ThreatFox IOCs for 2025-09-27
Severity: mediumType: malware
ThreatFox IOCs for 2025-09-27
AI Analysis
Technical Summary
The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2025-09-27 by the ThreatFox MISP Feed. These IOCs are categorized under malware-related activities, specifically focusing on OSINT (Open Source Intelligence), network activity, and payload delivery. However, the data lacks detailed technical specifics such as affected software versions, exploit mechanisms, or payload characteristics. The threat is tagged with 'type:osint' and 'tlp:white', indicating that the information is intended for broad sharing without restrictions. The absence of known exploits in the wild and the lack of patch availability suggest that this is an intelligence report rather than an active vulnerability or exploit. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, which may imply moderate dissemination or detection. No concrete indicators (such as IP addresses, hashes, or domains) are provided, limiting the ability to perform targeted detection or response. Overall, this appears to be a collection of threat intelligence data aimed at enhancing situational awareness rather than describing a specific, exploitable vulnerability or active malware campaign.
Potential Impact
Given the lack of detailed technical information and absence of known exploits, the immediate impact on European organizations is likely limited. However, the presence of payload delivery and network activity tags suggests potential risks if these IOCs correspond to emerging malware campaigns or threat actor infrastructure. European organizations that rely heavily on OSINT tools or network monitoring may find value in integrating these IOCs into their detection systems to preemptively identify suspicious activity. The medium severity rating indicates a moderate level of concern, possibly due to the potential for these IOCs to be part of broader reconnaissance or initial infection stages. Without specific exploit details or affected products, the direct impact on confidentiality, integrity, or availability remains uncertain but is probably low to medium at this stage.
Mitigation Recommendations
To mitigate potential risks associated with these IOCs, European organizations should: 1) Integrate the provided IOCs into existing security information and event management (SIEM) systems and threat intelligence platforms to enhance detection capabilities. 2) Maintain up-to-date network monitoring and anomaly detection to identify unusual payload delivery attempts or network activity. 3) Conduct regular OSINT and threat intelligence reviews to correlate these IOCs with other emerging threats and adjust defenses accordingly. 4) Educate security teams on the importance of early-stage indicators and encourage proactive hunting based on these IOCs. 5) Since no patches are available, focus on strengthening perimeter defenses, endpoint protection, and network segmentation to limit potential lateral movement if these IOCs are linked to active campaigns.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
Indicators of Compromise
- domain: media-kg.gl.at.ply.gg
- file: 62.164.177.249
- hash: 443
- file: 144.172.108.70
- hash: 4433
- file: 62.192.173.249
- hash: 80
- file: 117.72.209.44
- hash: 7001
- file: 91.92.242.96
- hash: 443
- file: 92.61.71.38
- hash: 2404
- file: 186.169.33.26
- hash: 2404
- file: 176.202.9.84
- hash: 81
- file: 185.94.29.137
- hash: 2222
- file: 16.171.55.6
- hash: 443
- file: 164.90.202.243
- hash: 4321
- domain: 0m.jagc.ru
- file: 91.235.116.149
- hash: 34241
- domain: eq.jagc.ru
- domain: m8.i-215.ru
- domain: u0.jagc.ru
- domain: 6v.jagc.ru
- domain: 8a.tiqk.ru
- domain: q3n.i-215.ru
- domain: clearate.cloud
- domain: 4f.tiqk.ru
- file: 205.185.125.97
- hash: 1999
- url: http://47.122.63.148:45981/a3zo
- domain: gj.tiqk.ru
- domain: 5u.tiqk.ru
- file: 104.168.7.200
- hash: 2404
- file: 62.60.131.168
- hash: 2404
- file: 147.124.217.204
- hash: 2404
- file: 196.251.81.162
- hash: 2404
- file: 84.19.175.184
- hash: 56470
- file: 4.228.216.14
- hash: 2404
- file: 20.162.118.231
- hash: 443
- file: 213.176.18.51
- hash: 9999
- file: 85.192.48.217
- hash: 9812
- file: 185.123.102.33
- hash: 29852
- file: 162.255.177.239
- hash: 8443
- file: 59.22.119.248
- hash: 8443
- file: 211.218.253.112
- hash: 8443
- file: 89.253.80.180
- hash: 8443
- file: 24.200.62.236
- hash: 8443
- file: 1.174.116.5
- hash: 8443
- file: 213.157.164.209
- hash: 8443
- file: 64.5.73.221
- hash: 8443
- file: 213.50.26.192
- hash: 8443
- file: 85.134.22.191
- hash: 8443
- file: 104.158.99.66
- hash: 8443
- file: 223.122.253.227
- hash: 8443
- file: 161.97.245.42
- hash: 8443
- file: 205.151.118.84
- hash: 8443
- file: 211.48.115.218
- hash: 8443
- file: 108.170.164.187
- hash: 8443
- file: 59.31.224.135
- hash: 8443
- file: 194.103.16.93
- hash: 8443
- file: 121.138.241.187
- hash: 8443
- file: 101.200.73.39
- hash: 5555
- file: 194.135.16.156
- hash: 3333
- file: 216.238.83.248
- hash: 443
- file: 49.12.70.16
- hash: 3333
- file: 94.74.91.97
- hash: 80
- file: 18.207.151.246
- hash: 3333
- file: 134.209.116.82
- hash: 3333
- file: 38.60.227.149
- hash: 80
- file: 82.97.247.192
- hash: 8443
- file: 79.110.49.101
- hash: 3333
- file: 13.235.243.108
- hash: 4433
- file: 66.111.113.34
- hash: 443
- file: 200.91.114.156
- hash: 443
- file: 158.94.208.167
- hash: 2830
- domain: 3.tiqk.ru
- domain: t1.i-215.ru
- file: 103.176.197.131
- hash: 53
- domain: o.nybk.ru
- domain: g.u-885.ru
- domain: 0.nybk.ru
- domain: aa9.u-885.ru
- file: 8.133.198.27
- hash: 8888
- file: 39.100.91.204
- hash: 80
- file: 111.231.168.28
- hash: 443
- file: 43.166.246.26
- hash: 8001
- file: 91.226.72.245
- hash: 7000
- file: 103.176.197.131
- hash: 90
- file: 45.192.219.19
- hash: 8520
- file: 45.192.219.19
- hash: 8521
- file: 45.192.219.19
- hash: 8522
- domain: 0b.nybk.ru
- domain: k7.u-885.ru
- file: 124.70.6.252
- hash: 2222
- file: 109.205.213.121
- hash: 4444
- file: 166.88.117.240
- hash: 2404
- file: 18.222.233.217
- hash: 2404
- file: 141.255.162.250
- hash: 9000
- file: 147.45.45.130
- hash: 3232
- file: 104.194.154.161
- hash: 7000
- domain: gz.nybk.ru
- file: 139.84.133.84
- hash: 443
- file: 146.103.116.153
- hash: 443
- file: 154.214.45.42
- hash: 443
- file: 178.16.55.52
- hash: 443
- file: 34.202.169.107
- hash: 443
- file: 45.66.249.68
- hash: 443
- file: 45.66.249.68
- hash: 80
- file: 60.204.225.69
- hash: 40056
- domain: r.u-989.ru
- file: 99.83.215.169
- hash: 8126
- domain: xq.nybk.ru
- domain: u5.u-989.ru
- domain: pc.mynq.ru
- domain: bm.mynq.ru
- domain: qk2.u-989.ru
- domain: 4j.mynq.ru
- file: 193.84.71.81
- hash: 443
- file: 64.188.91.173
- hash: 443
- domain: lgbtmeme.shop
- domain: dn.mynq.ru
- file: 151.243.18.194
- hash: 443
- domain: bigstepix.shop
- file: 136.0.141.245
- hash: 443
- domain: 16.mynq.ru
- domain: e1.u-989.ru
- file: 136.0.141.91
- hash: 443
- domain: ts.lexz.ru
- domain: x.e-783.ru
- domain: 8f.lexz.ru
- domain: b2.e-783.ru
- domain: neighll.click
- domain: gregmhy.lol
- domain: sacrakyf.xin
- domain: actmwtn.my
- domain: builie.top
- domain: secrequ.top
- domain: delazvf.forum
- domain: orinacg.top
- domain: assalafuz.lat
- domain: unshyqov.xin
- domain: inchapxe.xin
- domain: bloodydi.xin
- domain: aegiqlfb.xin
- domain: paleatgh.xin
- domain: ligmfbx.top
- domain: hyduwkvd.forum
- domain: ydobniudivan.ru
- domain: hatsalnm.forum
- domain: ebuinwgs.forum
- domain: synrxvtd.forum
- domain: 5q.lexz.ru
- domain: tq1.e-783.ru
- domain: vl.lexz.ru
- file: 113.44.168.133
- hash: 58626
- file: 123.249.112.71
- hash: 8080
- file: 43.156.63.124
- hash: 65535
- file: 103.86.47.130
- hash: 80
- file: 91.193.7.162
- hash: 6513
- file: 107.172.44.179
- hash: 14645
- file: 196.251.114.28
- hash: 2004
- file: 157.230.173.109
- hash: 8808
- file: 181.162.150.192
- hash: 8080
- file: 38.54.12.47
- hash: 443
- domain: maps-scoop.gl.at.ply.gg
- file: 139.28.36.95
- hash: 8080
- url: http://91.92.240.18
- file: 118.190.204.245
- hash: 71
- file: 118.190.204.245
- hash: 81
- file: 118.190.204.245
- hash: 91
- domain: b5.lexz.ru
- domain: m7.e-783.ru
- domain: wl.xabz.ru
- domain: n.o-096.ru
- domain: hdwyebwfvjs.cn
- file: 18.180.69.63
- hash: 670
- domain: koadbzmlqiyr.cn
- file: 193.23.3.29
- hash: 8590
- file: 91.92.240.130
- hash: 6000
- domain: wzlive.support
- file: 156.234.214.178
- hash: 888
- file: 156.234.214.180
- hash: 888
- file: 156.234.36.252
- hash: 888
- file: 3.99.181.67
- hash: 443
- file: 43.240.239.142
- hash: 888
- file: 144.31.193.106
- hash: 443
- domain: sc.xabz.ru
- domain: wz.xabz.ru
- domain: c7.o-096.ru
- domain: n.xabz.ru
- domain: wq9.o-096.ru
- domain: g.xabz.ru
- domain: r2.o-096.ru
- domain: jo.qekz.ru
- domain: bx.qekz.ru
- domain: jn.qekz.ru
- domain: h.u-251.ru
- domain: ak.qekz.ru
- domain: u1.u-251.ru
- domain: er.qekz.ru
- domain: qm9.u-251.ru
- domain: z3.u-251.ru
- domain: y.a-144.ru
- domain: k4.a-144.ru
- domain: pm7.a-144.ru
- file: 143.92.37.160
- hash: 443
- file: 196.57.129.61
- hash: 2404
- file: 196.57.129.62
- hash: 2404
- file: 37.97.133.245
- hash: 7443
- file: 23.227.199.67
- hash: 443
- file: 23.227.199.58
- hash: 443
- file: 157.245.109.89
- hash: 8081
- file: 179.111.199.50
- hash: 7000
- file: 56.124.56.70
- hash: 48950
- file: 84.27.86.226
- hash: 443
- file: 83.136.255.114
- hash: 8000
- domain: g4.a-144.ru
- domain: k.a-311.ru
- file: 185.93.89.99
- hash: 4782
- file: 193.161.193.99
- hash: 30380
- file: 31.57.97.59
- hash: 505
- domain: v2.a-311.ru
- domain: am.dgzy1.ru
- domain: qz9.a-311.ru
- domain: kingstare-54289.portmap.host
- domain: insurance-scuba.gl.at.ply.gg
- domain: conference-plate.gl.at.ply.gg
- file: 46.173.214.102
- hash: 42873
- domain: t1.a-311.ru
- domain: k.u-97w.ru
- file: 144.124.234.178
- hash: 443
- file: 173.212.202.8
- hash: 8329
- file: 45.150.128.160
- hash: 443
- file: 70.27.138.170
- hash: 2222
- domain: v2.u-97w.ru
- domain: qz9.u-97w.ru
- file: 45.74.34.32
- hash: 2025
- domain: at.hmvu4.ru
- domain: t1.u-97w.ru
- file: 47.122.144.211
- hash: 80
- file: 106.55.249.36
- hash: 443
- file: 47.122.63.148
- hash: 45981
- file: 38.54.85.195
- hash: 80
- file: 192.159.99.232
- hash: 1000
- file: 212.83.139.101
- hash: 443
- file: 107.172.135.31
- hash: 14647
- file: 43.156.58.35
- hash: 8888
- file: 95.182.98.119
- hash: 8082
- file: 188.132.197.209
- hash: 80
- file: 69.164.203.46
- hash: 80
- domain: d.e-72t.ru
- url: http://a1164989.xsph.ru/46a6a560.php
- domain: w4.e-72t.ru
- url: http://5.101.84.22/index.php
- domain: pz8.e-72t.ru
- domain: go.hmvu4.ru
- file: 167.172.75.250
- hash: 443
- domain: he.xmho3.ru
- domain: h1.e-72t.ru
- file: 87.242.106.13
- hash: 17727
- domain: l.e-99n.ru
- domain: c5.e-99n.ru
ThreatFox IOCs for 2025-09-27
Medium
Published: Sat Sep 27 2025 (09/27/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-09-27
AI-Powered Analysis
AILast updated: 09/28/2025, 00:33:33 UTC
Technical Analysis
The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2025-09-27 by the ThreatFox MISP Feed. These IOCs are categorized under malware-related activities, specifically focusing on OSINT (Open Source Intelligence), network activity, and payload delivery. However, the data lacks detailed technical specifics such as affected software versions, exploit mechanisms, or payload characteristics. The threat is tagged with 'type:osint' and 'tlp:white', indicating that the information is intended for broad sharing without restrictions. The absence of known exploits in the wild and the lack of patch availability suggest that this is an intelligence report rather than an active vulnerability or exploit. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, which may imply moderate dissemination or detection. No concrete indicators (such as IP addresses, hashes, or domains) are provided, limiting the ability to perform targeted detection or response. Overall, this appears to be a collection of threat intelligence data aimed at enhancing situational awareness rather than describing a specific, exploitable vulnerability or active malware campaign.
Potential Impact
Given the lack of detailed technical information and absence of known exploits, the immediate impact on European organizations is likely limited. However, the presence of payload delivery and network activity tags suggests potential risks if these IOCs correspond to emerging malware campaigns or threat actor infrastructure. European organizations that rely heavily on OSINT tools or network monitoring may find value in integrating these IOCs into their detection systems to preemptively identify suspicious activity. The medium severity rating indicates a moderate level of concern, possibly due to the potential for these IOCs to be part of broader reconnaissance or initial infection stages. Without specific exploit details or affected products, the direct impact on confidentiality, integrity, or availability remains uncertain but is probably low to medium at this stage.
Mitigation Recommendations
To mitigate potential risks associated with these IOCs, European organizations should: 1) Integrate the provided IOCs into existing security information and event management (SIEM) systems and threat intelligence platforms to enhance detection capabilities. 2) Maintain up-to-date network monitoring and anomaly detection to identify unusual payload delivery attempts or network activity. 3) Conduct regular OSINT and threat intelligence reviews to correlate these IOCs with other emerging threats and adjust defenses accordingly. 4) Educate security teams on the importance of early-stage indicators and encourage proactive hunting based on these IOCs. 5) Since no patches are available, focus on strengthening perimeter defenses, endpoint protection, and network segmentation to limit potential lateral movement if these IOCs are linked to active campaigns.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 3c8ebf1d-22a1-4df1-a6d8-f11f30a37ff5
- Original Timestamp
- 1759017785
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainmedia-kg.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domain0m.jagc.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaineq.jagc.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm8.i-215.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainu0.jagc.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain6v.jagc.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain8a.tiqk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainq3n.i-215.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainclearate.cloud | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domain4f.tiqk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingj.tiqk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain5u.tiqk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain3.tiqk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaint1.i-215.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaino.nybk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaing.u-885.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain0.nybk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainaa9.u-885.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain0b.nybk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaink7.u-885.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingz.nybk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainr.u-989.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainxq.nybk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainu5.u-989.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpc.mynq.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbm.mynq.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqk2.u-989.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain4j.mynq.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlgbtmeme.shop | Rhadamanthys botnet C2 domain (confidence level: 100%) | |
domaindn.mynq.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbigstepix.shop | Rhadamanthys botnet C2 domain (confidence level: 100%) | |
domain16.mynq.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaine1.u-989.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaints.lexz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainx.e-783.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain8f.lexz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb2.e-783.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainneighll.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingregmhy.lol | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsacrakyf.xin | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainactmwtn.my | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbuilie.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsecrequ.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindelazvf.forum | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainorinacg.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainassalafuz.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainunshyqov.xin | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaininchapxe.xin | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbloodydi.xin | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainaegiqlfb.xin | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpaleatgh.xin | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainligmfbx.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhyduwkvd.forum | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainydobniudivan.ru | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhatsalnm.forum | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainebuinwgs.forum | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsynrxvtd.forum | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domain5q.lexz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintq1.e-783.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainvl.lexz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmaps-scoop.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainb5.lexz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm7.e-783.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwl.xabz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainn.o-096.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhdwyebwfvjs.cn | ValleyRAT botnet C2 domain (confidence level: 100%) | |
domainkoadbzmlqiyr.cn | ValleyRAT botnet C2 domain (confidence level: 100%) | |
domainwzlive.support | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainsc.xabz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwz.xabz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc7.o-096.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainn.xabz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwq9.o-096.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaing.xabz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainr2.o-096.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjo.qekz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbx.qekz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjn.qekz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainh.u-251.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainak.qekz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainu1.u-251.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainer.qekz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqm9.u-251.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainz3.u-251.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainy.a-144.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaink4.a-144.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpm7.a-144.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaing4.a-144.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaink.a-311.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv2.a-311.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainam.dgzy1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqz9.a-311.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkingstare-54289.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaininsurance-scuba.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainconference-plate.gl.at.ply.gg | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domaint1.a-311.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaink.u-97w.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv2.u-97w.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqz9.u-97w.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainat.hmvu4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaint1.u-97w.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaind.e-72t.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainw4.e-72t.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpz8.e-72t.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingo.hmvu4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhe.xmho3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainh1.e-72t.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainl.e-99n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc5.e-99n.ru | ClearFake payload delivery domain (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file62.164.177.249 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file144.172.108.70 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file62.192.173.249 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file117.72.209.44 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.92.242.96 | Latrodectus botnet C2 server (confidence level: 100%) | |
file92.61.71.38 | Remcos botnet C2 server (confidence level: 100%) | |
file186.169.33.26 | Remcos botnet C2 server (confidence level: 100%) | |
file176.202.9.84 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.94.29.137 | Venom RAT botnet C2 server (confidence level: 100%) | |
file16.171.55.6 | PoshC2 botnet C2 server (confidence level: 100%) | |
file164.90.202.243 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file91.235.116.149 | Mirai botnet C2 server (confidence level: 100%) | |
file205.185.125.97 | Mirai botnet C2 server (confidence level: 100%) | |
file104.168.7.200 | Remcos botnet C2 server (confidence level: 100%) | |
file62.60.131.168 | Remcos botnet C2 server (confidence level: 100%) | |
file147.124.217.204 | Remcos botnet C2 server (confidence level: 100%) | |
file196.251.81.162 | Remcos botnet C2 server (confidence level: 100%) | |
file84.19.175.184 | Remcos botnet C2 server (confidence level: 100%) | |
file4.228.216.14 | Remcos botnet C2 server (confidence level: 100%) | |
file20.162.118.231 | Sliver botnet C2 server (confidence level: 100%) | |
file213.176.18.51 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file85.192.48.217 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file185.123.102.33 | Ares botnet C2 server (confidence level: 90%) | |
file162.255.177.239 | Unknown malware botnet C2 server (confidence level: 100%) | |
file59.22.119.248 | Unknown malware botnet C2 server (confidence level: 100%) | |
file211.218.253.112 | Unknown malware botnet C2 server (confidence level: 100%) | |
file89.253.80.180 | Unknown malware botnet C2 server (confidence level: 100%) | |
file24.200.62.236 | Unknown malware botnet C2 server (confidence level: 100%) | |
file1.174.116.5 | Unknown malware botnet C2 server (confidence level: 100%) | |
file213.157.164.209 | Unknown malware botnet C2 server (confidence level: 100%) | |
file64.5.73.221 | Unknown malware botnet C2 server (confidence level: 100%) | |
file213.50.26.192 | Unknown malware botnet C2 server (confidence level: 100%) | |
file85.134.22.191 | Unknown malware botnet C2 server (confidence level: 100%) | |
file104.158.99.66 | Unknown malware botnet C2 server (confidence level: 100%) | |
file223.122.253.227 | Unknown malware botnet C2 server (confidence level: 100%) | |
file161.97.245.42 | Unknown malware botnet C2 server (confidence level: 100%) | |
file205.151.118.84 | Unknown malware botnet C2 server (confidence level: 100%) | |
file211.48.115.218 | Unknown malware botnet C2 server (confidence level: 100%) | |
file108.170.164.187 | Unknown malware botnet C2 server (confidence level: 100%) | |
file59.31.224.135 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.103.16.93 | Unknown malware botnet C2 server (confidence level: 100%) | |
file121.138.241.187 | Unknown malware botnet C2 server (confidence level: 100%) | |
file101.200.73.39 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.135.16.156 | Unknown malware botnet C2 server (confidence level: 100%) | |
file216.238.83.248 | Unknown malware botnet C2 server (confidence level: 100%) | |
file49.12.70.16 | Unknown malware botnet C2 server (confidence level: 100%) | |
file94.74.91.97 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.207.151.246 | Unknown malware botnet C2 server (confidence level: 100%) | |
file134.209.116.82 | Unknown malware botnet C2 server (confidence level: 100%) | |
file38.60.227.149 | Unknown malware botnet C2 server (confidence level: 100%) | |
file82.97.247.192 | Unknown malware botnet C2 server (confidence level: 100%) | |
file79.110.49.101 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.235.243.108 | Unknown malware botnet C2 server (confidence level: 100%) | |
file66.111.113.34 | Unknown malware botnet C2 server (confidence level: 100%) | |
file200.91.114.156 | QakBot botnet C2 server (confidence level: 100%) | |
file158.94.208.167 | XWorm botnet C2 server (confidence level: 100%) | |
file103.176.197.131 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file8.133.198.27 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.100.91.204 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.231.168.28 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.166.246.26 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.226.72.245 | XWorm botnet C2 server (confidence level: 100%) | |
file103.176.197.131 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file45.192.219.19 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file45.192.219.19 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file45.192.219.19 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file124.70.6.252 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file109.205.213.121 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file166.88.117.240 | Remcos botnet C2 server (confidence level: 100%) | |
file18.222.233.217 | Remcos botnet C2 server (confidence level: 100%) | |
file141.255.162.250 | SectopRAT botnet C2 server (confidence level: 100%) | |
file147.45.45.130 | DCRat botnet C2 server (confidence level: 100%) | |
file104.194.154.161 | DCRat botnet C2 server (confidence level: 100%) | |
file139.84.133.84 | Havoc botnet C2 server (confidence level: 75%) | |
file146.103.116.153 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file154.214.45.42 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file178.16.55.52 | Brute Ratel C4 botnet C2 server (confidence level: 75%) | |
file34.202.169.107 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file45.66.249.68 | Broomstick botnet C2 server (confidence level: 75%) | |
file45.66.249.68 | Broomstick botnet C2 server (confidence level: 75%) | |
file60.204.225.69 | Havoc botnet C2 server (confidence level: 75%) | |
file99.83.215.169 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file193.84.71.81 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file64.188.91.173 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file151.243.18.194 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file136.0.141.245 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file136.0.141.91 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file113.44.168.133 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.249.112.71 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.156.63.124 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.86.47.130 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file91.193.7.162 | Remcos botnet C2 server (confidence level: 100%) | |
file107.172.44.179 | Remcos botnet C2 server (confidence level: 100%) | |
file196.251.114.28 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file157.230.173.109 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file181.162.150.192 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file38.54.12.47 | Havoc botnet C2 server (confidence level: 100%) | |
file139.28.36.95 | XWorm botnet C2 server (confidence level: 100%) | |
file118.190.204.245 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file118.190.204.245 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file118.190.204.245 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file18.180.69.63 | ValleyRAT botnet C2 server (confidence level: 75%) | |
file193.23.3.29 | NjRAT botnet C2 server (confidence level: 100%) | |
file91.92.240.130 | XWorm botnet C2 server (confidence level: 100%) | |
file156.234.214.178 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file156.234.214.180 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file156.234.36.252 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file3.99.181.67 | Meterpreter botnet C2 server (confidence level: 75%) | |
file43.240.239.142 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file144.31.193.106 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file143.92.37.160 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file196.57.129.61 | Remcos botnet C2 server (confidence level: 100%) | |
file196.57.129.62 | Remcos botnet C2 server (confidence level: 100%) | |
file37.97.133.245 | Unknown malware botnet C2 server (confidence level: 100%) | |
file23.227.199.67 | Havoc botnet C2 server (confidence level: 100%) | |
file23.227.199.58 | Havoc botnet C2 server (confidence level: 100%) | |
file157.245.109.89 | Havoc botnet C2 server (confidence level: 100%) | |
file179.111.199.50 | Venom RAT botnet C2 server (confidence level: 100%) | |
file56.124.56.70 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file84.27.86.226 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file83.136.255.114 | MimiKatz botnet C2 server (confidence level: 100%) | |
file185.93.89.99 | Quasar RAT botnet C2 server (confidence level: 75%) | |
file193.161.193.99 | NjRAT botnet C2 server (confidence level: 100%) | |
file31.57.97.59 | XWorm botnet C2 server (confidence level: 100%) | |
file46.173.214.102 | Aurotun Stealer botnet C2 server (confidence level: 100%) | |
file144.124.234.178 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file173.212.202.8 | AdaptixC2 botnet C2 server (confidence level: 75%) | |
file45.150.128.160 | Havoc botnet C2 server (confidence level: 75%) | |
file70.27.138.170 | QakBot botnet C2 server (confidence level: 75%) | |
file45.74.34.32 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
file47.122.144.211 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.55.249.36 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.122.63.148 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.54.85.195 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file192.159.99.232 | Remcos botnet C2 server (confidence level: 100%) | |
file212.83.139.101 | Remcos botnet C2 server (confidence level: 100%) | |
file107.172.135.31 | Remcos botnet C2 server (confidence level: 100%) | |
file43.156.58.35 | Unknown malware botnet C2 server (confidence level: 100%) | |
file95.182.98.119 | Hook botnet C2 server (confidence level: 100%) | |
file188.132.197.209 | Hook botnet C2 server (confidence level: 100%) | |
file69.164.203.46 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file167.172.75.250 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file87.242.106.13 | XWorm botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash81 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2222 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash443 | PoshC2 botnet C2 server (confidence level: 100%) | |
hash4321 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash34241 | Mirai botnet C2 server (confidence level: 100%) | |
hash1999 | Mirai botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash56470 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash9999 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9812 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash29852 | Ares botnet C2 server (confidence level: 90%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5555 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4433 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 100%) | |
hash2830 | XWorm botnet C2 server (confidence level: 100%) | |
hash53 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash90 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8520 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8521 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8522 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash2222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash3232 | DCRat botnet C2 server (confidence level: 100%) | |
hash7000 | DCRat botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash443 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Brute Ratel C4 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Broomstick botnet C2 server (confidence level: 75%) | |
hash80 | Broomstick botnet C2 server (confidence level: 75%) | |
hash40056 | Havoc botnet C2 server (confidence level: 75%) | |
hash8126 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash58626 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash65535 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash6513 | Remcos botnet C2 server (confidence level: 100%) | |
hash14645 | Remcos botnet C2 server (confidence level: 100%) | |
hash2004 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8080 | XWorm botnet C2 server (confidence level: 100%) | |
hash71 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash81 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash91 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash670 | ValleyRAT botnet C2 server (confidence level: 75%) | |
hash8590 | NjRAT botnet C2 server (confidence level: 100%) | |
hash6000 | XWorm botnet C2 server (confidence level: 100%) | |
hash888 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash888 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash888 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash888 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash443 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8081 | Havoc botnet C2 server (confidence level: 100%) | |
hash7000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash48950 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8000 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 75%) | |
hash30380 | NjRAT botnet C2 server (confidence level: 100%) | |
hash505 | XWorm botnet C2 server (confidence level: 100%) | |
hash42873 | Aurotun Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash8329 | AdaptixC2 botnet C2 server (confidence level: 75%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash2222 | QakBot botnet C2 server (confidence level: 75%) | |
hash2025 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash45981 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1000 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Remcos botnet C2 server (confidence level: 100%) | |
hash14647 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash17727 | XWorm botnet C2 server (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://47.122.63.148:45981/a3zo | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://91.92.240.18 | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://a1164989.xsph.ru/46a6a560.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://5.101.84.22/index.php | Koi Loader botnet C2 (confidence level: 100%) |
Threat ID: 68d87ebe5d6228f86ddcb0c6
Added to database: 9/28/2025, 12:18:06 AM
Last enriched: 9/28/2025, 12:33:33 AM
Last updated: 9/29/2025, 9:16:30 PM
Views: 16
Related Threats
ThreatFox IOCs for 2025-09-29
MediumMalwareTue Sep 30 2025
SVG Phishing hits Ukraine with Amatera Stealer, PureMiner
MediumMalwareMon Sep 29 2025
Potentially Unwanted Applications (PUAs) weaponized for covert delivery
MediumMalwareMon Sep 29 2025
Olymp Loader: A new Malware-as-a-Service written in Assembly
MediumMalwareMon Sep 29 2025
New LockBit 5.0 Targets Windows, Linux, ESXi
MediumMalwareMon Sep 29 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.