Skip to main content

ThreatFox IOCs for 2022-10-01

Medium
Published: Sat Oct 01 2022 (10/01/2022, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2022-10-01

AI-Powered Analysis

AILast updated: 06/18/2025, 07:19:59 UTC

Technical Analysis

The provided threat intelligence relates to a collection of Indicators of Compromise (IOCs) published on October 1, 2022, by ThreatFox, a platform that aggregates and shares threat intelligence data. The threat is categorized as malware-related and is associated with OSINT (Open Source Intelligence) tools or data. However, there are no specific affected product versions, no detailed technical indicators, no known exploits in the wild, and no associated Common Weakness Enumerations (CWEs) listed. The threat level is indicated as 2 on an unspecified scale, with a medium severity classification. The technical details suggest moderate distribution (level 3) but low threat level (2) and minimal analysis (1), implying limited available information or early-stage intelligence. The absence of patch links and exploit data indicates that this threat is either newly identified or not actively exploited. The lack of indicators and specific malware characteristics limits the ability to perform a deep technical dissection, but the classification as malware and OSINT-related suggests that the threat may involve the use or dissemination of malicious code or data sets that could be leveraged for reconnaissance or further attacks.

Potential Impact

Given the limited information and the absence of active exploitation reports, the immediate impact on European organizations is likely to be low to medium. However, the presence of malware-related IOCs in OSINT repositories can facilitate reconnaissance and targeting by threat actors, potentially leading to more sophisticated attacks if these IOCs are integrated into attack frameworks. European organizations relying heavily on OSINT for threat detection or intelligence gathering may be indirectly affected if these IOCs are inaccurate or manipulated. Additionally, sectors with high reliance on open-source threat data, such as cybersecurity firms, government CERTs, and critical infrastructure operators, might experience increased alert volumes or false positives, impacting operational efficiency. Without active exploitation, direct confidentiality, integrity, or availability impacts are minimal, but the potential for future exploitation exists if threat actors leverage these IOCs for targeted campaigns.

Mitigation Recommendations

1. Enhance OSINT Verification Processes: European organizations should implement rigorous validation and correlation of OSINT-derived IOCs before integrating them into detection systems to reduce false positives and avoid reliance on unverified data. 2. Continuous Monitoring and Threat Hunting: Establish proactive threat hunting practices that incorporate these IOCs cautiously, focusing on contextual analysis rather than automated blocking. 3. Collaboration with Trusted Intelligence Sources: Engage with reputable threat intelligence sharing communities and national CERTs to receive vetted and contextualized intelligence. 4. Harden Endpoint and Network Defenses: Maintain updated endpoint protection platforms and network intrusion detection systems configured to detect generic malware behaviors, as specific signatures for this threat are unavailable. 5. Employee Awareness and Training: Educate staff on the risks of OSINT manipulation and the importance of verifying threat intelligence before operational use. 6. Incident Response Preparedness: Prepare incident response teams to analyze and respond to potential malware detections linked to these IOCs, even if currently no active exploits are known.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
f64eb239-fe4e-48ae-bf4e-96060fb697ce
Original Timestamp
1664668985

Indicators of Compromise

File

ValueDescriptionCopy
file185.241.208.228
RedLine Stealer botnet C2 server (confidence level: 100%)
file85.31.46.179
Mirai botnet C2 server (confidence level: 75%)
file43.135.70.137
Cobalt Strike botnet C2 server (confidence level: 100%)
file193.239.84.150
Cobalt Strike botnet C2 server (confidence level: 100%)
file199.195.252.92
Cobalt Strike botnet C2 server (confidence level: 100%)
file72.14.178.145
Cobalt Strike botnet C2 server (confidence level: 100%)
file179.60.150.33
Cobalt Strike botnet C2 server (confidence level: 100%)
file93.185.166.129
Cobalt Strike botnet C2 server (confidence level: 100%)
file120.48.116.48
Cobalt Strike botnet C2 server (confidence level: 100%)
file20.4.71.51
Cobalt Strike botnet C2 server (confidence level: 100%)
file106.13.63.18
Cobalt Strike botnet C2 server (confidence level: 100%)
file13.80.126.214
RedLine Stealer botnet C2 server (confidence level: 100%)
file109.107.185.183
RedLine Stealer botnet C2 server (confidence level: 100%)
file43.140.200.250
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.94.103.119
Cobalt Strike botnet C2 server (confidence level: 100%)
file80.92.206.11
RedLine Stealer botnet C2 server (confidence level: 100%)
file59.110.169.75
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.61.187.18
Mirai botnet C2 server (confidence level: 75%)
file141.95.84.40
NjRAT botnet C2 server (confidence level: 100%)
file3.67.15.169
NjRAT botnet C2 server (confidence level: 100%)
file3.68.56.232
NjRAT botnet C2 server (confidence level: 100%)
file35.157.111.131
NjRAT botnet C2 server (confidence level: 100%)
file3.126.224.214
NjRAT botnet C2 server (confidence level: 100%)
file37.139.129.71
Nanocore RAT botnet C2 server (confidence level: 100%)
file18.198.77.177
NjRAT botnet C2 server (confidence level: 100%)
file3.127.59.75
NjRAT botnet C2 server (confidence level: 100%)
file3.127.253.86
NjRAT botnet C2 server (confidence level: 100%)
file3.121.139.82
NjRAT botnet C2 server (confidence level: 100%)
file93.159.221.122
RedLine Stealer botnet C2 server (confidence level: 100%)
file45.154.98.214
AsyncRAT botnet C2 server (confidence level: 100%)
file94.140.112.147
RedLine Stealer botnet C2 server (confidence level: 100%)
file45.89.55.177
Vidar botnet C2 server (confidence level: 100%)
file45.89.55.176
Vidar botnet C2 server (confidence level: 100%)
file116.202.5.121
Vidar botnet C2 server (confidence level: 100%)
file193.3.23.216
RedLine Stealer botnet C2 server (confidence level: 100%)
file45.140.188.33
Bashlite botnet C2 server (confidence level: 75%)
file209.25.140.180
Nanocore RAT botnet C2 server (confidence level: 100%)
file162.246.185.103
NjRAT botnet C2 server (confidence level: 100%)
file79.137.195.130
Vidar botnet C2 server (confidence level: 100%)
file5.199.168.214
PhotoLoader botnet C2 server (confidence level: 75%)
file146.70.147.39
BumbleBee botnet C2 server (confidence level: 75%)
file45.66.249.239
RedLine Stealer botnet C2 server (confidence level: 100%)
file199.59.243.222
RedLine Stealer botnet C2 server (confidence level: 100%)
file87.251.79.110
Ficker Stealer botnet C2 server (confidence level: 100%)
file52.90.30.10
AsyncRAT botnet C2 server (confidence level: 100%)
file89.23.96.176
RedLine Stealer botnet C2 server (confidence level: 100%)
file164.92.228.61
IcedID botnet C2 server (confidence level: 75%)
file193.38.54.73
Cobalt Strike botnet C2 server (confidence level: 100%)
file94.158.244.96
Cobalt Strike botnet C2 server (confidence level: 100%)
file5.8.18.117
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.98.234.230
Cobalt Strike botnet C2 server (confidence level: 100%)
file68.183.116.24
Cobalt Strike botnet C2 server (confidence level: 100%)
file3.139.100.167
Cobalt Strike botnet C2 server (confidence level: 100%)
file149.28.91.114
Cobalt Strike botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash28532
RedLine Stealer botnet C2 server (confidence level: 100%)
hash59666
Mirai botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9214
RedLine Stealer botnet C2 server (confidence level: 100%)
hash80
RedLine Stealer botnet C2 server (confidence level: 100%)
hash3f715efb2327f160a06b5fb91ff043838f838c1324d1612796869bc88099d949
Mirai payload (confidence level: 100%)
hasha230eed6c31e907e5d2b65d66b89cff7241a6f75c5c0120bb02c48651a355926
Mirai payload (confidence level: 100%)
hashf8751cbd7a69c51f96859205a51d1b6cfd8f6bfa3f37312a5cdfb739b735b7a2
Mirai payload (confidence level: 100%)
hash7508fdb7aecf28b5881f0b2801fadd467c16698dd9d5ce0d94c61e5882e9ae17
Mirai payload (confidence level: 100%)
hashb60c6fe38d8e3b11e63c02947065f5178c03576cb824ed42be4263771d2b2c70
Mirai payload (confidence level: 100%)
hash16df4e33a8ad8f7d5dc05f8f9aaf4b7572a6455da6529395629b9fe2ad0c72fe
Mirai payload (confidence level: 100%)
hash24ca39ccace49971fd87f948fec04c662ae322027d888aa2299e81c50be15888
Mirai payload (confidence level: 100%)
hash661c8a2520cf4f048e01ba51e7c445afdd8171e282a8cddfe74ee1fb0f590a64
Mirai payload (confidence level: 100%)
hash771c17eaca3fb90d5e4afd90812da959cb08d8d465e46f36a81ca513ff1b9f88
Mirai payload (confidence level: 100%)
hash2dd43f7a68ab5a44b61b369cc0ce42bc4959719e8254f57108432e6835edecb0
Mirai payload (confidence level: 100%)
hash2413e610405730c02446e969649133c3db246416e9e9ea4bdeb0b699b5af8c07
Mirai payload (confidence level: 100%)
hash20056729e56c5d930cd2fd356e008cc4f6f3393c78e8b9e8a169d4699a7ada77
Mirai payload (confidence level: 100%)
hash1634f604f82a4dcd4bd5c0c429b6900bc1ccdd94cda6bf10d065bfeb5624db70
Mirai payload (confidence level: 100%)
hash76230c373317532dae95df18c56918d990a4b80f67fd63ebd7976c3631ae24c0
Mirai payload (confidence level: 100%)
hash0d2dfad8f2fee886639de5f56d2d8c129b41952af681b2d868962281fcc43242
Mirai payload (confidence level: 100%)
hash2dadaa9ec233b1e74db24afd4a2395ea54a2521c773332e8c44557c1a69e579b
Mirai payload (confidence level: 100%)
hash32f10ca118050cea3444bb60dfaba24690c8c180bef78da3a261050365847374
Mirai payload (confidence level: 100%)
hashbf6224df87e6501bdab5c18e973eedc06c1d9879836b65c67e85979d2f6d30e0
Mirai payload (confidence level: 100%)
hash39300a52e58452020647c9eed0ae4654ea1a85baa3c2a1525621fcc4985e2c75
Mirai payload (confidence level: 100%)
hash21c6814ddd7d927bd19fdb20f9f69f835788263f3a8ec262266f643923e75543
Mirai payload (confidence level: 100%)
hashead80e9bd0269ec7edf8c3c47f9392f7cd25e775fb4f249f0bee2291ce7f72c1
Mirai payload (confidence level: 100%)
hash9b5ea5eb70fbad2933d2c62b86c970690ecea9b4e48f49090f65e6c647ff17af
Mirai payload (confidence level: 100%)
hashb5ff437a642a6923f706d9c6450b05bdb65bf75404783da434ba6d1e4f330b4b
Mirai payload (confidence level: 100%)
hash0a02b6515611315a1c3aa31d82d5ded591c33477c7fe5b610cdeedfe26e748b6
Mirai payload (confidence level: 100%)
hash570654183f21ba54283eff62c4b0e07f55679c3fe6e5da75271e8af5fce81d7d
Mirai payload (confidence level: 100%)
hash4b84e75d5a11eb3c600798b73d46ee616af9ae4566e812c4440a600ef3fde3e0
Mirai payload (confidence level: 100%)
hashd8e21d1d4982a28fe68748b7ca851e8cb334066af2db89d653cf99b589c2a95a
Mirai payload (confidence level: 100%)
hash10001
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8078
Cobalt Strike botnet C2 server (confidence level: 100%)
hash43781
RedLine Stealer botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash590
Mirai botnet C2 server (confidence level: 75%)
hash3001
NjRAT botnet C2 server (confidence level: 100%)
hash19729
NjRAT botnet C2 server (confidence level: 100%)
hash19729
NjRAT botnet C2 server (confidence level: 100%)
hash19729
NjRAT botnet C2 server (confidence level: 100%)
hash19729
NjRAT botnet C2 server (confidence level: 100%)
hash7712
Nanocore RAT botnet C2 server (confidence level: 100%)
hash17824
NjRAT botnet C2 server (confidence level: 100%)
hash17824
NjRAT botnet C2 server (confidence level: 100%)
hash17824
NjRAT botnet C2 server (confidence level: 100%)
hash17824
NjRAT botnet C2 server (confidence level: 100%)
hash8387
RedLine Stealer botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
RedLine Stealer botnet C2 server (confidence level: 100%)
hash7a6c5815545f2172e0717732eb817b464b324c7a218b85266d5ccfdb62423cda
NjRAT payload (confidence level: 50%)
hash80
Vidar botnet C2 server (confidence level: 100%)
hash80
Vidar botnet C2 server (confidence level: 100%)
hash80
Vidar botnet C2 server (confidence level: 100%)
hash80
RedLine Stealer botnet C2 server (confidence level: 100%)
hash420
Bashlite botnet C2 server (confidence level: 75%)
hash27725
Nanocore RAT botnet C2 server (confidence level: 100%)
hash2022
NjRAT botnet C2 server (confidence level: 100%)
hash80
Vidar botnet C2 server (confidence level: 100%)
hash80
PhotoLoader botnet C2 server (confidence level: 75%)
hash443
BumbleBee botnet C2 server (confidence level: 75%)
hash81
RedLine Stealer botnet C2 server (confidence level: 100%)
hash80
RedLine Stealer botnet C2 server (confidence level: 100%)
hash8080
Ficker Stealer botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash45688
RedLine Stealer botnet C2 server (confidence level: 100%)
hash443
IcedID botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttp://service-0he06v3c-1255498499.hk.apigw.tencentcs.com/api/x
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://39.98.115.22:8988/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://49.7.225.77:5555/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://193.239.84.150/ptj
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.updategateway.com/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://199.195.252.92/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://152.136.96.44:44309/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://129.226.207.99:42443/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://179.60.150.33/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://93.185.166.129/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://192.168.1.192/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://20.4.71.51/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://106.13.63.18/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://135.181.132.179:8080/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.139.15.92:2004/pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.142.150.154:9099/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.142.150.154:8081/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.106.195.182:12358/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://42.193.127.48:10001/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.138.62.36:9000/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.142.150.154:55555/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.94.103.119:8443/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.115.50.66:12315/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://61.177.56.27:8888/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://39.105.154.122:8078/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://59.110.169.75/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://80.87.202.7/linepythonrequestflowergenerator.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://cleanhomemade.com/clean/logout.php
BetaBot botnet C2 (confidence level: 100%)
urlhttp://124.222.2.15:9898/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.222.2.15:9991/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://ipvhosted.duckdns.org/hosted/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://www.sahebzaman.org/includes/css/load.php
BetaBot botnet C2 (confidence level: 100%)
urlhttp://ipvhosted.duckdns.org:6060/hosted/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttp://mayoristas.divisared.es/ajax/support.php
BetaBot botnet C2 (confidence level: 100%)
urlhttp://www.globsyn.com/stylesheet/text/info.php
BetaBot botnet C2 (confidence level: 100%)
urlhttp://ns1.globsynbschool.com/wp-poster.php
BetaBot botnet C2 (confidence level: 100%)
urlhttp://www.climetrics.com/wp-includes/js/swf/wp-form.php
BetaBot botnet C2 (confidence level: 100%)
urlhttps://t.me/dsjdsnxshjx
Vidar botnet C2 (confidence level: 100%)
urlhttp://t.me/dsjdsnxshjx
Vidar botnet C2 (confidence level: 100%)
urlhttp://116.202.2.236/1134
Vidar botnet C2 (confidence level: 100%)
urlhttp://116.202.5.121/517
Vidar botnet C2 (confidence level: 100%)
urlhttp://116.202.5.121/1597
Vidar botnet C2 (confidence level: 100%)
urlhttp://45.89.55.177/
Vidar botnet C2 (confidence level: 100%)
urlhttp://45.89.55.176/
Vidar botnet C2 (confidence level: 100%)
urlhttps://buworomu.com/profile.css
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://116.202.5.121/1375
Vidar botnet C2 (confidence level: 100%)
urlhttps://service-lagbs0nj-1312435925.bj.apigw.tencentcs.com/api/getit
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://43.138.244.156:8080/api/renew/ocs1
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://120.48.116.48:8081/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://51.104.40.109/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttp://168.119.110.90/
Alien botnet C2 (confidence level: 80%)
urlhttps://ahmetfirarda.xyz
Alien botnet C2 (confidence level: 80%)
urlhttp://elbetolacakbirgece13.com
Alien botnet C2 (confidence level: 80%)
urlhttp://comolokko4152ertausicken.gq/
Alien botnet C2 (confidence level: 80%)
urlhttp://siiigroup.com/men/five/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://83.220.168.32/basepiperequest/linux/2track/pipesecurewindowsdownloads.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://92.63.99.234/update/centralproviderdle/imagerequestdownloadssecure/sql/uploads/9/windowspolltestwordpress/cpu/db/requestupdate/localpacketwindowswp/dle/base/imageservergeneratorpublic.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://185.106.92.25/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttps://193.38.54.73/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://94.158.244.96/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.77.25.230:1433/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://5.8.18.117/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.98.234.230/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.227.253.58:10000/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://95.179.222.63:8080/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://144.34.169.30:8888/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.142.138.251:9090/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://68.183.116.24/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://3.139.100.167/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://service-nplaztqm-1252551592.gz.apigw.tencentcs.com/api/getit
Cobalt Strike botnet C2 (confidence level: 100%)

Domain

ValueDescriptionCopy
domainattack.tamkjll.com
Mirai botnet C2 domain (confidence level: 50%)

Threat ID: 682acdc5bbaf20d303f28e08

Added to database: 5/19/2025, 6:20:53 AM

Last enriched: 6/18/2025, 7:19:59 AM

Last updated: 8/16/2025, 1:01:18 PM

Views: 7

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats