ThreatFox IOCs for 2026-02-25
ThreatFox IOCs for 2026-02-25
AI Analysis
Technical Summary
The provided information pertains to a malware-related threat intelligence update published on February 25, 2026, via the ThreatFox MISP feed. It primarily consists of Indicators of Compromise (IOCs) intended for OSINT (Open Source Intelligence) purposes, focusing on network activity and payload delivery mechanisms. The threat is classified with a medium severity level but lacks detailed technical specifics such as affected software versions, exploit mechanisms, or active exploitation reports. No patches or mitigation links are provided, indicating that this intelligence serves more as an early warning or detection aid rather than a response to a known vulnerability. The technical metadata shows a low threat level (2 out of an unspecified scale), minimal analysis (1), and moderate distribution (3), suggesting limited but notable dissemination of the malware or its indicators. The absence of CVEs or CWEs and no known exploits in the wild further imply that this is a proactive intelligence feed rather than a report of an ongoing attack campaign. The lack of concrete IOCs in the data limits actionable detection but highlights the importance of monitoring network activity and payload delivery vectors. This intelligence is valuable for organizations to update their threat detection systems and prepare for potential malware activity that could evolve or become more targeted in the future.
Potential Impact
Given the limited information and absence of known exploits or targeted affected versions, the immediate impact of this threat is likely low to medium. Organizations worldwide may face increased risk of malware infections through network-based payload delivery if these IOCs correspond to emerging malware campaigns. The threat could lead to unauthorized access, data exfiltration, or disruption if exploited, but no direct evidence suggests widespread active exploitation at this time. The medium severity rating reflects potential risks to confidentiality, integrity, and availability, particularly if the malware payloads evolve or are integrated into broader attack campaigns. The lack of patches or mitigation guidance means organizations must rely on detection and prevention strategies rather than remediation. The impact is more pronounced for entities with extensive network exposure or those lacking robust threat intelligence integration. Overall, while not immediately critical, the threat warrants attention to prevent escalation and to enhance early detection capabilities.
Mitigation Recommendations
Organizations should integrate the latest ThreatFox IOCs into their security information and event management (SIEM) systems and endpoint detection and response (EDR) tools to enhance detection capabilities. Network monitoring should be intensified to identify unusual payload delivery activities, especially those matching the provided IOCs once available. Employ strict network segmentation and enforce least privilege access to limit potential malware spread. Regularly update and tune intrusion detection/prevention systems (IDS/IPS) to recognize emerging malware signatures. Conduct threat hunting exercises focused on network activity anomalies and payload delivery patterns. Since no patches are available, emphasize proactive defense measures such as user awareness training to recognize phishing or social engineering attempts that could deliver malware. Collaborate with threat intelligence sharing communities to receive timely updates and contextual information. Finally, maintain robust backup and recovery procedures to mitigate potential ransomware or destructive payload impacts.
Affected Countries
United States, Germany, United Kingdom, France, Japan, South Korea, Australia, Canada, Netherlands, Israel
Indicators of Compromise
- file: 124.198.132.120
- hash: 5000
- file: 191.107.91.72
- hash: 5061
- file: 51.75.62.52
- hash: 443
- file: 206.206.127.178
- hash: 9000
- file: 54.82.61.154
- hash: 3333
- file: 172.94.9.106
- hash: 8080
- file: 38.132.122.134
- hash: 43211
- file: 52.27.144.112
- hash: 28549
- file: 54.67.27.207
- hash: 56601
- file: 54.67.27.207
- hash: 101
- file: 54.67.27.207
- hash: 9201
- file: 54.67.27.207
- hash: 20001
- file: 56.124.121.117
- hash: 9895
- domain: misangamoon.blog
- domain: missalromano.com.br
- domain: missioninaction.de
- url: https://www.gieable.shop/
- domain: mistwaresolutions.com
- domain: miusictherapy.com
- domain: mjcabocustomsolutions.com
- url: http://83.142.209.9/ohshit.sh
- domain: mkankw.com
- domain: br7us6.sa.com
- domain: dvv.uk.com
- domain: 82vna.it.com
- domain: stuff.eu.com
- domain: kfzpark9.duckdns.org
- file: 51.250.29.72
- hash: 443
- file: 179.110.250.222
- hash: 7000
- file: 137.220.219.244
- hash: 8083
- file: 123.60.53.85
- hash: 10001
- file: 201.103.99.105
- hash: 995
- domain: mkt.agosassessoriacontabil.com.br
- domain: mktmindsstudio.com
- domain: www.polymarketapi.xyz
- file: 172.111.213.118
- hash: 1962
- file: 149.104.90.204
- hash: 443
- file: 92.118.231.105
- hash: 9999
- file: 154.36.188.85
- hash: 65503
- file: 46.246.4.9
- hash: 2003
- domain: miriart.com.br
- file: 15.152.44.169
- hash: 788
- file: 43.203.204.160
- hash: 51005
- file: 196.75.121.210
- hash: 2222
- file: 54.174.76.50
- hash: 22822
- file: 103.177.47.162
- hash: 3790
- file: 45.142.107.217
- hash: 323
- domain: mnmabogados.com
- domain: mnmpowersolutions.com
- domain: moafrikapayments.com
- domain: envi2026fe.duckdns.org
- domain: womanless-assurance.gl.at.ply.gg
- domain: niggercattleultimatum.top
- domain: moderne-genealogie.hooftvanhuysduynen.com
- domain: brfwhb.ru.com
- url: http://143.92.60.13:8888/supershell/login/
- file: 106.246.233.154
- hash: 9080
- file: 52.199.136.69
- hash: 80
- file: 94.154.35.160
- hash: 8888
- domain: modernlaundry.itoffshoresupport.com
- file: 47.101.173.206
- hash: 443
- file: 138.199.59.5
- hash: 60736
- file: 185.144.158.152
- hash: 8080
- file: 18.221.2.94
- hash: 30913
- file: 103.177.46.77
- hash: 3790
- url: https://wtf.it-bd.com/
- url: https://wtf.cardiffphysio.com/
- url: https://hlk.it-bd.com/
- url: https://hlk.cardiffphysio.com/
- domain: hlk.it-bd.com
- domain: hlk.cardiffphysio.com
- domain: wtf.it-bd.com
- domain: wtf.cardiffphysio.com
- file: 185.72.8.121
- hash: 1032
- file: 185.72.8.121
- hash: 443
- file: 38.190.254.97
- hash: 8443
- url: http://213.176.73.129/api/nte3yjdjnwu1njyznju2yta1n2y=
- file: 49.13.15.44
- hash: 8444
- file: 52.188.77.253
- hash: 8013
- file: 99.83.215.169
- hash: 8125
- domain: monitor.gurudowordpress.com.br
- domain: monitorizacao.hla.com.br
- file: 45.59.117.195
- hash: 31337
- file: 108.161.129.8
- hash: 31337
- file: 89.125.50.183
- hash: 31337
- file: 161.97.117.210
- hash: 31337
- file: 193.26.115.218
- hash: 31337
- file: 51.83.185.120
- hash: 31337
- file: 46.224.143.22
- hash: 31337
- url: https://213.159.79.103/c619c3a3bc843eb0.php
- url: https://65.21.200.30/1b8295a7e0284b08.php
- url: https://mycago999.top/
- url: https://tidexipz.cc/
- url: http://89.169.12.248/api/nte3yjdjnwu1njyznju2yta1n2y=
- url: https://27.102.138.146
- url: https://101.36.114.248
- url: https://101.36.114.24
- url: https://api.telegram.org/bot8498302719:aagnggypnp9afncu6d6f66sbcyu5qh20yfq/
- domain: mobileshop.ru.com
- domain: waytoonews.in.net
- file: 104.21.35.221
- hash: 4782
- file: 104.21.35.221
- hash: 6606
- file: 104.21.35.221
- hash: 7707
- file: 104.21.35.221
- hash: 8808
- file: 104.21.35.221
- hash: 8848
- file: 104.21.35.221
- hash: 8888
- file: 172.67.180.60
- hash: 4782
- file: 172.67.180.60
- hash: 6606
- file: 172.67.180.60
- hash: 7707
- file: 172.67.180.60
- hash: 8808
- file: 172.67.180.60
- hash: 8848
- file: 172.67.180.60
- hash: 8888
- domain: cm88.com
- domain: ksmk0909096-54828.portmap.host
- domain: monkeysdigital.com.mx
- domain: path.fu78.ru
- file: 82.157.233.225
- hash: 7777
- file: 113.45.185.225
- hash: 85
- file: 102.141.126.140
- hash: 800
- file: 144.124.246.132
- hash: 443
- domain: asimos.radio.fm
- domain: vean-tattoo.sa.com
- file: 23.226.58.105
- hash: 29541
- domain: mateo.eu.com
- file: 137.220.219.244
- hash: 8081
- file: 80.71.224.110
- hash: 8080
- file: 80.71.224.110
- hash: 8090
- url: http://go1.kmm5tn.ceye.io
- file: 110.43.39.44
- hash: 10001
- file: 84.38.129.7
- hash: 8018
- domain: nz5umskcf.localto.net
- file: 45.144.212.94
- hash: 8823
- domain: xoeyxsife-53554.portmap.host
- domain: montroguru.com
- file: 45.88.78.33
- hash: 443
- domain: monzaoggi.com
- domain: afreu.xyz
- domain: varusa.xyz
- domain: efsllc.org
- domain: ktoto.xyz
- domain: moo77.asia
- file: 178.16.54.184
- hash: 7707
- file: 49.51.202.217
- hash: 80
- file: 168.245.203.230
- hash: 3790
- file: 172.237.129.24
- hash: 443
- file: 34.118.26.66
- hash: 8080
- file: 178.17.62.192
- hash: 443
- file: 103.227.84.10
- hash: 443
- domain: morart.com
- domain: cdn-server.beer
- url: https://cdn-server.beer/api/css.js
- file: 34.46.236.209
- hash: 8443
- domain: stormplayavia.com
- url: https://stormplayavia.com/data.php
- file: 65.108.151.50
- hash: 8880
- url: https://stormplayavia.com/data.zip
- url: https://stormplayavia.com/test.php
- url: https://stormplayavia.com/configpack.zip
- url: https://stormplayavia.com/helpu.php
- url: https://stormplayavia.com/server.php
- domain: yuanstore.com
- url: https://yuanstore.com/api/index.php?a=init&os=windows
- url: https://yuanstore.com/api/index.php?a=evt
- domain: gatcachesec.com
- url: https://gatcachesec.com/api/css.js
- domain: moritzliewerscheidt.de
- domain: 85lgsf41.clearvertex.digital
- domain: 6ut6sdn1.clearvertex.digital
- url: https://ueb.it-bd.com/
- url: https://ueb.cardiffphysio.com/
- domain: ueb.it-bd.com
- domain: ueb.cardiffphysio.com
- file: 213.176.79.252
- hash: 443
- domain: 55clublotteryy.org
- file: 102.117.163.126
- hash: 7443
- file: 34.136.0.42
- hash: 7443
- file: 49.51.202.217
- hash: 8089
- file: 182.123.72.152
- hash: 8888
- file: 82.24.200.21
- hash: 5000
- url: https://stgbran.com/5a2g.js
- domain: stgbran.com
- url: https://stgbran.com/js.php
- domain: mosenacardoso.com.br
- domain: motelantares.com
- file: 143.244.135.150
- hash: 7443
- domain: motoresnobre.siteup.dev
- domain: motorhomemot.com
- domain: movers.devsquarepk.com
- domain: movev.org
- domain: movies.liho.tw
- domain: 1m89k7yv.primefusion.digital
- file: 95.85.239.4
- hash: 443
- domain: vxnrtubh.primefusion.digital
- domain: movingcompanyinsacramento.com
- domain: www.ourgroupclassprojects.com
- domain: www.ourgroupclassprojectsslim1.com
- domain: www.ourgroupclassprojectsslim2.com
- domain: slotonlinegacor.it.com
- url: http://servicelearning.thu.edu.tw/good/quakes/gate.php
- domain: prewjko.cyou
- domain: kasykmp.cyou
- domain: scijmdz.cyou
- domain: demhjmr.cyou
- domain: mr-suministros.com
- file: 104.250.169.106
- hash: 1781
- file: 114.230.138.176
- hash: 10250
- file: 172.94.14.40
- hash: 2404
- domain: mrepictures.com
- file: 34.154.34.19
- hash: 443
- file: 103.39.16.231
- hash: 29541
- file: 103.39.16.225
- hash: 29541
- file: 156.234.21.208
- hash: 29541
- file: 23.248.213.119
- hash: 29541
- file: 23.226.48.197
- hash: 29541
- file: 23.226.48.221
- hash: 29541
- file: 103.39.16.227
- hash: 29541
- file: 103.39.16.249
- hash: 29541
- file: 103.39.16.253
- hash: 29541
- file: 43.249.175.208
- hash: 29541
- file: 103.39.16.228
- hash: 29541
- file: 43.240.239.249
- hash: 29541
- file: 156.234.21.194
- hash: 29541
- file: 43.240.239.232
- hash: 29541
- file: 43.249.175.215
- hash: 29541
- file: 23.226.58.98
- hash: 29541
- file: 23.226.58.120
- hash: 29541
- file: 23.226.48.216
- hash: 29541
- file: 156.234.21.199
- hash: 29541
- file: 103.39.16.239
- hash: 29541
- file: 103.39.16.245
- hash: 29541
- file: 43.240.239.240
- hash: 29541
- file: 43.249.175.222
- hash: 29541
- file: 43.249.175.221
- hash: 29541
- file: 43.240.239.226
- hash: 29541
- file: 103.39.16.248
- hash: 29541
- file: 43.249.175.212
- hash: 29541
- file: 156.234.21.206
- hash: 29541
- file: 23.248.213.126
- hash: 29541
- file: 23.248.213.117
- hash: 29541
- file: 23.226.48.200
- hash: 29541
- file: 47.92.169.87
- hash: 80
- file: 170.168.61.188
- hash: 8952
- file: 23.248.213.110
- hash: 29541
- file: 23.226.58.114
- hash: 29541
- file: 103.39.16.229
- hash: 29541
- file: 103.41.7.246
- hash: 29541
- file: 103.41.7.231
- hash: 29541
- file: 23.226.48.208
- hash: 29541
- file: 43.240.239.233
- hash: 29541
- file: 103.39.16.241
- hash: 29541
- file: 23.226.48.201
- hash: 29541
- file: 23.226.58.121
- hash: 29541
- file: 156.234.21.204
- hash: 29541
- file: 156.234.21.214
- hash: 29541
- file: 43.240.239.225
- hash: 29541
- file: 23.226.58.102
- hash: 29541
- file: 23.226.48.203
- hash: 29541
- file: 43.240.239.228
- hash: 29541
- file: 43.249.175.204
- hash: 29541
- file: 115.190.250.28
- hash: 5521
- file: 103.41.7.249
- hash: 29541
- file: 23.226.48.209
- hash: 29541
- file: 43.249.175.216
- hash: 29541
- file: 23.248.213.100
- hash: 29541
- file: 156.234.21.203
- hash: 29541
- file: 23.248.213.106
- hash: 29541
- file: 43.240.239.250
- hash: 29541
- file: 43.249.175.196
- hash: 29541
- file: 23.226.48.195
- hash: 29541
- file: 43.249.175.219
- hash: 29541
- file: 23.226.58.97
- hash: 29541
- file: 23.248.213.98
- hash: 29541
- file: 43.240.239.244
- hash: 29541
- file: 156.234.21.220
- hash: 29541
- file: 103.39.16.242
- hash: 29541
- file: 156.234.21.200
- hash: 29541
- file: 156.234.21.205
- hash: 29541
- file: 43.240.239.245
- hash: 29541
- file: 23.226.48.205
- hash: 29541
- file: 23.226.48.219
- hash: 29541
- file: 23.226.48.218
- hash: 29541
- file: 103.41.7.241
- hash: 29541
- file: 23.226.58.110
- hash: 29541
- file: 43.240.239.246
- hash: 29541
- file: 43.249.175.207
- hash: 29541
- file: 23.248.213.118
- hash: 29541
- file: 103.39.16.246
- hash: 29541
- file: 103.41.7.244
- hash: 29541
- file: 23.226.48.210
- hash: 29541
- file: 103.41.7.245
- hash: 29541
- file: 103.39.16.243
- hash: 29541
- file: 23.248.213.111
- hash: 29541
- file: 103.41.7.242
- hash: 29541
- file: 103.41.7.233
- hash: 29541
- file: 23.248.213.107
- hash: 29541
- file: 23.248.213.105
- hash: 29541
- file: 103.39.16.234
- hash: 29541
- file: 43.249.175.220
- hash: 29541
- file: 103.39.16.240
- hash: 29541
- file: 43.249.175.200
- hash: 29541
- file: 23.226.58.103
- hash: 29541
- file: 43.249.175.213
- hash: 29541
- file: 23.248.213.123
- hash: 29541
- file: 23.226.48.198
- hash: 29541
- file: 156.234.21.209
- hash: 29541
- file: 103.39.79.102
- hash: 7443
- file: 103.39.16.235
- hash: 29541
- file: 23.248.213.116
- hash: 29541
- file: 103.41.7.236
- hash: 29541
- file: 103.39.16.247
- hash: 29541
- file: 23.226.58.113
- hash: 29541
- file: 103.41.7.230
- hash: 29541
- file: 103.41.7.243
- hash: 29541
- file: 43.249.175.206
- hash: 29541
- file: 23.226.58.126
- hash: 29541
- file: 23.226.58.116
- hash: 29541
- file: 103.39.16.238
- hash: 29541
- file: 23.248.213.124
- hash: 29541
- file: 23.248.213.125
- hash: 29541
- file: 23.248.213.99
- hash: 29541
- file: 156.234.21.219
- hash: 29541
- file: 43.240.239.252
- hash: 29541
- file: 103.41.7.251
- hash: 29541
- file: 156.234.21.213
- hash: 29541
- file: 43.240.239.253
- hash: 29541
- file: 103.41.7.253
- hash: 29541
- file: 43.240.239.230
- hash: 29541
- file: 43.249.175.203
- hash: 29541
- file: 43.240.239.234
- hash: 29541
- file: 103.41.7.254
- hash: 29541
- file: 43.240.239.241
- hash: 29541
- file: 43.240.239.254
- hash: 29541
- file: 103.41.7.227
- hash: 29541
- file: 23.226.58.106
- hash: 29541
- file: 23.226.58.117
- hash: 29541
- file: 43.240.239.235
- hash: 29541
- file: 23.226.58.109
- hash: 29541
- file: 103.39.16.232
- hash: 29541
- file: 43.249.175.214
- hash: 29541
- file: 156.234.21.198
- hash: 29541
- file: 103.41.7.252
- hash: 29541
- file: 23.248.213.113
- hash: 29541
- file: 156.234.21.196
- hash: 29541
- file: 23.248.213.108
- hash: 29541
- file: 103.39.16.254
- hash: 29541
- file: 103.41.7.226
- hash: 29541
- file: 23.226.58.123
- hash: 29541
- file: 23.248.213.114
- hash: 29541
- file: 157.151.245.77
- hash: 443
- file: 43.143.234.76
- hash: 443
- file: 178.16.55.211
- hash: 8808
- domain: login.mselite.org
- file: 95.141.32.147
- hash: 10001
- file: 110.43.39.172
- hash: 10001
- domain: mrpaulandpartners.com
- file: 123.60.179.11
- hash: 8085
- file: 146.70.113.182
- hash: 443
- domain: tllts.com
- domain: stellarcloudhub5.homes
- domain: stellarcloudhub4.homes
- domain: stellarcloudhub3.homes
- domain: stellarcloudhub2.homes
- domain: stellarcloudhub1.homes
- file: 43.240.239.237
- hash: 29541
- file: 103.41.7.238
- hash: 29541
- file: 103.39.16.233
- hash: 29541
- file: 103.41.7.232
- hash: 29541
- file: 23.226.58.118
- hash: 29541
- file: 23.226.48.196
- hash: 29541
- file: 103.41.7.239
- hash: 29541
- file: 103.41.7.250
- hash: 29541
- file: 23.226.48.212
- hash: 29541
- file: 23.226.48.204
- hash: 29541
- file: 43.240.239.248
- hash: 29541
- file: 156.234.21.216
- hash: 29541
- file: 23.226.48.207
- hash: 29541
- file: 23.248.213.102
- hash: 29541
- file: 43.240.239.239
- hash: 29541
- file: 43.249.175.197
- hash: 29541
- file: 43.249.175.210
- hash: 29541
- file: 156.234.21.221
- hash: 29541
- file: 156.234.21.215
- hash: 29541
- file: 156.234.21.207
- hash: 29541
- file: 23.226.48.194
- hash: 29541
- file: 23.226.58.112
- hash: 29541
- file: 43.240.239.236
- hash: 29541
- file: 43.249.175.198
- hash: 29541
- file: 23.226.48.211
- hash: 29541
- file: 156.234.21.202
- hash: 29541
- file: 23.226.58.107
- hash: 29541
- file: 23.226.48.222
- hash: 29541
- file: 23.226.48.214
- hash: 29541
- file: 23.226.58.122
- hash: 29541
- file: 43.249.175.193
- hash: 29541
- file: 23.226.48.206
- hash: 29541
- file: 23.248.213.101
- hash: 29541
- file: 103.39.16.244
- hash: 29541
- file: 23.248.213.120
- hash: 29541
- file: 43.249.175.201
- hash: 29541
- file: 43.249.175.195
- hash: 29541
- file: 23.248.213.104
- hash: 29541
- file: 47.120.20.86
- hash: 8888
- file: 23.248.213.103
- hash: 29541
- file: 43.249.175.205
- hash: 29541
- file: 43.240.239.251
- hash: 29541
- file: 43.249.175.199
- hash: 29541
- file: 103.39.16.230
- hash: 29541
- file: 23.226.58.111
- hash: 29541
- file: 23.248.213.121
- hash: 29541
- file: 23.226.48.217
- hash: 29541
- file: 23.226.58.99
- hash: 29541
- file: 23.226.58.100
- hash: 29541
- file: 156.234.21.201
- hash: 29541
- file: 23.248.213.109
- hash: 29541
- file: 103.41.7.240
- hash: 29541
- file: 43.240.239.243
- hash: 29541
- file: 23.226.58.101
- hash: 29541
- file: 156.234.21.217
- hash: 29541
- file: 43.249.175.218
- hash: 29541
- file: 43.249.175.217
- hash: 29541
- file: 103.39.16.226
- hash: 29541
- file: 23.226.48.215
- hash: 29541
- file: 103.39.16.236
- hash: 29541
- domain: coco-fun2.com
- file: 23.226.58.125
- hash: 29541
- file: 156.234.21.218
- hash: 29541
- file: 43.240.239.231
- hash: 29541
- file: 23.226.58.104
- hash: 29541
- file: 156.234.21.212
- hash: 29541
- file: 23.248.213.115
- hash: 29541
- file: 103.41.7.235
- hash: 29541
- file: 43.249.175.202
- hash: 29541
- file: 43.249.175.194
- hash: 29541
- file: 23.226.48.199
- hash: 29541
- file: 39.108.104.149
- hash: 80
- file: 155.103.71.207
- hash: 2404
- file: 141.98.7.177
- hash: 9000
- file: 103.27.157.122
- hash: 8443
- file: 46.246.84.5
- hash: 2003
- file: 102.98.73.159
- hash: 443
- file: 1.12.42.37
- hash: 31092
- file: 172.86.127.100
- hash: 443
- domain: hyper.es
- domain: toolboxhk.node.edmc.cn
- file: 156.238.236.249
- hash: 300
- file: 18.222.51.121
- hash: 443
- domain: 6u5wy3rf.lunarbridge.digital
- domain: 13nq2ksp.lunarbridge.digital
- domain: justchelling.dpdns.org
- domain: mimiparry02-32990.portmap.host
- domain: v2.xoilaczsptz.tv
- domain: v3.xoilaczsptz.tv
- file: 23.248.213.112
- hash: 29541
- file: 43.240.239.227
- hash: 29541
- file: 43.240.239.238
- hash: 29541
- domain: freshlogs1.duckdns.org
- file: 178.16.53.140
- hash: 2409
- file: 178.16.53.140
- hash: 3398
- file: 178.16.53.140
- hash: 9987
- domain: adobecrashreport.link
- domain: riotgames.ink
- domain: waasmedicagent.online
- file: 103.41.7.248
- hash: 29541
- file: 156.234.21.222
- hash: 29541
- file: 23.226.58.108
- hash: 29541
- file: 43.249.175.211
- hash: 29541
- file: 103.41.7.229
- hash: 29541
- file: 156.234.21.211
- hash: 29541
- file: 103.41.7.247
- hash: 29541
- file: 39.108.104.149
- hash: 443
- file: 23.226.58.124
- hash: 29541
- file: 137.220.224.77
- hash: 443
- file: 43.226.125.37
- hash: 443
- file: 134.122.173.39
- hash: 443
- file: 35.78.231.220
- hash: 8888
- file: 172.86.114.105
- hash: 7443
- file: 27.124.20.136
- hash: 443
- file: 27.124.20.143
- hash: 443
- file: 38.76.193.91
- hash: 443
- domain: gardian0mar1on-64077.portmap.host
- url: http://waterpressureelement.cc:8080/updater?for=2d8a3d3940ef3e86bdbc9c00ad78ed2a
ThreatFox IOCs for 2026-02-25
Description
ThreatFox IOCs for 2026-02-25
AI-Powered Analysis
Technical Analysis
The provided information pertains to a malware-related threat intelligence update published on February 25, 2026, via the ThreatFox MISP feed. It primarily consists of Indicators of Compromise (IOCs) intended for OSINT (Open Source Intelligence) purposes, focusing on network activity and payload delivery mechanisms. The threat is classified with a medium severity level but lacks detailed technical specifics such as affected software versions, exploit mechanisms, or active exploitation reports. No patches or mitigation links are provided, indicating that this intelligence serves more as an early warning or detection aid rather than a response to a known vulnerability. The technical metadata shows a low threat level (2 out of an unspecified scale), minimal analysis (1), and moderate distribution (3), suggesting limited but notable dissemination of the malware or its indicators. The absence of CVEs or CWEs and no known exploits in the wild further imply that this is a proactive intelligence feed rather than a report of an ongoing attack campaign. The lack of concrete IOCs in the data limits actionable detection but highlights the importance of monitoring network activity and payload delivery vectors. This intelligence is valuable for organizations to update their threat detection systems and prepare for potential malware activity that could evolve or become more targeted in the future.
Potential Impact
Given the limited information and absence of known exploits or targeted affected versions, the immediate impact of this threat is likely low to medium. Organizations worldwide may face increased risk of malware infections through network-based payload delivery if these IOCs correspond to emerging malware campaigns. The threat could lead to unauthorized access, data exfiltration, or disruption if exploited, but no direct evidence suggests widespread active exploitation at this time. The medium severity rating reflects potential risks to confidentiality, integrity, and availability, particularly if the malware payloads evolve or are integrated into broader attack campaigns. The lack of patches or mitigation guidance means organizations must rely on detection and prevention strategies rather than remediation. The impact is more pronounced for entities with extensive network exposure or those lacking robust threat intelligence integration. Overall, while not immediately critical, the threat warrants attention to prevent escalation and to enhance early detection capabilities.
Mitigation Recommendations
Organizations should integrate the latest ThreatFox IOCs into their security information and event management (SIEM) systems and endpoint detection and response (EDR) tools to enhance detection capabilities. Network monitoring should be intensified to identify unusual payload delivery activities, especially those matching the provided IOCs once available. Employ strict network segmentation and enforce least privilege access to limit potential malware spread. Regularly update and tune intrusion detection/prevention systems (IDS/IPS) to recognize emerging malware signatures. Conduct threat hunting exercises focused on network activity anomalies and payload delivery patterns. Since no patches are available, emphasize proactive defense measures such as user awareness training to recognize phishing or social engineering attempts that could deliver malware. Collaborate with threat intelligence sharing communities to receive timely updates and contextual information. Finally, maintain robust backup and recovery procedures to mitigate potential ransomware or destructive payload impacts.
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- ca786836-03c6-4e90-a37e-597dd49c3016
- Original Timestamp
- 1772064188
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file124.198.132.120 | Remcos botnet C2 server (confidence level: 100%) | |
file191.107.91.72 | Remcos botnet C2 server (confidence level: 100%) | |
file51.75.62.52 | Sliver botnet C2 server (confidence level: 100%) | |
file206.206.127.178 | SectopRAT botnet C2 server (confidence level: 100%) | |
file54.82.61.154 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.94.9.106 | Bashlite botnet C2 server (confidence level: 100%) | |
file38.132.122.134 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file52.27.144.112 | Meterpreter botnet C2 server (confidence level: 100%) | |
file54.67.27.207 | Meterpreter botnet C2 server (confidence level: 100%) | |
file54.67.27.207 | Meterpreter botnet C2 server (confidence level: 100%) | |
file54.67.27.207 | Meterpreter botnet C2 server (confidence level: 100%) | |
file54.67.27.207 | Meterpreter botnet C2 server (confidence level: 100%) | |
file56.124.121.117 | Meterpreter botnet C2 server (confidence level: 100%) | |
file51.250.29.72 | Unknown malware botnet C2 server (confidence level: 100%) | |
file179.110.250.222 | Venom RAT botnet C2 server (confidence level: 100%) | |
file137.220.219.244 | ERMAC botnet C2 server (confidence level: 100%) | |
file123.60.53.85 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file201.103.99.105 | QakBot botnet C2 server (confidence level: 100%) | |
file172.111.213.118 | Remcos botnet C2 server (confidence level: 100%) | |
file149.104.90.204 | Sliver botnet C2 server (confidence level: 100%) | |
file92.118.231.105 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.36.188.85 | DCRat botnet C2 server (confidence level: 100%) | |
file46.246.4.9 | DCRat botnet C2 server (confidence level: 100%) | |
file15.152.44.169 | Meterpreter botnet C2 server (confidence level: 100%) | |
file43.203.204.160 | Meterpreter botnet C2 server (confidence level: 100%) | |
file196.75.121.210 | Meterpreter botnet C2 server (confidence level: 100%) | |
file54.174.76.50 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.47.162 | Meterpreter botnet C2 server (confidence level: 100%) | |
file45.142.107.217 | Bashlite botnet C2 server (confidence level: 100%) | |
file106.246.233.154 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file52.199.136.69 | Havoc botnet C2 server (confidence level: 100%) | |
file94.154.35.160 | DCRat botnet C2 server (confidence level: 100%) | |
file47.101.173.206 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file138.199.59.5 | Remcos botnet C2 server (confidence level: 100%) | |
file185.144.158.152 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.221.2.94 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.46.77 | Meterpreter botnet C2 server (confidence level: 100%) | |
file185.72.8.121 | RansomHub botnet C2 server (confidence level: 75%) | |
file185.72.8.121 | RansomHub botnet C2 server (confidence level: 75%) | |
file38.190.254.97 | Sliver botnet C2 server (confidence level: 75%) | |
file49.13.15.44 | Sliver botnet C2 server (confidence level: 75%) | |
file52.188.77.253 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file99.83.215.169 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file45.59.117.195 | Sliver botnet C2 server (confidence level: 50%) | |
file108.161.129.8 | Sliver botnet C2 server (confidence level: 50%) | |
file89.125.50.183 | Sliver botnet C2 server (confidence level: 50%) | |
file161.97.117.210 | Sliver botnet C2 server (confidence level: 50%) | |
file193.26.115.218 | Sliver botnet C2 server (confidence level: 50%) | |
file51.83.185.120 | Sliver botnet C2 server (confidence level: 50%) | |
file46.224.143.22 | Sliver botnet C2 server (confidence level: 50%) | |
file104.21.35.221 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file104.21.35.221 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file104.21.35.221 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file104.21.35.221 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file104.21.35.221 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file104.21.35.221 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file172.67.180.60 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file172.67.180.60 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file172.67.180.60 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file172.67.180.60 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file172.67.180.60 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file172.67.180.60 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file82.157.233.225 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file113.45.185.225 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file102.141.126.140 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file144.124.246.132 | ACR Stealer botnet C2 server (confidence level: 75%) | |
file23.226.58.105 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file137.220.219.244 | Hook botnet C2 server (confidence level: 100%) | |
file80.71.224.110 | DCRat botnet C2 server (confidence level: 100%) | |
file80.71.224.110 | DCRat botnet C2 server (confidence level: 100%) | |
file110.43.39.44 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file84.38.129.7 | XWorm botnet C2 server (confidence level: 100%) | |
file45.144.212.94 | XWorm botnet C2 server (confidence level: 100%) | |
file45.88.78.33 | NetSupportManager RAT botnet C2 server (confidence level: 99%) | |
file178.16.54.184 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file49.51.202.217 | Hook botnet C2 server (confidence level: 100%) | |
file168.245.203.230 | Meterpreter botnet C2 server (confidence level: 100%) | |
file172.237.129.24 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file34.118.26.66 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file178.17.62.192 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file103.227.84.10 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file34.46.236.209 | Meterpreter botnet C2 server (confidence level: 75%) | |
file65.108.151.50 | Meterpreter botnet C2 server (confidence level: 75%) | |
file213.176.79.252 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file102.117.163.126 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.136.0.42 | Unknown malware botnet C2 server (confidence level: 100%) | |
file49.51.202.217 | Hook botnet C2 server (confidence level: 100%) | |
file182.123.72.152 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file82.24.200.21 | Venom RAT botnet C2 server (confidence level: 100%) | |
file143.244.135.150 | Unknown malware botnet C2 server (confidence level: 100%) | |
file95.85.239.4 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file104.250.169.106 | Remcos botnet C2 server (confidence level: 75%) | |
file114.230.138.176 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file172.94.14.40 | Remcos botnet C2 server (confidence level: 75%) | |
file34.154.34.19 | Brute Ratel C4 botnet C2 server (confidence level: 75%) | |
file103.39.16.231 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.225 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.21.208 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.248.213.119 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.48.197 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.48.221 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.227 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.249 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.253 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.208 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.228 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.249 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.21.194 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.232 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.215 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.58.98 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.58.120 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.48.216 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.21.199 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.239 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.245 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.240 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.221 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.226 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.248 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.212 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.21.206 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.248.213.126 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.248.213.117 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.48.200 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.92.169.87 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file170.168.61.188 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file23.248.213.110 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.58.114 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.229 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.41.7.246 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.41.7.231 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.48.208 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.233 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.241 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.48.201 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.58.121 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.21.204 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.21.214 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.225 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.58.102 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.48.203 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.228 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.204 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file115.190.250.28 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.41.7.249 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.48.209 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.216 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.248.213.100 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.21.203 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.248.213.106 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.250 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.196 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.48.195 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.219 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.58.97 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.248.213.98 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.244 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.21.220 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.242 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.21.200 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.21.205 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.245 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.48.205 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.48.219 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.48.218 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.41.7.241 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.58.110 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.246 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.207 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.248.213.118 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.246 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.41.7.244 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.48.210 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.41.7.245 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.243 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.248.213.111 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.41.7.242 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.41.7.233 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.248.213.107 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.248.213.105 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.220 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.240 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.200 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.58.103 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.213 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.248.213.123 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.48.198 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.21.209 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.79.102 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.235 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.248.213.116 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.41.7.236 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.247 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.58.113 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.41.7.230 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.41.7.243 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.206 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.58.126 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.58.116 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.238 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.248.213.124 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.248.213.125 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.248.213.99 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.21.219 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.252 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.41.7.251 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.21.213 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.253 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.41.7.253 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.230 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.203 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.41.7.254 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.241 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.254 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.41.7.227 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.58.106 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.58.117 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.235 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.58.109 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.232 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.214 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.21.198 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.41.7.252 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.248.213.113 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.21.196 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.248.213.108 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.254 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.41.7.226 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.58.123 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.248.213.114 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file157.151.245.77 | Sliver botnet C2 server (confidence level: 90%) | |
file43.143.234.76 | Sliver botnet C2 server (confidence level: 90%) | |
file178.16.55.211 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file95.141.32.147 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file110.43.39.172 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file123.60.179.11 | VShell botnet C2 server (confidence level: 100%) | |
file146.70.113.182 | VShell botnet C2 server (confidence level: 100%) | |
file43.240.239.237 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.41.7.238 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.233 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.41.7.232 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.58.118 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.48.196 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.41.7.239 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.41.7.250 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.48.212 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.48.204 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.248 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.21.216 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.48.207 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.248.213.102 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.239 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.197 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.210 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.21.221 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.21.215 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.21.207 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.48.194 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.58.112 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.236 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.198 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.48.211 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.21.202 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.58.107 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.48.222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.48.214 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.58.122 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.193 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.48.206 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.248.213.101 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.244 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.248.213.120 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.201 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.195 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.248.213.104 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.120.20.86 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.248.213.103 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.205 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.251 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.199 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.230 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.58.111 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.248.213.121 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.48.217 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.58.99 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.58.100 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.21.201 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.248.213.109 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.41.7.240 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.243 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.58.101 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.21.217 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.218 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.217 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.226 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.48.215 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.236 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.58.125 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.21.218 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.231 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.58.104 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.21.212 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.248.213.115 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.41.7.235 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.202 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.194 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.48.199 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.108.104.149 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file155.103.71.207 | Remcos botnet C2 server (confidence level: 100%) | |
file141.98.7.177 | SectopRAT botnet C2 server (confidence level: 100%) | |
file103.27.157.122 | Havoc botnet C2 server (confidence level: 100%) | |
file46.246.84.5 | DCRat botnet C2 server (confidence level: 100%) | |
file102.98.73.159 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file1.12.42.37 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file172.86.127.100 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file156.238.236.249 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file18.222.51.121 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file23.248.213.112 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.227 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.238 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file178.16.53.140 | Remcos botnet C2 server (confidence level: 100%) | |
file178.16.53.140 | Remcos botnet C2 server (confidence level: 100%) | |
file178.16.53.140 | Remcos botnet C2 server (confidence level: 100%) | |
file103.41.7.248 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.21.222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.58.108 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.249.175.211 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.41.7.229 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.21.211 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.41.7.247 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.108.104.149 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.58.124 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file137.220.224.77 | Ghost RAT botnet C2 server (confidence level: 75%) | |
file43.226.125.37 | Ghost RAT botnet C2 server (confidence level: 75%) | |
file134.122.173.39 | Ghost RAT botnet C2 server (confidence level: 75%) | |
file35.78.231.220 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.86.114.105 | Unknown malware botnet C2 server (confidence level: 100%) | |
file27.124.20.136 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file27.124.20.143 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file38.76.193.91 | Quasar RAT botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash5000 | Remcos botnet C2 server (confidence level: 100%) | |
hash5061 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Bashlite botnet C2 server (confidence level: 100%) | |
hash43211 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash28549 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash56601 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash101 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash9201 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash20001 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash9895 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8083 | ERMAC botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash995 | QakBot botnet C2 server (confidence level: 100%) | |
hash1962 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash9999 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash65503 | DCRat botnet C2 server (confidence level: 100%) | |
hash2003 | DCRat botnet C2 server (confidence level: 100%) | |
hash788 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash51005 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash2222 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash22822 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash323 | Bashlite botnet C2 server (confidence level: 100%) | |
hash9080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash8888 | DCRat botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash60736 | Remcos botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash30913 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash1032 | RansomHub botnet C2 server (confidence level: 75%) | |
hash443 | RansomHub botnet C2 server (confidence level: 75%) | |
hash8443 | Sliver botnet C2 server (confidence level: 75%) | |
hash8444 | Sliver botnet C2 server (confidence level: 75%) | |
hash8013 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8125 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash4782 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash8848 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash4782 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash8848 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash85 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash800 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | ACR Stealer botnet C2 server (confidence level: 75%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Hook botnet C2 server (confidence level: 100%) | |
hash8080 | DCRat botnet C2 server (confidence level: 100%) | |
hash8090 | DCRat botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash8018 | XWorm botnet C2 server (confidence level: 100%) | |
hash8823 | XWorm botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 99%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash443 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash8080 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8443 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash8880 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash8888 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash5000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash1781 | Remcos botnet C2 server (confidence level: 75%) | |
hash10250 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 75%) | |
hash443 | Brute Ratel C4 botnet C2 server (confidence level: 75%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8952 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5521 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 90%) | |
hash443 | Sliver botnet C2 server (confidence level: 90%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash8085 | VShell botnet C2 server (confidence level: 100%) | |
hash443 | VShell botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash8443 | Havoc botnet C2 server (confidence level: 100%) | |
hash2003 | DCRat botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash31092 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash443 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash300 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash443 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2409 | Remcos botnet C2 server (confidence level: 100%) | |
hash3398 | Remcos botnet C2 server (confidence level: 100%) | |
hash9987 | Remcos botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash29541 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Ghost RAT botnet C2 server (confidence level: 75%) | |
hash443 | Ghost RAT botnet C2 server (confidence level: 75%) | |
hash443 | Ghost RAT botnet C2 server (confidence level: 75%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Quasar RAT botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainmisangamoon.blog | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmissalromano.com.br | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmissioninaction.de | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmistwaresolutions.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmiusictherapy.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmjcabocustomsolutions.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmkankw.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainbr7us6.sa.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaindvv.uk.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domain82vna.it.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainstuff.eu.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainkfzpark9.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainmkt.agosassessoriacontabil.com.br | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmktmindsstudio.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainwww.polymarketapi.xyz | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainmiriart.com.br | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmnmabogados.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmnmpowersolutions.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmoafrikapayments.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainenvi2026fe.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domainwomanless-assurance.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainniggercattleultimatum.top | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmoderne-genealogie.hooftvanhuysduynen.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainbrfwhb.ru.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainmodernlaundry.itoffshoresupport.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainhlk.it-bd.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainhlk.cardiffphysio.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainwtf.it-bd.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainwtf.cardiffphysio.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainmonitor.gurudowordpress.com.br | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmonitorizacao.hla.com.br | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmobileshop.ru.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainwaytoonews.in.net | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaincm88.com | DCRat botnet C2 domain (confidence level: 50%) | |
domainksmk0909096-54828.portmap.host | DCRat botnet C2 domain (confidence level: 50%) | |
domainmonkeysdigital.com.mx | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainpath.fu78.ru | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainasimos.radio.fm | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainvean-tattoo.sa.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainmateo.eu.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainnz5umskcf.localto.net | XWorm botnet C2 domain (confidence level: 100%) | |
domainxoeyxsife-53554.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainmontroguru.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmonzaoggi.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainafreu.xyz | NetSupportManager RAT botnet C2 domain (confidence level: 99%) | |
domainvarusa.xyz | NetSupportManager RAT botnet C2 domain (confidence level: 99%) | |
domainefsllc.org | NetSupportManager RAT botnet C2 domain (confidence level: 99%) | |
domainktoto.xyz | NetSupportManager RAT botnet C2 domain (confidence level: 99%) | |
domainmoo77.asia | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmorart.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domaincdn-server.beer | Unknown malware payload delivery domain (confidence level: 100%) | |
domainstormplayavia.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainyuanstore.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domaingatcachesec.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainmoritzliewerscheidt.de | StrelaStealer payload delivery domain (confidence level: 100%) | |
domain85lgsf41.clearvertex.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domain6ut6sdn1.clearvertex.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainueb.it-bd.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainueb.cardiffphysio.com | Vidar botnet C2 domain (confidence level: 100%) | |
domain55clublotteryy.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainstgbran.com | KongTuke payload delivery domain (confidence level: 100%) | |
domainmosenacardoso.com.br | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmotelantares.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmotoresnobre.siteup.dev | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmotorhomemot.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmovers.devsquarepk.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmovev.org | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmovies.liho.tw | StrelaStealer payload delivery domain (confidence level: 100%) | |
domain1m89k7yv.primefusion.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainvxnrtubh.primefusion.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainmovingcompanyinsacramento.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainwww.ourgroupclassprojects.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainwww.ourgroupclassprojectsslim1.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainwww.ourgroupclassprojectsslim2.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainslotonlinegacor.it.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainprewjko.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainkasykmp.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainscijmdz.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindemhjmr.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmr-suministros.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmrepictures.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainlogin.mselite.org | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainmrpaulandpartners.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domaintllts.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainstellarcloudhub5.homes | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainstellarcloudhub4.homes | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainstellarcloudhub3.homes | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainstellarcloudhub2.homes | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainstellarcloudhub1.homes | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domaincoco-fun2.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainhyper.es | AdaptixC2 botnet C2 domain (confidence level: 100%) | |
domaintoolboxhk.node.edmc.cn | AdaptixC2 botnet C2 domain (confidence level: 100%) | |
domain6u5wy3rf.lunarbridge.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domain13nq2ksp.lunarbridge.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainjustchelling.dpdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainmimiparry02-32990.portmap.host | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainv2.xoilaczsptz.tv | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainv3.xoilaczsptz.tv | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainfreshlogs1.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainadobecrashreport.link | Remcos botnet C2 domain (confidence level: 100%) | |
domainriotgames.ink | Remcos botnet C2 domain (confidence level: 100%) | |
domainwaasmedicagent.online | Remcos botnet C2 domain (confidence level: 100%) | |
domaingardian0mar1on-64077.portmap.host | XWorm botnet C2 domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://www.gieable.shop/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttp://83.142.209.9/ohshit.sh | Unknown malware payload delivery URL (confidence level: 75%) | |
urlhttp://143.92.60.13:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://wtf.it-bd.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://wtf.cardiffphysio.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://hlk.it-bd.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://hlk.cardiffphysio.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://213.176.73.129/api/nte3yjdjnwu1njyznju2yta1n2y= | SmartLoader botnet C2 (confidence level: 75%) | |
urlhttps://213.159.79.103/c619c3a3bc843eb0.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttps://65.21.200.30/1b8295a7e0284b08.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttps://mycago999.top/ | SpyNote botnet C2 (confidence level: 50%) | |
urlhttps://tidexipz.cc/ | SpyNote botnet C2 (confidence level: 50%) | |
urlhttp://89.169.12.248/api/nte3yjdjnwu1njyznju2yta1n2y= | SmartLoader botnet C2 (confidence level: 75%) | |
urlhttps://27.102.138.146 | Kimsuky botnet C2 (confidence level: 50%) | |
urlhttps://101.36.114.248 | Kimsuky botnet C2 (confidence level: 50%) | |
urlhttps://101.36.114.24 | Kimsuky botnet C2 (confidence level: 50%) | |
urlhttps://api.telegram.org/bot8498302719:aagnggypnp9afncu6d6f66sbcyu5qh20yfq/ | Agent Tesla botnet C2 (confidence level: 50%) | |
urlhttp://go1.kmm5tn.ceye.io | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://cdn-server.beer/api/css.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://stormplayavia.com/data.php | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://stormplayavia.com/data.zip | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://stormplayavia.com/test.php | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://stormplayavia.com/configpack.zip | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://stormplayavia.com/helpu.php | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://stormplayavia.com/server.php | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://yuanstore.com/api/index.php?a=init&os=windows | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://yuanstore.com/api/index.php?a=evt | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://gatcachesec.com/api/css.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://ueb.it-bd.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ueb.cardiffphysio.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://stgbran.com/5a2g.js | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttps://stgbran.com/js.php | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttp://servicelearning.thu.edu.tw/good/quakes/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://waterpressureelement.cc:8080/updater?for=2d8a3d3940ef3e86bdbc9c00ad78ed2a | Unknown malware botnet C2 (confidence level: 100%) |
Threat ID: 699f8f7ab7ef31ef0b6d58b9
Added to database: 2/26/2026, 12:10:34 AM
Last enriched: 2/26/2026, 12:29:18 AM
Last updated: 2/26/2026, 8:17:55 AM
Views: 15
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
Medical Device Maker UFP Technologies Hit by Cyberattack
MediumMaltrail IOC for 2026-02-25
MediumThe Latest PlugX Variant Executed by STATICPLUGIN
MediumMercenary Akula Hits Ukraine-Supporting Financial...
MediumThreatFox IOCs for 2026-02-24
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.