ThreatFox IOCs for 2021-09-12

Severity: mediumType: malware

AI Analysis

Technical Summary

The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2021-09-12 by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), payload delivery, and network activity. The data does not specify any particular malware family, affected software versions, or detailed technical characteristics beyond the classification tags. The threat level is indicated as medium with no known exploits in the wild and no available patches. The absence of detailed indicators and CWE identifiers suggests this entry primarily serves as an intelligence feed update rather than a description of a novel or active exploit. The threat appears to be related to the distribution and delivery of malicious payloads, potentially through network vectors, but lacks concrete technical details such as attack vectors, payload behavior, or exploitation methods. The TLP (Traffic Light Protocol) is white, indicating the information is publicly shareable. Overall, this entry functions as a situational awareness update for cybersecurity professionals monitoring emerging or ongoing malware-related activities rather than a direct alert about a specific vulnerability or exploit.

Potential Impact

Given the limited technical details and absence of known exploits, the immediate impact on European organizations is likely low to medium. However, the presence of payload delivery and network activity tags implies potential risks of malware infection through network-based vectors, which could lead to data exfiltration, system compromise, or disruption if exploited effectively. European organizations, particularly those with extensive network infrastructures or those that rely heavily on OSINT for threat intelligence, may find value in integrating these IOCs into their detection systems to enhance situational awareness. The lack of patch availability and no specific affected software versions reduces the likelihood of a direct vulnerability exploitation but underscores the importance of monitoring network traffic for suspicious payload delivery attempts. The medium severity rating suggests a moderate risk level, emphasizing the need for vigilance but not indicating an immediate widespread threat.

Mitigation Recommendations

1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to enhance detection capabilities for related network activity and payload delivery attempts. 2. Conduct regular network traffic analysis focusing on unusual or unauthorized payload delivery patterns, especially those matching the characteristics of the IOCs from ThreatFox. 3. Maintain updated threat intelligence feeds and ensure cross-correlation with internal logs to identify early signs of compromise. 4. Implement strict network segmentation and access controls to limit the lateral movement potential of any malware that might be delivered. 5. Educate security teams on the importance of OSINT-based threat intelligence and encourage proactive monitoring of public intelligence feeds such as ThreatFox. 6. Since no patches are available, emphasize hardening of network defenses and endpoint protection to mitigate potential payload execution. 7. Regularly update and test incident response plans to ensure readiness in case of detection of related malicious activity.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland

Indicators of Compromise

hash: c1a14f1843802dca53f3deccb8598875ef68a6db5eb740a23bec6c2db1d99be9
hash: adc8e05648c951dcb4415aa0dc6c04c6008b7c9c2902888bb2d0e8b0004b594d
url: http://1.15.187.165:8099/__utm.gif
file: 1.15.187.165
hash: 8099
hash: a57af9eef729f33f4137775c7d0f76fe43165015fa29fdb8bbc41a56f5f4c3ce
hash: 17e5ea22e1d8a275b565147668dacc2964e274fb9329212df88832c8e042db99
url: http://tww24.ru/secureapiwindows.php
hash: a0efa5591ef26d7ceed128afd7eadad808e81544aa138f8b9ce8cd817fe210d1
hash: dd367d40751ff266743b3ddd5b307636d62c602cd81d43b47aaff3a12babf968
url: http://106.13.178.189:81/mg
file: 106.13.178.189
hash: 81
url: http://222.93.38.215:6666/visit.js
file: 222.93.38.215
hash: 6666
url: http://120.79.67.51:50006/dpixel
file: 120.79.67.51
hash: 50006
url: http://47.108.184.159:3333/api/getit
file: 47.108.184.159
hash: 3333
url: http://106.55.56.224:6666/visit.js
file: 106.55.56.224
hash: 6666
url: http://49.235.98.228:6666/c/msdownload/update/others/2016/12/29136388_
file: 49.235.98.228
hash: 6666
url: http://192.168.1.104:4444/cm
file: 121.4.193.179
hash: 4444
url: http://127.0.0.1:9999/wp06/wp-includes/po.php
file: 1.116.125.251
hash: 9999
url: http://52.80.127.131:38080/ptj
file: 52.80.127.131
hash: 38080
url: http://121.36.165.78:9999/push
file: 121.36.165.78
hash: 9999
url: http://1.117.46.121:3389/ajax/libs/jquery/3.3.1/jquery.min.js
file: 1.117.46.121
hash: 3389
url: http://49.234.112.148:18080/pixel.gif
file: 49.234.112.148
hash: 18080
file: 120.55.58.254
hash: 80
url: http://104.21.24.159/__utm.gif
file: 8.129.227.26
hash: 80
url: http://1.15.38.86:8899/cx
file: 1.15.38.86
hash: 8899
url: http://203.23.128.210:9663/search/
file: 203.23.128.210
hash: 9663
url: http://47.102.130.106:700/match
file: 47.102.130.106
hash: 700
url: http://139.198.175.232:89/en_us/all.js
file: 139.198.175.232
hash: 89
url: http://134.175.4.207/push
file: 134.175.4.207
hash: 80
url: https://118.31.16.93/fwlink
file: 118.31.16.93
hash: 443
url: http://1.14.131.141:8082/updates.rss
file: 1.14.131.141
hash: 8082
url: http://39.106.60.91:444/push
file: 39.106.60.91
hash: 444
url: http://1.116.83.241:9000/ga.js
file: 1.116.83.241
hash: 9000
url: http://42.193.21.115:31443/cx
file: 42.193.21.115
hash: 31443
url: http://140.143.167.58:8099/cm
file: 140.143.167.58
hash: 8099
url: http://47.94.153.149:8042/images/
file: 47.94.153.149
hash: 8042
url: http://140.143.167.58:8087/push
file: 140.143.167.58
hash: 8087
file: 49.72.46.23
hash: 8443
hash: eb01cd9dca82fbe466a2de552fd30704e836bac2ba842ecea316d24604650ca9
url: http://203.23.128.210/search/
file: 203.23.128.210
hash: 443
url: https://service-h4znnvjh-1306129509.sh.apigw.tencentcs.com/api/checklogin
file: 1.15.189.248
hash: 443
url: http://117.78.10.129/g.pixel
file: 117.78.10.129
hash: 80
url: https://sheopi.com/jquery-3.3.1.min.js
file: 162.244.81.132
hash: 443
url: https://87.117.239.76/jquery-3.3.1.min.js
file: 87.117.239.76
hash: 443
url: http://18.130.181.253/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
file: 18.130.181.253
hash: 443
url: https://167.179.113.11/jquery-3.3.1.min.js
file: 167.179.113.11
hash: 443
url: https://fanydoom.com/jquery-3.3.1.min.js
file: 162.244.82.249
hash: 443
url: https://clockleto.com/jquery-3.3.1.min.js
file: 185.105.7.242
hash: 443
url: https://159.203.80.24/jquery-3.3.1.min.js
file: 159.203.80.24
hash: 443
url: https://ferrolands.com/jquery-3.3.1.min.js
file: 162.244.81.66
hash: 443
url: https://zinccold.com/jquery-3.3.1.min.js
file: 107.181.161.205
hash: 443
url: https://173.82.232.149/jquery-3.3.1.min.js
file: 173.82.232.149
hash: 443
file: 13.225.205.143
hash: 443
url: https://www.burgerfuel-co.nz/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
file: 13.239.122.142
hash: 443
file: 13.225.63.52
hash: 443
url: https://brtryushy.com/jquery-3.3.1.min.js
file: 195.123.217.15
hash: 443
url: https://hhyuuvmqe.com/jquery-3.3.1.min.js
file: 82.117.252.144
hash: 443
url: https://medicosta.tk/jquery-3.3.1.min.js
file: 94.74.97.187
hash: 443
url: https://westdefe.com/jquery-3.3.1.min.js
file: 54.219.165.190
hash: 443
url: https://ipfuza.com/jquery-3.3.1.min.js
file: 82.117.252.145
hash: 443
file: 103.200.28.80
hash: 443
hash: 4a319b8f1d1ba41b28adf014f05d6b5ba5d80197e9695bf42244ad4f000ba460
hash: 6688153cb9fffebcd5b17ee46f45f8196c5db430529355be455d58adf8a594dc
hash: 3ac594b126713f599139d5bdbae9d4b18dd7d3b0b79760b4f4a06c1ad7bbd3e3
hash: 274dfbbc0adab4ad1fe4e213bb27de83ceccaffa0af2b0ca715becd6c6b7c53b
hash: b9ab3a8286457dfd86db00cb4cb67e6f99c2bc2a22b6b28caf9cb2f3ab47891d
hash: 5850cdb305a5ea4f2a45c06fcac3561e6f9eb29ca0e59ce09ffe60b7eefbef32
hash: d8a6406a6c07b2baff2d2f00aeef5a2e46c59b2813dbc36cd6c60eabee40b239
url: http://1.116.158.193/cx
file: 1.116.158.193
hash: 80
url: https://62.234.124.11/push
file: 62.234.124.11
hash: 443
url: http://www.baiducon.ml:8080/api/3
file: 121.5.167.18
hash: 8080
url: https://120.132.81.158/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
file: 120.132.81.158
hash: 443
hash: 139611db9da10328a2b5be1e8d4271441bc0153cec9ff86328f510789ea43319
hash: 6a885ab4f331bdcb0cb5a54fe6c294b3beacd32aa5b47e1941eaec333753fcaf
url: https://49.234.94.85:8443/fwlink
file: 49.234.94.85
hash: 8443
hash: c9243b55887e704e918c02ed16db3200dfa9bde648dc8ccb04f65d08f95966a0
hash: d4eb12198075efbd9f2c8e4894597bc2317b76a9fca5406ce156d1d1aedfd2c3
hash: 9a6023a8b502b7fe13fbd7c5007c69d02fcd90e98f5206acea450cbe37bd6f1a
hash: 1c578e3b87f2ca9f4cd4a17c7bdfa3c6a6f2b6a54fb5d55e41629dac86bc08cd
hash: ad0c449a72bc62d0b7120574f717e4cb9a1ef106a37755a105d9e7d7f2f26c3b
url: http://39.104.206.20:8080/ga.js
file: 39.104.206.20
hash: 8080
url: http://118.195.231.134:8080/g.pixel
file: 118.195.231.134
hash: 8080
hash: 51ade16a516268da4986c46f752cbab0b9d6b6897ea31089a633686bbcdf2a42
url: http://www.yyygaming.com/bqt25/
hash: 52a0c5144aca9384b448b185b3706e902ed5c7162dc824cddc95ecd2be0553cf
file: 103.254.96.194
hash: 147
url: http://www.bestdeals2020.store/bd2m/
file: 212.192.241.44
hash: 6587
file: 23.94.24.109
hash: 22876
hash: 9d9c3f6a912a92671727bbf63cb6002839aa8242c122bd3eeb61b5418c1b9ced
hash: d8e12a3a55aee1b94fd2b109da0f4e4602eeb18867f7e47936e7cb36e5f81f09
hash: df1c4dc83eba352719c9fe16ceb03ae177658b3255194cf0b9b7aa528f817e4f
hash: 7261315a18706897356f41e867b25c6f474a3b7aaa2e9f3f4bf9a4f2cb8cdb7c
hash: dea7b6be202e46ac8f5b7fb83eff7f2498911917e4590b980a6a7538e4ef239a
file: 3.131.207.170
hash: 13564
file: 3.22.53.161
hash: 13564
file: 3.128.107.74
hash: 13564
file: 52.14.18.129
hash: 13564
hash: 0d103eab2cdde80eeed3923bcb1ca3d209b94d63f271185d527087263adcbc0e
url: http://47.100.78.89:8081/sweetalert.min.js
hash: ab766824d461136c50054f2be6f4c8690de18e777cd7688b8f7ef0e6965ec8bd
file: 47.100.78.89
hash: 8081
url: https://185.198.57.155/pagead/id
file: 185.198.57.150
hash: 443
url: http://106.54.174.167:30001/g.pixel
file: 106.54.174.167
hash: 30001
url: https://66.98.118.68/ie9compatviewlist.xml
file: 66.98.118.68
hash: 443
url: https://108.160.132.72:50443/cx
file: 108.160.132.72
hash: 50443
url: http://45.158.231.141:3021/visit.js
file: 45.158.231.141
hash: 3021
url: http://119.23.225.78:1234/en_us/all.js
file: 119.23.225.78
hash: 1234
url: https://clouds.azuredges.com/search/
file: 167.179.102.242
hash: 443
url: https://soft-sells.com/oscp/
file: 78.31.67.79
hash: 443
url: http://45.125.57.232:5201/pixel.gif
file: 45.125.57.232
hash: 5201
url: http://45.32.104.178:2082/tab_shop_active
file: 45.32.104.178
hash: 2082
file: 172.105.20.193
hash: 80
url: http://opf5eo6zqsh7urmr.onion:8080/s/microsoft/download/update/2021/09/41501112_
file: 176.121.14.112
hash: 8080
file: 45.112.206.13
hash: 7799
url: http://10.65.242.154:4567/fwlink
file: 66.42.70.115
hash: 4567
url: http://106.55.153.204:8989/cx
file: 106.55.153.204
hash: 8989
url: http://192.168.138.136:8088/cm
file: 66.42.70.115
hash: 8088
url: http://45.133.216.59/ca
file: 45.133.216.59
hash: 80
url: https://service-g19koz1m-1253795072.gz.apigw.tencentcs.com/api/baidu/log
file: 164.155.73.115
hash: 443
url: https://47.75.96.198/cx
file: 47.75.96.198
hash: 443
url: https://42.51.12.162/__utm.gif
file: 42.51.12.162
hash: 443
url: http://1.15.151.47:8085/api/getit
file: 1.15.151.47
hash: 8085
url: http://10.72.152.75:9000/cwonajlbo/vtneww11212/
file: 185.243.114.227
hash: 9000
url: http://45.133.216.60/push
file: 45.133.216.60
hash: 80
url: https://81.71.149.131/updates.rss
file: 81.71.149.131
hash: 443
url: https://45.63.109.152:4433/push
file: 45.63.109.152
hash: 4433
url: http://144.34.162.250:1234/pixel
file: 144.34.162.250
hash: 1234
url: http://1.116.54.19:8077/en_us/all.js
file: 1.116.54.19
hash: 8077
url: http://m35927lma3.execute-api.us-east-1.amazonaws.com/api/fetch
file: 3.232.133.187
hash: 80
url: http://185.32.126.102/ga.js
file: 185.32.126.102
hash: 80
file: 185.198.57.155
hash: 443
url: http://185.111.245.22/fwlink
file: 185.111.245.22
hash: 80
url: http://45.133.216.58/updates.rss
file: 45.133.216.58
hash: 80
url: https://23.91.97.112/ie9compatviewlist.xml
file: 23.91.97.112
hash: 443
url: https://service-9o7hzc6d-1304459781.bj.apigw.tencentcs.com/api/getit
file: 82.156.188.38
hash: 443
url: http://106.13.204.169:7070/ca
file: 106.13.204.169
hash: 7070
url: http://185.93.6.31:8081/unqueue/tagline/b9ptnobh8
file: 185.93.6.31
hash: 8081
url: http://114.55.252.133:6060/cx
file: 114.55.252.133
hash: 6060
url: http://37.0.10.143/idle/0887257074/1
file: 37.0.10.143
hash: 80
url: http://139.129.103.193:9999/g.pixel
file: 139.129.103.193
hash: 9999
hash: 195289a2400f2cb9e94631539b23bc5b2f643e0b444d81485600ee62ea674d89
hash: 8756bca615d9140f087ae1df1fbbe56289b991a2efae64d61feb0a162e06d127
hash: eb4694ad3a62d2e007c0f0aba545d57af7dcb41b78504401bafda510d85d9a4f
hash: c794b0cf979f41374471d77bb1cf16eccb46af151a887044c02fe033143b2264
file: 83.69.2.130
hash: 1812
hash: be8eee8ab33809a48e85cc2feb51c655eeaee9d979d97c5f79d6a9ba68444299
hash: a4045a5c2ee24f0ed69d6ad71f26600f579bbf4c6632ee00e6aefef3300a7b04
hash: b7de37855e12c38f58033c6a938894bae2570e90a4df29b49f8e2e4de7934f1d
hash: 64c65ce49746a0b4d8b0b0faccbe145eb243b0ff2b828d60763b2eb5469c4322
url: http://onlygoodman.com/alti/gate.php
url: https://47.94.255.176:4431/en_us/all.js
file: 47.94.255.176
hash: 4431
hash: ab8896d700f8ea7a97a34fa87cb73de515f963992dad3b31d4523f5b7d445458
hash: c34e7a16bfd45436b06e9ce20bc36e7d4b0b1664c1ef0450ee9dbe882cba1850
hash: 21d40c045ea9793dcf3360e4fb82309da74575121731054845144da6b4c23e22

ThreatFox IOCs for 2021-09-12

Severity: medium

Type: malware

ThreatFox IOCs for 2021-09-12

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland

Indicators of Compromise

hash: c1a14f1843802dca53f3deccb8598875ef68a6db5eb740a23bec6c2db1d99be9
hash: adc8e05648c951dcb4415aa0dc6c04c6008b7c9c2902888bb2d0e8b0004b594d
url: http://1.15.187.165:8099/__utm.gif
file: 1.15.187.165
hash: 8099
hash: a57af9eef729f33f4137775c7d0f76fe43165015fa29fdb8bbc41a56f5f4c3ce
hash: 17e5ea22e1d8a275b565147668dacc2964e274fb9329212df88832c8e042db99
url: http://tww24.ru/secureapiwindows.php
hash: a0efa5591ef26d7ceed128afd7eadad808e81544aa138f8b9ce8cd817fe210d1
hash: dd367d40751ff266743b3ddd5b307636d62c602cd81d43b47aaff3a12babf968
url: http://106.13.178.189:81/mg
file: 106.13.178.189
hash: 81
url: http://222.93.38.215:6666/visit.js
file: 222.93.38.215
hash: 6666
url: http://120.79.67.51:50006/dpixel
file: 120.79.67.51
hash: 50006
url: http://47.108.184.159:3333/api/getit
file: 47.108.184.159
hash: 3333
url: http://106.55.56.224:6666/visit.js
file: 106.55.56.224
hash: 6666
url: http://49.235.98.228:6666/c/msdownload/update/others/2016/12/29136388_
file: 49.235.98.228
hash: 6666
url: http://192.168.1.104:4444/cm
file: 121.4.193.179
hash: 4444
url: http://127.0.0.1:9999/wp06/wp-includes/po.php
file: 1.116.125.251
hash: 9999
url: http://52.80.127.131:38080/ptj
file: 52.80.127.131
hash: 38080
url: http://121.36.165.78:9999/push
file: 121.36.165.78
hash: 9999
url: http://1.117.46.121:3389/ajax/libs/jquery/3.3.1/jquery.min.js
file: 1.117.46.121
hash: 3389
url: http://49.234.112.148:18080/pixel.gif
file: 49.234.112.148
hash: 18080
file: 120.55.58.254
hash: 80
url: http://104.21.24.159/__utm.gif
file: 8.129.227.26
hash: 80
url: http://1.15.38.86:8899/cx
file: 1.15.38.86
hash: 8899
url: http://203.23.128.210:9663/search/
file: 203.23.128.210
hash: 9663
url: http://47.102.130.106:700/match
file: 47.102.130.106
hash: 700
url: http://139.198.175.232:89/en_us/all.js
file: 139.198.175.232
hash: 89
url: http://134.175.4.207/push
file: 134.175.4.207
hash: 80
url: https://118.31.16.93/fwlink
file: 118.31.16.93
hash: 443
url: http://1.14.131.141:8082/updates.rss
file: 1.14.131.141
hash: 8082
url: http://39.106.60.91:444/push
file: 39.106.60.91
hash: 444
url: http://1.116.83.241:9000/ga.js
file: 1.116.83.241
hash: 9000
url: http://42.193.21.115:31443/cx
file: 42.193.21.115
hash: 31443
url: http://140.143.167.58:8099/cm
file: 140.143.167.58
hash: 8099
url: http://47.94.153.149:8042/images/
file: 47.94.153.149
hash: 8042
url: http://140.143.167.58:8087/push
file: 140.143.167.58
hash: 8087
file: 49.72.46.23
hash: 8443
hash: eb01cd9dca82fbe466a2de552fd30704e836bac2ba842ecea316d24604650ca9
url: http://203.23.128.210/search/
file: 203.23.128.210
hash: 443
url: https://service-h4znnvjh-1306129509.sh.apigw.tencentcs.com/api/checklogin
file: 1.15.189.248
hash: 443
url: http://117.78.10.129/g.pixel
file: 117.78.10.129
hash: 80
url: https://sheopi.com/jquery-3.3.1.min.js
file: 162.244.81.132
hash: 443
url: https://87.117.239.76/jquery-3.3.1.min.js
file: 87.117.239.76
hash: 443
url: http://18.130.181.253/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
file: 18.130.181.253
hash: 443
url: https://167.179.113.11/jquery-3.3.1.min.js
file: 167.179.113.11
hash: 443
url: https://fanydoom.com/jquery-3.3.1.min.js
file: 162.244.82.249
hash: 443
url: https://clockleto.com/jquery-3.3.1.min.js
file: 185.105.7.242
hash: 443
url: https://159.203.80.24/jquery-3.3.1.min.js
file: 159.203.80.24
hash: 443
url: https://ferrolands.com/jquery-3.3.1.min.js
file: 162.244.81.66
hash: 443
url: https://zinccold.com/jquery-3.3.1.min.js
file: 107.181.161.205
hash: 443
url: https://173.82.232.149/jquery-3.3.1.min.js
file: 173.82.232.149
hash: 443
file: 13.225.205.143
hash: 443
url: https://www.burgerfuel-co.nz/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
file: 13.239.122.142
hash: 443
file: 13.225.63.52
hash: 443
url: https://brtryushy.com/jquery-3.3.1.min.js
file: 195.123.217.15
hash: 443
url: https://hhyuuvmqe.com/jquery-3.3.1.min.js
file: 82.117.252.144
hash: 443
url: https://medicosta.tk/jquery-3.3.1.min.js
file: 94.74.97.187
hash: 443
url: https://westdefe.com/jquery-3.3.1.min.js
file: 54.219.165.190
hash: 443
url: https://ipfuza.com/jquery-3.3.1.min.js
file: 82.117.252.145
hash: 443
file: 103.200.28.80
hash: 443
hash: 4a319b8f1d1ba41b28adf014f05d6b5ba5d80197e9695bf42244ad4f000ba460
hash: 6688153cb9fffebcd5b17ee46f45f8196c5db430529355be455d58adf8a594dc
hash: 3ac594b126713f599139d5bdbae9d4b18dd7d3b0b79760b4f4a06c1ad7bbd3e3
hash: 274dfbbc0adab4ad1fe4e213bb27de83ceccaffa0af2b0ca715becd6c6b7c53b
hash: b9ab3a8286457dfd86db00cb4cb67e6f99c2bc2a22b6b28caf9cb2f3ab47891d
hash: 5850cdb305a5ea4f2a45c06fcac3561e6f9eb29ca0e59ce09ffe60b7eefbef32
hash: d8a6406a6c07b2baff2d2f00aeef5a2e46c59b2813dbc36cd6c60eabee40b239
url: http://1.116.158.193/cx
file: 1.116.158.193
hash: 80
url: https://62.234.124.11/push
file: 62.234.124.11
hash: 443
url: http://www.baiducon.ml:8080/api/3
file: 121.5.167.18
hash: 8080
url: https://120.132.81.158/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
file: 120.132.81.158
hash: 443
hash: 139611db9da10328a2b5be1e8d4271441bc0153cec9ff86328f510789ea43319
hash: 6a885ab4f331bdcb0cb5a54fe6c294b3beacd32aa5b47e1941eaec333753fcaf
url: https://49.234.94.85:8443/fwlink
file: 49.234.94.85
hash: 8443
hash: c9243b55887e704e918c02ed16db3200dfa9bde648dc8ccb04f65d08f95966a0
hash: d4eb12198075efbd9f2c8e4894597bc2317b76a9fca5406ce156d1d1aedfd2c3
hash: 9a6023a8b502b7fe13fbd7c5007c69d02fcd90e98f5206acea450cbe37bd6f1a
hash: 1c578e3b87f2ca9f4cd4a17c7bdfa3c6a6f2b6a54fb5d55e41629dac86bc08cd
hash: ad0c449a72bc62d0b7120574f717e4cb9a1ef106a37755a105d9e7d7f2f26c3b
url: http://39.104.206.20:8080/ga.js
file: 39.104.206.20
hash: 8080
url: http://118.195.231.134:8080/g.pixel
file: 118.195.231.134
hash: 8080
hash: 51ade16a516268da4986c46f752cbab0b9d6b6897ea31089a633686bbcdf2a42
url: http://www.yyygaming.com/bqt25/
hash: 52a0c5144aca9384b448b185b3706e902ed5c7162dc824cddc95ecd2be0553cf
file: 103.254.96.194
hash: 147
url: http://www.bestdeals2020.store/bd2m/
file: 212.192.241.44
hash: 6587
file: 23.94.24.109
hash: 22876
hash: 9d9c3f6a912a92671727bbf63cb6002839aa8242c122bd3eeb61b5418c1b9ced
hash: d8e12a3a55aee1b94fd2b109da0f4e4602eeb18867f7e47936e7cb36e5f81f09
hash: df1c4dc83eba352719c9fe16ceb03ae177658b3255194cf0b9b7aa528f817e4f
hash: 7261315a18706897356f41e867b25c6f474a3b7aaa2e9f3f4bf9a4f2cb8cdb7c
hash: dea7b6be202e46ac8f5b7fb83eff7f2498911917e4590b980a6a7538e4ef239a
file: 3.131.207.170
hash: 13564
file: 3.22.53.161
hash: 13564
file: 3.128.107.74
hash: 13564
file: 52.14.18.129
hash: 13564
hash: 0d103eab2cdde80eeed3923bcb1ca3d209b94d63f271185d527087263adcbc0e
url: http://47.100.78.89:8081/sweetalert.min.js
hash: ab766824d461136c50054f2be6f4c8690de18e777cd7688b8f7ef0e6965ec8bd
file: 47.100.78.89
hash: 8081
url: https://185.198.57.155/pagead/id
file: 185.198.57.150
hash: 443
url: http://106.54.174.167:30001/g.pixel
file: 106.54.174.167
hash: 30001
url: https://66.98.118.68/ie9compatviewlist.xml
file: 66.98.118.68
hash: 443
url: https://108.160.132.72:50443/cx
file: 108.160.132.72
hash: 50443
url: http://45.158.231.141:3021/visit.js
file: 45.158.231.141
hash: 3021
url: http://119.23.225.78:1234/en_us/all.js
file: 119.23.225.78
hash: 1234
url: https://clouds.azuredges.com/search/
file: 167.179.102.242
hash: 443
url: https://soft-sells.com/oscp/
file: 78.31.67.79
hash: 443
url: http://45.125.57.232:5201/pixel.gif
file: 45.125.57.232
hash: 5201
url: http://45.32.104.178:2082/tab_shop_active
file: 45.32.104.178
hash: 2082
file: 172.105.20.193
hash: 80
url: http://opf5eo6zqsh7urmr.onion:8080/s/microsoft/download/update/2021/09/41501112_
file: 176.121.14.112
hash: 8080
file: 45.112.206.13
hash: 7799
url: http://10.65.242.154:4567/fwlink
file: 66.42.70.115
hash: 4567
url: http://106.55.153.204:8989/cx
file: 106.55.153.204
hash: 8989
url: http://192.168.138.136:8088/cm
file: 66.42.70.115
hash: 8088
url: http://45.133.216.59/ca
file: 45.133.216.59
hash: 80
url: https://service-g19koz1m-1253795072.gz.apigw.tencentcs.com/api/baidu/log
file: 164.155.73.115
hash: 443
url: https://47.75.96.198/cx
file: 47.75.96.198
hash: 443
url: https://42.51.12.162/__utm.gif
file: 42.51.12.162
hash: 443
url: http://1.15.151.47:8085/api/getit
file: 1.15.151.47
hash: 8085
url: http://10.72.152.75:9000/cwonajlbo/vtneww11212/
file: 185.243.114.227
hash: 9000
url: http://45.133.216.60/push
file: 45.133.216.60
hash: 80
url: https://81.71.149.131/updates.rss
file: 81.71.149.131
hash: 443
url: https://45.63.109.152:4433/push
file: 45.63.109.152
hash: 4433
url: http://144.34.162.250:1234/pixel
file: 144.34.162.250
hash: 1234
url: http://1.116.54.19:8077/en_us/all.js
file: 1.116.54.19
hash: 8077
url: http://m35927lma3.execute-api.us-east-1.amazonaws.com/api/fetch
file: 3.232.133.187
hash: 80
url: http://185.32.126.102/ga.js
file: 185.32.126.102
hash: 80
file: 185.198.57.155
hash: 443
url: http://185.111.245.22/fwlink
file: 185.111.245.22
hash: 80
url: http://45.133.216.58/updates.rss
file: 45.133.216.58
hash: 80
url: https://23.91.97.112/ie9compatviewlist.xml
file: 23.91.97.112
hash: 443
url: https://service-9o7hzc6d-1304459781.bj.apigw.tencentcs.com/api/getit
file: 82.156.188.38
hash: 443
url: http://106.13.204.169:7070/ca
file: 106.13.204.169
hash: 7070
url: http://185.93.6.31:8081/unqueue/tagline/b9ptnobh8
file: 185.93.6.31
hash: 8081
url: http://114.55.252.133:6060/cx
file: 114.55.252.133
hash: 6060
url: http://37.0.10.143/idle/0887257074/1
file: 37.0.10.143
hash: 80
url: http://139.129.103.193:9999/g.pixel
file: 139.129.103.193
hash: 9999
hash: 195289a2400f2cb9e94631539b23bc5b2f643e0b444d81485600ee62ea674d89
hash: 8756bca615d9140f087ae1df1fbbe56289b991a2efae64d61feb0a162e06d127
hash: eb4694ad3a62d2e007c0f0aba545d57af7dcb41b78504401bafda510d85d9a4f
hash: c794b0cf979f41374471d77bb1cf16eccb46af151a887044c02fe033143b2264
file: 83.69.2.130
hash: 1812
hash: be8eee8ab33809a48e85cc2feb51c655eeaee9d979d97c5f79d6a9ba68444299
hash: a4045a5c2ee24f0ed69d6ad71f26600f579bbf4c6632ee00e6aefef3300a7b04
hash: b7de37855e12c38f58033c6a938894bae2570e90a4df29b49f8e2e4de7934f1d
hash: 64c65ce49746a0b4d8b0b0faccbe145eb243b0ff2b828d60763b2eb5469c4322
url: http://onlygoodman.com/alti/gate.php
url: https://47.94.255.176:4431/en_us/all.js
file: 47.94.255.176
hash: 4431
hash: ab8896d700f8ea7a97a34fa87cb73de515f963992dad3b31d4523f5b7d445458
hash: c34e7a16bfd45436b06e9ce20bc36e7d4b0b1664c1ef0450ee9dbe882cba1850
hash: 21d40c045ea9793dcf3360e4fb82309da74575121731054845144da6b4c23e22

Source: ThreatFox MISP Feed

Published: Sun Sep 12 2021

ThreatFox IOCs for 2021-09-12

Medium

Malwaretype:osint tlp:white

Published: Sun Sep 12 2021 (09/12/2021, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2021-09-12

AI-Powered Analysis

AILast updated: 07/05/2025, 23:09:58 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: fe09b4cd-3d2d-418e-861a-2dfe0f6018cf
Original Timestamp: 1631491382

Indicators of Compromise

Hash

Value	Description	Copy
hashc1a14f1843802dca53f3deccb8598875ef68a6db5eb740a23bec6c2db1d99be9	Dridex payload (confidence level: 100%)
hashadc8e05648c951dcb4415aa0dc6c04c6008b7c9c2902888bb2d0e8b0004b594d	Dridex payload (confidence level: 100%)
hash8099	Cobalt Strike botnet C2 server (confidence level: 100%)
hasha57af9eef729f33f4137775c7d0f76fe43165015fa29fdb8bbc41a56f5f4c3ce	Dridex payload (confidence level: 100%)
hash17e5ea22e1d8a275b565147668dacc2964e274fb9329212df88832c8e042db99	Dridex payload (confidence level: 100%)
hasha0efa5591ef26d7ceed128afd7eadad808e81544aa138f8b9ce8cd817fe210d1	Dridex payload (confidence level: 100%)
hashdd367d40751ff266743b3ddd5b307636d62c602cd81d43b47aaff3a12babf968	Dridex payload (confidence level: 100%)
hash81	Cobalt Strike botnet C2 server (confidence level: 100%)
hash6666	Cobalt Strike botnet C2 server (confidence level: 100%)
hash50006	Cobalt Strike botnet C2 server (confidence level: 100%)
hash3333	Cobalt Strike botnet C2 server (confidence level: 100%)
hash6666	Cobalt Strike botnet C2 server (confidence level: 100%)
hash6666	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999	Cobalt Strike botnet C2 server (confidence level: 100%)
hash38080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999	Cobalt Strike botnet C2 server (confidence level: 100%)
hash3389	Cobalt Strike botnet C2 server (confidence level: 100%)
hash18080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8899	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9663	Cobalt Strike botnet C2 server (confidence level: 100%)
hash700	Cobalt Strike botnet C2 server (confidence level: 100%)
hash89	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8082	Cobalt Strike botnet C2 server (confidence level: 100%)
hash444	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9000	Cobalt Strike botnet C2 server (confidence level: 100%)
hash31443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8099	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8042	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8087	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 100%)
hasheb01cd9dca82fbe466a2de552fd30704e836bac2ba842ecea316d24604650ca9	Dridex payload (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4a319b8f1d1ba41b28adf014f05d6b5ba5d80197e9695bf42244ad4f000ba460	Dridex payload (confidence level: 100%)
hash6688153cb9fffebcd5b17ee46f45f8196c5db430529355be455d58adf8a594dc	Dridex payload (confidence level: 100%)
hash3ac594b126713f599139d5bdbae9d4b18dd7d3b0b79760b4f4a06c1ad7bbd3e3	Dridex payload (confidence level: 100%)
hash274dfbbc0adab4ad1fe4e213bb27de83ceccaffa0af2b0ca715becd6c6b7c53b	Agent Tesla payload (confidence level: 50%)
hashb9ab3a8286457dfd86db00cb4cb67e6f99c2bc2a22b6b28caf9cb2f3ab47891d	Agent Tesla payload (confidence level: 50%)
hash5850cdb305a5ea4f2a45c06fcac3561e6f9eb29ca0e59ce09ffe60b7eefbef32	Agent Tesla payload (confidence level: 50%)
hashd8a6406a6c07b2baff2d2f00aeef5a2e46c59b2813dbc36cd6c60eabee40b239	Agent Tesla payload (confidence level: 50%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash139611db9da10328a2b5be1e8d4271441bc0153cec9ff86328f510789ea43319	Dridex payload (confidence level: 100%)
hash6a885ab4f331bdcb0cb5a54fe6c294b3beacd32aa5b47e1941eaec333753fcaf	Dridex payload (confidence level: 100%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 100%)
hashc9243b55887e704e918c02ed16db3200dfa9bde648dc8ccb04f65d08f95966a0	Agent Tesla payload (confidence level: 50%)
hashd4eb12198075efbd9f2c8e4894597bc2317b76a9fca5406ce156d1d1aedfd2c3	Agent Tesla payload (confidence level: 50%)
hash9a6023a8b502b7fe13fbd7c5007c69d02fcd90e98f5206acea450cbe37bd6f1a	Agent Tesla payload (confidence level: 50%)
hash1c578e3b87f2ca9f4cd4a17c7bdfa3c6a6f2b6a54fb5d55e41629dac86bc08cd	Agent Tesla payload (confidence level: 50%)
hashad0c449a72bc62d0b7120574f717e4cb9a1ef106a37755a105d9e7d7f2f26c3b	Dridex payload (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash51ade16a516268da4986c46f752cbab0b9d6b6897ea31089a633686bbcdf2a42	Dridex payload (confidence level: 100%)
hash52a0c5144aca9384b448b185b3706e902ed5c7162dc824cddc95ecd2be0553cf	Dridex payload (confidence level: 100%)
hash147	NjRAT botnet C2 server (confidence level: 100%)
hash6587	Mirai botnet C2 server (confidence level: 75%)
hash22876	Bashlite botnet C2 server (confidence level: 75%)
hash9d9c3f6a912a92671727bbf63cb6002839aa8242c122bd3eeb61b5418c1b9ced	AsyncRAT payload (confidence level: 50%)
hashd8e12a3a55aee1b94fd2b109da0f4e4602eeb18867f7e47936e7cb36e5f81f09	AsyncRAT payload (confidence level: 50%)
hashdf1c4dc83eba352719c9fe16ceb03ae177658b3255194cf0b9b7aa528f817e4f	AsyncRAT payload (confidence level: 50%)
hash7261315a18706897356f41e867b25c6f474a3b7aaa2e9f3f4bf9a4f2cb8cdb7c	AsyncRAT payload (confidence level: 50%)
hashdea7b6be202e46ac8f5b7fb83eff7f2498911917e4590b980a6a7538e4ef239a	Dridex payload (confidence level: 100%)
hash13564	NjRAT botnet C2 server (confidence level: 100%)
hash13564	NjRAT botnet C2 server (confidence level: 100%)
hash13564	NjRAT botnet C2 server (confidence level: 100%)
hash13564	NjRAT botnet C2 server (confidence level: 100%)
hash0d103eab2cdde80eeed3923bcb1ca3d209b94d63f271185d527087263adcbc0e	Dridex payload (confidence level: 100%)
hashab766824d461136c50054f2be6f4c8690de18e777cd7688b8f7ef0e6965ec8bd	Dridex payload (confidence level: 100%)
hash8081	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash30001	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash50443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash3021	Cobalt Strike botnet C2 server (confidence level: 100%)
hash1234	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash5201	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2082	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash7799	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4567	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8989	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8088	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8085	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9000	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433	Cobalt Strike botnet C2 server (confidence level: 100%)
hash1234	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8077	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash7070	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081	Cobalt Strike botnet C2 server (confidence level: 100%)
hash6060	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999	Cobalt Strike botnet C2 server (confidence level: 100%)
hash195289a2400f2cb9e94631539b23bc5b2f643e0b444d81485600ee62ea674d89	Glupteba payload (confidence level: 50%)
hash8756bca615d9140f087ae1df1fbbe56289b991a2efae64d61feb0a162e06d127	Glupteba payload (confidence level: 50%)
hasheb4694ad3a62d2e007c0f0aba545d57af7dcb41b78504401bafda510d85d9a4f	Glupteba payload (confidence level: 50%)
hashc794b0cf979f41374471d77bb1cf16eccb46af151a887044c02fe033143b2264	Glupteba payload (confidence level: 50%)
hash1812	RMS botnet C2 server (confidence level: 100%)
hashbe8eee8ab33809a48e85cc2feb51c655eeaee9d979d97c5f79d6a9ba68444299	Dridex payload (confidence level: 100%)
hasha4045a5c2ee24f0ed69d6ad71f26600f579bbf4c6632ee00e6aefef3300a7b04	Dridex payload (confidence level: 100%)
hashb7de37855e12c38f58033c6a938894bae2570e90a4df29b49f8e2e4de7934f1d	Dridex payload (confidence level: 100%)
hash64c65ce49746a0b4d8b0b0faccbe145eb243b0ff2b828d60763b2eb5469c4322	Dridex payload (confidence level: 100%)
hash4431	Cobalt Strike botnet C2 server (confidence level: 100%)
hashab8896d700f8ea7a97a34fa87cb73de515f963992dad3b31d4523f5b7d445458	Dridex payload (confidence level: 100%)
hashc34e7a16bfd45436b06e9ce20bc36e7d4b0b1664c1ef0450ee9dbe882cba1850	Dridex payload (confidence level: 100%)
hash21d40c045ea9793dcf3360e4fb82309da74575121731054845144da6b4c23e22	Dridex payload (confidence level: 100%)

Url

Value	Description	Copy
urlhttp://1.15.187.165:8099/__utm.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://tww24.ru/secureapiwindows.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://106.13.178.189:81/mg	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://222.93.38.215:6666/visit.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://120.79.67.51:50006/dpixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.108.184.159:3333/api/getit	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://106.55.56.224:6666/visit.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://49.235.98.228:6666/c/msdownload/update/others/2016/12/29136388_	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://192.168.1.104:4444/cm	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://127.0.0.1:9999/wp06/wp-includes/po.php	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://52.80.127.131:38080/ptj	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.36.165.78:9999/push	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.117.46.121:3389/ajax/libs/jquery/3.3.1/jquery.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://49.234.112.148:18080/pixel.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://104.21.24.159/__utm.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.15.38.86:8899/cx	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://203.23.128.210:9663/search/	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.102.130.106:700/match	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://139.198.175.232:89/en_us/all.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://134.175.4.207/push	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://118.31.16.93/fwlink	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.14.131.141:8082/updates.rss	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://39.106.60.91:444/push	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.116.83.241:9000/ga.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://42.193.21.115:31443/cx	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://140.143.167.58:8099/cm	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.94.153.149:8042/images/	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://140.143.167.58:8087/push	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://203.23.128.210/search/	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://service-h4znnvjh-1306129509.sh.apigw.tencentcs.com/api/checklogin	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://117.78.10.129/g.pixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://sheopi.com/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://87.117.239.76/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://18.130.181.253/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://167.179.113.11/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://fanydoom.com/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://clockleto.com/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://159.203.80.24/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://ferrolands.com/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://zinccold.com/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://173.82.232.149/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.burgerfuel-co.nz/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://brtryushy.com/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://hhyuuvmqe.com/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://medicosta.tk/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://westdefe.com/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://ipfuza.com/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.116.158.193/cx	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://62.234.124.11/push	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://www.baiducon.ml:8080/api/3	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://120.132.81.158/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://49.234.94.85:8443/fwlink	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://39.104.206.20:8080/ga.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://118.195.231.134:8080/g.pixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://www.yyygaming.com/bqt25/	Formbook botnet C2 (confidence level: 100%)
urlhttp://www.bestdeals2020.store/bd2m/	Formbook botnet C2 (confidence level: 100%)
urlhttp://47.100.78.89:8081/sweetalert.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://185.198.57.155/pagead/id	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://106.54.174.167:30001/g.pixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://66.98.118.68/ie9compatviewlist.xml	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://108.160.132.72:50443/cx	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.158.231.141:3021/visit.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://119.23.225.78:1234/en_us/all.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://clouds.azuredges.com/search/	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://soft-sells.com/oscp/	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.125.57.232:5201/pixel.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.32.104.178:2082/tab_shop_active	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://opf5eo6zqsh7urmr.onion:8080/s/microsoft/download/update/2021/09/41501112_	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://10.65.242.154:4567/fwlink	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://106.55.153.204:8989/cx	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://192.168.138.136:8088/cm	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.133.216.59/ca	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://service-g19koz1m-1253795072.gz.apigw.tencentcs.com/api/baidu/log	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://47.75.96.198/cx	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://42.51.12.162/__utm.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.15.151.47:8085/api/getit	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://10.72.152.75:9000/cwonajlbo/vtneww11212/	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.133.216.60/push	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://81.71.149.131/updates.rss	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://45.63.109.152:4433/push	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://144.34.162.250:1234/pixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.116.54.19:8077/en_us/all.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://m35927lma3.execute-api.us-east-1.amazonaws.com/api/fetch	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://185.32.126.102/ga.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://185.111.245.22/fwlink	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.133.216.58/updates.rss	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://23.91.97.112/ie9compatviewlist.xml	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://service-9o7hzc6d-1304459781.bj.apigw.tencentcs.com/api/getit	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://106.13.204.169:7070/ca	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://185.93.6.31:8081/unqueue/tagline/b9ptnobh8	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://114.55.252.133:6060/cx	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://37.0.10.143/idle/0887257074/1	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://139.129.103.193:9999/g.pixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://onlygoodman.com/alti/gate.php	Pony botnet C2 (confidence level: 100%)
urlhttps://47.94.255.176:4431/en_us/all.js	Cobalt Strike botnet C2 (confidence level: 100%)

File

Value	Description	Copy
file1.15.187.165	Cobalt Strike botnet C2 server (confidence level: 100%)
file106.13.178.189	Cobalt Strike botnet C2 server (confidence level: 100%)
file222.93.38.215	Cobalt Strike botnet C2 server (confidence level: 100%)
file120.79.67.51	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.108.184.159	Cobalt Strike botnet C2 server (confidence level: 100%)
file106.55.56.224	Cobalt Strike botnet C2 server (confidence level: 100%)
file49.235.98.228	Cobalt Strike botnet C2 server (confidence level: 100%)
file121.4.193.179	Cobalt Strike botnet C2 server (confidence level: 100%)
file1.116.125.251	Cobalt Strike botnet C2 server (confidence level: 100%)
file52.80.127.131	Cobalt Strike botnet C2 server (confidence level: 100%)
file121.36.165.78	Cobalt Strike botnet C2 server (confidence level: 100%)
file1.117.46.121	Cobalt Strike botnet C2 server (confidence level: 100%)
file49.234.112.148	Cobalt Strike botnet C2 server (confidence level: 100%)
file120.55.58.254	Cobalt Strike botnet C2 server (confidence level: 100%)
file8.129.227.26	Cobalt Strike botnet C2 server (confidence level: 100%)
file1.15.38.86	Cobalt Strike botnet C2 server (confidence level: 100%)
file203.23.128.210	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.102.130.106	Cobalt Strike botnet C2 server (confidence level: 100%)
file139.198.175.232	Cobalt Strike botnet C2 server (confidence level: 100%)
file134.175.4.207	Cobalt Strike botnet C2 server (confidence level: 100%)
file118.31.16.93	Cobalt Strike botnet C2 server (confidence level: 100%)
file1.14.131.141	Cobalt Strike botnet C2 server (confidence level: 100%)
file39.106.60.91	Cobalt Strike botnet C2 server (confidence level: 100%)
file1.116.83.241	Cobalt Strike botnet C2 server (confidence level: 100%)
file42.193.21.115	Cobalt Strike botnet C2 server (confidence level: 100%)
file140.143.167.58	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.94.153.149	Cobalt Strike botnet C2 server (confidence level: 100%)
file140.143.167.58	Cobalt Strike botnet C2 server (confidence level: 100%)
file49.72.46.23	Cobalt Strike botnet C2 server (confidence level: 100%)
file203.23.128.210	Cobalt Strike botnet C2 server (confidence level: 100%)
file1.15.189.248	Cobalt Strike botnet C2 server (confidence level: 100%)
file117.78.10.129	Cobalt Strike botnet C2 server (confidence level: 100%)
file162.244.81.132	Cobalt Strike botnet C2 server (confidence level: 100%)
file87.117.239.76	Cobalt Strike botnet C2 server (confidence level: 100%)
file18.130.181.253	Cobalt Strike botnet C2 server (confidence level: 100%)
file167.179.113.11	Cobalt Strike botnet C2 server (confidence level: 100%)
file162.244.82.249	Cobalt Strike botnet C2 server (confidence level: 100%)
file185.105.7.242	Cobalt Strike botnet C2 server (confidence level: 100%)
file159.203.80.24	Cobalt Strike botnet C2 server (confidence level: 100%)
file162.244.81.66	Cobalt Strike botnet C2 server (confidence level: 100%)
file107.181.161.205	Cobalt Strike botnet C2 server (confidence level: 100%)
file173.82.232.149	Cobalt Strike botnet C2 server (confidence level: 100%)
file13.225.205.143	Cobalt Strike botnet C2 server (confidence level: 100%)
file13.239.122.142	Cobalt Strike botnet C2 server (confidence level: 100%)
file13.225.63.52	Cobalt Strike botnet C2 server (confidence level: 100%)
file195.123.217.15	Cobalt Strike botnet C2 server (confidence level: 100%)
file82.117.252.144	Cobalt Strike botnet C2 server (confidence level: 100%)
file94.74.97.187	Cobalt Strike botnet C2 server (confidence level: 100%)
file54.219.165.190	Cobalt Strike botnet C2 server (confidence level: 100%)
file82.117.252.145	Cobalt Strike botnet C2 server (confidence level: 100%)
file103.200.28.80	Cobalt Strike botnet C2 server (confidence level: 100%)
file1.116.158.193	Cobalt Strike botnet C2 server (confidence level: 100%)
file62.234.124.11	Cobalt Strike botnet C2 server (confidence level: 100%)
file121.5.167.18	Cobalt Strike botnet C2 server (confidence level: 100%)
file120.132.81.158	Cobalt Strike botnet C2 server (confidence level: 100%)
file49.234.94.85	Cobalt Strike botnet C2 server (confidence level: 100%)
file39.104.206.20	Cobalt Strike botnet C2 server (confidence level: 100%)
file118.195.231.134	Cobalt Strike botnet C2 server (confidence level: 100%)
file103.254.96.194	NjRAT botnet C2 server (confidence level: 100%)
file212.192.241.44	Mirai botnet C2 server (confidence level: 75%)
file23.94.24.109	Bashlite botnet C2 server (confidence level: 75%)
file3.131.207.170	NjRAT botnet C2 server (confidence level: 100%)
file3.22.53.161	NjRAT botnet C2 server (confidence level: 100%)
file3.128.107.74	NjRAT botnet C2 server (confidence level: 100%)
file52.14.18.129	NjRAT botnet C2 server (confidence level: 100%)
file47.100.78.89	Cobalt Strike botnet C2 server (confidence level: 100%)
file185.198.57.150	Cobalt Strike botnet C2 server (confidence level: 100%)
file106.54.174.167	Cobalt Strike botnet C2 server (confidence level: 100%)
file66.98.118.68	Cobalt Strike botnet C2 server (confidence level: 100%)
file108.160.132.72	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.158.231.141	Cobalt Strike botnet C2 server (confidence level: 100%)
file119.23.225.78	Cobalt Strike botnet C2 server (confidence level: 100%)
file167.179.102.242	Cobalt Strike botnet C2 server (confidence level: 100%)
file78.31.67.79	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.125.57.232	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.32.104.178	Cobalt Strike botnet C2 server (confidence level: 100%)
file172.105.20.193	Cobalt Strike botnet C2 server (confidence level: 100%)
file176.121.14.112	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.112.206.13	Cobalt Strike botnet C2 server (confidence level: 100%)
file66.42.70.115	Cobalt Strike botnet C2 server (confidence level: 100%)
file106.55.153.204	Cobalt Strike botnet C2 server (confidence level: 100%)
file66.42.70.115	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.133.216.59	Cobalt Strike botnet C2 server (confidence level: 100%)
file164.155.73.115	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.75.96.198	Cobalt Strike botnet C2 server (confidence level: 100%)
file42.51.12.162	Cobalt Strike botnet C2 server (confidence level: 100%)
file1.15.151.47	Cobalt Strike botnet C2 server (confidence level: 100%)
file185.243.114.227	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.133.216.60	Cobalt Strike botnet C2 server (confidence level: 100%)
file81.71.149.131	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.63.109.152	Cobalt Strike botnet C2 server (confidence level: 100%)
file144.34.162.250	Cobalt Strike botnet C2 server (confidence level: 100%)
file1.116.54.19	Cobalt Strike botnet C2 server (confidence level: 100%)
file3.232.133.187	Cobalt Strike botnet C2 server (confidence level: 100%)
file185.32.126.102	Cobalt Strike botnet C2 server (confidence level: 100%)
file185.198.57.155	Cobalt Strike botnet C2 server (confidence level: 100%)
file185.111.245.22	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.133.216.58	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.91.97.112	Cobalt Strike botnet C2 server (confidence level: 100%)
file82.156.188.38	Cobalt Strike botnet C2 server (confidence level: 100%)
file106.13.204.169	Cobalt Strike botnet C2 server (confidence level: 100%)
file185.93.6.31	Cobalt Strike botnet C2 server (confidence level: 100%)
file114.55.252.133	Cobalt Strike botnet C2 server (confidence level: 100%)
file37.0.10.143	Cobalt Strike botnet C2 server (confidence level: 100%)
file139.129.103.193	Cobalt Strike botnet C2 server (confidence level: 100%)
file83.69.2.130	RMS botnet C2 server (confidence level: 100%)
file47.94.255.176	Cobalt Strike botnet C2 server (confidence level: 100%)

Threat ID: 68359c9a5d5f0974d01e2625

Added to database: 5/27/2025, 11:06:02 AM

Last enriched: 7/5/2025, 11:09:58 PM

Last updated: 8/11/2025, 8:27:53 AM

Related Threats

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2021-09-12

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2021-09-12

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Hash

Url

File

Related Threats

ThreatFox IOCs for 2025-08-17

ThreatFox IOCs for 2025-08-16

Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities

ThreatFox IOCs for 2025-08-15

Threat Actor Profile: Interlock Ransomware

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility