Reconnecting to live updates…
ThreatFox IOCs for 2025-12-14
Severity: mediumType: malware
ThreatFox IOCs for 2025-12-14
AI Analysis
Technical Summary
The data describes a ThreatFox feed update containing Indicators of Compromise (IOCs) related to malware activities dated December 14, 2025. The threat is categorized under OSINT, payload delivery, and network activity, indicating that it is primarily focused on gathering and sharing intelligence about malware-related network behaviors and payloads. However, no specific affected products, versions, or vulnerabilities are listed, and there are no patches or known exploits associated with this entry. The threat level is rated as medium, with a threatLevel metric of 2 and distribution metric of 3, suggesting moderate dissemination but limited direct impact. The absence of concrete technical details, CWEs, or indicators limits the ability to assess the exact nature or vector of the threat. This entry appears to be an informational update from the ThreatFox MISP feed, which is an OSINT platform for sharing threat intelligence rather than a report of a new or active exploit. Therefore, it serves more as a situational awareness tool than an immediate security alert.
Potential Impact
Given the lack of specific affected systems, exploits, or vulnerabilities, the direct impact on European organizations is likely minimal. The information may assist security teams in enhancing their threat intelligence capabilities by updating IOC databases and improving detection of malware-related network activity. However, without actionable indicators or known exploits, the threat does not currently pose a significant risk to confidentiality, integrity, or availability of systems. European organizations relying on OSINT feeds like ThreatFox can benefit from this data to maintain situational awareness but should not expect immediate operational impact. The medium severity rating suggests a need for vigilance but not urgent remediation.
Mitigation Recommendations
Organizations should integrate ThreatFox IOCs into their existing threat intelligence platforms and security information and event management (SIEM) systems to enhance detection capabilities. Regularly updating IOC feeds and correlating them with internal logs can improve early warning of potential malware activity. Network monitoring should focus on unusual payload delivery patterns and suspicious network activity consistent with the categories described. Since no patches or specific vulnerabilities are identified, emphasis should be placed on maintaining robust endpoint protection, network segmentation, and anomaly detection. Security teams should also engage in continuous OSINT gathering and analysis to contextualize these IOCs within broader threat landscapes. Collaboration with national and European cybersecurity centers can provide additional insights and validation.
Indicators of Compromise
- url: https://exoduwallet.io/exodus.exe
- hash: 01dc573ef5281f437fc225ccb0b47e2b5a54802b6f43798137be90ca5ef3ca52
- url: https://sotavpn.shop/
- file: 109.123.227.146
- hash: 2404
- file: 31.56.27.19
- hash: 9000
- file: 3.85.108.239
- hash: 465
- file: 199.101.111.88
- hash: 3790
- file: 89.111.149.164
- hash: 443
- file: 13.213.128.58
- hash: 443
- domain: crum.ripplecask.ru
- domain: omega.ripplecask.ru
- domain: bmz0.ripplecask.ru
- domain: vx7.snareplum.ru
- domain: patch.snareplum.ru
- domain: hth.snareplum.ru
- domain: rfz.snareplum.ru
- domain: pkxq.gl1tchloam.ru
- domain: xc2i.gl1tchloam.ru
- domain: sp5.gl1tchloam.ru
- domain: fax.gl1tchloam.ru
- domain: trace.snare-plum.ru
- domain: paper.snare-plum.ru
- file: 45.13.225.72
- hash: 3778
- url: http://towerbingobongoboom.com:8080/updater?for=72cfa65519c25a05c2556fcc010387fc
- domain: qfbmr.snare-plum.ru
- domain: tvlounge.aw
- domain: associacaodejudosi.org
- domain: asos1.net
- domain: h4o.snare-plum.ru
- domain: nova.v0lticrum.ru
- domain: v7rg.v0lticrum.ru
- domain: vjsjr.v0lticrum.ru
- domain: microsoft.shopmzx.in.net
- domain: verify.shopmzx.in.net
- domain: orbit.v0lticrum.ru
- domain: d6gu.ripple-cask.ru
- domain: 75z.ripple-cask.ru
- domain: glitch.ripple-cask.ru
- domain: ajpl.ripple-cask.ru
- domain: beta.kettlewisp.ru
- file: 156.234.145.52
- hash: 8712
- file: 156.234.101.168
- hash: 8712
- file: 149.104.30.242
- hash: 20443
- file: 154.222.18.152
- hash: 8888
- file: 107.172.31.101
- hash: 9918
- file: 178.16.53.119
- hash: 8888
- file: 54.169.194.248
- hash: 7443
- file: 199.101.109.57
- hash: 3790
- file: 139.59.116.230
- hash: 443
- domain: r2k.kettlewisp.ru
- domain: 89pdo.kettlewisp.ru
- domain: ejt0w.kettlewisp.ru
- domain: cask.kettle-wisp.ru
- domain: odd.kettle-wisp.ru
- domain: fizz.kettle-wisp.ru
- url: https://smtp.xn--80adx0bza.xn--80aphgvco4b.xn--p1ai/
- url: https://theinvestworthy.com/
- domain: mix.kettle-wisp.ru
- file: 91.238.104.82
- hash: 1604
- domain: ch.stormf0x.ru
- domain: storm.stormf0x.ru
- domain: mint.stormf0x.ru
- domain: cloud.stormf0x.ru
- domain: repositorylinux.site
- domain: 84u.softmint.ru
- domain: 4tqikdkjp.localto.net
- file: 87.242.106.13
- hash: 1488
- domain: hellober-62592.portmap.host
- domain: soft.softmint.ru
- domain: y4uhk.softmint.ru
- domain: wkt.softmint.ru
- domain: qtf.raincr5st.ru
- file: 62.146.175.106
- hash: 60010
- domain: mizh.raincr5st.ru
- domain: wave.raincr5st.ru
- domain: romeroaktorpalimpsest.com
- url: https://romeroaktorpalimpsest.com/16836-near-war-veteran-memorial-park
- domain: relays.buziopoasbubu.top
- domain: app.buziopoasbubu.top
- domain: clothcrib.xyz
- domain: ricestar.xyz
- domain: 9q.raincr5st.ru
- domain: yminsgdb.cn
- file: 16.163.15.152
- hash: 5676
- file: 213.209.143.76
- hash: 18129
- file: 87.121.84.60
- hash: 9772
- domain: myrepis.gd
- domain: 5nr.deepcl0ud.ru
- domain: wind.deepcl0ud.ru
- domain: wqu5.deepcl0ud.ru
- url: https://steamcommunity.com/profiles/76561199877608270/
- file: 159.65.222.92
- hash: 8001
- file: 111.231.11.55
- hash: 8888
- file: 39.104.81.39
- hash: 8081
- file: 115.190.238.185
- hash: 80
- file: 204.77.130.20
- hash: 8888
- url: http://w2li.xyz/health
- url: http://w2li.xyz/conn
- url: http://w2li.xyz/8f42fdde60222ec1.node
- url: http://w2li.xyz/uploads/09aeb1c5c233f36f.dll
- domain: w2li.xyz
- domain: mcx.deepcl0ud.ru
- domain: castlerocks.za.com
- domain: beta.bluef1re.ru
- file: 156.234.101.170
- hash: 8712
- file: 156.234.101.163
- hash: 8712
- file: 144.126.149.104
- hash: 20300
- file: 3.114.19.102
- hash: 80
- file: 103.177.47.147
- hash: 3790
- file: 54.83.104.76
- hash: 2405
- file: 45.93.20.50
- hash: 80
- domain: clear.bluef1re.ru
- domain: trace.bluef1re.ru
- domain: ember.bluef1re.ru
- domain: q5.wild5ky.ru
- file: 195.20.17.33
- hash: 8888
- domain: 63oi.wild5ky.ru
- domain: 13rv.wild5ky.ru
- domain: field.wild5ky.ru
- domain: gc31.windst0ne.ru
- domain: 556.windst0ne.ru
- domain: hfe.windst0ne.ru
- domain: po1y8.windst0ne.ru
- domain: lj.clearl1ne.ru
- domain: wt.clearl1ne.ru
- domain: nexus.clearl1ne.ru
- domain: ab.clearl1ne.ru
- domain: delta.rockstorm.ru
- domain: 5wnc.rockstorm.ru
- domain: mist.rockstorm.ru
- file: 156.234.216.177
- hash: 8712
- domain: crest.rockstorm.ru
- file: 181.214.100.68
- hash: 31337
- file: 1.55.101.190
- hash: 443
- file: 156.67.26.237
- hash: 80
- file: 173.212.250.92
- hash: 3333
- file: 34.136.172.215
- hash: 3333
- file: 188.119.123.91
- hash: 3333
- domain: 4n.darkbreeze.ru
- domain: hog.darkbreeze.ru
- domain: byte.darkbreeze.ru
- domain: jq.darkbreeze.ru
- url: http://nightlume.xyz/eternalpythonjavascript_linuxdownloads.php
- file: 193.161.193.99
- hash: 62143
- file: 66.49.168.90
- hash: 4782
- domain: rock.mistybyte.ru
- domain: s2eeka-62143.portmap.host
- domain: ellu2222-37691.portmap.host
- domain: n7xbtfikx.localto.net
- url: http://mail.revitpourtous.com:53/filestreamingservice/files/6ea77424-b4f6-4a77
- url: http://webmail.revitpourtous.com:53/filestreamingservice/files/6ea77424-b4f6-4a77
- file: 194.59.30.9
- hash: 8000
- file: 185.11.61.69
- hash: 9000
- file: 95.113.168.128
- hash: 7443
- domain: app.castlerocks.za.com
- domain: ekmeowprogram.ddns.net
- file: 5.255.103.171
- hash: 80
- file: 79.45.101.40
- hash: 4444
- file: 199.101.111.209
- hash: 3790
- domain: tq.mistybyte.ru
- domain: whx.mistybyte.ru
- domain: 6ifg.mistybyte.ru
- domain: cirrus.cloudv1be.ru
- domain: nimbus5.cloudv1be.ru
- file: 43.160.202.246
- hash: 443
- domain: altos.cloudv1be.ru
- domain: zen.cloudv1be.ru
- file: 193.161.193.99
- hash: 34712
- domain: delta.datash1ft.ru
- domain: stream3.datash1ft.ru
- domain: cache.datash1ft.ru
- domain: index.datash1ft.ru
- domain: shard.datash1ft.ru
- domain: byte.bytefl0w.ru
- domain: flux2.bytefl0w.ru
- domain: trace.bytefl0w.ru
- domain: nexus.bytefl0w.ru
- domain: herb.mintst0rm.ru
- domain: breeze.mintst0rm.ru
- domain: zeph1r.mintst0rm.ru
- domain: mesh.netw1ng.ru
- domain: link3.netw1ng.ru
- domain: hub.netw1ng.ru
- file: 193.161.193.99
- hash: 62104
- domain: route.netw1ng.ru
- domain: gust.windc0de.ru
- file: 183.136.132.66
- hash: 8080
- file: 44.252.85.168
- hash: 443
- file: 162.243.28.13
- hash: 11155
- file: 85.132.57.251
- hash: 4782
- file: 54.205.202.152
- hash: 808
- file: 34.229.140.12
- hash: 9200
- file: 34.229.140.12
- hash: 18100
- file: 34.229.140.12
- hash: 60000
- file: 34.229.140.12
- hash: 7000
- file: 34.229.140.12
- hash: 8000
- file: 139.59.116.230
- hash: 80
- domain: cycl1e.windc0de.ru
- domain: draft.windc0de.ru
- domain: squall.storml1nk.ru
- domain: bolt.storml1nk.ru
- domain: arc2.storml1nk.ru
- domain: crest.storml1nk.ru
- domain: strat.skytrac5.ru
- domain: glide.skytrac5.ru
- domain: apex4.skytrac5.ru
- domain: trail.skytrac5.ru
- file: 184.190.169.22
- hash: 4483
- domain: zeph.skytrac5.ru
- domain: silk.softdr1ve.ru
- domain: soulnxc-62104.portmap.host
- file: 209.74.71.43
- hash: 1337
- domain: grenki2005-34712.portmap.host
- domain: centre-instruction.gl.at.ply.gg
- domain: francaeso-ctrik-51614.portmap.host
- domain: 1.tcp.jp.ngrok.io
- file: 147.45.198.121
- hash: 8990
- domain: plush2.softdr1ve.ru
- domain: velvet.softdr1ve.ru
- domain: satin.softdr1ve.ru
- domain: rime.frostc0re.ru
- file: 181.214.100.68
- hash: 8888
- domain: hoar.frostc0re.ru
- file: 46.202.152.29
- hash: 33311
- file: 51.20.235.140
- hash: 443
- file: 75.2.19.211
- hash: 443
- file: 118.107.3.249
- hash: 3652
- domain: firn3.frostc0re.ru
- domain: chill.frostc0re.ru
- domain: cobalt.bluest0ne.ru
- domain: azure2.bluest0ne.ru
- domain: slate.bluest0ne.ru
- file: 91.92.34.48
- hash: 4782
- url: http://transmagistralcountysystem.info:8080/updater?for=0aa6b9f07a5b27b2069c137c69ec91eb
- domain: noir.darkp1xel.ru
- domain: gamma.darkp1xel.ru
- file: 23.235.188.181
- hash: 9812
- file: 23.235.163.219
- hash: 9812
- file: 103.48.135.195
- hash: 9812
- file: 43.240.239.246
- hash: 9812
- file: 156.234.152.175
- hash: 9812
- file: 103.48.135.198
- hash: 9812
- file: 23.235.174.10
- hash: 9812
- file: 23.235.174.18
- hash: 9812
- file: 103.48.135.217
- hash: 9812
- file: 43.240.239.252
- hash: 9812
- file: 23.235.163.209
- hash: 9812
- file: 156.234.152.176
- hash: 9812
- file: 216.92.60.88
- hash: 443
- domain: delta5.darkp1xel.ru
- domain: shade.darkp1xel.ru
- domain: noct.darkmint.ru
- domain: herb2.darkmint.ru
- url: http://10.2.10.224:80/jzsf
- domain: glade.darkmint.ru
- file: 132.145.75.68
- hash: 6597
- domain: frost.darkmint.ru
- domain: egqfg1ah2lbhoksjmxz30w==
- domain: ledge.cliffbright.ru
- domain: ridge3.cliffbright.ru
- domain: brink.cliffbright.ru
- domain: sun.cliffbright.ru
- domain: ember.f1restorm.ru
- domain: flare1.f1restorm.ru
- domain: squall.f1restorm.ru
- domain: ash.f1restorm.ru
- domain: delta.r1verdusk.ru
- domain: gloam.r1verdusk.ru
- domain: bend.r1verdusk.ru
- domain: hush2.r1verdusk.ru
- domain: malware.motchilltv.how
- domain: nazrej.sa.com
- domain: shade.shadowm1nt.ru
- domain: herb5.shadowm1nt.ru
- domain: basil.shadowm1nt.ru
- domain: noir.shadowm1nt.ru
- domain: arch.mistybr1dge.ru
- domain: span2.mistybr1dge.ru
ThreatFox IOCs for 2025-12-14
0
MediumPublished: Sun Dec 14 2025 (12/14/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-12-14
AI-Powered Analysis
AILast updated: 12/15/2025, 00:20:07 UTC
Technical Analysis
The data describes a ThreatFox feed update containing Indicators of Compromise (IOCs) related to malware activities dated December 14, 2025. The threat is categorized under OSINT, payload delivery, and network activity, indicating that it is primarily focused on gathering and sharing intelligence about malware-related network behaviors and payloads. However, no specific affected products, versions, or vulnerabilities are listed, and there are no patches or known exploits associated with this entry. The threat level is rated as medium, with a threatLevel metric of 2 and distribution metric of 3, suggesting moderate dissemination but limited direct impact. The absence of concrete technical details, CWEs, or indicators limits the ability to assess the exact nature or vector of the threat. This entry appears to be an informational update from the ThreatFox MISP feed, which is an OSINT platform for sharing threat intelligence rather than a report of a new or active exploit. Therefore, it serves more as a situational awareness tool than an immediate security alert.
Potential Impact
Given the lack of specific affected systems, exploits, or vulnerabilities, the direct impact on European organizations is likely minimal. The information may assist security teams in enhancing their threat intelligence capabilities by updating IOC databases and improving detection of malware-related network activity. However, without actionable indicators or known exploits, the threat does not currently pose a significant risk to confidentiality, integrity, or availability of systems. European organizations relying on OSINT feeds like ThreatFox can benefit from this data to maintain situational awareness but should not expect immediate operational impact. The medium severity rating suggests a need for vigilance but not urgent remediation.
Mitigation Recommendations
Organizations should integrate ThreatFox IOCs into their existing threat intelligence platforms and security information and event management (SIEM) systems to enhance detection capabilities. Regularly updating IOC feeds and correlating them with internal logs can improve early warning of potential malware activity. Network monitoring should focus on unusual payload delivery patterns and suspicious network activity consistent with the categories described. Since no patches or specific vulnerabilities are identified, emphasis should be placed on maintaining robust endpoint protection, network segmentation, and anomaly detection. Security teams should also engage in continuous OSINT gathering and analysis to contextualize these IOCs within broader threat landscapes. Collaboration with national and European cybersecurity centers can provide additional insights and validation.
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- f4391594-0b0e-48b2-989c-47bf8d115ba0
- Original Timestamp
- 1765756986
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://exoduwallet.io/exodus.exe | Unknown RAT payload delivery URL (confidence level: 100%) | |
urlhttps://sotavpn.shop/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttp://towerbingobongoboom.com:8080/updater?for=72cfa65519c25a05c2556fcc010387fc | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://smtp.xn--80adx0bza.xn--80aphgvco4b.xn--p1ai/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://theinvestworthy.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://romeroaktorpalimpsest.com/16836-near-war-veteran-memorial-park | Unknown Stealer botnet C2 (confidence level: 100%) | |
urlhttps://steamcommunity.com/profiles/76561199877608270/ | Unknown Stealer botnet C2 (confidence level: 100%) | |
urlhttp://w2li.xyz/health | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://w2li.xyz/conn | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://w2li.xyz/8f42fdde60222ec1.node | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://w2li.xyz/uploads/09aeb1c5c233f36f.dll | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://nightlume.xyz/eternalpythonjavascript_linuxdownloads.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://mail.revitpourtous.com:53/filestreamingservice/files/6ea77424-b4f6-4a77 | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://webmail.revitpourtous.com:53/filestreamingservice/files/6ea77424-b4f6-4a77 | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://transmagistralcountysystem.info:8080/updater?for=0aa6b9f07a5b27b2069c137c69ec91eb | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://10.2.10.224:80/jzsf | Cobalt Strike botnet C2 (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash01dc573ef5281f437fc225ccb0b47e2b5a54802b6f43798137be90ca5ef3ca52 | Unknown RAT payload (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash465 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3778 | Mirai botnet C2 server (confidence level: 80%) | |
hash8712 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8712 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9918 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1604 | NjRAT botnet C2 server (confidence level: 100%) | |
hash1488 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash60010 | XWorm botnet C2 server (confidence level: 100%) | |
hash5676 | ValleyRAT botnet C2 server (confidence level: 75%) | |
hash18129 | Mirai botnet C2 server (confidence level: 75%) | |
hash9772 | Mirai botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8712 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8712 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20300 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash2405 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash8712 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 90%) | |
hash443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash62143 | XWorm botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8000 | Sliver botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash4444 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash443 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash34712 | XWorm botnet C2 server (confidence level: 100%) | |
hash62104 | XWorm botnet C2 server (confidence level: 100%) | |
hash8080 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash11155 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash808 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash9200 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash18100 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash60000 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash7000 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash8000 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4483 | XWorm botnet C2 server (confidence level: 100%) | |
hash1337 | XWorm botnet C2 server (confidence level: 100%) | |
hash8990 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash33311 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash3652 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash9812 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9812 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9812 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9812 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9812 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9812 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9812 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9812 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9812 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9812 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9812 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9812 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6597 | XWorm botnet C2 server (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file109.123.227.146 | Remcos botnet C2 server (confidence level: 100%) | |
file31.56.27.19 | SectopRAT botnet C2 server (confidence level: 100%) | |
file3.85.108.239 | Meterpreter botnet C2 server (confidence level: 100%) | |
file199.101.111.88 | Meterpreter botnet C2 server (confidence level: 100%) | |
file89.111.149.164 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.213.128.58 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.13.225.72 | Mirai botnet C2 server (confidence level: 80%) | |
file156.234.145.52 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.101.168 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.104.30.242 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.222.18.152 | Unknown malware botnet C2 server (confidence level: 100%) | |
file107.172.31.101 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file178.16.53.119 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file54.169.194.248 | Unknown malware botnet C2 server (confidence level: 100%) | |
file199.101.109.57 | Meterpreter botnet C2 server (confidence level: 100%) | |
file139.59.116.230 | Unknown malware botnet C2 server (confidence level: 100%) | |
file91.238.104.82 | NjRAT botnet C2 server (confidence level: 100%) | |
file87.242.106.13 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file62.146.175.106 | XWorm botnet C2 server (confidence level: 100%) | |
file16.163.15.152 | ValleyRAT botnet C2 server (confidence level: 75%) | |
file213.209.143.76 | Mirai botnet C2 server (confidence level: 75%) | |
file87.121.84.60 | Mirai botnet C2 server (confidence level: 75%) | |
file159.65.222.92 | Aisuru botnet C2 server (confidence level: 75%) | |
file111.231.11.55 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.104.81.39 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file115.190.238.185 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file204.77.130.20 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.101.170 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.101.163 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file144.126.149.104 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file3.114.19.102 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
file103.177.47.147 | Meterpreter botnet C2 server (confidence level: 100%) | |
file54.83.104.76 | Meterpreter botnet C2 server (confidence level: 100%) | |
file45.93.20.50 | Unknown malware botnet C2 server (confidence level: 100%) | |
file195.20.17.33 | Sliver botnet C2 server (confidence level: 75%) | |
file156.234.216.177 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file181.214.100.68 | Sliver botnet C2 server (confidence level: 90%) | |
file1.55.101.190 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file156.67.26.237 | Unknown malware botnet C2 server (confidence level: 100%) | |
file173.212.250.92 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.136.172.215 | Unknown malware botnet C2 server (confidence level: 100%) | |
file188.119.123.91 | Unknown malware botnet C2 server (confidence level: 100%) | |
file193.161.193.99 | XWorm botnet C2 server (confidence level: 100%) | |
file66.49.168.90 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file194.59.30.9 | Sliver botnet C2 server (confidence level: 100%) | |
file185.11.61.69 | SectopRAT botnet C2 server (confidence level: 100%) | |
file95.113.168.128 | Unknown malware botnet C2 server (confidence level: 100%) | |
file5.255.103.171 | Bashlite botnet C2 server (confidence level: 100%) | |
file79.45.101.40 | Meterpreter botnet C2 server (confidence level: 100%) | |
file199.101.111.209 | Meterpreter botnet C2 server (confidence level: 100%) | |
file43.160.202.246 | Meterpreter botnet C2 server (confidence level: 75%) | |
file193.161.193.99 | XWorm botnet C2 server (confidence level: 100%) | |
file193.161.193.99 | XWorm botnet C2 server (confidence level: 100%) | |
file183.136.132.66 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file44.252.85.168 | Sliver botnet C2 server (confidence level: 100%) | |
file162.243.28.13 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file85.132.57.251 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file54.205.202.152 | Meterpreter botnet C2 server (confidence level: 100%) | |
file34.229.140.12 | Meterpreter botnet C2 server (confidence level: 100%) | |
file34.229.140.12 | Meterpreter botnet C2 server (confidence level: 100%) | |
file34.229.140.12 | Meterpreter botnet C2 server (confidence level: 100%) | |
file34.229.140.12 | Meterpreter botnet C2 server (confidence level: 100%) | |
file34.229.140.12 | Meterpreter botnet C2 server (confidence level: 100%) | |
file139.59.116.230 | Unknown malware botnet C2 server (confidence level: 100%) | |
file184.190.169.22 | XWorm botnet C2 server (confidence level: 100%) | |
file209.74.71.43 | XWorm botnet C2 server (confidence level: 100%) | |
file147.45.198.121 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file181.214.100.68 | Sliver botnet C2 server (confidence level: 75%) | |
file46.202.152.29 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file51.20.235.140 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file75.2.19.211 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file118.107.3.249 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file91.92.34.48 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file23.235.188.181 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.235.163.219 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.48.135.195 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.246 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.152.175 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.48.135.198 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.235.174.10 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.235.174.18 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.48.135.217 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.252 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.235.163.209 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.152.176 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file216.92.60.88 | Unknown malware botnet C2 server (confidence level: 100%) | |
file132.145.75.68 | XWorm botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domaincrum.ripplecask.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainomega.ripplecask.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbmz0.ripplecask.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainvx7.snareplum.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpatch.snareplum.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhth.snareplum.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrfz.snareplum.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpkxq.gl1tchloam.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainxc2i.gl1tchloam.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsp5.gl1tchloam.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfax.gl1tchloam.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintrace.snare-plum.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpaper.snare-plum.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqfbmr.snare-plum.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintvlounge.aw | Cobalt Strike botnet C2 domain (confidence level: 50%) | |
domainassociacaodejudosi.org | Cobalt Strike payload delivery domain (confidence level: 50%) | |
domainasos1.net | Cobalt Strike payload delivery domain (confidence level: 50%) | |
domainh4o.snare-plum.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnova.v0lticrum.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv7rg.v0lticrum.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainvjsjr.v0lticrum.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmicrosoft.shopmzx.in.net | DCRat botnet C2 domain (confidence level: 100%) | |
domainverify.shopmzx.in.net | DCRat botnet C2 domain (confidence level: 100%) | |
domainorbit.v0lticrum.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaind6gu.ripple-cask.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain75z.ripple-cask.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainglitch.ripple-cask.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainajpl.ripple-cask.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbeta.kettlewisp.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainr2k.kettlewisp.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain89pdo.kettlewisp.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainejt0w.kettlewisp.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincask.kettle-wisp.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainodd.kettle-wisp.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfizz.kettle-wisp.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmix.kettle-wisp.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainch.stormf0x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainstorm.stormf0x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmint.stormf0x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincloud.stormf0x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrepositorylinux.site | Unknown malware botnet C2 domain (confidence level: 100%) | |
domain84u.softmint.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain4tqikdkjp.localto.net | XWorm botnet C2 domain (confidence level: 100%) | |
domainhellober-62592.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainsoft.softmint.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainy4uhk.softmint.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwkt.softmint.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqtf.raincr5st.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmizh.raincr5st.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwave.raincr5st.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainromeroaktorpalimpsest.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainrelays.buziopoasbubu.top | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainapp.buziopoasbubu.top | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainclothcrib.xyz | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domainricestar.xyz | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domain9q.raincr5st.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainyminsgdb.cn | ValleyRAT botnet C2 domain (confidence level: 100%) | |
domainmyrepis.gd | Mirai botnet C2 domain (confidence level: 100%) | |
domain5nr.deepcl0ud.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwind.deepcl0ud.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwqu5.deepcl0ud.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainw2li.xyz | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainmcx.deepcl0ud.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincastlerocks.za.com | DCRat botnet C2 domain (confidence level: 100%) | |
domainbeta.bluef1re.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainclear.bluef1re.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintrace.bluef1re.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainember.bluef1re.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainq5.wild5ky.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain63oi.wild5ky.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain13rv.wild5ky.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfield.wild5ky.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingc31.windst0ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain556.windst0ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhfe.windst0ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpo1y8.windst0ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlj.clearl1ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwt.clearl1ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnexus.clearl1ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainab.clearl1ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindelta.rockstorm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain5wnc.rockstorm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmist.rockstorm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincrest.rockstorm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain4n.darkbreeze.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhog.darkbreeze.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbyte.darkbreeze.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjq.darkbreeze.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrock.mistybyte.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domains2eeka-62143.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainellu2222-37691.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainn7xbtfikx.localto.net | XWorm botnet C2 domain (confidence level: 100%) | |
domainapp.castlerocks.za.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainekmeowprogram.ddns.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaintq.mistybyte.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwhx.mistybyte.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain6ifg.mistybyte.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincirrus.cloudv1be.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnimbus5.cloudv1be.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainaltos.cloudv1be.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzen.cloudv1be.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindelta.datash1ft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainstream3.datash1ft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincache.datash1ft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainindex.datash1ft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainshard.datash1ft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbyte.bytefl0w.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainflux2.bytefl0w.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintrace.bytefl0w.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnexus.bytefl0w.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainherb.mintst0rm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbreeze.mintst0rm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzeph1r.mintst0rm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmesh.netw1ng.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlink3.netw1ng.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhub.netw1ng.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainroute.netw1ng.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingust.windc0de.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincycl1e.windc0de.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindraft.windc0de.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsquall.storml1nk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbolt.storml1nk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainarc2.storml1nk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincrest.storml1nk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainstrat.skytrac5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainglide.skytrac5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainapex4.skytrac5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintrail.skytrac5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzeph.skytrac5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsilk.softdr1ve.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsoulnxc-62104.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domaingrenki2005-34712.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domaincentre-instruction.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainfrancaeso-ctrik-51614.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domain1.tcp.jp.ngrok.io | XWorm botnet C2 domain (confidence level: 100%) | |
domainplush2.softdr1ve.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainvelvet.softdr1ve.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsatin.softdr1ve.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrime.frostc0re.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhoar.frostc0re.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfirn3.frostc0re.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainchill.frostc0re.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincobalt.bluest0ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainazure2.bluest0ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainslate.bluest0ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnoir.darkp1xel.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingamma.darkp1xel.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindelta5.darkp1xel.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainshade.darkp1xel.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnoct.darkmint.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainherb2.darkmint.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainglade.darkmint.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfrost.darkmint.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainegqfg1ah2lbhoksjmxz30w== | XWorm botnet C2 domain (confidence level: 75%) | |
domainledge.cliffbright.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainridge3.cliffbright.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbrink.cliffbright.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsun.cliffbright.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainember.f1restorm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainflare1.f1restorm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsquall.f1restorm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainash.f1restorm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindelta.r1verdusk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingloam.r1verdusk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbend.r1verdusk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhush2.r1verdusk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmalware.motchilltv.how | Quasar RAT botnet C2 domain (confidence level: 75%) | |
domainnazrej.sa.com | Quasar RAT botnet C2 domain (confidence level: 75%) | |
domainshade.shadowm1nt.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainherb5.shadowm1nt.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbasil.shadowm1nt.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnoir.shadowm1nt.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainarch.mistybr1dge.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainspan2.mistybr1dge.ru | ClearFake payload delivery domain (confidence level: 100%) |
Threat ID: 693f5421b0f1e1d5302e7a41
Added to database: 12/15/2025, 12:19:45 AM
Last enriched: 12/15/2025, 12:20:07 AM
Last updated: 12/15/2025, 5:58:17 AM
Views: 11
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
ThreatFox IOCs for 2025-12-13
MediumMalwareSun Dec 14 2025
BRICKSTORM Backdoor - MAR-251165.c1.v1
MediumUnknownSat Dec 13 2025
Fake Microsoft Teams and Google Meet Downloads Spread Oyster Backdoor
MediumMalwareSat Dec 13 2025
ThreatFox IOCs for 2025-12-12
MediumMalwareSat Dec 13 2025
Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads
MediumMalwareFri Dec 12 2025
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.