Reconnecting to live updates…
ThreatFox IOCs for 2026-01-04
Severity: mediumType: malware
ThreatFox IOCs for 2026-01-04
AI Analysis
Technical Summary
The provided information describes a set of Indicators of Compromise (IOCs) from the ThreatFox MISP feed dated January 4, 2026. These IOCs are categorized under malware with emphasis on OSINT (Open Source Intelligence), network activity, and payload delivery, suggesting that the data relates to observed malicious network behaviors and malware distribution patterns. No specific affected software versions or products are identified, and there are no known exploits in the wild or available patches, indicating that this is primarily intelligence data rather than a direct vulnerability or exploit. The threat level is rated as 2 (on an unspecified scale), with a distribution rating of 3, implying moderate spread or prevalence. The lack of detailed technical indicators or CWEs limits the ability to perform deep technical analysis. The data likely serves as a resource for security teams to enhance detection capabilities by incorporating these IOCs into their security information and event management (SIEM) or endpoint detection and response (EDR) systems. Since the threat relates to malware and payload delivery, it could potentially facilitate unauthorized access, data exfiltration, or disruption if leveraged in targeted attacks. However, the absence of known exploits and patches suggests that this is a proactive intelligence feed rather than a report of an active, exploitable vulnerability. The TLP (Traffic Light Protocol) white tag indicates that the information is intended for public sharing without restrictions, supporting broad dissemination among security communities.
Potential Impact
For European organizations, the impact of this threat depends largely on the relevance and applicability of the shared IOCs to their environments. If these IOCs correspond to malware campaigns targeting sectors prevalent in Europe, such as finance, manufacturing, or critical infrastructure, organizations could face risks including network intrusion, data breaches, or service disruption. The lack of specific affected products or versions means that the threat intelligence serves more as an early warning or detection aid rather than signaling an immediate, exploitable vulnerability. European entities that rely heavily on threat intelligence feeds for proactive defense will benefit by updating their detection rules and monitoring for related network activity or payload delivery attempts. Conversely, organizations without mature threat intelligence integration may be slower to detect such threats, increasing their risk exposure. The medium severity rating suggests a moderate risk level, where exploitation could lead to confidentiality or integrity impacts but is not expected to cause widespread or critical availability issues. Overall, the impact is contingent on the operationalization of this intelligence within organizational security frameworks.
Mitigation Recommendations
1. Integrate ThreatFox IOCs into existing SIEM, EDR, and network monitoring tools to enable automated detection and alerting of related malicious activity. 2. Regularly update threat intelligence feeds and correlate with internal logs to identify potential compromise indicators early. 3. Conduct targeted threat hunting exercises focusing on network activity and payload delivery patterns consistent with the shared IOCs. 4. Enhance employee awareness and training on recognizing suspicious network behaviors and phishing attempts that could deliver malware payloads. 5. Implement network segmentation and strict access controls to limit lateral movement if malware is detected. 6. Maintain up-to-date endpoint protection solutions capable of detecting and blocking known malware signatures. 7. Collaborate with national and European cybersecurity information sharing organizations to stay informed about evolving threats. 8. Develop and test incident response plans that incorporate threat intelligence ingestion and rapid containment procedures. 9. Monitor public and private vulnerability disclosures to anticipate any future patches or exploits related to these IOCs. 10. Employ anomaly detection systems to identify deviations from normal network behavior that may indicate payload delivery attempts.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain
Indicators of Compromise
- file: 138.226.237.105
- hash: 443
- domain: ptn.tfba.me
- domain: ptn.kievteplo.kiev.ua
- file: 144.31.216.28
- hash: 80
- url: https://probable-winner.info/
- file: 138.226.237.119
- hash: 443
- url: https://138.226.237.119/
- domain: korex.sbs
- domain: goooooogk.cfd
- url: http://77.110.102.154:3000/pages/login.html
- file: 77.110.102.154
- hash: 3000
- url: http://45.80.158.214/request-download
- url: http://45.80.158.214/request-inject
- url: http://45.80.158.214/patch
- url: http://87.248.157.152:5000/upl04d
- url: https://down.wincryptapi.com/download
- domain: lgr7mgmwdnswvdgw.wincryptapi.com
- domain: velvetpaw2031.cfd
- domain: my-api-lol.xyz
- url: http://195.178.136.19/3
- file: 66.135.27.20
- hash: 7443
- file: 154.201.84.243
- hash: 8089
- file: 109.117.191.163
- hash: 7000
- file: 54.89.221.157
- hash: 4567
- file: 45.114.106.40
- hash: 9036
- file: 94.237.122.202
- hash: 8000
- file: 140.112.62.119
- hash: 80
- file: 18.220.10.43
- hash: 80
- file: 18.220.10.43
- hash: 443
- file: 13.212.252.234
- hash: 443
- url: https://whm.beverlyhillmanor.com/
- url: https://wartajaya.com/
- url: https://alpharedi.live/ffkqnypkpzelberhqu
- url: https://steam-cloud.pro/murluwldeeqekoapxr
- url: https://int-secure.com/
- url: https://weconger.com/
- url: https://visitassalt.com/
- url: https://webmail.lifeandhope.ec/
- url: https://webbklubben.se/
- url: https://wolkensegler.design/
- url: https://ureyjai.com/
- url: https://18.220.10.43/
- url: https://wiki.webitfactory.io/
- url: https://13.212.252.234/
- url: https://webgrade.kusherp.com/
- url: https://website-1a9d6001.arminpardo.com/
- url: https://wanya-no-heya.com/
- url: https://wpt-8gek.162-215-130-152.cpanel.site.oligoflora.com.br/
- url: https://www.xq5.dev/
- url: https://wurzelwerk-agentur.de/
- url: https://zingst-ostsee.com/
- url: https://zingst24.com/
- url: https://www2.clv.it/
- url: https://wptraining.cloudware.ng/
- url: https://wodan-trading.com/
- url: https://xaydungmaison.com/
- url: https://wildparker.com/
- url: https://yufit.biz/
- url: https://doc.ydqic.com/
- url: https://zoolasuites.com/
- url: https://zmdservice.com/
- url: https://yoshkarola.logomebel.ru/
- url: https://yutoku-plusoneshop.com/
- url: https://yudai1207pt.com/
- url: https://yoshikou-reunion.com/
- url: https://zarkasyi-golkar12.com/
- url: https://vandyuk.com/
- url: https://zvezda-44.ru/
- url: https://yuu-jinsei.com/
- url: https://87.242.86.77/
- url: https://82.146.58.204/
- url: https://159.203.9.141/
- domain: shabi9988-64207.portmap.host
- url: https://sushibymatsu.com/online-order/
- url: https://feedmylambs.site/
- url: https://portal-secure.app/dshudaossabnwubkds
- url: https://soinsfeepourtoi.ch/
- url: https://www.bitesoutoflife.com/2012/04/26/moroccan-spiced-pork-chops/
- file: 172.233.17.103
- hash: 443
- file: 103.59.103.30
- hash: 443
- domain: juridico.tjtjusticia.com
- url: https://12.176.153.160.host.secureserver.net/es721829mx627
- file: 121.20.136.225
- hash: 11631
- file: 88.99.57.95
- hash: 6745
- file: 91.92.241.103
- hash: 4000
- file: 154.91.84.46
- hash: 444
- file: 150.109.246.251
- hash: 443
- file: 79.110.49.154
- hash: 5555
- file: 107.20.72.33
- hash: 2762
- file: 148.178.36.25
- hash: 443
- file: 185.213.61.48
- hash: 443
- file: 192.76.150.79
- hash: 9443
- file: 98.4.242.9
- hash: 443
- file: 212.227.3.71
- hash: 5655
- file: 8.138.28.12
- hash: 80
- file: 68.64.176.117
- hash: 80
- file: 156.234.89.236
- hash: 26512
- file: 139.180.129.54
- hash: 443
- file: 91.92.241.103
- hash: 3000
- file: 121.199.1.251
- hash: 4443
- file: 194.163.179.157
- hash: 8080
- file: 18.168.153.142
- hash: 1724
- file: 35.222.214.62
- hash: 3333
- file: 139.59.29.42
- hash: 3333
- file: 3.226.60.170
- hash: 3333
- file: 198.144.189.88
- hash: 1323
- file: 13.61.9.199
- hash: 3333
- file: 5.182.86.67
- hash: 23
- file: 130.12.180.28
- hash: 63645
- file: 38.148.203.82
- hash: 80
- file: 45.145.229.72
- hash: 8088
- file: 186.169.35.16
- hash: 5061
- file: 13.62.100.77
- hash: 7443
- file: 179.134.105.172
- hash: 9990
- file: 184.72.192.43
- hash: 28535
- file: 103.177.47.82
- hash: 3790
- url: https://adm-toolkit.live/pages/login.html
- file: 5.175.136.77
- hash: 5555
- url: https://89.108.127.231/
- url: http://46.151.182.233/update
- domain: lunexmods.io
- url: https://luxor.boscoplus.com/lunx.zip
- url: http://thammyvienanthea.com/mmm/playbook/onelove/fre.php
- url: https://t.me/nokerloa
- domain: sevreko.rvamsp.com
- url: https://telegram.me/g2trbox
- domain: oil.kievteplo.kiev.ua
- domain: oil.tfba.me
- url: https://steamcommunity.com/profiles/76561198754004827
- url: https://orederpush.cfd/4a1b933c03e9461a.php
- url: http://46.151.182.238:6969/script
- url: http://46.151.182.238:6969/exe/rat.exe
- url: http://46.151.182.238:6969/exe/miner.exe
- domain: orederpush.cfd
- file: 47.109.144.47
- hash: 80
- file: 103.43.8.166
- hash: 6000
- file: 62.60.246.221
- hash: 7443
- domain: server.alpinebooks.xyz
- domain: myaccount.teamslivesupport.com
- domain: content.teamslivesupport.com
- domain: hellofriend.exfrp.space
- file: 106.51.106.81
- hash: 7443
- file: 124.95.136.153
- hash: 10250
- file: 144.34.234.225
- hash: 443
- domain: risv99a3.gr2vityta1k.ru
- file: 41.251.38.169
- hash: 443
- domain: m5yvac5o.gr2vityta1k.ru
- file: 91.92.241.103
- hash: 8808
- domain: 658w83n5.gr2vityta1k.ru
- domain: hywk36mt.gr2vityta1k.ru
- domain: xgz7bm86.expre5ssme4d.ru
- domain: ag9sdh7p.expre5ssme4d.ru
- url: https://github.com/atoragivapo50/flashbulb-iodize/releases/download/123/gstate
- file: 8.136.41.104
- hash: 3323
- domain: lxkz1wt2.ce1lsfeste7.ru
- domain: gim0hpzu.ce1lsfeste7.ru
- url: https://kys.cx/api.php
- domain: kys.cx
- url: https://t.me/phefuckxiabot
- url: http://kys.cx/api.php
- url: http://kys.cx/task.php
- url: https://kys.cx/task.php
- domain: bkndstkv.expe7iencfu9.ru
- domain: gp0nuv6i.expe7iencfu9.ru
- domain: 6p1jc04w.expe7iencfu9.ru
- domain: ol01a5t4.expe7iencfu9.ru
- domain: mrkao6m7.expe7iencfu9.ru
- domain: 7i2b9swt.expe7iencfu9.ru
- file: 8.130.13.250
- hash: 443
- file: 212.192.12.44
- hash: 3643
- file: 51.89.166.245
- hash: 7443
- domain: heysenti.dedyn.io
- file: 65.38.121.25
- hash: 443
- file: 95.181.160.249
- hash: 80
- domain: is9rzgzv.5kyline.ru
- domain: b76ctsj1.5kyline.ru
- domain: j77nejj1.blu3cioud.ru
- domain: z9bdth4n.blu3cioud.ru
- domain: 1s0ryrsp.5t0rmhiil.ru
- domain: l1e26ikw.5t0rmhiil.ru
- domain: auxyv8ds.windbioom.ru
- domain: m1dr52xc.windbioom.ru
- domain: 5t07uep8.sunfiare.ru
- domain: 489hkp0t.sunfiare.ru
- domain: vp4r67nk.n1ghtfaise.ru
- domain: 3gr8e6lu.n1ghtfaise.ru
- domain: g3f5okuq.rainriver.ru
- domain: 929j5tsa.rainriver.ru
- domain: tulfxa99.b1ondepi8s.ru
- domain: v65hz4cb.b1ondepi8s.ru
- domain: a5gmsv1u.ho1idayt2rn.ru
- domain: 11mo4fsx.ho1idayt2rn.ru
- domain: 69t7i1mv.ei8hthyp0.ru
- domain: w6lcjzd6.ei8hthyp0.ru
- domain: rnm3sp58.atte4dh2ve.ru
- domain: b4g475eq.atte4dh2ve.ru
- file: 38.12.32.79
- hash: 2053
- domain: ctadvisor.chatutor.com
- file: 51.89.86.100
- hash: 8808
- file: 118.68.3.33
- hash: 443
- domain: multiipay-ar.shop
- domain: admin.ciberseguridad-eia.xyz
- file: 3.227.128.117
- hash: 443
- file: 159.69.214.152
- hash: 3333
- hash: f3af69c7e134a09573f4717553be1f6d6ca229f1
- hash: de1e5a910f9c946c10a912236cd51f12e1d7cc3c280552853059560bc787c309
- hash: 473c0f6cc4f759bc27b39d24f4eb3afd
- hash: 74fa14c2a751ec23c1ee0cce1f66f5225c24a1e0
- hash: 3a2dcd6c86a8b789c5f07eec531fd9a3d9268288d8cf47e9f324dacd55bb6cfc
- hash: e7e955ac85bc6cf49ce677d57d86f3b3
- hash: 3d67e166a2cb568f8e226bb04672cef2e0e867f9
- hash: 432cc68671e2f92f171d497c5d3e4b2d6e03bdc572c72daf8375e0412fd44f09
- hash: a181d912bc0a1090ba5c60e79766e3fb
- hash: f3c131c7b5994bec29b9b32601d8fd9c599cd6f1
- hash: 975ce7324577087376ddd373fce39f064422acc4a4555f64c34c743fd0a44cbb
- hash: 51caf6ad492b597acd3ad85f13ccd02f
- hash: 0197c54be23c7ce33c8e577838fd72eeef8f69fc
- hash: c9acec4262b4c2f4a0ca4f40de8e2bde3628458d50251483d0772454da79f055
- hash: b08c60b819f465659affd0575c3fdaf0
- hash: acc545c0e7fc70beed85af64c206448f869b396f
- hash: 21169cae3cda0bf0475ed05934f5be44c4bf922007c0f4c790336a3e1a2113b1
- hash: 171505f0bfb9ac2493c2584d957b7616
- hash: 1945f13eb27f7c0b1e62e27a865aa156c5dbd46a
- hash: 2a6c6d3bd8f0d37255de8ddd78ce0c686b45488ca274f1c7b1588512c0327742
- hash: bccfd9a46fc727f231ff77b2f4099815
- hash: 376b0978c54a018719196049d647a2f59322a803
- hash: 0d1ffcadc3b75c99807be361c95c9742377ec7aec19e25d2e88225e75dfbd082
- hash: d00111fc3df4e3fa3ec2bed19bf4972f
- hash: 96ba336824213a381332a7f79d88e74bd549fde9
- hash: e07bffd9a54ba58df4b79b851075c714ec3e275805c47b891af8d5648db82081
- hash: a3e4bf11f2bddb38fb43d0c6f1e794cf
- hash: 0e973e1fe87713fd76ce6610f26452975f543ba8
- hash: dcc0e2606f2881c371ae80d41f558fded4fc7723c15f458d067e6fb790da6829
- hash: 1818d962f04bdafba255f0a2bdbc5385
- hash: c019d8c7cb1760958f44c7e3dcdd5b040ddf517e
- hash: 7b2620cf008268fa8eff18c136ca020fa948634e646f7301ab48a5dd936033fd
- hash: 2df6951b9ef238bfb1c879e18221db30
- hash: c759351e55b66f8f1c2f5c7ce5ce975dd05d4561
- hash: 1f0f46dc270ea7e929b2ae662a8480f5766df7e17ff76816bba7a07865b2806d
- hash: 6b18bc2388eb1162da48c366fc90bedc
- hash: 71f6b93eccd69005236591e712b608210cae30dc
- hash: ca6528840464f06ea89fd446dda1eefec793b424cf895d5026a401d507cdb9b1
- hash: c94c32908c0004e9bd819b92fde2bdda
- hash: 87eab6ff4f4531d18516f416d8a94987fadbec11
- hash: 67ef7c95ecddd6f385897cd6c12e0017a1ea8e538009607251d5de8b7839a07d
- hash: bb027d84538b33927de300eb7e524095
- hash: 450338dd3634df424b777389552764b74b69ceb5
- hash: 75e5535a7b6aa384097fcb990c3ea85f8cbd1db87593dbf4f3d7fe7a619ba3ca
- hash: 9d26d4f8e18131084bee00d99a755dfa
- hash: 8a8bd3b4fe4baaba90d999230a009ddb0d868970
- hash: d06c4afaa3653547c5b106a53fd57783381ee52cb9762d681712e5ac858526f4
- hash: e412f4e4cadc4e1a974df63fadec1210
- hash: 0d154f64c524cb6f04e6fa7bd058adeabffa2ea8
- hash: fb55670b7175f3f3e0e778328ca331ed30057a9dce93e70aca8e5489b422dea7
- hash: 5242c1a113b61f4a7c11be5ea6c576c5
- hash: 917925822cd2e63a3f73582116fe74a53ca12fb2
- hash: 2f316ddaa159806c8a6c7e5470695d6d3f9de382985bc6beb4f5d45e955d1d3f
- hash: fbc5b6deeaeaa5cc25e1f6bc19484221
- hash: 0e728ccec59d2cd725a11b924a67c0db76262bb2
- hash: ad99f1e23d8eb9eb25e71e080e4af6f32f7fcc96ef0f2102f16059c38de259d9
- hash: 74d08e4ef17bb2631f3372bd7ae8226d
- hash: e3aec18227e09acc0b41e9857cceb3cd9fde1959
- hash: 478b08749dd341444a0a859882c21bf63f2bd3e7efbe4def6e2f02ea6d4d8a53
- hash: 0e51fca449cb9da58d7aa3d7508a0ae6
- hash: 51c8ef6b21cc3e2181be0c65a88d6b23eb906bac
- hash: 1424940ec6af15c735a6a67737d7c7c5851a905c2e98f06646d6564b9bf55d34
- hash: f0ce6a5d7ea6f393e4eb7679b7e06d28
- hash: f79ca6ad139cc03470aeafd4f01fd40dfde316c2
- hash: 34cf1f43587e6a9673ba90c0bb5d9b449607d6396a59035fd925b6b67fe6a530
- hash: 851875436409cbd212d7361c6f98ea2e
- hash: 7800bb233d6a5a7b786fcf8e09068eaacbdae0c5
- hash: 4e6b67e845d6d452927d6fb370b806d0d19a1362d5abb4826544b49e91ee15e7
- hash: 6920daf1b733b874af3e124046acf9b8
- hash: 437e89a10214e1812ced863e5a0aeae1241bfe8d
- hash: 5633b7d58dcfcae24f9ddcf10010ce9d4ddce76a4a679298374dbf9588bdc1ad
- hash: 3e5a3f63dc5414fb103fed17781960a8
- hash: 739d6637e749d4ab11eeeb408f9a8aeea42df27f
- hash: 687e30ee1c9066769481f88ee8468c8a1703032268f14c84346c49641ac5b5c3
- hash: 195e7fa94db70407d7e454375accc1c4
- hash: c19e582334b6441f82895f37fb88f0a332e31f46
- hash: 857e010d97ee77f3f2829ac77e754a32993de7c325d5d40eb064dee62ff7c9e4
- hash: eafa8a7c070c4d5f7efcfe00a5644c02
- hash: 6cb873faeb08673c49074150fc31c4e6d0a0bcf7
- hash: 1b9bd85e37381900782f18d0c0f4b3a7db62aeee3e6501a973e5f8305ea060a2
- hash: 1db7096b549e55a42713fc0185756b19
- hash: 0f56d3199bf23f45ddf79e4752016a3b3c59f0fc
- hash: 0371de87e229a75b8ccd2cf5b69bbbd5bc0f4ca61857ab5847fd592e92b48fc7
- hash: 626eff030b7c364f188c8aff23eca7a8
- hash: e3b20acda4b6b677b464087d3254f7b4ac030a66
- hash: bb9c04f1737f431635090ec436ffb5e79b2259f7bbfe2d9c65fb6f3799828ea2
- hash: 53947098f8c5cf4c0d833f8072bfcbe3
- hash: 45c618198f403eeb157afe12c2d7242b0da55b13
- hash: 703f5d89f887e05cd6d84b29d7c344844b263b1b570d8470e05e688389320464
- hash: 72ff6e92adfb2001ac164a4bb646903c
- hash: 68660e7c1e58cc7394ad721f76ff95135d4795fd
- hash: d9809fcece6925ecae2fcd77f50fef52a93be62b9d2f464a5ef27cfa59c604d0
- hash: db84c22a46e882c9e20a2c1ceb43e02a
- hash: 6d0e7e71b4dbb1daa4e8bd1548438d226976cd22
- hash: 8e4a1591d0b035190fc27ea619690e017ff123379cc417a374fcc3b760c0150f
- hash: bb60da31df8e364e159aadbfd6e7358c
- hash: 5b746535a867f8b71cd612d61581fea389d3bd2e
- hash: b46f7ea522418918ebe0a1106c24004e78f2000dc47fb66c95138cea869bbe9f
- hash: b5e95b08432b4c8b30a7f1c99cd309b7
- hash: c331515434632feaa8169b92095c91e7cc13f9fc
- hash: 5c8a4a8a13892a089efe1ad9b78a01e5811e7bb5b77e4c62d6da7781abf32198
- hash: 518db4c02488525d1173447376a8a767
- hash: 4c8c6ce4fe5700f3aa2869ee97d7a7ce525cbc1f
- hash: 802f9297ee90fab24e1ab18bf74787a03b3e6ddf681677feb066383038a4f188
- hash: 79b0e3a3e726c6fc1106f98d16903584
- hash: 2650f5ba65738e1b899e7bca186d3c0b23d4d421
- hash: 0178df6a04b3743e242f1680e26eb071791fb999a3d36f080f5dfec4ece1bc24
- hash: 09dbef12d48816c9a750b7d2b1a7ba55
- hash: 2d3d8f79a6b0972bb6b3056992f616db4d18fed0
- hash: 8828efa807d196dd3302a9b1bced089ed407ff13d5e28bfc2df9b884d57913ab
- hash: 0e46195ce63d6fc33471bf3e3883863c
- hash: 98e1c2e099ae07f1018dc1d951db0b58cc1a0cf8
- hash: da268b5f413ac53f0f9488912cfe693fa15a50b0c7635b64dbbfef2325e44a4b
- hash: 228e23a926de993c2f4a2ffaf5792e87
- hash: e1958f05ce74115d24fe09712914a506b30368a3
- hash: 247bc5015b57de8b3b61bd8afdf7f432aef154405129004e941b7fa890104a6c
- hash: 0c08cc1170c8ea0b2898efa68fb8d551
- hash: b984f4f42ecc0f7e1a17d116a317075f67439b91
- hash: 8a9e3f85d6290f95204daf8aed93e511b8ed2b5bce5a498a43d52e0b729c049d
- hash: 005d6af0cadfb7196e5b97a9cd3d5e00
- hash: 62ba1a15268ce16a1fbd0da2158122bb45d84c0d
- hash: d8703f3ae5d5d14e99ee750ec4da64a4c4ffbf242355e2c526285673c3caffcc
- hash: c004df54da96ed59476b8d32f91b625c
- hash: 1bb9861dc6f0041c33972e7a407f3c70e0748838
- hash: 5756e25b85cd80cc50822ff08493723729b4f99d37d2a0e26a4a0fa244c7db15
- hash: 31aef6d32669bc5807b348f948bcc2ad
- hash: dd123b5abb98f5f159d030376443dce63d5be438
- hash: 9e8b389a6d2dd273e9252874bc44c2ceaffdfc6102cb204a46330c823404bb08
- hash: adf5809fe308bfe819f6e5b247df05eb
- hash: 1bc93ceca960efe85172a7cd375184c7559e9077
- hash: 26134b043d866b85cf5a6389c64c885f814c074d0cc9c413ce344f88de3e8f15
- hash: 2366d0b96ee4905fd53cdfec2c822188
- hash: 2b11bf488cd8b04b3f9dfcfd5dcb170ee541ce5b
- hash: 2c7558f2b15a313ec953a0c93d53adedbf480afaee6ea14c2b9c8ac276497daf
- hash: 0c2717822a39c71ef9fdf1055005e78e
- hash: 3d08793eaac7c0feeba676bb1bf24f10e0159667
- hash: 04537e704df71330b1e7f1a3147796a5d0277fbe6922a2a304a9a526cdbfe059
- hash: e709114b3c9b593f245f9168c998752d
- hash: f74ff834923f4492eb9dc3c8e4d3e4108d6db5b5
- hash: 749a094dd333916249a24c7e9540c9f7f22c8ead8a9b1bb353aeaf1b8e195fb9
- hash: 2369763fff2e0fbcecc9fbcbc25c3daf
- hash: 82d4e98cc087d9e227a36f003907437c27e7a9bd
- hash: 3349cb5bc3770684377153330929e52dae288933ff966f524c769563c377d8a5
- hash: 867ba4ad8b8355510f6e47367c5db6d3
- hash: a2c6ea56c098d29f0fea153975f1b025f52c2b00
- hash: 4e160339aeb9bfbd576dfbe288cbb58eb82b7d85f9c4d84651cb1ee024c3a260
- hash: 3f0965d0594391dbe727bb86b5b121bb
- hash: 6caa33167407abb5ea5bafe47ec0d320f5efa14f
- hash: c87aaaf0d29500532edd49bf7d3b54ff4b89e58c9232f70f5e5c51a6385aa058
- hash: d8eba7478fc3b8bdebe3c84e5c28e767
- hash: 1e489539039345ec36e7f1d65be1327a37e0d7c4
- hash: b65f1d036ca6102748cfb25a1aed8a80eb7ed7e4a262d9dabbb0ec3979d3768c
- hash: 6029f3b9fabfcad4a4dc26389c0a61ed
- hash: 5aabc3b1b5ab3a1a8bbdd2d7105bbc62d51bc013
- hash: 192ec289aef24bf1cdb74a5c4cd25b84d458e078c732b3aef9d1eda336f6e338
- hash: f10281271e172d4a984df7790cfe371f
- hash: ad5b7c4f50ed8bf98133521a2d0127c092460f02
- hash: 448563f007e88768dd3ac036250a19b3598951bf3f83ff8335fa19f04c6173e5
- hash: 478506520e3d80ed6e655becac67fa34
- hash: 52afb2f7f4efe22e896d75fbe46ebec6d80fd680
- hash: 4de054e1e7ab2a58f115cb769eb333352b67f182725979a7dd79f5f0c2fa12d9
- hash: 51d7aa56153e77781eac6db34b675fbf
- domain: e40yvibc.b1tterb0tt.ru
- domain: ynr4ubkn.b1tterb0tt.ru
- domain: 4xjyevmd.d0tte1ran.ru
- domain: nzrhwm99.d0tte1ran.ru
- domain: bdpkkklq.con8ratken2r.ru
- domain: 0ouow35c.con8ratken2r.ru
ThreatFox IOCs for 2026-01-04
0
MediumPublished: Sun Jan 04 2026 (01/04/2026, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2026-01-04
AI-Powered Analysis
AILast updated: 01/05/2026, 00:28:52 UTC
Technical Analysis
The provided information describes a set of Indicators of Compromise (IOCs) from the ThreatFox MISP feed dated January 4, 2026. These IOCs are categorized under malware with emphasis on OSINT (Open Source Intelligence), network activity, and payload delivery, suggesting that the data relates to observed malicious network behaviors and malware distribution patterns. No specific affected software versions or products are identified, and there are no known exploits in the wild or available patches, indicating that this is primarily intelligence data rather than a direct vulnerability or exploit. The threat level is rated as 2 (on an unspecified scale), with a distribution rating of 3, implying moderate spread or prevalence. The lack of detailed technical indicators or CWEs limits the ability to perform deep technical analysis. The data likely serves as a resource for security teams to enhance detection capabilities by incorporating these IOCs into their security information and event management (SIEM) or endpoint detection and response (EDR) systems. Since the threat relates to malware and payload delivery, it could potentially facilitate unauthorized access, data exfiltration, or disruption if leveraged in targeted attacks. However, the absence of known exploits and patches suggests that this is a proactive intelligence feed rather than a report of an active, exploitable vulnerability. The TLP (Traffic Light Protocol) white tag indicates that the information is intended for public sharing without restrictions, supporting broad dissemination among security communities.
Potential Impact
For European organizations, the impact of this threat depends largely on the relevance and applicability of the shared IOCs to their environments. If these IOCs correspond to malware campaigns targeting sectors prevalent in Europe, such as finance, manufacturing, or critical infrastructure, organizations could face risks including network intrusion, data breaches, or service disruption. The lack of specific affected products or versions means that the threat intelligence serves more as an early warning or detection aid rather than signaling an immediate, exploitable vulnerability. European entities that rely heavily on threat intelligence feeds for proactive defense will benefit by updating their detection rules and monitoring for related network activity or payload delivery attempts. Conversely, organizations without mature threat intelligence integration may be slower to detect such threats, increasing their risk exposure. The medium severity rating suggests a moderate risk level, where exploitation could lead to confidentiality or integrity impacts but is not expected to cause widespread or critical availability issues. Overall, the impact is contingent on the operationalization of this intelligence within organizational security frameworks.
Mitigation Recommendations
1. Integrate ThreatFox IOCs into existing SIEM, EDR, and network monitoring tools to enable automated detection and alerting of related malicious activity. 2. Regularly update threat intelligence feeds and correlate with internal logs to identify potential compromise indicators early. 3. Conduct targeted threat hunting exercises focusing on network activity and payload delivery patterns consistent with the shared IOCs. 4. Enhance employee awareness and training on recognizing suspicious network behaviors and phishing attempts that could deliver malware payloads. 5. Implement network segmentation and strict access controls to limit lateral movement if malware is detected. 6. Maintain up-to-date endpoint protection solutions capable of detecting and blocking known malware signatures. 7. Collaborate with national and European cybersecurity information sharing organizations to stay informed about evolving threats. 8. Develop and test incident response plans that incorporate threat intelligence ingestion and rapid containment procedures. 9. Monitor public and private vulnerability disclosures to anticipate any future patches or exploits related to these IOCs. 10. Employ anomaly detection systems to identify deviations from normal network behavior that may indicate payload delivery attempts.
Affected Countries
Need more detailed analysis?Upgrade to Pro Console
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 56791dab-0d4c-4955-af5e-9766b721c80a
- Original Timestamp
- 1767571387
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file138.226.237.105 | Vidar botnet C2 server (confidence level: 100%) | |
file144.31.216.28 | Stealc botnet C2 server (confidence level: 100%) | |
file138.226.237.119 | Vidar botnet C2 server (confidence level: 100%) | |
file77.110.102.154 | Unknown malware botnet C2 server (confidence level: 100%) | |
file66.135.27.20 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.201.84.243 | Hook botnet C2 server (confidence level: 100%) | |
file109.117.191.163 | Venom RAT botnet C2 server (confidence level: 100%) | |
file54.89.221.157 | Meterpreter botnet C2 server (confidence level: 100%) | |
file45.114.106.40 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file94.237.122.202 | MimiKatz botnet C2 server (confidence level: 100%) | |
file140.112.62.119 | xmrig botnet C2 server (confidence level: 100%) | |
file18.220.10.43 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.220.10.43 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.212.252.234 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.233.17.103 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.59.103.30 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file121.20.136.225 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file88.99.57.95 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file91.92.241.103 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file154.91.84.46 | Unknown RAT botnet C2 server (confidence level: 100%) | |
file150.109.246.251 | Havoc botnet C2 server (confidence level: 100%) | |
file79.110.49.154 | Unknown malware botnet C2 server (confidence level: 100%) | |
file107.20.72.33 | Meterpreter botnet C2 server (confidence level: 100%) | |
file148.178.36.25 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file185.213.61.48 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file192.76.150.79 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file98.4.242.9 | QakBot botnet C2 server (confidence level: 75%) | |
file212.227.3.71 | RMS botnet C2 server (confidence level: 100%) | |
file8.138.28.12 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file68.64.176.117 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.89.236 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file139.180.129.54 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.92.241.103 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file121.199.1.251 | Havoc botnet C2 server (confidence level: 100%) | |
file194.163.179.157 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.168.153.142 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.222.214.62 | Unknown malware botnet C2 server (confidence level: 100%) | |
file139.59.29.42 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.226.60.170 | Unknown malware botnet C2 server (confidence level: 100%) | |
file198.144.189.88 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.61.9.199 | Unknown malware botnet C2 server (confidence level: 100%) | |
file5.182.86.67 | Bashlite botnet C2 server (confidence level: 90%) | |
file130.12.180.28 | Mirai botnet C2 server (confidence level: 80%) | |
file38.148.203.82 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.145.229.72 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file186.169.35.16 | Remcos botnet C2 server (confidence level: 100%) | |
file13.62.100.77 | Unknown malware botnet C2 server (confidence level: 100%) | |
file179.134.105.172 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file184.72.192.43 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.47.82 | Meterpreter botnet C2 server (confidence level: 100%) | |
file5.175.136.77 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.109.144.47 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.43.8.166 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file62.60.246.221 | Unknown malware botnet C2 server (confidence level: 100%) | |
file106.51.106.81 | Unknown malware botnet C2 server (confidence level: 75%) | |
file124.95.136.153 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file144.34.234.225 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file41.251.38.169 | NetSupportManager RAT botnet C2 server (confidence level: 75%) | |
file91.92.241.103 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file8.136.41.104 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file8.130.13.250 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file212.192.12.44 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file51.89.166.245 | Unknown malware botnet C2 server (confidence level: 100%) | |
file65.38.121.25 | Havoc botnet C2 server (confidence level: 100%) | |
file95.181.160.249 | Unknown malware botnet C2 server (confidence level: 100%) | |
file38.12.32.79 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file51.89.86.100 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file118.68.3.33 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file3.227.128.117 | Unknown malware botnet C2 server (confidence level: 100%) | |
file159.69.214.152 | Unknown malware botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash3000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash7000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash4567 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash9036 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8000 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash80 | xmrig botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash11631 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash6745 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash444 | Unknown RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash5555 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2762 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash9443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash5655 | RMS botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash26512 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1724 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1323 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash23 | Bashlite botnet C2 server (confidence level: 90%) | |
hash63645 | Mirai botnet C2 server (confidence level: 80%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5061 | Remcos botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9990 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash28535 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash5555 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash10250 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 75%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash3323 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3643 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2053 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hashf3af69c7e134a09573f4717553be1f6d6ca229f1 | Stealc payload (confidence level: 95%) | |
hashde1e5a910f9c946c10a912236cd51f12e1d7cc3c280552853059560bc787c309 | Stealc payload (confidence level: 95%) | |
hash473c0f6cc4f759bc27b39d24f4eb3afd | Stealc payload (confidence level: 95%) | |
hash74fa14c2a751ec23c1ee0cce1f66f5225c24a1e0 | Phorpiex payload (confidence level: 95%) | |
hash3a2dcd6c86a8b789c5f07eec531fd9a3d9268288d8cf47e9f324dacd55bb6cfc | Phorpiex payload (confidence level: 95%) | |
hashe7e955ac85bc6cf49ce677d57d86f3b3 | Phorpiex payload (confidence level: 95%) | |
hash3d67e166a2cb568f8e226bb04672cef2e0e867f9 | poscardstealer payload (confidence level: 95%) | |
hash432cc68671e2f92f171d497c5d3e4b2d6e03bdc572c72daf8375e0412fd44f09 | poscardstealer payload (confidence level: 95%) | |
hasha181d912bc0a1090ba5c60e79766e3fb | poscardstealer payload (confidence level: 95%) | |
hashf3c131c7b5994bec29b9b32601d8fd9c599cd6f1 | Typhon Stealer payload (confidence level: 95%) | |
hash975ce7324577087376ddd373fce39f064422acc4a4555f64c34c743fd0a44cbb | Typhon Stealer payload (confidence level: 95%) | |
hash51caf6ad492b597acd3ad85f13ccd02f | Typhon Stealer payload (confidence level: 95%) | |
hash0197c54be23c7ce33c8e577838fd72eeef8f69fc | SalatStealer payload (confidence level: 95%) | |
hashc9acec4262b4c2f4a0ca4f40de8e2bde3628458d50251483d0772454da79f055 | SalatStealer payload (confidence level: 95%) | |
hashb08c60b819f465659affd0575c3fdaf0 | SalatStealer payload (confidence level: 95%) | |
hashacc545c0e7fc70beed85af64c206448f869b396f | SalatStealer payload (confidence level: 95%) | |
hash21169cae3cda0bf0475ed05934f5be44c4bf922007c0f4c790336a3e1a2113b1 | SalatStealer payload (confidence level: 95%) | |
hash171505f0bfb9ac2493c2584d957b7616 | SalatStealer payload (confidence level: 95%) | |
hash1945f13eb27f7c0b1e62e27a865aa156c5dbd46a | AsyncRAT payload (confidence level: 95%) | |
hash2a6c6d3bd8f0d37255de8ddd78ce0c686b45488ca274f1c7b1588512c0327742 | AsyncRAT payload (confidence level: 95%) | |
hashbccfd9a46fc727f231ff77b2f4099815 | AsyncRAT payload (confidence level: 95%) | |
hash376b0978c54a018719196049d647a2f59322a803 | Coinminer payload (confidence level: 95%) | |
hash0d1ffcadc3b75c99807be361c95c9742377ec7aec19e25d2e88225e75dfbd082 | Coinminer payload (confidence level: 95%) | |
hashd00111fc3df4e3fa3ec2bed19bf4972f | Coinminer payload (confidence level: 95%) | |
hash96ba336824213a381332a7f79d88e74bd549fde9 | ValleyRAT payload (confidence level: 95%) | |
hashe07bffd9a54ba58df4b79b851075c714ec3e275805c47b891af8d5648db82081 | ValleyRAT payload (confidence level: 95%) | |
hasha3e4bf11f2bddb38fb43d0c6f1e794cf | ValleyRAT payload (confidence level: 95%) | |
hash0e973e1fe87713fd76ce6610f26452975f543ba8 | ValleyRAT payload (confidence level: 95%) | |
hashdcc0e2606f2881c371ae80d41f558fded4fc7723c15f458d067e6fb790da6829 | ValleyRAT payload (confidence level: 95%) | |
hash1818d962f04bdafba255f0a2bdbc5385 | ValleyRAT payload (confidence level: 95%) | |
hashc019d8c7cb1760958f44c7e3dcdd5b040ddf517e | Stealc payload (confidence level: 95%) | |
hash7b2620cf008268fa8eff18c136ca020fa948634e646f7301ab48a5dd936033fd | Stealc payload (confidence level: 95%) | |
hash2df6951b9ef238bfb1c879e18221db30 | Stealc payload (confidence level: 95%) | |
hashc759351e55b66f8f1c2f5c7ce5ce975dd05d4561 | CoffeeLoader payload (confidence level: 95%) | |
hash1f0f46dc270ea7e929b2ae662a8480f5766df7e17ff76816bba7a07865b2806d | CoffeeLoader payload (confidence level: 95%) | |
hash6b18bc2388eb1162da48c366fc90bedc | CoffeeLoader payload (confidence level: 95%) | |
hash71f6b93eccd69005236591e712b608210cae30dc | poscardstealer payload (confidence level: 95%) | |
hashca6528840464f06ea89fd446dda1eefec793b424cf895d5026a401d507cdb9b1 | poscardstealer payload (confidence level: 95%) | |
hashc94c32908c0004e9bd819b92fde2bdda | poscardstealer payload (confidence level: 95%) | |
hash87eab6ff4f4531d18516f416d8a94987fadbec11 | Coinminer payload (confidence level: 95%) | |
hash67ef7c95ecddd6f385897cd6c12e0017a1ea8e538009607251d5de8b7839a07d | Coinminer payload (confidence level: 95%) | |
hashbb027d84538b33927de300eb7e524095 | Coinminer payload (confidence level: 95%) | |
hash450338dd3634df424b777389552764b74b69ceb5 | Phorpiex payload (confidence level: 95%) | |
hash75e5535a7b6aa384097fcb990c3ea85f8cbd1db87593dbf4f3d7fe7a619ba3ca | Phorpiex payload (confidence level: 95%) | |
hash9d26d4f8e18131084bee00d99a755dfa | Phorpiex payload (confidence level: 95%) | |
hash8a8bd3b4fe4baaba90d999230a009ddb0d868970 | Luca Stealer payload (confidence level: 95%) | |
hashd06c4afaa3653547c5b106a53fd57783381ee52cb9762d681712e5ac858526f4 | Luca Stealer payload (confidence level: 95%) | |
hashe412f4e4cadc4e1a974df63fadec1210 | Luca Stealer payload (confidence level: 95%) | |
hash0d154f64c524cb6f04e6fa7bd058adeabffa2ea8 | Luca Stealer payload (confidence level: 95%) | |
hashfb55670b7175f3f3e0e778328ca331ed30057a9dce93e70aca8e5489b422dea7 | Luca Stealer payload (confidence level: 95%) | |
hash5242c1a113b61f4a7c11be5ea6c576c5 | Luca Stealer payload (confidence level: 95%) | |
hash917925822cd2e63a3f73582116fe74a53ca12fb2 | AsyncRAT payload (confidence level: 95%) | |
hash2f316ddaa159806c8a6c7e5470695d6d3f9de382985bc6beb4f5d45e955d1d3f | AsyncRAT payload (confidence level: 95%) | |
hashfbc5b6deeaeaa5cc25e1f6bc19484221 | AsyncRAT payload (confidence level: 95%) | |
hash0e728ccec59d2cd725a11b924a67c0db76262bb2 | AsyncRAT payload (confidence level: 95%) | |
hashad99f1e23d8eb9eb25e71e080e4af6f32f7fcc96ef0f2102f16059c38de259d9 | AsyncRAT payload (confidence level: 95%) | |
hash74d08e4ef17bb2631f3372bd7ae8226d | AsyncRAT payload (confidence level: 95%) | |
hashe3aec18227e09acc0b41e9857cceb3cd9fde1959 | AsyncRAT payload (confidence level: 95%) | |
hash478b08749dd341444a0a859882c21bf63f2bd3e7efbe4def6e2f02ea6d4d8a53 | AsyncRAT payload (confidence level: 95%) | |
hash0e51fca449cb9da58d7aa3d7508a0ae6 | AsyncRAT payload (confidence level: 95%) | |
hash51c8ef6b21cc3e2181be0c65a88d6b23eb906bac | AsyncRAT payload (confidence level: 95%) | |
hash1424940ec6af15c735a6a67737d7c7c5851a905c2e98f06646d6564b9bf55d34 | AsyncRAT payload (confidence level: 95%) | |
hashf0ce6a5d7ea6f393e4eb7679b7e06d28 | AsyncRAT payload (confidence level: 95%) | |
hashf79ca6ad139cc03470aeafd4f01fd40dfde316c2 | AsyncRAT payload (confidence level: 95%) | |
hash34cf1f43587e6a9673ba90c0bb5d9b449607d6396a59035fd925b6b67fe6a530 | AsyncRAT payload (confidence level: 95%) | |
hash851875436409cbd212d7361c6f98ea2e | AsyncRAT payload (confidence level: 95%) | |
hash7800bb233d6a5a7b786fcf8e09068eaacbdae0c5 | AsyncRAT payload (confidence level: 95%) | |
hash4e6b67e845d6d452927d6fb370b806d0d19a1362d5abb4826544b49e91ee15e7 | AsyncRAT payload (confidence level: 95%) | |
hash6920daf1b733b874af3e124046acf9b8 | AsyncRAT payload (confidence level: 95%) | |
hash437e89a10214e1812ced863e5a0aeae1241bfe8d | AsyncRAT payload (confidence level: 95%) | |
hash5633b7d58dcfcae24f9ddcf10010ce9d4ddce76a4a679298374dbf9588bdc1ad | AsyncRAT payload (confidence level: 95%) | |
hash3e5a3f63dc5414fb103fed17781960a8 | AsyncRAT payload (confidence level: 95%) | |
hash739d6637e749d4ab11eeeb408f9a8aeea42df27f | AsyncRAT payload (confidence level: 95%) | |
hash687e30ee1c9066769481f88ee8468c8a1703032268f14c84346c49641ac5b5c3 | AsyncRAT payload (confidence level: 95%) | |
hash195e7fa94db70407d7e454375accc1c4 | AsyncRAT payload (confidence level: 95%) | |
hashc19e582334b6441f82895f37fb88f0a332e31f46 | AsyncRAT payload (confidence level: 95%) | |
hash857e010d97ee77f3f2829ac77e754a32993de7c325d5d40eb064dee62ff7c9e4 | AsyncRAT payload (confidence level: 95%) | |
hasheafa8a7c070c4d5f7efcfe00a5644c02 | AsyncRAT payload (confidence level: 95%) | |
hash6cb873faeb08673c49074150fc31c4e6d0a0bcf7 | poscardstealer payload (confidence level: 95%) | |
hash1b9bd85e37381900782f18d0c0f4b3a7db62aeee3e6501a973e5f8305ea060a2 | poscardstealer payload (confidence level: 95%) | |
hash1db7096b549e55a42713fc0185756b19 | poscardstealer payload (confidence level: 95%) | |
hash0f56d3199bf23f45ddf79e4752016a3b3c59f0fc | Vidar payload (confidence level: 95%) | |
hash0371de87e229a75b8ccd2cf5b69bbbd5bc0f4ca61857ab5847fd592e92b48fc7 | Vidar payload (confidence level: 95%) | |
hash626eff030b7c364f188c8aff23eca7a8 | Vidar payload (confidence level: 95%) | |
hashe3b20acda4b6b677b464087d3254f7b4ac030a66 | Vidar payload (confidence level: 95%) | |
hashbb9c04f1737f431635090ec436ffb5e79b2259f7bbfe2d9c65fb6f3799828ea2 | Vidar payload (confidence level: 95%) | |
hash53947098f8c5cf4c0d833f8072bfcbe3 | Vidar payload (confidence level: 95%) | |
hash45c618198f403eeb157afe12c2d7242b0da55b13 | AsyncRAT payload (confidence level: 95%) | |
hash703f5d89f887e05cd6d84b29d7c344844b263b1b570d8470e05e688389320464 | AsyncRAT payload (confidence level: 95%) | |
hash72ff6e92adfb2001ac164a4bb646903c | AsyncRAT payload (confidence level: 95%) | |
hash68660e7c1e58cc7394ad721f76ff95135d4795fd | AsyncRAT payload (confidence level: 95%) | |
hashd9809fcece6925ecae2fcd77f50fef52a93be62b9d2f464a5ef27cfa59c604d0 | AsyncRAT payload (confidence level: 95%) | |
hashdb84c22a46e882c9e20a2c1ceb43e02a | AsyncRAT payload (confidence level: 95%) | |
hash6d0e7e71b4dbb1daa4e8bd1548438d226976cd22 | SalatStealer payload (confidence level: 95%) | |
hash8e4a1591d0b035190fc27ea619690e017ff123379cc417a374fcc3b760c0150f | SalatStealer payload (confidence level: 95%) | |
hashbb60da31df8e364e159aadbfd6e7358c | SalatStealer payload (confidence level: 95%) | |
hash5b746535a867f8b71cd612d61581fea389d3bd2e | SalatStealer payload (confidence level: 95%) | |
hashb46f7ea522418918ebe0a1106c24004e78f2000dc47fb66c95138cea869bbe9f | SalatStealer payload (confidence level: 95%) | |
hashb5e95b08432b4c8b30a7f1c99cd309b7 | SalatStealer payload (confidence level: 95%) | |
hashc331515434632feaa8169b92095c91e7cc13f9fc | Quasar RAT payload (confidence level: 95%) | |
hash5c8a4a8a13892a089efe1ad9b78a01e5811e7bb5b77e4c62d6da7781abf32198 | Quasar RAT payload (confidence level: 95%) | |
hash518db4c02488525d1173447376a8a767 | Quasar RAT payload (confidence level: 95%) | |
hash4c8c6ce4fe5700f3aa2869ee97d7a7ce525cbc1f | ISR Stealer payload (confidence level: 95%) | |
hash802f9297ee90fab24e1ab18bf74787a03b3e6ddf681677feb066383038a4f188 | ISR Stealer payload (confidence level: 95%) | |
hash79b0e3a3e726c6fc1106f98d16903584 | ISR Stealer payload (confidence level: 95%) | |
hash2650f5ba65738e1b899e7bca186d3c0b23d4d421 | Loki Password Stealer (PWS) payload (confidence level: 95%) | |
hash0178df6a04b3743e242f1680e26eb071791fb999a3d36f080f5dfec4ece1bc24 | Loki Password Stealer (PWS) payload (confidence level: 95%) | |
hash09dbef12d48816c9a750b7d2b1a7ba55 | Loki Password Stealer (PWS) payload (confidence level: 95%) | |
hash2d3d8f79a6b0972bb6b3056992f616db4d18fed0 | Owlproxy payload (confidence level: 95%) | |
hash8828efa807d196dd3302a9b1bced089ed407ff13d5e28bfc2df9b884d57913ab | Owlproxy payload (confidence level: 95%) | |
hash0e46195ce63d6fc33471bf3e3883863c | Owlproxy payload (confidence level: 95%) | |
hash98e1c2e099ae07f1018dc1d951db0b58cc1a0cf8 | AsyncRAT payload (confidence level: 95%) | |
hashda268b5f413ac53f0f9488912cfe693fa15a50b0c7635b64dbbfef2325e44a4b | AsyncRAT payload (confidence level: 95%) | |
hash228e23a926de993c2f4a2ffaf5792e87 | AsyncRAT payload (confidence level: 95%) | |
hashe1958f05ce74115d24fe09712914a506b30368a3 | ValleyRAT payload (confidence level: 95%) | |
hash247bc5015b57de8b3b61bd8afdf7f432aef154405129004e941b7fa890104a6c | ValleyRAT payload (confidence level: 95%) | |
hash0c08cc1170c8ea0b2898efa68fb8d551 | ValleyRAT payload (confidence level: 95%) | |
hashb984f4f42ecc0f7e1a17d116a317075f67439b91 | WebMonitor RAT payload (confidence level: 95%) | |
hash8a9e3f85d6290f95204daf8aed93e511b8ed2b5bce5a498a43d52e0b729c049d | WebMonitor RAT payload (confidence level: 95%) | |
hash005d6af0cadfb7196e5b97a9cd3d5e00 | WebMonitor RAT payload (confidence level: 95%) | |
hash62ba1a15268ce16a1fbd0da2158122bb45d84c0d | LPEClient payload (confidence level: 95%) | |
hashd8703f3ae5d5d14e99ee750ec4da64a4c4ffbf242355e2c526285673c3caffcc | LPEClient payload (confidence level: 95%) | |
hashc004df54da96ed59476b8d32f91b625c | LPEClient payload (confidence level: 95%) | |
hash1bb9861dc6f0041c33972e7a407f3c70e0748838 | Formbook payload (confidence level: 95%) | |
hash5756e25b85cd80cc50822ff08493723729b4f99d37d2a0e26a4a0fa244c7db15 | Formbook payload (confidence level: 95%) | |
hash31aef6d32669bc5807b348f948bcc2ad | Formbook payload (confidence level: 95%) | |
hashdd123b5abb98f5f159d030376443dce63d5be438 | Formbook payload (confidence level: 95%) | |
hash9e8b389a6d2dd273e9252874bc44c2ceaffdfc6102cb204a46330c823404bb08 | Formbook payload (confidence level: 95%) | |
hashadf5809fe308bfe819f6e5b247df05eb | Formbook payload (confidence level: 95%) | |
hash1bc93ceca960efe85172a7cd375184c7559e9077 | HijackLoader payload (confidence level: 95%) | |
hash26134b043d866b85cf5a6389c64c885f814c074d0cc9c413ce344f88de3e8f15 | HijackLoader payload (confidence level: 95%) | |
hash2366d0b96ee4905fd53cdfec2c822188 | HijackLoader payload (confidence level: 95%) | |
hash2b11bf488cd8b04b3f9dfcfd5dcb170ee541ce5b | Quasar RAT payload (confidence level: 95%) | |
hash2c7558f2b15a313ec953a0c93d53adedbf480afaee6ea14c2b9c8ac276497daf | Quasar RAT payload (confidence level: 95%) | |
hash0c2717822a39c71ef9fdf1055005e78e | Quasar RAT payload (confidence level: 95%) | |
hash3d08793eaac7c0feeba676bb1bf24f10e0159667 | Phorpiex payload (confidence level: 95%) | |
hash04537e704df71330b1e7f1a3147796a5d0277fbe6922a2a304a9a526cdbfe059 | Phorpiex payload (confidence level: 95%) | |
hashe709114b3c9b593f245f9168c998752d | Phorpiex payload (confidence level: 95%) | |
hashf74ff834923f4492eb9dc3c8e4d3e4108d6db5b5 | ValleyRAT payload (confidence level: 95%) | |
hash749a094dd333916249a24c7e9540c9f7f22c8ead8a9b1bb353aeaf1b8e195fb9 | ValleyRAT payload (confidence level: 95%) | |
hash2369763fff2e0fbcecc9fbcbc25c3daf | ValleyRAT payload (confidence level: 95%) | |
hash82d4e98cc087d9e227a36f003907437c27e7a9bd | BBSRAT payload (confidence level: 95%) | |
hash3349cb5bc3770684377153330929e52dae288933ff966f524c769563c377d8a5 | BBSRAT payload (confidence level: 95%) | |
hash867ba4ad8b8355510f6e47367c5db6d3 | BBSRAT payload (confidence level: 95%) | |
hasha2c6ea56c098d29f0fea153975f1b025f52c2b00 | Coinminer payload (confidence level: 95%) | |
hash4e160339aeb9bfbd576dfbe288cbb58eb82b7d85f9c4d84651cb1ee024c3a260 | Coinminer payload (confidence level: 95%) | |
hash3f0965d0594391dbe727bb86b5b121bb | Coinminer payload (confidence level: 95%) | |
hash6caa33167407abb5ea5bafe47ec0d320f5efa14f | poscardstealer payload (confidence level: 95%) | |
hashc87aaaf0d29500532edd49bf7d3b54ff4b89e58c9232f70f5e5c51a6385aa058 | poscardstealer payload (confidence level: 95%) | |
hashd8eba7478fc3b8bdebe3c84e5c28e767 | poscardstealer payload (confidence level: 95%) | |
hash1e489539039345ec36e7f1d65be1327a37e0d7c4 | BBSRAT payload (confidence level: 95%) | |
hashb65f1d036ca6102748cfb25a1aed8a80eb7ed7e4a262d9dabbb0ec3979d3768c | BBSRAT payload (confidence level: 95%) | |
hash6029f3b9fabfcad4a4dc26389c0a61ed | BBSRAT payload (confidence level: 95%) | |
hash5aabc3b1b5ab3a1a8bbdd2d7105bbc62d51bc013 | ValleyRAT payload (confidence level: 95%) | |
hash192ec289aef24bf1cdb74a5c4cd25b84d458e078c732b3aef9d1eda336f6e338 | ValleyRAT payload (confidence level: 95%) | |
hashf10281271e172d4a984df7790cfe371f | ValleyRAT payload (confidence level: 95%) | |
hashad5b7c4f50ed8bf98133521a2d0127c092460f02 | BBSRAT payload (confidence level: 95%) | |
hash448563f007e88768dd3ac036250a19b3598951bf3f83ff8335fa19f04c6173e5 | BBSRAT payload (confidence level: 95%) | |
hash478506520e3d80ed6e655becac67fa34 | BBSRAT payload (confidence level: 95%) | |
hash52afb2f7f4efe22e896d75fbe46ebec6d80fd680 | AsyncRAT payload (confidence level: 95%) | |
hash4de054e1e7ab2a58f115cb769eb333352b67f182725979a7dd79f5f0c2fa12d9 | AsyncRAT payload (confidence level: 95%) | |
hash51d7aa56153e77781eac6db34b675fbf | AsyncRAT payload (confidence level: 95%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainptn.tfba.me | Vidar botnet C2 domain (confidence level: 100%) | |
domainptn.kievteplo.kiev.ua | Vidar botnet C2 domain (confidence level: 100%) | |
domainkorex.sbs | Unknown malware payload delivery domain (confidence level: 100%) | |
domaingoooooogk.cfd | Unknown malware payload delivery domain (confidence level: 100%) | |
domainlgr7mgmwdnswvdgw.wincryptapi.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainvelvetpaw2031.cfd | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmy-api-lol.xyz | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainshabi9988-64207.portmap.host | SpyNote botnet C2 domain (confidence level: 100%) | |
domainjuridico.tjtjusticia.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainlunexmods.io | Unknown malware payload delivery domain (confidence level: 100%) | |
domainsevreko.rvamsp.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainoil.kievteplo.kiev.ua | Vidar botnet C2 domain (confidence level: 100%) | |
domainoil.tfba.me | Vidar botnet C2 domain (confidence level: 100%) | |
domainorederpush.cfd | Stealc botnet C2 domain (confidence level: 100%) | |
domainserver.alpinebooks.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainmyaccount.teamslivesupport.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincontent.teamslivesupport.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainhellofriend.exfrp.space | XWorm botnet C2 domain (confidence level: 100%) | |
domainrisv99a3.gr2vityta1k.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm5yvac5o.gr2vityta1k.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain658w83n5.gr2vityta1k.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhywk36mt.gr2vityta1k.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainxgz7bm86.expre5ssme4d.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainag9sdh7p.expre5ssme4d.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlxkz1wt2.ce1lsfeste7.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingim0hpzu.ce1lsfeste7.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkys.cx | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainbkndstkv.expe7iencfu9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingp0nuv6i.expe7iencfu9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain6p1jc04w.expe7iencfu9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainol01a5t4.expe7iencfu9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmrkao6m7.expe7iencfu9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain7i2b9swt.expe7iencfu9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainheysenti.dedyn.io | Havoc botnet C2 domain (confidence level: 100%) | |
domainis9rzgzv.5kyline.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb76ctsj1.5kyline.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainj77nejj1.blu3cioud.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainz9bdth4n.blu3cioud.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain1s0ryrsp.5t0rmhiil.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainl1e26ikw.5t0rmhiil.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainauxyv8ds.windbioom.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm1dr52xc.windbioom.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain5t07uep8.sunfiare.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain489hkp0t.sunfiare.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainvp4r67nk.n1ghtfaise.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain3gr8e6lu.n1ghtfaise.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaing3f5okuq.rainriver.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain929j5tsa.rainriver.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintulfxa99.b1ondepi8s.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv65hz4cb.b1ondepi8s.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaina5gmsv1u.ho1idayt2rn.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain11mo4fsx.ho1idayt2rn.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain69t7i1mv.ei8hthyp0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainw6lcjzd6.ei8hthyp0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrnm3sp58.atte4dh2ve.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb4g475eq.atte4dh2ve.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainctadvisor.chatutor.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainmultiipay-ar.shop | Havoc botnet C2 domain (confidence level: 100%) | |
domainadmin.ciberseguridad-eia.xyz | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaine40yvibc.b1tterb0tt.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainynr4ubkn.b1tterb0tt.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain4xjyevmd.d0tte1ran.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnzrhwm99.d0tte1ran.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbdpkkklq.con8ratken2r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain0ouow35c.con8ratken2r.ru | ClearFake payload delivery domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://probable-winner.info/ | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://138.226.237.119/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://77.110.102.154:3000/pages/login.html | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://45.80.158.214/request-download | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://45.80.158.214/request-inject | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://45.80.158.214/patch | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://87.248.157.152:5000/upl04d | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://down.wincryptapi.com/download | Unknown Stealer payload delivery URL (confidence level: 100%) | |
urlhttp://195.178.136.19/3 | Phorpiex payload delivery URL (confidence level: 100%) | |
urlhttps://whm.beverlyhillmanor.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://wartajaya.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://alpharedi.live/ffkqnypkpzelberhqu | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://steam-cloud.pro/murluwldeeqekoapxr | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://int-secure.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://weconger.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://visitassalt.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://webmail.lifeandhope.ec/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://webbklubben.se/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://wolkensegler.design/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://ureyjai.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://18.220.10.43/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://wiki.webitfactory.io/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://13.212.252.234/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://webgrade.kusherp.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://website-1a9d6001.arminpardo.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://wanya-no-heya.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://wpt-8gek.162-215-130-152.cpanel.site.oligoflora.com.br/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://www.xq5.dev/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://wurzelwerk-agentur.de/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://zingst-ostsee.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://zingst24.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://www2.clv.it/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://wptraining.cloudware.ng/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://wodan-trading.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://xaydungmaison.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://wildparker.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://yufit.biz/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://doc.ydqic.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://zoolasuites.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://zmdservice.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://yoshkarola.logomebel.ru/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://yutoku-plusoneshop.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://yudai1207pt.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://yoshikou-reunion.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://zarkasyi-golkar12.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://vandyuk.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://zvezda-44.ru/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://yuu-jinsei.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://87.242.86.77/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://82.146.58.204/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://159.203.9.141/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://sushibymatsu.com/online-order/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://feedmylambs.site/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://portal-secure.app/dshudaossabnwubkds | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://soinsfeepourtoi.ch/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://www.bitesoutoflife.com/2012/04/26/moroccan-spiced-pork-chops/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://12.176.153.160.host.secureserver.net/es721829mx627 | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://adm-toolkit.live/pages/login.html | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://89.108.127.231/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttp://46.151.182.233/update | SalatStealer payload delivery URL (confidence level: 100%) | |
urlhttps://luxor.boscoplus.com/lunx.zip | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://thammyvienanthea.com/mmm/playbook/onelove/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttps://t.me/nokerloa | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://telegram.me/g2trbox | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://steamcommunity.com/profiles/76561198754004827 | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://orederpush.cfd/4a1b933c03e9461a.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://46.151.182.238:6969/script | SalatStealer payload delivery URL (confidence level: 100%) | |
urlhttp://46.151.182.238:6969/exe/rat.exe | SalatStealer payload delivery URL (confidence level: 100%) | |
urlhttp://46.151.182.238:6969/exe/miner.exe | Coinminer payload delivery URL (confidence level: 100%) | |
urlhttps://github.com/atoragivapo50/flashbulb-iodize/releases/download/123/gstate | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://kys.cx/api.php | Unknown Stealer botnet C2 (confidence level: 100%) | |
urlhttps://t.me/phefuckxiabot | Unknown Stealer botnet C2 (confidence level: 100%) | |
urlhttp://kys.cx/api.php | Unknown Stealer botnet C2 (confidence level: 100%) | |
urlhttp://kys.cx/task.php | Unknown Stealer botnet C2 (confidence level: 100%) | |
urlhttps://kys.cx/task.php | Unknown Stealer botnet C2 (confidence level: 100%) |
Threat ID: 695b0231db813ff03ef2c705
Added to database: 1/5/2026, 12:13:37 AM
Last enriched: 1/5/2026, 12:28:52 AM
Last updated: 1/8/2026, 5:17:17 AM
Views: 240
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
ThreatFox IOCs for 2026-01-07
MediumMalwareThu Jan 08 2026
Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches
MediumMalwareWed Jan 07 2026
Phishing actors exploiting complex routing scenarios and misconfigured spoof protections
MediumMalwareWed Jan 07 2026
ThreatFox IOCs for 2026-01-06
MediumMalwareWed Jan 07 2026
Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat
MediumMalwareTue Jan 06 2026
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.