Reconnecting to live updates…

ThreatFox IOCs for 2025-12-26

Severity: mediumType: malware

AI Analysis

Technical Summary

The threat information pertains to a set of Indicators of Compromise (IOCs) published by ThreatFox on 2025-12-26, categorized under malware with emphasis on OSINT, network activity, and payload delivery. ThreatFox is a platform that aggregates and shares threat intelligence data, including IOCs that help organizations detect malicious activity. This particular dataset does not specify any affected software versions or products, nor does it indicate any known exploits currently active in the wild. The absence of patches suggests that this intelligence is focused on detection rather than remediation of a specific vulnerability. The threat level is rated as 2 on an unspecified scale, with a medium severity classification, implying moderate risk. The technical details include a threat level, analysis, and distribution metrics, but no concrete indicators or payload specifics are provided. This suggests the data is primarily for situational awareness and enhancing network monitoring capabilities rather than responding to an immediate exploit. The tags and categories indicate the intelligence is related to open-source intelligence gathering and network-based malware delivery mechanisms. Overall, this represents a proactive intelligence feed to support cybersecurity operations rather than a direct, exploitable vulnerability or active malware campaign.

Potential Impact

For European organizations, the impact of this threat is currently limited due to the lack of known active exploits and absence of affected software versions. However, the presence of IOCs related to malware payload delivery and network activity means that organizations could potentially detect early signs of malicious activity if these indicators are integrated into their security monitoring tools. The medium severity rating suggests that while the threat is not immediately critical, it could facilitate reconnaissance or initial stages of an attack if leveraged by threat actors. Organizations with extensive network infrastructure and critical digital assets may face increased risk if these IOCs correspond to emerging malware campaigns. The lack of patches or direct remediation steps means that detection and response capabilities are the primary defense. Failure to monitor these indicators could result in delayed detection of malware infections or network intrusions, potentially impacting confidentiality, integrity, and availability of systems. Overall, the threat serves as a valuable intelligence input but does not represent an imminent or severe risk on its own.

Mitigation Recommendations

European organizations should incorporate the provided ThreatFox IOCs into their existing Security Information and Event Management (SIEM) systems and intrusion detection/prevention systems (IDS/IPS) to enhance detection capabilities. Regularly updating threat intelligence feeds and correlating these IOCs with internal logs can help identify suspicious network activity or payload delivery attempts early. Conduct targeted network traffic analysis focusing on unusual outbound connections or payload signatures that match the IOCs. Implement network segmentation and strict egress filtering to limit potential malware propagation. Enhance endpoint detection and response (EDR) solutions to recognize behaviors associated with the types of malware indicated by the IOCs. Conduct regular threat hunting exercises using these indicators to proactively identify compromised assets. Train security teams to interpret OSINT-based threat intelligence effectively and integrate it into incident response workflows. Since no patches are available, emphasize rapid containment and eradication procedures upon detection. Collaborate with European cybersecurity information sharing organizations to stay informed about any updates or emerging threats related to these IOCs.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden

Indicators of Compromise

file: 103.176.23.5
hash: 3000
domain: mamonol.cyou
domain: nutlios.cyou
domain: remareq.cyou
domain: servict.cyou
domain: gleamus.cyou
domain: readyca.cyou
domain: scarleu.cyou
domain: treponj.cyou
file: 137.220.223.159
hash: 14994
file: 103.86.47.226
hash: 8080
domain: www.justformyeyes.com
file: 198.13.47.54
hash: 3333
file: 165.232.141.208
hash: 3333
url: http://130.12.180.20:30677/cat.sh
file: 38.190.196.30
hash: 8080
domain: morqet.b1uesgr2mp.ru
file: 95.85.239.180
hash: 9000
file: 77.120.165.2
hash: 80
file: 185.116.193.105
hash: 80
file: 178.79.182.67
hash: 80
file: 31.147.204.35
hash: 80
domain: gudrax.gu1detr2in.ru
domain: pelniv.gu1detr2in.ru
domain: tovqer.gu1detr2in.ru
domain: silmot.gu1detr2in.ru
domain: jax3um.gu1detr2in.ru
domain: hexvul.exh2ust8one.ru
domain: sorqin.exh2ust8one.ru
domain: vablot.exh2ust8one.ru
domain: muf3ed.exh2ust8one.ru
domain: dirzam.exh2ust8one.ru
domain: orqelx.or8anop5crew.ru
hash: a23c39b7b0fb8f6e3e614835b0969bf87e4dae1e
hash: 458c119a3b7fd9a59a26a9f0af3f6490f131d5d5a6a01f293b728645df9f50cc
hash: 2029a7514371ad92aed661c171836120
hash: 01a5d87b6a3bb0dce9b03bd4974c82d268ae76c4
hash: e1345fb134e131300974cc55448bdc0f547c13502a298496f0762e09fbe9be7a
hash: 1701eced369e4644e33f52e242fdfc61
hash: c2209bd8a27a6655682bc63dcf6be529d41e26a6
hash: cf9d3ba6a9a8771d398902e71e90000752e25c4dbe9aa86ad3c6f29a7d5c843d
hash: a2eef5aea3b07e5587f4afd98f2b6ab4
hash: 7bc0333cb116308de650ab36deed078fe5011b47
hash: e9f461c11e56ad687f2fc464022358050f4cd6f3526edec282da189316c4488e
hash: dfe01376ceba22e8e984094a0b7c0a91
hash: a4531130c37cdadbbe4e916366162380c2facfe2
hash: 75b4178ee21ff11489361b9f2230138f3b93e46c56c2527d17074d5a031b6cf1
hash: 7034e0771068b8bb356fb577f7d5b488
hash: c2b7db6d23cd2df5c4f39e62582b353734183251
hash: d8355067c2d0b6d66ff821fa736dd929cc056f4232329e484774d851303666c7
hash: 25543a5746f9a767c835e8e6ebcb3189
hash: b8de97bf42cb4cfa0bf468d24df9615559c08422
hash: b993ffe4b599c0c3f3aa9ab917d2866f88297cc46e0702d3dbc405d46854fd88
hash: 35b4414e479e2cc7aff4d20d75b7b0f5
hash: fad1a5d4ef7e6f62ca9bab2667087a0083f4f7f7
hash: cf173d70cc6a9c9ebea6785cb37dc8f9485ed46a5bbead496ca2b6a0a2872a4f
hash: faebf99fcf44f223214717256eaeab4e
hash: 9445873fcab52cd000640f535439bbff9e595b71
hash: be2d19257ed33d735165ff45dbf64cc1f82660b39f26e1a046e9916b14ad45e1
hash: 9cd4a1bc54e137ad80a3e9a54c332f7c
hash: c4bd546881819d2b6fb0132cf635932e34d5b8c0
hash: 1ab483b14eba540ec7a1283d6a8228efc623db43efa59d627229d3385064d35b
hash: 35acaeebbcd497aeb296c6e6cda42743
hash: e850ab86b0823c8556c8d69e066c57b4a6bb05ab
hash: e7c30ad28271f6cd25745fe06ea3b01e1c5a50e3991a715fc9b843965e43af70
hash: 1eb81ba0300affbe3956e87d289d4252
hash: 8fc18735404940ae47cddfaeb1d5259bcb6de7e8
hash: ef6ce6a5f34ab55e4898cb9b895d9832d66f0b0c3757a4e446b42cf6967f7da8
hash: cf0a119aa90c4caabea0b310d68a15e8
hash: 5f94b58a666358336018ceaff8539cdbfece992b
hash: cc9bbdec4c55ecbdf47fb45e7386f500460edb29f477e11140dd35999098aab4
hash: 75ac66217fab820b521106a63cef8445
hash: 81ef220ffacbb6f0b18adf8a7f9d30ee145bf33b
hash: 67e69f4d9f3e406a05755b547750a15ab7245471a0193325fc755aac7efe68f7
hash: e226f9ac6b062ca0af4b2b75316de0f2
hash: 9e67cdcede17c12c1b18da6d4e8994ff7c41a3d9
hash: 7f31d970c25ffcbcd85fd512e9456a64ea9ced2312a37f628f1443f133beacf6
hash: 2570aa2d6bec5c5c98e55b776dd39fa0
hash: ada27ed2eed21562667ce9c4c8ca3712d2c194c7
hash: 4b1b9e1ed0efa52e4663f9247477c273166481fdd8e639cae35c4909de3566d9
hash: 50fc6559127c76fc8112f9dab70f1b8f
hash: d26a808bc0c4889458cef65bebdee44e85b82134
hash: 0e2d513b8d459d333ef0407d9ce027f586f8fd861bebee987e2137a07877cc1f
hash: 66516308445beefb68926d3ea061e8d7
hash: 363391fc602333c6fc1b305c4f8a4c762f985e45
hash: 807160cebe03f91eff7d454b9d4df36b81a929f0fa521d0500b472cb78b4263b
hash: 022c41be0bda02c3e0d557186e8a6c50
hash: 7a95f2352af65f179dbf0b3514fbdf338f497482
hash: 86a0bf1b269d3527831cb271f210b3f745262bf7149636bbb5c85db03d0fc508
hash: 5f193493db88390d40e025acc6d56198
hash: debcff99a2aeaeb745cc0e3e0a62a91a4c2d2e38
hash: 6b4ef1e6154069d6fabe151810017f7333dc41c8febbdcefc93c1d6358cfb278
hash: 249a7e5f1e1c3af2b97f6fd30ae62558
hash: 64e1c651e06ac7646922c109c77d4b0d0e5f3ab6
hash: 60d43ddff6cd33da3f52147994b29c4f9a993e8c1f32dba4c51b6667bcc4ef34
hash: 179ac1047c00229c3d041b042fccffa5
hash: 4adf523c428b27771468484ba3654e75e05f0f35
hash: 5036f6ed4ef84a20ece8e126eacb438ce082b345c68fc3286608f050cf8b896f
hash: 11e30f8c22f0582b5a529d6e3e7294c0
hash: d1acc17f5b9b4e5499854d7e618698de3b3e2651
hash: 0123140c6be19898d20e5eb72063af55090061abe5d0f220c0e4b26046e9ebe5
hash: 0e27b53656855ee10ca0263b19a63237
hash: d28eb65430abecbc6d969f5b60056a9f04fe9a32
hash: b7adc51025ca1c6503e0634a570b401cb947ceba42d440367790c976aa1c6578
hash: fb75b4572d6698c8febcad33a82b0851
hash: c1a163b7ade7ca2e051b8d63642875f8ded4b31c
hash: 56e3ac5f4be4a1ef51b87e1df3d940f7c8663e0f28842252790a422e29b6ad92
hash: e5cbfaac2c48fb375261fd5255a999b3
hash: b0fb2c2d4c986117dd33ef6b7e493cc7e3fe6774
hash: 2ab53c46843e0719823a65cdfd414e3fa202691165f2e75951d51d884d01bdd8
hash: 56d61c68ecb998dacaa3da6e3dd3611d
hash: 7bd52231171e19cbeda295fcef15f0a0adf1f14b
hash: 4c01725c8366f6efe1deeb4f7a718c1b0dca7e200c1a4fe8b12a2a52e234aeb1
hash: 879e77a29d0ed7f760a3f2ed83f87779
hash: bde7d5e9ac5beecb0c18bc5dadbbbd1f82c533d4
hash: f0138e6a4095c699a1db0af0d1f42fab5f60b4660b031b8db5e78fb766c6adcd
hash: 462604267b395dbaab27f28dae6ef9f1
hash: 536dc8a75acf5abe65604aaeddcf3ad3ae976205
hash: 55b3f55aebb932d892f2bc432c98413a0f81b5641b99911714bb3b413b834ce2
hash: 27b437c50ea1dc18927c9dd175f1d40f
hash: 01e2c19a0d2138e66c979979c1a67e4d46e4e245
hash: 810a793a997d62829d45fc8c28c6808b9303256c2e4a635af39e7e142b4e0c79
hash: 00036fbe5dceab7b0ca486e3f589a496
hash: e817d27f31c7494e86afe4a64b08459175556188
hash: 59a0e39ee85f0b91b458673811d6222a5cdd7ca36d6798ed9f3bc6f679478f92
hash: 7b13d4494a8483482f22330a5e4b5b66
hash: 585c921e67533afe4b576d2ed630e19db9502112
hash: cfae52c1076238959f0e15476aafdf094775c30f8627b6598167a6eded8d67aa
hash: c492a5e8596f42decb172ba9e38cc478
hash: ab721684c6bd15f25c910036b8c96a307a0e4d64
hash: c2a3b773038440c4d9ca129ac8ef6f9afe2bc279e2221a09e312d2a738aa6762
hash: c22c3acb5bdf0d66dd9a4c849fa0a894
hash: 450c9c37d5b262f7e0230c8235f0031d1f632b9b
hash: e716fecd4ed32d90b1c707da5b419c65a7e1d89b4e416ee69765a3729c1e3293
hash: 47293d99962eee46f45384ad95b77ef3
hash: 369224277ecacf96fcda6fcd69f90e84fe98f209
hash: 21665d2e3eba75d5046b86ed6196b84272d7a8020ecf4fcd8f4e85fb1a76344a
hash: 3904bde96ca576cf5824fcf237235fac
hash: dbe0861ef15875ef0f80e7dbf1eb1baca6b69bdb
hash: c54489a92df164c93de3ea2764e43f6ebee088f729318b41a97c58cdf73141a5
hash: d9364eaf2a9bddb813bff9a1caba6d8f
hash: 8a0f8fbc1553ab642f2b1a08a49914d932a243e2
hash: 7e938110c3e4158818ed547159cddd4ba70ebf6bd0ee471e5877c2cd00df417f
hash: a20549cc494317598f8bc7474709b396
hash: f640f35698716d1cee1ca34f0cf22658a4c3a52f
hash: c4780e33d7ab1bcd6304daede805b5ae0270c4aa8cea8823467e22697dd2f39b
hash: b99e63930e606f3be6fe9d91549c3189
hash: e242b871df8cbda146d657a6efd2696e2f477458
hash: c7ae3ef1f6321bbee623fc191d7708ed7d4208537ac76fffc925c997be3064fe
hash: 6f00a637e471650b1afc93f21bd6a050
hash: b98093cd0d4fefa05d4b46cc3a72078461069c7e
hash: 3e903c148364b388c2b0a169114854f885c4945e03a5ae023bc18d1bcaea0cad
hash: 42aa979f9af39fb092113434e0990002
hash: 28c3e1a2e0ee5f93b8805535ad5ec2a242021643
hash: 750f49cba0d3346f01a134285100b17de635e703306ecd2c808f93edef404741
hash: 23be339b732b225ca0ea89c57d93a60e
hash: b410c984416c51473b73970044117a59a59dd64f
hash: 3e375ccf690ffb190591945c540941b5c3f17b87c8de938fffd1661c3a84f367
hash: 069ac792037506df2d926ad53702e2f6
hash: a13f3eecec10667226a1eb93f9a63c299ba9c7d2
hash: 7c9fa211fe4e66b6d994c7e511bc4ddb177042298b0e5b39583c804cac6679c2
hash: 0b9cfeb38d4cb7fba777ca52faebc52c
hash: da7861286c803f7e3b1a13ab4b069e1bb5f36c9e
hash: a29916e76ae4fd981fcdc130eade83e8865bdc6a8d5cc15ef3a8cff42b2a0af1
hash: 05742241859eb55ff0ad69e2aedd8277
hash: b6f5fbafe39b635faa7421c2f5567b67d9c122b4
hash: 09492c8a5138c3c1f00d19fa2e1b798f271e2730d74e9de69e926d5c0a92f64e
hash: 0dbaee8bcc15e1b4b424d07e8a4b8e4d
hash: 9e85420f51104dfc42096e114895fae223459f4a
hash: 801477e66d99676b86bc589ba6b49451e6ce98570f13f9204b48d2bc04372b70
hash: 11609064f34537f722ed00513d9d89ac
hash: fc2b662059366f8a4ee1ed54f71940e44a3c3c6e
hash: 500896fbd343a7c713ddce1815d9827606edae3f81abf0fba68cb6b163ce0871
hash: bbfdb7f47559bfde4090b7c113c9d274
hash: 98c88ff395c1f2ea68b5b2c4ceeda4e9e9a2e595
hash: 01c29e84ad1a5fc1f2d16a93fee1c6386aecef1a99153eccaddbca54549befd3
hash: bc5543b39d89cda6832706948945f567
hash: ea2adfb211b8c8ca174b086f72f49eadbb00eaf1
hash: e63c3a07f3e99f3041c64537893189172179183347d1e4626649f5d987b47b51
hash: 9983e2fb72cbd03945a2ed305537e69c
hash: 9dedc0a5fca58ba3e54700a390299d3998e2fffb
hash: 01e97451a9983dda69144cab8fbf5a053eb012a94c89a14e3437ad66862bc3f5
hash: df1bad9247402617af66f1733b7351a9
domain: zivmar.or8anop5crew.ru
domain: tundev.or8anop5crew.ru
domain: kel3op.or8anop5crew.ru
domain: wosfir.or8anop5crew.ru
domain: barkom.b2ckfo0t.ru
domain: vex3il.b2ckfo0t.ru
file: 178.249.208.233
hash: 553
domain: mudlen.b2ckfo0t.ru
domain: sirvax.b2ckfo0t.ru
url: http://carkalashop.ir/aaa/receive.php
domain: hofqen.b2ckfo0t.ru
domain: naltiv.antip2th5ub.ru
domain: fexmor.antip2th5ub.ru
domain: jurqen.antip2th5ub.ru
domain: salbik.antip2th5ub.ru
domain: hev7om.antip2th5ub.ru
domain: tivqam.act0rpie7ce.ru
domain: jorxel.act0rpie7ce.ru
file: 185.107.74.29
hash: 80
domain: mabfin.act0rpie7ce.ru
domain: wuzhel.act0rpie7ce.ru
domain: ker9ip.act0rpie7ce.ru
domain: zulpex.ru5t1eview.ru
domain: ramqit.ru5t1eview.ru
domain: hovlen.ru5t1eview.ru
domain: pixdro.ru5t1eview.ru
domain: belv7a.ru5t1eview.ru
domain: farnuq.go1ogun0ow.ru
domain: joltex.go1ogun0ow.ru
domain: mizpar.go1ogun0ow.ru
file: 60.205.159.191
hash: 80
file: 186.169.56.67
hash: 2404
file: 45.61.150.185
hash: 8080
file: 57.158.26.42
hash: 8888
file: 83.97.20.118
hash: 443
file: 98.88.73.139
hash: 17778
file: 98.88.73.139
hash: 25278
domain: vul3en.go1ogun0ow.ru
domain: qestiv.go1ogun0ow.ru
domain: tramvi.s1aughttre5s.ru
domain: gosped.s1aughttre5s.ru
domain: werniq.s1aughttre5s.ru
domain: bal7ux.s1aughttre5s.ru
domain: clymor.s1aughttre5s.ru
url: http://87.121.84.181/catgirl.mips
domain: dexhul.che6u7therm.ru
url: http://192.168.139.137:6868/2zmd
domain: varqin.che6u7therm.ru
domain: mup3al.che6u7therm.ru
domain: selvot.che6u7therm.ru
domain: jibkar.che6u7therm.ru
domain: nulfer.be2vesati5t.ru
domain: 7mo.ydns.eu
domain: wawreal-42593.portmap.host
domain: qivsan.be2vesati5t.ru
domain: tarmex.be2vesati5t.ru
domain: hov3il.be2vesati5t.ru
domain: pelrud.be2vesati5t.ru
domain: zankor.re5cuestup1d.ru
domain: figmet.re5cuestup1d.ru
domain: druvin.re5cuestup1d.ru
domain: wosdal.re5cuestup1d.ru
file: 194.14.217.158
hash: 80
file: 154.44.9.22
hash: 81
file: 1.94.108.127
hash: 8081
file: 38.190.196.30
hash: 4444
domain: jem7iq.re5cuestup1d.ru
domain: kalvex.sa5imw2ter.ru
domain: moprin.sa5imw2ter.ru
domain: tursaq.sa5imw2ter.ru
domain: bel3oq.sa5imw2ter.ru
domain: sivhun.sa5imw2ter.ru
domain: garxit.den1mp7imad.ru
domain: nulqen.den1mp7imad.ru
file: 43.199.223.212
hash: 80
file: 38.60.250.74
hash: 8443
file: 89.124.66.149
hash: 9000
file: 37.60.242.221
hash: 80
file: 5.89.181.158
hash: 443
file: 47.243.155.154
hash: 4444
file: 139.144.78.41
hash: 3790
file: 54.146.3.251
hash: 2082
file: 185.109.216.74
hash: 80
file: 91.134.176.227
hash: 443
file: 185.116.193.105
hash: 443
file: 31.147.204.35
hash: 443
domain: fespov.den1mp7imad.ru
domain: tiblad.den1mp7imad.ru
domain: wom3er.den1mp7imad.ru
domain: cormiq.di5pl2yleft.ru
domain: jelvon.di5pl2yleft.ru
domain: pizlaq.di5pl2yleft.ru
file: 185.209.42.103
hash: 8888
file: 216.238.78.255
hash: 80
domain: mur7es.di5pl2yleft.ru
domain: valdek.di5pl2yleft.ru
file: 176.65.132.92
hash: 80
domain: daxlin.l0ckmu7derer.ru
domain: ferqom.l0ckmu7derer.ru
domain: holvas.l0ckmu7derer.ru
domain: zim3up.l0ckmu7derer.ru
domain: tubren.l0ckmu7derer.ru
domain: don9uix5car.ru
file: 104.248.190.86
hash: 8001
file: 64.225.126.78
hash: 8001
file: 165.22.203.121
hash: 8001
file: 165.22.197.180
hash: 8001
file: 206.189.162.214
hash: 8001
file: 138.68.160.226
hash: 8001
domain: h2ndlante7n.ru
domain: divi1nat4ent.ru
domain: mu1ticolop0r.ru
domain: 97aiol4v.bur9a5erious.ru
domain: 21zqurgr.bur9a5erious.ru
domain: cdn.macoloniedevacance.fr
file: 81.198.45.73
hash: 8808
file: 144.126.149.104
hash: 1000
file: 144.126.149.104
hash: 2000
file: 126.209.7.138
hash: 80
file: 49.232.168.10
hash: 9999
file: 187.207.81.194
hash: 3334
file: 103.236.68.232
hash: 3333
domain: h5trmznn.ga1axy5ubject.ru
domain: c8x20bua.ga1axy5ubject.ru
file: 212.11.64.41
hash: 32101
file: 158.94.210.63
hash: 9898
file: 167.71.25.237
hash: 8999
file: 37.72.169.130
hash: 8808
file: 206.189.36.146
hash: 9090
url: https://67ef004eb58d960eb348ede9041aef0c.fit
file: 119.28.43.204
hash: 4409
file: 206.119.174.15
hash: 6666
file: 206.119.174.15
hash: 8888
file: 162.43.87.24
hash: 443
file: 18.221.122.235
hash: 443
file: 138.199.222.6
hash: 80
file: 64.23.172.46
hash: 443
file: 185.254.52.79
hash: 83
file: 102.206.27.46
hash: 443
file: 167.71.110.80
hash: 443
file: 198.7.124.197
hash: 80
file: 13.58.101.213
hash: 80
domain: a24.nbdsnb2.top
domain: acc.cn.com
domain: alphatech.eu.com
domain: ipex.uk.com
domain: kanido.za.com
domain: newhdporn18.za.com
domain: vkdg.sa.com
domain: xhamster4.za.com
domain: 1yvpw8vd.b1ondefi1m.ru
domain: rxtypnpc.b1ondefi1m.ru
file: 154.222.27.138
hash: 443
file: 176.188.139.132
hash: 443
domain: r0tufsto.ga1axy5ubject.ru
domain: vmtx5s3r.ga1axy5ubject.ru
domain: ki2wz263.grivense7v2nt.ru
domain: gfdzv1z4.grivense7v2nt.ru
domain: hip.jpn.com
domain: sgejik4u.b0wra9uita.ru
domain: jz8ajli5.b0wra9uita.ru
domain: bdkb0.ru.com
file: 206.119.191.107
hash: 1688
domain: wt8v5i8e.g0dnau8hty.ru
domain: uqjahm83.g0dnau8hty.ru
file: 103.85.226.13
hash: 6667
file: 45.156.87.134
hash: 6006
file: 45.156.87.134
hash: 7777
file: 185.11.61.152
hash: 9000
file: 102.117.174.249
hash: 7443
file: 182.123.77.99
hash: 8888
domain: stechdaily.com
file: 41.251.120.254
hash: 443
file: 93.198.186.251
hash: 81
file: 206.189.236.65
hash: 443
file: 152.53.251.129
hash: 443
file: 84.247.160.134
hash: 443
file: 35.226.92.8
hash: 443
file: 201.249.59.30
hash: 80
file: 52.17.169.135
hash: 443
file: 150.95.27.35
hash: 443
file: 64.32.48.49
hash: 443
file: 18.119.94.147
hash: 80
file: 18.119.94.147
hash: 443
domain: z5q5sgxv.ed2kophtha1.ru
domain: 4jcqok7f.ed2kophtha1.ru
domain: qiei5qm5.fizzmantle.ru
domain: 016e3gbw.fizzmantle.ru
domain: 79zxno9i.sn1rlbucket.ru
domain: w0tsflfs.sn1rlbucket.ru
url: http://84.201.25.198/d038a0451b0e491c.php
domain: father-map.gl.at.ply.gg
domain: update.bdkb0.ru.com
domain: vertex.kanido.za.com
domain: vertex.vkdg.sa.com
domain: vertex.xhamster4.za.com
domain: vertex.newhdporn18.za.com
domain: vertex.acc.cn.com
domain: vertex.ipex.uk.com
file: 206.119.191.107
hash: 1699
file: 166.117.154.254
hash: 5140
file: 45.144.66.181
hash: 587
file: 61.143.184.9
hash: 19248
domain: y5oo3pq2.amberweld.ru
domain: ddey9vaf.amberweld.ru
domain: ejrf3qgs.v-0-rticlaw.ru
domain: 7k2f9gkp.v-0-rticlaw.ru
url: http://a1210273.xsph.ru/be7d5f26.php
domain: koz10.in.net
domain: koz5.in.net
domain: ctminioback.chatutor.com
domain: aadcdn.sentihey.dedyn.io
domain: tmstanker.testingweblink.com
domain: microsoft.sentihey.dedyn.io
file: 196.75.131.213
hash: 2222
file: 3.143.145.55
hash: 443
file: 150.95.27.35
hash: 80
domain: 3bi6uxbg.amber-weld.ru
domain: awqiq4uh.amber-weld.ru
url: http://bobrecurwarmumsworms.com:8080/updater?for=0aa6b9f07a5b27b2069c137c69ec91eb
url: http://217.156.122.82
domain: sf4j6gim.v0rticlaw.ru
domain: et6oehxk.v0rticlaw.ru
domain: zrc41ary.fizz-mantle.ru
domain: w0px98e7.fizz-mantle.ru
domain: pg44l5bl.quartzpunch.ru
domain: 5xk22scx.quartzpunch.ru

ThreatFox IOCs for 2025-12-26

Severity: medium

Type: malware

ThreatFox IOCs for 2025-12-26

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden

Indicators of Compromise

file: 103.176.23.5
hash: 3000
domain: mamonol.cyou
domain: nutlios.cyou
domain: remareq.cyou
domain: servict.cyou
domain: gleamus.cyou
domain: readyca.cyou
domain: scarleu.cyou
domain: treponj.cyou
file: 137.220.223.159
hash: 14994
file: 103.86.47.226
hash: 8080
domain: www.justformyeyes.com
file: 198.13.47.54
hash: 3333
file: 165.232.141.208
hash: 3333
url: http://130.12.180.20:30677/cat.sh
file: 38.190.196.30
hash: 8080
domain: morqet.b1uesgr2mp.ru
file: 95.85.239.180
hash: 9000
file: 77.120.165.2
hash: 80
file: 185.116.193.105
hash: 80
file: 178.79.182.67
hash: 80
file: 31.147.204.35
hash: 80
domain: gudrax.gu1detr2in.ru
domain: pelniv.gu1detr2in.ru
domain: tovqer.gu1detr2in.ru
domain: silmot.gu1detr2in.ru
domain: jax3um.gu1detr2in.ru
domain: hexvul.exh2ust8one.ru
domain: sorqin.exh2ust8one.ru
domain: vablot.exh2ust8one.ru
domain: muf3ed.exh2ust8one.ru
domain: dirzam.exh2ust8one.ru
domain: orqelx.or8anop5crew.ru
hash: a23c39b7b0fb8f6e3e614835b0969bf87e4dae1e
hash: 458c119a3b7fd9a59a26a9f0af3f6490f131d5d5a6a01f293b728645df9f50cc
hash: 2029a7514371ad92aed661c171836120
hash: 01a5d87b6a3bb0dce9b03bd4974c82d268ae76c4
hash: e1345fb134e131300974cc55448bdc0f547c13502a298496f0762e09fbe9be7a
hash: 1701eced369e4644e33f52e242fdfc61
hash: c2209bd8a27a6655682bc63dcf6be529d41e26a6
hash: cf9d3ba6a9a8771d398902e71e90000752e25c4dbe9aa86ad3c6f29a7d5c843d
hash: a2eef5aea3b07e5587f4afd98f2b6ab4
hash: 7bc0333cb116308de650ab36deed078fe5011b47
hash: e9f461c11e56ad687f2fc464022358050f4cd6f3526edec282da189316c4488e
hash: dfe01376ceba22e8e984094a0b7c0a91
hash: a4531130c37cdadbbe4e916366162380c2facfe2
hash: 75b4178ee21ff11489361b9f2230138f3b93e46c56c2527d17074d5a031b6cf1
hash: 7034e0771068b8bb356fb577f7d5b488
hash: c2b7db6d23cd2df5c4f39e62582b353734183251
hash: d8355067c2d0b6d66ff821fa736dd929cc056f4232329e484774d851303666c7
hash: 25543a5746f9a767c835e8e6ebcb3189
hash: b8de97bf42cb4cfa0bf468d24df9615559c08422
hash: b993ffe4b599c0c3f3aa9ab917d2866f88297cc46e0702d3dbc405d46854fd88
hash: 35b4414e479e2cc7aff4d20d75b7b0f5
hash: fad1a5d4ef7e6f62ca9bab2667087a0083f4f7f7
hash: cf173d70cc6a9c9ebea6785cb37dc8f9485ed46a5bbead496ca2b6a0a2872a4f
hash: faebf99fcf44f223214717256eaeab4e
hash: 9445873fcab52cd000640f535439bbff9e595b71
hash: be2d19257ed33d735165ff45dbf64cc1f82660b39f26e1a046e9916b14ad45e1
hash: 9cd4a1bc54e137ad80a3e9a54c332f7c
hash: c4bd546881819d2b6fb0132cf635932e34d5b8c0
hash: 1ab483b14eba540ec7a1283d6a8228efc623db43efa59d627229d3385064d35b
hash: 35acaeebbcd497aeb296c6e6cda42743
hash: e850ab86b0823c8556c8d69e066c57b4a6bb05ab
hash: e7c30ad28271f6cd25745fe06ea3b01e1c5a50e3991a715fc9b843965e43af70
hash: 1eb81ba0300affbe3956e87d289d4252
hash: 8fc18735404940ae47cddfaeb1d5259bcb6de7e8
hash: ef6ce6a5f34ab55e4898cb9b895d9832d66f0b0c3757a4e446b42cf6967f7da8
hash: cf0a119aa90c4caabea0b310d68a15e8
hash: 5f94b58a666358336018ceaff8539cdbfece992b
hash: cc9bbdec4c55ecbdf47fb45e7386f500460edb29f477e11140dd35999098aab4
hash: 75ac66217fab820b521106a63cef8445
hash: 81ef220ffacbb6f0b18adf8a7f9d30ee145bf33b
hash: 67e69f4d9f3e406a05755b547750a15ab7245471a0193325fc755aac7efe68f7
hash: e226f9ac6b062ca0af4b2b75316de0f2
hash: 9e67cdcede17c12c1b18da6d4e8994ff7c41a3d9
hash: 7f31d970c25ffcbcd85fd512e9456a64ea9ced2312a37f628f1443f133beacf6
hash: 2570aa2d6bec5c5c98e55b776dd39fa0
hash: ada27ed2eed21562667ce9c4c8ca3712d2c194c7
hash: 4b1b9e1ed0efa52e4663f9247477c273166481fdd8e639cae35c4909de3566d9
hash: 50fc6559127c76fc8112f9dab70f1b8f
hash: d26a808bc0c4889458cef65bebdee44e85b82134
hash: 0e2d513b8d459d333ef0407d9ce027f586f8fd861bebee987e2137a07877cc1f
hash: 66516308445beefb68926d3ea061e8d7
hash: 363391fc602333c6fc1b305c4f8a4c762f985e45
hash: 807160cebe03f91eff7d454b9d4df36b81a929f0fa521d0500b472cb78b4263b
hash: 022c41be0bda02c3e0d557186e8a6c50
hash: 7a95f2352af65f179dbf0b3514fbdf338f497482
hash: 86a0bf1b269d3527831cb271f210b3f745262bf7149636bbb5c85db03d0fc508
hash: 5f193493db88390d40e025acc6d56198
hash: debcff99a2aeaeb745cc0e3e0a62a91a4c2d2e38
hash: 6b4ef1e6154069d6fabe151810017f7333dc41c8febbdcefc93c1d6358cfb278
hash: 249a7e5f1e1c3af2b97f6fd30ae62558
hash: 64e1c651e06ac7646922c109c77d4b0d0e5f3ab6
hash: 60d43ddff6cd33da3f52147994b29c4f9a993e8c1f32dba4c51b6667bcc4ef34
hash: 179ac1047c00229c3d041b042fccffa5
hash: 4adf523c428b27771468484ba3654e75e05f0f35
hash: 5036f6ed4ef84a20ece8e126eacb438ce082b345c68fc3286608f050cf8b896f
hash: 11e30f8c22f0582b5a529d6e3e7294c0
hash: d1acc17f5b9b4e5499854d7e618698de3b3e2651
hash: 0123140c6be19898d20e5eb72063af55090061abe5d0f220c0e4b26046e9ebe5
hash: 0e27b53656855ee10ca0263b19a63237
hash: d28eb65430abecbc6d969f5b60056a9f04fe9a32
hash: b7adc51025ca1c6503e0634a570b401cb947ceba42d440367790c976aa1c6578
hash: fb75b4572d6698c8febcad33a82b0851
hash: c1a163b7ade7ca2e051b8d63642875f8ded4b31c
hash: 56e3ac5f4be4a1ef51b87e1df3d940f7c8663e0f28842252790a422e29b6ad92
hash: e5cbfaac2c48fb375261fd5255a999b3
hash: b0fb2c2d4c986117dd33ef6b7e493cc7e3fe6774
hash: 2ab53c46843e0719823a65cdfd414e3fa202691165f2e75951d51d884d01bdd8
hash: 56d61c68ecb998dacaa3da6e3dd3611d
hash: 7bd52231171e19cbeda295fcef15f0a0adf1f14b
hash: 4c01725c8366f6efe1deeb4f7a718c1b0dca7e200c1a4fe8b12a2a52e234aeb1
hash: 879e77a29d0ed7f760a3f2ed83f87779
hash: bde7d5e9ac5beecb0c18bc5dadbbbd1f82c533d4
hash: f0138e6a4095c699a1db0af0d1f42fab5f60b4660b031b8db5e78fb766c6adcd
hash: 462604267b395dbaab27f28dae6ef9f1
hash: 536dc8a75acf5abe65604aaeddcf3ad3ae976205
hash: 55b3f55aebb932d892f2bc432c98413a0f81b5641b99911714bb3b413b834ce2
hash: 27b437c50ea1dc18927c9dd175f1d40f
hash: 01e2c19a0d2138e66c979979c1a67e4d46e4e245
hash: 810a793a997d62829d45fc8c28c6808b9303256c2e4a635af39e7e142b4e0c79
hash: 00036fbe5dceab7b0ca486e3f589a496
hash: e817d27f31c7494e86afe4a64b08459175556188
hash: 59a0e39ee85f0b91b458673811d6222a5cdd7ca36d6798ed9f3bc6f679478f92
hash: 7b13d4494a8483482f22330a5e4b5b66
hash: 585c921e67533afe4b576d2ed630e19db9502112
hash: cfae52c1076238959f0e15476aafdf094775c30f8627b6598167a6eded8d67aa
hash: c492a5e8596f42decb172ba9e38cc478
hash: ab721684c6bd15f25c910036b8c96a307a0e4d64
hash: c2a3b773038440c4d9ca129ac8ef6f9afe2bc279e2221a09e312d2a738aa6762
hash: c22c3acb5bdf0d66dd9a4c849fa0a894
hash: 450c9c37d5b262f7e0230c8235f0031d1f632b9b
hash: e716fecd4ed32d90b1c707da5b419c65a7e1d89b4e416ee69765a3729c1e3293
hash: 47293d99962eee46f45384ad95b77ef3
hash: 369224277ecacf96fcda6fcd69f90e84fe98f209
hash: 21665d2e3eba75d5046b86ed6196b84272d7a8020ecf4fcd8f4e85fb1a76344a
hash: 3904bde96ca576cf5824fcf237235fac
hash: dbe0861ef15875ef0f80e7dbf1eb1baca6b69bdb
hash: c54489a92df164c93de3ea2764e43f6ebee088f729318b41a97c58cdf73141a5
hash: d9364eaf2a9bddb813bff9a1caba6d8f
hash: 8a0f8fbc1553ab642f2b1a08a49914d932a243e2
hash: 7e938110c3e4158818ed547159cddd4ba70ebf6bd0ee471e5877c2cd00df417f
hash: a20549cc494317598f8bc7474709b396
hash: f640f35698716d1cee1ca34f0cf22658a4c3a52f
hash: c4780e33d7ab1bcd6304daede805b5ae0270c4aa8cea8823467e22697dd2f39b
hash: b99e63930e606f3be6fe9d91549c3189
hash: e242b871df8cbda146d657a6efd2696e2f477458
hash: c7ae3ef1f6321bbee623fc191d7708ed7d4208537ac76fffc925c997be3064fe
hash: 6f00a637e471650b1afc93f21bd6a050
hash: b98093cd0d4fefa05d4b46cc3a72078461069c7e
hash: 3e903c148364b388c2b0a169114854f885c4945e03a5ae023bc18d1bcaea0cad
hash: 42aa979f9af39fb092113434e0990002
hash: 28c3e1a2e0ee5f93b8805535ad5ec2a242021643
hash: 750f49cba0d3346f01a134285100b17de635e703306ecd2c808f93edef404741
hash: 23be339b732b225ca0ea89c57d93a60e
hash: b410c984416c51473b73970044117a59a59dd64f
hash: 3e375ccf690ffb190591945c540941b5c3f17b87c8de938fffd1661c3a84f367
hash: 069ac792037506df2d926ad53702e2f6
hash: a13f3eecec10667226a1eb93f9a63c299ba9c7d2
hash: 7c9fa211fe4e66b6d994c7e511bc4ddb177042298b0e5b39583c804cac6679c2
hash: 0b9cfeb38d4cb7fba777ca52faebc52c
hash: da7861286c803f7e3b1a13ab4b069e1bb5f36c9e
hash: a29916e76ae4fd981fcdc130eade83e8865bdc6a8d5cc15ef3a8cff42b2a0af1
hash: 05742241859eb55ff0ad69e2aedd8277
hash: b6f5fbafe39b635faa7421c2f5567b67d9c122b4
hash: 09492c8a5138c3c1f00d19fa2e1b798f271e2730d74e9de69e926d5c0a92f64e
hash: 0dbaee8bcc15e1b4b424d07e8a4b8e4d
hash: 9e85420f51104dfc42096e114895fae223459f4a
hash: 801477e66d99676b86bc589ba6b49451e6ce98570f13f9204b48d2bc04372b70
hash: 11609064f34537f722ed00513d9d89ac
hash: fc2b662059366f8a4ee1ed54f71940e44a3c3c6e
hash: 500896fbd343a7c713ddce1815d9827606edae3f81abf0fba68cb6b163ce0871
hash: bbfdb7f47559bfde4090b7c113c9d274
hash: 98c88ff395c1f2ea68b5b2c4ceeda4e9e9a2e595
hash: 01c29e84ad1a5fc1f2d16a93fee1c6386aecef1a99153eccaddbca54549befd3
hash: bc5543b39d89cda6832706948945f567
hash: ea2adfb211b8c8ca174b086f72f49eadbb00eaf1
hash: e63c3a07f3e99f3041c64537893189172179183347d1e4626649f5d987b47b51
hash: 9983e2fb72cbd03945a2ed305537e69c
hash: 9dedc0a5fca58ba3e54700a390299d3998e2fffb
hash: 01e97451a9983dda69144cab8fbf5a053eb012a94c89a14e3437ad66862bc3f5
hash: df1bad9247402617af66f1733b7351a9
domain: zivmar.or8anop5crew.ru
domain: tundev.or8anop5crew.ru
domain: kel3op.or8anop5crew.ru
domain: wosfir.or8anop5crew.ru
domain: barkom.b2ckfo0t.ru
domain: vex3il.b2ckfo0t.ru
file: 178.249.208.233
hash: 553
domain: mudlen.b2ckfo0t.ru
domain: sirvax.b2ckfo0t.ru
url: http://carkalashop.ir/aaa/receive.php
domain: hofqen.b2ckfo0t.ru
domain: naltiv.antip2th5ub.ru
domain: fexmor.antip2th5ub.ru
domain: jurqen.antip2th5ub.ru
domain: salbik.antip2th5ub.ru
domain: hev7om.antip2th5ub.ru
domain: tivqam.act0rpie7ce.ru
domain: jorxel.act0rpie7ce.ru
file: 185.107.74.29
hash: 80
domain: mabfin.act0rpie7ce.ru
domain: wuzhel.act0rpie7ce.ru
domain: ker9ip.act0rpie7ce.ru
domain: zulpex.ru5t1eview.ru
domain: ramqit.ru5t1eview.ru
domain: hovlen.ru5t1eview.ru
domain: pixdro.ru5t1eview.ru
domain: belv7a.ru5t1eview.ru
domain: farnuq.go1ogun0ow.ru
domain: joltex.go1ogun0ow.ru
domain: mizpar.go1ogun0ow.ru
file: 60.205.159.191
hash: 80
file: 186.169.56.67
hash: 2404
file: 45.61.150.185
hash: 8080
file: 57.158.26.42
hash: 8888
file: 83.97.20.118
hash: 443
file: 98.88.73.139
hash: 17778
file: 98.88.73.139
hash: 25278
domain: vul3en.go1ogun0ow.ru
domain: qestiv.go1ogun0ow.ru
domain: tramvi.s1aughttre5s.ru
domain: gosped.s1aughttre5s.ru
domain: werniq.s1aughttre5s.ru
domain: bal7ux.s1aughttre5s.ru
domain: clymor.s1aughttre5s.ru
url: http://87.121.84.181/catgirl.mips
domain: dexhul.che6u7therm.ru
url: http://192.168.139.137:6868/2zmd
domain: varqin.che6u7therm.ru
domain: mup3al.che6u7therm.ru
domain: selvot.che6u7therm.ru
domain: jibkar.che6u7therm.ru
domain: nulfer.be2vesati5t.ru
domain: 7mo.ydns.eu
domain: wawreal-42593.portmap.host
domain: qivsan.be2vesati5t.ru
domain: tarmex.be2vesati5t.ru
domain: hov3il.be2vesati5t.ru
domain: pelrud.be2vesati5t.ru
domain: zankor.re5cuestup1d.ru
domain: figmet.re5cuestup1d.ru
domain: druvin.re5cuestup1d.ru
domain: wosdal.re5cuestup1d.ru
file: 194.14.217.158
hash: 80
file: 154.44.9.22
hash: 81
file: 1.94.108.127
hash: 8081
file: 38.190.196.30
hash: 4444
domain: jem7iq.re5cuestup1d.ru
domain: kalvex.sa5imw2ter.ru
domain: moprin.sa5imw2ter.ru
domain: tursaq.sa5imw2ter.ru
domain: bel3oq.sa5imw2ter.ru
domain: sivhun.sa5imw2ter.ru
domain: garxit.den1mp7imad.ru
domain: nulqen.den1mp7imad.ru
file: 43.199.223.212
hash: 80
file: 38.60.250.74
hash: 8443
file: 89.124.66.149
hash: 9000
file: 37.60.242.221
hash: 80
file: 5.89.181.158
hash: 443
file: 47.243.155.154
hash: 4444
file: 139.144.78.41
hash: 3790
file: 54.146.3.251
hash: 2082
file: 185.109.216.74
hash: 80
file: 91.134.176.227
hash: 443
file: 185.116.193.105
hash: 443
file: 31.147.204.35
hash: 443
domain: fespov.den1mp7imad.ru
domain: tiblad.den1mp7imad.ru
domain: wom3er.den1mp7imad.ru
domain: cormiq.di5pl2yleft.ru
domain: jelvon.di5pl2yleft.ru
domain: pizlaq.di5pl2yleft.ru
file: 185.209.42.103
hash: 8888
file: 216.238.78.255
hash: 80
domain: mur7es.di5pl2yleft.ru
domain: valdek.di5pl2yleft.ru
file: 176.65.132.92
hash: 80
domain: daxlin.l0ckmu7derer.ru
domain: ferqom.l0ckmu7derer.ru
domain: holvas.l0ckmu7derer.ru
domain: zim3up.l0ckmu7derer.ru
domain: tubren.l0ckmu7derer.ru
domain: don9uix5car.ru
file: 104.248.190.86
hash: 8001
file: 64.225.126.78
hash: 8001
file: 165.22.203.121
hash: 8001
file: 165.22.197.180
hash: 8001
file: 206.189.162.214
hash: 8001
file: 138.68.160.226
hash: 8001
domain: h2ndlante7n.ru
domain: divi1nat4ent.ru
domain: mu1ticolop0r.ru
domain: 97aiol4v.bur9a5erious.ru
domain: 21zqurgr.bur9a5erious.ru
domain: cdn.macoloniedevacance.fr
file: 81.198.45.73
hash: 8808
file: 144.126.149.104
hash: 1000
file: 144.126.149.104
hash: 2000
file: 126.209.7.138
hash: 80
file: 49.232.168.10
hash: 9999
file: 187.207.81.194
hash: 3334
file: 103.236.68.232
hash: 3333
domain: h5trmznn.ga1axy5ubject.ru
domain: c8x20bua.ga1axy5ubject.ru
file: 212.11.64.41
hash: 32101
file: 158.94.210.63
hash: 9898
file: 167.71.25.237
hash: 8999
file: 37.72.169.130
hash: 8808
file: 206.189.36.146
hash: 9090
url: https://67ef004eb58d960eb348ede9041aef0c.fit
file: 119.28.43.204
hash: 4409
file: 206.119.174.15
hash: 6666
file: 206.119.174.15
hash: 8888
file: 162.43.87.24
hash: 443
file: 18.221.122.235
hash: 443
file: 138.199.222.6
hash: 80
file: 64.23.172.46
hash: 443
file: 185.254.52.79
hash: 83
file: 102.206.27.46
hash: 443
file: 167.71.110.80
hash: 443
file: 198.7.124.197
hash: 80
file: 13.58.101.213
hash: 80
domain: a24.nbdsnb2.top
domain: acc.cn.com
domain: alphatech.eu.com
domain: ipex.uk.com
domain: kanido.za.com
domain: newhdporn18.za.com
domain: vkdg.sa.com
domain: xhamster4.za.com
domain: 1yvpw8vd.b1ondefi1m.ru
domain: rxtypnpc.b1ondefi1m.ru
file: 154.222.27.138
hash: 443
file: 176.188.139.132
hash: 443
domain: r0tufsto.ga1axy5ubject.ru
domain: vmtx5s3r.ga1axy5ubject.ru
domain: ki2wz263.grivense7v2nt.ru
domain: gfdzv1z4.grivense7v2nt.ru
domain: hip.jpn.com
domain: sgejik4u.b0wra9uita.ru
domain: jz8ajli5.b0wra9uita.ru
domain: bdkb0.ru.com
file: 206.119.191.107
hash: 1688
domain: wt8v5i8e.g0dnau8hty.ru
domain: uqjahm83.g0dnau8hty.ru
file: 103.85.226.13
hash: 6667
file: 45.156.87.134
hash: 6006
file: 45.156.87.134
hash: 7777
file: 185.11.61.152
hash: 9000
file: 102.117.174.249
hash: 7443
file: 182.123.77.99
hash: 8888
domain: stechdaily.com
file: 41.251.120.254
hash: 443
file: 93.198.186.251
hash: 81
file: 206.189.236.65
hash: 443
file: 152.53.251.129
hash: 443
file: 84.247.160.134
hash: 443
file: 35.226.92.8
hash: 443
file: 201.249.59.30
hash: 80
file: 52.17.169.135
hash: 443
file: 150.95.27.35
hash: 443
file: 64.32.48.49
hash: 443
file: 18.119.94.147
hash: 80
file: 18.119.94.147
hash: 443
domain: z5q5sgxv.ed2kophtha1.ru
domain: 4jcqok7f.ed2kophtha1.ru
domain: qiei5qm5.fizzmantle.ru
domain: 016e3gbw.fizzmantle.ru
domain: 79zxno9i.sn1rlbucket.ru
domain: w0tsflfs.sn1rlbucket.ru
url: http://84.201.25.198/d038a0451b0e491c.php
domain: father-map.gl.at.ply.gg
domain: update.bdkb0.ru.com
domain: vertex.kanido.za.com
domain: vertex.vkdg.sa.com
domain: vertex.xhamster4.za.com
domain: vertex.newhdporn18.za.com
domain: vertex.acc.cn.com
domain: vertex.ipex.uk.com
file: 206.119.191.107
hash: 1699
file: 166.117.154.254
hash: 5140
file: 45.144.66.181
hash: 587
file: 61.143.184.9
hash: 19248
domain: y5oo3pq2.amberweld.ru
domain: ddey9vaf.amberweld.ru
domain: ejrf3qgs.v-0-rticlaw.ru
domain: 7k2f9gkp.v-0-rticlaw.ru
url: http://a1210273.xsph.ru/be7d5f26.php
domain: koz10.in.net
domain: koz5.in.net
domain: ctminioback.chatutor.com
domain: aadcdn.sentihey.dedyn.io
domain: tmstanker.testingweblink.com
domain: microsoft.sentihey.dedyn.io
file: 196.75.131.213
hash: 2222
file: 3.143.145.55
hash: 443
file: 150.95.27.35
hash: 80
domain: 3bi6uxbg.amber-weld.ru
domain: awqiq4uh.amber-weld.ru
url: http://bobrecurwarmumsworms.com:8080/updater?for=0aa6b9f07a5b27b2069c137c69ec91eb
url: http://217.156.122.82
domain: sf4j6gim.v0rticlaw.ru
domain: et6oehxk.v0rticlaw.ru
domain: zrc41ary.fizz-mantle.ru
domain: w0px98e7.fizz-mantle.ru
domain: pg44l5bl.quartzpunch.ru
domain: 5xk22scx.quartzpunch.ru

Source: ThreatFox MISP Feed

Published: Fri Dec 26 2025

ThreatFox IOCs for 2025-12-26

Medium

Malwaretype:osint tlp:white

Published: Fri Dec 26 2025 (12/26/2025, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2025-12-26

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 12/27/2025, 00:24:37 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: cd69c6e9-7c5e-4aa5-8cf8-06581794ad3d
Original Timestamp: 1766793786

Indicators of Compromise

File

Value	Description	Copy
file103.176.23.5	Unknown Stealer botnet C2 server (confidence level: 100%)
file137.220.223.159	Ghost RAT botnet C2 server (confidence level: 75%)
file103.86.47.226	Ghost RAT botnet C2 server (confidence level: 75%)
file198.13.47.54	Unknown malware botnet C2 server (confidence level: 100%)
file165.232.141.208	Unknown malware botnet C2 server (confidence level: 100%)
file38.190.196.30	Cobalt Strike botnet C2 server (confidence level: 100%)
file95.85.239.180	SectopRAT botnet C2 server (confidence level: 100%)
file77.120.165.2	Unknown malware botnet C2 server (confidence level: 100%)
file185.116.193.105	Unknown malware botnet C2 server (confidence level: 100%)
file178.79.182.67	Unknown malware botnet C2 server (confidence level: 100%)
file31.147.204.35	Unknown malware botnet C2 server (confidence level: 100%)
file178.249.208.233	ValleyRAT botnet C2 server (confidence level: 100%)
file185.107.74.29	Stealc botnet C2 server (confidence level: 100%)
file60.205.159.191	Cobalt Strike botnet C2 server (confidence level: 100%)
file186.169.56.67	Remcos botnet C2 server (confidence level: 100%)
file45.61.150.185	Sliver botnet C2 server (confidence level: 100%)
file57.158.26.42	Unknown malware botnet C2 server (confidence level: 100%)
file83.97.20.118	Havoc botnet C2 server (confidence level: 100%)
file98.88.73.139	Meterpreter botnet C2 server (confidence level: 100%)
file98.88.73.139	Meterpreter botnet C2 server (confidence level: 100%)
file194.14.217.158	Cobalt Strike botnet C2 server (confidence level: 100%)
file154.44.9.22	Cobalt Strike botnet C2 server (confidence level: 100%)
file1.94.108.127	Cobalt Strike botnet C2 server (confidence level: 100%)
file38.190.196.30	Cobalt Strike botnet C2 server (confidence level: 100%)
file43.199.223.212	Ghost RAT botnet C2 server (confidence level: 100%)
file38.60.250.74	ShadowPad botnet C2 server (confidence level: 90%)
file89.124.66.149	SectopRAT botnet C2 server (confidence level: 100%)
file37.60.242.221	Hook botnet C2 server (confidence level: 100%)
file5.89.181.158	Unknown malware botnet C2 server (confidence level: 100%)
file47.243.155.154	AdaptixC2 botnet C2 server (confidence level: 100%)
file139.144.78.41	Meterpreter botnet C2 server (confidence level: 100%)
file54.146.3.251	Meterpreter botnet C2 server (confidence level: 100%)
file185.109.216.74	Unknown malware botnet C2 server (confidence level: 100%)
file91.134.176.227	Unknown malware botnet C2 server (confidence level: 100%)
file185.116.193.105	Unknown malware botnet C2 server (confidence level: 100%)
file31.147.204.35	Unknown malware botnet C2 server (confidence level: 100%)
file185.209.42.103	Sliver botnet C2 server (confidence level: 75%)
file216.238.78.255	BianLian botnet C2 server (confidence level: 75%)
file176.65.132.92	Stealc botnet C2 server (confidence level: 100%)
file104.248.190.86	Aisuru botnet C2 server (confidence level: 75%)
file64.225.126.78	Aisuru botnet C2 server (confidence level: 75%)
file165.22.203.121	Aisuru botnet C2 server (confidence level: 75%)
file165.22.197.180	Aisuru botnet C2 server (confidence level: 75%)
file206.189.162.214	Aisuru botnet C2 server (confidence level: 75%)
file138.68.160.226	Aisuru botnet C2 server (confidence level: 75%)
file81.198.45.73	AsyncRAT botnet C2 server (confidence level: 100%)
file144.126.149.104	AsyncRAT botnet C2 server (confidence level: 100%)
file144.126.149.104	AsyncRAT botnet C2 server (confidence level: 100%)
file126.209.7.138	Unknown malware botnet C2 server (confidence level: 100%)
file49.232.168.10	Unknown malware botnet C2 server (confidence level: 100%)
file187.207.81.194	Unknown malware botnet C2 server (confidence level: 100%)
file103.236.68.232	Unknown malware botnet C2 server (confidence level: 100%)
file212.11.64.41	XWorm botnet C2 server (confidence level: 100%)
file158.94.210.63	Remcos botnet C2 server (confidence level: 100%)
file167.71.25.237	Sliver botnet C2 server (confidence level: 100%)
file37.72.169.130	AsyncRAT botnet C2 server (confidence level: 100%)
file206.189.36.146	Venom RAT botnet C2 server (confidence level: 100%)
file119.28.43.204	ValleyRAT botnet C2 server (confidence level: 100%)
file206.119.174.15	ValleyRAT botnet C2 server (confidence level: 100%)
file206.119.174.15	ValleyRAT botnet C2 server (confidence level: 100%)
file162.43.87.24	Unknown malware botnet C2 server (confidence level: 100%)
file18.221.122.235	Unknown malware botnet C2 server (confidence level: 100%)
file138.199.222.6	Unknown malware botnet C2 server (confidence level: 100%)
file64.23.172.46	Unknown malware botnet C2 server (confidence level: 100%)
file185.254.52.79	Unknown malware botnet C2 server (confidence level: 100%)
file102.206.27.46	Unknown malware botnet C2 server (confidence level: 100%)
file167.71.110.80	Unknown malware botnet C2 server (confidence level: 100%)
file198.7.124.197	Unknown malware botnet C2 server (confidence level: 100%)
file13.58.101.213	Unknown malware botnet C2 server (confidence level: 100%)
file154.222.27.138	Meterpreter botnet C2 server (confidence level: 75%)
file176.188.139.132	Cobalt Strike botnet C2 server (confidence level: 75%)
file206.119.191.107	ValleyRAT botnet C2 server (confidence level: 100%)
file103.85.226.13	Sliver botnet C2 server (confidence level: 100%)
file45.156.87.134	AsyncRAT botnet C2 server (confidence level: 100%)
file45.156.87.134	AsyncRAT botnet C2 server (confidence level: 100%)
file185.11.61.152	SectopRAT botnet C2 server (confidence level: 100%)
file102.117.174.249	Unknown malware botnet C2 server (confidence level: 100%)
file182.123.77.99	Quasar RAT botnet C2 server (confidence level: 100%)
file41.251.120.254	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file93.198.186.251	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file206.189.236.65	Unknown malware botnet C2 server (confidence level: 100%)
file152.53.251.129	Unknown malware botnet C2 server (confidence level: 100%)
file84.247.160.134	Unknown malware botnet C2 server (confidence level: 100%)
file35.226.92.8	Unknown malware botnet C2 server (confidence level: 100%)
file201.249.59.30	Unknown malware botnet C2 server (confidence level: 100%)
file52.17.169.135	Unknown malware botnet C2 server (confidence level: 100%)
file150.95.27.35	Unknown malware botnet C2 server (confidence level: 100%)
file64.32.48.49	Unknown malware botnet C2 server (confidence level: 100%)
file18.119.94.147	Unknown malware botnet C2 server (confidence level: 100%)
file18.119.94.147	Unknown malware botnet C2 server (confidence level: 100%)
file206.119.191.107	ValleyRAT botnet C2 server (confidence level: 100%)
file166.117.154.254	DeimosC2 botnet C2 server (confidence level: 75%)
file45.144.66.181	DeimosC2 botnet C2 server (confidence level: 75%)
file61.143.184.9	DeimosC2 botnet C2 server (confidence level: 75%)
file196.75.131.213	Meterpreter botnet C2 server (confidence level: 100%)
file3.143.145.55	Unknown malware botnet C2 server (confidence level: 100%)
file150.95.27.35	Unknown malware botnet C2 server (confidence level: 100%)

Hash

Value	Description	Copy
hash3000	Unknown Stealer botnet C2 server (confidence level: 100%)
hash14994	Ghost RAT botnet C2 server (confidence level: 75%)
hash8080	Ghost RAT botnet C2 server (confidence level: 75%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hasha23c39b7b0fb8f6e3e614835b0969bf87e4dae1e	Agent Tesla payload (confidence level: 95%)
hash458c119a3b7fd9a59a26a9f0af3f6490f131d5d5a6a01f293b728645df9f50cc	Agent Tesla payload (confidence level: 95%)
hash2029a7514371ad92aed661c171836120	Agent Tesla payload (confidence level: 95%)
hash01a5d87b6a3bb0dce9b03bd4974c82d268ae76c4	Agent Tesla payload (confidence level: 95%)
hashe1345fb134e131300974cc55448bdc0f547c13502a298496f0762e09fbe9be7a	Agent Tesla payload (confidence level: 95%)
hash1701eced369e4644e33f52e242fdfc61	Agent Tesla payload (confidence level: 95%)
hashc2209bd8a27a6655682bc63dcf6be529d41e26a6	Agent Tesla payload (confidence level: 95%)
hashcf9d3ba6a9a8771d398902e71e90000752e25c4dbe9aa86ad3c6f29a7d5c843d	Agent Tesla payload (confidence level: 95%)
hasha2eef5aea3b07e5587f4afd98f2b6ab4	Agent Tesla payload (confidence level: 95%)
hash7bc0333cb116308de650ab36deed078fe5011b47	Agent Tesla payload (confidence level: 95%)
hashe9f461c11e56ad687f2fc464022358050f4cd6f3526edec282da189316c4488e	Agent Tesla payload (confidence level: 95%)
hashdfe01376ceba22e8e984094a0b7c0a91	Agent Tesla payload (confidence level: 95%)
hasha4531130c37cdadbbe4e916366162380c2facfe2	Agent Tesla payload (confidence level: 95%)
hash75b4178ee21ff11489361b9f2230138f3b93e46c56c2527d17074d5a031b6cf1	Agent Tesla payload (confidence level: 95%)
hash7034e0771068b8bb356fb577f7d5b488	Agent Tesla payload (confidence level: 95%)
hashc2b7db6d23cd2df5c4f39e62582b353734183251	GCleaner payload (confidence level: 95%)
hashd8355067c2d0b6d66ff821fa736dd929cc056f4232329e484774d851303666c7	GCleaner payload (confidence level: 95%)
hash25543a5746f9a767c835e8e6ebcb3189	GCleaner payload (confidence level: 95%)
hashb8de97bf42cb4cfa0bf468d24df9615559c08422	RadRAT payload (confidence level: 95%)
hashb993ffe4b599c0c3f3aa9ab917d2866f88297cc46e0702d3dbc405d46854fd88	RadRAT payload (confidence level: 95%)
hash35b4414e479e2cc7aff4d20d75b7b0f5	RadRAT payload (confidence level: 95%)
hashfad1a5d4ef7e6f62ca9bab2667087a0083f4f7f7	GCleaner payload (confidence level: 95%)
hashcf173d70cc6a9c9ebea6785cb37dc8f9485ed46a5bbead496ca2b6a0a2872a4f	GCleaner payload (confidence level: 95%)
hashfaebf99fcf44f223214717256eaeab4e	GCleaner payload (confidence level: 95%)
hash9445873fcab52cd000640f535439bbff9e595b71	RemoteAdmin payload (confidence level: 95%)
hashbe2d19257ed33d735165ff45dbf64cc1f82660b39f26e1a046e9916b14ad45e1	RemoteAdmin payload (confidence level: 95%)
hash9cd4a1bc54e137ad80a3e9a54c332f7c	RemoteAdmin payload (confidence level: 95%)
hashc4bd546881819d2b6fb0132cf635932e34d5b8c0	RemoteAdmin payload (confidence level: 95%)
hash1ab483b14eba540ec7a1283d6a8228efc623db43efa59d627229d3385064d35b	RemoteAdmin payload (confidence level: 95%)
hash35acaeebbcd497aeb296c6e6cda42743	RemoteAdmin payload (confidence level: 95%)
hashe850ab86b0823c8556c8d69e066c57b4a6bb05ab	Quasar RAT payload (confidence level: 95%)
hashe7c30ad28271f6cd25745fe06ea3b01e1c5a50e3991a715fc9b843965e43af70	Quasar RAT payload (confidence level: 95%)
hash1eb81ba0300affbe3956e87d289d4252	Quasar RAT payload (confidence level: 95%)
hash8fc18735404940ae47cddfaeb1d5259bcb6de7e8	Vidar payload (confidence level: 95%)
hashef6ce6a5f34ab55e4898cb9b895d9832d66f0b0c3757a4e446b42cf6967f7da8	Vidar payload (confidence level: 95%)
hashcf0a119aa90c4caabea0b310d68a15e8	Vidar payload (confidence level: 95%)
hash5f94b58a666358336018ceaff8539cdbfece992b	RemoteAdmin payload (confidence level: 95%)
hashcc9bbdec4c55ecbdf47fb45e7386f500460edb29f477e11140dd35999098aab4	RemoteAdmin payload (confidence level: 95%)
hash75ac66217fab820b521106a63cef8445	RemoteAdmin payload (confidence level: 95%)
hash81ef220ffacbb6f0b18adf8a7f9d30ee145bf33b	Vidar payload (confidence level: 95%)
hash67e69f4d9f3e406a05755b547750a15ab7245471a0193325fc755aac7efe68f7	Vidar payload (confidence level: 95%)
hashe226f9ac6b062ca0af4b2b75316de0f2	Vidar payload (confidence level: 95%)
hash9e67cdcede17c12c1b18da6d4e8994ff7c41a3d9	Stealc payload (confidence level: 95%)
hash7f31d970c25ffcbcd85fd512e9456a64ea9ced2312a37f628f1443f133beacf6	Stealc payload (confidence level: 95%)
hash2570aa2d6bec5c5c98e55b776dd39fa0	Stealc payload (confidence level: 95%)
hashada27ed2eed21562667ce9c4c8ca3712d2c194c7	Stealc payload (confidence level: 95%)
hash4b1b9e1ed0efa52e4663f9247477c273166481fdd8e639cae35c4909de3566d9	Stealc payload (confidence level: 95%)
hash50fc6559127c76fc8112f9dab70f1b8f	Stealc payload (confidence level: 95%)
hashd26a808bc0c4889458cef65bebdee44e85b82134	Vidar payload (confidence level: 95%)
hash0e2d513b8d459d333ef0407d9ce027f586f8fd861bebee987e2137a07877cc1f	Vidar payload (confidence level: 95%)
hash66516308445beefb68926d3ea061e8d7	Vidar payload (confidence level: 95%)
hash363391fc602333c6fc1b305c4f8a4c762f985e45	Vidar payload (confidence level: 95%)
hash807160cebe03f91eff7d454b9d4df36b81a929f0fa521d0500b472cb78b4263b	Vidar payload (confidence level: 95%)
hash022c41be0bda02c3e0d557186e8a6c50	Vidar payload (confidence level: 95%)
hash7a95f2352af65f179dbf0b3514fbdf338f497482	SalatStealer payload (confidence level: 95%)
hash86a0bf1b269d3527831cb271f210b3f745262bf7149636bbb5c85db03d0fc508	SalatStealer payload (confidence level: 95%)
hash5f193493db88390d40e025acc6d56198	SalatStealer payload (confidence level: 95%)
hashdebcff99a2aeaeb745cc0e3e0a62a91a4c2d2e38	Vidar payload (confidence level: 95%)
hash6b4ef1e6154069d6fabe151810017f7333dc41c8febbdcefc93c1d6358cfb278	Vidar payload (confidence level: 95%)
hash249a7e5f1e1c3af2b97f6fd30ae62558	Vidar payload (confidence level: 95%)
hash64e1c651e06ac7646922c109c77d4b0d0e5f3ab6	Stealc payload (confidence level: 95%)
hash60d43ddff6cd33da3f52147994b29c4f9a993e8c1f32dba4c51b6667bcc4ef34	Stealc payload (confidence level: 95%)
hash179ac1047c00229c3d041b042fccffa5	Stealc payload (confidence level: 95%)
hash4adf523c428b27771468484ba3654e75e05f0f35	NjRAT payload (confidence level: 95%)
hash5036f6ed4ef84a20ece8e126eacb438ce082b345c68fc3286608f050cf8b896f	NjRAT payload (confidence level: 95%)
hash11e30f8c22f0582b5a529d6e3e7294c0	NjRAT payload (confidence level: 95%)
hashd1acc17f5b9b4e5499854d7e618698de3b3e2651	Coinminer payload (confidence level: 95%)
hash0123140c6be19898d20e5eb72063af55090061abe5d0f220c0e4b26046e9ebe5	Coinminer payload (confidence level: 95%)
hash0e27b53656855ee10ca0263b19a63237	Coinminer payload (confidence level: 95%)
hashd28eb65430abecbc6d969f5b60056a9f04fe9a32	Luca Stealer payload (confidence level: 95%)
hashb7adc51025ca1c6503e0634a570b401cb947ceba42d440367790c976aa1c6578	Luca Stealer payload (confidence level: 95%)
hashfb75b4572d6698c8febcad33a82b0851	Luca Stealer payload (confidence level: 95%)
hashc1a163b7ade7ca2e051b8d63642875f8ded4b31c	Amatera payload (confidence level: 95%)
hash56e3ac5f4be4a1ef51b87e1df3d940f7c8663e0f28842252790a422e29b6ad92	Amatera payload (confidence level: 95%)
hashe5cbfaac2c48fb375261fd5255a999b3	Amatera payload (confidence level: 95%)
hashb0fb2c2d4c986117dd33ef6b7e493cc7e3fe6774	Remcos payload (confidence level: 95%)
hash2ab53c46843e0719823a65cdfd414e3fa202691165f2e75951d51d884d01bdd8	Remcos payload (confidence level: 95%)
hash56d61c68ecb998dacaa3da6e3dd3611d	Remcos payload (confidence level: 95%)
hash7bd52231171e19cbeda295fcef15f0a0adf1f14b	Aurora Stealer payload (confidence level: 95%)
hash4c01725c8366f6efe1deeb4f7a718c1b0dca7e200c1a4fe8b12a2a52e234aeb1	Aurora Stealer payload (confidence level: 95%)
hash879e77a29d0ed7f760a3f2ed83f87779	Aurora Stealer payload (confidence level: 95%)
hashbde7d5e9ac5beecb0c18bc5dadbbbd1f82c533d4	ValleyRAT payload (confidence level: 95%)
hashf0138e6a4095c699a1db0af0d1f42fab5f60b4660b031b8db5e78fb766c6adcd	ValleyRAT payload (confidence level: 95%)
hash462604267b395dbaab27f28dae6ef9f1	ValleyRAT payload (confidence level: 95%)
hash536dc8a75acf5abe65604aaeddcf3ad3ae976205	Luca Stealer payload (confidence level: 95%)
hash55b3f55aebb932d892f2bc432c98413a0f81b5641b99911714bb3b413b834ce2	Luca Stealer payload (confidence level: 95%)
hash27b437c50ea1dc18927c9dd175f1d40f	Luca Stealer payload (confidence level: 95%)
hash01e2c19a0d2138e66c979979c1a67e4d46e4e245	StrelaStealer payload (confidence level: 95%)
hash810a793a997d62829d45fc8c28c6808b9303256c2e4a635af39e7e142b4e0c79	StrelaStealer payload (confidence level: 95%)
hash00036fbe5dceab7b0ca486e3f589a496	StrelaStealer payload (confidence level: 95%)
hashe817d27f31c7494e86afe4a64b08459175556188	Merlin payload (confidence level: 95%)
hash59a0e39ee85f0b91b458673811d6222a5cdd7ca36d6798ed9f3bc6f679478f92	Merlin payload (confidence level: 95%)
hash7b13d4494a8483482f22330a5e4b5b66	Merlin payload (confidence level: 95%)
hash585c921e67533afe4b576d2ed630e19db9502112	Merlin payload (confidence level: 95%)
hashcfae52c1076238959f0e15476aafdf094775c30f8627b6598167a6eded8d67aa	Merlin payload (confidence level: 95%)
hashc492a5e8596f42decb172ba9e38cc478	Merlin payload (confidence level: 95%)
hashab721684c6bd15f25c910036b8c96a307a0e4d64	Merlin payload (confidence level: 95%)
hashc2a3b773038440c4d9ca129ac8ef6f9afe2bc279e2221a09e312d2a738aa6762	Merlin payload (confidence level: 95%)
hashc22c3acb5bdf0d66dd9a4c849fa0a894	Merlin payload (confidence level: 95%)
hash450c9c37d5b262f7e0230c8235f0031d1f632b9b	poscardstealer payload (confidence level: 95%)
hashe716fecd4ed32d90b1c707da5b419c65a7e1d89b4e416ee69765a3729c1e3293	poscardstealer payload (confidence level: 95%)
hash47293d99962eee46f45384ad95b77ef3	poscardstealer payload (confidence level: 95%)
hash369224277ecacf96fcda6fcd69f90e84fe98f209	poscardstealer payload (confidence level: 95%)
hash21665d2e3eba75d5046b86ed6196b84272d7a8020ecf4fcd8f4e85fb1a76344a	poscardstealer payload (confidence level: 95%)
hash3904bde96ca576cf5824fcf237235fac	poscardstealer payload (confidence level: 95%)
hashdbe0861ef15875ef0f80e7dbf1eb1baca6b69bdb	Amadey payload (confidence level: 95%)
hashc54489a92df164c93de3ea2764e43f6ebee088f729318b41a97c58cdf73141a5	Amadey payload (confidence level: 95%)
hashd9364eaf2a9bddb813bff9a1caba6d8f	Amadey payload (confidence level: 95%)
hash8a0f8fbc1553ab642f2b1a08a49914d932a243e2	StrelaStealer payload (confidence level: 95%)
hash7e938110c3e4158818ed547159cddd4ba70ebf6bd0ee471e5877c2cd00df417f	StrelaStealer payload (confidence level: 95%)
hasha20549cc494317598f8bc7474709b396	StrelaStealer payload (confidence level: 95%)
hashf640f35698716d1cee1ca34f0cf22658a4c3a52f	AdaptixC2 payload (confidence level: 95%)
hashc4780e33d7ab1bcd6304daede805b5ae0270c4aa8cea8823467e22697dd2f39b	AdaptixC2 payload (confidence level: 95%)
hashb99e63930e606f3be6fe9d91549c3189	AdaptixC2 payload (confidence level: 95%)
hashe242b871df8cbda146d657a6efd2696e2f477458	DCRat payload (confidence level: 95%)
hashc7ae3ef1f6321bbee623fc191d7708ed7d4208537ac76fffc925c997be3064fe	DCRat payload (confidence level: 95%)
hash6f00a637e471650b1afc93f21bd6a050	DCRat payload (confidence level: 95%)
hashb98093cd0d4fefa05d4b46cc3a72078461069c7e	AdaptixC2 payload (confidence level: 95%)
hash3e903c148364b388c2b0a169114854f885c4945e03a5ae023bc18d1bcaea0cad	AdaptixC2 payload (confidence level: 95%)
hash42aa979f9af39fb092113434e0990002	AdaptixC2 payload (confidence level: 95%)
hash28c3e1a2e0ee5f93b8805535ad5ec2a242021643	AdaptixC2 payload (confidence level: 95%)
hash750f49cba0d3346f01a134285100b17de635e703306ecd2c808f93edef404741	AdaptixC2 payload (confidence level: 95%)
hash23be339b732b225ca0ea89c57d93a60e	AdaptixC2 payload (confidence level: 95%)
hashb410c984416c51473b73970044117a59a59dd64f	AdaptixC2 payload (confidence level: 95%)
hash3e375ccf690ffb190591945c540941b5c3f17b87c8de938fffd1661c3a84f367	AdaptixC2 payload (confidence level: 95%)
hash069ac792037506df2d926ad53702e2f6	AdaptixC2 payload (confidence level: 95%)
hasha13f3eecec10667226a1eb93f9a63c299ba9c7d2	AdaptixC2 payload (confidence level: 95%)
hash7c9fa211fe4e66b6d994c7e511bc4ddb177042298b0e5b39583c804cac6679c2	AdaptixC2 payload (confidence level: 95%)
hash0b9cfeb38d4cb7fba777ca52faebc52c	AdaptixC2 payload (confidence level: 95%)
hashda7861286c803f7e3b1a13ab4b069e1bb5f36c9e	AdaptixC2 payload (confidence level: 95%)
hasha29916e76ae4fd981fcdc130eade83e8865bdc6a8d5cc15ef3a8cff42b2a0af1	AdaptixC2 payload (confidence level: 95%)
hash05742241859eb55ff0ad69e2aedd8277	AdaptixC2 payload (confidence level: 95%)
hashb6f5fbafe39b635faa7421c2f5567b67d9c122b4	AdaptixC2 payload (confidence level: 95%)
hash09492c8a5138c3c1f00d19fa2e1b798f271e2730d74e9de69e926d5c0a92f64e	AdaptixC2 payload (confidence level: 95%)
hash0dbaee8bcc15e1b4b424d07e8a4b8e4d	AdaptixC2 payload (confidence level: 95%)
hash9e85420f51104dfc42096e114895fae223459f4a	AdaptixC2 payload (confidence level: 95%)
hash801477e66d99676b86bc589ba6b49451e6ce98570f13f9204b48d2bc04372b70	AdaptixC2 payload (confidence level: 95%)
hash11609064f34537f722ed00513d9d89ac	AdaptixC2 payload (confidence level: 95%)
hashfc2b662059366f8a4ee1ed54f71940e44a3c3c6e	AdaptixC2 payload (confidence level: 95%)
hash500896fbd343a7c713ddce1815d9827606edae3f81abf0fba68cb6b163ce0871	AdaptixC2 payload (confidence level: 95%)
hashbbfdb7f47559bfde4090b7c113c9d274	AdaptixC2 payload (confidence level: 95%)
hash98c88ff395c1f2ea68b5b2c4ceeda4e9e9a2e595	AdaptixC2 payload (confidence level: 95%)
hash01c29e84ad1a5fc1f2d16a93fee1c6386aecef1a99153eccaddbca54549befd3	AdaptixC2 payload (confidence level: 95%)
hashbc5543b39d89cda6832706948945f567	AdaptixC2 payload (confidence level: 95%)
hashea2adfb211b8c8ca174b086f72f49eadbb00eaf1	Vidar payload (confidence level: 95%)
hashe63c3a07f3e99f3041c64537893189172179183347d1e4626649f5d987b47b51	Vidar payload (confidence level: 95%)
hash9983e2fb72cbd03945a2ed305537e69c	Vidar payload (confidence level: 95%)
hash9dedc0a5fca58ba3e54700a390299d3998e2fffb	AsyncRAT payload (confidence level: 95%)
hash01e97451a9983dda69144cab8fbf5a053eb012a94c89a14e3437ad66862bc3f5	AsyncRAT payload (confidence level: 95%)
hashdf1bad9247402617af66f1733b7351a9	AsyncRAT payload (confidence level: 95%)
hash553	ValleyRAT botnet C2 server (confidence level: 100%)
hash80	Stealc botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash8080	Sliver botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash17778	Meterpreter botnet C2 server (confidence level: 100%)
hash25278	Meterpreter botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash81	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Ghost RAT botnet C2 server (confidence level: 100%)
hash8443	ShadowPad botnet C2 server (confidence level: 90%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash80	Hook botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash4444	AdaptixC2 botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash2082	Meterpreter botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash8888	Sliver botnet C2 server (confidence level: 75%)
hash80	BianLian botnet C2 server (confidence level: 75%)
hash80	Stealc botnet C2 server (confidence level: 100%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash1000	AsyncRAT botnet C2 server (confidence level: 100%)
hash2000	AsyncRAT botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash9999	Unknown malware botnet C2 server (confidence level: 100%)
hash3334	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash32101	XWorm botnet C2 server (confidence level: 100%)
hash9898	Remcos botnet C2 server (confidence level: 100%)
hash8999	Sliver botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash9090	Venom RAT botnet C2 server (confidence level: 100%)
hash4409	ValleyRAT botnet C2 server (confidence level: 100%)
hash6666	ValleyRAT botnet C2 server (confidence level: 100%)
hash8888	ValleyRAT botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash83	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Meterpreter botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash1688	ValleyRAT botnet C2 server (confidence level: 100%)
hash6667	Sliver botnet C2 server (confidence level: 100%)
hash6006	AsyncRAT botnet C2 server (confidence level: 100%)
hash7777	AsyncRAT botnet C2 server (confidence level: 100%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash8888	Quasar RAT botnet C2 server (confidence level: 100%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash81	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash1699	ValleyRAT botnet C2 server (confidence level: 100%)
hash5140	DeimosC2 botnet C2 server (confidence level: 75%)
hash587	DeimosC2 botnet C2 server (confidence level: 75%)
hash19248	DeimosC2 botnet C2 server (confidence level: 75%)
hash2222	Meterpreter botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)

Domain

Value	Description	Copy
domainmamonol.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainnutlios.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainremareq.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainservict.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domaingleamus.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainreadyca.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainscarleu.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domaintreponj.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainwww.justformyeyes.com	Unknown malware botnet C2 domain (confidence level: 100%)
domainmorqet.b1uesgr2mp.ru	ClearFake payload delivery domain (confidence level: 100%)
domaingudrax.gu1detr2in.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpelniv.gu1detr2in.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintovqer.gu1detr2in.ru	ClearFake payload delivery domain (confidence level: 100%)
domainsilmot.gu1detr2in.ru	ClearFake payload delivery domain (confidence level: 100%)
domainjax3um.gu1detr2in.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhexvul.exh2ust8one.ru	ClearFake payload delivery domain (confidence level: 100%)
domainsorqin.exh2ust8one.ru	ClearFake payload delivery domain (confidence level: 100%)
domainvablot.exh2ust8one.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmuf3ed.exh2ust8one.ru	ClearFake payload delivery domain (confidence level: 100%)
domaindirzam.exh2ust8one.ru	ClearFake payload delivery domain (confidence level: 100%)
domainorqelx.or8anop5crew.ru	ClearFake payload delivery domain (confidence level: 100%)
domainzivmar.or8anop5crew.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintundev.or8anop5crew.ru	ClearFake payload delivery domain (confidence level: 100%)
domainkel3op.or8anop5crew.ru	ClearFake payload delivery domain (confidence level: 100%)
domainwosfir.or8anop5crew.ru	ClearFake payload delivery domain (confidence level: 100%)
domainbarkom.b2ckfo0t.ru	ClearFake payload delivery domain (confidence level: 100%)
domainvex3il.b2ckfo0t.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmudlen.b2ckfo0t.ru	ClearFake payload delivery domain (confidence level: 100%)
domainsirvax.b2ckfo0t.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhofqen.b2ckfo0t.ru	ClearFake payload delivery domain (confidence level: 100%)
domainnaltiv.antip2th5ub.ru	ClearFake payload delivery domain (confidence level: 100%)
domainfexmor.antip2th5ub.ru	ClearFake payload delivery domain (confidence level: 100%)
domainjurqen.antip2th5ub.ru	ClearFake payload delivery domain (confidence level: 100%)
domainsalbik.antip2th5ub.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhev7om.antip2th5ub.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintivqam.act0rpie7ce.ru	ClearFake payload delivery domain (confidence level: 100%)
domainjorxel.act0rpie7ce.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmabfin.act0rpie7ce.ru	ClearFake payload delivery domain (confidence level: 100%)
domainwuzhel.act0rpie7ce.ru	ClearFake payload delivery domain (confidence level: 100%)
domainker9ip.act0rpie7ce.ru	ClearFake payload delivery domain (confidence level: 100%)
domainzulpex.ru5t1eview.ru	ClearFake payload delivery domain (confidence level: 100%)
domainramqit.ru5t1eview.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhovlen.ru5t1eview.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpixdro.ru5t1eview.ru	ClearFake payload delivery domain (confidence level: 100%)
domainbelv7a.ru5t1eview.ru	ClearFake payload delivery domain (confidence level: 100%)
domainfarnuq.go1ogun0ow.ru	ClearFake payload delivery domain (confidence level: 100%)
domainjoltex.go1ogun0ow.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmizpar.go1ogun0ow.ru	ClearFake payload delivery domain (confidence level: 100%)
domainvul3en.go1ogun0ow.ru	ClearFake payload delivery domain (confidence level: 100%)
domainqestiv.go1ogun0ow.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintramvi.s1aughttre5s.ru	ClearFake payload delivery domain (confidence level: 100%)
domaingosped.s1aughttre5s.ru	ClearFake payload delivery domain (confidence level: 100%)
domainwerniq.s1aughttre5s.ru	ClearFake payload delivery domain (confidence level: 100%)
domainbal7ux.s1aughttre5s.ru	ClearFake payload delivery domain (confidence level: 100%)
domainclymor.s1aughttre5s.ru	ClearFake payload delivery domain (confidence level: 100%)
domaindexhul.che6u7therm.ru	ClearFake payload delivery domain (confidence level: 100%)
domainvarqin.che6u7therm.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmup3al.che6u7therm.ru	ClearFake payload delivery domain (confidence level: 100%)
domainselvot.che6u7therm.ru	ClearFake payload delivery domain (confidence level: 100%)
domainjibkar.che6u7therm.ru	ClearFake payload delivery domain (confidence level: 100%)
domainnulfer.be2vesati5t.ru	ClearFake payload delivery domain (confidence level: 100%)
domain7mo.ydns.eu	AsyncRAT botnet C2 domain (confidence level: 100%)
domainwawreal-42593.portmap.host	Quasar RAT botnet C2 domain (confidence level: 100%)
domainqivsan.be2vesati5t.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintarmex.be2vesati5t.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhov3il.be2vesati5t.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpelrud.be2vesati5t.ru	ClearFake payload delivery domain (confidence level: 100%)
domainzankor.re5cuestup1d.ru	ClearFake payload delivery domain (confidence level: 100%)
domainfigmet.re5cuestup1d.ru	ClearFake payload delivery domain (confidence level: 100%)
domaindruvin.re5cuestup1d.ru	ClearFake payload delivery domain (confidence level: 100%)
domainwosdal.re5cuestup1d.ru	ClearFake payload delivery domain (confidence level: 100%)
domainjem7iq.re5cuestup1d.ru	ClearFake payload delivery domain (confidence level: 100%)
domainkalvex.sa5imw2ter.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmoprin.sa5imw2ter.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintursaq.sa5imw2ter.ru	ClearFake payload delivery domain (confidence level: 100%)
domainbel3oq.sa5imw2ter.ru	ClearFake payload delivery domain (confidence level: 100%)
domainsivhun.sa5imw2ter.ru	ClearFake payload delivery domain (confidence level: 100%)
domaingarxit.den1mp7imad.ru	ClearFake payload delivery domain (confidence level: 100%)
domainnulqen.den1mp7imad.ru	ClearFake payload delivery domain (confidence level: 100%)
domainfespov.den1mp7imad.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintiblad.den1mp7imad.ru	ClearFake payload delivery domain (confidence level: 100%)
domainwom3er.den1mp7imad.ru	ClearFake payload delivery domain (confidence level: 100%)
domaincormiq.di5pl2yleft.ru	ClearFake payload delivery domain (confidence level: 100%)
domainjelvon.di5pl2yleft.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpizlaq.di5pl2yleft.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmur7es.di5pl2yleft.ru	ClearFake payload delivery domain (confidence level: 100%)
domainvaldek.di5pl2yleft.ru	ClearFake payload delivery domain (confidence level: 100%)
domaindaxlin.l0ckmu7derer.ru	ClearFake payload delivery domain (confidence level: 100%)
domainferqom.l0ckmu7derer.ru	ClearFake payload delivery domain (confidence level: 100%)
domainholvas.l0ckmu7derer.ru	ClearFake payload delivery domain (confidence level: 100%)
domainzim3up.l0ckmu7derer.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintubren.l0ckmu7derer.ru	ClearFake payload delivery domain (confidence level: 100%)
domaindon9uix5car.ru	ClearFake payload delivery domain (confidence level: 100%)
domainh2ndlante7n.ru	ClearFake payload delivery domain (confidence level: 100%)
domaindivi1nat4ent.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmu1ticolop0r.ru	ClearFake payload delivery domain (confidence level: 100%)
domain97aiol4v.bur9a5erious.ru	ClearFake payload delivery domain (confidence level: 100%)
domain21zqurgr.bur9a5erious.ru	ClearFake payload delivery domain (confidence level: 100%)
domaincdn.macoloniedevacance.fr	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainh5trmznn.ga1axy5ubject.ru	ClearFake payload delivery domain (confidence level: 100%)
domainc8x20bua.ga1axy5ubject.ru	ClearFake payload delivery domain (confidence level: 100%)
domaina24.nbdsnb2.top	FatalRat botnet C2 domain (confidence level: 100%)
domainacc.cn.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainalphatech.eu.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainipex.uk.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainkanido.za.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainnewhdporn18.za.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainvkdg.sa.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainxhamster4.za.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domain1yvpw8vd.b1ondefi1m.ru	ClearFake payload delivery domain (confidence level: 100%)
domainrxtypnpc.b1ondefi1m.ru	ClearFake payload delivery domain (confidence level: 100%)
domainr0tufsto.ga1axy5ubject.ru	ClearFake payload delivery domain (confidence level: 100%)
domainvmtx5s3r.ga1axy5ubject.ru	ClearFake payload delivery domain (confidence level: 100%)
domainki2wz263.grivense7v2nt.ru	ClearFake payload delivery domain (confidence level: 100%)
domaingfdzv1z4.grivense7v2nt.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhip.jpn.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainsgejik4u.b0wra9uita.ru	ClearFake payload delivery domain (confidence level: 100%)
domainjz8ajli5.b0wra9uita.ru	ClearFake payload delivery domain (confidence level: 100%)
domainbdkb0.ru.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainwt8v5i8e.g0dnau8hty.ru	ClearFake payload delivery domain (confidence level: 100%)
domainuqjahm83.g0dnau8hty.ru	ClearFake payload delivery domain (confidence level: 100%)
domainstechdaily.com	Havoc botnet C2 domain (confidence level: 100%)
domainz5q5sgxv.ed2kophtha1.ru	ClearFake payload delivery domain (confidence level: 100%)
domain4jcqok7f.ed2kophtha1.ru	ClearFake payload delivery domain (confidence level: 100%)
domainqiei5qm5.fizzmantle.ru	ClearFake payload delivery domain (confidence level: 100%)
domain016e3gbw.fizzmantle.ru	ClearFake payload delivery domain (confidence level: 100%)
domain79zxno9i.sn1rlbucket.ru	ClearFake payload delivery domain (confidence level: 100%)
domainw0tsflfs.sn1rlbucket.ru	ClearFake payload delivery domain (confidence level: 100%)
domainfather-map.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainupdate.bdkb0.ru.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainvertex.kanido.za.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainvertex.vkdg.sa.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainvertex.xhamster4.za.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainvertex.newhdporn18.za.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainvertex.acc.cn.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainvertex.ipex.uk.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainy5oo3pq2.amberweld.ru	ClearFake payload delivery domain (confidence level: 100%)
domainddey9vaf.amberweld.ru	ClearFake payload delivery domain (confidence level: 100%)
domainejrf3qgs.v-0-rticlaw.ru	ClearFake payload delivery domain (confidence level: 100%)
domain7k2f9gkp.v-0-rticlaw.ru	ClearFake payload delivery domain (confidence level: 100%)
domainkoz10.in.net	AsyncRAT botnet C2 domain (confidence level: 75%)
domainkoz5.in.net	AsyncRAT botnet C2 domain (confidence level: 75%)
domainctminioback.chatutor.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainaadcdn.sentihey.dedyn.io	Havoc botnet C2 domain (confidence level: 100%)
domaintmstanker.testingweblink.com	Havoc botnet C2 domain (confidence level: 100%)
domainmicrosoft.sentihey.dedyn.io	Havoc botnet C2 domain (confidence level: 100%)
domain3bi6uxbg.amber-weld.ru	ClearFake payload delivery domain (confidence level: 100%)
domainawqiq4uh.amber-weld.ru	ClearFake payload delivery domain (confidence level: 100%)
domainsf4j6gim.v0rticlaw.ru	ClearFake payload delivery domain (confidence level: 100%)
domainet6oehxk.v0rticlaw.ru	ClearFake payload delivery domain (confidence level: 100%)
domainzrc41ary.fizz-mantle.ru	ClearFake payload delivery domain (confidence level: 100%)
domainw0px98e7.fizz-mantle.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpg44l5bl.quartzpunch.ru	ClearFake payload delivery domain (confidence level: 100%)
domain5xk22scx.quartzpunch.ru	ClearFake payload delivery domain (confidence level: 100%)

Url

Value	Description	Copy
urlhttp://130.12.180.20:30677/cat.sh	Unknown malware payload delivery URL (confidence level: 75%)
urlhttp://carkalashop.ir/aaa/receive.php	BlackNET RAT botnet C2 (confidence level: 100%)
urlhttp://87.121.84.181/catgirl.mips	Unknown malware payload delivery URL (confidence level: 75%)
urlhttp://192.168.139.137:6868/2zmd	Cobalt Strike botnet C2 (confidence level: 75%)
urlhttps://67ef004eb58d960eb348ede9041aef0c.fit	Stealc botnet C2 (confidence level: 100%)
urlhttp://84.201.25.198/d038a0451b0e491c.php	Stealc botnet C2 (confidence level: 100%)
urlhttp://a1210273.xsph.ru/be7d5f26.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://bobrecurwarmumsworms.com:8080/updater?for=0aa6b9f07a5b27b2069c137c69ec91eb	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://217.156.122.82	Stealc botnet C2 (confidence level: 75%)

Threat ID: 694f23a733784cecd4a2ba30

Added to database: 12/27/2025, 12:09:11 AM

Last enriched: 12/27/2025, 12:24:37 AM

Last updated: 4/5/2026, 4:13:49 PM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited

View courses

ThreatFox IOCs for 2025-12-26

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2025-12-26

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

File

Hash

Domain

Url

Community Reviews

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility

ThreatFox IOCs for 2025-12-26

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2025-12-26

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

File

Hash

Domain

Url

Community Reviews

Related Threats

Maltrail IOC for 2026-04-05

ThreatFox IOCs for 2026-04-04

Maltrail IOC for 2026-04-04

ThreatFox IOCs for 2026-04-03

Maltrail IOC for 2026-04-03

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility