Reconnecting to live updates…
ThreatFox IOCs for 2025-10-29
Severity: mediumType: malware
ThreatFox IOCs for 2025-10-29
AI Analysis
Technical Summary
The entry titled 'ThreatFox IOCs for 2025-10-29' is a feed update from the ThreatFox MISP platform, which provides Indicators of Compromise related to malware, specifically focusing on OSINT (Open Source Intelligence), network activity, and payload delivery. The data lacks specific affected software versions or products, and no known exploits are reported in the wild. The threat level is rated medium, with a threatLevel value of 2 on an unspecified scale, and limited analysis and distribution metrics. There are no CWE identifiers, no patches available, and no detailed technical indicators such as IP addresses, hashes, or domains included. The tags and categories suggest this is an intelligence feed item intended to inform security teams about potential network-based malware activity and payload delivery mechanisms observed or anticipated. The absence of concrete technical details or actionable indicators implies this is a general update rather than a targeted or emergent threat. The information is marked with TLP:white, indicating it is intended for wide distribution and sharing. Given the nature of the data, it serves primarily as a situational awareness tool for security operations centers and threat intelligence analysts to incorporate into their broader monitoring frameworks.
Potential Impact
The potential impact of this threat on European organizations is limited due to the lack of specific exploit details, affected products, or active campaigns. Since no known exploits are in the wild and no patches or vulnerabilities are identified, the immediate risk to confidentiality, integrity, or availability is low. However, the presence of malware-related IOCs related to network activity and payload delivery suggests that organizations should remain vigilant against possible future attacks leveraging similar tactics. European entities that rely heavily on OSINT and network monitoring may benefit from integrating these IOCs into their detection systems to enhance early warning capabilities. The medium severity rating reflects a moderate concern, primarily from a threat intelligence perspective rather than an active exploitation standpoint. Overall, the impact is more about preparedness and situational awareness than direct operational disruption or data compromise at this stage.
Mitigation Recommendations
1. Integrate the provided ThreatFox IOCs into existing Security Information and Event Management (SIEM) and threat intelligence platforms to enhance detection capabilities. 2. Maintain up-to-date network monitoring and anomaly detection systems to identify unusual payload delivery or network activity patterns. 3. Conduct regular threat hunting exercises using OSINT feeds to proactively identify potential indicators related to this or similar threats. 4. Ensure robust segmentation and least privilege principles in network architecture to limit potential malware spread if payload delivery attempts occur. 5. Educate security teams on the importance of incorporating OSINT-derived IOCs into daily operations for improved situational awareness. 6. Continuously monitor ThreatFox and other reputable threat intelligence sources for updates or new indicators that may provide more actionable information. 7. Since no patches are available, focus on detection and response capabilities rather than remediation of vulnerabilities. 8. Collaborate with European CERTs and information sharing communities to exchange intelligence and best practices related to emerging malware threats.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain
Indicators of Compromise
- file: 104.21.37.230
- hash: 8080
- domain: azure.m365.1drive.zip
- domain: www.accounts.m365.1drive.zip
- file: 108.181.115.243
- hash: 80
- file: 198.252.109.34
- hash: 80
- file: 59.110.29.198
- hash: 60000
- file: 101.42.187.238
- hash: 3333
- file: 167.172.182.247
- hash: 443
- file: 51.77.220.174
- hash: 3333
- file: 5.188.29.124
- hash: 8735
- file: 137.184.118.154
- hash: 9999
- file: 213.199.38.144
- hash: 3333
- file: 144.124.240.154
- hash: 443
- file: 103.101.225.22
- hash: 3333
- file: 109.236.89.41
- hash: 54333
- file: 178.157.62.249
- hash: 443
- file: 196.75.60.36
- hash: 2222
- file: 103.253.147.9
- hash: 3790
- file: 172.104.242.220
- hash: 8080
- domain: onyx.do-k-3.ru
- domain: hot.x2lu.ru
- domain: rum.da5v.ru
- domain: m4qy.7l-0b.ru
- domain: fin.je9r.ru
- domain: v9tc.7l-0b.ru
- domain: sage.do-k-3.ru
- domain: pit.n4ym.ru
- url: http://23.94.145.109/mbjdf8dsh/index.php
- domain: ant.vo3n.ru
- domain: s1ne.do-k-3.ru
- domain: pop.k8li.ru
- domain: d1hs.7l-0b.ru
- domain: nag.m4ze.ru
- domain: k7w.7l-0b.ru
- domain: dud.tu7q.ru
- domain: r2px.7l-0b.ru
- domain: asp.r9xa.ru
- domain: y6nb.7l-0b.ru
- domain: fro.pi6o.ru
- domain: 10ta.do-k-3.ru
- domain: b3vf.9ha-t.ru
- domain: bus.x2lu.ru
- domain: c0re.do-k-3.ru
- domain: has.da5v.ru
- domain: t0qm.9ha-t.ru
- domain: q1.4qua0.ru
- domain: may.je9r.ru
- domain: had.n4ym.ru
- file: 147.185.221.223
- hash: 31494
- domain: cap.vo3n.ru
- domain: x9sr.9ha-t.ru
- file: 23.94.145.109
- hash: 80
- domain: bra.k8li.ru
- domain: hid.m4ze.ru
- file: 185.225.226.74
- hash: 6443
- file: 8.17.56.128
- hash: 80
- domain: p5ld.9ha-t.ru
- domain: dry.tu7q.ru
- url: http://23.94.145.109/mbjdf8dsh/login.php
- domain: g8wy.9ha-t.ru
- domain: ken.r9xa.ru
- domain: x9z.4qua0.ru
- domain: bet.pi6o.ru
- domain: led.x2lu.ru
- domain: n2ch.9ha-t.ru
- domain: b1d.da5v.ru
- domain: hat.je9r.ru
- domain: m.4qua0.ru
- domain: gig.n4ym.ru
- file: 154.198.49.6
- hash: 80
- file: 8.219.115.51
- hash: 2095
- file: 34.131.39.45
- hash: 80
- file: 8.130.22.97
- hash: 443
- file: 46.151.33.182
- hash: 443
- file: 203.202.232.37
- hash: 2404
- file: 196.251.115.90
- hash: 2404
- file: 209.38.69.133
- hash: 443
- file: 46.246.84.8
- hash: 2703
- file: 51.81.210.203
- hash: 7443
- file: 34.67.160.108
- hash: 3000
- file: 34.16.39.218
- hash: 7443
- file: 158.94.209.59
- hash: 80
- file: 37.114.41.229
- hash: 443
- file: 195.123.240.47
- hash: 80
- file: 40.233.73.136
- hash: 8080
- file: 5.188.190.129
- hash: 443
- file: 198.252.109.34
- hash: 443
- file: 108.181.115.243
- hash: 443
- file: 95.181.212.113
- hash: 12313
- file: 94.154.35.114
- hash: 7777
- file: 94.141.122.234
- hash: 3232
- file: 18.143.176.70
- hash: 50580
- file: 173.254.215.95
- hash: 443
- file: 112.124.24.132
- hash: 9000
- domain: amfspro.click
- file: 172.104.242.220
- hash: 4444
- domain: hew.vo3n.ru
- domain: a03.4qua0.ru
- domain: any.m4ze.ru
- domain: jog.tu7q.ru
- domain: rid.r9xa.ru
- domain: v7p2.4qua0.ru
- domain: lap.pi6o.ru
- domain: hand.k-8-li.ru
- domain: d6.4qua0.ru
- domain: law.x2lu.ru
- domain: out.da5v.ru
- domain: kiln.k-8-li.ru
- domain: ban.je9r.ru
- domain: w4.3pea2.ru
- domain: ore.n4ym.ru
- domain: get.vo3n.ru
- domain: screen-suggesting.gl.at.ply.gg
- domain: navy.k-8-li.ru
- domain: villataxi.duckdns.org
- file: 102.165.46.162
- hash: 7771
- domain: gab.k8li.ru
- file: 165.154.244.221
- hash: 8099
- url: http://165.154.244.221:8099/wc7l
- domain: far.m4ze.ru
- file: 93.127.160.209
- hash: 3778
- domain: fit.tu7q.ru
- domain: 0ur.r9xa.ru
- domain: r0n9.3pea2.ru
- domain: ate.pi6o.ru
- domain: materials-mali.gl.at.ply.gg
- domain: one.x2lu.ru
- domain: s0up.k-8-li.ru
- domain: y7k.3pea2.ru
- domain: eel.da5v.ru
- domain: ion.je9r.ru
- domain: dock.pi-6-o.ru
- domain: gestcular.cfd
- file: 167.17.40.170
- hash: 443
- domain: shy.n4ym.ru
- domain: b2m.3pea2.ru
- domain: but.vo3n.ru
- url: https://pdo.tweethost.com/
- url: https://pdo.united-gs.net/
- domain: pdo.tweethost.com
- domain: pdo.united-gs.net
- domain: app.k8li.ru
- domain: 0ff.m4ze.ru
- file: 154.26.246.191
- hash: 8080
- file: 8.130.79.38
- hash: 1234
- file: 8.130.22.97
- hash: 80
- file: 91.92.241.37
- hash: 2404
- file: 79.124.77.41
- hash: 31337
- file: 35.91.137.33
- hash: 443
- file: 38.162.116.86
- hash: 8888
- file: 5.180.151.9
- hash: 8082
- domain: cloudstoragebox.com
- file: 91.217.90.45
- hash: 80
- file: 45.145.164.234
- hash: 8443
- file: 54.178.98.33
- hash: 443
- file: 18.178.163.94
- hash: 80
- file: 162.252.199.16
- hash: 4321
- domain: east.pi-6-o.ru
- domain: lie.tu7q.ru
- domain: t1.3pea2.ru
- domain: 1id.r9xa.ru
- domain: see.pi6o.ru
- domain: hark.pi-6-o.ru
- domain: f6.6wou3.ru
- domain: lab.x2lu.ru
- file: 154.17.1.92
- hash: 47891
- file: 16.64.4.25
- hash: 443
- file: 217.195.153.224
- hash: 8088
- domain: red.da5v.ru
- file: 52.54.56.239
- hash: 443
- file: 79.124.77.41
- hash: 8080
- domain: 5ap.je9r.ru
- domain: p00l.pi-6-o.ru
- domain: rig.n4ym.ru
- domain: nay.k8li.ru
- domain: q.6wou3.ru
- file: 38.85.201.33
- hash: 4646
- file: 124.220.76.69
- hash: 5555
- file: 179.43.186.214
- hash: 80
- file: 175.24.191.140
- hash: 443
- domain: age.m4ze.ru
- domain: m1lk.pi-6-o.ru
- domain: lag.tu7q.ru
- domain: c0p.r9xa.ru
- file: 88.218.64.49
- hash: 443
- domain: hub.pi6o.ru
- domain: s00n.tu-7-q.ru
- domain: dug.x2lu.ru
- domain: m0x.6wou3.ru
- domain: b1rd.tu-7-q.ru
- domain: jar.da5v.ru
- domain: bee.je9r.ru
- domain: fix.k8li.ru
- domain: dune.tu-7-q.ru
- domain: s3.1z22k.ru
- url: https://secureapimiddleware.com/s/x.js
- domain: joy.tu7q.ru
- file: 103.39.19.250
- hash: 443
- file: 103.44.90.86
- hash: 443
- file: 103.44.90.93
- hash: 443
- domain: secureapimiddleware.com
- file: 112.3.31.155
- hash: 443
- domain: boa.r9xa.ru
- domain: u1x.1z22k.ru
- file: 8.155.162.23
- hash: 8888
- file: 8.152.100.155
- hash: 80
- file: 154.8.156.39
- hash: 80
- file: 8.130.79.38
- hash: 443
- domain: www.aadcdnn.m365.1drive.zip
- file: 102.117.166.235
- hash: 7443
- file: 3.80.85.142
- hash: 7443
- file: 144.172.109.53
- hash: 7443
- file: 34.67.160.108
- hash: 7443
- file: 47.236.19.197
- hash: 443
- file: 43.155.166.206
- hash: 443
- file: 91.217.90.45
- hash: 443
- file: 69.62.80.16
- hash: 8443
- file: 220.79.56.176
- hash: 8443
- file: 3.142.94.100
- hash: 443
- file: 34.132.98.183
- hash: 443
- file: 20.224.21.19
- hash: 3333
- file: 34.174.229.200
- hash: 443
- file: 209.182.238.101
- hash: 3333
- file: 13.213.60.180
- hash: 443
- file: 35.229.219.235
- hash: 443
- file: 34.143.155.172
- hash: 443
- file: 34.87.144.137
- hash: 443
- file: 3.24.213.227
- hash: 443
- file: 3.77.95.11
- hash: 443
- file: 35.194.35.60
- hash: 443
- file: 84.247.191.4
- hash: 65500
- file: 213.232.229.214
- hash: 3333
- file: 139.162.114.227
- hash: 2053
- file: 35.184.92.76
- hash: 443
- file: 15.206.45.85
- hash: 443
- file: 34.69.19.152
- hash: 443
- file: 45.145.228.179
- hash: 8010
- domain: golf.tu-7-q.ru
- domain: fab.pi6o.ru
- domain: f1g.x2lu.ru
- domain: hay.da5v.ru
- domain: goat.tu-7-q.ru
- domain: fun.je9r.ru
- hash: 774dec46a037d1d89ac036b985f390c2a8887c9dfb626a658a0d2365427f9c3c
- domain: k0.1z22k.ru
- domain: xc6.s7li.ru
- domain: bark.vo-3-n.ru
- domain: yu2.ze9y.ru
- file: 103.173.226.98
- hash: 80
- domain: takes-thinkpad.gl.at.ply.gg
- url: https://upaste.me/r/d5ba60033ceb6c832:123
- file: 196.251.114.201
- hash: 2404
- file: 106.15.192.7
- hash: 8888
- domain: windefenderconection.duckdns.org
- file: 168.245.201.74
- hash: 3790
- file: 168.245.201.71
- hash: 3790
- url: http://95.217.139.186
- domain: d5m9.1z22k.ru
- domain: hmd.gl8r.ru
- domain: rwmb.xyz
- domain: www.hasist.top
- domain: zppd.live
- domain: urclive.help
- domain: nfs8u9aw.shop
- domain: ad4rchr39w8f.fun
- domain: q2v.ju8r.ru
- domain: mint.vo-3-n.ru
- domain: tvx.s7li.ru
- domain: wq7.1z22k.ru
- domain: qje.ra6n.ru
- domain: cki.fe7a.ru
- domain: dune.vo-3-n.ru
- file: 217.114.10.85
- hash: 4444
- domain: ogj.po5m.ru
- domain: r0se.vo-3-n.ru
- domain: 7cw.wi0x.ru
- domain: dm1.r4tu.ru
- domain: rook.ju-5-q.ru
- domain: f0b.ze9y.ru
- domain: l00k.vo-3-n.ru
- domain: 9jw.ju8r.ru
- file: 158.94.209.164
- hash: 2040
- url: https://asturiasactiva.es/pfol.wav
- domain: asturiasactiva.es
- domain: xk9.fe7a.ru
- file: 193.233.112.46
- hash: 59999
- domain: tide.ju-5-q.ru
- domain: plum.r-9-xa.ru
- domain: qty.ze9y.ru
- file: 38.102.8.135
- hash: 24054
- domain: wdh.bo3l.ru
- domain: glow.r-9-xa.ru
- domain: knit.ju-5-q.ru
- domain: zwf.ze9y.ru
- domain: cove.r-9-xa.ru
- url: https://varorg.com/5f3e.js
- domain: varorg.com
- url: https://varorg.com/js.php
- domain: s0ar.ju-5-q.ru
- domain: zy8.fe7a.ru
- domain: l1st.r-9-xa.ru
- domain: gu5.v3ix.ru
- domain: l0se.ju-5-q.ru
- file: 176.65.134.16
- hash: 2083
- domain: bots.kiro.forum
- url: https://ineffqa.asia/api
- domain: d2l.bo3l.ru
- url: https://dev.tweethost.com/
- url: https://dev.united-gs.net/
- domain: dev.tweethost.com
- domain: dev.united-gs.net
- file: 138.199.147.128
- hash: 443
- domain: 7d0.ka2s.ru
- domain: 5u2.fe7a.ru
- domain: s0da.r-9-xa.ru
- file: 192.227.173.59
- hash: 1983
- domain: f0i1.ju-5-q.ru
- domain: acp.mi7x.ru
- domain: 1fj.lo9q.ru
- domain: brim.x-2-lu.ru
- domain: c0rn.fa-0-n.ru
- domain: 1oi.s7li.ru
- url: https://polimakels.com/xss/buf.js
- domain: polimakels.com
- url: https://polimakels.com/xss/index.php
- url: https://polimakels.com/xss/bof.js
- url: https://emcuk.co.uk/lfrs.php
- url: https://galaxyfoundation.org.uk/waterfool.zip
- domain: galaxyfoundation.org.uk
- file: 5.181.156.234
- hash: 443
- domain: xx6.ju8r.ru
- domain: gale.x-2-lu.ru
- domain: seb.gl8r.ru
- file: 38.162.117.244
- hash: 1099
- file: 34.30.114.60
- hash: 80
- file: 123.57.209.167
- hash: 80
- file: 123.57.209.167
- hash: 443
- file: 152.136.103.50
- hash: 18444
- file: 196.251.116.219
- hash: 5000
- file: 212.154.2.45
- hash: 2404
- file: 85.9.198.8
- hash: 8000
- file: 108.129.39.149
- hash: 80
- file: 157.20.182.47
- hash: 8808
- file: 158.94.209.59
- hash: 8082
- file: 185.72.199.114
- hash: 1717
- file: 79.241.102.152
- hash: 81
- file: 13.247.108.3
- hash: 44819
- file: 104.250.169.2
- hash: 1234
- file: 103.14.225.124
- hash: 55555
- file: 139.212.60.147
- hash: 10001
- domain: xes.mi7x.ru
- domain: yarn.x-2-lu.ru
- domain: bop.s7li.ru
- domain: uqb.ze9y.ru
- domain: i11s.fa-0-n.ru
- url: https://scatbhn.cyou/api
- domain: pa5s.x-2-lu.ru
- domain: v1i.ka2s.ru
- domain: s1te.fa-0-n.ru
- domain: hb3.r4tu.ru
- domain: m00n.x-2-lu.ru
- domain: 11f.mi7x.ru
- domain: fawn.je-9-r.ru
- domain: 57y.bo3l.ru
- domain: gear.je-9-r.ru
- domain: 7rj.fe7a.ru
- domain: nn3.lo9q.ru
- domain: puma.r-1-v-x.ru
- domain: girl.je-9-r.ru
- domain: h1u.ra6n.ru
- domain: dwr.bo3l.ru
- domain: c00l.je-9-r.ru
- domain: armadengineering.com
- file: 196.251.70.127
- hash: 2011
- domain: assistancewindows20025.duckdns.org
- file: 195.10.205.64
- hash: 4449
- file: 193.233.112.46
- hash: 3389
- url: https://middii.mom/api
- domain: in9.ra6n.ru
- domain: c0de.r-1-v-x.ru
- domain: b00k.je-9-r.ru
- domain: qon.ju8r.ru
- domain: oaks.r-1-v-x.ru
- domain: 0m0.n5ol.ru
- domain: vfp.hy6o.ru
- domain: l1st.r-1-v-x.ru
- domain: flat.da-5-v.ru
- file: 167.71.83.95
- hash: 7443
- file: 189.146.123.254
- hash: 995
- domain: sak.ra6n.ru
- file: 74.48.158.45
- hash: 443
- file: 95.179.219.176
- hash: 2404
- domain: lyy.mi7x.ru
- domain: flip.da-5-v.ru
- domain: ke0.po5m.ru
- file: 111.92.240.180
- hash: 5539
- domain: uxg.n5ol.ru
- domain: foam.da-5-v.ru
- domain: k2.3c38h.ru
- domain: 6wo.mi7x.ru
- domain: 7it.wi0x.ru
- file: 158.94.209.164
- hash: 2828
- file: 192.30.241.135
- hash: 6106
- file: 213.142.148.110
- hash: 3778
- domain: uny.ra6n.ru
- domain: l1me.da-5-v.ru
- domain: zq7.3c38h.ru
- domain: 64d.s7li.ru
- file: 103.27.77.131
- hash: 783
- file: 91.92.242.67
- hash: 443
- file: 196.251.72.219
- hash: 8080
- url: https://hancockmontrealboreal.com/ugolinovivaldi19490524.html
- file: 120.78.127.57
- hash: 8000
- file: 64.7.199.42
- hash: 8090
- file: 185.189.12.247
- hash: 7777
- file: 84.247.179.96
- hash: 8090
- file: 43.198.241.172
- hash: 1433
- file: 106.14.132.222
- hash: 8082
- domain: g00d.da-5-v.ru
- file: 185.163.204.16
- hash: 7720
- domain: cs0.fe7a.ru
- domain: m0k.3c38h.ru
- domain: qcv.n5ol.ru
- domain: a9.3c38h.ru
- domain: 689.mi7x.ru
- domain: j5a.fe7a.ru
- domain: k4.1ne-z.ru
- domain: 3jc.n5ol.ru
- domain: rp8.1ne-z.ru
- file: 8.136.50.233
- hash: 8443
- domain: xyq.bo3l.ru
- domain: a4t.ze9y.ru
- domain: h.3c38h.ru
- file: 85.117.242.5
- hash: 8080
- domain: m2a9.1ne-z.ru
- domain: fxh.bo3l.ru
- domain: bgq.ze9y.ru
- domain: v4.2s84d.ru
- url: https://amfspro.click/sign-in
- url: https://server6.ninhaine.com/
- url: https://ww25.198c0529-1ea6-483a-8a2e-66d8df595657.server2.ninhaine.com/
- domain: sb0vht3nf.localto.net
- file: 91.231.222.220
- hash: 7540
- domain: lux0w0w0w.dynuddns.com
- domain: blessingshope100.duckdns.org
- domain: mangomondayyy.duckdns.org
- domain: www.abiaclassprojectpage.com
- domain: www.charlesschrf.com
- domain: zihnyunrui.com
- domain: zv1.1ne-z.ru
- file: 192.227.128.173
- hash: 3028
- file: 216.9.224.128
- hash: 4225
- domain: movies-buzz.gl.at.ply.gg
- domain: 9mv.lo9q.ru
- domain: sbh.ju8r.ru
- domain: x8m.2s84d.ru
- domain: tq.1ne-z.ru
- url: https://wvw.tweethost.com/
- url: https://wvw.united-gs.net/
- domain: wvw.tweethost.com
- domain: wvw.united-gs.net
- file: 168.119.55.209
- hash: 443
- domain: p0t.po5m.ru
- domain: 9hd.1ne-z.ru
- domain: lvu.xa4p.ru
- domain: b0t2.2s84d.ru
- domain: imbibei.mom
- domain: dimityk.mom
- domain: databap.mom
- domain: puntoc.mom
- domain: aspedyd.mom
- domain: czarpve.mom
- domain: chinij.mom
- domain: lonaktm.mom
- domain: caddov.mom
- domain: overruq.mom
- domain: corneot.mom
- domain: biauob.mom
- domain: maghaf.mom
- domain: overfrz.mom
- domain: middii.mom
- domain: pleasuc.locker
- domain: sugare.locker
- domain: satet.locker
- domain: unfet.locker
- domain: eleciso.mom
- domain: ljutyojkfgjkfnmf.info
- domain: feromonesbones.shop
- file: 45.153.34.90
- hash: 443
- file: 80.97.160.178
- hash: 443
- file: 64.188.91.231
- hash: 443
ThreatFox IOCs for 2025-10-29
0
MediumPublished: Wed Oct 29 2025 (10/29/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-10-29
AI-Powered Analysis
AILast updated: 10/30/2025, 00:15:48 UTC
Technical Analysis
The entry titled 'ThreatFox IOCs for 2025-10-29' is a feed update from the ThreatFox MISP platform, which provides Indicators of Compromise related to malware, specifically focusing on OSINT (Open Source Intelligence), network activity, and payload delivery. The data lacks specific affected software versions or products, and no known exploits are reported in the wild. The threat level is rated medium, with a threatLevel value of 2 on an unspecified scale, and limited analysis and distribution metrics. There are no CWE identifiers, no patches available, and no detailed technical indicators such as IP addresses, hashes, or domains included. The tags and categories suggest this is an intelligence feed item intended to inform security teams about potential network-based malware activity and payload delivery mechanisms observed or anticipated. The absence of concrete technical details or actionable indicators implies this is a general update rather than a targeted or emergent threat. The information is marked with TLP:white, indicating it is intended for wide distribution and sharing. Given the nature of the data, it serves primarily as a situational awareness tool for security operations centers and threat intelligence analysts to incorporate into their broader monitoring frameworks.
Potential Impact
The potential impact of this threat on European organizations is limited due to the lack of specific exploit details, affected products, or active campaigns. Since no known exploits are in the wild and no patches or vulnerabilities are identified, the immediate risk to confidentiality, integrity, or availability is low. However, the presence of malware-related IOCs related to network activity and payload delivery suggests that organizations should remain vigilant against possible future attacks leveraging similar tactics. European entities that rely heavily on OSINT and network monitoring may benefit from integrating these IOCs into their detection systems to enhance early warning capabilities. The medium severity rating reflects a moderate concern, primarily from a threat intelligence perspective rather than an active exploitation standpoint. Overall, the impact is more about preparedness and situational awareness than direct operational disruption or data compromise at this stage.
Mitigation Recommendations
1. Integrate the provided ThreatFox IOCs into existing Security Information and Event Management (SIEM) and threat intelligence platforms to enhance detection capabilities. 2. Maintain up-to-date network monitoring and anomaly detection systems to identify unusual payload delivery or network activity patterns. 3. Conduct regular threat hunting exercises using OSINT feeds to proactively identify potential indicators related to this or similar threats. 4. Ensure robust segmentation and least privilege principles in network architecture to limit potential malware spread if payload delivery attempts occur. 5. Educate security teams on the importance of incorporating OSINT-derived IOCs into daily operations for improved situational awareness. 6. Continuously monitor ThreatFox and other reputable threat intelligence sources for updates or new indicators that may provide more actionable information. 7. Since no patches are available, focus on detection and response capabilities rather than remediation of vulnerabilities. 8. Collaborate with European CERTs and information sharing communities to exchange intelligence and best practices related to emerging malware threats.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 8ca211ae-49df-4cf0-b006-85ec2263c423
- Original Timestamp
- 1761782587
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file104.21.37.230 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%) | |
file108.181.115.243 | Havoc botnet C2 server (confidence level: 100%) | |
file198.252.109.34 | Havoc botnet C2 server (confidence level: 100%) | |
file59.110.29.198 | Unknown malware botnet C2 server (confidence level: 100%) | |
file101.42.187.238 | Unknown malware botnet C2 server (confidence level: 100%) | |
file167.172.182.247 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.77.220.174 | Unknown malware botnet C2 server (confidence level: 100%) | |
file5.188.29.124 | Unknown malware botnet C2 server (confidence level: 100%) | |
file137.184.118.154 | Unknown malware botnet C2 server (confidence level: 100%) | |
file213.199.38.144 | Unknown malware botnet C2 server (confidence level: 100%) | |
file144.124.240.154 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.101.225.22 | Unknown malware botnet C2 server (confidence level: 100%) | |
file109.236.89.41 | Remcos botnet C2 server (confidence level: 100%) | |
file178.157.62.249 | pupy botnet C2 server (confidence level: 100%) | |
file196.75.60.36 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.253.147.9 | Meterpreter botnet C2 server (confidence level: 100%) | |
file172.104.242.220 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file147.185.221.223 | XenoRAT botnet C2 server (confidence level: 100%) | |
file23.94.145.109 | Amadey botnet C2 server (confidence level: 50%) | |
file185.225.226.74 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file8.17.56.128 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file154.198.49.6 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.219.115.51 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file34.131.39.45 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.130.22.97 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file46.151.33.182 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file203.202.232.37 | Remcos botnet C2 server (confidence level: 100%) | |
file196.251.115.90 | Remcos botnet C2 server (confidence level: 100%) | |
file209.38.69.133 | Sliver botnet C2 server (confidence level: 100%) | |
file46.246.84.8 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file51.81.210.203 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.67.160.108 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.16.39.218 | Unknown malware botnet C2 server (confidence level: 100%) | |
file158.94.209.59 | Hook botnet C2 server (confidence level: 100%) | |
file37.114.41.229 | Havoc botnet C2 server (confidence level: 100%) | |
file195.123.240.47 | Havoc botnet C2 server (confidence level: 100%) | |
file40.233.73.136 | Havoc botnet C2 server (confidence level: 100%) | |
file5.188.190.129 | Havoc botnet C2 server (confidence level: 100%) | |
file198.252.109.34 | Havoc botnet C2 server (confidence level: 100%) | |
file108.181.115.243 | Havoc botnet C2 server (confidence level: 100%) | |
file95.181.212.113 | Orcus RAT botnet C2 server (confidence level: 100%) | |
file94.154.35.114 | DCRat botnet C2 server (confidence level: 100%) | |
file94.141.122.234 | DCRat botnet C2 server (confidence level: 100%) | |
file18.143.176.70 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file173.254.215.95 | PoshC2 botnet C2 server (confidence level: 100%) | |
file112.124.24.132 | MimiKatz botnet C2 server (confidence level: 100%) | |
file172.104.242.220 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file102.165.46.162 | SpyNote botnet C2 server (confidence level: 100%) | |
file165.154.244.221 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file93.127.160.209 | Mirai botnet C2 server (confidence level: 75%) | |
file167.17.40.170 | HijackLoader botnet C2 server (confidence level: 50%) | |
file154.26.246.191 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.130.79.38 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.130.22.97 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.92.241.37 | Remcos botnet C2 server (confidence level: 100%) | |
file79.124.77.41 | Sliver botnet C2 server (confidence level: 100%) | |
file35.91.137.33 | Sliver botnet C2 server (confidence level: 100%) | |
file38.162.116.86 | Unknown malware botnet C2 server (confidence level: 100%) | |
file5.180.151.9 | Hook botnet C2 server (confidence level: 100%) | |
file91.217.90.45 | Havoc botnet C2 server (confidence level: 100%) | |
file45.145.164.234 | Havoc botnet C2 server (confidence level: 100%) | |
file54.178.98.33 | Havoc botnet C2 server (confidence level: 100%) | |
file18.178.163.94 | Havoc botnet C2 server (confidence level: 100%) | |
file162.252.199.16 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file154.17.1.92 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file16.64.4.25 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file217.195.153.224 | Sliver botnet C2 server (confidence level: 75%) | |
file52.54.56.239 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file79.124.77.41 | Sliver botnet C2 server (confidence level: 75%) | |
file38.85.201.33 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.220.76.69 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file179.43.186.214 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file175.24.191.140 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file88.218.64.49 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file103.39.19.250 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file103.44.90.86 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file103.44.90.93 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file112.3.31.155 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file8.155.162.23 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.152.100.155 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.8.156.39 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.130.79.38 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file102.117.166.235 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.80.85.142 | Unknown malware botnet C2 server (confidence level: 100%) | |
file144.172.109.53 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.67.160.108 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.236.19.197 | Havoc botnet C2 server (confidence level: 100%) | |
file43.155.166.206 | Havoc botnet C2 server (confidence level: 100%) | |
file91.217.90.45 | Havoc botnet C2 server (confidence level: 100%) | |
file69.62.80.16 | DeimosC2 botnet C2 server (confidence level: 100%) | |
file220.79.56.176 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.142.94.100 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.132.98.183 | Unknown malware botnet C2 server (confidence level: 100%) | |
file20.224.21.19 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.174.229.200 | Unknown malware botnet C2 server (confidence level: 100%) | |
file209.182.238.101 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.213.60.180 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.229.219.235 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.143.155.172 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.87.144.137 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.24.213.227 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.77.95.11 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.194.35.60 | Unknown malware botnet C2 server (confidence level: 100%) | |
file84.247.191.4 | Unknown malware botnet C2 server (confidence level: 100%) | |
file213.232.229.214 | Unknown malware botnet C2 server (confidence level: 100%) | |
file139.162.114.227 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.184.92.76 | Unknown malware botnet C2 server (confidence level: 100%) | |
file15.206.45.85 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.69.19.152 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.145.228.179 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.173.226.98 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file196.251.114.201 | Remcos botnet C2 server (confidence level: 100%) | |
file106.15.192.7 | Sliver botnet C2 server (confidence level: 100%) | |
file168.245.201.74 | Meterpreter botnet C2 server (confidence level: 100%) | |
file168.245.201.71 | Meterpreter botnet C2 server (confidence level: 100%) | |
file217.114.10.85 | Meterpreter botnet C2 server (confidence level: 75%) | |
file158.94.209.164 | Remcos botnet C2 server (confidence level: 75%) | |
file193.233.112.46 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file38.102.8.135 | Remcos botnet C2 server (confidence level: 100%) | |
file176.65.134.16 | Mirai botnet C2 server (confidence level: 75%) | |
file138.199.147.128 | Vidar botnet C2 server (confidence level: 100%) | |
file192.227.173.59 | Remcos botnet C2 server (confidence level: 100%) | |
file5.181.156.234 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file38.162.117.244 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file34.30.114.60 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.57.209.167 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.57.209.167 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file152.136.103.50 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file196.251.116.219 | Remcos botnet C2 server (confidence level: 100%) | |
file212.154.2.45 | Remcos botnet C2 server (confidence level: 100%) | |
file85.9.198.8 | Sliver botnet C2 server (confidence level: 100%) | |
file108.129.39.149 | Sliver botnet C2 server (confidence level: 100%) | |
file157.20.182.47 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file158.94.209.59 | Hook botnet C2 server (confidence level: 100%) | |
file185.72.199.114 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file79.241.102.152 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.247.108.3 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file104.250.169.2 | BitRAT botnet C2 server (confidence level: 100%) | |
file103.14.225.124 | MooBot botnet C2 server (confidence level: 100%) | |
file139.212.60.147 | Meterpreter botnet C2 server (confidence level: 100%) | |
file196.251.70.127 | Remcos botnet C2 server (confidence level: 100%) | |
file195.10.205.64 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file193.233.112.46 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file167.71.83.95 | Unknown malware botnet C2 server (confidence level: 75%) | |
file189.146.123.254 | QakBot botnet C2 server (confidence level: 75%) | |
file74.48.158.45 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file95.179.219.176 | Remcos botnet C2 server (confidence level: 75%) | |
file111.92.240.180 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file158.94.209.164 | Remcos botnet C2 server (confidence level: 75%) | |
file192.30.241.135 | XWorm botnet C2 server (confidence level: 75%) | |
file213.142.148.110 | Mirai botnet C2 server (confidence level: 75%) | |
file103.27.77.131 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file91.92.242.67 | Latrodectus botnet C2 server (confidence level: 100%) | |
file196.251.72.219 | Remcos botnet C2 server (confidence level: 100%) | |
file120.78.127.57 | Sliver botnet C2 server (confidence level: 100%) | |
file64.7.199.42 | DCRat botnet C2 server (confidence level: 100%) | |
file185.189.12.247 | DCRat botnet C2 server (confidence level: 100%) | |
file84.247.179.96 | DCRat botnet C2 server (confidence level: 100%) | |
file43.198.241.172 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file106.14.132.222 | Meterpreter botnet C2 server (confidence level: 100%) | |
file185.163.204.16 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
file8.136.50.233 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file85.117.242.5 | Nanocore RAT botnet C2 server (confidence level: 75%) | |
file91.231.222.220 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file192.227.128.173 | Remcos botnet C2 server (confidence level: 50%) | |
file216.9.224.128 | Remcos botnet C2 server (confidence level: 50%) | |
file168.119.55.209 | Vidar botnet C2 server (confidence level: 100%) | |
file45.153.34.90 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file80.97.160.178 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file64.188.91.231 | Rhadamanthys botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash8080 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8735 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9999 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash54333 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | pupy botnet C2 server (confidence level: 100%) | |
hash2222 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash8080 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash31494 | XenoRAT botnet C2 server (confidence level: 100%) | |
hash80 | Amadey botnet C2 server (confidence level: 50%) | |
hash6443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2095 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash2703 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash8080 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash12313 | Orcus RAT botnet C2 server (confidence level: 100%) | |
hash7777 | DCRat botnet C2 server (confidence level: 100%) | |
hash3232 | DCRat botnet C2 server (confidence level: 100%) | |
hash50580 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | PoshC2 botnet C2 server (confidence level: 100%) | |
hash9000 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash4444 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash7771 | SpyNote botnet C2 server (confidence level: 100%) | |
hash8099 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3778 | Mirai botnet C2 server (confidence level: 75%) | |
hash443 | HijackLoader botnet C2 server (confidence level: 50%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash8443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash4321 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash47891 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8088 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8080 | Sliver botnet C2 server (confidence level: 75%) | |
hash4646 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5555 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8443 | DeimosC2 botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash65500 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2053 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8010 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash774dec46a037d1d89ac036b985f390c2a8887c9dfb626a658a0d2365427f9c3c | Unknown Stealer payload (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | Sliver botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash4444 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash2040 | Remcos botnet C2 server (confidence level: 75%) | |
hash59999 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash24054 | Remcos botnet C2 server (confidence level: 100%) | |
hash2083 | Mirai botnet C2 server (confidence level: 75%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash1983 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash1099 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash18444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5000 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8000 | Sliver botnet C2 server (confidence level: 100%) | |
hash80 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash1717 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash81 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash44819 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash1234 | BitRAT botnet C2 server (confidence level: 100%) | |
hash55555 | MooBot botnet C2 server (confidence level: 100%) | |
hash10001 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash2011 | Remcos botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash3389 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 75%) | |
hash5539 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash2828 | Remcos botnet C2 server (confidence level: 75%) | |
hash6106 | XWorm botnet C2 server (confidence level: 75%) | |
hash3778 | Mirai botnet C2 server (confidence level: 75%) | |
hash783 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 100%) | |
hash8080 | Remcos botnet C2 server (confidence level: 100%) | |
hash8000 | Sliver botnet C2 server (confidence level: 100%) | |
hash8090 | DCRat botnet C2 server (confidence level: 100%) | |
hash7777 | DCRat botnet C2 server (confidence level: 100%) | |
hash8090 | DCRat botnet C2 server (confidence level: 100%) | |
hash1433 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8082 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash7720 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8080 | Nanocore RAT botnet C2 server (confidence level: 75%) | |
hash7540 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash3028 | Remcos botnet C2 server (confidence level: 50%) | |
hash4225 | Remcos botnet C2 server (confidence level: 50%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainazure.m365.1drive.zip | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainwww.accounts.m365.1drive.zip | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainonyx.do-k-3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhot.x2lu.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrum.da5v.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm4qy.7l-0b.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfin.je9r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv9tc.7l-0b.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsage.do-k-3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpit.n4ym.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainant.vo3n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domains1ne.do-k-3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpop.k8li.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaind1hs.7l-0b.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnag.m4ze.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaink7w.7l-0b.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindud.tu7q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainr2px.7l-0b.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainasp.r9xa.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainy6nb.7l-0b.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfro.pi6o.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain10ta.do-k-3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb3vf.9ha-t.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbus.x2lu.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc0re.do-k-3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhas.da5v.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaint0qm.9ha-t.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainq1.4qua0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmay.je9r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhad.n4ym.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincap.vo3n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainx9sr.9ha-t.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbra.k8li.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhid.m4ze.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainp5ld.9ha-t.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindry.tu7q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaing8wy.9ha-t.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainken.r9xa.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainx9z.4qua0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbet.pi6o.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainled.x2lu.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainn2ch.9ha-t.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb1d.da5v.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhat.je9r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm.4qua0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingig.n4ym.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainamfspro.click | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainhew.vo3n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaina03.4qua0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainany.m4ze.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjog.tu7q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrid.r9xa.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv7p2.4qua0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlap.pi6o.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhand.k-8-li.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaind6.4qua0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlaw.x2lu.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainout.da5v.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkiln.k-8-li.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainban.je9r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainw4.3pea2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainore.n4ym.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainget.vo3n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainscreen-suggesting.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainnavy.k-8-li.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainvillataxi.duckdns.org | NjRAT botnet C2 domain (confidence level: 100%) | |
domaingab.k8li.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfar.m4ze.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfit.tu7q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain0ur.r9xa.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainr0n9.3pea2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainate.pi6o.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmaterials-mali.gl.at.ply.gg | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainone.x2lu.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domains0up.k-8-li.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainy7k.3pea2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaineel.da5v.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainion.je9r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindock.pi-6-o.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingestcular.cfd | HijackLoader botnet C2 domain (confidence level: 50%) | |
domainshy.n4ym.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb2m.3pea2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbut.vo3n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpdo.tweethost.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainpdo.united-gs.net | Vidar botnet C2 domain (confidence level: 100%) | |
domainapp.k8li.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain0ff.m4ze.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincloudstoragebox.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaineast.pi-6-o.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlie.tu7q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaint1.3pea2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain1id.r9xa.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsee.pi6o.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhark.pi-6-o.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainf6.6wou3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlab.x2lu.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainred.da5v.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain5ap.je9r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainp00l.pi-6-o.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrig.n4ym.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnay.k8li.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainq.6wou3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainage.m4ze.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm1lk.pi-6-o.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlag.tu7q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc0p.r9xa.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhub.pi6o.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domains00n.tu-7-q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindug.x2lu.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm0x.6wou3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb1rd.tu-7-q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjar.da5v.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbee.je9r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfix.k8li.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindune.tu-7-q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domains3.1z22k.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjoy.tu7q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsecureapimiddleware.com | ClearFake payload delivery domain (confidence level: 50%) | |
domainboa.r9xa.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainu1x.1z22k.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwww.aadcdnn.m365.1drive.zip | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaingolf.tu-7-q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfab.pi6o.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainf1g.x2lu.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhay.da5v.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingoat.tu-7-q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfun.je9r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaink0.1z22k.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainxc6.s7li.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbark.vo-3-n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainyu2.ze9y.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintakes-thinkpad.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainwindefenderconection.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaind5m9.1z22k.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhmd.gl8r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrwmb.xyz | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainwww.hasist.top | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainzppd.live | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainurclive.help | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainnfs8u9aw.shop | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainad4rchr39w8f.fun | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainq2v.ju8r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmint.vo-3-n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintvx.s7li.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwq7.1z22k.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqje.ra6n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincki.fe7a.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindune.vo-3-n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainogj.po5m.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainr0se.vo-3-n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain7cw.wi0x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindm1.r4tu.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrook.ju-5-q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainf0b.ze9y.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainl00k.vo-3-n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain9jw.ju8r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainasturiasactiva.es | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainxk9.fe7a.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintide.ju-5-q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainplum.r-9-xa.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqty.ze9y.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwdh.bo3l.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainglow.r-9-xa.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainknit.ju-5-q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzwf.ze9y.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincove.r-9-xa.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainvarorg.com | KongTuke payload delivery domain (confidence level: 100%) | |
domains0ar.ju-5-q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzy8.fe7a.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainl1st.r-9-xa.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingu5.v3ix.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainl0se.ju-5-q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbots.kiro.forum | Mirai botnet C2 domain (confidence level: 100%) | |
domaind2l.bo3l.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindev.tweethost.com | Vidar botnet C2 domain (confidence level: 100%) | |
domaindev.united-gs.net | Vidar botnet C2 domain (confidence level: 100%) | |
domain7d0.ka2s.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain5u2.fe7a.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domains0da.r-9-xa.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainf0i1.ju-5-q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainacp.mi7x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain1fj.lo9q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbrim.x-2-lu.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc0rn.fa-0-n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain1oi.s7li.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpolimakels.com | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domaingalaxyfoundation.org.uk | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainxx6.ju8r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingale.x-2-lu.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainseb.gl8r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainxes.mi7x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainyarn.x-2-lu.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbop.s7li.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainuqb.ze9y.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaini11s.fa-0-n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpa5s.x-2-lu.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv1i.ka2s.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domains1te.fa-0-n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhb3.r4tu.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm00n.x-2-lu.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain11f.mi7x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfawn.je-9-r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain57y.bo3l.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingear.je-9-r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain7rj.fe7a.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnn3.lo9q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpuma.r-1-v-x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingirl.je-9-r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainh1u.ra6n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindwr.bo3l.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc00l.je-9-r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainarmadengineering.com | XWorm botnet C2 domain (confidence level: 100%) | |
domainassistancewindows20025.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainin9.ra6n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc0de.r-1-v-x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb00k.je-9-r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqon.ju8r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainoaks.r-1-v-x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain0m0.n5ol.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainvfp.hy6o.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainl1st.r-1-v-x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainflat.da-5-v.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsak.ra6n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlyy.mi7x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainflip.da-5-v.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainke0.po5m.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainuxg.n5ol.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfoam.da-5-v.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaink2.3c38h.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain6wo.mi7x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain7it.wi0x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainuny.ra6n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainl1me.da-5-v.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzq7.3c38h.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain64d.s7li.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaing00d.da-5-v.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincs0.fe7a.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm0k.3c38h.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqcv.n5ol.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaina9.3c38h.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain689.mi7x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainj5a.fe7a.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaink4.1ne-z.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain3jc.n5ol.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrp8.1ne-z.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainxyq.bo3l.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaina4t.ze9y.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainh.3c38h.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm2a9.1ne-z.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfxh.bo3l.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbgq.ze9y.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv4.2s84d.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsb0vht3nf.localto.net | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainlux0w0w0w.dynuddns.com | DCRat botnet C2 domain (confidence level: 50%) | |
domainblessingshope100.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainmangomondayyy.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainwww.abiaclassprojectpage.com | Remcos botnet C2 domain (confidence level: 50%) | |
domainwww.charlesschrf.com | Remcos botnet C2 domain (confidence level: 50%) | |
domainzihnyunrui.com | Remcos botnet C2 domain (confidence level: 50%) | |
domainzv1.1ne-z.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmovies-buzz.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domain9mv.lo9q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsbh.ju8r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainx8m.2s84d.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintq.1ne-z.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwvw.tweethost.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainwvw.united-gs.net | Vidar botnet C2 domain (confidence level: 100%) | |
domainp0t.po5m.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain9hd.1ne-z.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlvu.xa4p.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb0t2.2s84d.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainimbibei.mom | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindimityk.mom | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindatabap.mom | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpuntoc.mom | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainaspedyd.mom | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainczarpve.mom | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainchinij.mom | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainlonaktm.mom | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincaddov.mom | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainoverruq.mom | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincorneot.mom | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbiauob.mom | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmaghaf.mom | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainoverfrz.mom | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmiddii.mom | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpleasuc.locker | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsugare.locker | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsatet.locker | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainunfet.locker | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaineleciso.mom | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainljutyojkfgjkfnmf.info | Rhadamanthys botnet C2 domain (confidence level: 100%) | |
domainferomonesbones.shop | Rhadamanthys botnet C2 domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://23.94.145.109/mbjdf8dsh/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://23.94.145.109/mbjdf8dsh/login.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://165.154.244.221:8099/wc7l | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttps://pdo.tweethost.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://pdo.united-gs.net/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://secureapimiddleware.com/s/x.js | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://upaste.me/r/d5ba60033ceb6c832:123 | XWorm botnet C2 (confidence level: 100%) | |
urlhttp://95.217.139.186 | Stealc botnet C2 (confidence level: 100%) | |
urlhttps://asturiasactiva.es/pfol.wav | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://varorg.com/5f3e.js | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttps://varorg.com/js.php | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttps://ineffqa.asia/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://dev.tweethost.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://dev.united-gs.net/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://polimakels.com/xss/buf.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://polimakels.com/xss/index.php | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://polimakels.com/xss/bof.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://emcuk.co.uk/lfrs.php | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://galaxyfoundation.org.uk/waterfool.zip | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://scatbhn.cyou/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://middii.mom/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://hancockmontrealboreal.com/ugolinovivaldi19490524.html | Unknown Stealer botnet C2 (confidence level: 100%) | |
urlhttps://amfspro.click/sign-in | Amatera botnet C2 (confidence level: 50%) | |
urlhttps://server6.ninhaine.com/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://ww25.198c0529-1ea6-483a-8a2e-66d8df595657.server2.ninhaine.com/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://wvw.tweethost.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://wvw.united-gs.net/ | Vidar botnet C2 (confidence level: 100%) |
Threat ID: 6902ae2004b4f2cbf9067471
Added to database: 10/30/2025, 12:15:28 AM
Last enriched: 10/30/2025, 12:15:48 AM
Last updated: 10/30/2025, 3:19:17 PM
Views: 13
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
Hackers Use NFC Relay Malware to Clone Android Tap-to-Pay Transactions
MediumMalwareWed Oct 29 2025
Suspected Nation-State Threat Actor Uses New Airstalk Malware in a Supply Chain Attack
MediumMalwareWed Oct 29 2025
GHOSTGRAB ANDROID MALWARE
MediumMalwareWed Oct 29 2025
Analysis of Trigona Threat Actor's Latest Attack Cases
MediumMalwareWed Oct 29 2025
10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux
MediumMalwareWed Oct 29 2025
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.