Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

ThreatFox IOCs for 2022-11-25

Medium
Malwaretype:osinttlp:white
Published: Fri Nov 25 2022 (11/25/2022, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2022-11-25

AI-Powered Analysis

AILast updated: 07/05/2025, 23:12:38 UTC

Technical Analysis

The provided information pertains to a set of Indicators of Compromise (IOCs) from ThreatFox, dated November 25, 2022. ThreatFox is a threat intelligence sharing platform that aggregates and distributes threat data, including malware signatures, network activity patterns, and payload delivery indicators. The data here is categorized under 'malware' with a focus on OSINT (Open Source Intelligence) and payload delivery, indicating that these IOCs are related to malware campaigns or network activities used to deliver malicious payloads. However, the details are minimal: no specific malware names, affected software versions, or technical exploit details are provided. The threat level is indicated as medium, with no known exploits in the wild and no patches available, suggesting that this is more of an intelligence feed update rather than a newly discovered vulnerability or active exploit. The absence of CWEs and specific indicators limits the ability to analyze attack vectors or malware behavior in depth. The threat is primarily informational, providing data that can be used by security teams to enhance detection capabilities through OSINT and network monitoring. The 'threatLevel' and 'distribution' scores imply moderate concern and some spread, but without concrete exploitation details, the threat remains at an advisory level.

Potential Impact

For European organizations, the impact of these IOCs depends largely on their integration into security monitoring and incident response processes. Since the data relates to malware payload delivery and network activity, failure to incorporate these IOCs into detection systems could result in missed early warnings of intrusion attempts or malware infections. However, given the lack of known exploits in the wild and no specific affected products, the immediate risk is limited. Organizations that rely heavily on OSINT for threat detection may find value in these IOCs to improve situational awareness. The medium severity suggests that while there is a potential for malicious activity, it is not currently widespread or highly destructive. European entities with critical infrastructure or high-value targets should remain vigilant, as threat actors often use such intelligence feeds to refine their attack methods. Overall, the impact is moderate and primarily preventative, emphasizing the importance of proactive threat intelligence consumption.

Mitigation Recommendations

To mitigate risks associated with these IOCs, European organizations should: 1) Integrate the ThreatFox IOCs into their Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to enhance detection of related malware payloads and network activities. 2) Regularly update threat intelligence feeds and ensure automated ingestion of OSINT data to maintain up-to-date situational awareness. 3) Conduct network traffic analysis focusing on anomalies that match the provided IOCs, even if no direct exploit is currently known. 4) Train security operations teams to recognize patterns of payload delivery and network activity associated with these IOCs. 5) Collaborate with local Computer Security Incident Response Teams (CSIRTs) and share intelligence to improve collective defense. 6) Maintain robust endpoint protection and network segmentation to limit potential malware spread if an infection occurs. These steps go beyond generic advice by emphasizing integration and operationalization of the specific IOCs from ThreatFox.

Affected Countries

GermanyGermany
FranceFrance
United KingdomUnited Kingdom
NetherlandsNetherlands
ItalyItaly
SpainSpain
PolandPoland
Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
fbbd6934-c5a2-4a16-a898-be52fcd544e8
Original Timestamp
1669420982

Indicators of Compromise

Hash

ValueDescriptionCopy
hash3b73a7836ad74f3935bbf484f0e52ad6
Amadey payload (confidence level: 50%)
hash1233a723ebdece80cb592aa584510066
BumbleBee payload (confidence level: 50%)
hash2083
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9d19404ce023281cfb5c0ebe8560be35
bifrose payload (confidence level: 50%)
hash1001
Nanocore RAT botnet C2 server (confidence level: 100%)
hashbdcb6fd328b0c7e776bf5ed4dd3c0b6e
Amadey payload (confidence level: 50%)
hash4449
AsyncRAT botnet C2 server (confidence level: 75%)
hash80
RedLine Stealer botnet C2 server (confidence level: 100%)
hash1988
Vjw0rm botnet C2 server (confidence level: 100%)
hash12295d5a38c339ffb5333989765b54fc6f23cf45a3715a8c9871ab3a76ff7d82
LokiBot payload (confidence level: 50%)
hash4421
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
SharkBot botnet C2 server (confidence level: 75%)
hash2fce09a64c49609a4b60d0659c9602c991a057ed8673e4dfd1b884bee662b493
NjRAT payload (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1177
NjRAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash446
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
RedLine Stealer botnet C2 server (confidence level: 100%)
hash80
PhotoLoader botnet C2 server (confidence level: 75%)
hash80
Vidar botnet C2 server (confidence level: 100%)
hash80
Vidar botnet C2 server (confidence level: 100%)
hash80
Vidar botnet C2 server (confidence level: 100%)
hash443
BumbleBee botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash1a71685e9d69c3e7619c5f20dbc3bbd693efb1db2370f5127d7f5c81df2baf3b
Cobalt Strike payload (confidence level: 50%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
IcedID botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash56351
RedLine Stealer botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2087
Cobalt Strike botnet C2 server (confidence level: 100%)
hash22314
RedLine Stealer botnet C2 server (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttps://br.claughs.ga:2083/api/3
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.139.105.143:8085/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.139.105.143:8086/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://167.71.204.199:8443/www/handle/doc
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://49.235.125.53:20001/wp08/wp-includes/dtcla.php
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://amazon3.serveuser.com/6.jpg
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://amazon3.serveuser.com/1.jpg
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://amazon3.serveuser.com/2.jpg
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://amazon3.serveuser.com/3.jpg
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://amazon3.serveuser.com/4.jpg
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://amazon3.serveuser.com/5.jpg
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://amazon3.serveuser.com/7.jpg
Oski Stealer botnet C2 (confidence level: 100%)
urlhttps://segoremlolgv.cf/pws/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttp://segoremlolgv.ga/pws/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://79.137.196.11/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttp://sempersim.su/gm13/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttp://49.12.113.223/1364
Vidar botnet C2 (confidence level: 100%)
urlhttp://95.217.29.31/1686
Vidar botnet C2 (confidence level: 100%)
urlhttp://88.198.106.9/1788
Vidar botnet C2 (confidence level: 100%)
urlhttp://88.198.106.9/1851
Vidar botnet C2 (confidence level: 100%)
urlhttp://95.217.29.31/977
Vidar botnet C2 (confidence level: 100%)
urlhttp://88.198.106.9/1859
Vidar botnet C2 (confidence level: 100%)
urlhttp://88.198.106.9/1702
Vidar botnet C2 (confidence level: 100%)
urlhttp://49.12.113.223/1375
Vidar botnet C2 (confidence level: 100%)
urlhttp://88.198.106.9/937
Vidar botnet C2 (confidence level: 100%)
urlhttp://eleronixzkt.gq/pws/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttps://eleronixzkt.gq/pws/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttps://t.me/ghhdkddfkrt_fdklvv
Vidar botnet C2 (confidence level: 100%)
urlhttp://t.me/ghhdkddfkrt_fdklvv
Vidar botnet C2 (confidence level: 100%)
urlhttps://t.me/my1deeoomomed
Vidar botnet C2 (confidence level: 100%)
urlhttp://t.me/my1deeoomomed
Vidar botnet C2 (confidence level: 100%)
urlhttp://95.217.29.31/1842
Vidar botnet C2 (confidence level: 100%)
urlhttp://update.nodfirewalld.org/mvwwdj2/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttp://45.139.105.143:8088/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://svchost221125.ddns.net/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://cstest20221123.ddnsfree.com/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://5.61.36.132/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://82.148.30.111/async/downloads3downloads8/1localbigloadgame/4temporaryvideo/betterdownloads/traffic1better/5mariadbto/cputemporaryprocess/localhttp/0private/processorpythondump/private02php/longpoll/pollasyncuploads.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://116.63.195.13/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.43.215.17:9001/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://49.235.125.53/include/template/isx.php
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://159.75.138.102:8080/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.40.127.134:5555/5aq/xp/sy75qyw.htm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.pldtserver.org/css/img_1323.png
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://38.54.31.137/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.cworks.site/5aq/xp/sy75qyw.htm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://162.240.217.87/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.usts.site/_/scs/mail-static/_/js/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://128.199.67.176/ab.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://107.148.129.129/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://testwscdn.m.37.com/dist/css/bootstrap.min.css
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://180.76.139.109:4444/require-jquery-v1.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://139.159.234.59/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://generalimaps.com/generate/payments/0tqzuklji7
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.generalimaps.com/generate/payments/0tqzuklji7
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://mail.generalimaps.com/generate/payments/0tqzuklji7
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://secure.generalimaps.com/generate/payments/0tqzuklji7
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://bitwisesec.nl/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://service-gcnqmcp3-1307217324.bj.apigw.tencentcs.com/api/sortbyname
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://159.75.138.102/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://43.155.66.70/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://51.210.243.38:8089/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://cobaltstrike.wsywddr.com:5555/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.138.251.32:1234/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://8.133.236.211:42045/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://81.71.133.220/api/getit
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://116.211.120.25:8088/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.221.119.2:9090/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://120.55.78.215:8080/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://8.142.69.99:55443/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://54.221.105.212/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.142.138.251:8080/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.43.188.175:6666/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://88.99.120.225/1587
Vidar botnet C2 (confidence level: 100%)
urlhttp://79.137.206.24/1704
Vidar botnet C2 (confidence level: 100%)
urlhttp://178.23.190.209/1704
Vidar botnet C2 (confidence level: 100%)
urlhttp://79.137.206.24/
Vidar botnet C2 (confidence level: 100%)
urlhttp://94.131.100.116/
Vidar botnet C2 (confidence level: 100%)
urlhttp://178.23.190.209/
Vidar botnet C2 (confidence level: 100%)
urlhttp://114.115.140.236/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://106.12.159.14:6666/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.138.62.36:9000/pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://150.158.45.62:8090/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://150.158.45.62/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.142.138.251:9090/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://171.22.30.82:10087/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://198.52.127.146:21989/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://8.141.169.117:801/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.142.138.251:8081/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://92.63.97.36/defaultdownloadswindows/pollhttp.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://81.68.193.9/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://olusuzhaberlerdengheldik.co.vu
Alien botnet C2 (confidence level: 80%)
urlhttp://31.41.244.17/hfk3vk9/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttp://185.217.1.30/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.143.45.70:7744/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://195.206.181.151/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://172.245.107.73/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://chromeupdatedaily.dns.army:8080/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://120.24.84.16/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://88.214.27.53:50004/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://getinteriorartstudio.com/disable/ask/zs35xl9f3
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://209.141.53.143:2086/api/3
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://104.208.66.132/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://performernews.com/disable/ask/zs35xl9f3
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.129.214.143:40001/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://128.199.67.176/ab.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://120.77.18.7/api/3
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://178.250.156.30/public0temporary/downloads/_eternaldownloadsexternal/externalprotectflower.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://jquery.microsoft-flash.tk:2087/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://58261.clmonth.nyashteam.ru/imagepythonjstracklocal.php
DCRat botnet C2 (confidence level: 100%)

Domain

ValueDescriptionCopy
domainbr.claughs.ga
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainsvchost221125.ddns.net
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaincstest20221123.ddnsfree.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.pldtserver.org
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.usts.site
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaintestwscdn.m.37.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaingeneralimaps.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.generalimaps.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainmail.generalimaps.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainsecure.generalimaps.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaintest.dasf54.tk
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainbitwisesec.nl
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainservice-gcnqmcp3-1307217324.bj.apigw.tencentcs.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainbid.skhystec.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaincmcc.asia
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainlog.lihaimaoyi.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainservice-r2tscjhh-1257078281.bj.apigw.tencentcs.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainservice-nhvty71c-1255451648.gz.apigw.tencentcs.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainchromeupdatedaily.dns.army
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaingetinteriorartstudio.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainperformernews.com
Cobalt Strike botnet C2 domain (confidence level: 100%)

File

ValueDescriptionCopy
file101.34.117.22
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.169.69.25
Nanocore RAT botnet C2 server (confidence level: 100%)
file172.86.120.88
AsyncRAT botnet C2 server (confidence level: 75%)
file94.103.183.33
RedLine Stealer botnet C2 server (confidence level: 100%)
file109.206.243.197
Vjw0rm botnet C2 server (confidence level: 100%)
file185.158.251.35
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file185.212.47.160
SharkBot botnet C2 server (confidence level: 75%)
file49.235.125.53
Cobalt Strike botnet C2 server (confidence level: 100%)
file191.242.29.94
NjRAT botnet C2 server (confidence level: 100%)
file109.248.18.177
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.54.31.137
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.40.127.134
Cobalt Strike botnet C2 server (confidence level: 100%)
file162.240.208.215
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.139.156.186
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.144.220.86
Cobalt Strike botnet C2 server (confidence level: 100%)
file128.199.67.176
Cobalt Strike botnet C2 server (confidence level: 100%)
file110.40.201.49
Cobalt Strike botnet C2 server (confidence level: 100%)
file143.198.42.1
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.220.151.246
Cobalt Strike botnet C2 server (confidence level: 100%)
file139.159.234.59
Cobalt Strike botnet C2 server (confidence level: 100%)
file5.199.168.233
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.139.59.31
Cobalt Strike botnet C2 server (confidence level: 100%)
file18.184.132.151
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.138.30.219
Cobalt Strike botnet C2 server (confidence level: 100%)
file143.198.42.1
Cobalt Strike botnet C2 server (confidence level: 100%)
file159.75.138.102
Cobalt Strike botnet C2 server (confidence level: 100%)
file94.103.9.89
RedLine Stealer botnet C2 server (confidence level: 100%)
file139.59.16.55
PhotoLoader botnet C2 server (confidence level: 75%)
file94.131.100.116
Vidar botnet C2 server (confidence level: 100%)
file178.23.190.209
Vidar botnet C2 server (confidence level: 100%)
file79.137.206.24
Vidar botnet C2 server (confidence level: 100%)
file23.81.246.205
BumbleBee botnet C2 server (confidence level: 75%)
file101.35.198.64
Cobalt Strike botnet C2 server (confidence level: 100%)
file81.68.232.146
Cobalt Strike botnet C2 server (confidence level: 100%)
file152.136.132.93
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.136.199.131
Quasar RAT botnet C2 server (confidence level: 100%)
file185.217.1.30
Cobalt Strike botnet C2 server (confidence level: 100%)
file195.206.181.151
Cobalt Strike botnet C2 server (confidence level: 100%)
file172.245.107.73
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.242.190.135
Cobalt Strike botnet C2 server (confidence level: 100%)
file120.24.84.16
Cobalt Strike botnet C2 server (confidence level: 100%)
file85.239.52.35
IcedID botnet C2 server (confidence level: 75%)
file194.135.24.242
Cobalt Strike botnet C2 server (confidence level: 100%)
file104.208.66.132
Cobalt Strike botnet C2 server (confidence level: 100%)
file194.135.24.250
Cobalt Strike botnet C2 server (confidence level: 100%)
file194.135.24.245
Cobalt Strike botnet C2 server (confidence level: 100%)
file194.135.24.242
Cobalt Strike botnet C2 server (confidence level: 100%)
file194.135.24.240
Cobalt Strike botnet C2 server (confidence level: 100%)
file194.135.24.250
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.65.134.165
RedLine Stealer botnet C2 server (confidence level: 100%)
file128.199.67.176
Cobalt Strike botnet C2 server (confidence level: 100%)
file120.77.18.7
Cobalt Strike botnet C2 server (confidence level: 100%)
file107.172.217.220
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.3.110.135
RedLine Stealer botnet C2 server (confidence level: 100%)

Threat ID: 68359c9d5d5f0974d01f6b2e

Added to database: 5/27/2025, 11:06:05 AM

Last enriched: 7/5/2025, 11:12:38 PM

Last updated: 8/13/2025, 6:19:21 PM

Views: 14

Related Threats

ThreatFox IOCs for 2025-08-13

Medium
MalwareThu Aug 14 2025

Efimer Trojan Steals Crypto, Hacks WordPress Sites via Torrents and Phishing

Medium
MalwareWed Aug 13 2025

Silent Watcher: Dissecting Cmimai Stealer's VBS Payload

Medium
MalwareWed Aug 13 2025

CastleLoader Analysis

Medium
MalwareWed Aug 13 2025

The Dark Side of Parental Control Apps

Medium
MalwareWed Aug 13 2025

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats