Skip to main content

ThreatFox IOCs for 2022-08-24

Medium
Published: Wed Aug 24 2022 (08/24/2022, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2022-08-24

AI-Powered Analysis

AILast updated: 06/18/2025, 19:17:04 UTC

Technical Analysis

The provided threat information pertains to a collection of Indicators of Compromise (IOCs) published on August 24, 2022, by ThreatFox, a platform specializing in sharing threat intelligence data. The threat is categorized as malware-related and is associated with OSINT (Open Source Intelligence) tools or data. However, no specific malware family, affected software versions, or detailed technical indicators are provided. The threat level is indicated as 2 on an unspecified scale, with a medium severity rating assigned. There are no known exploits in the wild linked to this threat, and no Common Weakness Enumerations (CWEs) or patch information is available. The absence of detailed technical indicators or affected products suggests that this dataset primarily serves as a repository of threat intelligence artifacts rather than describing a novel or active malware campaign. The distribution level is noted as 3, which may imply moderate dissemination or sharing within the cybersecurity community. Overall, this threat entry appears to be a curated set of IOCs intended to aid detection and response efforts rather than describing a direct, exploitable vulnerability or active malware strain.

Potential Impact

Given the lack of specific affected products or versions and the absence of known active exploits, the direct impact on European organizations is likely limited. However, the presence of malware-related IOCs in OSINT repositories can facilitate detection and prevention activities. European organizations that rely heavily on threat intelligence feeds and OSINT data for their cybersecurity operations may benefit from incorporating these IOCs to enhance their detection capabilities. Conversely, if these IOCs are linked to emerging or targeted malware campaigns not yet widely exploited, there could be latent risks, especially for sectors with high exposure to cyber threats such as finance, critical infrastructure, and government entities. The medium severity rating suggests a moderate risk level, emphasizing the importance of vigilance but not indicating an immediate or critical threat.

Mitigation Recommendations

1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to improve detection of related malware activities. 2. Continuously monitor threat intelligence platforms like ThreatFox for updates or additional context that may clarify the nature or scope of this threat. 3. Conduct regular threat hunting exercises using these IOCs to identify any latent infections or suspicious activities within the network. 4. Maintain up-to-date malware signatures and heuristic detection capabilities on all endpoint protection platforms. 5. Enhance user awareness training focused on recognizing malware infection vectors, even though specific vectors are not detailed here. 6. Collaborate with national and European cybersecurity centers (e.g., ENISA) to share intelligence and receive guidance tailored to regional threat landscapes. 7. Implement network segmentation and strict access controls to limit potential malware propagation if detected.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
0a5460c5-e2a0-4a91-8911-fe79cd25e07c
Original Timestamp
1661385784

Indicators of Compromise

Url

ValueDescriptionCopy
urlhttp://194.36.177.98/httpjavascriptuniversallongpoll/imagetomulti.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://114.55.85.235/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://125.32.10.19/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://42.193.15.163/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://116.62.146.245:8082/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://118.195.235.31:8443/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://45.227.252.236/pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://116.62.219.89/pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://1.15.243.161:809/api/x
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://www.wikiknownsec.tk/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://106.13.20.56/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://120.48.109.233/pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://bulksms.ais-wsus.com/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://autodiscover.ondrive-cloud.net/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://38.55.216.66/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://staging.fastpc.be/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://162.213.249.190/?xgold
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://206.188.196.200/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttp://42.192.36.250/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://34.73.57.173/app_com.jsdbx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://www.bankmpi.com/apii/x_snc_sso
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://snow.bankmpi.com/apii/x_snc_sso
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://cdn.tttom.ga:2096/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://rosiyife.com/je.dll
Cobalt Strike payload delivery URL (confidence level: 100%)
urlhttps://rosiyife.com/je.dll
Cobalt Strike payload delivery URL (confidence level: 100%)
urlhttps://195.123.218.99/rp/oldmcxj0rfby1pqiy51xmk-7ecm.gz.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://karahanlilarbilisimhizmerleri34.tk/
Alien botnet C2 (confidence level: 80%)
urlhttps://kayseribldyespr.xyz
Alien botnet C2 (confidence level: 80%)
urlhttp://k94n3pam274d42x.gq
Alien botnet C2 (confidence level: 80%)
urlhttps://amaracentralworldsanal.tk/
Alien botnet C2 (confidence level: 80%)
urlhttp://xc5s.digital
Alien botnet C2 (confidence level: 80%)
urlhttp://simradillard223.top
Hydra botnet C2 (confidence level: 80%)
urlhttps://t.me/v_total
Vidar botnet C2 (confidence level: 100%)
urlhttp://5.254.118.147/
Vidar botnet C2 (confidence level: 100%)
urlhttp://5.254.118.147/719
Vidar botnet C2 (confidence level: 100%)
urlhttp://143.198.133.245:443/pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://194.180.174.118/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttps://gijoxupe.com/styles.css
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://84.32.188.111/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttp://87.120.254.71/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttps://18.134.8.169/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://175.27.190.227/w/index.php
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://cdn.discordapp.com/attachments/739397897157738570/1011812463563518062/camscanner.zip
Agent Tesla payload delivery URL (confidence level: 100%)
urlhttps://oshi.at/tcym
Agent Tesla payload delivery URL (confidence level: 100%)
urlhttps://transfer.sh/get/c7bnen/ic2tlg.txt
Agent Tesla payload delivery URL (confidence level: 100%)
urlhttps://xizojize.com/modules
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://businessservicesolution.com/s/ref=nb_sb_noss_1/235-83634900-1914418/field-keywords=place
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://entertainok.com/jquery-3.5.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://us-central1-tenacious-camp-347220.cloudfunctions.net/search/user
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://deyikurihe.com/tab_home_active.css
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://entertainok.com/jquery-3.5.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://casevor.com/rs.html
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://us-central1-my-gcp-358120.cloudfunctions.net/mobile/v3/links/ping-centre
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://slfcorporate.com/commonlogin/login/onedrive.png
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://167.235.57.39/sqlbettereternal/trackauth7db/0dumpto0/windowsdownloads.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://softloadup.com/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://rawocav.com/fo
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://familyinsurancepartner.com/s/ref=nb_sb_noss_1/235-83634900-1914418/field-keywords=place
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://softloadup.com/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://jatafatuna.com/aa
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://radical-resort-mgw.aws-euw1.cloud-ara.tyk.io/api/v2/login
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://gnomidea.xyz/jquery-3.5.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://gnomidea.xyz/jquery-3.5.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://188.120.228.186/dump/2windowslow6/basesqlvideojavascript/centrallongpolleternal/1pollprivateserver/cpu8game/imagetestimagedle/temp/_lowservertestlocal.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://39.105.98.150/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.35.153.43:8002/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://82.157.247.118:4444/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.99.151.68:5555/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://175.178.41.176/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://89.208.104.89/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttp://148.251.242.103/dcr/javascriptsecureprocessprocessor.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://o3shuzjrnpzf2aiq.online/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttp://193.106.191.199/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttp://45.153.240.189/dr/up_file.php
SMSspy botnet C2 (confidence level: 100%)
urlhttp://45.153.240.189/dr/main.php
SMSspy botnet C2 (confidence level: 100%)
urlhttps://pubumlive.tk/usk
SMSspy botnet C2 (confidence level: 100%)
urlhttps://pubumlive.tk/usk/rat.php
SMSspy botnet C2 (confidence level: 100%)
urlhttps://43.138.68.47:8888/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://42.193.21.170:1443/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.89.241.7:81/ptj
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://112.124.38.57:20001/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://noc.social/@sergeev46
Vidar botnet C2 (confidence level: 100%)
urlhttps://c.im/@sergeev47
Vidar botnet C2 (confidence level: 100%)
urlhttps://zbignef.com/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://duhgfb6e.beget.tech/pythonpollgeomulti.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://84.32.188.210/poll
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://zbignef.com/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)

File

ValueDescriptionCopy
file107.182.129.16
AsyncRAT botnet C2 server (confidence level: 100%)
file114.55.85.235
Cobalt Strike botnet C2 server (confidence level: 100%)
file42.193.15.163
Cobalt Strike botnet C2 server (confidence level: 100%)
file209.25.141.180
NjRAT botnet C2 server (confidence level: 100%)
file45.227.252.236
Cobalt Strike botnet C2 server (confidence level: 100%)
file116.62.219.89
Cobalt Strike botnet C2 server (confidence level: 100%)
file49.234.28.118
Cobalt Strike botnet C2 server (confidence level: 100%)
file218.188.148.16
Cobalt Strike botnet C2 server (confidence level: 100%)
file106.13.20.56
Cobalt Strike botnet C2 server (confidence level: 100%)
file120.48.109.233
Cobalt Strike botnet C2 server (confidence level: 100%)
file5.188.34.247
Cobalt Strike botnet C2 server (confidence level: 100%)
file5.188.230.55
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.55.216.66
Cobalt Strike botnet C2 server (confidence level: 100%)
file3.74.164.47
Cobalt Strike botnet C2 server (confidence level: 100%)
file46.17.101.45
RedLine Stealer botnet C2 server (confidence level: 100%)
file42.192.36.250
Cobalt Strike botnet C2 server (confidence level: 100%)
file42.193.155.183
Cobalt Strike botnet C2 server (confidence level: 100%)
file109.206.241.77
Ave Maria botnet C2 server (confidence level: 75%)
file23.82.141.241
Cobalt Strike botnet C2 server (confidence level: 75%)
file64.44.135.116
Cobalt Strike botnet C2 server (confidence level: 75%)
file146.190.24.131
IcedID botnet C2 server (confidence level: 75%)
file138.124.183.50
Cobalt Strike payload delivery server (confidence level: 75%)
file79.134.225.115
Remcos botnet C2 server (confidence level: 75%)
file195.123.218.99
Cobalt Strike payload delivery server (confidence level: 75%)
file5.252.177.124
RedLine Stealer botnet C2 server (confidence level: 100%)
file157.90.242.133
NetSupportManager RAT botnet C2 server (confidence level: 75%)
file49.233.37.195
Cobalt Strike botnet C2 server (confidence level: 75%)
file49.233.37.195
Cobalt Strike botnet C2 server (confidence level: 75%)
file5.254.118.147
Vidar botnet C2 server (confidence level: 100%)
file46.183.220.114
AdWind botnet C2 server (confidence level: 100%)
file143.198.133.245
Cobalt Strike botnet C2 server (confidence level: 75%)
file20.113.60.65
RedLine Stealer botnet C2 server (confidence level: 100%)
file45.61.48.65
NjRAT botnet C2 server (confidence level: 100%)
file80.76.51.117
STRRAT botnet C2 server (confidence level: 100%)
file45.11.19.66
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.221.105.89
Cobalt Strike botnet C2 server (confidence level: 100%)
file18.134.8.169
Cobalt Strike botnet C2 server (confidence level: 100%)
file175.27.190.227
Cobalt Strike botnet C2 server (confidence level: 100%)
file37.0.14.196
AsyncRAT botnet C2 server (confidence level: 100%)
file37.0.14.196
AsyncRAT botnet C2 server (confidence level: 75%)
file37.0.14.196
AsyncRAT botnet C2 server (confidence level: 75%)
file37.0.14.196
AsyncRAT botnet C2 server (confidence level: 75%)
file3.145.10.52
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.244.150.226
Cobalt Strike botnet C2 server (confidence level: 100%)
file137.184.30.177
Cobalt Strike botnet C2 server (confidence level: 100%)
file64.44.141.124
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.244.150.226
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.173.34.120
Cobalt Strike botnet C2 server (confidence level: 100%)
file206.189.236.243
Cobalt Strike botnet C2 server (confidence level: 100%)
file54.228.20.50
Cobalt Strike botnet C2 server (confidence level: 100%)
file94.232.41.105
Cobalt Strike botnet C2 server (confidence level: 100%)
file23.108.57.108
Cobalt Strike botnet C2 server (confidence level: 100%)
file3.13.126.118
Cobalt Strike botnet C2 server (confidence level: 100%)
file94.232.41.105
Cobalt Strike botnet C2 server (confidence level: 100%)
file64.44.98.162
Cobalt Strike botnet C2 server (confidence level: 100%)
file5.199.162.67
Cobalt Strike botnet C2 server (confidence level: 100%)
file42.194.227.196
Cobalt Strike botnet C2 server (confidence level: 100%)
file37.139.129.91
Nanocore RAT botnet C2 server (confidence level: 100%)
file176.113.83.83
Cobalt Strike botnet C2 server (confidence level: 75%)
file176.113.83.83
Cobalt Strike botnet C2 server (confidence level: 75%)
file195.242.110.7
Nanocore RAT botnet C2 server (confidence level: 100%)
file193.233.193.1
RedLine Stealer botnet C2 server (confidence level: 100%)
file195.201.97.204
RedLine Stealer botnet C2 server (confidence level: 100%)
file162.55.163.158
RedLine Stealer botnet C2 server (confidence level: 100%)
file39.105.98.150
Cobalt Strike botnet C2 server (confidence level: 100%)
file175.178.41.176
Cobalt Strike botnet C2 server (confidence level: 100%)
file65.21.176.128
RedLine Stealer botnet C2 server (confidence level: 100%)
file65.108.74.164
RedLine Stealer botnet C2 server (confidence level: 100%)
file164.92.113.92
AsyncRAT botnet C2 server (confidence level: 100%)
file34.141.92.1
SectopRAT botnet C2 server (confidence level: 100%)
file91.193.75.144
Nanocore RAT botnet C2 server (confidence level: 100%)
file91.198.77.213
RedLine Stealer botnet C2 server (confidence level: 100%)
file45.95.169.31
Mirai botnet C2 server (confidence level: 75%)
file45.153.240.189
SMSspy botnet C2 server (confidence level: 100%)
file45.153.240.189
SMSspy botnet C2 server (confidence level: 100%)
file88.198.122.126
RedLine Stealer botnet C2 server (confidence level: 100%)
file45.14.224.231
Mirai botnet C2 server (confidence level: 75%)
file185.173.34.185
IcedID botnet C2 server (confidence level: 75%)
file20.197.199.136
SMSspy botnet C2 server (confidence level: 100%)
file20.197.199.136
SMSspy botnet C2 server (confidence level: 100%)
file38.242.232.9
Mirai botnet C2 server (confidence level: 75%)
file163.123.143.129
Mirai botnet C2 server (confidence level: 75%)
file45.10.244.135
RedLine Stealer botnet C2 server (confidence level: 100%)
file84.32.188.210
Cobalt Strike botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash8010
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash57644
NjRAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash809
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1640630973ae9cdaa4c7f8dfc2c501cd
Remcos payload (confidence level: 50%)
hash37d2d87f110760705ea13cb03412c3b4
Xloader payload (confidence level: 50%)
hash467146189b752d313662f54226fccda2
LokiBot payload (confidence level: 50%)
hashd040c23617278eebbcc57a579deac005
LokiBot payload (confidence level: 50%)
hash614ff505dc58f051050d703e886a9f9b
LokiBot payload (confidence level: 50%)
hash6d3c6479498d829d55a98b0ad43a89d1
LokiBot payload (confidence level: 50%)
hash726f4f69d769d40cbb20c8781798ff06
LokiBot payload (confidence level: 50%)
hashb9dfbb9fb9d03e8c814b218feaba6885
LokiBot payload (confidence level: 50%)
hashcab217e06f7f89a2ba7004b703861814
LokiBot payload (confidence level: 50%)
hashcea2123ecdbc5b5cb2759109f214caca
LokiBot payload (confidence level: 50%)
hashcdd59cca433f1b7384d7eb3107c75637
Ave Maria payload (confidence level: 50%)
hash78df902b69abcf924de56f28206f9f7b
Ave Maria payload (confidence level: 50%)
hash7777
RedLine Stealer botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2096
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5050
Ave Maria botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
IcedID botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike payload delivery server (confidence level: 75%)
hashe4ffdbfb5878a94d27139e2e7ff3b5b91944e1434935028a3c34894988b353bf
Cobalt Strike payload (confidence level: 100%)
hash501c05b11d90bbcc5b9439a41a66f9a4e1704447f795ce336492eb5e25c4ef8a
IcedID payload (confidence level: 100%)
hash7d0f80026a49bdc5c9e6b6bb614b37a9edbb0ca50127c7078ff52d4fc729afa8
IcedID payload (confidence level: 100%)
hash6061
Remcos botnet C2 server (confidence level: 75%)
hash73d7c21952995d7f276c123ac4604fb8
Remcos payload (confidence level: 100%)
hash8233ec123d1b8059727e6dd5298a7ba3
Remcos payload (confidence level: 100%)
hash5564815065fcdecb2488c434ff5f3ed0
Remcos payload (confidence level: 100%)
hash4b04a1aed8a1398e7d0139f367917d8e
Remcos payload (confidence level: 100%)
hash5a060aa2e0e82ee0b03b65ce9ed52c2f
Remcos payload (confidence level: 100%)
hashc135c2dad6b8d014bfd512fd94d31200
Remcos payload (confidence level: 100%)
hash135a1b45054fd8c36e854fb696d7391a
Remcos payload (confidence level: 100%)
hash443
Cobalt Strike payload delivery server (confidence level: 75%)
hash17129
RedLine Stealer botnet C2 server (confidence level: 100%)
hash443
NetSupportManager RAT botnet C2 server (confidence level: 75%)
hashbd8e9a2005afaaaa460183599dac2b79
NetSupportManager RAT payload (confidence level: 100%)
hash0c1a26268a4523e8951ff41617ff43271e91aaf617a1c64a8eee4a7ba191bc70
NetSupportManager RAT payload (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
Vidar botnet C2 server (confidence level: 100%)
hash44147
AdWind botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash17541
RedLine Stealer botnet C2 server (confidence level: 100%)
hash8486
NjRAT botnet C2 server (confidence level: 100%)
hash3608
STRRAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2050
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 75%)
hash7707
AsyncRAT botnet C2 server (confidence level: 75%)
hash8808
AsyncRAT botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9921
Nanocore RAT botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash54984
Nanocore RAT botnet C2 server (confidence level: 100%)
hash8163
RedLine Stealer botnet C2 server (confidence level: 100%)
hash5502
RedLine Stealer botnet C2 server (confidence level: 100%)
hash81
RedLine Stealer botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8854
RedLine Stealer botnet C2 server (confidence level: 100%)
hash46235
RedLine Stealer botnet C2 server (confidence level: 100%)
hash9007
AsyncRAT botnet C2 server (confidence level: 100%)
hash15647
SectopRAT botnet C2 server (confidence level: 100%)
hash7688
Nanocore RAT botnet C2 server (confidence level: 100%)
hash39963
RedLine Stealer botnet C2 server (confidence level: 100%)
hash65420
Mirai botnet C2 server (confidence level: 75%)
hashd39434517a7a7d6bc62fe68d8bd4e43b4132734bcf7abcd6f3eec8de3eb23fcf
SMSspy payload (confidence level: 100%)
hash8909eb0f03bc6a40188f0032de1e75a5
SMSspy payload (confidence level: 100%)
hash80
SMSspy botnet C2 server (confidence level: 100%)
hash443
SMSspy botnet C2 server (confidence level: 100%)
hash200d2982befe9cf76a83082e423757e7ac8c80aa5c0adf19151171b586615d3c
SMSspy payload (confidence level: 100%)
hash0e21c7d01f17601c5f7429e462f18fb6
SMSspy payload (confidence level: 100%)
hashe32f1ebc24b1cc88abfbbab116c4a0fe
Remcos payload (confidence level: 50%)
hash1af8f845e396e6b0f6f04832a7bc286f
Remcos payload (confidence level: 50%)
hash28786
RedLine Stealer botnet C2 server (confidence level: 100%)
hash38241
Mirai botnet C2 server (confidence level: 75%)
hashe7dca3774e8acb7fff77b734eaa8bfd827991c5d98547b00f7e06bcf3d92025a
SMSspy payload (confidence level: 100%)
hash1fa3fc9ac5eb03d95bfa401a26111447
SMSspy payload (confidence level: 100%)
hash443
IcedID botnet C2 server (confidence level: 75%)
hash33b2e37b4ee06fa3b1e3fb0879c6f596
SMSspy payload (confidence level: 100%)
hash8cfec8fa2f09d0d7d3b8f9a07d45e2b709c1cd5785964f7c745b81fb8a472c8e
SMSspy payload (confidence level: 100%)
hash80
SMSspy botnet C2 server (confidence level: 100%)
hash443
SMSspy botnet C2 server (confidence level: 100%)
hash72a7479f2c048cfe2a815d008e15e1f0c9108f703dac2048d85b54891d825d34
Remcos payload (confidence level: 100%)
hash476ecc236af35bdf1f6e48ba5b2edf0c004ce08e5e7fda4793eb383c4424fcbf
Remcos payload (confidence level: 100%)
hash2a9e05b2473b567be09b46aca53eaba42e44e77b395d618b8765ff8e26b793a8
Remcos payload (confidence level: 100%)
hash62ed1666f0b8e675d3b0f3a4aad789a2e16ff1678c790675760f5e512a573fd1
Remcos payload (confidence level: 100%)
hash568080becc828ef880efd876a95107ce0075ed3042e42b027092bbf2cd2dbab3
Remcos payload (confidence level: 100%)
hash730ea54d9c8d212a53966aa93d72359a310027913356f35ce7156e727cf3f36e
Remcos payload (confidence level: 100%)
hashf6baa85630ab17c417817ca73dfa5b6173c450adc697d5b7b9b9571da6204491
Remcos payload (confidence level: 100%)
hash9f3e13d18b8a8b2b6b06614c22fc6898d26f533b27a3743ced0f2b80a1a388b6
Remcos payload (confidence level: 100%)
hash74b1f33dc283a64df996251ad950a1c8bdba5ab77da45c97233972d2a8c17056
Remcos payload (confidence level: 100%)
hashbe371a9f875f59b6c8a0952d0b9e6a233fb59b382cc75b73c7f86ed3ad47c032
Remcos payload (confidence level: 100%)
hash4ffbc13311a6d28a00c606d7a09aa190d6f2fc7320bae8d33a527584c3b8c3de
Remcos payload (confidence level: 100%)
hash1a9449eb429ea1c829080ee13d587a0c799f8ee4f4dca0182f446ce3baa92514
Remcos payload (confidence level: 100%)
hash983062aeeda99cea87f22fb07cb07b6394ace16f3c0fa75bafeb77dee7e6e70b
Remcos payload (confidence level: 100%)
hash913177610cfeba4d61f2f314a2f171eb5d58d94cfd4ea23bc5d64c191da48bf4
Remcos payload (confidence level: 100%)
hash7c974f8bbb5cc4a7d64851bb3cf7b3771157bcf6eb16e138ac428285e8276329
Remcos payload (confidence level: 100%)
hash59d26fa675cac7fdf3c0fa7f5869ecc1691eb132faf4dfab5ecd1c01f47cfade
Remcos payload (confidence level: 100%)
hash79591c17fbca50b3698fd0176958e394dd500e7afdd75b5b33cd31095665caa2
Remcos payload (confidence level: 100%)
hash70cc967bd87da77e09cb90c133004030494e57f4d31ff4cb13190b4b0f2ae2d2
Remcos payload (confidence level: 100%)
hash33d162ae0ce513f3f293d2126da7f55a7d2e996f6d4950154409f981fd294995
Remcos payload (confidence level: 100%)
hashd04202ed55cbf52f7da6dce7cefe20c825b6af56b34ea51af27943fcf6351b9c
Remcos payload (confidence level: 100%)
hashb6c5f273c2046aeeaea23da57aec949e0db028924760b2b4b90b599981fd1b91
Remcos payload (confidence level: 100%)
hashcd16a976752eb957a3386413f9010ac62784f3d66eed3fac23e1b164b0648d26
Remcos payload (confidence level: 100%)
hash449150589fdd027cc4bb469440ca5d4a4a15d9b9b940b06cc03c048256daa6db
Remcos payload (confidence level: 100%)
hash9e11a6c976f4069202a945956a75354c69463e73bcabd8acf15f3288f8c1194f
Remcos payload (confidence level: 100%)
hash222a4225bda723f5bc31062751a4b79a037228d104efbc2dd9a328e228566ab0
Remcos payload (confidence level: 100%)
hashdcd9e19d372d46947e9dd9945380107acccd0e55ed966587e123edeb587c7b30
Remcos payload (confidence level: 100%)
hash1dab2d0393232cb023ddb4940bdb40eef7391d5c7a461717aca5d34e8b80dcd7
Remcos payload (confidence level: 100%)
hashf575b254b8d3b01056e06c8d16246617e503bb95cad99f7b011978055e306b99
Remcos payload (confidence level: 100%)
hasha8ea6d7396aee16dfaa77560df46c54e21d723d5e8af2849a7fa52499c31573c
Remcos payload (confidence level: 100%)
hash92dfb3c31bc3fd90f36666807e165fccd6595a9db35ff6bdcc60423ca7d77112
Remcos payload (confidence level: 100%)
hasha045dfdb73b616d367da68b234f049371a0aa819451b43614a5e73be659842d1
Remcos payload (confidence level: 100%)
hashfd1230eb9856c30e3042cef1c82721e5bcc4af0236e2686c3aafa4fbce428d93
Remcos payload (confidence level: 100%)
hash80c4fe6f469654a21e5e08f5c7b5297f3ea13426458c24a0be5bd89b2e0072c1
Remcos payload (confidence level: 100%)
hashb4c8a357a3699844596921ab6283c51f95ef326251b1e688d883128bdfee8420
Remcos payload (confidence level: 100%)
hasha112089a6dda6bb9ad5113d603a23a0af0b5eba0f32a6aac937293d62335fe85
Remcos payload (confidence level: 100%)
hash61231
Mirai botnet C2 server (confidence level: 75%)
hash1991
Mirai botnet C2 server (confidence level: 75%)
hash80
RedLine Stealer botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)

Domain

ValueDescriptionCopy
domainkashbilly.duckdns.org
Ave Maria botnet C2 domain (confidence level: 100%)
domainxizojize.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainjejonebew.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainrosiyife.com
Cobalt Strike payload delivery domain (confidence level: 100%)
domainbitm.dvrlists.com
Remcos botnet C2 domain (confidence level: 100%)
domainaisdyhvuekmfa33.cn
NetSupportManager RAT botnet C2 domain (confidence level: 100%)
domainsdfijiusgydygbugjsadifr.com
NetSupportManager RAT botnet C2 domain (confidence level: 100%)
domainiurb.top
NetSupportManager RAT botnet C2 domain (confidence level: 100%)
domainrijd.fun
NetSupportManager RAT payload delivery domain (confidence level: 100%)
domaindfuy.fun
NetSupportManager RAT payload delivery domain (confidence level: 100%)
domainwww.ba1idu.tk
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaingnomidea.xyz
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaindayzabazenb.com
IcedID botnet C2 domain (confidence level: 100%)
domaincleverchaosname.com
IcedID botnet C2 domain (confidence level: 100%)
domainweolaneocar.com
IcedID botnet C2 domain (confidence level: 100%)
domainnet-freebami.tk
SMSspy botnet C2 domain (confidence level: 100%)
domainpubumlive.tk
SMSspy botnet C2 domain (confidence level: 100%)
domainasdl-ilran.tk
SMSspy botnet C2 domain (confidence level: 100%)
domainmr-best-ir.tk
SMSspy credit card skimming domain (confidence level: 100%)

Threat ID: 682b7b9cd3ddd8cef2e53d8e

Added to database: 5/19/2025, 6:42:36 PM

Last enriched: 6/18/2025, 7:17:04 PM

Last updated: 8/15/2025, 4:24:56 PM

Views: 10

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats