ThreatFox IOCs for 2022-05-10
ThreatFox IOCs for 2022-05-10
AI Analysis
Technical Summary
The provided information pertains to a set of Indicators of Compromise (IOCs) published on May 10, 2022, sourced from the ThreatFox MISP feed. The threat is categorized under malware with a focus on OSINT (Open Source Intelligence), network activity, and payload delivery. However, the details are minimal and do not specify particular malware families, attack vectors, or affected software versions. The threat level is indicated as medium with a threatLevel score of 2 (on an unspecified scale), and the analysis and distribution scores suggest limited but notable activity. No known exploits in the wild or patches are available, and no specific Common Weakness Enumerations (CWEs) are listed. The absence of concrete technical details such as payload characteristics, infection mechanisms, or targeted vulnerabilities limits the depth of technical analysis. The threat appears to be primarily related to the collection and dissemination of OSINT-based indicators that could be used to detect or analyze malware-related network activity and payload delivery attempts. The lack of indicators in the data further restricts actionable insights. Overall, this represents a medium-level malware threat primarily focused on network-based detection and intelligence gathering rather than a direct vulnerability or exploit.
Potential Impact
For European organizations, the impact of this threat is likely to be moderate given the medium severity rating and the nature of the threat as OSINT-related malware indicators. The threat could facilitate early detection of malware campaigns or network intrusions if the IOCs are integrated into security monitoring tools. However, without specific exploit details or targeted vulnerabilities, the direct risk of compromise or operational disruption is limited. Organizations relying heavily on network security monitoring and threat intelligence platforms could benefit from incorporating such IOCs to enhance situational awareness. Conversely, organizations lacking mature threat intelligence capabilities may find limited immediate value. The potential impact includes increased exposure to malware payload delivery attempts that could lead to data exfiltration, system compromise, or lateral movement if not detected and mitigated. Given the absence of patches or known exploits, the threat is more about detection and response readiness than urgent remediation.
Mitigation Recommendations
1. Integrate Threat Intelligence: European organizations should incorporate ThreatFox IOCs into their existing Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to enhance detection capabilities against related malware activity. 2. Network Monitoring: Implement advanced network traffic analysis to identify anomalous payload delivery attempts and suspicious network activity consistent with the threat profile. 3. Incident Response Preparedness: Develop and regularly update incident response playbooks that include procedures for handling malware infections detected via OSINT indicators. 4. Employee Awareness: Conduct targeted training to raise awareness about malware delivery methods, especially those involving network vectors, to reduce the risk of successful payload execution. 5. Collaboration and Sharing: Engage with European cybersecurity information sharing organizations (e.g., CERT-EU, ENISA) to receive updated IOCs and threat intelligence feeds to stay current on evolving threats. 6. Endpoint Security: Ensure endpoint protection platforms are configured to detect and block malware payloads and maintain up-to-date signatures and heuristics. These steps go beyond generic advice by emphasizing the operational integration of OSINT-derived IOCs and proactive network defense tailored to the threat's characteristics.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- url: http://194.87.216.73/defaultdledownloadstemporary.php
- file: 194.9.71.111
- hash: 81
- url: http://185.81.157.210:3681/vre
- file: 198.44.237.131
- hash: 8081
- file: 51.210.80.98
- hash: 6969
- url: http://sempersim.su/gf11/fre.php
- file: 23.227.196.162
- hash: 7456
- url: http://sempersim.su/gf19/fre.php
- url: http://85.202.169.159/romas/inc/02d1f9874469a3.php
- url: https://www.ausvanlines.com.au/cloudflare/index.php
- hash: 5aa98174bd302b5cd08f4932b9a41a9586726bb40571b90bd82325039a7a8b51
- file: 37.0.11.6
- hash: 1515
- url: http://198.187.30.47/p.php?id=21890394437660420
- url: http://45.133.1.41/wsp/inc/6cba382c58c057.php
- url: http://sempersim.su/gf20/fre.php
- file: 178.23.190.51
- hash: 9987
- file: 5.182.210.145
- hash: 158
- file: 202.103.212.140
- hash: 20000
- domain: nishabii.live
- file: 154.23.191.157
- hash: 5896
- file: 193.178.210.87
- hash: 9987
- file: 77.91.101.249
- hash: 9987
- file: 146.19.75.41
- hash: 9987
- file: 77.91.72.39
- hash: 9987
- file: 194.156.98.67
- hash: 9987
- file: 178.23.190.52
- hash: 9987
- file: 194.156.98.43
- hash: 9987
- domain: dota.zzzsleepisnicezzz.art
- domain: dota.iwishiwashappy.eu
- domain: dota.uiasuibasdbui.art
- domain: zzzsleepisnicezzz.art
- domain: iwishiwashappy.eu
- domain: uiasuibasdbui.art
- url: http://103.167.92.57/365space/vbc.exe
- file: 185.140.53.3
- hash: 31789
- url: https://cdn.discordapp.com/attachments/972107891119128650/973468812643016714/jjetdn_ocxqkrdc.bmp
- url: http://hyatqfuh9olahvxf.ml/subject/fre.php
- url: http://sempersim.su/gf21/fre.php
- url: http://194.147.140.230:10101/vre
- file: 192.30.89.27
- hash: 29843
- file: 45.147.230.150
- hash: 80
- file: 144.217.60.57
- hash: 80
- file: 164.92.90.52
- hash: 80
- file: 167.114.48.59
- hash: 80
- url: http://players32.top
- url: http://sempersim.su/gf17/fre.php
- url: http://aboyox.xyz/aboy/five/fre.php
- file: 51.158.187.34
- hash: 9375
- file: 156.223.215.205
- hash: 1234
- url: http://27.215.209.191:44408/mozi.m
- url: http://62.197.136.176/healthtwo/five/fre.php
- url: https://www.yuuh88t.com/jquery-3.3.1.min.js
- url: https://45.64.184.207/jquery-3.3.1.min.js
- file: 45.64.184.207
- hash: 443
- url: http://129.226.100.175/ie9compatviewlist.xml
- file: 129.226.100.175
- hash: 80
- file: 212.192.246.110
- hash: 5555
- url: http://104.225.155.181:8081/cx
- domain: managmentoria.com
- file: 184.75.223.235
- hash: 3811
- file: 156.212.252.55
- hash: 9999
- file: 193.233.48.58
- hash: 43014
- url: http://172.245.119.75/365space/winlog.exe
- url: http://46.4.198.55/10p/book.ps1
- url: http://46.4.198.55/10p/sursdepa.vbs
- url: https://1.14.74.61/cm
- file: 1.14.74.61
- hash: 443
- file: 103.136.41.110
- hash: 6525
- url: https://travcharles.duia.ro
- url: http://joshkelly.club/file/kc/five/fre.php
- file: 66.154.111.120
- hash: 1998
- file: 91.109.188.10
- hash: 6606
- file: 146.70.106.92
- hash: 443
- file: 51.83.253.244
- hash: 443
- file: 154.56.0.218
- hash: 443
- url: http://92.63.103.35/localvm8/geotraffic/_cpurequest/api8vmpublic/7mariadbpoll4/localupdate/5/pipeauth/externalflowerjs/8/pythonmulti/wordpresssql3datalife/apiimageprivate/datalifeauthpython/wppipe0/flower/voiddbuniversal/httplinuxvoiddbcdn/defaultuploads.php
- hash: 20c703846da825710e52f27da7af48cb172e032022b18bb77609547b94ca740f
- url: https://textbin.net/raw/6bdsyjbhwt
- file: 137.184.237.83
- hash: 1312
- url: https://sahlonline.com/0f6eazywlul/lkmn.png
- url: https://faproadvisors.com/vtfldjvyf5g/lkmn.png
- url: https://truckmate.org/pd6tap7cso/lkmn.png
- hash: 3f7fde411098899ab3e60d50455c7e7f633dac039124926052ab559beaf0de7e
- file: 141.255.144.172
- hash: 5553
- url: http://80.87.201.178/universalpipe9temporary/pollprivatehttp/7secure2wp/multidblow/processmultitestwplocal.php
- file: 162.243.161.74
- hash: 1312
- file: 172.67.139.94
- hash: 443
- url: http://164.92.146.31:8080/en_us/all.js
- file: 164.92.146.31
- hash: 8080
- url: https://45.9.20.141/dot.gif
- file: 5.252.23.20
- hash: 443
- file: 164.92.90.52
- hash: 443
- file: 144.217.60.57
- hash: 443
- file: 51.89.190.220
- hash: 443
- file: 5.199.162.123
- hash: 443
- hash: 05dec77dbc765b43d3b969146da92bb6
- file: 141.95.111.39
- hash: 1312
- file: 51.210.80.99
- hash: 6969
ThreatFox IOCs for 2022-05-10
Description
ThreatFox IOCs for 2022-05-10
AI-Powered Analysis
Technical Analysis
The provided information pertains to a set of Indicators of Compromise (IOCs) published on May 10, 2022, sourced from the ThreatFox MISP feed. The threat is categorized under malware with a focus on OSINT (Open Source Intelligence), network activity, and payload delivery. However, the details are minimal and do not specify particular malware families, attack vectors, or affected software versions. The threat level is indicated as medium with a threatLevel score of 2 (on an unspecified scale), and the analysis and distribution scores suggest limited but notable activity. No known exploits in the wild or patches are available, and no specific Common Weakness Enumerations (CWEs) are listed. The absence of concrete technical details such as payload characteristics, infection mechanisms, or targeted vulnerabilities limits the depth of technical analysis. The threat appears to be primarily related to the collection and dissemination of OSINT-based indicators that could be used to detect or analyze malware-related network activity and payload delivery attempts. The lack of indicators in the data further restricts actionable insights. Overall, this represents a medium-level malware threat primarily focused on network-based detection and intelligence gathering rather than a direct vulnerability or exploit.
Potential Impact
For European organizations, the impact of this threat is likely to be moderate given the medium severity rating and the nature of the threat as OSINT-related malware indicators. The threat could facilitate early detection of malware campaigns or network intrusions if the IOCs are integrated into security monitoring tools. However, without specific exploit details or targeted vulnerabilities, the direct risk of compromise or operational disruption is limited. Organizations relying heavily on network security monitoring and threat intelligence platforms could benefit from incorporating such IOCs to enhance situational awareness. Conversely, organizations lacking mature threat intelligence capabilities may find limited immediate value. The potential impact includes increased exposure to malware payload delivery attempts that could lead to data exfiltration, system compromise, or lateral movement if not detected and mitigated. Given the absence of patches or known exploits, the threat is more about detection and response readiness than urgent remediation.
Mitigation Recommendations
1. Integrate Threat Intelligence: European organizations should incorporate ThreatFox IOCs into their existing Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to enhance detection capabilities against related malware activity. 2. Network Monitoring: Implement advanced network traffic analysis to identify anomalous payload delivery attempts and suspicious network activity consistent with the threat profile. 3. Incident Response Preparedness: Develop and regularly update incident response playbooks that include procedures for handling malware infections detected via OSINT indicators. 4. Employee Awareness: Conduct targeted training to raise awareness about malware delivery methods, especially those involving network vectors, to reduce the risk of successful payload execution. 5. Collaboration and Sharing: Engage with European cybersecurity information sharing organizations (e.g., CERT-EU, ENISA) to receive updated IOCs and threat intelligence feeds to stay current on evolving threats. 6. Endpoint Security: Ensure endpoint protection platforms are configured to detect and block malware payloads and maintain up-to-date signatures and heuristics. These steps go beyond generic advice by emphasizing the operational integration of OSINT-derived IOCs and proactive network defense tailored to the threat's characteristics.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- fff7dfa0-6881-495d-b0e8-4299d067f1bf
- Original Timestamp
- 1652227382
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://194.87.216.73/defaultdledownloadstemporary.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://185.81.157.210:3681/vre | Vjw0rm botnet C2 (confidence level: 100%) | |
urlhttp://sempersim.su/gf11/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://sempersim.su/gf19/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://85.202.169.159/romas/inc/02d1f9874469a3.php | Agent Tesla botnet C2 (confidence level: 100%) | |
urlhttps://www.ausvanlines.com.au/cloudflare/index.php | Azorult botnet C2 (confidence level: 75%) | |
urlhttp://198.187.30.47/p.php?id=21890394437660420 | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttp://45.133.1.41/wsp/inc/6cba382c58c057.php | Agent Tesla botnet C2 (confidence level: 100%) | |
urlhttp://sempersim.su/gf20/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://103.167.92.57/365space/vbc.exe | Formbook payload delivery URL (confidence level: 100%) | |
urlhttps://cdn.discordapp.com/attachments/972107891119128650/973468812643016714/jjetdn_ocxqkrdc.bmp | Formbook payload delivery URL (confidence level: 100%) | |
urlhttp://hyatqfuh9olahvxf.ml/subject/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttp://sempersim.su/gf21/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttp://194.147.140.230:10101/vre | Vjw0rm botnet C2 (confidence level: 100%) | |
urlhttp://players32.top | Hydra botnet C2 (confidence level: 80%) | |
urlhttp://sempersim.su/gf17/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://aboyox.xyz/aboy/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttp://27.215.209.191:44408/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttp://62.197.136.176/healthtwo/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttps://www.yuuh88t.com/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://45.64.184.207/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://129.226.100.175/ie9compatviewlist.xml | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://104.225.155.181:8081/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://172.245.119.75/365space/winlog.exe | Loki Password Stealer (PWS) payload delivery URL (confidence level: 100%) | |
urlhttp://46.4.198.55/10p/book.ps1 | Formbook payload delivery URL (confidence level: 100%) | |
urlhttp://46.4.198.55/10p/sursdepa.vbs | Formbook payload delivery URL (confidence level: 100%) | |
urlhttps://1.14.74.61/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://travcharles.duia.ro | Vjw0rm botnet C2 (confidence level: 100%) | |
urlhttp://joshkelly.club/file/kc/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://92.63.103.35/localvm8/geotraffic/_cpurequest/api8vmpublic/7mariadbpoll4/localupdate/5/pipeauth/externalflowerjs/8/pythonmulti/wordpresssql3datalife/apiimageprivate/datalifeauthpython/wppipe0/flower/voiddbuniversal/httplinuxvoiddbcdn/defaultuploads.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://textbin.net/raw/6bdsyjbhwt | AsyncRAT payload delivery URL (confidence level: 50%) | |
urlhttps://sahlonline.com/0f6eazywlul/lkmn.png | QakBot payload delivery URL (confidence level: 100%) | |
urlhttps://faproadvisors.com/vtfldjvyf5g/lkmn.png | QakBot payload delivery URL (confidence level: 100%) | |
urlhttps://truckmate.org/pd6tap7cso/lkmn.png | QakBot payload delivery URL (confidence level: 100%) | |
urlhttp://80.87.201.178/universalpipe9temporary/pollprivatehttp/7secure2wp/multidblow/processmultitestwplocal.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://164.92.146.31:8080/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://45.9.20.141/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file194.9.71.111 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file198.44.237.131 | NetWire RC botnet C2 server (confidence level: 100%) | |
file51.210.80.98 | Mirai botnet C2 server (confidence level: 75%) | |
file23.227.196.162 | STRRAT botnet C2 server (confidence level: 100%) | |
file37.0.11.6 | Nanocore RAT botnet C2 server (confidence level: 75%) | |
file178.23.190.51 | Mirai botnet C2 server (confidence level: 75%) | |
file5.182.210.145 | Bashlite botnet C2 server (confidence level: 75%) | |
file202.103.212.140 | Ghost RAT botnet C2 server (confidence level: 75%) | |
file154.23.191.157 | Ghost RAT payload delivery server (confidence level: 75%) | |
file193.178.210.87 | Mirai botnet C2 server (confidence level: 100%) | |
file77.91.101.249 | Mirai botnet C2 server (confidence level: 100%) | |
file146.19.75.41 | Mirai botnet C2 server (confidence level: 100%) | |
file77.91.72.39 | Mirai botnet C2 server (confidence level: 100%) | |
file194.156.98.67 | Mirai botnet C2 server (confidence level: 100%) | |
file178.23.190.52 | Mirai botnet C2 server (confidence level: 100%) | |
file194.156.98.43 | Mirai botnet C2 server (confidence level: 100%) | |
file185.140.53.3 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file192.30.89.27 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.147.230.150 | IcedID Downloader botnet C2 server (confidence level: 75%) | |
file144.217.60.57 | IcedID Downloader botnet C2 server (confidence level: 75%) | |
file164.92.90.52 | IcedID Downloader botnet C2 server (confidence level: 75%) | |
file167.114.48.59 | IcedID Downloader botnet C2 server (confidence level: 75%) | |
file51.158.187.34 | Mirai botnet C2 server (confidence level: 75%) | |
file156.223.215.205 | BitRAT botnet C2 server (confidence level: 100%) | |
file45.64.184.207 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file129.226.100.175 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file212.192.246.110 | Mirai botnet C2 server (confidence level: 75%) | |
file184.75.223.235 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file156.212.252.55 | NjRAT botnet C2 server (confidence level: 100%) | |
file193.233.48.58 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file1.14.74.61 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.136.41.110 | Bashlite botnet C2 server (confidence level: 75%) | |
file66.154.111.120 | Ave Maria botnet C2 server (confidence level: 100%) | |
file91.109.188.10 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file146.70.106.92 | BumbleBee botnet C2 server (confidence level: 75%) | |
file51.83.253.244 | BumbleBee botnet C2 server (confidence level: 75%) | |
file154.56.0.218 | BumbleBee botnet C2 server (confidence level: 75%) | |
file137.184.237.83 | Mirai botnet C2 server (confidence level: 75%) | |
file141.255.144.172 | NjRAT botnet C2 server (confidence level: 100%) | |
file162.243.161.74 | Mirai botnet C2 server (confidence level: 75%) | |
file172.67.139.94 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file164.92.146.31 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file5.252.23.20 | NjRAT botnet C2 server (confidence level: 100%) | |
file164.92.90.52 | IcedID botnet C2 server (confidence level: 75%) | |
file144.217.60.57 | IcedID botnet C2 server (confidence level: 75%) | |
file51.89.190.220 | IcedID botnet C2 server (confidence level: 75%) | |
file5.199.162.123 | IcedID botnet C2 server (confidence level: 75%) | |
file141.95.111.39 | Mirai botnet C2 server (confidence level: 75%) | |
file51.210.80.99 | Mirai botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash81 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash8081 | NetWire RC botnet C2 server (confidence level: 100%) | |
hash6969 | Mirai botnet C2 server (confidence level: 75%) | |
hash7456 | STRRAT botnet C2 server (confidence level: 100%) | |
hash5aa98174bd302b5cd08f4932b9a41a9586726bb40571b90bd82325039a7a8b51 | Emotet payload (confidence level: 100%) | |
hash1515 | Nanocore RAT botnet C2 server (confidence level: 75%) | |
hash9987 | Mirai botnet C2 server (confidence level: 75%) | |
hash158 | Bashlite botnet C2 server (confidence level: 75%) | |
hash20000 | Ghost RAT botnet C2 server (confidence level: 75%) | |
hash5896 | Ghost RAT payload delivery server (confidence level: 75%) | |
hash9987 | Mirai botnet C2 server (confidence level: 100%) | |
hash9987 | Mirai botnet C2 server (confidence level: 100%) | |
hash9987 | Mirai botnet C2 server (confidence level: 100%) | |
hash9987 | Mirai botnet C2 server (confidence level: 100%) | |
hash9987 | Mirai botnet C2 server (confidence level: 100%) | |
hash9987 | Mirai botnet C2 server (confidence level: 100%) | |
hash9987 | Mirai botnet C2 server (confidence level: 100%) | |
hash31789 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash29843 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | IcedID Downloader botnet C2 server (confidence level: 75%) | |
hash80 | IcedID Downloader botnet C2 server (confidence level: 75%) | |
hash80 | IcedID Downloader botnet C2 server (confidence level: 75%) | |
hash80 | IcedID Downloader botnet C2 server (confidence level: 75%) | |
hash9375 | Mirai botnet C2 server (confidence level: 75%) | |
hash1234 | BitRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5555 | Mirai botnet C2 server (confidence level: 75%) | |
hash3811 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash9999 | NjRAT botnet C2 server (confidence level: 100%) | |
hash43014 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6525 | Bashlite botnet C2 server (confidence level: 75%) | |
hash1998 | Ave Maria botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | BumbleBee botnet C2 server (confidence level: 75%) | |
hash443 | BumbleBee botnet C2 server (confidence level: 75%) | |
hash443 | BumbleBee botnet C2 server (confidence level: 75%) | |
hash20c703846da825710e52f27da7af48cb172e032022b18bb77609547b94ca740f | AsyncRAT payload (confidence level: 50%) | |
hash1312 | Mirai botnet C2 server (confidence level: 75%) | |
hash3f7fde411098899ab3e60d50455c7e7f633dac039124926052ab559beaf0de7e | Magniber payload (confidence level: 50%) | |
hash5553 | NjRAT botnet C2 server (confidence level: 100%) | |
hash1312 | Mirai botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | NjRAT botnet C2 server (confidence level: 100%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash05dec77dbc765b43d3b969146da92bb6 | Coinminer payload (confidence level: 50%) | |
hash1312 | Mirai botnet C2 server (confidence level: 75%) | |
hash6969 | Mirai botnet C2 server (confidence level: 75%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainnishabii.live | Ghost RAT botnet C2 domain (confidence level: 100%) | |
domaindota.zzzsleepisnicezzz.art | Mirai botnet C2 domain (confidence level: 100%) | |
domaindota.iwishiwashappy.eu | Mirai botnet C2 domain (confidence level: 100%) | |
domaindota.uiasuibasdbui.art | Mirai botnet C2 domain (confidence level: 100%) | |
domainzzzsleepisnicezzz.art | Mirai botnet C2 domain (confidence level: 100%) | |
domainiwishiwashappy.eu | Mirai botnet C2 domain (confidence level: 100%) | |
domainuiasuibasdbui.art | Mirai botnet C2 domain (confidence level: 100%) | |
domainmanagmentoria.com | Cutwail botnet C2 domain (confidence level: 75%) |
Threat ID: 68359c995d5f0974d01dfd79
Added to database: 5/27/2025, 11:06:01 AM
Last enriched: 7/5/2025, 10:56:43 PM
Last updated: 8/12/2025, 3:24:34 AM
Views: 10
Related Threats
'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumKawabunga, Dude, You've Been Ransomed!
MediumERMAC V3.0 Banking Trojan: Full Source Code Leak and Infrastructure Analysis
MediumThreat Bulletin: Fire in the Woods – A New Variant of FireWood
MediumThis 'SAP Ariba Quote' Isn't What It Seems—It's Ransomware
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.