ThreatFox IOCs for 2021-09-12

Severity: mediumType: unknown

AI Analysis

Technical Summary

The provided information pertains to a set of Indicators of Compromise (IOCs) published on September 12, 2021, sourced from ThreatFox via MISP (Malware Information Sharing Platform). The entry is labeled with a medium severity and categorized as OSINT (Open Source Intelligence) with a TLP (Traffic Light Protocol) white classification, indicating it is intended for public sharing. However, the data lacks specific technical details such as affected software versions, vulnerability types, or exploit mechanisms. No concrete indicators (e.g., IP addresses, hashes, domains) are provided, and there are no known exploits in the wild associated with this entry. The threat level, analysis, and distribution metrics are low to moderate (threatLevel: 2, analysis: 1, distribution: 3), suggesting limited immediate risk or incomplete information. Overall, this entry appears to be a general notification of IOCs collected on a specific date rather than a detailed description of an active or exploitable security threat or vulnerability.

Potential Impact

Given the absence of specific technical details, affected systems, or exploit information, the direct impact on European organizations is difficult to ascertain. Without concrete indicators or known exploits, organizations cannot assess the risk to their environments accurately. However, the publication of IOCs can aid in threat hunting and detection efforts if integrated into security monitoring tools. The medium severity rating implies a moderate level of concern, but without actionable data, the practical impact remains minimal. European organizations that rely on threat intelligence sharing platforms like MISP may benefit indirectly by updating their detection capabilities if more detailed IOC data becomes available. Otherwise, the immediate operational impact is negligible.

Mitigation Recommendations

To effectively mitigate potential risks associated with this type of IOC publication, European organizations should: 1) Ensure integration of updated threat intelligence feeds, including ThreatFox and MISP, into their Security Information and Event Management (SIEM) and endpoint detection and response (EDR) systems to enable proactive detection of emerging threats. 2) Maintain robust incident response procedures that can quickly incorporate new IOC data for threat hunting and containment. 3) Conduct regular threat intelligence reviews to contextualize and prioritize IOCs based on organizational relevance. 4) Collaborate with national and European cybersecurity information sharing communities (e.g., ENISA, CERT-EU) to receive timely and detailed threat intelligence. 5) Since no specific vulnerabilities or exploits are identified, focus on maintaining up-to-date patching, network segmentation, and user awareness to reduce general attack surface exposure.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain

Indicators of Compromise

hash: c1a14f1843802dca53f3deccb8598875ef68a6db5eb740a23bec6c2db1d99be9
hash: adc8e05648c951dcb4415aa0dc6c04c6008b7c9c2902888bb2d0e8b0004b594d
url: http://1.15.187.165:8099/__utm.gif
ip-dst|port: 1.15.187.165|8099
hash: a57af9eef729f33f4137775c7d0f76fe43165015fa29fdb8bbc41a56f5f4c3ce
hash: 17e5ea22e1d8a275b565147668dacc2964e274fb9329212df88832c8e042db99
url: http://tww24.ru/secureapiwindows.php
hash: a0efa5591ef26d7ceed128afd7eadad808e81544aa138f8b9ce8cd817fe210d1
hash: dd367d40751ff266743b3ddd5b307636d62c602cd81d43b47aaff3a12babf968
url: http://106.13.178.189:81/mg
ip-dst|port: 106.13.178.189|81
url: http://222.93.38.215:6666/visit.js
ip-dst|port: 222.93.38.215|6666
url: http://120.79.67.51:50006/dpixel
ip-dst|port: 120.79.67.51|50006
url: http://47.108.184.159:3333/api/getit
ip-dst|port: 47.108.184.159|3333
url: http://106.55.56.224:6666/visit.js
ip-dst|port: 106.55.56.224|6666
url: http://49.235.98.228:6666/c/msdownload/update/others/2016/12/29136388_
ip-dst|port: 49.235.98.228|6666
url: http://192.168.1.104:4444/cm
ip-dst|port: 121.4.193.179|4444
url: http://127.0.0.1:9999/wp06/wp-includes/po.php
ip-dst|port: 1.116.125.251|9999
url: http://52.80.127.131:38080/ptj
ip-dst|port: 52.80.127.131|38080
url: http://121.36.165.78:9999/push
ip-dst|port: 121.36.165.78|9999
url: http://1.117.46.121:3389/ajax/libs/jquery/3.3.1/jquery.min.js
ip-dst|port: 1.117.46.121|3389
url: http://49.234.112.148:18080/pixel.gif
ip-dst|port: 49.234.112.148|18080
ip-dst|port: 120.55.58.254|80
url: http://104.21.24.159/__utm.gif
ip-dst|port: 8.129.227.26|80
url: http://1.15.38.86:8899/cx
ip-dst|port: 1.15.38.86|8899
url: http://203.23.128.210:9663/search/
ip-dst|port: 203.23.128.210|9663
url: http://47.102.130.106:700/match
ip-dst|port: 47.102.130.106|700
url: http://139.198.175.232:89/en_us/all.js
ip-dst|port: 139.198.175.232|89
url: http://134.175.4.207/push
ip-dst|port: 134.175.4.207|80
url: https://118.31.16.93/fwlink
ip-dst|port: 118.31.16.93|443
url: http://1.14.131.141:8082/updates.rss
ip-dst|port: 1.14.131.141|8082
url: http://39.106.60.91:444/push
ip-dst|port: 39.106.60.91|444
url: http://1.116.83.241:9000/ga.js
ip-dst|port: 1.116.83.241|9000
url: http://42.193.21.115:31443/cx
ip-dst|port: 42.193.21.115|31443
url: http://140.143.167.58:8099/cm
ip-dst|port: 140.143.167.58|8099
url: http://47.94.153.149:8042/images/
ip-dst|port: 47.94.153.149|8042
url: http://140.143.167.58:8087/push
ip-dst|port: 140.143.167.58|8087
ip-dst|port: 49.72.46.23|8443
hash: eb01cd9dca82fbe466a2de552fd30704e836bac2ba842ecea316d24604650ca9
url: http://203.23.128.210/search/
ip-dst|port: 203.23.128.210|443
url: https://service-h4znnvjh-1306129509.sh.apigw.tencentcs.com/api/checklogin
ip-dst|port: 1.15.189.248|443
url: http://117.78.10.129/g.pixel
ip-dst|port: 117.78.10.129|80
url: https://sheopi.com/jquery-3.3.1.min.js
ip-dst|port: 162.244.81.132|443
url: https://87.117.239.76/jquery-3.3.1.min.js
ip-dst|port: 87.117.239.76|443
url: http://18.130.181.253/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
ip-dst|port: 18.130.181.253|443
url: https://167.179.113.11/jquery-3.3.1.min.js
ip-dst|port: 167.179.113.11|443
url: https://fanydoom.com/jquery-3.3.1.min.js
ip-dst|port: 162.244.82.249|443
url: https://clockleto.com/jquery-3.3.1.min.js
ip-dst|port: 185.105.7.242|443
url: https://159.203.80.24/jquery-3.3.1.min.js
ip-dst|port: 159.203.80.24|443
url: https://ferrolands.com/jquery-3.3.1.min.js
ip-dst|port: 162.244.81.66|443
url: https://zinccold.com/jquery-3.3.1.min.js
ip-dst|port: 107.181.161.205|443
url: https://173.82.232.149/jquery-3.3.1.min.js
ip-dst|port: 173.82.232.149|443
ip-dst|port: 13.225.205.143|443
url: https://www.burgerfuel-co.nz/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
ip-dst|port: 13.239.122.142|443
ip-dst|port: 13.225.63.52|443
url: https://brtryushy.com/jquery-3.3.1.min.js
ip-dst|port: 195.123.217.15|443
url: https://hhyuuvmqe.com/jquery-3.3.1.min.js
ip-dst|port: 82.117.252.144|443
url: https://medicosta.tk/jquery-3.3.1.min.js
ip-dst|port: 94.74.97.187|443
url: https://westdefe.com/jquery-3.3.1.min.js
ip-dst|port: 54.219.165.190|443
url: https://ipfuza.com/jquery-3.3.1.min.js
ip-dst|port: 82.117.252.145|443
ip-dst|port: 103.200.28.80|443
hash: 4a319b8f1d1ba41b28adf014f05d6b5ba5d80197e9695bf42244ad4f000ba460
hash: 6688153cb9fffebcd5b17ee46f45f8196c5db430529355be455d58adf8a594dc
hash: 3ac594b126713f599139d5bdbae9d4b18dd7d3b0b79760b4f4a06c1ad7bbd3e3
hash: 274dfbbc0adab4ad1fe4e213bb27de83ceccaffa0af2b0ca715becd6c6b7c53b
hash: b9ab3a8286457dfd86db00cb4cb67e6f99c2bc2a22b6b28caf9cb2f3ab47891d
hash: 5850cdb305a5ea4f2a45c06fcac3561e6f9eb29ca0e59ce09ffe60b7eefbef32
hash: d8a6406a6c07b2baff2d2f00aeef5a2e46c59b2813dbc36cd6c60eabee40b239
url: http://1.116.158.193/cx
ip-dst|port: 1.116.158.193|80
url: https://62.234.124.11/push
ip-dst|port: 62.234.124.11|443
url: http://www.baiducon.ml:8080/api/3
ip-dst|port: 121.5.167.18|8080
url: https://120.132.81.158/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
ip-dst|port: 120.132.81.158|443
hash: 139611db9da10328a2b5be1e8d4271441bc0153cec9ff86328f510789ea43319
hash: 6a885ab4f331bdcb0cb5a54fe6c294b3beacd32aa5b47e1941eaec333753fcaf
url: https://49.234.94.85:8443/fwlink
ip-dst|port: 49.234.94.85|8443
hash: c9243b55887e704e918c02ed16db3200dfa9bde648dc8ccb04f65d08f95966a0
hash: d4eb12198075efbd9f2c8e4894597bc2317b76a9fca5406ce156d1d1aedfd2c3
hash: 9a6023a8b502b7fe13fbd7c5007c69d02fcd90e98f5206acea450cbe37bd6f1a
hash: 1c578e3b87f2ca9f4cd4a17c7bdfa3c6a6f2b6a54fb5d55e41629dac86bc08cd
hash: ad0c449a72bc62d0b7120574f717e4cb9a1ef106a37755a105d9e7d7f2f26c3b
url: http://39.104.206.20:8080/ga.js
ip-dst|port: 39.104.206.20|8080
url: http://118.195.231.134:8080/g.pixel
ip-dst|port: 118.195.231.134|8080
hash: 51ade16a516268da4986c46f752cbab0b9d6b6897ea31089a633686bbcdf2a42
url: http://www.yyygaming.com/bqt25/
hash: 52a0c5144aca9384b448b185b3706e902ed5c7162dc824cddc95ecd2be0553cf
ip-dst|port: 103.254.96.194|147
url: http://www.bestdeals2020.store/bd2m/
ip-dst|port: 212.192.241.44|6587
ip-dst|port: 23.94.24.109|22876
hash: 9d9c3f6a912a92671727bbf63cb6002839aa8242c122bd3eeb61b5418c1b9ced
hash: d8e12a3a55aee1b94fd2b109da0f4e4602eeb18867f7e47936e7cb36e5f81f09
hash: df1c4dc83eba352719c9fe16ceb03ae177658b3255194cf0b9b7aa528f817e4f
hash: 7261315a18706897356f41e867b25c6f474a3b7aaa2e9f3f4bf9a4f2cb8cdb7c
hash: dea7b6be202e46ac8f5b7fb83eff7f2498911917e4590b980a6a7538e4ef239a
ip-dst|port: 3.131.207.170|13564
ip-dst|port: 3.22.53.161|13564
ip-dst|port: 3.128.107.74|13564
ip-dst|port: 52.14.18.129|13564
hash: 0d103eab2cdde80eeed3923bcb1ca3d209b94d63f271185d527087263adcbc0e
url: http://47.100.78.89:8081/sweetalert.min.js
hash: ab766824d461136c50054f2be6f4c8690de18e777cd7688b8f7ef0e6965ec8bd
ip-dst|port: 47.100.78.89|8081
url: https://185.198.57.155/pagead/id
ip-dst|port: 185.198.57.150|443
url: http://106.54.174.167:30001/g.pixel
ip-dst|port: 106.54.174.167|30001
url: https://66.98.118.68/ie9compatviewlist.xml
ip-dst|port: 66.98.118.68|443
url: https://108.160.132.72:50443/cx
ip-dst|port: 108.160.132.72|50443
url: http://45.158.231.141:3021/visit.js
ip-dst|port: 45.158.231.141|3021
url: http://119.23.225.78:1234/en_us/all.js
ip-dst|port: 119.23.225.78|1234
url: https://clouds.azuredges.com/search/
ip-dst|port: 167.179.102.242|443
url: https://soft-sells.com/oscp/
ip-dst|port: 78.31.67.79|443
url: http://45.125.57.232:5201/pixel.gif
ip-dst|port: 45.125.57.232|5201
url: http://45.32.104.178:2082/tab_shop_active
ip-dst|port: 45.32.104.178|2082
ip-dst|port: 172.105.20.193|80
url: http://opf5eo6zqsh7urmr.onion:8080/s/microsoft/download/update/2021/09/41501112_
ip-dst|port: 176.121.14.112|8080
ip-dst|port: 45.112.206.13|7799
url: http://10.65.242.154:4567/fwlink
ip-dst|port: 66.42.70.115|4567
url: http://106.55.153.204:8989/cx
ip-dst|port: 106.55.153.204|8989
url: http://192.168.138.136:8088/cm
ip-dst|port: 66.42.70.115|8088
url: http://45.133.216.59/ca
ip-dst|port: 45.133.216.59|80
url: https://service-g19koz1m-1253795072.gz.apigw.tencentcs.com/api/baidu/log
ip-dst|port: 164.155.73.115|443
url: https://47.75.96.198/cx
ip-dst|port: 47.75.96.198|443
url: https://42.51.12.162/__utm.gif
ip-dst|port: 42.51.12.162|443
url: http://1.15.151.47:8085/api/getit
ip-dst|port: 1.15.151.47|8085
url: http://10.72.152.75:9000/cwonajlbo/vtneww11212/
ip-dst|port: 185.243.114.227|9000
url: http://45.133.216.60/push
ip-dst|port: 45.133.216.60|80
url: https://81.71.149.131/updates.rss
ip-dst|port: 81.71.149.131|443
url: https://45.63.109.152:4433/push
ip-dst|port: 45.63.109.152|4433
url: http://144.34.162.250:1234/pixel
ip-dst|port: 144.34.162.250|1234
url: http://1.116.54.19:8077/en_us/all.js
ip-dst|port: 1.116.54.19|8077
url: http://m35927lma3.execute-api.us-east-1.amazonaws.com/api/fetch
ip-dst|port: 3.232.133.187|80
url: http://185.32.126.102/ga.js
ip-dst|port: 185.32.126.102|80
ip-dst|port: 185.198.57.155|443
url: http://185.111.245.22/fwlink
ip-dst|port: 185.111.245.22|80
url: http://45.133.216.58/updates.rss
ip-dst|port: 45.133.216.58|80
url: https://23.91.97.112/ie9compatviewlist.xml
ip-dst|port: 23.91.97.112|443
url: https://service-9o7hzc6d-1304459781.bj.apigw.tencentcs.com/api/getit
ip-dst|port: 82.156.188.38|443
url: http://106.13.204.169:7070/ca
ip-dst|port: 106.13.204.169|7070
url: http://185.93.6.31:8081/unqueue/tagline/b9ptnobh8
ip-dst|port: 185.93.6.31|8081
url: http://114.55.252.133:6060/cx
ip-dst|port: 114.55.252.133|6060
url: http://37.0.10.143/idle/0887257074/1
ip-dst|port: 37.0.10.143|80
url: http://139.129.103.193:9999/g.pixel
ip-dst|port: 139.129.103.193|9999
hash: 195289a2400f2cb9e94631539b23bc5b2f643e0b444d81485600ee62ea674d89
hash: 8756bca615d9140f087ae1df1fbbe56289b991a2efae64d61feb0a162e06d127
hash: eb4694ad3a62d2e007c0f0aba545d57af7dcb41b78504401bafda510d85d9a4f
hash: c794b0cf979f41374471d77bb1cf16eccb46af151a887044c02fe033143b2264
ip-dst|port: 83.69.2.130|1812
hash: be8eee8ab33809a48e85cc2feb51c655eeaee9d979d97c5f79d6a9ba68444299
hash: a4045a5c2ee24f0ed69d6ad71f26600f579bbf4c6632ee00e6aefef3300a7b04
hash: b7de37855e12c38f58033c6a938894bae2570e90a4df29b49f8e2e4de7934f1d
hash: 64c65ce49746a0b4d8b0b0faccbe145eb243b0ff2b828d60763b2eb5469c4322
url: http://onlygoodman.com/alti/gate.php
url: https://47.94.255.176:4431/en_us/all.js
ip-dst|port: 47.94.255.176|4431
hash: ab8896d700f8ea7a97a34fa87cb73de515f963992dad3b31d4523f5b7d445458
hash: c34e7a16bfd45436b06e9ce20bc36e7d4b0b1664c1ef0450ee9dbe882cba1850
hash: 21d40c045ea9793dcf3360e4fb82309da74575121731054845144da6b4c23e22

ThreatFox IOCs for 2021-09-12

Severity: medium

Type: unknown

ThreatFox IOCs for 2021-09-12

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain

Indicators of Compromise

hash: c1a14f1843802dca53f3deccb8598875ef68a6db5eb740a23bec6c2db1d99be9
hash: adc8e05648c951dcb4415aa0dc6c04c6008b7c9c2902888bb2d0e8b0004b594d
url: http://1.15.187.165:8099/__utm.gif
ip-dst|port: 1.15.187.165|8099
hash: a57af9eef729f33f4137775c7d0f76fe43165015fa29fdb8bbc41a56f5f4c3ce
hash: 17e5ea22e1d8a275b565147668dacc2964e274fb9329212df88832c8e042db99
url: http://tww24.ru/secureapiwindows.php
hash: a0efa5591ef26d7ceed128afd7eadad808e81544aa138f8b9ce8cd817fe210d1
hash: dd367d40751ff266743b3ddd5b307636d62c602cd81d43b47aaff3a12babf968
url: http://106.13.178.189:81/mg
ip-dst|port: 106.13.178.189|81
url: http://222.93.38.215:6666/visit.js
ip-dst|port: 222.93.38.215|6666
url: http://120.79.67.51:50006/dpixel
ip-dst|port: 120.79.67.51|50006
url: http://47.108.184.159:3333/api/getit
ip-dst|port: 47.108.184.159|3333
url: http://106.55.56.224:6666/visit.js
ip-dst|port: 106.55.56.224|6666
url: http://49.235.98.228:6666/c/msdownload/update/others/2016/12/29136388_
ip-dst|port: 49.235.98.228|6666
url: http://192.168.1.104:4444/cm
ip-dst|port: 121.4.193.179|4444
url: http://127.0.0.1:9999/wp06/wp-includes/po.php
ip-dst|port: 1.116.125.251|9999
url: http://52.80.127.131:38080/ptj
ip-dst|port: 52.80.127.131|38080
url: http://121.36.165.78:9999/push
ip-dst|port: 121.36.165.78|9999
url: http://1.117.46.121:3389/ajax/libs/jquery/3.3.1/jquery.min.js
ip-dst|port: 1.117.46.121|3389
url: http://49.234.112.148:18080/pixel.gif
ip-dst|port: 49.234.112.148|18080
ip-dst|port: 120.55.58.254|80
url: http://104.21.24.159/__utm.gif
ip-dst|port: 8.129.227.26|80
url: http://1.15.38.86:8899/cx
ip-dst|port: 1.15.38.86|8899
url: http://203.23.128.210:9663/search/
ip-dst|port: 203.23.128.210|9663
url: http://47.102.130.106:700/match
ip-dst|port: 47.102.130.106|700
url: http://139.198.175.232:89/en_us/all.js
ip-dst|port: 139.198.175.232|89
url: http://134.175.4.207/push
ip-dst|port: 134.175.4.207|80
url: https://118.31.16.93/fwlink
ip-dst|port: 118.31.16.93|443
url: http://1.14.131.141:8082/updates.rss
ip-dst|port: 1.14.131.141|8082
url: http://39.106.60.91:444/push
ip-dst|port: 39.106.60.91|444
url: http://1.116.83.241:9000/ga.js
ip-dst|port: 1.116.83.241|9000
url: http://42.193.21.115:31443/cx
ip-dst|port: 42.193.21.115|31443
url: http://140.143.167.58:8099/cm
ip-dst|port: 140.143.167.58|8099
url: http://47.94.153.149:8042/images/
ip-dst|port: 47.94.153.149|8042
url: http://140.143.167.58:8087/push
ip-dst|port: 140.143.167.58|8087
ip-dst|port: 49.72.46.23|8443
hash: eb01cd9dca82fbe466a2de552fd30704e836bac2ba842ecea316d24604650ca9
url: http://203.23.128.210/search/
ip-dst|port: 203.23.128.210|443
url: https://service-h4znnvjh-1306129509.sh.apigw.tencentcs.com/api/checklogin
ip-dst|port: 1.15.189.248|443
url: http://117.78.10.129/g.pixel
ip-dst|port: 117.78.10.129|80
url: https://sheopi.com/jquery-3.3.1.min.js
ip-dst|port: 162.244.81.132|443
url: https://87.117.239.76/jquery-3.3.1.min.js
ip-dst|port: 87.117.239.76|443
url: http://18.130.181.253/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
ip-dst|port: 18.130.181.253|443
url: https://167.179.113.11/jquery-3.3.1.min.js
ip-dst|port: 167.179.113.11|443
url: https://fanydoom.com/jquery-3.3.1.min.js
ip-dst|port: 162.244.82.249|443
url: https://clockleto.com/jquery-3.3.1.min.js
ip-dst|port: 185.105.7.242|443
url: https://159.203.80.24/jquery-3.3.1.min.js
ip-dst|port: 159.203.80.24|443
url: https://ferrolands.com/jquery-3.3.1.min.js
ip-dst|port: 162.244.81.66|443
url: https://zinccold.com/jquery-3.3.1.min.js
ip-dst|port: 107.181.161.205|443
url: https://173.82.232.149/jquery-3.3.1.min.js
ip-dst|port: 173.82.232.149|443
ip-dst|port: 13.225.205.143|443
url: https://www.burgerfuel-co.nz/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
ip-dst|port: 13.239.122.142|443
ip-dst|port: 13.225.63.52|443
url: https://brtryushy.com/jquery-3.3.1.min.js
ip-dst|port: 195.123.217.15|443
url: https://hhyuuvmqe.com/jquery-3.3.1.min.js
ip-dst|port: 82.117.252.144|443
url: https://medicosta.tk/jquery-3.3.1.min.js
ip-dst|port: 94.74.97.187|443
url: https://westdefe.com/jquery-3.3.1.min.js
ip-dst|port: 54.219.165.190|443
url: https://ipfuza.com/jquery-3.3.1.min.js
ip-dst|port: 82.117.252.145|443
ip-dst|port: 103.200.28.80|443
hash: 4a319b8f1d1ba41b28adf014f05d6b5ba5d80197e9695bf42244ad4f000ba460
hash: 6688153cb9fffebcd5b17ee46f45f8196c5db430529355be455d58adf8a594dc
hash: 3ac594b126713f599139d5bdbae9d4b18dd7d3b0b79760b4f4a06c1ad7bbd3e3
hash: 274dfbbc0adab4ad1fe4e213bb27de83ceccaffa0af2b0ca715becd6c6b7c53b
hash: b9ab3a8286457dfd86db00cb4cb67e6f99c2bc2a22b6b28caf9cb2f3ab47891d
hash: 5850cdb305a5ea4f2a45c06fcac3561e6f9eb29ca0e59ce09ffe60b7eefbef32
hash: d8a6406a6c07b2baff2d2f00aeef5a2e46c59b2813dbc36cd6c60eabee40b239
url: http://1.116.158.193/cx
ip-dst|port: 1.116.158.193|80
url: https://62.234.124.11/push
ip-dst|port: 62.234.124.11|443
url: http://www.baiducon.ml:8080/api/3
ip-dst|port: 121.5.167.18|8080
url: https://120.132.81.158/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
ip-dst|port: 120.132.81.158|443
hash: 139611db9da10328a2b5be1e8d4271441bc0153cec9ff86328f510789ea43319
hash: 6a885ab4f331bdcb0cb5a54fe6c294b3beacd32aa5b47e1941eaec333753fcaf
url: https://49.234.94.85:8443/fwlink
ip-dst|port: 49.234.94.85|8443
hash: c9243b55887e704e918c02ed16db3200dfa9bde648dc8ccb04f65d08f95966a0
hash: d4eb12198075efbd9f2c8e4894597bc2317b76a9fca5406ce156d1d1aedfd2c3
hash: 9a6023a8b502b7fe13fbd7c5007c69d02fcd90e98f5206acea450cbe37bd6f1a
hash: 1c578e3b87f2ca9f4cd4a17c7bdfa3c6a6f2b6a54fb5d55e41629dac86bc08cd
hash: ad0c449a72bc62d0b7120574f717e4cb9a1ef106a37755a105d9e7d7f2f26c3b
url: http://39.104.206.20:8080/ga.js
ip-dst|port: 39.104.206.20|8080
url: http://118.195.231.134:8080/g.pixel
ip-dst|port: 118.195.231.134|8080
hash: 51ade16a516268da4986c46f752cbab0b9d6b6897ea31089a633686bbcdf2a42
url: http://www.yyygaming.com/bqt25/
hash: 52a0c5144aca9384b448b185b3706e902ed5c7162dc824cddc95ecd2be0553cf
ip-dst|port: 103.254.96.194|147
url: http://www.bestdeals2020.store/bd2m/
ip-dst|port: 212.192.241.44|6587
ip-dst|port: 23.94.24.109|22876
hash: 9d9c3f6a912a92671727bbf63cb6002839aa8242c122bd3eeb61b5418c1b9ced
hash: d8e12a3a55aee1b94fd2b109da0f4e4602eeb18867f7e47936e7cb36e5f81f09
hash: df1c4dc83eba352719c9fe16ceb03ae177658b3255194cf0b9b7aa528f817e4f
hash: 7261315a18706897356f41e867b25c6f474a3b7aaa2e9f3f4bf9a4f2cb8cdb7c
hash: dea7b6be202e46ac8f5b7fb83eff7f2498911917e4590b980a6a7538e4ef239a
ip-dst|port: 3.131.207.170|13564
ip-dst|port: 3.22.53.161|13564
ip-dst|port: 3.128.107.74|13564
ip-dst|port: 52.14.18.129|13564
hash: 0d103eab2cdde80eeed3923bcb1ca3d209b94d63f271185d527087263adcbc0e
url: http://47.100.78.89:8081/sweetalert.min.js
hash: ab766824d461136c50054f2be6f4c8690de18e777cd7688b8f7ef0e6965ec8bd
ip-dst|port: 47.100.78.89|8081
url: https://185.198.57.155/pagead/id
ip-dst|port: 185.198.57.150|443
url: http://106.54.174.167:30001/g.pixel
ip-dst|port: 106.54.174.167|30001
url: https://66.98.118.68/ie9compatviewlist.xml
ip-dst|port: 66.98.118.68|443
url: https://108.160.132.72:50443/cx
ip-dst|port: 108.160.132.72|50443
url: http://45.158.231.141:3021/visit.js
ip-dst|port: 45.158.231.141|3021
url: http://119.23.225.78:1234/en_us/all.js
ip-dst|port: 119.23.225.78|1234
url: https://clouds.azuredges.com/search/
ip-dst|port: 167.179.102.242|443
url: https://soft-sells.com/oscp/
ip-dst|port: 78.31.67.79|443
url: http://45.125.57.232:5201/pixel.gif
ip-dst|port: 45.125.57.232|5201
url: http://45.32.104.178:2082/tab_shop_active
ip-dst|port: 45.32.104.178|2082
ip-dst|port: 172.105.20.193|80
url: http://opf5eo6zqsh7urmr.onion:8080/s/microsoft/download/update/2021/09/41501112_
ip-dst|port: 176.121.14.112|8080
ip-dst|port: 45.112.206.13|7799
url: http://10.65.242.154:4567/fwlink
ip-dst|port: 66.42.70.115|4567
url: http://106.55.153.204:8989/cx
ip-dst|port: 106.55.153.204|8989
url: http://192.168.138.136:8088/cm
ip-dst|port: 66.42.70.115|8088
url: http://45.133.216.59/ca
ip-dst|port: 45.133.216.59|80
url: https://service-g19koz1m-1253795072.gz.apigw.tencentcs.com/api/baidu/log
ip-dst|port: 164.155.73.115|443
url: https://47.75.96.198/cx
ip-dst|port: 47.75.96.198|443
url: https://42.51.12.162/__utm.gif
ip-dst|port: 42.51.12.162|443
url: http://1.15.151.47:8085/api/getit
ip-dst|port: 1.15.151.47|8085
url: http://10.72.152.75:9000/cwonajlbo/vtneww11212/
ip-dst|port: 185.243.114.227|9000
url: http://45.133.216.60/push
ip-dst|port: 45.133.216.60|80
url: https://81.71.149.131/updates.rss
ip-dst|port: 81.71.149.131|443
url: https://45.63.109.152:4433/push
ip-dst|port: 45.63.109.152|4433
url: http://144.34.162.250:1234/pixel
ip-dst|port: 144.34.162.250|1234
url: http://1.116.54.19:8077/en_us/all.js
ip-dst|port: 1.116.54.19|8077
url: http://m35927lma3.execute-api.us-east-1.amazonaws.com/api/fetch
ip-dst|port: 3.232.133.187|80
url: http://185.32.126.102/ga.js
ip-dst|port: 185.32.126.102|80
ip-dst|port: 185.198.57.155|443
url: http://185.111.245.22/fwlink
ip-dst|port: 185.111.245.22|80
url: http://45.133.216.58/updates.rss
ip-dst|port: 45.133.216.58|80
url: https://23.91.97.112/ie9compatviewlist.xml
ip-dst|port: 23.91.97.112|443
url: https://service-9o7hzc6d-1304459781.bj.apigw.tencentcs.com/api/getit
ip-dst|port: 82.156.188.38|443
url: http://106.13.204.169:7070/ca
ip-dst|port: 106.13.204.169|7070
url: http://185.93.6.31:8081/unqueue/tagline/b9ptnobh8
ip-dst|port: 185.93.6.31|8081
url: http://114.55.252.133:6060/cx
ip-dst|port: 114.55.252.133|6060
url: http://37.0.10.143/idle/0887257074/1
ip-dst|port: 37.0.10.143|80
url: http://139.129.103.193:9999/g.pixel
ip-dst|port: 139.129.103.193|9999
hash: 195289a2400f2cb9e94631539b23bc5b2f643e0b444d81485600ee62ea674d89
hash: 8756bca615d9140f087ae1df1fbbe56289b991a2efae64d61feb0a162e06d127
hash: eb4694ad3a62d2e007c0f0aba545d57af7dcb41b78504401bafda510d85d9a4f
hash: c794b0cf979f41374471d77bb1cf16eccb46af151a887044c02fe033143b2264
ip-dst|port: 83.69.2.130|1812
hash: be8eee8ab33809a48e85cc2feb51c655eeaee9d979d97c5f79d6a9ba68444299
hash: a4045a5c2ee24f0ed69d6ad71f26600f579bbf4c6632ee00e6aefef3300a7b04
hash: b7de37855e12c38f58033c6a938894bae2570e90a4df29b49f8e2e4de7934f1d
hash: 64c65ce49746a0b4d8b0b0faccbe145eb243b0ff2b828d60763b2eb5469c4322
url: http://onlygoodman.com/alti/gate.php
url: https://47.94.255.176:4431/en_us/all.js
ip-dst|port: 47.94.255.176|4431
hash: ab8896d700f8ea7a97a34fa87cb73de515f963992dad3b31d4523f5b7d445458
hash: c34e7a16bfd45436b06e9ce20bc36e7d4b0b1664c1ef0450ee9dbe882cba1850
hash: 21d40c045ea9793dcf3360e4fb82309da74575121731054845144da6b4c23e22

Source: MISP

Published: Sun Sep 12 2021

ThreatFox IOCs for 2021-09-12

Medium

Unknowntype:OSINT tlp:white

Published: Sun Sep 12 2021 (09/12/2021, 00:00:00 UTC)

Source: MISP

Description

ThreatFox IOCs for 2021-09-12

AI-Powered Analysis

AILast updated: 07/03/2025, 06:54:31 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3

Indicators of Compromise

Hash

Value	Description	Copy
hashc1a14f1843802dca53f3deccb8598875ef68a6db5eb740a23bec6c2db1d99be9	Dridex payload (confidence level: 100%)
hashadc8e05648c951dcb4415aa0dc6c04c6008b7c9c2902888bb2d0e8b0004b594d	Dridex payload (confidence level: 100%)
hasha57af9eef729f33f4137775c7d0f76fe43165015fa29fdb8bbc41a56f5f4c3ce	Dridex payload (confidence level: 100%)
hash17e5ea22e1d8a275b565147668dacc2964e274fb9329212df88832c8e042db99	Dridex payload (confidence level: 100%)
hasha0efa5591ef26d7ceed128afd7eadad808e81544aa138f8b9ce8cd817fe210d1	Dridex payload (confidence level: 100%)
hashdd367d40751ff266743b3ddd5b307636d62c602cd81d43b47aaff3a12babf968	Dridex payload (confidence level: 100%)
hasheb01cd9dca82fbe466a2de552fd30704e836bac2ba842ecea316d24604650ca9	Dridex payload (confidence level: 100%)
hash4a319b8f1d1ba41b28adf014f05d6b5ba5d80197e9695bf42244ad4f000ba460	Dridex payload (confidence level: 100%)
hash6688153cb9fffebcd5b17ee46f45f8196c5db430529355be455d58adf8a594dc	Dridex payload (confidence level: 100%)
hash3ac594b126713f599139d5bdbae9d4b18dd7d3b0b79760b4f4a06c1ad7bbd3e3	Dridex payload (confidence level: 100%)
hash274dfbbc0adab4ad1fe4e213bb27de83ceccaffa0af2b0ca715becd6c6b7c53b	Agent Tesla payload (confidence level: 50%)
hashb9ab3a8286457dfd86db00cb4cb67e6f99c2bc2a22b6b28caf9cb2f3ab47891d	Agent Tesla payload (confidence level: 50%)
hash5850cdb305a5ea4f2a45c06fcac3561e6f9eb29ca0e59ce09ffe60b7eefbef32	Agent Tesla payload (confidence level: 50%)
hashd8a6406a6c07b2baff2d2f00aeef5a2e46c59b2813dbc36cd6c60eabee40b239	Agent Tesla payload (confidence level: 50%)
hash139611db9da10328a2b5be1e8d4271441bc0153cec9ff86328f510789ea43319	Dridex payload (confidence level: 100%)
hash6a885ab4f331bdcb0cb5a54fe6c294b3beacd32aa5b47e1941eaec333753fcaf	Dridex payload (confidence level: 100%)
hashc9243b55887e704e918c02ed16db3200dfa9bde648dc8ccb04f65d08f95966a0	Agent Tesla payload (confidence level: 50%)
hashd4eb12198075efbd9f2c8e4894597bc2317b76a9fca5406ce156d1d1aedfd2c3	Agent Tesla payload (confidence level: 50%)
hash9a6023a8b502b7fe13fbd7c5007c69d02fcd90e98f5206acea450cbe37bd6f1a	Agent Tesla payload (confidence level: 50%)
hash1c578e3b87f2ca9f4cd4a17c7bdfa3c6a6f2b6a54fb5d55e41629dac86bc08cd	Agent Tesla payload (confidence level: 50%)
hashad0c449a72bc62d0b7120574f717e4cb9a1ef106a37755a105d9e7d7f2f26c3b	Dridex payload (confidence level: 100%)
hash51ade16a516268da4986c46f752cbab0b9d6b6897ea31089a633686bbcdf2a42	Dridex payload (confidence level: 100%)
hash52a0c5144aca9384b448b185b3706e902ed5c7162dc824cddc95ecd2be0553cf	Dridex payload (confidence level: 100%)
hash9d9c3f6a912a92671727bbf63cb6002839aa8242c122bd3eeb61b5418c1b9ced	AsyncRAT payload (confidence level: 50%)
hashd8e12a3a55aee1b94fd2b109da0f4e4602eeb18867f7e47936e7cb36e5f81f09	AsyncRAT payload (confidence level: 50%)
hashdf1c4dc83eba352719c9fe16ceb03ae177658b3255194cf0b9b7aa528f817e4f	AsyncRAT payload (confidence level: 50%)
hash7261315a18706897356f41e867b25c6f474a3b7aaa2e9f3f4bf9a4f2cb8cdb7c	AsyncRAT payload (confidence level: 50%)
hashdea7b6be202e46ac8f5b7fb83eff7f2498911917e4590b980a6a7538e4ef239a	Dridex payload (confidence level: 100%)
hash0d103eab2cdde80eeed3923bcb1ca3d209b94d63f271185d527087263adcbc0e	Dridex payload (confidence level: 100%)
hashab766824d461136c50054f2be6f4c8690de18e777cd7688b8f7ef0e6965ec8bd	Dridex payload (confidence level: 100%)
hash195289a2400f2cb9e94631539b23bc5b2f643e0b444d81485600ee62ea674d89	Glupteba payload (confidence level: 50%)
hash8756bca615d9140f087ae1df1fbbe56289b991a2efae64d61feb0a162e06d127	Glupteba payload (confidence level: 50%)
hasheb4694ad3a62d2e007c0f0aba545d57af7dcb41b78504401bafda510d85d9a4f	Glupteba payload (confidence level: 50%)
hashc794b0cf979f41374471d77bb1cf16eccb46af151a887044c02fe033143b2264	Glupteba payload (confidence level: 50%)
hashbe8eee8ab33809a48e85cc2feb51c655eeaee9d979d97c5f79d6a9ba68444299	Dridex payload (confidence level: 100%)
hasha4045a5c2ee24f0ed69d6ad71f26600f579bbf4c6632ee00e6aefef3300a7b04	Dridex payload (confidence level: 100%)
hashb7de37855e12c38f58033c6a938894bae2570e90a4df29b49f8e2e4de7934f1d	Dridex payload (confidence level: 100%)
hash64c65ce49746a0b4d8b0b0faccbe145eb243b0ff2b828d60763b2eb5469c4322	Dridex payload (confidence level: 100%)
hashab8896d700f8ea7a97a34fa87cb73de515f963992dad3b31d4523f5b7d445458	Dridex payload (confidence level: 100%)
hashc34e7a16bfd45436b06e9ce20bc36e7d4b0b1664c1ef0450ee9dbe882cba1850	Dridex payload (confidence level: 100%)
hash21d40c045ea9793dcf3360e4fb82309da74575121731054845144da6b4c23e22	Dridex payload (confidence level: 100%)

Url

Value	Description	Copy
urlhttp://1.15.187.165:8099/__utm.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://tww24.ru/secureapiwindows.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://106.13.178.189:81/mg	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://222.93.38.215:6666/visit.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://120.79.67.51:50006/dpixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.108.184.159:3333/api/getit	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://106.55.56.224:6666/visit.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://49.235.98.228:6666/c/msdownload/update/others/2016/12/29136388_	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://192.168.1.104:4444/cm	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://127.0.0.1:9999/wp06/wp-includes/po.php	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://52.80.127.131:38080/ptj	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.36.165.78:9999/push	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.117.46.121:3389/ajax/libs/jquery/3.3.1/jquery.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://49.234.112.148:18080/pixel.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://104.21.24.159/__utm.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.15.38.86:8899/cx	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://203.23.128.210:9663/search/	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.102.130.106:700/match	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://139.198.175.232:89/en_us/all.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://134.175.4.207/push	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://118.31.16.93/fwlink	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.14.131.141:8082/updates.rss	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://39.106.60.91:444/push	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.116.83.241:9000/ga.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://42.193.21.115:31443/cx	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://140.143.167.58:8099/cm	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.94.153.149:8042/images/	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://140.143.167.58:8087/push	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://203.23.128.210/search/	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://service-h4znnvjh-1306129509.sh.apigw.tencentcs.com/api/checklogin	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://117.78.10.129/g.pixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://sheopi.com/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://87.117.239.76/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://18.130.181.253/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://167.179.113.11/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://fanydoom.com/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://clockleto.com/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://159.203.80.24/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://ferrolands.com/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://zinccold.com/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://173.82.232.149/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.burgerfuel-co.nz/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://brtryushy.com/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://hhyuuvmqe.com/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://medicosta.tk/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://westdefe.com/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://ipfuza.com/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.116.158.193/cx	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://62.234.124.11/push	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://www.baiducon.ml:8080/api/3	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://120.132.81.158/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://49.234.94.85:8443/fwlink	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://39.104.206.20:8080/ga.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://118.195.231.134:8080/g.pixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://www.yyygaming.com/bqt25/	Formbook botnet C2 (confidence level: 100%)
urlhttp://www.bestdeals2020.store/bd2m/	Formbook botnet C2 (confidence level: 100%)
urlhttp://47.100.78.89:8081/sweetalert.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://185.198.57.155/pagead/id	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://106.54.174.167:30001/g.pixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://66.98.118.68/ie9compatviewlist.xml	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://108.160.132.72:50443/cx	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.158.231.141:3021/visit.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://119.23.225.78:1234/en_us/all.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://clouds.azuredges.com/search/	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://soft-sells.com/oscp/	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.125.57.232:5201/pixel.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.32.104.178:2082/tab_shop_active	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://opf5eo6zqsh7urmr.onion:8080/s/microsoft/download/update/2021/09/41501112_	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://10.65.242.154:4567/fwlink	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://106.55.153.204:8989/cx	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://192.168.138.136:8088/cm	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.133.216.59/ca	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://service-g19koz1m-1253795072.gz.apigw.tencentcs.com/api/baidu/log	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://47.75.96.198/cx	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://42.51.12.162/__utm.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.15.151.47:8085/api/getit	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://10.72.152.75:9000/cwonajlbo/vtneww11212/	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.133.216.60/push	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://81.71.149.131/updates.rss	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://45.63.109.152:4433/push	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://144.34.162.250:1234/pixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.116.54.19:8077/en_us/all.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://m35927lma3.execute-api.us-east-1.amazonaws.com/api/fetch	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://185.32.126.102/ga.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://185.111.245.22/fwlink	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.133.216.58/updates.rss	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://23.91.97.112/ie9compatviewlist.xml	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://service-9o7hzc6d-1304459781.bj.apigw.tencentcs.com/api/getit	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://106.13.204.169:7070/ca	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://185.93.6.31:8081/unqueue/tagline/b9ptnobh8	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://114.55.252.133:6060/cx	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://37.0.10.143/idle/0887257074/1	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://139.129.103.193:9999/g.pixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://onlygoodman.com/alti/gate.php	Pony botnet C2 (confidence level: 100%)
urlhttps://47.94.255.176:4431/en_us/all.js	Cobalt Strike botnet C2 (confidence level: 100%)

Ip dst|port

Value	Description	Copy
ip-dst\|port1.15.187.165\|8099	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port106.13.178.189\|81	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port222.93.38.215\|6666	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port120.79.67.51\|50006	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port47.108.184.159\|3333	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port106.55.56.224\|6666	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port49.235.98.228\|6666	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port121.4.193.179\|4444	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port1.116.125.251\|9999	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port52.80.127.131\|38080	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port121.36.165.78\|9999	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port1.117.46.121\|3389	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port49.234.112.148\|18080	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port120.55.58.254\|80	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port8.129.227.26\|80	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port1.15.38.86\|8899	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port203.23.128.210\|9663	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port47.102.130.106\|700	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port139.198.175.232\|89	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port134.175.4.207\|80	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port118.31.16.93\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port1.14.131.141\|8082	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port39.106.60.91\|444	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port1.116.83.241\|9000	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port42.193.21.115\|31443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port140.143.167.58\|8099	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port47.94.153.149\|8042	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port140.143.167.58\|8087	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port49.72.46.23\|8443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port203.23.128.210\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port1.15.189.248\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port117.78.10.129\|80	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port162.244.81.132\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port87.117.239.76\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port18.130.181.253\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port167.179.113.11\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port162.244.82.249\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port185.105.7.242\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port159.203.80.24\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port162.244.81.66\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port107.181.161.205\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port173.82.232.149\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port13.225.205.143\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port13.239.122.142\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port13.225.63.52\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port195.123.217.15\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port82.117.252.144\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port94.74.97.187\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port54.219.165.190\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port82.117.252.145\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port103.200.28.80\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port1.116.158.193\|80	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port62.234.124.11\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port121.5.167.18\|8080	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port120.132.81.158\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port49.234.94.85\|8443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port39.104.206.20\|8080	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port118.195.231.134\|8080	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port103.254.96.194\|147	NjRAT botnet C2 server (confidence level: 100%)
ip-dst\|port212.192.241.44\|6587	Mirai botnet C2 server (confidence level: 75%)
ip-dst\|port23.94.24.109\|22876	Bashlite botnet C2 server (confidence level: 75%)
ip-dst\|port3.131.207.170\|13564	NjRAT botnet C2 server (confidence level: 100%)
ip-dst\|port3.22.53.161\|13564	NjRAT botnet C2 server (confidence level: 100%)
ip-dst\|port3.128.107.74\|13564	NjRAT botnet C2 server (confidence level: 100%)
ip-dst\|port52.14.18.129\|13564	NjRAT botnet C2 server (confidence level: 100%)
ip-dst\|port47.100.78.89\|8081	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port185.198.57.150\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port106.54.174.167\|30001	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port66.98.118.68\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port108.160.132.72\|50443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port45.158.231.141\|3021	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port119.23.225.78\|1234	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port167.179.102.242\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port78.31.67.79\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port45.125.57.232\|5201	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port45.32.104.178\|2082	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port172.105.20.193\|80	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port176.121.14.112\|8080	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port45.112.206.13\|7799	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port66.42.70.115\|4567	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port106.55.153.204\|8989	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port66.42.70.115\|8088	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port45.133.216.59\|80	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port164.155.73.115\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port47.75.96.198\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port42.51.12.162\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port1.15.151.47\|8085	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port185.243.114.227\|9000	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port45.133.216.60\|80	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port81.71.149.131\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port45.63.109.152\|4433	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port144.34.162.250\|1234	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port1.116.54.19\|8077	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port3.232.133.187\|80	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port185.32.126.102\|80	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port185.198.57.155\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port185.111.245.22\|80	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port45.133.216.58\|80	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port23.91.97.112\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port82.156.188.38\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port106.13.204.169\|7070	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port185.93.6.31\|8081	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port114.55.252.133\|6060	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port37.0.10.143\|80	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port139.129.103.193\|9999	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port83.69.2.130\|1812	RMS botnet C2 server (confidence level: 100%)
ip-dst\|port47.94.255.176\|4431	Cobalt Strike botnet C2 server (confidence level: 100%)

Threat ID: 6828eab9e1a0c275ea6e3264

Added to database: 5/17/2025, 7:59:53 PM

Last enriched: 7/3/2025, 6:54:31 AM

Last updated: 8/15/2025, 2:01:10 PM

Related Threats

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2021-09-12

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2021-09-12

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Hash

Url

Ip dst|port

Related Threats

ThreatFox IOCs for 2025-08-15

ThreatFox IOCs for 2025-08-14

ThreatFox IOCs for 2025-08-13

ThreatFox IOCs for 2025-08-12

ThreatFox IOCs for 2025-08-11

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility