Reconnecting to live updates…

ThreatFox IOCs for 2025-12-24

Severity: mediumType: malware

AI Analysis

Technical Summary

The provided information pertains to a ThreatFox IOC feed entry dated December 24, 2025, classified as malware-related with emphasis on OSINT, network activity, and payload delivery. ThreatFox is a platform that aggregates Indicators of Compromise to aid cybersecurity professionals in identifying and mitigating threats. This particular entry does not specify affected software versions or products, indicating it is a general intelligence update rather than a vulnerability targeting a specific system. The severity is marked as medium, reflecting moderate concern without immediate critical risk. No patches or known exploits are associated with this threat, suggesting it is either emerging or primarily informational. The technical details include a threat level of 2 (on an unspecified scale), analysis level 1, and distribution level 3, implying moderate dissemination but limited analysis depth. The absence of concrete indicators or CWEs limits the ability to perform detailed technical correlation or attribution. The category tags highlight the threat's relevance to OSINT gathering, network activity monitoring, and payload delivery mechanisms, which are common vectors in malware campaigns. This entry likely serves as a reference for security teams to update detection rules and enhance situational awareness rather than signaling an active, exploitable vulnerability. The lack of authentication or user interaction requirements is not explicitly stated but can be inferred as unknown due to missing details. Overall, this threat intelligence feed entry is a medium-severity alert intended to inform defenders about potential malicious network behaviors and payload delivery tactics observed or anticipated in the near future.

Potential Impact

For European organizations, the impact of this threat is currently limited due to the absence of known exploits and specific affected products. However, the presence of OSINT-related malware indicators and payload delivery mechanisms suggests a potential risk of targeted network intrusions or malware infections if these IOCs correspond to active campaigns. Organizations relying heavily on networked infrastructure and digital services could face confidentiality and integrity risks if attackers leverage these indicators to craft attacks. The medium severity rating implies that while immediate disruption or data loss is unlikely, failure to incorporate this intelligence into detection systems could result in delayed response to emerging threats. European entities involved in critical infrastructure, finance, or government sectors should be particularly vigilant, as attackers often use OSINT and network activity analysis to tailor payload delivery for maximum impact. The lack of patches or mitigation specifics means organizations must rely on proactive monitoring and threat hunting to minimize exposure. Overall, the threat represents a moderate intelligence update that could help prevent future incidents if properly integrated into security operations.

Mitigation Recommendations

European organizations should integrate the ThreatFox IOC feed into their existing security information and event management (SIEM) and intrusion detection/prevention systems (IDS/IPS) to enhance detection capabilities for network activity and payload delivery patterns associated with this threat. Conduct regular threat hunting exercises focusing on network traffic anomalies and suspicious payloads that match the behavioral patterns indicated by the OSINT category. Employ advanced endpoint detection and response (EDR) tools to identify and isolate potential malware infections early. Update firewall and proxy rules to block known malicious IP addresses and domains once indicators become available. Enhance employee awareness training to recognize phishing or social engineering attempts that could facilitate payload delivery. Collaborate with national and European cybersecurity centers (e.g., ENISA) to share intelligence and receive timely updates on evolving threats. Since no patches are available, emphasize network segmentation and least privilege principles to limit lateral movement if an infection occurs. Finally, maintain up-to-date backups and incident response plans to ensure rapid recovery from potential malware incidents.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain

Indicators of Compromise

file: 146.103.104.211
hash: 80
domain: 78win88.co.com
domain: ersel33640.freedynamicdns.org
domain: ojxqy.sa.com
domain: remont-center.ru.com
file: 45.32.211.159
hash: 51515
file: 47.96.75.57
hash: 8081
file: 47.76.53.145
hash: 80
url: https://google-drive.co/
file: 216.40.86.158
hash: 443
file: 38.12.24.231
hash: 31337
file: 34.209.232.97
hash: 443
file: 93.188.161.183
hash: 8443
file: 185.189.58.205
hash: 3334
file: 3.239.159.127
hash: 8000
file: 223.76.218.105
hash: 9205
file: 4.204.41.19
hash: 443
file: 51.79.8.122
hash: 80
file: 13.42.44.255
hash: 80
file: 178.130.46.8
hash: 8443
file: 165.232.103.161
hash: 8080
file: 193.201.82.147
hash: 666
file: 185.39.19.41
hash: 9000
file: 45.61.157.210
hash: 371
file: 86.38.225.228
hash: 5555
file: 199.101.111.81
hash: 3790
domain: camerica.co.com
domain: ib-boq.co.com
domain: visionsfederalcredit.co.com
domain: stifelwealth.co.com
domain: trustonefinancial.co.com
domain: uwcreditunion.co.com
domain: midfloridacreditunion.co.com
domain: firsthorizonbank.co.com
domain: robinsfinancialcredit.co.com
domain: u0b.rainst0ne.ru
domain: g0nd9.rainst0ne.ru
domain: a5.bluecl1ff.ru
domain: y36.bluecl1ff.ru
domain: dpou.bluecl1ff.ru
domain: tmp.bluecl1ff.ru
domain: 9c.bluecl1ff.ru
domain: lm.softcl0ud.ru
domain: 3get.softcl0ud.ru
domain: fhu9.softcl0ud.ru
domain: lurn.softcl0ud.ru
domain: ts.softcl0ud.ru
domain: soft.windm1nd.ru
domain: df999-20.com
domain: mq.windm1nd.ru
domain: ejsdi.windm1nd.ru
domain: hf.windm1nd.ru
domain: link.windm1nd.ru
file: 213.202.211.46
hash: 420
domain: sag1.cl0udtrace.ru
domain: vl.cl0udtrace.ru
domain: b7.cl0udtrace.ru
domain: 6us.cl0udtrace.ru
domain: 33.cl0udtrace.ru
file: 124.156.113.135
hash: 53
domain: dalmex.circu1arc0pna.ru
file: 23.254.202.119
hash: 443
file: 23.254.202.119
hash: 80
domain: vorqen.circu1arc0pna.ru
domain: tizruk.circu1arc0pna.ru
domain: meflar.circu1arc0pna.ru
domain: sub9ek.circu1arc0pna.ru
domain: haxlim.bo0ndc0pe.ru
domain: breq2o.bo0ndc0pe.ru
domain: jomvet.bo0ndc0pe.ru
file: 202.162.99.237
hash: 80
file: 202.162.99.237
hash: 443
file: 81.136.59.212
hash: 1339
file: 91.214.78.207
hash: 2404
file: 23.146.242.68
hash: 2404
file: 82.202.131.62
hash: 443
file: 174.138.68.143
hash: 8808
file: 82.66.212.109
hash: 24782
domain: atlanta.testingweblink.com
file: 89.116.21.175
hash: 443
file: 46.246.6.11
hash: 4444
file: 94.154.35.160
hash: 7777
file: 130.164.190.126
hash: 443
file: 216.126.227.140
hash: 7443
file: 85.192.20.23
hash: 8080
file: 35.222.31.3
hash: 80
file: 44.203.143.66
hash: 2181
file: 34.229.7.72
hash: 22622
file: 54.210.239.109
hash: 6003
file: 54.210.239.109
hash: 19953
file: 54.179.224.147
hash: 443
domain: culdar.bo0ndc0pe.ru
domain: wizfem.bo0ndc0pe.ru
domain: folmir.gethun8le2r.ru
domain: teqvax.gethun8le2r.ru
domain: murd1n.gethun8le2r.ru
domain: velgor.gethun8le2r.ru
domain: pixhun.gethun8le2r.ru
domain: slanef.r1dsheet5et.ru
domain: qerdit.r1dsheet5et.ru
domain: loxme7.r1dsheet5et.ru
domain: pufnar.r1dsheet5et.ru
domain: tivsek.r1dsheet5et.ru
domain: grylox.f1ysynchr0n.ru
domain: hepm1r.f1ysynchr0n.ru
domain: valcyn.f1ysynchr0n.ru
domain: jostiq.f1ysynchr0n.ru
domain: mufden.f1ysynchr0n.ru
domain: darmiq.a8riculmarb1e.ru
domain: levhun.a8riculmarb1e.ru
domain: pruxol.a8riculmarb1e.ru
domain: tam8re.a8riculmarb1e.ru
domain: sivqen.a8riculmarb1e.ru
domain: andredorethrenody.com
domain: wirgol.lobo8rnerf1.ru
domain: hudrex.lobo8rnerf1.ru
domain: zong.elpaies.info
domain: xuang.elpaies.info
domain: solbam.lobo8rnerf1.ru
domain: jiv8ro.lobo8rnerf1.ru
file: 217.60.6.187
hash: 443
file: 117.72.98.242
hash: 80
domain: kenfyl.lobo8rnerf1.ru
file: 91.198.77.184
hash: 443
file: 87.121.72.223
hash: 8443
file: 47.237.15.69
hash: 3389
file: 45.227.254.14
hash: 9000
file: 13.50.231.171
hash: 80
file: 44.200.11.23
hash: 80
file: 174.142.195.203
hash: 443
domain: fexmor.gig8lere1y.ru
domain: vulgan.gig8lere1y.ru
domain: obsidiangate.space
domain: focusgroovy.com
hash: 173ff5ede7c28163ceaa9440de8a02cef26295f8be06b6b0f90b0a4284471bc2
hash: b591bfbab57cc69ce985fbc426002ef00826605257de0547f20ebcfecc3724c2
url: https://focusgroovy.com/dynamic
url: https://focusgroovy.com/gate
domain: qimle8.gig8lere1y.ru
domain: harbit.gig8lere1y.ru
domain: zodrey.gig8lere1y.ru
file: 1.161.70.15
hash: 443
file: 144.172.100.195
hash: 443
file: 175.29.22.97
hash: 15202
file: 34.254.143.111
hash: 443
file: 38.12.24.231
hash: 8888
domain: parvux.ar5hinas5ist.ru
domain: tilgor.ar5hinas5ist.ru
domain: zem5iq.ar5hinas5ist.ru
domain: hunled.ar5hinas5ist.ru
domain: boxram.ar5hinas5ist.ru
domain: juqmal.pa1mi5trythat.ru
domain: ser1up.pa1mi5trythat.ru
domain: tivran.pa1mi5trythat.ru
domain: wolpek.pa1mi5trythat.ru
domain: hez3it.pa1mi5trythat.ru
domain: mavlun.luz7it5tretch.ru
domain: qerfo7.luz7it5tretch.ru
domain: dibrax.luz7it5tretch.ru
domain: tolcem.luz7it5tretch.ru
file: 27.124.44.189
hash: 6668
file: 198.176.62.92
hash: 1688
domain: suvnit.luz7it5tretch.ru
domain: vexlun.imp2ctto1st.ru
domain: morqel.imp2ctto1st.ru
file: 165.22.48.119
hash: 4444
file: 4.216.218.82
hash: 7443
file: 34.176.142.248
hash: 80
file: 34.176.142.248
hash: 443
file: 148.230.92.33
hash: 8080
file: 52.47.144.48
hash: 443
file: 85.214.166.110
hash: 3333
file: 143.198.141.253
hash: 3333
file: 107.173.125.192
hash: 443
domain: tarfyn.imp2ctto1st.ru
domain: hilvex.imp2ctto1st.ru
hash: d984a2e72701f746d4df048ac94aa6fcf98b842a311be42e0cacc335df88cba1
domain: jubran.imp2ctto1st.ru
file: 39.98.58.80
hash: 7777
file: 45.251.240.244
hash: 8111
file: 198.46.216.194
hash: 4433
file: 23.165.200.15
hash: 85
domain: florix.fl0rinf2t.ru
domain: velmar.fl0rinf2t.ru
domain: sundel.fl0rinf2t.ru
domain: carmin.fl0rinf2t.ru
file: 191.107.84.131
hash: 5060
file: 195.24.237.124
hash: 2404
file: 129.204.230.213
hash: 8000
file: 174.129.146.138
hash: 28075
file: 178.200.40.93
hash: 4444
file: 199.101.111.124
hash: 3790
file: 44.200.11.23
hash: 443
file: 184.73.130.151
hash: 80
domain: hylvet.fl0rinf2t.ru
domain: orvex0.0rav2uterus.ru
domain: taldor.0rav2uterus.ru
domain: musrin.0rav2uterus.ru
domain: pelqen.0rav2uterus.ru
file: 151.247.219.188
hash: 7771
domain: durmal.0rav2uterus.ru
domain: arblyn.ar2ble0ffend.ru
domain: domaingroup.eu.cc
domain: helpremote.cc
file: 193.29.58.30
hash: 443
file: 193.29.58.61
hash: 443
file: 216.126.227.250
hash: 443
domain: tolmec.ar2ble0ffend.ru
url: http://45.134.49.30:8888/supershell/login/
domain: sevran.ar2ble0ffend.ru
file: 192.210.186.207
hash: 62520
domain: morkel.ar2ble0ffend.ru
domain: hivlot.ar2ble0ffend.ru
domain: blugra.b1uegras5hia.ru
domain: sarvim.b1uegras5hia.ru
domain: norlun.b1uegras5hia.ru
domain: terval.b1uegras5hia.ru
domain: myqros.b1uegras5hia.ru
url: https://hermisron.com/agent?token=c98348aa5479df05dae407a4c8771f66ff1f8f0708357037
domain: hermisron.com
domain: instel.insti8sc2tter.ru
domain: vargom.insti8sc2tter.ru
domain: hulmet.insti8sc2tter.ru
domain: qerlan.insti8sc2tter.ru
domain: dubrix.insti8sc2tter.ru
domain: cladyn.cl2ddstr1ve.ru
domain: sevqor.cl2ddstr1ve.ru
domain: murlak.cl2ddstr1ve.ru
domain: jotvel.cl2ddstr1ve.ru
domain: hibrax.cl2ddstr1ve.ru
url: https://mipisesho.top/router/callback-fetch.js
domain: mipisesho.top
url: https://mipisesho.top/router/public-client.php
url: https://mipisesho.top/router/api-dom.js
url: http://193.42.38.178/auth
url: https://shellnescarlett.com/auth
domain: dorven.d0orh0bbit.ru
domain: harqel.d0orh0bbit.ru
domain: fumtis.d0orh0bbit.ru
domain: wexlom.d0orh0bbit.ru
domain: beliefpicture.xyz
file: 134.209.22.74
hash: 8001
file: 188.166.22.169
hash: 8001
file: 104.236.220.23
hash: 8001
file: 24.199.86.99
hash: 8001
file: 46.101.38.94
hash: 8001
file: 188.166.80.209
hash: 8001
file: 134.209.123.74
hash: 8001
file: 159.223.12.47
hash: 8001
file: 138.68.148.170
hash: 8001
file: 159.203.99.218
hash: 8001
file: 104.248.162.141
hash: 8001
file: 157.230.216.0
hash: 8001
file: 138.68.191.203
hash: 8001
file: 152.42.133.61
hash: 8001
file: 206.189.201.2
hash: 8001
file: 159.65.206.134
hash: 8001
file: 165.22.204.167
hash: 8001
domain: garlip.d0orh0bbit.ru
file: 188.166.172.127
hash: 8001
file: 157.245.34.98
hash: 8001
file: 192.241.151.72
hash: 8001
file: 167.99.40.241
hash: 8001
domain: marqen.mar8arstr2t.ru
domain: solfyt.mar8arstr2t.ru
domain: tevlor.mar8arstr2t.ru
domain: jubvik.mar8arstr2t.ru
domain: hylmos.mar8arstr2t.ru
file: 47.92.110.59
hash: 23456
file: 172.245.209.160
hash: 34312
file: 101.108.77.92
hash: 7443
file: 146.103.121.226
hash: 3790
domain: spectra.uaenorth.cloudapp.azure.com
file: 185.214.192.4
hash: 80
file: 185.214.192.4
hash: 443
file: 184.73.130.151
hash: 443
domain: shadow.knurlpocket.ru
domain: mortar.knurlpocket.ru
domain: 1zqf.knurlpocket.ru
file: 82.114.2.139
hash: 22
domain: oq808.knurlpocket.ru
domain: pt6vy.knurlpocket.ru
domain: cp109.sn1pcradle.ru
domain: 0p.sn1pcradle.ru
domain: ember.sn1pcradle.ru
domain: gamma.sn1pcradle.ru
domain: quirk.sn1pcradle.ru
domain: pyz.qu1rkbasin.ru
domain: shift.qu1rkbasin.ru
domain: amber.qu1rkbasin.ru
domain: t21vc.qu1rkbasin.ru
domain: d72.qu1rkbasin.ru
domain: weird.v-0-xenridge.ru
domain: 3cnui.v-0-xenridge.ru
file: 206.238.42.178
hash: 5050
domain: ghost4senator.duckdns.org
domain: trace.v-0-xenridge.ru
domain: wq.v-0-xenridge.ru
domain: loop.v-0-xenridge.ru
domain: bracket.v0xenridge.ru
domain: mdt.v0xenridge.ru
url: http://bobrecurwarmumsworms.com:8080/updater?for=5120d3fedd36eac912db54c863ce59bb
domain: nova.v0xenridge.ru
domain: ripple.v0xenridge.ru
domain: oul.v0xenridge.ru
domain: flow.knurl-pocket.ru
file: 120.232.55.107
hash: 10250
file: 18.254.102.157
hash: 443
domain: jinx.knurl-pocket.ru
domain: alpha.knurl-pocket.ru
domain: pocket.knurl-pocket.ru
domain: l9o.knurl-pocket.ru
domain: 5x80a.amberflint.ru
domain: ua4ch.amberflint.ru
domain: basin.amberflint.ru
domain: 63.amberflint.ru
domain: zigzag.amberflint.ru
domain: pixel.amber-flint.ru
domain: odd.amber-flint.ru
domain: kno.amber-flint.ru
domain: content.sentihey.dedyn.io
domain: drive.sentihey.dedyn.io
file: 158.94.210.44
hash: 8000
file: 50.87.234.26
hash: 443
file: 52.40.97.75
hash: 80
file: 52.40.97.75
hash: 443
domain: nccf0.amber-flint.ru
domain: jr33x.amber-flint.ru
domain: lv2.fl0wmortar.ru
domain: patch.fl0wmortar.ru
domain: sf.fl0wmortar.ru
domain: knurl.fl0wmortar.ru
domain: cradle.fl0wmortar.ru
domain: oaq.t0ppleseed.ru
domain: g4tb.t0ppleseed.ru
domain: ridge.t0ppleseed.ru
domain: zx7d.t0ppleseed.ru
domain: y9z9.t0ppleseed.ru
domain: seed.j1nxbuckle.ru
file: 106.250.166.45
hash: 5712
domain: vh.j1nxbuckle.ru
domain: 2b3n1.j1nxbuckle.ru
domain: snip.j1nxbuckle.ru
domain: warp.j1nxbuckle.ru
domain: tt.hush-zigzag.ru
domain: hush.hush-zigzag.ru
domain: d3k.hush-zigzag.ru
domain: glitch.hush-zigzag.ru
domain: hgd7l.hush-zigzag.ru
domain: spark.hushzigzag.ru
domain: 8nf25.hushzigzag.ru
domain: beta.hushzigzag.ru
domain: v21nv.hushzigzag.ru
domain: bwp.hushzigzag.ru

ThreatFox IOCs for 2025-12-24

Severity: medium

Type: malware

ThreatFox IOCs for 2025-12-24

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain

Indicators of Compromise

file: 146.103.104.211
hash: 80
domain: 78win88.co.com
domain: ersel33640.freedynamicdns.org
domain: ojxqy.sa.com
domain: remont-center.ru.com
file: 45.32.211.159
hash: 51515
file: 47.96.75.57
hash: 8081
file: 47.76.53.145
hash: 80
url: https://google-drive.co/
file: 216.40.86.158
hash: 443
file: 38.12.24.231
hash: 31337
file: 34.209.232.97
hash: 443
file: 93.188.161.183
hash: 8443
file: 185.189.58.205
hash: 3334
file: 3.239.159.127
hash: 8000
file: 223.76.218.105
hash: 9205
file: 4.204.41.19
hash: 443
file: 51.79.8.122
hash: 80
file: 13.42.44.255
hash: 80
file: 178.130.46.8
hash: 8443
file: 165.232.103.161
hash: 8080
file: 193.201.82.147
hash: 666
file: 185.39.19.41
hash: 9000
file: 45.61.157.210
hash: 371
file: 86.38.225.228
hash: 5555
file: 199.101.111.81
hash: 3790
domain: camerica.co.com
domain: ib-boq.co.com
domain: visionsfederalcredit.co.com
domain: stifelwealth.co.com
domain: trustonefinancial.co.com
domain: uwcreditunion.co.com
domain: midfloridacreditunion.co.com
domain: firsthorizonbank.co.com
domain: robinsfinancialcredit.co.com
domain: u0b.rainst0ne.ru
domain: g0nd9.rainst0ne.ru
domain: a5.bluecl1ff.ru
domain: y36.bluecl1ff.ru
domain: dpou.bluecl1ff.ru
domain: tmp.bluecl1ff.ru
domain: 9c.bluecl1ff.ru
domain: lm.softcl0ud.ru
domain: 3get.softcl0ud.ru
domain: fhu9.softcl0ud.ru
domain: lurn.softcl0ud.ru
domain: ts.softcl0ud.ru
domain: soft.windm1nd.ru
domain: df999-20.com
domain: mq.windm1nd.ru
domain: ejsdi.windm1nd.ru
domain: hf.windm1nd.ru
domain: link.windm1nd.ru
file: 213.202.211.46
hash: 420
domain: sag1.cl0udtrace.ru
domain: vl.cl0udtrace.ru
domain: b7.cl0udtrace.ru
domain: 6us.cl0udtrace.ru
domain: 33.cl0udtrace.ru
file: 124.156.113.135
hash: 53
domain: dalmex.circu1arc0pna.ru
file: 23.254.202.119
hash: 443
file: 23.254.202.119
hash: 80
domain: vorqen.circu1arc0pna.ru
domain: tizruk.circu1arc0pna.ru
domain: meflar.circu1arc0pna.ru
domain: sub9ek.circu1arc0pna.ru
domain: haxlim.bo0ndc0pe.ru
domain: breq2o.bo0ndc0pe.ru
domain: jomvet.bo0ndc0pe.ru
file: 202.162.99.237
hash: 80
file: 202.162.99.237
hash: 443
file: 81.136.59.212
hash: 1339
file: 91.214.78.207
hash: 2404
file: 23.146.242.68
hash: 2404
file: 82.202.131.62
hash: 443
file: 174.138.68.143
hash: 8808
file: 82.66.212.109
hash: 24782
domain: atlanta.testingweblink.com
file: 89.116.21.175
hash: 443
file: 46.246.6.11
hash: 4444
file: 94.154.35.160
hash: 7777
file: 130.164.190.126
hash: 443
file: 216.126.227.140
hash: 7443
file: 85.192.20.23
hash: 8080
file: 35.222.31.3
hash: 80
file: 44.203.143.66
hash: 2181
file: 34.229.7.72
hash: 22622
file: 54.210.239.109
hash: 6003
file: 54.210.239.109
hash: 19953
file: 54.179.224.147
hash: 443
domain: culdar.bo0ndc0pe.ru
domain: wizfem.bo0ndc0pe.ru
domain: folmir.gethun8le2r.ru
domain: teqvax.gethun8le2r.ru
domain: murd1n.gethun8le2r.ru
domain: velgor.gethun8le2r.ru
domain: pixhun.gethun8le2r.ru
domain: slanef.r1dsheet5et.ru
domain: qerdit.r1dsheet5et.ru
domain: loxme7.r1dsheet5et.ru
domain: pufnar.r1dsheet5et.ru
domain: tivsek.r1dsheet5et.ru
domain: grylox.f1ysynchr0n.ru
domain: hepm1r.f1ysynchr0n.ru
domain: valcyn.f1ysynchr0n.ru
domain: jostiq.f1ysynchr0n.ru
domain: mufden.f1ysynchr0n.ru
domain: darmiq.a8riculmarb1e.ru
domain: levhun.a8riculmarb1e.ru
domain: pruxol.a8riculmarb1e.ru
domain: tam8re.a8riculmarb1e.ru
domain: sivqen.a8riculmarb1e.ru
domain: andredorethrenody.com
domain: wirgol.lobo8rnerf1.ru
domain: hudrex.lobo8rnerf1.ru
domain: zong.elpaies.info
domain: xuang.elpaies.info
domain: solbam.lobo8rnerf1.ru
domain: jiv8ro.lobo8rnerf1.ru
file: 217.60.6.187
hash: 443
file: 117.72.98.242
hash: 80
domain: kenfyl.lobo8rnerf1.ru
file: 91.198.77.184
hash: 443
file: 87.121.72.223
hash: 8443
file: 47.237.15.69
hash: 3389
file: 45.227.254.14
hash: 9000
file: 13.50.231.171
hash: 80
file: 44.200.11.23
hash: 80
file: 174.142.195.203
hash: 443
domain: fexmor.gig8lere1y.ru
domain: vulgan.gig8lere1y.ru
domain: obsidiangate.space
domain: focusgroovy.com
hash: 173ff5ede7c28163ceaa9440de8a02cef26295f8be06b6b0f90b0a4284471bc2
hash: b591bfbab57cc69ce985fbc426002ef00826605257de0547f20ebcfecc3724c2
url: https://focusgroovy.com/dynamic
url: https://focusgroovy.com/gate
domain: qimle8.gig8lere1y.ru
domain: harbit.gig8lere1y.ru
domain: zodrey.gig8lere1y.ru
file: 1.161.70.15
hash: 443
file: 144.172.100.195
hash: 443
file: 175.29.22.97
hash: 15202
file: 34.254.143.111
hash: 443
file: 38.12.24.231
hash: 8888
domain: parvux.ar5hinas5ist.ru
domain: tilgor.ar5hinas5ist.ru
domain: zem5iq.ar5hinas5ist.ru
domain: hunled.ar5hinas5ist.ru
domain: boxram.ar5hinas5ist.ru
domain: juqmal.pa1mi5trythat.ru
domain: ser1up.pa1mi5trythat.ru
domain: tivran.pa1mi5trythat.ru
domain: wolpek.pa1mi5trythat.ru
domain: hez3it.pa1mi5trythat.ru
domain: mavlun.luz7it5tretch.ru
domain: qerfo7.luz7it5tretch.ru
domain: dibrax.luz7it5tretch.ru
domain: tolcem.luz7it5tretch.ru
file: 27.124.44.189
hash: 6668
file: 198.176.62.92
hash: 1688
domain: suvnit.luz7it5tretch.ru
domain: vexlun.imp2ctto1st.ru
domain: morqel.imp2ctto1st.ru
file: 165.22.48.119
hash: 4444
file: 4.216.218.82
hash: 7443
file: 34.176.142.248
hash: 80
file: 34.176.142.248
hash: 443
file: 148.230.92.33
hash: 8080
file: 52.47.144.48
hash: 443
file: 85.214.166.110
hash: 3333
file: 143.198.141.253
hash: 3333
file: 107.173.125.192
hash: 443
domain: tarfyn.imp2ctto1st.ru
domain: hilvex.imp2ctto1st.ru
hash: d984a2e72701f746d4df048ac94aa6fcf98b842a311be42e0cacc335df88cba1
domain: jubran.imp2ctto1st.ru
file: 39.98.58.80
hash: 7777
file: 45.251.240.244
hash: 8111
file: 198.46.216.194
hash: 4433
file: 23.165.200.15
hash: 85
domain: florix.fl0rinf2t.ru
domain: velmar.fl0rinf2t.ru
domain: sundel.fl0rinf2t.ru
domain: carmin.fl0rinf2t.ru
file: 191.107.84.131
hash: 5060
file: 195.24.237.124
hash: 2404
file: 129.204.230.213
hash: 8000
file: 174.129.146.138
hash: 28075
file: 178.200.40.93
hash: 4444
file: 199.101.111.124
hash: 3790
file: 44.200.11.23
hash: 443
file: 184.73.130.151
hash: 80
domain: hylvet.fl0rinf2t.ru
domain: orvex0.0rav2uterus.ru
domain: taldor.0rav2uterus.ru
domain: musrin.0rav2uterus.ru
domain: pelqen.0rav2uterus.ru
file: 151.247.219.188
hash: 7771
domain: durmal.0rav2uterus.ru
domain: arblyn.ar2ble0ffend.ru
domain: domaingroup.eu.cc
domain: helpremote.cc
file: 193.29.58.30
hash: 443
file: 193.29.58.61
hash: 443
file: 216.126.227.250
hash: 443
domain: tolmec.ar2ble0ffend.ru
url: http://45.134.49.30:8888/supershell/login/
domain: sevran.ar2ble0ffend.ru
file: 192.210.186.207
hash: 62520
domain: morkel.ar2ble0ffend.ru
domain: hivlot.ar2ble0ffend.ru
domain: blugra.b1uegras5hia.ru
domain: sarvim.b1uegras5hia.ru
domain: norlun.b1uegras5hia.ru
domain: terval.b1uegras5hia.ru
domain: myqros.b1uegras5hia.ru
url: https://hermisron.com/agent?token=c98348aa5479df05dae407a4c8771f66ff1f8f0708357037
domain: hermisron.com
domain: instel.insti8sc2tter.ru
domain: vargom.insti8sc2tter.ru
domain: hulmet.insti8sc2tter.ru
domain: qerlan.insti8sc2tter.ru
domain: dubrix.insti8sc2tter.ru
domain: cladyn.cl2ddstr1ve.ru
domain: sevqor.cl2ddstr1ve.ru
domain: murlak.cl2ddstr1ve.ru
domain: jotvel.cl2ddstr1ve.ru
domain: hibrax.cl2ddstr1ve.ru
url: https://mipisesho.top/router/callback-fetch.js
domain: mipisesho.top
url: https://mipisesho.top/router/public-client.php
url: https://mipisesho.top/router/api-dom.js
url: http://193.42.38.178/auth
url: https://shellnescarlett.com/auth
domain: dorven.d0orh0bbit.ru
domain: harqel.d0orh0bbit.ru
domain: fumtis.d0orh0bbit.ru
domain: wexlom.d0orh0bbit.ru
domain: beliefpicture.xyz
file: 134.209.22.74
hash: 8001
file: 188.166.22.169
hash: 8001
file: 104.236.220.23
hash: 8001
file: 24.199.86.99
hash: 8001
file: 46.101.38.94
hash: 8001
file: 188.166.80.209
hash: 8001
file: 134.209.123.74
hash: 8001
file: 159.223.12.47
hash: 8001
file: 138.68.148.170
hash: 8001
file: 159.203.99.218
hash: 8001
file: 104.248.162.141
hash: 8001
file: 157.230.216.0
hash: 8001
file: 138.68.191.203
hash: 8001
file: 152.42.133.61
hash: 8001
file: 206.189.201.2
hash: 8001
file: 159.65.206.134
hash: 8001
file: 165.22.204.167
hash: 8001
domain: garlip.d0orh0bbit.ru
file: 188.166.172.127
hash: 8001
file: 157.245.34.98
hash: 8001
file: 192.241.151.72
hash: 8001
file: 167.99.40.241
hash: 8001
domain: marqen.mar8arstr2t.ru
domain: solfyt.mar8arstr2t.ru
domain: tevlor.mar8arstr2t.ru
domain: jubvik.mar8arstr2t.ru
domain: hylmos.mar8arstr2t.ru
file: 47.92.110.59
hash: 23456
file: 172.245.209.160
hash: 34312
file: 101.108.77.92
hash: 7443
file: 146.103.121.226
hash: 3790
domain: spectra.uaenorth.cloudapp.azure.com
file: 185.214.192.4
hash: 80
file: 185.214.192.4
hash: 443
file: 184.73.130.151
hash: 443
domain: shadow.knurlpocket.ru
domain: mortar.knurlpocket.ru
domain: 1zqf.knurlpocket.ru
file: 82.114.2.139
hash: 22
domain: oq808.knurlpocket.ru
domain: pt6vy.knurlpocket.ru
domain: cp109.sn1pcradle.ru
domain: 0p.sn1pcradle.ru
domain: ember.sn1pcradle.ru
domain: gamma.sn1pcradle.ru
domain: quirk.sn1pcradle.ru
domain: pyz.qu1rkbasin.ru
domain: shift.qu1rkbasin.ru
domain: amber.qu1rkbasin.ru
domain: t21vc.qu1rkbasin.ru
domain: d72.qu1rkbasin.ru
domain: weird.v-0-xenridge.ru
domain: 3cnui.v-0-xenridge.ru
file: 206.238.42.178
hash: 5050
domain: ghost4senator.duckdns.org
domain: trace.v-0-xenridge.ru
domain: wq.v-0-xenridge.ru
domain: loop.v-0-xenridge.ru
domain: bracket.v0xenridge.ru
domain: mdt.v0xenridge.ru
url: http://bobrecurwarmumsworms.com:8080/updater?for=5120d3fedd36eac912db54c863ce59bb
domain: nova.v0xenridge.ru
domain: ripple.v0xenridge.ru
domain: oul.v0xenridge.ru
domain: flow.knurl-pocket.ru
file: 120.232.55.107
hash: 10250
file: 18.254.102.157
hash: 443
domain: jinx.knurl-pocket.ru
domain: alpha.knurl-pocket.ru
domain: pocket.knurl-pocket.ru
domain: l9o.knurl-pocket.ru
domain: 5x80a.amberflint.ru
domain: ua4ch.amberflint.ru
domain: basin.amberflint.ru
domain: 63.amberflint.ru
domain: zigzag.amberflint.ru
domain: pixel.amber-flint.ru
domain: odd.amber-flint.ru
domain: kno.amber-flint.ru
domain: content.sentihey.dedyn.io
domain: drive.sentihey.dedyn.io
file: 158.94.210.44
hash: 8000
file: 50.87.234.26
hash: 443
file: 52.40.97.75
hash: 80
file: 52.40.97.75
hash: 443
domain: nccf0.amber-flint.ru
domain: jr33x.amber-flint.ru
domain: lv2.fl0wmortar.ru
domain: patch.fl0wmortar.ru
domain: sf.fl0wmortar.ru
domain: knurl.fl0wmortar.ru
domain: cradle.fl0wmortar.ru
domain: oaq.t0ppleseed.ru
domain: g4tb.t0ppleseed.ru
domain: ridge.t0ppleseed.ru
domain: zx7d.t0ppleseed.ru
domain: y9z9.t0ppleseed.ru
domain: seed.j1nxbuckle.ru
file: 106.250.166.45
hash: 5712
domain: vh.j1nxbuckle.ru
domain: 2b3n1.j1nxbuckle.ru
domain: snip.j1nxbuckle.ru
domain: warp.j1nxbuckle.ru
domain: tt.hush-zigzag.ru
domain: hush.hush-zigzag.ru
domain: d3k.hush-zigzag.ru
domain: glitch.hush-zigzag.ru
domain: hgd7l.hush-zigzag.ru
domain: spark.hushzigzag.ru
domain: 8nf25.hushzigzag.ru
domain: beta.hushzigzag.ru
domain: v21nv.hushzigzag.ru
domain: bwp.hushzigzag.ru

Source: ThreatFox MISP Feed

Published: Wed Dec 24 2025

ThreatFox IOCs for 2025-12-24

Medium

Malwaretype:osint tlp:white

Published: Wed Dec 24 2025 (12/24/2025, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2025-12-24

AI-Powered Analysis

AILast updated: 12/25/2025, 00:12:59 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: e9e7fe16-3027-4cbe-9a2b-23b816ae73e2
Original Timestamp: 1766620989

Indicators of Compromise

File

Value	Description	Copy
file146.103.104.211	Stealc botnet C2 server (confidence level: 100%)
file45.32.211.159	Mirai botnet C2 server (confidence level: 80%)
file47.96.75.57	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.76.53.145	Cobalt Strike botnet C2 server (confidence level: 100%)
file216.40.86.158	Sliver botnet C2 server (confidence level: 90%)
file38.12.24.231	Sliver botnet C2 server (confidence level: 90%)
file34.209.232.97	Havoc botnet C2 server (confidence level: 100%)
file93.188.161.183	Unknown malware botnet C2 server (confidence level: 100%)
file185.189.58.205	Unknown malware botnet C2 server (confidence level: 100%)
file3.239.159.127	Unknown malware botnet C2 server (confidence level: 100%)
file223.76.218.105	Unknown malware botnet C2 server (confidence level: 100%)
file4.204.41.19	Unknown malware botnet C2 server (confidence level: 100%)
file51.79.8.122	Unknown malware botnet C2 server (confidence level: 100%)
file13.42.44.255	Unknown malware botnet C2 server (confidence level: 100%)
file178.130.46.8	Unknown malware botnet C2 server (confidence level: 100%)
file165.232.103.161	BianLian botnet C2 server (confidence level: 100%)
file193.201.82.147	Mirai botnet C2 server (confidence level: 80%)
file185.39.19.41	SectopRAT botnet C2 server (confidence level: 100%)
file45.61.157.210	Crimson RAT botnet C2 server (confidence level: 100%)
file86.38.225.228	Unknown malware botnet C2 server (confidence level: 100%)
file199.101.111.81	Meterpreter botnet C2 server (confidence level: 100%)
file213.202.211.46	Mirai botnet C2 server (confidence level: 80%)
file124.156.113.135	Cobalt Strike botnet C2 server (confidence level: 75%)
file23.254.202.119	Cobalt Strike botnet C2 server (confidence level: 75%)
file23.254.202.119	Cobalt Strike botnet C2 server (confidence level: 75%)
file202.162.99.237	Cobalt Strike botnet C2 server (confidence level: 100%)
file202.162.99.237	Cobalt Strike botnet C2 server (confidence level: 100%)
file81.136.59.212	DarkComet botnet C2 server (confidence level: 100%)
file91.214.78.207	Remcos botnet C2 server (confidence level: 100%)
file23.146.242.68	Remcos botnet C2 server (confidence level: 100%)
file82.202.131.62	Sliver botnet C2 server (confidence level: 100%)
file174.138.68.143	AsyncRAT botnet C2 server (confidence level: 100%)
file82.66.212.109	Quasar RAT botnet C2 server (confidence level: 100%)
file89.116.21.175	Havoc botnet C2 server (confidence level: 100%)
file46.246.6.11	DCRat botnet C2 server (confidence level: 100%)
file94.154.35.160	DCRat botnet C2 server (confidence level: 100%)
file130.164.190.126	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file216.126.227.140	Unknown malware botnet C2 server (confidence level: 100%)
file85.192.20.23	Chaos botnet C2 server (confidence level: 100%)
file35.222.31.3	MimiKatz botnet C2 server (confidence level: 100%)
file44.203.143.66	Meterpreter botnet C2 server (confidence level: 100%)
file34.229.7.72	Meterpreter botnet C2 server (confidence level: 100%)
file54.210.239.109	Meterpreter botnet C2 server (confidence level: 100%)
file54.210.239.109	Meterpreter botnet C2 server (confidence level: 100%)
file54.179.224.147	Unknown malware botnet C2 server (confidence level: 100%)
file217.60.6.187	Cobalt Strike botnet C2 server (confidence level: 100%)
file117.72.98.242	Cobalt Strike botnet C2 server (confidence level: 100%)
file91.198.77.184	Remcos botnet C2 server (confidence level: 100%)
file87.121.72.223	Sliver botnet C2 server (confidence level: 100%)
file47.237.15.69	Sliver botnet C2 server (confidence level: 100%)
file45.227.254.14	SectopRAT botnet C2 server (confidence level: 100%)
file13.50.231.171	Empire Downloader botnet C2 server (confidence level: 100%)
file44.200.11.23	Unknown malware botnet C2 server (confidence level: 100%)
file174.142.195.203	Unknown malware botnet C2 server (confidence level: 100%)
file1.161.70.15	QakBot botnet C2 server (confidence level: 75%)
file144.172.100.195	Havoc botnet C2 server (confidence level: 75%)
file175.29.22.97	DeimosC2 botnet C2 server (confidence level: 75%)
file34.254.143.111	DeimosC2 botnet C2 server (confidence level: 75%)
file38.12.24.231	Sliver botnet C2 server (confidence level: 75%)
file27.124.44.189	Ghost RAT botnet C2 server (confidence level: 100%)
file198.176.62.92	Ghost RAT botnet C2 server (confidence level: 100%)
file165.22.48.119	Cobalt Strike botnet C2 server (confidence level: 100%)
file4.216.218.82	Unknown malware botnet C2 server (confidence level: 100%)
file34.176.142.248	Unknown malware botnet C2 server (confidence level: 100%)
file34.176.142.248	Unknown malware botnet C2 server (confidence level: 100%)
file148.230.92.33	Unknown malware botnet C2 server (confidence level: 100%)
file52.47.144.48	Unknown malware botnet C2 server (confidence level: 100%)
file85.214.166.110	Unknown malware botnet C2 server (confidence level: 100%)
file143.198.141.253	Unknown malware botnet C2 server (confidence level: 100%)
file107.173.125.192	Unknown malware botnet C2 server (confidence level: 100%)
file39.98.58.80	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.251.240.244	Cobalt Strike botnet C2 server (confidence level: 100%)
file198.46.216.194	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.165.200.15	Cobalt Strike botnet C2 server (confidence level: 100%)
file191.107.84.131	Remcos botnet C2 server (confidence level: 100%)
file195.24.237.124	Remcos botnet C2 server (confidence level: 100%)
file129.204.230.213	Sliver botnet C2 server (confidence level: 100%)
file174.129.146.138	Meterpreter botnet C2 server (confidence level: 100%)
file178.200.40.93	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.111.124	Meterpreter botnet C2 server (confidence level: 100%)
file44.200.11.23	Unknown malware botnet C2 server (confidence level: 100%)
file184.73.130.151	Unknown malware botnet C2 server (confidence level: 100%)
file151.247.219.188	XWorm botnet C2 server (confidence level: 100%)
file193.29.58.30	Cobalt Strike botnet C2 server (confidence level: 75%)
file193.29.58.61	Cobalt Strike botnet C2 server (confidence level: 75%)
file216.126.227.250	Meterpreter botnet C2 server (confidence level: 75%)
file192.210.186.207	PureLogs Stealer botnet C2 server (confidence level: 100%)
file134.209.22.74	Aisuru botnet C2 server (confidence level: 75%)
file188.166.22.169	Aisuru botnet C2 server (confidence level: 75%)
file104.236.220.23	Aisuru botnet C2 server (confidence level: 75%)
file24.199.86.99	Aisuru botnet C2 server (confidence level: 75%)
file46.101.38.94	Aisuru botnet C2 server (confidence level: 75%)
file188.166.80.209	Aisuru botnet C2 server (confidence level: 75%)
file134.209.123.74	Aisuru botnet C2 server (confidence level: 75%)
file159.223.12.47	Aisuru botnet C2 server (confidence level: 75%)
file138.68.148.170	Aisuru botnet C2 server (confidence level: 75%)
file159.203.99.218	Aisuru botnet C2 server (confidence level: 75%)
file104.248.162.141	Aisuru botnet C2 server (confidence level: 75%)
file157.230.216.0	Aisuru botnet C2 server (confidence level: 75%)
file138.68.191.203	Aisuru botnet C2 server (confidence level: 75%)
file152.42.133.61	Aisuru botnet C2 server (confidence level: 75%)
file206.189.201.2	Aisuru botnet C2 server (confidence level: 75%)
file159.65.206.134	Aisuru botnet C2 server (confidence level: 75%)
file165.22.204.167	Aisuru botnet C2 server (confidence level: 75%)
file188.166.172.127	Aisuru botnet C2 server (confidence level: 75%)
file157.245.34.98	Aisuru botnet C2 server (confidence level: 75%)
file192.241.151.72	Aisuru botnet C2 server (confidence level: 75%)
file167.99.40.241	Aisuru botnet C2 server (confidence level: 75%)
file47.92.110.59	Cobalt Strike botnet C2 server (confidence level: 100%)
file172.245.209.160	Remcos botnet C2 server (confidence level: 100%)
file101.108.77.92	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file146.103.121.226	Meterpreter botnet C2 server (confidence level: 100%)
file185.214.192.4	Unknown malware botnet C2 server (confidence level: 100%)
file185.214.192.4	Unknown malware botnet C2 server (confidence level: 100%)
file184.73.130.151	Unknown malware botnet C2 server (confidence level: 100%)
file82.114.2.139	Unknown malware botnet C2 server (confidence level: 100%)
file206.238.42.178	ValleyRAT botnet C2 server (confidence level: 100%)
file120.232.55.107	DeimosC2 botnet C2 server (confidence level: 75%)
file18.254.102.157	DeimosC2 botnet C2 server (confidence level: 75%)
file158.94.210.44	Bashlite botnet C2 server (confidence level: 100%)
file50.87.234.26	Unknown malware botnet C2 server (confidence level: 100%)
file52.40.97.75	Unknown malware botnet C2 server (confidence level: 100%)
file52.40.97.75	Unknown malware botnet C2 server (confidence level: 100%)
file106.250.166.45	RMS botnet C2 server (confidence level: 100%)

Hash

Value	Description	Copy
hash80	Stealc botnet C2 server (confidence level: 100%)
hash51515	Mirai botnet C2 server (confidence level: 80%)
hash8081	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Sliver botnet C2 server (confidence level: 90%)
hash31337	Sliver botnet C2 server (confidence level: 90%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash8443	Unknown malware botnet C2 server (confidence level: 100%)
hash3334	Unknown malware botnet C2 server (confidence level: 100%)
hash8000	Unknown malware botnet C2 server (confidence level: 100%)
hash9205	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash8443	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	BianLian botnet C2 server (confidence level: 100%)
hash666	Mirai botnet C2 server (confidence level: 80%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash371	Crimson RAT botnet C2 server (confidence level: 100%)
hash5555	Unknown malware botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash420	Mirai botnet C2 server (confidence level: 80%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash1339	DarkComet botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash443	Sliver botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash24782	Quasar RAT botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash4444	DCRat botnet C2 server (confidence level: 100%)
hash7777	DCRat botnet C2 server (confidence level: 100%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Chaos botnet C2 server (confidence level: 100%)
hash80	MimiKatz botnet C2 server (confidence level: 100%)
hash2181	Meterpreter botnet C2 server (confidence level: 100%)
hash22622	Meterpreter botnet C2 server (confidence level: 100%)
hash6003	Meterpreter botnet C2 server (confidence level: 100%)
hash19953	Meterpreter botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Remcos botnet C2 server (confidence level: 100%)
hash8443	Sliver botnet C2 server (confidence level: 100%)
hash3389	Sliver botnet C2 server (confidence level: 100%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash80	Empire Downloader botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash173ff5ede7c28163ceaa9440de8a02cef26295f8be06b6b0f90b0a4284471bc2	Unknown Stealer payload (confidence level: 100%)
hashb591bfbab57cc69ce985fbc426002ef00826605257de0547f20ebcfecc3724c2	Unknown Stealer payload (confidence level: 100%)
hash443	QakBot botnet C2 server (confidence level: 75%)
hash443	Havoc botnet C2 server (confidence level: 75%)
hash15202	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash8888	Sliver botnet C2 server (confidence level: 75%)
hash6668	Ghost RAT botnet C2 server (confidence level: 100%)
hash1688	Ghost RAT botnet C2 server (confidence level: 100%)
hash4444	Cobalt Strike botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hashd984a2e72701f746d4df048ac94aa6fcf98b842a311be42e0cacc335df88cba1	ClearFake payload (confidence level: 100%)
hash7777	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8111	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433	Cobalt Strike botnet C2 server (confidence level: 100%)
hash85	Cobalt Strike botnet C2 server (confidence level: 100%)
hash5060	Remcos botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash8000	Sliver botnet C2 server (confidence level: 100%)
hash28075	Meterpreter botnet C2 server (confidence level: 100%)
hash4444	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash7771	XWorm botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Meterpreter botnet C2 server (confidence level: 75%)
hash62520	PureLogs Stealer botnet C2 server (confidence level: 100%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash23456	Cobalt Strike botnet C2 server (confidence level: 100%)
hash34312	Remcos botnet C2 server (confidence level: 100%)
hash7443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash22	Unknown malware botnet C2 server (confidence level: 100%)
hash5050	ValleyRAT botnet C2 server (confidence level: 100%)
hash10250	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash8000	Bashlite botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash5712	RMS botnet C2 server (confidence level: 100%)

Domain

Value	Description	Copy
domain78win88.co.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainersel33640.freedynamicdns.org	DarkComet botnet C2 domain (confidence level: 100%)
domainojxqy.sa.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainremont-center.ru.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domaincamerica.co.com	Unknown malware botnet C2 domain (confidence level: 75%)
domainib-boq.co.com	Unknown malware botnet C2 domain (confidence level: 75%)
domainvisionsfederalcredit.co.com	Unknown malware botnet C2 domain (confidence level: 75%)
domainstifelwealth.co.com	Unknown malware botnet C2 domain (confidence level: 75%)
domaintrustonefinancial.co.com	Unknown malware botnet C2 domain (confidence level: 75%)
domainuwcreditunion.co.com	Unknown malware botnet C2 domain (confidence level: 75%)
domainmidfloridacreditunion.co.com	Unknown malware botnet C2 domain (confidence level: 75%)
domainfirsthorizonbank.co.com	Unknown malware botnet C2 domain (confidence level: 75%)
domainrobinsfinancialcredit.co.com	Unknown malware botnet C2 domain (confidence level: 75%)
domainu0b.rainst0ne.ru	ClearFake payload delivery domain (confidence level: 100%)
domaing0nd9.rainst0ne.ru	ClearFake payload delivery domain (confidence level: 100%)
domaina5.bluecl1ff.ru	ClearFake payload delivery domain (confidence level: 100%)
domainy36.bluecl1ff.ru	ClearFake payload delivery domain (confidence level: 100%)
domaindpou.bluecl1ff.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintmp.bluecl1ff.ru	ClearFake payload delivery domain (confidence level: 100%)
domain9c.bluecl1ff.ru	ClearFake payload delivery domain (confidence level: 100%)
domainlm.softcl0ud.ru	ClearFake payload delivery domain (confidence level: 100%)
domain3get.softcl0ud.ru	ClearFake payload delivery domain (confidence level: 100%)
domainfhu9.softcl0ud.ru	ClearFake payload delivery domain (confidence level: 100%)
domainlurn.softcl0ud.ru	ClearFake payload delivery domain (confidence level: 100%)
domaints.softcl0ud.ru	ClearFake payload delivery domain (confidence level: 100%)
domainsoft.windm1nd.ru	ClearFake payload delivery domain (confidence level: 100%)
domaindf999-20.com	AsyncRAT botnet C2 domain (confidence level: 50%)
domainmq.windm1nd.ru	ClearFake payload delivery domain (confidence level: 100%)
domainejsdi.windm1nd.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhf.windm1nd.ru	ClearFake payload delivery domain (confidence level: 100%)
domainlink.windm1nd.ru	ClearFake payload delivery domain (confidence level: 100%)
domainsag1.cl0udtrace.ru	ClearFake payload delivery domain (confidence level: 100%)
domainvl.cl0udtrace.ru	ClearFake payload delivery domain (confidence level: 100%)
domainb7.cl0udtrace.ru	ClearFake payload delivery domain (confidence level: 100%)
domain6us.cl0udtrace.ru	ClearFake payload delivery domain (confidence level: 100%)
domain33.cl0udtrace.ru	ClearFake payload delivery domain (confidence level: 100%)
domaindalmex.circu1arc0pna.ru	ClearFake payload delivery domain (confidence level: 100%)
domainvorqen.circu1arc0pna.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintizruk.circu1arc0pna.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmeflar.circu1arc0pna.ru	ClearFake payload delivery domain (confidence level: 100%)
domainsub9ek.circu1arc0pna.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhaxlim.bo0ndc0pe.ru	ClearFake payload delivery domain (confidence level: 100%)
domainbreq2o.bo0ndc0pe.ru	ClearFake payload delivery domain (confidence level: 100%)
domainjomvet.bo0ndc0pe.ru	ClearFake payload delivery domain (confidence level: 100%)
domainatlanta.testingweblink.com	Havoc botnet C2 domain (confidence level: 100%)
domainculdar.bo0ndc0pe.ru	ClearFake payload delivery domain (confidence level: 100%)
domainwizfem.bo0ndc0pe.ru	ClearFake payload delivery domain (confidence level: 100%)
domainfolmir.gethun8le2r.ru	ClearFake payload delivery domain (confidence level: 100%)
domainteqvax.gethun8le2r.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmurd1n.gethun8le2r.ru	ClearFake payload delivery domain (confidence level: 100%)
domainvelgor.gethun8le2r.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpixhun.gethun8le2r.ru	ClearFake payload delivery domain (confidence level: 100%)
domainslanef.r1dsheet5et.ru	ClearFake payload delivery domain (confidence level: 100%)
domainqerdit.r1dsheet5et.ru	ClearFake payload delivery domain (confidence level: 100%)
domainloxme7.r1dsheet5et.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpufnar.r1dsheet5et.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintivsek.r1dsheet5et.ru	ClearFake payload delivery domain (confidence level: 100%)
domaingrylox.f1ysynchr0n.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhepm1r.f1ysynchr0n.ru	ClearFake payload delivery domain (confidence level: 100%)
domainvalcyn.f1ysynchr0n.ru	ClearFake payload delivery domain (confidence level: 100%)
domainjostiq.f1ysynchr0n.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmufden.f1ysynchr0n.ru	ClearFake payload delivery domain (confidence level: 100%)
domaindarmiq.a8riculmarb1e.ru	ClearFake payload delivery domain (confidence level: 100%)
domainlevhun.a8riculmarb1e.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpruxol.a8riculmarb1e.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintam8re.a8riculmarb1e.ru	ClearFake payload delivery domain (confidence level: 100%)
domainsivqen.a8riculmarb1e.ru	ClearFake payload delivery domain (confidence level: 100%)
domainandredorethrenody.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainwirgol.lobo8rnerf1.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhudrex.lobo8rnerf1.ru	ClearFake payload delivery domain (confidence level: 100%)
domainzong.elpaies.info	Unknown malware payload delivery domain (confidence level: 100%)
domainxuang.elpaies.info	Unknown malware payload delivery domain (confidence level: 100%)
domainsolbam.lobo8rnerf1.ru	ClearFake payload delivery domain (confidence level: 100%)
domainjiv8ro.lobo8rnerf1.ru	ClearFake payload delivery domain (confidence level: 100%)
domainkenfyl.lobo8rnerf1.ru	ClearFake payload delivery domain (confidence level: 100%)
domainfexmor.gig8lere1y.ru	ClearFake payload delivery domain (confidence level: 100%)
domainvulgan.gig8lere1y.ru	ClearFake payload delivery domain (confidence level: 100%)
domainobsidiangate.space	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainfocusgroovy.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainqimle8.gig8lere1y.ru	ClearFake payload delivery domain (confidence level: 100%)
domainharbit.gig8lere1y.ru	ClearFake payload delivery domain (confidence level: 100%)
domainzodrey.gig8lere1y.ru	ClearFake payload delivery domain (confidence level: 100%)
domainparvux.ar5hinas5ist.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintilgor.ar5hinas5ist.ru	ClearFake payload delivery domain (confidence level: 100%)
domainzem5iq.ar5hinas5ist.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhunled.ar5hinas5ist.ru	ClearFake payload delivery domain (confidence level: 100%)
domainboxram.ar5hinas5ist.ru	ClearFake payload delivery domain (confidence level: 100%)
domainjuqmal.pa1mi5trythat.ru	ClearFake payload delivery domain (confidence level: 100%)
domainser1up.pa1mi5trythat.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintivran.pa1mi5trythat.ru	ClearFake payload delivery domain (confidence level: 100%)
domainwolpek.pa1mi5trythat.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhez3it.pa1mi5trythat.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmavlun.luz7it5tretch.ru	ClearFake payload delivery domain (confidence level: 100%)
domainqerfo7.luz7it5tretch.ru	ClearFake payload delivery domain (confidence level: 100%)
domaindibrax.luz7it5tretch.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintolcem.luz7it5tretch.ru	ClearFake payload delivery domain (confidence level: 100%)
domainsuvnit.luz7it5tretch.ru	ClearFake payload delivery domain (confidence level: 100%)
domainvexlun.imp2ctto1st.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmorqel.imp2ctto1st.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintarfyn.imp2ctto1st.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhilvex.imp2ctto1st.ru	ClearFake payload delivery domain (confidence level: 100%)
domainjubran.imp2ctto1st.ru	ClearFake payload delivery domain (confidence level: 100%)
domainflorix.fl0rinf2t.ru	ClearFake payload delivery domain (confidence level: 100%)
domainvelmar.fl0rinf2t.ru	ClearFake payload delivery domain (confidence level: 100%)
domainsundel.fl0rinf2t.ru	ClearFake payload delivery domain (confidence level: 100%)
domaincarmin.fl0rinf2t.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhylvet.fl0rinf2t.ru	ClearFake payload delivery domain (confidence level: 100%)
domainorvex0.0rav2uterus.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintaldor.0rav2uterus.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmusrin.0rav2uterus.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpelqen.0rav2uterus.ru	ClearFake payload delivery domain (confidence level: 100%)
domaindurmal.0rav2uterus.ru	ClearFake payload delivery domain (confidence level: 100%)
domainarblyn.ar2ble0ffend.ru	ClearFake payload delivery domain (confidence level: 100%)
domaindomaingroup.eu.cc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainhelpremote.cc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaintolmec.ar2ble0ffend.ru	ClearFake payload delivery domain (confidence level: 100%)
domainsevran.ar2ble0ffend.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmorkel.ar2ble0ffend.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhivlot.ar2ble0ffend.ru	ClearFake payload delivery domain (confidence level: 100%)
domainblugra.b1uegras5hia.ru	ClearFake payload delivery domain (confidence level: 100%)
domainsarvim.b1uegras5hia.ru	ClearFake payload delivery domain (confidence level: 100%)
domainnorlun.b1uegras5hia.ru	ClearFake payload delivery domain (confidence level: 100%)
domainterval.b1uegras5hia.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmyqros.b1uegras5hia.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhermisron.com	Unknown malware payload delivery domain (confidence level: 100%)
domaininstel.insti8sc2tter.ru	ClearFake payload delivery domain (confidence level: 100%)
domainvargom.insti8sc2tter.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhulmet.insti8sc2tter.ru	ClearFake payload delivery domain (confidence level: 100%)
domainqerlan.insti8sc2tter.ru	ClearFake payload delivery domain (confidence level: 100%)
domaindubrix.insti8sc2tter.ru	ClearFake payload delivery domain (confidence level: 100%)
domaincladyn.cl2ddstr1ve.ru	ClearFake payload delivery domain (confidence level: 100%)
domainsevqor.cl2ddstr1ve.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmurlak.cl2ddstr1ve.ru	ClearFake payload delivery domain (confidence level: 100%)
domainjotvel.cl2ddstr1ve.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhibrax.cl2ddstr1ve.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmipisesho.top	NetSupportManager RAT payload delivery domain (confidence level: 100%)
domaindorven.d0orh0bbit.ru	ClearFake payload delivery domain (confidence level: 100%)
domainharqel.d0orh0bbit.ru	ClearFake payload delivery domain (confidence level: 100%)
domainfumtis.d0orh0bbit.ru	ClearFake payload delivery domain (confidence level: 100%)
domainwexlom.d0orh0bbit.ru	ClearFake payload delivery domain (confidence level: 100%)
domainbeliefpicture.xyz	Unknown Loader botnet C2 domain (confidence level: 100%)
domaingarlip.d0orh0bbit.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmarqen.mar8arstr2t.ru	ClearFake payload delivery domain (confidence level: 100%)
domainsolfyt.mar8arstr2t.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintevlor.mar8arstr2t.ru	ClearFake payload delivery domain (confidence level: 100%)
domainjubvik.mar8arstr2t.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhylmos.mar8arstr2t.ru	ClearFake payload delivery domain (confidence level: 100%)
domainspectra.uaenorth.cloudapp.azure.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainshadow.knurlpocket.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmortar.knurlpocket.ru	ClearFake payload delivery domain (confidence level: 100%)
domain1zqf.knurlpocket.ru	ClearFake payload delivery domain (confidence level: 100%)
domainoq808.knurlpocket.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpt6vy.knurlpocket.ru	ClearFake payload delivery domain (confidence level: 100%)
domaincp109.sn1pcradle.ru	ClearFake payload delivery domain (confidence level: 100%)
domain0p.sn1pcradle.ru	ClearFake payload delivery domain (confidence level: 100%)
domainember.sn1pcradle.ru	ClearFake payload delivery domain (confidence level: 100%)
domaingamma.sn1pcradle.ru	ClearFake payload delivery domain (confidence level: 100%)
domainquirk.sn1pcradle.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpyz.qu1rkbasin.ru	ClearFake payload delivery domain (confidence level: 100%)
domainshift.qu1rkbasin.ru	ClearFake payload delivery domain (confidence level: 100%)
domainamber.qu1rkbasin.ru	ClearFake payload delivery domain (confidence level: 100%)
domaint21vc.qu1rkbasin.ru	ClearFake payload delivery domain (confidence level: 100%)
domaind72.qu1rkbasin.ru	ClearFake payload delivery domain (confidence level: 100%)
domainweird.v-0-xenridge.ru	ClearFake payload delivery domain (confidence level: 100%)
domain3cnui.v-0-xenridge.ru	ClearFake payload delivery domain (confidence level: 100%)
domainghost4senator.duckdns.org	NetWire RC botnet C2 domain (confidence level: 100%)
domaintrace.v-0-xenridge.ru	ClearFake payload delivery domain (confidence level: 100%)
domainwq.v-0-xenridge.ru	ClearFake payload delivery domain (confidence level: 100%)
domainloop.v-0-xenridge.ru	ClearFake payload delivery domain (confidence level: 100%)
domainbracket.v0xenridge.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmdt.v0xenridge.ru	ClearFake payload delivery domain (confidence level: 100%)
domainnova.v0xenridge.ru	ClearFake payload delivery domain (confidence level: 100%)
domainripple.v0xenridge.ru	ClearFake payload delivery domain (confidence level: 100%)
domainoul.v0xenridge.ru	ClearFake payload delivery domain (confidence level: 100%)
domainflow.knurl-pocket.ru	ClearFake payload delivery domain (confidence level: 100%)
domainjinx.knurl-pocket.ru	ClearFake payload delivery domain (confidence level: 100%)
domainalpha.knurl-pocket.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpocket.knurl-pocket.ru	ClearFake payload delivery domain (confidence level: 100%)
domainl9o.knurl-pocket.ru	ClearFake payload delivery domain (confidence level: 100%)
domain5x80a.amberflint.ru	ClearFake payload delivery domain (confidence level: 100%)
domainua4ch.amberflint.ru	ClearFake payload delivery domain (confidence level: 100%)
domainbasin.amberflint.ru	ClearFake payload delivery domain (confidence level: 100%)
domain63.amberflint.ru	ClearFake payload delivery domain (confidence level: 100%)
domainzigzag.amberflint.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpixel.amber-flint.ru	ClearFake payload delivery domain (confidence level: 100%)
domainodd.amber-flint.ru	ClearFake payload delivery domain (confidence level: 100%)
domainkno.amber-flint.ru	ClearFake payload delivery domain (confidence level: 100%)
domaincontent.sentihey.dedyn.io	Havoc botnet C2 domain (confidence level: 100%)
domaindrive.sentihey.dedyn.io	Havoc botnet C2 domain (confidence level: 100%)
domainnccf0.amber-flint.ru	ClearFake payload delivery domain (confidence level: 100%)
domainjr33x.amber-flint.ru	ClearFake payload delivery domain (confidence level: 100%)
domainlv2.fl0wmortar.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpatch.fl0wmortar.ru	ClearFake payload delivery domain (confidence level: 100%)
domainsf.fl0wmortar.ru	ClearFake payload delivery domain (confidence level: 100%)
domainknurl.fl0wmortar.ru	ClearFake payload delivery domain (confidence level: 100%)
domaincradle.fl0wmortar.ru	ClearFake payload delivery domain (confidence level: 100%)
domainoaq.t0ppleseed.ru	ClearFake payload delivery domain (confidence level: 100%)
domaing4tb.t0ppleseed.ru	ClearFake payload delivery domain (confidence level: 100%)
domainridge.t0ppleseed.ru	ClearFake payload delivery domain (confidence level: 100%)
domainzx7d.t0ppleseed.ru	ClearFake payload delivery domain (confidence level: 100%)
domainy9z9.t0ppleseed.ru	ClearFake payload delivery domain (confidence level: 100%)
domainseed.j1nxbuckle.ru	ClearFake payload delivery domain (confidence level: 100%)
domainvh.j1nxbuckle.ru	ClearFake payload delivery domain (confidence level: 100%)
domain2b3n1.j1nxbuckle.ru	ClearFake payload delivery domain (confidence level: 100%)
domainsnip.j1nxbuckle.ru	ClearFake payload delivery domain (confidence level: 100%)
domainwarp.j1nxbuckle.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintt.hush-zigzag.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhush.hush-zigzag.ru	ClearFake payload delivery domain (confidence level: 100%)
domaind3k.hush-zigzag.ru	ClearFake payload delivery domain (confidence level: 100%)
domainglitch.hush-zigzag.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhgd7l.hush-zigzag.ru	ClearFake payload delivery domain (confidence level: 100%)
domainspark.hushzigzag.ru	ClearFake payload delivery domain (confidence level: 100%)
domain8nf25.hushzigzag.ru	ClearFake payload delivery domain (confidence level: 100%)
domainbeta.hushzigzag.ru	ClearFake payload delivery domain (confidence level: 100%)
domainv21nv.hushzigzag.ru	ClearFake payload delivery domain (confidence level: 100%)
domainbwp.hushzigzag.ru	ClearFake payload delivery domain (confidence level: 100%)

Url

Value	Description	Copy
urlhttps://google-drive.co/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://focusgroovy.com/dynamic	Unknown Stealer botnet C2 (confidence level: 100%)
urlhttps://focusgroovy.com/gate	Unknown Stealer botnet C2 (confidence level: 100%)
urlhttp://45.134.49.30:8888/supershell/login/	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://hermisron.com/agent?token=c98348aa5479df05dae407a4c8771f66ff1f8f0708357037	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://mipisesho.top/router/callback-fetch.js	NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://mipisesho.top/router/public-client.php	NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://mipisesho.top/router/api-dom.js	NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttp://193.42.38.178/auth	NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://shellnescarlett.com/auth	NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttp://bobrecurwarmumsworms.com:8080/updater?for=5120d3fedd36eac912db54c863ce59bb	Unknown malware botnet C2 (confidence level: 100%)

Threat ID: 694c81775f4e95c0c3788b60

Added to database: 12/25/2025, 12:12:39 AM

Last enriched: 12/25/2025, 12:12:59 AM

Last updated: 12/25/2025, 6:10:06 PM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

Trial, Error, and Typos: Why Some Malware Attacks Aren't as 'Sophisticated' as You Think

Medium

MalwareTue Dec 23 2025

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2025-12-24

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2025-12-24

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

File

Hash

Domain

Url

Community Reviews

Related Threats

ThreatFox IOCs for 2025-12-23

Dissecting a Multi-Stage macOS Infostealer

New MacSync Stealer Disguised as Trusted Mac App Hunts Your Saved Passwords

Ransomware Hits Romanian Water Authority, 1000 Systems Knocked Offline

Trial, Error, and Typos: Why Some Malware Attacks Aren't as 'Sophisticated' as You Think

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility