ThreatFox IOCs for 2025-08-16
Severity: mediumType: malware
ThreatFox IOCs for 2025-08-16
AI Analysis
Technical Summary
The provided information pertains to a malware-related threat identified through ThreatFox IOCs (Indicators of Compromise) dated August 16, 2025. ThreatFox is a platform that aggregates and shares threat intelligence, particularly focusing on malware and associated network activity. The threat is categorized under OSINT (Open Source Intelligence), payload delivery, and network activity, indicating that it involves mechanisms for delivering malicious payloads and associated network behaviors. However, the data lacks specific details such as affected software versions, technical exploit mechanisms, or concrete indicators of compromise. No patches are available, and there are no known exploits actively observed in the wild. The threat level is rated as medium, with a threatLevel metric of 2 (on an unspecified scale), analysis level of 1, and distribution level of 3, suggesting moderate dissemination potential but limited technical analysis depth. The absence of CWE identifiers and concrete technical details limits the ability to precisely characterize the malware's behavior or attack vectors. Overall, this appears to be an intelligence update providing general awareness of a malware threat with some network activity and payload delivery components, but without actionable technical specifics or evidence of active exploitation at this time.
Potential Impact
For European organizations, the impact of this threat is currently assessed as moderate due to the medium severity rating and lack of known active exploitation. The malware's payload delivery and network activity components could potentially lead to unauthorized access, data exfiltration, or disruption if successfully deployed. However, the absence of detailed exploit information and known active campaigns reduces immediate risk. European entities involved in critical infrastructure, finance, or government sectors should remain vigilant, as these sectors are often targeted by malware campaigns. The threat's distribution level suggests it could spread across networks, potentially affecting multiple organizations if leveraged in future attacks. The lack of patches implies that if exploitation methods become known, remediation might require alternative defensive measures. Overall, the threat represents a moderate risk that could escalate if further technical details or active exploitation emerge.
Mitigation Recommendations
Given the limited technical details and absence of patches, European organizations should implement layered defensive strategies beyond generic advice. Specifically, they should: 1) Enhance network monitoring to detect unusual payload delivery and network activity patterns, leveraging threat intelligence feeds such as ThreatFox for updated IOCs. 2) Employ advanced endpoint detection and response (EDR) solutions capable of identifying suspicious behaviors associated with malware payload delivery. 3) Conduct regular threat hunting exercises focusing on network anomalies and potential malware indicators, even in the absence of known IOCs. 4) Maintain strict network segmentation to limit lateral movement in case of infection. 5) Ensure timely application of security updates for all software and systems to reduce exposure to potential exploitation vectors that may be revealed later. 6) Train staff on recognizing phishing and social engineering tactics that often serve as initial infection vectors for malware. 7) Collaborate with national cybersecurity centers and information sharing organizations to receive timely alerts and mitigation guidance as more information becomes available.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland
Indicators of Compromise
- url: https://global-weekends.net/res/inchcherry
- hash: c755b506126884848311acb4a1afbf8c7f982fa676d98d087543d22d783aa65d
- hash: 18197329585578ec9ecd532e26d6ce125eda995aeafc731348cb6ab6e67ed269
- domain: storage.givescash.com
- domain: security.flqaergwaard.com
- domain: bonzevud.com
- hash: 552a06384a906e80ea286b939f115b11da9e05766b7c36a6c0c1514acaa446f5
- hash: f788cb3d8e4196bb14c0519514e4bcf8a6a7a927a9bde076fb37f7791f81c786
- url: https://pub-b680817c5e87467b9602e0c8aed50af2.r2.dev/hubsign.exe
- file: 123.129.11.33
- hash: 36424
- hash: 9eb455f5cb11524b029606e363114516fb1b1b163dd2c2d7dd13924da7f6c9b5
- hash: f1aab0e549cfc55334adc4e527a74d607b6f1fd38289ed88ece3db2c24da6654
- domain: api.signatureofdocs.cfd
- file: 134.122.129.114
- hash: 443
- file: 8.149.232.114
- hash: 8080
- file: 49.113.73.134
- hash: 8888
- file: 160.176.103.2
- hash: 81
- file: 45.74.10.38
- hash: 8808
- file: 78.138.9.69
- hash: 7443
- file: 95.112.32.154
- hash: 7443
- file: 187.201.123.181
- hash: 502
- file: 187.34.182.161
- hash: 7000
- file: 18.117.100.92
- hash: 45450
- file: 18.117.100.92
- hash: 58600
- file: 160.250.136.71
- hash: 80
- file: 167.172.188.68
- hash: 4321
- file: 196.251.115.132
- hash: 4321
- file: 45.32.246.153
- hash: 1337
- domain: cdoventures.com
- domain: cwcstudios.com
- domain: laceyanns.com
- domain: stefanchik.com
- url: https://smtp.mx.plex.name
- domain: smtp.mx.plex.name
- url: https://hannuxb.top/qpwd
- domain: gitcompay.com
- file: 103.12.148.37
- hash: 443
- file: 27.124.53.26
- hash: 8443
- file: 43.243.73.187
- hash: 443
- file: 47.92.76.13
- hash: 81
- file: 134.185.86.137
- hash: 8000
- file: 185.229.224.59
- hash: 443
- file: 106.52.162.38
- hash: 443
- file: 173.54.18.39
- hash: 443
- file: 45.137.99.133
- hash: 443
- file: 38.12.25.30
- hash: 8888
- file: 191.91.178.101
- hash: 8082
- file: 154.84.184.74
- hash: 7443
- domain: ec2-16-170-232-86.eu-north-1.compute.amazonaws.com
- domain: ec2-3-146-105-91.us-east-2.compute.amazonaws.com
- file: 181.215.60.36
- hash: 5000
- file: 59.188.235.213
- hash: 8443
- file: 65.184.135.39
- hash: 8443
- file: 59.5.107.193
- hash: 8443
- file: 118.39.186.152
- hash: 8443
- file: 115.135.88.196
- hash: 8443
- file: 221.148.132.78
- hash: 8443
- file: 24.141.244.123
- hash: 8443
- file: 68.13.175.190
- hash: 8443
- file: 79.138.32.199
- hash: 8443
- file: 94.255.163.240
- hash: 8443
- file: 121.178.252.90
- hash: 8443
- file: 175.199.49.94
- hash: 8443
- file: 35.140.104.197
- hash: 8443
- file: 68.102.9.128
- hash: 8443
- file: 67.193.133.229
- hash: 8443
- file: 68.233.19.209
- hash: 8443
- file: 72.230.237.58
- hash: 8443
- file: 14.52.139.213
- hash: 8443
- file: 69.51.241.170
- hash: 8443
- file: 137.118.108.27
- hash: 8443
- file: 222.108.57.40
- hash: 8443
- file: 59.3.235.97
- hash: 8443
- file: 76.176.180.86
- hash: 8443
- file: 27.125.143.139
- hash: 8443
- file: 76.174.44.222
- hash: 8443
- file: 220.86.152.112
- hash: 443
- file: 222.118.225.14
- hash: 8443
- file: 24.159.49.212
- hash: 8443
- file: 61.83.9.146
- hash: 8443
- file: 183.99.57.101
- hash: 8443
- file: 172.90.205.71
- hash: 8443
- file: 121.162.13.162
- hash: 8443
- file: 79.138.42.91
- hash: 8443
- file: 84.20.56.200
- hash: 8443
- file: 183.105.196.232
- hash: 8443
- file: 211.185.157.99
- hash: 8443
- file: 184.167.194.11
- hash: 8443
- file: 83.230.5.143
- hash: 8443
- file: 125.128.126.115
- hash: 8443
- file: 24.101.57.213
- hash: 8443
- file: 3.141.212.78
- hash: 3333
- file: 146.56.228.18
- hash: 7767
- file: 188.245.231.38
- hash: 3333
- file: 54.80.165.246
- hash: 443
- file: 134.199.206.206
- hash: 443
- file: 103.216.175.63
- hash: 443
- file: 35.185.24.22
- hash: 3333
- file: 54.73.179.121
- hash: 443
- file: 45.80.158.65
- hash: 2404
- file: 104.243.254.100
- hash: 4862
- file: 35.87.82.29
- hash: 7443
- file: 8.138.222.154
- hash: 54681
- file: 94.237.62.66
- hash: 8888
- file: 163.171.216.22
- hash: 10001
- domain: ratty.mywire.org
- file: 185.155.127.133
- hash: 4782
- url: http://wseveneleven.shop
- file: 203.91.74.11
- hash: 6666
- file: 203.91.74.11
- hash: 8888
- file: 203.91.74.11
- hash: 80
- file: 154.91.180.194
- hash: 8080
- file: 119.29.231.118
- hash: 443
- file: 23.249.20.36
- hash: 8090
- file: 45.138.183.221
- hash: 4477
- file: 109.122.197.147
- hash: 8082
- file: 172.104.99.167
- hash: 443
- file: 94.154.35.61
- hash: 2331
- file: 143.92.155.82
- hash: 443
- file: 47.237.67.109
- hash: 10001
- file: 38.54.50.239
- hash: 80
- file: 103.45.247.172
- hash: 443
- file: 103.146.124.187
- hash: 8888
- file: 43.243.73.187
- hash: 80
- file: 103.12.148.37
- hash: 80
- file: 106.55.158.188
- hash: 80
- file: 118.31.2.114
- hash: 8080
- file: 103.190.232.198
- hash: 31564
- file: 45.142.166.248
- hash: 443
- file: 83.110.197.15
- hash: 443
- file: 209.141.32.42
- hash: 1999
- domain: 9ra2xnnm8v62x.cfc-execute.bj.baidubce.com
- domain: windows-updates.nice-data.top
- file: 101.32.254.92
- hash: 443
- file: 45.135.194.32
- hash: 37214
- domain: bootaa.anondns.net
- url: http://a1155962.xsph.ru/e012a92b.php
- file: 147.185.221.30
- hash: 61997
- domain: qiuy.org
- domain: an-schema.gl.at.ply.gg
- domain: carljas.duckdns.org
- file: 167.71.110.157
- hash: 443
- file: 185.196.10.204
- hash: 8808
- domain: crimey1337-43127.portmap.host
- file: 45.138.16.249
- hash: 80
- file: 56.124.124.92
- hash: 49152
- file: 3.29.126.59
- hash: 4567
- file: 89.23.98.77
- hash: 1912
- file: 124.71.179.237
- hash: 10001
- file: 154.91.180.194
- hash: 90
- file: 193.161.193.99
- hash: 56365
- file: 194.26.192.143
- hash: 7077
- url: https://ai.api.plex.name
- domain: ai.api.plex.name
- file: 106.14.53.177
- hash: 50050
- file: 47.100.184.216
- hash: 50050
- file: 47.109.58.47
- hash: 50050
- file: 8.138.167.123
- hash: 443
- file: 172.190.147.123
- hash: 443
- file: 95.215.108.113
- hash: 31337
- file: 103.140.194.245
- hash: 31337
- file: 209.222.4.175
- hash: 31337
- file: 93.179.126.147
- hash: 31337
- file: 185.130.45.181
- hash: 31337
- file: 146.19.230.70
- hash: 31337
- file: 202.10.47.169
- hash: 31337
- file: 207.244.249.244
- hash: 31337
- file: 94.74.164.179
- hash: 443
- file: 45.141.233.190
- hash: 80
- file: 211.217.97.89
- hash: 6000
- file: 213.14.173.77
- hash: 1604
- file: 72.223.139.62
- hash: 9042
- file: 149.210.39.179
- hash: 443
- file: 13.229.126.45
- hash: 80
- url: https://www.urua.fedor-turin.ru/login
- url: https://market-lumma.ru/login
- url: https://www.wwwdemo.sasha-solzhenicyn.ru/login
- url: https://wwwassets.fedor-turin.ru/login
- url: https://185.219.81.132/c3d039fb36c40339.php
- url: https://62.109.17.54/protectsqlpublic.php
- url: http://45.138.16.249/
- url: http://206.81.7.57/login?next=%2f
- url: https://94.154.35.25/di9ku38f/index.php
- url: https://94.156.232.185/ho4lu3dk/index.php
- url: https://85.208.84.41/f7ehhfaddsk/index.php
- url: https://94.156.232.185/ho4lu3dk/login.php
- url: https://telemetrywatson.live/b9kdj3s3c2/login.php
- url: https://213.209.150.166/g7hen3xxf/index.php
- url: https://213.209.150.192:50555/
- url: https://minerchenzhi888.top/
- url: https://113.45.238.149:8888/
- url: https://47.237.97.169:8888/supershell/login/
- url: https://8.210.146.82:18888/
- url: https://101.43.62.241:8888/
- url: https://124.70.193.76:8888/
- url: https://49.233.169.129:8888/
- url: https://106.75.251.38:8888/
- url: https://45.64.52.30:8888/
- url: https://62.234.65.53:8888/
- url: https://154.85.54.80:8888/
- url: https://175.178.123.40:8888/
- url: https://43.143.130.124:8888/
- url: https://113.125.131.151:8888/
- url: https://49.65.96.18:8888/
- url: https://43.143.246.38:8888/supershell/login
- url: https://8.217.200.158:8888/supershell/login
- url: https://45.152.65.65:8888/
- url: https://119.8.239.80:8888/supershell/login/
- url: https://101.126.151.38:8888/supershell/login
- url: https://113.125.131.151:8888/supershell/login
- url: https://101.35.228.105:8888/
- url: https://129.226.213.170:8888/
- url: https://donandgino.com/extra1/32/panel/admin.php
- url: https://server13.cdneurops.health/
- url: https://198c0529-1ea6-483a-8a2e-66d8df595657.server4.nisdably.com/
- url: https://server14.localstats.org/
- url: https://server14.cdneurops.buzz/
- url: https://5d8fd57c-62b0-48f1-b595-796cb6b6e7f4.server1.nisdably.com/
- url: https://5d8fd57c-62b0-48f1-b595-796cb6b6e7f4.server3.nisdably.com/
- url: https://server9.cdneurop.cloud/
- url: https://server6.localstats.org/
- url: https://server16.localstats.org/
- url: https://server2.filesdumpplace.org/
- url: https://server6.cdneurops.shop/
- url: https://dfe03de9-5d5d-4ecc-9423-14b8f289583d.server4.nisdably.com/
- url: https://server10.localstats.org/
- url: https://server8.cdneurop.cloud/
- url: https://dfe03de9-5d5d-4ecc-9423-14b8f289583d.server1.nisdably.com/
- url: https://server1.cdneurops.buzz/
- url: https://server12.mastiakele.ae.org/
- url: https://server9.localstats.org/
- url: https://server3.cdneurop.cloud/
- url: https://server3.cdneurops.shop/
- url: https://pastebin.com/raw/5gucgjvg
- domain: indianagoods.club
- domain: seamonkey.club
- url: http://indianagoods.club/cl.exe
- url: http://seamonkey.club
- url: http://seamonkey.club/app/app.exe
- domain: 302mh.com
- domain: 33m123.com
- domain: 6montecitoblvd.com
- domain: airiosystems.com
- domain: alivehydrolounge.com
- domain: asesoriaseguridadysalud.com
- domain: assetacre.com
- domain: associates-pl.net
- domain: axiabjj.com
- domain: beatbopped.com
- domain: bracunis.com
- domain: bsessis.com
- domain: bundimshelbwala.com
- domain: carshaltonfestival.com
- domain: carter-wallace.com
- domain: chaikuo.com
- domain: chouinardcustomcreations.com
- domain: columbiabutikk.com
- domain: coolingmvmath.online
- domain: creacn.com
- domain: dfgdfgivetender.com
- domain: dtcandco.com
- domain: epointbd.xyz
- domain: equestrianlimousine.com
- domain: fkjdkjreiofkkldskldfklefd.store
- domain: frfrfrjrbfkfncifnsnqwnxbcb.com
- domain: healthians.care
- domain: hoanghachai.com
- domain: isportdata.com
- domain: jaqeba.com
- domain: jeanmarielafon.com
- domain: jetbud.store
- domain: jmcorporationkorea.com
- domain: justabunchofbs.com
- domain: kcverse.com
- domain: kurlonhyderabad.com
- domain: managejabsurd.com
- domain: marine-struct.net
- domain: marthaoneil.com
- domain: menocon.com
- domain: mgav71.xyz
- domain: mlscolumbus.info
- domain: mtrainierlodge.com
- domain: munozconsulting.online
- domain: no1parnell.com
- domain: ofvbufybsvirfg.cloud
- domain: pawz-store.xyz
- domain: plantestine.com
- domain: plumbersincali.com
- domain: propiaworser.quest
- domain: rosekarat.quest
- domain: route36grille.com
- domain: sheller.net
- domain: sinchew.asia
- domain: szwanglou.com
- domain: tangerinearray.com
- domain: tispenodnos.quest
- domain: twdesignacreation.com
- domain: vortex-crystal.com
- domain: waynenicholson.net
- domain: xmegami.store
- domain: xn--balcasurucukursu-khc93a.net
- domain: zozovahbrands.com
- url: http://www.302mh.com/eza8/
- url: http://www.33m123.com/eza8/
- url: http://www.6montecitoblvd.com/eza8/
- url: http://www.airiosystems.com/eza8/
- url: http://www.alivehydrolounge.com/eza8/
- url: http://www.asesoriaseguridadysalud.com/eza8/
- url: http://www.assetacre.com/eza8/
- url: http://www.associates-pl.net/eza8/
- url: http://www.axiabjj.com/eza8/
- url: http://www.beatbopped.com/eza8/
- url: http://www.bracunis.com/eza8/
- url: http://www.bsessis.com/eza8/
- url: http://www.bundimshelbwala.com/eza8/
- url: http://www.carshaltonfestival.com/eza8/
- url: http://www.carter-wallace.com/eza8/
- url: http://www.chaikuo.com/eza8/
- url: http://www.chouinardcustomcreations.com/eza8/
- url: http://www.columbiabutikk.com/eza8/
- url: http://www.coolingmvmath.online/eza8/
- url: http://www.creacn.com/eza8/
- url: http://www.dfgdfgivetender.com/eza8/
- url: http://www.dme-pharmacy.com/eza8/
- url: http://www.dtcandco.com/eza8/
- url: http://www.epointbd.xyz/eza8/
- url: http://www.equestrianlimousine.com/eza8/
- url: http://www.fkjdkjreiofkkldskldfklefd.store/eza8/
- url: http://www.frfrfrjrbfkfncifnsnqwnxbcb.com/eza8/
- url: http://www.healthians.care/eza8/
- url: http://www.hoanghachai.com/eza8/
- url: http://www.isportdata.com/eza8/
- url: http://www.jaqeba.com/eza8/
- url: http://www.jeanmarielafon.com/eza8/
- url: http://www.jetbud.store/eza8/
- url: http://www.jmcorporationkorea.com/eza8/
- url: http://www.justabunchofbs.com/eza8/
- url: http://www.kcverse.com/eza8/
- url: http://www.kurlonhyderabad.com/eza8/
- url: http://www.managejabsurd.com/eza8/
- url: http://www.marine-struct.net/eza8/
- url: http://www.marthaoneil.com/eza8/
- url: http://www.menocon.com/eza8/
- url: http://www.mgav71.xyz/eza8/
- url: http://www.mlscolumbus.info/eza8/
- url: http://www.mtrainierlodge.com/eza8/
- url: http://www.munozconsulting.online/eza8/
- url: http://www.no1parnell.com/eza8/
- url: http://www.ofvbufybsvirfg.cloud/eza8/
- url: http://www.pawz-store.xyz/eza8/
- url: http://www.plantestine.com/eza8/
- url: http://www.plumbersincali.com/eza8/
- url: http://www.profit-investing.today/eza8/
- url: http://www.propiaworser.quest/eza8/
- url: http://www.rosekarat.quest/eza8/
- url: http://www.route36grille.com/eza8/
- url: http://www.sheller.net/eza8/
- url: http://www.sinchew.asia/eza8/
- url: http://www.szwanglou.com/eza8/
- url: http://www.tangerinearray.com/eza8/
- url: http://www.tispenodnos.quest/eza8/
- url: http://www.twdesignacreation.com/eza8/
- url: http://www.vortex-crystal.com/eza8/
- url: http://www.waynenicholson.net/eza8/
- url: http://www.xmegami.store/eza8/
- url: http://www.xn--balcasurucukursu-khc93a.net/eza8/
- url: http://www.zozovahbrands.com/eza8/
- file: 147.185.221.31
- hash: 9191
- file: 39.99.136.38
- hash: 80
- file: 120.48.55.62
- hash: 8080
- file: 45.88.186.214
- hash: 909
- file: 160.250.128.197
- hash: 8888
- file: 45.138.16.249
- hash: 8089
- file: 181.162.133.200
- hash: 8080
- file: 64.225.126.237
- hash: 443
- file: 84.154.177.111
- hash: 82
- file: 15.160.120.126
- hash: 44819
- file: 172.94.40.216
- hash: 80
- file: 193.134.209.94
- hash: 8000
- file: 45.83.207.35
- hash: 7000
- url: http://542733cm.nyash.es/gameserverdefaultbasewppublictempcdncentraluploads.php
- file: 16.163.24.117
- hash: 80
- domain: restaurant-do.gl.at.ply.gg
- domain: snfers-56365.portmap.host
- url: https://kangiq.top/gtlk
- url: https://park-pcnjc.top/api
- url: http://mercuriocomunicacao.com/file/web/api.php
- file: 45.144.53.137
- hash: 56001
- file: 178.22.30.101
- hash: 33362
- url: http://telemetrywatson.live/b9kdj3s3c2/index.php
- file: 196.251.89.67
- hash: 80
- file: 85.192.48.239
- hash: 57666
- domain: telemetrywatson.live
- file: 147.185.221.30
- hash: 61961
- url: http://telemetrywatson.live/b9kdj3s3c2/login.php
- domain: archeckfix.com
- file: 45.129.199.234
- hash: 1111
- file: 91.202.233.241
- hash: 443
- file: 23.95.168.212
- hash: 80
- file: 154.53.164.47
- hash: 62180
- file: 8.218.180.6
- hash: 80
- file: 124.221.240.222
- hash: 80
- file: 62.171.190.178
- hash: 3872
- file: 192.3.177.156
- hash: 2404
- file: 102.117.171.150
- hash: 7443
- file: 56.155.113.234
- hash: 50995
- file: 35.178.203.23
- hash: 9876
- file: 196.251.84.83
- hash: 1911
- file: 173.234.27.114
- hash: 10001
- file: 183.134.55.234
- hash: 10001
- file: 27.50.63.9
- hash: 441
- file: 27.124.12.33
- hash: 441
- file: 195.10.205.157
- hash: 80
- url: https://captchaverift.com/js.php
- url: http://industries-ii-wine-details.trycloudflare.com/second.js
- domain: industries-ii-wine-details.trycloudflare.com
- file: 156.226.183.237
- hash: 2323
- url: http://195.10.205.157/b9kdj3s3c2/login.php
- file: 162.55.165.235
- hash: 22000
- file: 196.251.85.220
- hash: 80
- file: 185.81.115.119
- hash: 8777
- file: 107.174.34.143
- hash: 13408
- file: 45.76.239.17
- hash: 2095
- file: 54.146.168.195
- hash: 443
- file: 94.49.196.227
- hash: 443
- file: 196.251.116.26
- hash: 34213
- domain: security.gueradflwre.com
- domain: andezileb.com
- url: https://tp.api.plex.name
- domain: tp.api.plex.name
- file: 88.247.16.132
- hash: 4788
- file: 91.92.120.116
- hash: 62520
- file: 143.14.44.222
- hash: 505
ThreatFox IOCs for 2025-08-16
Medium
Published: Sat Aug 16 2025 (08/16/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-08-16
AI-Powered Analysis
AILast updated: 08/17/2025, 00:32:50 UTC
Technical Analysis
The provided information pertains to a malware-related threat identified through ThreatFox IOCs (Indicators of Compromise) dated August 16, 2025. ThreatFox is a platform that aggregates and shares threat intelligence, particularly focusing on malware and associated network activity. The threat is categorized under OSINT (Open Source Intelligence), payload delivery, and network activity, indicating that it involves mechanisms for delivering malicious payloads and associated network behaviors. However, the data lacks specific details such as affected software versions, technical exploit mechanisms, or concrete indicators of compromise. No patches are available, and there are no known exploits actively observed in the wild. The threat level is rated as medium, with a threatLevel metric of 2 (on an unspecified scale), analysis level of 1, and distribution level of 3, suggesting moderate dissemination potential but limited technical analysis depth. The absence of CWE identifiers and concrete technical details limits the ability to precisely characterize the malware's behavior or attack vectors. Overall, this appears to be an intelligence update providing general awareness of a malware threat with some network activity and payload delivery components, but without actionable technical specifics or evidence of active exploitation at this time.
Potential Impact
For European organizations, the impact of this threat is currently assessed as moderate due to the medium severity rating and lack of known active exploitation. The malware's payload delivery and network activity components could potentially lead to unauthorized access, data exfiltration, or disruption if successfully deployed. However, the absence of detailed exploit information and known active campaigns reduces immediate risk. European entities involved in critical infrastructure, finance, or government sectors should remain vigilant, as these sectors are often targeted by malware campaigns. The threat's distribution level suggests it could spread across networks, potentially affecting multiple organizations if leveraged in future attacks. The lack of patches implies that if exploitation methods become known, remediation might require alternative defensive measures. Overall, the threat represents a moderate risk that could escalate if further technical details or active exploitation emerge.
Mitigation Recommendations
Given the limited technical details and absence of patches, European organizations should implement layered defensive strategies beyond generic advice. Specifically, they should: 1) Enhance network monitoring to detect unusual payload delivery and network activity patterns, leveraging threat intelligence feeds such as ThreatFox for updated IOCs. 2) Employ advanced endpoint detection and response (EDR) solutions capable of identifying suspicious behaviors associated with malware payload delivery. 3) Conduct regular threat hunting exercises focusing on network anomalies and potential malware indicators, even in the absence of known IOCs. 4) Maintain strict network segmentation to limit lateral movement in case of infection. 5) Ensure timely application of security updates for all software and systems to reduce exposure to potential exploitation vectors that may be revealed later. 6) Train staff on recognizing phishing and social engineering tactics that often serve as initial infection vectors for malware. 7) Collaborate with national cybersecurity centers and information sharing organizations to receive timely alerts and mitigation guidance as more information becomes available.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- f2856db8-7f0d-4e53-8821-dee2150815c7
- Original Timestamp
- 1755388986
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://global-weekends.net/res/inchcherry | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://pub-b680817c5e87467b9602e0c8aed50af2.r2.dev/hubsign.exe | Unknown Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://smtp.mx.plex.name | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://hannuxb.top/qpwd | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://wseveneleven.shop | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://a1155962.xsph.ru/e012a92b.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://ai.api.plex.name | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://www.urua.fedor-turin.ru/login | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://market-lumma.ru/login | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://www.wwwdemo.sasha-solzhenicyn.ru/login | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://wwwassets.fedor-turin.ru/login | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://185.219.81.132/c3d039fb36c40339.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttps://62.109.17.54/protectsqlpublic.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttp://45.138.16.249/ | Hook botnet C2 (confidence level: 50%) | |
urlhttp://206.81.7.57/login?next=%2f | Neuron botnet C2 (confidence level: 50%) | |
urlhttps://94.154.35.25/di9ku38f/index.php | Amadey botnet C2 (confidence level: 50%) | |
urlhttps://94.156.232.185/ho4lu3dk/index.php | Amadey botnet C2 (confidence level: 50%) | |
urlhttps://85.208.84.41/f7ehhfaddsk/index.php | Amadey botnet C2 (confidence level: 50%) | |
urlhttps://94.156.232.185/ho4lu3dk/login.php | Amadey botnet C2 (confidence level: 50%) | |
urlhttps://telemetrywatson.live/b9kdj3s3c2/login.php | Amadey botnet C2 (confidence level: 50%) | |
urlhttps://213.209.150.166/g7hen3xxf/index.php | Amadey botnet C2 (confidence level: 50%) | |
urlhttps://213.209.150.192:50555/ | Hook botnet C2 (confidence level: 50%) | |
urlhttps://minerchenzhi888.top/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://113.45.238.149:8888/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://47.237.97.169:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://8.210.146.82:18888/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://101.43.62.241:8888/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://124.70.193.76:8888/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://49.233.169.129:8888/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://106.75.251.38:8888/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://45.64.52.30:8888/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://62.234.65.53:8888/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://154.85.54.80:8888/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://175.178.123.40:8888/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://43.143.130.124:8888/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://113.125.131.151:8888/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://49.65.96.18:8888/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://43.143.246.38:8888/supershell/login | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://8.217.200.158:8888/supershell/login | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://45.152.65.65:8888/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://119.8.239.80:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://101.126.151.38:8888/supershell/login | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://113.125.131.151:8888/supershell/login | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://101.35.228.105:8888/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://129.226.213.170:8888/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://donandgino.com/extra1/32/panel/admin.php | Azorult botnet C2 (confidence level: 50%) | |
urlhttps://server13.cdneurops.health/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://198c0529-1ea6-483a-8a2e-66d8df595657.server4.nisdably.com/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://server14.localstats.org/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://server14.cdneurops.buzz/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://5d8fd57c-62b0-48f1-b595-796cb6b6e7f4.server1.nisdably.com/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://5d8fd57c-62b0-48f1-b595-796cb6b6e7f4.server3.nisdably.com/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://server9.cdneurop.cloud/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://server6.localstats.org/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://server16.localstats.org/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://server2.filesdumpplace.org/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://server6.cdneurops.shop/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://dfe03de9-5d5d-4ecc-9423-14b8f289583d.server4.nisdably.com/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://server10.localstats.org/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://server8.cdneurop.cloud/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://dfe03de9-5d5d-4ecc-9423-14b8f289583d.server1.nisdably.com/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://server1.cdneurops.buzz/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://server12.mastiakele.ae.org/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://server9.localstats.org/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://server3.cdneurop.cloud/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://server3.cdneurops.shop/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/raw/5gucgjvg | AsyncRAT botnet C2 (confidence level: 50%) | |
urlhttp://indianagoods.club/cl.exe | Glupteba payload delivery URL (confidence level: 50%) | |
urlhttp://seamonkey.club | Glupteba payload delivery URL (confidence level: 50%) | |
urlhttp://seamonkey.club/app/app.exe | Glupteba payload delivery URL (confidence level: 50%) | |
urlhttp://www.302mh.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.33m123.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.6montecitoblvd.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.airiosystems.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.alivehydrolounge.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.asesoriaseguridadysalud.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.assetacre.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.associates-pl.net/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.axiabjj.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.beatbopped.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.bracunis.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.bsessis.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.bundimshelbwala.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.carshaltonfestival.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.carter-wallace.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.chaikuo.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.chouinardcustomcreations.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.columbiabutikk.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.coolingmvmath.online/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.creacn.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.dfgdfgivetender.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.dme-pharmacy.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.dtcandco.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.epointbd.xyz/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.equestrianlimousine.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.fkjdkjreiofkkldskldfklefd.store/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.frfrfrjrbfkfncifnsnqwnxbcb.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.healthians.care/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.hoanghachai.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.isportdata.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.jaqeba.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.jeanmarielafon.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.jetbud.store/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.jmcorporationkorea.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.justabunchofbs.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.kcverse.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.kurlonhyderabad.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.managejabsurd.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.marine-struct.net/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.marthaoneil.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.menocon.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.mgav71.xyz/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.mlscolumbus.info/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.mtrainierlodge.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.munozconsulting.online/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.no1parnell.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ofvbufybsvirfg.cloud/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.pawz-store.xyz/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.plantestine.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.plumbersincali.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.profit-investing.today/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.propiaworser.quest/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rosekarat.quest/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.route36grille.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.sheller.net/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.sinchew.asia/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.szwanglou.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.tangerinearray.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.tispenodnos.quest/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.twdesignacreation.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.vortex-crystal.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.waynenicholson.net/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.xmegami.store/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.xn--balcasurucukursu-khc93a.net/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.zozovahbrands.com/eza8/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://542733cm.nyash.es/gameserverdefaultbasewppublictempcdncentraluploads.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://kangiq.top/gtlk | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://park-pcnjc.top/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://mercuriocomunicacao.com/file/web/api.php | Agent Tesla botnet C2 (confidence level: 100%) | |
urlhttp://telemetrywatson.live/b9kdj3s3c2/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://telemetrywatson.live/b9kdj3s3c2/login.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttps://captchaverift.com/js.php | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttp://industries-ii-wine-details.trycloudflare.com/second.js | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttp://195.10.205.157/b9kdj3s3c2/login.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttps://tp.api.plex.name | Vidar botnet C2 (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hashc755b506126884848311acb4a1afbf8c7f982fa676d98d087543d22d783aa65d | Unknown malware payload (confidence level: 100%) | |
hash18197329585578ec9ecd532e26d6ce125eda995aeafc731348cb6ab6e67ed269 | Unknown malware payload (confidence level: 100%) | |
hash552a06384a906e80ea286b939f115b11da9e05766b7c36a6c0c1514acaa446f5 | Unknown Stealer payload (confidence level: 100%) | |
hashf788cb3d8e4196bb14c0519514e4bcf8a6a7a927a9bde076fb37f7791f81c786 | Unknown Stealer payload (confidence level: 100%) | |
hash36424 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%) | |
hash9eb455f5cb11524b029606e363114516fb1b1b163dd2c2d7dd13924da7f6c9b5 | Unknown Stealer payload (confidence level: 100%) | |
hashf1aab0e549cfc55334adc4e527a74d607b6f1fd38289ed88ece3db2c24da6654 | Unknown Stealer payload (confidence level: 100%) | |
hash443 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash8080 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash81 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash502 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash7000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash45450 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash58600 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash4321 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash4321 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash1337 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8000 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 90%) | |
hash443 | Sliver botnet C2 server (confidence level: 90%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8082 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7767 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash4862 | Remcos botnet C2 server (confidence level: 100%) | |
hash7443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash54681 | Chaos botnet C2 server (confidence level: 100%) | |
hash8888 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8888 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8080 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8090 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash4477 | Remcos botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash2331 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash31564 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash1999 | Owari botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash37214 | Mirai botnet C2 server (confidence level: 100%) | |
hash61997 | XWorm botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash49152 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash4567 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash1912 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash90 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash56365 | XWorm botnet C2 server (confidence level: 100%) | |
hash7077 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash6000 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 50%) | |
hash9042 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash443 | Ghost RAT botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash9191 | XWorm botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash909 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash82 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash44819 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Unknown Loader botnet C2 server (confidence level: 100%) | |
hash8000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash80 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash56001 | ResolverRAT botnet C2 server (confidence level: 99%) | |
hash33362 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | Amadey botnet C2 server (confidence level: 66%) | |
hash57666 | ResolverRAT botnet C2 server (confidence level: 66%) | |
hash61961 | XWorm botnet C2 server (confidence level: 100%) | |
hash1111 | NjRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash62180 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3872 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash50995 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash9876 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash1911 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash441 | XWorm botnet C2 server (confidence level: 100%) | |
hash441 | XWorm botnet C2 server (confidence level: 100%) | |
hash80 | Amadey botnet C2 server (confidence level: 50%) | |
hash2323 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash22000 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash80 | Amadey botnet C2 server (confidence level: 50%) | |
hash8777 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash13408 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
hash2095 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash34213 | Remcos botnet C2 server (confidence level: 75%) | |
hash4788 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash62520 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
hash505 | XWorm botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainstorage.givescash.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainsecurity.flqaergwaard.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainbonzevud.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainapi.signatureofdocs.cfd | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domaincdoventures.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domaincwcstudios.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainlaceyanns.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainstefanchik.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainsmtp.mx.plex.name | Vidar botnet C2 domain (confidence level: 75%) | |
domaingitcompay.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainec2-16-170-232-86.eu-north-1.compute.amazonaws.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainec2-3-146-105-91.us-east-2.compute.amazonaws.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainratty.mywire.org | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domain9ra2xnnm8v62x.cfc-execute.bj.baidubce.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainwindows-updates.nice-data.top | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainbootaa.anondns.net | Mirai botnet C2 domain (confidence level: 100%) | |
domainqiuy.org | ClearFake payload delivery domain (confidence level: 100%) | |
domainan-schema.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaincarljas.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domaincrimey1337-43127.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainai.api.plex.name | Vidar botnet C2 domain (confidence level: 75%) | |
domainindianagoods.club | Glupteba botnet C2 domain (confidence level: 50%) | |
domainseamonkey.club | Glupteba botnet C2 domain (confidence level: 50%) | |
domain302mh.com | Formbook botnet C2 domain (confidence level: 50%) | |
domain33m123.com | Formbook botnet C2 domain (confidence level: 50%) | |
domain6montecitoblvd.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainairiosystems.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainalivehydrolounge.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainasesoriaseguridadysalud.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainassetacre.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainassociates-pl.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainaxiabjj.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainbeatbopped.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainbracunis.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainbsessis.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainbundimshelbwala.com | Formbook botnet C2 domain (confidence level: 50%) | |
domaincarshaltonfestival.com | Formbook botnet C2 domain (confidence level: 50%) | |
domaincarter-wallace.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainchaikuo.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainchouinardcustomcreations.com | Formbook botnet C2 domain (confidence level: 50%) | |
domaincolumbiabutikk.com | Formbook botnet C2 domain (confidence level: 50%) | |
domaincoolingmvmath.online | Formbook botnet C2 domain (confidence level: 50%) | |
domaincreacn.com | Formbook botnet C2 domain (confidence level: 50%) | |
domaindfgdfgivetender.com | Formbook botnet C2 domain (confidence level: 50%) | |
domaindtcandco.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainepointbd.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainequestrianlimousine.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainfkjdkjreiofkkldskldfklefd.store | Formbook botnet C2 domain (confidence level: 50%) | |
domainfrfrfrjrbfkfncifnsnqwnxbcb.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainhealthians.care | Formbook botnet C2 domain (confidence level: 50%) | |
domainhoanghachai.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainisportdata.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainjaqeba.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainjeanmarielafon.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainjetbud.store | Formbook botnet C2 domain (confidence level: 50%) | |
domainjmcorporationkorea.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainjustabunchofbs.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainkcverse.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainkurlonhyderabad.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainmanagejabsurd.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainmarine-struct.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainmarthaoneil.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainmenocon.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainmgav71.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainmlscolumbus.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainmtrainierlodge.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainmunozconsulting.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainno1parnell.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainofvbufybsvirfg.cloud | Formbook botnet C2 domain (confidence level: 50%) | |
domainpawz-store.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainplantestine.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainplumbersincali.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainpropiaworser.quest | Formbook botnet C2 domain (confidence level: 50%) | |
domainrosekarat.quest | Formbook botnet C2 domain (confidence level: 50%) | |
domainroute36grille.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainsheller.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainsinchew.asia | Formbook botnet C2 domain (confidence level: 50%) | |
domainszwanglou.com | Formbook botnet C2 domain (confidence level: 50%) | |
domaintangerinearray.com | Formbook botnet C2 domain (confidence level: 50%) | |
domaintispenodnos.quest | Formbook botnet C2 domain (confidence level: 50%) | |
domaintwdesignacreation.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainvortex-crystal.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainwaynenicholson.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainxmegami.store | Formbook botnet C2 domain (confidence level: 50%) | |
domainxn--balcasurucukursu-khc93a.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainzozovahbrands.com | Formbook botnet C2 domain (confidence level: 50%) | |
domainrestaurant-do.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainsnfers-56365.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domaintelemetrywatson.live | Amadey botnet C2 domain (confidence level: 50%) | |
domainarcheckfix.com | ClearFake payload delivery domain (confidence level: 100%) | |
domainindustries-ii-wine-details.trycloudflare.com | KongTuke payload delivery domain (confidence level: 100%) | |
domainsecurity.gueradflwre.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainandezileb.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domaintp.api.plex.name | Vidar botnet C2 domain (confidence level: 75%) |
File
| Value | Description | Copy |
|---|---|---|
file123.129.11.33 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%) | |
file134.122.129.114 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file8.149.232.114 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file49.113.73.134 | Unknown malware botnet C2 server (confidence level: 100%) | |
file160.176.103.2 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.74.10.38 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file78.138.9.69 | Unknown malware botnet C2 server (confidence level: 100%) | |
file95.112.32.154 | Unknown malware botnet C2 server (confidence level: 100%) | |
file187.201.123.181 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file187.34.182.161 | Venom RAT botnet C2 server (confidence level: 100%) | |
file18.117.100.92 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file18.117.100.92 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file160.250.136.71 | MooBot botnet C2 server (confidence level: 100%) | |
file167.172.188.68 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file196.251.115.132 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file45.32.246.153 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file103.12.148.37 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file27.124.53.26 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file43.243.73.187 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file47.92.76.13 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file134.185.86.137 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%) | |
file185.229.224.59 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.52.162.38 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file173.54.18.39 | Sliver botnet C2 server (confidence level: 90%) | |
file45.137.99.133 | Sliver botnet C2 server (confidence level: 90%) | |
file38.12.25.30 | Unknown malware botnet C2 server (confidence level: 100%) | |
file191.91.178.101 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file154.84.184.74 | Unknown malware botnet C2 server (confidence level: 100%) | |
file181.215.60.36 | Unknown malware botnet C2 server (confidence level: 100%) | |
file59.188.235.213 | Unknown malware botnet C2 server (confidence level: 100%) | |
file65.184.135.39 | Unknown malware botnet C2 server (confidence level: 100%) | |
file59.5.107.193 | Unknown malware botnet C2 server (confidence level: 100%) | |
file118.39.186.152 | Unknown malware botnet C2 server (confidence level: 100%) | |
file115.135.88.196 | Unknown malware botnet C2 server (confidence level: 100%) | |
file221.148.132.78 | Unknown malware botnet C2 server (confidence level: 100%) | |
file24.141.244.123 | Unknown malware botnet C2 server (confidence level: 100%) | |
file68.13.175.190 | Unknown malware botnet C2 server (confidence level: 100%) | |
file79.138.32.199 | Unknown malware botnet C2 server (confidence level: 100%) | |
file94.255.163.240 | Unknown malware botnet C2 server (confidence level: 100%) | |
file121.178.252.90 | Unknown malware botnet C2 server (confidence level: 100%) | |
file175.199.49.94 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.140.104.197 | Unknown malware botnet C2 server (confidence level: 100%) | |
file68.102.9.128 | Unknown malware botnet C2 server (confidence level: 100%) | |
file67.193.133.229 | Unknown malware botnet C2 server (confidence level: 100%) | |
file68.233.19.209 | Unknown malware botnet C2 server (confidence level: 100%) | |
file72.230.237.58 | Unknown malware botnet C2 server (confidence level: 100%) | |
file14.52.139.213 | Unknown malware botnet C2 server (confidence level: 100%) | |
file69.51.241.170 | Unknown malware botnet C2 server (confidence level: 100%) | |
file137.118.108.27 | Unknown malware botnet C2 server (confidence level: 100%) | |
file222.108.57.40 | Unknown malware botnet C2 server (confidence level: 100%) | |
file59.3.235.97 | Unknown malware botnet C2 server (confidence level: 100%) | |
file76.176.180.86 | Unknown malware botnet C2 server (confidence level: 100%) | |
file27.125.143.139 | Unknown malware botnet C2 server (confidence level: 100%) | |
file76.174.44.222 | Unknown malware botnet C2 server (confidence level: 100%) | |
file220.86.152.112 | Unknown malware botnet C2 server (confidence level: 100%) | |
file222.118.225.14 | Unknown malware botnet C2 server (confidence level: 100%) | |
file24.159.49.212 | Unknown malware botnet C2 server (confidence level: 100%) | |
file61.83.9.146 | Unknown malware botnet C2 server (confidence level: 100%) | |
file183.99.57.101 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.90.205.71 | Unknown malware botnet C2 server (confidence level: 100%) | |
file121.162.13.162 | Unknown malware botnet C2 server (confidence level: 100%) | |
file79.138.42.91 | Unknown malware botnet C2 server (confidence level: 100%) | |
file84.20.56.200 | Unknown malware botnet C2 server (confidence level: 100%) | |
file183.105.196.232 | Unknown malware botnet C2 server (confidence level: 100%) | |
file211.185.157.99 | Unknown malware botnet C2 server (confidence level: 100%) | |
file184.167.194.11 | Unknown malware botnet C2 server (confidence level: 100%) | |
file83.230.5.143 | Unknown malware botnet C2 server (confidence level: 100%) | |
file125.128.126.115 | Unknown malware botnet C2 server (confidence level: 100%) | |
file24.101.57.213 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.141.212.78 | Unknown malware botnet C2 server (confidence level: 100%) | |
file146.56.228.18 | Unknown malware botnet C2 server (confidence level: 100%) | |
file188.245.231.38 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.80.165.246 | Unknown malware botnet C2 server (confidence level: 100%) | |
file134.199.206.206 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.216.175.63 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.185.24.22 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.73.179.121 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.80.158.65 | Remcos botnet C2 server (confidence level: 100%) | |
file104.243.254.100 | Remcos botnet C2 server (confidence level: 100%) | |
file35.87.82.29 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file8.138.222.154 | Chaos botnet C2 server (confidence level: 100%) | |
file94.237.62.66 | MimiKatz botnet C2 server (confidence level: 100%) | |
file163.171.216.22 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file185.155.127.133 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file203.91.74.11 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file203.91.74.11 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file203.91.74.11 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file154.91.180.194 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file119.29.231.118 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.249.20.36 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file45.138.183.221 | Remcos botnet C2 server (confidence level: 100%) | |
file109.122.197.147 | Hook botnet C2 server (confidence level: 100%) | |
file172.104.99.167 | Havoc botnet C2 server (confidence level: 100%) | |
file94.154.35.61 | Venom RAT botnet C2 server (confidence level: 100%) | |
file143.92.155.82 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file47.237.67.109 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file38.54.50.239 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.45.247.172 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.146.124.187 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.243.73.187 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.12.148.37 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.55.158.188 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.31.2.114 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.190.232.198 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file45.142.166.248 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file83.110.197.15 | QakBot botnet C2 server (confidence level: 75%) | |
file209.141.32.42 | Owari botnet C2 server (confidence level: 100%) | |
file101.32.254.92 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file45.135.194.32 | Mirai botnet C2 server (confidence level: 100%) | |
file147.185.221.30 | XWorm botnet C2 server (confidence level: 100%) | |
file167.71.110.157 | Sliver botnet C2 server (confidence level: 100%) | |
file185.196.10.204 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.138.16.249 | Hook botnet C2 server (confidence level: 100%) | |
file56.124.124.92 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file3.29.126.59 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file89.23.98.77 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file124.71.179.237 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file154.91.180.194 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file193.161.193.99 | XWorm botnet C2 server (confidence level: 100%) | |
file194.26.192.143 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file106.14.53.177 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file47.100.184.216 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file47.109.58.47 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file8.138.167.123 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file172.190.147.123 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file95.215.108.113 | Sliver botnet C2 server (confidence level: 50%) | |
file103.140.194.245 | Sliver botnet C2 server (confidence level: 50%) | |
file209.222.4.175 | Sliver botnet C2 server (confidence level: 50%) | |
file93.179.126.147 | Sliver botnet C2 server (confidence level: 50%) | |
file185.130.45.181 | Sliver botnet C2 server (confidence level: 50%) | |
file146.19.230.70 | Sliver botnet C2 server (confidence level: 50%) | |
file202.10.47.169 | Sliver botnet C2 server (confidence level: 50%) | |
file207.244.249.244 | Sliver botnet C2 server (confidence level: 50%) | |
file94.74.164.179 | Unknown malware botnet C2 server (confidence level: 50%) | |
file45.141.233.190 | Unknown malware botnet C2 server (confidence level: 50%) | |
file211.217.97.89 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file213.14.173.77 | DarkComet botnet C2 server (confidence level: 50%) | |
file72.223.139.62 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file149.210.39.179 | Ghost RAT botnet C2 server (confidence level: 50%) | |
file13.229.126.45 | Unknown malware botnet C2 server (confidence level: 50%) | |
file147.185.221.31 | XWorm botnet C2 server (confidence level: 100%) | |
file39.99.136.38 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.48.55.62 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file45.88.186.214 | Remcos botnet C2 server (confidence level: 100%) | |
file160.250.128.197 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.138.16.249 | Hook botnet C2 server (confidence level: 100%) | |
file181.162.133.200 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file64.225.126.237 | Havoc botnet C2 server (confidence level: 100%) | |
file84.154.177.111 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file15.160.120.126 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file172.94.40.216 | Unknown Loader botnet C2 server (confidence level: 100%) | |
file193.134.209.94 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.83.207.35 | XWorm botnet C2 server (confidence level: 100%) | |
file16.163.24.117 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file45.144.53.137 | ResolverRAT botnet C2 server (confidence level: 99%) | |
file178.22.30.101 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file196.251.89.67 | Amadey botnet C2 server (confidence level: 66%) | |
file85.192.48.239 | ResolverRAT botnet C2 server (confidence level: 66%) | |
file147.185.221.30 | XWorm botnet C2 server (confidence level: 100%) | |
file45.129.199.234 | NjRAT botnet C2 server (confidence level: 100%) | |
file91.202.233.241 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.95.168.212 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.53.164.47 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.218.180.6 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.221.240.222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file62.171.190.178 | Remcos botnet C2 server (confidence level: 100%) | |
file192.3.177.156 | Remcos botnet C2 server (confidence level: 100%) | |
file102.117.171.150 | Unknown malware botnet C2 server (confidence level: 100%) | |
file56.155.113.234 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file35.178.203.23 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file196.251.84.83 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file173.234.27.114 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file183.134.55.234 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file27.50.63.9 | XWorm botnet C2 server (confidence level: 100%) | |
file27.124.12.33 | XWorm botnet C2 server (confidence level: 100%) | |
file195.10.205.157 | Amadey botnet C2 server (confidence level: 50%) | |
file156.226.183.237 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file162.55.165.235 | Meterpreter botnet C2 server (confidence level: 100%) | |
file196.251.85.220 | Amadey botnet C2 server (confidence level: 50%) | |
file185.81.115.119 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file107.174.34.143 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
file45.76.239.17 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file54.146.168.195 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file94.49.196.227 | QakBot botnet C2 server (confidence level: 75%) | |
file196.251.116.26 | Remcos botnet C2 server (confidence level: 75%) | |
file88.247.16.132 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file91.92.120.116 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
file143.14.44.222 | XWorm botnet C2 server (confidence level: 100%) |
Threat ID: 68a11f9ead5a09ad0086eb71
Added to database: 8/17/2025, 12:17:34 AM
Last enriched: 8/17/2025, 12:32:50 AM
Last updated: 8/22/2025, 1:16:17 AM
Views: 23
Related Threats
Analysis of malicious HWP cases of 'APT37' group distributed through K messenger
MediumMalwareFri Aug 22 2025
ThreatFox IOCs for 2025-08-21
MediumMalwareFri Aug 22 2025
Think before you Click(Fix): Analyzing the ClickFix social engineering technique
MediumMalwareThu Aug 21 2025
New Variant of ACRStealer Actively Distributed with Modifications
MediumMalwareThu Aug 21 2025
MuddyWater Leveraging DCHSpy For Israel-Iran Conflict
MediumMalwareThu Aug 21 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.