Reconnecting to live updates…
ThreatFox IOCs for 2025-09-27
Severity: mediumType: malware
ThreatFox IOCs for 2025-09-27
AI Analysis
Technical Summary
The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2025-09-27 by the ThreatFox MISP Feed. These IOCs are categorized under malware-related activities, specifically focusing on OSINT (Open Source Intelligence), network activity, and payload delivery. However, the data lacks detailed technical specifics such as affected software versions, exploit mechanisms, or payload characteristics. The threat is tagged with 'type:osint' and 'tlp:white', indicating that the information is intended for broad sharing without restrictions. The absence of known exploits in the wild and the lack of patch availability suggest that this is an intelligence report rather than an active vulnerability or exploit. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, which may imply moderate dissemination or detection. No concrete indicators (such as IP addresses, hashes, or domains) are provided, limiting the ability to perform targeted detection or response. Overall, this appears to be a collection of threat intelligence data aimed at enhancing situational awareness rather than describing a specific, exploitable vulnerability or active malware campaign.
Potential Impact
Given the lack of detailed technical information and absence of known exploits, the immediate impact on European organizations is likely limited. However, the presence of payload delivery and network activity tags suggests potential risks if these IOCs correspond to emerging malware campaigns or threat actor infrastructure. European organizations that rely heavily on OSINT tools or network monitoring may find value in integrating these IOCs into their detection systems to preemptively identify suspicious activity. The medium severity rating indicates a moderate level of concern, possibly due to the potential for these IOCs to be part of broader reconnaissance or initial infection stages. Without specific exploit details or affected products, the direct impact on confidentiality, integrity, or availability remains uncertain but is probably low to medium at this stage.
Mitigation Recommendations
To mitigate potential risks associated with these IOCs, European organizations should: 1) Integrate the provided IOCs into existing security information and event management (SIEM) systems and threat intelligence platforms to enhance detection capabilities. 2) Maintain up-to-date network monitoring and anomaly detection to identify unusual payload delivery attempts or network activity. 3) Conduct regular OSINT and threat intelligence reviews to correlate these IOCs with other emerging threats and adjust defenses accordingly. 4) Educate security teams on the importance of early-stage indicators and encourage proactive hunting based on these IOCs. 5) Since no patches are available, focus on strengthening perimeter defenses, endpoint protection, and network segmentation to limit potential lateral movement if these IOCs are linked to active campaigns.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
Indicators of Compromise
- domain: media-kg.gl.at.ply.gg
- file: 62.164.177.249
- hash: 443
- file: 144.172.108.70
- hash: 4433
- file: 62.192.173.249
- hash: 80
- file: 117.72.209.44
- hash: 7001
- file: 91.92.242.96
- hash: 443
- file: 92.61.71.38
- hash: 2404
- file: 186.169.33.26
- hash: 2404
- file: 176.202.9.84
- hash: 81
- file: 185.94.29.137
- hash: 2222
- file: 16.171.55.6
- hash: 443
- file: 164.90.202.243
- hash: 4321
- domain: 0m.jagc.ru
- file: 91.235.116.149
- hash: 34241
- domain: eq.jagc.ru
- domain: m8.i-215.ru
- domain: u0.jagc.ru
- domain: 6v.jagc.ru
- domain: 8a.tiqk.ru
- domain: q3n.i-215.ru
- domain: clearate.cloud
- domain: 4f.tiqk.ru
- file: 205.185.125.97
- hash: 1999
- url: http://47.122.63.148:45981/a3zo
- domain: gj.tiqk.ru
- domain: 5u.tiqk.ru
- file: 104.168.7.200
- hash: 2404
- file: 62.60.131.168
- hash: 2404
- file: 147.124.217.204
- hash: 2404
- file: 196.251.81.162
- hash: 2404
- file: 84.19.175.184
- hash: 56470
- file: 4.228.216.14
- hash: 2404
- file: 20.162.118.231
- hash: 443
- file: 213.176.18.51
- hash: 9999
- file: 85.192.48.217
- hash: 9812
- file: 185.123.102.33
- hash: 29852
- file: 162.255.177.239
- hash: 8443
- file: 59.22.119.248
- hash: 8443
- file: 211.218.253.112
- hash: 8443
- file: 89.253.80.180
- hash: 8443
- file: 24.200.62.236
- hash: 8443
- file: 1.174.116.5
- hash: 8443
- file: 213.157.164.209
- hash: 8443
- file: 64.5.73.221
- hash: 8443
- file: 213.50.26.192
- hash: 8443
- file: 85.134.22.191
- hash: 8443
- file: 104.158.99.66
- hash: 8443
- file: 223.122.253.227
- hash: 8443
- file: 161.97.245.42
- hash: 8443
- file: 205.151.118.84
- hash: 8443
- file: 211.48.115.218
- hash: 8443
- file: 108.170.164.187
- hash: 8443
- file: 59.31.224.135
- hash: 8443
- file: 194.103.16.93
- hash: 8443
- file: 121.138.241.187
- hash: 8443
- file: 101.200.73.39
- hash: 5555
- file: 194.135.16.156
- hash: 3333
- file: 216.238.83.248
- hash: 443
- file: 49.12.70.16
- hash: 3333
- file: 94.74.91.97
- hash: 80
- file: 18.207.151.246
- hash: 3333
- file: 134.209.116.82
- hash: 3333
- file: 38.60.227.149
- hash: 80
- file: 82.97.247.192
- hash: 8443
- file: 79.110.49.101
- hash: 3333
- file: 13.235.243.108
- hash: 4433
- file: 66.111.113.34
- hash: 443
- file: 200.91.114.156
- hash: 443
- file: 158.94.208.167
- hash: 2830
- domain: 3.tiqk.ru
- domain: t1.i-215.ru
- file: 103.176.197.131
- hash: 53
- domain: o.nybk.ru
- domain: g.u-885.ru
- domain: 0.nybk.ru
- domain: aa9.u-885.ru
- file: 8.133.198.27
- hash: 8888
- file: 39.100.91.204
- hash: 80
- file: 111.231.168.28
- hash: 443
- file: 43.166.246.26
- hash: 8001
- file: 91.226.72.245
- hash: 7000
- file: 103.176.197.131
- hash: 90
- file: 45.192.219.19
- hash: 8520
- file: 45.192.219.19
- hash: 8521
- file: 45.192.219.19
- hash: 8522
- domain: 0b.nybk.ru
- domain: k7.u-885.ru
- file: 124.70.6.252
- hash: 2222
- file: 109.205.213.121
- hash: 4444
- file: 166.88.117.240
- hash: 2404
- file: 18.222.233.217
- hash: 2404
- file: 141.255.162.250
- hash: 9000
- file: 147.45.45.130
- hash: 3232
- file: 104.194.154.161
- hash: 7000
- domain: gz.nybk.ru
- file: 139.84.133.84
- hash: 443
- file: 146.103.116.153
- hash: 443
- file: 154.214.45.42
- hash: 443
- file: 178.16.55.52
- hash: 443
- file: 34.202.169.107
- hash: 443
- file: 45.66.249.68
- hash: 443
- file: 45.66.249.68
- hash: 80
- file: 60.204.225.69
- hash: 40056
- domain: r.u-989.ru
- file: 99.83.215.169
- hash: 8126
- domain: xq.nybk.ru
- domain: u5.u-989.ru
- domain: pc.mynq.ru
- domain: bm.mynq.ru
- domain: qk2.u-989.ru
- domain: 4j.mynq.ru
- file: 193.84.71.81
- hash: 443
- file: 64.188.91.173
- hash: 443
- domain: lgbtmeme.shop
- domain: dn.mynq.ru
- file: 151.243.18.194
- hash: 443
- domain: bigstepix.shop
- file: 136.0.141.245
- hash: 443
- domain: 16.mynq.ru
- domain: e1.u-989.ru
- file: 136.0.141.91
- hash: 443
- domain: ts.lexz.ru
- domain: x.e-783.ru
- domain: 8f.lexz.ru
- domain: b2.e-783.ru
- domain: neighll.click
- domain: gregmhy.lol
- domain: sacrakyf.xin
- domain: actmwtn.my
- domain: builie.top
- domain: secrequ.top
- domain: delazvf.forum
- domain: orinacg.top
- domain: assalafuz.lat
- domain: unshyqov.xin
- domain: inchapxe.xin
- domain: bloodydi.xin
- domain: aegiqlfb.xin
- domain: paleatgh.xin
- domain: ligmfbx.top
- domain: hyduwkvd.forum
- domain: ydobniudivan.ru
- domain: hatsalnm.forum
- domain: ebuinwgs.forum
- domain: synrxvtd.forum
- domain: 5q.lexz.ru
- domain: tq1.e-783.ru
- domain: vl.lexz.ru
- file: 113.44.168.133
- hash: 58626
- file: 123.249.112.71
- hash: 8080
- file: 43.156.63.124
- hash: 65535
- file: 103.86.47.130
- hash: 80
- file: 91.193.7.162
- hash: 6513
- file: 107.172.44.179
- hash: 14645
- file: 196.251.114.28
- hash: 2004
- file: 157.230.173.109
- hash: 8808
- file: 181.162.150.192
- hash: 8080
- file: 38.54.12.47
- hash: 443
- domain: maps-scoop.gl.at.ply.gg
- file: 139.28.36.95
- hash: 8080
- url: http://91.92.240.18
- file: 118.190.204.245
- hash: 71
- file: 118.190.204.245
- hash: 81
- file: 118.190.204.245
- hash: 91
- domain: b5.lexz.ru
- domain: m7.e-783.ru
- domain: wl.xabz.ru
- domain: n.o-096.ru
- domain: hdwyebwfvjs.cn
- file: 18.180.69.63
- hash: 670
- domain: koadbzmlqiyr.cn
- file: 193.23.3.29
- hash: 8590
- file: 91.92.240.130
- hash: 6000
- domain: wzlive.support
- file: 156.234.214.178
- hash: 888
- file: 156.234.214.180
- hash: 888
- file: 156.234.36.252
- hash: 888
- file: 3.99.181.67
- hash: 443
- file: 43.240.239.142
- hash: 888
- file: 144.31.193.106
- hash: 443
- domain: sc.xabz.ru
- domain: wz.xabz.ru
- domain: c7.o-096.ru
- domain: n.xabz.ru
- domain: wq9.o-096.ru
- domain: g.xabz.ru
- domain: r2.o-096.ru
- domain: jo.qekz.ru
- domain: bx.qekz.ru
- domain: jn.qekz.ru
- domain: h.u-251.ru
- domain: ak.qekz.ru
- domain: u1.u-251.ru
- domain: er.qekz.ru
- domain: qm9.u-251.ru
- domain: z3.u-251.ru
- domain: y.a-144.ru
- domain: k4.a-144.ru
- domain: pm7.a-144.ru
- file: 143.92.37.160
- hash: 443
- file: 196.57.129.61
- hash: 2404
- file: 196.57.129.62
- hash: 2404
- file: 37.97.133.245
- hash: 7443
- file: 23.227.199.67
- hash: 443
- file: 23.227.199.58
- hash: 443
- file: 157.245.109.89
- hash: 8081
- file: 179.111.199.50
- hash: 7000
- file: 56.124.56.70
- hash: 48950
- file: 84.27.86.226
- hash: 443
- file: 83.136.255.114
- hash: 8000
- domain: g4.a-144.ru
- domain: k.a-311.ru
- file: 185.93.89.99
- hash: 4782
- file: 193.161.193.99
- hash: 30380
- file: 31.57.97.59
- hash: 505
- domain: v2.a-311.ru
- domain: am.dgzy1.ru
- domain: qz9.a-311.ru
- domain: kingstare-54289.portmap.host
- domain: insurance-scuba.gl.at.ply.gg
- domain: conference-plate.gl.at.ply.gg
- file: 46.173.214.102
- hash: 42873
- domain: t1.a-311.ru
- domain: k.u-97w.ru
- file: 144.124.234.178
- hash: 443
- file: 173.212.202.8
- hash: 8329
- file: 45.150.128.160
- hash: 443
- file: 70.27.138.170
- hash: 2222
- domain: v2.u-97w.ru
- domain: qz9.u-97w.ru
- file: 45.74.34.32
- hash: 2025
- domain: at.hmvu4.ru
- domain: t1.u-97w.ru
- file: 47.122.144.211
- hash: 80
- file: 106.55.249.36
- hash: 443
- file: 47.122.63.148
- hash: 45981
- file: 38.54.85.195
- hash: 80
- file: 192.159.99.232
- hash: 1000
- file: 212.83.139.101
- hash: 443
- file: 107.172.135.31
- hash: 14647
- file: 43.156.58.35
- hash: 8888
- file: 95.182.98.119
- hash: 8082
- file: 188.132.197.209
- hash: 80
- file: 69.164.203.46
- hash: 80
- domain: d.e-72t.ru
- url: http://a1164989.xsph.ru/46a6a560.php
- domain: w4.e-72t.ru
- url: http://5.101.84.22/index.php
- domain: pz8.e-72t.ru
- domain: go.hmvu4.ru
- file: 167.172.75.250
- hash: 443
- domain: he.xmho3.ru
- domain: h1.e-72t.ru
- file: 87.242.106.13
- hash: 17727
- domain: l.e-99n.ru
- domain: c5.e-99n.ru
ThreatFox IOCs for 2025-09-27
0
MediumPublished: Sat Sep 27 2025 (09/27/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-09-27
AI-Powered Analysis
AILast updated: 09/28/2025, 00:33:33 UTC
Technical Analysis
The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2025-09-27 by the ThreatFox MISP Feed. These IOCs are categorized under malware-related activities, specifically focusing on OSINT (Open Source Intelligence), network activity, and payload delivery. However, the data lacks detailed technical specifics such as affected software versions, exploit mechanisms, or payload characteristics. The threat is tagged with 'type:osint' and 'tlp:white', indicating that the information is intended for broad sharing without restrictions. The absence of known exploits in the wild and the lack of patch availability suggest that this is an intelligence report rather than an active vulnerability or exploit. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, which may imply moderate dissemination or detection. No concrete indicators (such as IP addresses, hashes, or domains) are provided, limiting the ability to perform targeted detection or response. Overall, this appears to be a collection of threat intelligence data aimed at enhancing situational awareness rather than describing a specific, exploitable vulnerability or active malware campaign.
Potential Impact
Given the lack of detailed technical information and absence of known exploits, the immediate impact on European organizations is likely limited. However, the presence of payload delivery and network activity tags suggests potential risks if these IOCs correspond to emerging malware campaigns or threat actor infrastructure. European organizations that rely heavily on OSINT tools or network monitoring may find value in integrating these IOCs into their detection systems to preemptively identify suspicious activity. The medium severity rating indicates a moderate level of concern, possibly due to the potential for these IOCs to be part of broader reconnaissance or initial infection stages. Without specific exploit details or affected products, the direct impact on confidentiality, integrity, or availability remains uncertain but is probably low to medium at this stage.
Mitigation Recommendations
To mitigate potential risks associated with these IOCs, European organizations should: 1) Integrate the provided IOCs into existing security information and event management (SIEM) systems and threat intelligence platforms to enhance detection capabilities. 2) Maintain up-to-date network monitoring and anomaly detection to identify unusual payload delivery attempts or network activity. 3) Conduct regular OSINT and threat intelligence reviews to correlate these IOCs with other emerging threats and adjust defenses accordingly. 4) Educate security teams on the importance of early-stage indicators and encourage proactive hunting based on these IOCs. 5) Since no patches are available, focus on strengthening perimeter defenses, endpoint protection, and network segmentation to limit potential lateral movement if these IOCs are linked to active campaigns.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 3c8ebf1d-22a1-4df1-a6d8-f11f30a37ff5
- Original Timestamp
- 1759017785
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainmedia-kg.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domain0m.jagc.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaineq.jagc.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm8.i-215.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainu0.jagc.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain6v.jagc.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain8a.tiqk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainq3n.i-215.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainclearate.cloud | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domain4f.tiqk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingj.tiqk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain5u.tiqk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain3.tiqk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaint1.i-215.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaino.nybk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaing.u-885.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain0.nybk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainaa9.u-885.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain0b.nybk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaink7.u-885.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingz.nybk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainr.u-989.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainxq.nybk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainu5.u-989.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpc.mynq.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbm.mynq.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqk2.u-989.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain4j.mynq.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlgbtmeme.shop | Rhadamanthys botnet C2 domain (confidence level: 100%) | |
domaindn.mynq.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbigstepix.shop | Rhadamanthys botnet C2 domain (confidence level: 100%) | |
domain16.mynq.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaine1.u-989.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaints.lexz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainx.e-783.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain8f.lexz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb2.e-783.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainneighll.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingregmhy.lol | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsacrakyf.xin | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainactmwtn.my | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbuilie.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsecrequ.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindelazvf.forum | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainorinacg.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainassalafuz.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainunshyqov.xin | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaininchapxe.xin | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbloodydi.xin | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainaegiqlfb.xin | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpaleatgh.xin | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainligmfbx.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhyduwkvd.forum | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainydobniudivan.ru | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhatsalnm.forum | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainebuinwgs.forum | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsynrxvtd.forum | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domain5q.lexz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintq1.e-783.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainvl.lexz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmaps-scoop.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainb5.lexz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm7.e-783.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwl.xabz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainn.o-096.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhdwyebwfvjs.cn | ValleyRAT botnet C2 domain (confidence level: 100%) | |
domainkoadbzmlqiyr.cn | ValleyRAT botnet C2 domain (confidence level: 100%) | |
domainwzlive.support | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainsc.xabz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwz.xabz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc7.o-096.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainn.xabz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwq9.o-096.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaing.xabz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainr2.o-096.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjo.qekz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbx.qekz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjn.qekz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainh.u-251.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainak.qekz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainu1.u-251.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainer.qekz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqm9.u-251.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainz3.u-251.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainy.a-144.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaink4.a-144.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpm7.a-144.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaing4.a-144.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaink.a-311.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv2.a-311.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainam.dgzy1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqz9.a-311.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkingstare-54289.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaininsurance-scuba.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainconference-plate.gl.at.ply.gg | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domaint1.a-311.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaink.u-97w.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv2.u-97w.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqz9.u-97w.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainat.hmvu4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaint1.u-97w.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaind.e-72t.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainw4.e-72t.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpz8.e-72t.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingo.hmvu4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhe.xmho3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainh1.e-72t.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainl.e-99n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc5.e-99n.ru | ClearFake payload delivery domain (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file62.164.177.249 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file144.172.108.70 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file62.192.173.249 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file117.72.209.44 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.92.242.96 | Latrodectus botnet C2 server (confidence level: 100%) | |
file92.61.71.38 | Remcos botnet C2 server (confidence level: 100%) | |
file186.169.33.26 | Remcos botnet C2 server (confidence level: 100%) | |
file176.202.9.84 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.94.29.137 | Venom RAT botnet C2 server (confidence level: 100%) | |
file16.171.55.6 | PoshC2 botnet C2 server (confidence level: 100%) | |
file164.90.202.243 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file91.235.116.149 | Mirai botnet C2 server (confidence level: 100%) | |
file205.185.125.97 | Mirai botnet C2 server (confidence level: 100%) | |
file104.168.7.200 | Remcos botnet C2 server (confidence level: 100%) | |
file62.60.131.168 | Remcos botnet C2 server (confidence level: 100%) | |
file147.124.217.204 | Remcos botnet C2 server (confidence level: 100%) | |
file196.251.81.162 | Remcos botnet C2 server (confidence level: 100%) | |
file84.19.175.184 | Remcos botnet C2 server (confidence level: 100%) | |
file4.228.216.14 | Remcos botnet C2 server (confidence level: 100%) | |
file20.162.118.231 | Sliver botnet C2 server (confidence level: 100%) | |
file213.176.18.51 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file85.192.48.217 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file185.123.102.33 | Ares botnet C2 server (confidence level: 90%) | |
file162.255.177.239 | Unknown malware botnet C2 server (confidence level: 100%) | |
file59.22.119.248 | Unknown malware botnet C2 server (confidence level: 100%) | |
file211.218.253.112 | Unknown malware botnet C2 server (confidence level: 100%) | |
file89.253.80.180 | Unknown malware botnet C2 server (confidence level: 100%) | |
file24.200.62.236 | Unknown malware botnet C2 server (confidence level: 100%) | |
file1.174.116.5 | Unknown malware botnet C2 server (confidence level: 100%) | |
file213.157.164.209 | Unknown malware botnet C2 server (confidence level: 100%) | |
file64.5.73.221 | Unknown malware botnet C2 server (confidence level: 100%) | |
file213.50.26.192 | Unknown malware botnet C2 server (confidence level: 100%) | |
file85.134.22.191 | Unknown malware botnet C2 server (confidence level: 100%) | |
file104.158.99.66 | Unknown malware botnet C2 server (confidence level: 100%) | |
file223.122.253.227 | Unknown malware botnet C2 server (confidence level: 100%) | |
file161.97.245.42 | Unknown malware botnet C2 server (confidence level: 100%) | |
file205.151.118.84 | Unknown malware botnet C2 server (confidence level: 100%) | |
file211.48.115.218 | Unknown malware botnet C2 server (confidence level: 100%) | |
file108.170.164.187 | Unknown malware botnet C2 server (confidence level: 100%) | |
file59.31.224.135 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.103.16.93 | Unknown malware botnet C2 server (confidence level: 100%) | |
file121.138.241.187 | Unknown malware botnet C2 server (confidence level: 100%) | |
file101.200.73.39 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.135.16.156 | Unknown malware botnet C2 server (confidence level: 100%) | |
file216.238.83.248 | Unknown malware botnet C2 server (confidence level: 100%) | |
file49.12.70.16 | Unknown malware botnet C2 server (confidence level: 100%) | |
file94.74.91.97 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.207.151.246 | Unknown malware botnet C2 server (confidence level: 100%) | |
file134.209.116.82 | Unknown malware botnet C2 server (confidence level: 100%) | |
file38.60.227.149 | Unknown malware botnet C2 server (confidence level: 100%) | |
file82.97.247.192 | Unknown malware botnet C2 server (confidence level: 100%) | |
file79.110.49.101 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.235.243.108 | Unknown malware botnet C2 server (confidence level: 100%) | |
file66.111.113.34 | Unknown malware botnet C2 server (confidence level: 100%) | |
file200.91.114.156 | QakBot botnet C2 server (confidence level: 100%) | |
file158.94.208.167 | XWorm botnet C2 server (confidence level: 100%) | |
file103.176.197.131 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file8.133.198.27 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.100.91.204 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.231.168.28 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.166.246.26 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.226.72.245 | XWorm botnet C2 server (confidence level: 100%) | |
file103.176.197.131 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file45.192.219.19 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file45.192.219.19 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file45.192.219.19 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file124.70.6.252 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file109.205.213.121 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file166.88.117.240 | Remcos botnet C2 server (confidence level: 100%) | |
file18.222.233.217 | Remcos botnet C2 server (confidence level: 100%) | |
file141.255.162.250 | SectopRAT botnet C2 server (confidence level: 100%) | |
file147.45.45.130 | DCRat botnet C2 server (confidence level: 100%) | |
file104.194.154.161 | DCRat botnet C2 server (confidence level: 100%) | |
file139.84.133.84 | Havoc botnet C2 server (confidence level: 75%) | |
file146.103.116.153 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file154.214.45.42 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file178.16.55.52 | Brute Ratel C4 botnet C2 server (confidence level: 75%) | |
file34.202.169.107 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file45.66.249.68 | Broomstick botnet C2 server (confidence level: 75%) | |
file45.66.249.68 | Broomstick botnet C2 server (confidence level: 75%) | |
file60.204.225.69 | Havoc botnet C2 server (confidence level: 75%) | |
file99.83.215.169 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file193.84.71.81 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file64.188.91.173 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file151.243.18.194 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file136.0.141.245 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file136.0.141.91 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file113.44.168.133 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.249.112.71 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.156.63.124 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.86.47.130 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file91.193.7.162 | Remcos botnet C2 server (confidence level: 100%) | |
file107.172.44.179 | Remcos botnet C2 server (confidence level: 100%) | |
file196.251.114.28 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file157.230.173.109 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file181.162.150.192 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file38.54.12.47 | Havoc botnet C2 server (confidence level: 100%) | |
file139.28.36.95 | XWorm botnet C2 server (confidence level: 100%) | |
file118.190.204.245 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file118.190.204.245 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file118.190.204.245 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file18.180.69.63 | ValleyRAT botnet C2 server (confidence level: 75%) | |
file193.23.3.29 | NjRAT botnet C2 server (confidence level: 100%) | |
file91.92.240.130 | XWorm botnet C2 server (confidence level: 100%) | |
file156.234.214.178 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file156.234.214.180 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file156.234.36.252 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file3.99.181.67 | Meterpreter botnet C2 server (confidence level: 75%) | |
file43.240.239.142 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file144.31.193.106 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file143.92.37.160 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file196.57.129.61 | Remcos botnet C2 server (confidence level: 100%) | |
file196.57.129.62 | Remcos botnet C2 server (confidence level: 100%) | |
file37.97.133.245 | Unknown malware botnet C2 server (confidence level: 100%) | |
file23.227.199.67 | Havoc botnet C2 server (confidence level: 100%) | |
file23.227.199.58 | Havoc botnet C2 server (confidence level: 100%) | |
file157.245.109.89 | Havoc botnet C2 server (confidence level: 100%) | |
file179.111.199.50 | Venom RAT botnet C2 server (confidence level: 100%) | |
file56.124.56.70 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file84.27.86.226 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file83.136.255.114 | MimiKatz botnet C2 server (confidence level: 100%) | |
file185.93.89.99 | Quasar RAT botnet C2 server (confidence level: 75%) | |
file193.161.193.99 | NjRAT botnet C2 server (confidence level: 100%) | |
file31.57.97.59 | XWorm botnet C2 server (confidence level: 100%) | |
file46.173.214.102 | Aurotun Stealer botnet C2 server (confidence level: 100%) | |
file144.124.234.178 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file173.212.202.8 | AdaptixC2 botnet C2 server (confidence level: 75%) | |
file45.150.128.160 | Havoc botnet C2 server (confidence level: 75%) | |
file70.27.138.170 | QakBot botnet C2 server (confidence level: 75%) | |
file45.74.34.32 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
file47.122.144.211 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.55.249.36 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.122.63.148 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.54.85.195 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file192.159.99.232 | Remcos botnet C2 server (confidence level: 100%) | |
file212.83.139.101 | Remcos botnet C2 server (confidence level: 100%) | |
file107.172.135.31 | Remcos botnet C2 server (confidence level: 100%) | |
file43.156.58.35 | Unknown malware botnet C2 server (confidence level: 100%) | |
file95.182.98.119 | Hook botnet C2 server (confidence level: 100%) | |
file188.132.197.209 | Hook botnet C2 server (confidence level: 100%) | |
file69.164.203.46 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file167.172.75.250 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file87.242.106.13 | XWorm botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash81 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2222 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash443 | PoshC2 botnet C2 server (confidence level: 100%) | |
hash4321 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash34241 | Mirai botnet C2 server (confidence level: 100%) | |
hash1999 | Mirai botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash56470 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash9999 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9812 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash29852 | Ares botnet C2 server (confidence level: 90%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5555 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4433 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 100%) | |
hash2830 | XWorm botnet C2 server (confidence level: 100%) | |
hash53 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash90 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8520 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8521 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8522 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash2222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash3232 | DCRat botnet C2 server (confidence level: 100%) | |
hash7000 | DCRat botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash443 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Brute Ratel C4 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Broomstick botnet C2 server (confidence level: 75%) | |
hash80 | Broomstick botnet C2 server (confidence level: 75%) | |
hash40056 | Havoc botnet C2 server (confidence level: 75%) | |
hash8126 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash58626 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash65535 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash6513 | Remcos botnet C2 server (confidence level: 100%) | |
hash14645 | Remcos botnet C2 server (confidence level: 100%) | |
hash2004 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8080 | XWorm botnet C2 server (confidence level: 100%) | |
hash71 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash81 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash91 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash670 | ValleyRAT botnet C2 server (confidence level: 75%) | |
hash8590 | NjRAT botnet C2 server (confidence level: 100%) | |
hash6000 | XWorm botnet C2 server (confidence level: 100%) | |
hash888 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash888 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash888 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash888 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash443 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8081 | Havoc botnet C2 server (confidence level: 100%) | |
hash7000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash48950 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8000 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 75%) | |
hash30380 | NjRAT botnet C2 server (confidence level: 100%) | |
hash505 | XWorm botnet C2 server (confidence level: 100%) | |
hash42873 | Aurotun Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash8329 | AdaptixC2 botnet C2 server (confidence level: 75%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash2222 | QakBot botnet C2 server (confidence level: 75%) | |
hash2025 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash45981 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1000 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Remcos botnet C2 server (confidence level: 100%) | |
hash14647 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash17727 | XWorm botnet C2 server (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://47.122.63.148:45981/a3zo | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://91.92.240.18 | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://a1164989.xsph.ru/46a6a560.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://5.101.84.22/index.php | Koi Loader botnet C2 (confidence level: 100%) |
Threat ID: 68d87ebe5d6228f86ddcb0c6
Added to database: 9/28/2025, 12:18:06 AM
Last enriched: 9/28/2025, 12:33:33 AM
Last updated: 11/14/2025, 4:18:30 AM
Views: 128
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
ThreatFox IOCs for 2025-11-13
MediumMalwareFri Nov 14 2025
Unleashing the Kraken ransomware group
MediumMalwareThu Nov 13 2025
Homeland Security Brief - November 2025
MediumMalwareThu Nov 13 2025
Operation Endgame Takes Down Rhadamanthys Infostealer, VenomRAT and Elysium Botnet, Seize 1025 servers and Arrest 1
MediumMalwareThu Nov 13 2025
Coyote, Maverick Banking Trojans Run Rampant in Brazil
MediumMalwareThu Nov 13 2025
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.