ThreatFox IOCs for 2022-01-03
ThreatFox IOCs for 2022-01-03
AI Analysis
Technical Summary
The provided threat information pertains to a malware-related intelligence report titled "ThreatFox IOCs for 2022-01-03," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under "type:osint," indicating that it primarily involves open-source intelligence data rather than a specific malware family or exploit. No specific affected product versions or detailed technical indicators are provided, and there are no known exploits in the wild associated with this threat as of the publication date (January 3, 2022). The severity is marked as medium, with a threat level of 2 on an unspecified scale, an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination or visibility within threat intelligence communities. The absence of CWEs, patch links, or detailed technical descriptions implies that this report serves more as a collection or notification of IOCs rather than a direct vulnerability or exploit. The lack of indicators and affected versions further supports the interpretation that this is an informational update rather than an active, targeted malware campaign. Given the nature of ThreatFox as a repository for sharing threat intelligence, this report likely aggregates data useful for detection and monitoring rather than describing a novel or critical threat vector.
Potential Impact
For European organizations, the direct impact of this specific ThreatFox IOC report is limited due to the absence of active exploits or detailed malware behavior. However, the dissemination of such OSINT-based IOCs can aid security teams in enhancing their detection capabilities against potential malware infections or malicious activities. Organizations relying on ThreatFox data can improve their situational awareness and incident response readiness. The medium severity rating suggests that while there is no immediate critical threat, the information could be relevant for identifying emerging threats or suspicious activities. European entities involved in cybersecurity operations, threat hunting, or intelligence sharing may find value in integrating these IOCs into their monitoring tools. The lack of targeted exploitation reduces the risk of immediate operational disruption, but failure to incorporate such intelligence could delay detection of related threats. Overall, the impact is more strategic and preventative rather than operational or destructive at this stage.
Mitigation Recommendations
Given the nature of this threat as an OSINT IOC report without active exploits, mitigation focuses on leveraging the intelligence effectively rather than patching vulnerabilities. European organizations should: 1) Integrate ThreatFox IOCs into their Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection of known malicious indicators. 2) Regularly update threat intelligence feeds to ensure timely awareness of emerging threats. 3) Conduct proactive threat hunting exercises using the provided IOCs to identify potential compromises early. 4) Share relevant findings with local Computer Security Incident Response Teams (CSIRTs) and Information Sharing and Analysis Centers (ISACs) to improve collective defense. 5) Maintain robust logging and monitoring practices to correlate IOC matches with network and endpoint activity. 6) Train security analysts to interpret OSINT data effectively and prioritize alerts based on contextual risk. These steps go beyond generic advice by emphasizing operational integration of threat intelligence and collaborative defense.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium, Sweden, Finland
Indicators of Compromise
- url: http://2.58.149.206/star
- hash: ef11393108bed5f3753d054514b2dddb1a534f3623244ab485c0ed6e2d5ded9e
- file: 46.249.32.109
- hash: 1337
- file: 134.122.110.45
- hash: 8985
- file: 185.244.39.243
- hash: 11025
- domain: dynasty1.ddns.net
- domain: dynasty2.ddns.net
- domain: dynasty3.ddns.net
- file: 20.106.94.110
- hash: 2404
- file: 20.124.111.166
- hash: 2404
- file: 23.94.37.59
- hash: 63645
- file: 35.197.127.250
- hash: 6379
- file: 212.192.216.55
- hash: 8985
- file: 45.142.215.180
- hash: 56456
- file: 91.109.180.4
- hash: 5050
- url: http://183.101.0.245:60000/dpixel
- file: 183.101.0.245
- hash: 60000
- domain: gomdsx15.top
- domain: peufga06.top
- domain: gombno33.top
- domain: peuxuq08.top
- domain: gomcpn38.top
- domain: gomkud25.top
- domain: gomveh73.top
- domain: gomwuo74.top
- domain: gomdym64.top
- domain: gomdkv48.top
- domain: gomkcq55.top
- domain: gombpy23.top
- domain: peulnm16.top
- domain: morpyi04.top
- domain: ekudiw09.top
- domain: morswd03.top
- domain: sezofi64.top
- domain: sezexr48.top
- domain: sezgxh38.top
- domain: sezjgh14.top
- domain: sezsay45.top
- domain: sezvqe15.top
- domain: sezyst58.top
- domain: artfavart.top
- domain: daibmu78.top
- domain: morboh07.top
- domain: daiewt53.top
- domain: daigtx74.top
- domain: daihpb75.top
- domain: daiirq63.top
- domain: dainwz56.top
- domain: daisht76.top
- domain: daitnf55.top
- domain: daixbh54.top
- domain: daizrm64.top
- domain: yapakq11.top
- domain: zyokao27.top
- domain: zyonou41.top
- domain: zyoskv38.top
- domain: zyoyol62.top
- domain: moridn05.top
- domain: hevaza63.top
- domain: hevzaq36.top
- domain: hevnsy68.top
- domain: hevxuo66.top
- domain: hevdiz78.top
- domain: morhmu07.top
- domain: hevqob73.top
- domain: hevqyw76.top
- domain: hevuto75.top
- file: 20.127.111.151
- hash: 35361
- file: 116.206.92.26
- hash: 1
- url: http://47.98.110.121:8082/updates.rss
- file: 47.98.110.121
- hash: 8082
- url: http://1.116.96.150/ca
- file: 110.42.204.253
- hash: 80
- url: http://141.95.160.22/cm
- file: 141.95.160.22
- hash: 80
- url: http://212.86.114.58:6666/en_us/all.js
- file: 212.86.114.58
- hash: 6666
- domain: carpricegoods.com
- file: 95.143.177.66
- hash: 9006
- hash: e7e96e3fcdf2d9539c750c66f509c8d9d8d9a68e0fa2d944464b4095df875fda
- hash: 33dd1be2efb1cb9cfaf01bdec2e362aca98d4d4f1f00d540fe0fe2b5a6d875d9
- hash: fbfc9fa499af65c95ad6cdc5f2176d46ca7eddb6c553e383a65bb572cf00f0ab
- hash: d3c3519e30e5c8d6485b91f7bd63529ef294c63b5da4f7d059fb4c22cd5c9d4d
- hash: c00acdb96f514d116753a05bc91fd543f0d20cf48895b206ebaa87981e638725
- hash: f1921f2756e2a499513e224b9a197fe3a2a45ced9f1f0f8ca519e3aa6b39f374
- hash: 9ef9b5b300f811052a2e8509085729ba236eb6df5fd719ee66b64a464b724fbb
- hash: 29704c1c8f22aefdd760c85d19b71aa22fd35e0506804d629c92611f3df072bc
- hash: b5be3d4d448de23c66143bba58f00e3bb3384854f772d67f006665c520b6020c
- hash: d73d8f99a6704f43c0caaf0b6deb99b3f342f645765bf5ca94f41d5daea31612
- hash: 8b50c938229f25f79543d786b2dd7df127c1fa79ba0f8acea807741aea401310
- hash: b81b502e281bc0b2350909e4d3bc2f0695ca1113d44785780225c2d4e0244ff8
- file: 78.24.222.162
- hash: 37819
- url: http://193.56.146.34/a.php
- url: http://193.56.146.34/p.php
- url: http://62.109.17.4/system/recordlimitgame/prefsearcherdata/script/bintracemessageserver/python/processapiservercdn.php
- url: http://116.202.186.120/
- hash: e11978585a001159047fba3b5ed8901385c0854f26db38dba4aa921d63bd09e5
- hash: d30730b8dd5876b3b6125e861c48bcd3f563c1db8d8e7da98786aa3f6e3d40e3
- hash: 76689590f9e541009d33ec8a34f1aedf7587ca4a8e942bee8e3692bccb8904a6
- hash: bdb71fc41ca74046e3e879483b603b8ad2dcbc8d7bbf6bc9f079772e47f99131
- domain: nermorell.com
- file: 104.168.44.52
- hash: 80
- file: 23.82.140.202
- hash: 25452
- url: https://storage.ondriev.tk:8080/preload
- file: 116.206.92.26
- hash: 8080
- url: http://service-pw83b4d1-1308834646.kr.apigw.tencentcs.com/api/x
- file: 2.56.59.46
- hash: 7712
- url: http://42.51.55.214/ca
- file: 42.51.55.214
- hash: 80
- file: 184.164.77.132
- hash: 54155
- domain: bunarf14.top
- domain: bunavg31.top
- domain: bunawj52.top
- domain: bunbeq17.top
- domain: bundky32.top
- domain: buneaf62.top
- domain: bunemp41.top
- domain: bunewx22.top
- domain: bungfi44.top
- domain: bunhfy51.top
- domain: bunhip25.top
- domain: bunhiv18.top
- domain: buniaw75.top
- domain: bunkui71.top
- domain: bunloa64.top
- domain: bunlym61.top
- domain: bunmge34.top
- domain: bunmih64.top
- domain: bunmub54.top
- domain: bunmud42.top
- domain: bunmyj72.top
- domain: bunole21.top
- domain: bunopq12.top
- domain: bunowu74.top
- domain: bunozs71.top
- domain: bunpil34.top
- domain: bunpkw65.top
- domain: bunqet77.top
- domain: bunsix54.top
- domain: buntem74.top
- domain: bunups41.top
- domain: bunvaw31.top
- domain: bunwak27.top
- domain: bunwes24.top
- domain: bunxaj28.top
- domain: bunyia51.top
- domain: bunzoh16.top
- domain: fokauw17.top
- domain: fokczu12.top
- domain: fokdam61.top
- domain: fokdqu22.top
- domain: fokfdz25.top
- domain: fokfme11.top
- domain: fokhvw75.top
- domain: fokjdb62.top
- domain: fokjmu66.top
- domain: fokjzu65.top
- domain: fokkai11.top
- domain: fokmpz32.top
- domain: fokovq72.top
- domain: fokovx21.top
- domain: fokpga51.top
- domain: fokqgb55.top
- domain: fokqsh27.top
- domain: foktca76.top
- domain: fokujb52.top
- domain: fokuoq73.top
- domain: fokvap14.top
- domain: fokvof63.top
- domain: fokwit54.top
- domain: fokwoa56.top
- domain: fokwsf42.top
- domain: fokwxr74.top
- domain: fokxew37.top
- domain: fokxfr71.top
- domain: fokxln64.top
- domain: fokycx48.top
- domain: fokyft24.top
- domain: knuabw56.top
- domain: knubrz54.top
- domain: knubsk47.top
- domain: knucsj38.top
- domain: knucxf51.top
- domain: knufnp41.top
- domain: knufnz55.top
- domain: knuhld48.top
- domain: knuirb35.top
- domain: knuiud57.top
- domain: knujed45.top
- domain: knumau46.top
- domain: knumfh44.top
- domain: knusxq31.top
- domain: knuxiq42.top
- domain: knuxua32.top
- domain: knuzev74.top
- domain: moreid02.top
- domain: morkix01.top
- domain: sarwak01.top
- domain: tobday02.top
- domain: tobdol01.top
- domain: tobepw05.top
- domain: tobexa03.top
- domain: tobhay04.top
- domain: tobsge06.top
- file: 198.144.190.132
- hash: 81
- file: 172.245.158.140
- hash: 60420
- url: http://209.141.40.204/dot.gif
- file: 209.141.40.204
- hash: 80
- url: http://www.agoegations.com/push
- file: 45.79.253.197
- hash: 80
- url: https://cs.g08.pw:4433/ga.js
- file: 108.61.184.177
- hash: 4433
- url: https://83.220.170.85:8888/ga.js
- file: 83.220.170.85
- hash: 8888
- url: https://www.agoegations.com/pixel
- file: 45.79.253.197
- hash: 443
- url: http://5.180.97.29:10010/pixel
- file: 5.180.97.29
- hash: 10010
- url: http://149.248.61.97:8000/__utm.gif
- file: 149.248.61.97
- hash: 8000
- url: http://45.136.245.84:8811/dpixel
- file: 45.136.245.84
- hash: 8811
- url: https://198.13.54.77:4433/ptj
- file: 198.13.54.77
- hash: 4433
- url: http://159.89.101.228:3389/ga.js
- file: 159.89.101.228
- hash: 3389
- url: http://45.156.24.151:81/dnasjdndasd/dasiudnasind/
- file: 45.156.24.151
- hash: 81
- url: http://spacegreyshop.com/lv
- file: 91.218.114.26
- hash: 80
- url: https://43.134.163.22/j.ad
- file: 43.134.163.22
- hash: 443
- url: https://172.104.169.147/dot.gif
- file: 172.104.169.147
- hash: 443
- url: http://semei.vip/api/3
- file: 27.124.46.192
- hash: 80
- file: 27.124.46.191
- hash: 80
- url: https://85.208.184.59/restore/v3.53/hf4g36mwgb9g
- url: https://121.4.63.248/kill/v6.90/9wk8n8nr51z
- file: 121.4.63.248
- hash: 443
ThreatFox IOCs for 2022-01-03
Description
ThreatFox IOCs for 2022-01-03
AI-Powered Analysis
Technical Analysis
The provided threat information pertains to a malware-related intelligence report titled "ThreatFox IOCs for 2022-01-03," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under "type:osint," indicating that it primarily involves open-source intelligence data rather than a specific malware family or exploit. No specific affected product versions or detailed technical indicators are provided, and there are no known exploits in the wild associated with this threat as of the publication date (January 3, 2022). The severity is marked as medium, with a threat level of 2 on an unspecified scale, an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination or visibility within threat intelligence communities. The absence of CWEs, patch links, or detailed technical descriptions implies that this report serves more as a collection or notification of IOCs rather than a direct vulnerability or exploit. The lack of indicators and affected versions further supports the interpretation that this is an informational update rather than an active, targeted malware campaign. Given the nature of ThreatFox as a repository for sharing threat intelligence, this report likely aggregates data useful for detection and monitoring rather than describing a novel or critical threat vector.
Potential Impact
For European organizations, the direct impact of this specific ThreatFox IOC report is limited due to the absence of active exploits or detailed malware behavior. However, the dissemination of such OSINT-based IOCs can aid security teams in enhancing their detection capabilities against potential malware infections or malicious activities. Organizations relying on ThreatFox data can improve their situational awareness and incident response readiness. The medium severity rating suggests that while there is no immediate critical threat, the information could be relevant for identifying emerging threats or suspicious activities. European entities involved in cybersecurity operations, threat hunting, or intelligence sharing may find value in integrating these IOCs into their monitoring tools. The lack of targeted exploitation reduces the risk of immediate operational disruption, but failure to incorporate such intelligence could delay detection of related threats. Overall, the impact is more strategic and preventative rather than operational or destructive at this stage.
Mitigation Recommendations
Given the nature of this threat as an OSINT IOC report without active exploits, mitigation focuses on leveraging the intelligence effectively rather than patching vulnerabilities. European organizations should: 1) Integrate ThreatFox IOCs into their Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection of known malicious indicators. 2) Regularly update threat intelligence feeds to ensure timely awareness of emerging threats. 3) Conduct proactive threat hunting exercises using the provided IOCs to identify potential compromises early. 4) Share relevant findings with local Computer Security Incident Response Teams (CSIRTs) and Information Sharing and Analysis Centers (ISACs) to improve collective defense. 5) Maintain robust logging and monitoring practices to correlate IOC matches with network and endpoint activity. 6) Train security analysts to interpret OSINT data effectively and prioritize alerts based on contextual risk. These steps go beyond generic advice by emphasizing operational integration of threat intelligence and collaborative defense.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- ec4ff65d-c309-4c2c-bb45-16a590365d5a
- Original Timestamp
- 1641254582
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://2.58.149.206/star | Mirai payload delivery URL (confidence level: 100%) | |
urlhttp://183.101.0.245:60000/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.98.110.121:8082/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://1.116.96.150/ca | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://141.95.160.22/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://212.86.114.58:6666/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://193.56.146.34/a.php | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://193.56.146.34/p.php | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://62.109.17.4/system/recordlimitgame/prefsearcherdata/script/bintracemessageserver/python/processapiservercdn.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://116.202.186.120/ | Arkei Stealer botnet C2 (confidence level: 100%) | |
urlhttps://storage.ondriev.tk:8080/preload | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://service-pw83b4d1-1308834646.kr.apigw.tencentcs.com/api/x | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://42.51.55.214/ca | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://209.141.40.204/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://www.agoegations.com/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://cs.g08.pw:4433/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://83.220.170.85:8888/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://www.agoegations.com/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://5.180.97.29:10010/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://149.248.61.97:8000/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://45.136.245.84:8811/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://198.13.54.77:4433/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://159.89.101.228:3389/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://45.156.24.151:81/dnasjdndasd/dasiudnasind/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://spacegreyshop.com/lv | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://43.134.163.22/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://172.104.169.147/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://semei.vip/api/3 | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://85.208.184.59/restore/v3.53/hf4g36mwgb9g | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://121.4.63.248/kill/v6.90/9wk8n8nr51z | Cobalt Strike botnet C2 (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hashef11393108bed5f3753d054514b2dddb1a534f3623244ab485c0ed6e2d5ded9e | Mirai payload (confidence level: 100%) | |
hash1337 | Bashlite botnet C2 server (confidence level: 75%) | |
hash8985 | Mirai botnet C2 server (confidence level: 75%) | |
hash11025 | Mirai botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash63645 | Mirai botnet C2 server (confidence level: 75%) | |
hash6379 | Mirai botnet C2 server (confidence level: 75%) | |
hash8985 | Mirai botnet C2 server (confidence level: 75%) | |
hash56456 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash5050 | NjRAT botnet C2 server (confidence level: 100%) | |
hash60000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash35361 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash1 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8082 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6666 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9006 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hashe7e96e3fcdf2d9539c750c66f509c8d9d8d9a68e0fa2d944464b4095df875fda | Formbook payload (confidence level: 50%) | |
hash33dd1be2efb1cb9cfaf01bdec2e362aca98d4d4f1f00d540fe0fe2b5a6d875d9 | Formbook payload (confidence level: 50%) | |
hashfbfc9fa499af65c95ad6cdc5f2176d46ca7eddb6c553e383a65bb572cf00f0ab | Formbook payload (confidence level: 50%) | |
hashd3c3519e30e5c8d6485b91f7bd63529ef294c63b5da4f7d059fb4c22cd5c9d4d | Formbook payload (confidence level: 50%) | |
hashc00acdb96f514d116753a05bc91fd543f0d20cf48895b206ebaa87981e638725 | LokiBot payload (confidence level: 50%) | |
hashf1921f2756e2a499513e224b9a197fe3a2a45ced9f1f0f8ca519e3aa6b39f374 | Snake payload (confidence level: 50%) | |
hash9ef9b5b300f811052a2e8509085729ba236eb6df5fd719ee66b64a464b724fbb | LokiBot payload (confidence level: 50%) | |
hash29704c1c8f22aefdd760c85d19b71aa22fd35e0506804d629c92611f3df072bc | Snake payload (confidence level: 50%) | |
hashb5be3d4d448de23c66143bba58f00e3bb3384854f772d67f006665c520b6020c | LokiBot payload (confidence level: 50%) | |
hashd73d8f99a6704f43c0caaf0b6deb99b3f342f645765bf5ca94f41d5daea31612 | Snake payload (confidence level: 50%) | |
hash8b50c938229f25f79543d786b2dd7df127c1fa79ba0f8acea807741aea401310 | Snake payload (confidence level: 50%) | |
hashb81b502e281bc0b2350909e4d3bc2f0695ca1113d44785780225c2d4e0244ff8 | LokiBot payload (confidence level: 50%) | |
hash37819 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hashe11978585a001159047fba3b5ed8901385c0854f26db38dba4aa921d63bd09e5 | Agent Tesla payload (confidence level: 50%) | |
hashd30730b8dd5876b3b6125e861c48bcd3f563c1db8d8e7da98786aa3f6e3d40e3 | Agent Tesla payload (confidence level: 50%) | |
hash76689590f9e541009d33ec8a34f1aedf7587ca4a8e942bee8e3692bccb8904a6 | Agent Tesla payload (confidence level: 50%) | |
hashbdb71fc41ca74046e3e879483b603b8ad2dcbc8d7bbf6bc9f079772e47f99131 | Agent Tesla payload (confidence level: 50%) | |
hash80 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash25452 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7712 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash54155 | Remcos botnet C2 server (confidence level: 100%) | |
hash81 | Mirai botnet C2 server (confidence level: 75%) | |
hash60420 | Mirai botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash10010 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8811 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3389 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file46.249.32.109 | Bashlite botnet C2 server (confidence level: 75%) | |
file134.122.110.45 | Mirai botnet C2 server (confidence level: 75%) | |
file185.244.39.243 | Mirai botnet C2 server (confidence level: 75%) | |
file20.106.94.110 | Remcos botnet C2 server (confidence level: 100%) | |
file20.124.111.166 | Remcos botnet C2 server (confidence level: 100%) | |
file23.94.37.59 | Mirai botnet C2 server (confidence level: 75%) | |
file35.197.127.250 | Mirai botnet C2 server (confidence level: 75%) | |
file212.192.216.55 | Mirai botnet C2 server (confidence level: 75%) | |
file45.142.215.180 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file91.109.180.4 | NjRAT botnet C2 server (confidence level: 100%) | |
file183.101.0.245 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file20.127.111.151 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file116.206.92.26 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.98.110.121 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file110.42.204.253 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file141.95.160.22 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file212.86.114.58 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file95.143.177.66 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file78.24.222.162 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file104.168.44.52 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file23.82.140.202 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file116.206.92.26 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file2.56.59.46 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file42.51.55.214 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file184.164.77.132 | Remcos botnet C2 server (confidence level: 100%) | |
file198.144.190.132 | Mirai botnet C2 server (confidence level: 75%) | |
file172.245.158.140 | Mirai botnet C2 server (confidence level: 75%) | |
file209.141.40.204 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.79.253.197 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file108.61.184.177 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file83.220.170.85 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.79.253.197 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file5.180.97.29 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.248.61.97 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.136.245.84 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file198.13.54.77 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file159.89.101.228 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.156.24.151 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.218.114.26 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.134.163.22 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.104.169.147 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file27.124.46.192 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file27.124.46.191 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.4.63.248 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domaindynasty1.ddns.net | Remcos botnet C2 domain (confidence level: 100%) | |
domaindynasty2.ddns.net | Remcos botnet C2 domain (confidence level: 100%) | |
domaindynasty3.ddns.net | Remcos botnet C2 domain (confidence level: 100%) | |
domaingomdsx15.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainpeufga06.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaingombno33.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainpeuxuq08.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaingomcpn38.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaingomkud25.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaingomveh73.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaingomwuo74.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaingomdym64.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaingomdkv48.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaingomkcq55.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaingombpy23.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainpeulnm16.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainmorpyi04.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainekudiw09.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainmorswd03.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsezofi64.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsezexr48.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsezgxh38.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsezjgh14.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsezsay45.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsezvqe15.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsezyst58.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainartfavart.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaindaibmu78.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainmorboh07.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaindaiewt53.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaindaigtx74.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaindaihpb75.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaindaiirq63.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaindainwz56.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaindaisht76.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaindaitnf55.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaindaixbh54.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaindaizrm64.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainyapakq11.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainzyokao27.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainzyonou41.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainzyoskv38.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainzyoyol62.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainmoridn05.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhevaza63.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhevzaq36.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhevnsy68.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhevxuo66.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhevdiz78.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainmorhmu07.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhevqob73.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhevqyw76.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhevuto75.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaincarpricegoods.com | IcedID Downloader botnet C2 domain (confidence level: 75%) | |
domainnermorell.com | IcedID Downloader botnet C2 domain (confidence level: 75%) | |
domainbunarf14.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunavg31.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunawj52.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunbeq17.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbundky32.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbuneaf62.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunemp41.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunewx22.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbungfi44.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunhfy51.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunhip25.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunhiv18.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbuniaw75.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunkui71.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunloa64.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunlym61.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunmge34.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunmih64.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunmub54.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunmud42.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunmyj72.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunole21.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunopq12.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunowu74.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunozs71.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunpil34.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunpkw65.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunqet77.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunsix54.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbuntem74.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunups41.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunvaw31.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunwak27.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunwes24.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunxaj28.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunyia51.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbunzoh16.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokauw17.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokczu12.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokdam61.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokdqu22.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokfdz25.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokfme11.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokhvw75.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokjdb62.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokjmu66.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokjzu65.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokkai11.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokmpz32.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokovq72.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokovx21.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokpga51.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokqgb55.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokqsh27.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfoktca76.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokujb52.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokuoq73.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokvap14.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokvof63.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokwit54.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokwoa56.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokwsf42.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokwxr74.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokxew37.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokxfr71.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokxln64.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokycx48.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfokyft24.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknuabw56.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknubrz54.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknubsk47.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknucsj38.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknucxf51.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknufnp41.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknufnz55.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknuhld48.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknuirb35.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknuiud57.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknujed45.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknumau46.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknumfh44.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknusxq31.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknuxiq42.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknuxua32.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainknuzev74.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainmoreid02.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainmorkix01.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsarwak01.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintobday02.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintobdol01.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintobepw05.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintobexa03.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintobhay04.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintobsge06.top | CryptBot botnet C2 domain (confidence level: 100%) |
Threat ID: 682c7ac0e3e6de8ceb761f9e
Added to database: 5/20/2025, 12:51:12 PM
Last enriched: 6/19/2025, 1:19:54 PM
Last updated: 8/14/2025, 7:46:47 AM
Views: 12
Related Threats
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumThreatFox IOCs for 2025-08-15
MediumThreat Actor Profile: Interlock Ransomware
Medium'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumKawabunga, Dude, You've Been Ransomed!
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.