Reconnecting to live updates…

ThreatFox IOCs for 2022-01-15

Severity: mediumType: malware

AI Analysis

Technical Summary

The provided threat information pertains to a set of Indicators of Compromise (IOCs) published on January 15, 2022, by ThreatFox, a platform known for sharing threat intelligence data. The threat is categorized as malware-related and is associated with OSINT (Open Source Intelligence) tools or data, as indicated by the product field. However, there are no specific affected software versions or detailed technical descriptions of the malware's behavior, attack vectors, or payloads. The threat level is rated as 2 on an unspecified scale, with analysis and distribution values of 1 and 3 respectively, suggesting a moderate distribution but limited detailed analysis. There are no known exploits in the wild linked to this malware, and no Common Weakness Enumerations (CWEs) or patch information is provided. The absence of indicators such as IP addresses, domains, or file hashes limits the ability to perform targeted detection or response. Overall, this appears to be an informational release of IOCs related to malware activity, intended for use in OSINT contexts, but lacking detailed technical specifics or evidence of active exploitation.

Potential Impact

Given the limited technical details and the absence of known active exploitation, the immediate impact on European organizations is likely low to medium. The malware's distribution level suggests some presence or potential for spread, but without specifics on infection mechanisms or payload effects, the risk to confidentiality, integrity, or availability cannot be precisely determined. European organizations relying on OSINT tools or threat intelligence platforms might find value in these IOCs for enhancing their detection capabilities. However, the lack of actionable indicators and exploit details reduces the urgency of response. Potential impacts could include unauthorized data access or system compromise if the malware were to be deployed, but currently, there is no evidence of such activity. The medium severity rating reflects this uncertainty and the potential for moderate risk if further details emerge.

Mitigation Recommendations

1. Integrate the provided IOCs into existing security information and event management (SIEM) systems and threat intelligence platforms to enhance detection capabilities, even though specific indicators are not included here. 2. Maintain up-to-date endpoint protection and malware detection solutions that can identify unknown or emerging threats through heuristic and behavioral analysis. 3. Conduct regular threat hunting exercises focusing on OSINT-related malware signatures and behaviors, leveraging community-shared intelligence such as ThreatFox feeds. 4. Enhance network monitoring for unusual outbound connections or data exfiltration attempts that could be associated with malware activity. 5. Educate security teams on the importance of OSINT in threat detection and encourage collaboration with intelligence-sharing communities to obtain more detailed and actionable data. 6. Since no patches or CVEs are associated, focus on general best practices such as timely software updates, least privilege access controls, and incident response readiness to mitigate potential unknown threats.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy

Indicators of Compromise

url: https://45.195.15.124:443/activity
file: 95.181.161.119
hash: 1024
file: 94.103.9.155
hash: 51866
file: 163.172.82.219
hash: 5555
file: 155.138.239.74
hash: 1337
file: 134.122.16.208
hash: 443
url: http://5.199.162.229:80/modcp.css
file: 209.141.54.15
hash: 1791
file: 178.62.216.134
hash: 9506
hash: 54a5c57da7afe6180077c64a927574ad6652fc0305bbbd2a83e9701ea41fa2d1
hash: 037794920646056289550c46ed4db6ae39b19a1bce28030aa6e26bdd0cfcf6aa
hash: 08d8db67ddae643ce598dc41c4bf56156079461a79cdb2bdb5783eb6fd804b51
hash: 3df36bc5c40a3e5befc011b4e4953ca0578af2c0890d0af472529cf518ecfa9a
file: 136.144.41.60
hash: 3074
file: 185.81.115.42
hash: 80
file: 102.133.188.117
hash: 35386
domain: teredaroundcarb.top
domain: reverdoome.top
domain: braprest.com
domain: geotypico.com
file: 39.106.93.160
hash: 50020
file: 193.32.23.62
hash: 1389
file: 185.112.83.116
hash: 8080
url: http://185.112.83.116:8080/drv
url: https://b2bdirector.com/rn
file: 23.227.202.109
hash: 80
url: https://fuzanoj.com/panel
file: 10.131.238.98
hash: 6751
hash: 54f27e662692d9d4ba3b6891459a6e3e5467a16da5c31f970b8bb9b97c405328
hash: 998746d0f5d0c13df720f0bf3981d652c828ea64d64d2e16736a80123fb534aa
hash: da6fa2b36d2081eba6fb0ab2a094da77942c12b77d72f6b4ef60ae2f6c990949
hash: e94f208a90c7bb454620023fdd76e5c1739dbe76d0e49f6ff680cd9ad9b2ae51
url: https://www.agoegations.com:443/ga.js
hash: d549da9a1c1c1e21a1a02aa9151f605d5222438a39db1956318451401b4459e8
hash: 804cbcd95ad730b6256c954369e79f2c07dc432886d8da78490a1a9aed7f89c7
hash: 67f2ac673104bb3b17acde4dc66186d0481c142c9683db3e20c3eceb03b61baf
hash: eaad0fe6a049dd65cfe9d8d720b88a706b43e7512391d19e5cb8254f5b814d11
hash: 76488918853ce10b808bd2fad4f8c37ff9ca59f321c03c7700e0771f922113d3
hash: 19bbac767fb526749ae7b964b1dc526461c7ad405a4cb503cea07e9b7bcac801
hash: 22d26689319f826adaa1ef3c23fecb19042674018313b201960f65a22d48f8ce
hash: e3bb53c048fc7ac736a6b0d1a5e757cd7dc0b4c2bc15e904b7a3e46f473db0f0
hash: a4aa0e67ca87aea93018daa6d2a7f9802cd08aac4b96cbb6b6a59ed1e565928b
hash: 770402cd3cd44132d6347cf6b18ae45d51e07cefa240f435359fcf821c3ba0a3
hash: 076912a40250b0642e4aa604aa87af7b7118bda81c747fa65f3ab07048ae5a10
hash: 118fdc1f91f1d3ccd8afeed03bfbc1c51e6bc7e316d9b1c0d88640872ed3e17e
hash: 94ed398ec0f1188e5a10cba6c48c7f680d91f42dc5ffd88777b64f431ee4c41c
hash: 687a7419a23cc1206d97b33d209387bd593150ed941df1e21564fe8ebbed9214
hash: 3f61959fb38b9a780c40aa60b964ce782e82634663a9676afeb117eff328dcd1
hash: 910bc15b5cb598579a738c8525027e6d7028446fe8a36394a4c4e3be0eba01e0
hash: 5f331ca2b7e9266741b6f37335aa83978536d491759c0e41034d24e50b163e04
hash: 5bde6250149c3899c1153daf195112c616599858a9f0db65686bf243844bc09b
hash: bcb79eb5d48fd67287884a0c79ba183fdb55797f50558d5dce4738c1b800cd71
hash: 06c80f87ccf8d9b080ac9d8145f111738774ea48fcbc2b4d02ce25aa39dfe938
url: http://192.161.176.16:80/en_us/all.js
url: https://www.cph54ff9.com:8443/match
url: http://155.94.138.16:80/ga.js
url: https://103.86.44.126:443/cx
url: http://45.156.24.200:80/__utm.gif
url: https://152.70.56.18:443/dpixel
url: https://185.140.250.61:443/__utm.gif
url: https://8.134.13.212:443/pixel.gif
url: https://101.35.153.158:443/__utm.gif
url: https://82.157.25.245/owa/
file: 82.157.25.245
hash: 443
url: http://47.100.232.125/load
file: 47.100.232.125
hash: 80
url: https://161.117.86.224/admin/login
file: 161.117.86.224
hash: 443
url: http://121.4.31.149:8888/dot.gif
file: 121.4.31.149
hash: 8888
url: https://42.193.218.183/cx
file: 42.193.218.183
hash: 443
url: http://service-ospnb365-1306113289.bj.apigw.tencentcs.com/api/x
file: 39.106.45.206
hash: 80
file: 52.128.229.5
hash: 80
url: https://217.79.243.148/temp
file: 217.79.243.148
hash: 443
url: https://test2.bilibili.cc:443/push
url: http://185.43.7.221/wordpresslinevideolocal/universal/protonlocal/external/request3eternal6/sqlmariadbbetterpython/packetwindows/geojsgame/providerimage.php
file: 185.112.83.121
hash: 60168
file: 167.99.211.66
hash: 26250
file: 91.243.59.75
hash: 44301
file: 185.64.76.74
hash: 16382
url: https://cuphq.com:443/pixel.gif
url: https://sophospanels.com:443/modcp.css
hash: f1e04f18478379a63f0bf23b9ddae237caf7f59011190836b36bddd8648bcca9
hash: a086d9b4beeb79e0902b3a4a9736df9a7dbcbccd146edbdba6f6c52d83884278
hash: 7848ef49dad8e9b367d2cfbb121f1c3a341698b91067d7206cdf17299378b6fd
hash: 5051db202ee58f0d4e6fed201fe9c10ec37a5aa1566e93e3b8652c0b9d3be7d0
hash: 53be62cb163a49eee901d4b64775b52c9fcf227824b28f18d7b8180ffd152121
hash: dc2e7ca03d56d19313fc17014134b3e81b359c135c0d3fc27c70750d48e87c58
hash: 205a0ec42a9a1c559a0a88a53c2fc94ea6bff133c493843608101c5cc0cfece5
hash: 20ba3b60a2f5993036e2694c9807d4fd63b3a0a60f1d67146af7780d61e03702
hash: 07efda7fdb373177337ccd7bc4f02799b2d8b257269cf89e01ad041a7012790c
url: http://69.172.75.132:8443/load
url: http://49.232.110.30:80/cx
url: http://a0615510.xsph.ru/updateservergenerator.php
hash: 978ac9e00aae1c42f9d32453293d68839b3328d098016b044df38354ea4f6cbd
hash: 01a021d62114989b1f148c2ef024cc67729a44fac3dc2f4665914a851eb5baf5
hash: 77c0df7babc9f8ec3669202a92ba0e06da4dca9b43119278ce18b72733812dac
hash: bfd5ec30538a4fd0d637639739abd8aa3e754b87bdf37ebc978de33c3dcb8a0f
url: https://39.105.98.150:443/g.pixel
url: https://47.95.8.91:8443/dot.gif
url: https://depy.blog.happysec.cn:443/dshgodihjg
url: https://service-mb04jg90-1308769889.gz.apigw.tencentcs.com:443/dot.gif
url: https://192.161.176.16:443/fwlink
url: http://107.173.35.82:3389/activity
url: https://134.122.134.62:443/api/x
file: 103.213.247.92
hash: 23
url: http://185.163.204.212/
hash: c4a3016379b34840a053754aaec31a2b14db6a2557fd912dd9b762137d2056ab
hash: bbb48715724dacfce802f69be71a0623abcaaee13e8c7da59c776825faaa0418
hash: 533dc5860d8bfd61c646bdbaedf9c2fe57cf6ae4c98a4e31b97f88dcbe657f82
hash: 3d87eae0bb5ada94d67ea6faa486c6c3531dae62fc06f24877609c9dbba25ee2
hash: 6fb483e7ec55f8c56849d8f4f31bfd7b
hash: 85dbbaa8c4d37ebb9829464f0510787b
url: http://192.3.41.128:80/__utm.gif
url: https://www.cph54ff9.com:8443/push
url: http://www.cctv003.tk:80/ga.js
url: http://176.121.14.113:80/en_us/all.js
file: 107.189.13.151
hash: 6738
url: https://134.122.134.62:8888/api/x
file: 78.47.113.209
hash: 5404
url: https://gougou.ml/dot.gif
file: 150.158.166.155
hash: 443
file: 52.59.168.192
hash: 80
url: https://dikopago.com/sq
file: 46.3.197.102
hash: 48458
file: 192.169.69.25
hash: 5291
url: https://unsinorg.cf:443/ca
url: http://44.198.164.69:80/access/
url: https://44.199.166.243:443/oscp/
url: https://45.32.21.129:443/pixel
url: https://91.132.175.45:443/match
url: https://62.77.153.213:443/updates.rss
url: https://cdn.contentsecure.net:443/j.ad
url: http://81.69.202.34:80/cx
url: https://103.45.142.124:443/j.ad
url: https://101.35.138.149:443/j.ad
url: https://110.43.226.28:8443/en_us/all.js
url: https://106.13.95.3:443/cx
url: https://d17vsbxs3f9iz4.cloudfront.net:443/access/
url: https://1.14.148.85:443/push
url: http://43.129.76.68:88/pixel
file: 43.129.76.68
hash: 88
file: 66.42.79.159
hash: 443
url: https://185.244.150.151/s/ref=nb_sb_noss_1/167-7583947-58959383/field-keywords=books
file: 185.244.150.151
hash: 443
url: https://185.201.47.157/zc
file: 95.143.177.211
hash: 443
url: http://108.61.187.46/pixel
file: 108.61.187.46
hash: 80
url: http://103.149.27.148:6666/pixel
file: 103.149.27.148
hash: 6666
url: http://106.15.107.204:8443/cm
file: 106.15.107.204
hash: 8443
url: http://tk.googleyiqi.tk:8080/api/3
file: 104.244.91.197
hash: 8080
url: https://106.75.244.66/pixel.gif
file: 106.75.244.66
hash: 443
url: http://192.161.55.13:6666/dot.gif
file: 192.161.55.13
hash: 6666
url: http://108.61.186.70/match
file: 108.61.186.70
hash: 80
url: https://23.227.198.246/btn_bg.js
file: 23.227.198.246
hash: 443
url: http://1.14.98.183:8888/api/getit
file: 1.14.98.183
hash: 8888
url: http://8.210.43.76:65432/pixel
file: 8.210.43.76
hash: 65432
url: http://149.255.35.131/ky.js
file: 149.255.35.131
hash: 80
url: https://ris.gid.rispacsmx.com/cm
file: 189.145.99.246
hash: 443
url: https://173.82.187.137:5457/cx
file: 173.82.187.137
hash: 5457
url: http://154.212.160.249/ca
url: https://43.134.230.170/ptj
file: 150.109.185.45
hash: 443
file: 138.68.155.70
hash: 80
url: http://tk.googleyiqi.tk:8880/api/3
file: 104.244.91.197
hash: 8880
url: https://106.55.179.14/en_us/all.js
file: 106.55.179.14
hash: 443
file: 45.11.47.243
hash: 4444
url: http://23.225.44.12/pixel
file: 23.225.44.12
hash: 80
file: 194.180.174.31
hash: 443
url: http://5.5.5.1/pixel.gif
file: 92.255.57.203
hash: 80
file: 45.32.21.129
hash: 443
url: http://delicate-credit-2ade.fsonve.workers.dev:8845/search/
file: 8.214.127.215
hash: 8845
url: http://77.83.199.189:8080/rw
file: 77.83.199.189
hash: 8080
file: 207.32.217.89
hash: 14588
url: http://habala.online/
url: https://habala.online/
url: https://www.agoegations.com:443/ca

ThreatFox IOCs for 2022-01-15

Severity: medium

Type: malware

ThreatFox IOCs for 2022-01-15

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy

Indicators of Compromise

url: https://45.195.15.124:443/activity
file: 95.181.161.119
hash: 1024
file: 94.103.9.155
hash: 51866
file: 163.172.82.219
hash: 5555
file: 155.138.239.74
hash: 1337
file: 134.122.16.208
hash: 443
url: http://5.199.162.229:80/modcp.css
file: 209.141.54.15
hash: 1791
file: 178.62.216.134
hash: 9506
hash: 54a5c57da7afe6180077c64a927574ad6652fc0305bbbd2a83e9701ea41fa2d1
hash: 037794920646056289550c46ed4db6ae39b19a1bce28030aa6e26bdd0cfcf6aa
hash: 08d8db67ddae643ce598dc41c4bf56156079461a79cdb2bdb5783eb6fd804b51
hash: 3df36bc5c40a3e5befc011b4e4953ca0578af2c0890d0af472529cf518ecfa9a
file: 136.144.41.60
hash: 3074
file: 185.81.115.42
hash: 80
file: 102.133.188.117
hash: 35386
domain: teredaroundcarb.top
domain: reverdoome.top
domain: braprest.com
domain: geotypico.com
file: 39.106.93.160
hash: 50020
file: 193.32.23.62
hash: 1389
file: 185.112.83.116
hash: 8080
url: http://185.112.83.116:8080/drv
url: https://b2bdirector.com/rn
file: 23.227.202.109
hash: 80
url: https://fuzanoj.com/panel
file: 10.131.238.98
hash: 6751
hash: 54f27e662692d9d4ba3b6891459a6e3e5467a16da5c31f970b8bb9b97c405328
hash: 998746d0f5d0c13df720f0bf3981d652c828ea64d64d2e16736a80123fb534aa
hash: da6fa2b36d2081eba6fb0ab2a094da77942c12b77d72f6b4ef60ae2f6c990949
hash: e94f208a90c7bb454620023fdd76e5c1739dbe76d0e49f6ff680cd9ad9b2ae51
url: https://www.agoegations.com:443/ga.js
hash: d549da9a1c1c1e21a1a02aa9151f605d5222438a39db1956318451401b4459e8
hash: 804cbcd95ad730b6256c954369e79f2c07dc432886d8da78490a1a9aed7f89c7
hash: 67f2ac673104bb3b17acde4dc66186d0481c142c9683db3e20c3eceb03b61baf
hash: eaad0fe6a049dd65cfe9d8d720b88a706b43e7512391d19e5cb8254f5b814d11
hash: 76488918853ce10b808bd2fad4f8c37ff9ca59f321c03c7700e0771f922113d3
hash: 19bbac767fb526749ae7b964b1dc526461c7ad405a4cb503cea07e9b7bcac801
hash: 22d26689319f826adaa1ef3c23fecb19042674018313b201960f65a22d48f8ce
hash: e3bb53c048fc7ac736a6b0d1a5e757cd7dc0b4c2bc15e904b7a3e46f473db0f0
hash: a4aa0e67ca87aea93018daa6d2a7f9802cd08aac4b96cbb6b6a59ed1e565928b
hash: 770402cd3cd44132d6347cf6b18ae45d51e07cefa240f435359fcf821c3ba0a3
hash: 076912a40250b0642e4aa604aa87af7b7118bda81c747fa65f3ab07048ae5a10
hash: 118fdc1f91f1d3ccd8afeed03bfbc1c51e6bc7e316d9b1c0d88640872ed3e17e
hash: 94ed398ec0f1188e5a10cba6c48c7f680d91f42dc5ffd88777b64f431ee4c41c
hash: 687a7419a23cc1206d97b33d209387bd593150ed941df1e21564fe8ebbed9214
hash: 3f61959fb38b9a780c40aa60b964ce782e82634663a9676afeb117eff328dcd1
hash: 910bc15b5cb598579a738c8525027e6d7028446fe8a36394a4c4e3be0eba01e0
hash: 5f331ca2b7e9266741b6f37335aa83978536d491759c0e41034d24e50b163e04
hash: 5bde6250149c3899c1153daf195112c616599858a9f0db65686bf243844bc09b
hash: bcb79eb5d48fd67287884a0c79ba183fdb55797f50558d5dce4738c1b800cd71
hash: 06c80f87ccf8d9b080ac9d8145f111738774ea48fcbc2b4d02ce25aa39dfe938
url: http://192.161.176.16:80/en_us/all.js
url: https://www.cph54ff9.com:8443/match
url: http://155.94.138.16:80/ga.js
url: https://103.86.44.126:443/cx
url: http://45.156.24.200:80/__utm.gif
url: https://152.70.56.18:443/dpixel
url: https://185.140.250.61:443/__utm.gif
url: https://8.134.13.212:443/pixel.gif
url: https://101.35.153.158:443/__utm.gif
url: https://82.157.25.245/owa/
file: 82.157.25.245
hash: 443
url: http://47.100.232.125/load
file: 47.100.232.125
hash: 80
url: https://161.117.86.224/admin/login
file: 161.117.86.224
hash: 443
url: http://121.4.31.149:8888/dot.gif
file: 121.4.31.149
hash: 8888
url: https://42.193.218.183/cx
file: 42.193.218.183
hash: 443
url: http://service-ospnb365-1306113289.bj.apigw.tencentcs.com/api/x
file: 39.106.45.206
hash: 80
file: 52.128.229.5
hash: 80
url: https://217.79.243.148/temp
file: 217.79.243.148
hash: 443
url: https://test2.bilibili.cc:443/push
url: http://185.43.7.221/wordpresslinevideolocal/universal/protonlocal/external/request3eternal6/sqlmariadbbetterpython/packetwindows/geojsgame/providerimage.php
file: 185.112.83.121
hash: 60168
file: 167.99.211.66
hash: 26250
file: 91.243.59.75
hash: 44301
file: 185.64.76.74
hash: 16382
url: https://cuphq.com:443/pixel.gif
url: https://sophospanels.com:443/modcp.css
hash: f1e04f18478379a63f0bf23b9ddae237caf7f59011190836b36bddd8648bcca9
hash: a086d9b4beeb79e0902b3a4a9736df9a7dbcbccd146edbdba6f6c52d83884278
hash: 7848ef49dad8e9b367d2cfbb121f1c3a341698b91067d7206cdf17299378b6fd
hash: 5051db202ee58f0d4e6fed201fe9c10ec37a5aa1566e93e3b8652c0b9d3be7d0
hash: 53be62cb163a49eee901d4b64775b52c9fcf227824b28f18d7b8180ffd152121
hash: dc2e7ca03d56d19313fc17014134b3e81b359c135c0d3fc27c70750d48e87c58
hash: 205a0ec42a9a1c559a0a88a53c2fc94ea6bff133c493843608101c5cc0cfece5
hash: 20ba3b60a2f5993036e2694c9807d4fd63b3a0a60f1d67146af7780d61e03702
hash: 07efda7fdb373177337ccd7bc4f02799b2d8b257269cf89e01ad041a7012790c
url: http://69.172.75.132:8443/load
url: http://49.232.110.30:80/cx
url: http://a0615510.xsph.ru/updateservergenerator.php
hash: 978ac9e00aae1c42f9d32453293d68839b3328d098016b044df38354ea4f6cbd
hash: 01a021d62114989b1f148c2ef024cc67729a44fac3dc2f4665914a851eb5baf5
hash: 77c0df7babc9f8ec3669202a92ba0e06da4dca9b43119278ce18b72733812dac
hash: bfd5ec30538a4fd0d637639739abd8aa3e754b87bdf37ebc978de33c3dcb8a0f
url: https://39.105.98.150:443/g.pixel
url: https://47.95.8.91:8443/dot.gif
url: https://depy.blog.happysec.cn:443/dshgodihjg
url: https://service-mb04jg90-1308769889.gz.apigw.tencentcs.com:443/dot.gif
url: https://192.161.176.16:443/fwlink
url: http://107.173.35.82:3389/activity
url: https://134.122.134.62:443/api/x
file: 103.213.247.92
hash: 23
url: http://185.163.204.212/
hash: c4a3016379b34840a053754aaec31a2b14db6a2557fd912dd9b762137d2056ab
hash: bbb48715724dacfce802f69be71a0623abcaaee13e8c7da59c776825faaa0418
hash: 533dc5860d8bfd61c646bdbaedf9c2fe57cf6ae4c98a4e31b97f88dcbe657f82
hash: 3d87eae0bb5ada94d67ea6faa486c6c3531dae62fc06f24877609c9dbba25ee2
hash: 6fb483e7ec55f8c56849d8f4f31bfd7b
hash: 85dbbaa8c4d37ebb9829464f0510787b
url: http://192.3.41.128:80/__utm.gif
url: https://www.cph54ff9.com:8443/push
url: http://www.cctv003.tk:80/ga.js
url: http://176.121.14.113:80/en_us/all.js
file: 107.189.13.151
hash: 6738
url: https://134.122.134.62:8888/api/x
file: 78.47.113.209
hash: 5404
url: https://gougou.ml/dot.gif
file: 150.158.166.155
hash: 443
file: 52.59.168.192
hash: 80
url: https://dikopago.com/sq
file: 46.3.197.102
hash: 48458
file: 192.169.69.25
hash: 5291
url: https://unsinorg.cf:443/ca
url: http://44.198.164.69:80/access/
url: https://44.199.166.243:443/oscp/
url: https://45.32.21.129:443/pixel
url: https://91.132.175.45:443/match
url: https://62.77.153.213:443/updates.rss
url: https://cdn.contentsecure.net:443/j.ad
url: http://81.69.202.34:80/cx
url: https://103.45.142.124:443/j.ad
url: https://101.35.138.149:443/j.ad
url: https://110.43.226.28:8443/en_us/all.js
url: https://106.13.95.3:443/cx
url: https://d17vsbxs3f9iz4.cloudfront.net:443/access/
url: https://1.14.148.85:443/push
url: http://43.129.76.68:88/pixel
file: 43.129.76.68
hash: 88
file: 66.42.79.159
hash: 443
url: https://185.244.150.151/s/ref=nb_sb_noss_1/167-7583947-58959383/field-keywords=books
file: 185.244.150.151
hash: 443
url: https://185.201.47.157/zc
file: 95.143.177.211
hash: 443
url: http://108.61.187.46/pixel
file: 108.61.187.46
hash: 80
url: http://103.149.27.148:6666/pixel
file: 103.149.27.148
hash: 6666
url: http://106.15.107.204:8443/cm
file: 106.15.107.204
hash: 8443
url: http://tk.googleyiqi.tk:8080/api/3
file: 104.244.91.197
hash: 8080
url: https://106.75.244.66/pixel.gif
file: 106.75.244.66
hash: 443
url: http://192.161.55.13:6666/dot.gif
file: 192.161.55.13
hash: 6666
url: http://108.61.186.70/match
file: 108.61.186.70
hash: 80
url: https://23.227.198.246/btn_bg.js
file: 23.227.198.246
hash: 443
url: http://1.14.98.183:8888/api/getit
file: 1.14.98.183
hash: 8888
url: http://8.210.43.76:65432/pixel
file: 8.210.43.76
hash: 65432
url: http://149.255.35.131/ky.js
file: 149.255.35.131
hash: 80
url: https://ris.gid.rispacsmx.com/cm
file: 189.145.99.246
hash: 443
url: https://173.82.187.137:5457/cx
file: 173.82.187.137
hash: 5457
url: http://154.212.160.249/ca
url: https://43.134.230.170/ptj
file: 150.109.185.45
hash: 443
file: 138.68.155.70
hash: 80
url: http://tk.googleyiqi.tk:8880/api/3
file: 104.244.91.197
hash: 8880
url: https://106.55.179.14/en_us/all.js
file: 106.55.179.14
hash: 443
file: 45.11.47.243
hash: 4444
url: http://23.225.44.12/pixel
file: 23.225.44.12
hash: 80
file: 194.180.174.31
hash: 443
url: http://5.5.5.1/pixel.gif
file: 92.255.57.203
hash: 80
file: 45.32.21.129
hash: 443
url: http://delicate-credit-2ade.fsonve.workers.dev:8845/search/
file: 8.214.127.215
hash: 8845
url: http://77.83.199.189:8080/rw
file: 77.83.199.189
hash: 8080
file: 207.32.217.89
hash: 14588
url: http://habala.online/
url: https://habala.online/
url: https://www.agoegations.com:443/ca

Source: ThreatFox

Published: Sat Jan 15 2022

ThreatFox IOCs for 2022-01-15

Medium

Malwaretype:osint tlp:white

Published: Sat Jan 15 2022 (01/15/2022, 00:00:00 UTC)

Source: ThreatFox

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2022-01-15

AI-Powered Analysis

AILast updated: 06/18/2025, 19:02:18 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Upgrade to Pro Console

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: 0d88877c-1015-4ea3-8ca7-3b37f78e5b93
Original Timestamp: 1642291383

Indicators of Compromise

Url

Value	Description	Copy
urlhttps://45.195.15.124:443/activity	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://5.199.162.229:80/modcp.css	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://185.112.83.116:8080/drv	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://b2bdirector.com/rn	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://fuzanoj.com/panel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.agoegations.com:443/ga.js	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://192.161.176.16:80/en_us/all.js	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://www.cph54ff9.com:8443/match	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://155.94.138.16:80/ga.js	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://103.86.44.126:443/cx	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://45.156.24.200:80/__utm.gif	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://152.70.56.18:443/dpixel	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://185.140.250.61:443/__utm.gif	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://8.134.13.212:443/pixel.gif	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://101.35.153.158:443/__utm.gif	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://82.157.25.245/owa/	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.100.232.125/load	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://161.117.86.224/admin/login	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.4.31.149:8888/dot.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://42.193.218.183/cx	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://service-ospnb365-1306113289.bj.apigw.tencentcs.com/api/x	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://217.79.243.148/temp	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://test2.bilibili.cc:443/push	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://185.43.7.221/wordpresslinevideolocal/universal/protonlocal/external/request3eternal6/sqlmariadbbetterpython/packetwindows/geojsgame/providerimage.php	DCRat botnet C2 (confidence level: 100%)
urlhttps://cuphq.com:443/pixel.gif	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://sophospanels.com:443/modcp.css	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://69.172.75.132:8443/load	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://49.232.110.30:80/cx	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://a0615510.xsph.ru/updateservergenerator.php	DCRat botnet C2 (confidence level: 100%)
urlhttps://39.105.98.150:443/g.pixel	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://47.95.8.91:8443/dot.gif	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://depy.blog.happysec.cn:443/dshgodihjg	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://service-mb04jg90-1308769889.gz.apigw.tencentcs.com:443/dot.gif	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://192.161.176.16:443/fwlink	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://107.173.35.82:3389/activity	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://134.122.134.62:443/api/x	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://185.163.204.212/	Raccoon botnet C2 (confidence level: 100%)
urlhttp://192.3.41.128:80/__utm.gif	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://www.cph54ff9.com:8443/push	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://www.cctv003.tk:80/ga.js	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://176.121.14.113:80/en_us/all.js	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://134.122.134.62:8888/api/x	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://gougou.ml/dot.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://dikopago.com/sq	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://unsinorg.cf:443/ca	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://44.198.164.69:80/access/	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://44.199.166.243:443/oscp/	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://45.32.21.129:443/pixel	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://91.132.175.45:443/match	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://62.77.153.213:443/updates.rss	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://cdn.contentsecure.net:443/j.ad	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://81.69.202.34:80/cx	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://103.45.142.124:443/j.ad	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://101.35.138.149:443/j.ad	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://110.43.226.28:8443/en_us/all.js	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://106.13.95.3:443/cx	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://d17vsbxs3f9iz4.cloudfront.net:443/access/	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttps://1.14.148.85:443/push	Cobalt Strike botnet C2 (confidence level: 50%)
urlhttp://43.129.76.68:88/pixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://185.244.150.151/s/ref=nb_sb_noss_1/167-7583947-58959383/field-keywords=books	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://185.201.47.157/zc	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://108.61.187.46/pixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://103.149.27.148:6666/pixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://106.15.107.204:8443/cm	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://tk.googleyiqi.tk:8080/api/3	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://106.75.244.66/pixel.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://192.161.55.13:6666/dot.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://108.61.186.70/match	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://23.227.198.246/btn_bg.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.14.98.183:8888/api/getit	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://8.210.43.76:65432/pixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://149.255.35.131/ky.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://ris.gid.rispacsmx.com/cm	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://173.82.187.137:5457/cx	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://154.212.160.249/ca	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://43.134.230.170/ptj	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://tk.googleyiqi.tk:8880/api/3	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://106.55.179.14/en_us/all.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://23.225.44.12/pixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://5.5.5.1/pixel.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://delicate-credit-2ade.fsonve.workers.dev:8845/search/	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://77.83.199.189:8080/rw	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://habala.online/	SmokeLoader botnet C2 (confidence level: 75%)
urlhttps://habala.online/	SmokeLoader botnet C2 (confidence level: 75%)
urlhttps://www.agoegations.com:443/ca	Cobalt Strike botnet C2 (confidence level: 50%)

File

Value	Description	Copy
file95.181.161.119	Mirai botnet C2 server (confidence level: 75%)
file94.103.9.155	RedLine Stealer botnet C2 server (confidence level: 100%)
file163.172.82.219	Bashlite botnet C2 server (confidence level: 50%)
file155.138.239.74	Bashlite botnet C2 server (confidence level: 50%)
file134.122.16.208	Mirai botnet C2 server (confidence level: 75%)
file209.141.54.15	Mirai botnet C2 server (confidence level: 75%)
file178.62.216.134	Mirai botnet C2 server (confidence level: 75%)
file136.144.41.60	Mirai botnet C2 server (confidence level: 75%)
file185.81.115.42	RedLine Stealer botnet C2 server (confidence level: 100%)
file102.133.188.117	RedLine Stealer botnet C2 server (confidence level: 100%)
file39.106.93.160	Cobalt Strike botnet C2 server (confidence level: 75%)
file193.32.23.62	Unknown malware payload delivery server (confidence level: 75%)
file185.112.83.116	Unknown malware payload delivery server (confidence level: 75%)
file23.227.202.109	Cobalt Strike botnet C2 server (confidence level: 100%)
file10.131.238.98	Nanocore RAT botnet C2 server (confidence level: 75%)
file82.157.25.245	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.100.232.125	Cobalt Strike botnet C2 server (confidence level: 100%)
file161.117.86.224	Cobalt Strike botnet C2 server (confidence level: 100%)
file121.4.31.149	Cobalt Strike botnet C2 server (confidence level: 100%)
file42.193.218.183	Cobalt Strike botnet C2 server (confidence level: 100%)
file39.106.45.206	Cobalt Strike botnet C2 server (confidence level: 100%)
file52.128.229.5	Cobalt Strike botnet C2 server (confidence level: 100%)
file217.79.243.148	Cobalt Strike botnet C2 server (confidence level: 100%)
file185.112.83.121	RedLine Stealer botnet C2 server (confidence level: 100%)
file167.99.211.66	RedLine Stealer botnet C2 server (confidence level: 100%)
file91.243.59.75	RedLine Stealer botnet C2 server (confidence level: 100%)
file185.64.76.74	RedLine Stealer botnet C2 server (confidence level: 100%)
file103.213.247.92	XOR DDoS botnet C2 server (confidence level: 75%)
file107.189.13.151	Mirai botnet C2 server (confidence level: 75%)
file78.47.113.209	RedLine Stealer botnet C2 server (confidence level: 100%)
file150.158.166.155	Cobalt Strike botnet C2 server (confidence level: 100%)
file52.59.168.192	Cobalt Strike botnet C2 server (confidence level: 100%)
file46.3.197.102	RedLine Stealer botnet C2 server (confidence level: 100%)
file192.169.69.25	Nanocore RAT botnet C2 server (confidence level: 100%)
file43.129.76.68	Cobalt Strike botnet C2 server (confidence level: 100%)
file66.42.79.159	Cobalt Strike botnet C2 server (confidence level: 100%)
file185.244.150.151	Cobalt Strike botnet C2 server (confidence level: 100%)
file95.143.177.211	Cobalt Strike botnet C2 server (confidence level: 100%)
file108.61.187.46	Cobalt Strike botnet C2 server (confidence level: 100%)
file103.149.27.148	Cobalt Strike botnet C2 server (confidence level: 100%)
file106.15.107.204	Cobalt Strike botnet C2 server (confidence level: 100%)
file104.244.91.197	Cobalt Strike botnet C2 server (confidence level: 100%)
file106.75.244.66	Cobalt Strike botnet C2 server (confidence level: 100%)
file192.161.55.13	Cobalt Strike botnet C2 server (confidence level: 100%)
file108.61.186.70	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.227.198.246	Cobalt Strike botnet C2 server (confidence level: 100%)
file1.14.98.183	Cobalt Strike botnet C2 server (confidence level: 100%)
file8.210.43.76	Cobalt Strike botnet C2 server (confidence level: 100%)
file149.255.35.131	Cobalt Strike botnet C2 server (confidence level: 100%)
file189.145.99.246	Cobalt Strike botnet C2 server (confidence level: 100%)
file173.82.187.137	Cobalt Strike botnet C2 server (confidence level: 100%)
file150.109.185.45	Cobalt Strike botnet C2 server (confidence level: 100%)
file138.68.155.70	Cobalt Strike botnet C2 server (confidence level: 100%)
file104.244.91.197	Cobalt Strike botnet C2 server (confidence level: 100%)
file106.55.179.14	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.11.47.243	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.225.44.12	Cobalt Strike botnet C2 server (confidence level: 100%)
file194.180.174.31	Cobalt Strike botnet C2 server (confidence level: 100%)
file92.255.57.203	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.32.21.129	Cobalt Strike botnet C2 server (confidence level: 100%)
file8.214.127.215	Cobalt Strike botnet C2 server (confidence level: 100%)
file77.83.199.189	Cobalt Strike botnet C2 server (confidence level: 100%)
file207.32.217.89	RedLine Stealer botnet C2 server (confidence level: 100%)

Hash

Value	Description	Copy
hash1024	Mirai botnet C2 server (confidence level: 75%)
hash51866	RedLine Stealer botnet C2 server (confidence level: 100%)
hash5555	Bashlite botnet C2 server (confidence level: 50%)
hash1337	Bashlite botnet C2 server (confidence level: 50%)
hash443	Mirai botnet C2 server (confidence level: 75%)
hash1791	Mirai botnet C2 server (confidence level: 75%)
hash9506	Mirai botnet C2 server (confidence level: 75%)
hash54a5c57da7afe6180077c64a927574ad6652fc0305bbbd2a83e9701ea41fa2d1	DCRat payload (confidence level: 50%)
hash037794920646056289550c46ed4db6ae39b19a1bce28030aa6e26bdd0cfcf6aa	DCRat payload (confidence level: 50%)
hash08d8db67ddae643ce598dc41c4bf56156079461a79cdb2bdb5783eb6fd804b51	DCRat payload (confidence level: 50%)
hash3df36bc5c40a3e5befc011b4e4953ca0578af2c0890d0af472529cf518ecfa9a	DCRat payload (confidence level: 50%)
hash3074	Mirai botnet C2 server (confidence level: 75%)
hash80	RedLine Stealer botnet C2 server (confidence level: 100%)
hash35386	RedLine Stealer botnet C2 server (confidence level: 100%)
hash50020	Cobalt Strike botnet C2 server (confidence level: 75%)
hash1389	Unknown malware payload delivery server (confidence level: 75%)
hash8080	Unknown malware payload delivery server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash6751	Nanocore RAT botnet C2 server (confidence level: 75%)
hash54f27e662692d9d4ba3b6891459a6e3e5467a16da5c31f970b8bb9b97c405328	Nanocore RAT payload (confidence level: 50%)
hash998746d0f5d0c13df720f0bf3981d652c828ea64d64d2e16736a80123fb534aa	Nanocore RAT payload (confidence level: 50%)
hashda6fa2b36d2081eba6fb0ab2a094da77942c12b77d72f6b4ef60ae2f6c990949	Nanocore RAT payload (confidence level: 50%)
hashe94f208a90c7bb454620023fdd76e5c1739dbe76d0e49f6ff680cd9ad9b2ae51	Nanocore RAT payload (confidence level: 50%)
hashd549da9a1c1c1e21a1a02aa9151f605d5222438a39db1956318451401b4459e8	LokiBot payload (confidence level: 50%)
hash804cbcd95ad730b6256c954369e79f2c07dc432886d8da78490a1a9aed7f89c7	LokiBot payload (confidence level: 50%)
hash67f2ac673104bb3b17acde4dc66186d0481c142c9683db3e20c3eceb03b61baf	LokiBot payload (confidence level: 50%)
hasheaad0fe6a049dd65cfe9d8d720b88a706b43e7512391d19e5cb8254f5b814d11	LokiBot payload (confidence level: 50%)
hash76488918853ce10b808bd2fad4f8c37ff9ca59f321c03c7700e0771f922113d3	Ave Maria payload (confidence level: 50%)
hash19bbac767fb526749ae7b964b1dc526461c7ad405a4cb503cea07e9b7bcac801	STOP payload (confidence level: 50%)
hash22d26689319f826adaa1ef3c23fecb19042674018313b201960f65a22d48f8ce	Ave Maria payload (confidence level: 50%)
hashe3bb53c048fc7ac736a6b0d1a5e757cd7dc0b4c2bc15e904b7a3e46f473db0f0	STOP payload (confidence level: 50%)
hasha4aa0e67ca87aea93018daa6d2a7f9802cd08aac4b96cbb6b6a59ed1e565928b	Ave Maria payload (confidence level: 50%)
hash770402cd3cd44132d6347cf6b18ae45d51e07cefa240f435359fcf821c3ba0a3	STOP payload (confidence level: 50%)
hash076912a40250b0642e4aa604aa87af7b7118bda81c747fa65f3ab07048ae5a10	Ave Maria payload (confidence level: 50%)
hash118fdc1f91f1d3ccd8afeed03bfbc1c51e6bc7e316d9b1c0d88640872ed3e17e	STOP payload (confidence level: 50%)
hash94ed398ec0f1188e5a10cba6c48c7f680d91f42dc5ffd88777b64f431ee4c41c	Ave Maria payload (confidence level: 50%)
hash687a7419a23cc1206d97b33d209387bd593150ed941df1e21564fe8ebbed9214	Ave Maria payload (confidence level: 50%)
hash3f61959fb38b9a780c40aa60b964ce782e82634663a9676afeb117eff328dcd1	Ave Maria payload (confidence level: 50%)
hash910bc15b5cb598579a738c8525027e6d7028446fe8a36394a4c4e3be0eba01e0	Ave Maria payload (confidence level: 50%)
hash5f331ca2b7e9266741b6f37335aa83978536d491759c0e41034d24e50b163e04	Agent Tesla payload (confidence level: 50%)
hash5bde6250149c3899c1153daf195112c616599858a9f0db65686bf243844bc09b	Agent Tesla payload (confidence level: 50%)
hashbcb79eb5d48fd67287884a0c79ba183fdb55797f50558d5dce4738c1b800cd71	Agent Tesla payload (confidence level: 50%)
hash06c80f87ccf8d9b080ac9d8145f111738774ea48fcbc2b4d02ce25aa39dfe938	Agent Tesla payload (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash60168	RedLine Stealer botnet C2 server (confidence level: 100%)
hash26250	RedLine Stealer botnet C2 server (confidence level: 100%)
hash44301	RedLine Stealer botnet C2 server (confidence level: 100%)
hash16382	RedLine Stealer botnet C2 server (confidence level: 100%)
hashf1e04f18478379a63f0bf23b9ddae237caf7f59011190836b36bddd8648bcca9	Emotet payload (confidence level: 50%)
hasha086d9b4beeb79e0902b3a4a9736df9a7dbcbccd146edbdba6f6c52d83884278	DCRat payload (confidence level: 50%)
hash7848ef49dad8e9b367d2cfbb121f1c3a341698b91067d7206cdf17299378b6fd	DCRat payload (confidence level: 50%)
hash5051db202ee58f0d4e6fed201fe9c10ec37a5aa1566e93e3b8652c0b9d3be7d0	DCRat payload (confidence level: 50%)
hash53be62cb163a49eee901d4b64775b52c9fcf227824b28f18d7b8180ffd152121	DCRat payload (confidence level: 50%)
hashdc2e7ca03d56d19313fc17014134b3e81b359c135c0d3fc27c70750d48e87c58	Agent Tesla payload (confidence level: 50%)
hash205a0ec42a9a1c559a0a88a53c2fc94ea6bff133c493843608101c5cc0cfece5	Agent Tesla payload (confidence level: 50%)
hash20ba3b60a2f5993036e2694c9807d4fd63b3a0a60f1d67146af7780d61e03702	Agent Tesla payload (confidence level: 50%)
hash07efda7fdb373177337ccd7bc4f02799b2d8b257269cf89e01ad041a7012790c	Agent Tesla payload (confidence level: 50%)
hash978ac9e00aae1c42f9d32453293d68839b3328d098016b044df38354ea4f6cbd	DCRat payload (confidence level: 50%)
hash01a021d62114989b1f148c2ef024cc67729a44fac3dc2f4665914a851eb5baf5	DCRat payload (confidence level: 50%)
hash77c0df7babc9f8ec3669202a92ba0e06da4dca9b43119278ce18b72733812dac	DCRat payload (confidence level: 50%)
hashbfd5ec30538a4fd0d637639739abd8aa3e754b87bdf37ebc978de33c3dcb8a0f	DCRat payload (confidence level: 50%)
hash23	XOR DDoS botnet C2 server (confidence level: 75%)
hashc4a3016379b34840a053754aaec31a2b14db6a2557fd912dd9b762137d2056ab	ClipBanker payload (confidence level: 50%)
hashbbb48715724dacfce802f69be71a0623abcaaee13e8c7da59c776825faaa0418	ClipBanker payload (confidence level: 50%)
hash533dc5860d8bfd61c646bdbaedf9c2fe57cf6ae4c98a4e31b97f88dcbe657f82	ClipBanker payload (confidence level: 50%)
hash3d87eae0bb5ada94d67ea6faa486c6c3531dae62fc06f24877609c9dbba25ee2	ClipBanker payload (confidence level: 50%)
hash6fb483e7ec55f8c56849d8f4f31bfd7b	SysJoker payload (confidence level: 50%)
hash85dbbaa8c4d37ebb9829464f0510787b	SysJoker payload (confidence level: 50%)
hash6738	Mirai botnet C2 server (confidence level: 75%)
hash5404	RedLine Stealer botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash48458	RedLine Stealer botnet C2 server (confidence level: 100%)
hash5291	Nanocore RAT botnet C2 server (confidence level: 100%)
hash88	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash6666	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash6666	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash65432	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash5457	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8880	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8845	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash14588	RedLine Stealer botnet C2 server (confidence level: 100%)

Domain

Value	Description	Copy
domainteredaroundcarb.top	IcedID botnet C2 domain (confidence level: 100%)
domainreverdoome.top	IcedID botnet C2 domain (confidence level: 100%)
domainbraprest.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domaingeotypico.com	Cobalt Strike botnet C2 domain (confidence level: 100%)

Threat ID: 682b7b9fd3ddd8cef2e683c4

Added to database: 5/19/2025, 6:42:39 PM

Last enriched: 6/18/2025, 7:02:18 PM

Last updated: 2/7/2026, 12:00:13 PM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

Medium

MalwareSat Feb 07 2026

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

ThreatFox IOCs for 2022-01-15

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2022-01-15

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Url

File

Hash

Domain

Community Reviews

Related Threats

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

ThreatFox IOCs for 2026-02-06

ThreatFox IOCs for 2026-02-05

Technical Analysis of Marco Stealer

New Clickfix variant 'CrashFix' deploying Python Remote Access Trojan

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility