Reconnecting to live updates…
ThreatFox IOCs for 2025-10-16
Severity: mediumType: malware
ThreatFox IOCs for 2025-10-16
AI Analysis
Technical Summary
This entry from the ThreatFox MISP feed dated October 16, 2025, provides a set of Indicators of Compromise (IOCs) related to malware activities, specifically categorized under OSINT, network activity, and payload delivery. The data appears to be a collection of threat intelligence rather than a report of a new vulnerability or active exploit. No specific affected software versions or products are listed, and no patches or mitigations are available, indicating that this is not a vulnerability disclosure but rather intelligence sharing. The threat level is rated medium, with a threatLevel of 2 and distribution level of 3, suggesting moderate dissemination but limited immediate impact. The absence of known exploits in the wild and lack of detailed technical indicators imply that this information serves primarily to inform security teams about potential malicious network behaviors and payload delivery methods observed or anticipated. The TLP (Traffic Light Protocol) is white, meaning the information is intended for public sharing and broad dissemination. This type of OSINT feed is valuable for enhancing situational awareness and improving detection capabilities but does not represent an active or critical threat by itself.
Potential Impact
For European organizations, the direct impact of this threat intelligence feed is limited as it does not describe an active exploit or vulnerability. However, the shared IOCs can enhance detection and response capabilities by informing security teams about emerging malware behaviors and network activity patterns. Organizations relying on threat intelligence to tune their security monitoring tools, such as SIEMs and IDS/IPS, can improve their ability to identify and mitigate potential payload delivery attempts. The medium severity rating suggests a moderate risk level, emphasizing the importance of maintaining updated threat intelligence and proactive network monitoring. Failure to integrate such OSINT data could result in delayed detection of malware campaigns or payload delivery mechanisms, potentially leading to data breaches or service disruptions. The lack of patches or direct remediation steps means that impact mitigation relies heavily on operational security measures rather than software fixes.
Mitigation Recommendations
European organizations should prioritize the integration of ThreatFox and similar OSINT feeds into their security operations centers (SOCs) and threat intelligence platforms to enhance early detection of malicious network activity and payload delivery attempts. Implement advanced network monitoring and anomaly detection systems capable of leveraging IOCs for real-time alerts. Regularly update and tune intrusion detection and prevention systems (IDS/IPS) with the latest threat intelligence to identify suspicious traffic patterns. Conduct threat hunting exercises using the provided IOCs to proactively identify potential compromises. Enhance employee awareness and training on recognizing phishing and social engineering tactics that may be used to deliver payloads. Establish robust incident response procedures to quickly contain and remediate detected threats. Collaborate with national and European cybersecurity information sharing organizations to stay informed about evolving threats and mitigation strategies. Since no patches are available, focus on defense-in-depth strategies including network segmentation, endpoint protection, and strict access controls to limit potential attack surfaces.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden
Indicators of Compromise
- file: 196.251.86.238
- hash: 56001
- url: https://176.46.141.5/gateway/4hl0nqt9.0rlra
- file: 117.72.214.50
- hash: 6000
- file: 193.26.115.160
- hash: 4444
- domain: www.slickwebads.com
- file: 212.192.13.63
- hash: 8888
- file: 139.224.103.68
- hash: 8888
- file: 172.94.111.194
- hash: 8808
- file: 137.74.43.218
- hash: 443
- file: 165.232.168.59
- hash: 80
- file: 165.232.168.59
- hash: 443
- file: 43.204.24.54
- hash: 6005
- domain: b.4y2o5.ru
- domain: q1n.4y2o5.ru
- domain: a.1o6y4.ru
- domain: n3.1o6y4.ru
- url: http://78.90.248.149:2862/.i
- domain: zc.1o6y4.ru
- domain: t1.1o6y4.ru
- file: 178.16.54.37
- hash: 19601
- domain: x.1o6y4.ru
- domain: h7.1o6y4.ru
- domain: p9.1o6y4.ru
- domain: g.5e7i0.ru
- domain: q4.5e7i0.ru
- domain: bd.5e7i0.ru
- domain: z1.5e7i0.ru
- domain: tq.5e7i0.ru
- domain: h9.5e7i0.ru
- domain: x8n.5e7i0.ru
- domain: ember.wqix-5.ru
- file: 118.25.91.151
- hash: 8084
- domain: velvet.wqix-5.ru
- domain: brisk.wqix-5.ru
- domain: willow.wqix-5.ru
- domain: quartz.wqix-5.ru
- domain: hazel.wqix-5.ru
- domain: flint.wqix-5.ru
- file: 151.241.228.128
- hash: 7443
- file: 190.206.77.147
- hash: 443
- file: 64.227.152.121
- hash: 3333
- file: 145.132.81.61
- hash: 443
- file: 174.138.65.81
- hash: 443
- file: 46.101.255.126
- hash: 13333
- file: 20.98.19.208
- hash: 80
- file: 91.107.249.230
- hash: 2086
- file: 139.226.187.157
- hash: 8200
- file: 106.52.223.188
- hash: 3333
- file: 18.184.10.69
- hash: 443
- file: 3.64.67.43
- hash: 443
- file: 44.208.44.100
- hash: 443
- file: 115.78.4.249
- hash: 8443
- file: 172.236.213.91
- hash: 2600
- file: 13.49.74.123
- hash: 3333
- file: 101.33.196.11
- hash: 443
- file: 3.72.132.44
- hash: 80
- file: 3.72.132.44
- hash: 443
- file: 16.171.199.170
- hash: 3333
- file: 117.72.36.155
- hash: 12345
- file: 35.197.201.182
- hash: 3389
- file: 81.31.208.228
- hash: 2404
- file: 45.156.87.176
- hash: 2404
- file: 104.140.154.201
- hash: 30107
- file: 104.140.154.248
- hash: 30195
- file: 104.140.154.77
- hash: 30086
- file: 104.140.154.162
- hash: 30086
- file: 138.68.170.98
- hash: 80
- file: 168.245.200.152
- hash: 3790
- file: 168.245.200.173
- hash: 3790
- file: 168.245.200.160
- hash: 3790
- file: 168.245.200.161
- hash: 3790
- domain: meadow.wduh-8.ru
- domain: cobalt.wduh-8.ru
- domain: raven.wduh-8.ru
- domain: maple.wduh-8.ru
- domain: onyx.wduh-8.ru
- domain: plume.wduh-8.ru
- file: 147.185.221.25
- hash: 52256
- domain: sprout.wduh-8.ru
- domain: pepper.wtok-2.ru
- domain: ginger.wtok-2.ru
- domain: saffron.wtok-2.ru
- domain: walnut.wtok-2.ru
- domain: acorn.wtok-2.ru
- domain: adigo.ydns.eu
- domain: fteamez7iurs02.duckdns.org
- domain: alemania2059.duckdns.org
- file: 83.149.105.251
- hash: 55615
- url: http://198.251.84.9
- domain: userbot.uswin.com.tr
- domain: breeze.wtok-2.ru
- url: http://107.189.17.242/7a86d8aa76374f16.php
- file: 176.65.139.19
- hash: 5888
- domain: coorpfree.duckdns.org
- domain: v1.moroccancam.com
- domain: v2.moroccancam.com
- domain: wowow422421xs.dynuddns.com
- domain: angelkingsdidthebestfeelingforhislifetog.duckdns.org
- domain: www.medicoolpart.com
- domain: zsew.pics
- file: 172.245.95.61
- hash: 2404
- domain: ivory.wtok-2.ru
- domain: jungle.bqet-3.ru
- domain: sable.mcej-9.ru
- domain: topaz.mcej-9.ru
- url: https://p.d.myolt.my.id/
- url: https://p.d.compuegypt.net/
- domain: p.d.myolt.my.id
- domain: p.d.compuegypt.net
- file: 49.13.38.248
- hash: 443
- domain: bookgiants.info
- domain: eggscoach.info
- domain: cubmilk.xyz
- domain: ultra.mcej-9.ru
- domain: verge.mcej-9.ru
- domain: zephyr.mcej-9.ru
- domain: bral.grupovargas.xyz
- domain: md.grupflixca.pro
- domain: cont.appsalve.click
- domain: cfg.brasilinst.site
- domain: yonder.mcej-9.ru
- domain: azure.mcej-9.ru
- file: 193.233.254.102
- hash: 443
- domain: one.gdyl-2.ru
- domain: car.gdyl-2.ru
- domain: back.gdyl-2.ru
- file: 195.85.115.163
- hash: 443
- file: 144.124.234.94
- hash: 9000
- file: 3.80.61.193
- hash: 26616
- file: 20.224.119.86
- hash: 80
- domain: twelve.gdyl-2.ru
- domain: dock.gdyl-2.ru
- domain: slash.gdyl-2.ru
- domain: dog.gdyl-2.ru
- url: https://pastebin.com/ynmkkhlr
- url: https://pastebin.com/raw/ynmkkhlr
- url: https://gitlab.com/bebra81/bebraprime/-/raw/main/cheatupd.exe
- url: https://gitlab.com/bebra81/bebraprime/-/raw/main/bypasserupd.exe
- file: 118.161.0.243
- hash: 443
- domain: fast.rjuq-3.ru
- domain: forward.rjuq-3.ru
- domain: glue.rjuq-3.ru
- domain: war.rjuq-3.ru
- file: 48.209.82.191
- hash: 1337
- domain: ultimate.rjuq-3.ru
- domain: four.rjuq-3.ru
- domain: black.rjuq-3.ru
- hash: 3d37edeb86f1be3abbab989e2419667655281e27caa67ff26e7a4f64237ef891
- hash: 65036efbb6befc29d27ef1ab26344428
- domain: heaven.nqyf-7.ru
- domain: white.nqyf-7.ru
- domain: gold.nqyf-7.ru
- domain: money.nqyf-7.ru
- domain: risk.nqyf-7.ru
- domain: kimono.nqyf-7.ru
- domain: qd.nqyf-7.ru
- domain: cloud.bvuf-2.ru
- domain: bridge.8u2a9.ru
- domain: path.4i1e2.ru
- domain: kz8m.te7ap.online
- domain: fire.bvuf-2.ru
- domain: t1qh.te7ap.online
- domain: water.4i1e2.ru
- domain: stevenfromcoinbase.fk3.su
- domain: rain.4i1e2.ru
- domain: vr4x.te7ap.online
- domain: return-carol.gl.at.ply.gg
- domain: thursday-cabinet.gl.at.ply.gg
- domain: agulo22.ydns.eu
- domain: view-creates.gl.at.ply.gg
- file: 206.123.132.75
- hash: 8808
- domain: kids-peer.gl.at.ply.gg
- domain: design-plasma.gl.at.ply.gg
- file: 144.172.93.139
- hash: 9000
- file: 93.127.141.51
- hash: 4782
- file: 45.32.151.206
- hash: 443
- file: 177.198.122.24
- hash: 8081
- file: 160.176.103.193
- hash: 443
- file: 120.78.184.114
- hash: 443
- domain: late-lil.at.ply.gg
- file: 167.71.56.116
- hash: 22764
- file: 104.210.107.111
- hash: 4444
- domain: 12.895628.xyz
- domain: wargvan.duckdns.org
- url: http://www.copent.net/black/coded/logs/fre.php
- domain: leaf.4i1e2.ru
- domain: wolf.8u2a9.ru
- url: http://mnbvcxz.biz/angel/five/fre.php
- domain: m0yl.te7ap.online
- url: https://mnbvcxz.biz/angel/five/fre.php
- domain: stone.4i1e2.ru
- url: https://websalat.top/sa1at/
- domain: storm.bvuf-2.ru
- domain: c7qv.te7ap.online
- domain: dow.895628.xyz
- domain: forest.4i1e2.ru
- file: 47.238.228.19
- hash: 80
- file: 47.238.228.19
- hash: 443
- file: 106.52.213.241
- hash: 443
- domain: cloud.8u2a9.ru
- domain: q4xn.te7ap.online
- domain: sun.8u2a9.ru
- domain: apple.bvuf-2.ru
- url: https://pcdcinc.com/6n7n.js
- domain: pcdcinc.com
- url: https://pcdcinc.com/js.php
- domain: app.futurarealestate.com
- domain: community.veranobuilders.com
- domain: devel.prtaxheaven.com
- domain: kuber.futurarealestate.com
- domain: plesk.puertoricolsla.com
- domain: secure.destinationgallery.com
- domain: stream.escapesvacationclub.com
- domain: support.prtaxheaven.com
- domain: forest.bvuf-2.ru
- domain: hd3n.fi7em.online
- domain: apple.8u2a9.ru
- domain: tree.bvuf-2.ru
- domain: xq74.fi7em.online
- domain: z2.bid-5.ru
- domain: b5uk.fi7em.online
- domain: w8v.bid-5.ru
- domain: 3r.bid-5.ru
- domain: p3za.fi7em.online
- domain: filestore.space
- domain: securestore.cv
- domain: 9t4.wir-2.ru
- domain: u7j.wir-2.ru
- domain: modgovindia.space
- domain: modindia.serveminecraft.net
- domain: seemysitelive.store
- domain: solarwindturbine.site
- domain: sinjita.store
- domain: sinjita.space
- domain: seeconnectionalive.website
- domain: windturbine.website
- domain: kavach.space
- domain: discoverlive.site
- domain: zn8c.fi7em.online
- domain: t9k.wir-2.ru
- domain: 932.wir-2.ru
- file: 185.222.58.62
- hash: 55615
- domain: y1dk.fi7em.online
- domain: mv.wir-2.ru
- domain: f6rx.ko0um.online
- domain: book.1a2e6.ru
- domain: leaf.8y7o4.ru
- file: 31.40.204.73
- hash: 1414
- domain: fire.8y7o4.ru
- domain: w9pl.ko0um.online
- domain: stone.vbep-3.ru
- domain: stone.ndoq-0.ru
- file: 43.128.34.181
- hash: 443
- domain: lt7d.ko0um.online
- file: 51.210.60.123
- hash: 2404
- file: 167.88.45.137
- hash: 31337
- file: 104.236.12.182
- hash: 8808
- file: 104.248.248.13
- hash: 7443
- file: 200.100.117.119
- hash: 7000
- file: 104.194.152.6
- hash: 7000
- file: 212.34.152.148
- hash: 443
- domain: wave.ndoq-0.ru
- domain: cloud.8y7o4.ru
- domain: r2vy.ko0um.online
- domain: boat.ndoq-0.ru
- domain: light.vbep-3.ru
- file: 176.46.141.7
- hash: 443
- domain: g0qm.ko0um.online
- domain: rice.1a2e6.ru
- file: 206.123.150.79
- hash: 4785
- file: 201.213.90.96
- hash: 6001
- file: 147.185.221.180
- hash: 30787
- file: 82.21.151.21
- hash: 6000
- domain: akuruonka.duckdns.org
- file: 154.198.50.152
- hash: 82
- file: 154.198.50.152
- hash: 81
- domain: apple.8y7o4.ru
- domain: star.ndoq-0.ru
- domain: wolf.vbep-3.ru
- domain: wave.1a2e6.ru
- file: 172.94.36.171
- hash: 8081
- domain: hill.ndoq-0.ru
- file: 188.4.51.113
- hash: 995
- domain: sea.1a2e6.ru
- domain: fire.4y3e4.ru
- domain: bear.1a2e6.ru
- url: http://a1178792.xsph.ru/2de49632.php
- domain: book.8y7o4.ru
- domain: star.vbep-3.ru
- domain: ice.vbep-3.ru
- file: 45.249.89.204
- hash: 443
- file: 45.83.31.52
- hash: 5000
- file: 54.46.8.105
- hash: 443
- file: 4.240.115.246
- hash: 4782
- file: 181.162.177.106
- hash: 8080
- file: 64.7.199.190
- hash: 8090
- file: 165.227.185.193
- hash: 443
- file: 80.78.24.66
- hash: 4321
- file: 34.245.162.95
- hash: 443
- file: 45.143.203.31
- hash: 443
- domain: 6416516876.ndoq-0.ru
- domain: g46dfgdf65h.8y7o4.ru
- domain: rice.vbep-3.ru
- domain: e79sx2bnqwew6.cfc-execute.bj.baidubce.com
- domain: ro4646623165ck.ndoq-0.ru
- domain: quee54949646642n.8y7o4.ru
- domain: 13586721moon.1a2e6.ru
- domain: tree.4y3e4.ru
- domain: ns1.gygiuh.online
- file: 47.129.2.130
- hash: 53
- domain: cat.1a2e6.ru
- domain: hill.vbep-3.ru
- domain: q3kz.1a2e6.ru
- domain: d7mta.1a2e6.ru
- hash: 108814bbc9e12fc6407258ae1330f5cf189b9a48
- hash: ac7c3c0c3906c4d93e34b91fa34941277f044ac26d037c113c9756a4f18619dd
- hash: d93fc3df442b53a288ba0a379f542a66
- hash: 12e00cf3e7398108497f6c4456eaafc71e0ea178
- hash: 436c3122ade820817ca6b87ae7b69a45f68df50af5bb193acace508e78904283
- hash: 46b86269771272c888d31f6782ae3797
- hash: 5eacba2d117350cd3795b5007e8a04ef8366894f
- hash: 5228cdea84a04c9047fd321efcde0b729a7b2fb036328f8c68c4379ea50c9f9a
- hash: 5e8c000f5f5edc2a912d7f14a963182b
- hash: 5dd1dee32ad8d7a5071f2b46d1de23c1741c4f13
- hash: cc8b36869573edd15c9863d8ade4001e26b8f9c47500eaaff6305a817d08a7a0
- hash: 0a3e336274413e80a196f741e1047235
- hash: f028abc1fcdb94983a39564f2fc6d4c7434ab744
- hash: 0083fba18d14e112038f6df41272c44272b7c6fbe7c9c2c268febc3c7789dbe6
- hash: fd3f5b127176fd2188f133698db001ae
- hash: 7007cde3c2c462944f507ed97928f4e839101eba
- hash: 0f425d11e80b7cf493fb42d4f4866efb68169d3c5b1a90af93ceef9a82649b5f
- hash: 85f0ea9def98e6c12fe28cef29d5b811
- hash: b220f4e32b88d2d09bc060ca4575c2318798d110
- hash: 9e81f9b5a4ed550dadcecc1b0f4589b9e4f2ad303d02e5fed8d4d1760cadd920
- hash: d662390e9a866eaed2c7022480196d8b
- hash: 27a91cef6a1dc5803ca00bc009ca87cd0e74d238
- hash: 75ba14c0254588c27d862670f629532199b81ecf20150112dbe659e61733280e
- hash: 13145d947cbdbdfcff724b5395794b5f
- hash: 53f369d9386a14ecd3e2f858c2230790707fe202
- hash: 480a1166729945af333cf8a6f5d51a4ed13ac5e4af1487ecea6e87f7aefbf656
- hash: 2763117a8af85fdbe1edbb69e5efcacd
- hash: cfdcce9aab57974cdf38f4ce62fbfac7acea7831
- hash: b2355473685b7e687fe35cc7ff24ed873bc22f1252817c9ca5048c0891927d41
- hash: 757e8ba796916d8b9593c24261de77af
- hash: 70d8cc85d229f585b95dc24961e123bb0046e6b4
- hash: 7b109b5badd42b94158440df4d60d14a8ee5b8c4c983fc5c44469b9dbbe7f535
- hash: d24aec5c7ac8ce9f8fe10d827f4725ca
- hash: fb2468b5b40e518d363c4437a4088c64a2b4c455
- hash: 2987f4fa6a5be4dcf6e9537caffbf55fb1459479ed7bcb973e9065530601862f
- hash: 79950e360050f791f24fe2b8fc970f4c
- hash: 8d5f01cffb09402b20ddf9d7e319600d64f401a2
- hash: 542e8f77c3f157b6985c9cd3ae840b394b19903b6261c1d6bdb5f6b403f778c9
- hash: 19c2364d3999a9cdc031be47764396ae
- hash: 48707b1abb042ef13111eb404ea361f192fcc07a
- hash: 402bcd858e3bd3174fd8f5dd10538c5566dd83f083f81727d0d0162ead86d133
- hash: 8097f8655e3e3a5d2009f7f53c86c81e
- hash: 9fb8c7c1bf62f1f547942fac86698b390079b370
- hash: f18e085853ab6f46981f3627a81788397ce1bf7f30900ab8d86e524570638e8b
- hash: 938f82a543f7638a0a2693ea94d00937
- hash: 1b0fd3e933fbb4a0475a718f41663a52e5d3010d
- hash: 34e430a853791744d1c0ee90c71c515c8713e10bd82a0037db6380b11404a8c7
- hash: 894af96679aa3fb941b7aff37fa7e015
- hash: 52666ff4c2de0b692f4d2fb33c47278540884858
- hash: fb91ced75e9fc620d4a44b82cbaff8f6e0e44b3315b4a73d2cfbdc70b838e64d
- hash: 556df0640e4afcc9394a198a6c609c2e
- hash: eb5eab442639a7a9ce2e76dca087e384c2034406
- hash: 3abce3ec21be7d5fd6d151a46920c1051a680a2c7a4900737545b62887d890b1
- hash: 1445f8301e744477d16cd93b8b0f0dca
- hash: c13dfb9ecc1091276557cdc443810de4bf09ce30
- hash: c17506b0694c3a922f9abce5cbdaad4d314108b37e9677d8a14c5733f65876a1
- hash: 2b65dd0d7ee9ea1bdb466ae837c53634
- hash: b2f6b17a35b5c7bbf6b195ce93154153a5c11b4f
- hash: 2ff344becdeeebaf41aa09b6c11de9b38a143243c3a1ec6e499a2e38cc4c191a
- hash: c7132f76df0eee7b237efb9fcedc603b
- hash: 8aacc50aa7a19b90a935435a9bdcd93927299372
- hash: e6edaae46cf8ac9b9c474e59a8f5f7d1075460c6217375459b7b3a7fffa7308b
- hash: b9dae38670a5128e4e4c3c57b2f9e9d1
- hash: a803fa85b84e363604975a5682b279a69739a78e
- hash: 6fbaa2637e7c8773695dcf07a85dc830112da3d8dab5dbe277dfa96111470920
- hash: 6f8351ff0adfd7b724bf34cab7c6052b
- hash: 138f70433304071dc3a2d20150b34eb671430ac7
- hash: cb9ba3a03cf1dda609a83556cc83f5a1720fe8dd6c215e2cbb68347ddcd1703b
- hash: dd9957fc0e51970b04b72421a4b61b5a
- hash: e37c80e9cc7b1957f97a013586c6f441487b76be
- hash: 75cafbb326bf7b79d7f84be7a767500d08bd5af878d5ecf2507823e5af455387
- hash: f774d36231330d3e4728b9db02f841fb
- hash: 43579cf5e680aeecb72d6b6934d2b93ac935302c
- hash: 9471113f122f0c1a515558bbf07c246c508ef897450ab9edc8bcda3ee7d8cd54
- hash: 79671b2ba9cc12db4b8b044c6eabfdbc
- hash: 627eec15e237971dcc38b7f43c3a35ce6c0db87d
- hash: d8e23165183fec3c7ea6c15911586ea9dcbe553873f094ac2667d93bfe0487c8
- hash: e1028d0c6d92fd673925b24bff4a475a
- hash: 9c2a31edcc4627853b053e6d643c20bb1fb9923b
- hash: 179f1a49855232d45cc76cc65c6aef30acd3f08a4b52171b9ef01b940ff9fd91
- hash: 85ffda885b39ee99407850c87fb9e9c6
- hash: 46ab53ded1b330a01c43173d387ef11e0c4745cc
- hash: 8e5cf26558db5868c159ab2542892508e961e9a029215744139d680c69a69310
- hash: 904acfffa8aff2cfa0e08d25ef61c01f
- hash: 0c985dd76a4d39d7dcdbc4485f9144d469a74985
- hash: ce976c0aafc5d4ab4ab7387b8b1f8eaa09793aaa37dfe227e9e701a7a6829dfb
- hash: 8a09b8060ffc2b2067d0ec87a8aaac1c
- hash: 1d261cafc45352a6fa08a598080e92f0a1ec4832
- hash: 5fff8aaa7eda49e0c339f8a415f158d840f22344849f294fde8cbbd2fa00b8f3
- hash: a48b850b6c45e196beb6c6eaf6e14eff
- hash: ca0f772b2c550dd65c152ed01adb29264104e260
- hash: 7d7db8dde2d6ebc5edbb5284336a3dd99f75e86952ba616f7d693d9a221c4b4d
- hash: d8d6d91e09709cee2e18625699ec602e
- hash: d9ff550bb5f27adf62a6463ec5b71fc72d311acc
- hash: b49c460684206f8ec79fed0540de717ad4349ad9b5a36cc8c1980a1b053509fb
- hash: dc5bda3b126ca6645dbd9da9510cf384
- hash: ec5d9023ae467962fe29a8d353077d1ffe0275b2
- hash: fba38ea40fbcb2778b5fa65767864d88bef91b155f9b815d6767c10a54f38590
- hash: f6b6d7af9c3ae30e234ee8a80d53220a
- hash: 723c49c4a520096d30886109add312f83ab9e000
- hash: ed352314c388c87a7c282d5ae1205f5e5669e49d5e0fc8390369fbd49f3bea83
- hash: 124f9b6b23e184f38acd4d4867130db8
- hash: 74e48371497a74cb3ff114743553674d75c3d71f
- hash: b11fb600cefba3bae661b14d1f68d0417f05befbff494d670ff06d633869b578
- hash: 0e60ffa9b5c990987cfae0ca0dd88b41
- hash: fcfc04dcf0d722a191b2310b95c114a30ecee204
- hash: 6b4b450c88139337f46886a101eb5953b60c397e0d66ae72e85e7e2ab7c5e623
- hash: cc1220aa3dbca7fcb2db3122f51b74c3
- hash: 80c6e3b9c6b034c42b9d4e7128cb1b89286aac0e
- hash: e588922522da755d7b2eee7fb8956fb836923a791c880129c2141171028b0ebc
- hash: b9c5da4dc8280de5fae7b7278e76523f
- hash: 4d7a81b0bc38cac442f80c81a3ff3de1beef3159
- hash: 44cbb9ba318ddc687dca3e0dfeba30db5469d50c9bbdbbfb5888efdd9889439e
- hash: 9edf2ea67490be79d8b2913d6e5887ac
- hash: 0761b45472b5a8f0c7f63e46193257ac699f4fca
- hash: 89767e722a70a5de2edebf2c9440cac32b37a0e16a51a99a5de3cf568b0bcfe8
- hash: 56420977b897ab1c95dc1c58e7404b55
- hash: 1c0bf5e822fbc8e1b5b65822bfa6fea3c169c365
- hash: 5a4eaf32d0659b7901cf0c8414447abf7729f191ee9117afdabbb67d10367f27
- hash: 41d85a23571e09d57856ccf8706e87a8
- hash: 2147c54b1cf927951914d453b8bc42f462a9bd42
- hash: 4836bae2f9cdf49ec6d34cd1b85aee2a16de879e29ff172c45c26acc6f5721af
- hash: f3f3782ee06fa1f34a44915ef00e8b94
- hash: 51af9ad52cde4bb1f6530a3749156e3cfb9c02ae
- hash: 915bbdf3cf472b1eb3ce2e4a3859214867cd885899b7c26bc13561709e122920
- hash: 0130d4e45a1234b1f577ed02de66b53c
- hash: c40ca96bb4606ee5e6b74cd52599f19a5b538575
- hash: a78c1bc27095dd60e16a9a2ad62a7cc60f3d819269a575443fd6b533fe86ad0c
- hash: 9822ffcf2379ff1a1003cc2951143b04
- hash: 0f4846dd9fdb8c54319f3bcddf5c99c35c8dadb1
- hash: 871c2de65268673b5d5de3692a408925789846bf58988e8298ea88cbd803d1ed
- hash: 2ac4079bb6288b5e32394ea50648b904
- hash: 220dcb464d0d2f6c6cc5c7f853d11c695f456e61
- hash: 0fe9f112bd5710b6c24c763df4e017419f1d5e972454fa2675218a96b33388f6
- hash: d8cfa8cbf580078acd6a10c3e9fcb1c5
- hash: ab51bfd017ee3c330ba1cedc9ae15baefbf6306e
- hash: 069592c84a28d25a4e72642029d7e581fd50f6d9d8f40174871fa3cfdef2ef08
- hash: 3e50c3c32df9a2013ff61bd631bbc0c7
- hash: 330eb8209a1df2b02d34178070f0c1e8479c0ce8
- hash: 3a444e7690f35fee4be070d0656bc7f0adab9bdcec798d5af27fc3c93e08f611
- hash: 6139d02679ea2e0785d391c6a68e39eb
- hash: b2e0bae6070f14e0089b4a64d792b1749a765c48
- hash: b50a00929e501313e1973833528b15251bdc410bf43f0328617af7c702096ad8
- hash: 8bb6c66d706aad7e28b16e48fb5371ef
- hash: 9d3fdc90b0ec4e1a111f8f3d4dba0fa038f374a4
- hash: 2590cb433896b545026338c66fe0014959405121ea0cbe7a4765e8b9f60f14d2
- hash: ce3bd9714378aca47c6a0476a0ad8cfc
- hash: 6602b3854b8aee087b60e00df9847333501f2073
- hash: f037617728ed8678d36299cdc98cddecc21e52fbe32f3a04b1e709a676031a30
- hash: f9252b20e2ffbeae05a561e5fdafa136
- hash: f7278f3e3fb1e52265b983f7e9b945002c69f58c
- hash: 14dc2355c1cf16454a7d9d85620b50146f19661ac7da488de2bc5f7e55c173f5
- hash: 7c6f6887658112433c3812f8e3dcd2a7
- hash: 6896f2c2ba3c87c81617652ac4f8864a6928f60b
- hash: 26319845c08cea4e26c57a35308c7307847c693ed4108ecaaa344e8afe666b28
- hash: 3727213bebfb5e6350f0e28b5fb5a43a
- hash: bc1a40df5d28d274bd6d1dfaf1dacea5391ef0c2
- hash: 691939843feb83cbbeb6802fccb8d7ac8e6cbd7f7c676e5a9eb549353691db88
- hash: 19125edc1d7688ba984abfeccf34b93e
- hash: b82ea37bd2be84b88ce005d4d9658497708bb1a8
- hash: de65498751e45e61b367395674e794ccd7e88f14c4661218a095b538ad0bca71
- hash: 338ef5feaa08e3d7adb37e503723962d
- domain: xb19f.1a2e6.ru
- domain: g2p4n8.1a2e6.ru
- domain: u7wq0c9.1a2e6.ru
- domain: n5h2.fox-ab.ru
ThreatFox IOCs for 2025-10-16
0
MediumPublished: Thu Oct 16 2025 (10/16/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-10-16
AI-Powered Analysis
AILast updated: 10/17/2025, 00:29:00 UTC
Technical Analysis
This entry from the ThreatFox MISP feed dated October 16, 2025, provides a set of Indicators of Compromise (IOCs) related to malware activities, specifically categorized under OSINT, network activity, and payload delivery. The data appears to be a collection of threat intelligence rather than a report of a new vulnerability or active exploit. No specific affected software versions or products are listed, and no patches or mitigations are available, indicating that this is not a vulnerability disclosure but rather intelligence sharing. The threat level is rated medium, with a threatLevel of 2 and distribution level of 3, suggesting moderate dissemination but limited immediate impact. The absence of known exploits in the wild and lack of detailed technical indicators imply that this information serves primarily to inform security teams about potential malicious network behaviors and payload delivery methods observed or anticipated. The TLP (Traffic Light Protocol) is white, meaning the information is intended for public sharing and broad dissemination. This type of OSINT feed is valuable for enhancing situational awareness and improving detection capabilities but does not represent an active or critical threat by itself.
Potential Impact
For European organizations, the direct impact of this threat intelligence feed is limited as it does not describe an active exploit or vulnerability. However, the shared IOCs can enhance detection and response capabilities by informing security teams about emerging malware behaviors and network activity patterns. Organizations relying on threat intelligence to tune their security monitoring tools, such as SIEMs and IDS/IPS, can improve their ability to identify and mitigate potential payload delivery attempts. The medium severity rating suggests a moderate risk level, emphasizing the importance of maintaining updated threat intelligence and proactive network monitoring. Failure to integrate such OSINT data could result in delayed detection of malware campaigns or payload delivery mechanisms, potentially leading to data breaches or service disruptions. The lack of patches or direct remediation steps means that impact mitigation relies heavily on operational security measures rather than software fixes.
Mitigation Recommendations
European organizations should prioritize the integration of ThreatFox and similar OSINT feeds into their security operations centers (SOCs) and threat intelligence platforms to enhance early detection of malicious network activity and payload delivery attempts. Implement advanced network monitoring and anomaly detection systems capable of leveraging IOCs for real-time alerts. Regularly update and tune intrusion detection and prevention systems (IDS/IPS) with the latest threat intelligence to identify suspicious traffic patterns. Conduct threat hunting exercises using the provided IOCs to proactively identify potential compromises. Enhance employee awareness and training on recognizing phishing and social engineering tactics that may be used to deliver payloads. Establish robust incident response procedures to quickly contain and remediate detected threats. Collaborate with national and European cybersecurity information sharing organizations to stay informed about evolving threats and mitigation strategies. Since no patches are available, focus on defense-in-depth strategies including network segmentation, endpoint protection, and strict access controls to limit potential attack surfaces.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 6a35d9f1-be19-4bb0-a129-4b26856931a0
- Original Timestamp
- 1760659386
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file196.251.86.238 | zgRAT botnet C2 server (confidence level: 75%) | |
file117.72.214.50 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file193.26.115.160 | Remcos botnet C2 server (confidence level: 100%) | |
file212.192.13.63 | Unknown malware botnet C2 server (confidence level: 100%) | |
file139.224.103.68 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.94.111.194 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file137.74.43.218 | Unknown malware botnet C2 server (confidence level: 100%) | |
file165.232.168.59 | Havoc botnet C2 server (confidence level: 100%) | |
file165.232.168.59 | Havoc botnet C2 server (confidence level: 100%) | |
file43.204.24.54 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file178.16.54.37 | XWorm botnet C2 server (confidence level: 100%) | |
file118.25.91.151 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file151.241.228.128 | Unknown malware botnet C2 server (confidence level: 100%) | |
file190.206.77.147 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file64.227.152.121 | Unknown malware botnet C2 server (confidence level: 100%) | |
file145.132.81.61 | Unknown malware botnet C2 server (confidence level: 100%) | |
file174.138.65.81 | Unknown malware botnet C2 server (confidence level: 100%) | |
file46.101.255.126 | Unknown malware botnet C2 server (confidence level: 100%) | |
file20.98.19.208 | Unknown malware botnet C2 server (confidence level: 100%) | |
file91.107.249.230 | Unknown malware botnet C2 server (confidence level: 100%) | |
file139.226.187.157 | Unknown malware botnet C2 server (confidence level: 100%) | |
file106.52.223.188 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.184.10.69 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.64.67.43 | Unknown malware botnet C2 server (confidence level: 100%) | |
file44.208.44.100 | Unknown malware botnet C2 server (confidence level: 100%) | |
file115.78.4.249 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.236.213.91 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.49.74.123 | Unknown malware botnet C2 server (confidence level: 100%) | |
file101.33.196.11 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.72.132.44 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.72.132.44 | Unknown malware botnet C2 server (confidence level: 100%) | |
file16.171.199.170 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.72.36.155 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.197.201.182 | Unknown malware botnet C2 server (confidence level: 100%) | |
file81.31.208.228 | Remcos botnet C2 server (confidence level: 100%) | |
file45.156.87.176 | Remcos botnet C2 server (confidence level: 100%) | |
file104.140.154.201 | DeimosC2 botnet C2 server (confidence level: 100%) | |
file104.140.154.248 | DeimosC2 botnet C2 server (confidence level: 100%) | |
file104.140.154.77 | DeimosC2 botnet C2 server (confidence level: 100%) | |
file104.140.154.162 | DeimosC2 botnet C2 server (confidence level: 100%) | |
file138.68.170.98 | MimiKatz botnet C2 server (confidence level: 100%) | |
file168.245.200.152 | Meterpreter botnet C2 server (confidence level: 100%) | |
file168.245.200.173 | Meterpreter botnet C2 server (confidence level: 100%) | |
file168.245.200.160 | Meterpreter botnet C2 server (confidence level: 100%) | |
file168.245.200.161 | Meterpreter botnet C2 server (confidence level: 100%) | |
file147.185.221.25 | XWorm botnet C2 server (confidence level: 100%) | |
file83.149.105.251 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file176.65.139.19 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
file172.245.95.61 | Remcos botnet C2 server (confidence level: 50%) | |
file49.13.38.248 | Vidar botnet C2 server (confidence level: 100%) | |
file193.233.254.102 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file195.85.115.163 | Sliver botnet C2 server (confidence level: 100%) | |
file144.124.234.94 | SectopRAT botnet C2 server (confidence level: 100%) | |
file3.80.61.193 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file20.224.119.86 | MimiKatz botnet C2 server (confidence level: 100%) | |
file118.161.0.243 | QakBot botnet C2 server (confidence level: 75%) | |
file48.209.82.191 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file206.123.132.75 | Remcos botnet C2 server (confidence level: 100%) | |
file144.172.93.139 | SectopRAT botnet C2 server (confidence level: 100%) | |
file93.127.141.51 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file45.32.151.206 | Havoc botnet C2 server (confidence level: 100%) | |
file177.198.122.24 | Havoc botnet C2 server (confidence level: 100%) | |
file160.176.103.193 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file120.78.184.114 | DeimosC2 botnet C2 server (confidence level: 100%) | |
file167.71.56.116 | NjRAT botnet C2 server (confidence level: 100%) | |
file104.210.107.111 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file47.238.228.19 | ValleyRAT botnet C2 server (confidence level: 75%) | |
file47.238.228.19 | ValleyRAT botnet C2 server (confidence level: 75%) | |
file106.52.213.241 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file185.222.58.62 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file31.40.204.73 | XWorm botnet C2 server (confidence level: 100%) | |
file43.128.34.181 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file51.210.60.123 | Remcos botnet C2 server (confidence level: 100%) | |
file167.88.45.137 | Sliver botnet C2 server (confidence level: 100%) | |
file104.236.12.182 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file104.248.248.13 | Unknown malware botnet C2 server (confidence level: 100%) | |
file200.100.117.119 | Venom RAT botnet C2 server (confidence level: 100%) | |
file104.194.152.6 | DCRat botnet C2 server (confidence level: 100%) | |
file212.34.152.148 | DeimosC2 botnet C2 server (confidence level: 100%) | |
file176.46.141.7 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file206.123.150.79 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file201.213.90.96 | XWorm botnet C2 server (confidence level: 100%) | |
file147.185.221.180 | XWorm botnet C2 server (confidence level: 100%) | |
file82.21.151.21 | XWorm botnet C2 server (confidence level: 100%) | |
file154.198.50.152 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file154.198.50.152 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file172.94.36.171 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file188.4.51.113 | QakBot botnet C2 server (confidence level: 75%) | |
file45.249.89.204 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.83.31.52 | Remcos botnet C2 server (confidence level: 100%) | |
file54.46.8.105 | Unknown malware botnet C2 server (confidence level: 100%) | |
file4.240.115.246 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file181.162.177.106 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file64.7.199.190 | DCRat botnet C2 server (confidence level: 100%) | |
file165.227.185.193 | Unknown malware botnet C2 server (confidence level: 100%) | |
file80.78.24.66 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file34.245.162.95 | Meterpreter botnet C2 server (confidence level: 100%) | |
file45.143.203.31 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file47.129.2.130 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash56001 | zgRAT botnet C2 server (confidence level: 75%) | |
hash6000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash6005 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash19601 | XWorm botnet C2 server (confidence level: 100%) | |
hash8084 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash13333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2086 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8200 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2600 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash12345 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3389 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash30107 | DeimosC2 botnet C2 server (confidence level: 100%) | |
hash30195 | DeimosC2 botnet C2 server (confidence level: 100%) | |
hash30086 | DeimosC2 botnet C2 server (confidence level: 100%) | |
hash30086 | DeimosC2 botnet C2 server (confidence level: 100%) | |
hash80 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash52256 | XWorm botnet C2 server (confidence level: 100%) | |
hash55615 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash5888 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 50%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash26616 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash1337 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash3d37edeb86f1be3abbab989e2419667655281e27caa67ff26e7a4f64237ef891 | Unknown Stealer payload (confidence level: 100%) | |
hash65036efbb6befc29d27ef1ab26344428 | Unknown Stealer payload (confidence level: 100%) | |
hash8808 | Remcos botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8081 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 100%) | |
hash22764 | NjRAT botnet C2 server (confidence level: 100%) | |
hash4444 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash80 | ValleyRAT botnet C2 server (confidence level: 75%) | |
hash443 | ValleyRAT botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash55615 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash1414 | XWorm botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash7000 | DCRat botnet C2 server (confidence level: 100%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash4785 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash6001 | XWorm botnet C2 server (confidence level: 100%) | |
hash30787 | XWorm botnet C2 server (confidence level: 100%) | |
hash6000 | XWorm botnet C2 server (confidence level: 100%) | |
hash82 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash81 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8081 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5000 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8090 | DCRat botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4321 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash443 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash108814bbc9e12fc6407258ae1330f5cf189b9a48 | Nanocore RAT payload (confidence level: 95%) | |
hashac7c3c0c3906c4d93e34b91fa34941277f044ac26d037c113c9756a4f18619dd | Nanocore RAT payload (confidence level: 95%) | |
hashd93fc3df442b53a288ba0a379f542a66 | Nanocore RAT payload (confidence level: 95%) | |
hash12e00cf3e7398108497f6c4456eaafc71e0ea178 | Agent Tesla payload (confidence level: 95%) | |
hash436c3122ade820817ca6b87ae7b69a45f68df50af5bb193acace508e78904283 | Agent Tesla payload (confidence level: 95%) | |
hash46b86269771272c888d31f6782ae3797 | Agent Tesla payload (confidence level: 95%) | |
hash5eacba2d117350cd3795b5007e8a04ef8366894f | XWorm payload (confidence level: 95%) | |
hash5228cdea84a04c9047fd321efcde0b729a7b2fb036328f8c68c4379ea50c9f9a | XWorm payload (confidence level: 95%) | |
hash5e8c000f5f5edc2a912d7f14a963182b | XWorm payload (confidence level: 95%) | |
hash5dd1dee32ad8d7a5071f2b46d1de23c1741c4f13 | DCRat payload (confidence level: 95%) | |
hashcc8b36869573edd15c9863d8ade4001e26b8f9c47500eaaff6305a817d08a7a0 | DCRat payload (confidence level: 95%) | |
hash0a3e336274413e80a196f741e1047235 | DCRat payload (confidence level: 95%) | |
hashf028abc1fcdb94983a39564f2fc6d4c7434ab744 | Rhadamanthys payload (confidence level: 95%) | |
hash0083fba18d14e112038f6df41272c44272b7c6fbe7c9c2c268febc3c7789dbe6 | Rhadamanthys payload (confidence level: 95%) | |
hashfd3f5b127176fd2188f133698db001ae | Rhadamanthys payload (confidence level: 95%) | |
hash7007cde3c2c462944f507ed97928f4e839101eba | XWorm payload (confidence level: 95%) | |
hash0f425d11e80b7cf493fb42d4f4866efb68169d3c5b1a90af93ceef9a82649b5f | XWorm payload (confidence level: 95%) | |
hash85f0ea9def98e6c12fe28cef29d5b811 | XWorm payload (confidence level: 95%) | |
hashb220f4e32b88d2d09bc060ca4575c2318798d110 | Coinminer payload (confidence level: 95%) | |
hash9e81f9b5a4ed550dadcecc1b0f4589b9e4f2ad303d02e5fed8d4d1760cadd920 | Coinminer payload (confidence level: 95%) | |
hashd662390e9a866eaed2c7022480196d8b | Coinminer payload (confidence level: 95%) | |
hash27a91cef6a1dc5803ca00bc009ca87cd0e74d238 | Agent Tesla payload (confidence level: 95%) | |
hash75ba14c0254588c27d862670f629532199b81ecf20150112dbe659e61733280e | Agent Tesla payload (confidence level: 95%) | |
hash13145d947cbdbdfcff724b5395794b5f | Agent Tesla payload (confidence level: 95%) | |
hash53f369d9386a14ecd3e2f858c2230790707fe202 | Nanocore RAT payload (confidence level: 95%) | |
hash480a1166729945af333cf8a6f5d51a4ed13ac5e4af1487ecea6e87f7aefbf656 | Nanocore RAT payload (confidence level: 95%) | |
hash2763117a8af85fdbe1edbb69e5efcacd | Nanocore RAT payload (confidence level: 95%) | |
hashcfdcce9aab57974cdf38f4ce62fbfac7acea7831 | Amadey payload (confidence level: 95%) | |
hashb2355473685b7e687fe35cc7ff24ed873bc22f1252817c9ca5048c0891927d41 | Amadey payload (confidence level: 95%) | |
hash757e8ba796916d8b9593c24261de77af | Amadey payload (confidence level: 95%) | |
hash70d8cc85d229f585b95dc24961e123bb0046e6b4 | Rhadamanthys payload (confidence level: 95%) | |
hash7b109b5badd42b94158440df4d60d14a8ee5b8c4c983fc5c44469b9dbbe7f535 | Rhadamanthys payload (confidence level: 95%) | |
hashd24aec5c7ac8ce9f8fe10d827f4725ca | Rhadamanthys payload (confidence level: 95%) | |
hashfb2468b5b40e518d363c4437a4088c64a2b4c455 | Rhadamanthys payload (confidence level: 95%) | |
hash2987f4fa6a5be4dcf6e9537caffbf55fb1459479ed7bcb973e9065530601862f | Rhadamanthys payload (confidence level: 95%) | |
hash79950e360050f791f24fe2b8fc970f4c | Rhadamanthys payload (confidence level: 95%) | |
hash8d5f01cffb09402b20ddf9d7e319600d64f401a2 | RedLine Stealer payload (confidence level: 95%) | |
hash542e8f77c3f157b6985c9cd3ae840b394b19903b6261c1d6bdb5f6b403f778c9 | RedLine Stealer payload (confidence level: 95%) | |
hash19c2364d3999a9cdc031be47764396ae | RedLine Stealer payload (confidence level: 95%) | |
hash48707b1abb042ef13111eb404ea361f192fcc07a | Formbook payload (confidence level: 95%) | |
hash402bcd858e3bd3174fd8f5dd10538c5566dd83f083f81727d0d0162ead86d133 | Formbook payload (confidence level: 95%) | |
hash8097f8655e3e3a5d2009f7f53c86c81e | Formbook payload (confidence level: 95%) | |
hash9fb8c7c1bf62f1f547942fac86698b390079b370 | SalatStealer payload (confidence level: 95%) | |
hashf18e085853ab6f46981f3627a81788397ce1bf7f30900ab8d86e524570638e8b | SalatStealer payload (confidence level: 95%) | |
hash938f82a543f7638a0a2693ea94d00937 | SalatStealer payload (confidence level: 95%) | |
hash1b0fd3e933fbb4a0475a718f41663a52e5d3010d | Formbook payload (confidence level: 95%) | |
hash34e430a853791744d1c0ee90c71c515c8713e10bd82a0037db6380b11404a8c7 | Formbook payload (confidence level: 95%) | |
hash894af96679aa3fb941b7aff37fa7e015 | Formbook payload (confidence level: 95%) | |
hash52666ff4c2de0b692f4d2fb33c47278540884858 | Formbook payload (confidence level: 95%) | |
hashfb91ced75e9fc620d4a44b82cbaff8f6e0e44b3315b4a73d2cfbdc70b838e64d | Formbook payload (confidence level: 95%) | |
hash556df0640e4afcc9394a198a6c609c2e | Formbook payload (confidence level: 95%) | |
hasheb5eab442639a7a9ce2e76dca087e384c2034406 | Loki Password Stealer (PWS) payload (confidence level: 95%) | |
hash3abce3ec21be7d5fd6d151a46920c1051a680a2c7a4900737545b62887d890b1 | Loki Password Stealer (PWS) payload (confidence level: 95%) | |
hash1445f8301e744477d16cd93b8b0f0dca | Loki Password Stealer (PWS) payload (confidence level: 95%) | |
hashc13dfb9ecc1091276557cdc443810de4bf09ce30 | Formbook payload (confidence level: 95%) | |
hashc17506b0694c3a922f9abce5cbdaad4d314108b37e9677d8a14c5733f65876a1 | Formbook payload (confidence level: 95%) | |
hash2b65dd0d7ee9ea1bdb466ae837c53634 | Formbook payload (confidence level: 95%) | |
hashb2f6b17a35b5c7bbf6b195ce93154153a5c11b4f | Formbook payload (confidence level: 95%) | |
hash2ff344becdeeebaf41aa09b6c11de9b38a143243c3a1ec6e499a2e38cc4c191a | Formbook payload (confidence level: 95%) | |
hashc7132f76df0eee7b237efb9fcedc603b | Formbook payload (confidence level: 95%) | |
hash8aacc50aa7a19b90a935435a9bdcd93927299372 | Formbook payload (confidence level: 95%) | |
hashe6edaae46cf8ac9b9c474e59a8f5f7d1075460c6217375459b7b3a7fffa7308b | Formbook payload (confidence level: 95%) | |
hashb9dae38670a5128e4e4c3c57b2f9e9d1 | Formbook payload (confidence level: 95%) | |
hasha803fa85b84e363604975a5682b279a69739a78e | Stealc payload (confidence level: 95%) | |
hash6fbaa2637e7c8773695dcf07a85dc830112da3d8dab5dbe277dfa96111470920 | Stealc payload (confidence level: 95%) | |
hash6f8351ff0adfd7b724bf34cab7c6052b | Stealc payload (confidence level: 95%) | |
hash138f70433304071dc3a2d20150b34eb671430ac7 | StrelaStealer payload (confidence level: 95%) | |
hashcb9ba3a03cf1dda609a83556cc83f5a1720fe8dd6c215e2cbb68347ddcd1703b | StrelaStealer payload (confidence level: 95%) | |
hashdd9957fc0e51970b04b72421a4b61b5a | StrelaStealer payload (confidence level: 95%) | |
hashe37c80e9cc7b1957f97a013586c6f441487b76be | MASS Logger payload (confidence level: 95%) | |
hash75cafbb326bf7b79d7f84be7a767500d08bd5af878d5ecf2507823e5af455387 | MASS Logger payload (confidence level: 95%) | |
hashf774d36231330d3e4728b9db02f841fb | MASS Logger payload (confidence level: 95%) | |
hash43579cf5e680aeecb72d6b6934d2b93ac935302c | Formbook payload (confidence level: 95%) | |
hash9471113f122f0c1a515558bbf07c246c508ef897450ab9edc8bcda3ee7d8cd54 | Formbook payload (confidence level: 95%) | |
hash79671b2ba9cc12db4b8b044c6eabfdbc | Formbook payload (confidence level: 95%) | |
hash627eec15e237971dcc38b7f43c3a35ce6c0db87d | Agent Tesla payload (confidence level: 95%) | |
hashd8e23165183fec3c7ea6c15911586ea9dcbe553873f094ac2667d93bfe0487c8 | Agent Tesla payload (confidence level: 95%) | |
hashe1028d0c6d92fd673925b24bff4a475a | Agent Tesla payload (confidence level: 95%) | |
hash9c2a31edcc4627853b053e6d643c20bb1fb9923b | MASS Logger payload (confidence level: 95%) | |
hash179f1a49855232d45cc76cc65c6aef30acd3f08a4b52171b9ef01b940ff9fd91 | MASS Logger payload (confidence level: 95%) | |
hash85ffda885b39ee99407850c87fb9e9c6 | MASS Logger payload (confidence level: 95%) | |
hash46ab53ded1b330a01c43173d387ef11e0c4745cc | Rhadamanthys payload (confidence level: 95%) | |
hash8e5cf26558db5868c159ab2542892508e961e9a029215744139d680c69a69310 | Rhadamanthys payload (confidence level: 95%) | |
hash904acfffa8aff2cfa0e08d25ef61c01f | Rhadamanthys payload (confidence level: 95%) | |
hash0c985dd76a4d39d7dcdbc4485f9144d469a74985 | Rhadamanthys payload (confidence level: 95%) | |
hashce976c0aafc5d4ab4ab7387b8b1f8eaa09793aaa37dfe227e9e701a7a6829dfb | Rhadamanthys payload (confidence level: 95%) | |
hash8a09b8060ffc2b2067d0ec87a8aaac1c | Rhadamanthys payload (confidence level: 95%) | |
hash1d261cafc45352a6fa08a598080e92f0a1ec4832 | AsyncRAT payload (confidence level: 95%) | |
hash5fff8aaa7eda49e0c339f8a415f158d840f22344849f294fde8cbbd2fa00b8f3 | AsyncRAT payload (confidence level: 95%) | |
hasha48b850b6c45e196beb6c6eaf6e14eff | AsyncRAT payload (confidence level: 95%) | |
hashca0f772b2c550dd65c152ed01adb29264104e260 | AsyncRAT payload (confidence level: 95%) | |
hash7d7db8dde2d6ebc5edbb5284336a3dd99f75e86952ba616f7d693d9a221c4b4d | AsyncRAT payload (confidence level: 95%) | |
hashd8d6d91e09709cee2e18625699ec602e | AsyncRAT payload (confidence level: 95%) | |
hashd9ff550bb5f27adf62a6463ec5b71fc72d311acc | MASS Logger payload (confidence level: 95%) | |
hashb49c460684206f8ec79fed0540de717ad4349ad9b5a36cc8c1980a1b053509fb | MASS Logger payload (confidence level: 95%) | |
hashdc5bda3b126ca6645dbd9da9510cf384 | MASS Logger payload (confidence level: 95%) | |
hashec5d9023ae467962fe29a8d353077d1ffe0275b2 | SalatStealer payload (confidence level: 95%) | |
hashfba38ea40fbcb2778b5fa65767864d88bef91b155f9b815d6767c10a54f38590 | SalatStealer payload (confidence level: 95%) | |
hashf6b6d7af9c3ae30e234ee8a80d53220a | SalatStealer payload (confidence level: 95%) | |
hash723c49c4a520096d30886109add312f83ab9e000 | Agent Tesla payload (confidence level: 95%) | |
hashed352314c388c87a7c282d5ae1205f5e5669e49d5e0fc8390369fbd49f3bea83 | Agent Tesla payload (confidence level: 95%) | |
hash124f9b6b23e184f38acd4d4867130db8 | Agent Tesla payload (confidence level: 95%) | |
hash74e48371497a74cb3ff114743553674d75c3d71f | AsyncRAT payload (confidence level: 95%) | |
hashb11fb600cefba3bae661b14d1f68d0417f05befbff494d670ff06d633869b578 | AsyncRAT payload (confidence level: 95%) | |
hash0e60ffa9b5c990987cfae0ca0dd88b41 | AsyncRAT payload (confidence level: 95%) | |
hashfcfc04dcf0d722a191b2310b95c114a30ecee204 | Formbook payload (confidence level: 95%) | |
hash6b4b450c88139337f46886a101eb5953b60c397e0d66ae72e85e7e2ab7c5e623 | Formbook payload (confidence level: 95%) | |
hashcc1220aa3dbca7fcb2db3122f51b74c3 | Formbook payload (confidence level: 95%) | |
hash80c6e3b9c6b034c42b9d4e7128cb1b89286aac0e | troystealer payload (confidence level: 95%) | |
hashe588922522da755d7b2eee7fb8956fb836923a791c880129c2141171028b0ebc | troystealer payload (confidence level: 95%) | |
hashb9c5da4dc8280de5fae7b7278e76523f | troystealer payload (confidence level: 95%) | |
hash4d7a81b0bc38cac442f80c81a3ff3de1beef3159 | AsyncRAT payload (confidence level: 95%) | |
hash44cbb9ba318ddc687dca3e0dfeba30db5469d50c9bbdbbfb5888efdd9889439e | AsyncRAT payload (confidence level: 95%) | |
hash9edf2ea67490be79d8b2913d6e5887ac | AsyncRAT payload (confidence level: 95%) | |
hash0761b45472b5a8f0c7f63e46193257ac699f4fca | UFR Stealer payload (confidence level: 95%) | |
hash89767e722a70a5de2edebf2c9440cac32b37a0e16a51a99a5de3cf568b0bcfe8 | UFR Stealer payload (confidence level: 95%) | |
hash56420977b897ab1c95dc1c58e7404b55 | UFR Stealer payload (confidence level: 95%) | |
hash1c0bf5e822fbc8e1b5b65822bfa6fea3c169c365 | UFR Stealer payload (confidence level: 95%) | |
hash5a4eaf32d0659b7901cf0c8414447abf7729f191ee9117afdabbb67d10367f27 | UFR Stealer payload (confidence level: 95%) | |
hash41d85a23571e09d57856ccf8706e87a8 | UFR Stealer payload (confidence level: 95%) | |
hash2147c54b1cf927951914d453b8bc42f462a9bd42 | Coinminer payload (confidence level: 95%) | |
hash4836bae2f9cdf49ec6d34cd1b85aee2a16de879e29ff172c45c26acc6f5721af | Coinminer payload (confidence level: 95%) | |
hashf3f3782ee06fa1f34a44915ef00e8b94 | Coinminer payload (confidence level: 95%) | |
hash51af9ad52cde4bb1f6530a3749156e3cfb9c02ae | DBatLoader payload (confidence level: 95%) | |
hash915bbdf3cf472b1eb3ce2e4a3859214867cd885899b7c26bc13561709e122920 | DBatLoader payload (confidence level: 95%) | |
hash0130d4e45a1234b1f577ed02de66b53c | DBatLoader payload (confidence level: 95%) | |
hashc40ca96bb4606ee5e6b74cd52599f19a5b538575 | Formbook payload (confidence level: 95%) | |
hasha78c1bc27095dd60e16a9a2ad62a7cc60f3d819269a575443fd6b533fe86ad0c | Formbook payload (confidence level: 95%) | |
hash9822ffcf2379ff1a1003cc2951143b04 | Formbook payload (confidence level: 95%) | |
hash0f4846dd9fdb8c54319f3bcddf5c99c35c8dadb1 | Agent Tesla payload (confidence level: 95%) | |
hash871c2de65268673b5d5de3692a408925789846bf58988e8298ea88cbd803d1ed | Agent Tesla payload (confidence level: 95%) | |
hash2ac4079bb6288b5e32394ea50648b904 | Agent Tesla payload (confidence level: 95%) | |
hash220dcb464d0d2f6c6cc5c7f853d11c695f456e61 | AsyncRAT payload (confidence level: 95%) | |
hash0fe9f112bd5710b6c24c763df4e017419f1d5e972454fa2675218a96b33388f6 | AsyncRAT payload (confidence level: 95%) | |
hashd8cfa8cbf580078acd6a10c3e9fcb1c5 | AsyncRAT payload (confidence level: 95%) | |
hashab51bfd017ee3c330ba1cedc9ae15baefbf6306e | StormKittyRAT payload (confidence level: 95%) | |
hash069592c84a28d25a4e72642029d7e581fd50f6d9d8f40174871fa3cfdef2ef08 | StormKittyRAT payload (confidence level: 95%) | |
hash3e50c3c32df9a2013ff61bd631bbc0c7 | StormKittyRAT payload (confidence level: 95%) | |
hash330eb8209a1df2b02d34178070f0c1e8479c0ce8 | XWorm payload (confidence level: 95%) | |
hash3a444e7690f35fee4be070d0656bc7f0adab9bdcec798d5af27fc3c93e08f611 | XWorm payload (confidence level: 95%) | |
hash6139d02679ea2e0785d391c6a68e39eb | XWorm payload (confidence level: 95%) | |
hashb2e0bae6070f14e0089b4a64d792b1749a765c48 | KrakenKeylogger payload (confidence level: 95%) | |
hashb50a00929e501313e1973833528b15251bdc410bf43f0328617af7c702096ad8 | KrakenKeylogger payload (confidence level: 95%) | |
hash8bb6c66d706aad7e28b16e48fb5371ef | KrakenKeylogger payload (confidence level: 95%) | |
hash9d3fdc90b0ec4e1a111f8f3d4dba0fa038f374a4 | HijackLoader payload (confidence level: 95%) | |
hash2590cb433896b545026338c66fe0014959405121ea0cbe7a4765e8b9f60f14d2 | HijackLoader payload (confidence level: 95%) | |
hashce3bd9714378aca47c6a0476a0ad8cfc | HijackLoader payload (confidence level: 95%) | |
hash6602b3854b8aee087b60e00df9847333501f2073 | Arkei Stealer payload (confidence level: 95%) | |
hashf037617728ed8678d36299cdc98cddecc21e52fbe32f3a04b1e709a676031a30 | Arkei Stealer payload (confidence level: 95%) | |
hashf9252b20e2ffbeae05a561e5fdafa136 | Arkei Stealer payload (confidence level: 95%) | |
hashf7278f3e3fb1e52265b983f7e9b945002c69f58c | DarkTortilla payload (confidence level: 95%) | |
hash14dc2355c1cf16454a7d9d85620b50146f19661ac7da488de2bc5f7e55c173f5 | DarkTortilla payload (confidence level: 95%) | |
hash7c6f6887658112433c3812f8e3dcd2a7 | DarkTortilla payload (confidence level: 95%) | |
hash6896f2c2ba3c87c81617652ac4f8864a6928f60b | DarkTortilla payload (confidence level: 95%) | |
hash26319845c08cea4e26c57a35308c7307847c693ed4108ecaaa344e8afe666b28 | DarkTortilla payload (confidence level: 95%) | |
hash3727213bebfb5e6350f0e28b5fb5a43a | DarkTortilla payload (confidence level: 95%) | |
hashbc1a40df5d28d274bd6d1dfaf1dacea5391ef0c2 | DarkTortilla payload (confidence level: 95%) | |
hash691939843feb83cbbeb6802fccb8d7ac8e6cbd7f7c676e5a9eb549353691db88 | DarkTortilla payload (confidence level: 95%) | |
hash19125edc1d7688ba984abfeccf34b93e | DarkTortilla payload (confidence level: 95%) | |
hashb82ea37bd2be84b88ce005d4d9658497708bb1a8 | DarkTortilla payload (confidence level: 95%) | |
hashde65498751e45e61b367395674e794ccd7e88f14c4661218a095b538ad0bca71 | DarkTortilla payload (confidence level: 95%) | |
hash338ef5feaa08e3d7adb37e503723962d | DarkTortilla payload (confidence level: 95%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://176.46.141.5/gateway/4hl0nqt9.0rlra | Rhadamanthys botnet C2 (confidence level: 100%) | |
urlhttp://78.90.248.149:2862/.i | Unknown malware payload delivery URL (confidence level: 75%) | |
urlhttp://198.251.84.9 | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://107.189.17.242/7a86d8aa76374f16.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttps://p.d.myolt.my.id/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://p.d.compuegypt.net/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://pastebin.com/ynmkkhlr | Coinminer payload delivery URL (confidence level: 100%) | |
urlhttps://pastebin.com/raw/ynmkkhlr | Coinminer payload delivery URL (confidence level: 100%) | |
urlhttps://gitlab.com/bebra81/bebraprime/-/raw/main/cheatupd.exe | Umbral payload delivery URL (confidence level: 100%) | |
urlhttps://gitlab.com/bebra81/bebraprime/-/raw/main/bypasserupd.exe | Coinminer payload delivery URL (confidence level: 100%) | |
urlhttp://www.copent.net/black/coded/logs/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://mnbvcxz.biz/angel/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttps://mnbvcxz.biz/angel/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttps://websalat.top/sa1at/ | SalatStealer botnet C2 (confidence level: 100%) | |
urlhttps://pcdcinc.com/6n7n.js | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttps://pcdcinc.com/js.php | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttp://a1178792.xsph.ru/2de49632.php | DCRat botnet C2 (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainwww.slickwebads.com | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainb.4y2o5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainq1n.4y2o5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaina.1o6y4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainn3.1o6y4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzc.1o6y4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaint1.1o6y4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainx.1o6y4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainh7.1o6y4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainp9.1o6y4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaing.5e7i0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainq4.5e7i0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbd.5e7i0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainz1.5e7i0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintq.5e7i0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainh9.5e7i0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainx8n.5e7i0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainember.wqix-5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainvelvet.wqix-5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbrisk.wqix-5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwillow.wqix-5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainquartz.wqix-5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhazel.wqix-5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainflint.wqix-5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmeadow.wduh-8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincobalt.wduh-8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainraven.wduh-8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmaple.wduh-8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainonyx.wduh-8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainplume.wduh-8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsprout.wduh-8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpepper.wtok-2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainginger.wtok-2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsaffron.wtok-2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwalnut.wtok-2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainacorn.wtok-2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainadigo.ydns.eu | Remcos botnet C2 domain (confidence level: 100%) | |
domainfteamez7iurs02.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainalemania2059.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainuserbot.uswin.com.tr | NjRAT botnet C2 domain (confidence level: 100%) | |
domainbreeze.wtok-2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincoorpfree.duckdns.org | DCRat botnet C2 domain (confidence level: 50%) | |
domainv1.moroccancam.com | DCRat botnet C2 domain (confidence level: 50%) | |
domainv2.moroccancam.com | DCRat botnet C2 domain (confidence level: 50%) | |
domainwowow422421xs.dynuddns.com | DCRat botnet C2 domain (confidence level: 50%) | |
domainangelkingsdidthebestfeelingforhislifetog.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainwww.medicoolpart.com | Remcos botnet C2 domain (confidence level: 50%) | |
domainzsew.pics | Remcos botnet C2 domain (confidence level: 50%) | |
domainivory.wtok-2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjungle.bqet-3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsable.mcej-9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintopaz.mcej-9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainp.d.myolt.my.id | Vidar botnet C2 domain (confidence level: 100%) | |
domainp.d.compuegypt.net | Vidar botnet C2 domain (confidence level: 100%) | |
domainbookgiants.info | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domaineggscoach.info | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domaincubmilk.xyz | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domainultra.mcej-9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainverge.mcej-9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzephyr.mcej-9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbral.grupovargas.xyz | Unknown malware payload delivery domain (confidence level: 100%) | |
domainmd.grupflixca.pro | Unknown malware payload delivery domain (confidence level: 100%) | |
domaincont.appsalve.click | Unknown malware payload delivery domain (confidence level: 100%) | |
domaincfg.brasilinst.site | Unknown malware payload delivery domain (confidence level: 100%) | |
domainyonder.mcej-9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainazure.mcej-9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainone.gdyl-2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincar.gdyl-2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainback.gdyl-2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintwelve.gdyl-2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindock.gdyl-2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainslash.gdyl-2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindog.gdyl-2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfast.rjuq-3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainforward.rjuq-3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainglue.rjuq-3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwar.rjuq-3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainultimate.rjuq-3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfour.rjuq-3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainblack.rjuq-3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainheaven.nqyf-7.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwhite.nqyf-7.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingold.nqyf-7.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmoney.nqyf-7.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrisk.nqyf-7.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkimono.nqyf-7.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqd.nqyf-7.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincloud.bvuf-2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbridge.8u2a9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpath.4i1e2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkz8m.te7ap.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainfire.bvuf-2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaint1qh.te7ap.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainwater.4i1e2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainstevenfromcoinbase.fk3.su | Aisuru botnet C2 domain (confidence level: 100%) | |
domainrain.4i1e2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainvr4x.te7ap.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainreturn-carol.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainthursday-cabinet.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainagulo22.ydns.eu | Remcos botnet C2 domain (confidence level: 100%) | |
domainview-creates.gl.at.ply.gg | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainkids-peer.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaindesign-plasma.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainlate-lil.at.ply.gg | NjRAT botnet C2 domain (confidence level: 100%) | |
domain12.895628.xyz | ValleyRAT botnet C2 domain (confidence level: 100%) | |
domainwargvan.duckdns.org | Nanocore RAT botnet C2 domain (confidence level: 100%) | |
domainleaf.4i1e2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwolf.8u2a9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm0yl.te7ap.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainstone.4i1e2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainstorm.bvuf-2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc7qv.te7ap.online | ClearFake payload delivery domain (confidence level: 100%) | |
domaindow.895628.xyz | ValleyRAT botnet C2 domain (confidence level: 100%) | |
domainforest.4i1e2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincloud.8u2a9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainq4xn.te7ap.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainsun.8u2a9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainapple.bvuf-2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpcdcinc.com | KongTuke payload delivery domain (confidence level: 100%) | |
domainapp.futurarealestate.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domaincommunity.veranobuilders.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domaindevel.prtaxheaven.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainkuber.futurarealestate.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainplesk.puertoricolsla.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainsecure.destinationgallery.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainstream.escapesvacationclub.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainsupport.prtaxheaven.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainforest.bvuf-2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhd3n.fi7em.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainapple.8u2a9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintree.bvuf-2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainxq74.fi7em.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainz2.bid-5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb5uk.fi7em.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainw8v.bid-5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain3r.bid-5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainp3za.fi7em.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainfilestore.space | Unknown malware payload delivery domain (confidence level: 100%) | |
domainsecurestore.cv | Unknown malware payload delivery domain (confidence level: 100%) | |
domain9t4.wir-2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainu7j.wir-2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmodgovindia.space | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainmodindia.serveminecraft.net | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainseemysitelive.store | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainsolarwindturbine.site | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainsinjita.store | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainsinjita.space | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainseeconnectionalive.website | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainwindturbine.website | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainkavach.space | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaindiscoverlive.site | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainzn8c.fi7em.online | ClearFake payload delivery domain (confidence level: 100%) | |
domaint9k.wir-2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain932.wir-2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainy1dk.fi7em.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainmv.wir-2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainf6rx.ko0um.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainbook.1a2e6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainleaf.8y7o4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfire.8y7o4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainw9pl.ko0um.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainstone.vbep-3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainstone.ndoq-0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlt7d.ko0um.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainwave.ndoq-0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincloud.8y7o4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainr2vy.ko0um.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainboat.ndoq-0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlight.vbep-3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaing0qm.ko0um.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainrice.1a2e6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainakuruonka.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainapple.8y7o4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainstar.ndoq-0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwolf.vbep-3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwave.1a2e6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhill.ndoq-0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsea.1a2e6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfire.4y3e4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbear.1a2e6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbook.8y7o4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainstar.vbep-3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainice.vbep-3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain6416516876.ndoq-0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaing46dfgdf65h.8y7o4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrice.vbep-3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaine79sx2bnqwew6.cfc-execute.bj.baidubce.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainro4646623165ck.ndoq-0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainquee54949646642n.8y7o4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain13586721moon.1a2e6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintree.4y3e4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainns1.gygiuh.online | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaincat.1a2e6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhill.vbep-3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainq3kz.1a2e6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaind7mta.1a2e6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainxb19f.1a2e6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaing2p4n8.1a2e6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainu7wq0c9.1a2e6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainn5h2.fox-ab.ru | ClearFake payload delivery domain (confidence level: 100%) |
Threat ID: 68f18a389f8a5dbaea422005
Added to database: 10/17/2025, 12:13:44 AM
Last enriched: 10/17/2025, 12:29:00 AM
Last updated: 10/17/2025, 7:50:13 PM
Views: 33
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
Malicious package with AdaptixC2 framework agent found in npm registry
MediumMalwareFri Oct 17 2025
CAPI Backdoor: .NET Stealer Targeting Russian Auto-Commerce
MediumMalwareFri Oct 17 2025
Malicious Perplexity Comet Browser Download Ads Push Password Stealer Via Google Search
MediumMalwareFri Oct 17 2025
Ransomware attacks and how victims respond
MediumMalwareFri Oct 17 2025
North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts
MediumMalwareFri Oct 17 2025
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.