ThreatFox IOCs for 2022-10-01
ThreatFox IOCs for 2022-10-01
AI Analysis
Technical Summary
The provided threat intelligence relates to a collection of Indicators of Compromise (IOCs) published on October 1, 2022, by ThreatFox, a platform that aggregates and shares threat intelligence data. The threat is categorized as malware-related and is associated with OSINT (Open Source Intelligence) tools or data. However, there are no specific affected product versions, no detailed technical indicators, no known exploits in the wild, and no associated Common Weakness Enumerations (CWEs) listed. The threat level is indicated as 2 on an unspecified scale, with a medium severity classification. The technical details suggest moderate distribution (level 3) but low threat level (2) and minimal analysis (1), implying limited available information or early-stage intelligence. The absence of patch links and exploit data indicates that this threat is either newly identified or not actively exploited. The lack of indicators and specific malware characteristics limits the ability to perform a deep technical dissection, but the classification as malware and OSINT-related suggests that the threat may involve the use or dissemination of malicious code or data sets that could be leveraged for reconnaissance or further attacks.
Potential Impact
Given the limited information and the absence of active exploitation reports, the immediate impact on European organizations is likely to be low to medium. However, the presence of malware-related IOCs in OSINT repositories can facilitate reconnaissance and targeting by threat actors, potentially leading to more sophisticated attacks if these IOCs are integrated into attack frameworks. European organizations relying heavily on OSINT for threat detection or intelligence gathering may be indirectly affected if these IOCs are inaccurate or manipulated. Additionally, sectors with high reliance on open-source threat data, such as cybersecurity firms, government CERTs, and critical infrastructure operators, might experience increased alert volumes or false positives, impacting operational efficiency. Without active exploitation, direct confidentiality, integrity, or availability impacts are minimal, but the potential for future exploitation exists if threat actors leverage these IOCs for targeted campaigns.
Mitigation Recommendations
1. Enhance OSINT Verification Processes: European organizations should implement rigorous validation and correlation of OSINT-derived IOCs before integrating them into detection systems to reduce false positives and avoid reliance on unverified data. 2. Continuous Monitoring and Threat Hunting: Establish proactive threat hunting practices that incorporate these IOCs cautiously, focusing on contextual analysis rather than automated blocking. 3. Collaboration with Trusted Intelligence Sources: Engage with reputable threat intelligence sharing communities and national CERTs to receive vetted and contextualized intelligence. 4. Harden Endpoint and Network Defenses: Maintain updated endpoint protection platforms and network intrusion detection systems configured to detect generic malware behaviors, as specific signatures for this threat are unavailable. 5. Employee Awareness and Training: Educate staff on the risks of OSINT manipulation and the importance of verifying threat intelligence before operational use. 6. Incident Response Preparedness: Prepare incident response teams to analyze and respond to potential malware detections linked to these IOCs, even if currently no active exploits are known.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- file: 185.241.208.228
- hash: 28532
- file: 85.31.46.179
- hash: 59666
- url: http://service-0he06v3c-1255498499.hk.apigw.tencentcs.com/api/x
- file: 43.135.70.137
- hash: 80
- url: http://39.98.115.22:8988/fwlink
- url: http://49.7.225.77:5555/en_us/all.js
- url: https://193.239.84.150/ptj
- url: https://www.updategateway.com/ca
- file: 193.239.84.150
- hash: 443
- url: http://199.195.252.92/ga.js
- file: 199.195.252.92
- hash: 80
- url: https://152.136.96.44:44309/visit.js
- url: https://129.226.207.99:42443/updates.rss
- file: 72.14.178.145
- hash: 80
- url: http://179.60.150.33/fwlink
- file: 179.60.150.33
- hash: 80
- url: http://93.185.166.129/activity
- file: 93.185.166.129
- hash: 80
- file: 120.48.116.48
- hash: 888
- url: http://192.168.1.192/j.ad
- url: http://20.4.71.51/pixel.gif
- file: 20.4.71.51
- hash: 80
- url: https://106.13.63.18/j.ad
- file: 106.13.63.18
- hash: 443
- url: http://135.181.132.179:8080/dpixel
- file: 13.80.126.214
- hash: 9214
- file: 109.107.185.183
- hash: 80
- domain: attack.tamkjll.com
- hash: 3f715efb2327f160a06b5fb91ff043838f838c1324d1612796869bc88099d949
- hash: a230eed6c31e907e5d2b65d66b89cff7241a6f75c5c0120bb02c48651a355926
- hash: f8751cbd7a69c51f96859205a51d1b6cfd8f6bfa3f37312a5cdfb739b735b7a2
- hash: 7508fdb7aecf28b5881f0b2801fadd467c16698dd9d5ce0d94c61e5882e9ae17
- hash: b60c6fe38d8e3b11e63c02947065f5178c03576cb824ed42be4263771d2b2c70
- hash: 16df4e33a8ad8f7d5dc05f8f9aaf4b7572a6455da6529395629b9fe2ad0c72fe
- hash: 24ca39ccace49971fd87f948fec04c662ae322027d888aa2299e81c50be15888
- hash: 661c8a2520cf4f048e01ba51e7c445afdd8171e282a8cddfe74ee1fb0f590a64
- hash: 771c17eaca3fb90d5e4afd90812da959cb08d8d465e46f36a81ca513ff1b9f88
- hash: 2dd43f7a68ab5a44b61b369cc0ce42bc4959719e8254f57108432e6835edecb0
- hash: 2413e610405730c02446e969649133c3db246416e9e9ea4bdeb0b699b5af8c07
- hash: 20056729e56c5d930cd2fd356e008cc4f6f3393c78e8b9e8a169d4699a7ada77
- hash: 1634f604f82a4dcd4bd5c0c429b6900bc1ccdd94cda6bf10d065bfeb5624db70
- hash: 76230c373317532dae95df18c56918d990a4b80f67fd63ebd7976c3631ae24c0
- hash: 0d2dfad8f2fee886639de5f56d2d8c129b41952af681b2d868962281fcc43242
- hash: 2dadaa9ec233b1e74db24afd4a2395ea54a2521c773332e8c44557c1a69e579b
- hash: 32f10ca118050cea3444bb60dfaba24690c8c180bef78da3a261050365847374
- hash: bf6224df87e6501bdab5c18e973eedc06c1d9879836b65c67e85979d2f6d30e0
- hash: 39300a52e58452020647c9eed0ae4654ea1a85baa3c2a1525621fcc4985e2c75
- hash: 21c6814ddd7d927bd19fdb20f9f69f835788263f3a8ec262266f643923e75543
- hash: ead80e9bd0269ec7edf8c3c47f9392f7cd25e775fb4f249f0bee2291ce7f72c1
- hash: 9b5ea5eb70fbad2933d2c62b86c970690ecea9b4e48f49090f65e6c647ff17af
- hash: b5ff437a642a6923f706d9c6450b05bdb65bf75404783da434ba6d1e4f330b4b
- hash: 0a02b6515611315a1c3aa31d82d5ded591c33477c7fe5b610cdeedfe26e748b6
- hash: 570654183f21ba54283eff62c4b0e07f55679c3fe6e5da75271e8af5fce81d7d
- hash: 4b84e75d5a11eb3c600798b73d46ee616af9ae4566e812c4440a600ef3fde3e0
- hash: d8e21d1d4982a28fe68748b7ca851e8cb334066af2db89d653cf99b589c2a95a
- url: http://43.139.15.92:2004/pixel
- url: http://43.142.150.154:9099/en_us/all.js
- url: http://43.142.150.154:8081/ga.js
- url: http://47.106.195.182:12358/g.pixel
- url: http://42.193.127.48:10001/en_us/all.js
- file: 43.140.200.250
- hash: 10001
- url: http://43.138.62.36:9000/dpixel
- url: http://43.142.150.154:55555/push
- url: http://47.94.103.119:8443/j.ad
- url: http://47.115.50.66:12315/pixel.gif
- url: http://61.177.56.27:8888/ga.js
- url: http://39.105.154.122:8078/visit.js
- file: 47.94.103.119
- hash: 8078
- url: https://59.110.169.75/cx
- file: 80.92.206.11
- hash: 43781
- file: 59.110.169.75
- hash: 443
- file: 45.61.187.18
- hash: 590
- file: 141.95.84.40
- hash: 3001
- url: http://80.87.202.7/linepythonrequestflowergenerator.php
- url: http://cleanhomemade.com/clean/logout.php
- url: http://124.222.2.15:9898/pixel.gif
- url: http://124.222.2.15:9991/updates.rss
- file: 3.67.15.169
- hash: 19729
- file: 3.68.56.232
- hash: 19729
- file: 35.157.111.131
- hash: 19729
- file: 3.126.224.214
- hash: 19729
- url: http://ipvhosted.duckdns.org/hosted/fre.php
- url: http://www.sahebzaman.org/includes/css/load.php
- url: http://ipvhosted.duckdns.org:6060/hosted/fre.php
- url: http://mayoristas.divisared.es/ajax/support.php
- url: http://www.globsyn.com/stylesheet/text/info.php
- url: http://ns1.globsynbschool.com/wp-poster.php
- url: http://www.climetrics.com/wp-includes/js/swf/wp-form.php
- file: 37.139.129.71
- hash: 7712
- file: 18.198.77.177
- hash: 17824
- file: 3.127.59.75
- hash: 17824
- file: 3.127.253.86
- hash: 17824
- file: 3.121.139.82
- hash: 17824
- file: 93.159.221.122
- hash: 8387
- file: 45.154.98.214
- hash: 6606
- file: 94.140.112.147
- hash: 80
- hash: 7a6c5815545f2172e0717732eb817b464b324c7a218b85266d5ccfdb62423cda
- file: 45.89.55.177
- hash: 80
- url: https://t.me/dsjdsnxshjx
- file: 45.89.55.176
- hash: 80
- file: 116.202.5.121
- hash: 80
- url: http://t.me/dsjdsnxshjx
- url: http://116.202.2.236/1134
- url: http://116.202.5.121/517
- url: http://116.202.5.121/1597
- url: http://45.89.55.177/
- url: http://45.89.55.176/
- file: 193.3.23.216
- hash: 80
- file: 45.140.188.33
- hash: 420
- file: 209.25.140.180
- hash: 27725
- file: 162.246.185.103
- hash: 2022
- url: https://buworomu.com/profile.css
- file: 79.137.195.130
- hash: 80
- url: http://116.202.5.121/1375
- file: 5.199.168.214
- hash: 80
- url: https://service-lagbs0nj-1312435925.bj.apigw.tencentcs.com/api/getit
- url: https://43.138.244.156:8080/api/renew/ocs1
- url: https://120.48.116.48:8081/push
- file: 146.70.147.39
- hash: 443
- file: 45.66.249.239
- hash: 81
- url: http://51.104.40.109/
- file: 199.59.243.222
- hash: 80
- url: http://168.119.110.90/
- url: https://ahmetfirarda.xyz
- url: http://elbetolacakbirgece13.com
- url: http://comolokko4152ertausicken.gq/
- file: 87.251.79.110
- hash: 8080
- file: 52.90.30.10
- hash: 7707
- url: http://siiigroup.com/men/five/fre.php
- url: http://83.220.168.32/basepiperequest/linux/2track/pipesecurewindowsdownloads.php
- file: 89.23.96.176
- hash: 45688
- file: 164.92.228.61
- hash: 443
- url: http://92.63.99.234/update/centralproviderdle/imagerequestdownloadssecure/sql/uploads/9/windowspolltestwordpress/cpu/db/requestupdate/localpacketwindowswp/dle/base/imageservergeneratorpublic.php
- url: http://185.106.92.25/
- url: https://193.38.54.73/g.pixel
- file: 193.38.54.73
- hash: 443
- url: http://94.158.244.96/ie9compatviewlist.xml
- file: 94.158.244.96
- hash: 80
- url: http://45.77.25.230:1433/push
- url: https://5.8.18.117/ga.js
- file: 5.8.18.117
- hash: 443
- url: http://47.98.234.230/pixel.gif
- file: 47.98.234.230
- hash: 80
- url: http://45.227.253.58:10000/ga.js
- url: http://95.179.222.63:8080/ca
- url: http://144.34.169.30:8888/g.pixel
- url: http://43.142.138.251:9090/dot.gif
- url: http://68.183.116.24/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
- file: 68.183.116.24
- hash: 80
- url: https://3.139.100.167/activity
- file: 3.139.100.167
- hash: 443
- url: http://service-nplaztqm-1252551592.gz.apigw.tencentcs.com/api/getit
- file: 149.28.91.114
- hash: 8081
ThreatFox IOCs for 2022-10-01
Description
ThreatFox IOCs for 2022-10-01
AI-Powered Analysis
Technical Analysis
The provided threat intelligence relates to a collection of Indicators of Compromise (IOCs) published on October 1, 2022, by ThreatFox, a platform that aggregates and shares threat intelligence data. The threat is categorized as malware-related and is associated with OSINT (Open Source Intelligence) tools or data. However, there are no specific affected product versions, no detailed technical indicators, no known exploits in the wild, and no associated Common Weakness Enumerations (CWEs) listed. The threat level is indicated as 2 on an unspecified scale, with a medium severity classification. The technical details suggest moderate distribution (level 3) but low threat level (2) and minimal analysis (1), implying limited available information or early-stage intelligence. The absence of patch links and exploit data indicates that this threat is either newly identified or not actively exploited. The lack of indicators and specific malware characteristics limits the ability to perform a deep technical dissection, but the classification as malware and OSINT-related suggests that the threat may involve the use or dissemination of malicious code or data sets that could be leveraged for reconnaissance or further attacks.
Potential Impact
Given the limited information and the absence of active exploitation reports, the immediate impact on European organizations is likely to be low to medium. However, the presence of malware-related IOCs in OSINT repositories can facilitate reconnaissance and targeting by threat actors, potentially leading to more sophisticated attacks if these IOCs are integrated into attack frameworks. European organizations relying heavily on OSINT for threat detection or intelligence gathering may be indirectly affected if these IOCs are inaccurate or manipulated. Additionally, sectors with high reliance on open-source threat data, such as cybersecurity firms, government CERTs, and critical infrastructure operators, might experience increased alert volumes or false positives, impacting operational efficiency. Without active exploitation, direct confidentiality, integrity, or availability impacts are minimal, but the potential for future exploitation exists if threat actors leverage these IOCs for targeted campaigns.
Mitigation Recommendations
1. Enhance OSINT Verification Processes: European organizations should implement rigorous validation and correlation of OSINT-derived IOCs before integrating them into detection systems to reduce false positives and avoid reliance on unverified data. 2. Continuous Monitoring and Threat Hunting: Establish proactive threat hunting practices that incorporate these IOCs cautiously, focusing on contextual analysis rather than automated blocking. 3. Collaboration with Trusted Intelligence Sources: Engage with reputable threat intelligence sharing communities and national CERTs to receive vetted and contextualized intelligence. 4. Harden Endpoint and Network Defenses: Maintain updated endpoint protection platforms and network intrusion detection systems configured to detect generic malware behaviors, as specific signatures for this threat are unavailable. 5. Employee Awareness and Training: Educate staff on the risks of OSINT manipulation and the importance of verifying threat intelligence before operational use. 6. Incident Response Preparedness: Prepare incident response teams to analyze and respond to potential malware detections linked to these IOCs, even if currently no active exploits are known.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- f64eb239-fe4e-48ae-bf4e-96060fb697ce
- Original Timestamp
- 1664668985
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file185.241.208.228 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file85.31.46.179 | Mirai botnet C2 server (confidence level: 75%) | |
file43.135.70.137 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file193.239.84.150 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file199.195.252.92 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file72.14.178.145 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file179.60.150.33 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file93.185.166.129 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.48.116.48 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file20.4.71.51 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.13.63.18 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file13.80.126.214 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file109.107.185.183 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file43.140.200.250 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.94.103.119 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file80.92.206.11 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file59.110.169.75 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.61.187.18 | Mirai botnet C2 server (confidence level: 75%) | |
file141.95.84.40 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.67.15.169 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.68.56.232 | NjRAT botnet C2 server (confidence level: 100%) | |
file35.157.111.131 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.126.224.214 | NjRAT botnet C2 server (confidence level: 100%) | |
file37.139.129.71 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file18.198.77.177 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.127.59.75 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.127.253.86 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.121.139.82 | NjRAT botnet C2 server (confidence level: 100%) | |
file93.159.221.122 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file45.154.98.214 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file94.140.112.147 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file45.89.55.177 | Vidar botnet C2 server (confidence level: 100%) | |
file45.89.55.176 | Vidar botnet C2 server (confidence level: 100%) | |
file116.202.5.121 | Vidar botnet C2 server (confidence level: 100%) | |
file193.3.23.216 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file45.140.188.33 | Bashlite botnet C2 server (confidence level: 75%) | |
file209.25.140.180 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file162.246.185.103 | NjRAT botnet C2 server (confidence level: 100%) | |
file79.137.195.130 | Vidar botnet C2 server (confidence level: 100%) | |
file5.199.168.214 | PhotoLoader botnet C2 server (confidence level: 75%) | |
file146.70.147.39 | BumbleBee botnet C2 server (confidence level: 75%) | |
file45.66.249.239 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file199.59.243.222 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file87.251.79.110 | Ficker Stealer botnet C2 server (confidence level: 100%) | |
file52.90.30.10 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file89.23.96.176 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file164.92.228.61 | IcedID botnet C2 server (confidence level: 75%) | |
file193.38.54.73 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file94.158.244.96 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file5.8.18.117 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.98.234.230 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file68.183.116.24 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file3.139.100.167 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.28.91.114 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash28532 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash59666 | Mirai botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9214 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash80 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash3f715efb2327f160a06b5fb91ff043838f838c1324d1612796869bc88099d949 | Mirai payload (confidence level: 100%) | |
hasha230eed6c31e907e5d2b65d66b89cff7241a6f75c5c0120bb02c48651a355926 | Mirai payload (confidence level: 100%) | |
hashf8751cbd7a69c51f96859205a51d1b6cfd8f6bfa3f37312a5cdfb739b735b7a2 | Mirai payload (confidence level: 100%) | |
hash7508fdb7aecf28b5881f0b2801fadd467c16698dd9d5ce0d94c61e5882e9ae17 | Mirai payload (confidence level: 100%) | |
hashb60c6fe38d8e3b11e63c02947065f5178c03576cb824ed42be4263771d2b2c70 | Mirai payload (confidence level: 100%) | |
hash16df4e33a8ad8f7d5dc05f8f9aaf4b7572a6455da6529395629b9fe2ad0c72fe | Mirai payload (confidence level: 100%) | |
hash24ca39ccace49971fd87f948fec04c662ae322027d888aa2299e81c50be15888 | Mirai payload (confidence level: 100%) | |
hash661c8a2520cf4f048e01ba51e7c445afdd8171e282a8cddfe74ee1fb0f590a64 | Mirai payload (confidence level: 100%) | |
hash771c17eaca3fb90d5e4afd90812da959cb08d8d465e46f36a81ca513ff1b9f88 | Mirai payload (confidence level: 100%) | |
hash2dd43f7a68ab5a44b61b369cc0ce42bc4959719e8254f57108432e6835edecb0 | Mirai payload (confidence level: 100%) | |
hash2413e610405730c02446e969649133c3db246416e9e9ea4bdeb0b699b5af8c07 | Mirai payload (confidence level: 100%) | |
hash20056729e56c5d930cd2fd356e008cc4f6f3393c78e8b9e8a169d4699a7ada77 | Mirai payload (confidence level: 100%) | |
hash1634f604f82a4dcd4bd5c0c429b6900bc1ccdd94cda6bf10d065bfeb5624db70 | Mirai payload (confidence level: 100%) | |
hash76230c373317532dae95df18c56918d990a4b80f67fd63ebd7976c3631ae24c0 | Mirai payload (confidence level: 100%) | |
hash0d2dfad8f2fee886639de5f56d2d8c129b41952af681b2d868962281fcc43242 | Mirai payload (confidence level: 100%) | |
hash2dadaa9ec233b1e74db24afd4a2395ea54a2521c773332e8c44557c1a69e579b | Mirai payload (confidence level: 100%) | |
hash32f10ca118050cea3444bb60dfaba24690c8c180bef78da3a261050365847374 | Mirai payload (confidence level: 100%) | |
hashbf6224df87e6501bdab5c18e973eedc06c1d9879836b65c67e85979d2f6d30e0 | Mirai payload (confidence level: 100%) | |
hash39300a52e58452020647c9eed0ae4654ea1a85baa3c2a1525621fcc4985e2c75 | Mirai payload (confidence level: 100%) | |
hash21c6814ddd7d927bd19fdb20f9f69f835788263f3a8ec262266f643923e75543 | Mirai payload (confidence level: 100%) | |
hashead80e9bd0269ec7edf8c3c47f9392f7cd25e775fb4f249f0bee2291ce7f72c1 | Mirai payload (confidence level: 100%) | |
hash9b5ea5eb70fbad2933d2c62b86c970690ecea9b4e48f49090f65e6c647ff17af | Mirai payload (confidence level: 100%) | |
hashb5ff437a642a6923f706d9c6450b05bdb65bf75404783da434ba6d1e4f330b4b | Mirai payload (confidence level: 100%) | |
hash0a02b6515611315a1c3aa31d82d5ded591c33477c7fe5b610cdeedfe26e748b6 | Mirai payload (confidence level: 100%) | |
hash570654183f21ba54283eff62c4b0e07f55679c3fe6e5da75271e8af5fce81d7d | Mirai payload (confidence level: 100%) | |
hash4b84e75d5a11eb3c600798b73d46ee616af9ae4566e812c4440a600ef3fde3e0 | Mirai payload (confidence level: 100%) | |
hashd8e21d1d4982a28fe68748b7ca851e8cb334066af2db89d653cf99b589c2a95a | Mirai payload (confidence level: 100%) | |
hash10001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8078 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash43781 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash590 | Mirai botnet C2 server (confidence level: 75%) | |
hash3001 | NjRAT botnet C2 server (confidence level: 100%) | |
hash19729 | NjRAT botnet C2 server (confidence level: 100%) | |
hash19729 | NjRAT botnet C2 server (confidence level: 100%) | |
hash19729 | NjRAT botnet C2 server (confidence level: 100%) | |
hash19729 | NjRAT botnet C2 server (confidence level: 100%) | |
hash7712 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash17824 | NjRAT botnet C2 server (confidence level: 100%) | |
hash17824 | NjRAT botnet C2 server (confidence level: 100%) | |
hash17824 | NjRAT botnet C2 server (confidence level: 100%) | |
hash17824 | NjRAT botnet C2 server (confidence level: 100%) | |
hash8387 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash7a6c5815545f2172e0717732eb817b464b324c7a218b85266d5ccfdb62423cda | NjRAT payload (confidence level: 50%) | |
hash80 | Vidar botnet C2 server (confidence level: 100%) | |
hash80 | Vidar botnet C2 server (confidence level: 100%) | |
hash80 | Vidar botnet C2 server (confidence level: 100%) | |
hash80 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash420 | Bashlite botnet C2 server (confidence level: 75%) | |
hash27725 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash2022 | NjRAT botnet C2 server (confidence level: 100%) | |
hash80 | Vidar botnet C2 server (confidence level: 100%) | |
hash80 | PhotoLoader botnet C2 server (confidence level: 75%) | |
hash443 | BumbleBee botnet C2 server (confidence level: 75%) | |
hash81 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash80 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash8080 | Ficker Stealer botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash45688 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash443 | IcedID botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://service-0he06v3c-1255498499.hk.apigw.tencentcs.com/api/x | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://39.98.115.22:8988/fwlink | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://49.7.225.77:5555/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://193.239.84.150/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://www.updategateway.com/ca | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://199.195.252.92/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://152.136.96.44:44309/visit.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://129.226.207.99:42443/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://179.60.150.33/fwlink | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://93.185.166.129/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://192.168.1.192/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://20.4.71.51/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://106.13.63.18/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://135.181.132.179:8080/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://43.139.15.92:2004/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://43.142.150.154:9099/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://43.142.150.154:8081/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.106.195.182:12358/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://42.193.127.48:10001/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://43.138.62.36:9000/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://43.142.150.154:55555/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.94.103.119:8443/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.115.50.66:12315/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://61.177.56.27:8888/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://39.105.154.122:8078/visit.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://59.110.169.75/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://80.87.202.7/linepythonrequestflowergenerator.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://cleanhomemade.com/clean/logout.php | BetaBot botnet C2 (confidence level: 100%) | |
urlhttp://124.222.2.15:9898/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://124.222.2.15:9991/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://ipvhosted.duckdns.org/hosted/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://www.sahebzaman.org/includes/css/load.php | BetaBot botnet C2 (confidence level: 100%) | |
urlhttp://ipvhosted.duckdns.org:6060/hosted/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttp://mayoristas.divisared.es/ajax/support.php | BetaBot botnet C2 (confidence level: 100%) | |
urlhttp://www.globsyn.com/stylesheet/text/info.php | BetaBot botnet C2 (confidence level: 100%) | |
urlhttp://ns1.globsynbschool.com/wp-poster.php | BetaBot botnet C2 (confidence level: 100%) | |
urlhttp://www.climetrics.com/wp-includes/js/swf/wp-form.php | BetaBot botnet C2 (confidence level: 100%) | |
urlhttps://t.me/dsjdsnxshjx | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://t.me/dsjdsnxshjx | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://116.202.2.236/1134 | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://116.202.5.121/517 | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://116.202.5.121/1597 | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://45.89.55.177/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://45.89.55.176/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://buworomu.com/profile.css | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://116.202.5.121/1375 | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://service-lagbs0nj-1312435925.bj.apigw.tencentcs.com/api/getit | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://43.138.244.156:8080/api/renew/ocs1 | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://120.48.116.48:8081/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://51.104.40.109/ | RecordBreaker botnet C2 (confidence level: 100%) | |
urlhttp://168.119.110.90/ | Alien botnet C2 (confidence level: 80%) | |
urlhttps://ahmetfirarda.xyz | Alien botnet C2 (confidence level: 80%) | |
urlhttp://elbetolacakbirgece13.com | Alien botnet C2 (confidence level: 80%) | |
urlhttp://comolokko4152ertausicken.gq/ | Alien botnet C2 (confidence level: 80%) | |
urlhttp://siiigroup.com/men/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://83.220.168.32/basepiperequest/linux/2track/pipesecurewindowsdownloads.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://92.63.99.234/update/centralproviderdle/imagerequestdownloadssecure/sql/uploads/9/windowspolltestwordpress/cpu/db/requestupdate/localpacketwindowswp/dle/base/imageservergeneratorpublic.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://185.106.92.25/ | RecordBreaker botnet C2 (confidence level: 100%) | |
urlhttps://193.38.54.73/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://94.158.244.96/ie9compatviewlist.xml | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://45.77.25.230:1433/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://5.8.18.117/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.98.234.230/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://45.227.253.58:10000/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://95.179.222.63:8080/ca | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://144.34.169.30:8888/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://43.142.138.251:9090/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://68.183.116.24/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://3.139.100.167/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://service-nplaztqm-1252551592.gz.apigw.tencentcs.com/api/getit | Cobalt Strike botnet C2 (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainattack.tamkjll.com | Mirai botnet C2 domain (confidence level: 50%) |
Threat ID: 682acdc5bbaf20d303f28e08
Added to database: 5/19/2025, 6:20:53 AM
Last enriched: 6/18/2025, 7:19:59 AM
Last updated: 8/16/2025, 1:01:18 PM
Views: 7
Related Threats
ThreatFox IOCs for 2025-08-16
MediumScammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumThreatFox IOCs for 2025-08-15
MediumThreat Actor Profile: Interlock Ransomware
Medium'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.