ThreatFox IOCs for 2025-08-09
ThreatFox IOCs for 2025-08-09
AI Analysis
Technical Summary
The provided information pertains to a set of Indicators of Compromise (IOCs) published on August 9, 2025, sourced from the ThreatFox MISP feed. The threat is categorized as malware-related, specifically involving OSINT (Open Source Intelligence), network activity, and payload delivery. However, the details are minimal, with no specific affected software versions, no known exploits in the wild, and no patches available. The threat level is indicated as medium, with a threatLevel score of 2 (on an unspecified scale), analysis score of 1, and distribution score of 3, suggesting moderate dissemination or detection frequency. The absence of concrete technical details, such as malware family, attack vectors, or payload specifics, limits the depth of analysis. The threat appears to be related to network activity and payload delivery mechanisms, possibly indicating malware distribution or command and control communications identified through OSINT methods. The lack of indicators and CWE references further constrains the technical understanding. Overall, this represents a medium-severity malware threat identified through OSINT with potential network activity implications but without evidence of active exploitation or widespread impact at this time.
Potential Impact
For European organizations, this threat's impact is currently limited due to the absence of known exploits in the wild and lack of specific affected products or versions. However, the presence of network activity and payload delivery components suggests a potential risk of malware infection or data exfiltration if the threat evolves or is leveraged in targeted attacks. Organizations relying on OSINT tools or monitoring network traffic for threat intelligence might detect related activity, but without actionable mitigation steps, the immediate operational impact remains low to medium. If exploited, the threat could compromise confidentiality and integrity of data, disrupt availability through payload execution, or facilitate further intrusion. The medium severity rating indicates a need for vigilance but does not imply imminent widespread harm. European entities with critical infrastructure or sensitive data should monitor developments closely, as malware threats with network delivery vectors can escalate rapidly.
Mitigation Recommendations
Given the limited specifics, European organizations should enhance network monitoring to detect unusual payload delivery or command and control traffic, employing advanced threat detection tools that leverage updated OSINT feeds such as ThreatFox. Implement network segmentation to limit malware spread and enforce strict egress filtering to prevent unauthorized outbound connections. Regularly update and audit intrusion detection and prevention systems (IDS/IPS) to recognize emerging indicators from OSINT sources. Conduct threat hunting exercises focusing on network anomalies and payload signatures. Since no patches are available, emphasize endpoint protection with behavior-based detection and application whitelisting. Educate security teams to integrate OSINT threat intelligence into incident response workflows promptly. Collaborate with national cybersecurity centers to share and receive timely threat information. These targeted actions go beyond generic advice by focusing on proactive network defense and intelligence-driven detection.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
Indicators of Compromise
- domain: vinsodg.top
- file: 47.95.9.181
- hash: 80
- file: 101.126.23.84
- hash: 80
- file: 143.92.37.188
- hash: 443
- file: 124.198.132.19
- hash: 8888
- file: 194.165.16.89
- hash: 2404
- file: 216.250.249.221
- hash: 8081
- file: 115.187.17.5
- hash: 80
- file: 49.113.75.75
- hash: 8888
- file: 209.38.174.51
- hash: 7443
- domain: autodiscover.project-w.xyz
- file: 196.251.92.45
- hash: 4449
- file: 13.246.240.58
- hash: 7908
- file: 13.246.240.58
- hash: 46558
- file: 198.55.98.194
- hash: 1911
- domain: shareaz.allianz-courtage.co
- file: 15.204.132.48
- hash: 9999
- url: https://pub.k22digital.my.id
- domain: pub.k22digital.my.id
- url: https://smockle.top/zajr
- file: 45.32.188.16
- hash: 4782
- file: 107.150.25.150
- hash: 443
- file: 147.185.221.30
- hash: 57375
- url: http://cz08047.tw1.ru/89ead6d7.php
- file: 107.173.34.56
- hash: 443
- file: 8.148.78.201
- hash: 80
- file: 8.148.78.201
- hash: 8888
- file: 74.81.45.64
- hash: 8080
- file: 45.137.70.250
- hash: 7443
- file: 82.25.34.95
- hash: 8081
- domain: ec2-54-242-171-49.compute-1.amazonaws.com
- file: 196.251.84.186
- hash: 443
- file: 52.91.254.146
- hash: 5000
- file: 54.80.110.194
- hash: 5000
- file: 103.197.191.191
- hash: 5984
- file: 103.197.191.191
- hash: 8088
- file: 103.197.191.191
- hash: 5000
- file: 103.197.191.191
- hash: 15672
- file: 47.245.95.53
- hash: 13000
- file: 47.245.95.53
- hash: 24725
- file: 47.245.95.53
- hash: 10879
- file: 47.245.95.53
- hash: 8883
- file: 47.245.95.53
- hash: 8000
- file: 111.90.151.129
- hash: 2850
- file: 92.113.151.133
- hash: 443
- file: 16.170.103.30
- hash: 3333
- file: 44.251.29.151
- hash: 443
- file: 52.220.81.96
- hash: 3333
- file: 54.207.231.121
- hash: 3333
- file: 207.180.215.48
- hash: 3333
- file: 59.14.154.201
- hash: 3333
- file: 149.202.43.174
- hash: 3333
- file: 34.200.161.246
- hash: 443
- file: 34.194.169.163
- hash: 443
- file: 54.185.252.79
- hash: 443
- file: 20.8.193.165
- hash: 3333
- file: 54.225.106.181
- hash: 443
- file: 172.236.137.60
- hash: 443
- file: 15.188.203.172
- hash: 443
- file: 188.166.49.36
- hash: 443
- file: 185.243.5.79
- hash: 4403
- file: 23.95.103.199
- hash: 9000
- file: 54.238.45.243
- hash: 80
- file: 112.87.174.51
- hash: 10001
- file: 173.249.196.177
- hash: 1111
- file: 103.214.172.184
- hash: 80
- file: 8.148.78.201
- hash: 801
- file: 54.255.243.112
- hash: 8080
- file: 103.214.172.80
- hash: 80
- file: 47.122.41.213
- hash: 8888
- file: 58.187.162.82
- hash: 4444
- file: 107.173.34.56
- hash: 80
- file: 101.126.131.195
- hash: 9999
- file: 103.146.158.129
- hash: 8880
- file: 154.9.26.222
- hash: 443
- file: 154.9.26.222
- hash: 80
- domain: xworm7.duckdns.org
- url: http://toxwebapp.ru
- file: 95.217.245.227
- hash: 443
- url: http://154.201.82.47:808/db.sh
- file: 185.208.159.135
- hash: 63641
- file: 45.32.188.16
- hash: 4444
- file: 156.245.198.160
- hash: 81
- file: 115.190.154.191
- hash: 443
- file: 121.127.231.166
- hash: 443
- file: 128.90.113.74
- hash: 2404
- file: 23.95.103.199
- hash: 2404
- file: 1.53.31.120
- hash: 4444
- file: 188.34.155.101
- hash: 7575
- file: 3.145.178.209
- hash: 2096
- file: 3.145.178.209
- hash: 31746
- file: 165.232.161.164
- hash: 4444
- file: 194.182.85.28
- hash: 443
- file: 3.221.126.230
- hash: 443
- file: 72.18.200.97
- hash: 443
- domain: nameless-mouse-2f97.gogohoog546.workers.dev
- domain: vaganetka.ru
- domain: ichmidt.com
- url: https://ichmidt.com/6t4r.js
- file: 35.158.159.254
- hash: 13396
- file: 3.121.139.82
- hash: 13396
- file: 18.198.77.177
- hash: 13396
- file: 3.127.253.86
- hash: 13396
- file: 195.201.47.73
- hash: 443
- domain: syntrva.forum
- url: http://ceramic-paris-hotel.com/default.php
- domain: type-modules.gl.at.ply.gg
- domain: official-ol.gl.at.ply.gg
- domain: cannonistanbulsskyss.duckdns.org
- domain: corepulsesync.ydns.eu
- file: 196.251.117.194
- hash: 19863
- domain: eliotexe0110-26529.portmap.host
- file: 192.124.176.43
- hash: 443
- file: 181.162.188.167
- hash: 8080
- file: 54.183.190.75
- hash: 8080
- domain: conditions-lake.gl.at.ply.gg
- domain: eijmdixci.cn
- file: 23.249.20.27
- hash: 53
- file: 23.249.20.27
- hash: 90
- file: 23.249.20.27
- hash: 80
- url: https://sudo.polarissonic.biz.id
- domain: sudo.polarissonic.biz.id
- file: 147.185.221.20
- hash: 24966
- file: 82.156.3.170
- hash: 3389
- file: 116.205.188.129
- hash: 54952
- url: http://116.205.188.129:54952/t8dm
- domain: hermitimplode.shop
- url: https://vaganetka.ru/opza/api
- file: 45.204.221.4
- hash: 4443
- file: 39.100.85.99
- hash: 8443
- file: 196.251.70.160
- hash: 5000
- file: 45.141.215.208
- hash: 8808
- file: 164.68.120.30
- hash: 4000
- domain: superclouds.website
- file: 45.136.29.64
- hash: 4321
- file: 206.238.199.196
- hash: 9650
- file: 147.185.221.25
- hash: 1187
- file: 147.185.221.30
- hash: 8080
- domain: flaskproxy-fedg.onrender.com
- file: 34.41.139.193
- hash: 31166
- domain: stage-edinburgh.gl.at.ply.gg
- domain: arch.wsf-steel.com
- domain: businesses-extensive.gl.at.ply.gg
- domain: dc-historic.gl.at.ply.gg
- domain: mr-fold.gl.at.ply.gg
- domain: love-interpreted.gl.at.ply.gg
- domain: me-work.com
- domain: ssa-personalservices.com
- domain: chrisbekner02.duckdns.org
- domain: w1lz.ddnsking.com
- file: 206.238.199.196
- hash: 9750
- file: 206.238.199.196
- hash: 9850
- file: 45.204.213.211
- hash: 1566
- file: 45.204.213.211
- hash: 8766
- file: 147.185.221.30
- hash: 49848
- file: 78.140.240.104
- hash: 5555
- file: 193.161.193.99
- hash: 41820
- file: 107.172.230.144
- hash: 443
- file: 101.36.125.58
- hash: 443
- file: 43.251.116.237
- hash: 80
- file: 121.127.231.200
- hash: 443
- file: 103.194.107.72
- hash: 8888
- file: 93.127.128.145
- hash: 80
- file: 75.158.42.85
- hash: 7443
- file: 16.171.159.253
- hash: 443
- file: 13.37.220.47
- hash: 443
- file: 191.101.131.21
- hash: 443
- file: 3.70.240.42
- hash: 8010
- file: 145.249.109.208
- hash: 8080
- file: 196.251.73.207
- hash: 80
- file: 45.137.70.250
- hash: 80
- url: https://ftp.polarissonic.biz.id
- domain: ftp.polarissonic.biz.id
- file: 129.212.180.89
- hash: 443
- file: 170.130.55.204
- hash: 37908
- file: 23.105.201.248
- hash: 9876
- file: 44.228.145.96
- hash: 443
- file: 45.8.159.172
- hash: 80
- file: 86.98.219.135
- hash: 443
- url: https://195.201.248.188
- domain: xxcaocs.556688.eu.org
ThreatFox IOCs for 2025-08-09
Description
ThreatFox IOCs for 2025-08-09
AI-Powered Analysis
Technical Analysis
The provided information pertains to a set of Indicators of Compromise (IOCs) published on August 9, 2025, sourced from the ThreatFox MISP feed. The threat is categorized as malware-related, specifically involving OSINT (Open Source Intelligence), network activity, and payload delivery. However, the details are minimal, with no specific affected software versions, no known exploits in the wild, and no patches available. The threat level is indicated as medium, with a threatLevel score of 2 (on an unspecified scale), analysis score of 1, and distribution score of 3, suggesting moderate dissemination or detection frequency. The absence of concrete technical details, such as malware family, attack vectors, or payload specifics, limits the depth of analysis. The threat appears to be related to network activity and payload delivery mechanisms, possibly indicating malware distribution or command and control communications identified through OSINT methods. The lack of indicators and CWE references further constrains the technical understanding. Overall, this represents a medium-severity malware threat identified through OSINT with potential network activity implications but without evidence of active exploitation or widespread impact at this time.
Potential Impact
For European organizations, this threat's impact is currently limited due to the absence of known exploits in the wild and lack of specific affected products or versions. However, the presence of network activity and payload delivery components suggests a potential risk of malware infection or data exfiltration if the threat evolves or is leveraged in targeted attacks. Organizations relying on OSINT tools or monitoring network traffic for threat intelligence might detect related activity, but without actionable mitigation steps, the immediate operational impact remains low to medium. If exploited, the threat could compromise confidentiality and integrity of data, disrupt availability through payload execution, or facilitate further intrusion. The medium severity rating indicates a need for vigilance but does not imply imminent widespread harm. European entities with critical infrastructure or sensitive data should monitor developments closely, as malware threats with network delivery vectors can escalate rapidly.
Mitigation Recommendations
Given the limited specifics, European organizations should enhance network monitoring to detect unusual payload delivery or command and control traffic, employing advanced threat detection tools that leverage updated OSINT feeds such as ThreatFox. Implement network segmentation to limit malware spread and enforce strict egress filtering to prevent unauthorized outbound connections. Regularly update and audit intrusion detection and prevention systems (IDS/IPS) to recognize emerging indicators from OSINT sources. Conduct threat hunting exercises focusing on network anomalies and payload signatures. Since no patches are available, emphasize endpoint protection with behavior-based detection and application whitelisting. Educate security teams to integrate OSINT threat intelligence into incident response workflows promptly. Collaborate with national cybersecurity centers to share and receive timely threat information. These targeted actions go beyond generic advice by focusing on proactive network defense and intelligence-driven detection.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- fdfbb6d1-53a8-4f86-8409-8e990fc86f91
- Original Timestamp
- 1754784185
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainvinsodg.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainautodiscover.project-w.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainshareaz.allianz-courtage.co | ERMAC botnet C2 domain (confidence level: 100%) | |
domainpub.k22digital.my.id | Vidar botnet C2 domain (confidence level: 75%) | |
domainec2-54-242-171-49.compute-1.amazonaws.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainxworm7.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domainnameless-mouse-2f97.gogohoog546.workers.dev | Skuld botnet C2 domain (confidence level: 100%) | |
domainvaganetka.ru | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainichmidt.com | KongTuke payload delivery domain (confidence level: 100%) | |
domainsyntrva.forum | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintype-modules.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainofficial-ol.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaincannonistanbulsskyss.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domaincorepulsesync.ydns.eu | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaineliotexe0110-26529.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainconditions-lake.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 100%) | |
domaineijmdixci.cn | ValleyRAT botnet C2 domain (confidence level: 100%) | |
domainsudo.polarissonic.biz.id | Vidar botnet C2 domain (confidence level: 75%) | |
domainhermitimplode.shop | ClearFake payload delivery domain (confidence level: 100%) | |
domainsuperclouds.website | Havoc botnet C2 domain (confidence level: 100%) | |
domainflaskproxy-fedg.onrender.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainstage-edinburgh.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainarch.wsf-steel.com | XWorm botnet C2 domain (confidence level: 100%) | |
domainbusinesses-extensive.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaindc-historic.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainmr-fold.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainlove-interpreted.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainme-work.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainssa-personalservices.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainchrisbekner02.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainw1lz.ddnsking.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainftp.polarissonic.biz.id | Vidar botnet C2 domain (confidence level: 75%) | |
domainxxcaocs.556688.eu.org | Cobalt Strike botnet C2 domain (confidence level: 75%) |
File
| Value | Description | Copy |
|---|---|---|
file47.95.9.181 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.126.23.84 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file143.92.37.188 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file124.198.132.19 | Remcos botnet C2 server (confidence level: 100%) | |
file194.165.16.89 | Remcos botnet C2 server (confidence level: 100%) | |
file216.250.249.221 | Remcos botnet C2 server (confidence level: 100%) | |
file115.187.17.5 | Sliver botnet C2 server (confidence level: 100%) | |
file49.113.75.75 | Unknown malware botnet C2 server (confidence level: 100%) | |
file209.38.174.51 | Unknown malware botnet C2 server (confidence level: 100%) | |
file196.251.92.45 | Venom RAT botnet C2 server (confidence level: 100%) | |
file13.246.240.58 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.246.240.58 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file198.55.98.194 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file15.204.132.48 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.32.188.16 | Quasar RAT botnet C2 server (confidence level: 75%) | |
file107.150.25.150 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file147.185.221.30 | XWorm botnet C2 server (confidence level: 100%) | |
file107.173.34.56 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.148.78.201 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.148.78.201 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file74.81.45.64 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.137.70.250 | Unknown malware botnet C2 server (confidence level: 100%) | |
file82.25.34.95 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file196.251.84.186 | Havoc botnet C2 server (confidence level: 100%) | |
file52.91.254.146 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.80.110.194 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.197.191.191 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.197.191.191 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.197.191.191 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.197.191.191 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.245.95.53 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.245.95.53 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.245.95.53 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.245.95.53 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.245.95.53 | Unknown malware botnet C2 server (confidence level: 100%) | |
file111.90.151.129 | Unknown malware botnet C2 server (confidence level: 100%) | |
file92.113.151.133 | Unknown malware botnet C2 server (confidence level: 100%) | |
file16.170.103.30 | Unknown malware botnet C2 server (confidence level: 100%) | |
file44.251.29.151 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.220.81.96 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.207.231.121 | Unknown malware botnet C2 server (confidence level: 100%) | |
file207.180.215.48 | Unknown malware botnet C2 server (confidence level: 100%) | |
file59.14.154.201 | Unknown malware botnet C2 server (confidence level: 100%) | |
file149.202.43.174 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.200.161.246 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.194.169.163 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.185.252.79 | Unknown malware botnet C2 server (confidence level: 100%) | |
file20.8.193.165 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.225.106.181 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.236.137.60 | Unknown malware botnet C2 server (confidence level: 100%) | |
file15.188.203.172 | Unknown malware botnet C2 server (confidence level: 100%) | |
file188.166.49.36 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.243.5.79 | Remcos botnet C2 server (confidence level: 100%) | |
file23.95.103.199 | Remcos botnet C2 server (confidence level: 100%) | |
file54.238.45.243 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
file112.87.174.51 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file173.249.196.177 | XWorm botnet C2 server (confidence level: 100%) | |
file103.214.172.184 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.148.78.201 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file54.255.243.112 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.214.172.80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.122.41.213 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file58.187.162.82 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.173.34.56 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.126.131.195 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.146.158.129 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.9.26.222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.9.26.222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file95.217.245.227 | Vidar botnet C2 server (confidence level: 75%) | |
file185.208.159.135 | Bashlite botnet C2 server (confidence level: 75%) | |
file45.32.188.16 | XenoRAT botnet C2 server (confidence level: 75%) | |
file156.245.198.160 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file115.190.154.191 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.127.231.166 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file128.90.113.74 | Remcos botnet C2 server (confidence level: 100%) | |
file23.95.103.199 | Remcos botnet C2 server (confidence level: 100%) | |
file1.53.31.120 | Orcus RAT botnet C2 server (confidence level: 100%) | |
file188.34.155.101 | DCRat botnet C2 server (confidence level: 100%) | |
file3.145.178.209 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file3.145.178.209 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file165.232.161.164 | Sliver botnet C2 server (confidence level: 75%) | |
file194.182.85.28 | Havoc botnet C2 server (confidence level: 75%) | |
file3.221.126.230 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file72.18.200.97 | Sliver botnet C2 server (confidence level: 75%) | |
file35.158.159.254 | XWorm botnet C2 server (confidence level: 100%) | |
file3.121.139.82 | XWorm botnet C2 server (confidence level: 100%) | |
file18.198.77.177 | XWorm botnet C2 server (confidence level: 100%) | |
file3.127.253.86 | XWorm botnet C2 server (confidence level: 100%) | |
file195.201.47.73 | Vidar botnet C2 server (confidence level: 100%) | |
file196.251.117.194 | Remcos botnet C2 server (confidence level: 100%) | |
file192.124.176.43 | ShadowPad botnet C2 server (confidence level: 90%) | |
file181.162.188.167 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file54.183.190.75 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file23.249.20.27 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file23.249.20.27 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file23.249.20.27 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file147.185.221.20 | XWorm botnet C2 server (confidence level: 100%) | |
file82.156.3.170 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file116.205.188.129 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.204.221.4 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.100.85.99 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file196.251.70.160 | Remcos botnet C2 server (confidence level: 100%) | |
file45.141.215.208 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file164.68.120.30 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.136.29.64 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file206.238.199.196 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file147.185.221.25 | Quasar RAT botnet C2 server (confidence level: 75%) | |
file147.185.221.30 | XWorm botnet C2 server (confidence level: 75%) | |
file34.41.139.193 | XWorm botnet C2 server (confidence level: 100%) | |
file206.238.199.196 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file206.238.199.196 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file45.204.213.211 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file45.204.213.211 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file147.185.221.30 | XWorm botnet C2 server (confidence level: 100%) | |
file78.140.240.104 | XWorm botnet C2 server (confidence level: 75%) | |
file193.161.193.99 | NjRAT botnet C2 server (confidence level: 100%) | |
file107.172.230.144 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.36.125.58 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.251.116.237 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file121.127.231.200 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file103.194.107.72 | Unknown malware botnet C2 server (confidence level: 100%) | |
file93.127.128.145 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file75.158.42.85 | Unknown malware botnet C2 server (confidence level: 100%) | |
file16.171.159.253 | Havoc botnet C2 server (confidence level: 100%) | |
file13.37.220.47 | Havoc botnet C2 server (confidence level: 100%) | |
file191.101.131.21 | Venom RAT botnet C2 server (confidence level: 100%) | |
file3.70.240.42 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file145.249.109.208 | Unknown malware botnet C2 server (confidence level: 100%) | |
file196.251.73.207 | MooBot botnet C2 server (confidence level: 100%) | |
file45.137.70.250 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file129.212.180.89 | BianLian botnet C2 server (confidence level: 75%) | |
file170.130.55.204 | Havoc botnet C2 server (confidence level: 75%) | |
file23.105.201.248 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file44.228.145.96 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file45.8.159.172 | Sliver botnet C2 server (confidence level: 75%) | |
file86.98.219.135 | QakBot botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash8888 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8081 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash7908 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash46558 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash1911 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash9999 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash57375 | XWorm botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8081 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash5000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5984 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8088 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash15672 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash13000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash24725 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10879 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8883 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2850 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4403 | Remcos botnet C2 server (confidence level: 100%) | |
hash9000 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash1111 | XWorm botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash801 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8880 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 75%) | |
hash63641 | Bashlite botnet C2 server (confidence level: 75%) | |
hash4444 | XenoRAT botnet C2 server (confidence level: 75%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash4444 | Orcus RAT botnet C2 server (confidence level: 100%) | |
hash7575 | DCRat botnet C2 server (confidence level: 100%) | |
hash2096 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash31746 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash4444 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 75%) | |
hash13396 | XWorm botnet C2 server (confidence level: 100%) | |
hash13396 | XWorm botnet C2 server (confidence level: 100%) | |
hash13396 | XWorm botnet C2 server (confidence level: 100%) | |
hash13396 | XWorm botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash19863 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8080 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash53 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash90 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash24966 | XWorm botnet C2 server (confidence level: 100%) | |
hash3389 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54952 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5000 | Remcos botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4321 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash9650 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash1187 | Quasar RAT botnet C2 server (confidence level: 75%) | |
hash8080 | XWorm botnet C2 server (confidence level: 75%) | |
hash31166 | XWorm botnet C2 server (confidence level: 100%) | |
hash9750 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash9850 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash1566 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8766 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash49848 | XWorm botnet C2 server (confidence level: 100%) | |
hash5555 | XWorm botnet C2 server (confidence level: 75%) | |
hash41820 | NjRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash443 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8010 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash80 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash443 | BianLian botnet C2 server (confidence level: 75%) | |
hash37908 | Havoc botnet C2 server (confidence level: 75%) | |
hash9876 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash80 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://pub.k22digital.my.id | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://smockle.top/zajr | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://cz08047.tw1.ru/89ead6d7.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://toxwebapp.ru | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://154.201.82.47:808/db.sh | Unknown malware payload delivery URL (confidence level: 75%) | |
urlhttps://ichmidt.com/6t4r.js | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttp://ceramic-paris-hotel.com/default.php | Pony botnet C2 (confidence level: 100%) | |
urlhttps://sudo.polarissonic.biz.id | Vidar botnet C2 (confidence level: 75%) | |
urlhttp://116.205.188.129:54952/t8dm | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttps://vaganetka.ru/opza/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ftp.polarissonic.biz.id | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://195.201.248.188 | Vidar botnet C2 (confidence level: 75%) |
Threat ID: 6897e51dad5a09ad000f211b
Added to database: 8/10/2025, 12:17:33 AM
Last enriched: 8/10/2025, 12:32:51 AM
Last updated: 8/10/2025, 1:47:33 PM
Views: 5
Related Threats
Embargo Ransomware nets $34.2M in crypto since April 2024
MediumThreatFox IOCs for 2025-08-08
MediumEfimer Trojan delivered via email and hacked WordPress websites
MediumUnmasking SocGholish: Untangling the Malware Web Behind the 'Pioneer of Fake Updates' and Its Operator
MediumObserved Malicious Driver Use Associated with Akira SonicWall Campaign
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.