ThreatFox IOCs for 2021-10-29
ThreatFox IOCs for 2021-10-29
AI Analysis
Technical Summary
The provided information pertains to a set of Indicators of Compromise (IOCs) published on October 29, 2021, by ThreatFox, a platform dedicated to sharing threat intelligence data. The threat is categorized as malware-related and is associated with OSINT (Open Source Intelligence) activities. However, the data lacks specific details about the malware family, attack vectors, affected software versions, or exploitation techniques. The threat level is indicated as 2 on an unspecified scale, with a medium severity rating assigned by the source. There are no known exploits in the wild linked to these IOCs, and no patches or mitigations are directly referenced. The absence of concrete technical details such as Common Weakness Enumerations (CWEs), affected products, or attack methodologies limits the depth of technical analysis. The distribution score of 3 suggests a moderate spread or sharing of these IOCs within the threat intelligence community. Given the nature of OSINT, these IOCs likely serve as detection or attribution data points rather than describing a novel or active malware campaign. Overall, this threat intelligence entry appears to be a routine update of malware-related IOCs intended for use in defensive measures rather than an immediate or active threat vector.
Potential Impact
For European organizations, the direct impact of this threat is currently limited due to the lack of known active exploitation and absence of specific vulnerable systems or software. The IOCs may aid in identifying malware infections or malicious activity retrospectively or during incident response. However, without actionable exploit details or targeted attack campaigns, the immediate risk to confidentiality, integrity, or availability is low. Organizations relying on OSINT feeds and threat intelligence platforms can leverage these IOCs to enhance detection capabilities and improve situational awareness. The medium severity rating suggests that while the threat is not negligible, it does not represent a critical or high-risk event at this time. European entities with mature cybersecurity operations may benefit from integrating these IOCs into their security monitoring tools to preemptively identify potential compromises. The lack of known exploits in the wild reduces the urgency for emergency response but underscores the importance of continuous monitoring and intelligence sharing.
Mitigation Recommendations
Given the nature of this threat as a set of IOCs without active exploitation, mitigation focuses on enhancing detection and response capabilities rather than patching specific vulnerabilities. European organizations should: 1) Integrate the provided IOCs into existing Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), and endpoint detection and response (EDR) tools to improve identification of related malicious activity. 2) Maintain updated threat intelligence feeds from reputable sources like ThreatFox to stay informed about emerging threats and indicators. 3) Conduct regular threat hunting exercises using these IOCs to proactively identify potential infections or compromises within their networks. 4) Ensure robust incident response plans are in place to investigate and remediate any alerts triggered by these IOCs. 5) Promote information sharing with industry peers and national cybersecurity centers to contextualize these IOCs within broader threat landscapes. 6) Since no patches are available, focus on hardening systems through standard cybersecurity best practices such as least privilege, network segmentation, and user awareness training to reduce the attack surface.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- url: https://svchost.onedriveup.today:8080/ptj
- file: 149.28.81.175
- hash: 8080
- url: http://gfjjblnoihugfjdrhcjgvhb.com:8081/pkgs/_/ms/update/oem853/2021/08/85644_
- file: 176.121.14.117
- hash: 8081
- url: http://137.220.55.124/dpixel
- file: 137.220.55.124
- hash: 80
- url: http://45.76.199.199:8443/g.pixel
- file: 45.76.199.199
- hash: 8443
- url: https://104.168.247.31:8443/design/v1.38/3vy7px5bdrr
- file: 104.168.247.31
- hash: 8443
- url: https://games.citizenspowerforchina.com/fam_cart
- url: https://42.193.46.77:12211/j.ad
- file: 42.193.46.77
- hash: 12211
- url: https://www.helensilva.com:2053/api/3
- file: 45.77.9.110
- hash: 2053
- url: https://jetkm.com:1443/avatars.css
- file: 216.244.71.141
- hash: 1443
- url: https://158.247.212.206:8443/dpixel
- file: 158.247.212.206
- hash: 8443
- url: https://18.141.72.140/ga.js
- file: 18.141.72.140
- hash: 443
- url: https://test4.onedriveup.today/match
- file: 149.28.81.175
- hash: 443
- url: http://hns2.xyz:8443/hr.html
- file: 31.220.44.244
- hash: 8443
- url: http://service-jyxh2boe-1257046868.usw.apigw.tencentcs.com/api/x
- file: 216.238.67.218
- hash: 80
- url: http://128.1.131.167/match
- file: 128.1.131.167
- hash: 80
- url: http://www.ksu111.tk/load
- file: 51.4.148.78
- hash: 80
- url: http://18.141.72.140/visit.js
- file: 18.141.72.140
- hash: 80
- url: https://masonplumberxjsne.com/pixel
- file: 173.232.146.125
- hash: 443
- url: https://3.21.220.91/ee.html
- file: 3.21.220.91
- hash: 443
- url: http://119.45.116.254:5050/j.ad
- file: 119.45.116.254
- hash: 5050
- url: https://66.42.44.124/update
- file: 108.160.138.201
- hash: 443
- url: http://114.118.4.209/cm
- file: 114.118.4.209
- hash: 80
- file: 54.38.123.239
- hash: 1443
- url: http://service-my75ica4-1252037237.gz.apigw.tencentcs.com/api/x
- file: 1.12.230.36
- hash: 80
- url: http://34.96.255.223/en_us/all.js
- file: 34.96.255.223
- hash: 80
- url: https://155.138.156.234/__utm.gif
- file: 155.138.156.234
- hash: 443
- url: http://164.155.79.66:8081/updates.rss
- file: 164.155.79.66
- hash: 8081
- hash: 69f64ca4b22180560648691c2d52cfe11b253bb403663f8e92f25e0f76308dbb
- hash: 2778e5c8e94981206b305108d42ac9c9d7be5f36eaf94cab2483120e9d3d3696
- hash: 3b282cd60bc0c9689b4a68d2013f986e3534190042c8359be580db7004803118
- url: http://www.metanewsroom.net/ob7y/
- file: 185.215.113.41
- hash: 14518
- url: http://updata.microsoft-api.workers.dev:443/be.css
- url: http://ab-services.ma/copyright/img/frodo/panel/five/fre.php
- url: http://203.159.80.151/king/fre.php
- hash: 2d3dcfb02dfa905434e38edadeef23d264a78d4c1be8f476d1e0dce1245a47e0
- hash: 088460b2dec5ce8794505ac520c05c6f33eedc67e0af2625589248b987f7f3e9
- hash: 696c1594aa1e4d4002249cfc586dbba959da7119b7e6cdff6938789b22a1a8aa
- hash: 37017c68ccbf9e7b72956ceea2f4824cad1da060b9d766ef83af4e2ec4297c0a
- hash: f49bcf7318f91c12ff7430adc30b91bcab08b8c1f6335b0abb3ca6171e72f242
- hash: c7bd147a430551d331393fdfbabf13e216863ae99a23623f90a4a45946083ea0
- hash: 66c6db26c9686da34853be257b9b0dd93d5aacb36812fe8b03417ab18580ed7e
- hash: fabf187ea5f3a82f9b13083203deccf34ac00881428b080be04b92fbe2a53c42
- hash: e9d8da18241e2fe7e59185ce23de615f593de43c4c73e8e17ec0328facc00c0c
- hash: 41a9c832ca44e83c24b1bbbccdcc5a5b832a0446020f0d7a30ef4c90a73534fc
- hash: 0cddcfb0b3eb18e6a1934eee0a9518d4f0a8c82597031dab6ce8917f53bc886d
- hash: 2ce3374c0ccf5b5d4ceafa267f33786452720990efc2627584950d059cbac79f
- hash: f152e5fdb9211bcf9ad961937964c64e5047b4667627fff4932a4db122d26729
- url: http://63.250.40.204/~wpdemo/file.php?search=8376882
- file: 164.90.213.227
- hash: 443
- file: 185.117.75.123
- hash: 443
- file: 95.215.108.72
- hash: 8080
- file: 209.141.49.248
- hash: 1312
- url: http://63.250.40.204/~wpdemo/file.php?search=6554483
- url: http://reoildriend.sytes.net/vingvhuiufd/panel/five/fre.php
- url: http://79.141.161.22/rs.js
- file: 79.141.161.22
- hash: 80
- hash: ba7814a0230070fb0a3ec481d1fc93769d081beed6276925b525c40461f628b6
- hash: 87d86132095541ed3b5fe05eb06692e1712287b6ffd9832a28eb85f52b55f0a5
- hash: 562207163defcad653f4332b78ae7b6a9ff9c06b5be005e7f7da30420e788c53
- hash: 0a6589e8bec291fcbb9ee4e8341c2bf6506f26a9a8174975e7ea8722f20c7845
- file: 91.109.178.8
- hash: 5050
- hash: 1d4a85c5c35b352c317f11d620ffdd1d2c300f927f6c7fa0e0f63694c55bb5f7
- hash: c1331b89e53012ba8c4631c7a9bfe207dd65aa4fcefd063da72b86236e86e372
- hash: 9508c04b4c1dd578c8c3b8597a68bb73548b107edcbb37f13909a18d85f78b3a
- hash: eed56f690667f0bcdfb715db2583982f3c3c97e358fcb86d3788604f07ba3966
- hash: 89885adcbb030fd0251b08cc401392e90d4ad948f6cfc68dda34472c455a8951
- file: 159.223.21.94
- hash: 443
- hash: 78e94c7f2c9ddff56b7eb557efd82e6f944b2b0262fbd3ffaf944d267131a6ae
- hash: b1646a1969fa9d03485671ca4d50dd89f6263179310881fa4b3e3580a4e02da9
- hash: fd1f7eb987b09bd6d534d8acdaa58fda7c607fc1e38e6f13ce97d62a41dec8be
- hash: 0e75842b6a2e8a95a1c59335e2b367c24f2452814905b3ac126878aba58fe47a
- hash: 6ed753e5b9a7ac5d89a6f9749e24c5beb7483c6fda2057e81e1eb3ed5a32ab21
- hash: 37b78e9a50830b88e97f6048f90ea0afe925e0c6e4f0e9a1cf3c7849787d9c4c
- hash: 669f274f18e59c1600104f77e4622c96b5eb3cc0add18625103346ce9177ea9c
- hash: 7aeb5171e90e813e9f494faf648e9f971fded6700d435972a43389b3ba701d05
- file: 159.223.101.71
- hash: 443
- url: http://www.syxcool.cf:8080/push
- file: 198.46.143.219
- hash: 8080
- url: http://82.157.1.215/match
- file: 82.157.1.215
- hash: 80
- url: http://1.116.207.171:86/ptj
- file: 1.116.207.171
- hash: 86
- hash: 5639c11ec67442443212c1b9771cf3462670e03f1116d0caca38dae306491de4
- hash: 0dba5ac9d16cfc7c8942d41178512a6cff2cb57b9b775ea4f1e7ac7cc357fa68
- hash: 187cb817751d6871eb7be566dd9d9a98a46edb11391220b69e4fad695f31e605
- hash: b06b803c1a654849e7b0310b0b590ca574568ab9eba41858e8caaff5dbbeacba
- hash: 28d82936ca3150866022f80b28d5422d66f54fb6fd81321a3e853ce29faf74ff
- hash: c03baf4422da1ced1ec5a7a2ee547da163fb6056881efbe46e081531ed43ea35
- hash: b71c739fea2e0befe20eeaf814f5ffcb90277ac825cb6328adce7c3985ea7883
- hash: 605e57c5643a2292002481fee5fe3b7ba0243fc8e3ed6d423c814554cf6b4bba
- hash: f3fc38ead9aae7ffdb533c056bcc93f6db5cbf153ac9cd8673945535288af947
- hash: 2575cf1107a08d1fd3948a056dffc9ce7477aa358b62e006ab12531e1305c326
- hash: 20f78ac002f9947ee813001e4dd6a2adac6f0cd06075fad4e050424910586233
- hash: 1bfe1a1ab18340fc2d8db60dc0ee09ce05c6cebcc056b2cc0692ff315d3fb9ff
- hash: bc316b9670025dd47a54cf5d9e3e31c8ab4855a6f67ec2498848b5c6aa1b7553
- url: http://tdeasy.duckdns.org:6128/vre
- file: 23.102.1.5
- hash: 6129
- url: https://45.117.102.139/fwlink
- hash: c96821c49a936964dc21d8004ac5eef5681317903c3fd3800c76d344d699735d
- hash: 2c6b4b48ccb98fa1d4897b063e6b4f14655ad79aaf218a3742cc62d7e47abe06
- hash: 988c1b9c99f74739edaf4e80ecaba04407e0ca7284f3dbd13c87a506bf0e97b7
- hash: 775e2dc3e54857da477bb2b85e9d29e87c9d7103ddd2256faffc162de46b8078
- hash: 72894f70269d12430eca6e3c89fa739d3e89851fe53cf4185b68cb0b7b10a385
- hash: 1ade2c03f3a21a3ce9c065cacc63aa9221fbaa90138e9ac7e9466210ebaa588a
- hash: f34eb9d345d7d40d2d2ebf903d2c29cc39efe8d52b2f909d58b6f02b5b6d5c82
- hash: b06cbb3cbf7184f545d66919153d9381cd5a5f602ecbec123182b7e64caaba99
- url: http://tdeasy.duckdns.org:6128
- hash: 32c06152828c3d144b82e6e1f4ef18381be1dfd307105851827e358c64156949
- hash: 934690e391745fca58ca0df6d41952d6f58ed7b18ab8fdda22484b01eb262be8
- hash: c3f8d6b3e497471cc5e1526d59f7068f0655704f98dca59d79a77b81f1cb7fd5
- hash: ec7da076ff58d306c60129793951be70edbca2b48c0c9d10ea9d2e8f30a21ca5
- file: 103.151.123.194
- hash: 8903
- file: 194.147.149.3
- hash: 606
- file: 103.151.123.194
- hash: 7840
- file: 185.228.19.147
- hash: 7922
- file: 5.230.84.50
- hash: 1560
- file: 103.151.123.194
- hash: 7829
- file: 23.95.115.74
- hash: 1465
- file: 23.95.115.74
- hash: 1560
- file: 23.95.115.74
- hash: 1759
- file: 23.95.115.74
- hash: 1985
- hash: 3563d9f6b7170b84d5fc589df6ff72f754025c8575d3d92c7fee09446beac0c8
- hash: 83d969f48d9ba67f00e732c7ddef343f9b23b3048228a266214a991d52856b4f
- hash: 9d9056d76be4beb3cc17cd95c47108ab42d73255f2bc031423d044ed927fb885
- hash: 555fd11933a1bb3a71714e1c234cdeaf7ea3c614f24eebec3786fb61cb3b5b5e
- file: 23.102.1.5
- hash: 6121
- hash: fd09789949b53a44f9f8d85655b64174379bdc05096bf649cc20bd0758cd0a06
- hash: 200240d4e105e6fe096395c4b44f18f5af43160b981aa2d4fe5eeac71189a14e
- hash: 35b456c577ef3fd4bf9c0fe891f37ea6d674eec26881ecfc1bfaeda7940ce52f
- hash: b7f3d1dd2aa804eb498480b7a3b03ea003efb665005e844e51be5b8ab9dc8e79
- domain: toptelete.top
- url: http://185.142.236.220/azur/index.php
- hash: f4f54999d620694ab06ae2a129e40fc7e916e398f7e96f27b6cd86e05c92a21c
- hash: 7ba579db4b2485e75dbeff653199f592e4067706225975038ad011b73562c3fb
- hash: 07976cf0ef4b784bb88ab543f7784d0dcd53537881bb4de45d1675c428f010b9
- hash: afbae06f0ec7939e039a47b7579a98f269eca1be5625e7343267cf4bbb0d5709
- hash: 2bd745dd877488558d3a7faf02dba0ae989ec41dfff66dea9a9fd70f2ebb04d3
- hash: ac794a77a23b2dc0b1d84efae12b14b7941b8ae468fc64443ea6c2819383cce7
- hash: bedd7a999dd6cb36bcaede8fca958227a230ce2862e7404b5e62ddd3203f3bec
- hash: 9b4ca94ec5ec101754d54a2d73aa5f84fdfe97bc1021d166f07ddcaf5482c059
- hash: dcb66b5589d9917bfa929fb2680b48a8ee1a9d88a8801734dca25a9b6f75719c
- hash: 0ba6dfe7339f888b2ee416124f9f7e863a69c7032de017e8f5adb04615d19d75
- hash: d173d3721a221790dd5d725fba8cd055e1719ac21d10fca44f0ba6f20feccd81
- hash: e83ce530468ceacafc364791ce8de4cdc2b456cb0df25b93ac4055a99b031702
- file: 3.136.65.236
- hash: 12545
- url: http://45.77.37.42/cx
- file: 45.77.37.42
- hash: 80
- url: https://com.pptp.services:8443/api/3
- file: 172.96.199.223
- hash: 8443
- url: http://45.128.208.60:81/updates.rss
- file: 45.128.208.60
- hash: 81
- url: http://onedriveup.3utilities.com:8088/__utm.gif
- file: 45.77.70.135
- hash: 8088
- url: https://161.97.138.56:8443/match
- file: 161.97.138.56
- hash: 8443
- file: 92.118.61.114
- hash: 9999
- url: http://106.13.235.225/api/getit
- file: 106.13.235.225
- hash: 80
- url: https://13.213.69.102:4433/cm
- file: 13.213.69.102
- hash: 4433
- url: https://137.184.56.49/load
- file: 137.184.56.49
- hash: 443
- url: http://cs.bc8.in:2082/j.ad
- file: 104.36.231.42
- hash: 2082
- file: 104.36.231.43
- hash: 2082
- url: http://45.147.229.64:5060/fwlink
- file: 45.147.229.64
- hash: 5060
- url: https://103.130.218.183/match
- file: 103.130.218.183
- hash: 443
- url: https://43.132.201.196:4433/cx
- file: 43.132.201.196
- hash: 4433
- url: https://106.52.65.141/push
- file: 106.52.65.141
- hash: 443
- url: https://178.128.126.235:4433/pixel
- file: 178.128.126.235
- hash: 4433
- url: http://195.123.242.134/da.js
- file: 195.123.242.134
- hash: 80
- file: 5.252.176.115
- hash: 80
- file: 104.36.231.44
- hash: 2082
- url: http://103.130.218.183/pixel.gif
- file: 103.130.218.183
- hash: 80
- url: http://104.225.234.121/c/msdownload/update/others/2016/12/29136388_
- file: 104.225.234.121
- hash: 80
- url: https://43.225.31.149/j.ad
- file: 43.225.31.149
- hash: 443
- url: http://213.139.208.241/g.pixel
- file: 213.139.208.241
- hash: 80
- url: http://89.133.24.43/ca
- file: 89.133.24.43
- hash: 80
- url: http://104.168.165.125:90/pixel.gif
- file: 104.168.165.125
- hash: 90
- url: https://automotive-design-cdn.azureedge.net/jquery-3.3.1.min.js
- file: 3.18.119.199
- hash: 443
- url: http://172.86.124.212:8012/ptj
- file: 172.86.124.212
- hash: 8012
- url: http://192.168.107.130/match
- file: 45.63.60.34
- hash: 80
- url: http://91.219.236.97/
- hash: 7eb03078f08f097b0eebc611ac1b3f6f443fac5abdfb8879175193aedf24d37b
- hash: 812d78a50a8de210dbbce12fda210461770b8b928f8b3249de80ecb68055f61e
- hash: e3380dfdd6297ac134bb22c7c1603782f198a5b2164855bf66a95bae47ab472d
- hash: 8245ad87eea6a1f19f658adef8a30b9a512760d866b7075bbf205d7a54296234
- hash: 033247a6ba1cd0543f27857fb6743e16fdd2990cea1df3dce93e4031c8046d1a
- hash: dfc50de58c6339e624b60a7e6d5bccc20297656cd80183379fac54f11b3e6f56
- hash: d89b90bed3ca49a3110ab8abf95b27e42e87f31fa6427e32857f097da65c58ab
- hash: 8920b1d5b8a3f73bb010cdd5014602e4d974f2d7ef3e63f25674be6b03a4b21e
- file: 185.157.160.198
- hash: 1975
- url: http://secure01-redirect.net/bo/fre.php
- file: 185.157.160.198
- hash: 1973
- url: http://137.184.73.79/file/logs/fre.php
- hash: 3b7a0b9d932269850390271fe5e196d42175dc9d17c69e4764f00627c17e58d1
- hash: 20725ee30e6dd4a06a4850bd364ef3dddbd3a0dfb8eda7ebe18eda719ce28383
- hash: cfa7b4b4fc55791d6fe487f6945550af8b4e76b7642c417498ad519131c70e66
- hash: a811c4187d3965aaec46bc83dd0518e398412e9dfce8817cb03623e6afcdc4df
- hash: 5080e84442d836915e15b83a5f640c25ec43a0d78bd1bd83aff2829a05067c97
- hash: bd554a47604731efbccd085793c50bca47b0b8336447a1ed660007b2d48a0b6b
- hash: eed781a42769761d30787cecd662c5b6ba70589724a456d09ae008e1bd68835f
- hash: 344e30291a03a208638015f82b2dcc084cfb618abf34914f937bd3e38a2af4f9
- hash: 38028aa93c9baedaa2f00cb34b2493a0959662fb34823b045c3e931c325221a8
- hash: e2fb98ed5fc7939660bc49c06fb2c1a2a8738749a65c416dff4510d208bb0517
- hash: 100c0c7dc122d238b42f8e371d0464aa35935962b6bf8885f3330ab0ce1aa9b2
- hash: cd7ca15cbf364010f205472f863773ae99f1474dcb846419973b476226832ff6
- file: 51.178.104.138
- hash: 4946
- hash: ca794f53503fbef5a2f3c3ab8719770a15b9e06c5904d200dd7bbff2631815d2
- hash: 9d1b4ffc7b4bdeb25bd861595c2d9fb34def39a48082e73d911eaf1ea3ed441d
- hash: 53ec144e7cdcc9da6f7a5d3dcb62066abedaf34cdf6b97d8ac601ce398da434a
- hash: 830db64baae973c5adcb128a82233050d34d4d4d5c1d37dcec698e2e5eb73359
- hash: b95602df2c09914384788c97c9bca318fc50bb443de39b13fb2e45856a2fe065
- hash: f9a00b06d360bd49641b05cf67c9ffaea535478c66c23261f3efffbded7ae994
- hash: af0edb87ccd5822603c46f381467f1e600b6e0c284a2cc71633d7195f06dc73b
- hash: 7f71a764ef838bdb62ecc2a708d5a69ba363fa318220872c5a423bf347134d51
- hash: 17bb183c9e8f262c2bd91228e788f4613279c795573b558c3981501ee02811ba
- hash: f9e631dd3b9e821e73e1303b23d478f0ecd685068a1b92a3d2158c4c459290bd
- hash: bd12cd27c1ce9f7c43ad069b21aca05d6510216d317371939b05429cdc850074
- hash: 355faa1b8f98124bfec75b6a2ef35483709124b81abcbb6784a3ae8657c05559
- file: 37.1.206.174
- hash: 228
- file: 37.1.206.174
- hash: 80
- file: 45.147.231.161
- hash: 38637
- hash: 090e1ddc68b328609df8c734e702e4fecdc55cce7816dd0a43b3053d79bc6579
- hash: 35231486153cee388c670fe38e700810cb7f4bb265f42d6d68c1b9494206360d
- hash: d7241a7da97fdefe199f23605bfab8f878728a71f4b1b12f26aa83f775ae2fc5
- hash: 5d5314ec5e467c3875f072915f95a4f1c143b1b7996e60d4c81c5ede11e604bd
ThreatFox IOCs for 2021-10-29
Description
ThreatFox IOCs for 2021-10-29
AI-Powered Analysis
Technical Analysis
The provided information pertains to a set of Indicators of Compromise (IOCs) published on October 29, 2021, by ThreatFox, a platform dedicated to sharing threat intelligence data. The threat is categorized as malware-related and is associated with OSINT (Open Source Intelligence) activities. However, the data lacks specific details about the malware family, attack vectors, affected software versions, or exploitation techniques. The threat level is indicated as 2 on an unspecified scale, with a medium severity rating assigned by the source. There are no known exploits in the wild linked to these IOCs, and no patches or mitigations are directly referenced. The absence of concrete technical details such as Common Weakness Enumerations (CWEs), affected products, or attack methodologies limits the depth of technical analysis. The distribution score of 3 suggests a moderate spread or sharing of these IOCs within the threat intelligence community. Given the nature of OSINT, these IOCs likely serve as detection or attribution data points rather than describing a novel or active malware campaign. Overall, this threat intelligence entry appears to be a routine update of malware-related IOCs intended for use in defensive measures rather than an immediate or active threat vector.
Potential Impact
For European organizations, the direct impact of this threat is currently limited due to the lack of known active exploitation and absence of specific vulnerable systems or software. The IOCs may aid in identifying malware infections or malicious activity retrospectively or during incident response. However, without actionable exploit details or targeted attack campaigns, the immediate risk to confidentiality, integrity, or availability is low. Organizations relying on OSINT feeds and threat intelligence platforms can leverage these IOCs to enhance detection capabilities and improve situational awareness. The medium severity rating suggests that while the threat is not negligible, it does not represent a critical or high-risk event at this time. European entities with mature cybersecurity operations may benefit from integrating these IOCs into their security monitoring tools to preemptively identify potential compromises. The lack of known exploits in the wild reduces the urgency for emergency response but underscores the importance of continuous monitoring and intelligence sharing.
Mitigation Recommendations
Given the nature of this threat as a set of IOCs without active exploitation, mitigation focuses on enhancing detection and response capabilities rather than patching specific vulnerabilities. European organizations should: 1) Integrate the provided IOCs into existing Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), and endpoint detection and response (EDR) tools to improve identification of related malicious activity. 2) Maintain updated threat intelligence feeds from reputable sources like ThreatFox to stay informed about emerging threats and indicators. 3) Conduct regular threat hunting exercises using these IOCs to proactively identify potential infections or compromises within their networks. 4) Ensure robust incident response plans are in place to investigate and remediate any alerts triggered by these IOCs. 5) Promote information sharing with industry peers and national cybersecurity centers to contextualize these IOCs within broader threat landscapes. 6) Since no patches are available, focus on hardening systems through standard cybersecurity best practices such as least privilege, network segmentation, and user awareness training to reduce the attack surface.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 0da059e4-8117-4ed1-b76a-9cc87713adce
- Original Timestamp
- 1635552182
Indicators of Compromise
Url
Value | Description | Copy |
---|---|---|
urlhttps://svchost.onedriveup.today:8080/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://gfjjblnoihugfjdrhcjgvhb.com:8081/pkgs/_/ms/update/oem853/2021/08/85644_ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://137.220.55.124/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://45.76.199.199:8443/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://104.168.247.31:8443/design/v1.38/3vy7px5bdrr | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://games.citizenspowerforchina.com/fam_cart | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://42.193.46.77:12211/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://www.helensilva.com:2053/api/3 | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://jetkm.com:1443/avatars.css | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://158.247.212.206:8443/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://18.141.72.140/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://test4.onedriveup.today/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://hns2.xyz:8443/hr.html | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://service-jyxh2boe-1257046868.usw.apigw.tencentcs.com/api/x | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://128.1.131.167/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://www.ksu111.tk/load | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://18.141.72.140/visit.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://masonplumberxjsne.com/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://3.21.220.91/ee.html | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://119.45.116.254:5050/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://66.42.44.124/update | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://114.118.4.209/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://service-my75ica4-1252037237.gz.apigw.tencentcs.com/api/x | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://34.96.255.223/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://155.138.156.234/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://164.155.79.66:8081/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://www.metanewsroom.net/ob7y/ | Formbook botnet C2 (confidence level: 100%) | |
urlhttp://updata.microsoft-api.workers.dev:443/be.css | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://ab-services.ma/copyright/img/frodo/panel/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://203.159.80.151/king/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://63.250.40.204/~wpdemo/file.php?search=8376882 | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttp://63.250.40.204/~wpdemo/file.php?search=6554483 | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttp://reoildriend.sytes.net/vingvhuiufd/panel/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://79.141.161.22/rs.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://www.syxcool.cf:8080/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://82.157.1.215/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://1.116.207.171:86/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://tdeasy.duckdns.org:6128/vre | Vjw0rm botnet C2 (confidence level: 100%) | |
urlhttps://45.117.102.139/fwlink | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://tdeasy.duckdns.org:6128 | Vjw0rm botnet C2 (confidence level: 100%) | |
urlhttp://185.142.236.220/azur/index.php | Azorult botnet C2 (confidence level: 100%) | |
urlhttp://45.77.37.42/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://com.pptp.services:8443/api/3 | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://45.128.208.60:81/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://onedriveup.3utilities.com:8088/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://161.97.138.56:8443/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://106.13.235.225/api/getit | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://13.213.69.102:4433/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://137.184.56.49/load | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://cs.bc8.in:2082/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://45.147.229.64:5060/fwlink | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://103.130.218.183/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://43.132.201.196:4433/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://106.52.65.141/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://178.128.126.235:4433/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://195.123.242.134/da.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://103.130.218.183/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://104.225.234.121/c/msdownload/update/others/2016/12/29136388_ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://43.225.31.149/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://213.139.208.241/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://89.133.24.43/ca | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://104.168.165.125:90/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://automotive-design-cdn.azureedge.net/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://172.86.124.212:8012/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://192.168.107.130/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://91.219.236.97/ | Raccoon botnet C2 (confidence level: 100%) | |
urlhttp://secure01-redirect.net/bo/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttp://137.184.73.79/file/logs/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) |
File
Value | Description | Copy |
---|---|---|
file149.28.81.175 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file176.121.14.117 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file137.220.55.124 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.76.199.199 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file104.168.247.31 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file42.193.46.77 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.77.9.110 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file216.244.71.141 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file158.247.212.206 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file18.141.72.140 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.28.81.175 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file31.220.44.244 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file216.238.67.218 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file128.1.131.167 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file51.4.148.78 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file18.141.72.140 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file173.232.146.125 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file3.21.220.91 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file119.45.116.254 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file108.160.138.201 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file114.118.4.209 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file54.38.123.239 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.12.230.36 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file34.96.255.223 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file155.138.156.234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file164.155.79.66 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.215.113.41 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file164.90.213.227 | BazarBackdoor botnet C2 server (confidence level: 100%) | |
file185.117.75.123 | BazarBackdoor botnet C2 server (confidence level: 100%) | |
file95.215.108.72 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file209.141.49.248 | Mirai botnet C2 server (confidence level: 75%) | |
file79.141.161.22 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.109.178.8 | NjRAT botnet C2 server (confidence level: 100%) | |
file159.223.21.94 | BazarBackdoor botnet C2 server (confidence level: 100%) | |
file159.223.101.71 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file198.46.143.219 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file82.157.1.215 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.116.207.171 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.102.1.5 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file103.151.123.194 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file194.147.149.3 | Bashlite botnet C2 server (confidence level: 75%) | |
file103.151.123.194 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.228.19.147 | NetWire RC botnet C2 server (confidence level: 100%) | |
file5.230.84.50 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file103.151.123.194 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file23.95.115.74 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file23.95.115.74 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file23.95.115.74 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file23.95.115.74 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file23.102.1.5 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file3.136.65.236 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file45.77.37.42 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.96.199.223 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.128.208.60 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.77.70.135 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file161.97.138.56 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file92.118.61.114 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.13.235.225 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file13.213.69.102 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file137.184.56.49 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file104.36.231.42 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file104.36.231.43 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.147.229.64 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.130.218.183 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.132.201.196 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.52.65.141 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file178.128.126.235 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file195.123.242.134 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file5.252.176.115 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file104.36.231.44 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.130.218.183 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file104.225.234.121 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.225.31.149 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file213.139.208.241 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file89.133.24.43 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file104.168.165.125 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file3.18.119.199 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.86.124.212 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.63.60.34 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.157.160.198 | BitRAT botnet C2 server (confidence level: 100%) | |
file185.157.160.198 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file51.178.104.138 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file37.1.206.174 | SectopRAT botnet C2 server (confidence level: 100%) | |
file37.1.206.174 | SectopRAT botnet C2 server (confidence level: 100%) | |
file45.147.231.161 | RedLine Stealer botnet C2 server (confidence level: 100%) |
Hash
Value | Description | Copy |
---|---|---|
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash12211 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2053 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5050 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash69f64ca4b22180560648691c2d52cfe11b253bb403663f8e92f25e0f76308dbb | Azorult payload (confidence level: 50%) | |
hash2778e5c8e94981206b305108d42ac9c9d7be5f36eaf94cab2483120e9d3d3696 | Azorult payload (confidence level: 50%) | |
hash3b282cd60bc0c9689b4a68d2013f986e3534190042c8359be580db7004803118 | Azorult payload (confidence level: 50%) | |
hash14518 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash2d3dcfb02dfa905434e38edadeef23d264a78d4c1be8f476d1e0dce1245a47e0 | Mirai payload (confidence level: 100%) | |
hash088460b2dec5ce8794505ac520c05c6f33eedc67e0af2625589248b987f7f3e9 | Mirai payload (confidence level: 100%) | |
hash696c1594aa1e4d4002249cfc586dbba959da7119b7e6cdff6938789b22a1a8aa | Mirai payload (confidence level: 100%) | |
hash37017c68ccbf9e7b72956ceea2f4824cad1da060b9d766ef83af4e2ec4297c0a | Mirai payload (confidence level: 100%) | |
hashf49bcf7318f91c12ff7430adc30b91bcab08b8c1f6335b0abb3ca6171e72f242 | Mirai payload (confidence level: 100%) | |
hashc7bd147a430551d331393fdfbabf13e216863ae99a23623f90a4a45946083ea0 | Mirai payload (confidence level: 100%) | |
hash66c6db26c9686da34853be257b9b0dd93d5aacb36812fe8b03417ab18580ed7e | Mirai payload (confidence level: 100%) | |
hashfabf187ea5f3a82f9b13083203deccf34ac00881428b080be04b92fbe2a53c42 | Mirai payload (confidence level: 100%) | |
hashe9d8da18241e2fe7e59185ce23de615f593de43c4c73e8e17ec0328facc00c0c | Mirai payload (confidence level: 100%) | |
hash41a9c832ca44e83c24b1bbbccdcc5a5b832a0446020f0d7a30ef4c90a73534fc | Mirai payload (confidence level: 100%) | |
hash0cddcfb0b3eb18e6a1934eee0a9518d4f0a8c82597031dab6ce8917f53bc886d | QakBot payload (confidence level: 75%) | |
hash2ce3374c0ccf5b5d4ceafa267f33786452720990efc2627584950d059cbac79f | QakBot payload (confidence level: 75%) | |
hashf152e5fdb9211bcf9ad961937964c64e5047b4667627fff4932a4db122d26729 | QakBot payload (confidence level: 75%) | |
hash443 | BazarBackdoor botnet C2 server (confidence level: 100%) | |
hash443 | BazarBackdoor botnet C2 server (confidence level: 100%) | |
hash8080 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash1312 | Mirai botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hashba7814a0230070fb0a3ec481d1fc93769d081beed6276925b525c40461f628b6 | Raccoon payload (confidence level: 50%) | |
hash87d86132095541ed3b5fe05eb06692e1712287b6ffd9832a28eb85f52b55f0a5 | Raccoon payload (confidence level: 50%) | |
hash562207163defcad653f4332b78ae7b6a9ff9c06b5be005e7f7da30420e788c53 | Raccoon payload (confidence level: 50%) | |
hash0a6589e8bec291fcbb9ee4e8341c2bf6506f26a9a8174975e7ea8722f20c7845 | Raccoon payload (confidence level: 50%) | |
hash5050 | NjRAT botnet C2 server (confidence level: 100%) | |
hash1d4a85c5c35b352c317f11d620ffdd1d2c300f927f6c7fa0e0f63694c55bb5f7 | Formbook payload (confidence level: 50%) | |
hashc1331b89e53012ba8c4631c7a9bfe207dd65aa4fcefd063da72b86236e86e372 | Formbook payload (confidence level: 50%) | |
hash9508c04b4c1dd578c8c3b8597a68bb73548b107edcbb37f13909a18d85f78b3a | Formbook payload (confidence level: 50%) | |
hasheed56f690667f0bcdfb715db2583982f3c3c97e358fcb86d3788604f07ba3966 | Formbook payload (confidence level: 50%) | |
hash89885adcbb030fd0251b08cc401392e90d4ad948f6cfc68dda34472c455a8951 | Hancitor payload (confidence level: 50%) | |
hash443 | BazarBackdoor botnet C2 server (confidence level: 100%) | |
hash78e94c7f2c9ddff56b7eb557efd82e6f944b2b0262fbd3ffaf944d267131a6ae | Hancitor payload (confidence level: 50%) | |
hashb1646a1969fa9d03485671ca4d50dd89f6263179310881fa4b3e3580a4e02da9 | Hancitor payload (confidence level: 50%) | |
hashfd1f7eb987b09bd6d534d8acdaa58fda7c607fc1e38e6f13ce97d62a41dec8be | Hancitor payload (confidence level: 50%) | |
hash0e75842b6a2e8a95a1c59335e2b367c24f2452814905b3ac126878aba58fe47a | Hancitor payload (confidence level: 50%) | |
hash6ed753e5b9a7ac5d89a6f9749e24c5beb7483c6fda2057e81e1eb3ed5a32ab21 | Raccoon payload (confidence level: 50%) | |
hash37b78e9a50830b88e97f6048f90ea0afe925e0c6e4f0e9a1cf3c7849787d9c4c | Raccoon payload (confidence level: 50%) | |
hash669f274f18e59c1600104f77e4622c96b5eb3cc0add18625103346ce9177ea9c | Raccoon payload (confidence level: 50%) | |
hash7aeb5171e90e813e9f494faf648e9f971fded6700d435972a43389b3ba701d05 | Raccoon payload (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash86 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5639c11ec67442443212c1b9771cf3462670e03f1116d0caca38dae306491de4 | AsyncRAT payload (confidence level: 50%) | |
hash0dba5ac9d16cfc7c8942d41178512a6cff2cb57b9b775ea4f1e7ac7cc357fa68 | Raccoon payload (confidence level: 50%) | |
hash187cb817751d6871eb7be566dd9d9a98a46edb11391220b69e4fad695f31e605 | Raccoon payload (confidence level: 50%) | |
hashb06b803c1a654849e7b0310b0b590ca574568ab9eba41858e8caaff5dbbeacba | Raccoon payload (confidence level: 50%) | |
hash28d82936ca3150866022f80b28d5422d66f54fb6fd81321a3e853ce29faf74ff | Raccoon payload (confidence level: 50%) | |
hashc03baf4422da1ced1ec5a7a2ee547da163fb6056881efbe46e081531ed43ea35 | SmokeLoader payload (confidence level: 50%) | |
hashb71c739fea2e0befe20eeaf814f5ffcb90277ac825cb6328adce7c3985ea7883 | SmokeLoader payload (confidence level: 50%) | |
hash605e57c5643a2292002481fee5fe3b7ba0243fc8e3ed6d423c814554cf6b4bba | SmokeLoader payload (confidence level: 50%) | |
hashf3fc38ead9aae7ffdb533c056bcc93f6db5cbf153ac9cd8673945535288af947 | SmokeLoader payload (confidence level: 50%) | |
hash2575cf1107a08d1fd3948a056dffc9ce7477aa358b62e006ab12531e1305c326 | Agent Tesla payload (confidence level: 50%) | |
hash20f78ac002f9947ee813001e4dd6a2adac6f0cd06075fad4e050424910586233 | Agent Tesla payload (confidence level: 50%) | |
hash1bfe1a1ab18340fc2d8db60dc0ee09ce05c6cebcc056b2cc0692ff315d3fb9ff | Agent Tesla payload (confidence level: 50%) | |
hashbc316b9670025dd47a54cf5d9e3e31c8ab4855a6f67ec2498848b5c6aa1b7553 | Agent Tesla payload (confidence level: 50%) | |
hash6129 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hashc96821c49a936964dc21d8004ac5eef5681317903c3fd3800c76d344d699735d | Nanocore RAT payload (confidence level: 50%) | |
hash2c6b4b48ccb98fa1d4897b063e6b4f14655ad79aaf218a3742cc62d7e47abe06 | Nanocore RAT payload (confidence level: 50%) | |
hash988c1b9c99f74739edaf4e80ecaba04407e0ca7284f3dbd13c87a506bf0e97b7 | Nanocore RAT payload (confidence level: 50%) | |
hash775e2dc3e54857da477bb2b85e9d29e87c9d7103ddd2256faffc162de46b8078 | Nanocore RAT payload (confidence level: 50%) | |
hash72894f70269d12430eca6e3c89fa739d3e89851fe53cf4185b68cb0b7b10a385 | BillGates payload (confidence level: 50%) | |
hash1ade2c03f3a21a3ce9c065cacc63aa9221fbaa90138e9ac7e9466210ebaa588a | BillGates payload (confidence level: 50%) | |
hashf34eb9d345d7d40d2d2ebf903d2c29cc39efe8d52b2f909d58b6f02b5b6d5c82 | BillGates payload (confidence level: 50%) | |
hashb06cbb3cbf7184f545d66919153d9381cd5a5f602ecbec123182b7e64caaba99 | BillGates payload (confidence level: 50%) | |
hash32c06152828c3d144b82e6e1f4ef18381be1dfd307105851827e358c64156949 | Raccoon payload (confidence level: 50%) | |
hash934690e391745fca58ca0df6d41952d6f58ed7b18ab8fdda22484b01eb262be8 | Raccoon payload (confidence level: 50%) | |
hashc3f8d6b3e497471cc5e1526d59f7068f0655704f98dca59d79a77b81f1cb7fd5 | Raccoon payload (confidence level: 50%) | |
hashec7da076ff58d306c60129793951be70edbca2b48c0c9d10ea9d2e8f30a21ca5 | Raccoon payload (confidence level: 50%) | |
hash8903 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash606 | Bashlite botnet C2 server (confidence level: 75%) | |
hash7840 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7922 | NetWire RC botnet C2 server (confidence level: 100%) | |
hash1560 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7829 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1465 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash1560 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash1759 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash1985 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash3563d9f6b7170b84d5fc589df6ff72f754025c8575d3d92c7fee09446beac0c8 | Raccoon payload (confidence level: 50%) | |
hash83d969f48d9ba67f00e732c7ddef343f9b23b3048228a266214a991d52856b4f | Raccoon payload (confidence level: 50%) | |
hash9d9056d76be4beb3cc17cd95c47108ab42d73255f2bc031423d044ed927fb885 | Raccoon payload (confidence level: 50%) | |
hash555fd11933a1bb3a71714e1c234cdeaf7ea3c614f24eebec3786fb61cb3b5b5e | Raccoon payload (confidence level: 50%) | |
hash6121 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hashfd09789949b53a44f9f8d85655b64174379bdc05096bf649cc20bd0758cd0a06 | AsyncRAT payload (confidence level: 50%) | |
hash200240d4e105e6fe096395c4b44f18f5af43160b981aa2d4fe5eeac71189a14e | AsyncRAT payload (confidence level: 50%) | |
hash35b456c577ef3fd4bf9c0fe891f37ea6d674eec26881ecfc1bfaeda7940ce52f | AsyncRAT payload (confidence level: 50%) | |
hashb7f3d1dd2aa804eb498480b7a3b03ea003efb665005e844e51be5b8ab9dc8e79 | AsyncRAT payload (confidence level: 50%) | |
hashf4f54999d620694ab06ae2a129e40fc7e916e398f7e96f27b6cd86e05c92a21c | Formbook payload (confidence level: 50%) | |
hash7ba579db4b2485e75dbeff653199f592e4067706225975038ad011b73562c3fb | Formbook payload (confidence level: 50%) | |
hash07976cf0ef4b784bb88ab543f7784d0dcd53537881bb4de45d1675c428f010b9 | Formbook payload (confidence level: 50%) | |
hashafbae06f0ec7939e039a47b7579a98f269eca1be5625e7343267cf4bbb0d5709 | Formbook payload (confidence level: 50%) | |
hash2bd745dd877488558d3a7faf02dba0ae989ec41dfff66dea9a9fd70f2ebb04d3 | Agent Tesla payload (confidence level: 50%) | |
hashac794a77a23b2dc0b1d84efae12b14b7941b8ae468fc64443ea6c2819383cce7 | Formbook payload (confidence level: 50%) | |
hashbedd7a999dd6cb36bcaede8fca958227a230ce2862e7404b5e62ddd3203f3bec | Agent Tesla payload (confidence level: 50%) | |
hash9b4ca94ec5ec101754d54a2d73aa5f84fdfe97bc1021d166f07ddcaf5482c059 | Formbook payload (confidence level: 50%) | |
hashdcb66b5589d9917bfa929fb2680b48a8ee1a9d88a8801734dca25a9b6f75719c | Agent Tesla payload (confidence level: 50%) | |
hash0ba6dfe7339f888b2ee416124f9f7e863a69c7032de017e8f5adb04615d19d75 | Formbook payload (confidence level: 50%) | |
hashd173d3721a221790dd5d725fba8cd055e1719ac21d10fca44f0ba6f20feccd81 | Agent Tesla payload (confidence level: 50%) | |
hashe83ce530468ceacafc364791ce8de4cdc2b456cb0df25b93ac4055a99b031702 | Formbook payload (confidence level: 50%) | |
hash12545 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2082 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2082 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5060 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2082 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash90 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8012 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7eb03078f08f097b0eebc611ac1b3f6f443fac5abdfb8879175193aedf24d37b | Amadey payload (confidence level: 50%) | |
hash812d78a50a8de210dbbce12fda210461770b8b928f8b3249de80ecb68055f61e | Amadey payload (confidence level: 50%) | |
hashe3380dfdd6297ac134bb22c7c1603782f198a5b2164855bf66a95bae47ab472d | Amadey payload (confidence level: 50%) | |
hash8245ad87eea6a1f19f658adef8a30b9a512760d866b7075bbf205d7a54296234 | Amadey payload (confidence level: 50%) | |
hash033247a6ba1cd0543f27857fb6743e16fdd2990cea1df3dce93e4031c8046d1a | Amadey payload (confidence level: 50%) | |
hashdfc50de58c6339e624b60a7e6d5bccc20297656cd80183379fac54f11b3e6f56 | Amadey payload (confidence level: 50%) | |
hashd89b90bed3ca49a3110ab8abf95b27e42e87f31fa6427e32857f097da65c58ab | Amadey payload (confidence level: 50%) | |
hash8920b1d5b8a3f73bb010cdd5014602e4d974f2d7ef3e63f25674be6b03a4b21e | Amadey payload (confidence level: 50%) | |
hash1975 | BitRAT botnet C2 server (confidence level: 100%) | |
hash1973 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash3b7a0b9d932269850390271fe5e196d42175dc9d17c69e4764f00627c17e58d1 | Amadey payload (confidence level: 50%) | |
hash20725ee30e6dd4a06a4850bd364ef3dddbd3a0dfb8eda7ebe18eda719ce28383 | Amadey payload (confidence level: 50%) | |
hashcfa7b4b4fc55791d6fe487f6945550af8b4e76b7642c417498ad519131c70e66 | Amadey payload (confidence level: 50%) | |
hasha811c4187d3965aaec46bc83dd0518e398412e9dfce8817cb03623e6afcdc4df | Amadey payload (confidence level: 50%) | |
hash5080e84442d836915e15b83a5f640c25ec43a0d78bd1bd83aff2829a05067c97 | Formbook payload (confidence level: 50%) | |
hashbd554a47604731efbccd085793c50bca47b0b8336447a1ed660007b2d48a0b6b | Formbook payload (confidence level: 50%) | |
hasheed781a42769761d30787cecd662c5b6ba70589724a456d09ae008e1bd68835f | Formbook payload (confidence level: 50%) | |
hash344e30291a03a208638015f82b2dcc084cfb618abf34914f937bd3e38a2af4f9 | Formbook payload (confidence level: 50%) | |
hash38028aa93c9baedaa2f00cb34b2493a0959662fb34823b045c3e931c325221a8 | Agent Tesla payload (confidence level: 50%) | |
hashe2fb98ed5fc7939660bc49c06fb2c1a2a8738749a65c416dff4510d208bb0517 | Agent Tesla payload (confidence level: 50%) | |
hash100c0c7dc122d238b42f8e371d0464aa35935962b6bf8885f3330ab0ce1aa9b2 | Agent Tesla payload (confidence level: 50%) | |
hashcd7ca15cbf364010f205472f863773ae99f1474dcb846419973b476226832ff6 | Agent Tesla payload (confidence level: 50%) | |
hash4946 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hashca794f53503fbef5a2f3c3ab8719770a15b9e06c5904d200dd7bbff2631815d2 | Nanocore RAT payload (confidence level: 50%) | |
hash9d1b4ffc7b4bdeb25bd861595c2d9fb34def39a48082e73d911eaf1ea3ed441d | Nanocore RAT payload (confidence level: 50%) | |
hash53ec144e7cdcc9da6f7a5d3dcb62066abedaf34cdf6b97d8ac601ce398da434a | Nanocore RAT payload (confidence level: 50%) | |
hash830db64baae973c5adcb128a82233050d34d4d4d5c1d37dcec698e2e5eb73359 | Nanocore RAT payload (confidence level: 50%) | |
hashb95602df2c09914384788c97c9bca318fc50bb443de39b13fb2e45856a2fe065 | Nanocore RAT payload (confidence level: 50%) | |
hashf9a00b06d360bd49641b05cf67c9ffaea535478c66c23261f3efffbded7ae994 | Nanocore RAT payload (confidence level: 50%) | |
hashaf0edb87ccd5822603c46f381467f1e600b6e0c284a2cc71633d7195f06dc73b | Nanocore RAT payload (confidence level: 50%) | |
hash7f71a764ef838bdb62ecc2a708d5a69ba363fa318220872c5a423bf347134d51 | Nanocore RAT payload (confidence level: 50%) | |
hash17bb183c9e8f262c2bd91228e788f4613279c795573b558c3981501ee02811ba | Amadey payload (confidence level: 50%) | |
hashf9e631dd3b9e821e73e1303b23d478f0ecd685068a1b92a3d2158c4c459290bd | Amadey payload (confidence level: 50%) | |
hashbd12cd27c1ce9f7c43ad069b21aca05d6510216d317371939b05429cdc850074 | Amadey payload (confidence level: 50%) | |
hash355faa1b8f98124bfec75b6a2ef35483709124b81abcbb6784a3ae8657c05559 | Amadey payload (confidence level: 50%) | |
hash228 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash80 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash38637 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash090e1ddc68b328609df8c734e702e4fecdc55cce7816dd0a43b3053d79bc6579 | Raccoon payload (confidence level: 50%) | |
hash35231486153cee388c670fe38e700810cb7f4bb265f42d6d68c1b9494206360d | Raccoon payload (confidence level: 50%) | |
hashd7241a7da97fdefe199f23605bfab8f878728a71f4b1b12f26aa83f775ae2fc5 | Raccoon payload (confidence level: 50%) | |
hash5d5314ec5e467c3875f072915f95a4f1c143b1b7996e60d4c81c5ede11e604bd | Raccoon payload (confidence level: 50%) |
Domain
Value | Description | Copy |
---|---|---|
domaintoptelete.top | Raccoon botnet C2 domain (confidence level: 100%) |
Threat ID: 682b7b9fd3ddd8cef2e68630
Added to database: 5/19/2025, 6:42:39 PM
Last enriched: 6/18/2025, 7:03:44 PM
Last updated: 8/15/2025, 8:33:08 AM
Views: 11
Related Threats
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumThreatFox IOCs for 2025-08-15
MediumThreat Actor Profile: Interlock Ransomware
Medium'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumKawabunga, Dude, You've Been Ransomed!
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.