ThreatFox IOCs for 2022-05-04
ThreatFox IOCs for 2022-05-04
AI Analysis
Technical Summary
The provided information pertains to a malware-related threat identified as "ThreatFox IOCs for 2022-05-04," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under "type:osint," indicating its nature relates to open-source intelligence gathering or dissemination rather than a specific malware family or exploit. No specific affected product versions or detailed technical characteristics are provided, and there are no associated Common Weakness Enumerations (CWEs) or patch links. The threat level is indicated as 2 on an unspecified scale, with a distribution rating of 3, suggesting moderate dissemination or presence in the wild, although no known exploits are reported. The absence of detailed indicators and technical specifics limits the ability to precisely define the malware's behavior, infection vectors, or payload capabilities. Given the medium severity rating and the lack of evidence for active exploitation, this threat appears to be of moderate concern, potentially representing emerging or low-profile malware activity captured through OSINT channels. The lack of authentication or user interaction requirements is not explicitly stated, but the nature of OSINT-related threats often implies passive data collection or reconnaissance activities rather than direct exploitation. Overall, this threat represents a general malware category with limited actionable technical details, emphasizing the importance of continued monitoring and intelligence gathering to identify any evolution or escalation in risk.
Potential Impact
For European organizations, the impact of this threat is currently assessed as moderate due to the medium severity rating and absence of known active exploits. Potential impacts include unauthorized data collection, reconnaissance, or low-level compromise that could serve as a precursor to more targeted attacks. Organizations relying heavily on OSINT tools or integrating open-source threat intelligence feeds may be at increased risk if the malware leverages these channels for propagation or data exfiltration. The lack of specific affected products or vulnerabilities reduces the likelihood of widespread disruption or critical system compromise at this stage. However, if the threat evolves or is leveraged in conjunction with other attack vectors, it could impact confidentiality by exposing sensitive information, integrity by manipulating data, or availability through potential malware payloads. European sectors with high reliance on digital infrastructure, such as finance, telecommunications, and government, should remain vigilant given the strategic importance of these targets and the potential for OSINT-based threats to facilitate broader cyber espionage or intrusion campaigns.
Mitigation Recommendations
Given the limited technical details, mitigation should focus on enhancing OSINT-related security hygiene and general malware defenses. Specific recommendations include: 1) Implement rigorous monitoring of OSINT feeds and threat intelligence sources to detect emerging IOCs and suspicious activity promptly. 2) Employ network segmentation and strict access controls to limit the spread of malware that may leverage OSINT channels. 3) Harden endpoint security by deploying advanced malware detection solutions capable of identifying anomalous behaviors associated with reconnaissance or data collection. 4) Conduct regular user awareness training emphasizing the risks associated with OSINT tools and the importance of verifying sources. 5) Integrate threat intelligence sharing with trusted partners and national cybersecurity centers to stay informed about evolving threats. 6) Perform periodic audits of systems and applications that consume or process OSINT data to identify potential vulnerabilities or misconfigurations. These measures go beyond generic advice by focusing on the intersection of OSINT usage and malware risk, addressing the unique aspects of this threat vector.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Belgium, Sweden
Indicators of Compromise
- file: 88.119.171.77
- hash: 81
- domain: yabynennet.xyz
- url: http://114.232.73.96:42557/mozi.m
- file: 194.31.98.87
- hash: 31622
- file: 194.87.71.4
- hash: 3431
- url: http://175.178.25.121/j.ad
- file: 175.178.25.121
- hash: 80
- url: http://124.223.224.167:8090/api/x
- file: 124.223.224.167
- hash: 8090
- url: http://146.70.104.167/fam_newspaper
- file: 146.70.104.167
- hash: 80
- url: https://141.94.203.45:440/ptj
- file: 141.94.203.45
- hash: 440
- url: http://139.196.219.122/dpixel
- file: 139.196.219.122
- hash: 80
- file: 46.175.145.22
- hash: 46769
- url: http://service-6p78e619-1307066631.sh.apigw.tencentcs.com/wp06/wp-includes/po.php
- url: http://usa.noesisdata.com/release
- url: http://198.187.30.47/p.php?id=19622864628953696
- url: http://45.131.179.66/activity
- file: 45.131.179.66
- hash: 80
- url: http://vqrothocare.com/hybrid/five/fre.php
- url: http://5.161.106.206/index.php
- file: 45.87.63.175
- hash: 80
- file: 62.113.215.200
- hash: 2983
- file: 194.31.98.159
- hash: 41027
- url: http://85.202.169.172/auzsintwo/five/fre.php
- file: 45.148.123.58
- hash: 839
- file: 192.3.231.100
- hash: 22392
- file: 37.0.10.205
- hash: 17176
- url: http://victory-collections.top/d2vxjasuws/index.php
- file: 38.91.106.103
- hash: 35459
- url: http://st4q2p.xyz/6.jpg
- url: http://st4q2p.xyz/1.jpg
- url: http://st4q2p.xyz/2.jpg
- url: http://st4q2p.xyz/3.jpg
- url: http://st4q2p.xyz/4.jpg
- url: http://st4q2p.xyz/5.jpg
- url: http://st4q2p.xyz/7.jpg
- domain: masmabelicods.com
- domain: omigxpremiernuc.com
- domain: rafawarsindustri.com
- domain: slotstbrnewss.com
- domain: rafatrekindustri24.com
- domain: roterkindustri24.com
- file: 5.181.234.149
- hash: 51822
- url: http://spetralnet2.com/prit/five/fre.php
- file: 37.0.11.241
- hash: 3608
- hash: 5fab0d46b2c85a5a166758ec802a5dfde324f49ffaf1586239df9024229dc831
- file: 185.189.151.28
- hash: 80
- file: 185.189.151.70
- hash: 80
- url: https://investoriant.com/
- hash: bda0c23f9cd91512429cb679d411966e
- url: http://193.106.191.201/panelis/index.php
- file: 191.88.250.98
- hash: 3005
- domain: eblaqie.org
- url: https://service-c7oa3a1z-1304194739.cd.apigw.tencentcs.com/api/x
- file: 123.56.249.174
- hash: 443
- url: http://ugll.org/test1/get.php
- url: https://imolaoggi.eu/s/8re23cnqti7uq2mqmlj3j/field-keywords/
- file: 31.41.8.66
- hash: 443
- url: http://chiantelecom.cn:2053/api/3
- file: 101.35.156.33
- hash: 2053
- url: http://a0653501.xsph.ru/lowauthlongpoll.php
- url: https://scanixu.com/jquery-3.3.1.min.js
- url: https://chiantelecom.cn:2096/api/3
- file: 101.35.156.33
- hash: 2096
- url: https://43.132.182.179/g.pixel
- file: 43.132.182.179
- hash: 443
- file: 194.31.98.232
- hash: 3074
- file: 2.56.59.10
- hash: 1024
- file: 141.255.156.56
- hash: 19811
- file: 62.197.136.237
- hash: 55688
- file: 2.56.213.169
- hash: 34799
- url: http://2.58.149.41/obizx.exe
- url: https://xemigefav.com/zh
- file: 108.177.235.172
- hash: 443
- file: 23.160.193.23
- hash: 55650
- url: http://37.0.11.227/droidcas/five/fre.php
- file: 23.82.128.149
- hash: 443
- file: 108.62.12.203
- hash: 443
- file: 206.189.181.21
- hash: 1312
- url: http://sempersim.su/gf12/fre.php
- file: 146.59.162.137
- hash: 46754
- url: http://sempersim.su/gf13/fre.php
- domain: sky01.publicvm.com
- file: 91.193.75.175
- hash: 9217
- url: http://ugll.org/lancer/get.php
- url: http://service-9w3fcjv1-1304194739.sh.apigw.tencentcs.com/api/x
- file: 123.56.249.174
- hash: 80
- url: http://192.168.199.246:4444/updates.rss
- file: 45.136.186.176
- hash: 4444
- url: http://179.60.150.35/en_us/all.js
- file: 179.60.150.35
- hash: 80
- url: http://104.238.221.186:8088/temp
- file: 104.238.221.186
- hash: 8088
- url: http://185.173.34.180/cx
- file: 185.173.34.180
- hash: 80
- url: http://185.22.153.231/fwlink
- file: 185.22.153.231
- hash: 80
- url: http://137.220.196.174:44444/g.pixel
- file: 137.220.196.174
- hash: 44444
- url: http://newsguns.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
- file: 161.35.15.81
- hash: 80
- file: 158.101.222.185
- hash: 443
- url: http://173.82.134.187:5555/wp06/wp-includes/po.php
- file: 173.82.134.187
- hash: 5555
- url: https://mdelete.azureedge.net/installkits/ms3214
- file: 20.223.205.20
- hash: 443
- url: https://13.88.203.29:444/activity
- file: 13.88.203.29
- hash: 444
- url: https://tasklistmvc.tk:2096/api/3
- file: 34.146.137.100
- hash: 2096
- url: http://154.12.239.195:8080/ca
- file: 154.12.239.195
- hash: 8080
- url: http://192.210.136.33:4466/dpixel
- file: 192.210.136.33
- hash: 4466
- file: 167.88.182.162
- hash: 80
- url: http://47.242.242.29:11111/_/scs/mail-static/_/js/
- file: 47.242.242.29
- hash: 11111
- url: https://103.56.112.2:58443/ie9compatviewlist.xml
- file: 103.56.112.2
- hash: 58443
- url: http://service-2zxm4jl7-1311524389.sh.apigw.tencentcs.com/api/x
- file: 124.223.224.167
- hash: 80
- file: 154.12.239.195
- hash: 80
- url: https://t.me/hollandracing
- url: https://busshi.moe/@ronxik321
- hash: 897bf7aaeee44df44e04fb6b0a276d0be76298569252fe157a39d6071a17631c
- hash: 3b02fc8c8cfc0f965bdb7dae7958bed22ed27e39a278e1e22860358fb61f3021
- hash: 48f664496412e4da22a0d539aca9fe98737a194103d55ff58ea15dae95935d90
- file: 45.133.1.58
- hash: 2113
- file: 45.95.169.124
- hash: 1312
- file: 95.214.55.206
- hash: 42631
- file: 46.249.32.112
- hash: 9372
ThreatFox IOCs for 2022-05-04
Description
ThreatFox IOCs for 2022-05-04
AI-Powered Analysis
Technical Analysis
The provided information pertains to a malware-related threat identified as "ThreatFox IOCs for 2022-05-04," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under "type:osint," indicating its nature relates to open-source intelligence gathering or dissemination rather than a specific malware family or exploit. No specific affected product versions or detailed technical characteristics are provided, and there are no associated Common Weakness Enumerations (CWEs) or patch links. The threat level is indicated as 2 on an unspecified scale, with a distribution rating of 3, suggesting moderate dissemination or presence in the wild, although no known exploits are reported. The absence of detailed indicators and technical specifics limits the ability to precisely define the malware's behavior, infection vectors, or payload capabilities. Given the medium severity rating and the lack of evidence for active exploitation, this threat appears to be of moderate concern, potentially representing emerging or low-profile malware activity captured through OSINT channels. The lack of authentication or user interaction requirements is not explicitly stated, but the nature of OSINT-related threats often implies passive data collection or reconnaissance activities rather than direct exploitation. Overall, this threat represents a general malware category with limited actionable technical details, emphasizing the importance of continued monitoring and intelligence gathering to identify any evolution or escalation in risk.
Potential Impact
For European organizations, the impact of this threat is currently assessed as moderate due to the medium severity rating and absence of known active exploits. Potential impacts include unauthorized data collection, reconnaissance, or low-level compromise that could serve as a precursor to more targeted attacks. Organizations relying heavily on OSINT tools or integrating open-source threat intelligence feeds may be at increased risk if the malware leverages these channels for propagation or data exfiltration. The lack of specific affected products or vulnerabilities reduces the likelihood of widespread disruption or critical system compromise at this stage. However, if the threat evolves or is leveraged in conjunction with other attack vectors, it could impact confidentiality by exposing sensitive information, integrity by manipulating data, or availability through potential malware payloads. European sectors with high reliance on digital infrastructure, such as finance, telecommunications, and government, should remain vigilant given the strategic importance of these targets and the potential for OSINT-based threats to facilitate broader cyber espionage or intrusion campaigns.
Mitigation Recommendations
Given the limited technical details, mitigation should focus on enhancing OSINT-related security hygiene and general malware defenses. Specific recommendations include: 1) Implement rigorous monitoring of OSINT feeds and threat intelligence sources to detect emerging IOCs and suspicious activity promptly. 2) Employ network segmentation and strict access controls to limit the spread of malware that may leverage OSINT channels. 3) Harden endpoint security by deploying advanced malware detection solutions capable of identifying anomalous behaviors associated with reconnaissance or data collection. 4) Conduct regular user awareness training emphasizing the risks associated with OSINT tools and the importance of verifying sources. 5) Integrate threat intelligence sharing with trusted partners and national cybersecurity centers to stay informed about evolving threats. 6) Perform periodic audits of systems and applications that consume or process OSINT data to identify potential vulnerabilities or misconfigurations. These measures go beyond generic advice by focusing on the intersection of OSINT usage and malware risk, addressing the unique aspects of this threat vector.
Affected Countries
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- f0c6e080-221b-475c-9244-6cf283fb9903
- Original Timestamp
- 1651708983
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file88.119.171.77 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file194.31.98.87 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file194.87.71.4 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file175.178.25.121 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.223.224.167 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file146.70.104.167 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file141.94.203.45 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file139.196.219.122 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file46.175.145.22 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file45.131.179.66 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.87.63.175 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file62.113.215.200 | NetWire RC botnet C2 server (confidence level: 100%) | |
file194.31.98.159 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file45.148.123.58 | Bashlite botnet C2 server (confidence level: 75%) | |
file192.3.231.100 | Bashlite botnet C2 server (confidence level: 75%) | |
file37.0.10.205 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file38.91.106.103 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file5.181.234.149 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file37.0.11.241 | STRRAT botnet C2 server (confidence level: 100%) | |
file185.189.151.28 | Gozi botnet C2 server (confidence level: 100%) | |
file185.189.151.70 | Gozi botnet C2 server (confidence level: 100%) | |
file191.88.250.98 | BitRAT botnet C2 server (confidence level: 100%) | |
file123.56.249.174 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file31.41.8.66 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.35.156.33 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.35.156.33 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.132.182.179 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file194.31.98.232 | Mirai botnet C2 server (confidence level: 75%) | |
file2.56.59.10 | Mirai botnet C2 server (confidence level: 75%) | |
file141.255.156.56 | NjRAT botnet C2 server (confidence level: 100%) | |
file62.197.136.237 | Nanocore RAT botnet C2 server (confidence level: 75%) | |
file2.56.213.169 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file108.177.235.172 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.160.193.23 | Mirai botnet C2 server (confidence level: 75%) | |
file23.82.128.149 | BumbleBee botnet C2 server (confidence level: 75%) | |
file108.62.12.203 | BumbleBee botnet C2 server (confidence level: 75%) | |
file206.189.181.21 | Mirai botnet C2 server (confidence level: 75%) | |
file146.59.162.137 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file91.193.75.175 | DCRat botnet C2 server (confidence level: 100%) | |
file123.56.249.174 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.136.186.176 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file179.60.150.35 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file104.238.221.186 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.173.34.180 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.22.153.231 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file137.220.196.174 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file161.35.15.81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file158.101.222.185 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file173.82.134.187 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file20.223.205.20 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file13.88.203.29 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file34.146.137.100 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.12.239.195 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file192.210.136.33 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file167.88.182.162 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.242.242.29 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.56.112.2 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.223.224.167 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.12.239.195 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.133.1.58 | Mirai botnet C2 server (confidence level: 75%) | |
file45.95.169.124 | Mirai botnet C2 server (confidence level: 75%) | |
file95.214.55.206 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file46.249.32.112 | Mirai botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash81 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash31622 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash3431 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8090 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash440 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash46769 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash2983 | NetWire RC botnet C2 server (confidence level: 100%) | |
hash41027 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash839 | Bashlite botnet C2 server (confidence level: 75%) | |
hash22392 | Bashlite botnet C2 server (confidence level: 75%) | |
hash17176 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash35459 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash51822 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash3608 | STRRAT botnet C2 server (confidence level: 100%) | |
hash5fab0d46b2c85a5a166758ec802a5dfde324f49ffaf1586239df9024229dc831 | Ave Maria payload (confidence level: 50%) | |
hash80 | Gozi botnet C2 server (confidence level: 100%) | |
hash80 | Gozi botnet C2 server (confidence level: 100%) | |
hashbda0c23f9cd91512429cb679d411966e | Gozi payload (confidence level: 50%) | |
hash3005 | BitRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2053 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2096 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3074 | Mirai botnet C2 server (confidence level: 75%) | |
hash1024 | Mirai botnet C2 server (confidence level: 75%) | |
hash19811 | NjRAT botnet C2 server (confidence level: 100%) | |
hash55688 | Nanocore RAT botnet C2 server (confidence level: 75%) | |
hash34799 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash55650 | Mirai botnet C2 server (confidence level: 75%) | |
hash443 | BumbleBee botnet C2 server (confidence level: 75%) | |
hash443 | BumbleBee botnet C2 server (confidence level: 75%) | |
hash1312 | Mirai botnet C2 server (confidence level: 75%) | |
hash46754 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash9217 | DCRat botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash44444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5555 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2096 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4466 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash11111 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash58443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash897bf7aaeee44df44e04fb6b0a276d0be76298569252fe157a39d6071a17631c | BumbleBee payload (confidence level: 50%) | |
hash3b02fc8c8cfc0f965bdb7dae7958bed22ed27e39a278e1e22860358fb61f3021 | BumbleBee payload (confidence level: 50%) | |
hash48f664496412e4da22a0d539aca9fe98737a194103d55ff58ea15dae95935d90 | BumbleBee payload (confidence level: 50%) | |
hash2113 | Mirai botnet C2 server (confidence level: 75%) | |
hash1312 | Mirai botnet C2 server (confidence level: 75%) | |
hash42631 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash9372 | Mirai botnet C2 server (confidence level: 75%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainyabynennet.xyz | RedLine Stealer botnet C2 domain (confidence level: 100%) | |
domainmasmabelicods.com | Astaroth botnet C2 domain (confidence level: 100%) | |
domainomigxpremiernuc.com | Astaroth botnet C2 domain (confidence level: 100%) | |
domainrafawarsindustri.com | Astaroth botnet C2 domain (confidence level: 100%) | |
domainslotstbrnewss.com | Astaroth botnet C2 domain (confidence level: 100%) | |
domainrafatrekindustri24.com | Astaroth botnet C2 domain (confidence level: 100%) | |
domainroterkindustri24.com | Astaroth botnet C2 domain (confidence level: 100%) | |
domaineblaqie.org | SMSspy payload delivery domain (confidence level: 50%) | |
domainsky01.publicvm.com | DCRat botnet C2 domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://114.232.73.96:42557/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttp://175.178.25.121/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://124.223.224.167:8090/api/x | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://146.70.104.167/fam_newspaper | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://141.94.203.45:440/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://139.196.219.122/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://service-6p78e619-1307066631.sh.apigw.tencentcs.com/wp06/wp-includes/po.php | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://usa.noesisdata.com/release | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://198.187.30.47/p.php?id=19622864628953696 | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttp://45.131.179.66/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://vqrothocare.com/hybrid/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttp://5.161.106.206/index.php | Azorult botnet C2 (confidence level: 100%) | |
urlhttp://85.202.169.172/auzsintwo/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttp://victory-collections.top/d2vxjasuws/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://st4q2p.xyz/6.jpg | Oski Stealer botnet C2 (confidence level: 100%) | |
urlhttp://st4q2p.xyz/1.jpg | Oski Stealer botnet C2 (confidence level: 100%) | |
urlhttp://st4q2p.xyz/2.jpg | Oski Stealer botnet C2 (confidence level: 100%) | |
urlhttp://st4q2p.xyz/3.jpg | Oski Stealer botnet C2 (confidence level: 100%) | |
urlhttp://st4q2p.xyz/4.jpg | Oski Stealer botnet C2 (confidence level: 100%) | |
urlhttp://st4q2p.xyz/5.jpg | Oski Stealer botnet C2 (confidence level: 100%) | |
urlhttp://st4q2p.xyz/7.jpg | Oski Stealer botnet C2 (confidence level: 100%) | |
urlhttp://spetralnet2.com/prit/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttps://investoriant.com/ | Gozi payload delivery URL (confidence level: 100%) | |
urlhttp://193.106.191.201/panelis/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttps://service-c7oa3a1z-1304194739.cd.apigw.tencentcs.com/api/x | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://ugll.org/test1/get.php | TeamBot botnet C2 (confidence level: 100%) | |
urlhttps://imolaoggi.eu/s/8re23cnqti7uq2mqmlj3j/field-keywords/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://chiantelecom.cn:2053/api/3 | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://a0653501.xsph.ru/lowauthlongpoll.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://scanixu.com/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://chiantelecom.cn:2096/api/3 | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://43.132.182.179/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://2.58.149.41/obizx.exe | Formbook payload delivery URL (confidence level: 100%) | |
urlhttps://xemigefav.com/zh | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://37.0.11.227/droidcas/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttp://sempersim.su/gf12/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://sempersim.su/gf13/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://ugll.org/lancer/get.php | TeamBot botnet C2 (confidence level: 100%) | |
urlhttp://service-9w3fcjv1-1304194739.sh.apigw.tencentcs.com/api/x | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://192.168.199.246:4444/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://179.60.150.35/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://104.238.221.186:8088/temp | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://185.173.34.180/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://185.22.153.231/fwlink | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://137.220.196.174:44444/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://newsguns.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://173.82.134.187:5555/wp06/wp-includes/po.php | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://mdelete.azureedge.net/installkits/ms3214 | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://13.88.203.29:444/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://tasklistmvc.tk:2096/api/3 | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://154.12.239.195:8080/ca | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://192.210.136.33:4466/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.242.242.29:11111/_/scs/mail-static/_/js/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://103.56.112.2:58443/ie9compatviewlist.xml | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://service-2zxm4jl7-1311524389.sh.apigw.tencentcs.com/api/x | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://t.me/hollandracing | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://busshi.moe/@ronxik321 | Vidar botnet C2 (confidence level: 100%) |
Threat ID: 682c7abde3e6de8ceb752a0c
Added to database: 5/20/2025, 12:51:09 PM
Last enriched: 6/19/2025, 1:04:15 PM
Last updated: 2/7/2026, 11:20:55 AM
Views: 85
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
MediumThreatFox IOCs for 2026-02-06
MediumThreatFox IOCs for 2026-02-05
MediumTechnical Analysis of Marco Stealer
MediumNew Clickfix variant 'CrashFix' deploying Python Remote Access Trojan
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.