ThreatFox IOCs for 2022-01-01
ThreatFox IOCs for 2022-01-01
AI Analysis
Technical Summary
The provided threat intelligence entry titled 'ThreatFox IOCs for 2022-01-01' pertains to a malware-related dataset sourced from ThreatFox, an open-source threat intelligence platform. The entry is categorized under 'type:osint' and 'tlp:white', indicating that the information is openly shareable and relates to open-source intelligence. The threat is described as malware but lacks specific details such as affected products, versions, or technical indicators of compromise (IOCs). No Common Weakness Enumerations (CWEs) or patch links are provided, and there are no known exploits in the wild associated with this dataset. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination but limited analytical depth. The absence of specific IOCs or affected systems implies that this entry serves more as a general repository or snapshot of malware-related intelligence rather than a detailed vulnerability or active threat report. Given the lack of detailed technical information, the threat appears to be of moderate concern, primarily serving as an informational resource for security teams to enhance situational awareness rather than indicating an immediate or targeted attack vector.
Potential Impact
Due to the generic nature of the provided information and absence of concrete technical details or affected systems, the direct impact on European organizations is difficult to quantify. However, as the entry relates to malware intelligence, it underscores the ongoing presence and distribution of malware threats that could potentially affect organizations relying on open-source intelligence for threat detection and response. European organizations that integrate ThreatFox data into their security operations may benefit from enhanced situational awareness but should be cautious about the limited specificity and actionable content of this particular dataset. The lack of known exploits in the wild and no identified vulnerable products reduces the immediate risk. Nonetheless, the presence of malware-related intelligence highlights the persistent threat landscape in which European entities operate, emphasizing the need for robust malware detection and response capabilities to mitigate potential infections that could lead to confidentiality breaches, data integrity issues, or availability disruptions.
Mitigation Recommendations
1. Enhance Threat Intelligence Integration: European organizations should ensure that their security information and event management (SIEM) and endpoint detection and response (EDR) systems are configured to ingest and correlate open-source threat intelligence feeds like ThreatFox to improve detection capabilities. 2. Validate and Enrich IOCs: Since the provided dataset lacks specific indicators, security teams should cross-reference ThreatFox data with other threat intelligence sources to enrich and validate potential IOCs before operational use. 3. Maintain Robust Malware Defenses: Employ advanced malware detection solutions, including behavior-based and heuristic analysis, to detect unknown or emerging malware variants that may not yet have published IOCs. 4. Continuous Monitoring and Analysis: Establish continuous monitoring processes to analyze incoming threat intelligence for actionable insights, focusing on identifying patterns or emerging threats relevant to the organization's environment. 5. User Awareness and Training: Given the general malware context, reinforce user training on phishing and social engineering tactics, which remain common malware infection vectors. 6. Incident Response Preparedness: Develop and regularly update incident response plans to quickly contain and remediate malware infections, even when specific threat details are limited.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- file: 185.44.81.176
- hash: 5555
- file: 46.249.32.109
- hash: 1227
- file: 188.212.124.129
- hash: 4444
- hash: 2b15d783620a05de53db739f44a9889e69b55474c163f39c5b6f50ccf260bd59
- hash: 3a87e40d847704aaec2583c452f5888fe2f02bec7e89d84f727f99f25eb033b3
- hash: 628879526511ea2f5aeb153539474f6d9f4b41f3defe74f23f4e264c5a850267
- hash: 2c7ef7de2d4af05f116134d3509e1cb84be57d1d17a8a7ff97eb5d86b8521513
- hash: 32b4db9ffd04e2c44d49f66e9d3ac2ef56e8c6828e92f97fc7783c6d1e70d10b
- hash: 363bb34442127fee6bdf85eb1758a46959fab80b6dce0bfa909dfe73ec43d5ce
- hash: 2cb675a5683068ac1080e68606ed5b05380f45a18c3d89286ecd4e8e70538a3a
- hash: 9ad46bce1d9e16f7c4db8a16a81fa5e2525a4f923153abe64d94f2a5c758d4d1
- hash: 4469d0e625e09f83bf980b9718b89b4d9fb9c9c7a8d5aab30f589f23f2aad6fd
- hash: 5bb50d577e75bdcd8383a4cbca2212f4e8f22e2792af2f19a17b167c21451841
- hash: b10259fa34bf8c8311eea4240a881195a553b085ccc3342d4a25d450cdf2042d
- hash: aec8d7ee04c4d4594d5d31c074974bb2b36d2b120777b6345bc5ee9d667c0f36
- hash: fc646062cfb581d6ea11c11d54d91c170e7b37ebdf1ad867ad50bf15ae8e2bd5
- hash: 32688a90adef20e15e99af62e369964193bd33b2fd18107df496715cf700ad3e
- hash: 242736e55fbac3c042ac30883a9ba0a31ffd1d79e5dab856bcef811e390fc0cb
- hash: 09b4fbdf354bb63dc39fe504ed2c87fd8d8f2a721b211be520ede8d3edd1e5a8
- hash: b2aeae77f2d5cabf537c60974314e90ec8e8101aa0310139814b5679afdf91bf
- hash: 74fb338b00d2350ac44e80e75bad6d3bee3259b1d51e235d8cf09c4553ec67c2
- hash: e2272effe913b582bde6ba9d657a1f9207b87f0e0b2a3aa4dcf03cdf1373e3af
- hash: d5eb0d72bfde0f5849d2fc05674191756e4f68d5efe05f31b0ab6aed87acda82
- hash: eb4e8341a05747792802474ed98676ccd82adc46151f44d885227f24bfebde32
- hash: d97ef4090064ef0abc596d176a5fc8cba2a19bb99689b5681fb6dbbfedf674ce
- hash: 5ae7867d7884d65aebeeb7911b170e1df07a387f608278dffa3dc855e248a752
- hash: a46c2fc8d6a4719a23f5841f5bae12087c09d02f4b35a6e4ddd4e221d0776b9f
- hash: 750fbc058c18f0f55a52be468fd2c9aa0f33338e2041305caf0e4c16f36eeaa7
- hash: c4edadeec458b525daa1e0860d24ba3d7f9ad0eee2e27a87e5b09899b0dcaf27
- hash: bc295c62547eed3efe71521589f31f9e9bb288a3c99ca91b14de55996a80884b
- hash: b021e618442368b9062191c3c8705e9c6f44f3b0099ed29c3dc02730c5e0ac59
- hash: 10f6f9406c7a6fe0cad60bce578d2c72b180441f98580c6a501c96edff895af7
- hash: 81b66a8e13fb96d8fa736c058d48b06553914db95dd97c78af90b59db5549286
- hash: 05e13a91ce9897047c3b207a319b5bd4ad199e502aa2e5364c60acc187a5926a
- hash: d3bcae83e52a408529ecbd703a5bda95693973cc60b0966d354cafc69008e241
- hash: 6635ba369cc750dafd4d743bb375d60ca10afb6406d86736dbf6d2b4698ad919
- hash: e04f25f4b76c99d30a43ddedcc40d323c11d10eafb0da4fc9f3409682d111778
- hash: 6f6697e7cc6550d800a625fc1d27912cc8c92920dca99e393e7b0a055676c05a
- hash: 12f5ae14094fab2fdf4f1f7cee670f39065c0edcfb8765c34a86f69333590730
- hash: 71e55895e6474ad615aca06609f0f0024466799c86c295b666979cb9032c4c68
- hash: 4a6d2a48595bffbd47eb11b86b759ab8f32fdaee25845c5d03491602d6e94f63
- hash: 497de709280e24d4477f3c303404dab7433f1b815101cee60a58b0fc96ab9ea3
- hash: 92a5a26f5739b8fd8188d1558afe77520e3c9073ea8f57e3357a431028ee521f
- hash: 2e2682fda1f277e419d673fc15e808723312318e9dcf71b6d17b013e18e3f3a5
- hash: 1d6e0ba4ff93254d9b547d690c03aac976969760a9c244afffd177bd30b96c19
- hash: 10a5fabf1847feb44437827b040f707b432b3cc93167720fe9879ca33477d5c1
- hash: f75df3aa8d37443cb0c2af04782fe8fab625e7615a938a2dc02f0f226203ec2d
- hash: 959cad4e781515233a2990db7df15438b89ab8061a95e2d4b05258ccfb4e34eb
- hash: bac509597a430526b0424b8358a6b95d77466422294ddfa54cd09c1e1142237a
- hash: d8ea2fc3b36e10d690631a3a3746ed0abdd1fd8ca89ace910259fa0968ca15f7
- hash: cc73dca263370bb88f7c176fc6659b39f2f3569b6649556d795a33fea1a3c09e
- hash: b957e454e58b8b516bfb95540dbc99094c47c6b62182374ceac5371bbfd53cb9
- hash: ed4864748b4e2cf71f56429476977e133d22f07a2854797dc35ee069263bfe36
- hash: 3a13730df683eb95b83978cab84e9f3e6805168a9d4367ba36bec7630464dc9d
- hash: 3b5ff37270f5a5929ac1508906cbce75be29b8a606076d895400b2f79672d7fa
- hash: 7838ed9cd6da8563dad9c3cb6b7e6d5cba119e04164b8ef7089b987c37e49575
- hash: 7f0218dc4fb0e7024770f5e53b6778f66172748b4c91b5aefbcfb16f0e786f54
- hash: 92f1bdcf9346046c35a0590b24328a47f62ec27e24ece4a78876b2e0aea35d7d
- hash: 1b23a02b41479e28f8f1e39c7ad6fe11f58a3f1804286c8c2a02d7e446df5768
- hash: da0e7d5bcbf44391ba06f609c60aef922204ac60d2e8e977d691150c83b2e1f8
- hash: d352036b86a896f79239ae6e8aeea21a5efb06130b1ed205b32e591a2f4046e2
- file: 103.208.86.221
- hash: 443
- file: 110.76.158.75
- hash: 11024
- file: 185.204.109.248
- hash: 26250
- domain: myrapt.top
- domain: famesurvelizerditis.sytes.net
- domain: tancesucesm.chickenkiller.com
- domain: artedriendfrim.hopto.org
- url: http://110.42.178.227:8080/ptj
- file: 110.42.178.227
- hash: 8080
- url: http://198.13.40.151:9999/__utm.gif
- file: 198.13.40.151
- hash: 9999
- url: https://66.112.218.249/access/
- file: 66.112.218.249
- hash: 443
- url: http://45.76.166.20:800/cm
- file: 45.76.166.20
- hash: 800
- url: http://42.240.129.81/ca
- file: 42.240.129.81
- hash: 80
- url: https://www.ethanwiener.top:9899/push
- file: 104.224.144.10
- hash: 9899
- url: https://service-pl38alm4-1304204648.gz.apigw.tencentcs.com/api/x
- file: 121.37.227.195
- hash: 443
- url: https://47.103.117.222/ptj
- file: 47.103.117.222
- hash: 443
- file: 23.94.50.159
- hash: 606
- hash: 538d3533398c3f0adbd59483ced973cf35803de5e9356e8dafb5f6bea4049a30
- hash: 1ef493ded6ef9a2510a901032b9f2f0fd5e13143e2a57542c6fe656efd946332
- hash: 9ed81a80ff7b51eed1be9022a43e2cf6dcd6c6c74dbbda497deacdf627e20587
- hash: e35984a57082baaa547ef6229bd1a3143510f041323f73a4d1ce001edb1f9a30
- file: 5.149.254.72
- hash: 80
- file: 185.181.8.130
- hash: 81
- url: http://82.156.9.16:8034/en_us/all.js
- file: 82.156.9.16
- hash: 8034
- url: http://172.16.25.236/j.ad
- file: 42.192.210.204
- hash: 80
- url: https://92.255.85.44:8443/match
- file: 92.255.85.44
- hash: 8443
- file: 2.58.149.40
- hash: 1312
- hash: e084907f25686b4f4c9e40de24a3da678f5a8465493f9c6d573da0261c53c749
- hash: 8ad652ed5304408015e65d5ab8ecf65fecf8f00c1e5eb97606bd01d6031f5418
- hash: 76d9e9e59d2a939f773e953a843906284bb52a14eb573c42c0b09402b65fa430
- hash: 018c83c04e4a058e5ff86566ca3c9aabf7e7a7d60aaf2e3e60e9673b1405fe2c
- hash: 12563558e5a77c4b0eb2b7573694b9a5fe2418cad1e26838e7d0c220ecb0d6bd
- hash: cc35e29b91f8776c3ae8fc60d95af3b1a5370d9f2be48b1d9ffbda42b38b2640
- hash: 4e58387d193e3c0a2e98115a73ae1f51a1afd6737dcd4b7adb189aaee1b0276a
- hash: 9f59d870d567cd3eebd771ce9a1a4e9c1c0aedd9c113783ea330e4e1b1b32f2e
- hash: 2ac463e979f0007262c34cdc864a09cbe558e3de005c9f4b1e1dc0b071de8f77
- hash: 1d6dd523f6823a5027731e57d56dfe9e628bb26aca01298965d95d059644d041
- hash: fc052c01b9d36a8ad38928cc88e5a9ad2b89c42d7bfd3da42d1f1129ac4b91c1
- hash: c53daa80a6cd096b435cec1dafc8f600ea381b94fdaaabeb2a8da75b939dfe1e
- hash: 9774e36bebd52d68fb0d7da001649ce86a9ed0d3f952d99d21b6c87c75d47f23
- hash: 4a57d7b7e15f1ddcff8302800a9ddb3d6f53db468d683d96878e4e1dbb2c2f04
- hash: 8eb1d95aec20bd685718835e6c6c3d496193c504aad9823136a9157aa0226467
- hash: 4bc62efb3c6399c455bb51ead3005c3f6a7f974133915cba73cf07775ff69d7a
- hash: 0870c2af5a5aae70c9aaf87156e8804411a42c06d6ffb06f25bc25a3bf4ed7ef
- hash: 51c49786d99d2dbd189343833a8787f20c5863aaa700341b73dddf61e7d4ac99
- hash: 8ccac7d81bc235f34857035ea7517f813991ad378361572d0f4bf0e0b689d5e2
- hash: 2bfdb62f266dc85fdf375baf949f6d5118f4ae33a43d7ea490ae00373e4f4af3
- hash: 0d43a3c205e8f0afab98b54c370837ceec490a11874a90d7589bd15e65f1901c
- hash: c630cee454cda1003674f69e8c3921966a5261a8e5171b09e607fff8de3d84d1
- hash: 0598aa7e706f78afc2362099a21ed53cd3986604f1985e03af0b19e4bfb56b7a
- hash: b4a66d70253f4ab133ab604b48c0efad78eb86475cbb774c6941b7fc32dc7ae9
- hash: 8cb9f7efbacd6e4692dcf97124025a8b4d684d44bd71628e81e357f17b9732b6
- hash: fb5f65e206774b23e3d8ea9e544fa50e5d4e30bff90b5233b86360739500fc7b
- hash: 83050136fd76d32cd58bc98398fcf16d85921fec955a5af0a93be04f37d78a8f
- hash: 97c8158f733d15fbb4095ab05269c15b3d71f06565d6eeaf77936f4773062ae6
- hash: 96934cf01f823894428c5368820f66a87f8ff9c84e840cb9b9af42f8b134ffe5
- hash: faee4939339a7bb45cdf87be5ead92cf13c087cedd6c1b639697e3484bd537a0
- hash: d77364d6a5b57734a5f6b8b2ca6c40e2598ba3fd623d6f31055a0b42cf1ed565
- hash: 43ec90a04ab64a20ded28488b6c42e251646102e6f774ac3c76c6a1e17daf9d6
- hash: 245abdbc40965eb8fee173c912b20a2d073025b9af83686b2cbe19581b378736
- hash: 33cde962f85ee784c764b0afd90a44c08696a819da668642f6b3d4df0730d18c
- hash: 5fb607f0c6b87fba518b13a027a6db358d360b5cc26dc8297b1cc7b541610436
- hash: 2e87417f41948dbddb012d29e6697ceafc738cdb421db6917bd4650f9e74250d
- hash: d1d597ba0340172c2d12cd9362ecd8d5bfa1bb751d6678181ede87869704d318
- hash: abd229ce4da99ed8fb0fc614c23a1ced8ff5adb978b2758f790b0bd0c18a3314
- hash: d696ff505bdd7fe79b048e3b96c37448408282825f5c9b19f7dd28b21c51a261
- hash: 7298c6156dde15ee188a06cde16243ea803a3b6e1f21890c4698198ebe71e162
- hash: 5ff9eabc01ccfd5fa39af78307b053fcbbca2914d5dec74171184ca93119f48b
- hash: 33bd34f8bf05dfa815b1e3266b97532263d3274c01b4d5a7aec68d4d204c61b0
- hash: 1479052d908e0057cf19343d000533864d9a270a1d304218a1865da2d77f58e2
- hash: 9912cf287f9014723d67e9f7170f65f81ee983aad0ed3c0754cec4243edd5293
- hash: 643d06981c873908c142c649578aaa6598432fb52b4b6bab4008b15ed675d663
- hash: 12c26f1f06eed3932f3e118d45339bf6e69c4acc59dfc0bb42379fb3bf488e36
- hash: 9608b770283f991b5334444bb29fa2e7ef2114f5fa773b01415b9e92cc4d960d
- hash: 7b24f14ce1d2cb622d41c4f8b6fe23edb1471ede00b0b0e8c6c37d8379f5f58a
- hash: 88ad79b0d08e19fd29dbce968e747a8d672892ce84a9277ef8332e68af85db30
- hash: 8bf425c8798cef9d78a268880c74d4cfae15eee94fb7de9ae5914f4ab1b50849
- hash: 3de2ee09eb03c8799f362572250472f0dd6ec0e13e4bf1ef6e16192391f156d0
- hash: 9b7d60d68e0092615cf87fcf90a9213029f870416de2c8e2193a6672a0540b9b
- hash: 3d2f419ab297c6feba5814d382e7d7eb41a2dfd7f07b9af3bd9b414151e0e911
- hash: 6fc439e0ecbd584390e97d6577c0452ad7cce6b72f9d68a23ead1981e80edf68
- hash: 3a23e4c22bb3a5f6621d962e947842f3233ecfdde7c10cfd5aeee868e3cb1656
- hash: 0083ba082fa4385e49cc079a44587e8f7f199f382a129606cd088abaa029d968
- hash: 3bb20ea21ce2ff235d2d7ffb6719ecac20f908b60643015a645af1287367b094
- hash: bd508361c487d9517cf7d967280d0dccee2c17a92d1be86fac139f468b71f448
- hash: 461a6913d9aa8e5841c6b082aca0752b0892c3d293ba10d6be9575058095ed95
- hash: e4c6a884aed008a8dfc951275a814bc357278ee9f104c0ed9a011d017c746e41
- hash: f12e6cd63a8d0c79621de6f617a1d5d58a811bc5e9a5798aa7fdb2b6fc067971
- hash: 3ff691626e5482d12fa85e76524a0ad03b5dc4c50233c16613354a9b6e9fa975
- hash: a61e9b0a3c8f147f1ab3d223224f1f3c9952cf5f32d8f3637d4ebeef850f3e52
- hash: 2edea1a69f63f65182b87515275daaf7cb3f4988bd6ee04523a9cb3f474b2b07
- hash: 809fdaf1df5b6470a048a17d00af0e7397fb51cdecbbb6dba0ef9ccfe47045b4
- hash: ff12b12987af75d130338e60899eae036dc25019bae96a6178da9e5f8bac59f2
- hash: 58893b599cb196f20f0ea6c1dcdb202aa419254eab3d962ec99d44828618658e
- hash: 99222c2d25b38debf962e3492d7340d0893fbef7b9837c32ddd4a4f55b7c1623
- hash: 240ae0f3795a6e085a3278bb4632cbef9897418e68adae68d849a1b7ce69f3a9
- hash: b18870a31537c05a7638016f9d986f227274542aa95264a639bfbfd46635c675
- hash: e9cd4345b688a9cce175b0bf3d9cb70ee81174acbe9ae04eb675a0b00fed48fe
- hash: b3fa0a9d2307c9bda1d8c251e472684e4b38151f25929ecdf843598eb14f0eed
- hash: a1614d2fbc88d047fdc1f83708a256dfda038f3f6d628dcfefb97d91ba6b3cd6
- hash: eb80aade50ae462b8ae6fd7e983ab709975d7a388baf3bd711e233e8ae070c2e
- hash: cbb1bdc79b590a815cbc770185f3ec3040dae4e818477d5cb1d8a768953379f1
- url: https://www.adstexts.co:8443/ga.js
- file: 114.116.40.60
- hash: 8443
- file: 185.204.217.174
- hash: 37009
- file: 2.58.149.40
- hash: 1302
- url: http://api.mcghealthcare.org/apiv2/v1/session/keepalive
- file: 54.218.64.189
- hash: 80
- url: https://man-x.cc/lv
- file: 91.218.114.26
- hash: 443
- url: https://rest.healthy2fit.com/apiv2/v1/session/keepalive
- file: 54.212.126.169
- hash: 443
- url: http://180.178.38.173/pixel.gif
- file: 180.178.38.170
- hash: 80
- url: http://155.94.138.16/cx
- file: 155.94.138.16
- hash: 80
- url: http://rest.mcghealthcare.org/apiv2/v1/session/keepalive
- file: 35.88.120.50
- hash: 80
- url: https://149.28.155.186/load
- file: 149.28.155.186
- hash: 443
- url: https://159.223.86.98/fwlink
- file: 159.223.86.98
- hash: 443
- file: 47.244.110.210
- hash: 801
- url: https://api.conservationcouncilnc.org/apiv2/v1/session/keepalive
- file: 34.218.64.242
- hash: 443
- url: http://rest.neckbackpainrelief.org/apiv2/v1/session/keepalive
- file: 35.88.108.58
- hash: 80
- url: https://121.5.76.27:8080/admin/login
- file: 121.5.76.27
- hash: 8080
- url: https://api.healthy2fit.com/apiv2/v1/session/keepalive
- file: 54.218.128.55
- hash: 443
- url: http://rest.helphealthcareservice.com/apiv2/v1/session/keepalive
- file: 54.245.179.238
- hash: 80
- url: https://159.223.47.130/cm
- file: 159.223.47.130
- hash: 443
- url: http://api.healthy2fit.com/apiv2/v1/session/keepalive
- file: 54.218.128.55
- hash: 80
- url: https://163.181.22.1/owa/nb8w4fazejaz4mkc0o8ycd2tgzhdvqot
- url: https://163.181.22.208/owa/nb8w4fazejaz4mkc0o8ycd2tgzhdvqot
- url: https://47.89.66.161/owa/dosryzuqlsiar0qjy3e4frkqckzmiczfmj663v7y
- url: https://79.133.177.215/owa/dosryzuqlsiar0qjy3e4frkqckzmiczfmj663v7y
- file: 162.62.133.175
- hash: 443
- url: http://165.232.163.9/api/3
- file: 165.232.163.9
- hash: 80
- url: https://rest.conservationcouncilnc.org/apiv2/v1/session/keepalive
- file: 34.222.234.255
- hash: 443
- url: http://192.210.201.107:9306/match
- file: 192.210.201.107
- hash: 9306
- url: http://107.173.111.104:2443/match
- file: 107.173.111.104
- hash: 2443
- url: http://rest.healthy2fit.com/apiv2/v1/session/keepalive
- file: 54.212.126.169
- hash: 80
- file: 180.178.38.173
- hash: 80
- url: http://81.70.77.79/pixel
- file: 81.70.77.79
- hash: 80
- url: https://bingsearch.live:8448/activity
- file: 185.7.214.132
- hash: 8448
- url: http://18.188.29.184/pixel.gif
- file: 18.188.29.184
- hash: 80
- url: http://rest.conservationcouncilnc.org/apiv2/v1/session/keepalive
- file: 34.222.234.255
- hash: 80
- url: http://api.conservationcouncilnc.org/apiv2/v1/session/keepalive
- file: 34.218.64.242
- hash: 80
- url: http://45.136.245.84:5544/match
- file: 45.136.245.84
- hash: 5544
- url: https://us-east.upstartinsurance.workers.dev/api2/json/cluster/tasks
- file: 167.172.136.160
- hash: 443
- file: 180.178.38.172
- hash: 80
- url: http://149.28.155.186:82/cx
- file: 149.28.155.186
- hash: 82
- url: https://rest.helphealthcareservice.com/apiv2/v1/session/keepalive
- file: 54.245.179.238
- hash: 443
ThreatFox IOCs for 2022-01-01
Description
ThreatFox IOCs for 2022-01-01
AI-Powered Analysis
Technical Analysis
The provided threat intelligence entry titled 'ThreatFox IOCs for 2022-01-01' pertains to a malware-related dataset sourced from ThreatFox, an open-source threat intelligence platform. The entry is categorized under 'type:osint' and 'tlp:white', indicating that the information is openly shareable and relates to open-source intelligence. The threat is described as malware but lacks specific details such as affected products, versions, or technical indicators of compromise (IOCs). No Common Weakness Enumerations (CWEs) or patch links are provided, and there are no known exploits in the wild associated with this dataset. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination but limited analytical depth. The absence of specific IOCs or affected systems implies that this entry serves more as a general repository or snapshot of malware-related intelligence rather than a detailed vulnerability or active threat report. Given the lack of detailed technical information, the threat appears to be of moderate concern, primarily serving as an informational resource for security teams to enhance situational awareness rather than indicating an immediate or targeted attack vector.
Potential Impact
Due to the generic nature of the provided information and absence of concrete technical details or affected systems, the direct impact on European organizations is difficult to quantify. However, as the entry relates to malware intelligence, it underscores the ongoing presence and distribution of malware threats that could potentially affect organizations relying on open-source intelligence for threat detection and response. European organizations that integrate ThreatFox data into their security operations may benefit from enhanced situational awareness but should be cautious about the limited specificity and actionable content of this particular dataset. The lack of known exploits in the wild and no identified vulnerable products reduces the immediate risk. Nonetheless, the presence of malware-related intelligence highlights the persistent threat landscape in which European entities operate, emphasizing the need for robust malware detection and response capabilities to mitigate potential infections that could lead to confidentiality breaches, data integrity issues, or availability disruptions.
Mitigation Recommendations
1. Enhance Threat Intelligence Integration: European organizations should ensure that their security information and event management (SIEM) and endpoint detection and response (EDR) systems are configured to ingest and correlate open-source threat intelligence feeds like ThreatFox to improve detection capabilities. 2. Validate and Enrich IOCs: Since the provided dataset lacks specific indicators, security teams should cross-reference ThreatFox data with other threat intelligence sources to enrich and validate potential IOCs before operational use. 3. Maintain Robust Malware Defenses: Employ advanced malware detection solutions, including behavior-based and heuristic analysis, to detect unknown or emerging malware variants that may not yet have published IOCs. 4. Continuous Monitoring and Analysis: Establish continuous monitoring processes to analyze incoming threat intelligence for actionable insights, focusing on identifying patterns or emerging threats relevant to the organization's environment. 5. User Awareness and Training: Given the general malware context, reinforce user training on phishing and social engineering tactics, which remain common malware infection vectors. 6. Incident Response Preparedness: Develop and regularly update incident response plans to quickly contain and remediate malware infections, even when specific threat details are limited.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- ea57c815-b8d9-45c9-afde-39e0532559bc
- Original Timestamp
- 1641081782
Indicators of Compromise
File
Value | Description | Copy |
---|---|---|
file185.44.81.176 | Mirai botnet C2 server (confidence level: 75%) | |
file46.249.32.109 | Bashlite botnet C2 server (confidence level: 75%) | |
file188.212.124.129 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file103.208.86.221 | BazarBackdoor botnet C2 server (confidence level: 75%) | |
file110.76.158.75 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file185.204.109.248 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file110.42.178.227 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file198.13.40.151 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file66.112.218.249 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.76.166.20 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file42.240.129.81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file104.224.144.10 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.37.227.195 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.103.117.222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.94.50.159 | Mirai botnet C2 server (confidence level: 75%) | |
file5.149.254.72 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file185.181.8.130 | Mirai botnet C2 server (confidence level: 75%) | |
file82.156.9.16 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file42.192.210.204 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file92.255.85.44 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file2.58.149.40 | Mirai botnet C2 server (confidence level: 75%) | |
file114.116.40.60 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.204.217.174 | Mirai botnet C2 server (confidence level: 75%) | |
file2.58.149.40 | Mirai botnet C2 server (confidence level: 75%) | |
file54.218.64.189 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.218.114.26 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file54.212.126.169 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file180.178.38.170 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file155.94.138.16 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file35.88.120.50 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.28.155.186 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file159.223.86.98 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.244.110.210 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file34.218.64.242 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file35.88.108.58 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.5.76.27 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file54.218.128.55 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file54.245.179.238 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file159.223.47.130 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file54.218.128.55 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file162.62.133.175 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file165.232.163.9 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file34.222.234.255 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file192.210.201.107 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.173.111.104 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file54.212.126.169 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file180.178.38.173 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file81.70.77.79 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.7.214.132 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file18.188.29.184 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file34.222.234.255 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file34.218.64.242 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.136.245.84 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file167.172.136.160 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file180.178.38.172 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.28.155.186 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file54.245.179.238 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Hash
Value | Description | Copy |
---|---|---|
hash5555 | Mirai botnet C2 server (confidence level: 75%) | |
hash1227 | Bashlite botnet C2 server (confidence level: 75%) | |
hash4444 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash2b15d783620a05de53db739f44a9889e69b55474c163f39c5b6f50ccf260bd59 | Mirai payload (confidence level: 100%) | |
hash3a87e40d847704aaec2583c452f5888fe2f02bec7e89d84f727f99f25eb033b3 | Mirai payload (confidence level: 100%) | |
hash628879526511ea2f5aeb153539474f6d9f4b41f3defe74f23f4e264c5a850267 | Mirai payload (confidence level: 100%) | |
hash2c7ef7de2d4af05f116134d3509e1cb84be57d1d17a8a7ff97eb5d86b8521513 | Mirai payload (confidence level: 100%) | |
hash32b4db9ffd04e2c44d49f66e9d3ac2ef56e8c6828e92f97fc7783c6d1e70d10b | Mirai payload (confidence level: 100%) | |
hash363bb34442127fee6bdf85eb1758a46959fab80b6dce0bfa909dfe73ec43d5ce | Mirai payload (confidence level: 100%) | |
hash2cb675a5683068ac1080e68606ed5b05380f45a18c3d89286ecd4e8e70538a3a | Mirai payload (confidence level: 100%) | |
hash9ad46bce1d9e16f7c4db8a16a81fa5e2525a4f923153abe64d94f2a5c758d4d1 | Mirai payload (confidence level: 100%) | |
hash4469d0e625e09f83bf980b9718b89b4d9fb9c9c7a8d5aab30f589f23f2aad6fd | Mirai payload (confidence level: 100%) | |
hash5bb50d577e75bdcd8383a4cbca2212f4e8f22e2792af2f19a17b167c21451841 | Mirai payload (confidence level: 100%) | |
hashb10259fa34bf8c8311eea4240a881195a553b085ccc3342d4a25d450cdf2042d | Mirai payload (confidence level: 100%) | |
hashaec8d7ee04c4d4594d5d31c074974bb2b36d2b120777b6345bc5ee9d667c0f36 | Mirai payload (confidence level: 100%) | |
hashfc646062cfb581d6ea11c11d54d91c170e7b37ebdf1ad867ad50bf15ae8e2bd5 | Mirai payload (confidence level: 100%) | |
hash32688a90adef20e15e99af62e369964193bd33b2fd18107df496715cf700ad3e | Mirai payload (confidence level: 100%) | |
hash242736e55fbac3c042ac30883a9ba0a31ffd1d79e5dab856bcef811e390fc0cb | Mirai payload (confidence level: 100%) | |
hash09b4fbdf354bb63dc39fe504ed2c87fd8d8f2a721b211be520ede8d3edd1e5a8 | Mirai payload (confidence level: 100%) | |
hashb2aeae77f2d5cabf537c60974314e90ec8e8101aa0310139814b5679afdf91bf | Mirai payload (confidence level: 100%) | |
hash74fb338b00d2350ac44e80e75bad6d3bee3259b1d51e235d8cf09c4553ec67c2 | Mirai payload (confidence level: 100%) | |
hashe2272effe913b582bde6ba9d657a1f9207b87f0e0b2a3aa4dcf03cdf1373e3af | Mirai payload (confidence level: 100%) | |
hashd5eb0d72bfde0f5849d2fc05674191756e4f68d5efe05f31b0ab6aed87acda82 | Mirai payload (confidence level: 100%) | |
hasheb4e8341a05747792802474ed98676ccd82adc46151f44d885227f24bfebde32 | Mirai payload (confidence level: 100%) | |
hashd97ef4090064ef0abc596d176a5fc8cba2a19bb99689b5681fb6dbbfedf674ce | Mirai payload (confidence level: 100%) | |
hash5ae7867d7884d65aebeeb7911b170e1df07a387f608278dffa3dc855e248a752 | Mirai payload (confidence level: 100%) | |
hasha46c2fc8d6a4719a23f5841f5bae12087c09d02f4b35a6e4ddd4e221d0776b9f | Mirai payload (confidence level: 100%) | |
hash750fbc058c18f0f55a52be468fd2c9aa0f33338e2041305caf0e4c16f36eeaa7 | Mirai payload (confidence level: 100%) | |
hashc4edadeec458b525daa1e0860d24ba3d7f9ad0eee2e27a87e5b09899b0dcaf27 | Mirai payload (confidence level: 100%) | |
hashbc295c62547eed3efe71521589f31f9e9bb288a3c99ca91b14de55996a80884b | Mirai payload (confidence level: 100%) | |
hashb021e618442368b9062191c3c8705e9c6f44f3b0099ed29c3dc02730c5e0ac59 | Mirai payload (confidence level: 100%) | |
hash10f6f9406c7a6fe0cad60bce578d2c72b180441f98580c6a501c96edff895af7 | Mirai payload (confidence level: 100%) | |
hash81b66a8e13fb96d8fa736c058d48b06553914db95dd97c78af90b59db5549286 | Mirai payload (confidence level: 100%) | |
hash05e13a91ce9897047c3b207a319b5bd4ad199e502aa2e5364c60acc187a5926a | Mirai payload (confidence level: 100%) | |
hashd3bcae83e52a408529ecbd703a5bda95693973cc60b0966d354cafc69008e241 | Mirai payload (confidence level: 100%) | |
hash6635ba369cc750dafd4d743bb375d60ca10afb6406d86736dbf6d2b4698ad919 | Mirai payload (confidence level: 100%) | |
hashe04f25f4b76c99d30a43ddedcc40d323c11d10eafb0da4fc9f3409682d111778 | Mirai payload (confidence level: 100%) | |
hash6f6697e7cc6550d800a625fc1d27912cc8c92920dca99e393e7b0a055676c05a | Mirai payload (confidence level: 100%) | |
hash12f5ae14094fab2fdf4f1f7cee670f39065c0edcfb8765c34a86f69333590730 | Mirai payload (confidence level: 100%) | |
hash71e55895e6474ad615aca06609f0f0024466799c86c295b666979cb9032c4c68 | Mirai payload (confidence level: 100%) | |
hash4a6d2a48595bffbd47eb11b86b759ab8f32fdaee25845c5d03491602d6e94f63 | Mirai payload (confidence level: 100%) | |
hash497de709280e24d4477f3c303404dab7433f1b815101cee60a58b0fc96ab9ea3 | Mirai payload (confidence level: 100%) | |
hash92a5a26f5739b8fd8188d1558afe77520e3c9073ea8f57e3357a431028ee521f | Mirai payload (confidence level: 100%) | |
hash2e2682fda1f277e419d673fc15e808723312318e9dcf71b6d17b013e18e3f3a5 | Mirai payload (confidence level: 100%) | |
hash1d6e0ba4ff93254d9b547d690c03aac976969760a9c244afffd177bd30b96c19 | Mirai payload (confidence level: 100%) | |
hash10a5fabf1847feb44437827b040f707b432b3cc93167720fe9879ca33477d5c1 | Mirai payload (confidence level: 100%) | |
hashf75df3aa8d37443cb0c2af04782fe8fab625e7615a938a2dc02f0f226203ec2d | Mirai payload (confidence level: 100%) | |
hash959cad4e781515233a2990db7df15438b89ab8061a95e2d4b05258ccfb4e34eb | Mirai payload (confidence level: 100%) | |
hashbac509597a430526b0424b8358a6b95d77466422294ddfa54cd09c1e1142237a | Mirai payload (confidence level: 100%) | |
hashd8ea2fc3b36e10d690631a3a3746ed0abdd1fd8ca89ace910259fa0968ca15f7 | Mirai payload (confidence level: 100%) | |
hashcc73dca263370bb88f7c176fc6659b39f2f3569b6649556d795a33fea1a3c09e | Mirai payload (confidence level: 100%) | |
hashb957e454e58b8b516bfb95540dbc99094c47c6b62182374ceac5371bbfd53cb9 | Mirai payload (confidence level: 100%) | |
hashed4864748b4e2cf71f56429476977e133d22f07a2854797dc35ee069263bfe36 | Mirai payload (confidence level: 100%) | |
hash3a13730df683eb95b83978cab84e9f3e6805168a9d4367ba36bec7630464dc9d | Mirai payload (confidence level: 100%) | |
hash3b5ff37270f5a5929ac1508906cbce75be29b8a606076d895400b2f79672d7fa | Mirai payload (confidence level: 100%) | |
hash7838ed9cd6da8563dad9c3cb6b7e6d5cba119e04164b8ef7089b987c37e49575 | Mirai payload (confidence level: 100%) | |
hash7f0218dc4fb0e7024770f5e53b6778f66172748b4c91b5aefbcfb16f0e786f54 | Mirai payload (confidence level: 100%) | |
hash92f1bdcf9346046c35a0590b24328a47f62ec27e24ece4a78876b2e0aea35d7d | Mirai payload (confidence level: 100%) | |
hash1b23a02b41479e28f8f1e39c7ad6fe11f58a3f1804286c8c2a02d7e446df5768 | Mirai payload (confidence level: 100%) | |
hashda0e7d5bcbf44391ba06f609c60aef922204ac60d2e8e977d691150c83b2e1f8 | Mirai payload (confidence level: 100%) | |
hashd352036b86a896f79239ae6e8aeea21a5efb06130b1ed205b32e591a2f4046e2 | Mirai payload (confidence level: 100%) | |
hash443 | BazarBackdoor botnet C2 server (confidence level: 75%) | |
hash11024 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash26250 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash800 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9899 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash606 | Mirai botnet C2 server (confidence level: 75%) | |
hash538d3533398c3f0adbd59483ced973cf35803de5e9356e8dafb5f6bea4049a30 | SmokeLoader payload (confidence level: 50%) | |
hash1ef493ded6ef9a2510a901032b9f2f0fd5e13143e2a57542c6fe656efd946332 | SmokeLoader payload (confidence level: 50%) | |
hash9ed81a80ff7b51eed1be9022a43e2cf6dcd6c6c74dbbda497deacdf627e20587 | SmokeLoader payload (confidence level: 50%) | |
hashe35984a57082baaa547ef6229bd1a3143510f041323f73a4d1ce001edb1f9a30 | SmokeLoader payload (confidence level: 50%) | |
hash80 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash81 | Mirai botnet C2 server (confidence level: 75%) | |
hash8034 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1312 | Mirai botnet C2 server (confidence level: 75%) | |
hashe084907f25686b4f4c9e40de24a3da678f5a8465493f9c6d573da0261c53c749 | QakBot payload (confidence level: 100%) | |
hash8ad652ed5304408015e65d5ab8ecf65fecf8f00c1e5eb97606bd01d6031f5418 | QakBot payload (confidence level: 100%) | |
hash76d9e9e59d2a939f773e953a843906284bb52a14eb573c42c0b09402b65fa430 | QakBot payload (confidence level: 100%) | |
hash018c83c04e4a058e5ff86566ca3c9aabf7e7a7d60aaf2e3e60e9673b1405fe2c | QakBot payload (confidence level: 100%) | |
hash12563558e5a77c4b0eb2b7573694b9a5fe2418cad1e26838e7d0c220ecb0d6bd | QakBot payload (confidence level: 100%) | |
hashcc35e29b91f8776c3ae8fc60d95af3b1a5370d9f2be48b1d9ffbda42b38b2640 | QakBot payload (confidence level: 100%) | |
hash4e58387d193e3c0a2e98115a73ae1f51a1afd6737dcd4b7adb189aaee1b0276a | QakBot payload (confidence level: 100%) | |
hash9f59d870d567cd3eebd771ce9a1a4e9c1c0aedd9c113783ea330e4e1b1b32f2e | QakBot payload (confidence level: 100%) | |
hash2ac463e979f0007262c34cdc864a09cbe558e3de005c9f4b1e1dc0b071de8f77 | QakBot payload (confidence level: 100%) | |
hash1d6dd523f6823a5027731e57d56dfe9e628bb26aca01298965d95d059644d041 | QakBot payload (confidence level: 100%) | |
hashfc052c01b9d36a8ad38928cc88e5a9ad2b89c42d7bfd3da42d1f1129ac4b91c1 | QakBot payload (confidence level: 100%) | |
hashc53daa80a6cd096b435cec1dafc8f600ea381b94fdaaabeb2a8da75b939dfe1e | QakBot payload (confidence level: 100%) | |
hash9774e36bebd52d68fb0d7da001649ce86a9ed0d3f952d99d21b6c87c75d47f23 | QakBot payload (confidence level: 100%) | |
hash4a57d7b7e15f1ddcff8302800a9ddb3d6f53db468d683d96878e4e1dbb2c2f04 | QakBot payload (confidence level: 100%) | |
hash8eb1d95aec20bd685718835e6c6c3d496193c504aad9823136a9157aa0226467 | QakBot payload (confidence level: 100%) | |
hash4bc62efb3c6399c455bb51ead3005c3f6a7f974133915cba73cf07775ff69d7a | QakBot payload (confidence level: 100%) | |
hash0870c2af5a5aae70c9aaf87156e8804411a42c06d6ffb06f25bc25a3bf4ed7ef | QakBot payload (confidence level: 100%) | |
hash51c49786d99d2dbd189343833a8787f20c5863aaa700341b73dddf61e7d4ac99 | QakBot payload (confidence level: 100%) | |
hash8ccac7d81bc235f34857035ea7517f813991ad378361572d0f4bf0e0b689d5e2 | QakBot payload (confidence level: 100%) | |
hash2bfdb62f266dc85fdf375baf949f6d5118f4ae33a43d7ea490ae00373e4f4af3 | QakBot payload (confidence level: 100%) | |
hash0d43a3c205e8f0afab98b54c370837ceec490a11874a90d7589bd15e65f1901c | QakBot payload (confidence level: 100%) | |
hashc630cee454cda1003674f69e8c3921966a5261a8e5171b09e607fff8de3d84d1 | QakBot payload (confidence level: 100%) | |
hash0598aa7e706f78afc2362099a21ed53cd3986604f1985e03af0b19e4bfb56b7a | QakBot payload (confidence level: 100%) | |
hashb4a66d70253f4ab133ab604b48c0efad78eb86475cbb774c6941b7fc32dc7ae9 | QakBot payload (confidence level: 100%) | |
hash8cb9f7efbacd6e4692dcf97124025a8b4d684d44bd71628e81e357f17b9732b6 | QakBot payload (confidence level: 100%) | |
hashfb5f65e206774b23e3d8ea9e544fa50e5d4e30bff90b5233b86360739500fc7b | Raccoon payload (confidence level: 100%) | |
hash83050136fd76d32cd58bc98398fcf16d85921fec955a5af0a93be04f37d78a8f | Raccoon payload (confidence level: 100%) | |
hash97c8158f733d15fbb4095ab05269c15b3d71f06565d6eeaf77936f4773062ae6 | Raccoon payload (confidence level: 100%) | |
hash96934cf01f823894428c5368820f66a87f8ff9c84e840cb9b9af42f8b134ffe5 | Raccoon payload (confidence level: 100%) | |
hashfaee4939339a7bb45cdf87be5ead92cf13c087cedd6c1b639697e3484bd537a0 | Raccoon payload (confidence level: 100%) | |
hashd77364d6a5b57734a5f6b8b2ca6c40e2598ba3fd623d6f31055a0b42cf1ed565 | Raccoon payload (confidence level: 100%) | |
hash43ec90a04ab64a20ded28488b6c42e251646102e6f774ac3c76c6a1e17daf9d6 | Raccoon payload (confidence level: 100%) | |
hash245abdbc40965eb8fee173c912b20a2d073025b9af83686b2cbe19581b378736 | Raccoon payload (confidence level: 100%) | |
hash33cde962f85ee784c764b0afd90a44c08696a819da668642f6b3d4df0730d18c | Raccoon payload (confidence level: 100%) | |
hash5fb607f0c6b87fba518b13a027a6db358d360b5cc26dc8297b1cc7b541610436 | Raccoon payload (confidence level: 100%) | |
hash2e87417f41948dbddb012d29e6697ceafc738cdb421db6917bd4650f9e74250d | Raccoon payload (confidence level: 100%) | |
hashd1d597ba0340172c2d12cd9362ecd8d5bfa1bb751d6678181ede87869704d318 | Raccoon payload (confidence level: 100%) | |
hashabd229ce4da99ed8fb0fc614c23a1ced8ff5adb978b2758f790b0bd0c18a3314 | Raccoon payload (confidence level: 100%) | |
hashd696ff505bdd7fe79b048e3b96c37448408282825f5c9b19f7dd28b21c51a261 | Raccoon payload (confidence level: 100%) | |
hash7298c6156dde15ee188a06cde16243ea803a3b6e1f21890c4698198ebe71e162 | Raccoon payload (confidence level: 100%) | |
hash5ff9eabc01ccfd5fa39af78307b053fcbbca2914d5dec74171184ca93119f48b | Raccoon payload (confidence level: 100%) | |
hash33bd34f8bf05dfa815b1e3266b97532263d3274c01b4d5a7aec68d4d204c61b0 | Raccoon payload (confidence level: 100%) | |
hash1479052d908e0057cf19343d000533864d9a270a1d304218a1865da2d77f58e2 | Raccoon payload (confidence level: 100%) | |
hash9912cf287f9014723d67e9f7170f65f81ee983aad0ed3c0754cec4243edd5293 | Raccoon payload (confidence level: 100%) | |
hash643d06981c873908c142c649578aaa6598432fb52b4b6bab4008b15ed675d663 | Raccoon payload (confidence level: 100%) | |
hash12c26f1f06eed3932f3e118d45339bf6e69c4acc59dfc0bb42379fb3bf488e36 | Raccoon payload (confidence level: 100%) | |
hash9608b770283f991b5334444bb29fa2e7ef2114f5fa773b01415b9e92cc4d960d | Raccoon payload (confidence level: 100%) | |
hash7b24f14ce1d2cb622d41c4f8b6fe23edb1471ede00b0b0e8c6c37d8379f5f58a | Raccoon payload (confidence level: 100%) | |
hash88ad79b0d08e19fd29dbce968e747a8d672892ce84a9277ef8332e68af85db30 | Raccoon payload (confidence level: 100%) | |
hash8bf425c8798cef9d78a268880c74d4cfae15eee94fb7de9ae5914f4ab1b50849 | Raccoon payload (confidence level: 100%) | |
hash3de2ee09eb03c8799f362572250472f0dd6ec0e13e4bf1ef6e16192391f156d0 | Raccoon payload (confidence level: 100%) | |
hash9b7d60d68e0092615cf87fcf90a9213029f870416de2c8e2193a6672a0540b9b | Raccoon payload (confidence level: 100%) | |
hash3d2f419ab297c6feba5814d382e7d7eb41a2dfd7f07b9af3bd9b414151e0e911 | Raccoon payload (confidence level: 100%) | |
hash6fc439e0ecbd584390e97d6577c0452ad7cce6b72f9d68a23ead1981e80edf68 | Raccoon payload (confidence level: 100%) | |
hash3a23e4c22bb3a5f6621d962e947842f3233ecfdde7c10cfd5aeee868e3cb1656 | Raccoon payload (confidence level: 100%) | |
hash0083ba082fa4385e49cc079a44587e8f7f199f382a129606cd088abaa029d968 | Raccoon payload (confidence level: 100%) | |
hash3bb20ea21ce2ff235d2d7ffb6719ecac20f908b60643015a645af1287367b094 | Raccoon payload (confidence level: 100%) | |
hashbd508361c487d9517cf7d967280d0dccee2c17a92d1be86fac139f468b71f448 | Raccoon payload (confidence level: 100%) | |
hash461a6913d9aa8e5841c6b082aca0752b0892c3d293ba10d6be9575058095ed95 | Raccoon payload (confidence level: 100%) | |
hashe4c6a884aed008a8dfc951275a814bc357278ee9f104c0ed9a011d017c746e41 | Raccoon payload (confidence level: 100%) | |
hashf12e6cd63a8d0c79621de6f617a1d5d58a811bc5e9a5798aa7fdb2b6fc067971 | Raccoon payload (confidence level: 100%) | |
hash3ff691626e5482d12fa85e76524a0ad03b5dc4c50233c16613354a9b6e9fa975 | Raccoon payload (confidence level: 100%) | |
hasha61e9b0a3c8f147f1ab3d223224f1f3c9952cf5f32d8f3637d4ebeef850f3e52 | Raccoon payload (confidence level: 100%) | |
hash2edea1a69f63f65182b87515275daaf7cb3f4988bd6ee04523a9cb3f474b2b07 | Raccoon payload (confidence level: 100%) | |
hash809fdaf1df5b6470a048a17d00af0e7397fb51cdecbbb6dba0ef9ccfe47045b4 | Raccoon payload (confidence level: 100%) | |
hashff12b12987af75d130338e60899eae036dc25019bae96a6178da9e5f8bac59f2 | Raccoon payload (confidence level: 100%) | |
hash58893b599cb196f20f0ea6c1dcdb202aa419254eab3d962ec99d44828618658e | Raccoon payload (confidence level: 100%) | |
hash99222c2d25b38debf962e3492d7340d0893fbef7b9837c32ddd4a4f55b7c1623 | Raccoon payload (confidence level: 100%) | |
hash240ae0f3795a6e085a3278bb4632cbef9897418e68adae68d849a1b7ce69f3a9 | Raccoon payload (confidence level: 100%) | |
hashb18870a31537c05a7638016f9d986f227274542aa95264a639bfbfd46635c675 | Raccoon payload (confidence level: 100%) | |
hashe9cd4345b688a9cce175b0bf3d9cb70ee81174acbe9ae04eb675a0b00fed48fe | Raccoon payload (confidence level: 100%) | |
hashb3fa0a9d2307c9bda1d8c251e472684e4b38151f25929ecdf843598eb14f0eed | Raccoon payload (confidence level: 100%) | |
hasha1614d2fbc88d047fdc1f83708a256dfda038f3f6d628dcfefb97d91ba6b3cd6 | Raccoon payload (confidence level: 100%) | |
hasheb80aade50ae462b8ae6fd7e983ab709975d7a388baf3bd711e233e8ae070c2e | Raccoon payload (confidence level: 100%) | |
hashcbb1bdc79b590a815cbc770185f3ec3040dae4e818477d5cb1d8a768953379f1 | Raccoon payload (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash37009 | Mirai botnet C2 server (confidence level: 75%) | |
hash1302 | Mirai botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash801 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9306 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8448 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5544 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash82 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Domain
Value | Description | Copy |
---|---|---|
domainmyrapt.top | GCleaner botnet C2 domain (confidence level: 100%) | |
domainfamesurvelizerditis.sytes.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaintancesucesm.chickenkiller.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainartedriendfrim.hopto.org | Quasar RAT botnet C2 domain (confidence level: 100%) |
Url
Value | Description | Copy |
---|---|---|
urlhttp://110.42.178.227:8080/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://198.13.40.151:9999/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://66.112.218.249/access/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://45.76.166.20:800/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://42.240.129.81/ca | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://www.ethanwiener.top:9899/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://service-pl38alm4-1304204648.gz.apigw.tencentcs.com/api/x | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://47.103.117.222/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://82.156.9.16:8034/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://172.16.25.236/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://92.255.85.44:8443/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://www.adstexts.co:8443/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://api.mcghealthcare.org/apiv2/v1/session/keepalive | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://man-x.cc/lv | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://rest.healthy2fit.com/apiv2/v1/session/keepalive | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://180.178.38.173/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://155.94.138.16/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://rest.mcghealthcare.org/apiv2/v1/session/keepalive | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://149.28.155.186/load | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://159.223.86.98/fwlink | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://api.conservationcouncilnc.org/apiv2/v1/session/keepalive | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://rest.neckbackpainrelief.org/apiv2/v1/session/keepalive | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://121.5.76.27:8080/admin/login | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://api.healthy2fit.com/apiv2/v1/session/keepalive | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://rest.helphealthcareservice.com/apiv2/v1/session/keepalive | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://159.223.47.130/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://api.healthy2fit.com/apiv2/v1/session/keepalive | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://163.181.22.1/owa/nb8w4fazejaz4mkc0o8ycd2tgzhdvqot | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://163.181.22.208/owa/nb8w4fazejaz4mkc0o8ycd2tgzhdvqot | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://47.89.66.161/owa/dosryzuqlsiar0qjy3e4frkqckzmiczfmj663v7y | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://79.133.177.215/owa/dosryzuqlsiar0qjy3e4frkqckzmiczfmj663v7y | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://165.232.163.9/api/3 | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://rest.conservationcouncilnc.org/apiv2/v1/session/keepalive | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://192.210.201.107:9306/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://107.173.111.104:2443/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://rest.healthy2fit.com/apiv2/v1/session/keepalive | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://81.70.77.79/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://bingsearch.live:8448/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://18.188.29.184/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://rest.conservationcouncilnc.org/apiv2/v1/session/keepalive | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://api.conservationcouncilnc.org/apiv2/v1/session/keepalive | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://45.136.245.84:5544/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://us-east.upstartinsurance.workers.dev/api2/json/cluster/tasks | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://149.28.155.186:82/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://rest.helphealthcareservice.com/apiv2/v1/session/keepalive | Cobalt Strike botnet C2 (confidence level: 100%) |
Threat ID: 682c7ac1e3e6de8ceb765f5d
Added to database: 5/20/2025, 12:51:13 PM
Last enriched: 6/19/2025, 1:34:11 PM
Last updated: 8/16/2025, 2:20:42 PM
Views: 13
Related Threats
ThreatFox IOCs for 2025-08-16
MediumScammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumThreatFox IOCs for 2025-08-15
MediumThreat Actor Profile: Interlock Ransomware
Medium'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.