ThreatFox IOCs for 2025-08-14

Severity: mediumType: malware

AI Analysis

Technical Summary

The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2025-08-14 by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), network activity, and payload delivery. The data appears to be a collection of threat intelligence indicators rather than a description of a specific malware variant or vulnerability. No affected software versions are listed, no patches are available, and no known exploits in the wild have been reported. The threat level is indicated as medium, with technical details showing moderate distribution (level 3) but low threat level (2) and analysis (1). The absence of CWEs and specific technical indicators suggests this is a general intelligence update rather than a detailed technical disclosure of a new or ongoing attack. The lack of indicators in the provided data limits the ability to analyze specific attack vectors or payload characteristics. This type of information is typically used by security teams to update detection rules, enhance monitoring, and improve incident response capabilities by recognizing malicious network activity or payload delivery attempts associated with known threat actors or campaigns.

Potential Impact

For European organizations, the impact of this threat intelligence update is primarily in enhancing situational awareness and improving detection capabilities rather than responding to an immediate active threat. Since no specific vulnerabilities or exploits are identified, the direct risk to confidentiality, integrity, or availability is limited at this stage. However, failure to incorporate these IOCs into security monitoring tools could result in missed detection opportunities for malware infections or network intrusions that use the identified indicators. Organizations in sectors with high exposure to targeted attacks, such as finance, critical infrastructure, and government, may benefit most from integrating this intelligence to preempt potential payload delivery attempts. The medium severity rating suggests a moderate risk level, emphasizing the importance of proactive defense but not indicating an urgent or critical threat.

Mitigation Recommendations

European organizations should focus on integrating the provided IOCs into their existing security infrastructure, including intrusion detection/prevention systems (IDS/IPS), Security Information and Event Management (SIEM) platforms, and endpoint detection and response (EDR) solutions. Regularly updating threat intelligence feeds and correlating alerts with these IOCs can improve early detection of suspicious network activity or payload delivery attempts. Additionally, organizations should conduct threat hunting exercises using these indicators to identify any latent compromises. Network segmentation and strict egress filtering can limit the impact of potential payload delivery. Since no patches are available, emphasis should be placed on robust monitoring, user awareness training to recognize phishing or social engineering attempts that may deliver payloads, and maintaining up-to-date backups to mitigate ransomware or destructive malware risks. Collaboration with national and European cybersecurity centers can enhance response coordination.

Affected Countries

Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Poland

Indicators of Compromise

domain: coverdealsforfood.icu
file: 87.248.150.68
hash: 8060
domain: analyticanoden.com
domain: security.flacergurad.com
domain: vendomen.com
url: https://193.5.65.150/gateway/sutnucq9.bftwc
url: https://linckonly.com/res/strategyremember
hash: cb158ba65e9cb8300a9968378a259855d465ebd6417b8d7ec5bc91294c4de9c3
domain: captchaverift.com
url: https://captchaverift.com/4r3.js
domain: items-ana.gl.at.ply.gg
domain: wasabidesktop.io
file: 196.251.81.3
hash: 2404
file: 45.141.84.189
hash: 443
file: 124.198.132.19
hash: 9999
file: 5.223.67.5
hash: 7443
file: 104.194.153.26
hash: 8082
file: 187.201.123.181
hash: 4444
file: 187.201.123.181
hash: 1201
file: 187.201.123.181
hash: 2079
file: 203.161.41.158
hash: 8443
file: 46.246.14.17
hash: 3000
file: 93.198.185.141
hash: 81
file: 13.212.35.30
hash: 888
file: 146.70.41.176
hash: 43212
domain: amaprox.click
file: 31.97.207.197
hash: 1337
file: 147.185.221.31
hash: 2829
url: https://lolkasdokriosell.com/work/
url: https://yuikasdojhf.com/work/
hash: 53afe35feae5ec8b5868a5f2588087506f1b50e5
hash: 1f5ede5de37e1dd4b8242bea76ca13391cc0c3118d949282a91eb95b7ae932a5
hash: d3526bf5b74831753366c51edea11e59
hash: 1eff32f04e1f73e1368f7066c60eebb6efa8950b
hash: dce88a89d7c51facbf90f88d023ef295513991303b57b5a15b63461c4746be82
hash: b32e0d2ea31e969d76dc3e07262c687f
hash: 277f31fb1f16590e42aa01ad5b38d0ba2fcd1edc
hash: fffe15a3fe30b9c2c4f6ee26350d5b1b546a187811780425203bd16dd38cc73d
hash: 46d32b7e96d5d442afd21bbdc68a96e7
hash: edc937eebf3fbcdc2e8d1787bde59630c5544dc9
hash: 44b82ef3b8a911c429a6c62b32af7523eefbd7463b261a8511c1af5bb66845bf
hash: 69642129bb04ee0004c255eda28ac9b1
hash: 60b4f5123d9c7e6977883d296976afd9eaac0acf
hash: 053e7680580a223c9face9e207f87fd14fe8918ff75af588d7a207409e3231e6
hash: 6587b3cbc9c6adecc115310a9184a423
hash: 904bd11ccf21a6f46b9f39b8d526e17b2dc1abfa
hash: cd2f6fbe7eaa61e899a68f857db93bd41f1386446cebb15c4867eab896816732
hash: 149ed3a67b532e690b4f78d00c95ad5e
hash: e69d65e901d76f9b74644baa6bb4f3900e9e1ef7
hash: 43edc5d7a3ae9b58248bfdbd0b1dda32a46874ce4b06d052286bb8edc994edc9
hash: baa1bdf93e10e2b12da498fef4231e31
hash: 254182bc79cbdd8ce2308368c6ac755c632623b4
hash: e825052861eddadd0a93dbeac860fae1e1364392b14e206d0385cbeefbd58327
hash: 2d98402fa34579c22792a61072d36875
hash: 1656203c4bdf574f9e726c2a3868379121ae5599
hash: afa14d2d3ff8120957bcc56119bc866a98cbd305c8dc0e764bd0e026d12ff3e7
hash: 7c7a2ed756bf8f8222f7d2fe9b790984
hash: 1671f3e366dd9b8fe07d60db8b2c79715d82e4ba
hash: 7e27600dac0194b016aef0ec6662761a23b9feedddd8aab01969e407a222fb76
hash: f48a66c4e2f4f9eb54a3f60ca43814f4
hash: 163336080d854d83203fb73edaf5aa9b8e4b9ac0
hash: 765bd0d1ba46da4d04c560ecdac0c0a1b8ab1dc9fd3665de59bced81cdb43712
hash: 6f7d2ade454e54b5b9a7b2d500908b15
hash: 86c2b7bd2032ac85fd36529c4284b2bd3dd61a4f
hash: 04053f3901db6b94d9e6a2e5312c63962db7cb4cc249bbe9b436e5cdd7730732
hash: b5235d1925dd6de76d4a3fc626bc1ddb
hash: cb762f5ab18aee1801155d95831243903582a2c7
hash: 49784cd5f974b8266ed02105bc6be8d04b7c7f798726caf15e052ba83a2b4c40
hash: 7a583af49b02e87896873b58d924a95c
hash: 37bac1d298c026711424ebc0e5b6ad47032d4da9
hash: 8391c46c2a7e1858d5a1f7b8b0e19b258d60ebdb54faeaeed0f7e2b6d3b9ef2a
hash: aa8519660c3e8e709659bff563e4c49b
hash: e84d0ae35e97df37fb3e3714cb941bef5634665b
hash: 054d8ec2250b0686a2bbb492940a4a92c453d02cb894a131ce50d946d0772a3c
hash: 85b65d7f1754ce60a2ee62aa6bf24338
hash: 2212fed8649a8104633355615ae904d0656ec67a
hash: e00aa14eab3def5c39e2be5d0f787d47caf495b1566f6c52d2771f4c4150f47a
hash: 22d91278aca27ca19a91ffe3e958ae8d
hash: 644f3fc065d10a98dd8d5bf28e70976a76d35fed
hash: 102c57004decd2173d86522467863123425f1ecccf37561fa34fca5c1de1c402
hash: e58ae9ac8306013d7dc1b23ff41b41e2
hash: 43fd88fce762129a1f213f50d4ec30622e30f4f0
hash: cdb8d74735fd803936cbb3f259418fa76aa5fa7ad03f8cba3b7d310006052e61
hash: b0693cb0717fb2096f98eab35dd4cf91
hash: 1ff5ce937f249ec6a2d6096238bacd8f9b26a731
hash: 8f79f3498f99153a250e593eeabd59baef4cc7858c0a002705622f294e86c648
hash: f9ba48a30f732650dec47ba011c63fb1
hash: ba240969db2c865063a75f8186f2fc83860d52ae
hash: a21ea3be11dab8ff00566411bca41ea6c635ac29ed71bca8274da560387701c9
hash: 1851dc48b25b34d01dce54dd74e1a7f0
hash: 8bdcf0e7c052887adc1a92e4b2af0ec927af25bc
hash: c30fdd073be8172d6975c53b1c6fa4955a0f20ebaef408228017540ba4d8ad62
hash: 276c53bf2f1cbc62cbdb0f2cae10f0a6
hash: 3b098fc7691c9e1c5be21bb1f79e39f53596264c
hash: 7f07829c1f18d042861a4c1d74c47dbf81c81f09d885e34ffa2684678accbe49
hash: 06234947f48f69ff534867f5ed1cc587
hash: 95b6f4230150dd4e848a2fad54a29dc19c3cb6da
hash: 8c749bda941e95b63de45bf9d344be6c06d937f539144c2907d40c6f0d4007cd
hash: 27a06f939ccb3cd8b7a182633f433489
hash: 269088e8d877df1ae2255c301267eba34e1a0e26
hash: 72667ad8a25bbab45505ec0004557d16e3eb734c92926ca601e8be32826539de
hash: 11b5b1899397c48b4ab6a05814d57c97
hash: 94f2b51980fdb2beeaccffc5ff02d97fb447becb
hash: 8cd2c50d76ca6672c8f99a66343af62f3a41c35a141f478f55044198ba8147c9
hash: 8c84aadd00107e3cd69446dd176028cb
hash: ce293657a4bea22208093de9d178d625c8eeea4a
hash: 07537259d2a619229ad4c3d60d3a1e79d35d50e4bae24f5d840f9a94a1d81223
hash: 1c50fbde3316fa7e72590a7c515f43d4
hash: e5f6634c64dc40e4b346e5777566c0027f678255
hash: 183debfb8f79415fa6b4191f2023a72a810cbcf8768b6c924abcc2135cbef112
hash: 82c3a153dad861a503ad9c9c944fe6d4
hash: 2fc139d82fb8eccba2b7a98a66504e75d54811d3
hash: e3f0db807199f2c11edacf8fa4a177b047b984f1fb5e85418c43d64c63bddf6d
hash: 0cbe6bd3494ac1a989ab74a828d93a37
hash: 634ee46b38c04d591c52ca71410e1be78ec2063a
hash: f18fc3f38fcc77adef0bcfd30bfdc8b7a4ece227a26d0138bb35804bfd46bf7b
hash: 319c061f9312536aeff64095c35f2b58
hash: 25e51c1b59aeb1f074c6a0d636b35558342c2f3b
hash: e856f81f7d6d98af5a806cb1af4be9a63e9847e2943c18aa3c5172d1dd09298b
hash: 64b42bd8c5c61b6262a7698eed8c7189
hash: dd4c7e8512fc4447544d36ecdff856fa53548e06
hash: b897296b26ad15c42b2194eb6c75fd5a2b91aede9e7b9606acb1ae2bbe3e269c
hash: 215f3abf5f180560d7ef95581a1c07dc
hash: f70adce8aafa68b9cdd2c0c1def8fd8d4b7941ae
hash: f14254c02ea660ef7c44d8d3e13576c9861df1744c9799f96c34310adc97680f
hash: 66ed60e4dfdfdb08e4a620bca36c2e9f
hash: b0f6aba049be680696c2ed3bd8552dbb9fd0f656
hash: 9b82825864714597159caad95b64b68cbb976756b1989d4d38e782858e510589
hash: 1ab14694b269f879403441f033cdf8e2
hash: cda384ea26cf39ccaabe3156407a3afd97c84134
hash: 6f9c1b2d7a3287b2615068382a7febcc4f3b39ce1acecd59ed8687c3d7b0123e
hash: 141b9abb06dfc21d994f4e1304833bad
hash: 8c6218d019670400908fbe5199115042ba3b46ff
hash: aef3d22534f139f099c28a17b9e1889eada12c04c97446408000fd2aca807cb0
hash: 6529f8caea2343a6f5381d3b4da2357a
hash: 17ae185f16a88fb53c33166ed2cad198decacb3b
hash: a172deb94ea7c05df19865326d5b50e5e2b594f32e9f417b8f5544e2cf98cbcc
hash: f447d465aeb908aa17e0e51982949ce0
hash: ffd4422c1728801eb27d61116d5b0d1c7553bd42
hash: e4f80d58918b691b1732a984c5f1801965c5f9330c8fb50e1cf1e1a19705abd8
hash: aedb20d43d8f6008947373e186cee128
hash: b264c4c89aa79a1bc65439cf474541a48822d55b
hash: bb6b658d72131519923cce15d2bd5992182b17d3369f8b298038f1c9065cf1be
hash: 1399a2c34b345559cc361d0e9a396e48
hash: 39d70630557f1bfc82dfbdfdab369e59c8a9a3da
hash: 146d6357f782fafac397aa48c098a4ace344131c1ab12b6eafe72a2c59c88814
hash: 5375f5343d54a37b52162502672a05b5
hash: 52da4ba926abac2fe046d4ce28a31958a185272e
hash: affbb0db85505a477fad583411e0361f0502ef4d9c46059da31ca85eb0e0b5d6
hash: 9ebcb5d648c22fb22f0e0f2dc00d2118
hash: 06c0c9d771c851297f534cfb55f4b4e79857aeb1
hash: 659cfb359d2e9890f3488d6dd65852151f9a3d6bdc8c27fd45e8a78b3489a354
hash: 57c315775b2057dbb4caf4a9a1b398b5
hash: 8e76d405a5e2c536b418801130ff8c4aeffe6bd0
hash: a9db0fa0c7082292a4f2a98f8ffc47e408edac5182f8705c616ea607faffb01a
hash: fb638f33f3e2b00632fb57631db18742
hash: 1be977fa20e4ff896843b0eeaf568c53280a49fc
hash: 6a24ba25482c73d193fcc208d8ae267236b870b9ab30c44cabe2dc8bfb7a1073
hash: 610cf410b594790106bfe7ea5bfeda75
hash: 2ae9d6ef0bfc48718c5acd053105d20dcd581bb5
hash: 63fcf3a7e70b3fbb2eab59761bbdaacc36240a52329f7c5574448fa6659b192b
hash: c9a7bf2db885ecfe9852fd5886e268b6
hash: d0e8553dfdfe3fcadb0ee0bc8d4fc60c7ee51db1
hash: 441bfa53ac594f01c4f8ef146857c6bc70d67dbf4b3659e109b3f5221f2ae3e3
hash: acdd0bf6405a5ca2a88fe5fd4d042630
hash: a8e562fae26feab8f698d55541b47e0a171ec60c
hash: 222cd93440a5164569fae152333710a9f169b85644b9f61d1f00e4aaab1fe07f
hash: 1824cc8915891fb052aab74a025f0129
hash: 76198b20fadb0e751c22ad1ce7957de731d77776
hash: 50264b76dd44a9e7877e65cb1a1f133ea93c1032a3bea48759bf19863d8076c9
hash: 49a8e6d99f1c776437c07c6f4a810284
hash: d72bc87fb1e3d5ea16a0cb46cae55e6a0d76181c
hash: 597aafe308ff4be5b4100ba2699fe76fbb172c83ba436816da4a8020e67198a9
hash: 2ab826fa6860671dd9a1836cac3c9d8e
hash: 5aab627732d17cfa7de6e352e314e724f3fc3bba
hash: 38821264d5790186e8a61e25e2fb8acf18c4e3a09885f4117fc985880be45bc0
hash: bc7935f44cf658456f3a8e1bff3c78a3
hash: fb6df6068d143d4435e04509ad681eb9c07bc930
hash: 01892041a19c8467cfded2f42a45a5dec25027ca86cc072d0f6e34469ae3529d
hash: ba3928b87a009dccc8522a52955a47f5
hash: 90a23cf224ab585ae1e386210e11104daa6049bb
hash: debb56949f1113e2c5ca0ceadca7db66cc65da196fdafa07c8989b43fc32785a
hash: 0f6f36d04f03fe09fc10e95c206a6139
hash: e4bccb7e5d97ab233c7d8b180c9806197a7d60e6
hash: 5b83cbd627b5f25bfbe2dcfc7dd9a8d0ce85ba9c61352c43b02dcc54e5798c32
hash: abf77e28a053c2ea21c19bd6f1d3bd11
hash: 724c2bef499277331c86af521ea5554231c5c8e9
hash: 6dda3fe96be26f7d4099da760f7709733f69026073979c629fbd1cd731667f4e
hash: 5126edd73cff35025ea55c9e23987cfd
hash: fc1faef854c28c6e7ecc87bc065e076baadbb50a
hash: b7cdfaccc7d0f78bcd496daa22498a084becb9cac90671f211adcde5bdabc431
hash: f4714a4f9594c094c371ae4b7541db07
file: 111.229.187.190
hash: 8993
file: 185.196.10.204
hash: 4001
file: 94.154.35.73
hash: 9000
domain: ec2-3-8-147-54.eu-west-2.compute.amazonaws.com
file: 89.213.177.245
hash: 25565
file: 103.235.75.42
hash: 443
file: 198.167.207.76
hash: 443
file: 170.130.165.178
hash: 80
file: 199.230.105.20
hash: 80
file: 198.2.235.207
hash: 60000
file: 23.94.87.131
hash: 3333
file: 38.207.176.86
hash: 8081
file: 81.17.102.237
hash: 443
file: 194.180.158.22
hash: 3333
file: 35.222.179.67
hash: 10443
file: 18.219.219.173
hash: 3333
file: 114.220.200.110
hash: 9205
file: 104.154.56.133
hash: 10443
file: 85.190.246.33
hash: 443
file: 196.251.92.94
hash: 3333
file: 38.190.196.13
hash: 8888
file: 156.245.28.75
hash: 8888
file: 15.237.188.162
hash: 8080
file: 111.170.36.38
hash: 8080
file: 111.170.36.38
hash: 8081
file: 111.170.36.38
hash: 7000
file: 111.170.36.38
hash: 7001
file: 193.26.115.190
hash: 2404
file: 172.94.9.235
hash: 5671
file: 38.54.79.131
hash: 8443
file: 172.96.165.186
hash: 10001
hash: 1779b5ad3f448627d97e0bd8f660ae6a
hash: 0c527f2ab60c6e6bcb59e0d6084cfc69
hash: 7857ea54154ebfca2cb88635a4207560
file: 149.102.131.122
hash: 41521
domain: mar-cant.gl.at.ply.gg
file: 100.26.201.238
hash: 1617
domain: whiteness.hopto.org
domain: jajaj2024.kozow.com
file: 70.106.203.136
hash: 6606
file: 70.106.203.136
hash: 7707
file: 70.106.203.136
hash: 8989
domain: jobs-religions.gl.at.ply.gg
domain: ask-nancy.gl.at.ply.gg
url: https://burahrmp.forum/xiwi/api
url: https://combvff.top/zalw
domain: redroademail.com
url: https://redroademail.com/scatter.bak
url: https://redroademail.com/skill.php
url: https://redroademail.com/cappp/
file: 18.158.58.205
hash: 12027
file: 3.127.181.115
hash: 12027
file: 3.67.62.142
hash: 12027
file: 60.163.192.42
hash: 8888
file: 8.156.65.2
hash: 8888
file: 20.151.73.4
hash: 1234
file: 185.143.221.209
hash: 9999
url: http://repshd.com:443/menus.aspx
domain: access.skaparade.com
file: 172.245.41.3
hash: 443
file: 103.176.197.28
hash: 14994
file: 185.208.158.241
hash: 2404
file: 107.189.21.86
hash: 9000
file: 23.88.39.201
hash: 7443
file: 94.154.35.57
hash: 443
file: 152.32.247.91
hash: 443
file: 3.146.105.91
hash: 443
file: 54.89.255.236
hash: 80
file: 102.100.73.224
hash: 443
file: 167.160.161.185
hash: 443
file: 8.219.180.92
hash: 10001
file: 139.84.142.64
hash: 443
file: 139.84.144.98
hash: 443
file: 217.165.61.112
hash: 443
file: 3.222.154.33
hash: 443
file: 54.228.103.168
hash: 443
file: 83.110.196.96
hash: 443
file: 94.49.43.74
hash: 443
file: 35.180.97.114
hash: 443
file: 194.59.31.27
hash: 6565
domain: antique-proper-prizes-civilian.trycloudflare.com
domain: oxford-sri-fast-eve.trycloudflare.com
url: https://static.death-angel.shop
domain: static.death-angel.shop
url: http://075229cm.nyash.es/phpjsserverdefaultbasetrackdownloads.php
file: 147.185.221.31
hash: 3884
file: 45.80.158.210
hash: 4782
file: 206.233.128.131
hash: 80
domain: programs-realty.gl.at.ply.gg
file: 198.2.235.207
hash: 2087
domain: series-segments.gl.at.ply.gg
domain: msasteelalloys.cc
file: 160.191.244.103
hash: 6582
domain: english-trackbacks.gl.at.ply.gg
file: 78.128.112.6
hash: 3030
file: 94.26.90.178
hash: 2404
domain: agents-bought.gl.at.ply.gg
url: https://capsiqp.top/tiew
file: 95.179.209.246
hash: 7443
file: 35.92.47.41
hash: 10204
file: 51.17.51.236
hash: 14000
file: 13.60.220.2
hash: 2077
file: 38.60.134.224
hash: 30089
domain: thomas-compromise.gl.at.ply.gg
file: 94.237.49.71
hash: 8000
domain: shyda6317.club
file: 103.167.90.238
hash: 7000
url: http://185.167.61.225/server/br7/arquivos/download/base.php
domain: app.makemoremoneychallenge.vip
file: 172.93.128.151
hash: 3011
url: https://t.me/romakorz
url: https://t.me/stfroma
url: https://seismrzw.top/toox
url: https://t.me/dcsgegtvrgrgeg252sv
file: 81.69.98.230
hash: 50010
file: 39.106.2.193
hash: 5995
file: 3.64.4.198
hash: 12027
url: https://base.death-angel.shop
domain: base.death-angel.shop
file: 196.251.70.224
hash: 33672
file: 64.176.69.172
hash: 9000
file: 16.171.38.71
hash: 443
file: 46.246.14.2
hash: 1963
domain: stat.messager.my
file: 18.142.251.65
hash: 80
file: 163.181.35.242
hash: 443
file: 94.154.35.71
hash: 2025
domain: educare1.ddns.net
domain: coldalt.coldalt.com
domain: vvig.cc
domain: what-nudist.gl.at.ply.gg
domain: had-palmer.gl.at.ply.gg
url: https://steyxld.top/xpty
file: 93.115.18.177
hash: 81
file: 46.205.202.219
hash: 1912
file: 196.251.72.200
hash: 5000
file: 95.140.125.54
hash: 4040
file: 193.161.193.99
hash: 33942
file: 147.185.221.30
hash: 64035
domain: xuyo.org
file: 45.76.188.238
hash: 8443
file: 172.245.41.3
hash: 80
file: 116.62.64.54
hash: 4433
file: 94.154.35.64
hash: 443
file: 94.154.35.59
hash: 443
file: 94.154.35.54
hash: 443
file: 128.90.106.162
hash: 2404
file: 94.154.35.89
hash: 2404
file: 38.12.25.51
hash: 8888
domain: host0.tryfancify.com
file: 2.58.56.233
hash: 8877
file: 93.149.216.26
hash: 6606
file: 187.201.123.181
hash: 2052
file: 187.201.123.181
hash: 1244
domain: strm.messager.my
file: 115.231.171.23
hash: 10001
url: http://ci52171.tw1.ru/01982857.php
url: http://telamtykina.live/b9kdj3s3c1/index.php
file: 147.185.221.30
hash: 39982
domain: telamtykina.live
file: 15.207.149.189
hash: 443
file: 3.136.46.174
hash: 443
file: 43.217.72.116
hash: 443
file: 94.49.43.74
hash: 995
file: 23.95.103.211
hash: 2404
file: 185.196.8.31
hash: 6000
file: 1.15.139.145
hash: 6666
file: 107.172.132.35
hash: 46712

ThreatFox IOCs for 2025-08-14

Severity: medium

Type: malware

ThreatFox IOCs for 2025-08-14

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Poland

Indicators of Compromise

domain: coverdealsforfood.icu
file: 87.248.150.68
hash: 8060
domain: analyticanoden.com
domain: security.flacergurad.com
domain: vendomen.com
url: https://193.5.65.150/gateway/sutnucq9.bftwc
url: https://linckonly.com/res/strategyremember
hash: cb158ba65e9cb8300a9968378a259855d465ebd6417b8d7ec5bc91294c4de9c3
domain: captchaverift.com
url: https://captchaverift.com/4r3.js
domain: items-ana.gl.at.ply.gg
domain: wasabidesktop.io
file: 196.251.81.3
hash: 2404
file: 45.141.84.189
hash: 443
file: 124.198.132.19
hash: 9999
file: 5.223.67.5
hash: 7443
file: 104.194.153.26
hash: 8082
file: 187.201.123.181
hash: 4444
file: 187.201.123.181
hash: 1201
file: 187.201.123.181
hash: 2079
file: 203.161.41.158
hash: 8443
file: 46.246.14.17
hash: 3000
file: 93.198.185.141
hash: 81
file: 13.212.35.30
hash: 888
file: 146.70.41.176
hash: 43212
domain: amaprox.click
file: 31.97.207.197
hash: 1337
file: 147.185.221.31
hash: 2829
url: https://lolkasdokriosell.com/work/
url: https://yuikasdojhf.com/work/
hash: 53afe35feae5ec8b5868a5f2588087506f1b50e5
hash: 1f5ede5de37e1dd4b8242bea76ca13391cc0c3118d949282a91eb95b7ae932a5
hash: d3526bf5b74831753366c51edea11e59
hash: 1eff32f04e1f73e1368f7066c60eebb6efa8950b
hash: dce88a89d7c51facbf90f88d023ef295513991303b57b5a15b63461c4746be82
hash: b32e0d2ea31e969d76dc3e07262c687f
hash: 277f31fb1f16590e42aa01ad5b38d0ba2fcd1edc
hash: fffe15a3fe30b9c2c4f6ee26350d5b1b546a187811780425203bd16dd38cc73d
hash: 46d32b7e96d5d442afd21bbdc68a96e7
hash: edc937eebf3fbcdc2e8d1787bde59630c5544dc9
hash: 44b82ef3b8a911c429a6c62b32af7523eefbd7463b261a8511c1af5bb66845bf
hash: 69642129bb04ee0004c255eda28ac9b1
hash: 60b4f5123d9c7e6977883d296976afd9eaac0acf
hash: 053e7680580a223c9face9e207f87fd14fe8918ff75af588d7a207409e3231e6
hash: 6587b3cbc9c6adecc115310a9184a423
hash: 904bd11ccf21a6f46b9f39b8d526e17b2dc1abfa
hash: cd2f6fbe7eaa61e899a68f857db93bd41f1386446cebb15c4867eab896816732
hash: 149ed3a67b532e690b4f78d00c95ad5e
hash: e69d65e901d76f9b74644baa6bb4f3900e9e1ef7
hash: 43edc5d7a3ae9b58248bfdbd0b1dda32a46874ce4b06d052286bb8edc994edc9
hash: baa1bdf93e10e2b12da498fef4231e31
hash: 254182bc79cbdd8ce2308368c6ac755c632623b4
hash: e825052861eddadd0a93dbeac860fae1e1364392b14e206d0385cbeefbd58327
hash: 2d98402fa34579c22792a61072d36875
hash: 1656203c4bdf574f9e726c2a3868379121ae5599
hash: afa14d2d3ff8120957bcc56119bc866a98cbd305c8dc0e764bd0e026d12ff3e7
hash: 7c7a2ed756bf8f8222f7d2fe9b790984
hash: 1671f3e366dd9b8fe07d60db8b2c79715d82e4ba
hash: 7e27600dac0194b016aef0ec6662761a23b9feedddd8aab01969e407a222fb76
hash: f48a66c4e2f4f9eb54a3f60ca43814f4
hash: 163336080d854d83203fb73edaf5aa9b8e4b9ac0
hash: 765bd0d1ba46da4d04c560ecdac0c0a1b8ab1dc9fd3665de59bced81cdb43712
hash: 6f7d2ade454e54b5b9a7b2d500908b15
hash: 86c2b7bd2032ac85fd36529c4284b2bd3dd61a4f
hash: 04053f3901db6b94d9e6a2e5312c63962db7cb4cc249bbe9b436e5cdd7730732
hash: b5235d1925dd6de76d4a3fc626bc1ddb
hash: cb762f5ab18aee1801155d95831243903582a2c7
hash: 49784cd5f974b8266ed02105bc6be8d04b7c7f798726caf15e052ba83a2b4c40
hash: 7a583af49b02e87896873b58d924a95c
hash: 37bac1d298c026711424ebc0e5b6ad47032d4da9
hash: 8391c46c2a7e1858d5a1f7b8b0e19b258d60ebdb54faeaeed0f7e2b6d3b9ef2a
hash: aa8519660c3e8e709659bff563e4c49b
hash: e84d0ae35e97df37fb3e3714cb941bef5634665b
hash: 054d8ec2250b0686a2bbb492940a4a92c453d02cb894a131ce50d946d0772a3c
hash: 85b65d7f1754ce60a2ee62aa6bf24338
hash: 2212fed8649a8104633355615ae904d0656ec67a
hash: e00aa14eab3def5c39e2be5d0f787d47caf495b1566f6c52d2771f4c4150f47a
hash: 22d91278aca27ca19a91ffe3e958ae8d
hash: 644f3fc065d10a98dd8d5bf28e70976a76d35fed
hash: 102c57004decd2173d86522467863123425f1ecccf37561fa34fca5c1de1c402
hash: e58ae9ac8306013d7dc1b23ff41b41e2
hash: 43fd88fce762129a1f213f50d4ec30622e30f4f0
hash: cdb8d74735fd803936cbb3f259418fa76aa5fa7ad03f8cba3b7d310006052e61
hash: b0693cb0717fb2096f98eab35dd4cf91
hash: 1ff5ce937f249ec6a2d6096238bacd8f9b26a731
hash: 8f79f3498f99153a250e593eeabd59baef4cc7858c0a002705622f294e86c648
hash: f9ba48a30f732650dec47ba011c63fb1
hash: ba240969db2c865063a75f8186f2fc83860d52ae
hash: a21ea3be11dab8ff00566411bca41ea6c635ac29ed71bca8274da560387701c9
hash: 1851dc48b25b34d01dce54dd74e1a7f0
hash: 8bdcf0e7c052887adc1a92e4b2af0ec927af25bc
hash: c30fdd073be8172d6975c53b1c6fa4955a0f20ebaef408228017540ba4d8ad62
hash: 276c53bf2f1cbc62cbdb0f2cae10f0a6
hash: 3b098fc7691c9e1c5be21bb1f79e39f53596264c
hash: 7f07829c1f18d042861a4c1d74c47dbf81c81f09d885e34ffa2684678accbe49
hash: 06234947f48f69ff534867f5ed1cc587
hash: 95b6f4230150dd4e848a2fad54a29dc19c3cb6da
hash: 8c749bda941e95b63de45bf9d344be6c06d937f539144c2907d40c6f0d4007cd
hash: 27a06f939ccb3cd8b7a182633f433489
hash: 269088e8d877df1ae2255c301267eba34e1a0e26
hash: 72667ad8a25bbab45505ec0004557d16e3eb734c92926ca601e8be32826539de
hash: 11b5b1899397c48b4ab6a05814d57c97
hash: 94f2b51980fdb2beeaccffc5ff02d97fb447becb
hash: 8cd2c50d76ca6672c8f99a66343af62f3a41c35a141f478f55044198ba8147c9
hash: 8c84aadd00107e3cd69446dd176028cb
hash: ce293657a4bea22208093de9d178d625c8eeea4a
hash: 07537259d2a619229ad4c3d60d3a1e79d35d50e4bae24f5d840f9a94a1d81223
hash: 1c50fbde3316fa7e72590a7c515f43d4
hash: e5f6634c64dc40e4b346e5777566c0027f678255
hash: 183debfb8f79415fa6b4191f2023a72a810cbcf8768b6c924abcc2135cbef112
hash: 82c3a153dad861a503ad9c9c944fe6d4
hash: 2fc139d82fb8eccba2b7a98a66504e75d54811d3
hash: e3f0db807199f2c11edacf8fa4a177b047b984f1fb5e85418c43d64c63bddf6d
hash: 0cbe6bd3494ac1a989ab74a828d93a37
hash: 634ee46b38c04d591c52ca71410e1be78ec2063a
hash: f18fc3f38fcc77adef0bcfd30bfdc8b7a4ece227a26d0138bb35804bfd46bf7b
hash: 319c061f9312536aeff64095c35f2b58
hash: 25e51c1b59aeb1f074c6a0d636b35558342c2f3b
hash: e856f81f7d6d98af5a806cb1af4be9a63e9847e2943c18aa3c5172d1dd09298b
hash: 64b42bd8c5c61b6262a7698eed8c7189
hash: dd4c7e8512fc4447544d36ecdff856fa53548e06
hash: b897296b26ad15c42b2194eb6c75fd5a2b91aede9e7b9606acb1ae2bbe3e269c
hash: 215f3abf5f180560d7ef95581a1c07dc
hash: f70adce8aafa68b9cdd2c0c1def8fd8d4b7941ae
hash: f14254c02ea660ef7c44d8d3e13576c9861df1744c9799f96c34310adc97680f
hash: 66ed60e4dfdfdb08e4a620bca36c2e9f
hash: b0f6aba049be680696c2ed3bd8552dbb9fd0f656
hash: 9b82825864714597159caad95b64b68cbb976756b1989d4d38e782858e510589
hash: 1ab14694b269f879403441f033cdf8e2
hash: cda384ea26cf39ccaabe3156407a3afd97c84134
hash: 6f9c1b2d7a3287b2615068382a7febcc4f3b39ce1acecd59ed8687c3d7b0123e
hash: 141b9abb06dfc21d994f4e1304833bad
hash: 8c6218d019670400908fbe5199115042ba3b46ff
hash: aef3d22534f139f099c28a17b9e1889eada12c04c97446408000fd2aca807cb0
hash: 6529f8caea2343a6f5381d3b4da2357a
hash: 17ae185f16a88fb53c33166ed2cad198decacb3b
hash: a172deb94ea7c05df19865326d5b50e5e2b594f32e9f417b8f5544e2cf98cbcc
hash: f447d465aeb908aa17e0e51982949ce0
hash: ffd4422c1728801eb27d61116d5b0d1c7553bd42
hash: e4f80d58918b691b1732a984c5f1801965c5f9330c8fb50e1cf1e1a19705abd8
hash: aedb20d43d8f6008947373e186cee128
hash: b264c4c89aa79a1bc65439cf474541a48822d55b
hash: bb6b658d72131519923cce15d2bd5992182b17d3369f8b298038f1c9065cf1be
hash: 1399a2c34b345559cc361d0e9a396e48
hash: 39d70630557f1bfc82dfbdfdab369e59c8a9a3da
hash: 146d6357f782fafac397aa48c098a4ace344131c1ab12b6eafe72a2c59c88814
hash: 5375f5343d54a37b52162502672a05b5
hash: 52da4ba926abac2fe046d4ce28a31958a185272e
hash: affbb0db85505a477fad583411e0361f0502ef4d9c46059da31ca85eb0e0b5d6
hash: 9ebcb5d648c22fb22f0e0f2dc00d2118
hash: 06c0c9d771c851297f534cfb55f4b4e79857aeb1
hash: 659cfb359d2e9890f3488d6dd65852151f9a3d6bdc8c27fd45e8a78b3489a354
hash: 57c315775b2057dbb4caf4a9a1b398b5
hash: 8e76d405a5e2c536b418801130ff8c4aeffe6bd0
hash: a9db0fa0c7082292a4f2a98f8ffc47e408edac5182f8705c616ea607faffb01a
hash: fb638f33f3e2b00632fb57631db18742
hash: 1be977fa20e4ff896843b0eeaf568c53280a49fc
hash: 6a24ba25482c73d193fcc208d8ae267236b870b9ab30c44cabe2dc8bfb7a1073
hash: 610cf410b594790106bfe7ea5bfeda75
hash: 2ae9d6ef0bfc48718c5acd053105d20dcd581bb5
hash: 63fcf3a7e70b3fbb2eab59761bbdaacc36240a52329f7c5574448fa6659b192b
hash: c9a7bf2db885ecfe9852fd5886e268b6
hash: d0e8553dfdfe3fcadb0ee0bc8d4fc60c7ee51db1
hash: 441bfa53ac594f01c4f8ef146857c6bc70d67dbf4b3659e109b3f5221f2ae3e3
hash: acdd0bf6405a5ca2a88fe5fd4d042630
hash: a8e562fae26feab8f698d55541b47e0a171ec60c
hash: 222cd93440a5164569fae152333710a9f169b85644b9f61d1f00e4aaab1fe07f
hash: 1824cc8915891fb052aab74a025f0129
hash: 76198b20fadb0e751c22ad1ce7957de731d77776
hash: 50264b76dd44a9e7877e65cb1a1f133ea93c1032a3bea48759bf19863d8076c9
hash: 49a8e6d99f1c776437c07c6f4a810284
hash: d72bc87fb1e3d5ea16a0cb46cae55e6a0d76181c
hash: 597aafe308ff4be5b4100ba2699fe76fbb172c83ba436816da4a8020e67198a9
hash: 2ab826fa6860671dd9a1836cac3c9d8e
hash: 5aab627732d17cfa7de6e352e314e724f3fc3bba
hash: 38821264d5790186e8a61e25e2fb8acf18c4e3a09885f4117fc985880be45bc0
hash: bc7935f44cf658456f3a8e1bff3c78a3
hash: fb6df6068d143d4435e04509ad681eb9c07bc930
hash: 01892041a19c8467cfded2f42a45a5dec25027ca86cc072d0f6e34469ae3529d
hash: ba3928b87a009dccc8522a52955a47f5
hash: 90a23cf224ab585ae1e386210e11104daa6049bb
hash: debb56949f1113e2c5ca0ceadca7db66cc65da196fdafa07c8989b43fc32785a
hash: 0f6f36d04f03fe09fc10e95c206a6139
hash: e4bccb7e5d97ab233c7d8b180c9806197a7d60e6
hash: 5b83cbd627b5f25bfbe2dcfc7dd9a8d0ce85ba9c61352c43b02dcc54e5798c32
hash: abf77e28a053c2ea21c19bd6f1d3bd11
hash: 724c2bef499277331c86af521ea5554231c5c8e9
hash: 6dda3fe96be26f7d4099da760f7709733f69026073979c629fbd1cd731667f4e
hash: 5126edd73cff35025ea55c9e23987cfd
hash: fc1faef854c28c6e7ecc87bc065e076baadbb50a
hash: b7cdfaccc7d0f78bcd496daa22498a084becb9cac90671f211adcde5bdabc431
hash: f4714a4f9594c094c371ae4b7541db07
file: 111.229.187.190
hash: 8993
file: 185.196.10.204
hash: 4001
file: 94.154.35.73
hash: 9000
domain: ec2-3-8-147-54.eu-west-2.compute.amazonaws.com
file: 89.213.177.245
hash: 25565
file: 103.235.75.42
hash: 443
file: 198.167.207.76
hash: 443
file: 170.130.165.178
hash: 80
file: 199.230.105.20
hash: 80
file: 198.2.235.207
hash: 60000
file: 23.94.87.131
hash: 3333
file: 38.207.176.86
hash: 8081
file: 81.17.102.237
hash: 443
file: 194.180.158.22
hash: 3333
file: 35.222.179.67
hash: 10443
file: 18.219.219.173
hash: 3333
file: 114.220.200.110
hash: 9205
file: 104.154.56.133
hash: 10443
file: 85.190.246.33
hash: 443
file: 196.251.92.94
hash: 3333
file: 38.190.196.13
hash: 8888
file: 156.245.28.75
hash: 8888
file: 15.237.188.162
hash: 8080
file: 111.170.36.38
hash: 8080
file: 111.170.36.38
hash: 8081
file: 111.170.36.38
hash: 7000
file: 111.170.36.38
hash: 7001
file: 193.26.115.190
hash: 2404
file: 172.94.9.235
hash: 5671
file: 38.54.79.131
hash: 8443
file: 172.96.165.186
hash: 10001
hash: 1779b5ad3f448627d97e0bd8f660ae6a
hash: 0c527f2ab60c6e6bcb59e0d6084cfc69
hash: 7857ea54154ebfca2cb88635a4207560
file: 149.102.131.122
hash: 41521
domain: mar-cant.gl.at.ply.gg
file: 100.26.201.238
hash: 1617
domain: whiteness.hopto.org
domain: jajaj2024.kozow.com
file: 70.106.203.136
hash: 6606
file: 70.106.203.136
hash: 7707
file: 70.106.203.136
hash: 8989
domain: jobs-religions.gl.at.ply.gg
domain: ask-nancy.gl.at.ply.gg
url: https://burahrmp.forum/xiwi/api
url: https://combvff.top/zalw
domain: redroademail.com
url: https://redroademail.com/scatter.bak
url: https://redroademail.com/skill.php
url: https://redroademail.com/cappp/
file: 18.158.58.205
hash: 12027
file: 3.127.181.115
hash: 12027
file: 3.67.62.142
hash: 12027
file: 60.163.192.42
hash: 8888
file: 8.156.65.2
hash: 8888
file: 20.151.73.4
hash: 1234
file: 185.143.221.209
hash: 9999
url: http://repshd.com:443/menus.aspx
domain: access.skaparade.com
file: 172.245.41.3
hash: 443
file: 103.176.197.28
hash: 14994
file: 185.208.158.241
hash: 2404
file: 107.189.21.86
hash: 9000
file: 23.88.39.201
hash: 7443
file: 94.154.35.57
hash: 443
file: 152.32.247.91
hash: 443
file: 3.146.105.91
hash: 443
file: 54.89.255.236
hash: 80
file: 102.100.73.224
hash: 443
file: 167.160.161.185
hash: 443
file: 8.219.180.92
hash: 10001
file: 139.84.142.64
hash: 443
file: 139.84.144.98
hash: 443
file: 217.165.61.112
hash: 443
file: 3.222.154.33
hash: 443
file: 54.228.103.168
hash: 443
file: 83.110.196.96
hash: 443
file: 94.49.43.74
hash: 443
file: 35.180.97.114
hash: 443
file: 194.59.31.27
hash: 6565
domain: antique-proper-prizes-civilian.trycloudflare.com
domain: oxford-sri-fast-eve.trycloudflare.com
url: https://static.death-angel.shop
domain: static.death-angel.shop
url: http://075229cm.nyash.es/phpjsserverdefaultbasetrackdownloads.php
file: 147.185.221.31
hash: 3884
file: 45.80.158.210
hash: 4782
file: 206.233.128.131
hash: 80
domain: programs-realty.gl.at.ply.gg
file: 198.2.235.207
hash: 2087
domain: series-segments.gl.at.ply.gg
domain: msasteelalloys.cc
file: 160.191.244.103
hash: 6582
domain: english-trackbacks.gl.at.ply.gg
file: 78.128.112.6
hash: 3030
file: 94.26.90.178
hash: 2404
domain: agents-bought.gl.at.ply.gg
url: https://capsiqp.top/tiew
file: 95.179.209.246
hash: 7443
file: 35.92.47.41
hash: 10204
file: 51.17.51.236
hash: 14000
file: 13.60.220.2
hash: 2077
file: 38.60.134.224
hash: 30089
domain: thomas-compromise.gl.at.ply.gg
file: 94.237.49.71
hash: 8000
domain: shyda6317.club
file: 103.167.90.238
hash: 7000
url: http://185.167.61.225/server/br7/arquivos/download/base.php
domain: app.makemoremoneychallenge.vip
file: 172.93.128.151
hash: 3011
url: https://t.me/romakorz
url: https://t.me/stfroma
url: https://seismrzw.top/toox
url: https://t.me/dcsgegtvrgrgeg252sv
file: 81.69.98.230
hash: 50010
file: 39.106.2.193
hash: 5995
file: 3.64.4.198
hash: 12027
url: https://base.death-angel.shop
domain: base.death-angel.shop
file: 196.251.70.224
hash: 33672
file: 64.176.69.172
hash: 9000
file: 16.171.38.71
hash: 443
file: 46.246.14.2
hash: 1963
domain: stat.messager.my
file: 18.142.251.65
hash: 80
file: 163.181.35.242
hash: 443
file: 94.154.35.71
hash: 2025
domain: educare1.ddns.net
domain: coldalt.coldalt.com
domain: vvig.cc
domain: what-nudist.gl.at.ply.gg
domain: had-palmer.gl.at.ply.gg
url: https://steyxld.top/xpty
file: 93.115.18.177
hash: 81
file: 46.205.202.219
hash: 1912
file: 196.251.72.200
hash: 5000
file: 95.140.125.54
hash: 4040
file: 193.161.193.99
hash: 33942
file: 147.185.221.30
hash: 64035
domain: xuyo.org
file: 45.76.188.238
hash: 8443
file: 172.245.41.3
hash: 80
file: 116.62.64.54
hash: 4433
file: 94.154.35.64
hash: 443
file: 94.154.35.59
hash: 443
file: 94.154.35.54
hash: 443
file: 128.90.106.162
hash: 2404
file: 94.154.35.89
hash: 2404
file: 38.12.25.51
hash: 8888
domain: host0.tryfancify.com
file: 2.58.56.233
hash: 8877
file: 93.149.216.26
hash: 6606
file: 187.201.123.181
hash: 2052
file: 187.201.123.181
hash: 1244
domain: strm.messager.my
file: 115.231.171.23
hash: 10001
url: http://ci52171.tw1.ru/01982857.php
url: http://telamtykina.live/b9kdj3s3c1/index.php
file: 147.185.221.30
hash: 39982
domain: telamtykina.live
file: 15.207.149.189
hash: 443
file: 3.136.46.174
hash: 443
file: 43.217.72.116
hash: 443
file: 94.49.43.74
hash: 995
file: 23.95.103.211
hash: 2404
file: 185.196.8.31
hash: 6000
file: 1.15.139.145
hash: 6666
file: 107.172.132.35
hash: 46712

Source: ThreatFox MISP Feed

Published: Thu Aug 14 2025

ThreatFox IOCs for 2025-08-14

Medium

Malwaretype:osint tlp:white

Published: Thu Aug 14 2025 (08/14/2025, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2025-08-14

AI-Powered Analysis

AILast updated: 08/15/2025, 00:32:59 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: 36911513-9dd3-4e88-8ec9-e8695c2cf695
Original Timestamp: 1755216186

Indicators of Compromise

Domain

Value	Description	Copy
domaincoverdealsforfood.icu	Unknown RAT botnet C2 domain (confidence level: 100%)
domainanalyticanoden.com	Unknown malware payload delivery domain (confidence level: 100%)
domainsecurity.flacergurad.com	Unknown malware payload delivery domain (confidence level: 100%)
domainvendomen.com	Unknown malware payload delivery domain (confidence level: 100%)
domaincaptchaverift.com	KongTuke payload delivery domain (confidence level: 100%)
domainitems-ana.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainwasabidesktop.io	Unknown Stealer payload delivery domain (confidence level: 100%)
domainamaprox.click	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainec2-3-8-147-54.eu-west-2.compute.amazonaws.com	Unknown malware botnet C2 domain (confidence level: 100%)
domainmar-cant.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainwhiteness.hopto.org	Remcos botnet C2 domain (confidence level: 100%)
domainjajaj2024.kozow.com	Remcos botnet C2 domain (confidence level: 100%)
domainjobs-religions.gl.at.ply.gg	AsyncRAT botnet C2 domain (confidence level: 100%)
domainask-nancy.gl.at.ply.gg	Unknown RAT botnet C2 domain (confidence level: 100%)
domainredroademail.com	Koadic botnet C2 domain (confidence level: 100%)
domainaccess.skaparade.com	XWorm payload delivery domain (confidence level: 100%)
domainantique-proper-prizes-civilian.trycloudflare.com	XWorm payload delivery domain (confidence level: 100%)
domainoxford-sri-fast-eve.trycloudflare.com	XWorm payload delivery domain (confidence level: 100%)
domainstatic.death-angel.shop	Vidar botnet C2 domain (confidence level: 75%)
domainprograms-realty.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainseries-segments.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainmsasteelalloys.cc	Remcos botnet C2 domain (confidence level: 100%)
domainenglish-trackbacks.gl.at.ply.gg	AsyncRAT botnet C2 domain (confidence level: 100%)
domainagents-bought.gl.at.ply.gg	Quasar RAT botnet C2 domain (confidence level: 100%)
domainthomas-compromise.gl.at.ply.gg	NjRAT botnet C2 domain (confidence level: 100%)
domainshyda6317.club	ValleyRAT botnet C2 domain (confidence level: 100%)
domainapp.makemoremoneychallenge.vip	FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainbase.death-angel.shop	Vidar botnet C2 domain (confidence level: 75%)
domainstat.messager.my	Unknown malware botnet C2 domain (confidence level: 100%)
domaineducare1.ddns.net	Remcos botnet C2 domain (confidence level: 100%)
domaincoldalt.coldalt.com	Remcos botnet C2 domain (confidence level: 100%)
domainvvig.cc	Remcos botnet C2 domain (confidence level: 100%)
domainwhat-nudist.gl.at.ply.gg	Quasar RAT botnet C2 domain (confidence level: 100%)
domainhad-palmer.gl.at.ply.gg	Quasar RAT botnet C2 domain (confidence level: 100%)
domainxuyo.org	ClearFake payload delivery domain (confidence level: 100%)
domainhost0.tryfancify.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainstrm.messager.my	Unknown malware botnet C2 domain (confidence level: 100%)
domaintelamtykina.live	Amadey botnet C2 domain (confidence level: 50%)

File

Value	Description	Copy
file87.248.150.68	Mirai botnet C2 server (confidence level: 100%)
file196.251.81.3	Remcos botnet C2 server (confidence level: 100%)
file45.141.84.189	pupy botnet C2 server (confidence level: 100%)
file124.198.132.19	AsyncRAT botnet C2 server (confidence level: 100%)
file5.223.67.5	Unknown malware botnet C2 server (confidence level: 100%)
file104.194.153.26	Hook botnet C2 server (confidence level: 100%)
file187.201.123.181	Quasar RAT botnet C2 server (confidence level: 100%)
file187.201.123.181	Quasar RAT botnet C2 server (confidence level: 100%)
file187.201.123.181	Quasar RAT botnet C2 server (confidence level: 100%)
file203.161.41.158	Havoc botnet C2 server (confidence level: 100%)
file46.246.14.17	DCRat botnet C2 server (confidence level: 100%)
file93.198.185.141	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file13.212.35.30	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file146.70.41.176	AdaptixC2 botnet C2 server (confidence level: 100%)
file31.97.207.197	Empire Downloader botnet C2 server (confidence level: 100%)
file147.185.221.31	Quasar RAT botnet C2 server (confidence level: 100%)
file111.229.187.190	Cobalt Strike botnet C2 server (confidence level: 100%)
file185.196.10.204	AsyncRAT botnet C2 server (confidence level: 100%)
file94.154.35.73	AsyncRAT botnet C2 server (confidence level: 100%)
file89.213.177.245	Quasar RAT botnet C2 server (confidence level: 100%)
file103.235.75.42	Havoc botnet C2 server (confidence level: 100%)
file198.167.207.76	Havoc botnet C2 server (confidence level: 100%)
file170.130.165.178	Havoc botnet C2 server (confidence level: 100%)
file199.230.105.20	MooBot botnet C2 server (confidence level: 100%)
file198.2.235.207	Unknown malware botnet C2 server (confidence level: 100%)
file23.94.87.131	Unknown malware botnet C2 server (confidence level: 100%)
file38.207.176.86	Unknown malware botnet C2 server (confidence level: 100%)
file81.17.102.237	Unknown malware botnet C2 server (confidence level: 100%)
file194.180.158.22	Unknown malware botnet C2 server (confidence level: 100%)
file35.222.179.67	Unknown malware botnet C2 server (confidence level: 100%)
file18.219.219.173	Unknown malware botnet C2 server (confidence level: 100%)
file114.220.200.110	Unknown malware botnet C2 server (confidence level: 100%)
file104.154.56.133	Unknown malware botnet C2 server (confidence level: 100%)
file85.190.246.33	Unknown malware botnet C2 server (confidence level: 100%)
file196.251.92.94	Unknown malware botnet C2 server (confidence level: 100%)
file38.190.196.13	Unknown malware botnet C2 server (confidence level: 100%)
file156.245.28.75	Unknown malware botnet C2 server (confidence level: 100%)
file15.237.188.162	Unknown malware botnet C2 server (confidence level: 100%)
file111.170.36.38	Unknown malware botnet C2 server (confidence level: 100%)
file111.170.36.38	Unknown malware botnet C2 server (confidence level: 100%)
file111.170.36.38	Unknown malware botnet C2 server (confidence level: 100%)
file111.170.36.38	Unknown malware botnet C2 server (confidence level: 100%)
file193.26.115.190	Remcos botnet C2 server (confidence level: 100%)
file172.94.9.235	Remcos botnet C2 server (confidence level: 100%)
file38.54.79.131	Sliver botnet C2 server (confidence level: 100%)
file172.96.165.186	Xtreme RAT botnet C2 server (confidence level: 100%)
file149.102.131.122	Unknown malware botnet C2 server (confidence level: 100%)
file100.26.201.238	Remcos botnet C2 server (confidence level: 100%)
file70.106.203.136	AsyncRAT botnet C2 server (confidence level: 100%)
file70.106.203.136	AsyncRAT botnet C2 server (confidence level: 100%)
file70.106.203.136	AsyncRAT botnet C2 server (confidence level: 100%)
file18.158.58.205	NjRAT botnet C2 server (confidence level: 100%)
file3.127.181.115	NjRAT botnet C2 server (confidence level: 100%)
file3.67.62.142	NjRAT botnet C2 server (confidence level: 100%)
file60.163.192.42	Cobalt Strike botnet C2 server (confidence level: 100%)
file8.156.65.2	Cobalt Strike botnet C2 server (confidence level: 100%)
file20.151.73.4	Cobalt Strike botnet C2 server (confidence level: 100%)
file185.143.221.209	Cobalt Strike botnet C2 server (confidence level: 100%)
file172.245.41.3	Cobalt Strike botnet C2 server (confidence level: 100%)
file103.176.197.28	Ghost RAT botnet C2 server (confidence level: 100%)
file185.208.158.241	Remcos botnet C2 server (confidence level: 100%)
file107.189.21.86	SectopRAT botnet C2 server (confidence level: 100%)
file23.88.39.201	Unknown malware botnet C2 server (confidence level: 100%)
file94.154.35.57	Latrodectus botnet C2 server (confidence level: 90%)
file152.32.247.91	Quasar RAT botnet C2 server (confidence level: 100%)
file3.146.105.91	Havoc botnet C2 server (confidence level: 100%)
file54.89.255.236	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file102.100.73.224	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file167.160.161.185	Stealc botnet C2 server (confidence level: 100%)
file8.219.180.92	Xtreme RAT botnet C2 server (confidence level: 100%)
file139.84.142.64	Havoc botnet C2 server (confidence level: 75%)
file139.84.144.98	Havoc botnet C2 server (confidence level: 75%)
file217.165.61.112	QakBot botnet C2 server (confidence level: 75%)
file3.222.154.33	DeimosC2 botnet C2 server (confidence level: 75%)
file54.228.103.168	DeimosC2 botnet C2 server (confidence level: 75%)
file83.110.196.96	QakBot botnet C2 server (confidence level: 75%)
file94.49.43.74	QakBot botnet C2 server (confidence level: 75%)
file35.180.97.114	Havoc botnet C2 server (confidence level: 75%)
file194.59.31.27	AsyncRAT botnet C2 server (confidence level: 100%)
file147.185.221.31	XWorm botnet C2 server (confidence level: 100%)
file45.80.158.210	Quasar RAT botnet C2 server (confidence level: 75%)
file206.233.128.131	Cobalt Strike botnet C2 server (confidence level: 100%)
file198.2.235.207	Cobalt Strike botnet C2 server (confidence level: 100%)
file160.191.244.103	AsyncRAT botnet C2 server (confidence level: 100%)
file78.128.112.6	Remcos botnet C2 server (confidence level: 100%)
file94.26.90.178	Remcos botnet C2 server (confidence level: 100%)
file95.179.209.246	Unknown malware botnet C2 server (confidence level: 100%)
file35.92.47.41	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file51.17.51.236	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file13.60.220.2	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file38.60.134.224	RedLine Stealer botnet C2 server (confidence level: 100%)
file94.237.49.71	MimiKatz botnet C2 server (confidence level: 100%)
file103.167.90.238	XWorm botnet C2 server (confidence level: 100%)
file172.93.128.151	AsyncRAT botnet C2 server (confidence level: 100%)
file81.69.98.230	Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%)
file39.106.2.193	Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%)
file3.64.4.198	XWorm botnet C2 server (confidence level: 75%)
file196.251.70.224	Remcos botnet C2 server (confidence level: 100%)
file64.176.69.172	SectopRAT botnet C2 server (confidence level: 100%)
file16.171.38.71	Unknown malware botnet C2 server (confidence level: 100%)
file46.246.14.2	DCRat botnet C2 server (confidence level: 100%)
file18.142.251.65	BianLian botnet C2 server (confidence level: 100%)
file163.181.35.242	Cobalt Strike botnet C2 server (confidence level: 75%)
file94.154.35.71	XWorm botnet C2 server (confidence level: 100%)
file93.115.18.177	RedLine Stealer botnet C2 server (confidence level: 100%)
file46.205.202.219	RedLine Stealer botnet C2 server (confidence level: 100%)
file196.251.72.200	Unknown RAT botnet C2 server (confidence level: 100%)
file95.140.125.54	Nanocore RAT botnet C2 server (confidence level: 100%)
file193.161.193.99	NjRAT botnet C2 server (confidence level: 100%)
file147.185.221.30	XWorm botnet C2 server (confidence level: 100%)
file45.76.188.238	Cobalt Strike botnet C2 server (confidence level: 100%)
file172.245.41.3	Cobalt Strike botnet C2 server (confidence level: 100%)
file116.62.64.54	Cobalt Strike botnet C2 server (confidence level: 100%)
file94.154.35.64	Latrodectus botnet C2 server (confidence level: 90%)
file94.154.35.59	Latrodectus botnet C2 server (confidence level: 90%)
file94.154.35.54	Latrodectus botnet C2 server (confidence level: 90%)
file128.90.106.162	Remcos botnet C2 server (confidence level: 100%)
file94.154.35.89	Remcos botnet C2 server (confidence level: 100%)
file38.12.25.51	Unknown malware botnet C2 server (confidence level: 100%)
file2.58.56.233	AsyncRAT botnet C2 server (confidence level: 100%)
file93.149.216.26	AsyncRAT botnet C2 server (confidence level: 100%)
file187.201.123.181	Quasar RAT botnet C2 server (confidence level: 100%)
file187.201.123.181	Quasar RAT botnet C2 server (confidence level: 100%)
file115.231.171.23	Xtreme RAT botnet C2 server (confidence level: 100%)
file147.185.221.30	XWorm botnet C2 server (confidence level: 100%)
file15.207.149.189	DeimosC2 botnet C2 server (confidence level: 75%)
file3.136.46.174	DeimosC2 botnet C2 server (confidence level: 75%)
file43.217.72.116	DeimosC2 botnet C2 server (confidence level: 75%)
file94.49.43.74	QakBot botnet C2 server (confidence level: 75%)
file23.95.103.211	Remcos botnet C2 server (confidence level: 100%)
file185.196.8.31	XWorm botnet C2 server (confidence level: 75%)
file1.15.139.145	ValleyRAT botnet C2 server (confidence level: 100%)
file107.172.132.35	PureLogs Stealer botnet C2 server (confidence level: 100%)

Hash

Value	Description	Copy
hash8060	Mirai botnet C2 server (confidence level: 100%)
hashcb158ba65e9cb8300a9968378a259855d465ebd6417b8d7ec5bc91294c4de9c3	Unknown malware payload (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash443	pupy botnet C2 server (confidence level: 100%)
hash9999	AsyncRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash8082	Hook botnet C2 server (confidence level: 100%)
hash4444	Quasar RAT botnet C2 server (confidence level: 100%)
hash1201	Quasar RAT botnet C2 server (confidence level: 100%)
hash2079	Quasar RAT botnet C2 server (confidence level: 100%)
hash8443	Havoc botnet C2 server (confidence level: 100%)
hash3000	DCRat botnet C2 server (confidence level: 100%)
hash81	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash888	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash43212	AdaptixC2 botnet C2 server (confidence level: 100%)
hash1337	Empire Downloader botnet C2 server (confidence level: 100%)
hash2829	Quasar RAT botnet C2 server (confidence level: 100%)
hash53afe35feae5ec8b5868a5f2588087506f1b50e5	GCleaner payload (confidence level: 95%)
hash1f5ede5de37e1dd4b8242bea76ca13391cc0c3118d949282a91eb95b7ae932a5	GCleaner payload (confidence level: 95%)
hashd3526bf5b74831753366c51edea11e59	GCleaner payload (confidence level: 95%)
hash1eff32f04e1f73e1368f7066c60eebb6efa8950b	Quasar RAT payload (confidence level: 95%)
hashdce88a89d7c51facbf90f88d023ef295513991303b57b5a15b63461c4746be82	Quasar RAT payload (confidence level: 95%)
hashb32e0d2ea31e969d76dc3e07262c687f	Quasar RAT payload (confidence level: 95%)
hash277f31fb1f16590e42aa01ad5b38d0ba2fcd1edc	Coinminer payload (confidence level: 95%)
hashfffe15a3fe30b9c2c4f6ee26350d5b1b546a187811780425203bd16dd38cc73d	Coinminer payload (confidence level: 95%)
hash46d32b7e96d5d442afd21bbdc68a96e7	Coinminer payload (confidence level: 95%)
hashedc937eebf3fbcdc2e8d1787bde59630c5544dc9	Quasar RAT payload (confidence level: 95%)
hash44b82ef3b8a911c429a6c62b32af7523eefbd7463b261a8511c1af5bb66845bf	Quasar RAT payload (confidence level: 95%)
hash69642129bb04ee0004c255eda28ac9b1	Quasar RAT payload (confidence level: 95%)
hash60b4f5123d9c7e6977883d296976afd9eaac0acf	RokRAT payload (confidence level: 95%)
hash053e7680580a223c9face9e207f87fd14fe8918ff75af588d7a207409e3231e6	RokRAT payload (confidence level: 95%)
hash6587b3cbc9c6adecc115310a9184a423	RokRAT payload (confidence level: 95%)
hash904bd11ccf21a6f46b9f39b8d526e17b2dc1abfa	NimGrabber payload (confidence level: 95%)
hashcd2f6fbe7eaa61e899a68f857db93bd41f1386446cebb15c4867eab896816732	NimGrabber payload (confidence level: 95%)
hash149ed3a67b532e690b4f78d00c95ad5e	NimGrabber payload (confidence level: 95%)
hashe69d65e901d76f9b74644baa6bb4f3900e9e1ef7	PureLogs Stealer payload (confidence level: 95%)
hash43edc5d7a3ae9b58248bfdbd0b1dda32a46874ce4b06d052286bb8edc994edc9	PureLogs Stealer payload (confidence level: 95%)
hashbaa1bdf93e10e2b12da498fef4231e31	PureLogs Stealer payload (confidence level: 95%)
hash254182bc79cbdd8ce2308368c6ac755c632623b4	XWorm payload (confidence level: 95%)
hashe825052861eddadd0a93dbeac860fae1e1364392b14e206d0385cbeefbd58327	XWorm payload (confidence level: 95%)
hash2d98402fa34579c22792a61072d36875	XWorm payload (confidence level: 95%)
hash1656203c4bdf574f9e726c2a3868379121ae5599	GCleaner payload (confidence level: 95%)
hashafa14d2d3ff8120957bcc56119bc866a98cbd305c8dc0e764bd0e026d12ff3e7	GCleaner payload (confidence level: 95%)
hash7c7a2ed756bf8f8222f7d2fe9b790984	GCleaner payload (confidence level: 95%)
hash1671f3e366dd9b8fe07d60db8b2c79715d82e4ba	Typhon Stealer payload (confidence level: 95%)
hash7e27600dac0194b016aef0ec6662761a23b9feedddd8aab01969e407a222fb76	Typhon Stealer payload (confidence level: 95%)
hashf48a66c4e2f4f9eb54a3f60ca43814f4	Typhon Stealer payload (confidence level: 95%)
hash163336080d854d83203fb73edaf5aa9b8e4b9ac0	Vjw0rm payload (confidence level: 95%)
hash765bd0d1ba46da4d04c560ecdac0c0a1b8ab1dc9fd3665de59bced81cdb43712	Vjw0rm payload (confidence level: 95%)
hash6f7d2ade454e54b5b9a7b2d500908b15	Vjw0rm payload (confidence level: 95%)
hash86c2b7bd2032ac85fd36529c4284b2bd3dd61a4f	Quasar RAT payload (confidence level: 95%)
hash04053f3901db6b94d9e6a2e5312c63962db7cb4cc249bbe9b436e5cdd7730732	Quasar RAT payload (confidence level: 95%)
hashb5235d1925dd6de76d4a3fc626bc1ddb	Quasar RAT payload (confidence level: 95%)
hashcb762f5ab18aee1801155d95831243903582a2c7	Luca Stealer payload (confidence level: 95%)
hash49784cd5f974b8266ed02105bc6be8d04b7c7f798726caf15e052ba83a2b4c40	Luca Stealer payload (confidence level: 95%)
hash7a583af49b02e87896873b58d924a95c	Luca Stealer payload (confidence level: 95%)
hash37bac1d298c026711424ebc0e5b6ad47032d4da9	AsyncRAT payload (confidence level: 95%)
hash8391c46c2a7e1858d5a1f7b8b0e19b258d60ebdb54faeaeed0f7e2b6d3b9ef2a	AsyncRAT payload (confidence level: 95%)
hashaa8519660c3e8e709659bff563e4c49b	AsyncRAT payload (confidence level: 95%)
hashe84d0ae35e97df37fb3e3714cb941bef5634665b	Amadey payload (confidence level: 95%)
hash054d8ec2250b0686a2bbb492940a4a92c453d02cb894a131ce50d946d0772a3c	Amadey payload (confidence level: 95%)
hash85b65d7f1754ce60a2ee62aa6bf24338	Amadey payload (confidence level: 95%)
hash2212fed8649a8104633355615ae904d0656ec67a	Quasar RAT payload (confidence level: 95%)
hashe00aa14eab3def5c39e2be5d0f787d47caf495b1566f6c52d2771f4c4150f47a	Quasar RAT payload (confidence level: 95%)
hash22d91278aca27ca19a91ffe3e958ae8d	Quasar RAT payload (confidence level: 95%)
hash644f3fc065d10a98dd8d5bf28e70976a76d35fed	Luca Stealer payload (confidence level: 95%)
hash102c57004decd2173d86522467863123425f1ecccf37561fa34fca5c1de1c402	Luca Stealer payload (confidence level: 95%)
hashe58ae9ac8306013d7dc1b23ff41b41e2	Luca Stealer payload (confidence level: 95%)
hash43fd88fce762129a1f213f50d4ec30622e30f4f0	GCleaner payload (confidence level: 95%)
hashcdb8d74735fd803936cbb3f259418fa76aa5fa7ad03f8cba3b7d310006052e61	GCleaner payload (confidence level: 95%)
hashb0693cb0717fb2096f98eab35dd4cf91	GCleaner payload (confidence level: 95%)
hash1ff5ce937f249ec6a2d6096238bacd8f9b26a731	Remcos payload (confidence level: 95%)
hash8f79f3498f99153a250e593eeabd59baef4cc7858c0a002705622f294e86c648	Remcos payload (confidence level: 95%)
hashf9ba48a30f732650dec47ba011c63fb1	Remcos payload (confidence level: 95%)
hashba240969db2c865063a75f8186f2fc83860d52ae	XWorm payload (confidence level: 95%)
hasha21ea3be11dab8ff00566411bca41ea6c635ac29ed71bca8274da560387701c9	XWorm payload (confidence level: 95%)
hash1851dc48b25b34d01dce54dd74e1a7f0	XWorm payload (confidence level: 95%)
hash8bdcf0e7c052887adc1a92e4b2af0ec927af25bc	AsyncRAT payload (confidence level: 95%)
hashc30fdd073be8172d6975c53b1c6fa4955a0f20ebaef408228017540ba4d8ad62	AsyncRAT payload (confidence level: 95%)
hash276c53bf2f1cbc62cbdb0f2cae10f0a6	AsyncRAT payload (confidence level: 95%)
hash3b098fc7691c9e1c5be21bb1f79e39f53596264c	NimGrabber payload (confidence level: 95%)
hash7f07829c1f18d042861a4c1d74c47dbf81c81f09d885e34ffa2684678accbe49	NimGrabber payload (confidence level: 95%)
hash06234947f48f69ff534867f5ed1cc587	NimGrabber payload (confidence level: 95%)
hash95b6f4230150dd4e848a2fad54a29dc19c3cb6da	AsyncRAT payload (confidence level: 95%)
hash8c749bda941e95b63de45bf9d344be6c06d937f539144c2907d40c6f0d4007cd	AsyncRAT payload (confidence level: 95%)
hash27a06f939ccb3cd8b7a182633f433489	AsyncRAT payload (confidence level: 95%)
hash269088e8d877df1ae2255c301267eba34e1a0e26	Luca Stealer payload (confidence level: 95%)
hash72667ad8a25bbab45505ec0004557d16e3eb734c92926ca601e8be32826539de	Luca Stealer payload (confidence level: 95%)
hash11b5b1899397c48b4ab6a05814d57c97	Luca Stealer payload (confidence level: 95%)
hash94f2b51980fdb2beeaccffc5ff02d97fb447becb	Luca Stealer payload (confidence level: 95%)
hash8cd2c50d76ca6672c8f99a66343af62f3a41c35a141f478f55044198ba8147c9	Luca Stealer payload (confidence level: 95%)
hash8c84aadd00107e3cd69446dd176028cb	Luca Stealer payload (confidence level: 95%)
hashce293657a4bea22208093de9d178d625c8eeea4a	XWorm payload (confidence level: 95%)
hash07537259d2a619229ad4c3d60d3a1e79d35d50e4bae24f5d840f9a94a1d81223	XWorm payload (confidence level: 95%)
hash1c50fbde3316fa7e72590a7c515f43d4	XWorm payload (confidence level: 95%)
hashe5f6634c64dc40e4b346e5777566c0027f678255	AsyncRAT payload (confidence level: 95%)
hash183debfb8f79415fa6b4191f2023a72a810cbcf8768b6c924abcc2135cbef112	AsyncRAT payload (confidence level: 95%)
hash82c3a153dad861a503ad9c9c944fe6d4	AsyncRAT payload (confidence level: 95%)
hash2fc139d82fb8eccba2b7a98a66504e75d54811d3	Formbook payload (confidence level: 95%)
hashe3f0db807199f2c11edacf8fa4a177b047b984f1fb5e85418c43d64c63bddf6d	Formbook payload (confidence level: 95%)
hash0cbe6bd3494ac1a989ab74a828d93a37	Formbook payload (confidence level: 95%)
hash634ee46b38c04d591c52ca71410e1be78ec2063a	Sliver payload (confidence level: 95%)
hashf18fc3f38fcc77adef0bcfd30bfdc8b7a4ece227a26d0138bb35804bfd46bf7b	Sliver payload (confidence level: 95%)
hash319c061f9312536aeff64095c35f2b58	Sliver payload (confidence level: 95%)
hash25e51c1b59aeb1f074c6a0d636b35558342c2f3b	AsyncRAT payload (confidence level: 95%)
hashe856f81f7d6d98af5a806cb1af4be9a63e9847e2943c18aa3c5172d1dd09298b	AsyncRAT payload (confidence level: 95%)
hash64b42bd8c5c61b6262a7698eed8c7189	AsyncRAT payload (confidence level: 95%)
hashdd4c7e8512fc4447544d36ecdff856fa53548e06	RedLine Stealer payload (confidence level: 95%)
hashb897296b26ad15c42b2194eb6c75fd5a2b91aede9e7b9606acb1ae2bbe3e269c	RedLine Stealer payload (confidence level: 95%)
hash215f3abf5f180560d7ef95581a1c07dc	RedLine Stealer payload (confidence level: 95%)
hashf70adce8aafa68b9cdd2c0c1def8fd8d4b7941ae	Remcos payload (confidence level: 95%)
hashf14254c02ea660ef7c44d8d3e13576c9861df1744c9799f96c34310adc97680f	Remcos payload (confidence level: 95%)
hash66ed60e4dfdfdb08e4a620bca36c2e9f	Remcos payload (confidence level: 95%)
hashb0f6aba049be680696c2ed3bd8552dbb9fd0f656	KrakenKeylogger payload (confidence level: 95%)
hash9b82825864714597159caad95b64b68cbb976756b1989d4d38e782858e510589	KrakenKeylogger payload (confidence level: 95%)
hash1ab14694b269f879403441f033cdf8e2	KrakenKeylogger payload (confidence level: 95%)
hashcda384ea26cf39ccaabe3156407a3afd97c84134	DarkStRat payload (confidence level: 95%)
hash6f9c1b2d7a3287b2615068382a7febcc4f3b39ce1acecd59ed8687c3d7b0123e	DarkStRat payload (confidence level: 95%)
hash141b9abb06dfc21d994f4e1304833bad	DarkStRat payload (confidence level: 95%)
hash8c6218d019670400908fbe5199115042ba3b46ff	Quasar RAT payload (confidence level: 95%)
hashaef3d22534f139f099c28a17b9e1889eada12c04c97446408000fd2aca807cb0	Quasar RAT payload (confidence level: 95%)
hash6529f8caea2343a6f5381d3b4da2357a	Quasar RAT payload (confidence level: 95%)
hash17ae185f16a88fb53c33166ed2cad198decacb3b	Formbook payload (confidence level: 95%)
hasha172deb94ea7c05df19865326d5b50e5e2b594f32e9f417b8f5544e2cf98cbcc	Formbook payload (confidence level: 95%)
hashf447d465aeb908aa17e0e51982949ce0	Formbook payload (confidence level: 95%)
hashffd4422c1728801eb27d61116d5b0d1c7553bd42	Agent Tesla payload (confidence level: 95%)
hashe4f80d58918b691b1732a984c5f1801965c5f9330c8fb50e1cf1e1a19705abd8	Agent Tesla payload (confidence level: 95%)
hashaedb20d43d8f6008947373e186cee128	Agent Tesla payload (confidence level: 95%)
hashb264c4c89aa79a1bc65439cf474541a48822d55b	XWorm payload (confidence level: 95%)
hashbb6b658d72131519923cce15d2bd5992182b17d3369f8b298038f1c9065cf1be	XWorm payload (confidence level: 95%)
hash1399a2c34b345559cc361d0e9a396e48	XWorm payload (confidence level: 95%)
hash39d70630557f1bfc82dfbdfdab369e59c8a9a3da	Quasar RAT payload (confidence level: 95%)
hash146d6357f782fafac397aa48c098a4ace344131c1ab12b6eafe72a2c59c88814	Quasar RAT payload (confidence level: 95%)
hash5375f5343d54a37b52162502672a05b5	Quasar RAT payload (confidence level: 95%)
hash52da4ba926abac2fe046d4ce28a31958a185272e	Formbook payload (confidence level: 95%)
hashaffbb0db85505a477fad583411e0361f0502ef4d9c46059da31ca85eb0e0b5d6	Formbook payload (confidence level: 95%)
hash9ebcb5d648c22fb22f0e0f2dc00d2118	Formbook payload (confidence level: 95%)
hash06c0c9d771c851297f534cfb55f4b4e79857aeb1	Formbook payload (confidence level: 95%)
hash659cfb359d2e9890f3488d6dd65852151f9a3d6bdc8c27fd45e8a78b3489a354	Formbook payload (confidence level: 95%)
hash57c315775b2057dbb4caf4a9a1b398b5	Formbook payload (confidence level: 95%)
hash8e76d405a5e2c536b418801130ff8c4aeffe6bd0	XWorm payload (confidence level: 95%)
hasha9db0fa0c7082292a4f2a98f8ffc47e408edac5182f8705c616ea607faffb01a	XWorm payload (confidence level: 95%)
hashfb638f33f3e2b00632fb57631db18742	XWorm payload (confidence level: 95%)
hash1be977fa20e4ff896843b0eeaf568c53280a49fc	SombRAT payload (confidence level: 95%)
hash6a24ba25482c73d193fcc208d8ae267236b870b9ab30c44cabe2dc8bfb7a1073	SombRAT payload (confidence level: 95%)
hash610cf410b594790106bfe7ea5bfeda75	SombRAT payload (confidence level: 95%)
hash2ae9d6ef0bfc48718c5acd053105d20dcd581bb5	DarkStRat payload (confidence level: 95%)
hash63fcf3a7e70b3fbb2eab59761bbdaacc36240a52329f7c5574448fa6659b192b	DarkStRat payload (confidence level: 95%)
hashc9a7bf2db885ecfe9852fd5886e268b6	DarkStRat payload (confidence level: 95%)
hashd0e8553dfdfe3fcadb0ee0bc8d4fc60c7ee51db1	PlugX payload (confidence level: 95%)
hash441bfa53ac594f01c4f8ef146857c6bc70d67dbf4b3659e109b3f5221f2ae3e3	PlugX payload (confidence level: 95%)
hashacdd0bf6405a5ca2a88fe5fd4d042630	PlugX payload (confidence level: 95%)
hasha8e562fae26feab8f698d55541b47e0a171ec60c	NjRAT payload (confidence level: 95%)
hash222cd93440a5164569fae152333710a9f169b85644b9f61d1f00e4aaab1fe07f	NjRAT payload (confidence level: 95%)
hash1824cc8915891fb052aab74a025f0129	NjRAT payload (confidence level: 95%)
hash76198b20fadb0e751c22ad1ce7957de731d77776	Quasar RAT payload (confidence level: 95%)
hash50264b76dd44a9e7877e65cb1a1f133ea93c1032a3bea48759bf19863d8076c9	Quasar RAT payload (confidence level: 95%)
hash49a8e6d99f1c776437c07c6f4a810284	Quasar RAT payload (confidence level: 95%)
hashd72bc87fb1e3d5ea16a0cb46cae55e6a0d76181c	Luca Stealer payload (confidence level: 95%)
hash597aafe308ff4be5b4100ba2699fe76fbb172c83ba436816da4a8020e67198a9	Luca Stealer payload (confidence level: 95%)
hash2ab826fa6860671dd9a1836cac3c9d8e	Luca Stealer payload (confidence level: 95%)
hash5aab627732d17cfa7de6e352e314e724f3fc3bba	Luca Stealer payload (confidence level: 95%)
hash38821264d5790186e8a61e25e2fb8acf18c4e3a09885f4117fc985880be45bc0	Luca Stealer payload (confidence level: 95%)
hashbc7935f44cf658456f3a8e1bff3c78a3	Luca Stealer payload (confidence level: 95%)
hashfb6df6068d143d4435e04509ad681eb9c07bc930	Rhadamanthys payload (confidence level: 95%)
hash01892041a19c8467cfded2f42a45a5dec25027ca86cc072d0f6e34469ae3529d	Rhadamanthys payload (confidence level: 95%)
hashba3928b87a009dccc8522a52955a47f5	Rhadamanthys payload (confidence level: 95%)
hash90a23cf224ab585ae1e386210e11104daa6049bb	Luca Stealer payload (confidence level: 95%)
hashdebb56949f1113e2c5ca0ceadca7db66cc65da196fdafa07c8989b43fc32785a	Luca Stealer payload (confidence level: 95%)
hash0f6f36d04f03fe09fc10e95c206a6139	Luca Stealer payload (confidence level: 95%)
hashe4bccb7e5d97ab233c7d8b180c9806197a7d60e6	Luca Stealer payload (confidence level: 95%)
hash5b83cbd627b5f25bfbe2dcfc7dd9a8d0ce85ba9c61352c43b02dcc54e5798c32	Luca Stealer payload (confidence level: 95%)
hashabf77e28a053c2ea21c19bd6f1d3bd11	Luca Stealer payload (confidence level: 95%)
hash724c2bef499277331c86af521ea5554231c5c8e9	Luca Stealer payload (confidence level: 95%)
hash6dda3fe96be26f7d4099da760f7709733f69026073979c629fbd1cd731667f4e	Luca Stealer payload (confidence level: 95%)
hash5126edd73cff35025ea55c9e23987cfd	Luca Stealer payload (confidence level: 95%)
hashfc1faef854c28c6e7ecc87bc065e076baadbb50a	Coinminer payload (confidence level: 95%)
hashb7cdfaccc7d0f78bcd496daa22498a084becb9cac90671f211adcde5bdabc431	Coinminer payload (confidence level: 95%)
hashf4714a4f9594c094c371ae4b7541db07	Coinminer payload (confidence level: 95%)
hash8993	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4001	AsyncRAT botnet C2 server (confidence level: 100%)
hash9000	AsyncRAT botnet C2 server (confidence level: 100%)
hash25565	Quasar RAT botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash80	Havoc botnet C2 server (confidence level: 100%)
hash80	MooBot botnet C2 server (confidence level: 100%)
hash60000	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash8081	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash10443	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash9205	Unknown malware botnet C2 server (confidence level: 100%)
hash10443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Unknown malware botnet C2 server (confidence level: 100%)
hash8081	Unknown malware botnet C2 server (confidence level: 100%)
hash7000	Unknown malware botnet C2 server (confidence level: 100%)
hash7001	Unknown malware botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash5671	Remcos botnet C2 server (confidence level: 100%)
hash8443	Sliver botnet C2 server (confidence level: 100%)
hash10001	Xtreme RAT botnet C2 server (confidence level: 100%)
hash1779b5ad3f448627d97e0bd8f660ae6a	Unknown malware payload (confidence level: 100%)
hash0c527f2ab60c6e6bcb59e0d6084cfc69	Unknown malware payload (confidence level: 100%)
hash7857ea54154ebfca2cb88635a4207560	Unknown malware payload (confidence level: 100%)
hash41521	Unknown malware botnet C2 server (confidence level: 100%)
hash1617	Remcos botnet C2 server (confidence level: 100%)
hash6606	AsyncRAT botnet C2 server (confidence level: 100%)
hash7707	AsyncRAT botnet C2 server (confidence level: 100%)
hash8989	AsyncRAT botnet C2 server (confidence level: 100%)
hash12027	NjRAT botnet C2 server (confidence level: 100%)
hash12027	NjRAT botnet C2 server (confidence level: 100%)
hash12027	NjRAT botnet C2 server (confidence level: 100%)
hash8888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash1234	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash14994	Ghost RAT botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Latrodectus botnet C2 server (confidence level: 90%)
hash443	Quasar RAT botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash80	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443	Stealc botnet C2 server (confidence level: 100%)
hash10001	Xtreme RAT botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 75%)
hash443	Havoc botnet C2 server (confidence level: 75%)
hash443	QakBot botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	QakBot botnet C2 server (confidence level: 75%)
hash443	QakBot botnet C2 server (confidence level: 75%)
hash443	Havoc botnet C2 server (confidence level: 75%)
hash6565	AsyncRAT botnet C2 server (confidence level: 100%)
hash3884	XWorm botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2087	Cobalt Strike botnet C2 server (confidence level: 100%)
hash6582	AsyncRAT botnet C2 server (confidence level: 100%)
hash3030	Remcos botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash10204	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash14000	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash2077	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash30089	RedLine Stealer botnet C2 server (confidence level: 100%)
hash8000	MimiKatz botnet C2 server (confidence level: 100%)
hash7000	XWorm botnet C2 server (confidence level: 100%)
hash3011	AsyncRAT botnet C2 server (confidence level: 100%)
hash50010	Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%)
hash5995	Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%)
hash12027	XWorm botnet C2 server (confidence level: 75%)
hash33672	Remcos botnet C2 server (confidence level: 100%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash1963	DCRat botnet C2 server (confidence level: 100%)
hash80	BianLian botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash2025	XWorm botnet C2 server (confidence level: 100%)
hash81	RedLine Stealer botnet C2 server (confidence level: 100%)
hash1912	RedLine Stealer botnet C2 server (confidence level: 100%)
hash5000	Unknown RAT botnet C2 server (confidence level: 100%)
hash4040	Nanocore RAT botnet C2 server (confidence level: 100%)
hash33942	NjRAT botnet C2 server (confidence level: 100%)
hash64035	XWorm botnet C2 server (confidence level: 100%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Latrodectus botnet C2 server (confidence level: 90%)
hash443	Latrodectus botnet C2 server (confidence level: 90%)
hash443	Latrodectus botnet C2 server (confidence level: 90%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash8877	AsyncRAT botnet C2 server (confidence level: 100%)
hash6606	AsyncRAT botnet C2 server (confidence level: 100%)
hash2052	Quasar RAT botnet C2 server (confidence level: 100%)
hash1244	Quasar RAT botnet C2 server (confidence level: 100%)
hash10001	Xtreme RAT botnet C2 server (confidence level: 100%)
hash39982	XWorm botnet C2 server (confidence level: 100%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash995	QakBot botnet C2 server (confidence level: 75%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash6000	XWorm botnet C2 server (confidence level: 75%)
hash6666	ValleyRAT botnet C2 server (confidence level: 100%)
hash46712	PureLogs Stealer botnet C2 server (confidence level: 100%)

Url

Value	Description	Copy
urlhttps://193.5.65.150/gateway/sutnucq9.bftwc	Rhadamanthys botnet C2 (confidence level: 100%)
urlhttps://linckonly.com/res/strategyremember	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://captchaverift.com/4r3.js	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://lolkasdokriosell.com/work/	Latrodectus botnet C2 (confidence level: 75%)
urlhttps://yuikasdojhf.com/work/	Latrodectus botnet C2 (confidence level: 75%)
urlhttps://burahrmp.forum/xiwi/api	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://combvff.top/zalw	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://redroademail.com/scatter.bak	Koadic payload delivery URL (confidence level: 100%)
urlhttps://redroademail.com/skill.php	Koadic botnet C2 (confidence level: 100%)
urlhttps://redroademail.com/cappp/	Koadic payload delivery URL (confidence level: 100%)
urlhttp://repshd.com:443/menus.aspx	Cobalt Strike botnet C2 (confidence level: 75%)
urlhttps://static.death-angel.shop	Vidar botnet C2 (confidence level: 75%)
urlhttp://075229cm.nyash.es/phpjsserverdefaultbasetrackdownloads.php	DCRat botnet C2 (confidence level: 100%)
urlhttps://capsiqp.top/tiew	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://185.167.61.225/server/br7/arquivos/download/base.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://t.me/romakorz	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://t.me/stfroma	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://seismrzw.top/toox	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://t.me/dcsgegtvrgrgeg252sv	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://base.death-angel.shop	Vidar botnet C2 (confidence level: 75%)
urlhttps://steyxld.top/xpty	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://ci52171.tw1.ru/01982857.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://telamtykina.live/b9kdj3s3c1/index.php	Amadey botnet C2 (confidence level: 100%)

Threat ID: 689e7c9ead5a09ad005ff304

Added to database: 8/15/2025, 12:17:34 AM

Last enriched: 8/15/2025, 12:32:59 AM

Last updated: 8/21/2025, 1:21:09 AM

Related Threats

ThreatFox IOCs for 2025-08-21

Medium

MalwareFri Aug 22 2025

Think before you Click(Fix): Analyzing the ClickFix social engineering technique

Medium

MalwareThu Aug 21 2025

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2025-08-14

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2025-08-14

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Domain

File

Hash

Url

Related Threats

ThreatFox IOCs for 2025-08-21

Think before you Click(Fix): Analyzing the ClickFix social engineering technique

New Variant of ACRStealer Actively Distributed with Modifications

MuddyWater Leveraging DCHSpy For Israel-Iran Conflict

Cybercriminals Abuse AI Website Creation App For Phishing

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility