ThreatFox IOCs for 2022-05-29
ThreatFox IOCs for 2022-05-29
AI Analysis
Technical Summary
The provided threat intelligence relates to a set of Indicators of Compromise (IOCs) published by ThreatFox on May 29, 2022, categorized under malware with a medium severity rating. The data is sourced from ThreatFox, a platform specializing in sharing threat intelligence, particularly open-source intelligence (OSINT). The threat is identified as 'ThreatFox IOCs for 2022-05-29' and is classified under the 'type:osint' tag, indicating that the information primarily consists of observable artifacts such as IP addresses, domains, hashes, or other indicators related to malware activity or campaigns. However, the technical details are limited, with no specific affected software versions, no known exploits in the wild, and no Common Weakness Enumerations (CWEs) associated. The threat level is rated as 2 on an unspecified scale, with a distribution score of 3, suggesting moderate dissemination or reach. The absence of patch links and the lack of detailed technical analysis imply that this intelligence is more focused on detection and monitoring rather than describing a novel or actively exploited vulnerability. The indicators field is empty, which may indicate that the specific IOCs were not included in this summary or are to be retrieved from the ThreatFox platform directly. Overall, this threat intelligence entry serves as a situational awareness update rather than a detailed technical alert about a new malware strain or vulnerability. It highlights the importance of continuous monitoring of OSINT feeds to identify potential malicious infrastructure or artifacts that could be leveraged in cyberattacks.
Potential Impact
Given the nature of this threat intelligence as a collection of IOCs without specific exploit details or affected products, the direct impact on European organizations is likely limited to the potential for detection and response improvements rather than immediate operational disruption. However, the presence of malware-related IOCs in OSINT feeds can indicate ongoing or emerging campaigns that may target various sectors. European organizations that rely heavily on threat intelligence integration for their security operations centers (SOCs) could benefit from incorporating these IOCs to enhance their detection capabilities. The medium severity rating suggests that while the threat does not currently pose a critical risk, ignoring such intelligence could allow adversaries to operate undetected. Potential impacts include unauthorized access, data exfiltration, or malware infection if these IOCs correspond to active malicious infrastructure. The lack of known exploits in the wild reduces the urgency but does not eliminate the risk, as threat actors may leverage these indicators in targeted attacks. Therefore, the impact is primarily on the confidentiality and integrity of information systems, with availability impact being less likely given the absence of exploit details.
Mitigation Recommendations
To effectively mitigate risks associated with this threat intelligence, European organizations should: 1) Integrate the provided IOCs from ThreatFox into their existing threat intelligence platforms and security information and event management (SIEM) systems to enable real-time detection and alerting on related malicious activity. 2) Conduct regular threat hunting exercises using these IOCs to proactively identify any signs of compromise within their networks. 3) Maintain updated and comprehensive asset inventories to correlate detected IOCs with critical systems and prioritize response efforts accordingly. 4) Enhance collaboration with national and European cybersecurity information sharing organizations (e.g., ENISA, CERT-EU) to contextualize these IOCs within broader threat landscapes. 5) Implement network segmentation and strict access controls to limit lateral movement if any IOC-related activity is detected. 6) Continuously update endpoint detection and response (EDR) tools with the latest threat intelligence feeds to improve malware detection capabilities. 7) Since no patches or specific vulnerabilities are associated, focus on strengthening general cybersecurity hygiene, including timely software updates, user awareness training, and incident response readiness.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- url: https://179.43.187.122/__utm.gif
- file: 179.43.187.122
- hash: 443
- url: http://exch.idhostkz.com/c/msdownload/update/others/2016/12/29136388_
- url: http://owa.idhostkz.com/c/msdownload/update/others/2016/12/29136388_
- file: 103.30.17.98
- hash: 80
- url: https://cs.jiccc.xyz:2083/include/template/isx.php
- file: 144.202.33.74
- hash: 2083
- url: http://service-g8nzam7c-1306801752.gz.apigw.tencentcs.com/api/getit
- url: http://2.58.149.191:8080/j.ad
- file: 2.58.149.191
- hash: 8080
- url: http://157.230.22.28/_/scs/mail-static/_/js/
- file: 157.230.22.28
- hash: 80
- url: http://tdw-public.s3.amazonaws.com.510.moe:2086/activity
- file: 221.218.208.145
- hash: 2086
- url: http://192.3.251.150:8001/cx
- file: 192.3.251.150
- hash: 8001
- url: http://43.156.67.216:12345/cm
- file: 43.156.67.216
- hash: 12345
- url: http://18.162.52.251:5558/updates.rss
- file: 18.162.52.251
- hash: 5558
- url: https://179.60.150.35:3128/activity
- file: 179.60.150.35
- hash: 3128
- url: https://146.70.29.237/g.pixel
- file: 146.70.29.237
- hash: 443
- url: https://137.184.28.68/ca
- file: 137.184.28.68
- hash: 443
- url: https://8.218.109.81/cx
- file: 8.218.109.81
- hash: 443
- url: http://107.182.185.179:18080/visit.js
- file: 107.182.185.179
- hash: 18080
- url: https://78.128.112.195/ga.js
- file: 78.128.112.195
- hash: 443
- url: https://104.168.242.52:4433/__utm.gif
- file: 104.168.242.52
- hash: 4433
- url: http://45.147.178.244/push
- file: 45.147.178.244
- hash: 80
- url: https://147.78.47.236/pixel.gif
- file: 147.78.47.236
- hash: 443
- url: https://45.147.178.244/cm
- file: 45.147.178.244
- hash: 443
- url: http://cs.luckone.xyz:8080/wp06/wp-includes/po.php
- url: http://luckone.xyz:8080/wp06/wp-includes/po.php
- file: 8.140.173.194
- hash: 8080
- url: http://54.167.65.99/ie9compatviewlist.xml
- url: http://54.90.194.9/load
- url: http://54.226.105.89/j.ad
- url: http://107.20.95.137/cm
- file: 54.167.65.99
- hash: 80
- url: https://office365.tendcloud.net/pixel
- file: 23.99.100.9
- hash: 443
- url: http://110.42.159.32:71/ga.js
- file: 110.42.159.32
- hash: 71
- file: 23.159.160.147
- hash: 3074
- url: https://mitacun.com/da
- file: 23.108.57.214
- hash: 443
- url: https://pop.ssgcc.shop:2053/include/template/isx.php
- file: 139.196.200.143
- hash: 2053
- hash: ba2c89192643f05e64f49b5cb3513a6a5bbfa719225af3b72c83587b8b774e8d
- file: 185.174.136.57
- hash: 7698
- file: 188.34.180.128
- hash: 23899
- file: 185.106.92.91
- hash: 28672
- file: 23.159.160.147
- hash: 45526
- file: 37.0.8.158
- hash: 3074
- file: 179.43.187.223
- hash: 55651
- url: http://maxdha123.ddns.net:80/ca
- url: http://8.218.109.81/g.pixel
- file: 8.218.109.81
- hash: 80
- file: 37.0.8.123
- hash: 1312
- url: https://blastmorde.com/owa/qrnvu-tw6-4bxmwuiuojq3
- file: 38.132.122.154
- hash: 443
- url: http://43.135.125.88:30001/__utm.gif
- file: 43.135.125.88
- hash: 30001
- url: https://39.109.68.117/g.pixel
- file: 39.109.68.117
- hash: 443
- url: https://111.173.115.105/cm
- file: 111.173.115.105
- hash: 443
- url: http://103.122.244.68/push
- file: 103.122.244.68
- hash: 80
- url: http://103.122.244.68:81/dot.gif
- file: 103.122.244.68
- hash: 81
- file: 192.169.69.26
- hash: 8044
- file: 45.95.55.16
- hash: 6738
- file: 192.169.69.26
- hash: 8888
- url: http://umursuzinsanhaberl.co.vu
- url: http://51.195.116.65
- url: https://adanademirspor.xyz
- url: http://51.195.119.130
- url: http://5.161.140.146
- url: http://hizlisan.xyz/
- domain: actuallycost.top
- url: http://f0673097.xsph.ru/index.php
- file: 178.159.38.57
- hash: 60668
- file: 177.255.88.25
- hash: 4217
- url: http://149.28.152.137/pixel
- url: http://49.235.101.222:8100/ptj
- file: 49.235.101.222
- hash: 8100
- url: https://43.142.57.184/updates
- file: 43.142.57.184
- hash: 443
- url: http://95.143.178.132/ptj
- file: 95.143.178.132
- hash: 80
- url: http://146.190.21.68/training-beacon
- url: http://103.146.179.118/ca
- file: 103.146.179.118
- hash: 80
- url: http://194.156.120.171/cx
- file: 194.156.120.171
- hash: 80
- url: http://134.122.188.241/load
- file: 134.122.188.241
- hash: 80
- url: http://100.42.78.231:6657/ptj
- file: 100.42.78.231
- hash: 6657
- url: https://weminlk.zxandbb.xyz/wp08/wp-includes/dtcla.php
- file: 192.253.237.16
- hash: 443
- url: https://43.154.232.237:4433/owa/1hqrlrr7z8v6znq9vjvntmflbu
- file: 43.154.232.237
- hash: 4433
- url: http://104.43.243.205:82/g.pixel
- file: 104.43.243.205
- hash: 82
- url: https://138.197.175.151/load
- file: 138.197.175.151
- hash: 443
- url: http://www.jquery-cdn.cf:8119/sub/v1.6/0vo6g9z7o7
- file: 198.52.127.146
- hash: 8119
- file: 180.215.222.18
- hash: 443
- url: http://68.183.3.5/training-beacon
- file: 146.190.29.11
- hash: 80
- url: https://157.52.230.198:8081/activity
- file: 157.52.230.198
- hash: 8081
- file: 94.140.115.212
- hash: 443
- file: 51.161.42.80
- hash: 443
- file: 84.32.190.26
- hash: 443
- file: 104.248.252.20
- hash: 1791
- file: 193.124.22.7
- hash: 5241
- file: 2.56.56.88
- hash: 2406
- url: http://104.43.243.205:83/ca
- file: 104.43.243.205
- hash: 83
- url: https://time.ntpnet.com:8888/ga.js
- file: 107.167.8.67
- hash: 8888
ThreatFox IOCs for 2022-05-29
Description
ThreatFox IOCs for 2022-05-29
AI-Powered Analysis
Technical Analysis
The provided threat intelligence relates to a set of Indicators of Compromise (IOCs) published by ThreatFox on May 29, 2022, categorized under malware with a medium severity rating. The data is sourced from ThreatFox, a platform specializing in sharing threat intelligence, particularly open-source intelligence (OSINT). The threat is identified as 'ThreatFox IOCs for 2022-05-29' and is classified under the 'type:osint' tag, indicating that the information primarily consists of observable artifacts such as IP addresses, domains, hashes, or other indicators related to malware activity or campaigns. However, the technical details are limited, with no specific affected software versions, no known exploits in the wild, and no Common Weakness Enumerations (CWEs) associated. The threat level is rated as 2 on an unspecified scale, with a distribution score of 3, suggesting moderate dissemination or reach. The absence of patch links and the lack of detailed technical analysis imply that this intelligence is more focused on detection and monitoring rather than describing a novel or actively exploited vulnerability. The indicators field is empty, which may indicate that the specific IOCs were not included in this summary or are to be retrieved from the ThreatFox platform directly. Overall, this threat intelligence entry serves as a situational awareness update rather than a detailed technical alert about a new malware strain or vulnerability. It highlights the importance of continuous monitoring of OSINT feeds to identify potential malicious infrastructure or artifacts that could be leveraged in cyberattacks.
Potential Impact
Given the nature of this threat intelligence as a collection of IOCs without specific exploit details or affected products, the direct impact on European organizations is likely limited to the potential for detection and response improvements rather than immediate operational disruption. However, the presence of malware-related IOCs in OSINT feeds can indicate ongoing or emerging campaigns that may target various sectors. European organizations that rely heavily on threat intelligence integration for their security operations centers (SOCs) could benefit from incorporating these IOCs to enhance their detection capabilities. The medium severity rating suggests that while the threat does not currently pose a critical risk, ignoring such intelligence could allow adversaries to operate undetected. Potential impacts include unauthorized access, data exfiltration, or malware infection if these IOCs correspond to active malicious infrastructure. The lack of known exploits in the wild reduces the urgency but does not eliminate the risk, as threat actors may leverage these indicators in targeted attacks. Therefore, the impact is primarily on the confidentiality and integrity of information systems, with availability impact being less likely given the absence of exploit details.
Mitigation Recommendations
To effectively mitigate risks associated with this threat intelligence, European organizations should: 1) Integrate the provided IOCs from ThreatFox into their existing threat intelligence platforms and security information and event management (SIEM) systems to enable real-time detection and alerting on related malicious activity. 2) Conduct regular threat hunting exercises using these IOCs to proactively identify any signs of compromise within their networks. 3) Maintain updated and comprehensive asset inventories to correlate detected IOCs with critical systems and prioritize response efforts accordingly. 4) Enhance collaboration with national and European cybersecurity information sharing organizations (e.g., ENISA, CERT-EU) to contextualize these IOCs within broader threat landscapes. 5) Implement network segmentation and strict access controls to limit lateral movement if any IOC-related activity is detected. 6) Continuously update endpoint detection and response (EDR) tools with the latest threat intelligence feeds to improve malware detection capabilities. 7) Since no patches or specific vulnerabilities are associated, focus on strengthening general cybersecurity hygiene, including timely software updates, user awareness training, and incident response readiness.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- f3f813da-850a-4c06-9161-cd9e04337e72
- Original Timestamp
- 1653868987
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://179.43.187.122/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://exch.idhostkz.com/c/msdownload/update/others/2016/12/29136388_ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://owa.idhostkz.com/c/msdownload/update/others/2016/12/29136388_ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://cs.jiccc.xyz:2083/include/template/isx.php | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://service-g8nzam7c-1306801752.gz.apigw.tencentcs.com/api/getit | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://2.58.149.191:8080/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://157.230.22.28/_/scs/mail-static/_/js/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://tdw-public.s3.amazonaws.com.510.moe:2086/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://192.3.251.150:8001/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://43.156.67.216:12345/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://18.162.52.251:5558/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://179.60.150.35:3128/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://146.70.29.237/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://137.184.28.68/ca | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://8.218.109.81/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://107.182.185.179:18080/visit.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://78.128.112.195/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://104.168.242.52:4433/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://45.147.178.244/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://147.78.47.236/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://45.147.178.244/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://cs.luckone.xyz:8080/wp06/wp-includes/po.php | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://luckone.xyz:8080/wp06/wp-includes/po.php | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://54.167.65.99/ie9compatviewlist.xml | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://54.90.194.9/load | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://54.226.105.89/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://107.20.95.137/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://office365.tendcloud.net/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://110.42.159.32:71/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://mitacun.com/da | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://pop.ssgcc.shop:2053/include/template/isx.php | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://maxdha123.ddns.net:80/ca | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://8.218.109.81/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://blastmorde.com/owa/qrnvu-tw6-4bxmwuiuojq3 | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://43.135.125.88:30001/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://39.109.68.117/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://111.173.115.105/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://103.122.244.68/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://103.122.244.68:81/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://umursuzinsanhaberl.co.vu | Alien botnet C2 (confidence level: 80%) | |
urlhttp://51.195.116.65 | Alien botnet C2 (confidence level: 80%) | |
urlhttps://adanademirspor.xyz | Alien botnet C2 (confidence level: 80%) | |
urlhttp://51.195.119.130 | Alien botnet C2 (confidence level: 80%) | |
urlhttp://5.161.140.146 | Alien botnet C2 (confidence level: 80%) | |
urlhttp://hizlisan.xyz/ | Alien botnet C2 (confidence level: 80%) | |
urlhttp://f0673097.xsph.ru/index.php | Azorult botnet C2 (confidence level: 100%) | |
urlhttp://149.28.152.137/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://49.235.101.222:8100/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://43.142.57.184/updates | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://95.143.178.132/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://146.190.21.68/training-beacon | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://103.146.179.118/ca | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://194.156.120.171/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://134.122.188.241/load | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://100.42.78.231:6657/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://weminlk.zxandbb.xyz/wp08/wp-includes/dtcla.php | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://43.154.232.237:4433/owa/1hqrlrr7z8v6znq9vjvntmflbu | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://104.43.243.205:82/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://138.197.175.151/load | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://www.jquery-cdn.cf:8119/sub/v1.6/0vo6g9z7o7 | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://68.183.3.5/training-beacon | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://157.52.230.198:8081/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://104.43.243.205:83/ca | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://time.ntpnet.com:8888/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file179.43.187.122 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.30.17.98 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file144.202.33.74 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file2.58.149.191 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file157.230.22.28 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file221.218.208.145 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file192.3.251.150 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.156.67.216 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file18.162.52.251 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file179.60.150.35 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file146.70.29.237 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file137.184.28.68 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.218.109.81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.182.185.179 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file78.128.112.195 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file104.168.242.52 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.147.178.244 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file147.78.47.236 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.147.178.244 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.140.173.194 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file54.167.65.99 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.99.100.9 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file110.42.159.32 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.159.160.147 | Mirai botnet C2 server (confidence level: 75%) | |
file23.108.57.214 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file139.196.200.143 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.174.136.57 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file188.34.180.128 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file185.106.92.91 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file23.159.160.147 | Mirai botnet C2 server (confidence level: 75%) | |
file37.0.8.158 | Mirai botnet C2 server (confidence level: 75%) | |
file179.43.187.223 | Mirai botnet C2 server (confidence level: 75%) | |
file8.218.109.81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file37.0.8.123 | Mirai botnet C2 server (confidence level: 75%) | |
file38.132.122.154 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.135.125.88 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.109.68.117 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.173.115.105 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.122.244.68 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.122.244.68 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file192.169.69.26 | NjRAT botnet C2 server (confidence level: 100%) | |
file45.95.55.16 | Mirai botnet C2 server (confidence level: 75%) | |
file192.169.69.26 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file178.159.38.57 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file177.255.88.25 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file49.235.101.222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.142.57.184 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file95.143.178.132 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.146.179.118 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file194.156.120.171 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file134.122.188.241 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file100.42.78.231 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file192.253.237.16 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.154.232.237 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file104.43.243.205 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file138.197.175.151 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file198.52.127.146 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file180.215.222.18 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file146.190.29.11 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file157.52.230.198 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file94.140.115.212 | IcedID botnet C2 server (confidence level: 75%) | |
file51.161.42.80 | IcedID botnet C2 server (confidence level: 75%) | |
file84.32.190.26 | IcedID botnet C2 server (confidence level: 75%) | |
file104.248.252.20 | Mirai botnet C2 server (confidence level: 75%) | |
file193.124.22.7 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file2.56.56.88 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file104.43.243.205 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.167.8.67 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2083 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2086 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash12345 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5558 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3128 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash18080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash71 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3074 | Mirai botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2053 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hashba2c89192643f05e64f49b5cb3513a6a5bbfa719225af3b72c83587b8b774e8d | 8.t Dropper payload (confidence level: 50%) | |
hash7698 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash23899 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash28672 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash45526 | Mirai botnet C2 server (confidence level: 75%) | |
hash3074 | Mirai botnet C2 server (confidence level: 75%) | |
hash55651 | Mirai botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1312 | Mirai botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash30001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8044 | NjRAT botnet C2 server (confidence level: 100%) | |
hash6738 | Mirai botnet C2 server (confidence level: 75%) | |
hash8888 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash60668 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash4217 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8100 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6657 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash82 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8119 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash1791 | Mirai botnet C2 server (confidence level: 75%) | |
hash5241 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash2406 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash83 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainactuallycost.top | IcedID botnet C2 domain (confidence level: 100%) |
Threat ID: 682c7ab9e3e6de8ceb742d3f
Added to database: 5/20/2025, 12:51:05 PM
Last enriched: 6/19/2025, 2:20:26 PM
Last updated: 8/11/2025, 3:07:22 AM
Views: 8
Related Threats
A New Threat Actor Targeting Geopolitical Hotbeds
MediumNew Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises
MediumRussian-Linked Curly COMrades Deploy New MucorAgent Malware in Europe
MediumInterlock Ransomware Group Leaks 43GB of Data in City of St. Paul Cyberattack
MediumThreatFox IOCs for 2025-08-11
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.