ThreatFox IOCs for 2025-12-07
ThreatFox IOCs for 2025-12-07
AI Analysis
Technical Summary
The provided information pertains to a malware-related threat intelligence update published on December 7, 2025, sourced from the ThreatFox MISP feed. This update primarily consists of Indicators of Compromise (IOCs) intended for use in open-source intelligence (OSINT) operations. The threat is classified under categories including OSINT, payload delivery, and network activity, indicating that the malware involves mechanisms for delivering malicious payloads over networks and can be tracked through observable network behaviors. No specific affected software versions or products are listed, suggesting the threat is not tied to a particular vulnerability or software flaw but rather to general malware activity patterns. The absence of known exploits in the wild and the lack of available patches imply that this intelligence is more about detection and monitoring than immediate remediation. The technical details show a threat level of 2 (on an unspecified scale), with moderate distribution (3) and minimal analysis (1), indicating that while the threat is recognized, it may not be fully analyzed or widespread at this time. The medium severity rating reflects a moderate risk, likely due to the potential for payload delivery and network compromise if the malware is deployed. The lack of CWEs and detailed indicators limits the ability to perform targeted defensive actions but highlights the importance of integrating these IOCs into existing threat detection frameworks. Overall, this intelligence update serves as a proactive measure to enhance situational awareness and prepare defenses against potential malware campaigns that could leverage these indicators in the future.
Potential Impact
For European organizations, the impact of this threat is currently moderate due to the absence of active exploitation or known widespread attacks. However, the presence of malware-related IOCs related to payload delivery and network activity suggests potential risks including unauthorized access, data exfiltration, or disruption of services if the malware is successfully deployed. Organizations with extensive network infrastructure or those in critical sectors such as finance, energy, and government could face increased risk if attackers leverage these indicators to craft targeted campaigns. The lack of specific affected software versions means the threat could be broad and opportunistic, affecting diverse environments. The medium severity rating implies that while immediate damage may be limited, failure to incorporate these IOCs into detection systems could allow malware to persist undetected, leading to longer-term confidentiality, integrity, or availability issues. European entities should remain vigilant, especially those with high-value data or critical infrastructure, as the threat could evolve or be combined with other attack vectors. The absence of patches or fixes means mitigation relies heavily on detection and response capabilities rather than vulnerability remediation.
Mitigation Recommendations
European organizations should integrate the provided IOCs into their Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities. Network monitoring should focus on unusual payload delivery patterns and anomalous network activity consistent with malware behavior. Employing threat hunting exercises using these IOCs can help identify early signs of compromise. Organizations should ensure that network segmentation and least privilege principles are enforced to limit malware propagation. Regularly updating and tuning intrusion detection/prevention systems (IDS/IPS) to recognize behaviors associated with the indicators is critical. Since no patches are available, emphasis should be placed on user awareness training to reduce the risk of initial infection vectors such as phishing. Backup and recovery plans should be tested to mitigate potential impacts of payload execution. Collaboration with national Computer Security Incident Response Teams (CSIRTs) and sharing intelligence within European cybersecurity communities can improve collective defense. Finally, maintaining up-to-date asset inventories and conducting vulnerability assessments will help identify and protect critical systems that could be targeted.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- url: https://tizambia.org.zm/2025/03/civil-society-position-on-the-proposed-constitutional-amendment-process/
- url: https://www.1c-bitrix-perenos.adm-center.ru/
- url: https://1c-bitrix-perenos.adm-center.ru/
- url: https://sfmonte.com/accelerator/auth.token.js
- url: https://sfmonte.com/accelerator/handler.php
- url: https://ritualex.com/accelerator/auth.token.js
- domain: ritualex.com
- url: https://ritualex.com/accelerator/handler.php
- file: 182.114.203.74
- hash: 5873
- file: 122.10.52.27
- hash: 8888
- file: 104.233.162.77
- hash: 2053
- file: 168.245.200.96
- hash: 3790
- file: 193.42.36.150
- hash: 80
- file: 154.12.16.29
- hash: 8888
- file: 41.43.193.247
- hash: 222
- file: 93.233.104.82
- hash: 51124
- file: 89.116.51.98
- hash: 7443
- file: 194.156.89.81
- hash: 30120
- file: 72.62.20.217
- hash: 443
- file: 102.98.105.53
- hash: 443
- file: 143.92.56.248
- hash: 1080
- domain: g7cnfrcns.localto.net
- domain: yopaxif225-50693.portmap.host
- file: 121.43.251.169
- hash: 8888
- file: 117.72.199.157
- hash: 7443
- file: 164.90.209.246
- hash: 443
- file: 35.215.239.10
- hash: 80
- file: 117.72.199.157
- hash: 8888
- file: 62.164.177.30
- hash: 9000
- file: 62.60.179.219
- hash: 8089
- file: 185.196.10.199
- hash: 8443
- file: 103.177.47.118
- hash: 3790
- file: 159.0.15.208
- hash: 443
- file: 195.20.17.224
- hash: 443
- url: http://62.60.179.219/
- domain: bullstreetgourmetandmarket.lautrec.info
- domain: cagis.pandajogosgratis.com
- domain: cakhiatv.video
- domain: cakhiatv.watch
- domain: cakhiatvb.com
- domain: cakhiatvd.com
- domain: copenhagenclimatecouncil.com
- domain: dynamicsyntax.org
- domain: fieldblue.logocravings.com
- domain: fighterpilotuniversity.com
- domain: gatex.bullstreetgourmetandmarket.lautrec.info
- domain: gatex.cagis.pandajogosgratis.com
- domain: gatex.cakhiatv.video
- domain: gatex.cakhiatv.watch
- domain: gatex.cakhiatvb.com
- domain: gatex.cakhiatvd.com
- domain: gatex.cakhiatvl.com
- domain: gatex.cakhiatvx.com
- domain: gatex.copenhagenclimatecouncil.com
- domain: gatex.dynamicsyntax.org
- domain: gatex.fieldblue.logocravings.com
- domain: gatex.fighterpilotuniversity.com
- domain: gatex.git.peteralanlloyd.com
- domain: gatex.graffitinyc.com
- domain: gatex.mail.richardstjohn.com
- domain: gatex.new.logocravings.com
- domain: gatex.nightmarerecords.com
- domain: gatex.pandajogosgratis.com
- domain: gatex.perdre-la-raison.com
- domain: gatex.peteralanlloyd.com
- domain: gatex.sitemaps.butchvoices.com
- domain: gatex.vosillustration.logocravings.com
- domain: gatex.workflows.edmdroid.com
- domain: gatex.www.atlbbqfest.com
- domain: gatex.www.everybodyeveryone.com
- domain: gatex.www.franksndawgs.com
- domain: gatex.www.iamerinbrown.info
- domain: gatex.www.mipatriaecuador.com
- domain: gatex.www.monitorduty.com
- domain: gatex.www.rogerperrybook.com
- domain: gatex.www.springhousepress.com
- domain: gatex.www.uwff.com
- domain: malware.f8bet.gr.com
- domain: multiplayer-games-online.pandajogosgratis.com
- domain: psynovareal.ddns.net
- url: https://shilohbn.ru.com
- domain: ditmemaytuimayau88ngu.shilohbn.ru.com
- domain: fuckgoogle.shilohbn.ru.com
- domain: google.shilohbn.ru.com
- domain: malware.shilohbn.ru.com
- domain: porn.shilohbn.ru.com
- domain: sex.shilohbn.ru.com
- domain: v2.www.brainspinesurgery.com
- domain: v3.www.brainspinesurgery.com
- domain: bikolasdikolertaa.com
- domain: tokaritokloiuer.com
- domain: amicostrevelkrot.com
- domain: archikobalkrtiloka.com
- domain: apekafilokreilosaka.com
- domain: mousycyminays.com
- domain: sqwqwasresbkng.com
- file: 43.240.30.142
- hash: 8081
- file: 23.226.48.214
- hash: 7884
- file: 156.234.145.47
- hash: 7884
- file: 43.240.30.130
- hash: 8081
- file: 23.235.179.102
- hash: 9231
- file: 47.109.130.74
- hash: 8080
- file: 45.32.123.108
- hash: 443
- file: 162.243.28.13
- hash: 11887
- file: 92.118.112.194
- hash: 60000
- file: 121.40.146.238
- hash: 3333
- domain: karma0.xyz
- file: 205.185.116.233
- hash: 80
- domain: kfz4gvwg6.localto.net
- domain: www.envio25.xyz
- file: 45.88.186.253
- hash: 1000
- file: 186.169.59.54
- hash: 5061
- domain: library-med.gl.joinmc.link
- domain: children-gel.gl.at.ply.gg
- domain: dropctf.live
- file: 173.232.146.95
- hash: 7000
- file: 196.251.100.222
- hash: 4444
- domain: screenconnect.support
- domain: server1magazine.com
- domain: myexodus.app
- domain: hestiapanel.xyz
- url: http://195.133.9.204/skare.odd
- file: 172.86.91.7
- hash: 21
- file: 172.86.91.7
- hash: 8080
- file: 172.86.91.7
- hash: 9001
- file: 172.86.91.7
- hash: 9090
- domain: aalvesimoveisrp.com.br
- file: 154.6.197.37
- hash: 1999
- file: 103.231.14.104
- hash: 4333
- file: 88.210.14.152
- hash: 8443
- file: 94.249.175.8
- hash: 8443
- file: 144.124.243.39
- hash: 8443
- file: 138.226.236.41
- hash: 8443
- domain: happynewyear2.com
- domain: malware.happynewyear2.com
- file: 149.30.248.48
- hash: 81
- file: 208.87.203.60
- hash: 81
- file: 208.87.203.35
- hash: 81
- file: 180.76.141.175
- hash: 443
- file: 107.172.75.201
- hash: 8888
- file: 77.90.185.59
- hash: 9000
- file: 167.71.235.197
- hash: 7443
- file: 165.232.180.50
- hash: 7443
- file: 77.0.69.202
- hash: 7443
- file: 195.20.17.103
- hash: 7443
- file: 194.15.36.214
- hash: 1999
- url: http://8.137.171.139:6666/qlyg
- file: 8.138.226.170
- hash: 80
- file: 45.156.87.16
- hash: 39691
- file: 191.96.224.156
- hash: 1337
- domain: elecfrunn.digital
- domain: tegose9785-39193.portmap.host
- domain: jidwarf1-34676.portmap.host
- file: 176.113.73.167
- hash: 6000
- url: http://5.10.217.64
- file: 156.226.183.249
- hash: 2525
- file: 51.178.39.162
- hash: 1177
- file: 72.56.88.91
- hash: 443
- file: 198.176.61.178
- hash: 446
- file: 208.87.204.16
- hash: 81
- file: 208.87.205.17
- hash: 81
- file: 208.87.203.33
- hash: 81
- file: 208.87.203.28
- hash: 81
- file: 208.87.205.2
- hash: 81
- file: 208.87.203.8
- hash: 81
- file: 149.30.248.33
- hash: 81
- file: 208.87.205.49
- hash: 81
- file: 149.30.248.21
- hash: 81
- file: 149.30.248.16
- hash: 81
- file: 208.87.203.38
- hash: 81
- file: 208.87.203.56
- hash: 81
- file: 208.87.205.26
- hash: 81
- file: 149.30.248.53
- hash: 81
- file: 208.87.204.27
- hash: 81
- file: 213.176.16.206
- hash: 80
- file: 208.87.203.19
- hash: 81
- file: 149.30.248.44
- hash: 81
- file: 149.30.248.43
- hash: 81
- file: 208.87.204.9
- hash: 81
- file: 149.30.248.52
- hash: 81
- file: 208.87.205.52
- hash: 81
- file: 149.30.248.25
- hash: 81
- file: 208.87.205.56
- hash: 81
- file: 149.30.248.59
- hash: 81
- file: 206.119.190.78
- hash: 81
- file: 208.87.203.34
- hash: 81
- file: 208.87.203.16
- hash: 81
- file: 208.87.204.1
- hash: 81
- file: 208.87.204.56
- hash: 81
- file: 149.30.248.62
- hash: 81
- file: 149.30.248.50
- hash: 81
- file: 45.64.52.181
- hash: 443
- file: 45.64.52.161
- hash: 443
- file: 149.30.248.42
- hash: 81
- file: 213.199.41.106
- hash: 80
- file: 154.39.81.184
- hash: 80
- file: 176.117.68.140
- hash: 443
- file: 144.22.192.7
- hash: 8888
- file: 67.217.228.32
- hash: 8888
- file: 51.38.235.182
- hash: 4443
- file: 141.8.199.207
- hash: 80
- file: 2.59.135.75
- hash: 1111
- file: 154.37.219.249
- hash: 24
- file: 217.217.243.43
- hash: 80
- file: 209.141.59.190
- hash: 8080
- file: 196.75.122.30
- hash: 2222
- file: 100.91.154.84
- hash: 80
- file: 206.119.174.78
- hash: 6667
ThreatFox IOCs for 2025-12-07
Description
ThreatFox IOCs for 2025-12-07
AI-Powered Analysis
Technical Analysis
The provided information pertains to a malware-related threat intelligence update published on December 7, 2025, sourced from the ThreatFox MISP feed. This update primarily consists of Indicators of Compromise (IOCs) intended for use in open-source intelligence (OSINT) operations. The threat is classified under categories including OSINT, payload delivery, and network activity, indicating that the malware involves mechanisms for delivering malicious payloads over networks and can be tracked through observable network behaviors. No specific affected software versions or products are listed, suggesting the threat is not tied to a particular vulnerability or software flaw but rather to general malware activity patterns. The absence of known exploits in the wild and the lack of available patches imply that this intelligence is more about detection and monitoring than immediate remediation. The technical details show a threat level of 2 (on an unspecified scale), with moderate distribution (3) and minimal analysis (1), indicating that while the threat is recognized, it may not be fully analyzed or widespread at this time. The medium severity rating reflects a moderate risk, likely due to the potential for payload delivery and network compromise if the malware is deployed. The lack of CWEs and detailed indicators limits the ability to perform targeted defensive actions but highlights the importance of integrating these IOCs into existing threat detection frameworks. Overall, this intelligence update serves as a proactive measure to enhance situational awareness and prepare defenses against potential malware campaigns that could leverage these indicators in the future.
Potential Impact
For European organizations, the impact of this threat is currently moderate due to the absence of active exploitation or known widespread attacks. However, the presence of malware-related IOCs related to payload delivery and network activity suggests potential risks including unauthorized access, data exfiltration, or disruption of services if the malware is successfully deployed. Organizations with extensive network infrastructure or those in critical sectors such as finance, energy, and government could face increased risk if attackers leverage these indicators to craft targeted campaigns. The lack of specific affected software versions means the threat could be broad and opportunistic, affecting diverse environments. The medium severity rating implies that while immediate damage may be limited, failure to incorporate these IOCs into detection systems could allow malware to persist undetected, leading to longer-term confidentiality, integrity, or availability issues. European entities should remain vigilant, especially those with high-value data or critical infrastructure, as the threat could evolve or be combined with other attack vectors. The absence of patches or fixes means mitigation relies heavily on detection and response capabilities rather than vulnerability remediation.
Mitigation Recommendations
European organizations should integrate the provided IOCs into their Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities. Network monitoring should focus on unusual payload delivery patterns and anomalous network activity consistent with malware behavior. Employing threat hunting exercises using these IOCs can help identify early signs of compromise. Organizations should ensure that network segmentation and least privilege principles are enforced to limit malware propagation. Regularly updating and tuning intrusion detection/prevention systems (IDS/IPS) to recognize behaviors associated with the indicators is critical. Since no patches are available, emphasis should be placed on user awareness training to reduce the risk of initial infection vectors such as phishing. Backup and recovery plans should be tested to mitigate potential impacts of payload execution. Collaboration with national Computer Security Incident Response Teams (CSIRTs) and sharing intelligence within European cybersecurity communities can improve collective defense. Finally, maintaining up-to-date asset inventories and conducting vulnerability assessments will help identify and protect critical systems that could be targeted.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- a9cc1270-02f4-478d-8d86-03c6368cb9bd
- Original Timestamp
- 1765152186
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://tizambia.org.zm/2025/03/civil-society-position-on-the-proposed-constitutional-amendment-process/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://www.1c-bitrix-perenos.adm-center.ru/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://1c-bitrix-perenos.adm-center.ru/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://sfmonte.com/accelerator/auth.token.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://sfmonte.com/accelerator/handler.php | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://ritualex.com/accelerator/auth.token.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://ritualex.com/accelerator/handler.php | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttp://62.60.179.219/ | Hook botnet C2 (confidence level: 50%) | |
urlhttps://shilohbn.ru.com | DCRat botnet C2 (confidence level: 50%) | |
urlhttp://195.133.9.204/skare.odd | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://8.137.171.139:6666/qlyg | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://5.10.217.64 | Stealc botnet C2 (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainritualex.com | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domaing7cnfrcns.localto.net | XWorm botnet C2 domain (confidence level: 100%) | |
domainyopaxif225-50693.portmap.host | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainbullstreetgourmetandmarket.lautrec.info | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaincagis.pandajogosgratis.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaincakhiatv.video | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaincakhiatv.watch | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaincakhiatvb.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaincakhiatvd.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaincopenhagenclimatecouncil.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaindynamicsyntax.org | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainfieldblue.logocravings.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainfighterpilotuniversity.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.bullstreetgourmetandmarket.lautrec.info | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.cagis.pandajogosgratis.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.cakhiatv.video | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.cakhiatv.watch | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.cakhiatvb.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.cakhiatvd.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.cakhiatvl.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.cakhiatvx.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.copenhagenclimatecouncil.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.dynamicsyntax.org | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.fieldblue.logocravings.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.fighterpilotuniversity.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.git.peteralanlloyd.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.graffitinyc.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.mail.richardstjohn.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.new.logocravings.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.nightmarerecords.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.pandajogosgratis.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.perdre-la-raison.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.peteralanlloyd.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.sitemaps.butchvoices.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.vosillustration.logocravings.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.workflows.edmdroid.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.www.atlbbqfest.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.www.everybodyeveryone.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.www.franksndawgs.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.www.iamerinbrown.info | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.www.mipatriaecuador.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.www.monitorduty.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.www.rogerperrybook.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.www.springhousepress.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.www.uwff.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainmalware.f8bet.gr.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainmultiplayer-games-online.pandajogosgratis.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainpsynovareal.ddns.net | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainditmemaytuimayau88ngu.shilohbn.ru.com | DCRat botnet C2 domain (confidence level: 50%) | |
domainfuckgoogle.shilohbn.ru.com | DCRat botnet C2 domain (confidence level: 50%) | |
domaingoogle.shilohbn.ru.com | DCRat botnet C2 domain (confidence level: 50%) | |
domainmalware.shilohbn.ru.com | DCRat botnet C2 domain (confidence level: 50%) | |
domainporn.shilohbn.ru.com | DCRat botnet C2 domain (confidence level: 50%) | |
domainsex.shilohbn.ru.com | DCRat botnet C2 domain (confidence level: 50%) | |
domainv2.www.brainspinesurgery.com | DCRat botnet C2 domain (confidence level: 50%) | |
domainv3.www.brainspinesurgery.com | DCRat botnet C2 domain (confidence level: 50%) | |
domainbikolasdikolertaa.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domaintokaritokloiuer.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domainamicostrevelkrot.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domainarchikobalkrtiloka.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domainapekafilokreilosaka.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domainmousycyminays.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainsqwqwasresbkng.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainkarma0.xyz | LockBit botnet C2 domain (confidence level: 100%) | |
domainkfz4gvwg6.localto.net | XWorm botnet C2 domain (confidence level: 100%) | |
domainwww.envio25.xyz | Remcos botnet C2 domain (confidence level: 50%) | |
domainlibrary-med.gl.joinmc.link | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainchildren-gel.gl.at.ply.gg | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaindropctf.live | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainscreenconnect.support | XWorm botnet C2 domain (confidence level: 100%) | |
domainserver1magazine.com | XWorm botnet C2 domain (confidence level: 100%) | |
domainmyexodus.app | XWorm botnet C2 domain (confidence level: 100%) | |
domainhestiapanel.xyz | XWorm botnet C2 domain (confidence level: 100%) | |
domainaalvesimoveisrp.com.br | Unknown Stealer payload delivery domain (confidence level: 50%) | |
domainhappynewyear2.com | Quasar RAT botnet C2 domain (confidence level: 75%) | |
domainmalware.happynewyear2.com | Quasar RAT botnet C2 domain (confidence level: 75%) | |
domainelecfrunn.digital | Unknown malware payload delivery domain (confidence level: 100%) | |
domaintegose9785-39193.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainjidwarf1-34676.portmap.host | XWorm botnet C2 domain (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file182.114.203.74 | Unknown malware botnet C2 server (confidence level: 100%) | |
file122.10.52.27 | Unknown malware botnet C2 server (confidence level: 100%) | |
file104.233.162.77 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file168.245.200.96 | Meterpreter botnet C2 server (confidence level: 100%) | |
file193.42.36.150 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.12.16.29 | Unknown malware botnet C2 server (confidence level: 100%) | |
file41.43.193.247 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file93.233.104.82 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file89.116.51.98 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.156.89.81 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file72.62.20.217 | Havoc botnet C2 server (confidence level: 100%) | |
file102.98.105.53 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file143.92.56.248 | FatalRat botnet C2 server (confidence level: 100%) | |
file121.43.251.169 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file117.72.199.157 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file164.90.209.246 | Sliver botnet C2 server (confidence level: 100%) | |
file35.215.239.10 | Sliver botnet C2 server (confidence level: 100%) | |
file117.72.199.157 | Unknown malware botnet C2 server (confidence level: 100%) | |
file62.164.177.30 | SectopRAT botnet C2 server (confidence level: 100%) | |
file62.60.179.219 | Hook botnet C2 server (confidence level: 100%) | |
file185.196.10.199 | Havoc botnet C2 server (confidence level: 100%) | |
file103.177.47.118 | Meterpreter botnet C2 server (confidence level: 100%) | |
file159.0.15.208 | QakBot botnet C2 server (confidence level: 75%) | |
file195.20.17.224 | Sliver botnet C2 server (confidence level: 75%) | |
file43.240.30.142 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.48.214 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.145.47 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.30.130 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.235.179.102 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.109.130.74 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.32.123.108 | Sliver botnet C2 server (confidence level: 90%) | |
file162.243.28.13 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file92.118.112.194 | Unknown malware botnet C2 server (confidence level: 100%) | |
file121.40.146.238 | Unknown malware botnet C2 server (confidence level: 100%) | |
file205.185.116.233 | LockBit botnet C2 server (confidence level: 100%) | |
file45.88.186.253 | Remcos botnet C2 server (confidence level: 50%) | |
file186.169.59.54 | Remcos botnet C2 server (confidence level: 100%) | |
file173.232.146.95 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.100.222 | XWorm botnet C2 server (confidence level: 100%) | |
file172.86.91.7 | Meterpreter botnet C2 server (confidence level: 75%) | |
file172.86.91.7 | Meterpreter botnet C2 server (confidence level: 75%) | |
file172.86.91.7 | Meterpreter botnet C2 server (confidence level: 75%) | |
file172.86.91.7 | Meterpreter botnet C2 server (confidence level: 75%) | |
file154.6.197.37 | Mirai botnet C2 server (confidence level: 80%) | |
file103.231.14.104 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file88.210.14.152 | Mirai botnet C2 server (confidence level: 75%) | |
file94.249.175.8 | Mirai botnet C2 server (confidence level: 75%) | |
file144.124.243.39 | Mirai botnet C2 server (confidence level: 75%) | |
file138.226.236.41 | Mirai botnet C2 server (confidence level: 75%) | |
file149.30.248.48 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file208.87.203.60 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file208.87.203.35 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file180.76.141.175 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.172.75.201 | Unknown malware botnet C2 server (confidence level: 100%) | |
file77.90.185.59 | SectopRAT botnet C2 server (confidence level: 100%) | |
file167.71.235.197 | Unknown malware botnet C2 server (confidence level: 100%) | |
file165.232.180.50 | Unknown malware botnet C2 server (confidence level: 100%) | |
file77.0.69.202 | Unknown malware botnet C2 server (confidence level: 100%) | |
file195.20.17.103 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.15.36.214 | Mirai botnet C2 server (confidence level: 80%) | |
file8.138.226.170 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file45.156.87.16 | Mirai botnet C2 server (confidence level: 75%) | |
file191.96.224.156 | XWorm botnet C2 server (confidence level: 100%) | |
file176.113.73.167 | XWorm botnet C2 server (confidence level: 100%) | |
file156.226.183.249 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file51.178.39.162 | XWorm botnet C2 server (confidence level: 100%) | |
file72.56.88.91 | Sliver botnet C2 server (confidence level: 75%) | |
file198.176.61.178 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file208.87.204.16 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file208.87.205.17 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file208.87.203.33 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file208.87.203.28 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file208.87.205.2 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file208.87.203.8 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.30.248.33 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file208.87.205.49 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.30.248.21 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.30.248.16 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file208.87.203.38 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file208.87.203.56 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file208.87.205.26 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.30.248.53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file208.87.204.27 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file213.176.16.206 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file208.87.203.19 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.30.248.44 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.30.248.43 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file208.87.204.9 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.30.248.52 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file208.87.205.52 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.30.248.25 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file208.87.205.56 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.30.248.59 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file206.119.190.78 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file208.87.203.34 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file208.87.203.16 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file208.87.204.1 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file208.87.204.56 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.30.248.62 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.30.248.50 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.64.52.181 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.64.52.161 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.30.248.42 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file213.199.41.106 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.39.81.184 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file176.117.68.140 | Sliver botnet C2 server (confidence level: 100%) | |
file144.22.192.7 | Unknown malware botnet C2 server (confidence level: 100%) | |
file67.217.228.32 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.38.235.182 | Unknown malware botnet C2 server (confidence level: 100%) | |
file141.8.199.207 | Havoc botnet C2 server (confidence level: 100%) | |
file2.59.135.75 | Venom RAT botnet C2 server (confidence level: 100%) | |
file154.37.219.249 | Kaiji botnet C2 server (confidence level: 100%) | |
file217.217.243.43 | MooBot botnet C2 server (confidence level: 100%) | |
file209.141.59.190 | Chaos botnet C2 server (confidence level: 100%) | |
file196.75.122.30 | Meterpreter botnet C2 server (confidence level: 100%) | |
file100.91.154.84 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file206.119.174.78 | ValleyRAT botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash5873 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2053 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash51124 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash30120 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash1080 | FatalRat botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash80 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash8443 | Havoc botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 75%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7884 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7884 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9231 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 90%) | |
hash11887 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | LockBit botnet C2 server (confidence level: 100%) | |
hash1000 | Remcos botnet C2 server (confidence level: 50%) | |
hash5061 | Remcos botnet C2 server (confidence level: 100%) | |
hash7000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4444 | XWorm botnet C2 server (confidence level: 100%) | |
hash21 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash8080 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash9001 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash9090 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash1999 | Mirai botnet C2 server (confidence level: 80%) | |
hash4333 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8443 | Mirai botnet C2 server (confidence level: 75%) | |
hash8443 | Mirai botnet C2 server (confidence level: 75%) | |
hash8443 | Mirai botnet C2 server (confidence level: 75%) | |
hash8443 | Mirai botnet C2 server (confidence level: 75%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1999 | Mirai botnet C2 server (confidence level: 80%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash39691 | Mirai botnet C2 server (confidence level: 75%) | |
hash1337 | XWorm botnet C2 server (confidence level: 100%) | |
hash6000 | XWorm botnet C2 server (confidence level: 100%) | |
hash2525 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash1177 | XWorm botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 75%) | |
hash446 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash1111 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash24 | Kaiji botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash8080 | Chaos botnet C2 server (confidence level: 100%) | |
hash2222 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash6667 | ValleyRAT botnet C2 server (confidence level: 100%) |
Threat ID: 693618854a07f71cf64a70c4
Added to database: 12/8/2025, 12:15:01 AM
Last enriched: 12/8/2025, 12:15:14 AM
Last updated: 12/9/2025, 9:01:18 AM
Views: 15
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
ThreatFox IOCs for 2025-12-08
MediumChrimeraWire Trojan Targets Windows, Fakes Chrome Activity to Manipulate Search Rankings
MediumExperts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT
Medium⚡ Weekly Recap: USB Malware, React2Shell, WhatsApp Worms, AI IDE Bugs & More
MediumTelegram phishing and related activities
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.