ThreatFox IOCs for 2022-02-27

Severity: mediumType: malware

AI Analysis

Technical Summary

The provided information pertains to a security threat categorized as malware, specifically identified as "ThreatFox IOCs for 2022-02-27." The data originates from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) related to various cyber threats. The threat is tagged as OSINT (Open Source Intelligence), indicating that the information is derived from publicly available sources rather than proprietary or classified data. There are no specific affected versions or products listed, and the product is generically noted as "osint," suggesting that this entry serves as a collection or report of IOCs rather than a direct vulnerability or exploit targeting a particular software or hardware product. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, which may imply moderate dissemination or relevance. No known exploits in the wild have been reported, and no patch links or CWEs (Common Weakness Enumerations) are associated with this entry. The absence of detailed technical indicators or specific malware characteristics limits the ability to perform a deep technical dissection. Essentially, this entry appears to be a medium-severity informational report compiling IOCs relevant as of February 27, 2022, intended for use in threat intelligence and detection efforts rather than describing a novel or active exploit or malware campaign.

Potential Impact

Given the lack of specific affected products, versions, or detailed technical indicators, the direct impact of this threat on European organizations is difficult to quantify. However, as an OSINT-based IOC report, its primary value lies in enhancing detection capabilities and situational awareness rather than indicating an immediate or active threat. European organizations that rely on threat intelligence feeds and integrate such IOCs into their security monitoring tools could benefit from improved identification of potential malware activity or intrusion attempts. The medium severity rating suggests that while the threat is not currently critical or high risk, it should not be disregarded. Potential impacts include increased exposure to malware infections if these IOCs correspond to emerging or ongoing campaigns not yet widely exploited. The absence of known exploits in the wild reduces the immediacy of risk but does not eliminate the possibility of future exploitation. Therefore, the impact is primarily preventive and intelligence-driven, supporting proactive defense rather than reactive incident response.

Mitigation Recommendations

1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) systems and endpoint detection and response (EDR) tools to enhance detection capabilities. 2. Regularly update threat intelligence feeds to ensure the latest IOCs from ThreatFox and similar platforms are incorporated. 3. Conduct targeted threat hunting exercises using these IOCs to identify any signs of compromise within the network. 4. Train security operations center (SOC) analysts to recognize patterns associated with these IOCs and escalate suspicious findings promptly. 5. Maintain robust network segmentation and least privilege access controls to limit potential malware spread if an infection occurs. 6. Since no patches or specific vulnerabilities are identified, focus on strengthening general malware defenses, including up-to-date antivirus solutions, application whitelisting, and user awareness training to mitigate social engineering risks. 7. Collaborate with national and European cybersecurity information sharing organizations to contextualize these IOCs within broader threat landscapes and receive timely updates.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain

Indicators of Compromise

domain: pop5.ddns.net
file: 147.189.174.182
hash: 6666
file: 107.172.137.175
hash: 888
file: 91.109.184.8
hash: 5050
url: http://62.109.17.127/jsserverdefaultsqlwindows.php
file: 92.119.113.192
hash: 6238
file: 31.210.20.129
hash: 8686
file: 194.31.98.127
hash: 40250
file: 172.104.232.196
hash: 443
domain: lifegothistory.com
file: 41.234.44.38
hash: 1338
url: http://66.228.61.192/ponyz/gate.php
url: http://aonebioinstitute.com/default.php
url: http://oldspringdalians.com/default.php
url: http://odtpl.com/default.php
url: http://80.78.23.156/zc
file: 80.78.23.156
hash: 80
url: http://45.32.61.158/ca
file: 141.255.144.117
hash: 2000
file: 3.133.207.110
hash: 13571
url: http://81.69.254.103/j.ad
file: 81.69.254.103
hash: 80
url: https://115.29.212.183:5004/updates.rss
file: 115.29.212.183
hash: 5004
url: http://193.56.29.183:9090/match
file: 193.56.29.183
hash: 9090
url: https://2.56.242.66/__utm.gif
file: 2.56.242.66
hash: 443
url: http://flashx.ink/cm
file: 120.25.127.16
hash: 80
url: http://111.0.76.109/__utm.gif
file: 111.0.76.109
hash: 80
url: http://192.74.254.59/load
file: 192.74.254.59
hash: 80
file: 91.243.59.196
hash: 32798
url: http://185.241.61.111/jssecureauthsqlpublic.php
domain: verifysec0.myftp.biz
file: 185.174.40.141
hash: 8780
url: http://korunder.com/jquery-3.3.1.min.js
file: 139.60.161.57
hash: 80
url: https://korunder.com/jquery-3.3.1.min.js
file: 139.60.161.57
hash: 443
url: https://doracecut.com/nd
url: https://172.93.201.48/nd
file: 172.93.201.48
hash: 443
url: http://212.193.30.35/purelogs/fre.php
file: 184.105.237.196
hash: 3360
file: 107.175.87.159
hash: 42516
url: http://212.193.30.35/elimoney/fre.php
url: http://a0603308.xsph.ru/asynccdn.php
file: 192.169.69.25
hash: 519
hash: d2b27a909af535f43f98a9417d15605dfb3a712a354c66611923a8a1f55f1bd5
hash: 358ffadb642fe360ad1973d46a383963acd3c48171354a13b9132994df6c7a26
hash: 29fc3cee79f26e80d735d9f488f26b628be93194cd1f0b64dffb900bdfe0c128
hash: 6abc19500e1ffb620bbc0767aecd5de2b51054fe33d708bcb896d6630abc0808
hash: a37c691c61c3fbd78f0ed5b2c67430a787d886e46deba2eb222e2412f8bf48ba
hash: bb1f62a3abf57e858e71ec3ccd31accd382836989cd75e61c0551ef78a121153
hash: d34ccf784cc71fd5e406e3a05531556c6073a67f51a6ffb3ae031774d05fe689
hash: 546e9fb5a2e7db713f31220f6bc65860c8c4a8306f661838e102f8d9722abb59
hash: d04f384bf49eb6f6b6569f31f76f989ca6ed3104563d90e0ac74a870cc127147
hash: c556a47bb6371b45de11de879e82d643e9490613dad48fb76af38c9ac65de92b
hash: c29fd1209428c0a3b2b3468b103bbfc9e8e687c64e04470ef1fb88f73f807f15
hash: 002c3dfe6c2a402993f53e080caef084f6ddc31101aed77f3408b62e24b19afb
hash: 889659c27b4d19b1f0caf7d8eb2f8931ce0b4885325222a1f6e65af2cc1313a0
hash: 0ee12ad9b6527bc13c7a581970a1b74a591e27cf1d7e5ba69fd0b7d8418fc148
hash: 67c5fe2374b1555357df744dc37b19db60ed74434600eee6b9bf4d78854a1464
hash: ca194fdd65a1cd3ba83c4f888e8bb8c15d5542dc44b9d56e75391088cc82c17e
hash: 0f562e670674c7837151bfe8184f074830a4be3d623f6f27a656f8580566b799
hash: 11389b81d0d59a33c5039dcb614e19ecb654a087f77a1c050b343451af71f484
hash: 1c44068e816646c723ae5273cbe59bcd9be23fffbde574ed2543bacb30f83a9b
hash: 1fd81fbc589127229f2304b8246b25e58526dad6cb239e3eeb2ad8347c731673
hash: 20a907835a74e7d7109934bf7a81d4a4a18a8c8eae4b90a477d7b2bbb1ec93d8
hash: e8df7e2d1fd2e347a6526c9f9bf74e06eb4ab5a218a24591478934ecde736928
hash: 8ff837977473025c3743bb18a37af8ec2c4b31fcaa55f8f2122c686e15dfd468
hash: 847a3255e9e33228e130939814e566372bc25618776a317463895cf4e6dbfc0a
hash: 5b1e887b51c585534be9cc545dd8cd2fad5785f93b5854075c1ccbc4f4bb7240
hash: 546f1a4fb1ce8beb6944a3a11f78dc46f885a877d0e6744b6ee84dc502316fd7
hash: afa89f0175b6870104fc4a29fd9d60eff8bcd2e90761620dff572ea1b729096b
hash: 93813a448fe0e922d9d6d081296a324418e4aefca26a58ab58c016a4870d2d51
hash: 7692c39e1fe463f561422db8bed1123f31d588974df0d57d0e8e54a9d4f2b62f
hash: a7bb803de0282abd10c87b6eec0b942f9d8df704b7036ce0519ed0312208f0ae
hash: 9668d6b2a50e0ae7476c325b09ad36a1d9284ece981f63cea884763e6cab468c
hash: 1dea453e5344898c9a66309bd6d1cf6e21c56eb1427c026aac84b14a6b23f7fc
hash: ea524e8b0dd046561b59a8d4da5a122aeff02036c87bb03056437a1d0f584039
hash: cf487bd54e487585cd052e982fd765cbc0d8d164cc21b8635e55475182dadf00
hash: 2586026617b117506dfe326f50e45476ce765a74fe48c8650d32980a4dfe5ee9
hash: e298d3e4ea2610e43eedcdc3171998943d645c187779f431424b7c0b39650d05
hash: 64485b3ea7ab067e7a83611f8c4caaf74482cdacb8a41bf118d967de3f1b51b2
file: 46.8.52.17
hash: 24758
url: http://20.113.82.15/linegamebigloadsqlgenerator.php
url: https://47.242.26.146:10010/activity
file: 47.242.26.146
hash: 10010
url: http://193.233.206.76/design/v1.38/3vy7px5bdrr
file: 193.233.206.76
hash: 80
url: https://103.234.72.29:7777/activity
file: 103.234.72.29
hash: 7777
url: http://137.175.19.20/j.ad
file: 137.175.19.20
hash: 80
url: https://34.92.105.43:1443/match
file: 34.92.105.43
hash: 1443
url: http://service-mhxn7lwp-1307639069.bj.apigw.tencentcs.com/api/x
file: 120.25.167.104
hash: 80
url: http://47.243.79.171/load
file: 47.243.79.171
hash: 80
url: http://205.185.116.54/links.css
file: 205.185.116.54
hash: 80
file: 212.192.241.250
hash: 10920
file: 41.225.46.176
hash: 1234
url: https://34.92.105.43/consolidate/v2.40/fb4esgwq
file: 34.92.105.43
hash: 443
url: http://139.177.191.22:8989/ca
file: 139.177.191.22
hash: 8989
file: 107.173.222.135
hash: 666

ThreatFox IOCs for 2022-02-27

Severity: medium

Type: malware

ThreatFox IOCs for 2022-02-27

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain

Indicators of Compromise

domain: pop5.ddns.net
file: 147.189.174.182
hash: 6666
file: 107.172.137.175
hash: 888
file: 91.109.184.8
hash: 5050
url: http://62.109.17.127/jsserverdefaultsqlwindows.php
file: 92.119.113.192
hash: 6238
file: 31.210.20.129
hash: 8686
file: 194.31.98.127
hash: 40250
file: 172.104.232.196
hash: 443
domain: lifegothistory.com
file: 41.234.44.38
hash: 1338
url: http://66.228.61.192/ponyz/gate.php
url: http://aonebioinstitute.com/default.php
url: http://oldspringdalians.com/default.php
url: http://odtpl.com/default.php
url: http://80.78.23.156/zc
file: 80.78.23.156
hash: 80
url: http://45.32.61.158/ca
file: 141.255.144.117
hash: 2000
file: 3.133.207.110
hash: 13571
url: http://81.69.254.103/j.ad
file: 81.69.254.103
hash: 80
url: https://115.29.212.183:5004/updates.rss
file: 115.29.212.183
hash: 5004
url: http://193.56.29.183:9090/match
file: 193.56.29.183
hash: 9090
url: https://2.56.242.66/__utm.gif
file: 2.56.242.66
hash: 443
url: http://flashx.ink/cm
file: 120.25.127.16
hash: 80
url: http://111.0.76.109/__utm.gif
file: 111.0.76.109
hash: 80
url: http://192.74.254.59/load
file: 192.74.254.59
hash: 80
file: 91.243.59.196
hash: 32798
url: http://185.241.61.111/jssecureauthsqlpublic.php
domain: verifysec0.myftp.biz
file: 185.174.40.141
hash: 8780
url: http://korunder.com/jquery-3.3.1.min.js
file: 139.60.161.57
hash: 80
url: https://korunder.com/jquery-3.3.1.min.js
file: 139.60.161.57
hash: 443
url: https://doracecut.com/nd
url: https://172.93.201.48/nd
file: 172.93.201.48
hash: 443
url: http://212.193.30.35/purelogs/fre.php
file: 184.105.237.196
hash: 3360
file: 107.175.87.159
hash: 42516
url: http://212.193.30.35/elimoney/fre.php
url: http://a0603308.xsph.ru/asynccdn.php
file: 192.169.69.25
hash: 519
hash: d2b27a909af535f43f98a9417d15605dfb3a712a354c66611923a8a1f55f1bd5
hash: 358ffadb642fe360ad1973d46a383963acd3c48171354a13b9132994df6c7a26
hash: 29fc3cee79f26e80d735d9f488f26b628be93194cd1f0b64dffb900bdfe0c128
hash: 6abc19500e1ffb620bbc0767aecd5de2b51054fe33d708bcb896d6630abc0808
hash: a37c691c61c3fbd78f0ed5b2c67430a787d886e46deba2eb222e2412f8bf48ba
hash: bb1f62a3abf57e858e71ec3ccd31accd382836989cd75e61c0551ef78a121153
hash: d34ccf784cc71fd5e406e3a05531556c6073a67f51a6ffb3ae031774d05fe689
hash: 546e9fb5a2e7db713f31220f6bc65860c8c4a8306f661838e102f8d9722abb59
hash: d04f384bf49eb6f6b6569f31f76f989ca6ed3104563d90e0ac74a870cc127147
hash: c556a47bb6371b45de11de879e82d643e9490613dad48fb76af38c9ac65de92b
hash: c29fd1209428c0a3b2b3468b103bbfc9e8e687c64e04470ef1fb88f73f807f15
hash: 002c3dfe6c2a402993f53e080caef084f6ddc31101aed77f3408b62e24b19afb
hash: 889659c27b4d19b1f0caf7d8eb2f8931ce0b4885325222a1f6e65af2cc1313a0
hash: 0ee12ad9b6527bc13c7a581970a1b74a591e27cf1d7e5ba69fd0b7d8418fc148
hash: 67c5fe2374b1555357df744dc37b19db60ed74434600eee6b9bf4d78854a1464
hash: ca194fdd65a1cd3ba83c4f888e8bb8c15d5542dc44b9d56e75391088cc82c17e
hash: 0f562e670674c7837151bfe8184f074830a4be3d623f6f27a656f8580566b799
hash: 11389b81d0d59a33c5039dcb614e19ecb654a087f77a1c050b343451af71f484
hash: 1c44068e816646c723ae5273cbe59bcd9be23fffbde574ed2543bacb30f83a9b
hash: 1fd81fbc589127229f2304b8246b25e58526dad6cb239e3eeb2ad8347c731673
hash: 20a907835a74e7d7109934bf7a81d4a4a18a8c8eae4b90a477d7b2bbb1ec93d8
hash: e8df7e2d1fd2e347a6526c9f9bf74e06eb4ab5a218a24591478934ecde736928
hash: 8ff837977473025c3743bb18a37af8ec2c4b31fcaa55f8f2122c686e15dfd468
hash: 847a3255e9e33228e130939814e566372bc25618776a317463895cf4e6dbfc0a
hash: 5b1e887b51c585534be9cc545dd8cd2fad5785f93b5854075c1ccbc4f4bb7240
hash: 546f1a4fb1ce8beb6944a3a11f78dc46f885a877d0e6744b6ee84dc502316fd7
hash: afa89f0175b6870104fc4a29fd9d60eff8bcd2e90761620dff572ea1b729096b
hash: 93813a448fe0e922d9d6d081296a324418e4aefca26a58ab58c016a4870d2d51
hash: 7692c39e1fe463f561422db8bed1123f31d588974df0d57d0e8e54a9d4f2b62f
hash: a7bb803de0282abd10c87b6eec0b942f9d8df704b7036ce0519ed0312208f0ae
hash: 9668d6b2a50e0ae7476c325b09ad36a1d9284ece981f63cea884763e6cab468c
hash: 1dea453e5344898c9a66309bd6d1cf6e21c56eb1427c026aac84b14a6b23f7fc
hash: ea524e8b0dd046561b59a8d4da5a122aeff02036c87bb03056437a1d0f584039
hash: cf487bd54e487585cd052e982fd765cbc0d8d164cc21b8635e55475182dadf00
hash: 2586026617b117506dfe326f50e45476ce765a74fe48c8650d32980a4dfe5ee9
hash: e298d3e4ea2610e43eedcdc3171998943d645c187779f431424b7c0b39650d05
hash: 64485b3ea7ab067e7a83611f8c4caaf74482cdacb8a41bf118d967de3f1b51b2
file: 46.8.52.17
hash: 24758
url: http://20.113.82.15/linegamebigloadsqlgenerator.php
url: https://47.242.26.146:10010/activity
file: 47.242.26.146
hash: 10010
url: http://193.233.206.76/design/v1.38/3vy7px5bdrr
file: 193.233.206.76
hash: 80
url: https://103.234.72.29:7777/activity
file: 103.234.72.29
hash: 7777
url: http://137.175.19.20/j.ad
file: 137.175.19.20
hash: 80
url: https://34.92.105.43:1443/match
file: 34.92.105.43
hash: 1443
url: http://service-mhxn7lwp-1307639069.bj.apigw.tencentcs.com/api/x
file: 120.25.167.104
hash: 80
url: http://47.243.79.171/load
file: 47.243.79.171
hash: 80
url: http://205.185.116.54/links.css
file: 205.185.116.54
hash: 80
file: 212.192.241.250
hash: 10920
file: 41.225.46.176
hash: 1234
url: https://34.92.105.43/consolidate/v2.40/fb4esgwq
file: 34.92.105.43
hash: 443
url: http://139.177.191.22:8989/ca
file: 139.177.191.22
hash: 8989
file: 107.173.222.135
hash: 666

Source: ThreatFox

Published: Sun Feb 27 2022

ThreatFox IOCs for 2022-02-27

Medium

Malwaretype:osint tlp:white

Published: Sun Feb 27 2022 (02/27/2022, 00:00:00 UTC)

Source: ThreatFox

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2022-02-27

AI-Powered Analysis

AILast updated: 06/19/2025, 13:18:49 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: e9c85826-7148-41f3-805a-62941e12a7e9
Original Timestamp: 1646006584

Indicators of Compromise

Domain

Value	Description	Copy
domainpop5.ddns.net	AsyncRAT botnet C2 domain (confidence level: 100%)
domainlifegothistory.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainverifysec0.myftp.biz	Ave Maria botnet C2 domain (confidence level: 100%)

File

Value	Description	Copy
file147.189.174.182	AsyncRAT botnet C2 server (confidence level: 100%)
file107.172.137.175	Mirai botnet C2 server (confidence level: 75%)
file91.109.184.8	NjRAT botnet C2 server (confidence level: 100%)
file92.119.113.192	RedLine Stealer botnet C2 server (confidence level: 100%)
file31.210.20.129	Nanocore RAT botnet C2 server (confidence level: 100%)
file194.31.98.127	RedLine Stealer botnet C2 server (confidence level: 100%)
file172.104.232.196	Cobalt Strike botnet C2 server (confidence level: 75%)
file41.234.44.38	Quasar RAT botnet C2 server (confidence level: 100%)
file80.78.23.156	Cobalt Strike botnet C2 server (confidence level: 100%)
file141.255.144.117	AsyncRAT botnet C2 server (confidence level: 100%)
file3.133.207.110	NjRAT botnet C2 server (confidence level: 100%)
file81.69.254.103	Cobalt Strike botnet C2 server (confidence level: 100%)
file115.29.212.183	Cobalt Strike botnet C2 server (confidence level: 100%)
file193.56.29.183	Cobalt Strike botnet C2 server (confidence level: 100%)
file2.56.242.66	Cobalt Strike botnet C2 server (confidence level: 100%)
file120.25.127.16	Cobalt Strike botnet C2 server (confidence level: 100%)
file111.0.76.109	Cobalt Strike botnet C2 server (confidence level: 100%)
file192.74.254.59	Cobalt Strike botnet C2 server (confidence level: 100%)
file91.243.59.196	RedLine Stealer botnet C2 server (confidence level: 100%)
file185.174.40.141	Ave Maria botnet C2 server (confidence level: 100%)
file139.60.161.57	Cobalt Strike botnet C2 server (confidence level: 100%)
file139.60.161.57	Cobalt Strike botnet C2 server (confidence level: 100%)
file172.93.201.48	Cobalt Strike botnet C2 server (confidence level: 100%)
file184.105.237.196	NetWire RC botnet C2 server (confidence level: 100%)
file107.175.87.159	Bashlite botnet C2 server (confidence level: 75%)
file192.169.69.25	Nanocore RAT botnet C2 server (confidence level: 100%)
file46.8.52.17	RedLine Stealer botnet C2 server (confidence level: 100%)
file47.242.26.146	Cobalt Strike botnet C2 server (confidence level: 100%)
file193.233.206.76	Cobalt Strike botnet C2 server (confidence level: 100%)
file103.234.72.29	Cobalt Strike botnet C2 server (confidence level: 100%)
file137.175.19.20	Cobalt Strike botnet C2 server (confidence level: 100%)
file34.92.105.43	Cobalt Strike botnet C2 server (confidence level: 100%)
file120.25.167.104	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.243.79.171	Cobalt Strike botnet C2 server (confidence level: 100%)
file205.185.116.54	Cobalt Strike botnet C2 server (confidence level: 100%)
file212.192.241.250	RedLine Stealer botnet C2 server (confidence level: 100%)
file41.225.46.176	BitRAT botnet C2 server (confidence level: 100%)
file34.92.105.43	Cobalt Strike botnet C2 server (confidence level: 100%)
file139.177.191.22	Cobalt Strike botnet C2 server (confidence level: 100%)
file107.173.222.135	Mirai botnet C2 server (confidence level: 75%)

Hash

Value	Description	Copy
hash6666	AsyncRAT botnet C2 server (confidence level: 100%)
hash888	Mirai botnet C2 server (confidence level: 75%)
hash5050	NjRAT botnet C2 server (confidence level: 100%)
hash6238	RedLine Stealer botnet C2 server (confidence level: 100%)
hash8686	Nanocore RAT botnet C2 server (confidence level: 100%)
hash40250	RedLine Stealer botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash1338	Quasar RAT botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2000	AsyncRAT botnet C2 server (confidence level: 100%)
hash13571	NjRAT botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash5004	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9090	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash32798	RedLine Stealer botnet C2 server (confidence level: 100%)
hash8780	Ave Maria botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash3360	NetWire RC botnet C2 server (confidence level: 100%)
hash42516	Bashlite botnet C2 server (confidence level: 75%)
hash519	Nanocore RAT botnet C2 server (confidence level: 100%)
hashd2b27a909af535f43f98a9417d15605dfb3a712a354c66611923a8a1f55f1bd5	QakBot payload (confidence level: 100%)
hash358ffadb642fe360ad1973d46a383963acd3c48171354a13b9132994df6c7a26	QakBot payload (confidence level: 100%)
hash29fc3cee79f26e80d735d9f488f26b628be93194cd1f0b64dffb900bdfe0c128	QakBot payload (confidence level: 100%)
hash6abc19500e1ffb620bbc0767aecd5de2b51054fe33d708bcb896d6630abc0808	QakBot payload (confidence level: 100%)
hasha37c691c61c3fbd78f0ed5b2c67430a787d886e46deba2eb222e2412f8bf48ba	QakBot payload (confidence level: 100%)
hashbb1f62a3abf57e858e71ec3ccd31accd382836989cd75e61c0551ef78a121153	QakBot payload (confidence level: 100%)
hashd34ccf784cc71fd5e406e3a05531556c6073a67f51a6ffb3ae031774d05fe689	QakBot payload (confidence level: 100%)
hash546e9fb5a2e7db713f31220f6bc65860c8c4a8306f661838e102f8d9722abb59	QakBot payload (confidence level: 100%)
hashd04f384bf49eb6f6b6569f31f76f989ca6ed3104563d90e0ac74a870cc127147	QakBot payload (confidence level: 100%)
hashc556a47bb6371b45de11de879e82d643e9490613dad48fb76af38c9ac65de92b	QakBot payload (confidence level: 100%)
hashc29fd1209428c0a3b2b3468b103bbfc9e8e687c64e04470ef1fb88f73f807f15	QakBot payload (confidence level: 100%)
hash002c3dfe6c2a402993f53e080caef084f6ddc31101aed77f3408b62e24b19afb	QakBot payload (confidence level: 100%)
hash889659c27b4d19b1f0caf7d8eb2f8931ce0b4885325222a1f6e65af2cc1313a0	QakBot payload (confidence level: 100%)
hash0ee12ad9b6527bc13c7a581970a1b74a591e27cf1d7e5ba69fd0b7d8418fc148	QakBot payload (confidence level: 100%)
hash67c5fe2374b1555357df744dc37b19db60ed74434600eee6b9bf4d78854a1464	QakBot payload (confidence level: 100%)
hashca194fdd65a1cd3ba83c4f888e8bb8c15d5542dc44b9d56e75391088cc82c17e	QakBot payload (confidence level: 100%)
hash0f562e670674c7837151bfe8184f074830a4be3d623f6f27a656f8580566b799	QakBot payload (confidence level: 100%)
hash11389b81d0d59a33c5039dcb614e19ecb654a087f77a1c050b343451af71f484	QakBot payload (confidence level: 100%)
hash1c44068e816646c723ae5273cbe59bcd9be23fffbde574ed2543bacb30f83a9b	QakBot payload (confidence level: 100%)
hash1fd81fbc589127229f2304b8246b25e58526dad6cb239e3eeb2ad8347c731673	QakBot payload (confidence level: 100%)
hash20a907835a74e7d7109934bf7a81d4a4a18a8c8eae4b90a477d7b2bbb1ec93d8	QakBot payload (confidence level: 100%)
hashe8df7e2d1fd2e347a6526c9f9bf74e06eb4ab5a218a24591478934ecde736928	QakBot payload (confidence level: 100%)
hash8ff837977473025c3743bb18a37af8ec2c4b31fcaa55f8f2122c686e15dfd468	QakBot payload (confidence level: 100%)
hash847a3255e9e33228e130939814e566372bc25618776a317463895cf4e6dbfc0a	QakBot payload (confidence level: 100%)
hash5b1e887b51c585534be9cc545dd8cd2fad5785f93b5854075c1ccbc4f4bb7240	QakBot payload (confidence level: 100%)
hash546f1a4fb1ce8beb6944a3a11f78dc46f885a877d0e6744b6ee84dc502316fd7	QakBot payload (confidence level: 100%)
hashafa89f0175b6870104fc4a29fd9d60eff8bcd2e90761620dff572ea1b729096b	QakBot payload (confidence level: 100%)
hash93813a448fe0e922d9d6d081296a324418e4aefca26a58ab58c016a4870d2d51	QakBot payload (confidence level: 100%)
hash7692c39e1fe463f561422db8bed1123f31d588974df0d57d0e8e54a9d4f2b62f	QakBot payload (confidence level: 100%)
hasha7bb803de0282abd10c87b6eec0b942f9d8df704b7036ce0519ed0312208f0ae	QakBot payload (confidence level: 100%)
hash9668d6b2a50e0ae7476c325b09ad36a1d9284ece981f63cea884763e6cab468c	QakBot payload (confidence level: 100%)
hash1dea453e5344898c9a66309bd6d1cf6e21c56eb1427c026aac84b14a6b23f7fc	Conti payload (confidence level: 100%)
hashea524e8b0dd046561b59a8d4da5a122aeff02036c87bb03056437a1d0f584039	Conti payload (confidence level: 100%)
hashcf487bd54e487585cd052e982fd765cbc0d8d164cc21b8635e55475182dadf00	Conti payload (confidence level: 100%)
hash2586026617b117506dfe326f50e45476ce765a74fe48c8650d32980a4dfe5ee9	Conti payload (confidence level: 100%)
hashe298d3e4ea2610e43eedcdc3171998943d645c187779f431424b7c0b39650d05	Conti payload (confidence level: 100%)
hash64485b3ea7ab067e7a83611f8c4caaf74482cdacb8a41bf118d967de3f1b51b2	Conti payload (confidence level: 100%)
hash24758	RedLine Stealer botnet C2 server (confidence level: 100%)
hash10010	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash7777	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash1443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash10920	RedLine Stealer botnet C2 server (confidence level: 100%)
hash1234	BitRAT botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8989	Cobalt Strike botnet C2 server (confidence level: 100%)
hash666	Mirai botnet C2 server (confidence level: 75%)

Url

Value	Description	Copy
urlhttp://62.109.17.127/jsserverdefaultsqlwindows.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://66.228.61.192/ponyz/gate.php	Pony botnet C2 (confidence level: 100%)
urlhttp://aonebioinstitute.com/default.php	Pony botnet C2 (confidence level: 100%)
urlhttp://oldspringdalians.com/default.php	Pony botnet C2 (confidence level: 100%)
urlhttp://odtpl.com/default.php	Pony botnet C2 (confidence level: 100%)
urlhttp://80.78.23.156/zc	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.32.61.158/ca	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://81.69.254.103/j.ad	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://115.29.212.183:5004/updates.rss	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://193.56.29.183:9090/match	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://2.56.242.66/__utm.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://flashx.ink/cm	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://111.0.76.109/__utm.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://192.74.254.59/load	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://185.241.61.111/jssecureauthsqlpublic.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://korunder.com/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://korunder.com/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://doracecut.com/nd	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://172.93.201.48/nd	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://212.193.30.35/purelogs/fre.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://212.193.30.35/elimoney/fre.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://a0603308.xsph.ru/asynccdn.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://20.113.82.15/linegamebigloadsqlgenerator.php	DCRat botnet C2 (confidence level: 100%)
urlhttps://47.242.26.146:10010/activity	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://193.233.206.76/design/v1.38/3vy7px5bdrr	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://103.234.72.29:7777/activity	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://137.175.19.20/j.ad	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://34.92.105.43:1443/match	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://service-mhxn7lwp-1307639069.bj.apigw.tencentcs.com/api/x	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.243.79.171/load	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://205.185.116.54/links.css	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://34.92.105.43/consolidate/v2.40/fb4esgwq	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://139.177.191.22:8989/ca	Cobalt Strike botnet C2 (confidence level: 100%)

Threat ID: 682c7ac1e3e6de8ceb766530

Added to database: 5/20/2025, 12:51:13 PM

Last enriched: 6/19/2025, 1:18:49 PM

Last updated: 8/10/2025, 4:47:26 AM

Related Threats

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2022-02-27

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2022-02-27

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Domain

File

Hash

Url

Related Threats

Threat Actor Profile: Interlock Ransomware

'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan

Kawabunga, Dude, You've Been Ransomed!

ERMAC V3.0 Banking Trojan: Full Source Code Leak and Infrastructure Analysis

Threat Bulletin: Fire in the Woods – A New Variant of FireWood

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility