ThreatFox IOCs for 2026-02-02
ThreatFox IOCs for 2026-02-02
AI Analysis
Technical Summary
This threat entry from the ThreatFox MISP feed dated 2026-02-02 provides a collection of Indicators of Compromise (IOCs) linked to malware activities primarily involving OSINT (Open Source Intelligence), network activity, and payload delivery mechanisms. The data does not specify affected software versions or products, indicating that it may represent a broad or emerging threat rather than a targeted vulnerability in a specific product. The absence of known exploits in the wild and lack of patches suggests that this threat is either newly identified or related to reconnaissance and preparatory stages of an attack rather than active exploitation. The threat level is rated as medium, with a threatLevel metric of 2 and distribution metric of 3, implying moderate dissemination and potential impact. The technical details are sparse, with no CWEs or detailed attack vectors provided. The threat is tagged with TLP:white, indicating it is intended for wide sharing and awareness. The focus on OSINT and network activity suggests attackers may be leveraging publicly available information and network-based payload delivery to compromise targets or gather intelligence. The lack of specific indicators in the provided data limits detailed technical analysis but highlights the importance of monitoring network traffic and integrating threat intelligence feeds to detect related activity. Overall, this threat represents a moderate risk primarily associated with reconnaissance and potential payload delivery, requiring vigilance but not indicating an immediate critical vulnerability or exploit.
Potential Impact
For European organizations, the impact of this threat is primarily related to increased exposure to network-based reconnaissance and potential payload delivery attempts. While no direct exploits or vulnerabilities are identified, the presence of OSINT-related malware activity suggests adversaries may be gathering intelligence to facilitate future attacks or deliver malicious payloads over networks. This could lead to unauthorized access, data exfiltration, or disruption if payloads are successfully delivered and executed. The medium severity indicates a moderate risk level, meaning organizations could experience operational impacts if defenses are insufficient. Sectors with high reliance on network infrastructure, such as finance, telecommunications, and government, may face greater risks. The lack of patches or specific mitigations means organizations must rely on proactive detection and response capabilities. Failure to detect such network activity could allow attackers to establish footholds or conduct further reconnaissance, increasing the likelihood of subsequent, more damaging attacks. Therefore, the threat underscores the need for continuous monitoring and threat intelligence integration to mitigate potential impacts.
Mitigation Recommendations
European organizations should implement enhanced network monitoring to detect unusual or suspicious traffic patterns indicative of OSINT-related reconnaissance or payload delivery attempts. Integration of ThreatFox and other reputable threat intelligence feeds into Security Information and Event Management (SIEM) systems can improve detection of known IOCs. Employ network segmentation to limit lateral movement in case of successful payload delivery. Conduct regular threat hunting exercises focused on network activity and payload delivery vectors. Update incident response plans to include scenarios involving OSINT-driven reconnaissance and network-based malware. Educate security teams on the importance of analyzing OSINT-derived threats and correlating them with network telemetry. Deploy endpoint detection and response (EDR) solutions capable of identifying payload execution behaviors. Since no patches are available, prioritize preventive controls such as network access controls, strict firewall rules, and anomaly detection. Collaborate with national and European cybersecurity centers for timely sharing of threat intelligence and coordinated response. Finally, maintain up-to-date asset inventories to quickly identify and isolate affected systems if indicators are detected.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain
Indicators of Compromise
- file: 196.251.107.130
- hash: 80
- file: 138.226.237.35
- hash: 80
- file: 157.250.207.98
- hash: 1999
- file: 156.226.21.115
- hash: 8000
- file: 216.126.224.83
- hash: 8808
- file: 155.138.211.85
- hash: 7443
- file: 64.7.199.35
- hash: 4321
- file: 16.50.158.8
- hash: 1912
- file: 16.50.158.8
- hash: 11112
- file: 185.209.161.130
- hash: 9506
- file: 193.161.193.99
- hash: 51272
- url: https://cdn.jsdelivr.net/gh/relight-73-unsigned/coolray/eee12
- file: 160.124.104.172
- hash: 11703
- file: 120.27.211.70
- hash: 18443
- file: 194.71.107.243
- hash: 443
- file: 23.27.175.17
- hash: 31202
- file: 196.251.107.131
- hash: 8080
- file: 18.217.34.53
- hash: 443
- file: 3.15.2.57
- hash: 4545
- file: 86.174.162.51
- hash: 1772
- domain: unknownrazer-39100.portmap.host
- domain: tamasomajyotirgamay.in.net
- domain: p-el3keto.ru.com
- domain: yoenacevedo7-51272.portmap.host
- url: http://138.226.237.35
- domain: jyyjtjyt-63390.portmap.host
- file: 8.219.245.55
- hash: 2008
- domain: pdxing-szxmm-0127.com
- domain: win64autoupdates.top
- url: https://mail.genesseevalleygolfcourse.com/
- url: https://mail.destinationecuador.com/
- url: https://mail.imeldaespinoza.com/
- url: https://mail.istar-vip.com/
- url: https://lp.rainhadosconsorcios.com.br/
- url: https://mail.bennnene.com/
- url: https://mail.diskopumkm-minahasa.my.id/
- url: https://mail.newday-gt.com/
- url: https://mail.rodasaopaulo.com.br/
- url: https://mail.pvu.gbh.mybluehost.me/
- url: https://mail.psicogenealogia.com.br/
- url: https://mail.reclaimyourfunds.org/
- url: https://nhahang3.umemarketingagency.com/
- url: https://newsite.jacquiejordan.com/
- url: https://obchod.moravskysommelier.cz/
- url: https://odva.wbinnova.com/
- url: https://peach.prgss.dev/
- url: https://nouralhalaby.com/
- url: https://orkayacademy.com/
- url: https://pgadmin.ddsis.com.mx/
- url: https://sales.activemedicaresolutions.com/
- url: https://smartpromotions.seanborgmans.com/
- url: https://sultanshopee.ninetysix.in/
- url: https://techtotalix.com.topmostfreight.com/
- url: https://tamara.scrappinmonkeys.com/
- url: https://soko-jikara.jp/
- url: https://thetavernonfourth-com.bubars.com/
- url: https://theoldschool.sc/
- url: https://tileroofinglasvegas.com/
- url: https://visa.ourdubaitravel.com/
- url: https://tenabl.io/
- url: https://webdisk.karamelsitges.com/
- url: https://thietbilanh.cokhiviendong.com/
- file: 158.94.209.33
- hash: 443
- domain: capztoolz.com
- file: 120.48.113.36
- hash: 8888
- file: 156.241.130.87
- hash: 4443
- url: https://wehouse.au/
- url: https://wowlabzstaging.com/
- url: https://webiz-magazine.com/
- url: https://vsure.trumpcode.com/
- file: 60.205.251.199
- hash: 443
- file: 83.229.83.143
- hash: 31337
- file: 107.172.31.101
- hash: 4465
- file: 107.172.31.102
- hash: 7707
- file: 81.78.221.15
- hash: 4782
- file: 197.134.38.207
- hash: 8080
- domain: ztdaliweb.shop
- domain: alianzeg.shop
- domain: ligovera.shop
- domain: govearali.org
- file: 3.145.34.156
- hash: 6008
- domain: grobrat.ru
- file: 206.189.90.233
- hash: 443
- domain: awesomecamera.com
- file: 161.189.63.171
- hash: 443
- domain: sestraining.com
- file: 75.2.114.63
- hash: 443
- file: 83.229.83.143
- hash: 5555
- url: https://mail.kvmjcleaning.ca/
- url: https://mail.peablueinteriors.co.uk/
- domain: digitechsoft.shop
- domain: wkaiuahaaxx.icu
- url: https://smtp.bldg-restoration.com/
- url: https://willlog7.com/
- url: https://capztoolz.com/
- file: 216.126.225.121
- hash: 59666
- url: http://86.107.168.90/a05dfdb7ef5b43c2.php
- file: 185.181.8.10
- hash: 8808
- file: 54.169.252.127
- hash: 443
- file: 54.91.139.12
- hash: 443
- file: 34.230.96.152
- hash: 443
- file: 3.239.159.127
- hash: 8888
- url: https://cdn.jsdelivr.net/gh/www1day7/msdn/fase32
- domain: hkr9915-57340.portmap.host
- file: 45.141.148.131
- hash: 2026
- file: 92.5.116.250
- hash: 9999
- file: 203.159.90.147
- hash: 1940
- domain: cee-tyla-06.ydns.eu
- domain: cee-tyla-006-bkk.ydns.eu
- domain: wewillwin2026.duckdns.org
- file: 20.52.248.45
- hash: 1024
- file: 3.148.165.26
- hash: 18080
- file: 51.84.67.82
- hash: 4369
- file: 35.91.130.139
- hash: 389
- file: 35.91.130.139
- hash: 3389
- domain: topukluhaber.com
- domain: 2kxxrt.sa.com
- domain: mynikevisit.ru.com
- domain: menangmulu.jp.net
- domain: polly.ru.com
- domain: arsija-51460.portmap.host
- file: 137.220.171.139
- hash: 3001
- file: 82.165.181.201
- hash: 1791
- url: http://150.241.83.5
- url: http://109.107.168.147/ws/client
- file: 109.107.168.147
- hash: 80
- file: 47.76.86.151
- hash: 23156
- file: 85.122.114.230
- hash: 2404
- file: 158.94.211.31
- hash: 80
- file: 45.32.218.131
- hash: 4444
- domain: r.ciberseguridad-eia.xyz
- file: 193.161.193.99
- hash: 36102
- domain: gnjmmlrgp.localto.net
- domain: darwin151-36102.portmap.host
- domain: iao-43691.portmap.host
- domain: slrbi356-58189.portmap.host
- file: 37.46.196.22
- hash: 42830
- file: 103.230.144.104
- hash: 42830
- file: 146.70.49.42
- hash: 7080
- file: 178.173.235.94
- hash: 8990
- domain: bouboubobo1.no-ip.biz
- file: 154.16.93.170
- hash: 10119
- domain: godsgrace.ddns.net
- file: 172.86.116.191
- hash: 8848
- file: 146.70.51.74
- hash: 2819
- file: 161.189.2.64
- hash: 443
- file: 167.88.166.42
- hash: 443
- file: 38.55.105.79
- hash: 2053
- file: 75.127.14.147
- hash: 40090
- url: http://astrologickeconoablos.cc:8080/updater?for=0bc6238794ca4bbb920a5147c1e32912
- domain: maccloudfiles.com
- domain: macpush.com
- domain: mymacguides.com
- domain: mac-file.com
- domain: ultradatahost1.cfd
- domain: macared.com
- domain: macfilesharehub.com
- domain: sendportal02.com
- domain: megafilehub4.xyz
- domain: fastsendportal02.com
- domain: driveport38.com
- domain: mymacanswers.com
- domain: imacmigrator.com
- domain: classicmacfiles.com
- domain: maccloudstorage.com
- domain: dropport49.com
- domain: imacrestorehub.com
- domain: cloudboxmac.com
- domain: macfilestorage.com
- domain: macfilebeam.com
- domain: maccloudbeam.com
- domain: imaczip.com
- domain: imacloop.com
- domain: imacdrivedock.com
- domain: macclouddock.com
- domain: maccloudarchive.com
- domain: sharemacrelay.com
- domain: macfilex.com
- domain: macsendpath.com
- domain: macauway.com
- domain: macsendcloud.com
- domain: mac-tours.com
- domain: macfilesi.com
- domain: safetransfer14.com
- domain: quicksend10.com
- domain: imacguide.com
- domain: mac-backup.com
- domain: ultradatahost3.cfd
- domain: icloudmacs.com
- domain: macsyncsend.com
- domain: macfilelinkdrop.com
- domain: maclinkbox.com
- domain: macicloudtrack.com
- domain: macprivateicloud.com
- domain: macfiledesk.com
- domain: macsyncbin.com
- domain: macfilesafesend.com
- domain: maccloudglide.com
- domain: imacfolder.com
- domain: syncport20.com
- domain: maccloudjet.com
- domain: cloudgate29.com
- domain: macfileshare.com
- domain: mymachelpdesk.com
- domain: macabooart.com
- domain: macflowy.com
- domain: macclouddesk.com
- domain: maccloudx.com
- domain: safemacguard.com
- domain: maciclouddock.com
- domain: fileshadowtransfer87.com
- domain: imacsimplesend.com
- domain: imacfilesafe.com
- domain: macdropnow.com
- domain: maccloudzip.com
- domain: primeshare33.com
- file: 160.124.152.163
- hash: 11703
- file: 47.92.155.243
- hash: 80
- file: 60.205.166.87
- hash: 8888
- file: 23.249.28.90
- hash: 14994
- file: 23.101.8.73
- hash: 1234
- file: 23.101.8.73
- hash: 443
- file: 69.167.11.110
- hash: 443
- file: 128.234.28.184
- hash: 8080
- file: 191.101.59.202
- hash: 23
- file: 107.172.230.231
- hash: 80
- file: 54.175.13.9
- hash: 22822
- file: 51.20.104.16
- hash: 80
- domain: addictiontreatment.eu.com
- domain: gqa.uk.com
- domain: kra.sa.com
- domain: meraki.uk.com
- domain: pub88-game.com
- domain: riceif.in.net
- domain: ubwgpb.za.com
- domain: wcw.uk.com
- domain: win678.fun
- domain: goveanrs.org
- domain: getalia.org
- domain: cz-douyin.com
- domain: kolscan.fi
- domain: one-safe.io
- url: http://ilovehosting1.com/1.bat
- file: 39.105.18.59
- hash: 10000
- file: 156.241.130.87
- hash: 9090
- domain: control.minecraftplanet.de
- file: 135.148.28.82
- hash: 1234
- domain: captolls.com
- domain: www.capztoolz.com
- domain: cz-douyin.com
- domain: one-safe.io
- domain: kolscan.fi
- domain: gaz39-service.ru
- file: 144.126.149.104
- hash: 2001
- url: https://cdn.jsdelivr.net/gh/relight-73-unsigned/coolray/mm21
ThreatFox IOCs for 2026-02-02
Description
ThreatFox IOCs for 2026-02-02
AI-Powered Analysis
Technical Analysis
This threat entry from the ThreatFox MISP feed dated 2026-02-02 provides a collection of Indicators of Compromise (IOCs) linked to malware activities primarily involving OSINT (Open Source Intelligence), network activity, and payload delivery mechanisms. The data does not specify affected software versions or products, indicating that it may represent a broad or emerging threat rather than a targeted vulnerability in a specific product. The absence of known exploits in the wild and lack of patches suggests that this threat is either newly identified or related to reconnaissance and preparatory stages of an attack rather than active exploitation. The threat level is rated as medium, with a threatLevel metric of 2 and distribution metric of 3, implying moderate dissemination and potential impact. The technical details are sparse, with no CWEs or detailed attack vectors provided. The threat is tagged with TLP:white, indicating it is intended for wide sharing and awareness. The focus on OSINT and network activity suggests attackers may be leveraging publicly available information and network-based payload delivery to compromise targets or gather intelligence. The lack of specific indicators in the provided data limits detailed technical analysis but highlights the importance of monitoring network traffic and integrating threat intelligence feeds to detect related activity. Overall, this threat represents a moderate risk primarily associated with reconnaissance and potential payload delivery, requiring vigilance but not indicating an immediate critical vulnerability or exploit.
Potential Impact
For European organizations, the impact of this threat is primarily related to increased exposure to network-based reconnaissance and potential payload delivery attempts. While no direct exploits or vulnerabilities are identified, the presence of OSINT-related malware activity suggests adversaries may be gathering intelligence to facilitate future attacks or deliver malicious payloads over networks. This could lead to unauthorized access, data exfiltration, or disruption if payloads are successfully delivered and executed. The medium severity indicates a moderate risk level, meaning organizations could experience operational impacts if defenses are insufficient. Sectors with high reliance on network infrastructure, such as finance, telecommunications, and government, may face greater risks. The lack of patches or specific mitigations means organizations must rely on proactive detection and response capabilities. Failure to detect such network activity could allow attackers to establish footholds or conduct further reconnaissance, increasing the likelihood of subsequent, more damaging attacks. Therefore, the threat underscores the need for continuous monitoring and threat intelligence integration to mitigate potential impacts.
Mitigation Recommendations
European organizations should implement enhanced network monitoring to detect unusual or suspicious traffic patterns indicative of OSINT-related reconnaissance or payload delivery attempts. Integration of ThreatFox and other reputable threat intelligence feeds into Security Information and Event Management (SIEM) systems can improve detection of known IOCs. Employ network segmentation to limit lateral movement in case of successful payload delivery. Conduct regular threat hunting exercises focused on network activity and payload delivery vectors. Update incident response plans to include scenarios involving OSINT-driven reconnaissance and network-based malware. Educate security teams on the importance of analyzing OSINT-derived threats and correlating them with network telemetry. Deploy endpoint detection and response (EDR) solutions capable of identifying payload execution behaviors. Since no patches are available, prioritize preventive controls such as network access controls, strict firewall rules, and anomaly detection. Collaborate with national and European cybersecurity centers for timely sharing of threat intelligence and coordinated response. Finally, maintain up-to-date asset inventories to quickly identify and isolate affected systems if indicators are detected.
Affected Countries
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- e950cf8e-44eb-48a1-a74a-1946a371fdf3
- Original Timestamp
- 1770076987
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file196.251.107.130 | Stealc botnet C2 server (confidence level: 100%) | |
file138.226.237.35 | Stealc botnet C2 server (confidence level: 100%) | |
file157.250.207.98 | Mirai botnet C2 server (confidence level: 80%) | |
file156.226.21.115 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file216.126.224.83 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file155.138.211.85 | Unknown malware botnet C2 server (confidence level: 100%) | |
file64.7.199.35 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file16.50.158.8 | Meterpreter botnet C2 server (confidence level: 100%) | |
file16.50.158.8 | Meterpreter botnet C2 server (confidence level: 100%) | |
file185.209.161.130 | Mirai botnet C2 server (confidence level: 80%) | |
file193.161.193.99 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file160.124.104.172 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.27.211.70 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file194.71.107.243 | Unknown RAT botnet C2 server (confidence level: 100%) | |
file23.27.175.17 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.107.131 | DCRat botnet C2 server (confidence level: 100%) | |
file18.217.34.53 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.15.2.57 | XWorm botnet C2 server (confidence level: 100%) | |
file86.174.162.51 | XWorm botnet C2 server (confidence level: 100%) | |
file8.219.245.55 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file158.94.209.33 | ClearFake payload delivery server (confidence level: 100%) | |
file120.48.113.36 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.241.130.87 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file60.205.251.199 | Sliver botnet C2 server (confidence level: 100%) | |
file83.229.83.143 | Sliver botnet C2 server (confidence level: 100%) | |
file107.172.31.101 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file107.172.31.102 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file81.78.221.15 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file197.134.38.207 | Venom RAT botnet C2 server (confidence level: 100%) | |
file3.145.34.156 | Meterpreter botnet C2 server (confidence level: 100%) | |
file206.189.90.233 | VShell botnet C2 server (confidence level: 100%) | |
file161.189.63.171 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file75.2.114.63 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file83.229.83.143 | Sliver botnet C2 server (confidence level: 75%) | |
file216.126.225.121 | Mirai botnet C2 server (confidence level: 100%) | |
file185.181.8.10 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file54.169.252.127 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.91.139.12 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.230.96.152 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.239.159.127 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.141.148.131 | XWorm botnet C2 server (confidence level: 100%) | |
file92.5.116.250 | Sliver botnet C2 server (confidence level: 100%) | |
file203.159.90.147 | Remcos botnet C2 server (confidence level: 100%) | |
file20.52.248.45 | DCRat botnet C2 server (confidence level: 100%) | |
file3.148.165.26 | Meterpreter botnet C2 server (confidence level: 100%) | |
file51.84.67.82 | Meterpreter botnet C2 server (confidence level: 100%) | |
file35.91.130.139 | Meterpreter botnet C2 server (confidence level: 100%) | |
file35.91.130.139 | Meterpreter botnet C2 server (confidence level: 100%) | |
file137.220.171.139 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file82.165.181.201 | Mirai botnet C2 server (confidence level: 100%) | |
file109.107.168.147 | Unknown RAT botnet C2 server (confidence level: 75%) | |
file47.76.86.151 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file85.122.114.230 | Remcos botnet C2 server (confidence level: 100%) | |
file158.94.211.31 | Sliver botnet C2 server (confidence level: 100%) | |
file45.32.218.131 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file193.161.193.99 | Vjw0rm botnet C2 server (confidence level: 100%) | |
file37.46.196.22 | Remcos botnet C2 server (confidence level: 100%) | |
file103.230.144.104 | Remcos botnet C2 server (confidence level: 100%) | |
file146.70.49.42 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file178.173.235.94 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file154.16.93.170 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file172.86.116.191 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file146.70.51.74 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file161.189.2.64 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file167.88.166.42 | Havoc botnet C2 server (confidence level: 75%) | |
file38.55.105.79 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file75.127.14.147 | Havoc botnet C2 server (confidence level: 75%) | |
file160.124.152.163 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.92.155.243 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file60.205.166.87 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.249.28.90 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file23.101.8.73 | Havoc botnet C2 server (confidence level: 100%) | |
file23.101.8.73 | Havoc botnet C2 server (confidence level: 100%) | |
file69.167.11.110 | DCRat botnet C2 server (confidence level: 100%) | |
file128.234.28.184 | Chaos botnet C2 server (confidence level: 100%) | |
file191.101.59.202 | Bashlite botnet C2 server (confidence level: 100%) | |
file107.172.230.231 | Bashlite botnet C2 server (confidence level: 100%) | |
file54.175.13.9 | Meterpreter botnet C2 server (confidence level: 100%) | |
file51.20.104.16 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file39.105.18.59 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.241.130.87 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file135.148.28.82 | DCRat botnet C2 server (confidence level: 100%) | |
file144.126.149.104 | AsyncRAT botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash1999 | Mirai botnet C2 server (confidence level: 80%) | |
hash8000 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4321 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash1912 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash11112 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash9506 | Mirai botnet C2 server (confidence level: 80%) | |
hash51272 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash11703 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash18443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Unknown RAT botnet C2 server (confidence level: 100%) | |
hash31202 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8080 | DCRat botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4545 | XWorm botnet C2 server (confidence level: 100%) | |
hash1772 | XWorm botnet C2 server (confidence level: 100%) | |
hash2008 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash443 | ClearFake payload delivery server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash4465 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8080 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash6008 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash443 | VShell botnet C2 server (confidence level: 100%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash5555 | Sliver botnet C2 server (confidence level: 75%) | |
hash59666 | Mirai botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2026 | XWorm botnet C2 server (confidence level: 100%) | |
hash9999 | Sliver botnet C2 server (confidence level: 100%) | |
hash1940 | Remcos botnet C2 server (confidence level: 100%) | |
hash1024 | DCRat botnet C2 server (confidence level: 100%) | |
hash18080 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash4369 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash389 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3389 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3001 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash1791 | Mirai botnet C2 server (confidence level: 100%) | |
hash80 | Unknown RAT botnet C2 server (confidence level: 75%) | |
hash23156 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | Sliver botnet C2 server (confidence level: 100%) | |
hash4444 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash36102 | Vjw0rm botnet C2 server (confidence level: 100%) | |
hash42830 | Remcos botnet C2 server (confidence level: 100%) | |
hash42830 | Remcos botnet C2 server (confidence level: 100%) | |
hash7080 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8990 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash10119 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash8848 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash2819 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash2053 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash40090 | Havoc botnet C2 server (confidence level: 75%) | |
hash11703 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash14994 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash1234 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | DCRat botnet C2 server (confidence level: 100%) | |
hash8080 | Chaos botnet C2 server (confidence level: 100%) | |
hash23 | Bashlite botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash22822 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash80 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash10000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9090 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1234 | DCRat botnet C2 server (confidence level: 100%) | |
hash2001 | AsyncRAT botnet C2 server (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://cdn.jsdelivr.net/gh/relight-73-unsigned/coolray/eee12 | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://138.226.237.35 | Stealc botnet C2 (confidence level: 100%) | |
urlhttps://mail.genesseevalleygolfcourse.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://mail.destinationecuador.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://mail.imeldaespinoza.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://mail.istar-vip.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://lp.rainhadosconsorcios.com.br/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://mail.bennnene.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://mail.diskopumkm-minahasa.my.id/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://mail.newday-gt.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://mail.rodasaopaulo.com.br/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://mail.pvu.gbh.mybluehost.me/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://mail.psicogenealogia.com.br/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://mail.reclaimyourfunds.org/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://nhahang3.umemarketingagency.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://newsite.jacquiejordan.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://obchod.moravskysommelier.cz/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://odva.wbinnova.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://peach.prgss.dev/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://nouralhalaby.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://orkayacademy.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://pgadmin.ddsis.com.mx/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://sales.activemedicaresolutions.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://smartpromotions.seanborgmans.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://sultanshopee.ninetysix.in/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://techtotalix.com.topmostfreight.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://tamara.scrappinmonkeys.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://soko-jikara.jp/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://thetavernonfourth-com.bubars.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://theoldschool.sc/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://tileroofinglasvegas.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://visa.ourdubaitravel.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://tenabl.io/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://webdisk.karamelsitges.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://thietbilanh.cokhiviendong.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://wehouse.au/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://wowlabzstaging.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://webiz-magazine.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://vsure.trumpcode.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://mail.kvmjcleaning.ca/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://mail.peablueinteriors.co.uk/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://smtp.bldg-restoration.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://willlog7.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://capztoolz.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttp://86.107.168.90/a05dfdb7ef5b43c2.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttps://cdn.jsdelivr.net/gh/www1day7/msdn/fase32 | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://150.241.83.5 | Stealc botnet C2 (confidence level: 75%) | |
urlhttp://109.107.168.147/ws/client | Unknown RAT botnet C2 (confidence level: 100%) | |
urlhttp://astrologickeconoablos.cc:8080/updater?for=0bc6238794ca4bbb920a5147c1e32912 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://ilovehosting1.com/1.bat | Quasar RAT payload delivery URL (confidence level: 100%) | |
urlhttps://cdn.jsdelivr.net/gh/relight-73-unsigned/coolray/mm21 | ClearFake payload delivery URL (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainunknownrazer-39100.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domaintamasomajyotirgamay.in.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainp-el3keto.ru.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainyoenacevedo7-51272.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainjyyjtjyt-63390.portmap.host | NjRAT botnet C2 domain (confidence level: 100%) | |
domainpdxing-szxmm-0127.com | ValleyRAT botnet C2 domain (confidence level: 100%) | |
domainwin64autoupdates.top | Raccoon botnet C2 domain (confidence level: 50%) | |
domaincapztoolz.com | ClearFake payload delivery domain (confidence level: 100%) | |
domainztdaliweb.shop | ClearFake payload delivery domain (confidence level: 100%) | |
domainalianzeg.shop | ClearFake payload delivery domain (confidence level: 100%) | |
domainligovera.shop | ClearFake payload delivery domain (confidence level: 100%) | |
domaingovearali.org | ClearFake payload delivery domain (confidence level: 100%) | |
domaingrobrat.ru | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainawesomecamera.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainsestraining.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domaindigitechsoft.shop | DUCKTAIL botnet C2 domain (confidence level: 100%) | |
domainwkaiuahaaxx.icu | ValleyRAT botnet C2 domain (confidence level: 75%) | |
domainhkr9915-57340.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domaincee-tyla-06.ydns.eu | Remcos botnet C2 domain (confidence level: 100%) | |
domaincee-tyla-006-bkk.ydns.eu | Remcos botnet C2 domain (confidence level: 100%) | |
domainwewillwin2026.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domaintopukluhaber.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domain2kxxrt.sa.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainmynikevisit.ru.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainmenangmulu.jp.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainpolly.ru.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainarsija-51460.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainr.ciberseguridad-eia.xyz | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaingnjmmlrgp.localto.net | XWorm botnet C2 domain (confidence level: 75%) | |
domaindarwin151-36102.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainiao-43691.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainslrbi356-58189.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainbouboubobo1.no-ip.biz | NjRAT botnet C2 domain (confidence level: 100%) | |
domaingodsgrace.ddns.net | Nanocore RAT botnet C2 domain (confidence level: 100%) | |
domainmaccloudfiles.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmacpush.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmymacguides.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmac-file.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainultradatahost1.cfd | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmacared.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmacfilesharehub.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainsendportal02.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmegafilehub4.xyz | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainfastsendportal02.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domaindriveport38.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmymacanswers.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainimacmigrator.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainclassicmacfiles.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmaccloudstorage.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domaindropport49.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainimacrestorehub.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domaincloudboxmac.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmacfilestorage.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmacfilebeam.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmaccloudbeam.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainimaczip.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainimacloop.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainimacdrivedock.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmacclouddock.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmaccloudarchive.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainsharemacrelay.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmacfilex.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmacsendpath.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmacauway.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmacsendcloud.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmac-tours.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmacfilesi.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainsafetransfer14.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainquicksend10.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainimacguide.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmac-backup.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainultradatahost3.cfd | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainicloudmacs.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmacsyncsend.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmacfilelinkdrop.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmaclinkbox.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmacicloudtrack.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmacprivateicloud.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmacfiledesk.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmacsyncbin.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmacfilesafesend.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmaccloudglide.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainimacfolder.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainsyncport20.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmaccloudjet.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domaincloudgate29.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmacfileshare.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmymachelpdesk.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmacabooart.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmacflowy.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmacclouddesk.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmaccloudx.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainsafemacguard.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmaciclouddock.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainfileshadowtransfer87.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainimacsimplesend.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainimacfilesafe.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmacdropnow.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmaccloudzip.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainprimeshare33.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainaddictiontreatment.eu.com | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domaingqa.uk.com | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domainkra.sa.com | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domainmeraki.uk.com | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domainpub88-game.com | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domainriceif.in.net | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domainubwgpb.za.com | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domainwcw.uk.com | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domainwin678.fun | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domaingoveanrs.org | ClearFake payload delivery domain (confidence level: 100%) | |
domaingetalia.org | ClearFake payload delivery domain (confidence level: 100%) | |
domaincz-douyin.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainkolscan.fi | Unknown malware payload delivery domain (confidence level: 100%) | |
domainone-safe.io | Unknown malware payload delivery domain (confidence level: 100%) | |
domaincontrol.minecraftplanet.de | Havoc botnet C2 domain (confidence level: 100%) | |
domaincaptolls.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainwww.capztoolz.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincz-douyin.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainone-safe.io | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainkolscan.fi | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaingaz39-service.ru | Havoc botnet C2 domain (confidence level: 100%) |
Threat ID: 69813dd7f9fa50a62f677cca
Added to database: 2/3/2026, 12:14:15 AM
Last enriched: 2/3/2026, 12:14:41 AM
Last updated: 2/3/2026, 9:22:44 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
The Chrysalis Backdoor: A Deep Dive into Lotus Blossom's toolkit
MediumHow does cyberthreat attribution help in practice?
MediumOpen VSX Publisher Account Hijacked in Fresh GlassWorm Attack
Medium2nd February – Threat Intelligence Report
MediumCyber Insights 2026: Malware and Cyberattacks in the Age of AI
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.