Reconnecting to live updates…
ThreatFox IOCs for 2025-12-15
Severity: mediumType: malware
ThreatFox IOCs for 2025-12-15
AI Analysis
Technical Summary
The ThreatFox IOCs for 2025-12-15 represent a set of indicators of compromise related to malware activities primarily involving OSINT (Open Source Intelligence) and network activity aimed at payload delivery. Although the exact malware family or variant is not specified, the categorization suggests the threat actors use publicly available intelligence to identify targets and deliver malicious payloads via network vectors. The absence of affected versions and known exploits in the wild indicates this is either a newly emerging threat or a collection of IOCs without confirmed active exploitation. The threat level and analysis scores are low to moderate, while distribution is relatively higher, implying these IOCs are being shared or observed across multiple environments but without confirmed widespread exploitation. The lack of patches and CWEs suggests this is not a vulnerability-based threat but rather a malware campaign or toolkit leveraging network reconnaissance and delivery mechanisms. The TLP:white tag indicates the information is intended for broad sharing, emphasizing the need for awareness and proactive defense. The technical details and absence of specific indicators limit detailed technical mitigation but highlight the importance of OSINT-driven threat intelligence in detecting and preventing payload delivery attempts.
Potential Impact
For European organizations, the primary impact of this threat lies in potential unauthorized network access and payload delivery that could compromise confidentiality and availability. Since the threat involves OSINT and network activity, attackers may leverage publicly available information to tailor attacks, increasing their success rate. Payload delivery could lead to malware infections, data exfiltration, or service disruptions. The absence of known exploits and patches suggests the threat is in reconnaissance or early delivery stages, but if successful, it could escalate to more severe impacts such as ransomware or data breaches. Organizations relying heavily on networked infrastructure and exposed services are at higher risk. The medium severity indicates moderate risk but warrants attention to prevent escalation. Disruption to critical infrastructure, financial institutions, and government agencies in Europe could have broader socio-economic consequences.
Mitigation Recommendations
European organizations should implement advanced network monitoring and anomaly detection to identify unusual payload delivery attempts and reconnaissance activities. Integrating OSINT-based threat intelligence feeds like ThreatFox into security information and event management (SIEM) systems can improve detection capabilities. Employ strict network segmentation and enforce least privilege access to limit lateral movement if payload delivery succeeds. Deploy next-generation firewalls and intrusion prevention systems with updated signatures to block known malicious payloads. Conduct regular threat hunting exercises focusing on network activity patterns associated with OSINT-driven attacks. Enhance employee awareness about social engineering and spear-phishing tactics that may accompany payload delivery. Since no patches are available, focus on hardening network defenses and timely incident response planning. Collaborate with national cybersecurity centers to share intelligence and coordinate defenses against emerging threats.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain
Indicators of Compromise
- url: http://94.156.119.187/pages/login.php
- domain: tvm-systems.uk.com
- domain: api.livesquare.uk.com
- domain: download.livesquare.uk.com
- domain: img.livesquare.uk.com
- domain: log.livesquare.uk.com
- domain: mail.livesquare.uk.com
- domain: trh.uk.com
- url: http://45.148.8.121:5000/supershell/login/
- file: 45.148.8.121
- hash: 5000
- url: https://euob.youstarsbuilding.com/sxp/i/636f8b858f681acb7bfa6f583a96630a.js
- url: https://obseu.youstarsbuilding.com/ns/636f8b858f681acb7bfa6f583a96630a.html?ch=adsdeli%20-%20iframe
- url: https://jewelryexchange.com
- file: 82.22.184.127
- hash: 3778
- url: https://annietello.com/
- file: 23.235.174.8
- hash: 9812
- file: 172.245.93.89
- hash: 2404
- file: 176.117.107.202
- hash: 2404
- file: 18.158.60.15
- hash: 9999
- domain: revounecses.run
- file: 179.95.160.102
- hash: 9990
- file: 217.60.249.120
- hash: 4321
- file: 23.105.252.167
- hash: 43211
- file: 199.101.111.47
- hash: 3790
- file: 3.34.125.22
- hash: 80
- domain: fog.mistybr1dge.ru
- domain: truss.mistybr1dge.ru
- file: 143.92.62.89
- hash: 6666
- domain: swift.rapidstone.ru
- domain: shard.rapidstone.ru
- domain: talus3.rapidstone.ru
- domain: scree.rapidstone.ru
- url: https://gaines-kg.jp/
- domain: ridge.rapidstone.ru
- domain: plush.s0ftcliff.ru
- domain: ledge2.s0ftcliff.ru
- domain: cush.s0ftcliff.ru
- domain: loam.s0ftcliff.ru
- domain: apex.cl0udcrest.ru
- file: 45.93.20.187
- hash: 80
- domain: alto3.cl0udcrest.ru
- domain: zenith.cl0udcrest.ru
- domain: nadir.cl0udcrest.ru
- domain: peak.cl0udcrest.ru
- domain: rime.frostb1te.ru
- domain: hoar2.frostb1te.ru
- domain: miov2iaiaoubqosiqoiajwowiwjso.online
- domain: mioisiskwowiwjowuwjwolab.club
- file: 196.251.107.97
- hash: 3000
- domain: gelid.frostb1te.ru
- domain: flurry4.frostb1te.ru
- domain: nip.frostb1te.ru
- domain: gust.windtrace.ru
- domain: trail3.windtrace.ru
- file: 2.59.219.26
- hash: 7000
- domain: zephyr.windtrace.ru
- domain: ns524280.ip-192-99-232.net
- file: 139.159.149.202
- hash: 443
- domain: dav131.duckdns.org
- file: 217.76.56.238
- hash: 2404
- file: 144.172.103.138
- hash: 443
- file: 144.172.103.138
- hash: 8080
- file: 62.164.177.103
- hash: 15647
- file: 62.164.177.104
- hash: 15647
- file: 89.110.122.152
- hash: 9000
- domain: nastwest.icu
- file: 103.177.46.40
- hash: 3790
- file: 199.101.111.98
- hash: 3790
- file: 3.82.249.160
- hash: 47001
- file: 44.211.123.84
- hash: 28131
- domain: loam.clears0il.ru
- domain: tilth2.clears0il.ru
- hash: 682ea50cbac6d4c47858bccf7baa7b356d85265e
- hash: d08c07e7a8a7ffeb5e3e1ee417ec7b292f00a72920768915bf964efce66d2482
- hash: 5c8bea324b7bb8a41976cc0e4b6c2dad
- hash: 457abbfc3fbca0a3e22cf1be695c94dc089236e6
- hash: c0fea10495f260c2343db21e874b691b594204773b84d5f50f8083e53810adfb
- hash: 847d65e755ad8d1dacc351b2e2a66ebd
- hash: 11e80251f14902a18b9b0786fd82f293760afa52
- hash: 639e0c6a4c6a4864c73ed5836bc9578cb5272d94d0b133d73b339cfcf8eced5f
- hash: 22f04c393c9030f346c45ba75a73b6fc
- hash: 0299e1f0b09a2f30212ee5c12961ae343a7b6e8b
- hash: f7ca7837683a7514cd991e5a0ab8dc4b1b7542d537284e6a131bf176dc6c08e7
- hash: d7f209c9a9742dccb2a09762dae861fa
- hash: 137dc99853dd8dfd9761096f65c06d623e609909
- hash: 95dedfab4877fe261b682619b51bd94b400d536906709b153097bef5fd2b76a2
- hash: c9df8aeb2bec09c26c75258dbf64b51b
- hash: 607ec6db92d3657bc781313ac12e50e5286e212f
- hash: 199ec99e17d06bc96ca6171960d31657dcc7f2ef57ee9e26054331848ef331cc
- hash: 69c79d91868ee1b9f38c9a0dcbadd935
- hash: 80b8e555707f18191205092a2bf430a4de4506bc
- hash: 6e2fb508779859da86754cea3a2a4b15e90d0df1f9695422080611b54826dc08
- hash: 2fa95cff02b6b16349a15a4225a2f8af
- hash: 4f1ebf9c9bdd24356d25b2569a660ce7b02ec207
- hash: 2b5cc5dedd93fd77ec4d8c28d26df606b16e6a5bdd3b88dd77be9e38f24a98b1
- hash: 19b066ed4fae241bf7e9f22bdf56f647
- hash: fccc34685256bd739c27f580f1a70b3d6adad0c3
- hash: 811471a5b0b641fb1f8e9e077f54f9f631022cb1f8372f2daca3323c7e7128d6
- hash: ee1bc9874ec99137e07baab2f998886c
- hash: 4b6e01ee353db0166a7c30f487ba6c70a6a2ddac
- hash: 06ae81461f1131c74dff539cb34bf30fcfd884a56b120294e00785137937f1c3
- hash: 1b6d1df27dc820ee833e545edb25e324
- hash: 31fc10911f34c7dacd1db3f02fc62107d71f60c4
- hash: 399b495b8e3088dd4e8ff8c2c2649d9cb154a1fcc2e8a26165869e307bcbe9b6
- hash: 9bb57c2ab14025c856918021a0ef249b
- hash: e138d10465c41a90e5a39a38d72089da488962cd
- hash: ffddc4f5595e677284025292315e3fcea6b4524e9007a60882f58630bc6535ca
- hash: 5b0d8d92cb6f8a37378a9c9a98994e3f
- hash: d968977dfacbd9529d39ff35dc9399a28ac1e3e3
- hash: 5c2458ab58bb10c023e9f88ed69d94c046501fce9e4181ea4a2e68ba458f07e4
- hash: 68907d77e716313680c8bbc247b8e69d
- hash: 837141eb5f3316149830e48aaf343f8bd6301d07
- hash: f0220c88bb98dd407c19bc29a473457144e0f573a6beb4a78ca78b943367f61d
- hash: 0f40be79ea1a15b0632bfd006a2981ae
- hash: 935b13e683e9070305c9aa7f43bcbf348c6513c4
- hash: 22340b89f926ff263bd94dbf8966b71afb1bb6c5618ecb593bc1e7b4566ece1a
- hash: a6c041503e8a1c81f85805f341e74a22
- hash: 9c8b0505d89551c815ef01d9260f33b85b73c9bf
- hash: 0985d2bd933aa5585e6454304a80ad2f32f8814d1d14add558038e033b482bdc
- hash: 3818e48805ab0dc54caaadffa943ad35
- hash: 7684910b8cf71402d58fe2ae3f03b179eec4078c
- hash: 05c944314d0c39b3f389a6ed36b5adc5f2d8521b5a1d9a82d2f36ab1acbbce87
- hash: 4e348eba565f9eb6f44ae698d23cb4b8
- hash: 484e71482deec8fea0efda19f82de7575ef75e25
- hash: 93134aade970be0e7e0e999a428bd326eb93f7dab054056024e973c231c14fc0
- hash: 5875acc94c099b35807ee696039a10d4
- hash: 2d3e9be7d533d4c39298a3e86670b2e3a75048a7
- hash: 03857d6a38ed27137ca01a06458b89cf8e4a91282494879700738af1ac3dbd6a
- hash: e64ee138457305a42952c5458dffb41f
- hash: 19c50f47b4bf659011a954e793853ae23e1b284e
- hash: bf4582cfd40d7826e478f3bdd861e815b82f4c5953a5d5f70b9762de7e50f51a
- hash: cb43f733b83699a4a8e65eea9430c47d
- hash: 2eb1f2a7a0f77c3c26489238e9cd1838592adbef
- hash: 17133fd671146d9cb9980c1e6e1798b75d84865f759d03203f010e1abcbbc977
- hash: 94ca3ce24c18427f84ee0b590670735a
- hash: 6b6165a2b1c223f62bf62570fb095ddfa87e2f9c
- hash: 5815e808c2b1aed48f52afa32f4203142c61aa9d3bed5fbe0e36a7b006d968e3
- hash: 3a8b08cf3a3f30d26869e8c8d40e96e6
- hash: 995e1179b42682030354017318a453e8c1c8d135
- hash: 7e9d3236eb6c30eaba04f7480a3b00aa2d0c990e101d120c11325e6b4faacdf8
- hash: e9852c0cf42165ae949ba7b7745c2d0e
- hash: 778a54c02276713bd0c4458bb9c6f5e961c2b818
- hash: cf990c07f431feebbb06b928ee77b2882f7753c47f315fbdcdfbb6467c40eca3
- hash: c185148ae90b947e36bcea6a70a653bc
- hash: a9cbe58a75f1fc9cfed96ebc03d6c31db81f36bf
- hash: d80566e89d6392f8154b95c81a8fa02ada707d6883497c8a264a7d465b3da622
- hash: 0b6d833a53f813296cd1d225ee9e0834
- hash: ede9704d231f2950a65e272362c6f3cc82521e5c
- hash: 1c38e3cda8ac6d79d9da40834367697a209c6b07e6b3ab93b3a4f375b161a901
- hash: 7002b9e747b3d92d6d52f291e911a7fc
- hash: c7fc692b4650356566b33414924475176328bd93
- hash: 14ed3878b6623c287283a8a80020f68e1cb6bfc37b236f33a95f3a64c4f4611f
- hash: 092864a16fff333b8a98b29eb0a06d6c
- hash: 626527138ef6fb83ef51fb67c68d01f27c176985
- hash: 76123bdf89c69344ccbf5a7770d92c40d49adcde963a9546054aa783fb6b581d
- hash: 72b77e7a8de1016a13900301d60f780a
- hash: 83dfd6089a4dd48d0ff3f6fdda9318d35f2e802e
- hash: c644ed1b336eeed612907a98494a73fe4b0179c8ee9336d98b2b2cf6818109c3
- hash: 19bcd537467e603961fc6a1b7371ee97
- hash: a39acb11266c8a5d99a115d9201ae478ef82bc50
- hash: 4f5c44f2ff5744910b23ba846a1cf3eddc95256aef8b4b1dbc5f02be3c3946fe
- hash: f659eba25efc7657d10ea90674a909de
- hash: c1f9b10bba80f309bbd6ccc9c9f6feefda38f530
- hash: 7d29db1cb4bc0e3308106c93fa20f983b28c6ce9bc45af1e341f3c510469b593
- hash: cf652361ca2f17e91d077b083b566e20
- hash: 0021263979729db7f5baab7c431dce730211a89cf7501a83eab43dd9f585cad5
- hash: 133a7866f62290cc81d02349b0758e53
- hash: 634a7306c5860aabb6c178722e7c8c4a5dd8bc6c
- hash: e4d13cb5c3dcb794f7464ae665fafa2390107672417b8203432a6646344e3895
- hash: 6159a711b535955d96695b3ece94acb4
- hash: d6a64bfa135586b196df15b636da8eba19977c35
- hash: e36f23a8fa59e0d256c28bb433e5e357fe43b5eb14651bc983ef9c043ed25cc2
- hash: ebdd73e4e7ca746e1ea6e8cccc4c0295
- hash: 52a717070c912085f64be346f1cd3ae04c6249f1
- hash: 9ecafea587089db9e4c582d52154fdaffe11bfc9c3352c8e65badae8c94215ff
- hash: 5d7d14945cd43b8b43a6dfc9bc22af4e
- hash: 0908f979655926ed925cad2497df7974d426a892
- hash: 55161713f2e89d48c6291a7213047de671b58b591f0487dc6795fab40f739de5
- hash: aaf0f26390a830eef3b8691d2a8e8917
- hash: d2b822bcddaf8e7349a7f9e8b14854c65f03ee8c
- hash: 0b7ebbb6e65892ff7434ef2cca5f60a8d0df8a8d0250ebd2dcde0d5af596f954
- hash: b0e6853cb1094abbaffda31e9924e406
- hash: 44047c10795073aaf8e19c332c2d609afec2181d
- hash: 90ea17ac6a4f81bec11e988df387eccf0f27d7ecd5bd486d009bed19028fa0da
- hash: 0a20ebb879c141b3d3017af7ea3d2f0d
- hash: 36ce73942c0206916b9eef2819a811f7befe4c8b
- hash: fb49a3c2bf8466798f0346639a3d94a0829524afd365dda714eb42863e8502e5
- hash: cb6046c1f133f7842fe6ae419cab4eed
- hash: 0cc3526531b5aa30fb54fb8040dabd3e4fb52c1d
- hash: 330cde21f8324b44a2ec6f0471b5a790f1216423f91bd67c8b2fe80ed0d4bcd5
- hash: 53d56b94a54f454043605351b7aa4b34
- hash: 349d06aa67b8e886e1bb56f4c9e659f307e8643b
- hash: 9c2a2efdab4195801905c2f9224099f9a017075e773c9660e56bed3fad08b23e
- hash: d9de836e645c40db5576d7334976fd8a
- hash: fee7abb1a26814098f4188b599387df811518770
- hash: 7be46bf5d6f94592f1a62e1943b5127a9e6c664729ba509c3e286d01270f2325
- hash: e59d08c96d9491b4a8cf07d0957e669c
- hash: 54e18a136258439ebb87b59b8b37be0d3d018dbd
- hash: c39f4a82642778198c30e8f2c06a70df627c558f159ce9fcfff0f5005e8efb0f
- hash: f9f30c5f8521cb2618ccb31960c1b598
- hash: 14129838382a816b9ac391af20a77a3289322a0a
- hash: 9dcf7893b4c18e6d1ed5554231b57937226adc8c3be8c389b715454fe75b6ab6
- hash: 0fe7e69bc6f4b0223f27656c4eb6edcb
- hash: f22a314b94e5cb46e0a4b3c68689c82b39d6c4d3
- hash: 64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a
- hash: 22efca03c72a9138012abccf517d42e0
- hash: fce06d3e352a3ff1efe89af63b371540d9c4dcbd
- hash: 7a804c51be230074557baa34d0b53f6c0ee6e76271fceef6b96f4c7646fba934
- hash: 1a55fc085063b6e48f6ecd6867f9c139
- hash: 4632df0d75ab4198a64ea7b80c77ab65604f2604
- hash: 538073d6951e80cee6cd2606ab90f6f5bb1a67cc16b2bacb0b712fd3ef010f42
- hash: 01a043167c5f956665ee333d08a71226
- hash: 5463aeaa7ba053df9bce2124e156e003c346c089
- hash: c0476477dac02df42dab7a04921988fecdda0652f5d40dd420c0e07b53665d96
- hash: c97a4714e38aa7f36e38735972d5ea23
- hash: 478466346e981c958e0385b6b21e1ed3cbcf558d
- hash: 656bcff52518bd53ae865533a6cd7188372ed4766a1c27c6dfacd7d363af8b52
- hash: 88ba15506ae497efd8995b5971a91ef3
- domain: arid.clears0il.ru
- file: 51.68.244.77
- hash: 7032
- domain: humus.clears0il.ru
- domain: howl.mistyw0lf.ru
- domain: dusk3.mistyw0lf.ru
- url: https://odeon-gongen.com/shopdetail/364/111299347
- url: https://knowledgemomentum-net.moneymaking-opportunities.com/
- domain: lair.mistyw0lf.ru
- domain: prowl.mistyw0lf.ru
- domain: fog.mistyw0lf.ru
- domain: coral.0ceandust.ru
- domain: silt7.0ceandust.ru
- domain: tide.0ceandust.ru
- url: https://shinsenkaku-osaka.com/
- domain: noct.black0wl.ru
- domain: talon2.black0wl.ru
- domain: perch.black0wl.ru
- domain: hoot.black0wl.ru
- domain: readbookstory.kozow.com
- domain: dusk.black0wl.ru
- url: http://62.60.226.159/zbuyowgn/data.php
- url: http://158.94.208.102/diamo/data.php
- url: http://196.251.107.23/diamo/data.php
- url: http://178.16.53.7/diamo/data.php
- url: http://196.251.107.61/diamo/data.php
- file: 158.94.208.102
- hash: 80
- domain: ember.redb1rth.ru
- file: 193.233.175.123
- hash: 1488
- domain: nova3.redb1rth.ru
- domain: dawn.redb1rth.ru
- domain: flare.redb1rth.ru
- domain: arch.safebr1dge.ru
- domain: span2.safebr1dge.ru
- file: 192.210.239.172
- hash: 2219
- domain: truss.safebr1dge.ru
- file: 134.175.186.196
- hash: 31303
- file: 111.170.148.153
- hash: 6666
- file: 149.104.30.242
- hash: 81
- file: 151.243.95.207
- hash: 8888
- file: 62.164.177.103
- hash: 9000
- file: 45.154.98.138
- hash: 4782
- file: 143.20.185.91
- hash: 808
- file: 103.177.47.27
- hash: 3790
- file: 103.177.47.51
- hash: 3790
- file: 103.177.46.11
- hash: 3790
- file: 103.177.47.25
- hash: 3790
- file: 103.177.47.42
- hash: 3790
- file: 103.177.47.22
- hash: 3790
- file: 103.177.46.108
- hash: 3790
- file: 103.177.47.68
- hash: 3790
- file: 103.177.47.23
- hash: 3790
- file: 103.177.46.12
- hash: 3790
- file: 103.177.47.28
- hash: 3790
- file: 103.177.46.91
- hash: 3790
- file: 103.177.47.21
- hash: 3790
- file: 103.177.46.8
- hash: 3790
- file: 103.177.46.22
- hash: 3790
- file: 103.177.46.78
- hash: 3790
- file: 103.177.46.95
- hash: 3790
- file: 103.177.46.28
- hash: 3790
- file: 103.177.47.48
- hash: 3790
- file: 103.177.47.37
- hash: 3790
- file: 103.177.47.32
- hash: 3790
- file: 20.195.41.174
- hash: 443
- domain: girder.safebr1dge.ru
- domain: pier4.safebr1dge.ru
- url: http://nuxc.cc/tmp/index.php
- url: http://obozintsev.ru/tmp/index.php
- url: http://olovge.at/tmp/index.php
- url: http://piratekings.online/tmp/index.php
- url: https://91.92.243.254/kelly/five/pvqdq929bsx_a_d_m1n_a.php
- url: https://94.156.119.187/pages/login.php
- url: https://fixedwr.click/api
- url: http://80.66.72.158/
- url: http://62.60.158.9/
- domain: prism.crystalroad.ru
- url: https://62.60.226.113/d1a2d2be9fcb458f.php
- url: http://37.221.66.174/a927e02a8d5e42df.php
- url: https://103.21.62.64/passport/index.php
- url: http://122.155.223.9/amssplus/index.php
- url: https://aboutpearlharbor.org/
- url: https://api.telegram.org/bot8194658562:aaeakhgba5yuasds5jfxv6gha22t6ixyf9i/
- domain: aromatic-salad.sa.com
- domain: dns.aromatic-salad.sa.com
- domain: fornoconti.co
- domain: gatex.fornoconti.co
- domain: jwnoynz6l.localto.net
- domain: malware.aromatic-salad.sa.com
- domain: malware.nazrej.sa.com
- domain: window.aromatic-salad.sa.com
- domain: xoilaczzxzpz.tv
- domain: lgaircon.xyz
- domain: quantizedcontroller.cloud-ip.cc
- domain: quantizedcontroller.didns.ru
- domain: quantizedcontroller.myaddr.io
- file: 118.107.6.209
- hash: 5000
- file: 154.12.50.119
- hash: 4888
- url: https://pastebin.com/raw/281m3qnx
- domain: v2.xoilacna.tv
- domain: v3.xoilacna.tv
- url: http://enahsmusic.com/lib/easing/fw5.php
- url: http://enahsmusic.com/lib/easing/fw1.php
- url: http://enahsmusic.com/lib/easing/fw2.php
- url: http://enahsmusic.com/lib/easing/fw3.php
- url: http://enahsmusic.com/lib/easing/fw4.php
- url: http://enahsmusic.com/lib/easing/fw1.exe
- url: http://enahsmusic.com/lib/easing/fw2.exe
- url: http://enahsmusic.com/lib/easing/fw3.exe
- url: http://enahsmusic.com/lib/easing/fw4.exe
- url: http://enahsmusic.com/lib/easing/fw5.exe
- domain: enahsmusic.com
- url: http://chiddy.baxishop.ro/panel/fre.php
- domain: cashing.is-a-llama.com
- domain: nerverdieorcus.selfip.biz
- domain: netplg.mlbfan.org
- domain: v2.nazrej.sa.com
- domain: v3.aromatic-salad.sa.com
- url: http://telegalive.top/frombobu98s
- url: http://telegin.top/frombobu98s
- url: http://telegin.top/rino115sipsip
- url: http://telegka.top/rino115sipsip
- url: http://telegraf.top/frombobu98s
- url: http://teletele.top/frombobu98s
- url: http://toptelete.top/frombobu98s
- url: http://ttmirror.top/frombobu98s
- url: https://t.me/frombobu98s
- url: https://t.me/gishsunsetman
- url: https://t.me/rino115sipsip
- url: https://tttttt.me/bghost13
- url: https://tttttt.me/homahomabtat
- file: 192.227.217.229
- hash: 21722
- domain: facet2.crystalroad.ru
- url: http://www.zzepms.com/askhelp52/askinstall52.exe
- url: https://cdn.discordapp.com/attachments/873244194234318850/895746980494585856/pctool.exe
- url: https://cdn.discordapp.com/attachments/902593911397175306/906840671875399740/pctool.exe
- domain: maroni823.sytes.net
- domain: allahuhq7777-54726.portmap.host
- domain: school-argument.gl.at.ply.gg
- file: 195.20.17.33
- hash: 443
- file: 219.246.21.240
- hash: 8860
- file: 219.246.21.241
- hash: 8860
- domain: quartz.crystalroad.ru
- domain: ridge.crystalroad.ru
- domain: ez72.cl0udforge.ru
- domain: wahh.cl0udforge.ru
- domain: deep.cl0udforge.ru
- domain: wie.cl0udforge.ru
- domain: 7hz0p.mintdr1ft.ru
- domain: akjycare.live
- domain: 6axg.mintdr1ft.ru
- url: https://178.159.11.216/
- url: https://fxo.demisemarzban.top/
- url: https://fxo.hanel.work/
- url: https://hro.demisemarzban.top/
- url: https://hro.hanel.work/
- url: https://hro.333202.xyz/
- url: https://gov.333202.xyz/
- url: https://gov.hanel.work/
- url: https://mx1.333202.xyz/
- url: https://mx1.keyzsoft.com/
- url: https://mng.333202.xyz/
- url: https://mng.keyzsoft.com/
- url: https://mof.akina.ovh/
- url: https://fix.akina.ovh/
- url: https://ity.akina.ovh/
- url: https://mng.akina.ovh/
- url: https://mng.748202.xyz/
- url: https://mof.arramis1.top/
- url: https://ctr.arramis1.top/
- url: https://ity.keyzsoft.com/
- url: https://cr.keyzsoft.net/
- url: https://fix.keyzsoft.net/
- url: https://95.217.240.117/
- url: https://95.217.242.95/
- url: https://95.217.25.244/
- url: https://46.224.107.187/
- url: https://65.109.242.86/
- url: https://91.124.149.231/
- url: https://95.216.176.2/
- url: https://46.224.48.142/
- url: https://86.54.42.138/
- url: https://95.217.28.117/
- url: https://95.216.177.27/
- url: https://95.217.242.205/
- url: https://91.98.43.138/
- url: https://95.217.25.1/
- url: https://65.109.241.240/
- url: https://95.217.241.248/
- url: https://91.107.252.37/
- url: https://91.124.149.229/
- domain: fxo.demisemarzban.top
- domain: fxo.hanel.work
- domain: hro.demisemarzban.top
- domain: hro.hanel.work
- domain: hro.333202.xyz
- domain: gov.333202.xyz
- domain: mx1.333202.xyz
- domain: mx1.keyzsoft.com
- domain: mng.333202.xyz
- domain: mng.keyzsoft.com
- domain: mof.akina.ovh
- domain: fix.akina.ovh
- domain: ity.akina.ovh
- domain: mng.akina.ovh
- domain: mng.748202.xyz
- domain: mof.arramis1.top
- domain: ctr.arramis1.top
- domain: cr.keyzsoft.net
- domain: fix.keyzsoft.net
- file: 95.216.181.100
- hash: 443
- file: 116.202.3.184
- hash: 443
- file: 78.47.123.242
- hash: 443
- file: 95.217.240.117
- hash: 443
- file: 95.217.242.95
- hash: 443
- file: 95.217.25.244
- hash: 443
- file: 46.224.107.187
- hash: 443
- file: 65.109.242.86
- hash: 443
- file: 91.124.149.231
- hash: 443
- file: 95.216.176.2
- hash: 443
- file: 46.224.48.142
- hash: 443
- file: 86.54.42.138
- hash: 443
- file: 95.217.28.117
- hash: 443
- file: 95.216.177.27
- hash: 443
- file: 95.217.242.205
- hash: 443
- file: 95.217.25.1
- hash: 443
- file: 65.109.241.240
- hash: 443
- file: 95.217.241.248
- hash: 443
- file: 91.107.252.37
- hash: 443
- file: 157.90.147.67
- hash: 443
- file: 91.124.149.229
- hash: 443
- domain: mix.mintdr1ft.ru
- domain: field.mintdr1ft.ru
- domain: wave.softm1nd.ru
- domain: fx.softm1nd.ru
- domain: beta.softm1nd.ru
- file: 38.147.170.55
- hash: 443
- file: 38.147.170.55
- hash: 9999
- domain: ember.softm1nd.ru
- file: 162.19.205.184
- hash: 443
- file: 45.88.186.199
- hash: 8808
- file: 23.95.106.22
- hash: 35490
- file: 77.3.217.7
- hash: 7443
- file: 14.103.142.173
- hash: 3333
- file: 8.211.156.87
- hash: 8090
- domain: wind.stormm1nt.ru
- domain: j24uv.stormm1nt.ru
- domain: crest.stormm1nt.ru
- domain: bridge.stormm1nt.ru
- domain: mind.cloudn0de.ru
- domain: gx5xq.cloudn0de.ru
- file: 47.83.182.65
- hash: 443
- domain: yuseef-57605.portmap.host
- file: 144.34.182.81
- hash: 8001
- file: 178.18.255.229
- hash: 8089
- file: 143.198.176.156
- hash: 443
- file: 206.71.149.162
- hash: 8090
- file: 54.249.141.45
- hash: 80
- file: 199.101.111.168
- hash: 3790
- file: 199.101.111.158
- hash: 3790
- domain: querahinor.xyz
- domain: kanagoriyn.xyz
- domain: hadachannt.xyz
- file: 154.12.87.24
- hash: 800
- domain: 88r.cloudn0de.ru
- file: 46.246.4.4
- hash: 7076
- domain: work.cloudn0de.ru
- domain: 7kqic.corest0rm.ru
- url: https://miov2iaiaoubqosiqoiajwowiwjso.online/login
- url: https://mioisiskwowiwjowuwjwolab.club/login
- domain: zpv.corest0rm.ru
- domain: range.corest0rm.ru
- file: 8.138.214.65
- hash: 8080
- domain: o3n.corest0rm.ru
- url: http://167.71.90.208:8888/supershell/login/
- domain: node.skysh1ft.ru
- url: https://tra.akina.ovh/
- url: https://tra.asrkala.top/
- domain: tra.akina.ovh
- domain: tra.asrkala.top
- domain: forge.skysh1ft.ru
- domain: us.skysh1ft.ru
- domain: delta.skysh1ft.ru
- domain: stone.frostl1ne.ru
- domain: rm.frostl1ne.ru
- file: 94.154.35.61
- hash: 6000
- url: http://transmagistralcountysystem.info:8080/updater?for=5120d3fedd36eac912db54c863ce59bb
- url: http://194.87.54.82/tumka.odd
- domain: 2controller.ru
- url: http://2controller.ru/videos.html
- domain: 3controller.ru
- url: http://3controller.ru/videos.html
- domain: 4controller.ru
- url: http://4controller.ru/videos.html
- domain: 5controller.ru
- url: http://5controller.ru/videos.html
- domain: 6controller.ru
- url: http://6controller.ru/videos.html
- domain: 7controller.ru
- domain: sbbc8.frostl1ne.ru
- url: http://7controller.ru/videos.html
- domain: 8controller.ru
- url: http://8controller.ru/videos.html
- domain: 9controller.ru
- url: http://9controller.ru/videos.html
- domain: 10controller.ru
- url: http://10controller.ru/videos.html
- domain: 2controller.online
- url: http://2controller.online/videos.html
- domain: 3controller.online
- url: http://3controller.online/videos.html
- domain: 4controller.online
- domain: apm.frostl1ne.ru
- url: http://4controller.online/videos.html
- domain: 5controller.online
- url: http://5controller.online/videos.html
- domain: 6controller.online
- url: http://6controller.online/videos.html
- domain: 7controller.online
- url: http://7controller.online/videos.html
- domain: 8controller.online
- url: http://8controller.online/videos.html
- domain: 9controller.online
- url: http://9controller.online/videos.html
- domain: 10controller.online
- url: http://10controller.online/videos.html
- domain: rain.mistw0rk.ru
- domain: sotavpn.shop
- domain: hgdm.mistw0rk.ru
- domain: m9pld.mistw0rk.ru
- domain: light.mistw0rk.ru
- domain: e91n.darkf1eld.ru
- file: 144.31.196.39
- hash: 8443
- file: 194.36.190.59
- hash: 8443
- file: 77.239.120.250
- hash: 8443
- file: 144.31.196.10
- hash: 8443
- domain: fq3v.darkf1eld.ru
- hash: 169e6b98a8d3a011105f9962c01c8e52fd42c53ece11e81d9b22407f522aeada
- domain: nova.darkf1eld.ru
- domain: drift.darkf1eld.ru
- domain: 75.wave5tone.ru
- domain: form.wave5tone.ru
- domain: 3i.wave5tone.ru
- file: 45.67.56.129
- hash: 18888
- file: 67.21.33.174
- hash: 443
- file: 41.216.188.18
- hash: 2404
- domain: kqlik.wave5tone.ru
- domain: n8a.lightw1nd.ru
- domain: bim.sa.com
- domain: dark.lightw1nd.ru
- domain: kimv9.lightw1nd.ru
- domain: www.exodusupdate.app
- domain: api.upscholarship.co.com
- domain: chrome.upscholarship.co.com
- domain: download.upscholarship.co.com
- domain: mail.upscholarship.co.com
- domain: lmsx6.lightw1nd.ru
- domain: elijah.ru.com
- domain: pbcollege.in.net
- domain: gb.cloudm1x.ru
- domain: monginiscake.in.net
- domain: s28z.cloudm1x.ru
- domain: pedhelp.top
- domain: nexus.cloudm1x.ru
- domain: 1jm.cloudm1x.ru
- domain: storm.darksh1ft.ru
- file: 157.245.79.120
- hash: 39691
- domain: 6w5w.darksh1ft.ru
- domain: nai.kurol.c.sparixx.silverpath.qzz.io
- file: 91.200.220.143
- hash: 101
- file: 45.153.34.241
- hash: 3778
- domain: u31.darksh1ft.ru
- domain: vseq.darksh1ft.ru
- domain: donnydonzg123-55083.portmap.host
- domain: doitdoit.ddns.net
- domain: dndn01.ddns.net
- domain: lmn293498-43963.portmap.host
- domain: cloudflaredns.duckdns.org
- domain: ra7.mintl1ne.ru
- domain: shift.mintl1ne.ru
- domain: sky.mintl1ne.ru
- file: 103.156.25.26
- hash: 443
- domain: cloud.mintl1ne.ru
- file: 144.172.103.138
- hash: 8443
- domain: 7k4.windm1st.ru
- domain: pixel.windm1st.ru
- domain: night.windm1st.ru
- domain: a5uis.windm1st.ru
- file: 143.110.129.14
- hash: 8001
- domain: spark.nightp1xel.ru
- domain: uzpwg.nightp1xel.ru
- domain: 5cpy.nightp1xel.ru
- domain: soft.nightp1xel.ru
- domain: 9r6r.deep5ky.ru
- file: 101.126.11.79
- hash: 80
- file: 101.126.11.79
- hash: 443
- file: 23.235.174.6
- hash: 9878
- file: 39.105.200.188
- hash: 443
- file: 115.190.58.252
- hash: 8080
- file: 144.31.3.210
- hash: 443
- file: 62.164.177.105
- hash: 15647
- file: 62.164.177.105
- hash: 9000
- file: 102.117.166.101
- hash: 7443
- file: 1.52.214.174
- hash: 443
- file: 141.8.199.207
- hash: 4444
- file: 44.210.142.192
- hash: 8273
- file: 13.222.150.53
- hash: 790
- file: 196.75.22.74
- hash: 2222
- domain: n2pi1.deep5ky.ru
- domain: line.deep5ky.ru
- domain: xib.deep5ky.ru
- domain: brighttv.in.net
- domain: gamma.stormc0de.ru
- domain: 967m.stormc0de.ru
- domain: om0o.stormc0de.ru
- domain: frost.stormc0de.ru
- domain: pp5.frostn0de.ru
- domain: brands.khaitara.com
- domain: 5qjh.frostn0de.ru
- domain: b6.frostn0de.ru
- domain: 28p.frostn0de.ru
- domain: ay.rainst0rm.ru
- domain: r9.rainst0rm.ru
- domain: ft.rainst0rm.ru
- domain: code.rainst0rm.ru
- domain: bv251.skyf0rm.ru
- domain: cjiu4.skyf0rm.ru
- domain: 2v6tz.skyf0rm.ru
- domain: 4d.skyf0rm.ru
- domain: xthz.softc0re.ru
- domain: c12.softc0re.ru
- domain: hq5s.softc0re.ru
- domain: 0k.softc0re.ru
- file: 162.141.92.172
- hash: 8443
- file: 87.229.95.2
- hash: 8443
- domain: warp.thrumblex.ru
- domain: shift.thrumblex.ru
ThreatFox IOCs for 2025-12-15
0
MediumPublished: Mon Dec 15 2025 (12/15/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-12-15
AI-Powered Analysis
AILast updated: 12/16/2025, 00:30:21 UTC
Technical Analysis
The ThreatFox IOCs for 2025-12-15 represent a set of indicators of compromise related to malware activities primarily involving OSINT (Open Source Intelligence) and network activity aimed at payload delivery. Although the exact malware family or variant is not specified, the categorization suggests the threat actors use publicly available intelligence to identify targets and deliver malicious payloads via network vectors. The absence of affected versions and known exploits in the wild indicates this is either a newly emerging threat or a collection of IOCs without confirmed active exploitation. The threat level and analysis scores are low to moderate, while distribution is relatively higher, implying these IOCs are being shared or observed across multiple environments but without confirmed widespread exploitation. The lack of patches and CWEs suggests this is not a vulnerability-based threat but rather a malware campaign or toolkit leveraging network reconnaissance and delivery mechanisms. The TLP:white tag indicates the information is intended for broad sharing, emphasizing the need for awareness and proactive defense. The technical details and absence of specific indicators limit detailed technical mitigation but highlight the importance of OSINT-driven threat intelligence in detecting and preventing payload delivery attempts.
Potential Impact
For European organizations, the primary impact of this threat lies in potential unauthorized network access and payload delivery that could compromise confidentiality and availability. Since the threat involves OSINT and network activity, attackers may leverage publicly available information to tailor attacks, increasing their success rate. Payload delivery could lead to malware infections, data exfiltration, or service disruptions. The absence of known exploits and patches suggests the threat is in reconnaissance or early delivery stages, but if successful, it could escalate to more severe impacts such as ransomware or data breaches. Organizations relying heavily on networked infrastructure and exposed services are at higher risk. The medium severity indicates moderate risk but warrants attention to prevent escalation. Disruption to critical infrastructure, financial institutions, and government agencies in Europe could have broader socio-economic consequences.
Mitigation Recommendations
European organizations should implement advanced network monitoring and anomaly detection to identify unusual payload delivery attempts and reconnaissance activities. Integrating OSINT-based threat intelligence feeds like ThreatFox into security information and event management (SIEM) systems can improve detection capabilities. Employ strict network segmentation and enforce least privilege access to limit lateral movement if payload delivery succeeds. Deploy next-generation firewalls and intrusion prevention systems with updated signatures to block known malicious payloads. Conduct regular threat hunting exercises focusing on network activity patterns associated with OSINT-driven attacks. Enhance employee awareness about social engineering and spear-phishing tactics that may accompany payload delivery. Since no patches are available, focus on hardening network defenses and timely incident response planning. Collaborate with national cybersecurity centers to share intelligence and coordinate defenses against emerging threats.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 9d7a58df-51f0-4f7a-872d-1167011c6f1c
- Original Timestamp
- 1765843386
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://94.156.119.187/pages/login.php | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://45.148.8.121:5000/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://euob.youstarsbuilding.com/sxp/i/636f8b858f681acb7bfa6f583a96630a.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://obseu.youstarsbuilding.com/ns/636f8b858f681acb7bfa6f583a96630a.html?ch=adsdeli%20-%20iframe | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://jewelryexchange.com | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://annietello.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://gaines-kg.jp/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://odeon-gongen.com/shopdetail/364/111299347 | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://knowledgemomentum-net.moneymaking-opportunities.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://shinsenkaku-osaka.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttp://62.60.226.159/zbuyowgn/data.php | Unknown Stealer botnet C2 (confidence level: 100%) | |
urlhttp://158.94.208.102/diamo/data.php | Unknown Stealer botnet C2 (confidence level: 100%) | |
urlhttp://196.251.107.23/diamo/data.php | Unknown Stealer botnet C2 (confidence level: 100%) | |
urlhttp://178.16.53.7/diamo/data.php | Unknown Stealer botnet C2 (confidence level: 100%) | |
urlhttp://196.251.107.61/diamo/data.php | Unknown Stealer botnet C2 (confidence level: 100%) | |
urlhttp://nuxc.cc/tmp/index.php | SmokeLoader botnet C2 (confidence level: 75%) | |
urlhttp://obozintsev.ru/tmp/index.php | SmokeLoader botnet C2 (confidence level: 75%) | |
urlhttp://olovge.at/tmp/index.php | SmokeLoader botnet C2 (confidence level: 75%) | |
urlhttp://piratekings.online/tmp/index.php | SmokeLoader botnet C2 (confidence level: 75%) | |
urlhttps://91.92.243.254/kelly/five/pvqdq929bsx_a_d_m1n_a.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 50%) | |
urlhttps://94.156.119.187/pages/login.php | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://fixedwr.click/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttp://80.66.72.158/ | Hook botnet C2 (confidence level: 50%) | |
urlhttp://62.60.158.9/ | Hook botnet C2 (confidence level: 50%) | |
urlhttps://62.60.226.113/d1a2d2be9fcb458f.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttp://37.221.66.174/a927e02a8d5e42df.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttps://103.21.62.64/passport/index.php | Amadey botnet C2 (confidence level: 50%) | |
urlhttp://122.155.223.9/amssplus/index.php | Amadey botnet C2 (confidence level: 50%) | |
urlhttps://aboutpearlharbor.org/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://api.telegram.org/bot8194658562:aaeakhgba5yuasds5jfxv6gha22t6ixyf9i/ | Agent Tesla botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/raw/281m3qnx | DCRat botnet C2 (confidence level: 50%) | |
urlhttp://enahsmusic.com/lib/easing/fw5.php | Unknown Loader botnet C2 (confidence level: 50%) | |
urlhttp://enahsmusic.com/lib/easing/fw1.php | Unknown Loader botnet C2 (confidence level: 50%) | |
urlhttp://enahsmusic.com/lib/easing/fw2.php | Unknown Loader botnet C2 (confidence level: 50%) | |
urlhttp://enahsmusic.com/lib/easing/fw3.php | Unknown Loader botnet C2 (confidence level: 50%) | |
urlhttp://enahsmusic.com/lib/easing/fw4.php | Unknown Loader botnet C2 (confidence level: 50%) | |
urlhttp://enahsmusic.com/lib/easing/fw1.exe | Unknown Loader payload delivery URL (confidence level: 50%) | |
urlhttp://enahsmusic.com/lib/easing/fw2.exe | Unknown Loader payload delivery URL (confidence level: 50%) | |
urlhttp://enahsmusic.com/lib/easing/fw3.exe | Unknown Loader payload delivery URL (confidence level: 50%) | |
urlhttp://enahsmusic.com/lib/easing/fw4.exe | Unknown Loader payload delivery URL (confidence level: 50%) | |
urlhttp://enahsmusic.com/lib/easing/fw5.exe | Unknown Loader payload delivery URL (confidence level: 50%) | |
urlhttp://chiddy.baxishop.ro/panel/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 50%) | |
urlhttp://telegalive.top/frombobu98s | Raccoon botnet C2 (confidence level: 50%) | |
urlhttp://telegin.top/frombobu98s | Raccoon botnet C2 (confidence level: 50%) | |
urlhttp://telegin.top/rino115sipsip | Raccoon botnet C2 (confidence level: 50%) | |
urlhttp://telegka.top/rino115sipsip | Raccoon botnet C2 (confidence level: 50%) | |
urlhttp://telegraf.top/frombobu98s | Raccoon botnet C2 (confidence level: 50%) | |
urlhttp://teletele.top/frombobu98s | Raccoon botnet C2 (confidence level: 50%) | |
urlhttp://toptelete.top/frombobu98s | Raccoon botnet C2 (confidence level: 50%) | |
urlhttp://ttmirror.top/frombobu98s | Raccoon botnet C2 (confidence level: 50%) | |
urlhttps://t.me/frombobu98s | Raccoon botnet C2 (confidence level: 50%) | |
urlhttps://t.me/gishsunsetman | Raccoon botnet C2 (confidence level: 50%) | |
urlhttps://t.me/rino115sipsip | Raccoon botnet C2 (confidence level: 50%) | |
urlhttps://tttttt.me/bghost13 | Raccoon botnet C2 (confidence level: 50%) | |
urlhttps://tttttt.me/homahomabtat | Raccoon botnet C2 (confidence level: 50%) | |
urlhttp://www.zzepms.com/askhelp52/askinstall52.exe | Unknown Loader payload delivery URL (confidence level: 50%) | |
urlhttps://cdn.discordapp.com/attachments/873244194234318850/895746980494585856/pctool.exe | Unknown Loader payload delivery URL (confidence level: 50%) | |
urlhttps://cdn.discordapp.com/attachments/902593911397175306/906840671875399740/pctool.exe | Unknown Loader payload delivery URL (confidence level: 50%) | |
urlhttps://178.159.11.216/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://fxo.demisemarzban.top/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://fxo.hanel.work/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://hro.demisemarzban.top/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://hro.hanel.work/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://hro.333202.xyz/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://gov.333202.xyz/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://gov.hanel.work/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://mx1.333202.xyz/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://mx1.keyzsoft.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://mng.333202.xyz/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://mng.keyzsoft.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://mof.akina.ovh/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://fix.akina.ovh/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ity.akina.ovh/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://mng.akina.ovh/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://mng.748202.xyz/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://mof.arramis1.top/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ctr.arramis1.top/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ity.keyzsoft.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://cr.keyzsoft.net/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://fix.keyzsoft.net/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.217.240.117/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.217.242.95/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.217.25.244/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://46.224.107.187/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://65.109.242.86/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://91.124.149.231/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.216.176.2/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://46.224.48.142/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://86.54.42.138/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.217.28.117/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.216.177.27/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.217.242.205/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://91.98.43.138/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.217.25.1/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://65.109.241.240/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.217.241.248/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://91.107.252.37/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://91.124.149.229/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://miov2iaiaoubqosiqoiajwowiwjso.online/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://mioisiskwowiwjowuwjwolab.club/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://167.71.90.208:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://tra.akina.ovh/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://tra.asrkala.top/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://transmagistralcountysystem.info:8080/updater?for=5120d3fedd36eac912db54c863ce59bb | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://194.87.54.82/tumka.odd | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://2controller.ru/videos.html | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://3controller.ru/videos.html | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://4controller.ru/videos.html | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://5controller.ru/videos.html | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://6controller.ru/videos.html | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://7controller.ru/videos.html | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://8controller.ru/videos.html | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://9controller.ru/videos.html | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://10controller.ru/videos.html | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://2controller.online/videos.html | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://3controller.online/videos.html | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://4controller.online/videos.html | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://5controller.online/videos.html | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://6controller.online/videos.html | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://7controller.online/videos.html | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://8controller.online/videos.html | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://9controller.online/videos.html | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://10controller.online/videos.html | Unknown malware payload delivery URL (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domaintvm-systems.uk.com | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domainapi.livesquare.uk.com | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domaindownload.livesquare.uk.com | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domainimg.livesquare.uk.com | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domainlog.livesquare.uk.com | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domainmail.livesquare.uk.com | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domaintrh.uk.com | Quasar RAT botnet C2 domain (confidence level: 75%) | |
domainrevounecses.run | Hook botnet C2 domain (confidence level: 100%) | |
domainfog.mistybr1dge.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintruss.mistybr1dge.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainswift.rapidstone.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainshard.rapidstone.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintalus3.rapidstone.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainscree.rapidstone.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainridge.rapidstone.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainplush.s0ftcliff.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainledge2.s0ftcliff.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincush.s0ftcliff.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainloam.s0ftcliff.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainapex.cl0udcrest.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainalto3.cl0udcrest.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzenith.cl0udcrest.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnadir.cl0udcrest.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpeak.cl0udcrest.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrime.frostb1te.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhoar2.frostb1te.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmiov2iaiaoubqosiqoiajwowiwjso.online | Unidentified macOS 001 (UnionCryptoTrader) botnet C2 domain (confidence level: 75%) | |
domainmioisiskwowiwjowuwjwolab.club | Unidentified macOS 001 (UnionCryptoTrader) botnet C2 domain (confidence level: 75%) | |
domaingelid.frostb1te.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainflurry4.frostb1te.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnip.frostb1te.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingust.windtrace.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintrail3.windtrace.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzephyr.windtrace.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainns524280.ip-192-99-232.net | Cobalt Strike botnet C2 domain (confidence level: 50%) | |
domaindav131.duckdns.org | XWorm botnet C2 domain (confidence level: 75%) | |
domainnastwest.icu | Havoc botnet C2 domain (confidence level: 100%) | |
domainloam.clears0il.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintilth2.clears0il.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainarid.clears0il.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhumus.clears0il.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhowl.mistyw0lf.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindusk3.mistyw0lf.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlair.mistyw0lf.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainprowl.mistyw0lf.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfog.mistyw0lf.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincoral.0ceandust.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsilt7.0ceandust.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintide.0ceandust.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnoct.black0wl.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintalon2.black0wl.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainperch.black0wl.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhoot.black0wl.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainreadbookstory.kozow.com | XWorm botnet C2 domain (confidence level: 75%) | |
domaindusk.black0wl.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainember.redb1rth.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnova3.redb1rth.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindawn.redb1rth.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainflare.redb1rth.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainarch.safebr1dge.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainspan2.safebr1dge.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintruss.safebr1dge.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingirder.safebr1dge.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpier4.safebr1dge.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainprism.crystalroad.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainaromatic-salad.sa.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaindns.aromatic-salad.sa.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainfornoconti.co | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.fornoconti.co | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainjwnoynz6l.localto.net | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainmalware.aromatic-salad.sa.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainmalware.nazrej.sa.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainwindow.aromatic-salad.sa.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainxoilaczzxzpz.tv | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainlgaircon.xyz | Cobalt Strike botnet C2 domain (confidence level: 50%) | |
domainquantizedcontroller.cloud-ip.cc | Cobalt Strike botnet C2 domain (confidence level: 50%) | |
domainquantizedcontroller.didns.ru | Cobalt Strike botnet C2 domain (confidence level: 50%) | |
domainquantizedcontroller.myaddr.io | Cobalt Strike botnet C2 domain (confidence level: 50%) | |
domainv2.xoilacna.tv | DCRat botnet C2 domain (confidence level: 50%) | |
domainv3.xoilacna.tv | DCRat botnet C2 domain (confidence level: 50%) | |
domainenahsmusic.com | Unknown Loader botnet C2 domain (confidence level: 50%) | |
domaincashing.is-a-llama.com | NetWire RC botnet C2 domain (confidence level: 50%) | |
domainnerverdieorcus.selfip.biz | NetWire RC botnet C2 domain (confidence level: 50%) | |
domainnetplg.mlbfan.org | NetWire RC botnet C2 domain (confidence level: 50%) | |
domainv2.nazrej.sa.com | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainv3.aromatic-salad.sa.com | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainfacet2.crystalroad.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmaroni823.sytes.net | XenoRAT botnet C2 domain (confidence level: 50%) | |
domainallahuhq7777-54726.portmap.host | XWorm botnet C2 domain (confidence level: 50%) | |
domainschool-argument.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainquartz.crystalroad.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainridge.crystalroad.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainez72.cl0udforge.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwahh.cl0udforge.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindeep.cl0udforge.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwie.cl0udforge.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain7hz0p.mintdr1ft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainakjycare.live | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domain6axg.mintdr1ft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfxo.demisemarzban.top | Vidar botnet C2 domain (confidence level: 100%) | |
domainfxo.hanel.work | Vidar botnet C2 domain (confidence level: 100%) | |
domainhro.demisemarzban.top | Vidar botnet C2 domain (confidence level: 100%) | |
domainhro.hanel.work | Vidar botnet C2 domain (confidence level: 100%) | |
domainhro.333202.xyz | Vidar botnet C2 domain (confidence level: 100%) | |
domaingov.333202.xyz | Vidar botnet C2 domain (confidence level: 100%) | |
domainmx1.333202.xyz | Vidar botnet C2 domain (confidence level: 100%) | |
domainmx1.keyzsoft.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainmng.333202.xyz | Vidar botnet C2 domain (confidence level: 100%) | |
domainmng.keyzsoft.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainmof.akina.ovh | Vidar botnet C2 domain (confidence level: 100%) | |
domainfix.akina.ovh | Vidar botnet C2 domain (confidence level: 100%) | |
domainity.akina.ovh | Vidar botnet C2 domain (confidence level: 100%) | |
domainmng.akina.ovh | Vidar botnet C2 domain (confidence level: 100%) | |
domainmng.748202.xyz | Vidar botnet C2 domain (confidence level: 100%) | |
domainmof.arramis1.top | Vidar botnet C2 domain (confidence level: 100%) | |
domainctr.arramis1.top | Vidar botnet C2 domain (confidence level: 100%) | |
domaincr.keyzsoft.net | Vidar botnet C2 domain (confidence level: 100%) | |
domainfix.keyzsoft.net | Vidar botnet C2 domain (confidence level: 100%) | |
domainmix.mintdr1ft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfield.mintdr1ft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwave.softm1nd.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfx.softm1nd.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbeta.softm1nd.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainember.softm1nd.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwind.stormm1nt.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainj24uv.stormm1nt.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincrest.stormm1nt.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbridge.stormm1nt.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmind.cloudn0de.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingx5xq.cloudn0de.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainyuseef-57605.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainquerahinor.xyz | RedLine Stealer botnet C2 domain (confidence level: 100%) | |
domainkanagoriyn.xyz | RedLine Stealer botnet C2 domain (confidence level: 100%) | |
domainhadachannt.xyz | RedLine Stealer botnet C2 domain (confidence level: 100%) | |
domain88r.cloudn0de.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwork.cloudn0de.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain7kqic.corest0rm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzpv.corest0rm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrange.corest0rm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaino3n.corest0rm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnode.skysh1ft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintra.akina.ovh | Vidar botnet C2 domain (confidence level: 100%) | |
domaintra.asrkala.top | Vidar botnet C2 domain (confidence level: 100%) | |
domainforge.skysh1ft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainus.skysh1ft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindelta.skysh1ft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainstone.frostl1ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrm.frostl1ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain2controller.ru | Unknown malware payload delivery domain (confidence level: 100%) | |
domain3controller.ru | Unknown malware payload delivery domain (confidence level: 100%) | |
domain4controller.ru | Unknown malware payload delivery domain (confidence level: 100%) | |
domain5controller.ru | Unknown malware payload delivery domain (confidence level: 100%) | |
domain6controller.ru | Unknown malware payload delivery domain (confidence level: 100%) | |
domain7controller.ru | Unknown malware payload delivery domain (confidence level: 100%) | |
domainsbbc8.frostl1ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain8controller.ru | Unknown malware payload delivery domain (confidence level: 100%) | |
domain9controller.ru | Unknown malware payload delivery domain (confidence level: 100%) | |
domain10controller.ru | Unknown malware payload delivery domain (confidence level: 100%) | |
domain2controller.online | Unknown malware payload delivery domain (confidence level: 100%) | |
domain3controller.online | Unknown malware payload delivery domain (confidence level: 100%) | |
domain4controller.online | Unknown malware payload delivery domain (confidence level: 100%) | |
domainapm.frostl1ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain5controller.online | Unknown malware payload delivery domain (confidence level: 100%) | |
domain6controller.online | Unknown malware payload delivery domain (confidence level: 100%) | |
domain7controller.online | Unknown malware payload delivery domain (confidence level: 100%) | |
domain8controller.online | Unknown malware payload delivery domain (confidence level: 100%) | |
domain9controller.online | Unknown malware payload delivery domain (confidence level: 100%) | |
domain10controller.online | Unknown malware payload delivery domain (confidence level: 100%) | |
domainrain.mistw0rk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsotavpn.shop | Unknown malware payload delivery domain (confidence level: 100%) | |
domainhgdm.mistw0rk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm9pld.mistw0rk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlight.mistw0rk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaine91n.darkf1eld.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfq3v.darkf1eld.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnova.darkf1eld.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindrift.darkf1eld.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain75.wave5tone.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainform.wave5tone.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain3i.wave5tone.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkqlik.wave5tone.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainn8a.lightw1nd.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbim.sa.com | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domaindark.lightw1nd.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkimv9.lightw1nd.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwww.exodusupdate.app | Unknown RAT payload delivery domain (confidence level: 100%) | |
domainapi.upscholarship.co.com | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domainchrome.upscholarship.co.com | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domaindownload.upscholarship.co.com | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domainmail.upscholarship.co.com | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domainlmsx6.lightw1nd.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainelijah.ru.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainpbcollege.in.net | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingb.cloudm1x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmonginiscake.in.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domains28z.cloudm1x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpedhelp.top | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainnexus.cloudm1x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain1jm.cloudm1x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainstorm.darksh1ft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain6w5w.darksh1ft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnai.kurol.c.sparixx.silverpath.qzz.io | Mirai botnet C2 domain (confidence level: 100%) | |
domainu31.darksh1ft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainvseq.darksh1ft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindonnydonzg123-55083.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domaindoitdoit.ddns.net | Remcos botnet C2 domain (confidence level: 100%) | |
domaindndn01.ddns.net | Remcos botnet C2 domain (confidence level: 100%) | |
domainlmn293498-43963.portmap.host | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaincloudflaredns.duckdns.org | NjRAT botnet C2 domain (confidence level: 100%) | |
domainra7.mintl1ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainshift.mintl1ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsky.mintl1ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincloud.mintl1ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain7k4.windm1st.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpixel.windm1st.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnight.windm1st.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaina5uis.windm1st.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainspark.nightp1xel.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainuzpwg.nightp1xel.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain5cpy.nightp1xel.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsoft.nightp1xel.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain9r6r.deep5ky.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainn2pi1.deep5ky.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainline.deep5ky.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainxib.deep5ky.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbrighttv.in.net | Quasar RAT botnet C2 domain (confidence level: 75%) | |
domaingamma.stormc0de.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain967m.stormc0de.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainom0o.stormc0de.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfrost.stormc0de.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpp5.frostn0de.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbrands.khaitara.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domain5qjh.frostn0de.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb6.frostn0de.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain28p.frostn0de.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainay.rainst0rm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainr9.rainst0rm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainft.rainst0rm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincode.rainst0rm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbv251.skyf0rm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincjiu4.skyf0rm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain2v6tz.skyf0rm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain4d.skyf0rm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainxthz.softc0re.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc12.softc0re.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhq5s.softc0re.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain0k.softc0re.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwarp.thrumblex.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainshift.thrumblex.ru | ClearFake payload delivery domain (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file45.148.8.121 | Unknown malware botnet C2 server (confidence level: 100%) | |
file82.22.184.127 | Mirai botnet C2 server (confidence level: 80%) | |
file23.235.174.8 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.245.93.89 | Remcos botnet C2 server (confidence level: 100%) | |
file176.117.107.202 | Remcos botnet C2 server (confidence level: 100%) | |
file18.158.60.15 | Sliver botnet C2 server (confidence level: 100%) | |
file179.95.160.102 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file217.60.249.120 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file23.105.252.167 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file199.101.111.47 | Meterpreter botnet C2 server (confidence level: 100%) | |
file3.34.125.22 | Unknown malware botnet C2 server (confidence level: 100%) | |
file143.92.62.89 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file45.93.20.187 | Stealc botnet C2 server (confidence level: 100%) | |
file196.251.107.97 | Unidentified macOS 001 (UnionCryptoTrader) botnet C2 server (confidence level: 75%) | |
file2.59.219.26 | XWorm botnet C2 server (confidence level: 100%) | |
file139.159.149.202 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file217.76.56.238 | Remcos botnet C2 server (confidence level: 100%) | |
file144.172.103.138 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file144.172.103.138 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file62.164.177.103 | SectopRAT botnet C2 server (confidence level: 100%) | |
file62.164.177.104 | SectopRAT botnet C2 server (confidence level: 100%) | |
file89.110.122.152 | SectopRAT botnet C2 server (confidence level: 100%) | |
file103.177.46.40 | Meterpreter botnet C2 server (confidence level: 100%) | |
file199.101.111.98 | Meterpreter botnet C2 server (confidence level: 100%) | |
file3.82.249.160 | Meterpreter botnet C2 server (confidence level: 100%) | |
file44.211.123.84 | Meterpreter botnet C2 server (confidence level: 100%) | |
file51.68.244.77 | XWorm botnet C2 server (confidence level: 75%) | |
file158.94.208.102 | Unknown Stealer botnet C2 server (confidence level: 75%) | |
file193.233.175.123 | Unknown Stealer botnet C2 server (confidence level: 75%) | |
file192.210.239.172 | Unknown Loader botnet C2 server (confidence level: 75%) | |
file134.175.186.196 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.170.148.153 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.104.30.242 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file151.243.95.207 | Unknown malware botnet C2 server (confidence level: 100%) | |
file62.164.177.103 | SectopRAT botnet C2 server (confidence level: 100%) | |
file45.154.98.138 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file143.20.185.91 | Kaiji botnet C2 server (confidence level: 100%) | |
file103.177.47.27 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.47.51 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.46.11 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.47.25 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.47.42 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.47.22 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.46.108 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.47.68 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.47.23 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.46.12 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.47.28 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.46.91 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.47.21 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.46.8 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.46.22 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.46.78 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.46.95 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.46.28 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.47.48 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.47.37 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.47.32 | Meterpreter botnet C2 server (confidence level: 100%) | |
file20.195.41.174 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.107.6.209 | Unknown malware botnet C2 server (confidence level: 50%) | |
file154.12.50.119 | Unknown malware botnet C2 server (confidence level: 50%) | |
file192.227.217.229 | Remcos botnet C2 server (confidence level: 50%) | |
file195.20.17.33 | Sliver botnet C2 server (confidence level: 75%) | |
file219.246.21.240 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file219.246.21.241 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file95.216.181.100 | Vidar botnet C2 server (confidence level: 100%) | |
file116.202.3.184 | Vidar botnet C2 server (confidence level: 100%) | |
file78.47.123.242 | Vidar botnet C2 server (confidence level: 100%) | |
file95.217.240.117 | Vidar botnet C2 server (confidence level: 100%) | |
file95.217.242.95 | Vidar botnet C2 server (confidence level: 100%) | |
file95.217.25.244 | Vidar botnet C2 server (confidence level: 100%) | |
file46.224.107.187 | Vidar botnet C2 server (confidence level: 100%) | |
file65.109.242.86 | Vidar botnet C2 server (confidence level: 100%) | |
file91.124.149.231 | Vidar botnet C2 server (confidence level: 100%) | |
file95.216.176.2 | Vidar botnet C2 server (confidence level: 100%) | |
file46.224.48.142 | Vidar botnet C2 server (confidence level: 100%) | |
file86.54.42.138 | Vidar botnet C2 server (confidence level: 100%) | |
file95.217.28.117 | Vidar botnet C2 server (confidence level: 100%) | |
file95.216.177.27 | Vidar botnet C2 server (confidence level: 100%) | |
file95.217.242.205 | Vidar botnet C2 server (confidence level: 100%) | |
file95.217.25.1 | Vidar botnet C2 server (confidence level: 100%) | |
file65.109.241.240 | Vidar botnet C2 server (confidence level: 100%) | |
file95.217.241.248 | Vidar botnet C2 server (confidence level: 100%) | |
file91.107.252.37 | Vidar botnet C2 server (confidence level: 100%) | |
file157.90.147.67 | Vidar botnet C2 server (confidence level: 100%) | |
file91.124.149.229 | Vidar botnet C2 server (confidence level: 100%) | |
file38.147.170.55 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.147.170.55 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file162.19.205.184 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.88.186.199 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file23.95.106.22 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file77.3.217.7 | Unknown malware botnet C2 server (confidence level: 100%) | |
file14.103.142.173 | Unknown malware botnet C2 server (confidence level: 100%) | |
file8.211.156.87 | BianLian botnet C2 server (confidence level: 100%) | |
file47.83.182.65 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file144.34.182.81 | Sliver botnet C2 server (confidence level: 100%) | |
file178.18.255.229 | Sliver botnet C2 server (confidence level: 100%) | |
file143.198.176.156 | Unknown malware botnet C2 server (confidence level: 100%) | |
file206.71.149.162 | DCRat botnet C2 server (confidence level: 100%) | |
file54.249.141.45 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
file199.101.111.168 | Meterpreter botnet C2 server (confidence level: 100%) | |
file199.101.111.158 | Meterpreter botnet C2 server (confidence level: 100%) | |
file154.12.87.24 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file46.246.4.4 | Vjw0rm botnet C2 server (confidence level: 100%) | |
file8.138.214.65 | Meterpreter botnet C2 server (confidence level: 75%) | |
file94.154.35.61 | XWorm botnet C2 server (confidence level: 75%) | |
file144.31.196.39 | Mirai botnet C2 server (confidence level: 75%) | |
file194.36.190.59 | Mirai botnet C2 server (confidence level: 75%) | |
file77.239.120.250 | Mirai botnet C2 server (confidence level: 75%) | |
file144.31.196.10 | Mirai botnet C2 server (confidence level: 75%) | |
file45.67.56.129 | GobRAT botnet C2 server (confidence level: 100%) | |
file67.21.33.174 | Remcos botnet C2 server (confidence level: 100%) | |
file41.216.188.18 | Remcos botnet C2 server (confidence level: 100%) | |
file157.245.79.120 | Mirai botnet C2 server (confidence level: 75%) | |
file91.200.220.143 | Mirai botnet C2 server (confidence level: 75%) | |
file45.153.34.241 | Mirai botnet C2 server (confidence level: 75%) | |
file103.156.25.26 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file144.172.103.138 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file143.110.129.14 | Aisuru botnet C2 server (confidence level: 75%) | |
file101.126.11.79 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.126.11.79 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.235.174.6 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.105.200.188 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file115.190.58.252 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file144.31.3.210 | Remcos botnet C2 server (confidence level: 100%) | |
file62.164.177.105 | SectopRAT botnet C2 server (confidence level: 100%) | |
file62.164.177.105 | SectopRAT botnet C2 server (confidence level: 100%) | |
file102.117.166.101 | Unknown malware botnet C2 server (confidence level: 100%) | |
file1.52.214.174 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file141.8.199.207 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file44.210.142.192 | Meterpreter botnet C2 server (confidence level: 100%) | |
file13.222.150.53 | Meterpreter botnet C2 server (confidence level: 100%) | |
file196.75.22.74 | Meterpreter botnet C2 server (confidence level: 100%) | |
file162.141.92.172 | Mirai botnet C2 server (confidence level: 75%) | |
file87.229.95.2 | Mirai botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash5000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3778 | Mirai botnet C2 server (confidence level: 80%) | |
hash9812 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash9999 | Sliver botnet C2 server (confidence level: 100%) | |
hash9990 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash4321 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash43211 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash3000 | Unidentified macOS 001 (UnionCryptoTrader) botnet C2 server (confidence level: 75%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8080 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash15647 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash15647 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash47001 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash28131 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash682ea50cbac6d4c47858bccf7baa7b356d85265e | ValleyRAT payload (confidence level: 95%) | |
hashd08c07e7a8a7ffeb5e3e1ee417ec7b292f00a72920768915bf964efce66d2482 | ValleyRAT payload (confidence level: 95%) | |
hash5c8bea324b7bb8a41976cc0e4b6c2dad | ValleyRAT payload (confidence level: 95%) | |
hash457abbfc3fbca0a3e22cf1be695c94dc089236e6 | Vidar payload (confidence level: 95%) | |
hashc0fea10495f260c2343db21e874b691b594204773b84d5f50f8083e53810adfb | Vidar payload (confidence level: 95%) | |
hash847d65e755ad8d1dacc351b2e2a66ebd | Vidar payload (confidence level: 95%) | |
hash11e80251f14902a18b9b0786fd82f293760afa52 | NimGrabber payload (confidence level: 95%) | |
hash639e0c6a4c6a4864c73ed5836bc9578cb5272d94d0b133d73b339cfcf8eced5f | NimGrabber payload (confidence level: 95%) | |
hash22f04c393c9030f346c45ba75a73b6fc | NimGrabber payload (confidence level: 95%) | |
hash0299e1f0b09a2f30212ee5c12961ae343a7b6e8b | Quasar RAT payload (confidence level: 95%) | |
hashf7ca7837683a7514cd991e5a0ab8dc4b1b7542d537284e6a131bf176dc6c08e7 | Quasar RAT payload (confidence level: 95%) | |
hashd7f209c9a9742dccb2a09762dae861fa | Quasar RAT payload (confidence level: 95%) | |
hash137dc99853dd8dfd9761096f65c06d623e609909 | AsyncRAT payload (confidence level: 95%) | |
hash95dedfab4877fe261b682619b51bd94b400d536906709b153097bef5fd2b76a2 | AsyncRAT payload (confidence level: 95%) | |
hashc9df8aeb2bec09c26c75258dbf64b51b | AsyncRAT payload (confidence level: 95%) | |
hash607ec6db92d3657bc781313ac12e50e5286e212f | Owlproxy payload (confidence level: 95%) | |
hash199ec99e17d06bc96ca6171960d31657dcc7f2ef57ee9e26054331848ef331cc | Owlproxy payload (confidence level: 95%) | |
hash69c79d91868ee1b9f38c9a0dcbadd935 | Owlproxy payload (confidence level: 95%) | |
hash80b8e555707f18191205092a2bf430a4de4506bc | Quasar RAT payload (confidence level: 95%) | |
hash6e2fb508779859da86754cea3a2a4b15e90d0df1f9695422080611b54826dc08 | Quasar RAT payload (confidence level: 95%) | |
hash2fa95cff02b6b16349a15a4225a2f8af | Quasar RAT payload (confidence level: 95%) | |
hash4f1ebf9c9bdd24356d25b2569a660ce7b02ec207 | ValleyRAT payload (confidence level: 95%) | |
hash2b5cc5dedd93fd77ec4d8c28d26df606b16e6a5bdd3b88dd77be9e38f24a98b1 | ValleyRAT payload (confidence level: 95%) | |
hash19b066ed4fae241bf7e9f22bdf56f647 | ValleyRAT payload (confidence level: 95%) | |
hashfccc34685256bd739c27f580f1a70b3d6adad0c3 | Amadey payload (confidence level: 95%) | |
hash811471a5b0b641fb1f8e9e077f54f9f631022cb1f8372f2daca3323c7e7128d6 | Amadey payload (confidence level: 95%) | |
hashee1bc9874ec99137e07baab2f998886c | Amadey payload (confidence level: 95%) | |
hash4b6e01ee353db0166a7c30f487ba6c70a6a2ddac | QuantLoader payload (confidence level: 95%) | |
hash06ae81461f1131c74dff539cb34bf30fcfd884a56b120294e00785137937f1c3 | QuantLoader payload (confidence level: 95%) | |
hash1b6d1df27dc820ee833e545edb25e324 | QuantLoader payload (confidence level: 95%) | |
hash31fc10911f34c7dacd1db3f02fc62107d71f60c4 | XWorm payload (confidence level: 95%) | |
hash399b495b8e3088dd4e8ff8c2c2649d9cb154a1fcc2e8a26165869e307bcbe9b6 | XWorm payload (confidence level: 95%) | |
hash9bb57c2ab14025c856918021a0ef249b | XWorm payload (confidence level: 95%) | |
hashe138d10465c41a90e5a39a38d72089da488962cd | Cobalt Strike payload (confidence level: 95%) | |
hashffddc4f5595e677284025292315e3fcea6b4524e9007a60882f58630bc6535ca | Cobalt Strike payload (confidence level: 95%) | |
hash5b0d8d92cb6f8a37378a9c9a98994e3f | Cobalt Strike payload (confidence level: 95%) | |
hashd968977dfacbd9529d39ff35dc9399a28ac1e3e3 | CoffeeLoader payload (confidence level: 95%) | |
hash5c2458ab58bb10c023e9f88ed69d94c046501fce9e4181ea4a2e68ba458f07e4 | CoffeeLoader payload (confidence level: 95%) | |
hash68907d77e716313680c8bbc247b8e69d | CoffeeLoader payload (confidence level: 95%) | |
hash837141eb5f3316149830e48aaf343f8bd6301d07 | XWorm payload (confidence level: 95%) | |
hashf0220c88bb98dd407c19bc29a473457144e0f573a6beb4a78ca78b943367f61d | XWorm payload (confidence level: 95%) | |
hash0f40be79ea1a15b0632bfd006a2981ae | XWorm payload (confidence level: 95%) | |
hash935b13e683e9070305c9aa7f43bcbf348c6513c4 | SwaetRAT payload (confidence level: 95%) | |
hash22340b89f926ff263bd94dbf8966b71afb1bb6c5618ecb593bc1e7b4566ece1a | SwaetRAT payload (confidence level: 95%) | |
hasha6c041503e8a1c81f85805f341e74a22 | SwaetRAT payload (confidence level: 95%) | |
hash9c8b0505d89551c815ef01d9260f33b85b73c9bf | Quasar RAT payload (confidence level: 95%) | |
hash0985d2bd933aa5585e6454304a80ad2f32f8814d1d14add558038e033b482bdc | Quasar RAT payload (confidence level: 95%) | |
hash3818e48805ab0dc54caaadffa943ad35 | Quasar RAT payload (confidence level: 95%) | |
hash7684910b8cf71402d58fe2ae3f03b179eec4078c | Cobalt Strike payload (confidence level: 95%) | |
hash05c944314d0c39b3f389a6ed36b5adc5f2d8521b5a1d9a82d2f36ab1acbbce87 | Cobalt Strike payload (confidence level: 95%) | |
hash4e348eba565f9eb6f44ae698d23cb4b8 | Cobalt Strike payload (confidence level: 95%) | |
hash484e71482deec8fea0efda19f82de7575ef75e25 | XWorm payload (confidence level: 95%) | |
hash93134aade970be0e7e0e999a428bd326eb93f7dab054056024e973c231c14fc0 | XWorm payload (confidence level: 95%) | |
hash5875acc94c099b35807ee696039a10d4 | XWorm payload (confidence level: 95%) | |
hash2d3e9be7d533d4c39298a3e86670b2e3a75048a7 | DCRat payload (confidence level: 95%) | |
hash03857d6a38ed27137ca01a06458b89cf8e4a91282494879700738af1ac3dbd6a | DCRat payload (confidence level: 95%) | |
hashe64ee138457305a42952c5458dffb41f | DCRat payload (confidence level: 95%) | |
hash19c50f47b4bf659011a954e793853ae23e1b284e | Vidar payload (confidence level: 95%) | |
hashbf4582cfd40d7826e478f3bdd861e815b82f4c5953a5d5f70b9762de7e50f51a | Vidar payload (confidence level: 95%) | |
hashcb43f733b83699a4a8e65eea9430c47d | Vidar payload (confidence level: 95%) | |
hash2eb1f2a7a0f77c3c26489238e9cd1838592adbef | Havoc payload (confidence level: 95%) | |
hash17133fd671146d9cb9980c1e6e1798b75d84865f759d03203f010e1abcbbc977 | Havoc payload (confidence level: 95%) | |
hash94ca3ce24c18427f84ee0b590670735a | Havoc payload (confidence level: 95%) | |
hash6b6165a2b1c223f62bf62570fb095ddfa87e2f9c | Ghost RAT payload (confidence level: 95%) | |
hash5815e808c2b1aed48f52afa32f4203142c61aa9d3bed5fbe0e36a7b006d968e3 | Ghost RAT payload (confidence level: 95%) | |
hash3a8b08cf3a3f30d26869e8c8d40e96e6 | Ghost RAT payload (confidence level: 95%) | |
hash995e1179b42682030354017318a453e8c1c8d135 | poscardstealer payload (confidence level: 95%) | |
hash7e9d3236eb6c30eaba04f7480a3b00aa2d0c990e101d120c11325e6b4faacdf8 | poscardstealer payload (confidence level: 95%) | |
hashe9852c0cf42165ae949ba7b7745c2d0e | poscardstealer payload (confidence level: 95%) | |
hash778a54c02276713bd0c4458bb9c6f5e961c2b818 | poscardstealer payload (confidence level: 95%) | |
hashcf990c07f431feebbb06b928ee77b2882f7753c47f315fbdcdfbb6467c40eca3 | poscardstealer payload (confidence level: 95%) | |
hashc185148ae90b947e36bcea6a70a653bc | poscardstealer payload (confidence level: 95%) | |
hasha9cbe58a75f1fc9cfed96ebc03d6c31db81f36bf | Stealc payload (confidence level: 95%) | |
hashd80566e89d6392f8154b95c81a8fa02ada707d6883497c8a264a7d465b3da622 | Stealc payload (confidence level: 95%) | |
hash0b6d833a53f813296cd1d225ee9e0834 | Stealc payload (confidence level: 95%) | |
hashede9704d231f2950a65e272362c6f3cc82521e5c | Cobalt Strike payload (confidence level: 95%) | |
hash1c38e3cda8ac6d79d9da40834367697a209c6b07e6b3ab93b3a4f375b161a901 | Cobalt Strike payload (confidence level: 95%) | |
hash7002b9e747b3d92d6d52f291e911a7fc | Cobalt Strike payload (confidence level: 95%) | |
hashc7fc692b4650356566b33414924475176328bd93 | troystealer payload (confidence level: 95%) | |
hash14ed3878b6623c287283a8a80020f68e1cb6bfc37b236f33a95f3a64c4f4611f | troystealer payload (confidence level: 95%) | |
hash092864a16fff333b8a98b29eb0a06d6c | troystealer payload (confidence level: 95%) | |
hash626527138ef6fb83ef51fb67c68d01f27c176985 | DCRat payload (confidence level: 95%) | |
hash76123bdf89c69344ccbf5a7770d92c40d49adcde963a9546054aa783fb6b581d | DCRat payload (confidence level: 95%) | |
hash72b77e7a8de1016a13900301d60f780a | DCRat payload (confidence level: 95%) | |
hash83dfd6089a4dd48d0ff3f6fdda9318d35f2e802e | XWorm payload (confidence level: 95%) | |
hashc644ed1b336eeed612907a98494a73fe4b0179c8ee9336d98b2b2cf6818109c3 | XWorm payload (confidence level: 95%) | |
hash19bcd537467e603961fc6a1b7371ee97 | XWorm payload (confidence level: 95%) | |
hasha39acb11266c8a5d99a115d9201ae478ef82bc50 | XWorm payload (confidence level: 95%) | |
hash4f5c44f2ff5744910b23ba846a1cf3eddc95256aef8b4b1dbc5f02be3c3946fe | XWorm payload (confidence level: 95%) | |
hashf659eba25efc7657d10ea90674a909de | XWorm payload (confidence level: 95%) | |
hashc1f9b10bba80f309bbd6ccc9c9f6feefda38f530 | SalatStealer payload (confidence level: 95%) | |
hash7d29db1cb4bc0e3308106c93fa20f983b28c6ce9bc45af1e341f3c510469b593 | SalatStealer payload (confidence level: 95%) | |
hashcf652361ca2f17e91d077b083b566e20 | SalatStealer payload (confidence level: 95%) | |
hash0021263979729db7f5baab7c431dce730211a89cf7501a83eab43dd9f585cad5 | SalatStealer payload (confidence level: 95%) | |
hash133a7866f62290cc81d02349b0758e53 | SalatStealer payload (confidence level: 95%) | |
hash634a7306c5860aabb6c178722e7c8c4a5dd8bc6c | NjRAT payload (confidence level: 95%) | |
hashe4d13cb5c3dcb794f7464ae665fafa2390107672417b8203432a6646344e3895 | NjRAT payload (confidence level: 95%) | |
hash6159a711b535955d96695b3ece94acb4 | NjRAT payload (confidence level: 95%) | |
hashd6a64bfa135586b196df15b636da8eba19977c35 | AsyncRAT payload (confidence level: 95%) | |
hashe36f23a8fa59e0d256c28bb433e5e357fe43b5eb14651bc983ef9c043ed25cc2 | AsyncRAT payload (confidence level: 95%) | |
hashebdd73e4e7ca746e1ea6e8cccc4c0295 | AsyncRAT payload (confidence level: 95%) | |
hash52a717070c912085f64be346f1cd3ae04c6249f1 | Owlproxy payload (confidence level: 95%) | |
hash9ecafea587089db9e4c582d52154fdaffe11bfc9c3352c8e65badae8c94215ff | Owlproxy payload (confidence level: 95%) | |
hash5d7d14945cd43b8b43a6dfc9bc22af4e | Owlproxy payload (confidence level: 95%) | |
hash0908f979655926ed925cad2497df7974d426a892 | SalatStealer payload (confidence level: 95%) | |
hash55161713f2e89d48c6291a7213047de671b58b591f0487dc6795fab40f739de5 | SalatStealer payload (confidence level: 95%) | |
hashaaf0f26390a830eef3b8691d2a8e8917 | SalatStealer payload (confidence level: 95%) | |
hashd2b822bcddaf8e7349a7f9e8b14854c65f03ee8c | SalatStealer payload (confidence level: 95%) | |
hash0b7ebbb6e65892ff7434ef2cca5f60a8d0df8a8d0250ebd2dcde0d5af596f954 | SalatStealer payload (confidence level: 95%) | |
hashb0e6853cb1094abbaffda31e9924e406 | SalatStealer payload (confidence level: 95%) | |
hash44047c10795073aaf8e19c332c2d609afec2181d | Vjw0rm payload (confidence level: 95%) | |
hash90ea17ac6a4f81bec11e988df387eccf0f27d7ecd5bd486d009bed19028fa0da | Vjw0rm payload (confidence level: 95%) | |
hash0a20ebb879c141b3d3017af7ea3d2f0d | Vjw0rm payload (confidence level: 95%) | |
hash36ce73942c0206916b9eef2819a811f7befe4c8b | Cobalt Strike payload (confidence level: 95%) | |
hashfb49a3c2bf8466798f0346639a3d94a0829524afd365dda714eb42863e8502e5 | Cobalt Strike payload (confidence level: 95%) | |
hashcb6046c1f133f7842fe6ae419cab4eed | Cobalt Strike payload (confidence level: 95%) | |
hash0cc3526531b5aa30fb54fb8040dabd3e4fb52c1d | Cobalt Strike payload (confidence level: 95%) | |
hash330cde21f8324b44a2ec6f0471b5a790f1216423f91bd67c8b2fe80ed0d4bcd5 | Cobalt Strike payload (confidence level: 95%) | |
hash53d56b94a54f454043605351b7aa4b34 | Cobalt Strike payload (confidence level: 95%) | |
hash349d06aa67b8e886e1bb56f4c9e659f307e8643b | Stealc payload (confidence level: 95%) | |
hash9c2a2efdab4195801905c2f9224099f9a017075e773c9660e56bed3fad08b23e | Stealc payload (confidence level: 95%) | |
hashd9de836e645c40db5576d7334976fd8a | Stealc payload (confidence level: 95%) | |
hashfee7abb1a26814098f4188b599387df811518770 | Vidar payload (confidence level: 95%) | |
hash7be46bf5d6f94592f1a62e1943b5127a9e6c664729ba509c3e286d01270f2325 | Vidar payload (confidence level: 95%) | |
hashe59d08c96d9491b4a8cf07d0957e669c | Vidar payload (confidence level: 95%) | |
hash54e18a136258439ebb87b59b8b37be0d3d018dbd | Masad Stealer payload (confidence level: 95%) | |
hashc39f4a82642778198c30e8f2c06a70df627c558f159ce9fcfff0f5005e8efb0f | Masad Stealer payload (confidence level: 95%) | |
hashf9f30c5f8521cb2618ccb31960c1b598 | Masad Stealer payload (confidence level: 95%) | |
hash14129838382a816b9ac391af20a77a3289322a0a | Quasar RAT payload (confidence level: 95%) | |
hash9dcf7893b4c18e6d1ed5554231b57937226adc8c3be8c389b715454fe75b6ab6 | Quasar RAT payload (confidence level: 95%) | |
hash0fe7e69bc6f4b0223f27656c4eb6edcb | Quasar RAT payload (confidence level: 95%) | |
hashf22a314b94e5cb46e0a4b3c68689c82b39d6c4d3 | ZStealer payload (confidence level: 95%) | |
hash64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a | ZStealer payload (confidence level: 95%) | |
hash22efca03c72a9138012abccf517d42e0 | ZStealer payload (confidence level: 95%) | |
hashfce06d3e352a3ff1efe89af63b371540d9c4dcbd | ValleyRAT payload (confidence level: 95%) | |
hash7a804c51be230074557baa34d0b53f6c0ee6e76271fceef6b96f4c7646fba934 | ValleyRAT payload (confidence level: 95%) | |
hash1a55fc085063b6e48f6ecd6867f9c139 | ValleyRAT payload (confidence level: 95%) | |
hash4632df0d75ab4198a64ea7b80c77ab65604f2604 | GCleaner payload (confidence level: 95%) | |
hash538073d6951e80cee6cd2606ab90f6f5bb1a67cc16b2bacb0b712fd3ef010f42 | GCleaner payload (confidence level: 95%) | |
hash01a043167c5f956665ee333d08a71226 | GCleaner payload (confidence level: 95%) | |
hash5463aeaa7ba053df9bce2124e156e003c346c089 | XWorm payload (confidence level: 95%) | |
hashc0476477dac02df42dab7a04921988fecdda0652f5d40dd420c0e07b53665d96 | XWorm payload (confidence level: 95%) | |
hashc97a4714e38aa7f36e38735972d5ea23 | XWorm payload (confidence level: 95%) | |
hash478466346e981c958e0385b6b21e1ed3cbcf558d | XWorm payload (confidence level: 95%) | |
hash656bcff52518bd53ae865533a6cd7188372ed4766a1c27c6dfacd7d363af8b52 | XWorm payload (confidence level: 95%) | |
hash88ba15506ae497efd8995b5971a91ef3 | XWorm payload (confidence level: 95%) | |
hash7032 | XWorm botnet C2 server (confidence level: 75%) | |
hash80 | Unknown Stealer botnet C2 server (confidence level: 75%) | |
hash1488 | Unknown Stealer botnet C2 server (confidence level: 75%) | |
hash2219 | Unknown Loader botnet C2 server (confidence level: 75%) | |
hash31303 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6666 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash808 | Kaiji botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5000 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash4888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash21722 | Remcos botnet C2 server (confidence level: 50%) | |
hash443 | Sliver botnet C2 server (confidence level: 75%) | |
hash8860 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8860 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash35490 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8090 | BianLian botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8001 | Sliver botnet C2 server (confidence level: 100%) | |
hash8089 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8090 | DCRat botnet C2 server (confidence level: 100%) | |
hash80 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash800 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash7076 | Vjw0rm botnet C2 server (confidence level: 100%) | |
hash8080 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash6000 | XWorm botnet C2 server (confidence level: 75%) | |
hash8443 | Mirai botnet C2 server (confidence level: 75%) | |
hash8443 | Mirai botnet C2 server (confidence level: 75%) | |
hash8443 | Mirai botnet C2 server (confidence level: 75%) | |
hash8443 | Mirai botnet C2 server (confidence level: 75%) | |
hash169e6b98a8d3a011105f9962c01c8e52fd42c53ece11e81d9b22407f522aeada | Unknown RAT payload (confidence level: 100%) | |
hash18888 | GobRAT botnet C2 server (confidence level: 100%) | |
hash443 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash39691 | Mirai botnet C2 server (confidence level: 75%) | |
hash101 | Mirai botnet C2 server (confidence level: 75%) | |
hash3778 | Mirai botnet C2 server (confidence level: 75%) | |
hash443 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8443 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9878 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Remcos botnet C2 server (confidence level: 100%) | |
hash15647 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4444 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash8273 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash2222 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash8443 | Mirai botnet C2 server (confidence level: 75%) | |
hash8443 | Mirai botnet C2 server (confidence level: 75%) |
Threat ID: 6940a486d9bcdf3f3d0c54db
Added to database: 12/16/2025, 12:15:02 AM
Last enriched: 12/16/2025, 12:30:21 AM
Last updated: 12/16/2025, 10:11:44 AM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components
MediumMalwareTue Dec 16 2025
Kunai Analysis Report - Malware Sample Abusing Open Recursive DNS for Exfiltration
MediumMalwareMon Dec 15 2025
Frogblight banking Trojan targets Android users in Turkey
MediumMalwareMon Dec 15 2025
Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery
MediumMalwareMon Dec 15 2025
Hamas Linked Hackers Using AshTag Malware Against Diplomatic Offices
MediumMalwareMon Dec 15 2025
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.