Reconnecting to live updates…
ThreatFox IOCs for 2026-01-05
Severity: mediumType: malware
ThreatFox IOCs for 2026-01-05
AI Analysis
Technical Summary
This entry from the ThreatFox MISP feed dated January 5, 2026, provides Indicators of Compromise (IOCs) related to malware activities, specifically focusing on OSINT, network activity, and payload delivery. The data is tagged with 'type:osint' and 'tlp:white', indicating it is intended for broad sharing without restrictions. However, the report lacks detailed technical specifics such as affected software versions, concrete indicators, or exploit mechanisms. No patches or known exploits in the wild have been reported, suggesting this is an intelligence update rather than a report of an active or emerging exploit. The threat level is rated as medium, with a threat level score of 2 and distribution score of 3, indicating moderate concern and some dissemination within the community. The absence of CWE identifiers and patch information limits the ability to assess the vulnerability or exploit vector. The focus on OSINT and network activity implies that the threat may involve reconnaissance or initial payload delivery stages, which could precede more severe attacks if leveraged by threat actors. The lack of user interaction or authentication requirements is not specified, but the medium severity suggests some barriers to exploitation or limited impact. Overall, this report serves as a situational awareness update for cybersecurity teams to monitor related network traffic and payload signatures.
Potential Impact
For European organizations, the impact of this threat is currently limited due to the absence of known exploits or active attacks. However, the presence of OSINT-related IOCs and payload delivery indicators suggests potential reconnaissance or early-stage intrusion attempts that could lead to more significant compromises if exploited. Organizations relying heavily on OSINT tools or those with extensive network infrastructures may face increased exposure to such reconnaissance activities. If threat actors use these IOCs to craft targeted attacks, confidentiality, integrity, and availability of systems could be at risk. The medium severity rating implies moderate risk, with potential for disruption or data leakage if payload delivery mechanisms succeed. The lack of patches or mitigation details means organizations must rely on proactive detection and response capabilities. European entities involved in critical infrastructure, finance, or government sectors should be particularly cautious, as these sectors are frequent targets for malware campaigns leveraging OSINT and network exploitation techniques.
Mitigation Recommendations
European organizations should enhance their OSINT monitoring capabilities to detect and analyze emerging Indicators of Compromise related to this threat. Deploy advanced network traffic analysis tools capable of identifying unusual payload delivery patterns and suspicious network activity. Integrate threat intelligence feeds such as ThreatFox into Security Information and Event Management (SIEM) systems to automate detection and correlation of relevant IOCs. Conduct regular threat hunting exercises focusing on reconnaissance and early-stage intrusion indicators. Strengthen network segmentation and enforce strict access controls to limit lateral movement in case of initial compromise. Implement endpoint detection and response (EDR) solutions to identify and contain payload execution attempts. Maintain up-to-date incident response plans that incorporate OSINT-derived threat intelligence. Collaborate with national and European cybersecurity centers to share intelligence and best practices. Since no patches are available, focus on detection and containment rather than remediation of vulnerabilities. Finally, train security teams on interpreting OSINT data and integrating it into operational security workflows.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
Indicators of Compromise
- domain: main.vetraproject.site
- domain: globaleliteconsulting24.com
- url: http://195.178.136.19/4
- url: https://44.200.11.23/
- url: https://sqlcapture.com/
- url: https://138.197.49.130:8081/
- url: http://85.192.28.115/ce369e7324834845.php
- domain: top.cloudpub.ru
- url: https://cuve-fioul-services.fr/
- url: http://195.178.136.19/5
- url: https://tesllamacapp.com/
- url: https://45.144.233.192/
- domain: xgspmgw8.liner5ag0.ru
- domain: u9bygw3d.liner5ag0.ru
- file: 102.98.75.73
- hash: 443
- file: 84.154.181.89
- hash: 82
- file: 196.75.232.54
- hash: 2222
- file: 3.128.241.168
- hash: 443
- domain: 3fj89h5i.dive9uoht2.ru
- domain: 1ulufjyr.dive9uoht2.ru
- domain: 1205eq5m.sunb2zealou5.ru
- domain: 41xyhih6.sunb2zealou5.ru
- domain: 9q0r8r20.m0ri5ompump.ru
- domain: 92bh4ebq.m0ri5ompump.ru
- file: 23.132.164.118
- hash: 5888
- url: https://3.128.241.168/
- file: 20.81.164.199
- hash: 8443
- file: 77.90.3.52
- hash: 2087
- file: 139.180.210.104
- hash: 2053
- file: 172.233.1.83
- hash: 443
- file: 196.251.107.94
- hash: 8808
- file: 82.23.146.156
- hash: 80
- file: 185.84.160.189
- hash: 4321
- file: 103.177.47.137
- hash: 3790
- file: 3.129.231.18
- hash: 443
- file: 3.128.241.168
- hash: 80
- url: https://164.160.41.10/
- url: https://mail.kryla.land/
- file: 167.71.1.196
- hash: 8001
- file: 138.68.142.172
- hash: 8001
- file: 147.182.174.1
- hash: 8001
- file: 159.223.149.100
- hash: 8001
- file: 104.248.52.214
- hash: 8001
- file: 165.22.3.155
- hash: 8001
- file: 159.89.87.232
- hash: 8001
- file: 165.22.113.198
- hash: 8001
- file: 159.65.73.227
- hash: 8001
- domain: api.echoyesterday.com
- domain: us-a.keepgo123.com
- domain: us-a.gsonx.com
- domain: sdk1.lolbrogg123424.com
- domain: lolxd.713mtauburnctcolumbusoh43085.st
- file: 93.95.112.59
- hash: 8443
- file: 62.164.143.35
- hash: 6666
- url: https://github.com/gstatic-kh5q6ekh/cdn-113-cloud/releases/download/static/id-owf836aos
- file: 85.234.91.247
- hash: 1337
- file: 182.255.44.77
- hash: 80
- file: 103.143.231.99
- hash: 80
- file: 107.23.16.36
- hash: 80
- file: 185.39.19.53
- hash: 5002
- file: 185.196.8.221
- hash: 5000
- file: 130.12.180.110
- hash: 4444
- file: 103.177.47.172
- hash: 3790
- file: 34.102.116.83
- hash: 80
- file: 3.150.227.197
- hash: 80
- file: 124.156.113.135
- hash: 8443
- file: 202.56.160.190
- hash: 80
- file: 160.250.128.197
- hash: 50050
- file: 35.182.254.92
- hash: 443
- file: 152.32.251.78
- hash: 50050
- file: 180.76.141.175
- hash: 50050
- file: 209.97.168.63
- hash: 50050
- file: 111.228.3.39
- hash: 50050
- file: 20.81.130.132
- hash: 8443
- file: 5.61.209.131
- hash: 31337
- file: 23.94.38.104
- hash: 31337
- file: 167.86.120.234
- hash: 31337
- file: 65.49.211.67
- hash: 31337
- file: 165.232.180.204
- hash: 31337
- file: 92.113.124.206
- hash: 31337
- file: 46.250.231.5
- hash: 31337
- file: 207.180.207.252
- hash: 31337
- file: 45.137.99.78
- hash: 31337
- file: 46.101.64.237
- hash: 31337
- file: 192.52.167.197
- hash: 31337
- file: 80.82.67.58
- hash: 31337
- file: 138.68.92.59
- hash: 31337
- file: 38.165.40.9
- hash: 31337
- file: 91.210.57.176
- hash: 31337
- file: 159.100.14.125
- hash: 31337
- file: 185.250.36.92
- hash: 31337
- file: 192.227.253.42
- hash: 31337
- file: 45.84.59.254
- hash: 31337
- file: 185.45.192.121
- hash: 31337
- file: 81.217.161.211
- hash: 31337
- file: 92.246.90.154
- hash: 31337
- file: 124.220.165.194
- hash: 31337
- file: 34.78.59.131
- hash: 31337
- file: 93.127.128.88
- hash: 31337
- file: 2.57.122.59
- hash: 31337
- file: 129.212.178.8
- hash: 31337
- file: 185.216.68.254
- hash: 31337
- file: 150.241.68.11
- hash: 31337
- file: 130.94.33.52
- hash: 31337
- file: 34.209.232.97
- hash: 31337
- file: 103.125.219.196
- hash: 31337
- file: 123.249.117.187
- hash: 3333
- file: 46.16.214.154
- hash: 3333
- file: 3.30.137.33
- hash: 443
- file: 82.145.125.194
- hash: 80
- file: 190.210.197.3
- hash: 8080
- file: 216.41.237.22
- hash: 8443
- file: 216.200.96.231
- hash: 8443
- file: 103.30.72.195
- hash: 8443
- file: 156.252.60.26
- hash: 444
- file: 156.252.60.27
- hash: 444
- file: 137.220.155.86
- hash: 444
- file: 84.46.239.89
- hash: 6443
- file: 2.34.147.176
- hash: 9002
- file: 176.82.138.192
- hash: 6000
- file: 124.198.131.115
- hash: 5555
- file: 149.210.43.57
- hash: 443
- file: 103.12.148.42
- hash: 80
- file: 178.183.152.111
- hash: 10080
- file: 158.175.130.146
- hash: 32201
- file: 16.146.239.135
- hash: 443
- file: 195.20.17.49
- hash: 443
- file: 216.238.67.15
- hash: 12345
- file: 52.2.9.54
- hash: 443
- url: https://cproter.de/
- url: https://staging1.caverntechnologies.com/
- url: http://www.net-acceleration-sg.cloud/
- url: https://net-acceleration-sg.cloud/
- url: https://sc-003.tiktoktiaozhuan.xyz/
- url: https://sc3.tiktoktiaozhuan.xyz/
- url: https://sunqiangxx.top/
- url: https://45.131.215.139/4c0eeee3a4b86b26.php
- url: http://77.110.109.2/ce369e7324834845.php
- url: http://89.110.110.198/f999fb4b778f4b7a.php
- url: https://185.11.61.143:45051/
- url: http://154.201.84.243:8080/
- url: http://154.61.69.121/
- url: http://94.183.168.33/
- url: https://77.91.77.140/g9bkfkwf/index.php
- url: http://193.236.79.44/attivita/index.php
- url: https://154.201.84.243:8080/
- url: https://95.181.160.249/
- url: https://185.132.53.18/
- url: https://qinh12.top/
- url: https://chenzx01.top/
- domain: api.999slot.media
- domain: api.emi.co.com
- domain: api.naturesremedies.uk.com
- domain: channel-think.gl.at.ply.gg
- domain: clearsolutions.uk.com
- domain: fly88-1.com
- domain: hho.uk.com
- domain: hvu.uk.com
- domain: login.kk999.net.br
- domain: logs.999slot.media
- domain: logs.altex.jpn.com
- domain: logs.kubet.de.com
- domain: msf.uk.com
- domain: w.maximaforfa.com
- domain: x.maximaforfa.com
- url: http://disayts10.top/download.php?file=4.exe
- url: http://lisagy25.top/index.php
- url: http://morlisanqr02.top/index.php
- domain: disayts10.top
- domain: lisagy25.top
- domain: morlisanqr02.top
- domain: 1.qq88765.online
- domain: 10.qq88765.online
- domain: 2.qq88765.online
- domain: 3.qq88765.online
- domain: 4.qq88765.online
- domain: 5.qq88765.online
- domain: 6.qq88765.online
- domain: 7.qq88765.online
- domain: 8.qq88765.online
- domain: 9.qq88765.online
- domain: avefenix35630.duckdns.org
- domain: client.traumvillen.de.com
- domain: client.virtuoso.uk.com
- domain: login.danhdeonline.co.com
- domain: login.vidyaayurved.in.net
- domain: server.traumvillen.de.com
- domain: server.virtuoso.uk.com
- domain: wqp.uk.com
- url: https://onedrive.live.com/download?cid=10c44a5247accfde&resid=10c44a5247accfde%211158&authkey=acuv8ez2zz9qq9sa
- url: https://thammyvienanthea.com/mmm/playbook/onelove/fre.php
- domain: lmfao.school-kids.space
- domain: rfrfcrfvcrvfrvfrf.duckdns.org
- domain: sndrsshtvip.vip
- domain: www.id888.pw
- domain: milolo-44643.portmap.host
- domain: webdowner.com
- url: https://telete.in/jbitchsucks
- url: https://telete.in/jredmankun
- url: https://tttttt.me/jredmankun
- domain: yuahdgbceja.sytes.net
- file: 185.157.162.101
- hash: 3435
- url: https://pastebin.com/raw/bnfutuhu
- url: https://pastebin.com/raw/akzf25te
- domain: among-publisher.gl.at.ply.gg
- domain: bill-lu.gl.at.ply.gg
- file: 47.122.114.32
- hash: 10819
- file: 104.64.192.238
- hash: 7000
- domain: pitifed.cyou
- domain: sendyprotecte.click
- url: https://3.150.227.197/
- url: https://34.102.116.83/
- file: 90.143.182.93
- hash: 5552
- url: https://hex.multiatend.com.br/
- url: https://hex.kievholod.kiev.ua/
- url: https://gog.multiatend.com.br/
- url: https://gog.kievholod.kiev.ua/
- url: https://xet.multiatend.com.br/
- url: https://xet.kievholod.kiev.ua/
- url: https://rfg.multiatend.com.br/
- url: https://rfg.kievholod.kiev.ua/
- url: https://boe.multiatend.com.br/
- url: https://boe.kievholod.kiev.ua/
- url: https://dit.multiatend.com.br/
- url: https://dit.kievholod.kiev.ua/
- url: https://hov.multiatend.com.br/
- url: https://hov.kievholod.kiev.ua/
- url: https://oil.tfba.me/
- url: https://grj.tfba.me/
- url: https://krs.tfba.me/
- url: https://ptn.tfba.me/
- url: https://ptn.passadisco.com.br/
- url: https://pex.passadisco.com.br/
- url: https://lgo.passadisco.com.br/
- url: https://y26.passadisco.com.br/
- url: https://drn.passadisco.com.br/
- url: https://bnb.passadisco.com.br/
- url: https://lop.passadisco.com.br/
- url: https://fre.passadisco.com.br/
- url: https://ges.passadisco.com.br/
- url: https://nnw.passadisco.com.br/
- url: https://ptn.kievteplo.in.ua/
- url: https://pex.kievteplo.in.ua/
- url: https://lgo.kievteplo.in.ua/
- url: https://y26.kievteplo.in.ua/
- url: https://drn.kievteplo.in.ua/
- url: https://bnb.kievteplo.in.ua/
- url: https://lop.kievteplo.in.ua/
- url: https://fre.kievteplo.in.ua/
- url: https://ges.kievteplo.in.ua/
- url: https://nnw.kievteplo.in.ua/
- url: https://oil.kievteplo.kiev.ua/
- url: https://grj.kievteplo.kiev.ua/
- url: https://krs.kievteplo.kiev.ua/
- url: https://ptn.kievteplo.kiev.ua/
- url: https://185.196.8.99/
- url: https://185.208.156.57/
- url: https://86.54.42.227/
- url: https://185.208.156.184/
- url: https://141.11.164.188/
- url: https://91.124.149.170/
- url: https://95.217.240.165/
- url: https://84.200.87.5/
- url: https://185.196.11.23/
- url: https://95.217.246.140/
- url: https://95.217.29.133/
- url: https://46.62.159.110/
- url: https://95.217.24.39/
- url: https://5.75.196.146/
- url: https://95.216.178.83/
- url: https://95.217.28.115/
- url: https://95.217.243.215/
- url: https://65.21.63.246/
- url: https://185.167.234.238/
- url: https://91.124.149.85/
- url: https://77.42.42.202/
- domain: hov.multiatend.com.br
- domain: hov.kievholod.kiev.ua
- domain: dit.multiatend.com.br
- domain: boe.multiatend.com.br
- domain: boe.kievholod.kiev.ua
- domain: rfg.multiatend.com.br
- domain: rfg.kievholod.kiev.ua
- domain: xet.multiatend.com.br
- domain: gog.multiatend.com.br
- domain: gog.kievholod.kiev.ua
- domain: hex.multiatend.com.br
- domain: hex.kievholod.kiev.ua
- domain: grj.tfba.me
- domain: krs.tfba.me
- domain: ptn.passadisco.com.br
- domain: pex.passadisco.com.br
- domain: y26.passadisco.com.br
- domain: drn.passadisco.com.br
- domain: bnb.passadisco.com.br
- domain: lop.passadisco.com.br
- domain: fre.passadisco.com.br
- domain: ges.passadisco.com.br
- domain: nnw.passadisco.com.br
- domain: ptn.kievteplo.in.ua
- domain: pex.kievteplo.in.ua
- domain: y26.kievteplo.in.ua
- domain: drn.kievteplo.in.ua
- domain: bnb.kievteplo.in.ua
- domain: lop.kievteplo.in.ua
- domain: fre.kievteplo.in.ua
- domain: ges.kievteplo.in.ua
- domain: nnw.kievteplo.in.ua
- domain: grj.kievteplo.kiev.ua
- domain: krs.kievteplo.kiev.ua
- file: 185.196.8.99
- hash: 443
- file: 185.208.156.57
- hash: 443
- file: 86.54.42.227
- hash: 443
- file: 185.208.156.184
- hash: 443
- file: 95.216.181.234
- hash: 443
- file: 141.11.164.188
- hash: 443
- file: 91.124.149.170
- hash: 443
- file: 95.217.240.165
- hash: 443
- file: 84.200.87.5
- hash: 443
- file: 185.196.11.23
- hash: 443
- file: 95.217.246.140
- hash: 443
- file: 95.217.29.133
- hash: 443
- file: 46.62.159.110
- hash: 443
- file: 95.217.24.39
- hash: 443
- file: 5.75.196.146
- hash: 443
- file: 95.216.178.83
- hash: 443
- file: 95.217.28.115
- hash: 443
- file: 95.217.243.215
- hash: 443
- file: 65.21.63.246
- hash: 443
- file: 91.124.149.85
- hash: 443
- file: 77.42.42.202
- hash: 443
- file: 175.24.138.5
- hash: 8088
- file: 176.65.132.242
- hash: 4444
- domain: api.bitcoinusdtusdc.xyz
- file: 156.226.174.252
- hash: 8080
- file: 156.226.174.252
- hash: 31337
- file: 121.36.217.43
- hash: 1234
- file: 185.196.8.221
- hash: 5001
- file: 45.61.134.92
- hash: 60000
- file: 20.196.109.183
- hash: 8443
- file: 3.80.48.2
- hash: 3333
- domain: clawless-42512.portmap.host
- file: 199.101.111.240
- hash: 3790
- file: 18.119.212.249
- hash: 80
- url: http://178.16.54.109/lfuck.exe
- url: http://178.16.54.109/lfucky.exe
- url: http://213.5.130.151
- url: http://213.5.130.124
- url: http://213.5.130.122
- url: http://213.5.130.187
- domain: ttwweb.live
- url: https://18.119.212.249/
- url: https://gvo.tfba.me/
- url: https://gvo.kievteplo.kiev.ua/
- domain: gvo.tfba.me
- domain: gvo.kievteplo.kiev.ua
- file: 161.35.4.69
- hash: 8001
- file: 46.101.47.30
- hash: 8001
- file: 68.183.40.145
- hash: 8001
- file: 165.232.105.76
- hash: 8001
- file: 139.59.181.228
- hash: 8001
- url: http://89.125.255.226:82/365-stealer/yourvictims/login.php
- file: 89.125.255.226
- hash: 82
- file: 77.110.119.94
- hash: 80
- url: http://178.16.54.109/l1.exe
- url: http://178.16.54.109/l2.exe
- url: http://178.16.54.109/l3.exe
- url: http://178.16.54.109/l4.exe
- url: http://178.16.54.109/l5.exe
- url: http://178.16.54.109/l6.exe
- url: http://178.16.54.109/l7.exe
- url: http://178.16.54.109/l8.exe
- url: http://178.16.54.109/l9.exe
- url: http://178.16.54.109/l10.exe
- url: http://178.16.54.109/l11.exe
- url: http://178.16.54.109/l12.exe
- url: http://178.16.54.109/l13.exe
- url: http://178.16.54.109/l14.exe
- url: http://178.16.54.109/l15.exe
- url: https://scrroeder.com/1q1q.js
- domain: scrroeder.com
- url: https://scrroeder.com/js.php
- url: http://144.31.221.71/a
- file: 178.128.66.197
- hash: 8001
- file: 165.227.29.5
- hash: 8001
- file: 165.232.92.145
- hash: 8001
- domain: annonalc.cyou
- domain: porcupvu.cyou
- domain: statisnv.cyou
- domain: genusstv.cyou
- url: https://github.com/gstatic-kh5q6ekh/cdn-113-cloud/blob/main/eos24)
- file: 157.230.59.188
- hash: 8001
- url: https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-113-cloud/eos24
- file: 54.92.96.88
- hash: 48001
- url: https://chrispetley.com/
- file: 34.102.116.83
- hash: 443
- file: 45.153.34.74
- hash: 12344
- file: 87.248.150.68
- hash: 8010
- file: 45.156.87.115
- hash: 3778
- file: 176.65.132.46
- hash: 38241
- file: 91.208.206.49
- hash: 6699
- file: 130.12.180.108
- hash: 44532
- domain: cringeasfaslto-34920.portmap.host
- file: 206.189.7.37
- hash: 8001
- file: 159.65.216.7
- hash: 8001
- file: 138.197.217.91
- hash: 8001
- file: 206.189.182.30
- hash: 8001
- file: 178.128.185.35
- hash: 8001
- file: 138.68.188.230
- hash: 8001
- file: 143.198.3.74
- hash: 8001
- file: 188.166.144.67
- hash: 8001
- file: 159.65.108.10
- hash: 8001
- file: 204.48.26.120
- hash: 8001
- file: 39.40.139.67
- hash: 995
- file: 89.125.255.226
- hash: 8443
- domain: linux.docker-update.com
- file: 194.56.225.14
- hash: 443
- domain: xid.zabbixcloud.cloud
- domain: holdrem.dynuddns.com
- domain: mullanyauricvista.com
- domain: 6nuzshlva.localto.net
- file: 107.152.32.98
- hash: 8840
- file: 64.188.79.45
- hash: 8000
- file: 194.14.217.105
- hash: 443
- file: 34.78.59.131
- hash: 3000
- file: 162.243.28.13
- hash: 8400
- file: 35.233.18.166
- hash: 443
- file: 34.213.239.56
- hash: 80
- file: 192.253.234.63
- hash: 80
- file: 69.167.10.51
- hash: 443
- file: 83.244.127.230
- hash: 4444
- file: 54.159.225.70
- hash: 18245
- file: 54.226.62.115
- hash: 20256
- file: 54.226.62.115
- hash: 37556
- file: 213.163.204.80
- hash: 10000
- file: 185.146.233.228
- hash: 8080
- domain: jersey-tricks.gl.at.ply.gg
- url: https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-250-cloude/pet12
- domain: win678.cn.com
- domain: win678.de.com
- domain: win678.uk.net
- file: 62.60.226.159
- hash: 80
- domain: ampelectrical.it.com
- domain: open88-01.pro
- url: https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-250-cloude/tons25
- url: https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-250-cloude/tu20
- url: https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-13-fd-cloude/sten47
- file: 69.63.200.182
- hash: 443
- file: 163.172.58.59
- hash: 443
- file: 163.172.58.59
- hash: 7443
- domain: galciabeneficios.shop
- file: 185.172.129.105
- hash: 60000
- file: 162.245.186.118
- hash: 8080
- file: 157.230.28.1
- hash: 8080
- file: 117.72.91.252
- hash: 3333
- file: 51.45.9.16
- hash: 443
- url: https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-180-set-api/tem41
- url: https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-180-set-api/put200
- url: https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-210-so-api-ky/roj19
- domain: ceu.uk.com
- domain: kf8.cn.com
- domain: zuqiuzhiye.cn.com
- url: https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-70-api-ls-key/7fnk
ThreatFox IOCs for 2026-01-05
0
MediumPublished: Mon Jan 05 2026 (01/05/2026, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2026-01-05
AI-Powered Analysis
AILast updated: 01/06/2026, 00:22:13 UTC
Technical Analysis
This entry from the ThreatFox MISP feed dated January 5, 2026, provides Indicators of Compromise (IOCs) related to malware activities, specifically focusing on OSINT, network activity, and payload delivery. The data is tagged with 'type:osint' and 'tlp:white', indicating it is intended for broad sharing without restrictions. However, the report lacks detailed technical specifics such as affected software versions, concrete indicators, or exploit mechanisms. No patches or known exploits in the wild have been reported, suggesting this is an intelligence update rather than a report of an active or emerging exploit. The threat level is rated as medium, with a threat level score of 2 and distribution score of 3, indicating moderate concern and some dissemination within the community. The absence of CWE identifiers and patch information limits the ability to assess the vulnerability or exploit vector. The focus on OSINT and network activity implies that the threat may involve reconnaissance or initial payload delivery stages, which could precede more severe attacks if leveraged by threat actors. The lack of user interaction or authentication requirements is not specified, but the medium severity suggests some barriers to exploitation or limited impact. Overall, this report serves as a situational awareness update for cybersecurity teams to monitor related network traffic and payload signatures.
Potential Impact
For European organizations, the impact of this threat is currently limited due to the absence of known exploits or active attacks. However, the presence of OSINT-related IOCs and payload delivery indicators suggests potential reconnaissance or early-stage intrusion attempts that could lead to more significant compromises if exploited. Organizations relying heavily on OSINT tools or those with extensive network infrastructures may face increased exposure to such reconnaissance activities. If threat actors use these IOCs to craft targeted attacks, confidentiality, integrity, and availability of systems could be at risk. The medium severity rating implies moderate risk, with potential for disruption or data leakage if payload delivery mechanisms succeed. The lack of patches or mitigation details means organizations must rely on proactive detection and response capabilities. European entities involved in critical infrastructure, finance, or government sectors should be particularly cautious, as these sectors are frequent targets for malware campaigns leveraging OSINT and network exploitation techniques.
Mitigation Recommendations
European organizations should enhance their OSINT monitoring capabilities to detect and analyze emerging Indicators of Compromise related to this threat. Deploy advanced network traffic analysis tools capable of identifying unusual payload delivery patterns and suspicious network activity. Integrate threat intelligence feeds such as ThreatFox into Security Information and Event Management (SIEM) systems to automate detection and correlation of relevant IOCs. Conduct regular threat hunting exercises focusing on reconnaissance and early-stage intrusion indicators. Strengthen network segmentation and enforce strict access controls to limit lateral movement in case of initial compromise. Implement endpoint detection and response (EDR) solutions to identify and contain payload execution attempts. Maintain up-to-date incident response plans that incorporate OSINT-derived threat intelligence. Collaborate with national and European cybersecurity centers to share intelligence and best practices. Since no patches are available, focus on detection and containment rather than remediation of vulnerabilities. Finally, train security teams on interpreting OSINT data and integrating it into operational security workflows.
Affected Countries
Need more detailed analysis?Upgrade to Pro Console
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- ad0d4994-d4e9-4ab7-8b80-41a45ba12954
- Original Timestamp
- 1767657787
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainmain.vetraproject.site | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainglobaleliteconsulting24.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaintop.cloudpub.ru | XWorm botnet C2 domain (confidence level: 100%) | |
domainxgspmgw8.liner5ag0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainu9bygw3d.liner5ag0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain3fj89h5i.dive9uoht2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain1ulufjyr.dive9uoht2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain1205eq5m.sunb2zealou5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain41xyhih6.sunb2zealou5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain9q0r8r20.m0ri5ompump.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain92bh4ebq.m0ri5ompump.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainapi.echoyesterday.com | BADBOX botnet C2 domain (confidence level: 50%) | |
domainus-a.keepgo123.com | BADBOX botnet C2 domain (confidence level: 50%) | |
domainus-a.gsonx.com | BADBOX botnet C2 domain (confidence level: 50%) | |
domainsdk1.lolbrogg123424.com | Mirai botnet C2 domain (confidence level: 100%) | |
domainlolxd.713mtauburnctcolumbusoh43085.st | Mirai botnet C2 domain (confidence level: 100%) | |
domainapi.999slot.media | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainapi.emi.co.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainapi.naturesremedies.uk.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainchannel-think.gl.at.ply.gg | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainclearsolutions.uk.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainfly88-1.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainhho.uk.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainhvu.uk.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainlogin.kk999.net.br | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainlogs.999slot.media | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainlogs.altex.jpn.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainlogs.kubet.de.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainmsf.uk.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainw.maximaforfa.com | Bunitu botnet C2 domain (confidence level: 50%) | |
domainx.maximaforfa.com | Bunitu botnet C2 domain (confidence level: 50%) | |
domaindisayts10.top | CryptBot botnet C2 domain (confidence level: 50%) | |
domainlisagy25.top | CryptBot botnet C2 domain (confidence level: 50%) | |
domainmorlisanqr02.top | CryptBot botnet C2 domain (confidence level: 50%) | |
domain1.qq88765.online | DCRat botnet C2 domain (confidence level: 50%) | |
domain10.qq88765.online | DCRat botnet C2 domain (confidence level: 50%) | |
domain2.qq88765.online | DCRat botnet C2 domain (confidence level: 50%) | |
domain3.qq88765.online | DCRat botnet C2 domain (confidence level: 50%) | |
domain4.qq88765.online | DCRat botnet C2 domain (confidence level: 50%) | |
domain5.qq88765.online | DCRat botnet C2 domain (confidence level: 50%) | |
domain6.qq88765.online | DCRat botnet C2 domain (confidence level: 50%) | |
domain7.qq88765.online | DCRat botnet C2 domain (confidence level: 50%) | |
domain8.qq88765.online | DCRat botnet C2 domain (confidence level: 50%) | |
domain9.qq88765.online | DCRat botnet C2 domain (confidence level: 50%) | |
domainavefenix35630.duckdns.org | DCRat botnet C2 domain (confidence level: 50%) | |
domainclient.traumvillen.de.com | DCRat botnet C2 domain (confidence level: 50%) | |
domainclient.virtuoso.uk.com | DCRat botnet C2 domain (confidence level: 50%) | |
domainlogin.danhdeonline.co.com | DCRat botnet C2 domain (confidence level: 50%) | |
domainlogin.vidyaayurved.in.net | DCRat botnet C2 domain (confidence level: 50%) | |
domainserver.traumvillen.de.com | DCRat botnet C2 domain (confidence level: 50%) | |
domainserver.virtuoso.uk.com | DCRat botnet C2 domain (confidence level: 50%) | |
domainwqp.uk.com | DCRat botnet C2 domain (confidence level: 50%) | |
domainlmfao.school-kids.space | Mirai botnet C2 domain (confidence level: 50%) | |
domainrfrfcrfvcrvfrvfrf.duckdns.org | Mirai botnet C2 domain (confidence level: 50%) | |
domainsndrsshtvip.vip | Mirai botnet C2 domain (confidence level: 50%) | |
domainwww.id888.pw | Mirai botnet C2 domain (confidence level: 50%) | |
domainmilolo-44643.portmap.host | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainwebdowner.com | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainyuahdgbceja.sytes.net | Remcos botnet C2 domain (confidence level: 50%) | |
domainamong-publisher.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainbill-lu.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainpitifed.cyou | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainsendyprotecte.click | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainhov.multiatend.com.br | Vidar botnet C2 domain (confidence level: 100%) | |
domainhov.kievholod.kiev.ua | Vidar botnet C2 domain (confidence level: 100%) | |
domaindit.multiatend.com.br | Vidar botnet C2 domain (confidence level: 100%) | |
domainboe.multiatend.com.br | Vidar botnet C2 domain (confidence level: 100%) | |
domainboe.kievholod.kiev.ua | Vidar botnet C2 domain (confidence level: 100%) | |
domainrfg.multiatend.com.br | Vidar botnet C2 domain (confidence level: 100%) | |
domainrfg.kievholod.kiev.ua | Vidar botnet C2 domain (confidence level: 100%) | |
domainxet.multiatend.com.br | Vidar botnet C2 domain (confidence level: 100%) | |
domaingog.multiatend.com.br | Vidar botnet C2 domain (confidence level: 100%) | |
domaingog.kievholod.kiev.ua | Vidar botnet C2 domain (confidence level: 100%) | |
domainhex.multiatend.com.br | Vidar botnet C2 domain (confidence level: 100%) | |
domainhex.kievholod.kiev.ua | Vidar botnet C2 domain (confidence level: 100%) | |
domaingrj.tfba.me | Vidar botnet C2 domain (confidence level: 100%) | |
domainkrs.tfba.me | Vidar botnet C2 domain (confidence level: 100%) | |
domainptn.passadisco.com.br | Vidar botnet C2 domain (confidence level: 100%) | |
domainpex.passadisco.com.br | Vidar botnet C2 domain (confidence level: 100%) | |
domainy26.passadisco.com.br | Vidar botnet C2 domain (confidence level: 100%) | |
domaindrn.passadisco.com.br | Vidar botnet C2 domain (confidence level: 100%) | |
domainbnb.passadisco.com.br | Vidar botnet C2 domain (confidence level: 100%) | |
domainlop.passadisco.com.br | Vidar botnet C2 domain (confidence level: 100%) | |
domainfre.passadisco.com.br | Vidar botnet C2 domain (confidence level: 100%) | |
domainges.passadisco.com.br | Vidar botnet C2 domain (confidence level: 100%) | |
domainnnw.passadisco.com.br | Vidar botnet C2 domain (confidence level: 100%) | |
domainptn.kievteplo.in.ua | Vidar botnet C2 domain (confidence level: 100%) | |
domainpex.kievteplo.in.ua | Vidar botnet C2 domain (confidence level: 100%) | |
domainy26.kievteplo.in.ua | Vidar botnet C2 domain (confidence level: 100%) | |
domaindrn.kievteplo.in.ua | Vidar botnet C2 domain (confidence level: 100%) | |
domainbnb.kievteplo.in.ua | Vidar botnet C2 domain (confidence level: 100%) | |
domainlop.kievteplo.in.ua | Vidar botnet C2 domain (confidence level: 100%) | |
domainfre.kievteplo.in.ua | Vidar botnet C2 domain (confidence level: 100%) | |
domainges.kievteplo.in.ua | Vidar botnet C2 domain (confidence level: 100%) | |
domainnnw.kievteplo.in.ua | Vidar botnet C2 domain (confidence level: 100%) | |
domaingrj.kievteplo.kiev.ua | Vidar botnet C2 domain (confidence level: 100%) | |
domainkrs.kievteplo.kiev.ua | Vidar botnet C2 domain (confidence level: 100%) | |
domainapi.bitcoinusdtusdc.xyz | Sliver botnet C2 domain (confidence level: 50%) | |
domainclawless-42512.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainttwweb.live | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaingvo.tfba.me | Vidar botnet C2 domain (confidence level: 100%) | |
domaingvo.kievteplo.kiev.ua | Vidar botnet C2 domain (confidence level: 100%) | |
domainscrroeder.com | KongTuke payload delivery domain (confidence level: 100%) | |
domainannonalc.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainporcupvu.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainstatisnv.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingenusstv.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincringeasfaslto-34920.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainlinux.docker-update.com | VShell botnet C2 domain (confidence level: 100%) | |
domainxid.zabbixcloud.cloud | VShell botnet C2 domain (confidence level: 100%) | |
domainholdrem.dynuddns.com | Remcos botnet C2 domain (confidence level: 75%) | |
domainmullanyauricvista.com | DeerStealer botnet C2 domain (confidence level: 100%) | |
domain6nuzshlva.localto.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainjersey-tricks.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainwin678.cn.com | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domainwin678.de.com | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domainwin678.uk.net | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domainampelectrical.it.com | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domainopen88-01.pro | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domaingalciabeneficios.shop | Havoc botnet C2 domain (confidence level: 100%) | |
domainceu.uk.com | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domainkf8.cn.com | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domainzuqiuzhiye.cn.com | AsyncRAT botnet C2 domain (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://195.178.136.19/4 | Phorpiex payload delivery URL (confidence level: 100%) | |
urlhttps://44.200.11.23/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://sqlcapture.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://138.197.49.130:8081/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttp://85.192.28.115/ce369e7324834845.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttps://cuve-fioul-services.fr/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttp://195.178.136.19/5 | Phorpiex payload delivery URL (confidence level: 100%) | |
urlhttps://tesllamacapp.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://45.144.233.192/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://3.128.241.168/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://164.160.41.10/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://mail.kryla.land/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://github.com/gstatic-kh5q6ekh/cdn-113-cloud/releases/download/static/id-owf836aos | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://cproter.de/ | SpyNote botnet C2 (confidence level: 50%) | |
urlhttps://staging1.caverntechnologies.com/ | SpyNote botnet C2 (confidence level: 50%) | |
urlhttp://www.net-acceleration-sg.cloud/ | SpyNote botnet C2 (confidence level: 50%) | |
urlhttps://net-acceleration-sg.cloud/ | SpyNote botnet C2 (confidence level: 50%) | |
urlhttps://sc-003.tiktoktiaozhuan.xyz/ | SpyNote botnet C2 (confidence level: 50%) | |
urlhttps://sc3.tiktoktiaozhuan.xyz/ | SpyNote botnet C2 (confidence level: 50%) | |
urlhttps://sunqiangxx.top/ | SpyNote botnet C2 (confidence level: 50%) | |
urlhttps://45.131.215.139/4c0eeee3a4b86b26.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttp://77.110.109.2/ce369e7324834845.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttp://89.110.110.198/f999fb4b778f4b7a.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttps://185.11.61.143:45051/ | Hook botnet C2 (confidence level: 50%) | |
urlhttp://154.201.84.243:8080/ | Hook botnet C2 (confidence level: 50%) | |
urlhttp://154.61.69.121/ | Hook botnet C2 (confidence level: 50%) | |
urlhttp://94.183.168.33/ | Hook botnet C2 (confidence level: 50%) | |
urlhttps://77.91.77.140/g9bkfkwf/index.php | Amadey botnet C2 (confidence level: 50%) | |
urlhttp://193.236.79.44/attivita/index.php | Amadey botnet C2 (confidence level: 50%) | |
urlhttps://154.201.84.243:8080/ | Hook botnet C2 (confidence level: 50%) | |
urlhttps://95.181.160.249/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://185.132.53.18/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://qinh12.top/ | SpyNote botnet C2 (confidence level: 50%) | |
urlhttps://chenzx01.top/ | SpyNote botnet C2 (confidence level: 50%) | |
urlhttp://disayts10.top/download.php?file=4.exe | CryptBot payload delivery URL (confidence level: 50%) | |
urlhttp://lisagy25.top/index.php | CryptBot botnet C2 (confidence level: 50%) | |
urlhttp://morlisanqr02.top/index.php | CryptBot botnet C2 (confidence level: 50%) | |
urlhttps://onedrive.live.com/download?cid=10c44a5247accfde&resid=10c44a5247accfde%211158&authkey=acuv8ez2zz9qq9sa | Unknown Loader payload delivery URL (confidence level: 50%) | |
urlhttps://thammyvienanthea.com/mmm/playbook/onelove/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 50%) | |
urlhttps://telete.in/jbitchsucks | Raccoon botnet C2 (confidence level: 50%) | |
urlhttps://telete.in/jredmankun | Raccoon botnet C2 (confidence level: 50%) | |
urlhttps://tttttt.me/jredmankun | Raccoon botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/raw/bnfutuhu | XWorm botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/raw/akzf25te | XWorm botnet C2 (confidence level: 50%) | |
urlhttps://3.150.227.197/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://34.102.116.83/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://hex.multiatend.com.br/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://hex.kievholod.kiev.ua/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://gog.multiatend.com.br/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://gog.kievholod.kiev.ua/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://xet.multiatend.com.br/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://xet.kievholod.kiev.ua/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://rfg.multiatend.com.br/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://rfg.kievholod.kiev.ua/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://boe.multiatend.com.br/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://boe.kievholod.kiev.ua/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://dit.multiatend.com.br/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://dit.kievholod.kiev.ua/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://hov.multiatend.com.br/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://hov.kievholod.kiev.ua/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://oil.tfba.me/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://grj.tfba.me/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://krs.tfba.me/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ptn.tfba.me/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ptn.passadisco.com.br/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://pex.passadisco.com.br/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://lgo.passadisco.com.br/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://y26.passadisco.com.br/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://drn.passadisco.com.br/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://bnb.passadisco.com.br/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://lop.passadisco.com.br/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://fre.passadisco.com.br/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ges.passadisco.com.br/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://nnw.passadisco.com.br/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ptn.kievteplo.in.ua/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://pex.kievteplo.in.ua/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://lgo.kievteplo.in.ua/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://y26.kievteplo.in.ua/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://drn.kievteplo.in.ua/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://bnb.kievteplo.in.ua/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://lop.kievteplo.in.ua/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://fre.kievteplo.in.ua/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ges.kievteplo.in.ua/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://nnw.kievteplo.in.ua/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://oil.kievteplo.kiev.ua/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://grj.kievteplo.kiev.ua/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://krs.kievteplo.kiev.ua/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ptn.kievteplo.kiev.ua/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://185.196.8.99/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://185.208.156.57/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://86.54.42.227/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://185.208.156.184/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://141.11.164.188/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://91.124.149.170/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.217.240.165/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://84.200.87.5/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://185.196.11.23/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.217.246.140/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.217.29.133/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://46.62.159.110/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.217.24.39/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://5.75.196.146/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.216.178.83/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.217.28.115/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.217.243.215/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://65.21.63.246/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://185.167.234.238/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://91.124.149.85/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://77.42.42.202/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://178.16.54.109/lfuck.exe | Phorpiex payload delivery URL (confidence level: 100%) | |
urlhttp://178.16.54.109/lfucky.exe | Phorpiex payload delivery URL (confidence level: 100%) | |
urlhttp://213.5.130.151 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://213.5.130.124 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://213.5.130.122 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://213.5.130.187 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://18.119.212.249/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://gvo.tfba.me/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://gvo.kievteplo.kiev.ua/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://89.125.255.226:82/365-stealer/yourvictims/login.php | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://178.16.54.109/l1.exe | Phorpiex payload delivery URL (confidence level: 100%) | |
urlhttp://178.16.54.109/l2.exe | Phorpiex payload delivery URL (confidence level: 100%) | |
urlhttp://178.16.54.109/l3.exe | Phorpiex payload delivery URL (confidence level: 100%) | |
urlhttp://178.16.54.109/l4.exe | Phorpiex payload delivery URL (confidence level: 100%) | |
urlhttp://178.16.54.109/l5.exe | Phorpiex payload delivery URL (confidence level: 100%) | |
urlhttp://178.16.54.109/l6.exe | Phorpiex payload delivery URL (confidence level: 100%) | |
urlhttp://178.16.54.109/l7.exe | Phorpiex payload delivery URL (confidence level: 100%) | |
urlhttp://178.16.54.109/l8.exe | Phorpiex payload delivery URL (confidence level: 100%) | |
urlhttp://178.16.54.109/l9.exe | Phorpiex payload delivery URL (confidence level: 100%) | |
urlhttp://178.16.54.109/l10.exe | Phorpiex payload delivery URL (confidence level: 100%) | |
urlhttp://178.16.54.109/l11.exe | Phorpiex payload delivery URL (confidence level: 100%) | |
urlhttp://178.16.54.109/l12.exe | Phorpiex payload delivery URL (confidence level: 100%) | |
urlhttp://178.16.54.109/l13.exe | Phorpiex payload delivery URL (confidence level: 100%) | |
urlhttp://178.16.54.109/l14.exe | Phorpiex payload delivery URL (confidence level: 100%) | |
urlhttp://178.16.54.109/l15.exe | Phorpiex payload delivery URL (confidence level: 100%) | |
urlhttps://scrroeder.com/1q1q.js | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttps://scrroeder.com/js.php | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttp://144.31.221.71/a | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttps://github.com/gstatic-kh5q6ekh/cdn-113-cloud/blob/main/eos24) | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-113-cloud/eos24 | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://chrispetley.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-250-cloude/pet12 | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-250-cloude/tons25 | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-250-cloude/tu20 | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-13-fd-cloude/sten47 | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-180-set-api/tem41 | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-180-set-api/put200 | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-210-so-api-ky/roj19 | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-70-api-ls-key/7fnk | ClearFake payload delivery URL (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file102.98.75.73 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file84.154.181.89 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file196.75.232.54 | Meterpreter botnet C2 server (confidence level: 100%) | |
file3.128.241.168 | Unknown malware botnet C2 server (confidence level: 100%) | |
file23.132.164.118 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
file20.81.164.199 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file77.90.3.52 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file139.180.210.104 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.233.1.83 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file196.251.107.94 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file82.23.146.156 | Havoc botnet C2 server (confidence level: 100%) | |
file185.84.160.189 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file103.177.47.137 | Meterpreter botnet C2 server (confidence level: 100%) | |
file3.129.231.18 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.128.241.168 | Unknown malware botnet C2 server (confidence level: 100%) | |
file167.71.1.196 | Aisuru botnet C2 server (confidence level: 75%) | |
file138.68.142.172 | Aisuru botnet C2 server (confidence level: 75%) | |
file147.182.174.1 | Aisuru botnet C2 server (confidence level: 75%) | |
file159.223.149.100 | Aisuru botnet C2 server (confidence level: 75%) | |
file104.248.52.214 | Aisuru botnet C2 server (confidence level: 75%) | |
file165.22.3.155 | Aisuru botnet C2 server (confidence level: 75%) | |
file159.89.87.232 | Aisuru botnet C2 server (confidence level: 75%) | |
file165.22.113.198 | Aisuru botnet C2 server (confidence level: 75%) | |
file159.65.73.227 | Aisuru botnet C2 server (confidence level: 75%) | |
file93.95.112.59 | Mirai botnet C2 server (confidence level: 75%) | |
file62.164.143.35 | Mirai botnet C2 server (confidence level: 75%) | |
file85.234.91.247 | Mirai botnet C2 server (confidence level: 75%) | |
file182.255.44.77 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.143.231.99 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.23.16.36 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.39.19.53 | Remcos botnet C2 server (confidence level: 100%) | |
file185.196.8.221 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file130.12.180.110 | Venom RAT botnet C2 server (confidence level: 100%) | |
file103.177.47.172 | Meterpreter botnet C2 server (confidence level: 100%) | |
file34.102.116.83 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.150.227.197 | Unknown malware botnet C2 server (confidence level: 100%) | |
file124.156.113.135 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file202.56.160.190 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file160.250.128.197 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file35.182.254.92 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file152.32.251.78 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file180.76.141.175 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file209.97.168.63 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file111.228.3.39 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file20.81.130.132 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file5.61.209.131 | Sliver botnet C2 server (confidence level: 50%) | |
file23.94.38.104 | Sliver botnet C2 server (confidence level: 50%) | |
file167.86.120.234 | Sliver botnet C2 server (confidence level: 50%) | |
file65.49.211.67 | Sliver botnet C2 server (confidence level: 50%) | |
file165.232.180.204 | Sliver botnet C2 server (confidence level: 50%) | |
file92.113.124.206 | Sliver botnet C2 server (confidence level: 50%) | |
file46.250.231.5 | Sliver botnet C2 server (confidence level: 50%) | |
file207.180.207.252 | Sliver botnet C2 server (confidence level: 50%) | |
file45.137.99.78 | Sliver botnet C2 server (confidence level: 50%) | |
file46.101.64.237 | Sliver botnet C2 server (confidence level: 50%) | |
file192.52.167.197 | Sliver botnet C2 server (confidence level: 50%) | |
file80.82.67.58 | Sliver botnet C2 server (confidence level: 50%) | |
file138.68.92.59 | Sliver botnet C2 server (confidence level: 50%) | |
file38.165.40.9 | Sliver botnet C2 server (confidence level: 50%) | |
file91.210.57.176 | Sliver botnet C2 server (confidence level: 50%) | |
file159.100.14.125 | Sliver botnet C2 server (confidence level: 50%) | |
file185.250.36.92 | Sliver botnet C2 server (confidence level: 50%) | |
file192.227.253.42 | Sliver botnet C2 server (confidence level: 50%) | |
file45.84.59.254 | Sliver botnet C2 server (confidence level: 50%) | |
file185.45.192.121 | Sliver botnet C2 server (confidence level: 50%) | |
file81.217.161.211 | Sliver botnet C2 server (confidence level: 50%) | |
file92.246.90.154 | Sliver botnet C2 server (confidence level: 50%) | |
file124.220.165.194 | Sliver botnet C2 server (confidence level: 50%) | |
file34.78.59.131 | Sliver botnet C2 server (confidence level: 50%) | |
file93.127.128.88 | Sliver botnet C2 server (confidence level: 50%) | |
file2.57.122.59 | Sliver botnet C2 server (confidence level: 50%) | |
file129.212.178.8 | Sliver botnet C2 server (confidence level: 50%) | |
file185.216.68.254 | Sliver botnet C2 server (confidence level: 50%) | |
file150.241.68.11 | Sliver botnet C2 server (confidence level: 50%) | |
file130.94.33.52 | Sliver botnet C2 server (confidence level: 50%) | |
file34.209.232.97 | Sliver botnet C2 server (confidence level: 50%) | |
file103.125.219.196 | Sliver botnet C2 server (confidence level: 50%) | |
file123.249.117.187 | Unknown malware botnet C2 server (confidence level: 50%) | |
file46.16.214.154 | Unknown malware botnet C2 server (confidence level: 50%) | |
file3.30.137.33 | Unknown malware botnet C2 server (confidence level: 50%) | |
file82.145.125.194 | Unknown malware botnet C2 server (confidence level: 50%) | |
file190.210.197.3 | Unknown malware botnet C2 server (confidence level: 50%) | |
file216.41.237.22 | Unknown malware botnet C2 server (confidence level: 50%) | |
file216.200.96.231 | Unknown malware botnet C2 server (confidence level: 50%) | |
file103.30.72.195 | Unknown malware botnet C2 server (confidence level: 50%) | |
file156.252.60.26 | Unknown RAT botnet C2 server (confidence level: 50%) | |
file156.252.60.27 | Unknown RAT botnet C2 server (confidence level: 50%) | |
file137.220.155.86 | Unknown RAT botnet C2 server (confidence level: 50%) | |
file84.46.239.89 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
file2.34.147.176 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
file176.82.138.192 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file124.198.131.115 | Unknown malware botnet C2 server (confidence level: 50%) | |
file149.210.43.57 | Ghost RAT botnet C2 server (confidence level: 50%) | |
file103.12.148.42 | Unknown malware botnet C2 server (confidence level: 50%) | |
file178.183.152.111 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file158.175.130.146 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file16.146.239.135 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file195.20.17.49 | Sliver botnet C2 server (confidence level: 75%) | |
file216.238.67.15 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file52.2.9.54 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file185.157.162.101 | Remcos botnet C2 server (confidence level: 50%) | |
file47.122.114.32 | XWorm botnet C2 server (confidence level: 50%) | |
file104.64.192.238 | XWorm botnet C2 server (confidence level: 50%) | |
file90.143.182.93 | NjRAT botnet C2 server (confidence level: 100%) | |
file185.196.8.99 | Vidar botnet C2 server (confidence level: 100%) | |
file185.208.156.57 | Vidar botnet C2 server (confidence level: 100%) | |
file86.54.42.227 | Vidar botnet C2 server (confidence level: 100%) | |
file185.208.156.184 | Vidar botnet C2 server (confidence level: 100%) | |
file95.216.181.234 | Vidar botnet C2 server (confidence level: 100%) | |
file141.11.164.188 | Vidar botnet C2 server (confidence level: 100%) | |
file91.124.149.170 | Vidar botnet C2 server (confidence level: 100%) | |
file95.217.240.165 | Vidar botnet C2 server (confidence level: 100%) | |
file84.200.87.5 | Vidar botnet C2 server (confidence level: 100%) | |
file185.196.11.23 | Vidar botnet C2 server (confidence level: 100%) | |
file95.217.246.140 | Vidar botnet C2 server (confidence level: 100%) | |
file95.217.29.133 | Vidar botnet C2 server (confidence level: 100%) | |
file46.62.159.110 | Vidar botnet C2 server (confidence level: 100%) | |
file95.217.24.39 | Vidar botnet C2 server (confidence level: 100%) | |
file5.75.196.146 | Vidar botnet C2 server (confidence level: 100%) | |
file95.216.178.83 | Vidar botnet C2 server (confidence level: 100%) | |
file95.217.28.115 | Vidar botnet C2 server (confidence level: 100%) | |
file95.217.243.215 | Vidar botnet C2 server (confidence level: 100%) | |
file65.21.63.246 | Vidar botnet C2 server (confidence level: 100%) | |
file91.124.149.85 | Vidar botnet C2 server (confidence level: 100%) | |
file77.42.42.202 | Vidar botnet C2 server (confidence level: 100%) | |
file175.24.138.5 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file176.65.132.242 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.226.174.252 | Sliver botnet C2 server (confidence level: 50%) | |
file156.226.174.252 | Sliver botnet C2 server (confidence level: 50%) | |
file121.36.217.43 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.196.8.221 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.61.134.92 | Unknown malware botnet C2 server (confidence level: 100%) | |
file20.196.109.183 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.80.48.2 | Unknown malware botnet C2 server (confidence level: 100%) | |
file199.101.111.240 | Meterpreter botnet C2 server (confidence level: 100%) | |
file18.119.212.249 | Unknown malware botnet C2 server (confidence level: 100%) | |
file161.35.4.69 | Aisuru botnet C2 server (confidence level: 75%) | |
file46.101.47.30 | Aisuru botnet C2 server (confidence level: 75%) | |
file68.183.40.145 | Aisuru botnet C2 server (confidence level: 75%) | |
file165.232.105.76 | Aisuru botnet C2 server (confidence level: 75%) | |
file139.59.181.228 | Aisuru botnet C2 server (confidence level: 75%) | |
file89.125.255.226 | Unknown malware botnet C2 server (confidence level: 100%) | |
file77.110.119.94 | Stealc botnet C2 server (confidence level: 100%) | |
file178.128.66.197 | Aisuru botnet C2 server (confidence level: 75%) | |
file165.227.29.5 | Aisuru botnet C2 server (confidence level: 75%) | |
file165.232.92.145 | Aisuru botnet C2 server (confidence level: 75%) | |
file157.230.59.188 | Aisuru botnet C2 server (confidence level: 75%) | |
file54.92.96.88 | VShell botnet C2 server (confidence level: 100%) | |
file34.102.116.83 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.153.34.74 | Mirai botnet C2 server (confidence level: 75%) | |
file87.248.150.68 | Mirai botnet C2 server (confidence level: 75%) | |
file45.156.87.115 | Mirai botnet C2 server (confidence level: 75%) | |
file176.65.132.46 | Mirai botnet C2 server (confidence level: 75%) | |
file91.208.206.49 | Mirai botnet C2 server (confidence level: 75%) | |
file130.12.180.108 | Mirai botnet C2 server (confidence level: 75%) | |
file206.189.7.37 | Aisuru botnet C2 server (confidence level: 75%) | |
file159.65.216.7 | Aisuru botnet C2 server (confidence level: 75%) | |
file138.197.217.91 | Aisuru botnet C2 server (confidence level: 75%) | |
file206.189.182.30 | Aisuru botnet C2 server (confidence level: 75%) | |
file178.128.185.35 | Aisuru botnet C2 server (confidence level: 75%) | |
file138.68.188.230 | Aisuru botnet C2 server (confidence level: 75%) | |
file143.198.3.74 | Aisuru botnet C2 server (confidence level: 75%) | |
file188.166.144.67 | Aisuru botnet C2 server (confidence level: 75%) | |
file159.65.108.10 | Aisuru botnet C2 server (confidence level: 75%) | |
file204.48.26.120 | Aisuru botnet C2 server (confidence level: 75%) | |
file39.40.139.67 | QakBot botnet C2 server (confidence level: 75%) | |
file89.125.255.226 | Unknown Stealer botnet C2 server (confidence level: 100%) | |
file194.56.225.14 | VShell botnet C2 server (confidence level: 100%) | |
file107.152.32.98 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file64.188.79.45 | Unknown Stealer botnet C2 server (confidence level: 100%) | |
file194.14.217.105 | Unknown RAT botnet C2 server (confidence level: 100%) | |
file34.78.59.131 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file162.243.28.13 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file35.233.18.166 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.213.239.56 | Unknown malware botnet C2 server (confidence level: 100%) | |
file192.253.234.63 | Hook botnet C2 server (confidence level: 100%) | |
file69.167.10.51 | DCRat botnet C2 server (confidence level: 100%) | |
file83.244.127.230 | Meterpreter botnet C2 server (confidence level: 100%) | |
file54.159.225.70 | Meterpreter botnet C2 server (confidence level: 100%) | |
file54.226.62.115 | Meterpreter botnet C2 server (confidence level: 100%) | |
file54.226.62.115 | Meterpreter botnet C2 server (confidence level: 100%) | |
file213.163.204.80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.146.233.228 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file62.60.226.159 | TinyLoader botnet C2 server (confidence level: 50%) | |
file69.63.200.182 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file163.172.58.59 | Unknown malware botnet C2 server (confidence level: 100%) | |
file163.172.58.59 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.172.129.105 | Unknown malware botnet C2 server (confidence level: 100%) | |
file162.245.186.118 | Unknown malware botnet C2 server (confidence level: 100%) | |
file157.230.28.1 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.72.91.252 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.45.9.16 | Unknown malware botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash82 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash2222 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5888 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash2087 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2053 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash4321 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8443 | Mirai botnet C2 server (confidence level: 75%) | |
hash6666 | Mirai botnet C2 server (confidence level: 75%) | |
hash1337 | Mirai botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5002 | Remcos botnet C2 server (confidence level: 100%) | |
hash5000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4444 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash444 | Unknown RAT botnet C2 server (confidence level: 50%) | |
hash444 | Unknown RAT botnet C2 server (confidence level: 50%) | |
hash444 | Unknown RAT botnet C2 server (confidence level: 50%) | |
hash6443 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
hash9002 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
hash6000 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash5555 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash443 | Ghost RAT botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash10080 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash32201 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 75%) | |
hash12345 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash3435 | Remcos botnet C2 server (confidence level: 50%) | |
hash10819 | XWorm botnet C2 server (confidence level: 50%) | |
hash7000 | XWorm botnet C2 server (confidence level: 50%) | |
hash5552 | NjRAT botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash1234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5001 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash82 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash48001 | VShell botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash12344 | Mirai botnet C2 server (confidence level: 75%) | |
hash8010 | Mirai botnet C2 server (confidence level: 75%) | |
hash3778 | Mirai botnet C2 server (confidence level: 75%) | |
hash38241 | Mirai botnet C2 server (confidence level: 75%) | |
hash6699 | Mirai botnet C2 server (confidence level: 75%) | |
hash44532 | Mirai botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash8443 | Unknown Stealer botnet C2 server (confidence level: 100%) | |
hash443 | VShell botnet C2 server (confidence level: 100%) | |
hash8840 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8000 | Unknown Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Unknown RAT botnet C2 server (confidence level: 100%) | |
hash3000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8400 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | DCRat botnet C2 server (confidence level: 100%) | |
hash4444 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash18245 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash20256 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash37556 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash10000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash80 | TinyLoader botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) |
Threat ID: 695c52203839e44175999659
Added to database: 1/6/2026, 12:06:56 AM
Last enriched: 1/6/2026, 12:22:13 AM
Last updated: 1/8/2026, 3:53:06 AM
Views: 150
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
ThreatFox IOCs for 2026-01-07
MediumMalwareThu Jan 08 2026
Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches
MediumMalwareWed Jan 07 2026
Phishing actors exploiting complex routing scenarios and misconfigured spoof protections
MediumMalwareWed Jan 07 2026
ThreatFox IOCs for 2026-01-06
MediumMalwareWed Jan 07 2026
Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat
MediumMalwareTue Jan 06 2026
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.