash40748 | XWorm botnet C2 server (confidence level: 100%) | |
hash2100 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash2100 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8089 | Sliver botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2003 | DCRat botnet C2 server (confidence level: 100%) | |
hash1311 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8888 | Kaiji botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash47053 | XWorm botnet C2 server (confidence level: 100%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash2222 | QakBot botnet C2 server (confidence level: 75%) | |
hash29763 | XWorm botnet C2 server (confidence level: 100%) | |
hash7777 | XWorm botnet C2 server (confidence level: 100%) | |
hash66 | XWorm botnet C2 server (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://cq68815.tw1.ru/70807812.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://0367384.netsolhost.com/6n0j.exe | Pony payload delivery URL (confidence level: 50%) | |
urlhttp://mlcimaging.com/1ckjvug.exe | Pony payload delivery URL (confidence level: 50%) | |
urlhttp://directgrid.biz/forum/viewtopic.php | Pony botnet C2 (confidence level: 50%) | |
urlhttp://directgrid.info/forum/viewtopic.php | Pony botnet C2 (confidence level: 50%) | |
urlhttp://directgrid.net/forum/viewtopic.php | Pony botnet C2 (confidence level: 50%) | |
urlhttp://cv16139.tw1.ru/f1819877.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://113.44.139.80:443/cmbk | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttps://demo.softlinko.com | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://zxczxczxczxc.twist2katz.com/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://stealer.cy/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://bardbig.my/tuwo/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://healthyjouprney.tech/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://atten-supporse.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://clients.lamusicana.com/viewdashboard | FAKEUPDATES botnet C2 (confidence level: 100%) | |
urlhttp://93.127.142.157/ | Hook botnet C2 (confidence level: 50%) | |
urlhttps://witasametry.live/b9kdj3s3c0/login.php | Amadey botnet C2 (confidence level: 50%) | |
urlhttps://server7.cdneurops.buzz/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://server5.cdneurop.cloud/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttp://a0992716.xsph.ru/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://stat.softlinko.com | Vidar botnet C2 (confidence level: 75%) | |
urlhttp://192.168.33.134:7777/ymub | Cobalt Strike botnet C2 (confidence level: 75%) |
Threat ID: 688d591dad5a09ad00cffdde
Added to database: 8/2/2025, 12:17:33 AM
Last enriched: 8/2/2025, 12:32:44 AM
Last updated: 8/11/2025, 5:10:45 AM
Views: 24
Related Threats
North Korean Group ScarCruft Expands From Spying to Ransomware Attacks
MediumMalwareMon Aug 11 2025
MedusaLocker ransomware group is looking for pentesters
MediumMalwareMon Aug 11 2025
ThreatFox IOCs for 2025-08-10
MediumMalwareMon Aug 11 2025
ThreatFox IOCs for 2025-08-09
MediumMalwareSun Aug 10 2025
Embargo Ransomware nets $34.2M in crypto since April 2024
MediumMalwareSat Aug 09 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.