ThreatFox IOCs for 2022-03-15
Severity: mediumType: malware
ThreatFox IOCs for 2022-03-15
AI Analysis
Technical Summary
The provided threat intelligence pertains to a collection of Indicators of Compromise (IOCs) published on 2022-03-15 by ThreatFox, a platform known for sharing OSINT (Open Source Intelligence) related to malware threats. The threat is categorized as malware-related but lacks detailed technical specifics such as affected software versions, attack vectors, or exploit mechanisms. The absence of known exploits in the wild and the medium severity rating suggest that this threat is currently of moderate concern. The technical details indicate a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, which may imply moderate dissemination or detection frequency. Since the threat is primarily OSINT-based, it likely involves the collection and sharing of malware-related indicators rather than a direct exploit or vulnerability. No CWE identifiers or patch links are provided, indicating that this is not tied to a specific software vulnerability but rather to malware activity or campaigns identified through open-source intelligence. The lack of indicators in the provided data limits the ability to perform a granular technical breakdown; however, the nature of ThreatFox IOCs typically includes hashes, IP addresses, domains, or file names associated with malware campaigns, which are crucial for detection and response activities.
Potential Impact
For European organizations, the impact of this threat is primarily related to the potential presence of malware infections or malicious activity indicated by the shared IOCs. Since the threat does not specify affected products or vulnerabilities, the risk is generalized across any organization that may encounter these indicators through network traffic, endpoint activity, or threat hunting processes. The medium severity suggests that while immediate catastrophic impacts are unlikely, there is a tangible risk of data compromise, operational disruption, or further malware propagation if these IOCs are not monitored and mitigated. European entities involved in critical infrastructure, finance, or government sectors could face increased risks if these IOCs correlate with targeted campaigns. The absence of known exploits in the wild reduces the urgency but does not eliminate the need for vigilance, as threat actors may leverage these IOCs in future attacks or use them as part of reconnaissance and initial access phases.
Mitigation Recommendations
1. Integrate the provided IOCs from ThreatFox into existing Security Information and Event Management (SIEM) systems, Endpoint Detection and Response (EDR) tools, and network intrusion detection systems to enable real-time detection of related malicious activity. 2. Conduct proactive threat hunting exercises using these IOCs to identify any latent infections or suspicious behaviors within the network. 3. Maintain updated malware signatures and heuristic detection capabilities on all endpoint and network security devices to detect variants related to the shared IOCs. 4. Implement strict network segmentation and least privilege access controls to limit lateral movement if a compromise is detected. 5. Educate security teams on the nature of OSINT-based threat intelligence to improve contextual understanding and response prioritization. 6. Regularly review and update incident response playbooks to incorporate handling of threats identified through OSINT platforms like ThreatFox. 7. Collaborate with information sharing and analysis centers (ISACs) relevant to European sectors to exchange intelligence and coordinate defensive measures.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium, Sweden, Finland
Indicators of Compromise
- file: 39.52.13.165
- hash: 995
- file: 192.169.69.25
- hash: 32144
- file: 83.110.219.121
- hash: 32101
- url: http://ejeana.co.ug/index.php
- url: https://ejeana.co.ug/index.php
- file: 54.36.185.63
- hash: 443
- file: 103.253.145.28
- hash: 8080
- url: http://yadrochy.ru.com/imagegamebigloadgeneratortemp.php
- url: http://51.15.62.59/aed77d05-a028-477c-b013-04f33f1385c3/index.php
- file: 45.83.122.149
- hash: 81
- domain: hotboy01.ddns.net
- file: 194.5.98.140
- hash: 4545
- file: 136.144.41.187
- hash: 633
- file: 84.38.130.214
- hash: 1604
- hash: 6f5863ceffe0e52557b277e1bde0ea012f4ebff0678523cccd58244d7237a488
- file: 45.80.207.27
- hash: 2498
- hash: b20f61224393052f45b32cd3278bb4c4a2e926cdb11fee8348f2847c575d0f1f
- file: 185.202.175.82
- hash: 5000
- file: 194.5.98.17
- hash: 1177
- file: 75.127.1.244
- hash: 3360
- url: http://mideastclinicsea.us/micr05oft-0n1ine/0a8005f5594bd67041f88c6196192646/a5bfc9e07964f8dddeb95fc584cd965d/df877f3865752637daa540ea9cbc474f/webmai1pr0tected/8efd23a3fe0ec74453bdd0fadb91b0e3/pl341/index.php
- file: 212.192.246.30
- hash: 5555
- hash: 75819d8407b7397a9c4d592fce516e38db90eee866a9ef37f7a534d89a2f4aa1
- file: 194.5.97.192
- hash: 9050
- file: 54.36.15.99
- hash: 80
- url: https://fitfabtherapy.com/untitled-1/adrf0jsnyi/
- url: http://almoiz.com/urdu/ldlbo5gc4c/
- url: http://www.e-tactics.com/wordpress/wpau-backup/i8sv/
- url: http://avrworks.com/mail/tgjconibvy59a81/
- url: http://asave.com.mx/cgi-bin/cua/
- url: https://aquinoabogados.com.ar/newsletter/tx9kbb2j/
- url: http://avcservices-tt.com/eanapi/hswsv1/
- url: http://vlascx.xyz/dof/tt/um.php
- url: http://polox.xyz/rc/as/rom.php
- url: https://ballpointmedia.com/css/wdvvklttncgkazp/
- url: http://www.altoxi.com/uic/04gthaqga/
- url: http://www.apesb.com/language/igws7rrv/
- url: http://www.ara-choob.com/data1/tzm3xscst4dscdufox/
- url: http://www.techniquesbroadband.net/pay/bxp/
- url: http://www.arisgears.com/cgi-bin/dkey/
- url: https://www.manchesterslt.co.uk/a-to-z-of-slt/rnrjkom2h/
- domain: baidencult.com
- domain: billiokz.com
- domain: billiopa.com
- domain: josefgur.com
- file: 154.246.55.179
- hash: 83
- file: 103.25.19.32
- hash: 9735
- file: 205.185.117.200
- hash: 61231
- url: http://5.39.218.208/cx
- url: https://5.39.218.208/pixel.gif
- url: http://114.132.233.42:9898/include/template/isx.php
- file: 114.132.233.42
- hash: 9898
- url: https://fedij.com/jquery-3.3.1.min.js
- url: http://119.3.59.17:9999/fwlink
- url: http://114.132.243.242:8083/dot.gif
- file: 114.132.243.242
- hash: 8083
- url: http://114.132.246.102:1433/ptj
- file: 114.132.246.102
- hash: 1433
- url: http://42.193.127.142:41555/__utm.gif
- file: 42.193.127.142
- hash: 41555
- file: 23.82.141.177
- hash: 443
- file: 193.38.54.110
- hash: 16360
- url: http://barcoindo.com/picture_library/2mz8f5es084wcxpynxz/
- url: http://bangplamahospital.com/bootstrap/im6louezhnupvtgirp/
- url: http://baronandstagger.com/hqakgc/akvsmu5bee39yb9r79c/
- url: http://basepainters.com/wp-content/zega/
- url: http://ceibadiseno.com.mx/bandermex2/8ib08zj/
- url: http://az-10.sakura.ne.jp/info/nxaq9xnk3zs/
- hash: 8949e7e79242f69ec5419f8942b16ad4289ca032c9ac055ed83cbeee8dab3c85
- file: 81.30.144.81
- hash: 39431
- url: https://www.ankeoman.com/undercons_files/l88etg/
- url: http://atbiotique.com/images/luf2jk8nahskvg3h83g/
- url: http://atacelikyapi.com/css/soiihs8wmjzlwoo/
- url: http://atsyemek.com/test/qamcxcqlpfhx/
- url: http://atozams.com/app/d24buasin4nut/
- url: http://aureadesign.net/1u3/
- url: http://www.anzizasalema.com/cms/wx6lkpshjeepo81/
- file: 185.213.155.164
- hash: 55140
- file: 185.215.113.20
- hash: 21921
- url: https://alinatourbg.com/mail/tbcgvnzleenxb/
- url: http://alinac.ca/images/lp6ykpiprf6/
- url: http://www.alsancaklimanemlak.com/system/t8ne1jfq7w/
- url: http://amakpost.com/assets/c8at1uocvlsxez/
- url: http://alsanjari.co.uk/alsanjari.com/cynw/
- url: http://alicehui.com/pics/fetgjdypfubqp/
- url: http://amasides.my.id/cgi-bin/ufqdwcqap7mro/
- url: https://appleinfoway.com/venv/5pp/
- url: http://www.atelierkikala.com/facebook/vxy2slffbsscth/
- url: http://astrogurusunilbarmola.com/css/ucdjnrtacsknjrzohr/
- url: http://atters.net/cgi-bin/0yiplpxo3156/
- url: http://www.andrarose.com/wp-admin/9ne3hpwhdggun0yleq0/
- url: http://ara-choob.com/data1/ypq8/
- url: http://asyadegirmen.com/template/awetuoe/
- file: 91.240.118.79
- hash: 19070
- url: http://hstfurnaces.net/ge1/fre.php
- hash: 00412b7f1271b078c983e7803bdb860f12f77679573edde045617765a1fb80a9
- hash: 71382e72d8fb3728dc8941798ab1c180493fa978fd7eadc1ab6d21dae0d603e2
- url: http://mic.poorguy.xyz:443/admin
- url: http://62.109.27.237/pythonsecure8mariadb/2_/8wordpressprivatesql/low/eternal/externalvmtohttptemp.php
- url: https://static.yxhpt.ga/jquery-3.3.1.min.js
- url: http://https://service-agugfaq3-1307697132.sh.apigw.tencentcs.com:443/api/getit
- file: 150.158.44.161
- hash: 443
- url: http://api.update2021.oppo.cn.cdn.dnsv1.com.cn/acquire/columnists/il03ghcp42od
- url: https://23.227.193.79/ie9compatviewlist.xml
- url: http://23.227.193.79/updates.rss
- url: http://1.116.180.87/updates.rss
- file: 1.116.180.87
- hash: 443
- url: http://62.197.136.186/oluwa/five/fre.php
- hash: da71ca77e5d26d7bc354faa333fc2395722ce2510aa8f0ba57040562e3ef6364
- url: http://91.219.236.133/
- hash: d357ca9782140336e322b3beb6c29debc754537fd9d2a2ccef51cbb96867169e
- url: http://hstfurnaces.net/ge3/fre.php
- url: https://52.175.11.103/updates.rss
- file: 52.175.11.103
- hash: 443
- url: http://update07.microsoft-essentials.com/u/vercheck
- file: 161.35.139.247
- hash: 80
- url: http://3.144.44.117/cm
- file: 3.144.44.117
- hash: 80
- url: http://49.232.2.107:4444/dot.gif
- file: 49.232.2.107
- hash: 4444
- url: http://119.59.126.193:7788/pixel.gif
- file: 119.59.126.193
- hash: 7788
- url: http://c.miorcsoft.com/cm
- file: 158.247.221.77
- hash: 80
- url: http://198.13.50.143/5en1bjq8aauym2zgoy3k/ll_9354efa.js
- file: 198.13.50.143
- hash: 80
- url: http://107.173.214.112/load
- file: 107.173.214.112
- hash: 80
- url: https://sakilasilla.com/dpixel
- file: 5.2.73.196
- hash: 443
- url: http://api.spotify.us.com/en_us/all.js
- file: 20.231.71.74
- hash: 80
- url: https://up.windowsserviceupdates.net/j.ad
- file: 45.32.11.95
- hash: 443
- url: http://metacloud.name/s/ref=nb_sb_noss_1/167-3246918-0264889/field-keywords=books
- url: http://23.227.178.53/s/ref=nb_sb_noss_1/167-3246918-0264889/field-keywords=books
- file: 23.227.178.53
- hash: 80
- url: http://143.110.177.163/cm
- file: 143.110.177.163
- hash: 80
- url: https://updatemlcrosoft.com:2087/dhl.js
- file: 47.242.86.193
- hash: 2087
- url: http://123.56.228.208:12306/search/
- file: 123.56.228.208
- hash: 12306
- url: http://107.174.63.211:33060/ca
- file: 107.174.63.211
- hash: 33060
- url: http://ak.gxtv.xyz/activity
- file: 167.179.91.226
- hash: 80
- url: http://23.227.198.207/dpixel
- file: 23.227.198.207
- hash: 80
- url: http://f469-212-193-30-206.ngrok.io/activity
- file: 212.193.30.206
- hash: 80
- url: https://146.70.87.200/update/dumpenv/vmhzg2vunps0
- file: 146.70.87.200
- hash: 443
- url: http://103.234.72.10:8050/push
- file: 103.234.72.10
- hash: 8050
- url: https://rsasecu.com/s/ref=nb_sb_noss_1/743-21494898-1923945/field-keywords=man
- file: 20.120.35.41
- hash: 443
- url: https://167.71.242.0/cm
- file: 167.71.242.0
- hash: 443
- url: http://123.57.207.156:18028/ptj
- file: 123.57.207.156
- hash: 18028
- file: 103.150.30.136
- hash: 8443
- url: https://147.78.47.246/_/scs/mail-static/_/js/
- file: 147.78.47.246
- hash: 443
- url: http://123.57.191.159:7777/ptj
- file: 123.57.191.159
- hash: 7777
- url: http://81.68.236.247/ca
- url: http://101.34.56.173/ga.js
- url: http://20.231.70.25/pixel
- file: 20.231.70.25
- hash: 80
- url: https://andjello.net/wp-includes/o74xnlzsodp/
- url: http://andrewpharma.com/wp-includes/d8yxekwruu/
- url: http://anneferrier.com/logs/ia7oz193szbb5n/
- url: http://anaforainc.com/media/tukknlcd0qjdxwo/
- url: http://allamapianoawards.com/quisint/ranfoijhasz0r33o/
- url: http://amdrolls.com/template/gorpy/
- url: https://www.anagramme.net/admin_files/rozduuhjsmh/
- file: 193.150.103.37
- hash: 21330
- file: 185.161.208.82
- hash: 3452
- file: 45.76.1.145
- hash: 443
- file: 217.182.25.250
- hash: 8080
- file: 119.193.124.41
- hash: 7080
- file: 72.15.201.15
- hash: 8080
- file: 101.50.0.91
- hash: 8080
- file: 103.43.46.182
- hash: 443
- file: 167.99.115.35
- hash: 8080
- file: 195.201.151.129
- hash: 8080
- hash: 0c44bbe09f91b4b37f26d5f3d85af572ef3cc4ea361636e8b1b19a057518f5bc
- file: 165.22.61.235
- hash: 443
- file: 121.78.112.42
- hash: 8080
- file: 216.10.251.121
- hash: 8080
- file: 202.28.34.99
- hash: 8080
- file: 2.58.16.87
- hash: 8080
- hash: 0169763cc87f9f56aa69057c77ef98a15a90082427f2603180df31a6e343ec8d
- url: http://120.24.175.206:666/g.pixel
- file: 120.24.175.206
- hash: 666
- url: http://115.63.4.192:58253/mozi.m
- url: http://42.234.236.145:45251/mozi.a
- url: http://125.46.190.96:44235/mozi.m
- url: http://163.179.164.160:35955/mozi.m
- url: http://81.70.29.244:8080/api/getit
- file: 81.70.29.244
- hash: 8080
- url: https://verif-me.info/c/msdownload/update/others/2021/10/q4fqr6o2qbtxukgqn13f0ny
- file: 153.92.222.210
- hash: 443
- url: http://42.193.103.184:1111/ga.js
- file: 42.193.103.184
- hash: 1111
- url: https://37.0.8.111:8443/preload
- file: 37.0.8.111
- hash: 8443
- url: http://t2.lten.cc:8888/en_us/all.js
- url: http://t3.lten.cc:8888/ca
- url: http://t4.lten.cc:8888/cx
- file: 47.105.223.18
- hash: 8888
- url: http://42.192.178.53:9998/match
- file: 42.192.178.53
- hash: 9998
- url: https://47.99.163.64/visit.js
- file: 47.99.163.64
- hash: 443
- url: http://120.53.226.115:1234/visit.js
- file: 120.53.226.115
- hash: 1234
ThreatFox IOCs for 2022-03-15
Medium
Published: Tue Mar 15 2022 (03/15/2022, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2022-03-15
AI-Powered Analysis
AILast updated: 06/18/2025, 19:02:06 UTC
Technical Analysis
The provided threat intelligence pertains to a collection of Indicators of Compromise (IOCs) published on 2022-03-15 by ThreatFox, a platform known for sharing OSINT (Open Source Intelligence) related to malware threats. The threat is categorized as malware-related but lacks detailed technical specifics such as affected software versions, attack vectors, or exploit mechanisms. The absence of known exploits in the wild and the medium severity rating suggest that this threat is currently of moderate concern. The technical details indicate a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, which may imply moderate dissemination or detection frequency. Since the threat is primarily OSINT-based, it likely involves the collection and sharing of malware-related indicators rather than a direct exploit or vulnerability. No CWE identifiers or patch links are provided, indicating that this is not tied to a specific software vulnerability but rather to malware activity or campaigns identified through open-source intelligence. The lack of indicators in the provided data limits the ability to perform a granular technical breakdown; however, the nature of ThreatFox IOCs typically includes hashes, IP addresses, domains, or file names associated with malware campaigns, which are crucial for detection and response activities.
Potential Impact
For European organizations, the impact of this threat is primarily related to the potential presence of malware infections or malicious activity indicated by the shared IOCs. Since the threat does not specify affected products or vulnerabilities, the risk is generalized across any organization that may encounter these indicators through network traffic, endpoint activity, or threat hunting processes. The medium severity suggests that while immediate catastrophic impacts are unlikely, there is a tangible risk of data compromise, operational disruption, or further malware propagation if these IOCs are not monitored and mitigated. European entities involved in critical infrastructure, finance, or government sectors could face increased risks if these IOCs correlate with targeted campaigns. The absence of known exploits in the wild reduces the urgency but does not eliminate the need for vigilance, as threat actors may leverage these IOCs in future attacks or use them as part of reconnaissance and initial access phases.
Mitigation Recommendations
1. Integrate the provided IOCs from ThreatFox into existing Security Information and Event Management (SIEM) systems, Endpoint Detection and Response (EDR) tools, and network intrusion detection systems to enable real-time detection of related malicious activity. 2. Conduct proactive threat hunting exercises using these IOCs to identify any latent infections or suspicious behaviors within the network. 3. Maintain updated malware signatures and heuristic detection capabilities on all endpoint and network security devices to detect variants related to the shared IOCs. 4. Implement strict network segmentation and least privilege access controls to limit lateral movement if a compromise is detected. 5. Educate security teams on the nature of OSINT-based threat intelligence to improve contextual understanding and response prioritization. 6. Regularly review and update incident response playbooks to incorporate handling of threats identified through OSINT platforms like ThreatFox. 7. Collaborate with information sharing and analysis centers (ISACs) relevant to European sectors to exchange intelligence and coordinate defensive measures.
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 0deb093f-6b9f-4232-88be-715ad97b0b49
- Original Timestamp
- 1647388982
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file39.52.13.165 | QakBot botnet C2 server (confidence level: 75%) | |
file192.169.69.25 | NetWire RC botnet C2 server (confidence level: 100%) | |
file83.110.219.121 | QakBot botnet C2 server (confidence level: 75%) | |
file54.36.185.63 | Emotet botnet C2 server (confidence level: 90%) | |
file103.253.145.28 | Emotet botnet C2 server (confidence level: 90%) | |
file45.83.122.149 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file194.5.98.140 | Ave Maria botnet C2 server (confidence level: 100%) | |
file136.144.41.187 | Mirai botnet C2 server (confidence level: 75%) | |
file84.38.130.214 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file45.80.207.27 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file185.202.175.82 | NetWire RC botnet C2 server (confidence level: 100%) | |
file194.5.98.17 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file75.127.1.244 | NetWire RC botnet C2 server (confidence level: 100%) | |
file212.192.246.30 | Mirai botnet C2 server (confidence level: 75%) | |
file194.5.97.192 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file54.36.15.99 | XOR DDoS botnet C2 server (confidence level: 75%) | |
file154.246.55.179 | NjRAT botnet C2 server (confidence level: 100%) | |
file103.25.19.32 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file205.185.117.200 | Mirai botnet C2 server (confidence level: 75%) | |
file114.132.233.42 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file114.132.243.242 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file114.132.246.102 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file42.193.127.142 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.82.141.177 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file193.38.54.110 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file81.30.144.81 | LimeRAT botnet C2 server (confidence level: 100%) | |
file185.213.155.164 | BitRAT botnet C2 server (confidence level: 100%) | |
file185.215.113.20 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file91.240.118.79 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file150.158.44.161 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.116.180.87 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file52.175.11.103 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file161.35.139.247 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file3.144.44.117 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file49.232.2.107 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file119.59.126.193 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file158.247.221.77 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file198.13.50.143 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.173.214.112 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file5.2.73.196 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file20.231.71.74 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.32.11.95 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.227.178.53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file143.110.177.163 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.242.86.193 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.56.228.208 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.174.63.211 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file167.179.91.226 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.227.198.207 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file212.193.30.206 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file146.70.87.200 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.234.72.10 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file20.120.35.41 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file167.71.242.0 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.57.207.156 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.150.30.136 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file147.78.47.246 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.57.191.159 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file20.231.70.25 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file193.150.103.37 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file185.161.208.82 | XpertRAT botnet C2 server (confidence level: 100%) | |
file45.76.1.145 | Emotet botnet C2 server (confidence level: 90%) | |
file217.182.25.250 | Emotet botnet C2 server (confidence level: 90%) | |
file119.193.124.41 | Emotet botnet C2 server (confidence level: 90%) | |
file72.15.201.15 | Emotet botnet C2 server (confidence level: 90%) | |
file101.50.0.91 | Emotet botnet C2 server (confidence level: 90%) | |
file103.43.46.182 | Emotet botnet C2 server (confidence level: 90%) | |
file167.99.115.35 | Emotet botnet C2 server (confidence level: 90%) | |
file195.201.151.129 | Emotet botnet C2 server (confidence level: 90%) | |
file165.22.61.235 | Emotet botnet C2 server (confidence level: 90%) | |
file121.78.112.42 | Emotet botnet C2 server (confidence level: 90%) | |
file216.10.251.121 | Emotet botnet C2 server (confidence level: 90%) | |
file202.28.34.99 | Emotet botnet C2 server (confidence level: 90%) | |
file2.58.16.87 | Emotet botnet C2 server (confidence level: 90%) | |
file120.24.175.206 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file81.70.29.244 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file153.92.222.210 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file42.193.103.184 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file37.0.8.111 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.105.223.18 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file42.192.178.53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.99.163.64 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.53.226.115 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash32144 | NetWire RC botnet C2 server (confidence level: 100%) | |
hash32101 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | Emotet botnet C2 server (confidence level: 90%) | |
hash8080 | Emotet botnet C2 server (confidence level: 90%) | |
hash81 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash4545 | Ave Maria botnet C2 server (confidence level: 100%) | |
hash633 | Mirai botnet C2 server (confidence level: 75%) | |
hash1604 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash6f5863ceffe0e52557b277e1bde0ea012f4ebff0678523cccd58244d7237a488 | Emotet payload (confidence level: 100%) | |
hash2498 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hashb20f61224393052f45b32cd3278bb4c4a2e926cdb11fee8348f2847c575d0f1f | Emotet payload (confidence level: 100%) | |
hash5000 | NetWire RC botnet C2 server (confidence level: 100%) | |
hash1177 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash3360 | NetWire RC botnet C2 server (confidence level: 100%) | |
hash5555 | Mirai botnet C2 server (confidence level: 75%) | |
hash75819d8407b7397a9c4d592fce516e38db90eee866a9ef37f7a534d89a2f4aa1 | Emotet payload (confidence level: 100%) | |
hash9050 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash80 | XOR DDoS botnet C2 server (confidence level: 75%) | |
hash83 | NjRAT botnet C2 server (confidence level: 100%) | |
hash9735 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash61231 | Mirai botnet C2 server (confidence level: 75%) | |
hash9898 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8083 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash41555 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash16360 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash8949e7e79242f69ec5419f8942b16ad4289ca032c9ac055ed83cbeee8dab3c85 | Emotet payload (confidence level: 100%) | |
hash39431 | LimeRAT botnet C2 server (confidence level: 100%) | |
hash55140 | BitRAT botnet C2 server (confidence level: 100%) | |
hash21921 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash19070 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash00412b7f1271b078c983e7803bdb860f12f77679573edde045617765a1fb80a9 | QakBot payload (confidence level: 100%) | |
hash71382e72d8fb3728dc8941798ab1c180493fa978fd7eadc1ab6d21dae0d603e2 | QakBot payload (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hashda71ca77e5d26d7bc354faa333fc2395722ce2510aa8f0ba57040562e3ef6364 | Emotet payload (confidence level: 100%) | |
hashd357ca9782140336e322b3beb6c29debc754537fd9d2a2ccef51cbb96867169e | Emotet payload (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7788 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2087 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash12306 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash33060 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8050 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash18028 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash21330 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash3452 | XpertRAT botnet C2 server (confidence level: 100%) | |
hash443 | Emotet botnet C2 server (confidence level: 90%) | |
hash8080 | Emotet botnet C2 server (confidence level: 90%) | |
hash7080 | Emotet botnet C2 server (confidence level: 90%) | |
hash8080 | Emotet botnet C2 server (confidence level: 90%) | |
hash8080 | Emotet botnet C2 server (confidence level: 90%) | |
hash443 | Emotet botnet C2 server (confidence level: 90%) | |
hash8080 | Emotet botnet C2 server (confidence level: 90%) | |
hash8080 | Emotet botnet C2 server (confidence level: 90%) | |
hash0c44bbe09f91b4b37f26d5f3d85af572ef3cc4ea361636e8b1b19a057518f5bc | Emotet payload (confidence level: 100%) | |
hash443 | Emotet botnet C2 server (confidence level: 90%) | |
hash8080 | Emotet botnet C2 server (confidence level: 90%) | |
hash8080 | Emotet botnet C2 server (confidence level: 90%) | |
hash8080 | Emotet botnet C2 server (confidence level: 90%) | |
hash8080 | Emotet botnet C2 server (confidence level: 90%) | |
hash0169763cc87f9f56aa69057c77ef98a15a90082427f2603180df31a6e343ec8d | Emotet payload (confidence level: 100%) | |
hash666 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1111 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9998 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1234 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://ejeana.co.ug/index.php | SmokeLoader botnet C2 (confidence level: 75%) | |
urlhttps://ejeana.co.ug/index.php | SmokeLoader botnet C2 (confidence level: 75%) | |
urlhttp://yadrochy.ru.com/imagegamebigloadgeneratortemp.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://51.15.62.59/aed77d05-a028-477c-b013-04f33f1385c3/index.php | Azorult botnet C2 (confidence level: 100%) | |
urlhttp://mideastclinicsea.us/micr05oft-0n1ine/0a8005f5594bd67041f88c6196192646/a5bfc9e07964f8dddeb95fc584cd965d/df877f3865752637daa540ea9cbc474f/webmai1pr0tected/8efd23a3fe0ec74453bdd0fadb91b0e3/pl341/index.php | Azorult botnet C2 (confidence level: 100%) | |
urlhttps://fitfabtherapy.com/untitled-1/adrf0jsnyi/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://almoiz.com/urdu/ldlbo5gc4c/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://www.e-tactics.com/wordpress/wpau-backup/i8sv/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://avrworks.com/mail/tgjconibvy59a81/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://asave.com.mx/cgi-bin/cua/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttps://aquinoabogados.com.ar/newsletter/tx9kbb2j/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://avcservices-tt.com/eanapi/hswsv1/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://vlascx.xyz/dof/tt/um.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://polox.xyz/rc/as/rom.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttps://ballpointmedia.com/css/wdvvklttncgkazp/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://www.altoxi.com/uic/04gthaqga/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://www.apesb.com/language/igws7rrv/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://www.ara-choob.com/data1/tzm3xscst4dscdufox/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://www.techniquesbroadband.net/pay/bxp/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://www.arisgears.com/cgi-bin/dkey/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttps://www.manchesterslt.co.uk/a-to-z-of-slt/rnrjkom2h/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://5.39.218.208/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://5.39.218.208/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://114.132.233.42:9898/include/template/isx.php | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://fedij.com/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://119.3.59.17:9999/fwlink | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://114.132.243.242:8083/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://114.132.246.102:1433/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://42.193.127.142:41555/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://barcoindo.com/picture_library/2mz8f5es084wcxpynxz/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://bangplamahospital.com/bootstrap/im6louezhnupvtgirp/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://baronandstagger.com/hqakgc/akvsmu5bee39yb9r79c/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://basepainters.com/wp-content/zega/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://ceibadiseno.com.mx/bandermex2/8ib08zj/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://az-10.sakura.ne.jp/info/nxaq9xnk3zs/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttps://www.ankeoman.com/undercons_files/l88etg/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://atbiotique.com/images/luf2jk8nahskvg3h83g/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://atacelikyapi.com/css/soiihs8wmjzlwoo/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://atsyemek.com/test/qamcxcqlpfhx/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://atozams.com/app/d24buasin4nut/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://aureadesign.net/1u3/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://www.anzizasalema.com/cms/wx6lkpshjeepo81/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttps://alinatourbg.com/mail/tbcgvnzleenxb/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://alinac.ca/images/lp6ykpiprf6/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://www.alsancaklimanemlak.com/system/t8ne1jfq7w/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://amakpost.com/assets/c8at1uocvlsxez/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://alsanjari.co.uk/alsanjari.com/cynw/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://alicehui.com/pics/fetgjdypfubqp/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://amasides.my.id/cgi-bin/ufqdwcqap7mro/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttps://appleinfoway.com/venv/5pp/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://www.atelierkikala.com/facebook/vxy2slffbsscth/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://astrogurusunilbarmola.com/css/ucdjnrtacsknjrzohr/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://atters.net/cgi-bin/0yiplpxo3156/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://www.andrarose.com/wp-admin/9ne3hpwhdggun0yleq0/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://ara-choob.com/data1/ypq8/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://asyadegirmen.com/template/awetuoe/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://hstfurnaces.net/ge1/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://mic.poorguy.xyz:443/admin | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://62.109.27.237/pythonsecure8mariadb/2_/8wordpressprivatesql/low/eternal/externalvmtohttptemp.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://static.yxhpt.ga/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://https://service-agugfaq3-1307697132.sh.apigw.tencentcs.com:443/api/getit | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://api.update2021.oppo.cn.cdn.dnsv1.com.cn/acquire/columnists/il03ghcp42od | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://23.227.193.79/ie9compatviewlist.xml | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://23.227.193.79/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://1.116.180.87/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://62.197.136.186/oluwa/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://91.219.236.133/ | Raccoon botnet C2 (confidence level: 100%) | |
urlhttp://hstfurnaces.net/ge3/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttps://52.175.11.103/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://update07.microsoft-essentials.com/u/vercheck | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://3.144.44.117/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://49.232.2.107:4444/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://119.59.126.193:7788/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://c.miorcsoft.com/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://198.13.50.143/5en1bjq8aauym2zgoy3k/ll_9354efa.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://107.173.214.112/load | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://sakilasilla.com/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://api.spotify.us.com/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://up.windowsserviceupdates.net/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://metacloud.name/s/ref=nb_sb_noss_1/167-3246918-0264889/field-keywords=books | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://23.227.178.53/s/ref=nb_sb_noss_1/167-3246918-0264889/field-keywords=books | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://143.110.177.163/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://updatemlcrosoft.com:2087/dhl.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://123.56.228.208:12306/search/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://107.174.63.211:33060/ca | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://ak.gxtv.xyz/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://23.227.198.207/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://f469-212-193-30-206.ngrok.io/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://146.70.87.200/update/dumpenv/vmhzg2vunps0 | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://103.234.72.10:8050/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://rsasecu.com/s/ref=nb_sb_noss_1/743-21494898-1923945/field-keywords=man | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://167.71.242.0/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://123.57.207.156:18028/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://147.78.47.246/_/scs/mail-static/_/js/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://123.57.191.159:7777/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://81.68.236.247/ca | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://101.34.56.173/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://20.231.70.25/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://andjello.net/wp-includes/o74xnlzsodp/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://andrewpharma.com/wp-includes/d8yxekwruu/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://anneferrier.com/logs/ia7oz193szbb5n/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://anaforainc.com/media/tukknlcd0qjdxwo/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://allamapianoawards.com/quisint/ranfoijhasz0r33o/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://amdrolls.com/template/gorpy/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttps://www.anagramme.net/admin_files/rozduuhjsmh/ | Emotet payload delivery URL (confidence level: 100%) | |
urlhttp://120.24.175.206:666/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://115.63.4.192:58253/mozi.m | Mozi botnet C2 (confidence level: 100%) | |
urlhttp://42.234.236.145:45251/mozi.a | Mozi botnet C2 (confidence level: 100%) | |
urlhttp://125.46.190.96:44235/mozi.m | Mozi botnet C2 (confidence level: 100%) | |
urlhttp://163.179.164.160:35955/mozi.m | Mozi botnet C2 (confidence level: 100%) | |
urlhttp://81.70.29.244:8080/api/getit | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://verif-me.info/c/msdownload/update/others/2021/10/q4fqr6o2qbtxukgqn13f0ny | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://42.193.103.184:1111/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://37.0.8.111:8443/preload | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://t2.lten.cc:8888/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://t3.lten.cc:8888/ca | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://t4.lten.cc:8888/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://42.192.178.53:9998/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://47.99.163.64/visit.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://120.53.226.115:1234/visit.js | Cobalt Strike botnet C2 (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainhotboy01.ddns.net | Ave Maria botnet C2 domain (confidence level: 100%) | |
domainbaidencult.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainbilliokz.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainbilliopa.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainjosefgur.com | Cobalt Strike botnet C2 domain (confidence level: 100%) |
Threat ID: 682b7b9fd3ddd8cef2e68942
Added to database: 5/19/2025, 6:42:39 PM
Last enriched: 6/18/2025, 7:02:06 PM
Last updated: 8/13/2025, 4:54:57 PM
Views: 15
Related Threats
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumMalwareFri Aug 15 2025
Kawabunga, Dude, You've Been Ransomed!
MediumMalwareFri Aug 15 2025
ERMAC V3.0 Banking Trojan: Full Source Code Leak and Infrastructure Analysis
MediumMalwareFri Aug 15 2025
Threat Bulletin: Fire in the Woods – A New Variant of FireWood
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.