Skip to main content

ThreatFox IOCs for 2023-01-11

Medium
Published: Wed Jan 11 2023 (01/11/2023, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2023-01-11

AI-Powered Analysis

AILast updated: 07/05/2025, 23:11:39 UTC

Technical Analysis

The provided information pertains to a set of Indicators of Compromise (IOCs) published on January 11, 2023, by the ThreatFox MISP Feed. These IOCs are related to malware activities categorized under OSINT (Open Source Intelligence), network activity, and payload delivery. The data does not specify particular malware families, affected software versions, or detailed technical characteristics, but it highlights the presence of threat intelligence indicators that can be used to detect or investigate malicious activity. The threat level is indicated as medium, with no known exploits in the wild and no patches available, suggesting that this is primarily intelligence data rather than a newly discovered vulnerability or active exploit. The lack of specific CWEs and affected versions implies that this intelligence is focused on detection and monitoring rather than immediate remediation of a software flaw. The threat involves network activity and payload delivery, which typically means that the malware or threat actors use network communications to deliver malicious payloads, potentially enabling unauthorized access, data exfiltration, or further compromise. The TLP (Traffic Light Protocol) is white, indicating that the information is intended for public sharing without restriction. Overall, this threat intelligence is valuable for security teams to enhance their detection capabilities and situational awareness but does not describe a direct exploit or vulnerability requiring immediate patching.

Potential Impact

For European organizations, the impact of this threat intelligence lies in its utility for improving detection and response rather than indicating an active or imminent attack vector. Since the IOCs relate to malware and network activity, organizations that do not incorporate these indicators into their security monitoring may face increased risk of undetected compromise or delayed incident response. The absence of known exploits and patches suggests that the threat is not currently causing widespread damage but could be leveraged by threat actors if combined with other vulnerabilities or social engineering tactics. European entities with extensive network infrastructure, especially those in critical sectors such as finance, energy, and government, could benefit from integrating these IOCs into their security information and event management (SIEM) systems and threat intelligence platforms to enhance their defensive posture. However, the direct operational impact is likely limited unless these IOCs correspond to active campaigns targeting specific organizations.

Mitigation Recommendations

To mitigate risks associated with the threat intelligence provided, European organizations should: 1) Integrate the ThreatFox IOCs into their existing threat intelligence platforms and SIEM tools to enable automated detection of related malicious activity. 2) Conduct network traffic analysis focusing on indicators related to payload delivery and unusual network communications that match the IOCs. 3) Enhance endpoint detection and response (EDR) capabilities to identify and contain malware behaviors associated with the indicators. 4) Share relevant findings with industry Information Sharing and Analysis Centers (ISACs) to improve collective defense. 5) Maintain robust network segmentation and least privilege access controls to limit potential lateral movement if a compromise occurs. 6) Regularly update and test incident response plans to ensure readiness in case these indicators correspond to active threats. Since no patches are available, emphasis should be on detection, containment, and response rather than remediation of a software vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
fc6f1dc1-1a0a-461a-b61d-853a3a6849df
Original Timestamp
1673481783

Indicators of Compromise

Url

ValueDescriptionCopy
urlhttp://871356.clmonth.nyashteam.top/nyashsupport.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://82.146.34.244/pipe_bigloadgeneratorlocal.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://193.47.61.99/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://54.151.146.41/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.33.125.241:4444/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://windowsign.theworkpc.com/pollbigloaddefaultdbbase.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://158447.clmonth.nyashteam.top/nyashsupport.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://42.224.213.130:35049/mozi.m
Mozi payload delivery URL (confidence level: 50%)
urlhttp://185.246.90.205/libsystem.so
Kinsing payload delivery URL (confidence level: 100%)
urlhttp://185.246.90.205/curl-amd64
Kinsing payload delivery URL (confidence level: 100%)
urlhttp://185.246.90.205/kinsing
Kinsing payload delivery URL (confidence level: 100%)
urlhttp://172.81.180.176/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll
Raccoon botnet C2 (confidence level: 100%)
urlhttp://79.137.207.152/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll
Raccoon botnet C2 (confidence level: 100%)
urlhttp://94.131.98.88/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll
Raccoon botnet C2 (confidence level: 100%)
urlhttp://157.254.195.56/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll
Raccoon botnet C2 (confidence level: 100%)
urlhttp://77.73.134.36/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll
Raccoon botnet C2 (confidence level: 100%)
urlhttp://130.0.234.116/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll
Raccoon botnet C2 (confidence level: 100%)
urlhttp://146.70.86.253/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll
Raccoon botnet C2 (confidence level: 100%)
urlhttp://45.15.156.120/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll
Raccoon botnet C2 (confidence level: 100%)
urlhttp://45.61.139.2/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll
Raccoon botnet C2 (confidence level: 100%)
urlhttp://167.235.29.56/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll
Raccoon botnet C2 (confidence level: 100%)
urlhttp://142.132.168.13/821
Vidar botnet C2 (confidence level: 100%)
urlhttp://142.132.168.13/27
Vidar botnet C2 (confidence level: 100%)
urlhttp://142.132.168.13/588
Vidar botnet C2 (confidence level: 100%)
urlhttp://116.202.7.135/817
Vidar botnet C2 (confidence level: 100%)
urlhttp://142.132.168.13/670
Vidar botnet C2 (confidence level: 100%)
urlhttp://142.132.168.13/811
Vidar botnet C2 (confidence level: 100%)
urlhttp://116.202.7.135/762
Vidar botnet C2 (confidence level: 100%)
urlhttp://142.132.168.13/683
Vidar botnet C2 (confidence level: 100%)
urlhttp://78.46.148.93/19
Vidar botnet C2 (confidence level: 100%)
urlhttp://142.132.168.13/560
Vidar botnet C2 (confidence level: 100%)
urlhttp://65.109.164.83/661
Vidar botnet C2 (confidence level: 100%)
urlhttps://doyiduzu.com/fabricate/privacypolicy/58u2fpavh92u
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://23.108.57.74/fabricate/privacypolicy/58u2fpavh92u
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://147.78.47.131/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://allowedcloud.com/ur.html
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://91.213.50.75/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://91.213.50.75:8010/ptj
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://allowedcloud.com/ee
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://redirect.frontlinepay.us/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://svchost20230103.ddnsfree.com/dynu-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://cs.newbird.cf/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://navylin.com/autopoisonous/4fzqw/
Emotet payload delivery URL (confidence level: 100%)
urlhttp://asrani.garudaputih.com/nutabalong/bjyqouir99qnfopdx/
Emotet payload delivery URL (confidence level: 100%)
urlhttp://db.rikaz.tech/lcx76ilkrbtesqnfa7/zpyjzponzstnoirhob/
Emotet payload delivery URL (confidence level: 100%)
urlhttp://5.75.182.6/
Arkei Stealer botnet C2 (confidence level: 100%)
urlhttp://83.97.20.139/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttp://78.47.172.233:80
Vidar botnet C2 (confidence level: 50%)
urlhttps://1.15.247.249:8088/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://49.12.113.110/408
Vidar botnet C2 (confidence level: 100%)
urlhttp://49.12.113.110/682
Vidar botnet C2 (confidence level: 100%)
urlhttp://142.132.168.13/408
Vidar botnet C2 (confidence level: 100%)
urlhttp://49.12.113.110/583
Vidar botnet C2 (confidence level: 100%)
urlhttp://49.12.113.110/762
Vidar botnet C2 (confidence level: 100%)
urlhttp://49.12.113.110/26
Vidar botnet C2 (confidence level: 100%)
urlhttp://78.46.148.93/736
Vidar botnet C2 (confidence level: 100%)
urlhttp://116.202.7.135/583
Vidar botnet C2 (confidence level: 100%)
urlhttp://5.75.203.81/698
Vidar botnet C2 (confidence level: 100%)
urlhttp://49.12.113.110/767
Vidar botnet C2 (confidence level: 100%)
urlhttp://49.12.113.110/494
Vidar botnet C2 (confidence level: 100%)
urlhttp://78.46.148.93/756
Vidar botnet C2 (confidence level: 100%)
urlhttp://49.12.113.110/817
Vidar botnet C2 (confidence level: 100%)
urlhttp://49.12.113.110/24
Vidar botnet C2 (confidence level: 100%)
urlhttp://142.132.168.13/24
Vidar botnet C2 (confidence level: 100%)
urlhttp://49.12.113.110/802
Vidar botnet C2 (confidence level: 100%)
urlhttp://49.12.113.110/724
Vidar botnet C2 (confidence level: 100%)
urlhttps://103.131.189.217/hpimagearchive.aspx
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://37.220.87.38/
Raccoon botnet C2 (confidence level: 100%)
urlhttp://94.131.107.176/
Raccoon botnet C2 (confidence level: 100%)
urlhttp://37.220.87.38/700baf032ce70b3e36bb09314071637a
Raccoon botnet C2 (confidence level: 100%)
urlhttp://freashalbany.site11.com/gate.php
Pony botnet C2 (confidence level: 100%)
urlhttp://47.102.110.41:7766/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://49.12.113.110/641
Vidar botnet C2 (confidence level: 100%)
urlhttp://142.132.168.13/724
Vidar botnet C2 (confidence level: 100%)

Domain

ValueDescriptionCopy
domainpleasetake.pictures
Amadey botnet C2 domain (confidence level: 50%)
domaindoyiduzu.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainallowedcloud.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainredirect.frontlinepay.us
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainsvchost20230103.ddnsfree.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaincs.newbird.cf
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainacordadeumavez.mom
Astaroth botnet C2 domain (confidence level: 100%)
domainaesulluzetecnologia.hair
Astaroth botnet C2 domain (confidence level: 100%)
domainanonovovidanova.mom
Astaroth botnet C2 domain (confidence level: 100%)
domainnemtusabeoqquer.skin
Astaroth botnet C2 domain (confidence level: 100%)
domainolhaaiquetendel.mom
Astaroth botnet C2 domain (confidence level: 100%)
domainomaigod.skin
Astaroth botnet C2 domain (confidence level: 100%)
domainsejaumapessoaboa.hair
Astaroth botnet C2 domain (confidence level: 100%)
domainsemmaldade.mom
Astaroth botnet C2 domain (confidence level: 100%)
domainteligameu.hair
Astaroth botnet C2 domain (confidence level: 100%)
domaintudopassa.skin
Astaroth botnet C2 domain (confidence level: 100%)
domainvamocaralho.skin
Astaroth payload delivery domain (confidence level: 100%)
domainsearchme.top
RedLine Stealer botnet C2 domain (confidence level: 100%)
domainspicymeat.top
RedLine Stealer botnet C2 domain (confidence level: 100%)
domainsncrack.xyz
RedLine Stealer payload delivery domain (confidence level: 75%)
domainalphasoft.pro
RedLine Stealer payload delivery domain (confidence level: 75%)
domainwhitecracks.com
RedLine Stealer payload delivery domain (confidence level: 75%)
domainsakurasoft.pro
RedLine Stealer payload delivery domain (confidence level: 75%)
domainytsoftware.info
RedLine Stealer payload delivery domain (confidence level: 75%)
domainmilkagames.info
RedLine Stealer payload delivery domain (confidence level: 75%)
domainsoftview.site
RedLine Stealer payload delivery domain (confidence level: 75%)
domainheroncloud.art
RedLine Stealer payload delivery domain (confidence level: 75%)
domaincreativespirit.me
RedLine Stealer payload delivery domain (confidence level: 75%)
domainside-soft.com
Raccoon payload delivery domain (confidence level: 75%)
domaintensoft.online
Raccoon payload delivery domain (confidence level: 75%)
domaintensoft.best
Raccoon payload delivery domain (confidence level: 75%)
domaincloudsoft.club
Vidar payload delivery domain (confidence level: 75%)
domainmarkjulianlerner.com
LaplasClipper payload delivery domain (confidence level: 75%)
domainjosephthomaskurzeja.com
LaplasClipper payload delivery domain (confidence level: 75%)

File

ValueDescriptionCopy
file3.122.103.39
Cobalt Strike botnet C2 server (confidence level: 75%)
file23.227.202.66
Cobalt Strike botnet C2 server (confidence level: 75%)
file185.48.86.75
Cobalt Strike botnet C2 server (confidence level: 75%)
file185.48.86.75
Cobalt Strike botnet C2 server (confidence level: 75%)
file185.48.86.75
Cobalt Strike botnet C2 server (confidence level: 75%)
file185.48.86.75
Cobalt Strike botnet C2 server (confidence level: 75%)
file49.234.152.199
Cobalt Strike botnet C2 server (confidence level: 75%)
file106.55.2.194
Cobalt Strike botnet C2 server (confidence level: 75%)
file37.38.244.230
NjRAT botnet C2 server (confidence level: 100%)
file193.47.61.99
Cobalt Strike botnet C2 server (confidence level: 100%)
file54.151.146.41
Cobalt Strike botnet C2 server (confidence level: 100%)
file116.202.3.55
RedLine Stealer botnet C2 server (confidence level: 100%)
file45.138.16.148
Quasar RAT botnet C2 server (confidence level: 100%)
file45.89.54.61
Raccoon botnet C2 server (confidence level: 100%)
file49.12.203.54
Raccoon botnet C2 server (confidence level: 100%)
file51.178.186.12
Raccoon botnet C2 server (confidence level: 100%)
file64.190.113.112
Raccoon botnet C2 server (confidence level: 100%)
file77.73.133.90
Raccoon botnet C2 server (confidence level: 100%)
file79.137.206.22
Raccoon botnet C2 server (confidence level: 100%)
file81.19.140.95
Raccoon botnet C2 server (confidence level: 100%)
file88.119.170.121
Raccoon botnet C2 server (confidence level: 100%)
file89.23.96.13
Raccoon botnet C2 server (confidence level: 100%)
file91.240.84.153
Raccoon botnet C2 server (confidence level: 100%)
file103.219.154.115
Raccoon botnet C2 server (confidence level: 100%)
file130.0.234.116
Raccoon botnet C2 server (confidence level: 100%)
file146.19.170.164
Raccoon botnet C2 server (confidence level: 100%)
file146.70.101.78
Raccoon botnet C2 server (confidence level: 100%)
file146.70.104.186
Raccoon botnet C2 server (confidence level: 100%)
file162.55.37.54
Raccoon botnet C2 server (confidence level: 100%)
file185.181.10.208
Raccoon botnet C2 server (confidence level: 100%)
file195.133.40.9
Raccoon botnet C2 server (confidence level: 100%)
file212.118.36.51
Raccoon botnet C2 server (confidence level: 100%)
file82.115.223.77
Aurora Stealer botnet C2 server (confidence level: 100%)
file85.192.63.77
Aurora Stealer botnet C2 server (confidence level: 100%)
file89.23.97.58
Aurora Stealer botnet C2 server (confidence level: 100%)
file157.90.232.2
Aurora Stealer botnet C2 server (confidence level: 100%)
file217.64.127.195
Remcos botnet C2 server (confidence level: 100%)
file220.135.222.186
Raspberry Robin botnet C2 server (confidence level: 100%)
file58.177.98.79
Raspberry Robin botnet C2 server (confidence level: 100%)
file94.10.67.162
Raspberry Robin botnet C2 server (confidence level: 100%)
file118.167.131.52
Raspberry Robin botnet C2 server (confidence level: 100%)
file118.167.144.103
Raspberry Robin botnet C2 server (confidence level: 100%)
file218.221.150.148
Raspberry Robin botnet C2 server (confidence level: 100%)
file61.68.74.170
Raspberry Robin botnet C2 server (confidence level: 100%)
file10.5.247.128
Remcos botnet C2 server (confidence level: 75%)
file212.22.77.79
Kinsing botnet C2 server (confidence level: 75%)
file195.2.78.146
Kinsing botnet C2 server (confidence level: 75%)
file185.246.90.205
Kinsing payload delivery server (confidence level: 75%)
file45.138.16.40
Quasar RAT botnet C2 server (confidence level: 100%)
file185.87.48.183
Kinsing botnet C2 server (confidence level: 75%)
file79.137.207.152
Raccoon botnet C2 server (confidence level: 100%)
file185.222.58.68
STRRAT botnet C2 server (confidence level: 100%)
file23.108.57.74
Cobalt Strike botnet C2 server (confidence level: 100%)
file79.137.202.45
Cobalt Strike botnet C2 server (confidence level: 100%)
file79.137.202.45
Cobalt Strike botnet C2 server (confidence level: 100%)
file23.227.202.66
Cobalt Strike botnet C2 server (confidence level: 100%)
file20.9.56.158
Cobalt Strike botnet C2 server (confidence level: 100%)
file24.199.120.37
Cobalt Strike botnet C2 server (confidence level: 100%)
file157.90.232.2
Aurora Stealer botnet C2 server (confidence level: 50%)
file89.23.97.58
Aurora Stealer botnet C2 server (confidence level: 50%)
file85.192.63.77
Aurora Stealer botnet C2 server (confidence level: 50%)
file185.146.88.243
Remcos botnet C2 server (confidence level: 75%)
file37.0.14.207
Remcos botnet C2 server (confidence level: 100%)
file10.9.0.26
Remcos botnet C2 server (confidence level: 75%)
file45.139.105.174
Remcos botnet C2 server (confidence level: 75%)
file101.42.46.117
Cobalt Strike botnet C2 server (confidence level: 75%)
file157.245.102.164
Cobalt Strike botnet C2 server (confidence level: 75%)
file173.82.196.58
Cobalt Strike botnet C2 server (confidence level: 75%)
file103.45.143.169
Cobalt Strike botnet C2 server (confidence level: 75%)
file47.113.224.80
Cobalt Strike botnet C2 server (confidence level: 75%)
file193.111.248.239
Orcus RAT botnet C2 server (confidence level: 100%)
file78.47.172.233
Vidar botnet C2 server (confidence level: 50%)
file194.5.212.164
NetWire RC botnet C2 server (confidence level: 100%)
file107.189.10.180
Mirai botnet C2 server (confidence level: 75%)
file108.62.118.219
BumbleBee botnet C2 server (confidence level: 75%)
file49.12.113.110
Vidar botnet C2 server (confidence level: 100%)
file65.21.237.20
RedLine Stealer botnet C2 server (confidence level: 100%)
file103.131.189.217
Cobalt Strike botnet C2 server (confidence level: 100%)
file37.130.119.233
RedLine Stealer botnet C2 server (confidence level: 100%)
file91.238.50.101
IcedID botnet C2 server (confidence level: 75%)
file5.75.145.16
RedLine Stealer botnet C2 server (confidence level: 100%)
file82.115.223.46
RedLine Stealer botnet C2 server (confidence level: 100%)
file82.115.223.138
RedLine Stealer botnet C2 server (confidence level: 100%)
file103.37.86.14
QakBot botnet C2 server (confidence level: 100%)
file46.176.173.2
QakBot botnet C2 server (confidence level: 100%)
file80.121.53.116
QakBot botnet C2 server (confidence level: 100%)
file85.74.155.45
QakBot botnet C2 server (confidence level: 100%)
file178.142.122.255
QakBot botnet C2 server (confidence level: 100%)
file82.15.58.109
QakBot botnet C2 server (confidence level: 100%)
file102.158.90.125
QakBot botnet C2 server (confidence level: 100%)
file47.16.66.61
QakBot botnet C2 server (confidence level: 100%)
file87.223.93.233
QakBot botnet C2 server (confidence level: 100%)
file105.68.197.223
QakBot botnet C2 server (confidence level: 100%)
file90.75.188.155
QakBot botnet C2 server (confidence level: 100%)
file93.56.127.246
NjRAT botnet C2 server (confidence level: 100%)
file45.14.165.18
N-W0rm botnet C2 server (confidence level: 100%)
file18.197.239.109
NjRAT botnet C2 server (confidence level: 100%)
file3.69.157.220
NjRAT botnet C2 server (confidence level: 100%)
file179.43.154.136
Mirai botnet C2 server (confidence level: 75%)
file3.69.115.178
NjRAT botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash4433
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash9000
Cobalt Strike botnet C2 server (confidence level: 75%)
hash3002
Cobalt Strike botnet C2 server (confidence level: 75%)
hash3301
Cobalt Strike botnet C2 server (confidence level: 75%)
hash22222
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash2095
Cobalt Strike botnet C2 server (confidence level: 75%)
hash1449
NjRAT botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash28786
RedLine Stealer botnet C2 server (confidence level: 100%)
hash5050
Quasar RAT botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash8081
Aurora Stealer botnet C2 server (confidence level: 100%)
hash8081
Aurora Stealer botnet C2 server (confidence level: 100%)
hash8081
Aurora Stealer botnet C2 server (confidence level: 100%)
hash8081
Aurora Stealer botnet C2 server (confidence level: 100%)
hash381134ea0f0be535b9d2ce8a94093576
CryCryptor payload (confidence level: 50%)
hash52651
Remcos botnet C2 server (confidence level: 100%)
hash8080
Raspberry Robin botnet C2 server (confidence level: 100%)
hash8080
Raspberry Robin botnet C2 server (confidence level: 100%)
hash8080
Raspberry Robin botnet C2 server (confidence level: 100%)
hash8080
Raspberry Robin botnet C2 server (confidence level: 100%)
hash8080
Raspberry Robin botnet C2 server (confidence level: 100%)
hash8080
Raspberry Robin botnet C2 server (confidence level: 100%)
hash8080
Raspberry Robin botnet C2 server (confidence level: 100%)
hash52651
Remcos botnet C2 server (confidence level: 75%)
hash80
Kinsing botnet C2 server (confidence level: 75%)
hash80
Kinsing botnet C2 server (confidence level: 75%)
hash80
Kinsing payload delivery server (confidence level: 75%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash80
Kinsing botnet C2 server (confidence level: 75%)
hash80
Raccoon botnet C2 server (confidence level: 100%)
hash7777
STRRAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5c7fb0927db37372da25f270708103a2
WannaCryptor payload (confidence level: 50%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash69c8f26359a2f91a60c66023180491f7
Xloader payload (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Aurora Stealer botnet C2 server (confidence level: 50%)
hash80
Aurora Stealer botnet C2 server (confidence level: 50%)
hash80
Aurora Stealer botnet C2 server (confidence level: 50%)
hash2404
Remcos botnet C2 server (confidence level: 75%)
hash1dba6023c933a8d7a9a6623c158bc4b7
Gozi payload (confidence level: 50%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash10929
Remcos botnet C2 server (confidence level: 75%)
hash10929
Remcos botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash10134
Orcus RAT botnet C2 server (confidence level: 100%)
hashcb3b67a980ba921625ecdf082d518c73a9f80ce1b2d4f428b6e950b20a9688bb
Gozi payload (confidence level: 50%)
hash2c6f8842494083e7ff70f648a116c74a22a470e7fab297cded5927f555a7fc6e
DCRat payload (confidence level: 50%)
hash80
Vidar botnet C2 server (confidence level: 50%)
hash3368
NetWire RC botnet C2 server (confidence level: 100%)
hash3778
Mirai botnet C2 server (confidence level: 75%)
hash443
BumbleBee botnet C2 server (confidence level: 75%)
hash80
Vidar botnet C2 server (confidence level: 100%)
hash43077
RedLine Stealer botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash40294
RedLine Stealer botnet C2 server (confidence level: 100%)
hash443
IcedID botnet C2 server (confidence level: 75%)
hash37638
RedLine Stealer botnet C2 server (confidence level: 100%)
hash57672
RedLine Stealer botnet C2 server (confidence level: 100%)
hash35316
RedLine Stealer botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash995
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash2222
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash2222
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash2222
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash995
QakBot botnet C2 server (confidence level: 100%)
hash2222
QakBot botnet C2 server (confidence level: 100%)
hash5552
NjRAT botnet C2 server (confidence level: 100%)
hash44810
N-W0rm botnet C2 server (confidence level: 100%)
hash18280
NjRAT botnet C2 server (confidence level: 100%)
hash18280
NjRAT botnet C2 server (confidence level: 100%)
hash60195
Mirai botnet C2 server (confidence level: 75%)
hash18280
NjRAT botnet C2 server (confidence level: 100%)

Threat ID: 68359c9d5d5f0974d01f3804

Added to database: 5/27/2025, 11:06:05 AM

Last enriched: 7/5/2025, 11:11:39 PM

Last updated: 8/18/2025, 5:57:52 AM

Views: 12

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats