Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

ThreatFox IOCs for 2022-11-25

Medium
Malwaretype:osinttlp:white
Published: Fri Nov 25 2022 (11/25/2022, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2022-11-25

AI-Powered Analysis

AILast updated: 06/18/2025, 08:35:36 UTC

Technical Analysis

The provided threat information pertains to a set of Indicators of Compromise (IOCs) published by ThreatFox on November 25, 2022, categorized under malware with a focus on OSINT (Open Source Intelligence). The threat is described as involving payload delivery and network activity, indicating that it likely relates to the distribution or communication mechanisms used by malware or threat actors. However, no specific affected software versions or products are identified, and no patches or known exploits in the wild are reported. The threat level is rated as 2 on an unspecified scale, with analysis and distribution scores of 1 and 3 respectively, suggesting moderate dissemination but limited analysis depth. The absence of concrete technical details such as malware family, attack vectors, or exploitation methods limits the ability to provide a granular technical breakdown. The threat appears to be primarily informational, focusing on the collection and dissemination of IOCs to aid in detection and response efforts. The tags and categories emphasize OSINT and network activity, implying that the threat intelligence is related to monitoring or identifying malicious network behaviors or payload delivery mechanisms rather than a direct vulnerability or exploit. Overall, this threat represents a medium-severity intelligence update rather than an active, exploitable vulnerability or malware campaign.

Potential Impact

Given the nature of this threat as an OSINT-based IOC collection without specific affected products or active exploits, the direct impact on European organizations is limited. However, the dissemination of such IOCs can enhance detection capabilities against malware payload delivery and network-based threats. European organizations that rely heavily on network security monitoring and threat intelligence platforms may benefit from integrating these IOCs to improve their situational awareness and incident response. The lack of known exploits or patches suggests that this threat does not currently pose an immediate risk to confidentiality, integrity, or availability. Nonetheless, organizations should remain vigilant as these IOCs could be indicators of emerging threats or preparatory stages of malware campaigns. The medium severity rating reflects a moderate potential impact primarily through improved threat detection rather than direct compromise.

Mitigation Recommendations

1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to enhance detection of related network activity and payload delivery attempts. 2. Regularly update threat intelligence feeds and ensure automated ingestion of OSINT data to maintain up-to-date situational awareness. 3. Conduct network traffic analysis focusing on anomalies that match the behavioral patterns indicated by the IOCs, even if specific signatures are not available. 4. Train security operations teams to recognize and respond to indicators associated with payload delivery and network-based malware activity. 5. Employ network segmentation and strict egress filtering to limit the potential spread or communication of malware payloads within organizational networks. 6. Since no patches are available, emphasize proactive monitoring and incident response readiness rather than reliance on vulnerability remediation. 7. Collaborate with European cybersecurity information sharing organizations to contextualize these IOCs within regional threat landscapes.

Affected Countries

GermanyGermany
FranceFrance
United KingdomUnited Kingdom
NetherlandsNetherlands
ItalyItaly
SpainSpain
Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
fbbd6934-c5a2-4a16-a898-be52fcd544e8
Original Timestamp
1669420982

Indicators of Compromise

Hash

ValueDescriptionCopy
hash3b73a7836ad74f3935bbf484f0e52ad6
Amadey payload (confidence level: 50%)
hash1233a723ebdece80cb592aa584510066
BumbleBee payload (confidence level: 50%)
hash2083
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9d19404ce023281cfb5c0ebe8560be35
bifrose payload (confidence level: 50%)
hash1001
Nanocore RAT botnet C2 server (confidence level: 100%)
hashbdcb6fd328b0c7e776bf5ed4dd3c0b6e
Amadey payload (confidence level: 50%)
hash4449
AsyncRAT botnet C2 server (confidence level: 75%)
hash80
RedLine Stealer botnet C2 server (confidence level: 100%)
hash1988
Vjw0rm botnet C2 server (confidence level: 100%)
hash12295d5a38c339ffb5333989765b54fc6f23cf45a3715a8c9871ab3a76ff7d82
LokiBot payload (confidence level: 50%)
hash4421
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
SharkBot botnet C2 server (confidence level: 75%)
hash2fce09a64c49609a4b60d0659c9602c991a057ed8673e4dfd1b884bee662b493
NjRAT payload (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1177
NjRAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash446
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
RedLine Stealer botnet C2 server (confidence level: 100%)
hash80
PhotoLoader botnet C2 server (confidence level: 75%)
hash80
Vidar botnet C2 server (confidence level: 100%)
hash80
Vidar botnet C2 server (confidence level: 100%)
hash80
Vidar botnet C2 server (confidence level: 100%)
hash443
BumbleBee botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash1a71685e9d69c3e7619c5f20dbc3bbd693efb1db2370f5127d7f5c81df2baf3b
Cobalt Strike payload (confidence level: 50%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
IcedID botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash56351
RedLine Stealer botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2087
Cobalt Strike botnet C2 server (confidence level: 100%)
hash22314
RedLine Stealer botnet C2 server (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttps://br.claughs.ga:2083/api/3
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.139.105.143:8085/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.139.105.143:8086/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://167.71.204.199:8443/www/handle/doc
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://49.235.125.53:20001/wp08/wp-includes/dtcla.php
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://amazon3.serveuser.com/6.jpg
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://amazon3.serveuser.com/1.jpg
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://amazon3.serveuser.com/2.jpg
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://amazon3.serveuser.com/3.jpg
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://amazon3.serveuser.com/4.jpg
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://amazon3.serveuser.com/5.jpg
Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://amazon3.serveuser.com/7.jpg
Oski Stealer botnet C2 (confidence level: 100%)
urlhttps://segoremlolgv.cf/pws/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttp://segoremlolgv.ga/pws/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://79.137.196.11/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttp://sempersim.su/gm13/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttp://49.12.113.223/1364
Vidar botnet C2 (confidence level: 100%)
urlhttp://95.217.29.31/1686
Vidar botnet C2 (confidence level: 100%)
urlhttp://88.198.106.9/1788
Vidar botnet C2 (confidence level: 100%)
urlhttp://88.198.106.9/1851
Vidar botnet C2 (confidence level: 100%)
urlhttp://95.217.29.31/977
Vidar botnet C2 (confidence level: 100%)
urlhttp://88.198.106.9/1859
Vidar botnet C2 (confidence level: 100%)
urlhttp://88.198.106.9/1702
Vidar botnet C2 (confidence level: 100%)
urlhttp://49.12.113.223/1375
Vidar botnet C2 (confidence level: 100%)
urlhttp://88.198.106.9/937
Vidar botnet C2 (confidence level: 100%)
urlhttp://eleronixzkt.gq/pws/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttps://eleronixzkt.gq/pws/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttps://t.me/ghhdkddfkrt_fdklvv
Vidar botnet C2 (confidence level: 100%)
urlhttp://t.me/ghhdkddfkrt_fdklvv
Vidar botnet C2 (confidence level: 100%)
urlhttps://t.me/my1deeoomomed
Vidar botnet C2 (confidence level: 100%)
urlhttp://t.me/my1deeoomomed
Vidar botnet C2 (confidence level: 100%)
urlhttp://95.217.29.31/1842
Vidar botnet C2 (confidence level: 100%)
urlhttp://update.nodfirewalld.org/mvwwdj2/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttp://45.139.105.143:8088/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://svchost221125.ddns.net/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://cstest20221123.ddnsfree.com/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://5.61.36.132/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://82.148.30.111/async/downloads3downloads8/1localbigloadgame/4temporaryvideo/betterdownloads/traffic1better/5mariadbto/cputemporaryprocess/localhttp/0private/processorpythondump/private02php/longpoll/pollasyncuploads.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://116.63.195.13/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.43.215.17:9001/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://49.235.125.53/include/template/isx.php
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://159.75.138.102:8080/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.40.127.134:5555/5aq/xp/sy75qyw.htm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.pldtserver.org/css/img_1323.png
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://38.54.31.137/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.cworks.site/5aq/xp/sy75qyw.htm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://162.240.217.87/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.usts.site/_/scs/mail-static/_/js/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://128.199.67.176/ab.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://107.148.129.129/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://testwscdn.m.37.com/dist/css/bootstrap.min.css
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://180.76.139.109:4444/require-jquery-v1.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://139.159.234.59/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://generalimaps.com/generate/payments/0tqzuklji7
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.generalimaps.com/generate/payments/0tqzuklji7
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://mail.generalimaps.com/generate/payments/0tqzuklji7
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://secure.generalimaps.com/generate/payments/0tqzuklji7
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://bitwisesec.nl/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://service-gcnqmcp3-1307217324.bj.apigw.tencentcs.com/api/sortbyname
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://159.75.138.102/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://43.155.66.70/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://51.210.243.38:8089/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://cobaltstrike.wsywddr.com:5555/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.138.251.32:1234/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://8.133.236.211:42045/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://81.71.133.220/api/getit
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://116.211.120.25:8088/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://124.221.119.2:9090/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://120.55.78.215:8080/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://8.142.69.99:55443/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://54.221.105.212/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.142.138.251:8080/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.43.188.175:6666/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://88.99.120.225/1587
Vidar botnet C2 (confidence level: 100%)
urlhttp://79.137.206.24/1704
Vidar botnet C2 (confidence level: 100%)
urlhttp://178.23.190.209/1704
Vidar botnet C2 (confidence level: 100%)
urlhttp://79.137.206.24/
Vidar botnet C2 (confidence level: 100%)
urlhttp://94.131.100.116/
Vidar botnet C2 (confidence level: 100%)
urlhttp://178.23.190.209/
Vidar botnet C2 (confidence level: 100%)
urlhttp://114.115.140.236/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://106.12.159.14:6666/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.138.62.36:9000/pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://150.158.45.62:8090/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://150.158.45.62/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.142.138.251:9090/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://171.22.30.82:10087/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://198.52.127.146:21989/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://8.141.169.117:801/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.142.138.251:8081/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://92.63.97.36/defaultdownloadswindows/pollhttp.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://81.68.193.9/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://olusuzhaberlerdengheldik.co.vu
Alien botnet C2 (confidence level: 80%)
urlhttp://31.41.244.17/hfk3vk9/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttp://185.217.1.30/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.143.45.70:7744/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://195.206.181.151/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://172.245.107.73/cx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://chromeupdatedaily.dns.army:8080/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://120.24.84.16/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://88.214.27.53:50004/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://getinteriorartstudio.com/disable/ask/zs35xl9f3
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://209.141.53.143:2086/api/3
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://104.208.66.132/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://performernews.com/disable/ask/zs35xl9f3
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.129.214.143:40001/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://128.199.67.176/ab.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://120.77.18.7/api/3
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://178.250.156.30/public0temporary/downloads/_eternaldownloadsexternal/externalprotectflower.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://jquery.microsoft-flash.tk:2087/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://58261.clmonth.nyashteam.ru/imagepythonjstracklocal.php
DCRat botnet C2 (confidence level: 100%)

Domain

ValueDescriptionCopy
domainbr.claughs.ga
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainsvchost221125.ddns.net
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaincstest20221123.ddnsfree.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.pldtserver.org
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.usts.site
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaintestwscdn.m.37.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaingeneralimaps.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.generalimaps.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainmail.generalimaps.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainsecure.generalimaps.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaintest.dasf54.tk
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainbitwisesec.nl
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainservice-gcnqmcp3-1307217324.bj.apigw.tencentcs.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainbid.skhystec.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaincmcc.asia
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainlog.lihaimaoyi.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainservice-r2tscjhh-1257078281.bj.apigw.tencentcs.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainservice-nhvty71c-1255451648.gz.apigw.tencentcs.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainchromeupdatedaily.dns.army
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaingetinteriorartstudio.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainperformernews.com
Cobalt Strike botnet C2 domain (confidence level: 100%)

File

ValueDescriptionCopy
file101.34.117.22
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.169.69.25
Nanocore RAT botnet C2 server (confidence level: 100%)
file172.86.120.88
AsyncRAT botnet C2 server (confidence level: 75%)
file94.103.183.33
RedLine Stealer botnet C2 server (confidence level: 100%)
file109.206.243.197
Vjw0rm botnet C2 server (confidence level: 100%)
file185.158.251.35
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file185.212.47.160
SharkBot botnet C2 server (confidence level: 75%)
file49.235.125.53
Cobalt Strike botnet C2 server (confidence level: 100%)
file191.242.29.94
NjRAT botnet C2 server (confidence level: 100%)
file109.248.18.177
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.54.31.137
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.40.127.134
Cobalt Strike botnet C2 server (confidence level: 100%)
file162.240.208.215
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.139.156.186
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.144.220.86
Cobalt Strike botnet C2 server (confidence level: 100%)
file128.199.67.176
Cobalt Strike botnet C2 server (confidence level: 100%)
file110.40.201.49
Cobalt Strike botnet C2 server (confidence level: 100%)
file143.198.42.1
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.220.151.246
Cobalt Strike botnet C2 server (confidence level: 100%)
file139.159.234.59
Cobalt Strike botnet C2 server (confidence level: 100%)
file5.199.168.233
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.139.59.31
Cobalt Strike botnet C2 server (confidence level: 100%)
file18.184.132.151
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.138.30.219
Cobalt Strike botnet C2 server (confidence level: 100%)
file143.198.42.1
Cobalt Strike botnet C2 server (confidence level: 100%)
file159.75.138.102
Cobalt Strike botnet C2 server (confidence level: 100%)
file94.103.9.89
RedLine Stealer botnet C2 server (confidence level: 100%)
file139.59.16.55
PhotoLoader botnet C2 server (confidence level: 75%)
file94.131.100.116
Vidar botnet C2 server (confidence level: 100%)
file178.23.190.209
Vidar botnet C2 server (confidence level: 100%)
file79.137.206.24
Vidar botnet C2 server (confidence level: 100%)
file23.81.246.205
BumbleBee botnet C2 server (confidence level: 75%)
file101.35.198.64
Cobalt Strike botnet C2 server (confidence level: 100%)
file81.68.232.146
Cobalt Strike botnet C2 server (confidence level: 100%)
file152.136.132.93
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.136.199.131
Quasar RAT botnet C2 server (confidence level: 100%)
file185.217.1.30
Cobalt Strike botnet C2 server (confidence level: 100%)
file195.206.181.151
Cobalt Strike botnet C2 server (confidence level: 100%)
file172.245.107.73
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.242.190.135
Cobalt Strike botnet C2 server (confidence level: 100%)
file120.24.84.16
Cobalt Strike botnet C2 server (confidence level: 100%)
file85.239.52.35
IcedID botnet C2 server (confidence level: 75%)
file194.135.24.242
Cobalt Strike botnet C2 server (confidence level: 100%)
file104.208.66.132
Cobalt Strike botnet C2 server (confidence level: 100%)
file194.135.24.250
Cobalt Strike botnet C2 server (confidence level: 100%)
file194.135.24.245
Cobalt Strike botnet C2 server (confidence level: 100%)
file194.135.24.242
Cobalt Strike botnet C2 server (confidence level: 100%)
file194.135.24.240
Cobalt Strike botnet C2 server (confidence level: 100%)
file194.135.24.250
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.65.134.165
RedLine Stealer botnet C2 server (confidence level: 100%)
file128.199.67.176
Cobalt Strike botnet C2 server (confidence level: 100%)
file120.77.18.7
Cobalt Strike botnet C2 server (confidence level: 100%)
file107.172.217.220
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.3.110.135
RedLine Stealer botnet C2 server (confidence level: 100%)

Threat ID: 682acdc3bbaf20d303f1dfe3

Added to database: 5/19/2025, 6:20:51 AM

Last enriched: 6/18/2025, 8:35:36 AM

Last updated: 8/16/2025, 12:48:46 PM

Views: 16

Related Threats

ThreatFox IOCs for 2025-08-17

Medium
MalwareMon Aug 18 2025

ThreatFox IOCs for 2025-08-16

Medium
MalwareSun Aug 17 2025

Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities

Medium
MalwareSat Aug 16 2025

ThreatFox IOCs for 2025-08-15

Medium
MalwareSat Aug 16 2025

Threat Actor Profile: Interlock Ransomware

Medium
MalwareFri Aug 15 2025

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats