Skip to main content
Threat Radar animated logo
DashboardThreatsMapFeedsAPILifetime Access
reconnecting
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

ThreatFox IOCs for 2025-12-06

0
Medium
Malwaretype:osinttlp:white
Published: Sat Dec 06 2025 (12/06/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-12-06

AI-Powered Analysis

AILast updated: 12/07/2025, 00:16:43 UTC

Technical Analysis

This threat entry from the ThreatFox MISP Feed dated 2025-12-06 describes a malware-related threat primarily involving OSINT techniques, network activity, and payload delivery. The data lacks specific affected software versions or detailed technical indicators, which limits the ability to pinpoint exact attack vectors or payload types. The threat level is rated as medium, with a threatLevel metric of 2 (on an unspecified scale), analysis level of 1, and distribution level of 3, suggesting moderate dissemination but limited in-depth analysis. No known exploits are reported in the wild, and no patches are available, indicating either a newly discovered or low-profile threat. The absence of CWE identifiers implies that the underlying vulnerabilities or malware characteristics are not clearly defined or classified. The threat likely involves the use of OSINT to gather intelligence or deliver malicious payloads over the network, which could be used for reconnaissance or initial compromise stages. The TLP:white tag indicates that the information is not restricted and can be widely shared, supporting collaborative defense efforts. The lack of indicators of compromise (IOCs) in the data limits immediate detection capabilities, necessitating reliance on behavioral and network anomaly detection. Overall, this threat represents a moderate risk primarily due to its potential for payload delivery via network activity and the use of OSINT techniques, which can facilitate targeted attacks or espionage.

Potential Impact

For European organizations, this threat could result in unauthorized network access, data exfiltration, or the delivery of malicious payloads that compromise system integrity or availability. Organizations heavily reliant on OSINT tools or those with significant network exposure may face increased risk of reconnaissance and subsequent targeted attacks. The medium severity suggests that while the threat is not currently exploited widely, it could serve as a vector for more damaging attacks if leveraged effectively. Potential impacts include disruption of services, leakage of sensitive information, and increased exposure to follow-on attacks. The absence of patches and known exploits indicates a need for proactive defense rather than reactive remediation. European critical infrastructure, government agencies, and private sector entities involved in intelligence or sensitive data processing could be particularly vulnerable. The threat's network-based nature underscores the importance of robust perimeter defenses and continuous monitoring to detect anomalous payload delivery attempts.

Mitigation Recommendations

European organizations should enhance their network monitoring capabilities to detect unusual payload delivery and OSINT-related reconnaissance activities. Deploy advanced intrusion detection and prevention systems (IDS/IPS) with updated threat intelligence feeds, including ThreatFox data, to identify emerging indicators once available. Implement strict network segmentation to limit lateral movement and reduce the attack surface. Employ behavioral analytics to detect deviations from normal network traffic patterns that may indicate payload delivery or reconnaissance. Regularly update and audit OSINT tools and their configurations to minimize exposure to exploitation. Conduct threat hunting exercises focusing on network payload delivery vectors and OSINT activity patterns. Strengthen endpoint security with application whitelisting and exploit mitigation techniques to prevent payload execution. Foster information sharing with European cybersecurity communities to stay informed about evolving threats and indicators. Finally, develop incident response plans tailored to network-based payload delivery scenarios to ensure rapid containment and remediation.

Affected Countries

GermanyGermany
FranceFrance
United KingdomUnited Kingdom
NetherlandsNetherlands
BelgiumBelgium
ItalyItaly
SpainSpain
PolandPoland
SwedenSweden
FinlandFinland
Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
22620e50-80d0-4c4b-8718-e4171fa20d96
Original Timestamp
1765065787

Indicators of Compromise

File

ValueDescriptionCopy
file154.6.197.35
Mirai botnet C2 server (confidence level: 80%)
file103.75.183.222
Mirai botnet C2 server (confidence level: 80%)
file121.127.34.100
Mirai botnet C2 server (confidence level: 80%)
file185.208.159.236
Vidar botnet C2 server (confidence level: 100%)
file46.62.240.203
Vidar botnet C2 server (confidence level: 100%)
file212.64.215.198
Quasar RAT botnet C2 server (confidence level: 100%)
file202.182.102.83
Unknown malware botnet C2 server (confidence level: 100%)
file38.19.198.245
DarkComet botnet C2 server (confidence level: 100%)
file45.144.53.58
Stealc botnet C2 server (confidence level: 100%)
file86.54.24.139
Stealc botnet C2 server (confidence level: 100%)
file93.152.230.7
Stealc botnet C2 server (confidence level: 100%)
file89.169.53.244
Stealc botnet C2 server (confidence level: 100%)
file62.60.226.170
Stealc botnet C2 server (confidence level: 100%)
file178.17.59.148
Stealc botnet C2 server (confidence level: 100%)
file95.181.173.156
Stealc botnet C2 server (confidence level: 100%)
file45.86.229.110
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.254.240.249
Remcos botnet C2 server (confidence level: 100%)
file89.116.51.98
Unknown malware botnet C2 server (confidence level: 100%)
file27.74.249.74
Quasar RAT botnet C2 server (confidence level: 100%)
file160.187.146.97
DCRat botnet C2 server (confidence level: 100%)
file160.187.146.97
DCRat botnet C2 server (confidence level: 100%)
file196.75.120.203
Meterpreter botnet C2 server (confidence level: 100%)
file91.235.116.137
Mirai botnet C2 server (confidence level: 80%)
file87.120.254.220
Cobalt Strike botnet C2 server (confidence level: 75%)
file119.29.183.182
Cobalt Strike botnet C2 server (confidence level: 100%)
file166.117.252.144
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.196.8.124
Remcos botnet C2 server (confidence level: 100%)
file45.61.157.162
Unknown malware botnet C2 server (confidence level: 100%)
file178.16.52.94
Unknown malware botnet C2 server (confidence level: 100%)
file155.138.253.78
Unknown malware botnet C2 server (confidence level: 100%)
file176.126.244.114
Unknown malware botnet C2 server (confidence level: 100%)
file161.248.200.24
Hook botnet C2 server (confidence level: 100%)
file194.113.74.91
MimiKatz botnet C2 server (confidence level: 100%)
file13.51.168.213
Empire Downloader botnet C2 server (confidence level: 100%)
file118.31.18.77
Cobalt Strike botnet C2 server (confidence level: 100%)
file195.26.86.64
Unknown malware botnet C2 server (confidence level: 100%)
file103.163.208.229
Unknown malware botnet C2 server (confidence level: 100%)
file45.55.126.233
Unknown malware botnet C2 server (confidence level: 100%)
file103.164.203.173
VShell botnet C2 server (confidence level: 100%)
file54.167.98.66
Meterpreter botnet C2 server (confidence level: 100%)
file54.167.98.66
Meterpreter botnet C2 server (confidence level: 100%)
file54.167.98.66
Meterpreter botnet C2 server (confidence level: 100%)
file194.69.203.32
Mirai botnet C2 server (confidence level: 80%)
file124.236.107.137
DeimosC2 botnet C2 server (confidence level: 75%)
file135.129.130.120
DeimosC2 botnet C2 server (confidence level: 75%)
file154.73.129.20
DeimosC2 botnet C2 server (confidence level: 75%)
file217.160.162.198
DeimosC2 botnet C2 server (confidence level: 75%)
file77.73.67.213
DeimosC2 botnet C2 server (confidence level: 75%)
file103.163.208.184
Unknown malware botnet C2 server (confidence level: 100%)
file194.9.6.97
AsyncRAT botnet C2 server (confidence level: 50%)
file194.9.6.97
AsyncRAT botnet C2 server (confidence level: 50%)
file194.9.6.97
AsyncRAT botnet C2 server (confidence level: 50%)
file194.9.6.97
DCRat botnet C2 server (confidence level: 50%)
file82.117.87.188
Mirai botnet C2 server (confidence level: 80%)
file39.97.47.45
Cobalt Strike botnet C2 server (confidence level: 50%)
file111.228.40.85
Cobalt Strike botnet C2 server (confidence level: 50%)
file111.228.40.85
Cobalt Strike botnet C2 server (confidence level: 50%)
file91.92.241.247
Cobalt Strike botnet C2 server (confidence level: 50%)
file123.207.20.187
Cobalt Strike botnet C2 server (confidence level: 50%)
file195.65.41.209
Cobalt Strike botnet C2 server (confidence level: 50%)
file111.92.243.97
Cobalt Strike botnet C2 server (confidence level: 50%)
file117.72.222.203
Cobalt Strike botnet C2 server (confidence level: 50%)
file144.124.234.143
Cobalt Strike botnet C2 server (confidence level: 50%)
file5.182.210.126
Cobalt Strike botnet C2 server (confidence level: 50%)
file114.132.217.187
Cobalt Strike botnet C2 server (confidence level: 50%)
file147.45.214.79
Sliver botnet C2 server (confidence level: 50%)
file159.195.59.191
Sliver botnet C2 server (confidence level: 50%)
file23.94.53.32
Sliver botnet C2 server (confidence level: 50%)
file108.181.189.21
Sliver botnet C2 server (confidence level: 50%)
file83.97.20.217
Sliver botnet C2 server (confidence level: 50%)
file151.243.109.170
Sliver botnet C2 server (confidence level: 50%)
file95.142.38.174
Sliver botnet C2 server (confidence level: 50%)
file23.94.53.35
Sliver botnet C2 server (confidence level: 50%)
file185.196.10.199
Sliver botnet C2 server (confidence level: 50%)
file69.30.198.218
Sliver botnet C2 server (confidence level: 50%)
file150.241.230.249
Sliver botnet C2 server (confidence level: 50%)
file172.238.97.139
Sliver botnet C2 server (confidence level: 50%)
file38.45.127.146
Unknown RAT botnet C2 server (confidence level: 50%)
file154.91.84.75
Unknown RAT botnet C2 server (confidence level: 50%)
file154.39.66.25
Unknown RAT botnet C2 server (confidence level: 50%)
file38.45.125.91
Unknown RAT botnet C2 server (confidence level: 50%)
file118.107.45.42
Unknown RAT botnet C2 server (confidence level: 50%)
file207.56.8.227
Unknown RAT botnet C2 server (confidence level: 50%)
file118.107.29.170
Unknown RAT botnet C2 server (confidence level: 50%)
file38.45.125.93
Unknown RAT botnet C2 server (confidence level: 50%)
file45.64.112.60
Unknown RAT botnet C2 server (confidence level: 50%)
file118.107.29.168
Unknown RAT botnet C2 server (confidence level: 50%)
file107.172.31.107
XWorm botnet C2 server (confidence level: 100%)
file39.103.98.20
Unknown malware botnet C2 server (confidence level: 50%)
file34.46.180.128
Unknown malware botnet C2 server (confidence level: 50%)
file81.90.226.110
Unknown malware botnet C2 server (confidence level: 50%)
file101.251.176.126
Unknown malware botnet C2 server (confidence level: 50%)
file223.76.218.109
Unknown malware botnet C2 server (confidence level: 50%)
file160.30.204.171
Nanocore RAT botnet C2 server (confidence level: 50%)
file209.122.38.136
Nanocore RAT botnet C2 server (confidence level: 50%)
file121.178.51.21
Nanocore RAT botnet C2 server (confidence level: 50%)
file105.100.167.0
Nanocore RAT botnet C2 server (confidence level: 50%)
file220.70.92.31
DarkComet botnet C2 server (confidence level: 50%)
file87.126.82.122
DarkComet botnet C2 server (confidence level: 50%)
file208.114.212.4
Unknown malware botnet C2 server (confidence level: 50%)
file1.7.147.211
Unknown malware botnet C2 server (confidence level: 50%)
file130.131.224.159
Unknown malware botnet C2 server (confidence level: 50%)
file204.211.84.201
Unknown malware botnet C2 server (confidence level: 50%)
file149.210.44.219
Ghost RAT botnet C2 server (confidence level: 50%)
file102.117.169.113
Unknown malware botnet C2 server (confidence level: 50%)
file94.156.119.187
Unknown malware botnet C2 server (confidence level: 50%)
file195.20.17.33
Sliver botnet C2 server (confidence level: 90%)
file60.205.131.83
Unknown malware botnet C2 server (confidence level: 100%)
file65.109.12.247
Unknown malware botnet C2 server (confidence level: 100%)
file13.127.160.40
Unknown malware botnet C2 server (confidence level: 100%)
file46.224.96.46
Unknown malware botnet C2 server (confidence level: 100%)
file117.72.87.150
Unknown malware botnet C2 server (confidence level: 100%)
file165.232.82.194
Unknown malware botnet C2 server (confidence level: 100%)
file43.251.103.40
Unknown malware botnet C2 server (confidence level: 100%)
file47.76.94.15
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.39.79.43
Ghost RAT botnet C2 server (confidence level: 100%)
file38.255.34.18
Remcos botnet C2 server (confidence level: 100%)
file209.200.246.45
Crimson RAT botnet C2 server (confidence level: 100%)
file199.101.108.93
Meterpreter botnet C2 server (confidence level: 100%)
file54.167.98.66
Meterpreter botnet C2 server (confidence level: 100%)
file54.167.98.66
Meterpreter botnet C2 server (confidence level: 100%)
file138.68.189.124
Meterpreter botnet C2 server (confidence level: 75%)
file159.65.102.0
Aisuru botnet C2 server (confidence level: 75%)
file47.95.167.163
Cobalt Strike botnet C2 server (confidence level: 100%)
file120.24.76.4
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.148.152.82
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.105.61.160
Cobalt Strike botnet C2 server (confidence level: 100%)
file182.254.146.29
Cobalt Strike botnet C2 server (confidence level: 100%)
file118.31.116.202
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.98.204.142
Mirai botnet C2 server (confidence level: 75%)
file8.218.138.77
Mirai botnet C2 server (confidence level: 75%)
file8.216.84.159
Mirai botnet C2 server (confidence level: 75%)
file39.107.85.83
Mirai botnet C2 server (confidence level: 75%)
file1.15.62.170
Mirai botnet C2 server (confidence level: 75%)
file156.247.40.80
Mirai botnet C2 server (confidence level: 75%)
file141.11.240.103
Mirai botnet C2 server (confidence level: 75%)
file185.213.60.55
Cobalt Strike botnet C2 server (confidence level: 100%)
file125.208.17.130
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.89.110.213
Remcos botnet C2 server (confidence level: 100%)
file176.125.254.148
Sliver botnet C2 server (confidence level: 100%)
file8.216.15.30
Unknown malware botnet C2 server (confidence level: 100%)
file162.243.81.105
AsyncRAT botnet C2 server (confidence level: 100%)
file157.245.148.3
Venom RAT botnet C2 server (confidence level: 100%)
file45.152.161.176
MooBot botnet C2 server (confidence level: 100%)
file109.230.231.37
MimiKatz botnet C2 server (confidence level: 100%)
file179.43.172.109
Mirai botnet C2 server (confidence level: 75%)
file72.56.71.87
Mirai botnet C2 server (confidence level: 75%)
file45.8.93.146
Mirai botnet C2 server (confidence level: 75%)
file194.87.138.173
Mirai botnet C2 server (confidence level: 75%)
file196.75.124.64
Meterpreter botnet C2 server (confidence level: 100%)
file165.22.47.169
Mirai botnet C2 server (confidence level: 75%)
file192.163.166.13
ValleyRAT botnet C2 server (confidence level: 100%)
file192.163.166.13
ValleyRAT botnet C2 server (confidence level: 100%)
file125.208.23.139
ValleyRAT botnet C2 server (confidence level: 100%)
file160.187.146.97
DCRat botnet C2 server (confidence level: 75%)
file167.172.230.77
Unknown malware botnet C2 server (confidence level: 75%)
file191.112.1.18
QakBot botnet C2 server (confidence level: 75%)
file202.108.15.210
DeimosC2 botnet C2 server (confidence level: 75%)
file47.92.84.163
Sliver botnet C2 server (confidence level: 75%)
file47.92.84.163
Sliver botnet C2 server (confidence level: 75%)
file38.52.128.252
XWorm botnet C2 server (confidence level: 100%)
file87.242.106.13
XWorm botnet C2 server (confidence level: 100%)
file124.198.131.187
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.227.158.61
Cobalt Strike botnet C2 server (confidence level: 100%)
file54.46.40.132
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.127.216.230
Sliver botnet C2 server (confidence level: 100%)
file31.57.46.28
Sliver botnet C2 server (confidence level: 100%)
file43.163.26.181
Sliver botnet C2 server (confidence level: 100%)
file45.134.49.30
Unknown malware botnet C2 server (confidence level: 100%)
file51.38.235.182
Unknown malware botnet C2 server (confidence level: 100%)
file35.74.234.218
Unknown malware botnet C2 server (confidence level: 100%)
file161.248.200.24
Hook botnet C2 server (confidence level: 100%)
file182.123.74.218
Quasar RAT botnet C2 server (confidence level: 100%)
file69.167.11.52
DCRat botnet C2 server (confidence level: 100%)
file185.208.159.212
DCRat botnet C2 server (confidence level: 100%)
file154.37.219.142
Kaiji botnet C2 server (confidence level: 100%)
file185.176.94.132
MooBot botnet C2 server (confidence level: 100%)
file72.62.45.57
Unknown malware botnet C2 server (confidence level: 100%)
file43.134.163.224
AdaptixC2 botnet C2 server (confidence level: 100%)
file209.97.155.191
Aisuru botnet C2 server (confidence level: 75%)
file104.250.161.133
XWorm botnet C2 server (confidence level: 75%)

Hash

ValueDescriptionCopy
hash1999
Mirai botnet C2 server (confidence level: 80%)
hash56999
Mirai botnet C2 server (confidence level: 80%)
hash3778
Mirai botnet C2 server (confidence level: 80%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash5631
Quasar RAT botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash1604
DarkComet botnet C2 server (confidence level: 100%)
hash80
Stealc botnet C2 server (confidence level: 100%)
hash80
Stealc botnet C2 server (confidence level: 100%)
hash80
Stealc botnet C2 server (confidence level: 100%)
hash80
Stealc botnet C2 server (confidence level: 100%)
hash80
Stealc botnet C2 server (confidence level: 100%)
hash80
Stealc botnet C2 server (confidence level: 100%)
hash80
Stealc botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8808
Quasar RAT botnet C2 server (confidence level: 100%)
hash80
DCRat botnet C2 server (confidence level: 100%)
hash443
DCRat botnet C2 server (confidence level: 100%)
hash2222
Meterpreter botnet C2 server (confidence level: 100%)
hash1024
Mirai botnet C2 server (confidence level: 80%)
hashe818a9afd55693d556a47002a7b7ef31
SmokeLoader payload (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash60000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash443
MimiKatz botnet C2 server (confidence level: 100%)
hash80
Empire Downloader botnet C2 server (confidence level: 100%)
hash50001
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8082
VShell botnet C2 server (confidence level: 100%)
hash3800
Meterpreter botnet C2 server (confidence level: 100%)
hash5900
Meterpreter botnet C2 server (confidence level: 100%)
hash18100
Meterpreter botnet C2 server (confidence level: 100%)
hash3778
Mirai botnet C2 server (confidence level: 80%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash8080
DeimosC2 botnet C2 server (confidence level: 75%)
hash5034
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash2001
DeimosC2 botnet C2 server (confidence level: 75%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 50%)
hash7707
AsyncRAT botnet C2 server (confidence level: 50%)
hash8808
AsyncRAT botnet C2 server (confidence level: 50%)
hash3232
DCRat botnet C2 server (confidence level: 50%)
hash45
Mirai botnet C2 server (confidence level: 80%)
hash6666
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8099
Cobalt Strike botnet C2 server (confidence level: 50%)
hash9981
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash9000
Cobalt Strike botnet C2 server (confidence level: 50%)
hash843
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash444
Unknown RAT botnet C2 server (confidence level: 50%)
hash444
Unknown RAT botnet C2 server (confidence level: 50%)
hash444
Unknown RAT botnet C2 server (confidence level: 50%)
hash444
Unknown RAT botnet C2 server (confidence level: 50%)
hash444
Unknown RAT botnet C2 server (confidence level: 50%)
hash444
Unknown RAT botnet C2 server (confidence level: 50%)
hash444
Unknown RAT botnet C2 server (confidence level: 50%)
hash444
Unknown RAT botnet C2 server (confidence level: 50%)
hash444
Unknown RAT botnet C2 server (confidence level: 50%)
hash444
Unknown RAT botnet C2 server (confidence level: 50%)
hash6000
XWorm botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash9205
Unknown malware botnet C2 server (confidence level: 50%)
hash54984
Nanocore RAT botnet C2 server (confidence level: 50%)
hash54984
Nanocore RAT botnet C2 server (confidence level: 50%)
hash80
Nanocore RAT botnet C2 server (confidence level: 50%)
hash54984
Nanocore RAT botnet C2 server (confidence level: 50%)
hash1604
DarkComet botnet C2 server (confidence level: 50%)
hash1604
DarkComet botnet C2 server (confidence level: 50%)
hash443
Unknown malware botnet C2 server (confidence level: 50%)
hash8443
Unknown malware botnet C2 server (confidence level: 50%)
hash8443
Unknown malware botnet C2 server (confidence level: 50%)
hash9002
Unknown malware botnet C2 server (confidence level: 50%)
hash443
Ghost RAT botnet C2 server (confidence level: 50%)
hash7443
Unknown malware botnet C2 server (confidence level: 50%)
hash443
Unknown malware botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 90%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash50001
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Ghost RAT botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash1912
Crimson RAT botnet C2 server (confidence level: 100%)
hash3790
Meterpreter botnet C2 server (confidence level: 100%)
hash9600
Meterpreter botnet C2 server (confidence level: 100%)
hash1000
Meterpreter botnet C2 server (confidence level: 100%)
hash443
Meterpreter botnet C2 server (confidence level: 75%)
hash8001
Aisuru botnet C2 server (confidence level: 75%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1234
Cobalt Strike botnet C2 server (confidence level: 100%)
hash801
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash3232
Mirai botnet C2 server (confidence level: 75%)
hash3232
Mirai botnet C2 server (confidence level: 75%)
hash3232
Mirai botnet C2 server (confidence level: 75%)
hash3232
Mirai botnet C2 server (confidence level: 75%)
hash3232
Mirai botnet C2 server (confidence level: 75%)
hash3232
Mirai botnet C2 server (confidence level: 75%)
hash25698
Mirai botnet C2 server (confidence level: 75%)
hash9231
Cobalt Strike botnet C2 server (confidence level: 100%)
hash18080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash9000
Sliver botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash4444
Venom RAT botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash9999
MimiKatz botnet C2 server (confidence level: 100%)
hash2113
Mirai botnet C2 server (confidence level: 75%)
hash2113
Mirai botnet C2 server (confidence level: 75%)
hash2113
Mirai botnet C2 server (confidence level: 75%)
hash2113
Mirai botnet C2 server (confidence level: 75%)
hash2222
Meterpreter botnet C2 server (confidence level: 100%)
hash39691
Mirai botnet C2 server (confidence level: 75%)
hash6666
ValleyRAT botnet C2 server (confidence level: 100%)
hash6669
ValleyRAT botnet C2 server (confidence level: 100%)
hash6666
ValleyRAT botnet C2 server (confidence level: 100%)
hash8080
DCRat botnet C2 server (confidence level: 75%)
hash7443
Unknown malware botnet C2 server (confidence level: 75%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash65530
Sliver botnet C2 server (confidence level: 75%)
hash8080
Sliver botnet C2 server (confidence level: 75%)
hash9696
XWorm botnet C2 server (confidence level: 100%)
hash58910
XWorm botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash3306
Sliver botnet C2 server (confidence level: 100%)
hash80
Sliver botnet C2 server (confidence level: 100%)
hash8443
Sliver botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8082
Hook botnet C2 server (confidence level: 100%)
hash8888
Quasar RAT botnet C2 server (confidence level: 100%)
hash443
DCRat botnet C2 server (confidence level: 100%)
hash50001
DCRat botnet C2 server (confidence level: 100%)
hash24
Kaiji botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash4000
Unknown malware botnet C2 server (confidence level: 100%)
hash4321
AdaptixC2 botnet C2 server (confidence level: 100%)
hash8001
Aisuru botnet C2 server (confidence level: 75%)
hash6000
XWorm botnet C2 server (confidence level: 75%)

Url

ValueDescriptionCopy
urlhttps://185.208.159.236/
Vidar botnet C2 (confidence level: 100%)
urlhttps://46.62.240.203/
Vidar botnet C2 (confidence level: 100%)
urlhttps://nuzzyservices.com/stb/pokerface/init.php?id=wnwze2mwrxps9djdvnuwfxb
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://202.182.102.83:8888/supershell/login/
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://fi.derayat.com/
Vidar botnet C2 (confidence level: 100%)
urlhttp://dll32s.lat/ms/login.php
Amadey botnet C2 (confidence level: 100%)
urlhttp://154.36.175.48:8888/supershell/login/
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://karma0.xyz/
LockBit botnet C2 (confidence level: 50%)
urlhttp://205.185.116.233/
LockBit botnet C2 (confidence level: 50%)
urlhttps://jakeislame.com/
Unknown malware payload delivery URL (confidence level: 90%)
urlhttp://45.61.150.98:8888/supershell/login/
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://fidestecnologias.com.ve/
Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://aalvesimoveisrp.com.br/
Unknown malware payload delivery URL (confidence level: 90%)
urlhttp://103.163.208.184:8888/supershell/login/
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://103.163.208.229:8888/supershell/login/
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://77.90.60.32/n.txt
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://ang.panda-agile.top/
SpyNote botnet C2 (confidence level: 50%)
urlhttps://lhbssl.top/
SpyNote botnet C2 (confidence level: 50%)
urlhttp://161.248.200.24/
Hook botnet C2 (confidence level: 50%)
urlhttps://dll32s.lat/ms/login.php
Amadey botnet C2 (confidence level: 50%)
urlhttps://madhav.in.net/
DCRat botnet C2 (confidence level: 50%)
urlhttps://munafa.co.com/
DCRat botnet C2 (confidence level: 50%)
urlhttps://zcsb.sa.com/
DCRat botnet C2 (confidence level: 50%)
urlhttp://towerbingobongoboom.com:8080/updater?for=98e8c3b93686f9de911760136efeed63
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://spinalpaca.com/evitefilemanage/windows/invite.php
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://uaipharma.com/excel/windows/invite.php
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://zoom.montenegrojc.com/meet/windows/invite.php
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://zoom-meeting-049953.pages.dev
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://motchillfm.tv
vanillarat botnet C2 (confidence level: 100%)
urlhttps://tvhay5.org
vanillarat botnet C2 (confidence level: 100%)
urlhttp://towerbingobongoboom.com:8080/updater?for=dfab1b3374393d35a39a68880517ba8c
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://47.242.4.97:443/k2tl
Cobalt Strike botnet C2 (confidence level: 75%)

Domain

ValueDescriptionCopy
domainalza7f.localto.net
Quasar RAT botnet C2 domain (confidence level: 100%)
domainfi.derayat.com
Vidar botnet C2 domain (confidence level: 100%)
domaincontent-distribution-v2.pro
Stealc botnet C2 domain (confidence level: 100%)
domainh1.f2rcegro0m.ru
ClearFake payload delivery domain (confidence level: 100%)
domainmist.f2rcegro0m.ru
ClearFake payload delivery domain (confidence level: 100%)
domaindmh.f2rcegro0m.ru
ClearFake payload delivery domain (confidence level: 100%)
domaindll32s.lat
Amadey botnet C2 domain (confidence level: 50%)
domain6uyj.ind1sset5.ru
ClearFake payload delivery domain (confidence level: 100%)
domaincrystal.ind1sset5.ru
ClearFake payload delivery domain (confidence level: 100%)
domaina8.ind1sset5.ru
ClearFake payload delivery domain (confidence level: 100%)
domainsun.ind1sset5.ru
ClearFake payload delivery domain (confidence level: 100%)
domainkx.c7ucifto1nov.ru
ClearFake payload delivery domain (confidence level: 100%)
domaindelta.c7ucifto1nov.ru
ClearFake payload delivery domain (confidence level: 100%)
domainru3.c7ucifto1nov.ru
ClearFake payload delivery domain (confidence level: 100%)
domainthz.c7ucifto1nov.ru
ClearFake payload delivery domain (confidence level: 100%)
domain20.hea1t5ultan.ru
ClearFake payload delivery domain (confidence level: 100%)
domainc27.hea1t5ultan.ru
ClearFake payload delivery domain (confidence level: 100%)
domaint7z.hea1t5ultan.ru
ClearFake payload delivery domain (confidence level: 100%)
domaincrest.hea1t5ultan.ru
ClearFake payload delivery domain (confidence level: 100%)
domain6a.not0r5atush.ru
ClearFake payload delivery domain (confidence level: 100%)
domainwwt.not0r5atush.ru
ClearFake payload delivery domain (confidence level: 100%)
domainuxsplooler.online
Cobalt Strike botnet C2 domain (confidence level: 75%)
domain1s.not0r5atush.ru
ClearFake payload delivery domain (confidence level: 100%)
domainbkj3.not0r5atush.ru
ClearFake payload delivery domain (confidence level: 100%)
domainspc.jp.net
Quasar RAT botnet C2 domain (confidence level: 100%)
domainmalware.spc.jp.net
Quasar RAT botnet C2 domain (confidence level: 100%)
domainphishing.spc.jp.net
Quasar RAT botnet C2 domain (confidence level: 100%)
domaindeep.in0cubwal1.ru
ClearFake payload delivery domain (confidence level: 100%)
domainbalajibalamurugan.in.net
AsyncRAT botnet C2 domain (confidence level: 100%)
domainvbor.in0cubwal1.ru
ClearFake payload delivery domain (confidence level: 100%)
domainstorm.in0cubwal1.ru
ClearFake payload delivery domain (confidence level: 100%)
domainxbex.in0cubwal1.ru
ClearFake payload delivery domain (confidence level: 100%)
domain5gz.inc1inedn0n.ru
ClearFake payload delivery domain (confidence level: 100%)
domain4t2.inc1inedn0n.ru
ClearFake payload delivery domain (confidence level: 100%)
domainforest.inc1inedn0n.ru
ClearFake payload delivery domain (confidence level: 100%)
domainddu2.inc1inedn0n.ru
ClearFake payload delivery domain (confidence level: 100%)
domainxrw.sc0rp5koroh.ru
ClearFake payload delivery domain (confidence level: 100%)
domain1ikx.sc0rp5koroh.ru
ClearFake payload delivery domain (confidence level: 100%)
domainvector.sc0rp5koroh.ru
ClearFake payload delivery domain (confidence level: 100%)
domainn5uw1.sc0rp5koroh.ru
ClearFake payload delivery domain (confidence level: 100%)
domainwgig.tr2ct0rbuild.ru
ClearFake payload delivery domain (confidence level: 100%)
domainzk.tr2ct0rbuild.ru
ClearFake payload delivery domain (confidence level: 100%)
domainnight.tr2ct0rbuild.ru
ClearFake payload delivery domain (confidence level: 100%)
domainbeta.tr2ct0rbuild.ru
ClearFake payload delivery domain (confidence level: 100%)
domainjy3j.c0nden5easy.ru
ClearFake payload delivery domain (confidence level: 100%)
domaininsidious764-41058.portmap.host
XWorm botnet C2 domain (confidence level: 100%)
domainwegame.sytes.net
ValleyRAT botnet C2 domain (confidence level: 100%)
domain74.c0nden5easy.ru
ClearFake payload delivery domain (confidence level: 100%)
domain40p9e.c0nden5easy.ru
ClearFake payload delivery domain (confidence level: 100%)
domaint0.c0nden5easy.ru
ClearFake payload delivery domain (confidence level: 100%)
domainocb.po0f5hleika.ru
ClearFake payload delivery domain (confidence level: 100%)
domainbcev3.po0f5hleika.ru
ClearFake payload delivery domain (confidence level: 100%)
domainember.po0f5hleika.ru
ClearFake payload delivery domain (confidence level: 100%)
domaingamma.po0f5hleika.ru
ClearFake payload delivery domain (confidence level: 100%)
domainvti.c2nce1rarity.ru
ClearFake payload delivery domain (confidence level: 100%)
domaingix.c2nce1rarity.ru
ClearFake payload delivery domain (confidence level: 100%)
domainriver.c2nce1rarity.ru
ClearFake payload delivery domain (confidence level: 100%)
domain6c.c2nce1rarity.ru
ClearFake payload delivery domain (confidence level: 100%)
domainomega.ba7bdecep.ru
ClearFake payload delivery domain (confidence level: 100%)
domain56h.ba7bdecep.ru
ClearFake payload delivery domain (confidence level: 100%)
domainmotchilltv.bot
Quasar RAT botnet C2 domain (confidence level: 75%)
domainv2.motchilltv.bot
Quasar RAT botnet C2 domain (confidence level: 75%)
domainv3.motchilltv.bot
Quasar RAT botnet C2 domain (confidence level: 75%)
domainmotphimchillz.uk
AsyncRAT botnet C2 domain (confidence level: 100%)
domainv3.motphimchillz.uk
AsyncRAT botnet C2 domain (confidence level: 100%)
domainv2.www.cascaderelief.org
DCRat botnet C2 domain (confidence level: 50%)
domainv3.www.cascaderelief.org
DCRat botnet C2 domain (confidence level: 50%)
domainindustrial-listed.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainanimals-geology.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainebay-worked.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaintwistz69-34948.portmap.host
XWorm botnet C2 domain (confidence level: 100%)
domain5.tcp.ngrok.io
XWorm botnet C2 domain (confidence level: 100%)
domaindifferent-ncaa.gl.at.ply.gg
AsyncRAT botnet C2 domain (confidence level: 100%)
domaintayronasuites.com
Havoc botnet C2 domain (confidence level: 100%)
domainmccousins.com
Havoc botnet C2 domain (confidence level: 100%)
domainwww.taxpro-ca.mrgadget.net
Havoc botnet C2 domain (confidence level: 100%)
domainazurecloudteam.com
Havoc botnet C2 domain (confidence level: 100%)
domain10.mylitapp.com
Havoc botnet C2 domain (confidence level: 100%)
domainuk3.mylitapp.com
Havoc botnet C2 domain (confidence level: 100%)
domainbagusdominoqq.net
Havoc botnet C2 domain (confidence level: 100%)
domainwww.allstararena.com
Havoc botnet C2 domain (confidence level: 100%)
domainmarydunncauleymosaics.com
Havoc botnet C2 domain (confidence level: 100%)
domainwww.lockyloadcollectibles.com
Havoc botnet C2 domain (confidence level: 100%)
domainb.yedekcioto.com
Havoc botnet C2 domain (confidence level: 100%)
domainwakuwaku.online
Havoc botnet C2 domain (confidence level: 100%)
domainmail.maureenmorrow.com
Havoc botnet C2 domain (confidence level: 100%)
domain21.mylitapp.com
Havoc botnet C2 domain (confidence level: 100%)
domain11.mylitapp.com
Havoc botnet C2 domain (confidence level: 100%)
domainmail.winecountrytrailriding.com
Havoc botnet C2 domain (confidence level: 100%)
domainmuscat4d.com
Havoc botnet C2 domain (confidence level: 100%)
domaintaingment.com
Havoc botnet C2 domain (confidence level: 100%)
domainbpy.is
Mirai payload delivery domain (confidence level: 100%)
domainbrowgew.click
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainbaronns.click
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainbeardop.click
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainbenelui.click
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainclasers.click
Lumma Stealer botnet C2 domain (confidence level: 75%)
domaincubablh.click
Lumma Stealer botnet C2 domain (confidence level: 75%)
domaincrossbp.click
Lumma Stealer botnet C2 domain (confidence level: 75%)
domaindiagcsl.click
Lumma Stealer botnet C2 domain (confidence level: 75%)
domaineastcxl.click
Lumma Stealer botnet C2 domain (confidence level: 75%)
domaindespinm.click
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainfoothbo.click
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainfootmas.click
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainhandpaw.click
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainmattykp.click
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainoldieeg.click
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainretreaw.click
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainseejuzd.click
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainsnakeig.click
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainwhitebt.click
Lumma Stealer botnet C2 domain (confidence level: 75%)
domainmotchillfm.tv
Quasar RAT botnet C2 domain (confidence level: 100%)
domaindid-renaissance.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domainwindowsnet.no-ip.org
CyberGate botnet C2 domain (confidence level: 100%)
domainmestre2.ddns.net
XWorm botnet C2 domain (confidence level: 75%)
domainganjar77.net
Havoc botnet C2 domain (confidence level: 100%)
domainnesiabet.com
Havoc botnet C2 domain (confidence level: 100%)
domainmawar500.net
Havoc botnet C2 domain (confidence level: 100%)
domainbrightway-tn.com
Havoc botnet C2 domain (confidence level: 100%)
domainstarjunky.com
Havoc botnet C2 domain (confidence level: 100%)
domaincmk.nebula.africa
Havoc botnet C2 domain (confidence level: 100%)

Threat ID: 6934c75dcc1a9ed479e7a1f7

Added to database: 12/7/2025, 12:16:29 AM

Last enriched: 12/7/2025, 12:16:43 AM

Last updated: 12/7/2025, 10:30:47 PM

Views: 12

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

Chinese State Hackers Use New BRICKSTORM Malware Against VMware Systems

Medium
MalwareSat Dec 06 2025

AutoIT3 Compiled Scripts Dropping Shellcodes, (Fri, Dec 5th)

Medium
MalwareSat Dec 06 2025

Targeted phishing - PDF documents / phishkit

Low
PhishingSat Dec 06 2025

ThreatFox IOCs for 2025-12-05

Medium
MalwareSat Dec 06 2025

US Organizations Warned of Chinese Malware Used for Long-Term Persistence

Medium
MalwareFri Dec 05 2025

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats