Reconnecting to live updates…
ThreatFox IOCs for 2025-12-31
Severity: mediumType: malware
ThreatFox IOCs for 2025-12-31
AI Analysis
Technical Summary
The entry titled 'ThreatFox IOCs for 2025-12-31' represents a set of Indicators of Compromise (IOCs) sourced from the ThreatFox MISP feed, which is an OSINT (Open Source Intelligence) platform used for sharing threat intelligence data. The data is classified under malware with tags indicating its relevance to OSINT, network activity, and payload delivery. However, the record lacks specific affected software versions, detailed technical indicators, or evidence of active exploitation. No patches or mitigations are linked, and no known exploits are reported in the wild. The threat level is rated medium, with a threatLevel metric of 2 (on an unspecified scale), indicating moderate concern. The information appears to be a general intelligence update rather than a description of a new or emerging vulnerability or malware campaign. The absence of CWE identifiers and concrete technical details suggests this is a metadata or IOC aggregation entry. The primary value lies in enhancing detection capabilities by providing updated IOCs for security teams to integrate into their monitoring systems. The threat does not require immediate remediation but should be incorporated into ongoing threat hunting and network monitoring efforts to identify potential malicious activity related to payload delivery or network-based malware.
Potential Impact
For European organizations, the impact of this threat is primarily in the domain of situational awareness and threat detection rather than direct compromise. Since no active exploits or vulnerabilities are identified, the immediate risk to confidentiality, integrity, or availability is low. However, failure to incorporate these IOCs into security monitoring tools could reduce the effectiveness of detecting malware-related network activity or payload delivery attempts. Organizations heavily reliant on OSINT feeds for threat intelligence will benefit from integrating this data to improve early warning capabilities. The medium severity suggests a moderate potential for detection improvement but not a direct operational threat. The lack of patches or exploit evidence means no urgent operational changes are needed, but ongoing vigilance is recommended. European entities with critical infrastructure or high-value targets should maintain updated threat intelligence feeds to anticipate and mitigate potential malware campaigns that might leverage these indicators in the future.
Mitigation Recommendations
1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to enhance detection of related network activity and payload delivery attempts. 2. Regularly update threat intelligence feeds, including ThreatFox and other OSINT sources, to maintain current situational awareness. 3. Conduct proactive threat hunting exercises using these IOCs to identify any early signs of compromise or suspicious activity within the network. 4. Ensure endpoint detection and response (EDR) tools are configured to recognize and alert on behaviors associated with the indicators. 5. Train security analysts to understand the context and limitations of OSINT-based IOCs to avoid false positives and focus on actionable intelligence. 6. Maintain robust network segmentation and monitoring to limit the impact of any malware payload delivery that might be detected through these indicators. 7. Collaborate with national and European cybersecurity centers to share intelligence and validate the relevance of these IOCs in local contexts.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- url: http://158.94.210.60:8888/supershell/login/
- file: 158.94.210.60
- hash: 8888
- file: 184.154.75.10
- hash: 8443
- url: https://5.35.124.133/
- url: https://216.92.60.125/
- url: https://5.161.254.141/
- url: https://103.241.42.40/
- url: https://4.227.186.5/
- url: https://92.205.227.106/
- url: https://13.58.180.189/
- file: 185.126.67.49
- hash: 8000
- file: 121.56.26.2
- hash: 7777
- url: https://ekoplod.pentasoftcomputers.eu/
- domain: www.dgccollectors.com
- domain: www.walkingholidays.co.za
- domain: youngtechcoorp.com
- domain: www.criticalcare-neurotrauma.ca
- domain: www.dancesportacademy.nl
- url: https://18.233.234.27/
- domain: 999slot.media
- domain: h11uu.com
- domain: veredictum.in.net
- domain: www.aicinformatique.com
- domain: www.fahrschule-br.de
- domain: futuresmuseumdubai.sa.com
- domain: www.welchwrite.com
- domain: www.altenabrass.nl
- domain: www.capacitafinanziaria.net
- file: 113.30.152.32
- hash: 8080
- file: 167.86.145.216
- hash: 443
- file: 185.115.34.131
- hash: 80
- file: 65.87.7.173
- hash: 666
- file: 54.226.51.148
- hash: 33389
- file: 54.226.51.148
- hash: 4839
- file: 66.39.79.68
- hash: 80
- file: 74.208.210.81
- hash: 443
- file: 18.176.47.246
- hash: 80
- file: 103.26.141.6
- hash: 443
- file: 72.62.59.160
- hash: 443
- file: 217.160.27.36
- hash: 80
- file: 103.241.42.40
- hash: 80
- file: 207.154.204.54
- hash: 80
- file: 18.233.234.27
- hash: 80
- file: 159.223.94.233
- hash: 80
- file: 159.223.94.233
- hash: 443
- domain: 66ne34xh.spikeslavage.ru
- domain: jb4i8crw.spikeslavage.ru
- domain: gp0k9bqe.spikeslavage.ru
- domain: g9zj25k4.spikeslavage.ru
- domain: 8bj1fusi.vagusbra.ru
- domain: qzf73dvm.vagusbra.ru
- domain: goe0vvjr.vagusbra.ru
- domain: jasm72mf.vagusbra.ru
- url: https://72.62.59.160/
- url: https://74.208.210.81/
- url: https://18.176.47.246/
- url: https://103.26.141.6/
- url: https://159.223.94.233/
- domain: secure.seketafrica.org
- domain: f0f5d142773c9409d043c11054bb39b4.be15023586893006b4acf9ef23a9691f.traefik.default
- file: 45.114.106.48
- hash: 6521
- file: 102.117.161.16
- hash: 7443
- file: 118.68.121.129
- hash: 443
- file: 196.75.88.90
- hash: 2222
- file: 199.101.111.66
- hash: 3790
- file: 54.82.12.199
- hash: 25807
- file: 54.82.12.199
- hash: 15507
- file: 103.74.5.124
- hash: 443
- file: 3.141.75.29
- hash: 443
- file: 5.63.157.201
- hash: 443
- file: 3.140.100.40
- hash: 80
- file: 52.16.112.136
- hash: 443
- file: 148.72.247.154
- hash: 443
- file: 18.176.47.246
- hash: 443
- file: 18.222.4.143
- hash: 80
- file: 18.222.4.143
- hash: 443
- file: 66.39.57.18
- hash: 443
- url: https://usajili.hamasagroup.com/
- url: https://148.72.247.154/
- url: https://3.140.100.40/
- url: https://52.16.112.136/
- url: https://3.141.75.29/
- url: https://5.63.157.201/
- url: https://18.222.4.143/
- url: https://66.39.57.18/
- domain: mitch275-37737.portmap.host
- url: https://103.74.5.124/
- file: 45.131.65.74
- hash: 6767
- domain: readthisifgay.datasurge.vip
- file: 103.79.187.254
- hash: 2096
- file: 8.136.196.111
- hash: 80
- file: 114.55.144.63
- hash: 443
- file: 114.55.144.63
- hash: 8888
- file: 86.48.30.104
- hash: 2404
- file: 57.131.35.11
- hash: 80
- file: 172.81.132.171
- hash: 8090
- file: 161.248.113.155
- hash: 8888
- file: 206.82.9.155
- hash: 8808
- file: 188.165.63.129
- hash: 6000
- file: 144.172.108.187
- hash: 8808
- file: 159.198.75.249
- hash: 80
- file: 200.232.230.24
- hash: 7000
- file: 94.154.35.160
- hash: 2222
- file: 93.198.182.29
- hash: 81
- file: 198.96.88.70
- hash: 9999
- file: 5.161.219.211
- hash: 443
- file: 3.140.100.40
- hash: 443
- file: 198.91.87.184
- hash: 443
- file: 89.111.134.202
- hash: 80
- file: 13.53.62.252
- hash: 80
- file: 77.240.38.12
- hash: 443
- file: 13.61.43.131
- hash: 80
- file: 15.236.37.248
- hash: 80
- file: 148.178.114.72
- hash: 443
- file: 16.64.1.155
- hash: 443
- file: 192.99.169.120
- hash: 8888
- file: 199.48.247.31
- hash: 8443
- file: 65.153.151.130
- hash: 10011
- domain: basilicros.su
- domain: broguenko.su
- domain: izzardtow.su
- domain: spilliv.cyou
- domain: screwsj.click
- domain: whitepepper.su
- domain: fecalja.cyou
- domain: gruntpo.cyou
- domain: homuncloud.su
- domain: heavylussy.su
- domain: hammernew.su
- domain: familyriwo.su
- domain: nigeluk.cyou
- domain: coratuikilooklosd.com
- domain: holiopkasdfoion.com
- file: 178.16.52.253
- hash: 443
- url: https://77.240.38.12/
- url: https://13.53.62.252/
- url: https://5.161.219.211/
- url: https://13.61.43.131/
- domain: hknhosting.xyz
- domain: ahmed000.ddns.net
- domain: k0lan.ddns.net
- domain: bobbelal2.ddns.net
- domain: abdumido20181.ddns.net
- domain: dark-kok01.duckdns.org
- domain: xxnx.ddns.net
- domain: iraq313.publicvm.com
- domain: ready-scan.duckdns.org
- domain: salvigame.ddns.net
- domain: addpanel.duckdns.org
- file: 52.78.100.137
- hash: 8888
- file: 156.234.71.23
- hash: 30941
- file: 45.114.106.43
- hash: 6521
- file: 67.210.97.27
- hash: 7707
- file: 144.126.203.11
- hash: 8080
- file: 51.222.136.152
- hash: 3330
- file: 209.38.231.154
- hash: 3333
- file: 101.36.113.58
- hash: 80
- file: 27.124.53.43
- hash: 447
- file: 47.84.13.17
- hash: 1688
- file: 47.237.185.140
- hash: 2580
- file: 124.117.210.186
- hash: 10101
- file: 154.91.84.19
- hash: 7788
- file: 192.229.116.171
- hash: 520
- file: 206.238.42.177
- hash: 5050
- file: 206.238.115.86
- hash: 7777
- file: 1.94.60.160
- hash: 80
- file: 181.215.18.140
- hash: 8443
- file: 185.213.240.178
- hash: 3778
- file: 139.162.39.84
- hash: 9090
- file: 107.174.95.25
- hash: 80
- domain: skdlfsd-56502.portmap.host
- domain: yassinedfe4-39487.portmap.host
- domain: logs.veredictum.in.net
- file: 158.94.208.237
- hash: 2404
- file: 49.13.35.146
- hash: 7443
- file: 3.92.164.85
- hash: 21
- file: 103.112.244.68
- hash: 443
- file: 3.148.150.3
- hash: 80
- file: 34.236.253.225
- hash: 80
- domain: masonratopngga-51671.portmap.host
- domain: eyadking.linkpc.net
- domain: barbermoo.today
- file: 45.142.193.144
- hash: 4998
- file: 172.86.117.36
- hash: 443
- domain: altex.jpn.com
- domain: kubet.de.com
- file: 124.198.131.58
- hash: 909
- file: 176.65.132.153
- hash: 8808
- file: 161.97.138.238
- hash: 7443
- file: 199.101.111.125
- hash: 3790
- file: 31.57.135.163
- hash: 443
- domain: www.adunion.se
- domain: www.innerstudio.dk
- domain: yestoday-piano-bar.fr
- domain: www.imkerei.email
- domain: naturesremedies.uk.com
- domain: emi.co.com
- file: 161.35.89.205
- hash: 8001
- file: 167.71.240.197
- hash: 8001
- file: 142.93.142.39
- hash: 8001
- file: 161.35.122.139
- hash: 8001
- file: 137.184.199.4
- hash: 8001
- file: 188.166.173.38
- hash: 8001
- file: 104.248.202.172
- hash: 8001
- file: 138.68.153.22
- hash: 8001
- file: 67.205.148.147
- hash: 8001
- file: 159.65.111.23
- hash: 8001
- file: 191.112.6.229
- hash: 443
- file: 45.148.119.48
- hash: 443
- file: 109.71.245.196
- hash: 31337
- domain: ctwebhook.chatutor.com
- file: 121.165.121.162
- hash: 4567
- domain: gstatic.coppsindoor.org
- domain: static.coppsindoor.org
- domain: capture.coppsindoor.org
- domain: googletagmanager.coppsindoor.org
- file: 13.60.86.159
- hash: 443
- file: 3.151.169.122
- hash: 80
- file: 3.151.169.122
- hash: 443
- file: 82.146.58.204
- hash: 80
- file: 144.172.104.26
- hash: 80
- file: 35.211.35.122
- hash: 443
- domain: wzy.firstanquan.cn
- domain: www.xbwa1.top
- file: 150.158.121.15
- hash: 8000
- file: 23.249.28.181
- hash: 14994
- domain: ctn8n.chatutor.com
- file: 1.54.115.73
- hash: 443
- file: 160.202.230.193
- hash: 808
- file: 103.150.116.185
- hash: 443
- file: 176.57.189.11
- hash: 3333
- file: 18.134.180.250
- hash: 1724
- file: 66.181.42.10
- hash: 3333
ThreatFox IOCs for 2025-12-31
0
MediumPublished: Wed Dec 31 2025 (12/31/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-12-31
AI-Powered Analysis
AILast updated: 01/01/2026, 00:13:49 UTC
Technical Analysis
The entry titled 'ThreatFox IOCs for 2025-12-31' represents a set of Indicators of Compromise (IOCs) sourced from the ThreatFox MISP feed, which is an OSINT (Open Source Intelligence) platform used for sharing threat intelligence data. The data is classified under malware with tags indicating its relevance to OSINT, network activity, and payload delivery. However, the record lacks specific affected software versions, detailed technical indicators, or evidence of active exploitation. No patches or mitigations are linked, and no known exploits are reported in the wild. The threat level is rated medium, with a threatLevel metric of 2 (on an unspecified scale), indicating moderate concern. The information appears to be a general intelligence update rather than a description of a new or emerging vulnerability or malware campaign. The absence of CWE identifiers and concrete technical details suggests this is a metadata or IOC aggregation entry. The primary value lies in enhancing detection capabilities by providing updated IOCs for security teams to integrate into their monitoring systems. The threat does not require immediate remediation but should be incorporated into ongoing threat hunting and network monitoring efforts to identify potential malicious activity related to payload delivery or network-based malware.
Potential Impact
For European organizations, the impact of this threat is primarily in the domain of situational awareness and threat detection rather than direct compromise. Since no active exploits or vulnerabilities are identified, the immediate risk to confidentiality, integrity, or availability is low. However, failure to incorporate these IOCs into security monitoring tools could reduce the effectiveness of detecting malware-related network activity or payload delivery attempts. Organizations heavily reliant on OSINT feeds for threat intelligence will benefit from integrating this data to improve early warning capabilities. The medium severity suggests a moderate potential for detection improvement but not a direct operational threat. The lack of patches or exploit evidence means no urgent operational changes are needed, but ongoing vigilance is recommended. European entities with critical infrastructure or high-value targets should maintain updated threat intelligence feeds to anticipate and mitigate potential malware campaigns that might leverage these indicators in the future.
Mitigation Recommendations
1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to enhance detection of related network activity and payload delivery attempts. 2. Regularly update threat intelligence feeds, including ThreatFox and other OSINT sources, to maintain current situational awareness. 3. Conduct proactive threat hunting exercises using these IOCs to identify any early signs of compromise or suspicious activity within the network. 4. Ensure endpoint detection and response (EDR) tools are configured to recognize and alert on behaviors associated with the indicators. 5. Train security analysts to understand the context and limitations of OSINT-based IOCs to avoid false positives and focus on actionable intelligence. 6. Maintain robust network segmentation and monitoring to limit the impact of any malware payload delivery that might be detected through these indicators. 7. Collaborate with national and European cybersecurity centers to share intelligence and validate the relevance of these IOCs in local contexts.
Affected Countries
Need more detailed analysis?Upgrade to Pro Console
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 08c4cd57-7af0-43ea-8c1c-7bfcf2d702e7
- Original Timestamp
- 1767225786
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://158.94.210.60:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://5.35.124.133/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://216.92.60.125/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://5.161.254.141/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://103.241.42.40/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://4.227.186.5/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://92.205.227.106/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://13.58.180.189/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://ekoplod.pentasoftcomputers.eu/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://18.233.234.27/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://72.62.59.160/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://74.208.210.81/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://18.176.47.246/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://103.26.141.6/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://159.223.94.233/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://usajili.hamasagroup.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://148.72.247.154/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://3.140.100.40/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://52.16.112.136/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://3.141.75.29/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://5.63.157.201/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://18.222.4.143/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://66.39.57.18/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://103.74.5.124/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://77.240.38.12/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://13.53.62.252/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://5.161.219.211/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://13.61.43.131/ | Unknown malware payload delivery URL (confidence level: 90%) |
File
| Value | Description | Copy |
|---|---|---|
file158.94.210.60 | Unknown malware botnet C2 server (confidence level: 100%) | |
file184.154.75.10 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.126.67.49 | Unknown malware botnet C2 server (confidence level: 100%) | |
file121.56.26.2 | QakBot botnet C2 server (confidence level: 75%) | |
file113.30.152.32 | Sliver botnet C2 server (confidence level: 100%) | |
file167.86.145.216 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file185.115.34.131 | XWorm botnet C2 server (confidence level: 100%) | |
file65.87.7.173 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file54.226.51.148 | Meterpreter botnet C2 server (confidence level: 100%) | |
file54.226.51.148 | Meterpreter botnet C2 server (confidence level: 100%) | |
file66.39.79.68 | Unknown malware botnet C2 server (confidence level: 100%) | |
file74.208.210.81 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.176.47.246 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.26.141.6 | Unknown malware botnet C2 server (confidence level: 100%) | |
file72.62.59.160 | Unknown malware botnet C2 server (confidence level: 100%) | |
file217.160.27.36 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.241.42.40 | Unknown malware botnet C2 server (confidence level: 100%) | |
file207.154.204.54 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.233.234.27 | Unknown malware botnet C2 server (confidence level: 100%) | |
file159.223.94.233 | Unknown malware botnet C2 server (confidence level: 100%) | |
file159.223.94.233 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.114.106.48 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file102.117.161.16 | Unknown malware botnet C2 server (confidence level: 100%) | |
file118.68.121.129 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file196.75.88.90 | Meterpreter botnet C2 server (confidence level: 100%) | |
file199.101.111.66 | Meterpreter botnet C2 server (confidence level: 100%) | |
file54.82.12.199 | Meterpreter botnet C2 server (confidence level: 100%) | |
file54.82.12.199 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.74.5.124 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.141.75.29 | Unknown malware botnet C2 server (confidence level: 100%) | |
file5.63.157.201 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.140.100.40 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.16.112.136 | Unknown malware botnet C2 server (confidence level: 100%) | |
file148.72.247.154 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.176.47.246 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.222.4.143 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.222.4.143 | Unknown malware botnet C2 server (confidence level: 100%) | |
file66.39.57.18 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.131.65.74 | Mirai botnet C2 server (confidence level: 75%) | |
file103.79.187.254 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.136.196.111 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file114.55.144.63 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file114.55.144.63 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file86.48.30.104 | Remcos botnet C2 server (confidence level: 100%) | |
file57.131.35.11 | Sliver botnet C2 server (confidence level: 100%) | |
file172.81.132.171 | Sliver botnet C2 server (confidence level: 100%) | |
file161.248.113.155 | Unknown malware botnet C2 server (confidence level: 100%) | |
file206.82.9.155 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file188.165.63.129 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file144.172.108.187 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file159.198.75.249 | Havoc botnet C2 server (confidence level: 100%) | |
file200.232.230.24 | Venom RAT botnet C2 server (confidence level: 100%) | |
file94.154.35.160 | DCRat botnet C2 server (confidence level: 100%) | |
file93.198.182.29 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file198.96.88.70 | Bashlite botnet C2 server (confidence level: 100%) | |
file5.161.219.211 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.140.100.40 | Unknown malware botnet C2 server (confidence level: 100%) | |
file198.91.87.184 | Unknown malware botnet C2 server (confidence level: 100%) | |
file89.111.134.202 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.53.62.252 | Unknown malware botnet C2 server (confidence level: 100%) | |
file77.240.38.12 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.61.43.131 | Unknown malware botnet C2 server (confidence level: 100%) | |
file15.236.37.248 | Unknown malware botnet C2 server (confidence level: 100%) | |
file148.178.114.72 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file16.64.1.155 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file192.99.169.120 | Sliver botnet C2 server (confidence level: 75%) | |
file199.48.247.31 | Sliver botnet C2 server (confidence level: 75%) | |
file65.153.151.130 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file178.16.52.253 | XMRIG botnet C2 server (confidence level: 100%) | |
file52.78.100.137 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.71.23 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.114.106.43 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file67.210.97.27 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file144.126.203.11 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file51.222.136.152 | Unknown malware botnet C2 server (confidence level: 100%) | |
file209.38.231.154 | Unknown malware botnet C2 server (confidence level: 100%) | |
file101.36.113.58 | Unknown malware botnet C2 server (confidence level: 100%) | |
file27.124.53.43 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file47.84.13.17 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file47.237.185.140 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file124.117.210.186 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file154.91.84.19 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file192.229.116.171 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file206.238.42.177 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file206.238.115.86 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file1.94.60.160 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file181.215.18.140 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.213.240.178 | Mirai botnet C2 server (confidence level: 100%) | |
file139.162.39.84 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.174.95.25 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file158.94.208.237 | Remcos botnet C2 server (confidence level: 100%) | |
file49.13.35.146 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.92.164.85 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.112.244.68 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.148.150.3 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.236.253.225 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.142.193.144 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file172.86.117.36 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file124.198.131.58 | Remcos botnet C2 server (confidence level: 100%) | |
file176.65.132.153 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file161.97.138.238 | Unknown malware botnet C2 server (confidence level: 100%) | |
file199.101.111.125 | Meterpreter botnet C2 server (confidence level: 100%) | |
file31.57.135.163 | Unknown malware botnet C2 server (confidence level: 100%) | |
file161.35.89.205 | Aisuru botnet C2 server (confidence level: 75%) | |
file167.71.240.197 | Aisuru botnet C2 server (confidence level: 75%) | |
file142.93.142.39 | Aisuru botnet C2 server (confidence level: 75%) | |
file161.35.122.139 | Aisuru botnet C2 server (confidence level: 75%) | |
file137.184.199.4 | Aisuru botnet C2 server (confidence level: 75%) | |
file188.166.173.38 | Aisuru botnet C2 server (confidence level: 75%) | |
file104.248.202.172 | Aisuru botnet C2 server (confidence level: 75%) | |
file138.68.153.22 | Aisuru botnet C2 server (confidence level: 75%) | |
file67.205.148.147 | Aisuru botnet C2 server (confidence level: 75%) | |
file159.65.111.23 | Aisuru botnet C2 server (confidence level: 75%) | |
file191.112.6.229 | QakBot botnet C2 server (confidence level: 75%) | |
file45.148.119.48 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file109.71.245.196 | Sliver botnet C2 server (confidence level: 100%) | |
file121.165.121.162 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file13.60.86.159 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.151.169.122 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.151.169.122 | Unknown malware botnet C2 server (confidence level: 100%) | |
file82.146.58.204 | Unknown malware botnet C2 server (confidence level: 100%) | |
file144.172.104.26 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.211.35.122 | Unknown malware botnet C2 server (confidence level: 100%) | |
file150.158.121.15 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.249.28.181 | Ghost RAT botnet C2 server (confidence level: 75%) | |
file1.54.115.73 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file160.202.230.193 | Kaiji botnet C2 server (confidence level: 100%) | |
file103.150.116.185 | Unknown malware botnet C2 server (confidence level: 100%) | |
file176.57.189.11 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.134.180.250 | Unknown malware botnet C2 server (confidence level: 100%) | |
file66.181.42.10 | Unknown malware botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7777 | QakBot botnet C2 server (confidence level: 75%) | |
hash8080 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | XWorm botnet C2 server (confidence level: 100%) | |
hash666 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash33389 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash4839 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6521 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash2222 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash25807 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash15507 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6767 | Mirai botnet C2 server (confidence level: 75%) | |
hash2096 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | Sliver botnet C2 server (confidence level: 100%) | |
hash8090 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash7000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash2222 | DCRat botnet C2 server (confidence level: 100%) | |
hash81 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash9999 | Bashlite botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash8443 | Sliver botnet C2 server (confidence level: 75%) | |
hash10011 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | XMRIG botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash30941 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6521 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash3330 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash447 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash1688 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash2580 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash10101 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash7788 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash520 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash5050 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash7777 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3778 | Mirai botnet C2 server (confidence level: 100%) | |
hash9090 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash21 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4998 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash909 | Remcos botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash4567 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash14994 | Ghost RAT botnet C2 server (confidence level: 75%) | |
hash443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash808 | Kaiji botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1724 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainwww.dgccollectors.com | GootLoader botnet C2 domain (confidence level: 100%) | |
domainwww.walkingholidays.co.za | GootLoader botnet C2 domain (confidence level: 100%) | |
domainyoungtechcoorp.com | GootLoader botnet C2 domain (confidence level: 100%) | |
domainwww.criticalcare-neurotrauma.ca | GootLoader botnet C2 domain (confidence level: 100%) | |
domainwww.dancesportacademy.nl | GootLoader botnet C2 domain (confidence level: 100%) | |
domain999slot.media | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainh11uu.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainveredictum.in.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainwww.aicinformatique.com | GootLoader botnet C2 domain (confidence level: 100%) | |
domainwww.fahrschule-br.de | GootLoader botnet C2 domain (confidence level: 100%) | |
domainfuturesmuseumdubai.sa.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainwww.welchwrite.com | GootLoader botnet C2 domain (confidence level: 100%) | |
domainwww.altenabrass.nl | GootLoader botnet C2 domain (confidence level: 100%) | |
domainwww.capacitafinanziaria.net | GootLoader botnet C2 domain (confidence level: 100%) | |
domain66ne34xh.spikeslavage.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjb4i8crw.spikeslavage.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingp0k9bqe.spikeslavage.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaing9zj25k4.spikeslavage.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain8bj1fusi.vagusbra.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqzf73dvm.vagusbra.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingoe0vvjr.vagusbra.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjasm72mf.vagusbra.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsecure.seketafrica.org | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainf0f5d142773c9409d043c11054bb39b4.be15023586893006b4acf9ef23a9691f.traefik.default | Cobalt Strike botnet C2 domain (confidence level: 50%) | |
domainmitch275-37737.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainreadthisifgay.datasurge.vip | Mirai botnet C2 domain (confidence level: 100%) | |
domainbasilicros.su | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbroguenko.su | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainizzardtow.su | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainspilliv.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainscrewsj.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwhitepepper.su | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfecalja.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingruntpo.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhomuncloud.su | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainheavylussy.su | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhammernew.su | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfamilyriwo.su | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainnigeluk.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincoratuikilooklosd.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domainholiopkasdfoion.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domainhknhosting.xyz | Mirai botnet C2 domain (confidence level: 100%) | |
domainahmed000.ddns.net | NjRAT botnet C2 domain (confidence level: 100%) | |
domaink0lan.ddns.net | NjRAT botnet C2 domain (confidence level: 100%) | |
domainbobbelal2.ddns.net | NjRAT botnet C2 domain (confidence level: 100%) | |
domainabdumido20181.ddns.net | NjRAT botnet C2 domain (confidence level: 100%) | |
domaindark-kok01.duckdns.org | NjRAT botnet C2 domain (confidence level: 100%) | |
domainxxnx.ddns.net | NjRAT botnet C2 domain (confidence level: 100%) | |
domainiraq313.publicvm.com | NjRAT botnet C2 domain (confidence level: 100%) | |
domainready-scan.duckdns.org | NjRAT botnet C2 domain (confidence level: 100%) | |
domainsalvigame.ddns.net | NjRAT botnet C2 domain (confidence level: 100%) | |
domainaddpanel.duckdns.org | NjRAT botnet C2 domain (confidence level: 100%) | |
domainskdlfsd-56502.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainyassinedfe4-39487.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainlogs.veredictum.in.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainmasonratopngga-51671.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domaineyadking.linkpc.net | XWorm botnet C2 domain (confidence level: 100%) | |
domainbarbermoo.today | AMOS botnet C2 domain (confidence level: 100%) | |
domainaltex.jpn.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainkubet.de.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainwww.adunion.se | GootLoader botnet C2 domain (confidence level: 100%) | |
domainwww.innerstudio.dk | GootLoader botnet C2 domain (confidence level: 100%) | |
domainyestoday-piano-bar.fr | GootLoader botnet C2 domain (confidence level: 100%) | |
domainwww.imkerei.email | GootLoader botnet C2 domain (confidence level: 100%) | |
domainnaturesremedies.uk.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainemi.co.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainctwebhook.chatutor.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaingstatic.coppsindoor.org | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainstatic.coppsindoor.org | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincapture.coppsindoor.org | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaingoogletagmanager.coppsindoor.org | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainwzy.firstanquan.cn | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainwww.xbwa1.top | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainctn8n.chatutor.com | AsyncRAT botnet C2 domain (confidence level: 100%) |
Threat ID: 6955bc30db813ff03e0aca04
Added to database: 1/1/2026, 12:13:36 AM
Last enriched: 1/1/2026, 12:13:49 AM
Last updated: 1/1/2026, 5:21:20 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
Everest Ransomware Leaks 1TB of Stolen ASUS Data
MediumMalwareWed Dec 31 2025
2 US Cybersecurity Experts Guilty of Extortion Scheme for ALPHV Ransomware
MediumMalwareWed Dec 31 2025
ThreatFox IOCs for 2025-12-30
MediumMalwareWed Dec 31 2025
Lithuanian suspect arrested over KMSAuto malware that infected 2.8M systems
MediumMalwareTue Dec 30 2025
Evasive Panda cyberespionage campaign uses DNS poisoning to install MgBot backdoor
MediumMalwareTue Dec 30 2025
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.