Skip to main content
Threat Radar animated logo
DashboardThreatsMapFeedsAPILifetime Access
reconnecting
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

ThreatFox IOCs for 2022-11-25

0
Medium
Malwaretype:osinttlp:white
Published: Fri Nov 25 2022 (11/25/2022, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2022-11-25

AI-Powered Analysis

AILast updated: 07/05/2025, 23:12:38 UTC

Technical Analysis

The provided information pertains to a set of Indicators of Compromise (IOCs) from ThreatFox, dated November 25, 2022. ThreatFox is a threat intelligence sharing platform that aggregates and distributes threat data, including malware signatures, network activity patterns, and payload delivery indicators. The data here is categorized under 'malware' with a focus on OSINT (Open Source Intelligence) and payload delivery, indicating that these IOCs are related to malware campaigns or network activities used to deliver malicious payloads. However, the details are minimal: no specific malware names, affected software versions, or technical exploit details are provided. The threat level is indicated as medium, with no known exploits in the wild and no patches available, suggesting that this is more of an intelligence feed update rather than a newly discovered vulnerability or active exploit. The absence of CWEs and specific indicators limits the ability to analyze attack vectors or malware behavior in depth. The threat is primarily informational, providing data that can be used by security teams to enhance detection capabilities through OSINT and network monitoring. The 'threatLevel' and 'distribution' scores imply moderate concern and some spread, but without concrete exploitation details, the threat remains at an advisory level.

Potential Impact

For European organizations, the impact of these IOCs depends largely on their integration into security monitoring and incident response processes. Since the data relates to malware payload delivery and network activity, failure to incorporate these IOCs into detection systems could result in missed early warnings of intrusion attempts or malware infections. However, given the lack of known exploits in the wild and no specific affected products, the immediate risk is limited. Organizations that rely heavily on OSINT for threat detection may find value in these IOCs to improve situational awareness. The medium severity suggests that while there is a potential for malicious activity, it is not currently widespread or highly destructive. European entities with critical infrastructure or high-value targets should remain vigilant, as threat actors often use such intelligence feeds to refine their attack methods. Overall, the impact is moderate and primarily preventative, emphasizing the importance of proactive threat intelligence consumption.

Mitigation Recommendations

To mitigate risks associated with these IOCs, European organizations should: 1) Integrate the ThreatFox IOCs into their Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to enhance detection of related malware payloads and network activities. 2) Regularly update threat intelligence feeds and ensure automated ingestion of OSINT data to maintain up-to-date situational awareness. 3) Conduct network traffic analysis focusing on anomalies that match the provided IOCs, even if no direct exploit is currently known. 4) Train security operations teams to recognize patterns of payload delivery and network activity associated with these IOCs. 5) Collaborate with local Computer Security Incident Response Teams (CSIRTs) and share intelligence to improve collective defense. 6) Maintain robust endpoint protection and network segmentation to limit potential malware spread if an infection occurs. These steps go beyond generic advice by emphasizing integration and operationalization of the specific IOCs from ThreatFox.

Affected Countries

GermanyGermany
FranceFrance
United KingdomUnited Kingdom
NetherlandsNetherlands
ItalyItaly
SpainSpain
PolandPoland
Need more detailed analysis?Upgrade to Pro Console

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
fbbd6934-c5a2-4a16-a898-be52fcd544e8
Original Timestamp
1669420982

Indicators of Compromise

Hash

ValueDescriptionCopy
hash3b73a7836ad74f3935bbf484f0e52ad6
Amadey payload (confidence level: 50%)
hash1233a723ebdece80cb592aa584510066
BumbleBee payload (confidence level: 50%)
hash2083
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9d19404ce023281cfb5c0ebe8560be35
bifrose payload (confidence level: 50%)
hash1001
Nanocore RAT botnet C2 server (confidence level: 100%)
hashbdcb6fd328b0c7e776bf5ed4dd3c0b6e
Amadey payload (confidence level: 50%)
hash4449
AsyncRAT botnet C2 server (confidence level: 75%)
hash80
RedLine Stealer botnet C2 server (confidence level: 100%)
hash1988
Vjw0rm botnet C2 server (confidence level: 100%)
hash12295d5a38c339ffb5333989765b54fc6f23cf45a3715a8c9871ab3a76ff7d82
LokiBot payload (confidence level: 50%)
hash4421
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
SharkBot botnet C2 server (confidence level: 75%)
hash2fce09a64c49609a4b60d0659c9602c991a057ed8673e4dfd1b884bee662b493
NjRAT payload (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1177
NjRAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash446
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
RedLine Stealer botnet C2 server (confidence level: 100%)
hash80
PhotoLoader botnet C2 server (confidence level: 75%)
hash80
Vidar botnet C2 server (confidence level: 100%)
hash80
Vidar botnet C2 server (confidence level: 100%)
hash80
Vidar botnet C2 server (confidence level: 100%)
hash443
BumbleBee botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash1a71685e9d69c3e7619c5f20dbc3bbd693efb1db2370f5127d7f5c81df2baf3b
Cobalt Strike payload (confidence level: 50%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
IcedID botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash56351
RedLine Stealer botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2087
Cobalt Strike botnet C2 server (confidence level: 100%)
hash22314
RedLine Stealer botnet C2 server (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttps://br.claughs.ga:2083/api/3
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.139.105.143:8085/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.139.105.143:8086/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://167.71.204.199:8443/www/handle/doc
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://49.235.125.53:20001/wp08/wp-includes/dtcla.php
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://amazon3.serveuser.com/6.jpg
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://amazon3.serveuser.com/1.jpg
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://amazon3.serveuser.com/2.jpg
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://amazon3.serveuser.com/3.jpg
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://amazon3.serveuser.com/4.jpg
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://amazon3.serveuser.com/5.jpg
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://amazon3.serveuser.com/7.jpg
Oski Stealer botnet C2 (confidence level: 100%)
urlhttps://segoremlolgv.cf/pws/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttp://segoremlolgv.ga/pws/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://79.137.196.11/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttp://sempersim.su/gm13/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttp://49.12.113.223/1364
Vidar botnet C2 (confidence level: 100%)
urlhttp://95.217.29.31/1686
Vidar botnet C2 (confidence level: 100%)
urlhttp://88.198.106.9/1788
Vidar botnet C2 (confidence level: 100%)
urlhttp://88.198.106.9/1851
Vidar botnet C2 (confidence level: 100%)
urlhttp://95.217.29.31/977
Vidar botnet C2 (confidence level: 100%)
urlhttp://88.198.106.9/1859
Vidar botnet C2 (confidence level: 100%)
urlhttp://88.198.106.9/1702
Vidar botnet C2 (confidence level: 100%)
urlhttp://49.12.113.223/1375
Vidar botnet C2 (confidence level: 100%)
urlhttp://88.198.106.9/937
Vidar botnet C2 (confidence level: 100%)
urlhttp://eleronixzkt.gq/pws/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttps://eleronixzkt.gq/pws/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttps://t.me/ghhdkddfkrt_fdklvv
Vidar botnet C2 (confidence level: 100%)
urlhttp://t.me/ghhdkddfkrt_fdklvv
Vidar botnet C2 (confidence level: 100%)
urlhttps://t.me/my1deeoomomed
Vidar botnet C2 (confidence level: 100%)
urlhttp://t.me/my1deeoomomed
Vidar botnet C2 (confidence level: 100%)
urlhttp://95.217.29.31/1842
Vidar botnet C2 (confidence level: 100%)
urlhttp://update.nodfirewalld.org/mvwwdj2/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttp://45.139.105.143:8088/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://svchost221125.ddns.net/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://cstest20221123.ddnsfree.com/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://5.61.36.132/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://82.148.30.111/async/downloads3downloads8/1localbigloadgame/4temporaryvideo/betterdownloads/traffic1better/5mariadbto/cputemporaryprocess/localhttp/0private/processorpythondump/private02php/longpoll/pollasyncuploads.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://116.63.195.13/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.43.215.17:9001/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://49.235.125.53/include/template/isx.php
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://159.75.138.102:8080/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.40.127.134:5555/5aq/xp/sy75qyw.htm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.pldtserver.org/css/img_1323.png
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://38.54.31.137/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.cworks.site/5aq/xp/sy75qyw.htm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://162.240.217.87/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.usts.site/_/scs/mail-static/_/js/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://128.199.67.176/ab.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://107.148.129.129/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://testwscdn.m.37.com/dist/css/bootstrap.min.css
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://180.76.139.109:4444/require-jquery-v1.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://139.159.234.59/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://generalimaps.com/generate/payments/0tqzuklji7
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.generalimaps.com/generate/payments/0tqzuklji7
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://mail.generalimaps.com/generate/payments/0tqzuklji7
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://secure.generalimaps.com/generate/payments/0tqzuklji7
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://bitwisesec.nl/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://service-gcnqmcp3-1307217324.bj.apigw.tencentcs.com/api/sortbyname
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://159.75.138.102/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://43.155.66.70/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://51.210.243.38:8089/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://cobaltstrike.wsywddr.com:5555/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.138.251.32:1234/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://8.133.236.211:42045/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://81.71.133.220/api/getit
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://116.211.120.25:8088/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.221.119.2:9090/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://120.55.78.215:8080/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://8.142.69.99:55443/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://54.221.105.212/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.142.138.251:8080/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.43.188.175:6666/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://88.99.120.225/1587
Vidar botnet C2 (confidence level: 100%)
urlhttp://79.137.206.24/1704
Vidar botnet C2 (confidence level: 100%)
urlhttp://178.23.190.209/1704
Vidar botnet C2 (confidence level: 100%)
urlhttp://79.137.206.24/
Vidar botnet C2 (confidence level: 100%)
urlhttp://94.131.100.116/
Vidar botnet C2 (confidence level: 100%)
urlhttp://178.23.190.209/
Vidar botnet C2 (confidence level: 100%)
urlhttp://114.115.140.236/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://106.12.159.14:6666/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.138.62.36:9000/pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://150.158.45.62:8090/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://150.158.45.62/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.142.138.251:9090/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://171.22.30.82:10087/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://198.52.127.146:21989/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://8.141.169.117:801/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.142.138.251:8081/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://92.63.97.36/defaultdownloadswindows/pollhttp.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://81.68.193.9/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://olusuzhaberlerdengheldik.co.vu
Alien botnet C2 (confidence level: 80%)
urlhttp://31.41.244.17/hfk3vk9/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttp://185.217.1.30/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.143.45.70:7744/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://195.206.181.151/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://172.245.107.73/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://chromeupdatedaily.dns.army:8080/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://120.24.84.16/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://88.214.27.53:50004/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://getinteriorartstudio.com/disable/ask/zs35xl9f3
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://209.141.53.143:2086/api/3
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://104.208.66.132/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://performernews.com/disable/ask/zs35xl9f3
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.129.214.143:40001/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://128.199.67.176/ab.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://120.77.18.7/api/3
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://178.250.156.30/public0temporary/downloads/_eternaldownloadsexternal/externalprotectflower.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://jquery.microsoft-flash.tk:2087/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://58261.clmonth.nyashteam.ru/imagepythonjstracklocal.php
DCRat botnet C2 (confidence level: 100%)

Domain

ValueDescriptionCopy
domainbr.claughs.ga
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainsvchost221125.ddns.net
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaincstest20221123.ddnsfree.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.pldtserver.org
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.usts.site
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaintestwscdn.m.37.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaingeneralimaps.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.generalimaps.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainmail.generalimaps.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainsecure.generalimaps.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaintest.dasf54.tk
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainbitwisesec.nl
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainservice-gcnqmcp3-1307217324.bj.apigw.tencentcs.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainbid.skhystec.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaincmcc.asia
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainlog.lihaimaoyi.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainservice-r2tscjhh-1257078281.bj.apigw.tencentcs.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainservice-nhvty71c-1255451648.gz.apigw.tencentcs.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainchromeupdatedaily.dns.army
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaingetinteriorartstudio.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainperformernews.com
Cobalt Strike botnet C2 domain (confidence level: 100%)

File

ValueDescriptionCopy
file101.34.117.22
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.169.69.25
Nanocore RAT botnet C2 server (confidence level: 100%)
file172.86.120.88
AsyncRAT botnet C2 server (confidence level: 75%)
file94.103.183.33
RedLine Stealer botnet C2 server (confidence level: 100%)
file109.206.243.197
Vjw0rm botnet C2 server (confidence level: 100%)
file185.158.251.35
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file185.212.47.160
SharkBot botnet C2 server (confidence level: 75%)
file49.235.125.53
Cobalt Strike botnet C2 server (confidence level: 100%)
file191.242.29.94
NjRAT botnet C2 server (confidence level: 100%)
file109.248.18.177
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.54.31.137
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.40.127.134
Cobalt Strike botnet C2 server (confidence level: 100%)
file162.240.208.215
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.139.156.186
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.144.220.86
Cobalt Strike botnet C2 server (confidence level: 100%)
file128.199.67.176
Cobalt Strike botnet C2 server (confidence level: 100%)
file110.40.201.49
Cobalt Strike botnet C2 server (confidence level: 100%)
file143.198.42.1
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.220.151.246
Cobalt Strike botnet C2 server (confidence level: 100%)
file139.159.234.59
Cobalt Strike botnet C2 server (confidence level: 100%)
file5.199.168.233
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.139.59.31
Cobalt Strike botnet C2 server (confidence level: 100%)
file18.184.132.151
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.138.30.219
Cobalt Strike botnet C2 server (confidence level: 100%)
file143.198.42.1
Cobalt Strike botnet C2 server (confidence level: 100%)
file159.75.138.102
Cobalt Strike botnet C2 server (confidence level: 100%)
file94.103.9.89
RedLine Stealer botnet C2 server (confidence level: 100%)
file139.59.16.55
PhotoLoader botnet C2 server (confidence level: 75%)
file94.131.100.116
Vidar botnet C2 server (confidence level: 100%)
file178.23.190.209
Vidar botnet C2 server (confidence level: 100%)
file79.137.206.24
Vidar botnet C2 server (confidence level: 100%)
file23.81.246.205
BumbleBee botnet C2 server (confidence level: 75%)
file101.35.198.64
Cobalt Strike botnet C2 server (confidence level: 100%)
file81.68.232.146
Cobalt Strike botnet C2 server (confidence level: 100%)
file152.136.132.93
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.136.199.131
Quasar RAT botnet C2 server (confidence level: 100%)
file185.217.1.30
Cobalt Strike botnet C2 server (confidence level: 100%)
file195.206.181.151
Cobalt Strike botnet C2 server (confidence level: 100%)
file172.245.107.73
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.242.190.135
Cobalt Strike botnet C2 server (confidence level: 100%)
file120.24.84.16
Cobalt Strike botnet C2 server (confidence level: 100%)
file85.239.52.35
IcedID botnet C2 server (confidence level: 75%)
file194.135.24.242
Cobalt Strike botnet C2 server (confidence level: 100%)
file104.208.66.132
Cobalt Strike botnet C2 server (confidence level: 100%)
file194.135.24.250
Cobalt Strike botnet C2 server (confidence level: 100%)
file194.135.24.245
Cobalt Strike botnet C2 server (confidence level: 100%)
file194.135.24.242
Cobalt Strike botnet C2 server (confidence level: 100%)
file194.135.24.240
Cobalt Strike botnet C2 server (confidence level: 100%)
file194.135.24.250
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.65.134.165
RedLine Stealer botnet C2 server (confidence level: 100%)
file128.199.67.176
Cobalt Strike botnet C2 server (confidence level: 100%)
file120.77.18.7
Cobalt Strike botnet C2 server (confidence level: 100%)
file107.172.217.220
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.3.110.135
RedLine Stealer botnet C2 server (confidence level: 100%)

Threat ID: 68359c9d5d5f0974d01f6b2e

Added to database: 5/27/2025, 11:06:05 AM

Last enriched: 7/5/2025, 11:12:38 PM

Last updated: 2/7/2026, 6:40:27 AM

Views: 54

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

ThreatFox IOCs for 2026-02-06

Medium
MalwareSat Feb 07 2026

ThreatFox IOCs for 2026-02-05

Medium
MalwareFri Feb 06 2026

Technical Analysis of Marco Stealer

Medium
MalwareThu Feb 05 2026

New Clickfix variant 'CrashFix' deploying Python Remote Access Trojan

Medium
MalwareThu Feb 05 2026

Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework

Medium
MalwareThu Feb 05 2026

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats