ThreatFox IOCs for 2022-01-14

Severity: mediumType: malware

AI Analysis

Technical Summary

The provided information pertains to a set of Indicators of Compromise (IOCs) published by ThreatFox on January 14, 2022, related to malware activities. These IOCs are primarily categorized under OSINT (Open Source Intelligence), payload delivery, and network activity. The data does not specify particular affected software versions or products, indicating that the IOCs are likely generic or related to observed network behaviors and malware payload distribution rather than a specific vulnerability in a product. The threat level is rated as medium, with a threatLevel score of 2 (on an unspecified scale), analysis score of 1, and distribution score of 3, suggesting moderate confidence in the analysis and a relatively broad distribution of the threat indicators. No patches or known exploits in the wild are reported, and no Common Weakness Enumerations (CWEs) are associated, implying this is not a vulnerability-based threat but rather a malware campaign or activity identified through OSINT. The absence of detailed technical indicators or payload specifics limits the granularity of the analysis, but the focus on payload delivery and network activity suggests the threat involves malware dissemination via network vectors, potentially through phishing, malicious downloads, or command and control communications. The TLP (Traffic Light Protocol) is white, indicating the information is intended for public sharing without restriction.

Potential Impact

For European organizations, the impact of this threat primarily revolves around the risk of malware infection through network-based delivery mechanisms. Given the lack of specific affected products or vulnerabilities, the threat likely targets a broad range of systems, potentially exploiting common network protocols or social engineering to deliver payloads. The medium severity rating suggests that while the threat is not currently causing widespread critical damage, it could lead to unauthorized access, data exfiltration, or disruption of services if payloads are successfully delivered and executed. Organizations with extensive network exposure or those lacking robust network monitoring and endpoint protection may be more susceptible. The absence of known exploits in the wild reduces immediate risk but does not preclude future exploitation or adaptation by threat actors. European entities involved in critical infrastructure, finance, or government sectors could face increased risk due to the strategic value of their data and services. Additionally, the broad distribution score indicates that the threat is not localized, increasing the likelihood of exposure across multiple European countries.

Mitigation Recommendations

Given the nature of this threat as malware-related IOCs disseminated via network activity, European organizations should implement targeted network traffic analysis to detect and block known malicious indicators. This includes deploying advanced intrusion detection and prevention systems (IDS/IPS) capable of identifying anomalous payload delivery patterns and command and control communications. Organizations should integrate ThreatFox IOCs into their security information and event management (SIEM) systems to enhance detection capabilities. Regularly updating threat intelligence feeds and correlating them with internal logs will improve early identification of potential compromises. Endpoint protection platforms should be configured for heuristic and behavioral analysis to detect unknown or polymorphic malware payloads. Network segmentation and strict access controls can limit lateral movement if an infection occurs. Employee training focused on recognizing phishing and social engineering attempts will reduce the risk of initial payload delivery. Since no patches are available, emphasis should be on detection, containment, and response strategies. Finally, conducting regular threat hunting exercises using the provided IOCs can proactively identify and mitigate infections.

Affected Countries

Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Poland

Indicators of Compromise

url: http://robotically.xyz/wp-content/xtkkx/
file: 142.11.244.223
hash: 443
file: 192.236.194.72
hash: 443
file: 192.119.110.4
hash: 443
hash: 3bb970ec5ce98d3945badae0c544dc03400858bcaf3908285d1dda102f644a0b
hash: 3b87d2d1a31c2cc49f365fce8aa50e034d72c44a9ec9c29f5f253da7a424b8ea
hash: 5e31a1960b0ee0ce4e0d02d08adb7647d9d3aae75393fd718594a73fd12d6f46
hash: 1b7512dc2c7e944f29436876f8d1e942a70100fdf7fcc7ed8d34e23ae31c669e
url: http://shopnhap.com/highbinder/uedvfthdf5em40/
hash: b8bed0211974f32db2c385350fb62954f0b0f335bc592b51144027956524d674
hash: 22cb98a4832824adc290e8a9541b50228f4f75fb1a8e621fd80d4d2be7ed73f9
hash: 8c0272f6d0136bb8adeb659d8de19a4be68a81fc018587275e045103fc01b49d
hash: 012ce05f8263d161d4387749446cb3df3240fd33cf71dfb3f48dc4f4c9354298
url: https://celhocortofilmfestival.stream/css/naq/
url: http://insertcatherreview.xyz/wp-includes/uulqtc51sl8izbt/
url: http://bbc-us.com/wp-admin/48r6tif1qtmqrao/
file: 185.140.53.132
hash: 1604
hash: 4162cc11cc30f7db7c8a151252a7e63e78dd4c03c995e2ab6e225dc811b8fd48
hash: e997341ab2422f5471f4c9f1df84f7a52e16fa38d64e6e0f4f94859cc234e2f8
hash: 35da284a91a4217dddc3207fe0b20ae37a2126e33c1b57c5fa65e2e14b72e9ba
hash: 5edfc7353c1aa6b23547357f576453b48059bb994824fd67002f13906000cf9d
hash: c47ffaadc73b46ad2ea10a4fc2108e35e88ea5f0b3552606a87305e2aab13b7f
hash: 3b4b7e29adf8ff8cf49cdb924de689cdb735a12ebd78dd29537e81a9454e9631
hash: 93d545c83fa462035ae0c2aa0036db008fc4bdf3d10ec89c6f0b6699b09c6fbf
hash: 30e1ba61a63a27b668eee09f960a83d944e878c33b46f85ea86bacdf1427f4dd
url: http://slimpackage.com/slimfit/five/fre.php
domain: 2t2ev5giwktc5o9.quest
domain: 3f2ocy9clt90x74.one
domain: 6v2mofchw2eix98.quest
domain: a575hh752dp9l6c.one
domain: ki6hcax6c1ehe5j.one
domain: lc83k0l0bdl6u41.one
domain: mxaflbsa3chjk0i.quest
domain: nm542iefjijgl2n.one
domain: r4nrjfmlc3k7z00.quest
domain: t5ctg9k9cpdmhjt.quest
hash: a2b8128f9686d68437b6ce9f4e0fb09b6301cfa43f8bd7daf022912f778cebb5
hash: bb6109acc2b7474d53e223a5756822fb77b8b7495af31ffdeb90dd2e8584e17b
hash: a5e8e8d270c1f8e2c8d30bfcb2f3c0029f318e5c0b94ef883544c5caa429cacf
hash: b2258d48681423e06c71cee3484c629607b9eeb0d2f99d209fb10e4d9522ed7e
domain: www3.cloud
domain: api.www3.cloud
domain: news.www3.cloud
hash: 9e2502b3945f31482623e8e61dcb85b9ebb7d9a4244d9074fa289596c9da513e
hash: 097a53e95523a6627511ab11904ab7fba846da6e85ce5cb2dc4f8a6c577228a0
hash: 0d072a60b433f330d2ba97d75eae7af07e9d75bc6ed5b1065287661d05e82ab6
hash: 9679f0e8f63974d80f953b8212b2668c27ec9762cdcf6acbfd4fdf4b6d189f23
url: http://2.arthaloca.com/styles/ds5rnprosfcabltyewo/
url: http://slimpackage.com/slimmain/five/fre.php
url: https://45.156.24.200:443/g.pixel
url: https://107.172.89.110:443/updates.rss
url: http://170.39.214.187:80/g.pixel
url: https://43.156.8.120:443/ie9compatviewlist.xml
url: http://1.1.1.1:2222/ptj
url: http://64.52.169.174:9999/cx
url: http://69.172.75.132:8443/cm
url: https://www.msrcc.tk:443/cx
url: https://106.13.95.3:443/fwlink
url: https://106.52.131.175:443/image
url: https://1.14.148.85:443/cx
hash: e3af866c7760f95afa5352ec3845697a17354305f5797a69538bb637f8bbf4fe
hash: f85293eec1a9d86cdb45979a7a90265d9082148898d583b1baaf8c7ae3e1047a
hash: 5c037c7c1338cf54a9d1e81b74bb4ad003e1a254069a03499426ec1600a748d9
hash: 6cb775a7c9b0cf8ba308029dc623e1de6d17cb2ab6b7ebbbd9c16bfcaa55efe8
url: http://adi.iswks.com/assets/ho1v71pqfnn/
url: http://64.52.169.174:80/updates.rss
file: 212.193.30.54
hash: 8754
url: https://estts.net:443/ptj
url: https://5.39.221.60:443/ptj
url: https://69.172.75.132:443/cm
url: https://cs.eeeqq.tk:443/g.pixel
file: 107.189.1.53
hash: 6738
hash: 9cb252d017b68a7906e842f51e5c9ba737567a6a85ba14666aa54c5c1b93ebb6
hash: 881d216bda06fbcd5809ba113ee4574fb5d464dbe464e8627b52973c08dba5a3
hash: 87d380f12b61ff49af7680e3dd4cb7c0415be71811a565fa4736c6430e629974
hash: 428181d7903c358f27f2607b8caf6468eaae1bff1a0b7747904db042cbc2cafd
hash: 50bee5c11d3905157aa3aa461b9da69cc05c90d748330e98324cc36815610bc0
hash: dd1f717452d1875bf3af9fde8d4ac06514ff9b05e58c579e6ad5f2b0a5f4d51f
hash: 51d9617958b9509bf33f82f6d4f213d80b88fe4cf74efb0166b5fc6db2ddff63
hash: 1cf27ab77a771ff942b1e2947856844fbab4991cf87aca618968445b5c5d706d
hash: e93370bd5b2ede03153fa579529406ea68c1e1072416a3523cb000180f7c0ecb
hash: d6f20ad67b08f29828c05878f4381065d8634085129d70d637effae9e6226a1a
hash: 1be428f924402d7cc4586ca37a9e843c869b394f85085db5e4e85d150aa87e04
hash: b50e88d7d4ed87c10772d463b0649bb735a426230576e4b3ee8fd0b67f0dbc44
hash: 966557b6f228eda641e155a858f574654e431743311d83e4841013d63044a994
hash: 44e305db99461f07b7cff6648b50531771361a4dfafa69991527d3963eb88dd2
hash: 901ad7435c05bf0fee8f05128d43b805a25dff60a442ba8482c0cac32ba380a8
hash: c8fe81088b2caa9df35d92a588fb266a145c95b81b5c66d5bfe181fa73b17d82
url: https://69.172.75.132:443/dpixel
url: http://42.192.160.91:8080/pixel.gif
url: https://124.223.17.79/image/
file: 124.223.17.79
hash: 443
url: http://124.71.111.23:1111/api/x
file: 124.71.111.23
hash: 1111
url: http://120.79.10.121/updates
url: http://121.5.175.66/__utm.gif
file: 121.5.175.66
hash: 80
url: https://193.242.145.134/stop/v1.42/3zbzo7gp
file: 193.242.145.134
hash: 443
url: https://103.45.142.124/updates.rss
file: 103.45.142.124
hash: 443
file: 112.74.105.133
hash: 8080
file: 45.11.47.244
hash: 4444
url: http://service-09d0zmmi-1309015260.gz.apigw.tencentcs.com/api/x
file: 121.5.63.127
hash: 80
url: https://43.239.159.3/cx
file: 43.239.159.3
hash: 443
url: https://47.90.202.152:443/__utm.gif
url: https://www.cyberevilcorp.tk:443/en_us/all.js
url: http://178.128.244.245/search.php?key=9fdacf1307e35d047a008c29da6e9968
url: https://45.64.184.144:443/pixel.gif
url: https://43.239.159.3:443/ca
hash: f2da177aff59093abe1d3bc7c1a769be2701784036c398900a43725d83c9e9a9
hash: 9ca32954bc9ae96f11d246ca45443522a731631c154f768938c556869e01b555
hash: c48f7949e36ea00828f752c9a5a2baa48fa6f867ba9013025b6d6cb858f31768
hash: c16082d1e821a819ea4d274e12d7d656e83b359b2ca7b33de143e60affc7b1b2
hash: 3cbf94c22af49ad9be152750428263c826c9b020036a0321f10f9fe2eed6ae52
hash: 9d69632f6791492fadab28bea034f7f18d29bc67fd6e7db08bdba847487da47f
hash: 4dfa1bc1558cd76b1c9cf89cf7a3ca77170452041c32ee28d9c239e4249c394f
hash: 5f1da4ecb8c7d741c4b8263ade13d80369a9caad14a119063c809cdd3bd97e40
hash: aeed1bf32df36ad3ccc929987dbd30e2b1836c267223614d3648b3027e23e1fe
hash: e7587776adecf859e137e7af3da4b9b6fd9428e6f89cc48d3a63886d490baaca
hash: 3bb8ef6eaec03c54c6c517000575ef943577ca0a71e61fd29257786991306133
hash: e91644f9cffb58e260facf0cb5abd35f9b0da2e5129803a6d4e7b8802814d752
url: https://43.239.159.3:443/cx
url: https://143.198.102.5:443/cx
url: https://test2.bilibili.cc:443/visit.js
url: https://1.15.80.102:443/load
url: https://45.145.6.5:443/dot.gif
url: https://185.186.142.101:443/g.pixel
url: http://service-9ce967gj-1258736518.sh.apigw.tencentcs.com:80/api/x
url: http://111.123.50.42:80/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
url: https://150.158.75.242:443/ptj
url: https://service-14v4pnqn-1259219677.sh.apigw.tencentcs.com:443/api/x
url: https://www.cctv003.tk:8443/match
url: http://10.37.129.13:80/ga.js
url: http://therecyclingmachine.com/wp-admin/lzpozslkq90fyt1/
url: http://zhongmaifangwu.com/test777/3u4un0u/
url: http://moversphiladelphia.org/cmsxml/9byfsxp/
url: https://8.210.224.18:443/messages/2i2ga6wsjrx4e0xchuu3kbgu-crd4la
url: https://91.213.50.101:443/ca
url: http://75.119.146.209
url: http://lopatuniscuasesrsas.xyz
url: http://andosuaieupdatesignau.ml
url: http://yoklesfomerdesgomres.net
file: 185.140.53.10
hash: 9090
url: http://mercygreig437.website
url: http://kateflowers325.website
url: http://rivkagreig23.website
file: 3.131.207.170
hash: 10778
file: 3.22.53.161
hash: 10778
file: 52.14.18.129
hash: 10778
url: http://pplonline.org/cgi//6.jpg
url: http://pplonline.org/cgi//1.jpg
url: http://pplonline.org/cgi//2.jpg
url: http://pplonline.org/cgi//3.jpg
url: http://pplonline.org/cgi//4.jpg
url: http://pplonline.org/cgi//5.jpg
url: http://pplonline.org/cgi//7.jpg
url: http://5.199.162.229:80/nv.css
url: https://sophospanels.com:443/nv.css
file: 95.143.179.185
hash: 31334
file: 103.153.78.234
hash: 8951
file: 20.79.206.212
hash: 6000
url: http://jnxxx1.xyz/jrm/w2/fre.php
file: 185.80.53.106
hash: 80
url: http://64.52.169.174:9999/dpixel
file: 81.91.178.186
hash: 19410
file: 3.134.125.175
hash: 13467
file: 3.14.182.203
hash: 13467
url: http://romebor.com:80/jquery-3.3.1.min.js
url: https://jnxxx1.xyz/jrm/w2/fre.php
file: 5.149.255.205
hash: 80
file: 116.202.24.62
hash: 9295
file: 95.143.177.76
hash: 34098
file: 185.215.113.64
hash: 25828
hash: 2d2ceb896bf2f2af272245a052c936a9e45df7bded60a09ba3a1debc3aff1c4c
hash: b4a63629d1d2c8b7320b1372cf46e3e0c05bf1d1ddf7f89deb644aacf9e51f3b
hash: d26cea6912e11e87d9fa8782f69b01d38c4e8d40c9548341629b8281f9aa2ab0
hash: 72ca3e2f8479a075c8e089f543f79c4f1cf868d66d3272b2e6b0f0fded1bdb60
hash: 248ce8f51907aa4a7ce3ae5f9c947a30a7844340bae4a3621d4e0234ba18dc22
url: https://www.siole.tk/ie9compatviewlist.xml
hash: 93fddb1a745fec7ae8bc3a7f8d66ce73b1841998e9b0589790e924ff6efb6a05
hash: 164149035d4a3d2edba76c0601f6f83e04d45d7c057d221130c57fc9b13fd5b5
hash: 2476273703617870ae392f166bc07d346596d23a159bf762fd5468844b70e33f
hash: 07f9220fe1879a72e9570c31869a19b40ba97a990a9300198af5d016806499c0
file: 109.205.178.244
hash: 6688
url: http://91.213.50.101:3389/cm
hash: b93b9b8c9bbc90a761f62b17adc1b6662de922acd463d7fc6af09869afdc29d4
hash: 1d91b2f83ced053a62d4ae0289ac87fdf7557f684c8c67f56529126186bb5ef4
hash: 45fa3b802a5d7e2c3687dbb1957e5cda1715b5d741f40d80d672bbf73d5d8b3e
hash: 23abc535e7b9fe582b338c82884a2f0ea164a62d38132b9e205f87b1591fd243
hash: 900e115c271f29c66454e91f168be012c2ae5d307c86b70e8d595e0bade388c6
hash: bdaae5a1a9b92e3e85fa026ae9f6b375eda1eb75a31fa122b204418ff83fc36c
hash: feb40c343aa65f5f5c0a32443535effa22652067c576416857e4d7280ce85e11
hash: 33bb2954b5efd072d71b4d7bf79eb609e4143a01023c15f8239f3a93561052e0
url: http://adreylinkm.temp.swtest.ru/panel/adnim.php
file: 212.193.30.28
hash: 2050
url: https://194.147.142.163:443/g.pixel
url: http://39.96.34.51/cm
file: 39.96.34.51
hash: 80
file: 49.232.110.30
hash: 80
file: 107.189.12.189
hash: 1791
file: 45.150.67.126
hash: 12829
file: 91.142.78.221
hash: 19473
domain: childhome4100.duckdns.org
file: 194.5.98.28
hash: 4100
hash: f2c5e8d5a5f0c2b5fbb3ac5361b1de3fa179baee1c863d62ac47fd3b5277ce4d
hash: 3309dbe5abab38f952ca3a478531e9ff57a1ef4654f988c53dbc9e08da7ac9db
hash: 9b58105b315bbd6a5af96e63f88dc59cdedef401324916ae48de270a021ec29d
hash: 1cdc472f08bc86830018711d971f1efc634d01f8a8635996d274388bc27953e7
file: 207.32.218.86
hash: 38565
file: 207.32.219.80
hash: 39824
file: 78.46.137.240
hash: 21314
url: http://badmakeup.biz/dhl/3ez4gms65gk6bgxd/
file: 185.222.57.80
hash: 6275
url: http://47.254.235.229/7/universal/httpflower1track/bigloadpacketcdn/localsecure/eternalpipebigloadsqldownloads.php
file: 208.167.249.72
hash: 2943
file: 138.201.2.2
hash: 2022
file: 62.182.156.179
hash: 46840
url: http://185.112.83.116:80/_/scs/mail-static/_/js/
url: http://d18krv932r2kbr.cloudfront.net:80/access/
url: https://107.173.82.245:443/ptj
url: https://45.61.139.86:443/cx
url: https://jdk9.jp.ngrok.io:443/visit.js
url: https://155.94.138.16:443/ca
url: https://47.90.202.152:443/load
url: https://45.195.15.124:443/match
file: 185.112.83.116
hash: 8080
file: 185.112.83.116
hash: 80
url: https://ec2-35-177-95-190.eu-west-2.compute.amazonaws.com/real-world-investing/
hash: 0a150f4647b60f84416e88dfd6dc5e22faa88b08551397e861b7b2ccaa9ed085
hash: a15f8c268f7dfbd6b2c0aea83c52a7d5530c4cd8a10d2d1bf1f7bed97807e3c3
hash: 3a52ca55d7a163c15e187788137f8cb1b4a84779ec7de748463f1aa23314e901
hash: d6f3d5fbdc9c7f68e29260badb6fd6e8f1b606798fd9fe544e0b28387f21eaf9
url: http://118.193.62.241:81/push
file: 118.193.62.241
hash: 81
url: http://94.103.9.48/dpixel
file: 94.103.9.48
hash: 80
url: http://210.108.146.194:5353/ga.js
file: 210.108.146.194
hash: 5353
url: https://user.hsafe.xyz/wp08/wp-includes/dtcla.php
file: 198.55.102.254
hash: 443
url: https://www.palauhealths.com/security-details.a52152.js
file: 149.28.80.59
hash: 443
url: https://94.103.9.48/push
file: 94.103.9.48
hash: 443
url: http://143.244.165.123/visit.js
url: http://138.68.155.70/dpixel
file: 143.244.165.123
hash: 80
url: http://158.247.204.207:1111/load
file: 158.247.204.207
hash: 1111
url: http://192.168.2.194/api/getit
file: 1.14.98.183
hash: 80
url: http://192.241.137.180/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
url: http://newsdoom.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
file: 192.241.137.180
hash: 80
url: http://45.156.24.200:86/cm
file: 45.156.24.200
hash: 86
url: https://147.182.205.242/jquery-3.3.1.min.js
file: 147.182.205.242
hash: 443
url: http://1.15.41.163:8089/wp08/wp-includes/dtcla.php
file: 1.15.41.163
hash: 8089
url: http://service-ir7mxmrz-1255840758.bj.apigw.tencentcs.com/api/getit
file: 8.142.39.2
hash: 80
url: https://serverworker.com/bg
file: 77.83.199.189
hash: 443
url: http://23.227.198.246/templates.js
file: 23.227.198.246
hash: 80
url: https://176.121.14.54/image/
file: 176.121.14.54
hash: 443
url: https://znertino.com/get
file: 45.227.255.157
hash: 443
url: http://47.242.29.98:49154/dot.gif
file: 47.242.29.98
hash: 49154
url: https://b2bdirector.com:1443/search
file: 23.227.202.109
hash: 1443
url: http://8.214.23.44:8080/ie9compatviewlist.xml
file: 8.214.23.44
hash: 8080
url: https://149.255.35.131/rn.css
file: 149.255.35.131
hash: 443
file: 52.128.229.4
hash: 80
url: https://www.hsanzsa.xyz/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
file: 45.32.26.111
hash: 443
url: http://195.242.111.157/mqew
file: 195.242.111.157
hash: 80
file: 136.144.41.15
hash: 1312

ThreatFox IOCs for 2022-01-14

Severity: medium

Type: malware

ThreatFox IOCs for 2022-01-14

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Poland

Indicators of Compromise

url: http://robotically.xyz/wp-content/xtkkx/
file: 142.11.244.223
hash: 443
file: 192.236.194.72
hash: 443
file: 192.119.110.4
hash: 443
hash: 3bb970ec5ce98d3945badae0c544dc03400858bcaf3908285d1dda102f644a0b
hash: 3b87d2d1a31c2cc49f365fce8aa50e034d72c44a9ec9c29f5f253da7a424b8ea
hash: 5e31a1960b0ee0ce4e0d02d08adb7647d9d3aae75393fd718594a73fd12d6f46
hash: 1b7512dc2c7e944f29436876f8d1e942a70100fdf7fcc7ed8d34e23ae31c669e
url: http://shopnhap.com/highbinder/uedvfthdf5em40/
hash: b8bed0211974f32db2c385350fb62954f0b0f335bc592b51144027956524d674
hash: 22cb98a4832824adc290e8a9541b50228f4f75fb1a8e621fd80d4d2be7ed73f9
hash: 8c0272f6d0136bb8adeb659d8de19a4be68a81fc018587275e045103fc01b49d
hash: 012ce05f8263d161d4387749446cb3df3240fd33cf71dfb3f48dc4f4c9354298
url: https://celhocortofilmfestival.stream/css/naq/
url: http://insertcatherreview.xyz/wp-includes/uulqtc51sl8izbt/
url: http://bbc-us.com/wp-admin/48r6tif1qtmqrao/
file: 185.140.53.132
hash: 1604
hash: 4162cc11cc30f7db7c8a151252a7e63e78dd4c03c995e2ab6e225dc811b8fd48
hash: e997341ab2422f5471f4c9f1df84f7a52e16fa38d64e6e0f4f94859cc234e2f8
hash: 35da284a91a4217dddc3207fe0b20ae37a2126e33c1b57c5fa65e2e14b72e9ba
hash: 5edfc7353c1aa6b23547357f576453b48059bb994824fd67002f13906000cf9d
hash: c47ffaadc73b46ad2ea10a4fc2108e35e88ea5f0b3552606a87305e2aab13b7f
hash: 3b4b7e29adf8ff8cf49cdb924de689cdb735a12ebd78dd29537e81a9454e9631
hash: 93d545c83fa462035ae0c2aa0036db008fc4bdf3d10ec89c6f0b6699b09c6fbf
hash: 30e1ba61a63a27b668eee09f960a83d944e878c33b46f85ea86bacdf1427f4dd
url: http://slimpackage.com/slimfit/five/fre.php
domain: 2t2ev5giwktc5o9.quest
domain: 3f2ocy9clt90x74.one
domain: 6v2mofchw2eix98.quest
domain: a575hh752dp9l6c.one
domain: ki6hcax6c1ehe5j.one
domain: lc83k0l0bdl6u41.one
domain: mxaflbsa3chjk0i.quest
domain: nm542iefjijgl2n.one
domain: r4nrjfmlc3k7z00.quest
domain: t5ctg9k9cpdmhjt.quest
hash: a2b8128f9686d68437b6ce9f4e0fb09b6301cfa43f8bd7daf022912f778cebb5
hash: bb6109acc2b7474d53e223a5756822fb77b8b7495af31ffdeb90dd2e8584e17b
hash: a5e8e8d270c1f8e2c8d30bfcb2f3c0029f318e5c0b94ef883544c5caa429cacf
hash: b2258d48681423e06c71cee3484c629607b9eeb0d2f99d209fb10e4d9522ed7e
domain: www3.cloud
domain: api.www3.cloud
domain: news.www3.cloud
hash: 9e2502b3945f31482623e8e61dcb85b9ebb7d9a4244d9074fa289596c9da513e
hash: 097a53e95523a6627511ab11904ab7fba846da6e85ce5cb2dc4f8a6c577228a0
hash: 0d072a60b433f330d2ba97d75eae7af07e9d75bc6ed5b1065287661d05e82ab6
hash: 9679f0e8f63974d80f953b8212b2668c27ec9762cdcf6acbfd4fdf4b6d189f23
url: http://2.arthaloca.com/styles/ds5rnprosfcabltyewo/
url: http://slimpackage.com/slimmain/five/fre.php
url: https://45.156.24.200:443/g.pixel
url: https://107.172.89.110:443/updates.rss
url: http://170.39.214.187:80/g.pixel
url: https://43.156.8.120:443/ie9compatviewlist.xml
url: http://1.1.1.1:2222/ptj
url: http://64.52.169.174:9999/cx
url: http://69.172.75.132:8443/cm
url: https://www.msrcc.tk:443/cx
url: https://106.13.95.3:443/fwlink
url: https://106.52.131.175:443/image
url: https://1.14.148.85:443/cx
hash: e3af866c7760f95afa5352ec3845697a17354305f5797a69538bb637f8bbf4fe
hash: f85293eec1a9d86cdb45979a7a90265d9082148898d583b1baaf8c7ae3e1047a
hash: 5c037c7c1338cf54a9d1e81b74bb4ad003e1a254069a03499426ec1600a748d9
hash: 6cb775a7c9b0cf8ba308029dc623e1de6d17cb2ab6b7ebbbd9c16bfcaa55efe8
url: http://adi.iswks.com/assets/ho1v71pqfnn/
url: http://64.52.169.174:80/updates.rss
file: 212.193.30.54
hash: 8754
url: https://estts.net:443/ptj
url: https://5.39.221.60:443/ptj
url: https://69.172.75.132:443/cm
url: https://cs.eeeqq.tk:443/g.pixel
file: 107.189.1.53
hash: 6738
hash: 9cb252d017b68a7906e842f51e5c9ba737567a6a85ba14666aa54c5c1b93ebb6
hash: 881d216bda06fbcd5809ba113ee4574fb5d464dbe464e8627b52973c08dba5a3
hash: 87d380f12b61ff49af7680e3dd4cb7c0415be71811a565fa4736c6430e629974
hash: 428181d7903c358f27f2607b8caf6468eaae1bff1a0b7747904db042cbc2cafd
hash: 50bee5c11d3905157aa3aa461b9da69cc05c90d748330e98324cc36815610bc0
hash: dd1f717452d1875bf3af9fde8d4ac06514ff9b05e58c579e6ad5f2b0a5f4d51f
hash: 51d9617958b9509bf33f82f6d4f213d80b88fe4cf74efb0166b5fc6db2ddff63
hash: 1cf27ab77a771ff942b1e2947856844fbab4991cf87aca618968445b5c5d706d
hash: e93370bd5b2ede03153fa579529406ea68c1e1072416a3523cb000180f7c0ecb
hash: d6f20ad67b08f29828c05878f4381065d8634085129d70d637effae9e6226a1a
hash: 1be428f924402d7cc4586ca37a9e843c869b394f85085db5e4e85d150aa87e04
hash: b50e88d7d4ed87c10772d463b0649bb735a426230576e4b3ee8fd0b67f0dbc44
hash: 966557b6f228eda641e155a858f574654e431743311d83e4841013d63044a994
hash: 44e305db99461f07b7cff6648b50531771361a4dfafa69991527d3963eb88dd2
hash: 901ad7435c05bf0fee8f05128d43b805a25dff60a442ba8482c0cac32ba380a8
hash: c8fe81088b2caa9df35d92a588fb266a145c95b81b5c66d5bfe181fa73b17d82
url: https://69.172.75.132:443/dpixel
url: http://42.192.160.91:8080/pixel.gif
url: https://124.223.17.79/image/
file: 124.223.17.79
hash: 443
url: http://124.71.111.23:1111/api/x
file: 124.71.111.23
hash: 1111
url: http://120.79.10.121/updates
url: http://121.5.175.66/__utm.gif
file: 121.5.175.66
hash: 80
url: https://193.242.145.134/stop/v1.42/3zbzo7gp
file: 193.242.145.134
hash: 443
url: https://103.45.142.124/updates.rss
file: 103.45.142.124
hash: 443
file: 112.74.105.133
hash: 8080
file: 45.11.47.244
hash: 4444
url: http://service-09d0zmmi-1309015260.gz.apigw.tencentcs.com/api/x
file: 121.5.63.127
hash: 80
url: https://43.239.159.3/cx
file: 43.239.159.3
hash: 443
url: https://47.90.202.152:443/__utm.gif
url: https://www.cyberevilcorp.tk:443/en_us/all.js
url: http://178.128.244.245/search.php?key=9fdacf1307e35d047a008c29da6e9968
url: https://45.64.184.144:443/pixel.gif
url: https://43.239.159.3:443/ca
hash: f2da177aff59093abe1d3bc7c1a769be2701784036c398900a43725d83c9e9a9
hash: 9ca32954bc9ae96f11d246ca45443522a731631c154f768938c556869e01b555
hash: c48f7949e36ea00828f752c9a5a2baa48fa6f867ba9013025b6d6cb858f31768
hash: c16082d1e821a819ea4d274e12d7d656e83b359b2ca7b33de143e60affc7b1b2
hash: 3cbf94c22af49ad9be152750428263c826c9b020036a0321f10f9fe2eed6ae52
hash: 9d69632f6791492fadab28bea034f7f18d29bc67fd6e7db08bdba847487da47f
hash: 4dfa1bc1558cd76b1c9cf89cf7a3ca77170452041c32ee28d9c239e4249c394f
hash: 5f1da4ecb8c7d741c4b8263ade13d80369a9caad14a119063c809cdd3bd97e40
hash: aeed1bf32df36ad3ccc929987dbd30e2b1836c267223614d3648b3027e23e1fe
hash: e7587776adecf859e137e7af3da4b9b6fd9428e6f89cc48d3a63886d490baaca
hash: 3bb8ef6eaec03c54c6c517000575ef943577ca0a71e61fd29257786991306133
hash: e91644f9cffb58e260facf0cb5abd35f9b0da2e5129803a6d4e7b8802814d752
url: https://43.239.159.3:443/cx
url: https://143.198.102.5:443/cx
url: https://test2.bilibili.cc:443/visit.js
url: https://1.15.80.102:443/load
url: https://45.145.6.5:443/dot.gif
url: https://185.186.142.101:443/g.pixel
url: http://service-9ce967gj-1258736518.sh.apigw.tencentcs.com:80/api/x
url: http://111.123.50.42:80/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
url: https://150.158.75.242:443/ptj
url: https://service-14v4pnqn-1259219677.sh.apigw.tencentcs.com:443/api/x
url: https://www.cctv003.tk:8443/match
url: http://10.37.129.13:80/ga.js
url: http://therecyclingmachine.com/wp-admin/lzpozslkq90fyt1/
url: http://zhongmaifangwu.com/test777/3u4un0u/
url: http://moversphiladelphia.org/cmsxml/9byfsxp/
url: https://8.210.224.18:443/messages/2i2ga6wsjrx4e0xchuu3kbgu-crd4la
url: https://91.213.50.101:443/ca
url: http://75.119.146.209
url: http://lopatuniscuasesrsas.xyz
url: http://andosuaieupdatesignau.ml
url: http://yoklesfomerdesgomres.net
file: 185.140.53.10
hash: 9090
url: http://mercygreig437.website
url: http://kateflowers325.website
url: http://rivkagreig23.website
file: 3.131.207.170
hash: 10778
file: 3.22.53.161
hash: 10778
file: 52.14.18.129
hash: 10778
url: http://pplonline.org/cgi//6.jpg
url: http://pplonline.org/cgi//1.jpg
url: http://pplonline.org/cgi//2.jpg
url: http://pplonline.org/cgi//3.jpg
url: http://pplonline.org/cgi//4.jpg
url: http://pplonline.org/cgi//5.jpg
url: http://pplonline.org/cgi//7.jpg
url: http://5.199.162.229:80/nv.css
url: https://sophospanels.com:443/nv.css
file: 95.143.179.185
hash: 31334
file: 103.153.78.234
hash: 8951
file: 20.79.206.212
hash: 6000
url: http://jnxxx1.xyz/jrm/w2/fre.php
file: 185.80.53.106
hash: 80
url: http://64.52.169.174:9999/dpixel
file: 81.91.178.186
hash: 19410
file: 3.134.125.175
hash: 13467
file: 3.14.182.203
hash: 13467
url: http://romebor.com:80/jquery-3.3.1.min.js
url: https://jnxxx1.xyz/jrm/w2/fre.php
file: 5.149.255.205
hash: 80
file: 116.202.24.62
hash: 9295
file: 95.143.177.76
hash: 34098
file: 185.215.113.64
hash: 25828
hash: 2d2ceb896bf2f2af272245a052c936a9e45df7bded60a09ba3a1debc3aff1c4c
hash: b4a63629d1d2c8b7320b1372cf46e3e0c05bf1d1ddf7f89deb644aacf9e51f3b
hash: d26cea6912e11e87d9fa8782f69b01d38c4e8d40c9548341629b8281f9aa2ab0
hash: 72ca3e2f8479a075c8e089f543f79c4f1cf868d66d3272b2e6b0f0fded1bdb60
hash: 248ce8f51907aa4a7ce3ae5f9c947a30a7844340bae4a3621d4e0234ba18dc22
url: https://www.siole.tk/ie9compatviewlist.xml
hash: 93fddb1a745fec7ae8bc3a7f8d66ce73b1841998e9b0589790e924ff6efb6a05
hash: 164149035d4a3d2edba76c0601f6f83e04d45d7c057d221130c57fc9b13fd5b5
hash: 2476273703617870ae392f166bc07d346596d23a159bf762fd5468844b70e33f
hash: 07f9220fe1879a72e9570c31869a19b40ba97a990a9300198af5d016806499c0
file: 109.205.178.244
hash: 6688
url: http://91.213.50.101:3389/cm
hash: b93b9b8c9bbc90a761f62b17adc1b6662de922acd463d7fc6af09869afdc29d4
hash: 1d91b2f83ced053a62d4ae0289ac87fdf7557f684c8c67f56529126186bb5ef4
hash: 45fa3b802a5d7e2c3687dbb1957e5cda1715b5d741f40d80d672bbf73d5d8b3e
hash: 23abc535e7b9fe582b338c82884a2f0ea164a62d38132b9e205f87b1591fd243
hash: 900e115c271f29c66454e91f168be012c2ae5d307c86b70e8d595e0bade388c6
hash: bdaae5a1a9b92e3e85fa026ae9f6b375eda1eb75a31fa122b204418ff83fc36c
hash: feb40c343aa65f5f5c0a32443535effa22652067c576416857e4d7280ce85e11
hash: 33bb2954b5efd072d71b4d7bf79eb609e4143a01023c15f8239f3a93561052e0
url: http://adreylinkm.temp.swtest.ru/panel/adnim.php
file: 212.193.30.28
hash: 2050
url: https://194.147.142.163:443/g.pixel
url: http://39.96.34.51/cm
file: 39.96.34.51
hash: 80
file: 49.232.110.30
hash: 80
file: 107.189.12.189
hash: 1791
file: 45.150.67.126
hash: 12829
file: 91.142.78.221
hash: 19473
domain: childhome4100.duckdns.org
file: 194.5.98.28
hash: 4100
hash: f2c5e8d5a5f0c2b5fbb3ac5361b1de3fa179baee1c863d62ac47fd3b5277ce4d
hash: 3309dbe5abab38f952ca3a478531e9ff57a1ef4654f988c53dbc9e08da7ac9db
hash: 9b58105b315bbd6a5af96e63f88dc59cdedef401324916ae48de270a021ec29d
hash: 1cdc472f08bc86830018711d971f1efc634d01f8a8635996d274388bc27953e7
file: 207.32.218.86
hash: 38565
file: 207.32.219.80
hash: 39824
file: 78.46.137.240
hash: 21314
url: http://badmakeup.biz/dhl/3ez4gms65gk6bgxd/
file: 185.222.57.80
hash: 6275
url: http://47.254.235.229/7/universal/httpflower1track/bigloadpacketcdn/localsecure/eternalpipebigloadsqldownloads.php
file: 208.167.249.72
hash: 2943
file: 138.201.2.2
hash: 2022
file: 62.182.156.179
hash: 46840
url: http://185.112.83.116:80/_/scs/mail-static/_/js/
url: http://d18krv932r2kbr.cloudfront.net:80/access/
url: https://107.173.82.245:443/ptj
url: https://45.61.139.86:443/cx
url: https://jdk9.jp.ngrok.io:443/visit.js
url: https://155.94.138.16:443/ca
url: https://47.90.202.152:443/load
url: https://45.195.15.124:443/match
file: 185.112.83.116
hash: 8080
file: 185.112.83.116
hash: 80
url: https://ec2-35-177-95-190.eu-west-2.compute.amazonaws.com/real-world-investing/
hash: 0a150f4647b60f84416e88dfd6dc5e22faa88b08551397e861b7b2ccaa9ed085
hash: a15f8c268f7dfbd6b2c0aea83c52a7d5530c4cd8a10d2d1bf1f7bed97807e3c3
hash: 3a52ca55d7a163c15e187788137f8cb1b4a84779ec7de748463f1aa23314e901
hash: d6f3d5fbdc9c7f68e29260badb6fd6e8f1b606798fd9fe544e0b28387f21eaf9
url: http://118.193.62.241:81/push
file: 118.193.62.241
hash: 81
url: http://94.103.9.48/dpixel
file: 94.103.9.48
hash: 80
url: http://210.108.146.194:5353/ga.js
file: 210.108.146.194
hash: 5353
url: https://user.hsafe.xyz/wp08/wp-includes/dtcla.php
file: 198.55.102.254
hash: 443
url: https://www.palauhealths.com/security-details.a52152.js
file: 149.28.80.59
hash: 443
url: https://94.103.9.48/push
file: 94.103.9.48
hash: 443
url: http://143.244.165.123/visit.js
url: http://138.68.155.70/dpixel
file: 143.244.165.123
hash: 80
url: http://158.247.204.207:1111/load
file: 158.247.204.207
hash: 1111
url: http://192.168.2.194/api/getit
file: 1.14.98.183
hash: 80
url: http://192.241.137.180/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
url: http://newsdoom.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
file: 192.241.137.180
hash: 80
url: http://45.156.24.200:86/cm
file: 45.156.24.200
hash: 86
url: https://147.182.205.242/jquery-3.3.1.min.js
file: 147.182.205.242
hash: 443
url: http://1.15.41.163:8089/wp08/wp-includes/dtcla.php
file: 1.15.41.163
hash: 8089
url: http://service-ir7mxmrz-1255840758.bj.apigw.tencentcs.com/api/getit
file: 8.142.39.2
hash: 80
url: https://serverworker.com/bg
file: 77.83.199.189
hash: 443
url: http://23.227.198.246/templates.js
file: 23.227.198.246
hash: 80
url: https://176.121.14.54/image/
file: 176.121.14.54
hash: 443
url: https://znertino.com/get
file: 45.227.255.157
hash: 443
url: http://47.242.29.98:49154/dot.gif
file: 47.242.29.98
hash: 49154
url: https://b2bdirector.com:1443/search
file: 23.227.202.109
hash: 1443
url: http://8.214.23.44:8080/ie9compatviewlist.xml
file: 8.214.23.44
hash: 8080
url: https://149.255.35.131/rn.css
file: 149.255.35.131
hash: 443
file: 52.128.229.4
hash: 80
url: https://www.hsanzsa.xyz/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
file: 45.32.26.111
hash: 443
url: http://195.242.111.157/mqew
file: 195.242.111.157
hash: 80
file: 136.144.41.15
hash: 1312

Source: ThreatFox

Published: Fri Jan 14 2022

ThreatFox IOCs for 2022-01-14

Medium

Malwaretype:osint tlp:white

Published: Fri Jan 14 2022 (01/14/2022, 00:00:00 UTC)

Source: ThreatFox

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2022-01-14

AI-Powered Analysis

AILast updated: 06/18/2025, 08:36:20 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: fc63303d-587f-4ae1-8951-34da47de05c7
Original Timestamp: 1642204983

Indicators of Compromise

Url

Value	Description	Copy
urlhttp://robotically.xyz/wp-content/xtkkx/	Emotet payload delivery URL (confidence level: 90%)
urlhttp://shopnhap.com/highbinder/uedvfthdf5em40/	Emotet payload delivery URL (confidence level: 90%)
urlhttps://celhocortofilmfestival.stream/css/naq/	Emotet payload delivery URL (confidence level: 90%)
urlhttp://insertcatherreview.xyz/wp-includes/uulqtc51sl8izbt/	Emotet payload delivery URL (confidence level: 90%)
urlhttp://bbc-us.com/wp-admin/48r6tif1qtmqrao/	Emotet payload delivery URL (confidence level: 90%)
urlhttp://slimpackage.com/slimfit/five/fre.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://2.arthaloca.com/styles/ds5rnprosfcabltyewo/	Emotet payload delivery URL (confidence level: 90%)
urlhttp://slimpackage.com/slimmain/five/fre.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttps://45.156.24.200:443/g.pixel	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://107.172.89.110:443/updates.rss	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://170.39.214.187:80/g.pixel	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://43.156.8.120:443/ie9compatviewlist.xml	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://1.1.1.1:2222/ptj	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://64.52.169.174:9999/cx	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://69.172.75.132:8443/cm	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://www.msrcc.tk:443/cx	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://106.13.95.3:443/fwlink	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://106.52.131.175:443/image	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://1.14.148.85:443/cx	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://adi.iswks.com/assets/ho1v71pqfnn/	Emotet payload delivery URL (confidence level: 90%)
urlhttp://64.52.169.174:80/updates.rss	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://estts.net:443/ptj	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://5.39.221.60:443/ptj	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://69.172.75.132:443/cm	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://cs.eeeqq.tk:443/g.pixel	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://69.172.75.132:443/dpixel	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://42.192.160.91:8080/pixel.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://124.223.17.79/image/	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.71.111.23:1111/api/x	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://120.79.10.121/updates	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.5.175.66/__utm.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://193.242.145.134/stop/v1.42/3zbzo7gp	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://103.45.142.124/updates.rss	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://service-09d0zmmi-1309015260.gz.apigw.tencentcs.com/api/x	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://43.239.159.3/cx	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://47.90.202.152:443/__utm.gif	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://www.cyberevilcorp.tk:443/en_us/all.js	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://178.128.244.245/search.php?key=9fdacf1307e35d047a008c29da6e9968	Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttps://45.64.184.144:443/pixel.gif	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://43.239.159.3:443/ca	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://43.239.159.3:443/cx	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://143.198.102.5:443/cx	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://test2.bilibili.cc:443/visit.js	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://1.15.80.102:443/load	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://45.145.6.5:443/dot.gif	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://185.186.142.101:443/g.pixel	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://service-9ce967gj-1258736518.sh.apigw.tencentcs.com:80/api/x	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://111.123.50.42:80/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://150.158.75.242:443/ptj	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://service-14v4pnqn-1259219677.sh.apigw.tencentcs.com:443/api/x	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://www.cctv003.tk:8443/match	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://10.37.129.13:80/ga.js	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://therecyclingmachine.com/wp-admin/lzpozslkq90fyt1/	Emotet payload delivery URL (confidence level: 90%)
urlhttp://zhongmaifangwu.com/test777/3u4un0u/	Emotet payload delivery URL (confidence level: 90%)
urlhttp://moversphiladelphia.org/cmsxml/9byfsxp/	Emotet payload delivery URL (confidence level: 90%)
urlhttps://8.210.224.18:443/messages/2i2ga6wsjrx4e0xchuu3kbgu-crd4la	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://91.213.50.101:443/ca	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://75.119.146.209	Alien botnet C2 (confidence level: 80%)
urlhttp://lopatuniscuasesrsas.xyz	Alien botnet C2 (confidence level: 80%)
urlhttp://andosuaieupdatesignau.ml	Alien botnet C2 (confidence level: 80%)
urlhttp://yoklesfomerdesgomres.net	Alien botnet C2 (confidence level: 80%)
urlhttp://mercygreig437.website	Hydra botnet C2 (confidence level: 80%)
urlhttp://kateflowers325.website	Hydra botnet C2 (confidence level: 80%)
urlhttp://rivkagreig23.website	Hydra botnet C2 (confidence level: 80%)
urlhttp://pplonline.org/cgi//6.jpg	Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://pplonline.org/cgi//1.jpg	Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://pplonline.org/cgi//2.jpg	Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://pplonline.org/cgi//3.jpg	Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://pplonline.org/cgi//4.jpg	Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://pplonline.org/cgi//5.jpg	Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://pplonline.org/cgi//7.jpg	Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://5.199.162.229:80/nv.css	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://sophospanels.com:443/nv.css	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://jnxxx1.xyz/jrm/w2/fre.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://64.52.169.174:9999/dpixel	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://romebor.com:80/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://jnxxx1.xyz/jrm/w2/fre.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttps://www.siole.tk/ie9compatviewlist.xml	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://91.213.50.101:3389/cm	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://adreylinkm.temp.swtest.ru/panel/adnim.php	Azorult botnet C2 (confidence level: 100%)
urlhttps://194.147.142.163:443/g.pixel	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://39.96.34.51/cm	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://badmakeup.biz/dhl/3ez4gms65gk6bgxd/	Emotet payload delivery URL (confidence level: 90%)
urlhttp://47.254.235.229/7/universal/httpflower1track/bigloadpacketcdn/localsecure/eternalpipebigloadsqldownloads.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://185.112.83.116:80/_/scs/mail-static/_/js/	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://d18krv932r2kbr.cloudfront.net:80/access/	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://107.173.82.245:443/ptj	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://45.61.139.86:443/cx	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://jdk9.jp.ngrok.io:443/visit.js	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://155.94.138.16:443/ca	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://47.90.202.152:443/load	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://45.195.15.124:443/match	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://ec2-35-177-95-190.eu-west-2.compute.amazonaws.com/real-world-investing/	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://118.193.62.241:81/push	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://94.103.9.48/dpixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://210.108.146.194:5353/ga.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://user.hsafe.xyz/wp08/wp-includes/dtcla.php	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.palauhealths.com/security-details.a52152.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://94.103.9.48/push	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://143.244.165.123/visit.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://138.68.155.70/dpixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://158.247.204.207:1111/load	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://192.168.2.194/api/getit	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://192.241.137.180/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://newsdoom.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.156.24.200:86/cm	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://147.182.205.242/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.15.41.163:8089/wp08/wp-includes/dtcla.php	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://service-ir7mxmrz-1255840758.bj.apigw.tencentcs.com/api/getit	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://serverworker.com/bg	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://23.227.198.246/templates.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://176.121.14.54/image/	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://znertino.com/get	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.242.29.98:49154/dot.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://b2bdirector.com:1443/search	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://8.214.23.44:8080/ie9compatviewlist.xml	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://149.255.35.131/rn.css	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.hsanzsa.xyz/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://195.242.111.157/mqew	Cobalt Strike botnet C2 (confidence level: 100%)

File

Value	Description	Copy
file142.11.244.223	DanaBot botnet C2 server (confidence level: 100%)
file192.236.194.72	DanaBot botnet C2 server (confidence level: 100%)
file192.119.110.4	DanaBot botnet C2 server (confidence level: 100%)
file185.140.53.132	Nanocore RAT botnet C2 server (confidence level: 100%)
file212.193.30.54	AsyncRAT botnet C2 server (confidence level: 75%)
file107.189.1.53	Mirai botnet C2 server (confidence level: 75%)
file124.223.17.79	Cobalt Strike botnet C2 server (confidence level: 100%)
file124.71.111.23	Cobalt Strike botnet C2 server (confidence level: 100%)
file121.5.175.66	Cobalt Strike botnet C2 server (confidence level: 100%)
file193.242.145.134	Cobalt Strike botnet C2 server (confidence level: 100%)
file103.45.142.124	Cobalt Strike botnet C2 server (confidence level: 100%)
file112.74.105.133	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.11.47.244	Cobalt Strike botnet C2 server (confidence level: 100%)
file121.5.63.127	Cobalt Strike botnet C2 server (confidence level: 100%)
file43.239.159.3	Cobalt Strike botnet C2 server (confidence level: 100%)
file185.140.53.10	Nanocore RAT botnet C2 server (confidence level: 100%)
file3.131.207.170	NjRAT botnet C2 server (confidence level: 100%)
file3.22.53.161	NjRAT botnet C2 server (confidence level: 100%)
file52.14.18.129	NjRAT botnet C2 server (confidence level: 100%)
file95.143.179.185	RedLine Stealer botnet C2 server (confidence level: 100%)
file103.153.78.234	Nanocore RAT botnet C2 server (confidence level: 100%)
file20.79.206.212	Nanocore RAT botnet C2 server (confidence level: 100%)
file185.80.53.106	RedLine Stealer botnet C2 server (confidence level: 100%)
file81.91.178.186	RedLine Stealer botnet C2 server (confidence level: 100%)
file3.134.125.175	NjRAT botnet C2 server (confidence level: 100%)
file3.14.182.203	NjRAT botnet C2 server (confidence level: 100%)
file5.149.255.205	RedLine Stealer botnet C2 server (confidence level: 100%)
file116.202.24.62	RedLine Stealer botnet C2 server (confidence level: 100%)
file95.143.177.76	RedLine Stealer botnet C2 server (confidence level: 100%)
file185.215.113.64	RedLine Stealer botnet C2 server (confidence level: 100%)
file109.205.178.244	NetWire RC botnet C2 server (confidence level: 100%)
file212.193.30.28	Nanocore RAT botnet C2 server (confidence level: 100%)
file39.96.34.51	Cobalt Strike botnet C2 server (confidence level: 100%)
file49.232.110.30	Cobalt Strike botnet C2 server (confidence level: 100%)
file107.189.12.189	Mirai botnet C2 server (confidence level: 75%)
file45.150.67.126	RedLine Stealer botnet C2 server (confidence level: 100%)
file91.142.78.221	RedLine Stealer botnet C2 server (confidence level: 100%)
file194.5.98.28	Nanocore RAT botnet C2 server (confidence level: 100%)
file207.32.218.86	RedLine Stealer botnet C2 server (confidence level: 100%)
file207.32.219.80	RedLine Stealer botnet C2 server (confidence level: 100%)
file78.46.137.240	RedLine Stealer botnet C2 server (confidence level: 100%)
file185.222.57.80	AsyncRAT botnet C2 server (confidence level: 75%)
file208.167.249.72	RedLine Stealer botnet C2 server (confidence level: 100%)
file138.201.2.2	AsyncRAT botnet C2 server (confidence level: 100%)
file62.182.156.179	RedLine Stealer botnet C2 server (confidence level: 100%)
file185.112.83.116	Cobalt Strike botnet C2 server (confidence level: 75%)
file185.112.83.116	Cobalt Strike botnet C2 server (confidence level: 75%)
file118.193.62.241	Cobalt Strike botnet C2 server (confidence level: 100%)
file94.103.9.48	Cobalt Strike botnet C2 server (confidence level: 100%)
file210.108.146.194	Cobalt Strike botnet C2 server (confidence level: 100%)
file198.55.102.254	Cobalt Strike botnet C2 server (confidence level: 100%)
file149.28.80.59	Cobalt Strike botnet C2 server (confidence level: 100%)
file94.103.9.48	Cobalt Strike botnet C2 server (confidence level: 100%)
file143.244.165.123	Cobalt Strike botnet C2 server (confidence level: 100%)
file158.247.204.207	Cobalt Strike botnet C2 server (confidence level: 100%)
file1.14.98.183	Cobalt Strike botnet C2 server (confidence level: 100%)
file192.241.137.180	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.156.24.200	Cobalt Strike botnet C2 server (confidence level: 100%)
file147.182.205.242	Cobalt Strike botnet C2 server (confidence level: 100%)
file1.15.41.163	Cobalt Strike botnet C2 server (confidence level: 100%)
file8.142.39.2	Cobalt Strike botnet C2 server (confidence level: 100%)
file77.83.199.189	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.227.198.246	Cobalt Strike botnet C2 server (confidence level: 100%)
file176.121.14.54	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.227.255.157	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.242.29.98	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.227.202.109	Cobalt Strike botnet C2 server (confidence level: 100%)
file8.214.23.44	Cobalt Strike botnet C2 server (confidence level: 100%)
file149.255.35.131	Cobalt Strike botnet C2 server (confidence level: 100%)
file52.128.229.4	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.32.26.111	Cobalt Strike botnet C2 server (confidence level: 100%)
file195.242.111.157	Cobalt Strike botnet C2 server (confidence level: 100%)
file136.144.41.15	Mirai botnet C2 server (confidence level: 75%)

Hash

Value	Description	Copy
hash443	DanaBot botnet C2 server (confidence level: 100%)
hash443	DanaBot botnet C2 server (confidence level: 100%)
hash443	DanaBot botnet C2 server (confidence level: 100%)
hash3bb970ec5ce98d3945badae0c544dc03400858bcaf3908285d1dda102f644a0b	Emotet payload (confidence level: 50%)
hash3b87d2d1a31c2cc49f365fce8aa50e034d72c44a9ec9c29f5f253da7a424b8ea	Emotet payload (confidence level: 50%)
hash5e31a1960b0ee0ce4e0d02d08adb7647d9d3aae75393fd718594a73fd12d6f46	Emotet payload (confidence level: 50%)
hash1b7512dc2c7e944f29436876f8d1e942a70100fdf7fcc7ed8d34e23ae31c669e	Emotet payload (confidence level: 50%)
hashb8bed0211974f32db2c385350fb62954f0b0f335bc592b51144027956524d674	Amadey payload (confidence level: 50%)
hash22cb98a4832824adc290e8a9541b50228f4f75fb1a8e621fd80d4d2be7ed73f9	Amadey payload (confidence level: 50%)
hash8c0272f6d0136bb8adeb659d8de19a4be68a81fc018587275e045103fc01b49d	Amadey payload (confidence level: 50%)
hash012ce05f8263d161d4387749446cb3df3240fd33cf71dfb3f48dc4f4c9354298	Amadey payload (confidence level: 50%)
hash1604	Nanocore RAT botnet C2 server (confidence level: 100%)
hash4162cc11cc30f7db7c8a151252a7e63e78dd4c03c995e2ab6e225dc811b8fd48	Amadey payload (confidence level: 50%)
hashe997341ab2422f5471f4c9f1df84f7a52e16fa38d64e6e0f4f94859cc234e2f8	Amadey payload (confidence level: 50%)
hash35da284a91a4217dddc3207fe0b20ae37a2126e33c1b57c5fa65e2e14b72e9ba	Amadey payload (confidence level: 50%)
hash5edfc7353c1aa6b23547357f576453b48059bb994824fd67002f13906000cf9d	Amadey payload (confidence level: 50%)
hashc47ffaadc73b46ad2ea10a4fc2108e35e88ea5f0b3552606a87305e2aab13b7f	Nanocore RAT payload (confidence level: 50%)
hash3b4b7e29adf8ff8cf49cdb924de689cdb735a12ebd78dd29537e81a9454e9631	Nanocore RAT payload (confidence level: 50%)
hash93d545c83fa462035ae0c2aa0036db008fc4bdf3d10ec89c6f0b6699b09c6fbf	Nanocore RAT payload (confidence level: 50%)
hash30e1ba61a63a27b668eee09f960a83d944e878c33b46f85ea86bacdf1427f4dd	Nanocore RAT payload (confidence level: 50%)
hasha2b8128f9686d68437b6ce9f4e0fb09b6301cfa43f8bd7daf022912f778cebb5	Emotet payload (confidence level: 50%)
hashbb6109acc2b7474d53e223a5756822fb77b8b7495af31ffdeb90dd2e8584e17b	Emotet payload (confidence level: 50%)
hasha5e8e8d270c1f8e2c8d30bfcb2f3c0029f318e5c0b94ef883544c5caa429cacf	Emotet payload (confidence level: 50%)
hashb2258d48681423e06c71cee3484c629607b9eeb0d2f99d209fb10e4d9522ed7e	Emotet payload (confidence level: 50%)
hash9e2502b3945f31482623e8e61dcb85b9ebb7d9a4244d9074fa289596c9da513e	Formbook payload (confidence level: 50%)
hash097a53e95523a6627511ab11904ab7fba846da6e85ce5cb2dc4f8a6c577228a0	Formbook payload (confidence level: 50%)
hash0d072a60b433f330d2ba97d75eae7af07e9d75bc6ed5b1065287661d05e82ab6	Formbook payload (confidence level: 50%)
hash9679f0e8f63974d80f953b8212b2668c27ec9762cdcf6acbfd4fdf4b6d189f23	Formbook payload (confidence level: 50%)
hashe3af866c7760f95afa5352ec3845697a17354305f5797a69538bb637f8bbf4fe	Amadey payload (confidence level: 50%)
hashf85293eec1a9d86cdb45979a7a90265d9082148898d583b1baaf8c7ae3e1047a	Amadey payload (confidence level: 50%)
hash5c037c7c1338cf54a9d1e81b74bb4ad003e1a254069a03499426ec1600a748d9	Amadey payload (confidence level: 50%)
hash6cb775a7c9b0cf8ba308029dc623e1de6d17cb2ab6b7ebbbd9c16bfcaa55efe8	Amadey payload (confidence level: 50%)
hash8754	AsyncRAT botnet C2 server (confidence level: 75%)
hash6738	Mirai botnet C2 server (confidence level: 75%)
hash9cb252d017b68a7906e842f51e5c9ba737567a6a85ba14666aa54c5c1b93ebb6	LokiBot payload (confidence level: 50%)
hash881d216bda06fbcd5809ba113ee4574fb5d464dbe464e8627b52973c08dba5a3	LokiBot payload (confidence level: 50%)
hash87d380f12b61ff49af7680e3dd4cb7c0415be71811a565fa4736c6430e629974	LokiBot payload (confidence level: 50%)
hash428181d7903c358f27f2607b8caf6468eaae1bff1a0b7747904db042cbc2cafd	LokiBot payload (confidence level: 50%)
hash50bee5c11d3905157aa3aa461b9da69cc05c90d748330e98324cc36815610bc0	Amadey payload (confidence level: 50%)
hashdd1f717452d1875bf3af9fde8d4ac06514ff9b05e58c579e6ad5f2b0a5f4d51f	Amadey payload (confidence level: 50%)
hash51d9617958b9509bf33f82f6d4f213d80b88fe4cf74efb0166b5fc6db2ddff63	Raccoon payload (confidence level: 50%)
hash1cf27ab77a771ff942b1e2947856844fbab4991cf87aca618968445b5c5d706d	Amadey payload (confidence level: 50%)
hashe93370bd5b2ede03153fa579529406ea68c1e1072416a3523cb000180f7c0ecb	Raccoon payload (confidence level: 50%)
hashd6f20ad67b08f29828c05878f4381065d8634085129d70d637effae9e6226a1a	Amadey payload (confidence level: 50%)
hash1be428f924402d7cc4586ca37a9e843c869b394f85085db5e4e85d150aa87e04	Amadey payload (confidence level: 50%)
hashb50e88d7d4ed87c10772d463b0649bb735a426230576e4b3ee8fd0b67f0dbc44	Raccoon payload (confidence level: 50%)
hash966557b6f228eda641e155a858f574654e431743311d83e4841013d63044a994	Amadey payload (confidence level: 50%)
hash44e305db99461f07b7cff6648b50531771361a4dfafa69991527d3963eb88dd2	Amadey payload (confidence level: 50%)
hash901ad7435c05bf0fee8f05128d43b805a25dff60a442ba8482c0cac32ba380a8	Raccoon payload (confidence level: 50%)
hashc8fe81088b2caa9df35d92a588fb266a145c95b81b5c66d5bfe181fa73b17d82	Amadey payload (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash1111	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hashf2da177aff59093abe1d3bc7c1a769be2701784036c398900a43725d83c9e9a9	Agent Tesla payload (confidence level: 50%)
hash9ca32954bc9ae96f11d246ca45443522a731631c154f768938c556869e01b555	Agent Tesla payload (confidence level: 50%)
hashc48f7949e36ea00828f752c9a5a2baa48fa6f867ba9013025b6d6cb858f31768	Agent Tesla payload (confidence level: 50%)
hashc16082d1e821a819ea4d274e12d7d656e83b359b2ca7b33de143e60affc7b1b2	Agent Tesla payload (confidence level: 50%)
hash3cbf94c22af49ad9be152750428263c826c9b020036a0321f10f9fe2eed6ae52	Agent Tesla payload (confidence level: 50%)
hash9d69632f6791492fadab28bea034f7f18d29bc67fd6e7db08bdba847487da47f	Agent Tesla payload (confidence level: 50%)
hash4dfa1bc1558cd76b1c9cf89cf7a3ca77170452041c32ee28d9c239e4249c394f	Agent Tesla payload (confidence level: 50%)
hash5f1da4ecb8c7d741c4b8263ade13d80369a9caad14a119063c809cdd3bd97e40	Agent Tesla payload (confidence level: 50%)
hashaeed1bf32df36ad3ccc929987dbd30e2b1836c267223614d3648b3027e23e1fe	Amadey payload (confidence level: 50%)
hashe7587776adecf859e137e7af3da4b9b6fd9428e6f89cc48d3a63886d490baaca	Amadey payload (confidence level: 50%)
hash3bb8ef6eaec03c54c6c517000575ef943577ca0a71e61fd29257786991306133	Amadey payload (confidence level: 50%)
hashe91644f9cffb58e260facf0cb5abd35f9b0da2e5129803a6d4e7b8802814d752	Amadey payload (confidence level: 50%)
hash9090	Nanocore RAT botnet C2 server (confidence level: 100%)
hash10778	NjRAT botnet C2 server (confidence level: 100%)
hash10778	NjRAT botnet C2 server (confidence level: 100%)
hash10778	NjRAT botnet C2 server (confidence level: 100%)
hash31334	RedLine Stealer botnet C2 server (confidence level: 100%)
hash8951	Nanocore RAT botnet C2 server (confidence level: 100%)
hash6000	Nanocore RAT botnet C2 server (confidence level: 100%)
hash80	RedLine Stealer botnet C2 server (confidence level: 100%)
hash19410	RedLine Stealer botnet C2 server (confidence level: 100%)
hash13467	NjRAT botnet C2 server (confidence level: 100%)
hash13467	NjRAT botnet C2 server (confidence level: 100%)
hash80	RedLine Stealer botnet C2 server (confidence level: 100%)
hash9295	RedLine Stealer botnet C2 server (confidence level: 100%)
hash34098	RedLine Stealer botnet C2 server (confidence level: 100%)
hash25828	RedLine Stealer botnet C2 server (confidence level: 100%)
hash2d2ceb896bf2f2af272245a052c936a9e45df7bded60a09ba3a1debc3aff1c4c	NjRAT payload (confidence level: 50%)
hashb4a63629d1d2c8b7320b1372cf46e3e0c05bf1d1ddf7f89deb644aacf9e51f3b	NjRAT payload (confidence level: 50%)
hashd26cea6912e11e87d9fa8782f69b01d38c4e8d40c9548341629b8281f9aa2ab0	NjRAT payload (confidence level: 50%)
hash72ca3e2f8479a075c8e089f543f79c4f1cf868d66d3272b2e6b0f0fded1bdb60	NjRAT payload (confidence level: 50%)
hash248ce8f51907aa4a7ce3ae5f9c947a30a7844340bae4a3621d4e0234ba18dc22	Agent Tesla payload (confidence level: 50%)
hash93fddb1a745fec7ae8bc3a7f8d66ce73b1841998e9b0589790e924ff6efb6a05	Amadey payload (confidence level: 50%)
hash164149035d4a3d2edba76c0601f6f83e04d45d7c057d221130c57fc9b13fd5b5	Amadey payload (confidence level: 50%)
hash2476273703617870ae392f166bc07d346596d23a159bf762fd5468844b70e33f	Amadey payload (confidence level: 50%)
hash07f9220fe1879a72e9570c31869a19b40ba97a990a9300198af5d016806499c0	Amadey payload (confidence level: 50%)
hash6688	NetWire RC botnet C2 server (confidence level: 100%)
hashb93b9b8c9bbc90a761f62b17adc1b6662de922acd463d7fc6af09869afdc29d4	Amadey payload (confidence level: 50%)
hash1d91b2f83ced053a62d4ae0289ac87fdf7557f684c8c67f56529126186bb5ef4	Amadey payload (confidence level: 50%)
hash45fa3b802a5d7e2c3687dbb1957e5cda1715b5d741f40d80d672bbf73d5d8b3e	Amadey payload (confidence level: 50%)
hash23abc535e7b9fe582b338c82884a2f0ea164a62d38132b9e205f87b1591fd243	Amadey payload (confidence level: 50%)
hash900e115c271f29c66454e91f168be012c2ae5d307c86b70e8d595e0bade388c6	Formbook payload (confidence level: 50%)
hashbdaae5a1a9b92e3e85fa026ae9f6b375eda1eb75a31fa122b204418ff83fc36c	Formbook payload (confidence level: 50%)
hashfeb40c343aa65f5f5c0a32443535effa22652067c576416857e4d7280ce85e11	Formbook payload (confidence level: 50%)
hash33bb2954b5efd072d71b4d7bf79eb609e4143a01023c15f8239f3a93561052e0	Formbook payload (confidence level: 50%)
hash2050	Nanocore RAT botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash1791	Mirai botnet C2 server (confidence level: 75%)
hash12829	RedLine Stealer botnet C2 server (confidence level: 100%)
hash19473	RedLine Stealer botnet C2 server (confidence level: 100%)
hash4100	Nanocore RAT botnet C2 server (confidence level: 100%)
hashf2c5e8d5a5f0c2b5fbb3ac5361b1de3fa179baee1c863d62ac47fd3b5277ce4d	Amadey payload (confidence level: 50%)
hash3309dbe5abab38f952ca3a478531e9ff57a1ef4654f988c53dbc9e08da7ac9db	Amadey payload (confidence level: 50%)
hash9b58105b315bbd6a5af96e63f88dc59cdedef401324916ae48de270a021ec29d	Amadey payload (confidence level: 50%)
hash1cdc472f08bc86830018711d971f1efc634d01f8a8635996d274388bc27953e7	Amadey payload (confidence level: 50%)
hash38565	RedLine Stealer botnet C2 server (confidence level: 100%)
hash39824	RedLine Stealer botnet C2 server (confidence level: 100%)
hash21314	RedLine Stealer botnet C2 server (confidence level: 100%)
hash6275	AsyncRAT botnet C2 server (confidence level: 75%)
hash2943	RedLine Stealer botnet C2 server (confidence level: 100%)
hash2022	AsyncRAT botnet C2 server (confidence level: 100%)
hash46840	RedLine Stealer botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash0a150f4647b60f84416e88dfd6dc5e22faa88b08551397e861b7b2ccaa9ed085	Agent Tesla payload (confidence level: 50%)
hasha15f8c268f7dfbd6b2c0aea83c52a7d5530c4cd8a10d2d1bf1f7bed97807e3c3	Agent Tesla payload (confidence level: 50%)
hash3a52ca55d7a163c15e187788137f8cb1b4a84779ec7de748463f1aa23314e901	Agent Tesla payload (confidence level: 50%)
hashd6f3d5fbdc9c7f68e29260badb6fd6e8f1b606798fd9fe544e0b28387f21eaf9	Agent Tesla payload (confidence level: 50%)
hash81	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash5353	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash1111	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash86	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8089	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash49154	Cobalt Strike botnet C2 server (confidence level: 100%)
hash1443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash1312	Mirai botnet C2 server (confidence level: 75%)

Domain

Value	Description	Copy
domain2t2ev5giwktc5o9.quest	Astaroth botnet C2 domain (confidence level: 100%)
domain3f2ocy9clt90x74.one	Astaroth botnet C2 domain (confidence level: 100%)
domain6v2mofchw2eix98.quest	Astaroth botnet C2 domain (confidence level: 100%)
domaina575hh752dp9l6c.one	Astaroth botnet C2 domain (confidence level: 100%)
domainki6hcax6c1ehe5j.one	Astaroth botnet C2 domain (confidence level: 100%)
domainlc83k0l0bdl6u41.one	Astaroth botnet C2 domain (confidence level: 100%)
domainmxaflbsa3chjk0i.quest	Astaroth botnet C2 domain (confidence level: 100%)
domainnm542iefjijgl2n.one	Astaroth botnet C2 domain (confidence level: 100%)
domainr4nrjfmlc3k7z00.quest	Astaroth botnet C2 domain (confidence level: 100%)
domaint5ctg9k9cpdmhjt.quest	Astaroth botnet C2 domain (confidence level: 100%)
domainwww3.cloud	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainapi.www3.cloud	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainnews.www3.cloud	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainchildhome4100.duckdns.org	Nanocore RAT botnet C2 domain (confidence level: 100%)

Threat ID: 682acdc3bbaf20d303f1db95

Added to database: 5/19/2025, 6:20:51 AM

Last enriched: 6/18/2025, 8:36:20 AM

Last updated: 8/12/2025, 9:52:29 AM

Related Threats

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2022-01-14

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2022-01-14

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Url

File

Hash

Domain

Related Threats

Efimer Trojan Steals Crypto, Hacks WordPress Sites via Torrents and Phishing

Silent Watcher: Dissecting Cmimai Stealer's VBS Payload

CastleLoader Analysis

The Dark Side of Parental Control Apps

Uncovering a Web3 Interview Scam

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility