ThreatFox IOCs for 2022-01-03
ThreatFox IOCs for 2022-01-03
AI Analysis
Technical Summary
The provided threat information pertains to a malware-related intelligence report titled "ThreatFox IOCs for 2022-01-03," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under "type:osint," indicating that it primarily involves open-source intelligence data rather than a specific malware family or exploit. No specific affected product versions or detailed technical indicators are provided, and there are no known exploits in the wild associated with this threat as of the publication date (January 3, 2022). The severity is marked as medium, with a threat level of 2 on an unspecified scale, an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination or visibility within threat intelligence communities. The absence of CWEs, patch links, or detailed technical descriptions implies that this report serves more as a collection or notification of IOCs rather than a direct vulnerability or exploit. The lack of indicators and affected versions further supports the interpretation that this is an informational update rather than an active, targeted malware campaign. Given the nature of ThreatFox as a repository for sharing threat intelligence, this report likely aggregates data useful for detection and monitoring rather than describing a novel or critical threat vector.
Potential Impact
For European organizations, the direct impact of this specific ThreatFox IOC report is limited due to the absence of active exploits or detailed malware behavior. However, the dissemination of such OSINT-based IOCs can aid security teams in enhancing their detection capabilities against potential malware infections or malicious activities. Organizations relying on ThreatFox data can improve their situational awareness and incident response readiness. The medium severity rating suggests that while there is no immediate critical threat, the information could be relevant for identifying emerging threats or suspicious activities. European entities involved in cybersecurity operations, threat hunting, or intelligence sharing may find value in integrating these IOCs into their monitoring tools. The lack of targeted exploitation reduces the risk of immediate operational disruption, but failure to incorporate such intelligence could delay detection of related threats. Overall, the impact is more strategic and preventative rather than operational or destructive at this stage.
Mitigation Recommendations
Given the nature of this threat as an OSINT IOC report without active exploits, mitigation focuses on leveraging the intelligence effectively rather than patching vulnerabilities. European organizations should: 1) Integrate ThreatFox IOCs into their Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection of known malicious indicators. 2) Regularly update threat intelligence feeds to ensure timely awareness of emerging threats. 3) Conduct proactive threat hunting exercises using the provided IOCs to identify potential compromises early. 4) Share relevant findings with local Computer Security Incident Response Teams (CSIRTs) and Information Sharing and Analysis Centers (ISACs) to improve collective defense. 5) Maintain robust logging and monitoring practices to correlate IOC matches with network and endpoint activity. 6) Train security analysts to interpret OSINT data effectively and prioritize alerts based on contextual risk. These steps go beyond generic advice by emphasizing operational integration of threat intelligence and collaborative defense.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium, Sweden, Finland
Indicators of Compromise
- url: http://2.58.149.206/star
- hash: ef11393108bed5f3753d054514b2dddb1a534f3623244ab485c0ed6e2d5ded9e
- file: 46.249.32.109
- hash: 1337
- file: 134.122.110.45
- hash: 8985
- file: 185.244.39.243
- hash: 11025
- domain: dynasty1.ddns.net
- domain: dynasty2.ddns.net
- domain: dynasty3.ddns.net
- file: 20.106.94.110
- hash: 2404
- file: 20.124.111.166
- hash: 2404
- file: 23.94.37.59
- hash: 63645
- file: 35.197.127.250
- hash: 6379
- file: 212.192.216.55
- hash: 8985
- file: 45.142.215.180
- hash: 56456
- file: 91.109.180.4
- hash: 5050
- url: http://183.101.0.245:60000/dpixel
- file: 183.101.0.245
- hash: 60000
- domain: gomdsx15.top
- domain: peufga06.top
- domain: gombno33.top
- domain: peuxuq08.top
- domain: gomcpn38.top
- domain: gomkud25.top
- domain: gomveh73.top
- domain: gomwuo74.top
- domain: gomdym64.top
- domain: gomdkv48.top
- domain: gomkcq55.top
- domain: gombpy23.top
- domain: peulnm16.top
- domain: morpyi04.top
- domain: ekudiw09.top
- domain: morswd03.top
- domain: sezofi64.top
- domain: sezexr48.top
- domain: sezgxh38.top
- domain: sezjgh14.top
- domain: sezsay45.top
- domain: sezvqe15.top
- domain: sezyst58.top
- domain: artfavart.top
- domain: daibmu78.top
- domain: morboh07.top
- domain: daiewt53.top
- domain: daigtx74.top
- domain: daihpb75.top
- domain: daiirq63.top
- domain: dainwz56.top
- domain: daisht76.top
- domain: daitnf55.top
- domain: daixbh54.top
- domain: daizrm64.top
- domain: yapakq11.top
- domain: zyokao27.top
- domain: zyonou41.top
- domain: zyoskv38.top
- domain: zyoyol62.top
- domain: moridn05.top
- domain: hevaza63.top
- domain: hevzaq36.top
- domain: hevnsy68.top
- domain: hevxuo66.top
- domain: hevdiz78.top
- domain: morhmu07.top
- domain: hevqob73.top
- domain: hevqyw76.top
- domain: hevuto75.top
- file: 20.127.111.151
- hash: 35361
- file: 116.206.92.26
- hash: 1
- url: http://47.98.110.121:8082/updates.rss
- file: 47.98.110.121
- hash: 8082
- url: http://1.116.96.150/ca
- file: 110.42.204.253
- hash: 80
- url: http://141.95.160.22/cm
- file: 141.95.160.22
- hash: 80
- url: http://212.86.114.58:6666/en_us/all.js
- file: 212.86.114.58
- hash: 6666
- domain: carpricegoods.com
- file: 95.143.177.66
- hash: 9006
- hash: e7e96e3fcdf2d9539c750c66f509c8d9d8d9a68e0fa2d944464b4095df875fda
- hash: 33dd1be2efb1cb9cfaf01bdec2e362aca98d4d4f1f00d540fe0fe2b5a6d875d9
- hash: fbfc9fa499af65c95ad6cdc5f2176d46ca7eddb6c553e383a65bb572cf00f0ab
- hash: d3c3519e30e5c8d6485b91f7bd63529ef294c63b5da4f7d059fb4c22cd5c9d4d
- hash: c00acdb96f514d116753a05bc91fd543f0d20cf48895b206ebaa87981e638725
- hash: f1921f2756e2a499513e224b9a197fe3a2a45ced9f1f0f8ca519e3aa6b39f374
- hash: 9ef9b5b300f811052a2e8509085729ba236eb6df5fd719ee66b64a464b724fbb
- hash: 29704c1c8f22aefdd760c85d19b71aa22fd35e0506804d629c92611f3df072bc
- hash: b5be3d4d448de23c66143bba58f00e3bb3384854f772d67f006665c520b6020c
- hash: d73d8f99a6704f43c0caaf0b6deb99b3f342f645765bf5ca94f41d5daea31612
- hash: 8b50c938229f25f79543d786b2dd7df127c1fa79ba0f8acea807741aea401310
- hash: b81b502e281bc0b2350909e4d3bc2f0695ca1113d44785780225c2d4e0244ff8
- file: 78.24.222.162
- hash: 37819
- url: http://193.56.146.34/a.php
- url: http://193.56.146.34/p.php
- url: http://62.109.17.4/system/recordlimitgame/prefsearcherdata/script/bintracemessageserver/python/processapiservercdn.php
- url: http://116.202.186.120/
- hash: e11978585a001159047fba3b5ed8901385c0854f26db38dba4aa921d63bd09e5
- hash: d30730b8dd5876b3b6125e861c48bcd3f563c1db8d8e7da98786aa3f6e3d40e3
- hash: 76689590f9e541009d33ec8a34f1aedf7587ca4a8e942bee8e3692bccb8904a6
- hash: bdb71fc41ca74046e3e879483b603b8ad2dcbc8d7bbf6bc9f079772e47f99131
- domain: nermorell.com
- file: 104.168.44.52
- hash: 80
- file: 23.82.140.202
- hash: 25452
- url: https://storage.ondriev.tk:8080/preload
- file: 116.206.92.26
- hash: 8080
- url: http://service-pw83b4d1-1308834646.kr.apigw.tencentcs.com/api/x
- file: 2.56.59.46
- hash: 7712
- url: http://42.51.55.214/ca
- file: 42.51.55.214
- hash: 80
- file: 184.164.77.132
- hash: 54155
- domain: bunarf14.top
- domain: bunavg31.top
- domain: bunawj52.top
- domain: bunbeq17.top
- domain: bundky32.top
- domain: buneaf62.top
- domain: bunemp41.top
- domain: bunewx22.top
- domain: bungfi44.top
- domain: bunhfy51.top
- domain: bunhip25.top
- domain: bunhiv18.top
- domain: buniaw75.top
- domain: bunkui71.top
- domain: bunloa64.top
- domain: bunlym61.top
- domain: bunmge34.top
- domain: bunmih64.top
- domain: bunmub54.top
- domain: bunmud42.top
- domain: bunmyj72.top
- domain: bunole21.top
- domain: bunopq12.top
- domain: bunowu74.top
- domain: bunozs71.top
- domain: bunpil34.top
- domain: bunpkw65.top
- domain: bunqet77.top
- domain: bunsix54.top
- domain: buntem74.top
- domain: bunups41.top
- domain: bunvaw31.top
- domain: bunwak27.top
- domain: bunwes24.top
- domain: bunxaj28.top
- domain: bunyia51.top
- domain: bunzoh16.top
- domain: fokauw17.top
- domain: fokczu12.top
- domain: fokdam61.top
- domain: fokdqu22.top
- domain: fokfdz25.top
- domain: fokfme11.top
- domain: fokhvw75.top
- domain: fokjdb62.top
- domain: fokjmu66.top
- domain: fokjzu65.top
- domain: fokkai11.top
- domain: fokmpz32.top
- domain: fokovq72.top
- domain: fokovx21.top
- domain: fokpga51.top
- domain: fokqgb55.top
- domain: fokqsh27.top
- domain: foktca76.top
- domain: fokujb52.top
- domain: fokuoq73.top
- domain: fokvap14.top
- domain: fokvof63.top
- domain: fokwit54.top
- domain: fokwoa56.top
- domain: fokwsf42.top
- domain: fokwxr74.top
- domain: fokxew37.top
- domain: fokxfr71.top
- domain: fokxln64.top
- domain: fokycx48.top
- domain: fokyft24.top
- domain: knuabw56.top
- domain: knubrz54.top
- domain: knubsk47.top
- domain: knucsj38.top
- domain: knucxf51.top
- domain: knufnp41.top
- domain: knufnz55.top
- domain: knuhld48.top
- domain: knuirb35.top
- domain: knuiud57.top
- domain: knujed45.top
- domain: knumau46.top
- domain: knumfh44.top
- domain: knusxq31.top
- domain: knuxiq42.top
- domain: knuxua32.top
- domain: knuzev74.top
- domain: moreid02.top
- domain: morkix01.top
- domain: sarwak01.top
- domain: tobday02.top
- domain: tobdol01.top
- domain: tobepw05.top
- domain: tobexa03.top
- domain: tobhay04.top
- domain: tobsge06.top
- file: 198.144.190.132
- hash: 81
- file: 172.245.158.140
- hash: 60420
- url: http://209.141.40.204/dot.gif
- file: 209.141.40.204
- hash: 80
- url: http://www.agoegations.com/push
- file: 45.79.253.197
- hash: 80
- url: https://cs.g08.pw:4433/ga.js
- file: 108.61.184.177
- hash: 4433
- url: https://83.220.170.85:8888/ga.js
- file: 83.220.170.85
- hash: 8888
- url: https://www.agoegations.com/pixel
- file: 45.79.253.197
- hash: 443
- url: http://5.180.97.29:10010/pixel
- file: 5.180.97.29
- hash: 10010
- url: http://149.248.61.97:8000/__utm.gif
- file: 149.248.61.97
- hash: 8000
- url: http://45.136.245.84:8811/dpixel
- file: 45.136.245.84
- hash: 8811
- url: https://198.13.54.77:4433/ptj
- file: 198.13.54.77
- hash: 4433
- url: http://159.89.101.228:3389/ga.js
- file: 159.89.101.228
- hash: 3389
- url: http://45.156.24.151:81/dnasjdndasd/dasiudnasind/
- file: 45.156.24.151
- hash: 81
- url: http://spacegreyshop.com/lv
- file: 91.218.114.26
- hash: 80
- url: https://43.134.163.22/j.ad
- file: 43.134.163.22
- hash: 443
- url: https://172.104.169.147/dot.gif
- file: 172.104.169.147
- hash: 443
- url: http://semei.vip/api/3
- file: 27.124.46.192
- hash: 80
- file: 27.124.46.191
- hash: 80
- url: https://85.208.184.59/restore/v3.53/hf4g36mwgb9g
- url: https://121.4.63.248/kill/v6.90/9wk8n8nr51z
- file: 121.4.63.248
- hash: 443
ThreatFox IOCs for 2022-01-03
Description
ThreatFox IOCs for 2022-01-03
AI-Powered Analysis
Technical Analysis
The provided threat information pertains to a malware-related intelligence report titled "ThreatFox IOCs for 2022-01-03," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under "type:osint," indicating that it primarily involves open-source intelligence data rather than a specific malware family or exploit. No specific affected product versions or detailed technical indicators are provided, and there are no known exploits in the wild associated with this threat as of the publication date (January 3, 2022). The severity is marked as medium, with a threat level of 2 on an unspecified scale, an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination or visibility within threat intelligence communities. The absence of CWEs, patch links, or detailed technical descriptions implies that this report serves more as a collection or notification of IOCs rather than a direct vulnerability or exploit. The lack of indicators and affected versions further supports the interpretation that this is an informational update rather than an active, targeted malware campaign. Given the nature of ThreatFox as a repository for sharing threat intelligence, this report likely aggregates data useful for detection and monitoring rather than describing a novel or critical threat vector.
Potential Impact
For European organizations, the direct impact of this specific ThreatFox IOC report is limited due to the absence of active exploits or detailed malware behavior. However, the dissemination of such OSINT-based IOCs can aid security teams in enhancing their detection capabilities against potential malware infections or malicious activities. Organizations relying on ThreatFox data can improve their situational awareness and incident response readiness. The medium severity rating suggests that while there is no immediate critical threat, the information could be relevant for identifying emerging threats or suspicious activities. European entities involved in cybersecurity operations, threat hunting, or intelligence sharing may find value in integrating these IOCs into their monitoring tools. The lack of targeted exploitation reduces the risk of immediate operational disruption, but failure to incorporate such intelligence could delay detection of related threats. Overall, the impact is more strategic and preventative rather than operational or destructive at this stage.
Mitigation Recommendations
Given the nature of this threat as an OSINT IOC report without active exploits, mitigation focuses on leveraging the intelligence effectively rather than patching vulnerabilities. European organizations should: 1) Integrate ThreatFox IOCs into their Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection of known malicious indicators. 2) Regularly update threat intelligence feeds to ensure timely awareness of emerging threats. 3) Conduct proactive threat hunting exercises using the provided IOCs to identify potential compromises early. 4) Share relevant findings with local Computer Security Incident Response Teams (CSIRTs) and Information Sharing and Analysis Centers (ISACs) to improve collective defense. 5) Maintain robust logging and monitoring practices to correlate IOC matches with network and endpoint activity. 6) Train security analysts to interpret OSINT data effectively and prioritize alerts based on contextual risk. These steps go beyond generic advice by emphasizing operational integration of threat intelligence and collaborative defense.
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- ec4ff65d-c309-4c2c-bb45-16a590365d5a
- Original Timestamp
- 1641254582
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://2.58.149.206/star | Mirai payload delivery URL (confidence level: 100%) | |
urlhttp://183.101.0.245:60000/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.98.110.121:8082/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://1.116.96.150/ca | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://141.95.160.22/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://212.86.114.58:6666/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://193.56.146.34/a.php | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://193.56.146.34/p.php | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://62.109.17.4/system/recordlimitgame/prefsearcherdata/script/bintracemessageserver/python/processapiservercdn.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://116.202.186.120/ | Arkei Stealer botnet C2 (confidence level: 100%) | |
urlhttps://storage.ondriev.tk:8080/preload | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://service-pw83b4d1-1308834646.kr.apigw.tencentcs.com/api/x | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://42.51.55.214/ca | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://209.141.40.204/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://www.agoegations.com/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://cs.g08.pw:4433/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://83.220.170.85:8888/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://www.agoegations.com/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://5.180.97.29:10010/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://149.248.61.97:8000/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://45.136.245.84:8811/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://198.13.54.77:4433/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://159.89.101.228:3389/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://45.156.24.151:81/dnasjdndasd/dasiudnasind/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://spacegreyshop.com/lv | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://43.134.163.22/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://172.104.169.147/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://semei.vip/api/3 | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://85.208.184.59/restore/v3.53/hf4g36mwgb9g | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://121.4.63.248/kill/v6.90/9wk8n8nr51z | Cobalt Strike botnet C2 (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hashef11393108bed5f3753d054514b2dddb1a534f3623244ab485c0ed6e2d5ded9e | Mirai payload (confidence level: 100%) | |
hash1337 | Bashlite botnet C2 server (confidence level: 75%) | |
hash8985 | Mirai botnet C2 server (confidence level: 75%) | |
hash11025 | Mirai botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash63645 | Mirai botnet C2 server (confidence level: 75%) | |
hash6379 | Mirai botnet C2 server (confidence level: 75%) | |
hash8985 | Mirai botnet C2 server (confidence level: 75%) | |
hash56456 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash5050 | NjRAT botnet C2 server (confidence level: 100%) | |
hash60000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash35361 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash1 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8082 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6666 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9006 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hashe7e96e3fcdf2d9539c750c66f509c8d9d8d9a68e0fa2d944464b4095df875fda | Formbook payload (confidence level: 50%) | |
hash33dd1be2efb1cb9cfaf01bdec2e362aca98d4d4f1f00d540fe0fe2b5a6d875d9 | Formbook payload (confidence level: 50%) | |
hashfbfc9fa499af65c95ad6cdc5f2176d46ca7eddb6c553e383a65bb572cf00f0ab | Formbook payload (confidence level: 50%) | |
hashd3c3519e30e5c8d6485b91f7bd63529ef294c63b5da4f7d059fb4c22cd5c9d4d | Formbook payload (confidence level: 50%) | |
hashc00acdb96f514d116753a05bc91fd543f0d20cf48895b206ebaa87981e638725 | LokiBot payload (confidence level: 50%) | |
hashf1921f2756e2a499513e224b9a197fe3a2a45ced9f1f0f8ca519e3aa6b39f374 | Snake payload (confidence level: 50%) | |
hash9ef9b5b300f811052a2e8509085729ba236eb6df5fd719ee66b64a464b724fbb | LokiBot payload (confidence level: 50%) | |
hash29704c1c8f22aefdd760c85d19b71aa22fd35e0506804d629c92611f3df072bc | Snake payload (confidence level: 50%) | |
hashb5be3d4d448de23c66143bba58f00e3bb3384854f772d67f006665c520b6020c | LokiBot payload (confidence level: 50%) | |
hashd73d8f99a6704f43c0caaf0b6deb99b3f342f645765bf5ca94f41d5daea31612 | Snake payload (confidence level: 50%) | |
hash8b50c938229f25f79543d786b2dd7df127c1fa79ba0f8acea807741aea401310 | Snake payload (confidence level: 50%) | |
hashb81b502e281bc0b2350909e4d3bc2f0695ca1113d44785780225c2d4e0244ff8 | LokiBot payload (confidence level: 50%) | |
hash37819 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hashe11978585a001159047fba3b5ed8901385c0854f26db38dba4aa921d63bd09e5 | Agent Tesla payload (confidence level: 50%) | |
hashd30730b8dd5876b3b6125e861c48bcd3f563c1db8d8e7da98786aa3f6e3d40e3 | Agent Tesla payload (confidence level: 50%) | |
hash76689590f9e541009d33ec8a34f1aedf7587ca4a8e942bee8e3692bccb8904a6 | Agent Tesla payload (confidence level: 50%) | |
hashbdb71fc41ca74046e3e879483b603b8ad2dcbc8d7bbf6bc9f079772e47f99131 | Agent Tesla payload (confidence level: 50%) | |
hash80 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash25452 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7712 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash54155 | Remcos botnet C2 server (confidence level: 100%) | |
hash81 | Mirai botnet C2 server (confidence level: 75%) | |
hash60420 | Mirai botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash10010 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8811 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3389 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file46.249.32.109 | Bashlite botnet C2 server (confidence level: 75%) | |
file134.122.110.45 | Mirai botnet C2 server (confidence level: 75%) | |
file185.244.39.243 | Mirai botnet C2 server (confidence level: 75%) | |
file20.106.94.110 | Remcos botnet C2 server (confidence level: 100%) | |
file20.124.111.166 | Remcos botnet C2 server (confidence level: 100%) | |
file23.94.37.59 | Mirai botnet C2 server (confidence level: 75%) | |
file35.197.127.250 | Mirai botnet C2 server (confidence level: 75%) | |
file212.192.216.55 | Mirai botnet C2 server (confidence level: 75%) | |
file45.142.215.180 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file91.109.180.4 | NjRAT botnet C2 server (confidence level: 100%) | |
file183.101.0.245 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file20.127.111.151 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file116.206.92.26 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.98.110.121 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file110.42.204.253 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file141.95.160.22 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file212.86.114.58 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file95.143.177.66 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file78.24.222.162 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file104.168.44.52 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file23.82.140.202 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file116.206.92.26 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file2.56.59.46 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file42.51.55.214 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file184.164.77.132 | Remcos botnet C2 server (confidence level: 100%) | |
file198.144.190.132 | Mirai botnet C2 server (confidence level: 75%) | |
file172.245.158.140 | Mirai botnet C2 server (confidence level: 75%) | |
file209.141.40.204 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.79.253.197 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file108.61.184.177 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file83.220.170.85 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.79.253.197 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file5.180.97.29 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.248.61.97 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.136.245.84 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file198.13.54.77 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file159.89.101.228 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.156.24.151 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.218.114.26 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.134.163.22 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.104.169.147 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file27.124.46.192 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file27.124.46.191 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.4.63.248 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domaindynasty1.ddns.net | Remcos botnet C2 domain (confidence level: 100%) | |
domaindynasty2.ddns.net | Remcos botnet C2 domain (confidence level: 100%) | |
domaindynasty3.ddns.net | Remcos botnet C2 domain (confidence level: 100%) | |
domaingomdsx15.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainpeufga06.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaingombno33.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainpeuxuq08.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaingomcpn38.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaingomkud25.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaingomveh73.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaingomwuo74.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaingomdym64.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaingomdkv48.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaingomkcq55.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaingombpy23.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainpeulnm16.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainmorpyi04.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainekudiw09.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainmorswd03.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsezofi64.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsezexr48.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsezgxh38.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsezjgh14.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsezsay45.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsezvqe15.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsezyst58.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainartfavart.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaindaibmu78.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainmorboh07.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaindaiewt53.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaindaigtx74.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaindaihpb75.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaindaiirq63.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaindainwz56.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaindaisht76.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaindaitnf55.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaindaixbh54.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaindaizrm64.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainyapakq11.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainzyokao27.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainzyonou41.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainzyoskv38.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainzyoyol62.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainmoridn05.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhevaza63.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhevzaq36.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhevnsy68.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhevxuo66.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhevdiz78.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainmorhmu07.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhevqob73.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhevqyw76.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhevuto75.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaincarpricegoods.com | IcedID Downloader botnet C2 domain (confidence level: 75%) | |
domainnermorell.com | IcedID Downloader botnet C2 domain (confidence level: 75%) | |
domainbunarf14.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunavg31.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunawj52.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunbeq17.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbundky32.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbuneaf62.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunemp41.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunewx22.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbungfi44.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunhfy51.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunhip25.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunhiv18.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbuniaw75.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunkui71.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunloa64.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunlym61.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunmge34.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunmih64.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunmub54.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunmud42.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunmyj72.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunole21.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunopq12.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunowu74.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunozs71.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunpil34.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunpkw65.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunqet77.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunsix54.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbuntem74.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunups41.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunvaw31.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunwak27.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunwes24.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunxaj28.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunyia51.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunzoh16.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokauw17.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokczu12.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokdam61.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokdqu22.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokfdz25.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokfme11.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokhvw75.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokjdb62.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokjmu66.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokjzu65.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokkai11.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokmpz32.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokovq72.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokovx21.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokpga51.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokqgb55.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokqsh27.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfoktca76.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokujb52.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokuoq73.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokvap14.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokvof63.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokwit54.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokwoa56.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokwsf42.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokwxr74.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokxew37.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokxfr71.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokxln64.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokycx48.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokyft24.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknuabw56.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknubrz54.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknubsk47.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknucsj38.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknucxf51.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknufnp41.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknufnz55.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknuhld48.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknuirb35.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknuiud57.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknujed45.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknumau46.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknumfh44.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknusxq31.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknuxiq42.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknuxua32.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknuzev74.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainmoreid02.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainmorkix01.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsarwak01.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintobday02.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintobdol01.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintobepw05.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintobexa03.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintobhay04.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintobsge06.top | CryptBot botnet C2 domain (confidence level: 100%) |
Threat ID: 682c7ac0e3e6de8ceb761f9e
Added to database: 5/20/2025, 12:51:12 PM
Last enriched: 6/19/2025, 1:19:54 PM
Last updated: 2/7/2026, 1:47:42 PM
Views: 37
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
MediumThreatFox IOCs for 2026-02-06
MediumThreatFox IOCs for 2026-02-05
MediumTechnical Analysis of Marco Stealer
MediumNew Clickfix variant 'CrashFix' deploying Python Remote Access Trojan
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.