Reconnecting to live updates…

ThreatFox IOCs for 2026-01-22

Severity: mediumType: malware

AI Analysis

Technical Summary

The provided information relates to a malware threat identified through ThreatFox, a MISP-based OSINT feed that aggregates Indicators of Compromise (IOCs) for cybersecurity practitioners. The entry dated 2026-01-22 includes metadata indicating the threat involves payload delivery and network activity, typical of malware attempting to infiltrate or communicate within target environments. However, no specific affected software versions or products are listed, and no known exploits in the wild have been reported. The threat level is rated as 2 (on an unspecified scale), with analysis and distribution scores indicating moderate confidence and spread. The absence of concrete IOCs or detailed technical indicators limits the ability to perform deep forensic or detection work. This type of OSINT is valuable for enriching threat intelligence databases, enabling organizations to correlate observed network or endpoint behaviors with known malicious patterns. The medium severity rating suggests a moderate risk, likely due to the potential for payload delivery and network compromise, but without evidence of active exploitation or widespread impact. The lack of patches or mitigation links implies that this is an intelligence update rather than a newly discovered vulnerability requiring immediate remediation.

Potential Impact

For European organizations, the impact of this threat depends largely on the relevance and applicability of the IOCs to their environments. If the malware payloads or network activity patterns correspond to tools used by threat actors targeting European sectors, there could be risks of data exfiltration, system compromise, or lateral movement within networks. The medium severity indicates that while the threat is not currently critical, it could facilitate further attacks if leveraged effectively. Industries with high-value data or critical infrastructure, such as finance, manufacturing, and government, may face increased risk. The lack of known exploits in the wild reduces immediate urgency but does not eliminate the possibility of future exploitation. Continuous monitoring and integration of these IOCs into detection systems can help mitigate potential impacts. Failure to do so could result in delayed detection of malware infections or network intrusions.

Mitigation Recommendations

European organizations should incorporate the provided IOCs from ThreatFox into their Security Information and Event Management (SIEM) systems and endpoint detection and response (EDR) tools to enhance detection capabilities. Network traffic should be monitored for anomalous patterns consistent with payload delivery or suspicious network activity. Organizations should conduct regular threat hunting exercises using updated OSINT feeds to identify early signs of compromise. Since no patches are available, emphasis should be placed on proactive detection and containment strategies, including network segmentation and strict access controls to limit lateral movement. Employee awareness programs should reinforce cautious handling of suspicious emails or downloads that could serve as initial infection vectors. Collaboration with national Computer Security Incident Response Teams (CSIRTs) and information sharing platforms can improve situational awareness. Finally, organizations should maintain up-to-date backups and incident response plans to minimize operational disruption in case of infection.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy

Indicators of Compromise

url: https://mail.nmreitgroup.com/
url: https://mail.wetooktheplunge.com/
url: https://kastechnologies.net/
url: https://mail.lacasadeltexu.com/
url: https://mail.mamahdannirwana.com/
url: https://lafabri-k.com/
url: https://astrologiahindu.com.br/
url: https://mail.e1staffingandrecruiting.com/
url: https://jadd.draftus.net/
url: https://interstate.myinvestment.properties/
url: https://www.gdckupwara.edu.in/
url: https://horodniany.pl/
url: https://hitokara-kishin.com/
url: https://gomygo.kusherp.com/
url: https://glassiker.com/
url: https://gia5.ru/
url: https://ftp.agrigentotourist.com/
url: https://erp.bditconsultancy.com/
url: https://footballpicksandpredictions.moneymaking-opportunities.com/
url: https://elex.codeberry.in/
url: https://foxfinancas.com/
url: https://edgenroots.net/
url: https://dk-decor.com/
url: https://emba.nu.edu.eg/
url: https://dyag.brobro.ai/
url: https://dveryuga.ru/
url: https://cms.iqwing.live/
url: https://comocerditos.com/
url: https://bos.webserver5.com/
url: https://cpcontacts.centrocirugiaplastica.com/
url: https://calmost-hair.main.jp/
url: https://www.blog-ecommerce.es/
url: https://cavallotech.de.businessecontact.com/
url: https://augustoilian.cybercol.com/
url: https://bwpeople-hr40under40-talentworld.com/
url: https://cammy-freelance.com/
url: https://arise.spiderwebzdesign.net/
url: https://aksafil.ru/
url: https://99idesign.com/
url: https://cashazing.dev.prodevr.com/
url: https://africaexports.click/
url: https://www.antoineruiz.it/
url: https://3iss-online.3iss-online.com.br/
domain: ddy.alipico.com
url: https://ddy.alipico.com/
url: https://kurgan.logomebel.ru/
url: http://91.215.85.42:3001/login
file: 91.215.85.42
hash: 3001
url: http://5.196.243.97:3000/auth
file: 5.196.243.97
hash: 3000
domain: blushwb.cyou
domain: discret.cyou
domain: trichoi.cyou
domain: unchewq.cyou
hash: 191ee35d59e9a5931693a774419205bd3055408f449328a4d129ea2a4e61c19c
file: 193.26.115.189
hash: 5000
file: 130.12.182.224
hash: 2404
file: 124.198.131.156
hash: 4000
file: 176.65.151.217
hash: 2404
file: 34.64.98.201
hash: 8443
file: 82.153.138.218
hash: 8080
file: 13.244.65.215
hash: 18245
file: 18.183.226.125
hash: 119
file: 54.213.220.9
hash: 19086
file: 35.152.239.84
hash: 25565
file: 15.152.41.225
hash: 17049
file: 15.152.41.225
hash: 49399
file: 3.28.46.68
hash: 26447
file: 3.82.48.242
hash: 58569
file: 18.166.210.216
hash: 9999
file: 108.137.2.103
hash: 47001
file: 72.61.148.133
hash: 8888
file: 34.30.77.194
hash: 1337
file: 94.156.152.67
hash: 1999
file: 37.120.199.54
hash: 4778
file: 151.241.154.73
hash: 6000
url: https://captioto.com/
file: 45.144.54.79
hash: 3778
url: https://krasnoyarsk.logomebel.ru/
domain: easyrce.eu.org
domain: xyt.cpolar.top
file: 20.189.72.117
hash: 443
file: 45.156.87.170
hash: 2405
file: 45.74.41.98
hash: 2405
file: 34.64.98.201
hash: 443
file: 45.56.68.27
hash: 8080
file: 36.140.162.173
hash: 8888
file: 3.67.112.102
hash: 15815
file: 217.216.32.194
hash: 2083
file: 15.160.114.96
hash: 5985
file: 54.241.116.173
hash: 20256
file: 3.101.111.164
hash: 790
file: 3.101.111.164
hash: 54240
file: 3.36.54.153
hash: 37060
file: 54.170.93.15
hash: 2761
file: 54.170.93.15
hash: 11211
file: 35.152.239.84
hash: 37215
file: 16.51.68.115
hash: 15443
file: 40.233.25.87
hash: 4444
file: 52.50.166.229
hash: 43
file: 52.50.166.229
hash: 4443
file: 52.50.166.229
hash: 10443
file: 13.208.214.74
hash: 4840
file: 13.55.40.36
hash: 1098
file: 13.55.40.36
hash: 20548
file: 18.166.210.216
hash: 6699
domain: homecenter.co.com
domain: ppinacon.za.com
domain: lacemeup-64707.portmap.host
file: 194.156.79.17
hash: 2404
file: 103.144.244.252
hash: 8080
file: 111.230.9.108
hash: 8081
file: 110.41.164.60
hash: 8888
url: http://144.31.219.15/api/ntesn2qsn2usntgsnwisnjasnjisnjcsyyw3osw=
file: 185.14.92.67
hash: 9931
file: 47.83.249.18
hash: 443
file: 39.105.21.181
hash: 888
file: 156.234.254.158
hash: 53481
file: 8.217.90.255
hash: 80
file: 27.124.46.83
hash: 8080
file: 115.190.151.227
hash: 80
file: 112.124.32.100
hash: 18443
file: 212.95.55.172
hash: 8888
file: 171.239.168.129
hash: 5000
file: 69.167.11.186
hash: 443
file: 41.250.131.63
hash: 443
file: 167.86.155.90
hash: 443
file: 100.26.7.35
hash: 80
file: 103.177.47.226
hash: 3790
file: 52.23.214.10
hash: 8888
file: 18.61.252.37
hash: 102
file: 18.61.252.37
hash: 5902
file: 18.130.52.11
hash: 56798
file: 51.16.37.227
hash: 7170
file: 196.74.220.85
hash: 2222
file: 40.177.229.194
hash: 5986
file: 3.125.33.240
hash: 1234
file: 103.177.47.221
hash: 3790
file: 3.15.4.251
hash: 41795
file: 3.15.4.251
hash: 46545
file: 3.15.4.251
hash: 50995
file: 15.188.84.193
hash: 16992
file: 54.244.57.14
hash: 8159
file: 91.208.184.240
hash: 8082
domain: i0qens8.uk.com
domain: kkj.uk.com
domain: ledlighting.uk.com
domain: liv.it.com
domain: mongodb.uk.com
domain: shj.uk.com
file: 165.227.30.154
hash: 443
file: 3.224.171.174
hash: 443
file: 34.197.163.138
hash: 443
file: 44.254.160.33
hash: 443
file: 45.61.139.127
hash: 443
url: https://tvelkor.mobilefoundationrepair.com/
url: https://jth.yago.fun/
url: https://213.165.74.206/
url: https://77.42.48.195/
url: https://194.87.77.26/
url: https://178.17.59.196/
domain: jth.yago.fun
domain: tvelkor.mobilefoundationrepair.com
file: 77.42.48.195
hash: 443
file: 194.87.77.26
hash: 443
file: 178.17.59.196
hash: 443
url: https://cdn.jsdelivr.net/gh/mobility-5tarlit-venue/triangle-0verbook-sh/gamb1t
url: http://66.175.216.33/forum/viewtopic.php
url: https://cdn.jsdelivr.net/gh/mobility-5tarlit-venue/triangle-0verbook-sh/s1ash
url: https://cdn.jsdelivr.net/gh/mobility-5tarlit-venue/vigilant-adventure/gran2
url: https://cdn.jsdelivr.net/gh/mobility-5tarlit-venue/vigilant-adventure/repoz
file: 139.129.35.100
hash: 443
file: 43.143.231.218
hash: 8088
file: 117.72.13.112
hash: 443
file: 108.160.131.147
hash: 8888
file: 34.151.214.214
hash: 7443
file: 47.237.15.197
hash: 443
file: 217.216.32.194
hash: 80
file: 154.36.173.164
hash: 60000
file: 142.171.48.246
hash: 3333
file: 13.200.130.119
hash: 4444
file: 45.143.131.123
hash: 65530
domain: romerolandscape.com
domain: ergodown.com
domain: slabiflc.ergodown.com
domain: eoaqgpmv.frozendoome.com
domain: fndokott.frozendoome.com
domain: pvyritcv.frozendoome.com
domain: wpptrzam.frozendoome.com
domain: wwtvktcg.frozendoome.com
file: 194.14.217.119
hash: 80
file: 176.31.71.168
hash: 443
file: 104.243.248.63
hash: 81
file: 185.163.204.214
hash: 9000
domain: elfrodbloom.world
file: 201.139.92.66
hash: 4443
file: 179.95.199.57
hash: 9990
file: 18.144.60.171
hash: 7481
file: 88.11.159.197
hash: 4444
file: 43.198.227.159
hash: 2181
file: 43.198.227.159
hash: 39031
file: 3.21.106.208
hash: 11262
file: 15.160.201.186
hash: 4058
file: 15.160.201.186
hash: 10258
file: 15.160.201.186
hash: 24108
file: 35.93.135.13
hash: 3299
file: 35.93.135.13
hash: 999
file: 15.161.131.57
hash: 8808
file: 3.25.76.119
hash: 20548
file: 13.247.110.79
hash: 4242
file: 13.247.110.79
hash: 9042
file: 15.222.249.45
hash: 4891
file: 35.72.14.173
hash: 51228
file: 35.72.14.173
hash: 20728
file: 45.137.70.87
hash: 3778
url: https://trichoi.cyou/api
domain: snwang-yandi.com
file: 47.76.197.47
hash: 8443
file: 47.76.197.47
hash: 443
domain: fvnkpgjcw.localto.net
domain: enjambwm.cyou
domain: lacevcnt.cyou
domain: stripcil.cyou
domain: diamondpickaxeforge.com
domain: flyingbbird.abc
url: https://deeesik.com/5a6n.js
domain: deeesik.com
url: https://deeesik.com/js.php
domain: skullcode.myddns.me
domain: event.harvestcircleinc.com
file: 104.168.0.140
hash: 2404
url: http://vqrip9nq.beget.tech/authbigloaddefaultflower.php
domain: www.sethrgloballimited.com
domain: www.sethrgloballimitedbackup1.com
domain: www.sethrgloballimitedbackup2.com
url: https://cki.sodstreams.com/
url: https://cki.bexca.org/
url: https://cki.yago.fun/
url: https://d2d.yago.fun/
url: https://cki.alipico.com/
url: https://jth.alipico.com/
url: https://hrm.alipico.com/
url: https://stm.alipico.com/
url: https://d2d.alipico.com/
domain: cki.sodstreams.com
domain: cki.bexca.org
domain: cki.yago.fun
domain: d2d.yago.fun
domain: cki.alipico.com
domain: jth.alipico.com
domain: hrm.alipico.com
domain: stm.alipico.com
domain: d2d.alipico.com
domain: yqiaekirp7n7fkp3bwx2nfxm6zohhaa3ct5xvdqsxsanxqqwoyltb6id.onion
domain: 55gqddfwtzfcuxwgoz746tas2djoiai4lbjvc36kq55prehyvedee3qd.onion
domain: 6lrsxvqscxtznb4fhux5u3vbslbanxjzxzgtokjtfwaitxe4pfgfebad.onion
domain: 4fklgnaegkdpfgaa3rxr3x4xujq4yi6dcuumxikrquzar2m3meiqxwad.onion
domain: zvdlza5tjyl33mbx4k7w7t25ve6e5c3ve3nmfwqlygl6ww6s4lmsu4ad.onion
domain: 7o4vytbuk42nuucim5idwgsg3zqkocpllqpykmrdk6zvs75ne7iwgmad.onion
domain: nxarphaf35qp2uuosaq54m3a2s5kt4svpcv56mvz6r7xy6na7uo5ypyd.onion
domain: bxi2cepk57dy3uhgwqd6dri6jtuqe7btay225rn6xkvvgnp2cvjvowqd.onion
domain: 2idvzxbwvzbxhuniw7kfaimcvtqazmn7nmuw7codg65cshwwsvnpz7id.onion
domain: wjwbqeuni4zslbm4cduvo7uwyo653k4gdx2x4irj4zkrwyerksdcxryd.onion
domain: whdoefodpz4jjpwr5imipdntkh6kdbjazhx2zvdhcbmrtuxs6f3iwnid.onion
domain: 6stzturcvnli6ilm6f6vweiymchi6lboc62u7ive2q7hn5hbbbauvgid.onion
domain: 6blfnoe24tfpal2kmacphkjmzph3oghjdznsgkf23lmvjqbtgrmedpid.onion
domain: 5xmd7pwpk4flmz5o2hbyndpkles5klmwbpxbw4jitzjnbhn4wkdktvad.onion
domain: vkl3xfkp2vtpdzk7ohock3w2oiwwtvgnwbwvurrqafh5nhw23h43dbid.onion
domain: awrfq7pjydfp3hwbsun6ltxrrzths5ztgxj7i7ybx7twjrdvzvxkgwad.onion
domain: z4tonbkjybcllsvd45smpkqkk5uaspmlnvmysrkxt37wuudijvp7k2id.onion
domain: jzl4bylm4bng2zgmeqw3lx6bcbxzb2hulicxneuosq26sshnitrcvcad.onion
domain: 2u6njk55okdxvrup5feu3wbhyxvlqla7yuj2oz3xkzz27yzc66vcirqd.onion
domain: sqnnhgqr4iiwnkaih6vspyxmebz2vvjv3uybmjdynw6sne5plilunhyd.onion
domain: 67hvtslok5a4cwjxfmidbgbunsvckypf2dwkpxg3y2sabar5b4jidmyd.onion
domain: hzyp7n436ecwo73xvrgnf5wmbjewszwut4h6vz4fu6f2oqd5zfcd7sad.onion
domain: 6a5ib4udgwlkyl3zzeyenedcb7d33j2vq7egpqykr5457uiskeu6zjad.onion
domain: h4x3ic7ojxau5nxb2sr37spsgfkxywrs3gxls3aakqw6jkki7nlzwwqd.onion
domain: 44yr5rtuool2sewjjmuyhdszvf4jqx5ayr3t2u662lwzayldrjd55bqd.onion
hash: f32c61ebde695d06cd1764c58f209d60
hash: d5aa41e1c40dd5fea93db920292829ba
hash: e2117bc07b94af5db09d1e8139b9774a
hash: a90c3969bcd05e191205da92fd43c88f
hash: 67bc6e3b82515dffeb04328c7f8a1322
hash: 97c636d3ec31cd21e118284c4c92e5bb
hash: ad61b949f2c3d8a8936305da847f2ab6
hash: 150a0d59b5c6e86985b3315e1aaa103e
hash: 1b637a43abca552acaee11c01913db18
hash: 3139c8e0d0dd9683ebfecdb2e4f1b6bb
hash: a9297a8acbee74ba0169333ee38be2ef
file: 185.208.156.201
hash: 9999
file: 107.172.31.101
hash: 7707
file: 95.111.225.15
hash: 443
domain: global-api.bomain.ru
domain: aw-booking.bomain.ru
domain: www-dd.bomain.ru
domain: cdn-cf-cms.bomain.ru
domain: es-us.bomain.ru
domain: sdk-fra02.bomain.ru
domain: api-cms.bomain.ru
domain: www-mx.bomain.ru
domain: de-li.bomain.ru
domain: shop-de.bomain.ru
domain: it-ch.bomain.ru
domain: www-ba.bomain.ru
domain: fr-be.bomain.ru
domain: global.bomain.ru
domain: www-bg.bomain.ru
domain: flix-careers.bomain.ru
domain: twitter.bomain.ru
domain: www-ca.bomain.ru
domain: pulse-cro.bomain.ru
domain: js-appboy.bomain.ru
domain: www-uk.bomain.ru
domain: www-al.bomain.ru
domain: app-adj.bomain.ru
domain: fr-ch.bomain.ru
domain: corporate.bomain.ru
domain: honeycomb.bomain.ru
domain: www-cat.bomain.ru
domain: help.bomain.ru
domain: fr-ca.bomain.ru
domain: hc-icons-hive.bomain.ru
domain: www-fb.bomain.ru
file: 43.205.96.101
hash: 38644
file: 18.170.33.45
hash: 8443
file: 3.91.157.114
hash: 830
file: 13.49.80.35
hash: 56878
file: 40.177.115.38
hash: 49409
file: 3.145.156.172
hash: 2923
file: 3.10.232.160
hash: 1913
file: 15.237.101.71
hash: 10000
file: 15.237.101.71
hash: 20000
file: 15.237.101.71
hash: 23750
url: https://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/input-678-recon-exp/mp-rt-115
url: https://flautister.com/handler/session-component.php
domain: flautister.com
url: https://flautister.com/handler/auth-controller.js
url: http://98.142.251.63/con
url: https://oilporter.com/con
url: https://98.142.251.63/currency
hash: 352ae8c2dff6e401fb14f86d702a06fa
hash: 0014e18b7e72bbabd17a8e39c9448563
hash: 96110d9369bdc35ddc1ed8844a0b076f
hash: a0524bf02968db6eae5081b9ab92af31
hash: e1d4fef47f5b8057d275fcd67b37b139
hash: 87c2fe364be5c08c86e4d08aa53ecdbc
hash: d90666b71ae82f8ad4a7d921324c2d54
domain: fusionjanicepalimpsest.com
domain: mosslotus2020.shop
file: 198.251.89.149
hash: 80
domain: viscosity-vertex.gl.at.ply.gg
file: 37.19.221.168
hash: 15312
domain: asseccmod.ydns.eu
url: https://yarddrq.cyou/api
url: http://00491751076163.com/api
url: http://198.251.89.149
file: 154.9.26.201
hash: 8084
file: 47.76.147.135
hash: 2233
file: 47.76.147.135
hash: 80
file: 26.159.110.92
hash: 10134
file: 161.189.237.239
hash: 8443
file: 35.170.217.214
hash: 443
file: 31.172.80.212
hash: 80
file: 8.210.125.140
hash: 80
file: 47.83.249.18
hash: 8089
file: 31.220.97.227
hash: 2404
file: 158.94.211.18
hash: 5902
file: 43.159.49.132
hash: 8888
file: 34.151.249.253
hash: 7443
file: 197.134.50.84
hash: 8080
file: 161.97.67.39
hash: 1337
file: 45.244.140.213
hash: 4444
file: 43.205.96.101
hash: 18244
file: 54.221.111.221
hash: 2448
file: 52.15.104.72
hash: 8084
file: 15.168.14.98
hash: 43
file: 43.199.144.50
hash: 5902
file: 18.170.33.45
hash: 6443
file: 18.170.33.45
hash: 15443
file: 35.152.135.144
hash: 18591
file: 18.162.190.213
hash: 3299
file: 18.162.190.213
hash: 9999
file: 51.20.66.173
hash: 5902
file: 51.112.43.127
hash: 9201
file: 51.34.126.94
hash: 3390
file: 15.223.70.81
hash: 102
file: 15.223.70.81
hash: 6002
file: 108.136.248.198
hash: 43516
file: 18.144.49.159
hash: 5222
file: 18.144.49.159
hash: 22822
file: 47.92.204.208
hash: 80
file: 204.10.160.190
hash: 7003
domain: communi.cyou
domain: gibelohc.cyou
domain: regreso.cyou
domain: epicenf.cyou
domain: yarddrq.cyou
file: 129.226.135.232
hash: 6666
file: 27.124.43.115
hash: 5178
file: 118.107.29.135
hash: 5178
file: 91.219.236.237
hash: 7000
domain: nightkill3r.publicvm.com
domain: zesir-44796.portmap.host
domain: foranother1337.publicvm.com
domain: scamkiller.loseyourip.com
file: 216.9.224.26
hash: 51010
file: 13.53.159.33
hash: 1337
domain: gxmbkcpvv.localto.net
file: 88.124.81.211
hash: 49153
domain: bnli8khzo.localto.net
file: 172.59.191.252
hash: 8080
file: 172.59.191.252
hash: 80
file: 64.188.98.20
hash: 80
url: http://64.188.98.20/api/ytasodasodasytisytasodmsogqsotysnjusodis
url: https://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/input-678-recon-exp/29vfkuc8uq
hash: cf29c561cbd03a16b435995f5cfe90407e6acc53
hash: b93909338a17e640f4fee04b3b995562d29d02de5e9aeab2d7b69ea9a31b5e03
hash: 5fa251ce06de7db855473795ca470093
hash: d2aa8aae69b257cc1be6b0e8f0f5b07c598a5bd7
hash: 158764b66a1c4159156649f8d04aa389fb31b06ad7826e5392422711c132cfd2
hash: ef621dc84fe1feaf83a01519fec30ec3
hash: b7bea364a5e4e9a89d2563095890532e7deacbdd
hash: 317953bd939a2f705495f952b95aa1ba4ee3cd59d19ad53460c3c8b1dec3a0bc
hash: cde0775cac845f31932312622ba906e1
hash: 60b6e102b3327d73e552e924c1969cabb3277dc1
hash: c91a51dc0199e2a010e0cc2d26e8477485f2ec8b79cb45fb3e9a5f47519b6b1e
hash: 5364f71675abf2bd4fde9747d6b3ea5f
hash: c09e8097c687837029aa48419dee5bf3cfb601da
hash: 0eb819388cdb11fd868c5941e41d8bb61923c10aa8114ec797e7c37c6c458ec5
hash: 7eef63a52a32fa3dcb03154de03573a5
hash: 770a9c976421c4621b67d6c2e6e268c1aaed9625
hash: 9342a1d80f5482e905cf7448c904cdf21305432bf86893f7e1ccf297baf13c9c
hash: ec770eb4775c2b8037c2fb15e0b63670
hash: b2ec2eb001918585903d4401dba2432ebc7bd3aa
hash: fc6fb83b3816de43439cff9fa9aeb7aa9091c6407e80ff9d6e50bffc900ef6bc
hash: 642d0b10fd04b51b60662a9a902025c7
hash: 22f9a4f04623d2dd62b3cbe78b4d0db9cc377bb4
hash: 1fb81b5e9302ca9950e4d36a87a1cc777f347f23a3c268a3b27ec5f854273b6d
hash: fdc270157952234186a9f2bdd4a9a956
hash: 78313c13b49a9f52bd56c3e6f44f758a6cdba4c0
hash: df1725526b23e3ddb09667fe5d9a519d704f536e5a7b701029f58b00097dcab2
hash: 46788513abe0249be6e91828315aeb09
hash: 89c2ca910fa965f092cbf30b1ba7a6505fc489f7
hash: 71090a6478f4eb6ac24f138a6401c848245ee9388fdf33abdf0ef29377200b66
hash: 1dd23c68683eeb956d043c338668534c
hash: dccaa5935d14ab1948cef489e2a3f3a7564a25d4
hash: 5d9d38fc6078247e95656f42369af5ffde457b4bab83679e860776ca26378576
hash: bbef5e097987e72a2da600021bb9053b
hash: 99ab4fe1d3adbcc796e24ddba8fb3151b4bebc62
hash: f25b1cd9c5238d2ff6bc478690171d156276685d9bc1f53ca260b9e07d589c20
hash: 97e189c6dd9196fa7a6893190d6d8b93
hash: 14d703a55d2d07a9bfa938cf985ea2976e8a6970
hash: 3b74f2bc2c5f52c9c6d9a4ccec72a5dc9ff7a1676c17483c1b734d91ff06a2f5
hash: a3d346e9dbdc4ca5092746a4c583bfec
hash: 90f721156fd3343f0123517b548e474b257105b9
hash: 080fbc741ab518a53f82dd002c77ed68cdc2bad0377afef8ee1435e2a2803b6c
hash: 5846e2e356dbc36741db509380af6a42
hash: 59d1cd7f5c0db4e198925d9f892f9d09ce6bf6b8
hash: 01d43a963b470c78d91382de1f0b6d76c278f9e70a4e0057b636217fd7f3de87
hash: cd5dbbc7e14897ccd1fad1b4d21a0b9f
hash: 1bcf9d9f1523d3d6854323377b02da9a5234b5a0
hash: 43e0b148810e477e6a4a41040b8425a060f3c197c65c772eb830a77adeef3a69
hash: fa0a034efd475abbb5422d202310193c
hash: 912424f38a516670ad1fb5ea0ad41797030538d0
hash: c18b18b0f0a2927896b858bbaf4fd3781287f4bb493b961dc4dc5b51985e19a5
hash: b49677c0152004f52deb9f603d87d18d
hash: 6f2e6cbc4e2bae38fc8388495778bf31956e1651
hash: c5180f2a0b432dc5fd66aed6d4a8d21062fc6db1419adfba5ac907752ef5133f
hash: 1d28cd3104227d122c5a3cff75052ed2
hash: 905d822f6dd6a5bb9f10ce75563558c107e55d85
hash: de6caea35f51991b3ac5a7e5ef82e81f05323e2ca02ed16a861701efaf96a1c6
hash: d871692ba9b68a8c564b650407919c4d
hash: 6a383b158bce0eaba53e078ef65d1c5aa951903f
hash: eda7a5216e8eba7d8648d7160bf64a09f142cdb24163649693d0347f74a65757
hash: 0d1b251406af24179e5210d168ada9f8
hash: ddf2fd60cbdc8cd74ce8dfae115444626e9fb513
hash: be4f76750d5b734d49678c2df15bd8268259475ced28808ba16c32270a863dc2
hash: 081ee44c6b94f15d7eb6bb783ff283ad
hash: 8241329b15d58720c572b97464fa6d4dd0a2797b
hash: 1806a422212cd1992fa72df78873755c35675b332599f9a7dfd0103711c2d062
hash: 01fe9ec52001743d53b7b82b685b1801
hash: 6b88782888bc1eb27ce39b9d449b6c099e3aa4ae
hash: 9b7023ed9d783bf33aa0178b91f82c2e6e7d69cd5db878845171fde65481bb4b
hash: 4cea87712364bcc12b941d51ca1b3be1
hash: 18f98a57f49930dd84341a1d5babeb10aa5509ea
hash: ea8c94c322bfcb950b6ed1e672819b930feff110eb33ff0bb8d00a8977757e3e
hash: 4eaf0516cbf78a31a9bbe63abf3688df
hash: 7fe25bbdd181699de65ba21de2830c500d90eb1e
hash: b79268daae3fcb3b75bdb26c6dd2d2224626369a32469b22c5f36b8bd0fe9f04
hash: 8a75dc4bd62b64ea987d8dc8b4a46a10
hash: a63ed7b7cff302d25db4dee2bb02d58ec3595ba5
hash: 6a0f4ea2f4ba62e63cc8abac633ccefc97068eb2639eb9cfae6b26cfde7be1bf
hash: fc74c469d8aeffd702c12d9a9d02876f
hash: b2ab7e371836a0ca427a47e3ab956c6a4611f3ae
hash: 799fda3ecc1dd25a3100b87ab8b41678a32ac761ecf75f59167eb77f91e0a3a1
hash: b4336b206409550d78e0029065cdcc75
hash: 478263c69881f40778abe8758241c50b7d4e4946
hash: 16c822c938c5cb6be806a6c6cfc9567d0dd6a16c1de166e2b95c3189a874d7b3
hash: e3fb55091ccb2aea5d448fc9f3f50859
hash: ab429d6eb1bde02163bb18fc21f961656ceddde9
hash: 6e9be805bfd18c93b604e731b0c2b366e246368947b71c695e5b19d0a78913c3
hash: 1158732b09c452dfc91b2715fb0093c7
hash: 850dc4785f2d7f13ac67a7daecc13d26d15dc4e2
hash: 2986b0bd4774daf7ffbfa4f6fd239a3842e98c5774ea14ebf4726a4f8fca2a30
hash: 13aecf3495cd078b778749de67f4b30b
hash: 58397235a4940a395744edf64cd66ac55069e668
hash: a5f0289825409d89743cc64f0b4a67ffa8f5166a5576ed44724e96a54c9e4465
hash: cce695285866b9ce840cbecdff1a8995
hash: d236ec49c02d826328ad64fd36da30a6c1196ecd
hash: fab4ca3ede799d517a068e70df2118b6a62a54710ecc7ab0c90ea4c039604ef1
hash: 85eb41510e60350f6c9d42576964ffd4
hash: 944cb5f1bd3d5094287674ff989cc7b96dccceab
hash: fbc4b5fe44d01965b49265049ba90407f1dceb5c2a7339ab01be1f8339dbe0bb
hash: 987fded6c678044ab8277c04d9555e14
hash: 24cfac5e5c61411984a61f57c36f32c0b7b8355e
hash: f0028efaa06d984d290f6b6f5bda3efc6be6ac3a86d1a171b61bc6d9ec53ebda
hash: f6635370c0a061fac52195483429c315
hash: 55d0eea3cbedb598cfad1a0d12e9132e2157d58a
hash: 0cf835c68e0c403c42b3670e057f0852417b603a03ba328735d3371ccd33b97d
hash: c4653e35b11836efdd273d8661b3ad94
hash: 9808fd6af43c4701a787be7a2af7da674a12ddd8
hash: fbc833ef1bf410be08f2417f2d43861dad03dfa5fbd71725bb5b6182c2a5d84c
hash: 1a92e729703b09b11c39fff4055c3a09
hash: 5619d28bd7f52b0ce734fed93d725b453fe7a4aa
hash: e31d446c7b1f28b034ba1cdf43522c598ab670f8a706a048b4be68bdb2492487
hash: baafddfda8404d2dbfcc8ac31a02af74
hash: e79ec5ba0180607cf5910b2ce43ee60099f6bd42
hash: 91abbc169238db3e8f6f642b65db21d8bab01ca97152f02047305367adab7e8f
hash: 4212832505c40663f887c6197d19c2f8
hash: 3e3f194ee146b5b80096d5585f5f9952a024525b
hash: 18ee62de034b56b4677552f8fbcda0ba114c25c40f161b1cfa4190697c3e2293
hash: 5f90e8bef55bb6c67a0900eb5e3f610e
hash: 4811f317e933d13961b9cc8b38d41d4fae67dcc5
hash: 9db343a12b7b22ba7feca33019a437067f96e03a2695f574a97f446f7dc2883b
hash: 203dd619f92192331f488854ccde6178
hash: 42ef6983422db1622163e8866aac18856405bac8
hash: 172acccc72c8f76ceb8cd40715399a6f5d318be3002c163e58e9843e891bbe7a
hash: 5d6bd66a425dd270e72e63c6d150443c
hash: 12c8be199a17e63cafa011a1b3ad0bd55dbd73bc
hash: 6fbd0154cf0a5604efe36e6c9007890f01fe6fae45593d132f3a0f79b2f0629d
hash: 723063e6026c2fcf86dc61f5a399d329
hash: 35aed0a1ed99a57c637aa75c61a50bab12723ef8
hash: 31b81ea20ff83ca54ec0d7091722edf40cb2066170e1e7208b0cdb30a4a11d3c
hash: cc729b30c34c7e3573b8b71b99fb72b0
hash: 400aaf77497d3e4fc6fc347ac8e8df83367600c5
hash: 7f93c05e8f0a7c6c4e6ee7f82da40e66e9aa2191ad87da82da2b0c478a6dac97
hash: 6c856327dcb9f8c341c601867b1622c5
hash: 14cba04971ad2398c24e3d940744df6ada2eff3f
hash: 5820d023c0c382b11e17661f8e293792ffb86aa2f54da2cb120e93652c0e4639
hash: de9bd25b8185a04ba6ac06b66b168294
hash: 9052e20e412415fc8f4bcee00226ac9c44d49355
hash: 26d6053c28e6d07e8be6f160fab2334b8339f23cafe1b35e524e1add0acee6b4
hash: 0ff8bd1f1ca84b2483307286ab529da9
hash: 321d077348140dd7967ce6d0832bab582dce3990
hash: 57b20a754a8bc0d551bbcf7d94e4767f0bb29c1e3996301d2a92cd9f309d7bfc
hash: 365062334429339b5aa3610d7aa69552
hash: 6e4abc36df8df04ffeef094284cb12482fbb6859
hash: 0aa70a7c57774e6db280a45b4d4b27cb109e6b9d01191e4742644bbeffcc8e14
hash: fd2b4c07f7e3b4a99ad4a459fc5cb728
file: 38.45.126.243
hash: 1527
url: https://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/sim-ws-dlt-xchg/repl-rt-msh
file: 185.196.11.174
hash: 56001
file: 185.196.11.174
hash: 56002
file: 185.196.11.174
hash: 56003
url: http://178.17.59.1/api/ntesn2qsn2usntgsnwisnjasnjisnjcsyyw3osw=
url: http://178.17.59.1/task/ntesn2qsn2usntgsnwisnjasnjisnjcsyyw3osw=
file: 178.17.59.1
hash: 80
file: 144.31.219.15
hash: 80
url: http://185.170.154.101/task/ytasodysodisowqsytesodgsotasotusnjusn2qs
url: http://185.170.154.101/task/ytasodasodasytisytasodmsogqsotysnjusodis
url: http://185.170.154.101/api/ytasodasodasytisytasodmsogqsotysnjusodis
url: http://185.170.154.101/api/ytasodysodisowqsytesodgsotasotusnjusn2qs
file: 185.170.154.101
hash: 80
file: 106.55.154.4
hash: 443
file: 104.223.57.30
hash: 80
file: 45.94.31.119
hash: 8080
file: 124.198.132.190
hash: 8080
file: 20.2.140.201
hash: 8080
file: 192.253.245.199
hash: 7788
file: 169.40.135.96
hash: 8090
file: 13.213.78.225
hash: 3333
file: 151.241.154.109
hash: 62184
file: 151.241.154.12
hash: 62184
file: 185.100.157.186
hash: 62184
file: 185.241.208.150
hash: 62184
file: 31.57.219.210
hash: 62184

ThreatFox IOCs for 2026-01-22

Severity: medium

Type: malware

ThreatFox IOCs for 2026-01-22

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy

Indicators of Compromise

url: https://mail.nmreitgroup.com/
url: https://mail.wetooktheplunge.com/
url: https://kastechnologies.net/
url: https://mail.lacasadeltexu.com/
url: https://mail.mamahdannirwana.com/
url: https://lafabri-k.com/
url: https://astrologiahindu.com.br/
url: https://mail.e1staffingandrecruiting.com/
url: https://jadd.draftus.net/
url: https://interstate.myinvestment.properties/
url: https://www.gdckupwara.edu.in/
url: https://horodniany.pl/
url: https://hitokara-kishin.com/
url: https://gomygo.kusherp.com/
url: https://glassiker.com/
url: https://gia5.ru/
url: https://ftp.agrigentotourist.com/
url: https://erp.bditconsultancy.com/
url: https://footballpicksandpredictions.moneymaking-opportunities.com/
url: https://elex.codeberry.in/
url: https://foxfinancas.com/
url: https://edgenroots.net/
url: https://dk-decor.com/
url: https://emba.nu.edu.eg/
url: https://dyag.brobro.ai/
url: https://dveryuga.ru/
url: https://cms.iqwing.live/
url: https://comocerditos.com/
url: https://bos.webserver5.com/
url: https://cpcontacts.centrocirugiaplastica.com/
url: https://calmost-hair.main.jp/
url: https://www.blog-ecommerce.es/
url: https://cavallotech.de.businessecontact.com/
url: https://augustoilian.cybercol.com/
url: https://bwpeople-hr40under40-talentworld.com/
url: https://cammy-freelance.com/
url: https://arise.spiderwebzdesign.net/
url: https://aksafil.ru/
url: https://99idesign.com/
url: https://cashazing.dev.prodevr.com/
url: https://africaexports.click/
url: https://www.antoineruiz.it/
url: https://3iss-online.3iss-online.com.br/
domain: ddy.alipico.com
url: https://ddy.alipico.com/
url: https://kurgan.logomebel.ru/
url: http://91.215.85.42:3001/login
file: 91.215.85.42
hash: 3001
url: http://5.196.243.97:3000/auth
file: 5.196.243.97
hash: 3000
domain: blushwb.cyou
domain: discret.cyou
domain: trichoi.cyou
domain: unchewq.cyou
hash: 191ee35d59e9a5931693a774419205bd3055408f449328a4d129ea2a4e61c19c
file: 193.26.115.189
hash: 5000
file: 130.12.182.224
hash: 2404
file: 124.198.131.156
hash: 4000
file: 176.65.151.217
hash: 2404
file: 34.64.98.201
hash: 8443
file: 82.153.138.218
hash: 8080
file: 13.244.65.215
hash: 18245
file: 18.183.226.125
hash: 119
file: 54.213.220.9
hash: 19086
file: 35.152.239.84
hash: 25565
file: 15.152.41.225
hash: 17049
file: 15.152.41.225
hash: 49399
file: 3.28.46.68
hash: 26447
file: 3.82.48.242
hash: 58569
file: 18.166.210.216
hash: 9999
file: 108.137.2.103
hash: 47001
file: 72.61.148.133
hash: 8888
file: 34.30.77.194
hash: 1337
file: 94.156.152.67
hash: 1999
file: 37.120.199.54
hash: 4778
file: 151.241.154.73
hash: 6000
url: https://captioto.com/
file: 45.144.54.79
hash: 3778
url: https://krasnoyarsk.logomebel.ru/
domain: easyrce.eu.org
domain: xyt.cpolar.top
file: 20.189.72.117
hash: 443
file: 45.156.87.170
hash: 2405
file: 45.74.41.98
hash: 2405
file: 34.64.98.201
hash: 443
file: 45.56.68.27
hash: 8080
file: 36.140.162.173
hash: 8888
file: 3.67.112.102
hash: 15815
file: 217.216.32.194
hash: 2083
file: 15.160.114.96
hash: 5985
file: 54.241.116.173
hash: 20256
file: 3.101.111.164
hash: 790
file: 3.101.111.164
hash: 54240
file: 3.36.54.153
hash: 37060
file: 54.170.93.15
hash: 2761
file: 54.170.93.15
hash: 11211
file: 35.152.239.84
hash: 37215
file: 16.51.68.115
hash: 15443
file: 40.233.25.87
hash: 4444
file: 52.50.166.229
hash: 43
file: 52.50.166.229
hash: 4443
file: 52.50.166.229
hash: 10443
file: 13.208.214.74
hash: 4840
file: 13.55.40.36
hash: 1098
file: 13.55.40.36
hash: 20548
file: 18.166.210.216
hash: 6699
domain: homecenter.co.com
domain: ppinacon.za.com
domain: lacemeup-64707.portmap.host
file: 194.156.79.17
hash: 2404
file: 103.144.244.252
hash: 8080
file: 111.230.9.108
hash: 8081
file: 110.41.164.60
hash: 8888
url: http://144.31.219.15/api/ntesn2qsn2usntgsnwisnjasnjisnjcsyyw3osw=
file: 185.14.92.67
hash: 9931
file: 47.83.249.18
hash: 443
file: 39.105.21.181
hash: 888
file: 156.234.254.158
hash: 53481
file: 8.217.90.255
hash: 80
file: 27.124.46.83
hash: 8080
file: 115.190.151.227
hash: 80
file: 112.124.32.100
hash: 18443
file: 212.95.55.172
hash: 8888
file: 171.239.168.129
hash: 5000
file: 69.167.11.186
hash: 443
file: 41.250.131.63
hash: 443
file: 167.86.155.90
hash: 443
file: 100.26.7.35
hash: 80
file: 103.177.47.226
hash: 3790
file: 52.23.214.10
hash: 8888
file: 18.61.252.37
hash: 102
file: 18.61.252.37
hash: 5902
file: 18.130.52.11
hash: 56798
file: 51.16.37.227
hash: 7170
file: 196.74.220.85
hash: 2222
file: 40.177.229.194
hash: 5986
file: 3.125.33.240
hash: 1234
file: 103.177.47.221
hash: 3790
file: 3.15.4.251
hash: 41795
file: 3.15.4.251
hash: 46545
file: 3.15.4.251
hash: 50995
file: 15.188.84.193
hash: 16992
file: 54.244.57.14
hash: 8159
file: 91.208.184.240
hash: 8082
domain: i0qens8.uk.com
domain: kkj.uk.com
domain: ledlighting.uk.com
domain: liv.it.com
domain: mongodb.uk.com
domain: shj.uk.com
file: 165.227.30.154
hash: 443
file: 3.224.171.174
hash: 443
file: 34.197.163.138
hash: 443
file: 44.254.160.33
hash: 443
file: 45.61.139.127
hash: 443
url: https://tvelkor.mobilefoundationrepair.com/
url: https://jth.yago.fun/
url: https://213.165.74.206/
url: https://77.42.48.195/
url: https://194.87.77.26/
url: https://178.17.59.196/
domain: jth.yago.fun
domain: tvelkor.mobilefoundationrepair.com
file: 77.42.48.195
hash: 443
file: 194.87.77.26
hash: 443
file: 178.17.59.196
hash: 443
url: https://cdn.jsdelivr.net/gh/mobility-5tarlit-venue/triangle-0verbook-sh/gamb1t
url: http://66.175.216.33/forum/viewtopic.php
url: https://cdn.jsdelivr.net/gh/mobility-5tarlit-venue/triangle-0verbook-sh/s1ash
url: https://cdn.jsdelivr.net/gh/mobility-5tarlit-venue/vigilant-adventure/gran2
url: https://cdn.jsdelivr.net/gh/mobility-5tarlit-venue/vigilant-adventure/repoz
file: 139.129.35.100
hash: 443
file: 43.143.231.218
hash: 8088
file: 117.72.13.112
hash: 443
file: 108.160.131.147
hash: 8888
file: 34.151.214.214
hash: 7443
file: 47.237.15.197
hash: 443
file: 217.216.32.194
hash: 80
file: 154.36.173.164
hash: 60000
file: 142.171.48.246
hash: 3333
file: 13.200.130.119
hash: 4444
file: 45.143.131.123
hash: 65530
domain: romerolandscape.com
domain: ergodown.com
domain: slabiflc.ergodown.com
domain: eoaqgpmv.frozendoome.com
domain: fndokott.frozendoome.com
domain: pvyritcv.frozendoome.com
domain: wpptrzam.frozendoome.com
domain: wwtvktcg.frozendoome.com
file: 194.14.217.119
hash: 80
file: 176.31.71.168
hash: 443
file: 104.243.248.63
hash: 81
file: 185.163.204.214
hash: 9000
domain: elfrodbloom.world
file: 201.139.92.66
hash: 4443
file: 179.95.199.57
hash: 9990
file: 18.144.60.171
hash: 7481
file: 88.11.159.197
hash: 4444
file: 43.198.227.159
hash: 2181
file: 43.198.227.159
hash: 39031
file: 3.21.106.208
hash: 11262
file: 15.160.201.186
hash: 4058
file: 15.160.201.186
hash: 10258
file: 15.160.201.186
hash: 24108
file: 35.93.135.13
hash: 3299
file: 35.93.135.13
hash: 999
file: 15.161.131.57
hash: 8808
file: 3.25.76.119
hash: 20548
file: 13.247.110.79
hash: 4242
file: 13.247.110.79
hash: 9042
file: 15.222.249.45
hash: 4891
file: 35.72.14.173
hash: 51228
file: 35.72.14.173
hash: 20728
file: 45.137.70.87
hash: 3778
url: https://trichoi.cyou/api
domain: snwang-yandi.com
file: 47.76.197.47
hash: 8443
file: 47.76.197.47
hash: 443
domain: fvnkpgjcw.localto.net
domain: enjambwm.cyou
domain: lacevcnt.cyou
domain: stripcil.cyou
domain: diamondpickaxeforge.com
domain: flyingbbird.abc
url: https://deeesik.com/5a6n.js
domain: deeesik.com
url: https://deeesik.com/js.php
domain: skullcode.myddns.me
domain: event.harvestcircleinc.com
file: 104.168.0.140
hash: 2404
url: http://vqrip9nq.beget.tech/authbigloaddefaultflower.php
domain: www.sethrgloballimited.com
domain: www.sethrgloballimitedbackup1.com
domain: www.sethrgloballimitedbackup2.com
url: https://cki.sodstreams.com/
url: https://cki.bexca.org/
url: https://cki.yago.fun/
url: https://d2d.yago.fun/
url: https://cki.alipico.com/
url: https://jth.alipico.com/
url: https://hrm.alipico.com/
url: https://stm.alipico.com/
url: https://d2d.alipico.com/
domain: cki.sodstreams.com
domain: cki.bexca.org
domain: cki.yago.fun
domain: d2d.yago.fun
domain: cki.alipico.com
domain: jth.alipico.com
domain: hrm.alipico.com
domain: stm.alipico.com
domain: d2d.alipico.com
domain: yqiaekirp7n7fkp3bwx2nfxm6zohhaa3ct5xvdqsxsanxqqwoyltb6id.onion
domain: 55gqddfwtzfcuxwgoz746tas2djoiai4lbjvc36kq55prehyvedee3qd.onion
domain: 6lrsxvqscxtznb4fhux5u3vbslbanxjzxzgtokjtfwaitxe4pfgfebad.onion
domain: 4fklgnaegkdpfgaa3rxr3x4xujq4yi6dcuumxikrquzar2m3meiqxwad.onion
domain: zvdlza5tjyl33mbx4k7w7t25ve6e5c3ve3nmfwqlygl6ww6s4lmsu4ad.onion
domain: 7o4vytbuk42nuucim5idwgsg3zqkocpllqpykmrdk6zvs75ne7iwgmad.onion
domain: nxarphaf35qp2uuosaq54m3a2s5kt4svpcv56mvz6r7xy6na7uo5ypyd.onion
domain: bxi2cepk57dy3uhgwqd6dri6jtuqe7btay225rn6xkvvgnp2cvjvowqd.onion
domain: 2idvzxbwvzbxhuniw7kfaimcvtqazmn7nmuw7codg65cshwwsvnpz7id.onion
domain: wjwbqeuni4zslbm4cduvo7uwyo653k4gdx2x4irj4zkrwyerksdcxryd.onion
domain: whdoefodpz4jjpwr5imipdntkh6kdbjazhx2zvdhcbmrtuxs6f3iwnid.onion
domain: 6stzturcvnli6ilm6f6vweiymchi6lboc62u7ive2q7hn5hbbbauvgid.onion
domain: 6blfnoe24tfpal2kmacphkjmzph3oghjdznsgkf23lmvjqbtgrmedpid.onion
domain: 5xmd7pwpk4flmz5o2hbyndpkles5klmwbpxbw4jitzjnbhn4wkdktvad.onion
domain: vkl3xfkp2vtpdzk7ohock3w2oiwwtvgnwbwvurrqafh5nhw23h43dbid.onion
domain: awrfq7pjydfp3hwbsun6ltxrrzths5ztgxj7i7ybx7twjrdvzvxkgwad.onion
domain: z4tonbkjybcllsvd45smpkqkk5uaspmlnvmysrkxt37wuudijvp7k2id.onion
domain: jzl4bylm4bng2zgmeqw3lx6bcbxzb2hulicxneuosq26sshnitrcvcad.onion
domain: 2u6njk55okdxvrup5feu3wbhyxvlqla7yuj2oz3xkzz27yzc66vcirqd.onion
domain: sqnnhgqr4iiwnkaih6vspyxmebz2vvjv3uybmjdynw6sne5plilunhyd.onion
domain: 67hvtslok5a4cwjxfmidbgbunsvckypf2dwkpxg3y2sabar5b4jidmyd.onion
domain: hzyp7n436ecwo73xvrgnf5wmbjewszwut4h6vz4fu6f2oqd5zfcd7sad.onion
domain: 6a5ib4udgwlkyl3zzeyenedcb7d33j2vq7egpqykr5457uiskeu6zjad.onion
domain: h4x3ic7ojxau5nxb2sr37spsgfkxywrs3gxls3aakqw6jkki7nlzwwqd.onion
domain: 44yr5rtuool2sewjjmuyhdszvf4jqx5ayr3t2u662lwzayldrjd55bqd.onion
hash: f32c61ebde695d06cd1764c58f209d60
hash: d5aa41e1c40dd5fea93db920292829ba
hash: e2117bc07b94af5db09d1e8139b9774a
hash: a90c3969bcd05e191205da92fd43c88f
hash: 67bc6e3b82515dffeb04328c7f8a1322
hash: 97c636d3ec31cd21e118284c4c92e5bb
hash: ad61b949f2c3d8a8936305da847f2ab6
hash: 150a0d59b5c6e86985b3315e1aaa103e
hash: 1b637a43abca552acaee11c01913db18
hash: 3139c8e0d0dd9683ebfecdb2e4f1b6bb
hash: a9297a8acbee74ba0169333ee38be2ef
file: 185.208.156.201
hash: 9999
file: 107.172.31.101
hash: 7707
file: 95.111.225.15
hash: 443
domain: global-api.bomain.ru
domain: aw-booking.bomain.ru
domain: www-dd.bomain.ru
domain: cdn-cf-cms.bomain.ru
domain: es-us.bomain.ru
domain: sdk-fra02.bomain.ru
domain: api-cms.bomain.ru
domain: www-mx.bomain.ru
domain: de-li.bomain.ru
domain: shop-de.bomain.ru
domain: it-ch.bomain.ru
domain: www-ba.bomain.ru
domain: fr-be.bomain.ru
domain: global.bomain.ru
domain: www-bg.bomain.ru
domain: flix-careers.bomain.ru
domain: twitter.bomain.ru
domain: www-ca.bomain.ru
domain: pulse-cro.bomain.ru
domain: js-appboy.bomain.ru
domain: www-uk.bomain.ru
domain: www-al.bomain.ru
domain: app-adj.bomain.ru
domain: fr-ch.bomain.ru
domain: corporate.bomain.ru
domain: honeycomb.bomain.ru
domain: www-cat.bomain.ru
domain: help.bomain.ru
domain: fr-ca.bomain.ru
domain: hc-icons-hive.bomain.ru
domain: www-fb.bomain.ru
file: 43.205.96.101
hash: 38644
file: 18.170.33.45
hash: 8443
file: 3.91.157.114
hash: 830
file: 13.49.80.35
hash: 56878
file: 40.177.115.38
hash: 49409
file: 3.145.156.172
hash: 2923
file: 3.10.232.160
hash: 1913
file: 15.237.101.71
hash: 10000
file: 15.237.101.71
hash: 20000
file: 15.237.101.71
hash: 23750
url: https://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/input-678-recon-exp/mp-rt-115
url: https://flautister.com/handler/session-component.php
domain: flautister.com
url: https://flautister.com/handler/auth-controller.js
url: http://98.142.251.63/con
url: https://oilporter.com/con
url: https://98.142.251.63/currency
hash: 352ae8c2dff6e401fb14f86d702a06fa
hash: 0014e18b7e72bbabd17a8e39c9448563
hash: 96110d9369bdc35ddc1ed8844a0b076f
hash: a0524bf02968db6eae5081b9ab92af31
hash: e1d4fef47f5b8057d275fcd67b37b139
hash: 87c2fe364be5c08c86e4d08aa53ecdbc
hash: d90666b71ae82f8ad4a7d921324c2d54
domain: fusionjanicepalimpsest.com
domain: mosslotus2020.shop
file: 198.251.89.149
hash: 80
domain: viscosity-vertex.gl.at.ply.gg
file: 37.19.221.168
hash: 15312
domain: asseccmod.ydns.eu
url: https://yarddrq.cyou/api
url: http://00491751076163.com/api
url: http://198.251.89.149
file: 154.9.26.201
hash: 8084
file: 47.76.147.135
hash: 2233
file: 47.76.147.135
hash: 80
file: 26.159.110.92
hash: 10134
file: 161.189.237.239
hash: 8443
file: 35.170.217.214
hash: 443
file: 31.172.80.212
hash: 80
file: 8.210.125.140
hash: 80
file: 47.83.249.18
hash: 8089
file: 31.220.97.227
hash: 2404
file: 158.94.211.18
hash: 5902
file: 43.159.49.132
hash: 8888
file: 34.151.249.253
hash: 7443
file: 197.134.50.84
hash: 8080
file: 161.97.67.39
hash: 1337
file: 45.244.140.213
hash: 4444
file: 43.205.96.101
hash: 18244
file: 54.221.111.221
hash: 2448
file: 52.15.104.72
hash: 8084
file: 15.168.14.98
hash: 43
file: 43.199.144.50
hash: 5902
file: 18.170.33.45
hash: 6443
file: 18.170.33.45
hash: 15443
file: 35.152.135.144
hash: 18591
file: 18.162.190.213
hash: 3299
file: 18.162.190.213
hash: 9999
file: 51.20.66.173
hash: 5902
file: 51.112.43.127
hash: 9201
file: 51.34.126.94
hash: 3390
file: 15.223.70.81
hash: 102
file: 15.223.70.81
hash: 6002
file: 108.136.248.198
hash: 43516
file: 18.144.49.159
hash: 5222
file: 18.144.49.159
hash: 22822
file: 47.92.204.208
hash: 80
file: 204.10.160.190
hash: 7003
domain: communi.cyou
domain: gibelohc.cyou
domain: regreso.cyou
domain: epicenf.cyou
domain: yarddrq.cyou
file: 129.226.135.232
hash: 6666
file: 27.124.43.115
hash: 5178
file: 118.107.29.135
hash: 5178
file: 91.219.236.237
hash: 7000
domain: nightkill3r.publicvm.com
domain: zesir-44796.portmap.host
domain: foranother1337.publicvm.com
domain: scamkiller.loseyourip.com
file: 216.9.224.26
hash: 51010
file: 13.53.159.33
hash: 1337
domain: gxmbkcpvv.localto.net
file: 88.124.81.211
hash: 49153
domain: bnli8khzo.localto.net
file: 172.59.191.252
hash: 8080
file: 172.59.191.252
hash: 80
file: 64.188.98.20
hash: 80
url: http://64.188.98.20/api/ytasodasodasytisytasodmsogqsotysnjusodis
url: https://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/input-678-recon-exp/29vfkuc8uq
hash: cf29c561cbd03a16b435995f5cfe90407e6acc53
hash: b93909338a17e640f4fee04b3b995562d29d02de5e9aeab2d7b69ea9a31b5e03
hash: 5fa251ce06de7db855473795ca470093
hash: d2aa8aae69b257cc1be6b0e8f0f5b07c598a5bd7
hash: 158764b66a1c4159156649f8d04aa389fb31b06ad7826e5392422711c132cfd2
hash: ef621dc84fe1feaf83a01519fec30ec3
hash: b7bea364a5e4e9a89d2563095890532e7deacbdd
hash: 317953bd939a2f705495f952b95aa1ba4ee3cd59d19ad53460c3c8b1dec3a0bc
hash: cde0775cac845f31932312622ba906e1
hash: 60b6e102b3327d73e552e924c1969cabb3277dc1
hash: c91a51dc0199e2a010e0cc2d26e8477485f2ec8b79cb45fb3e9a5f47519b6b1e
hash: 5364f71675abf2bd4fde9747d6b3ea5f
hash: c09e8097c687837029aa48419dee5bf3cfb601da
hash: 0eb819388cdb11fd868c5941e41d8bb61923c10aa8114ec797e7c37c6c458ec5
hash: 7eef63a52a32fa3dcb03154de03573a5
hash: 770a9c976421c4621b67d6c2e6e268c1aaed9625
hash: 9342a1d80f5482e905cf7448c904cdf21305432bf86893f7e1ccf297baf13c9c
hash: ec770eb4775c2b8037c2fb15e0b63670
hash: b2ec2eb001918585903d4401dba2432ebc7bd3aa
hash: fc6fb83b3816de43439cff9fa9aeb7aa9091c6407e80ff9d6e50bffc900ef6bc
hash: 642d0b10fd04b51b60662a9a902025c7
hash: 22f9a4f04623d2dd62b3cbe78b4d0db9cc377bb4
hash: 1fb81b5e9302ca9950e4d36a87a1cc777f347f23a3c268a3b27ec5f854273b6d
hash: fdc270157952234186a9f2bdd4a9a956
hash: 78313c13b49a9f52bd56c3e6f44f758a6cdba4c0
hash: df1725526b23e3ddb09667fe5d9a519d704f536e5a7b701029f58b00097dcab2
hash: 46788513abe0249be6e91828315aeb09
hash: 89c2ca910fa965f092cbf30b1ba7a6505fc489f7
hash: 71090a6478f4eb6ac24f138a6401c848245ee9388fdf33abdf0ef29377200b66
hash: 1dd23c68683eeb956d043c338668534c
hash: dccaa5935d14ab1948cef489e2a3f3a7564a25d4
hash: 5d9d38fc6078247e95656f42369af5ffde457b4bab83679e860776ca26378576
hash: bbef5e097987e72a2da600021bb9053b
hash: 99ab4fe1d3adbcc796e24ddba8fb3151b4bebc62
hash: f25b1cd9c5238d2ff6bc478690171d156276685d9bc1f53ca260b9e07d589c20
hash: 97e189c6dd9196fa7a6893190d6d8b93
hash: 14d703a55d2d07a9bfa938cf985ea2976e8a6970
hash: 3b74f2bc2c5f52c9c6d9a4ccec72a5dc9ff7a1676c17483c1b734d91ff06a2f5
hash: a3d346e9dbdc4ca5092746a4c583bfec
hash: 90f721156fd3343f0123517b548e474b257105b9
hash: 080fbc741ab518a53f82dd002c77ed68cdc2bad0377afef8ee1435e2a2803b6c
hash: 5846e2e356dbc36741db509380af6a42
hash: 59d1cd7f5c0db4e198925d9f892f9d09ce6bf6b8
hash: 01d43a963b470c78d91382de1f0b6d76c278f9e70a4e0057b636217fd7f3de87
hash: cd5dbbc7e14897ccd1fad1b4d21a0b9f
hash: 1bcf9d9f1523d3d6854323377b02da9a5234b5a0
hash: 43e0b148810e477e6a4a41040b8425a060f3c197c65c772eb830a77adeef3a69
hash: fa0a034efd475abbb5422d202310193c
hash: 912424f38a516670ad1fb5ea0ad41797030538d0
hash: c18b18b0f0a2927896b858bbaf4fd3781287f4bb493b961dc4dc5b51985e19a5
hash: b49677c0152004f52deb9f603d87d18d
hash: 6f2e6cbc4e2bae38fc8388495778bf31956e1651
hash: c5180f2a0b432dc5fd66aed6d4a8d21062fc6db1419adfba5ac907752ef5133f
hash: 1d28cd3104227d122c5a3cff75052ed2
hash: 905d822f6dd6a5bb9f10ce75563558c107e55d85
hash: de6caea35f51991b3ac5a7e5ef82e81f05323e2ca02ed16a861701efaf96a1c6
hash: d871692ba9b68a8c564b650407919c4d
hash: 6a383b158bce0eaba53e078ef65d1c5aa951903f
hash: eda7a5216e8eba7d8648d7160bf64a09f142cdb24163649693d0347f74a65757
hash: 0d1b251406af24179e5210d168ada9f8
hash: ddf2fd60cbdc8cd74ce8dfae115444626e9fb513
hash: be4f76750d5b734d49678c2df15bd8268259475ced28808ba16c32270a863dc2
hash: 081ee44c6b94f15d7eb6bb783ff283ad
hash: 8241329b15d58720c572b97464fa6d4dd0a2797b
hash: 1806a422212cd1992fa72df78873755c35675b332599f9a7dfd0103711c2d062
hash: 01fe9ec52001743d53b7b82b685b1801
hash: 6b88782888bc1eb27ce39b9d449b6c099e3aa4ae
hash: 9b7023ed9d783bf33aa0178b91f82c2e6e7d69cd5db878845171fde65481bb4b
hash: 4cea87712364bcc12b941d51ca1b3be1
hash: 18f98a57f49930dd84341a1d5babeb10aa5509ea
hash: ea8c94c322bfcb950b6ed1e672819b930feff110eb33ff0bb8d00a8977757e3e
hash: 4eaf0516cbf78a31a9bbe63abf3688df
hash: 7fe25bbdd181699de65ba21de2830c500d90eb1e
hash: b79268daae3fcb3b75bdb26c6dd2d2224626369a32469b22c5f36b8bd0fe9f04
hash: 8a75dc4bd62b64ea987d8dc8b4a46a10
hash: a63ed7b7cff302d25db4dee2bb02d58ec3595ba5
hash: 6a0f4ea2f4ba62e63cc8abac633ccefc97068eb2639eb9cfae6b26cfde7be1bf
hash: fc74c469d8aeffd702c12d9a9d02876f
hash: b2ab7e371836a0ca427a47e3ab956c6a4611f3ae
hash: 799fda3ecc1dd25a3100b87ab8b41678a32ac761ecf75f59167eb77f91e0a3a1
hash: b4336b206409550d78e0029065cdcc75
hash: 478263c69881f40778abe8758241c50b7d4e4946
hash: 16c822c938c5cb6be806a6c6cfc9567d0dd6a16c1de166e2b95c3189a874d7b3
hash: e3fb55091ccb2aea5d448fc9f3f50859
hash: ab429d6eb1bde02163bb18fc21f961656ceddde9
hash: 6e9be805bfd18c93b604e731b0c2b366e246368947b71c695e5b19d0a78913c3
hash: 1158732b09c452dfc91b2715fb0093c7
hash: 850dc4785f2d7f13ac67a7daecc13d26d15dc4e2
hash: 2986b0bd4774daf7ffbfa4f6fd239a3842e98c5774ea14ebf4726a4f8fca2a30
hash: 13aecf3495cd078b778749de67f4b30b
hash: 58397235a4940a395744edf64cd66ac55069e668
hash: a5f0289825409d89743cc64f0b4a67ffa8f5166a5576ed44724e96a54c9e4465
hash: cce695285866b9ce840cbecdff1a8995
hash: d236ec49c02d826328ad64fd36da30a6c1196ecd
hash: fab4ca3ede799d517a068e70df2118b6a62a54710ecc7ab0c90ea4c039604ef1
hash: 85eb41510e60350f6c9d42576964ffd4
hash: 944cb5f1bd3d5094287674ff989cc7b96dccceab
hash: fbc4b5fe44d01965b49265049ba90407f1dceb5c2a7339ab01be1f8339dbe0bb
hash: 987fded6c678044ab8277c04d9555e14
hash: 24cfac5e5c61411984a61f57c36f32c0b7b8355e
hash: f0028efaa06d984d290f6b6f5bda3efc6be6ac3a86d1a171b61bc6d9ec53ebda
hash: f6635370c0a061fac52195483429c315
hash: 55d0eea3cbedb598cfad1a0d12e9132e2157d58a
hash: 0cf835c68e0c403c42b3670e057f0852417b603a03ba328735d3371ccd33b97d
hash: c4653e35b11836efdd273d8661b3ad94
hash: 9808fd6af43c4701a787be7a2af7da674a12ddd8
hash: fbc833ef1bf410be08f2417f2d43861dad03dfa5fbd71725bb5b6182c2a5d84c
hash: 1a92e729703b09b11c39fff4055c3a09
hash: 5619d28bd7f52b0ce734fed93d725b453fe7a4aa
hash: e31d446c7b1f28b034ba1cdf43522c598ab670f8a706a048b4be68bdb2492487
hash: baafddfda8404d2dbfcc8ac31a02af74
hash: e79ec5ba0180607cf5910b2ce43ee60099f6bd42
hash: 91abbc169238db3e8f6f642b65db21d8bab01ca97152f02047305367adab7e8f
hash: 4212832505c40663f887c6197d19c2f8
hash: 3e3f194ee146b5b80096d5585f5f9952a024525b
hash: 18ee62de034b56b4677552f8fbcda0ba114c25c40f161b1cfa4190697c3e2293
hash: 5f90e8bef55bb6c67a0900eb5e3f610e
hash: 4811f317e933d13961b9cc8b38d41d4fae67dcc5
hash: 9db343a12b7b22ba7feca33019a437067f96e03a2695f574a97f446f7dc2883b
hash: 203dd619f92192331f488854ccde6178
hash: 42ef6983422db1622163e8866aac18856405bac8
hash: 172acccc72c8f76ceb8cd40715399a6f5d318be3002c163e58e9843e891bbe7a
hash: 5d6bd66a425dd270e72e63c6d150443c
hash: 12c8be199a17e63cafa011a1b3ad0bd55dbd73bc
hash: 6fbd0154cf0a5604efe36e6c9007890f01fe6fae45593d132f3a0f79b2f0629d
hash: 723063e6026c2fcf86dc61f5a399d329
hash: 35aed0a1ed99a57c637aa75c61a50bab12723ef8
hash: 31b81ea20ff83ca54ec0d7091722edf40cb2066170e1e7208b0cdb30a4a11d3c
hash: cc729b30c34c7e3573b8b71b99fb72b0
hash: 400aaf77497d3e4fc6fc347ac8e8df83367600c5
hash: 7f93c05e8f0a7c6c4e6ee7f82da40e66e9aa2191ad87da82da2b0c478a6dac97
hash: 6c856327dcb9f8c341c601867b1622c5
hash: 14cba04971ad2398c24e3d940744df6ada2eff3f
hash: 5820d023c0c382b11e17661f8e293792ffb86aa2f54da2cb120e93652c0e4639
hash: de9bd25b8185a04ba6ac06b66b168294
hash: 9052e20e412415fc8f4bcee00226ac9c44d49355
hash: 26d6053c28e6d07e8be6f160fab2334b8339f23cafe1b35e524e1add0acee6b4
hash: 0ff8bd1f1ca84b2483307286ab529da9
hash: 321d077348140dd7967ce6d0832bab582dce3990
hash: 57b20a754a8bc0d551bbcf7d94e4767f0bb29c1e3996301d2a92cd9f309d7bfc
hash: 365062334429339b5aa3610d7aa69552
hash: 6e4abc36df8df04ffeef094284cb12482fbb6859
hash: 0aa70a7c57774e6db280a45b4d4b27cb109e6b9d01191e4742644bbeffcc8e14
hash: fd2b4c07f7e3b4a99ad4a459fc5cb728
file: 38.45.126.243
hash: 1527
url: https://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/sim-ws-dlt-xchg/repl-rt-msh
file: 185.196.11.174
hash: 56001
file: 185.196.11.174
hash: 56002
file: 185.196.11.174
hash: 56003
url: http://178.17.59.1/api/ntesn2qsn2usntgsnwisnjasnjisnjcsyyw3osw=
url: http://178.17.59.1/task/ntesn2qsn2usntgsnwisnjasnjisnjcsyyw3osw=
file: 178.17.59.1
hash: 80
file: 144.31.219.15
hash: 80
url: http://185.170.154.101/task/ytasodysodisowqsytesodgsotasotusnjusn2qs
url: http://185.170.154.101/task/ytasodasodasytisytasodmsogqsotysnjusodis
url: http://185.170.154.101/api/ytasodasodasytisytasodmsogqsotysnjusodis
url: http://185.170.154.101/api/ytasodysodisowqsytesodgsotasotusnjusn2qs
file: 185.170.154.101
hash: 80
file: 106.55.154.4
hash: 443
file: 104.223.57.30
hash: 80
file: 45.94.31.119
hash: 8080
file: 124.198.132.190
hash: 8080
file: 20.2.140.201
hash: 8080
file: 192.253.245.199
hash: 7788
file: 169.40.135.96
hash: 8090
file: 13.213.78.225
hash: 3333
file: 151.241.154.109
hash: 62184
file: 151.241.154.12
hash: 62184
file: 185.100.157.186
hash: 62184
file: 185.241.208.150
hash: 62184
file: 31.57.219.210
hash: 62184

Source: ThreatFox MISP Feed

Published: Thu Jan 22 2026

ThreatFox IOCs for 2026-01-22

Medium

Malwaretype:osint tlp:white

Published: Thu Jan 22 2026 (01/22/2026, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2026-01-22

AI-Powered Analysis

AILast updated: 01/23/2026, 00:20:12 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Upgrade to Pro Console

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: 90da69b7-28a3-4f4d-82b3-5afbeb8ec86f
Original Timestamp: 1769126587

Indicators of Compromise

Url

Value	Description	Copy
urlhttps://mail.nmreitgroup.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://mail.wetooktheplunge.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://kastechnologies.net/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://mail.lacasadeltexu.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://mail.mamahdannirwana.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://lafabri-k.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://astrologiahindu.com.br/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://mail.e1staffingandrecruiting.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://jadd.draftus.net/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://interstate.myinvestment.properties/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://www.gdckupwara.edu.in/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://horodniany.pl/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://hitokara-kishin.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://gomygo.kusherp.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://glassiker.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://gia5.ru/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://ftp.agrigentotourist.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://erp.bditconsultancy.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://footballpicksandpredictions.moneymaking-opportunities.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://elex.codeberry.in/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://foxfinancas.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://edgenroots.net/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://dk-decor.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://emba.nu.edu.eg/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://dyag.brobro.ai/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://dveryuga.ru/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://cms.iqwing.live/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://comocerditos.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://bos.webserver5.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://cpcontacts.centrocirugiaplastica.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://calmost-hair.main.jp/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://www.blog-ecommerce.es/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://cavallotech.de.businessecontact.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://augustoilian.cybercol.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://bwpeople-hr40under40-talentworld.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://cammy-freelance.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://arise.spiderwebzdesign.net/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://aksafil.ru/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://99idesign.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://cashazing.dev.prodevr.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://africaexports.click/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://www.antoineruiz.it/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://3iss-online.3iss-online.com.br/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://ddy.alipico.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://kurgan.logomebel.ru/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttp://91.215.85.42:3001/login	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://5.196.243.97:3000/auth	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://captioto.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://krasnoyarsk.logomebel.ru/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttp://144.31.219.15/api/ntesn2qsn2usntgsnwisnjasnjisnjcsyyw3osw=	SmartLoader botnet C2 (confidence level: 75%)
urlhttps://tvelkor.mobilefoundationrepair.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://jth.yago.fun/	Vidar botnet C2 (confidence level: 100%)
urlhttps://213.165.74.206/	Vidar botnet C2 (confidence level: 100%)
urlhttps://77.42.48.195/	Vidar botnet C2 (confidence level: 100%)
urlhttps://194.87.77.26/	Vidar botnet C2 (confidence level: 100%)
urlhttps://178.17.59.196/	Vidar botnet C2 (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/mobility-5tarlit-venue/triangle-0verbook-sh/gamb1t	ClearFake payload delivery URL (confidence level: 100%)
urlhttp://66.175.216.33/forum/viewtopic.php	Pony botnet C2 (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/mobility-5tarlit-venue/triangle-0verbook-sh/s1ash	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/mobility-5tarlit-venue/vigilant-adventure/gran2	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/mobility-5tarlit-venue/vigilant-adventure/repoz	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://trichoi.cyou/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://deeesik.com/5a6n.js	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://deeesik.com/js.php	KongTuke payload delivery URL (confidence level: 100%)
urlhttp://vqrip9nq.beget.tech/authbigloaddefaultflower.php	DCRat botnet C2 (confidence level: 100%)
urlhttps://cki.sodstreams.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://cki.bexca.org/	Vidar botnet C2 (confidence level: 100%)
urlhttps://cki.yago.fun/	Vidar botnet C2 (confidence level: 100%)
urlhttps://d2d.yago.fun/	Vidar botnet C2 (confidence level: 100%)
urlhttps://cki.alipico.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://jth.alipico.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://hrm.alipico.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://stm.alipico.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://d2d.alipico.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/input-678-recon-exp/mp-rt-115	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://flautister.com/handler/session-component.php	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://flautister.com/handler/auth-controller.js	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttp://98.142.251.63/con	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://oilporter.com/con	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://98.142.251.63/currency	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://yarddrq.cyou/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://00491751076163.com/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://198.251.89.149	Stealc botnet C2 (confidence level: 100%)
urlhttp://64.188.98.20/api/ytasodasodasytisytasodmsogqsotysnjusodis	SmartLoader botnet C2 (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/input-678-recon-exp/29vfkuc8uq	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/sim-ws-dlt-xchg/repl-rt-msh	ClearFake payload delivery URL (confidence level: 100%)
urlhttp://178.17.59.1/api/ntesn2qsn2usntgsnwisnjasnjisnjcsyyw3osw=	SmartLoader botnet C2 (confidence level: 100%)
urlhttp://178.17.59.1/task/ntesn2qsn2usntgsnwisnjasnjisnjcsyyw3osw=	SmartLoader botnet C2 (confidence level: 100%)
urlhttp://185.170.154.101/task/ytasodysodisowqsytesodgsotasotusnjusn2qs	SmartLoader botnet C2 (confidence level: 100%)
urlhttp://185.170.154.101/task/ytasodasodasytisytasodmsogqsotysnjusodis	SmartLoader botnet C2 (confidence level: 100%)
urlhttp://185.170.154.101/api/ytasodasodasytisytasodmsogqsotysnjusodis	SmartLoader botnet C2 (confidence level: 100%)
urlhttp://185.170.154.101/api/ytasodysodisowqsytesodgsotasotusnjusn2qs	SmartLoader botnet C2 (confidence level: 100%)

Domain

Value	Description	Copy
domainddy.alipico.com	Vidar botnet C2 domain (confidence level: 100%)
domainblushwb.cyou	Lumma Stealer botnet C2 domain (confidence level: 50%)
domaindiscret.cyou	Lumma Stealer botnet C2 domain (confidence level: 50%)
domaintrichoi.cyou	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainunchewq.cyou	Lumma Stealer botnet C2 domain (confidence level: 50%)
domaineasyrce.eu.org	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainxyt.cpolar.top	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainhomecenter.co.com	Quasar RAT botnet C2 domain (confidence level: 75%)
domainppinacon.za.com	Quasar RAT botnet C2 domain (confidence level: 75%)
domainlacemeup-64707.portmap.host	XWorm botnet C2 domain (confidence level: 100%)
domaini0qens8.uk.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainkkj.uk.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainledlighting.uk.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainliv.it.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainmongodb.uk.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainshj.uk.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainjth.yago.fun	Vidar botnet C2 domain (confidence level: 100%)
domaintvelkor.mobilefoundationrepair.com	Vidar botnet C2 domain (confidence level: 100%)
domainromerolandscape.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainergodown.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainslabiflc.ergodown.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domaineoaqgpmv.frozendoome.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainfndokott.frozendoome.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainpvyritcv.frozendoome.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainwpptrzam.frozendoome.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainwwtvktcg.frozendoome.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainelfrodbloom.world	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainsnwang-yandi.com	ValleyRAT botnet C2 domain (confidence level: 100%)
domainfvnkpgjcw.localto.net	SpyNote botnet C2 domain (confidence level: 100%)
domainenjambwm.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainlacevcnt.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainstripcil.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaindiamondpickaxeforge.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainflyingbbird.abc	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaindeeesik.com	KongTuke payload delivery domain (confidence level: 100%)
domainskullcode.myddns.me	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainevent.harvestcircleinc.com	FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainwww.sethrgloballimited.com	Remcos botnet C2 domain (confidence level: 75%)
domainwww.sethrgloballimitedbackup1.com	Remcos botnet C2 domain (confidence level: 75%)
domainwww.sethrgloballimitedbackup2.com	Remcos botnet C2 domain (confidence level: 75%)
domaincki.sodstreams.com	Vidar botnet C2 domain (confidence level: 100%)
domaincki.bexca.org	Vidar botnet C2 domain (confidence level: 100%)
domaincki.yago.fun	Vidar botnet C2 domain (confidence level: 100%)
domaind2d.yago.fun	Vidar botnet C2 domain (confidence level: 100%)
domaincki.alipico.com	Vidar botnet C2 domain (confidence level: 100%)
domainjth.alipico.com	Vidar botnet C2 domain (confidence level: 100%)
domainhrm.alipico.com	Vidar botnet C2 domain (confidence level: 100%)
domainstm.alipico.com	Vidar botnet C2 domain (confidence level: 100%)
domaind2d.alipico.com	Vidar botnet C2 domain (confidence level: 100%)
domainyqiaekirp7n7fkp3bwx2nfxm6zohhaa3ct5xvdqsxsanxqqwoyltb6id.onion	Nitrogen Ransomware botnet C2 domain (confidence level: 100%)
domain55gqddfwtzfcuxwgoz746tas2djoiai4lbjvc36kq55prehyvedee3qd.onion	Nitrogen Ransomware botnet C2 domain (confidence level: 100%)
domain6lrsxvqscxtznb4fhux5u3vbslbanxjzxzgtokjtfwaitxe4pfgfebad.onion	Nitrogen Ransomware botnet C2 domain (confidence level: 100%)
domain4fklgnaegkdpfgaa3rxr3x4xujq4yi6dcuumxikrquzar2m3meiqxwad.onion	Nitrogen Ransomware botnet C2 domain (confidence level: 100%)
domainzvdlza5tjyl33mbx4k7w7t25ve6e5c3ve3nmfwqlygl6ww6s4lmsu4ad.onion	Nitrogen Ransomware botnet C2 domain (confidence level: 100%)
domain7o4vytbuk42nuucim5idwgsg3zqkocpllqpykmrdk6zvs75ne7iwgmad.onion	Nitrogen Ransomware botnet C2 domain (confidence level: 100%)
domainnxarphaf35qp2uuosaq54m3a2s5kt4svpcv56mvz6r7xy6na7uo5ypyd.onion	Nitrogen Ransomware botnet C2 domain (confidence level: 100%)
domainbxi2cepk57dy3uhgwqd6dri6jtuqe7btay225rn6xkvvgnp2cvjvowqd.onion	Nitrogen Ransomware botnet C2 domain (confidence level: 100%)
domain2idvzxbwvzbxhuniw7kfaimcvtqazmn7nmuw7codg65cshwwsvnpz7id.onion	Nitrogen Ransomware botnet C2 domain (confidence level: 100%)
domainwjwbqeuni4zslbm4cduvo7uwyo653k4gdx2x4irj4zkrwyerksdcxryd.onion	Nitrogen Ransomware botnet C2 domain (confidence level: 100%)
domainwhdoefodpz4jjpwr5imipdntkh6kdbjazhx2zvdhcbmrtuxs6f3iwnid.onion	Nitrogen Ransomware botnet C2 domain (confidence level: 100%)
domain6stzturcvnli6ilm6f6vweiymchi6lboc62u7ive2q7hn5hbbbauvgid.onion	Nitrogen Ransomware botnet C2 domain (confidence level: 100%)
domain6blfnoe24tfpal2kmacphkjmzph3oghjdznsgkf23lmvjqbtgrmedpid.onion	Nitrogen Ransomware botnet C2 domain (confidence level: 100%)
domain5xmd7pwpk4flmz5o2hbyndpkles5klmwbpxbw4jitzjnbhn4wkdktvad.onion	Nitrogen Ransomware botnet C2 domain (confidence level: 100%)
domainvkl3xfkp2vtpdzk7ohock3w2oiwwtvgnwbwvurrqafh5nhw23h43dbid.onion	Nitrogen Ransomware botnet C2 domain (confidence level: 100%)
domainawrfq7pjydfp3hwbsun6ltxrrzths5ztgxj7i7ybx7twjrdvzvxkgwad.onion	Nitrogen Ransomware botnet C2 domain (confidence level: 100%)
domainz4tonbkjybcllsvd45smpkqkk5uaspmlnvmysrkxt37wuudijvp7k2id.onion	Nitrogen Ransomware botnet C2 domain (confidence level: 100%)
domainjzl4bylm4bng2zgmeqw3lx6bcbxzb2hulicxneuosq26sshnitrcvcad.onion	Nitrogen Ransomware botnet C2 domain (confidence level: 100%)
domain2u6njk55okdxvrup5feu3wbhyxvlqla7yuj2oz3xkzz27yzc66vcirqd.onion	Nitrogen Ransomware botnet C2 domain (confidence level: 100%)
domainsqnnhgqr4iiwnkaih6vspyxmebz2vvjv3uybmjdynw6sne5plilunhyd.onion	Nitrogen Ransomware botnet C2 domain (confidence level: 100%)
domain67hvtslok5a4cwjxfmidbgbunsvckypf2dwkpxg3y2sabar5b4jidmyd.onion	Nitrogen Ransomware botnet C2 domain (confidence level: 100%)
domainhzyp7n436ecwo73xvrgnf5wmbjewszwut4h6vz4fu6f2oqd5zfcd7sad.onion	Nitrogen Ransomware botnet C2 domain (confidence level: 100%)
domain6a5ib4udgwlkyl3zzeyenedcb7d33j2vq7egpqykr5457uiskeu6zjad.onion	Nitrogen Ransomware botnet C2 domain (confidence level: 100%)
domainh4x3ic7ojxau5nxb2sr37spsgfkxywrs3gxls3aakqw6jkki7nlzwwqd.onion	Nitrogen Ransomware botnet C2 domain (confidence level: 100%)
domain44yr5rtuool2sewjjmuyhdszvf4jqx5ayr3t2u662lwzayldrjd55bqd.onion	Nitrogen Ransomware botnet C2 domain (confidence level: 100%)
domainglobal-api.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainaw-booking.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainwww-dd.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domaincdn-cf-cms.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domaines-us.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainsdk-fra02.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainapi-cms.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainwww-mx.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainde-li.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainshop-de.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainit-ch.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainwww-ba.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainfr-be.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainglobal.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainwww-bg.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainflix-careers.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domaintwitter.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainwww-ca.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainpulse-cro.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainjs-appboy.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainwww-uk.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainwww-al.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainapp-adj.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainfr-ch.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domaincorporate.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainhoneycomb.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainwww-cat.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainhelp.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainfr-ca.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainhc-icons-hive.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainwww-fb.bomain.ru	Unknown malware botnet C2 domain (confidence level: 100%)
domainflautister.com	SmartApeSG payload delivery domain (confidence level: 100%)
domainfusionjanicepalimpsest.com	HijackLoader botnet C2 domain (confidence level: 100%)
domainmosslotus2020.shop	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainviscosity-vertex.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainasseccmod.ydns.eu	AsyncRAT botnet C2 domain (confidence level: 100%)
domaincommuni.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaingibelohc.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainregreso.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainepicenf.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainyarddrq.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainnightkill3r.publicvm.com	XWorm botnet C2 domain (confidence level: 100%)
domainzesir-44796.portmap.host	XWorm botnet C2 domain (confidence level: 100%)
domainforanother1337.publicvm.com	XWorm botnet C2 domain (confidence level: 100%)
domainscamkiller.loseyourip.com	XWorm botnet C2 domain (confidence level: 100%)
domaingxmbkcpvv.localto.net	AsyncRAT botnet C2 domain (confidence level: 100%)
domainbnli8khzo.localto.net	Nanocore RAT botnet C2 domain (confidence level: 100%)

File

Value	Description	Copy
file91.215.85.42	Unknown malware botnet C2 server (confidence level: 100%)
file5.196.243.97	Unknown malware botnet C2 server (confidence level: 100%)
file193.26.115.189	Remcos botnet C2 server (confidence level: 100%)
file130.12.182.224	Remcos botnet C2 server (confidence level: 100%)
file124.198.131.156	Remcos botnet C2 server (confidence level: 100%)
file176.65.151.217	Remcos botnet C2 server (confidence level: 100%)
file34.64.98.201	pupy botnet C2 server (confidence level: 100%)
file82.153.138.218	Sliver botnet C2 server (confidence level: 100%)
file13.244.65.215	Meterpreter botnet C2 server (confidence level: 100%)
file18.183.226.125	Meterpreter botnet C2 server (confidence level: 100%)
file54.213.220.9	Meterpreter botnet C2 server (confidence level: 100%)
file35.152.239.84	Meterpreter botnet C2 server (confidence level: 100%)
file15.152.41.225	Meterpreter botnet C2 server (confidence level: 100%)
file15.152.41.225	Meterpreter botnet C2 server (confidence level: 100%)
file3.28.46.68	Meterpreter botnet C2 server (confidence level: 100%)
file3.82.48.242	Meterpreter botnet C2 server (confidence level: 100%)
file18.166.210.216	Meterpreter botnet C2 server (confidence level: 100%)
file108.137.2.103	Meterpreter botnet C2 server (confidence level: 100%)
file72.61.148.133	Cobalt Strike botnet C2 server (confidence level: 100%)
file34.30.77.194	Empire Downloader botnet C2 server (confidence level: 100%)
file94.156.152.67	Mirai botnet C2 server (confidence level: 80%)
file37.120.199.54	STRRAT botnet C2 server (confidence level: 100%)
file151.241.154.73	XWorm botnet C2 server (confidence level: 75%)
file45.144.54.79	Mirai botnet C2 server (confidence level: 80%)
file20.189.72.117	Cobalt Strike botnet C2 server (confidence level: 75%)
file45.156.87.170	Remcos botnet C2 server (confidence level: 100%)
file45.74.41.98	Remcos botnet C2 server (confidence level: 100%)
file34.64.98.201	pupy botnet C2 server (confidence level: 100%)
file45.56.68.27	Havoc botnet C2 server (confidence level: 100%)
file36.140.162.173	Havoc botnet C2 server (confidence level: 100%)
file3.67.112.102	Venom RAT botnet C2 server (confidence level: 100%)
file217.216.32.194	DCRat botnet C2 server (confidence level: 100%)
file15.160.114.96	Meterpreter botnet C2 server (confidence level: 100%)
file54.241.116.173	Meterpreter botnet C2 server (confidence level: 100%)
file3.101.111.164	Meterpreter botnet C2 server (confidence level: 100%)
file3.101.111.164	Meterpreter botnet C2 server (confidence level: 100%)
file3.36.54.153	Meterpreter botnet C2 server (confidence level: 100%)
file54.170.93.15	Meterpreter botnet C2 server (confidence level: 100%)
file54.170.93.15	Meterpreter botnet C2 server (confidence level: 100%)
file35.152.239.84	Meterpreter botnet C2 server (confidence level: 100%)
file16.51.68.115	Meterpreter botnet C2 server (confidence level: 100%)
file40.233.25.87	Meterpreter botnet C2 server (confidence level: 100%)
file52.50.166.229	Meterpreter botnet C2 server (confidence level: 100%)
file52.50.166.229	Meterpreter botnet C2 server (confidence level: 100%)
file52.50.166.229	Meterpreter botnet C2 server (confidence level: 100%)
file13.208.214.74	Meterpreter botnet C2 server (confidence level: 100%)
file13.55.40.36	Meterpreter botnet C2 server (confidence level: 100%)
file13.55.40.36	Meterpreter botnet C2 server (confidence level: 100%)
file18.166.210.216	Meterpreter botnet C2 server (confidence level: 100%)
file194.156.79.17	Remcos botnet C2 server (confidence level: 100%)
file103.144.244.252	Cobalt Strike botnet C2 server (confidence level: 100%)
file111.230.9.108	Cobalt Strike botnet C2 server (confidence level: 100%)
file110.41.164.60	Cobalt Strike botnet C2 server (confidence level: 100%)
file185.14.92.67	Mirai botnet C2 server (confidence level: 100%)
file47.83.249.18	Cobalt Strike botnet C2 server (confidence level: 100%)
file39.105.21.181	Cobalt Strike botnet C2 server (confidence level: 100%)
file156.234.254.158	Cobalt Strike botnet C2 server (confidence level: 100%)
file8.217.90.255	Cobalt Strike botnet C2 server (confidence level: 100%)
file27.124.46.83	Cobalt Strike botnet C2 server (confidence level: 100%)
file115.190.151.227	Cobalt Strike botnet C2 server (confidence level: 100%)
file112.124.32.100	Cobalt Strike botnet C2 server (confidence level: 100%)
file212.95.55.172	Remcos botnet C2 server (confidence level: 100%)
file171.239.168.129	Venom RAT botnet C2 server (confidence level: 100%)
file69.167.11.186	DCRat botnet C2 server (confidence level: 100%)
file41.250.131.63	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file167.86.155.90	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file100.26.7.35	Nimplant botnet C2 server (confidence level: 100%)
file103.177.47.226	Meterpreter botnet C2 server (confidence level: 100%)
file52.23.214.10	Meterpreter botnet C2 server (confidence level: 100%)
file18.61.252.37	Meterpreter botnet C2 server (confidence level: 100%)
file18.61.252.37	Meterpreter botnet C2 server (confidence level: 100%)
file18.130.52.11	Meterpreter botnet C2 server (confidence level: 100%)
file51.16.37.227	Meterpreter botnet C2 server (confidence level: 100%)
file196.74.220.85	Meterpreter botnet C2 server (confidence level: 100%)
file40.177.229.194	Meterpreter botnet C2 server (confidence level: 100%)
file3.125.33.240	Meterpreter botnet C2 server (confidence level: 100%)
file103.177.47.221	Meterpreter botnet C2 server (confidence level: 100%)
file3.15.4.251	Meterpreter botnet C2 server (confidence level: 100%)
file3.15.4.251	Meterpreter botnet C2 server (confidence level: 100%)
file3.15.4.251	Meterpreter botnet C2 server (confidence level: 100%)
file15.188.84.193	Meterpreter botnet C2 server (confidence level: 100%)
file54.244.57.14	Meterpreter botnet C2 server (confidence level: 100%)
file91.208.184.240	Empire Downloader botnet C2 server (confidence level: 100%)
file165.227.30.154	Eye Pyramid botnet C2 server (confidence level: 75%)
file3.224.171.174	DeimosC2 botnet C2 server (confidence level: 75%)
file34.197.163.138	DeimosC2 botnet C2 server (confidence level: 75%)
file44.254.160.33	DeimosC2 botnet C2 server (confidence level: 75%)
file45.61.139.127	Havoc botnet C2 server (confidence level: 75%)
file77.42.48.195	Vidar botnet C2 server (confidence level: 100%)
file194.87.77.26	Vidar botnet C2 server (confidence level: 100%)
file178.17.59.196	Vidar botnet C2 server (confidence level: 100%)
file139.129.35.100	Cobalt Strike botnet C2 server (confidence level: 100%)
file43.143.231.218	Cobalt Strike botnet C2 server (confidence level: 100%)
file117.72.13.112	Cobalt Strike botnet C2 server (confidence level: 100%)
file108.160.131.147	Cobalt Strike botnet C2 server (confidence level: 100%)
file34.151.214.214	Unknown malware botnet C2 server (confidence level: 100%)
file47.237.15.197	Havoc botnet C2 server (confidence level: 100%)
file217.216.32.194	DCRat botnet C2 server (confidence level: 100%)
file154.36.173.164	Unknown malware botnet C2 server (confidence level: 100%)
file142.171.48.246	Unknown malware botnet C2 server (confidence level: 100%)
file13.200.130.119	Unknown malware botnet C2 server (confidence level: 100%)
file45.143.131.123	VShell botnet C2 server (confidence level: 100%)
file194.14.217.119	Unknown RAT botnet C2 server (confidence level: 100%)
file176.31.71.168	pupy botnet C2 server (confidence level: 100%)
file104.243.248.63	AsyncRAT botnet C2 server (confidence level: 100%)
file185.163.204.214	SectopRAT botnet C2 server (confidence level: 100%)
file201.139.92.66	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file179.95.199.57	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file18.144.60.171	Meterpreter botnet C2 server (confidence level: 100%)
file88.11.159.197	Meterpreter botnet C2 server (confidence level: 100%)
file43.198.227.159	Meterpreter botnet C2 server (confidence level: 100%)
file43.198.227.159	Meterpreter botnet C2 server (confidence level: 100%)
file3.21.106.208	Meterpreter botnet C2 server (confidence level: 100%)
file15.160.201.186	Meterpreter botnet C2 server (confidence level: 100%)
file15.160.201.186	Meterpreter botnet C2 server (confidence level: 100%)
file15.160.201.186	Meterpreter botnet C2 server (confidence level: 100%)
file35.93.135.13	Meterpreter botnet C2 server (confidence level: 100%)
file35.93.135.13	Meterpreter botnet C2 server (confidence level: 100%)
file15.161.131.57	Meterpreter botnet C2 server (confidence level: 100%)
file3.25.76.119	Meterpreter botnet C2 server (confidence level: 100%)
file13.247.110.79	Meterpreter botnet C2 server (confidence level: 100%)
file13.247.110.79	Meterpreter botnet C2 server (confidence level: 100%)
file15.222.249.45	Meterpreter botnet C2 server (confidence level: 100%)
file35.72.14.173	Meterpreter botnet C2 server (confidence level: 100%)
file35.72.14.173	Meterpreter botnet C2 server (confidence level: 100%)
file45.137.70.87	Mirai botnet C2 server (confidence level: 80%)
file47.76.197.47	ValleyRAT botnet C2 server (confidence level: 100%)
file47.76.197.47	ValleyRAT botnet C2 server (confidence level: 100%)
file104.168.0.140	Remcos botnet C2 server (confidence level: 100%)
file185.208.156.201	AsyncRAT botnet C2 server (confidence level: 100%)
file107.172.31.101	AsyncRAT botnet C2 server (confidence level: 100%)
file95.111.225.15	Havoc botnet C2 server (confidence level: 100%)
file43.205.96.101	Meterpreter botnet C2 server (confidence level: 100%)
file18.170.33.45	Meterpreter botnet C2 server (confidence level: 100%)
file3.91.157.114	Meterpreter botnet C2 server (confidence level: 100%)
file13.49.80.35	Meterpreter botnet C2 server (confidence level: 100%)
file40.177.115.38	Meterpreter botnet C2 server (confidence level: 100%)
file3.145.156.172	Meterpreter botnet C2 server (confidence level: 100%)
file3.10.232.160	Meterpreter botnet C2 server (confidence level: 100%)
file15.237.101.71	Meterpreter botnet C2 server (confidence level: 100%)
file15.237.101.71	Meterpreter botnet C2 server (confidence level: 100%)
file15.237.101.71	Meterpreter botnet C2 server (confidence level: 100%)
file198.251.89.149	Stealc botnet C2 server (confidence level: 100%)
file37.19.221.168	XWorm botnet C2 server (confidence level: 100%)
file154.9.26.201	ValleyRAT botnet C2 server (confidence level: 100%)
file47.76.147.135	ValleyRAT botnet C2 server (confidence level: 100%)
file47.76.147.135	ValleyRAT botnet C2 server (confidence level: 100%)
file26.159.110.92	Orcus RAT botnet C2 server (confidence level: 100%)
file161.189.237.239	DeimosC2 botnet C2 server (confidence level: 75%)
file35.170.217.214	DeimosC2 botnet C2 server (confidence level: 75%)
file31.172.80.212	Orcus RAT botnet C2 server (confidence level: 100%)
file8.210.125.140	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.83.249.18	Cobalt Strike botnet C2 server (confidence level: 100%)
file31.220.97.227	Remcos botnet C2 server (confidence level: 100%)
file158.94.211.18	Remcos botnet C2 server (confidence level: 100%)
file43.159.49.132	Unknown malware botnet C2 server (confidence level: 100%)
file34.151.249.253	Unknown malware botnet C2 server (confidence level: 100%)
file197.134.50.84	Quasar RAT botnet C2 server (confidence level: 100%)
file161.97.67.39	Bashlite botnet C2 server (confidence level: 100%)
file45.244.140.213	Meterpreter botnet C2 server (confidence level: 100%)
file43.205.96.101	Meterpreter botnet C2 server (confidence level: 100%)
file54.221.111.221	Meterpreter botnet C2 server (confidence level: 100%)
file52.15.104.72	Meterpreter botnet C2 server (confidence level: 100%)
file15.168.14.98	Meterpreter botnet C2 server (confidence level: 100%)
file43.199.144.50	Meterpreter botnet C2 server (confidence level: 100%)
file18.170.33.45	Meterpreter botnet C2 server (confidence level: 100%)
file18.170.33.45	Meterpreter botnet C2 server (confidence level: 100%)
file35.152.135.144	Meterpreter botnet C2 server (confidence level: 100%)
file18.162.190.213	Meterpreter botnet C2 server (confidence level: 100%)
file18.162.190.213	Meterpreter botnet C2 server (confidence level: 100%)
file51.20.66.173	Meterpreter botnet C2 server (confidence level: 100%)
file51.112.43.127	Meterpreter botnet C2 server (confidence level: 100%)
file51.34.126.94	Meterpreter botnet C2 server (confidence level: 100%)
file15.223.70.81	Meterpreter botnet C2 server (confidence level: 100%)
file15.223.70.81	Meterpreter botnet C2 server (confidence level: 100%)
file108.136.248.198	Meterpreter botnet C2 server (confidence level: 100%)
file18.144.49.159	Meterpreter botnet C2 server (confidence level: 100%)
file18.144.49.159	Meterpreter botnet C2 server (confidence level: 100%)
file47.92.204.208	Cobalt Strike botnet C2 server (confidence level: 100%)
file204.10.160.190	XWorm botnet C2 server (confidence level: 75%)
file129.226.135.232	ValleyRAT botnet C2 server (confidence level: 100%)
file27.124.43.115	donut_injector botnet C2 server (confidence level: 100%)
file118.107.29.135	donut_injector botnet C2 server (confidence level: 100%)
file91.219.236.237	XWorm botnet C2 server (confidence level: 100%)
file216.9.224.26	Remcos botnet C2 server (confidence level: 100%)
file13.53.159.33	AsyncRAT botnet C2 server (confidence level: 100%)
file88.124.81.211	AsyncRAT botnet C2 server (confidence level: 100%)
file172.59.191.252	Nanocore RAT botnet C2 server (confidence level: 100%)
file172.59.191.252	Nanocore RAT botnet C2 server (confidence level: 100%)
file64.188.98.20	SmartLoader botnet C2 server (confidence level: 100%)
file38.45.126.243	donut_injector botnet C2 server (confidence level: 100%)
file185.196.11.174	AsyncRAT botnet C2 server (confidence level: 100%)
file185.196.11.174	AsyncRAT botnet C2 server (confidence level: 100%)
file185.196.11.174	AsyncRAT botnet C2 server (confidence level: 100%)
file178.17.59.1	SmartLoader botnet C2 server (confidence level: 100%)
file144.31.219.15	SmartLoader botnet C2 server (confidence level: 100%)
file185.170.154.101	SmartLoader botnet C2 server (confidence level: 100%)
file106.55.154.4	Cobalt Strike botnet C2 server (confidence level: 100%)
file104.223.57.30	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.94.31.119	AsyncRAT botnet C2 server (confidence level: 100%)
file124.198.132.190	AsyncRAT botnet C2 server (confidence level: 100%)
file20.2.140.201	Havoc botnet C2 server (confidence level: 100%)
file192.253.245.199	DCRat botnet C2 server (confidence level: 100%)
file169.40.135.96	DCRat botnet C2 server (confidence level: 100%)
file13.213.78.225	Unknown malware botnet C2 server (confidence level: 100%)
file151.241.154.109	XWorm botnet C2 server (confidence level: 75%)
file151.241.154.12	XWorm botnet C2 server (confidence level: 75%)
file185.100.157.186	XWorm botnet C2 server (confidence level: 75%)
file185.241.208.150	XWorm botnet C2 server (confidence level: 75%)
file31.57.219.210	XWorm botnet C2 server (confidence level: 75%)

Hash

Value	Description	Copy
hash3001	Unknown malware botnet C2 server (confidence level: 100%)
hash3000	Unknown malware botnet C2 server (confidence level: 100%)
hash191ee35d59e9a5931693a774419205bd3055408f449328a4d129ea2a4e61c19c	RedLine Stealer payload (confidence level: 50%)
hash5000	Remcos botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash4000	Remcos botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash8443	pupy botnet C2 server (confidence level: 100%)
hash8080	Sliver botnet C2 server (confidence level: 100%)
hash18245	Meterpreter botnet C2 server (confidence level: 100%)
hash119	Meterpreter botnet C2 server (confidence level: 100%)
hash19086	Meterpreter botnet C2 server (confidence level: 100%)
hash25565	Meterpreter botnet C2 server (confidence level: 100%)
hash17049	Meterpreter botnet C2 server (confidence level: 100%)
hash49399	Meterpreter botnet C2 server (confidence level: 100%)
hash26447	Meterpreter botnet C2 server (confidence level: 100%)
hash58569	Meterpreter botnet C2 server (confidence level: 100%)
hash9999	Meterpreter botnet C2 server (confidence level: 100%)
hash47001	Meterpreter botnet C2 server (confidence level: 100%)
hash8888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash1337	Empire Downloader botnet C2 server (confidence level: 100%)
hash1999	Mirai botnet C2 server (confidence level: 80%)
hash4778	STRRAT botnet C2 server (confidence level: 100%)
hash6000	XWorm botnet C2 server (confidence level: 75%)
hash3778	Mirai botnet C2 server (confidence level: 80%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash2405	Remcos botnet C2 server (confidence level: 100%)
hash2405	Remcos botnet C2 server (confidence level: 100%)
hash443	pupy botnet C2 server (confidence level: 100%)
hash8080	Havoc botnet C2 server (confidence level: 100%)
hash8888	Havoc botnet C2 server (confidence level: 100%)
hash15815	Venom RAT botnet C2 server (confidence level: 100%)
hash2083	DCRat botnet C2 server (confidence level: 100%)
hash5985	Meterpreter botnet C2 server (confidence level: 100%)
hash20256	Meterpreter botnet C2 server (confidence level: 100%)
hash790	Meterpreter botnet C2 server (confidence level: 100%)
hash54240	Meterpreter botnet C2 server (confidence level: 100%)
hash37060	Meterpreter botnet C2 server (confidence level: 100%)
hash2761	Meterpreter botnet C2 server (confidence level: 100%)
hash11211	Meterpreter botnet C2 server (confidence level: 100%)
hash37215	Meterpreter botnet C2 server (confidence level: 100%)
hash15443	Meterpreter botnet C2 server (confidence level: 100%)
hash4444	Meterpreter botnet C2 server (confidence level: 100%)
hash43	Meterpreter botnet C2 server (confidence level: 100%)
hash4443	Meterpreter botnet C2 server (confidence level: 100%)
hash10443	Meterpreter botnet C2 server (confidence level: 100%)
hash4840	Meterpreter botnet C2 server (confidence level: 100%)
hash1098	Meterpreter botnet C2 server (confidence level: 100%)
hash20548	Meterpreter botnet C2 server (confidence level: 100%)
hash6699	Meterpreter botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9931	Mirai botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash53481	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash18443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888	Remcos botnet C2 server (confidence level: 100%)
hash5000	Venom RAT botnet C2 server (confidence level: 100%)
hash443	DCRat botnet C2 server (confidence level: 100%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80	Nimplant botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash8888	Meterpreter botnet C2 server (confidence level: 100%)
hash102	Meterpreter botnet C2 server (confidence level: 100%)
hash5902	Meterpreter botnet C2 server (confidence level: 100%)
hash56798	Meterpreter botnet C2 server (confidence level: 100%)
hash7170	Meterpreter botnet C2 server (confidence level: 100%)
hash2222	Meterpreter botnet C2 server (confidence level: 100%)
hash5986	Meterpreter botnet C2 server (confidence level: 100%)
hash1234	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash41795	Meterpreter botnet C2 server (confidence level: 100%)
hash46545	Meterpreter botnet C2 server (confidence level: 100%)
hash50995	Meterpreter botnet C2 server (confidence level: 100%)
hash16992	Meterpreter botnet C2 server (confidence level: 100%)
hash8159	Meterpreter botnet C2 server (confidence level: 100%)
hash8082	Empire Downloader botnet C2 server (confidence level: 100%)
hash443	Eye Pyramid botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	Havoc botnet C2 server (confidence level: 75%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8088	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash80	DCRat botnet C2 server (confidence level: 100%)
hash60000	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash4444	Unknown malware botnet C2 server (confidence level: 100%)
hash65530	VShell botnet C2 server (confidence level: 100%)
hash80	Unknown RAT botnet C2 server (confidence level: 100%)
hash443	pupy botnet C2 server (confidence level: 100%)
hash81	AsyncRAT botnet C2 server (confidence level: 100%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash4443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash9990	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash7481	Meterpreter botnet C2 server (confidence level: 100%)
hash4444	Meterpreter botnet C2 server (confidence level: 100%)
hash2181	Meterpreter botnet C2 server (confidence level: 100%)
hash39031	Meterpreter botnet C2 server (confidence level: 100%)
hash11262	Meterpreter botnet C2 server (confidence level: 100%)
hash4058	Meterpreter botnet C2 server (confidence level: 100%)
hash10258	Meterpreter botnet C2 server (confidence level: 100%)
hash24108	Meterpreter botnet C2 server (confidence level: 100%)
hash3299	Meterpreter botnet C2 server (confidence level: 100%)
hash999	Meterpreter botnet C2 server (confidence level: 100%)
hash8808	Meterpreter botnet C2 server (confidence level: 100%)
hash20548	Meterpreter botnet C2 server (confidence level: 100%)
hash4242	Meterpreter botnet C2 server (confidence level: 100%)
hash9042	Meterpreter botnet C2 server (confidence level: 100%)
hash4891	Meterpreter botnet C2 server (confidence level: 100%)
hash51228	Meterpreter botnet C2 server (confidence level: 100%)
hash20728	Meterpreter botnet C2 server (confidence level: 100%)
hash3778	Mirai botnet C2 server (confidence level: 80%)
hash8443	ValleyRAT botnet C2 server (confidence level: 100%)
hash443	ValleyRAT botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hashf32c61ebde695d06cd1764c58f209d60	Nitrogen Ransomware payload (confidence level: 100%)
hashd5aa41e1c40dd5fea93db920292829ba	Nitrogen Ransomware payload (confidence level: 100%)
hashe2117bc07b94af5db09d1e8139b9774a	Nitrogen Ransomware payload (confidence level: 100%)
hasha90c3969bcd05e191205da92fd43c88f	Nitrogen Ransomware payload (confidence level: 100%)
hash67bc6e3b82515dffeb04328c7f8a1322	Nitrogen Ransomware payload (confidence level: 100%)
hash97c636d3ec31cd21e118284c4c92e5bb	Nitrogen Ransomware payload (confidence level: 100%)
hashad61b949f2c3d8a8936305da847f2ab6	Nitrogen Ransomware payload (confidence level: 100%)
hash150a0d59b5c6e86985b3315e1aaa103e	Nitrogen Ransomware payload (confidence level: 100%)
hash1b637a43abca552acaee11c01913db18	Nitrogen Ransomware payload (confidence level: 100%)
hash3139c8e0d0dd9683ebfecdb2e4f1b6bb	Nitrogen Ransomware payload (confidence level: 100%)
hasha9297a8acbee74ba0169333ee38be2ef	Nitrogen Ransomware payload (confidence level: 100%)
hash9999	AsyncRAT botnet C2 server (confidence level: 100%)
hash7707	AsyncRAT botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash38644	Meterpreter botnet C2 server (confidence level: 100%)
hash8443	Meterpreter botnet C2 server (confidence level: 100%)
hash830	Meterpreter botnet C2 server (confidence level: 100%)
hash56878	Meterpreter botnet C2 server (confidence level: 100%)
hash49409	Meterpreter botnet C2 server (confidence level: 100%)
hash2923	Meterpreter botnet C2 server (confidence level: 100%)
hash1913	Meterpreter botnet C2 server (confidence level: 100%)
hash10000	Meterpreter botnet C2 server (confidence level: 100%)
hash20000	Meterpreter botnet C2 server (confidence level: 100%)
hash23750	Meterpreter botnet C2 server (confidence level: 100%)
hash352ae8c2dff6e401fb14f86d702a06fa	DragonForce payload (confidence level: 100%)
hash0014e18b7e72bbabd17a8e39c9448563	DragonForce payload (confidence level: 100%)
hash96110d9369bdc35ddc1ed8844a0b076f	DragonForce payload (confidence level: 100%)
hasha0524bf02968db6eae5081b9ab92af31	DragonForce payload (confidence level: 100%)
hashe1d4fef47f5b8057d275fcd67b37b139	Unknown malware payload (confidence level: 100%)
hash87c2fe364be5c08c86e4d08aa53ecdbc	Unknown malware payload (confidence level: 100%)
hashd90666b71ae82f8ad4a7d921324c2d54	Unknown malware payload (confidence level: 100%)
hash80	Stealc botnet C2 server (confidence level: 100%)
hash15312	XWorm botnet C2 server (confidence level: 100%)
hash8084	ValleyRAT botnet C2 server (confidence level: 100%)
hash2233	ValleyRAT botnet C2 server (confidence level: 100%)
hash80	ValleyRAT botnet C2 server (confidence level: 100%)
hash10134	Orcus RAT botnet C2 server (confidence level: 100%)
hash8443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash80	Orcus RAT botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8089	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash5902	Remcos botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Quasar RAT botnet C2 server (confidence level: 100%)
hash1337	Bashlite botnet C2 server (confidence level: 100%)
hash4444	Meterpreter botnet C2 server (confidence level: 100%)
hash18244	Meterpreter botnet C2 server (confidence level: 100%)
hash2448	Meterpreter botnet C2 server (confidence level: 100%)
hash8084	Meterpreter botnet C2 server (confidence level: 100%)
hash43	Meterpreter botnet C2 server (confidence level: 100%)
hash5902	Meterpreter botnet C2 server (confidence level: 100%)
hash6443	Meterpreter botnet C2 server (confidence level: 100%)
hash15443	Meterpreter botnet C2 server (confidence level: 100%)
hash18591	Meterpreter botnet C2 server (confidence level: 100%)
hash3299	Meterpreter botnet C2 server (confidence level: 100%)
hash9999	Meterpreter botnet C2 server (confidence level: 100%)
hash5902	Meterpreter botnet C2 server (confidence level: 100%)
hash9201	Meterpreter botnet C2 server (confidence level: 100%)
hash3390	Meterpreter botnet C2 server (confidence level: 100%)
hash102	Meterpreter botnet C2 server (confidence level: 100%)
hash6002	Meterpreter botnet C2 server (confidence level: 100%)
hash43516	Meterpreter botnet C2 server (confidence level: 100%)
hash5222	Meterpreter botnet C2 server (confidence level: 100%)
hash22822	Meterpreter botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash7003	XWorm botnet C2 server (confidence level: 75%)
hash6666	ValleyRAT botnet C2 server (confidence level: 100%)
hash5178	donut_injector botnet C2 server (confidence level: 100%)
hash5178	donut_injector botnet C2 server (confidence level: 100%)
hash7000	XWorm botnet C2 server (confidence level: 100%)
hash51010	Remcos botnet C2 server (confidence level: 100%)
hash1337	AsyncRAT botnet C2 server (confidence level: 100%)
hash49153	AsyncRAT botnet C2 server (confidence level: 100%)
hash8080	Nanocore RAT botnet C2 server (confidence level: 100%)
hash80	Nanocore RAT botnet C2 server (confidence level: 100%)
hash80	SmartLoader botnet C2 server (confidence level: 100%)
hashcf29c561cbd03a16b435995f5cfe90407e6acc53	poscardstealer payload (confidence level: 95%)
hashb93909338a17e640f4fee04b3b995562d29d02de5e9aeab2d7b69ea9a31b5e03	poscardstealer payload (confidence level: 95%)
hash5fa251ce06de7db855473795ca470093	poscardstealer payload (confidence level: 95%)
hashd2aa8aae69b257cc1be6b0e8f0f5b07c598a5bd7	SalatStealer payload (confidence level: 95%)
hash158764b66a1c4159156649f8d04aa389fb31b06ad7826e5392422711c132cfd2	SalatStealer payload (confidence level: 95%)
hashef621dc84fe1feaf83a01519fec30ec3	SalatStealer payload (confidence level: 95%)
hashb7bea364a5e4e9a89d2563095890532e7deacbdd	Masad Stealer payload (confidence level: 95%)
hash317953bd939a2f705495f952b95aa1ba4ee3cd59d19ad53460c3c8b1dec3a0bc	Masad Stealer payload (confidence level: 95%)
hashcde0775cac845f31932312622ba906e1	Masad Stealer payload (confidence level: 95%)
hash60b6e102b3327d73e552e924c1969cabb3277dc1	DeltaStealer payload (confidence level: 95%)
hashc91a51dc0199e2a010e0cc2d26e8477485f2ec8b79cb45fb3e9a5f47519b6b1e	DeltaStealer payload (confidence level: 95%)
hash5364f71675abf2bd4fde9747d6b3ea5f	DeltaStealer payload (confidence level: 95%)
hashc09e8097c687837029aa48419dee5bf3cfb601da	poscardstealer payload (confidence level: 95%)
hash0eb819388cdb11fd868c5941e41d8bb61923c10aa8114ec797e7c37c6c458ec5	poscardstealer payload (confidence level: 95%)
hash7eef63a52a32fa3dcb03154de03573a5	poscardstealer payload (confidence level: 95%)
hash770a9c976421c4621b67d6c2e6e268c1aaed9625	Masad Stealer payload (confidence level: 95%)
hash9342a1d80f5482e905cf7448c904cdf21305432bf86893f7e1ccf297baf13c9c	Masad Stealer payload (confidence level: 95%)
hashec770eb4775c2b8037c2fb15e0b63670	Masad Stealer payload (confidence level: 95%)
hashb2ec2eb001918585903d4401dba2432ebc7bd3aa	Vidar payload (confidence level: 95%)
hashfc6fb83b3816de43439cff9fa9aeb7aa9091c6407e80ff9d6e50bffc900ef6bc	Vidar payload (confidence level: 95%)
hash642d0b10fd04b51b60662a9a902025c7	Vidar payload (confidence level: 95%)
hash22f9a4f04623d2dd62b3cbe78b4d0db9cc377bb4	poscardstealer payload (confidence level: 95%)
hash1fb81b5e9302ca9950e4d36a87a1cc777f347f23a3c268a3b27ec5f854273b6d	poscardstealer payload (confidence level: 95%)
hashfdc270157952234186a9f2bdd4a9a956	poscardstealer payload (confidence level: 95%)
hash78313c13b49a9f52bd56c3e6f44f758a6cdba4c0	Coinminer payload (confidence level: 95%)
hashdf1725526b23e3ddb09667fe5d9a519d704f536e5a7b701029f58b00097dcab2	Coinminer payload (confidence level: 95%)
hash46788513abe0249be6e91828315aeb09	Coinminer payload (confidence level: 95%)
hash89c2ca910fa965f092cbf30b1ba7a6505fc489f7	SwaetRAT payload (confidence level: 95%)
hash71090a6478f4eb6ac24f138a6401c848245ee9388fdf33abdf0ef29377200b66	SwaetRAT payload (confidence level: 95%)
hash1dd23c68683eeb956d043c338668534c	SwaetRAT payload (confidence level: 95%)
hashdccaa5935d14ab1948cef489e2a3f3a7564a25d4	Vidar payload (confidence level: 95%)
hash5d9d38fc6078247e95656f42369af5ffde457b4bab83679e860776ca26378576	Vidar payload (confidence level: 95%)
hashbbef5e097987e72a2da600021bb9053b	Vidar payload (confidence level: 95%)
hash99ab4fe1d3adbcc796e24ddba8fb3151b4bebc62	Arkei Stealer payload (confidence level: 95%)
hashf25b1cd9c5238d2ff6bc478690171d156276685d9bc1f53ca260b9e07d589c20	Arkei Stealer payload (confidence level: 95%)
hash97e189c6dd9196fa7a6893190d6d8b93	Arkei Stealer payload (confidence level: 95%)
hash14d703a55d2d07a9bfa938cf985ea2976e8a6970	Formbook payload (confidence level: 95%)
hash3b74f2bc2c5f52c9c6d9a4ccec72a5dc9ff7a1676c17483c1b734d91ff06a2f5	Formbook payload (confidence level: 95%)
hasha3d346e9dbdc4ca5092746a4c583bfec	Formbook payload (confidence level: 95%)
hash90f721156fd3343f0123517b548e474b257105b9	Bolek payload (confidence level: 95%)
hash080fbc741ab518a53f82dd002c77ed68cdc2bad0377afef8ee1435e2a2803b6c	Bolek payload (confidence level: 95%)
hash5846e2e356dbc36741db509380af6a42	Bolek payload (confidence level: 95%)
hash59d1cd7f5c0db4e198925d9f892f9d09ce6bf6b8	Bolek payload (confidence level: 95%)
hash01d43a963b470c78d91382de1f0b6d76c278f9e70a4e0057b636217fd7f3de87	Bolek payload (confidence level: 95%)
hashcd5dbbc7e14897ccd1fad1b4d21a0b9f	Bolek payload (confidence level: 95%)
hash1bcf9d9f1523d3d6854323377b02da9a5234b5a0	Bolek payload (confidence level: 95%)
hash43e0b148810e477e6a4a41040b8425a060f3c197c65c772eb830a77adeef3a69	Bolek payload (confidence level: 95%)
hashfa0a034efd475abbb5422d202310193c	Bolek payload (confidence level: 95%)
hash912424f38a516670ad1fb5ea0ad41797030538d0	QuantLoader payload (confidence level: 95%)
hashc18b18b0f0a2927896b858bbaf4fd3781287f4bb493b961dc4dc5b51985e19a5	QuantLoader payload (confidence level: 95%)
hashb49677c0152004f52deb9f603d87d18d	QuantLoader payload (confidence level: 95%)
hash6f2e6cbc4e2bae38fc8388495778bf31956e1651	QuantLoader payload (confidence level: 95%)
hashc5180f2a0b432dc5fd66aed6d4a8d21062fc6db1419adfba5ac907752ef5133f	QuantLoader payload (confidence level: 95%)
hash1d28cd3104227d122c5a3cff75052ed2	QuantLoader payload (confidence level: 95%)
hash905d822f6dd6a5bb9f10ce75563558c107e55d85	Coinminer payload (confidence level: 95%)
hashde6caea35f51991b3ac5a7e5ef82e81f05323e2ca02ed16a861701efaf96a1c6	Coinminer payload (confidence level: 95%)
hashd871692ba9b68a8c564b650407919c4d	Coinminer payload (confidence level: 95%)
hash6a383b158bce0eaba53e078ef65d1c5aa951903f	DarkVision RAT payload (confidence level: 95%)
hasheda7a5216e8eba7d8648d7160bf64a09f142cdb24163649693d0347f74a65757	DarkVision RAT payload (confidence level: 95%)
hash0d1b251406af24179e5210d168ada9f8	DarkVision RAT payload (confidence level: 95%)
hashddf2fd60cbdc8cd74ce8dfae115444626e9fb513	DCRat payload (confidence level: 95%)
hashbe4f76750d5b734d49678c2df15bd8268259475ced28808ba16c32270a863dc2	DCRat payload (confidence level: 95%)
hash081ee44c6b94f15d7eb6bb783ff283ad	DCRat payload (confidence level: 95%)
hash8241329b15d58720c572b97464fa6d4dd0a2797b	Remcos payload (confidence level: 95%)
hash1806a422212cd1992fa72df78873755c35675b332599f9a7dfd0103711c2d062	Remcos payload (confidence level: 95%)
hash01fe9ec52001743d53b7b82b685b1801	Remcos payload (confidence level: 95%)
hash6b88782888bc1eb27ce39b9d449b6c099e3aa4ae	DarkVision RAT payload (confidence level: 95%)
hash9b7023ed9d783bf33aa0178b91f82c2e6e7d69cd5db878845171fde65481bb4b	DarkVision RAT payload (confidence level: 95%)
hash4cea87712364bcc12b941d51ca1b3be1	DarkVision RAT payload (confidence level: 95%)
hash18f98a57f49930dd84341a1d5babeb10aa5509ea	troystealer payload (confidence level: 95%)
hashea8c94c322bfcb950b6ed1e672819b930feff110eb33ff0bb8d00a8977757e3e	troystealer payload (confidence level: 95%)
hash4eaf0516cbf78a31a9bbe63abf3688df	troystealer payload (confidence level: 95%)
hash7fe25bbdd181699de65ba21de2830c500d90eb1e	Formbook payload (confidence level: 95%)
hashb79268daae3fcb3b75bdb26c6dd2d2224626369a32469b22c5f36b8bd0fe9f04	Formbook payload (confidence level: 95%)
hash8a75dc4bd62b64ea987d8dc8b4a46a10	Formbook payload (confidence level: 95%)
hasha63ed7b7cff302d25db4dee2bb02d58ec3595ba5	Formbook payload (confidence level: 95%)
hash6a0f4ea2f4ba62e63cc8abac633ccefc97068eb2639eb9cfae6b26cfde7be1bf	Formbook payload (confidence level: 95%)
hashfc74c469d8aeffd702c12d9a9d02876f	Formbook payload (confidence level: 95%)
hashb2ab7e371836a0ca427a47e3ab956c6a4611f3ae	KrakenKeylogger payload (confidence level: 95%)
hash799fda3ecc1dd25a3100b87ab8b41678a32ac761ecf75f59167eb77f91e0a3a1	KrakenKeylogger payload (confidence level: 95%)
hashb4336b206409550d78e0029065cdcc75	KrakenKeylogger payload (confidence level: 95%)
hash478263c69881f40778abe8758241c50b7d4e4946	PeddleCheap payload (confidence level: 95%)
hash16c822c938c5cb6be806a6c6cfc9567d0dd6a16c1de166e2b95c3189a874d7b3	PeddleCheap payload (confidence level: 95%)
hashe3fb55091ccb2aea5d448fc9f3f50859	PeddleCheap payload (confidence level: 95%)
hashab429d6eb1bde02163bb18fc21f961656ceddde9	Attor payload (confidence level: 95%)
hash6e9be805bfd18c93b604e731b0c2b366e246368947b71c695e5b19d0a78913c3	Attor payload (confidence level: 95%)
hash1158732b09c452dfc91b2715fb0093c7	Attor payload (confidence level: 95%)
hash850dc4785f2d7f13ac67a7daecc13d26d15dc4e2	Expiro payload (confidence level: 95%)
hash2986b0bd4774daf7ffbfa4f6fd239a3842e98c5774ea14ebf4726a4f8fca2a30	Expiro payload (confidence level: 95%)
hash13aecf3495cd078b778749de67f4b30b	Expiro payload (confidence level: 95%)
hash58397235a4940a395744edf64cd66ac55069e668	KrakenKeylogger payload (confidence level: 95%)
hasha5f0289825409d89743cc64f0b4a67ffa8f5166a5576ed44724e96a54c9e4465	KrakenKeylogger payload (confidence level: 95%)
hashcce695285866b9ce840cbecdff1a8995	KrakenKeylogger payload (confidence level: 95%)
hashd236ec49c02d826328ad64fd36da30a6c1196ecd	RedEnergy Stealer payload (confidence level: 95%)
hashfab4ca3ede799d517a068e70df2118b6a62a54710ecc7ab0c90ea4c039604ef1	RedEnergy Stealer payload (confidence level: 95%)
hash85eb41510e60350f6c9d42576964ffd4	RedEnergy Stealer payload (confidence level: 95%)
hash944cb5f1bd3d5094287674ff989cc7b96dccceab	Stealc payload (confidence level: 95%)
hashfbc4b5fe44d01965b49265049ba90407f1dceb5c2a7339ab01be1f8339dbe0bb	Stealc payload (confidence level: 95%)
hash987fded6c678044ab8277c04d9555e14	Stealc payload (confidence level: 95%)
hash24cfac5e5c61411984a61f57c36f32c0b7b8355e	HijackLoader payload (confidence level: 95%)
hashf0028efaa06d984d290f6b6f5bda3efc6be6ac3a86d1a171b61bc6d9ec53ebda	HijackLoader payload (confidence level: 95%)
hashf6635370c0a061fac52195483429c315	HijackLoader payload (confidence level: 95%)
hash55d0eea3cbedb598cfad1a0d12e9132e2157d58a	Masad Stealer payload (confidence level: 95%)
hash0cf835c68e0c403c42b3670e057f0852417b603a03ba328735d3371ccd33b97d	Masad Stealer payload (confidence level: 95%)
hashc4653e35b11836efdd273d8661b3ad94	Masad Stealer payload (confidence level: 95%)
hash9808fd6af43c4701a787be7a2af7da674a12ddd8	Socks5 Systemz payload (confidence level: 95%)
hashfbc833ef1bf410be08f2417f2d43861dad03dfa5fbd71725bb5b6182c2a5d84c	Socks5 Systemz payload (confidence level: 95%)
hash1a92e729703b09b11c39fff4055c3a09	Socks5 Systemz payload (confidence level: 95%)
hash5619d28bd7f52b0ce734fed93d725b453fe7a4aa	QuantLoader payload (confidence level: 95%)
hashe31d446c7b1f28b034ba1cdf43522c598ab670f8a706a048b4be68bdb2492487	QuantLoader payload (confidence level: 95%)
hashbaafddfda8404d2dbfcc8ac31a02af74	QuantLoader payload (confidence level: 95%)
hashe79ec5ba0180607cf5910b2ce43ee60099f6bd42	Vidar payload (confidence level: 95%)
hash91abbc169238db3e8f6f642b65db21d8bab01ca97152f02047305367adab7e8f	Vidar payload (confidence level: 95%)
hash4212832505c40663f887c6197d19c2f8	Vidar payload (confidence level: 95%)
hash3e3f194ee146b5b80096d5585f5f9952a024525b	GUIDLOADER payload (confidence level: 95%)
hash18ee62de034b56b4677552f8fbcda0ba114c25c40f161b1cfa4190697c3e2293	GUIDLOADER payload (confidence level: 95%)
hash5f90e8bef55bb6c67a0900eb5e3f610e	GUIDLOADER payload (confidence level: 95%)
hash4811f317e933d13961b9cc8b38d41d4fae67dcc5	Pony payload (confidence level: 95%)
hash9db343a12b7b22ba7feca33019a437067f96e03a2695f574a97f446f7dc2883b	Pony payload (confidence level: 95%)
hash203dd619f92192331f488854ccde6178	Pony payload (confidence level: 95%)
hash42ef6983422db1622163e8866aac18856405bac8	MASS Logger payload (confidence level: 95%)
hash172acccc72c8f76ceb8cd40715399a6f5d318be3002c163e58e9843e891bbe7a	MASS Logger payload (confidence level: 95%)
hash5d6bd66a425dd270e72e63c6d150443c	MASS Logger payload (confidence level: 95%)
hash12c8be199a17e63cafa011a1b3ad0bd55dbd73bc	troystealer payload (confidence level: 95%)
hash6fbd0154cf0a5604efe36e6c9007890f01fe6fae45593d132f3a0f79b2f0629d	troystealer payload (confidence level: 95%)
hash723063e6026c2fcf86dc61f5a399d329	troystealer payload (confidence level: 95%)
hash35aed0a1ed99a57c637aa75c61a50bab12723ef8	RedLine Stealer payload (confidence level: 95%)
hash31b81ea20ff83ca54ec0d7091722edf40cb2066170e1e7208b0cdb30a4a11d3c	RedLine Stealer payload (confidence level: 95%)
hashcc729b30c34c7e3573b8b71b99fb72b0	RedLine Stealer payload (confidence level: 95%)
hash400aaf77497d3e4fc6fc347ac8e8df83367600c5	RedLine Stealer payload (confidence level: 95%)
hash7f93c05e8f0a7c6c4e6ee7f82da40e66e9aa2191ad87da82da2b0c478a6dac97	RedLine Stealer payload (confidence level: 95%)
hash6c856327dcb9f8c341c601867b1622c5	RedLine Stealer payload (confidence level: 95%)
hash14cba04971ad2398c24e3d940744df6ada2eff3f	Stealc payload (confidence level: 95%)
hash5820d023c0c382b11e17661f8e293792ffb86aa2f54da2cb120e93652c0e4639	Stealc payload (confidence level: 95%)
hashde9bd25b8185a04ba6ac06b66b168294	Stealc payload (confidence level: 95%)
hash9052e20e412415fc8f4bcee00226ac9c44d49355	Formbook payload (confidence level: 95%)
hash26d6053c28e6d07e8be6f160fab2334b8339f23cafe1b35e524e1add0acee6b4	Formbook payload (confidence level: 95%)
hash0ff8bd1f1ca84b2483307286ab529da9	Formbook payload (confidence level: 95%)
hash321d077348140dd7967ce6d0832bab582dce3990	AsyncRAT payload (confidence level: 95%)
hash57b20a754a8bc0d551bbcf7d94e4767f0bb29c1e3996301d2a92cd9f309d7bfc	AsyncRAT payload (confidence level: 95%)
hash365062334429339b5aa3610d7aa69552	AsyncRAT payload (confidence level: 95%)
hash6e4abc36df8df04ffeef094284cb12482fbb6859	Agent Tesla payload (confidence level: 95%)
hash0aa70a7c57774e6db280a45b4d4b27cb109e6b9d01191e4742644bbeffcc8e14	Agent Tesla payload (confidence level: 95%)
hashfd2b4c07f7e3b4a99ad4a459fc5cb728	Agent Tesla payload (confidence level: 95%)
hash1527	donut_injector botnet C2 server (confidence level: 100%)
hash56001	AsyncRAT botnet C2 server (confidence level: 100%)
hash56002	AsyncRAT botnet C2 server (confidence level: 100%)
hash56003	AsyncRAT botnet C2 server (confidence level: 100%)
hash80	SmartLoader botnet C2 server (confidence level: 100%)
hash80	SmartLoader botnet C2 server (confidence level: 100%)
hash80	SmartLoader botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	AsyncRAT botnet C2 server (confidence level: 100%)
hash8080	AsyncRAT botnet C2 server (confidence level: 100%)
hash8080	Havoc botnet C2 server (confidence level: 100%)
hash7788	DCRat botnet C2 server (confidence level: 100%)
hash8090	DCRat botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash62184	XWorm botnet C2 server (confidence level: 75%)
hash62184	XWorm botnet C2 server (confidence level: 75%)
hash62184	XWorm botnet C2 server (confidence level: 75%)
hash62184	XWorm botnet C2 server (confidence level: 75%)
hash62184	XWorm botnet C2 server (confidence level: 75%)

Threat ID: 6972beb24623b1157c9a7c1a

Added to database: 1/23/2026, 12:20:02 AM

Last enriched: 1/23/2026, 12:20:12 AM

Last updated: 2/7/2026, 3:14:36 PM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

Medium

MalwareSat Feb 07 2026

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

ThreatFox IOCs for 2026-01-22

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2026-01-22

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Url

Domain

File

Hash

Community Reviews

Related Threats

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

ThreatFox IOCs for 2026-02-06

ThreatFox IOCs for 2026-02-05

Technical Analysis of Marco Stealer

New Clickfix variant 'CrashFix' deploying Python Remote Access Trojan

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility