Reconnecting to live updates…
ThreatFox IOCs for 2025-11-06
Severity: mediumType: malware
ThreatFox IOCs for 2025-11-06
AI Analysis
Technical Summary
The provided information pertains to a malware-related threat intelligence update published on November 6, 2025, sourced from the ThreatFox MISP feed. This update primarily consists of Indicators of Compromise (IOCs) associated with malware activities, focusing on OSINT (Open Source Intelligence), payload delivery, and network activity categories. The absence of specific affected software versions or detailed technical indicators suggests that this is a general intelligence report rather than a disclosure of a new vulnerability or exploit. The threat level is indicated as medium, with no known exploits actively targeting systems at the time of publication. The technical details include a threat level of 2 (on an unspecified scale), analysis level 1, and distribution level 3, which may imply moderate confidence and distribution scope. The lack of patch availability and absence of CVEs or CWEs further indicate that this threat intelligence is intended to inform defenders about ongoing or potential malware campaigns rather than a specific software flaw. The payload delivery and network activity tags imply that the malware is likely distributed through network vectors, potentially involving command and control communications or malicious payload transmissions. The TLP (Traffic Light Protocol) white tag indicates that the information is intended for unrestricted sharing, facilitating broad dissemination among security teams. Overall, this intelligence update serves as a situational awareness tool to help organizations recognize and respond to malware-related network activities.
Potential Impact
For European organizations, the impact of this threat is primarily related to the potential for malware infection through network-based delivery mechanisms. While no active exploits are reported, the presence of IOCs enables attackers or automated tools to attempt payload delivery, which could lead to data compromise, disruption of services, or unauthorized access if successful. Organizations relying heavily on networked infrastructure, especially those in critical sectors such as finance, energy, and telecommunications, may face increased risk due to the potential for lateral movement or data exfiltration. The medium severity suggests that while the threat is not immediately critical, it warrants attention to prevent escalation. The lack of patches means that mitigation relies on detection and response capabilities rather than vulnerability remediation. Additionally, the OSINT nature of the threat indicates that attackers may leverage publicly available information to tailor attacks, increasing the sophistication and potential impact on targeted entities. Failure to detect or respond to these IOCs could result in operational disruptions or compromise of sensitive information.
Mitigation Recommendations
European organizations should implement enhanced network monitoring to detect suspicious payload delivery and network activity consistent with the provided IOCs. Integration of ThreatFox and other OSINT feeds into Security Information and Event Management (SIEM) systems can improve detection capabilities. Regularly updating and tuning intrusion detection/prevention systems (IDS/IPS) to recognize emerging malware signatures is critical. Conducting threat hunting exercises focused on network traffic anomalies and payload delivery patterns can proactively identify potential infections. Organizations should also ensure robust segmentation of critical network assets to limit lateral movement in case of compromise. Employee awareness training on recognizing phishing or social engineering attempts that may serve as initial infection vectors is recommended, even though user interaction is not explicitly required here. Incident response plans should be reviewed and tested to ensure rapid containment and remediation of detected malware activity. Finally, collaboration with national cybersecurity centers and sharing of threat intelligence within European cybersecurity communities can enhance collective defense.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain
Indicators of Compromise
- url: https://imf1.com/9h0y.js
- domain: imf1.com
- url: https://imf1.com/js.php
- url: http://72.5.43.147:7777/frt44
- url: http://72.5.43.147:7777/2nd
- file: 18.230.118.147
- hash: 443
- domain: secure.kasindramaharaj.com
- domain: smilesmash.com
- url: https://smilesmash.com/xss/buf.js
- url: https://smilesmash.com/xss/index.php
- file: 82.147.85.212
- hash: 9506
- domain: ft.imugandas.com
- file: 196.251.114.166
- hash: 12352
- file: 212.71.246.109
- hash: 8080
- file: 160.176.88.16
- hash: 443
- file: 18.217.155.157
- hash: 80
- domain: n1k.7nf214.ru
- file: 89.35.130.116
- hash: 80
- file: 51.155.228.1
- hash: 80
- domain: ab.lunarlicht.ru
- domain: t1w.cometwald.ru
- file: 91.92.243.7
- hash: 1155
- domain: m7x.lunarlicht.ru
- domain: 3qd.7nf214.ru
- domain: q2k.lunarlicht.ru
- domain: x0p.willowberg.ru
- domain: x1.lunarlicht.ru
- domain: b7m2.7nf214.ru
- domain: h9m.lunarlicht.ru
- domain: rz.forgehafen.ru
- domain: t8.8-f-e8.ru
- domain: t3k.forgehafen.ru
- domain: b7k2.willowberg.ru
- domain: v2.forgehafen.ru
- domain: c4n.forgehafen.ru
- domain: x4d.8-f-e8.ru
- domain: d5.willowberg.ru
- domain: yxm.forgehafen.ru
- domain: kp.ripplerover.ru
- domain: 9am.8-f-e8.ru
- domain: n8.ripplerover.ru
- domain: zt3.ripplerover.ru
- domain: pr6q.8-f-e8.ru
- domain: a2n.ripplerover.ru
- domain: c1v.8-f-e8.ru
- domain: q4.ravenpfad.ru
- domain: x4.ripplerover.ru
- domain: m0k.8-f-e8.ru
- domain: gs.summitmond.ru
- domain: k2.a-8-xp.ru
- domain: q7m.summitmond.ru
- domain: n7x.ravenpfad.ru
- domain: bd2.summitmond.ru
- domain: v9r.a-8-xp.ru
- domain: z1.summitmond.ru
- domain: a3.ravenpfad.ru
- domain: tqf.summitmond.ru
- domain: be.vortexgipfel.ru
- domain: w2t.ravenpfad.ru
- domain: w9.vortexgipfel.ru
- domain: z01.a-8-xp.ru
- domain: c3r.vortexgipfel.ru
- domain: ty3.a-8-xp.ru
- file: 1.95.207.237
- hash: 80
- file: 120.55.101.211
- hash: 80
- file: 42.192.49.146
- hash: 80
- file: 114.67.65.240
- hash: 443
- file: 192.3.136.221
- hash: 2404
- file: 102.117.161.196
- hash: 7443
- file: 34.207.216.71
- hash: 7443
- file: 125.24.165.154
- hash: 7443
- file: 45.61.157.210
- hash: 911
- file: 18.178.163.94
- hash: 443
- file: 13.53.40.179
- hash: 1337
- domain: k3.prismquelle.ru
- domain: p2.vortexgipfel.ru
- file: 196.251.66.212
- hash: 3778
- domain: xk.vortexgipfel.ru
- domain: hpn4.a-8-xp.ru
- domain: aj.aspenatlas.ru
- domain: m8q.aspenatlas.ru
- domain: d7q.a-8-xp.ru
- domain: pc4.aspenatlas.ru
- domain: x2.aspenatlas.ru
- domain: z8q.prismquelle.ru
- domain: d6y1.085-x-89-c.ru
- domain: bqk.aspenatlas.ru
- domain: r5.cedarnova.ru
- domain: t1n.cedarnova.ru
- domain: m0x.prismquelle.ru
- domain: n7.cedarnova.ru
- domain: z9tqn.085-x-89-c.ru
- domain: cm.cedarnova.ru
- domain: b3h7.085-x-89-c.ru
- file: 104.243.242.226
- hash: 57484
- domain: a7.prismquelle.ru
- domain: sa3.cedarnova.ru
- domain: supercoolweb.ddns.net
- domain: servidoresethernet.duckdns.org
- domain: so.opaldrift.ru
- domain: q2w5e.085-x-89-c.ru
- domain: t2w.coralglanz.ru
- domain: h1p.opaldrift.ru
- domain: v3.opaldrift.ru
- domain: x0la.085-x-89-c.ru
- domain: oz.opaldrift.ru
- domain: p0x.opaldrift.ru
- domain: h5.coralglanz.ru
- domain: s8rk2.085-x-89-c.ru
- domain: ge.quasarorchid.ru
- domain: q1.quasarorchid.ru
- domain: 4p1m.kzg-w-4-y.ru
- domain: bz.quasarorchid.ru
- file: 124.222.63.49
- hash: 8088
- file: 139.196.111.118
- hash: 8088
- file: 156.238.233.21
- hash: 443
- file: 154.198.162.92
- hash: 8443
- file: 156.238.233.21
- hash: 8090
- domain: x4m.quasarorchid.ru
- domain: y9p.coralglanz.ru
- domain: t6k9.kzg-w-4-y.ru
- domain: y7.quasarorchid.ru
- domain: c1k.coralglanz.ru
- domain: sm.tundrasable.ru
- domain: wwe.kzg-w-4-y.ru
- domain: c8.tundrasable.ru
- file: 121.197.3.53
- hash: 80
- file: 47.79.19.147
- hash: 8089
- file: 119.45.25.66
- hash: 80
- file: 120.53.107.202
- hash: 80
- file: 194.87.10.124
- hash: 80
- file: 8.163.22.1
- hash: 80
- file: 101.126.151.252
- hash: 443
- file: 8.152.223.39
- hash: 80
- file: 91.92.243.28
- hash: 443
- file: 93.113.98.36
- hash: 443
- file: 129.212.190.70
- hash: 6000
- file: 129.212.190.70
- hash: 8000
- file: 36.255.98.84
- hash: 9000
- file: 47.250.118.135
- hash: 443
- file: 1.52.157.76
- hash: 6001
- file: 31.97.134.73
- hash: 8082
- file: 168.245.201.54
- hash: 3790
- domain: 1m.tundrasable.ru
- url: https://bb.tweethost.com/
- url: https://bb.fabiankorte.net/
- url: https://bb.ethicaltechinstitute.org.uk/
- domain: bb.tweethost.com
- domain: bb.fabiankorte.net
- domain: bb.ethicaltechinstitute.org.uk
- domain: e5.tundrasable.ru
- domain: v4q7p.l3rc-0.ru
- domain: c2.kzg-w-4-y.ru
- domain: g5.tundrasable.ru
- domain: a9hm.l3rc-0.ru
- domain: sj.dr1ftpanda.ru
- domain: 7.kzg-w-4-y.ru
- file: 104.140.154.102
- hash: 30244
- file: 104.140.154.102
- hash: 30254
- file: 104.140.154.167
- hash: 30132
- file: 104.140.154.189
- hash: 30181
- file: 104.140.154.202
- hash: 30091
- file: 104.140.154.203
- hash: 30191
- file: 104.140.154.27
- hash: 30079
- file: 104.140.154.54
- hash: 30042
- file: 104.206.234.59
- hash: 30034
- domain: p3wz1.l3rc-0.ru
- file: 142.44.139.130
- hash: 443
- file: 166.117.137.157
- hash: 443
- file: 18.217.220.102
- hash: 443
- file: 188.36.27.2
- hash: 80
- file: 189.235.164.54
- hash: 995
- file: 196.251.83.192
- hash: 8888
- file: 40.160.53.57
- hash: 443
- file: 40.160.53.76
- hash: 443
- file: 40.160.61.50
- hash: 443
- file: 40.160.61.8
- hash: 443
- file: 45.150.108.43
- hash: 443
- file: 46.8.78.79
- hash: 8000
- domain: vo5.dr1ftpanda.ru
- file: 52.223.42.221
- hash: 443
- file: 54.39.157.132
- hash: 443
- file: 54.39.16.39
- hash: 443
- file: 62.106.66.143
- hash: 8888
- file: 99.83.254.91
- hash: 443
- domain: g4v.solarfracht.online
- file: 8.218.173.23
- hash: 443
- domain: wmw2.dr1ftpanda.ru
- file: 198.55.102.84
- hash: 1818
- domain: hbo8.dr1ftpanda.ru
- domain: t9m2.solarfracht.online
- domain: we.dr1ftpanda.ru
- domain: y6kb.l3rc-0.ru
- domain: u3zc.dr1ftpanda.ru
- domain: qk7.solarfracht.online
- domain: 2n.dr1ftpanda.ru
- domain: b1x3.solarfracht.online
- domain: swm5.dr1ftpanda.ru
- domain: yzc.amberr0cket.ru
- domain: r2l.solarfracht.online
- domain: zm4.amberr0cket.ru
- domain: h0f8.solarfracht.online
- domain: u3k.amberr0cket.ru
- domain: a9x.frosthain.online
- domain: y8c.zephyrsteg.online
- domain: f8s.amberr0cket.ru
- domain: m7rd.frosthain.online
- domain: v4n1.zephyrsteg.online
- domain: oa.amberr0cket.ru
- url: https://ka.fundsreclaimllc.com/
- domain: ka.fundsreclaimllc.com
- file: 23.88.114.55
- hash: 443
- domain: kp6.zephyrsteg.online
- domain: 2d63.amberr0cket.ru
- domain: m1r3.amberr0cket.ru
- file: 165.154.224.126
- hash: 45231
- file: 8.137.17.132
- hash: 443
- file: 23.27.169.36
- hash: 9898
- file: 81.17.103.11
- hash: 3333
- file: 185.95.165.36
- hash: 4848
- file: 52.54.98.210
- hash: 443
- file: 43.161.231.96
- hash: 443
- file: 37.32.26.5
- hash: 443
- file: 161.97.140.124
- hash: 8081
- file: 13.48.76.72
- hash: 443
- file: 34.57.13.237
- hash: 443
- domain: xse3.frosthain.online
- domain: m3t9.zephyrsteg.online
- domain: 8w.amberr0cket.ru
- domain: 5m.maplexenon.ru
- domain: s0r.zephyrsteg.online
- domain: j4va.frosthain.online
- domain: q88.maplexenon.ru
- domain: d7w2.zephyrsteg.online
- file: 156.234.218.59
- hash: 10443
- file: 38.60.250.149
- hash: 443
- domain: xt83.maplexenon.ru
- file: 122.51.31.224
- hash: 4443
- file: 122.51.31.224
- hash: 8010
- file: 66.23.203.98
- hash: 10001
- file: 103.57.250.241
- hash: 135
- file: 186.156.92.198
- hash: 81
- file: 47.77.192.39
- hash: 10001
- file: 56.124.121.107
- hash: 12538
- file: 15.160.125.231
- hash: 11112
- file: 13.38.80.185
- hash: 50100
- file: 95.9.236.210
- hash: 444
- url: https://ee181.jiangyieeee.top/
- domain: bot.osintitalia.xyz
- domain: teamc2.duckdns.org
- domain: dv3.bbanddd.com
- file: 109.248.150.195
- hash: 7745
- domain: forrbes.com
- domain: tamku.shop
- domain: tamku.shoplerter.opnetorologies.net
- domain: significant-adopted-bearing-own.trycloudflare.com
- domain: sanguen.courses
- domain: sz.maplexenon.ru
- domain: f5q.ironbucht.online
- domain: 1hx8.maplexenon.ru
- domain: fortelio.karina2bento-com.xyz
- domain: sislaps.ydns.eu
- file: 91.205.191.202
- hash: 6767
- file: 91.205.191.202
- hash: 6262
- file: 136.119.79.219
- hash: 8808
- file: 193.143.1.64
- hash: 15647
- file: 193.143.1.64
- hash: 9000
- file: 220.158.234.77
- hash: 11211
- domain: kmg.maplexenon.ru
- url: https://edentista.com/5g7o.js
- domain: edentista.com
- url: https://edentista.com/js.php
- url: http://168.100.11.73:6655/frt44
- domain: x9l2.ironbucht.online
- domain: g74n.maplexenon.ru
- domain: c1t7.ironbucht.online
- domain: bw9.ve1vet0rchid.ru
- domain: copperwerft.online
- domain: w7d.brassufer.online
- domain: et.ve1vet0rchid.ru
- domain: 5mx.ve1vet0rchid.ru
- domain: e3k9.brassufer.online
- domain: frostindigo.ru
- domain: t1q4.brassufer.online
- domain: 5a.frost-indigo.ru
- domain: z5m.brassufer.online
- url: https://dolmain.com/5w8h.js
- domain: dolmain.com
- url: https://dolmain.com/js.php
- domain: thunderforst.online
- domain: pixe1tu1ip.ru
- domain: h8s2.brassufer.online
- domain: quartzraven.ru
- domain: flintwiese.online
- domain: d7x.ember-grove.ru
- domain: 51cv.ember-grove.ru
- domain: pr.ember-grove.ru
- domain: 5kch.n0vaharbor.ru
- domain: a6v1.brassufer.online
- url: https://auldlxm.courses/api
- domain: 5d.n0vaharbor.ru
- domain: ix.n0vaharbor.ru
- domain: p9c.starmarkt.online
- url: https://keyworksrl.it/wp-content/plugins/wp-required-integumentary/index.php?r=bd1odhrwczovl2nsb3vkmjaymc1wb29sltewotgtdm9sdw1llnmzlnvzlwvhc3qtms5hbwf6b25hd3muy29tlzzldgvyvgxrvczlbt1pbmzvqghvbgxlci1wbgfudw5nlmrl
- domain: flowascatch.com
- url: https://flowascatch.com/xss/buf.js
- url: https://flowascatch.com/xss/index.php
- domain: alpha-cinder.ru
- domain: alphacinder.ru
- domain: l2f7.starmarkt.online
- domain: meteorsegel.ru
- domain: pixelorbit.ru
- domain: swiftfluss.ru
- domain: solarviolet.ru
- file: 156.238.233.21
- hash: 8089
- file: 124.220.0.39
- hash: 443
- file: 107.175.148.72
- hash: 2404
- file: 172.201.48.145
- hash: 443
- file: 155.94.150.52
- hash: 8808
- file: 176.46.158.9
- hash: 6606
- file: 37.59.103.250
- hash: 443
- domain: 1v0ry51gnai.ru
- file: 168.245.201.110
- hash: 3790
- domain: pixel-orbit.ru
- domain: r0b3.starmarkt.online
- domain: siliconmoss.ru
- domain: driftfels.online
- domain: lotioniron.ru
- domain: k8x1.starmarkt.online
- domain: soniccobalt.ru
- domain: orbitkrone.online
- file: 178.16.54.225
- hash: 59007
- domain: silicon-moss.ru
- domain: g1t4.starmarkt.online
- file: 113.5.183.211
- hash: 443
- file: 117.21.178.210
- hash: 443
- file: 122.228.223.241
- hash: 443
- file: 171.43.169.212
- hash: 443
- url: https://hy.fabiankorte.net/
- url: https://hy.fundsreclaimllc.com/
- domain: hy.fabiankorte.net
- domain: hy.fundsreclaimllc.com
- file: 159.69.179.240
- hash: 443
- domain: fhp.lilacsilo.ru
- domain: fsrm.lilacsilo.ru
- domain: 14.lilacsilo.ru
- domain: 0b.lilacsilo.ru
- domain: j0h.lilacsilo.ru
- domain: fb.lilacsilo.ru
- domain: cq.lilacsilo.ru
- domain: johndoessssss-32696.portmap.host
- domain: n-ea.gl.at.ply.gg
- domain: shopping-administrative.gl.at.ply.gg
- file: 196.251.116.2
- hash: 5077
- file: 192.151.255.213
- hash: 1688
- domain: bz.lilacsilo.ru
- domain: h40.amberr-0-ck-et.ru
- domain: 8cj.amberr-0-ck-et.ru
- domain: ovs.amberr-0-ck-et.ru
- file: 104.140.154.105
- hash: 30022
- file: 104.140.154.132
- hash: 30228
- file: 104.140.154.148
- hash: 30004
- file: 104.140.154.18
- hash: 30164
- file: 104.140.154.181
- hash: 30071
- file: 104.140.154.187
- hash: 30004
- file: 104.140.154.188
- hash: 30066
- file: 104.140.154.21
- hash: 30114
- file: 104.140.154.235
- hash: 30142
- file: 104.140.154.238
- hash: 30034
- file: 104.140.154.26
- hash: 30031
- file: 104.140.154.29
- hash: 30132
- file: 104.140.154.39
- hash: 30005
- file: 104.140.154.47
- hash: 30177
- file: 104.140.154.52
- hash: 30132
- file: 104.140.154.62
- hash: 30024
- file: 104.140.154.86
- hash: 30079
- file: 104.140.154.92
- hash: 30115
- file: 104.206.234.107
- hash: 30012
- file: 104.206.234.126
- hash: 30244
- file: 104.206.234.161
- hash: 30244
- file: 104.206.234.177
- hash: 30037
- file: 104.206.234.185
- hash: 30179
- file: 104.206.234.225
- hash: 30035
- file: 104.206.234.227
- hash: 30034
- file: 104.206.234.230
- hash: 30202
- file: 104.206.234.43
- hash: 30202
- file: 104.206.234.47
- hash: 30106
- file: 104.206.234.64
- hash: 30055
- file: 104.206.234.8
- hash: 30244
- file: 104.206.234.91
- hash: 30150
- file: 137.175.65.213
- hash: 443
- file: 139.180.221.232
- hash: 443
- file: 158.69.225.86
- hash: 443
- file: 159.0.46.33
- hash: 443
- domain: s1ev.amberr-0-ck-et.ru
- file: 40.160.55.206
- hash: 443
- file: 40.160.55.217
- hash: 443
- file: 77.110.114.27
- hash: 2404
- domain: emberkiesel.ru
- domain: tidalschatten.ru
- domain: echozauber.ru
- file: 124.198.132.80
- hash: 1234
- domain: vectorblitz.ru
- domain: gladeeiche.ru
- domain: zenithspitze.ru
- file: 194.113.72.222
- hash: 4443
- domain: filigrane-dossier.com
- domain: poisson6026.dedyn.io
- domain: ambergeist.ru
- domain: indigowelle.ru
- domain: cindertau.ru
- domain: mintnord.ru
- domain: mightyflora.ru
- domain: dawnmirror.ru
- domain: 1unarpetal.ru
- domain: shadowgrove.ru
- domain: mighty-flora.ru
- domain: dawn-mirror.ru
- domain: serena-point.ru
- domain: sunnyharbor.ru
- domain: m0onsh1nebay.ru
- domain: crystal-berry.ru
- domain: shadow-grove.ru
- domain: ic0nicr1ver.ru
- domain: serenapoint.ru
- domain: brightsilk.ru
- domain: ab7.sunny-harbor.ru
- domain: m9x.sunny-harbor.ru
ThreatFox IOCs for 2025-11-06
0
MediumPublished: Thu Nov 06 2025 (11/06/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-11-06
AI-Powered Analysis
AILast updated: 11/07/2025, 00:12:02 UTC
Technical Analysis
The provided information pertains to a malware-related threat intelligence update published on November 6, 2025, sourced from the ThreatFox MISP feed. This update primarily consists of Indicators of Compromise (IOCs) associated with malware activities, focusing on OSINT (Open Source Intelligence), payload delivery, and network activity categories. The absence of specific affected software versions or detailed technical indicators suggests that this is a general intelligence report rather than a disclosure of a new vulnerability or exploit. The threat level is indicated as medium, with no known exploits actively targeting systems at the time of publication. The technical details include a threat level of 2 (on an unspecified scale), analysis level 1, and distribution level 3, which may imply moderate confidence and distribution scope. The lack of patch availability and absence of CVEs or CWEs further indicate that this threat intelligence is intended to inform defenders about ongoing or potential malware campaigns rather than a specific software flaw. The payload delivery and network activity tags imply that the malware is likely distributed through network vectors, potentially involving command and control communications or malicious payload transmissions. The TLP (Traffic Light Protocol) white tag indicates that the information is intended for unrestricted sharing, facilitating broad dissemination among security teams. Overall, this intelligence update serves as a situational awareness tool to help organizations recognize and respond to malware-related network activities.
Potential Impact
For European organizations, the impact of this threat is primarily related to the potential for malware infection through network-based delivery mechanisms. While no active exploits are reported, the presence of IOCs enables attackers or automated tools to attempt payload delivery, which could lead to data compromise, disruption of services, or unauthorized access if successful. Organizations relying heavily on networked infrastructure, especially those in critical sectors such as finance, energy, and telecommunications, may face increased risk due to the potential for lateral movement or data exfiltration. The medium severity suggests that while the threat is not immediately critical, it warrants attention to prevent escalation. The lack of patches means that mitigation relies on detection and response capabilities rather than vulnerability remediation. Additionally, the OSINT nature of the threat indicates that attackers may leverage publicly available information to tailor attacks, increasing the sophistication and potential impact on targeted entities. Failure to detect or respond to these IOCs could result in operational disruptions or compromise of sensitive information.
Mitigation Recommendations
European organizations should implement enhanced network monitoring to detect suspicious payload delivery and network activity consistent with the provided IOCs. Integration of ThreatFox and other OSINT feeds into Security Information and Event Management (SIEM) systems can improve detection capabilities. Regularly updating and tuning intrusion detection/prevention systems (IDS/IPS) to recognize emerging malware signatures is critical. Conducting threat hunting exercises focused on network traffic anomalies and payload delivery patterns can proactively identify potential infections. Organizations should also ensure robust segmentation of critical network assets to limit lateral movement in case of compromise. Employee awareness training on recognizing phishing or social engineering attempts that may serve as initial infection vectors is recommended, even though user interaction is not explicitly required here. Incident response plans should be reviewed and tested to ensure rapid containment and remediation of detected malware activity. Finally, collaboration with national cybersecurity centers and sharing of threat intelligence within European cybersecurity communities can enhance collective defense.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 9cd701d3-16d1-4571-8d08-ab4924a26522
- Original Timestamp
- 1762473786
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://imf1.com/9h0y.js | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttps://imf1.com/js.php | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttp://72.5.43.147:7777/frt44 | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttp://72.5.43.147:7777/2nd | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttps://smilesmash.com/xss/buf.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://smilesmash.com/xss/index.php | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://bb.tweethost.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://bb.fabiankorte.net/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://bb.ethicaltechinstitute.org.uk/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ka.fundsreclaimllc.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ee181.jiangyieeee.top/ | SpyNote botnet C2 (confidence level: 50%) | |
urlhttps://edentista.com/5g7o.js | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttps://edentista.com/js.php | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttp://168.100.11.73:6655/frt44 | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttps://dolmain.com/5w8h.js | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttps://dolmain.com/js.php | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttps://auldlxm.courses/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://keyworksrl.it/wp-content/plugins/wp-required-integumentary/index.php?r=bd1odhrwczovl2nsb3vkmjaymc1wb29sltewotgtdm9sdw1llnmzlnvzlwvhc3qtms5hbwf6b25hd3muy29tlzzldgvyvgxrvczlbt1pbmzvqghvbgxlci1wbgfudw5nlmrl | Latrodectus payload delivery URL (confidence level: 95%) | |
urlhttps://flowascatch.com/xss/buf.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://flowascatch.com/xss/index.php | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://hy.fabiankorte.net/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://hy.fundsreclaimllc.com/ | Vidar botnet C2 (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainimf1.com | KongTuke payload delivery domain (confidence level: 100%) | |
domainsecure.kasindramaharaj.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainsmilesmash.com | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainft.imugandas.com | Mirai botnet C2 domain (confidence level: 80%) | |
domainn1k.7nf214.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainab.lunarlicht.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaint1w.cometwald.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm7x.lunarlicht.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain3qd.7nf214.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainq2k.lunarlicht.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainx0p.willowberg.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainx1.lunarlicht.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb7m2.7nf214.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainh9m.lunarlicht.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrz.forgehafen.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaint8.8-f-e8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaint3k.forgehafen.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb7k2.willowberg.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv2.forgehafen.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc4n.forgehafen.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainx4d.8-f-e8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaind5.willowberg.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainyxm.forgehafen.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkp.ripplerover.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain9am.8-f-e8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainn8.ripplerover.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzt3.ripplerover.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpr6q.8-f-e8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaina2n.ripplerover.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc1v.8-f-e8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainq4.ravenpfad.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainx4.ripplerover.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm0k.8-f-e8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaings.summitmond.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaink2.a-8-xp.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainq7m.summitmond.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainn7x.ravenpfad.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbd2.summitmond.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv9r.a-8-xp.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainz1.summitmond.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaina3.ravenpfad.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintqf.summitmond.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbe.vortexgipfel.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainw2t.ravenpfad.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainw9.vortexgipfel.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainz01.a-8-xp.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc3r.vortexgipfel.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainty3.a-8-xp.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaink3.prismquelle.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainp2.vortexgipfel.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainxk.vortexgipfel.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhpn4.a-8-xp.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainaj.aspenatlas.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm8q.aspenatlas.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaind7q.a-8-xp.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpc4.aspenatlas.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainx2.aspenatlas.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainz8q.prismquelle.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaind6y1.085-x-89-c.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbqk.aspenatlas.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainr5.cedarnova.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaint1n.cedarnova.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm0x.prismquelle.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainn7.cedarnova.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainz9tqn.085-x-89-c.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincm.cedarnova.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb3h7.085-x-89-c.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaina7.prismquelle.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsa3.cedarnova.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsupercoolweb.ddns.net | XWorm botnet C2 domain (confidence level: 100%) | |
domainservidoresethernet.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainso.opaldrift.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainq2w5e.085-x-89-c.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaint2w.coralglanz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainh1p.opaldrift.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv3.opaldrift.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainx0la.085-x-89-c.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainoz.opaldrift.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainp0x.opaldrift.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainh5.coralglanz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domains8rk2.085-x-89-c.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainge.quasarorchid.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainq1.quasarorchid.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain4p1m.kzg-w-4-y.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbz.quasarorchid.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainx4m.quasarorchid.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainy9p.coralglanz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaint6k9.kzg-w-4-y.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainy7.quasarorchid.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc1k.coralglanz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsm.tundrasable.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwwe.kzg-w-4-y.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc8.tundrasable.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain1m.tundrasable.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbb.tweethost.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainbb.fabiankorte.net | Vidar botnet C2 domain (confidence level: 100%) | |
domainbb.ethicaltechinstitute.org.uk | Vidar botnet C2 domain (confidence level: 100%) | |
domaine5.tundrasable.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv4q7p.l3rc-0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc2.kzg-w-4-y.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaing5.tundrasable.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaina9hm.l3rc-0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsj.dr1ftpanda.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain7.kzg-w-4-y.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainp3wz1.l3rc-0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainvo5.dr1ftpanda.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaing4v.solarfracht.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainwmw2.dr1ftpanda.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhbo8.dr1ftpanda.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaint9m2.solarfracht.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainwe.dr1ftpanda.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainy6kb.l3rc-0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainu3zc.dr1ftpanda.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqk7.solarfracht.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain2n.dr1ftpanda.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb1x3.solarfracht.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainswm5.dr1ftpanda.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainyzc.amberr0cket.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainr2l.solarfracht.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainzm4.amberr0cket.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainh0f8.solarfracht.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainu3k.amberr0cket.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaina9x.frosthain.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainy8c.zephyrsteg.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainf8s.amberr0cket.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm7rd.frosthain.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainv4n1.zephyrsteg.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainoa.amberr0cket.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainka.fundsreclaimllc.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainkp6.zephyrsteg.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain2d63.amberr0cket.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm1r3.amberr0cket.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainxse3.frosthain.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainm3t9.zephyrsteg.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain8w.amberr0cket.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain5m.maplexenon.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domains0r.zephyrsteg.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainj4va.frosthain.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainq88.maplexenon.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaind7w2.zephyrsteg.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainxt83.maplexenon.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbot.osintitalia.xyz | Mirai botnet C2 domain (confidence level: 50%) | |
domainteamc2.duckdns.org | Mirai botnet C2 domain (confidence level: 50%) | |
domaindv3.bbanddd.com | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainforrbes.com | KongTuke payload delivery domain (confidence level: 50%) | |
domaintamku.shop | Unknown malware payload delivery domain (confidence level: 50%) | |
domaintamku.shoplerter.opnetorologies.net | Unknown malware payload delivery domain (confidence level: 50%) | |
domainsignificant-adopted-bearing-own.trycloudflare.com | Unknown malware payload delivery domain (confidence level: 50%) | |
domainsanguen.courses | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainsz.maplexenon.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainf5q.ironbucht.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain1hx8.maplexenon.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfortelio.karina2bento-com.xyz | XWorm botnet C2 domain (confidence level: 100%) | |
domainsislaps.ydns.eu | XWorm botnet C2 domain (confidence level: 100%) | |
domainkmg.maplexenon.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainedentista.com | KongTuke payload delivery domain (confidence level: 100%) | |
domainx9l2.ironbucht.online | ClearFake payload delivery domain (confidence level: 100%) | |
domaing74n.maplexenon.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc1t7.ironbucht.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainbw9.ve1vet0rchid.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincopperwerft.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainw7d.brassufer.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainet.ve1vet0rchid.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain5mx.ve1vet0rchid.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaine3k9.brassufer.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainfrostindigo.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaint1q4.brassufer.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain5a.frost-indigo.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainz5m.brassufer.online | ClearFake payload delivery domain (confidence level: 100%) | |
domaindolmain.com | KongTuke payload delivery domain (confidence level: 100%) | |
domainthunderforst.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainpixe1tu1ip.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainh8s2.brassufer.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainquartzraven.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainflintwiese.online | ClearFake payload delivery domain (confidence level: 100%) | |
domaind7x.ember-grove.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain51cv.ember-grove.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpr.ember-grove.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain5kch.n0vaharbor.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaina6v1.brassufer.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain5d.n0vaharbor.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainix.n0vaharbor.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainp9c.starmarkt.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainflowascatch.com | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainalpha-cinder.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainalphacinder.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainl2f7.starmarkt.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainmeteorsegel.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpixelorbit.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainswiftfluss.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsolarviolet.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain1v0ry51gnai.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpixel-orbit.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainr0b3.starmarkt.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainsiliconmoss.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindriftfels.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainlotioniron.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaink8x1.starmarkt.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainsoniccobalt.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainorbitkrone.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainsilicon-moss.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaing1t4.starmarkt.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainhy.fabiankorte.net | Vidar botnet C2 domain (confidence level: 100%) | |
domainhy.fundsreclaimllc.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainfhp.lilacsilo.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfsrm.lilacsilo.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain14.lilacsilo.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain0b.lilacsilo.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainj0h.lilacsilo.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfb.lilacsilo.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincq.lilacsilo.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjohndoessssss-32696.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainn-ea.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainshopping-administrative.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainbz.lilacsilo.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainh40.amberr-0-ck-et.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain8cj.amberr-0-ck-et.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainovs.amberr-0-ck-et.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domains1ev.amberr-0-ck-et.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainemberkiesel.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintidalschatten.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainechozauber.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainvectorblitz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingladeeiche.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzenithspitze.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfiligrane-dossier.com | Hook botnet C2 domain (confidence level: 100%) | |
domainpoisson6026.dedyn.io | Havoc botnet C2 domain (confidence level: 100%) | |
domainambergeist.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainindigowelle.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincindertau.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmintnord.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmightyflora.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindawnmirror.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain1unarpetal.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainshadowgrove.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmighty-flora.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindawn-mirror.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainserena-point.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsunnyharbor.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm0onsh1nebay.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincrystal-berry.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainshadow-grove.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainic0nicr1ver.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainserenapoint.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbrightsilk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainab7.sunny-harbor.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm9x.sunny-harbor.ru | ClearFake payload delivery domain (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file18.230.118.147 | XMRIG botnet C2 server (confidence level: 100%) | |
file82.147.85.212 | Mirai botnet C2 server (confidence level: 80%) | |
file196.251.114.166 | Remcos botnet C2 server (confidence level: 100%) | |
file212.71.246.109 | Sliver botnet C2 server (confidence level: 100%) | |
file160.176.88.16 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file18.217.155.157 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file89.35.130.116 | Bashlite botnet C2 server (confidence level: 100%) | |
file51.155.228.1 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file91.92.243.7 | Remcos botnet C2 server (confidence level: 100%) | |
file1.95.207.237 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.55.101.211 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file42.192.49.146 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file114.67.65.240 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file192.3.136.221 | Remcos botnet C2 server (confidence level: 100%) | |
file102.117.161.196 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.207.216.71 | Unknown malware botnet C2 server (confidence level: 100%) | |
file125.24.165.154 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file45.61.157.210 | Crimson RAT botnet C2 server (confidence level: 100%) | |
file18.178.163.94 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file13.53.40.179 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file196.251.66.212 | Mirai botnet C2 server (confidence level: 80%) | |
file104.243.242.226 | Remcos botnet C2 server (confidence level: 100%) | |
file124.222.63.49 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file139.196.111.118 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.238.233.21 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.198.162.92 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.238.233.21 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.197.3.53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.79.19.147 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file119.45.25.66 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.53.107.202 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file194.87.10.124 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.163.22.1 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.126.151.252 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.152.223.39 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.92.243.28 | Latrodectus botnet C2 server (confidence level: 100%) | |
file93.113.98.36 | Unknown RAT botnet C2 server (confidence level: 100%) | |
file129.212.190.70 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file129.212.190.70 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file36.255.98.84 | SectopRAT botnet C2 server (confidence level: 100%) | |
file47.250.118.135 | Havoc botnet C2 server (confidence level: 100%) | |
file1.52.157.76 | Venom RAT botnet C2 server (confidence level: 100%) | |
file31.97.134.73 | Unknown malware botnet C2 server (confidence level: 100%) | |
file168.245.201.54 | Meterpreter botnet C2 server (confidence level: 100%) | |
file104.140.154.102 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.102 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.167 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.189 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.202 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.203 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.27 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.54 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.206.234.59 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file142.44.139.130 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file166.117.137.157 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file18.217.220.102 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file188.36.27.2 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file189.235.164.54 | QakBot botnet C2 server (confidence level: 75%) | |
file196.251.83.192 | Sliver botnet C2 server (confidence level: 75%) | |
file40.160.53.57 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file40.160.53.76 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file40.160.61.50 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file40.160.61.8 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file45.150.108.43 | Sliver botnet C2 server (confidence level: 75%) | |
file46.8.78.79 | Havoc botnet C2 server (confidence level: 75%) | |
file52.223.42.221 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file54.39.157.132 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file54.39.16.39 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file62.106.66.143 | Sliver botnet C2 server (confidence level: 75%) | |
file99.83.254.91 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file8.218.173.23 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file198.55.102.84 | Remcos botnet C2 server (confidence level: 75%) | |
file23.88.114.55 | Vidar botnet C2 server (confidence level: 100%) | |
file165.154.224.126 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.137.17.132 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.27.169.36 | DCRat botnet C2 server (confidence level: 100%) | |
file81.17.103.11 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.95.165.36 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.54.98.210 | Unknown malware botnet C2 server (confidence level: 100%) | |
file43.161.231.96 | Unknown malware botnet C2 server (confidence level: 100%) | |
file37.32.26.5 | Unknown malware botnet C2 server (confidence level: 100%) | |
file161.97.140.124 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.48.76.72 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.57.13.237 | Unknown malware botnet C2 server (confidence level: 100%) | |
file156.234.218.59 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file38.60.250.149 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file122.51.31.224 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file122.51.31.224 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file66.23.203.98 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file103.57.250.241 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file186.156.92.198 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file47.77.192.39 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file56.124.121.107 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file15.160.125.231 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file13.38.80.185 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file95.9.236.210 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file109.248.150.195 | Remcos botnet C2 server (confidence level: 50%) | |
file91.205.191.202 | XWorm botnet C2 server (confidence level: 100%) | |
file91.205.191.202 | XWorm botnet C2 server (confidence level: 100%) | |
file136.119.79.219 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file193.143.1.64 | SectopRAT botnet C2 server (confidence level: 100%) | |
file193.143.1.64 | SectopRAT botnet C2 server (confidence level: 100%) | |
file220.158.234.77 | MooBot botnet C2 server (confidence level: 100%) | |
file156.238.233.21 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.220.0.39 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.175.148.72 | Remcos botnet C2 server (confidence level: 100%) | |
file172.201.48.145 | Sliver botnet C2 server (confidence level: 100%) | |
file155.94.150.52 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file176.46.158.9 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file37.59.103.250 | Nimplant botnet C2 server (confidence level: 100%) | |
file168.245.201.110 | Meterpreter botnet C2 server (confidence level: 100%) | |
file178.16.54.225 | STRRAT botnet C2 server (confidence level: 100%) | |
file113.5.183.211 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file117.21.178.210 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file122.228.223.241 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file171.43.169.212 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file159.69.179.240 | Vidar botnet C2 server (confidence level: 100%) | |
file196.251.116.2 | Remcos botnet C2 server (confidence level: 100%) | |
file192.151.255.213 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file104.140.154.105 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.132 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.148 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.18 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.181 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.187 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.188 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.21 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.235 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.238 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.26 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.29 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.39 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.47 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.52 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.62 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.86 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.92 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.206.234.107 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.206.234.126 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.206.234.161 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.206.234.177 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.206.234.185 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.206.234.225 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.206.234.227 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.206.234.230 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.206.234.43 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.206.234.47 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.206.234.64 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.206.234.8 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.206.234.91 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file137.175.65.213 | Sliver botnet C2 server (confidence level: 75%) | |
file139.180.221.232 | Havoc botnet C2 server (confidence level: 75%) | |
file158.69.225.86 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file159.0.46.33 | QakBot botnet C2 server (confidence level: 75%) | |
file40.160.55.206 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file40.160.55.217 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file77.110.114.27 | Remcos botnet C2 server (confidence level: 75%) | |
file124.198.132.80 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file194.113.72.222 | Sliver botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash443 | XMRIG botnet C2 server (confidence level: 100%) | |
hash9506 | Mirai botnet C2 server (confidence level: 80%) | |
hash12352 | Remcos botnet C2 server (confidence level: 100%) | |
hash8080 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash80 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash1155 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash911 | Crimson RAT botnet C2 server (confidence level: 100%) | |
hash443 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash1337 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash3778 | Mirai botnet C2 server (confidence level: 80%) | |
hash57484 | Remcos botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8090 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8089 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 100%) | |
hash443 | Unknown RAT botnet C2 server (confidence level: 100%) | |
hash6000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash6001 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8082 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash30244 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30254 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30132 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30181 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30091 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30191 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30079 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30042 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30034 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash80 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 75%) | |
hash8000 | Havoc botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash1818 | Remcos botnet C2 server (confidence level: 75%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash45231 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9898 | DCRat botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4848 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8081 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash4443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8010 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash135 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash81 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash12538 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash11112 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash50100 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash444 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash7745 | Remcos botnet C2 server (confidence level: 50%) | |
hash6767 | XWorm botnet C2 server (confidence level: 100%) | |
hash6262 | XWorm botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash15647 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash11211 | MooBot botnet C2 server (confidence level: 100%) | |
hash8089 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Nimplant botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash59007 | STRRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash5077 | Remcos botnet C2 server (confidence level: 100%) | |
hash1688 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash30022 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30228 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30004 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30164 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30071 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30004 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30066 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30114 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30142 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30034 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30031 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30132 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30005 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30177 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30132 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30024 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30079 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30115 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30012 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30244 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30244 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30037 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30179 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30035 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30034 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30202 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30202 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30106 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30055 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30244 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30150 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 75%) | |
hash1234 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4443 | Sliver botnet C2 server (confidence level: 100%) |
Threat ID: 690d3944c99da72cbe1ff26a
Added to database: 11/7/2025, 12:11:48 AM
Last enriched: 11/7/2025, 12:12:02 AM
Last updated: 11/7/2025, 7:26:01 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
Gootloader Returns: What Goodies Did They Bring?
MediumMalwareThu Nov 06 2025
Cavalry Werewolf Hackers Hit Russian Government Organization with New ShellNET Backdoor
MediumMalwareThu Nov 06 2025
Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection
MediumMalwareThu Nov 06 2025
Binary Breadcrumbs: Correlating Malware Samples with Honeypot Logs Using PowerShell [Guest Diary], (Wed, Nov 5th)
MediumMalwareThu Nov 06 2025
ThreatFox IOCs for 2025-11-05
MediumMalwareThu Nov 06 2025
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.