ThreatFox IOCs for 2022-08-06
ThreatFox IOCs for 2022-08-06
AI Analysis
Technical Summary
The provided threat intelligence pertains to a collection of Indicators of Compromise (IOCs) published on August 6, 2022, by ThreatFox, a platform specializing in sharing threat intelligence data. The threat is classified as malware-related and is associated with OSINT (Open Source Intelligence) tools or data. However, the information lacks specific details about the malware family, attack vectors, affected software versions, or exploited vulnerabilities. The threat level is indicated as 2 on an unspecified scale, with a medium severity rating assigned. There are no known exploits in the wild linked to this threat at the time of publication, and no Common Weakness Enumerations (CWEs) or patch information is provided. The absence of detailed technical indicators or attack patterns suggests that this intelligence serves primarily as a repository of IOCs for detection and monitoring purposes rather than describing an active or widespread attack campaign. The threat's distribution level is noted as 3, which may imply moderate dissemination or relevance within certain communities or sectors. Overall, this threat intelligence entry appears to be an informational update aimed at enhancing situational awareness rather than signaling an immediate or critical risk.
Potential Impact
Given the limited technical details and absence of known active exploitation, the immediate impact on European organizations is likely low to medium. However, the presence of malware-related IOCs in OSINT repositories can facilitate detection and prevention efforts if integrated into security monitoring tools. European organizations that rely heavily on open-source threat intelligence feeds may benefit from early warnings and improved detection capabilities. Conversely, if these IOCs pertain to emerging malware variants or targeted campaigns, there is potential for confidentiality breaches, data integrity issues, or service disruptions, especially in sectors with high-value assets or sensitive information. The lack of specific affected products or versions limits the ability to assess direct operational impacts. Nonetheless, organizations should remain vigilant, as malware threats can evolve rapidly, and the dissemination of IOCs can precede or coincide with active exploitation phases.
Mitigation Recommendations
1. Integrate the provided IOCs from ThreatFox into existing Security Information and Event Management (SIEM) systems and Endpoint Detection and Response (EDR) tools to enhance detection capabilities. 2. Conduct regular threat hunting exercises using these IOCs to identify potential infections or suspicious activities within the network. 3. Maintain up-to-date malware signatures and heuristic detection methods in antivirus and anti-malware solutions. 4. Implement network segmentation and strict access controls to limit lateral movement in case of infection. 5. Educate security teams on the importance of OSINT sources and encourage the use of threat intelligence sharing platforms to stay informed about emerging threats. 6. Since no patches or specific vulnerabilities are identified, focus on general best practices such as timely software updates, strong authentication mechanisms, and continuous monitoring. 7. Collaborate with national and European cybersecurity centers to share findings and receive updated intelligence relevant to regional threats.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- file: 171.22.30.42
- hash: 3778
- url: http://115.55.4.129:59079/mozi.m
- file: 204.76.203.200
- hash: 38241
- url: https://dominos.dividendtactics.com/image/
- file: 3.95.191.75
- hash: 443
- url: http://124.221.142.27/ptj
- file: 124.221.142.27
- hash: 80
- url: http://92.204.163.54/cx
- file: 92.204.163.54
- hash: 80
- url: https://194.135.24.247/match
- file: 194.135.24.247
- hash: 443
- url: http://z.liang08.cn:8080/_/scs/mail-static/_/js/
- file: 118.195.245.103
- hash: 8080
- url: http://194.87.216.182/dot.gif
- url: http://77.91.102.151/match
- file: 92.255.85.234
- hash: 80
- url: https://d3vy30ofci3zh0.cloudfront.net/safebrowsing/u-qy0oyr/6alyalzyrgzadeyekrszo8x0g07t5t8qm
- url: https://cfbc9e53eed6b001.azureedge.net/safebrowsing/u-qy0oyr/6alyalzyrgzadeyekrszo8x0g07t5t8qm
- file: 164.92.86.93
- hash: 443
- url: http://umt.catalyicsecurity.com/latest/v6.78/qvow4bsxnpm
- file: 129.146.169.67
- hash: 80
- url: https://66.63.188.69/av
- file: 66.63.188.69
- hash: 443
- url: https://124.222.177.70:444/visit.js
- url: https://124.222.47.89:49999/cm
- url: https://193.0.178.8/fwlink
- file: 193.0.178.8
- hash: 443
- url: http://service-f9mjqc77-1308992789.bj.apigw.tencentcs.com/cx
- file: 101.43.131.190
- hash: 80
- url: http://45.142.214.167/dpixel
- file: 45.142.214.167
- hash: 80
- file: 103.55.25.124
- hash: 4444
- url: https://45.144.136.21/pixel
- file: 45.144.136.21
- hash: 443
- file: 179.60.149.5
- hash: 8189
- url: https://119.13.84.176:8081/j.ad
- url: http://103.55.25.124:8888/ie9compatviewlist.xml
- url: http://47.242.201.221:29968/ptj
- url: https://124.222.92.89:777/__utm.gif
- url: https://120.46.202.86/owa
- file: 120.46.202.86
- hash: 443
- url: http://66.63.188.69/ro.css
- file: 66.63.188.69
- hash: 80
- file: 46.23.109.40
- hash: 8688
- file: 185.225.73.158
- hash: 4281
- file: 185.225.73.91
- hash: 3778
- url: http://182.126.91.254:56877/mozi.m
- file: 163.123.143.81
- hash: 839
- domain: zambeziz.com
- file: 194.5.98.28
- hash: 7006
- file: 37.0.14.206
- hash: 3352
- file: 5.255.100.78
- hash: 9999
- file: 147.185.221.180
- hash: 14456
- url: http://51.195.166.176/
- url: http://185.229.66.123/externalupdatewindowspublic.php
- file: 178.204.244.45
- hash: 25565
- file: 45.67.34.67
- hash: 81
- file: 95.217.188.140
- hash: 33503
- file: 13.59.15.185
- hash: 10771
- file: 3.22.53.161
- hash: 10771
- file: 3.131.207.170
- hash: 10771
- url: http://kmwekek.link/8sd87v7.php
- url: http://31.42.177.7/process/8temptemporary8/flower/protect/0protonasync/jsmulti/2centralflowerasync/8central/3wp2to/videopipelongpollprotectbase.php
- file: 77.232.37.146
- hash: 80
- file: 5.182.39.50
- hash: 6737
- url: http://rgjeweller.mu/oski//6.jpg
- url: http://rgjeweller.mu/oski//1.jpg
- url: http://rgjeweller.mu/oski//2.jpg
- url: http://rgjeweller.mu/oski//3.jpg
- url: http://rgjeweller.mu/oski//4.jpg
- url: http://rgjeweller.mu/oski//5.jpg
- url: http://rgjeweller.mu/oski//7.jpg
- file: 129.159.194.161
- hash: 5552
- file: 62.204.41.163
- hash: 33457
- url: http://61.221.241.143:57232/mozi.m
- url: http://95.217.246.200:1080/
- file: 194.36.177.7
- hash: 39556
- file: 65.108.231.254
- hash: 29517
- url: https://service-2w2c5oqp-1259566933.sh.apigw.tencentcs.com/api/getit
- file: 43.142.143.183
- hash: 443
- url: https://cloudgooglesdk.publicvm.com/push
- file: 95.85.76.54
- hash: 443
- url: http://103.234.72.53:64362/ie9compatviewlist.xml
- url: https://lalala.b0ci.top:2083/api/3
- file: 128.1.137.212
- hash: 2083
- url: http://104.168.204.91:8081/__utm.gif
- url: http://43.138.229.110/push
- file: 43.138.229.110
- hash: 80
- file: 124.222.98.55
- hash: 3000
- file: 5.2.74.83
- hash: 80
- file: 5.255.100.8
- hash: 80
- file: 91.238.50.114
- hash: 80
- file: 94.140.115.209
- hash: 80
- file: 149.154.153.145
- hash: 80
- file: 45.148.122.227
- hash: 3778
- file: 69.175.17.249
- hash: 80
- file: 20.115.47.118
- hash: 4245
- file: 179.43.156.139
- hash: 9331
- file: 185.106.92.8
- hash: 38644
- file: 193.124.22.7
- hash: 35318
- hash: d21b06d6862a661685a1e3a135477935d72903bd957175d113bfbba011db76b2
- hash: 54e3cecd715d7b795a0a06529f95dedc
- domain: uskgavm.gq
- url: http://1.116.22.103:10010/cx
- file: 141.255.146.83
- hash: 19855
- url: https://service-h5io7azq-1259685312.gz.apigw.tencentcs.com/api/get
- file: 43.154.211.80
- hash: 443
- url: http://47.96.111.110/ca
- file: 47.96.111.110
- hash: 80
- url: http://43.138.150.21/fwlink
- file: 91.193.75.247
- hash: 9961
- url: http://45.140.147.76/
- url: http://www.asia.microsoft.com.chinawebsite.shop/include/template/isx.php
- file: 195.133.52.112
- hash: 80
- url: https://162.14.64.157/ca
- file: 162.14.64.157
- hash: 443
- url: https://qw.theinfoinc.com/profile
- url: https://er.theinfoinc.com/kj
- url: https://ty.theinfoinc.com/faq
- file: 84.32.188.9
- hash: 443
- url: http://81.68.80.76:8333/dpixel
- url: http://1.15.57.231:8888/updates.rss
- url: http://103.20.235.219:81/j.ad
- url: http://43.158.217.54:50001/match
- url: https://106.15.103.34/cache/global/img/aladdinicon-1.0.gif
- file: 106.15.103.34
- hash: 443
- url: http://174.139.150.224/updates.rss
- file: 174.139.150.224
- hash: 80
- url: http://cretenom.ga/pmlk/fre.php
- url: http://47.94.133.168/ptj
- file: 47.94.133.168
- hash: 80
- url: https://10.21.160.187:5900/api/fetch
- file: 172.94.15.80
- hash: 5900
- url: http://hepace.xyz:8080/dpixel
- file: 193.29.62.75
- hash: 8080
- url: https://149.248.19.205:8443/load
- url: http://192.34.109.16/btn_bg.js
- file: 139.59.181.36
- hash: 80
- file: 64.44.139.119
- hash: 443
- file: 158.255.211.169
- hash: 443
- file: 185.236.228.96
- hash: 443
- file: 149.154.153.145
- hash: 443
- url: http://132.145.137.131/cx
- file: 132.145.137.131
- hash: 80
- url: https://139.180.190.71/dpixel
- file: 139.180.190.71
- hash: 443
- file: 179.43.187.8
- hash: 22378
- file: 77.73.131.122
- hash: 34241
- url: https://43.138.229.110/dot.gif
- file: 43.138.229.110
- hash: 443
- file: 185.186.142.127
- hash: 17355
- url: http://101.132.108.247:8001/cm
- url: https://z.liang08.cn/_/scs/mail-static/_/js/
- file: 118.195.245.103
- hash: 443
- url: http://146.19.247.151/
ThreatFox IOCs for 2022-08-06
Description
ThreatFox IOCs for 2022-08-06
AI-Powered Analysis
Technical Analysis
The provided threat intelligence pertains to a collection of Indicators of Compromise (IOCs) published on August 6, 2022, by ThreatFox, a platform specializing in sharing threat intelligence data. The threat is classified as malware-related and is associated with OSINT (Open Source Intelligence) tools or data. However, the information lacks specific details about the malware family, attack vectors, affected software versions, or exploited vulnerabilities. The threat level is indicated as 2 on an unspecified scale, with a medium severity rating assigned. There are no known exploits in the wild linked to this threat at the time of publication, and no Common Weakness Enumerations (CWEs) or patch information is provided. The absence of detailed technical indicators or attack patterns suggests that this intelligence serves primarily as a repository of IOCs for detection and monitoring purposes rather than describing an active or widespread attack campaign. The threat's distribution level is noted as 3, which may imply moderate dissemination or relevance within certain communities or sectors. Overall, this threat intelligence entry appears to be an informational update aimed at enhancing situational awareness rather than signaling an immediate or critical risk.
Potential Impact
Given the limited technical details and absence of known active exploitation, the immediate impact on European organizations is likely low to medium. However, the presence of malware-related IOCs in OSINT repositories can facilitate detection and prevention efforts if integrated into security monitoring tools. European organizations that rely heavily on open-source threat intelligence feeds may benefit from early warnings and improved detection capabilities. Conversely, if these IOCs pertain to emerging malware variants or targeted campaigns, there is potential for confidentiality breaches, data integrity issues, or service disruptions, especially in sectors with high-value assets or sensitive information. The lack of specific affected products or versions limits the ability to assess direct operational impacts. Nonetheless, organizations should remain vigilant, as malware threats can evolve rapidly, and the dissemination of IOCs can precede or coincide with active exploitation phases.
Mitigation Recommendations
1. Integrate the provided IOCs from ThreatFox into existing Security Information and Event Management (SIEM) systems and Endpoint Detection and Response (EDR) tools to enhance detection capabilities. 2. Conduct regular threat hunting exercises using these IOCs to identify potential infections or suspicious activities within the network. 3. Maintain up-to-date malware signatures and heuristic detection methods in antivirus and anti-malware solutions. 4. Implement network segmentation and strict access controls to limit lateral movement in case of infection. 5. Educate security teams on the importance of OSINT sources and encourage the use of threat intelligence sharing platforms to stay informed about emerging threats. 6. Since no patches or specific vulnerabilities are identified, focus on general best practices such as timely software updates, strong authentication mechanisms, and continuous monitoring. 7. Collaborate with national and European cybersecurity centers to share findings and receive updated intelligence relevant to regional threats.
Affected Countries
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 0e087fb0-1c82-493b-abe3-3fe102858f54
- Original Timestamp
- 1659830583
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file171.22.30.42 | Mirai botnet C2 server (confidence level: 75%) | |
file204.76.203.200 | Mirai botnet C2 server (confidence level: 75%) | |
file3.95.191.75 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.221.142.27 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file92.204.163.54 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file194.135.24.247 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.195.245.103 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file92.255.85.234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file164.92.86.93 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file129.146.169.67 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file66.63.188.69 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file193.0.178.8 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.43.131.190 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.142.214.167 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.55.25.124 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.144.136.21 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file179.60.149.5 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.46.202.86 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file66.63.188.69 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file46.23.109.40 | Mirai botnet C2 server (confidence level: 75%) | |
file185.225.73.158 | Mirai botnet C2 server (confidence level: 75%) | |
file185.225.73.91 | Mirai botnet C2 server (confidence level: 75%) | |
file163.123.143.81 | Bashlite botnet C2 server (confidence level: 75%) | |
file194.5.98.28 | Remcos botnet C2 server (confidence level: 75%) | |
file37.0.14.206 | Remcos botnet C2 server (confidence level: 75%) | |
file5.255.100.78 | Mirai botnet C2 server (confidence level: 75%) | |
file147.185.221.180 | NjRAT botnet C2 server (confidence level: 100%) | |
file178.204.244.45 | CyberGate botnet C2 server (confidence level: 100%) | |
file45.67.34.67 | Mirai botnet C2 server (confidence level: 75%) | |
file95.217.188.140 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file13.59.15.185 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.22.53.161 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.131.207.170 | NjRAT botnet C2 server (confidence level: 100%) | |
file77.232.37.146 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file5.182.39.50 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file129.159.194.161 | NjRAT botnet C2 server (confidence level: 100%) | |
file62.204.41.163 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file194.36.177.7 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file65.108.231.254 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file43.142.143.183 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file95.85.76.54 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file128.1.137.212 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.138.229.110 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.222.98.55 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file5.2.74.83 | PhotoLoader botnet C2 server (confidence level: 75%) | |
file5.255.100.8 | PhotoLoader botnet C2 server (confidence level: 75%) | |
file91.238.50.114 | PhotoLoader botnet C2 server (confidence level: 75%) | |
file94.140.115.209 | PhotoLoader botnet C2 server (confidence level: 75%) | |
file149.154.153.145 | PhotoLoader botnet C2 server (confidence level: 75%) | |
file45.148.122.227 | Mirai botnet C2 server (confidence level: 75%) | |
file69.175.17.249 | N-W0rm botnet C2 server (confidence level: 100%) | |
file20.115.47.118 | SystemBC botnet C2 server (confidence level: 100%) | |
file179.43.156.139 | Mirai botnet C2 server (confidence level: 75%) | |
file185.106.92.8 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file193.124.22.7 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file141.255.146.83 | Revenge RAT botnet C2 server (confidence level: 100%) | |
file43.154.211.80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.96.111.110 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.193.75.247 | Ave Maria botnet C2 server (confidence level: 100%) | |
file195.133.52.112 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file162.14.64.157 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file84.32.188.9 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.15.103.34 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file174.139.150.224 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.94.133.168 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.94.15.80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file193.29.62.75 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file139.59.181.36 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file64.44.139.119 | IcedID botnet C2 server (confidence level: 75%) | |
file158.255.211.169 | IcedID botnet C2 server (confidence level: 75%) | |
file185.236.228.96 | IcedID botnet C2 server (confidence level: 75%) | |
file149.154.153.145 | IcedID botnet C2 server (confidence level: 75%) | |
file132.145.137.131 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file139.180.190.71 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file179.43.187.8 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file77.73.131.122 | Mirai botnet C2 server (confidence level: 75%) | |
file43.138.229.110 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.186.142.127 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file118.195.245.103 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash3778 | Mirai botnet C2 server (confidence level: 75%) | |
hash38241 | Mirai botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8189 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8688 | Mirai botnet C2 server (confidence level: 75%) | |
hash4281 | Mirai botnet C2 server (confidence level: 75%) | |
hash3778 | Mirai botnet C2 server (confidence level: 75%) | |
hash839 | Bashlite botnet C2 server (confidence level: 75%) | |
hash7006 | Remcos botnet C2 server (confidence level: 75%) | |
hash3352 | Remcos botnet C2 server (confidence level: 75%) | |
hash9999 | Mirai botnet C2 server (confidence level: 75%) | |
hash14456 | NjRAT botnet C2 server (confidence level: 100%) | |
hash25565 | CyberGate botnet C2 server (confidence level: 100%) | |
hash81 | Mirai botnet C2 server (confidence level: 75%) | |
hash33503 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash10771 | NjRAT botnet C2 server (confidence level: 100%) | |
hash10771 | NjRAT botnet C2 server (confidence level: 100%) | |
hash10771 | NjRAT botnet C2 server (confidence level: 100%) | |
hash80 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash6737 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash5552 | NjRAT botnet C2 server (confidence level: 100%) | |
hash33457 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash39556 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash29517 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2083 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | PhotoLoader botnet C2 server (confidence level: 75%) | |
hash80 | PhotoLoader botnet C2 server (confidence level: 75%) | |
hash80 | PhotoLoader botnet C2 server (confidence level: 75%) | |
hash80 | PhotoLoader botnet C2 server (confidence level: 75%) | |
hash80 | PhotoLoader botnet C2 server (confidence level: 75%) | |
hash3778 | Mirai botnet C2 server (confidence level: 75%) | |
hash80 | N-W0rm botnet C2 server (confidence level: 100%) | |
hash4245 | SystemBC botnet C2 server (confidence level: 100%) | |
hash9331 | Mirai botnet C2 server (confidence level: 75%) | |
hash38644 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash35318 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hashd21b06d6862a661685a1e3a135477935d72903bd957175d113bfbba011db76b2 | SMSspy payload (confidence level: 100%) | |
hash54e3cecd715d7b795a0a06529f95dedc | SMSspy payload (confidence level: 100%) | |
hash19855 | Revenge RAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9961 | Ave Maria botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5900 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash22378 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash34241 | Mirai botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash17355 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://115.55.4.129:59079/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttps://dominos.dividendtactics.com/image/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://124.221.142.27/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://92.204.163.54/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://194.135.24.247/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://z.liang08.cn:8080/_/scs/mail-static/_/js/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://194.87.216.182/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://77.91.102.151/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://d3vy30ofci3zh0.cloudfront.net/safebrowsing/u-qy0oyr/6alyalzyrgzadeyekrszo8x0g07t5t8qm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://cfbc9e53eed6b001.azureedge.net/safebrowsing/u-qy0oyr/6alyalzyrgzadeyekrszo8x0g07t5t8qm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://umt.catalyicsecurity.com/latest/v6.78/qvow4bsxnpm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://66.63.188.69/av | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://124.222.177.70:444/visit.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://124.222.47.89:49999/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://193.0.178.8/fwlink | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://service-f9mjqc77-1308992789.bj.apigw.tencentcs.com/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://45.142.214.167/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://45.144.136.21/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://119.13.84.176:8081/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://103.55.25.124:8888/ie9compatviewlist.xml | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.242.201.221:29968/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://124.222.92.89:777/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://120.46.202.86/owa | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://66.63.188.69/ro.css | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://182.126.91.254:56877/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttp://51.195.166.176/ | RecordBreaker botnet C2 (confidence level: 100%) | |
urlhttp://185.229.66.123/externalupdatewindowspublic.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://kmwekek.link/8sd87v7.php | Arkei Stealer botnet C2 (confidence level: 100%) | |
urlhttp://31.42.177.7/process/8temptemporary8/flower/protect/0protonasync/jsmulti/2centralflowerasync/8central/3wp2to/videopipelongpollprotectbase.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://rgjeweller.mu/oski//6.jpg | Oski Stealer botnet C2 (confidence level: 100%) | |
urlhttp://rgjeweller.mu/oski//1.jpg | Oski Stealer botnet C2 (confidence level: 100%) | |
urlhttp://rgjeweller.mu/oski//2.jpg | Oski Stealer botnet C2 (confidence level: 100%) | |
urlhttp://rgjeweller.mu/oski//3.jpg | Oski Stealer botnet C2 (confidence level: 100%) | |
urlhttp://rgjeweller.mu/oski//4.jpg | Oski Stealer botnet C2 (confidence level: 100%) | |
urlhttp://rgjeweller.mu/oski//5.jpg | Oski Stealer botnet C2 (confidence level: 100%) | |
urlhttp://rgjeweller.mu/oski//7.jpg | Oski Stealer botnet C2 (confidence level: 100%) | |
urlhttp://61.221.241.143:57232/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttp://95.217.246.200:1080/ | Arkei Stealer botnet C2 (confidence level: 100%) | |
urlhttps://service-2w2c5oqp-1259566933.sh.apigw.tencentcs.com/api/getit | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://cloudgooglesdk.publicvm.com/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://103.234.72.53:64362/ie9compatviewlist.xml | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://lalala.b0ci.top:2083/api/3 | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://104.168.204.91:8081/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://43.138.229.110/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://1.116.22.103:10010/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://service-h5io7azq-1259685312.gz.apigw.tencentcs.com/api/get | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.96.111.110/ca | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://43.138.150.21/fwlink | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://45.140.147.76/ | RecordBreaker botnet C2 (confidence level: 100%) | |
urlhttp://www.asia.microsoft.com.chinawebsite.shop/include/template/isx.php | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://162.14.64.157/ca | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://qw.theinfoinc.com/profile | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://er.theinfoinc.com/kj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://ty.theinfoinc.com/faq | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://81.68.80.76:8333/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://1.15.57.231:8888/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://103.20.235.219:81/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://43.158.217.54:50001/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://106.15.103.34/cache/global/img/aladdinicon-1.0.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://174.139.150.224/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://cretenom.ga/pmlk/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://47.94.133.168/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://10.21.160.187:5900/api/fetch | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://hepace.xyz:8080/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://149.248.19.205:8443/load | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://192.34.109.16/btn_bg.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://132.145.137.131/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://139.180.190.71/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://43.138.229.110/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://101.132.108.247:8001/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://z.liang08.cn/_/scs/mail-static/_/js/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://146.19.247.151/ | RecordBreaker botnet C2 (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainzambeziz.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainuskgavm.gq | SMSspy botnet C2 domain (confidence level: 100%) |
Threat ID: 682b7ba2d3ddd8cef2e76b8e
Added to database: 5/19/2025, 6:42:42 PM
Last enriched: 6/18/2025, 7:01:40 PM
Last updated: 2/7/2026, 7:12:07 AM
Views: 41
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
ThreatFox IOCs for 2026-02-06
MediumThreatFox IOCs for 2026-02-05
MediumTechnical Analysis of Marco Stealer
MediumNew Clickfix variant 'CrashFix' deploying Python Remote Access Trojan
MediumKnife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.