ThreatFox IOCs for 2025-09-17
Severity: mediumType: malware
ThreatFox IOCs for 2025-09-17
AI Analysis
Technical Summary
The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2025-09-17 by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), payload delivery, and network activity. The data lacks specific affected versions or products, indicating that it is a general intelligence feed rather than a vulnerability tied to a particular software or hardware product. The threat level is rated as 2 on an unspecified scale, with analysis and distribution scores suggesting moderate dissemination and limited analytical detail. No known exploits are reported in the wild, and no patches are available, which aligns with the nature of OSINT feeds that typically provide threat actor infrastructure, malware hashes, or network indicators rather than direct vulnerabilities or exploits. The absence of CWEs and technical details further supports that this is an intelligence collection rather than a direct exploit or vulnerability. The threat is tagged with TLP:WHITE, indicating it is intended for wide distribution without restrictions. Overall, this represents a medium-severity malware-related threat intelligence update focusing on payload delivery mechanisms and network activity patterns, useful for enhancing detection and response capabilities rather than indicating an active exploit or vulnerability requiring immediate patching.
Potential Impact
For European organizations, the impact of this threat lies primarily in the potential for improved situational awareness and detection of malware campaigns through updated IOCs. Since no specific exploit or vulnerability is identified, the direct risk of compromise is low to medium, depending on the organization's ability to integrate and act on the provided intelligence. Organizations that rely heavily on OSINT feeds for threat hunting and incident response can leverage these IOCs to detect and mitigate payload delivery attempts and suspicious network activity. However, the lack of known exploits in the wild and absence of patchable vulnerabilities means that the threat does not currently pose an immediate operational risk but should be monitored as part of ongoing threat intelligence efforts. Failure to incorporate such intelligence could result in delayed detection of malware infections or network intrusions, potentially leading to data breaches or service disruptions if payload delivery attempts succeed.
Mitigation Recommendations
European organizations should focus on integrating the ThreatFox IOCs into their existing security monitoring and incident response platforms, such as SIEMs, IDS/IPS, and endpoint detection and response (EDR) tools. Regularly updating threat intelligence feeds and automating IOC ingestion will enhance early detection of related malware activity. Network segmentation and strict egress filtering can limit the impact of payload delivery attempts. Additionally, organizations should conduct regular threat hunting exercises using these IOCs to identify potential compromises early. Since no patches are available, emphasis should be placed on proactive detection, user awareness training to recognize phishing or social engineering attempts that may deliver payloads, and maintaining robust backup and recovery procedures to mitigate potential damage from malware infections. Collaboration with national and European cybersecurity centers can also improve contextual understanding and response coordination.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain
Indicators of Compromise
- domain: mkt.97jt.ru
- domain: g.527w.ru
- file: 46.62.198.245
- hash: 443
- file: 104.223.122.120
- hash: 80
- file: 47.120.70.161
- hash: 80
- file: 47.108.217.44
- hash: 8848
- file: 172.111.244.107
- hash: 37830
- file: 49.113.78.131
- hash: 8888
- file: 94.249.236.169
- hash: 8808
- file: 209.38.147.179
- hash: 9000
- file: 196.251.88.76
- hash: 1911
- file: 45.94.47.200
- hash: 443
- file: 176.46.158.38
- hash: 1337
- domain: tc.527w.ru
- domain: v5.s57o.ru
- domain: 2w1.527w.ru
- domain: s.802d.ru
- file: 147.185.221.23
- hash: 13715
- domain: h1.802d.ru
- domain: cm0.s57o.ru
- domain: v3.802d.ru
- url: https://ret.aztu.edu.az
- domain: ret.aztu.edu.az
- url: https://ret.demoserviciopcmendoza.com.ar
- domain: ret.demoserviciopcmendoza.com.ar
- file: 156.247.40.80
- hash: 443
- file: 83.147.18.16
- hash: 54445
- file: 103.115.64.166
- hash: 443
- domain: fastfoodnewyorkcity.com
- file: 82.25.93.185
- hash: 7443
- file: 34.220.66.55
- hash: 80
- file: 152.228.206.127
- hash: 22
- file: 65.21.175.89
- hash: 5000
- file: 116.211.150.7
- hash: 3333
- file: 50.19.143.151
- hash: 443
- file: 206.237.21.219
- hash: 443
- file: 95.163.249.128
- hash: 3333
- file: 194.5.157.70
- hash: 2083
- file: 123.231.234.37
- hash: 443
- file: 123.231.234.37
- hash: 80
- file: 8.130.159.166
- hash: 3333
- file: 3.64.98.115
- hash: 80
- file: 3.64.98.115
- hash: 443
- file: 5.129.211.49
- hash: 3333
- file: 8.210.254.131
- hash: 3333
- file: 18.196.184.108
- hash: 80
- file: 18.196.184.108
- hash: 443
- file: 185.105.111.62
- hash: 443
- file: 120.76.158.8
- hash: 5678
- file: 3.210.156.111
- hash: 443
- file: 185.145.148.80
- hash: 8080
- file: 69.62.98.218
- hash: 443
- file: 31.97.16.101
- hash: 443
- file: 46.202.190.74
- hash: 2083
- file: 24.199.96.90
- hash: 3333
- file: 45.136.14.126
- hash: 1234
- file: 190.63.136.97
- hash: 8089
- file: 3.138.62.201
- hash: 8443
- file: 58.210.0.45
- hash: 9205
- file: 40.114.83.155
- hash: 4444
- file: 158.94.208.175
- hash: 443
- file: 212.83.139.101
- hash: 2404
- file: 158.94.209.127
- hash: 2404
- file: 91.92.241.57
- hash: 443
- file: 196.251.80.152
- hash: 2404
- file: 16.63.108.75
- hash: 20997
- file: 3.10.203.198
- hash: 4839
- url: http://cm31471.tw1.ru/f243cc5e.php
- domain: 0zq.802d.ru
- domain: exim111.casacam.net
- domain: you-gaps.gl.at.ply.gg
- domain: paygateme.net
- domain: 989jsdbty.duckdns.org
- domain: 4802jkshdp.duckdns.org
- domain: 74yanadh.duckdns.org
- domain: gift.ydns.eu
- url: https://famixsk.shop/oxwi
- domain: l.v51o.ru
- file: 107.189.23.136
- hash: 7720
- domain: p.526r.ru
- file: 143.92.34.217
- hash: 6666
- domain: c8.526r.ru
- domain: d1.v51o.ru
- file: 188.225.11.79
- hash: 9443
- domain: 1m.526r.ru
- file: 103.236.68.217
- hash: 7000
- domain: rxe.526r.ru
- file: 115.92.155.19
- hash: 81
- domain: x0r.v51o.ru
- file: 196.251.92.95
- hash: 1989
- domain: bq.s9i1.ru
- domain: u.s9i1.ru
- url: http://202.181.148.70/sanya.php
- file: 95.217.242.219
- hash: 443
- domain: ai.s9i1.ru
- domain: k.z-20.ru
- file: 38.246.245.61
- hash: 80
- file: 156.238.229.162
- hash: 80
- file: 185.208.158.56
- hash: 8808
- file: 45.88.104.17
- hash: 9000
- file: 163.53.219.47
- hash: 8089
- file: 172.104.206.108
- hash: 443
- file: 34.220.66.55
- hash: 443
- file: 35.176.152.5
- hash: 2455
- file: 185.170.215.191
- hash: 7443
- url: http://mi.raisindispose.com/kawt2qxfppuenm/index.php
- domain: ab2.z-20.ru
- domain: ac.s3i1.ru
- file: 172.105.53.12
- hash: 443
- file: 194.55.137.46
- hash: 8777
- file: 217.165.153.51
- hash: 443
- file: 45.201.216.131
- hash: 80
- domain: ax.s3i1.ru
- domain: v.g-22.ru
- domain: joebesser.com
- url: https://joebesser.com/6n8v.js
- url: https://joebesser.com/js.php
- domain: w.s3i1.ru
- domain: m3.g-22.ru
- domain: asdkasdjakjsdmd.com
- domain: mifirental.com
- domain: e.s3i1.ru
- domain: qz7.g-22.ru
- url: https://duz.aztu.edu.az
- domain: duz.aztu.edu.az
- url: https://duz.demoserviciopcmendoza.com.ar
- domain: duz.demoserviciopcmendoza.com.ar
- domain: bk.x0e8.ru
- file: 185.227.108.125
- hash: 443
- url: https://bellmnk.asia/yoax
- url: https://mindhlo.qpon/xawq
- url: https://capitam.qpon/zdal
- url: https://nerlzi.asia/zdje
- url: https://t.me/dfhdfhbdfghndgfjn
- url: https://conbjao.qpon/xqwr
- url: https://t.me/fgndfgndfh
- url: https://lepidry.asia/awxz
- domain: johnpeterson123-48596.portmap.host
- domain: cahol33666-24962.portmap.host
- domain: koolkiddoj999987654-59833.portmap.host
- domain: jomegi9539-58684.portmap.host
- domain: andrewandre428.ddns.net
- domain: friend-brisbane.gl.at.ply.gg
- domain: adamdk12-53145.portmap.host
- file: 147.185.221.31
- hash: 31551
- file: 147.185.221.30
- hash: 62710
- file: 5.133.102.252
- hash: 1604
- file: 157.250.206.99
- hash: 8990
- domain: envio1009.duckdns.org
- domain: dcoctubre9.duckdns.org
- domain: kikiik3.dynuddns.net
- domain: dcgazt.duckdns.org
- domain: envio08.duckdns.org
- file: 37.0.14.200
- hash: 5033
- file: 147.185.221.31
- hash: 54023
- url: https://api.telegram.org/bot7557878970:aafs5lkd9fstq5telp4hsep3l0g04w4ovm4/sendmessage
- url: https://api.telegram.org/bot7557878970:aahtdeaohoricou6x7asxqcraj6a4a8opfa/sendmessage
- url: https://api.telegram.org/bot7796044263:aagk9wes-tjomwb7dueqfts6yk9czs3plgy/sendmessage
- file: 147.185.221.31
- hash: 52066
- file: 195.231.82.35
- hash: 30073
- domain: works-amounts.gl.at.ply.gg
- domain: xhost-27542.portmap.host
- domain: operation-integrating.gl.at.ply.gg
- domain: llnmu2y78-35554.portmap.host
- domain: wednesday-keyword.gl.at.ply.gg
- domain: investment-calendar.gl.at.ply.gg
- domain: zczxczx-37792.portmap.host
- domain: mhzl2wy-36319.portmap.host
- domain: fish-shake.gl.at.ply.gg
- domain: century-shirt.gl.at.ply.gg
- domain: topic-florists.gl.at.ply.gg
- domain: cash-architects.gl.at.ply.gg
- domain: n26a4ekqvqxd5fsq3k6bau7lrlikiczgnuny5v3vtgef4fw5gq24deyd.onion
- domain: taxacts.de
- file: 23.95.62.27
- hash: 5200
- domain: abanghmf.ddns.net
- domain: aa.x0e8.ru
- domain: promiseallrace.com
- domain: br.x0e8.ru
- file: 158.255.1.252
- hash: 80
- file: 47.119.158.127
- hash: 2222
- domain: deo.ydns.eu
- domain: iyruuv6.ydns.eu
- domain: greatguru1985.ydns.eu
- file: 23.249.20.94
- hash: 14994
- file: 54.225.53.203
- hash: 443
- file: 64.227.191.233
- hash: 7443
- file: 138.124.111.105
- hash: 8089
- file: 83.147.37.31
- hash: 555
- file: 54.67.13.50
- hash: 3389
- file: 143.92.34.217
- hash: 8888
- file: 143.92.34.217
- hash: 80
- file: 196.251.92.79
- hash: 45109
- file: 160.250.133.60
- hash: 3310
- domain: x.x0e8.ru
- domain: r.h-18.ru
- url: https://ray2me.com/ajax/pixi.min.js
- domain: ray2me.com
- url: https://everyday2gether.info/res/longmushroomvirus
- domain: everyday2gether.info
- file: 172.111.131.226
- hash: 3033
- domain: bm.m7e4.ru
- url: http://144.31.221.126:6060/capcha9856
- domain: alpha.lugerd.com
- domain: p.m7e4.ru
- file: 67.205.154.243
- hash: 53454
- url: http://23.160.56.115/p.txt
- domain: bj.m7e4.ru
- domain: edge.lugerd.com
- domain: bv.m7e4.ru
- file: 45.207.201.125
- hash: 5090
- url: https://pis.aztu.edu.az
- domain: pis.aztu.edu.az
- url: https://pis.demoserviciopcmendoza.com.ar
- domain: pis.demoserviciopcmendoza.com.ar
- file: 101.32.7.164
- hash: 8989
- url: http://726346cm.nyash.es/multiwordpress.php
- file: 1.15.174.189
- hash: 80
- file: 154.201.87.85
- hash: 8888
- file: 85.208.84.242
- hash: 80
- file: 45.155.249.133
- hash: 9000
- file: 51.83.76.197
- hash: 443
- domain: houshan.shop
- domain: famixsk.shop
- domain: sirtpwv.shop
- domain: chirkqa.shop
- domain: chimxik.shop
- domain: unapjjh.shop
- domain: undutayx.shop
- domain: subdvivw.shop
- domain: bouncuid.shop
- file: 119.91.66.244
- hash: 8888
- file: 95.217.240.236
- hash: 443
- url: https://runjhb.asia/ruuw
- url: https://sirhirssg.su/ecti
- file: 185.208.158.56
- hash: 6606
- file: 185.208.158.56
- hash: 7707
- file: 185.208.158.56
- hash: 4782
- domain: dvd-oxygen.gl.at.ply.gg
- domain: mountain-percent.gl.at.ply.gg
- domain: skin-literary.gl.at.ply.gg
- file: 163.5.221.174
- hash: 7000
- domain: www.ammsaue.com
- domain: www.desalator.com
- domain: www.treemmesrl-eu.com
- domain: soblessedagain.duckdns.org
- domain: most-la.gl.at.ply.gg
- url: http://chrome1update.shop
- file: 150.5.145.84
- hash: 0443
- domain: qp.cnmnmb.top
- file: 101.32.7.164
- hash: 9898
- file: 45.204.213.148
- hash: 6666
- file: 45.204.213.148
- hash: 8888
- file: 45.204.213.148
- hash: 8000
- domain: n.c2y8.ru
- file: 117.72.222.203
- hash: 80
- file: 45.59.124.233
- hash: 443
- file: 182.92.239.94
- hash: 8443
- file: 142.171.168.59
- hash: 2087
- file: 158.94.208.174
- hash: 443
- file: 8.136.51.77
- hash: 443
- file: 8.134.70.190
- hash: 443
- file: 124.71.233.204
- hash: 8000
- file: 23.249.20.39
- hash: 14994
- file: 23.249.20.27
- hash: 14994
- file: 23.249.20.55
- hash: 14994
- file: 23.249.20.49
- hash: 14994
- file: 23.249.20.46
- hash: 14994
- file: 23.249.20.81
- hash: 14994
- file: 23.249.20.67
- hash: 14994
- file: 23.249.20.78
- hash: 14994
- file: 23.249.20.22
- hash: 14994
- file: 212.64.215.198
- hash: 6007
- file: 84.38.129.14
- hash: 2404
- file: 45.77.33.208
- hash: 443
- file: 95.217.97.220
- hash: 80
- file: 47.96.177.175
- hash: 8888
- file: 45.81.23.27
- hash: 443
- file: 144.172.91.39
- hash: 8808
- file: 102.117.164.9
- hash: 7443
- file: 35.222.81.7
- hash: 443
- file: 46.246.4.22
- hash: 5000
- file: 179.95.203.131
- hash: 9990
- file: 54.184.96.39
- hash: 8013
- file: 8.136.48.237
- hash: 443
- file: 45.61.149.68
- hash: 2083
- file: 43.156.101.186
- hash: 8083
- file: 150.5.145.84
- hash: 443
- hash: c7bebcad25339203ca7035541a3703c94aed8ab1
- hash: 28c1575ef28fc5e3b5eb4a63327bec10b399ce17bd65ea1b2e53562cfcd7e8a4
- hash: 3a8efb57ea0bc0b19df7b582d9011688
- hash: 0935da4fc0cda6b625f340b840a0c0ccd7fbe8d4
- hash: d8cf13cc9834e0b66070974c9c2b1694ca3dd63e253718509ddc95c5942eb38a
- hash: 6a1721ec4fba9bda05035ba151650ddb
- hash: 39b3a4ed53fc026dd99958f79a06c4a439560ae5
- hash: bca5ffb9737d1a5153b454a1ad91c91340c7176b31ef102f7958042818e031fa
- hash: 0dfc61a83241ea7f8e72053218a1a0ce
- hash: 2311f22444c3a4f0140750f6c3f8e395ad7a8d55
- hash: a53952ad1b88e5d6b4fc14f09e4ccd0f2ce4be72df7c5693abd8cdad953a4871
- hash: 2330bae3c9279f5dca6af9b9116b9154
- hash: 6badedb76852b79089cc16b276de18ab7f1bed3a
- hash: 53f13751be47c5eed9604599a4bbf013d6707244e5b1d6f846a5b8d3b0afb19e
- hash: f798fd439f92f142312074b6cbf0288c
- hash: 5275804d6208be333a42fe62ca1fbbdbd1831cbb
- hash: 8faabf8e2ea7309660569ed1812f692a6597faea2ed4327b77343d3cbd16befb
- hash: 08615167c06740c9ded78b96b6042f1d
- hash: 8a7f1f722fb9632ed7f92ca20ab7bc2a500a4eea
- hash: f00591384ec47004189f26bd3766220e991c70987e0c130331a32c38e3411584
- hash: 3f819ee07bce8a90655794c422daeda6
- hash: 241cba30c9f6f6534af296aca19633fbf4f4433d
- hash: c0ef405adacaa82f0407c967d720f896d3512f6a16138492d7bc7a9fe18c0959
- hash: d6df6f96a08a21be356413a2b053d1bc
- hash: f014e26cf76e6f150f10faeb0267f25b37c1a2c1
- hash: b4e6fdd393c8a8768621713667c5e239b0df92cff2741513bdc2b03e3b453082
- hash: c3813c8c95ef773ce23be6f12e495eab
- hash: 1782443a605b041bc405b631af43c28e97fa2555
- hash: da0732b540cf55107d03e09ffcf0d6c57a733c01a9ccac2c0fcd7ec2cf24f12d
- hash: 0d7a121518a885586f707de34d275ecf
- hash: 728a6014500a38ef499c025335dc5dc6ac847871
- hash: 0d1f717457b9300e23d20d37dd7482cbb588d0332c7fbd9b936469f6e917f49e
- hash: 5430da01b4d0db31b71b12a574e6167d
- hash: bffc7a5c318f5758d0bb8b2f0bf0d42e9e6ac728
- hash: aaf78544b8650810d923b117dc02df06be1184b89f8cf58ab4374a6c9e554e1f
- hash: 0c4827d02d0a396b9f54f42243e4ad09
- hash: 3dfdc3fd5a6355ad13f0dba01d8f4aa30774214c
- hash: 844e4c466954278d395f6e8a14f0dce60052f683ea921e147fc756abba4c82a5
- hash: 242fe0e346c853ca08cbbb9edb5afb3c
- hash: faac7623a93376a8c28d056cc71a69f66a2c5451
- hash: 16a1317ad2b3a3464c1c97066ce8329a96b226607760393c29eb145e8c7c666c
- hash: 7016b2a3ed6de41897eca95036288441
- hash: 0a7526959015721d87982f7c145a0741aa53b117
- hash: 3e5b53f8b01e9eaf54c9879fc832f3f71e6b078b6f4cacc93cad05e2a2ff031e
- hash: b32c6a7aa90dec9cf15add530fd0cb9f
- hash: 9eed61535ba7d14ad040511b3d44d4853fd05bf0
- hash: ff37506f2c1d82d61f2eadefe66a685d1142d29b7790d90b76c5969a282cc752
- hash: e9fd1d72d90e7708e516b9ee0cec5fb7
- hash: 845b9220d3cebd020193bf6328f51076c9aebcbd
- hash: 53ab4a93b93223968cf2e71ea8070ba2d7e1a9010d21d41e25100e2b6ab516d9
- hash: 5a766fb66446e2c4d436167ef0944eb1
- hash: 38b4c499b59edfca1d92eb6eb13bbb0fc2f54a2d
- hash: ee6810a5bc6b8e85bcd2936558b2816773ebf57693eab4b639cdb04657d54c26
- hash: 1a9b9d4609c07f422c0964b650303bba
- hash: e6e4ef7e084fc333ac36c2f91f52bf9507f455e3
- hash: 3b31e67097313350e8787223555ada0708a6b3bf86d0c8606c61d350954f62d6
- hash: 28edd764ee0d25a6f6f4b064f23e1dd7
- hash: 5e7f89e3012f0c7d9c7a6e7fee94135c762a92e5
- hash: f507b0190897d8cfd7d49f0e5200a25ed38d11d1c8f97f48e9b5a780cf0ae514
- hash: 5bf99ec67f4aaea0a71fdc15540288e4
- hash: 5ed5a47a10249e493e7f9819cf69ea6929436836
- hash: a3701fb120b8bf03636784197b6584ed43b3a18215b27b4c8d85b0ee5f415bf7
- hash: beae3bef5730c2b8f80775a37ec49e08
- hash: b8472bee54813b24ceae67ea06723fd495113bcb
- hash: 832cc19d110505d64ec506f0b6ba8c8658b51e074e9097c3b1de8cb06152643a
- hash: a833a7593aae009acdd586fbf52df3df
- hash: cfcc8dca8b4cef7dbb13e99556fc47005747e077
- hash: 5724dcb24aebd5f4f949f2a39b393f0608257c50ddbe29b63cfde2e8432420a9
- hash: bfd49980371b8d723ba676153e171a6b
- hash: 34a1a09803790e9b4789626f3f7222608ec06785
- hash: 31faa7175a8e57fa345c395bf0490d3437b8f2117b193948a7f3789d3fc9ef7e
- hash: 4be1b69db5fa77c9753b3fed886ad1c8
- hash: f086074531f3c5b8c799caacd8140468103d0d77
- hash: 589c456a1bd31d8bf2d1a791aeffdf587b5c7ed24cd3c3abd40c534ec4b9f37d
- hash: 0a5e1973c0c1c5f4dd5975d416fa2f5a
- hash: 6a9b66e8e4973de0610654d471ea8793902fcd2b
- hash: 4a9ea80070aeef34e75107e504544232228ffa9a09e037c778cd264a2c5564d2
- hash: 367a29a1e40ada2df1f2c63164d250d9
- hash: 7400b9db3bfd98dfc9c18160f5b7d11022f39d72
- hash: afcc401404ec5b001aeb0a9eb2ac93c7c282c969a76d36d17b1ded713ccfdd3f
- hash: d67d04168134d06d03787c6a3f2e597b
- hash: 72b58daa0350e64015281b659500f0112babaeda
- hash: 2d487e83f730e2f03f5a39cdaf7959597abcb588533f883ae6b02eeeafe1fcf4
- hash: f5ce8c8bcfdaa9126c9f3225961148d1
- hash: fb28528d0170ef32b796ac8763f528ef5c9f7843
- hash: 4741946cb35138101e98fae2656734341f7d112f6a790b23cb94b61a6f322067
- hash: 07110451ff56ab2eeb714ad37419da2b
- hash: 9080177d690094cd564901a2ba2eda4cdcbef3b8
- hash: 707837ab12e3265c697210c168216999b7f82727119723d8d1006a4d46d3093a
- hash: 9bf17b35547f152f1535fa0104c55767
- hash: d0cd13769e6cf1d53094c9ac58b7005256c68c41
- hash: 70492d9f6812b381ba4ed76ab16e4e6a117da81761db116ba65d5a9a2fbbe469
- hash: 8db0a9ea7934c28791a625301184a5a0
- hash: 54270db6ee79bf098e6b49acd65e0ab7cc9498a2
- hash: d1455fdfde5afaf43cfc2eb62420814da19f5174e356babbe74e23d377145105
- hash: d03c11a507dcc6392814692487eddbfc
- hash: 27c5c7f18bc56e5894c0bebd57de8f3c972f7378
- hash: 770de35effa2fe14e78a0eb33424b78d3c23625368471f33201ffe1a8816f3f6
- hash: 4e40cf4306525a34faf8e73e2a8d10e2
- hash: b3a3b9a92ba13af798efed2b98e63ad68b3cf29c
- hash: 9891c9a43188cd9a6aaf95a9ead2a710887dc73cd06fd7a9508c36ddd7ec5011
- hash: 2a162d875717f35e0847b395f4082882
- hash: 32dce256a057b8db15016fcc5aeeef81f026f7ba
- hash: 3e640051b73b7e12ae3cb6929e7f50f1ebe5f8eac583ee82395c8bcc35b8fda0
- hash: c218cd8e0e13d23a41eb1117201cea7d
- hash: f4bda3ce1bfd4397866259dcfa3ae551d58e57ae
- hash: cc65788b0b15cdee3e9c1f9fc6dd4e5ed6d2f7148dee2cf067165fa82d0bda10
- hash: 072ec75dfcb4bc9a307338d082fcacd1
- hash: bfff9668119ed34c9a73a1b53fabdf48b5cd1dae
- hash: 24a8da093779cbbb0d5dbbaf6f1a4873ae22202aa5047912a753a29885f52204
- hash: f74f3f6b49690cfb9ab7aff6222d3849
- hash: 4bc6aedaaa825a693ee23409b6a60785bb98bc7f
- hash: 73031c79da6e755cc7bcd3fee4b770ecfe34852e19afc46fb89f80a90c664bf2
- hash: e95af1ea4f1a0421de6b5d8546d092b0
- hash: 6c293a563a753c5fe1329d0452171ff6f533ce5c
- hash: 34de6149b542022b17b89aec00c7ce4dae3ec04ab4fdc380afa2a3aa211396df
- hash: 174a5dd3495530937d94b4d5f46e028e
- hash: da5223a720dccaf1923c8c61717cce589d63f806
- hash: 9492cef42975b42262a1df4b080447f1765be773b7a121f7eacdb43b8756d7b0
- hash: d065fe604b4f4b9c4b7123d866454dbf
- hash: 9fcfcdd49bbf36165e8ad9382ba48648717ca435
- hash: 3543cabb8f07c2ca336999986b1889540db647c250dcf26db025f5d1139ec5e4
- hash: 18a48ac8f1801cd4bf74c5d6004bc67b
- hash: 6e8bd18692ec28cfc6f69bace77ea0c0e72f6983
- hash: ead9f443d43e6c9548964721edbf937b1cdf9b5d6126682714de2aba4a086078
- hash: 1a86a01fa9ad887b141ae5438b704a69
- hash: 7d78bf35c355410d810cefc781e81e9a38dc2db4
- hash: 3093077e390786c3463e88ea9520a2423102c90486b250fad40105fbad16285e
- hash: 4b65e2781151da24afdc16f824024078
- hash: fc8de9895a3744af20d9f40c4867864a76750de9
- hash: 415b94605e8ea36e31cf5efbb6262f65d375eec545e67cc1776cde3744a8cf5b
- hash: 151f03d3629bd4b4af57bf3abfe59419
- hash: 9891f12413df19c1439c23a1c1c331672c4ef787
- hash: 307c3f55aff96096d8178d52989116aff0e3d4b52b5b28ce38f7cecfbc99e2cd
- hash: b9d37887caab4ff13008c426eb89a92d
- hash: 5856a0b19b44d815ff4572f6574a764ce4953931
- hash: 1e3a9183d9ac669b2c877fa746b31d1c292324027d9679f95799679e5e13dc1d
- hash: bd83ec871d7797d8cc085bffed793665
- hash: aa59f1f76b0053bbab939552dc32b60463852ab9
- hash: 0b2ddb84a655024f37729c5a998d065f4b3f88bd3de2784025dc245104fbc752
- hash: a2b453b524de5f618fac8c22a0511a7f
- hash: d99a7be3e0fc02ac3d359105d0687513edb27e1e
- hash: 5e72fe9c6707f14a3a5b8d71812774a4880123f2742e4027be1c6bcee1dd6b09
- hash: 6a2b78603e9e111ab3c40e76a6d6b234
- hash: facae5968226b2cc9b8ad7630c72452928fba7ff
- hash: 56be345b2a3d73fb2d7090c24fdfc4c91a51a274b1479af67551c234ef621758
- hash: 50c489491fc7ed45f924e0941377666f
- hash: 8194ff4f67616b1866cfcbf629b7160bbbac44df
- hash: f45b912a4b11f3294aabb69e6f533055bf6363fe91cb2b743d927abf0e748f4a
- hash: 5cb436345d8c0fb01a3d64be3cdd33b9
- hash: 889c461aa383a76765cef2df78f7711baac46420
- hash: 59a9f58e089576e053f87c747158987d3d6fd80bfd58ce3b82cfa3d3b4966228
- hash: 6ce2a214eafc4a3f1717c2e835cc0cc9
- hash: 5a994b7478de7c081c68835227817a43b0903f38
- hash: f2b307c985cd781039b54ce7fd7ec58b14f2cb8b55cacd6fa987a291c4082b4f
- hash: e66180198be0e557e26e57b93c1f68b1
- hash: 62c28ff7754ff203a3e5f9a92b059652e27dc57f
- hash: 5ffd0cc8290061b5c65b277dfa82f12596908715d264928f2008452e9bb7bce1
- hash: 518f06379ec6c5d13303b400236842c0
- hash: 3d72afe6e410c1380315dc5da1fb6e3ef4b7a18c
- hash: 0d95e636a7e133f2d04f8cdcc0e7e46628a3172f6f5e8e3f2ceea014c911fd4c
- hash: 043eab0dd94c303a7776c4c0ea39d97c
- file: 115.120.31.30
- hash: 8888
- file: 137.184.195.146
- hash: 8888
- file: 172.104.206.108
- hash: 8443
- file: 190.31.19.241
- hash: 443
- file: 198.46.253.221
- hash: 2222
- file: 198.46.253.221
- hash: 8888
- file: 52.52.48.128
- hash: 443
- url: https://yyi.aztu.edu.az
- domain: yyi.aztu.edu.az
- url: https://yyi.demoserviciopcmendoza.com.ar
- domain: yyi.demoserviciopcmendoza.com.ar
- file: 109.173.167.24
- hash: 4444
ThreatFox IOCs for 2025-09-17
Medium
Published: Wed Sep 17 2025 (09/17/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-09-17
AI-Powered Analysis
AILast updated: 09/18/2025, 00:34:24 UTC
Technical Analysis
The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2025-09-17 by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), payload delivery, and network activity. The data lacks specific affected versions or products, indicating that it is a general intelligence feed rather than a vulnerability tied to a particular software or hardware product. The threat level is rated as 2 on an unspecified scale, with analysis and distribution scores suggesting moderate dissemination and limited analytical detail. No known exploits are reported in the wild, and no patches are available, which aligns with the nature of OSINT feeds that typically provide threat actor infrastructure, malware hashes, or network indicators rather than direct vulnerabilities or exploits. The absence of CWEs and technical details further supports that this is an intelligence collection rather than a direct exploit or vulnerability. The threat is tagged with TLP:WHITE, indicating it is intended for wide distribution without restrictions. Overall, this represents a medium-severity malware-related threat intelligence update focusing on payload delivery mechanisms and network activity patterns, useful for enhancing detection and response capabilities rather than indicating an active exploit or vulnerability requiring immediate patching.
Potential Impact
For European organizations, the impact of this threat lies primarily in the potential for improved situational awareness and detection of malware campaigns through updated IOCs. Since no specific exploit or vulnerability is identified, the direct risk of compromise is low to medium, depending on the organization's ability to integrate and act on the provided intelligence. Organizations that rely heavily on OSINT feeds for threat hunting and incident response can leverage these IOCs to detect and mitigate payload delivery attempts and suspicious network activity. However, the lack of known exploits in the wild and absence of patchable vulnerabilities means that the threat does not currently pose an immediate operational risk but should be monitored as part of ongoing threat intelligence efforts. Failure to incorporate such intelligence could result in delayed detection of malware infections or network intrusions, potentially leading to data breaches or service disruptions if payload delivery attempts succeed.
Mitigation Recommendations
European organizations should focus on integrating the ThreatFox IOCs into their existing security monitoring and incident response platforms, such as SIEMs, IDS/IPS, and endpoint detection and response (EDR) tools. Regularly updating threat intelligence feeds and automating IOC ingestion will enhance early detection of related malware activity. Network segmentation and strict egress filtering can limit the impact of payload delivery attempts. Additionally, organizations should conduct regular threat hunting exercises using these IOCs to identify potential compromises early. Since no patches are available, emphasis should be placed on proactive detection, user awareness training to recognize phishing or social engineering attempts that may deliver payloads, and maintaining robust backup and recovery procedures to mitigate potential damage from malware infections. Collaboration with national and European cybersecurity centers can also improve contextual understanding and response coordination.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 8da204ce-a555-486e-bb25-87c094cc54f5
- Original Timestamp
- 1758153786
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainmkt.97jt.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaing.527w.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintc.527w.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv5.s57o.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain2w1.527w.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domains.802d.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainh1.802d.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincm0.s57o.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv3.802d.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainret.aztu.edu.az | Vidar botnet C2 domain (confidence level: 75%) | |
domainret.demoserviciopcmendoza.com.ar | Vidar botnet C2 domain (confidence level: 75%) | |
domainfastfoodnewyorkcity.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domain0zq.802d.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainexim111.casacam.net | XWorm botnet C2 domain (confidence level: 100%) | |
domainyou-gaps.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainpaygateme.net | Remcos botnet C2 domain (confidence level: 100%) | |
domain989jsdbty.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domain4802jkshdp.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domain74yanadh.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaingift.ydns.eu | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainl.v51o.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainp.526r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc8.526r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaind1.v51o.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain1m.526r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrxe.526r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainx0r.v51o.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbq.s9i1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainu.s9i1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainai.s9i1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaink.z-20.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainab2.z-20.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainac.s3i1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainax.s3i1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv.g-22.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjoebesser.com | KongTuke payload delivery domain (confidence level: 100%) | |
domainw.s3i1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm3.g-22.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainasdkasdjakjsdmd.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainmifirental.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domaine.s3i1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqz7.g-22.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainduz.aztu.edu.az | Vidar botnet C2 domain (confidence level: 75%) | |
domainduz.demoserviciopcmendoza.com.ar | Vidar botnet C2 domain (confidence level: 75%) | |
domainbk.x0e8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjohnpeterson123-48596.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaincahol33666-24962.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainkoolkiddoj999987654-59833.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainjomegi9539-58684.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainandrewandre428.ddns.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainfriend-brisbane.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainadamdk12-53145.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainenvio1009.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaindcoctubre9.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainkikiik3.dynuddns.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaindcgazt.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainenvio08.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainworks-amounts.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainxhost-27542.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainoperation-integrating.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainllnmu2y78-35554.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainwednesday-keyword.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaininvestment-calendar.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainzczxczx-37792.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainmhzl2wy-36319.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainfish-shake.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaincentury-shirt.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaintopic-florists.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaincash-architects.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainn26a4ekqvqxd5fsq3k6bau7lrlikiczgnuny5v3vtgef4fw5gq24deyd.onion | BitRAT botnet C2 domain (confidence level: 100%) | |
domaintaxacts.de | Remcos botnet C2 domain (confidence level: 100%) | |
domainabanghmf.ddns.net | Nanocore RAT botnet C2 domain (confidence level: 100%) | |
domainaa.x0e8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpromiseallrace.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainbr.x0e8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindeo.ydns.eu | Remcos botnet C2 domain (confidence level: 100%) | |
domainiyruuv6.ydns.eu | Remcos botnet C2 domain (confidence level: 100%) | |
domaingreatguru1985.ydns.eu | Remcos botnet C2 domain (confidence level: 100%) | |
domainx.x0e8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainr.h-18.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainray2me.com | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domaineveryday2gether.info | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainbm.m7e4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainalpha.lugerd.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainp.m7e4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbj.m7e4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainedge.lugerd.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainbv.m7e4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpis.aztu.edu.az | Vidar botnet C2 domain (confidence level: 75%) | |
domainpis.demoserviciopcmendoza.com.ar | Vidar botnet C2 domain (confidence level: 75%) | |
domainhoushan.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfamixsk.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsirtpwv.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainchirkqa.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainchimxik.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainunapjjh.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainundutayx.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsubdvivw.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbouncuid.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindvd-oxygen.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainmountain-percent.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainskin-literary.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainwww.ammsaue.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainwww.desalator.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainwww.treemmesrl-eu.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainsoblessedagain.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainmost-la.gl.at.ply.gg | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainqp.cnmnmb.top | ValleyRAT botnet C2 domain (confidence level: 100%) | |
domainn.c2y8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainyyi.aztu.edu.az | Vidar botnet C2 domain (confidence level: 75%) | |
domainyyi.demoserviciopcmendoza.com.ar | Vidar botnet C2 domain (confidence level: 75%) |
File
| Value | Description | Copy |
|---|---|---|
file46.62.198.245 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file104.223.122.120 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.120.70.161 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.108.217.44 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.111.244.107 | Remcos botnet C2 server (confidence level: 100%) | |
file49.113.78.131 | Unknown malware botnet C2 server (confidence level: 100%) | |
file94.249.236.169 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file209.38.147.179 | SectopRAT botnet C2 server (confidence level: 100%) | |
file196.251.88.76 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file45.94.47.200 | Stealc botnet C2 server (confidence level: 100%) | |
file176.46.158.38 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file147.185.221.23 | XWorm botnet C2 server (confidence level: 100%) | |
file156.247.40.80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file83.147.18.16 | Meterpreter botnet C2 server (confidence level: 75%) | |
file103.115.64.166 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file82.25.93.185 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.220.66.55 | Havoc botnet C2 server (confidence level: 100%) | |
file152.228.206.127 | DCRat botnet C2 server (confidence level: 100%) | |
file65.21.175.89 | Unknown malware botnet C2 server (confidence level: 100%) | |
file116.211.150.7 | Unknown malware botnet C2 server (confidence level: 100%) | |
file50.19.143.151 | Unknown malware botnet C2 server (confidence level: 100%) | |
file206.237.21.219 | Unknown malware botnet C2 server (confidence level: 100%) | |
file95.163.249.128 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.5.157.70 | Unknown malware botnet C2 server (confidence level: 100%) | |
file123.231.234.37 | Unknown malware botnet C2 server (confidence level: 100%) | |
file123.231.234.37 | Unknown malware botnet C2 server (confidence level: 100%) | |
file8.130.159.166 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.64.98.115 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.64.98.115 | Unknown malware botnet C2 server (confidence level: 100%) | |
file5.129.211.49 | Unknown malware botnet C2 server (confidence level: 100%) | |
file8.210.254.131 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.196.184.108 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.196.184.108 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.105.111.62 | Unknown malware botnet C2 server (confidence level: 100%) | |
file120.76.158.8 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.210.156.111 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.145.148.80 | Unknown malware botnet C2 server (confidence level: 100%) | |
file69.62.98.218 | Unknown malware botnet C2 server (confidence level: 100%) | |
file31.97.16.101 | Unknown malware botnet C2 server (confidence level: 100%) | |
file46.202.190.74 | Unknown malware botnet C2 server (confidence level: 100%) | |
file24.199.96.90 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.136.14.126 | Unknown malware botnet C2 server (confidence level: 100%) | |
file190.63.136.97 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.138.62.201 | Unknown malware botnet C2 server (confidence level: 100%) | |
file58.210.0.45 | Unknown malware botnet C2 server (confidence level: 100%) | |
file40.114.83.155 | Unknown malware botnet C2 server (confidence level: 100%) | |
file158.94.208.175 | Latrodectus botnet C2 server (confidence level: 100%) | |
file212.83.139.101 | Remcos botnet C2 server (confidence level: 100%) | |
file158.94.209.127 | Remcos botnet C2 server (confidence level: 100%) | |
file91.92.241.57 | Remcos botnet C2 server (confidence level: 100%) | |
file196.251.80.152 | Remcos botnet C2 server (confidence level: 100%) | |
file16.63.108.75 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file3.10.203.198 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file107.189.23.136 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
file143.92.34.217 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file188.225.11.79 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.236.68.217 | XWorm botnet C2 server (confidence level: 100%) | |
file115.92.155.19 | NjRAT botnet C2 server (confidence level: 100%) | |
file196.251.92.95 | XWorm botnet C2 server (confidence level: 100%) | |
file95.217.242.219 | Vidar botnet C2 server (confidence level: 100%) | |
file38.246.245.61 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file156.238.229.162 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file185.208.158.56 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.88.104.17 | SectopRAT botnet C2 server (confidence level: 100%) | |
file163.53.219.47 | Hook botnet C2 server (confidence level: 100%) | |
file172.104.206.108 | Havoc botnet C2 server (confidence level: 100%) | |
file34.220.66.55 | Havoc botnet C2 server (confidence level: 100%) | |
file35.176.152.5 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file185.170.215.191 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.105.53.12 | Havoc botnet C2 server (confidence level: 75%) | |
file194.55.137.46 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file217.165.153.51 | QakBot botnet C2 server (confidence level: 75%) | |
file45.201.216.131 | Sliver botnet C2 server (confidence level: 75%) | |
file185.227.108.125 | Unknown malware botnet C2 server (confidence level: 100%) | |
file147.185.221.31 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file147.185.221.30 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file5.133.102.252 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file157.250.206.99 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file37.0.14.200 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file147.185.221.31 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file147.185.221.31 | XWorm botnet C2 server (confidence level: 100%) | |
file195.231.82.35 | XWorm botnet C2 server (confidence level: 100%) | |
file23.95.62.27 | Ave Maria botnet C2 server (confidence level: 100%) | |
file158.255.1.252 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.119.158.127 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.249.20.94 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file54.225.53.203 | Sliver botnet C2 server (confidence level: 100%) | |
file64.227.191.233 | Unknown malware botnet C2 server (confidence level: 100%) | |
file138.124.111.105 | Hook botnet C2 server (confidence level: 100%) | |
file83.147.37.31 | DCRat botnet C2 server (confidence level: 100%) | |
file54.67.13.50 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file143.92.34.217 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file143.92.34.217 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file196.251.92.79 | Remcos botnet C2 server (confidence level: 75%) | |
file160.250.133.60 | Remcos botnet C2 server (confidence level: 75%) | |
file172.111.131.226 | XWorm botnet C2 server (confidence level: 100%) | |
file67.205.154.243 | Loda botnet C2 server (confidence level: 100%) | |
file45.207.201.125 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file101.32.7.164 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file1.15.174.189 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.201.87.85 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file85.208.84.242 | Matanbuchus botnet C2 server (confidence level: 100%) | |
file45.155.249.133 | SectopRAT botnet C2 server (confidence level: 100%) | |
file51.83.76.197 | Havoc botnet C2 server (confidence level: 100%) | |
file119.91.66.244 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file95.217.240.236 | Vidar botnet C2 server (confidence level: 100%) | |
file185.208.158.56 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file185.208.158.56 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file185.208.158.56 | Quasar RAT botnet C2 server (confidence level: 75%) | |
file163.5.221.174 | XWorm botnet C2 server (confidence level: 100%) | |
file150.5.145.84 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file101.32.7.164 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file45.204.213.148 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file45.204.213.148 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file45.204.213.148 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file117.72.222.203 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.59.124.233 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file182.92.239.94 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file142.171.168.59 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file158.94.208.174 | Latrodectus botnet C2 server (confidence level: 90%) | |
file8.136.51.77 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.134.70.190 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.71.233.204 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.249.20.39 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file23.249.20.27 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file23.249.20.55 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file23.249.20.49 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file23.249.20.46 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file23.249.20.81 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file23.249.20.67 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file23.249.20.78 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file23.249.20.22 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file212.64.215.198 | DarkComet botnet C2 server (confidence level: 100%) | |
file84.38.129.14 | Remcos botnet C2 server (confidence level: 100%) | |
file45.77.33.208 | Sliver botnet C2 server (confidence level: 100%) | |
file95.217.97.220 | Sliver botnet C2 server (confidence level: 100%) | |
file47.96.177.175 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.81.23.27 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file144.172.91.39 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file102.117.164.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.222.81.7 | Unknown malware botnet C2 server (confidence level: 100%) | |
file46.246.4.22 | DCRat botnet C2 server (confidence level: 100%) | |
file179.95.203.131 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file54.184.96.39 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file8.136.48.237 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file45.61.149.68 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file43.156.101.186 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file150.5.145.84 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file115.120.31.30 | Sliver botnet C2 server (confidence level: 75%) | |
file137.184.195.146 | Sliver botnet C2 server (confidence level: 75%) | |
file172.104.206.108 | Havoc botnet C2 server (confidence level: 75%) | |
file190.31.19.241 | QakBot botnet C2 server (confidence level: 75%) | |
file198.46.253.221 | Sliver botnet C2 server (confidence level: 75%) | |
file198.46.253.221 | Sliver botnet C2 server (confidence level: 75%) | |
file52.52.48.128 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file109.173.167.24 | Meterpreter botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8848 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash37830 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash1911 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Stealc botnet C2 server (confidence level: 100%) | |
hash1337 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash13715 | XWorm botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54445 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash22 | DCRat botnet C2 server (confidence level: 100%) | |
hash5000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2083 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5678 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2083 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1234 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8089 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9205 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4444 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash20997 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash4839 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash7720 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash9443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash81 | NjRAT botnet C2 server (confidence level: 100%) | |
hash1989 | XWorm botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash80 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash80 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash2455 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash8777 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash80 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash31551 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash62710 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash1604 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8990 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash5033 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash54023 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash52066 | XWorm botnet C2 server (confidence level: 100%) | |
hash30073 | XWorm botnet C2 server (confidence level: 100%) | |
hash5200 | Ave Maria botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash14994 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash555 | DCRat botnet C2 server (confidence level: 100%) | |
hash3389 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8888 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash45109 | Remcos botnet C2 server (confidence level: 75%) | |
hash3310 | Remcos botnet C2 server (confidence level: 75%) | |
hash3033 | XWorm botnet C2 server (confidence level: 100%) | |
hash53454 | Loda botnet C2 server (confidence level: 100%) | |
hash5090 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8989 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash80 | Matanbuchus botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8888 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 75%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash0443 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash9898 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8888 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8000 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2087 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 90%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash14994 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash14994 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash14994 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash14994 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash14994 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash14994 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash14994 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash14994 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash14994 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash6007 | DarkComet botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash80 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5000 | DCRat botnet C2 server (confidence level: 100%) | |
hash9990 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8013 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash2083 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash8083 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hashc7bebcad25339203ca7035541a3703c94aed8ab1 | ValleyRAT payload (confidence level: 95%) | |
hash28c1575ef28fc5e3b5eb4a63327bec10b399ce17bd65ea1b2e53562cfcd7e8a4 | ValleyRAT payload (confidence level: 95%) | |
hash3a8efb57ea0bc0b19df7b582d9011688 | ValleyRAT payload (confidence level: 95%) | |
hash0935da4fc0cda6b625f340b840a0c0ccd7fbe8d4 | Cobalt Strike payload (confidence level: 95%) | |
hashd8cf13cc9834e0b66070974c9c2b1694ca3dd63e253718509ddc95c5942eb38a | Cobalt Strike payload (confidence level: 95%) | |
hash6a1721ec4fba9bda05035ba151650ddb | Cobalt Strike payload (confidence level: 95%) | |
hash39b3a4ed53fc026dd99958f79a06c4a439560ae5 | DCRat payload (confidence level: 95%) | |
hashbca5ffb9737d1a5153b454a1ad91c91340c7176b31ef102f7958042818e031fa | DCRat payload (confidence level: 95%) | |
hash0dfc61a83241ea7f8e72053218a1a0ce | DCRat payload (confidence level: 95%) | |
hash2311f22444c3a4f0140750f6c3f8e395ad7a8d55 | GCleaner payload (confidence level: 95%) | |
hasha53952ad1b88e5d6b4fc14f09e4ccd0f2ce4be72df7c5693abd8cdad953a4871 | GCleaner payload (confidence level: 95%) | |
hash2330bae3c9279f5dca6af9b9116b9154 | GCleaner payload (confidence level: 95%) | |
hash6badedb76852b79089cc16b276de18ab7f1bed3a | troystealer payload (confidence level: 95%) | |
hash53f13751be47c5eed9604599a4bbf013d6707244e5b1d6f846a5b8d3b0afb19e | troystealer payload (confidence level: 95%) | |
hashf798fd439f92f142312074b6cbf0288c | troystealer payload (confidence level: 95%) | |
hash5275804d6208be333a42fe62ca1fbbdbd1831cbb | RedLine Stealer payload (confidence level: 95%) | |
hash8faabf8e2ea7309660569ed1812f692a6597faea2ed4327b77343d3cbd16befb | RedLine Stealer payload (confidence level: 95%) | |
hash08615167c06740c9ded78b96b6042f1d | RedLine Stealer payload (confidence level: 95%) | |
hash8a7f1f722fb9632ed7f92ca20ab7bc2a500a4eea | Quasar RAT payload (confidence level: 95%) | |
hashf00591384ec47004189f26bd3766220e991c70987e0c130331a32c38e3411584 | Quasar RAT payload (confidence level: 95%) | |
hash3f819ee07bce8a90655794c422daeda6 | Quasar RAT payload (confidence level: 95%) | |
hash241cba30c9f6f6534af296aca19633fbf4f4433d | AsyncRAT payload (confidence level: 95%) | |
hashc0ef405adacaa82f0407c967d720f896d3512f6a16138492d7bc7a9fe18c0959 | AsyncRAT payload (confidence level: 95%) | |
hashd6df6f96a08a21be356413a2b053d1bc | AsyncRAT payload (confidence level: 95%) | |
hashf014e26cf76e6f150f10faeb0267f25b37c1a2c1 | Cobalt Strike payload (confidence level: 95%) | |
hashb4e6fdd393c8a8768621713667c5e239b0df92cff2741513bdc2b03e3b453082 | Cobalt Strike payload (confidence level: 95%) | |
hashc3813c8c95ef773ce23be6f12e495eab | Cobalt Strike payload (confidence level: 95%) | |
hash1782443a605b041bc405b631af43c28e97fa2555 | DCRat payload (confidence level: 95%) | |
hashda0732b540cf55107d03e09ffcf0d6c57a733c01a9ccac2c0fcd7ec2cf24f12d | DCRat payload (confidence level: 95%) | |
hash0d7a121518a885586f707de34d275ecf | DCRat payload (confidence level: 95%) | |
hash728a6014500a38ef499c025335dc5dc6ac847871 | DCRat payload (confidence level: 95%) | |
hash0d1f717457b9300e23d20d37dd7482cbb588d0332c7fbd9b936469f6e917f49e | DCRat payload (confidence level: 95%) | |
hash5430da01b4d0db31b71b12a574e6167d | DCRat payload (confidence level: 95%) | |
hashbffc7a5c318f5758d0bb8b2f0bf0d42e9e6ac728 | ValleyRAT payload (confidence level: 95%) | |
hashaaf78544b8650810d923b117dc02df06be1184b89f8cf58ab4374a6c9e554e1f | ValleyRAT payload (confidence level: 95%) | |
hash0c4827d02d0a396b9f54f42243e4ad09 | ValleyRAT payload (confidence level: 95%) | |
hash3dfdc3fd5a6355ad13f0dba01d8f4aa30774214c | RedLine Stealer payload (confidence level: 95%) | |
hash844e4c466954278d395f6e8a14f0dce60052f683ea921e147fc756abba4c82a5 | RedLine Stealer payload (confidence level: 95%) | |
hash242fe0e346c853ca08cbbb9edb5afb3c | RedLine Stealer payload (confidence level: 95%) | |
hashfaac7623a93376a8c28d056cc71a69f66a2c5451 | AsyncRAT payload (confidence level: 95%) | |
hash16a1317ad2b3a3464c1c97066ce8329a96b226607760393c29eb145e8c7c666c | AsyncRAT payload (confidence level: 95%) | |
hash7016b2a3ed6de41897eca95036288441 | AsyncRAT payload (confidence level: 95%) | |
hash0a7526959015721d87982f7c145a0741aa53b117 | AsyncRAT payload (confidence level: 95%) | |
hash3e5b53f8b01e9eaf54c9879fc832f3f71e6b078b6f4cacc93cad05e2a2ff031e | AsyncRAT payload (confidence level: 95%) | |
hashb32c6a7aa90dec9cf15add530fd0cb9f | AsyncRAT payload (confidence level: 95%) | |
hash9eed61535ba7d14ad040511b3d44d4853fd05bf0 | AsyncRAT payload (confidence level: 95%) | |
hashff37506f2c1d82d61f2eadefe66a685d1142d29b7790d90b76c5969a282cc752 | AsyncRAT payload (confidence level: 95%) | |
hashe9fd1d72d90e7708e516b9ee0cec5fb7 | AsyncRAT payload (confidence level: 95%) | |
hash845b9220d3cebd020193bf6328f51076c9aebcbd | AsyncRAT payload (confidence level: 95%) | |
hash53ab4a93b93223968cf2e71ea8070ba2d7e1a9010d21d41e25100e2b6ab516d9 | AsyncRAT payload (confidence level: 95%) | |
hash5a766fb66446e2c4d436167ef0944eb1 | AsyncRAT payload (confidence level: 95%) | |
hash38b4c499b59edfca1d92eb6eb13bbb0fc2f54a2d | ValleyRAT payload (confidence level: 95%) | |
hashee6810a5bc6b8e85bcd2936558b2816773ebf57693eab4b639cdb04657d54c26 | ValleyRAT payload (confidence level: 95%) | |
hash1a9b9d4609c07f422c0964b650303bba | ValleyRAT payload (confidence level: 95%) | |
hashe6e4ef7e084fc333ac36c2f91f52bf9507f455e3 | Quasar RAT payload (confidence level: 95%) | |
hash3b31e67097313350e8787223555ada0708a6b3bf86d0c8606c61d350954f62d6 | Quasar RAT payload (confidence level: 95%) | |
hash28edd764ee0d25a6f6f4b064f23e1dd7 | Quasar RAT payload (confidence level: 95%) | |
hash5e7f89e3012f0c7d9c7a6e7fee94135c762a92e5 | StrelaStealer payload (confidence level: 95%) | |
hashf507b0190897d8cfd7d49f0e5200a25ed38d11d1c8f97f48e9b5a780cf0ae514 | StrelaStealer payload (confidence level: 95%) | |
hash5bf99ec67f4aaea0a71fdc15540288e4 | StrelaStealer payload (confidence level: 95%) | |
hash5ed5a47a10249e493e7f9819cf69ea6929436836 | Formbook payload (confidence level: 95%) | |
hasha3701fb120b8bf03636784197b6584ed43b3a18215b27b4c8d85b0ee5f415bf7 | Formbook payload (confidence level: 95%) | |
hashbeae3bef5730c2b8f80775a37ec49e08 | Formbook payload (confidence level: 95%) | |
hashb8472bee54813b24ceae67ea06723fd495113bcb | Loda payload (confidence level: 95%) | |
hash832cc19d110505d64ec506f0b6ba8c8658b51e074e9097c3b1de8cb06152643a | Loda payload (confidence level: 95%) | |
hasha833a7593aae009acdd586fbf52df3df | Loda payload (confidence level: 95%) | |
hashcfcc8dca8b4cef7dbb13e99556fc47005747e077 | troystealer payload (confidence level: 95%) | |
hash5724dcb24aebd5f4f949f2a39b393f0608257c50ddbe29b63cfde2e8432420a9 | troystealer payload (confidence level: 95%) | |
hashbfd49980371b8d723ba676153e171a6b | troystealer payload (confidence level: 95%) | |
hash34a1a09803790e9b4789626f3f7222608ec06785 | Rhadamanthys payload (confidence level: 95%) | |
hash31faa7175a8e57fa345c395bf0490d3437b8f2117b193948a7f3789d3fc9ef7e | Rhadamanthys payload (confidence level: 95%) | |
hash4be1b69db5fa77c9753b3fed886ad1c8 | Rhadamanthys payload (confidence level: 95%) | |
hashf086074531f3c5b8c799caacd8140468103d0d77 | Rhadamanthys payload (confidence level: 95%) | |
hash589c456a1bd31d8bf2d1a791aeffdf587b5c7ed24cd3c3abd40c534ec4b9f37d | Rhadamanthys payload (confidence level: 95%) | |
hash0a5e1973c0c1c5f4dd5975d416fa2f5a | Rhadamanthys payload (confidence level: 95%) | |
hash6a9b66e8e4973de0610654d471ea8793902fcd2b | StrelaStealer payload (confidence level: 95%) | |
hash4a9ea80070aeef34e75107e504544232228ffa9a09e037c778cd264a2c5564d2 | StrelaStealer payload (confidence level: 95%) | |
hash367a29a1e40ada2df1f2c63164d250d9 | StrelaStealer payload (confidence level: 95%) | |
hash7400b9db3bfd98dfc9c18160f5b7d11022f39d72 | Formbook payload (confidence level: 95%) | |
hashafcc401404ec5b001aeb0a9eb2ac93c7c282c969a76d36d17b1ded713ccfdd3f | Formbook payload (confidence level: 95%) | |
hashd67d04168134d06d03787c6a3f2e597b | Formbook payload (confidence level: 95%) | |
hash72b58daa0350e64015281b659500f0112babaeda | Nanocore RAT payload (confidence level: 95%) | |
hash2d487e83f730e2f03f5a39cdaf7959597abcb588533f883ae6b02eeeafe1fcf4 | Nanocore RAT payload (confidence level: 95%) | |
hashf5ce8c8bcfdaa9126c9f3225961148d1 | Nanocore RAT payload (confidence level: 95%) | |
hashfb28528d0170ef32b796ac8763f528ef5c9f7843 | Agent Tesla payload (confidence level: 95%) | |
hash4741946cb35138101e98fae2656734341f7d112f6a790b23cb94b61a6f322067 | Agent Tesla payload (confidence level: 95%) | |
hash07110451ff56ab2eeb714ad37419da2b | Agent Tesla payload (confidence level: 95%) | |
hash9080177d690094cd564901a2ba2eda4cdcbef3b8 | Amadey payload (confidence level: 95%) | |
hash707837ab12e3265c697210c168216999b7f82727119723d8d1006a4d46d3093a | Amadey payload (confidence level: 95%) | |
hash9bf17b35547f152f1535fa0104c55767 | Amadey payload (confidence level: 95%) | |
hashd0cd13769e6cf1d53094c9ac58b7005256c68c41 | ScreenLocker payload (confidence level: 95%) | |
hash70492d9f6812b381ba4ed76ab16e4e6a117da81761db116ba65d5a9a2fbbe469 | ScreenLocker payload (confidence level: 95%) | |
hash8db0a9ea7934c28791a625301184a5a0 | ScreenLocker payload (confidence level: 95%) | |
hash54270db6ee79bf098e6b49acd65e0ab7cc9498a2 | ScreenLocker payload (confidence level: 95%) | |
hashd1455fdfde5afaf43cfc2eb62420814da19f5174e356babbe74e23d377145105 | ScreenLocker payload (confidence level: 95%) | |
hashd03c11a507dcc6392814692487eddbfc | ScreenLocker payload (confidence level: 95%) | |
hash27c5c7f18bc56e5894c0bebd57de8f3c972f7378 | ScreenLocker payload (confidence level: 95%) | |
hash770de35effa2fe14e78a0eb33424b78d3c23625368471f33201ffe1a8816f3f6 | ScreenLocker payload (confidence level: 95%) | |
hash4e40cf4306525a34faf8e73e2a8d10e2 | ScreenLocker payload (confidence level: 95%) | |
hashb3a3b9a92ba13af798efed2b98e63ad68b3cf29c | ScreenLocker payload (confidence level: 95%) | |
hash9891c9a43188cd9a6aaf95a9ead2a710887dc73cd06fd7a9508c36ddd7ec5011 | ScreenLocker payload (confidence level: 95%) | |
hash2a162d875717f35e0847b395f4082882 | ScreenLocker payload (confidence level: 95%) | |
hash32dce256a057b8db15016fcc5aeeef81f026f7ba | ScreenLocker payload (confidence level: 95%) | |
hash3e640051b73b7e12ae3cb6929e7f50f1ebe5f8eac583ee82395c8bcc35b8fda0 | ScreenLocker payload (confidence level: 95%) | |
hashc218cd8e0e13d23a41eb1117201cea7d | ScreenLocker payload (confidence level: 95%) | |
hashf4bda3ce1bfd4397866259dcfa3ae551d58e57ae | Formbook payload (confidence level: 95%) | |
hashcc65788b0b15cdee3e9c1f9fc6dd4e5ed6d2f7148dee2cf067165fa82d0bda10 | Formbook payload (confidence level: 95%) | |
hash072ec75dfcb4bc9a307338d082fcacd1 | Formbook payload (confidence level: 95%) | |
hashbfff9668119ed34c9a73a1b53fabdf48b5cd1dae | Agent Tesla payload (confidence level: 95%) | |
hash24a8da093779cbbb0d5dbbaf6f1a4873ae22202aa5047912a753a29885f52204 | Agent Tesla payload (confidence level: 95%) | |
hashf74f3f6b49690cfb9ab7aff6222d3849 | Agent Tesla payload (confidence level: 95%) | |
hash4bc6aedaaa825a693ee23409b6a60785bb98bc7f | XWorm payload (confidence level: 95%) | |
hash73031c79da6e755cc7bcd3fee4b770ecfe34852e19afc46fb89f80a90c664bf2 | XWorm payload (confidence level: 95%) | |
hashe95af1ea4f1a0421de6b5d8546d092b0 | XWorm payload (confidence level: 95%) | |
hash6c293a563a753c5fe1329d0452171ff6f533ce5c | KrakenKeylogger payload (confidence level: 95%) | |
hash34de6149b542022b17b89aec00c7ce4dae3ec04ab4fdc380afa2a3aa211396df | KrakenKeylogger payload (confidence level: 95%) | |
hash174a5dd3495530937d94b4d5f46e028e | KrakenKeylogger payload (confidence level: 95%) | |
hashda5223a720dccaf1923c8c61717cce589d63f806 | StrelaStealer payload (confidence level: 95%) | |
hash9492cef42975b42262a1df4b080447f1765be773b7a121f7eacdb43b8756d7b0 | StrelaStealer payload (confidence level: 95%) | |
hashd065fe604b4f4b9c4b7123d866454dbf | StrelaStealer payload (confidence level: 95%) | |
hash9fcfcdd49bbf36165e8ad9382ba48648717ca435 | Remcos payload (confidence level: 95%) | |
hash3543cabb8f07c2ca336999986b1889540db647c250dcf26db025f5d1139ec5e4 | Remcos payload (confidence level: 95%) | |
hash18a48ac8f1801cd4bf74c5d6004bc67b | Remcos payload (confidence level: 95%) | |
hash6e8bd18692ec28cfc6f69bace77ea0c0e72f6983 | Remcos payload (confidence level: 95%) | |
hashead9f443d43e6c9548964721edbf937b1cdf9b5d6126682714de2aba4a086078 | Remcos payload (confidence level: 95%) | |
hash1a86a01fa9ad887b141ae5438b704a69 | Remcos payload (confidence level: 95%) | |
hash7d78bf35c355410d810cefc781e81e9a38dc2db4 | Remcos payload (confidence level: 95%) | |
hash3093077e390786c3463e88ea9520a2423102c90486b250fad40105fbad16285e | Remcos payload (confidence level: 95%) | |
hash4b65e2781151da24afdc16f824024078 | Remcos payload (confidence level: 95%) | |
hashfc8de9895a3744af20d9f40c4867864a76750de9 | Rhadamanthys payload (confidence level: 95%) | |
hash415b94605e8ea36e31cf5efbb6262f65d375eec545e67cc1776cde3744a8cf5b | Rhadamanthys payload (confidence level: 95%) | |
hash151f03d3629bd4b4af57bf3abfe59419 | Rhadamanthys payload (confidence level: 95%) | |
hash9891f12413df19c1439c23a1c1c331672c4ef787 | Rhadamanthys payload (confidence level: 95%) | |
hash307c3f55aff96096d8178d52989116aff0e3d4b52b5b28ce38f7cecfbc99e2cd | Rhadamanthys payload (confidence level: 95%) | |
hashb9d37887caab4ff13008c426eb89a92d | Rhadamanthys payload (confidence level: 95%) | |
hash5856a0b19b44d815ff4572f6574a764ce4953931 | Rhadamanthys payload (confidence level: 95%) | |
hash1e3a9183d9ac669b2c877fa746b31d1c292324027d9679f95799679e5e13dc1d | Rhadamanthys payload (confidence level: 95%) | |
hashbd83ec871d7797d8cc085bffed793665 | Rhadamanthys payload (confidence level: 95%) | |
hashaa59f1f76b0053bbab939552dc32b60463852ab9 | Rhadamanthys payload (confidence level: 95%) | |
hash0b2ddb84a655024f37729c5a998d065f4b3f88bd3de2784025dc245104fbc752 | Rhadamanthys payload (confidence level: 95%) | |
hasha2b453b524de5f618fac8c22a0511a7f | Rhadamanthys payload (confidence level: 95%) | |
hashd99a7be3e0fc02ac3d359105d0687513edb27e1e | Agent Tesla payload (confidence level: 95%) | |
hash5e72fe9c6707f14a3a5b8d71812774a4880123f2742e4027be1c6bcee1dd6b09 | Agent Tesla payload (confidence level: 95%) | |
hash6a2b78603e9e111ab3c40e76a6d6b234 | Agent Tesla payload (confidence level: 95%) | |
hashfacae5968226b2cc9b8ad7630c72452928fba7ff | Amadey payload (confidence level: 95%) | |
hash56be345b2a3d73fb2d7090c24fdfc4c91a51a274b1479af67551c234ef621758 | Amadey payload (confidence level: 95%) | |
hash50c489491fc7ed45f924e0941377666f | Amadey payload (confidence level: 95%) | |
hash8194ff4f67616b1866cfcbf629b7160bbbac44df | Agent Tesla payload (confidence level: 95%) | |
hashf45b912a4b11f3294aabb69e6f533055bf6363fe91cb2b743d927abf0e748f4a | Agent Tesla payload (confidence level: 95%) | |
hash5cb436345d8c0fb01a3d64be3cdd33b9 | Agent Tesla payload (confidence level: 95%) | |
hash889c461aa383a76765cef2df78f7711baac46420 | StrelaStealer payload (confidence level: 95%) | |
hash59a9f58e089576e053f87c747158987d3d6fd80bfd58ce3b82cfa3d3b4966228 | StrelaStealer payload (confidence level: 95%) | |
hash6ce2a214eafc4a3f1717c2e835cc0cc9 | StrelaStealer payload (confidence level: 95%) | |
hash5a994b7478de7c081c68835227817a43b0903f38 | HijackLoader payload (confidence level: 95%) | |
hashf2b307c985cd781039b54ce7fd7ec58b14f2cb8b55cacd6fa987a291c4082b4f | HijackLoader payload (confidence level: 95%) | |
hashe66180198be0e557e26e57b93c1f68b1 | HijackLoader payload (confidence level: 95%) | |
hash62c28ff7754ff203a3e5f9a92b059652e27dc57f | ValleyRAT payload (confidence level: 95%) | |
hash5ffd0cc8290061b5c65b277dfa82f12596908715d264928f2008452e9bb7bce1 | ValleyRAT payload (confidence level: 95%) | |
hash518f06379ec6c5d13303b400236842c0 | ValleyRAT payload (confidence level: 95%) | |
hash3d72afe6e410c1380315dc5da1fb6e3ef4b7a18c | FakeCry payload (confidence level: 95%) | |
hash0d95e636a7e133f2d04f8cdcc0e7e46628a3172f6f5e8e3f2ceea014c911fd4c | FakeCry payload (confidence level: 95%) | |
hash043eab0dd94c303a7776c4c0ea39d97c | FakeCry payload (confidence level: 95%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash8443 | Havoc botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash2222 | Sliver botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash4444 | Meterpreter botnet C2 server (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://ret.aztu.edu.az | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://ret.demoserviciopcmendoza.com.ar | Vidar botnet C2 (confidence level: 75%) | |
urlhttp://cm31471.tw1.ru/f243cc5e.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://famixsk.shop/oxwi | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://202.181.148.70/sanya.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://mi.raisindispose.com/kawt2qxfppuenm/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttps://joebesser.com/6n8v.js | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttps://joebesser.com/js.php | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttps://duz.aztu.edu.az | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://duz.demoserviciopcmendoza.com.ar | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://bellmnk.asia/yoax | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://mindhlo.qpon/xawq | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://capitam.qpon/zdal | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://nerlzi.asia/zdje | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://t.me/dfhdfhbdfghndgfjn | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://conbjao.qpon/xqwr | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://t.me/fgndfgndfh | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://lepidry.asia/awxz | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://api.telegram.org/bot7557878970:aafs5lkd9fstq5telp4hsep3l0g04w4ovm4/sendmessage | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttps://api.telegram.org/bot7557878970:aahtdeaohoricou6x7asxqcraj6a4a8opfa/sendmessage | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttps://api.telegram.org/bot7796044263:aagk9wes-tjomwb7dueqfts6yk9czs3plgy/sendmessage | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttps://ray2me.com/ajax/pixi.min.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://everyday2gether.info/res/longmushroomvirus | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttp://144.31.221.126:6060/capcha9856 | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttp://23.160.56.115/p.txt | Unknown malware payload delivery URL (confidence level: 75%) | |
urlhttps://pis.aztu.edu.az | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://pis.demoserviciopcmendoza.com.ar | Vidar botnet C2 (confidence level: 75%) | |
urlhttp://726346cm.nyash.es/multiwordpress.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://runjhb.asia/ruuw | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://sirhirssg.su/ecti | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://chrome1update.shop | Stealc botnet C2 (confidence level: 100%) | |
urlhttps://yyi.aztu.edu.az | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://yyi.demoserviciopcmendoza.com.ar | Vidar botnet C2 (confidence level: 75%) |
Threat ID: 68cb4ffee5fa2c8b1490da0b
Added to database: 9/18/2025, 12:19:10 AM
Last enriched: 9/18/2025, 12:34:24 AM
Last updated: 9/19/2025, 1:05:18 AM
Views: 11
Related Threats
ThreatFox IOCs for 2025-09-18
MediumMalwareFri Sep 19 2025
Fake Empire Podcast Invites Target Crypto Industry with macOS AMOS Stealer
MediumMalwareThu Sep 18 2025
Malicious PyPI Packages Deliver SilentSync RAT
MediumMalwareThu Sep 18 2025
"Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack
MediumMalwareThu Sep 18 2025
New Raven Stealer Malware Hits Browsers for Cookies, Passwords and Payment Data
MediumMalwareWed Sep 17 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.