ThreatFox IOCs for 2022-11-27

Severity: mediumType: malware

AI Analysis

Technical Summary

The provided threat information pertains to a collection of Indicators of Compromise (IOCs) published by ThreatFox on November 27, 2022, categorized under malware and OSINT (Open Source Intelligence) types. The data appears to be a compilation of threat intelligence indicators rather than a specific malware sample or exploit targeting a particular product or version. No affected software versions or specific vulnerabilities are identified, and no known exploits in the wild have been reported. The threat level is indicated as 2 on an unspecified scale, with a medium severity rating assigned. The technical details suggest moderate distribution (level 3) but limited analysis (level 1), implying that the IOCs are disseminated but not deeply analyzed or linked to a high-impact campaign. The absence of CWE identifiers, patch links, or detailed technical descriptions limits the ability to pinpoint exact attack vectors or payloads. The threat is tagged as 'type:osint' and marked with TLP:WHITE, indicating that the information is intended for broad sharing without restrictions. Overall, this represents a general intelligence update providing indicators that could be used for detection and monitoring rather than an active, high-impact malware campaign.

Potential Impact

Given the nature of the information as a set of IOCs without specific exploit details or affected products, the direct impact on European organizations is likely limited. However, the dissemination of these IOCs can enhance detection capabilities and situational awareness, enabling organizations to identify potential malicious activities early. The medium severity rating suggests that while the threat is not currently causing widespread damage, it could be part of emerging or low-level campaigns that might escalate. European organizations relying on OSINT for threat intelligence can benefit from integrating these IOCs into their security monitoring tools. The lack of known exploits in the wild reduces immediate risk, but the presence of distributed indicators implies ongoing reconnaissance or preparatory activities by threat actors. Consequently, the impact is primarily on the confidentiality and integrity of systems if these IOCs correspond to malware that could be deployed in targeted attacks. Availability impact appears minimal at this stage.

Mitigation Recommendations

To effectively leverage the provided IOCs, European organizations should: 1) Integrate the ThreatFox IOCs into their Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection of related malicious activities. 2) Conduct regular threat hunting exercises using these indicators to identify any signs of compromise or reconnaissance within their networks. 3) Maintain updated OSINT feeds and collaborate with information sharing communities such as CERT-EU and national CSIRTs to contextualize these IOCs within broader threat landscapes. 4) Implement network segmentation and strict access controls to limit potential lateral movement if any related malware is detected. 5) Educate security teams on interpreting and operationalizing OSINT-derived IOCs to avoid false positives and ensure timely response. Since no patches or specific vulnerabilities are identified, focus should be on detection and response rather than patch management for this threat.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland

Indicators of Compromise

url: http://brakiporodica.org/2.jpg
url: http://brakiporodica.org/3.jpg
url: http://brakiporodica.org/4.jpg
url: http://brakiporodica.org/5.jpg
url: http://brakiporodica.org/7.jpg
file: 194.67.71.131
hash: 80
url: http://146.196.121.62:50717/mozi.m
url: http://103.82.145.136:43557/mozi.m
url: http://nftbanger.ru/eternal_apidefaulttest.php
url: http://180.76.166.103/ca
url: http://23.227.194.86/en_us/all.js
url: https://18.133.195.61/push
file: 18.133.195.61
hash: 443
url: http://43.156.12.227:8081/j.ad
url: http://146.0.72.75:8080/wp08/wp-includes/dtcla.php
file: 194.135.24.245
hash: 80
url: https://51.91.115.161:444/g.pixel
url: https://193.149.185.217:50113/www/handle/doc
url: http://121.36.165.78:8889/cx
url: http://46.3.240.65/audiencemanager.js
file: 46.3.240.65
hash: 80
url: http://121.36.165.78:8890/ga.js
url: https://158.247.219.204:3952/faq
file: 77.73.133.70
hash: 38819
url: http://60.215.209.76:33577/mozi.m
file: 149.28.133.54
hash: 4921
file: 82.115.223.210
hash: 24221
file: 3.142.81.166
hash: 12836
file: 185.196.220.64
hash: 80
url: https://t.me/adsajkdq
url: http://95.217.31.208/1702
url: http://95.217.31.129/1375
url: http://95.217.31.208/1142
url: http://185.196.220.64/1760
url: http://185.196.220.64/
file: 212.1.214.47
hash: 80
file: 191.101.81.20
hash: 80
file: 191.101.81.21
hash: 80
file: 191.96.57.91
hash: 80
file: 153.92.221.169
hash: 80
file: 153.92.223.160
hash: 80
file: 88.198.107.101
hash: 80
file: 88.119.169.134
hash: 80
file: 45.159.249.133
hash: 80
file: 77.73.133.68
hash: 80
url: http://212.1.214.47/
url: http://191.101.81.20/
url: http://191.101.81.21/
url: http://191.96.57.91/
url: http://153.92.221.169/
url: http://153.92.223.160/
url: http://88.198.107.101/
url: http://88.119.169.134/
url: http://45.159.249.133/
url: http://178.23.190.206/
url: http://77.73.133.68/
file: 185.212.47.163
hash: 80
url: https://api.map.ahrtv.cn/qianxinniubi666
domain: api.map.ahrtv.cn
file: 42.193.37.101
hash: 443
url: http://cdn.xiaojingjingaihuifeng.xyz:2086/image/
domain: cdn.xiaojingjingaihuifeng.xyz
file: 23.234.200.96
hash: 2086
url: http://162.14.69.252/push
file: 162.14.69.252
hash: 80
url: http://42.193.37.101/qianxinniubi666
url: http://51.195.166.201/
file: 151.80.223.229
hash: 64218
file: 3.69.157.220
hash: 17882
file: 3.125.223.134
hash: 16744
file: 3.125.102.39
hash: 16744
url: http://49.128.198.17:8989/ptj
url: https://84.32.128.36/mobile-home.js
file: 84.32.128.36
hash: 443
url: http://159.223.12.60:80/dz
hash: 82040e02a2c16b12957659e1356a5e19
url: http://tekbasinaalalhsk.shop
url: http://65.21.60.136/
url: http://hatlarhaberlerdenilerigeli.co.vu/
url: http://20.150.142.166
url: http://oyuncakhesapositebizimle.co.vu
url: http://45.84.0.22
file: 159.223.216.52
hash: 80
url: http://45.139.105.143:8086/ga.js
url: http://45.139.105.143:8085/__utm.gif
url: http://45.139.105.143:8088/match
url: https://msndla.com/owa/
domain: msndla.com
url: https://dev.msndla.com/owa/
domain: dev.msndla.com
url: https://ms1.msndla.com/owa/
domain: ms1.msndla.com
url: https://backend.msndla.com/owa/
domain: backend.msndla.com
url: https://routeoffice.msndla.com/owa/
domain: routeoffice.msndla.com
file: 65.108.97.177
hash: 25223
url: http://194.4.49.90/
domain: bendiciones777.con-ip.com
hash: a855344dd72d07464af4b3ba765d5b5e479c6b6c58e1055e34cdaa3790c2cc67
hash: c5d086a134a026a7447677cebaf4913635d68a6db7809138f7df574ec726768a
hash: 346d41e509517ee4020790870e32d0a6f28f5131ee40a73c758f7deabd2eceaa
hash: e69672a874bcd437474af3b9d141ad0d0c0d366a8a0238d59bcb166d595d3ac4
hash: 8dc1b3e8ed371d0eca98bfc30ade541302889cfa607a3fa65f2c516c6fa00eff
hash: b1f20f0bdd4738cc508084689dfdc0897cb9f5d7f798d66542d22b78921c43ac
hash: 163fa0ae9e117afd2dcb4c75ad4be4255de811184e825217b98ae5a614d1af92
hash: 9b4998fc6c44d21f907b7213060180a636b27ebb508b01a7d615d6a61e8e66da
hash: c731fbba9859cc6b6d0f1cca4bce52221618c4f367b52d0c59e8fb9e4a321412
hash: 8bd7c472ccc01bdc5bc39c49af563d4f17b283b61a9612d0048eda5510a1741f
hash: 70942e631d575ff2ca70a995147a94eeb813eb6b2394e474d09a295759bbeff0
hash: ca241f16b1ac84b101cdfcd8aa9afea521636dba24a5ffe08316c5da4bd68390
hash: e9c298b05fd96667674984479731541328e294ec5e506b85c4aed16802b380d3
hash: f2643b4686b59c10dd7e51a8482f5515f15ab47eb81b6d8674b135c7ea266d24
hash: 2fc0f46e2ceded0b284d4f41759de65e73532900202260b98769ebfaf3244951
hash: eaeecfd412b020ab4748982eb74492d9d0e176911d76ea0298773d1e8f2fd4ac
hash: 8a7a387ec2b16662d29352cba1b58f5b9b0ab65f38bb75aee9e6b88c39a6241b
hash: 70b93560a102368cb1bb874688ffe1ebb4db702d55eeb646ffd1b73b009536b4
hash: 6b10be1005e53ea3c1f150b83f52be54d5141a2fcdbe9a010be26de674451064
hash: 05e1c9b65c5c34d39abe5682f747ef5debcc931d768f0023644a39233a553405
hash: 4cbf921ca59d8725280de0d34864dc44eb98fadde5ea010683a8f8820eb3b803
hash: 74f7a2e67d6bbc2c925e9b2281918076edf29c405c76c033c6116f1b4ecdf9e5
hash: c2f943a6a888d87236c4d4f60d8c83d8ccf5a80fcd7e52d7a02f106021b16685
hash: 0c625923acc1990769f8516b0626245247ac89508a0c06a1e03ca40e6b1aec16
hash: db693a6e2d410779dd0406e72d770fc10e682442658eec302b9254ff1f708727
hash: a2185dcddcfe6d1925fc1b2be92d8c93e0a1a309f1b2c15340b00bec6be552de
hash: 090a860c4c9db925a9eb45657a1af1034c49e1966803e2cc79994cdc1229ab38
hash: 4e76236bf77dd6eea1965eb92337ec95cf92e16eef875e8c922da54763013bf2
hash: f57da923e5b75ea46065584301fe67aa5f37998630447b53242050397ee93a8f
hash: c09cb187ead292e38f9552449115d0e8ad5211f65cd6cc2ad2a2e8249d7481ec
hash: 8e2730f5984afe0586003190249b7c9e5c51a3ef2ba0c2194db5dcd21242c20b
hash: 2310d8f49412769bbb634a16cb272a77dcde3104405155e811d21a88712e4d13
hash: e203029a1731c07a78fb33af68e11c4486991a5e53693bd415bd43626a5d1b1e
hash: a8b9acee89ffa97a9e2cde4559523076a61fd0cabdc913746b33dc751567dd52
hash: 23afbdb4c0f2ba6824b8ccbcba50561872cb5715c6211ffa38a945e6836070e2
hash: a8c2370cb1ac0da5ce0b814d2f62b870c52e9a698f43955af2c0932537b63225
hash: 88729c3c2f0d440cb964a0b14af9f726a961700288ea860cc8db492685ca4546
hash: 1947863812af6b9eca6522bc8488573763b86a81b85bfbbe8039c7d89c65dbdd
hash: 1c4c51643818307480c2436301dab98c4794812abb3e94df7b133450411b66e1
hash: 0089bf08432cd31393f1565f826b14bec246d69648a7e08e3756e2a727847c37
hash: a404861cf345f10cb3f4bb427fe166c639ce09bbb8dc209894bec0a29612d49b
hash: afd3e4f2219c7e1e0d279ed5eb653eac11a37aa59727af4522776d3289d1cb1c
url: http://37.220.87.6/
file: 23.108.57.65
hash: 443
file: 137.220.135.142
hash: 21
domain: aspelads.com
domain: bit-lime.com
domain: blacksoftware.website
domain: goldsoftware.org
domain: rellcracks.com
domain: evilsoftware.org
domain: free-warez.site
domain: www.free-warez.site
domain: freesoftwar.com
domain: forcecheats.pro
domain: softwareofficial.site
domain: vipsoft.store
domain: selfware.net
domain: mesoft.tech
domain: tensoft.me
domain: thepcworld.pro
url: http://47.98.221.192:666/ie9compatviewlist.xml
url: http://47.99.46.128:1111/ptj
url: https://208.76.221.57/pixel
file: 208.76.221.57
hash: 443
domain: softportal.tk
url: https://117.18.13.220:1443/ptj
url: https://194.135.24.246/def/v1.49/343omh6o0sgi
file: 194.135.24.246
hash: 443
url: https://system-view.top/owa/cu4inzw9ssvnsmhjaari961-8lbcpodgm
domain: system-view.top
file: 208.115.230.95
hash: 443
url: http://62.138.7.234/cx
file: 62.138.7.234
hash: 80
url: https://182.237.3.224/cx
file: 182.237.3.224
hash: 443
file: 173.199.70.153
hash: 443
url: http://139.59.9.6:8981/watch
url: http://64.52.80.216:8080/search/
url: https://89.147.109.202/__utm.gif
file: 89.147.109.202
hash: 443
url: http://kudqyx62.top/gate.php
file: 91.238.50.61
hash: 443
file: 3.127.59.75
hash: 19057
file: 3.121.139.82
hash: 19057
domain: 8uh5tyhfd.cfd
domain: 6tyg2wed.cfd
domain: cvbnm65tg.cfd
domain: hu83edf.cfd
domain: ofkf28cfdjdk.cfd
domain: 9iok5tgyu.cfd
domain: 23dert67.cfd
domain: lixn62ft.cfd
domain: v4r5f56.cfd
domain: jko90587uh.cfd
domain: mjhytgc4.cfd
domain: u8gr576y.cfd
domain: qwxt56iy.cfd
domain: qwity45by.cfd
domain: jk03eaq1.cfd
domain: oikjh4rf.cfd
domain: ghu86tyh.cfd
domain: 6yhg2wnh.cfd
domain: gt54mju7.cfd
domain: 0oij4rf8.cfd
domain: h89de453e.cfd
domain: ko98k4rq.cfd
domain: 1weset6y.cfd
domain: 7ytgf23e.cfd
domain: 8uh3edd56.cfd
domain: 0oikj5t6y.cfd
domain: jk8ik4r.cfd
domain: vt62wsd.cfd
domain: zser7ujm.cfd
domain: 87uygf4rfg.cfd
domain: rfgv34rf.cfd
domain: 5rfhgfd3ed.cfd
domain: qasxcf5tghg7yg.cfd
domain: edc34rd.cfd
domain: x3bgt5tfds.cfd
domain: fcdf96jku.cfd
domain: ed32zikut.cfd
url: http://42.194.209.253:5678/visit.js
file: 94.131.98.96
hash: 80
file: 94.131.98.125
hash: 80
file: 152.89.247.220
hash: 80
file: 194.4.49.90
hash: 80
file: 94.131.98.124
hash: 80
url: https://www.tiktok.com/@user6068972597711
url: http://194.4.49.90/1696
url: http://95.217.31.208/1711
url: http://95.217.31.208/1839
url: http://153.92.221.169/1678
url: http://95.217.31.208/1679
url: http://49.12.113.223/1711
url: http://95.217.31.208/1842
url: http://152.89.247.220/
url: http://94.131.98.124/
url: http://94.131.98.96/
url: http://94.131.98.125/
url: http://3.143.199.6/
file: 163.123.142.194
hash: 42069
file: 3.88.246.75
hash: 13666
file: 185.246.221.101
hash: 1312
file: 5.181.80.180
hash: 9931
url: http://bebraboysclub.hk/g8lvlee2z/index.php

ThreatFox IOCs for 2022-11-27

Severity: medium

Type: malware

ThreatFox IOCs for 2022-11-27

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland

Indicators of Compromise

url: http://brakiporodica.org/2.jpg
url: http://brakiporodica.org/3.jpg
url: http://brakiporodica.org/4.jpg
url: http://brakiporodica.org/5.jpg
url: http://brakiporodica.org/7.jpg
file: 194.67.71.131
hash: 80
url: http://146.196.121.62:50717/mozi.m
url: http://103.82.145.136:43557/mozi.m
url: http://nftbanger.ru/eternal_apidefaulttest.php
url: http://180.76.166.103/ca
url: http://23.227.194.86/en_us/all.js
url: https://18.133.195.61/push
file: 18.133.195.61
hash: 443
url: http://43.156.12.227:8081/j.ad
url: http://146.0.72.75:8080/wp08/wp-includes/dtcla.php
file: 194.135.24.245
hash: 80
url: https://51.91.115.161:444/g.pixel
url: https://193.149.185.217:50113/www/handle/doc
url: http://121.36.165.78:8889/cx
url: http://46.3.240.65/audiencemanager.js
file: 46.3.240.65
hash: 80
url: http://121.36.165.78:8890/ga.js
url: https://158.247.219.204:3952/faq
file: 77.73.133.70
hash: 38819
url: http://60.215.209.76:33577/mozi.m
file: 149.28.133.54
hash: 4921
file: 82.115.223.210
hash: 24221
file: 3.142.81.166
hash: 12836
file: 185.196.220.64
hash: 80
url: https://t.me/adsajkdq
url: http://95.217.31.208/1702
url: http://95.217.31.129/1375
url: http://95.217.31.208/1142
url: http://185.196.220.64/1760
url: http://185.196.220.64/
file: 212.1.214.47
hash: 80
file: 191.101.81.20
hash: 80
file: 191.101.81.21
hash: 80
file: 191.96.57.91
hash: 80
file: 153.92.221.169
hash: 80
file: 153.92.223.160
hash: 80
file: 88.198.107.101
hash: 80
file: 88.119.169.134
hash: 80
file: 45.159.249.133
hash: 80
file: 77.73.133.68
hash: 80
url: http://212.1.214.47/
url: http://191.101.81.20/
url: http://191.101.81.21/
url: http://191.96.57.91/
url: http://153.92.221.169/
url: http://153.92.223.160/
url: http://88.198.107.101/
url: http://88.119.169.134/
url: http://45.159.249.133/
url: http://178.23.190.206/
url: http://77.73.133.68/
file: 185.212.47.163
hash: 80
url: https://api.map.ahrtv.cn/qianxinniubi666
domain: api.map.ahrtv.cn
file: 42.193.37.101
hash: 443
url: http://cdn.xiaojingjingaihuifeng.xyz:2086/image/
domain: cdn.xiaojingjingaihuifeng.xyz
file: 23.234.200.96
hash: 2086
url: http://162.14.69.252/push
file: 162.14.69.252
hash: 80
url: http://42.193.37.101/qianxinniubi666
url: http://51.195.166.201/
file: 151.80.223.229
hash: 64218
file: 3.69.157.220
hash: 17882
file: 3.125.223.134
hash: 16744
file: 3.125.102.39
hash: 16744
url: http://49.128.198.17:8989/ptj
url: https://84.32.128.36/mobile-home.js
file: 84.32.128.36
hash: 443
url: http://159.223.12.60:80/dz
hash: 82040e02a2c16b12957659e1356a5e19
url: http://tekbasinaalalhsk.shop
url: http://65.21.60.136/
url: http://hatlarhaberlerdenilerigeli.co.vu/
url: http://20.150.142.166
url: http://oyuncakhesapositebizimle.co.vu
url: http://45.84.0.22
file: 159.223.216.52
hash: 80
url: http://45.139.105.143:8086/ga.js
url: http://45.139.105.143:8085/__utm.gif
url: http://45.139.105.143:8088/match
url: https://msndla.com/owa/
domain: msndla.com
url: https://dev.msndla.com/owa/
domain: dev.msndla.com
url: https://ms1.msndla.com/owa/
domain: ms1.msndla.com
url: https://backend.msndla.com/owa/
domain: backend.msndla.com
url: https://routeoffice.msndla.com/owa/
domain: routeoffice.msndla.com
file: 65.108.97.177
hash: 25223
url: http://194.4.49.90/
domain: bendiciones777.con-ip.com
hash: a855344dd72d07464af4b3ba765d5b5e479c6b6c58e1055e34cdaa3790c2cc67
hash: c5d086a134a026a7447677cebaf4913635d68a6db7809138f7df574ec726768a
hash: 346d41e509517ee4020790870e32d0a6f28f5131ee40a73c758f7deabd2eceaa
hash: e69672a874bcd437474af3b9d141ad0d0c0d366a8a0238d59bcb166d595d3ac4
hash: 8dc1b3e8ed371d0eca98bfc30ade541302889cfa607a3fa65f2c516c6fa00eff
hash: b1f20f0bdd4738cc508084689dfdc0897cb9f5d7f798d66542d22b78921c43ac
hash: 163fa0ae9e117afd2dcb4c75ad4be4255de811184e825217b98ae5a614d1af92
hash: 9b4998fc6c44d21f907b7213060180a636b27ebb508b01a7d615d6a61e8e66da
hash: c731fbba9859cc6b6d0f1cca4bce52221618c4f367b52d0c59e8fb9e4a321412
hash: 8bd7c472ccc01bdc5bc39c49af563d4f17b283b61a9612d0048eda5510a1741f
hash: 70942e631d575ff2ca70a995147a94eeb813eb6b2394e474d09a295759bbeff0
hash: ca241f16b1ac84b101cdfcd8aa9afea521636dba24a5ffe08316c5da4bd68390
hash: e9c298b05fd96667674984479731541328e294ec5e506b85c4aed16802b380d3
hash: f2643b4686b59c10dd7e51a8482f5515f15ab47eb81b6d8674b135c7ea266d24
hash: 2fc0f46e2ceded0b284d4f41759de65e73532900202260b98769ebfaf3244951
hash: eaeecfd412b020ab4748982eb74492d9d0e176911d76ea0298773d1e8f2fd4ac
hash: 8a7a387ec2b16662d29352cba1b58f5b9b0ab65f38bb75aee9e6b88c39a6241b
hash: 70b93560a102368cb1bb874688ffe1ebb4db702d55eeb646ffd1b73b009536b4
hash: 6b10be1005e53ea3c1f150b83f52be54d5141a2fcdbe9a010be26de674451064
hash: 05e1c9b65c5c34d39abe5682f747ef5debcc931d768f0023644a39233a553405
hash: 4cbf921ca59d8725280de0d34864dc44eb98fadde5ea010683a8f8820eb3b803
hash: 74f7a2e67d6bbc2c925e9b2281918076edf29c405c76c033c6116f1b4ecdf9e5
hash: c2f943a6a888d87236c4d4f60d8c83d8ccf5a80fcd7e52d7a02f106021b16685
hash: 0c625923acc1990769f8516b0626245247ac89508a0c06a1e03ca40e6b1aec16
hash: db693a6e2d410779dd0406e72d770fc10e682442658eec302b9254ff1f708727
hash: a2185dcddcfe6d1925fc1b2be92d8c93e0a1a309f1b2c15340b00bec6be552de
hash: 090a860c4c9db925a9eb45657a1af1034c49e1966803e2cc79994cdc1229ab38
hash: 4e76236bf77dd6eea1965eb92337ec95cf92e16eef875e8c922da54763013bf2
hash: f57da923e5b75ea46065584301fe67aa5f37998630447b53242050397ee93a8f
hash: c09cb187ead292e38f9552449115d0e8ad5211f65cd6cc2ad2a2e8249d7481ec
hash: 8e2730f5984afe0586003190249b7c9e5c51a3ef2ba0c2194db5dcd21242c20b
hash: 2310d8f49412769bbb634a16cb272a77dcde3104405155e811d21a88712e4d13
hash: e203029a1731c07a78fb33af68e11c4486991a5e53693bd415bd43626a5d1b1e
hash: a8b9acee89ffa97a9e2cde4559523076a61fd0cabdc913746b33dc751567dd52
hash: 23afbdb4c0f2ba6824b8ccbcba50561872cb5715c6211ffa38a945e6836070e2
hash: a8c2370cb1ac0da5ce0b814d2f62b870c52e9a698f43955af2c0932537b63225
hash: 88729c3c2f0d440cb964a0b14af9f726a961700288ea860cc8db492685ca4546
hash: 1947863812af6b9eca6522bc8488573763b86a81b85bfbbe8039c7d89c65dbdd
hash: 1c4c51643818307480c2436301dab98c4794812abb3e94df7b133450411b66e1
hash: 0089bf08432cd31393f1565f826b14bec246d69648a7e08e3756e2a727847c37
hash: a404861cf345f10cb3f4bb427fe166c639ce09bbb8dc209894bec0a29612d49b
hash: afd3e4f2219c7e1e0d279ed5eb653eac11a37aa59727af4522776d3289d1cb1c
url: http://37.220.87.6/
file: 23.108.57.65
hash: 443
file: 137.220.135.142
hash: 21
domain: aspelads.com
domain: bit-lime.com
domain: blacksoftware.website
domain: goldsoftware.org
domain: rellcracks.com
domain: evilsoftware.org
domain: free-warez.site
domain: www.free-warez.site
domain: freesoftwar.com
domain: forcecheats.pro
domain: softwareofficial.site
domain: vipsoft.store
domain: selfware.net
domain: mesoft.tech
domain: tensoft.me
domain: thepcworld.pro
url: http://47.98.221.192:666/ie9compatviewlist.xml
url: http://47.99.46.128:1111/ptj
url: https://208.76.221.57/pixel
file: 208.76.221.57
hash: 443
domain: softportal.tk
url: https://117.18.13.220:1443/ptj
url: https://194.135.24.246/def/v1.49/343omh6o0sgi
file: 194.135.24.246
hash: 443
url: https://system-view.top/owa/cu4inzw9ssvnsmhjaari961-8lbcpodgm
domain: system-view.top
file: 208.115.230.95
hash: 443
url: http://62.138.7.234/cx
file: 62.138.7.234
hash: 80
url: https://182.237.3.224/cx
file: 182.237.3.224
hash: 443
file: 173.199.70.153
hash: 443
url: http://139.59.9.6:8981/watch
url: http://64.52.80.216:8080/search/
url: https://89.147.109.202/__utm.gif
file: 89.147.109.202
hash: 443
url: http://kudqyx62.top/gate.php
file: 91.238.50.61
hash: 443
file: 3.127.59.75
hash: 19057
file: 3.121.139.82
hash: 19057
domain: 8uh5tyhfd.cfd
domain: 6tyg2wed.cfd
domain: cvbnm65tg.cfd
domain: hu83edf.cfd
domain: ofkf28cfdjdk.cfd
domain: 9iok5tgyu.cfd
domain: 23dert67.cfd
domain: lixn62ft.cfd
domain: v4r5f56.cfd
domain: jko90587uh.cfd
domain: mjhytgc4.cfd
domain: u8gr576y.cfd
domain: qwxt56iy.cfd
domain: qwity45by.cfd
domain: jk03eaq1.cfd
domain: oikjh4rf.cfd
domain: ghu86tyh.cfd
domain: 6yhg2wnh.cfd
domain: gt54mju7.cfd
domain: 0oij4rf8.cfd
domain: h89de453e.cfd
domain: ko98k4rq.cfd
domain: 1weset6y.cfd
domain: 7ytgf23e.cfd
domain: 8uh3edd56.cfd
domain: 0oikj5t6y.cfd
domain: jk8ik4r.cfd
domain: vt62wsd.cfd
domain: zser7ujm.cfd
domain: 87uygf4rfg.cfd
domain: rfgv34rf.cfd
domain: 5rfhgfd3ed.cfd
domain: qasxcf5tghg7yg.cfd
domain: edc34rd.cfd
domain: x3bgt5tfds.cfd
domain: fcdf96jku.cfd
domain: ed32zikut.cfd
url: http://42.194.209.253:5678/visit.js
file: 94.131.98.96
hash: 80
file: 94.131.98.125
hash: 80
file: 152.89.247.220
hash: 80
file: 194.4.49.90
hash: 80
file: 94.131.98.124
hash: 80
url: https://www.tiktok.com/@user6068972597711
url: http://194.4.49.90/1696
url: http://95.217.31.208/1711
url: http://95.217.31.208/1839
url: http://153.92.221.169/1678
url: http://95.217.31.208/1679
url: http://49.12.113.223/1711
url: http://95.217.31.208/1842
url: http://152.89.247.220/
url: http://94.131.98.124/
url: http://94.131.98.96/
url: http://94.131.98.125/
url: http://3.143.199.6/
file: 163.123.142.194
hash: 42069
file: 3.88.246.75
hash: 13666
file: 185.246.221.101
hash: 1312
file: 5.181.80.180
hash: 9931
url: http://bebraboysclub.hk/g8lvlee2z/index.php

Source: ThreatFox

Published: Sun Nov 27 2022

ThreatFox IOCs for 2022-11-27

Medium

Malwaretype:osint tlp:white

Published: Sun Nov 27 2022 (11/27/2022, 00:00:00 UTC)

Source: ThreatFox

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2022-11-27

AI-Powered Analysis

AILast updated: 06/19/2025, 13:33:47 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: ea5f846c-e4fc-46ad-87fd-7bacb7e09894
Original Timestamp: 1669593784

Indicators of Compromise

Url

Value	Description	Copy
urlhttp://brakiporodica.org/2.jpg	Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://brakiporodica.org/3.jpg	Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://brakiporodica.org/4.jpg	Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://brakiporodica.org/5.jpg	Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://brakiporodica.org/7.jpg	Oski Stealer botnet C2 (confidence level: 100%)
urlhttp://146.196.121.62:50717/mozi.m	Mozi payload delivery URL (confidence level: 50%)
urlhttp://103.82.145.136:43557/mozi.m	Mozi payload delivery URL (confidence level: 50%)
urlhttp://nftbanger.ru/eternal_apidefaulttest.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://180.76.166.103/ca	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://23.227.194.86/en_us/all.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://18.133.195.61/push	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.156.12.227:8081/j.ad	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://146.0.72.75:8080/wp08/wp-includes/dtcla.php	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://51.91.115.161:444/g.pixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://193.149.185.217:50113/www/handle/doc	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.36.165.78:8889/cx	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://46.3.240.65/audiencemanager.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://121.36.165.78:8890/ga.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://158.247.219.204:3952/faq	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://60.215.209.76:33577/mozi.m	Mozi payload delivery URL (confidence level: 50%)
urlhttps://t.me/adsajkdq	Vidar botnet C2 (confidence level: 100%)
urlhttp://95.217.31.208/1702	Vidar botnet C2 (confidence level: 100%)
urlhttp://95.217.31.129/1375	Vidar botnet C2 (confidence level: 100%)
urlhttp://95.217.31.208/1142	Vidar botnet C2 (confidence level: 100%)
urlhttp://185.196.220.64/1760	Vidar botnet C2 (confidence level: 100%)
urlhttp://185.196.220.64/	Vidar botnet C2 (confidence level: 100%)
urlhttp://212.1.214.47/	Vidar botnet C2 (confidence level: 100%)
urlhttp://191.101.81.20/	Vidar botnet C2 (confidence level: 100%)
urlhttp://191.101.81.21/	Vidar botnet C2 (confidence level: 100%)
urlhttp://191.96.57.91/	Vidar botnet C2 (confidence level: 100%)
urlhttp://153.92.221.169/	Vidar botnet C2 (confidence level: 100%)
urlhttp://153.92.223.160/	Vidar botnet C2 (confidence level: 100%)
urlhttp://88.198.107.101/	Vidar botnet C2 (confidence level: 100%)
urlhttp://88.119.169.134/	Vidar botnet C2 (confidence level: 100%)
urlhttp://45.159.249.133/	Vidar botnet C2 (confidence level: 100%)
urlhttp://178.23.190.206/	Vidar botnet C2 (confidence level: 100%)
urlhttp://77.73.133.68/	Vidar botnet C2 (confidence level: 100%)
urlhttps://api.map.ahrtv.cn/qianxinniubi666	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://cdn.xiaojingjingaihuifeng.xyz:2086/image/	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://162.14.69.252/push	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://42.193.37.101/qianxinniubi666	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://51.195.166.201/	Vidar botnet C2 (confidence level: 100%)
urlhttp://49.128.198.17:8989/ptj	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://84.32.128.36/mobile-home.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://159.223.12.60:80/dz	Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://tekbasinaalalhsk.shop	Alien botnet C2 (confidence level: 80%)
urlhttp://65.21.60.136/	Alien botnet C2 (confidence level: 80%)
urlhttp://hatlarhaberlerdenilerigeli.co.vu/	Alien botnet C2 (confidence level: 80%)
urlhttp://20.150.142.166	Alien botnet C2 (confidence level: 80%)
urlhttp://oyuncakhesapositebizimle.co.vu	Alien botnet C2 (confidence level: 80%)
urlhttp://45.84.0.22	Alien botnet C2 (confidence level: 80%)
urlhttp://45.139.105.143:8086/ga.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.139.105.143:8085/__utm.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.139.105.143:8088/match	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://msndla.com/owa/	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://dev.msndla.com/owa/	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://ms1.msndla.com/owa/	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://backend.msndla.com/owa/	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://routeoffice.msndla.com/owa/	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://194.4.49.90/	Arkei Stealer botnet C2 (confidence level: 100%)
urlhttp://37.220.87.6/	RecordBreaker botnet C2 (confidence level: 100%)
urlhttp://47.98.221.192:666/ie9compatviewlist.xml	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.99.46.128:1111/ptj	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://208.76.221.57/pixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://117.18.13.220:1443/ptj	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://194.135.24.246/def/v1.49/343omh6o0sgi	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://system-view.top/owa/cu4inzw9ssvnsmhjaari961-8lbcpodgm	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://62.138.7.234/cx	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://182.237.3.224/cx	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://139.59.9.6:8981/watch	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://64.52.80.216:8080/search/	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://89.147.109.202/__utm.gif	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://kudqyx62.top/gate.php	CryptBot botnet C2 (confidence level: 100%)
urlhttp://42.194.209.253:5678/visit.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.tiktok.com/@user6068972597711	Vidar botnet C2 (confidence level: 100%)
urlhttp://194.4.49.90/1696	Vidar botnet C2 (confidence level: 100%)
urlhttp://95.217.31.208/1711	Vidar botnet C2 (confidence level: 100%)
urlhttp://95.217.31.208/1839	Vidar botnet C2 (confidence level: 100%)
urlhttp://153.92.221.169/1678	Vidar botnet C2 (confidence level: 100%)
urlhttp://95.217.31.208/1679	Vidar botnet C2 (confidence level: 100%)
urlhttp://49.12.113.223/1711	Vidar botnet C2 (confidence level: 100%)
urlhttp://95.217.31.208/1842	Vidar botnet C2 (confidence level: 100%)
urlhttp://152.89.247.220/	Vidar botnet C2 (confidence level: 100%)
urlhttp://94.131.98.124/	Vidar botnet C2 (confidence level: 100%)
urlhttp://94.131.98.96/	Vidar botnet C2 (confidence level: 100%)
urlhttp://94.131.98.125/	Vidar botnet C2 (confidence level: 100%)
urlhttp://3.143.199.6/	Vidar botnet C2 (confidence level: 100%)
urlhttp://bebraboysclub.hk/g8lvlee2z/index.php	Amadey botnet C2 (confidence level: 100%)

File

Value	Description	Copy
file194.67.71.131	RedLine Stealer botnet C2 server (confidence level: 100%)
file18.133.195.61	Cobalt Strike botnet C2 server (confidence level: 100%)
file194.135.24.245	Cobalt Strike botnet C2 server (confidence level: 100%)
file46.3.240.65	Cobalt Strike botnet C2 server (confidence level: 100%)
file77.73.133.70	RedLine Stealer botnet C2 server (confidence level: 100%)
file149.28.133.54	RedLine Stealer botnet C2 server (confidence level: 100%)
file82.115.223.210	RedLine Stealer botnet C2 server (confidence level: 100%)
file3.142.81.166	NjRAT botnet C2 server (confidence level: 100%)
file185.196.220.64	Vidar botnet C2 server (confidence level: 100%)
file212.1.214.47	Vidar botnet C2 server (confidence level: 100%)
file191.101.81.20	Vidar botnet C2 server (confidence level: 100%)
file191.101.81.21	Vidar botnet C2 server (confidence level: 100%)
file191.96.57.91	Vidar botnet C2 server (confidence level: 100%)
file153.92.221.169	Vidar botnet C2 server (confidence level: 100%)
file153.92.223.160	Vidar botnet C2 server (confidence level: 100%)
file88.198.107.101	Vidar botnet C2 server (confidence level: 100%)
file88.119.169.134	Vidar botnet C2 server (confidence level: 100%)
file45.159.249.133	Vidar botnet C2 server (confidence level: 100%)
file77.73.133.68	Vidar botnet C2 server (confidence level: 100%)
file185.212.47.163	SharkBot botnet C2 server (confidence level: 75%)
file42.193.37.101	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.234.200.96	Cobalt Strike botnet C2 server (confidence level: 100%)
file162.14.69.252	Cobalt Strike botnet C2 server (confidence level: 100%)
file151.80.223.229	NetWire RC botnet C2 server (confidence level: 100%)
file3.69.157.220	NjRAT botnet C2 server (confidence level: 100%)
file3.125.223.134	NjRAT botnet C2 server (confidence level: 100%)
file3.125.102.39	NjRAT botnet C2 server (confidence level: 100%)
file84.32.128.36	Cobalt Strike botnet C2 server (confidence level: 100%)
file159.223.216.52	PhotoLoader botnet C2 server (confidence level: 75%)
file65.108.97.177	RedLine Stealer botnet C2 server (confidence level: 100%)
file23.108.57.65	BumbleBee botnet C2 server (confidence level: 75%)
file137.220.135.142	Meterpreter botnet C2 server (confidence level: 100%)
file208.76.221.57	Cobalt Strike botnet C2 server (confidence level: 100%)
file194.135.24.246	Cobalt Strike botnet C2 server (confidence level: 100%)
file208.115.230.95	Cobalt Strike botnet C2 server (confidence level: 100%)
file62.138.7.234	Cobalt Strike botnet C2 server (confidence level: 100%)
file182.237.3.224	Cobalt Strike botnet C2 server (confidence level: 100%)
file173.199.70.153	Cobalt Strike botnet C2 server (confidence level: 100%)
file89.147.109.202	Cobalt Strike botnet C2 server (confidence level: 100%)
file91.238.50.61	IcedID botnet C2 server (confidence level: 75%)
file3.127.59.75	NjRAT botnet C2 server (confidence level: 100%)
file3.121.139.82	NjRAT botnet C2 server (confidence level: 100%)
file94.131.98.96	Vidar botnet C2 server (confidence level: 100%)
file94.131.98.125	Vidar botnet C2 server (confidence level: 100%)
file152.89.247.220	Vidar botnet C2 server (confidence level: 100%)
file194.4.49.90	Vidar botnet C2 server (confidence level: 100%)
file94.131.98.124	Vidar botnet C2 server (confidence level: 100%)
file163.123.142.194	Mirai botnet C2 server (confidence level: 75%)
file3.88.246.75	Mirai botnet C2 server (confidence level: 75%)
file185.246.221.101	Mirai botnet C2 server (confidence level: 75%)
file5.181.80.180	Mirai botnet C2 server (confidence level: 75%)

Hash

Value	Description	Copy
hash80	RedLine Stealer botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash38819	RedLine Stealer botnet C2 server (confidence level: 100%)
hash4921	RedLine Stealer botnet C2 server (confidence level: 100%)
hash24221	RedLine Stealer botnet C2 server (confidence level: 100%)
hash12836	NjRAT botnet C2 server (confidence level: 100%)
hash80	Vidar botnet C2 server (confidence level: 100%)
hash80	Vidar botnet C2 server (confidence level: 100%)
hash80	Vidar botnet C2 server (confidence level: 100%)
hash80	Vidar botnet C2 server (confidence level: 100%)
hash80	Vidar botnet C2 server (confidence level: 100%)
hash80	Vidar botnet C2 server (confidence level: 100%)
hash80	Vidar botnet C2 server (confidence level: 100%)
hash80	Vidar botnet C2 server (confidence level: 100%)
hash80	Vidar botnet C2 server (confidence level: 100%)
hash80	Vidar botnet C2 server (confidence level: 100%)
hash80	Vidar botnet C2 server (confidence level: 100%)
hash80	SharkBot botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2086	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash64218	NetWire RC botnet C2 server (confidence level: 100%)
hash17882	NjRAT botnet C2 server (confidence level: 100%)
hash16744	NjRAT botnet C2 server (confidence level: 100%)
hash16744	NjRAT botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash82040e02a2c16b12957659e1356a5e19	Titan payload (confidence level: 50%)
hash80	PhotoLoader botnet C2 server (confidence level: 75%)
hash25223	RedLine Stealer botnet C2 server (confidence level: 100%)
hasha855344dd72d07464af4b3ba765d5b5e479c6b6c58e1055e34cdaa3790c2cc67	Remcos payload (confidence level: 100%)
hashc5d086a134a026a7447677cebaf4913635d68a6db7809138f7df574ec726768a	Remcos payload (confidence level: 100%)
hash346d41e509517ee4020790870e32d0a6f28f5131ee40a73c758f7deabd2eceaa	Remcos payload (confidence level: 100%)
hashe69672a874bcd437474af3b9d141ad0d0c0d366a8a0238d59bcb166d595d3ac4	Remcos payload (confidence level: 100%)
hash8dc1b3e8ed371d0eca98bfc30ade541302889cfa607a3fa65f2c516c6fa00eff	Remcos payload (confidence level: 100%)
hashb1f20f0bdd4738cc508084689dfdc0897cb9f5d7f798d66542d22b78921c43ac	Remcos payload (confidence level: 100%)
hash163fa0ae9e117afd2dcb4c75ad4be4255de811184e825217b98ae5a614d1af92	Remcos payload (confidence level: 100%)
hash9b4998fc6c44d21f907b7213060180a636b27ebb508b01a7d615d6a61e8e66da	Remcos payload (confidence level: 100%)
hashc731fbba9859cc6b6d0f1cca4bce52221618c4f367b52d0c59e8fb9e4a321412	Remcos payload (confidence level: 100%)
hash8bd7c472ccc01bdc5bc39c49af563d4f17b283b61a9612d0048eda5510a1741f	Remcos payload (confidence level: 100%)
hash70942e631d575ff2ca70a995147a94eeb813eb6b2394e474d09a295759bbeff0	Remcos payload (confidence level: 100%)
hashca241f16b1ac84b101cdfcd8aa9afea521636dba24a5ffe08316c5da4bd68390	Remcos payload (confidence level: 100%)
hashe9c298b05fd96667674984479731541328e294ec5e506b85c4aed16802b380d3	Remcos payload (confidence level: 100%)
hashf2643b4686b59c10dd7e51a8482f5515f15ab47eb81b6d8674b135c7ea266d24	Remcos payload (confidence level: 100%)
hash2fc0f46e2ceded0b284d4f41759de65e73532900202260b98769ebfaf3244951	Remcos payload (confidence level: 100%)
hasheaeecfd412b020ab4748982eb74492d9d0e176911d76ea0298773d1e8f2fd4ac	Remcos payload (confidence level: 100%)
hash8a7a387ec2b16662d29352cba1b58f5b9b0ab65f38bb75aee9e6b88c39a6241b	Remcos payload (confidence level: 100%)
hash70b93560a102368cb1bb874688ffe1ebb4db702d55eeb646ffd1b73b009536b4	Remcos payload (confidence level: 100%)
hash6b10be1005e53ea3c1f150b83f52be54d5141a2fcdbe9a010be26de674451064	Remcos payload (confidence level: 100%)
hash05e1c9b65c5c34d39abe5682f747ef5debcc931d768f0023644a39233a553405	Remcos payload (confidence level: 100%)
hash4cbf921ca59d8725280de0d34864dc44eb98fadde5ea010683a8f8820eb3b803	Remcos payload (confidence level: 100%)
hash74f7a2e67d6bbc2c925e9b2281918076edf29c405c76c033c6116f1b4ecdf9e5	Remcos payload (confidence level: 100%)
hashc2f943a6a888d87236c4d4f60d8c83d8ccf5a80fcd7e52d7a02f106021b16685	Remcos payload (confidence level: 100%)
hash0c625923acc1990769f8516b0626245247ac89508a0c06a1e03ca40e6b1aec16	Remcos payload (confidence level: 100%)
hashdb693a6e2d410779dd0406e72d770fc10e682442658eec302b9254ff1f708727	Remcos payload (confidence level: 100%)
hasha2185dcddcfe6d1925fc1b2be92d8c93e0a1a309f1b2c15340b00bec6be552de	Remcos payload (confidence level: 100%)
hash090a860c4c9db925a9eb45657a1af1034c49e1966803e2cc79994cdc1229ab38	Remcos payload (confidence level: 100%)
hash4e76236bf77dd6eea1965eb92337ec95cf92e16eef875e8c922da54763013bf2	Remcos payload (confidence level: 100%)
hashf57da923e5b75ea46065584301fe67aa5f37998630447b53242050397ee93a8f	Remcos payload (confidence level: 100%)
hashc09cb187ead292e38f9552449115d0e8ad5211f65cd6cc2ad2a2e8249d7481ec	Remcos payload (confidence level: 100%)
hash8e2730f5984afe0586003190249b7c9e5c51a3ef2ba0c2194db5dcd21242c20b	Remcos payload (confidence level: 100%)
hash2310d8f49412769bbb634a16cb272a77dcde3104405155e811d21a88712e4d13	Remcos payload (confidence level: 100%)
hashe203029a1731c07a78fb33af68e11c4486991a5e53693bd415bd43626a5d1b1e	Remcos payload (confidence level: 100%)
hasha8b9acee89ffa97a9e2cde4559523076a61fd0cabdc913746b33dc751567dd52	Remcos payload (confidence level: 100%)
hash23afbdb4c0f2ba6824b8ccbcba50561872cb5715c6211ffa38a945e6836070e2	Remcos payload (confidence level: 100%)
hasha8c2370cb1ac0da5ce0b814d2f62b870c52e9a698f43955af2c0932537b63225	Remcos payload (confidence level: 100%)
hash88729c3c2f0d440cb964a0b14af9f726a961700288ea860cc8db492685ca4546	Remcos payload (confidence level: 100%)
hash1947863812af6b9eca6522bc8488573763b86a81b85bfbbe8039c7d89c65dbdd	Remcos payload (confidence level: 100%)
hash1c4c51643818307480c2436301dab98c4794812abb3e94df7b133450411b66e1	Remcos payload (confidence level: 100%)
hash0089bf08432cd31393f1565f826b14bec246d69648a7e08e3756e2a727847c37	Remcos payload (confidence level: 100%)
hasha404861cf345f10cb3f4bb427fe166c639ce09bbb8dc209894bec0a29612d49b	Remcos payload (confidence level: 100%)
hashafd3e4f2219c7e1e0d279ed5eb653eac11a37aa59727af4522776d3289d1cb1c	Remcos payload (confidence level: 100%)
hash443	BumbleBee botnet C2 server (confidence level: 75%)
hash21	Meterpreter botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	IcedID botnet C2 server (confidence level: 75%)
hash19057	NjRAT botnet C2 server (confidence level: 100%)
hash19057	NjRAT botnet C2 server (confidence level: 100%)
hash80	Vidar botnet C2 server (confidence level: 100%)
hash80	Vidar botnet C2 server (confidence level: 100%)
hash80	Vidar botnet C2 server (confidence level: 100%)
hash80	Vidar botnet C2 server (confidence level: 100%)
hash80	Vidar botnet C2 server (confidence level: 100%)
hash42069	Mirai botnet C2 server (confidence level: 75%)
hash13666	Mirai botnet C2 server (confidence level: 75%)
hash1312	Mirai botnet C2 server (confidence level: 75%)
hash9931	Mirai botnet C2 server (confidence level: 75%)

Domain

Value	Description	Copy
domainapi.map.ahrtv.cn	Cobalt Strike botnet C2 domain (confidence level: 100%)
domaincdn.xiaojingjingaihuifeng.xyz	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainmsndla.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domaindev.msndla.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainms1.msndla.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainbackend.msndla.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainrouteoffice.msndla.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainbendiciones777.con-ip.com	Remcos botnet C2 domain (confidence level: 100%)
domainaspelads.com	RedLine Stealer payload delivery domain (confidence level: 75%)
domainbit-lime.com	RedLine Stealer payload delivery domain (confidence level: 75%)
domainblacksoftware.website	RedLine Stealer payload delivery domain (confidence level: 75%)
domaingoldsoftware.org	RedLine Stealer payload delivery domain (confidence level: 75%)
domainrellcracks.com	RedLine Stealer payload delivery domain (confidence level: 75%)
domainevilsoftware.org	RedLine Stealer payload delivery domain (confidence level: 75%)
domainfree-warez.site	RedLine Stealer payload delivery domain (confidence level: 75%)
domainwww.free-warez.site	RedLine Stealer payload delivery domain (confidence level: 75%)
domainfreesoftwar.com	RedLine Stealer payload delivery domain (confidence level: 75%)
domainforcecheats.pro	RedLine Stealer payload delivery domain (confidence level: 75%)
domainsoftwareofficial.site	Raccoon payload delivery domain (confidence level: 75%)
domainvipsoft.store	Raccoon payload delivery domain (confidence level: 75%)
domainselfware.net	Vidar payload delivery domain (confidence level: 75%)
domainmesoft.tech	Vidar payload delivery domain (confidence level: 75%)
domaintensoft.me	Vidar payload delivery domain (confidence level: 75%)
domainthepcworld.pro	Vidar payload delivery domain (confidence level: 75%)
domainsoftportal.tk	DCRat payload delivery domain (confidence level: 75%)
domainsystem-view.top	Cobalt Strike botnet C2 domain (confidence level: 100%)
domain8uh5tyhfd.cfd	Vidar payload delivery domain (confidence level: 75%)
domain6tyg2wed.cfd	Vidar payload delivery domain (confidence level: 75%)
domaincvbnm65tg.cfd	Vidar payload delivery domain (confidence level: 75%)
domainhu83edf.cfd	Vidar payload delivery domain (confidence level: 75%)
domainofkf28cfdjdk.cfd	Vidar payload delivery domain (confidence level: 75%)
domain9iok5tgyu.cfd	Vidar payload delivery domain (confidence level: 75%)
domain23dert67.cfd	Vidar payload delivery domain (confidence level: 75%)
domainlixn62ft.cfd	Vidar payload delivery domain (confidence level: 75%)
domainv4r5f56.cfd	Vidar payload delivery domain (confidence level: 75%)
domainjko90587uh.cfd	Vidar payload delivery domain (confidence level: 75%)
domainmjhytgc4.cfd	Vidar payload delivery domain (confidence level: 75%)
domainu8gr576y.cfd	Vidar payload delivery domain (confidence level: 75%)
domainqwxt56iy.cfd	Vidar payload delivery domain (confidence level: 75%)
domainqwity45by.cfd	Vidar payload delivery domain (confidence level: 75%)
domainjk03eaq1.cfd	Vidar payload delivery domain (confidence level: 75%)
domainoikjh4rf.cfd	Vidar payload delivery domain (confidence level: 75%)
domainghu86tyh.cfd	Vidar payload delivery domain (confidence level: 75%)
domain6yhg2wnh.cfd	Vidar payload delivery domain (confidence level: 75%)
domaingt54mju7.cfd	Vidar payload delivery domain (confidence level: 75%)
domain0oij4rf8.cfd	Vidar payload delivery domain (confidence level: 75%)
domainh89de453e.cfd	Vidar payload delivery domain (confidence level: 75%)
domainko98k4rq.cfd	Vidar payload delivery domain (confidence level: 75%)
domain1weset6y.cfd	Vidar payload delivery domain (confidence level: 75%)
domain7ytgf23e.cfd	Vidar payload delivery domain (confidence level: 75%)
domain8uh3edd56.cfd	Vidar payload delivery domain (confidence level: 75%)
domain0oikj5t6y.cfd	Vidar payload delivery domain (confidence level: 75%)
domainjk8ik4r.cfd	Vidar payload delivery domain (confidence level: 75%)
domainvt62wsd.cfd	Vidar payload delivery domain (confidence level: 75%)
domainzser7ujm.cfd	Vidar payload delivery domain (confidence level: 75%)
domain87uygf4rfg.cfd	Vidar payload delivery domain (confidence level: 75%)
domainrfgv34rf.cfd	Vidar payload delivery domain (confidence level: 75%)
domain5rfhgfd3ed.cfd	Vidar payload delivery domain (confidence level: 75%)
domainqasxcf5tghg7yg.cfd	Vidar payload delivery domain (confidence level: 75%)
domainedc34rd.cfd	Vidar payload delivery domain (confidence level: 75%)
domainx3bgt5tfds.cfd	Vidar payload delivery domain (confidence level: 75%)
domainfcdf96jku.cfd	Vidar payload delivery domain (confidence level: 75%)
domained32zikut.cfd	Vidar payload delivery domain (confidence level: 75%)

Threat ID: 682c7ac1e3e6de8ceb76636a

Added to database: 5/20/2025, 12:51:13 PM

Last enriched: 6/19/2025, 1:33:47 PM

Last updated: 8/3/2025, 1:38:17 AM

Related Threats

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2022-11-27

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2022-11-27

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Url

File

Hash

Domain

Related Threats

ThreatFox IOCs for 2025-08-16

Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities

ThreatFox IOCs for 2025-08-15

Threat Actor Profile: Interlock Ransomware

'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility