Skip to main content

ThreatFox IOCs for 2022-08-23

Medium
Published: Tue Aug 23 2022 (08/23/2022, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2022-08-23

AI-Powered Analysis

AILast updated: 07/05/2025, 23:11:51 UTC

Technical Analysis

The provided information pertains to a set of Indicators of Compromise (IOCs) published on August 23, 2022, by the ThreatFox MISP Feed. These IOCs are related to malware activity, specifically categorized under OSINT (Open Source Intelligence), network activity, and payload delivery. However, the details are minimal, with no specific affected software versions, no known exploits in the wild, and no patches available. The threat level is indicated as medium, with a threatLevel score of 2 (on an unspecified scale), analysis score of 1, and distribution score of 3, suggesting moderate distribution potential. The absence of concrete technical details, such as specific malware family names, attack vectors, or payload characteristics, limits the depth of analysis. The threat appears to be primarily informational, providing OSINT data to aid in detection and response rather than describing a novel or active exploit. The lack of CWE identifiers and absence of known exploits imply this is a collection of IOCs rather than a newly discovered vulnerability or active attack campaign. Overall, this represents a medium-severity malware-related threat intelligence update focusing on network activity and payload delivery indicators, intended to support defensive measures through enhanced situational awareness.

Potential Impact

For European organizations, the impact of this threat is primarily dependent on the ability to leverage the provided IOCs to detect and mitigate potential malware infections. Since no specific exploit or vulnerability is described, the direct risk is limited to exposure to malware campaigns that these IOCs might help identify. Organizations that fail to integrate such threat intelligence into their security monitoring may face increased risk of undetected malware infections, potentially leading to data compromise, service disruption, or unauthorized access. The medium severity suggests a moderate risk level, with potential impacts on confidentiality and availability if malware payloads are successfully delivered and executed. However, the absence of known exploits in the wild reduces the immediate threat level. European entities with mature security operations centers (SOCs) and threat intelligence capabilities can use these IOCs to enhance detection and response, thereby mitigating potential impacts. Conversely, organizations lacking such capabilities might be more vulnerable to malware campaigns that these IOCs relate to.

Mitigation Recommendations

To effectively mitigate risks associated with this threat intelligence update, European organizations should: 1) Integrate the provided IOCs into their security information and event management (SIEM) systems and endpoint detection and response (EDR) tools to enable real-time detection of related malware activity. 2) Regularly update threat intelligence feeds and ensure automated ingestion of new IOCs to maintain up-to-date defenses. 3) Conduct network traffic analysis focusing on indicators related to payload delivery and suspicious network activity to identify potential compromises early. 4) Enhance employee awareness and training regarding malware delivery methods to reduce the likelihood of successful payload execution. 5) Implement network segmentation and strict access controls to limit malware propagation if an infection occurs. 6) Perform regular vulnerability assessments and patch management, even though no specific patches are indicated here, to reduce attack surface. 7) Collaborate with national and European cybersecurity information sharing organizations to stay informed about evolving threats and share relevant intelligence.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
fc69be6d-5c34-42a5-a909-b9bbb4f40971
Original Timestamp
1661299389

Indicators of Compromise

Url

ValueDescriptionCopy
urlhttps://service-53gacimc-1252339763.gz.apigw.tencentcs.com/api/x
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://mail.world1sfuck.tk:2086/c/msdownload/update/others/2022/01/29136388_
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://89.45.4.169/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://a.efrey.top:81/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.5.167.101/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://45.192.178.200/ptj
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://44.209.247.95:5555/pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.5.136.224:50011/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.222.177.70:8011/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://162.213.249.190/?4214103
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttps://usenlghusk.ml/usk
SMSspy botnet C2 (confidence level: 100%)
urlhttps://usenlghusk.ml/usk/rat.php
SMSspy botnet C2 (confidence level: 100%)
urlhttp://162.213.249.190/?1zvkjfh880swxdkag7kebgea7otxs24
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://88.198.122.116/
Arkei Stealer botnet C2 (confidence level: 100%)
urlhttp://88.119.169.27/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttp://162.213.249.190/?3333
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://185.157.162.75:2223/vre
Vjw0rm botnet C2 (confidence level: 100%)
urlhttp://162.213.249.190/?abcdef
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://88.198.122.116/1375
Vidar botnet C2 (confidence level: 100%)
urlhttp://135.181.104.248/1571
Vidar botnet C2 (confidence level: 100%)
urlhttp://88.198.122.116/1616
Vidar botnet C2 (confidence level: 100%)
urlhttp://raygis-llc.com/papid/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://139.180.191.129/api/x
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://mas.to/@tiaga01
Vidar botnet C2 (confidence level: 100%)
urlhttp://t.me/v_total
Vidar botnet C2 (confidence level: 100%)
urlhttp://162.14.64.157:7777/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://47.98.253.9:8443/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://195.133.88.26/videoserver.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://188.120.244.159/request1/0/universaldefaulthttp/publicbaselinuxdefault/request9multi6/apigeotempprotect/generatorlineserver/linecentralto0/voiddb0request8/7centralprivate/process1/serverdbdatalifedownloads.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://91.92.120.200/sim/sim.exe
Snake payload delivery URL (confidence level: 100%)
urlhttp://119.91.224.84:89/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://139.180.191.129/api/x
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://139.224.104.197/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://cdn.csnamedoc.com/api/3
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.14.131.141:18080/pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.221.180.172:8081/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.103.32.115:7777/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://8.136.119.24:1501/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://81.68.75.43/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.104.108.37/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://106.55.142.119:6080/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.34.7.49:81/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://77.91.103.222/
Arkei Stealer botnet C2 (confidence level: 100%)
urlhttp://77.91.103.222/1571
Vidar botnet C2 (confidence level: 100%)
urlhttps://5.255.103.179:446/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://89.45.4.169:446/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://usenlghusk.gq/usk
SMSspy botnet C2 (confidence level: 100%)
urlhttps://usenlghusk.gq/usk/rat.php
SMSspy botnet C2 (confidence level: 100%)
urlhttps://t.me/rembo_lab
Vidar botnet C2 (confidence level: 100%)
urlhttp://brittanyandersonworldbeauty.ml:2086/image/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://204.10.120.109:8989/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://185.81.68.45:445/sq
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://service-09071u4t-1259603127.cd.apigw.tencentcs.com/api/getit
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.142.49.253:8000/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://35.220.214.111:88/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://114.34.170.72:8080/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://168.61.49.182:8001/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://66.152.178.193:4445/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://102.129.214.34:8081/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://23.82.140.11:446/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://202.5.28.103:81/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://164.155.105.46:11111/ptj
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://47.52.58.121:801/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://mm.bmd778.club:2095/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.5.45.131/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://193.53.127.95:8082/api/v1/validexpose/biz/trend_prod/expstrtr/trpd03
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://greencorp.pro/___utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://51.13.184.135:4444/ptj
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://185.250.221.178:8443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://89.45.4.177:447/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://79.98.31.85/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://34.92.134.222:30880/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://137.184.238.75/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://152.89.196.33/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://mysqlserver.org/jp
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://140.82.56.102/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://42.192.77.65:10086/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://74.119.192.241/
Vidar botnet C2 (confidence level: 100%)
urlhttp://jejonebew.com:443/remove.js
Cobalt Strike botnet C2 (confidence level: 75%)

File

ValueDescriptionCopy
file139.180.191.129
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.116.25.84
Cobalt Strike botnet C2 server (confidence level: 100%)
file89.45.4.169
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.4.104.62
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.5.167.101
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.192.178.200
Cobalt Strike botnet C2 server (confidence level: 100%)
file35.173.206.44
Cobalt Strike botnet C2 server (confidence level: 100%)
file198.20.177.159
Nanocore RAT botnet C2 server (confidence level: 100%)
file5.154.181.23
RedLine Stealer botnet C2 server (confidence level: 100%)
file67.205.186.66
Mirai botnet C2 server (confidence level: 75%)
file192.3.223.202
RedLine Stealer botnet C2 server (confidence level: 100%)
file47.114.98.223
Ghost RAT botnet C2 server (confidence level: 100%)
file120.53.235.205
Cobalt Strike botnet C2 server (confidence level: 100%)
file94.158.247.59
NetSupportManager RAT botnet C2 server (confidence level: 75%)
file23.7.53.229
N-W0rm botnet C2 server (confidence level: 100%)
file88.198.122.116
Vidar botnet C2 server (confidence level: 100%)
file100.26.194.130
RedLine Stealer botnet C2 server (confidence level: 100%)
file185.143.223.9
SectopRAT botnet C2 server (confidence level: 100%)
file80.66.87.55
RedLine Stealer botnet C2 server (confidence level: 100%)
file141.255.145.181
NjRAT botnet C2 server (confidence level: 100%)
file185.20.187.44
Ave Maria botnet C2 server (confidence level: 100%)
file139.180.191.129
Cobalt Strike botnet C2 server (confidence level: 100%)
file188.34.188.23
RedLine Stealer botnet C2 server (confidence level: 100%)
file47.100.99.75
Cobalt Strike botnet C2 server (confidence level: 100%)
file104.144.69.144
Nanocore RAT botnet C2 server (confidence level: 100%)
file45.142.211.49
RedLine Stealer botnet C2 server (confidence level: 100%)
file35.204.188.251
SectopRAT botnet C2 server (confidence level: 100%)
file79.134.225.30
Nanocore RAT botnet C2 server (confidence level: 100%)
file139.224.104.197
Cobalt Strike botnet C2 server (confidence level: 100%)
file94.158.247.58
Cobalt Strike botnet C2 server (confidence level: 100%)
file81.68.75.43
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.104.108.37
Cobalt Strike botnet C2 server (confidence level: 100%)
file5.252.177.233
PhotoLoader botnet C2 server (confidence level: 75%)
file94.140.112.68
PhotoLoader botnet C2 server (confidence level: 75%)
file185.150.119.105
PhotoLoader botnet C2 server (confidence level: 75%)
file37.139.129.226
RedLine Stealer botnet C2 server (confidence level: 100%)
file20.39.226.157
NjRAT botnet C2 server (confidence level: 100%)
file77.91.103.222
Vidar botnet C2 server (confidence level: 100%)
file167.235.67.199
NetSupportManager RAT botnet C2 server (confidence level: 75%)
file207.148.103.108
PlugX botnet C2 server (confidence level: 75%)
file207.148.103.108
PlugX botnet C2 server (confidence level: 75%)
file152.89.247.241
BumbleBee botnet C2 server (confidence level: 75%)
file149.3.170.196
BumbleBee botnet C2 server (confidence level: 75%)
file209.25.141.180
Nanocore RAT botnet C2 server (confidence level: 100%)
file5.199.173.233
IcedID botnet C2 server (confidence level: 75%)
file107.182.18.105
Cobalt Strike botnet C2 server (confidence level: 100%)
file123.56.108.201
Cobalt Strike botnet C2 server (confidence level: 100%)
file144.34.170.62
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.244.167.171
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.240.247.154
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.5.45.131
Cobalt Strike botnet C2 server (confidence level: 100%)
file20.102.113.195
Cobalt Strike botnet C2 server (confidence level: 100%)
file79.98.31.85
Cobalt Strike botnet C2 server (confidence level: 100%)
file137.184.238.75
Cobalt Strike botnet C2 server (confidence level: 100%)
file152.89.196.33
Cobalt Strike botnet C2 server (confidence level: 100%)
file179.60.146.25
Cobalt Strike botnet C2 server (confidence level: 100%)
file140.82.56.102
Cobalt Strike botnet C2 server (confidence level: 100%)
file74.119.192.241
Vidar botnet C2 server (confidence level: 100%)
file141.98.6.106
Mirai botnet C2 server (confidence level: 75%)
file191.135.95.200
NjRAT botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2086
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash81
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash705
Nanocore RAT botnet C2 server (confidence level: 100%)
hash0f1d9b29cd29f8a7f2c6e1a9ce68de3480f680177f08a61b1934c965ea65a55c
SMSspy payload (confidence level: 100%)
hash13eaadda71609960c966873f36efa735
SMSspy payload (confidence level: 100%)
hash80
RedLine Stealer botnet C2 server (confidence level: 100%)
hash3778
Mirai botnet C2 server (confidence level: 75%)
hash3652
RedLine Stealer botnet C2 server (confidence level: 100%)
hash8888
Ghost RAT botnet C2 server (confidence level: 100%)
hashd4d8e4c7acc8c55c78737944fa235054f2f2efffeded83f107be43a0c1a58ffb
SMSspy payload (confidence level: 100%)
hashd37107a95531607505c9c306c96d843f
SMSspy payload (confidence level: 100%)
hash2cf1525cdb58ec9e5d47e5c66619b9cf2966155ece68a66e9bf935369971ccdc
Remcos payload (confidence level: 100%)
hashc67e95d7141cdb09c9fa41c4cf95c0ba90ae6510320f981d8940fe0a3b4b0e17
Remcos payload (confidence level: 100%)
hashf1dd9d53bfced731b89ffcc99e0eba448db94c8f15f47d18736a93f2078ec2ca
Remcos payload (confidence level: 100%)
hashb6af3cfa64ee5f153853e4eecee3c758b01fd1413714c699e2d3e813d6df542e
Remcos payload (confidence level: 100%)
hashdbf66c5f52a3f691f81bfba587a15be34bc23fdae75ec933c61a87c9f500e182
Remcos payload (confidence level: 100%)
hash866c057e74fa4215baeb8bb03b48ae93bfb2ca0122131d20bff85d8cbf471798
Remcos payload (confidence level: 100%)
hash057eae65e43b4673f68106a3c6c93e39734e852ace8e8e229cb96751a41fbfb8
Remcos payload (confidence level: 100%)
hash55b94c96c56977d3e3d3225a24710dcad0ceba96bda85c181823854fa57d870d
Remcos payload (confidence level: 100%)
hash76b7b45ea2505a8e9124b76a6368ce001f90b72c07cb84e2710b650bef5ed828
Remcos payload (confidence level: 100%)
hash78b3096291b5699ee9223b7e62555a26e0021b88e249a9133a06141b5fb7649a
Remcos payload (confidence level: 100%)
hashbd64e0039953a2b943d95f1b80cdaf82fe647856fbe261437d0943498b0967ba
Remcos payload (confidence level: 100%)
hashe29b5b489a71e1a17f8f91198ad51a5f3d9d9fc3a00024eaa02dc7ed74d31e3a
Remcos payload (confidence level: 100%)
hash2a340ceb224542f6c5be1ebff15515a019e2eea581bed1cdc91c76f7f3665b5d
Remcos payload (confidence level: 100%)
hash146e9314dabcad733e15ab5e796c53fda2be2b34ea00a0bc03efda9ea674202f
Remcos payload (confidence level: 100%)
hashea0779b6b9af6ce50545a180078c9737760d893e2334106eac8441f094dea4ce
Remcos payload (confidence level: 100%)
hash113d4cea39e642c05984508902814d7efee51df546744668ddb00902adc16f3d
Remcos payload (confidence level: 100%)
hash6abab56bc61eb42589232042c7bae315ff0c0c3e85e89b36ec983518525fd803
Remcos payload (confidence level: 100%)
hash9a60333c14cfbf1a65dab1d0f3f64224ea80548dc70547bd8a355db8f706b6bb
Remcos payload (confidence level: 100%)
hash0733b21927e9ae5c533748baf1ef79016daab9536bf97fe90c7a3b481334b96b
Remcos payload (confidence level: 100%)
hash1395614038b24b79d2972d4349858e0da967ce92c304a728a42bf5c1c5dcc6f4
Remcos payload (confidence level: 100%)
hash3b7d01b2478d61cd850d33b1c73dd59819f91af00140934c0206a7b64dc75f4a
Remcos payload (confidence level: 100%)
hash42da456a7c0d8aa00c3cdadd60b1af7329440fb927d28d6dd783e6aa00c5e4f4
Remcos payload (confidence level: 100%)
hash5df699d7ecc8816ded22b848ee22a1d5831e9761c267ffd5f08f0e903453ba98
Remcos payload (confidence level: 100%)
hashe033eadeba55b71d73a1e573a391c4816fcd4233b165501869f0f6f3316bca81
Remcos payload (confidence level: 100%)
hash8ed64df164d8b7875da48a0cfb46b23e1eca448efd5d8b142c0c94e2ece367fe
Remcos payload (confidence level: 100%)
hash117f1db9aef2baea9df3201532dee976d70b8648f3631d38df992682a3f088ec
Remcos payload (confidence level: 100%)
hashd4c7167714e89fc7bd1575ce04e205e3a8faa95856211ff50905cffbf070e05a
Remcos payload (confidence level: 100%)
hash9db7ce1e9fe632966657e68ceaabe1a053e845dd1680d83e1bd0d2ca36e0a2ea
Remcos payload (confidence level: 100%)
hash9f3a0de5819072039c03b60ad112416d0e6a4628e447dcecde39e295816135f1
Remcos payload (confidence level: 100%)
hashf10f5bb8cc88bd512d50ee6daeb4f8f04abe7810ad9a29f097d10e24ac440163
Remcos payload (confidence level: 100%)
hash32642f25369e3a61a546eaf81289796cadc7e9cfbe6ec3e3908e1040b083102f
Remcos payload (confidence level: 100%)
hash879a2a8a7d4dd3a92ad22feb7051839b05dd4a1ff599cb71da15caab5afedbe7
Remcos payload (confidence level: 100%)
hashf783c3f49caaa0bd5c62b5e29252266413dded630431d8d18daafbcedb979297
Remcos payload (confidence level: 100%)
hash9254ab4acdbac9b33d8e9984867e67ec0cc1a11b894dcf6c0761957ac883e20f
Remcos payload (confidence level: 100%)
hashd8329fc86f1c88a8fefdaf294ce1aad88e3c2113cbe805a19fec505667b71254
Remcos payload (confidence level: 100%)
hashaaf83e8448548db67433aa66f36493e6eab6fe9d45eff80fdaeb8d017b46ea3e
Remcos payload (confidence level: 100%)
hash91a509f1a411224a9df82171b761dfca7d715ee2b8bf068216cf82466f8a82dd
Remcos payload (confidence level: 100%)
hash087d7ea4a1d37faf49b550367fc59045cf78cc2752a634b37521e37afde6fd99
Remcos payload (confidence level: 100%)
hashbe710d8d8dd8595fd7ad29f1f21dd3fefaa4e2329cdc3f2c97e4952a0947d447
Remcos payload (confidence level: 100%)
hash5be5708b720b520f2292ec10196f47ff3a687843a529540d75c0d7621fad247e
Remcos payload (confidence level: 100%)
hashd17e173550d26c43e90ab9354af91c02f1dd23400b1fe92595e04dd59c8b2772
Remcos payload (confidence level: 100%)
hash8e7aa004f1a327d79739d395603d04a78fb4ff668618462ff0cabb837ad6a64a
Remcos payload (confidence level: 100%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
NetSupportManager RAT botnet C2 server (confidence level: 75%)
hash443
N-W0rm botnet C2 server (confidence level: 100%)
hash80
Vidar botnet C2 server (confidence level: 100%)
hash61224
RedLine Stealer botnet C2 server (confidence level: 100%)
hash15648
SectopRAT botnet C2 server (confidence level: 100%)
hash4669
RedLine Stealer botnet C2 server (confidence level: 100%)
hash19811
NjRAT botnet C2 server (confidence level: 100%)
hash1866
Ave Maria botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash29685
RedLine Stealer botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash707
Nanocore RAT botnet C2 server (confidence level: 100%)
hash5ccb2f316eb3c51f0b6fb23fa481b3d3bc11076335ba8e4a1bffbec3e00e2b1a
Xloader payload (confidence level: 50%)
hash81
RedLine Stealer botnet C2 server (confidence level: 100%)
hash15649
SectopRAT botnet C2 server (confidence level: 100%)
hash1717
Nanocore RAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
PhotoLoader botnet C2 server (confidence level: 75%)
hash80
PhotoLoader botnet C2 server (confidence level: 75%)
hash80
PhotoLoader botnet C2 server (confidence level: 75%)
hash81
RedLine Stealer botnet C2 server (confidence level: 100%)
hash8082
NjRAT botnet C2 server (confidence level: 100%)
hash80
Vidar botnet C2 server (confidence level: 100%)
hash443
NetSupportManager RAT botnet C2 server (confidence level: 75%)
hash53
PlugX botnet C2 server (confidence level: 75%)
hash443
PlugX botnet C2 server (confidence level: 75%)
hash292a7b8d4cbf7c3b0ea807cbd954018c10404f08a05183adc6ceac55da6c72c0
SMSspy payload (confidence level: 100%)
hashce41d55ee66d509e1e2043d9e238f65a
SMSspy payload (confidence level: 100%)
hasha61a50f712b2cf3262c07ec7516c766e
Confucius payload (confidence level: 100%)
hashb1fecb0b98a86e2243b2163d9d720dc0
Confucius payload (confidence level: 100%)
hash5b817c7dc6bf17ef2fa32136b9c106cd
Confucius payload (confidence level: 100%)
hashf82bd6ccf7370b37b306654a44c3189c
Confucius payload (confidence level: 100%)
hash443
BumbleBee botnet C2 server (confidence level: 75%)
hash443
BumbleBee botnet C2 server (confidence level: 75%)
hash3620561d1194a73957cdf567339dad24
NetSupportManager RAT payload (confidence level: 50%)
hash252dce576f9fbb9aaa7114dd7150f320
NetSupportManager RAT payload (confidence level: 50%)
hashe18250c859bb1eb7c8a17c0697342dd7ff117aecf3bea76911bf846aa8de0f2c
SMSspy payload (confidence level: 100%)
hashed1f25df017ce0b3104641c3acdb31f1
SMSspy payload (confidence level: 100%)
hash57584
Nanocore RAT botnet C2 server (confidence level: 100%)
hash30cd088702cb8c32879c1f56fa6e2e3ec9c070992331ac6f0b96c6b405bdb90a
PlugX payload (confidence level: 50%)
hash443
IcedID botnet C2 server (confidence level: 75%)
hash2086
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash801
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2095
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Vidar botnet C2 server (confidence level: 100%)
hash2311
Mirai botnet C2 server (confidence level: 75%)
hash10006
NjRAT botnet C2 server (confidence level: 100%)

Domain

ValueDescriptionCopy
domainusenlghusk.ml
SMSspy botnet C2 domain (confidence level: 100%)
domainusenlghusk.ga
SMSspy botnet C2 domain (confidence level: 100%)
domain93044live.ml
SMSspy botnet C2 domain (confidence level: 100%)
domaintrionyball.com
IcedID botnet C2 domain (confidence level: 100%)
domainclearhotbeafc.com
IcedID botnet C2 domain (confidence level: 100%)
domainmauraxinus.com
IcedID botnet C2 domain (confidence level: 100%)
domainzalontrackei.com
IcedID botnet C2 domain (confidence level: 100%)
domain52226asdiobioboioie.com
NetSupportManager RAT botnet C2 domain (confidence level: 100%)
domainjjdfu.fun
NetSupportManager RAT payload delivery domain (confidence level: 100%)
domainmyjesusloves.me
FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainbullions.tk
SmokeLoader botnet C2 domain (confidence level: 100%)
domaineyecosl.ga
SmokeLoader botnet C2 domain (confidence level: 100%)
domainmizangs.tw
SmokeLoader botnet C2 domain (confidence level: 100%)
domaintootoo.ga
SmokeLoader botnet C2 domain (confidence level: 100%)
domainvenis.ml
SmokeLoader botnet C2 domain (confidence level: 100%)
domainxpowebs.ga
SmokeLoader botnet C2 domain (confidence level: 100%)
domaintojh5roh4.top
NetSupportManager RAT botnet C2 domain (confidence level: 100%)
domaintcp.wy01.com
PlugX botnet C2 domain (confidence level: 100%)
domainusenlghusk.gq
SMSspy botnet C2 domain (confidence level: 100%)
domainbonimoni.xyz
Confucius botnet C2 domain (confidence level: 100%)
domainviterwin.club
Confucius botnet C2 domain (confidence level: 100%)
domainshaparak.one
SMSspy botnet C2 domain (confidence level: 100%)

Threat ID: 68359c9d5d5f0974d01f4367

Added to database: 5/27/2025, 11:06:05 AM

Last enriched: 7/5/2025, 11:11:51 PM

Last updated: 7/31/2025, 12:27:02 AM

Views: 10

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats