Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

ThreatFox IOCs for 2025-08-17

Medium
Malwaretype:osinttlp:white
Published: Sun Aug 17 2025 (08/17/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-08-17

AI-Powered Analysis

AILast updated: 08/18/2025, 00:32:59 UTC

Technical Analysis

The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2025-08-17 by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), payload delivery, and network activity. The data does not specify affected software versions or particular vulnerabilities but rather appears to be a collection of threat intelligence indicators intended to aid in detection and response efforts. The threat level is indicated as medium, with no known exploits in the wild or available patches. The technical details suggest moderate distribution and a low to moderate threat level. The absence of specific CWEs or detailed technical descriptions limits the ability to pinpoint exact attack vectors or malware behavior. The IOCs likely include network artifacts or payload signatures used for identifying malicious activity related to malware campaigns or payload delivery mechanisms. Given the OSINT nature, these indicators are probably meant to enhance situational awareness and support defensive measures rather than describe a novel or active exploit. Overall, this represents a medium-severity malware-related threat intelligence update focused on detection rather than exploitation or vulnerability disclosure.

Potential Impact

For European organizations, the impact of this threat primarily lies in the potential for undetected malware infections or network intrusions if the provided IOCs are not integrated into security monitoring tools. Since no specific vulnerabilities or exploits are detailed, the direct risk of compromise depends on the organization's ability to leverage these IOCs for early detection and response. Failure to incorporate these indicators could lead to delayed identification of malware payload delivery attempts or network-based attacks, potentially resulting in data exfiltration, operational disruption, or further compromise. The medium severity suggests a moderate risk level, implying that while the threat is not immediately critical, it requires attention to prevent escalation. Organizations relying heavily on network security monitoring and threat intelligence sharing will benefit most from these IOCs. The lack of patches or exploits in the wild indicates that this is more of a proactive intelligence update than an urgent incident response trigger.

Mitigation Recommendations

European organizations should prioritize the integration of these ThreatFox IOCs into their existing security information and event management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), and endpoint detection and response (EDR) platforms to enhance detection capabilities. Regularly updating threat intelligence feeds and correlating these IOCs with internal logs can help identify early signs of compromise. Network segmentation and strict monitoring of payload delivery channels, such as email gateways and web proxies, should be enforced to limit malware spread. Conducting threat hunting exercises using these indicators can uncover latent infections. Additionally, organizations should maintain robust incident response plans that incorporate OSINT-derived intelligence to improve reaction times. Since no patches are available, emphasis should be placed on detection, containment, and remediation strategies rather than vulnerability management. Training security teams to interpret and act on OSINT feeds effectively will maximize the utility of these indicators.

Affected Countries

GermanyGermany
FranceFrance
United KingdomUnited Kingdom
NetherlandsNetherlands
ItalyItaly
SpainSpain
PolandPoland
Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
81d7639d-2ad8-448a-9082-2cd28a437d6b
Original Timestamp
1755475386

Indicators of Compromise

Domain

ValueDescriptionCopy
domainglobal-weekends.net
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainl86.wpherc.dev
Ares botnet C2 domain (confidence level: 90%)
domainitredirect.merseine.com
AsyncRAT botnet C2 domain (confidence level: 50%)
domains3ov838.ddns.net
Mirai botnet C2 domain (confidence level: 50%)
domainstubbb.airdns.org
XWorm botnet C2 domain (confidence level: 50%)
domaintechnical-harder.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domainpublic-radios.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainfew-mines.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaincamerwamper-64923.portmap.host
Quasar RAT botnet C2 domain (confidence level: 100%)
domainstatic.140.144.161.5.clients.your-server.de
Havoc botnet C2 domain (confidence level: 100%)
domainbpwk.xyz
Unknown RAT botnet C2 domain (confidence level: 100%)
domainu9b.top
Unknown RAT botnet C2 domain (confidence level: 100%)
domainglutebikes.top
Unknown RAT botnet C2 domain (confidence level: 100%)
domainsecx.avsecpnl.top
Unknown RAT botnet C2 domain (confidence level: 100%)
domainpo.rcwade.com
Unknown RAT botnet C2 domain (confidence level: 100%)
domaincartatrantap.com
Unknown RAT botnet C2 domain (confidence level: 100%)
domainjoi-b.top
Unknown RAT botnet C2 domain (confidence level: 100%)
domainwe.helpasist.com
Unknown RAT botnet C2 domain (confidence level: 100%)
domainwe.sorvr.com
Unknown RAT botnet C2 domain (confidence level: 100%)
domaintvstream.click
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincsgeneration-win.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainrzr.plex.name
Vidar botnet C2 domain (confidence level: 75%)
domainwaitdriverupdating.sytes.net
XWorm botnet C2 domain (confidence level: 100%)
domainbassjj.top
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainclub-argue.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainngdgbedgtw-61717.portmap.host
XWorm botnet C2 domain (confidence level: 100%)
domainvoxenil647-38077.portmap.host
Remcos botnet C2 domain (confidence level: 100%)
domainritihas826-36023.portmap.host
Remcos botnet C2 domain (confidence level: 100%)
domainmiacata.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainyohlkdt3m.localto.net
NjRAT botnet C2 domain (confidence level: 100%)
domainj4gn7dcux.localto.net
NjRAT botnet C2 domain (confidence level: 100%)
domainjne7ovfut.localto.net
NjRAT botnet C2 domain (confidence level: 100%)

File

ValueDescriptionCopy
file156.238.243.109
Cobalt Strike botnet C2 server (confidence level: 100%)
file134.122.129.44
Ghost RAT botnet C2 server (confidence level: 100%)
file128.90.113.96
AsyncRAT botnet C2 server (confidence level: 100%)
file64.227.187.28
Hook botnet C2 server (confidence level: 100%)
file16.62.129.84
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file35.180.65.171
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file196.251.73.24
MooBot botnet C2 server (confidence level: 100%)
file74.201.72.78
Xtreme RAT botnet C2 server (confidence level: 100%)
file13.60.76.8
XWorm botnet C2 server (confidence level: 100%)
file184.75.208.58
XWorm botnet C2 server (confidence level: 100%)
file5.189.21.45
AsyncRAT botnet C2 server (confidence level: 100%)
file45.141.215.201
Quasar RAT botnet C2 server (confidence level: 100%)
file144.172.103.202
XWorm botnet C2 server (confidence level: 100%)
file61.84.224.58
Unknown malware botnet C2 server (confidence level: 100%)
file115.132.115.51
Unknown malware botnet C2 server (confidence level: 100%)
file211.217.225.218
Unknown malware botnet C2 server (confidence level: 100%)
file59.148.74.24
Unknown malware botnet C2 server (confidence level: 100%)
file118.167.148.111
Unknown malware botnet C2 server (confidence level: 100%)
file125.59.202.116
Unknown malware botnet C2 server (confidence level: 100%)
file122.199.89.94
Unknown malware botnet C2 server (confidence level: 100%)
file220.71.26.129
Unknown malware botnet C2 server (confidence level: 100%)
file58.182.222.131
Unknown malware botnet C2 server (confidence level: 100%)
file119.207.188.99
Unknown malware botnet C2 server (confidence level: 100%)
file98.208.25.133
Unknown malware botnet C2 server (confidence level: 100%)
file190.144.64.226
Unknown malware botnet C2 server (confidence level: 100%)
file51.89.167.30
Unknown malware botnet C2 server (confidence level: 100%)
file4.237.252.120
Unknown malware botnet C2 server (confidence level: 100%)
file35.225.2.13
Unknown malware botnet C2 server (confidence level: 100%)
file134.199.206.206
Unknown malware botnet C2 server (confidence level: 100%)
file107.172.34.243
Unknown malware botnet C2 server (confidence level: 100%)
file110.232.90.73
Unknown malware botnet C2 server (confidence level: 100%)
file92.251.143.8
QakBot botnet C2 server (confidence level: 100%)
file176.46.158.66
Remcos botnet C2 server (confidence level: 100%)
file78.70.235.44
Remcos botnet C2 server (confidence level: 100%)
file45.94.47.133
SectopRAT botnet C2 server (confidence level: 100%)
file179.95.202.249
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file3.252.44.152
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file35.86.100.98
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file16.62.129.84
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file87.97.200.61
Chaos botnet C2 server (confidence level: 100%)
file89.197.168.148
MimiKatz botnet C2 server (confidence level: 100%)
file110.43.39.46
Xtreme RAT botnet C2 server (confidence level: 100%)
file147.185.221.19
XWorm botnet C2 server (confidence level: 100%)
file18.192.31.30
XWorm botnet C2 server (confidence level: 100%)
file18.153.198.123
XWorm botnet C2 server (confidence level: 100%)
file213.21.245.169
Cobalt Strike botnet C2 server (confidence level: 50%)
file150.158.109.61
Cobalt Strike botnet C2 server (confidence level: 50%)
file188.166.212.65
Cobalt Strike botnet C2 server (confidence level: 50%)
file38.60.162.186
Cobalt Strike botnet C2 server (confidence level: 50%)
file106.52.162.38
Cobalt Strike botnet C2 server (confidence level: 50%)
file185.156.73.52
Sliver botnet C2 server (confidence level: 50%)
file82.118.235.147
Sliver botnet C2 server (confidence level: 50%)
file4.201.112.117
Sliver botnet C2 server (confidence level: 50%)
file160.187.146.223
Unknown malware botnet C2 server (confidence level: 50%)
file65.2.31.80
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file47.128.240.57
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file59.183.103.138
Mozi botnet C2 server (confidence level: 50%)
file59.88.89.227
Mozi botnet C2 server (confidence level: 50%)
file70.171.151.133
Xtreme RAT botnet C2 server (confidence level: 50%)
file107.189.21.230
SectopRAT botnet C2 server (confidence level: 50%)
file205.185.114.104
Unknown malware botnet C2 server (confidence level: 50%)
file154.26.138.102
Unknown malware botnet C2 server (confidence level: 50%)
file39.105.35.46
Cobalt Strike botnet C2 server (confidence level: 100%)
file160.250.129.8
Cobalt Strike botnet C2 server (confidence level: 100%)
file16.162.119.8
Cobalt Strike botnet C2 server (confidence level: 100%)
file196.251.114.71
Remcos botnet C2 server (confidence level: 100%)
file43.137.14.91
Unknown malware botnet C2 server (confidence level: 100%)
file103.158.37.74
Unknown malware botnet C2 server (confidence level: 100%)
file54.250.164.8
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file68.210.200.52
DeimosC2 botnet C2 server (confidence level: 100%)
file172.94.40.216
Unknown Loader botnet C2 server (confidence level: 100%)
file159.65.53.179
Sliver botnet C2 server (confidence level: 75%)
file194.26.192.16
Sliver botnet C2 server (confidence level: 75%)
file31.172.75.119
Sliver botnet C2 server (confidence level: 75%)
file45.93.8.9
Sliver botnet C2 server (confidence level: 75%)
file52.3.219.143
DeimosC2 botnet C2 server (confidence level: 75%)
file61.128.153.101
DeimosC2 botnet C2 server (confidence level: 75%)
file47.239.1.95
XWorm botnet C2 server (confidence level: 100%)
file193.161.193.99
Quasar RAT botnet C2 server (confidence level: 100%)
file2.56.165.179
XWorm botnet C2 server (confidence level: 100%)
file172.111.139.214
Remcos botnet C2 server (confidence level: 100%)
file25.45.111.218
Quasar RAT botnet C2 server (confidence level: 100%)
file213.163.207.183
Sliver botnet C2 server (confidence level: 100%)
file185.208.159.71
AsyncRAT botnet C2 server (confidence level: 100%)
file185.207.65.79
Unknown malware botnet C2 server (confidence level: 100%)
file51.44.82.75
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file85.9.200.75
MimiKatz botnet C2 server (confidence level: 100%)
file202.79.174.161
ValleyRAT botnet C2 server (confidence level: 100%)
file137.220.153.11
ValleyRAT botnet C2 server (confidence level: 100%)
file137.220.153.11
ValleyRAT botnet C2 server (confidence level: 100%)
file137.220.153.11
ValleyRAT botnet C2 server (confidence level: 100%)
file146.56.219.16
Cobalt Strike botnet C2 server (confidence level: 75%)
file45.204.216.24
Cobalt Strike botnet C2 server (confidence level: 75%)
file193.161.193.99
XWorm botnet C2 server (confidence level: 100%)
file94.154.35.103
Amadey botnet C2 server (confidence level: 100%)
file213.209.150.166
Amadey botnet C2 server (confidence level: 100%)
file87.120.93.133
Cobalt Strike botnet C2 server (confidence level: 75%)
file95.217.28.73
Vidar botnet C2 server (confidence level: 100%)
file102.165.14.51
Remcos botnet C2 server (confidence level: 100%)
file2.241.188.30
Unknown malware botnet C2 server (confidence level: 100%)
file193.164.6.137
Venom RAT botnet C2 server (confidence level: 100%)
file43.199.160.18
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file43.199.160.18
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file16.63.167.228
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file16.63.167.228
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file93.149.216.26
XWorm botnet C2 server (confidence level: 100%)
file137.220.152.156
ValleyRAT botnet C2 server (confidence level: 100%)
file154.194.35.243
NjRAT botnet C2 server (confidence level: 100%)
file198.55.98.230
RedLine Stealer botnet C2 server (confidence level: 100%)
file154.194.35.243
NjRAT botnet C2 server (confidence level: 100%)
file154.194.35.243
NjRAT botnet C2 server (confidence level: 100%)
file147.185.221.31
XWorm botnet C2 server (confidence level: 100%)
file38.18.229.238
XWorm botnet C2 server (confidence level: 100%)
file38.18.229.238
XWorm botnet C2 server (confidence level: 100%)
file196.251.88.19
Remcos botnet C2 server (confidence level: 100%)
file38.246.249.140
ValleyRAT botnet C2 server (confidence level: 100%)
file38.246.249.140
ValleyRAT botnet C2 server (confidence level: 100%)
file193.161.193.99
XWorm botnet C2 server (confidence level: 100%)
file194.156.79.239
RedLine Stealer botnet C2 server (confidence level: 100%)
file147.185.221.23
NjRAT botnet C2 server (confidence level: 100%)
file118.107.32.137
ValleyRAT botnet C2 server (confidence level: 100%)
file27.124.45.106
ValleyRAT botnet C2 server (confidence level: 100%)
file193.161.193.99
Remcos botnet C2 server (confidence level: 100%)
file34.92.141.88
Cobalt Strike botnet C2 server (confidence level: 100%)
file150.187.25.242
Cobalt Strike botnet C2 server (confidence level: 100%)
file203.91.78.92
Cobalt Strike botnet C2 server (confidence level: 100%)
file167.172.73.163
Cobalt Strike botnet C2 server (confidence level: 100%)
file3.24.114.211
Sliver botnet C2 server (confidence level: 100%)
file35.199.35.25
AsyncRAT botnet C2 server (confidence level: 100%)
file45.74.8.89
AsyncRAT botnet C2 server (confidence level: 100%)
file109.69.58.171
Unknown malware botnet C2 server (confidence level: 100%)
file114.67.247.37
Xtreme RAT botnet C2 server (confidence level: 100%)
file163.181.205.114
DeimosC2 botnet C2 server (confidence level: 75%)
file52.19.11.153
DeimosC2 botnet C2 server (confidence level: 75%)
file54.196.221.141
PureLogs Stealer botnet C2 server (confidence level: 100%)
file43.138.22.149
Cobalt Strike botnet C2 server (confidence level: 75%)

Hash

ValueDescriptionCopy
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Ghost RAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash8082
Hook botnet C2 server (confidence level: 100%)
hash5902
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash50805
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 100%)
hash7000
XWorm botnet C2 server (confidence level: 100%)
hash6624
XWorm botnet C2 server (confidence level: 100%)
hashf66f7c2e1b1ddc84c9f5e536aa2e20fe9b3af846
XWorm payload (confidence level: 95%)
hash18b9a33bc5fc6d4bc4a6ede40c33dadc700a16cc3007c54349cc999519df09d0
XWorm payload (confidence level: 95%)
hash4b9a23b97f5575c95fff0ea7e55d60be
XWorm payload (confidence level: 95%)
hash6ede65bb8d310c7da90582878f4468aa258860cc
Typhon Stealer payload (confidence level: 95%)
hash30a0bfa5ea4bfe76867e243af1c3bd7030fcf63dfa0ee351e0fb9a00152b0060
Typhon Stealer payload (confidence level: 95%)
hashe3374a4f4f8b835cd1ac812dd718c548
Typhon Stealer payload (confidence level: 95%)
hash3387e9d7cb30a30b1ba497b51a7e3e17576d4737
XWorm payload (confidence level: 95%)
hashd63994be3db3b03105b1b822d73a89cff59f1cb5d156162c92f556ee38bfc48a
XWorm payload (confidence level: 95%)
hash1e93b1b6c10c181b585b138672bf18a5
XWorm payload (confidence level: 95%)
hash73a2f49a770232e4395d9b5b825385206c664f01
StrelaStealer payload (confidence level: 95%)
hash5e067e42b36000b1204ceca43d608ea06d142c1b62a7872ad50e1e3a7887502e
StrelaStealer payload (confidence level: 95%)
hash1ed16ea4a6d60cab5f15b830e3fd934b
StrelaStealer payload (confidence level: 95%)
hashd4af84e89e4fcdb12696ac687af3ff1c445b7f3a
Quasar RAT payload (confidence level: 95%)
hash1bd91873839d21b57e0176eda3323914a95b9deabc15ac79676b2ff16d624270
Quasar RAT payload (confidence level: 95%)
hash3dd5e18ffeb064f0ff30f7db8ac640f7
Quasar RAT payload (confidence level: 95%)
hash09ec5eeae45ac3fceed5c15bf85ac0b8cd861209
Luca Stealer payload (confidence level: 95%)
hashe30c46a43703c8ef08dedfe53a5df680d9a39b4783554b01f5318bffc71956ff
Luca Stealer payload (confidence level: 95%)
hash34bea6f6295733750f7cf78e1f8f826c
Luca Stealer payload (confidence level: 95%)
hashdb4f4e2aff09de4aed0ab120ecf5b295a8af8a15
Formbook payload (confidence level: 95%)
hash14a371e6549ffd778165044baeafb53330d9f0756dd17369d5abc3e56f3951fa
Formbook payload (confidence level: 95%)
hash5dadeaf5d4464ff613723c7f929a2633
Formbook payload (confidence level: 95%)
hash0e51d9e57cc7ce9ad43a7035532c6986e49bef73
Rhadamanthys payload (confidence level: 95%)
hash0197cefa97b390be00c8a934f7df2efe5b24115cbf63a8c20e529648dec39455
Rhadamanthys payload (confidence level: 95%)
hashb27877854da0a01e3df80dff287772b7
Rhadamanthys payload (confidence level: 95%)
hash5db72447c6841a9faef887ad4b8bdb4c4016916b
XWorm payload (confidence level: 95%)
hashc2214a8b8c88c91a009891f3f10bbb2d8aa18a15580bd12c82dfcf2477f0c846
XWorm payload (confidence level: 95%)
hash61d549ebce2645dc8f147e0fa01baa2f
XWorm payload (confidence level: 95%)
hash29257e91e7852a13ba63e20c86f2693eea56520b
Luca Stealer payload (confidence level: 95%)
hash865268c403283d200f546fe09fa6bd0587d165fda8b26024a45db21999998bb5
Luca Stealer payload (confidence level: 95%)
hash57204a1b5fd6cfc8f8df1467eae1afd3
Luca Stealer payload (confidence level: 95%)
hash6933ec0a2bdd1719d879c35909e14ebfb464e183
Luca Stealer payload (confidence level: 95%)
hash41f48afaf1bac88d224b622eef515c14b6a7782eae341c6415a594b8680326b3
Luca Stealer payload (confidence level: 95%)
hashbb1a97572cf442259eefa1684714a6e4
Luca Stealer payload (confidence level: 95%)
hash8af2cb510eccdb2bf61195d57603e6d30a03868a
Quasar RAT payload (confidence level: 95%)
hash7645e0b22c7ea622d164b55b3449831e99bcf4de66c31ac0afaa877cef03248e
Quasar RAT payload (confidence level: 95%)
hashe769a09ad2023de15fb16d69d61b8222
Quasar RAT payload (confidence level: 95%)
hash80fdf8d6cdb7a76cf7cbdf640d0ea193420062b8
Remcos payload (confidence level: 95%)
hash2f4337e60d9fb98342035e3b6233af010cc1a6c8801b1a3b23a59b60025e680f
Remcos payload (confidence level: 95%)
hashd935afacb18a79ffc5788f0a3d2e698e
Remcos payload (confidence level: 95%)
hash544db360d4cf7497e3bab7435167519454b52419
StrelaStealer payload (confidence level: 95%)
hashd9745c3c74bdc3e3a192add8bae6a88bac3b6bfe8da02c4b0bc0df05d8a76870
StrelaStealer payload (confidence level: 95%)
hash95ca11ff00293585dca9c0109a408f66
StrelaStealer payload (confidence level: 95%)
hash28afcd81f85eb4b430391b8d42f29495f7230d61
Meterpreter payload (confidence level: 95%)
hash0663f21e9ff17cbe6b525bce153f0b2ee03871c3fa55a718fc3b362c3a7f7fbb
Meterpreter payload (confidence level: 95%)
hash7c18e86b81a5e4360b16a8313410803c
Meterpreter payload (confidence level: 95%)
hash19f2b216db19def21128a3898068af02b0d89836
Skimer payload (confidence level: 95%)
hashc5b7711cf076c13b111b73d4ad09d7fa73359bda102f7b85c78b47cfdd960d06
Skimer payload (confidence level: 95%)
hash24a2bdb10191c9204cd64f87afad9e63
Skimer payload (confidence level: 95%)
hash935341c657e4741eec10dfcc9109ab878543f5d8
ValleyRAT payload (confidence level: 95%)
hash5b5fa9b7828a4c8fbe76360e2b767e75e27b4e514b0ee0e44cca0f55cceebd93
ValleyRAT payload (confidence level: 95%)
hash076f306e5d302605963e09da89423f99
ValleyRAT payload (confidence level: 95%)
hash5f135765942d0a2bfe441f406955497c7d4a2f37
Luca Stealer payload (confidence level: 95%)
hash58f24c4c838e75a6cbdb6c2c25f8f3354e6240870bec6c3573cb7d7b652fc805
Luca Stealer payload (confidence level: 95%)
hash79dc67fb3bb05c796195eac147369765
Luca Stealer payload (confidence level: 95%)
hashfec6cca06b80101db9143445294dca60e7fc3028
XWorm payload (confidence level: 95%)
hash195da2543cf0af339eb2e451942c8cc014d0cc27560985f69dbc1633d16686c6
XWorm payload (confidence level: 95%)
hashefd590fa530556d8103e22b9cc254ac0
XWorm payload (confidence level: 95%)
hashe726e6d5325427bd1ec6b5236eaedfc7639640fc
NjRAT payload (confidence level: 95%)
hasheb3f803c94b6ac69d022a5143700450f27e5369b7fd31a11733e504e0b9dcb19
NjRAT payload (confidence level: 95%)
hashef9d7c9140be950e8f68af63e6a7a82e
NjRAT payload (confidence level: 95%)
hash552376eafc8a230ae0b9bab3ebc2eb6d1b641505
Agent Tesla payload (confidence level: 95%)
hashfde8e9a85d002c3b3c624bf2977a130d4bacd3de9f522e8c4e4e3f01f40dda7b
Agent Tesla payload (confidence level: 95%)
hashee09b0b34dd9ba5647887e070f411c87
Agent Tesla payload (confidence level: 95%)
hash67b6ea1c90ec8de22d5fe8f698f9bcec70b89ba4
HijackLoader payload (confidence level: 95%)
hasha153dd1ca451bdb9c83ed29aba2582195b42dae721aac78515eea97b7e4fe267
HijackLoader payload (confidence level: 95%)
hashb31db056c978934245b1e5b47b4a3f0e
HijackLoader payload (confidence level: 95%)
hash8e772d405e33da474bc339e44836650d05f290c1
QuantLoader payload (confidence level: 95%)
hashb5e81b97f8c874d4843cde448cc15bfe552807113a11301a36ad3ff32517d8cb
QuantLoader payload (confidence level: 95%)
hash7ba6d97f5c3872b9092fb29e993aa017
QuantLoader payload (confidence level: 95%)
hash6e39332d42471f893300ed863ddb985e10be2eb7
Vidar payload (confidence level: 95%)
hash441e7e38c7c42a21d7f7e12da88211fe1a037c23f4869d4c5f901db0162581ed
Vidar payload (confidence level: 95%)
hashd3eff35838504e27cc5ff2d884649df5
Vidar payload (confidence level: 95%)
hash13a30eff048dd041c35997c7f0f6fccfa9a5b062
RedLine Stealer payload (confidence level: 95%)
hashd99cf2cb4cb19eaa429333d14049d76583cc2321623a59f254082546cf22a733
RedLine Stealer payload (confidence level: 95%)
hashc5ae90fd1edaa56c2a60e4ed305ee187
RedLine Stealer payload (confidence level: 95%)
hash3b806e4b2e8c7a41ac59d4be3e7902f1581610fd
RedLine Stealer payload (confidence level: 95%)
hash1886dfcc58adcf502245977e9d482a942079d580348e2c404092762e35774754
RedLine Stealer payload (confidence level: 95%)
hash18f5a139c0a9a35202b2132881b54d7b
RedLine Stealer payload (confidence level: 95%)
hash091bd25f478674144227361973501d0b2f27b442
RedLine Stealer payload (confidence level: 95%)
hashebbf0823315707c04f814d68d3c3528354b522215ff0768303002115245b9e44
RedLine Stealer payload (confidence level: 95%)
hasha0866b7adbc546544e0fe9d5abc129d4
RedLine Stealer payload (confidence level: 95%)
hash41d6622e1352e5511381046e08773daf15f1456e
Remcos payload (confidence level: 95%)
hashf769c21c6d3214d4d128d392c9e23365137a6d20afd47cae652e637c85b2bf6b
Remcos payload (confidence level: 95%)
hashf3159395a9d38e3abe27b742e9d5481d
Remcos payload (confidence level: 95%)
hash59d76f6dd91120b1ba9532b0207b5b92f93dcaee
Remcos payload (confidence level: 95%)
hash747c7897b83cad768fd9dfaf3adc5ab4a00e22ad1ed067c683d040d96e6fa1da
Remcos payload (confidence level: 95%)
hash0065723fc900dc77bb0efb0cabdc58d8
Remcos payload (confidence level: 95%)
hashad5ca76369dd8d299a6588961c793fedf7c4d247
XWorm payload (confidence level: 95%)
hashd4003a9dec7bb44ed0de8f04f30b9d00df451747e195be9656e143f451b07a0b
XWorm payload (confidence level: 95%)
hasheb4f9098af6a5251c782abb3724bea9a
XWorm payload (confidence level: 95%)
hash9a0d9ecd99ae139c063b12c5f6ad1dbf5ede0aee
Amadey payload (confidence level: 95%)
hash1626d048d160be512ed5e4e9755c924980a09d1759216ff3ea2966a0347d0ce7
Amadey payload (confidence level: 95%)
hashea4074142cbc09d33f8a6a065f02cbf4
Amadey payload (confidence level: 95%)
hash29c59a7cf141e01e6980f152328646c816b1ab8d
ValleyRAT payload (confidence level: 95%)
hash55f961df4bf64a38b19a1512817651091deb357a72b98fa912cd214a107c95ff
ValleyRAT payload (confidence level: 95%)
hashe9e8a2655ab21bb8023cee8161d47209
ValleyRAT payload (confidence level: 95%)
hashb7300743eba6e658a7d2c525db9058047fd6eb65
Agent Tesla payload (confidence level: 95%)
hash7d191926cc950d28ac4a729a7ef4f0544782f1a748a0b6c4f9c8478312df5fa7
Agent Tesla payload (confidence level: 95%)
hashe957169226ad69dd8085c5d1aca2a148
Agent Tesla payload (confidence level: 95%)
hashc03ce129546998db3af550816f8199ab06b86342
ValleyRAT payload (confidence level: 95%)
hash94844625f53130eb85f7534bd19c1f4d33706179b75ac91823d6411eca7f4338
ValleyRAT payload (confidence level: 95%)
hashe77d2991321986586ae027f966d6ad19
ValleyRAT payload (confidence level: 95%)
hashd89029dc67ea032099e21f25cc33b7fd37e57536
DCRat payload (confidence level: 95%)
hash21c2931a57611bb4c8633ec1f75424c271a98629703eee05dfa8f46ef4715536
DCRat payload (confidence level: 95%)
hashba3308fdd43d350a003f06feb193672d
DCRat payload (confidence level: 95%)
hashb351e56a9210ff3872fe136b43f34248042d7602
DCRat payload (confidence level: 95%)
hashcf3490aa43bed478680fcaf4cb718d98929b4c6c1f1f235d7187179094eeab7d
DCRat payload (confidence level: 95%)
hashe5f75369a0948522c1793988085bd758
DCRat payload (confidence level: 95%)
hasha8d8dce9350dd840d8049c9b1ed7674720aad739
Luca Stealer payload (confidence level: 95%)
hash7754ad557bf2361b75840a14169b6980dea9723714b031a448e23487bb5609f7
Luca Stealer payload (confidence level: 95%)
hasheb38a7618e35d6ca4199719db67b0837
Luca Stealer payload (confidence level: 95%)
hashbed0aafcd067c6ecdde670857883e81dd5c82b78
XWorm payload (confidence level: 95%)
hashfabd4f6cdfff1ebf69d38cf23129c43e12aa445f385b054af13677593879cd75
XWorm payload (confidence level: 95%)
hashe2f68354040c691f19c56cf396a03aa0
XWorm payload (confidence level: 95%)
hasha084def52ab5d8225c1a7e5cd9707034cb5bfc61
XWorm payload (confidence level: 95%)
hashbbcf859fa9fd162e50a5053e8b7812fc1e32f1b22a11612cb2484de3ccde3b8a
XWorm payload (confidence level: 95%)
hash4ec9342ce288f846534caa3ae44a552e
XWorm payload (confidence level: 95%)
hasha1e992b7ac636f77e19189075ca437f96badecf4
XWorm payload (confidence level: 95%)
hashfd919da6df0f0329adeac2e98a991d590fbe1e145bb549ddd99887fcafea265c
XWorm payload (confidence level: 95%)
hashcfeb81060c03bfd09b5adf5352e84af7
XWorm payload (confidence level: 95%)
hashfbec36e84f0e1875e9e9088b96a360b31af6e8d9
NjRAT payload (confidence level: 95%)
hash7a77a20ba754541141b20e39f88bbbba4b57af757c6906db5f1d8bb62126f262
NjRAT payload (confidence level: 95%)
hashdbc402e92f2e0d4253a05da795c7d189
NjRAT payload (confidence level: 95%)
hash3ef7c41622de1b643422e075852a6dc84a0c49d2
SalatStealer payload (confidence level: 95%)
hash7cc9673598993d033f68cf3c19e12078f22ce35d5fcedebe9cd5e8f4d4d6cb8d
SalatStealer payload (confidence level: 95%)
hash44370ce67f729ba3d43507e7a22e05b3
SalatStealer payload (confidence level: 95%)
hash9e60f70b292544797853bdfe1c45752a397e8709
Rhadamanthys payload (confidence level: 95%)
hashe0d3d71313630d5e26eac3ef1dc3b6cbb94c25161a9890883532cb2641907eab
Rhadamanthys payload (confidence level: 95%)
hash048ed55a5acf40b4978d7821fa32f84b
Rhadamanthys payload (confidence level: 95%)
hash53c6d5bf59a8cb901466438dec2fee300a9e7ed0
Rhadamanthys payload (confidence level: 95%)
hash5867f7da4c20f501d2b31caf95a94695ee89cec694a3ad271524daca014c697a
Rhadamanthys payload (confidence level: 95%)
hash8bf3b18853657538f1dc2c724d123c95
Rhadamanthys payload (confidence level: 95%)
hashb002e68bc30873f2c0639684e87a38282e069b83
Rhadamanthys payload (confidence level: 95%)
hashfc4a2e4cc8145c47badc938a73c930e387dde9acd4e408efe7e5263c060ab4f1
Rhadamanthys payload (confidence level: 95%)
hash727a9c8b3b2e17b57cd20b6eb347da34
Rhadamanthys payload (confidence level: 95%)
hash874af3e83e6418ac96df77a3b1cba83961995afd
Rhadamanthys payload (confidence level: 95%)
hash863fd1c371d5ed9b41ae1bfa7214bd47be81978aba7506782bbb7baeb937637f
Rhadamanthys payload (confidence level: 95%)
hash01d2dc050e0c57bfda1b8b5c27a6e33d
Rhadamanthys payload (confidence level: 95%)
hash6b3b208249520b077bd391a128d5541e5e7e265e
AsyncRAT payload (confidence level: 95%)
hash4b6fd25fa4a0b7eeade0600b5f5b7a8eabbdefc88e713653e7876c5a6d463f45
AsyncRAT payload (confidence level: 95%)
hashd980c702cc9ea586a8a0fbc676048ed3
AsyncRAT payload (confidence level: 95%)
hash3e7af1333ec10336f4da7aa2c04a6e20deca9618
XWorm payload (confidence level: 95%)
hash3b42fd1aa5d4dba0e1d2113a52f5aa916eca16bec9b1eca7b2d3fb5bba24536e
XWorm payload (confidence level: 95%)
hashf5dff9fcff114fe2159177ebac4f93d3
XWorm payload (confidence level: 95%)
hash723339aa1de522d642ef934e42954eabda0aada7
PureLogs Stealer payload (confidence level: 95%)
hash63abf4ea4b0c563035d97a8dffa135783724ef3dc4b167b4f1987bd9090afbf1
PureLogs Stealer payload (confidence level: 95%)
hash5ee663bd0cfd903c02e1380955a4125c
PureLogs Stealer payload (confidence level: 95%)
hashf7481d559b5349eb58057ab345142f018586b36c
Luca Stealer payload (confidence level: 95%)
hash9307c95e4501cadbb63f7b137cf9c289819c15126b4cd04e788aebe1e02044f9
Luca Stealer payload (confidence level: 95%)
hash4c017ee9203d4f39be446fae944be38d
Luca Stealer payload (confidence level: 95%)
hashdf7f26a26e846afaeb81f73ef3145d2a0875a4dc
SwaetRAT payload (confidence level: 95%)
hash178dcffa7899bf9955bf12c4eefada6f635972f59f5531b53ff9e6da96293d9c
SwaetRAT payload (confidence level: 95%)
hashf8cdd15803d58111ab3772f7f22fd721
SwaetRAT payload (confidence level: 95%)
hashce918464f287cb15848a2988b51895e3439b4017
SwaetRAT payload (confidence level: 95%)
hash949bfd6736700f90d2cc422326d77fcf140d843b8054ff24812f286524a6a52c
SwaetRAT payload (confidence level: 95%)
hash44234153778ad917bf3cc03ce1b718e7
SwaetRAT payload (confidence level: 95%)
hash415ec6146a1c119c213c0dfbbac987de1a45dc4d
SwaetRAT payload (confidence level: 95%)
hash5852461a118cae4b43ba916592999c3c19b2b35324edd86cf3de4d014378413f
SwaetRAT payload (confidence level: 95%)
hash2228d23d3ac59b14472315442f290d3e
SwaetRAT payload (confidence level: 95%)
hashca5bd8786b2146efc8bb8fa53caad929895f68fc
Remcos payload (confidence level: 95%)
hash41700fe0e7369606d4c4739998f3eab0b911c42261b36152424b3907b755e567
Remcos payload (confidence level: 95%)
hashcdaca42b390158e2a994f0a5115db451
Remcos payload (confidence level: 95%)
hash816e71200dff3df63dc87e3c1b2dbed606050f6d
Neconyd payload (confidence level: 95%)
hashc79a8e65125330dccc53abf6c1bcb44b997b08995f30a0cca6881fa8a294fa4b
Neconyd payload (confidence level: 95%)
hash25001a220dbbf89620a775374122b4ad
Neconyd payload (confidence level: 95%)
hash21157865fdfc6beaef44ac32e03fa0721fd49d43
XWorm payload (confidence level: 95%)
hash2689f1911629e858f5ef34dc68fb0bc2acc95c901abe37f946a92cf0ee7c6e3e
XWorm payload (confidence level: 95%)
hashd30649992322b8bf6ddffe00c70843a3
XWorm payload (confidence level: 95%)
hashadace7081e179be20b8cb10892e598d8126089d8
Luca Stealer payload (confidence level: 95%)
hasha91559858cca5dcd3f80a1081857956ca96b560f1917c2bf043f6024ad69b42d
Luca Stealer payload (confidence level: 95%)
hashc271cc24e1b63d0c2cdce4b93c87b92a
Luca Stealer payload (confidence level: 95%)
hash63831c79bffac8d1390f838b708b0d491dab49cf
NimGrabber payload (confidence level: 95%)
hasha4df95ea7d22d965f20021211177f062b3265a913a0c149047dcf91cdaf22cb6
NimGrabber payload (confidence level: 95%)
hash7e3e9c248d44a6a70ebbf3953a7b6360
NimGrabber payload (confidence level: 95%)
hash453eafa0a02cb666233c592449d9858540772bff
DCRat payload (confidence level: 95%)
hash3b48efa89582b3113b5cafce330cb60d52a0a232106526d6abb1f4afc170868b
DCRat payload (confidence level: 95%)
hashd279a26838de358d99d8693858ce4165
DCRat payload (confidence level: 95%)
hashda6ab7b17ae564e6d3e617ed50f30686346495e3
NjRAT payload (confidence level: 95%)
hashb6a26ecbd77d7d9788854ec96e18ced87388ea4e3f9b508faa81b11cd2e2a33c
NjRAT payload (confidence level: 95%)
hashd1634960aa82b52944bb85b4a67f867b
NjRAT payload (confidence level: 95%)
hash14ab6e4c981007b082ec52a86f2be7f34f9d1da2
ValleyRAT payload (confidence level: 95%)
hash19144d4eac81d94c2d019f1c7f14c02a72f7af214d457fa7e7c22f58e7a1ddb7
ValleyRAT payload (confidence level: 95%)
hashf0c806a5ad8d19710328132484e5dfd6
ValleyRAT payload (confidence level: 95%)
hash0ab1a8f3ada6d3b05d9e41ab632bc2a475b13b0f
Agent Tesla payload (confidence level: 95%)
hash60999b203b7b939b578c65860d5eda81453c03c191aead0e00b2e22325514103
Agent Tesla payload (confidence level: 95%)
hashd07eab5407938ba904ca2b21d358ef75
Agent Tesla payload (confidence level: 95%)
hash3aaaf96140be84ce5f53f55fe4cf6d3017d6afe1
XWorm payload (confidence level: 95%)
hashb39f3c488593f0c557a7888adc4f20853e3cd2f92f7b7e59c19fb7f69a3b50bb
XWorm payload (confidence level: 95%)
hashd6d7b3cb39fbddccd99f34f68eb781ab
XWorm payload (confidence level: 95%)
hashcb44977ea12722126d74243bbc1e019bcf313536
ValleyRAT payload (confidence level: 95%)
hashfc4bf0c8f1356789001d34395fd3da9c64b0672accfdb36ec85640bdc5a6b116
ValleyRAT payload (confidence level: 95%)
hashcceba5ea8dd56d33ecb4ccd07045b144
ValleyRAT payload (confidence level: 95%)
hash595fc3d6d1c3980ed25819dab19666b517573cab
ValleyRAT payload (confidence level: 95%)
hash3c39551a6266396201336833c2091b1f528611039049d1b33984ad8f64cfd60b
ValleyRAT payload (confidence level: 95%)
hashc7ae0a7ed92c57c8bc83f9af4716ea26
ValleyRAT payload (confidence level: 95%)
hash9cf8e4b0512572e9e9dd42b2395ceb28d26c71c6
XWorm payload (confidence level: 95%)
hasheff06ffe78c495491ce7eff1ed8b140f4ba023126edf85fb248fdf894f40a3c4
XWorm payload (confidence level: 95%)
hashc4bea1a44d80b69fc373b80e10a61f0e
XWorm payload (confidence level: 95%)
hash05d820b14750a8457e90c56ebc8ddb6e9fe31028
Coinminer payload (confidence level: 95%)
hashd4f4e7f7754cacf5c318e687fad1c5107d9be78d700e0790c9f4e4fd063e06db
Coinminer payload (confidence level: 95%)
hashd35f62c7632bbdc67b06e8c6d2583967
Coinminer payload (confidence level: 95%)
hash92453622fcac062b439e6d95d50d3524ba76d2c8
RedLine Stealer payload (confidence level: 95%)
hashd59e7f6fd2776565ee278122a52b92a76e26802a866be18a96decb454c0ccee0
RedLine Stealer payload (confidence level: 95%)
hash7ea00c173a682fce8a7cb377e223e4c8
RedLine Stealer payload (confidence level: 95%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash7000
XWorm botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash10443
Unknown malware botnet C2 server (confidence level: 100%)
hash8081
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8444
Unknown malware botnet C2 server (confidence level: 100%)
hash995
QakBot botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash9000
SectopRAT botnet C2 server (confidence level: 100%)
hash9990
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash113
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash10259
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash102
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8085
Chaos botnet C2 server (confidence level: 100%)
hash80
MimiKatz botnet C2 server (confidence level: 100%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 100%)
hash13063
XWorm botnet C2 server (confidence level: 100%)
hash11056
XWorm botnet C2 server (confidence level: 100%)
hash11056
XWorm botnet C2 server (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 50%)
hash6379
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash2082
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8083
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash7443
Unknown malware botnet C2 server (confidence level: 50%)
hash12263
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash20547
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash52311
Mozi botnet C2 server (confidence level: 50%)
hash53484
Mozi botnet C2 server (confidence level: 50%)
hash1911
Xtreme RAT botnet C2 server (confidence level: 50%)
hash9000
SectopRAT botnet C2 server (confidence level: 50%)
hash593
Unknown malware botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash8086
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Remcos botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8013
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8443
DeimosC2 botnet C2 server (confidence level: 100%)
hash443
Unknown Loader botnet C2 server (confidence level: 100%)
hash8888
Sliver botnet C2 server (confidence level: 75%)
hash8888
Sliver botnet C2 server (confidence level: 75%)
hash8888
Sliver botnet C2 server (confidence level: 75%)
hash8888
Sliver botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash4506
DeimosC2 botnet C2 server (confidence level: 75%)
hash16868
XWorm botnet C2 server (confidence level: 100%)
hash64923
Quasar RAT botnet C2 server (confidence level: 100%)
hash51667
XWorm botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash8443
Sliver botnet C2 server (confidence level: 100%)
hash9999
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash3128
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8000
MimiKatz botnet C2 server (confidence level: 100%)
hash6666
ValleyRAT botnet C2 server (confidence level: 100%)
hash551
ValleyRAT botnet C2 server (confidence level: 100%)
hash552
ValleyRAT botnet C2 server (confidence level: 100%)
hash553
ValleyRAT botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash61717
XWorm botnet C2 server (confidence level: 100%)
hash80
Amadey botnet C2 server (confidence level: 100%)
hash80
Amadey botnet C2 server (confidence level: 100%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash50542
Remcos botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash2380
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8130
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash9601
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash29451
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash6000
XWorm botnet C2 server (confidence level: 100%)
hash8880
ValleyRAT botnet C2 server (confidence level: 100%)
hash6677
NjRAT botnet C2 server (confidence level: 100%)
hash1912
RedLine Stealer botnet C2 server (confidence level: 100%)
hash6258
NjRAT botnet C2 server (confidence level: 100%)
hash8122
NjRAT botnet C2 server (confidence level: 100%)
hash6306
XWorm botnet C2 server (confidence level: 100%)
hash147
XWorm botnet C2 server (confidence level: 100%)
hash0147
XWorm botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash6666
ValleyRAT botnet C2 server (confidence level: 100%)
hash8888
ValleyRAT botnet C2 server (confidence level: 100%)
hash23835
XWorm botnet C2 server (confidence level: 100%)
hash55615
RedLine Stealer botnet C2 server (confidence level: 100%)
hash26149
NjRAT botnet C2 server (confidence level: 100%)
hash1768
ValleyRAT botnet C2 server (confidence level: 100%)
hash443
ValleyRAT botnet C2 server (confidence level: 100%)
hash38077
Remcos botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash102
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 100%)
hash4506
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash7705
PureLogs Stealer botnet C2 server (confidence level: 100%)
hash8848
Cobalt Strike botnet C2 server (confidence level: 75%)

Url

ValueDescriptionCopy
urlhttps://t.me/ghrghrthhet
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://156.226.174.33/s.sh
Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://pastebin.com/raw/99vn2mg6
XWorm botnet C2 (confidence level: 50%)
urlhttps://inefqxf.top/zqou
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://rotofay.top/gotr
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://americovespucci.shop
Stealc botnet C2 (confidence level: 100%)
urlhttps://achieverbreath.xyz/mxi.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://scaleturn.xyz/mxi.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://shipfang.xyz/mxi.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://toothpastename.xyz/mxi.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://teachingsound.xyz/mxi.php
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://213.209.150.166/g7hen3xxf/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttps://rzr.plex.name
Vidar botnet C2 (confidence level: 75%)
urlhttps://github.com/loredana221/tewst/raw/refs/heads/main/owjlzu.exe
PureCrypter payload delivery URL (confidence level: 100%)
urlhttps://github.com/loredana221/tewst/raw/refs/heads/main/ccr.exe
SparkRAT botnet C2 (confidence level: 100%)
urlhttps://github.com/loredana221/tewst/raw/refs/heads/main/paid.exe
PureCrypter botnet C2 (confidence level: 100%)
urlhttps://github.com/vetigoders/lavidaloca/raw/refs/heads/main/client.exe
XWorm payload delivery URL (confidence level: 100%)
urlhttps://t.me/asdf21asdf12fasdcfvas
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://cd66377.tw1.ru/6c0292e3.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://storedriving.xyz/mxi.php
Unknown Loader botnet C2 (confidence level: 100%)

Threat ID: 68a2711ead5a09ad009d58e7

Added to database: 8/18/2025, 12:17:34 AM

Last enriched: 8/18/2025, 12:32:59 AM

Last updated: 8/18/2025, 11:47:34 PM

Views: 6

Related Threats

ThreatFox IOCs for 2025-08-18

Medium
MalwareTue Aug 19 2025

Fake ChatGPT Desktop App Delivering PipeMagic Backdoor, Microsoft

Medium
MalwareMon Aug 18 2025

Phishing Scam with Fake Copyright Notices Drops New Noodlophile Stealer Variant

Medium
MalwareMon Aug 18 2025

ThreatFox IOCs for 2025-08-16

Medium
MalwareSun Aug 17 2025

Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities

Medium
MalwareSat Aug 16 2025

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats