ThreatFox IOCs for 2026-01-03
ThreatFox IOCs for 2026-01-03
AI Analysis
Technical Summary
This threat report from ThreatFox MISP Feed dated January 3, 2026, details Indicators of Compromise (IOCs) related to malware activities primarily involving OSINT (Open Source Intelligence), network activity, and payload delivery mechanisms. The report does not specify affected software versions or particular vulnerabilities (no CWEs listed), nor does it indicate any known exploits actively used in the wild. The threat level is rated medium, reflecting a moderate risk profile. The absence of patch availability suggests that this threat may involve novel or emerging tactics rather than known vulnerabilities with existing fixes. The technical details include a threat level of 2 and distribution level of 3, implying moderate dissemination potential. The lack of detailed indicators or payload specifics limits the ability to pinpoint exact attack vectors or malware families involved. The focus on OSINT and network activity suggests that attackers may leverage publicly available information to craft targeted payload delivery attacks, potentially exploiting network weaknesses or social engineering. The threat does not require authentication or user interaction, which could facilitate automated or opportunistic attacks. Overall, this threat represents a moderate concern, emphasizing the need for vigilant network monitoring and intelligence-driven defenses.
Potential Impact
For European organizations, the primary impact of this threat lies in the potential for network-based payload delivery that could lead to malware infections, data exfiltration, or disruption of services. Given the medium severity and lack of known exploits, immediate widespread compromise is unlikely; however, targeted attacks leveraging OSINT could enable adversaries to tailor payloads effectively, increasing the risk to sensitive or critical infrastructure. Organizations with extensive network exposure or those heavily reliant on open-source intelligence for operational security may face elevated risks. The absence of patches means that traditional vulnerability remediation is not applicable, placing greater emphasis on detection and response capabilities. Potential impacts include confidentiality breaches if payloads enable data theft, integrity compromises if malware alters data or systems, and availability issues if payloads disrupt network services. The threat’s moderate distribution level suggests a limited but non-negligible spread, warranting attention from security teams across sectors such as finance, government, and critical infrastructure in Europe.
Mitigation Recommendations
European organizations should implement enhanced network traffic monitoring to detect anomalous payload delivery attempts, leveraging advanced intrusion detection and prevention systems (IDPS) with updated threat intelligence feeds, including ThreatFox IOCs. Integration of OSINT analysis into security operations can help anticipate attacker tactics and identify potential targeting patterns. Employing sandboxing and behavioral analysis tools will aid in identifying suspicious payloads before execution. Network segmentation and strict access controls can limit lateral movement if initial compromise occurs. Organizations should also conduct regular threat hunting exercises focused on network activity anomalies and payload signatures. Since no patches are available, emphasis should be placed on timely incident response and containment strategies. Employee awareness programs about social engineering risks related to OSINT exploitation can reduce the likelihood of successful payload delivery. Collaboration with national cybersecurity centers and sharing of threat intelligence within European cybersecurity communities will enhance collective defense.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
Indicators of Compromise
- file: 52.203.72.85
- hash: 443
- domain: www.dev.ostra-regal.com
- file: 5.178.109.30
- hash: 2222
- file: 94.103.1.222
- hash: 2222
- file: 54.186.181.98
- hash: 4444
- domain: www.diallocksmith.keydesigndevelopment.com
- file: 185.53.12.211
- hash: 4444
- file: 103.219.170.221
- hash: 3000
- file: 45.153.34.175
- hash: 9000
- file: 103.110.87.153
- hash: 3790
- domain: app.abuarerestaurant.net
- file: 51.250.16.184
- hash: 8443
- url: http://lockbitynxdcxtuvma5deq5pxtnqoacftuigkk37xjq3whefozdpcuad.onion/
- url: http://lockbity44loulvujiaoels7knti2tfsnglclnse22syaa6x3vpqp7yd.onion/
- url: http://lockbitqth2ij5cdqmj4cdchoh3etnlbh74utqviwqb5svvhxygnmoqd.onion/
- url: http://lockbitotfzuq2lpyydzgbhelps2mcz62cpix4nzpcyaak5444iwfmqd.onion/
- url: http://lockbitgf43c7avhx5wesx5ambjgbormhwc2tujsy6lvg6drkjhnjryd.onion/
- url: http://lockbitfnszjao7hayqsd424m74k5jxc52hozvabjrut7pjfsfaaaoad.onion/
- url: http://lockbitdzdbv5dh6ncf65c22tdgej72sty6ikiieuinibh6icnzrv4yd.onion/
- url: http://lockbitbgtyqtgutvasrld5gx23ozo32y4xkjrby6bte3zyvjdlyoxyd.onion/
- url: http://lockbitabmbzz652qeqd7yztgugcihpy4s4f6zuqi3jx32rzjylsn7ad.onion/
- url: http://lockbit24pegjquuwbmwjlvyivmyaujf33kvlepcxyncnugm3zw73myd.onion/
- url: http://lockbityq64mwtobqqcr3iwxs5q4o7iliuv72gbx4vflggj4m4wqekad.onion/
- url: http://lockbity3v2rhjjjt6opcgvdrrlvdbrt3p2wqmxmq4cm36cchphdy6qd.onion/
- url: http://lockbitnpobu6luzzlxb7br5uyqnmeruwimpjuw2kv442nvxd6sufsad.onion/
- url: http://lockbitkybiqhyv64vdaamz7uf2ymjoafyalx3e6spmmsz5xyk5nbcad.onion/
- url: http://lockbitjqfuyrkxiie6bcly6ow4sh6lmyuyvyats5hcpe5e6hbuhikyd.onion/
- url: http://lockbithn5a2qgf4ojvut3q25yylrauvjxrz6sjdd4teas65osru2lqd.onion/
- url: http://lockbitf75dfwq4bsec3iaytf6z5z6dmstx3g35grn74ndxy3py2ozyd.onion/
- url: http://lockbitdx4kanolaotenc3nmonlxv5enmhxdh2lk54rirvcdsljfbjyd.onion/
- url: http://lockbit7tnu7whmaqnnlmvnoxzejssvr6vkcoovg35encvnp24pikvyd.onion/
- url: http://lockbit6vhrjaqzsdj6pqalyideigxv4xycfeyunpx35znogiwmojnid.onion/
- url: http://lockbity7oz7kjcdcgacvihhsli6oimuodmmaftw5omdpgscxdc3mhid.onion/
- url: http://lockbitwnklgh3lt6umrbiztgzl6qujtovdtcovdjhavepp7bpvcmfid.onion/
- url: http://lockbitst7jglgbsj7aijbiqvxwmlhcs7e7gb3eeqx7rjtxsjklw4yyd.onion/
- url: http://lockbitnthkolp2mfa5byjrx2mcbleruktoiawsprqrducnrzilchjid.onion/
- url: http://lockbitjvv72zmzgcqgn63ehjaapffubbwjwi32gzdbrahxjy3hzrxid.onion/
- url: http://lockbitbuy3gsqwrgavmi3ehlmk26h6g3aeyslnq4yksjcbpt6ij5cqd.onion/
- url: http://lockbit33chewwx25efq6dgkhkw4u7nefudq4ijkuamjfd7x73on6dyd.onion/
- url: http://lockbit7gtvdkx7j3tyfpw43zv6majh2owrsp3zilhpm36a3fldqtyqd.onion/
- url: http://lockbit3m6lgexvokfxyqcdnykdvhye7aftic6p4uh7mnz42h25ooiid.onion/
- url: http://lockbit2zfxali5yrplh5swimxva5o4xqi3zpbc24tczgffxh7msrvyd.onion/
- file: 113.45.199.211
- hash: 443
- file: 156.226.174.252
- hash: 80
- file: 16.171.54.42
- hash: 8808
- file: 68.154.20.75
- hash: 4444
- file: 193.56.135.183
- hash: 7443
- file: 9.160.105.14
- hash: 8080
- file: 194.59.30.112
- hash: 1194
- file: 43.142.29.208
- hash: 8898
- file: 192.3.177.149
- hash: 8080
- file: 5.89.181.222
- hash: 443
- domain: oiastocks.pics
- file: 37.60.254.24
- hash: 8080
- domain: cooller-47026.portmap.host
- file: 38.55.99.227
- hash: 80
- file: 43.167.177.224
- hash: 7777
- file: 142.93.128.235
- hash: 8001
- file: 188.166.21.74
- hash: 8001
- file: 176.65.132.217
- hash: 8001
- file: 45.156.87.32
- hash: 8001
- file: 45.156.87.10
- hash: 8001
- file: 176.65.132.170
- hash: 8001
- file: 45.156.87.147
- hash: 8001
- file: 138.68.167.201
- hash: 8001
- file: 165.22.189.154
- hash: 8001
- file: 178.128.66.3
- hash: 8001
- file: 113.45.199.211
- hash: 80
- file: 45.114.106.60
- hash: 7408
- file: 79.133.57.246
- hash: 52817
- file: 107.149.212.8
- hash: 8000
- file: 95.9.236.229
- hash: 3000
- file: 93.198.184.177
- hash: 82
- file: 94.237.53.196
- hash: 8000
- file: 54.167.55.248
- hash: 1723
- file: 93.127.128.88
- hash: 9090
- file: 18.189.118.77
- hash: 80
- domain: invoicing-kyc.com
- file: 148.178.126.20
- hash: 443
- file: 15.197.89.196
- hash: 443
- file: 172.86.73.14
- hash: 443
- file: 3.151.125.141
- hash: 443
- file: 134.209.79.233
- hash: 8001
- file: 104.236.115.57
- hash: 8001
- file: 178.128.187.246
- hash: 8001
- file: 192.241.148.120
- hash: 8001
- domain: c1.msft-config-service.com
- domain: diao.jingxiaoliandong.com
- file: 137.184.203.56
- hash: 31337
- file: 209.122.38.136
- hash: 7979
- file: 196.251.100.45
- hash: 5000
- file: 74.48.24.185
- hash: 3333
- file: 95.111.233.196
- hash: 3333
- file: 180.76.195.134
- hash: 8080
- file: 142.248.231.252
- hash: 2404
- file: 141.11.167.212
- hash: 8001
- file: 85.9.215.136
- hash: 9999
- file: 199.101.111.79
- hash: 3790
- file: 103.177.46.87
- hash: 3790
- file: 18.234.50.186
- hash: 2012
- file: 103.177.46.15
- hash: 3790
- file: 103.177.46.113
- hash: 3790
- file: 103.177.46.81
- hash: 3790
- file: 103.177.46.106
- hash: 3790
- file: 103.177.46.83
- hash: 3790
- file: 206.189.105.135
- hash: 8001
- domain: dev.googleshop.xyz
- file: 103.79.187.254
- hash: 443
- file: 194.102.104.45
- hash: 3306
- file: 43.248.172.165
- hash: 9194
- file: 116.204.171.70
- hash: 69
- file: 134.122.128.134
- hash: 8899
- file: 192.163.162.152
- hash: 447
- domain: witchhyf.cyou
- domain: arrierzh.cyou
- domain: makeravh.cyou
- domain: recitebl.cyou
- file: 102.117.168.206
- hash: 7443
- file: 212.232.22.96
- hash: 7443
- file: 35.76.26.115
- hash: 443
- file: 154.201.84.243
- hash: 8082
- file: 156.252.60.28
- hash: 444
- file: 192.229.116.177
- hash: 4449
- domain: scontent.xx.coppsindoor.org
- domain: api.coppsindoor.org
- domain: pixel.coppsindoor.org
- file: 103.177.46.125
- hash: 3790
- file: 199.101.111.38
- hash: 3790
- file: 144.2.114.83
- hash: 1337
- file: 18.217.104.88
- hash: 443
- domain: cim.co.com
- domain: nft.uk.com
- file: 137.184.203.56
- hash: 8888
- file: 148.178.117.83
- hash: 443
- file: 155.117.161.69
- hash: 5667
- file: 175.29.22.36
- hash: 18102
- file: 79.133.57.246
- hash: 49272
- domain: workstation.chatutor.com
- file: 102.117.162.153
- hash: 7443
- file: 118.71.50.81
- hash: 443
- domain: customer.cathost.io
- file: 31.57.166.100
- hash: 50001
- file: 93.198.184.177
- hash: 81
- domain: secure.ciberseguridad-eia.xyz
- file: 101.35.92.115
- hash: 443
- file: 151.80.233.92
- hash: 3333
ThreatFox IOCs for 2026-01-03
Description
ThreatFox IOCs for 2026-01-03
AI-Powered Analysis
Technical Analysis
This threat report from ThreatFox MISP Feed dated January 3, 2026, details Indicators of Compromise (IOCs) related to malware activities primarily involving OSINT (Open Source Intelligence), network activity, and payload delivery mechanisms. The report does not specify affected software versions or particular vulnerabilities (no CWEs listed), nor does it indicate any known exploits actively used in the wild. The threat level is rated medium, reflecting a moderate risk profile. The absence of patch availability suggests that this threat may involve novel or emerging tactics rather than known vulnerabilities with existing fixes. The technical details include a threat level of 2 and distribution level of 3, implying moderate dissemination potential. The lack of detailed indicators or payload specifics limits the ability to pinpoint exact attack vectors or malware families involved. The focus on OSINT and network activity suggests that attackers may leverage publicly available information to craft targeted payload delivery attacks, potentially exploiting network weaknesses or social engineering. The threat does not require authentication or user interaction, which could facilitate automated or opportunistic attacks. Overall, this threat represents a moderate concern, emphasizing the need for vigilant network monitoring and intelligence-driven defenses.
Potential Impact
For European organizations, the primary impact of this threat lies in the potential for network-based payload delivery that could lead to malware infections, data exfiltration, or disruption of services. Given the medium severity and lack of known exploits, immediate widespread compromise is unlikely; however, targeted attacks leveraging OSINT could enable adversaries to tailor payloads effectively, increasing the risk to sensitive or critical infrastructure. Organizations with extensive network exposure or those heavily reliant on open-source intelligence for operational security may face elevated risks. The absence of patches means that traditional vulnerability remediation is not applicable, placing greater emphasis on detection and response capabilities. Potential impacts include confidentiality breaches if payloads enable data theft, integrity compromises if malware alters data or systems, and availability issues if payloads disrupt network services. The threat’s moderate distribution level suggests a limited but non-negligible spread, warranting attention from security teams across sectors such as finance, government, and critical infrastructure in Europe.
Mitigation Recommendations
European organizations should implement enhanced network traffic monitoring to detect anomalous payload delivery attempts, leveraging advanced intrusion detection and prevention systems (IDPS) with updated threat intelligence feeds, including ThreatFox IOCs. Integration of OSINT analysis into security operations can help anticipate attacker tactics and identify potential targeting patterns. Employing sandboxing and behavioral analysis tools will aid in identifying suspicious payloads before execution. Network segmentation and strict access controls can limit lateral movement if initial compromise occurs. Organizations should also conduct regular threat hunting exercises focused on network activity anomalies and payload signatures. Since no patches are available, emphasis should be placed on timely incident response and containment strategies. Employee awareness programs about social engineering risks related to OSINT exploitation can reduce the likelihood of successful payload delivery. Collaboration with national cybersecurity centers and sharing of threat intelligence within European cybersecurity communities will enhance collective defense.
Affected Countries
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- d024121e-48cd-4230-90d8-cbaa1f73026f
- Original Timestamp
- 1767484987
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file52.203.72.85 | solarmarker botnet C2 server (confidence level: 100%) | |
file5.178.109.30 | Unknown malware botnet C2 server (confidence level: 75%) | |
file94.103.1.222 | Unknown malware botnet C2 server (confidence level: 75%) | |
file54.186.181.98 | Unknown malware botnet C2 server (confidence level: 75%) | |
file185.53.12.211 | Orcus RAT botnet C2 server (confidence level: 75%) | |
file103.219.170.221 | Orcus RAT botnet C2 server (confidence level: 75%) | |
file45.153.34.175 | SectopRAT botnet C2 server (confidence level: 100%) | |
file103.110.87.153 | Meterpreter botnet C2 server (confidence level: 100%) | |
file51.250.16.184 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file113.45.199.211 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.226.174.252 | Sliver botnet C2 server (confidence level: 100%) | |
file16.171.54.42 | Sliver botnet C2 server (confidence level: 100%) | |
file68.154.20.75 | Sliver botnet C2 server (confidence level: 100%) | |
file193.56.135.183 | Unknown malware botnet C2 server (confidence level: 100%) | |
file9.160.105.14 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file194.59.30.112 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file43.142.29.208 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file192.3.177.149 | Havoc botnet C2 server (confidence level: 100%) | |
file5.89.181.222 | Unknown malware botnet C2 server (confidence level: 100%) | |
file37.60.254.24 | Meterpreter botnet C2 server (confidence level: 100%) | |
file38.55.99.227 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.167.177.224 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file142.93.128.235 | Aisuru botnet C2 server (confidence level: 75%) | |
file188.166.21.74 | Aisuru botnet C2 server (confidence level: 75%) | |
file176.65.132.217 | Aisuru botnet C2 server (confidence level: 75%) | |
file45.156.87.32 | Aisuru botnet C2 server (confidence level: 75%) | |
file45.156.87.10 | Aisuru botnet C2 server (confidence level: 75%) | |
file176.65.132.170 | Aisuru botnet C2 server (confidence level: 75%) | |
file45.156.87.147 | Aisuru botnet C2 server (confidence level: 75%) | |
file138.68.167.201 | Aisuru botnet C2 server (confidence level: 75%) | |
file165.22.189.154 | Aisuru botnet C2 server (confidence level: 75%) | |
file178.128.66.3 | Aisuru botnet C2 server (confidence level: 75%) | |
file113.45.199.211 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.114.106.60 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file79.133.57.246 | Sliver botnet C2 server (confidence level: 100%) | |
file107.149.212.8 | Sliver botnet C2 server (confidence level: 100%) | |
file95.9.236.229 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file93.198.184.177 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file94.237.53.196 | MimiKatz botnet C2 server (confidence level: 100%) | |
file54.167.55.248 | Meterpreter botnet C2 server (confidence level: 100%) | |
file93.127.128.88 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file18.189.118.77 | Unknown malware botnet C2 server (confidence level: 100%) | |
file148.178.126.20 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file15.197.89.196 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file172.86.73.14 | Havoc botnet C2 server (confidence level: 75%) | |
file3.151.125.141 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file134.209.79.233 | Aisuru botnet C2 server (confidence level: 75%) | |
file104.236.115.57 | Aisuru botnet C2 server (confidence level: 75%) | |
file178.128.187.246 | Aisuru botnet C2 server (confidence level: 75%) | |
file192.241.148.120 | Aisuru botnet C2 server (confidence level: 75%) | |
file137.184.203.56 | Sliver botnet C2 server (confidence level: 90%) | |
file209.122.38.136 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.100.45 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file74.48.24.185 | Unknown malware botnet C2 server (confidence level: 100%) | |
file95.111.233.196 | Unknown malware botnet C2 server (confidence level: 100%) | |
file180.76.195.134 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file142.248.231.252 | Remcos botnet C2 server (confidence level: 100%) | |
file141.11.167.212 | Bashlite botnet C2 server (confidence level: 100%) | |
file85.9.215.136 | MimiKatz botnet C2 server (confidence level: 100%) | |
file199.101.111.79 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.46.87 | Meterpreter botnet C2 server (confidence level: 100%) | |
file18.234.50.186 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.46.15 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.46.113 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.46.81 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.46.106 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.46.83 | Meterpreter botnet C2 server (confidence level: 100%) | |
file206.189.105.135 | Aisuru botnet C2 server (confidence level: 75%) | |
file103.79.187.254 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file194.102.104.45 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file43.248.172.165 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file116.204.171.70 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file134.122.128.134 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file192.163.162.152 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file102.117.168.206 | Unknown malware botnet C2 server (confidence level: 100%) | |
file212.232.22.96 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.76.26.115 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.201.84.243 | Hook botnet C2 server (confidence level: 100%) | |
file156.252.60.28 | Unknown RAT botnet C2 server (confidence level: 100%) | |
file192.229.116.177 | Venom RAT botnet C2 server (confidence level: 100%) | |
file103.177.46.125 | Meterpreter botnet C2 server (confidence level: 100%) | |
file199.101.111.38 | Meterpreter botnet C2 server (confidence level: 100%) | |
file144.2.114.83 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file18.217.104.88 | Unknown malware botnet C2 server (confidence level: 100%) | |
file137.184.203.56 | Sliver botnet C2 server (confidence level: 75%) | |
file148.178.117.83 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file155.117.161.69 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file175.29.22.36 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file79.133.57.246 | Sliver botnet C2 server (confidence level: 75%) | |
file102.117.162.153 | Unknown malware botnet C2 server (confidence level: 100%) | |
file118.71.50.81 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file31.57.166.100 | Venom RAT botnet C2 server (confidence level: 100%) | |
file93.198.184.177 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file101.35.92.115 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file151.80.233.92 | Unknown malware botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash443 | solarmarker botnet C2 server (confidence level: 100%) | |
hash2222 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash2222 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash4444 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash4444 | Orcus RAT botnet C2 server (confidence level: 75%) | |
hash3000 | Orcus RAT botnet C2 server (confidence level: 75%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | Sliver botnet C2 server (confidence level: 100%) | |
hash4444 | Sliver botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash1194 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8898 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8080 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7408 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash52817 | Sliver botnet C2 server (confidence level: 100%) | |
hash8000 | Sliver botnet C2 server (confidence level: 100%) | |
hash3000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash82 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8000 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash1723 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash9090 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash31337 | Sliver botnet C2 server (confidence level: 90%) | |
hash7979 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5000 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8001 | Bashlite botnet C2 server (confidence level: 100%) | |
hash9999 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash2012 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash3306 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash9194 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash69 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash8899 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash447 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash444 | Unknown RAT botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash1337 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash5667 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash18102 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash49272 | Sliver botnet C2 server (confidence level: 75%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash50001 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash81 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainwww.dev.ostra-regal.com | GootLoader botnet C2 domain (confidence level: 100%) | |
domainwww.diallocksmith.keydesigndevelopment.com | GootLoader botnet C2 domain (confidence level: 100%) | |
domainapp.abuarerestaurant.net | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainoiastocks.pics | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincooller-47026.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaininvoicing-kyc.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainc1.msft-config-service.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaindiao.jingxiaoliandong.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaindev.googleshop.xyz | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainwitchhyf.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainarrierzh.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmakeravh.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainrecitebl.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainscontent.xx.coppsindoor.org | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainapi.coppsindoor.org | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainpixel.coppsindoor.org | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincim.co.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainnft.uk.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainworkstation.chatutor.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaincustomer.cathost.io | Havoc botnet C2 domain (confidence level: 100%) | |
domainsecure.ciberseguridad-eia.xyz | Unknown malware botnet C2 domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://lockbitynxdcxtuvma5deq5pxtnqoacftuigkk37xjq3whefozdpcuad.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbity44loulvujiaoels7knti2tfsnglclnse22syaa6x3vpqp7yd.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbitqth2ij5cdqmj4cdchoh3etnlbh74utqviwqb5svvhxygnmoqd.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbitotfzuq2lpyydzgbhelps2mcz62cpix4nzpcyaak5444iwfmqd.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbitgf43c7avhx5wesx5ambjgbormhwc2tujsy6lvg6drkjhnjryd.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbitfnszjao7hayqsd424m74k5jxc52hozvabjrut7pjfsfaaaoad.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbitdzdbv5dh6ncf65c22tdgej72sty6ikiieuinibh6icnzrv4yd.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbitbgtyqtgutvasrld5gx23ozo32y4xkjrby6bte3zyvjdlyoxyd.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbitabmbzz652qeqd7yztgugcihpy4s4f6zuqi3jx32rzjylsn7ad.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbit24pegjquuwbmwjlvyivmyaujf33kvlepcxyncnugm3zw73myd.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbityq64mwtobqqcr3iwxs5q4o7iliuv72gbx4vflggj4m4wqekad.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbity3v2rhjjjt6opcgvdrrlvdbrt3p2wqmxmq4cm36cchphdy6qd.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbitnpobu6luzzlxb7br5uyqnmeruwimpjuw2kv442nvxd6sufsad.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbitkybiqhyv64vdaamz7uf2ymjoafyalx3e6spmmsz5xyk5nbcad.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbitjqfuyrkxiie6bcly6ow4sh6lmyuyvyats5hcpe5e6hbuhikyd.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbithn5a2qgf4ojvut3q25yylrauvjxrz6sjdd4teas65osru2lqd.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbitf75dfwq4bsec3iaytf6z5z6dmstx3g35grn74ndxy3py2ozyd.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbitdx4kanolaotenc3nmonlxv5enmhxdh2lk54rirvcdsljfbjyd.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbit7tnu7whmaqnnlmvnoxzejssvr6vkcoovg35encvnp24pikvyd.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbit6vhrjaqzsdj6pqalyideigxv4xycfeyunpx35znogiwmojnid.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbity7oz7kjcdcgacvihhsli6oimuodmmaftw5omdpgscxdc3mhid.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbitwnklgh3lt6umrbiztgzl6qujtovdtcovdjhavepp7bpvcmfid.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbitst7jglgbsj7aijbiqvxwmlhcs7e7gb3eeqx7rjtxsjklw4yyd.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbitnthkolp2mfa5byjrx2mcbleruktoiawsprqrducnrzilchjid.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbitjvv72zmzgcqgn63ehjaapffubbwjwi32gzdbrahxjy3hzrxid.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbitbuy3gsqwrgavmi3ehlmk26h6g3aeyslnq4yksjcbpt6ij5cqd.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbit33chewwx25efq6dgkhkw4u7nefudq4ijkuamjfd7x73on6dyd.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbit7gtvdkx7j3tyfpw43zv6majh2owrsp3zilhpm36a3fldqtyqd.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbit3m6lgexvokfxyqcdnykdvhye7aftic6p4uh7mnz42h25ooiid.onion/ | LockBit botnet C2 (confidence level: 100%) | |
urlhttp://lockbit2zfxali5yrplh5swimxva5o4xqi3zpbc24tczgffxh7msrvyd.onion/ | LockBit botnet C2 (confidence level: 100%) |
Threat ID: 6959b0b1db813ff03e7417d2
Added to database: 1/4/2026, 12:13:37 AM
Last enriched: 1/4/2026, 12:28:47 AM
Last updated: 1/8/2026, 5:17:17 AM
Views: 103
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
ThreatFox IOCs for 2026-01-07
MediumBlack Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches
MediumPhishing actors exploiting complex routing scenarios and misconfigured spoof protections
MediumThreatFox IOCs for 2026-01-06
MediumFake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.