ThreatFox IOCs for 2021-09-17
Severity: mediumType: malware
ThreatFox IOCs for 2021-09-17
AI Analysis
Technical Summary
The provided threat intelligence relates to a set of Indicators of Compromise (IOCs) published by ThreatFox on September 17, 2021. These IOCs are associated with malware activity, as indicated by the 'type' field. However, the information is primarily OSINT (Open Source Intelligence) in nature, with no specific affected software versions or products identified beyond the general 'osint' product category. The threat is categorized with a medium severity level by the source, but lacks detailed technical specifics such as attack vectors, payload behavior, or exploitation methods. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination but limited analysis depth. No known exploits in the wild have been reported, and no Common Weakness Enumerations (CWEs) or patch links are provided. The absence of indicators such as IP addresses, domains, or file hashes limits the ability to perform targeted detection or response. Overall, this threat intelligence entry appears to be a general alert or collection of IOCs related to malware activity observed around the publication date, without detailed actionable technical data or attribution.
Potential Impact
Given the lack of specific affected products or vulnerabilities, the direct impact on European organizations is difficult to quantify precisely. However, the presence of malware-related IOCs suggests potential risks including unauthorized access, data exfiltration, or disruption if these IOCs correspond to active threat campaigns. European organizations relying on OSINT feeds for threat detection may benefit from integrating these IOCs to enhance situational awareness. The medium severity rating implies a moderate risk level, possibly reflecting the potential for malware infections that could compromise confidentiality, integrity, or availability. Without known exploits or detailed attack vectors, the immediate threat to operational environments is limited but should not be disregarded, especially for sectors with high exposure to malware threats such as finance, critical infrastructure, and government entities.
Mitigation Recommendations
To mitigate risks associated with this threat, European organizations should: 1) Integrate the provided IOCs into existing security monitoring tools such as SIEMs, endpoint detection and response (EDR) platforms, and intrusion detection systems (IDS) to improve detection capabilities. 2) Maintain up-to-date threat intelligence feeds and correlate these IOCs with internal logs to identify potential compromises. 3) Conduct regular malware scanning and behavioral analysis on endpoints and network traffic to detect anomalies related to the IOCs. 4) Enhance user awareness training focusing on malware infection vectors, even though specific vectors are not detailed here. 5) Implement network segmentation and least privilege principles to limit malware propagation if an infection occurs. 6) Since no patches or CVEs are associated, focus on proactive detection and response rather than patch management for this specific threat. 7) Collaborate with national Computer Security Incident Response Teams (CSIRTs) to share findings and receive updated intelligence.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- hash: f841c148a74a9097fbdb7e8b2ae3e0038ca102c63cd8eeb2d3b91fe987eb602e
- hash: 056306026287204884f17ad0619c5ca77617116dc63ba95ad0c9bd919f2cf57c
- hash: a36e8429d80af5b625a5135f7129917ce5308c6fa7f2ab635305b831cb9b833e
- file: 80.78.24.203
- hash: 36063
- hash: cddc5dc4113497e2236713b0ad558b89e194a5fd5f68a827872f698caf830374
- hash: 3b6636d54d3798272a9b5dfff832e7686f8fc9f83ccf9298c7f30ba1fc91ddd6
- hash: 264de686a45da08d2a7061c948a3fd59619a218eafb26788639d8442981fe4d2
- hash: c83f6916b9e38f13b1d43a22d26109c58202cf83e772e9cb1517be3ec1e2cc43
- hash: 6f554fa60f40b4821dcb2397b028610306bcaca7bd2a8e66ef7b1123e6113a1e
- hash: ec43eae2ad39202c3f29f9067e8cecfc0bb35f651e1f9a6278955d06b4b864f1
- hash: 9c265529f2e076272c41ef09c571bd2bc59c94d26fcd2af68af90d7e97d0b0c9
- hash: 46613f582071e6b9b887c1d9f95330569558c4d5f24e68a14c9b8dcbe19a4431
- url: https://198.46.188.150/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
- file: 198.46.188.150
- hash: 443
- url: http://121.4.193.179:6666/cm
- file: 121.4.193.179
- hash: 6666
- url: https://106.55.155.117/j.ad
- file: 106.55.155.117
- hash: 443
- url: https://58.218.215.139/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
- url: https://27.221.44.41/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
- url: https://119.84.129.105/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
- url: http://139.224.239.145/match
- file: 139.224.239.145
- hash: 80
- url: https://42.192.69.109/jquery-3.3.1.min.js
- url: https://106.13.234.59/cx
- file: 106.13.234.59
- hash: 443
- url: https://43.231.0.186/_/scs/mail-static/_/js/
- file: 43.231.0.186
- hash: 443
- url: http://121.5.90.10:8866/ca
- file: 121.5.90.10
- hash: 8866
- url: http://42.192.206.174/cm
- file: 42.192.206.174
- hash: 80
- url: http://114.67.224.147:8081/api/x
- file: 114.67.224.147
- hash: 8081
- url: http://81.69.10.50/push
- file: 121.4.177.210
- hash: 80
- url: http://service-qgviw7sx-1302014318.bj.apigw.tencentcs.com/api/x
- file: 114.67.224.147
- hash: 80
- url: https://95.169.0.244:8443/ga.js
- file: 95.169.0.244
- hash: 8443
- url: http://81.71.149.131/activity
- file: 81.71.149.131
- hash: 80
- url: https://119.45.102.150/__utm.gif
- file: 119.45.102.150
- hash: 443
- hash: 10fdaf34f4dbf1aa9a95c6ca3ab7c43bd2ca50f916de6ecde255330db1c9c4f8
- hash: ebe19d7cd5874d23f51928fc05ccb7abbdb61eede43adfb9338e72ed65e3c58a
- hash: f536ed1955cb9d7267f56d420c3ee3cc478c7ae89fb59b8c11b120154f8c7934
- hash: eeac61bec20e05be50b2310caa109453e28a304f5825cf37e60f1ee9318f8f36
- hash: b055e5374fbcba3310437d9a0253743eae61d26d5f1f8f6993e9399c43c5cfcf
- hash: f88037f4bd8025b47e651ced61dc835dcbc9f36e884eda6b8dcf6a202e64bd42
- hash: ed9943828433ff787e7d158297ce2e6dbcd986486a8f935321183a0a40802b84
- hash: e14a937791a4181213916115fdc6e5f5cca4dd8de6dc2756377d2382ba76b788
- url: https://119.91.99.115/fwlink
- file: 119.91.99.115
- hash: 443
- file: 119.91.120.76
- hash: 8443
- url: http://120.78.196.37:8888/cm
- file: 120.78.196.37
- hash: 8888
- url: https://139.9.201.156:9090/home/system/session_log.js
- file: 139.9.201.156
- hash: 9090
- hash: e40ec601c0834a1adb0ee0f7adf632d6556d015aae6091bcff5da1b921eca1d0
- hash: 64ab3b544196119b0da2c2c13b5823abb4dbda261cfe7053a69d2b13710a3e9e
- hash: bbdd3ae610f911d1298595244aea05691e32438e920871e81290c8ed8b494e1d
- hash: c008943d41a58d2d6ec27fd736fc71f4e2273a8cb9f35782beb4f173dcf3a596
- hash: 2272757c4b39091770cacfba11bd6f40dab97e928adfb860ae5cba7753c0d4ab
- hash: 9cc6b47d1550a88dad2807babcf0d27b82851a3be30134a806007c9b14a61b67
- hash: 253015323c110bb4f685e1e6ee04c83d37eb8078788cbc99ff575a1f1bf65536
- hash: 57c43cbf1757f0288ea131eefd66201e68e8dec2c39b762c7d8bf81a8255e338
- url: http://179.43.175.24/
- url: https://3.236.53.16/wp-content/themes/calliope/wp_data.php
- file: 3.236.53.16
- hash: 443
- file: 45.144.225.74
- hash: 6587
- file: 195.206.105.10
- hash: 3988
- file: 103.232.55.66
- hash: 2257
- file: 45.144.225.194
- hash: 2424
- hash: db8d6fe52081146d53e3b98ad2e5f191f65ce2d454b0984810fa12acbdbe0de0
- hash: 33b0199d684c521a4ca3cd5ed37820ad9caf37c283e65e387ab1554f6100636f
- hash: 17e567658f48ed3e0a509acf67341306779a408aaf03e4377b6228e154136b01
- hash: 43f6ad854267974db380b33b4f8b809b57acd28d9fd4448841decd63686e1f74
- hash: 977e5ce44a0ca0b374857f1f9ba476376ab41b7edf1117a3f5b805a69244f6f1
- hash: 6497a1878d2676ba6e4184692baceb2147f09a0cf6ce117ff09c8d759a64d3df
- hash: 6eb1bbd70e16ef52f4c553ecdee2a340a2b32216244b6ceb18bb83da7fbfcbe8
- hash: 62379a86fa09b99154d4c125dd89ce9944b81e4663767cce7387e9e675e9649c
- file: 41.47.35.252
- hash: 5552
- url: http://103.141.138.110/p2//6.jpg
- url: http://103.141.138.110/p2//1.jpg
- url: http://103.141.138.110/p2//7.jpg
- url: http://103.141.138.110/p2//2.jpg
- url: http://103.141.138.110/p2//3.jpg
- url: http://103.141.138.110/p2//4.jpg
- url: http://103.141.138.110/p2//5.jpg
- file: 192.169.69.25
- hash: 3883
- url: http://fortillinco.com/raeymnbvcxz/index.php
- hash: cae812a6b8075600f07a4961f64478a269a03963914d161365f3c13083406214
- hash: a05fbff7d4db14ee5b56af44404b6db2c83711a9d9f1c6cb8cbe3d94731f0eef
- hash: 8eccc08f4273d3f087159c5ee06078142c130ebd84cdd7a1c5d40538099cb037
- hash: e23e49be062d9fc0f79cb1298323d061c6001b50baa15e9a3951855acee2217c
- url: https://www.800best.ml:8443/visit.js
- file: 101.32.29.242
- hash: 8443
- hash: 4443f2dafc7765b803f925a466f7d44e9fa83695aaaf4cb2ad26bc2a31ba6f29
- url: http://136.144.41.34/index.php
- hash: ae44ac39386b17ff52d301bf4948ea92a0b4342b21b04dd971acb443aee99c2b
- hash: 7be41e3fefc1cc39bf62f18d8277bc02a2a6b296e1ceed58d418cc5c525c4344
- hash: 6ef2f31a3870a15cf0e66fa2c301e4c2309603036bc7ce3c2bf51b0754c98e9a
- hash: d6ff424b0c33b42a56588a6f84ad21a47498ae3c7f6b838528b0a253c286ceae
- hash: 81085cb9e95c0651090d65cb48ab5a63585412e95ef1713e34ce9390f61dd405
- hash: 0abd04a36867fbc5ccb5aada6cc15cb4160ad6509285bbf4739f41ce297999e1
- hash: e65c6e141516a7d76fe7c1e3bcc5433758fa627dfd6c18f65504efcfa62d4855
- hash: 930ad6fbbfbac743f4097748a7af399d3fbb61b1ba36bc6230803dcdfb357640
- url: http://136.144.41.251/oxxs/index.php
- url: https://103.228.111.60/ga.js
- file: 103.228.111.60
- hash: 443
- file: 185.157.162.92
- hash: 2036
- hash: 8b1949f624ae24ef9dcbf1543b10bfa591eee33e72bd50a5b562de993a0ab42a
- hash: 9ea20974c3dd23aea9ccc7868c8845eca892f182e0822b5587802112e078fd71
- hash: fe25c5a262fad8d12d0d8bf6cb91f94ea918939d8f57f9b88b5b01b063bb10eb
- hash: 86292e31581bf57336de03045c772a2dbf46215a72ad1e92d01de0d11c6cc3cc
- hash: 3f18ae3357dc0d67f836e29dbf60653f50046f826ee5ff491bfe9d59980cfd12
- hash: a8f6ca7f9cc2f28d0b0aea3407cf000e2e00816f5d58eef7f3f7a7a4cb1d0934
- hash: b0b88bd5ef4cb0e3197d653775e474e1adb118d000a527c7646dd3e961c475b5
- hash: ea928f16176fa1b028d925b3e7f5a0ea65b49f150a4ce006ffffdf390cf6f147
- url: http://maurizio.ug/
- hash: edc0a4121333b0deffc1aa3d550f8a81201d9c74ec923307f582fbc8f0233778
- hash: ff5c1829e2ad044ec148a71766e4cd62ca12a528062e7da001c787cfb37be27d
- hash: c72a8d4a75e6699689f259bdc80b0753de3afd7c24000bc922417c05a40abee1
- hash: c1a5d539482f5ed44eb4210edec929183fa0165c627436959f3cdcd33a46de21
- hash: 775b2737d01dc92ab8a254ecb1cb22f6495e14beee2bfb3de161868ebe550c0b
- hash: a0493291280f4b506cc0e2c7499fb73ff42526e77eac2601dde8ab3b28575b43
- hash: 5b46306960a72fa5c18202d39cebb280db0a2b22a71db74bbe8d00326cad1a87
- hash: ea6ae2a7a1f49f41c5130d384202423e5dcbbc151bccd6a77a01e7c4de5edbe9
- hash: 2a87d451055feeae538e7a7a5d024fbbd01e9e0d7194b0c7285753b1cf5281cf
- hash: 5d986c790bfe29d80e717e496875663f395b950e4c34518d433367d1307ef5f2
- hash: e9ddcfc4882f4a4209c9b7aae82b2b6ab2f857311d0c6076d454a815b0671086
- hash: 2e7105e018a295b803c8134dc4f42759259659a0de81909f31ca49502fbc9747
- hash: 3741262cdeb955637773e8bd3523fd293bdaca536a526d49c904d059fb050ec4
- hash: 950966ae2b19ece91a5d935a5876b9627679635271db31fe72a1dd8413975bc9
- domain: limerugaf.top
- hash: e81ead735c4baf75702a3a591c87734e7d0914dac55d09b118ff9d14eb2740d6
- hash: 8f1b0affffb2f2f58b477515d1ce54f4daa40a761d828041603d5536c2d53539
- file: 20.52.46.119
- hash: 52190
- url: http://c7f8u8m7.stackpathcdn.com:443/jq/jquery-3.5.1.min.js
- file: 103.153.78.241
- hash: 7851
- file: 79.141.161.20
- hash: 443
- file: 185.123.53.52
- hash: 443
- domain: bookmaker.bid
- domain: dollinopole.uno
- domain: gergreedyk.fun
- domain: ichartpointcoma.site
- domain: xanderboghart.cyou
- domain: yangyuexiao.xyz
- file: 194.147.140.20
- hash: 3500
- url: https://104.248.169.33:8080/__utm.gif
- file: 104.248.169.33
- hash: 8080
- url: https://45.32.61.165:65532/jquery-3.3.1.min.js
- file: 45.32.61.165
- hash: 65532
- url: http://ttxs.aexhausts.com/update
- file: 103.198.241.55
- hash: 80
- url: https://23.225.169.179:2323/pixel.gif
- file: 23.225.169.179
- hash: 2323
- url: http://a0.awsstatic.com/
- file: 37.120.247.55
- hash: 80
- url: https://d3uy3mhu32jsrt.cloudfront.net/access/
- url: https://d3illv0fqt0o34.cloudfront.net/access/
- url: https://d2h5czmgmnglbm.cloudfront.net/access/
- url: https://d2mkv57ylq4vf6.cloudfront.net/access/
- file: 3.235.251.32
- hash: 443
- url: http://89.41.182.62:8054/link/v1.57/5yvg1h2m
- file: 89.41.182.62
- hash: 8054
- file: 45.89.106.218
- hash: 443
- url: https://119.29.70.150:8081/c/msdownload/update/others/2021/02/123125789_
- file: 119.29.70.150
- hash: 8081
- url: http://45.9.148.102:8080/user.jsp
- file: 45.9.148.102
- hash: 8080
- url: http://syncmetric.biz/g/rfer=nmn_fr_gees_1/22-75479-177-2546843/field-keywords=books
- url: http://45.89.106.217/g/rfer=nmn_fr_gees_1/22-75479-177-2546843/field-keywords=books
- file: 45.89.106.217
- hash: 80
- url: http://45.135.116.233:8081/j.ad
- file: 45.135.116.233
- hash: 8081
- url: http://80.85.156.254/b/intesd/cvxdcfwdepgk
- file: 80.85.156.254
- hash: 80
- url: http://106.15.88.23:8877/ptj
- file: 106.15.88.23
- hash: 8877
- url: http://107.191.53.84:3060/s/ref=nb_sb_noss_1/167-3294888-0522950/field-keywords=books
- file: 107.191.53.84
- hash: 3060
- url: http://www.crowdfunder.space:8880/jquery-3.3.1.min.js
- file: 92.38.160.120
- hash: 8880
- url: http://45.92.156.97:8081/updates.rss
- file: 45.92.156.97
- hash: 8081
- url: http://45.92.156.97:8080/fwlink
- file: 45.92.156.97
- hash: 8080
- url: http://139.159.160.52:8899/en_us/all.js
- file: 139.159.160.52
- hash: 8899
- url: http://154.92.15.72:4444/pixel.gif
- file: 154.92.15.72
- hash: 4444
- url: https://199.19.224.92/cx
- file: 199.19.224.92
- hash: 443
- url: https://motivationalhindi.in/
- file: 37.120.247.55
- hash: 443
- url: http://120.24.175.206/__utm.gif
- file: 120.24.175.206
- hash: 80
- url: https://101.33.118.121:8443/updates.rss
- file: 101.33.118.121
- hash: 8443
- url: http://hhyuuvmqe.com/jquery-3.3.1.min.js
- file: 82.117.252.144
- hash: 80
- url: http://108.62.141.237/bg.html
- file: 108.62.141.237
- hash: 80
- url: http://tk.fxtec.site:8080/ptj
- file: 192.169.6.254
- hash: 8080
- url: https://211.23.160.81/push
- file: 211.23.160.81
- hash: 443
- url: http://104.168.171.41:2222/ga.js
- file: 104.168.171.41
- hash: 2222
- url: http://146.56.100.64/dpixel
- file: 146.56.100.64
- hash: 80
- url: http://34.92.188.55:50000/functionalstatus/hulib6gopbgtjwzm7dcnecnkfq7rsrby
- file: 34.92.188.55
- hash: 50000
- url: https://161.35.218.255/___utm.gif
- file: 161.35.218.255
- hash: 443
- url: http://2.56.59.117:8080/__utm.gif
- file: 2.56.59.117
- hash: 8080
- url: http://ns-a7.hosted-ns.com/dpixel
- file: 96.126.114.193
- hash: 80
- url: http://34.92.188.55:50002/functionalstatus/hulib6gopbgtjwzm7dcnecnkfq7rsrby
- file: 34.92.188.55
- hash: 50002
- url: https://123.0.1.196/dpixel
- file: 193.38.55.36
- hash: 443
- url: https://159.75.51.84:7081/image/
- file: 159.75.51.84
- hash: 7081
- url: http://193.38.55.36/pixel
- file: 193.38.55.36
- hash: 80
- file: 45.89.106.218
- hash: 80
- url: http://37.120.222.75/__utm.gif
- file: 37.120.222.75
- hash: 80
- url: https://45.9.148.102:8443/parse.jsp
- file: 45.9.148.102
- hash: 8443
- url: https://110.185.114.155/bootstrap.min.css
- url: https://113.137.62.36/bootstrap.min.css
- url: https://1.31.130.154/bootstrap.min.css
- url: https://221.204.166.12/bootstrap.min.css
- url: https://122.246.6.14/bootstrap.min.css
- file: 1.14.244.83
- hash: 443
- file: 52.149.229.243
- hash: 443
- url: https://193.56.146.99/pixel
- file: 193.56.146.99
- hash: 443
- url: https://syncmetric.biz:8888/g/rfer=nmn_fr_gees_1/22-75479-177-2546843/field-keywords=books
- url: https://45.89.106.217:8888/g/rfer=nmn_fr_gees_1/22-75479-177-2546843/field-keywords=books
- file: 45.89.106.217
- hash: 8888
- url: http://free.idcfengye.com:10866/match
- file: 47.106.123.147
- hash: 10866
- file: 159.65.3.147
- hash: 6225
- file: 194.141.47.9
- hash: 7443
- file: 5.199.174.90
- hash: 9043
- url: http://brokenethicalgod.ga/bn111/fre.php
- url: https://37.120.222.75/push
- file: 37.120.222.75
- hash: 443
- url: https://43.129.193.127/fwlink
- file: 43.129.193.127
- hash: 443
- domain: answersfromtheadvisors.com
- domain: clermy.com
- domain: curiyi.com
- domain: erabias.com
- domain: manulief.com
- domain: surveyfox.net
- domain: survmeter.live
- domain: vivaklo.com
- url: http://136.243.159.53/~element/page.php?id=466
- domain: l1stary.top
- domain: mingfengteyi.xyz
- domain: www.l1stary.top
- domain: update.l1stary.top
- domain: image.l1stary.top
- file: 139.28.37.49
- hash: 1111
- hash: f479413a039d8bae02b1fb75bd5fe5028dca93ca1797f9d5ef6193d344a411ab
- hash: c7f056a2044fa7837e13a3c3a2844386d2ff2a4f35663fae491f6cb845f4bc5b
- hash: fcf66536e1b19c32fbae8bd0014c7170ccabbfc1998750c86e9524b6bb507b00
- hash: 59840f0dea6c2245f7f239a40f73f7369bf693e1a9dec2fb739886623d9fed00
- hash: 0bec1813fd645f0c1dd84ddf277999b79f1c07a94e6574a345d70184d8bfbc47
- hash: ad82fec6eaaebbe12eee2f4b6cb4e8d6e0659c9fdf0a365b0d4225ccbe14f224
- hash: c3adf6e76594f5e50fd9c465bfdf67f2980c30a6d2afc406750a95ddbd2177e0
- hash: 0fa4b5fdbb437950d6855d937fa4bcfe39edf9669d7466ad0d3caa4f24acab56
- url: http://extarran.com/tonz/ware/gate.php
- hash: adde3ce320e80c1dfffc23e58b72a1c2b715fc1fffde573d06b6c58a766f2a65
- url: https://47.98.242.152/j.ad
- file: 47.98.242.152
- hash: 443
- url: http://47.106.72.125:5232/dot.gif
- file: 47.106.72.125
- hash: 5232
- url: http://1.14.131.141/api/getit
- url: http://service-18v21mxv-1307231595.sh.apigw.tencentcs.com/api/getit
- file: 1.14.131.141
- hash: 80
- url: https://pan.xueba666.ga:2096/owa/
- file: 81.71.91.32
- hash: 2096
- url: http://39.98.225.4/ca
- file: 39.98.225.4
- hash: 80
- url: http://139.155.42.254:7777/match
- file: 139.155.42.254
- hash: 7777
- url: http://110.42.139.68/pixel
- file: 110.42.139.68
- hash: 80
- url: http://139.196.237.171:8889/en_us/all.js
- file: 139.196.237.171
- hash: 8889
- url: http://120.78.88.132/fwlink
- file: 120.78.88.132
- hash: 80
- url: http://106.52.2.43:2222/j.ad
- file: 106.52.2.43
- hash: 2222
- url: http://120.25.74.102:8081/ie9compatviewlist.xml
- file: 120.25.74.102
- hash: 8081
- url: https://39.97.187.57/pixel.gif
- file: 39.97.187.57
- hash: 443
- url: http://47.119.122.117:9001/activity
- file: 47.119.122.117
- hash: 9001
ThreatFox IOCs for 2021-09-17
Medium
Published: Fri Sep 17 2021 (09/17/2021, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2021-09-17
AI-Powered Analysis
AILast updated: 06/18/2025, 07:20:36 UTC
Technical Analysis
The provided threat intelligence relates to a set of Indicators of Compromise (IOCs) published by ThreatFox on September 17, 2021. These IOCs are associated with malware activity, as indicated by the 'type' field. However, the information is primarily OSINT (Open Source Intelligence) in nature, with no specific affected software versions or products identified beyond the general 'osint' product category. The threat is categorized with a medium severity level by the source, but lacks detailed technical specifics such as attack vectors, payload behavior, or exploitation methods. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination but limited analysis depth. No known exploits in the wild have been reported, and no Common Weakness Enumerations (CWEs) or patch links are provided. The absence of indicators such as IP addresses, domains, or file hashes limits the ability to perform targeted detection or response. Overall, this threat intelligence entry appears to be a general alert or collection of IOCs related to malware activity observed around the publication date, without detailed actionable technical data or attribution.
Potential Impact
Given the lack of specific affected products or vulnerabilities, the direct impact on European organizations is difficult to quantify precisely. However, the presence of malware-related IOCs suggests potential risks including unauthorized access, data exfiltration, or disruption if these IOCs correspond to active threat campaigns. European organizations relying on OSINT feeds for threat detection may benefit from integrating these IOCs to enhance situational awareness. The medium severity rating implies a moderate risk level, possibly reflecting the potential for malware infections that could compromise confidentiality, integrity, or availability. Without known exploits or detailed attack vectors, the immediate threat to operational environments is limited but should not be disregarded, especially for sectors with high exposure to malware threats such as finance, critical infrastructure, and government entities.
Mitigation Recommendations
To mitigate risks associated with this threat, European organizations should: 1) Integrate the provided IOCs into existing security monitoring tools such as SIEMs, endpoint detection and response (EDR) platforms, and intrusion detection systems (IDS) to improve detection capabilities. 2) Maintain up-to-date threat intelligence feeds and correlate these IOCs with internal logs to identify potential compromises. 3) Conduct regular malware scanning and behavioral analysis on endpoints and network traffic to detect anomalies related to the IOCs. 4) Enhance user awareness training focusing on malware infection vectors, even though specific vectors are not detailed here. 5) Implement network segmentation and least privilege principles to limit malware propagation if an infection occurs. 6) Since no patches or CVEs are associated, focus on proactive detection and response rather than patch management for this specific threat. 7) Collaborate with national Computer Security Incident Response Teams (CSIRTs) to share findings and receive updated intelligence.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- f6c3c1c2-ab3d-413d-b321-20237ad86acf
- Original Timestamp
- 1631923382
Indicators of Compromise
Hash
| Value | Description | Copy |
|---|---|---|
hashf841c148a74a9097fbdb7e8b2ae3e0038ca102c63cd8eeb2d3b91fe987eb602e | Dridex payload (confidence level: 100%) | |
hash056306026287204884f17ad0619c5ca77617116dc63ba95ad0c9bd919f2cf57c | Dridex payload (confidence level: 100%) | |
hasha36e8429d80af5b625a5135f7129917ce5308c6fa7f2ab635305b831cb9b833e | Dridex payload (confidence level: 100%) | |
hash36063 | Mirai botnet C2 server (confidence level: 75%) | |
hashcddc5dc4113497e2236713b0ad558b89e194a5fd5f68a827872f698caf830374 | Formbook payload (confidence level: 50%) | |
hash3b6636d54d3798272a9b5dfff832e7686f8fc9f83ccf9298c7f30ba1fc91ddd6 | Formbook payload (confidence level: 50%) | |
hash264de686a45da08d2a7061c948a3fd59619a218eafb26788639d8442981fe4d2 | Formbook payload (confidence level: 50%) | |
hashc83f6916b9e38f13b1d43a22d26109c58202cf83e772e9cb1517be3ec1e2cc43 | Formbook payload (confidence level: 50%) | |
hash6f554fa60f40b4821dcb2397b028610306bcaca7bd2a8e66ef7b1123e6113a1e | Agent Tesla payload (confidence level: 50%) | |
hashec43eae2ad39202c3f29f9067e8cecfc0bb35f651e1f9a6278955d06b4b864f1 | Agent Tesla payload (confidence level: 50%) | |
hash9c265529f2e076272c41ef09c571bd2bc59c94d26fcd2af68af90d7e97d0b0c9 | Agent Tesla payload (confidence level: 50%) | |
hash46613f582071e6b9b887c1d9f95330569558c4d5f24e68a14c9b8dcbe19a4431 | Agent Tesla payload (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6666 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8866 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash10fdaf34f4dbf1aa9a95c6ca3ab7c43bd2ca50f916de6ecde255330db1c9c4f8 | Agent Tesla payload (confidence level: 50%) | |
hashebe19d7cd5874d23f51928fc05ccb7abbdb61eede43adfb9338e72ed65e3c58a | Agent Tesla payload (confidence level: 50%) | |
hashf536ed1955cb9d7267f56d420c3ee3cc478c7ae89fb59b8c11b120154f8c7934 | Agent Tesla payload (confidence level: 50%) | |
hasheeac61bec20e05be50b2310caa109453e28a304f5825cf37e60f1ee9318f8f36 | Agent Tesla payload (confidence level: 50%) | |
hashb055e5374fbcba3310437d9a0253743eae61d26d5f1f8f6993e9399c43c5cfcf | Hancitor payload (confidence level: 50%) | |
hashf88037f4bd8025b47e651ced61dc835dcbc9f36e884eda6b8dcf6a202e64bd42 | Hancitor payload (confidence level: 50%) | |
hashed9943828433ff787e7d158297ce2e6dbcd986486a8f935321183a0a40802b84 | Hancitor payload (confidence level: 50%) | |
hashe14a937791a4181213916115fdc6e5f5cca4dd8de6dc2756377d2382ba76b788 | Hancitor payload (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9090 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hashe40ec601c0834a1adb0ee0f7adf632d6556d015aae6091bcff5da1b921eca1d0 | Snake payload (confidence level: 50%) | |
hash64ab3b544196119b0da2c2c13b5823abb4dbda261cfe7053a69d2b13710a3e9e | Snake payload (confidence level: 50%) | |
hashbbdd3ae610f911d1298595244aea05691e32438e920871e81290c8ed8b494e1d | Snake payload (confidence level: 50%) | |
hashc008943d41a58d2d6ec27fd736fc71f4e2273a8cb9f35782beb4f173dcf3a596 | Snake payload (confidence level: 50%) | |
hash2272757c4b39091770cacfba11bd6f40dab97e928adfb860ae5cba7753c0d4ab | Agent Tesla payload (confidence level: 50%) | |
hash9cc6b47d1550a88dad2807babcf0d27b82851a3be30134a806007c9b14a61b67 | Agent Tesla payload (confidence level: 50%) | |
hash253015323c110bb4f685e1e6ee04c83d37eb8078788cbc99ff575a1f1bf65536 | Agent Tesla payload (confidence level: 50%) | |
hash57c43cbf1757f0288ea131eefd66201e68e8dec2c39b762c7d8bf81a8255e338 | Agent Tesla payload (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6587 | Mirai botnet C2 server (confidence level: 75%) | |
hash3988 | BitRAT botnet C2 server (confidence level: 100%) | |
hash2257 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2424 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hashdb8d6fe52081146d53e3b98ad2e5f191f65ce2d454b0984810fa12acbdbe0de0 | Agent Tesla payload (confidence level: 50%) | |
hash33b0199d684c521a4ca3cd5ed37820ad9caf37c283e65e387ab1554f6100636f | Agent Tesla payload (confidence level: 50%) | |
hash17e567658f48ed3e0a509acf67341306779a408aaf03e4377b6228e154136b01 | Agent Tesla payload (confidence level: 50%) | |
hash43f6ad854267974db380b33b4f8b809b57acd28d9fd4448841decd63686e1f74 | Agent Tesla payload (confidence level: 50%) | |
hash977e5ce44a0ca0b374857f1f9ba476376ab41b7edf1117a3f5b805a69244f6f1 | AsyncRAT payload (confidence level: 50%) | |
hash6497a1878d2676ba6e4184692baceb2147f09a0cf6ce117ff09c8d759a64d3df | AsyncRAT payload (confidence level: 50%) | |
hash6eb1bbd70e16ef52f4c553ecdee2a340a2b32216244b6ceb18bb83da7fbfcbe8 | AsyncRAT payload (confidence level: 50%) | |
hash62379a86fa09b99154d4c125dd89ce9944b81e4663767cce7387e9e675e9649c | AsyncRAT payload (confidence level: 50%) | |
hash5552 | NjRAT botnet C2 server (confidence level: 100%) | |
hash3883 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hashcae812a6b8075600f07a4961f64478a269a03963914d161365f3c13083406214 | Nanocore RAT payload (confidence level: 50%) | |
hasha05fbff7d4db14ee5b56af44404b6db2c83711a9d9f1c6cb8cbe3d94731f0eef | Nanocore RAT payload (confidence level: 50%) | |
hash8eccc08f4273d3f087159c5ee06078142c130ebd84cdd7a1c5d40538099cb037 | Nanocore RAT payload (confidence level: 50%) | |
hashe23e49be062d9fc0f79cb1298323d061c6001b50baa15e9a3951855acee2217c | Nanocore RAT payload (confidence level: 50%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4443f2dafc7765b803f925a466f7d44e9fa83695aaaf4cb2ad26bc2a31ba6f29 | Dridex payload (confidence level: 100%) | |
hashae44ac39386b17ff52d301bf4948ea92a0b4342b21b04dd971acb443aee99c2b | Agent Tesla payload (confidence level: 50%) | |
hash7be41e3fefc1cc39bf62f18d8277bc02a2a6b296e1ceed58d418cc5c525c4344 | Agent Tesla payload (confidence level: 50%) | |
hash6ef2f31a3870a15cf0e66fa2c301e4c2309603036bc7ce3c2bf51b0754c98e9a | Agent Tesla payload (confidence level: 50%) | |
hashd6ff424b0c33b42a56588a6f84ad21a47498ae3c7f6b838528b0a253c286ceae | Agent Tesla payload (confidence level: 50%) | |
hash81085cb9e95c0651090d65cb48ab5a63585412e95ef1713e34ce9390f61dd405 | Oski Stealer payload (confidence level: 50%) | |
hash0abd04a36867fbc5ccb5aada6cc15cb4160ad6509285bbf4739f41ce297999e1 | Oski Stealer payload (confidence level: 50%) | |
hashe65c6e141516a7d76fe7c1e3bcc5433758fa627dfd6c18f65504efcfa62d4855 | Oski Stealer payload (confidence level: 50%) | |
hash930ad6fbbfbac743f4097748a7af399d3fbb61b1ba36bc6230803dcdfb357640 | Oski Stealer payload (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2036 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash8b1949f624ae24ef9dcbf1543b10bfa591eee33e72bd50a5b562de993a0ab42a | neshta payload (confidence level: 50%) | |
hash9ea20974c3dd23aea9ccc7868c8845eca892f182e0822b5587802112e078fd71 | neshta payload (confidence level: 50%) | |
hashfe25c5a262fad8d12d0d8bf6cb91f94ea918939d8f57f9b88b5b01b063bb10eb | neshta payload (confidence level: 50%) | |
hash86292e31581bf57336de03045c772a2dbf46215a72ad1e92d01de0d11c6cc3cc | neshta payload (confidence level: 50%) | |
hash3f18ae3357dc0d67f836e29dbf60653f50046f826ee5ff491bfe9d59980cfd12 | Raccoon payload (confidence level: 50%) | |
hasha8f6ca7f9cc2f28d0b0aea3407cf000e2e00816f5d58eef7f3f7a7a4cb1d0934 | Raccoon payload (confidence level: 50%) | |
hashb0b88bd5ef4cb0e3197d653775e474e1adb118d000a527c7646dd3e961c475b5 | Raccoon payload (confidence level: 50%) | |
hashea928f16176fa1b028d925b3e7f5a0ea65b49f150a4ce006ffffdf390cf6f147 | Raccoon payload (confidence level: 50%) | |
hashedc0a4121333b0deffc1aa3d550f8a81201d9c74ec923307f582fbc8f0233778 | Ave Maria payload (confidence level: 50%) | |
hashff5c1829e2ad044ec148a71766e4cd62ca12a528062e7da001c787cfb37be27d | Ave Maria payload (confidence level: 50%) | |
hashc72a8d4a75e6699689f259bdc80b0753de3afd7c24000bc922417c05a40abee1 | Ave Maria payload (confidence level: 50%) | |
hashc1a5d539482f5ed44eb4210edec929183fa0165c627436959f3cdcd33a46de21 | Ave Maria payload (confidence level: 50%) | |
hash775b2737d01dc92ab8a254ecb1cb22f6495e14beee2bfb3de161868ebe550c0b | Agent Tesla payload (confidence level: 50%) | |
hasha0493291280f4b506cc0e2c7499fb73ff42526e77eac2601dde8ab3b28575b43 | Agent Tesla payload (confidence level: 50%) | |
hash5b46306960a72fa5c18202d39cebb280db0a2b22a71db74bbe8d00326cad1a87 | Agent Tesla payload (confidence level: 50%) | |
hashea6ae2a7a1f49f41c5130d384202423e5dcbbc151bccd6a77a01e7c4de5edbe9 | Agent Tesla payload (confidence level: 50%) | |
hash2a87d451055feeae538e7a7a5d024fbbd01e9e0d7194b0c7285753b1cf5281cf | Agent Tesla payload (confidence level: 50%) | |
hash5d986c790bfe29d80e717e496875663f395b950e4c34518d433367d1307ef5f2 | Agent Tesla payload (confidence level: 50%) | |
hashe9ddcfc4882f4a4209c9b7aae82b2b6ab2f857311d0c6076d454a815b0671086 | Agent Tesla payload (confidence level: 50%) | |
hash2e7105e018a295b803c8134dc4f42759259659a0de81909f31ca49502fbc9747 | Agent Tesla payload (confidence level: 50%) | |
hash3741262cdeb955637773e8bd3523fd293bdaca536a526d49c904d059fb050ec4 | Azorult payload (confidence level: 50%) | |
hash950966ae2b19ece91a5d935a5876b9627679635271db31fe72a1dd8413975bc9 | Dridex payload (confidence level: 100%) | |
hashe81ead735c4baf75702a3a591c87734e7d0914dac55d09b118ff9d14eb2740d6 | BlackMatter payload (confidence level: 75%) | |
hash8f1b0affffb2f2f58b477515d1ce54f4daa40a761d828041603d5536c2d53539 | BlackMatter payload (confidence level: 75%) | |
hash52190 | Nanocore RAT botnet C2 server (confidence level: 75%) | |
hash7851 | NjRAT botnet C2 server (confidence level: 100%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash3500 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash65532 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2323 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8054 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8877 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3060 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8880 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8899 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50002 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash10866 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6225 | Dridex botnet C2 server (confidence level: 75%) | |
hash7443 | Dridex botnet C2 server (confidence level: 75%) | |
hash9043 | Dridex botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1111 | Mirai botnet C2 server (confidence level: 75%) | |
hashf479413a039d8bae02b1fb75bd5fe5028dca93ca1797f9d5ef6193d344a411ab | Agent Tesla payload (confidence level: 50%) | |
hashc7f056a2044fa7837e13a3c3a2844386d2ff2a4f35663fae491f6cb845f4bc5b | Agent Tesla payload (confidence level: 50%) | |
hashfcf66536e1b19c32fbae8bd0014c7170ccabbfc1998750c86e9524b6bb507b00 | Agent Tesla payload (confidence level: 50%) | |
hash59840f0dea6c2245f7f239a40f73f7369bf693e1a9dec2fb739886623d9fed00 | Agent Tesla payload (confidence level: 50%) | |
hash0bec1813fd645f0c1dd84ddf277999b79f1c07a94e6574a345d70184d8bfbc47 | Agent Tesla payload (confidence level: 50%) | |
hashad82fec6eaaebbe12eee2f4b6cb4e8d6e0659c9fdf0a365b0d4225ccbe14f224 | Agent Tesla payload (confidence level: 50%) | |
hashc3adf6e76594f5e50fd9c465bfdf67f2980c30a6d2afc406750a95ddbd2177e0 | Agent Tesla payload (confidence level: 50%) | |
hash0fa4b5fdbb437950d6855d937fa4bcfe39edf9669d7466ad0d3caa4f24acab56 | Agent Tesla payload (confidence level: 50%) | |
hashadde3ce320e80c1dfffc23e58b72a1c2b715fc1fffde573d06b6c58a766f2a65 | Dridex payload (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5232 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2096 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8889 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9001 | Cobalt Strike botnet C2 server (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file80.78.24.203 | Mirai botnet C2 server (confidence level: 75%) | |
file198.46.188.150 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.4.193.179 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.55.155.117 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file139.224.239.145 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.13.234.59 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.231.0.186 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.5.90.10 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file42.192.206.174 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file114.67.224.147 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.4.177.210 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file114.67.224.147 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file95.169.0.244 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file81.71.149.131 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file119.45.102.150 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file119.91.99.115 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file119.91.120.76 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.78.196.37 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file139.9.201.156 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file3.236.53.16 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.144.225.74 | Mirai botnet C2 server (confidence level: 75%) | |
file195.206.105.10 | BitRAT botnet C2 server (confidence level: 100%) | |
file103.232.55.66 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.144.225.194 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file41.47.35.252 | NjRAT botnet C2 server (confidence level: 100%) | |
file192.169.69.25 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file101.32.29.242 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.228.111.60 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.157.162.92 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file20.52.46.119 | Nanocore RAT botnet C2 server (confidence level: 75%) | |
file103.153.78.241 | NjRAT botnet C2 server (confidence level: 100%) | |
file79.141.161.20 | IcedID botnet C2 server (confidence level: 75%) | |
file185.123.53.52 | IcedID botnet C2 server (confidence level: 75%) | |
file194.147.140.20 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file104.248.169.33 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.32.61.165 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.198.241.55 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.225.169.179 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file37.120.247.55 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file3.235.251.32 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file89.41.182.62 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.89.106.218 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file119.29.70.150 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.9.148.102 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.89.106.217 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.135.116.233 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file80.85.156.254 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.15.88.23 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.191.53.84 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file92.38.160.120 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.92.156.97 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.92.156.97 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file139.159.160.52 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.92.15.72 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file199.19.224.92 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file37.120.247.55 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.24.175.206 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.33.118.121 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file82.117.252.144 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file108.62.141.237 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file192.169.6.254 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file211.23.160.81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file104.168.171.41 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file146.56.100.64 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file34.92.188.55 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file161.35.218.255 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file2.56.59.117 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file96.126.114.193 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file34.92.188.55 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file193.38.55.36 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file159.75.51.84 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file193.38.55.36 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.89.106.218 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file37.120.222.75 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.9.148.102 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.14.244.83 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file52.149.229.243 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file193.56.146.99 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.89.106.217 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.106.123.147 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file159.65.3.147 | Dridex botnet C2 server (confidence level: 75%) | |
file194.141.47.9 | Dridex botnet C2 server (confidence level: 75%) | |
file5.199.174.90 | Dridex botnet C2 server (confidence level: 75%) | |
file37.120.222.75 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.129.193.127 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file139.28.37.49 | Mirai botnet C2 server (confidence level: 75%) | |
file47.98.242.152 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.106.72.125 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.14.131.141 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file81.71.91.32 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.98.225.4 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file139.155.42.254 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file110.42.139.68 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file139.196.237.171 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.78.88.132 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.52.2.43 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.25.74.102 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.97.187.57 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.119.122.117 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://198.46.188.150/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://121.4.193.179:6666/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://106.55.155.117/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://58.218.215.139/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://27.221.44.41/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://119.84.129.105/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://139.224.239.145/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://42.192.69.109/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://106.13.234.59/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://43.231.0.186/_/scs/mail-static/_/js/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://121.5.90.10:8866/ca | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://42.192.206.174/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://114.67.224.147:8081/api/x | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://81.69.10.50/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://service-qgviw7sx-1302014318.bj.apigw.tencentcs.com/api/x | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://95.169.0.244:8443/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://81.71.149.131/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://119.45.102.150/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://119.91.99.115/fwlink | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://120.78.196.37:8888/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://139.9.201.156:9090/home/system/session_log.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://179.43.175.24/ | Raccoon botnet C2 (confidence level: 100%) | |
urlhttps://3.236.53.16/wp-content/themes/calliope/wp_data.php | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://103.141.138.110/p2//6.jpg | Oski Stealer botnet C2 (confidence level: 100%) | |
urlhttp://103.141.138.110/p2//1.jpg | Oski Stealer botnet C2 (confidence level: 100%) | |
urlhttp://103.141.138.110/p2//7.jpg | Oski Stealer botnet C2 (confidence level: 100%) | |
urlhttp://103.141.138.110/p2//2.jpg | Oski Stealer botnet C2 (confidence level: 100%) | |
urlhttp://103.141.138.110/p2//3.jpg | Oski Stealer botnet C2 (confidence level: 100%) | |
urlhttp://103.141.138.110/p2//4.jpg | Oski Stealer botnet C2 (confidence level: 100%) | |
urlhttp://103.141.138.110/p2//5.jpg | Oski Stealer botnet C2 (confidence level: 100%) | |
urlhttp://fortillinco.com/raeymnbvcxz/index.php | Azorult botnet C2 (confidence level: 75%) | |
urlhttps://www.800best.ml:8443/visit.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://136.144.41.34/index.php | Azorult botnet C2 (confidence level: 100%) | |
urlhttp://136.144.41.251/oxxs/index.php | Azorult botnet C2 (confidence level: 75%) | |
urlhttps://103.228.111.60/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://maurizio.ug/ | Arkei Stealer botnet C2 (confidence level: 100%) | |
urlhttp://c7f8u8m7.stackpathcdn.com:443/jq/jquery-3.5.1.min.js | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttps://104.248.169.33:8080/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://45.32.61.165:65532/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://ttxs.aexhausts.com/update | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://23.225.169.179:2323/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://a0.awsstatic.com/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://d3uy3mhu32jsrt.cloudfront.net/access/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://d3illv0fqt0o34.cloudfront.net/access/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://d2h5czmgmnglbm.cloudfront.net/access/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://d2mkv57ylq4vf6.cloudfront.net/access/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://89.41.182.62:8054/link/v1.57/5yvg1h2m | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://119.29.70.150:8081/c/msdownload/update/others/2021/02/123125789_ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://45.9.148.102:8080/user.jsp | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://syncmetric.biz/g/rfer=nmn_fr_gees_1/22-75479-177-2546843/field-keywords=books | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://45.89.106.217/g/rfer=nmn_fr_gees_1/22-75479-177-2546843/field-keywords=books | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://45.135.116.233:8081/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://80.85.156.254/b/intesd/cvxdcfwdepgk | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://106.15.88.23:8877/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://107.191.53.84:3060/s/ref=nb_sb_noss_1/167-3294888-0522950/field-keywords=books | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://www.crowdfunder.space:8880/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://45.92.156.97:8081/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://45.92.156.97:8080/fwlink | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://139.159.160.52:8899/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://154.92.15.72:4444/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://199.19.224.92/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://motivationalhindi.in/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://120.24.175.206/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://101.33.118.121:8443/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://hhyuuvmqe.com/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://108.62.141.237/bg.html | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://tk.fxtec.site:8080/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://211.23.160.81/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://104.168.171.41:2222/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://146.56.100.64/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://34.92.188.55:50000/functionalstatus/hulib6gopbgtjwzm7dcnecnkfq7rsrby | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://161.35.218.255/___utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://2.56.59.117:8080/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://ns-a7.hosted-ns.com/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://34.92.188.55:50002/functionalstatus/hulib6gopbgtjwzm7dcnecnkfq7rsrby | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://123.0.1.196/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://159.75.51.84:7081/image/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://193.38.55.36/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://37.120.222.75/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://45.9.148.102:8443/parse.jsp | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://110.185.114.155/bootstrap.min.css | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://113.137.62.36/bootstrap.min.css | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://1.31.130.154/bootstrap.min.css | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://221.204.166.12/bootstrap.min.css | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://122.246.6.14/bootstrap.min.css | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://193.56.146.99/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://syncmetric.biz:8888/g/rfer=nmn_fr_gees_1/22-75479-177-2546843/field-keywords=books | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://45.89.106.217:8888/g/rfer=nmn_fr_gees_1/22-75479-177-2546843/field-keywords=books | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://free.idcfengye.com:10866/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://brokenethicalgod.ga/bn111/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttps://37.120.222.75/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://43.129.193.127/fwlink | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://136.243.159.53/~element/page.php?id=466 | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttp://extarran.com/tonz/ware/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttps://47.98.242.152/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.106.72.125:5232/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://1.14.131.141/api/getit | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://service-18v21mxv-1307231595.sh.apigw.tencentcs.com/api/getit | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://pan.xueba666.ga:2096/owa/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://39.98.225.4/ca | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://139.155.42.254:7777/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://110.42.139.68/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://139.196.237.171:8889/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://120.78.88.132/fwlink | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://106.52.2.43:2222/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://120.25.74.102:8081/ie9compatviewlist.xml | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://39.97.187.57/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.119.122.117:9001/activity | Cobalt Strike botnet C2 (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainlimerugaf.top | IcedID botnet C2 domain (confidence level: 100%) | |
domainbookmaker.bid | IcedID botnet C2 domain (confidence level: 100%) | |
domaindollinopole.uno | IcedID botnet C2 domain (confidence level: 100%) | |
domaingergreedyk.fun | IcedID botnet C2 domain (confidence level: 100%) | |
domainichartpointcoma.site | IcedID botnet C2 domain (confidence level: 100%) | |
domainxanderboghart.cyou | IcedID botnet C2 domain (confidence level: 100%) | |
domainyangyuexiao.xyz | IcedID botnet C2 domain (confidence level: 100%) | |
domainanswersfromtheadvisors.com | Cobalt Strike botnet C2 domain (confidence level: 50%) | |
domainclermy.com | Cobalt Strike botnet C2 domain (confidence level: 50%) | |
domaincuriyi.com | Cobalt Strike botnet C2 domain (confidence level: 50%) | |
domainerabias.com | Cobalt Strike botnet C2 domain (confidence level: 50%) | |
domainmanulief.com | Cobalt Strike botnet C2 domain (confidence level: 50%) | |
domainsurveyfox.net | Cobalt Strike botnet C2 domain (confidence level: 50%) | |
domainsurvmeter.live | Cobalt Strike botnet C2 domain (confidence level: 50%) | |
domainvivaklo.com | Cobalt Strike botnet C2 domain (confidence level: 50%) | |
domainl1stary.top | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainmingfengteyi.xyz | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainwww.l1stary.top | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainupdate.l1stary.top | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainimage.l1stary.top | Cobalt Strike botnet C2 domain (confidence level: 100%) |
Threat ID: 682acdc5bbaf20d303f28916
Added to database: 5/19/2025, 6:20:53 AM
Last enriched: 6/18/2025, 7:20:36 AM
Last updated: 7/27/2025, 6:35:44 AM
Views: 13
Related Threats
ThreatFox IOCs for 2025-08-11
MediumMalwareTue Aug 12 2025
From ClickFix to Command: A Full PowerShell Attack Chain
MediumMalwareMon Aug 11 2025
North Korean Group ScarCruft Expands From Spying to Ransomware Attacks
MediumMalwareMon Aug 11 2025
MedusaLocker ransomware group is looking for pentesters
MediumMalwareMon Aug 11 2025
ThreatFox IOCs for 2025-08-10
MediumMalwareMon Aug 11 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.