Reconnecting to live updates…
ThreatFox IOCs for 2025-11-20
Severity: mediumType: malware
ThreatFox IOCs for 2025-11-20
AI Analysis
Technical Summary
This entry from the ThreatFox MISP feed dated 2025-11-20 provides a collection of Indicators of Compromise (IOCs) related to malware activities primarily categorized under OSINT, network activity, and payload delivery. The absence of specific affected product versions or detailed technical indicators suggests this is a general intelligence update rather than a report of a new exploit or vulnerability. The threat level is medium, with no known active exploits or patches available, indicating that while the threat is recognized, it is not currently causing widespread damage or exploitation. The technical details include a low threat level (2 out of an unspecified scale), minimal analysis (1), and moderate distribution (3), implying limited but notable dissemination of the threat or related indicators. The lack of Common Weakness Enumerations (CWEs) and absence of patch information further supports that this is an intelligence sharing event rather than a direct vulnerability disclosure. The focus on OSINT and network activity suggests the threat involves monitoring or intercepting network traffic and potentially delivering malicious payloads through network vectors. The TLP (Traffic Light Protocol) white tag indicates the information is intended for public sharing without restrictions. Overall, this threat intelligence update serves as a situational awareness tool for security teams to enhance detection capabilities and prepare defenses against potential malware payload delivery campaigns.
Potential Impact
For European organizations, the impact of this threat is currently moderate due to the lack of active exploitation and specific targeting information. However, the presence of network activity and payload delivery indicators means that organizations with exposed network services or insufficient network monitoring could be at risk of malware infections or data interception. Critical infrastructure, financial institutions, and large enterprises that rely heavily on networked systems and threat intelligence sharing platforms may experience increased exposure if these IOCs correlate with emerging attack campaigns. The absence of patches or direct exploits limits immediate damage but also means that detection and response capabilities are crucial to mitigate potential infections. The threat could lead to confidentiality breaches if payloads are designed for data exfiltration or integrity issues if destructive malware is delivered. Availability impacts are less likely unless the payloads include ransomware or denial-of-service components, which are not explicitly indicated here. Overall, the threat underscores the importance of proactive network monitoring and threat intelligence integration to reduce exposure and respond swiftly to emerging malware activities.
Mitigation Recommendations
European organizations should integrate the ThreatFox IOCs into their existing security information and event management (SIEM) systems and intrusion detection/prevention systems (IDS/IPS) to enhance detection of related network activity and payload delivery attempts. Network segmentation and strict access controls should be enforced to limit lateral movement in case of infection. Regularly updating and tuning network monitoring tools to detect anomalous traffic patterns associated with these IOCs will improve early warning capabilities. Organizations should also participate in threat intelligence sharing communities to receive timely updates and contextual information. Conducting threat hunting exercises focused on the indicators and related network behaviors can help identify potential compromises early. Since no patches are available, emphasis should be placed on endpoint protection, network traffic analysis, and user awareness training to recognize phishing or social engineering attempts that may deliver payloads. Incident response plans should be reviewed and tested to ensure readiness for malware containment and eradication. Finally, organizations should maintain up-to-date backups and verify their integrity to mitigate potential data loss from malware payloads.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- file: 193.25.217.13
- hash: 39691
- file: 95.63.135.121
- hash: 8181
- file: 45.88.186.191
- hash: 4444
- file: 143.110.187.124
- hash: 8082
- file: 47.84.30.113
- hash: 8081
- domain: t4au.deane4y5not.ru
- domain: we1iss.test6yvarn1sh.ru
- domain: be2rg.test6yvarn1sh.ru
- domain: fl3uss.test6yvarn1sh.ru
- domain: li2cht.aphrh1tc4h.ru
- domain: qu1arz.aphrh1tc4h.ru
- domain: e1is.aphrh1tc4h.ru
- domain: st3eg.aphrh1tc4h.ru
- domain: ethupdate.top
- domain: ha1in.rec1aimswal1.ru
- hash: a661be6f1fa66f07a4d2a62d43585303b5adc3130761c2585bbd8c31f878fcd2
- hash: c4a21f0dd51b921239c63dc447cf5c776df68aabde83a78908353d6b7ca05982
- hash: 43e141ee2c3a4981c0afc6c23899073b65d594f5c5216c7ca078a39299f1f8d8
- domain: mo2or.rec1aimswal1.ru
- domain: we4g.rec1aimswal1.ru
- domain: xrprelay.top
- domain: u6fer.rec1aimswal1.ru
- domain: pf7ad.rec1aimswal1.ru
- domain: br1ise.pr0p0sedtact.ru
- hash: fd235bd0c5167cc384ddd9b5b1026da41cfe020a
- hash: 8bb5d2b02382bada9e89319fc4052144ba9e3dfc07bec8748e62eddc821ff993
- hash: a19ed03fd2cc1453e373bbc88debcb5a
- hash: f6ead5715c132435ea5ff5690612b475419b985b
- hash: 00597e762d01342c2760be2b5d76b870a127f10cfc8184b8c0fb82d3619ff365
- hash: 21acc271e9be7ebbbeb36a28a86c2d89
- hash: 467e3379acee968daa39e97fd58188df4a055c4d
- hash: 1bb317965246a34594936d0b0aa670bd5843256237a4af39f269dcdae29728ec
- hash: 73a61ce072f48e65702d881769757816
- hash: 5a512563686eed6d2bcffdfee15ca44562184b85
- hash: eba40ba1697dda977da954e111df0bec1e3a80d0d207cb5c165f7415e7b83903
- hash: 51bf7edff7bc07be8ce3a0da6d6f6b8b
- hash: f41a9865673cfab28cec161b5d915aaaee146318
- hash: 0c9763b282a94e6f1bf191d2673f78aaa04a90020d8510991076e95073d13851
- hash: e51ff443f68fbfe539512068c4a6dbea
- hash: 437b55263cdc78ea61b694b00842b571ec5a6dca
- hash: a22fbf8df4e4bc60d3e712cefe4827639f213a93b1a995218d3950f5edbe5078
- hash: a52abf4c7a054065da881449a446c2d8
- hash: 38cdc4e2fdec25b2a1a9ac3e642f02c4afed8da7
- hash: c91928e671ab28c485e5526af0a1ab51e75ca82b368d81c7445f7ce59a3aa74b
- hash: 5c95feb7f16778b2e08fe8b0f2051f29
- hash: 36c1ba73d620fa3908e812c9313a37e05d473895
- hash: dd965b80b962f0e1c8e95eac6060ce5aca5951c0e5b1f6b38afe4ee27884d9a1
- hash: c55bd85a5a28fe5e5a5fa6c15aa4628e
- hash: 00de48abd0a4cd4c5d944b4bf72cf16d45ebe66d
- hash: a849d1769b7f67ac1d0872e5b2f6f2fc58554ce634f916e15462ba5a6a2f1b29
- hash: 954257841e40007a6d51754693436eed
- hash: 2a739c80097b76cac39525857ae6737e6528d51e
- hash: c6e409d2fd9974e6318a9bd9b708cb0fdb0647fc4f657a44e1f888824da501c7
- hash: 9cc0e0adda00b2fc6deebb4e98e56127
- hash: 7976886dd9ed0440552ffbb1222cd304c54406c5
- hash: 7290221af95be2e0c07edc2ea80dc710cc5fa586a70c82326a68ccd302528492
- hash: 7ca85982b9e7fa32317c1f8aef1ce09f
- hash: f8e406cf073eb3bc11645e3f3d4a94dd209119c7
- hash: 4ace76561057cc02fee5fd71f70a834492f76e850699008f1ac2473a2847e837
- hash: 0750224e9170850f8008afb86cc4cbee
- hash: 7a64bb89702dcf61f222e49f6f91398e30460cdb
- hash: 9f9ba57f3c2425d94a2a2d40886d8582ec75b774814d6eeb9f0069f969c5eb25
- hash: 6228a3a94313044bbfe37c2c8519c92f
- hash: faf9b6ee68bf9669e166446d155d41fb6121a81a
- hash: 066fc3d1a62cbaa0b58102831599347a54944f650a3d7a9ae7960018f8aff0b7
- hash: 8d5079d3d9a7ebd46f4f7a9d537084a5
- hash: 271d14b2d5179739f9b17848e3a3252e554e1b92
- hash: 01b1a6fc2cf90430910dd9c5fb9a47666bea0fd2dec074592e45dfd042e62d86
- hash: 1baadacc390727b93090e29290ec3c28
- hash: 08b211eb46202341490991ca6743a7799bbdb668
- hash: ea4d0f1152384a151faadbb9cc8f5d0b0fbdb539f8fd0535bf2e238d3f132b39
- hash: 67e601580f4a95d475ccbb074a4be865
- hash: cd5ef2c4dd99f86dafc499cd0c017d77eea13910
- hash: a1991028c0d30df00531c287319317bef00aff902a2d20e677df0473072f02b7
- hash: 87ff1f2064b32ba5f32de84a785ba553
- hash: c6d538d3b950b3d1bbcbb8e34e76c955bdee130c
- hash: 6fb40a7c2293fa13338c5463ca1daffb588bf523cc60ad0e4b206d03438012c2
- hash: 29a4e4dce1fc450d8ac210f4a7ba52a2
- hash: d95c370f80c747c22dc400798768ef4ad38c5bd1
- hash: 989ce4dc079fae979ae465d42dabe4b8f7deec069e9ed195785bd8e00aa8ba60
- hash: 2ee3791580ba93e69cb0d53be22dac21
- hash: 895174c685f9aec1b9d34da264d5b42cb227d945
- hash: 3e80180b33b518fef3b04fcdf5fd87cb1b553f50a6649ff380403a0410fb7d09
- hash: d0cc03d0f3e93fa7a00ca2938666b1d6
- hash: 83b3f75b6c06a15f0bc37329901ef2453279d830
- hash: f5f204abd013df53417dc0c0a9e3ca0b4fabaf855d09278ae77a5312921cb8d1
- hash: 70f977371b031b70f713add12b95068c
- hash: 77979c25243f4306f9dbe8dc8353853015c28913
- hash: f26b71bb441c255e53013d93e60d0ee0ecd98c32a4a3c6c94ed21efbfc51cf1d
- hash: 6769ea1a7bddf69c50db9191e2ba4fa6
- hash: 1207a13c881450c7d24cc91103069d101f7a64df
- hash: b51ceacaf3ee0b0d287df4e4e8eae92606a3a36670d50a36f3b7827df46a8a83
- hash: a417dc53df37746f0e20886e235c764a
- hash: 50dc262bb1fff598c6e5a315ac62699b6feeb6a8
- hash: 3ba4c215dd4560b63680ee1c1ccf4c8966283def8d59d10361a510eca266bd62
- hash: 68ba2c20f21d36e36d3393cede056af7
- hash: 9cf060e2a160d46a597a915e063e57d02b79c9bb
- hash: 94cad32fb1af01f798a74fa25acccc890ea303f4d3a720296146dd9161da7374
- hash: 37496579e98a1e12a51d73ec2c3038af
- hash: 33f8be954dd8117f1a7eebaa2bd02492472fb4ec
- hash: e68cbefe7e20a42d764b2e6c4fb1a343d6dae85c9caac0e5788830b2afd1909d
- hash: 5e3a14c15c3f19441573607dc804dea9
- hash: 0dbd2497ae33a795679945874797f0cd59df924c
- hash: 8ac170196ffb99ebfb700476269c8303c36fe3e81f55608403ae6bd4538d89d6
- hash: 2d6d6b7487256f64188084ff91201932
- hash: 3db4b2cac6205a265dc8ca82a63c39474f5f9301
- hash: 2b0ad428d233a5a100dfa9464088ab08b090cbbee4a99ffeb27fde2ae80d2657
- hash: 308a0d04da7a149c1ffa45c295decdb7
- hash: abeffd596f638b6940a3697a779253e4e3d57c32
- hash: 14775a6d6bd2aa2418c024a7726f8e3e1b308703b1425b6cd8e2df18e13ec89c
- hash: a17fc47dbce322bce030b1da31525187
- hash: 799cfd926a1d1863fcc00113852b9c8436f13164
- hash: fd3db327aa1db045d650c8b48ef3717e78f520dc6fedfec67d8808f963d6f35f
- hash: 090c01efedada175ff42474313e941dc
- hash: 91665c3afd2d18832b63fe1c905fd3fbb84bdcca
- hash: 47633b39ac044e50fd5667ae26c676dfbd215aff8ee28e066a9ed8dc67ae1e56
- hash: 0e03b2a62f6af760d31b4a7341d3bea3
- hash: 1887ba256da9261835e011c5696cdf46b1eff294
- hash: d247b3923c621bdbef663c33ff3cf57072da3e207562ef4823d71aa99d976b6c
- hash: 6004689475f489f66a6f75fdd64c8b33
- hash: b96abd70ced095f9ca06432c60512a22560f1dd8
- hash: 2924adfa3404f67021c941a6a04bd293779010d5ac55ac60660d8ce5bdf888fd
- hash: 5f076e8739fa7ec1f1a02b2c142fdda1
- hash: 5efc11f1836c4c412d1acbc40bdee2149ac3e3ce
- hash: d5e3356ace034ad3b30bcaf4a1986ffe4297907b11bbbed3bab893aa0dde9cca
- hash: 64c4f2ca807eacbdc60b0ccc446e79bd
- hash: 4610ce2aa50371b501740fc2be848664f1845bf5
- hash: 04e1f69458d2d6d073a4b61f97ba8a4d1219f8d57d4d682b48b9473bfc5dd1d4
- hash: 8ebc28adb4b33390b2afbb0587ff7375
- hash: 320b1b27445e5f58e113e43a85ce3df78339438a
- hash: 6a68953c6581b725787472d713690790fb7374f26e4d62888f32169a1813e240
- hash: 00292eb09813b07f669b277c656cd550
- hash: 6b9bd5803b97feef7a4815be4db4b8c8e8c385a8
- hash: 47d7c773c88f5119c41b22fcb4318860bdd1c331fb0d5b1fae5a2023fa02cd3f
- hash: e00a71c5775dfe53818aeeb733c6f6ed
- hash: 6b041d49817a84110f0760d7d806aa2fffbea031
- hash: 54f6e742463d075bc1afa87ce302827ef813da9a3e4db303ab7c0beb72753ca5
- hash: 26f4e4458656cec56cc170f767c03b21
- hash: ec977491845343f46808ac488c5bb2447eaabe63
- hash: 7132556008221a4eff0c8a586e48bcceb41b50e941e737fb90a0993823e26668
- hash: a1d040eef2db7821562d3c15c0f1b34e
- hash: 02e9d3c3f2c31538eae874eed1bd8b49cd35fb43
- hash: f9a6fa310bd121a3c0764b15c0fd14c10eaef637a440d92c8078490e24d45cac
- hash: 0d484816fd43280c0c72d56453fcedb5
- hash: 5f77d60965b99ef7449c22103ef5f2a1cf6983f0
- hash: 06b49b2d522767addec65abdcbd925a3a1ef91c2411fcc7bb7ede9003b695935
- hash: 2e2e84453ea52e3a9139bc3144ff1d5c
- hash: bd7e70347c27f4ec6df0bb970f732e786823cebc
- hash: 4426926529e5a8542f58cf5593881c4bd3fdc2f89200832a74db095fabf6d91f
- hash: dea547a25f835ca99dee29f7956af4c5
- hash: b5638753d9a660546ad186ffb09274a120eace78
- hash: ff8ecf3ecfe38ebea5b18a0f16a1d89717d1e3eaef62f6cc9c7892de6c72a778
- hash: 8ef6eb9482bb06e353f23ab1b4be9eac
- hash: ebb6e9a7b0f74520bcbf4e2ea5afc788aa57d8aa
- hash: fa1419f1889b4a2f1d65cda0595ceef6a720af1edbdcdbce09f660b453e7b3d9
- hash: 82296a95f204903b8541c6d8352696e0
- hash: 67fc485a593d1cd182f57c89bf03c5bdb80191ae
- hash: 6f52e6c46213bbef26c41be5f5a50c05584b53c4865d65201fac82908ee906ec
- hash: edc8dd932a5ffe7673cae05db52fc525
- hash: 3cb2272a8bd4d10a8931e022acce57d59a32820a
- hash: 084fd47a500e122be1ab53c87d6b679bbb34bd1de0d2df5ad8fc7fc75f006f26
- hash: 9ebd8b5fa7aa04b7dbab2d04667f4690
- hash: 094d742124ade733c46c2e8ea91db22b7876cb2c
- hash: 09628e44730e751aa5f91a92541d5510ccdb96604f266ead6e3320402d8bf1e0
- hash: 25033205620f478e49ee1aaafeb1ca2f
- hash: dca730305aff7b7799e4da672381ac81d73c9b52
- hash: 99978bb92355f3b3436b8e28f416d787bafd523deae3f03c97e0d9ed292e0305
- hash: 0dd590078af5393c5da370c3935d9612
- hash: 1e6d33eb900bcaf7da113cbcdc3715e3a819d155
- hash: c1af190c3f1d7e19a0854b24ed71247dbeecba1e1e621dc74d19f51d1d746d52
- hash: fd85c61b8b79ba1c80080a929a148caf
- hash: 689ad1e5b634c7e614755a7f7efd874d4d87ee6d
- hash: a9bf95048847b326d432a31548079e948c6872a1c8706d8d1630eb3d77bd4383
- hash: 93657f0206d7c49ff3aaf4115c2fd878
- hash: f41bc1e8e2de3e6d44afe90925f3db6282ad140d
- hash: 1f3bdb38686a66cf238a07a79181c908179f654e886ee1b4531bfa8c18f52f6b
- hash: fb57e23fec741e6bdbbf8f7c6a78689f
- hash: 5e0cd038f6db10329b65af40790a491fc1d2ed7b
- hash: bbbc2a56ba69aefa567dbffe1982e21c7317e305741f7027cd0975c4bf79f8df
- hash: 06d5fdfabf8ef1f61c1182318652509b
- hash: 3606ae6f5fe5d1dbe6e43c30ed64144d4c26f2cb
- hash: b348f6b13bfb6333e2b136017c883b5e738a95a7ed91c84855818d5e42a4f209
- hash: 7877b98eaaa294efedcb04d0f7f5d35d
- hash: 8d6355b0b34a33a9e20c6036fdaab6d830c94f5a
- hash: a009d752494145c288387e586779a884b3f9729d6c0edab567ad5af122f7d478
- hash: a95b450adede39859c069b32281d1b6c
- hash: 90f90e81678f32805ce757aaf68e14e980135fab
- hash: 3b83666797ab5e6ce9a2e58ea84b259a2d4c7cb08db82674c52c82e62314ff04
- hash: 0baf5e82711b7b02d084bbd80e07e594
- hash: 41dfe4051642019024b4df1d9a9ae7231a1a586e
- hash: d5438215003956acd984ea603931d620cb5370bc041ac7c4f2cadcf05ed44e44
- hash: 9ba7c9e860481ba43b16382d1395b996
- hash: f7a5c5c01b89b2ad968c7cd94bd1914349974cf3
- hash: 05362c10b1c042aaff781667afcddc73f551eaccc5880a89baf2fc16421a6132
- hash: bfa3f6ce9401c6aca9d8d2aa7ebfbb2a
- hash: c5058a9a9ea61c991ea12807dc63b27b22d4cf4d
- hash: 02e7f215178539b6e5ef8cff58c0f689fcf2a39fd1b2171f134d96c3828c2450
- hash: 91c9691d4312e20b5bfc5a14f96e0dc8
- hash: ff166189028e635404227f1be326436fcc4a8a5f
- hash: deeae0070809a7e636f8c88dadfb9661e0260e0aaa03efd1d1a36ee4775e0ed3
- hash: c651803dd68acdc81a6fb18bc6c97eac
- hash: 9cdfa034dae02f3b82a0138bc5fcdf46474e562c
- hash: f231f3ace931fcc753eb4dddc25b63541df30f33cf3cb840dab6629a4a0ad2a6
- hash: 40e5eec2a926f39e67e6fa4b3d5915a8
- hash: 1b647e88343fe9d022bf130d41dc2bdd5d8c53e7
- hash: 3b75c424fd848c6139be88eab7d2cee4b9da7b8d9a6be4bfe5dc91881e93ad59
- hash: 9ddcf14df404839f6d5f1b33b8364b32
- hash: ee18c0fa07b2b231ec6fc8c47a0f77ec6d4cd850
- hash: 861e174b88d28b3e015527674a6a6397aa99b05c1a1b5bff045f9c6fc68ba47c
- hash: 610a19b9c192b0a9edcba0edd4382893
- hash: 8c862311f36513ab71326d11cd938b55e4a56e3e
- hash: 96080883257bdfe75fbf33f3a5652a92e9c0c9d8834047b83abece02cecd22ba
- hash: 600e07b0281ed20fbeea9dbdeec96789
- hash: 6264b7366a7cc044192becb418cdca1db0429fdf
- hash: 44712bce3f57afef3731390e3d6704cddc692a3130ccf94727fbfe23beca1f53
- hash: cde5aff821ba0fdec4032b58bf582492
- hash: fa01f9a4d74e1d4dfa4764ee09225ebaa8dafa3c
- hash: 98befdf040b021045e164086dcb58d1139d366c3176365a8d36d4d1fb52e42fc
- hash: 31a9bb07cffc8df3422a36ae29753a56
- hash: 1c9da11cf6b59d99f343285f7000076d3d5284eb
- hash: 08c9e700f5f0b357868ab209e4533bb67d0539b20e639357b6e9854ed8d56415
- hash: b7fc784520334a653fb0f2174f8c0275
- hash: 69bd2b89e96e60d73bb2d4982e3b9aa029eb9283
- hash: 12f83cdf49c6bc9bfc21abc5bfc28d2c391747256e83c525f19431d07da544f2
- hash: 0a86e62dbd78bdc7db5cbf92f9793a88
- hash: 330998a64b78a3bc9c970a37363364701de5f2c8
- hash: 38169b3e010b40184746ade1946dcb355c6d4f57bc1149a63fa21df3b8b308a6
- hash: 0a2eed56079b90d3abc653b846e0b20e
- hash: ca40bfff221ae30637357406840ba25ed76c6f58
- hash: 0222a80c806a1f5746c17090f1379779245dd7d86b70b1c5dc5d0e75a13e5a3f
- hash: d7bd878aca9c320485f290547b6377f6
- hash: 6d51d602553f0244588bded13c59b3a05d707b7d
- hash: 4e830eaa9a4e343d1e2d437ff678fc7e884bee9139807389db70e3cea3cc9770
- hash: 51aca412ef605a3e3d9f28ce40c16951
- domain: gle2is.pr0p0sedtact.ru
- domain: do4rn.pr0p0sedtact.ru
- domain: ne1bel.nar7owsized.ru
- domain: fa3lke.nar7owsized.ru
- domain: wo2lke.nar7owsized.ru
- file: 155.102.175.138
- hash: 443
- file: 155.102.181.184
- hash: 443
- file: 156.234.101.164
- hash: 6781
- file: 163.181.228.146
- hash: 443
- file: 43.159.99.39
- hash: 80
- domain: eich3e.nar7owsized.ru
- file: 119.187.97.13
- hash: 43554
- domain: st0urm.se1fish5tupid.ru
- domain: wei5ss.se1fish5tupid.ru
- domain: haf3en.se1fish5tupid.ru
- domain: gl4ut.se1fish5tupid.ru
- domain: w0ald.se1fish5tupid.ru
- domain: wolke.thistleforge.ru
- file: 23.248.214.5
- hash: 6781
- file: 43.143.97.172
- hash: 443
- file: 39.107.156.191
- hash: 443
- file: 172.86.123.161
- hash: 8443
- file: 223.6.253.69
- hash: 8443
- file: 124.198.132.240
- hash: 6666
- file: 102.117.173.32
- hash: 7443
- file: 2.241.143.144
- hash: 7443
- file: 177.215.119.5
- hash: 8081
- file: 69.67.172.29
- hash: 8090
- file: 139.144.54.46
- hash: 80
- domain: bach3.thistleforge.ru
- domain: klee.thistleforge.ru
- domain: rauch.thistleforge.ru
- domain: glade.moonfenster.ru
- domain: tau.moonfenster.ru
- domain: ufer1.moonfenster.ru
- domain: geist.moonfenster.ru
- domain: moor.moonfenster.ru
- domain: fels.brackenloft.ru
- domain: licht.brackenloft.ru
- domain: wind5.brackenloft.ru
- domain: hain.brackenloft.ru
- domain: igw.myfirewall.org
- file: 162.244.210.152
- hash: 33237
- file: 154.91.81.239
- hash: 33675
- file: 154.91.81.239
- hash: 33676
- domain: weiss.granitehaven.ru
- file: 31.56.39.76
- hash: 3778
- url: http://qreenmaple.com/baba/baba1/fre.php
- domain: strom2.granitehaven.ru
- domain: rune.lindenarc.ru
- domain: bach.lindenarc.ru
- domain: tal.lindenarc.ru
- domain: wolke9.lindenarc.ru
- url: https://telegram.me/dead1cf
- domain: birch.cobaltmeadow.ru
- domain: static.myonlinegigs.com
- domain: sturm.cobaltmeadow.ru
- domain: pfad.cobaltmeadow.ru
- domain: korn7.cobaltmeadow.ru
- domain: taiga.cobaltmeadow.ru
- domain: www.batescraigprojects.site
- domain: www.batescraigprojects.store
- file: 180.184.90.179
- hash: 80
- domain: fjord.alderquartz.ru
- file: 23.235.172.24
- hash: 6675
- file: 62.72.7.155
- hash: 2443
- file: 111.92.243.97
- hash: 80
- file: 111.92.243.97
- hash: 443
- file: 124.221.210.150
- hash: 80
- file: 203.91.76.79
- hash: 8080
- file: 189.150.99.77
- hash: 2302
- file: 104.168.34.187
- hash: 25565
- file: 160.25.72.92
- hash: 2404
- file: 50.114.113.161
- hash: 8888
- file: 2.59.135.53
- hash: 8808
- file: 136.119.79.219
- hash: 6606
- file: 180.93.239.176
- hash: 8089
- file: 103.85.225.112
- hash: 8848
- domain: eiche.alderquartz.ru
- domain: stern1.alderquartz.ru
- domain: hafen.emberbucht.ru
- domain: ufer.emberbucht.ru
- file: 101.70.8.147
- hash: 10250
- file: 103.154.55.82
- hash: 36188
- file: 144.172.106.140
- hash: 8443
- file: 172.86.123.161
- hash: 443
- domain: glut.emberbucht.ru
- domain: rauch2.emberbucht.ru
- domain: falke.wolspfad.ru
- domain: wald.wolspfad.ru
- domain: krone3.wolspfad.ru
- domain: sticka.qpon
- domain: decalcy.qpon
- domain: amififadinokasrwe.com
- domain: weald.loamgarde.ru
- domain: brook.loamgarde.ru
- domain: mead.loamgarde.ru
- url: https://gjt.wallyapp.xyz/
- url: https://fra.wallyapp.xyz/
- url: https://gjt.nigeriaafricatime.com/
- domain: gjt.wallyapp.xyz
- domain: fra.wallyapp.xyz
- domain: gjt.nigeriaafricatime.com
- file: 46.62.240.127
- hash: 443
- domain: ridge4.loamgarde.ru
- domain: brise.loamgarde.ru
- domain: gleis.driftklause.ru
- domain: kamm.driftklause.ru
- domain: grau.driftklause.ru
- domain: dorn6.driftklause.ru
- file: 119.45.25.66
- hash: 8899
- domain: 0o.dup-1-ic-4-ermaph.ru
- file: 95.216.111.154
- hash: 7709
- domain: www.baiyangyan.cn
- file: 124.221.215.174
- hash: 80
- file: 123.249.67.241
- hash: 8080
- file: 47.108.74.176
- hash: 1234
- file: 47.101.2.90
- hash: 8888
- file: 156.252.63.99
- hash: 8888
- file: 167.88.165.176
- hash: 443
- file: 157.20.182.9
- hash: 1931
- file: 35.224.72.90
- hash: 7443
- file: 103.167.84.140
- hash: 8082
- file: 166.48.77.176
- hash: 443
- file: 182.123.72.4
- hash: 8888
- file: 46.173.214.212
- hash: 7777
- file: 20.255.123.170
- hash: 3333
- file: 134.199.214.70
- hash: 3333
- file: 145.239.80.80
- hash: 3333
- file: 149.28.207.173
- hash: 443
- file: 121.4.117.216
- hash: 6666
- file: 46.247.109.35
- hash: 443
- file: 178.130.46.8
- hash: 2083
- file: 82.156.100.106
- hash: 3000
- file: 151.245.85.173
- hash: 9443
- file: 103.214.175.96
- hash: 12389
- domain: dzthj.dup-1-ic-4-ermaph.ru
- domain: orbit8.dup-1-ic-4-ermaph.ru
- domain: auul8.dup-1-ic-4-ermaph.ru
- domain: dc8.aucti0nz7ir.ru
- domain: nova.aucti0nz7ir.ru
- domain: 1qtbb.aucti0nz7ir.ru
- file: 45.138.16.206
- hash: 443
- file: 46.183.222.117
- hash: 7070
- file: 20.244.42.84
- hash: 8009
- domain: oixp.aucti0nz7ir.ru
- file: 181.162.147.180
- hash: 8080
- file: 84.154.181.11
- hash: 81
- file: 47.84.119.136
- hash: 1116
- file: 156.251.19.106
- hash: 446
- file: 31.169.124.212
- hash: 8800
- domain: jet8.liner-9-ick.ru
- domain: sbsq.liner-9-ick.ru
- file: 194.76.227.242
- hash: 9999
- domain: 9st6r.liner-9-ick.ru
- domain: bv51.liner-9-ick.ru
- file: 39.106.6.63
- hash: 8443
- file: 185.196.8.134
- hash: 7705
- domain: nln7n.kos-0-ltyu-4-etey.ru
- domain: shard.kos-0-ltyu-4-etey.ru
- file: 20.2.92.110
- hash: 443
- domain: rift5.kos-0-ltyu-4-etey.ru
- domain: shard6.kos-0-ltyu-4-etey.ru
- domain: b1.kos0ltyu4etey.ru
- domain: khg2e.kos0ltyu4etey.ru
- domain: vk.kos0ltyu4etey.ru
- file: 199.247.10.166
- hash: 80
- file: 45.76.45.151
- hash: 80
- file: 217.69.13.229
- hash: 80
- file: 217.69.3.218
- hash: 80
- domain: pkw.kos0ltyu4etey.ru
- domain: g4k.hre-9-in-7-mamma.ru
- domain: trail6.hre-9-in-7-mamma.ru
- domain: shield.hre-9-in-7-mamma.ru
- domain: qaqkongtiao.com
- url: http://180.93.239.176/
- url: http://91.92.240.190/fbfde0da45a9450b.php
- url: https://14.128.53.148:8888/
- domain: lists.ineer.org
- domain: rogerperrybook.com
- domain: virus.www.moroccancam.com
- domain: mrdc1963.duckdns.org
- domain: v2.www.moroccancam.com
- domain: v3.www.moroccancam.com
- domain: jbdsg65485.bounceme.net
- domain: vcute69.bounceme.net
- file: 185.157.162.17
- hash: 57441
- file: 58.227.173.85
- hash: 80
- domain: fl9.hre-9-in-7-mamma.ru
- url: https://petitesalope.com/5t6t.js
- domain: petitesalope.com
- url: https://petitesalope.com/js.php
- url: http://206.188.196.28:6655/alph
- domain: hsk.dup1ic4ermaph.ru
- file: 47.243.167.234
- hash: 443
- domain: shift.dup1ic4ermaph.ru
- domain: delta4.dup1ic4ermaph.ru
- domain: app.myonlineprofits.com
- domain: vale.dup1ic4ermaph.ru
- domain: blink2.hre9in7mamma.ru
- domain: 2y.hre9in7mamma.ru
- domain: ak1.xingxings3.org
- file: 47.243.167.234
- hash: 442
- domain: blink6.hre9in7mamma.ru
- domain: drift.hre9in7mamma.ru
- file: 20.196.147.118
- hash: 8888
- file: 45.74.36.118
- hash: 8808
- file: 172.232.116.205
- hash: 7443
- file: 217.60.38.40
- hash: 80
- file: 185.196.9.213
- hash: 80
- file: 84.154.181.11
- hash: 82
- file: 4.209.183.220
- hash: 1488
- file: 116.62.120.88
- hash: 6443
- file: 206.189.82.234
- hash: 4444
- file: 34.255.213.142
- hash: 443
- domain: ne.suf-1-nau-8-h.ru
- domain: stack.suf-1-nau-8-h.ru
- domain: loom.suf-1-nau-8-h.ru
- domain: echo.suf1nau8h.ru
- domain: jat.suf1nau8h.ru
- file: 45.32.250.246
- hash: 1443
- domain: 5egzr.suf1nau8h.ru
- domain: yl.suf1nau8h.ru
- url: https://ugg.wallyapp.xyz/
- url: https://ugg.noisolation.org.uk/
- domain: ugg.wallyapp.xyz
- domain: ugg.noisolation.org.uk
- file: 49.12.113.134
- hash: 443
- domain: qhnjc.aucti-0-nz-7-ir.ru
- file: 45.13.227.97
- hash: 666
- domain: gi0x.aucti-0-nz-7-ir.ru
- file: 176.100.37.194
- hash: 282
- domain: ftp.torinod.shop
- domain: guard.aucti-0-nz-7-ir.ru
- domain: 14h.aucti-0-nz-7-ir.ru
- file: 178.16.54.218
- hash: 6000
- file: 45.138.16.224
- hash: 8888
- domain: catheadsquisher-39417.portmap.host
- url: http://185.209.162.226
- domain: browse-spanish.gl.at.ply.gg
- domain: pjrcare.top
- url: http://151.245.195.140
- url: http://45.200.148.114
- url: http://84.201.25.198
- domain: print-westminster.gl.at.ply.gg
- domain: wolke.skyblend.ru
- domain: glade.skyblend.ru
- domain: dune3.skyblend.ru
- domain: birch.skyblend.ru
- file: 104.140.154.165
- hash: 30034
- file: 104.140.154.214
- hash: 30202
- file: 104.140.154.254
- hash: 30014
- file: 104.140.154.83
- hash: 30173
- file: 158.247.242.161
- hash: 443
- domain: tau.st0rmfield.ru
- file: 182.30.20.246
- hash: 443
- file: 3.216.46.62
- hash: 443
- file: 45.131.64.216
- hash: 443
- file: 45.131.64.216
- hash: 8080
- file: 67.217.57.240
- hash: 443
- domain: kamm2.st0rmfield.ru
- domain: weald.st0rmfield.ru
- domain: stern.st0rmfield.ru
- file: 23.94.145.31
- hash: 55509
- domain: moos.st0rmfield.ru
- url: http://91.92.243.129/0gjsy4hf3/index.php
- domain: wolke.mintzone.ru
- domain: ufer.mintzone.ru
- file: 2.56.108.8
- hash: 1604
- file: 134.122.134.55
- hash: 9090
- domain: grat5.mintzone.ru
- file: 103.184.47.49
- hash: 80
- file: 165.154.224.175
- hash: 8080
- file: 45.32.250.246
- hash: 80
- file: 121.89.83.28
- hash: 20001
- file: 122.51.93.94
- hash: 80
- file: 221.15.216.97
- hash: 54002
- file: 139.28.37.171
- hash: 64882
- file: 134.112.137.191
- hash: 9999
- file: 156.252.63.100
- hash: 8888
- file: 118.107.21.101
- hash: 8888
- file: 156.252.63.98
- hash: 8888
- file: 54.91.75.167
- hash: 443
- file: 3.147.84.164
- hash: 443
- file: 168.245.200.64
- hash: 3790
- domain: glanz.st0nebyte.ru
- domain: dorn.st0nebyte.ru
- domain: localhostpin.camdvr.org
- domain: mist.st0nebyte.ru
- file: 91.92.243.129
- hash: 80
- domain: pfad4.st0nebyte.ru
- domain: bach.clouddrop.ru
- domain: tal.clouddrop.ru
- domain: cs.110-110.com
- domain: ns2.welslanguageschool.com
- domain: ns_cs1.110-110.com
- domain: ns_cs2.110-110.com
- file: 154.64.252.160
- hash: 53
- file: 159.65.141.151
- hash: 53
- domain: kraut.clouddrop.ru
- domain: falke.wildr0se.ru
- domain: weide.wildr0se.ru
- domain: licht2.wildr0se.ru
- file: 64.225.11.206
- hash: 1177
- domain: strand.wildr0se.ru
- domain: nebel.wildr0se.ru
- domain: nacht.shadowmint.ru
- domain: glade.shadowmint.ru
- file: 193.26.115.124
- hash: 1122
- domain: korn1.shadowmint.ru
- domain: astovengroikoliuyastat.com
- domain: compomhariolkifdsts.com
- domain: dadanetuilkolaifhrts.com
- domain: gladirustoklioasfar.com
- domain: aviksateroliuwertu.com
- domain: eradiolpsssrepshvebsqw.com
- domain: fikolasdklnbhgss.com
- domain: mikusadiokloka.com
- domain: ufer.l1ghtcloud.ru
- domain: hotfilipopersastriolkas.com
- domain: kamisisterbrofanydodf.com
- domain: lasopisojioliondas.com
- domain: dotarhiamkloie.com
- domain: giasdfklopert.com
- domain: wolke.l1ghtcloud.ru
- domain: portevergrenncallaosilcent.dynuddns.com
- domain: warewuasar3.duckdns.org
- domain: vjlong5555.duckdns.org
- domain: vj9999.duckdns.org
- domain: pureforupdatebunies.dynuddns.net
- domain: gleis3.l1ghtcloud.ru
- domain: stern.l1ghtcloud.ru
- domain: pfad.ciearbug.ru
- domain: moor.ciearbug.ru
- domain: wind4.ciearbug.ru
- domain: eiche.m1ntcioud.ru
- file: 91.219.239.37
- hash: 7705
- domain: dune.m1ntcioud.ru
ThreatFox IOCs for 2025-11-20
0
MediumPublished: Thu Nov 20 2025 (11/20/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-11-20
AI-Powered Analysis
AILast updated: 11/21/2025, 00:12:01 UTC
Technical Analysis
This entry from the ThreatFox MISP feed dated 2025-11-20 provides a collection of Indicators of Compromise (IOCs) related to malware activities primarily categorized under OSINT, network activity, and payload delivery. The absence of specific affected product versions or detailed technical indicators suggests this is a general intelligence update rather than a report of a new exploit or vulnerability. The threat level is medium, with no known active exploits or patches available, indicating that while the threat is recognized, it is not currently causing widespread damage or exploitation. The technical details include a low threat level (2 out of an unspecified scale), minimal analysis (1), and moderate distribution (3), implying limited but notable dissemination of the threat or related indicators. The lack of Common Weakness Enumerations (CWEs) and absence of patch information further supports that this is an intelligence sharing event rather than a direct vulnerability disclosure. The focus on OSINT and network activity suggests the threat involves monitoring or intercepting network traffic and potentially delivering malicious payloads through network vectors. The TLP (Traffic Light Protocol) white tag indicates the information is intended for public sharing without restrictions. Overall, this threat intelligence update serves as a situational awareness tool for security teams to enhance detection capabilities and prepare defenses against potential malware payload delivery campaigns.
Potential Impact
For European organizations, the impact of this threat is currently moderate due to the lack of active exploitation and specific targeting information. However, the presence of network activity and payload delivery indicators means that organizations with exposed network services or insufficient network monitoring could be at risk of malware infections or data interception. Critical infrastructure, financial institutions, and large enterprises that rely heavily on networked systems and threat intelligence sharing platforms may experience increased exposure if these IOCs correlate with emerging attack campaigns. The absence of patches or direct exploits limits immediate damage but also means that detection and response capabilities are crucial to mitigate potential infections. The threat could lead to confidentiality breaches if payloads are designed for data exfiltration or integrity issues if destructive malware is delivered. Availability impacts are less likely unless the payloads include ransomware or denial-of-service components, which are not explicitly indicated here. Overall, the threat underscores the importance of proactive network monitoring and threat intelligence integration to reduce exposure and respond swiftly to emerging malware activities.
Mitigation Recommendations
European organizations should integrate the ThreatFox IOCs into their existing security information and event management (SIEM) systems and intrusion detection/prevention systems (IDS/IPS) to enhance detection of related network activity and payload delivery attempts. Network segmentation and strict access controls should be enforced to limit lateral movement in case of infection. Regularly updating and tuning network monitoring tools to detect anomalous traffic patterns associated with these IOCs will improve early warning capabilities. Organizations should also participate in threat intelligence sharing communities to receive timely updates and contextual information. Conducting threat hunting exercises focused on the indicators and related network behaviors can help identify potential compromises early. Since no patches are available, emphasis should be placed on endpoint protection, network traffic analysis, and user awareness training to recognize phishing or social engineering attempts that may deliver payloads. Incident response plans should be reviewed and tested to ensure readiness for malware containment and eradication. Finally, organizations should maintain up-to-date backups and verify their integrity to mitigate potential data loss from malware payloads.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- d9d455ae-586e-40b8-b92f-52a50783c683
- Original Timestamp
- 1763683385
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file193.25.217.13 | Mirai botnet C2 server (confidence level: 100%) | |
file95.63.135.121 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.88.186.191 | Remcos botnet C2 server (confidence level: 100%) | |
file143.110.187.124 | Hook botnet C2 server (confidence level: 100%) | |
file47.84.30.113 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file155.102.175.138 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file155.102.181.184 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file156.234.101.164 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file163.181.228.146 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file43.159.99.39 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file119.187.97.13 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%) | |
file23.248.214.5 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.143.97.172 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.107.156.191 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.86.123.161 | Sliver botnet C2 server (confidence level: 100%) | |
file223.6.253.69 | Sliver botnet C2 server (confidence level: 100%) | |
file124.198.132.240 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file102.117.173.32 | Unknown malware botnet C2 server (confidence level: 100%) | |
file2.241.143.144 | Unknown malware botnet C2 server (confidence level: 100%) | |
file177.215.119.5 | Havoc botnet C2 server (confidence level: 100%) | |
file69.67.172.29 | DCRat botnet C2 server (confidence level: 100%) | |
file139.144.54.46 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file162.244.210.152 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file154.91.81.239 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file154.91.81.239 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file31.56.39.76 | Mirai botnet C2 server (confidence level: 80%) | |
file180.184.90.179 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.235.172.24 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file62.72.7.155 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.92.243.97 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.92.243.97 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.221.210.150 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file203.91.76.79 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file189.150.99.77 | DarkComet botnet C2 server (confidence level: 100%) | |
file104.168.34.187 | Remcos botnet C2 server (confidence level: 100%) | |
file160.25.72.92 | Remcos botnet C2 server (confidence level: 100%) | |
file50.114.113.161 | Unknown malware botnet C2 server (confidence level: 100%) | |
file2.59.135.53 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file136.119.79.219 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file180.93.239.176 | Hook botnet C2 server (confidence level: 100%) | |
file103.85.225.112 | DCRat botnet C2 server (confidence level: 100%) | |
file101.70.8.147 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file103.154.55.82 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file144.172.106.140 | Sliver botnet C2 server (confidence level: 75%) | |
file172.86.123.161 | Sliver botnet C2 server (confidence level: 75%) | |
file46.62.240.127 | Vidar botnet C2 server (confidence level: 100%) | |
file119.45.25.66 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file95.216.111.154 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
file124.221.215.174 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.249.67.241 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.108.74.176 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.101.2.90 | Unknown malware botnet C2 server (confidence level: 100%) | |
file156.252.63.99 | Unknown malware botnet C2 server (confidence level: 100%) | |
file167.88.165.176 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file157.20.182.9 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file35.224.72.90 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.167.84.140 | Hook botnet C2 server (confidence level: 100%) | |
file166.48.77.176 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file182.123.72.4 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file46.173.214.212 | DCRat botnet C2 server (confidence level: 100%) | |
file20.255.123.170 | Unknown malware botnet C2 server (confidence level: 100%) | |
file134.199.214.70 | Unknown malware botnet C2 server (confidence level: 100%) | |
file145.239.80.80 | Unknown malware botnet C2 server (confidence level: 100%) | |
file149.28.207.173 | Unknown malware botnet C2 server (confidence level: 100%) | |
file121.4.117.216 | Unknown malware botnet C2 server (confidence level: 100%) | |
file46.247.109.35 | Unknown malware botnet C2 server (confidence level: 100%) | |
file178.130.46.8 | Unknown malware botnet C2 server (confidence level: 100%) | |
file82.156.100.106 | Unknown malware botnet C2 server (confidence level: 100%) | |
file151.245.85.173 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.214.175.96 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.138.16.206 | Remcos botnet C2 server (confidence level: 100%) | |
file46.183.222.117 | Remcos botnet C2 server (confidence level: 100%) | |
file20.244.42.84 | Sliver botnet C2 server (confidence level: 100%) | |
file181.162.147.180 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file84.154.181.11 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file47.84.119.136 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file156.251.19.106 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file31.169.124.212 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file194.76.227.242 | NightshadeC2 botnet C2 server (confidence level: 75%) | |
file39.106.6.63 | Meterpreter botnet C2 server (confidence level: 75%) | |
file185.196.8.134 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
file20.2.92.110 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file199.247.10.166 | GlassWorm payload delivery server (confidence level: 100%) | |
file45.76.45.151 | GlassWorm payload delivery server (confidence level: 100%) | |
file217.69.13.229 | GlassWorm payload delivery server (confidence level: 100%) | |
file217.69.3.218 | GlassWorm payload delivery server (confidence level: 100%) | |
file185.157.162.17 | Remcos botnet C2 server (confidence level: 50%) | |
file58.227.173.85 | Remcos botnet C2 server (confidence level: 50%) | |
file47.243.167.234 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file47.243.167.234 | ValleyRAT botnet C2 server (confidence level: 66%) | |
file20.196.147.118 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.74.36.118 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file172.232.116.205 | Unknown malware botnet C2 server (confidence level: 100%) | |
file217.60.38.40 | Hook botnet C2 server (confidence level: 100%) | |
file185.196.9.213 | Havoc botnet C2 server (confidence level: 100%) | |
file84.154.181.11 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file4.209.183.220 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file116.62.120.88 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file206.189.82.234 | Meterpreter botnet C2 server (confidence level: 100%) | |
file34.255.213.142 | BianLian botnet C2 server (confidence level: 100%) | |
file45.32.250.246 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file49.12.113.134 | Vidar botnet C2 server (confidence level: 100%) | |
file45.13.227.97 | Bashlite botnet C2 server (confidence level: 75%) | |
file176.100.37.194 | Bashlite botnet C2 server (confidence level: 75%) | |
file178.16.54.218 | XWorm botnet C2 server (confidence level: 75%) | |
file45.138.16.224 | XWorm botnet C2 server (confidence level: 100%) | |
file104.140.154.165 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.214 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.254 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.83 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file158.247.242.161 | Havoc botnet C2 server (confidence level: 75%) | |
file182.30.20.246 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file3.216.46.62 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file45.131.64.216 | Remcos botnet C2 server (confidence level: 75%) | |
file45.131.64.216 | Remcos botnet C2 server (confidence level: 75%) | |
file67.217.57.240 | Sliver botnet C2 server (confidence level: 75%) | |
file23.94.145.31 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
file2.56.108.8 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file134.122.134.55 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file103.184.47.49 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file165.154.224.175 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.32.250.246 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.89.83.28 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file122.51.93.94 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file221.15.216.97 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file139.28.37.171 | Remcos botnet C2 server (confidence level: 100%) | |
file134.112.137.191 | Sliver botnet C2 server (confidence level: 100%) | |
file156.252.63.100 | Unknown malware botnet C2 server (confidence level: 100%) | |
file118.107.21.101 | Unknown malware botnet C2 server (confidence level: 100%) | |
file156.252.63.98 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.91.75.167 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.147.84.164 | PoshC2 botnet C2 server (confidence level: 100%) | |
file168.245.200.64 | Meterpreter botnet C2 server (confidence level: 100%) | |
file91.92.243.129 | Amadey botnet C2 server (confidence level: 50%) | |
file154.64.252.160 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file159.65.141.151 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file64.225.11.206 | NjRAT botnet C2 server (confidence level: 100%) | |
file193.26.115.124 | Remcos botnet C2 server (confidence level: 100%) | |
file91.219.239.37 | PureLogs Stealer botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash39691 | Mirai botnet C2 server (confidence level: 100%) | |
hash8181 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4444 | Remcos botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hasha661be6f1fa66f07a4d2a62d43585303b5adc3130761c2585bbd8c31f878fcd2 | Unknown Stealer payload (confidence level: 100%) | |
hashc4a21f0dd51b921239c63dc447cf5c776df68aabde83a78908353d6b7ca05982 | Unknown Stealer payload (confidence level: 100%) | |
hash43e141ee2c3a4981c0afc6c23899073b65d594f5c5216c7ca078a39299f1f8d8 | Unknown Stealer payload (confidence level: 100%) | |
hashfd235bd0c5167cc384ddd9b5b1026da41cfe020a | RedLine Stealer payload (confidence level: 95%) | |
hash8bb5d2b02382bada9e89319fc4052144ba9e3dfc07bec8748e62eddc821ff993 | RedLine Stealer payload (confidence level: 95%) | |
hasha19ed03fd2cc1453e373bbc88debcb5a | RedLine Stealer payload (confidence level: 95%) | |
hashf6ead5715c132435ea5ff5690612b475419b985b | MASS Logger payload (confidence level: 95%) | |
hash00597e762d01342c2760be2b5d76b870a127f10cfc8184b8c0fb82d3619ff365 | MASS Logger payload (confidence level: 95%) | |
hash21acc271e9be7ebbbeb36a28a86c2d89 | MASS Logger payload (confidence level: 95%) | |
hash467e3379acee968daa39e97fd58188df4a055c4d | RedLine Stealer payload (confidence level: 95%) | |
hash1bb317965246a34594936d0b0aa670bd5843256237a4af39f269dcdae29728ec | RedLine Stealer payload (confidence level: 95%) | |
hash73a61ce072f48e65702d881769757816 | RedLine Stealer payload (confidence level: 95%) | |
hash5a512563686eed6d2bcffdfee15ca44562184b85 | MASS Logger payload (confidence level: 95%) | |
hasheba40ba1697dda977da954e111df0bec1e3a80d0d207cb5c165f7415e7b83903 | MASS Logger payload (confidence level: 95%) | |
hash51bf7edff7bc07be8ce3a0da6d6f6b8b | MASS Logger payload (confidence level: 95%) | |
hashf41a9865673cfab28cec161b5d915aaaee146318 | StrelaStealer payload (confidence level: 95%) | |
hash0c9763b282a94e6f1bf191d2673f78aaa04a90020d8510991076e95073d13851 | StrelaStealer payload (confidence level: 95%) | |
hashe51ff443f68fbfe539512068c4a6dbea | StrelaStealer payload (confidence level: 95%) | |
hash437b55263cdc78ea61b694b00842b571ec5a6dca | Formbook payload (confidence level: 95%) | |
hasha22fbf8df4e4bc60d3e712cefe4827639f213a93b1a995218d3950f5edbe5078 | Formbook payload (confidence level: 95%) | |
hasha52abf4c7a054065da881449a446c2d8 | Formbook payload (confidence level: 95%) | |
hash38cdc4e2fdec25b2a1a9ac3e642f02c4afed8da7 | GoGoogle payload (confidence level: 95%) | |
hashc91928e671ab28c485e5526af0a1ab51e75ca82b368d81c7445f7ce59a3aa74b | GoGoogle payload (confidence level: 95%) | |
hash5c95feb7f16778b2e08fe8b0f2051f29 | GoGoogle payload (confidence level: 95%) | |
hash36c1ba73d620fa3908e812c9313a37e05d473895 | CoffeeLoader payload (confidence level: 95%) | |
hashdd965b80b962f0e1c8e95eac6060ce5aca5951c0e5b1f6b38afe4ee27884d9a1 | CoffeeLoader payload (confidence level: 95%) | |
hashc55bd85a5a28fe5e5a5fa6c15aa4628e | CoffeeLoader payload (confidence level: 95%) | |
hash00de48abd0a4cd4c5d944b4bf72cf16d45ebe66d | Stealc payload (confidence level: 95%) | |
hasha849d1769b7f67ac1d0872e5b2f6f2fc58554ce634f916e15462ba5a6a2f1b29 | Stealc payload (confidence level: 95%) | |
hash954257841e40007a6d51754693436eed | Stealc payload (confidence level: 95%) | |
hash2a739c80097b76cac39525857ae6737e6528d51e | GoGoogle payload (confidence level: 95%) | |
hashc6e409d2fd9974e6318a9bd9b708cb0fdb0647fc4f657a44e1f888824da501c7 | GoGoogle payload (confidence level: 95%) | |
hash9cc0e0adda00b2fc6deebb4e98e56127 | GoGoogle payload (confidence level: 95%) | |
hash7976886dd9ed0440552ffbb1222cd304c54406c5 | GoGoogle payload (confidence level: 95%) | |
hash7290221af95be2e0c07edc2ea80dc710cc5fa586a70c82326a68ccd302528492 | GoGoogle payload (confidence level: 95%) | |
hash7ca85982b9e7fa32317c1f8aef1ce09f | GoGoogle payload (confidence level: 95%) | |
hashf8e406cf073eb3bc11645e3f3d4a94dd209119c7 | Bolek payload (confidence level: 95%) | |
hash4ace76561057cc02fee5fd71f70a834492f76e850699008f1ac2473a2847e837 | Bolek payload (confidence level: 95%) | |
hash0750224e9170850f8008afb86cc4cbee | Bolek payload (confidence level: 95%) | |
hash7a64bb89702dcf61f222e49f6f91398e30460cdb | NetWire RC payload (confidence level: 95%) | |
hash9f9ba57f3c2425d94a2a2d40886d8582ec75b774814d6eeb9f0069f969c5eb25 | NetWire RC payload (confidence level: 95%) | |
hash6228a3a94313044bbfe37c2c8519c92f | NetWire RC payload (confidence level: 95%) | |
hashfaf9b6ee68bf9669e166446d155d41fb6121a81a | Bolek payload (confidence level: 95%) | |
hash066fc3d1a62cbaa0b58102831599347a54944f650a3d7a9ae7960018f8aff0b7 | Bolek payload (confidence level: 95%) | |
hash8d5079d3d9a7ebd46f4f7a9d537084a5 | Bolek payload (confidence level: 95%) | |
hash271d14b2d5179739f9b17848e3a3252e554e1b92 | Formbook payload (confidence level: 95%) | |
hash01b1a6fc2cf90430910dd9c5fb9a47666bea0fd2dec074592e45dfd042e62d86 | Formbook payload (confidence level: 95%) | |
hash1baadacc390727b93090e29290ec3c28 | Formbook payload (confidence level: 95%) | |
hash08b211eb46202341490991ca6743a7799bbdb668 | XWorm payload (confidence level: 95%) | |
hashea4d0f1152384a151faadbb9cc8f5d0b0fbdb539f8fd0535bf2e238d3f132b39 | XWorm payload (confidence level: 95%) | |
hash67e601580f4a95d475ccbb074a4be865 | XWorm payload (confidence level: 95%) | |
hashcd5ef2c4dd99f86dafc499cd0c017d77eea13910 | Bolek payload (confidence level: 95%) | |
hasha1991028c0d30df00531c287319317bef00aff902a2d20e677df0473072f02b7 | Bolek payload (confidence level: 95%) | |
hash87ff1f2064b32ba5f32de84a785ba553 | Bolek payload (confidence level: 95%) | |
hashc6d538d3b950b3d1bbcbb8e34e76c955bdee130c | Formbook payload (confidence level: 95%) | |
hash6fb40a7c2293fa13338c5463ca1daffb588bf523cc60ad0e4b206d03438012c2 | Formbook payload (confidence level: 95%) | |
hash29a4e4dce1fc450d8ac210f4a7ba52a2 | Formbook payload (confidence level: 95%) | |
hashd95c370f80c747c22dc400798768ef4ad38c5bd1 | Formbook payload (confidence level: 95%) | |
hash989ce4dc079fae979ae465d42dabe4b8f7deec069e9ed195785bd8e00aa8ba60 | Formbook payload (confidence level: 95%) | |
hash2ee3791580ba93e69cb0d53be22dac21 | Formbook payload (confidence level: 95%) | |
hash895174c685f9aec1b9d34da264d5b42cb227d945 | Formbook payload (confidence level: 95%) | |
hash3e80180b33b518fef3b04fcdf5fd87cb1b553f50a6649ff380403a0410fb7d09 | Formbook payload (confidence level: 95%) | |
hashd0cc03d0f3e93fa7a00ca2938666b1d6 | Formbook payload (confidence level: 95%) | |
hash83b3f75b6c06a15f0bc37329901ef2453279d830 | Formbook payload (confidence level: 95%) | |
hashf5f204abd013df53417dc0c0a9e3ca0b4fabaf855d09278ae77a5312921cb8d1 | Formbook payload (confidence level: 95%) | |
hash70f977371b031b70f713add12b95068c | Formbook payload (confidence level: 95%) | |
hash77979c25243f4306f9dbe8dc8353853015c28913 | win.pyfiledel payload (confidence level: 95%) | |
hashf26b71bb441c255e53013d93e60d0ee0ecd98c32a4a3c6c94ed21efbfc51cf1d | win.pyfiledel payload (confidence level: 95%) | |
hash6769ea1a7bddf69c50db9191e2ba4fa6 | win.pyfiledel payload (confidence level: 95%) | |
hash1207a13c881450c7d24cc91103069d101f7a64df | Formbook payload (confidence level: 95%) | |
hashb51ceacaf3ee0b0d287df4e4e8eae92606a3a36670d50a36f3b7827df46a8a83 | Formbook payload (confidence level: 95%) | |
hasha417dc53df37746f0e20886e235c764a | Formbook payload (confidence level: 95%) | |
hash50dc262bb1fff598c6e5a315ac62699b6feeb6a8 | Formbook payload (confidence level: 95%) | |
hash3ba4c215dd4560b63680ee1c1ccf4c8966283def8d59d10361a510eca266bd62 | Formbook payload (confidence level: 95%) | |
hash68ba2c20f21d36e36d3393cede056af7 | Formbook payload (confidence level: 95%) | |
hash9cf060e2a160d46a597a915e063e57d02b79c9bb | Formbook payload (confidence level: 95%) | |
hash94cad32fb1af01f798a74fa25acccc890ea303f4d3a720296146dd9161da7374 | Formbook payload (confidence level: 95%) | |
hash37496579e98a1e12a51d73ec2c3038af | Formbook payload (confidence level: 95%) | |
hash33f8be954dd8117f1a7eebaa2bd02492472fb4ec | StrelaStealer payload (confidence level: 95%) | |
hashe68cbefe7e20a42d764b2e6c4fb1a343d6dae85c9caac0e5788830b2afd1909d | StrelaStealer payload (confidence level: 95%) | |
hash5e3a14c15c3f19441573607dc804dea9 | StrelaStealer payload (confidence level: 95%) | |
hash0dbd2497ae33a795679945874797f0cd59df924c | AsyncRAT payload (confidence level: 95%) | |
hash8ac170196ffb99ebfb700476269c8303c36fe3e81f55608403ae6bd4538d89d6 | AsyncRAT payload (confidence level: 95%) | |
hash2d6d6b7487256f64188084ff91201932 | AsyncRAT payload (confidence level: 95%) | |
hash3db4b2cac6205a265dc8ca82a63c39474f5f9301 | Vidar payload (confidence level: 95%) | |
hash2b0ad428d233a5a100dfa9464088ab08b090cbbee4a99ffeb27fde2ae80d2657 | Vidar payload (confidence level: 95%) | |
hash308a0d04da7a149c1ffa45c295decdb7 | Vidar payload (confidence level: 95%) | |
hashabeffd596f638b6940a3697a779253e4e3d57c32 | Vidar payload (confidence level: 95%) | |
hash14775a6d6bd2aa2418c024a7726f8e3e1b308703b1425b6cd8e2df18e13ec89c | Vidar payload (confidence level: 95%) | |
hasha17fc47dbce322bce030b1da31525187 | Vidar payload (confidence level: 95%) | |
hash799cfd926a1d1863fcc00113852b9c8436f13164 | Vidar payload (confidence level: 95%) | |
hashfd3db327aa1db045d650c8b48ef3717e78f520dc6fedfec67d8808f963d6f35f | Vidar payload (confidence level: 95%) | |
hash090c01efedada175ff42474313e941dc | Vidar payload (confidence level: 95%) | |
hash91665c3afd2d18832b63fe1c905fd3fbb84bdcca | Luca Stealer payload (confidence level: 95%) | |
hash47633b39ac044e50fd5667ae26c676dfbd215aff8ee28e066a9ed8dc67ae1e56 | Luca Stealer payload (confidence level: 95%) | |
hash0e03b2a62f6af760d31b4a7341d3bea3 | Luca Stealer payload (confidence level: 95%) | |
hash1887ba256da9261835e011c5696cdf46b1eff294 | Moker payload (confidence level: 95%) | |
hashd247b3923c621bdbef663c33ff3cf57072da3e207562ef4823d71aa99d976b6c | Moker payload (confidence level: 95%) | |
hash6004689475f489f66a6f75fdd64c8b33 | Moker payload (confidence level: 95%) | |
hashb96abd70ced095f9ca06432c60512a22560f1dd8 | CoffeeLoader payload (confidence level: 95%) | |
hash2924adfa3404f67021c941a6a04bd293779010d5ac55ac60660d8ce5bdf888fd | CoffeeLoader payload (confidence level: 95%) | |
hash5f076e8739fa7ec1f1a02b2c142fdda1 | CoffeeLoader payload (confidence level: 95%) | |
hash5efc11f1836c4c412d1acbc40bdee2149ac3e3ce | ACR Stealer payload (confidence level: 95%) | |
hashd5e3356ace034ad3b30bcaf4a1986ffe4297907b11bbbed3bab893aa0dde9cca | ACR Stealer payload (confidence level: 95%) | |
hash64c4f2ca807eacbdc60b0ccc446e79bd | ACR Stealer payload (confidence level: 95%) | |
hash4610ce2aa50371b501740fc2be848664f1845bf5 | DarkTortilla payload (confidence level: 95%) | |
hash04e1f69458d2d6d073a4b61f97ba8a4d1219f8d57d4d682b48b9473bfc5dd1d4 | DarkTortilla payload (confidence level: 95%) | |
hash8ebc28adb4b33390b2afbb0587ff7375 | DarkTortilla payload (confidence level: 95%) | |
hash320b1b27445e5f58e113e43a85ce3df78339438a | Coinminer payload (confidence level: 95%) | |
hash6a68953c6581b725787472d713690790fb7374f26e4d62888f32169a1813e240 | Coinminer payload (confidence level: 95%) | |
hash00292eb09813b07f669b277c656cd550 | Coinminer payload (confidence level: 95%) | |
hash6b9bd5803b97feef7a4815be4db4b8c8e8c385a8 | Vidar payload (confidence level: 95%) | |
hash47d7c773c88f5119c41b22fcb4318860bdd1c331fb0d5b1fae5a2023fa02cd3f | Vidar payload (confidence level: 95%) | |
hashe00a71c5775dfe53818aeeb733c6f6ed | Vidar payload (confidence level: 95%) | |
hash6b041d49817a84110f0760d7d806aa2fffbea031 | Vidar payload (confidence level: 95%) | |
hash54f6e742463d075bc1afa87ce302827ef813da9a3e4db303ab7c0beb72753ca5 | Vidar payload (confidence level: 95%) | |
hash26f4e4458656cec56cc170f767c03b21 | Vidar payload (confidence level: 95%) | |
hashec977491845343f46808ac488c5bb2447eaabe63 | Vidar payload (confidence level: 95%) | |
hash7132556008221a4eff0c8a586e48bcceb41b50e941e737fb90a0993823e26668 | Vidar payload (confidence level: 95%) | |
hasha1d040eef2db7821562d3c15c0f1b34e | Vidar payload (confidence level: 95%) | |
hash02e9d3c3f2c31538eae874eed1bd8b49cd35fb43 | PureCrypter payload (confidence level: 95%) | |
hashf9a6fa310bd121a3c0764b15c0fd14c10eaef637a440d92c8078490e24d45cac | PureCrypter payload (confidence level: 95%) | |
hash0d484816fd43280c0c72d56453fcedb5 | PureCrypter payload (confidence level: 95%) | |
hash5f77d60965b99ef7449c22103ef5f2a1cf6983f0 | Vidar payload (confidence level: 95%) | |
hash06b49b2d522767addec65abdcbd925a3a1ef91c2411fcc7bb7ede9003b695935 | Vidar payload (confidence level: 95%) | |
hash2e2e84453ea52e3a9139bc3144ff1d5c | Vidar payload (confidence level: 95%) | |
hashbd7e70347c27f4ec6df0bb970f732e786823cebc | Remcos payload (confidence level: 95%) | |
hash4426926529e5a8542f58cf5593881c4bd3fdc2f89200832a74db095fabf6d91f | Remcos payload (confidence level: 95%) | |
hashdea547a25f835ca99dee29f7956af4c5 | Remcos payload (confidence level: 95%) | |
hashb5638753d9a660546ad186ffb09274a120eace78 | Remcos payload (confidence level: 95%) | |
hashff8ecf3ecfe38ebea5b18a0f16a1d89717d1e3eaef62f6cc9c7892de6c72a778 | Remcos payload (confidence level: 95%) | |
hash8ef6eb9482bb06e353f23ab1b4be9eac | Remcos payload (confidence level: 95%) | |
hashebb6e9a7b0f74520bcbf4e2ea5afc788aa57d8aa | Formbook payload (confidence level: 95%) | |
hashfa1419f1889b4a2f1d65cda0595ceef6a720af1edbdcdbce09f660b453e7b3d9 | Formbook payload (confidence level: 95%) | |
hash82296a95f204903b8541c6d8352696e0 | Formbook payload (confidence level: 95%) | |
hash67fc485a593d1cd182f57c89bf03c5bdb80191ae | Remcos payload (confidence level: 95%) | |
hash6f52e6c46213bbef26c41be5f5a50c05584b53c4865d65201fac82908ee906ec | Remcos payload (confidence level: 95%) | |
hashedc8dd932a5ffe7673cae05db52fc525 | Remcos payload (confidence level: 95%) | |
hash3cb2272a8bd4d10a8931e022acce57d59a32820a | Remcos payload (confidence level: 95%) | |
hash084fd47a500e122be1ab53c87d6b679bbb34bd1de0d2df5ad8fc7fc75f006f26 | Remcos payload (confidence level: 95%) | |
hash9ebd8b5fa7aa04b7dbab2d04667f4690 | Remcos payload (confidence level: 95%) | |
hash094d742124ade733c46c2e8ea91db22b7876cb2c | Remcos payload (confidence level: 95%) | |
hash09628e44730e751aa5f91a92541d5510ccdb96604f266ead6e3320402d8bf1e0 | Remcos payload (confidence level: 95%) | |
hash25033205620f478e49ee1aaafeb1ca2f | Remcos payload (confidence level: 95%) | |
hashdca730305aff7b7799e4da672381ac81d73c9b52 | StrelaStealer payload (confidence level: 95%) | |
hash99978bb92355f3b3436b8e28f416d787bafd523deae3f03c97e0d9ed292e0305 | StrelaStealer payload (confidence level: 95%) | |
hash0dd590078af5393c5da370c3935d9612 | StrelaStealer payload (confidence level: 95%) | |
hash1e6d33eb900bcaf7da113cbcdc3715e3a819d155 | Rhadamanthys payload (confidence level: 95%) | |
hashc1af190c3f1d7e19a0854b24ed71247dbeecba1e1e621dc74d19f51d1d746d52 | Rhadamanthys payload (confidence level: 95%) | |
hashfd85c61b8b79ba1c80080a929a148caf | Rhadamanthys payload (confidence level: 95%) | |
hash689ad1e5b634c7e614755a7f7efd874d4d87ee6d | Formbook payload (confidence level: 95%) | |
hasha9bf95048847b326d432a31548079e948c6872a1c8706d8d1630eb3d77bd4383 | Formbook payload (confidence level: 95%) | |
hash93657f0206d7c49ff3aaf4115c2fd878 | Formbook payload (confidence level: 95%) | |
hashf41bc1e8e2de3e6d44afe90925f3db6282ad140d | Formbook payload (confidence level: 95%) | |
hash1f3bdb38686a66cf238a07a79181c908179f654e886ee1b4531bfa8c18f52f6b | Formbook payload (confidence level: 95%) | |
hashfb57e23fec741e6bdbbf8f7c6a78689f | Formbook payload (confidence level: 95%) | |
hash5e0cd038f6db10329b65af40790a491fc1d2ed7b | Darktrack RAT payload (confidence level: 95%) | |
hashbbbc2a56ba69aefa567dbffe1982e21c7317e305741f7027cd0975c4bf79f8df | Darktrack RAT payload (confidence level: 95%) | |
hash06d5fdfabf8ef1f61c1182318652509b | Darktrack RAT payload (confidence level: 95%) | |
hash3606ae6f5fe5d1dbe6e43c30ed64144d4c26f2cb | SalatStealer payload (confidence level: 95%) | |
hashb348f6b13bfb6333e2b136017c883b5e738a95a7ed91c84855818d5e42a4f209 | SalatStealer payload (confidence level: 95%) | |
hash7877b98eaaa294efedcb04d0f7f5d35d | SalatStealer payload (confidence level: 95%) | |
hash8d6355b0b34a33a9e20c6036fdaab6d830c94f5a | SalatStealer payload (confidence level: 95%) | |
hasha009d752494145c288387e586779a884b3f9729d6c0edab567ad5af122f7d478 | SalatStealer payload (confidence level: 95%) | |
hasha95b450adede39859c069b32281d1b6c | SalatStealer payload (confidence level: 95%) | |
hash90f90e81678f32805ce757aaf68e14e980135fab | Remcos payload (confidence level: 95%) | |
hash3b83666797ab5e6ce9a2e58ea84b259a2d4c7cb08db82674c52c82e62314ff04 | Remcos payload (confidence level: 95%) | |
hash0baf5e82711b7b02d084bbd80e07e594 | Remcos payload (confidence level: 95%) | |
hash41dfe4051642019024b4df1d9a9ae7231a1a586e | RedLine Stealer payload (confidence level: 95%) | |
hashd5438215003956acd984ea603931d620cb5370bc041ac7c4f2cadcf05ed44e44 | RedLine Stealer payload (confidence level: 95%) | |
hash9ba7c9e860481ba43b16382d1395b996 | RedLine Stealer payload (confidence level: 95%) | |
hashf7a5c5c01b89b2ad968c7cd94bd1914349974cf3 | Remcos payload (confidence level: 95%) | |
hash05362c10b1c042aaff781667afcddc73f551eaccc5880a89baf2fc16421a6132 | Remcos payload (confidence level: 95%) | |
hashbfa3f6ce9401c6aca9d8d2aa7ebfbb2a | Remcos payload (confidence level: 95%) | |
hashc5058a9a9ea61c991ea12807dc63b27b22d4cf4d | Formbook payload (confidence level: 95%) | |
hash02e7f215178539b6e5ef8cff58c0f689fcf2a39fd1b2171f134d96c3828c2450 | Formbook payload (confidence level: 95%) | |
hash91c9691d4312e20b5bfc5a14f96e0dc8 | Formbook payload (confidence level: 95%) | |
hashff166189028e635404227f1be326436fcc4a8a5f | RedLine Stealer payload (confidence level: 95%) | |
hashdeeae0070809a7e636f8c88dadfb9661e0260e0aaa03efd1d1a36ee4775e0ed3 | RedLine Stealer payload (confidence level: 95%) | |
hashc651803dd68acdc81a6fb18bc6c97eac | RedLine Stealer payload (confidence level: 95%) | |
hash9cdfa034dae02f3b82a0138bc5fcdf46474e562c | Formbook payload (confidence level: 95%) | |
hashf231f3ace931fcc753eb4dddc25b63541df30f33cf3cb840dab6629a4a0ad2a6 | Formbook payload (confidence level: 95%) | |
hash40e5eec2a926f39e67e6fa4b3d5915a8 | Formbook payload (confidence level: 95%) | |
hash1b647e88343fe9d022bf130d41dc2bdd5d8c53e7 | RedLine Stealer payload (confidence level: 95%) | |
hash3b75c424fd848c6139be88eab7d2cee4b9da7b8d9a6be4bfe5dc91881e93ad59 | RedLine Stealer payload (confidence level: 95%) | |
hash9ddcf14df404839f6d5f1b33b8364b32 | RedLine Stealer payload (confidence level: 95%) | |
hashee18c0fa07b2b231ec6fc8c47a0f77ec6d4cd850 | Formbook payload (confidence level: 95%) | |
hash861e174b88d28b3e015527674a6a6397aa99b05c1a1b5bff045f9c6fc68ba47c | Formbook payload (confidence level: 95%) | |
hash610a19b9c192b0a9edcba0edd4382893 | Formbook payload (confidence level: 95%) | |
hash8c862311f36513ab71326d11cd938b55e4a56e3e | DBatLoader payload (confidence level: 95%) | |
hash96080883257bdfe75fbf33f3a5652a92e9c0c9d8834047b83abece02cecd22ba | DBatLoader payload (confidence level: 95%) | |
hash600e07b0281ed20fbeea9dbdeec96789 | DBatLoader payload (confidence level: 95%) | |
hash6264b7366a7cc044192becb418cdca1db0429fdf | ValleyRAT payload (confidence level: 95%) | |
hash44712bce3f57afef3731390e3d6704cddc692a3130ccf94727fbfe23beca1f53 | ValleyRAT payload (confidence level: 95%) | |
hashcde5aff821ba0fdec4032b58bf582492 | ValleyRAT payload (confidence level: 95%) | |
hashfa01f9a4d74e1d4dfa4764ee09225ebaa8dafa3c | MASS Logger payload (confidence level: 95%) | |
hash98befdf040b021045e164086dcb58d1139d366c3176365a8d36d4d1fb52e42fc | MASS Logger payload (confidence level: 95%) | |
hash31a9bb07cffc8df3422a36ae29753a56 | MASS Logger payload (confidence level: 95%) | |
hash1c9da11cf6b59d99f343285f7000076d3d5284eb | Arkei Stealer payload (confidence level: 95%) | |
hash08c9e700f5f0b357868ab209e4533bb67d0539b20e639357b6e9854ed8d56415 | Arkei Stealer payload (confidence level: 95%) | |
hashb7fc784520334a653fb0f2174f8c0275 | Arkei Stealer payload (confidence level: 95%) | |
hash69bd2b89e96e60d73bb2d4982e3b9aa029eb9283 | Arkei Stealer payload (confidence level: 95%) | |
hash12f83cdf49c6bc9bfc21abc5bfc28d2c391747256e83c525f19431d07da544f2 | Arkei Stealer payload (confidence level: 95%) | |
hash0a86e62dbd78bdc7db5cbf92f9793a88 | Arkei Stealer payload (confidence level: 95%) | |
hash330998a64b78a3bc9c970a37363364701de5f2c8 | Arkei Stealer payload (confidence level: 95%) | |
hash38169b3e010b40184746ade1946dcb355c6d4f57bc1149a63fa21df3b8b308a6 | Arkei Stealer payload (confidence level: 95%) | |
hash0a2eed56079b90d3abc653b846e0b20e | Arkei Stealer payload (confidence level: 95%) | |
hashca40bfff221ae30637357406840ba25ed76c6f58 | Arkei Stealer payload (confidence level: 95%) | |
hash0222a80c806a1f5746c17090f1379779245dd7d86b70b1c5dc5d0e75a13e5a3f | Arkei Stealer payload (confidence level: 95%) | |
hashd7bd878aca9c320485f290547b6377f6 | Arkei Stealer payload (confidence level: 95%) | |
hash6d51d602553f0244588bded13c59b3a05d707b7d | Formbook payload (confidence level: 95%) | |
hash4e830eaa9a4e343d1e2d437ff678fc7e884bee9139807389db70e3cea3cc9770 | Formbook payload (confidence level: 95%) | |
hash51aca412ef605a3e3d9f28ce40c16951 | Formbook payload (confidence level: 95%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash6781 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash43554 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%) | |
hash6781 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash6666 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8081 | Havoc botnet C2 server (confidence level: 100%) | |
hash8090 | DCRat botnet C2 server (confidence level: 100%) | |
hash80 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash33237 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash33675 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash33676 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash3778 | Mirai botnet C2 server (confidence level: 80%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6675 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2302 | DarkComet botnet C2 server (confidence level: 100%) | |
hash25565 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash10250 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash36188 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8443 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash8899 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash7709 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1931 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8888 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash7777 | DCRat botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6666 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2083 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash12389 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Remcos botnet C2 server (confidence level: 100%) | |
hash7070 | Remcos botnet C2 server (confidence level: 100%) | |
hash8009 | Sliver botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash81 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash1116 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash446 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8800 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash9999 | NightshadeC2 botnet C2 server (confidence level: 75%) | |
hash8443 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash7705 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
hash443 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | GlassWorm payload delivery server (confidence level: 100%) | |
hash80 | GlassWorm payload delivery server (confidence level: 100%) | |
hash80 | GlassWorm payload delivery server (confidence level: 100%) | |
hash80 | GlassWorm payload delivery server (confidence level: 100%) | |
hash57441 | Remcos botnet C2 server (confidence level: 50%) | |
hash80 | Remcos botnet C2 server (confidence level: 50%) | |
hash443 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash442 | ValleyRAT botnet C2 server (confidence level: 66%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash82 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash1488 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash6443 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash4444 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash443 | BianLian botnet C2 server (confidence level: 100%) | |
hash1443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash666 | Bashlite botnet C2 server (confidence level: 75%) | |
hash282 | Bashlite botnet C2 server (confidence level: 75%) | |
hash6000 | XWorm botnet C2 server (confidence level: 75%) | |
hash8888 | XWorm botnet C2 server (confidence level: 100%) | |
hash30034 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30202 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30014 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30173 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Remcos botnet C2 server (confidence level: 75%) | |
hash8080 | Remcos botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 75%) | |
hash55509 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
hash1604 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9090 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash54002 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash64882 | Remcos botnet C2 server (confidence level: 100%) | |
hash9999 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | PoshC2 botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash80 | Amadey botnet C2 server (confidence level: 50%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash1177 | NjRAT botnet C2 server (confidence level: 100%) | |
hash1122 | Remcos botnet C2 server (confidence level: 100%) | |
hash7705 | PureLogs Stealer botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domaint4au.deane4y5not.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwe1iss.test6yvarn1sh.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbe2rg.test6yvarn1sh.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfl3uss.test6yvarn1sh.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainli2cht.aphrh1tc4h.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqu1arz.aphrh1tc4h.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaine1is.aphrh1tc4h.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainst3eg.aphrh1tc4h.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainethupdate.top | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainha1in.rec1aimswal1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmo2or.rec1aimswal1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwe4g.rec1aimswal1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainxrprelay.top | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainu6fer.rec1aimswal1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpf7ad.rec1aimswal1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbr1ise.pr0p0sedtact.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingle2is.pr0p0sedtact.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindo4rn.pr0p0sedtact.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainne1bel.nar7owsized.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfa3lke.nar7owsized.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwo2lke.nar7owsized.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaineich3e.nar7owsized.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainst0urm.se1fish5tupid.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwei5ss.se1fish5tupid.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhaf3en.se1fish5tupid.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingl4ut.se1fish5tupid.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainw0ald.se1fish5tupid.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwolke.thistleforge.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbach3.thistleforge.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainklee.thistleforge.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrauch.thistleforge.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainglade.moonfenster.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintau.moonfenster.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainufer1.moonfenster.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingeist.moonfenster.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmoor.moonfenster.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfels.brackenloft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlicht.brackenloft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwind5.brackenloft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhain.brackenloft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainigw.myfirewall.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainweiss.granitehaven.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainstrom2.granitehaven.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrune.lindenarc.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbach.lindenarc.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintal.lindenarc.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwolke9.lindenarc.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbirch.cobaltmeadow.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainstatic.myonlinegigs.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainsturm.cobaltmeadow.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpfad.cobaltmeadow.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkorn7.cobaltmeadow.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintaiga.cobaltmeadow.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwww.batescraigprojects.site | XWorm botnet C2 domain (confidence level: 75%) | |
domainwww.batescraigprojects.store | XWorm botnet C2 domain (confidence level: 75%) | |
domainfjord.alderquartz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaineiche.alderquartz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainstern1.alderquartz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhafen.emberbucht.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainufer.emberbucht.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainglut.emberbucht.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrauch2.emberbucht.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfalke.wolspfad.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwald.wolspfad.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkrone3.wolspfad.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsticka.qpon | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindecalcy.qpon | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainamififadinokasrwe.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domainweald.loamgarde.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbrook.loamgarde.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmead.loamgarde.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingjt.wallyapp.xyz | Vidar botnet C2 domain (confidence level: 100%) | |
domainfra.wallyapp.xyz | Vidar botnet C2 domain (confidence level: 100%) | |
domaingjt.nigeriaafricatime.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainridge4.loamgarde.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbrise.loamgarde.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingleis.driftklause.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkamm.driftklause.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingrau.driftklause.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindorn6.driftklause.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain0o.dup-1-ic-4-ermaph.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwww.baiyangyan.cn | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaindzthj.dup-1-ic-4-ermaph.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainorbit8.dup-1-ic-4-ermaph.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainauul8.dup-1-ic-4-ermaph.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindc8.aucti0nz7ir.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnova.aucti0nz7ir.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain1qtbb.aucti0nz7ir.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainoixp.aucti0nz7ir.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjet8.liner-9-ick.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsbsq.liner-9-ick.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain9st6r.liner-9-ick.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbv51.liner-9-ick.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnln7n.kos-0-ltyu-4-etey.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainshard.kos-0-ltyu-4-etey.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrift5.kos-0-ltyu-4-etey.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainshard6.kos-0-ltyu-4-etey.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb1.kos0ltyu4etey.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkhg2e.kos0ltyu4etey.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainvk.kos0ltyu4etey.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpkw.kos0ltyu4etey.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaing4k.hre-9-in-7-mamma.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintrail6.hre-9-in-7-mamma.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainshield.hre-9-in-7-mamma.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqaqkongtiao.com | RONINGLOADER botnet C2 domain (confidence level: 100%) | |
domainlists.ineer.org | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainrogerperrybook.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainvirus.www.moroccancam.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainmrdc1963.duckdns.org | DCRat botnet C2 domain (confidence level: 50%) | |
domainv2.www.moroccancam.com | DCRat botnet C2 domain (confidence level: 50%) | |
domainv3.www.moroccancam.com | DCRat botnet C2 domain (confidence level: 50%) | |
domainjbdsg65485.bounceme.net | Mirai botnet C2 domain (confidence level: 50%) | |
domainvcute69.bounceme.net | Mirai botnet C2 domain (confidence level: 50%) | |
domainfl9.hre-9-in-7-mamma.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpetitesalope.com | KongTuke payload delivery domain (confidence level: 100%) | |
domainhsk.dup1ic4ermaph.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainshift.dup1ic4ermaph.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindelta4.dup1ic4ermaph.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainapp.myonlineprofits.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainvale.dup1ic4ermaph.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainblink2.hre9in7mamma.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain2y.hre9in7mamma.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainak1.xingxings3.org | ValleyRAT botnet C2 domain (confidence level: 66%) | |
domainblink6.hre9in7mamma.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindrift.hre9in7mamma.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainne.suf-1-nau-8-h.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainstack.suf-1-nau-8-h.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainloom.suf-1-nau-8-h.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainecho.suf1nau8h.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjat.suf1nau8h.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain5egzr.suf1nau8h.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainyl.suf1nau8h.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainugg.wallyapp.xyz | Vidar botnet C2 domain (confidence level: 100%) | |
domainugg.noisolation.org.uk | Vidar botnet C2 domain (confidence level: 100%) | |
domainqhnjc.aucti-0-nz-7-ir.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingi0x.aucti-0-nz-7-ir.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainftp.torinod.shop | Agent Tesla botnet C2 domain (confidence level: 100%) | |
domainguard.aucti-0-nz-7-ir.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain14h.aucti-0-nz-7-ir.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincatheadsquisher-39417.portmap.host | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainbrowse-spanish.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainpjrcare.top | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainprint-westminster.gl.at.ply.gg | SpyNote botnet C2 domain (confidence level: 100%) | |
domainwolke.skyblend.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainglade.skyblend.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindune3.skyblend.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbirch.skyblend.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintau.st0rmfield.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkamm2.st0rmfield.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainweald.st0rmfield.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainstern.st0rmfield.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmoos.st0rmfield.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwolke.mintzone.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainufer.mintzone.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingrat5.mintzone.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainglanz.st0nebyte.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindorn.st0nebyte.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlocalhostpin.camdvr.org | Quasar RAT botnet C2 domain (confidence level: 75%) | |
domainmist.st0nebyte.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpfad4.st0nebyte.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbach.clouddrop.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintal.clouddrop.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincs.110-110.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns2.welslanguageschool.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns_cs1.110-110.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns_cs2.110-110.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainkraut.clouddrop.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfalke.wildr0se.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainweide.wildr0se.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlicht2.wildr0se.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainstrand.wildr0se.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnebel.wildr0se.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnacht.shadowmint.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainglade.shadowmint.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkorn1.shadowmint.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainastovengroikoliuyastat.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domaincompomhariolkifdsts.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domaindadanetuilkolaifhrts.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domaingladirustoklioasfar.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domainaviksateroliuwertu.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domaineradiolpsssrepshvebsqw.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domainfikolasdklnbhgss.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domainmikusadiokloka.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domainufer.l1ghtcloud.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhotfilipopersastriolkas.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domainkamisisterbrofanydodf.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domainlasopisojioliondas.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domaindotarhiamkloie.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domaingiasdfklopert.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domainwolke.l1ghtcloud.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainportevergrenncallaosilcent.dynuddns.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainwarewuasar3.duckdns.org | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainvjlong5555.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainvj9999.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainpureforupdatebunies.dynuddns.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaingleis3.l1ghtcloud.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainstern.l1ghtcloud.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpfad.ciearbug.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmoor.ciearbug.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwind4.ciearbug.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaineiche.m1ntcioud.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindune.m1ntcioud.ru | ClearFake payload delivery domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://qreenmaple.com/baba/baba1/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttps://telegram.me/dead1cf | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://gjt.wallyapp.xyz/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://fra.wallyapp.xyz/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://gjt.nigeriaafricatime.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://180.93.239.176/ | Hook botnet C2 (confidence level: 50%) | |
urlhttp://91.92.240.190/fbfde0da45a9450b.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttps://14.128.53.148:8888/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://petitesalope.com/5t6t.js | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttps://petitesalope.com/js.php | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttp://206.188.196.28:6655/alph | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttps://ugg.wallyapp.xyz/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ugg.noisolation.org.uk/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://185.209.162.226 | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://151.245.195.140 | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://45.200.148.114 | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://84.201.25.198 | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://91.92.243.129/0gjsy4hf3/index.php | Amadey botnet C2 (confidence level: 100%) |
Threat ID: 691fae469bfed6bde22f2b8f
Added to database: 11/21/2025, 12:11:50 AM
Last enriched: 11/21/2025, 12:12:01 AM
Last updated: 11/21/2025, 10:01:12 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
The Tsundere botnet uses the Ethereum blockchain to infect its targets
MediumMalwareFri Nov 21 2025
Reoccurring Use of Highly Suspicious PDF Editors to Infiltrate Environments
MediumMalwareFri Nov 21 2025
Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows
MediumMalwareFri Nov 21 2025
New Sturnus Banking Trojan Targets WhatsApp, Telegram, Signal Messages
MediumMalwareThu Nov 20 2025
New Eternidade Stealer Spreads Via WhatsApp to Steal Banking and Crypto Data
MediumMalwareThu Nov 20 2025
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.