ThreatFox IOCs for 2022-05-10

Severity: mediumType: unknown

AI Analysis

Technical Summary

The provided information pertains to a ThreatFox Indicator of Compromise (IOC) report dated May 10, 2022. ThreatFox is a platform that aggregates and shares threat intelligence, particularly IOCs, to assist cybersecurity professionals in identifying and mitigating threats. However, this specific entry lacks detailed technical information such as affected software versions, vulnerability descriptions, attack vectors, or exploit mechanisms. The threat type is marked as 'unknown,' and no Common Weakness Enumerations (CWEs) or patch links are provided. The severity is classified as 'medium' by the source, with a threat level of 2 (on an unspecified scale), analysis level of 1, and distribution level of 3, indicating moderate confidence and moderate dissemination of the threat intelligence. No known exploits are reported in the wild, and no specific indicators (such as IP addresses, hashes, or domains) are included. The tags indicate that the data is derived from open-source intelligence (OSINT) and is shared under a TLP:WHITE classification, meaning it is intended for unrestricted sharing. Overall, this entry appears to be a general IOC update without actionable technical details or direct evidence of active exploitation, limiting the ability to perform a deep technical analysis or identify specific attack methodologies.

Potential Impact

Given the absence of detailed technical data, affected systems, or exploit mechanisms, the potential impact on European organizations is difficult to quantify precisely. However, the medium severity rating suggests a moderate risk level, possibly indicating the presence of IOCs related to emerging or low-confidence threats. Without known exploits in the wild or specific targeted vulnerabilities, the immediate risk to confidentiality, integrity, or availability is likely limited. Nevertheless, European organizations should remain vigilant, as the dissemination of IOCs can precede active exploitation or be indicative of reconnaissance activities. The lack of detailed indicators reduces the ability to perform targeted detection or response, potentially increasing the window of exposure if the threat evolves. The impact may be more pronounced in sectors that rely heavily on threat intelligence sharing and rapid IOC integration, such as finance, critical infrastructure, and government agencies.

Mitigation Recommendations

1. Enhance Threat Intelligence Integration: European organizations should ensure their security operations centers (SOCs) and security information and event management (SIEM) systems are configured to ingest and correlate ThreatFox IOC feeds promptly, even when details are sparse, to maintain situational awareness. 2. Proactive Hunting: Conduct proactive threat hunting exercises focusing on anomalous behaviors or artifacts that may align with emerging IOCs, despite the lack of explicit indicators. 3. Strengthen Baseline Security Controls: Maintain robust endpoint detection and response (EDR) solutions, network segmentation, and strict access controls to limit potential lateral movement should an unknown threat materialize. 4. Collaboration and Information Sharing: Engage with European cybersecurity information sharing organizations (e.g., ENISA, national CERTs) to receive updated intelligence and contextual analysis that may supplement the limited data. 5. Continuous Monitoring and Patch Management: Although no patches are linked, organizations should continue rigorous patch management and vulnerability scanning to reduce the attack surface for potential future exploitation related to these or other threats. 6. User Awareness: Reinforce user training to recognize phishing or social engineering attempts that often accompany the deployment of new threats, even if not explicitly mentioned here.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland

Indicators of Compromise

url: http://194.87.216.73/defaultdledownloadstemporary.php
ip-dst|port: 194.9.71.111|81
url: http://185.81.157.210:3681/vre
ip-dst|port: 198.44.237.131|8081
ip-dst|port: 51.210.80.98|6969
url: http://sempersim.su/gf11/fre.php
ip-dst|port: 23.227.196.162|7456
url: http://sempersim.su/gf19/fre.php
url: http://85.202.169.159/romas/inc/02d1f9874469a3.php
url: https://www.ausvanlines.com.au/cloudflare/index.php
hash: 5aa98174bd302b5cd08f4932b9a41a9586726bb40571b90bd82325039a7a8b51
ip-dst|port: 37.0.11.6|1515
url: http://198.187.30.47/p.php?id=21890394437660420
url: http://45.133.1.41/wsp/inc/6cba382c58c057.php
url: http://sempersim.su/gf20/fre.php
ip-dst|port: 178.23.190.51|9987
ip-dst|port: 5.182.210.145|158
ip-dst|port: 202.103.212.140|20000
domain: nishabii.live
ip-dst|port: 154.23.191.157|5896
ip-dst|port: 193.178.210.87|9987
ip-dst|port: 77.91.101.249|9987
ip-dst|port: 146.19.75.41|9987
ip-dst|port: 77.91.72.39|9987
ip-dst|port: 194.156.98.67|9987
ip-dst|port: 178.23.190.52|9987
ip-dst|port: 194.156.98.43|9987
domain: dota.zzzsleepisnicezzz.art
domain: dota.iwishiwashappy.eu
domain: dota.uiasuibasdbui.art
domain: zzzsleepisnicezzz.art
domain: iwishiwashappy.eu
domain: uiasuibasdbui.art
url: http://103.167.92.57/365space/vbc.exe
ip-dst|port: 185.140.53.3|31789
url: https://cdn.discordapp.com/attachments/972107891119128650/973468812643016714/jjetdn_ocxqkrdc.bmp
url: http://hyatqfuh9olahvxf.ml/subject/fre.php
url: http://sempersim.su/gf21/fre.php
url: http://194.147.140.230:10101/vre
ip-dst|port: 192.30.89.27|29843
ip-dst|port: 45.147.230.150|80
ip-dst|port: 144.217.60.57|80
ip-dst|port: 164.92.90.52|80
ip-dst|port: 167.114.48.59|80
url: http://players32.top
url: http://sempersim.su/gf17/fre.php
url: http://aboyox.xyz/aboy/five/fre.php
ip-dst|port: 51.158.187.34|9375
ip-dst|port: 156.223.215.205|1234
url: http://27.215.209.191:44408/mozi.m
url: http://62.197.136.176/healthtwo/five/fre.php
url: https://www.yuuh88t.com/jquery-3.3.1.min.js
url: https://45.64.184.207/jquery-3.3.1.min.js
ip-dst|port: 45.64.184.207|443
url: http://129.226.100.175/ie9compatviewlist.xml
ip-dst|port: 129.226.100.175|80
ip-dst|port: 212.192.246.110|5555
url: http://104.225.155.181:8081/cx
domain: managmentoria.com
ip-dst|port: 184.75.223.235|3811
ip-dst|port: 156.212.252.55|9999
ip-dst|port: 193.233.48.58|43014
url: http://172.245.119.75/365space/winlog.exe
url: http://46.4.198.55/10p/book.ps1
url: http://46.4.198.55/10p/sursdepa.vbs
url: https://1.14.74.61/cm
ip-dst|port: 1.14.74.61|443
ip-dst|port: 103.136.41.110|6525
url: https://travcharles.duia.ro
url: http://joshkelly.club/file/kc/five/fre.php
ip-dst|port: 66.154.111.120|1998
ip-dst|port: 91.109.188.10|6606
ip-dst|port: 146.70.106.92|443
ip-dst|port: 51.83.253.244|443
ip-dst|port: 154.56.0.218|443
url: http://92.63.103.35/localvm8/geotraffic/_cpurequest/api8vmpublic/7mariadbpoll4/localupdate/5/pipeauth/externalflowerjs/8/pythonmulti/wordpresssql3datalife/apiimageprivate/datalifeauthpython/wppipe0/flower/voiddbuniversal/httplinuxvoiddbcdn/defaultuploads.php
hash: 20c703846da825710e52f27da7af48cb172e032022b18bb77609547b94ca740f
url: https://textbin.net/raw/6bdsyjbhwt
ip-dst|port: 137.184.237.83|1312
url: https://sahlonline.com/0f6eazywlul/lkmn.png
url: https://faproadvisors.com/vtfldjvyf5g/lkmn.png
url: https://truckmate.org/pd6tap7cso/lkmn.png
hash: 3f7fde411098899ab3e60d50455c7e7f633dac039124926052ab559beaf0de7e
ip-dst|port: 141.255.144.172|5553
url: http://80.87.201.178/universalpipe9temporary/pollprivatehttp/7secure2wp/multidblow/processmultitestwplocal.php
ip-dst|port: 162.243.161.74|1312
ip-dst|port: 172.67.139.94|443
url: http://164.92.146.31:8080/en_us/all.js
ip-dst|port: 164.92.146.31|8080
url: https://45.9.20.141/dot.gif
ip-dst|port: 5.252.23.20|443
ip-dst|port: 164.92.90.52|443
ip-dst|port: 144.217.60.57|443
ip-dst|port: 51.89.190.220|443
ip-dst|port: 5.199.162.123|443
hash: 05dec77dbc765b43d3b969146da92bb6
ip-dst|port: 141.95.111.39|1312
ip-dst|port: 51.210.80.99|6969

ThreatFox IOCs for 2022-05-10

Severity: medium

Type: unknown

ThreatFox IOCs for 2022-05-10

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland

Indicators of Compromise

url: http://194.87.216.73/defaultdledownloadstemporary.php
ip-dst|port: 194.9.71.111|81
url: http://185.81.157.210:3681/vre
ip-dst|port: 198.44.237.131|8081
ip-dst|port: 51.210.80.98|6969
url: http://sempersim.su/gf11/fre.php
ip-dst|port: 23.227.196.162|7456
url: http://sempersim.su/gf19/fre.php
url: http://85.202.169.159/romas/inc/02d1f9874469a3.php
url: https://www.ausvanlines.com.au/cloudflare/index.php
hash: 5aa98174bd302b5cd08f4932b9a41a9586726bb40571b90bd82325039a7a8b51
ip-dst|port: 37.0.11.6|1515
url: http://198.187.30.47/p.php?id=21890394437660420
url: http://45.133.1.41/wsp/inc/6cba382c58c057.php
url: http://sempersim.su/gf20/fre.php
ip-dst|port: 178.23.190.51|9987
ip-dst|port: 5.182.210.145|158
ip-dst|port: 202.103.212.140|20000
domain: nishabii.live
ip-dst|port: 154.23.191.157|5896
ip-dst|port: 193.178.210.87|9987
ip-dst|port: 77.91.101.249|9987
ip-dst|port: 146.19.75.41|9987
ip-dst|port: 77.91.72.39|9987
ip-dst|port: 194.156.98.67|9987
ip-dst|port: 178.23.190.52|9987
ip-dst|port: 194.156.98.43|9987
domain: dota.zzzsleepisnicezzz.art
domain: dota.iwishiwashappy.eu
domain: dota.uiasuibasdbui.art
domain: zzzsleepisnicezzz.art
domain: iwishiwashappy.eu
domain: uiasuibasdbui.art
url: http://103.167.92.57/365space/vbc.exe
ip-dst|port: 185.140.53.3|31789
url: https://cdn.discordapp.com/attachments/972107891119128650/973468812643016714/jjetdn_ocxqkrdc.bmp
url: http://hyatqfuh9olahvxf.ml/subject/fre.php
url: http://sempersim.su/gf21/fre.php
url: http://194.147.140.230:10101/vre
ip-dst|port: 192.30.89.27|29843
ip-dst|port: 45.147.230.150|80
ip-dst|port: 144.217.60.57|80
ip-dst|port: 164.92.90.52|80
ip-dst|port: 167.114.48.59|80
url: http://players32.top
url: http://sempersim.su/gf17/fre.php
url: http://aboyox.xyz/aboy/five/fre.php
ip-dst|port: 51.158.187.34|9375
ip-dst|port: 156.223.215.205|1234
url: http://27.215.209.191:44408/mozi.m
url: http://62.197.136.176/healthtwo/five/fre.php
url: https://www.yuuh88t.com/jquery-3.3.1.min.js
url: https://45.64.184.207/jquery-3.3.1.min.js
ip-dst|port: 45.64.184.207|443
url: http://129.226.100.175/ie9compatviewlist.xml
ip-dst|port: 129.226.100.175|80
ip-dst|port: 212.192.246.110|5555
url: http://104.225.155.181:8081/cx
domain: managmentoria.com
ip-dst|port: 184.75.223.235|3811
ip-dst|port: 156.212.252.55|9999
ip-dst|port: 193.233.48.58|43014
url: http://172.245.119.75/365space/winlog.exe
url: http://46.4.198.55/10p/book.ps1
url: http://46.4.198.55/10p/sursdepa.vbs
url: https://1.14.74.61/cm
ip-dst|port: 1.14.74.61|443
ip-dst|port: 103.136.41.110|6525
url: https://travcharles.duia.ro
url: http://joshkelly.club/file/kc/five/fre.php
ip-dst|port: 66.154.111.120|1998
ip-dst|port: 91.109.188.10|6606
ip-dst|port: 146.70.106.92|443
ip-dst|port: 51.83.253.244|443
ip-dst|port: 154.56.0.218|443
url: http://92.63.103.35/localvm8/geotraffic/_cpurequest/api8vmpublic/7mariadbpoll4/localupdate/5/pipeauth/externalflowerjs/8/pythonmulti/wordpresssql3datalife/apiimageprivate/datalifeauthpython/wppipe0/flower/voiddbuniversal/httplinuxvoiddbcdn/defaultuploads.php
hash: 20c703846da825710e52f27da7af48cb172e032022b18bb77609547b94ca740f
url: https://textbin.net/raw/6bdsyjbhwt
ip-dst|port: 137.184.237.83|1312
url: https://sahlonline.com/0f6eazywlul/lkmn.png
url: https://faproadvisors.com/vtfldjvyf5g/lkmn.png
url: https://truckmate.org/pd6tap7cso/lkmn.png
hash: 3f7fde411098899ab3e60d50455c7e7f633dac039124926052ab559beaf0de7e
ip-dst|port: 141.255.144.172|5553
url: http://80.87.201.178/universalpipe9temporary/pollprivatehttp/7secure2wp/multidblow/processmultitestwplocal.php
ip-dst|port: 162.243.161.74|1312
ip-dst|port: 172.67.139.94|443
url: http://164.92.146.31:8080/en_us/all.js
ip-dst|port: 164.92.146.31|8080
url: https://45.9.20.141/dot.gif
ip-dst|port: 5.252.23.20|443
ip-dst|port: 164.92.90.52|443
ip-dst|port: 144.217.60.57|443
ip-dst|port: 51.89.190.220|443
ip-dst|port: 5.199.162.123|443
hash: 05dec77dbc765b43d3b969146da92bb6
ip-dst|port: 141.95.111.39|1312
ip-dst|port: 51.210.80.99|6969

Source: MISP

Published: Tue May 10 2022

ThreatFox IOCs for 2022-05-10

Medium

Unknowntype:OSINT tlp:white

Published: Tue May 10 2022 (05/10/2022, 00:00:00 UTC)

Source: MISP

Description

ThreatFox IOCs for 2022-05-10

AI-Powered Analysis

AILast updated: 06/17/2025, 10:34:41 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3

Indicators of Compromise

Url

Value	Description	Copy
urlhttp://194.87.216.73/defaultdledownloadstemporary.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://185.81.157.210:3681/vre	Vjw0rm botnet C2 (confidence level: 100%)
urlhttp://sempersim.su/gf11/fre.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://sempersim.su/gf19/fre.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://85.202.169.159/romas/inc/02d1f9874469a3.php	Agent Tesla botnet C2 (confidence level: 100%)
urlhttps://www.ausvanlines.com.au/cloudflare/index.php	Azorult botnet C2 (confidence level: 75%)
urlhttp://198.187.30.47/p.php?id=21890394437660420	Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttp://45.133.1.41/wsp/inc/6cba382c58c057.php	Agent Tesla botnet C2 (confidence level: 100%)
urlhttp://sempersim.su/gf20/fre.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://103.167.92.57/365space/vbc.exe	Formbook payload delivery URL (confidence level: 100%)
urlhttps://cdn.discordapp.com/attachments/972107891119128650/973468812643016714/jjetdn_ocxqkrdc.bmp	Formbook payload delivery URL (confidence level: 100%)
urlhttp://hyatqfuh9olahvxf.ml/subject/fre.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttp://sempersim.su/gf21/fre.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttp://194.147.140.230:10101/vre	Vjw0rm botnet C2 (confidence level: 100%)
urlhttp://players32.top	Hydra botnet C2 (confidence level: 80%)
urlhttp://sempersim.su/gf17/fre.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://aboyox.xyz/aboy/five/fre.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttp://27.215.209.191:44408/mozi.m	Mozi payload delivery URL (confidence level: 50%)
urlhttp://62.197.136.176/healthtwo/five/fre.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttps://www.yuuh88t.com/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://45.64.184.207/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://129.226.100.175/ie9compatviewlist.xml	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://104.225.155.181:8081/cx	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://172.245.119.75/365space/winlog.exe	Loki Password Stealer (PWS) payload delivery URL (confidence level: 100%)
urlhttp://46.4.198.55/10p/book.ps1	Formbook payload delivery URL (confidence level: 100%)
urlhttp://46.4.198.55/10p/sursdepa.vbs	Formbook payload delivery URL (confidence level: 100%)
urlhttps://1.14.74.61/cm	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://travcharles.duia.ro	Vjw0rm botnet C2 (confidence level: 100%)
urlhttp://joshkelly.club/file/kc/five/fre.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://92.63.103.35/localvm8/geotraffic/_cpurequest/api8vmpublic/7mariadbpoll4/localupdate/5/pipeauth/externalflowerjs/8/pythonmulti/wordpresssql3datalife/apiimageprivate/datalifeauthpython/wppipe0/flower/voiddbuniversal/httplinuxvoiddbcdn/defaultuploads.php	DCRat botnet C2 (confidence level: 100%)
urlhttps://textbin.net/raw/6bdsyjbhwt	AsyncRAT payload delivery URL (confidence level: 50%)
urlhttps://sahlonline.com/0f6eazywlul/lkmn.png	QakBot payload delivery URL (confidence level: 100%)
urlhttps://faproadvisors.com/vtfldjvyf5g/lkmn.png	QakBot payload delivery URL (confidence level: 100%)
urlhttps://truckmate.org/pd6tap7cso/lkmn.png	QakBot payload delivery URL (confidence level: 100%)
urlhttp://80.87.201.178/universalpipe9temporary/pollprivatehttp/7secure2wp/multidblow/processmultitestwplocal.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://164.92.146.31:8080/en_us/all.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://45.9.20.141/dot.gif	Cobalt Strike botnet C2 (confidence level: 100%)

Ip dst|port

Value	Description	Copy
ip-dst\|port194.9.71.111\|81	RedLine Stealer botnet C2 server (confidence level: 100%)
ip-dst\|port198.44.237.131\|8081	NetWire RC botnet C2 server (confidence level: 100%)
ip-dst\|port51.210.80.98\|6969	Mirai botnet C2 server (confidence level: 75%)
ip-dst\|port23.227.196.162\|7456	STRRAT botnet C2 server (confidence level: 100%)
ip-dst\|port37.0.11.6\|1515	Nanocore RAT botnet C2 server (confidence level: 75%)
ip-dst\|port178.23.190.51\|9987	Mirai botnet C2 server (confidence level: 75%)
ip-dst\|port5.182.210.145\|158	Bashlite botnet C2 server (confidence level: 75%)
ip-dst\|port202.103.212.140\|20000	Ghost RAT botnet C2 server (confidence level: 75%)
ip-dst\|port154.23.191.157\|5896	Ghost RAT payload delivery server (confidence level: 75%)
ip-dst\|port193.178.210.87\|9987	Mirai botnet C2 server (confidence level: 100%)
ip-dst\|port77.91.101.249\|9987	Mirai botnet C2 server (confidence level: 100%)
ip-dst\|port146.19.75.41\|9987	Mirai botnet C2 server (confidence level: 100%)
ip-dst\|port77.91.72.39\|9987	Mirai botnet C2 server (confidence level: 100%)
ip-dst\|port194.156.98.67\|9987	Mirai botnet C2 server (confidence level: 100%)
ip-dst\|port178.23.190.52\|9987	Mirai botnet C2 server (confidence level: 100%)
ip-dst\|port194.156.98.43\|9987	Mirai botnet C2 server (confidence level: 100%)
ip-dst\|port185.140.53.3\|31789	Nanocore RAT botnet C2 server (confidence level: 100%)
ip-dst\|port192.30.89.27\|29843	AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst\|port45.147.230.150\|80	IcedID Downloader botnet C2 server (confidence level: 75%)
ip-dst\|port144.217.60.57\|80	IcedID Downloader botnet C2 server (confidence level: 75%)
ip-dst\|port164.92.90.52\|80	IcedID Downloader botnet C2 server (confidence level: 75%)
ip-dst\|port167.114.48.59\|80	IcedID Downloader botnet C2 server (confidence level: 75%)
ip-dst\|port51.158.187.34\|9375	Mirai botnet C2 server (confidence level: 75%)
ip-dst\|port156.223.215.205\|1234	BitRAT botnet C2 server (confidence level: 100%)
ip-dst\|port45.64.184.207\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port129.226.100.175\|80	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port212.192.246.110\|5555	Mirai botnet C2 server (confidence level: 75%)
ip-dst\|port184.75.223.235\|3811	Nanocore RAT botnet C2 server (confidence level: 100%)
ip-dst\|port156.212.252.55\|9999	NjRAT botnet C2 server (confidence level: 100%)
ip-dst\|port193.233.48.58\|43014	RedLine Stealer botnet C2 server (confidence level: 100%)
ip-dst\|port1.14.74.61\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port103.136.41.110\|6525	Bashlite botnet C2 server (confidence level: 75%)
ip-dst\|port66.154.111.120\|1998	Ave Maria botnet C2 server (confidence level: 100%)
ip-dst\|port91.109.188.10\|6606	AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst\|port146.70.106.92\|443	BumbleBee botnet C2 server (confidence level: 75%)
ip-dst\|port51.83.253.244\|443	BumbleBee botnet C2 server (confidence level: 75%)
ip-dst\|port154.56.0.218\|443	BumbleBee botnet C2 server (confidence level: 75%)
ip-dst\|port137.184.237.83\|1312	Mirai botnet C2 server (confidence level: 75%)
ip-dst\|port141.255.144.172\|5553	NjRAT botnet C2 server (confidence level: 100%)
ip-dst\|port162.243.161.74\|1312	Mirai botnet C2 server (confidence level: 75%)
ip-dst\|port172.67.139.94\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port164.92.146.31\|8080	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port5.252.23.20\|443	NjRAT botnet C2 server (confidence level: 100%)
ip-dst\|port164.92.90.52\|443	IcedID botnet C2 server (confidence level: 75%)
ip-dst\|port144.217.60.57\|443	IcedID botnet C2 server (confidence level: 75%)
ip-dst\|port51.89.190.220\|443	IcedID botnet C2 server (confidence level: 75%)
ip-dst\|port5.199.162.123\|443	IcedID botnet C2 server (confidence level: 75%)
ip-dst\|port141.95.111.39\|1312	Mirai botnet C2 server (confidence level: 75%)
ip-dst\|port51.210.80.99\|6969	Mirai botnet C2 server (confidence level: 75%)

Hash

Value	Description	Copy
hash5aa98174bd302b5cd08f4932b9a41a9586726bb40571b90bd82325039a7a8b51	Emotet payload (confidence level: 100%)
hash20c703846da825710e52f27da7af48cb172e032022b18bb77609547b94ca740f	AsyncRAT payload (confidence level: 50%)
hash3f7fde411098899ab3e60d50455c7e7f633dac039124926052ab559beaf0de7e	Magniber payload (confidence level: 50%)
hash05dec77dbc765b43d3b969146da92bb6	Coinminer payload (confidence level: 50%)

Domain

Value	Description	Copy
domainnishabii.live	Ghost RAT botnet C2 domain (confidence level: 100%)
domaindota.zzzsleepisnicezzz.art	Mirai botnet C2 domain (confidence level: 100%)
domaindota.iwishiwashappy.eu	Mirai botnet C2 domain (confidence level: 100%)
domaindota.uiasuibasdbui.art	Mirai botnet C2 domain (confidence level: 100%)
domainzzzsleepisnicezzz.art	Mirai botnet C2 domain (confidence level: 100%)
domainiwishiwashappy.eu	Mirai botnet C2 domain (confidence level: 100%)
domainuiasuibasdbui.art	Mirai botnet C2 domain (confidence level: 100%)
domainmanagmentoria.com	Cutwail botnet C2 domain (confidence level: 75%)

Threat ID: 6828eab9e1a0c275ea6e2d2c

Added to database: 5/17/2025, 7:59:53 PM

Last enriched: 6/17/2025, 10:34:41 AM

Last updated: 8/17/2025, 5:29:59 PM

Related Threats

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2022-05-10

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2022-05-10

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Url

Ip dst|port

Hash

Domain

Related Threats

ThreatFox IOCs for 2025-08-17

ThreatFox IOCs for 2025-08-16

ThreatFox IOCs for 2025-08-15

ThreatFox IOCs for 2025-08-14

ThreatFox IOCs for 2025-08-13

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility