Skip to main content

ThreatFox IOCs for 2021-09-12

Medium
Published: Sun Sep 12 2021 (09/12/2021, 00:00:00 UTC)
Source: MISP

Description

ThreatFox IOCs for 2021-09-12

AI-Powered Analysis

AILast updated: 07/03/2025, 06:54:31 UTC

Technical Analysis

The provided information pertains to a set of Indicators of Compromise (IOCs) published on September 12, 2021, sourced from ThreatFox via MISP (Malware Information Sharing Platform). The entry is labeled with a medium severity and categorized as OSINT (Open Source Intelligence) with a TLP (Traffic Light Protocol) white classification, indicating it is intended for public sharing. However, the data lacks specific technical details such as affected software versions, vulnerability types, or exploit mechanisms. No concrete indicators (e.g., IP addresses, hashes, domains) are provided, and there are no known exploits in the wild associated with this entry. The threat level, analysis, and distribution metrics are low to moderate (threatLevel: 2, analysis: 1, distribution: 3), suggesting limited immediate risk or incomplete information. Overall, this entry appears to be a general notification of IOCs collected on a specific date rather than a detailed description of an active or exploitable security threat or vulnerability.

Potential Impact

Given the absence of specific technical details, affected systems, or exploit information, the direct impact on European organizations is difficult to ascertain. Without concrete indicators or known exploits, organizations cannot assess the risk to their environments accurately. However, the publication of IOCs can aid in threat hunting and detection efforts if integrated into security monitoring tools. The medium severity rating implies a moderate level of concern, but without actionable data, the practical impact remains minimal. European organizations that rely on threat intelligence sharing platforms like MISP may benefit indirectly by updating their detection capabilities if more detailed IOC data becomes available. Otherwise, the immediate operational impact is negligible.

Mitigation Recommendations

To effectively mitigate potential risks associated with this type of IOC publication, European organizations should: 1) Ensure integration of updated threat intelligence feeds, including ThreatFox and MISP, into their Security Information and Event Management (SIEM) and endpoint detection and response (EDR) systems to enable proactive detection of emerging threats. 2) Maintain robust incident response procedures that can quickly incorporate new IOC data for threat hunting and containment. 3) Conduct regular threat intelligence reviews to contextualize and prioritize IOCs based on organizational relevance. 4) Collaborate with national and European cybersecurity information sharing communities (e.g., ENISA, CERT-EU) to receive timely and detailed threat intelligence. 5) Since no specific vulnerabilities or exploits are identified, focus on maintaining up-to-date patching, network segmentation, and user awareness to reduce general attack surface exposure.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3

Indicators of Compromise

Hash

ValueDescriptionCopy
hashc1a14f1843802dca53f3deccb8598875ef68a6db5eb740a23bec6c2db1d99be9
Dridex payload (confidence level: 100%)
hashadc8e05648c951dcb4415aa0dc6c04c6008b7c9c2902888bb2d0e8b0004b594d
Dridex payload (confidence level: 100%)
hasha57af9eef729f33f4137775c7d0f76fe43165015fa29fdb8bbc41a56f5f4c3ce
Dridex payload (confidence level: 100%)
hash17e5ea22e1d8a275b565147668dacc2964e274fb9329212df88832c8e042db99
Dridex payload (confidence level: 100%)
hasha0efa5591ef26d7ceed128afd7eadad808e81544aa138f8b9ce8cd817fe210d1
Dridex payload (confidence level: 100%)
hashdd367d40751ff266743b3ddd5b307636d62c602cd81d43b47aaff3a12babf968
Dridex payload (confidence level: 100%)
hasheb01cd9dca82fbe466a2de552fd30704e836bac2ba842ecea316d24604650ca9
Dridex payload (confidence level: 100%)
hash4a319b8f1d1ba41b28adf014f05d6b5ba5d80197e9695bf42244ad4f000ba460
Dridex payload (confidence level: 100%)
hash6688153cb9fffebcd5b17ee46f45f8196c5db430529355be455d58adf8a594dc
Dridex payload (confidence level: 100%)
hash3ac594b126713f599139d5bdbae9d4b18dd7d3b0b79760b4f4a06c1ad7bbd3e3
Dridex payload (confidence level: 100%)
hash274dfbbc0adab4ad1fe4e213bb27de83ceccaffa0af2b0ca715becd6c6b7c53b
Agent Tesla payload (confidence level: 50%)
hashb9ab3a8286457dfd86db00cb4cb67e6f99c2bc2a22b6b28caf9cb2f3ab47891d
Agent Tesla payload (confidence level: 50%)
hash5850cdb305a5ea4f2a45c06fcac3561e6f9eb29ca0e59ce09ffe60b7eefbef32
Agent Tesla payload (confidence level: 50%)
hashd8a6406a6c07b2baff2d2f00aeef5a2e46c59b2813dbc36cd6c60eabee40b239
Agent Tesla payload (confidence level: 50%)
hash139611db9da10328a2b5be1e8d4271441bc0153cec9ff86328f510789ea43319
Dridex payload (confidence level: 100%)
hash6a885ab4f331bdcb0cb5a54fe6c294b3beacd32aa5b47e1941eaec333753fcaf
Dridex payload (confidence level: 100%)
hashc9243b55887e704e918c02ed16db3200dfa9bde648dc8ccb04f65d08f95966a0
Agent Tesla payload (confidence level: 50%)
hashd4eb12198075efbd9f2c8e4894597bc2317b76a9fca5406ce156d1d1aedfd2c3
Agent Tesla payload (confidence level: 50%)
hash9a6023a8b502b7fe13fbd7c5007c69d02fcd90e98f5206acea450cbe37bd6f1a
Agent Tesla payload (confidence level: 50%)
hash1c578e3b87f2ca9f4cd4a17c7bdfa3c6a6f2b6a54fb5d55e41629dac86bc08cd
Agent Tesla payload (confidence level: 50%)
hashad0c449a72bc62d0b7120574f717e4cb9a1ef106a37755a105d9e7d7f2f26c3b
Dridex payload (confidence level: 100%)
hash51ade16a516268da4986c46f752cbab0b9d6b6897ea31089a633686bbcdf2a42
Dridex payload (confidence level: 100%)
hash52a0c5144aca9384b448b185b3706e902ed5c7162dc824cddc95ecd2be0553cf
Dridex payload (confidence level: 100%)
hash9d9c3f6a912a92671727bbf63cb6002839aa8242c122bd3eeb61b5418c1b9ced
AsyncRAT payload (confidence level: 50%)
hashd8e12a3a55aee1b94fd2b109da0f4e4602eeb18867f7e47936e7cb36e5f81f09
AsyncRAT payload (confidence level: 50%)
hashdf1c4dc83eba352719c9fe16ceb03ae177658b3255194cf0b9b7aa528f817e4f
AsyncRAT payload (confidence level: 50%)
hash7261315a18706897356f41e867b25c6f474a3b7aaa2e9f3f4bf9a4f2cb8cdb7c
AsyncRAT payload (confidence level: 50%)
hashdea7b6be202e46ac8f5b7fb83eff7f2498911917e4590b980a6a7538e4ef239a
Dridex payload (confidence level: 100%)
hash0d103eab2cdde80eeed3923bcb1ca3d209b94d63f271185d527087263adcbc0e
Dridex payload (confidence level: 100%)
hashab766824d461136c50054f2be6f4c8690de18e777cd7688b8f7ef0e6965ec8bd
Dridex payload (confidence level: 100%)
hash195289a2400f2cb9e94631539b23bc5b2f643e0b444d81485600ee62ea674d89
Glupteba payload (confidence level: 50%)
hash8756bca615d9140f087ae1df1fbbe56289b991a2efae64d61feb0a162e06d127
Glupteba payload (confidence level: 50%)
hasheb4694ad3a62d2e007c0f0aba545d57af7dcb41b78504401bafda510d85d9a4f
Glupteba payload (confidence level: 50%)
hashc794b0cf979f41374471d77bb1cf16eccb46af151a887044c02fe033143b2264
Glupteba payload (confidence level: 50%)
hashbe8eee8ab33809a48e85cc2feb51c655eeaee9d979d97c5f79d6a9ba68444299
Dridex payload (confidence level: 100%)
hasha4045a5c2ee24f0ed69d6ad71f26600f579bbf4c6632ee00e6aefef3300a7b04
Dridex payload (confidence level: 100%)
hashb7de37855e12c38f58033c6a938894bae2570e90a4df29b49f8e2e4de7934f1d
Dridex payload (confidence level: 100%)
hash64c65ce49746a0b4d8b0b0faccbe145eb243b0ff2b828d60763b2eb5469c4322
Dridex payload (confidence level: 100%)
hashab8896d700f8ea7a97a34fa87cb73de515f963992dad3b31d4523f5b7d445458
Dridex payload (confidence level: 100%)
hashc34e7a16bfd45436b06e9ce20bc36e7d4b0b1664c1ef0450ee9dbe882cba1850
Dridex payload (confidence level: 100%)
hash21d40c045ea9793dcf3360e4fb82309da74575121731054845144da6b4c23e22
Dridex payload (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttp://1.15.187.165:8099/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://tww24.ru/secureapiwindows.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://106.13.178.189:81/mg
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://222.93.38.215:6666/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://120.79.67.51:50006/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.108.184.159:3333/api/getit
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://106.55.56.224:6666/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://49.235.98.228:6666/c/msdownload/update/others/2016/12/29136388_
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://192.168.1.104:4444/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://127.0.0.1:9999/wp06/wp-includes/po.php
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://52.80.127.131:38080/ptj
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.36.165.78:9999/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.117.46.121:3389/ajax/libs/jquery/3.3.1/jquery.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://49.234.112.148:18080/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://104.21.24.159/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.15.38.86:8899/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://203.23.128.210:9663/search/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.102.130.106:700/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://139.198.175.232:89/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://134.175.4.207/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://118.31.16.93/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.14.131.141:8082/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://39.106.60.91:444/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.116.83.241:9000/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://42.193.21.115:31443/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://140.143.167.58:8099/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.94.153.149:8042/images/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://140.143.167.58:8087/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://203.23.128.210/search/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://service-h4znnvjh-1306129509.sh.apigw.tencentcs.com/api/checklogin
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://117.78.10.129/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://sheopi.com/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://87.117.239.76/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://18.130.181.253/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://167.179.113.11/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://fanydoom.com/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://clockleto.com/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://159.203.80.24/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://ferrolands.com/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://zinccold.com/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://173.82.232.149/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.burgerfuel-co.nz/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://brtryushy.com/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://hhyuuvmqe.com/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://medicosta.tk/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://westdefe.com/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://ipfuza.com/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.116.158.193/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://62.234.124.11/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://www.baiducon.ml:8080/api/3
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://120.132.81.158/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://49.234.94.85:8443/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://39.104.206.20:8080/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://118.195.231.134:8080/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://www.yyygaming.com/bqt25/
Formbook botnet C2 (confidence level: 100%)
urlhttp://www.bestdeals2020.store/bd2m/
Formbook botnet C2 (confidence level: 100%)
urlhttp://47.100.78.89:8081/sweetalert.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://185.198.57.155/pagead/id
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://106.54.174.167:30001/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://66.98.118.68/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://108.160.132.72:50443/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.158.231.141:3021/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://119.23.225.78:1234/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://clouds.azuredges.com/search/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://soft-sells.com/oscp/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.125.57.232:5201/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.32.104.178:2082/tab_shop_active
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://opf5eo6zqsh7urmr.onion:8080/s/microsoft/download/update/2021/09/41501112_
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://10.65.242.154:4567/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://106.55.153.204:8989/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://192.168.138.136:8088/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.133.216.59/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://service-g19koz1m-1253795072.gz.apigw.tencentcs.com/api/baidu/log
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://47.75.96.198/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://42.51.12.162/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.15.151.47:8085/api/getit
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://10.72.152.75:9000/cwonajlbo/vtneww11212/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.133.216.60/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://81.71.149.131/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://45.63.109.152:4433/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://144.34.162.250:1234/pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.116.54.19:8077/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://m35927lma3.execute-api.us-east-1.amazonaws.com/api/fetch
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://185.32.126.102/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://185.111.245.22/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.133.216.58/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://23.91.97.112/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://service-9o7hzc6d-1304459781.bj.apigw.tencentcs.com/api/getit
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://106.13.204.169:7070/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://185.93.6.31:8081/unqueue/tagline/b9ptnobh8
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://114.55.252.133:6060/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://37.0.10.143/idle/0887257074/1
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://139.129.103.193:9999/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://onlygoodman.com/alti/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttps://47.94.255.176:4431/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)

Ip dst|port

ValueDescriptionCopy
ip-dst|port1.15.187.165|8099
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port106.13.178.189|81
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port222.93.38.215|6666
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port120.79.67.51|50006
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port47.108.184.159|3333
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port106.55.56.224|6666
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port49.235.98.228|6666
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port121.4.193.179|4444
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port1.116.125.251|9999
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port52.80.127.131|38080
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port121.36.165.78|9999
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port1.117.46.121|3389
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port49.234.112.148|18080
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port120.55.58.254|80
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port8.129.227.26|80
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port1.15.38.86|8899
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port203.23.128.210|9663
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port47.102.130.106|700
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port139.198.175.232|89
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port134.175.4.207|80
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port118.31.16.93|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port1.14.131.141|8082
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port39.106.60.91|444
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port1.116.83.241|9000
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port42.193.21.115|31443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port140.143.167.58|8099
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port47.94.153.149|8042
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port140.143.167.58|8087
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port49.72.46.23|8443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port203.23.128.210|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port1.15.189.248|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port117.78.10.129|80
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port162.244.81.132|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port87.117.239.76|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port18.130.181.253|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port167.179.113.11|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port162.244.82.249|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port185.105.7.242|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port159.203.80.24|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port162.244.81.66|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port107.181.161.205|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port173.82.232.149|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port13.225.205.143|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port13.239.122.142|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port13.225.63.52|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port195.123.217.15|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port82.117.252.144|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port94.74.97.187|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port54.219.165.190|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port82.117.252.145|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port103.200.28.80|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port1.116.158.193|80
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port62.234.124.11|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port121.5.167.18|8080
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port120.132.81.158|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port49.234.94.85|8443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port39.104.206.20|8080
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port118.195.231.134|8080
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port103.254.96.194|147
NjRAT botnet C2 server (confidence level: 100%)
ip-dst|port212.192.241.44|6587
Mirai botnet C2 server (confidence level: 75%)
ip-dst|port23.94.24.109|22876
Bashlite botnet C2 server (confidence level: 75%)
ip-dst|port3.131.207.170|13564
NjRAT botnet C2 server (confidence level: 100%)
ip-dst|port3.22.53.161|13564
NjRAT botnet C2 server (confidence level: 100%)
ip-dst|port3.128.107.74|13564
NjRAT botnet C2 server (confidence level: 100%)
ip-dst|port52.14.18.129|13564
NjRAT botnet C2 server (confidence level: 100%)
ip-dst|port47.100.78.89|8081
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port185.198.57.150|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port106.54.174.167|30001
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port66.98.118.68|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port108.160.132.72|50443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port45.158.231.141|3021
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port119.23.225.78|1234
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port167.179.102.242|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port78.31.67.79|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port45.125.57.232|5201
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port45.32.104.178|2082
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port172.105.20.193|80
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port176.121.14.112|8080
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port45.112.206.13|7799
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port66.42.70.115|4567
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port106.55.153.204|8989
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port66.42.70.115|8088
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port45.133.216.59|80
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port164.155.73.115|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port47.75.96.198|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port42.51.12.162|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port1.15.151.47|8085
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port185.243.114.227|9000
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port45.133.216.60|80
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port81.71.149.131|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port45.63.109.152|4433
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port144.34.162.250|1234
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port1.116.54.19|8077
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port3.232.133.187|80
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port185.32.126.102|80
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port185.198.57.155|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port185.111.245.22|80
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port45.133.216.58|80
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port23.91.97.112|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port82.156.188.38|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port106.13.204.169|7070
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port185.93.6.31|8081
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port114.55.252.133|6060
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port37.0.10.143|80
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port139.129.103.193|9999
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port83.69.2.130|1812
RMS botnet C2 server (confidence level: 100%)
ip-dst|port47.94.255.176|4431
Cobalt Strike botnet C2 server (confidence level: 100%)

Threat ID: 6828eab9e1a0c275ea6e3264

Added to database: 5/17/2025, 7:59:53 PM

Last enriched: 7/3/2025, 6:54:31 AM

Last updated: 8/16/2025, 3:02:46 PM

Views: 12

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats