Reconnecting to live updates…

ThreatFox IOCs for 2025-10-05

Severity: mediumType: malware

AI Analysis

Technical Summary

The provided information pertains to a ThreatFox MISP feed entry dated October 5, 2025, which shares Indicators of Compromise (IOCs) related to malware activity. The threat is categorized under OSINT, payload delivery, and network activity, indicating that it involves the collection and dissemination of threat intelligence data rather than a specific malware strain or exploit targeting a particular software version. No affected product versions are listed, and no patches or known exploits in the wild are reported, suggesting this is an intelligence sharing event rather than an active attack vector. The threat level is medium, with a threatLevel score of 2 and distribution score of 3, implying moderate dissemination but limited immediate risk. The absence of CWEs and detailed technical indicators limits the ability to pinpoint exact attack vectors or vulnerabilities. The data likely serves as a resource for security teams to update detection signatures and improve situational awareness. The TLP:white tag indicates that the information is intended for wide distribution, supporting its role as an open intelligence update. Overall, this entry is a snapshot of ongoing malware-related activity observed through OSINT channels, emphasizing the importance of continuous monitoring and intelligence integration in cybersecurity operations.

Potential Impact

For European organizations, the direct impact of this threat is limited due to the absence of active exploits or specific vulnerabilities. However, the shared IOCs can enhance detection capabilities against malware payload delivery and network-based threats. Organizations involved in critical infrastructure, finance, or government sectors may benefit from integrating this intelligence to preemptively identify suspicious network activity or payload attempts. The medium severity suggests a moderate risk level, primarily affecting the confidentiality and integrity of systems if the malware payloads are successfully delivered and executed. The lack of patches or known exploits indicates that the threat is not currently causing widespread disruption but could evolve. European entities with mature security operations centers (SOCs) and threat intelligence teams can leverage this data to strengthen defenses and reduce the risk of undetected compromise. Overall, the impact is more strategic and preventive rather than immediate operational disruption.

Mitigation Recommendations

European organizations should focus on enhancing their threat intelligence ingestion processes by integrating the provided IOCs into existing security information and event management (SIEM) systems and endpoint detection and response (EDR) tools. Network monitoring should be intensified to detect unusual payload delivery attempts or suspicious network activity patterns consistent with the shared intelligence. Security teams should conduct threat hunting exercises using the updated IOCs to identify potential latent infections or reconnaissance activities. Regular training and awareness programs should emphasize the importance of OSINT in identifying emerging threats. Since no patches are available, maintaining robust network segmentation and strict access controls can limit potential malware spread. Collaboration with national cybersecurity centers and sharing updated intelligence can improve collective defense. Finally, organizations should validate and contextualize the IOCs to reduce false positives and optimize response actions.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain

Indicators of Compromise

domain: la.xvqy8.ru
file: 82.67.39.194
hash: 12345
domain: ka.xvqy8.ru
domain: jo.xvqy8.ru
url: http://43.161.221.153:8888/supershell/login/
domain: q.faqyhi.ru
file: 113.45.205.53
hash: 8082
file: 149.56.66.137
hash: 8808
file: 27.78.41.100
hash: 6000
file: 161.35.47.34
hash: 80
file: 54.46.18.227
hash: 80
domain: pc.mexizo.ru
domain: pz8.0-c448.ru
domain: x2j.mexizo.ru
domain: h1.0-c448.ru
domain: bq.mexizo.ru
domain: aa.0-c448.ru
file: 92.119.114.15
hash: 2080
domain: itzprocabal.duckdns.org
domain: r9.mexizo.ru
domain: ef.dbc-8-i.ru
domain: l.9-f566.ru
domain: t1n.mexizo.ru
domain: c5.9-f566.ru
domain: eh.dbc-8-i.ru
file: 216.126.236.247
hash: 80
file: 124.222.32.187
hash: 9850
domain: etal0n.bels.pw
file: 27.78.41.100
hash: 8000
file: 98.80.102.215
hash: 8888
file: 81.70.255.195
hash: 60000
file: 72.60.77.64
hash: 8443
file: 67.220.74.142
hash: 3333
file: 35.171.108.214
hash: 443
file: 103.45.247.233
hash: 1234
file: 34.229.1.115
hash: 443
file: 18.223.114.111
hash: 8080
file: 110.44.18.99
hash: 8084
file: 18.231.109.239
hash: 8080
file: 85.208.9.50
hash: 3333
file: 18.217.197.38
hash: 3333
file: 73.158.236.238
hash: 23
file: 96.44.154.196
hash: 7000
domain: s.wagoda.ru
domain: el.dbc-8-i.ru
domain: xq0.9-f566.ru
domain: h1.wagoda.ru
domain: aa9.9-f566.ru
domain: v3.wagoda.ru
domain: m2.9-f566.ru
domain: em.dbc-8-i.ru
domain: 0zq.wagoda.ru
domain: problem-livecam.gl.at.ply.gg
domain: g.9-k588.ru
file: 147.185.221.17
hash: 44490
file: 147.185.221.17
hash: 31288
file: 206.119.167.236
hash: 8003
file: 206.119.167.236
hash: 8004
domain: p0.wagoda.ru
domain: v2.9-k588.ru
domain: c8.wagoda.ru
domain: aa9.9-k588.ru
domain: 1m.wagoda.ru
domain: a.g601c.ru
domain: k7.9-k588.ru
file: 143.92.62.80
hash: 8520
file: 107.172.255.51
hash: 6017
domain: m9.g601c.ru
domain: r3.9-k588.ru
domain: qz.g601c.ru
domain: r.4-j722.ru
file: 45.197.144.130
hash: 6667
file: 173.44.141.3
hash: 8080
file: 16.171.160.238
hash: 3333
file: 159.223.55.88
hash: 41337
domain: r1.g601c.ru
domain: u5.4-j722.ru
domain: x.g601c.ru
domain: qk2.4-j722.ru
file: 45.87.43.249
hash: 50540
file: 52.222.17.56
hash: 443
file: 52.223.63.97
hash: 443
file: 59.35.57.83
hash: 47041
domain: tn.g601c.ru
domain: e1.4-j722.ru
domain: v2n.g601c.ru
domain: n0.4-j722.ru
domain: e.f926m.ru
domain: n3.f926m.ru
domain: x.2-j695.ru
domain: zt.f926m.ru
domain: b2.2-j695.ru
domain: a1.f926m.ru
domain: tq1.2-j695.ru
domain: pv.f926m.ru
domain: h7.f926m.ru
domain: m7.2-j695.ru
domain: xq9.f926m.ru
domain: universal-analytics-cdn.org
domain: genuspt.pics
domain: glimmed.pics
domain: spideri.pics
domain: likeheb.pics
domain: anteria.pics
domain: k9.2-j695.ru
domain: es.xhs-8-e.ru
domain: n.7-j230.ru
domain: et.xhs-8-e.ru
domain: c7.7-j230.ru
domain: er.xhs-8-e.ru
domain: wq9.7-j230.ru
file: 194.180.49.76
hash: 80
domain: tree-assistance.gl.at.ply.gg
file: 141.98.157.249
hash: 2000
domain: basis-appropriations.gl.at.ply.gg
domain: canadian-inexpensive.gl.at.ply.gg
file: 185.208.156.169
hash: 6501
file: 27.78.41.100
hash: 5001
file: 102.96.214.154
hash: 443
file: 45.197.144.130
hash: 8887
file: 134.122.204.72
hash: 1888
file: 134.122.204.72
hash: 1889
file: 134.122.204.72
hash: 1899
domain: oqslpwgyxjfbxp.top
domain: ew.xhs-8-e.ru
domain: r2.7-j230.ru
file: 45.79.10.244
hash: 10443
domain: ex.xhs-8-e.ru
domain: zd.7-j230.ru
file: 181.235.14.141
hash: 2404
file: 20.201.113.23
hash: 1024
file: 156.225.29.40
hash: 8888
file: 164.90.179.136
hash: 7443
file: 27.78.41.100
hash: 6001
file: 196.251.114.120
hash: 80
domain: login.formall.org
file: 207.246.93.127
hash: 3790
file: 175.110.4.139
hash: 443
file: 98.88.75.92
hash: 7547
file: 196.64.101.111
hash: 2222
file: 196.75.137.57
hash: 2222
domain: h.3-c719.ru
domain: a.tqh2e.ru
domain: u1.3-c719.ru
file: 8.210.213.250
hash: 8443
file: 47.83.163.198
hash: 8443
file: 38.60.218.60
hash: 80
file: 8.217.79.225
hash: 8483
file: 47.243.35.206
hash: 8443
file: 47.243.175.142
hash: 8443
file: 8.210.168.98
hash: 8443
file: 47.243.53.127
hash: 8443
file: 158.255.208.85
hash: 42208
file: 47.83.128.58
hash: 8443
file: 47.242.242.18
hash: 8483
file: 47.242.63.19
hash: 8443
file: 8.218.130.92
hash: 8483
file: 47.243.241.126
hash: 8443
file: 8.218.212.173
hash: 8443
file: 47.242.203.43
hash: 8443
file: 47.243.167.255
hash: 8443
file: 8.218.127.103
hash: 8443
file: 47.243.106.188
hash: 8443
file: 47.86.83.160
hash: 8080
file: 47.86.83.160
hash: 8888
file: 38.60.212.14
hash: 443
file: 38.60.212.14
hash: 80
file: 8.217.152.206
hash: 8443
file: 8.217.121.145
hash: 8483
file: 47.83.186.249
hash: 8080
file: 47.83.186.249
hash: 8888
file: 47.83.129.201
hash: 8443
file: 8.210.188.181
hash: 8443
file: 8.210.9.202
hash: 8443
file: 47.238.154.134
hash: 8080
file: 47.238.154.134
hash: 8888
file: 38.60.212.187
hash: 80
file: 38.60.212.187
hash: 443
file: 8.138.40.91
hash: 4434
file: 47.238.144.106
hash: 8080
file: 47.238.144.106
hash: 8888
domain: qm9.3-c719.ru
domain: z3.3-c719.ru
domain: k4.3-c719.ru
domain: person-expansion.gl.at.ply.gg
domain: y.6-b408.ru
domain: different-walt.gl.at.ply.gg
domain: practice-pf.gl.at.ply.gg
domain: alskaskao44242.dynuddns.com
domain: k4.6-b408.ru
domain: pm7.6-b408.ru
file: 86.105.4.169
hash: 443
file: 147.185.221.211
hash: 58682
domain: g4.6-b408.ru
domain: b1.6-b408.ru
domain: k.4-z493.ru
domain: v2.4-z493.ru
domain: qz9.4-z493.ru
file: 196.119.117.99
hash: 10000
domain: t1.4-z493.ru
domain: m6.4-z493.ru
file: 45.145.225.144
hash: 6000
file: 105.157.43.163
hash: 443
domain: k.h-29i.ru
file: 193.74.80.10
hash: 995
file: 199.68.107.134
hash: 443
file: 24.28.94.175
hash: 443
file: 5.44.45.9
hash: 8888
file: 184.174.20.37
hash: 7000
domain: v2.h-29i.ru
file: 154.9.254.152
hash: 8081
file: 95.81.121.238
hash: 8080
file: 196.251.116.86
hash: 2404
file: 181.162.139.198
hash: 8080
file: 103.154.55.82
hash: 12015
file: 129.159.143.45
hash: 8080
file: 85.9.196.246
hash: 8080
file: 3.85.215.181
hash: 44817
domain: qz9.h-29i.ru
domain: t1.h-29i.ru
file: 185.241.61.102
hash: 2080
url: http://491131cm.n9shteam1.top/tosecurepacketbigloadserversqlbaseflowertemp.php
domain: hm.h-29i.ru
file: 178.162.203.202
hash: 1124
file: 5.79.71.225
hash: 1124
domain: d.m-05o.ru
hash: cd98b4bc1fb6f639ec7398dfdcbcf89f7958507d
hash: 431f3847118cd3d86255c6406e622c5bf75da18576b2d8f17fbef878c5bb234b
hash: ecfb9b4b9269ea9ab538fce181950dd9
hash: 3c55749daf93c8fd1c0d4a553a410d0f469e3a96
hash: 6665a09f016607c1fb50c2680a0a6d16b6c4f7c761a3fcd326126b6b7a582f29
hash: da21e710f576cd7175a6190bce08f95d
hash: eda19cfe6599bb71b286101d9e3baabeb1b74a01
hash: 80b8b696061e9f3f94c9889b0c51189ea3941a72432627e799fa2d65f4bf8f6d
hash: 91c0f700b654707bfba6a18ab1e07914
hash: 41051192d3786bfb404c3419672bbbe6d37c6e2e
hash: 65621439cbd374a6dec8a7b0705c3f3a19177a666e7660fb8c7b914325751424
hash: 9e8a1fc9459c9cbd687ec65442b9b20b
hash: bbde22050be86b0d9267bb49b2beb666d3bc89fd
hash: a866ea54f436fbc64be8cf3d2941a9558151ee9ea1ca3fc28a8b48d512de8b83
hash: 1d2356b62e1c5c503d3cef4a3fb994fd
hash: 6f73169a2c7e589c8f09933657a6a300dfdad148
hash: 32abd504ecaefdf448d5b81608ab64efce3f07b9e1a9d2be84d734b5d5c65cd7
hash: 6a9a76bd0f446daeedffeb65d6073254
hash: b32aa916d6fbe36f68051e2c01b50a53050ebe32
hash: 8c5da7254dd8e9a692e25a4e969a605a3c3486bfdec491b041947694f4058d74
hash: 485b637f4faf6b0303ed2c17168e921d
hash: d26f7734fd7c5df790345d78d7844ce0ed2f269c
hash: 4d23f39da1e4a0435bf6a051547dd2790f90b94713f0a3282e50cf51e62fc2e5
hash: 49166bdf0424f10e3ac5a8130a6469dc
hash: 7221774c768ce1eb96e255eb8af93290881123eb
hash: 5d2963277d32e68983fee5223870e9288df4263281f03dd79b5fcaa228d620da
hash: 3adde62fcc0123a084a4a02bc2569300
hash: cc37e5e493d4958d9baaddc347b711c391b2cb7f
hash: 83db39d3dcb2b20724085d4e8c49b8b5e74c2dda134fdce39cfd0f3344fc4cfe
hash: 1766dfab5b571bc4deef51298430fffc
hash: 42916fc81c2d3a5859b0e415eab9b052a4bbf79d
hash: 23df7d010954b77c60baa47163c9ca200780bfe681e27af2439ba3b841419800
hash: 0c19ac838c8649ab0f6d543f94e422f9
hash: a7b1e4c42587aa11adc53312796acb7b56784be5
hash: d31b66b4a4861c67ae36746638260ad2fc303593f64191f2ff89342723f16c3a
hash: 55ee8d10f9aa27af0ff159d4dc3d9fe5
hash: 0fddc18c872c8b22709aa5a2e8d3b06f846249e1
hash: 71f4116bdd2809e4814308082871fabe98c0301dd42d11d66af86b1f794f3570
hash: 2093e9a2f25f10278303ae4e76d577b1
hash: 10fb01718e8a0f6c2741904b5b7a1bd89afac23b
hash: 1bf18f545a82c0ecc165e076258bfc505cc46b7faac2a527c6772bb455530425
hash: 121e129b7d3b0d36bd1f073263c51242
hash: 3b2f99089f2ee005d3a6171199601d2382761e08
hash: b642a55956e6f7abb0f8c7c30f6bbdb70f430f1bd7a22934b06efeaa703f320c
hash: 8e2ca4b87309927b6cdfe5151a4b185f
hash: 2b59d8d097cc5300cc21319c3e1d0ac0ebfdbb1b
hash: f5d2b45eab3dfc0909628df18b71b15d0ec3a21e2df0cdda42f8760572b0bce8
hash: a3997bfca78ac4bc6d33ccf866d2ffde
hash: f67489ff1bf79754eed04882541de004fa0bc799
hash: 5c6c88bd268f477c561a4de6e31b4c7a16643aed51476a3f44ec9f4db91ad565
hash: 829c3c2d3ccca2375b6e9a109f19d171
hash: 62998564e229c6e096ddb15066424885f88e0c53
hash: 52c2fee7cb6c08d63f6946380366636bdacfc2889fcc9decd0b235bb62143da1
hash: 50085d3b6fdb0b0be8da206bbe609749
hash: e8218a75f7fdeb3b0d1586c696fc09a5f1c924ed
hash: 54f5deb02f0e1201b1df46e76ea4c576ed79f3367c898bde7f86b04724204bfb
hash: e3e61e04b79951551e693bf7a00ef519
hash: 5447655c0519dd0e69efcabb29954371bbe386bb
hash: 5926d627c22451935279c318b6412b8a35a8c5286ddb613932fad5818983d4c3
hash: 34142362e2284e28902a907f173ebbfc
hash: 29eedf8ed7909f87c9e982558d480a2f911403b3
hash: 79be3153d734dd4609a980c60e62b5f24698979b159898ea2e72e1520c57c256
hash: 46a0df35af30ca2fb665be8ebc3f588f
hash: 3feb1e432ea479e6d67b8c7a822a948a08256762
hash: 4f1509251ae0437d1dde031a21f79cd019eabd5684537ee6216b1eaf29a1ce86
hash: 06f99e69083b2fcbca4e6a25e4d44fda
hash: 6d1abda232fd0550e1b247ddb9e6ac5dfe9712b4
hash: 9a30c01785aa9a50fad327856ec800242c919ffe281b1b2d8701931dc80ce0a6
hash: 9d3a8fcbc6e1229d68ed5dbba3dcb962
hash: 88e00a05d1755bf9e649151ec64f7fc2ef1a149b
hash: 8c8516666f6ac99c94c47275d15145cdf926a5c4ad96cb4debce1630f231f073
hash: e1a82aeb48285d31eae4ca0093228b4d
hash: 35508e6009d6848285129d252a89d635457569e7
hash: a87b12ff2cef4836e4b9def5db976d9cb731325b32f42023db82879ee12d515f
hash: fab5cdbe477521c78887c49d79254e0f
hash: 538dc260c36aa47ebb1fc6ba9c319993a0bd35f2
hash: b7c786f778ceca49c5c25e29b92c779f8a89016257ef56c320f9cfe47654fa5d
hash: 31b64629377ff6ac00bd2fb16682c6c3
hash: 0f29b48d34d9cd022d9b5994c6fd756782fb0d56
hash: ddffb130e8e1c1f6d67bf6f31b2477950431b5a94a64561d9d0b1fc6b353bf01
hash: b96d5aa770c8236879fea37a0c1f49ff
hash: b11e1ca0a23abe1e5c0625e138e10955d115aa18
hash: fc0ecc19d78234ab9dd36ecb7f0abdaf3f7bc7ca6480e0552829bfa87bd78413
hash: eb3d05b49c2576ec211e36d101e21407
hash: a74a2571a8fa23b24af8a0e85038d337b8bd8aaf
hash: 84663f07e8da0e518161aa58507e4a500b0c313628e487ab06e9d4aa41dee693
hash: b8a591faf332becb1bdbb73fd0a82fbb
hash: 5e05c76c8d6bd693d4f454223be22c56f852c4ac
hash: 50cc2f5863c2fab1dbdf6876b0ca6e1c7baa1ed46a5514f5f87f6ac764139c5e
hash: 56a86ffe2ae39e2396a481e69fc3589c
hash: 79ba27ffdc8d892d2e7660dc9ac08cf52b5ea332
hash: 1416c7300d50a474017eca77401833824c477cdcb2d9c2b90804d32e102e86df
hash: d380766570b4629c0a09736906a169ae
hash: b520b3fab254613a9e377dadeb624225ba8e2b72
hash: d492a9c75cba6ce53f8ad9fd9776c598e182b072b77a3f53e258b5fa2a2e212b
hash: 49eb86b9ec2a3d733849f615c040e580
hash: 13b353c69a0c78f0b08bde4707de7e4b013df0ed
hash: ac3864bb7f4c7b017abf022b889227d5020d80964eb647c9437abbf9e55bf7f7
hash: 1db370dea0f9dd2706547d91868044e7
hash: fdf1142e4e885395598188d8a3a8a5f5e881cb17
hash: 9ad0d98bbf8b5df4df29d24bf84fb1b2e10d35d9f4d8824afac4b140fbe57621
hash: 64f2e2884d7dd3ce8502ea35d9d182a0
hash: fe4580417e6506e285c3c56bd62e8732c174366c
hash: d2933e86abe937e9e80532e1b37f507f7330ab1f97b5808fbeeb543c3a4ff39b
hash: 97f18357604b6e868f2dc7fb1b7665c8
hash: 6bd269d23d6cf83dca6c92deb9aac9a44644b1ca
hash: ac49986c49c6081e7b67829e87145dde0da7a320f68ba89fa4ada335e387209a
hash: dd5771c2d7be571a0d7ffe4a28c51155
hash: 50147ff75917a2d6ed36a79fcf2aa0967d816ca1
hash: ec48b3c95c75d4ec75cc2d955dc97ec040dc23eff48c41034254a6d73587d12c
hash: d02436439f8da18bcdf65693a90e8133
hash: e9692cb7cc0bf27d93beef120a2bcd0fed63fb6b
hash: 4e7b2b3a86fac39041e89fc26b4cedfefacd285e7f389cc8ad4275fcf124c0b4
hash: 822475b1b2412233f4fffdd831b0145e
hash: 8729af17781eef9c3971021df0e0347f90bf76ee
hash: 9b0ee330b58584603c1d1510bfeee549e128ecc7867e2c38ea6ca71c5fd3c89d
hash: 63e8527db4cc833208c95729f4ef095f
hash: c2df992634832ad142aa6678a0c0b60f2313269f
hash: 890514433a1432cbf79c400daf59ca5f40fdc84b174d8bc81047e2deadb24711
hash: 7d837c7a1b00e0728ad0304e81cd09ff
hash: a983898f9ec97037be3c967d140c46be9c6ee483
hash: 806b8f3a38f8a5d8ebd84035061958af1e928b90e88e0b589c5ce7a470e5437f
hash: ba0082622dcd60b18a95ec6feb8969c4
hash: 662922ed199bf3ac268a88cec492ec0488fe5700
hash: 63e15d1eb55574d8672d7de7357823e81595138ed77ef04687724a7fa53c7b7e
hash: 02613fd9eb1f24b22d9360dbbb515a86
hash: 48aa7f22e482baccfdc6b6eb9f3163f5510352b8
hash: 399c51d6ed22fb0c649d5a148aaef55eee07060251dde6ed045c188d2f4c8b4a
hash: cee23114ee0a49913578af4341371328
hash: 33fe08808b8cc9dd988ca0fba0bb64a419b5b356
hash: cbbec8fcc0e23e23bcdce82ab97533c7b49f0bcac924cf254a2a8d02b9594ac5
hash: c28bd998170f68d88caa8d3b4549ddad
hash: df6b2d1084d5284ed6dab7c5eb5af3b2384f378c
hash: bb137c100b1bdff7e0ec53d8c241cbb48c36053ce42b28e0bde597ee44bd6436
hash: 7479900388524599256895898da52666
hash: 37a0d0bdc8262fcec46e91c4ea3f8a1b64164937
hash: 680b970286f2498ccaeb886d8b0a80194ca0e877ae64732b40989e30d836b215
hash: c7808c3bbbf2527869d16998721a5ee2
hash: 281306ef9ff61e4e7eeaea6eb1296783419041cc
hash: 116d5947b1919ad56634b965b9009aff3ff798d03b6457f7ff09ddf9752839db
hash: 3ed02ffe6a0ec394039882493c01714a
hash: 26ce8b281649269d32f789cfe22755bfe8be2c59
hash: 97ff3ee11f99e1d6a1d317a0699d949360248065091cc5d9776124c2295c64fb
hash: f572e3a74ccef5a8d5d66cdbe9daffdc
hash: ed3fa1b25be8a583ea879863ddbe3864e7acbf1f
hash: 099afd254dfd4a108297b27e87c90186c3af536ebcba8ffc66f479cbc3c33c97
hash: c5617a04dec72fa1ca3dbdc922721ea9

ThreatFox IOCs for 2025-10-05

Severity: medium

Type: malware

ThreatFox IOCs for 2025-10-05

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain

Indicators of Compromise

domain: la.xvqy8.ru
file: 82.67.39.194
hash: 12345
domain: ka.xvqy8.ru
domain: jo.xvqy8.ru
url: http://43.161.221.153:8888/supershell/login/
domain: q.faqyhi.ru
file: 113.45.205.53
hash: 8082
file: 149.56.66.137
hash: 8808
file: 27.78.41.100
hash: 6000
file: 161.35.47.34
hash: 80
file: 54.46.18.227
hash: 80
domain: pc.mexizo.ru
domain: pz8.0-c448.ru
domain: x2j.mexizo.ru
domain: h1.0-c448.ru
domain: bq.mexizo.ru
domain: aa.0-c448.ru
file: 92.119.114.15
hash: 2080
domain: itzprocabal.duckdns.org
domain: r9.mexizo.ru
domain: ef.dbc-8-i.ru
domain: l.9-f566.ru
domain: t1n.mexizo.ru
domain: c5.9-f566.ru
domain: eh.dbc-8-i.ru
file: 216.126.236.247
hash: 80
file: 124.222.32.187
hash: 9850
domain: etal0n.bels.pw
file: 27.78.41.100
hash: 8000
file: 98.80.102.215
hash: 8888
file: 81.70.255.195
hash: 60000
file: 72.60.77.64
hash: 8443
file: 67.220.74.142
hash: 3333
file: 35.171.108.214
hash: 443
file: 103.45.247.233
hash: 1234
file: 34.229.1.115
hash: 443
file: 18.223.114.111
hash: 8080
file: 110.44.18.99
hash: 8084
file: 18.231.109.239
hash: 8080
file: 85.208.9.50
hash: 3333
file: 18.217.197.38
hash: 3333
file: 73.158.236.238
hash: 23
file: 96.44.154.196
hash: 7000
domain: s.wagoda.ru
domain: el.dbc-8-i.ru
domain: xq0.9-f566.ru
domain: h1.wagoda.ru
domain: aa9.9-f566.ru
domain: v3.wagoda.ru
domain: m2.9-f566.ru
domain: em.dbc-8-i.ru
domain: 0zq.wagoda.ru
domain: problem-livecam.gl.at.ply.gg
domain: g.9-k588.ru
file: 147.185.221.17
hash: 44490
file: 147.185.221.17
hash: 31288
file: 206.119.167.236
hash: 8003
file: 206.119.167.236
hash: 8004
domain: p0.wagoda.ru
domain: v2.9-k588.ru
domain: c8.wagoda.ru
domain: aa9.9-k588.ru
domain: 1m.wagoda.ru
domain: a.g601c.ru
domain: k7.9-k588.ru
file: 143.92.62.80
hash: 8520
file: 107.172.255.51
hash: 6017
domain: m9.g601c.ru
domain: r3.9-k588.ru
domain: qz.g601c.ru
domain: r.4-j722.ru
file: 45.197.144.130
hash: 6667
file: 173.44.141.3
hash: 8080
file: 16.171.160.238
hash: 3333
file: 159.223.55.88
hash: 41337
domain: r1.g601c.ru
domain: u5.4-j722.ru
domain: x.g601c.ru
domain: qk2.4-j722.ru
file: 45.87.43.249
hash: 50540
file: 52.222.17.56
hash: 443
file: 52.223.63.97
hash: 443
file: 59.35.57.83
hash: 47041
domain: tn.g601c.ru
domain: e1.4-j722.ru
domain: v2n.g601c.ru
domain: n0.4-j722.ru
domain: e.f926m.ru
domain: n3.f926m.ru
domain: x.2-j695.ru
domain: zt.f926m.ru
domain: b2.2-j695.ru
domain: a1.f926m.ru
domain: tq1.2-j695.ru
domain: pv.f926m.ru
domain: h7.f926m.ru
domain: m7.2-j695.ru
domain: xq9.f926m.ru
domain: universal-analytics-cdn.org
domain: genuspt.pics
domain: glimmed.pics
domain: spideri.pics
domain: likeheb.pics
domain: anteria.pics
domain: k9.2-j695.ru
domain: es.xhs-8-e.ru
domain: n.7-j230.ru
domain: et.xhs-8-e.ru
domain: c7.7-j230.ru
domain: er.xhs-8-e.ru
domain: wq9.7-j230.ru
file: 194.180.49.76
hash: 80
domain: tree-assistance.gl.at.ply.gg
file: 141.98.157.249
hash: 2000
domain: basis-appropriations.gl.at.ply.gg
domain: canadian-inexpensive.gl.at.ply.gg
file: 185.208.156.169
hash: 6501
file: 27.78.41.100
hash: 5001
file: 102.96.214.154
hash: 443
file: 45.197.144.130
hash: 8887
file: 134.122.204.72
hash: 1888
file: 134.122.204.72
hash: 1889
file: 134.122.204.72
hash: 1899
domain: oqslpwgyxjfbxp.top
domain: ew.xhs-8-e.ru
domain: r2.7-j230.ru
file: 45.79.10.244
hash: 10443
domain: ex.xhs-8-e.ru
domain: zd.7-j230.ru
file: 181.235.14.141
hash: 2404
file: 20.201.113.23
hash: 1024
file: 156.225.29.40
hash: 8888
file: 164.90.179.136
hash: 7443
file: 27.78.41.100
hash: 6001
file: 196.251.114.120
hash: 80
domain: login.formall.org
file: 207.246.93.127
hash: 3790
file: 175.110.4.139
hash: 443
file: 98.88.75.92
hash: 7547
file: 196.64.101.111
hash: 2222
file: 196.75.137.57
hash: 2222
domain: h.3-c719.ru
domain: a.tqh2e.ru
domain: u1.3-c719.ru
file: 8.210.213.250
hash: 8443
file: 47.83.163.198
hash: 8443
file: 38.60.218.60
hash: 80
file: 8.217.79.225
hash: 8483
file: 47.243.35.206
hash: 8443
file: 47.243.175.142
hash: 8443
file: 8.210.168.98
hash: 8443
file: 47.243.53.127
hash: 8443
file: 158.255.208.85
hash: 42208
file: 47.83.128.58
hash: 8443
file: 47.242.242.18
hash: 8483
file: 47.242.63.19
hash: 8443
file: 8.218.130.92
hash: 8483
file: 47.243.241.126
hash: 8443
file: 8.218.212.173
hash: 8443
file: 47.242.203.43
hash: 8443
file: 47.243.167.255
hash: 8443
file: 8.218.127.103
hash: 8443
file: 47.243.106.188
hash: 8443
file: 47.86.83.160
hash: 8080
file: 47.86.83.160
hash: 8888
file: 38.60.212.14
hash: 443
file: 38.60.212.14
hash: 80
file: 8.217.152.206
hash: 8443
file: 8.217.121.145
hash: 8483
file: 47.83.186.249
hash: 8080
file: 47.83.186.249
hash: 8888
file: 47.83.129.201
hash: 8443
file: 8.210.188.181
hash: 8443
file: 8.210.9.202
hash: 8443
file: 47.238.154.134
hash: 8080
file: 47.238.154.134
hash: 8888
file: 38.60.212.187
hash: 80
file: 38.60.212.187
hash: 443
file: 8.138.40.91
hash: 4434
file: 47.238.144.106
hash: 8080
file: 47.238.144.106
hash: 8888
domain: qm9.3-c719.ru
domain: z3.3-c719.ru
domain: k4.3-c719.ru
domain: person-expansion.gl.at.ply.gg
domain: y.6-b408.ru
domain: different-walt.gl.at.ply.gg
domain: practice-pf.gl.at.ply.gg
domain: alskaskao44242.dynuddns.com
domain: k4.6-b408.ru
domain: pm7.6-b408.ru
file: 86.105.4.169
hash: 443
file: 147.185.221.211
hash: 58682
domain: g4.6-b408.ru
domain: b1.6-b408.ru
domain: k.4-z493.ru
domain: v2.4-z493.ru
domain: qz9.4-z493.ru
file: 196.119.117.99
hash: 10000
domain: t1.4-z493.ru
domain: m6.4-z493.ru
file: 45.145.225.144
hash: 6000
file: 105.157.43.163
hash: 443
domain: k.h-29i.ru
file: 193.74.80.10
hash: 995
file: 199.68.107.134
hash: 443
file: 24.28.94.175
hash: 443
file: 5.44.45.9
hash: 8888
file: 184.174.20.37
hash: 7000
domain: v2.h-29i.ru
file: 154.9.254.152
hash: 8081
file: 95.81.121.238
hash: 8080
file: 196.251.116.86
hash: 2404
file: 181.162.139.198
hash: 8080
file: 103.154.55.82
hash: 12015
file: 129.159.143.45
hash: 8080
file: 85.9.196.246
hash: 8080
file: 3.85.215.181
hash: 44817
domain: qz9.h-29i.ru
domain: t1.h-29i.ru
file: 185.241.61.102
hash: 2080
url: http://491131cm.n9shteam1.top/tosecurepacketbigloadserversqlbaseflowertemp.php
domain: hm.h-29i.ru
file: 178.162.203.202
hash: 1124
file: 5.79.71.225
hash: 1124
domain: d.m-05o.ru
hash: cd98b4bc1fb6f639ec7398dfdcbcf89f7958507d
hash: 431f3847118cd3d86255c6406e622c5bf75da18576b2d8f17fbef878c5bb234b
hash: ecfb9b4b9269ea9ab538fce181950dd9
hash: 3c55749daf93c8fd1c0d4a553a410d0f469e3a96
hash: 6665a09f016607c1fb50c2680a0a6d16b6c4f7c761a3fcd326126b6b7a582f29
hash: da21e710f576cd7175a6190bce08f95d
hash: eda19cfe6599bb71b286101d9e3baabeb1b74a01
hash: 80b8b696061e9f3f94c9889b0c51189ea3941a72432627e799fa2d65f4bf8f6d
hash: 91c0f700b654707bfba6a18ab1e07914
hash: 41051192d3786bfb404c3419672bbbe6d37c6e2e
hash: 65621439cbd374a6dec8a7b0705c3f3a19177a666e7660fb8c7b914325751424
hash: 9e8a1fc9459c9cbd687ec65442b9b20b
hash: bbde22050be86b0d9267bb49b2beb666d3bc89fd
hash: a866ea54f436fbc64be8cf3d2941a9558151ee9ea1ca3fc28a8b48d512de8b83
hash: 1d2356b62e1c5c503d3cef4a3fb994fd
hash: 6f73169a2c7e589c8f09933657a6a300dfdad148
hash: 32abd504ecaefdf448d5b81608ab64efce3f07b9e1a9d2be84d734b5d5c65cd7
hash: 6a9a76bd0f446daeedffeb65d6073254
hash: b32aa916d6fbe36f68051e2c01b50a53050ebe32
hash: 8c5da7254dd8e9a692e25a4e969a605a3c3486bfdec491b041947694f4058d74
hash: 485b637f4faf6b0303ed2c17168e921d
hash: d26f7734fd7c5df790345d78d7844ce0ed2f269c
hash: 4d23f39da1e4a0435bf6a051547dd2790f90b94713f0a3282e50cf51e62fc2e5
hash: 49166bdf0424f10e3ac5a8130a6469dc
hash: 7221774c768ce1eb96e255eb8af93290881123eb
hash: 5d2963277d32e68983fee5223870e9288df4263281f03dd79b5fcaa228d620da
hash: 3adde62fcc0123a084a4a02bc2569300
hash: cc37e5e493d4958d9baaddc347b711c391b2cb7f
hash: 83db39d3dcb2b20724085d4e8c49b8b5e74c2dda134fdce39cfd0f3344fc4cfe
hash: 1766dfab5b571bc4deef51298430fffc
hash: 42916fc81c2d3a5859b0e415eab9b052a4bbf79d
hash: 23df7d010954b77c60baa47163c9ca200780bfe681e27af2439ba3b841419800
hash: 0c19ac838c8649ab0f6d543f94e422f9
hash: a7b1e4c42587aa11adc53312796acb7b56784be5
hash: d31b66b4a4861c67ae36746638260ad2fc303593f64191f2ff89342723f16c3a
hash: 55ee8d10f9aa27af0ff159d4dc3d9fe5
hash: 0fddc18c872c8b22709aa5a2e8d3b06f846249e1
hash: 71f4116bdd2809e4814308082871fabe98c0301dd42d11d66af86b1f794f3570
hash: 2093e9a2f25f10278303ae4e76d577b1
hash: 10fb01718e8a0f6c2741904b5b7a1bd89afac23b
hash: 1bf18f545a82c0ecc165e076258bfc505cc46b7faac2a527c6772bb455530425
hash: 121e129b7d3b0d36bd1f073263c51242
hash: 3b2f99089f2ee005d3a6171199601d2382761e08
hash: b642a55956e6f7abb0f8c7c30f6bbdb70f430f1bd7a22934b06efeaa703f320c
hash: 8e2ca4b87309927b6cdfe5151a4b185f
hash: 2b59d8d097cc5300cc21319c3e1d0ac0ebfdbb1b
hash: f5d2b45eab3dfc0909628df18b71b15d0ec3a21e2df0cdda42f8760572b0bce8
hash: a3997bfca78ac4bc6d33ccf866d2ffde
hash: f67489ff1bf79754eed04882541de004fa0bc799
hash: 5c6c88bd268f477c561a4de6e31b4c7a16643aed51476a3f44ec9f4db91ad565
hash: 829c3c2d3ccca2375b6e9a109f19d171
hash: 62998564e229c6e096ddb15066424885f88e0c53
hash: 52c2fee7cb6c08d63f6946380366636bdacfc2889fcc9decd0b235bb62143da1
hash: 50085d3b6fdb0b0be8da206bbe609749
hash: e8218a75f7fdeb3b0d1586c696fc09a5f1c924ed
hash: 54f5deb02f0e1201b1df46e76ea4c576ed79f3367c898bde7f86b04724204bfb
hash: e3e61e04b79951551e693bf7a00ef519
hash: 5447655c0519dd0e69efcabb29954371bbe386bb
hash: 5926d627c22451935279c318b6412b8a35a8c5286ddb613932fad5818983d4c3
hash: 34142362e2284e28902a907f173ebbfc
hash: 29eedf8ed7909f87c9e982558d480a2f911403b3
hash: 79be3153d734dd4609a980c60e62b5f24698979b159898ea2e72e1520c57c256
hash: 46a0df35af30ca2fb665be8ebc3f588f
hash: 3feb1e432ea479e6d67b8c7a822a948a08256762
hash: 4f1509251ae0437d1dde031a21f79cd019eabd5684537ee6216b1eaf29a1ce86
hash: 06f99e69083b2fcbca4e6a25e4d44fda
hash: 6d1abda232fd0550e1b247ddb9e6ac5dfe9712b4
hash: 9a30c01785aa9a50fad327856ec800242c919ffe281b1b2d8701931dc80ce0a6
hash: 9d3a8fcbc6e1229d68ed5dbba3dcb962
hash: 88e00a05d1755bf9e649151ec64f7fc2ef1a149b
hash: 8c8516666f6ac99c94c47275d15145cdf926a5c4ad96cb4debce1630f231f073
hash: e1a82aeb48285d31eae4ca0093228b4d
hash: 35508e6009d6848285129d252a89d635457569e7
hash: a87b12ff2cef4836e4b9def5db976d9cb731325b32f42023db82879ee12d515f
hash: fab5cdbe477521c78887c49d79254e0f
hash: 538dc260c36aa47ebb1fc6ba9c319993a0bd35f2
hash: b7c786f778ceca49c5c25e29b92c779f8a89016257ef56c320f9cfe47654fa5d
hash: 31b64629377ff6ac00bd2fb16682c6c3
hash: 0f29b48d34d9cd022d9b5994c6fd756782fb0d56
hash: ddffb130e8e1c1f6d67bf6f31b2477950431b5a94a64561d9d0b1fc6b353bf01
hash: b96d5aa770c8236879fea37a0c1f49ff
hash: b11e1ca0a23abe1e5c0625e138e10955d115aa18
hash: fc0ecc19d78234ab9dd36ecb7f0abdaf3f7bc7ca6480e0552829bfa87bd78413
hash: eb3d05b49c2576ec211e36d101e21407
hash: a74a2571a8fa23b24af8a0e85038d337b8bd8aaf
hash: 84663f07e8da0e518161aa58507e4a500b0c313628e487ab06e9d4aa41dee693
hash: b8a591faf332becb1bdbb73fd0a82fbb
hash: 5e05c76c8d6bd693d4f454223be22c56f852c4ac
hash: 50cc2f5863c2fab1dbdf6876b0ca6e1c7baa1ed46a5514f5f87f6ac764139c5e
hash: 56a86ffe2ae39e2396a481e69fc3589c
hash: 79ba27ffdc8d892d2e7660dc9ac08cf52b5ea332
hash: 1416c7300d50a474017eca77401833824c477cdcb2d9c2b90804d32e102e86df
hash: d380766570b4629c0a09736906a169ae
hash: b520b3fab254613a9e377dadeb624225ba8e2b72
hash: d492a9c75cba6ce53f8ad9fd9776c598e182b072b77a3f53e258b5fa2a2e212b
hash: 49eb86b9ec2a3d733849f615c040e580
hash: 13b353c69a0c78f0b08bde4707de7e4b013df0ed
hash: ac3864bb7f4c7b017abf022b889227d5020d80964eb647c9437abbf9e55bf7f7
hash: 1db370dea0f9dd2706547d91868044e7
hash: fdf1142e4e885395598188d8a3a8a5f5e881cb17
hash: 9ad0d98bbf8b5df4df29d24bf84fb1b2e10d35d9f4d8824afac4b140fbe57621
hash: 64f2e2884d7dd3ce8502ea35d9d182a0
hash: fe4580417e6506e285c3c56bd62e8732c174366c
hash: d2933e86abe937e9e80532e1b37f507f7330ab1f97b5808fbeeb543c3a4ff39b
hash: 97f18357604b6e868f2dc7fb1b7665c8
hash: 6bd269d23d6cf83dca6c92deb9aac9a44644b1ca
hash: ac49986c49c6081e7b67829e87145dde0da7a320f68ba89fa4ada335e387209a
hash: dd5771c2d7be571a0d7ffe4a28c51155
hash: 50147ff75917a2d6ed36a79fcf2aa0967d816ca1
hash: ec48b3c95c75d4ec75cc2d955dc97ec040dc23eff48c41034254a6d73587d12c
hash: d02436439f8da18bcdf65693a90e8133
hash: e9692cb7cc0bf27d93beef120a2bcd0fed63fb6b
hash: 4e7b2b3a86fac39041e89fc26b4cedfefacd285e7f389cc8ad4275fcf124c0b4
hash: 822475b1b2412233f4fffdd831b0145e
hash: 8729af17781eef9c3971021df0e0347f90bf76ee
hash: 9b0ee330b58584603c1d1510bfeee549e128ecc7867e2c38ea6ca71c5fd3c89d
hash: 63e8527db4cc833208c95729f4ef095f
hash: c2df992634832ad142aa6678a0c0b60f2313269f
hash: 890514433a1432cbf79c400daf59ca5f40fdc84b174d8bc81047e2deadb24711
hash: 7d837c7a1b00e0728ad0304e81cd09ff
hash: a983898f9ec97037be3c967d140c46be9c6ee483
hash: 806b8f3a38f8a5d8ebd84035061958af1e928b90e88e0b589c5ce7a470e5437f
hash: ba0082622dcd60b18a95ec6feb8969c4
hash: 662922ed199bf3ac268a88cec492ec0488fe5700
hash: 63e15d1eb55574d8672d7de7357823e81595138ed77ef04687724a7fa53c7b7e
hash: 02613fd9eb1f24b22d9360dbbb515a86
hash: 48aa7f22e482baccfdc6b6eb9f3163f5510352b8
hash: 399c51d6ed22fb0c649d5a148aaef55eee07060251dde6ed045c188d2f4c8b4a
hash: cee23114ee0a49913578af4341371328
hash: 33fe08808b8cc9dd988ca0fba0bb64a419b5b356
hash: cbbec8fcc0e23e23bcdce82ab97533c7b49f0bcac924cf254a2a8d02b9594ac5
hash: c28bd998170f68d88caa8d3b4549ddad
hash: df6b2d1084d5284ed6dab7c5eb5af3b2384f378c
hash: bb137c100b1bdff7e0ec53d8c241cbb48c36053ce42b28e0bde597ee44bd6436
hash: 7479900388524599256895898da52666
hash: 37a0d0bdc8262fcec46e91c4ea3f8a1b64164937
hash: 680b970286f2498ccaeb886d8b0a80194ca0e877ae64732b40989e30d836b215
hash: c7808c3bbbf2527869d16998721a5ee2
hash: 281306ef9ff61e4e7eeaea6eb1296783419041cc
hash: 116d5947b1919ad56634b965b9009aff3ff798d03b6457f7ff09ddf9752839db
hash: 3ed02ffe6a0ec394039882493c01714a
hash: 26ce8b281649269d32f789cfe22755bfe8be2c59
hash: 97ff3ee11f99e1d6a1d317a0699d949360248065091cc5d9776124c2295c64fb
hash: f572e3a74ccef5a8d5d66cdbe9daffdc
hash: ed3fa1b25be8a583ea879863ddbe3864e7acbf1f
hash: 099afd254dfd4a108297b27e87c90186c3af536ebcba8ffc66f479cbc3c33c97
hash: c5617a04dec72fa1ca3dbdc922721ea9

Source: ThreatFox MISP Feed

Published: Sun Oct 05 2025

ThreatFox IOCs for 2025-10-05

Medium

Malwaretype:osint tlp:white

Published: Sun Oct 05 2025 (10/05/2025, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2025-10-05

AI-Powered Analysis

AILast updated: 10/06/2025, 00:34:07 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: 2a559256-22ea-40f0-b45d-0d6f1784f5f2
Original Timestamp: 1759708986

Indicators of Compromise

Domain

Value	Description	Copy
domainla.xvqy8.ru	ClearFake payload delivery domain (confidence level: 100%)
domainka.xvqy8.ru	ClearFake payload delivery domain (confidence level: 100%)
domainjo.xvqy8.ru	ClearFake payload delivery domain (confidence level: 100%)
domainq.faqyhi.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpc.mexizo.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpz8.0-c448.ru	ClearFake payload delivery domain (confidence level: 100%)
domainx2j.mexizo.ru	ClearFake payload delivery domain (confidence level: 100%)
domainh1.0-c448.ru	ClearFake payload delivery domain (confidence level: 100%)
domainbq.mexizo.ru	ClearFake payload delivery domain (confidence level: 100%)
domainaa.0-c448.ru	ClearFake payload delivery domain (confidence level: 100%)
domainitzprocabal.duckdns.org	XWorm botnet C2 domain (confidence level: 100%)
domainr9.mexizo.ru	ClearFake payload delivery domain (confidence level: 100%)
domainef.dbc-8-i.ru	ClearFake payload delivery domain (confidence level: 100%)
domainl.9-f566.ru	ClearFake payload delivery domain (confidence level: 100%)
domaint1n.mexizo.ru	ClearFake payload delivery domain (confidence level: 100%)
domainc5.9-f566.ru	ClearFake payload delivery domain (confidence level: 100%)
domaineh.dbc-8-i.ru	ClearFake payload delivery domain (confidence level: 100%)
domainetal0n.bels.pw	Unknown malware botnet C2 domain (confidence level: 100%)
domains.wagoda.ru	ClearFake payload delivery domain (confidence level: 100%)
domainel.dbc-8-i.ru	ClearFake payload delivery domain (confidence level: 100%)
domainxq0.9-f566.ru	ClearFake payload delivery domain (confidence level: 100%)
domainh1.wagoda.ru	ClearFake payload delivery domain (confidence level: 100%)
domainaa9.9-f566.ru	ClearFake payload delivery domain (confidence level: 100%)
domainv3.wagoda.ru	ClearFake payload delivery domain (confidence level: 100%)
domainm2.9-f566.ru	ClearFake payload delivery domain (confidence level: 100%)
domainem.dbc-8-i.ru	ClearFake payload delivery domain (confidence level: 100%)
domain0zq.wagoda.ru	ClearFake payload delivery domain (confidence level: 100%)
domainproblem-livecam.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domaing.9-k588.ru	ClearFake payload delivery domain (confidence level: 100%)
domainp0.wagoda.ru	ClearFake payload delivery domain (confidence level: 100%)
domainv2.9-k588.ru	ClearFake payload delivery domain (confidence level: 100%)
domainc8.wagoda.ru	ClearFake payload delivery domain (confidence level: 100%)
domainaa9.9-k588.ru	ClearFake payload delivery domain (confidence level: 100%)
domain1m.wagoda.ru	ClearFake payload delivery domain (confidence level: 100%)
domaina.g601c.ru	ClearFake payload delivery domain (confidence level: 100%)
domaink7.9-k588.ru	ClearFake payload delivery domain (confidence level: 100%)
domainm9.g601c.ru	ClearFake payload delivery domain (confidence level: 100%)
domainr3.9-k588.ru	ClearFake payload delivery domain (confidence level: 100%)
domainqz.g601c.ru	ClearFake payload delivery domain (confidence level: 100%)
domainr.4-j722.ru	ClearFake payload delivery domain (confidence level: 100%)
domainr1.g601c.ru	ClearFake payload delivery domain (confidence level: 100%)
domainu5.4-j722.ru	ClearFake payload delivery domain (confidence level: 100%)
domainx.g601c.ru	ClearFake payload delivery domain (confidence level: 100%)
domainqk2.4-j722.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintn.g601c.ru	ClearFake payload delivery domain (confidence level: 100%)
domaine1.4-j722.ru	ClearFake payload delivery domain (confidence level: 100%)
domainv2n.g601c.ru	ClearFake payload delivery domain (confidence level: 100%)
domainn0.4-j722.ru	ClearFake payload delivery domain (confidence level: 100%)
domaine.f926m.ru	ClearFake payload delivery domain (confidence level: 100%)
domainn3.f926m.ru	ClearFake payload delivery domain (confidence level: 100%)
domainx.2-j695.ru	ClearFake payload delivery domain (confidence level: 100%)
domainzt.f926m.ru	ClearFake payload delivery domain (confidence level: 100%)
domainb2.2-j695.ru	ClearFake payload delivery domain (confidence level: 100%)
domaina1.f926m.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintq1.2-j695.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpv.f926m.ru	ClearFake payload delivery domain (confidence level: 100%)
domainh7.f926m.ru	ClearFake payload delivery domain (confidence level: 100%)
domainm7.2-j695.ru	ClearFake payload delivery domain (confidence level: 100%)
domainxq9.f926m.ru	ClearFake payload delivery domain (confidence level: 100%)
domainuniversal-analytics-cdn.org	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaingenuspt.pics	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainglimmed.pics	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainspideri.pics	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainlikeheb.pics	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainanteria.pics	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaink9.2-j695.ru	ClearFake payload delivery domain (confidence level: 100%)
domaines.xhs-8-e.ru	ClearFake payload delivery domain (confidence level: 100%)
domainn.7-j230.ru	ClearFake payload delivery domain (confidence level: 100%)
domainet.xhs-8-e.ru	ClearFake payload delivery domain (confidence level: 100%)
domainc7.7-j230.ru	ClearFake payload delivery domain (confidence level: 100%)
domainer.xhs-8-e.ru	ClearFake payload delivery domain (confidence level: 100%)
domainwq9.7-j230.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintree-assistance.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainbasis-appropriations.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domaincanadian-inexpensive.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainoqslpwgyxjfbxp.top	ValleyRAT botnet C2 domain (confidence level: 100%)
domainew.xhs-8-e.ru	ClearFake payload delivery domain (confidence level: 100%)
domainr2.7-j230.ru	ClearFake payload delivery domain (confidence level: 100%)
domainex.xhs-8-e.ru	ClearFake payload delivery domain (confidence level: 100%)
domainzd.7-j230.ru	ClearFake payload delivery domain (confidence level: 100%)
domainlogin.formall.org	Unknown malware botnet C2 domain (confidence level: 100%)
domainh.3-c719.ru	ClearFake payload delivery domain (confidence level: 100%)
domaina.tqh2e.ru	ClearFake payload delivery domain (confidence level: 100%)
domainu1.3-c719.ru	ClearFake payload delivery domain (confidence level: 100%)
domainqm9.3-c719.ru	ClearFake payload delivery domain (confidence level: 100%)
domainz3.3-c719.ru	ClearFake payload delivery domain (confidence level: 100%)
domaink4.3-c719.ru	ClearFake payload delivery domain (confidence level: 100%)
domainperson-expansion.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainy.6-b408.ru	ClearFake payload delivery domain (confidence level: 100%)
domaindifferent-walt.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainpractice-pf.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainalskaskao44242.dynuddns.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domaink4.6-b408.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpm7.6-b408.ru	ClearFake payload delivery domain (confidence level: 100%)
domaing4.6-b408.ru	ClearFake payload delivery domain (confidence level: 100%)
domainb1.6-b408.ru	ClearFake payload delivery domain (confidence level: 100%)
domaink.4-z493.ru	ClearFake payload delivery domain (confidence level: 100%)
domainv2.4-z493.ru	ClearFake payload delivery domain (confidence level: 100%)
domainqz9.4-z493.ru	ClearFake payload delivery domain (confidence level: 100%)
domaint1.4-z493.ru	ClearFake payload delivery domain (confidence level: 100%)
domainm6.4-z493.ru	ClearFake payload delivery domain (confidence level: 100%)
domaink.h-29i.ru	ClearFake payload delivery domain (confidence level: 100%)
domainv2.h-29i.ru	ClearFake payload delivery domain (confidence level: 100%)
domainqz9.h-29i.ru	ClearFake payload delivery domain (confidence level: 100%)
domaint1.h-29i.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhm.h-29i.ru	ClearFake payload delivery domain (confidence level: 100%)
domaind.m-05o.ru	ClearFake payload delivery domain (confidence level: 100%)

File

Value	Description	Copy
file82.67.39.194	Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%)
file113.45.205.53	Cobalt Strike botnet C2 server (confidence level: 100%)
file149.56.66.137	AsyncRAT botnet C2 server (confidence level: 100%)
file27.78.41.100	Venom RAT botnet C2 server (confidence level: 100%)
file161.35.47.34	Bashlite botnet C2 server (confidence level: 100%)
file54.46.18.227	AdaptixC2 botnet C2 server (confidence level: 100%)
file92.119.114.15	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file216.126.236.247	Cobalt Strike botnet C2 server (confidence level: 100%)
file124.222.32.187	Cobalt Strike botnet C2 server (confidence level: 100%)
file27.78.41.100	Venom RAT botnet C2 server (confidence level: 100%)
file98.80.102.215	DCRat botnet C2 server (confidence level: 100%)
file81.70.255.195	Unknown malware botnet C2 server (confidence level: 100%)
file72.60.77.64	Unknown malware botnet C2 server (confidence level: 100%)
file67.220.74.142	Unknown malware botnet C2 server (confidence level: 100%)
file35.171.108.214	Unknown malware botnet C2 server (confidence level: 100%)
file103.45.247.233	Unknown malware botnet C2 server (confidence level: 100%)
file34.229.1.115	Unknown malware botnet C2 server (confidence level: 100%)
file18.223.114.111	Unknown malware botnet C2 server (confidence level: 100%)
file110.44.18.99	Unknown malware botnet C2 server (confidence level: 100%)
file18.231.109.239	Unknown malware botnet C2 server (confidence level: 100%)
file85.208.9.50	Unknown malware botnet C2 server (confidence level: 100%)
file18.217.197.38	Unknown malware botnet C2 server (confidence level: 100%)
file73.158.236.238	Bashlite botnet C2 server (confidence level: 90%)
file96.44.154.196	XWorm botnet C2 server (confidence level: 100%)
file147.185.221.17	AsyncRAT botnet C2 server (confidence level: 100%)
file147.185.221.17	AsyncRAT botnet C2 server (confidence level: 100%)
file206.119.167.236	ValleyRAT botnet C2 server (confidence level: 100%)
file206.119.167.236	ValleyRAT botnet C2 server (confidence level: 100%)
file143.92.62.80	XWorm botnet C2 server (confidence level: 100%)
file107.172.255.51	XWorm botnet C2 server (confidence level: 100%)
file45.197.144.130	ValleyRAT botnet C2 server (confidence level: 100%)
file173.44.141.3	AsyncRAT botnet C2 server (confidence level: 100%)
file16.171.160.238	Unknown malware botnet C2 server (confidence level: 100%)
file159.223.55.88	AdaptixC2 botnet C2 server (confidence level: 100%)
file45.87.43.249	DeimosC2 botnet C2 server (confidence level: 75%)
file52.222.17.56	DeimosC2 botnet C2 server (confidence level: 75%)
file52.223.63.97	DeimosC2 botnet C2 server (confidence level: 75%)
file59.35.57.83	DeimosC2 botnet C2 server (confidence level: 75%)
file194.180.49.76	Cobalt Strike botnet C2 server (confidence level: 100%)
file141.98.157.249	XWorm botnet C2 server (confidence level: 100%)
file185.208.156.169	AsyncRAT botnet C2 server (confidence level: 100%)
file27.78.41.100	Venom RAT botnet C2 server (confidence level: 100%)
file102.96.214.154	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file45.197.144.130	ValleyRAT botnet C2 server (confidence level: 100%)
file134.122.204.72	ValleyRAT botnet C2 server (confidence level: 100%)
file134.122.204.72	ValleyRAT botnet C2 server (confidence level: 100%)
file134.122.204.72	ValleyRAT botnet C2 server (confidence level: 100%)
file45.79.10.244	Meterpreter botnet C2 server (confidence level: 75%)
file181.235.14.141	Remcos botnet C2 server (confidence level: 100%)
file20.201.113.23	Remcos botnet C2 server (confidence level: 100%)
file156.225.29.40	Unknown malware botnet C2 server (confidence level: 100%)
file164.90.179.136	Unknown malware botnet C2 server (confidence level: 100%)
file27.78.41.100	Venom RAT botnet C2 server (confidence level: 100%)
file196.251.114.120	Cobalt Strike botnet C2 server (confidence level: 100%)
file207.246.93.127	Meterpreter botnet C2 server (confidence level: 100%)
file175.110.4.139	Meterpreter botnet C2 server (confidence level: 100%)
file98.88.75.92	Meterpreter botnet C2 server (confidence level: 100%)
file196.64.101.111	Meterpreter botnet C2 server (confidence level: 100%)
file196.75.137.57	Meterpreter botnet C2 server (confidence level: 100%)
file8.210.213.250	GobRAT botnet C2 server (confidence level: 100%)
file47.83.163.198	GobRAT botnet C2 server (confidence level: 100%)
file38.60.218.60	GobRAT botnet C2 server (confidence level: 100%)
file8.217.79.225	GobRAT botnet C2 server (confidence level: 100%)
file47.243.35.206	GobRAT botnet C2 server (confidence level: 100%)
file47.243.175.142	GobRAT botnet C2 server (confidence level: 100%)
file8.210.168.98	GobRAT botnet C2 server (confidence level: 100%)
file47.243.53.127	GobRAT botnet C2 server (confidence level: 100%)
file158.255.208.85	GobRAT botnet C2 server (confidence level: 100%)
file47.83.128.58	GobRAT botnet C2 server (confidence level: 100%)
file47.242.242.18	GobRAT botnet C2 server (confidence level: 100%)
file47.242.63.19	GobRAT botnet C2 server (confidence level: 100%)
file8.218.130.92	GobRAT botnet C2 server (confidence level: 100%)
file47.243.241.126	GobRAT botnet C2 server (confidence level: 100%)
file8.218.212.173	GobRAT botnet C2 server (confidence level: 100%)
file47.242.203.43	GobRAT botnet C2 server (confidence level: 100%)
file47.243.167.255	GobRAT botnet C2 server (confidence level: 100%)
file8.218.127.103	GobRAT botnet C2 server (confidence level: 100%)
file47.243.106.188	GobRAT botnet C2 server (confidence level: 100%)
file47.86.83.160	GobRAT botnet C2 server (confidence level: 100%)
file47.86.83.160	GobRAT botnet C2 server (confidence level: 100%)
file38.60.212.14	GobRAT botnet C2 server (confidence level: 100%)
file38.60.212.14	GobRAT botnet C2 server (confidence level: 100%)
file8.217.152.206	GobRAT botnet C2 server (confidence level: 100%)
file8.217.121.145	GobRAT botnet C2 server (confidence level: 100%)
file47.83.186.249	GobRAT botnet C2 server (confidence level: 100%)
file47.83.186.249	GobRAT botnet C2 server (confidence level: 100%)
file47.83.129.201	GobRAT botnet C2 server (confidence level: 100%)
file8.210.188.181	GobRAT botnet C2 server (confidence level: 100%)
file8.210.9.202	GobRAT botnet C2 server (confidence level: 100%)
file47.238.154.134	GobRAT botnet C2 server (confidence level: 100%)
file47.238.154.134	GobRAT botnet C2 server (confidence level: 100%)
file38.60.212.187	GobRAT botnet C2 server (confidence level: 100%)
file38.60.212.187	GobRAT botnet C2 server (confidence level: 100%)
file8.138.40.91	GobRAT botnet C2 server (confidence level: 100%)
file47.238.144.106	GobRAT botnet C2 server (confidence level: 100%)
file47.238.144.106	GobRAT botnet C2 server (confidence level: 100%)
file86.105.4.169	Unknown malware botnet C2 server (confidence level: 100%)
file147.185.221.211	NjRAT botnet C2 server (confidence level: 100%)
file196.119.117.99	NjRAT botnet C2 server (confidence level: 100%)
file45.145.225.144	XWorm botnet C2 server (confidence level: 100%)
file105.157.43.163	NetSupportManager RAT botnet C2 server (confidence level: 75%)
file193.74.80.10	QakBot botnet C2 server (confidence level: 75%)
file199.68.107.134	QakBot botnet C2 server (confidence level: 75%)
file24.28.94.175	QakBot botnet C2 server (confidence level: 75%)
file5.44.45.9	Sliver botnet C2 server (confidence level: 75%)
file184.174.20.37	XWorm botnet C2 server (confidence level: 100%)
file154.9.254.152	Cobalt Strike botnet C2 server (confidence level: 100%)
file95.81.121.238	Cobalt Strike botnet C2 server (confidence level: 100%)
file196.251.116.86	Remcos botnet C2 server (confidence level: 100%)
file181.162.139.198	Quasar RAT botnet C2 server (confidence level: 100%)
file103.154.55.82	DeimosC2 botnet C2 server (confidence level: 100%)
file129.159.143.45	Chaos botnet C2 server (confidence level: 100%)
file85.9.196.246	MimiKatz botnet C2 server (confidence level: 100%)
file3.85.215.181	Meterpreter botnet C2 server (confidence level: 100%)
file185.241.61.102	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file178.162.203.202	NjRAT botnet C2 server (confidence level: 100%)
file5.79.71.225	NjRAT botnet C2 server (confidence level: 100%)

Hash

Value	Description	Copy
hash12345	Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%)
hash8082	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash6000	Venom RAT botnet C2 server (confidence level: 100%)
hash80	Bashlite botnet C2 server (confidence level: 100%)
hash80	AdaptixC2 botnet C2 server (confidence level: 100%)
hash2080	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9850	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8000	Venom RAT botnet C2 server (confidence level: 100%)
hash8888	DCRat botnet C2 server (confidence level: 100%)
hash60000	Unknown malware botnet C2 server (confidence level: 100%)
hash8443	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash1234	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Unknown malware botnet C2 server (confidence level: 100%)
hash8084	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash23	Bashlite botnet C2 server (confidence level: 90%)
hash7000	XWorm botnet C2 server (confidence level: 100%)
hash44490	AsyncRAT botnet C2 server (confidence level: 100%)
hash31288	AsyncRAT botnet C2 server (confidence level: 100%)
hash8003	ValleyRAT botnet C2 server (confidence level: 100%)
hash8004	ValleyRAT botnet C2 server (confidence level: 100%)
hash8520	XWorm botnet C2 server (confidence level: 100%)
hash6017	XWorm botnet C2 server (confidence level: 100%)
hash6667	ValleyRAT botnet C2 server (confidence level: 100%)
hash8080	AsyncRAT botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash41337	AdaptixC2 botnet C2 server (confidence level: 100%)
hash50540	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash47041	DeimosC2 botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2000	XWorm botnet C2 server (confidence level: 100%)
hash6501	AsyncRAT botnet C2 server (confidence level: 100%)
hash5001	Venom RAT botnet C2 server (confidence level: 100%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8887	ValleyRAT botnet C2 server (confidence level: 100%)
hash1888	ValleyRAT botnet C2 server (confidence level: 100%)
hash1889	ValleyRAT botnet C2 server (confidence level: 100%)
hash1899	ValleyRAT botnet C2 server (confidence level: 100%)
hash10443	Meterpreter botnet C2 server (confidence level: 75%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash1024	Remcos botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash6001	Venom RAT botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash443	Meterpreter botnet C2 server (confidence level: 100%)
hash7547	Meterpreter botnet C2 server (confidence level: 100%)
hash2222	Meterpreter botnet C2 server (confidence level: 100%)
hash2222	Meterpreter botnet C2 server (confidence level: 100%)
hash8443	GobRAT botnet C2 server (confidence level: 100%)
hash8443	GobRAT botnet C2 server (confidence level: 100%)
hash80	GobRAT botnet C2 server (confidence level: 100%)
hash8483	GobRAT botnet C2 server (confidence level: 100%)
hash8443	GobRAT botnet C2 server (confidence level: 100%)
hash8443	GobRAT botnet C2 server (confidence level: 100%)
hash8443	GobRAT botnet C2 server (confidence level: 100%)
hash8443	GobRAT botnet C2 server (confidence level: 100%)
hash42208	GobRAT botnet C2 server (confidence level: 100%)
hash8443	GobRAT botnet C2 server (confidence level: 100%)
hash8483	GobRAT botnet C2 server (confidence level: 100%)
hash8443	GobRAT botnet C2 server (confidence level: 100%)
hash8483	GobRAT botnet C2 server (confidence level: 100%)
hash8443	GobRAT botnet C2 server (confidence level: 100%)
hash8443	GobRAT botnet C2 server (confidence level: 100%)
hash8443	GobRAT botnet C2 server (confidence level: 100%)
hash8443	GobRAT botnet C2 server (confidence level: 100%)
hash8443	GobRAT botnet C2 server (confidence level: 100%)
hash8443	GobRAT botnet C2 server (confidence level: 100%)
hash8080	GobRAT botnet C2 server (confidence level: 100%)
hash8888	GobRAT botnet C2 server (confidence level: 100%)
hash443	GobRAT botnet C2 server (confidence level: 100%)
hash80	GobRAT botnet C2 server (confidence level: 100%)
hash8443	GobRAT botnet C2 server (confidence level: 100%)
hash8483	GobRAT botnet C2 server (confidence level: 100%)
hash8080	GobRAT botnet C2 server (confidence level: 100%)
hash8888	GobRAT botnet C2 server (confidence level: 100%)
hash8443	GobRAT botnet C2 server (confidence level: 100%)
hash8443	GobRAT botnet C2 server (confidence level: 100%)
hash8443	GobRAT botnet C2 server (confidence level: 100%)
hash8080	GobRAT botnet C2 server (confidence level: 100%)
hash8888	GobRAT botnet C2 server (confidence level: 100%)
hash80	GobRAT botnet C2 server (confidence level: 100%)
hash443	GobRAT botnet C2 server (confidence level: 100%)
hash4434	GobRAT botnet C2 server (confidence level: 100%)
hash8080	GobRAT botnet C2 server (confidence level: 100%)
hash8888	GobRAT botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash58682	NjRAT botnet C2 server (confidence level: 100%)
hash10000	NjRAT botnet C2 server (confidence level: 100%)
hash6000	XWorm botnet C2 server (confidence level: 100%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 75%)
hash995	QakBot botnet C2 server (confidence level: 75%)
hash443	QakBot botnet C2 server (confidence level: 75%)
hash443	QakBot botnet C2 server (confidence level: 75%)
hash8888	Sliver botnet C2 server (confidence level: 75%)
hash7000	XWorm botnet C2 server (confidence level: 100%)
hash8081	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash8080	Quasar RAT botnet C2 server (confidence level: 100%)
hash12015	DeimosC2 botnet C2 server (confidence level: 100%)
hash8080	Chaos botnet C2 server (confidence level: 100%)
hash8080	MimiKatz botnet C2 server (confidence level: 100%)
hash44817	Meterpreter botnet C2 server (confidence level: 100%)
hash2080	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash1124	NjRAT botnet C2 server (confidence level: 100%)
hash1124	NjRAT botnet C2 server (confidence level: 100%)
hashcd98b4bc1fb6f639ec7398dfdcbcf89f7958507d	DCRat payload (confidence level: 95%)
hash431f3847118cd3d86255c6406e622c5bf75da18576b2d8f17fbef878c5bb234b	DCRat payload (confidence level: 95%)
hashecfb9b4b9269ea9ab538fce181950dd9	DCRat payload (confidence level: 95%)
hash3c55749daf93c8fd1c0d4a553a410d0f469e3a96	NjRAT payload (confidence level: 95%)
hash6665a09f016607c1fb50c2680a0a6d16b6c4f7c761a3fcd326126b6b7a582f29	NjRAT payload (confidence level: 95%)
hashda21e710f576cd7175a6190bce08f95d	NjRAT payload (confidence level: 95%)
hasheda19cfe6599bb71b286101d9e3baabeb1b74a01	Supper payload (confidence level: 95%)
hash80b8b696061e9f3f94c9889b0c51189ea3941a72432627e799fa2d65f4bf8f6d	Supper payload (confidence level: 95%)
hash91c0f700b654707bfba6a18ab1e07914	Supper payload (confidence level: 95%)
hash41051192d3786bfb404c3419672bbbe6d37c6e2e	DCRat payload (confidence level: 95%)
hash65621439cbd374a6dec8a7b0705c3f3a19177a666e7660fb8c7b914325751424	DCRat payload (confidence level: 95%)
hash9e8a1fc9459c9cbd687ec65442b9b20b	DCRat payload (confidence level: 95%)
hashbbde22050be86b0d9267bb49b2beb666d3bc89fd	KrakenKeylogger payload (confidence level: 95%)
hasha866ea54f436fbc64be8cf3d2941a9558151ee9ea1ca3fc28a8b48d512de8b83	KrakenKeylogger payload (confidence level: 95%)
hash1d2356b62e1c5c503d3cef4a3fb994fd	KrakenKeylogger payload (confidence level: 95%)
hash6f73169a2c7e589c8f09933657a6a300dfdad148	XWorm payload (confidence level: 95%)
hash32abd504ecaefdf448d5b81608ab64efce3f07b9e1a9d2be84d734b5d5c65cd7	XWorm payload (confidence level: 95%)
hash6a9a76bd0f446daeedffeb65d6073254	XWorm payload (confidence level: 95%)
hashb32aa916d6fbe36f68051e2c01b50a53050ebe32	XWorm payload (confidence level: 95%)
hash8c5da7254dd8e9a692e25a4e969a605a3c3486bfdec491b041947694f4058d74	XWorm payload (confidence level: 95%)
hash485b637f4faf6b0303ed2c17168e921d	XWorm payload (confidence level: 95%)
hashd26f7734fd7c5df790345d78d7844ce0ed2f269c	XWorm payload (confidence level: 95%)
hash4d23f39da1e4a0435bf6a051547dd2790f90b94713f0a3282e50cf51e62fc2e5	XWorm payload (confidence level: 95%)
hash49166bdf0424f10e3ac5a8130a6469dc	XWorm payload (confidence level: 95%)
hash7221774c768ce1eb96e255eb8af93290881123eb	RedLine Stealer payload (confidence level: 95%)
hash5d2963277d32e68983fee5223870e9288df4263281f03dd79b5fcaa228d620da	RedLine Stealer payload (confidence level: 95%)
hash3adde62fcc0123a084a4a02bc2569300	RedLine Stealer payload (confidence level: 95%)
hashcc37e5e493d4958d9baaddc347b711c391b2cb7f	NjRAT payload (confidence level: 95%)
hash83db39d3dcb2b20724085d4e8c49b8b5e74c2dda134fdce39cfd0f3344fc4cfe	NjRAT payload (confidence level: 95%)
hash1766dfab5b571bc4deef51298430fffc	NjRAT payload (confidence level: 95%)
hash42916fc81c2d3a5859b0e415eab9b052a4bbf79d	NjRAT payload (confidence level: 95%)
hash23df7d010954b77c60baa47163c9ca200780bfe681e27af2439ba3b841419800	NjRAT payload (confidence level: 95%)
hash0c19ac838c8649ab0f6d543f94e422f9	NjRAT payload (confidence level: 95%)
hasha7b1e4c42587aa11adc53312796acb7b56784be5	Rhadamanthys payload (confidence level: 95%)
hashd31b66b4a4861c67ae36746638260ad2fc303593f64191f2ff89342723f16c3a	Rhadamanthys payload (confidence level: 95%)
hash55ee8d10f9aa27af0ff159d4dc3d9fe5	Rhadamanthys payload (confidence level: 95%)
hash0fddc18c872c8b22709aa5a2e8d3b06f846249e1	Rhadamanthys payload (confidence level: 95%)
hash71f4116bdd2809e4814308082871fabe98c0301dd42d11d66af86b1f794f3570	Rhadamanthys payload (confidence level: 95%)
hash2093e9a2f25f10278303ae4e76d577b1	Rhadamanthys payload (confidence level: 95%)
hash10fb01718e8a0f6c2741904b5b7a1bd89afac23b	Rhadamanthys payload (confidence level: 95%)
hash1bf18f545a82c0ecc165e076258bfc505cc46b7faac2a527c6772bb455530425	Rhadamanthys payload (confidence level: 95%)
hash121e129b7d3b0d36bd1f073263c51242	Rhadamanthys payload (confidence level: 95%)
hash3b2f99089f2ee005d3a6171199601d2382761e08	Rhadamanthys payload (confidence level: 95%)
hashb642a55956e6f7abb0f8c7c30f6bbdb70f430f1bd7a22934b06efeaa703f320c	Rhadamanthys payload (confidence level: 95%)
hash8e2ca4b87309927b6cdfe5151a4b185f	Rhadamanthys payload (confidence level: 95%)
hash2b59d8d097cc5300cc21319c3e1d0ac0ebfdbb1b	Rhadamanthys payload (confidence level: 95%)
hashf5d2b45eab3dfc0909628df18b71b15d0ec3a21e2df0cdda42f8760572b0bce8	Rhadamanthys payload (confidence level: 95%)
hasha3997bfca78ac4bc6d33ccf866d2ffde	Rhadamanthys payload (confidence level: 95%)
hashf67489ff1bf79754eed04882541de004fa0bc799	Rhadamanthys payload (confidence level: 95%)
hash5c6c88bd268f477c561a4de6e31b4c7a16643aed51476a3f44ec9f4db91ad565	Rhadamanthys payload (confidence level: 95%)
hash829c3c2d3ccca2375b6e9a109f19d171	Rhadamanthys payload (confidence level: 95%)
hash62998564e229c6e096ddb15066424885f88e0c53	Rhadamanthys payload (confidence level: 95%)
hash52c2fee7cb6c08d63f6946380366636bdacfc2889fcc9decd0b235bb62143da1	Rhadamanthys payload (confidence level: 95%)
hash50085d3b6fdb0b0be8da206bbe609749	Rhadamanthys payload (confidence level: 95%)
hashe8218a75f7fdeb3b0d1586c696fc09a5f1c924ed	Rhadamanthys payload (confidence level: 95%)
hash54f5deb02f0e1201b1df46e76ea4c576ed79f3367c898bde7f86b04724204bfb	Rhadamanthys payload (confidence level: 95%)
hashe3e61e04b79951551e693bf7a00ef519	Rhadamanthys payload (confidence level: 95%)
hash5447655c0519dd0e69efcabb29954371bbe386bb	Rhadamanthys payload (confidence level: 95%)
hash5926d627c22451935279c318b6412b8a35a8c5286ddb613932fad5818983d4c3	Rhadamanthys payload (confidence level: 95%)
hash34142362e2284e28902a907f173ebbfc	Rhadamanthys payload (confidence level: 95%)
hash29eedf8ed7909f87c9e982558d480a2f911403b3	Rhadamanthys payload (confidence level: 95%)
hash79be3153d734dd4609a980c60e62b5f24698979b159898ea2e72e1520c57c256	Rhadamanthys payload (confidence level: 95%)
hash46a0df35af30ca2fb665be8ebc3f588f	Rhadamanthys payload (confidence level: 95%)
hash3feb1e432ea479e6d67b8c7a822a948a08256762	Rhadamanthys payload (confidence level: 95%)
hash4f1509251ae0437d1dde031a21f79cd019eabd5684537ee6216b1eaf29a1ce86	Rhadamanthys payload (confidence level: 95%)
hash06f99e69083b2fcbca4e6a25e4d44fda	Rhadamanthys payload (confidence level: 95%)
hash6d1abda232fd0550e1b247ddb9e6ac5dfe9712b4	Rhadamanthys payload (confidence level: 95%)
hash9a30c01785aa9a50fad327856ec800242c919ffe281b1b2d8701931dc80ce0a6	Rhadamanthys payload (confidence level: 95%)
hash9d3a8fcbc6e1229d68ed5dbba3dcb962	Rhadamanthys payload (confidence level: 95%)
hash88e00a05d1755bf9e649151ec64f7fc2ef1a149b	Rhadamanthys payload (confidence level: 95%)
hash8c8516666f6ac99c94c47275d15145cdf926a5c4ad96cb4debce1630f231f073	Rhadamanthys payload (confidence level: 95%)
hashe1a82aeb48285d31eae4ca0093228b4d	Rhadamanthys payload (confidence level: 95%)
hash35508e6009d6848285129d252a89d635457569e7	Rhadamanthys payload (confidence level: 95%)
hasha87b12ff2cef4836e4b9def5db976d9cb731325b32f42023db82879ee12d515f	Rhadamanthys payload (confidence level: 95%)
hashfab5cdbe477521c78887c49d79254e0f	Rhadamanthys payload (confidence level: 95%)
hash538dc260c36aa47ebb1fc6ba9c319993a0bd35f2	Rhadamanthys payload (confidence level: 95%)
hashb7c786f778ceca49c5c25e29b92c779f8a89016257ef56c320f9cfe47654fa5d	Rhadamanthys payload (confidence level: 95%)
hash31b64629377ff6ac00bd2fb16682c6c3	Rhadamanthys payload (confidence level: 95%)
hash0f29b48d34d9cd022d9b5994c6fd756782fb0d56	Rhadamanthys payload (confidence level: 95%)
hashddffb130e8e1c1f6d67bf6f31b2477950431b5a94a64561d9d0b1fc6b353bf01	Rhadamanthys payload (confidence level: 95%)
hashb96d5aa770c8236879fea37a0c1f49ff	Rhadamanthys payload (confidence level: 95%)
hashb11e1ca0a23abe1e5c0625e138e10955d115aa18	Rhadamanthys payload (confidence level: 95%)
hashfc0ecc19d78234ab9dd36ecb7f0abdaf3f7bc7ca6480e0552829bfa87bd78413	Rhadamanthys payload (confidence level: 95%)
hasheb3d05b49c2576ec211e36d101e21407	Rhadamanthys payload (confidence level: 95%)
hasha74a2571a8fa23b24af8a0e85038d337b8bd8aaf	Rhadamanthys payload (confidence level: 95%)
hash84663f07e8da0e518161aa58507e4a500b0c313628e487ab06e9d4aa41dee693	Rhadamanthys payload (confidence level: 95%)
hashb8a591faf332becb1bdbb73fd0a82fbb	Rhadamanthys payload (confidence level: 95%)
hash5e05c76c8d6bd693d4f454223be22c56f852c4ac	Rhadamanthys payload (confidence level: 95%)
hash50cc2f5863c2fab1dbdf6876b0ca6e1c7baa1ed46a5514f5f87f6ac764139c5e	Rhadamanthys payload (confidence level: 95%)
hash56a86ffe2ae39e2396a481e69fc3589c	Rhadamanthys payload (confidence level: 95%)
hash79ba27ffdc8d892d2e7660dc9ac08cf52b5ea332	Rhadamanthys payload (confidence level: 95%)
hash1416c7300d50a474017eca77401833824c477cdcb2d9c2b90804d32e102e86df	Rhadamanthys payload (confidence level: 95%)
hashd380766570b4629c0a09736906a169ae	Rhadamanthys payload (confidence level: 95%)
hashb520b3fab254613a9e377dadeb624225ba8e2b72	Rhadamanthys payload (confidence level: 95%)
hashd492a9c75cba6ce53f8ad9fd9776c598e182b072b77a3f53e258b5fa2a2e212b	Rhadamanthys payload (confidence level: 95%)
hash49eb86b9ec2a3d733849f615c040e580	Rhadamanthys payload (confidence level: 95%)
hash13b353c69a0c78f0b08bde4707de7e4b013df0ed	Rhadamanthys payload (confidence level: 95%)
hashac3864bb7f4c7b017abf022b889227d5020d80964eb647c9437abbf9e55bf7f7	Rhadamanthys payload (confidence level: 95%)
hash1db370dea0f9dd2706547d91868044e7	Rhadamanthys payload (confidence level: 95%)
hashfdf1142e4e885395598188d8a3a8a5f5e881cb17	Rhadamanthys payload (confidence level: 95%)
hash9ad0d98bbf8b5df4df29d24bf84fb1b2e10d35d9f4d8824afac4b140fbe57621	Rhadamanthys payload (confidence level: 95%)
hash64f2e2884d7dd3ce8502ea35d9d182a0	Rhadamanthys payload (confidence level: 95%)
hashfe4580417e6506e285c3c56bd62e8732c174366c	Rhadamanthys payload (confidence level: 95%)
hashd2933e86abe937e9e80532e1b37f507f7330ab1f97b5808fbeeb543c3a4ff39b	Rhadamanthys payload (confidence level: 95%)
hash97f18357604b6e868f2dc7fb1b7665c8	Rhadamanthys payload (confidence level: 95%)
hash6bd269d23d6cf83dca6c92deb9aac9a44644b1ca	Rhadamanthys payload (confidence level: 95%)
hashac49986c49c6081e7b67829e87145dde0da7a320f68ba89fa4ada335e387209a	Rhadamanthys payload (confidence level: 95%)
hashdd5771c2d7be571a0d7ffe4a28c51155	Rhadamanthys payload (confidence level: 95%)
hash50147ff75917a2d6ed36a79fcf2aa0967d816ca1	Rhadamanthys payload (confidence level: 95%)
hashec48b3c95c75d4ec75cc2d955dc97ec040dc23eff48c41034254a6d73587d12c	Rhadamanthys payload (confidence level: 95%)
hashd02436439f8da18bcdf65693a90e8133	Rhadamanthys payload (confidence level: 95%)
hashe9692cb7cc0bf27d93beef120a2bcd0fed63fb6b	Rhadamanthys payload (confidence level: 95%)
hash4e7b2b3a86fac39041e89fc26b4cedfefacd285e7f389cc8ad4275fcf124c0b4	Rhadamanthys payload (confidence level: 95%)
hash822475b1b2412233f4fffdd831b0145e	Rhadamanthys payload (confidence level: 95%)
hash8729af17781eef9c3971021df0e0347f90bf76ee	Rhadamanthys payload (confidence level: 95%)
hash9b0ee330b58584603c1d1510bfeee549e128ecc7867e2c38ea6ca71c5fd3c89d	Rhadamanthys payload (confidence level: 95%)
hash63e8527db4cc833208c95729f4ef095f	Rhadamanthys payload (confidence level: 95%)
hashc2df992634832ad142aa6678a0c0b60f2313269f	Rhadamanthys payload (confidence level: 95%)
hash890514433a1432cbf79c400daf59ca5f40fdc84b174d8bc81047e2deadb24711	Rhadamanthys payload (confidence level: 95%)
hash7d837c7a1b00e0728ad0304e81cd09ff	Rhadamanthys payload (confidence level: 95%)
hasha983898f9ec97037be3c967d140c46be9c6ee483	Rhadamanthys payload (confidence level: 95%)
hash806b8f3a38f8a5d8ebd84035061958af1e928b90e88e0b589c5ce7a470e5437f	Rhadamanthys payload (confidence level: 95%)
hashba0082622dcd60b18a95ec6feb8969c4	Rhadamanthys payload (confidence level: 95%)
hash662922ed199bf3ac268a88cec492ec0488fe5700	Vidar payload (confidence level: 95%)
hash63e15d1eb55574d8672d7de7357823e81595138ed77ef04687724a7fa53c7b7e	Vidar payload (confidence level: 95%)
hash02613fd9eb1f24b22d9360dbbb515a86	Vidar payload (confidence level: 95%)
hash48aa7f22e482baccfdc6b6eb9f3163f5510352b8	MASS Logger payload (confidence level: 95%)
hash399c51d6ed22fb0c649d5a148aaef55eee07060251dde6ed045c188d2f4c8b4a	MASS Logger payload (confidence level: 95%)
hashcee23114ee0a49913578af4341371328	MASS Logger payload (confidence level: 95%)
hash33fe08808b8cc9dd988ca0fba0bb64a419b5b356	MASS Logger payload (confidence level: 95%)
hashcbbec8fcc0e23e23bcdce82ab97533c7b49f0bcac924cf254a2a8d02b9594ac5	MASS Logger payload (confidence level: 95%)
hashc28bd998170f68d88caa8d3b4549ddad	MASS Logger payload (confidence level: 95%)
hashdf6b2d1084d5284ed6dab7c5eb5af3b2384f378c	DarkTortilla payload (confidence level: 95%)
hashbb137c100b1bdff7e0ec53d8c241cbb48c36053ce42b28e0bde597ee44bd6436	DarkTortilla payload (confidence level: 95%)
hash7479900388524599256895898da52666	DarkTortilla payload (confidence level: 95%)
hash37a0d0bdc8262fcec46e91c4ea3f8a1b64164937	MASS Logger payload (confidence level: 95%)
hash680b970286f2498ccaeb886d8b0a80194ca0e877ae64732b40989e30d836b215	MASS Logger payload (confidence level: 95%)
hashc7808c3bbbf2527869d16998721a5ee2	MASS Logger payload (confidence level: 95%)
hash281306ef9ff61e4e7eeaea6eb1296783419041cc	ValleyRAT payload (confidence level: 95%)
hash116d5947b1919ad56634b965b9009aff3ff798d03b6457f7ff09ddf9752839db	ValleyRAT payload (confidence level: 95%)
hash3ed02ffe6a0ec394039882493c01714a	ValleyRAT payload (confidence level: 95%)
hash26ce8b281649269d32f789cfe22755bfe8be2c59	XWorm payload (confidence level: 95%)
hash97ff3ee11f99e1d6a1d317a0699d949360248065091cc5d9776124c2295c64fb	XWorm payload (confidence level: 95%)
hashf572e3a74ccef5a8d5d66cdbe9daffdc	XWorm payload (confidence level: 95%)
hashed3fa1b25be8a583ea879863ddbe3864e7acbf1f	XWorm payload (confidence level: 95%)
hash099afd254dfd4a108297b27e87c90186c3af536ebcba8ffc66f479cbc3c33c97	XWorm payload (confidence level: 95%)
hashc5617a04dec72fa1ca3dbdc922721ea9	XWorm payload (confidence level: 95%)

Url

Value	Description	Copy
urlhttp://43.161.221.153:8888/supershell/login/	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://491131cm.n9shteam1.top/tosecurepacketbigloadserversqlbaseflowertemp.php	DCRat botnet C2 (confidence level: 100%)

Threat ID: 68e30aea94eb61166f9a7c38

Added to database: 10/6/2025, 12:18:50 AM

Last enriched: 10/6/2025, 12:34:07 AM

Last updated: 10/7/2025, 12:47:16 PM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2025-10-05

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2025-10-05

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Domain

File

Hash

Url

Community Reviews

Related Threats

Nimbus Manticore Deploys New Malware Targeting Europe

Iranian State Hackers Use SSL.com Certificates to Sign Malware

China Exploited New VMware Bug for Nearly a Year

'Klopatra' Trojan Makes Bank Transfers While You Sleep

'Confucius' Cyberspy Evolves From Stealers to Backdoors in Pakistan

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility