ThreatFox IOCs for 2022-01-15
Severity: mediumType: malware
ThreatFox IOCs for 2022-01-15
AI Analysis
Technical Summary
The provided threat information pertains to a set of Indicators of Compromise (IOCs) published on January 15, 2022, by ThreatFox, a platform known for sharing threat intelligence data. The threat is categorized as malware-related and is associated with OSINT (Open Source Intelligence) tools or data, as indicated by the product field. However, there are no specific affected software versions or detailed technical descriptions of the malware's behavior, attack vectors, or payloads. The threat level is rated as 2 on an unspecified scale, with analysis and distribution values of 1 and 3 respectively, suggesting a moderate distribution but limited detailed analysis. There are no known exploits in the wild linked to this malware, and no Common Weakness Enumerations (CWEs) or patch information is provided. The absence of indicators such as IP addresses, domains, or file hashes limits the ability to perform targeted detection or response. Overall, this appears to be an informational release of IOCs related to malware activity, intended for use in OSINT contexts, but lacking detailed technical specifics or evidence of active exploitation.
Potential Impact
Given the limited technical details and the absence of known active exploitation, the immediate impact on European organizations is likely low to medium. The malware's distribution level suggests some presence or potential for spread, but without specifics on infection mechanisms or payload effects, the risk to confidentiality, integrity, or availability cannot be precisely determined. European organizations relying on OSINT tools or threat intelligence platforms might find value in these IOCs for enhancing their detection capabilities. However, the lack of actionable indicators and exploit details reduces the urgency of response. Potential impacts could include unauthorized data access or system compromise if the malware were to be deployed, but currently, there is no evidence of such activity. The medium severity rating reflects this uncertainty and the potential for moderate risk if further details emerge.
Mitigation Recommendations
1. Integrate the provided IOCs into existing security information and event management (SIEM) systems and threat intelligence platforms to enhance detection capabilities, even though specific indicators are not included here. 2. Maintain up-to-date endpoint protection and malware detection solutions that can identify unknown or emerging threats through heuristic and behavioral analysis. 3. Conduct regular threat hunting exercises focusing on OSINT-related malware signatures and behaviors, leveraging community-shared intelligence such as ThreatFox feeds. 4. Enhance network monitoring for unusual outbound connections or data exfiltration attempts that could be associated with malware activity. 5. Educate security teams on the importance of OSINT in threat detection and encourage collaboration with intelligence-sharing communities to obtain more detailed and actionable data. 6. Since no patches or CVEs are associated, focus on general best practices such as timely software updates, least privilege access controls, and incident response readiness to mitigate potential unknown threats.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
Indicators of Compromise
- url: https://45.195.15.124:443/activity
- file: 95.181.161.119
- hash: 1024
- file: 94.103.9.155
- hash: 51866
- file: 163.172.82.219
- hash: 5555
- file: 155.138.239.74
- hash: 1337
- file: 134.122.16.208
- hash: 443
- url: http://5.199.162.229:80/modcp.css
- file: 209.141.54.15
- hash: 1791
- file: 178.62.216.134
- hash: 9506
- hash: 54a5c57da7afe6180077c64a927574ad6652fc0305bbbd2a83e9701ea41fa2d1
- hash: 037794920646056289550c46ed4db6ae39b19a1bce28030aa6e26bdd0cfcf6aa
- hash: 08d8db67ddae643ce598dc41c4bf56156079461a79cdb2bdb5783eb6fd804b51
- hash: 3df36bc5c40a3e5befc011b4e4953ca0578af2c0890d0af472529cf518ecfa9a
- file: 136.144.41.60
- hash: 3074
- file: 185.81.115.42
- hash: 80
- file: 102.133.188.117
- hash: 35386
- domain: teredaroundcarb.top
- domain: reverdoome.top
- domain: braprest.com
- domain: geotypico.com
- file: 39.106.93.160
- hash: 50020
- file: 193.32.23.62
- hash: 1389
- file: 185.112.83.116
- hash: 8080
- url: http://185.112.83.116:8080/drv
- url: https://b2bdirector.com/rn
- file: 23.227.202.109
- hash: 80
- url: https://fuzanoj.com/panel
- file: 10.131.238.98
- hash: 6751
- hash: 54f27e662692d9d4ba3b6891459a6e3e5467a16da5c31f970b8bb9b97c405328
- hash: 998746d0f5d0c13df720f0bf3981d652c828ea64d64d2e16736a80123fb534aa
- hash: da6fa2b36d2081eba6fb0ab2a094da77942c12b77d72f6b4ef60ae2f6c990949
- hash: e94f208a90c7bb454620023fdd76e5c1739dbe76d0e49f6ff680cd9ad9b2ae51
- url: https://www.agoegations.com:443/ga.js
- hash: d549da9a1c1c1e21a1a02aa9151f605d5222438a39db1956318451401b4459e8
- hash: 804cbcd95ad730b6256c954369e79f2c07dc432886d8da78490a1a9aed7f89c7
- hash: 67f2ac673104bb3b17acde4dc66186d0481c142c9683db3e20c3eceb03b61baf
- hash: eaad0fe6a049dd65cfe9d8d720b88a706b43e7512391d19e5cb8254f5b814d11
- hash: 76488918853ce10b808bd2fad4f8c37ff9ca59f321c03c7700e0771f922113d3
- hash: 19bbac767fb526749ae7b964b1dc526461c7ad405a4cb503cea07e9b7bcac801
- hash: 22d26689319f826adaa1ef3c23fecb19042674018313b201960f65a22d48f8ce
- hash: e3bb53c048fc7ac736a6b0d1a5e757cd7dc0b4c2bc15e904b7a3e46f473db0f0
- hash: a4aa0e67ca87aea93018daa6d2a7f9802cd08aac4b96cbb6b6a59ed1e565928b
- hash: 770402cd3cd44132d6347cf6b18ae45d51e07cefa240f435359fcf821c3ba0a3
- hash: 076912a40250b0642e4aa604aa87af7b7118bda81c747fa65f3ab07048ae5a10
- hash: 118fdc1f91f1d3ccd8afeed03bfbc1c51e6bc7e316d9b1c0d88640872ed3e17e
- hash: 94ed398ec0f1188e5a10cba6c48c7f680d91f42dc5ffd88777b64f431ee4c41c
- hash: 687a7419a23cc1206d97b33d209387bd593150ed941df1e21564fe8ebbed9214
- hash: 3f61959fb38b9a780c40aa60b964ce782e82634663a9676afeb117eff328dcd1
- hash: 910bc15b5cb598579a738c8525027e6d7028446fe8a36394a4c4e3be0eba01e0
- hash: 5f331ca2b7e9266741b6f37335aa83978536d491759c0e41034d24e50b163e04
- hash: 5bde6250149c3899c1153daf195112c616599858a9f0db65686bf243844bc09b
- hash: bcb79eb5d48fd67287884a0c79ba183fdb55797f50558d5dce4738c1b800cd71
- hash: 06c80f87ccf8d9b080ac9d8145f111738774ea48fcbc2b4d02ce25aa39dfe938
- url: http://192.161.176.16:80/en_us/all.js
- url: https://www.cph54ff9.com:8443/match
- url: http://155.94.138.16:80/ga.js
- url: https://103.86.44.126:443/cx
- url: http://45.156.24.200:80/__utm.gif
- url: https://152.70.56.18:443/dpixel
- url: https://185.140.250.61:443/__utm.gif
- url: https://8.134.13.212:443/pixel.gif
- url: https://101.35.153.158:443/__utm.gif
- url: https://82.157.25.245/owa/
- file: 82.157.25.245
- hash: 443
- url: http://47.100.232.125/load
- file: 47.100.232.125
- hash: 80
- url: https://161.117.86.224/admin/login
- file: 161.117.86.224
- hash: 443
- url: http://121.4.31.149:8888/dot.gif
- file: 121.4.31.149
- hash: 8888
- url: https://42.193.218.183/cx
- file: 42.193.218.183
- hash: 443
- url: http://service-ospnb365-1306113289.bj.apigw.tencentcs.com/api/x
- file: 39.106.45.206
- hash: 80
- file: 52.128.229.5
- hash: 80
- url: https://217.79.243.148/temp
- file: 217.79.243.148
- hash: 443
- url: https://test2.bilibili.cc:443/push
- url: http://185.43.7.221/wordpresslinevideolocal/universal/protonlocal/external/request3eternal6/sqlmariadbbetterpython/packetwindows/geojsgame/providerimage.php
- file: 185.112.83.121
- hash: 60168
- file: 167.99.211.66
- hash: 26250
- file: 91.243.59.75
- hash: 44301
- file: 185.64.76.74
- hash: 16382
- url: https://cuphq.com:443/pixel.gif
- url: https://sophospanels.com:443/modcp.css
- hash: f1e04f18478379a63f0bf23b9ddae237caf7f59011190836b36bddd8648bcca9
- hash: a086d9b4beeb79e0902b3a4a9736df9a7dbcbccd146edbdba6f6c52d83884278
- hash: 7848ef49dad8e9b367d2cfbb121f1c3a341698b91067d7206cdf17299378b6fd
- hash: 5051db202ee58f0d4e6fed201fe9c10ec37a5aa1566e93e3b8652c0b9d3be7d0
- hash: 53be62cb163a49eee901d4b64775b52c9fcf227824b28f18d7b8180ffd152121
- hash: dc2e7ca03d56d19313fc17014134b3e81b359c135c0d3fc27c70750d48e87c58
- hash: 205a0ec42a9a1c559a0a88a53c2fc94ea6bff133c493843608101c5cc0cfece5
- hash: 20ba3b60a2f5993036e2694c9807d4fd63b3a0a60f1d67146af7780d61e03702
- hash: 07efda7fdb373177337ccd7bc4f02799b2d8b257269cf89e01ad041a7012790c
- url: http://69.172.75.132:8443/load
- url: http://49.232.110.30:80/cx
- url: http://a0615510.xsph.ru/updateservergenerator.php
- hash: 978ac9e00aae1c42f9d32453293d68839b3328d098016b044df38354ea4f6cbd
- hash: 01a021d62114989b1f148c2ef024cc67729a44fac3dc2f4665914a851eb5baf5
- hash: 77c0df7babc9f8ec3669202a92ba0e06da4dca9b43119278ce18b72733812dac
- hash: bfd5ec30538a4fd0d637639739abd8aa3e754b87bdf37ebc978de33c3dcb8a0f
- url: https://39.105.98.150:443/g.pixel
- url: https://47.95.8.91:8443/dot.gif
- url: https://depy.blog.happysec.cn:443/dshgodihjg
- url: https://service-mb04jg90-1308769889.gz.apigw.tencentcs.com:443/dot.gif
- url: https://192.161.176.16:443/fwlink
- url: http://107.173.35.82:3389/activity
- url: https://134.122.134.62:443/api/x
- file: 103.213.247.92
- hash: 23
- url: http://185.163.204.212/
- hash: c4a3016379b34840a053754aaec31a2b14db6a2557fd912dd9b762137d2056ab
- hash: bbb48715724dacfce802f69be71a0623abcaaee13e8c7da59c776825faaa0418
- hash: 533dc5860d8bfd61c646bdbaedf9c2fe57cf6ae4c98a4e31b97f88dcbe657f82
- hash: 3d87eae0bb5ada94d67ea6faa486c6c3531dae62fc06f24877609c9dbba25ee2
- hash: 6fb483e7ec55f8c56849d8f4f31bfd7b
- hash: 85dbbaa8c4d37ebb9829464f0510787b
- url: http://192.3.41.128:80/__utm.gif
- url: https://www.cph54ff9.com:8443/push
- url: http://www.cctv003.tk:80/ga.js
- url: http://176.121.14.113:80/en_us/all.js
- file: 107.189.13.151
- hash: 6738
- url: https://134.122.134.62:8888/api/x
- file: 78.47.113.209
- hash: 5404
- url: https://gougou.ml/dot.gif
- file: 150.158.166.155
- hash: 443
- file: 52.59.168.192
- hash: 80
- url: https://dikopago.com/sq
- file: 46.3.197.102
- hash: 48458
- file: 192.169.69.25
- hash: 5291
- url: https://unsinorg.cf:443/ca
- url: http://44.198.164.69:80/access/
- url: https://44.199.166.243:443/oscp/
- url: https://45.32.21.129:443/pixel
- url: https://91.132.175.45:443/match
- url: https://62.77.153.213:443/updates.rss
- url: https://cdn.contentsecure.net:443/j.ad
- url: http://81.69.202.34:80/cx
- url: https://103.45.142.124:443/j.ad
- url: https://101.35.138.149:443/j.ad
- url: https://110.43.226.28:8443/en_us/all.js
- url: https://106.13.95.3:443/cx
- url: https://d17vsbxs3f9iz4.cloudfront.net:443/access/
- url: https://1.14.148.85:443/push
- url: http://43.129.76.68:88/pixel
- file: 43.129.76.68
- hash: 88
- file: 66.42.79.159
- hash: 443
- url: https://185.244.150.151/s/ref=nb_sb_noss_1/167-7583947-58959383/field-keywords=books
- file: 185.244.150.151
- hash: 443
- url: https://185.201.47.157/zc
- file: 95.143.177.211
- hash: 443
- url: http://108.61.187.46/pixel
- file: 108.61.187.46
- hash: 80
- url: http://103.149.27.148:6666/pixel
- file: 103.149.27.148
- hash: 6666
- url: http://106.15.107.204:8443/cm
- file: 106.15.107.204
- hash: 8443
- url: http://tk.googleyiqi.tk:8080/api/3
- file: 104.244.91.197
- hash: 8080
- url: https://106.75.244.66/pixel.gif
- file: 106.75.244.66
- hash: 443
- url: http://192.161.55.13:6666/dot.gif
- file: 192.161.55.13
- hash: 6666
- url: http://108.61.186.70/match
- file: 108.61.186.70
- hash: 80
- url: https://23.227.198.246/btn_bg.js
- file: 23.227.198.246
- hash: 443
- url: http://1.14.98.183:8888/api/getit
- file: 1.14.98.183
- hash: 8888
- url: http://8.210.43.76:65432/pixel
- file: 8.210.43.76
- hash: 65432
- url: http://149.255.35.131/ky.js
- file: 149.255.35.131
- hash: 80
- url: https://ris.gid.rispacsmx.com/cm
- file: 189.145.99.246
- hash: 443
- url: https://173.82.187.137:5457/cx
- file: 173.82.187.137
- hash: 5457
- url: http://154.212.160.249/ca
- url: https://43.134.230.170/ptj
- file: 150.109.185.45
- hash: 443
- file: 138.68.155.70
- hash: 80
- url: http://tk.googleyiqi.tk:8880/api/3
- file: 104.244.91.197
- hash: 8880
- url: https://106.55.179.14/en_us/all.js
- file: 106.55.179.14
- hash: 443
- file: 45.11.47.243
- hash: 4444
- url: http://23.225.44.12/pixel
- file: 23.225.44.12
- hash: 80
- file: 194.180.174.31
- hash: 443
- url: http://5.5.5.1/pixel.gif
- file: 92.255.57.203
- hash: 80
- file: 45.32.21.129
- hash: 443
- url: http://delicate-credit-2ade.fsonve.workers.dev:8845/search/
- file: 8.214.127.215
- hash: 8845
- url: http://77.83.199.189:8080/rw
- file: 77.83.199.189
- hash: 8080
- file: 207.32.217.89
- hash: 14588
- url: http://habala.online/
- url: https://habala.online/
- url: https://www.agoegations.com:443/ca
ThreatFox IOCs for 2022-01-15
Medium
Published: Sat Jan 15 2022 (01/15/2022, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2022-01-15
AI-Powered Analysis
AILast updated: 06/18/2025, 19:02:18 UTC
Technical Analysis
The provided threat information pertains to a set of Indicators of Compromise (IOCs) published on January 15, 2022, by ThreatFox, a platform known for sharing threat intelligence data. The threat is categorized as malware-related and is associated with OSINT (Open Source Intelligence) tools or data, as indicated by the product field. However, there are no specific affected software versions or detailed technical descriptions of the malware's behavior, attack vectors, or payloads. The threat level is rated as 2 on an unspecified scale, with analysis and distribution values of 1 and 3 respectively, suggesting a moderate distribution but limited detailed analysis. There are no known exploits in the wild linked to this malware, and no Common Weakness Enumerations (CWEs) or patch information is provided. The absence of indicators such as IP addresses, domains, or file hashes limits the ability to perform targeted detection or response. Overall, this appears to be an informational release of IOCs related to malware activity, intended for use in OSINT contexts, but lacking detailed technical specifics or evidence of active exploitation.
Potential Impact
Given the limited technical details and the absence of known active exploitation, the immediate impact on European organizations is likely low to medium. The malware's distribution level suggests some presence or potential for spread, but without specifics on infection mechanisms or payload effects, the risk to confidentiality, integrity, or availability cannot be precisely determined. European organizations relying on OSINT tools or threat intelligence platforms might find value in these IOCs for enhancing their detection capabilities. However, the lack of actionable indicators and exploit details reduces the urgency of response. Potential impacts could include unauthorized data access or system compromise if the malware were to be deployed, but currently, there is no evidence of such activity. The medium severity rating reflects this uncertainty and the potential for moderate risk if further details emerge.
Mitigation Recommendations
1. Integrate the provided IOCs into existing security information and event management (SIEM) systems and threat intelligence platforms to enhance detection capabilities, even though specific indicators are not included here. 2. Maintain up-to-date endpoint protection and malware detection solutions that can identify unknown or emerging threats through heuristic and behavioral analysis. 3. Conduct regular threat hunting exercises focusing on OSINT-related malware signatures and behaviors, leveraging community-shared intelligence such as ThreatFox feeds. 4. Enhance network monitoring for unusual outbound connections or data exfiltration attempts that could be associated with malware activity. 5. Educate security teams on the importance of OSINT in threat detection and encourage collaboration with intelligence-sharing communities to obtain more detailed and actionable data. 6. Since no patches or CVEs are associated, focus on general best practices such as timely software updates, least privilege access controls, and incident response readiness to mitigate potential unknown threats.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 0d88877c-1015-4ea3-8ca7-3b37f78e5b93
- Original Timestamp
- 1642291383
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://45.195.15.124:443/activity | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttp://5.199.162.229:80/modcp.css | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttp://185.112.83.116:8080/drv | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://b2bdirector.com/rn | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://fuzanoj.com/panel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://www.agoegations.com:443/ga.js | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttp://192.161.176.16:80/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttps://www.cph54ff9.com:8443/match | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttp://155.94.138.16:80/ga.js | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttps://103.86.44.126:443/cx | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttp://45.156.24.200:80/__utm.gif | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttps://152.70.56.18:443/dpixel | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttps://185.140.250.61:443/__utm.gif | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttps://8.134.13.212:443/pixel.gif | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttps://101.35.153.158:443/__utm.gif | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttps://82.157.25.245/owa/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.100.232.125/load | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://161.117.86.224/admin/login | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://121.4.31.149:8888/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://42.193.218.183/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://service-ospnb365-1306113289.bj.apigw.tencentcs.com/api/x | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://217.79.243.148/temp | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://test2.bilibili.cc:443/push | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttp://185.43.7.221/wordpresslinevideolocal/universal/protonlocal/external/request3eternal6/sqlmariadbbetterpython/packetwindows/geojsgame/providerimage.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://cuphq.com:443/pixel.gif | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttps://sophospanels.com:443/modcp.css | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttp://69.172.75.132:8443/load | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttp://49.232.110.30:80/cx | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttp://a0615510.xsph.ru/updateservergenerator.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://39.105.98.150:443/g.pixel | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttps://47.95.8.91:8443/dot.gif | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttps://depy.blog.happysec.cn:443/dshgodihjg | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttps://service-mb04jg90-1308769889.gz.apigw.tencentcs.com:443/dot.gif | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttps://192.161.176.16:443/fwlink | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttp://107.173.35.82:3389/activity | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttps://134.122.134.62:443/api/x | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttp://185.163.204.212/ | Raccoon botnet C2 (confidence level: 100%) | |
urlhttp://192.3.41.128:80/__utm.gif | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttps://www.cph54ff9.com:8443/push | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttp://www.cctv003.tk:80/ga.js | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttp://176.121.14.113:80/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttps://134.122.134.62:8888/api/x | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttps://gougou.ml/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://dikopago.com/sq | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://unsinorg.cf:443/ca | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttp://44.198.164.69:80/access/ | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttps://44.199.166.243:443/oscp/ | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttps://45.32.21.129:443/pixel | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttps://91.132.175.45:443/match | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttps://62.77.153.213:443/updates.rss | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttps://cdn.contentsecure.net:443/j.ad | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttp://81.69.202.34:80/cx | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttps://103.45.142.124:443/j.ad | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttps://101.35.138.149:443/j.ad | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttps://110.43.226.28:8443/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttps://106.13.95.3:443/cx | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttps://d17vsbxs3f9iz4.cloudfront.net:443/access/ | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttps://1.14.148.85:443/push | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttp://43.129.76.68:88/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://185.244.150.151/s/ref=nb_sb_noss_1/167-7583947-58959383/field-keywords=books | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://185.201.47.157/zc | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://108.61.187.46/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://103.149.27.148:6666/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://106.15.107.204:8443/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://tk.googleyiqi.tk:8080/api/3 | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://106.75.244.66/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://192.161.55.13:6666/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://108.61.186.70/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://23.227.198.246/btn_bg.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://1.14.98.183:8888/api/getit | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://8.210.43.76:65432/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://149.255.35.131/ky.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://ris.gid.rispacsmx.com/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://173.82.187.137:5457/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://154.212.160.249/ca | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://43.134.230.170/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://tk.googleyiqi.tk:8880/api/3 | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://106.55.179.14/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://23.225.44.12/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://5.5.5.1/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://delicate-credit-2ade.fsonve.workers.dev:8845/search/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://77.83.199.189:8080/rw | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://habala.online/ | SmokeLoader botnet C2 (confidence level: 75%) | |
urlhttps://habala.online/ | SmokeLoader botnet C2 (confidence level: 75%) | |
urlhttps://www.agoegations.com:443/ca | Cobalt Strike botnet C2 (confidence level: 50%) |
File
| Value | Description | Copy |
|---|---|---|
file95.181.161.119 | Mirai botnet C2 server (confidence level: 75%) | |
file94.103.9.155 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file163.172.82.219 | Bashlite botnet C2 server (confidence level: 50%) | |
file155.138.239.74 | Bashlite botnet C2 server (confidence level: 50%) | |
file134.122.16.208 | Mirai botnet C2 server (confidence level: 75%) | |
file209.141.54.15 | Mirai botnet C2 server (confidence level: 75%) | |
file178.62.216.134 | Mirai botnet C2 server (confidence level: 75%) | |
file136.144.41.60 | Mirai botnet C2 server (confidence level: 75%) | |
file185.81.115.42 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file102.133.188.117 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file39.106.93.160 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file193.32.23.62 | Unknown malware payload delivery server (confidence level: 75%) | |
file185.112.83.116 | Unknown malware payload delivery server (confidence level: 75%) | |
file23.227.202.109 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file10.131.238.98 | Nanocore RAT botnet C2 server (confidence level: 75%) | |
file82.157.25.245 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.100.232.125 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file161.117.86.224 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.4.31.149 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file42.193.218.183 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.106.45.206 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file52.128.229.5 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file217.79.243.148 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.112.83.121 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file167.99.211.66 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file91.243.59.75 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file185.64.76.74 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file103.213.247.92 | XOR DDoS botnet C2 server (confidence level: 75%) | |
file107.189.13.151 | Mirai botnet C2 server (confidence level: 75%) | |
file78.47.113.209 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file150.158.166.155 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file52.59.168.192 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file46.3.197.102 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file192.169.69.25 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file43.129.76.68 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file66.42.79.159 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.244.150.151 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file95.143.177.211 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file108.61.187.46 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.149.27.148 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.15.107.204 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file104.244.91.197 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.75.244.66 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file192.161.55.13 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file108.61.186.70 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.227.198.246 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.14.98.183 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.210.43.76 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.255.35.131 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file189.145.99.246 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file173.82.187.137 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file150.109.185.45 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file138.68.155.70 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file104.244.91.197 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.55.179.14 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.11.47.243 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.225.44.12 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file194.180.174.31 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file92.255.57.203 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.32.21.129 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.214.127.215 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file77.83.199.189 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file207.32.217.89 | RedLine Stealer botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash1024 | Mirai botnet C2 server (confidence level: 75%) | |
hash51866 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash5555 | Bashlite botnet C2 server (confidence level: 50%) | |
hash1337 | Bashlite botnet C2 server (confidence level: 50%) | |
hash443 | Mirai botnet C2 server (confidence level: 75%) | |
hash1791 | Mirai botnet C2 server (confidence level: 75%) | |
hash9506 | Mirai botnet C2 server (confidence level: 75%) | |
hash54a5c57da7afe6180077c64a927574ad6652fc0305bbbd2a83e9701ea41fa2d1 | DCRat payload (confidence level: 50%) | |
hash037794920646056289550c46ed4db6ae39b19a1bce28030aa6e26bdd0cfcf6aa | DCRat payload (confidence level: 50%) | |
hash08d8db67ddae643ce598dc41c4bf56156079461a79cdb2bdb5783eb6fd804b51 | DCRat payload (confidence level: 50%) | |
hash3df36bc5c40a3e5befc011b4e4953ca0578af2c0890d0af472529cf518ecfa9a | DCRat payload (confidence level: 50%) | |
hash3074 | Mirai botnet C2 server (confidence level: 75%) | |
hash80 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash35386 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash50020 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash1389 | Unknown malware payload delivery server (confidence level: 75%) | |
hash8080 | Unknown malware payload delivery server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6751 | Nanocore RAT botnet C2 server (confidence level: 75%) | |
hash54f27e662692d9d4ba3b6891459a6e3e5467a16da5c31f970b8bb9b97c405328 | Nanocore RAT payload (confidence level: 50%) | |
hash998746d0f5d0c13df720f0bf3981d652c828ea64d64d2e16736a80123fb534aa | Nanocore RAT payload (confidence level: 50%) | |
hashda6fa2b36d2081eba6fb0ab2a094da77942c12b77d72f6b4ef60ae2f6c990949 | Nanocore RAT payload (confidence level: 50%) | |
hashe94f208a90c7bb454620023fdd76e5c1739dbe76d0e49f6ff680cd9ad9b2ae51 | Nanocore RAT payload (confidence level: 50%) | |
hashd549da9a1c1c1e21a1a02aa9151f605d5222438a39db1956318451401b4459e8 | LokiBot payload (confidence level: 50%) | |
hash804cbcd95ad730b6256c954369e79f2c07dc432886d8da78490a1a9aed7f89c7 | LokiBot payload (confidence level: 50%) | |
hash67f2ac673104bb3b17acde4dc66186d0481c142c9683db3e20c3eceb03b61baf | LokiBot payload (confidence level: 50%) | |
hasheaad0fe6a049dd65cfe9d8d720b88a706b43e7512391d19e5cb8254f5b814d11 | LokiBot payload (confidence level: 50%) | |
hash76488918853ce10b808bd2fad4f8c37ff9ca59f321c03c7700e0771f922113d3 | Ave Maria payload (confidence level: 50%) | |
hash19bbac767fb526749ae7b964b1dc526461c7ad405a4cb503cea07e9b7bcac801 | STOP payload (confidence level: 50%) | |
hash22d26689319f826adaa1ef3c23fecb19042674018313b201960f65a22d48f8ce | Ave Maria payload (confidence level: 50%) | |
hashe3bb53c048fc7ac736a6b0d1a5e757cd7dc0b4c2bc15e904b7a3e46f473db0f0 | STOP payload (confidence level: 50%) | |
hasha4aa0e67ca87aea93018daa6d2a7f9802cd08aac4b96cbb6b6a59ed1e565928b | Ave Maria payload (confidence level: 50%) | |
hash770402cd3cd44132d6347cf6b18ae45d51e07cefa240f435359fcf821c3ba0a3 | STOP payload (confidence level: 50%) | |
hash076912a40250b0642e4aa604aa87af7b7118bda81c747fa65f3ab07048ae5a10 | Ave Maria payload (confidence level: 50%) | |
hash118fdc1f91f1d3ccd8afeed03bfbc1c51e6bc7e316d9b1c0d88640872ed3e17e | STOP payload (confidence level: 50%) | |
hash94ed398ec0f1188e5a10cba6c48c7f680d91f42dc5ffd88777b64f431ee4c41c | Ave Maria payload (confidence level: 50%) | |
hash687a7419a23cc1206d97b33d209387bd593150ed941df1e21564fe8ebbed9214 | Ave Maria payload (confidence level: 50%) | |
hash3f61959fb38b9a780c40aa60b964ce782e82634663a9676afeb117eff328dcd1 | Ave Maria payload (confidence level: 50%) | |
hash910bc15b5cb598579a738c8525027e6d7028446fe8a36394a4c4e3be0eba01e0 | Ave Maria payload (confidence level: 50%) | |
hash5f331ca2b7e9266741b6f37335aa83978536d491759c0e41034d24e50b163e04 | Agent Tesla payload (confidence level: 50%) | |
hash5bde6250149c3899c1153daf195112c616599858a9f0db65686bf243844bc09b | Agent Tesla payload (confidence level: 50%) | |
hashbcb79eb5d48fd67287884a0c79ba183fdb55797f50558d5dce4738c1b800cd71 | Agent Tesla payload (confidence level: 50%) | |
hash06c80f87ccf8d9b080ac9d8145f111738774ea48fcbc2b4d02ce25aa39dfe938 | Agent Tesla payload (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash60168 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash26250 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash44301 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash16382 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hashf1e04f18478379a63f0bf23b9ddae237caf7f59011190836b36bddd8648bcca9 | Emotet payload (confidence level: 50%) | |
hasha086d9b4beeb79e0902b3a4a9736df9a7dbcbccd146edbdba6f6c52d83884278 | DCRat payload (confidence level: 50%) | |
hash7848ef49dad8e9b367d2cfbb121f1c3a341698b91067d7206cdf17299378b6fd | DCRat payload (confidence level: 50%) | |
hash5051db202ee58f0d4e6fed201fe9c10ec37a5aa1566e93e3b8652c0b9d3be7d0 | DCRat payload (confidence level: 50%) | |
hash53be62cb163a49eee901d4b64775b52c9fcf227824b28f18d7b8180ffd152121 | DCRat payload (confidence level: 50%) | |
hashdc2e7ca03d56d19313fc17014134b3e81b359c135c0d3fc27c70750d48e87c58 | Agent Tesla payload (confidence level: 50%) | |
hash205a0ec42a9a1c559a0a88a53c2fc94ea6bff133c493843608101c5cc0cfece5 | Agent Tesla payload (confidence level: 50%) | |
hash20ba3b60a2f5993036e2694c9807d4fd63b3a0a60f1d67146af7780d61e03702 | Agent Tesla payload (confidence level: 50%) | |
hash07efda7fdb373177337ccd7bc4f02799b2d8b257269cf89e01ad041a7012790c | Agent Tesla payload (confidence level: 50%) | |
hash978ac9e00aae1c42f9d32453293d68839b3328d098016b044df38354ea4f6cbd | DCRat payload (confidence level: 50%) | |
hash01a021d62114989b1f148c2ef024cc67729a44fac3dc2f4665914a851eb5baf5 | DCRat payload (confidence level: 50%) | |
hash77c0df7babc9f8ec3669202a92ba0e06da4dca9b43119278ce18b72733812dac | DCRat payload (confidence level: 50%) | |
hashbfd5ec30538a4fd0d637639739abd8aa3e754b87bdf37ebc978de33c3dcb8a0f | DCRat payload (confidence level: 50%) | |
hash23 | XOR DDoS botnet C2 server (confidence level: 75%) | |
hashc4a3016379b34840a053754aaec31a2b14db6a2557fd912dd9b762137d2056ab | ClipBanker payload (confidence level: 50%) | |
hashbbb48715724dacfce802f69be71a0623abcaaee13e8c7da59c776825faaa0418 | ClipBanker payload (confidence level: 50%) | |
hash533dc5860d8bfd61c646bdbaedf9c2fe57cf6ae4c98a4e31b97f88dcbe657f82 | ClipBanker payload (confidence level: 50%) | |
hash3d87eae0bb5ada94d67ea6faa486c6c3531dae62fc06f24877609c9dbba25ee2 | ClipBanker payload (confidence level: 50%) | |
hash6fb483e7ec55f8c56849d8f4f31bfd7b | SysJoker payload (confidence level: 50%) | |
hash85dbbaa8c4d37ebb9829464f0510787b | SysJoker payload (confidence level: 50%) | |
hash6738 | Mirai botnet C2 server (confidence level: 75%) | |
hash5404 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash48458 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash5291 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash88 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6666 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6666 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash65432 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5457 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8880 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8845 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash14588 | RedLine Stealer botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainteredaroundcarb.top | IcedID botnet C2 domain (confidence level: 100%) | |
domainreverdoome.top | IcedID botnet C2 domain (confidence level: 100%) | |
domainbraprest.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaingeotypico.com | Cobalt Strike botnet C2 domain (confidence level: 100%) |
Threat ID: 682b7b9fd3ddd8cef2e683c4
Added to database: 5/19/2025, 6:42:39 PM
Last enriched: 6/18/2025, 7:02:18 PM
Last updated: 8/8/2025, 3:38:02 AM
Views: 9
Related Threats
ThreatFox IOCs for 2025-08-12
MediumMalwareWed Aug 13 2025
Challenge for human and AI reverse engineers
MediumMalwareTue Aug 12 2025
A New Threat Actor Targeting Geopolitical Hotbeds
MediumMalwareTue Aug 12 2025
New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises
MediumMalwareTue Aug 12 2025
Russian-Linked Curly COMrades Deploy New MucorAgent Malware in Europe
MediumMalwareTue Aug 12 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.