Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

ThreatFox IOCs for 2025-08-20

Medium
Malwaretype:osinttlp:white
Published: Wed Aug 20 2025 (08/20/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-08-20

AI-Powered Analysis

AILast updated: 08/21/2025, 00:32:46 UTC

Technical Analysis

The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2025-08-20 by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), payload delivery, and network activity. The data appears to be a collection of threat intelligence indicators rather than a description of a specific malware variant or exploit. There are no affected product versions listed, no patches available, and no known exploits in the wild, indicating that this is likely a proactive intelligence update rather than a report of an active or newly discovered vulnerability or malware campaign. The threat level is indicated as 2 on an unspecified scale, with a medium severity rating. The tags and categories suggest that the threat relates to the delivery of malicious payloads potentially identified through network activity analysis and OSINT techniques. The absence of technical details such as specific malware behavior, attack vectors, or exploitation methods limits the ability to provide a detailed technical breakdown. The threat intelligence appears to be aimed at enhancing situational awareness and detection capabilities rather than describing a direct, exploitable vulnerability or active attack. As such, it serves as a resource for security teams to update detection rules and monitor network traffic for suspicious activity aligned with the provided IOCs.

Potential Impact

For European organizations, the impact of this threat intelligence update is primarily in the realm of improved detection and preparedness rather than immediate risk. Since no active exploits or vulnerabilities are reported, the direct impact on confidentiality, integrity, or availability is minimal at this stage. However, the presence of payload delivery and network activity indicators suggests that adversaries may be attempting or planning to deliver malware through network channels, which could lead to data breaches, system compromise, or disruption if successful. Organizations that fail to incorporate these IOCs into their security monitoring may be at increased risk of undetected intrusions. The medium severity rating implies that while the threat is not currently critical, it warrants attention to prevent escalation. European entities with significant network infrastructure and exposure to external traffic, such as financial institutions, critical infrastructure providers, and large enterprises, should consider this intelligence relevant to their threat landscape.

Mitigation Recommendations

To effectively mitigate risks associated with this threat intelligence, European organizations should: 1) Integrate the provided IOCs into their Security Information and Event Management (SIEM) systems and intrusion detection/prevention systems (IDS/IPS) to enhance detection capabilities for related network activity and payload delivery attempts. 2) Conduct regular network traffic analysis focusing on anomalies and patterns matching the threat indicators to identify potential malicious activity early. 3) Update firewall and endpoint security rules to block or alert on communications matching the IOCs. 4) Train security operations teams to recognize and respond to signs of payload delivery and network-based attacks, leveraging OSINT sources for contextual awareness. 5) Maintain robust incident response plans that include procedures for handling malware delivery attempts and network intrusions. 6) Collaborate with threat intelligence sharing communities to receive timely updates and validate the relevance of the IOCs to their environment. These steps go beyond generic advice by emphasizing the operational integration of threat intelligence and proactive network monitoring tailored to the nature of the indicators.

Affected Countries

GermanyGermany
FranceFrance
United KingdomUnited Kingdom
NetherlandsNetherlands
ItalyItaly
SpainSpain
PolandPoland
Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
f213e7b9-ebdc-4435-930b-69f3508d2fce
Original Timestamp
1755734586

Indicators of Compromise

Url

ValueDescriptionCopy
urlhttp://tie-cent-orleans-arrival.trycloudflare.com
Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://myevmanual.com/d.js
Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://woop-bicks.com/ajax/pixi.min.js
Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://ame-9.com/res/climbfragile
Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://mohamed88.work.gd:7050/is-ready
Houdini botnet C2 (confidence level: 100%)
urlhttp://sophos-upd-srv.info:4443/api/v1/update/result
Morpheus Loader botnet C2 (confidence level: 100%)
urlhttp://sophos-upd-srv.info:4443/api/v1/commands
Morpheus Loader botnet C2 (confidence level: 100%)
urlhttp://sophos-upd-srv.info:4443/api/v1/heartbeat
Morpheus Loader botnet C2 (confidence level: 100%)
urlhttp://sophos-upd-srv.info:4443/api/v1/info
Morpheus Loader botnet C2 (confidence level: 100%)
urlhttp://cj22621.tw1.ru/fcdd7c92.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://221.132.29.137:4433/6ogq
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://221.132.29.137:4433/fcas
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttps://filebase.pages.dev/ssym0ukul7.exe
Stealc payload delivery URL (confidence level: 100%)
urlhttps://upload.shipensburginvestmentgroup.com
Vidar botnet C2 (confidence level: 75%)
urlhttps://t.me/lumclan
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://kalioso.top/woxe
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://t.me/dsawerqdscvr
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://103.68.109.208:1630/aeca1ecf5a1fa55/lqpxpr0i.rd4us
Rhadamanthys botnet C2 (confidence level: 100%)
urlhttps://bradtae.com/5tr4r.js
KongTuke payload delivery URL (confidence level: 100%)
urlhttps://bradtae.com/js.php
KongTuke payload delivery URL (confidence level: 100%)
urlhttps://darkhbt.top/qiqw
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://89.213.174.77/s.sh
Unknown malware payload delivery URL (confidence level: 75%)
urlhttp://basradriving.org/thai/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://cj74400.tw1.ru/87993873.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://128.140.10.163
Vidar botnet C2 (confidence level: 75%)
urlhttps://rtx.shipensburginvestmentgroup.com
Vidar botnet C2 (confidence level: 75%)
urlhttps://t.me/romalaba
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://cl14976.tw1.ru/222c4a45.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://cx12805.tw1.ru/5c1e03c3.php
DCRat botnet C2 (confidence level: 100%)

File

ValueDescriptionCopy
file31.128.158.49
NjRAT botnet C2 server (confidence level: 75%)
file3.27.235.189
Cobalt Strike botnet C2 server (confidence level: 100%)
file193.26.115.209
Remcos botnet C2 server (confidence level: 100%)
file213.190.4.203
Remcos botnet C2 server (confidence level: 100%)
file124.220.19.20
Unknown malware botnet C2 server (confidence level: 100%)
file185.196.10.204
AsyncRAT botnet C2 server (confidence level: 100%)
file95.112.103.2
Unknown malware botnet C2 server (confidence level: 100%)
file20.42.107.78
Unknown malware botnet C2 server (confidence level: 100%)
file109.122.197.147
Hook botnet C2 server (confidence level: 100%)
file187.201.97.119
Quasar RAT botnet C2 server (confidence level: 100%)
file187.201.97.119
Quasar RAT botnet C2 server (confidence level: 100%)
file187.201.97.119
Quasar RAT botnet C2 server (confidence level: 100%)
file34.203.198.198
Havoc botnet C2 server (confidence level: 100%)
file13.115.109.98
Brute Ratel C4 botnet C2 server (confidence level: 100%)
file164.92.178.59
Unknown malware botnet C2 server (confidence level: 100%)
file223.109.90.12
Xtreme RAT botnet C2 server (confidence level: 100%)
file114.67.215.57
Xtreme RAT botnet C2 server (confidence level: 100%)
file147.185.221.30
XWorm botnet C2 server (confidence level: 100%)
file46.246.82.18
AsyncRAT botnet C2 server (confidence level: 100%)
file46.246.82.18
Vjw0rm botnet C2 server (confidence level: 100%)
file147.185.221.31
XWorm botnet C2 server (confidence level: 100%)
file210.16.181.38
Cobalt Strike botnet C2 server (confidence level: 75%)
file103.146.124.177
Cobalt Strike botnet C2 server (confidence level: 100%)
file35.230.30.248
Cobalt Strike botnet C2 server (confidence level: 100%)
file118.71.116.31
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.198.162.55
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.36.249.122
Cobalt Strike botnet C2 server (confidence level: 100%)
file143.92.37.143
Ghost RAT botnet C2 server (confidence level: 75%)
file69.62.80.235
Hook botnet C2 server (confidence level: 100%)
file103.90.72.194
Quasar RAT botnet C2 server (confidence level: 100%)
file135.181.41.9
Havoc botnet C2 server (confidence level: 100%)
file144.172.100.103
Lumma Stealer botnet C2 server (confidence level: 100%)
file206.237.9.220
Unknown malware botnet C2 server (confidence level: 100%)
file8.141.0.63
Unknown malware botnet C2 server (confidence level: 100%)
file59.110.18.85
Unknown malware botnet C2 server (confidence level: 100%)
file8.152.98.193
Unknown malware botnet C2 server (confidence level: 100%)
file8.152.161.242
Unknown malware botnet C2 server (confidence level: 100%)
file13.234.132.82
Unknown malware botnet C2 server (confidence level: 100%)
file149.104.24.124
Unknown malware botnet C2 server (confidence level: 100%)
file18.224.232.228
Unknown malware botnet C2 server (confidence level: 100%)
file8.152.201.2
Unknown malware botnet C2 server (confidence level: 100%)
file34.110.171.37
Unknown malware botnet C2 server (confidence level: 100%)
file34.159.52.121
Unknown malware botnet C2 server (confidence level: 100%)
file203.163.253.61
Unknown malware botnet C2 server (confidence level: 100%)
file123.56.201.79
Unknown malware botnet C2 server (confidence level: 100%)
file103.235.75.112
Unknown malware botnet C2 server (confidence level: 100%)
file165.227.209.124
Unknown malware botnet C2 server (confidence level: 100%)
file47.237.8.225
Unknown malware botnet C2 server (confidence level: 100%)
file168.232.167.5
Unknown malware botnet C2 server (confidence level: 100%)
file103.30.40.248
Unknown malware botnet C2 server (confidence level: 100%)
file4.201.122.3
Unknown malware botnet C2 server (confidence level: 100%)
file20.203.41.94
Unknown malware botnet C2 server (confidence level: 100%)
file95.179.254.241
ShadowPad botnet C2 server (confidence level: 90%)
file148.251.90.146
Venom RAT botnet C2 server (confidence level: 100%)
file13.60.200.7
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file43.198.102.222
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file40.192.15.48
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file3.101.63.178
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file117.72.168.103
Unknown malware botnet C2 server (confidence level: 100%)
file176.65.149.18
Bashlite botnet C2 server (confidence level: 100%)
file1.94.138.68
Xtreme RAT botnet C2 server (confidence level: 100%)
file1.94.135.87
Xtreme RAT botnet C2 server (confidence level: 100%)
file3.141.210.37
Quasar RAT botnet C2 server (confidence level: 100%)
file3.141.177.1
Quasar RAT botnet C2 server (confidence level: 100%)
file172.94.95.227
XWorm botnet C2 server (confidence level: 100%)
file156.238.243.55
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.112.31.239
Cobalt Strike botnet C2 server (confidence level: 100%)
file162.251.95.76
Cobalt Strike botnet C2 server (confidence level: 100%)
file110.42.47.55
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.178.57.150
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.4.24.78
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.3.32.143
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.146.124.177
Cobalt Strike botnet C2 server (confidence level: 100%)
file18.190.63.84
Quasar RAT botnet C2 server (confidence level: 100%)
file79.110.49.180
XWorm botnet C2 server (confidence level: 100%)
file146.70.245.74
Quasar RAT botnet C2 server (confidence level: 100%)
file46.246.82.18
Vjw0rm botnet C2 server (confidence level: 100%)
file185.117.91.141
Morpheus Loader botnet C2 server (confidence level: 75%)
file103.86.44.17
ValleyRAT botnet C2 server (confidence level: 100%)
file103.86.44.17
ValleyRAT botnet C2 server (confidence level: 100%)
file47.120.17.218
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.111.97.207
Cobalt Strike botnet C2 server (confidence level: 100%)
file35.230.30.248
Cobalt Strike botnet C2 server (confidence level: 100%)
file156.238.243.22
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.201.82.150
Cobalt Strike botnet C2 server (confidence level: 100%)
file178.16.55.53
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.143.11.34
Cobalt Strike botnet C2 server (confidence level: 100%)
file64.188.91.206
Latrodectus botnet C2 server (confidence level: 90%)
file64.188.91.194
Latrodectus botnet C2 server (confidence level: 90%)
file178.16.55.223
Latrodectus botnet C2 server (confidence level: 90%)
file64.188.91.184
Latrodectus botnet C2 server (confidence level: 90%)
file178.16.55.182
Latrodectus botnet C2 server (confidence level: 90%)
file143.92.37.138
Ghost RAT botnet C2 server (confidence level: 100%)
file143.92.37.139
Ghost RAT botnet C2 server (confidence level: 100%)
file103.215.216.166
pupy botnet C2 server (confidence level: 100%)
file35.94.232.47
Sliver botnet C2 server (confidence level: 100%)
file185.208.159.71
AsyncRAT botnet C2 server (confidence level: 100%)
file45.89.110.114
SectopRAT botnet C2 server (confidence level: 100%)
file77.14.44.190
Unknown malware botnet C2 server (confidence level: 100%)
file115.144.211.186
Unknown malware botnet C2 server (confidence level: 100%)
file45.76.254.251
Unknown malware botnet C2 server (confidence level: 100%)
file69.197.134.139
Unknown malware botnet C2 server (confidence level: 100%)
file171.250.184.154
Venom RAT botnet C2 server (confidence level: 100%)
file3.101.63.178
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file3.101.63.178
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file146.70.115.134
Xtreme RAT botnet C2 server (confidence level: 100%)
file3.137.60.53
XWorm botnet C2 server (confidence level: 100%)
file139.84.214.159
Sliver botnet C2 server (confidence level: 75%)
file139.84.214.159
Sliver botnet C2 server (confidence level: 75%)
file20.206.138.78
Sliver botnet C2 server (confidence level: 75%)
file107.150.0.150
Remcos botnet C2 server (confidence level: 75%)
file147.185.221.28
XWorm botnet C2 server (confidence level: 100%)
file147.185.221.31
XWorm botnet C2 server (confidence level: 100%)
file47.108.198.70
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.96.219.189
Cobalt Strike botnet C2 server (confidence level: 100%)
file206.119.173.107
Cobalt Strike botnet C2 server (confidence level: 100%)
file100.112.197.122
XWorm botnet C2 server (confidence level: 100%)
file100.110.134.37
XWorm botnet C2 server (confidence level: 100%)
file178.16.54.217
Latrodectus botnet C2 server (confidence level: 100%)
file178.16.55.195
Latrodectus botnet C2 server (confidence level: 100%)
file204.10.160.141
Remcos botnet C2 server (confidence level: 100%)
file124.198.132.82
Remcos botnet C2 server (confidence level: 100%)
file45.141.84.27
pupy botnet C2 server (confidence level: 100%)
file194.26.192.129
Sliver botnet C2 server (confidence level: 100%)
file116.108.103.88
AsyncRAT botnet C2 server (confidence level: 100%)
file91.108.243.57
Quasar RAT botnet C2 server (confidence level: 100%)
file171.250.184.154
Venom RAT botnet C2 server (confidence level: 100%)
file31.56.39.138
DCRat botnet C2 server (confidence level: 100%)
file99.79.78.100
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file44.252.84.108
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file44.252.84.108
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file103.86.44.17
ValleyRAT botnet C2 server (confidence level: 100%)
file13.49.57.111
XWorm botnet C2 server (confidence level: 75%)
file92.113.146.56
Unknown malware botnet C2 server (confidence level: 100%)
file147.185.221.31
XWorm botnet C2 server (confidence level: 100%)
file160.30.231.250
Cobalt Strike botnet C2 server (confidence level: 75%)
file5.188.166.78
RedLine Stealer botnet C2 server (confidence level: 100%)
file103.68.109.208
Rhadamanthys botnet C2 server (confidence level: 100%)
file198.100.150.33
Amadey botnet C2 server (confidence level: 100%)
file213.209.150.113
Amadey botnet C2 server (confidence level: 100%)
file116.202.183.85
Vidar botnet C2 server (confidence level: 100%)
file3.71.225.231
XWorm botnet C2 server (confidence level: 100%)
file52.57.120.10
XWorm botnet C2 server (confidence level: 100%)
file3.74.27.83
XWorm botnet C2 server (confidence level: 100%)
file18.192.31.30
XWorm botnet C2 server (confidence level: 100%)
file147.185.221.31
XWorm botnet C2 server (confidence level: 100%)
file178.16.54.218
Latrodectus botnet C2 server (confidence level: 90%)
file178.16.55.243
Latrodectus botnet C2 server (confidence level: 90%)
file178.16.54.235
Latrodectus botnet C2 server (confidence level: 90%)
file43.136.23.88
Cobalt Strike botnet C2 server (confidence level: 100%)
file178.16.55.53
Cobalt Strike botnet C2 server (confidence level: 100%)
file69.57.161.54
Sliver botnet C2 server (confidence level: 100%)
file38.12.25.254
Unknown malware botnet C2 server (confidence level: 100%)
file91.199.163.124
SectopRAT botnet C2 server (confidence level: 100%)
file18.253.70.97
Unknown malware botnet C2 server (confidence level: 100%)
file171.250.184.154
Venom RAT botnet C2 server (confidence level: 100%)
file171.250.184.154
Venom RAT botnet C2 server (confidence level: 100%)
file15.160.140.165
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file15.160.140.165
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file18.182.173.57
Brute Ratel C4 botnet C2 server (confidence level: 100%)
file147.185.221.31
XWorm botnet C2 server (confidence level: 100%)
file5.249.165.61
AsyncRAT botnet C2 server (confidence level: 100%)
file116.202.25.76
Quasar RAT botnet C2 server (confidence level: 100%)
file89.213.177.246
XWorm botnet C2 server (confidence level: 100%)
file45.134.225.90
Remcos botnet C2 server (confidence level: 100%)
file43.251.116.26
ValleyRAT botnet C2 server (confidence level: 100%)
file43.251.116.26
ValleyRAT botnet C2 server (confidence level: 100%)
file43.251.116.26
ValleyRAT botnet C2 server (confidence level: 100%)
file94.183.183.144
Cobalt Strike botnet C2 server (confidence level: 75%)
file178.16.54.234
Latrodectus botnet C2 server (confidence level: 90%)
file178.16.55.210
Latrodectus botnet C2 server (confidence level: 90%)
file94.154.35.197
Latrodectus botnet C2 server (confidence level: 90%)
file155.94.153.203
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.198.131.205
Remcos botnet C2 server (confidence level: 100%)
file91.92.109.169
Remcos botnet C2 server (confidence level: 100%)
file45.141.84.139
pupy botnet C2 server (confidence level: 100%)
file154.58.204.90
Sliver botnet C2 server (confidence level: 100%)
file164.92.204.170
Sliver botnet C2 server (confidence level: 100%)
file196.251.88.20
AsyncRAT botnet C2 server (confidence level: 100%)
file186.169.63.216
AsyncRAT botnet C2 server (confidence level: 100%)
file45.61.136.195
SectopRAT botnet C2 server (confidence level: 100%)
file187.201.97.119
Quasar RAT botnet C2 server (confidence level: 100%)
file187.201.97.119
Quasar RAT botnet C2 server (confidence level: 100%)
file187.201.97.119
Quasar RAT botnet C2 server (confidence level: 100%)
file187.201.97.119
Quasar RAT botnet C2 server (confidence level: 100%)
file3.106.249.233
Havoc botnet C2 server (confidence level: 100%)
file1.15.25.105
DCRat botnet C2 server (confidence level: 100%)
file15.157.72.236
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file3.12.151.112
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file103.116.52.102
MooBot botnet C2 server (confidence level: 100%)
file23.94.89.225
MooBot botnet C2 server (confidence level: 100%)
file94.237.85.209
MimiKatz botnet C2 server (confidence level: 100%)
file216.105.169.18
Xtreme RAT botnet C2 server (confidence level: 100%)
file141.147.171.199
DeimosC2 botnet C2 server (confidence level: 75%)
file95.216.191.29
Sliver botnet C2 server (confidence level: 75%)
file147.185.221.30
NjRAT botnet C2 server (confidence level: 100%)
file193.187.91.237
XWorm botnet C2 server (confidence level: 100%)
file193.161.193.99
XWorm botnet C2 server (confidence level: 100%)
file192.169.69.26
XWorm botnet C2 server (confidence level: 100%)
file103.176.197.33
ValleyRAT botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash4564
NjRAT botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1024
Remcos botnet C2 server (confidence level: 100%)
hash51269
Remcos botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash5002
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash1961
Quasar RAT botnet C2 server (confidence level: 100%)
hash1098
Quasar RAT botnet C2 server (confidence level: 100%)
hash2053
Quasar RAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash80
Brute Ratel C4 botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 100%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 100%)
hash49118
XWorm botnet C2 server (confidence level: 100%)
hash2703
AsyncRAT botnet C2 server (confidence level: 100%)
hash7044
Vjw0rm botnet C2 server (confidence level: 100%)
hash5929
XWorm botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2053
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Ghost RAT botnet C2 server (confidence level: 75%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash2053
Quasar RAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash443
Lumma Stealer botnet C2 server (confidence level: 100%)
hash1006
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash3321
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash55533
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3389
Unknown malware botnet C2 server (confidence level: 100%)
hash9443
Unknown malware botnet C2 server (confidence level: 100%)
hash81
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8088
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
ShadowPad botnet C2 server (confidence level: 90%)
hash50007
Venom RAT botnet C2 server (confidence level: 100%)
hash10261
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash102
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash44818
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash833
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash1337
Bashlite botnet C2 server (confidence level: 100%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 100%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 100%)
hash14498
Quasar RAT botnet C2 server (confidence level: 100%)
hash14498
Quasar RAT botnet C2 server (confidence level: 100%)
hash57843
XWorm botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8088
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash88
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8123
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8001
Cobalt Strike botnet C2 server (confidence level: 100%)
hash19273
Quasar RAT botnet C2 server (confidence level: 100%)
hash8765
XWorm botnet C2 server (confidence level: 100%)
hash25312
Quasar RAT botnet C2 server (confidence level: 100%)
hash7050
Vjw0rm botnet C2 server (confidence level: 100%)
hash4443
Morpheus Loader botnet C2 server (confidence level: 75%)
hash266
ValleyRAT botnet C2 server (confidence level: 100%)
hash377
ValleyRAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2083
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8090
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Latrodectus botnet C2 server (confidence level: 90%)
hash443
Latrodectus botnet C2 server (confidence level: 90%)
hash443
Latrodectus botnet C2 server (confidence level: 90%)
hash443
Latrodectus botnet C2 server (confidence level: 90%)
hash443
Latrodectus botnet C2 server (confidence level: 90%)
hash443
Ghost RAT botnet C2 server (confidence level: 100%)
hash443
Ghost RAT botnet C2 server (confidence level: 100%)
hash443
pupy botnet C2 server (confidence level: 100%)
hash80
Sliver botnet C2 server (confidence level: 100%)
hash305
AsyncRAT botnet C2 server (confidence level: 100%)
hash9000
SectopRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash6001
Venom RAT botnet C2 server (confidence level: 100%)
hash83
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash36683
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 100%)
hash18452
XWorm botnet C2 server (confidence level: 100%)
hash60000
Sliver botnet C2 server (confidence level: 75%)
hash8888
Sliver botnet C2 server (confidence level: 75%)
hash3000
Sliver botnet C2 server (confidence level: 75%)
hash27362
Remcos botnet C2 server (confidence level: 75%)
hash56993
XWorm botnet C2 server (confidence level: 100%)
hash15788
XWorm botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
XWorm botnet C2 server (confidence level: 100%)
hash8080
XWorm botnet C2 server (confidence level: 100%)
hash443
Latrodectus botnet C2 server (confidence level: 100%)
hash443
Latrodectus botnet C2 server (confidence level: 100%)
hash443
Remcos botnet C2 server (confidence level: 100%)
hash8000
Remcos botnet C2 server (confidence level: 100%)
hash443
pupy botnet C2 server (confidence level: 100%)
hash31337
Sliver botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash8443
Quasar RAT botnet C2 server (confidence level: 100%)
hash8000
Venom RAT botnet C2 server (confidence level: 100%)
hash443
DCRat botnet C2 server (confidence level: 100%)
hash6513
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash2095
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash18245
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443
ValleyRAT botnet C2 server (confidence level: 100%)
hash7000
XWorm botnet C2 server (confidence level: 75%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash14210
XWorm botnet C2 server (confidence level: 100%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 75%)
hash1912
RedLine Stealer botnet C2 server (confidence level: 100%)
hash1630
Rhadamanthys botnet C2 server (confidence level: 100%)
hash80
Amadey botnet C2 server (confidence level: 100%)
hash80
Amadey botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash15466
XWorm botnet C2 server (confidence level: 100%)
hash15466
XWorm botnet C2 server (confidence level: 100%)
hash15466
XWorm botnet C2 server (confidence level: 100%)
hash15466
XWorm botnet C2 server (confidence level: 100%)
hash16174
XWorm botnet C2 server (confidence level: 100%)
hash443
Latrodectus botnet C2 server (confidence level: 90%)
hash443
Latrodectus botnet C2 server (confidence level: 90%)
hash443
Latrodectus botnet C2 server (confidence level: 90%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash9000
SectopRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash6000
Venom RAT botnet C2 server (confidence level: 100%)
hash5000
Venom RAT botnet C2 server (confidence level: 100%)
hash5900
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash2000
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
Brute Ratel C4 botnet C2 server (confidence level: 100%)
hasha21f48affc8d0c9e4bb028bce03a35cb5987e5d7
Luca Stealer payload (confidence level: 95%)
hashe15886e3c6af9edae546b18f8cce879de2773538cebd598748af924db890da40
Luca Stealer payload (confidence level: 95%)
hashf2642117458898700b711c42223cbf1f
Luca Stealer payload (confidence level: 95%)
hash8c68a27f38496c91143e4a684c9d790c3d645331
Stealc payload (confidence level: 95%)
hash8441f8b903c676d468bb0b0c07d699cb98df153cc50b4ac566e7ab95293cd2db
Stealc payload (confidence level: 95%)
hash2ec65ea39e10130c9ef1b4959cd8c1b6
Stealc payload (confidence level: 95%)
hash68ab64797e2fefd564b145c24fab5b2561eaa352
RedLine Stealer payload (confidence level: 95%)
hashe12ee7f81b36119f286b0aef02de51905a17c14433a37439f089e07baf3044ce
RedLine Stealer payload (confidence level: 95%)
hash5f85b9eca6c9f0ddea551d99fa9dbc8d
RedLine Stealer payload (confidence level: 95%)
hashae5e74a6edac95b1249a53d7508a9d5bce89175d
GCleaner payload (confidence level: 95%)
hash04651b5ea2f5abd76dfffd4630d54ca23bf2a3c30f53e4ccc213f0f669b7e834
GCleaner payload (confidence level: 95%)
hashcc36da35f070a8d624b1dee90fd38046
GCleaner payload (confidence level: 95%)
hash5e2cf680e3d84c4d64393c2488fa52a5fb286b60
GCleaner payload (confidence level: 95%)
hash75ebdbe16e4e04a657bb1a54f48b6951d1b0a191e79f27d2dbdbf2a4afe929c3
GCleaner payload (confidence level: 95%)
hasha9452a306bef9139dc7d80fb222f01e7
GCleaner payload (confidence level: 95%)
hashbe7a91a756591f4dc5219a93a81b7efee4ecff7d
Luca Stealer payload (confidence level: 95%)
hash96024042d0dea1ab62db489fba07834dced65fe1e2d09b33ccdc41c388d11609
Luca Stealer payload (confidence level: 95%)
hash264209bff659d152dd59800888ef00c3
Luca Stealer payload (confidence level: 95%)
hash9c966164966fe79ac56b7b5142d4c2f97087146e
XWorm payload (confidence level: 95%)
hash3bb5b7905d133153dadc408f2ed8075c6b3d11aa13ba52b3bd97704484655c3e
XWorm payload (confidence level: 95%)
hash7c136e58cd9cbfa39193e4f60f019d3b
XWorm payload (confidence level: 95%)
hash9f2ec5b04d9a3bf36f273b802d04fd41e0c35e7c
XWorm payload (confidence level: 95%)
hashae3b091dc9baa4497d5da784515c69539eeafd4d38bca1e42a3588fb8c56e47d
XWorm payload (confidence level: 95%)
hashfd45dd72e29bd2b4c0728fe4880f92ab
XWorm payload (confidence level: 95%)
hashcc62b7e2eb91656f42279317da20ff0ba3b7c4cf
Amadey payload (confidence level: 95%)
hashba9dfea27d075639e627720e191c5f0dbfc689f8ed55213a4179b7b7bb4658d2
Amadey payload (confidence level: 95%)
hashfdb6f1e48ff8ec82a5d30d1aa2084078
Amadey payload (confidence level: 95%)
hashd0c1ebe432ef412dd63f69c9adf27df827b31bac
Luca Stealer payload (confidence level: 95%)
hashbfd62493f02254967099a6e6ab922c0fbf00363659a030dc303cede7d2709295
Luca Stealer payload (confidence level: 95%)
hash1fd70a931d005b7b32c1df6107056762
Luca Stealer payload (confidence level: 95%)
hash1825876dd9d7ab2b84ccb7b93554e964c64164d9
Luca Stealer payload (confidence level: 95%)
hash2837c7974b43c5836e0d123c4a9f29a337f28d57019ac6d98a6c99b6d0683322
Luca Stealer payload (confidence level: 95%)
hash9bf7a6fdb4e14147efae8a79767d6d86
Luca Stealer payload (confidence level: 95%)
hash7792dd9bac3de22c2a026e055432af83a4e358f9
XWorm payload (confidence level: 95%)
hash314d0fbf925c53f52ff40ff6936824d8db25e4e0c23134aa572aa1828faacedc
XWorm payload (confidence level: 95%)
hashfcfcbeb5322cc1f2cc3d8abbeac06814
XWorm payload (confidence level: 95%)
hash8e37a8d5d2744df00d8aed6cc925df8334145292
Coinminer payload (confidence level: 95%)
hashe2c3e6311d29dfe4295934c27fcda900fefc80e8e0d211f95f879771c22f6c04
Coinminer payload (confidence level: 95%)
hashfcb7009ab298bb4b59a28bc958b30a6d
Coinminer payload (confidence level: 95%)
hash11aad99764d62584e8252f0e2d05571be55f0a70
Amadey payload (confidence level: 95%)
hashc1fcdbc77e5ab2ebfbf3bd0adc2d81bd64ed2dfdacccfea9783003cf950ac36b
Amadey payload (confidence level: 95%)
hash6f4151c124693d9dfd2092b7e01df0d4
Amadey payload (confidence level: 95%)
hash4c188cfdec14047273503b4a08d9eaab5edf9a15
Luca Stealer payload (confidence level: 95%)
hashbd3cd8bf7dfdc80604a6f4dbbee83b31b82ae5082a8f45aa525732264280ea4f
Luca Stealer payload (confidence level: 95%)
hash2672f886b9c5cf4bfb39df3915a346ce
Luca Stealer payload (confidence level: 95%)
hash0993f37c578a5a4eaf33e2e664263e91fdff0866
PlugX payload (confidence level: 95%)
hash854c8a2bc48bced68b6c8d92fe3fadfc67df4f079af0a9714731c61bf3b684d6
PlugX payload (confidence level: 95%)
hash7917b4df9d64d168cbd3028a54769872
PlugX payload (confidence level: 95%)
hash04bdd7f9e29d3535bf6174eecb3a3b308721edfc
XWorm payload (confidence level: 95%)
hasha622496b016b530214c3e577193e9d6343bd81407bd75162055bf92734e86608
XWorm payload (confidence level: 95%)
hashfc2fdd3092209746c6dd0a9cdbc946e1
XWorm payload (confidence level: 95%)
hashbc307ff0a5c99c1b28190b0143050e65e422cd70
XWorm payload (confidence level: 95%)
hash4c0999fd58331d7b3f971f3bfe4351b500d086eac555b81a5e7c7c41cb3eae8b
XWorm payload (confidence level: 95%)
hashfc0bf0571f17febe7fa85a759e41fa56
XWorm payload (confidence level: 95%)
hashc597515b70d6e9e0c9619b178e2d1d1dd103d23e
GCleaner payload (confidence level: 95%)
hash353bb7ff551cc81d11dd41b3ac03084ab2ce72a86099a6010a9ac5d6a67cc5d0
GCleaner payload (confidence level: 95%)
hash90ae9ea4403cc0cf5c92af2d3d82c7e3
GCleaner payload (confidence level: 95%)
hash1a50b1a8a3db87102adb18e36ca5fb0342b6df8e
GCleaner payload (confidence level: 95%)
hash1a3a2be484d8f6e4a3458ef3c259f13497fc5c10062458c6b2c4373005a3d7fe
GCleaner payload (confidence level: 95%)
hash0ade37df44fc167eb53b80ef66bb02b9
GCleaner payload (confidence level: 95%)
hashc765ae734e9f46ec71d1353d6a5848e3169be005
RedLine Stealer payload (confidence level: 95%)
hash2c7de71de889aafad05239bce7583f33677e527b1b12f30c313351fb8844af17
RedLine Stealer payload (confidence level: 95%)
hash888f19d6a9aa7e7dbf0a0631a2846092
RedLine Stealer payload (confidence level: 95%)
hashd2c2edefda995f779b57450468af67985d0c1ae1
Cobalt Strike payload (confidence level: 95%)
hash3c50eb2e3055d6cd28e128bf48ba711ff757089c0dee8b1bacd26f4470705174
Cobalt Strike payload (confidence level: 95%)
hash558a5b1e7d522106befa31207e0d4f68
Cobalt Strike payload (confidence level: 95%)
hashcb17e0d7578e2b2ddfadb7c4c382e8c22c33e413
Formbook payload (confidence level: 95%)
hashaf6376d7d5de38d0d7acf754db0d4c4f77ba49a48eb1cb4d240b16d3725d58dc
Formbook payload (confidence level: 95%)
hash77bb7e58c81684e5b380ea7a15bb8f6a
Formbook payload (confidence level: 95%)
hashefbec494052d095488616bb43f4f1c0c1274d13a
XWorm payload (confidence level: 95%)
hashdcc9538effe19a635714006044a83e9ab84b0355d28c07d819c44e879207b363
XWorm payload (confidence level: 95%)
hashfb9376eaf838223e5361854cdb9485cd
XWorm payload (confidence level: 95%)
hash3ab3a0ed91c407f32689c293df434a0a2368d6e2
Havoc payload (confidence level: 95%)
hashf244c0520231ec5a3fe6eff638cbbc80d778f4b33db88ab278634a7758e5c926
Havoc payload (confidence level: 95%)
hashe0703500ff017c45a3364a473bce1bda
Havoc payload (confidence level: 95%)
hashd5f4c923e9d3d812edab4df85667f45b6c66f358
Amadey payload (confidence level: 95%)
hash994065e0f91b950d6b8b8d5cc42817f22506323206740c570fa1db33746c4de1
Amadey payload (confidence level: 95%)
hash9d1ee858be90e34a8e70bdb8ad2c5e5a
Amadey payload (confidence level: 95%)
hashfc31f4cccbfef0873736337065e4a84d7c60dfc9
XWorm payload (confidence level: 95%)
hash48658b63dba7df9119b111b9d5d537f087162b7a8be03904dd6b76cfe39380df
XWorm payload (confidence level: 95%)
hashfb5d864ea260cea1e75d825d88d4152b
XWorm payload (confidence level: 95%)
hash4f1a7e7d55aa5c309f95fce6b5630c275a44d82d
Formbook payload (confidence level: 95%)
hash0faf94a24b00a7dca3cb0e26b29b0c3f72f66e2f968d997ad45e74620efeb11b
Formbook payload (confidence level: 95%)
hash9ac6847453af1e7ae25c2356e17ee0df
Formbook payload (confidence level: 95%)
hash784867a6c3a76e1947919914e166411208fd1e4d
KrakenKeylogger payload (confidence level: 95%)
hash8cc4684d5b4c41db041acab6550e5d8d110175b4da2dbe79da04b62cd21b410a
KrakenKeylogger payload (confidence level: 95%)
hasha72fbedc6515423321246d11c82db58e
KrakenKeylogger payload (confidence level: 95%)
hashb4068ce4aec98a1a0b41e4b2f5c6e5432dd498d6
VIP Keylogger payload (confidence level: 95%)
hash3560c6f9c634f01045b6d421270e3984dab8b43c7b9a5af2a4f87903028b21e1
VIP Keylogger payload (confidence level: 95%)
hash0bfa29caf0bf03aa51021cf0060b3b41
VIP Keylogger payload (confidence level: 95%)
hash2b4fc28b2083396cd61ed0b46cb10f25b448dcbc
XWorm payload (confidence level: 95%)
hash14e1e45700c823b5b6ee2d45bafb8a4c57a79cdd115199592894ed3b88b21fed
XWorm payload (confidence level: 95%)
hash34876a9697f92cc1c159053d5a670e5d
XWorm payload (confidence level: 95%)
hash321fed7b3948ebd17f7c32c5cd7363add6269467
purpleink payload (confidence level: 95%)
hash87e1e8c1e29eef773344a54e0d6b518406822840b50f2866ce9c2128b767b37d
purpleink payload (confidence level: 95%)
hash5db9a032b31a74b6b64614424818899f
purpleink payload (confidence level: 95%)
hash15350c3cde5c318bb9a4972aca9bc46cbbde0fac
Formbook payload (confidence level: 95%)
hashcba5a4c3813bbce1dfd6591d94bdd59e773c33d06d4a534da0b3cb527f0a9f7b
Formbook payload (confidence level: 95%)
hash53caeb10cf0f802ec7597cff67bc9a13
Formbook payload (confidence level: 95%)
hash6af0ad6d7ed31a6420c5d9af1cda4ef4984182af
VIP Keylogger payload (confidence level: 95%)
hash287eed2ee591a0bfac6b817ebb5e9da770014fc645d0d1e1ecc523e96b1bb7c5
VIP Keylogger payload (confidence level: 95%)
hash6352f7e42c001ab0776afa150b942fbf
VIP Keylogger payload (confidence level: 95%)
hash5bca595c754e909ed45f3bcf5b5be94f01aab7da
Luca Stealer payload (confidence level: 95%)
hashbd48a0e2b6038130537b279be3e89a7b7d41ee315a8b04c0d9af572d6c16a950
Luca Stealer payload (confidence level: 95%)
hasha7e62ba3653962e5571bed11db6ac4f8
Luca Stealer payload (confidence level: 95%)
hash362fc953a06ee8c923b912543ad00a244f9f23cf
Remcos payload (confidence level: 95%)
hash2dcb95ebe5144f45e045bc0e92ec983ab0ead6e7ae72950ea178de51760cd06e
Remcos payload (confidence level: 95%)
hash3ce52c9fb07a095c7885e91f4924c0ea
Remcos payload (confidence level: 95%)
hasha78767479c092ef7f4c08678c4db16f44d0ef973
Luca Stealer payload (confidence level: 95%)
hash49a3e94b5f1a0199ac0929428e4779451a3533e93f469cb1d832d44c590fe8ff
Luca Stealer payload (confidence level: 95%)
hasheb774e7c8fbc7976cbae2afc2a55f9ea
Luca Stealer payload (confidence level: 95%)
hash0658373859224551e7c83506cbab685b366c3c8b
Agent Tesla payload (confidence level: 95%)
hash2d02606c43b8a9be066c030f5d47833058357b216790ab05f5399eafb433d83b
Agent Tesla payload (confidence level: 95%)
hash3789c90b217dca894cebe98b93d4a714
Agent Tesla payload (confidence level: 95%)
hash3a854191c03120d862714f6458910fa25c892c39
GCleaner payload (confidence level: 95%)
hash050f2713c672fef785c006ad7243e5ed913fa5a396cb2739f0ceaf1ddadadaa0
GCleaner payload (confidence level: 95%)
hashada31b3b06c23a13f9e5d6f520b1b539
GCleaner payload (confidence level: 95%)
hasha98c63ecfaac224f1fa73bfd6081f9ed27426f66
Luca Stealer payload (confidence level: 95%)
hash099250469c23007b02b117b43e6a1b29d24944eebb4c12b0cdc553556d414ca8
Luca Stealer payload (confidence level: 95%)
hash8693d73ec0b1ba1619b74e8936842123
Luca Stealer payload (confidence level: 95%)
hash81a299a54ba003b307d84a220c697907bd960b54
Luca Stealer payload (confidence level: 95%)
hashf667c428b522dde24c5524da99fdf375e3fed0ca92977f0890eb72e21e2178fb
Luca Stealer payload (confidence level: 95%)
hash2af5068f57164b15ab2da10f956f243c
Luca Stealer payload (confidence level: 95%)
hash8e848235ae7706b9276b3cb8e7a83430030cef17
Luca Stealer payload (confidence level: 95%)
hashdb435e2a44fee3053b98a0111e4dbd4e312a213e6a31cb909ead13733921e05b
Luca Stealer payload (confidence level: 95%)
hash00a4c8a014786f525c9192bfbbf6e514
Luca Stealer payload (confidence level: 95%)
hash33bc48636e242db9bf5efbaebb53ef64b5f10276
Luca Stealer payload (confidence level: 95%)
hash6aaa12302d88ebf9486d546f7c8c5ea0930ae6e5db2b70cbe0552dc3f57ee2e2
Luca Stealer payload (confidence level: 95%)
hashbaf9949e853bc2a3479b10e6335e1bd2
Luca Stealer payload (confidence level: 95%)
hash0b04c8f67e747a0200972328784721107824795a
Luca Stealer payload (confidence level: 95%)
hash2f5561a0b8268a796b97b58d38421fd3d377e4b280825120f00fab3292e706b3
Luca Stealer payload (confidence level: 95%)
hash27f6c5d50f3e16e88259a61f5b81f345
Luca Stealer payload (confidence level: 95%)
hashecbaf1bafe840fe217e91f94d63a09ae50b95bb4
GCleaner payload (confidence level: 95%)
hash6621b9465a5a1ca10921c22b8a6403027eccea0c29f5fb72e8923886b7a8ae1c
GCleaner payload (confidence level: 95%)
hashacb29c97ebee5f59080292255f22b272
GCleaner payload (confidence level: 95%)
hashe25793373a5f80e86777e00879d22ffd2df0199f
XWorm payload (confidence level: 95%)
hashcf6b4824a833d49dc750f8361db73916310543fc225211efc147eb8b58c5c5c6
XWorm payload (confidence level: 95%)
hashdfd1b59e6825391fb8ca57543e2b35fd
XWorm payload (confidence level: 95%)
hash5862
XWorm botnet C2 server (confidence level: 100%)
hash8797
AsyncRAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash7000
XWorm botnet C2 server (confidence level: 100%)
hash5656
Remcos botnet C2 server (confidence level: 100%)
hash668
ValleyRAT botnet C2 server (confidence level: 100%)
hash443
ValleyRAT botnet C2 server (confidence level: 100%)
hash90
ValleyRAT botnet C2 server (confidence level: 100%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Latrodectus botnet C2 server (confidence level: 90%)
hash443
Latrodectus botnet C2 server (confidence level: 90%)
hash443
Latrodectus botnet C2 server (confidence level: 90%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1000
Remcos botnet C2 server (confidence level: 100%)
hash3306
Remcos botnet C2 server (confidence level: 100%)
hash443
pupy botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash7077
AsyncRAT botnet C2 server (confidence level: 100%)
hash5020
AsyncRAT botnet C2 server (confidence level: 100%)
hash9000
SectopRAT botnet C2 server (confidence level: 100%)
hash4242
Quasar RAT botnet C2 server (confidence level: 100%)
hash2376
Quasar RAT botnet C2 server (confidence level: 100%)
hash2077
Quasar RAT botnet C2 server (confidence level: 100%)
hash2082
Quasar RAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash8000
DCRat botnet C2 server (confidence level: 100%)
hash45615
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash2405
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash8000
MimiKatz botnet C2 server (confidence level: 100%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 100%)
hash2096
DeimosC2 botnet C2 server (confidence level: 75%)
hash1433
Sliver botnet C2 server (confidence level: 75%)
hash42419
NjRAT botnet C2 server (confidence level: 100%)
hash1111
XWorm botnet C2 server (confidence level: 100%)
hash47328
XWorm botnet C2 server (confidence level: 100%)
hash6677
XWorm botnet C2 server (confidence level: 100%)
hash20
ValleyRAT botnet C2 server (confidence level: 100%)

Domain

ValueDescriptionCopy
domainmiscorof.com
Unknown malware payload delivery domain (confidence level: 75%)
domainthelinedesigns.com
Unknown malware payload delivery domain (confidence level: 75%)
domainlopersab.com
Unknown malware payload delivery domain (confidence level: 75%)
domainpicarrs.com
Unknown malware payload delivery domain (confidence level: 75%)
domainec2-75-101-210-201.compute-1.amazonaws.com
Havoc botnet C2 domain (confidence level: 100%)
domainwww.shwepaukkan.org
Havoc botnet C2 domain (confidence level: 100%)
domainrootyar.messager.my
Unknown malware botnet C2 domain (confidence level: 100%)
domainauth.messager.my
Unknown malware botnet C2 domain (confidence level: 100%)
domainmsxzvip.top
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainznaiweb.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.dirigarmenttech.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainship-be.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domainstop-butterfly.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainstudentessaywriting.org
XWorm botnet C2 domain (confidence level: 100%)
domainrule-passport.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainnow-sight.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainsoxsox1.twilightparadox.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainknoeyyrt.com
ValleyRAT botnet C2 domain (confidence level: 100%)
domainrun0.cc
ValleyRAT botnet C2 domain (confidence level: 100%)
domainsophos-upd-srv.info
Morpheus Loader botnet C2 domain (confidence level: 100%)
domaincanadianpizza.me
Unknown malware payload delivery domain (confidence level: 75%)
domaintheguardshield.com
Unknown malware payload delivery domain (confidence level: 75%)
domaincyberguardex.com
Unknown malware payload delivery domain (confidence level: 75%)
domainac-backend.sarkhsolution.com
Havoc botnet C2 domain (confidence level: 100%)
domainbilling.roofnrack.us
FAKEUPDATES botnet C2 domain (confidence level: 75%)
domaincp.envisionfonddulac.biz
FAKEUPDATES botnet C2 domain (confidence level: 75%)
domainairport-lottery.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainmsi.tail65a1e3.ts.net
XWorm botnet C2 domain (confidence level: 100%)
domainklm25.zapto.org
Remcos botnet C2 domain (confidence level: 100%)
domainkalelsianox.twilightparadox.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainupload.shipensburginvestmentgroup.com
Vidar botnet C2 domain (confidence level: 75%)
domainbbrwyckeadd5e.cfc-execute.bj.baidubce.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaindemo-ztxhfeoqql.cn-hangzhou.fcapp.run
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainnewthingsforagirltolovebestpersoninthewo.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainintroduction-hello.gl.at.ply.gg
AsyncRAT botnet C2 domain (confidence level: 100%)
domainbradtae.com
KongTuke payload delivery domain (confidence level: 100%)
domainsodipuc.top
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainstellob.top
Lumma Stealer botnet C2 domain (confidence level: 50%)
domain688c674cf3f6d.xvest6.ru
Unknown malware botnet C2 domain (confidence level: 100%)
domainjul5050quasa.duckdns.org
Quasar RAT botnet C2 domain (confidence level: 75%)
domainjul5050quasab.duckdns.org
Quasar RAT botnet C2 domain (confidence level: 75%)
domainjul5050quasac.duckdns.org
Quasar RAT botnet C2 domain (confidence level: 75%)
domainjul5050quasad.duckdns.org
Quasar RAT botnet C2 domain (confidence level: 75%)
domainjul5050quasae.duckdns.org
Quasar RAT botnet C2 domain (confidence level: 75%)
domainjul5050quasaf.duckdns.org
Quasar RAT botnet C2 domain (confidence level: 75%)
domainreply-suits.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainvxnishhisbacl-53480.portmap.host
XWorm botnet C2 domain (confidence level: 100%)
domainkb34vsd.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainksj43ts.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainjskeywon.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainrtx.shipensburginvestmentgroup.com
Vidar botnet C2 domain (confidence level: 75%)

Threat ID: 68a6659ead5a09ad0009cd67

Added to database: 8/21/2025, 12:17:34 AM

Last enriched: 8/21/2025, 12:32:46 AM

Last updated: 8/21/2025, 4:32:34 AM

Views: 4

Related Threats

Behind the Curtain: How Lumma Affiliates Operate

Medium
MalwareWed Aug 20 2025

A Cereal Offender: Analyzing the CORNFLAKE.V3 Backdoor

Medium
MalwareWed Aug 20 2025

Fake Antivirus App Spreads Android Malware with Livestreaming Capability to Spy on Russian Users

Medium
MalwareWed Aug 20 2025

New DripDropper Malware Exploits Linux Flaw Then Patches It Lock Rivals Out

Medium
MalwareWed Aug 20 2025

Attacks Targeting Linux SSH Servers to Install SVF DDoS Bot

Medium
MalwareWed Aug 20 2025

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats