Skip to main content
Threat Radar animated logo
DashboardThreatsMapFeedsAPILifetime Access
reconnecting
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

ThreatFox IOCs for 2025-11-21

0
Medium
Malwaretype:osinttlp:white
Published: Fri Nov 21 2025 (11/21/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-11-21

AI-Powered Analysis

AILast updated: 11/22/2025, 00:06:40 UTC

Technical Analysis

The ThreatFox IOCs for 2025-11-21 represent a set of Indicators of Compromise disseminated through the ThreatFox MISP feed, which is an open-source threat intelligence platform. These IOCs are categorized under malware, specifically focusing on OSINT (Open Source Intelligence), network activity, and payload delivery mechanisms. The data does not specify any particular affected software versions or products, indicating that the IOCs may be generic or broadly applicable rather than tied to a specific vulnerability or exploit. No patches or fixes are available, and there are no known active exploits in the wild, suggesting this is an intelligence update rather than an active threat campaign. The technical details provided include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, which may imply moderate dissemination but limited analysis depth. The absence of concrete indicators or CWEs (Common Weakness Enumerations) limits the ability to perform a detailed technical dissection. The primary value of this information lies in its use for enhancing situational awareness and improving detection capabilities through integration into security monitoring tools. The categorization under network activity and payload delivery highlights the potential for these IOCs to be associated with malware delivery via network vectors, which is a common attack vector in contemporary cyber threats.

Potential Impact

For European organizations, the impact of these IOCs depends largely on their ability to integrate and act upon threat intelligence feeds. Since no specific exploits or vulnerabilities are identified, the immediate risk is low to medium. However, the presence of network activity and payload delivery indicators suggests a potential for malware infections if these IOCs correspond to active or emerging threats. Organizations with extensive network infrastructure and critical services could face disruptions or data breaches if such payloads are successfully delivered and executed. The lack of patches or fixes means that prevention relies heavily on detection and response capabilities. Failure to incorporate these IOCs into security monitoring could result in delayed detection of malware campaigns, increasing the risk of compromise. Additionally, the medium severity rating indicates that while the threat is not critical, it should not be ignored, especially in sectors with high-value data or critical infrastructure. The impact is also influenced by the organization's maturity in threat intelligence consumption and network security posture.

Mitigation Recommendations

To mitigate risks associated with these ThreatFox IOCs, European organizations should: 1) Integrate the ThreatFox MISP feed and similar OSINT sources into their Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enable real-time detection of related indicators. 2) Enhance network monitoring to identify unusual or suspicious payload delivery attempts, focusing on traffic patterns that match the characteristics of the shared IOCs. 3) Conduct regular threat hunting exercises using the updated IOCs to proactively identify potential compromises. 4) Implement strict network segmentation and access controls to limit the spread of malware if payload delivery occurs. 5) Educate security teams on interpreting and operationalizing OSINT feeds to improve response times. 6) Maintain up-to-date backups and incident response plans to minimize impact in case of infection. 7) Collaborate with national and European cybersecurity centers to share intelligence and receive timely alerts about emerging threats. These steps go beyond generic advice by emphasizing the operational integration of threat intelligence and proactive network defense tailored to the nature of the IOCs.

Affected Countries

GermanyGermany
FranceFrance
United KingdomUnited Kingdom
NetherlandsNetherlands
ItalyItaly
Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
4fc338d9-12d7-4d48-bfd6-6d854a51510c
Original Timestamp
1763769786

Indicators of Compromise

File

ValueDescriptionCopy
file31.129.54.227
Vidar botnet C2 server (confidence level: 75%)
file193.233.245.114
Pink botnet C2 server (confidence level: 100%)
file123.58.64.57
Cobalt Strike botnet C2 server (confidence level: 100%)
file91.231.222.184
Remcos botnet C2 server (confidence level: 100%)
file104.168.5.56
Remcos botnet C2 server (confidence level: 100%)
file77.90.185.239
SectopRAT botnet C2 server (confidence level: 100%)
file95.111.217.209
MimiKatz botnet C2 server (confidence level: 100%)
file165.232.126.106
AdaptixC2 botnet C2 server (confidence level: 100%)
file175.17.182.112
Meterpreter botnet C2 server (confidence level: 100%)
file193.161.193.99
Quasar RAT botnet C2 server (confidence level: 100%)
file175.178.149.35
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.55.192.138
Cobalt Strike botnet C2 server (confidence level: 100%)
file147.124.221.176
Remcos botnet C2 server (confidence level: 100%)
file46.151.24.12
Remcos botnet C2 server (confidence level: 100%)
file208.69.78.192
Sliver botnet C2 server (confidence level: 100%)
file164.92.191.215
Sliver botnet C2 server (confidence level: 100%)
file156.252.63.101
Unknown malware botnet C2 server (confidence level: 100%)
file66.94.103.70
AsyncRAT botnet C2 server (confidence level: 100%)
file34.172.85.181
Unknown malware botnet C2 server (confidence level: 100%)
file81.169.170.55
Quasar RAT botnet C2 server (confidence level: 100%)
file102.98.82.32
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file141.98.6.51
Bashlite botnet C2 server (confidence level: 100%)
file168.245.201.250
Meterpreter botnet C2 server (confidence level: 100%)
file158.94.209.169
XWorm botnet C2 server (confidence level: 100%)
file91.231.222.180
Remcos botnet C2 server (confidence level: 100%)
file213.152.162.110
Nanocore RAT botnet C2 server (confidence level: 100%)
file78.47.161.107
Vidar botnet C2 server (confidence level: 100%)
file116.203.4.84
Vidar botnet C2 server (confidence level: 100%)
file94.130.189.15
Vidar botnet C2 server (confidence level: 100%)
file60.204.139.145
Cobalt Strike botnet C2 server (confidence level: 100%)
file123.60.60.119
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.97.47.45
Cobalt Strike botnet C2 server (confidence level: 100%)
file156.247.41.70
DCRat botnet C2 server (confidence level: 50%)
file80.85.154.41
Remcos botnet C2 server (confidence level: 50%)
file43.249.175.93
Cobalt Strike botnet C2 server (confidence level: 100%)
file175.178.149.35
Cobalt Strike botnet C2 server (confidence level: 100%)
file46.151.24.12
Remcos botnet C2 server (confidence level: 100%)
file104.168.5.56
Remcos botnet C2 server (confidence level: 100%)
file64.176.17.3
Sliver botnet C2 server (confidence level: 100%)
file89.116.164.107
AsyncRAT botnet C2 server (confidence level: 100%)
file193.29.13.67
SectopRAT botnet C2 server (confidence level: 100%)
file104.140.154.147
DeimosC2 botnet C2 server (confidence level: 75%)
file104.140.154.187
DeimosC2 botnet C2 server (confidence level: 75%)
file139.84.208.222
Havoc botnet C2 server (confidence level: 75%)
file189.140.37.235
QakBot botnet C2 server (confidence level: 75%)
file196.251.100.20
Nanocore RAT botnet C2 server (confidence level: 75%)
file54.166.128.216
Cobalt Strike botnet C2 server (confidence level: 75%)
file37.59.112.22
Havoc botnet C2 server (confidence level: 75%)
file52.156.27.122
Cobalt Strike botnet C2 server (confidence level: 75%)
file94.156.119.170
Cobalt Strike botnet C2 server (confidence level: 75%)
file115.120.248.106
Cobalt Strike botnet C2 server (confidence level: 75%)
file47.79.88.143
Cobalt Strike botnet C2 server (confidence level: 75%)
file62.234.150.115
Cobalt Strike botnet C2 server (confidence level: 75%)
file4.201.220.7
Cobalt Strike botnet C2 server (confidence level: 75%)
file40.67.149.122
Cobalt Strike botnet C2 server (confidence level: 75%)
file156.234.101.186
Cobalt Strike botnet C2 server (confidence level: 75%)
file23.248.214.6
Cobalt Strike botnet C2 server (confidence level: 75%)
file23.235.187.69
Cobalt Strike botnet C2 server (confidence level: 75%)
file217.154.162.45
Havoc botnet C2 server (confidence level: 75%)
file118.107.46.74
ValleyRAT botnet C2 server (confidence level: 100%)
file159.89.26.251
Mirai botnet C2 server (confidence level: 50%)
file1.13.247.208
Cobalt Strike botnet C2 server (confidence level: 75%)
file107.173.180.173
Cobalt Strike botnet C2 server (confidence level: 100%)
file23.235.172.18
Cobalt Strike botnet C2 server (confidence level: 100%)
file156.234.94.217
Cobalt Strike botnet C2 server (confidence level: 100%)
file15.237.184.174
Sliver botnet C2 server (confidence level: 90%)
file144.126.149.104
AsyncRAT botnet C2 server (confidence level: 100%)
file89.116.164.107
AsyncRAT botnet C2 server (confidence level: 100%)
file217.60.38.11
Hook botnet C2 server (confidence level: 100%)
file4.213.225.251
Unknown malware botnet C2 server (confidence level: 100%)
file59.124.9.77
Unknown malware botnet C2 server (confidence level: 100%)
file195.143.125.120
Unknown malware botnet C2 server (confidence level: 100%)
file41.231.122.52
Unknown malware botnet C2 server (confidence level: 100%)
file115.190.92.164
Unknown malware botnet C2 server (confidence level: 100%)
file190.110.41.114
Unknown malware botnet C2 server (confidence level: 100%)
file91.92.242.140
XWorm botnet C2 server (confidence level: 75%)
file38.55.192.138
Cobalt Strike botnet C2 server (confidence level: 100%)
file107.173.47.136
Remcos botnet C2 server (confidence level: 100%)
file91.231.222.184
Remcos botnet C2 server (confidence level: 100%)
file45.9.148.22
Havoc botnet C2 server (confidence level: 100%)
file118.107.46.74
ValleyRAT botnet C2 server (confidence level: 100%)
file103.86.44.167
ValleyRAT botnet C2 server (confidence level: 100%)
file103.86.44.167
ValleyRAT botnet C2 server (confidence level: 100%)
file103.86.44.167
ValleyRAT botnet C2 server (confidence level: 100%)
file38.162.117.58
ValleyRAT botnet C2 server (confidence level: 100%)
file103.119.15.173
ValleyRAT botnet C2 server (confidence level: 100%)
file196.251.100.20
Remcos botnet C2 server (confidence level: 100%)
file192.229.115.159
ValleyRAT botnet C2 server (confidence level: 100%)
file192.229.115.159
ValleyRAT botnet C2 server (confidence level: 100%)
file23.94.126.153
Unknown Stealer botnet C2 server (confidence level: 75%)
file205.209.99.112
Quasar RAT botnet C2 server (confidence level: 75%)
file111.228.35.33
Cobalt Strike botnet C2 server (confidence level: 100%)
file175.27.227.41
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.198.132.99
Remcos botnet C2 server (confidence level: 100%)
file80.76.49.172
Remcos botnet C2 server (confidence level: 100%)
file216.250.252.233
Remcos botnet C2 server (confidence level: 100%)
file93.113.214.168
Unknown RAT botnet C2 server (confidence level: 100%)
file165.227.129.255
Unknown malware botnet C2 server (confidence level: 100%)
file165.227.129.255
Unknown malware botnet C2 server (confidence level: 100%)
file185.72.199.83
Quasar RAT botnet C2 server (confidence level: 100%)
file185.196.9.213
MimiKatz botnet C2 server (confidence level: 100%)
file46.62.246.163
AdaptixC2 botnet C2 server (confidence level: 100%)
file202.73.4.100
ValleyRAT botnet C2 server (confidence level: 100%)
file198.135.54.36
Remcos botnet C2 server (confidence level: 100%)
file124.198.132.68
AsyncRAT botnet C2 server (confidence level: 75%)
file18.102.94.254
Eye Pyramid botnet C2 server (confidence level: 75%)
file186.105.109.59
QakBot botnet C2 server (confidence level: 75%)
file186.105.118.255
QakBot botnet C2 server (confidence level: 75%)
file65.20.108.228
Unknown malware botnet C2 server (confidence level: 75%)
file123.53.36.199
Cobalt Strike botnet C2 server (confidence level: 100%)
file108.174.56.152
Remcos botnet C2 server (confidence level: 100%)
file89.116.164.107
AsyncRAT botnet C2 server (confidence level: 100%)
file151.243.18.201
SectopRAT botnet C2 server (confidence level: 100%)
file45.9.148.22
Unknown malware botnet C2 server (confidence level: 100%)
file217.60.38.40
Hook botnet C2 server (confidence level: 100%)
file178.16.52.64
Hook botnet C2 server (confidence level: 100%)
file217.156.8.145
Havoc botnet C2 server (confidence level: 100%)
file37.114.37.213
MooBot botnet C2 server (confidence level: 100%)
file31.172.87.151
Bashlite botnet C2 server (confidence level: 100%)
file194.87.55.166
AdaptixC2 botnet C2 server (confidence level: 100%)
file167.148.195.154
PureLogs Stealer botnet C2 server (confidence level: 100%)
file158.51.125.27
Mirai botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash443
Vidar botnet C2 server (confidence level: 75%)
hash59d3a806684dfc3e0d6a9fac5f349e0a08a628e9307acbc29b14012f8dd9c48c
Vidar payload (confidence level: 100%)
hash80ea6b70823ebc4f76d9af3e72c268862c5a1deeacc09066e1c87636a46c0866
Vidar payload (confidence level: 100%)
hasha6dfdfa0dda4c9b2d3767ed44b49f858c2df2f049b8606f85c0219076ad91111
Vidar payload (confidence level: 100%)
hashe33e882a1bf4ef13b23f33e76575fac5e48b265b316727e462109fb8bd0d9a35
Vidar payload (confidence level: 100%)
hashf42b4366500178d40380d21433efea12cdc5aa66eebb74ec6820adf00a29ae6b
Vidar payload (confidence level: 100%)
hash2178a927cb1486293bb77fc394dc53d7dd7b1b3c1a97b4f84591616d4c921edd
Vidar payload (confidence level: 100%)
hash68bd4f1a56632380307f892f32e59e481269caabd1d076abf6a824ace474d82e
Vidar payload (confidence level: 100%)
hashb250ef40ab3cc5cae98cab7da42245f1b30021b52082d8fa83f5b550c8997478
Vidar payload (confidence level: 100%)
hashc42fccdf608e98be7739915a086f49c3bb7328ae3fc3662b1abc2894a9792570
Vidar payload (confidence level: 100%)
hashd1ec6b46ad22793485504e969661c9e79c5a3f8b84a5e76538955a6c684300b1
Vidar payload (confidence level: 100%)
hashda9551fc5564a6958b3aa72edc88b71d00d12ddc5cdb9f6038c07512bd56e502
Vidar payload (confidence level: 100%)
hash38990
Pink botnet C2 server (confidence level: 100%)
hash34567
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5000
Remcos botnet C2 server (confidence level: 100%)
hash5000
Remcos botnet C2 server (confidence level: 100%)
hash9000
SectopRAT botnet C2 server (confidence level: 100%)
hash443
MimiKatz botnet C2 server (confidence level: 100%)
hash4321
AdaptixC2 botnet C2 server (confidence level: 100%)
hash10001
Meterpreter botnet C2 server (confidence level: 100%)
hash31009
Quasar RAT botnet C2 server (confidence level: 100%)
hash8088
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash80
Remcos botnet C2 server (confidence level: 100%)
hash31337
Sliver botnet C2 server (confidence level: 100%)
hash4443
Sliver botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash3000
Unknown malware botnet C2 server (confidence level: 100%)
hash9443
Quasar RAT botnet C2 server (confidence level: 100%)
hash443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
Bashlite botnet C2 server (confidence level: 100%)
hash3790
Meterpreter botnet C2 server (confidence level: 100%)
hash6077
XWorm botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash39439
Nanocore RAT botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash5555
Cobalt Strike botnet C2 server (confidence level: 100%)
hash801
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5555
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8848
DCRat botnet C2 server (confidence level: 50%)
hash7777
Remcos botnet C2 server (confidence level: 50%)
hash5423
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash15647
SectopRAT botnet C2 server (confidence level: 100%)
hash3ca4cb5499ac164a6af42f3e852d4d804d0bd440739746567364c922d3be7b36
Mirai payload (confidence level: 100%)
hasha8cf98b8e71e4800662e5fa1f73e8f730d51989379f7080e89eb439de1aee238
Mirai payload (confidence level: 100%)
hash94d887bd9e17ef1d032b1ade397c8cdb06ad5bee97ee2acbea986815812e7833
Mirai payload (confidence level: 100%)
hash3dfeaec000f3ed10fcc5e73e4511c8fae039625abb7c3ad78bd0494b9e806248
Mirai payload (confidence level: 100%)
hash8ace4e3efde30f300d3c116b03ddf62b3ed8b289363f6cb97f441229b9765786
Mirai payload (confidence level: 100%)
hash1a7cc94fc56632039953e36a6c1deb26451416d9315e00ec0a930417fd443c2a
Mirai payload (confidence level: 100%)
hash86623fea2bd4b84059577d1af23790421a9a054f8021c3628f5f4e45feb292ef
Mirai payload (confidence level: 100%)
hash1382e61009a959a78baad1ed49599c84509e99aad0f2b8aaf8aa34fecff6e61f
Mirai payload (confidence level: 100%)
hash30125
DeimosC2 botnet C2 server (confidence level: 75%)
hash30251
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
Havoc botnet C2 server (confidence level: 75%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash55008
Nanocore RAT botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8000
Havoc botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8099
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash7634
Cobalt Strike botnet C2 server (confidence level: 75%)
hash7634
Cobalt Strike botnet C2 server (confidence level: 75%)
hash7634
Cobalt Strike botnet C2 server (confidence level: 75%)
hash5566
Havoc botnet C2 server (confidence level: 75%)
hash6666
ValleyRAT botnet C2 server (confidence level: 100%)
hash3696
Mirai botnet C2 server (confidence level: 50%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash2053
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5423
Cobalt Strike botnet C2 server (confidence level: 100%)
hash6671
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 90%)
hash20400
AsyncRAT botnet C2 server (confidence level: 100%)
hash5555
AsyncRAT botnet C2 server (confidence level: 100%)
hash8082
Hook botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash5009
XWorm botnet C2 server (confidence level: 75%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash8080
Havoc botnet C2 server (confidence level: 100%)
hash8888
ValleyRAT botnet C2 server (confidence level: 100%)
hash69
ValleyRAT botnet C2 server (confidence level: 100%)
hash73
ValleyRAT botnet C2 server (confidence level: 100%)
hash288
ValleyRAT botnet C2 server (confidence level: 100%)
hash3322
ValleyRAT botnet C2 server (confidence level: 100%)
hash3322
ValleyRAT botnet C2 server (confidence level: 100%)
hash5542
Remcos botnet C2 server (confidence level: 100%)
hash7881
ValleyRAT botnet C2 server (confidence level: 100%)
hash7880
ValleyRAT botnet C2 server (confidence level: 100%)
hash1133
Unknown Stealer botnet C2 server (confidence level: 75%)
hash8990
Quasar RAT botnet C2 server (confidence level: 75%)
hash7878
Cobalt Strike botnet C2 server (confidence level: 100%)
hash19999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5000
Remcos botnet C2 server (confidence level: 100%)
hash443
Remcos botnet C2 server (confidence level: 100%)
hash443
Remcos botnet C2 server (confidence level: 100%)
hash80
Unknown RAT botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Quasar RAT botnet C2 server (confidence level: 100%)
hash8000
MimiKatz botnet C2 server (confidence level: 100%)
hash9090
AdaptixC2 botnet C2 server (confidence level: 100%)
hash6666
ValleyRAT botnet C2 server (confidence level: 100%)
hash40164
Remcos botnet C2 server (confidence level: 100%)
hash8080
AsyncRAT botnet C2 server (confidence level: 75%)
hash443
Eye Pyramid botnet C2 server (confidence level: 75%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash3000
Unknown malware botnet C2 server (confidence level: 75%)
hash54002
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2003
AsyncRAT botnet C2 server (confidence level: 100%)
hash9000
SectopRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash8082
Hook botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash80
Bashlite botnet C2 server (confidence level: 100%)
hash4321
AdaptixC2 botnet C2 server (confidence level: 100%)
hash55508
PureLogs Stealer botnet C2 server (confidence level: 100%)
hash3114
Mirai botnet C2 server (confidence level: 100%)

Domain

ValueDescriptionCopy
domaingog.nigeriaafricatime.com
Vidar botnet C2 domain (confidence level: 100%)
domaintgk.clashofmaps.vip
Vidar botnet C2 domain (confidence level: 100%)
domainapi.cpibot.com
Unknown Loader payload delivery domain (confidence level: 90%)
domainportabalbufe.com
Unknown malware botnet C2 domain (confidence level: 50%)
domainkamm.m1ntcioud.ru
ClearFake payload delivery domain (confidence level: 100%)
domainglanz7.m1ntcioud.ru
ClearFake payload delivery domain (confidence level: 100%)
domainweiss.m1ntcioud.ru
ClearFake payload delivery domain (confidence level: 100%)
domainbach.stormpeak.ru
ClearFake payload delivery domain (confidence level: 100%)
domaintal.stormpeak.ru
ClearFake payload delivery domain (confidence level: 100%)
domaingrat.stormpeak.ru
ClearFake payload delivery domain (confidence level: 100%)
domainwolke2.stormpeak.ru
ClearFake payload delivery domain (confidence level: 100%)
domainwolke.kab1spr0tect.ru
ClearFake payload delivery domain (confidence level: 100%)
domainglade.kab1spr0tect.ru
ClearFake payload delivery domain (confidence level: 100%)
domaintau3.kab1spr0tect.ru
ClearFake payload delivery domain (confidence level: 100%)
domainkorn.kab1spr0tect.ru
ClearFake payload delivery domain (confidence level: 100%)
domainmoor.inha4itmu1ti.ru
ClearFake payload delivery domain (confidence level: 100%)
domainufer1.inha4itmu1ti.ru
ClearFake payload delivery domain (confidence level: 100%)
domainpfad.inha4itmu1ti.ru
ClearFake payload delivery domain (confidence level: 100%)
domaingeist.dis-5-h-7-gien.ru
ClearFake payload delivery domain (confidence level: 100%)
domaineiche.dis-5-h-7-gien.ru
ClearFake payload delivery domain (confidence level: 100%)
domainfalke.dis-5-h-7-gien.ru
ClearFake payload delivery domain (confidence level: 100%)
domainwind2.dis-5-h-7-gien.ru
ClearFake payload delivery domain (confidence level: 100%)
domainbach.dis-5-h-7-gien.ru
ClearFake payload delivery domain (confidence level: 100%)
domainwolfe.kab-1-spr-0-tect.ru
ClearFake payload delivery domain (confidence level: 100%)
domainstern.kab-1-spr-0-tect.ru
ClearFake payload delivery domain (confidence level: 100%)
domainrune4.kab-1-spr-0-tect.ru
ClearFake payload delivery domain (confidence level: 100%)
domainklee.kab-1-spr-0-tect.ru
ClearFake payload delivery domain (confidence level: 100%)
domainlicht.dinfectt-0-rs-0.ru
ClearFake payload delivery domain (confidence level: 100%)
domaintal.dinfectt-0-rs-0.ru
ClearFake payload delivery domain (confidence level: 100%)
domaingrat.dinfectt-0-rs-0.ru
ClearFake payload delivery domain (confidence level: 100%)
domainhafen2.dinfectt-0-rs-0.ru
ClearFake payload delivery domain (confidence level: 100%)
domainweald.kick-5-ubs-4-ance.ru
ClearFake payload delivery domain (confidence level: 100%)
domainbrise5.kick-5-ubs-4-ance.ru
ClearFake payload delivery domain (confidence level: 100%)
domainmoor.kick-5-ubs-4-ance.ru
ClearFake payload delivery domain (confidence level: 100%)
domainadler.gu5hnatr3mb.ru
ClearFake payload delivery domain (confidence level: 100%)
domainwolke.gu5hnatr3mb.ru
ClearFake payload delivery domain (confidence level: 100%)
domaindune.gu5hnatr3mb.ru
ClearFake payload delivery domain (confidence level: 100%)
domaingleis.gu5hnatr3mb.ru
ClearFake payload delivery domain (confidence level: 100%)
domainnest1.gu5hnatr3mb.ru
ClearFake payload delivery domain (confidence level: 100%)
domainsturm.in-ha-4-it-mu-1-ti.ru
ClearFake payload delivery domain (confidence level: 100%)
domaincut-cash.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainjosesi4418-31009.portmap.host
Quasar RAT botnet C2 domain (confidence level: 100%)
domainxyk33.cyou
ValleyRAT botnet C2 domain (confidence level: 100%)
domainappremiumoilfield.duckdns.org
Nanocore RAT botnet C2 domain (confidence level: 100%)
domainlinmaco001.abrdns.com
Nanocore RAT botnet C2 domain (confidence level: 100%)
domainwald.in-ha-4-it-mu-1-ti.ru
ClearFake payload delivery domain (confidence level: 100%)
domainfjord3.in-ha-4-it-mu-1-ti.ru
ClearFake payload delivery domain (confidence level: 100%)
domainkamm.in-ha-4-it-mu-1-ti.ru
ClearFake payload delivery domain (confidence level: 100%)
domainrauch.dis5h7gien.ru
ClearFake payload delivery domain (confidence level: 100%)
domainwolke2.dis5h7gien.ru
ClearFake payload delivery domain (confidence level: 100%)
domainpfad.dis5h7gien.ru
ClearFake payload delivery domain (confidence level: 100%)
domainglanz.kick5ubs4ance.ru
ClearFake payload delivery domain (confidence level: 100%)
domainufer.kick5ubs4ance.ru
ClearFake payload delivery domain (confidence level: 100%)
domainmircd.hokkien.my.id
Tsunami botnet C2 domain (confidence level: 100%)
domainmircd.xiao.my.id
Tsunami botnet C2 domain (confidence level: 100%)
domainkrone.kick5ubs4ance.ru
ClearFake payload delivery domain (confidence level: 100%)
domaintau1.kick5ubs4ance.ru
ClearFake payload delivery domain (confidence level: 100%)
domainklee.dinfectt0rs0.ru
ClearFake payload delivery domain (confidence level: 100%)
domainbirch.dinfectt0rs0.ru
ClearFake payload delivery domain (confidence level: 100%)
domainfvd.wallyapp.xyz
Vidar botnet C2 domain (confidence level: 100%)
domainfvd.noisolation.org.uk
Vidar botnet C2 domain (confidence level: 100%)
domaindelivery.parsflowers.com
Vidar botnet C2 domain (confidence level: 100%)
domainmoor4.dinfectt0rs0.ru
ClearFake payload delivery domain (confidence level: 100%)
domaincsam.www.moroccancam.com
AsyncRAT botnet C2 domain (confidence level: 50%)
domainserviciospkkm.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 50%)
domainchild-porn.womensoundoff.com
DCRat botnet C2 domain (confidence level: 50%)
domainfreeporn.womensoundoff.com
DCRat botnet C2 domain (confidence level: 50%)
domainsex-child.womensoundoff.com
DCRat botnet C2 domain (confidence level: 50%)
domainplay.mclighthouse.ir
Mirai botnet C2 domain (confidence level: 50%)
domainjulio31.con-ip.com
Remcos botnet C2 domain (confidence level: 50%)
domainzuwkanuikekauwawebarugibikonemwehnhumdon.duckdns.org
Remcos botnet C2 domain (confidence level: 50%)
domainwolfe.gu-5-hnatr-3-mb.ru
ClearFake payload delivery domain (confidence level: 100%)
domainblitz.gu-5-hnatr-3-mb.ru
ClearFake payload delivery domain (confidence level: 100%)
domainweiss.gu-5-hnatr-3-mb.ru
ClearFake payload delivery domain (confidence level: 100%)
domainrune.gu-5-hnatr-3-mb.ru
ClearFake payload delivery domain (confidence level: 100%)
domainbach2.gu-5-hnatr-3-mb.ru
ClearFake payload delivery domain (confidence level: 100%)
domainyyb0w.shad0wmist.ru
ClearFake payload delivery domain (confidence level: 100%)
domainnf0g.shad0wmist.ru
ClearFake payload delivery domain (confidence level: 100%)
domainbj1s.shad0wmist.ru
ClearFake payload delivery domain (confidence level: 100%)
domaincrest5.shad0wmist.ru
ClearFake payload delivery domain (confidence level: 100%)
domaindrift.rapidst0ne.ru
ClearFake payload delivery domain (confidence level: 100%)
domainmist8.rapidst0ne.ru
ClearFake payload delivery domain (confidence level: 100%)
domainridge.rapidst0ne.ru
ClearFake payload delivery domain (confidence level: 100%)
domainkj.rapidst0ne.ru
ClearFake payload delivery domain (confidence level: 100%)
domainstone.skybl1ss.ru
ClearFake payload delivery domain (confidence level: 100%)
domaincrest3.skybl1ss.ru
ClearFake payload delivery domain (confidence level: 100%)
domainwild6.skybl1ss.ru
ClearFake payload delivery domain (confidence level: 100%)
domaindrift8.skybl1ss.ru
ClearFake payload delivery domain (confidence level: 100%)
domainnova.m1ntflare.ru
ClearFake payload delivery domain (confidence level: 100%)
domain61.m1ntflare.ru
ClearFake payload delivery domain (confidence level: 100%)
domainblue.m1ntflare.ru
ClearFake payload delivery domain (confidence level: 100%)
domainsky.m1ntflare.ru
ClearFake payload delivery domain (confidence level: 100%)
domain731.b1uespark.ru
ClearFake payload delivery domain (confidence level: 100%)
domainsun.b1uespark.ru
ClearFake payload delivery domain (confidence level: 100%)
domaintw80g.b1uespark.ru
ClearFake payload delivery domain (confidence level: 100%)
domainspark5.b1uespark.ru
ClearFake payload delivery domain (confidence level: 100%)
domainflare.suncrest0n.ru
ClearFake payload delivery domain (confidence level: 100%)
domain6xnq.suncrest0n.ru
ClearFake payload delivery domain (confidence level: 100%)
domainshadow.suncrest0n.ru
ClearFake payload delivery domain (confidence level: 100%)
domain6menpanelgrace99.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domaincucuketeee.dynuddns.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domaingoloe2.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domain0i4.suncrest0n.ru
ClearFake payload delivery domain (confidence level: 100%)
domainee2x.w1ldforge.ru
ClearFake payload delivery domain (confidence level: 100%)
domainvale4.w1ldforge.ru
ClearFake payload delivery domain (confidence level: 100%)
domainpulse1.w1ldforge.ru
ClearFake payload delivery domain (confidence level: 100%)
domaind17.w1ldforge.ru
ClearFake payload delivery domain (confidence level: 100%)
domain1e8.stonecl0ud.ru
ClearFake payload delivery domain (confidence level: 100%)
domainwild0.stonecl0ud.ru
ClearFake payload delivery domain (confidence level: 100%)
domainqm.stonecl0ud.ru
ClearFake payload delivery domain (confidence level: 100%)
domainmedinflow.com
KongTuke payload delivery domain (confidence level: 100%)
domainlr.stonecl0ud.ru
ClearFake payload delivery domain (confidence level: 100%)
domain3y.brightridge.ru
ClearFake payload delivery domain (confidence level: 100%)
domainrapid.brightridge.ru
ClearFake payload delivery domain (confidence level: 100%)
domain96btv.brightridge.ru
ClearFake payload delivery domain (confidence level: 100%)
domain7l.brightridge.ru
ClearFake payload delivery domain (confidence level: 100%)
domainhop.wallyapp.xyz
Vidar botnet C2 domain (confidence level: 100%)
domainhop.noisolation.org.uk
Vidar botnet C2 domain (confidence level: 100%)
domainbv.fro5tlane.ru
ClearFake payload delivery domain (confidence level: 100%)
domainxcx.fro5tlane.ru
ClearFake payload delivery domain (confidence level: 100%)
domainsilver9.fro5tlane.ru
ClearFake payload delivery domain (confidence level: 100%)
domainvale3.fro5tlane.ru
ClearFake payload delivery domain (confidence level: 100%)
domainpulse.mintforge.ru
ClearFake payload delivery domain (confidence level: 100%)
domain35y.mintforge.ru
ClearFake payload delivery domain (confidence level: 100%)
domain5i.mintforge.ru
ClearFake payload delivery domain (confidence level: 100%)
domainuy3hc.mintforge.ru
ClearFake payload delivery domain (confidence level: 100%)
domainsage8.cioudnest.ru
ClearFake payload delivery domain (confidence level: 100%)
domainvale.cioudnest.ru
ClearFake payload delivery domain (confidence level: 100%)
domainnsi.cioudnest.ru
ClearFake payload delivery domain (confidence level: 100%)
domainfeedback.rightontheroad.com
FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainsilver.cioudnest.ru
ClearFake payload delivery domain (confidence level: 100%)
domainu3i3y.st0nefield.ru
ClearFake payload delivery domain (confidence level: 100%)
domainlpx.st0nefield.ru
ClearFake payload delivery domain (confidence level: 100%)
domaincloud8.st0nefield.ru
ClearFake payload delivery domain (confidence level: 100%)
domainmint.st0nefield.ru
ClearFake payload delivery domain (confidence level: 100%)
domainnest5.windfiare.ru
ClearFake payload delivery domain (confidence level: 100%)
domaincloud4.windfiare.ru
ClearFake payload delivery domain (confidence level: 100%)
domaincloud.windfiare.ru
ClearFake payload delivery domain (confidence level: 100%)
domainlbs.windfiare.ru
ClearFake payload delivery domain (confidence level: 100%)
domainnova4.silverr0ot.ru
ClearFake payload delivery domain (confidence level: 100%)
domainmint3.silverr0ot.ru
ClearFake payload delivery domain (confidence level: 100%)
domainstorm.silverr0ot.ru
ClearFake payload delivery domain (confidence level: 100%)
domainfrost8.silverr0ot.ru
ClearFake payload delivery domain (confidence level: 100%)
domainhello.tgllsy.bar
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainv9.brightsage.ru
ClearFake payload delivery domain (confidence level: 100%)
domainq6.brightsage.ru
ClearFake payload delivery domain (confidence level: 100%)
domain5obr8.brightsage.ru
ClearFake payload delivery domain (confidence level: 100%)
domainbpk.brightsage.ru
ClearFake payload delivery domain (confidence level: 100%)
domainbloom.stormbioom.ru
ClearFake payload delivery domain (confidence level: 100%)
domain6tpmi.stormbioom.ru
ClearFake payload delivery domain (confidence level: 100%)
domainlake.stormbioom.ru
ClearFake payload delivery domain (confidence level: 100%)
domainqsa1.stormbioom.ru
ClearFake payload delivery domain (confidence level: 100%)
domainsaid-letter.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainnas064gjgfebvbutebbtakethisasitisbhfdnmn.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domaintickets-somewhat.gl.at.ply.gg
NjRAT botnet C2 domain (confidence level: 100%)
domain2h6.mistfaii.ru
ClearFake payload delivery domain (confidence level: 100%)
domains2awscloudupdates.com
NetWire RC botnet C2 domain (confidence level: 100%)
domaincloud2.mistfaii.ru
ClearFake payload delivery domain (confidence level: 100%)
domaincr.mistfaii.ru
ClearFake payload delivery domain (confidence level: 100%)
domain383cc.mistfaii.ru
ClearFake payload delivery domain (confidence level: 100%)
domainfkk4m.iunarpeak.ru
ClearFake payload delivery domain (confidence level: 100%)
domainlwch.iunarpeak.ru
ClearFake payload delivery domain (confidence level: 100%)
domainflare.iunarpeak.ru
ClearFake payload delivery domain (confidence level: 100%)
domainngytp.iunarpeak.ru
ClearFake payload delivery domain (confidence level: 100%)
domainlane7.emberiake.ru
ClearFake payload delivery domain (confidence level: 100%)
domainsage.emberiake.ru
ClearFake payload delivery domain (confidence level: 100%)
domainvsieh.emberiake.ru
ClearFake payload delivery domain (confidence level: 100%)
domainvh.emberiake.ru
ClearFake payload delivery domain (confidence level: 100%)
domainwolke.brightf0rge.ru
ClearFake payload delivery domain (confidence level: 100%)
domainpfad2.brightf0rge.ru
ClearFake payload delivery domain (confidence level: 100%)
domaineiche.brightf0rge.ru
ClearFake payload delivery domain (confidence level: 100%)
domainrune.brightf0rge.ru
ClearFake payload delivery domain (confidence level: 100%)
domaintaiga.iunarblend.ru
ClearFake payload delivery domain (confidence level: 100%)
domainglade.iunarblend.ru
ClearFake payload delivery domain (confidence level: 100%)
domainkamm1.iunarblend.ru
ClearFake payload delivery domain (confidence level: 100%)
domainfjord.wiidharbor.ru
ClearFake payload delivery domain (confidence level: 100%)
domainufer.wiidharbor.ru
ClearFake payload delivery domain (confidence level: 100%)
domainmoos.wiidharbor.ru
ClearFake payload delivery domain (confidence level: 100%)
domainbrise4.wiidharbor.ru
ClearFake payload delivery domain (confidence level: 100%)
domainkorn.wiidharbor.ru
ClearFake payload delivery domain (confidence level: 100%)
domainwolfe.deepstream.ru
ClearFake payload delivery domain (confidence level: 100%)
domainbach.deepstream.ru
ClearFake payload delivery domain (confidence level: 100%)
domaintal2.deepstream.ru
ClearFake payload delivery domain (confidence level: 100%)
domaingleam.starcresting.ru
ClearFake payload delivery domain (confidence level: 100%)
domainnebel.starcresting.ru
ClearFake payload delivery domain (confidence level: 100%)
domainfalke1.starcresting.ru
ClearFake payload delivery domain (confidence level: 100%)
domainjsbot.dzbot.top
Mirai botnet C2 domain (confidence level: 100%)
domainpfote.starcresting.ru
ClearFake payload delivery domain (confidence level: 100%)
domainbirch.m1styvaive.ru
ClearFake payload delivery domain (confidence level: 100%)
domainweald.m1styvaive.ru
ClearFake payload delivery domain (confidence level: 100%)
domainglow2.m1styvaive.ru
ClearFake payload delivery domain (confidence level: 100%)
domainrill.m1styvaive.ru
ClearFake payload delivery domain (confidence level: 100%)
domainshady.m1styvaive.ru
ClearFake payload delivery domain (confidence level: 100%)
domainrauch.mintstone.ru
ClearFake payload delivery domain (confidence level: 100%)
domainklee.mintstone.ru
ClearFake payload delivery domain (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttps://31.129.54.227/
Vidar botnet C2 (confidence level: 100%)
urlhttp://91.92.243.129/0gjsy4hf3/login.php
Amadey botnet C2 (confidence level: 100%)
urlhttps://seiho-ouyou.com/
Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://bongoshare.bishtelecom.com/
Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://xerovent.org/
Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://lcontrols4.ru/xhamster.html
Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://workcrms.abesecom.co.in/
Unknown malware payload delivery URL (confidence level: 90%)
urlhttp://cd672412.tw1.ru/d8123622.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://156.252.63.98:8888/supershell/login/
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://158.94.208.130
Stealc botnet C2 (confidence level: 100%)
urlhttp://91.212.150.45
Stealc botnet C2 (confidence level: 100%)
urlhttps://fvd.wallyapp.xyz/
Vidar botnet C2 (confidence level: 100%)
urlhttps://fvd.noisolation.org.uk/
Vidar botnet C2 (confidence level: 100%)
urlhttps://94.130.189.15/
Vidar botnet C2 (confidence level: 100%)
urlhttps://delivery.parsflowers.com/
Vidar botnet C2 (confidence level: 100%)
urlhttps://hiddenpoly.markets/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://45.88.76.238/3b55d279dd60140c.php
Stealc botnet C2 (confidence level: 50%)
urlhttps://lbaiawugmhxp7t6pczm3.bianco.com.mx/
Unknown malware botnet C2 (confidence level: 50%)
urlhttps://aa.fahrenheitacfl.com/
Unknown malware botnet C2 (confidence level: 50%)
urlhttps://aa.consultoriapericial.com/
Unknown malware botnet C2 (confidence level: 50%)
urlhttps://a.kehribarinsaat.com/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://mngrblgvopedwfeongv6xbf8ukd7qz.testerta.pwtruckwright.cfd/
Unknown malware botnet C2 (confidence level: 50%)
urlhttps://servlcenow.com/
Unknown malware botnet C2 (confidence level: 50%)
urlhttps://www.aa.fahrenheitacfl.com/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://160.250.247.152/arc
Mirai payload delivery URL (confidence level: 100%)
urlhttp://160.250.247.152/arm
Mirai payload delivery URL (confidence level: 100%)
urlhttp://160.250.247.152/arm5
Mirai payload delivery URL (confidence level: 100%)
urlhttp://160.250.247.152/arm7
Mirai payload delivery URL (confidence level: 100%)
urlhttp://160.250.247.152/mips
Mirai payload delivery URL (confidence level: 100%)
urlhttp://160.250.247.152/mpsl
Mirai payload delivery URL (confidence level: 100%)
urlhttp://160.250.247.152/ppc
Mirai payload delivery URL (confidence level: 100%)
urlhttp://160.250.247.152/sh4
Mirai payload delivery URL (confidence level: 100%)
urlhttp://23.94.126.153:1133/check_version
KillDisk (Lazarus) botnet C2 (confidence level: 50%)
urlhttp://23.94.126.153:1133/send_file
KillDisk (Lazarus) botnet C2 (confidence level: 50%)
urlhttps://medinflow.com/5t5t.js
KongTuke payload delivery URL (confidence level: 100%)
urlhttps://medinflow.com/js.php
KongTuke payload delivery URL (confidence level: 100%)
urlhttp://199.217.99.96:6655/alph
KongTuke payload delivery URL (confidence level: 100%)
urlhttps://efcst.org/help/scholarships/?utm_source=chatgpt.com
Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://hop.wallyapp.xyz/
Vidar botnet C2 (confidence level: 100%)
urlhttps://hop.noisolation.org.uk/
Vidar botnet C2 (confidence level: 100%)
urlhttps://leojbl.xin/qiue
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://80.97.160.198
Stealc botnet C2 (confidence level: 100%)

Threat ID: 6920fe842cd4adea235208d7

Added to database: 11/22/2025, 12:06:28 AM

Last enriched: 11/22/2025, 12:06:40 AM

Last updated: 11/22/2025, 10:19:45 AM

Views: 10

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains

Medium
MalwareFri Nov 21 2025

Syncro + Lovable: RAT delivery via AI-generated websites | Kaspersky official blog

Medium
MalwareFri Nov 21 2025

New Sturnus Android Malware Reads WhatsApp, Telegram, Signal Chats via Accessibility Abuse

Medium
MalwareFri Nov 21 2025

Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks

Medium
MalwareFri Nov 21 2025

The Tsundere botnet uses the Ethereum blockchain to infect its targets

Medium
MalwareFri Nov 21 2025

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats